| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Essentially, multiple session_setup_and_X's may be done
to an smbd. As there is only one global variable containing
the requested connection name (sessionsetup_user), then any
subsequent sessionsetups overwrite this name (causing %U
and %G to get the wrong name). This is particularly common
when an NT client does a null session setup to get a
browse list after the user has connected, but before
a share has been mounted.
These changes store the requested_name in the vuid structure
(so this only really works for user level and above security)
and copies this name back into the global variable before
the standard_sub call.
Jeremy.
(This used to be commit b5187ad6a3b3af9fbbeee8bced0ab16b41e9825b)
|
|
password.c: Stopped cli_nt_logout call (we don't have it correct yet).
Added Luke object-orientation fix :-).
smb.h: Added clnt_name_slash to cli_state.
lib/rpc/client/cli_login.c: Changed global_myname to clnt_name_slash where needed.
lib/rpc/client/cli_netlogon.c: Fixed debug messages, don't check creds on error.
lib/rpc/client/cli_pipe.c: Fixed debug messages, Added Luke object-orientation fix.
lib/rpc/parse/parse_misc.c: Fixed STRING2 linearization bug that was adding 1.
Jeremy.
(This used to be commit c6c22df20196cb7f0ae84b1a1dd202a87adb8d4e)
|
|
WARNING - so far this has only been tested against a Samba PDC
(still waiting for IS to add me the machine accounts :-).
Still missing is the code in smbpasswd that will add a machine
account password and change it on the domain controller, but
this is not hard, and I will check it in soon.
Jeremy.
(This used to be commit 17b94a7084621b3f0106dd4d3386f05cdfc56d19)
|
|
It is changing the global variables "myname" and "myworkgroup"
to "global_myname" and "global_myworkgroup" respectively.
This is to make it very explicit when we are messing
with a global (don't ask - it makes the domain client
code much clearer :-).
Jeremy.
(This used to be commit 866406bfe399cf757c8275093dacd5ce4843afa0)
|
|
clientgen.c: Added nt_error as an entry in the struct client_state.
password.c: Open the netlogon pipe.
smb.h: Added nt_error as an entry in the struct client_state.
lib/rpc/parse/parse_net.c: Added comments on net logon.
lib/rpc/server/srv_netlog.c: Added comments on net logon.
Jeremy.
(This used to be commit 899a9f0dce50c73e03c8da2ebe920957491c8ad7)
|
|
loadparm.c: Started add of 'security=domain' code.
password.c: Fix for security=server NT bugs.
reply.c: Started add of 'security=domain' code.
server.c: Started add of 'security=domain' code.
smb.h: Started add of 'security=domain' code.
Jeremy.
(This used to be commit e6bda112ebe0d41f54c4249b5c2e1f24011347e1)
|
|
nmbd.c: Fix for always overwriting log despite append setting.
smb.h: Addition of last time password changed entry to account info.
smbpass.c: Changes to support last time changed field in smbpasswd file.
smbpasswd.c: Changes to support last time changed field in smbpasswd file.
util.c: Fix for always overwriting log despite append setting.
Jeremy.
(This used to be commit eb4fe9ecdf539209efab07dc992447ea7370cf93)
|
|
with gcc. (Not a big change although it looks like it :-).
Jeremy.
(This used to be commit cd2613c57261456485fe4eeecfda209ada70de8e)
|
|
stn@techfak.uni-kiel.de (Stefan Nehlsen) to get homes from
the NIS+ map.
smbpasswd.c: Tidy up of cli_state structure.
Jeremy.
(This used to be commit fc2295e0f5729585fdb3ee47edb290851d4071c5)
|
|
In doing so I realized that much code was being
duplicated between Hangul, Big5 and Simplified
Chinese - so I re-arranged kanji.[ch] to go
through generic functions for all multibyte
characters that can be identified by a single
code range (not Kanji - but all the others).
Jeremy.
(This used to be commit b6c965c396eb3d4f0e6dfd863e70b28390c59f66)
|
|
+ improvement to smbtar to allow exclusion/inclusion of system and
hidden files, and to generate a listing of what has been archived
in a format useful for automated backup systems.
+ add the "Softq" spooling system to samba's printing capabilities.
+ I have "fixed" the intrusion of US style dates into samba reporting
as well. The format yyyy/mm/dd is not only uunambiguous, but also
has the benefit of making lexicographic sorts work correctly.
Jeremy.
(This used to be commit f9dacd1d8b89fccad859c0c6bc7a492823eb4b06)
|
|
(This used to be commit 4e424d0ba652bf9c5dfd3c44216b6145538cf821)
|
|
maximumof 15 characters. IF this needs to be limited to 8 characters again please do
it in smb.h.
(This used to be commit 3dfe0b135dd91864a81a5fadddc9151ac8812c6e)
|
|
typedef enum
{
P_LOCAL,P_GLOBAL,P_SEPARATOR,P_NONE,
} parm_class;
I removed the trailing comma. Chris -)-----
(This used to be commit ac7cd9cacf2493b52d4db50d4fd4b8b08adfe837)
|
|
testparm.
In particular I added:
- ability to optionally save default values of all parameters when
calling lp_load(). This can then be used to save only non-default
parameters in lp_dump(). This makes the saved smb.conf (and viewed
parameters in testparm) much shorter
- ability to not load ipc share in lp_load()
- separators in parm_table[] so parameters can be grouped logically.
- flag to mark parameters that are local but which should be also
viewed as global as far as parameters editing is concerned
(This used to be commit f9af35da26e58fb0b644b5f0169f1c212230047a)
|
|
all I saw" - the book of Jeremy, chapter 1 :-).
So here is the mega-merge of the NTDOM branch server code.
It doesn't include the new client side pieces, we'll look
at that later.
This should give the same functionality, server wise, as
the NTDOM branch does, only merged into the main branch.
Any fixes to domain controler functionality should be
added to the main branch, not the NTDOM branch.
This code compiles without warnings on gcc2.8, but will
need further testing before we are sure all the working
functionality of the NTDOM server branch has been
correctly carried over.
I hereby declare the server side of the NTDOM branch
dead (and all who sail in her :-).
Jeremy.
(This used to be commit 118ba4d77a33248e762a2cf843fb7cbc906ee6e7)
|
|
These are some hacks on SWAT. Maybe users will actually be able to
work out how to use it now.
Unfortunately these changes required some editing in loadparm.c and
smb.h which will make Jeremys merge job harder. Sorry!
(This used to be commit 674c88a6bf4c8009769a482c53f105efdc54bbc8)
|
|
Kanji support is one case of multibyte character
support, rather than being a specific case in
single byte character support.
This allows us to add Big5 Chinese support (code page 950)
and Korean Hangul support (code page 949) at very little
cost. Also allows us to easily add future multibyte
code pages.
Makefile: Added codepages 949, 950 as we now support more multibyte
codepages.
asyncdns.c: Fixed problem with child being re-spawned when parent killed.
charcnv.c
charset.c
client.c
clitar.c
kanji.c
kanji.h
smb.h
util.c
loadparm.c: Generic multibyte codepage support (adding Big5 Chinese
and Korean Hangul).
nmbd.c: Fixed problem with child being re-spawned when parent killed.
mangle.c: Modified str_checksum so that first 15 characters have more
effect on outcome. This helps with short name mangling as
most 'long' names are still shorter than 15 chars (bug was
foobar_mng and foobar_sum would hash to the same value, with
the modified code they hash differently.
Jeremy.
(This used to be commit 299016338cfb47f0c585875ef9b468121fcee97d)
|
|
loadparm.c: Added "win95 bug compatibility" parameter.
local.h: Replaced MAX_OPEN_FILES back to 100 from 10 (oops).
reply.c: Fixed ulogoff check against uid - changed to vuid.
server.c: Changed file struct save of uid - changed to vuid.
smb.h: Changed id in struct current_user to vuid.
Changed file struct uid to vuid.
time.c: Added "win95 bug compatibility" atime -> mtime return.
trans2.c: Added "win95 bug compatibility" fixes.
uid.c: Changed id in struct current_user to vuid - added checks
to set/reset it.
util.c: Added code to expand environment variables.
version.h : still at 1.9.18 (head branch doesn't matter too much at present).
Jeremy.
(This used to be commit adc903bcf59ad1664babd7f1d43675d3a75bfbc9)
|
|
asyncdns.c: Fixes that went into 1.9.18p2 - allow unclocking of sigterm.
chgpasswd.c: char -> unsigned char fixes.
includes.h: AIX fix to get prototype for inet_ntoa.
local.h: Tune size of shared memory based on MAX_OPEN_FILES.
nmbd_mynames.c: Fix for nmbd repeated refresh bug.
nmbd_responserecordsdb.c: Fix for nmbd repeated refresh bug.
nmbd_winsserver.c: Fix for multi-homed registration optimisation.
smb.h: Moved default shared memory size to local.h
Jeremy.
(This used to be commit fa5466805685d461564054d7d9947948fc56ae93)
|
|
This is merely updating the Copyright statements from 1997 to 1998.
It's a once a year thing :-).
NO OTHER CHANGES WERE MADE.
Jeremy.
(This used to be commit b9c16977231efb274e08856f7f3f4408dad6d96c)
|
|
(This used to be commit 7b031586ca33a381eb0e27f3557f43c2550df5f8)
|
|
smbmount: This is a stripped down smbclient that communicates with
the Linux 2.1.x kernel to supply authenticated smb connections for
smbfs mount points.
smbmnt/smbumount: setuid commands that do the actual smb mount system
call after having done the appropriate security checks
(This used to be commit ccbbc4e647ad900b215dae949d5bcd45671c68c8)
|
|
(This used to be commit f7066355b00a169423b4f64f58567e19b52abc1b)
|
|
(This used to be commit d55df52487ca6786f1635276b2787857a772219a)
|
|
can't sent a oplock break twice on the same file.
changed some debug levels in the oplock code to level 0 so we can
track down a bug
zero the returned Files[] entry in find_free_file()
don't try to overcome client bugs in the handling of non-encrypted
passwords if in server level security mode
added paranoid null termination of password buffers
slight change to my ajt_panic() routine
(This used to be commit e360c79c9cec681c4609783019749773d3e79386)
|
|
(This used to be commit 84215c9b91f3c5130b172a3bbc83c7ddd66c5cb8)
|
|
make_printerdef.c: Fixed warning.
quotas.c: Fixed irix root errors.
server.c: Fixed oplock reference count bug.
smb.h: Added IS_VETO_OPLOCK_PATH().
Jeremy.
(This used to be commit c28487df63e29bc0f8d2ece876a07a2a076d4c73)
|
|
remove problems.
Jeremy
(This used to be commit 4a36ac236c2ad634f05efcd0179875d09988614a)
|
|
separated out smb server-mode password validation into a separate file.
added called and calling netbios names to client gen state: referenced
section in rfc1002.txt.
created workstation trust account checking code in ntclient.c
there might be a bug in reply_session_setup_andX. i indented and added { }
around single-line if statements: the lm password checking code now doesn't
look right (around the GUEST_SESSSETUP bits). *no code semantics have been
changed by the indentation process*.
(This used to be commit f27966957fa7f16d337a4a58719239d036deab4c)
|
|
added a #define around the alignment thing: it's a way to stop
NetMonitor from decoding your packets!!!!
proto.h :
usual.
reply.c :
added what i believe to be the correct error messages for getting
correct domain joining.
smb.h :
some guesses at good names of the SAMR_XXXX functions. sorting
out the SAMR_LOOKUP_RIDS function. this is *not* the same as
the LSA_LOOKUP_RIDS function, unless paul accidentally put it
on the ntlsa pipe by mistake, instead of the samr pipe :-)
rpc_pipes/lsa_hnd.c rpc_pipes/pipe_hnd.c :
moved creation and allocation of unique policy handles into this module.
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c rpc_pipes/smbparse.c :
SAMR_LOOKUP_RIDS is beginning to look _suspiciously_ like the
LSA_LOOKUP_RIDS function. but i know that there are subtle
discrepancies.
(This used to be commit 6bc07b0b4193e28b13a675fece8d9d6b365a7eb0)
|
|
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
(This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
|
|
LSA_OPENSECRET and three other unknown #defines are commented as not
being the real defines for these!!!
rpc_pipes/pipenetlog.c :
USE_ARCFOUR for Server Password Set. and then ignore the password (agh!)
this will *fail* to do logins, by the way. i need to add a routine
to update the smb password (next job).
(This used to be commit b9d26344cc9b64ef3578931d099d52eab080fdd3)
|
|
This should fix the byte order problems (maybe!)
(This used to be commit 21878e7d8628d05786c3c76f2943e31df1096577)
|
|
(This used to be commit 6d77311d6cecabafb86c02e26b30724425ef6208)
|
|
which are pipes on the IPC$ connection.
created mechanism to record pipe names in a separate pipes_struct. it
is planned to expand this, to return sensible things like interface
structures, and policy handles (RPC_IFACE and LSA_POL_HND). and the like.
(This used to be commit 33cce5fac0e2f818a19a6c4e6a797ef44f3b5c75)
|
|
response to Bind Acknowledgment needs a lookup table for the PIPE string
(secondary address in RPC_HDR_BA structure).
smbparse.c util.c :
interesting problem, i think caused by us typecasting a uint16* buffer
to char*. found on a SPARC.
(This used to be commit 420408ee83902faa6cf871f26e93ad5efb483727)
|
|
(This used to be commit 50d7e4d6f6b5d770742ee83523d6146cf51f8259)
|
|
and made it private to the 2 shmem implementations. Added new
shmops->hash_size() function.
Added code to handle the IPC system limits by looping decreasing the
size of the resources (semaphores and shared memory) that we request
until we get under the system limits, which can be quite low on some
systems!
Added checks that the creator of the IPC objects is root. Otherwise we
would be open to a security hole where someone pre-creates the shared
memory segment and attaches.
(This used to be commit 6b6f624b63137d4750200e8cb4961b1402513632)
|
|
added mode for printing debug array data as chars not uint8/16/32s.
only really useful for (uint8) strings or (uint16) unicode strings
lsaparse.c smbparse.c smb.h :
rpc bind and rpc bind ack structures and parsing and creation functions.
ipc.c pipes.c pipenetlog.c pipentlsa.c pipesrvsvc.c :
using rpc bind / bind ack parsing routines instead of incorrect use of
api_LsarpcTNP1 function.
ntclient.c :
creation of do_rpc_bind() function.
THAT'S IT, FOLKS!
(This used to be commit 21c89e2f17c51939fd6b53dddbe3072419eb0db2)
|
|
added bind and bind ack structures and parsing functions. restructured
rpc header stuff.
ntclient.c pipenetlog.c pipentlsa.c pipesrvsvc.c :
having to deal with restructuring above.
(This used to be commit 9f2c4f1fee7e411adba8f529b7666a7325584457)
|
|
(This used to be commit 9f0be847fdbcf0f8bbd69de6cdf277ae0440bcda)
|
|
It will try sysv IPC first, then if that fails it will try mmap(),
then after that it will try share files.
I have defined USE_SYSV_IPC for Linux, Solaris and HPUX at the
moment. Probably a lot more could have it defined. In fact, the vast
majority of systems support it. Need autoconf again :-)
It should actually be faster than the mmap() version, and doesn't need
any lock files. This means the problem of the share mem file being on
a NFS drive will be gone.
(This used to be commit cc8fe0f0629eea9acc39e30d8d76d5890a5b6978)
|
|
updated Query Info Policy to report domain name and domain sid for info levels
3 and 5.
fixed bug in dom_sid_to_string (idauths decoded wrong). fixed bug in DOM_SID:
subauths are 32 bit not 16.
(This used to be commit 2f3cca23e2465ca6a3a31fda005af1fd74f6af92)
|
|
(This used to be commit 16cc27852bf54999db4b0a3665b0743d9fe0e74a)
|
|
1) the oplock macros in smb.h used | where they should have used
&. This means that smbd thought that all clients were always
requesting oplocks. This would have _really_ confused smbclient
and smbfs when they started receiving async oplock break requests when
they don't even know what an oplock is!
2) an oplock break request from a client can be embedded in a normal
lockingX request, and will be if the client has batched any lock
requests internally. The smbd code assumed that all oplock break
requests had num_locks==num_ulocks==0 which is not true. The only
thing special about a oplock break request with
num_locks==num_ulocks==0 is that no reply is sent. Otherwise it is
processed as a normal locking request in addition to the oplock break
processing.
These two fixes get the MS mail system in Win98 working on a Samba
1.9.18 network drive.
Andrew
(This used to be commit ed71534df56d0296280dbde1859597fb42002088)
|
|
Logon query. i think i even got the client-side checking of the response
credentials right!
(This used to be commit f14c111835e18e361468cc6a1666a02654afe743)
|
|
YEAH!
need to add:
- client-side credential calculation
- client-side parsing of the SAM logon response.
(This used to be commit 349677de3f06bb0892862de0e11172adeffda18a)
|
|
adding bits for new nt domain code
byteorder.h :
trying to get macros right, and not to crash on SUNOS5...
client.c :
added #ifdef NTDOMAIN, and created do_nt_login() function. don't
want to have to recompile client.c unless absolutely necessary.
credentials.c :
moved deal_with_creds() [possibly inappropriately] into credentials.c
ipc.c reply.c server.c uid.c :
attempting to make (un)become_root() functions calleable from smbclient.
this is a little tricky: smbclient might have to be another setuid
root program, immediately setuid'ing to non-root, so that we can
reset-uid to root to get at the smbpasswd file. or, have a secure
pipe mechanism to smbd to grab smbpasswd entries. or the like.
smbdes.c smbencrypt.c :
created a function to generate lm and nt owf hashes.
lsaparse.c ntclient.c smbparse.c :
added nt client LSA_AUTH2 code. it works, too!
pipenetlog.c pipentlsa.c pipesrvsvc.c :
simplification. code-shuffling. getting that damn offset right
for the opcode in RPC_HDR.
smb.h :
changed dcinfo xxx_creds to DOM_CRED structures instead of DOM_CHAL.
we might need to store the server times as well.
proto.h :
the usual.
(This used to be commit 82436a3d99d4bdce249ce9ff27fd2ca4b2447e07)
|
|
adding start of undocumented options to do NT domain logons, client-side.
starting with LSA_REQCHAL.
the code here happily crashes smbd: i'll investigate this further... :-)
smbparse.c pipeutil.c lsaparse.c :
moved some of the common make_xxxx() functions out of pipeutil.c
so that the make_xxxx and (smb/lsa)_io_xxxx functions now sit
together. makes sense, really...
added a make_q_req_chal() function.
restructured make_rpc_reply() and called it make_rpc_hdr(). created
functions create_rpc_reply() and create_rpc_response().
pipenetlog.c pipentlsa.c pipesrvsvc.c
calling new create_rpc_reply() function instead of old make_rpc_reply().
proto.h :
usual.
smb.h:
added enum for RPC_PACKET_TYPE
(This used to be commit b88ee3e16c6b671069f53ca2e9c5694ec8b1c030)
|
