| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
techniques more accurately.
(This used to be commit 054e3b2ae3a8cfb98fde72becef9b05de34d2ba7)
|
|
Q/R LSA_REQ_CHAL; Q/R LSA_AUTH2; Q/R LSA_SAMLOGON; Q/R LSA_SAMLOGOFF.
the last (non-essential right now) bit is the LSA_SRV_PWSET.
the next stage is to do LSA_OPENPOLICY; add the pipe binds (missing right
now); then we can test against an NT Server.
(This used to be commit 0a549e62fbf11a3ff1f1de663176e30006553e08)
|
|
in clientutil.c (Luke, you can't just copy a global variable
declaration from one file to another, you need to declare one of them
extern)
(This used to be commit 944ecbcbd47afcc20e2e408a06d57c7b8d0d86a8)
|
|
code, which means we don't have to link with a fake getpass routine
and we don't have a whole pile of global variables that really have
nothing to do with nmbd and were there to keep the client code happy.
The code should function identically to what it did before (hopefully
it was correct)
The only thing that now uses the horrible clientutil.c code is
smbclient.
(This used to be commit 4bf5c03b18f88b566f3ac12cc4b3a9c5c96fd35d)
|
|
adding bits for new nt domain code
byteorder.h :
trying to get macros right, and not to crash on SUNOS5...
client.c :
added #ifdef NTDOMAIN, and created do_nt_login() function. don't
want to have to recompile client.c unless absolutely necessary.
credentials.c :
moved deal_with_creds() [possibly inappropriately] into credentials.c
ipc.c reply.c server.c uid.c :
attempting to make (un)become_root() functions calleable from smbclient.
this is a little tricky: smbclient might have to be another setuid
root program, immediately setuid'ing to non-root, so that we can
reset-uid to root to get at the smbpasswd file. or, have a secure
pipe mechanism to smbd to grab smbpasswd entries. or the like.
smbdes.c smbencrypt.c :
created a function to generate lm and nt owf hashes.
lsaparse.c ntclient.c smbparse.c :
added nt client LSA_AUTH2 code. it works, too!
pipenetlog.c pipentlsa.c pipesrvsvc.c :
simplification. code-shuffling. getting that damn offset right
for the opcode in RPC_HDR.
smb.h :
changed dcinfo xxx_creds to DOM_CRED structures instead of DOM_CHAL.
we might need to store the server times as well.
proto.h :
the usual.
(This used to be commit 82436a3d99d4bdce249ce9ff27fd2ca4b2447e07)
|
|
adding some debug info
pipenetlog.c pipentlsa.c pipesrvsvc.c :
using unistrn2 instead of unistr2 in the SAM logon username.
wrong offset for command in request (use "reserved" field
not cancel_count. AGH i'll get there)
(This used to be commit 6d301d2cfd25b18ba18685d926d7a5bc08695b6d)
|
|
added a structure that wraps nt errors as strings and enums, so we
can do a smb_nt_error() function.
Makefile ntclient.c :
added ntclient.c, broken out nt domain stuff into a separate file.
getting fed up of compile-times and size of client.c.
fixed the do_lsa_req_chal() function. made it read the response,
and return the challenge credentials received from the server.
next stop: do_lsa_auth_2().
client.c :
removed nt domain logon functions into a separate file.
pipenetlog.c pipentlsa.c pipesrvsvc.c smbparse.c :
i'd broken the offsets of the RPC_HDR while trying to sort out the
nt client code. fixed it again. added some robustness stuff.
util.c :
the unistrn2() function was null-terminating the string at one
character too many.
(This used to be commit 39cec7f698c4461aee05cfbb213879fbd486117d)
|
|
clashed with the currently-used cli_setup_pkt() in clientutil.c
(This used to be commit 25560cf40b997e400d16fa0c1380e5bc29c015a5)
|
|
I realised this afternoon just how easy it is to add this, so I
thought I'd implement it while the idea was fresh.
nmbd forks at startup and uses a pipe to talk to its child. The child
does the DNS lookups and the file descriptor of the child is added to
the main select loop.
While I was doing this I discovered a bug in nmbd that explains why
the dns proxy option has been so expensive. The DNS cache entries in
the WINS list were never being checked, which means we always did a
DNS lookup even if we have done it before and it is in cache. I'm sure
this used to work (I tested the DNS cache when I added it) so someone
broke it :-(
Anyway, the async DNS gets rid of the problem completely. I'll commit
just the fix to the DNS cache bug to the 1.9.17 tree.
You can disable async DNS by adding -DSYNC_DNS to the compile flags.
(This used to be commit 178e27de0791c1ff3268cb456ed5c5efc9ac2a01)
|
|
to fix the password server code, so I didn't use SMBlib. This code is
fairly generic and uses a "struct cli_state" to hold the client
state.
(This used to be commit 3a0b5f06f42efdb522f1c5d3d9a4b4afabe03b40)
|
|
(This used to be commit ab849a97821c9e1f199eea8ea2ec477687bed947)
|
|
(This used to be commit 9dfab27da3634539e99eb48c85dd5a64212e7005)
|
|
SAM logon sorting. too many buffer pointers. added in the missing
switch value (value of 3). dealing with the buffer pointers to the
user info structure in a slightly different way.
(This used to be commit 7993e17c9a1edddae6407d3f12790c461def705a)
|
|
whoops, the SAM Logon structure was wrong. updated this, and
cifsntdomain.txt. more debug info in pipenetlog.c. the crash
is somewhere around deal_with_credentials().
byteorder.h :
put in uint8, uint16 and uint32 typecasts around debug info, because
sign extending was resulting in ffffffe8 being displayed instead of e8.
credentials.c :
some debugging info, because i'm tracking a coredump. without gdb.
nothing like making things difficult.
reply.c :
whoops, missed this (important) bit from paul's code, which tells
the NT workstation that the MACHINE$ entry doesn't already exist,
and we're going to create a default entry with a password "machine"
right now.
proto.h:
the usual.
(This used to be commit ed606bc7d4e6fb1091e527ea70a3e950d50a1db4)
|
|
(This used to be commit 97d06dd05e952a134be26ec5998ec4b8d38991dd)
|
|
changed the order of arguments to smbhash() in credentials.c. Luke,
when you changed from E1() to smbhash() you didn't notice that the
arguments are in a different order. This is why your new code was
failing.
NT logon still fails, but now gets to SAMLOGON. It shouldn't take much
to get it working now.
(This used to be commit 708edc348f0fb81d9c918e4bf857f339a13a3781)
|
|
(This used to be commit 9b095887df204393090d7da9a47508685ddd5163)
|
|
(This used to be commit d7a9a02e0a9e1e791810c24bcfcbd39a6bd7dac5)
|
|
(This used to be commit a3f96555b47265b8cd4d1f735af58375e2591d56)
|
|
debugging output wasn't (still isn't) perfect.
credentials.c lsaparse.c smbparse.c :
added DEBUG strings.
pipes.c :
lost some changes, to do with setup of RPC headers. arg.
(This used to be commit 9fdd697d17b68293bb95fd68f44c24f0f5b97f5f)
|
|
added credentials.c to smbd
credentials.c:
using credential structures instead of char*
password.c uid.c server.c:
added sid and attr to user_struct.
smbdes.c:
smbhash and str_to_key make public instead of private.
pipes.c smb.h:
lsa structures, sub-functions.
proto.h:
usual.
(This used to be commit 87a0a944855a673d693d934e446bdc231b1c7f02)
|
|
use UTIME structure (defined and commented in smb.h to be time, secs,
since 01jan1970)
pipes.c:
another sub-function.
util.c:
added char *unistr2(uint16 *buff) function. same as unistr except
it takes uint16* instead of char*.
smbparse.c smb.h:
more structure sorting.
proto.h:
the usual.
(This used to be commit 72a86f514f0c92b69499718e63f5dd73ebece56e)
|
|
(This used to be commit dd6ac9b1eea3b0ace27fbd014b5ad4625c1fdf94)
|
|
Jeremy (jallison@whistle.com)
(This used to be commit e7eb1f044d3101679dc7a118820ea5efe0cd837c)
|
|
- move routines about a bit between smbencrypt.c and smbdes.c. Ensure
that there is no entry point for normal DES operation
- add the following comment:
This code is NOT a complete DES implementation. It implements only
the minimum necessary for SMB authentication, as used by all SMB
products (including every copy of Microsoft Windows95 ever sold)
In particular, it can only do a unchained forward DES pass. This
means it is not possible to use this code for encryption/decryption
of data, instead it is only useful as a "hash" algorithm.
There is no entry point into this code that allows normal DES operation.
I believe this means that this code does not come under ITAR
regulations but this is NOT a legal opinion. If you are concerned
about the applicability of ITAR regulations to this code then you
should confirm it for yourself (and maybe let me know if you come
up with a different answer to the one above)
(This used to be commit 35b92e725f351c9a9f2846a6b55f71c234f187c7)
|
|
I had one of the sbox[] constants wrong, which interestingly gave a
20% chance of the whole algorithm failing.
(This used to be commit 9a42f88a0963d006e8bf091775a3f55f6c6b4f77)
|
|
doesn't have any worries about RSA copyright.
(This used to be commit a1569971663f01c245c145b18290d9dba965dc36)
|
|
1) put the encryption code in by default, with no #ifdef. It is still
disabled by default so you need to add "encrypt passwords = yes" in
smb.conf but at least all binaries will have it.
2) cleanup the kanji code so it compiles with no warnings
3) get rid of lots of uses of ugly non-portable C code. The main
offender being things like "register" but also remove uses of the
"const" keyword as there are compilers out there that don't support it
and even those that do often complain about its usage. Users don't
like warnings :-(
There is still some work to do. We need to replace the md4 code with
our own implementation. The current code (from rfc1186) is PD but is
not very portable. The new RFC (rfc1320) is more portable but adds
copyright restrictions. I'll do a from-scratch MD4 soon.
We also need to test that what I've implemented is portable. It should
be, but I'm too tired right now to test it on anything other than
intel linux.
(This used to be commit db917c62c14315afe6f0745a8097c1bca25cbf07)
|
|
GPLd implementation so I decided to write one.
This version only does DES ecb encryption and isn't very general, so
it may in fact be exempt from ITAR regulations. ITAR regulations do
not prohibit the distribution of code that can be used for
authentication purposes only. This code has no decrypt function so it
would be useless for a normal encryption application and thus may be
ITAR exempt.
It is also very slow, but we don't need it to be fast. It is a literal
implementation from the standard and treats each bit as one byte to
make the code easy to write.
(This used to be commit c2bc073a878179dd56db97c66dc957d42fe0b81b)
|
|
client.c: Fixed silly bugs detected on IRIX.
namedbname.c: Stopped 1d names from being registered in WINS db.
namedbsubnet.c: Only register 1e names on broadcast subnet.
nameelect.c: Changed add_my_name entries. Forced host announces if we
have less than 10 servers listed. Fixed registering 1b
domain name issues.
namepacket.c: Added error message when dgram discarded.
nameserv.c: Added notion of 'direct' names that are not registered on
the network. Needed to get around bugs in earlier nmbd
handling of DOMAIN(1b) names.
nameservreply.c:Tidied up debug message.
nameservresp.c: Added response_name_query_domain() code. Deals with
re-registering DOMAIN(1b) name.
nmbd.c: Fixed silly bugs detected on IRIX.
nmblib.c: Added paranoia debugs.
proto.h: Updated remove_name_entry(), add_my_name_entry().
server.c: Fixed silly bugs detected on IRIX.
trans2.c: Fixed silly bugs detected on IRIX.
uid.c: Fixed silly bugs detected on IRIX.
version.h: Updated to alpha3.
Jeremy (jallison@whistle.com).
(This used to be commit f08222bd8b86a061c52d22015f946a4737eb47fd)
|
|
Wed May 7 1997: Update for 1.9.17alpha1 release - 'browsefix release'
designed to make browsing across subnets work.
byteorder.h: Updated copyright to 1997.
charcnv.c: Updated copyright to 1997.
charset.c Updated copyright to 1997.
charset.h Updated copyright to 1997.
client.c Updated copyright to 1997.
clientutil.c Updated copyright to 1997.
dir.c Updated copyright to 1997.
fault.c Updated copyright to 1997.
includes.h Updated copyright to 1997.
interface.c Updated copyright to 1997.
ipc.c Updated copyright to 1997.
kanji.c Updated copyright to 1997.
kanji.h Updated copyright to 1997.
loadparm.c Updated copyright to 1997.
locking.c Updated copyright to 1997.
mangle.c Updated copyright to 1997.
message.c Updated copyright to 1997.
nameannounce.c
Made use of WINS subnet explicit.
Added reset_announce_timer() so announcement
can be made immediately when we become a master.
Expanded code to do sync with dmb.
namebrowse.c
Removed redundent checks for AM_MASTER in
sync code. Made use of WINS subnet explicit.
namedbname.c Made use of WINS subnet explicit.
namedbresp.c Made use of WINS subnet explicit.
namedbserver.c Made use of WINS subnet explicit.
namedbsubnet.c
Explicitly add workgroup to WINS subnet
when we become a dmb. Made use of WINS subnet explicit.
namedbwork.c
Made use of WINS subnet explicit. Removed
redundent check_work_servertype() function.
nameelect.c
Explicitly add workgroup to WINS subnet
when we become a master browser. Made use of WINS subnet explicit.
namelogon.c Updated copyright to 1997.
namepacket.c Updated copyright to 1997.
namequery.c Updated copyright to 1997.
nameresp.c
Made use of WINS subnet explicit. Made nmbd fail if
configured as master browser and one exists already.
nameserv.c
Made use of WINS subnet explicit. Remove redundent
logon server and domain master code.
nameserv.h Add emumerate subnet macros.
nameservreply.c Made use of WINS subnet explicit.
nameservresp.c Updated copyright to 1997.
namework.c
Made use of WINS subnet explicit. Updated code to
add sync browser entries to add subnet parameter.
nmbd.c
Added sanity check for misconfigured nmbd.
nmblib.c Updated copyright to 1997.
nmblookup.c Updated copyright to 1997.
nmbsync.c
Removed redundent AM_ANY_MASTER check.
params.c Updated copyright to 1997.
password.c Updated copyright to 1997.
pipes.c Updated copyright to 1997.
predict.c Updated copyright to 1997.
printing.c Updated copyright to 1997.
proto.h
Changed protos for new nmbd code.
quotas.c Updated copyright to 1997.
replace.c Updated copyright to 1997.
reply.c Updated copyright to 1997.
server.c Updated copyright to 1997.
shmem.c Updated copyright to 1997.
smb.h Updated copyright to 1997.
smbencrypt.c Updated copyright to 1997.
smbpasswd.c Updated copyright to 1997.
smbrun.c Updated copyright to 1997.
status.c Updated copyright to 1997.
system.c Updated copyright to 1997.
testparm.c Updated copyright to 1997.
testprns.c Updated copyright to 1997.
time.c Updated copyright to 1997.
trans2.c Updated copyright to 1997.
trans2.h Updated copyright to 1997.
uid.c Updated copyright to 1997.
username.c Updated copyright to 1997.
util.c Updated copyright to 1997.
version.h
Changed to 1.9.17alpha1.
(This used to be commit cf23a155a1315f50d488794a2caf88402bf3e3e6)
|
|
jra@cygnus.com
(This used to be commit 4563d978feaed37aab78e62461026a79dbc50249)
|
|
jra@cygnus.com
(This used to be commit 979acbc1096dda3f36f95eaed88de94931cfb164)
|
|
- fixed fault.c for linux 2.1
- put back in the FIND_SELF failing code
- cleaned up casts in encryption
(This used to be commit 3af04f1580b2569c0a4f2549bf6352c7a25afa0d)
|
|
- fixed debug levels for name status parsing
(This used to be commit f2c5f1eab1f3de7a9ae2b7ec4770a5c455dc04e4)
|
|
- change debug level on clitar stuff
- define MAP_FILE if not defined
- ensure we never set authoritative on queries in nmbd
- fake a positive response to SMBioctl, apparently this is needed for
some WfWg printer drivers
- deny file access for non-fcbopen queries when (access_allowed == AREAD && flags == O_RDWR)
- add sys_waitpid()
(This used to be commit 61e3116e573637d6b5a878eeb8db72831e3c5bd1)
|
|
The 1.9.16 tree is now back to 1.9.16p2 as far as nmbd is concerned
apart from a small change that fixes the announce type in two places.
(This used to be commit 45e66a69d320024877c8b13f12b21bf895e04410)
|
|
stuff and also fix a pile of nmbd bugs. Unfortunately I found it very
hard to disentangle the new features from the bug fixes so I am
putting in the new code. I hope this is the last big pile of changes
to the 1.9.16 series!
(This used to be commit 20b6203dac4bbb43e4e7bea0b214496d76d679d9)
|
|
Bressler)
- machten support from Trevor Strohman (trev@figment.tenon.com)
- added qinfo command to client as part of drag-and-drop printer
support for win95 from David Chappell <chappell@mouse.cc.trincoll.edu>
He also added the "printer driver" option
- use sigblock() on more systems and use sigsetmask(0) instead of
sigunblock() as its more portable. This beats a problem with zombies
on heavilily loaded systems.
- added internals.doc written by David Chappell into the source tree
- get rid of PRINT_COMMAND options from local.h as they are no longer
relevent
- new kanji code from Fujita
- don't set the recursion_available flag on queries in nmbd
- fix a potential bug with pointer subtraction in printing.c
- got rid of error_count code as the real fix (the EOF problem) is now
in
(This used to be commit aa6f8b04d125b5bc00f267abf72b800228aabf7d)
|
|
bug spotted in nameservresp.c - arguments to test subnet the response
is received on (same_net()) were the wrong way round (ccm@shentel.net)
samba was adding WORKGROUP(1e) as a unique not a group name: fixed this
bug in reply_name_status() and reply_name_query(): WINS entries weren't
being looked up.
name status reply adds local SELF entries to WINS SELF entries: some
SELF entries are only added locally, while others are only added via
WINS. name status needs to have both, combined.
a sync will only occur when an ANN_LocalMasterAnnouncement is received, NOT
an ANN_HostAnnouncement or an ANN_DomainAnnouncement.
when samba is a member of a workgroup, it looks for (using a wins server)
and announces to its domain master. NAME_QUERY_ANNOUNCE_HOST - yet another
'state' - has been created to do this: do the name query on the wins server
and send the announce host to the answer to this query.
jeremy @ vantive wrote the original code to do this, which used the
name_query() function. i'm trying to avoid name_query: it times out and
generally messes things up, but using queue_netbios_packet() and
queue_netbios_pkt_wins() is... not intuitive?
lkcl with help from jra
(This used to be commit 6e932e4bae8b46e7ff4a55a75484bad78308336a)
|
|
lkcl
(This used to be commit 45d3b2644733333c657c48a69719fec72881f7df)
|
|
prototypes automatically using "make proto". This is much less prone
to error than the old method of manually adding prototypes
(This used to be commit b551dc98f7cc194a5fc2e67a4ebae7fd67a01bbc)
|
|
and Netmask, instead replacing them with calls to routines in
interface.c
- got rid of old MAXINT define
- added code to ensure we only return one entry for each name in the ipc
enum routines
- added new_only option to add_netbios_entry() to prevent overwriting
of important names
- minor time handling fixup
(This used to be commit 7ed71b73ae745da099072eee36fc2700d1d91407)
|
|
- added dir_check_ftype() to clean up the file type checking a bit
- added check for libc version >= 5 for setfsuid() for Linux
- moved the AM_MASTER() and related macros to nameserv.h
- added proper defines for the various netbios announce types
- don't call the announce_backup() code, as I'm pretty sure its wrong
it sent ANN_GetBackupListReq packets as broadcasts, they are supposed
to be used only by clients to the master browser to find a list of
available backup servers to remote a netserverenum to, I don't think
nmbd should ever send one.
- fixed a bug in the browse list writing
- minor debug cleanups
- put in the code to discard our own broadcasts (it won't work for
multi-homed hosts though)
- changed ELECTION_VERSION to 1 so we can be beaten by a NT 3.51 server by
lowering the os level.
- only do sync_browse_lists() if we are the master browser, otherwise
we'll cause network overload
- don't call tell_become_backup() as it appears to be badly broken, it
should only be used when the machine being told has its MAINTAIN_LIST
to to auto. Not calling it does no great harm anyway
- fix a nasty bug where becomebackup was confused with reset browser!
- make setbuffer() not get caught by the auto protototypes
(This used to be commit cfbad9b08242962f41595273de08a7293fe432b1)
|
|
I've now got WINS registration working, and refresh working. Its
looking pretty good so far, but needs lots of testing.
(This used to be commit 045014aa57721b9701ca379bcab055b908773184)
|
|
The biggest thing is the integration of Lukes new nmbd. Its still
largely untested, so we will really need some feedback
I've also added auto prototype generation and cleaned up a lot of
minor things as a result
(This used to be commit 0d8dcfa13c527ec2c8aca39ba49c09e4e694b26c)
|
|
- add faq info on NT printer handling
- add "delete readonly" option to help rcs users
- add stuff to man pages on new printer options
- add "proxy name resolution" option
- add "command string" -c option to smbclient (thanks Ken)
- split time functions into time.c
- rearrange the quotas stuff a bit and fix some bugs
- complete rehash of the time handling code thanks to Paul Eggert
- fix nmblookup output a bit
- add plp print queue parsing from Bertrand Wallrich
(This used to be commit 635b56f19c817527c52e9bbde31faa6a8a47777b)
|
|
(This used to be commit 39fbeb04ae938594c380d97ebe67c012fa0dd51a)
|
|
(This used to be commit 291551d80711daab7b7581720bcd9a08d6096517)
|
