summaryrefslogtreecommitdiff
path: root/source3/smbd/process.c
AgeCommit message (Collapse)AuthorFilesLines
2001-11-27don't try to auto-change the trust password unless we are in domainAndrew Tridgell1-1/+4
security (This used to be commit 00e4f0c803c6376387c31efd01cf3437c589da9d)
2001-11-26challange -> challengeTim Potter1-4/+4
(This used to be commit d6318add27f6bca5be00cbedf2226b642341297a)
2001-11-24This is another rather major change to the samba authenticaionAndrew Bartlett1-13/+17
subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett (This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
2001-11-05Don't put a \n on the end of the arg to exit_server()Tim Potter1-1/+1
(This used to be commit dfb8566220c3e90ca2b757ea124f53aed103269e)
2001-10-20Converted a bunch of 0x85 constants to SMBkeepalive.Tim Potter1-2/+2
(This used to be commit b16a15a13ed7d267c6366abaeeb3ccafa5776f5e)
2001-10-19Restored old Bmpx code - actually used by OS/2.Jeremy Allison1-4/+4
Jeremy. (This used to be commit 7c1688fd67c1bda1477aaf870371c825280db870)
2001-10-18Merge the become_XXX -> change_to_XXX fixes from 2.2.2 to HEAD.Jeremy Allison1-6/+6
Ensure make_conection() can only be called as root. Jeremy. (This used to be commit 8d23a7441b4687458ee021bfe8880558506eddba)
2001-10-17added basic NTLMSSP support in smbd. This is still quite rough, andAndrew Tridgell1-19/+18
loses things like username mapping. I wanted to get this in then discuss it a bit to see how we want to split up the existing session setup code (This used to be commit b74fda69bf23207c26d8b2af23910d8f2eb89875)
2001-10-17Fixed inconsistent definitions of InBuf/OutBuf/last_char.Jeremy Allison1-3/+0
Noticed by albert chin (china@thewrittenword.com) . Jeremy. (This used to be commit f5781f11eb924bdf32d20819c58a782493f4b239)
2001-10-11Fixed bug when status=no and max smbd processes > 0.Jeremy Allison1-0/+6
Jeremy. (This used to be commit d1adaee373f08020d350af2aa65b7651da94bdae)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-2/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-17move to SAFE_FREE()Simo Sorce1-3/+3
(This used to be commit a95943fde0ad89ae3f2deca2f7ba9cb5ab612b74)
2001-09-10Fix for second logic bug when handing oplock breaks and client messagesJeremy Allison1-1/+11
simultaneously. Jeremy. (This used to be commit 227325b2d63dad55cbcda9608fba676fb6ce5584)
2001-09-05Fix I think for the fcntl spinning problem. Re-prioritize soJeremy Allison1-1/+7
that oplock break messages get priority over incoming client messages. Jeremy. (This used to be commit 1779f6a223dad87c3b8451d09b9808b46495a8b6)
2001-08-27converted smbd to use NTSTATUS by defaultAndrew Tridgell1-9/+9
major changes include: - added NSTATUS type - added automatic mapping between dos and nt error codes - changed all ERROR() calls to ERROR_DOS() and many to ERROR_NT() these calls auto-translate to the client error code system - got rid of the cached error code and the writebmpx code We eventually will need to also: - get rid of BOOL, so we don't lose error info - replace all ERROR_DOS() calls with ERROR_NT() calls but that is too much for one night (This used to be commit 83d9896c1ea8be796192b51a4678c2a3b87f7518)
2001-08-22force checking of log size after 200 smbd in a row or after 30 sec with noHerb Lewis1-2/+3
smbds. This should fix one case of logs not getting rotated properly. We may need to test this to make sure there is no big performance hit from the extra stat call. (This used to be commit 2501fe7c0436fc00f35271e2dce17fe541e97424)
2001-08-09Fix inspired by Don @ HP. Close down password server connection if keepaliveJeremy Allison1-1/+4
fails. Jeremy. (This used to be commit 1f6e3d18cdf460eb2569b737813f94d22680553e)
2001-07-02Fixed the nastiest locking bug to track down.... smb_pids are sent in theJeremy Allison1-1/+1
lockingX calls - use that instead of smb_pid in the packet. Jeremy. (This used to be commit a3925cb9c6303ce24e5fecad6c8f3a0ba78b9ee0)
2001-06-25fixed usage of socklen_t and also tidied up SIG_ATOMIC_T, using a typedef ↵Andrew Tridgell1-1/+1
instead of a define (This used to be commit e2ecff419fdc0a0dc7551b33b377dc11061ef2a3)
2001-06-22Fixed logic bug in timeout processing spotted by Ying Chen ↵Jeremy Allison1-1/+1
<ying@almaden.ibm.com>. Jeremy. (This used to be commit 08c168242364bf4d415f49d134e507a7e234611b)
2001-06-20added a close-share smbcontrol message that forcibly closes a share in smbd ↵Andrew Tridgell1-0/+9
(to allow unmount) (This used to be commit 15b17a80db605a55f667c95fb7e316877a441887)
2001-06-09*Wonderful* patch from Andrew Bartlett that will help ensure tdb's areJeremy Allison1-2/+3
cleaned on clients abending connections. Thanks Andrew ! Jeremy. (This used to be commit 1b3977c5367a0b713b194f369abd9872ae01ac2a)
2001-05-25Added tdb_change_int_atomic() to allow atomic updates of a tdb int value.Jeremy Allison1-6/+6
Jeremy. (This used to be commit cf5015f15935605cf69078bc15251db61ddc48c7)
2001-05-24Fixup the large_writex problem (a large_writex can send a full 64k of data,Jeremy Allison1-3/+3
we already have space for this we just need to understand the length correctly). Jeremy. (This used to be commit 19145bae720bbcc32dcab380c62a33d1f0e3eef0)
2001-04-08Got "medieval on our ass" about adding the -1 to slprintf.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 94747b4639ed9b19f7d0fb896e43aa392a84989a)
2001-03-13this patch does a number of things:Andrew Tridgell1-4/+2
- removes SMB_ALIGNMENT. That macro caused all sorts of problems with getting unicode aligned right in sub-protocols (such as SMBtrans and SMBtrans2). I believe the performance reasons for having SMB_ALIGNMENT has gone away with the new variants of the SMB protocol anyway, as newer commands tend to have their own internal alignment. - fix the locations where we set smb_flg2 to absolute values. We must never do this if we want a hope of coping with unicode. - add initial support for unicode on the wire in smbd. Currently enabled using SMBD_USE_UNICODE environment variable. (This used to be commit b98b1435e9d8f8622444c9ff33082977e661f16b)
2001-03-11Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMRJeremy Allison1-3/+0
RPC code to merge with new passdb code. Currently rpcclient doesn't compile. I'm working on it... Jeremy. (This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
2001-02-27Added total memory allocated counter to talloc, so we can tell if a tallocJeremy Allison1-1/+1
pool is getting bloated. Also added a talloc_zero function to return zeroed memory. Added debug in rpc_server/srv_pipe_hnd.c so we know when a talloc pool is being freed. Syncup with srv_pipe_hnd.c from 2.2 so we are freeing memory at the same time. Jeremy. (This used to be commit d3a56c6042acf037bbd53de88d7636a5803ead20)
2001-02-12Merge of JohnR's changes to appliance-head, JF's changes to 2.2,Jeremy Allison1-2/+27
updated the POSIX_ACL code to be in sync. Jeremy. (This used to be commit c0517d6f4e3079feca1309fd1ea7b21e83f0de02)
2001-01-24smbd/process.c: & type with 0xff for paranioa sake...Jeremy Allison1-0/+2
smbd/reply.c smbd/service.c: cause all "add home service" calls to go through a winbindd aware function. Jeremy. (This used to be commit a72d12e992e2755e925032aef1aa99be74bf6652)
2001-01-24smbd/lanman.c: Fix for calling qsort with 0 number.Jeremy Allison1-195/+330
smbd/nttrans.c: Realloc mem fixes based on those that went into trans2.c smbd/process.c: Move to a table based dispatch, based on a comment from Andrew about Antons work. Jeremy. (This used to be commit a958f7822e095367efb8749b6f1f2e110ffb8866)
2001-01-23include/vfs.h:Jeremy Allison1-3/+3
smbd/vfs-wrap.c: smbd/vfs.c: Added fchmod_acl and chmod_acl. lib/substitute.c: smbd/lanman.c: smbd/open.c: smbd/process.c: smbd/reply.c: smbd/service.c: Removed sessetup_user variable. Added current_user_info struct which conatins domain info etc. Added '%D' for client domain parameter. Jeremy. (This used to be commit 2844ec3d511680609d6794b8718001a1bda9e89f)
2000-11-21Fix for updating of print queues changed from a local box. Essentially,Jeremy Allison1-4/+9
this makes sure that the change messages sent to ourselves are handled synchronously w.r.t. other smb packets incoming. Jeremy. (This used to be commit 78a13074455618308d048d1c69f62e660988eb90)
2000-10-12use macros for incrementing profile countersHerb Lewis1-3/+1
(This used to be commit cae5eeb16e81b6aa95c68223268513c32aed7056)
2000-10-11Remove lpq as root fix - do this in print_job_start insteadJeremy Allison1-6/+0
as part of print queue length processing. Jeremy. (This used to be commit e85a0fadd8dcf608822819f00f15569713518806)
2000-10-10Fixes to periodically scan printing.tdb in idle time and occasionallyJeremy Allison1-0/+6
on exit. Needed to fix printing.tdb from groving to 300Mb+ if being driven by smbclient clients that never ask for status... (effective DOS attack :-). Jeremy. (This used to be commit 6581066b93a674fadf6f9b92441428d2cc8b4a02)
2000-09-11the first cut of the internal messaging system.Andrew Tridgell1-0/+3
The motivation for this system is to replace the UDP message for oplocks, but this commit only does the "set debug level" message. (This used to be commit 2a34ee95f3929cff131db6c5a2b4820194c05b2d)
2000-08-02Started to canonicalize our handling of uid -> sid code in order toJeremy Allison1-2/+1
get ready and fix se_access_check(). Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid() functions that look via winbind first the fall back on local lookup. All Samba should use these rather than trying to call winbindd code directly. Added NT_USER_TOKEN struct in user_struct, contains list of NT sids associated with this user. se_access_check() should use this (cached) value rather than attempting to do the same thing itself when given a uid/gid pair. More work needs to be done to preserve these things accross security context changes (especially with the tricky pipe problem) but I'm beginning to see how this will be done..... probably by registering a new vuid for an authenticated RPC pipe and not treating the pipe calls specially. More thoughts needed - but we're almost there... Jeremy. (This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8)
2000-07-27Ok - this is a *BIG* change - but it fixes the problems with static stringsJeremy Allison1-0/+1
in the RPC code. This change was prompted by trying to save a long (>256) character comment in the printer properties page. The new system associates a TALLOC_CTX with the pipe struct, and frees the pool on return of a complete PDU. A global TALLOC_CTX is used for the odd buffer allocated in the BUFFERxx code, and is freed in the main loop. This code works with insure, and seems to be free of memory leaks and crashes (so far) but there are probably the occasional problem with code that uses UNISTRxx structs on the stack and expects them to contain storage without doing a init_unistrXX(). This means that rpcclient will probably be horribly broken. A TALLOC_CTX also needed associating with the struct cli_state also, to make the prs_xx code there work. The main interface change is the addition of a TALLOC_CTX to the prs_init calls - used for dynamic allocation in the prs_XXX calls. Now this is in place it should make dynamic allocation of all RPC memory on unmarshall *much* easier to fix. Jeremy. (This used to be commit 0ff2ce543ee54f7364e6d839db6d06e7ef1edcf4)
2000-06-14allow the notify implementation to choose the select timeout changeAndrew Tridgell1-11/+11
(This used to be commit b1441d9622609af5ef598c5e1e1f5af438dc0731)
2000-06-12totally rewrote the async signal, notification and oplock notificationAndrew Tridgell1-133/+120
handling in Samba. This was needed due to several limitations and races in the previous code - as a side effect the new code is much cleaner :) in summary: - changed sys_select() to avoid a signal/select race condition. It is a rare race but once we have signals doing notification and oplocks it is important. - changed our main processing loop to take advantage of the new sys_select semantics - split the notify code into implementaion dependent and general parts. Added the following structure that defines an implementation: struct cnotify_fns { void * (*register_notify)(connection_struct *conn, char *path, uint32 flags); BOOL (*check_notify)(connection_struct *conn, uint16 vuid, char *path, uint32 flags, void *data, time_t t); void (*remove_notify)(void *data); }; then I wrote two implementations, one using hash/poll (like our old code) and the other using the new Linux kernel change notify. It should be easy to add other change notify implementations by creating a sructure of the above type. - fixed a bug in change notify where we were returning the wrong error code. - rewrote the core change notify code to be much simpler - moved to real-time signals for leases and change notify Amazingly, it all seems to work. I was very surprised! (This used to be commit 44766c39e0027c762bee8b33b12c621c109a3267)
2000-06-11Linux kernel oplocks now seem to work, but need a _lot_ of testingAndrew Tridgell1-51/+56
I had to modify sys_select() to not loop on EINTR. I added a wrapper called sys_select_intr() which gives the old behaviour. (This used to be commit b28cc4163bc2faaa80c5782fc02c8f03c410cdeb)
2000-06-03moved secrets fns into secrets.cAndrew Tridgell1-1/+1
(This used to be commit f890bcf06786e7c63bf76fad2fd46d287a99a270)
2000-05-28debug output to /tmp.Luke Leighton1-1/+1
(This used to be commit f9077e50cba5c7c3e6cf7739888120d8cc757c7c)
2000-05-27prs_give_memory in wrong place, also poss. was losing mem.Luke Leighton1-0/+27
(This used to be commit 9805e17cd0ce427c329a8b5a8318d5f75227e283)
2000-05-15passdb/secrets.c: Fix typo in comment.Jeremy Allison1-5/+0
rpc_server/srv_pipe.c: Use accessor functions rather than diddling with structure internals directly. smbd/process.c: smbd/reply.c: Remove READ_PREDICTION #ifdefs. Jeremy. (This used to be commit eba825ff030a175bd271caa6f543379dfdbbd646)
2000-05-10check for sighup on each packet - otherwise it can take a _long_ timeAndrew Tridgell1-0/+12
to reload services (This used to be commit 0fb4ba4e037f25b8b75bcae0ecb1d9b43f0f9e5f)
2000-05-10more merging voodooAndrew Tridgell1-0/+3
this adds "#define OLD_NTDOMAIN 1" in lots of places. Don't panic - this isn't permanent, it should go after another few merge steps have been done (This used to be commit 92109d7b3c06f240452d39f669ecb8c9c86ab610)
2000-05-08added secrets.tdb and changed storage of trust account password to useAndrew Tridgell1-10/+1
it (This used to be commit 88ad00b82acc4636ab57dfe710af08ea85b82ff1)
2000-05-02split the username in the vuser structure into a separateAndrew Tridgell1-1/+1
userdom_struct. As the name implies this also contains a domain (unused at the moment). This will be important shortly, as operation in appliance mode needs the domain to be always carried with the username. (This used to be commit ee8546342d5be90e730372b985710d764564b124)