Age | Commit message (Collapse) | Author | Files | Lines |
|
Added debug messages to se_access_check().
Added FULL_ACCESS acl to default acl on printers.
Jeremy.
(This used to be commit 7507f6f408cf8b0f8d7e2b3da54ce5fb5ef5343b)
|
|
Added a become_root()/unbecome_root() (push/pop security context)
around the initgroups() call to ensure it would succeed. Hmmm - I
wonder if this call being done as non-root might explain any "group access"
bugs we've had in the past....
Jeremy.
(This used to be commit 06a65972e872f37d88b84f22ea714feebd38f6c0)
|
|
with the current user. This will allow se_access_check() to quickly do
a SD check without having to translate uid/gid's to SIDs.
Still needs work on pipe calls.
Jeremy.
(This used to be commit e28d01b744b3dbd33e0e54af4e7f426fa8c082b8)
|
|
get ready and fix se_access_check().
Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid()
functions that look via winbind first the fall back on local lookup.
All Samba should use these rather than trying to call winbindd code
directly.
Added NT_USER_TOKEN struct in user_struct, contains list of NT sids
associated with this user.
se_access_check() should use this (cached) value rather than attempting
to do the same thing itself when given a uid/gid pair.
More work needs to be done to preserve these things accross security
context changes (especially with the tricky pipe problem) but I'm
beginning to see how this will be done..... probably by registering
a new vuid for an authenticated RPC pipe and not treating the
pipe calls specially.
More thoughts needed - but we're almost there...
Jeremy.
(This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8)
|
|
(This used to be commit 3c4a5f624bfa69eb81d998530d9227e158edd109)
|
|
structure so authenticated pipe users can have their unix groups set when
become_authenticated_pipe_user() is called.
(This used to be commit 55c9bf124dc661df43bfe582ef14b1297aeaf0fa)
|
|
(This used to be commit d0f55e04c9400481e4a981431715e167a8246e45)
|
|
Implemented become_root() and friends in terms of push/pop/set security
contexts.
(This used to be commit 0bcdcd0606fc2b6aba35b03255aad5bb2bd8e848)
|
|
this adds "#define OLD_NTDOMAIN 1" in lots of places. Don't panic -
this isn't permanent, it should go after another few merge steps have
been done
(This used to be commit 92109d7b3c06f240452d39f669ecb8c9c86ab610)
|
|
userdom_struct. As the name implies this also contains a domain
(unused at the moment).
This will be important shortly, as operation in appliance mode needs
the domain to be always carried with the username.
(This used to be commit ee8546342d5be90e730372b985710d764564b124)
|
|
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
|
|
pdus, and then feeds them over either a "local" function call or a "remote"
function call to an msrpc service. the "remote" msrpc daemon, on the
other side of a unix socket, then calls the same "local" function that
smbd would, if the msrpc service were being run from inside smbd.
this allows a transition from local msrpc services (inside the same smbd
process) to remote (over a unix socket).
removed reference to pipes_struct in msrpc services. all msrpc processing
functions take rpcsrv_struct which is a structure containing state info
for the msrpc functions to decode and create pdus.
created become_vuser() which does everything not related to connection_struct
that become_user() does.
removed, as best i could, connection_struct dependencies from the nt spoolss
printing code.
todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific
info on a per-connection basis, and if the connection dies then so does
the info, and that's a fairly serious problem.
had to put pretty much everything that is in user_struct into parse_creds.c
to feed unix user info over to the msrpc daemons. why? because it's
expensive to do unix password/group database lookups, and it's definitely
expensive to do nt user profile lookups, not to mention pretty difficult
and if you did either of these it would introduce a complication /
unnecessary interdependency. so, send uid/gid/num_groups/gid_t* +
SID+num_rids+domain_group_rids* + unix username + nt username + nt domain
+ user session key etc. this is the MINIMUM info identified so far that's
actually implemented. missing bits include the called and calling
netbios names etc. (basically, anything that can be loaded into
standard_sub() and standard_sub_basic()...)
(This used to be commit aa3c659a8dba0437c17c60055a6ed30fdfecdb6d)
|
|
weird unixware stuff) into _Get_Pwnam() to fix a memory allocation bug.
Note that the Get_Pwnam() function now returns a const struct passwd *
as a hint to other developers not to change entries in the struct
passwd.
(This used to be commit 36d7cb4ccc42268e8e6a7b783c945d1853624958)
|
|
capabilities to Samba so that Samba could talk to the SGI PCP
(Performance Co-Pilot) apps.
This change adds a profiling shared memory area and uses it to count
two fairly trivial things, the number of uid switches and the number
of SMB packets processes. To add more just edit include/profile.h and
then increment it at the right place.
I've also added a -P switch to smbstatus to dump the profile area.
(This used to be commit ef3d61a80ad0b87c196a63ef2bd4fe8fc3863bd0)
|
|
aclocal.m4: Added AC_LIBTESTFUNC.
configure.in: Fixed -lsecurity -lsec problems.
client.c: dos_ fixes.
groupdb/aliasunix.c: Dead code removal.
include/includes.h: Added default PRINTCAP_NAME.
lib/genrand.c: dos_ fixes.
lib/replace.c: Added strtoul.
lib/system.c: dos_ fixes.
lib/util.c: dos_ fixes.
lib/util_sid.c: Signed/unsigned fixes.
lib/util_str.c: removed bad const.
locking/locking_slow.c: dos_ fixes.
printing/printing.c: dos_ fixes.
rpc_server/srv_samr.c: Dead code removal.
rpc_server/srv_sid.c: global_myworkgroup defined with wrong size AGAIN !
smbd/dir.c: dos_ fixes.
smbd/open.c: dos_ fixes.
smbd/oplock.c: dos_ fixes.
smbd/reply.c smbd/server.c smbd/service.c smbd/uid.c: dos_ fixes.
Jeremy.
(This used to be commit 6acb4b68f68d516e2ac3c47e500f5600d653435e)
|
|
instead of opening pipes and other horrible stuff.
(This used to be commit 49bf19710345a59a2d17cd449be1a132885ed821)
|
|
uid_t, gid_t and vuid. Added sys_getgroups() to get
around the int * return problem. Set correct datatypes
for all uid, gid and vuid variables.
Jeremy.
(This used to be commit e570db46fc3a78e499523fd342e9a34cebb18998)
|
|
to a linked list with bitmap format.
(This used to be commit b7aaab1b6b2d2f72b2bb7c11f5c7bf081a6093d9)
|
|
configure.in: Source for header changes.
client/clitar.c: Fixed isXXX macros & debugs for gcc pedantic compile.
include/config.h.in: Added MEMSET, BZERO, MEMORY, RPCSVC_YPCLNT, STRINGS headers.
include/includes.h: Headers for the above.
include/smb.h: Made SIGNAL_CAST POSIX by default void (*)(int).
lib/access.c: Fixed isXXX macros & debugs for gcc pedantic compile.
lib/charset.c: Fixed isXXX macros & debugs for gcc pedantic compile.
lib/debug.c: Fixed signal functs.
lib/kanji.c: Fixed isXXX macros & debugs for gcc pedantic compile.
lib/smbrun.c: Fixed isXXX macros & debugs for gcc pedantic compile.
lib/util.c: Fixed isXXX macros & debugs for gcc pedantic compile.
libsmb/namequery.c: Fixed isXXX macros & debugs for gcc pedantic compile.
locking/shmem.c: Fixed isXXX macros & debugs for gcc pedantic compile.
locking/shmem_sysv.c: Fixed error messages in sysV stuff.
nmbd/asyncdns.c: Fixed signal functs.
nmbd/nmbd.c: Fixed isXXX macros & debugs for gcc pedantic compile.
passdb/passdb.c: Fixed isXXX macros & debugs for gcc pedantic compile.
passdb/smbpassfile.c: Fixed isXXX macros & debugs for gcc pedantic compile.
smbd/chgpasswd.c: Fixed isXXX macros & debugs for gcc pedantic compile.
smbd/ipc.c: Fixed isXXX macros & debugs for gcc pedantic compile.
smbd/nttrans.c: Fixed fsp code path.
smbd/password.c: fixed HAVE_YP_GET_DEFAULT_DOMAIN problem.
smbd/printing.c: Fixed isXXX macros & debugs for gcc pedantic compile.
smbd/reply.c: Fixed isXXX macros & debugs for gcc pedantic compile.
smbd/server.c: Fixed isXXX macros & debugs for gcc pedantic compile.
smbd/trans2.c: Fixed core dump bug.
smbd/uid.c: Fixed isXXX macros & debugs for gcc pedantic compile.
Jeremy.
(This used to be commit 1b9cbcd02e575dc0a95fa589f720df30a4acc46b)
|
|
Connections[] is now a local array in server.c
I might have broken something with this change. In particular the
oplock code is suspect and some .dll files aren't being oplocked when
I expected them to be. I'll look at it after I've got some sleep.
(This used to be commit c7ee025ead4a85b6fa44a832047b878451845fb6)
|
|
the correct directory before doing the stat. Doh !
uid.c: Fix for performance in security=share mode. Invalid vuid meant
that in security=share mode Samba was always doing the become_user/
undebome_user pairs for *every* smb. This code fixes it, but tridge
should review for security implications.
Jeremy.
(This used to be commit c3663379fdcec487feea2e5d848ee012ee6c6baf)
|
|
timestamps from several DEBUG messages. The timestamps are redundant now
that DEBUG() provides them automatically.
There are still a few more files to do, but I've got to get home for dinner.
Chris -)-----
(This used to be commit 60286ccecaa6028d687e6406755016455e3b3a26)
|
|
time test instead. This also allows us to get rid of the igroups
element of a couple of structures.
(This used to be commit 8b25fe734166b76ceebf8d9543c706ebe0fddc96)
|
|
(This used to be commit 3bda7ac417107a7b01d91805ca71c4330657ed21)
|
|
local.h: Kept FSTYPE_STRING as Samba for now.
nmbd_browsesync.c: Added bugfix from Matt Chapman mattyc@cyberdude.com
- lmb_browserlist is now a struct ubi_dlList not a
struct browse_cache_record *.
server.c:
smb.h:
uid.c:
password.c: Removed attrs code - it is not used anywhere.
Jeremy
(This used to be commit ef1af7fe6d5c58ae57b8e4efff0729e1a315da43)
|
|
to the AIX specific (and undocumented) setpriv and setuidx calls.
Jeremy.
(This used to be commit 7a8d0a4ed4e07090bfe776b5544712274d2426e4)
|
|
everywhere. I've implemented slprintf() as a bounds checked sprintf()
using mprotect() and a non-writeable page.
This should prevent any sprintf based security holes.
(This used to be commit ee09e9dadb69aaba5a751dd20ccc6d587d841bd6)
|
|
problem....
smbpass.c: Removed Luke's dire warning - as some of the functions in here
*need* to be called externally :-).
Jeremy.
(This used to be commit 1fd8d12ca414066acec71b33eb8a13e16c2acd3a)
|
|
Essentially, multiple session_setup_and_X's may be done
to an smbd. As there is only one global variable containing
the requested connection name (sessionsetup_user), then any
subsequent sessionsetups overwrite this name (causing %U
and %G to get the wrong name). This is particularly common
when an NT client does a null session setup to get a
browse list after the user has connected, but before
a share has been mounted.
These changes store the requested_name in the vuid structure
(so this only really works for user level and above security)
and copies this name back into the global variable before
the standard_sub call.
Jeremy.
(This used to be commit b5187ad6a3b3af9fbbeee8bced0ab16b41e9825b)
|
|
loadparm.c: Added "win95 bug compatibility" parameter.
local.h: Replaced MAX_OPEN_FILES back to 100 from 10 (oops).
reply.c: Fixed ulogoff check against uid - changed to vuid.
server.c: Changed file struct save of uid - changed to vuid.
smb.h: Changed id in struct current_user to vuid.
Changed file struct uid to vuid.
time.c: Added "win95 bug compatibility" atime -> mtime return.
trans2.c: Added "win95 bug compatibility" fixes.
uid.c: Changed id in struct current_user to vuid - added checks
to set/reset it.
util.c: Added code to expand environment variables.
version.h : still at 1.9.18 (head branch doesn't matter too much at present).
Jeremy.
(This used to be commit adc903bcf59ad1664babd7f1d43675d3a75bfbc9)
|
|
This is merely updating the Copyright statements from 1997 to 1998.
It's a once a year thing :-).
NO OTHER CHANGES WERE MADE.
Jeremy.
(This used to be commit b9c16977231efb274e08856f7f3f4408dad6d96c)
|
|
Reported by Brian McCauley <B.A.McCauley@bham.ac.uk>.
Jeremy.
(This used to be commit 00067800a25d6f5fe11e833a01d5a7a1e76dcc11)
|
|
luke changed it.
proto.h: The usual.
uid.c: Fix crash bug when attaching with smbclient -mCORE. A vuid
pointer was being used when it was null.
Jeremy.
(This used to be commit ff94f97cf2b0f62cbbddbfd3d126df7f4d649334)
|
|
adding bits for new nt domain code
byteorder.h :
trying to get macros right, and not to crash on SUNOS5...
client.c :
added #ifdef NTDOMAIN, and created do_nt_login() function. don't
want to have to recompile client.c unless absolutely necessary.
credentials.c :
moved deal_with_creds() [possibly inappropriately] into credentials.c
ipc.c reply.c server.c uid.c :
attempting to make (un)become_root() functions calleable from smbclient.
this is a little tricky: smbclient might have to be another setuid
root program, immediately setuid'ing to non-root, so that we can
reset-uid to root to get at the smbpasswd file. or, have a secure
pipe mechanism to smbd to grab smbpasswd entries. or the like.
smbdes.c smbencrypt.c :
created a function to generate lm and nt owf hashes.
lsaparse.c ntclient.c smbparse.c :
added nt client LSA_AUTH2 code. it works, too!
pipenetlog.c pipentlsa.c pipesrvsvc.c :
simplification. code-shuffling. getting that damn offset right
for the opcode in RPC_HDR.
smb.h :
changed dcinfo xxx_creds to DOM_CRED structures instead of DOM_CHAL.
we might need to store the server times as well.
proto.h :
the usual.
(This used to be commit 82436a3d99d4bdce249ce9ff27fd2ca4b2447e07)
|
|
was a harmless bug but left log entries
code cleanup in reply_lanman2()
(This used to be commit 8e90e1ef276c4cc362e32985c2845fc4c5108273)
|
|
locking.c: Adding Andrews become_root code to the main branch.
pipes.c: Fixing the close_file issue.
proto.h: The usual.
reply.c: Move smb_pass into NTDOMAIN defined code. Fixing the close_file issue.
server.c: Fixing the close_file issue.
trans2.c: Fixing the close_file issue.
uid.c: Adding Andrews become_root code to the main branch.
Jeremy (jallison@whistle.com)
(This used to be commit 16fd4337f79ce33f91050c96c4a566221c5d9126)
|
|
added credentials.c to smbd
credentials.c:
using credential structures instead of char*
password.c uid.c server.c:
added sid and attr to user_struct.
smbdes.c:
smbhash and str_to_key make public instead of private.
pipes.c smb.h:
lsa structures, sub-functions.
proto.h:
usual.
(This used to be commit 87a0a944855a673d693d934e446bdc231b1c7f02)
|
|
includes.h: Changed for HPUX10 tidyup.
ipc.c: Fixed bug where getting local server list from NT browsers would
fail.
nmbsync.c: Fixed bug where getting local server list from NT browsers would
fail.
proto.h: Changed for crash bug on SCO with USE_MMAP.
quotas.c: Added OSF quotas (patch from Bret Giddings <bret@essex.ac.uk>).
Rolled back solaris uid change - I think it was wrong.
reply.c: Changed for crash bug on SCO with USE_MMAP.
server.c: Removed Lukes changes. Changed for crash bug on SCO with USE_MMAP.
smb.h: Changed for crash bug on SCO with USE_MMAP.
smbpasswd.c:Fixed crash bug with Lukes changes.
uid.c: Removed Lukes changes.
util.c: Fixed I18N bug with extended char filenames and widelinks = no.
Jeremy (jallison@whistle.com)
(This used to be commit bf1c79f7fd7f9beec4f9f4e58337cadceeb1cb38)
|
|
be treated no differently than any other share (for any security setting:
user, server or share).
this will clear up a bug where, when clients connect to the IPC$ share, this
used to be done under the guest account. the standard_sub_basic() macros
will substitute the _guest_ account for %U, causing the samba server to
look different from when the client then connects to any other share.
lkcl
(This used to be commit 38526569608f6eb5f098efee7013037873d140bf)
|
|
a codepage_initialise(). Fixes problem with initialising dos map
twice.
charset.h: Changes to support charset changes.
client.c: Changes to support charset changes.
loadparm.c: follow symlinks parameter from David Clerc <David.Clerc@cui.unige.ch>
nmbd.c: Changes to support charset changes.
nmblookup.c:Changes to support charset changes.
proto.h: Changes to support charset changes.
reply.c: Don't call security=server with no user/no password guest. Fix from
Stefaan A Eeckels <Stefaan.Eeckels@ecc.lu>
server.c: follow symlinks code from David Clerc <David.Clerc@cui.unige.ch>
smbpasswd.c:Changes to support charset changes.
status.c: Changes to support charset changes.
testparm.c: Changes to support charset changes.
testprns.c: Changes to support charset changes.
uid.c: Fixed log message with no \n.
Jeremy (jallison@whistle.com)
(This used to be commit 2a28a6e5e461aca7fe6c19cd01d287010056cffb)
|
|
uid.c: Stop smbrun from deleting device files.
util.c: Added EAGAIN to known error list.
Jeremy (jallison@whistle.com)
(This used to be commit c07db8d8e7e4a421501a08efe999e9ccd7337855)
|
|
client.c: Fixed silly bugs detected on IRIX.
namedbname.c: Stopped 1d names from being registered in WINS db.
namedbsubnet.c: Only register 1e names on broadcast subnet.
nameelect.c: Changed add_my_name entries. Forced host announces if we
have less than 10 servers listed. Fixed registering 1b
domain name issues.
namepacket.c: Added error message when dgram discarded.
nameserv.c: Added notion of 'direct' names that are not registered on
the network. Needed to get around bugs in earlier nmbd
handling of DOMAIN(1b) names.
nameservreply.c:Tidied up debug message.
nameservresp.c: Added response_name_query_domain() code. Deals with
re-registering DOMAIN(1b) name.
nmbd.c: Fixed silly bugs detected on IRIX.
nmblib.c: Added paranoia debugs.
proto.h: Updated remove_name_entry(), add_my_name_entry().
server.c: Fixed silly bugs detected on IRIX.
trans2.c: Fixed silly bugs detected on IRIX.
uid.c: Fixed silly bugs detected on IRIX.
version.h: Updated to alpha3.
Jeremy (jallison@whistle.com).
(This used to be commit f08222bd8b86a061c52d22015f946a4737eb47fd)
|
|
Wed May 7 1997: Update for 1.9.17alpha1 release - 'browsefix release'
designed to make browsing across subnets work.
byteorder.h: Updated copyright to 1997.
charcnv.c: Updated copyright to 1997.
charset.c Updated copyright to 1997.
charset.h Updated copyright to 1997.
client.c Updated copyright to 1997.
clientutil.c Updated copyright to 1997.
dir.c Updated copyright to 1997.
fault.c Updated copyright to 1997.
includes.h Updated copyright to 1997.
interface.c Updated copyright to 1997.
ipc.c Updated copyright to 1997.
kanji.c Updated copyright to 1997.
kanji.h Updated copyright to 1997.
loadparm.c Updated copyright to 1997.
locking.c Updated copyright to 1997.
mangle.c Updated copyright to 1997.
message.c Updated copyright to 1997.
nameannounce.c
Made use of WINS subnet explicit.
Added reset_announce_timer() so announcement
can be made immediately when we become a master.
Expanded code to do sync with dmb.
namebrowse.c
Removed redundent checks for AM_MASTER in
sync code. Made use of WINS subnet explicit.
namedbname.c Made use of WINS subnet explicit.
namedbresp.c Made use of WINS subnet explicit.
namedbserver.c Made use of WINS subnet explicit.
namedbsubnet.c
Explicitly add workgroup to WINS subnet
when we become a dmb. Made use of WINS subnet explicit.
namedbwork.c
Made use of WINS subnet explicit. Removed
redundent check_work_servertype() function.
nameelect.c
Explicitly add workgroup to WINS subnet
when we become a master browser. Made use of WINS subnet explicit.
namelogon.c Updated copyright to 1997.
namepacket.c Updated copyright to 1997.
namequery.c Updated copyright to 1997.
nameresp.c
Made use of WINS subnet explicit. Made nmbd fail if
configured as master browser and one exists already.
nameserv.c
Made use of WINS subnet explicit. Remove redundent
logon server and domain master code.
nameserv.h Add emumerate subnet macros.
nameservreply.c Made use of WINS subnet explicit.
nameservresp.c Updated copyright to 1997.
namework.c
Made use of WINS subnet explicit. Updated code to
add sync browser entries to add subnet parameter.
nmbd.c
Added sanity check for misconfigured nmbd.
nmblib.c Updated copyright to 1997.
nmblookup.c Updated copyright to 1997.
nmbsync.c
Removed redundent AM_ANY_MASTER check.
params.c Updated copyright to 1997.
password.c Updated copyright to 1997.
pipes.c Updated copyright to 1997.
predict.c Updated copyright to 1997.
printing.c Updated copyright to 1997.
proto.h
Changed protos for new nmbd code.
quotas.c Updated copyright to 1997.
replace.c Updated copyright to 1997.
reply.c Updated copyright to 1997.
server.c Updated copyright to 1997.
shmem.c Updated copyright to 1997.
smb.h Updated copyright to 1997.
smbencrypt.c Updated copyright to 1997.
smbpasswd.c Updated copyright to 1997.
smbrun.c Updated copyright to 1997.
status.c Updated copyright to 1997.
system.c Updated copyright to 1997.
testparm.c Updated copyright to 1997.
testprns.c Updated copyright to 1997.
time.c Updated copyright to 1997.
trans2.c Updated copyright to 1997.
trans2.h Updated copyright to 1997.
uid.c Updated copyright to 1997.
username.c Updated copyright to 1997.
util.c Updated copyright to 1997.
version.h
Changed to 1.9.17alpha1.
(This used to be commit cf23a155a1315f50d488794a2caf88402bf3e3e6)
|
|
Consistent with other changes to make smb_uid an index+offset
into the validated_users table.
jra@cygnus.com
(This used to be commit 89675f8ae8f136fb587690b137f4413607d30c14)
|
|
new code)
- handle server level security in the new "detect NT password length
stuffups" code
(This used to be commit 7c135d499409d4ddedb978f681559dae90ac4288)
|
|
- change debug level on clitar stuff
- define MAP_FILE if not defined
- ensure we never set authoritative on queries in nmbd
- fake a positive response to SMBioctl, apparently this is needed for
some WfWg printer drivers
- deny file access for non-fcbopen queries when (access_allowed == AREAD && flags == O_RDWR)
- add sys_waitpid()
(This used to be commit 61e3116e573637d6b5a878eeb8db72831e3c5bd1)
|
|
set the mode on all created files. I think this is a better policy.
- change the debug levels on some items
- fix a charset handling bug which affected foreign and extended
charset users
- no longer switch back to the original directory when idle, instead
switch to / as the original directory may not be readable by ordinary
users.
- fix some bugs where the create mode of files was not being
explicitly set (it was relying on the umask and using fopen). Not a
big bug as it only affected obscure commands like the messaging ops.
- got rid of the lock code in the lpq cache as its no longer needed
- rewrote smbrun to be faster and to remove the security hole. We now
don't actually need a external smbrun binary, its all done by smbd.
- add a more explicit warning about uids and gids of -1 or 65535
(This used to be commit 5aa735c940ccdb6acae5f28449d484181c912e49)
|
|
prototypes automatically using "make proto". This is much less prone
to error than the old method of manually adding prototypes
(This used to be commit b551dc98f7cc194a5fc2e67a4ebae7fd67a01bbc)
|
|
The biggest thing is the integration of Lukes new nmbd. Its still
largely untested, so we will really need some feedback
I've also added auto prototype generation and cleaned up a lot of
minor things as a result
(This used to be commit 0d8dcfa13c527ec2c8aca39ba49c09e4e694b26c)
|
|
- added setfsuid() support (for Linux)
- started adding some of Lukes changes, just the loadparm and ipc ones
so far
(This used to be commit 72543810ce3eb5ea7b141f957edf38b4c46b1ea4)
|