IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
locking.c: Added code to deal with real open mode of file.
reply.c: Added strict sync parameter.
server.c: Added strict sync parameter. Fixed open modes.
Jeremy.
local.h: Kept FSTYPE_STRING as Samba for now.
nmbd_browsesync.c: Added bugfix from Matt Chapman mattyc@cyberdude.com
- lmb_browserlist is now a struct ubi_dlList not a
struct browse_cache_record *.
server.c:
smb.h:
uid.c:
password.c: Removed attrs code - it is not used anywhere.
Jeremy
as the code in reply_lockingX wasn't taking account of
the difference between read and write locks ! How did this
ever work :-) !
reply.c:
server.c: Add lock type to is_locked() and do_lock().
util.c: Also added code from klausr@ITAP.Physik.Uni-Stuttgart.De
to fix problem with log files growing too large if an
smbd writes less than 100 debug messages.
Jeremy.
MAX_OPEN_DIRECTORIES for nttrans I forgot to update the code that
enumerates the array.
Created new MAX_FNUMS in local.h, changed all code that iterates
through the files_struct array to use this.
(sorry Richard).
Jeremy.
local.h: Changed MAXDIR to MAX_OPEN_DIRECTORIES - shmem size also tuned by this.
dir.c: Use MAX_OPEN_DIRECTORIES.
nttrans.c: Allow opening of a directory to succeed. Doesn't actually open
a file descriptor but takes a files_struct slot marked as an
fd.
reply.c: Changed to close any outstanding is_directory files.
reply_close changed to understand directory files.
server.c: Added open_directory(), close_directory() calls.
smb.h: Added is_directory to files_struct.
Changed OPEN_FNUM to check that target is !is_directory (this
prevents the normal file calls from processing a directory
files_struct.
Jeremy.
includes.h: Added termios.h for AIX.
nttrans.c: Working NT SMB calls !
pipes.c: Use strequal instead of strcmp.
server.c: Use #defines rather than numbers.
smb.h: Updated NT SMB #defines.
Jeremy.
With apologies to Charlton Heston and Pierre Boule.
"You damn fools, you finally did it".
Changed default security mode to be security=user.
Yes this is a big (although small in code) change.
It's something we've been discussing for a while, to
finally wean people off the legacy security=share mode
which is *never* what you want.
Jeremy.
nmbd_incomingrequests.c: Bug fix for nmbd core dumps caused by overrun.
Found by <samuel@public.szonline.net>.
nttrans.c: More NT smb stuff.
reply.c: Unlink will overwrite an existing file. Well you learn
something new about POSIX every day. :-).
server.c: Tidyup unreadable code.
smbpasswd.c: Code to allow -U remote_username to allow ordinary
users to change remote passwords if their NT username
is different from their UNIX username.
Patch from <torbjorn.lindh@allgon.se>.
Jeremy.
reply.c: Broke out the internals of reply_mv so that they may be called
externally from the NT transact rename.
server.c: Changed stat calls to sys_stat - found in code review
of bugfix.
Jeremy.
- the Files array was storing the 'dos_to_unix' translated name,
rather than the untranslated name. This could case problems when
the name was run through dos_to_unix again.
Jeremy.
This patch may not yet compile with -DUSE_SSL enabled, further
Makefile changes may be needed. But it was important to get
this code in place before I go off to USENIX.
Jeremy.
reply.c: map_username is now a BOOL function.
server.c: Added capability to do map_username on service names
when looking for a home directory. That's what the
original code would do.
lib/rpc/server/srv_util.c: Changed domain_ to builtin_ for
BUILTIN aliases.
username.c: Work in progress on groupname map parameter.
Jeremy
gives a too-small buffer for share info. Fix from Gil Kloepfer <gil@arlut.utexas.edu>
smb.h:
server.c: Fix for a nastly little security problem with multi-user Windows NT
servers and Samba where the contents of the open-file cache can end
up being served out to users who shouldn't have access. This is some
*seriously* ugly code.
Jeremy.
password.c: Added code to tell server.c when machine password needs changing.
server.c: Change machine password in idle cycles if it needs it.
smbpassfile.c: Fixed up length calculations for machine password file.
smbpasswd.c: Moved domain joining code/machine password changing code.
lib/rpc/client/cli_netlogon.c: And this is where it now lives.
Jeremy.
function table, selectable at compile time. This should make the
code that implements all the password functions much cleaner, as
it's now very clear exactly what a particular password database
needs to provide to Samba.
Jeremy.
server.c: Moved generate_machine_sid() into passdb.c for Jean-Francois
(who might want an LDAP version). Changed locking to free exclusive
lock as soon as possible to prevent contention.
lib/rpc/parse/parse_samr.c
lib/rpc/server/srv_samr.c: Changed last SID-as-string manipulation
function to use DOM_SID structure.
Jeremy.
It removed all ocurrences of the following functions :
sprintf
strcpy
strcat
The replacements are slprintf, safe_strcpy and safe_strcat.
It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.
Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.
Jeremy.
everywhere. I've implemented slprintf() as a bounds checked sprintf()
using mprotect() and a non-writeable page.
This should prevent any sprintf based security holes.
server.c: Moved %U, %G and %N into standard_sub() from standard_sub_basic()
as only smbd knows about usernames. Also fixes problem with calling
standard_sub_basic() from loadparm.c.
smbpass.c: Partial tidyup of machine_password_lock() code - not finished yet.
util.c: Moved %U, %G and %N into standard_sub() from standard_sub_basic()
as only smbd knows about usernames. Also fixes problem with calling
standard_sub_basic() from loadparm.c.
lib/rpc/server/srv_ldap_helpers.c: Added #ifdef USE_LDAP around ldap code.
lib/rpc/server/srv_samr.c: Added #ifdef USE_LDAP around ldap code.
Jeremy.
Essentially, multiple session_setup_and_X's may be done
to an smbd. As there is only one global variable containing
the requested connection name (sessionsetup_user), then any
subsequent sessionsetups overwrite this name (causing %U
and %G to get the wrong name). This is particularly common
when an NT client does a null session setup to get a
browse list after the user has connected, but before
a share has been mounted.
These changes store the requested_name in the vuid structure
(so this only really works for user level and above security)
and copies this name back into the global variable before
the standard_sub call.
Jeremy.
WARNING - so far this has only been tested against a Samba PDC
(still waiting for IS to add me the machine accounts :-).
Still missing is the code in smbpasswd that will add a machine
account password and change it on the domain controller, but
this is not hard, and I will check it in soon.
Jeremy.
It is changing the global variables "myname" and "myworkgroup"
to "global_myname" and "global_myworkgroup" respectively.
This is to make it very explicit when we are messing
with a global (don't ask - it makes the domain client
code much clearer :-).
Jeremy.
loadparm.c: Started add of 'security=domain' code.
password.c: Fix for security=server NT bugs.
reply.c: Started add of 'security=domain' code.
server.c: Started add of 'security=domain' code.
smb.h: Started add of 'security=domain' code.
Jeremy.
clientgen.c: Changed to fill change password buffer with random stuff.
password.c: Changed to get challenge from genrand.c
server.c: Added #ifdef around O_SYNC.
version.h: Changed to 1.9.19prealpha.
genrand.c:
New code to generate (hopefully) good random numbers for
use in crypto challenges/session keys etc.
PLEASE REVIEW THIS CODE AND SUGGEST IMPROVEMENTS !!!!!!
Jeremy.
proto.h: The unusual. ;)
reply.c: I changes some function names, and updated reply.c to match.
See mangle.c below for more.
server.c: Changed function names and parameters in file mangle.c, so
changed server.c calls to match. See mangle.c below for more.
mangle.c:
I replaced the caching mechanism used for caching reverse mangled name
maps. The old method was a large array of 256-byte strings. Movement
in the stack (including push and pop) was done by memcpy()ing whole
chunks of memory around.
The new system uses the ubi_Cache module which, in turn, uses a splay
tree. Entries are dynamically allocated using a minimum amount of
memory. Searches are non-linear, which should speed things up a bit,
too. Overall, this should save memory and be faster.
Other changes: I streamlined the is_mangled() test and made other
speed enhancements including replacing some static functions with
macros. Added comments, etc.
Note: Per an E'mail conversation with Andrew, the 'mangled stack'
parameter in smb.conf doesn't do anything anymore. The cache is
now set for 16K bytes maximum memory usage. The mangle stack
parameter is silently ignored. This can easily be changed, but
I'd rather introduce a 'mangled cache memory' parameter and
remove 'mangled stack'.
Remaining problems:
While testing the module, I noticed that something is calling
name_map_mangle() twice. The result is that names which contain
illegal characters are getting mangled twice.
Also, the entire module works by overwriting the input string.
This has a variety of nasty side effects.
Summary:
There's a lot still to be done, but the changes I have in place *should*
work in exactly the same way (except for the mangle stack parameter).
The rest of the bugs and other issues are separate.
Chris -)-----
load time (patch from "Marty Leisner" <leisner@sdsp.mc.xerox.com>.
server.c: Patch from Josef Hinteregger <joehtg@joehtg.co.at> - string
could be overwritten when find_service() called recursively.
Jeremy.
was so large that when used with -DUSE_MMAP it caused the unsigned
subtraction to wrap aound and become positive - thus causing
a silly memcpy offset. Thanks to "Michael St. Laurent" <rowl@earthlink.net>
for giving me the core dump that allowed me to track this one
down.
Jeremy.
I needed the client_name() and client_addr() functions in swat so I
could tell who was connecting from where. The problem was that these
functions didn't take a file descriptor parameter they just used
the global "Client".
So I needed to change all calls to pass a parameter ... lots of files.
the status page)
- split the claim_connection() code into its own file
- fixed the claim_connection() code to lock the file when manipulating
it
- always claim a null connection at startup
- fixed a bug in the pidfile code
I needed to modify the way the pidfile is handled in nmbd and smbd to
do this. Jeremy, you may wish to look at what I've done as it probably
breaks the Whistle use of pidfiles. In particular I've removed the -f
option and instead smbd and nmbd always create a pidfile in the lock
directory.
testparm.
In particular I added:
- ability to optionally save default values of all parameters when
calling lp_load(). This can then be used to save only non-default
parameters in lp_dump(). This makes the saved smb.conf (and viewed
parameters in testparm) much shorter
- ability to not load ipc share in lp_load()
- separators in parm_table[] so parameters can be grouped logically.
- flag to mark parameters that are local but which should be also
viewed as global as far as parameters editing is concerned
