IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
----------------------------
- removed DOM_RID4
- removed SAMR_UNKNOWN_32
- added SAMR_SET_USERINFO (opcode 0x32)
- added level 0x1 to SAMR_QUERY_DOM_INFO (needed for create user)
- fixed pwdb_gethexpwd() it was failing on XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- added mod_sam21pwd_entry()
- preparing to call mod_sam21pwd_entry()
- added "user session key" to user_struct.dc. this is md4(nt#) and is
needed to decode user's clear-text passwords in SAMR_SET_USERINFO.
- split code out in chgpasswd.c to decode 516 byte password buffers.
(This used to be commit 2e58ed742435befe419aa366c4052019fede8c23)
possible to fix lsa_r_lookup_names, but forgot to add that pointer in
to lsa_r_lookup_sids, where DOM_R_REF was also being used.
(This used to be commit 9092368af8adbf412c71af7216365e926593d54d)
service on its BDC's prior to initiating SAM replication. For now just
return success.
(This used to be commit 113d03a38a34e5c4115dab59349078093bcd4888)
to MAX_SAM_ENTRIES to prevent truncation of user lists.
A proper implementation is not important right now.
(This used to be commit 900238a66153c276d63780e3264651089291d185)
(-> LsarQuerySecret) on client side, including rpcclient command
"querysecret" for others to play with.
The major obstacle is working out the encryption algorithm used
for the secret value. It definitely uses the NT hash as part of the
key, and it seems the block size is 64 bits - probably DES based -
but I can't work out what's done in between. Help required.
(This used to be commit 365fa3b5fbf551670acc91f593138a7e91a5f7fa)
last count (probably an ENUM / resume handle) should always be returned
even if there are no items being returned.
- got fed up of seven intendation levels in cmd_samr.c, maximum recommended
in *any* code is three! made some sub-fns instead.
(This used to be commit 1c330d568225759950401cfb98fe9e99db81419c)
* Added SAMR_LOOKUP_DOMAIN (-> SamrLookupDomainInSamServer)
* Added real SAMR_ENUM_DOM_GROUPS (corresponding to
SamrEnumerateGroupsInDomain). The existing one is just an alias for
SamrQueryDisplayInformation (see below).
* Added three extra info levels to SAMR_QUERY_DISPINFO. Info level 3 is
what was previously SAMR_ENUM_DOM_GROUPS; info levels 4 and 5 are
simple user/group list requests used by Win9x and I suspect (haven't
checked) the "low speed connection" User Manager.
* Added another two aliases for SAMR_QUERY_DISPINFO, opcodes 0x30 and
0x33. Usually the first is with info level 3 and the second 4 but there is
some overlap so indeed these should be implemented as just aliases.
* Return ERRDOS/ERRmoredata on extra data instead of
STATUS_BUFFER_OVERFLOW for Win95's benefit. On a named pipe this results
in an SMBreadX as usual.
Still need to fix SAMR_QUERY_DOMAIN_INFO which has a hard-coded number of
users and groups - which Win95 proceeds to truncate at.
(This used to be commit 7d03e6e21908f3a759a4e65c5edd850622335e3e)
No more ugly static library buffers and all functions take a destination
string length (especially unistrcpy was rather dangerous; we were only
saved by the fact that datagrams are limited in size).
(This used to be commit a1d39af1ce1d451b811dbd7c2ba391214851b87e)
also needed to use start index properly and generate next index.
both client and server code need to recognise error code 0x105
when there's not enough room to store all the users in one call.
sort this out another time.
(This used to be commit ad58cdfac6b85d9431216e32e532ad4d60f9c6dd)
LsaLookupNames being incorrect. this is a bit wierd: why would the
lsass.exe on the nt _client_ crash due to an LsaLookupNames response
from a samba _server_?
(This used to be commit a15a3f95f2a14ab164ca758e2145444a803190b2)
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
- samr_enum_dom_users, the first 4 bytes is some sort of garbage,
nt5-beta2 clears them out to zeros whereas nt4 does not.
fixed bug where we were assuming that the first 4 bytes of a
response _had_ to be non-zero.
- cli_lsarpc.c: forgot to append the rid on the lsa_lookup_names()
client call.
- added in "addaliasmem" and "addgroupmem" commands. the addaliasmem
command actually turned out to be a "delaliasmem" :-) :-)
- parse_lsa.c: moved assert array check to after the size of useable
array space is set...
(This used to be commit 165b15a8cacc4bc7cf8cc0b9aaabb6b92cef7fdb)
- renamed do_lsa_xxx to lsa_xxx
- added "enumgroups [-m]" command, enumerates groups, shows members.
- added cmd_sam_add_groupmem(), need to call these in rpcclient.c
- added cmd_sam_add_aliasmem(), need to call these in rpcclient.c
- modified "enumaliases [-m]" command
- improved "enumgroups" and "enumaliases" to display names not just RIDS/SIDs.
- renamed "samr_unknown_12" to "samr_lookup_rids".
- added the following client-side functions:
get_samr_query_groupmem()
get_samr_query_aliasmem()
get_samr_query_groupinfo()
samr_enum_dom_groups()
samr_enum_dom_aliases()
samr_add_aliasmem()
samr_add_groupmem()
- improved display output (display.c)
(This used to be commit eacc5e581af2b4de24186b9be3238b352c54effe)
query.
domain groups now work, hurrah! only thing is that the description is
one character long, don't know why (which is wierd in itself).
(This used to be commit 78a86c64960a7823b0db8b7bebfffabb4a5ba864)
samr_query_aliasmembers (cool!)
util_pwdb.c sids.c nmbd.c server.c smbpasswd.c swat.c :
pwdb_initialise(BOOL is_server) now creates / reads DOMAIN_NAME.SID
if is_server is True, and does LsaQueryInfoPolicy(levels 3 and 5)
to obtain member and pdc sids.
(This used to be commit 3e1eb4f26b67e484b05e1dde94fd4e4dae982631)
- split sam_passwd and smb_passwd into separate higher-order function tables
- renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user"
plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd
password databases to fill in the blank entries that are not obtained
from whatever password database API instance is being used.
NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST
be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c
for the only example outside of the password database APIs i could find.
- added query_useraliases code to rpcclient.
- dealt with some nasty interdependencies involving non-smbd programs
and the password database API. this is still not satisfactorily
resolved completelely, but it's the best i can do for now.
- #ifdef'd out some password database options so that people don't
mistakenly set them unless they recompile to _use_ those options.
lots of debugging done, it's still not finished. the unix/NT uid/gid
and user-rid/group-rid issues are better, but not perfect. the "BUILTIN"
domain is still missing: users cannot be added to "BUILTIN" groups yet,
as we only have an "alias" db API and a "group" db API but not "builtin-alias"
db API...
(This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
