IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
sharing between machines with rsync.
Finally removed tdb_store_int/tdb_fetch_int.
Now only tdb_store_int32/tdb_fetch_int32 which are endian independent
are allowed.
Jeremy.
(This used to be commit 1c4a00dcc1)
processing work correctly in winbindd. This is a really good patch
that gives full select semantics to the Samba modified select.
Jeremy.
(This used to be commit 3af16ade17)
Changed the way the wins record are handled in memory. Now they are living
much longer with the different states: active, released and tombstone.
Also added a version ID, some wins flags and the wins owner ip address to
the namrec->data struct, and a function to process messages sent by the
wins replication daemon.
the initiate_wins_processing() function is not correct, I'll fix it later.
J.F.
(This used to be commit b902e087d0)
in smbd/process.c where the timezone is reinitialised. Was replaced with
check for a static is_initialised boolean.
(This used to be commit 8fc772c9e5)
replacemnt of stdio that doesn't suffer from the 8-bit filedescriptor
limit that we hit with nasty consequences on some systems
I would eventually prefer us to have a configure test to see if we need
to replace stdio, but for now this code needs to be tested widely so
I'm enabling it by default.
(This used to be commit 1af8bf34f1)
nmbd now calls wins_srv_count(). This returns the number of WINS servers
specified in the 'wins server' parameter. The return value will be zero if
'wins server' is not specified.
Quick change to make room for WINS failover.
(This used to be commit 0777ebc04b)
trees. This change simply brings HEAD and 2.2 in line with one another.
Otherwise the code would be differnt but the meaning would be the same,
which is awkward.
Chris 'fifty-seven commits per line changed' Hertel -)-----
(This used to be commit bbf14e2d4e)
debug block that reports multiple query responses I did not notice that
the local answer_ip variable was only selectively set.
Chris -)-----
(This used to be commit 22ea0770d8)
This commit gets rid of all our old codepage handling and replaces it with
iconv. All internal strings in Samba are now in "unix" charset, which may
be multi-byte. See internals.doc and my posting to samba-technical for
a more complete explanation.
(This used to be commit debb471267)
people are reporting regarding multiple responses to queries on <1D> names.
There should only ever be one LMB but some users are seeing multiple replies
to queries for the LMB name. This is probably due to nodes on the LAN that
have NetBIOS over NetBEUI and/or IPX enabled. Previously, the debug message
did not include the IP address associated with the name. It *did* include
the source address of the packet, but in the examples I've seen all of these
were the same, eg:
[2000/06/22 11:58:25, 0] nmbd/nmbd_namequery.c:query_name_response(93)
query_name_response: Multiple (2) responses received for a query on subnet
129.130.10.136 for name NT.CIS.KSU.EDU<1d>. This response was from IP
129.130.10.24
[2000/06/22 11:58:25, 0] nmbd/nmbd_namequery.c:query_name_response(93)
query_name_response: Multiple (3) responses received for a query on subnet
129.130.10.136 for name NT.CIS.KSU.EDU<1d>. This response was from IP
129.130.10.24
[2000/06/22 11:58:25, 0] nmbd/nmbd_namequery.c:query_name_response(93)
query_name_response: Multiple (4) responses received for a query on subnet
129.130.10.136 for name NT.CIS.KSU.EDU<1d>. This response was from IP
129.130.10.24
[2000/06/22 11:58:25, 0] nmbd/nmbd_namequery.c:query_name_response(93)
query_name_response: Multiple (5) responses received for a query on subnet
129.130.10.136 for name NT.CIS.KSU.EDU<1d>. This response was from IP
129.130.10.24
Note that all of the above are reported as having come from 129.130.10.24.
This should never happen. If 129.130.10.24 is a WINS server it should
send a Negative Name Query Response for a <1D> name query (wierd but true).
So, are all of the above coming from different systems, all of which
think are the LMB? Are they all coming from one system that is, for some
strange reason, replying five times to the same query?
Anyway, I needed more info so I've changed the debug messages.
Chris -)-----
(This used to be commit 8f2f09af0a)
this allows users to disable the cross-subnet browse extensions that I
added to Samba a couple of years ago. This may be useful for getting
rid of empty workgroups.
(This used to be commit 978980050e)
of nmb so we write to same log file that
was originally created as log.nmbd
samba/source/smbd/server.c change remote_machine name to smbd instead
of smb so we write to same log file that
was originally created as log.smbd
samba/source/lib/interface.c allow binding to all interface IP addresses
even if on same subnet. This allows you to
specify which IP's you want in interfaces
line and use bind interfaces only
(This used to be commit 01dfd59712)
source/smbd/server.c
source/nmbd/nmbd.c
- Fixed a very subtle bug with signals. Seems that POSIX requires
that the signal mask be inhereted. So, if you happen to kick off
smbd/nmbd from code that has the mask set on SIGUSR1, you lose
messages.
(This used to be commit b4c98196fc)
the DGRAM_PORT, since we want to actually send those to other ports.
They might be for the client library running on the Samba server!
(This used to be commit 05e2dd5e85)
easier to add new message types to messages.h without breaking old
binaries
- added a MSG_FORCE_ELECTION message to force nmbd to hold an election
(This used to be commit f1c49ca7ce)
The motivation for this system is to replace the UDP message for
oplocks, but this commit only does the "set debug level" message.
(This used to be commit 2a34ee95f3)
string), the wins_srv module now hands back a struct in_addr when it's
called. It caches the IP address once it has been looked up. The IP
is cleared (and must be looked up again) if the 'wins server' parameter
is reread, or if the node is marked 'dead'. A dead node will not be
re-tried for 10 minutes (per a #define in wins_srv.c).
As it was, the code was reading the WINS server name or IP directly from
lp_wins_server. That's okay, except that if the value was expressed as
a name, then a DNS lookup would be done every time the client wanted to
talk to the server.
I still need to work out the implications of failover regarding the
'unicast subnet' list.
Chris -)-----
(This used to be commit 73aa188320)
*Note: failover doesn't actually work yet!* It's just that the code I'm
adding provides all of the pieces necessary.
I do have one big question. Something that I'll have to ask Jeremy, I'm
thinkin'. In nmbd/nmbd_subnetdb.c the IP of the WINS server is used to
set up the Unicast subnet.
...so what happens if the WINS server changes?
My guess is either:
a) nothing.
b) I'd have to change the unicast subnet entry whenever the WINS server
changes.
Urq.
BTW, the lp_wins_server() function no longer returns the WINS server name
or IP. It returns the list of WINS servers entered in smb.conf. To get
the currently 'live' WINS server, use the wins_srv() function.
Fun, eh?
Chris -)-----
(This used to be commit cc08bdc74f)
I had to modify sys_select() to not loop on EINTR. I added a wrapper
called sys_select_intr() which gives the old behaviour.
(This used to be commit b28cc4163b)
new open mechanism Andrew & I discussed.
config.sub:
configure: Included the QNX patch.
include/vfs.h:
smbd/vfs-wrap.c:
smbd/vfs.c: Added ftruncate vfs call (needed).
Note that we will also need locking calls in the vfs (to be added).
lib/util_unistr.c:
nmbd/nmbd_processlogon.c: Fix for NT domain logons causing nmbd to core dump.
Also fix for sidsize DOS bug.
locking/locking.c: Check value of ret before using it for memdup.
printing/printing.c: Convert print_fsp_open to return an allocated fsp.
rpc_server/srv_lsa.c: Fix for NT domain logons.
I have removed all use of lp_share_modes() from the code (although I
left the parameter in the table for backwards compatibility). It no longer makes
sense for this to exist.
smbd/close.c: Removed lp_share_modes().
smbd/fileio.c: Fixed parameters to unlock_share_entry call in panic code.
smbd/files.c: Correctly set the unix_ERR_code to ERRnofids on fsp allocation fail.
smbd/nttrans.c:
smbd/reply.c:
smbd/trans2.c: Changed all occurrences of open_file_shared/open_directory/
open_file_stat to return an fsp from the call.
smbd/open.c: Changed all occurrences of open_file_shared/open_directory/
open_file_stat to return an fsp from the call.
In addition I have fixed a long standing race condition in the deny mode
processing w.r.t. two smbd's creating a file. Andrew, please note that
your original idea of using open with O_EXCL in this case would not work
(I went over the races very carefully) and so we must re-check deny modes
*after* the open() call returns. This is because there is a race between
the open with O_EXCL and the lock of the share mode entry. Imagine the
case where the first smbd does the open with O_EXCL and a deny mode of DENY_ALL,
but is pre-empted before it locks the share modes and creates the deny
mode entry for DENY_ALL. A second smbd could then come in with O_RDONLY
and a deny mode of DENY_NONE and the two opens would be allowed.
The *only* way to fix this race is to lock the share modes after the
open and then do the deny mode checks *after* this lock in the case
where the file did not originally exist.
This code will need extensive testing but seems to initially work.
Jeremy.
(This used to be commit ab0ecc39d6)
advance over it and 4-byte align.
this _used_ to be "regardless of domainsidsize, advance by domainsidsize+3"
which is wrong.
(This used to be commit 5086e6425f)
include/includes.h: Added SMB_BIG_UINT_BITS.
lib/util.c: Removed align2/align4 - use macros.
libsmb/namequery.c: Use ALIGN2.
locking/locking.c: Replace do_lock, do_unlock, args with SMB_BIG_UINT, not SMB_OFF_T.
Needed to move to hiding POSIX locks at a lower layer.
nmbd/nmbd_processlogon.c: Use ALIGN2/ALIGN4 macros.
smbd/blocking.c: Replace do_lock, do_unlock, args with SMB_BIG_UINT, not SMB_OFF_T.
smbd/reply.c: Replace do_lock, do_unlock, args with SMB_BIG_UINT, not SMB_OFF_T.
Jeremy.
(This used to be commit 491eea8a20)
assumption that we have one socket everywhere
while doing so I discovered a few bugs!
1) the clientgen session retarget code if used from smbd or nmbd would
cause a crash as it called close_sockets() which closed our main
socket! fixed by removing close_sockets() completely - it is unnecessary
2) the caching in client_addr() and client_name() was bogus - it could
easily get fooled and give the wrong result. fixed.
3) the retarget could could recurse, allowing an easy denial of
service attack on nmbd. fixed.
(This used to be commit 5937ab14d2)
explicitly adds 127.0.0.1 to the interfaces line for smbd, then nmbd would
start to try and register names on it. This was not good :-(.
Jeremy.
(This used to be commit cc3ad82521)
the previous definition could result is us overflowing a buffer. The
null termination was always added yet the size returned did not
include the null termination.
the new function takes a BOOL null_terminate, and always returns the
total number of bytes consumed by the string.
(This used to be commit 426c904333)
nmbd. It does NOT follow the rule that packets to the wins server have
rec_des set (I know that we have postulated this in the past). Please
don't screw with this unless you do careful testing from WinXX
clients.
Luke and I spent a couple of hours today getting this right (it was
wrong in both TNG and HEAD)
(This used to be commit 9eda2e27b7)
multihomed registration we were sending the packet to the wrong host!
We sent it to the person trying to register rather than to the person
who currently holds the name. That means we were not secure and we
could allow two people to register the same name.
Jeremy, you may wish to merge this change into 2.0.X
(This used to be commit 94ca1d1250)
nmbd/nmbd_processlogon.c: Use "True" and "False" instead of 1 and 0.
Others - preparing for multiple pdu write code.
Jeremy.
(This used to be commit 9f879ec396)
array of pointers. This should cause alignment on a correct boundary..
Spotted by Darren Reed <darrenr@telnetmedia.com>.
Jeremy.
(This used to be commit 91f4d06753)
This fixes our netbios scope handling. We now have a 'netbios scope' option
in smb.conf and the scope option is removed from make_nmb_name()
this was prompted by a bug in our PDC finding code where it didn't append
the scope to the query of the '*' name.
(This used to be commit b563be824b)
lp_string() bug properly.
we still need to add lp_talloc_free() calls in all the main event
loops, I've only put it in smbd and nmbd thus far.
(This used to be commit aa7f815525)
I also fixed up the lookup_pdc_name() code so that it now works, even
with a NT server that insists on replying to udp/138.
The method I used to match packets was to use the mailslot string as a
datagram ID. The true dgm_id doesn't work as NT doesn't set it
correctly. uggh.
PS: Jeremy, I had to change your code quite a bit, are you sure this
worked with a Samba PDC?? The code looked broken, it got the offsets
wrong in the SMB portion of the packet and filled in the IP
incorrectly.
(This used to be commit 32f66f4ea6)
yamd is much better, and doesn't require any source code changes
if you haven't seen yamd then take a look at
http://www3.hmc.edu/~neldredge/yamd/
its excellent!
(This used to be commit 25b13f8b79)
this means "nmblookup -S" now always works, even with broken servers
the database stores all unexpected replies and these can be accessed
by any client.
while doing this I cleaned up a couple of functions, and put in place
a better trn_id generator. in most places the code got quite a bit
simpler due to the addition of simple helper functions.
I haven't yet put the code in to take advantage of this for pdc
replies - that will be next. Jeremys pdc finding code will then work :)
(This used to be commit 280e6359d3)
- added TDB_CLEAR_IF_FIRST flag to clear the database if this is the
first attached process. Useful for non-persistent databases like our
locking area (this will also make upgrades to new database layouts easier)
- use lock_path() in a couple of places
- leave connections database open while smbd running
- cleaned up some tdb code a little, using macros for constants
(This used to be commit 00e9da3ca5)
they should all be replaced with cli_establish_connection().
created cli_use_wait_keyboard() which waits on multiple cli_states
and swallows session keepalives.
(This used to be commit fcc39b3f4f)
desired flag MUST be set in any NBT UDP packets sent to a WINS
server, else they will go to the WINS client side of the NT NetBIOS
kernel instead, and will get trashed.
- added \PIPE\browser server-side code.
(This used to be commit 8e406c1fa2)
request name.
modified createuser rpcclient command to examine name being added. if it
ends in a $, assume that a workstation trust account is being added.
(This used to be commit 4aea261cb0)
reg_io_r_info() working properly. previously they weren't well
understood (well, they were the first of the registry functions i did,
back in december 97, ok??? :-)
set ntversion to 0x1 in SAMQUERY, so that we reply same as NT4 srv.
(This used to be commit 98ddeaf442)
- disabled (AGAIN) the GETDC "if (MAILSLOT\NTLOGON)" code that will get
NT5rc2 to work but WILL break win95 (AGAIN). this needs _not_ to be
re-enabled but to be replaced with a better mechanism.
- added SMBwrite support (note: SMBwriteX already existed) as NT5rc2 is
sending DCE/RPC over SMBwrite not SMBwriteX.
(This used to be commit 25c70e3c98)
password change requests), from Michael Stockman <pgmtekn@algonet.se>.
GETDC on \MAILSLOT\NET\NETLOGON necessarily returns less information
than the NTLOGON version.
(This used to be commit 8a603a8793)
who doesn't know what an LMB or DMB is.
* check_master_browser_exists now performs the check the first time
around, so if there is indeed no master browser then Samba takes up the job
much faster.
* Upped default OS level to 32. There is no reason why some stupid little
Windows box should become LMB instead of a Samba *server*.
* "domain master" now defaults to "auto". Currently this attempts to
become DMB iff Samba is the PDC (ala Windows NT). "preferred master" also
defaults to "auto", which enables preferred master iff Samba is DMB.
* lp_server_role now just returns the predetermined role, rather than
working it out each time, since the server role is becoming very heavily
used (esp for the BDC code).
(This used to be commit 4a23a358b5)
it's wrong. i've seen a packet from nt client on MAILSLOT\NETLOGON
with appended undocumented unicode tacked on the end and the response
contained undocumented unicode tacked on the end.
(This used to be commit 74c7d626cd)
No more ugly static library buffers and all functions take a destination
string length (especially unistrcpy was rather dangerous; we were only
saved by the fact that datagrams are limited in size).
(This used to be commit a1d39af1ce)
This allows the removal of PASSDB_OBJ, RPC_CLIENT_OBJ and
RPC_PARSE_OBJ from nmbd in the head branch.
so nmbd just went on a diet :)
(This used to be commit be697c9ef0)
samr_query_aliasmembers (cool!)
util_pwdb.c sids.c nmbd.c server.c smbpasswd.c swat.c :
pwdb_initialise(BOOL is_server) now creates / reads DOMAIN_NAME.SID
if is_server is True, and does LsaQueryInfoPolicy(levels 3 and 5)
to obtain member and pdc sids.
(This used to be commit 3e1eb4f26b)
- split sam_passwd and smb_passwd into separate higher-order function tables
- renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user"
plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd
password databases to fill in the blank entries that are not obtained
from whatever password database API instance is being used.
NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST
be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c
for the only example outside of the password database APIs i could find.
- added query_useraliases code to rpcclient.
- dealt with some nasty interdependencies involving non-smbd programs
and the password database API. this is still not satisfactorily
resolved completelely, but it's the best i can do for now.
- #ifdef'd out some password database options so that people don't
mistakenly set them unless they recompile to _use_ those options.
lots of debugging done, it's still not finished. the unix/NT uid/gid
and user-rid/group-rid issues are better, but not perfect. the "BUILTIN"
domain is still missing: users cannot be added to "BUILTIN" groups yet,
as we only have an "alias" db API and a "group" db API but not "builtin-alias"
db API...
(This used to be commit 5d5d7e4de7)
Tidied up some of the mess (no other word for it). Still doesn't
compile cleanly. There are calls with incorrect parameters that
don't seem to be doing the right thing.
This code still needs surgery :-(.
Jeremy.
(This used to be commit 18ff93a9ab)
the pre-alpha "domain group" etc parameters have disappeared.
- interactive debug detection
- re-added mem_man (andrew's memory management, detects memory corruption)
- american spellings of "initialise" replaced with english spelling of
"initialise".
- started on "lookup_name()" and "lookup_sid()" functions. proper ones.
- moved lots of functions around. created some modules of commonly used
code. e.g the password file locking code, which is used in groupfile.c
and aliasfile.c and smbpass.c
- moved RID_TYPE_MASK up another bit. this is really unfortunate, but
there is no other "fast" way to identify users from groups from aliases.
i do not believe that this code saves us anything (the multipliers)
and puts us at a disadvantage (reduces the useable rid space).
the designers of NT aren't silly: if they can get away with a user-
interface-speed LsaLookupNames / LsaLookupSids, then so can we. i
spoke with isaac at the cifs conference, the only time for example that
they do a security context check is on file create. certainly not on
individual file reads / writes, which would drastically hit their
performance and ours, too.
- renamed myworkgroup to global_sam_name, amongst other things, when used
in the rpc code. there is also a global_member_name, as we are always
responsible for a SAM database, the scope of which is limited by the role
of the machine (e.g if a member of a workgroup, your SAM is for _local_
logins only, and its name is the name of your server. you even still
have a SID. see LsaQueryInfoPolicy, levels 3 and 5).
- updated functionality of groupname.c to be able to cope with names
like DOMAIN\group and SERVER\alias. used this code to be able to
do aliases as well as groups. this code may actually be better
off being used in username mapping, too.
- created a connect to serverlist function in clientgen.c and used it
in password.c
- initialisation in server.c depends on the role of the server. well,
it does now.
- rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
(This used to be commit 0d21e1e609)
by default.
nmbd*: Changed all calls to namestr() to nmbd_namestr() to fix broken FreeBSD include
file problem...sigh.
Jeremy.
(This used to be commit 9ee8f39aed)
nmbd/nmbd.c: Someone (a "yank" no doubt :-) Changed instances of "initialise" to
"initialize". Someone get that man an *English* dictionary.... :-) :-).
Jeremy.
(This used to be commit 6279be7f96)