IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
verified that lsaquery, lsalookupsids work, and found some bugs in the
parameters of these commands :-)
soo... we now have an lsa_* api that has the same arguments as the nt
Lsa* api! cool!
the only significant coding difference is the introduction of a
user_credentials structure, containing user, domain, pass and ntlmssp
flags.
(This used to be commit 57bff6fe82)
implementation (NT5) when you discover that your code is trash.
samr_enum_dom_users(), samr_enum_dom_aliases() and samr_enum_dom_groups()
all take a HANDLE for multiple-call enumeration purposes.
(This used to be commit 19490d8b4f)
samr_lookup_rids() moved to a dynamic memory structure not a
static one limited to 32 RIDs. cli_pipe.c reading wasn't checking
ERRmoredata when DOS error codes negotiated (this terminates
MSRPC code with prejudice).
(This used to be commit 8976eca2db)
this format is what i would like _all_ these functions to be
(returning status codes, not BOOL) but that's a horrendous
amount of work at the moment :)
(This used to be commit 02f2406042)
Added synchronise_passdb function to update accounts in a BDC's smbpasswd.
Improved rpc_read, which was still somewhat broken for multiple PDU's.
modify_trust_password must initialise cli.pwd (pwd_set_nullpwd).
(This used to be commit 4783ac3968)
to alignment, missing fields, etc. - it should now work correctly.
There is still the problem of decoding the private data field.
(This used to be commit c3c25e762f)
* Added SEC_CHAN_BDC
* Propagate sec_chan into the various functions which change trust account
passwords, so they can be used for domain control and inter-domain
trusts.
* Fix for endianness problem reported by Edan Idzerda <edan@mtu.edu>. A
BUFFER2 is really a "unibuf" in my terminology and we should treat it as
such.
* Added some more common NT structures (BIGINT, BUFHDR2, BUFFER4).
* Added NET_SAM_SYNC (-> NetDatabaseSync2) RPC for account replication.
Still experimental and incomplete, with a few too many NULL security
descriptors lying around (must go look at Jeremy's SD code). Haven't
worked out password encryption yet either.
However, the XXX_INFO structures I've added to rpc_netlogon.h are quite
nice as they give some insight into how these objects are stored in the
SAM.
(This used to be commit 7b830350eb)
LsaLookupSids etc from within SamrQueryAliasMembers, for example.
fnum is now a parameter to client functions. thanks to mike black
for starting the ball rolling.
(This used to be commit bee8f7fa6b)
in a more sane way.
rpc_client/cli_netlogon.c: Removed correct bits check to see if this works with an NT3.51 PDC.
rpc_parse/parse_samr.c: Fixed compile warnings.
Jeremy.
(This used to be commit 34d8f4b1c4)
the pre-alpha "domain group" etc parameters have disappeared.
- interactive debug detection
- re-added mem_man (andrew's memory management, detects memory corruption)
- american spellings of "initialise" replaced with english spelling of
"initialise".
- started on "lookup_name()" and "lookup_sid()" functions. proper ones.
- moved lots of functions around. created some modules of commonly used
code. e.g the password file locking code, which is used in groupfile.c
and aliasfile.c and smbpass.c
- moved RID_TYPE_MASK up another bit. this is really unfortunate, but
there is no other "fast" way to identify users from groups from aliases.
i do not believe that this code saves us anything (the multipliers)
and puts us at a disadvantage (reduces the useable rid space).
the designers of NT aren't silly: if they can get away with a user-
interface-speed LsaLookupNames / LsaLookupSids, then so can we. i
spoke with isaac at the cifs conference, the only time for example that
they do a security context check is on file create. certainly not on
individual file reads / writes, which would drastically hit their
performance and ours, too.
- renamed myworkgroup to global_sam_name, amongst other things, when used
in the rpc code. there is also a global_member_name, as we are always
responsible for a SAM database, the scope of which is limited by the role
of the machine (e.g if a member of a workgroup, your SAM is for _local_
logins only, and its name is the name of your server. you even still
have a SID. see LsaQueryInfoPolicy, levels 3 and 5).
- updated functionality of groupname.c to be able to cope with names
like DOMAIN\group and SERVER\alias. used this code to be able to
do aliases as well as groups. this code may actually be better
off being used in username mapping, too.
- created a connect to serverlist function in clientgen.c and used it
in password.c
- initialisation in server.c depends on the role of the server. well,
it does now.
- rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
(This used to be commit 0d21e1e609)
now as "RPC fault" if the UNIHDR structure lengths do not exactly
match up to the length of the data stream.
so, all versions of samba prior to this one have an off-by-one bug
in unicode string lengths.
all versions of NT prior to NT 5 beta 2 could possibly have buffer
problems when receiving badly formatted UNICODE strings.
(This used to be commit 161eb6f511)
- cleaned up resolve_name() (split into separate functions for each resolver)
- if can't find local master then use #1B name
- support listing of foreign workgroups in /smb/
(This used to be commit a4e607c17d)
prompted by the interpret_security() dead code that Jean-Francois
pointed out I added a make target "finddead" that finds potentially
dead (ie. unused) code. It spat out 304 function names ...
I went through these are deleted many of them, making others static
(finddead also reports functions that are used only in the local
file).
in doing this I have almost certainly deleted some useful code. I may
have even prevented compilation with some compile options. I
apologise. I decided it was better to get rid of this code now and add
back the one or two functions that are needed than to keep all this
baggage.
So, if I have done a bit too much "destroying" then let me know. Keep
the swearing to a minimum :)
One bit I didn't do is the ubibt code. Chris, can you look at that?
Heaps of unused functions there. Can they be made static?
(This used to be commit 2204475c87)
Connections[] is now a local array in server.c
I might have broken something with this change. In particular the
oplock code is suspect and some .dll files aren't being oplocked when
I expected them to be. I'll look at it after I've got some sleep.
(This used to be commit c7ee025ead)
password.c: Added code to tell server.c when machine password needs changing.
server.c: Change machine password in idle cycles if it needs it.
smbpassfile.c: Fixed up length calculations for machine password file.
smbpasswd.c: Moved domain joining code/machine password changing code.
lib/rpc/client/cli_netlogon.c: And this is where it now lives.
Jeremy.
(This used to be commit b8fedca619)
everywhere. I've implemented slprintf() as a bounds checked sprintf()
using mprotect() and a non-writeable page.
This should prevent any sprintf based security holes.
(This used to be commit ee09e9dadb)
password.c: Stopped cli_nt_logout call (we don't have it correct yet).
Added Luke object-orientation fix :-).
smb.h: Added clnt_name_slash to cli_state.
lib/rpc/client/cli_login.c: Changed global_myname to clnt_name_slash where needed.
lib/rpc/client/cli_netlogon.c: Fixed debug messages, don't check creds on error.
lib/rpc/client/cli_pipe.c: Fixed debug messages, Added Luke object-orientation fix.
lib/rpc/parse/parse_misc.c: Fixed STRING2 linearization bug that was adding 1.
Jeremy.
(This used to be commit c6c22df201)
WARNING - so far this has only been tested against a Samba PDC
(still waiting for IS to add me the machine accounts :-).
Still missing is the code in smbpasswd that will add a machine
account password and change it on the domain controller, but
this is not hard, and I will check it in soon.
Jeremy.
(This used to be commit 17b94a7084)
It is changing the global variables "myname" and "myworkgroup"
to "global_myname" and "global_myworkgroup" respectively.
This is to make it very explicit when we are messing
with a global (don't ask - it makes the domain client
code much clearer :-).
Jeremy.
(This used to be commit 866406bfe3)
all I saw" - the book of Jeremy, chapter 1 :-).
So here is the mega-merge of the NTDOM branch server code.
It doesn't include the new client side pieces, we'll look
at that later.
This should give the same functionality, server wise, as
the NTDOM branch does, only merged into the main branch.
Any fixes to domain controler functionality should be
added to the main branch, not the NTDOM branch.
This code compiles without warnings on gcc2.8, but will
need further testing before we are sure all the working
functionality of the NTDOM server branch has been
correctly carried over.
I hereby declare the server side of the NTDOM branch
dead (and all who sail in her :-).
Jeremy.
(This used to be commit 118ba4d77a)
