IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
pwd -> password
passwd -> password
username -> account_name
Also work on consistant structure feild names between these two pipes,
and fix up some callers to use samr_Password for the netlogon
credential code.
Andrew Bartlett
(This used to be commit 4e35418c27)
I made it much more generic, and we should be able to add a
module interface to this code, so that other DCERPC_AUTH types can be added
via modules...
metze
(This used to be commit d09abeb686)
names rather than our crazy naming scheme. So DES is now called
des_crypt() rather than smbhash()
- added the code from the solution of the ADS crypto challenge that
allows Samba to correctly handle a 128 bit session key in all of the
netr_ServerAuthenticateX() varients. A huge thanks to Luke Howard
from PADL for solving this one!
- restructured the server side rpc authentication to allow for other
than NTLMSSP sign and seal. This commit just adds the structure, the
next commit will add schannel server side support.
- added 128 bit session key support to our client side code, and
testing against w2k3 with smbtorture. Works well.
(This used to be commit 729b2f41c9)
WinXP sees us as an ADS server.
Unfortunately WinXP also uses a set of negotiate_flags that we don't
support yet. Some crypto work needed.
(This used to be commit 2d740b6570)
- moved some sec desc defines into misc.idl
- fixed pw_len field in UserInfo26
- made some pipes available on TCP
- added netr_DsrEnumerateDomainTrusts() to netlogon
- added templates for remaining netlogon IDL calls (from ethereal)
- added a unistr_noterm vs unistr error detector in ndr basic decoder
- added torture test for netr_DsrEnumerateDomainTrusts()
(This used to be commit ae5a5113fb)
- added lsa_OpenPolicy2() to server
- added guid handling in samdb
- added a couple more info policy levels in lsa server
- added some DNS info in the provisioning template and script
With the above changes WinXP professional can join a Samba4 domain
(This used to be commit d6dca96352)
- added start of QueryDomainInfo in samr server
"net rpc info" from samba3 now works against a samba4 server. I
suspect join will work fairly soon.
(This used to be commit 0a2c6a1062)
With this change WinXP can now successfully change the password on a
Samba4 server via SAMR. After the change you can't login because the
handling of much_change_time seems to be broken in the auth code, but
that should be easy to fix.
(This used to be commit 8feeecf303)
always returning the info for the primary domain. I noticed this
because WinXP sends the wrong information in this field (it sends
\\server_name) and gets away with it
(This used to be commit e128bcca56)
Builtin and local domain, as some calls (notably password change
calls) don't specify a domain name, they just specifiy an account
name.
- added the remaining password set levels to SetUserInfo in the samr
server. We now support all of the password set and change levels
that we know about in SAMR.
(This used to be commit 965748cbee)
Samba's NTLMSSP code is now fully talloc based, which should go a long
way to cleaning up the memory leaks in this code. This also avoids a
lot of extra copies of data, as we now allocate the 'return' blobs on
a caller-supplied context.
I have also been doing a lot of work towards NTLM2 signing and
sealing. I have this working for sealing, but not for the verifier
(MD5 integrity check on the stream) which is still incorrect.
(I can aim a rpcecho sinkdata from a Win2k3 box to my server, and the
data arrives intact, but the signature check fails. It does however
match the test values I have...).
The new torture test is cludged in - when we get a unit test suite
back, I'll happliy put it in the 'right' place....
Andrew Bartlett
(This used to be commit 399e2e2b11)
structures. This was suggested by metze recently.
I checked on the build farm and all the machines we have support 64
bit ints, and support the LL suffix for 64 bit constants. I suspect
some won't support strtoll() and related functions, so we will
probably need replacements for those.
(This used to be commit 9a9244a1c6)
- Remove legacy sid_to_string (which contained a memleak)
- Remove some unused parts of lib/util_sid.c
Andrew Bartlett
(This used to be commit 7c69a85984)
up in searches like "objectclass=user"
- auto-add the computer objectclass for computer accounts on create
- added two types of password change call in samr server
- reset last_fault_code before each dcerpc call
(This used to be commit c1a65f83f6)
This involves allowing the password set code in samdb to take an
already hashed password, and some fixes to our torture code.
Andrew Bartlett
(This used to be commit f9f581b580)
Currently this only authentiates the machine, not real users.
As a consequence of running the Samba4 NETLOGON test against Samba4, I
found a number of issues in the SAMR server, which I have addressed.
There are more templates in the provison.ldif for this reason.
I also added some debug to our credentials code, and fixed some bugs
in the auth_sam module.
The static buffer in generate_random_string() bit me badly, so I
removed it in favor of a talloc based system.
Andrew Bartlett
(This used to be commit 94624e519b)
samr_DeleteDomainGroup.
I've added the hidden attribute numMembers that must be maintained by
Add/DelGroupMember for the GroupInfoAll query.
Volker
(This used to be commit 945d747860)
samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(),
and samr_DeleteUser()
this uses a user template in the SAM db, of objectclass "userTemplate"
and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows
an admin to add any default user attributes that they might want to
the user template and all new users will receive those attributes.
(This used to be commit 10b6e0011b)
metze. Also added a reference count so that a client can close the
connection handle and still used a derived domain handle.
(This used to be commit b1cd98188d)
if you take a look at samr_GetDomPwInfo() then you will get a fairly good idea
of what I am planning for the database oriented SAMR server implementation.
(This used to be commit bba0044a51)
servers. Previously the server pipe code needed to return the RPC
level status (nearly always "OK") and separately set the function call
return using r->out.result. All the programmers writing servers
(metze, jelmer and me) were often getting this wrong, by doing things
like "return NT_STATUS_NO_MEMORY" which was really quite meaningless
as there is no code like that at the dcerpc level.
I have now modified pidl to generate the necessary boilerplate so that
just returning the status you want from the function will work. So for
a NTSTATUS function you return NT_STATUS_XXX and from a WERROR
function you return WERR_XXX. If you really want to generate a DCERPC
level fault rather than just a return value in your function then you
should use the DCESRV_FAULT() macro which will correctly generate a
fault for you.
As a side effect, this also adds automatic type checking of all of our
server side rpc functions, which was impossible with the old API. When
I changed the API I found and fixed quite a few functions with the
wrong type information, so this is definately useful.
I have also changed the server side template generation to generate a
DCERPC "operation range error" by default when you have not yet filled
in a server side function. This allows us to correctly implement
functions in any order in our rpc pipe servers and give the client the
right information about the fault.
(This used to be commit a4df5c7cf8)
Samba4. I'm committing this now so I can get comments on the approach.
Note that you need to do something like this to initialise the SAM db:
edit script/provision.pl
script/provision.pl > provision.ldif.out
bin/ldbadd /path/to/private/sam.ldb provision.ldif.out
(This used to be commit e2002e40a5)
- Start with the LDB backend
- The API is now more windows-like, which should make it easier to use
in rpc_server
- Added a GTK+ front-end
- Added some more IDL
More updates will follow, especially in the RPC field..
(This used to be commit 3adffa0217)
e.g.
ncacn_np:myserver:[samr,sign,print]
will now enable the packet debugging
and the debugging is not bound anymore to the debuglevel >= 2
in the torture tests
- also the dcesrv_remote module now supports debugging of the packets
use the 'dcerpc_remote:binding' smb.conf parameter.
metze
(This used to be commit 40abf3c584)
I plan to convert all objectfile group to use SMB_SUBSYSTEM
later I'll add a SMB_BINARY() and SMB_LIBRARY(), then there will be no more need
to touch Makefile.in, because all make rules will be autogenerated by configure
- convert the PROCESS_MODEL subsystem to this new scheme
and move the pthread test to smbd/process_model.m4
- convert the CHARSET subsystem to this new scheme
and move the iconv test to lib/iconv.m4
(This used to be commit 2e57ee884e)
lib/util_smbd.c is not used anymore
reorder the SMB_MODULE() parameters the goal is to autogenerate the
make rules for shared modules:
dnl SMB_MODULE(1:name,2:subsystem,3:default_build,
4:object_files,5:shared_object,6:libs
7:whatif-static,8:whatif-shared,9:whatif-not)
and generate <SUBSYSTEM>_LIBS and MODULE_<name>_LIBS with the SMB_MODULE() macro
metze
(This used to be commit 904ce91ed9)
(which were already removed in revision 1.37 and
readded by mistake in revision 1.39)
- change the SMB_MODULE() macro a bit
Now we have:
dnl Specify the default build method of this module
dnl SMB_MODULE_DEFAULT(name,default_build)
AC_DEFUN(SMB_MODULE_DEFAULT,...
dnl Mark specified module as shared
dnl SMB_MODULE(name,default_build,static_files,shared_files,subsystem,whatif-static,whatif-shared,whatif-not)
this let us specify the default build method inside of the included config.m4
files
metze
(This used to be commit 92a3eb83d4)
common case of there being no pending partial data and a full dcerpc
packet being received.
We should use this same model for the smb server. It gives us
efficient memory usage while allowing for completely async socket
operations.
(This used to be commit 9aab321fb6)
1.) We now register endpoint servers add startup via register_backend()
and later use the smb.conf 'dcerpc endpoint servers' parameter to setup the dcesrv_context
2.) each endpoint server can register at context creation time as much interfaces as it wants
(multiple interfaces on one endpoint are supported!)
(NOTE: there's a difference between 'endpoint server' and 'endpoint'!
for details look at rpc_server/dcesrv_server.h)
3.) one endpoint can have a security descriptor registered to it self
this will be checked in the future when a client wants to connect
to an smb pipe endpoint.
4.) we now have a 'remote' endpoint server, which works like the ntvfs_cifs module
it takes this options in the [globals] section:
dcerpc remote:interfaces = srvsvc, winreg, w32time, epmapper
dcerpc remote:binding = ...
dcerpc remote:user = ...
dcerpc remote:password = ...
5.) we currently have tree endpoint servers: epmapper, rpcecho and remote
the default for the 'dcerpc endpiont servers = epmapper, rpcecho'
for testing you can also do
dcerpc endpoint servers = rpcecho, remote, epmapper
dcerpc remote:interfaces = srvsvc, samr, netlogon
6,) please notice the the epmapper now only returns NO_ENTRIES
(but I think we'll find a solution for this too:-)
7.) also there're some other stuff left, but step by step :-)
This patch also includes updates for the
register_subsystem() , ntvfs_init(), and some other funtions
to check for duplicate subsystem registration
metze
(hmmm, my first large commit...I hope it works as supposed :-)
(This used to be commit 917e45dafd)
uint32 followed by a GUID. I needed to fix this to support running in
mixed-mode rpc (where smbtorture is bigendian and w2k3 is
little-endian). Otherwise when you send back a policy handle the
server doesn't recognise it.
(This used to be commit 9b1c76a8e9)
This adds support for bigendian rpc in the client. I have installed
SUN pcnetlink locally and am using it to test the samba4 rpc
code. This allows us to easily find places where we have stuffed up
the types (such as 2 uint16 versus a uint32), as testing both
big-endian and little-endian easily shows which is correct. I have now
used this to fix several bugs like that in the samba4 IDL.
In order to make this work I also had to redefine a GUID as a true
structure, not a blob. From the pcnetlink wire it is clear that it is
indeed defined as a structure (the byte order changes). This required
changing lots of Samba code to use a GUID as a structure.
I also had to fix the if_version code in dcerpc syntax IDs, as it
turns out they are a single uint32 not two uint16s.
The big-endian support is a bit ugly at the moment, and breaks the
layering in some places. More work is needed, especially on the server
side.
(This used to be commit bb1af644a5)
I needed to hack the ntlmssp code a little, as the auth code in samba4
is out of date relative to the samba3 auth code. I need to do a merge :)
(This used to be commit 6ee0935afe)
server endpoints. We can now successfully setup listening endpoints on
high ports, then use our endpoint mapper redirect incoming clients to
the right port.
also greatly cleanup the rpc over tcp session handling.
(This used to be commit 593bc29bbe)
needs quite a bit more work to get it finished. The biggest missing
feature is the lack of NTLMSSP which is needed for basic
authentication over tcp
(This used to be commit 9fb0f03693)
for some reason the epm_Lookup replies can't be parsed by ethereal,
although w2k parses then fine as does the Samba4 NDR code.
(This used to be commit 097e7ca99d)
implements the epm_Lookup() call, I'll add the other important calls
soon. I was rather pleased to find that epm_Lookup() worked first
time, which is particularly surprising given its complexity.
This required quite a bit of new infrastructure:
* a generic way of handling dcerpc policy handles in the rpc server
* added type checked varients of talloc. These are much less error
prone. I'd like to move to using these for nearly all uses of
talloc.
* added more dcerpc fault handling code, and translation from
NTSTATUS to a dcerpc fault code
* added data_blob_talloc_zero() for allocating an initially zero
blob
* added a endpoint enumeration hook in the dcerpc endpoint server
operations
(This used to be commit 3f85f9b782)
each rpc endpoint implementation, so we will have rpc_server/samr/
rpc_server/lsa/ etc.
this should encourage each pipe to be written in a more complete
manner, as it gives easy ways to split the pipe into multiple modules.
(This used to be commit 30a996b682)
don't cause fragmented pdus (I'll add fragments shortly)
* change data_blob_talloc() to not zero memory when the 2nd argument
is NULL. The zeroing just masks bugs, and can't even allow a DOS
attack
* modified pidl to ensure that [ref] arguments to the out side of
functions are allocated when parsing the in side. This allows rpc
backends to assume that [ref] variables are all setup. Doesn't work
correctly for [ref] arrays yet
* changed DLIST_ADD_END() to take the type instead of a tmp
variable. This means you don't need to declare a silly tmp variable in
the caller
(This used to be commit 46e0a35819)
