| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Jeremy.
(This used to be commit 94747b4639ed9b19f7d0fb896e43aa392a84989a)
|
|
this allows users to disable the cross-subnet browse extensions that I
added to Samba a couple of years ago. This may be useful for getting
rid of empty workgroups.
(This used to be commit 978980050e599d3830d0474bc9a8003bfe227719)
|
|
of nmb so we write to same log file that
was originally created as log.nmbd
samba/source/smbd/server.c change remote_machine name to smbd instead
of smb so we write to same log file that
was originally created as log.smbd
samba/source/lib/interface.c allow binding to all interface IP addresses
even if on same subnet. This allows you to
specify which IP's you want in interfaces
line and use bind interfaces only
(This used to be commit 01dfd59712f3730498784d7632da8fe0113d55b6)
|
|
source/smbd/server.c
source/nmbd/nmbd.c
- Fixed a very subtle bug with signals. Seems that POSIX requires
that the signal mask be inhereted. So, if you happen to kick off
smbd/nmbd from code that has the mask set on SIGUSR1, you lose
messages.
(This used to be commit b4c98196fc65e8b3bce928296e854987622eae78)
|
|
Jeremy.
(This used to be commit 580e2e044cfd1d011d9f28f0f49ef60ca6ba8d32)
|
|
easier to add new message types to messages.h without breaking old
binaries
- added a MSG_FORCE_ELECTION message to force nmbd to hold an election
(This used to be commit f1c49ca7ce56bc39259041a71479e84ebf53eeca)
|
|
(This used to be commit 6a503f95b10f6661b089f30f2b5ffebead32685c)
|
|
The motivation for this system is to replace the UDP message for
oplocks, but this commit only does the "set debug level" message.
(This used to be commit 2a34ee95f3929cff131db6c5a2b4820194c05b2d)
|
|
it is now at the stage that winbindd can compile in the head branch,
but not link
(This used to be commit d178c00aae77710ae6ff20a7f54a30e3bd8232bb)
|
|
of doing a system call every time we want to just get our pid.
Jeremy.
(This used to be commit 148628b616b5c29ba6340d65fc3ddbcabba6e67a)
|
|
assumption that we have one socket everywhere
while doing so I discovered a few bugs!
1) the clientgen session retarget code if used from smbd or nmbd would
cause a crash as it called close_sockets() which closed our main
socket! fixed by removing close_sockets() completely - it is unnecessary
2) the caching in client_addr() and client_name() was bogus - it could
easily get fooled and give the wrong result. fixed.
3) the retarget could could recurse, allowing an easy denial of
service attack on nmbd. fixed.
(This used to be commit 5937ab14d222696e40a3fc6f0e6a536f2d7305d3)
|
|
list. This is done by default when interfaces are probed, but if someone
explicitly adds 127.0.0.1 to the interfaces line for smbd, then nmbd would
start to try and register names on it. This was not good :-(.
Jeremy.
(This used to be commit cc3ad825214686ad03dd4176d0c55290d1de6221)
|
|
it clashes with other reload_services definitions.
(This used to be commit affaf9c5411e533a77621574d356e886eea93465)
|
|
reload services can be static
(This used to be commit b13a903720a6ef789ee7d688c05be2e77584580e)
|
|
This fixes our netbios scope handling. We now have a 'netbios scope' option
in smb.conf and the scope option is removed from make_nmb_name()
this was prompted by a bug in our PDC finding code where it didn't append
the scope to the query of the '*' name.
(This used to be commit b563be824b8c3141c49558eced7829b48d4ab26f)
|
|
lp_string() bug properly.
we still need to add lp_talloc_free() calls in all the main event
loops, I've only put it in smbd and nmbd thus far.
(This used to be commit aa7f81552540f5dca2c146f5edd805611d5b390f)
|
|
yamd is much better, and doesn't require any source code changes
if you haven't seen yamd then take a look at
http://www3.hmc.edu/~neldredge/yamd/
its excellent!
(This used to be commit 25b13f8b79d648188036f027f45bc78ec117cc88)
|
|
this means "nmblookup -S" now always works, even with broken servers
the database stores all unexpected replies and these can be accessed
by any client.
while doing this I cleaned up a couple of functions, and put in place
a better trn_id generator. in most places the code got quite a bit
simpler due to the addition of simple helper functions.
I haven't yet put the code in to take advantage of this for pdc
replies - that will be next. Jeremys pdc finding code will then work :)
(This used to be commit 280e6359d36c9bc8dcded302f15c3a1db8e3feeb)
|
|
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
|
|
(This used to be commit ca10eb44909e66a07dc7f88b0a740390f9ec3922)
|
|
(This used to be commit 501617307f3b9bbad76406d00b1bc82f5cb479a6)
|
|
This allows the removal of PASSDB_OBJ, RPC_CLIENT_OBJ and
RPC_PARSE_OBJ from nmbd in the head branch.
so nmbd just went on a diet :)
(This used to be commit be697c9ef00f1b6366228dcdd3983d68158dd94f)
|
|
nmbd and smbd. nmbd is now client: smbd is solely responsible for
creating sam_name.SID
(This used to be commit 50fa4822df679b4d54b5a868179594ec087e811f)
|
|
samr_query_aliasmembers (cool!)
util_pwdb.c sids.c nmbd.c server.c smbpasswd.c swat.c :
pwdb_initialise(BOOL is_server) now creates / reads DOMAIN_NAME.SID
if is_server is True, and does LsaQueryInfoPolicy(levels 3 and 5)
to obtain member and pdc sids.
(This used to be commit 3e1eb4f26b67e484b05e1dde94fd4e4dae982631)
|
|
- split sam_passwd and smb_passwd into separate higher-order function tables
- renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user"
plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd
password databases to fill in the blank entries that are not obtained
from whatever password database API instance is being used.
NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST
be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c
for the only example outside of the password database APIs i could find.
- added query_useraliases code to rpcclient.
- dealt with some nasty interdependencies involving non-smbd programs
and the password database API. this is still not satisfactorily
resolved completelely, but it's the best i can do for now.
- #ifdef'd out some password database options so that people don't
mistakenly set them unless they recompile to _use_ those options.
lots of debugging done, it's still not finished. the unix/NT uid/gid
and user-rid/group-rid issues are better, but not perfect. the "BUILTIN"
domain is still missing: users cannot be added to "BUILTIN" groups yet,
as we only have an "alias" db API and a "group" db API but not "builtin-alias"
db API...
(This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
|
|
the pre-alpha "domain group" etc parameters have disappeared.
- interactive debug detection
- re-added mem_man (andrew's memory management, detects memory corruption)
- american spellings of "initialise" replaced with english spelling of
"initialise".
- started on "lookup_name()" and "lookup_sid()" functions. proper ones.
- moved lots of functions around. created some modules of commonly used
code. e.g the password file locking code, which is used in groupfile.c
and aliasfile.c and smbpass.c
- moved RID_TYPE_MASK up another bit. this is really unfortunate, but
there is no other "fast" way to identify users from groups from aliases.
i do not believe that this code saves us anything (the multipliers)
and puts us at a disadvantage (reduces the useable rid space).
the designers of NT aren't silly: if they can get away with a user-
interface-speed LsaLookupNames / LsaLookupSids, then so can we. i
spoke with isaac at the cifs conference, the only time for example that
they do a security context check is on file create. certainly not on
individual file reads / writes, which would drastically hit their
performance and ours, too.
- renamed myworkgroup to global_sam_name, amongst other things, when used
in the rpc code. there is also a global_member_name, as we are always
responsible for a SAM database, the scope of which is limited by the role
of the machine (e.g if a member of a workgroup, your SAM is for _local_
logins only, and its name is the name of your server. you even still
have a SID. see LsaQueryInfoPolicy, levels 3 and 5).
- updated functionality of groupname.c to be able to cope with names
like DOMAIN\group and SERVER\alias. used this code to be able to
do aliases as well as groups. this code may actually be better
off being used in username mapping, too.
- created a connect to serverlist function in clientgen.c and used it
in password.c
- initialisation in server.c depends on the role of the server. well,
it does now.
- rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
(This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
|
|
nmbd/nmbd.c: Someone (a "yank" no doubt :-) Changed instances of "initialise" to
"initialize". Someone get that man an *English* dictionary.... :-) :-).
Jeremy.
(This used to be commit 6279be7f96802bb132e5e18dd8c6912652296e70)
|
|
(This used to be commit 5e2fc8b7ccf4a9c8b0a2acf4bd752531ac6fa775)
|
|
Added $(PROGS) $(SPROGS) as targets for make clean.
acconfig.h: Added HAVE_IRIX_SPECIFIC_CAPABILITIES.
configure.in: Added sys/capability.h header check.
Added function checks for srandom random srand rand.
Added HAVE_IRIX_SPECIFIC_CAPABILITIES test.
includes.h: Added #include <sys/capability.h>.
ntdomain.h: Moved struct acct_info into here from smb.h
smb.h: Added KERNEL_OPLOCK_CAPABILITY define.
Moved enum action_type into rpcclient.h
Moved struct cli_state into client.h
Moved struct nt_client_info, struct tar_client_info, struct client_info
into rpcclient.h
lib/genrand.c: Changed to use sys_random() & friends.
lib/smbrun.c: Lose capabilities after fork.
lib/system.c: Added set_process_capability(), set_inherited_process_capability()
sys_random(), sys_srandom().
lib/util.c: Added Ander's EFBIG lock check to fcntl_lock for 64 bit access to an
32 bit mounted NFS filesystem.
nmbd/nmbd.c: Changed to use sys_random() & friends.
nmbd/nmbd_browsesync.c: Changed to use sys_random() & friends.
passdb/ldap.c: Missed one pdb_encode_acct_ctrl call.
passdb/passdb.c: Changed to Ander's code for ' ' characters.
passdb/smbpass.c: Added Ander's code to reset ACB_PWNOTREQ.
script/mkproto.awk: Added 'long' to prototypes.
smbd/chgpasswd.c: Lose capabilities after fork.
smbd/open.c: Do the mmap *after* the kernel oplock.
smbd/oplock.c: Removed stub code from kernel oplock path.
Added set_process_capability(), set_inherited_process_capability() calls.
smbd/reply.c: Initialize count = 0, offset = 0.
smbd/server.c: Added set_process_capability(), set_inherited_process_capability() calls.
tests/summary.c: Ensure we have RANDOM or RAND.
utils/smbpasswd.c: Added Ander's code to reset ACB_PWNOTREQ.
utils/torture.c: Changed to use sys_random() & friends.
Jeremy.
(This used to be commit e8be306f23963ac00b1a383ebe0cc1421529fb02)
|
|
(This used to be commit 9a5bdf5c1bef689fe0d6879949df869efbc34783)
|
|
In sig_term() we were calling wins_write_database(0) which would fork a
child. This child might then get killed by the same process killing
off the parent. That process would then fork another child etc.
The solution is to pass a "background" flag to wins_write_database(0)
and only fork if this is set.
(This used to be commit 1e1a512e3ff59f962fb3de382f671618bed60839)
|
|
Chris -)-----
(This used to be commit ac13c29d46f564fc340b652b4b71dfa92e4b5b16)
|
|
always. Don't even install a handler.
(This used to be commit 72c383f4b7bcce5374632dc972df16ab0e2542b9)
|
|
amount of network traffic grows as the square of the number of
workgroups. It probably wouldn't have caused problems but to be safe I
changed the code to use random() to decrease the probability of a
DMB<->DMB sync in proportion to the number of known workgroups. This
keeps the nice browse connectivity while making the traffic rise only
linearly with the number of workgroups.
(This used to be commit 685f4ef2e1f83ab39e91229cf53a61eecb6181eb)
|
|
(This used to be commit 3eade55dc7c842bdc50205c330802d211fae54d3)
|
|
to work (not a lot of testing yet though).
Now we just need to deal with people worried about having more than
two nmbd processes sometimes. (the async processes are created on
demand for browse sync, so you'll only see more than 2 occasionally)
(This used to be commit a350a54680e4170e2adf571b010ea508e7291780)
|
|
(This used to be commit f18b4e95bffb25fa016dd6e7f9a128a9fc69466f)
|
|
default to overwrite and smbd would default to append. Also, the -a option
(actually a toggle, such that "-a -a" would set the default) was documented
as append mode for nmbd, and *overwrite mode* for smbd.
nmbd now defaults to append mode, to match smbd. The -a option now always
means append, and I've added the -o option to both, meaning overwrite.
Note that the change to nmbd's default behavior may confuse some people.
I've not seen anything about 2.0.0 changes in the WHATSNEW.txt file.
Where would I document a change like this?
Chris -)-----
(This used to be commit b1d374fb14b1fb92a84260f1dcc59a39a4b99a3d)
|
|
configure.in: Source for header changes.
client/clitar.c: Fixed isXXX macros & debugs for gcc pedantic compile.
include/config.h.in: Added MEMSET, BZERO, MEMORY, RPCSVC_YPCLNT, STRINGS headers.
include/includes.h: Headers for the above.
include/smb.h: Made SIGNAL_CAST POSIX by default void (*)(int).
lib/access.c: Fixed isXXX macros & debugs for gcc pedantic compile.
lib/charset.c: Fixed isXXX macros & debugs for gcc pedantic compile.
lib/debug.c: Fixed signal functs.
lib/kanji.c: Fixed isXXX macros & debugs for gcc pedantic compile.
lib/smbrun.c: Fixed isXXX macros & debugs for gcc pedantic compile.
lib/util.c: Fixed isXXX macros & debugs for gcc pedantic compile.
libsmb/namequery.c: Fixed isXXX macros & debugs for gcc pedantic compile.
locking/shmem.c: Fixed isXXX macros & debugs for gcc pedantic compile.
locking/shmem_sysv.c: Fixed error messages in sysV stuff.
nmbd/asyncdns.c: Fixed signal functs.
nmbd/nmbd.c: Fixed isXXX macros & debugs for gcc pedantic compile.
passdb/passdb.c: Fixed isXXX macros & debugs for gcc pedantic compile.
passdb/smbpassfile.c: Fixed isXXX macros & debugs for gcc pedantic compile.
smbd/chgpasswd.c: Fixed isXXX macros & debugs for gcc pedantic compile.
smbd/ipc.c: Fixed isXXX macros & debugs for gcc pedantic compile.
smbd/nttrans.c: Fixed fsp code path.
smbd/password.c: fixed HAVE_YP_GET_DEFAULT_DOMAIN problem.
smbd/printing.c: Fixed isXXX macros & debugs for gcc pedantic compile.
smbd/reply.c: Fixed isXXX macros & debugs for gcc pedantic compile.
smbd/server.c: Fixed isXXX macros & debugs for gcc pedantic compile.
smbd/trans2.c: Fixed core dump bug.
smbd/uid.c: Fixed isXXX macros & debugs for gcc pedantic compile.
Jeremy.
(This used to be commit 1b9cbcd02e575dc0a95fa589f720df30a4acc46b)
|
|
Connections[] is now a local array in server.c
I might have broken something with this change. In particular the
oplock code is suspect and some .dll files aren't being oplocked when
I expected them to be. I'll look at it after I've got some sleep.
(This used to be commit c7ee025ead4a85b6fa44a832047b878451845fb6)
|
|
message *but the daemon would start anyway*. I've added a call to exit()
in the default: case of the option processing loop.
Chris -)-----
(This used to be commit c69727bd29c0bf1cded0db84602e791304691e2e)
|
|
so that we wouldn't get too many timestamps.
Chris -)-----
(This used to be commit 3e7e5fad378cf144927d9f2ffc82f80e150d44ab)
|
|
timestamps from several DEBUG messages. The timestamps are redundant now
that DEBUG() provides them automatically.
There are still a few more files to do, but I've got to get home for dinner.
Chris -)-----
(This used to be commit 60286ccecaa6028d687e6406755016455e3b3a26)
|
|
(This used to be commit 3bda7ac417107a7b01d91805ca71c4330657ed21)
|
|
Jeremy.
(This used to be commit 2f9f0a88e8220575edb43a9945d0b60829efa840)
|
|
It removed all ocurrences of the following functions :
sprintf
strcpy
strcat
The replacements are slprintf, safe_strcpy and safe_strcat.
It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.
Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.
Jeremy.
(This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)
|
|
everywhere. I've implemented slprintf() as a bounds checked sprintf()
using mprotect() and a non-writeable page.
This should prevent any sprintf based security holes.
(This used to be commit ee09e9dadb69aaba5a751dd20ccc6d587d841bd6)
|
|
It is changing the global variables "myname" and "myworkgroup"
to "global_myname" and "global_myworkgroup" respectively.
This is to make it very explicit when we are messing
with a global (don't ask - it makes the domain client
code much clearer :-).
Jeremy.
(This used to be commit 866406bfe399cf757c8275093dacd5ce4843afa0)
|
|
nmbd.c: Fix for always overwriting log despite append setting.
smb.h: Addition of last time password changed entry to account info.
smbpass.c: Changes to support last time changed field in smbpasswd file.
smbpasswd.c: Changes to support last time changed field in smbpasswd file.
util.c: Fix for always overwriting log despite append setting.
Jeremy.
(This used to be commit eb4fe9ecdf539209efab07dc992447ea7370cf93)
|
|
with gcc. (Not a big change although it looks like it :-).
Jeremy.
(This used to be commit cd2613c57261456485fe4eeecfda209ada70de8e)
|
