Age | Commit message (Collapse) | Author | Files | Lines |
|
Essentially, multiple session_setup_and_X's may be done
to an smbd. As there is only one global variable containing
the requested connection name (sessionsetup_user), then any
subsequent sessionsetups overwrite this name (causing %U
and %G to get the wrong name). This is particularly common
when an NT client does a null session setup to get a
browse list after the user has connected, but before
a share has been mounted.
These changes store the requested_name in the vuid structure
(so this only really works for user level and above security)
and copies this name back into the global variable before
the standard_sub call.
Jeremy.
(This used to be commit b5187ad6a3b3af9fbbeee8bced0ab16b41e9825b)
|
|
ipc.c: Fix for duplicate printer names being long.
loadparm.c: Set bNetWkstaUserLogon to false by default - new code in password.c
protects us.
nmbd_logonnames.c:
nmbd_namequery.c:
nmbd_namerelease.c: Debug messages fix.
password.c: SGI compile warning fix, fix for tcon() with bNetWkstaUserLogon call.
reply.c: SGI compile warning fix.
server.c Debug messages fix.
smbpass.c: Fix for incorrect pointer.
Jeremy.
(This used to be commit 567d3f838988cafab4770fce1cf68b73085e6c71)
|
|
passwords to be stored over time, allowing a smbpasswd file migration.
Adds new parameter "update encrypted".
Will also add to 1.9.18 branch.
Docs update to follow.
Jeremy.
(This used to be commit 5d3e874d780d595415cc27a7f5945fc2e694c3ac)
|
|
It is changing the global variables "myname" and "myworkgroup"
to "global_myname" and "global_myworkgroup" respectively.
This is to make it very explicit when we are messing
with a global (don't ask - it makes the domain client
code much clearer :-).
Jeremy.
(This used to be commit 866406bfe399cf757c8275093dacd5ce4843afa0)
|
|
(This used to be commit 2e1a08b28c1c0c9ea988a09067cd149926f25c69)
|
|
nmbd.c: Fix for always overwriting log despite append setting.
smb.h: Addition of last time password changed entry to account info.
smbpass.c: Changes to support last time changed field in smbpasswd file.
smbpasswd.c: Changes to support last time changed field in smbpasswd file.
util.c: Fix for always overwriting log despite append setting.
Jeremy.
(This used to be commit eb4fe9ecdf539209efab07dc992447ea7370cf93)
|
|
with gcc. (Not a big change although it looks like it :-).
Jeremy.
(This used to be commit cd2613c57261456485fe4eeecfda209ada70de8e)
|
|
ipc.c: Added Luke's debug statement.
locking_slow.c: Added FTRUNCATE_NEEDS_ROOT code for broken systems that
need it (not sure what these are yet).
membuffer.c ntdomain.h proto.h
lib/rpc/include/rpc_dce.h lib/rpc/include/rpc_srvsvc.h
lib/rpc/parse/parse_prs.c lib/rpc/parse/parse_rpc.c
lib/rpc/server/srv_pipe_hnd.c lib/rpc/server/srv_util.c:
Re-merge of Luke's NTDOM changes 'cos he's a lazy git with
carpel tunnel syndrome :-).
Jeremy.
(This used to be commit 52e3966fbcf7b5fbdbc7cbe9ac0b453ab5bf3217)
|
|
gets an error message it doesn't understand.
Jeremy.
(This used to be commit 838e2fe2f76b20f34309c2322e3bd60817fef1fd)
|
|
parameter which allows the new change password code to change the
unix password also. Defaults to OFF.
includes.h: Added termios.h to FreeBSD to allow password changing.
namequery.c: Fixed missing name parameters to debug statements.
Jeremy.
(This used to be commit 4ac50c0f0aa5af084ddad89b1f9baf6c2c1ddcb8)
|
|
quotas.c: Linux quota fix.
util.c: Ensure smb_read_error is zero in all calls that can set it.
lib/rpc/include/rpc_misc.h lib/rpc/include/rpc_netlogon.h
lib/rpc/parse/parse_misc.c lib/rpc/parse/parse_net.c
lib/rpc/server/srv_netlog.c : Modify Luke's code to call
SamOEMhash().
Jeremy.
(This used to be commit 7f749708383b8b36c3f23a5fbc5cbdf39bc8e555)
|
|
Jeremy.
(This used to be commit e02e3bcbbd4333113dde7bef47763fb229148007)
|
|
all I saw" - the book of Jeremy, chapter 1 :-).
So here is the mega-merge of the NTDOM branch server code.
It doesn't include the new client side pieces, we'll look
at that later.
This should give the same functionality, server wise, as
the NTDOM branch does, only merged into the main branch.
Any fixes to domain controler functionality should be
added to the main branch, not the NTDOM branch.
This code compiles without warnings on gcc2.8, but will
need further testing before we are sure all the working
functionality of the NTDOM server branch has been
correctly carried over.
I hereby declare the server side of the NTDOM branch
dead (and all who sail in her :-).
Jeremy.
(This used to be commit 118ba4d77a33248e762a2cf843fb7cbc906ee6e7)
|
|
This is merely updating the Copyright statements from 1997 to 1998.
It's a once a year thing :-).
NO OTHER CHANGES WERE MADE.
Jeremy.
(This used to be commit b9c16977231efb274e08856f7f3f4408dad6d96c)
|
|
from Max Khon <max@iclub.nsu.ru>.
chgpasswd.c: Allow old RAP change password to work with encrypted
passwords. Samba can now allow Windows 95/NT clients to securely
change the Lanman password ! (But not the NT hash - that gets lost).
ipc.c:
smbdes.c:
smbpass.c: Support for the above.
server.c: #ifdef'ed out fix for NT redirector bug.
util.c: Fix NIS bug with server name.
Jeremy.
(This used to be commit cd9fad92d0316e5a0007ba3c5668906dc2f011f1)
|
|
when NT sends up a mdrcnt of zero.
Jeremy.
(This used to be commit 2a75519b8592948b2f35ecca040bd3f88bf89be5)
|
|
(This used to be commit 0c82d139e3eb20a00016df30f33835ab5150ecea)
|
|
changes to ipc.c to use new printers.def file
(This used to be commit 52e275c4ccc1b7f0c2ef8d12d28065898a1c89c9)
|
|
use the same process_exists() code on all systems (it's probably
faster anyway)
(This used to be commit 901b95aa77ac1ecc45823c23fb4e1d9da8dc8318)
|
|
with local message processing.
reply.c: Added check to reply_lockingX for chain after oplock break.
server.c: Added receive_next_smb().
trans2.c: Changed reply_trans2 to use receive_next_smb() to cope
with local message processing.
(This used to be commit f4ae644e13f2c4479dfc94c77c0a8295edf54086)
|
|
added a #define around the alignment thing: it's a way to stop
NetMonitor from decoding your packets!!!!
proto.h :
usual.
reply.c :
added what i believe to be the correct error messages for getting
correct domain joining.
smb.h :
some guesses at good names of the SAMR_XXXX functions. sorting
out the SAMR_LOOKUP_RIDS function. this is *not* the same as
the LSA_LOOKUP_RIDS function, unless paul accidentally put it
on the ntlsa pipe by mistake, instead of the samr pipe :-)
rpc_pipes/lsa_hnd.c rpc_pipes/pipe_hnd.c :
moved creation and allocation of unique policy handles into this module.
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c rpc_pipes/smbparse.c :
SAMR_LOOKUP_RIDS is beginning to look _suspiciously_ like the
LSA_LOOKUP_RIDS function. but i know that there are subtle
discrepancies.
(This used to be commit 6bc07b0b4193e28b13a675fece8d9d6b365a7eb0)
|
|
luke changed it.
proto.h: The usual.
uid.c: Fix crash bug when attaching with smbclient -mCORE. A vuid
pointer was being used when it was null.
Jeremy.
(This used to be commit ff94f97cf2b0f62cbbddbfd3d126df7f4d649334)
|
|
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
(This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
|
|
pipes array.
(This used to be commit 5335d5cdc4659f4676958f0399e2de29a117c133)
|
|
simply adding pipes.o to SMBDOBJ3.
rpc_pipes/pipe_hnd.c :
created pipe handles module.
pipes.c server.c :
use of pipe_hnd functions in SMBopenX and SMBclose, on the IPC$ pipe.
(This used to be commit ada256b5e3b9fb0db988e3be7d47943e7c19b3fb)
|
|
which are pipes on the IPC$ connection.
created mechanism to record pipe names in a separate pipes_struct. it
is planned to expand this, to return sensible things like interface
structures, and policy handles (RPC_IFACE and LSA_POL_HND). and the like.
(This used to be commit 33cce5fac0e2f818a19a6c4e6a797ef44f3b5c75)
|
|
(This used to be commit c0137cd8fe1362beef9ce879cc558869bdf2edfa)
|
|
response to Bind Acknowledgment needs a lookup table for the PIPE string
(secondary address in RPC_HDR_BA structure).
smbparse.c util.c :
interesting problem, i think caused by us typecasting a uint16* buffer
to char*. found on a SPARC.
(This used to be commit 420408ee83902faa6cf871f26e93ad5efb483727)
|
|
bind ack should contain \PIPE\pipename not just pipename.
ntclientpipe.c :
sanity in bind ack: pipe name checks; transfer syntax checks; reason checks.
(This used to be commit c2e2197e9d87795bda0198247c7bb132fe586fc1)
|
|
(This used to be commit 6b0e51929495582bc48a4d5fba24aa7c1f7caaf6)
|
|
added mode for printing debug array data as chars not uint8/16/32s.
only really useful for (uint8) strings or (uint16) unicode strings
lsaparse.c smbparse.c smb.h :
rpc bind and rpc bind ack structures and parsing and creation functions.
ipc.c pipes.c pipenetlog.c pipentlsa.c pipesrvsvc.c :
using rpc bind / bind ack parsing routines instead of incorrect use of
api_LsarpcTNP1 function.
ntclient.c :
creation of do_rpc_bind() function.
THAT'S IT, FOLKS!
(This used to be commit 21c89e2f17c51939fd6b53dddbe3072419eb0db2)
|
|
New program, make_printerdef, plus two new parameters :
[global] "printer driver file"
[local] "printer driver location"
Jeremy.
(This used to be commit 9a5b42e6b3e7a35d56f81e9428fc747246e2fc5c)
|
|
message should be returned, so i just let it fall through to sending an
"api_unsupported"
(This used to be commit 85d132da6756da0904fe894ea617b84e38e610ff)
|
|
adding bits for new nt domain code
byteorder.h :
trying to get macros right, and not to crash on SUNOS5...
client.c :
added #ifdef NTDOMAIN, and created do_nt_login() function. don't
want to have to recompile client.c unless absolutely necessary.
credentials.c :
moved deal_with_creds() [possibly inappropriately] into credentials.c
ipc.c reply.c server.c uid.c :
attempting to make (un)become_root() functions calleable from smbclient.
this is a little tricky: smbclient might have to be another setuid
root program, immediately setuid'ing to non-root, so that we can
reset-uid to root to get at the smbpasswd file. or, have a secure
pipe mechanism to smbd to grab smbpasswd entries. or the like.
smbdes.c smbencrypt.c :
created a function to generate lm and nt owf hashes.
lsaparse.c ntclient.c smbparse.c :
added nt client LSA_AUTH2 code. it works, too!
pipenetlog.c pipentlsa.c pipesrvsvc.c :
simplification. code-shuffling. getting that damn offset right
for the opcode in RPC_HDR.
smb.h :
changed dcinfo xxx_creds to DOM_CRED structures instead of DOM_CHAL.
we might need to store the server times as well.
proto.h :
the usual.
(This used to be commit 82436a3d99d4bdce249ce9ff27fd2ca4b2447e07)
|
|
added a structure that wraps nt errors as strings and enums, so we
can do a smb_nt_error() function.
Makefile ntclient.c :
added ntclient.c, broken out nt domain stuff into a separate file.
getting fed up of compile-times and size of client.c.
fixed the do_lsa_req_chal() function. made it read the response,
and return the challenge credentials received from the server.
next stop: do_lsa_auth_2().
client.c :
removed nt domain logon functions into a separate file.
pipenetlog.c pipentlsa.c pipesrvsvc.c smbparse.c :
i'd broken the offsets of the RPC_HDR while trying to sort out the
nt client code. fixed it again. added some robustness stuff.
util.c :
the unistrn2() function was null-terminating the string at one
character too many.
(This used to be commit 39cec7f698c4461aee05cfbb213879fbd486117d)
|
|
trying to set up the data parameters etc and not understanding what's going on.
in api_netlogTNP, added smb_io_rpc_hdr() call to decode the header received
(and in this instance, generated by do_lsa_req_chal()). and then noticed
that it's two bytes out. but i don't know how to do "byte parameters"
and it's not the same format as the LSA_REQCHAL received from nt workstations.
agh!
(This used to be commit 0cc8ce43e1d54b44237bb525f4cf6b77e7ca3ced)
|
|
send to \PIPE\ not \PIPE\NETLOGON.
ipc.c :
fstring name not being bzero'd caused problems when calling named_pipe().
(This used to be commit 2393c49b0509b8ce021f0acfba135219cd753cf9)
|
|
added "domain admin users" parameter
added "domain guest users" parameter
these two complement the "domain groups" parameter. the "domain groups"
parameter should be for your own groups, and well-known aliases.
util.c :
added ability to do "domain groups = power_users admin_users backup_ops"
which are well-known RID aliases, not well-known RID groups.
pipenetlog.c :
combine the "domain admin users"; "domain guest users" and "domain groups"
parameters to give an array of RID groups to include in the SAM Logon
response.
ipc.c smb.h :
moved REALLOC() into smb.h
added RID #defines.
proto.h:
usual.
(This used to be commit f2554f231d1f59f30224adcc02b2b3ca4c24e0dd)
|
|
(This used to be commit b22fa0d7e3d1158112e03f93a22232e719fe6003)
|
|
added automount_server() function which, if -DAUTOMOUNT is in use,
returns the server name of the NIS auto.map entry. otherwise,
it returns local_server.
added use of automount_server() for a new substitution %N for NIS
home server. this defaults, via automount_server(), to the same
functionality as %L if -DAUTOMOUNT is not used.
removed vuser->home_share. moved code that grabbed the servername
into the separate function automount_server().
loadparm.c :
created "logon drive" (default of "")
created "logon home" (default of "\\%N\%U")
changed default of "logon path" from NULL to "\\%N\%U\profile".
ipc.c pipenetlog.c :
use lp_logon_drive(), lp_logon_home() and lp_logon_path() in their
now easier-to-use form (don't have to check if *lp_logon_path() and
manually substitute a default of \\%L\%U and do a standard_sub_basic()
on the result, because the default automatically does this.
(This used to be commit c6c28a4c3c9010ff9d5eac4bad091189a786d5a0)
|
|
locking.c: Adding Andrews become_root code to the main branch.
pipes.c: Fixing the close_file issue.
proto.h: The usual.
reply.c: Move smb_pass into NTDOMAIN defined code. Fixing the close_file issue.
server.c: Fixing the close_file issue.
trans2.c: Fixing the close_file issue.
uid.c: Adding Andrews become_root code to the main branch.
Jeremy (jallison@whistle.com)
(This used to be commit 16fd4337f79ce33f91050c96c4a566221c5d9126)
|
|
and NETSERVERGETINFO.
(This used to be commit 96b17b829fc787c15cd366eca604c09d68b5b900)
|
|
ipc.c :
removed srvsvc pipe reference: have to do that.
pipes.c lsaparse.c smbparse.c :
more debugging info. looks a bit like netmon output.
(This used to be commit e02aa88e25ae6d4da7953aaff04ff2ae9a656d05)
|
|
debugging info. found that data = NULL because of short packet length
indicated from the ntlsaRPC pipe _royally_ stuffs NT's packet handling.
maybe this should go down as a service denial bug to the ntbugtraq list.
pipes.c lsaparse.c smbparse.c :
added more debug stuff. added length of header to data_len in MSRPC
fragment_length field (0x18 bytes short) which caused the above bug
from NT 4.0. oops.
(This used to be commit a6f8de6815e0b85bb23b302980730501ac0b87e5)
|
|
#if NTDOMAIN
call to api_netlogRPC
#endif
lsaparse.c :
renamed lsa_io_q_auth2 to lsa_io_q_auth_2.
pipes.c :
added api_lsa_reply_auth_2() and api_netlogRPC.
proto.h :
the usual.
(This used to be commit e2e1979b6215080593728942d414a273505877df)
|
|
in ipc.c iff NTDOMAIN is defined.
(This used to be commit 7bc4c4c27bf18ce3f632d230dc919ea341b5abb0)
|
|
server.c: Allow admin_user on read only shares. I think this is
safe but it needs looking at.
Jeremy (jallison@whistle.com)
(This used to be commit cc50955a2760f1de7e80b91408a7c0806f6eb44c)
|
|
Jeremy (jallison@whistle.com)
(This used to be commit e7eb1f044d3101679dc7a118820ea5efe0cd837c)
|
|
can be used in the logon script parameter definition in the smb.conf
Globals section. This fixes a problem reported by Jacco de Leeuw
where OS/2 does not see the %u variable. Jacco suggested using %U
but we really do want the user for the netlogon share session.
If this does not do the trick - well we eat our hat! Yeh!
(This used to be commit a7716b2e70606e447094509116455ea53fe8bf64)
|
|
1) put the encryption code in by default, with no #ifdef. It is still
disabled by default so you need to add "encrypt passwords = yes" in
smb.conf but at least all binaries will have it.
2) cleanup the kanji code so it compiles with no warnings
3) get rid of lots of uses of ugly non-portable C code. The main
offender being things like "register" but also remove uses of the
"const" keyword as there are compilers out there that don't support it
and even those that do often complain about its usage. Users don't
like warnings :-(
There is still some work to do. We need to replace the md4 code with
our own implementation. The current code (from rfc1186) is PD but is
not very portable. The new RFC (rfc1320) is more portable but adds
copyright restrictions. I'll do a from-scratch MD4 soon.
We also need to test that what I've implemented is portable. It should
be, but I'm too tired right now to test it on anything other than
intel linux.
(This used to be commit db917c62c14315afe6f0745a8097c1bca25cbf07)
|