summaryrefslogtreecommitdiff
path: root/source3/smbd
AgeCommit message (Collapse)AuthorFilesLines
2002-08-26Correct fix for nc problem.Jeremy Allison1-1/+2
Jeremy. (This used to be commit 1f81b177182aee7fe24e50ae3cd72d417e81b45a)
2002-08-26Reformatting only before real change.Jeremy Allison1-131/+124
Jeremy. (This used to be commit ac21f280d5030a9c49330be37bd754a1540a238a)
2002-08-26Reverted and tidied up the "special" files patch. Adds "hide special files"Jeremy Allison1-56/+84
option (set to false by default). Made checking for hide unreadable/writable more efficient (less stat calls, less allocating printf calls). Jeremy. (This used to be commit 15ff5a48f94fdc6ed61fb10f063c4fbf8bb5bb2d)
2002-08-26Updates!Andrew Bartlett2-2/+2
- Don't print an uninitialised buffer in service.c - Change some charcnv.c functions to take smb_ucs2_t ** instead of void ** - Update NTLMv2 code to use dynamic buffers - Update experimental SMB signing code - still more work to do - Move sys_getgrouplist() to SAFE_FREE() and do a DEBUG() on initgroups() failure. Andrew Bartlett (This used to be commit de1964f7fa855022258a84556b266100b917444b)
2002-08-24do not expose special files, only files, directories and links (and weSimo Sorce1-51/+49
should really check if a link points to a special file and deny access imho), expose no fifo, socket, devices ... (This used to be commit 59954113348cfb2061fa6bd7dfe7545f614e2891)
2002-08-23Merged initial allocation code for IFSTEST fix.Jeremy Allison2-24/+63
Jeremy. (This used to be commit 095e2bf9469a4c26814fb049f2870983c090ed81)
2002-08-22move where got_sig_term and reload_after_sighup are defined.Herb Lewis2-6/+4
populate cli structure with called name and calling name even for port 445 connects. (This used to be commit 123eee6206d9afb28c169540dc63824957b505f4)
2002-08-22made the CAP_UNIX test a bit cleanerAndrew Tridgell1-1/+5
(This used to be commit 8c8b0dd381f357bdd204fd6b5d50b78765e93090)
2002-08-22reload_after_sighup and got_sig_term are defined in server.cHerb Lewis1-2/+2
(This used to be commit 667e2fe32f111ce840fe3be028c61497d54d6b3d)
2002-08-22Remember to check for UNIX extensions before saying we support them.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 2c7ad907eb5e1838b6430940cb5289489fad4bb0)
2002-08-22We were returning incorrect flags in smb_action....Jeremy Allison1-6/+9
IFSTEST strikes again :-). Jeremy. (This used to be commit 4e0a2564302bdb18087e395576208fa0f0c5c32e)
2002-08-22Ensure we don't change to a user that we can't get an NT_TOKEN for.Andrew Bartlett1-0/+4
(This used to be commit 9416289b571b1c838239e5342bb6148041ab681b)
2002-08-22Fixed IFSTEST errors with OpenParams... more to go.Jeremy Allison1-9/+9
Jeremy. (This used to be commit 31a0c4ac33e89be4a27ff697dd3850fe6578e75f)
2002-08-21Fix longstanding bug in Win2k clients by clearing the shortnameJeremy Allison1-0/+5
buffer before returning ascii short name. Jeremy. (This used to be commit d01bbd42ff043d9fb0dc40dc4e207da8df0c9c14)
2002-08-20IFSTEST fixes for open fid, nametoolong.Jeremy Allison1-0/+15
Jeremy. (This used to be commit e53a81261ed189881c0f07e1b46f97aa6770cab7)
2002-08-20Based orginally by work by Kai, this patch moves our NT_TOKEN generation intoAndrew Bartlett5-156/+101
our authenticaion code - removing some of the duplication from the current code. This also gets us *much* closer to supporting a real SAM backend, becouse the SAM can give us the right info then. This also changes our service.c code, so that we do a VUID (rather than uid) cache on the connection struct, and do full NT ACL/NT_TOKEN checks (or cached equivilant) on every packet, for the same r or rw mode the whole share was open for. Andrew Bartlett (This used to be commit d8122cee059fc7098bfa7e42e638a9958b3ac902)
2002-08-19Added comment about our implementation of the trans2Tim Potter1-1/+6
SMB_FILE_INTERNAL_INFORMATION possibly causing the failure of one of the IFSKIT tests. (This used to be commit ca73d24307fcf60e4b7bfe574287b2a84c5d86c8)
2002-08-19IFS kit test - don't allow TEMP attribute on directory open.Jeremy Allison1-0/+12
Jeremy. (This used to be commit 81eacd926bd1f7054522351e1bd24a2192dcbbc1)
2002-08-18round lock timeouts in lockingX upwards to multiples of 1 second, so aAndrew Tridgell1-1/+1
half second timout rounds to 1 not 0 (This used to be commit 282a64b085162a58560175d14e7ceaef3d6cc9cc)
2002-08-18added exact timing semantics on blocking locksAndrew Tridgell2-12/+27
(This used to be commit aed32eb412cab7f6d0959f9faaaebdb320b2b6a8)
2002-08-18A new utility to test VFS system and modulesSimo Sorce1-1/+1
Just now it is acommandline tool like smbclient and rpcclient that is able to perform operations on the file system passing through the vfs layer It is not complete yet, some functions have simply faked up data, but module loading works yet and basic operations too. Thanks to Eric Lorimer for helping out with the initial setup. Simo. (This used to be commit 42ae5eb82657d4905bdaf247286f95599380afbb)
2002-08-17get the error code right in case of a blocking lock timeout.Andrew Tridgell1-1/+1
(This used to be commit 01d35694ae0497ee11a7677eecc597336e6b59ca)
2002-08-17amazing! we've had a reversed comparison in our blocking lock codeAndrew Tridgell1-1/+1
since 1998 and nobody noticed. It means that sometimes smbd would sit there forever, and smbd would never get the timing part of blocking locks right. (This used to be commit 5d4df58b6d4de548d8aa0a49ec307dce7cd1515a)
2002-08-17Change which session key we negotiate. This uses the NT-based session key thatAndrew Bartlett1-1/+1
we previously expected, rather than the LM based key. A Win2k SPNEGO enabled join goes a *lot* further with this option on. Andrew Bartlett (This used to be commit b224938e4e843288630cdc7c3c3931b241bd0e1a)
2002-08-17Add const.Andrew Bartlett1-1/+1
(This used to be commit fb28abd120310a591bdf5fa1afc5521443c3d34c)
2002-08-17Add 'const'.Andrew Bartlett1-1/+1
(This used to be commit 8955f3d63a9d9e5da76331996fba42dc105737da)
2002-08-17Becouse of changes to the meaning of this feild over time, this doesn'tAndrew Bartlett1-5/+0
actually work. Also, the idea of 'loopback winbind' isn't that bad an idea anyway (potential PDC/BDC applications). Given all that, remove it... Andrew Bartlett (This used to be commit fc0d6e53fce1d05b16ec58c0bdc38aa8da4422c0)
2002-08-16Re-add the last empty item to the NTLMSSP info list, but this time do itJim McDonough1-3/+4
with an empty string, not a NULL pointer... Also, check for security=ads before giving a kerberos spnego response. (This used to be commit 6eca417d1c29c7c18455f8290cad86fb1444e615)
2002-08-16Add some const to the 'in' paramaters for these functions.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 23f332178526877e9670515eb7c614b81fca21a9)
2002-08-16Fix segfault in the new NTLMSSP code. jmcd: can you look at this - whatAndrew Bartlett1-3/+2
exactly were you trying to do here? Andrew Bartlett (This used to be commit 81b675b54d86d196fb2035dc5d22781160518beb)
2002-08-16Merge of netbios namecache code from APPLIANCE_HEAD.Tim Potter1-0/+2
Tridge suggested a generic caching mechanism for Samba to avoid the proliferation of little cache files hanging around limpet like in the locks directory. Someone should probably implement this at some stage. (This used to be commit dad31483b3bd1790356ef1e40ac62624a403bce8)
2002-08-15Fix NTLMSSP challenge command and auth response. We can now service joinsJim McDonough1-31/+37
from win2k AND still use SPNEGO (provided you don't build with kerberos...I still have to fix that, as we are not properly falling back). (This used to be commit 1f9b3d46c7c99e84b2983220f79613b7420c5ced)
2002-08-12Bugfix for problem pointed out by Sean Trace <Sean.Trace@aveva.com>. We can'tJeremy Allison1-10/+13
check for POSIX errors in the blocking lock code as we may have never made a POSIX call (could have denied lock before POSIX checked). Jeremy. (This used to be commit 8403253f277299f566f2931fdec53b6e4ece376e)
2002-08-12Add RESOLVE_DFSPATH to mkdir operations in HEAD.Shirish Kalele1-0/+2
(This used to be commit cbb6e2fbdb42964107cf033c787a32cedd46e5d8)
2002-08-11Make 'remote_machine' private to lib/substitute.c, and fix all the user to useAndrew Bartlett8-18/+9
the new accessor functions. Andrew Bartlett (This used to be commit f393de2310e997d05674eb7f1268655373e03647)
2002-08-10Fix the %m security bug again - and try to make it harder to reintroduce inAndrew Bartlett3-20/+13
future. This moves us from fstrcpy() and global variables to 'get' and 'set' functions. In particular, the 'set' function sainity-checks the input, in the same way as we always have. Andrew Bartlett (This used to be commit e57a896f06b16fe7e336e1ae63a0c9e4cc75fd36)
2002-08-05This fixes a number of ADS problems, particularly with netbioslessAndrew Tridgell3-5/+18
setups. - split up the ads structure into logical pieces. This makes it much easier to keep things like the authentication realm and the server realm separate (they can be different). - allow ads callers to specify that no sasl bind should be performed (used by "net ads info" for example) - fix an error with handing ADS_ERROR_SYSTEM() when errno is 0 - completely rewrote the code for finding the LDAP server. Now try DNS methods first, and try all DNS servers returned from the SRV DNS query, sorted by closeness to our interfaces (using the same sort code as we use in replies from WINS servers). This allows us to cope with ADS DCs that are down, and ensures we don't pick one that is on the other side of the country unless absolutely necessary. - recognise dnsRecords as binary when displaying them - cope with the realm not being configured in smb.conf (work it out from the LDAP server) - look at the trustDirection when looking up trusted domains and don't include trusts that trust our domains but we don't trust theirs. - use LDAP to query the alternate (netbios) name for a realm, and make sure that both and long and short forms of the name are accepted by winbindd. Use the short form by default for listing users/groups. - rescan the list of trusted domains every 5 minutes in case new trust relationships are added while winbindd is running - include transient trust relationships (ie. C trusts B, B trusts A, so C trusts A) in winbindd. - don't do a gratuituous node status lookup when finding an ADS DC (we don't need it and it could fail) - remove unused sid_to_distinguished_name function - make sure we find the allternate name of our primary domain when operating with a netbiosless ADS DC (using LDAP to do the lookup) - fixed the rpc trusted domain enumeration to support up to approx 2000 trusted domains (the old limit was 3) - use the IP for the remote_machine (%m) macro when the client doesn't supply us with a name via a netbios session request (eg. port 445) - if the client uses SPNEGO then use the machine name from the SPNEGO auth packet for remote_machine (%m) macro - add new 'net ads workgroup' command to find the netbios workgroup name for a realm (This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
2002-08-02Merge of print notify fixes from APPLIANCE_HEAD.Tim Potter1-0/+5
(This used to be commit 7bf9ca6ca36fa319a57eab05567d49a003237bb5)
2002-08-01Fixed compiler warning.Tim Potter1-1/+1
(This used to be commit 81322f4d63095d828be7983eb4b47775abe8d33f)
2002-08-01make sure we null terminate plaintext passwordsAndrew Tridgell1-1/+1
(This used to be commit cf2abf677ed9942d841ef61ffb2565244c8979ac)
2002-07-31Rework parinioa to ensure we never get passwords longer than MAX_PASS_LEN, norAndrew Bartlett1-18/+11
longer than the buffer they claim to be in. Many thanks to tridge for explaining the macros. Andrew Bartlett (This used to be commit 3efd462bf2f1ed50c108c2b8ddecc461d002745d)
2002-07-31fixed the length checking for plaintext passwords (thanks to andrewbAndrew Tridgell1-2/+11
for spotting this) (This used to be commit d4c905e5a0a67c8e01a4fcf78aa992a3b7beff02)
2002-07-31fix debug, at idra's suggestion.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit bc17b91c2f1a1df58614b67bff94f228be6b9bb2)
2002-07-31added support for smbd listening on port 445 and 139. It now listensAndrew Tridgell1-45/+80
on both by default, and you can specify a list of ports to listen on either with "smb ports = " in smb.conf or using the -p option to smbd. this is needed for proper netbiosless operation. (This used to be commit 5dee0a7b5e0fcb298a9d36661c80e60d8b9bcc3a)
2002-07-30this fixes plaintext passwords with win2000Andrew Tridgell2-5/+8
there were 2 bugs: 1) we were sending a null challenge when we should have sent an empty challenge 2) the password can be in unicode if unicode is negotiated. This means our client code was wrong too :( (This used to be commit 1a6dfddf6788b30fc81794b1bfe749693183b2c1)
2002-07-30always include the (void) for void fns ...Andrew Tridgell1-1/+1
(This used to be commit deff1f96232b328fb5f5bb49a23eb4cda11fd330)
2002-07-30OK!Simo Sorce2-40/+130
Finally the cascaded VFS patch is in. Testing is very welcome, specially with layered multiple vfs modules. A big thank to Alexander Bokovoy for his work and patience :) Simo. (This used to be commit 56283601afe1836dafe0580532f014e29593c463)
2002-07-30Update a pile of Samba's SID lookup code to ensure:Andrew Bartlett1-35/+39
- That we never call winbind recursivly - That we never use an 'algorithmic' RID when we have a fixed uid or gid mapping in either the passdb or the group mapping db. Also, remove restrictions that say 'this domain only'. If we have a mapping configured, allow it to be returned. If we later decide certian mappings are invalid, then we sould put that in the code that actually does the map. Allow 'sid->name' transtations on the fixed 'well known' groups for NT, even if they are not represented by Unix groups yet. Andrew Bartlett (This used to be commit d5bafb224337e393420c2ce9c0a787405314713c)
2002-07-29introduced a get_file_size() macro in trans2.c to make it easier toAndrew Tridgell1-19/+21
experiment with file size returns (This used to be commit c529cee0b2925184376e3a14e83fa99b3636d4ce)
2002-07-29an initial fix for handling sparse files in smbdAndrew Tridgell3-72/+111
This gets my test code working, where we previously failed with files above 20G in size. I'm still not completely happy with this. There are just too many fields in trans2.c that we don't fill in. (This used to be commit 7dfdb456d4c9bcf6ecb1f7e5c5e79989f95e5627)