summaryrefslogtreecommitdiff
path: root/source3/smbd
AgeCommit message (Collapse)AuthorFilesLines
1998-01-15reply.c: Added timestamp to attack warning.Jeremy Allison2-1/+3
server.c: Fixed security=share problem where the vuid was still being looked at. Jeremy. (This used to be commit ab8d615fe2004c3ca93dd2978ba988ea89d7fd74)
1998-01-12*** empty log message ***Andrew Tridgell3-11/+33
(This used to be commit 7b031586ca33a381eb0e27f3557f43c2550df5f8)
1998-01-11*** empty log message ***Andrew Tridgell1-0/+5
(This used to be commit 440535a0c755cfb55ced8fe537e2251d6a30714f)
1998-01-11*** empty log message ***Andrew Tridgell1-3/+3
(This used to be commit a307b5155594a12ca978190cc9dec52e203e0fd3)
1998-01-10Following discussions with Cristian Gafton (Red Hat) we have decided to makeJohn Terpstra1-2/+8
PAM silent about it's actions. This reduced error logging for EVERY password validation request. Refer to password.c PAM section for further info. Fiels Affected: password.c (This used to be commit 7a1a8042dd005e26e610a16eaaa693f119b874c7)
1998-01-10ipc.c: Fixed problem where we were not returning 'buffer too small'Jeremy Allison1-2/+2
when NT sends up a mdrcnt of zero. Jeremy. (This used to be commit 2a75519b8592948b2f35ecca040bd3f88bf89be5)
1998-01-08Fixed an apparent typo:Christopher R. Hertel1-1/+1
2551c2551 < #endif /NO_FORK_DEBUG */ --- > #endif /* NO_FORK_DEBUG */ Chris -)----- (This used to be commit 954fc7e0d01443f4bfc7157f2dcba2187f6700ec)
1998-01-07Ensure that if we are in share mode security that the smb_uidJeremy Allison1-1/+2
field is invalid. Jeremy. (This used to be commit a689ca1ce5c3ffdc753dce329f51a8ede0592f29)
1998-01-02fix printer driver rpc to prevent core dumps.Herb Lewis1-65/+73
(This used to be commit 0c82d139e3eb20a00016df30f33835ab5150ecea)
1998-01-01fixes to make_printerdef.c to generate a correct printers.def fileHerb Lewis1-12/+37
changes to ipc.c to use new printers.def file (This used to be commit 52e275c4ccc1b7f0c2ef8d12d28065898a1c89c9)
1997-12-24Added SIGUSR1/SIGUSR2 handling.Jeremy Allison1-1/+12
Sending nmbd/smbd a SIGUSR1 will raise the debug level by one (capped at 10) sending a SIGUSR2 will lower it (lower limit at zero). Jeremy. (This used to be commit 6a3cb6f4b46129e4d799a24d34cdb9460ed8910f)
1997-12-23Fixed nastly little bug where client was sending open_and_X callJeremy Allison1-4/+23
with smb_mode (smb_vwv[3]) of 0x20 == DENY_WRITE + read-only-open. and smb_ofun (smb_vwv[8]) of 0x11 == Create if not exist plus append on a read-only share. This was mapped into the strange unix flags of (O_RDONLY|O_CREAT) - essentially O_CREAT as O_RDONLY == 0. We were checking the unix flags directly against O_RDONLY instead of masking off the open mode flag bits before doing the comparison, so this open was being refused even though it was valid on a read-only share. Also ensured that the O_CREAT bit was masked out of the flags bit if the open was done on a read-only share (as doing a unix open( filename, O_RDONLY|O_CREAT, xxx) will create a zero length file if the user had permission to write into the directory - which should be denied on a read-only share. Thanks to Mark Peek @ Whistle for giving me this test case. Jeremy. (This used to be commit eae921ac632c8297836b85e909903da0602eac0e)
1997-12-23Fixed security bug when 'force user' and 'user only' are set.Jeremy Allison1-2/+5
Reported by Brian McCauley <B.A.McCauley@bham.ac.uk>. Jeremy. (This used to be commit 00067800a25d6f5fe11e833a01d5a7a1e76dcc11)
1997-12-23Fixes to compile under OpenBSD from "Todd T. Fries" <toddf@acm.org>Jeremy Allison1-10/+10
Jeremy. (This used to be commit 3c9292505914e2119fa7b1973c9fbbe1742262b2)
1997-12-20loadparm.c: Added fix for veto oplock files bug from Charles Hoch ↵Jeremy Allison1-0/+9
<hoch@hplcgh.hpl.hp.com> server.c, util.c: Added fix for oplock break requests blocking due to server being blocked in read call. Bug found by Charles Hoch <hoch@hplcgh.hpl.hp.com>. Jeremy. (This used to be commit 209f894fdbcfbf7a7952b6228342b86e088a9582)
1997-12-20trans2.c: Forced trans2_findfirst to behave as NT does in error returns.Jeremy Allison1-23/+9
util.c: Applied fix from Branko Cibej <branko.cibej@hermes.si> where StrnCaseCmp tests one character too many. Jeremy. (This used to be commit cb771b2667070cff8d6cf86998a11ba2e4977690)
1997-12-14give out file handles differently on each new connection because of aAndrew Tridgell1-10/+29
common bug in MS clients where they try to reuse a file descriptor from an earlier smb connection. This code increases the chance that the errant client will get an error rather than causing corruption (This used to be commit 677d7a5a13728d8207dd2e7092c98d026d2d4f3c)
1997-12-12Fixed bug reported by Gert-Jan Vons <Gert-Jan.Vons@ocegr.fr>Jeremy Allison1-0/+12
with doing a dir /s into a unix directory ending in a ':'. Jeremy. (This used to be commit 273978b7d72955efcc0e0d9e87438b45f51c163d)
1997-12-03allow local_machine and remote_machine (%L and %m macros) to containAndrew Tridgell1-6/+2
spaces (This used to be commit 93f0619e049d1598db0c3022aeccf33910b0550f)
1997-12-03allow users to disable the NetWkstaUserLogon call in server levelAndrew Tridgell1-0/+2
security by changing a setting in local.h or adding it to their Makefile. See comment in local.h (This used to be commit cc10fdf7583ec644850445ad96afd8b22b71e86f)
1997-12-02changing the comment in find_new_file() to say why a base of 1 is usedAndrew Tridgell1-2/+1
(This used to be commit 2b0f3fd14908411472be032ad09144cb71c55479)
1997-12-02HPUX trusted systems need to use bigcrypt() not crypt()Andrew Tridgell1-0/+4
(This used to be commit 979eaf9e9c4dd58f1371597585d4cd64841febd0)
1997-12-02asyncdns.c: Removed warning when compiling with -DSYNC_DNS.Jeremy Allison1-1/+3
nameelect.c: Tidied up settings of work->ServerType when unbecoming things. nmbd.c: Fixed pidFile warning. server.c: Fixed pidFile warning. Jeremy. (This used to be commit 94d53dcac5d06e48be5cea9d54625da795f62d20)
1997-11-30clientgen.c: Added cli_mv() (used in a recent torture test).Jeremy Allison2-24/+58
reply.c: Changed reply_open_and_X to split out the oplock request bits from core and extended and if an oplock was granted only set the corresponding bit on reply. server.c: Added code to dynamically allocate i/o buffers in oplock_break (prevents recursion problems) , also made reset of sent_oplock_break explicit. Jeremy. (This used to be commit 16e55ee2b8be9a4210d8cf87691cdf42373759d2)
1997-11-29use -1 not 0xffffffff in SIVALS() macrosAndrew Tridgell1-4/+4
use the same process_exists() code on all systems (it's probably faster anyway) (This used to be commit 901b95aa77ac1ecc45823c23fb4e1d9da8dc8318)
1997-11-29added a sent_oplock_break element to Files[] as a paranoia check so weAndrew Tridgell2-10/+24
can't sent a oplock break twice on the same file. changed some debug levels in the oplock code to level 0 so we can track down a bug zero the returned Files[] entry in find_free_file() don't try to overcome client bugs in the handling of non-encrypted passwords if in server level security mode added paranoid null termination of password buffers slight change to my ajt_panic() routine (This used to be commit e360c79c9cec681c4609783019749773d3e79386)
1997-11-28there was a bug in my oplock bugfix :-)Andrew Tridgell1-3/+3
It's fixed properly now :-) (This used to be commit a6a04b5c6cd35e4b5f4dd4522775961e6315c658)
1997-11-28fixed a very nasty oplock bug. We could send oplock break requests onAndrew Tridgell1-3/+4
files that aren't open if the file happened to close while the oplock was in transit. We would end up sending a oplock break request on another random file (actually the open file that happened to have the highest fnum). Then we wouldn't get a response, so smbd would keep sending and would actually flood the net with an infinite number of oplock break requests! (This used to be commit 0da20e0aecbf3e59bdc649c489a18832403dc9b2)
1997-11-20added some debug lines to the rename codeAndrew Tridgell1-4/+13
(This used to be commit ee3042eefb47bbdbefc83ab3f0f407c7dea4d8a0)
1997-11-18ipc.c: Changed reply_trans to use receive_next_smb() to copeJeremy Allison4-8/+59
with local message processing. reply.c: Added check to reply_lockingX for chain after oplock break. server.c: Added receive_next_smb(). trans2.c: Changed reply_trans2 to use receive_next_smb() to cope with local message processing. (This used to be commit f4ae644e13f2c4479dfc94c77c0a8295edf54086)
1997-11-17loadparm.c : Added "veto oplock files" parameter.Jeremy Allison2-5/+18
make_printerdef.c: Fixed warning. quotas.c: Fixed irix root errors. server.c: Fixed oplock reference count bug. smb.h: Added IS_VETO_OPLOCK_PATH(). Jeremy. (This used to be commit c28487df63e29bc0f8d2ece876a07a2a076d4c73)
1997-11-11Left global_oplock_break set while request to break oplock isJeremy Allison1-4/+5
outstanding to client. Done to allay Andrews' fears about readbraw crossing on the wire :-). Jeremy. (This used to be commit 2fe8a730d9eeadca22ed1424014181e193ce3d52)
1997-11-11auto-create the locks directory on startupAndrew Tridgell1-0/+4
(This used to be commit a0ab8fe54c27d9f25266c5abfd60458827500dfd)
1997-11-10Rolled back tree state to 11:59pm 8th November 1997 EST toJeremy Allison3-110/+212
remove problems. Jeremy (This used to be commit 4a36ac236c2ad634f05efcd0179875d09988614a)
1997-11-09attempting to mark up 32 bit error codes, needed for NT domains.Luke Leighton3-212/+110
separated out smb server-mode password validation into a separate file. added called and calling netbios names to client gen state: referenced section in rfc1002.txt. created workstation trust account checking code in ntclient.c there might be a bug in reply_session_setup_andX. i indented and added { } around single-line if statements: the lm password checking code now doesn't look right (around the GUEST_SESSSETUP bits). *no code semantics have been changed by the indentation process*. (This used to be commit f27966957fa7f16d337a4a58719239d036deab4c)
1997-11-07ipc.c :Luke Leighton2-1/+15
added a #define around the alignment thing: it's a way to stop NetMonitor from decoding your packets!!!! proto.h : usual. reply.c : added what i believe to be the correct error messages for getting correct domain joining. smb.h : some guesses at good names of the SAMR_XXXX functions. sorting out the SAMR_LOOKUP_RIDS function. this is *not* the same as the LSA_LOOKUP_RIDS function, unless paul accidentally put it on the ntlsa pipe by mistake, instead of the samr pipe :-) rpc_pipes/lsa_hnd.c rpc_pipes/pipe_hnd.c : moved creation and allocation of unique policy handles into this module. rpc_pipes/pipesamr.c rpc_pipes/samrparse.c rpc_pipes/smbparse.c : SAMR_LOOKUP_RIDS is beginning to look _suspiciously_ like the LSA_LOOKUP_RIDS function. but i know that there are subtle discrepancies. (This used to be commit 6bc07b0b4193e28b13a675fece8d9d6b365a7eb0)
1997-11-07Modified Files:Christopher R. Hertel2-242/+317
mangle.c server.c proto.h mangle.c I am planning to replace the mangled_stack array with a proper stack, but found many style inconsistencies (no, really). As you might expect, I have standardized on my own preferences. ;) I also found a potential problem in create_mangled_stack (which I've renamed as reset_mangled_stack). If the stack size were passed into the function as 0 or less, there was the possibility that the array would have been freed twice. I doubt that this ever happens, but I don't like to leave holes. Of course, the fix will be irrelevent once I replace the array with a linked-list-based stack. server.c Changed the call to create_mangled_stack() to a call to reset_mangled_stack(). proto.h Regenerated to match the above changes. (A real comment! How unusual!) (This used to be commit 34d1b3e4fa7a1158f3a3c5c47adf0417c7144095)
1997-11-06ipc.c: Changing back arbitrary alignment change until I know *why*Jeremy Allison2-2/+2
luke changed it. proto.h: The usual. uid.c: Fix crash bug when attaching with smbclient -mCORE. A vuid pointer was being used when it was null. Jeremy. (This used to be commit ff94f97cf2b0f62cbbddbfd3d126df7f4d649334)
1997-11-06following a cvs error, i am rewriting this monster-commit. with bad grace.Luke Leighton5-7/+24
Modified Files: --------------- Makefile: adding extra files ipc.c : send_trans_reply() - alignment issue. this makes the alignment the same as that in NT. this should be looked at by people who understand the SMB stuff better than i. api_fd_commands[] - added samr and wkssvc pipes. loadparm.c : lp_domain_controller() changed to mean "samba is a domain controller". it's a "yes/no" parameter, now. no, it isn't used _anywhere_. namedbwork.c nameelect.c : if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the host _and_ workgroup announcements. yes, you must do both: nt does. namelogon.c : important NETLOGON bug in SAMLOGON request parsing, which may be the source of some people's problems with logging on to the Samba PDC. password.c : get_smbpwnam() renamed to get_smbpwd_entry(). pipes.c : added samr and wkssvc pipes. proto.h : usual. can we actually _remove_ proto.h from the cvs tree, and have it as one of the Makefile dependencies, or something? reply.c : get_smbpwnam() renamed to get_smbpwd_entry() - also changed response error code when logging in from a WORKSTATION$ account. yes, paul is right: we need to know when to return the right error code, and why. server.c : added call to reset_chain_pnum(). #ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy, you'd be proud: i did a compile without NTDOMAIN, and caught a link error for this function. smb.h : defines and structures for samr and wkssvc pipes. smbpass.c : modified get_smbpwnam() to get_smbpwd_entry() and it now takes two arguments. one for the name; if this is null, it looks up by smb_userid instead. oh, by the way, smb_userids are actually domain relative ids (RIDs). concatenate a RID with the domain SID, and you have an internet globally unique way of identifying a user. we're using RIDs in the wrong way.... added mod_smbpwnam() function. this was based on code in smbpasswd.c rpc_pipes/lsaparse.c : added enum trusted domain parsing. this is incomplete: i need a packet trace to write it properly. rpc_pipes/pipe_hnd.c : added reset_chain_pnum() function. rpc_pipes/pipenetlog.c : get_smbpwnam() function renamed to get_smbpwd_entry(). arcfour() issues. removed capability of get_md4pw() function to automatically add workstation accounts. this should either be done using smbpasswd -add MACHINE$, or by using \PIPE\samr. rpc_pipes/pipe_util.c : create_pol_hnd() - creates a unique LSA Policy Handle. overkill function: uses a 64 bit sequence number; current unix time and the smbd pid. rpc_pipes/smbparse.c : arcfour() issues. smb_io_unistr2() should advance by uni_str_len not uni_max_len. smb_io_smb_hdr_rb() - request bind uses uint16 for the context id, and uint8 for the num_syntaxes. oops, i put these both as uint32s. Added Files: ------------ rpc_pipes/lsa_hnd.c : on the samr pipe, allocate and associate an LSA Policy Handle with a SID. you receive queries with the LSA Policy Handle, and have to turn this back into a SID in order to answer the query... rpc_pipes/pipesamr.c rpc_pipes/samrparse.c \PIPE\samr processing. samr i presume is the SAM Replication pipe. rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c \PIPE\wkssvc processing. the Workstation Service pipe? holy cow. (This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
1997-11-06local.h: Added OPLOCK_BREAK_TIMEOUT_FUDGEFACTOR.Jeremy Allison1-34/+46
proto.h: The usual. server.c: Added timestring() messages to oplock logs. Added fix to allow file open processing to continue is an oplock break message times out. Jeremy. (This used to be commit c45369217169fac261b32db71469c007db4b4a03)
1997-11-03Rolling back the filesJeremy Allison2-17/+10
loadparm.c : to equivalent to version 1.67 reply.c : to equivalent to version 1.69 server.c : to equivalent to version 1.122 util.c : to equivalent to version 1.98 to remove the incorrect changes. proto.h: The usual. rpc_pipes/smbparse.c : Backeting stuff that SHOULD NOT BE IN THE none-NTDOMAIN build ! Jeremy. (This used to be commit 6064c9d80fd9fcc3ceec528494ba5e2591610098)
1997-11-02Christian Lademann's contribution: new capabilities in smb.conf.Luke Leighton2-10/+17
'<' and '|' characters indicate read file and execute command respectively, and feed the output into the parameter (!!!). '<$' and '|$' means run standard_sub_basic() on them. this is going to be fun to document in smb.conf.5.... also, Christian created a new "online" service parameter. services can be taken "off-line".... (This used to be commit 15f44d28916cdc1432bffdbb999c7cf7efd8fb86)
1997-11-01a simple SMB torture tester. This will allow us to evaluate lockingAndrew Tridgell1-4/+1
techniques more accurately. (This used to be commit 054e3b2ae3a8cfb98fde72becef9b05de34d2ba7)
1997-11-01re-initialise the timezone on each new connection. This means youAndrew Tridgell1-0/+3
don't need to restart smbd after a DST change. (This used to be commit 2a50d5d5ed4ca7d2b546d7337ec88c527ec82689)
1997-10-30storing pipe name state (from set named pipe handle state call) in theLuke Leighton2-19/+20
pipes array. (This used to be commit 5335d5cdc4659f4676958f0399e2de29a117c133)
1997-10-30Makefile:Luke Leighton3-78/+7
simply adding pipes.o to SMBDOBJ3. rpc_pipes/pipe_hnd.c : created pipe handles module. pipes.c server.c : use of pipe_hnd functions in SMBopenX and SMBclose, on the IPC$ pipe. (This used to be commit ada256b5e3b9fb0db988e3be7d47943e7c19b3fb)
1997-10-30removed mechanism that created actual files NETLOGON, lsarpc and the like,Luke Leighton3-80/+111
which are pipes on the IPC$ connection. created mechanism to record pipe names in a separate pipes_struct. it is planned to expand this, to return sensible things like interface structures, and policy handles (RPC_IFACE and LSA_POL_HND). and the like. (This used to be commit 33cce5fac0e2f818a19a6c4e6a797ef44f3b5c75)
1997-10-29zero data parameter being passed to smb_io_rpc_hdr(), which couldn't cope.Luke Leighton1-1/+1
(This used to be commit c0137cd8fe1362beef9ce879cc558869bdf2edfa)
1997-10-29ipc.c ntclientpipe.c:Luke Leighton1-10/+14
response to Bind Acknowledgment needs a lookup table for the PIPE string (secondary address in RPC_HDR_BA structure). smbparse.c util.c : interesting problem, i think caused by us typecasting a uint16* buffer to char*. found on a SPARC. (This used to be commit 420408ee83902faa6cf871f26e93ad5efb483727)
1997-10-29ipc.c :Luke Leighton1-1/+12
bind ack should contain \PIPE\pipename not just pipename. ntclientpipe.c : sanity in bind ack: pipe name checks; transfer syntax checks; reason checks. (This used to be commit c2e2197e9d87795bda0198247c7bb132fe586fc1)