CVS update: samba/source/rpc_pipes

Luke Leighton lkcl at
Tue Nov 18 05:07:27 EST 1997

Date:	Tuesday November 18, 1997 @ 5:07
Author:	lkcl

Update of /data/cvs/samba/source/rpc_pipes
In directory samba:/tmp/cvs-serv17637/rpc_pipes

Modified Files:
	lsaparse.c ntclientlsa.c pipenetlog.c pipentlsa.c pipesamr.c 
	pipesrvsvc.c samrparse.c smbparse.c 
Log Message:

loadparm.c :

	added "domain trusted" and "domain trusting" parameters, currently unused.

ntdomain.h :

	a little more work on SAMR_UNKNOWN_32 and on LSA_R_ENUM_TRUSTED_DOMAINS

password.c :

	split the SMB password checking into a separate function smb_password_ok().
	this is used in password_ok() and is also called directly for the trust
	accounts (SMBsesssetupX with an account ending in $).  you never actually
	allow a login with the trust accounts, therefore you don't have a unix id.
	therefore, password_ok() fails.

	an alternative way to do this would be to have a separate trust-smbpasswd
	file.  there are advantages to this approach: some extra fields may be needed.

reply.c :

	still not allowing trust accounts to log in: always returning an error code.
	jht's comments at one stage about opening \PIPE\wkssvc i think is done on
	the anonymous IPC$ connection, not on a "trust account" login.  therefore
	we just need to verify the trust account password, and return the appropriate
	error code:

	no trust account                 : NT_STATUS_NO_SUCH_USER
	trust account, but wrong password: NT_STATUS_LOGON_FAILURE
	wksta trust account, password ok : NT_STATUS_NOLOGON_WKSTA_TRUST_ACCT
	domain trust account, password ok: NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCT
	server trust account, password ok: NT_STATUS_NOLOGON_SERVER_TRUST_ACCT

	this still needs to be looked at, and is still an outstanding issue...

smb.h :

	smb_passwd - added acct_ctrl field, which describes the type of SMB account.
	see ACB_XXXX #defines at the top of ntdomain.h.

smbpass.c :

	reading the acct_ctrl details (4 bytes of hex, e.g :0080: is ACB_WKSTRUST)
	from the smbpasswd file.  need to talk to the guy who's been rewriting this
	code, because this is a temporary hack.

rpc_pipes/lsaparse.c :

	updating enum trust domains code.  this may end up calling "trusted domains"
	and "trusting domains" parameters.  the trust account code needs to be
	explored, first.

rpc_pipes/pipentlsa.c :

	there is a bug in NT's LSA parsing code, which warrants putting a warning
	about different frag_len and alloc_hints.  sadly.

rpc_pipes/pipenetlog.c :

	when modifying the smbpasswd trust account entry, the acct_ctrl field
	needs to be set to ACT_WKSTRUST.

rpc_pipes/pipentlsa.c :

	enum trusted domains processing...

rpc_pipes/pipesamr.c :

	a tiny bit more work on the (totally undocumented) samr pipe

rpc_pipes/pipesrvsvc.c :

	bug in the NetShareEnum response.  oops.

rpc_pipes/samrparse.c :

	a bit more work on the (totally undocumented) samr pipe

rpc_pipes/samrparse.c :

	bzero'ed the domain name and domain sid in smb_io_clnt_srv() because
	if the data-stream-pointers are NULL the domain name and SID are not
	included in the data stream.

More information about the samba-cvs mailing list