1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Commit Graph

55 Commits

Author SHA1 Message Date
Michael Adam
f07cfe3b68 lib/access: make client_match() public.
Michael
(This used to be commit 1b2dec93b6)
2008-08-09 01:15:57 +02:00
Jeremy Allison
6f4cd6df77 client[ADDR_INDEX] is an IPv4 mapped to IPv6, but
the list item is not. Try and match the IPv4 part of
address only. This will happen a lot on IPv6 enabled
systems with IPv4 allow/deny lists in smb.conf.
Bug #5311.
Jeremy.
(This used to be commit 7c3550f82c)
2008-03-06 14:44:07 -08:00
Volker Lendecke
89f7883fe9 Add a singleton cache
First user is yp_default_domain
(This used to be commit c19363eb77)
2007-12-21 09:58:20 +01:00
Jeremy Allison
25074433f4 I can't get away without a 'length' arg. :-).
Jeremy.
(This used to be commit 95d01279a5)
2007-11-03 18:41:26 -07:00
Jeremy Allison
6658165d5e Stop get_peer_addr() and client_addr() from using global
statics. Part of my library cleanups.
Jeremy.
(This used to be commit e848506c85)
2007-11-03 18:15:45 -07:00
Jeremy Allison
34a8e1c51e Fix reversed bool check for access. Found by kukks.
Thanks !
Jeremy.
(This used to be commit a13e8bd39d)
2007-10-25 17:17:46 -07:00
Jeremy Allison
2b2168bff6 Improve IPv4 detection.
Jeremy.
(This used to be commit 2ef50e325c)
2007-10-16 16:01:13 -07:00
Jeremy Allison
ce77126e68 Fix access control code to be IPv6/v4 protocol independent.
Make unix_wild_match() talloc, not pstring based.
Next will be name resolution code, and client code.
Jeremy.
(This used to be commit f6a01b82c5)
2007-10-16 11:33:37 -07:00
Jeremy Allison
8e54530b52 Add start of IPv6 implementation. Currently most of this is avoiding
IPv6 in winbindd, but moves most of the socket functions that were
wrongly in lib/util.c into lib/util_sock.c and provides generic
IPv4/6 independent versions of most things. Still lots of work
to do, but now I can see how I'll fix the access check code.
Nasty part that remains is the name resolution code which is
used to returning arrays of in_addr structs.
Jeremy.
(This used to be commit 3f6bd0e1ec)
2007-10-10 18:25:16 -07:00
Simo Sorce
ab75c56370 r17408: Let us use netgroups even without a NIS domain but just using files
(This used to be commit c065341d3f)
2007-10-10 11:38:32 -05:00
Gerald Carter
f24d88cf9d r7139: trying to reduce the number of diffs between trunk and 3.0; changing version to 3.0.20pre1
(This used to be commit 9727d05241)
2007-10-10 10:57:02 -05:00
Derrell Lipman
9840db418b r6149: Fixes bugs #2498 and 2484.
1. using smbc_getxattr() et al, one may now request all access control
   entities in the ACL without getting all other NT attributes.
2. added the ability to exclude specified attributes from the result set
   provided by smbc_getxattr() et al, when requesting all attributes,
   all NT attributes, or all DOS attributes.
3. eliminated all compiler warnings, including when --enable-developer
   compiler flags are in use.  removed -Wcast-qual flag from list, as that
   is specifically to force warnings in the case of casting away qualifiers.

Note: In the process of eliminating compiler warnings, a few nasties were
      discovered.  In the file libads/sasl.c, PRIVATE kerberos interfaces
      are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED
      kerberos interfaces are being used.  Someone who knows kerberos
      should look at these and determine if there is an alternate method
      of accomplishing the task.
(This used to be commit 994694f7f2)
2007-10-10 10:56:24 -05:00
Jeremy Allison
acf9d61421 r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
2007-10-10 10:53:32 -05:00
Gerald Carter
67db65abf1 make sure we use a real network address in case there are extra non-zero octets in hosts allow/deny
(This used to be commit 0348e85177)
2003-12-08 17:40:15 +00:00
Gerald Carter
951e1aa851 fix inverted logic caused by s/strcmp/strequal/; host allow/deny works again; bug 846
(This used to be commit c816b44a9c)
2003-12-01 19:25:41 +00:00
Volker Lendecke
d5573ccde3 Simple rename of get_socket_addr to get_peer_addr and get_socket_name to
get_peer_name. This is to get closer to the getsockname/getpeername system
functions.

Next step will be the %i macro for the local IP address. I still want to play
%L-games in times of port 445.

Volker
(This used to be commit d7162122ea)
2003-11-07 09:03:02 +00:00
Jeremy Allison
bb0598faf5 Put strcasecmp/strncasecmp on the banned list (except for needed calls
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at
all and I really want to discourage that.
Jeremy.
(This used to be commit d7e35dfb92)
2003-10-22 23:38:20 +00:00
Herb Lewis
062f89bc28 get rid of some sompiler warnings on IRIX
(This used to be commit a6a39c61e8)
2003-08-15 01:42:30 +00:00
Gerald Carter
ce9af4e049 round three of CIDR fixes; spotted by Tomoki AONO
(This used to be commit 554026b208)
2003-04-26 16:18:20 +00:00
Gerald Carter
6bbedbdb5a fix byte ordering when using CIDR notation in hosts allow/deny; spotted by Eloy Paris
(This used to be commit 6155144b9f)
2003-04-18 14:55:43 +00:00
Gerald Carter
06068da0dc fix CIDR hosts allow/deny notation
(This used to be commit 84707fd95e)
2003-03-28 15:42:36 +00:00
Jeremy Allison
2f194322d4 Removed global_myworkgroup, global_myname, global_myscope. Added liberal
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit f755711df8)
2002-11-12 23:20:50 +00:00
Andrew Bartlett
35ac9d287f Try to catch up on the code I've put into HEAD that should be in 3.0:
- vorlan's hosts allow with DNS names patch
 - use x_fileno() in debug.c, not the struct directly.
 - check for server timeout on password change (was reporting success)
 - better error/status loggin in both the pam_winbind client and winbindd_pam
server code.
 - (pdb_ldap) don't set the ldap version twice - we do it on every bind anyway.
(This used to be commit 9fa1863d8e)
2002-10-26 02:20:59 +00:00
Andrew Tridgell
e90b652848 updated the 3.0 branch from the head branch - ready for alpha18
(This used to be commit 03ac082dcb)
2002-07-15 10:35:28 +00:00
Jeremy Allison
0d87fb91c4 Allow hosts allow/deny to use xx.xx.xx.xx/yy syntax.
Jeremy.
(This used to be commit ea60c50109)
2002-03-27 01:56:31 +00:00
Jeremy Allison
a0b86d4cd2 If 127.0.0.1 matches both allow & deny then allow. Patch from Steve Langasek vorlon@netexpress.net
Jeremy.
(This used to be commit 478696e924)
2002-01-18 03:08:40 +00:00
Andrew Bartlett
f9879578c6 More spelling and grammer from Vance. <vance@digital-host.net>
Thanks!

Andrew Bartlett
(This used to be commit f019bed766)
2001-10-29 08:26:45 +00:00
Tim Potter
dc1fc3ee8e Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.
(This used to be commit 2d0922b0ea)
2001-10-02 04:29:50 +00:00
Simo Sorce
484a7c0341 move to SAFE_FREE()
(This used to be commit 60e907b7e8)
2001-09-17 02:19:44 +00:00
Andrew Tridgell
527e824293 strchr and strrchr are macros when compiling with optimisation in gcc, so we can't redefine them. damn.
(This used to be commit c41fc06376)
2001-07-04 07:36:09 +00:00
Simo Sorce
d56e091694 fix compiler warnings
(This used to be commit 7420e2f789)
2001-06-23 14:13:32 +00:00
Simo Sorce
82970b833c initial support for paramter type P_LIST
it will avoid problems with lists being longer than 1024 bytes
just now only ip list parameters have been converted to the new type
(hosts allow, hosts deny, ssl hosts, ssl hosts resign)
(This used to be commit e1572f85d6)
2001-06-20 16:54:32 +00:00
Gerald Carter
911975c88f merge from 2.2
(This used to be commit f87f3707f3)
2001-04-20 15:39:51 +00:00
Gerald Carter
0fc676c335 merge from 2.2
(This used to be commit 79f4c4ad74)
2001-04-19 23:13:38 +00:00
Jeremy Allison
e7a6cb234a Removed one samba-bugs ref. from source.
Jeremy.
(This used to be commit d40ee1707d)
2001-04-14 21:26:45 +00:00
Gerald Carter
85cab6559e merge from 2.2
(This used to be commit 3a03065b43)
2001-03-27 00:03:49 +00:00
Andrew Tridgell
2fa922611b finally got sick of the "extern int Client" code and the stupid
assumption that we have one socket everywhere

while doing so I discovered a few bugs!

1) the clientgen session retarget code if used from smbd or nmbd would
cause a crash as it called close_sockets() which closed our main
socket! fixed by removing close_sockets() completely - it is unnecessary

2) the caching in client_addr() and client_name() was bogus - it could
easily get fooled and give the wrong result. fixed.

3) the retarget could could recurse, allowing an easy denial of
service attack on nmbd. fixed.
(This used to be commit 5937ab14d2)
2000-04-11 13:55:53 +00:00
Andrew Tridgell
3db52feb1f first pass at updating head branch to be to be the same as the SAMBA_2_0 branch
(This used to be commit 453a822a76)
1999-12-13 13:27:58 +00:00
Andrew Tridgell
f120a81a72 global change from samba.anu.edu.au to samba.org
(This used to be commit 42d2509c9f)
1998-11-21 13:20:31 +00:00
Jeremy Allison
ac9b687cc2 configure configure.in: Added tests for fseek64 and ftell64.
config.h.in: Added fseek64 and ftell64.
includes.h: Added definition of SMB_BIG_INTEGER.
smb.h: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER.
access.c: Tidyup of dbug statement.
system.c: Added sys_fseek and sys_ftell. Changed mode calls to use mode_t.
asyncdns.c: Tidyup of comment.
loadparm.c: Tidyup of set_default_server_announce_type() function definition.
ldap.c: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER.
nispass.c: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER.
smbpass.c: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER.
smbpassfile.c: Use sys_fseek().
chgpasswd.c: Tidyup of debug statement.
dosmode.c: Changed mode calls to use mode_t.
ipc.c: Removal of dead code.
nttrans.c: Changed mode calls to use mode_t.
open.c: Changed mode calls to use mode_t.
pipes.c: Removal of dead code.
reply.c: Removal of dead code.
trans2.c: Removal of dead code. Changed mode calls to use mode_t.
Jeremy.
(This used to be commit c381d32e3d)
1998-09-17 19:16:12 +00:00
Jeremy Allison
e13aeea928 configure: Changes for extra headers.
configure.in: Source for header changes.
client/clitar.c: Fixed isXXX macros & debugs for gcc pedantic compile.
include/config.h.in: Added MEMSET, BZERO, MEMORY, RPCSVC_YPCLNT, STRINGS headers.
include/includes.h: Headers for the above.
include/smb.h: Made SIGNAL_CAST POSIX by default void (*)(int).
lib/access.c: Fixed isXXX macros & debugs for gcc pedantic compile.
lib/charset.c: Fixed isXXX macros & debugs for gcc pedantic compile.
lib/debug.c: Fixed signal functs.
lib/kanji.c: Fixed isXXX macros & debugs for gcc pedantic compile.
lib/smbrun.c: Fixed isXXX macros & debugs for gcc pedantic compile.
lib/util.c: Fixed isXXX macros & debugs for gcc pedantic compile.
libsmb/namequery.c: Fixed isXXX macros & debugs for gcc pedantic compile.
locking/shmem.c: Fixed isXXX macros & debugs for gcc pedantic compile.
locking/shmem_sysv.c: Fixed error messages in sysV stuff.
nmbd/asyncdns.c: Fixed signal functs.
nmbd/nmbd.c: Fixed isXXX macros & debugs for gcc pedantic compile.
passdb/passdb.c: Fixed isXXX macros & debugs for gcc pedantic compile.
passdb/smbpassfile.c: Fixed isXXX macros & debugs for gcc pedantic compile.
smbd/chgpasswd.c: Fixed isXXX macros & debugs for gcc pedantic compile.
smbd/ipc.c: Fixed isXXX macros & debugs for gcc pedantic compile.
smbd/nttrans.c: Fixed fsp code path.
smbd/password.c: fixed HAVE_YP_GET_DEFAULT_DOMAIN problem.
smbd/printing.c: Fixed isXXX macros & debugs for gcc pedantic compile.
smbd/reply.c: Fixed isXXX macros & debugs for gcc pedantic compile.
smbd/server.c: Fixed isXXX macros & debugs for gcc pedantic compile.
smbd/trans2.c: Fixed core dump bug.
smbd/uid.c: Fixed isXXX macros & debugs for gcc pedantic compile.
Jeremy.
(This used to be commit 1b9cbcd02e)
1998-08-15 01:19:26 +00:00
Andrew Tridgell
670c6addc3 moved access.c into lib/ from smbd/ as it is needed by testparm. I
modified it not to need any smbd specific structures and instead pass
things from smbd.
(This used to be commit 162141d3b3)
1998-08-10 07:29:57 +00:00
Christopher R. Hertel
28900ea26f As per a Andrew's message, I went through and removed the timestring()
timestamps from several DEBUG messages.  The timestamps are redundant now
that DEBUG() provides them automatically.

There are still a few more files to do, but I've got to get home for dinner.

Chris -)-----
(This used to be commit 60286cceca)
1998-07-31 22:39:15 +00:00
Andrew Tridgell
64578c0589 merge from the autoconf2 branch to the main branch
(This used to be commit 3bda7ac417)
1998-07-29 03:08:05 +00:00
Jeremy Allison
cac6a060af Changes to allow Samba to be compiled with -Wstrict-prototypes
with gcc. (Not a big change although it looks like it :-).

Jeremy.
(This used to be commit cd2613c572)
1998-04-13 19:24:06 +00:00
Andrew Tridgell
f996885676 this isn't a big commit, it just looks like it :-)
I needed the client_name() and client_addr() functions in swat so I
could tell who was connecting from where. The problem was that these
functions didn't take a file descriptor parameter they just used
the global "Client".

So I needed to change all calls to pass a parameter ... lots of files.
(This used to be commit a776058900)
1998-03-17 12:31:43 +00:00
Luke Leighton
563cf6f4aa added timestamp to "Denied connection" message.
(This used to be commit f28b14a86c)
1997-09-18 12:47:55 +00:00
Samba Release Account
20b5dea237 Large changes from jra@cygnus.com. Mainly browser updates.
access.c: Fixed crash if yp domain unavailable.
includes.h: Moved ifdefs for minor platform.
interface.c: Changed name of ipgrp to wins_ip to make it clearer.
loadparm.c: Changed default of wins support to 'no'.
nameannounce.c: Many changes to fix cross subnet browsing.
namebrowse.c: Many changes to fix cross subnet browsing.
namedbname.c: Many changes to fix cross subnet browsing.
namedbresp.c: Many changes to fix cross subnet browsing.
namedbsubnet.c: Many changes to fix cross subnet browsing.
namedbwork.c: Many changes to fix cross subnet browsing.
nameelect.c: Many changes to fix cross subnet browsing.
namelogon.c: Many changes to fix cross subnet browsing.
namepacket.c: Many changes to fix cross subnet browsing.
nameresp.c: Many changes to fix cross subnet browsing.
nameserv.c: Many changes to fix cross subnet browsing.
nameserv.h: Many changes to fix cross subnet browsing.
nameservreply.c: Many changes to fix cross subnet browsing.
nameservresp.c: Many changes to fix cross subnet browsing.
namework.c: Many changes to fix cross subnet browsing.
nmbd.c: Change to search wins subnet.
nmbsync.c: Change to check if we are any master before proceeding.
proto.h: Added find_subnet_all() and check_work_servertype().
util.c: Moved 'done' settings on name resolution.
(This used to be commit a82476eee2)
1997-04-09 01:19:25 +00:00
Andrew Tridgell
f3c79936d7 - replace the base36 function with one that works on more systems
(compiler bugs were the problem)

- minor password cleanups (catch WfWG bug where it sets the password
to a space instead of a NULL)

- fix printing problem for kanji users

- minor cleanups
(This used to be commit 92566ecc31)
1996-10-05 13:13:31 +00:00
Andrew Tridgell
e5893bdfbe I have fixed quite a few important bugs in this commit.
Luke, can you take special note of the bug fixes to nmbd so you can
propogate them to your new code.

- rewrote the code that used to use fromhost(). We now call
gethostbyaddr() only if necessary and a maximum of once per
connection. Calling gethostbyaddr() causes problems on some systems so
avoiding it if possible is a good thing :-)

- added the "fake oplocks" option. See the docs in smb.conf(5) and
Speed.txt

- fixed a serious bug in nmbd where it would try a DNS lookup on
FIND_SELF queries. This caused a lot of unnecessary (and incorrect)
DNS lookups to happen. FIND_SELF queries should only go to the
internal name tables.

- don't set FIND_SELF for name queries if we are a wins proxy, as we
are supposed to be answering queries for other hosts.

- fixed a bug in nmbd which had "if (search | FIND_LOCAL)" instead of
"if (search & FIND_LOCAL)". Luke, this was in nameservreply.c

- the above 3 bugs together meant that DNS queries were being cached,
but the cache wasn't being used, so every query was going to DNS, no
wonder nmbd has been chewing so much CPU time! Another side effect was
that queries on names in lmhosts weren't being answered for bcast
queries with "wins proxy" set.

- ignore the maxxmit for seconday session setups (see CIFS spec)

- close user opened files in a uLogoffX for user level security (see
CIFS spec)

- added uid into the files struct to support the above change
(This used to be commit ea472b7217)
1996-10-05 10:41:13 +00:00