CVS update: samba/source/rpc_pipes
lkcl at samba.anu.edu.au
Tue Nov 18 05:07:27 EST 1997
Date: Tuesday November 18, 1997 @ 5:07
Update of /data/cvs/samba/source/rpc_pipes
In directory samba:/tmp/cvs-serv17637/rpc_pipes
lsaparse.c ntclientlsa.c pipenetlog.c pipentlsa.c pipesamr.c
pipesrvsvc.c samrparse.c smbparse.c
added "domain trusted" and "domain trusting" parameters, currently unused.
a little more work on SAMR_UNKNOWN_32 and on LSA_R_ENUM_TRUSTED_DOMAINS
split the SMB password checking into a separate function smb_password_ok().
this is used in password_ok() and is also called directly for the trust
accounts (SMBsesssetupX with an account ending in $). you never actually
allow a login with the trust accounts, therefore you don't have a unix id.
therefore, password_ok() fails.
an alternative way to do this would be to have a separate trust-smbpasswd
file. there are advantages to this approach: some extra fields may be needed.
still not allowing trust accounts to log in: always returning an error code.
jht's comments at one stage about opening \PIPE\wkssvc i think is done on
the anonymous IPC$ connection, not on a "trust account" login. therefore
we just need to verify the trust account password, and return the appropriate
no trust account : NT_STATUS_NO_SUCH_USER
trust account, but wrong password: NT_STATUS_LOGON_FAILURE
wksta trust account, password ok : NT_STATUS_NOLOGON_WKSTA_TRUST_ACCT
domain trust account, password ok: NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCT
server trust account, password ok: NT_STATUS_NOLOGON_SERVER_TRUST_ACCT
this still needs to be looked at, and is still an outstanding issue...
smb_passwd - added acct_ctrl field, which describes the type of SMB account.
see ACB_XXXX #defines at the top of ntdomain.h.
reading the acct_ctrl details (4 bytes of hex, e.g :0080: is ACB_WKSTRUST)
from the smbpasswd file. need to talk to the guy who's been rewriting this
code, because this is a temporary hack.
updating enum trust domains code. this may end up calling "trusted domains"
and "trusting domains" parameters. the trust account code needs to be
there is a bug in NT's LSA parsing code, which warrants putting a warning
about different frag_len and alloc_hints. sadly.
when modifying the smbpasswd trust account entry, the acct_ctrl field
needs to be set to ACT_WKSTRUST.
enum trusted domains processing...
a tiny bit more work on the (totally undocumented) samr pipe
bug in the NetShareEnum response. oops.
a bit more work on the (totally undocumented) samr pipe
bzero'ed the domain name and domain sid in smb_io_clnt_srv() because
if the data-stream-pointers are NULL the domain name and SID are not
included in the data stream.
More information about the samba-cvs