IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
all I saw" - the book of Jeremy, chapter 1 :-).
So here is the mega-merge of the NTDOM branch server code.
It doesn't include the new client side pieces, we'll look
at that later.
This should give the same functionality, server wise, as
the NTDOM branch does, only merged into the main branch.
Any fixes to domain controler functionality should be
added to the main branch, not the NTDOM branch.
This code compiles without warnings on gcc2.8, but will
need further testing before we are sure all the working
functionality of the NTDOM server branch has been
correctly carried over.
I hereby declare the server side of the NTDOM branch
dead (and all who sail in her :-).
Jeremy.
algorithm was correct).
Finally (I think) fixed the mangled directory stack issue in
scan_directory() correctly. Mangled & non-mangled names are
now being checked correctly. Hurrah to Ulrik Dickow <ukd@kampsax.dk>
who helped isolate this one.
Jeremy.
to fix the fact that retransmit_or_expire_response_records() wasn't looking
at the WINS subnet.
server.c: Patch from jkf@soton.ac.uk to add %p (NIS server path) substitution.
smbpass.c: Fix to stop parsing failing on non-valid lines.
trans2.c: Fix for volume serial number code.
util.c: Patch from jkf@soton.ac.uk to add %p (NIS server path) substitution.
Fix for warnings under RH5. gcc 2.8.
Jeremy.
starts with log.smb and nmbd starts with log.nmb. It also gets rid of
the "log." when using the log.%m construct as %m expands to smb before
a client connects.
loadparm.c: Added "win95 bug compatibility" parameter.
local.h: Replaced MAX_OPEN_FILES back to 100 from 10 (oops).
reply.c: Fixed ulogoff check against uid - changed to vuid.
server.c: Changed file struct save of uid - changed to vuid.
smb.h: Changed id in struct current_user to vuid.
Changed file struct uid to vuid.
time.c: Added "win95 bug compatibility" atime -> mtime return.
trans2.c: Added "win95 bug compatibility" fixes.
uid.c: Changed id in struct current_user to vuid - added checks
to set/reset it.
util.c: Added code to expand environment variables.
version.h : still at 1.9.18 (head branch doesn't matter too much at present).
Jeremy.
chgpasswd.c: Fixed typo in debug message.
includes.h: Fix include for aix.
kanji.c: Added cap_to_sj as inverse of sj_to_cap.
loadparm.c:
local.h:
password.c: Added code for "networkstation user login" parameter.
- patch from Rob Nielsen <ran@adc.com>.
printing.c: Added further aix printing fixes.
reply.c: Changed access time fetch to a function.
trans2.c: Changed access time fetch to a function.
time.c: Changed access time fetch to a function.
server.c: Made NT redirector workaround final.
util.c: Added debug for write_socket failing.
Jeremy.
used, smbd tries to break an oplock to make room for another
file entry. This works well with Windows 95 that seems to keep
batch oplocks around for an arbitrarily long time.
Also changed rlimit code to ask for MAX_OPEN_FILES + 10 (if allowed) as
many systems use file descriptors for directory handles also.
Jeremy.
from Max Khon <max@iclub.nsu.ru>.
chgpasswd.c: Allow old RAP change password to work with encrypted
passwords. Samba can now allow Windows 95/NT clients to securely
change the Lanman password ! (But not the NT hash - that gets lost).
ipc.c:
smbdes.c:
smbpass.c: Support for the above.
server.c: #ifdef'ed out fix for NT redirector bug.
util.c: Fix NIS bug with server name.
Jeremy.
with smb_mode (smb_vwv[3]) of 0x20 == DENY_WRITE + read-only-open.
and smb_ofun (smb_vwv[8]) of 0x11 == Create if not exist plus append
on a read-only share.
This was mapped into the strange unix flags of (O_RDONLY|O_CREAT)
- essentially O_CREAT as O_RDONLY == 0.
We were checking the unix flags directly against O_RDONLY instead
of masking off the open mode flag bits before doing the comparison,
so this open was being refused even though it was valid on a
read-only share.
Also ensured that the O_CREAT bit was masked out of the flags
bit if the open was done on a read-only share (as doing a unix
open( filename, O_RDONLY|O_CREAT, xxx) will create a zero length
file if the user had permission to write into the directory - which
should be denied on a read-only share.
Thanks to Mark Peek @ Whistle for giving me this test case.
Jeremy.
server.c, util.c: Added fix for oplock break requests blocking due to server being
blocked in read call. Bug found by Charles Hoch <hoch@hplcgh.hpl.hp.com>.
Jeremy.
common bug in MS clients where they try to reuse a file descriptor
from an earlier smb connection. This code increases the chance that
the errant client will get an error rather than causing corruption
reply.c: Changed reply_open_and_X to split out the oplock
request bits from core and extended and if an oplock was granted only set
the corresponding bit on reply.
server.c: Added code to dynamically allocate i/o buffers in oplock_break
(prevents recursion problems) , also made reset of sent_oplock_break
explicit.
Jeremy.
can't sent a oplock break twice on the same file.
changed some debug levels in the oplock code to level 0 so we can
track down a bug
zero the returned Files[] entry in find_free_file()
don't try to overcome client bugs in the handling of non-encrypted
passwords if in server level security mode
added paranoid null termination of password buffers
slight change to my ajt_panic() routine
files that aren't open if the file happened to close while the oplock
was in transit. We would end up sending a oplock break request on
another random file (actually the open file that happened to have the
highest fnum). Then we wouldn't get a response, so smbd would keep
sending and would actually flood the net with an infinite number of
oplock break requests!
with local message processing.
reply.c: Added check to reply_lockingX for chain after oplock break.
server.c: Added receive_next_smb().
trans2.c: Changed reply_trans2 to use receive_next_smb() to cope
with local message processing.
separated out smb server-mode password validation into a separate file.
added called and calling netbios names to client gen state: referenced
section in rfc1002.txt.
created workstation trust account checking code in ntclient.c
there might be a bug in reply_session_setup_andX. i indented and added { }
around single-line if statements: the lm password checking code now doesn't
look right (around the GUEST_SESSSETUP bits). *no code semantics have been
changed by the indentation process*.
mangle.c server.c proto.h
mangle.c
I am planning to replace the mangled_stack array with a proper stack,
but found many style inconsistencies (no, really). As you might expect,
I have standardized on my own preferences. ;)
I also found a potential problem in create_mangled_stack (which I've
renamed as reset_mangled_stack). If the stack size were passed into
the function as 0 or less, there was the possibility that the array
would have been freed twice. I doubt that this ever happens, but I
don't like to leave holes.
Of course, the fix will be irrelevent once I replace the array with
a linked-list-based stack.
server.c
Changed the call to create_mangled_stack() to a call to reset_mangled_stack().
proto.h
Regenerated to match the above changes. (A real comment! How unusual!)
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
proto.h: The usual.
server.c: Added timestring() messages to oplock logs. Added fix
to allow file open processing to continue is an oplock
break message times out.
Jeremy.
loadparm.c : to equivalent to version 1.67
reply.c : to equivalent to version 1.69
server.c : to equivalent to version 1.122
util.c : to equivalent to version 1.98
to remove the incorrect changes.
proto.h: The usual.
rpc_pipes/smbparse.c : Backeting stuff that SHOULD NOT BE IN THE
none-NTDOMAIN build !
Jeremy.
'<' and '|' characters indicate read file and execute command respectively,
and feed the output into the parameter (!!!).
'<$' and '|$' means run standard_sub_basic() on them.
this is going to be fun to document in smb.conf.5....
also, Christian created a new "online" service parameter. services can
be taken "off-line"....
simply adding pipes.o to SMBDOBJ3.
rpc_pipes/pipe_hnd.c :
created pipe handles module.
pipes.c server.c :
use of pipe_hnd functions in SMBopenX and SMBclose, on the IPC$ pipe.
0644. smbstatus now gets only read permission on the share files and
does no locking.
also get rid of some unnecessary umask(0) calls. smbd always runs with
umask(0)
adding bits for new nt domain code
byteorder.h :
trying to get macros right, and not to crash on SUNOS5...
client.c :
added #ifdef NTDOMAIN, and created do_nt_login() function. don't
want to have to recompile client.c unless absolutely necessary.
credentials.c :
moved deal_with_creds() [possibly inappropriately] into credentials.c
ipc.c reply.c server.c uid.c :
attempting to make (un)become_root() functions calleable from smbclient.
this is a little tricky: smbclient might have to be another setuid
root program, immediately setuid'ing to non-root, so that we can
reset-uid to root to get at the smbpasswd file. or, have a secure
pipe mechanism to smbd to grab smbpasswd entries. or the like.
smbdes.c smbencrypt.c :
created a function to generate lm and nt owf hashes.
lsaparse.c ntclient.c smbparse.c :
added nt client LSA_AUTH2 code. it works, too!
pipenetlog.c pipentlsa.c pipesrvsvc.c :
simplification. code-shuffling. getting that damn offset right
for the opcode in RPC_HDR.
smb.h :
changed dcinfo xxx_creds to DOM_CRED structures instead of DOM_CHAL.
we might need to store the server times as well.
proto.h :
the usual.
Main change is removal of find_name_search() confusion.
This has been replaced with find_name_on_subnet() which
makes it explicit what is being searched.
Also changed wins_subnet to be wins_client_subnet in
preparation for splitting the wins subnet into client
and server pieces.
This is a big nmbd change and I'd appreciate any
bug reports.
Specific changes follow :
asyncdns.c:
Removed wins entry from add_netbios_entry(). This is now
explicit in the subnet_record parameter.
interface.c:
iface_bcast(), iface_nmask(), iface_ip() return the
default interface if none can be found. Made this
behavior explicit - some code in nmbd incorrectly
depended upon this (reply_name_status() for instance).
nameannounce.c:
find_name_search changes to find_name_on_subnet.
namebrowse.c:
wins_subnet renamed to wins_client_subnet.
namedbname.c:
find_name_search removed. find_name_on_subnet added.
add_netbios_entry - wins parameter removed.
namedbsubnet.c:
find_req_subnet removed - not explicit enough.
nameelect.c:
wins_subnet renamed to wins_client_subnet.
namepacket.c:
listening() simplified.
nameresp.c:
wins_subnet renamed to wins_client_subnet.
nameserv.c:
find_name_search moved to find_name_on_subnet.
nameserv.h:
FIND_XXX -> changed to FIND_SELF_NAME, FIND_ANY_NAME.
nameservreply.c:
find_name_search moved to find_name_on_subnet.
Debug entries changed.
nameservresp.c:
wins_subnet renamed to wins_client_subnet.
namework.c:
wins_subnet renamed to wins_client_subnet.
nmbd.c:
wins parameter removed from add_netbios_entry.
nmbsync:
wins_subnet renamed to wins_client_subnet.
proto.h: The usual.
server.c:
remove accepted fd from fd_set.
Jeremy (jallison@whistle.com)
