summaryrefslogtreecommitdiff
path: root/source3/smbd
AgeCommit message (Collapse)AuthorFilesLines
2003-08-02More fixes for client and server side signing. Ensure sequence numbersJeremy Allison2-3/+5
are updated correctly on returning an error for server trans streams. Ensure we turn off client trans streams on error. Jeremy. (This used to be commit 3a789cb7f01115c37404e5a696de363287cb0e5f)
2003-08-02Add the same signing code to the server. Ensure we use identical sessionJeremy Allison3-0/+18
numbers and MIDs when in trans/trans2/nttrans code. Jeremy. (This used to be commit 901544b29b4d815709b3dbad3012f1d2c419d904)
2003-08-01Update my copyrights according to my agreement with IBMJim McDonough1-1/+1
(This used to be commit a2bd8f0bfa12f2a1e33c96bc9dabcc0e2171700d)
2003-07-31only honor the first OID in the sessetup snego negotiate. DeviatesGerald Carter1-4/+15
from RFC but I'm smelling a client bug here. /* only look at the first OID for determining the mechToken -- accoirding to RFC2478, we should choose the one we want and renegotiate, but i smell a client bug here.. Problem observed when connecting to a member (samba box) of an AD domain as a user in a Samba domain. Samba member server sent back krb5/mskrb5/ntlmssp as mechtypes, but the client (2ksp3) replied with ntlmssp/mskrb5/krb5 and an NTLMSSP mechtoken. --jerry */ (This used to be commit 731420b03dbc15977822f74047e931dc62284fc0)
2003-07-31Wrap calls to change_oem_password() in become_root()/unbecome_root() pairsJeremy Allison2-61/+66
to allow UNIX password change scripts to work correctly. This is safe as the old password has been checked as correct before invoking this. Jeremy. (This used to be commit 1734d43eb55561d46a6ffb5d806afedfd3746f9f)
2003-07-30Add a command line option (-S on|off|required) to enable signing on clientJeremy Allison1-1/+1
connections. Overrides smb.conf parameter if set. Jeremy. (This used to be commit 879309671df6b530e0bff69559422a417da4a307)
2003-07-29Fix bug #226. Stop unmangle of name into a wildcard name from deleting moreJeremy Allison1-9/+20
than was intended. Jeremy. (This used to be commit e2742e0d897a35820a7d8f184292c32a4c3952e3)
2003-07-29Finish tridge's patch as referenced here :Jeremy Allison1-0/+17
make sure we don't allow the creation of directories containing wildcard characters. I've only put this in mkdir at the moment, but I suspect this will apply to all places that can create new filenames. We need to allow the opening of existing filenames that contain wildcards, but not allow the creation of new ones. Jeremy. (This used to be commit 7f111e545d198faa5fa89f6d360db0d5c32a8bd7)
2003-07-27Allow the stat cache to better handle invalid multibyte strings, by usingAndrew Bartlett1-8/+25
strdup_upper(). This function may fail - and we can just drop out of using the cache in that case. (Rather than panicing). This also should get us closer to supporting all of the weird 'longer/shorter' on uppercase/lowercase. Andrew Bartlett (This used to be commit d4c9261725578231079ed83e8e6584f12bd1cc43)
2003-07-27Try again to fix up 'session request' name exchange. This time we actualyAndrew Bartlett1-11/+4
get the names... Andrew Bartlett (This used to be commit 7c9e204f7eb15139532f2cc522ed87d0ac34d118)
2003-07-27Some small fixes to our charset conversion code:Andrew Bartlett1-3/+4
- Treat the NMB names in the 'session request' packet as 'ASCII'. This means that we do not get invalid multibyte from the wire, even if we truncate in the conversion. (Otherwise we panic when we try to strupper_m it). - Remove acnv_uxu2(), as it was duplicated by push_ucs2_allocate() - Remove acnv_dosu2(), as it is not used. - In push_ucs2(), with the STR_UPPER flag, do the case conversion *after* the UCS2 conversion, when it we know that the length can't change. Also faster, as we don't need to do another 2 UCS2 conversions. Andrew Bartlett (This used to be commit 912035af1178424583d0bf887a391a0cac2acd87)
2003-07-25Start the packet signing engine in the kerberos case in the same placeJeremy Allison1-3/+8
as the ntlmssp case. Jeremy. (This used to be commit 79e0bf829875fc985f1940dc31ee418aad910ed6)
2003-07-25More printf portability fixes. Got caught out by some gcc'isms lastTim Potter3-5/+5
time. )-: (This used to be commit 59dae1da66a5eb7e128263bd578f167d8746e9f0)
2003-07-24More printf fixes - size_t is long on some architectures.Tim Potter3-3/+3
(This used to be commit ba4d334b822248d8ab929c9568533431603d967e)
2003-07-24Fix from matt.zinkevicius@hp.com to stop files being created on read-onlyJeremy Allison1-0/+1
shares in some circumstances. Jeremy. (This used to be commit b826e8c8980d26e932da55384f109f0fe6a124c7)
2003-07-24Fix packet signing with asynchronous oplock breaks. Removed bad error messageJeremy Allison1-2/+7
due to w2k bug. I think this code is now working.... Need more testing of course but works on all the obvious cases I can think of. Jeremy. (This used to be commit a6e537f6611cc1357fffea0b69901fba7c9ad6ea)
2003-07-24Rise debug level to 5 for not-found-nt-quota message (quota setting for user ↵Alexander Bokovoy1-1/+1
wasn't found) (This used to be commit 422dffdc40742091df027fcffbc074eb2b1396dc)
2003-07-24Ensure everywhere we defer an incoming SMB request (blocking lock queue,Jeremy Allison4-250/+256
in oplock break state, change notify queue) we also push the MID onto the deferred signing queue. Tomorrow I will test this with valgrind and oplock tests. Jeremy. (This used to be commit 33a377f3726c85379ba5b962dd7c8ead337b892f)
2003-07-24SMB signing is now working with change notify. Need to fix the disconnectJeremy Allison2-1/+3
when bad signature received, plus check the oplock breaks.... Jermey. (This used to be commit dd83931a00ec0a2c4b78b939c54bc101ec82312f)
2003-07-24Server side NTLM signing works - until the first async packet. Working on thisJeremy Allison1-2/+8
next.... Jeremy. (This used to be commit eff74a1fcc597497a4c70589a44c1b70e93ab549)
2003-07-23convert snprintf() calls using pstrings & fstringsGerald Carter2-2/+2
to pstr_sprintf() and fstr_sprintf() to try to standardize. lots of snprintf() calls were using len-1; some were using len. At least this helps to be consistent. (This used to be commit 9f835b85dd38cbe655eb19021ff763f31886ac00)
2003-07-22Fixup a bunch of printf-style functions and debugs to use unsigned long whenTim Potter1-3/+3
displaying pid_t, uid_t and gid_t values. This removes a whole lot of warnings on some of the 64-bit build farm machines as well as help us out when 64-bit uid/gid/pid values come along. (This used to be commit f93528ba007c8800a850678f35f499fb7360fb9a)
2003-07-21Clarify a debug log a little. The path might not exist, so say so.Richard Sharpe1-1/+1
(This used to be commit 8409cf3e470df79f219f9a21c0cb780e9257186c)
2003-07-18make sure we don't allow the creation of directories containingAndrew Tridgell1-1/+5
wildcard characters. I've only put this in mkdir at the moment, but I suspect this will apply to all places that can create new filenames. We need to allow the opening of existing filenames that contain wildcards, but not allow the creation of new ones. (This used to be commit 2fd5569938b8970f3e9d761eecad5bc0b8bb267e)
2003-07-18this fixes a bug where Samba would under some circumstances returnAndrew Tridgell1-1/+7
incomplete directory listings. The problem was the exact_match optimisation that short circuited directory listings on exact matches. This optimisation doesn't work when the unix filename contains Microsoft wildcard characters. (This used to be commit 84cee2c3fcc34fe6356e842821a5f0a361477637)
2003-07-18Signing so far... the client code fails on a SMBtrans2 secondary transactionJeremy Allison4-21/+44
I think (my changes haven't affected this I believe). Initial support on the server side for smbclient. Still doesn't work for w2k clients I think... Work in progress..... (don't change). Jeremy. (This used to be commit e5714edc233424c2f74edb6d658f32f8e0ec9275)
2003-07-17Formatting tidyups to match the rest of the source.Jeremy Allison1-23/+33
Jeremy. (This used to be commit 86c5ebcf8f5eb57e9885627b3da4e486ee3f62d9)
2003-07-17Correctly toggle the signing state to what it was previosly when sendingJeremy Allison1-3/+8
an oplock break. Jeremy. (This used to be commit 9515de83a864250c417cf490b7be714c8e1e127e)
2003-07-17Don't allow read/write raw when signing is active.Jeremy Allison1-0/+8
Jeremy. (This used to be commit 8d2a848052df03dad7bfeb5e7be96f8e9a509bbf)
2003-07-17Putting the framework for server signing in place. Ensure we don't useJeremy Allison1-0/+12
sendfile when signing (I need to add this for readbraw/writebraw too...). Jeremy. (This used to be commit f2e84f1ba67b13ff29e24a38099b559d9033a680)
2003-07-16Add API framework for server SMB signing.Jeremy Allison1-1/+5
Jeremy. (This used to be commit 61fc9a7b2eafdf8cbed1f8d9aae016b828c91a08)
2003-07-16Reformatting fixes to bring in line with the rest of the source.Jeremy Allison1-338/+325
Jeremy. (This used to be commit 3c11d9362379f16bb0d14449f64e731efad97ffe)
2003-07-15Added the "required" keyword to the "client signing" parameter to force itJeremy Allison1-12/+16
on. Fail if missmatch. Small format tidyups in smbd/sesssetup.c. Preparing to add signing on server side. Jeremy. (This used to be commit c390b3e4cd68cfc233ddf14d139e25d40f050f27)
2003-07-11fix sid_to_[uid|gid] (spotted by Volker).Gerald Carter1-87/+37
Still testing this, but I'm checking it in so Volker can test it as well. Should be right. (This used to be commit 8edf193722f699cc33baed410917a78a5e28d0a4)
2003-07-11use names from enumerated type to get rid of compiler warningsHerb Lewis1-3/+3
(This used to be commit c9d6782e091406ed105b7dc34c8c83e53bfe515e)
2003-07-09Fix a small spelling mistake and push out the new version of aclocal.m4 toRichard Sharpe1-1/+1
properly handle iconv on FreeBSD ... It works on Linux and FreeBSD ... (This used to be commit 9302401f543bd3684657b38f046dc52a5a732035)
2003-07-09Large set of changes to add UNIX account/group managementGerald Carter1-6/+17
to winbindd. See README.idmap-and-winbind-changes for details. (This used to be commit 1111bc7b0c7165e1cdf8d90eb49f4c368d2eded6)
2003-07-09Get rid of DISP_USER_INFO/DISP_GROUP_INFO as they serve no usefulJeremy Allison1-0/+4
purpose. Replace with an array of SAM_ACCOUNT/DOMAIN_GRP entries. ZERO struct's in smbd/uid.c stops core dumps when sid_to_XX functions fail. Getting ready to add caching. Jeremy. (This used to be commit 9d0692a54fe2cb087f25796ec2ab5e1d8433e388)
2003-07-09Ensure we correctly test for errors in uid/gid_to sid.Jeremy Allison1-15/+14
Jeremy. (This used to be commit f3c2e73a8c1c592d407542c12c0a445103415bc0)
2003-07-08Moved SAM_ACCOUNT marshall/unmarshall functions to make them externallyJeremy Allison1-2/+0
available. Removed extra auth_init (thanks metze). Jeremy. (This used to be commit 88135fbc4998c266052647f8b8e437ac01cf50ae)
2003-07-07Fix spotted by Nadav Danieli <nadavd@exanet.com> - ensure dev and inodeJeremy Allison1-0/+10
to fix open mode race condition. Jeremy. (This used to be commit cbde1c8dfcd9d3bef956fe073e7108a54b48844b)
2003-07-07Fix from MORIYAMA Masayuki <msyk@mtg.biglobe.ne.jp> for new MB statcacheJeremy Allison1-7/+9
code. Bug #185. Jeremy. (This used to be commit 7a1ac7be42dfb90fd44f2c51810eedcea052386b)
2003-07-07Fixed a couple of const issues with the new code.Jeremy Allison1-1/+1
Jeremy. (This used to be commit e9fb6e45086a6170b6f6d5d3295398708ab1af58)
2003-07-07and so it begins....Gerald Carter2-13/+409
* remove idmap_XX_to_XX calls from smbd. Move back to the the winbind_XXX and local_XXX calls used in 2.2 * all uid/gid allocation must involve winbindd now * move flags field around in winbindd_request struct * add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id() to prevent automatic allocation for unknown SIDs * add 'winbind trusted domains only' parameter to force a domain member server to use matching users names from /etc/passwd for its domain (needed for domain member of a Samba domain) * rename 'idmap only' to 'enable rid algorithm' for better clarity (defaults to "yes") code has been tested on * domain member of native mode 2k domain * ads domain member of native mode 2k domain * domain member of NT4 domain * domain member of Samba domain * Samba PDC running winbindd with trusts Logons tested using 2k clients and smbclient as domain users and trusted users. Tested both 'winbind trusted domains only = [yes|no]' This will be a long week of changes. The next item on the list is winbindd_passdb.c & machine trust accounts not in /etc/passwd (done via winbindd_passdb) (This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
2003-07-06This changes our Unix primary GID behaviour back to what most people expect:Andrew Bartlett1-1/+1
Samba will now use the user's UNIX primary group, as the primary group when dealing with the filesystem. The NT primary group is ignored in unix. For the NT_TOKEN, the primary group is the NT priamry group, and the unix primary group is added to the NT_TOKEN as a supplementary group. This should fix bug #109, but will need to be revisited when we get a full NT group database. Also in this commit: - Fix debug statements in service.c - Make idmap_ldap show if it's adding, or modifying an existing DN - Make idmap_ldap show both the error message and error string (This used to be commit 32e455a714b2090fcfd1f6d73daccf600c15d51b)
2003-07-04This patch cleans up some of our ldap code, for better behaviour:Andrew Bartlett1-7/+13
We now always read the Domain SID out of LDAP. If the local secrets.tdb is ever different to LDAP, it is overwritten out of LDAP. We also store the 'algorithmic rid base' into LDAP, and assert if it changes. (This ensures cross-host synchronisation, and allows for possible integration with idmap). If we fail to read/add the domain entry, we just fallback to the old behaviour. We always use an existing DN when adding IDMAP entries to LDAP, unless no suitable entry is available. This means that a user's posixAccount will have a SID added to it, or a user's sambaSamAccount will have a UID added. Where we cannot us an existing DN, we use 'sambaSid=S-x-y-z,....' as the DN. The code now allows modifications to the ID mapping in many cases. Likewise, we now check more carefully when adding new user entires to LDAP, to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount onto the idmap entry for that user, if it is already established (ensuring we do not duplicate sambaSid entries in the directory). The allocated UID code has been expanded to take into account the space between '1000 - algorithmic rid base'. This much better fits into what an NT4 does - allocating in the bottom part of the RID range. On the code cleanup side of things, we now share as much code as possible between idmap_ldap and pdb_ldap. We also no longer use the race-prone 'enumerate all users' method for finding the next RID to allocate. Instead, we just start at the bottom of the range, and increment again if the user already exists. The first time this is run, it may well take a long time, but next time will just be able to use the next Rid. Thanks to metze and AB for double-checking parts of this. Andrew Bartlett (This used to be commit 9c595c8c2327b92a86901d84c3f2c284dabd597e)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison6-12/+13
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-07-03Missed this in the previous patch - we now have a seperate idea of theAndrew Bartlett1-1/+1
'unix username' from the NT username, in the auth subsystem at least. Andrew Bartlett (This used to be commit df1aa2a669edc9f26007595411720742d7dff5d9)
2003-07-02Fixing problems in the iconv discovery stuff in configure.in.Richard Sharpe1-0/+1
This is the first part of the fix that at least allows configure to walk the list of supplied locations where libiconv etc might be found. aclocal.m4 also needs a fix, as does a later test. (This used to be commit 20786543139c546d112f8f6b6d4d796ee7fed609)
2003-07-02Added fix for Japanese case names in statcache - these can changeJeremy Allison1-2/+33
size on upper casing. Based on patch from monyo@home.monyo.com. Jeremy. (This used to be commit 72e382e99b92666acdaf50a040b14aa16d48b80d)