summaryrefslogtreecommitdiff
path: root/source3/include/smb.h
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r5203: additional changes for BUG 2291 to restrict who can join a BDC and ↵Gerald Carter1-1/+1
add domain trusts (This used to be commit 5ec1faa2ad33772fb48c3863e67d2ce4be726bb2)
2007-10-10r5152: Restructure the directory handling code, stop using void * pointersJeremy Allison1-1/+3
that just allow the wrong pointer to be assigned :-) and make the interface more consistent. Fix the FreeBSD directory problem. Last thing to do is to add the "singleton" directory concept from James Peach's code. Jeremy. (This used to be commit cfa8150fd9932470cb8f3b5e14c0156dda67125d)
2007-10-10r5056: * correct STANDARD_RIGHTS_WRITE_ACCESS bitmask defineGerald Carter1-1/+1
* make sure to apply the rights_mask and not just the saved bits from the mask in access_check_samr_object() * allow root to grant/revoke privileges (in addition to Domain Admins) as suggested by Volker. Tested machine joins from XP, 2K, and NT4 with and without pre-existing machine trust accounts. Also tested basic file operations using cmd.exe and explorer.exe after changing the STANDARD_RIGHTS_WRITE_ACCESS bitmask. (This used to be commit c0e7f7ff60a4110809b8f500fdc68a1bf963da36)
2007-10-10r4805: Last planned change to the privileges infrastructure:Gerald Carter1-1/+1
* rewrote the tdb layout of privilege records in account_pol.tdb (allow for 128 bits instead of 32 bit flags) * migrated to using SE_PRIV structure instead of the PRIVILEGE_SET structure. The latter is now used for parsing routines mainly. Still need to incorporate some client support into 'net' so for setting privileges. And make use of the SeAddUserPrivilege right. (This used to be commit 41dc7f7573c6d637e19a01e7ed0e716ac0f1fb15)
2007-10-10r4724: Add support for Windows privileges in Samba 3.0Gerald Carter1-0/+6
(based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2007-10-10r4651: Add "refuse machine password change" policy field. This update will justJim McDonough1-1/+1
return the appropriate reg value. Enforcement to be added soon. Also, fix account policy tdb upgrade so it doesn't just wipe out everything that was in there from a a previous version. (This used to be commit ccae934cf9de4b234bac324b8d878c8ec7862f67)
2007-10-10r4514: Fix for bugzilla 1770. Remove READ_ATTRIBUTES from GENERIC_EXECUTE, ↵Jim McDonough1-1/+1
otherwise modification of an ACL that contains an ACE with execute only will cause that to be upgraded to read/execute. Side effect is that dirs/files with execute only show up as special permissions, which is still correct. (This used to be commit 8d9dc7d543fd347e47d04157064a2f92fb5c99db)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-4/+1
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r3050: Steal from Samba4 :-). Make us pass most of the new lock tests ↵Jeremy Allison1-2/+1
(except for the cancel lock which I have to add). Jeremy. (This used to be commit cf7f89999e0c6becd4617c812400d1e71b9c0a30)
2007-10-10r2114: Shameless theft of iconv commit from Samba4 to keep the two libs more ↵Jeremy Allison1-3/+3
in sync :-). try to cope with a wider range of UTF-16 characters when we are using an external libiconv library. Jeremy. (This used to be commit 5d04cd6804f6fc3b556e7c3b53fa0d7af39797c1)
2007-10-10r1661: Changed the password history format so that each history entryJeremy Allison1-0/+5
consists of a 16 byte salt, followed by the 16 byte MD5 hash of the concatination of the salt plus the NThash of the historical password. Allows these to be exposed in LDAP without security issues. Jeremy. (This used to be commit 82e4036aaa2d283534a5bd8149857320fcf0d0dc)
2007-10-10r1154: Change default setting for case sensitivity to "auto". If set to autoJeremy Allison1-1/+2
then is the client supports it (current clients supported are Samba and CIFSVFS - detected by the negprot strings "Samba", "POSIX 2" and a bare "NT LM 0.12" string) then the setting of the per packet flag smb_flag FLAG_CASELESS_PATHNAMES is taken into account per packet. This allows the linux CIFS client to use Samba in a case sensitive manner. Additional command in smbclient "case_sensitive", toggles the flag in subsequent packets. Docs to follow. Jeremy. (This used to be commit cf84c0fe1a061acc0313f7db124b8f947cdf623d)
2007-10-10r1085: Now it's had some proper user testing, merge in the deferred open ↵Jeremy Allison1-19/+43
fix. I'm still doing more testing, but it fixes a behaviour that we've been wrong on ever since the start of Samba. Jeremy. (This used to be commit 894cc6d16296b934c112786eec896846156aee5d)
2007-10-10r570: Remove lots of globals to handle case issues - move themJeremy Allison1-0/+5
to connection struct entries (as they should have been from the start). Jerry, once you've cut over to 3.0.4 release branch I'll add this to 3.0 also. - Jerry cut over :-). Jeremy. (This used to be commit 578a508509d21226ad3332fc54c3ab54cd8ae452)
2007-10-10r248: Add support for printing out the MAC address on nmblookup.Richard Sharpe1-0/+6
(This used to be commit bf9f02be5fc1d09c8c08c78c3f2df23b2099ba4f)
2007-10-10r242: adding 'cups options' parameter to allow raw printing without changing ↵Gerald Carter1-1/+1
/etc/cups/cupsd.conf -- documentation to follow (This used to be commit 2f323b0991c37022fb59ef8c69454eff03296662)
2007-10-10r155: real for for BUG 761 -- allow printing parameter to set defaults on a ↵Gerald Carter1-1/+1
per share basis (This used to be commit 14d3794eecd848d3d75e2b8e71cf8b4d0792b0c9)
2007-10-10r76: Fix smbfs problem with Tree Disconnect issued before smbfs starts its work.Alexander Bokovoy1-0/+1
We use cli_state.smb_rw_error to pass this specific case into cli_close_connection() from smbmount as smb_rw_error can have only selected number of states and it is ignored in cli_close_connection(). Compiled and tested by Lars Mueller from SuSE on x86, x86_64, ppc, ppc64, s390 and s390x. (This used to be commit 738666ce0a310fae14476020fd6dac027b0e3ec5)
2004-04-02Added per-share parameter "store dos attributes". When set, will storeJeremy Allison1-0/+3
dos attributes in an EA. Based on an original patch from tridge, but modified somewhat to cover all cases. Jeremy. (This used to be commit ed653cd468213e0be901bc654aa3748ce5837947)
2004-03-31Added support for OS/2 EA's in smbd server. Test with smbtorture eatest.Jeremy Allison1-0/+2
New protocol option "ea support" to turn them on (off by default). Conrad at Apple may like this as it allows MacOS resource forks to be stored on a file. Passes valgrind. Documentation to follow. Jeremy. (This used to be commit 8cc10a6c0550c017a62e8a3790afd2172d173e00)
2004-03-27Merge from HEAD the SMB signing patch that I developed a couple of weeksAndrew Bartlett1-1/+2
ago. This patch re-adds support for 'optional' SMB signing. It also ensures that we are much more careful about when we enable signing, particularly with on-the-fly smb.conf reloads. The client code will now attempt to use smb signing by default, and disable it if the server doesn't correctly support it. Andrew Bartlett (This used to be commit e27b5cbe75d89ec839dafd52dd33101885a4c263)
2004-03-27Working (tested) client code for setting EA's by filename and fnum.Jeremy Allison1-0/+6
Now for parsing out the retrieved EA's. Jeremy. (This used to be commit 5eeeee302cec2cc1f6c130ed44be9df028f73cde)
2004-03-15Use "unix netbios name" type unstring - 64 bytes long to manipulate netbiosJeremy Allison1-0/+3
names in nmbd. Allows conversion from dos codepage mb strings (ie. SJIS) to expand to utf8 size on read. Jeremy. (This used to be commit 834d816caf9cd6318da00febde50d9233469dac2)
2004-03-13First part of patch from moriyama@miraclelinux.com (MORIYAMA Masayuki) toJeremy Allison1-1/+2
fix up netbios names with mb strings. Includes reformat of libsmb/nmblib.c so it's readable. Jeremy. (This used to be commit 966e49a48c352563cdd7f75fe2768f2d6612ec7e)
2004-03-03Use a common function to parse all pathnames from the wire. This allowsJeremy Allison1-0/+6
much closer emulation of Win2k3 error return codes. Jeremy. (This used to be commit c9f31fafeda6ad79e590276f36e03ecd2e93f818)
2004-02-25Figured out a new flags bit with gentest and ethereal....Jeremy Allison1-0/+1
Jeremy. (This used to be commit b4b684f1155b1abccb69cca7bca9819625dbfead)
2004-02-24Added NTrename SMB (0xA5) - how did we miss this.... ?Jeremy Allison1-0/+1
Jeremy. (This used to be commit dfd7d1c2b7b577a084a94926abfce82c91f20b7e)
2004-02-13Fixup the 'multiple-vuids' bugs.Jeremy Allison1-10/+19
Jeremy. (This used to be commit f0f7a48327ba1808088bc8c4e5d48b5cbeaeb4e3)
2004-02-08Remove more unused portions of the 'password cache'.Andrew Bartlett1-13/+0
Andrew Bartlett (This used to be commit 318e11748a86d92bfc6ebf0e58f3c8360cbf4b69)
2004-01-14bug 770; correct fix this time; Make sure that we send the SMBjobid for ↵Gerald Carter1-1/+2
unix jobs back to the client. Allows windows client to remove print jobs submitted from lpr (This used to be commit 514561118860f982c458930c34763dac9ce0554e)
2003-11-22Changes all over the shop, but all towards:Andrew Bartlett1-1/+1
- NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
2003-10-24Add initshutdown pipe commands to rpcclient. Second part of fix to bugJim McDonough1-1/+3
#534 (This used to be commit 4e86243ea1d4bbe96720caaaf02300f5e15bee5a)
2003-08-23Half-way though the big conversion of all nmbd access to wire elements beingJeremy Allison1-2/+4
converted to pull/push_ascii. This will not work right at the moment for non English codepages, but compiles - I will finish the work over the weekend. Then nmbd should be completely codepage correct. Jeremy. (This used to be commit 236d6adadf32397b28028ea82ae2ec027366f7c8)
2003-08-22struct nmb_name should have 16 byte namestrings, not 17.Jeremy Allison1-3/+3
Jeremy. (This used to be commit daf7b5fbd93c640c7660bdf173079fa1039794af)
2003-08-19Implement SMBexit properly. Found by Samba4 tester. You must do a makeJeremy Allison1-0/+1
clean proto all; after this commit. Jeremy. (This used to be commit 27af1f9feab12542dc538bfceac4593e644ba3b4)
2003-08-14Fix SMBseek and get/set position information SMBs. Works againstJeremy Allison1-0/+1
Samba4 tester. You will need a make clean; make all after this ! Jeremy. (This used to be commit 10d90171ed58bee3e5ab6476341059b585034134)
2003-07-30Add a command line option (-S on|off|required) to enable signing on clientJeremy Allison1-0/+1
connections. Overrides smb.conf parameter if set. Jeremy. (This used to be commit 879309671df6b530e0bff69559422a417da4a307)
2003-07-28Corrected description of SWAT FLAGS since they have changed as a result of theJohn Terpstra1-5/+4
cleanup of loadparm and swat.c (This used to be commit 6956eb9a0b878f6fae37e4de14573cccd2af2156)
2003-07-27Clarified what the SWAT FLAGS mean and what they do.John Terpstra1-3/+5
Note: The comments in this file regarding the FLAGS has been in need of maintenance for some time. (This used to be commit a0d2fa0f25abe22008080df2ad2e58e7ee424a2b)
2003-07-24Fix packet signing with asynchronous oplock breaks. Removed bad error messageJeremy Allison1-3/+1
due to w2k bug. I think this code is now working.... Need more testing of course but works on all the obvious cases I can think of. Jeremy. (This used to be commit a6e537f6611cc1357fffea0b69901fba7c9ad6ea)
2003-07-16Refactor signing code to remove most dependencies on 'struct cli'.Jeremy Allison1-0/+14
Ensure a server can't do a downgrade attack if client signing is mandatory. Add a lp_server_signing() function and a 'server signing' parameter that will act as the client one does. Jeremy (This used to be commit 203e4bf0bfb66fd9239e9a0656438a71280113cb)
2003-07-15Added the "required" keyword to the "client signing" parameter to force itJeremy Allison1-0/+1
on. Fail if missmatch. Small format tidyups in smbd/sesssetup.c. Preparing to add signing on server side. Jeremy. (This used to be commit c390b3e4cd68cfc233ddf14d139e25d40f050f27)
2003-06-25fix build on non-ldap platformsGerald Carter1-0/+3
(This used to be commit a59ea1d6d32337226f6099eefd19681fb28279c0)
2003-06-25large change:Gerald Carter1-0/+8
*) consolidates the dc location routines again (dns and netbios) get_dc_list() or get_sorted_dc_list() is the authoritative means of locating DC's again. (also inludes a flag to get_dc_list() to define if this should be a DNS only lookup or not) (however, if you set "name resolve order = hosts wins" you could still get DNS queries for domain name IFF ldap_domain2hostlist() fails. The answer? Fix your DNS setup) *) enabled DOMAIN<0x1c> lookups to be funneled through resolve_hosts resulting in a call to ldap_domain2hostlist() if lp_security() == SEC_ADS *) enables name cache for winbind ADS backend *) enable the negative connection cache for winbind ADS backend *) removes some old dead code *) consolidates some duplicate code *) moves the internal_name_resolve() to use an IP/port pair to deal with SRV RR dns replies. The namecache code also supports the IP:port syntax now as well. *) removes 'ads server' and moves the functionality back into 'password server' (which can support "hostname:port" syntax now but works fine with defaults depending on the value of lp_security()) (This used to be commit d7f7fcda425bef380441509734eca33da943c091)
2003-06-06- the 8.3 name in BOTH_DIRECTORY_INFO is supposed to be always unicodeAndrew Tridgell1-0/+1
(to match win2003 behaviour) - added the STR_TERMINATE_ASCII flag from samba4 so we can get the string termination right for the case where it is supposed to be non-terminated for UCS2 and terminated when ASCII (This used to be commit 791a4cc7cf84eca77116bca00aeb5f95560f6705)
2003-05-12And finally IDMAP in 3_0Simo Sorce1-122/+8
We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
2003-05-12Add NT quota support. Patch from Stefan (metze) MetzemacherAlexander Bokovoy1-0/+2
1. Allows to change quota settings for shared mount points from Win2K and WinXP from Explorer properties tab 2. Disabled by default and when requested, will be probed and enabled only on Linux where it works 3. Was tested for approx. two weeks now on Linux by two independent QA teams, have not found any bugs so far Documentation to follow (This used to be commit 4bf022ce9e45be85609426762ba2644ac2031326)
2003-05-11Fix VFS layer:Alexander Bokovoy1-12/+6
1. Finally work with cascaded modules with private data storage per module 2. Convert VFS API to macro calls to simplify cascading 3. Add quota support to VFS layer (prepare to NT quota support) Patch by Stefan (metze) Metzemacher, with review of Jelmer and me Tested in past few weeks. Documentation to new VFS API for third-party developers to follow (This used to be commit 91984ef5caa2d13c5d52e1f535bd3bbbae1ec978)
2003-05-06Patch from metze to add exit and interval events. Useful for modulesJelmer Vernooij1-3/+0
(This used to be commit 3033a63cefb5f28d4460885f7f4e4ecaed95443c)
2003-04-30Trailing , is non-standard (warning from IRIX)Andrew Bartlett1-2/+2
(This used to be commit 96134959d9f8385dfbf34445a3fe6911507cf51e)