| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
degree of seperation betwen reading/writing the raw NamedPipe SMB packets
and the matching operations inside smbd's RPC components.
This patch is designed for no change in behaviour, and my tests hold that to be
true. This patch does however allow for the future loadable modules interface
to specify function pointers in replacement of the fixed state.
The pipes_struct has been split into two peices, with smb_np_struct taking the
information that should be generic to where the data ends up.
Some other minor changes are made: we get another small helper function in
util_sock.c and some of the original code has better failure debugs and
variable use. (As per on-list comments).
Andrew Bartlett
(This used to be commit 8ef13cabdddf58b741886782297fb64b2fb7e489)
|
|
Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps
them around for a long time - often past the next call...
This adds a getpwnam_alloc and a getpwuid_alloc to the collection.
These function as expected, returning a malloced structure that can be
free()ed with passwd_free(&passwd).
This patch also cuts down on the number of calls to getpwnam - mostly by
taking advantage of the fact that the passdb interface is already
case-insensiteve.
With this patch most of the recursive cases have been removed (that I know
of) and the problems are reduced further by not using the sys_ interface
in the new code. This means that pointers to the cache won't be affected.
(This is a tempoary HACK, I intend to kill the password cache entirly).
The only change I'm a little worried about is the change to
rpc_server/srv_samr_nt.c for private groups. In this case we are getting
groups from the new group mapping DB. Do we still need to check for private
groups? I've toned down the check to a case sensitve match with the new code,
but we might be able to kill it entirly.
I've also added a make_modifyable_passwd() function, that copies a passwd
struct into the form that the old sys_getpw* code provided. As far as I can
tell this is only actually used in the pass_check.c crazies, where I moved
the final 'special case' for shadow passwords (out of _Get_Pwnam()).
The matching case for getpwent() is dealt with already, in lib/util_getent.c
Also included in here is a small change to register the [homes] share at vuid
creation rather than just in one varient of the session setup. (This picks
up the SPNEGO cases). The home directory is now stored on the vuid, and I
am hoping this might provide a saner way to do %H substitions.
TODO: Kill off remaining Get_Pwnam_Modify calls (they are not needed), change
the remaining sys_getpwnam() callers to use getpwnam_alloc() and move
Get_Pwnam to return an allocated struct.
Andrew Bartlett
(This used to be commit 1d86c7f94230bc53daebd4d2cd829da6292e05da)
|
|
(This used to be commit 967c68858001cd620d2524d56180497c4b479c6b)
|
|
Jeremy.
(This used to be commit 0fcca6c627a5c9c2219ec9714df5e0bc1a44cc29)
|
|
-> NT STATUS
maps. Fixes problem with disk full returning incorrect error.
Jeremy.
(This used to be commit 16fcbf3c1ccf1d704765653f68395dd596c0d841)
|
|
Jeremy.
(This used to be commit 794c3e2c76aae57d054e46b185def104ca02977c)
|
|
HEAD soon.
Jeremy.
(This used to be commit 2f57257558b67b4a5106fece269ce55643464683)
|
|
and constness changes.
(This used to be commit cee0ec72746122c962e6c5278a736266a7f2c424)
|
|
(This used to be commit 04e3082f7d45c1b304adff5a46106136cff0e09e)
|
|
(This used to be commit 20a03facb6acf6329acc1645d4e9ead863a1a57c)
|
|
These strings are allocated using talloc(), either using its own memory context
stored on the SAM_ACCOUNT or one supplied by the caller.
The pdb_init_sam() and pdb_free_sam() function have been modifed so that a call
to pdb_free_sam() will either clean up (remove hashes from memory) and destroy
the TALLOC_CTX or just clean up depending on who supplied it.
The pdb_init_sam and pdb_free_sam functions now also return an NTSTATUS, and I
have modified the 3 places that actually checked these returns.
The only nasty thing about this patch is the small measure needed to maintin
interface compatability - strings set to NULL are actually set to "".
This is becouse there are too many places in Samba that do strlen() on these
strings without checking if they are NULL pointers.
A supp patch will follow to set all strings to "" in pdb_default_sam().
Andrew Bartlett
(This used to be commit 144345b41d39a6f68d01f62b7aee64ca0d328085)
|
|
of the connections db on smbd startup. This should fix the Solaris large
load bug.... (fingers crossed).
Jeremy.
(This used to be commit 5b2b9c25af28543e67762805d1387524cbb6c39d)
|
|
If you define this, pstring and fstring become distinguished types, so
that it's harder to accidentally overflow them by for example passing
an fstring on the lhs of pstrcpy.
The types are defined as one-element union arrays so that with
"fstring f" the name "f" will be a pointer and with a big hammer you
can cast it to (char *). So code that tries to just use it directly
will get a loud warning, but hopefully nothing worse.
To pass them to non-pstring-aware functions, use PSTR and check that
the function takes a const. They should almost never be modified
except by special calls. In those unusual cases, use PSTR_MUTABLE.
This is off by default so as not to produce too many warnings. As the
code is vetted it can become the default.
(This used to be commit ca233bc8b30d7d0626039b2769c4e1ae92dafd50)
|
|
wire... so.
Jeremy.
(This used to be commit b63b76297835ab8227b98925fa8120ffce1a37d9)
|
|
Jeremy.
(This used to be commit 01ff6ce4963e1daff019f2b936cef218e1c93f67)
|
|
(This used to be commit 4f4f898348c5719b745ff358463fd7d59e3da495)
|
|
Replace this with some flags that *we* define. We can do a mapping later
if we actually get some more reliable info about what passwords are actually
valid.
Andrew Bartlett
(This used to be commit 7f7a42c3e4d5798ac87ea16a42e4976c3778a76b)
|
|
(This used to be commit 78814664ef7d41c2f6637b508711ab45647a64f9)
|
|
(This used to be commit c5e14d73dffee86ef2dabcf7031eea0da9e32f3d)
|
|
Jeremy.
(This used to be commit 02b18f2cca6d6d046d2d8fd7375b207d44031ddc)
|
|
Make it up as we go along... :-).
Jeremy.
(This used to be commit 4289fe3499e49c3ed356eff55ffbcfef4dca72af)
|
|
Jeremy.
(This used to be commit ee8c8add7f83d7a794546769c59c85ef8bb5b89a)
|
|
Jeremy
(This used to be commit 6210d4aa196c944e47076e316980f76ac9c6b02d)
|
|
the specifies the units that st_blocks is in. The reason for this is
that HPUX uses 8k, AIX uses a #defined constant and everyone else (tm)
uses 512 byte units.
Needed for the CIFS UNIX extensions - coming to a Samba server near
you soon.... :-).
Jeremy.
(This used to be commit 38cfffea5f0d7f5ff676f83204a2923247dce9d5)
|
|
prompt dmalloc to log information about what happening, so you can see
in flight why smbd is getting bloated.
(This used to be commit bcb443c5c4bf97fe6b5b0993e42496c2e64f0124)
|
|
like strcat
(This used to be commit fb8ab69b6f638c41d734282488be91d85b4ec057)
|
|
gcc warnings about unused parameters.
(This used to be commit b29775d442c36f667a6db5ba9dbe47d1a133525f)
|
|
(This used to be commit a57e13b8b661dd41e8036f862c708b5d3ced82e6)
|
|
but a plain old uint32.
(This used to be commit 690cc12bad2a037684a43b0dcb48be8eb03aa7bc)
|
|
to NT_STATUS_UNSUCCESSFUL according to AB's funky new error map.
(This used to be commit 9c968fbb017d3369ac207e65348a9a22dbed0213)
|
|
The auth_authsupplied_info typedef is now just a plain struct - auth_context,
but it has been modified to contain the function pointers to the rest
of the auth subsystem's components.
(Who needs non-static functions anyway?)
In working all this mess out, I fixed a number of memory leaks and moved the
entire auth subsystem over to talloc().
Note that the TALLOC_CTX attached to the auth_context can be rather long-lived,
it is provided for things that are intended to live as long. (The
global_negprot_auth_context lasts the whole life of the smbd).
I've also adjusted a few things in auth_domain.c, mainly passing the domain as
a paramater to a few functions instead of looking up lp_workgroup(). I'm
hopign to make this entire thing a bit more trusted domains (as PDC) freindly
in the near future.
Other than that, I moved a bit of the code around, hence the rather messy diff.
Andrew Bartlett
(This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048)
|
|
Also change the structure so it has its own (optional) 'free' pointer - so we
don't free() a talloc'ed version.
also split out the data_blob_clear() functionaility.
Andrew Bartlett
(This used to be commit 207ee8aac42cf4b35f07e496b15fdeabe50950bc)
|
|
Jeremy.
(This used to be commit 6c51d90f13a40359baef08424f7ea1940f93d511)
|
|
This new table is rather different to the old one (see diff posted to the
list for a sorted list of differences) and needs a *lot* of testing.
It does however seem to line up much better with what NT is using, as
exampled by the change to the OBJECT_NAME_COLLISION DOS error, it now matches
win2k where it didn't before.
I can't see any critical errors we now get wrong, and I know that the auth
errors are correct as per my on-the-wire observations.
This table was produced (and I hope to comment this better later) by
using the ERRMAPEXTRACT smbtorture tool, a Win2k domain member and the
'name_to_ntstatus' auth module on the HEAD PDC. This module returned
the username as the error, and the NT box was forced to give me a dos
error becouse thats all I negotiated on that connection. Hence the map.
Andrew Bartlett
(This used to be commit a855dfb2e0b899d03087860e5462c2aed3ca4cad)
|
|
(This used to be commit 269a7d3c9ba8ca1444653c1aa56b843b8b1df08b)
|
|
contain new print-formatted information. (Also
talloc_vasprintf_append.) Idea borrowed from glib.
(This used to be commit 53723e874885936dd67483ebf46601fc73489d17)
|
|
stop smb_macros.h and tdb.h from fighting with each other.
I tried to rearrange the #include file order but that breaks other stuff.
Aargh!
(This used to be commit aae8cc6e450a6a0b33045ed1e6d49f8eebeb48b2)
|
|
(This used to be commit ab1bd916cf59e12366d9005f6ce1cf6521ff02be)
|
|
(This used to be commit 27ffce157a655e267f225126f586847e5a0b8614)
|
|
(This used to be commit 501f3f3a8fb5ea27155f8c2fe266f1f659d7d22d)
|
|
Thou shalt not reference SAM_ACCOUNT members directly - always use
pdb_get/pdb_set.
This is achived by making the whole of SAM_ACCOUNT have a .private member,
where the real members live. This caught a pile of examples, and these have
beeen fixed.
The pdb_get..() functions are 'const' (have been for some time) and this
required a few small changes to constify other functions.
I've also added some debugs to the pdb get and set, they can be removed if
requested.
I've rewritten the copy_id2x_to_sam_pass() functions to use the new passdb
interface, but I need the flags info to do it properly.
The pdb_free_sam() funciton now blanks out the LM and NT hashes, and as such
I have removed many extra 'samr_clear_sam_passwd(smbpass)' calls as a result.
Finally, any and all testing is always appriciated - but the basics seem to
work.
Andrew Bartlett
(This used to be commit d3dd28f6c443187b8d820d5a39c7c5b3be2fa95c)
|
|
This means different return sizes depending on client bugs. This sucks :-(.
Jeremy.
(This used to be commit f6592628eb526c487069bb3fcd809aca930e668e)
|
|
(This used to be commit b354163834e0f2da7d3caacfe8d2ac6e2a6949e8)
|
|
so that we can print it in later debug messages.
(This used to be commit 37ae84f782e1de6fcea92acb2189683cdf8e7e92)
|
|
on some platforms using "" instead of <> in include statements
(This used to be commit d0ba307032340a22d77cb1d8fc78b4234e1a963c)
|
|
- Move rpc_client/cli_trust.c to smbd/change_trust_pw.c
- It hasn't been used by anything else since smbpasswd lost its -j
- Add a TALLOC_CTX to the auth subsytem. These are only valid for the length
of the calls to the individual modules, if you want a longer context hide it
in your private data.
Similarly, all returns (like the server_info) should still be malloced.
- Move the 'ntdomain' module (security=domain in oldspeak) over to use the new
libsmb domain logon code. Also rework much of the code to use some better
helper functions for the connection - getting us much better error returns
(the new code is NTSTATUS).
The only remaining thing to do is to figure out if tpot's 0xdead 0xbeef for
the LUID feilds is sufficient, or if we should do random LUIDs as per the old
code.
Similarly, I'll move winbind over to this when I get a chance.
This leaves the SPOOLSS code and some cli_pipe code as the only stuff still in
rpc_client, at least as far as smbd is concerned.
While I've given this a basic rundown, any testing is as always appriciated.
Andrew Bartlett
(This used to be commit d870edce76ecca259230fbdbdacd0c86793b4837)
|
|
member server. Firstly, use the same max enumeration size (0x400) as W2K
uses, otherwise W2K won't ask for any more. Secondly, if a enumeration
request with a non-zero offset comes in on a handle that hasn't started
an enumeration, don't bitch about it (return NT_STATUS_UNSUCCESSFUL),
just load the db on that handle and return at that offset.
Jeremy.
(This used to be commit 0b7da4a50ea02e28ab23e71de1e5f8b9194a9af3)
|
|
(This used to be commit c4d928e55fe99a3a1c4e53508a44949f92d74219)
|
|
These two little features are very useful, but the passing of options about
needs some serious work. The popt stuff in the shutdown code is #ifdef'ed out
until the main popt loop can be convinced not to chew on the options :-(
Andrew Bartlett
(This used to be commit 51c985be7fbfe5627c5b2590e7610653e7be98e3)
|
|
but it will take more time as I don't want to loose any fixes that
are only in HEAD.
(This used to be commit efcde5d9d8ce44c0613764504d797be54ba21473)
|
