summaryrefslogtreecommitdiff
path: root/source3/include/smb.h
AgeCommit message (Collapse)AuthorFilesLines
2004-03-01Ok here it is my latest work on privilegesSimo Sorce1-0/+3
This patch add privilege support for samba Currently it is implemented only for tdbsam backend but estending it to other sam backends is straightforward. I must make a big thank to JFM for his teachings on the matter and the functions at the base of this work. At thye moment only samr_create_user honours SeAddUsersPrivilege and SeMachineAccountPrivilege to permit any user to add machines and/or users to the server. The command "net priv" has been provided to manipulate the privileges database. There are still many things to do (like support in "net rpc vampire") but the working core is here. Feel free to comment/extend on this work. Of course I will deny that any bug may affect this code :-) Simo. This patch adds also my patch about add share command enhancements. (This used to be commit 7a78c3605e203bd8e0d7ae244605f076a5d0b0bc)
2004-02-25Figured out a new flags bit with gentest and ethereal....Jeremy Allison1-0/+1
Jeremy. (This used to be commit 755b66303d04b73a855fa8db5fe3ae920a901bf3)
2004-02-24Added NTrename SMB (0xA5) - how did we miss this.... ?Jeremy Allison1-0/+1
Jeremy. (This used to be commit d236372876918be2a886a89383cf843b82d4c8db)
2004-02-13Fixup the 'multiple-vuids' bugs.Jeremy Allison1-10/+19
Jeremy. (This used to be commit a7d4a6d1167f7657113148cdf68ea3c491b51b14)
2004-02-08(merge from 3.0)Andrew Bartlett1-13/+0
Remove more unused portions of the 'password cache'. Andrew Bartlett (This used to be commit 33cdb2bd18daca31461bbc45251679f50fd3567f)
2004-01-14bug 770; correct fix this time; Make sure that we send the SMBjobid for ↵Gerald Carter1-1/+2
unix jobs back to the client. Allows windows client to remove print jobs submitted from lpr (This used to be commit 6a7f9ebccd6a40455cb5446551f3d68ea9a7a824)
2003-11-22(merge from 3.0)Andrew Bartlett1-1/+1
Changes all over the shop, but all towards: - NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... Andrew Bartlett (This used to be commit 57a895aaabacc0c9147344d097d333793b77c947)
2003-10-24Add initshutdown pipe commands to rpcclient. Second part of fix to bugJim McDonough1-2/+4
#534 (This used to be commit 99f4fa54497ba1c0fc0ba39d51b3ce201a8e6cd2)
2003-10-17Add epmapper pipeJim McDonough1-1/+3
(This used to be commit 041c17bd665ea5fa771b111d7008036fb3e7b72f)
2003-09-09sync 3.0 into HEAD for the last timeGerald Carter1-4/+8
(This used to be commit c17a7dc9a190156a069da3e861c18fd3f81224ad)
2003-08-02port latest changes from SAMBA_3_0 treeSimo Sorce1-6/+20
(This used to be commit 3101c236b8241dc0183995ffceed551876427de4)
2003-07-16trying to get HEAD building again. If you want the codeGerald Carter1-11/+24
prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE (This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
2003-05-27Sync up sid types enum.Tim Potter1-1/+2
(This used to be commit 2ff89e1ee830ee2496861396ff69a232b0605b2f)
2003-05-06Add metze's exit and idle event patchJelmer Vernooij1-3/+0
(This used to be commit e599eba851db40816c684da2b7b1be4b978166e0)
2003-05-06sort out some include dependenciesSimo Sorce1-8/+2
split out privileges from rpc_lsa.h (This used to be commit 37d7cc8162d02a664095dbe0fc8d7250d1ed51c9)
2003-05-06add mapping.h hereSimo Sorce1-0/+1
(This used to be commit fb03fafed14a2816808e98fd95850db3e655d5d9)
2003-05-04move some things aroundSimo Sorce1-107/+1
(This used to be commit a4fc9c3b2dfbdbb3f75bf38415741ff66dbe1367)
2003-04-29This is a nice rewrite:Simo Sorce1-8/+0
SAM_ACCOUNT does not have anymore uid and gid fields all the code that used them has been fixed to use the proper idmap calls fix to idmap_tdb for first time idmap.tdb initialization. auth_serversupplied_info structure has now an uid and gid field few other fixes to make the system behave correctly with idmap tested only with tdbsam, but smbpasswd and nisplus should be ok have not tested ldap ! (This used to be commit 6a6f6032467e55aa9b76390e035623976477ba42)
2003-04-28Use NTSTATUS as return value for smb_register_*() functions and init_module()Jelmer Vernooij1-1/+1
function. Patch by metze with some minor modifications. (This used to be commit f4576757d1d52a8f1b96894c869bb76450003fd1)
2003-04-11smbcquota patch from metzeGerald Carter1-27/+44
(This used to be commit 74fab8f0d24004b1dfd5ce0fd7402895652f941f)
2003-04-11A new RPC pipe! The \pipe\echo named pipe is for testing large RPCTim Potter1-1/+3
requests and responses and is only compiled in when --enable-developer is passed to configure. It includes server and client side code for generating and responding to functions on this pipe. The functions are: - AddOne: add one to the uint32 argument and return ig - EchoData: echo back a variable sized char array to the caller - SourceData: request a variable sized char array - SinkData: send a variable sized char array and throw it away There's a win32 implementation of the client and server in the junkcode CVS repository in the rpcecho-win32 subdirectory. (This used to be commit 4ccd34ef836eba05f81dc2da73fd7cfaac201798)
2003-04-09This is the netlogon schannel client code. Try aVolker Lendecke1-0/+2
rpcclient -S pdc -U% -c "samlogon user password" and it should work with the schannel. Needs testing platforms different from NT4SP6. Volker (This used to be commit ecd0ee4d248e750168597ccf79c389513bb0f740)
2003-04-06SMB signing updates - this gets NTLMSSP signing workin to the point where IAndrew Bartlett1-3/+4
just need to get the verifiction code working - we get back a signiture from the server, and just can't verify it yet. This also brings the short-packet checks into common code, and breaks the connection if the server sends a signed reply, on an established connection, that fails the test. This breaks our read/write code at the moment, as we need to keep a list of outstanding packets. (signing is not enabled by default, unless the server demands it) Not for 3.0 till I fix the outstanding packet list. Andrew Barlett (This used to be commit 808d1fcf20153970d587cb631a08607beb09703a)
2003-03-22Add -U, -N, -i, -A, -W to popt.Jelmer Vernooij1-8/+1
(This used to be commit 5a88d78f67fd7853d6f7d5042807afa56091d52c)
2003-03-20Cleanup bogus initialisation in SID_NAME_USE enum.Tim Potter1-8/+8
Added new sid type = 9 for "computer" from MSDN. (This used to be commit 45929d126932e5cac5a23fe76d28a4fa05b54b77)
2003-03-12adding some initiaial code to sert %a to Win2K3 (using Native LanMan string ↵Gerald Carter1-1/+1
from .NET RC2) (This used to be commit 4c823e61d14a33344deb887043b60b2e3c83416f)
2003-02-27additional fix for CR 601Gerald Carter1-1/+1
* distinguish WinXP from Win2k * add a 1/3 of a second delay in OpenPrinter in order to trigger a LAN/WAN optimization in 2k clients. (This used to be commit 96570699d1b715f47c35aa211da6ec18f6fc4109)
2003-02-27Fix to allow blocking lock notification to be done rapidly (no waitJeremy Allison1-1/+1
for smb -> smb lock release). Adds new PENDING_LOCK type to lockdb (does not interfere with existing locks). Jeremy. (This used to be commit 22fc0d48ff2052b4274c65f85050c58b235bf4e4)
2003-02-20Make init_module() and thus smb_load_module() return an int.Jelmer Vernooij1-1/+1
modules/developer.c: init_module() should return an int (This used to be commit 7f59703550378ff2333e3c851bf1a77037510abd)
2003-02-10Some cleanups:Andrew Bartlett1-0/+2
- Don't use pstrcpy into an allocated string - use safe_strcpy() directly instead. - Keep a copy of the 'server_info' attached to the vuid. In future use this for things like the session key, homedir and full name instead of current copies. - Try to avoid memory leak/segfault on Realloc failure - clear up #endif comments Andrew Bartlett (This used to be commit 162477bb086827950b6cb71afa9bef62c2753c2e)
2003-02-01Bitmap offsets and counts are always positive.Andrew Bartlett1-1/+1
(This used to be commit 8f495e8634a1777c4b03d3ec07c76f905ff2fb98)
2003-01-30Fix for interesting resource constraint condition. When all opens areJeremy Allison1-1/+3
level 2 and a request for open with no oplock is received then the smbd should send *synchronous* break messages, not asynchronous, otherwise it spins very rapidly, releasing the lock, sending the 'break to none' messages and then re-acquiring the lock before any other process has a chance to get the lock and remove it's own oplock (at least on linux). Jeremy. (This used to be commit d1e8991a76a57b7d96dd7db3c1d9bbf5b28da88e)
2003-01-03Fix problem with "hide unreadable". stat file opens are baaack :-).Jeremy Allison1-0/+1
Jeremy. (This used to be commit 6e0cfec16594ade6e6c499f521781348fee25040)
2003-01-02BIG patch...Andrew Bartlett1-17/+17
This patch makes Samba compile cleanly with -Wwrite-strings. - That is, all string literals are marked as 'const'. These strings are always read only, this just marks them as such for passing to other functions. What is most supprising is that I didn't need to change more than a few lines of code (all in 'net', which got a small cleanup of net.h and extern variables). The rest is just adding a lot of 'const'. As far as I can tell, I have not added any new warnings - apart from making all of tdbutil.c's function const (so they warn for adding that const string to struct). Andrew Bartlett (This used to be commit 92a777d0eaa4fb3a1c7835816f93c6bdd456816d)
2002-12-12merge of get_dc_name()-like code from APP_HEAD; better support password ↵Gerald Carter1-0/+8
server = DC1 * (This used to be commit 6b18ca9511ddcf1718f222af3f61491d1e5f3b60)
2002-12-05The element in fsp->print_job should be a RAP jobid, not a uint32 RPCJeremy Allison1-1/+1
jobid. This was causing Win9x client "set name" calls to fail. Still need one cleanup fix to finish. Jeremy. (This used to be commit 15f0bad1fc72ff44cd195d34fd530c25a739f42d)
2002-12-04Fix for 64 bit issues with oplocks and allocation size.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 4a9c995e50b24e6ee6ec58c46da32100a8197724)
2002-11-07Add smbtrans subcommands so we can stop hardcoding themJim McDonough1-0/+5
(This used to be commit 759bcd881dd259d5ad43715f6979c5282b094d52)
2002-11-05Missed extern declaration.Jeremy Allison1-0/+1
Jeremy. (This used to be commit e39e2b4c3488fbd9e9a08dd5629a672d1459e64e)
2002-11-02Add more options to popt_common and use them. Current ones are:Jelmer Vernooij1-0/+3
-V Version information -n Set netbios name -l Set directory to store log files in -d Set debuglevel -s Load specified configuration file -O Set socket options (This used to be commit 1602d5894947b59fd36c161053a66c0afe2c959c)
2002-11-02Add popt_common_socket_optionsJelmer Vernooij1-0/+1
(This used to be commit a15434314fd8cd88eab40e7cbc8f06a7d0d0169e)
2002-10-30- Remove RTLD_GLOBALJelmer Vernooij1-1/+1
- make smb_load_module() return the return value of init_module() (This used to be commit a8d2dd8d009797486105188f8fdb898a65bb25b0)
2002-10-30Add init_module_function typedef for new module systemJelmer Vernooij1-0/+3
(This used to be commit 4d1206be5275a8af7dfb612f1747fba484a7d017)
2002-10-14Tidyup of file specific access mask bits.Tim Potter1-14/+19
Added directory specific access mask bits. (This used to be commit edbd942a8d0edcb5e7cc3086c3d98c6ff1d6cd80)
2002-10-12Nice *big* patch from metze.Andrew Bartlett1-18/+53
The actual design change is relitivly small however: It all goes back to jerry's 'BOOL store', added to many of the elements in a SAM_ACCOUNT. This ensured that smb.conf defaults did not get 'fixed' into ldap. This was a great win for admins, and this patch follows in the same way. This patch extends the concept - we don't store values back into LDAP unless they have been changed. So if we read a value, but don't update it, or we read a value, find it's not there and use a default, we will not update ldap with that value. This reduced clutter in our LDAP DB, and makes it easier to change defaults later on. Metze's particular problem was that when we 'write back' an unchanged value, we would clear any muliple values in that feild. Now he can still have his mulitivalued 'uid' feild, without Samba changing it for *every* other operation. This also applies to many other attributes, and helps to eliminate a nasty race condition. (Time between get and set) This patch is big, and needs more testing, but metze has tested usrmgr, and I've fixed some pdbedit bugs, and tested domain joins, so it isn't compleatly flawed ;-). The same system will be introduced into the SAM code shortly, but this fixes bugs that people were coming across in production uses of Samba 3.0/HEAD, hence it's inclusion here. Andrew Bartlett (This used to be commit 7f237bde212eb188df84a5d8adb598a93fba8155)
2002-10-07forgot some bits from previous rpc_secdesc.h rework patchSimo Sorce1-2/+0
(This used to be commit 738b9237eda8fdb8adb534ab1a84070923f352f1)
2002-10-06try to put every security descriptors related definitions in the same file.Simo Sorce1-9/+2
also try to uniform names to a clean scheme. first part. (This used to be commit a123e05877caf90c28980be2d84b1d0b46e4fd21)
2002-10-05Add more common options to popt_common - and start usingJelmer Vernooij1-0/+1
the ones for debuglevel and configuration file in pdbedit (This used to be commit cb0d03a393d9009c3e16b9d05d88c171de9a9414)
2002-10-04merge of working dsrolegetprimdominfo() client code from APP_HEADGerald Carter1-1/+1
(This used to be commit f70caa25e4ee198151b915cf2bc0a26b2d0e243d)
2002-10-04merge of new client side support the Win2k LSARPC UUID in rpcbindGerald Carter1-0/+11
from APP_HEAD (This used to be commit 38c9e4299845fd77cc8629945ce2d259489f7437)