summaryrefslogtreecommitdiff
path: root/source3/smbd/server.c
AgeCommit message (Collapse)AuthorFilesLines
2002-08-17Becouse of changes to the meaning of this feild over time, this doesn'tAndrew Bartlett1-5/+0
actually work. Also, the idea of 'loopback winbind' isn't that bad an idea anyway (potential PDC/BDC applications). Given all that, remove it... Andrew Bartlett (This used to be commit fc0d6e53fce1d05b16ec58c0bdc38aa8da4422c0)
2002-08-16Merge of netbios namecache code from APPLIANCE_HEAD.Tim Potter1-0/+2
Tridge suggested a generic caching mechanism for Samba to avoid the proliferation of little cache files hanging around limpet like in the locks directory. Someone should probably implement this at some stage. (This used to be commit dad31483b3bd1790356ef1e40ac62624a403bce8)
2002-08-10Fix the %m security bug again - and try to make it harder to reintroduce inAndrew Bartlett1-4/+2
future. This moves us from fstrcpy() and global variables to 'get' and 'set' functions. In particular, the 'set' function sainity-checks the input, in the same way as we always have. Andrew Bartlett (This used to be commit e57a896f06b16fe7e336e1ae63a0c9e4cc75fd36)
2002-08-05This fixes a number of ADS problems, particularly with netbioslessAndrew Tridgell1-0/+4
setups. - split up the ads structure into logical pieces. This makes it much easier to keep things like the authentication realm and the server realm separate (they can be different). - allow ads callers to specify that no sasl bind should be performed (used by "net ads info" for example) - fix an error with handing ADS_ERROR_SYSTEM() when errno is 0 - completely rewrote the code for finding the LDAP server. Now try DNS methods first, and try all DNS servers returned from the SRV DNS query, sorted by closeness to our interfaces (using the same sort code as we use in replies from WINS servers). This allows us to cope with ADS DCs that are down, and ensures we don't pick one that is on the other side of the country unless absolutely necessary. - recognise dnsRecords as binary when displaying them - cope with the realm not being configured in smb.conf (work it out from the LDAP server) - look at the trustDirection when looking up trusted domains and don't include trusts that trust our domains but we don't trust theirs. - use LDAP to query the alternate (netbios) name for a realm, and make sure that both and long and short forms of the name are accepted by winbindd. Use the short form by default for listing users/groups. - rescan the list of trusted domains every 5 minutes in case new trust relationships are added while winbindd is running - include transient trust relationships (ie. C trusts B, B trusts A, so C trusts A) in winbindd. - don't do a gratuituous node status lookup when finding an ADS DC (we don't need it and it could fail) - remove unused sid_to_distinguished_name function - make sure we find the allternate name of our primary domain when operating with a netbiosless ADS DC (using LDAP to do the lookup) - fixed the rpc trusted domain enumeration to support up to approx 2000 trusted domains (the old limit was 3) - use the IP for the remote_machine (%m) macro when the client doesn't supply us with a name via a netbios session request (eg. port 445) - if the client uses SPNEGO then use the machine name from the SPNEGO auth packet for remote_machine (%m) macro - add new 'net ads workgroup' command to find the netbios workgroup name for a realm (This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
2002-07-31added support for smbd listening on port 445 and 139. It now listensAndrew Tridgell1-45/+80
on both by default, and you can specify a list of ports to listen on either with "smb ports = " in smb.conf or using the -p option to smbd. this is needed for proper netbiosless operation. (This used to be commit 5dee0a7b5e0fcb298a9d36661c80e60d8b9bcc3a)
2002-07-20Move some startup time initialisation to server.c, so it is all in one place.Andrew Bartlett1-0/+7
I'm not sure that we need that "dummy" talloc init, but anyway... Also, add some 'const' to the table of smb reply functions. Andrew Bartlett (This used to be commit 790b7c9ab82f930da66426e7a932d7365bd27725)
2002-07-20Add support for duplicating stderr into our logfiles.Andrew Bartlett1-8/+8
This is for two things: To allow panic actions etc to pump out backtraces to stderr and to allow vangrind to put its stuff in a logfile - making it possible to debug smbd when launched from inetd. I've also cleaned up some of the duplicate names in procedures between smbd and nmbd. Andrew Bartlett (This used to be commit 4bcb32731984b4aef1d4911a168a4e7a10d32fd4)
2002-07-17Gone back to explicit queue number passing as snum - removed encoding ofJeremy Allison1-2/+0
queueid in job number. This means we must have an internal tdb to store mapping from 16 bit RAP jobid's to 32 bit RPC jobids. Jeremy. (This used to be commit 4ff64f69706cc94d5dba7762754d00790c476963)
2002-07-11*Experimental* new large-scaling printer code. Splits printing.tdb intoJeremy Allison1-0/+2
a separate tdb per printer, but only keeps (currently one) tdb open at a time (although this is easily changed by changing a #define). Needs scalability testing with large numbers of printers now.... Jeremy. (This used to be commit b0909cfa14fc7ef29d2b98b56d52723570da782a)
2002-07-03first cut at implementing support for browsing printer and driver driverGerald Carter1-0/+3
via regedt32.exe. The regsitry.tdb is only a framework. It is not intended to store values, only key/subkey structure. The data will be retrieved from nt*tdb (for printers) creating a virtual view of the data. You can currently connect to a Samba box using regedt32.exe (haven't tried regedit.exe). Some basic keys are created in registry.tdb for use. There are two problems.... * something is getting freed in the winreg code that causes heap corruption later on. As long as you don't play with the winreg server functionality, I don't think you'll be bitten by this. * no access controls are currently implemented * I can't browse HKLM because regedt32 greys out the SYSTEM subkey. ok so that was three.... (This used to be commit 542d3c93a998083c07b2afa91a7c927c376caf54)
2002-06-28Shut down printing tdb correctly - this will be more important when I goJeremy Allison1-0/+1
to a tdb per-queue for scalability. Jeremy. (This used to be commit e808eb2758ff4ad1eed7b50a02865b87ba0c068e)
2002-06-17compile warngin fixes merged from 2.2Gerald Carter1-2/+2
(This used to be commit 29874f4b8fecdc7cbd84d656dafce54cca49e0b1)
2002-06-07Globally replace 'global_sam_sid' with get_global_sam_sid(), a selfAndrew Bartlett1-1/+1
initialising function. This patch thanks to the work of "Stefan (metze) Metzmacher" <metze@metzemix.de> This is partly to enable the transition to SIDs in the the passdb. Andrew Bartlett (This used to be commit 96afea638e15d4cbadc57023a511094a770c6adc)
2002-05-22Cleanups!Andrew Bartlett1-1/+1
Make some code static, add some const to the PAM code, and make the plaintext password code actually function - particulary without the requirement to modify the 'struct passwd' (which it assumed was made up of fstrings) This kills some particularly ugly code in lib/util_pw.c Andrew Bartlett (This used to be commit 302dad4990ba5194f072e435465d9adaa089ae06)
2002-05-17This removes --with-ssl from Samba.Andrew Bartlett1-9/+0
This option was badly maintained, useless and confused our users and distirbutors. (its SSL, therfore it must be good...) No windows client uses this protocol without help from an SSL tunnel. I can't see any reason why setting up a unix-side SSL wrapper would be any more difficult than the > 10 config options this mess added to samba in any case. On the Samba client end, I think the LIBSMB_PROG hack should be sufficient to start stunnel on the unix side. We might extend this to take %i and %p (IP and port) if there is demand. Andrew Bartlett (This used to be commit b04561d3fd3ee732877790fb4193b20ad72a75f8)
2002-04-11This split the mangling code up to allow for the possibility of multipleAndrew Tridgell1-1/+1
mangling implementation, selectable using "mangling method = " in smb.conf It also tidies the interface a little, although it is still nasty. (This used to be commit be23d87a178e7d0691e7d942adf89bb3d2d533c2)
2002-04-08Reintroduce the 2.2 name mangling code, until we get are more flexible solution.Andrew Bartlett1-4/+0
Even for a hash/cache setup, this code needs some more work, in particular it needs to use mangle_get_prefix() etc and to move to unicode internals. Andrew Bartlett (This used to be commit ad8aa470575c39fcbc7f1440bf1081d7ea31c0aa)
2002-03-29added shutdown to smbdJean-François Micouleau1-0/+6
J.F. (This used to be commit 51a5bbfee71e064c73283a090e9e922a31b1e21b)
2002-03-14Now we have reliable signals take SIGTERM inband.Jeremy Allison1-42/+49
Jeremy. (This used to be commit cad82926a8baf7605cef81f0e0d4daa8e527e6ee)
2002-03-05Added Herb's fix to override log level from command line.Jeremy Allison1-0/+2
Jeremy. (This used to be commit 439839be99e6e418eb5782a2fe0630d0ef5fb3c5)
2002-01-31Fix from Michael Steffens <michael_steffens@hp.com> to make signalJeremy Allison1-1/+1
processing work correctly in winbindd. This is a really good patch that gives full select semantics to the Samba modified select. Jeremy. (This used to be commit 3af16ade173cac24c1ac5eff4a36b439f16ac036)
2002-01-30Removed version number from file header.Tim Potter1-1/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-30merge from 2.2Gerald Carter1-1/+8
(This used to be commit 69a9c005c21833bdf22b72aaa3704bd14f627840)
2002-01-29Since we have dynamic initialisation in the group mapping code, makeTim Potter1-5/+0
init_group_mapping() a static function and don't call it from any client programs. Not sure whether I've made a bigger mess here or not... (This used to be commit 3c887d9021269aaa9fc0bc771af8589077e6208e)
2002-01-26Fix up a security issue with the way we handle domain groups retuned on theAndrew Bartlett1-0/+3
info3. These are RIDs, and it only makes sense to combine them with the domain SID returned with them. This is important for trusted domains, where that sid might be other than the one we currently reterive from the secrets.tdb. Also remove the become_root()/unbecome_root() wrapper from around both remaining TDB users: Both are now initialised at smbd startup. Andrew Bartlett (This used to be commit 554842e0a55155193f25aefca6480b89d5c512ca)
2002-01-18Ensure (C) message is output on startup.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 7d05175494227bf30d098e04ec91c4f0a7b7184c)
2002-01-16Roll back PSTR insertion.Martin Pool1-23/+21
Just leave the fstrcpy/pstrcpy bugfix, and conversion to pstr_sprintf rather than manual calculation of length. (This used to be commit e38e7a2bdcf2901359035ac4aa79ebf33599e0c8)
2002-01-15Convert to the new pstring interface. This diff is a pretty goodMartin Pool1-26/+29
example of the scope of change the new pstrings would entail: basically inserting PSTR() or FSTR() everywhere you need to coerce one to a char*. It's also a good example of the kind of bug we might catch: on about line 540, we were doing a pstrcpy into an fstring, which might overflow. It's not a problem in this particular case, but it is in general. (This used to be commit 5a403da4a735a8fb8d118a0a67f3a15127152e18)
2002-01-14Removed MAXSTATUS which was set incorrectly - thus causing tdb traversalJeremy Allison1-16/+9
of the connections db on smbd startup. This should fix the Solaris large load bug.... (fingers crossed). Jeremy. (This used to be commit 5b2b9c25af28543e67762805d1387524cbb6c39d)
2002-01-12Many thanks to Alexander Bokovoy <a.bokovoy@sam-solutions.net>.Andrew Bartlett1-0/+1
This work was sponsored by Optifacio Software Services, Inc. Andrew Bartlett (various e-mails announcements merged into some form of commit message below:) This patch which adds basics of universal groups support into Samba 3. Currently, only Winbind with RPC calls supports this, ADS support requires additional (possibly huge) work on KRB5 PAC. However, basic infrastructure is here. This patch adds: 1. Storing of universal groups for particular user logged into Samba software (smbd/ two winbind-pam methods) into netlogon_unigrp.tdb as array of uint32 supplemental group rids keyed as DOMAIN_SID/USER_RID in tdb. 2. Fetching of unversal groups for given user rid and domain sid from netlogon_unigrp.tdb. Since this is used in both smbd and winbindd, main code is in source/lib/netlogon_uingrp.c. Dependencies are added to AUTH_OBJ as UNIGRP_OBJ and WINBINDD_OBJ as UNIGRP_OBJ. This patch has had a few versions, the final version in particular: Many thanks to Andrew Bartlett for critics and comments, and partly rewritten code. New: - updated fetching code to changed byte order macros - moved functions to proper namespace - optimized memory usage by reusing caller's memory context - enhanced code to more follow Samba coding rules Todo: - proper universal group expiration after timeout (This used to be commit 80c2aefbe7c1aa363dd286a47d50c5d8b4595f43)
2002-01-09Add two more memory-debug smbcontrol messages: these ones shouldMartin Pool1-0/+1
prompt dmalloc to log information about what happening, so you can see in flight why smbd is getting bloated. (This used to be commit bcb443c5c4bf97fe6b5b0993e42496c2e64f0124)
2002-01-09Better explanation message for dmalloc.Martin Pool1-1/+1
Also more insertion of parenthesis to handle struct members called 'free'. You can now get useful dmalloc output, as long as it is compatible with your C library. On RH7.1 it looks like you have to rebuild dmalloc to allow free(0) by default, because something in libcrypt does that. (sigh) (This used to be commit 391cbb690196537c8b6292b42c2e27408cc7e249)
2002-01-09Add UNUSED(paramname) macro to be used in parameter lists, to quietenMartin Pool1-1/+2
gcc warnings about unused parameters. (This used to be commit b29775d442c36f667a6db5ba9dbe47d1a133525f)
2002-01-09Fixed up atomic update code.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 274b04d4a6123fbfe363afc214e908ab36c7e8a7)
2002-01-05I've decided to move the auth code around a bit more...Andrew Bartlett1-2/+4
The auth_authsupplied_info typedef is now just a plain struct - auth_context, but it has been modified to contain the function pointers to the rest of the auth subsystem's components. (Who needs non-static functions anyway?) In working all this mess out, I fixed a number of memory leaks and moved the entire auth subsystem over to talloc(). Note that the TALLOC_CTX attached to the auth_context can be rather long-lived, it is provided for things that are intended to live as long. (The global_negprot_auth_context lasts the whole life of the smbd). I've also adjusted a few things in auth_domain.c, mainly passing the domain as a paramater to a few functions instead of looking up lp_workgroup(). I'm hopign to make this entire thing a bit more trusted domains (as PDC) freindly in the near future. Other than that, I moved a bit of the code around, hence the rather messy diff. Andrew Bartlett (This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048)
2002-01-03smbd should register to receive MSG_REQ_POOL_USAGE. Response shouldMartin Pool1-0/+1
be information about memory usage, but this is not done yet. (This used to be commit 830a126a442bdde28fc42e23e7260c344b6534b9)
2001-12-30When running interactive we want to set our own process group forJeremy Allison1-0/+9
signal management. Jeremy. (This used to be commit fffae94dd5699f44c0b1c8081587deafd89b3fc0)
2001-12-29Fixup -i interactive modes.Jeremy Allison1-6/+12
Jeremy. (This used to be commit 9343b613d3778b0330bc4d610d3befd363797360)
2001-12-20Removed global debugf. Replaced with lp_set_logfile(name).Jeremy Allison1-5/+7
Fixed winbindd to finally stop leaving log. file droppings :-). Jeremy. (This used to be commit 0bea6cf79a44f79fa3a4f2c8381e898e79c66509)
2001-12-03added a tdb to store the account policy informations.Jean-François Micouleau1-4/+9
You can change them with either usermanager->policies->account or from a command prompt on NT/W2K: net accounts /domain we can add a rpc accounts to the net command. As the net_rpc.c is still empty, I did not start. How should I add command to it ? Should I take the rpcclient/cmd_xxx functions and call them from there ? alse changed the SAM_UNK_INFO_3 parser, it's an NTTIME. This one is more for jeremy ;-) J.F. (This used to be commit bc28a8eebd9245ce3004ae4b1a359db51f77bf21)
2001-11-24This is another rather major change to the samba authenticaionAndrew Bartlett1-1/+3
subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett (This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
2001-11-23Removed TimeInit() call from every client program (except for one placeTim Potter1-2/+0
in smbd/process.c where the timezone is reinitialised. Was replaced with check for a static is_initialised boolean. (This used to be commit 8fc772c9e5770cd3a8857670214dcff033ebae32)
2001-11-19Store some path names in global variables initialized to configureMartin Pool1-7/+7
default, rather than in preprocessor macros. (This used to be commit 79ec88f0da40faebe1e587f1b3e87b5f2b184f58)
2001-10-22lets try the new mangling codeSimo Sorce1-0/+5
all the calls go through a compatibility interface will change that soon a new mangle.tdb file will be set in the lock directory it contains a static mapping longname<->manglename (This used to be commit 1ffacd2068a896d36a9e56b6e28c63e2f7e98762)
2001-10-18Merge the become_XXX -> change_to_XXX fixes from 2.2.2 to HEAD.Jeremy Allison1-4/+5
Ensure make_conection() can only be called as root. Jeremy. (This used to be commit 8d23a7441b4687458ee021bfe8880558506eddba)
2001-10-18got rid of start_background_queue()Andrew Tridgell1-1/+6
THIS WAS A DISASTER! it created hundreds of processes on the build farm machines, which we can't kill. (This used to be commit 04479db879d04fb329022c3282d92bab94a48576)
2001-10-16very simple asynchronous "lpq" thread patchJean-François Micouleau1-0/+2
To speed up operations with the lpq command, it's now run in a separate asynchronous process. Opening the Printers folder on NT is now fast ;-) I think even faster than with a ** server Jeremy, you should look at that patch to include it in 2.2.3 J.F. (This used to be commit 8ef9dff3074e7979579ce66a204e8ec7bf62a587)
2001-10-03switched over to a new method of handling uppercase/lowercase mappingsAndrew Tridgell1-0/+2
for unicode strings. The new method relies on 3 files that are mmap'd at startup to provide the mapping tables. The upcase.dat and lowcase.dat tables should be the same on all systems. The valid.dat table says what characters are valid in 8.3 names, and differs between systems. I'm committing the japanese valid.dat here, in future we need some way of automatically installing and choosing a appropriate table. This commit also adds my mini tdb based gettext replacement in intl/lang_tdb.c. I have not enabled this yet and have not removed the old gettext code as the new code is still being looked at by Monyo. Right now the code assumes that the upcase.dat, lowcase.dat and valid.dat files are installed in the Samba lib directory. That is not a good choice, but I'll leave them there until we work out the new install directory structure for Samba 3.0. simo - please look at the isvalid_w() function and think about using it in your new mangling code. That should be the final step to correctly passing the chargen test code from monyo. (This used to be commit 1c221994f118dd542a158b2db51e07d04d0e9314)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-2/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-19Add the ability to display Samba's build options with smbd -b and as a level 4Andrew Bartlett1-16/+23
DEBUG(). Also included are details like build date/time, location and compiler. This should get most of the options we set, except those that don't affect smbd, like WITH_PAM_SMBPASSWD or WITH_WINBINDD. This work due to Vance Lankhaar <vlankhaar@hotmail.com> Some work needs to be done to make it only rebuild when needed (ie smbd being rebuilt) but its in pretty good shape already. Also fix up some printf() -> d_printf(). Andrew Bartlett (This used to be commit beff1d2beaf4337dba6bfc372c5e09a43cfd791a)