summaryrefslogtreecommitdiff
path: root/source3/include/smb.h
AgeCommit message (Collapse)AuthorFilesLines
2002-06-15Rework much of the service.c code:Andrew Bartlett1-0/+3
The aim of this execise is to give the 'security>=user' code a straight paper path. Security=share will sill call authorise_login(), but otherwise we avoid that mess. This allow *much* more accurate error code reporting, beocuse we don't start pretending that we can use the (nonexistant) password etc. Also in this patch is code to create the 'homes' share at session setup time (as we have done in the past - been broken recently) and to record this on the user's vuser struct for later reference. The changes here should also allow for much better use of %H (some more changes to come here). The service.c changes move a lot of code around, but are not as drastric as they look... (Also included is a fix to srv_srvsvc_nt.c where 'total_entries' not '*total_entries' was compared). This code is needs testing, but passes my basic tests. I expect we have lost some functionality, but the stuff I had expected to loose was already broken before I started. In particular, we don't 'fall back' to guest if the user cannot access a share (for security=user). If you want this kind of stuff then you really want security=share anyway. Andrew Bartlett (This used to be commit 4c0cbcaed95231f8cf11edb43f6adbec9a0d0b5c)
2002-06-14Fix spelling typo.Jeremy Allison1-11/+11
Jeremy. (This used to be commit 0e7e8d44627ad9645a90e96001f8550b68b67a62)
2002-06-14More of SMB signing for client - not yet finished (should be harmless).Jeremy Allison1-1/+2
Jeremy. (This used to be commit c1b20db4bb4bb1ba485466f50b9795470027327c)
2002-06-13Latest patch from metze <metze@metzemix.de> to move most of samba acrossAndrew Bartlett1-2/+2
to using SIDs instead of RIDs. The new funciton sid_peek_check_rid() takes an 'expected domain sid' argument. The idea here is to prevent mistakes where the SID is implict, but isn't the same one that we have in the struct. Andrew Bartlett (This used to be commit 04f9a8ff4c7982f6597c0f6748f85d66d4784901)
2002-06-07Add flags2 for security signituresAndrew Bartlett1-0/+1
(This used to be commit 39c3f245f5e5d5e7532f9097683e6af3190dc872)
2002-05-31Removed some unused variables - tidy up some formating, add struct toJeremy Allison1-1/+7
client state to implement smb signing - this is a test at present. Jeremy. (This used to be commit a234e303558a25c4ea26b7f6788006e4fee651bf)
2002-05-18Include the extra #define for the last set of smbpasswd mods.Andrew Bartlett1-0/+1
(This used to be commit bf82ac14c826a765b33d368e4cb62c7fb3cd3c4f)
2002-05-18A few things in this commit:Andrew Bartlett1-2/+7
cleanup some of the code in net_rpc_join re const warnings and fstrings. Passdb: Make the %u and %U substituions in passdb work. This is done by declaring these paramters to be 'const' and doing the substitution manually. I'm told this is us going full circle, but I can't really see a better way. Finally these things actually seem to work properly... Make the lanman code use the pdb's recorded values for homedir etc rather than the values from lp_*() Add code to set the plaintext password in the passdb, where it can decide how to store/set it. For use with a future 'ldap password change' option, or somthing like that... Add pdb_unix, so as to remove the 'not in passdb' special cases from the local_lookup_*() code. Quite small, as it uses the new 'struct passwd -> SAM_ACCOUNT' code that is now in just one place. (also used by pdb_smbpasswd) Other: Fix up the adding of [homes] at session setup time to actually pass the right string, that is the unix homedir, not the UNC path. Fix up [homes] so that for winbind users is picks the correct name. (bad interactions with the default domain code previously) Change the rpc_server/srv_lsa_nt.c code to match NT when for the SATUS_NONE_MAPPED reply: This was only being triggered on no queries, now it is on the 'no mappings' (ie all mappings failed). Checked against Win2k. Policy Question: Should SID -> unix_user.234/unix_group.364 be considered a mapping or not? Currently it isn't. Andrew Bartlett (This used to be commit c28668068b5a3b3cf3c4317e5fb32ec9957f3e34)
2002-05-17This removes --with-ssl from Samba.Andrew Bartlett1-5/+0
This option was badly maintained, useless and confused our users and distirbutors. (its SSL, therfore it must be good...) No windows client uses this protocol without help from an SSL tunnel. I can't see any reason why setting up a unix-side SSL wrapper would be any more difficult than the > 10 config options this mess added to samba in any case. On the Samba client end, I think the LIBSMB_PROG hack should be sufficient to start stunnel on the unix side. We might extend this to take %i and %p (IP and port) if there is demand. Andrew Bartlett (This used to be commit b04561d3fd3ee732877790fb4193b20ad72a75f8)
2002-04-15Added hex values as comments for the standard access rights.Tim Potter1-5/+5
(This used to be commit 00511ae2b4bc0ef3bfda89cc0ae3e1fba092b6d6)
2002-04-13This is the 'multiple pdb backends' patch from ctrlsoft, aka Jelmer VernooijAndrew Bartlett1-0/+2
<jelmer@nl.linux.org>. This patch also includes major rework of pdbedit to use popt, and the addition of -i paramter (allowing the user to specify which PDBs is being operated on) and -e to export a pdb - useful for backup and testing etc. Use of -i and -e gets us pdb2pdb functionality for transition between backends, much like the sam2sam in TNG. Andrew Bartlett (This used to be commit c10def37f506d3f2bab442418ac08fdb62659b02)
2002-03-23Fix the mp3 rename bug - also tidy up our open code and remove the specialJeremy Allison1-6/+3
cases for rename and unlink. Had to add desired_access into the share mode record. Jeremy. (This used to be commit 3b1b8ac43535fb0839c5474fa55bf7150f6cde31)
2002-03-20BUFFER_SIZE Should be 128k if large read write tests are to work.Jeremy Allison1-0/+5
Jeremy. (This used to be commit 2be9b253ad40e125169725ea79e6723cb40c5e6a)
2002-03-20Remove the "stat open" code - make it inline. This should fix theJeremy Allison1-1/+0
bugs with opening and renaming mp3 files, also the word rename problems that people have had for a while. Needs a make clean :-) make. Also added JohnR's printing fix. Jeremy. (This used to be commit 504e5ef0494c54efbd0357e334cb2aa5a9eb9c14)
2002-03-19Merge in JohnR's page count fixes.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 2e3133fbe5531b9bbc9bf46a04b27fa58e555f5a)
2002-03-19Sync up vfs changes from 2.2.x.Jeremy Allison1-0/+1
Jeremy. (This used to be commit ad1e858d8e72adf924ff435eab8da3e60842e2e6)
2002-03-15syncing up printing code with SAMBA_2_2 (already done some mergesGerald Carter1-2/+2
in the reverse). * add in new printer change notify code from SAMBA_2_2 * add in se_map_standard() from 2.2 in _spoolss_open_printer_ex() * sync up the _print_queue_struct in smb.h (why did someone change the user/file names in fs_user/fs_file (or vice-versa) ? ) * sync up some cli_spoolss_XXX functions (This used to be commit 5760315c1de4033fdc22684c940f18010010924f)
2002-03-12Added POSIX ACL layer into the vfs.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 7d59445b6962547a8938928a9371651a09e26516)
2002-03-10yipee! Finally put in the patch from Alexey KotovichAndrew Tridgell1-6/+0
<a.kotovich@sam-solutions.net> that adds the security decsriptor code for ADS workstation accounts thanks for your patience Cat, and thanks to Andrew Bartlett for extensive reviews and suggestions about this code. (This used to be commit 6891393b5db868246fe52ff62b3dc6aa5ca6f726)
2002-03-07Change xcopy test to use defined constants rather than magic hexJeremy Allison1-6/+6
values so we can see what's going on. Jeremy. (This used to be commit 5ba4ba36339269b2059da7c103e63ecd948f7938)
2002-03-02This patch merges my private LDAP tree into HEAD.Andrew Bartlett1-2/+8
The main change here is to move ldap into the new pluggable passdb subsystem and to take the LDAP location as a 'location' paramter on the 'passdb backend' line in the smb.conf. This is an LDAP URL, parsed by OpenLDAP where supported, and by hand where it isn't. It also adds the ldap user suffix and ldap machine suffix smb.conf options, so that machines added to the LDAP dir don't get mixed in with people. Non-unix account support is also added. This means that machines don't need to be in /etc/passwd or in nss_ldap's scope. This code has stood up well under my production environment, so it relitivly well tested. I'm commiting this now becouse others have shown interest in using it, and there is no point 'hording' the code :-). Andrew Bartlett (This used to be commit cd5234d7dd7309d88944b83d807c1f1c2ca0460a)
2002-03-02Remove util_list.h, as its matching .c file has already gone, and nobody isAndrew Bartlett1-2/+0
using it anymore. This also removes an early #include of smb.h, making it slightly easier to track whats being included where. Andrew Bartlett (This used to be commit 9d25e3023272a55a39f80305f0f336c655833d55)
2002-02-27Added "nt status support" parameter. Fix offline synchronisation.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 9243a9778e52999d5c62cba484640637b24994d8)
2002-02-16Added some splint annotations from andreas.Tim Potter1-0/+7
(This used to be commit 60e84540fd8c27975066f7c7984d30bc88f6da5f)
2002-02-16Removed some random crap that isn't used anymore.Tim Potter1-47/+0
(This used to be commit 3fb3bc0a1546dadb24231065b422349bd199e1bf)
2002-01-30Removed version number from file header.Tim Potter1-1/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-25minor fixesSimo Sorce1-4/+3
(This used to be commit 04f492980b73800b60dde764fdeb43f2eab79624)
2002-01-20Kill off another ugly wart from the side of the passdb subsystem.Andrew Bartlett1-0/+2
This time its the pdb_getsampwuid() function - which was only being used by the SAMR rpc subsystem to gain a 'user session key'. This 'user session key' is actually generated at login time, and the other changes here simply move that data around. This also means that (when I check some details) we will be able to use the user session key, even when we are not actually the DC, becouse its one of the components of the info3 struct returned on logon. Andrew Bartlett (This used to be commit 799ac01fe08a338e4e94289f5d6767ebf905c1fa)
2002-01-17A nice *big* change to the fundemental way we do things.Andrew Bartlett1-0/+2
Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps them around for a long time - often past the next call... This adds a getpwnam_alloc and a getpwuid_alloc to the collection. These function as expected, returning a malloced structure that can be free()ed with passwd_free(&passwd). This patch also cuts down on the number of calls to getpwnam - mostly by taking advantage of the fact that the passdb interface is already case-insensiteve. With this patch most of the recursive cases have been removed (that I know of) and the problems are reduced further by not using the sys_ interface in the new code. This means that pointers to the cache won't be affected. (This is a tempoary HACK, I intend to kill the password cache entirly). The only change I'm a little worried about is the change to rpc_server/srv_samr_nt.c for private groups. In this case we are getting groups from the new group mapping DB. Do we still need to check for private groups? I've toned down the check to a case sensitve match with the new code, but we might be able to kill it entirly. I've also added a make_modifyable_passwd() function, that copies a passwd struct into the form that the old sys_getpw* code provided. As far as I can tell this is only actually used in the pass_check.c crazies, where I moved the final 'special case' for shadow passwords (out of _Get_Pwnam()). The matching case for getpwent() is dealt with already, in lib/util_getent.c Also included in here is a small change to register the [homes] share at vuid creation rather than just in one varient of the session setup. (This picks up the SPNEGO cases). The home directory is now stored on the vuid, and I am hoping this might provide a saner way to do %H substitions. TODO: Kill off remaining Get_Pwnam_Modify calls (they are not needed), change the remaining sys_getpwnam() callers to use getpwnam_alloc() and move Get_Pwnam to return an allocated struct. Andrew Bartlett (This used to be commit 1d86c7f94230bc53daebd4d2cd829da6292e05da)
2002-01-16Fixup error mapping so we have only one table containing errno -> dos error ↵Jeremy Allison1-0/+7
-> NT STATUS maps. Fixes problem with disk full returning incorrect error. Jeremy. (This used to be commit 16fcbf3c1ccf1d704765653f68395dd596c0d841)
2002-01-15Split pstring definitions into their own header.Martin Pool1-53/+1
(This used to be commit 04e3082f7d45c1b304adff5a46106136cff0e09e)
2002-01-15Change the passdb interface to use allocated strings.Andrew Bartlett1-13/+17
These strings are allocated using talloc(), either using its own memory context stored on the SAM_ACCOUNT or one supplied by the caller. The pdb_init_sam() and pdb_free_sam() function have been modifed so that a call to pdb_free_sam() will either clean up (remove hashes from memory) and destroy the TALLOC_CTX or just clean up depending on who supplied it. The pdb_init_sam and pdb_free_sam functions now also return an NTSTATUS, and I have modified the 3 places that actually checked these returns. The only nasty thing about this patch is the small measure needed to maintin interface compatability - strings set to NULL are actually set to "". This is becouse there are too many places in Samba that do strlen() on these strings without checking if they are NULL pointers. A supp patch will follow to set all strings to "" in pdb_default_sam(). Andrew Bartlett (This used to be commit 144345b41d39a6f68d01f62b7aee64ca0d328085)
2002-01-14PSTRING_SANCTIFY:Martin Pool1-3/+50
If you define this, pstring and fstring become distinguished types, so that it's harder to accidentally overflow them by for example passing an fstring on the lhs of pstrcpy. The types are defined as one-element union arrays so that with "fstring f" the name "f" will be a pointer and with a big hammer you can cast it to (char *). So code that tries to just use it directly will get a loud warning, but hopefully nothing worse. To pass them to non-pstring-aware functions, use PSTR and check that the function takes a const. They should almost never be modified except by special calls. In those unusual cases, use PSTR_MUTABLE. This is off by default so as not to produce too many warnings. As the code is vetted it can become the default. (This used to be commit ca233bc8b30d7d0626039b2769c4e1ae92dafd50)
2002-01-10First part of UNIX extensions (#ifdefed out) more to follow.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 02b18f2cca6d6d046d2d8fd7375b207d44031ddc)
2002-01-05Add a talloc varient of the data_blob functions.Andrew Bartlett1-1/+2
Also change the structure so it has its own (optional) 'free' pointer - so we don't free() a talloc'ed version. also split out the data_blob_clear() functionaility. Andrew Bartlett (This used to be commit 207ee8aac42cf4b35f07e496b15fdeabe50950bc)
2002-01-02ooops./ forgot oneGerald Carter1-1/+1
(This used to be commit 501f3f3a8fb5ea27155f8c2fe266f1f659d7d22d)
2002-01-02Actually enforce the passdb API.Andrew Bartlett1-48/+55
Thou shalt not reference SAM_ACCOUNT members directly - always use pdb_get/pdb_set. This is achived by making the whole of SAM_ACCOUNT have a .private member, where the real members live. This caught a pile of examples, and these have beeen fixed. The pdb_get..() functions are 'const' (have been for some time) and this required a few small changes to constify other functions. I've also added some debugs to the pdb get and set, they can be removed if requested. I've rewritten the copy_id2x_to_sam_pass() functions to use the new passdb interface, but I need the flags info to do it properly. The pdb_free_sam() funciton now blanks out the LM and NT hashes, and as such I have removed many extra 'samr_clear_sam_passwd(smbpass)' calls as a result. Finally, any and all testing is always appriciated - but the basics seem to work. Andrew Bartlett (This used to be commit d3dd28f6c443187b8d820d5a39c7c5b3be2fa95c)
2001-12-31some merges from 2.2. Still need to merge in changes from pdb_tdb.cGerald Carter1-0/+1
but it will take more time as I don't want to loose any fixes that are only in HEAD. (This used to be commit efcde5d9d8ce44c0613764504d797be54ba21473)
2001-12-27moving SAM_ACCOUNT to include a bit field for initializedGerald Carter1-2/+21
members (such as uid and gid). This way we will be able to keep ourselves from writing out default smb.conf settings when the admin doesn't want to, That part is not done yet. Tested compiles with ldap/tdb/smbpasswd. Tested connection with smbpasswd backend. oh...and smbpasswd doesn'y automatically expire accounts after 21 days from the last password change either now. Just ifdef'd out that code in build_sam_account(). Will merge updates into 2.2 as they are necessary. jerry (This used to be commit f0d43791157d8f04a13a07d029f203ad4384d317)
2001-12-20much better auto-init of valid_table[]. This should just about removeAndrew Tridgell1-0/+1
the need for valid.dat (This used to be commit 0cfd0a5e543181b1384f7afee93fbaf3ccb2b999)
2001-12-20Added some comments showing hex values of some constants.Tim Potter1-11/+11
(This used to be commit b3aff6b5a35da3660ede060b42439324a2309644)
2001-12-14Rafal (mimir) patch for trusts r.Jean-François Micouleau1-0/+1
(This used to be commit c26623671e2b0b2e80c6d6383a99880c4f439f04)
2001-12-13update the ldap support code. it compiles.Jean-François Micouleau1-0/+7
Ignacio you can update your howto ;-) samsync: a small patch to try chaning challenges. J.F. (This used to be commit c99bc305599698f2291efbfe20024355cb2bcde0)
2001-12-05OK. Smbpasswd -j is DEAD.Andrew Bartlett1-0/+6
This moves the rest of the functionality into the 'net rpc join' code. Futhermore, this moves that entire area over to the libsmb codebase, rather than the crufty old rpc_client stuff. I have also fixed up the smbpasswd -a -m bug in the process. We also have a new 'net rpc changetrustpw' that can be called from a cron-job to regularly change the trust account password, for sites that run winbind but not smbd. With a little more work, we can kill rpc_client from smbd entirly! (It is mostly the domain auth stuff - which I can rework - and the spoolss stuff that sombody else will need to look over). Andrew Bartlett (This used to be commit 575897e879fc175ba702adf245384033342c903d)
2001-12-03added a tdb to store the account policy informations.Jean-François Micouleau1-0/+14
You can change them with either usermanager->policies->account or from a command prompt on NT/W2K: net accounts /domain we can add a rpc accounts to the net command. As the net_rpc.c is still empty, I did not start. How should I add command to it ? Should I take the rpcclient/cmd_xxx functions and call them from there ? alse changed the SAM_UNK_INFO_3 parser, it's an NTTIME. This one is more for jeremy ;-) J.F. (This used to be commit bc28a8eebd9245ce3004ae4b1a359db51f77bf21)
2001-11-30Comment deconfusification.Tim Potter1-1/+1
(This used to be commit b5fac3a56d917b13fedc0ace3ea56ae82f51ccdd)
2001-11-25added 'security=ADS'Andrew Tridgell1-1/+1
(This used to be commit 5a735a88e472a48cd4329832998dc31c1e230ecb)
2001-11-23Reference about SIDs from tpot.Martin Pool1-7/+13
(This used to be commit 53963eae7d5930246c6c0c0b947f425d50d382c3)
2001-11-08Added more define bits. Fixed error in vol attributes.Jeremy Allison1-3/+6
Jeremy. (This used to be commit eba8204bfadb176fafb686a35295a09f0f35b894)
2001-11-04a big one:Simo Sorce1-0/+10
- old mangle code has gone, the new one based on tdb seem resonably ok probably the valid.dat table need to be updated to treat wild chars as invalid ones (work ok without it) - a LOT of new string manipulation function for unicode, they are somewhat tested but a review would not be bad - some new function I will need for the new unix_convert function I'm writing, this will be renamed filename_convert and use only unicode strings. - charconv, I attached a comment, if someone wnat to look if I'm right or just was hacking to late in the night to make a sane one :) of course any bug is my responsibility an will be pleased to see patches if you find any. :-) Simo. (This used to be commit ee19f7efb6ea9216fc91cf112ac1afa691983e9d)