IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
based on the flags2 values in the negprot request.
This also includes some code for testing the dialect
strings for "SMB 2.001" but this is unreliable as Vista
only sends that in the 1st negprot and caches the fact
that we don't support it. Restartnig the WOrkstation
service on the client clears the cache.
(This used to be commit d781eeb0e4)
anymore, we don't have to truncate the length to 255 anymore.
The test I did for this: I sent 50 times the NTLMSSP oid. With truncating
Vista said Access Denied, without truncating it liked the response.
Volker
(This used to be commit f1512cb43c)
key length in the case of extended security. It does make sense because with
SPNEGO our beloved ASN1 structure gives us the length.
Next test I did to verify this: I modified the server to put in random
garbage, and W2kwks, XP, Vista and W2k3srv still talked to us.
Volker
(This used to be commit f19bd479ce)
logic in smbd/process.c. All interested (Volker,
Jerry, James etc). PLEASE REVIEW THIS CHANGE.
The logic should be identical but *much* easier
to follow and change (and shouldn't confuse Klockwork :-).
Jeremy.
(This used to be commit d357f8b335)
of the Samba4 timezone handling code back into Samba3.
Gets rid of "kludge-gmt" and removes the effectiveness
of the parameter "time offset" (I can add this back
in very easily if needed) - it's no longer being
looked at. I'm hoping this will fix the problems people
have been having with DST transitions. I'll start comprehensive
testing tomorrow, but for now all modifications are done.
Splits time get/set functions into srv_XXX and cli_XXX
as they need to look at different timezone offsets.
Get rid of much of the "efficiency" cruft that was
added to Samba back in the day when the C library
timezone handling functions were slow.
Jeremy.
(This used to be commit 414303bc02)
Our sessionsetup code now handles raw NTLMSSP connects, so we can go
back to doing what W2K3 does here which is to send no OID's in
the negprot reply when not in a security=ads mode.
Jeremy.
(This used to be commit 38a70185b7)
reply code to the negprot reply code to cope with
client connections on port 445. Fixes the spurious
"register_message_flags: tdb fetch failed" errors.
* don't run the backgroup LPQ daemon when we are running
in interactive mode.
(This used to be commit 88747a7da3)
then is the client supports it (current clients supported are Samba and
CIFSVFS - detected by the negprot strings "Samba", "POSIX 2" and a bare
"NT LM 0.12" string) then the setting of the per packet flag smb_flag
FLAG_CASELESS_PATHNAMES is taken into account per packet. This allows
the linux CIFS client to use Samba in a case sensitive manner.
Additional command in smbclient "case_sensitive", toggles the
flag in subsequent packets.
Docs to follow.
Jeremy.
(This used to be commit cf84c0fe1a)
patch removes the 'unicode' smb.conf option.
Clients are as always free not to negotiate unicode, but Samba will always
accept unicode in smbd.
Setting 'unicode = no' caused me more client BSODs than any other option
I have seen, and I really want to protect some of our more silly users, who
will, no matter what, select and change every option...
Andrew Bartlett
(This used to be commit 3f9177bd5d)
Don't use nstrings to hold workgroup and netbios names. The problem with them is that MB netbios
and workgroup names in unix charset (particularly utf8) may be up to 3x bigger than the name
when represented in dos charset (ie. cp932). So go back to using fstrings for these but
translate into nstrings (ie. 16 byte length values) for transport on the wire.
Jeremy.
(This used to be commit b4ea493599)
I think (my changes haven't affected this I believe). Initial support on the
server side for smbclient. Still doesn't work for w2k clients I think...
Work in progress..... (don't change).
Jeremy.
(This used to be commit e5714edc23)
This patch catches up on the rest of the work - as much string checking
as is possible is done at compile time, and the rest at runtime.
Lots of code converted to pstrcpy() etc, and other code reworked to correctly
call sizeof().
Andrew Bartlett
(This used to be commit c5b604e2ee)
Also more insertion of parenthesis to handle struct members called
'free'.
You can now get useful dmalloc output, as long as it is compatible
with your C library. On RH7.1 it looks like you have to rebuild
dmalloc to allow free(0) by default, because something in libcrypt
does that. (sigh)
(This used to be commit 391cbb6901)
The auth_authsupplied_info typedef is now just a plain struct - auth_context,
but it has been modified to contain the function pointers to the rest
of the auth subsystem's components.
(Who needs non-static functions anyway?)
In working all this mess out, I fixed a number of memory leaks and moved the
entire auth subsystem over to talloc().
Note that the TALLOC_CTX attached to the auth_context can be rather long-lived,
it is provided for things that are intended to live as long. (The
global_negprot_auth_context lasts the whole life of the smbd).
I've also adjusted a few things in auth_domain.c, mainly passing the domain as
a paramater to a few functions instead of looking up lp_workgroup(). I'm
hopign to make this entire thing a bit more trusted domains (as PDC) freindly
in the near future.
Other than that, I moved a bit of the code around, hence the rather messy diff.
Andrew Bartlett
(This used to be commit 12f5515f55)
you need to set "use spnego = no" for w2k to be able to join a samba
domain. Otherwise the w2k box will assume we can do kerberos as a KDC
(This used to be commit b5cb57a367)
winbindd can do a kinit
this will be removed once we have code that gets a tgt
and puts it in a place where cyrus-sasl can see it
(This used to be commit 7d94f1b736)
This allows us to use automagically obtained values in future, and the value
from krb5.conf now.
Also fix mem leaks etc.
Andrew Bartlett
(This used to be commit 8f9ce71781)
subystem.
The particular aim is to modularized the interface - so that we
can have arbitrary password back-ends.
This code adds one such back-end, a 'winbind' module to authenticate
against the winbind_auth_crap functionality. While fully-functional
this code is mainly useful as a demonstration, because we don't get
back the info3 as we would for direct ntdomain authentication.
This commit introduced the new 'auth methods' parameter, in the
spirit of the 'auth order' discussed on the lists. It is renamed
because not all the methods may be consulted, even if previous
methods fail - they may not have a suitable challenge for example.
Also, we have a 'local' authentication method, for old-style
'unix if plaintext, sam if encrypted' authentication and a
'guest' module to handle guest logins in a single place.
While this current design is not ideal, I feel that it does
provide a better infrastructure than the current design, and can
be built upon.
The following parameters have changed:
- use rhosts =
This has been replaced by the 'rhosts' authentication method,
and can be specified like 'auth methods = guest rhosts'
- hosts equiv =
This needs both this parameter and an 'auth methods' entry
to be effective. (auth methods = guest hostsequiv ....)
- plaintext to smbpasswd =
This is replaced by specifying 'sam' rather than 'local'
in the auth methods.
The security = parameter is unchanged, and now provides defaults
for the 'auth methods' parameter.
The available auth methods are:
guest
rhosts
hostsequiv
sam (passdb direct hash access)
unix (PAM, crypt() etc)
local (the combination of the above, based on encryption)
smbserver (old security=server)
ntdomain (old security=domain)
winbind (use winbind to cache DC connections)
Assistance in testing, or the production of new and interesting
authentication modules is always appreciated.
Andrew Bartlett
(This used to be commit 8d31eae52a)
flags so we just do a 'normal' session setup.
Also add some parinoia code to detect when sombody attempts to do a 'normal'
session setup when spnego had been negoitiated.
Andrew Bartlett
(This used to be commit 190898586f)
loses things like username mapping. I wanted to get this in then
discuss it a bit to see how we want to split up the existing
session setup code
(This used to be commit b74fda69bf)
activate you need to:
- install krb5 libraries
- run configure
- build smbclient
- run kinit to get a TGT
- run smbclient with the -k option to choose kerberos auth
(This used to be commit d330575856)
Fix the NT errror codes, this time in line with WinXP/2k.
- Return the normal error codes, expect for bad user/bad password. These map
to logon failure, as a quick security hack. We follow suit.
Simplfy some of the password extraction code, the auth subsytem has the
intelegence to sort this stuff out, no need to do it here.
Move to 'global_encrypted_passwords_negotiated' to determine the use of
unencrypted hacks, replacing the current mess.
Andrew Bartlett
(This used to be commit c04f063573)
than NT_STATUS_LOGON_FAILURE. This also brings us (almost) back in line with
their implementation.
Kill off SMBENCRYPT() macro
Kill off 'nt smb support' paramater - tridge okayed this one.
Andrew Bartlett
(This used to be commit 67947bf6e3)
by default in Samba 3.x
- got rid of some unused parameters in Makefile.in
- declare DEBUGLEVEL in debug.h rather than in each file
(This used to be commit b8651acb9c)
major changes include:
- added NSTATUS type
- added automatic mapping between dos and nt error codes
- changed all ERROR() calls to ERROR_DOS() and many to ERROR_NT()
these calls auto-translate to the client error code system
- got rid of the cached error code and the writebmpx code
We eventually will need to also:
- get rid of BOOL, so we don't lose error info
- replace all ERROR_DOS() calls with ERROR_NT() calls
but that is too much for one night
(This used to be commit 83d9896c1e)
samba-technical a few weeks ago.
The idea here is to standardize the checking of user names and passwords,
thereby ensuring that all authtentications pass the same standards. The
interface currently implemented in as
nt_status = check_password(user_info, server_info)
where user_info contains (mostly) the authentication data, and server_info
contains things like the user-id they got, and their resolved user name.
The current ugliness with the way the structures are created will be killed
the next revision, when they will be created and malloced by creator functions.
This patch also includes the first implementation of NTLMv2 in HEAD, but which
needs some more testing. We also add a hack to allow plaintext passwords to be
compared with smbpasswd, not the system password database.
Finally, this patch probably reintroduces the PAM accounts bug we had in
2.2.0, I'll fix that once this hits the tree. (I've just finished testing
it on a wide variety of platforms, so I want to get this patch in).
(This used to be commit b30b6202f3)
This commit gets rid of all our old codepage handling and replaces it with
iconv. All internal strings in Samba are now in "unix" charset, which may
be multi-byte. See internals.doc and my posting to samba-technical for
a more complete explanation.
(This used to be commit debb471267)
send unaligned unicode strings sometimes!
Fixed our handling of the workgroup name tacked on the end of the
NT1 negprot response (a unaligned unicode)
fixed a couple of places where we should be using the message_end fns instead
of pre-calculated buffer lengths
(This used to be commit 86613493a9)
CAP_LARGE_READX|CAP_LARGE_WRITEX bits on negprot and out W2K
performance goes through the roof......
And as we *always* offer 64 buffers we can do this with this
simple change.....
Jeremy.
(This used to be commit c328dda0fa)
method to what was used in the client I now have session setup and
tconx working.
Currently this is enabled with SMBD_USE_UNICODE environment
variable. Once the code is complete this will become a smb.conf
option.
(This used to be commit 7684c1e672)
a byte range lock (write lock only, but Win2k breaks on read lock also so I
do the same) - if you think about why, this is obvious. Also fixed our client
code to do level II oplocks, if requested, and fixed the code where we would
assume the client wanted level II if it advertised itself as being level II
capable - it may not want that.
Jeremy.
(This used to be commit 213cd0b519)
.cvsignore remove config.h - not in this directory
include/profile.h profile changes
lib/messages.c added message to return debug level
libsmb/clierror.c cast to get rid of compiler warning
libsmb/smbencrypt.c cast to get rid of compiler warning
profile/profile.c add flush profile stats changes for profile struct
rpc_parse/parse_samr.c fix for compiler warning
rpc_server/srv_samr.c cast to get rid of compiler warning
smbd/ipc.c profile stats
message.c profile stats
smbd/negprot.c profile stats
smbd/nttrans.c profile stats
smbd/trans2.c profile stats
utils/smbcontrol.c new flush stats command
(This used to be commit bbb24daa25)
this adds "#define OLD_NTDOMAIN 1" in lots of places. Don't panic -
this isn't permanent, it should go after another few merge steps have
been done
(This used to be commit 92109d7b3c)
smbd/negprot.c:
smbd/reply.c: Fixes to recognise Win2k.
param/loadparm.c: Put debug timestamp parameter back to correct default.
smbd/nttrans.c: Fix to detect Win2k unicode bug with transact create.
Jeremy.
(This used to be commit bb100352ab)
Nigel Williams. despite the data format being *exactly* the same as
NT's, this still doesn't work yet. more work needed.
(This used to be commit 270981960b)
SOFF_T() macro for setting an SMB_OFF_T variable
also limited mmap based reads to MAX_MMAP_SIZE. We really can't mmap
2^50 bytes due to virtual address space problems.
(This used to be commit 4e784b1889)
include/config.h.in: Added #undef STAT_STATVFS64.
include/includes.h: Added SMB_STRUCT_STATVFS type, Changed SMB_BIG_INTEGER to
SMB_BIG_UINT and SMB_BIG_INT types.
include/smb.h: Added flag defines from CIFS spec.
lib/debug.c: Fixed one more mode_t issue.
lib/system.c: Added sys_statvfs wrapper.
lib/util.c: Changed trim_string to use size_t.
param/loadparm.c: Moved "blocking locks" into locking section. Alphabetised
locking options. Question - shuld we do this for all options ?
passdb/ldap.c: Changed SMB_BIG_INTEGER to SMB_BIG_UINT.
passdb/nispass.c: Changed SMB_BIG_INTEGER to SMB_BIG_UINT.
passdb/smbpass.c: Changed SMB_BIG_INTEGER to SMB_BIG_UINT.
smbd/dfree.c: Changed to use 64 bit types if available. Moved to use unsigned
types.
smbd/dosmode.c: Fixed one more mode_t issue.
smbd/negprot.c: Changed literals to be FLAG_ #defines.
smbd/nttrans.c: Removed dead code.
smbd/open.c: Changed disk_free call.
smbd/process.c: Changed literals to be FLAG_ #defines.
smbd/reply.c: Changed disk_free call.
smbd/trans2.c: Fixed but in SMB_QUERY_FS_VOLUME_INFO call. Was using
UNICODE - should use ascii.
tests/summary.c: Added STAT_STATVFS64 check.
Jeremy.
(This used to be commit c512b1b91f)
I have tested it by creating a 'holey' 20GB file - checking that
it shows up correctl in the NT file view (it does) and am busily
copying it to NULL: on the NT box. All good so far.... :-).
Also implemented NT 'delete on close' semantics.
Jeremy.
(This used to be commit 1654faee80)
it if we're in case insensitive mode, and then doing a memcmp rather
than a StrnCaseCmp (which is *horribly* slow) on every lookup.
Fixed bug with refusing NT SMB's (use *brackets* where needed :-).
Jeremy.
(This used to be commit 02b3fddce3)
