Age | Commit message (Collapse) | Author | Files | Lines |
|
everywhere. I've implemented slprintf() as a bounds checked sprintf()
using mprotect() and a non-writeable page.
This should prevent any sprintf based security holes.
(This used to be commit 6b0c1733d2ebf3b8f09f3bf88b8648d8b371bb1f)
|
|
This now tries Enhanced passwords first and if this fails trys Basic
mode (ie: Unix /etc/passwd) authentication. This only happens when
OSF1_ENH_SEC is defined at compilation.
(This used to be commit 29462c8d7a241eb462b1583170a0b5f16096ea3f)
|
|
(This used to be commit d42dd371fa2ab690bf4261a735f03a7380479ebe)
|
|
(This used to be commit d7975ef1e3f38e678ea20d3f86718b05f4fb1aff)
|
|
(This used to be commit beb56f083d6f9c557486f08b8266c53552684118)
|
|
messages.
nttrans.c: More updates.
smb.h: Removed stuff that didn't belong in the smb_passwd struct. Persuaded Luke
to use a new structure.
web/swat.c: Fixed gcc complaints about shadowing global 'string'.
Jeremy.
(This used to be commit 61c1dbb9785ed1e6fe40f93c7cc65024884df6f5)
|
|
Jeremy.
(This used to be commit 6dde50738fcdbaae799101b84ab6b6270696193d)
|
|
release-alpha scripts operate correctly when it comes to generating
a release or alpha release.
(This used to be commit 6f792502d714c4883fe0831068c4ac703e7029ba)
|
|
(This used to be commit 29eda8a00ad0d1036a14e2b1e30c7aeca846bbb2)
|
|
(This used to be commit bcafdcda85581cee4b7b5ead4526c30851e461bf)
|
|
I now only have one warning in my code which is the result of some code I have started
working on but am not yet using in the code, along with a warning that is caused
by one of the include files (a nested comment).
I used -Wall -Wshadow -Wstrict-prototypes
(This used to be commit 7b98fd5b69282320af700833c2d2720c42a382d8)
|
|
and "if (bool==False)" code from ldap.c - a boolean test may not necessarily
return exactly True or exactly False: True may be defined to be -1: you never
know...
(This used to be commit 9bf9752134a92b9a6e8895300d986cfa23547c03)
|
|
the smbpw functions are expected to fill in the blanks by reading the
appropriate smb.conf parameters.
the ldappw functions are expected to fill in the fields from the ldap
database. a separate utility can be written to fill in the ldap database
fields from the smb.conf parameters, at a later date.
(This used to be commit 0b6394c83ec20afdd8065da6785e057c35f3951f)
|
|
view config section does) in the basic view. There is also a
reset button to undo all changes you have made (that haven't
been committed). In addition each field now has a "Set Default"
button. Multi-choice fields are now select fields instead of
a set of radio buttons.
On the status screen I added a "restart" option for stopping then
starting smbd and nmbd.
(This used to be commit a6edde4f004d3ba65d938acd3e6e094664a6c468)
|
|
(This used to be commit ce1af10ab44d5d16557ddfd28c58f1669c04e0b3)
|
|
trans2.c: Paranoia bugfixes added when studying nttrans.c.
Jeremy.
(This used to be commit 94e70edef91c71703a7ebcdaf2b5a2bdce940a69)
|
|
compiled yet, just checked in for safe keeping :-).
Jeremy.
(This used to be commit 74565f0039be8ab02a501accad5e671e80733314)
|
|
of information will be lost as these functions currently return
struct smb_passwd not SAM_USER_INFO_21 or any other type of structure...
(This used to be commit ad3097099cba524c9ec7c3ffc6d5647019efeaab)
|
|
(This used to be commit a827412effe75029622cc3c822b1d581dd374fda)
|
|
(This used to be commit abe261b2f5ea7036e7be6230876176d134ef4ee4)
|
|
problem....
smbpass.c: Removed Luke's dire warning - as some of the functions in here
*need* to be called externally :-).
Jeremy.
(This used to be commit 1fd8d12ca414066acec71b33eb8a13e16c2acd3a)
|
|
smbpasswd or ldap passwd, at compile-time (-DUSE_LDAP).
_none_ of the functions in ldap.c or smbpass.c should be called directly:
only those in passdb.c should be used.
-DUSE_LDAP is unlikely to compile at the moment.
(This used to be commit 57b01ad4ffb14ebd600d4e66602b54ed987f6106)
|
|
Jeremy.
(This used to be commit dfdc9b0b1e47717b83e54f1cf726e40122cf9baf)
|
|
He also suggested that some systems may implement free() as a macro (but
I think he was looking for an excuse ;). Anyway, I've added a function
to mangle.c that calls free().
Chris -)-----
(This used to be commit 95f7b03285c42e8f5573690939b79afc7e686908)
|
|
password.c: Fixed machine_passwd_lock() problems.
lib/rpc/server/srv_ldap_helpers.c: Oops - broke proto.h with dummy function. Fixed now.
Jeremy.
(This used to be commit d28427f21fff49da6b38c24625e3e2dae49a9713)
|
|
server.c: Moved %U, %G and %N into standard_sub() from standard_sub_basic()
as only smbd knows about usernames. Also fixes problem with calling
standard_sub_basic() from loadparm.c.
smbpass.c: Partial tidyup of machine_password_lock() code - not finished yet.
util.c: Moved %U, %G and %N into standard_sub() from standard_sub_basic()
as only smbd knows about usernames. Also fixes problem with calling
standard_sub_basic() from loadparm.c.
lib/rpc/server/srv_ldap_helpers.c: Added #ifdef USE_LDAP around ldap code.
lib/rpc/server/srv_samr.c: Added #ifdef USE_LDAP around ldap code.
Jeremy.
(This used to be commit 446b98ca071170fc950bad86ad96b58308a5b75c)
|
|
CVS head branch will not compile.
Jeremy.
(This used to be commit 18a0a10dcb04733a2d7ba0e16d07ab7e6e2d54be)
|
|
he's going to hate me for checking this in so early, but...
(This used to be commit ad9ba0a1cbac5c4e6cbcbcadefe8f1df72231f74)
|
|
(This used to be commit 94f31b95f708a4362fdcc697610d6edc9b72a5fc)
|
|
(This used to be commit 81bf26309248b63cc7e167170a8b384c11126ded)
|
|
things static, and have done a 'make proto; make clean; make'.
Still get 54 compiler warnings under Digital UNIX cc.
Honest. :-)
(This used to be commit 47eb7e5be2f12206bd2de0670be478d80e1d84de)
|
|
also print out the first 50 chars of an overflowing string so we have
some chance of working out what is causng them.
(This used to be commit 7a67e76722521ac8099cbcda054b0f4bf45c7bfe)
|
|
Essentially, multiple session_setup_and_X's may be done
to an smbd. As there is only one global variable containing
the requested connection name (sessionsetup_user), then any
subsequent sessionsetups overwrite this name (causing %U
and %G to get the wrong name). This is particularly common
when an NT client does a null session setup to get a
browse list after the user has connected, but before
a share has been mounted.
These changes store the requested_name in the vuid structure
(so this only really works for user level and above security)
and copies this name back into the global variable before
the standard_sub call.
Jeremy.
(This used to be commit b5187ad6a3b3af9fbbeee8bced0ab16b41e9825b)
|
|
ipc.c: Fix for duplicate printer names being long.
loadparm.c: Set bNetWkstaUserLogon to false by default - new code in password.c
protects us.
nmbd_logonnames.c:
nmbd_namequery.c:
nmbd_namerelease.c: Debug messages fix.
password.c: SGI compile warning fix, fix for tcon() with bNetWkstaUserLogon call.
reply.c: SGI compile warning fix.
server.c Debug messages fix.
smbpass.c: Fix for incorrect pointer.
Jeremy.
(This used to be commit 567d3f838988cafab4770fce1cf68b73085e6c71)
|
|
from the 1.9.18 tree
(This used to be commit 228a2a0507494e0b13ed5c74488607811da20140)
|
|
needs fixing (sorry).
Jeremy.
(This used to be commit 50f75b11465ac45f1944ed613a65524ca4e60594)
|
|
occur.
Also getting ready for setting directory dates correctly
(This used to be commit fc0cad9035f9cbb5d8a5ee0221c342a3f90cf201)
|
|
(This used to be commit 532b3956c66eda1b7e787b1c6906bcf574f66216)
|
|
(This used to be commit 75298937a851573309cad66af9816010ad2bd9a7)
|
|
idb.pl - minor fixups for sorting of output file.
(This used to be commit 4657367c5c80867fcd08e9bbe7557bc2ac770504)
|
|
passwords to be stored over time, allowing a smbpasswd file migration.
Adds new parameter "update encrypted".
Will also add to 1.9.18 branch.
Docs update to follow.
Jeremy.
(This used to be commit 5d3e874d780d595415cc27a7f5945fc2e694c3ac)
|
|
loadparm.c: Patch from tim@quiknet.com for static string problems.
server.c: Setup global_myname.
smbpass.c: Fix up locking. Add machine_password_delete() call.
smbpasswd.c: Added provisional code to add to a domain.
lib/rpc/client/cli_login.c: Fixed incorrect cred_hash3 call when setting machine password.
lib/rpc/server/srv_netlog.c: Fixed incorrect cred_hash3 call when setting machine password.
Jeremy.
(This used to be commit 6a7164233e3bf9d6bb57c44a53204068e454ae5c)
|
|
password.c: Stopped cli_nt_logout call (we don't have it correct yet).
Added Luke object-orientation fix :-).
smb.h: Added clnt_name_slash to cli_state.
lib/rpc/client/cli_login.c: Changed global_myname to clnt_name_slash where needed.
lib/rpc/client/cli_netlogon.c: Fixed debug messages, don't check creds on error.
lib/rpc/client/cli_pipe.c: Fixed debug messages, Added Luke object-orientation fix.
lib/rpc/parse/parse_misc.c: Fixed STRING2 linearization bug that was adding 1.
Jeremy.
(This used to be commit c6c22df20196cb7f0ae84b1a1dd202a87adb8d4e)
|
|
(This used to be commit e21b3a527cc6a3a3b0dee12430bd78d9cc340ae8)
|
|
added become_root / unbecome_root around the get machine account password.
smbpass.c:
cleaning up code.
- turning if (BOOL_expr == False) into if (BOOL_expr)
what if you test if (BOOL_expr == True) and someone defines
True to be -1 on one system and 1 on another? or if you get
inconsistent return results between developers
- removed if ((FILE*) == 0) and made this if ((FILE*) == NULL) -
cannot assume that NULL is zero integer. plus there are typecast
issues to deal with
- removed return (ret == 0) ? True : False and made this return ret == 0
rely on the compiler to return correct BOOL value: not all developers
will return True or False #defines: stick with BOOL test (non-zero).
- removed if (ret == False) replaced with if (!ret)
- bug where instead of if (sizeof(pstring)-len-len-6 < 0) it had a
boolean test if (pstring-len-len-6).
- removed "." after debugging of filenames: the "." - a fullstop -
looked like it was part of the filename, making things difficult
to sort out.
still to be resolved: the global_myname isn't set up, such that the
machine account password file is named "TEST3..mac".
(This used to be commit 315e26c23abf7137684bf084c825ad241076132e)
|
|
WARNING - so far this has only been tested against a Samba PDC
(still waiting for IS to add me the machine accounts :-).
Still missing is the code in smbpasswd that will add a machine
account password and change it on the domain controller, but
this is not hard, and I will check it in soon.
Jeremy.
(This used to be commit 17b94a7084621b3f0106dd4d3386f05cdfc56d19)
|
|
(This used to be commit d13678b079faf0da91b4ef582481fb987d377c8a)
|
|
Jeremy.
(This used to be commit 5f258abf526243f753c3a64cde2e1f67e4d60b6b)
|
|
(This used to be commit 37cbc356741055d0660b80594117fa312d252b85)
|
|
Jeremy.
(This used to be commit 45393a19adb31820725fbdfaaf7ab64793fc9bc5)
|