Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit d3fdce07ab5955abd1f923127ae9eb5006aea505)
|
|
(This used to be commit 07de8418369dad1f015369e70e9303fea4130295)
|
|
(This used to be commit dd46ff7619129782963ec6ea727e5d731370ee7d)
|
|
and appear to be functions for internal use.
Richard: please check.
Andrew Bartlett
(This used to be commit cb61e61a113dede4a0b0f5d31d0ec89c4b6ecd65)
|
|
(This used to be commit 2d7eccbeb258b4fdd14323a40f9537eb265f73e1)
|
|
code
(This used to be commit 91ad9041e9507d36eb3f40c23c5d4df61f139ef0)
|
|
(This used to be commit 514b91827a970a0041314af341b8c66a01668e4a)
|
|
broadcast addresses. This makes it far more likely that we will try to
talk to an interface that is routable from one of our interfaces.
(This used to be commit bc1a0506868266088ae585a7a5dcb1ac8ca3474d)
|
|
bytes which follow the header, not the full packet size.
[Yes, the length field is either 17-bits, or (per the RFCs) it is a
16-bit length field preceeded by an 8-bit flags field of which only
the low-order bit may be used. If that bit is set, then add 65536 to
the 16-bit length field. (In other words, it's a 17-bit unsigned
length field.)
...unless, of course, the transport is native TCP [port 445] in which
case the length field *might* be 24-bits wide.]
Anyway, the change is a very minor one. We were including the four bytes
of the header in the length count and, as a result, sending four bytes of
garbage at the end of the SESSION REQUEST packet.
Small fix in function cli_session_request().
(This used to be commit cd2b1357066a712efcf87ac61922ef871118e8de)
|
|
these errors happen all the time, so they shouldn't be level 0
(This used to be commit abc2aed26c6cb12a86987a3846ca5c9f7df9a5ae)
|
|
Now let's keep this in sync !
Jeremy.
(This used to be commit 3603cd4947df2c10df604447dc542932cb9e5d5a)
|
|
(This used to be commit 9a3e323ec261a1ee3a83f8c558583c3d4a53e06a)
|
|
We now cope wiith multiple WINS groups and multiple failover servers
for release and refresh as well as registration. We also do the regitrations
in the same fashion as W2K does, where we don't try to register the next
IP in the list for a name until the WINS server has acked the previos IP.
This prevents us flooding the WINS server and also seems to make for much
more reliable multi-homed registration.
I also changed the dead WINS server code to mark pairs of IPs dead,
not individual IPs. The idea is that a WINS server might be dead from
the point of view of one of our interfaces, but not another, so we
need to keep talking to it on one while moving onto a failover WINS
server on the other interface. This copes much better with partial
LAN outages and weird routing tables.
(This used to be commit 313f2c9ff7a513802e4f893324865e70912d419e)
|
|
Jeremy.
(This used to be commit d015c08100bf467e3f83143586a234989eca1a49)
|
|
(This used to be commit 0bce9af615db2eb7e95887ab6b95655d7771dac2)
|
|
accept an extended syntax for 'wins server' like this:
wins server = group1:192.168.2.10 group2:192.168.3.99 group1:192.168.0.1
The tags before the IPs don't mean anything, they are just a way of
grouping IPs together. If you use the old syntax (ie. no ':') then
an implicit group name of '*' is used. In general I'd recommend people
use interface names for the group names, but it doesn't matter much.
When we register in nmbd we try to register all our IPs with each group
of WINS servers. We keep trying until all of them are registered with
every group, falling back to the failover WINS servers for each group
as we go.
When we do a WINS lookup we try each of the WINS servers for each group.
If a WINS server for a group gives a negative answer then we give up
on that group and move to the next group. If it times out then
we move to the next failover wins server in the group.
In either case, if a WINS server doesn't respond then we mark it dead
for 10 minutes, to prevent lengthy waits for dead servers.
(This used to be commit e125f06058b6b51382cf046b1dbb30728b8aeda5)
|
|
it is *completely* bogus for our client code to be doing wins
registrations. Not only is it slow as hell (think about when a wins
server is down) but how the heck is going to answer the queries that
will later come in for our name? And what happens when libsmbclient
sends registrations and nmbd then gets the WACK response from the wins
server? we end up losing our name!
Name registration is a job for nmbd, not for clients.
(This used to be commit 62774923ffdce15eded0f37ba99e33e9cd7a358c)
|
|
gives us a good grounding to properly support multiple wins servers
for different interfaces (which will be coming soon ...)
- fixed our wins registration failover code to actually do failover!
We were not trying to register with a secondary wins server at all
when the primary was down. We now fallback correctly.
- fixed the multi-homed name registration packets so that they work
even in a non-connected network (ie. when one of our interfaces is not
routable from the wins server. Yes, this really happens in the real
world).
(This used to be commit a049360d5b0d95a935b06aad43efc17d34de46dc)
|
|
(This used to be commit 6b28ca8bd2a6613989bb23be951836d173296197)
|
|
few more places to use it.
Andrew Bartlett
(This used to be commit 23689b0746d5ab030d8693abf71dd2e80ec1d7c7)
|
|
(This used to be commit 658e853bc6914113dcd4f67d7a1d2761372b562d)
|
|
Replaced with "unsigned int".
Jeremy.
(This used to be commit 5841ca54b6a8c36f3d76c12570ff8f2211ed2363)
|
|
rebind proc (some give an extra paramter to pass a void* paramater) and
some small changes for the SMB signing code to reset things when the
signing starts, and to 'turn off' signing if the session setup failed.
Andrew Bartlett
(This used to be commit a8805a34e5d96eeb5ffe15681b241d5a449a6144)
|
|
The problem was that *all* packets were being signed, even packets before
signing was set up. (This broke the session request).
This fixes it to be an 'opt in' measure - that is, we only attempt to sign
things after we have got a valid, non-guest session setup as per the CIFS spec.
I've not tested this against an MS server, becouse my VMware is down, but
at least it doesn't break the build farm any more.
Andrew Bartlett
(This used to be commit 1dc5a8765876c1ca822e454651f8fd4a551965e9)
|
|
Jeremy.
(This used to be commit 0e7e8d44627ad9645a90e96001f8550b68b67a62)
|
|
Jeremy.
(This used to be commit 9d461933766f26ce772f6d5ea849ef9218c4d534)
|
|
Jeremy.
(This used to be commit c1b20db4bb4bb1ba485466f50b9795470027327c)
|
|
(This used to be commit aff65bf6c9f339ae1d3122d12114005c017b9b5d)
|
|
(const, takes unix string as arg)
Also update cli_full_connection to take NULL pointers as 'undefined' correctly,
and therefore do its own lookup etc. This what was intended, but previously
you needed to supply a 0.0.0.0 IP address.
Andrew Bartlett
(This used to be commit 8fb1a9c6ba07dbf04a6aa1e30fa7bbd4c676ed28)
|
|
(This used to be commit f7e75952306296b11a859f425ff5ec7082239dc2)
|
|
Some reformatting.
(This used to be commit d6dd7c7b14a4e3be4d7d435b6ac6bb8189070ff7)
|
|
(This used to be commit a8b2e76c5b90d3dcd00f26462614f56936c13110)
|
|
(This used to be commit 4b18a94590a25882f06f88c3c7dd1a08bf990044)
|
|
Jeremy.
(This used to be commit 3c05f7c06fc8c45307ea75128b160a5945fc5197)
|
|
(This used to be commit f37d85babf1061bb2b5ffdf96c72427f8ad5e832)
|
|
of files. This was done to better enable net rpc file. Perhaps we can start
giving back real info this way, too.
(This used to be commit b3fea72ee9abd2441a49c35442c54819e4ba16ba)
|
|
(This used to be commit 099b750b4ed8f04a1fd8a018508d412691e37df6)
|
|
when using restrictanonymous.
(This used to be commit 0c65978ed07903af808da5f32cc29531aef23225)
|
|
(This used to be commit ca61f68d5ca8791bea34732bd358cfb63273fc5c)
|
|
so muchos dodgy code is required to copy the results out of the parse
buffer into the client's talloc context.
(This used to be commit 496d3cf02c15ece7e13fa023deea740ee00486a8)
|
|
warning/error.
(This used to be commit 8d6270cadf7f99ee8ee441ee6c3e58eca623d519)
|
|
The problem was the NTLMv2 uses extra data in order to make reply/lookup
more difficult. That extra data includes the hostname, and the domain.
This matches Win2k (sort of) by sending this information.
Win2k connects with LMCompatibilityLevel=5 without a problem.
We can change the negotiation bits if we want, this should allow us to make
NTLMv2 the default for other clients as well.
Some of the extra #defines were found in the squid source.
Andrew Bartlett
(This used to be commit 17a5f67b3d1935baf6197ae967624eb847b66ac8)
|
|
unix and DOS strings.
This pushes all the 'have to uppercase, must be 14 chars' stuff behind the
the interface.
Andrew Bartlett
(This used to be commit dec650efa8ab1466114c2e6d469320a319499ea0)
|
|
Importantly:
The removal of the silly 'delete user script' behaviour when secuity=domain.
I have left the name the same - as it still does the (previously documented,
but not in smb.conf(5)) sane behaviour of deleting users on request.
When we decide what to do with the 'add user' functionality, we might
rename it.
Andrew Bartlett
(This used to be commit cdcfe3671eb7570e15649b77f708e6579055e7bc)
|
|
didn't make any sense, and its was always just strlen(password) anyway.
This fixes it to be strlen(password)+1
Andrew Bartlett
(This used to be commit c205b18bd6b9b69200ff3db55f2c641631d4ab40)
|
|
Wasn't this what got us some of the bugs with big-endien smbpasswd -j FOO -U ?
Anyway, it deserves to die.
Andrew Bartlett
(This used to be commit 7201720048b31e48fb2600de8f7396088cc9b533)
|
|
this:
More code cleanup - this lot a bit more dodgy than the last:
The aim is to trim pwd_cache down to size. Its overly complex, and a
pain to deal with. With a header comment like this:
'obfusticaion is planned'
I think it deserved to die (at least partly).
This was being done to allow 'cli_establish_connection' to die - its
functionality has been replaced by cli_full_connection(), which does
not duplicate code everywhere for creating names etc.
This also removes the little 'init' fucntions for the various pipes,
becouse they were only used in one place, and even then it was dodgy.
(I've reworked smbcacls not to use anonymous connections any more, as
this will (should) fail with a 'restrict anonymous' PDC).
This allowed me to remove cli_pipe_util.c, which was calling
cli_establish_connection.
tpot: I'm not sure what direction you were going with the client stuff,
and you may well have been wanting the init functions. If thats the case,
give me a yell and I'll reimplement them against cli_full_connection.
Andrew Bartlett
(This used to be commit fa67e4626bed623333c571e76e06ccd52cba5cc5)
|
|
(only function that used it was unused, and this helps bring TNG and HEAD
closer)
Its also cleaner.
Andrew Bartlett
(This used to be commit 78f47c83332a6408a718a3dee45645935638b364)
|
|
I think we may still need to look at our server enumeration code, but
other than that, its much better in the tree than out.
Andrew Bartlett
(This used to be commit d57a1b4629d12a0374cc6d74dfc6f5d4793fcef8)
|
|
This option was badly maintained, useless and confused our users and
distirbutors. (its SSL, therfore it must be good...)
No windows client uses this protocol without help from an SSL tunnel.
I can't see any reason why setting up a unix-side SSL wrapper would
be any more difficult than the > 10 config options this mess added
to samba in any case.
On the Samba client end, I think the LIBSMB_PROG hack should be
sufficient to start stunnel on the unix side. We might extend this
to take %i and %p (IP and port) if there is demand.
Andrew Bartlett
(This used to be commit b04561d3fd3ee732877790fb4193b20ad72a75f8)
|