IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This allows VFS modules to work even when we've changed directory
under the connect path in order to do root-safe calls.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 12 23:45:23 CEST 2012 on sn-devel-104
Now that we always require a 64 bit off_t, we no longer need SMB_OFF_T.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Apr 6 01:47:43 CEST 2012 on sn-devel-104
Remove looping replace them by memcpy.
Fix bug #8674 (Buffer overflow in vfs_smb_traffic_analyzer).
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Jan 25 03:12:14 CET 2012 on sn-devel-104
This makes auth3_session_info identical to auth_session_info
The logic to convert the info3 to a struct auth_user_info is
essentially moved up the stack from the named pipe proxy in
source3/rpc_server to create_local_token().
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
I haven't received a single line of feedback on protocol v1
for at least 1 1/2 years, whereas protocol v2 has an active
userbase and more people developing around it.
This patch includes a manpage update, describing the new
version handling, as well as documenting the recent changes
making the module transfer the IP address of the client machine
as submitted with
464c69609a.
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed May 18 21:36:44 CEST 2011 on sn-devel-104
This should finally fix the AIX build and allow to remove AIX specific ifdefs.
Guenther
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Apr 21 02:01:20 CEST 2011 on sn-devel-104
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.
The structure is also not ideal for it's current purpose. Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session. This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.
(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This will allow the auth_serversupplied_info struct to be migrated
to auth_session_info easier.
Adnrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.
This includes (along with other security headers) dom_sid.h and
security_token.h
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
This patch should remove all warnings coming up when compiling
traffic analyzer with configure.developer.
Re-activate the smb_traffic_analyzer_rmdir function by adding it's
vfs_fn_pointer to vfs_smb_traffic_analyzer_fns.
Copy the mode_t used in smb_traffic_analyzer_open to the corresponding
data structure.
Collect all data that is needed, and use only one talloc_asprintf
operation to create the string of common data. This simplifies
the code a bit and is most probably faster than the old method.
Also, #define SMBTA_COMMON_DATA_COUNT as a complete string,
speeding things up because we know the value at compile time.
static char *smb_traffic_analyzer_anonymize
This takes a lot of code out of the main functions,
and makes it a bit simpler. Do the anonymization in a function.
Since we already anonymized the username we don't need to do
this a second time in the v2 marshalling function.
smb_traffic_analyzer_encrypt - doing the encryption of a data block,
smb_traffic_analyzer_create_header - create the protocol header,
smb_traffic_analyzer_write_data - actually write the data to the
socket.
Always send the number of common data blocks first. This way, we
can make the protocol backwards compatible. A receiver running with
an older subprotocol can just ignore if a newer sender sends more
common data.
Add a few remarks to the marshalling function. Add two #define lines
defining the protocol subrelease number and the number of common
data blocks to the header file.
This program allows the administrator to enable or disable AES
encryption when using vfs_smb_traffic_analyzer. It also generates new
keys, stores them to a file, so that the file can be reused on another
client or server.
First try. This runs on 16 bytes long AES block size, and enlarges the
data block with 16 bytes, to make sure all bytes are in. The added
bytes are filled with '.'. It then creates a header featuring the new
length to be send, and finally sends the data block, then returns.
This code is untested, as creating the receiver will be my next step.
To simplify traffic_analyzer's code, this code should run as a function.
It's on the do-to-list.
Since we need to care for the SID too, do the anonymization in the
marshalling function and anonymize both the username and the SID.
Remove the 'A' status flag from the header definition. A listener
could see from the unencrypted header if the module is anonymizing
or not, which is certainly not wanted.
Since the header block of the protocol contains the number of bytes to
come, we always send the header itself unmodified.
If we compress or crypt the data we are about to send, the length of the
data to send may change. Therefore, we no longer create the header in
smb_traffic_analyzer_create_string, but shortly before we send the data.
For both cases, encryption and normal, we create our own header, and
send it before the actual data.
In case of protocol v1, we don't need to create an extra header.
Just send the data, and return from the function.
Change a debug message to say that the header for crypted data has
been created.
Add a status flags consisting of 6 bytes to the header. Their function
will be descriped in one of the next patches, which is descriping
the header in a longer comment.
When anonymization and/or encryption is used, set the flags accordingly.
