IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
It removed all ocurrences of the following functions :
sprintf
strcpy
strcat
The replacements are slprintf, safe_strcpy and safe_strcat.
It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.
Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.
Jeremy.
from which an NT user can log in from. empty (default) indicates no
restrictions. exactly how this is enforced is unknown. from past experience
it's likely that the enforcement is left to the client to carry out...
everywhere. I've implemented slprintf() as a bounds checked sprintf()
using mprotect() and a non-writeable page.
This should prevent any sprintf based security holes.
server.c: Moved %U, %G and %N into standard_sub() from standard_sub_basic()
as only smbd knows about usernames. Also fixes problem with calling
standard_sub_basic() from loadparm.c.
smbpass.c: Partial tidyup of machine_password_lock() code - not finished yet.
util.c: Moved %U, %G and %N into standard_sub() from standard_sub_basic()
as only smbd knows about usernames. Also fixes problem with calling
standard_sub_basic() from loadparm.c.
lib/rpc/server/srv_ldap_helpers.c: Added #ifdef USE_LDAP around ldap code.
lib/rpc/server/srv_samr.c: Added #ifdef USE_LDAP around ldap code.
Jeremy.
passwords to be stored over time, allowing a smbpasswd file migration.
Adds new parameter "update encrypted".
Will also add to 1.9.18 branch.
Docs update to follow.
Jeremy.
WARNING - so far this has only been tested against a Samba PDC
(still waiting for IS to add me the machine accounts :-).
Still missing is the code in smbpasswd that will add a machine
account password and change it on the domain controller, but
this is not hard, and I will check it in soon.
Jeremy.
It is changing the global variables "myname" and "myworkgroup"
to "global_myname" and "global_myworkgroup" respectively.
This is to make it very explicit when we are messing
with a global (don't ask - it makes the domain client
code much clearer :-).
Jeremy.
loadparm.c: Started add of 'security=domain' code.
password.c: Fix for security=server NT bugs.
reply.c: Started add of 'security=domain' code.
server.c: Started add of 'security=domain' code.
smb.h: Started add of 'security=domain' code.
Jeremy.
load time (patch from "Marty Leisner" <leisner@sdsp.mc.xerox.com>.
server.c: Patch from Josef Hinteregger <joehtg@joehtg.co.at> - string
could be overwritten when find_service() called recursively.
Jeremy.
+ improvement to smbtar to allow exclusion/inclusion of system and
hidden files, and to generate a listing of what has been archived
in a format useful for automated backup systems.
+ add the "Softq" spooling system to samba's printing capabilities.
+ I have "fixed" the intrusion of US style dates into samba reporting
as well. The format yyyy/mm/dd is not only uunambiguous, but also
has the benefit of making lexicographic sorts work correctly.
Jeremy.
parameter which allows the new change password code to change the
unix password also. Defaults to OFF.
includes.h: Added termios.h to FreeBSD to allow password changing.
namequery.c: Fixed missing name parameters to debug statements.
Jeremy.
"name resolve order" parameter.
source/Makefile: Re-ordered link for name resolve order code.
source/clientgen.c:
source/clientutil.c: Added calls to resolve_name().
source/includes.h: Added HPUX zombie fix.
source/loadparm.c: Added new name resolve order parameter.
source/namequery.c: Re-wrote to include parsing of lmhosts file, new resolve_name()
function requested by John.
source/nmbd.c: Tell resolve_name not to do WINS lookups if we are the WINS server.
source/nmbd_lmhosts.c: Call lmhosts parsing functions in namequery.c
source/password.c: Call resolve_name() to lookup security=server name.
source/reply.c:
source/time.c:
source/trans2.c: "fake directory create times" fix from Jim Hague - hague@research.canon.com.au.
source/util.c: Removed isalnum() test in Get_Hostname() that seems to cause
problems on many systems.
Jeremy.
testparm.
In particular I added:
- ability to optionally save default values of all parameters when
calling lp_load(). This can then be used to save only non-default
parameters in lp_dump(). This makes the saved smb.conf (and viewed
parameters in testparm) much shorter
- ability to not load ipc share in lp_load()
- separators in parm_table[] so parameters can be grouped logically.
- flag to mark parameters that are local but which should be also
viewed as global as far as parameters editing is concerned
all I saw" - the book of Jeremy, chapter 1 :-).
So here is the mega-merge of the NTDOM branch server code.
It doesn't include the new client side pieces, we'll look
at that later.
This should give the same functionality, server wise, as
the NTDOM branch does, only merged into the main branch.
Any fixes to domain controler functionality should be
added to the main branch, not the NTDOM branch.
This code compiles without warnings on gcc2.8, but will
need further testing before we are sure all the working
functionality of the NTDOM server branch has been
correctly carried over.
I hereby declare the server side of the NTDOM branch
dead (and all who sail in her :-).
Jeremy.
These are some hacks on SWAT. Maybe users will actually be able to
work out how to use it now.
Unfortunately these changes required some editing in loadparm.c and
smb.h which will make Jeremys merge job harder. Sorry!
Kanji support is one case of multibyte character
support, rather than being a specific case in
single byte character support.
This allows us to add Big5 Chinese support (code page 950)
and Korean Hangul support (code page 949) at very little
cost. Also allows us to easily add future multibyte
code pages.
Makefile: Added codepages 949, 950 as we now support more multibyte
codepages.
asyncdns.c: Fixed problem with child being re-spawned when parent killed.
charcnv.c
charset.c
client.c
clitar.c
kanji.c
kanji.h
smb.h
util.c
loadparm.c: Generic multibyte codepage support (adding Big5 Chinese
and Korean Hangul).
nmbd.c: Fixed problem with child being re-spawned when parent killed.
mangle.c: Modified str_checksum so that first 15 characters have more
effect on outcome. This helps with short name mangling as
most 'long' names are still shorter than 15 chars (bug was
foobar_mng and foobar_sum would hash to the same value, with
the modified code they hash differently.
Jeremy.
This is the checkin that fixes the infamous Visual C++ 'file
has changed' bug.
I feel *SO* good about that :-).
charset.c: Added (void) to fix Herb's fussy compiler.
loadparm.c: Removed "win95 bug compatibility" (didn't
like it much anyway :-). Added "dos filetime resolution"
instead.
reply.c: Added the 2 second timestamp resolution fix that the song above is about.
time.c: Removed unneeded get_access_time() function.
trans2.c : Removed unneeded "win95 bug compatibility" code.
Jeremy.
loadparm.c: Added "win95 bug compatibility" parameter.
local.h: Replaced MAX_OPEN_FILES back to 100 from 10 (oops).
reply.c: Fixed ulogoff check against uid - changed to vuid.
server.c: Changed file struct save of uid - changed to vuid.
smb.h: Changed id in struct current_user to vuid.
Changed file struct uid to vuid.
time.c: Added "win95 bug compatibility" atime -> mtime return.
trans2.c: Added "win95 bug compatibility" fixes.
uid.c: Changed id in struct current_user to vuid - added checks
to set/reset it.
util.c: Added code to expand environment variables.
version.h : still at 1.9.18 (head branch doesn't matter too much at present).
Jeremy.
chgpasswd.c: Fixed typo in debug message.
includes.h: Fix include for aix.
kanji.c: Added cap_to_sj as inverse of sj_to_cap.
loadparm.c:
local.h:
password.c: Added code for "networkstation user login" parameter.
- patch from Rob Nielsen <ran@adc.com>.
printing.c: Added further aix printing fixes.
reply.c: Changed access time fetch to a function.
trans2.c: Changed access time fetch to a function.
time.c: Changed access time fetch to a function.
server.c: Made NT redirector workaround final.
util.c: Added debug for write_socket failing.
Jeremy.
I checked this out and it looks ok - the bzero() in init_service() was
overwriting the pointers pservice->szService and pservice->copymap
that should have been freed in copy_service() the line later. This
fix frees pservice->szService and pservice->copymap inside free_service()
and sets them to zero so they won't be freed again.
Jeremy.
server.c, util.c: Added fix for oplock break requests blocking due to server being
blocked in read call. Bug found by Charles Hoch <hoch@hplcgh.hpl.hp.com>.
Jeremy.
docs/smb.conf.5: Removed unused NTDOMAIN params. Added new params.
source/loadparm.c: Put #ifdef NTDOMAIN around unused params.
source/nmbd_become_lmb.c: Removed check for workgroup name in lmb name.
Jeremy.
back into the main tree.
For the cvs logs of all the files starting nmbd_*.c, look
in the JRA_NMBD_REWRITE branch. That branch has now been
discontinued.
Jeremy.
to use lpstat to obtain the printer list on systemV systems.
I've now made this the default on all SYSV systems.
Jeremy, you were a little worried about the security of this patch. I
believe it's OK as the user has no control over the options given to
popen() and the pipe is only open for reading.
[%U]
path = %H
to get a new homes area. I wonder when it broke?
Anyway, I've fixed it. We can all rest easy now, knowing that you
really can produce an incomprehensible smb.conf and get it to work.
"interpret_security" and similar functions. This also means that
testparm produces string values for these enumerated types rather than
an integer. This was done to make the web interface much cleaner.
While I was doing this I found a couple of very nasty bugs in the
parm_table code. Someone had added a handle_character_set() function
that treated the char** pointer for a P_STRING as an integer! This
would have caused memory corruption for anyone using the "character
set" option. The loadparm code is delicate - please be careful about
using it's more esoteric features!
I've also removed the "coding system" global and made it a
P_STRING. The integer value was never used anywhere in Samba.
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
