IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
smbpasswd or ldap passwd, at compile-time (-DUSE_LDAP).
_none_ of the functions in ldap.c or smbpass.c should be called directly:
only those in passdb.c should be used.
-DUSE_LDAP is unlikely to compile at the moment.
server.c: Moved %U, %G and %N into standard_sub() from standard_sub_basic()
as only smbd knows about usernames. Also fixes problem with calling
standard_sub_basic() from loadparm.c.
smbpass.c: Partial tidyup of machine_password_lock() code - not finished yet.
util.c: Moved %U, %G and %N into standard_sub() from standard_sub_basic()
as only smbd knows about usernames. Also fixes problem with calling
standard_sub_basic() from loadparm.c.
lib/rpc/server/srv_ldap_helpers.c: Added #ifdef USE_LDAP around ldap code.
lib/rpc/server/srv_samr.c: Added #ifdef USE_LDAP around ldap code.
Jeremy.
passwords to be stored over time, allowing a smbpasswd file migration.
Adds new parameter "update encrypted".
Will also add to 1.9.18 branch.
Docs update to follow.
Jeremy.
added become_root / unbecome_root around the get machine account password.
smbpass.c:
cleaning up code.
- turning if (BOOL_expr == False) into if (BOOL_expr)
what if you test if (BOOL_expr == True) and someone defines
True to be -1 on one system and 1 on another? or if you get
inconsistent return results between developers
- removed if ((FILE*) == 0) and made this if ((FILE*) == NULL) -
cannot assume that NULL is zero integer. plus there are typecast
issues to deal with
- removed return (ret == 0) ? True : False and made this return ret == 0
rely on the compiler to return correct BOOL value: not all developers
will return True or False #defines: stick with BOOL test (non-zero).
- removed if (ret == False) replaced with if (!ret)
- bug where instead of if (sizeof(pstring)-len-len-6 < 0) it had a
boolean test if (pstring-len-len-6).
- removed "." after debugging of filenames: the "." - a fullstop -
looked like it was part of the filename, making things difficult
to sort out.
still to be resolved: the global_myname isn't set up, such that the
machine account password file is named "TEST3..mac".
WARNING - so far this has only been tested against a Samba PDC
(still waiting for IS to add me the machine accounts :-).
Still missing is the code in smbpasswd that will add a machine
account password and change it on the domain controller, but
this is not hard, and I will check it in soon.
Jeremy.
password.c: Started the initial code for domain_client_validate(). All
bracketed with #ifdef DOMAIN_CLIENT for now.
reply.c: Call to domain_client_validate(). All
bracketed with #ifdef DOMAIN_CLIENT for now.
smbpass.c: New code to get/set machine passwords. Tidied up nesting
of lock calls.
Jeremy.
smbpass.c: Added lock depth code so calls to pw_file_lock() can be nested.
Fixed codedump problems in add_smbpwd_entry().
smbpasswd.c: Removed all the code that manipulated the password file
directly. Now *all* smbpasswd file changes are done through
the interfaces defined in smbpass.c This should make
the life of people adding alternate backend databases
*much* easier.
lib/rpc/server/srv_netlog.c: Removed debug messages used to debug
machine password changing.
Jeremy.
nmbd.c: Fix for always overwriting log despite append setting.
smb.h: Addition of last time password changed entry to account info.
smbpass.c: Changes to support last time changed field in smbpasswd file.
smbpasswd.c: Changes to support last time changed field in smbpasswd file.
util.c: Fix for always overwriting log despite append setting.
Jeremy.
get_smbpwd_entry (now an internal function to smbpass.c)
to a more UNIX-like :
getsmbpwnam() - get entry by name.
getsmbpwuid() - get entry by uid.
Changed the type returned by the smbpasswd enumeration
functions to be a void * so that people don't come to
depend on it being a FILE *.
These abstractions should make it much easier to
replace the smbpasswd file with a better backend
in future.
Other files changed are to match the above changes.
Jeremy.
Changed smbpasswd to be client-server for a normal user, rather
than accessing the private/smbpasswd file directly (it still accesses
this file directly when run as root, so root can add users/change a
users password without knowing the old password).
A shakeout of this change is that smbpasswd can now be used to
change a users password on a remote NT machine (yep - you heard
that one right - we can now change a NT password from UNIX !!!!!).
Jeremy.
all I saw" - the book of Jeremy, chapter 1 :-).
So here is the mega-merge of the NTDOM branch server code.
It doesn't include the new client side pieces, we'll look
at that later.
This should give the same functionality, server wise, as
the NTDOM branch does, only merged into the main branch.
Any fixes to domain controler functionality should be
added to the main branch, not the NTDOM branch.
This code compiles without warnings on gcc2.8, but will
need further testing before we are sure all the working
functionality of the NTDOM server branch has been
correctly carried over.
I hereby declare the server side of the NTDOM branch
dead (and all who sail in her :-).
Jeremy.
to fix the fact that retransmit_or_expire_response_records() wasn't looking
at the WINS subnet.
server.c: Patch from jkf@soton.ac.uk to add %p (NIS server path) substitution.
smbpass.c: Fix to stop parsing failing on non-valid lines.
trans2.c: Fix for volume serial number code.
util.c: Patch from jkf@soton.ac.uk to add %p (NIS server path) substitution.
Fix for warnings under RH5. gcc 2.8.
Jeremy.
from Max Khon <max@iclub.nsu.ru>.
chgpasswd.c: Allow old RAP change password to work with encrypted
passwords. Samba can now allow Windows 95/NT clients to securely
change the Lanman password ! (But not the NT hash - that gets lost).
ipc.c:
smbdes.c:
smbpass.c: Support for the above.
server.c: #ifdef'ed out fix for NT redirector bug.
util.c: Fix NIS bug with server name.
Jeremy.
separated out smb server-mode password validation into a separate file.
added called and calling netbios names to client gen state: referenced
section in rfc1002.txt.
created workstation trust account checking code in ntclient.c
there might be a bug in reply_session_setup_andX. i indented and added { }
around single-line if statements: the lm password checking code now doesn't
look right (around the GUEST_SESSSETUP bits). *no code semantics have been
changed by the indentation process*.
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
added "domain hosts allow" and "domain hosts deny". these are to be
used to specify which workstations can log in to a samba PDC from.
it is also used to check whether to add an initial machine password
into the smbpasswd database or not
smbpass.c :
added capability to add a machine password to the smbpasswd database.
***** the default uid is zero *****
rpc_pipes/pipenetlog.c :
use of "domain hosts allow/deny" parameters to allow login access.
proto.h :
usual.
1) put the encryption code in by default, with no #ifdef. It is still
disabled by default so you need to add "encrypt passwords = yes" in
smb.conf but at least all binaries will have it.
2) cleanup the kanji code so it compiles with no warnings
3) get rid of lots of uses of ugly non-portable C code. The main
offender being things like "register" but also remove uses of the
"const" keyword as there are compilers out there that don't support it
and even those that do often complain about its usage. Users don't
like warnings :-(
There is still some work to do. We need to replace the md4 code with
our own implementation. The current code (from rfc1186) is PD but is
not very portable. The new RFC (rfc1320) is more portable but adds
copyright restrictions. I'll do a from-scratch MD4 soon.
We also need to test that what I've implemented is portable. It should
be, but I'm too tired right now to test it on anything other than
intel linux.
chgpasswd.c: Added Samba/GPL notice (for obvious reasons).
clitar.c: Updated Copyright date to include 1997 (for obvious reasons).
getsmbpass.c: Updated Copyright date to include 1997 (for obvious reasons).
includes.h: Added stropts for solaris.
loadparm.c: Changed comment for hide files option.
nameconf.c: Updated Copyright date to include 1997 (for obvious reasons).
nmbd.c: Updated Copyright date to include 1997 (for obvious reasons).
pcap.c: Updated Copyright date to include 1997 (for obvious reasons).
proto.h: Re-added accidentaly deleted smb_shm_ calls.
quotas.c: Added AIX quota patch from Ole Holm Nielsen <ohnielse@fysik.dtu.dk>
server.c: Optimization on calling is_hidden_path. Updated Copyrights.
smb.h: Changed DEFAULT_FILES_TO_HIDE from "*/.*" to ".*".
smbpass.c: Updated Copyright date to include 1997 (for obvious reasons).
ufc.c: Updated Copyright date to include 1997 (for obvious reasons).
util.c: Added last component code to is_in_path().
Jeremy (jallison@whistle.com)
set the mode on all created files. I think this is a better policy.
- change the debug levels on some items
- fix a charset handling bug which affected foreign and extended
charset users
- no longer switch back to the original directory when idle, instead
switch to / as the original directory may not be readable by ordinary
users.
- fix some bugs where the create mode of files was not being
explicitly set (it was relying on the umask and using fopen). Not a
big bug as it only affected obscure commands like the messaging ops.
- got rid of the lock code in the lpq cache as its no longer needed
- rewrote smbrun to be faster and to remove the security hole. We now
don't actually need a external smbrun binary, its all done by smbd.
- add a more explicit warning about uids and gids of -1 or 65535
The biggest thing is the integration of Lukes new nmbd. Its still
largely untested, so we will really need some feedback
I've also added auto prototype generation and cleaned up a lot of
minor things as a result
