CVS update: samba/source
Luke Leighton
lkcl at samba.anu.edu.au
Tue Nov 18 05:07:25 EST 1997
Date: Tuesday November 18, 1997 @ 5:07
Author: lkcl
Update of /data/cvs/samba/source
In directory samba:/tmp/cvs-serv17637
Modified Files:
Tag: BRANCH_NTDOM
loadparm.c ntdomain.h password.c proto.h reply.c smb.h
smbpass.c
Log Message:
loadparm.c :
added "domain trusted" and "domain trusting" parameters, currently unused.
ntdomain.h :
a little more work on SAMR_UNKNOWN_32 and on LSA_R_ENUM_TRUSTED_DOMAINS
password.c :
split the SMB password checking into a separate function smb_password_ok().
this is used in password_ok() and is also called directly for the trust
accounts (SMBsesssetupX with an account ending in $). you never actually
allow a login with the trust accounts, therefore you don't have a unix id.
therefore, password_ok() fails.
an alternative way to do this would be to have a separate trust-smbpasswd
file. there are advantages to this approach: some extra fields may be needed.
reply.c :
still not allowing trust accounts to log in: always returning an error code.
jht's comments at one stage about opening \PIPE\wkssvc i think is done on
the anonymous IPC$ connection, not on a "trust account" login. therefore
we just need to verify the trust account password, and return the appropriate
error code:
no trust account : NT_STATUS_NO_SUCH_USER
trust account, but wrong password: NT_STATUS_LOGON_FAILURE
wksta trust account, password ok : NT_STATUS_NOLOGON_WKSTA_TRUST_ACCT
domain trust account, password ok: NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCT
server trust account, password ok: NT_STATUS_NOLOGON_SERVER_TRUST_ACCT
this still needs to be looked at, and is still an outstanding issue...
smb.h :
smb_passwd - added acct_ctrl field, which describes the type of SMB account.
see ACB_XXXX #defines at the top of ntdomain.h.
smbpass.c :
reading the acct_ctrl details (4 bytes of hex, e.g :0080: is ACB_WKSTRUST)
from the smbpasswd file. need to talk to the guy who's been rewriting this
code, because this is a temporary hack.
rpc_pipes/lsaparse.c :
updating enum trust domains code. this may end up calling "trusted domains"
and "trusting domains" parameters. the trust account code needs to be
explored, first.
rpc_pipes/pipentlsa.c :
there is a bug in NT's LSA parsing code, which warrants putting a warning
about different frag_len and alloc_hints. sadly.
rpc_pipes/pipenetlog.c :
when modifying the smbpasswd trust account entry, the acct_ctrl field
needs to be set to ACT_WKSTRUST.
rpc_pipes/pipentlsa.c :
enum trusted domains processing...
rpc_pipes/pipesamr.c :
a tiny bit more work on the (totally undocumented) samr pipe
rpc_pipes/pipesrvsvc.c :
bug in the NetShareEnum response. oops.
rpc_pipes/samrparse.c :
a bit more work on the (totally undocumented) samr pipe
rpc_pipes/samrparse.c :
bzero'ed the domain name and domain sid in smb_io_clnt_srv() because
if the data-stream-pointers are NULL the domain name and SID are not
included in the data stream.
More information about the samba-cvs
mailing list