1
0
mirror of https://github.com/samba-team/samba.git synced 2025-02-15 05:57:49 +03:00

2066 Commits

Author SHA1 Message Date
Jeremy Allison
a83bac7571 Shadow copy API - Original work by "Ken Cross" <kcross@nssolutions.com>, adapted
into a patch by "Stefan (metze) Metzmacher" <metze@metzemix.de>.
Jeremy.
(This used to be commit ce5c91d35dabc5ff6fb3df2b259ed186d6a7e0da)
2003-08-07 21:47:46 +00:00
Jeremy Allison
3bbe9c0869 An oplock break reply from the client causes the sequence number to be
updated by 2 if there is no open reply outstanding, else by one....
Yes - this makes no sense....
Jeremy.
(This used to be commit b43ce1ff6109f6422a621329ceb713b42df40040)
2003-08-07 05:36:08 +00:00
Jeremy Allison
110abf10d2 Turns out I had my packet sequences wrong for oplock break code.
I was storing the mid of the oplock break - I should have been
storing the mid from the open. There are thus 2 types of deferred
packet sequence returns - ones that increment the sequence number
(returns from oplock causing opens) and ones that don't (change notify
returns etc). Running with signing forced on does lead to some
interesting tests :-).
Jeremy.
(This used to be commit 85907f02cec566502d9e4adabbd414020a26064d)
2003-08-07 02:59:52 +00:00
Tim Potter
74be920b0e Spelling.
(This used to be commit 7d009ebf66c82b254828bac267102eb6e6a4a75e)
2003-08-06 01:14:51 +00:00
Jeremy Allison
99a4bb07a9 Fix up #defines around utmp_host and utmp_name. Noticed by Cord.Hockemeyer@uni-graz.at
Jeremy.
(This used to be commit 07c5ecb945c1189fd6e8628f5e989b90dd15163b)
2003-08-03 18:50:00 +00:00
Jeremy Allison
8d992a7102 Output message saying "signed connect" instead of just connect when signing
is active.
Jeremy.
(This used to be commit c6674fa62865b64aa788a1903db118e4d773bcae)
2003-08-03 07:20:05 +00:00
Jeremy Allison
b925d197f5 Ensure we don't leak any sign records on cancel of pending requests.
Jeremy.
(This used to be commit 9a8ffc239c0f1aada713de7e9e007066738d8874)
2003-08-02 08:48:01 +00:00
Jeremy Allison
099bd33a99 More fixes for client and server side signing. Ensure sequence numbers
are updated correctly on returning an error for server trans streams.
Ensure we turn off client trans streams on error.
Jeremy.
(This used to be commit 3a789cb7f01115c37404e5a696de363287cb0e5f)
2003-08-02 07:07:38 +00:00
Jeremy Allison
760e58cf80 Add the same signing code to the server. Ensure we use identical session
numbers and MIDs when in trans/trans2/nttrans code.
Jeremy.
(This used to be commit 901544b29b4d815709b3dbad3012f1d2c419d904)
2003-08-02 03:06:07 +00:00
Jim McDonough
8c64504f7c Update my copyrights according to my agreement with IBM
(This used to be commit a2bd8f0bfa12f2a1e33c96bc9dabcc0e2171700d)
2003-08-01 15:30:44 +00:00
Gerald Carter
0da36b22ff only honor the first OID in the sessetup snego negotiate. Deviates
from RFC but I'm smelling a client bug here.

	/* only look at the first OID for determining the mechToken --
	   accoirding to RFC2478, we should choose the one we want
	   and renegotiate, but i smell a client bug here..

	   Problem observed when connecting to a member (samba box)
	   of an AD domain as a user in a Samba domain.  Samba member
	   server sent back krb5/mskrb5/ntlmssp as mechtypes, but the
	   client (2ksp3) replied with ntlmssp/mskrb5/krb5 and an
	   NTLMSSP mechtoken.                 --jerry              */
(This used to be commit 731420b03dbc15977822f74047e931dc62284fc0)
2003-07-31 19:01:22 +00:00
Jeremy Allison
ba12e6bb5f Wrap calls to change_oem_password() in become_root()/unbecome_root() pairs
to allow UNIX password change scripts to work correctly. This is safe as
the old password has been checked as correct before invoking this.
Jeremy.
(This used to be commit 1734d43eb55561d46a6ffb5d806afedfd3746f9f)
2003-07-31 01:33:44 +00:00
Jeremy Allison
29ca70cd34 Add a command line option (-S on|off|required) to enable signing on client
connections. Overrides smb.conf parameter if set.
Jeremy.
(This used to be commit 879309671df6b530e0bff69559422a417da4a307)
2003-07-30 23:49:29 +00:00
Jeremy Allison
6070a519c2 Fix bug . Stop unmangle of name into a wildcard name from deleting more
than was intended.
Jeremy.
(This used to be commit e2742e0d897a35820a7d8f184292c32a4c3952e3)
2003-07-29 19:16:59 +00:00
Jeremy Allison
79a5d2e31b Finish tridge's patch as referenced here :
make sure we don't allow the creation of directories containing
wildcard characters. I've only put this in mkdir at the moment, but I
suspect this will apply to all places that can create new filenames.

We need to allow the opening of existing filenames that contain
wildcards, but not allow the creation of new ones.

Jeremy.
(This used to be commit 7f111e545d198faa5fa89f6d360db0d5c32a8bd7)
2003-07-29 17:34:20 +00:00
Andrew Bartlett
5b84b13a1e Allow the stat cache to better handle invalid multibyte strings, by using
strdup_upper().  This function may fail - and we can just drop out of using
the cache in that case.  (Rather than panicing).

This also should get us closer to supporting all of the weird 'longer/shorter'
on uppercase/lowercase.

Andrew Bartlett
(This used to be commit d4c9261725578231079ed83e8e6584f12bd1cc43)
2003-07-27 03:40:45 +00:00
Andrew Bartlett
1478bcd847 Try again to fix up 'session request' name exchange. This time we actualy
get the names...

Andrew Bartlett
(This used to be commit 7c9e204f7eb15139532f2cc522ed87d0ac34d118)
2003-07-27 03:29:40 +00:00
Andrew Bartlett
455bb6de90 Some small fixes to our charset conversion code:
- Treat the NMB names in the 'session request' packet as 'ASCII'.  This means
   that we do not get invalid multibyte from the wire, even if we truncate
   in the conversion.  (Otherwise we panic when we try to strupper_m it).

 - Remove acnv_uxu2(), as it was duplicated by push_ucs2_allocate()
 - Remove acnv_dosu2(), as it is not used.

 - In push_ucs2(), with the STR_UPPER flag, do the case conversion *after*
   the UCS2 conversion, when it we know that the length can't change.  Also
   faster, as we don't need to do another 2 UCS2 conversions.

Andrew Bartlett
(This used to be commit 912035af1178424583d0bf887a391a0cac2acd87)
2003-07-27 02:28:25 +00:00
Jeremy Allison
559439e1f4 Start the packet signing engine in the kerberos case in the same place
as the ntlmssp case.
Jeremy.
(This used to be commit 79e0bf829875fc985f1940dc31ee418aad910ed6)
2003-07-25 23:43:22 +00:00
Tim Potter
7d833de662 More printf portability fixes. Got caught out by some gcc'isms last
time.  )-:
(This used to be commit 59dae1da66a5eb7e128263bd578f167d8746e9f0)
2003-07-25 04:24:40 +00:00
Tim Potter
77373f1f8e More printf fixes - size_t is long on some architectures.
(This used to be commit ba4d334b822248d8ab929c9568533431603d967e)
2003-07-24 23:46:27 +00:00
Jeremy Allison
60097e0d8d Fix from matt.zinkevicius@hp.com to stop files being created on read-only
shares in some circumstances.
Jeremy.
(This used to be commit b826e8c8980d26e932da55384f109f0fe6a124c7)
2003-07-24 19:10:52 +00:00
Jeremy Allison
ceb68ee051 Fix packet signing with asynchronous oplock breaks. Removed bad error message
due to w2k bug. I think this code is now working.... Need more testing of course
but works on all the obvious cases I can think of.
Jeremy.
(This used to be commit a6e537f6611cc1357fffea0b69901fba7c9ad6ea)
2003-07-24 19:05:32 +00:00
Alexander Bokovoy
ae6a63fa46 Rise debug level to 5 for not-found-nt-quota message (quota setting for user wasn't found)
(This used to be commit 422dffdc40742091df027fcffbc074eb2b1396dc)
2003-07-24 11:37:11 +00:00
Jeremy Allison
0c9433c031 Ensure everywhere we defer an incoming SMB request (blocking lock queue,
in oplock break state, change notify queue) we also push the MID onto
the deferred signing queue. Tomorrow I will test this with valgrind and
oplock tests.
Jeremy.
(This used to be commit 33a377f3726c85379ba5b962dd7c8ead337b892f)
2003-07-24 06:56:56 +00:00
Jeremy Allison
08634e26e4 SMB signing is now working with change notify. Need to fix the disconnect
when bad signature received, plus check the oplock breaks....
Jermey.
(This used to be commit dd83931a00ec0a2c4b78b939c54bc101ec82312f)
2003-07-24 06:19:37 +00:00
Jeremy Allison
79e2d7c24e Server side NTLM signing works - until the first async packet. Working on this
next....
Jeremy.
(This used to be commit eff74a1fcc597497a4c70589a44c1b70e93ab549)
2003-07-24 04:25:37 +00:00
Gerald Carter
3a5dc7c2ec convert snprintf() calls using pstrings & fstrings
to pstr_sprintf() and fstr_sprintf() to try to standardize.
lots of snprintf() calls were using len-1; some were using
len.  At least this helps to be consistent.
(This used to be commit 9f835b85dd38cbe655eb19021ff763f31886ac00)
2003-07-23 12:33:59 +00:00
Tim Potter
80c1f1d865 Fixup a bunch of printf-style functions and debugs to use unsigned long when
displaying pid_t, uid_t and gid_t values.  This removes a whole lot of warnings
on some of the 64-bit build farm machines as well as help us out when 64-bit
uid/gid/pid values come along.
(This used to be commit f93528ba007c8800a850678f35f499fb7360fb9a)
2003-07-22 04:31:20 +00:00
Richard Sharpe
f746a68030 Clarify a debug log a little. The path might not exist, so say so.
(This used to be commit 8409cf3e470df79f219f9a21c0cb780e9257186c)
2003-07-21 20:20:09 +00:00
Andrew Tridgell
5e252c86bd make sure we don't allow the creation of directories containing
wildcard characters. I've only put this in mkdir at the moment, but I
suspect this will apply to all places that can create new filenames.

We need to allow the opening of existing filenames that contain
wildcards, but not allow the creation of new ones.
(This used to be commit 2fd5569938b8970f3e9d761eecad5bc0b8bb267e)
2003-07-18 07:07:29 +00:00
Andrew Tridgell
14f3c75070 this fixes a bug where Samba would under some circumstances return
incomplete directory listings. The problem was the exact_match
optimisation that short circuited directory listings on exact
matches. This optimisation doesn't work when the unix filename
contains Microsoft wildcard characters.
(This used to be commit 84cee2c3fcc34fe6356e842821a5f0a361477637)
2003-07-18 06:48:28 +00:00
Jeremy Allison
814e987c62 Signing so far... the client code fails on a SMBtrans2 secondary transaction
I think (my changes haven't affected this I believe). Initial support on the
server side for smbclient. Still doesn't work for w2k clients I think...
Work in progress..... (don't change).
Jeremy.
(This used to be commit e5714edc233424c2f74edb6d658f32f8e0ec9275)
2003-07-18 00:53:34 +00:00
Jeremy Allison
5b4a2dfd2b Formatting tidyups to match the rest of the source.
Jeremy.
(This used to be commit 86c5ebcf8f5eb57e9885627b3da4e486ee3f62d9)
2003-07-17 18:55:40 +00:00
Jeremy Allison
583fc85078 Correctly toggle the signing state to what it was previosly when sending
an oplock break.
Jeremy.
(This used to be commit 9515de83a864250c417cf490b7be714c8e1e127e)
2003-07-17 00:58:14 +00:00
Jeremy Allison
9ad4fbcf75 Don't allow read/write raw when signing is active.
Jeremy.
(This used to be commit 8d2a848052df03dad7bfeb5e7be96f8e9a509bbf)
2003-07-17 00:53:37 +00:00
Jeremy Allison
f1b6cd794d Putting the framework for server signing in place. Ensure we don't use
sendfile when signing (I need to add this for readbraw/writebraw too...).
Jeremy.
(This used to be commit f2e84f1ba67b13ff29e24a38099b559d9033a680)
2003-07-17 00:48:21 +00:00
Jeremy Allison
4fbbaff415 Add API framework for server SMB signing.
Jeremy.
(This used to be commit 61fc9a7b2eafdf8cbed1f8d9aae016b828c91a08)
2003-07-16 21:06:21 +00:00
Jeremy Allison
1eff052300 Reformatting fixes to bring in line with the rest of the source.
Jeremy.
(This used to be commit 3c11d9362379f16bb0d14449f64e731efad97ffe)
2003-07-16 18:06:27 +00:00
Jeremy Allison
c44a9d25a2 Added the "required" keyword to the "client signing" parameter to force it
on. Fail if missmatch. Small format tidyups in smbd/sesssetup.c. Preparing
to add signing on server side.
Jeremy.
(This used to be commit c390b3e4cd68cfc233ddf14d139e25d40f050f27)
2003-07-15 23:05:57 +00:00
Gerald Carter
733f767b94 fix sid_to_[uid|gid] (spotted by Volker).
Still testing this, but I'm checking it in
so Volker can test it as well.  Should be right.
(This used to be commit 8edf193722f699cc33baed410917a78a5e28d0a4)
2003-07-11 16:37:23 +00:00
Herb Lewis
5359b8dc97 use names from enumerated type to get rid of compiler warnings
(This used to be commit c9d6782e091406ed105b7dc34c8c83e53bfe515e)
2003-07-11 14:33:13 +00:00
Richard Sharpe
a7ef6aac3a Fix a small spelling mistake and push out the new version of aclocal.m4 to
properly handle iconv on FreeBSD ...

It works on Linux and FreeBSD ...
(This used to be commit 9302401f543bd3684657b38f046dc52a5a732035)
2003-07-09 23:01:08 +00:00
Gerald Carter
16ff7b26f6 Large set of changes to add UNIX account/group management
to winbindd.  See README.idmap-and-winbind-changes for details.
(This used to be commit 1111bc7b0c7165e1cdf8d90eb49f4c368d2eded6)
2003-07-09 16:44:47 +00:00
Jeremy Allison
4072006fec Get rid of DISP_USER_INFO/DISP_GROUP_INFO as they serve no useful
purpose. Replace with an array of SAM_ACCOUNT/DOMAIN_GRP entries.
ZERO struct's in smbd/uid.c stops core dumps when sid_to_XX
functions fail. Getting ready to add caching.
Jeremy.
(This used to be commit 9d0692a54fe2cb087f25796ec2ab5e1d8433e388)
2003-07-09 00:23:42 +00:00
Jeremy Allison
4f0b771af0 Ensure we correctly test for errors in uid/gid_to sid.
Jeremy.
(This used to be commit f3c2e73a8c1c592d407542c12c0a445103415bc0)
2003-07-09 00:01:40 +00:00
Jeremy Allison
e4bfa0a460 Moved SAM_ACCOUNT marshall/unmarshall functions to make them externally
available. Removed extra auth_init (thanks metze).
Jeremy.
(This used to be commit 88135fbc4998c266052647f8b8e437ac01cf50ae)
2003-07-08 21:58:29 +00:00
Jeremy Allison
e5aa73dab1 Fix spotted by Nadav Danieli <nadavd@exanet.com> - ensure dev and inode
to fix open mode race condition.
Jeremy.
(This used to be commit cbde1c8dfcd9d3bef956fe073e7108a54b48844b)
2003-07-07 22:29:40 +00:00
Jeremy Allison
45ac30db09 Fix from MORIYAMA Masayuki <msyk@mtg.biglobe.ne.jp> for new MB statcache
code. Bug .
Jeremy.
(This used to be commit 7a1ac7be42dfb90fd44f2c51810eedcea052386b)
2003-07-07 20:22:35 +00:00
Jeremy Allison
436555aaa7 Fixed a couple of const issues with the new code.
Jeremy.
(This used to be commit e9fb6e45086a6170b6f6d5d3295398708ab1af58)
2003-07-07 17:04:48 +00:00