summaryrefslogtreecommitdiff
path: root/source3/lib/access.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-16Improve IPv4 detection.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 2ef50e325c2183385286b994216624dc3a309ff3)
2007-10-16Fix access control code to be IPv6/v4 protocol independent.Jeremy Allison1-151/+200
Make unix_wild_match() talloc, not pstring based. Next will be name resolution code, and client code. Jeremy. (This used to be commit f6a01b82c5a47957659df08ea84e335dfbba1826)
2007-10-10Add start of IPv6 implementation. Currently most of this is avoidingJeremy Allison1-1/+1
IPv6 in winbindd, but moves most of the socket functions that were wrongly in lib/util.c into lib/util_sock.c and provides generic IPv4/6 independent versions of most things. Still lots of work to do, but now I can see how I'll fix the access check code. Nasty part that remains is the name resolution code which is used to returning arrays of in_addr structs. Jeremy. (This used to be commit 3f6bd0e1ec5cc6670f3d08f76fc2cd94c9cd1a08)
2007-10-10r17408: Let us use netgroups even without a NIS domain but just using filesSimo Sorce1-3/+2
(This used to be commit c065341d3ffc9125514f563c63d416cf7c40375f)
2007-10-10r7139: trying to reduce the number of diffs between trunk and 3.0; changing ↵Gerald Carter1-1/+1
version to 3.0.20pre1 (This used to be commit 9727d05241574042dd3aa8844ae5c701d22e2da1)
2007-10-10r6149: Fixes bugs #2498 and 2484.Derrell Lipman1-1/+1
1. using smbc_getxattr() et al, one may now request all access control entities in the ACL without getting all other NT attributes. 2. added the ability to exclude specified attributes from the result set provided by smbc_getxattr() et al, when requesting all attributes, all NT attributes, or all DOS attributes. 3. eliminated all compiler warnings, including when --enable-developer compiler flags are in use. removed -Wcast-qual flag from list, as that is specifically to force warnings in the case of casting away qualifiers. Note: In the process of eliminating compiler warnings, a few nasties were discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED kerberos interfaces are being used. Someone who knows kerberos should look at these and determine if there is an alternate method of accomplishing the task. (This used to be commit 994694f7f26da5099f071e1381271a70407f33bb)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-1/+1
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2003-12-08make sure we use a real network address in case there are extra non-zero ↵Gerald Carter1-1/+1
octets in hosts allow/deny (This used to be commit 0348e85177ae90c350659451424ab521a4fc335a)
2003-12-01fix inverted logic caused by s/strcmp/strequal/; host allow/deny works ↵Gerald Carter1-1/+1
again; bug 846 (This used to be commit c816b44a9c1278d756f63044bb3a3bce3afec9b3)
2003-11-07Simple rename of get_socket_addr to get_peer_addr and get_socket_name toVolker Lendecke1-7/+7
get_peer_name. This is to get closer to the getsockname/getpeername system functions. Next step will be the %i macro for the local IP address. I still want to play %L-games in times of port 445. Volker (This used to be commit d7162122eaf5d897e5de51604e431bfbaa20e905)
2003-10-22Put strcasecmp/strncasecmp on the banned list (except for needed callsJeremy Allison1-10/+10
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at all and I really want to discourage that. Jeremy. (This used to be commit d7e35dfb9283d560d0ed2ab231f36ed92767dace)
2003-08-15get rid of some sompiler warnings on IRIXHerb Lewis1-2/+1
(This used to be commit a6a39c61e8228c8b3b7552ab3c61ec3a6a639143)
2003-04-26round three of CIDR fixes; spotted by Tomoki AONOGerald Carter1-3/+2
(This used to be commit 554026b2084e2371c1ddae7316fbb0b9b76472d4)
2003-04-18fix byte ordering when using CIDR notation in hosts allow/deny; spotted by ↵Gerald Carter1-0/+4
Eloy Paris (This used to be commit 6155144b9f6a8d41675ff8f0564f86420431c142)
2003-03-28fix CIDR hosts allow/deny notationGerald Carter1-1/+1
(This used to be commit 84707fd95eec260a1cb22a165a0161a075f93ada)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-86/+79
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
2002-10-26Try to catch up on the code I've put into HEAD that should be in 3.0:Andrew Bartlett1-3/+3
- vorlan's hosts allow with DNS names patch - use x_fileno() in debug.c, not the struct directly. - check for server timeout on password change (was reporting success) - better error/status loggin in both the pam_winbind client and winbindd_pam server code. - (pdb_ldap) don't set the ldap version twice - we do it on every bind anyway. (This used to be commit 9fa1863d8e7788eda83911ca2610754486b33069)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-2/+18
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-03-27Allow hosts allow/deny to use xx.xx.xx.xx/yy syntax.Jeremy Allison1-2/+10
Jeremy. (This used to be commit ea60c50109462b35825be1dd3cc6b28f739a1b59)
2002-01-18If 127.0.0.1 matches both allow & deny then allow. Patch from Steve Langasek ↵Jeremy Allison1-1/+7
vorlon@netexpress.net Jeremy. (This used to be commit 478696e924a5e562965eb21841198c96500027c4)
2001-10-29More spelling and grammer from Vance. <vance@digital-host.net>Andrew Bartlett1-3/+4
Thanks! Andrew Bartlett (This used to be commit f019bed7663b4a20c1b5ab6b59fcadda17b89acd)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-2/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-17move to SAFE_FREE()Simo Sorce1-1/+1
(This used to be commit 60e907b7e8e1c008463a88ed2b076344278986ef)
2001-07-04strchr and strrchr are macros when compiling with optimisation in gcc, so we ↵Andrew Tridgell1-5/+5
can't redefine them. damn. (This used to be commit c41fc06376d1a2b83690612304e85010b5e5f3cf)
2001-06-23fix compiler warningsSimo Sorce1-3/+0
(This used to be commit 7420e2f7898f1d141ba2af3eda07a67862fee842)
2001-06-20initial support for paramter type P_LISTSimo Sorce1-43/+23
it will avoid problems with lists being longer than 1024 bytes just now only ip list parameters have been converted to the new type (hosts allow, hosts deny, ssl hosts, ssl hosts resign) (This used to be commit e1572f85d6247b760db10825b2fa688d7ed50bd3)
2001-04-20merge from 2.2Gerald Carter1-1/+1
(This used to be commit f87f3707f3d5f205d0287381d71380264a711666)
2001-04-19merge from 2.2Gerald Carter1-2/+2
(This used to be commit 79f4c4ad74149f4b1a8a5a82d8ca8d2474a23ab3)
2001-04-14Removed one samba-bugs ref. from source.Jeremy Allison1-1/+1
Jeremy. (This used to be commit d40ee1707d1d3cf04358bca7fad16ebc15bd4845)
2001-03-27merge from 2.2Gerald Carter1-8/+71
(This used to be commit 3a03065b43d073205e421434bc32082c0f9f64da)
2000-04-11finally got sick of the "extern int Client" code and the stupidAndrew Tridgell1-3/+3
assumption that we have one socket everywhere while doing so I discovered a few bugs! 1) the clientgen session retarget code if used from smbd or nmbd would cause a crash as it called close_sockets() which closed our main socket! fixed by removing close_sockets() completely - it is unnecessary 2) the caching in client_addr() and client_name() was bogus - it could easily get fooled and give the wrong result. fixed. 3) the retarget could could recurse, allowing an easy denial of service attack on nmbd. fixed. (This used to be commit 5937ab14d222696e40a3fc6f0e6a536f2d7305d3)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-6/+32
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1998-11-21global change from samba.anu.edu.au to samba.orgAndrew Tridgell1-1/+1
(This used to be commit 42d2509c9fab5c774fd33b9d4b5bd1ee125479c3)
1998-09-17configure configure.in: Added tests for fseek64 and ftell64.Jeremy Allison1-1/+1
config.h.in: Added fseek64 and ftell64. includes.h: Added definition of SMB_BIG_INTEGER. smb.h: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER. access.c: Tidyup of dbug statement. system.c: Added sys_fseek and sys_ftell. Changed mode calls to use mode_t. asyncdns.c: Tidyup of comment. loadparm.c: Tidyup of set_default_server_announce_type() function definition. ldap.c: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER. nispass.c: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER. smbpass.c: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER. smbpassfile.c: Use sys_fseek(). chgpasswd.c: Tidyup of debug statement. dosmode.c: Changed mode calls to use mode_t. ipc.c: Removal of dead code. nttrans.c: Changed mode calls to use mode_t. open.c: Changed mode calls to use mode_t. pipes.c: Removal of dead code. reply.c: Removal of dead code. trans2.c: Removal of dead code. Changed mode calls to use mode_t. Jeremy. (This used to be commit c381d32e3dc23fe887408016cae821aceb30da2c)
1998-08-15configure: Changes for extra headers.Jeremy Allison1-1/+1
configure.in: Source for header changes. client/clitar.c: Fixed isXXX macros & debugs for gcc pedantic compile. include/config.h.in: Added MEMSET, BZERO, MEMORY, RPCSVC_YPCLNT, STRINGS headers. include/includes.h: Headers for the above. include/smb.h: Made SIGNAL_CAST POSIX by default void (*)(int). lib/access.c: Fixed isXXX macros & debugs for gcc pedantic compile. lib/charset.c: Fixed isXXX macros & debugs for gcc pedantic compile. lib/debug.c: Fixed signal functs. lib/kanji.c: Fixed isXXX macros & debugs for gcc pedantic compile. lib/smbrun.c: Fixed isXXX macros & debugs for gcc pedantic compile. lib/util.c: Fixed isXXX macros & debugs for gcc pedantic compile. libsmb/namequery.c: Fixed isXXX macros & debugs for gcc pedantic compile. locking/shmem.c: Fixed isXXX macros & debugs for gcc pedantic compile. locking/shmem_sysv.c: Fixed error messages in sysV stuff. nmbd/asyncdns.c: Fixed signal functs. nmbd/nmbd.c: Fixed isXXX macros & debugs for gcc pedantic compile. passdb/passdb.c: Fixed isXXX macros & debugs for gcc pedantic compile. passdb/smbpassfile.c: Fixed isXXX macros & debugs for gcc pedantic compile. smbd/chgpasswd.c: Fixed isXXX macros & debugs for gcc pedantic compile. smbd/ipc.c: Fixed isXXX macros & debugs for gcc pedantic compile. smbd/nttrans.c: Fixed fsp code path. smbd/password.c: fixed HAVE_YP_GET_DEFAULT_DOMAIN problem. smbd/printing.c: Fixed isXXX macros & debugs for gcc pedantic compile. smbd/reply.c: Fixed isXXX macros & debugs for gcc pedantic compile. smbd/server.c: Fixed isXXX macros & debugs for gcc pedantic compile. smbd/trans2.c: Fixed core dump bug. smbd/uid.c: Fixed isXXX macros & debugs for gcc pedantic compile. Jeremy. (This used to be commit 1b9cbcd02e575dc0a95fa589f720df30a4acc46b)
1998-08-10moved access.c into lib/ from smbd/ as it is needed by testparm. IAndrew Tridgell1-216/+169
modified it not to need any smbd specific structures and instead pass things from smbd. (This used to be commit 162141d3b3fcf53fbc6a1f18702df85c2b7f1781)
1998-07-31As per a Andrew's message, I went through and removed the timestring()Christopher R. Hertel1-3/+3
timestamps from several DEBUG messages. The timestamps are redundant now that DEBUG() provides them automatically. There are still a few more files to do, but I've got to get home for dinner. Chris -)----- (This used to be commit 60286ccecaa6028d687e6406755016455e3b3a26)
1998-07-29merge from the autoconf2 branch to the main branchAndrew Tridgell1-1/+1
(This used to be commit 3bda7ac417107a7b01d91805ca71c4330657ed21)
1998-04-13Changes to allow Samba to be compiled with -Wstrict-prototypesJeremy Allison1-2/+2
with gcc. (Not a big change although it looks like it :-). Jeremy. (This used to be commit cd2613c57261456485fe4eeecfda209ada70de8e)
1998-03-17this isn't a big commit, it just looks like it :-)Andrew Tridgell1-3/+4
I needed the client_name() and client_addr() functions in swat so I could tell who was connecting from where. The problem was that these functions didn't take a file descriptor parameter they just used the global "Client". So I needed to change all calls to pass a parameter ... lots of files. (This used to be commit a776058900a727591bd7b69debdaa25c0e31d693)
1997-09-18added timestamp to "Denied connection" message.Luke Leighton1-2/+2
(This used to be commit f28b14a86c22c3bad187ca57f03e13da795d4136)
1997-04-09Large changes from jra@cygnus.com. Mainly browser updates.Samba Release Account1-0/+4
access.c: Fixed crash if yp domain unavailable. includes.h: Moved ifdefs for minor platform. interface.c: Changed name of ipgrp to wins_ip to make it clearer. loadparm.c: Changed default of wins support to 'no'. nameannounce.c: Many changes to fix cross subnet browsing. namebrowse.c: Many changes to fix cross subnet browsing. namedbname.c: Many changes to fix cross subnet browsing. namedbresp.c: Many changes to fix cross subnet browsing. namedbsubnet.c: Many changes to fix cross subnet browsing. namedbwork.c: Many changes to fix cross subnet browsing. nameelect.c: Many changes to fix cross subnet browsing. namelogon.c: Many changes to fix cross subnet browsing. namepacket.c: Many changes to fix cross subnet browsing. nameresp.c: Many changes to fix cross subnet browsing. nameserv.c: Many changes to fix cross subnet browsing. nameserv.h: Many changes to fix cross subnet browsing. nameservreply.c: Many changes to fix cross subnet browsing. nameservresp.c: Many changes to fix cross subnet browsing. namework.c: Many changes to fix cross subnet browsing. nmbd.c: Change to search wins subnet. nmbsync.c: Change to check if we are any master before proceeding. proto.h: Added find_subnet_all() and check_work_servertype(). util.c: Moved 'done' settings on name resolution. (This used to be commit a82476eee2c521e5eed092bc367da0a7cef23de1)
1996-10-05- replace the base36 function with one that works on more systemsAndrew Tridgell1-1/+1
(compiler bugs were the problem) - minor password cleanups (catch WfWG bug where it sets the password to a space instead of a NULL) - fix printing problem for kanji users - minor cleanups (This used to be commit 92566ecc315c29da6e9aaa67ddae33e64f5bcc67)
1996-10-05I have fixed quite a few important bugs in this commit.Andrew Tridgell1-121/+21
Luke, can you take special note of the bug fixes to nmbd so you can propogate them to your new code. - rewrote the code that used to use fromhost(). We now call gethostbyaddr() only if necessary and a maximum of once per connection. Calling gethostbyaddr() causes problems on some systems so avoiding it if possible is a good thing :-) - added the "fake oplocks" option. See the docs in smb.conf(5) and Speed.txt - fixed a serious bug in nmbd where it would try a DNS lookup on FIND_SELF queries. This caused a lot of unnecessary (and incorrect) DNS lookups to happen. FIND_SELF queries should only go to the internal name tables. - don't set FIND_SELF for name queries if we are a wins proxy, as we are supposed to be answering queries for other hosts. - fixed a bug in nmbd which had "if (search | FIND_LOCAL)" instead of "if (search & FIND_LOCAL)". Luke, this was in nameservreply.c - the above 3 bugs together meant that DNS queries were being cached, but the cache wasn't being used, so every query was going to DNS, no wonder nmbd has been chewing so much CPU time! Another side effect was that queries on names in lmhosts weren't being answered for bcast queries with "wins proxy" set. - ignore the maxxmit for seconday session setups (see CIFS spec) - close user opened files in a uLogoffX for user level security (see CIFS spec) - added uid into the files struct to support the above change (This used to be commit ea472b7217b7693627a13a7b1e428a0a6a3d8755)
1996-08-17- added support for Amiga-unix (based on BSD I think)Andrew Tridgell1-1/+1
- changed the order of PROGS and SPROGS in Makefile (SPROGS first) - another 64 bit cleanup (for INADDR_NONE) - added paranoia code in DirCacheAdd() to detect looping - fixed important DirCache flush bug - rewrote the NetServerEnum code after I found it could return servers from multiple workgroups at once, and this could cause browsing havoc. Now a null workgroup query is equivalent to a query for the servers primary workgroup - got rid of my_workgroup() - got rid of "workgroup = *" comment in Makefile. We no longer support a workgroup of *, users must set the workgroup explicitly - the wins.dat file was being stored in a different format to what it was being loaded in - this could cause havoc. fixed. - uppercase our netbios name and the workgroup name at startup - if accept fails in main loop when running as a daemon then continue, don't just exit! - don't use ./ on smbclient in smbtar - better code to detect if a process exists (This used to be commit ec3d53963064b50ff33e8eff47812aac82f164ba)
1996-08-14changed "unsigned long" to "uint32" in several places (for IPAndrew Tridgell1-14/+14
addresses) to keep 64 bit machines happy. (This used to be commit b4aaec504ae66dc6a0f05d12529100cb62d47afd)
1996-07-04Started uninstall in MakefileSamba Release Account1-1/+1
Updated some email addresses (This used to be commit a7be82ee6e56481b907ab3672b214639ec63c9b5)
1996-06-10got rid of a lot of redundent header files as we now globally generateAndrew Tridgell1-4/+0
prototypes automatically using "make proto". This is much less prone to error than the old method of manually adding prototypes (This used to be commit b551dc98f7cc194a5fc2e67a4ebae7fd67a01bbc)
1996-05-04Initial version imported to CVS Samba Release Account1-0/+389
(This used to be commit 291551d80711daab7b7581720bcd9a08d6096517)