summaryrefslogtreecommitdiff
path: root/source3/include/smb.h
AgeCommit message (Collapse)AuthorFilesLines
2004-01-14bug 770; correct fix this time; Make sure that we send the SMBjobid for ↵Gerald Carter1-1/+2
unix jobs back to the client. Allows windows client to remove print jobs submitted from lpr (This used to be commit 514561118860f982c458930c34763dac9ce0554e)
2003-11-22Changes all over the shop, but all towards:Andrew Bartlett1-1/+1
- NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
2003-10-24Add initshutdown pipe commands to rpcclient. Second part of fix to bugJim McDonough1-1/+3
#534 (This used to be commit 4e86243ea1d4bbe96720caaaf02300f5e15bee5a)
2003-08-23Half-way though the big conversion of all nmbd access to wire elements beingJeremy Allison1-2/+4
converted to pull/push_ascii. This will not work right at the moment for non English codepages, but compiles - I will finish the work over the weekend. Then nmbd should be completely codepage correct. Jeremy. (This used to be commit 236d6adadf32397b28028ea82ae2ec027366f7c8)
2003-08-22struct nmb_name should have 16 byte namestrings, not 17.Jeremy Allison1-3/+3
Jeremy. (This used to be commit daf7b5fbd93c640c7660bdf173079fa1039794af)
2003-08-19Implement SMBexit properly. Found by Samba4 tester. You must do a makeJeremy Allison1-0/+1
clean proto all; after this commit. Jeremy. (This used to be commit 27af1f9feab12542dc538bfceac4593e644ba3b4)
2003-08-14Fix SMBseek and get/set position information SMBs. Works againstJeremy Allison1-0/+1
Samba4 tester. You will need a make clean; make all after this ! Jeremy. (This used to be commit 10d90171ed58bee3e5ab6476341059b585034134)
2003-07-30Add a command line option (-S on|off|required) to enable signing on clientJeremy Allison1-0/+1
connections. Overrides smb.conf parameter if set. Jeremy. (This used to be commit 879309671df6b530e0bff69559422a417da4a307)
2003-07-28Corrected description of SWAT FLAGS since they have changed as a result of theJohn Terpstra1-5/+4
cleanup of loadparm and swat.c (This used to be commit 6956eb9a0b878f6fae37e4de14573cccd2af2156)
2003-07-27Clarified what the SWAT FLAGS mean and what they do.John Terpstra1-3/+5
Note: The comments in this file regarding the FLAGS has been in need of maintenance for some time. (This used to be commit a0d2fa0f25abe22008080df2ad2e58e7ee424a2b)
2003-07-24Fix packet signing with asynchronous oplock breaks. Removed bad error messageJeremy Allison1-3/+1
due to w2k bug. I think this code is now working.... Need more testing of course but works on all the obvious cases I can think of. Jeremy. (This used to be commit a6e537f6611cc1357fffea0b69901fba7c9ad6ea)
2003-07-16Refactor signing code to remove most dependencies on 'struct cli'.Jeremy Allison1-0/+14
Ensure a server can't do a downgrade attack if client signing is mandatory. Add a lp_server_signing() function and a 'server signing' parameter that will act as the client one does. Jeremy (This used to be commit 203e4bf0bfb66fd9239e9a0656438a71280113cb)
2003-07-15Added the "required" keyword to the "client signing" parameter to force itJeremy Allison1-0/+1
on. Fail if missmatch. Small format tidyups in smbd/sesssetup.c. Preparing to add signing on server side. Jeremy. (This used to be commit c390b3e4cd68cfc233ddf14d139e25d40f050f27)
2003-06-25fix build on non-ldap platformsGerald Carter1-0/+3
(This used to be commit a59ea1d6d32337226f6099eefd19681fb28279c0)
2003-06-25large change:Gerald Carter1-0/+8
*) consolidates the dc location routines again (dns and netbios) get_dc_list() or get_sorted_dc_list() is the authoritative means of locating DC's again. (also inludes a flag to get_dc_list() to define if this should be a DNS only lookup or not) (however, if you set "name resolve order = hosts wins" you could still get DNS queries for domain name IFF ldap_domain2hostlist() fails. The answer? Fix your DNS setup) *) enabled DOMAIN<0x1c> lookups to be funneled through resolve_hosts resulting in a call to ldap_domain2hostlist() if lp_security() == SEC_ADS *) enables name cache for winbind ADS backend *) enable the negative connection cache for winbind ADS backend *) removes some old dead code *) consolidates some duplicate code *) moves the internal_name_resolve() to use an IP/port pair to deal with SRV RR dns replies. The namecache code also supports the IP:port syntax now as well. *) removes 'ads server' and moves the functionality back into 'password server' (which can support "hostname:port" syntax now but works fine with defaults depending on the value of lp_security()) (This used to be commit d7f7fcda425bef380441509734eca33da943c091)
2003-06-06- the 8.3 name in BOTH_DIRECTORY_INFO is supposed to be always unicodeAndrew Tridgell1-0/+1
(to match win2003 behaviour) - added the STR_TERMINATE_ASCII flag from samba4 so we can get the string termination right for the case where it is supposed to be non-terminated for UCS2 and terminated when ASCII (This used to be commit 791a4cc7cf84eca77116bca00aeb5f95560f6705)
2003-05-12And finally IDMAP in 3_0Simo Sorce1-122/+8
We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
2003-05-12Add NT quota support. Patch from Stefan (metze) MetzemacherAlexander Bokovoy1-0/+2
1. Allows to change quota settings for shared mount points from Win2K and WinXP from Explorer properties tab 2. Disabled by default and when requested, will be probed and enabled only on Linux where it works 3. Was tested for approx. two weeks now on Linux by two independent QA teams, have not found any bugs so far Documentation to follow (This used to be commit 4bf022ce9e45be85609426762ba2644ac2031326)
2003-05-11Fix VFS layer:Alexander Bokovoy1-12/+6
1. Finally work with cascaded modules with private data storage per module 2. Convert VFS API to macro calls to simplify cascading 3. Add quota support to VFS layer (prepare to NT quota support) Patch by Stefan (metze) Metzemacher, with review of Jelmer and me Tested in past few weeks. Documentation to new VFS API for third-party developers to follow (This used to be commit 91984ef5caa2d13c5d52e1f535bd3bbbae1ec978)
2003-05-06Patch from metze to add exit and interval events. Useful for modulesJelmer Vernooij1-3/+0
(This used to be commit 3033a63cefb5f28d4460885f7f4e4ecaed95443c)
2003-04-30Trailing , is non-standard (warning from IRIX)Andrew Bartlett1-2/+2
(This used to be commit 96134959d9f8385dfbf34445a3fe6911507cf51e)
2003-04-28Use NTSTATUS as return value for smb_register_*() functions and init_module()Jelmer Vernooij1-1/+1
function. Patch by metze with some minor modifications. (This used to be commit bc4b51bcb2daa7271c884cb83bf8bdba6d3a9b6d)
2003-04-28Whitespace syncup.Tim Potter1-4/+4
(This used to be commit 7fd7af121ee8ba4f9540394f64fe3c78e2e96cd2)
2003-04-24Irix CC reminds us that this is non-standard.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 748ed3552b2be1d86387dc3628107375104d8f50)
2003-04-21Header updates for smb signing mergeAndrew Bartlett1-3/+4
(This used to be commit 2e4b45cd2efe46477c2849faffe0e8401132ef88)
2003-04-15merge in metze' smbcquotas patch from HEADGerald Carter1-25/+42
(This used to be commit b6a77048886151435a4a5eeb9a04be44d397c504)
2003-04-14Add some more functions for the modules (backport from HEAD):Jelmer Vernooij1-1/+1
- init_modules() - smb_probe_module() (This used to be commit b3328dab2fa069af300b4076695bf6c359501111)
2003-04-14Merge new popt_common.h include file.Tim Potter1-15/+9
(This used to be commit 1fb4b8fe4310dd15c1842935871ead0745859a54)
2003-04-14Merge of new sid type (SID_NAME_COMPUTER) and tidyup.Tim Potter1-1/+0
(This used to be commit c91cf2b38df9f51dd6cb46f0742e1c57bb36b508)
2003-04-14Merge of rpcecho pipe for testing large dcerpc requests and responses.Tim Potter1-1/+3
Only compiled in when --enable-developer argument passed to configure. (This used to be commit 017da9393bab276543d0d5c50df8c760780f2450)
2003-04-09This is the netlogon schannel client code. Try aVolker Lendecke1-0/+2
rpcclient -S pdc -U% -c "samlogon user password" and it should work with the schannel. Needs testing against platforms different from NT4SP6. Volker (This used to be commit eaef0d8aeff1aa5a067679be3f17e08d7434e1e8)
2003-03-12adding some initiaial code to sert %a to Win2K3 (using Native LanMan string ↵Gerald Carter1-1/+1
from .NET RC2) (This used to be commit e074cab810f9299d0b27881cddf8a74f10fe233e)
2003-03-07Extra const committed by mistake - revert.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 183ce97d3719080b1b01932b96206b8ee4c5f5b0)
2003-03-07Patch from Michael Steffens. In his own words :Jeremy Allison1-1/+1
------------------------------------------------------------------------- I think there are basically two problem: 1. Windows clients do not always send ACEs for SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, and SMB_ACL_OTHER. The function ensure_canon_entry_valid() is prepared for that, but tries to "guess" values from group or other permissions, respectively, otherwise falling back to minimum r-- for the owner. Even if the owner had full permissions before setting ACL. This is the problem with W2k clients. 2. Function set_nt_acl() always chowns *before* attempting to set POSIX ACLs. This is ok in a take-ownership situation, but must fail if the file is to be given away. This is the problem with XP clients, trying to transfer ownership of the original file to the temp file. The problem with NT4 clients (no ACEs are transferred to the temp file, thus are lost after moving the temp file to the original name) is a client problem. It simply doesn't attempt to. I have played around with that using posic_acls.c from 3.0 merged into 2.2. As a result I can now present two patches, one for each branch. They basically modify: 1. Interpret missing SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, or SMB_ACL_OTHER as "preserve current value" instead of attempting to build one ourself. The original code is still in, but only as fallback in case current values can't be retrieved. 2. Rearrange set_nt_acl() such that chown is only done before setting ACLs if there is either no change of owning user, or change of owning user is towards the current user. Otherwise chown is done after setting ACLs. It now seems to produce reasonable results. (Well, as far as it can. If NT4 doesn't even try to transfer ACEs, only deliberate use of named default ACEs and/or "force group" or the crystal ball can help :) ------------------------------------------------------------------------- Jeremy. (This used to be commit 1d3b8c528bebfa1971d1affe454a03453335786e)
2003-02-27additional fix for CR 601Gerald Carter1-1/+1
* distinguish WinXP from Win2k * add a 1/3 of a second delay in OpenPrinter in order to trigger a LAN/WAN optimization in 2k clients. (This used to be commit c7712fa054d21b4884a78b7ea6c0fb8b3d637c6b)
2003-02-27Fix to allow blocking lock notification to be done rapidly (no waitJeremy Allison1-1/+1
for smb -> smb lock release). Adds new PENDING_LOCK type to lockdb (does not interfere with existing locks). Jeremy. (This used to be commit 766928bbba1e597c9c2b12458dd8d37e6080593e)
2003-02-24Merge of server-side authentication changes to 3.0:Andrew Bartlett1-0/+2
- user_ok() and user_in_group() now take a list of groups, instead of looking for the user in the members of all groups. - The 'server_info' returned from the authentication is now kept around - in future we won't copy the sesion key, username etc, we will just referece them directly. - rhosts upgraded to use the SAM if possible, otherwise fake up based on getpwnam(). - auth_util code to deal with groups upgraded to deal with non-winbind domain members again. Andrew Bartlett (This used to be commit 74b5436c75114170ce7c780c19226103d0df9060)
2003-02-01Merge of signed/unsigned fixes from HEAD.Andrew Bartlett1-1/+1
(This used to be commit e9f56a157bd472914eebf64fde586104d8274717)
2003-01-30Fix for interesting resource constraint condition. When all opens areJeremy Allison1-1/+3
level 2 and a request for open with no oplock is received then the smbd should send *synchronous* break messages, not asynchronous, otherwise it spins very rapidly, releasing the lock, sending the 'break to none' messages and then re-acquiring the lock before any other process has a chance to get the lock and remove it's own oplock (at least on linux). Jeremy (This used to be commit 33e3e863eb7f35b852384e689f3272784261fc39)
2003-01-03Fix problem with "hide unreadable". stat file opens are baaack :-).Jeremy Allison1-0/+1
Jeremy. (This used to be commit 62038a0abf193d4dc4f37c31ac77216a10f6f326)
2003-01-03Merge from HEAD - make Samba compile with -Wwrite-strings without additionalAndrew Bartlett1-17/+17
warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2002-12-13merge of get_dc_name()-like code from APP_HEAD; better support password ↵Gerald Carter1-0/+8
server = DC1 * (This used to be commit f49de4c5176bf635ac080e082fda412066b466c8)
2002-12-05The element in fsp->print_job should be a RAP jobid, not a uint32 RPCJeremy Allison1-1/+1
jobid. This was causing Win9x client "set name" calls to fail. Still need one cleanup fix to finish. Jeremy. (This used to be commit 6c23d2030ab8dddff4c849903c529f0012b94027)
2002-12-04Fix for 64 bit issues with oplocks and allocation size.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 379e719e983fb71f94cd2b691f8b194c109496c3)
2002-11-29Merge a bunch of trivial changes from HEAD. The difference remainingTim Potter1-1/+1
should actual functional differences between HEAD and 3.0. - Mostly reformatting - Removal of unecessary #include "smb.h" - Merge of dyn_DRIVERFILE removal - Silly bug fix for python code (This used to be commit d3998307adc50ba50defe610cb656c73799ae3b9)
2002-11-09Sync with HEADJelmer Vernooij1-0/+7
(This used to be commit 1a25dc776ddc36de9a214e023becff1ceb10290c)
2002-11-07Define smbtrans subcommands so we can stop hardcoding themJim McDonough1-0/+5
(This used to be commit 645c2d5c30a79d4aa28f477dbf0fc44d319fd35d)
2002-11-05Missed extern.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 13995fc0499798e546b019eb44a98614df0ded97)
2002-11-02port sec_desc headers reordering from HEAD.Simo Sorce1-11/+2
Thanks to Andrew Brtlet for the diff :-) (This used to be commit cf67981e73cf52803eae589a6b86e1274bf72d2c)
2002-11-02Merge passdb from HEAD -> 3.0Andrew Bartlett1-18/+53
The work here includes: - metze' set/changed patch, which avoids making changes to ldap on unmodified attributes. - volker's group mapping in passdb patch - volker's samsync stuff - volkers SAMR changes. - mezte's connection caching patch - my recent changes (fix magic root check, ldap ssl) Andrew Bartlett (This used to be commit 2044d60bbe0043cdbb9aba931115672bde975d2f)