1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-28 07:21:54 +03:00
Commit Graph

66 Commits

Author SHA1 Message Date
Andrew Bartlett
897ef820a4 s3-lib Use common lib/socket code for get_interfaces() et al 2011-05-08 12:57:04 +02:00
Stefan Metzmacher
4bfe2d5655 s3:lib/access: normalize IPv4 mapped IPv6 addresses in both directions (bug #7383)
metze
2011-04-25 17:41:56 +02:00
Günther Deschner
1f6aecb5cf s3-interfaces: only include interfaces.h where needed.
Guenther
2011-03-16 16:56:46 +01:00
Günther Deschner
aba1bf4b5e s3-build: only include memcache.h where needed.
Guenther
2010-08-26 00:20:28 +02:00
Volker Lendecke
de95124935 s3: Move check_access to cgi.c, its only user 2010-08-22 14:28:34 +02:00
Volker Lendecke
70c5bed4b2 s3: Replace calls to check_access by allow_access
We already have both the name and address of the client stored now
2010-08-22 14:28:34 +02:00
Volker Lendecke
0827e52b4e s3: Simplify the logic of check_access by an early return 2010-08-16 21:33:22 +02:00
Volker Lendecke
13d1e39e47 s3: Fix some type-punned warnings 2010-08-16 13:36:27 +02:00
Jelmer Vernooij
d6a5476ee7 Use sockaddr_storage only where we rely on the size, use sockaddr
otherwise (to clarify we can also pass in structs smaller than
sockaddr_storage, such as sockaddr_in).
2008-10-23 19:53:15 +02:00
Jelmer Vernooij
aa982895e5 Add data_blob_string_const_null() function that includes the terminating
null byte and use it in Samba 3.

This matches the behaviour prior to my data_blob changes.
2008-10-13 05:20:26 +02:00
Michael Adam
e0fa472a3b lib/access: make list_match() public.
Michael
(This used to be commit 742bedce41)
2008-08-09 01:15:58 +02:00
Michael Adam
f07cfe3b68 lib/access: make client_match() public.
Michael
(This used to be commit 1b2dec93b6)
2008-08-09 01:15:57 +02:00
Jeremy Allison
6f4cd6df77 client[ADDR_INDEX] is an IPv4 mapped to IPv6, but
the list item is not. Try and match the IPv4 part of
address only. This will happen a lot on IPv6 enabled
systems with IPv4 allow/deny lists in smb.conf.
Bug #5311.
Jeremy.
(This used to be commit 7c3550f82c)
2008-03-06 14:44:07 -08:00
Volker Lendecke
89f7883fe9 Add a singleton cache
First user is yp_default_domain
(This used to be commit c19363eb77)
2007-12-21 09:58:20 +01:00
Jeremy Allison
25074433f4 I can't get away without a 'length' arg. :-).
Jeremy.
(This used to be commit 95d01279a5)
2007-11-03 18:41:26 -07:00
Jeremy Allison
6658165d5e Stop get_peer_addr() and client_addr() from using global
statics. Part of my library cleanups.
Jeremy.
(This used to be commit e848506c85)
2007-11-03 18:15:45 -07:00
Jeremy Allison
34a8e1c51e Fix reversed bool check for access. Found by kukks.
Thanks !
Jeremy.
(This used to be commit a13e8bd39d)
2007-10-25 17:17:46 -07:00
Jeremy Allison
2b2168bff6 Improve IPv4 detection.
Jeremy.
(This used to be commit 2ef50e325c)
2007-10-16 16:01:13 -07:00
Jeremy Allison
ce77126e68 Fix access control code to be IPv6/v4 protocol independent.
Make unix_wild_match() talloc, not pstring based.
Next will be name resolution code, and client code.
Jeremy.
(This used to be commit f6a01b82c5)
2007-10-16 11:33:37 -07:00
Jeremy Allison
8e54530b52 Add start of IPv6 implementation. Currently most of this is avoiding
IPv6 in winbindd, but moves most of the socket functions that were
wrongly in lib/util.c into lib/util_sock.c and provides generic
IPv4/6 independent versions of most things. Still lots of work
to do, but now I can see how I'll fix the access check code.
Nasty part that remains is the name resolution code which is
used to returning arrays of in_addr structs.
Jeremy.
(This used to be commit 3f6bd0e1ec)
2007-10-10 18:25:16 -07:00
Simo Sorce
ab75c56370 r17408: Let us use netgroups even without a NIS domain but just using files
(This used to be commit c065341d3f)
2007-10-10 11:38:32 -05:00
Gerald Carter
f24d88cf9d r7139: trying to reduce the number of diffs between trunk and 3.0; changing version to 3.0.20pre1
(This used to be commit 9727d05241)
2007-10-10 10:57:02 -05:00
Derrell Lipman
9840db418b r6149: Fixes bugs #2498 and 2484.
1. using smbc_getxattr() et al, one may now request all access control
   entities in the ACL without getting all other NT attributes.
2. added the ability to exclude specified attributes from the result set
   provided by smbc_getxattr() et al, when requesting all attributes,
   all NT attributes, or all DOS attributes.
3. eliminated all compiler warnings, including when --enable-developer
   compiler flags are in use.  removed -Wcast-qual flag from list, as that
   is specifically to force warnings in the case of casting away qualifiers.

Note: In the process of eliminating compiler warnings, a few nasties were
      discovered.  In the file libads/sasl.c, PRIVATE kerberos interfaces
      are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED
      kerberos interfaces are being used.  Someone who knows kerberos
      should look at these and determine if there is an alternate method
      of accomplishing the task.
(This used to be commit 994694f7f2)
2007-10-10 10:56:24 -05:00
Jeremy Allison
acf9d61421 r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
2007-10-10 10:53:32 -05:00
Gerald Carter
67db65abf1 make sure we use a real network address in case there are extra non-zero octets in hosts allow/deny
(This used to be commit 0348e85177)
2003-12-08 17:40:15 +00:00
Gerald Carter
951e1aa851 fix inverted logic caused by s/strcmp/strequal/; host allow/deny works again; bug 846
(This used to be commit c816b44a9c)
2003-12-01 19:25:41 +00:00
Volker Lendecke
d5573ccde3 Simple rename of get_socket_addr to get_peer_addr and get_socket_name to
get_peer_name. This is to get closer to the getsockname/getpeername system
functions.

Next step will be the %i macro for the local IP address. I still want to play
%L-games in times of port 445.

Volker
(This used to be commit d7162122ea)
2003-11-07 09:03:02 +00:00
Jeremy Allison
bb0598faf5 Put strcasecmp/strncasecmp on the banned list (except for needed calls
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at
all and I really want to discourage that.
Jeremy.
(This used to be commit d7e35dfb92)
2003-10-22 23:38:20 +00:00
Herb Lewis
062f89bc28 get rid of some sompiler warnings on IRIX
(This used to be commit a6a39c61e8)
2003-08-15 01:42:30 +00:00
Gerald Carter
ce9af4e049 round three of CIDR fixes; spotted by Tomoki AONO
(This used to be commit 554026b208)
2003-04-26 16:18:20 +00:00
Gerald Carter
6bbedbdb5a fix byte ordering when using CIDR notation in hosts allow/deny; spotted by Eloy Paris
(This used to be commit 6155144b9f)
2003-04-18 14:55:43 +00:00
Gerald Carter
06068da0dc fix CIDR hosts allow/deny notation
(This used to be commit 84707fd95e)
2003-03-28 15:42:36 +00:00
Jeremy Allison
2f194322d4 Removed global_myworkgroup, global_myname, global_myscope. Added liberal
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit f755711df8)
2002-11-12 23:20:50 +00:00
Andrew Bartlett
35ac9d287f Try to catch up on the code I've put into HEAD that should be in 3.0:
- vorlan's hosts allow with DNS names patch
 - use x_fileno() in debug.c, not the struct directly.
 - check for server timeout on password change (was reporting success)
 - better error/status loggin in both the pam_winbind client and winbindd_pam
server code.
 - (pdb_ldap) don't set the ldap version twice - we do it on every bind anyway.
(This used to be commit 9fa1863d8e)
2002-10-26 02:20:59 +00:00
Andrew Tridgell
e90b652848 updated the 3.0 branch from the head branch - ready for alpha18
(This used to be commit 03ac082dcb)
2002-07-15 10:35:28 +00:00
Jeremy Allison
0d87fb91c4 Allow hosts allow/deny to use xx.xx.xx.xx/yy syntax.
Jeremy.
(This used to be commit ea60c50109)
2002-03-27 01:56:31 +00:00
Jeremy Allison
a0b86d4cd2 If 127.0.0.1 matches both allow & deny then allow. Patch from Steve Langasek vorlon@netexpress.net
Jeremy.
(This used to be commit 478696e924)
2002-01-18 03:08:40 +00:00
Andrew Bartlett
f9879578c6 More spelling and grammer from Vance. <vance@digital-host.net>
Thanks!

Andrew Bartlett
(This used to be commit f019bed766)
2001-10-29 08:26:45 +00:00
Tim Potter
dc1fc3ee8e Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.
(This used to be commit 2d0922b0ea)
2001-10-02 04:29:50 +00:00
Simo Sorce
484a7c0341 move to SAFE_FREE()
(This used to be commit 60e907b7e8)
2001-09-17 02:19:44 +00:00
Andrew Tridgell
527e824293 strchr and strrchr are macros when compiling with optimisation in gcc, so we can't redefine them. damn.
(This used to be commit c41fc06376)
2001-07-04 07:36:09 +00:00
Simo Sorce
d56e091694 fix compiler warnings
(This used to be commit 7420e2f789)
2001-06-23 14:13:32 +00:00
Simo Sorce
82970b833c initial support for paramter type P_LIST
it will avoid problems with lists being longer than 1024 bytes
just now only ip list parameters have been converted to the new type
(hosts allow, hosts deny, ssl hosts, ssl hosts resign)
(This used to be commit e1572f85d6)
2001-06-20 16:54:32 +00:00
Gerald Carter
911975c88f merge from 2.2
(This used to be commit f87f3707f3)
2001-04-20 15:39:51 +00:00
Gerald Carter
0fc676c335 merge from 2.2
(This used to be commit 79f4c4ad74)
2001-04-19 23:13:38 +00:00
Jeremy Allison
e7a6cb234a Removed one samba-bugs ref. from source.
Jeremy.
(This used to be commit d40ee1707d)
2001-04-14 21:26:45 +00:00
Gerald Carter
85cab6559e merge from 2.2
(This used to be commit 3a03065b43)
2001-03-27 00:03:49 +00:00
Andrew Tridgell
2fa922611b finally got sick of the "extern int Client" code and the stupid
assumption that we have one socket everywhere

while doing so I discovered a few bugs!

1) the clientgen session retarget code if used from smbd or nmbd would
cause a crash as it called close_sockets() which closed our main
socket! fixed by removing close_sockets() completely - it is unnecessary

2) the caching in client_addr() and client_name() was bogus - it could
easily get fooled and give the wrong result. fixed.

3) the retarget could could recurse, allowing an easy denial of
service attack on nmbd. fixed.
(This used to be commit 5937ab14d2)
2000-04-11 13:55:53 +00:00
Andrew Tridgell
3db52feb1f first pass at updating head branch to be to be the same as the SAMBA_2_0 branch
(This used to be commit 453a822a76)
1999-12-13 13:27:58 +00:00
Andrew Tridgell
f120a81a72 global change from samba.anu.edu.au to samba.org
(This used to be commit 42d2509c9f)
1998-11-21 13:20:31 +00:00