Age | Commit message (Collapse) | Author | Files | Lines |
|
security
(This used to be commit 00e4f0c803c6376387c31efd01cf3437c589da9d)
|
|
(This used to be commit d6318add27f6bca5be00cbedf2226b642341297a)
|
|
subystem.
The particular aim is to modularized the interface - so that we
can have arbitrary password back-ends.
This code adds one such back-end, a 'winbind' module to authenticate
against the winbind_auth_crap functionality. While fully-functional
this code is mainly useful as a demonstration, because we don't get
back the info3 as we would for direct ntdomain authentication.
This commit introduced the new 'auth methods' parameter, in the
spirit of the 'auth order' discussed on the lists. It is renamed
because not all the methods may be consulted, even if previous
methods fail - they may not have a suitable challenge for example.
Also, we have a 'local' authentication method, for old-style
'unix if plaintext, sam if encrypted' authentication and a
'guest' module to handle guest logins in a single place.
While this current design is not ideal, I feel that it does
provide a better infrastructure than the current design, and can
be built upon.
The following parameters have changed:
- use rhosts =
This has been replaced by the 'rhosts' authentication method,
and can be specified like 'auth methods = guest rhosts'
- hosts equiv =
This needs both this parameter and an 'auth methods' entry
to be effective. (auth methods = guest hostsequiv ....)
- plaintext to smbpasswd =
This is replaced by specifying 'sam' rather than 'local'
in the auth methods.
The security = parameter is unchanged, and now provides defaults
for the 'auth methods' parameter.
The available auth methods are:
guest
rhosts
hostsequiv
sam (passdb direct hash access)
unix (PAM, crypt() etc)
local (the combination of the above, based on encryption)
smbserver (old security=server)
ntdomain (old security=domain)
winbind (use winbind to cache DC connections)
Assistance in testing, or the production of new and interesting
authentication modules is always appreciated.
Andrew Bartlett
(This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
|
|
(This used to be commit dfb8566220c3e90ca2b757ea124f53aed103269e)
|
|
(This used to be commit b16a15a13ed7d267c6366abaeeb3ccafa5776f5e)
|
|
Jeremy.
(This used to be commit 7c1688fd67c1bda1477aaf870371c825280db870)
|
|
Ensure make_conection() can only be called as root.
Jeremy.
(This used to be commit 8d23a7441b4687458ee021bfe8880558506eddba)
|
|
loses things like username mapping. I wanted to get this in then
discuss it a bit to see how we want to split up the existing
session setup code
(This used to be commit b74fda69bf23207c26d8b2af23910d8f2eb89875)
|
|
Noticed by albert chin (china@thewrittenword.com) .
Jeremy.
(This used to be commit f5781f11eb924bdf32d20819c58a782493f4b239)
|
|
Jeremy.
(This used to be commit d1adaee373f08020d350af2aa65b7651da94bdae)
|
|
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
|
|
(This used to be commit a95943fde0ad89ae3f2deca2f7ba9cb5ab612b74)
|
|
simultaneously.
Jeremy.
(This used to be commit 227325b2d63dad55cbcda9608fba676fb6ce5584)
|
|
that oplock break messages get priority over incoming client messages.
Jeremy.
(This used to be commit 1779f6a223dad87c3b8451d09b9808b46495a8b6)
|
|
major changes include:
- added NSTATUS type
- added automatic mapping between dos and nt error codes
- changed all ERROR() calls to ERROR_DOS() and many to ERROR_NT()
these calls auto-translate to the client error code system
- got rid of the cached error code and the writebmpx code
We eventually will need to also:
- get rid of BOOL, so we don't lose error info
- replace all ERROR_DOS() calls with ERROR_NT() calls
but that is too much for one night
(This used to be commit 83d9896c1ea8be796192b51a4678c2a3b87f7518)
|
|
smbds. This should fix one case of logs not getting rotated properly.
We may need to test this to make sure there is no big performance hit from
the extra stat call.
(This used to be commit 2501fe7c0436fc00f35271e2dce17fe541e97424)
|
|
fails.
Jeremy.
(This used to be commit 1f6e3d18cdf460eb2569b737813f94d22680553e)
|
|
lockingX calls - use that instead of smb_pid in the packet.
Jeremy.
(This used to be commit a3925cb9c6303ce24e5fecad6c8f3a0ba78b9ee0)
|
|
instead of a define
(This used to be commit e2ecff419fdc0a0dc7551b33b377dc11061ef2a3)
|
|
<ying@almaden.ibm.com>.
Jeremy.
(This used to be commit 08c168242364bf4d415f49d134e507a7e234611b)
|
|
(to allow unmount)
(This used to be commit 15b17a80db605a55f667c95fb7e316877a441887)
|
|
cleaned on clients abending connections. Thanks Andrew !
Jeremy.
(This used to be commit 1b3977c5367a0b713b194f369abd9872ae01ac2a)
|
|
Jeremy.
(This used to be commit cf5015f15935605cf69078bc15251db61ddc48c7)
|
|
we already have space for this we just need to understand the length correctly).
Jeremy.
(This used to be commit 19145bae720bbcc32dcab380c62a33d1f0e3eef0)
|
|
Jeremy.
(This used to be commit 94747b4639ed9b19f7d0fb896e43aa392a84989a)
|
|
- removes SMB_ALIGNMENT. That macro caused all sorts of problems with
getting unicode aligned right in sub-protocols (such as SMBtrans and
SMBtrans2). I believe the performance reasons for having
SMB_ALIGNMENT has gone away with the new variants of the SMB
protocol anyway, as newer commands tend to have their own internal
alignment.
- fix the locations where we set smb_flg2 to absolute values. We must
never do this if we want a hope of coping with unicode.
- add initial support for unicode on the wire in smbd. Currently
enabled using SMBD_USE_UNICODE environment variable.
(This used to be commit b98b1435e9d8f8622444c9ff33082977e661f16b)
|
|
RPC code to merge with new passdb code.
Currently rpcclient doesn't compile. I'm working on it...
Jeremy.
(This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
|
|
pool is getting bloated. Also added a talloc_zero function to return zeroed memory.
Added debug in rpc_server/srv_pipe_hnd.c so we know when a talloc pool is being
freed. Syncup with srv_pipe_hnd.c from 2.2 so we are freeing memory at the same time.
Jeremy.
(This used to be commit d3a56c6042acf037bbd53de88d7636a5803ead20)
|
|
updated the POSIX_ACL code to be in sync.
Jeremy.
(This used to be commit c0517d6f4e3079feca1309fd1ea7b21e83f0de02)
|
|
smbd/reply.c smbd/service.c: cause all "add home service" calls to go through a
winbindd aware function.
Jeremy.
(This used to be commit a72d12e992e2755e925032aef1aa99be74bf6652)
|
|
smbd/nttrans.c: Realloc mem fixes based on those that went into trans2.c
smbd/process.c: Move to a table based dispatch, based on a comment from Andrew
about Antons work.
Jeremy.
(This used to be commit a958f7822e095367efb8749b6f1f2e110ffb8866)
|
|
smbd/vfs-wrap.c:
smbd/vfs.c: Added fchmod_acl and chmod_acl.
lib/substitute.c:
smbd/lanman.c:
smbd/open.c:
smbd/process.c:
smbd/reply.c:
smbd/service.c: Removed sessetup_user variable. Added current_user_info struct
which conatins domain info etc. Added '%D' for client domain parameter.
Jeremy.
(This used to be commit 2844ec3d511680609d6794b8718001a1bda9e89f)
|
|
this makes sure that the change messages sent to ourselves are handled
synchronously w.r.t. other smb packets incoming.
Jeremy.
(This used to be commit 78a13074455618308d048d1c69f62e660988eb90)
|
|
(This used to be commit cae5eeb16e81b6aa95c68223268513c32aed7056)
|
|
as part of print queue length processing.
Jeremy.
(This used to be commit e85a0fadd8dcf608822819f00f15569713518806)
|
|
on exit. Needed to fix printing.tdb from groving to 300Mb+ if being
driven by smbclient clients that never ask for status... (effective
DOS attack :-).
Jeremy.
(This used to be commit 6581066b93a674fadf6f9b92441428d2cc8b4a02)
|
|
The motivation for this system is to replace the UDP message for
oplocks, but this commit only does the "set debug level" message.
(This used to be commit 2a34ee95f3929cff131db6c5a2b4820194c05b2d)
|
|
get ready and fix se_access_check().
Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid()
functions that look via winbind first the fall back on local lookup.
All Samba should use these rather than trying to call winbindd code
directly.
Added NT_USER_TOKEN struct in user_struct, contains list of NT sids
associated with this user.
se_access_check() should use this (cached) value rather than attempting
to do the same thing itself when given a uid/gid pair.
More work needs to be done to preserve these things accross security
context changes (especially with the tricky pipe problem) but I'm
beginning to see how this will be done..... probably by registering
a new vuid for an authenticated RPC pipe and not treating the
pipe calls specially.
More thoughts needed - but we're almost there...
Jeremy.
(This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8)
|
|
in the RPC code. This change was prompted by trying to save a long (>256)
character comment in the printer properties page.
The new system associates a TALLOC_CTX with the pipe struct, and frees
the pool on return of a complete PDU.
A global TALLOC_CTX is used for the odd buffer allocated in the BUFFERxx
code, and is freed in the main loop.
This code works with insure, and seems to be free of memory leaks and
crashes (so far) but there are probably the occasional problem with
code that uses UNISTRxx structs on the stack and expects them to contain
storage without doing a init_unistrXX().
This means that rpcclient will probably be horribly broken.
A TALLOC_CTX also needed associating with the struct cli_state also,
to make the prs_xx code there work.
The main interface change is the addition of a TALLOC_CTX to the
prs_init calls - used for dynamic allocation in the prs_XXX calls.
Now this is in place it should make dynamic allocation of all RPC
memory on unmarshall *much* easier to fix.
Jeremy.
(This used to be commit 0ff2ce543ee54f7364e6d839db6d06e7ef1edcf4)
|
|
(This used to be commit b1441d9622609af5ef598c5e1e1f5af438dc0731)
|
|
handling in Samba. This was needed due to several limitations and
races in the previous code - as a side effect the new code is much
cleaner :)
in summary:
- changed sys_select() to avoid a signal/select race condition. It is a
rare race but once we have signals doing notification and oplocks it
is important.
- changed our main processing loop to take advantage of the new
sys_select semantics
- split the notify code into implementaion dependent and general
parts. Added the following structure that defines an implementation:
struct cnotify_fns {
void * (*register_notify)(connection_struct *conn, char *path, uint32 flags);
BOOL (*check_notify)(connection_struct *conn, uint16 vuid, char *path, uint32 flags, void *data, time_t t);
void (*remove_notify)(void *data);
};
then I wrote two implementations, one using hash/poll (like our old
code) and the other using the new Linux kernel change notify. It
should be easy to add other change notify implementations by creating
a sructure of the above type.
- fixed a bug in change notify where we were returning the wrong error
code.
- rewrote the core change notify code to be much simpler
- moved to real-time signals for leases and change notify
Amazingly, it all seems to work. I was very surprised!
(This used to be commit 44766c39e0027c762bee8b33b12c621c109a3267)
|
|
I had to modify sys_select() to not loop on EINTR. I added a wrapper
called sys_select_intr() which gives the old behaviour.
(This used to be commit b28cc4163bc2faaa80c5782fc02c8f03c410cdeb)
|
|
(This used to be commit f890bcf06786e7c63bf76fad2fd46d287a99a270)
|
|
(This used to be commit f9077e50cba5c7c3e6cf7739888120d8cc757c7c)
|
|
(This used to be commit 9805e17cd0ce427c329a8b5a8318d5f75227e283)
|
|
rpc_server/srv_pipe.c: Use accessor functions rather than diddling with structure
internals directly.
smbd/process.c:
smbd/reply.c: Remove READ_PREDICTION #ifdefs.
Jeremy.
(This used to be commit eba825ff030a175bd271caa6f543379dfdbbd646)
|
|
to reload services
(This used to be commit 0fb4ba4e037f25b8b75bcae0ecb1d9b43f0f9e5f)
|
|
this adds "#define OLD_NTDOMAIN 1" in lots of places. Don't panic -
this isn't permanent, it should go after another few merge steps have
been done
(This used to be commit 92109d7b3c06f240452d39f669ecb8c9c86ab610)
|
|
it
(This used to be commit 88ad00b82acc4636ab57dfe710af08ea85b82ff1)
|
|
userdom_struct. As the name implies this also contains a domain
(unused at the moment).
This will be important shortly, as operation in appliance mode needs
the domain to be always carried with the username.
(This used to be commit ee8546342d5be90e730372b985710d764564b124)
|