IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
IPv6 in winbindd, but moves most of the socket functions that were
wrongly in lib/util.c into lib/util_sock.c and provides generic
IPv4/6 independent versions of most things. Still lots of work
to do, but now I can see how I'll fix the access check code.
Nasty part that remains is the name resolution code which is
used to returning arrays of in_addr structs.
Jeremy.
(This used to be commit 3f6bd0e1ec)
the ripple effects this causes. utmp has to change etc. Remove some
global varables and store address/port in the unexpected db.
Jeremy.
(This used to be commit 18c6a2211d)
always consistent. Return -1 on error, and ensure
we check for this. In cases where the dest is already
specified and we've been asked to terminate with a
null, ensure we always do so even on error.
Jeremy.
(This used to be commit abedd96786)
This adds the two functions talloc_stackframe() and talloc_tos().
* When a new talloc stackframe is allocated with talloc_stackframe(), then
* the TALLOC_CTX returned with talloc_tos() is reset to that new
* frame. Whenever that stack frame is TALLOC_FREE()'ed, then the reverse
* happens: The previous talloc_tos() is restored.
*
* This API is designed to be robust in the sense that if someone forgets to
* TALLOC_FREE() a stackframe, then the next outer one correctly cleans up and
* resets the talloc_tos().
The original motivation for this patch was to get rid of the
sid_string_static & friends buffers. Explicitly passing talloc context
everywhere clutters code too much for my taste, so an implicit
talloc_tos() is introduced here. Many of these static buffers are
replaced by a single static pointer.
The intended use would thus be that low-level functions can rather
freely push stuff to talloc_tos, the upper layers clean up by freeing
the stackframe. The more of these stackframes are used and correctly
freed the more exact the memory cleanup happens.
This patch removes the main_loop_talloc_ctx, tmp_talloc_ctx and
lp_talloc_ctx (did I forget any?)
So, never do a
tmp_ctx = talloc_init("foo");
anymore, instead, use
tmp_ctx = talloc_stackframe()
:-)
Volker
(This used to be commit 6585ea2cb7)
smbd, nmbd and winbindd can be started with invalid options currently.
The first patch attached would be a possible solution.
It contains an exit if an invalid option has been used. The main problem
is, that existing setups with wrong options or missing arguments in start
scripts will break (which is the right behaviour from my point of view).
metze
(This used to be commit 8532e3182a)
add in any cluster addresses. We need to response to these,
but not listen on them. This allows us to run nmbd on every
node in the cluster, and have all of them register with a
WINS server correctly
metze
(This used to be commit 98c57562c4)
systems. Rather than trying to fix this, it's much better just to
remove the code, as it serves no purpose at all (the message that is
generated is ignored by smbd).
This sort of parsing should really be done by PIDL generated code.
(This used to be commit 22e8404cef)
doing this because for the clustering the marshalling is needed in more
than one place, so I wanted a decent routine to marshall a message_rec
struct which was not there before.
Tridge, this seems about the same speed as it used to be before, the
librpc/ndr overhead in my tests was under the noise.
Volker
(This used to be commit eaefd00563)
and connections_forall. This centralizes all the routines that did individual
tdb_open("connections.tdb") and direct tdb_traverse.
Volker
(This used to be commit e43e94cda1)
This changes "struct process_id" to "struct server_id", keeping both is
just too much hassle. No functional change (I hope ;-))
Volker
(This used to be commit 0ad4b1226c)
to all callers of smb_setlen (via set_message()
calls). This will allow the server to reflect back
the correct encryption context.
Jeremy.
(This used to be commit 2d80a96120)
void message_register(int msg_type,
void (*fn)(int msg_type, struct process_id pid,
- void *buf, size_t len))
+ void *buf, size_t len,
+ void *private_data),
+ void *private_data)
{
struct dispatch_fns *dfn;
So this adds a (so far unused) private pointer that is passed from
message_register to the message handler. A prerequisite to implement a tiny
samba4-API compatible wrapper around our messaging system. That itself is
necessary for the Samba4 notify system.
Yes, I know, I could import the whole Samba4 messaging system, but I want to
do it step by step and I think getting notify in is more important in this
step.
Volker
(This used to be commit c8ae60ed65)
closer at the wins server code. Firstly, it needs
to do the searches on the SELF_NAMES correctly,
secondly it needs to flush the in-memory cache
out before returning the 1b names - else it might
get duplicates returned if many 1b queries are
done in quick succession. Jerry, I hate to say
this but you might want to consider this for 3.0.23....
Jeremy.
(This used to be commit b36b9befbb)
is produced when a process exits abnormally.
First, we coalesce the core dumping code so that we greatly improve our
odds of being able to produce a core file, even in the case of a memory
fault. I've removed duplicates of dump_core() and split it in two to
reduce the amount of work needed to actually do the dump.
Second, we refactor the exit_server code path to always log an explanation
and a stack trace. My goal is to always produce enough log information
for us to be able to explain any server exit, though there is a risk
that this could produce too much log information on a flaky network.
Finally, smbcontrol has gained a smbd fault injection operation to test
the changes above. This is only enabled for developer builds.
(This used to be commit 56bc02d644)
to make the following possible:
timelimit 20000 bin/nmbd -F -S --no-process-group
timelimit 20000 bin/smbd -F -S --no-process-group
this is needed to 'make test' working without losing child processes
metze
(This used to be commit c3a9f30e2a)
lp_load() could not be called multiple times to modify parameter settings based
on reading from multiple configuration settings. Each time, it initialized all
of the settings back to their defaults before reading the specified
configuration file.
This patch adds a parameter to lp_load() specifying whether the settings should
be initialized. It does, however, still force the settings to be initialized
the first time, even if the request was to not initialize them. (Not doing so
could wreak havoc due to uninitialized values.)
(This used to be commit f2a24de769)
use it as though it were an in-memory db and dump out to
a flat file every 2 mins, but that can now change.
Jeremy.
(This used to be commit a342681792)
box with gcc4 and -O6...
Fix a bunch of C99 dereferencing type-punned pointer will break
strict-aliasing rules errors. Also added prs_int32 (not uint32...)
as it's needed in one place. Find places where prs_uint32 was being
used to marshall/unmarshall a time_t (a big no no on 64-bits).
More warning fixes to come.
Thanks to Volker for nudging me to compile like this.
Jeremy.
(This used to be commit c65b752604)
of the Samba4 timezone handling code back into Samba3.
Gets rid of "kludge-gmt" and removes the effectiveness
of the parameter "time offset" (I can add this back
in very easily if needed) - it's no longer being
looked at. I'm hoping this will fix the problems people
have been having with DST transitions. I'll start comprehensive
testing tomorrow, but for now all modifications are done.
Splits time get/set functions into srv_XXX and cli_XXX
as they need to look at different timezone offsets.
Get rid of much of the "efficiency" cruft that was
added to Samba back in the day when the C library
timezone handling functions were slow.
Jeremy.
(This used to be commit 414303bc02)
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
printmig.exe work
* merge the sys_select_signal(char c) change from trunk
in order to keeo the winbind code in sync
(This used to be commit a112c5570a)
use the correct RR type of 0xA instead of reflecting back what
the query RR type was (0x20). See rfc1002 sections 4.2.14 and
4.2.16.
Jeremy.
(This used to be commit ab8c924004)
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
Don't use nstrings to hold workgroup and netbios names. The problem with them is that MB netbios
and workgroup names in unix charset (particularly utf8) may be up to 3x bigger than the name
when represented in dos charset (ie. cp932). So go back to using fstrings for these but
translate into nstrings (ie. 16 byte length values) for transport on the wire.
Jeremy.
(This used to be commit b4ea493599)
location packet from the client is not a DEBUG(1) event anymore...
(Yes, we printed this for each of these UDP packets...)
Andrew Bartlett
(This used to be commit 4ca0ab7506)
Hmmm. This is correct in 2.2. Obviously I did not test my 3.0 checkin at that
time. Now it hit me at a customer's site...
Volker
(This used to be commit a0e741aa68)
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at
all and I really want to discourage that.
Jeremy.
(This used to be commit d7e35dfb92)
to be appended to the netbios name between angle brackets. This interfered
the 'sh -c' used to implement smbrun(). Closes bug #528.
(This used to be commit 92b37b3ef0)
iconv wasn't re-initialised on reading of "charset" parameters. This
caused workgroup name to be set incorrectly if it contained an
extended character.
Jeremy.
(This used to be commit 84ae44678a)
converted to pull/push_ascii. This will not work right at the moment for non
English codepages, but compiles - I will finish the work over the weekend.
Then nmbd should be completely codepage correct.
Jeremy.
(This used to be commit 236d6adadf)
that is now possible to, for example, load a module which contains
an auth method into a binary without the auth/ subsystem built in.
(This used to be commit 74d9ecfe2d)
the other infrastructure with name owners etc in place. If anybody is
really going to tackle winsrepld, it will probably not be hard to put
the additional info back.
Volker
(This used to be commit eb82daa84a)
servers don't answer that name. However we *know* they
have the name workgroup#1b (as we just looked it up).
So do the node status request on this name instead.
Found at LBL labs.
Jeremy.
(This used to be commit 41e3abe8b8)
This uses 'socket address' as the source address for nmbd. This way we
can again synchronize with the DMB if we have 'bind interfaces only'
to a virtual interface.
I'd love to see this in 2.2.9, but that is up to jerry or jra.
Volker
(This used to be commit fe637c690b)
a pstrcpy/fstrcpy or at most a safe_strcpy().
These have the advantage of being compiler-verifiable.
Get these out of the way, along with a rewrite of 'get_short_archi' in the
spoolss client and server. (This pushes around const string pointers, rather
than copied strings).
Andrew Bartlett
(This used to be commit 32fb801ddc)
'set_local_machine_name' so that the client can't change it from under us.
(.NET RC2 and WinXP install calls the machine 'machinename' during NTLMSSP
on the domain join).
Andrew Bartlett
(This used to be commit 4c7163e7c2)
- NTLMSSP over SPENGO (sesssion-setup-and-x) cleanup and code refactor.
- also consequential changes to the NTLMSSP and SPNEGO parsing functions
- and the client code that uses the same functions
- Add ntlm_auth, a NTLMSSP authentication interface for use by applications
like Squid and Apache.
- also consquential changes to use common code for base64 encode/decode.
- Winbind changes to support ntlm_auth (I don't want this program to need
to read smb.conf, instead getting all it's details over the pipe).
- nmbd changes for fstrcat() instead of fstrcpy().
Andrew Bartlett
(This used to be commit fbb46da79c)
*sync up configure.in
*don't build torture tools in make all
*make sure to remove torture tools as part of make clean
(This used to be commit 0fb724b321)
- fstring/pstring mixups
- the detection code that found them (disabled)
- a bit of whitespace
- a static
Andrew Bartlett
(This used to be commit 9b70fa868e)
sharing between machines with rsync.
Finally removed tdb_store_int/tdb_fetch_int.
Now only tdb_store_int32/tdb_fetch_int32 which are endian independent
are allowed.
Jeremy.
(This used to be commit 1c4a00dcc1)
processing work correctly in winbindd. This is a really good patch
that gives full select semantics to the Samba modified select.
Jeremy.
(This used to be commit 3af16ade17)
Changed the way the wins record are handled in memory. Now they are living
much longer with the different states: active, released and tombstone.
Also added a version ID, some wins flags and the wins owner ip address to
the namrec->data struct, and a function to process messages sent by the
wins replication daemon.
the initiate_wins_processing() function is not correct, I'll fix it later.
J.F.
(This used to be commit b902e087d0)
in smbd/process.c where the timezone is reinitialised. Was replaced with
check for a static is_initialised boolean.
(This used to be commit 8fc772c9e5)
replacemnt of stdio that doesn't suffer from the 8-bit filedescriptor
limit that we hit with nasty consequences on some systems
I would eventually prefer us to have a configure test to see if we need
to replace stdio, but for now this code needs to be tested widely so
I'm enabling it by default.
(This used to be commit 1af8bf34f1)
nmbd now calls wins_srv_count(). This returns the number of WINS servers
specified in the 'wins server' parameter. The return value will be zero if
'wins server' is not specified.
Quick change to make room for WINS failover.
(This used to be commit 0777ebc04b)
trees. This change simply brings HEAD and 2.2 in line with one another.
Otherwise the code would be differnt but the meaning would be the same,
which is awkward.
Chris 'fifty-seven commits per line changed' Hertel -)-----
(This used to be commit bbf14e2d4e)
debug block that reports multiple query responses I did not notice that
the local answer_ip variable was only selectively set.
Chris -)-----
(This used to be commit 22ea0770d8)
This commit gets rid of all our old codepage handling and replaces it with
iconv. All internal strings in Samba are now in "unix" charset, which may
be multi-byte. See internals.doc and my posting to samba-technical for
a more complete explanation.
(This used to be commit debb471267)
people are reporting regarding multiple responses to queries on <1D> names.
There should only ever be one LMB but some users are seeing multiple replies
to queries for the LMB name. This is probably due to nodes on the LAN that
have NetBIOS over NetBEUI and/or IPX enabled. Previously, the debug message
did not include the IP address associated with the name. It *did* include
the source address of the packet, but in the examples I've seen all of these
were the same, eg:
[2000/06/22 11:58:25, 0] nmbd/nmbd_namequery.c:query_name_response(93)
query_name_response: Multiple (2) responses received for a query on subnet
129.130.10.136 for name NT.CIS.KSU.EDU<1d>. This response was from IP
129.130.10.24
[2000/06/22 11:58:25, 0] nmbd/nmbd_namequery.c:query_name_response(93)
query_name_response: Multiple (3) responses received for a query on subnet
129.130.10.136 for name NT.CIS.KSU.EDU<1d>. This response was from IP
129.130.10.24
[2000/06/22 11:58:25, 0] nmbd/nmbd_namequery.c:query_name_response(93)
query_name_response: Multiple (4) responses received for a query on subnet
129.130.10.136 for name NT.CIS.KSU.EDU<1d>. This response was from IP
129.130.10.24
[2000/06/22 11:58:25, 0] nmbd/nmbd_namequery.c:query_name_response(93)
query_name_response: Multiple (5) responses received for a query on subnet
129.130.10.136 for name NT.CIS.KSU.EDU<1d>. This response was from IP
129.130.10.24
Note that all of the above are reported as having come from 129.130.10.24.
This should never happen. If 129.130.10.24 is a WINS server it should
send a Negative Name Query Response for a <1D> name query (wierd but true).
So, are all of the above coming from different systems, all of which
think are the LMB? Are they all coming from one system that is, for some
strange reason, replying five times to the same query?
Anyway, I needed more info so I've changed the debug messages.
Chris -)-----
(This used to be commit 8f2f09af0a)
this allows users to disable the cross-subnet browse extensions that I
added to Samba a couple of years ago. This may be useful for getting
rid of empty workgroups.
(This used to be commit 978980050e)
of nmb so we write to same log file that
was originally created as log.nmbd
samba/source/smbd/server.c change remote_machine name to smbd instead
of smb so we write to same log file that
was originally created as log.smbd
samba/source/lib/interface.c allow binding to all interface IP addresses
even if on same subnet. This allows you to
specify which IP's you want in interfaces
line and use bind interfaces only
(This used to be commit 01dfd59712)
source/smbd/server.c
source/nmbd/nmbd.c
- Fixed a very subtle bug with signals. Seems that POSIX requires
that the signal mask be inhereted. So, if you happen to kick off
smbd/nmbd from code that has the mask set on SIGUSR1, you lose
messages.
(This used to be commit b4c98196fc)
the DGRAM_PORT, since we want to actually send those to other ports.
They might be for the client library running on the Samba server!
(This used to be commit 05e2dd5e85)
easier to add new message types to messages.h without breaking old
binaries
- added a MSG_FORCE_ELECTION message to force nmbd to hold an election
(This used to be commit f1c49ca7ce)
The motivation for this system is to replace the UDP message for
oplocks, but this commit only does the "set debug level" message.
(This used to be commit 2a34ee95f3)
string), the wins_srv module now hands back a struct in_addr when it's
called. It caches the IP address once it has been looked up. The IP
is cleared (and must be looked up again) if the 'wins server' parameter
is reread, or if the node is marked 'dead'. A dead node will not be
re-tried for 10 minutes (per a #define in wins_srv.c).
As it was, the code was reading the WINS server name or IP directly from
lp_wins_server. That's okay, except that if the value was expressed as
a name, then a DNS lookup would be done every time the client wanted to
talk to the server.
I still need to work out the implications of failover regarding the
'unicast subnet' list.
Chris -)-----
(This used to be commit 73aa188320)
*Note: failover doesn't actually work yet!* It's just that the code I'm
adding provides all of the pieces necessary.
I do have one big question. Something that I'll have to ask Jeremy, I'm
thinkin'. In nmbd/nmbd_subnetdb.c the IP of the WINS server is used to
set up the Unicast subnet.
...so what happens if the WINS server changes?
My guess is either:
a) nothing.
b) I'd have to change the unicast subnet entry whenever the WINS server
changes.
Urq.
BTW, the lp_wins_server() function no longer returns the WINS server name
or IP. It returns the list of WINS servers entered in smb.conf. To get
the currently 'live' WINS server, use the wins_srv() function.
Fun, eh?
Chris -)-----
(This used to be commit cc08bdc74f)
I had to modify sys_select() to not loop on EINTR. I added a wrapper
called sys_select_intr() which gives the old behaviour.
(This used to be commit b28cc4163b)
new open mechanism Andrew & I discussed.
config.sub:
configure: Included the QNX patch.
include/vfs.h:
smbd/vfs-wrap.c:
smbd/vfs.c: Added ftruncate vfs call (needed).
Note that we will also need locking calls in the vfs (to be added).
lib/util_unistr.c:
nmbd/nmbd_processlogon.c: Fix for NT domain logons causing nmbd to core dump.
Also fix for sidsize DOS bug.
locking/locking.c: Check value of ret before using it for memdup.
printing/printing.c: Convert print_fsp_open to return an allocated fsp.
rpc_server/srv_lsa.c: Fix for NT domain logons.
I have removed all use of lp_share_modes() from the code (although I
left the parameter in the table for backwards compatibility). It no longer makes
sense for this to exist.
smbd/close.c: Removed lp_share_modes().
smbd/fileio.c: Fixed parameters to unlock_share_entry call in panic code.
smbd/files.c: Correctly set the unix_ERR_code to ERRnofids on fsp allocation fail.
smbd/nttrans.c:
smbd/reply.c:
smbd/trans2.c: Changed all occurrences of open_file_shared/open_directory/
open_file_stat to return an fsp from the call.
smbd/open.c: Changed all occurrences of open_file_shared/open_directory/
open_file_stat to return an fsp from the call.
In addition I have fixed a long standing race condition in the deny mode
processing w.r.t. two smbd's creating a file. Andrew, please note that
your original idea of using open with O_EXCL in this case would not work
(I went over the races very carefully) and so we must re-check deny modes
*after* the open() call returns. This is because there is a race between
the open with O_EXCL and the lock of the share mode entry. Imagine the
case where the first smbd does the open with O_EXCL and a deny mode of DENY_ALL,
but is pre-empted before it locks the share modes and creates the deny
mode entry for DENY_ALL. A second smbd could then come in with O_RDONLY
and a deny mode of DENY_NONE and the two opens would be allowed.
The *only* way to fix this race is to lock the share modes after the
open and then do the deny mode checks *after* this lock in the case
where the file did not originally exist.
This code will need extensive testing but seems to initially work.
Jeremy.
(This used to be commit ab0ecc39d6)
advance over it and 4-byte align.
this _used_ to be "regardless of domainsidsize, advance by domainsidsize+3"
which is wrong.
(This used to be commit 5086e6425f)
include/includes.h: Added SMB_BIG_UINT_BITS.
lib/util.c: Removed align2/align4 - use macros.
libsmb/namequery.c: Use ALIGN2.
locking/locking.c: Replace do_lock, do_unlock, args with SMB_BIG_UINT, not SMB_OFF_T.
Needed to move to hiding POSIX locks at a lower layer.
nmbd/nmbd_processlogon.c: Use ALIGN2/ALIGN4 macros.
smbd/blocking.c: Replace do_lock, do_unlock, args with SMB_BIG_UINT, not SMB_OFF_T.
smbd/reply.c: Replace do_lock, do_unlock, args with SMB_BIG_UINT, not SMB_OFF_T.
Jeremy.
(This used to be commit 491eea8a20)
assumption that we have one socket everywhere
while doing so I discovered a few bugs!
1) the clientgen session retarget code if used from smbd or nmbd would
cause a crash as it called close_sockets() which closed our main
socket! fixed by removing close_sockets() completely - it is unnecessary
2) the caching in client_addr() and client_name() was bogus - it could
easily get fooled and give the wrong result. fixed.
3) the retarget could could recurse, allowing an easy denial of
service attack on nmbd. fixed.
(This used to be commit 5937ab14d2)
explicitly adds 127.0.0.1 to the interfaces line for smbd, then nmbd would
start to try and register names on it. This was not good :-(.
Jeremy.
(This used to be commit cc3ad82521)
the previous definition could result is us overflowing a buffer. The
null termination was always added yet the size returned did not
include the null termination.
the new function takes a BOOL null_terminate, and always returns the
total number of bytes consumed by the string.
(This used to be commit 426c904333)
nmbd. It does NOT follow the rule that packets to the wins server have
rec_des set (I know that we have postulated this in the past). Please
don't screw with this unless you do careful testing from WinXX
clients.
Luke and I spent a couple of hours today getting this right (it was
wrong in both TNG and HEAD)
(This used to be commit 9eda2e27b7)
multihomed registration we were sending the packet to the wrong host!
We sent it to the person trying to register rather than to the person
who currently holds the name. That means we were not secure and we
could allow two people to register the same name.
Jeremy, you may wish to merge this change into 2.0.X
(This used to be commit 94ca1d1250)
nmbd/nmbd_processlogon.c: Use "True" and "False" instead of 1 and 0.
Others - preparing for multiple pdu write code.
Jeremy.
(This used to be commit 9f879ec396)
array of pointers. This should cause alignment on a correct boundary..
Spotted by Darren Reed <darrenr@telnetmedia.com>.
Jeremy.
(This used to be commit 91f4d06753)
This fixes our netbios scope handling. We now have a 'netbios scope' option
in smb.conf and the scope option is removed from make_nmb_name()
this was prompted by a bug in our PDC finding code where it didn't append
the scope to the query of the '*' name.
(This used to be commit b563be824b)
lp_string() bug properly.
we still need to add lp_talloc_free() calls in all the main event
loops, I've only put it in smbd and nmbd thus far.
(This used to be commit aa7f815525)
I also fixed up the lookup_pdc_name() code so that it now works, even
with a NT server that insists on replying to udp/138.
The method I used to match packets was to use the mailslot string as a
datagram ID. The true dgm_id doesn't work as NT doesn't set it
correctly. uggh.
PS: Jeremy, I had to change your code quite a bit, are you sure this
worked with a Samba PDC?? The code looked broken, it got the offsets
wrong in the SMB portion of the packet and filled in the IP
incorrectly.
(This used to be commit 32f66f4ea6)
yamd is much better, and doesn't require any source code changes
if you haven't seen yamd then take a look at
http://www3.hmc.edu/~neldredge/yamd/
its excellent!
(This used to be commit 25b13f8b79)
this means "nmblookup -S" now always works, even with broken servers
the database stores all unexpected replies and these can be accessed
by any client.
while doing this I cleaned up a couple of functions, and put in place
a better trn_id generator. in most places the code got quite a bit
simpler due to the addition of simple helper functions.
I haven't yet put the code in to take advantage of this for pdc
replies - that will be next. Jeremys pdc finding code will then work :)
(This used to be commit 280e6359d3)
- added TDB_CLEAR_IF_FIRST flag to clear the database if this is the
first attached process. Useful for non-persistent databases like our
locking area (this will also make upgrades to new database layouts easier)
- use lock_path() in a couple of places
- leave connections database open while smbd running
- cleaned up some tdb code a little, using macros for constants
(This used to be commit 00e9da3ca5)
they should all be replaced with cli_establish_connection().
created cli_use_wait_keyboard() which waits on multiple cli_states
and swallows session keepalives.
(This used to be commit fcc39b3f4f)
desired flag MUST be set in any NBT UDP packets sent to a WINS
server, else they will go to the WINS client side of the NT NetBIOS
kernel instead, and will get trashed.
- added \PIPE\browser server-side code.
(This used to be commit 8e406c1fa2)
request name.
modified createuser rpcclient command to examine name being added. if it
ends in a $, assume that a workstation trust account is being added.
(This used to be commit 4aea261cb0)
reg_io_r_info() working properly. previously they weren't well
understood (well, they were the first of the registry functions i did,
back in december 97, ok??? :-)
set ntversion to 0x1 in SAMQUERY, so that we reply same as NT4 srv.
(This used to be commit 98ddeaf442)
- disabled (AGAIN) the GETDC "if (MAILSLOT\NTLOGON)" code that will get
NT5rc2 to work but WILL break win95 (AGAIN). this needs _not_ to be
re-enabled but to be replaced with a better mechanism.
- added SMBwrite support (note: SMBwriteX already existed) as NT5rc2 is
sending DCE/RPC over SMBwrite not SMBwriteX.
(This used to be commit 25c70e3c98)
password change requests), from Michael Stockman <pgmtekn@algonet.se>.
GETDC on \MAILSLOT\NET\NETLOGON necessarily returns less information
than the NTLOGON version.
(This used to be commit 8a603a8793)
who doesn't know what an LMB or DMB is.
* check_master_browser_exists now performs the check the first time
around, so if there is indeed no master browser then Samba takes up the job
much faster.
* Upped default OS level to 32. There is no reason why some stupid little
Windows box should become LMB instead of a Samba *server*.
* "domain master" now defaults to "auto". Currently this attempts to
become DMB iff Samba is the PDC (ala Windows NT). "preferred master" also
defaults to "auto", which enables preferred master iff Samba is DMB.
* lp_server_role now just returns the predetermined role, rather than
working it out each time, since the server role is becoming very heavily
used (esp for the BDC code).
(This used to be commit 4a23a358b5)
it's wrong. i've seen a packet from nt client on MAILSLOT\NETLOGON
with appended undocumented unicode tacked on the end and the response
contained undocumented unicode tacked on the end.
(This used to be commit 74c7d626cd)
No more ugly static library buffers and all functions take a destination
string length (especially unistrcpy was rather dangerous; we were only
saved by the fact that datagrams are limited in size).
(This used to be commit a1d39af1ce)
This allows the removal of PASSDB_OBJ, RPC_CLIENT_OBJ and
RPC_PARSE_OBJ from nmbd in the head branch.
so nmbd just went on a diet :)
(This used to be commit be697c9ef0)
samr_query_aliasmembers (cool!)
util_pwdb.c sids.c nmbd.c server.c smbpasswd.c swat.c :
pwdb_initialise(BOOL is_server) now creates / reads DOMAIN_NAME.SID
if is_server is True, and does LsaQueryInfoPolicy(levels 3 and 5)
to obtain member and pdc sids.
(This used to be commit 3e1eb4f26b)
- split sam_passwd and smb_passwd into separate higher-order function tables
- renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user"
plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd
password databases to fill in the blank entries that are not obtained
from whatever password database API instance is being used.
NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST
be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c
for the only example outside of the password database APIs i could find.
- added query_useraliases code to rpcclient.
- dealt with some nasty interdependencies involving non-smbd programs
and the password database API. this is still not satisfactorily
resolved completelely, but it's the best i can do for now.
- #ifdef'd out some password database options so that people don't
mistakenly set them unless they recompile to _use_ those options.
lots of debugging done, it's still not finished. the unix/NT uid/gid
and user-rid/group-rid issues are better, but not perfect. the "BUILTIN"
domain is still missing: users cannot be added to "BUILTIN" groups yet,
as we only have an "alias" db API and a "group" db API but not "builtin-alias"
db API...
(This used to be commit 5d5d7e4de7)
Tidied up some of the mess (no other word for it). Still doesn't
compile cleanly. There are calls with incorrect parameters that
don't seem to be doing the right thing.
This code still needs surgery :-(.
Jeremy.
(This used to be commit 18ff93a9ab)
the pre-alpha "domain group" etc parameters have disappeared.
- interactive debug detection
- re-added mem_man (andrew's memory management, detects memory corruption)
- american spellings of "initialise" replaced with english spelling of
"initialise".
- started on "lookup_name()" and "lookup_sid()" functions. proper ones.
- moved lots of functions around. created some modules of commonly used
code. e.g the password file locking code, which is used in groupfile.c
and aliasfile.c and smbpass.c
- moved RID_TYPE_MASK up another bit. this is really unfortunate, but
there is no other "fast" way to identify users from groups from aliases.
i do not believe that this code saves us anything (the multipliers)
and puts us at a disadvantage (reduces the useable rid space).
the designers of NT aren't silly: if they can get away with a user-
interface-speed LsaLookupNames / LsaLookupSids, then so can we. i
spoke with isaac at the cifs conference, the only time for example that
they do a security context check is on file create. certainly not on
individual file reads / writes, which would drastically hit their
performance and ours, too.
- renamed myworkgroup to global_sam_name, amongst other things, when used
in the rpc code. there is also a global_member_name, as we are always
responsible for a SAM database, the scope of which is limited by the role
of the machine (e.g if a member of a workgroup, your SAM is for _local_
logins only, and its name is the name of your server. you even still
have a SID. see LsaQueryInfoPolicy, levels 3 and 5).
- updated functionality of groupname.c to be able to cope with names
like DOMAIN\group and SERVER\alias. used this code to be able to
do aliases as well as groups. this code may actually be better
off being used in username mapping, too.
- created a connect to serverlist function in clientgen.c and used it
in password.c
- initialisation in server.c depends on the role of the server. well,
it does now.
- rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
(This used to be commit 0d21e1e609)
by default.
nmbd*: Changed all calls to namestr() to nmbd_namestr() to fix broken FreeBSD include
file problem...sigh.
Jeremy.
(This used to be commit 9ee8f39aed)
nmbd/nmbd.c: Someone (a "yank" no doubt :-) Changed instances of "initialise" to
"initialize". Someone get that man an *English* dictionary.... :-) :-).
Jeremy.
(This used to be commit 6279be7f96)
(ie. it breaks Sues machine).
Luke, your comment was:
put unicode strings after SAMLOGON query regardless of whether it's
an NT mailslot or a non-NT mailslot, after having observed this behaviour
out of NT machines.
perhaps you could post the relevant tcpdump or netmon capture so we
can see what is going on? I suspect that what you saw isn't exactly
what the win95 boxes are generating. Maybe you saw a GETDCxxx instead
of a GETDC000 ? Maybe we need a switch based on the GETDC request
type?
We won't know unless we see sniffs.
(This used to be commit a2bacc0895)
The debug_browse_data() function does a hex dump of a browser packet. The
last line is often not a full 16 bytes, which would miss-align the hex
output. I've added the padding needed to align the hex output.
Chris -)-----
(This used to be commit 9f9b30abab)
When dumping the wins.dat, this module will also write the database
contents to the log file (don't do this if you have a large wins.dat!).
The output was in a sort of tabular format, except that the asctime()
function was used and it always terminates its output with a newline.
I did a bit of fussing, removed the '\n' character, and did my best to
line up the other columns. If the output format of asctime() is
different on different systems, then the columns won't line up, but
the output will still look better than it did before.
Chris -)-----
(This used to be commit 57295113fe)
break up some very long lines in both the code and the output. The change
is mostly cosmetic, but should improve log file readability.
(This used to be commit fc4e0148eb)
put unicode strings after SAMLOGON query regardless of whether it's
an NT mailslot or a non-NT mailslot, after having observed this behaviour
out of NT machines.
(This used to be commit c101113ec2)
Bug was caused by multiple C statements on a line.
IMHO this is a *BUG* and will be treated as such....
Fixed all such multiple statements in this file.
Jeremy.
(This used to be commit ea3ab46f12)
Changes to get Samba to compile cleanly with the IRIX compiler
with the options : -fullwarn -woff 1209,1174 (the -woff options
are to turn off warnings about unused function parameters and
controlling loop expressions being constants).
Split prototype generation as we hit a limit in IRIX nawk.
Removed "." code in smbd/filename.c (yet again :-).
Jeremy.
(This used to be commit e0567433bd)
dummy.in files are no longer needed, and new directories will be taken
care of automatically, at configure (or config.status --recheck) time
(This used to be commit 237a8e5fe6)
Added $(PROGS) $(SPROGS) as targets for make clean.
acconfig.h: Added HAVE_IRIX_SPECIFIC_CAPABILITIES.
configure.in: Added sys/capability.h header check.
Added function checks for srandom random srand rand.
Added HAVE_IRIX_SPECIFIC_CAPABILITIES test.
includes.h: Added #include <sys/capability.h>.
ntdomain.h: Moved struct acct_info into here from smb.h
smb.h: Added KERNEL_OPLOCK_CAPABILITY define.
Moved enum action_type into rpcclient.h
Moved struct cli_state into client.h
Moved struct nt_client_info, struct tar_client_info, struct client_info
into rpcclient.h
lib/genrand.c: Changed to use sys_random() & friends.
lib/smbrun.c: Lose capabilities after fork.
lib/system.c: Added set_process_capability(), set_inherited_process_capability()
sys_random(), sys_srandom().
lib/util.c: Added Ander's EFBIG lock check to fcntl_lock for 64 bit access to an
32 bit mounted NFS filesystem.
nmbd/nmbd.c: Changed to use sys_random() & friends.
nmbd/nmbd_browsesync.c: Changed to use sys_random() & friends.
passdb/ldap.c: Missed one pdb_encode_acct_ctrl call.
passdb/passdb.c: Changed to Ander's code for ' ' characters.
passdb/smbpass.c: Added Ander's code to reset ACB_PWNOTREQ.
script/mkproto.awk: Added 'long' to prototypes.
smbd/chgpasswd.c: Lose capabilities after fork.
smbd/open.c: Do the mmap *after* the kernel oplock.
smbd/oplock.c: Removed stub code from kernel oplock path.
Added set_process_capability(), set_inherited_process_capability() calls.
smbd/reply.c: Initialize count = 0, offset = 0.
smbd/server.c: Added set_process_capability(), set_inherited_process_capability() calls.
tests/summary.c: Ensure we have RANDOM or RAND.
utils/smbpasswd.c: Added Ander's code to reset ACB_PWNOTREQ.
utils/torture.c: Changed to use sys_random() & friends.
Jeremy.
(This used to be commit e8be306f23)
config.h.in: Added fseek64 and ftell64.
includes.h: Added definition of SMB_BIG_INTEGER.
smb.h: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER.
access.c: Tidyup of dbug statement.
system.c: Added sys_fseek and sys_ftell. Changed mode calls to use mode_t.
asyncdns.c: Tidyup of comment.
loadparm.c: Tidyup of set_default_server_announce_type() function definition.
ldap.c: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER.
nispass.c: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER.
smbpass.c: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER.
smbpassfile.c: Use sys_fseek().
chgpasswd.c: Tidyup of debug statement.
dosmode.c: Changed mode calls to use mode_t.
ipc.c: Removal of dead code.
nttrans.c: Changed mode calls to use mode_t.
open.c: Changed mode calls to use mode_t.
pipes.c: Removal of dead code.
reply.c: Removal of dead code.
trans2.c: Removal of dead code. Changed mode calls to use mode_t.
Jeremy.
(This used to be commit c381d32e3d)
expected. wins_write_database() didn't exit after doing its stuff, so
when it returned you had two copies of nmbd :)
(This used to be commit 5e6488d483)
In sig_term() we were calling wins_write_database(0) which would fork a
child. This child might then get killed by the same process killing
off the parent. That process would then fork another child etc.
The solution is to pass a "background" flag to wins_write_database(0)
and only fork if this is set.
(This used to be commit 1e1a512e3f)
prompted by the interpret_security() dead code that Jean-Francois
pointed out I added a make target "finddead" that finds potentially
dead (ie. unused) code. It spat out 304 function names ...
I went through these are deleted many of them, making others static
(finddead also reports functions that are used only in the local
file).
in doing this I have almost certainly deleted some useful code. I may
have even prevented compilation with some compile options. I
apologise. I decided it was better to get rid of this code now and add
back the one or two functions that are needed than to keep all this
baggage.
So, if I have done a bit too much "destroying" then let me know. Keep
the swearing to a minimum :)
One bit I didn't do is the ubibt code. Chris, can you look at that?
Heaps of unused functions there. Can they be made static?
(This used to be commit 2204475c87)
also doesn't switch to a registration if a refresh fails, instead the
name is removed! This makes it even more imortant that a Samba WINS
server accepts refresh requests as registration requests if the name
is not registered. I've gone ahead and implemented this.
(This used to be commit 07f825fc94)
amount of network traffic grows as the square of the number of
workgroups. It probably wouldn't have caused problems but to be safe I
changed the code to use random() to decrease the probability of a
DMB<->DMB sync in proportion to the number of known workgroups. This
keeps the nice browse connectivity while making the traffic rise only
linearly with the number of workgroups.
(This used to be commit 685f4ef2e1)
The previous code was strictly correct, but not very practical. self
names were only refreshed every 3 days. I hit a situation where the
Samba WINS server was restarted after deleting wins.dat and didn't
notice some remote subnets (also running Samba). I realised that the
complete database wouldn't have been rebuilt for 3 days, which is way
too long. In order to recover from WINS restarts we need a much
shorter maximum refresh time.
(This used to be commit 1d23dd0912)
to work (not a lot of testing yet though).
Now we just need to deal with people worried about having more than
two nmbd processes sometimes. (the async processes are created on
demand for browse sync, so you'll only see more than 2 occasionally)
(This used to be commit a350a54680)
then obtained a node status response we need to remember the server
name of the master browser so that other browse clients asking us for
a workgroup list will get a entry for the master of that workgroup.
(This used to be commit 601f995ffb)
It now has a line like this:
VERSION 1 251152
the first number is a version #define in nmbd_winsserver.c and will be
used if we ever have to change the format again.
The second number is a hash of the current interfaces setting. It is
used to detect the case where nmbd is restarted on a machine after the
IP of the machine has changed (or the interfaces list has changed in
any way). When that happens we need to discard the old wins.dat cache
or you end up with chaos. This has bitten quite a few people, they
find that when they move a machine it continues using the old IP for
some things for the next week until the wins entries time out!
I've checked, and the old nmbd can handle the new format, although it
does spit out a spurious error message about the VERSION line. So
users can safely run 2.0alpha then switch back to 1.9.18 without
problems.
(This used to be commit c4a8cdc60a)
areas of memory before freeing them.
While doing this I also found a couple of real bugs. In two places we
were freeing some memory that came from the stack, which leads to
a certain core dump on many sytems.
(This used to be commit c5e5c25c85)
correctly. Added new parameter "stat cache size" - set to 50 by default.
I now declare the statcache code officially "open" for business :-).
It gets a hit rate of 97% with a NetBench run and seems to make
using a case insensitive run as efficient as a case sensitive run.
Also tidied up our sys_select usage - added a maxfd parameter and
also added an implementation of select in terms of poll(), for systems
where poll() is much faster. This is disabled by default.
Jeremy.
(This used to be commit 779b924ec1)
problem was a buffer overflow in process_node_status_request().
this really points out a general problem is allocating MAX_DGRAM_SIZE
packets on the stack in nmbd. There must be a better way.
(This used to be commit 7db45f169c)
default to overwrite and smbd would default to append. Also, the -a option
(actually a toggle, such that "-a -a" would set the default) was documented
as append mode for nmbd, and *overwrite mode* for smbd.
nmbd now defaults to append mode, to match smbd. The -a option now always
means append, and I've added the -o option to both, meaning overwrite.
Note that the change to nmbd's default behavior may confuse some people.
I've not seen anything about 2.0.0 changes in the WHATSNEW.txt file.
Where would I document a change like this?
Chris -)-----
(This used to be commit b1d374fb14)
Connections[] is now a local array in server.c
I might have broken something with this change. In particular the
oplock code is suspect and some .dll files aren't being oplocked when
I expected them to be. I'll look at it after I've got some sleep.
(This used to be commit c7ee025ead)