IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
smb.h: Removed comments no longer valid.
smbpass.c: Stopped dummy function from being prototyped.
util.c: Fix for multibyte char problems with strlower, strupper
and string_replace.
Jeremy.
be supported. there are some stub routines in passdb.c which can be
copied into a password database api which do conversion. the module
writer can choose which of these to provide full support for instead
of using the conversion routines.
- added support for some of the new passdb_ops functions.
- removed functions that are supported "indirectly" through passdb.c
nisppass.c :
- modified make_nisname_from_xxx() functions to take a "file" arg.
- turned getnisp21pwuid() into getnisp21pwrid(). getnisp21pwuid()
functionality is available through "indirect" support in passdb.c
- removed functions that are supported "indirectly" through passdb.c
- added support for some of the new passdb_ops functions.
passdb.c :
- created getsam21pwrid() function to go alongside getsam21pwuid.
it is not expected that getsam21pwuid ever be used, certainly
not from the lib/rpc code.
- created getsamdisprid() and getsamdispent(). these are primarily
for support of SamrQueryDisplayInfo, however given that they
[struct sam_disp_info] return username, rid and fullname, there may
be further instances where these functions will be useful.
- added support where either the get/add/mod-smb or get/add/mod-sam21
functions are optional. this can be done very easily by checking
whether the struct passdb_ops table functions are NULL or not.
documented this capability in the notes at the top of the module.
- where unix uid was referenced, use uid_t.
- where unix gid was referenced, use gid_t.
smb.h :
- added sam_disp_info functions to passdb_ops.
- added getsam21pwrid() function.
smbpass.c :
- added reference to iterate_getsam21pwrid().
lib/rpc/server/srv_samr.c :
- removed group rid code added to get_user_info_21() code: this
had been added in the wrong place. the client / server should
already know whether it wants to do a lookup by user rid or
by group rid.
the test of whether the rid is a user or group rid has been left
in because this may become useful consistency-check code.
- converted back to getsam21pwrid() not
getsam21pwuid(pdb_user_rid_to_uid()).
this is because the unix uid to user rid mapping can be non-monotonic
in some password database systems, and monotonic in others. imposing
the restriction by converting immediately from rid to uid at this
point is inadviseable, and will place this potential restriction on
_all_ password database systems, not just some which, for whatever
reason, do not support user rids.
it should be up to the individual password database writer to
convert from user rid to unix uid, should that module not support
rids.
lib/rpc/server/srv_util.c :
- got lookup_user_name() to call getsamdisprid() not getsmbpwuid().
a bug was introduced (or at least the bug already there was not
fixed) whereby the nt user rid was converted to a unix uid, and
then not used.
function table, selectable at compile time. This should make the
code that implements all the password functions much cleaner, as
it's now very clear exactly what a particular password database
needs to provide to Samba.
Jeremy.
ldap.c: Stoped dummy_function being prototyped.
loadparm.c: Fixed slprintf sizes.
nisppass.c: Fixed safe_strcpy sizes.
nmbd_processlogon.c: Changed back to getsmb... from getsam...
nttrans.c: Just a dump of new code.
passdb.c: Moved stuff around a lot - stopped any lookups by rid. This
needs to be indirected through a function table (soon).
password.c: Changed back to getsmb... from getsam...
reply.c: Changed back to getsmb... from getsam...
slprintf.c: Fixed prototype problems.
smb.h: Fixed prototype problems.
smbpass.c: Changed to getsmbfile....
smbpasswd.c: Changed back to getsmb... from getsam...
lib/rpc/server/srv_netlog.c: Changed back to getsmb... from getsam...
lib/rpc/server/srv_samr.c: Fixed rid lookup - use uid or gid lookup.
lib/rpc/server/srv_util.c: Changed back to getsmb... from getsam...
Jeremy.
- added nisppass.c and NISPLUS_FLAGS
includes.h:
- renamed USE_LDAP to USE_LDAP_DB. renamed NISPLUS to USE_NISPLUS_DB.
added default define of USE_SMBPASS_DB.
- removed ldap headers: they are local only to ldap.c
ldap.c :
- made all ldap-specific functions static.
- added dummy sam21 functions
loadparm.c :
- renamed NISPLUS to NISPLUS_HOME
mkproto.awk
- commented out ldap-specific #ifdef generation code: it's not
needed now that ldap-specific functions in ldap.c are static
nisppass.c :
- first attempt at an add function from
It removed all ocurrences of the following functions :
sprintf
strcpy
strcat
The replacements are slprintf, safe_strcpy and safe_strcat.
It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.
Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.
Jeremy.
messages.
nttrans.c: More updates.
smb.h: Removed stuff that didn't belong in the smb_passwd struct. Persuaded Luke
to use a new structure.
web/swat.c: Fixed gcc complaints about shadowing global 'string'.
Jeremy.
the smbpw functions are expected to fill in the blanks by reading the
appropriate smb.conf parameters.
the ldappw functions are expected to fill in the fields from the ldap
database. a separate utility can be written to fill in the ldap database
fields from the smb.conf parameters, at a later date.
Essentially, multiple session_setup_and_X's may be done
to an smbd. As there is only one global variable containing
the requested connection name (sessionsetup_user), then any
subsequent sessionsetups overwrite this name (causing %U
and %G to get the wrong name). This is particularly common
when an NT client does a null session setup to get a
browse list after the user has connected, but before
a share has been mounted.
These changes store the requested_name in the vuid structure
(so this only really works for user level and above security)
and copies this name back into the global variable before
the standard_sub call.
Jeremy.
WARNING - so far this has only been tested against a Samba PDC
(still waiting for IS to add me the machine accounts :-).
Still missing is the code in smbpasswd that will add a machine
account password and change it on the domain controller, but
this is not hard, and I will check it in soon.
Jeremy.
It is changing the global variables "myname" and "myworkgroup"
to "global_myname" and "global_myworkgroup" respectively.
This is to make it very explicit when we are messing
with a global (don't ask - it makes the domain client
code much clearer :-).
Jeremy.
clientgen.c: Added nt_error as an entry in the struct client_state.
password.c: Open the netlogon pipe.
smb.h: Added nt_error as an entry in the struct client_state.
lib/rpc/parse/parse_net.c: Added comments on net logon.
lib/rpc/server/srv_netlog.c: Added comments on net logon.
Jeremy.
loadparm.c: Started add of 'security=domain' code.
password.c: Fix for security=server NT bugs.
reply.c: Started add of 'security=domain' code.
server.c: Started add of 'security=domain' code.
smb.h: Started add of 'security=domain' code.
Jeremy.
nmbd.c: Fix for always overwriting log despite append setting.
smb.h: Addition of last time password changed entry to account info.
smbpass.c: Changes to support last time changed field in smbpasswd file.
smbpasswd.c: Changes to support last time changed field in smbpasswd file.
util.c: Fix for always overwriting log despite append setting.
Jeremy.
In doing so I realized that much code was being
duplicated between Hangul, Big5 and Simplified
Chinese - so I re-arranged kanji.[ch] to go
through generic functions for all multibyte
characters that can be identified by a single
code range (not Kanji - but all the others).
Jeremy.
+ improvement to smbtar to allow exclusion/inclusion of system and
hidden files, and to generate a listing of what has been archived
in a format useful for automated backup systems.
+ add the "Softq" spooling system to samba's printing capabilities.
+ I have "fixed" the intrusion of US style dates into samba reporting
as well. The format yyyy/mm/dd is not only uunambiguous, but also
has the benefit of making lexicographic sorts work correctly.
Jeremy.
testparm.
In particular I added:
- ability to optionally save default values of all parameters when
calling lp_load(). This can then be used to save only non-default
parameters in lp_dump(). This makes the saved smb.conf (and viewed
parameters in testparm) much shorter
- ability to not load ipc share in lp_load()
- separators in parm_table[] so parameters can be grouped logically.
- flag to mark parameters that are local but which should be also
viewed as global as far as parameters editing is concerned
all I saw" - the book of Jeremy, chapter 1 :-).
So here is the mega-merge of the NTDOM branch server code.
It doesn't include the new client side pieces, we'll look
at that later.
This should give the same functionality, server wise, as
the NTDOM branch does, only merged into the main branch.
Any fixes to domain controler functionality should be
added to the main branch, not the NTDOM branch.
This code compiles without warnings on gcc2.8, but will
need further testing before we are sure all the working
functionality of the NTDOM server branch has been
correctly carried over.
I hereby declare the server side of the NTDOM branch
dead (and all who sail in her :-).
Jeremy.
These are some hacks on SWAT. Maybe users will actually be able to
work out how to use it now.
Unfortunately these changes required some editing in loadparm.c and
smb.h which will make Jeremys merge job harder. Sorry!
Kanji support is one case of multibyte character
support, rather than being a specific case in
single byte character support.
This allows us to add Big5 Chinese support (code page 950)
and Korean Hangul support (code page 949) at very little
cost. Also allows us to easily add future multibyte
code pages.
Makefile: Added codepages 949, 950 as we now support more multibyte
codepages.
asyncdns.c: Fixed problem with child being re-spawned when parent killed.
charcnv.c
charset.c
client.c
clitar.c
kanji.c
kanji.h
smb.h
util.c
loadparm.c: Generic multibyte codepage support (adding Big5 Chinese
and Korean Hangul).
nmbd.c: Fixed problem with child being re-spawned when parent killed.
mangle.c: Modified str_checksum so that first 15 characters have more
effect on outcome. This helps with short name mangling as
most 'long' names are still shorter than 15 chars (bug was
foobar_mng and foobar_sum would hash to the same value, with
the modified code they hash differently.
Jeremy.
loadparm.c: Added "win95 bug compatibility" parameter.
local.h: Replaced MAX_OPEN_FILES back to 100 from 10 (oops).
reply.c: Fixed ulogoff check against uid - changed to vuid.
server.c: Changed file struct save of uid - changed to vuid.
smb.h: Changed id in struct current_user to vuid.
Changed file struct uid to vuid.
time.c: Added "win95 bug compatibility" atime -> mtime return.
trans2.c: Added "win95 bug compatibility" fixes.
uid.c: Changed id in struct current_user to vuid - added checks
to set/reset it.
util.c: Added code to expand environment variables.
version.h : still at 1.9.18 (head branch doesn't matter too much at present).
Jeremy.
asyncdns.c: Fixes that went into 1.9.18p2 - allow unclocking of sigterm.
chgpasswd.c: char -> unsigned char fixes.
includes.h: AIX fix to get prototype for inet_ntoa.
local.h: Tune size of shared memory based on MAX_OPEN_FILES.
nmbd_mynames.c: Fix for nmbd repeated refresh bug.
nmbd_responserecordsdb.c: Fix for nmbd repeated refresh bug.
nmbd_winsserver.c: Fix for multi-homed registration optimisation.
smb.h: Moved default shared memory size to local.h
Jeremy.
smbmount: This is a stripped down smbclient that communicates with
the Linux 2.1.x kernel to supply authenticated smb connections for
smbfs mount points.
smbmnt/smbumount: setuid commands that do the actual smb mount system
call after having done the appropriate security checks
can't sent a oplock break twice on the same file.
changed some debug levels in the oplock code to level 0 so we can
track down a bug
zero the returned Files[] entry in find_free_file()
don't try to overcome client bugs in the handling of non-encrypted
passwords if in server level security mode
added paranoid null termination of password buffers
slight change to my ajt_panic() routine
separated out smb server-mode password validation into a separate file.
added called and calling netbios names to client gen state: referenced
section in rfc1002.txt.
created workstation trust account checking code in ntclient.c
there might be a bug in reply_session_setup_andX. i indented and added { }
around single-line if statements: the lm password checking code now doesn't
look right (around the GUEST_SESSSETUP bits). *no code semantics have been
changed by the indentation process*.
added a #define around the alignment thing: it's a way to stop
NetMonitor from decoding your packets!!!!
proto.h :
usual.
reply.c :
added what i believe to be the correct error messages for getting
correct domain joining.
smb.h :
some guesses at good names of the SAMR_XXXX functions. sorting
out the SAMR_LOOKUP_RIDS function. this is *not* the same as
the LSA_LOOKUP_RIDS function, unless paul accidentally put it
on the ntlsa pipe by mistake, instead of the samr pipe :-)
rpc_pipes/lsa_hnd.c rpc_pipes/pipe_hnd.c :
moved creation and allocation of unique policy handles into this module.
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c rpc_pipes/smbparse.c :
SAMR_LOOKUP_RIDS is beginning to look _suspiciously_ like the
LSA_LOOKUP_RIDS function. but i know that there are subtle
discrepancies.
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
LSA_OPENSECRET and three other unknown #defines are commented as not
being the real defines for these!!!
rpc_pipes/pipenetlog.c :
USE_ARCFOUR for Server Password Set. and then ignore the password (agh!)
this will *fail* to do logins, by the way. i need to add a routine
to update the smb password (next job).
which are pipes on the IPC$ connection.
created mechanism to record pipe names in a separate pipes_struct. it
is planned to expand this, to return sensible things like interface
structures, and policy handles (RPC_IFACE and LSA_POL_HND). and the like.
