IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
to account for padding/alignment issues. Eventually I'd like to find a
way to get rid of this construct altogether as it is a bit error
prone and hard to debug.
also added a new macro:
ZERO_STRUCTP() that takes a pointer to a structure and zeros the
structure. Used in nmbd to zero allocated structures before freeing
them to try to catch bugs a bit faster.
(This used to be commit d3dda65d51)
correctly. Added new parameter "stat cache size" - set to 50 by default.
I now declare the statcache code officially "open" for business :-).
It gets a hit rate of 97% with a NetBench run and seems to make
using a case insensitive run as efficient as a case sensitive run.
Also tidied up our sys_select usage - added a maxfd parameter and
also added an implementation of select in terms of poll(), for systems
where poll() is much faster. This is disabled by default.
Jeremy.
(This used to be commit 779b924ec1)
the head of an SMB request (ie. are part of a chain) will not be queued -
this will be fixed when we move to the new chain code. In practice, this
doesn't seem to cause much of a problem (in my admittedly limited testing)
bug a debug level zero message will be placed in the log when this
happens to help determine how real the problem is.
smbd/locking.c: New debug messages.
smbd/blocking.c: New blocking code - handles SMBlock, SMBlockread and SMBlockingX
smbd/chgpasswd.c: Fix for master fd leak.
smbd/files.c: Tidyup comment.
smbd/nttrans.c: Added fnum to debug message.
smbd/process.c: Made chain_reply() use construct_reply_common(). Added blocking
lock queue processing into idle loop.
smbd/reply.c: Added queue pushes for SMBlock, SMBlockread and SMBlockingX.
Jeremy.
(This used to be commit e1dd03ecda)
include/includes.h: Added nterr.h.
locking/locking.c: Moved blocking lock code into smbd/blocking.c for link purposes.
smbd/close.c: Added blocking lock removal to file close.
smbd/filename.c: Tidied up unix_convert() so I could read it (:-) in preparation
for the stat_cache code.
smbd/nttrans.c: Added WRITE_ATTRIBUTES check.
smbd/reply.c: Fixed multibyte char problem in wildcard mask.
Jeremy.
(This used to be commit 148eaba3da)
the splitup was done with an axe, not a scalpel, so there are some
rough edges. I mostly wanted to get the general form right with fine
tuning of what goes where to come later. Still, this is better than
what we had before where server.c was a general repository for
anything that didn't fit elsewhere.
(This used to be commit a6d194886a)
server.c without breaking things.
this splits off netprot.c and fileio.c for negprot and read/write/seek
handling respectively.
(This used to be commit b3d7014643)
the chain pointer is now stored as a static and is set whenever a
handle is created or extracted. This also makes the code less error
prone.
(This used to be commit 068a862982)
removed most cases where a pnum is used and substituted a pipes_struct*.
in files.c I added a offset of 0x1000 to all file handles on the
wire. This makes it much less likely that bad parsing will give us the
wrong field.
(This used to be commit 8bc2627ff2)
private to files.c)
It now is a doubly linked list with a bitmap for allocated file
numbers. Similarly for the fd_ptr code. I also changed the default
maximum number of open files to 4096. The static cost is 1 bit per
file.
It all seems to work, and it passes the "does Sue scream" test, but if
you see weird behaviour then please investigate. With the volume of
new code that has gone in there are bound to be one or two bugs
lurking.
note that you must do a "make clean" before building this as many data
structures have changed in size.
(This used to be commit 79755ce970)
Connections[] is now a local array in server.c
I might have broken something with this change. In particular the
oplock code is suspect and some .dll files aren't being oplocked when
I expected them to be. I'll look at it after I've got some sleep.
(This used to be commit c7ee025ead)
locking/locking.c: Made #ifdef'ed out functions static for Make proto.
lib/util.c: Re-instated old mask_match code for UNIX filesystem checks
only. Client calls use the new mask_match code. Changed the
name of the old function to unix_mask_match.
Jeremy.
(This used to be commit b68e756ff5)
illogical places. Once I get everything compiled these will need to be
revisited, but at least the new Makefile.in makes it really obvious
what is out of place.
(This used to be commit beef5341fc)
for changes in the directory modify timestamps. A better version
will look at the requested client flags, and create a hash that
represents the current state of the directory, and check against
this instead.
debug.c: Added lp_timestamp_logs() function.
loadparm.c: Added "change notify timeout" in seconds (default 60)
- this is the scan rate for a directory.
Added ""timestamp logs" boolean - default True. Turns
off log timestamps (so I can read them :-).
nttrans.c: ChangeNotify implementation.
server.c: ChangeNotify implementation.
shmem_sysv.c: Added exits on shmem errors (without them smbd can
core dump if some calls fail).
smb.h: Added ChangeNotify flags for future use.
util.c: Tidied up typedef.
Jeremy.
(This used to be commit a0748c3f53)
Makefile.in: I've added debug.o.
proto.h : Rebuilt, as is standard for these sorts of things.
smb.h : New macros, etc.
util.c : Debug code removed.
I'll check in debug.c in the next step.
Chris -)-----
(This used to be commit 653c17c1b8)
loadparm.c: Added "ole locking compatibility" option (default "true").
locking.c: Changes to implement union in files_struct.
locking_shm.c: Changes to implement union in files_struct.
nttrans.c: Made opening a directory explicit (we have to).
Added create directory code for nttrans.
reply.c: Changes to implement union in files_struct.
server.c: Changes to implement union in files_struct. Added create directory code.
trans2.c: Changes to implement union in files_struct.
smb.h: Changes to implement union in files_struct.
util.c: Changed linked list code to UNIQX linked list. This will make
the other lists I need to implement for ChangeNotify and blocking
locks easier.
Jeremy.
(This used to be commit 3a5eea850b)
reply.c: Do the same mask expansion we do in trans2.c - needed for Win98.
trans2.c: Make the mask expansion into a function call now we have to
do it twice.
Jeremy.
(This used to be commit 7b3a9d6285)
locking.c: Added code to deal with real open mode of file.
reply.c: Added strict sync parameter.
server.c: Added strict sync parameter. Fixed open modes.
Jeremy.
(This used to be commit ed57b603b5)
local.h: Kept FSTYPE_STRING as Samba for now.
nmbd_browsesync.c: Added bugfix from Matt Chapman mattyc@cyberdude.com
- lmb_browserlist is now a struct ubi_dlList not a
struct browse_cache_record *.
server.c:
smb.h:
uid.c:
password.c: Removed attrs code - it is not used anywhere.
Jeremy
(This used to be commit ef1af7fe6d)
as the code in reply_lockingX wasn't taking account of
the difference between read and write locks ! How did this
ever work :-) !
reply.c:
server.c: Add lock type to is_locked() and do_lock().
util.c: Also added code from klausr@ITAP.Physik.Uni-Stuttgart.De
to fix problem with log files growing too large if an
smbd writes less than 100 debug messages.
Jeremy.
(This used to be commit 80080abf77)
local.h: Changed MAXDIR to MAX_OPEN_DIRECTORIES - shmem size also tuned by this.
dir.c: Use MAX_OPEN_DIRECTORIES.
nttrans.c: Allow opening of a directory to succeed. Doesn't actually open
a file descriptor but takes a files_struct slot marked as an
fd.
reply.c: Changed to close any outstanding is_directory files.
reply_close changed to understand directory files.
server.c: Added open_directory(), close_directory() calls.
smb.h: Added is_directory to files_struct.
Changed OPEN_FNUM to check that target is !is_directory (this
prevents the normal file calls from processing a directory
files_struct.
Jeremy.
(This used to be commit e01ce693f4)
includes.h: Added termios.h for AIX.
nttrans.c: Working NT SMB calls !
pipes.c: Use strequal instead of strcmp.
server.c: Use #defines rather than numbers.
smb.h: Updated NT SMB #defines.
Jeremy.
(This used to be commit 3e5cada988)
ipc.c:
loadparm.c:
printing.c:
Added code from <Dirk.DeWachter@rug.ac.be> to implement print
queue pausing. New parameters are "queuepause command" and
"queueresume command".
util.c: Added fix for mount options in autmount map.
lib/rpc/include/rpc_misc.h: Removed duplicate pipe names for Jean-Francois.
Jeremy.
(This used to be commit 559a9bf2bb)
mem_dup() allocates the required memory before copying the
source data. It returns NULL if memory could not be allcoated,
else a pointer to the newly allocated memory.
proto.h: Rebuilt to add the prototype for mem_dup().
(This used to be commit 7f7e265ab4)
reply.c: Broke out the internals of reply_mv so that they may be called
externally from the NT transact rename.
server.c: Changed stat calls to sys_stat - found in code review
of bugfix.
Jeremy.
(This used to be commit fb19dad88e)
password change core dump bug.
nmbd_subnetdb.c: Make namelist_entry_compare() static.
nttrans.c: More NT SMB stuff.
Jeremy.
(This used to be commit 1925a29c6b)
nmbd_become_lmb.c: Add 'force_new_election' parameter to some functions.
This allows the start of the election to be done *after*
the demotion from local master browser is done.
Also changed code so release of 1d name is done
immediately to allow other local master to gain it.
nmbd_elections.c: Ensured no elections are run until we have registered
the WORKGROUP<1e> name that we must listen on to participate
in elections.
nmbd_incomingdgrams.c: Use force_new_election code.
nmbd_namelistdb.c: Make update_name_in_namelist static.
nmbd_subnetdb.c: Fix bug in comparison function. We cannot use memcmp
as structure packing may make this fail.
nmbd_packets.c: Ensure that we only send one release packet when
sending a broadcast packet.
nmbd_workgroupdb.c: Ensure we put the correct value in the ElectionCriterion field.
nmblib.c: Ensure make_nmb_name zero's the struct nmb_name.
Jeremy.
(This used to be commit 1fcb094ba0)
clitar.c: Added 'Samba style' comments before string_create_s().
loadparm.c: Fixed missing comma in SSL code.
util.c: Removed string_create_s(). Currently it's only called from
clitar.c and having it here as well as a static in clitar
causes the compile to break (Richard, please decide where
you want this function).
lib/rpc/parse/parse_net.c: Fix from <anders.blomdell@control.lth.se>
to stop coredump on missing parameter.
Jeremy.
(This used to be commit d23b443225)
This patch may not yet compile with -DUSE_SSL enabled, further
Makefile changes may be needed. But it was important to get
this code in place before I go off to USENIX.
Jeremy.
(This used to be commit 31e768369f)
includes.h: Added ubi_sLinkList.h include.
loadparm.c: Added groupname map parameter.
password.c: Fix HPUX big_crypt.
username.c: New user_in_list() code. Moved groupname map code to groupname.c
lib/rpc/server/srv_util.c: Added lookup_wellknown_sid_from_name().
New groupname map stuff. Note that nothing currently uses this but at
compiles ok.
Jeremy.
(This used to be commit beef636a4d)
reply.c: map_username is now a BOOL function.
server.c: Added capability to do map_username on service names
when looking for a home directory. That's what the
original code would do.
lib/rpc/server/srv_util.c: Changed domain_ to builtin_ for
BUILTIN aliases.
username.c: Work in progress on groupname map parameter.
Jeremy
(This used to be commit fa95fae5ee)
Chris's reformating of the (rather long named function) find_name_for_remote_broadcast_subnet
(moving the function name onto a line on it's own) caused the proto
awk script to miss it.
Jeremy.
(This used to be commit 17c758687f)
*Not* the usual. I did make proto to add the #ifndef..#endif block.
Just to be safe, I did a cvs diff and found no prototype changes.
ubiqx/sys_includes.h
More fudging. I want to use binary tree typdefs in nameserv.h, but
nameserv.h is included in includes.h which is included by all of the
ubiqx modules. The result is that the types are referenced before
they are declared. My solution is to prevent nameserv.h and proto.h
from being included in the ubiqx modules (where they are not needed
anyway).
Chris -)-----
(This used to be commit f128fda8e6)
passdb.c:
lib/rpc/include/rpc_misc.h: First cut at automatic uid/gid to rid mapping.
We can change this at a later date to make more bits available if neccessary.
Jeremy.
(This used to be commit 34f40474ab)
help of Ums Harald <Harald.Ums@pro-sieben.de>, who has been
testing our 8.3 wildcards with a test suite.
With his new code for 8.3 matching, this is the test done
(I'm quoting from his email)
"I tested it by generating a directory with about 7600 Files and run
automatc tests with about 4000 patterns. The result from Win95 -> WinNT
and Win95 -> Samba where identical according to diff."
I have also re-written the long filename wildcard code,
so that doing DIR a*z now matches files :
AAA.BBB.CCCC....ZZZZ
correctly, and other fixes besides.
I sincerely hope I can lay this (horrid) issue to rest
now :-).
Jeremy.
(This used to be commit 94e3f0d9b4)
password.c: Added code to tell server.c when machine password needs changing.
server.c: Change machine password in idle cycles if it needs it.
smbpassfile.c: Fixed up length calculations for machine password file.
smbpasswd.c: Moved domain joining code/machine password changing code.
lib/rpc/client/cli_netlogon.c: And this is where it now lives.
Jeremy.
(This used to be commit b8fedca619)
be supported. there are some stub routines in passdb.c which can be
copied into a password database api which do conversion. the module
writer can choose which of these to provide full support for instead
of using the conversion routines.
(This used to be commit d906ac5941)
- added support for some of the new passdb_ops functions.
- removed functions that are supported "indirectly" through passdb.c
nisppass.c :
- modified make_nisname_from_xxx() functions to take a "file" arg.
- turned getnisp21pwuid() into getnisp21pwrid(). getnisp21pwuid()
functionality is available through "indirect" support in passdb.c
- removed functions that are supported "indirectly" through passdb.c
- added support for some of the new passdb_ops functions.
passdb.c :
- created getsam21pwrid() function to go alongside getsam21pwuid.
it is not expected that getsam21pwuid ever be used, certainly
not from the lib/rpc code.
- created getsamdisprid() and getsamdispent(). these are primarily
for support of SamrQueryDisplayInfo, however given that they
[struct sam_disp_info] return username, rid and fullname, there may
be further instances where these functions will be useful.
- added support where either the get/add/mod-smb or get/add/mod-sam21
functions are optional. this can be done very easily by checking
whether the struct passdb_ops table functions are NULL or not.
documented this capability in the notes at the top of the module.
- where unix uid was referenced, use uid_t.
- where unix gid was referenced, use gid_t.
smb.h :
- added sam_disp_info functions to passdb_ops.
- added getsam21pwrid() function.
smbpass.c :
- added reference to iterate_getsam21pwrid().
lib/rpc/server/srv_samr.c :
- removed group rid code added to get_user_info_21() code: this
had been added in the wrong place. the client / server should
already know whether it wants to do a lookup by user rid or
by group rid.
the test of whether the rid is a user or group rid has been left
in because this may become useful consistency-check code.
- converted back to getsam21pwrid() not
getsam21pwuid(pdb_user_rid_to_uid()).
this is because the unix uid to user rid mapping can be non-monotonic
in some password database systems, and monotonic in others. imposing
the restriction by converting immediately from rid to uid at this
point is inadviseable, and will place this potential restriction on
_all_ password database systems, not just some which, for whatever
reason, do not support user rids.
it should be up to the individual password database writer to
convert from user rid to unix uid, should that module not support
rids.
lib/rpc/server/srv_util.c :
- got lookup_user_name() to call getsamdisprid() not getsmbpwuid().
a bug was introduced (or at least the bug already there was not
fixed) whereby the nt user rid was converted to a unix uid, and
then not used.
(This used to be commit 0193dd21c3)
function table, selectable at compile time. This should make the
code that implements all the password functions much cleaner, as
it's now very clear exactly what a particular password database
needs to provide to Samba.
Jeremy.
(This used to be commit 27ca536ad9)
ldap.c: Stoped dummy_function being prototyped.
loadparm.c: Fixed slprintf sizes.
nisppass.c: Fixed safe_strcpy sizes.
nmbd_processlogon.c: Changed back to getsmb... from getsam...
nttrans.c: Just a dump of new code.
passdb.c: Moved stuff around a lot - stopped any lookups by rid. This
needs to be indirected through a function table (soon).
password.c: Changed back to getsmb... from getsam...
reply.c: Changed back to getsmb... from getsam...
slprintf.c: Fixed prototype problems.
smb.h: Fixed prototype problems.
smbpass.c: Changed to getsmbfile....
smbpasswd.c: Changed back to getsmb... from getsam...
lib/rpc/server/srv_netlog.c: Changed back to getsmb... from getsam...
lib/rpc/server/srv_samr.c: Fixed rid lookup - use uid or gid lookup.
lib/rpc/server/srv_util.c: Changed back to getsmb... from getsam...
Jeremy.
(This used to be commit 7d332b2493)
- added nisppass.c and NISPLUS_FLAGS
includes.h:
- renamed USE_LDAP to USE_LDAP_DB. renamed NISPLUS to USE_NISPLUS_DB.
added default define of USE_SMBPASS_DB.
- removed ldap headers: they are local only to ldap.c
ldap.c :
- made all ldap-specific functions static.
- added dummy sam21 functions
loadparm.c :
- renamed NISPLUS to NISPLUS_HOME
mkproto.awk
- commented out ldap-specific #ifdef generation code: it's not
needed now that ldap-specific functions in ldap.c are static
nisppass.c :
- first attempt at an add function from
(This used to be commit f215d375f0)
server.c: Moved generate_machine_sid() into passdb.c for Jean-Francois
(who might want an LDAP version). Changed locking to free exclusive
lock as soon as possible to prevent contention.
lib/rpc/parse/parse_samr.c
lib/rpc/server/srv_samr.c: Changed last SID-as-string manipulation
function to use DOM_SID structure.
Jeremy.
(This used to be commit 3b8f5aef57)
server.c: Added MACHINE.SID file generation - use lp_domain_sid() be default.
smbpass.c: Exposed do_file_lock() as I now use it in server.c
Jeremy.
(This used to be commit 5bf17840ac)
ipc.c: Caused samba password changing not to be done if UNIX password
changing requested and not successful.
util.c: Added string_to_sid() and sid_to_string() functions.
lib/rpc/client/cli_samr.c:
lib/rpc/include/rpc_misc.h:
lib/rpc/parse/parse_lsa.c:
lib/rpc/parse/parse_misc.c:
lib/rpc/parse/parse_net.c:
lib/rpc/parse/parse_samr.c:
lib/rpc/server/srv_lsa.c:
lib/rpc/server/srv_lsa_hnd.c:
lib/rpc/server/srv_netlog.c:
lib/rpc/server/srv_samr.c:
lib/rpc/server/srv_util.c: Changes so that instead of passing SIDs
around as char *, they are converted to DOM_SID at the earliest
opportunity, and passed around as that. Also added dynamic memory
allocation of group sids. Preparing to auto-generate machine sid.
Jeremy.
(This used to be commit 134d6fa79c)
have vsnprintf.
locking_slow.c: slight tidy.
make_smbcodepage.c: Use safe_strcpy instead of pstrcpy.
nmbd_winsserver.c: Use pstrcpy instead of fstrcpy.
smbmount.c: Fixed reported bug.
util.c: Removed old fstrcpy/fstrcat functions.
Jeremy.
(This used to be commit f257d2e4ba)
It removed all ocurrences of the following functions :
sprintf
strcpy
strcat
The replacements are slprintf, safe_strcpy and safe_strcat.
It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.
Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.
Jeremy.
(This used to be commit 2d77445400)
from which an NT user can log in from. empty (default) indicates no
restrictions. exactly how this is enforced is unknown. from past experience
it's likely that the enforcement is left to the client to carry out...
(This used to be commit 6b2f9ea68f)
Makefile:
created PASSBD_OBJ group
includes.h:
added #ifdef USE_LDAP to #include <ldap> headers
ldap.c:
- renamed "_machine" to "_trust" everywhere.
- added sam_passwd support routines
- removed get_ldappwd_entry function: replaced with get_sampwd_entry
- removed getldappwnam/uid: replaced with getsampwnam/uid
- other messing about bits which are probably going to annoy the
hell out of jean-francois (sorry!)
mkproto.awk:
- added stuff to wrap ldap.c protos with #ifdef USE_LDAP
- added uid_t and gid_t return results to the prototype generation
passdb.c:
- created getsam21pwent, add_sam21pwd_entry, mod_sam21pwd_entry.
- modified getsampwnam/uid and created getsam21pwnam/rid functions
to replace the local get_smbpwd_entry() and get_ldappwd_entry()
functions, which jeremy didn't like anyway because they were
dual-purpose.
- added utility routines which are or may be useful to all the
password database routines.
password.c:
- renamed "machine_" to "trust_" everywhere.
smbpass.c:
- removed get_smbpwd_entry function: replaced it with get_sampwd_entry
functions in passdb.c
- moved code that decoded acct_ctrl into passdb.c
- moved encode_acct_ctrl into passdb.c
- removed getsmbpwnam/uid: replaced with getsampwnam/uid
- renamed "machine_" to "trust_" everywhere.
smbpasswd.c:
- renamed "machine_" to "trust_" everywhere.
util.c:
- moved gethexpwd function into passdb.c
lib/rpc/server/srv_util.c:
- moved user_rid_to_uid, group_rid_to_rid etc etc into passdb.c
(This used to be commit 673ab50c4c)
everywhere. I've implemented slprintf() as a bounds checked sprintf()
using mprotect() and a non-writeable page.
This should prevent any sprintf based security holes.
(This used to be commit ee09e9dadb)
problem....
smbpass.c: Removed Luke's dire warning - as some of the functions in here
*need* to be called externally :-).
Jeremy.
(This used to be commit 1fd8d12ca4)
smbpasswd or ldap passwd, at compile-time (-DUSE_LDAP).
_none_ of the functions in ldap.c or smbpass.c should be called directly:
only those in passdb.c should be used.
-DUSE_LDAP is unlikely to compile at the moment.
(This used to be commit 57b01ad4ff)
things static, and have done a 'make proto; make clean; make'.
Still get 54 compiler warnings under Digital UNIX cc.
Honest. :-)
(This used to be commit 47eb7e5be2)
Essentially, multiple session_setup_and_X's may be done
to an smbd. As there is only one global variable containing
the requested connection name (sessionsetup_user), then any
subsequent sessionsetups overwrite this name (causing %U
and %G to get the wrong name). This is particularly common
when an NT client does a null session setup to get a
browse list after the user has connected, but before
a share has been mounted.
These changes store the requested_name in the vuid structure
(so this only really works for user level and above security)
and copies this name back into the global variable before
the standard_sub call.
Jeremy.
(This used to be commit b5187ad6a3)
ipc.c: Fix for duplicate printer names being long.
loadparm.c: Set bNetWkstaUserLogon to false by default - new code in password.c
protects us.
nmbd_logonnames.c:
nmbd_namequery.c:
nmbd_namerelease.c: Debug messages fix.
password.c: SGI compile warning fix, fix for tcon() with bNetWkstaUserLogon call.
reply.c: SGI compile warning fix.
server.c Debug messages fix.
smbpass.c: Fix for incorrect pointer.
Jeremy.
(This used to be commit 567d3f8389)
passwords to be stored over time, allowing a smbpasswd file migration.
Adds new parameter "update encrypted".
Will also add to 1.9.18 branch.
Docs update to follow.
Jeremy.
(This used to be commit 5d3e874d78)
loadparm.c: Patch from tim@quiknet.com for static string problems.
server.c: Setup global_myname.
smbpass.c: Fix up locking. Add machine_password_delete() call.
smbpasswd.c: Added provisional code to add to a domain.
lib/rpc/client/cli_login.c: Fixed incorrect cred_hash3 call when setting machine password.
lib/rpc/server/srv_netlog.c: Fixed incorrect cred_hash3 call when setting machine password.
Jeremy.
(This used to be commit 6a7164233e)
password.c: Stopped cli_nt_logout call (we don't have it correct yet).
Added Luke object-orientation fix :-).
smb.h: Added clnt_name_slash to cli_state.
lib/rpc/client/cli_login.c: Changed global_myname to clnt_name_slash where needed.
lib/rpc/client/cli_netlogon.c: Fixed debug messages, don't check creds on error.
lib/rpc/client/cli_pipe.c: Fixed debug messages, Added Luke object-orientation fix.
lib/rpc/parse/parse_misc.c: Fixed STRING2 linearization bug that was adding 1.
Jeremy.
(This used to be commit c6c22df201)
WARNING - so far this has only been tested against a Samba PDC
(still waiting for IS to add me the machine accounts :-).
Still missing is the code in smbpasswd that will add a machine
account password and change it on the domain controller, but
this is not hard, and I will check it in soon.
Jeremy.
(This used to be commit 17b94a7084)
turns out that [it can be deduced that] microsoft ignores the SMBreadX
offset, and goes by the SMBreadX length only. this makes for a lot simpler
code, in both client and server.
(This used to be commit a8b641c027)
clientgen.c: Added nt_error as an entry in the struct client_state.
password.c: Open the netlogon pipe.
smb.h: Added nt_error as an entry in the struct client_state.
lib/rpc/parse/parse_net.c: Added comments on net logon.
lib/rpc/server/srv_netlog.c: Added comments on net logon.
Jeremy.
(This used to be commit 899a9f0dce)
password.c: Changed global cli -> pw_cli, removed strtok (bad strtok, bad :-)
use in security=server, started to extend security=domain code.
smbpasswd.c: Removed rap error code functions.
Jeremy.
(This used to be commit 0f00b8fce1)
password.c: Started the initial code for domain_client_validate(). All
bracketed with #ifdef DOMAIN_CLIENT for now.
reply.c: Call to domain_client_validate(). All
bracketed with #ifdef DOMAIN_CLIENT for now.
smbpass.c: New code to get/set machine passwords. Tidied up nesting
of lock calls.
Jeremy.
(This used to be commit 89fe059a68)
clientgen.c: Changed to fill change password buffer with random stuff.
password.c: Changed to get challenge from genrand.c
server.c: Added #ifdef around O_SYNC.
version.h: Changed to 1.9.19prealpha.
genrand.c:
New code to generate (hopefully) good random numbers for
use in crypto challenges/session keys etc.
PLEASE REVIEW THIS CODE AND SUGGEST IMPROVEMENTS !!!!!!
Jeremy.
(This used to be commit 608e985463)
server is sending out a name_query after a WACK, it needs to send
a packet with recursion_desired = 0 (yes Luke, you were right all
along :-). If it doesn't then if it's talking to itself then the
query packet ends up back in the WINS server instead of in the client
side code.
Makefile: Changed proto generation to stop including NMBDOBJ twice.
nmbd_namequery.c nmbd_packets.c nmbd_winsserver.c: Added extra
query_name_from_wins_server() code.
Jeremy.
(This used to be commit c5ca05c295)
regularized parameter syntax:
setup, setup_count, max_setup_count,
params, params_count, max_params_count,
data, data_count, max_data_count,
(and if a reply is needed)
*reply_params, *reply_data_len
*reply_data, *reply_data_len
This allows the pointers and the lengths
that relate to these pointers to be next
to each other in the parameter list. This
makes seeing what you are passing to these
functions much easier to see.
Getting ready for adding the lib/rpc/client
functions needed to do security=domain.
torture.c: Fixed it so it uses / rather than \\
internally for the //machine/share syntax.
Jeremy.
(This used to be commit 38350ea8b9)
smbdes.c: Added cred_hash3.
smbpasswd.c: Fixes for adding a machine account (needs more work).
lib/rpc/server/srv_netlog.c: Turn on the machine password changing
code by default (calls cred_hash3).
Jeremy.
(This used to be commit 50aa513b96)
nmbd.c: Fix for always overwriting log despite append setting.
smb.h: Addition of last time password changed entry to account info.
smbpass.c: Changes to support last time changed field in smbpasswd file.
smbpasswd.c: Changes to support last time changed field in smbpasswd file.
util.c: Fix for always overwriting log despite append setting.
Jeremy.
(This used to be commit eb4fe9ecdf)
get_smbpwd_entry (now an internal function to smbpass.c)
to a more UNIX-like :
getsmbpwnam() - get entry by name.
getsmbpwuid() - get entry by uid.
Changed the type returned by the smbpasswd enumeration
functions to be a void * so that people don't come to
depend on it being a FILE *.
These abstractions should make it much easier to
replace the smbpasswd file with a better backend
in future.
Other files changed are to match the above changes.
Jeremy.
(This used to be commit 1161cfb7f2)
proto.h: The unusual. ;)
reply.c: I changes some function names, and updated reply.c to match.
See mangle.c below for more.
server.c: Changed function names and parameters in file mangle.c, so
changed server.c calls to match. See mangle.c below for more.
mangle.c:
I replaced the caching mechanism used for caching reverse mangled name
maps. The old method was a large array of 256-byte strings. Movement
in the stack (including push and pop) was done by memcpy()ing whole
chunks of memory around.
The new system uses the ubi_Cache module which, in turn, uses a splay
tree. Entries are dynamically allocated using a minimum amount of
memory. Searches are non-linear, which should speed things up a bit,
too. Overall, this should save memory and be faster.
Other changes: I streamlined the is_mangled() test and made other
speed enhancements including replacing some static functions with
macros. Added comments, etc.
Note: Per an E'mail conversation with Andrew, the 'mangled stack'
parameter in smb.conf doesn't do anything anymore. The cache is
now set for 16K bytes maximum memory usage. The mangle stack
parameter is silently ignored. This can easily be changed, but
I'd rather introduce a 'mangled cache memory' parameter and
remove 'mangled stack'.
Remaining problems:
While testing the module, I noticed that something is calling
name_map_mangle() twice. The result is that names which contain
illegal characters are getting mangled twice.
Also, the entire module works by overwriting the input string.
This has a variety of nasty side effects.
Summary:
There's a lot still to be done, but the changes I have in place *should*
work in exactly the same way (except for the mangle stack parameter).
The rest of the bugs and other issues are separate.
Chris -)-----
(This used to be commit 8759bec11b)
ipc.c: Added Luke's debug statement.
locking_slow.c: Added FTRUNCATE_NEEDS_ROOT code for broken systems that
need it (not sure what these are yet).
membuffer.c ntdomain.h proto.h
lib/rpc/include/rpc_dce.h lib/rpc/include/rpc_srvsvc.h
lib/rpc/parse/parse_prs.c lib/rpc/parse/parse_rpc.c
lib/rpc/server/srv_pipe_hnd.c lib/rpc/server/srv_util.c:
Re-merge of Luke's NTDOM changes 'cos he's a lazy git with
carpel tunnel syndrome :-).
Jeremy.
(This used to be commit 52e3966fbc)
stn@techfak.uni-kiel.de (Stefan Nehlsen) to get homes from
the NIS+ map.
smbpasswd.c: Tidy up of cli_state structure.
Jeremy.
(This used to be commit fc2295e0f5)
parameter which allows the new change password code to change the
unix password also. Defaults to OFF.
includes.h: Added termios.h to FreeBSD to allow password changing.
namequery.c: Fixed missing name parameters to debug statements.
Jeremy.
(This used to be commit 4ac50c0f0a)
quotas.c: Linux quota fix.
util.c: Ensure smb_read_error is zero in all calls that can set it.
lib/rpc/include/rpc_misc.h lib/rpc/include/rpc_netlogon.h
lib/rpc/parse/parse_misc.c lib/rpc/parse/parse_net.c
lib/rpc/server/srv_netlog.c : Modify Luke's code to call
SamOEMhash().
Jeremy.
(This used to be commit 7f74970838)
Changed smbpasswd to be client-server for a normal user, rather
than accessing the private/smbpasswd file directly (it still accesses
this file directly when run as root, so root can add users/change a
users password without knowing the old password).
A shakeout of this change is that smbpasswd can now be used to
change a users password on a remote NT machine (yep - you heard
that one right - we can now change a NT password from UNIX !!!!!).
Jeremy.
(This used to be commit 20770b6f1c)
I needed the client_name() and client_addr() functions in swat so I
could tell who was connecting from where. The problem was that these
functions didn't take a file descriptor parameter they just used
the global "Client".
So I needed to change all calls to pass a parameter ... lots of files.
(This used to be commit a776058900)
- added the ability to auto-refresh the status page. There is a
problem with this (it can kill inetd!). Hopefully we can fix that.
(This used to be commit 4488d8932f)
"name resolve order" parameter.
source/Makefile: Re-ordered link for name resolve order code.
source/clientgen.c:
source/clientutil.c: Added calls to resolve_name().
source/includes.h: Added HPUX zombie fix.
source/loadparm.c: Added new name resolve order parameter.
source/namequery.c: Re-wrote to include parsing of lmhosts file, new resolve_name()
function requested by John.
source/nmbd.c: Tell resolve_name not to do WINS lookups if we are the WINS server.
source/nmbd_lmhosts.c: Call lmhosts parsing functions in namequery.c
source/password.c: Call resolve_name() to lookup security=server name.
source/reply.c:
source/time.c:
source/trans2.c: "fake directory create times" fix from Jim Hague - hague@research.canon.com.au.
source/util.c: Removed isalnum() test in Get_Hostname() that seems to cause
problems on many systems.
Jeremy.
(This used to be commit 7f118970da)
I needed to modify the way the pidfile is handled in nmbd and smbd to
do this. Jeremy, you may wish to look at what I've done as it probably
breaks the Whistle use of pidfiles. In particular I've removed the -f
option and instead smbd and nmbd always create a pidfile in the lock
directory.
(This used to be commit 20bb22d61b)
all I saw" - the book of Jeremy, chapter 1 :-).
So here is the mega-merge of the NTDOM branch server code.
It doesn't include the new client side pieces, we'll look
at that later.
This should give the same functionality, server wise, as
the NTDOM branch does, only merged into the main branch.
Any fixes to domain controler functionality should be
added to the main branch, not the NTDOM branch.
This code compiles without warnings on gcc2.8, but will
need further testing before we are sure all the working
functionality of the NTDOM server branch has been
correctly carried over.
I hereby declare the server side of the NTDOM branch
dead (and all who sail in her :-).
Jeremy.
(This used to be commit 118ba4d77a)
These are some hacks on SWAT. Maybe users will actually be able to
work out how to use it now.
Unfortunately these changes required some editing in loadparm.c and
smb.h which will make Jeremys merge job harder. Sorry!
(This used to be commit 674c88a6bf)
Kanji support is one case of multibyte character
support, rather than being a specific case in
single byte character support.
This allows us to add Big5 Chinese support (code page 950)
and Korean Hangul support (code page 949) at very little
cost. Also allows us to easily add future multibyte
code pages.
Makefile: Added codepages 949, 950 as we now support more multibyte
codepages.
asyncdns.c: Fixed problem with child being re-spawned when parent killed.
charcnv.c
charset.c
client.c
clitar.c
kanji.c
kanji.h
smb.h
util.c
loadparm.c: Generic multibyte codepage support (adding Big5 Chinese
and Korean Hangul).
nmbd.c: Fixed problem with child being re-spawned when parent killed.
mangle.c: Modified str_checksum so that first 15 characters have more
effect on outcome. This helps with short name mangling as
most 'long' names are still shorter than 15 chars (bug was
foobar_mng and foobar_sum would hash to the same value, with
the modified code they hash differently.
Jeremy.
(This used to be commit 299016338c)
indexes are changed between directory scans. This fix does what
NT4.x SP3 does in that it stops using resume keys and returns
zero instead. We now use the filename in findnext to continue
the search in the correct place (as NT does).
Jeremy.
(This used to be commit b813fb22c4)
only mode nmbd was not reporting WORKGROUP<0> and WORKGROUP<1e> names
to a unicast node status query (although it was registering these names
on the network). Also tidied up code in nmbd_mynames.c so that all
known IP addresses are registered in the unicast subnet in this case
rather than just the first, as was previously done.
Jeremy.
(This used to be commit eb71c5edcb)
to fix the fact that retransmit_or_expire_response_records() wasn't looking
at the WINS subnet.
server.c: Patch from jkf@soton.ac.uk to add %p (NIS server path) substitution.
smbpass.c: Fix to stop parsing failing on non-valid lines.
trans2.c: Fix for volume serial number code.
util.c: Patch from jkf@soton.ac.uk to add %p (NIS server path) substitution.
Fix for warnings under RH5. gcc 2.8.
Jeremy.
(This used to be commit e58ab3bbe6)
This is the checkin that fixes the infamous Visual C++ 'file
has changed' bug.
I feel *SO* good about that :-).
charset.c: Added (void) to fix Herb's fussy compiler.
loadparm.c: Removed "win95 bug compatibility" (didn't
like it much anyway :-). Added "dos filetime resolution"
instead.
reply.c: Added the 2 second timestamp resolution fix that the song above is about.
time.c: Removed unneeded get_access_time() function.
trans2.c : Removed unneeded "win95 bug compatibility" code.
Jeremy.
(This used to be commit 10d628e4ae)
loadparm.c: Added "win95 bug compatibility" parameter.
local.h: Replaced MAX_OPEN_FILES back to 100 from 10 (oops).
reply.c: Fixed ulogoff check against uid - changed to vuid.
server.c: Changed file struct save of uid - changed to vuid.
smb.h: Changed id in struct current_user to vuid.
Changed file struct uid to vuid.
time.c: Added "win95 bug compatibility" atime -> mtime return.
trans2.c: Added "win95 bug compatibility" fixes.
uid.c: Changed id in struct current_user to vuid - added checks
to set/reset it.
util.c: Added code to expand environment variables.
version.h : still at 1.9.18 (head branch doesn't matter too much at present).
Jeremy.
(This used to be commit adc903bcf5)
chgpasswd.c: Fixed typo in debug message.
includes.h: Fix include for aix.
kanji.c: Added cap_to_sj as inverse of sj_to_cap.
loadparm.c:
local.h:
password.c: Added code for "networkstation user login" parameter.
- patch from Rob Nielsen <ran@adc.com>.
printing.c: Added further aix printing fixes.
reply.c: Changed access time fetch to a function.
trans2.c: Changed access time fetch to a function.
time.c: Changed access time fetch to a function.
server.c: Made NT redirector workaround final.
util.c: Added debug for write_socket failing.
Jeremy.
(This used to be commit a031404623)
asyncdns.c: Fixes that went into 1.9.18p2 - allow unclocking of sigterm.
chgpasswd.c: char -> unsigned char fixes.
includes.h: AIX fix to get prototype for inet_ntoa.
local.h: Tune size of shared memory based on MAX_OPEN_FILES.
nmbd_mynames.c: Fix for nmbd repeated refresh bug.
nmbd_responserecordsdb.c: Fix for nmbd repeated refresh bug.
nmbd_winsserver.c: Fix for multi-homed registration optimisation.
smb.h: Moved default shared memory size to local.h
Jeremy.
(This used to be commit fa54668056)
This gets the minimum timestamp associated with a file.
reply.c and trans2.c then return this as the create
time. Designed to fix problems with VC++ and others.
Jeremy.
(This used to be commit e3d5f6196d)
from Max Khon <max@iclub.nsu.ru>.
chgpasswd.c: Allow old RAP change password to work with encrypted
passwords. Samba can now allow Windows 95/NT clients to securely
change the Lanman password ! (But not the NT hash - that gets lost).
ipc.c:
smbdes.c:
smbpass.c: Support for the above.
server.c: #ifdef'ed out fix for NT redirector bug.
util.c: Fix NIS bug with server name.
Jeremy.
(This used to be commit cd9fad92d0)
server.c: Test fix for NT worstation SMBmv oplock bug.
smbdes.c: Addition of 'forward' parameter in preparation of allowing
password change.
Jeremy.
(This used to be commit 0b0b1fb122)
smbmount: This is a stripped down smbclient that communicates with
the Linux 2.1.x kernel to supply authenticated smb connections for
smbfs mount points.
smbmnt/smbumount: setuid commands that do the actual smb mount system
call after having done the appropriate security checks
(This used to be commit ccbbc4e647)
Sending nmbd/smbd a SIGUSR1 will raise the debug level by one (capped at 10)
sending a SIGUSR2 will lower it (lower limit at zero).
Jeremy.
(This used to be commit 6a3cb6f4b4)
nmbd_incomingdgrams.c: Deal with announcements with servertype == 0 - these
are announcements that a machine is shutting down and must be treated differently.
nmbd_serverlistdb.c: Exposed remove_server_from_workgroup as external.
Added code to dump out workgroups on signal correctly.
nmbd_workgroupdb.c: Added new parameter to dump_workgroups call.
Jeremy.
(This used to be commit f7591109b9)
master browser to use the *<1b> feature of the Samba WINS server to
get a full workgroup list.
nmbd.c: Added timed call to collect_all_workgroup_names_from_wins_server().
nmbd_browsesync.c: Meat of the code to implement collect_all_workgroup_names_from_wins_server().
nmbd_incomingdgrams.c: Fixed comment typo.
Jeremy.
(This used to be commit 1a3ab3e84a)
clientgen.c:
clientutil.c:
clitar.c: Changed usage of receive_smb to new function client_receive_smb
except for one use of receive_smb in client.c. This is the
receive_smb used to discard packets received whilst in a
keyboard wait state.
util.c: Created new function client_receive_smb that ignores session
keepalives just as the old receive_smb used to do. Created
internal function read_smb_length_return_keepalive that is
used internally by the changed receive_smb call.
Changed read_smb_len to not use an internal buffer - it is
never called with a null buffer so such code is redundant.
Jeremy.
(This used to be commit 1084fb4682)
Also added code to stop old Samba servers that announce the workgroup
name as master browser name when they are a local master browser.
Jeremy.
(This used to be commit 3605da0557)
back into the main tree.
For the cvs logs of all the files starting nmbd_*.c, look
in the JRA_NMBD_REWRITE branch. That branch has now been
discontinued.
Jeremy.
(This used to be commit d80b0cb645)
reply.c: Changed reply_open_and_X to split out the oplock
request bits from core and extended and if an oplock was granted only set
the corresponding bit on reply.
server.c: Added code to dynamically allocate i/o buffers in oplock_break
(prevents recursion problems) , also made reset of sent_oplock_break
explicit.
Jeremy.
(This used to be commit 16e55ee2b8)
- fixed process_logon_packet() to always send the reply to/from the
correct netbios name (it should match the query)
- only do a NT style QUERYFORPDC if the query came in on a
NT_LOGON_MAILSLOT
Luke, can you check to see if these changes work in your branch with
NT logons?
(This used to be commit e89611985b)
added test in smbtorture for the server updating the directory modify
time when a file is added to a directory
cleanup in smbtorture so no garbage files are left on the server
(This used to be commit 3a5e07f1e9)
added support for choosing the protocol level in smbtorture (-m option)
use -1 for null date in cli_close()
get the attributes right in cli_open()
(This used to be commit d64d40a6ec)
with local message processing.
reply.c: Added check to reply_lockingX for chain after oplock break.
server.c: Added receive_next_smb().
trans2.c: Changed reply_trans2 to use receive_next_smb() to cope
with local message processing.
(This used to be commit f4ae644e13)
typecasting for the debug messages of the data dump. hm.
#ifdef NTDOMAIN
ntclient.c rpc_pipes/lsaparse.c rpc_pipes/ntclientnet.c rpc_pipes/smbparse.c :
adding "Net Server Password Set" functionality to smbclient.
#endif
(This used to be commit ad43183d2d)
separated out smb server-mode password validation into a separate file.
added called and calling netbios names to client gen state: referenced
section in rfc1002.txt.
created workstation trust account checking code in ntclient.c
there might be a bug in reply_session_setup_andX. i indented and added { }
around single-line if statements: the lm password checking code now doesn't
look right (around the GUEST_SESSSETUP bits). *no code semantics have been
changed by the indentation process*.
(This used to be commit f27966957f)
are ones that I know Samba fails. They are:
1) correct support for retaining locks over a close (ie. the server
must not use posix semantics)
2) support for lock timeouts
3) the server supports multiple locking contexts on the one SMB
connection, distinguished by PID.
4) the server correctly fails overlapping locks made by the same PID (this
goes against POSIX behaviour, which is why it is tricky to implement)
5) the server denies unlock requests by an incorrect client PID
I've been discussing with Jeremy ways that we can re-implement the
locking code to handle these correctly. This test code will be useful
to see that we have got it right.
(This used to be commit 097781e299)
chris' computer (probably about four minutes) meant that chris' commits
didn't get downloaded when i did a cvs update.
therefore, i did a cvs update; make proto; cvs commit, and still got problems.
so, five minutes later, i do a cvs update, and _then_ chris' server.c and
mangle.c mods get downloaded, and i have to do another make proto.
this particular problem has hit us *really* badly in the past, because i
was taking files home (onto a portable that i hadn't reset the time on
since i went to the states) and then recopying them back onto the computer
here. if i do this, i do a touch *.c *.h; cvs -t update. *then* a cvs commit.
(This used to be commit edb9c52948)
added a #define around the alignment thing: it's a way to stop
NetMonitor from decoding your packets!!!!
proto.h :
usual.
reply.c :
added what i believe to be the correct error messages for getting
correct domain joining.
smb.h :
some guesses at good names of the SAMR_XXXX functions. sorting
out the SAMR_LOOKUP_RIDS function. this is *not* the same as
the LSA_LOOKUP_RIDS function, unless paul accidentally put it
on the ntlsa pipe by mistake, instead of the samr pipe :-)
rpc_pipes/lsa_hnd.c rpc_pipes/pipe_hnd.c :
moved creation and allocation of unique policy handles into this module.
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c rpc_pipes/smbparse.c :
SAMR_LOOKUP_RIDS is beginning to look _suspiciously_ like the
LSA_LOOKUP_RIDS function. but i know that there are subtle
discrepancies.
(This used to be commit 6bc07b0b41)
mangle.c server.c proto.h
mangle.c
I am planning to replace the mangled_stack array with a proper stack,
but found many style inconsistencies (no, really). As you might expect,
I have standardized on my own preferences. ;)
I also found a potential problem in create_mangled_stack (which I've
renamed as reset_mangled_stack). If the stack size were passed into
the function as 0 or less, there was the possibility that the array
would have been freed twice. I doubt that this ever happens, but I
don't like to leave holes.
Of course, the fix will be irrelevent once I replace the array with
a linked-list-based stack.
server.c
Changed the call to create_mangled_stack() to a call to reset_mangled_stack().
proto.h
Regenerated to match the above changes. (A real comment! How unusual!)
(This used to be commit 34d1b3e4fa)
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
(This used to be commit 1bd084b3e6)
loadparm.c : to equivalent to version 1.67
reply.c : to equivalent to version 1.69
server.c : to equivalent to version 1.122
util.c : to equivalent to version 1.98
to remove the incorrect changes.
proto.h: The usual.
rpc_pipes/smbparse.c : Backeting stuff that SHOULD NOT BE IN THE
none-NTDOMAIN build !
Jeremy.
(This used to be commit 6064c9d80f)
like it, has *not* been added.
this is the client and server side of the SAM Logon NT and LM OWF password
obfuscation (rc4 with the long-term session key).
(This used to be commit 4cf4dd6967)
'<' and '|' characters indicate read file and execute command respectively,
and feed the output into the parameter (!!!).
'<$' and '|$' means run standard_sub_basic() on them.
this is going to be fun to document in smb.conf.5....
also, Christian created a new "online" service parameter. services can
be taken "off-line"....
(This used to be commit 15f44d2891)
added "domain hosts allow" and "domain hosts deny". these are to be
used to specify which workstations can log in to a samba PDC from.
it is also used to check whether to add an initial machine password
into the smbpasswd database or not
smbpass.c :
added capability to add a machine password to the smbpasswd database.
***** the default uid is zero *****
rpc_pipes/pipenetlog.c :
use of "domain hosts allow/deny" parameters to allow login access.
proto.h :
usual.
(This used to be commit 2e7d341030)
rpc_pipes/ntclientlsa.c rpc_pipes/ntclientnet.c
rpc_pipes/ntclientpipe.c :
added extra argument to cli_call_api() to allow specifying the length of
the \PIPE\ name. it appears that, like when the name of the pipe is NULL
and OS-2 requires two extra bytes _after_ the NULL name, that NT requires
two bytes after the NULL-terminated name "\PIPE\". these two bytes vary,
but values seen so far are: 0x72 0x70; 0x63 0x65; 0x44 0x65; 0x4E 0x00.
there appears not to be much logic to this. purpose unknown.
ntclient.c:
put Set Named Pipe Handle State call directly after SMBopenX call.
(This used to be commit 54c245be15)
simply adding pipes.o to SMBDOBJ3.
rpc_pipes/pipe_hnd.c :
created pipe handles module.
pipes.c server.c :
use of pipe_hnd functions in SMBopenX and SMBclose, on the IPC$ pipe.
(This used to be commit ada256b5e3)
don't know how to sort them.
make proto in each library directory. over-ride the make proto for ubiqx,
so that it doesn't happen, but throws up a warning instead.
(This used to be commit 93df2c62cc)
which are pipes on the IPC$ connection.
created mechanism to record pipe names in a separate pipes_struct. it
is planned to expand this, to return sensible things like interface
structures, and policy handles (RPC_IFACE and LSA_POL_HND). and the like.
(This used to be commit 33cce5fac0)
response to Bind Acknowledgment needs a lookup table for the PIPE string
(secondary address in RPC_HDR_BA structure).
smbparse.c util.c :
interesting problem, i think caused by us typecasting a uint16* buffer
to char*. found on a SPARC.
(This used to be commit 420408ee83)
and made it private to the 2 shmem implementations. Added new
shmops->hash_size() function.
Added code to handle the IPC system limits by looping decreasing the
size of the resources (semaphores and shared memory) that we request
until we get under the system limits, which can be quite low on some
systems!
Added checks that the creator of the IPC objects is root. Otherwise we
would be open to a security hole where someone pre-creates the shared
memory segment and attaches.
(This used to be commit 6b6f624b63)
added mode for printing debug array data as chars not uint8/16/32s.
only really useful for (uint8) strings or (uint16) unicode strings
lsaparse.c smbparse.c smb.h :
rpc bind and rpc bind ack structures and parsing and creation functions.
ipc.c pipes.c pipenetlog.c pipentlsa.c pipesrvsvc.c :
using rpc bind / bind ack parsing routines instead of incorrect use of
api_LsarpcTNP1 function.
ntclient.c :
creation of do_rpc_bind() function.
THAT'S IT, FOLKS!
(This used to be commit 21c89e2f17)
New program, make_printerdef, plus two new parameters :
[global] "printer driver file"
[local] "printer driver location"
Jeremy.
(This used to be commit 9a5b42e6b3)
added bind and bind ack structures and parsing functions. restructured
rpc header stuff.
ntclient.c pipenetlog.c pipentlsa.c pipesrvsvc.c :
having to deal with restructuring above.
(This used to be commit 9f2c4f1fee)
It will try sysv IPC first, then if that fails it will try mmap(),
then after that it will try share files.
I have defined USE_SYSV_IPC for Linux, Solaris and HPUX at the
moment. Probably a lot more could have it defined. In fact, the vast
majority of systems support it. Need autoconf again :-)
It should actually be faster than the mmap() version, and doesn't need
any lock files. This means the problem of the share mem file being on
a NFS drive will be gone.
(This used to be commit cc8fe0f062)
updated Query Info Policy to report domain name and domain sid for info levels
3 and 5.
fixed bug in dom_sid_to_string (idauths decoded wrong). fixed bug in DOM_SID:
subauths are 32 bit not 16.
(This used to be commit 2f3cca23e2)
fixed a problem with byte ordering (doing an SIVAL of the setup parameters
which was _also_ being done in the creation of the SMB header. oops).
(This used to be commit 541fb82895)
0644. smbstatus now gets only read permission on the share files and
does no locking.
also get rid of some unnecessary umask(0) calls. smbd always runs with
umask(0)
(This used to be commit c6ac10170d)
Q/R LSA_REQ_CHAL; Q/R LSA_AUTH2; Q/R LSA_SAMLOGON; Q/R LSA_SAMLOGOFF.
the last (non-essential right now) bit is the LSA_SRV_PWSET.
the next stage is to do LSA_OPENPOLICY; add the pipe binds (missing right
now); then we can test against an NT Server.
(This used to be commit 0a549e62fb)
code, which means we don't have to link with a fake getpass routine
and we don't have a whole pile of global variables that really have
nothing to do with nmbd and were there to keep the client code happy.
The code should function identically to what it did before (hopefully
it was correct)
The only thing that now uses the horrible clientutil.c code is
smbclient.
(This used to be commit 4bf5c03b18)
adding bits for new nt domain code
byteorder.h :
trying to get macros right, and not to crash on SUNOS5...
client.c :
added #ifdef NTDOMAIN, and created do_nt_login() function. don't
want to have to recompile client.c unless absolutely necessary.
credentials.c :
moved deal_with_creds() [possibly inappropriately] into credentials.c
ipc.c reply.c server.c uid.c :
attempting to make (un)become_root() functions calleable from smbclient.
this is a little tricky: smbclient might have to be another setuid
root program, immediately setuid'ing to non-root, so that we can
reset-uid to root to get at the smbpasswd file. or, have a secure
pipe mechanism to smbd to grab smbpasswd entries. or the like.
smbdes.c smbencrypt.c :
created a function to generate lm and nt owf hashes.
lsaparse.c ntclient.c smbparse.c :
added nt client LSA_AUTH2 code. it works, too!
pipenetlog.c pipentlsa.c pipesrvsvc.c :
simplification. code-shuffling. getting that damn offset right
for the opcode in RPC_HDR.
smb.h :
changed dcinfo xxx_creds to DOM_CRED structures instead of DOM_CHAL.
we might need to store the server times as well.
proto.h :
the usual.
(This used to be commit 82436a3d99)
added a structure that wraps nt errors as strings and enums, so we
can do a smb_nt_error() function.
Makefile ntclient.c :
added ntclient.c, broken out nt domain stuff into a separate file.
getting fed up of compile-times and size of client.c.
fixed the do_lsa_req_chal() function. made it read the response,
and return the challenge credentials received from the server.
next stop: do_lsa_auth_2().
client.c :
removed nt domain logon functions into a separate file.
pipenetlog.c pipentlsa.c pipesrvsvc.c smbparse.c :
i'd broken the offsets of the RPC_HDR while trying to sort out the
nt client code. fixed it again. added some robustness stuff.
util.c :
the unistrn2() function was null-terminating the string at one
character too many.
(This used to be commit 39cec7f698)
Main change is removal of find_name_search() confusion.
This has been replaced with find_name_on_subnet() which
makes it explicit what is being searched.
Also changed wins_subnet to be wins_client_subnet in
preparation for splitting the wins subnet into client
and server pieces.
This is a big nmbd change and I'd appreciate any
bug reports.
Specific changes follow :
asyncdns.c:
Removed wins entry from add_netbios_entry(). This is now
explicit in the subnet_record parameter.
interface.c:
iface_bcast(), iface_nmask(), iface_ip() return the
default interface if none can be found. Made this
behavior explicit - some code in nmbd incorrectly
depended upon this (reply_name_status() for instance).
nameannounce.c:
find_name_search changes to find_name_on_subnet.
namebrowse.c:
wins_subnet renamed to wins_client_subnet.
namedbname.c:
find_name_search removed. find_name_on_subnet added.
add_netbios_entry - wins parameter removed.
namedbsubnet.c:
find_req_subnet removed - not explicit enough.
nameelect.c:
wins_subnet renamed to wins_client_subnet.
namepacket.c:
listening() simplified.
nameresp.c:
wins_subnet renamed to wins_client_subnet.
nameserv.c:
find_name_search moved to find_name_on_subnet.
nameserv.h:
FIND_XXX -> changed to FIND_SELF_NAME, FIND_ANY_NAME.
nameservreply.c:
find_name_search moved to find_name_on_subnet.
Debug entries changed.
nameservresp.c:
wins_subnet renamed to wins_client_subnet.
namework.c:
wins_subnet renamed to wins_client_subnet.
nmbd.c:
wins parameter removed from add_netbios_entry.
nmbsync:
wins_subnet renamed to wins_client_subnet.
proto.h: The usual.
server.c:
remove accepted fd from fd_set.
Jeremy (jallison@whistle.com)
(This used to be commit 2c97b33fc0)
trying to set up the data parameters etc and not understanding what's going on.
in api_netlogTNP, added smb_io_rpc_hdr() call to decode the header received
(and in this instance, generated by do_lsa_req_chal()). and then noticed
that it's two bytes out. but i don't know how to do "byte parameters"
and it's not the same format as the LSA_REQCHAL received from nt workstations.
agh!
(This used to be commit 0cc8ce43e1)
adding start of undocumented options to do NT domain logons, client-side.
starting with LSA_REQCHAL.
the code here happily crashes smbd: i'll investigate this further... :-)
smbparse.c pipeutil.c lsaparse.c :
moved some of the common make_xxxx() functions out of pipeutil.c
so that the make_xxxx and (smb/lsa)_io_xxxx functions now sit
together. makes sense, really...
added a make_q_req_chal() function.
restructured make_rpc_reply() and called it make_rpc_hdr(). created
functions create_rpc_reply() and create_rpc_response().
pipenetlog.c pipentlsa.c pipesrvsvc.c
calling new create_rpc_reply() function instead of old make_rpc_reply().
proto.h :
usual.
smb.h:
added enum for RPC_PACKET_TYPE
(This used to be commit b88ee3e16c)
redid the split that i did a year ago, taking the functions in client.c
out into clientutil.c. guess what? we could now do encrypted password
NetServerEnum2 calls in nmbd, if we wanted to.
i can now use cli_call_api() to send to different pipes. i hope.
pipenetlog.c:
allow adding to users group _and_ to admin group. if adding to
guest group, don't allow adding to users or admin as well.
smb.h :
added some pipe #defines (\PIPE\NETLOGON \PIPE\srvsvc ...)
proto.h :
usual.
(This used to be commit 6ee065ce6e)
added "domain other sids" parameter
pipenetlog.c :
using "domain other sids" parameter in SAM Logon response.
using new name_to_rid() function for r_uid and r_gid.
pipentlsa.c :
minor mods to do with new name_to_rid() function.
pipesrvsvc.c :
in the "net share enum" response, allocate some more space for the buffer.
there can be only 32 share entries in the response anyway. this needs
to be dealt with.
pipeutil.c :
modified name_to_rid() function to use new parameters "domain admin users"
and "domain guest users", but will otherwise do unix uid + 1000.
moved make_dom_gids() here.
proto.h:
the usual.
smb.h smbparse.c :
renamed sid_no to sid_rev_num in DOM_SID, and gid to r_gid in DOM_GID.
util.c :
moved make_dom_gids() from here.
created char *unistrn2(uint16* uni_buffer, int max_len)
(This used to be commit ec60e48d79)
added "domain admin users" parameter
added "domain guest users" parameter
these two complement the "domain groups" parameter. the "domain groups"
parameter should be for your own groups, and well-known aliases.
util.c :
added ability to do "domain groups = power_users admin_users backup_ops"
which are well-known RID aliases, not well-known RID groups.
pipenetlog.c :
combine the "domain admin users"; "domain guest users" and "domain groups"
parameters to give an array of RID groups to include in the SAM Logon
response.
ipc.c smb.h :
moved REALLOC() into smb.h
added RID #defines.
proto.h:
usual.
(This used to be commit f2554f231d)
'dos filetimes' parameter for UTIME fix.
locking_shm.c: Fixed typo (sorry Andrew :-).
namepacket.c: Changed lp_interfaces_only() to lp_bind_interfaces_only().
proto.h: The usual.
reply.c: Made filetime calls use new file_utime call (wrapper for sys_utime).
server.c: Made filetime calls use new file_utime call (wrapper for sys_utime).
system.c: Added Andrew's sanity checks to times in sys_utime().
time.c: Moved set_filetime() to server.c. Made null_mtime()global.
trans2.c: Made filetime calls use new file_utime call (wrapper for sys_utime).
Jeremy (jallison@whistle.com)
(This used to be commit 41a1d81c11)
added automount_server() function which, if -DAUTOMOUNT is in use,
returns the server name of the NIS auto.map entry. otherwise,
it returns local_server.
added use of automount_server() for a new substitution %N for NIS
home server. this defaults, via automount_server(), to the same
functionality as %L if -DAUTOMOUNT is not used.
removed vuser->home_share. moved code that grabbed the servername
into the separate function automount_server().
loadparm.c :
created "logon drive" (default of "")
created "logon home" (default of "\\%N\%U")
changed default of "logon path" from NULL to "\\%N\%U\profile".
ipc.c pipenetlog.c :
use lp_logon_drive(), lp_logon_home() and lp_logon_path() in their
now easier-to-use form (don't have to check if *lp_logon_path() and
manually substitute a default of \\%L\%U and do a standard_sub_basic()
on the result, because the default automatically does this.
(This used to be commit c6c28a4c3c)
The shares modes code is now split into separate files. The shared
memory implementation is in locking_shm.c. The slow implementation is
in locking_slow.c
It is all controlled by a struct share_ops structure that has function
pointers to the implementation of all the functions needed by a share
modes implementation. An initialisation function sets up this
structure. This will make adding new implementations easy and clean.
This also allowed me to get rid of the ugly code in smbstatus. Now
status.c links to the locking code and calls methods in share_ops.
I also renamed some things and generally organised things in a much
cleaner fashion. Defines and structures specific to each
implementation have been moved to the appropriate file and out of
smb.h.
(This used to be commit 65ab9adaa0)
added srvparse.o and pipesrvsvc.o
smb.h :
mods to the Net Share Enum stuff
srvparse.c :
Net Share Enum parsing support. more srvsvc pipe parsing to go here...
pipenetlog.c util.c:
modified standard_sub_basic() so that you can set a global boolean
and use a different string for the %U username substitution.
proto.h:
the usual.
(This used to be commit 22b86b6499)
interface.c: Added is_local_net().
locking.c: Added Fix for zero length share files from Gerald Werner <wernerg@mfldclin.edu>
plus a race condition fix for the fix.
nameannounce.c: Made function static.
namedbresp.c: extern int ClientDGRAM removed - not used.
namedbserver.c: extern int ClientDGRAM removed - not used.
namedbsubnet.c: Added code to make sockets per subnet.
namepacket.c: Added code to read from all sockets & filter.
nameresp.c: extern int ClientDGRAM removed - not used.
nameserv.c: Indentation tidyup :-).
nameserv.h: Added sockets to struct subnet.
nameservresp.c: Improved debug message.
nmbd.c: Changed to terminte on listen_for_packets exiting.
nmbsync.c: extern int ClientDGRAM & ClientNMB removed - not used.
proto.h: The usual.
util.c: Fixed debug message.
Jeremy (jallison@whistle.com)
(This used to be commit 6904c2de08)
locking.c: Adding Andrews become_root code to the main branch.
pipes.c: Fixing the close_file issue.
proto.h: The usual.
reply.c: Move smb_pass into NTDOMAIN defined code. Fixing the close_file issue.
server.c: Fixing the close_file issue.
trans2.c: Fixing the close_file issue.
uid.c: Adding Andrews become_root code to the main branch.
Jeremy (jallison@whistle.com)
(This used to be commit 16fd4337f7)
whoops, the SAM Logon structure was wrong. updated this, and
cifsntdomain.txt. more debug info in pipenetlog.c. the crash
is somewhere around deal_with_credentials().
byteorder.h :
put in uint8, uint16 and uint32 typecasts around debug info, because
sign extending was resulting in ffffffe8 being displayed instead of e8.
credentials.c :
some debugging info, because i'm tracking a coredump. without gdb.
nothing like making things difficult.
reply.c :
whoops, missed this (important) bit from paul's code, which tells
the NT workstation that the MACHINE$ entry doesn't already exist,
and we're going to create a default entry with a password "machine"
right now.
proto.h:
the usual.
(This used to be commit ed606bc7d4)
ipc.c :
removed srvsvc pipe reference: have to do that.
pipes.c lsaparse.c smbparse.c :
more debugging info. looks a bit like netmon output.
(This used to be commit e02aa88e25)
debugging info. found that data = NULL because of short packet length
indicated from the ntlsaRPC pipe _royally_ stuffs NT's packet handling.
maybe this should go down as a service denial bug to the ntbugtraq list.
pipes.c lsaparse.c smbparse.c :
added more debug stuff. added length of header to data_len in MSRPC
fragment_length field (0x18 bytes short) which caused the above bug
from NT 4.0. oops.
(This used to be commit a6f8de6815)
added NTLOGON. (fixed the case 0:)
namepacket.c:
call to NTLOGON mailslot
nameserv.h
defines for NETLOGON and NTLOGON mailslot
util.c:
added andrew's dump_data() function.
(This used to be commit 1eaad1c994)
#if NTDOMAIN
call to api_netlogRPC
#endif
lsaparse.c :
renamed lsa_io_q_auth2 to lsa_io_q_auth_2.
pipes.c :
added api_lsa_reply_auth_2() and api_netlogRPC.
proto.h :
the usual.
(This used to be commit e2e1979b62)
added credentials.c to smbd
credentials.c:
using credential structures instead of char*
password.c uid.c server.c:
added sid and attr to user_struct.
smbdes.c:
smbhash and str_to_key make public instead of private.
pipes.c smb.h:
lsa structures, sub-functions.
proto.h:
usual.
(This used to be commit 87a0a94485)
use UTIME structure (defined and commented in smb.h to be time, secs,
since 01jan1970)
pipes.c:
another sub-function.
util.c:
added char *unistr2(uint16 *buff) function. same as unistr except
it takes uint16* instead of char*.
smbparse.c smb.h:
more structure sorting.
proto.h:
the usual.
(This used to be commit 72a86f514f)
added lp_domainsid()
lsaparse.c smb.h:
debugging structures and parsing functions
pipes.c:
finally got to the functions that will go into the RPC switch statement.
(This used to be commit d15aed8a9c)
locking.c: Removed USE_OPLOCKS - now the default.
params.c: Removed unused variable.
proto.h: Updated.
reply.c: Removed USE_OPLOCKS - now the default.
server.c: Removed USE_OPLOCKS - now the default.
smb.h: Removed USE_OPLOCKS - now the default.
smbparse.c: Changed shadowed variable.
status.c: Removed USE_OPLOCKS - now the default.
util.c: Removed USE_OPLOCKS - now the default.
Jeremy (jallison@whistle.com)
(This used to be commit b93509846d)
- recreated, as usual.
smb.h:
- added RPC_HDR structure - the 18 byte MSRPC header
smbparse.c:
- added smb_io_rpc_hdr() function to read/write the RPC_HDR structure.
util.c:
- added align2, align4, align_offset functions.
- added skip_unicode_string, unistrcpy, unistrncpy functions.
- modified unistrcpy and unistrncpy to return the number of unicode
characters returned, effectively making skip_unicode_string redundant.
(This used to be commit b0ad811cda)
server.c: Updated after netbench observation. Oplocks must be
broken *before* share modes are checked, not after. Netbench seems
to be working now.
smb.h: Added offsets for oplock break time fields.
trans2.c: Upped debug messages.
util.c: Upped debug messages.
Jeremy (jallison@whistle.com)
(This used to be commit bc4b70c566)
setting applies to all shares regardless of any settings on other
shares. This allows us to immediately drop a connection if it does not
come from a allowed host, without even parsing the first SMB
packet. The next time we get a nasty security hole we can offer people
the option of just setting their hosts allow line.
If we drop a connection in this way we generate a "Not listening for
calling name" response and then exit.
add a per share "oplocks" option in smb.conf. I think its important to
be able to disable oplocks on a per-share basis as there are occasions
then they are definately not wanted, for example when sharing data
between a windows box and a unix application. This also allows us to
tell people "try disabling oplocks" when diagnosing problems.
fix a bug in process_smb(). It was taking the length of the packet
from outbuf, not inbuf (this bug was introduced with the oplocks
code). Jeremy, I assume this wasn't deliberate?
(This used to be commit 44bc9f239a)
Yipeee. At least as far as I can check in a short time :-).
local.h: Changed OPLOCK_BREAK_TIMEOUT to 30 seconds.
locking.c: Big changes to delete oplocks on a share mode entry.
proto.h: updated.
reply.c: Added oplock break code in lockingX reply & readbraw reply.
server.c: Add batch oplock code. Force server shutdown if client fails
to respond to oplock break.
smb.h: Fix silly slow share mode oplock define bug.
status.c: Add oplock status info.
Jeremy (jallison@whistle.com)
(This used to be commit 4c83d37239)
