| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
from Max Khon <max@iclub.nsu.ru>.
chgpasswd.c: Allow old RAP change password to work with encrypted
passwords. Samba can now allow Windows 95/NT clients to securely
change the Lanman password ! (But not the NT hash - that gets lost).
ipc.c:
smbdes.c:
smbpass.c: Support for the above.
server.c: #ifdef'ed out fix for NT redirector bug.
util.c: Fix NIS bug with server name.
Jeremy.
(This used to be commit cd9fad92d0316e5a0007ba3c5668906dc2f011f1)
|
|
server.c: Test fix for NT worstation SMBmv oplock bug.
smbdes.c: Addition of 'forward' parameter in preparation of allowing
password change.
Jeremy.
(This used to be commit 0b0b1fb122a52e67a8fdc77d013ad0b3bbb90d19)
|
|
server.c: Fixed security=share problem where the vuid was still being
looked at.
Jeremy.
(This used to be commit ab8d615fe2004c3ca93dd2978ba988ea89d7fd74)
|
|
(This used to be commit 7b031586ca33a381eb0e27f3557f43c2550df5f8)
|
|
(This used to be commit 440535a0c755cfb55ced8fe537e2251d6a30714f)
|
|
(This used to be commit a307b5155594a12ca978190cc9dec52e203e0fd3)
|
|
PAM silent about it's actions. This reduced error logging for EVERY password
validation request. Refer to password.c PAM section for further info.
Fiels Affected: password.c
(This used to be commit 7a1a8042dd005e26e610a16eaaa693f119b874c7)
|
|
when NT sends up a mdrcnt of zero.
Jeremy.
(This used to be commit 2a75519b8592948b2f35ecca040bd3f88bf89be5)
|
|
2551c2551
< #endif /NO_FORK_DEBUG */
---
> #endif /* NO_FORK_DEBUG */
Chris -)-----
(This used to be commit 954fc7e0d01443f4bfc7157f2dcba2187f6700ec)
|
|
field is invalid.
Jeremy.
(This used to be commit a689ca1ce5c3ffdc753dce329f51a8ede0592f29)
|
|
(This used to be commit 0c82d139e3eb20a00016df30f33835ab5150ecea)
|
|
changes to ipc.c to use new printers.def file
(This used to be commit 52e275c4ccc1b7f0c2ef8d12d28065898a1c89c9)
|
|
Sending nmbd/smbd a SIGUSR1 will raise the debug level by one (capped at 10)
sending a SIGUSR2 will lower it (lower limit at zero).
Jeremy.
(This used to be commit 6a3cb6f4b46129e4d799a24d34cdb9460ed8910f)
|
|
with smb_mode (smb_vwv[3]) of 0x20 == DENY_WRITE + read-only-open.
and smb_ofun (smb_vwv[8]) of 0x11 == Create if not exist plus append
on a read-only share.
This was mapped into the strange unix flags of (O_RDONLY|O_CREAT)
- essentially O_CREAT as O_RDONLY == 0.
We were checking the unix flags directly against O_RDONLY instead
of masking off the open mode flag bits before doing the comparison,
so this open was being refused even though it was valid on a
read-only share.
Also ensured that the O_CREAT bit was masked out of the flags
bit if the open was done on a read-only share (as doing a unix
open( filename, O_RDONLY|O_CREAT, xxx) will create a zero length
file if the user had permission to write into the directory - which
should be denied on a read-only share.
Thanks to Mark Peek @ Whistle for giving me this test case.
Jeremy.
(This used to be commit eae921ac632c8297836b85e909903da0602eac0e)
|
|
Reported by Brian McCauley <B.A.McCauley@bham.ac.uk>.
Jeremy.
(This used to be commit 00067800a25d6f5fe11e833a01d5a7a1e76dcc11)
|
|
Jeremy.
(This used to be commit 3c9292505914e2119fa7b1973c9fbbe1742262b2)
|
|
<hoch@hplcgh.hpl.hp.com>
server.c, util.c: Added fix for oplock break requests blocking due to server being
blocked in read call. Bug found by Charles Hoch <hoch@hplcgh.hpl.hp.com>.
Jeremy.
(This used to be commit 209f894fdbcfbf7a7952b6228342b86e088a9582)
|
|
util.c: Applied fix from Branko Cibej <branko.cibej@hermes.si> where
StrnCaseCmp tests one character too many.
Jeremy.
(This used to be commit cb771b2667070cff8d6cf86998a11ba2e4977690)
|
|
common bug in MS clients where they try to reuse a file descriptor
from an earlier smb connection. This code increases the chance that
the errant client will get an error rather than causing corruption
(This used to be commit 677d7a5a13728d8207dd2e7092c98d026d2d4f3c)
|
|
with doing a dir /s into a unix directory ending in a ':'.
Jeremy.
(This used to be commit 273978b7d72955efcc0e0d9e87438b45f51c163d)
|
|
spaces
(This used to be commit 93f0619e049d1598db0c3022aeccf33910b0550f)
|
|
security by changing a setting in local.h or adding it to their
Makefile. See comment in local.h
(This used to be commit cc10fdf7583ec644850445ad96afd8b22b71e86f)
|
|
(This used to be commit 2b0f3fd14908411472be032ad09144cb71c55479)
|
|
(This used to be commit 979eaf9e9c4dd58f1371597585d4cd64841febd0)
|
|
nameelect.c: Tidied up settings of work->ServerType when unbecoming things.
nmbd.c: Fixed pidFile warning.
server.c: Fixed pidFile warning.
Jeremy.
(This used to be commit 94d53dcac5d06e48be5cea9d54625da795f62d20)
|
|
reply.c: Changed reply_open_and_X to split out the oplock
request bits from core and extended and if an oplock was granted only set
the corresponding bit on reply.
server.c: Added code to dynamically allocate i/o buffers in oplock_break
(prevents recursion problems) , also made reset of sent_oplock_break
explicit.
Jeremy.
(This used to be commit 16e55ee2b8be9a4210d8cf87691cdf42373759d2)
|
|
use the same process_exists() code on all systems (it's probably
faster anyway)
(This used to be commit 901b95aa77ac1ecc45823c23fb4e1d9da8dc8318)
|
|
can't sent a oplock break twice on the same file.
changed some debug levels in the oplock code to level 0 so we can
track down a bug
zero the returned Files[] entry in find_free_file()
don't try to overcome client bugs in the handling of non-encrypted
passwords if in server level security mode
added paranoid null termination of password buffers
slight change to my ajt_panic() routine
(This used to be commit e360c79c9cec681c4609783019749773d3e79386)
|
|
It's fixed properly now :-)
(This used to be commit a6a04b5c6cd35e4b5f4dd4522775961e6315c658)
|
|
files that aren't open if the file happened to close while the oplock
was in transit. We would end up sending a oplock break request on
another random file (actually the open file that happened to have the
highest fnum). Then we wouldn't get a response, so smbd would keep
sending and would actually flood the net with an infinite number of
oplock break requests!
(This used to be commit 0da20e0aecbf3e59bdc649c489a18832403dc9b2)
|
|
(This used to be commit ee3042eefb47bbdbefc83ab3f0f407c7dea4d8a0)
|
|
with local message processing.
reply.c: Added check to reply_lockingX for chain after oplock break.
server.c: Added receive_next_smb().
trans2.c: Changed reply_trans2 to use receive_next_smb() to cope
with local message processing.
(This used to be commit f4ae644e13f2c4479dfc94c77c0a8295edf54086)
|
|
make_printerdef.c: Fixed warning.
quotas.c: Fixed irix root errors.
server.c: Fixed oplock reference count bug.
smb.h: Added IS_VETO_OPLOCK_PATH().
Jeremy.
(This used to be commit c28487df63e29bc0f8d2ece876a07a2a076d4c73)
|
|
outstanding to client. Done to allay Andrews' fears about
readbraw crossing on the wire :-).
Jeremy.
(This used to be commit 2fe8a730d9eeadca22ed1424014181e193ce3d52)
|
|
(This used to be commit a0ab8fe54c27d9f25266c5abfd60458827500dfd)
|
|
remove problems.
Jeremy
(This used to be commit 4a36ac236c2ad634f05efcd0179875d09988614a)
|
|
separated out smb server-mode password validation into a separate file.
added called and calling netbios names to client gen state: referenced
section in rfc1002.txt.
created workstation trust account checking code in ntclient.c
there might be a bug in reply_session_setup_andX. i indented and added { }
around single-line if statements: the lm password checking code now doesn't
look right (around the GUEST_SESSSETUP bits). *no code semantics have been
changed by the indentation process*.
(This used to be commit f27966957fa7f16d337a4a58719239d036deab4c)
|
|
added a #define around the alignment thing: it's a way to stop
NetMonitor from decoding your packets!!!!
proto.h :
usual.
reply.c :
added what i believe to be the correct error messages for getting
correct domain joining.
smb.h :
some guesses at good names of the SAMR_XXXX functions. sorting
out the SAMR_LOOKUP_RIDS function. this is *not* the same as
the LSA_LOOKUP_RIDS function, unless paul accidentally put it
on the ntlsa pipe by mistake, instead of the samr pipe :-)
rpc_pipes/lsa_hnd.c rpc_pipes/pipe_hnd.c :
moved creation and allocation of unique policy handles into this module.
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c rpc_pipes/smbparse.c :
SAMR_LOOKUP_RIDS is beginning to look _suspiciously_ like the
LSA_LOOKUP_RIDS function. but i know that there are subtle
discrepancies.
(This used to be commit 6bc07b0b4193e28b13a675fece8d9d6b365a7eb0)
|
|
mangle.c server.c proto.h
mangle.c
I am planning to replace the mangled_stack array with a proper stack,
but found many style inconsistencies (no, really). As you might expect,
I have standardized on my own preferences. ;)
I also found a potential problem in create_mangled_stack (which I've
renamed as reset_mangled_stack). If the stack size were passed into
the function as 0 or less, there was the possibility that the array
would have been freed twice. I doubt that this ever happens, but I
don't like to leave holes.
Of course, the fix will be irrelevent once I replace the array with
a linked-list-based stack.
server.c
Changed the call to create_mangled_stack() to a call to reset_mangled_stack().
proto.h
Regenerated to match the above changes. (A real comment! How unusual!)
(This used to be commit 34d1b3e4fa7a1158f3a3c5c47adf0417c7144095)
|
|
luke changed it.
proto.h: The usual.
uid.c: Fix crash bug when attaching with smbclient -mCORE. A vuid
pointer was being used when it was null.
Jeremy.
(This used to be commit ff94f97cf2b0f62cbbddbfd3d126df7f4d649334)
|
|
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
(This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
|
|
proto.h: The usual.
server.c: Added timestring() messages to oplock logs. Added fix
to allow file open processing to continue is an oplock
break message times out.
Jeremy.
(This used to be commit c45369217169fac261b32db71469c007db4b4a03)
|
|
loadparm.c : to equivalent to version 1.67
reply.c : to equivalent to version 1.69
server.c : to equivalent to version 1.122
util.c : to equivalent to version 1.98
to remove the incorrect changes.
proto.h: The usual.
rpc_pipes/smbparse.c : Backeting stuff that SHOULD NOT BE IN THE
none-NTDOMAIN build !
Jeremy.
(This used to be commit 6064c9d80fd9fcc3ceec528494ba5e2591610098)
|
|
'<' and '|' characters indicate read file and execute command respectively,
and feed the output into the parameter (!!!).
'<$' and '|$' means run standard_sub_basic() on them.
this is going to be fun to document in smb.conf.5....
also, Christian created a new "online" service parameter. services can
be taken "off-line"....
(This used to be commit 15f44d28916cdc1432bffdbb999c7cf7efd8fb86)
|
|
techniques more accurately.
(This used to be commit 054e3b2ae3a8cfb98fde72becef9b05de34d2ba7)
|
|
don't need to restart smbd after a DST change.
(This used to be commit 2a50d5d5ed4ca7d2b546d7337ec88c527ec82689)
|
|
pipes array.
(This used to be commit 5335d5cdc4659f4676958f0399e2de29a117c133)
|
|
simply adding pipes.o to SMBDOBJ3.
rpc_pipes/pipe_hnd.c :
created pipe handles module.
pipes.c server.c :
use of pipe_hnd functions in SMBopenX and SMBclose, on the IPC$ pipe.
(This used to be commit ada256b5e3b9fb0db988e3be7d47943e7c19b3fb)
|
|
which are pipes on the IPC$ connection.
created mechanism to record pipe names in a separate pipes_struct. it
is planned to expand this, to return sensible things like interface
structures, and policy handles (RPC_IFACE and LSA_POL_HND). and the like.
(This used to be commit 33cce5fac0e2f818a19a6c4e6a797ef44f3b5c75)
|
|
(This used to be commit c0137cd8fe1362beef9ce879cc558869bdf2edfa)
|
