Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 9212c93beefa83be349b250fe98b65e07d842038)
|
|
which are pipes on the IPC$ connection.
created mechanism to record pipe names in a separate pipes_struct. it
is planned to expand this, to return sensible things like interface
structures, and policy handles (RPC_IFACE and LSA_POL_HND). and the like.
(This used to be commit 33cce5fac0e2f818a19a6c4e6a797ef44f3b5c75)
|
|
(This used to be commit 48548526e8bef3cdc6f5d202bb6c7849e7862e48)
|
|
have another go at reporting stuff the right way round (on SPARCs)
srvparse.c :
copyright messages
(This used to be commit 4b54d22d59d3f6719e7ce8bbbf3e40da31cd270e)
|
|
(This used to be commit 4088683ee046783678d4f748ddb03b5907d00506)
|
|
response to Bind Acknowledgment needs a lookup table for the PIPE string
(secondary address in RPC_HDR_BA structure).
smbparse.c util.c :
interesting problem, i think caused by us typecasting a uint16* buffer
to char*. found on a SPARC.
(This used to be commit 420408ee83902faa6cf871f26e93ad5efb483727)
|
|
(This used to be commit dceace804ea3efa8de6ab31fb44acdc10d46ed73)
|
|
(This used to be commit 50d7e4d6f6b5d770742ee83523d6146cf51f8259)
|
|
and made it private to the 2 shmem implementations. Added new
shmops->hash_size() function.
Added code to handle the IPC system limits by looping decreasing the
size of the resources (semaphores and shared memory) that we request
until we get under the system limits, which can be quite low on some
systems!
Added checks that the creator of the IPC objects is root. Otherwise we
would be open to a security hole where someone pre-creates the shared
memory segment and attaches.
(This used to be commit 6b6f624b63137d4750200e8cb4961b1402513632)
|
|
(This used to be commit 6b0e51929495582bc48a4d5fba24aa7c1f7caaf6)
|
|
added mode for printing debug array data as chars not uint8/16/32s.
only really useful for (uint8) strings or (uint16) unicode strings
lsaparse.c smbparse.c smb.h :
rpc bind and rpc bind ack structures and parsing and creation functions.
ipc.c pipes.c pipenetlog.c pipentlsa.c pipesrvsvc.c :
using rpc bind / bind ack parsing routines instead of incorrect use of
api_LsarpcTNP1 function.
ntclient.c :
creation of do_rpc_bind() function.
THAT'S IT, FOLKS!
(This used to be commit 21c89e2f17c51939fd6b53dddbe3072419eb0db2)
|
|
New program, make_printerdef, plus two new parameters :
[global] "printer driver file"
[local] "printer driver location"
Jeremy.
(This used to be commit 9a5b42e6b3e7a35d56f81e9428fc747246e2fc5c)
|
|
added bind and bind ack structures and parsing functions. restructured
rpc header stuff.
ntclient.c pipenetlog.c pipentlsa.c pipesrvsvc.c :
having to deal with restructuring above.
(This used to be commit 9f2c4f1fee7e411adba8f529b7666a7325584457)
|
|
(This used to be commit 3480524e15aba50dd459ac5979eabb8974898e35)
|
|
(This used to be commit 4db076e08bec525ee908a391b22fdc12cc66bc27)
|
|
(This used to be commit 9f0be847fdbcf0f8bbd69de6cdf277ae0440bcda)
|
|
(This used to be commit 6388da22eb95c8bfd3f17f5645bdaa16cfca0c6b)
|
|
Needs some testing though.
(This used to be commit 8f2366e57d29458f2bb63d9a0033de5c730a1b94)
|
|
It will try sysv IPC first, then if that fails it will try mmap(),
then after that it will try share files.
I have defined USE_SYSV_IPC for Linux, Solaris and HPUX at the
moment. Probably a lot more could have it defined. In fact, the vast
majority of systems support it. Need autoconf again :-)
It should actually be faster than the mmap() version, and doesn't need
any lock files. This means the problem of the share mem file being on
a NFS drive will be gone.
(This used to be commit cc8fe0f0629eea9acc39e30d8d76d5890a5b6978)
|
|
updated Query Info Policy to report domain name and domain sid for info levels
3 and 5.
fixed bug in dom_sid_to_string (idauths decoded wrong). fixed bug in DOM_SID:
subauths are 32 bit not 16.
(This used to be commit 2f3cca23e2465ca6a3a31fda005af1fd74f6af92)
|
|
(This used to be commit 28ef0df30efd4011e6a782dc02474b6d4082d6de)
|
|
fixed a problem with byte ordering (doing an SIVAL of the setup parameters
which was _also_ being done in the creation of the SMB header. oops).
(This used to be commit 541fb82895008cc30477019cdcafed9fdbbeac43)
|
|
(This used to be commit 16cc27852bf54999db4b0a3665b0743d9fe0e74a)
|
|
0644. smbstatus now gets only read permission on the share files and
does no locking.
also get rid of some unnecessary umask(0) calls. smbd always runs with
umask(0)
(This used to be commit c6ac10170dbba57dfebc54c50d79cb29d13bb442)
|
|
(This used to be commit 0f15558efb26b7215540a588dfe8733e9346d407)
|
|
1) the oplock macros in smb.h used | where they should have used
&. This means that smbd thought that all clients were always
requesting oplocks. This would have _really_ confused smbclient
and smbfs when they started receiving async oplock break requests when
they don't even know what an oplock is!
2) an oplock break request from a client can be embedded in a normal
lockingX request, and will be if the client has batched any lock
requests internally. The smbd code assumed that all oplock break
requests had num_locks==num_ulocks==0 which is not true. The only
thing special about a oplock break request with
num_locks==num_ulocks==0 is that no reply is sent. Otherwise it is
processed as a normal locking request in addition to the oplock break
processing.
These two fixes get the MS mail system in Win98 working on a Samba
1.9.18 network drive.
Andrew
(This used to be commit ed71534df56d0296280dbde1859597fb42002088)
|
|
Q/R LSA_REQ_CHAL; Q/R LSA_AUTH2; Q/R LSA_SAMLOGON; Q/R LSA_SAMLOGOFF.
the last (non-essential right now) bit is the LSA_SRV_PWSET.
the next stage is to do LSA_OPENPOLICY; add the pipe binds (missing right
now); then we can test against an NT Server.
(This used to be commit 0a549e62fbf11a3ff1f1de663176e30006553e08)
|
|
code, which means we don't have to link with a fake getpass routine
and we don't have a whole pile of global variables that really have
nothing to do with nmbd and were there to keep the client code happy.
The code should function identically to what it did before (hopefully
it was correct)
The only thing that now uses the horrible clientutil.c code is
smbclient.
(This used to be commit 4bf5c03b18f88b566f3ac12cc4b3a9c5c96fd35d)
|
|
(This used to be commit 1b17455066098104b9b0907a58195328c6467d71)
|
|
Logon query. i think i even got the client-side checking of the response
credentials right!
(This used to be commit f14c111835e18e361468cc6a1666a02654afe743)
|
|
YEAH!
need to add:
- client-side credential calculation
- client-side parsing of the SAM logon response.
(This used to be commit 349677de3f06bb0892862de0e11172adeffda18a)
|
|
(This used to be commit 9eee8c2007bf4f7756f6d645a61055101d280316)
|
|
adding bits for new nt domain code
byteorder.h :
trying to get macros right, and not to crash on SUNOS5...
client.c :
added #ifdef NTDOMAIN, and created do_nt_login() function. don't
want to have to recompile client.c unless absolutely necessary.
credentials.c :
moved deal_with_creds() [possibly inappropriately] into credentials.c
ipc.c reply.c server.c uid.c :
attempting to make (un)become_root() functions calleable from smbclient.
this is a little tricky: smbclient might have to be another setuid
root program, immediately setuid'ing to non-root, so that we can
reset-uid to root to get at the smbpasswd file. or, have a secure
pipe mechanism to smbd to grab smbpasswd entries. or the like.
smbdes.c smbencrypt.c :
created a function to generate lm and nt owf hashes.
lsaparse.c ntclient.c smbparse.c :
added nt client LSA_AUTH2 code. it works, too!
pipenetlog.c pipentlsa.c pipesrvsvc.c :
simplification. code-shuffling. getting that damn offset right
for the opcode in RPC_HDR.
smb.h :
changed dcinfo xxx_creds to DOM_CRED structures instead of DOM_CHAL.
we might need to store the server times as well.
proto.h :
the usual.
(This used to be commit 82436a3d99d4bdce249ce9ff27fd2ca4b2447e07)
|
|
(This used to be commit bf5b060bd9d210efe95b3529dfba98c5c49716e0)
|
|
(This used to be commit e24465890a2fd87fce4f88b97f7ad84a4cc34d7b)
|
|
added a structure that wraps nt errors as strings and enums, so we
can do a smb_nt_error() function.
Makefile ntclient.c :
added ntclient.c, broken out nt domain stuff into a separate file.
getting fed up of compile-times and size of client.c.
fixed the do_lsa_req_chal() function. made it read the response,
and return the challenge credentials received from the server.
next stop: do_lsa_auth_2().
client.c :
removed nt domain logon functions into a separate file.
pipenetlog.c pipentlsa.c pipesrvsvc.c smbparse.c :
i'd broken the offsets of the RPC_HDR while trying to sort out the
nt client code. fixed it again. added some robustness stuff.
util.c :
the unistrn2() function was null-terminating the string at one
character too many.
(This used to be commit 39cec7f698c4461aee05cfbb213879fbd486117d)
|
|
Main change is removal of find_name_search() confusion.
This has been replaced with find_name_on_subnet() which
makes it explicit what is being searched.
Also changed wins_subnet to be wins_client_subnet in
preparation for splitting the wins subnet into client
and server pieces.
This is a big nmbd change and I'd appreciate any
bug reports.
Specific changes follow :
asyncdns.c:
Removed wins entry from add_netbios_entry(). This is now
explicit in the subnet_record parameter.
interface.c:
iface_bcast(), iface_nmask(), iface_ip() return the
default interface if none can be found. Made this
behavior explicit - some code in nmbd incorrectly
depended upon this (reply_name_status() for instance).
nameannounce.c:
find_name_search changes to find_name_on_subnet.
namebrowse.c:
wins_subnet renamed to wins_client_subnet.
namedbname.c:
find_name_search removed. find_name_on_subnet added.
add_netbios_entry - wins parameter removed.
namedbsubnet.c:
find_req_subnet removed - not explicit enough.
nameelect.c:
wins_subnet renamed to wins_client_subnet.
namepacket.c:
listening() simplified.
nameresp.c:
wins_subnet renamed to wins_client_subnet.
nameserv.c:
find_name_search moved to find_name_on_subnet.
nameserv.h:
FIND_XXX -> changed to FIND_SELF_NAME, FIND_ANY_NAME.
nameservreply.c:
find_name_search moved to find_name_on_subnet.
Debug entries changed.
nameservresp.c:
wins_subnet renamed to wins_client_subnet.
namework.c:
wins_subnet renamed to wins_client_subnet.
nmbd.c:
wins parameter removed from add_netbios_entry.
nmbsync:
wins_subnet renamed to wins_client_subnet.
proto.h: The usual.
server.c:
remove accepted fd from fd_set.
Jeremy (jallison@whistle.com)
(This used to be commit 2c97b33fc0b5ef181dbf51a50cb61074935165bf)
|
|
trying to set up the data parameters etc and not understanding what's going on.
in api_netlogTNP, added smb_io_rpc_hdr() call to decode the header received
(and in this instance, generated by do_lsa_req_chal()). and then noticed
that it's two bytes out. but i don't know how to do "byte parameters"
and it's not the same format as the LSA_REQCHAL received from nt workstations.
agh!
(This used to be commit 0cc8ce43e1d54b44237bb525f4cf6b77e7ca3ced)
|
|
and then send a LSA_REQ_CHAL down it.
(This used to be commit 473f21071fad603865358821b83df6b58c9a06a5)
|
|
adding start of undocumented options to do NT domain logons, client-side.
starting with LSA_REQCHAL.
the code here happily crashes smbd: i'll investigate this further... :-)
smbparse.c pipeutil.c lsaparse.c :
moved some of the common make_xxxx() functions out of pipeutil.c
so that the make_xxxx and (smb/lsa)_io_xxxx functions now sit
together. makes sense, really...
added a make_q_req_chal() function.
restructured make_rpc_reply() and called it make_rpc_hdr(). created
functions create_rpc_reply() and create_rpc_response().
pipenetlog.c pipentlsa.c pipesrvsvc.c
calling new create_rpc_reply() function instead of old make_rpc_reply().
proto.h :
usual.
smb.h:
added enum for RPC_PACKET_TYPE
(This used to be commit b88ee3e16c6b671069f53ca2e9c5694ec8b1c030)
|
|
redid the split that i did a year ago, taking the functions in client.c
out into clientutil.c. guess what? we could now do encrypted password
NetServerEnum2 calls in nmbd, if we wanted to.
i can now use cli_call_api() to send to different pipes. i hope.
pipenetlog.c:
allow adding to users group _and_ to admin group. if adding to
guest group, don't allow adding to users or admin as well.
smb.h :
added some pipe #defines (\PIPE\NETLOGON \PIPE\srvsvc ...)
proto.h :
usual.
(This used to be commit 6ee065ce6e099acfc7e83ad399ef6e60b4c625c1)
|
|
added "domain other sids" parameter
pipenetlog.c :
using "domain other sids" parameter in SAM Logon response.
using new name_to_rid() function for r_uid and r_gid.
pipentlsa.c :
minor mods to do with new name_to_rid() function.
pipesrvsvc.c :
in the "net share enum" response, allocate some more space for the buffer.
there can be only 32 share entries in the response anyway. this needs
to be dealt with.
pipeutil.c :
modified name_to_rid() function to use new parameters "domain admin users"
and "domain guest users", but will otherwise do unix uid + 1000.
moved make_dom_gids() here.
proto.h:
the usual.
smb.h smbparse.c :
renamed sid_no to sid_rev_num in DOM_SID, and gid to r_gid in DOM_GID.
util.c :
moved make_dom_gids() from here.
created char *unistrn2(uint16* uni_buffer, int max_len)
(This used to be commit ec60e48d7982240b7755d246b2f1e8989467f66f)
|
|
shared memory implementation)
(This used to be commit 8d1993c71a5d5d32636f62ba9b9a9009ec74d730)
|
|
I realised this afternoon just how easy it is to add this, so I
thought I'd implement it while the idea was fresh.
nmbd forks at startup and uses a pipe to talk to its child. The child
does the DNS lookups and the file descriptor of the child is added to
the main select loop.
While I was doing this I discovered a bug in nmbd that explains why
the dns proxy option has been so expensive. The DNS cache entries in
the WINS list were never being checked, which means we always did a
DNS lookup even if we have done it before and it is in cache. I'm sure
this used to work (I tested the DNS cache when I added it) so someone
broke it :-(
Anyway, the async DNS gets rid of the problem completely. I'll commit
just the fix to the DNS cache bug to the 1.9.17 tree.
You can disable async DNS by adding -DSYNC_DNS to the compile flags.
(This used to be commit 178e27de0791c1ff3268cb456ed5c5efc9ac2a01)
|
|
server.c: int16 -> uint16 fix for port comparisons in oplock code.
Needed for Solaris.
version.h: Updated to alpha3.
Jeremy (jallison@whistle.com)
(This used to be commit 2d9645e99ba30a5cce4372ff80d1bd26c516ac34)
|
|
smb.conf.5: Added 'bind interfaces only' parameter.
version.h: Updated to 1.9.18alpha2.
Jeremy (jallison@whistle.com)
(This used to be commit 7221e19d5ef4a242ce29d3148957c3e481456934)
|
|
includes.h: SCO changes.
server.c: Added code in open_sockets to allow 'bind interfaces only' to
work as documented.
Jeremy (jallison@whistle.com)
(This used to be commit 46ac5928d9069af1dc60e9724f38e228dd578937)
|
|
added "domain admin users" parameter
added "domain guest users" parameter
these two complement the "domain groups" parameter. the "domain groups"
parameter should be for your own groups, and well-known aliases.
util.c :
added ability to do "domain groups = power_users admin_users backup_ops"
which are well-known RID aliases, not well-known RID groups.
pipenetlog.c :
combine the "domain admin users"; "domain guest users" and "domain groups"
parameters to give an array of RID groups to include in the SAM Logon
response.
ipc.c smb.h :
moved REALLOC() into smb.h
added RID #defines.
proto.h:
usual.
(This used to be commit f2554f231d1f59f30224adcc02b2b3ca4c24e0dd)
|
|
(This used to be commit 2b976cb7ecf50c118bd15923f6500bb8d2e058b7)
|
|
interface
The new code uses a source netbios name equal to the Samba servers
name, not the client name. It also uses NetWkstaUserLogon to do a full
network logon. This means it will honour the servers logon
restrictions (such as login times etc).
(This used to be commit 11de90f972f6d83974425e80014f54e15d495413)
|