IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
back to working order. The main change is that the cli_*() RPC
functions from libsmb/*.c now should accept a struct cli_state*.
The reason for this is that rpcclient should establish the
connection to the server at startup so that it is not necessary
to keep the clear test or password hash in memory for each command.
enumports and enumprinters now works as well. lsa* functions
have been tested. SAMR calls may or may not work (one of the core
dumps I know), but it compiles :-)
jerry
(This used to be commit d98ac8852a)
TNG branch.
Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient.
This requires most samba binaries to link in another handful of object
files due to uncessary coupling between modules. )-:
(This used to be commit 817819d0cc)
on a Samba host. Also needed to add an option to pass the share
name (printer name) on the command line.
And fixed the checking of the return code for spoolss_r_addprinterex()
jerry
(This used to be commit 880e811616)
- cleaned up some code
- Fixed a few memory leaks of my own making
- Add AddPrinterDriver(); I'm missing some of the semantics
here as the call is done correctly, but I'm not getting all
the information right in the DRIVER_INFO_3 struct I think.
Will work on it tomorrow some more...
--jerry
(This used to be commit 3bf9a29f34)
that the call failed, but the printer shows up on the remote NT client.
(note this is the client side call). I've botched the return value
somewhere and will fix that today.
jerry
(This used to be commit e15d9befd2)
* Fixed to work with Jeremy's recent changes re: dunamic
memory allocation when unmarshalling unistr[2]
* included EnumPorts level 1
* more work on AddPrinterEx
--jerry
(This used to be commit 45fbf31b69)
So fixed enumprinterdatas in rpcclient to debug the server code,
and found that the parsing code was missing 2 prs_align().
We are not crashing NT anymore. :-)
J.F.
(This used to be commit 883f7402d4)
- changed the default forms flag to 2
- all short architecture name are uppercased
- get_short_archi() is now case unsensitive
- the drivers TDB is indexed by archi/version/name
- implemented code to move drivers from the upload area to the download
area. Someone else need to look at that code.
- don't return anymore a default driver if it doesn't exist in the TDB.
Instead return an error.
- cleaned prs_unistr.
- #ifdef out jeremy's new SD parsing in printer_info_2
- removed the unused MANGLE_CODE
- #ifdef out the security checking in update_printer() as it doesn't work
for me.
Zap your ntdrivers.tdb, it won't work anymore.
J.F.
(This used to be commit ac0a145acc)
* fixes some readline bugs from the merge
* first attempt at commands (spoolenum almost works)
* no changes to existing functions in HEAD; only additions
of new functions. I'll weed out what I can as I go.
--jerry
(This used to be commit 12e2a21e1b)
I had to modify sys_select() to not loop on EINTR. I added a wrapper
called sys_select_intr() which gives the old behaviour.
(This used to be commit b28cc4163b)
head/tng merge.
It goes something like this:
- headers from tng get copied over one at a time
- the old headers get renamed to *_old.h
- server side code that used the old headers gets a
#define OLD_NTDOMAIN 1
#undef OLD_NTDOMAIN
at the start and end of the code
- mkproto.awk recognises these special defines and does magic stuff so
that each .c file sees the right headers
- we start moving the rpc client libraries from tng to head.
if this goes OK then, in theory, we should be able to move the client
side rpc code from tng to head without disturbing the existing head
server side code. Then when that works we can consider merging the
server side.
it remains to be seen if this scheme will work. So far I've moved
rpc_samr.h and don't seem to have broken anything.
Note this this is still a very delicate operation, as at every step of
the way I want to keep head fully functional. Please don't take part
unless you discuss it with me first.
(This used to be commit f76c037255)
two places i found where it was appropriate to _use_ that third argument,
in locking.c and brlock.c! there was a static traverse_function and
i removed the static variable, typecast it to a void*, passed it to
tdb_traverse and re-cast it back to the traverse_function inside the
tdb_traverse function. this makes the use of tdb_traverse() reentrant,
which is never going to happen, i know, i just don't like to see
statics lying about when there's no need for them.
as i had to do in samba-tng, all uses of tdb_traverse modified to take
the new void* state argument.
2) disabled rpcclient: referring people to use SAMBA_TNG rpcclient.
i don't know how the other samba team members would react if i deleted
rpcclient from cvs main. damn, that code's so old, it's unreal.
20 rpcclient commands, instead of about 70 in SAMBA_TNG.
(This used to be commit 49d7f0afbc)
This fixes our netbios scope handling. We now have a 'netbios scope' option
in smb.conf and the scope option is removed from make_nmb_name()
this was prompted by a bug in our PDC finding code where it didn't append
the scope to the query of the '*' name.
(This used to be commit b563be824b)
yamd is much better, and doesn't require any source code changes
if you haven't seen yamd then take a look at
http://www3.hmc.edu/~neldredge/yamd/
its excellent!
(This used to be commit 25b13f8b79)
done a minimal amout of clean-up in the Makefile, removing unnecessary
modules from the link stage. this is not complete, yet, and will
involve some changes, for example to smbd, to remove dependencies on
the password database API that shouldn't be there. for example,
smbd should not ever call getsmbpwXXX() it should call the Samr or Lsa
API.
this first implementation has minor problems with not reinstantiating
the same services as the caller. the "homes" service is a good example.
(This used to be commit caa5052522)
pdus, and then feeds them over either a "local" function call or a "remote"
function call to an msrpc service. the "remote" msrpc daemon, on the
other side of a unix socket, then calls the same "local" function that
smbd would, if the msrpc service were being run from inside smbd.
this allows a transition from local msrpc services (inside the same smbd
process) to remote (over a unix socket).
removed reference to pipes_struct in msrpc services. all msrpc processing
functions take rpcsrv_struct which is a structure containing state info
for the msrpc functions to decode and create pdus.
created become_vuser() which does everything not related to connection_struct
that become_user() does.
removed, as best i could, connection_struct dependencies from the nt spoolss
printing code.
todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific
info on a per-connection basis, and if the connection dies then so does
the info, and that's a fairly serious problem.
had to put pretty much everything that is in user_struct into parse_creds.c
to feed unix user info over to the msrpc daemons. why? because it's
expensive to do unix password/group database lookups, and it's definitely
expensive to do nt user profile lookups, not to mention pretty difficult
and if you did either of these it would introduce a complication /
unnecessary interdependency. so, send uid/gid/num_groups/gid_t* +
SID+num_rids+domain_group_rids* + unix username + nt username + nt domain
+ user session key etc. this is the MINIMUM info identified so far that's
actually implemented. missing bits include the called and calling
netbios names etc. (basically, anything that can be loaded into
standard_sub() and standard_sub_basic()...)
(This used to be commit aa3c659a8d)
damn, this one is bad.
started, at least two days ago, to add an authentication mechanism to
the smbd<->msrpc redirector/relay, such that sufficient unix / nt
information could be transferred across the unix socket to do a
become_user() on the other side of the socket.
it is necessary that the msrpc daemon inherit the same unix and nt
credentials as the smbd process from which it was spawned, until
such time as the msrpc daemon receives an authentication request
of its own, whereupon the msrpc daemon is responsible for authenticating
the new credentials and doing yet another become_user() etc sequence.
(This used to be commit 30c7fdd6ef)
ideas from ssh-agent.
the intent is to be able to share smb sessions using cli_net_use_add()
across multiple processes, where one process knows the target server
name, user name and domain, but not the smb password.
(This used to be commit 294b653f2e)
they should all be replaced with cli_establish_connection().
created cli_use_wait_keyboard() which waits on multiple cli_states
and swallows session keepalives.
(This used to be commit fcc39b3f4f)
from previous lsaquery command. over-ridden from DOMAIN\username
2) initialisation of cli_state is a little more specific: sets use_ntlmv2
to Auto. this can always be over-ridden.
3) fixed reusage of ntlmssp_cli_flgs which was being a pain
4) added pwd_compare() function then fixed bug in cli_use where NULL
domain name was making connections multiply unfruitfully
5) type-casting of mallocs and Reallocs that cause ansi-c compilers to bitch
(This used to be commit 301a6efaf6)
the rpcclient "rpcclient" command allows user options to be reset
(e.g the username / password) _without_ terminating rpcclient.
try this:
rpcclient -S srv1 -U% -l log
srv1$ rpcclient -S srv2
srv2$
:-)
(This used to be commit c049865782)
found out that getopt() _must_ have optind set to 0 before reuse.
still haven't decided what to do with the net* api yet...
(This used to be commit 29c480085e)
if microsoft bothered to publish it. actually, there are good reasons
for not publishing it: people might write programs for it, and then
those programs wouldn't work on nt5, for example...
(This used to be commit 8ce93b80d3)
verified that lsaquery, lsalookupsids work, and found some bugs in the
parameters of these commands :-)
soo... we now have an lsa_* api that has the same arguments as the nt
Lsa* api! cool!
the only significant coding difference is the introduction of a
user_credentials structure, containing user, domain, pass and ntlmssp
flags.
(This used to be commit 57bff6fe82)
msrpc client code. the intent is to hide / abstract / associate
connection info behind policy handles.
this makes the msrpc functions look more and more like their nt equivalents.
who-hou!
(This used to be commit c01b18e632)
means that some commands need more work, as they still use next_token(),
the use of which i wish to avoid.
plus, i was getting fed up of the poor command-line processing in some
of these commands. i'm starting to need getopt() in them, especially
in samsetuser.
WARNING: only cmd_samr has been modded to use getopt() so far! reg
commands won't work, esp.
(This used to be commit 9a1efa03c8)
have we got. and what data do we have. hmm.. i wonder what the NTLMv2
user session key can be... hmmm... weell.... there's some hidden data
here, generated from the user password that doesn't go over-the-wire,
so that's _got_ to be involved. and... that bit of data took a lot of
computation to produce, so it's probably _also_ involved... and md4 no, md5?
no, how about hmac_md5 yes let's try that one (the other's didn't work)
oh goodie, it worked!
i love it when this sort of thing happens. took all of fifteen minutes to
guess it. tried concatenating client and server challenges. tried
concatenating _random_ bits of client and server challenges. tried
md5 of the above. tried hmac_md5 of the above. eventually, it boils down
to this:
kr = MD4(NT#,username,domainname)
hmacntchal=hmac_md5(kr, nt server challenge)
sess_key = hmac_md5(kr, hmacntchal);
(This used to be commit ab174759cd)
request name.
modified createuser rpcclient command to examine name being added. if it
ends in a $, assume that a workstation trust account is being added.
(This used to be commit 4aea261cb0)
samr opcode 0x25. _yet_ another failed attempt to get nt5rc2 to join
a samba domain. what _is_ it with this stuff, dammit?
(This used to be commit c3913f8ae2)
reg_io_r_info() working properly. previously they weren't well
understood (well, they were the first of the registry functions i did,
back in december 97, ok??? :-)
set ntversion to 0x1 in SAMQUERY, so that we reply same as NT4 srv.
(This used to be commit 98ddeaf442)
for which a PDC is responsible. typical answers are:
<Name of Domain> plus <Builtin>.
against a hierarchical, down-level-compatible NT5 PDC, there's likely to
be more than these two entries!!!!!
(This used to be commit 3146aa6b60)
to mention, there's a spooljobs <printer name> command, and it uses
command-line completion? prints out NT print jobs really nicely, too.
(This used to be commit e6e5caf16c)
spoolss_r_io_enumprinters doesn't decode strings correctly
as printer_info_1/2 code has only been written to write
structures, not read them.
(This used to be commit 135eaa9773)
experimental spoolopen <printer name> command added.
jean-francois, f.y.i. i changed the #define for SPOOLSS_OPENPRINTEREX from
op code 0x44 to 0x45.
(This used to be commit ef7fa58fd3)
added samaliasmem <aliasname> rpcclient command (shows members in alias)
added tab command-completion to SAM alias related commands (inc 2 above).
(This used to be commit 0c700fb609)
attempting to get blood out of a stone^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H
querysecret to work, it keeps returning access denied.
(This used to be commit 953fe6ba94)
works with command-line completion on the service name (ohh yesss, this
is becoming my favourite bit of functionality-on-the-side hee hee :)
had to fix the svc_io_q_start_service() code which was missing the
ptr_argv[] array in between the array-size and the UNISTR2-array.
i.e it's actually an array of _pointers_ to unicode strings...
(This used to be commit 2903f22e7e)
implementation (NT5) when you discover that your code is trash.
samr_enum_dom_users(), samr_enum_dom_aliases() and samr_enum_dom_groups()
all take a HANDLE for multiple-call enumeration purposes.
(This used to be commit 19490d8b4f)
samr_lookup_rids() moved to a dynamic memory structure not a
static one limited to 32 RIDs. cli_pipe.c reading wasn't checking
ERRmoredata when DOS error codes negotiated (this terminates
MSRPC code with prejudice).
(This used to be commit 8976eca2db)
this format is what i would like _all_ these functions to be
(returning status codes, not BOOL) but that's a horrendous
amount of work at the moment :)
(This used to be commit 02f2406042)
simplest method to get rpcclient's reggetsec command working. the
buffers passed as arguments in do_reg_get_key_sec() do need to be
locally allocated not dynamically allocated, as two calls to
reg_get_key_sec() are needed. on the first, the server fills in the
size of the security descriptor buffer needed. on the second, the
server fills in the security descriptor buffer.
(This used to be commit b2d9cbef6f)
to alignment, missing fields, etc. - it should now work correctly.
There is still the problem of decoding the private data field.
(This used to be commit c3c25e762f)
version of the NT command.
at { time [/INTERACTIVE] [{/EVERY|/NEXT}:5,Sun,...] command | [/DEL] [jobid] }
Examples (options used in abbreviated form):
at ; Shows all jobs
at 1 ; Detail on job 1
at /D ; Deletes all jobs
at /D 1 ; Deletes job 1
at 11:11:11AM /I /N:1 d:\humour\silly.exe ; First of next month
at 9:00AM /E:M,T,W,Th,F net send MATTY Hi ; Each weekday
at 11:00PM /E c:\winnt\backup.exe ; Every day
(This used to be commit cf8c476d2e)
* Added SEC_CHAN_BDC
* Propagate sec_chan into the various functions which change trust account
passwords, so they can be used for domain control and inter-domain
trusts.
* Fix for endianness problem reported by Edan Idzerda <edan@mtu.edu>. A
BUFFER2 is really a "unibuf" in my terminology and we should treat it as
such.
* Added some more common NT structures (BIGINT, BUFHDR2, BUFFER4).
* Added NET_SAM_SYNC (-> NetDatabaseSync2) RPC for account replication.
Still experimental and incomplete, with a few too many NULL security
descriptors lying around (must go look at Jeremy's SD code). Haven't
worked out password encryption yet either.
However, the XXX_INFO structures I've added to rpc_netlogon.h are quite
nice as they give some insight into how these objects are stored in the
SAM.
(This used to be commit 7b830350eb)
remember: only close handles that you've previously opened. if the
lsa_open_secret() succeeds then and only then can you close it.
if the lsa_open_policy2() succeeds then and only then can you close it.
(This used to be commit 60da0a1255)
(-> LsarQuerySecret) on client side, including rpcclient command
"querysecret" for others to play with.
The major obstacle is working out the encryption algorithm used
for the secret value. It definitely uses the NT hash as part of the
key, and it seems the block size is 64 bits - probably DES based -
but I can't work out what's done in between. Help required.
(This used to be commit 365fa3b5fb)
last count (probably an ENUM / resume handle) should always be returned
even if there are no items being returned.
- got fed up of seven intendation levels in cmd_samr.c, maximum recommended
in *any* code is three! made some sub-fns instead.
(This used to be commit 1c330d5682)
(you can do "lookupdomain MYDOMAIN" and "lookupdomain BUILTIN" and the
results won't be too surprising), but it will come in useful testing the
new password database code I'm working on.
(This used to be commit d1cc33bcb6)
* Added SAMR_LOOKUP_DOMAIN (-> SamrLookupDomainInSamServer)
* Added real SAMR_ENUM_DOM_GROUPS (corresponding to
SamrEnumerateGroupsInDomain). The existing one is just an alias for
SamrQueryDisplayInformation (see below).
* Added three extra info levels to SAMR_QUERY_DISPINFO. Info level 3 is
what was previously SAMR_ENUM_DOM_GROUPS; info levels 4 and 5 are
simple user/group list requests used by Win9x and I suspect (haven't
checked) the "low speed connection" User Manager.
* Added another two aliases for SAMR_QUERY_DISPINFO, opcodes 0x30 and
0x33. Usually the first is with info level 3 and the second 4 but there is
some overlap so indeed these should be implemented as just aliases.
* Return ERRDOS/ERRmoredata on extra data instead of
STATUS_BUFFER_OVERFLOW for Win95's benefit. On a named pipe this results
in an SMBreadX as usual.
Still need to fix SAMR_QUERY_DOMAIN_INFO which has a hard-coded number of
users and groups - which Win95 proceeds to truncate at.
(This used to be commit 7d03e6e219)
No more ugly static library buffers and all functions take a destination
string length (especially unistrcpy was rather dangerous; we were only
saved by the fact that datagrams are limited in size).
(This used to be commit a1d39af1ce)
also needed to use start index properly and generate next index.
both client and server code need to recognise error code 0x105
when there's not enough room to store all the users in one call.
sort this out another time.
(This used to be commit ad58cdfac6)
needed this for some tests.
- removed code that said "if lm password is not encrypted then encrypt both
lm and nt passwords". actually it said "if lm password length is not 24
bytes and we're in security=user mode..."
it didn't bother to check whether the nt password was NULL or not, and
doing the encryption inside cli_session_setup is the wrong place.
- checked all instances where cli_session_setup is called with cleartext
passwords that are expected to then be encrypted (see above) with the
test "if pwlen != 24...". there was only one: all the others either
provide encrypted passwords, do null sessions or use
cli_establish_connection.
* recommendation: use cli_establish_connection() in smbwrapper/smbw.c
(This used to be commit 2a509e9606)
