From e70c97ef85b309d6e005c07e16a003725d21ffc8 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 26 Dec 2007 17:58:55 +0100 Subject: Remove the sampwent interface (This used to be commit 9e80b969fb40766de2c9b1a05d16bf4d4c6e46f7) --- source3/include/passdb.h | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) (limited to 'source3/include') diff --git a/source3/include/passdb.h b/source3/include/passdb.h index bb8a336b8c..b72ec6b0ba 100644 --- a/source3/include/passdb.h +++ b/source3/include/passdb.h @@ -242,20 +242,15 @@ struct pdb_search { * changed to version 14 to move lookup_rids and lookup_names to return * enum lsa_SidType rather than uint32. * Changed to 16 for access to the trusted domain passwords (obnox). + * Changed to 17, the sampwent interface is gone. */ -#define PASSDB_INTERFACE_VERSION 16 +#define PASSDB_INTERFACE_VERSION 17 struct pdb_methods { const char *name; /* What name got this module */ - NTSTATUS (*setsampwent)(struct pdb_methods *, bool update, uint32 acb_mask); - - void (*endsampwent)(struct pdb_methods *); - - NTSTATUS (*getsampwent)(struct pdb_methods *, struct samu *user); - NTSTATUS (*getsampwnam)(struct pdb_methods *, struct samu *sam_acct, const char *username); NTSTATUS (*getsampwsid)(struct pdb_methods *, struct samu *sam_acct, const DOM_SID *sid); -- cgit From afc93255d183eefb68e45b8ec6275f6a62cf9795 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 26 Dec 2007 17:12:36 -0800 Subject: Add SMB encryption. Still fixing client decrypt but negotiation works. Jeremy. (This used to be commit d78045601af787731f0737b8627450018902b104) --- source3/include/client.h | 26 ++++++++++++++++++++++++++ source3/include/smb.h | 3 ++- source3/include/smb_macros.h | 16 ++++++---------- source3/include/trans2.h | 24 +++++++++++++++++++++++- 4 files changed, 57 insertions(+), 12 deletions(-) (limited to 'source3/include') diff --git a/source3/include/client.h b/source3/include/client.h index 0047b2bf23..f8adf567de 100644 --- a/source3/include/client.h +++ b/source3/include/client.h @@ -27,7 +27,9 @@ will be a multiple of the page size on almost any system */ #define CLI_BUFFER_SIZE (0xFFFF) #define CLI_SAMBA_MAX_LARGE_READX_SIZE (127*1024) /* Works for Samba servers */ +#define CLI_SAMBA_MAX_LARGE_WRITEX_SIZE (127*1024) /* Works for Samba servers */ #define CLI_WINDOWS_MAX_LARGE_READX_SIZE ((64*1024)-2) /* Windows servers are broken.... */ +#define CLI_WINDOWS_MAX_LARGE_WRITEX_SIZE ((64*1024)-2) /* Windows servers are broken.... */ #define CLI_SAMBA_MAX_POSIX_LARGE_READX_SIZE (0xFFFF00) /* 24-bit len. */ #define CLI_SAMBA_MAX_POSIX_LARGE_WRITEX_SIZE (0xFFFF00) /* 24-bit len. */ @@ -79,6 +81,28 @@ struct rpc_pipe_client { struct dcinfo *dc; }; +/* Transport encryption state. */ +enum smb_trans_enc_type { SMB_TRANS_ENC_NTLM, SMB_TRANS_ENC_GSS }; + +#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) +struct smb_tran_enc_state_gss { + gss_ctx_id_t gss_ctx; + gss_cred_id_t creds; +}; +#endif + +struct smb_trans_enc_state { + enum smb_trans_enc_type smb_enc_type; + uint16 enc_ctx_num; + bool enc_on; + union { + NTLMSSP_STATE *ntlmssp_state; +#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) + struct smb_tran_enc_state_gss *gss_state; +#endif + } s; +}; + struct cli_state { int port; int fd; @@ -142,6 +166,8 @@ struct cli_state { smb_sign_info sign_info; + struct smb_trans_enc_state *trans_enc_state; /* Setup if we're encrypting SMB's. */ + /* the session key for this CLI, outside any per-pipe authenticaion */ DATA_BLOB user_session_key; diff --git a/source3/include/smb.h b/source3/include/smb.h index 63ae51ecd4..2ffd530fb0 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -80,7 +80,8 @@ enum smb_read_errors { SMB_WRITE_ERROR, /* This error code can go into the client smb_rw_error. */ SMB_READ_BAD_SIG, SMB_NO_MEMORY, - SMB_DO_NOT_DO_TDIS /* cli_close_connection() check for this when smbfs wants to keep tree connected */ + SMB_DO_NOT_DO_TDIS, /* cli_close_connection() check for this when smbfs wants to keep tree connected */ + SMB_READ_BAD_DECRYPT }; #define DIR_STRUCT_SIZE 43 diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h index 0dfb596994..9bacdce1db 100644 --- a/source3/include/smb_macros.h +++ b/source3/include/smb_macros.h @@ -158,11 +158,10 @@ #define SMB_LARGE_LKLEN_OFFSET_HIGH(indx) (12 + (20 * (indx))) #define SMB_LARGE_LKLEN_OFFSET_LOW(indx) (16 + (20 * (indx))) -#define ERROR_DOS(class,code) error_packet(outbuf,class,code,NT_STATUS_OK,__LINE__,__FILE__) -#define ERROR_NT(status) error_packet(outbuf,0,0,status,__LINE__,__FILE__) -#define ERROR_OPEN(status) error_open(outbuf,status,__LINE__,__FILE__) -#define ERROR_FORCE_NT(status) error_packet(outbuf,-1,-1,status,__LINE__,__FILE__) -#define ERROR_BOTH(status,class,code) error_packet(outbuf,class,code,status,__LINE__,__FILE__) +#define ERROR_DOS(class,code) error_packet(inbuf,outbuf,class,code,NT_STATUS_OK,__LINE__,__FILE__) +#define ERROR_NT(status) error_packet(inbuf,outbuf,0,0,status,__LINE__,__FILE__) +#define ERROR_FORCE_NT(status) error_packet(inbuf,outbuf,-1,-1,status,__LINE__,__FILE__) +#define ERROR_BOTH(status,class,code) error_packet(inbuf,outbuf,class,code,status,__LINE__,__FILE__) #define reply_nterror(req,status) reply_nt_error(req,status,__LINE__,__FILE__) #define reply_force_nterror(req,status) reply_force_nt_error(req,status,__LINE__,__FILE__) @@ -170,9 +169,6 @@ #define reply_botherror(req,status,eclass,ecode) reply_both_error(req,eclass,ecode,status,__LINE__,__FILE__) #define reply_unixerror(req,defclass,deferror) reply_unix_error(req,defclass,deferror,NT_STATUS_OK,__LINE__,__FILE__) -/* this is how errors are generated */ -#define UNIXERROR(defclass,deferror) unix_error_packet(outbuf,defclass,deferror,NT_STATUS_OK,__LINE__,__FILE__) - /* these are the datagram types */ #define DGRAM_DIRECT_UNIQUE 0x10 @@ -189,8 +185,8 @@ #define smb_offset(p,buf) (PTR_DIFF(p,buf+4) + chain_size) #define smb_len(buf) (PVAL(buf,3)|(PVAL(buf,2)<<8)|((PVAL(buf,1)&1)<<16)) -#define _smb_setlen(buf,len) do { buf[0] = 0; buf[1] = (len&0x10000)>>16; \ - buf[2] = (len&0xFF00)>>8; buf[3] = len&0xFF; } while (0) +#define _smb_setlen(buf,len) do { buf[0] = 0; buf[1] = ((len)&0x10000)>>16; \ + buf[2] = ((len)&0xFF00)>>8; buf[3] = (len)&0xFF; } while (0) #define smb_len_large(buf) (PVAL(buf,3)|(PVAL(buf,2)<<8)|(PVAL(buf,1)<<16)) #define _smb_setlen_large(buf,len) do { buf[0] = 0; buf[1] = ((len)&0xFF0000)>>16; \ diff --git a/source3/include/trans2.h b/source3/include/trans2.h index f7f3ef2149..8ed075d418 100644 --- a/source3/include/trans2.h +++ b/source3/include/trans2.h @@ -566,7 +566,6 @@ findfirst/findnext is SMB_FIND_FILE_UNIX_INFO2. __u8 * psid_list may be empty */ - /* ... more as we think of them :-). */ /* SMB POSIX ACL definitions. */ @@ -653,6 +652,29 @@ enum smb_whoami_flags { DOM_SID[] - list of SIDs (may be empty) */ +/* + * The following trans2 is done between client and server + * as a FSINFO call to set up the encryption state for transport + * encryption. + * This is a subcommand of the TRANS2_QFSINFO. + * + * The request looks like : + * + * [data block] -> SPNEGO framed GSSAPI request. + * + * The reply looks like : + * + * [data block] -> SPNEGO framed GSSAPI reply - if error + * is NT_STATUS_OK then we're done, if it's + * NT_STATUS_MORE_PROCESSING_REQUIRED then the + * client needs to keep going. If it's an + * error it can be any NT_STATUS error. + * + */ + +#define SMB_REQUEST_TRANSPORT_ENCRYPTION 0x203 /* QFSINFO */ + + /* The query/set info levels for POSIX ACLs. */ #define SMB_QUERY_POSIX_ACL 0x204 #define SMB_SET_POSIX_ACL 0x204 -- cgit From 5413ad4aca69245c575b621db33b61eae5db4a35 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 27 Dec 2007 10:18:22 -0800 Subject: Add CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP capability to our reported caps. Jeremy. (This used to be commit e86d027823c85173c64e7b85406e98f6f7345b10) --- source3/include/trans2.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/include') diff --git a/source3/include/trans2.h b/source3/include/trans2.h index 8ed075d418..3759d59681 100644 --- a/source3/include/trans2.h +++ b/source3/include/trans2.h @@ -530,7 +530,8 @@ findfirst/findnext is SMB_FIND_FILE_UNIX_INFO2. #define CIFS_UNIX_POSIX_PATH_OPERATIONS_CAP 0x20 /* We can cope with POSIX open/mkdir/unlink etc. */ #define CIFS_UNIX_LARGE_READ_CAP 0x40 /* We can cope with 24 bit reads in readX. */ #define CIFS_UNIX_LARGE_WRITE_CAP 0x80 /* We can cope with 24 bit writes in writeX. */ - +#define CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP 0x100 /* We can do SPNEGO negotiations for encryption. */ +#define CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP 0x200 /* We *must* SPNEGO negotiations for encryption. */ #define SMB_QUERY_POSIX_FS_INFO 0x201 -- cgit From ee8212472d29a5a23011d0331ad693494dcd1034 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 27 Dec 2007 17:41:19 +0100 Subject: Wrap the DEBUG checks in a "unlikely" On my Laptop with some limited netbench runs this gains about 1.5% of performance. When looking at the assembler output I would suspect the biggest gain is by the fact that with this in place the calls to the debug functions is moved to the function end, out of the way of the normal code paths. valgrind tests pending I would suspect this to be much more cache friendly. Comments? Volker (This used to be commit 51448a9dca95de9d35dd8eea68fde2554cb69921) --- source3/include/debug.h | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) (limited to 'source3/include') diff --git a/source3/include/debug.h b/source3/include/debug.h index 46e5620cc7..41d1c82366 100644 --- a/source3/include/debug.h +++ b/source3/include/debug.h @@ -161,9 +161,24 @@ extern bool *DEBUGLEVEL_CLASS_ISSET; * will remove the extra conditional test. */ +/* + * From talloc.c: + */ + +/* these macros gain us a few percent of speed on gcc */ +#if (__GNUC__ >= 3) +/* the strange !! is to ensure that __builtin_expect() takes either 0 or 1 + as its first argument */ +#define likely(x) __builtin_expect(!!(x), 1) +#define unlikely(x) __builtin_expect(!!(x), 0) +#else +#define likely(x) x +#define unlikely(x) x +#endif + #define DEBUGLVL( level ) \ ( ((level) <= MAX_DEBUG_LEVEL) && \ - ((DEBUGLEVEL_CLASS[ DBGC_CLASS ] >= (level))|| \ + unlikely((DEBUGLEVEL_CLASS[ DBGC_CLASS ] >= (level))|| \ (!DEBUGLEVEL_CLASS_ISSET[ DBGC_CLASS ] && \ DEBUGLEVEL_CLASS[ DBGC_ALL ] >= (level)) ) \ && dbghdr( level, DBGC_CLASS, __FILE__, FUNCTION_MACRO, (__LINE__) ) ) @@ -171,7 +186,7 @@ extern bool *DEBUGLEVEL_CLASS_ISSET; #define DEBUGLVLC( dbgc_class, level ) \ ( ((level) <= MAX_DEBUG_LEVEL) && \ - ((DEBUGLEVEL_CLASS[ dbgc_class ] >= (level))|| \ + unlikely((DEBUGLEVEL_CLASS[ dbgc_class ] >= (level))|| \ (!DEBUGLEVEL_CLASS_ISSET[ dbgc_class ] && \ DEBUGLEVEL_CLASS[ DBGC_ALL ] >= (level)) ) \ && dbghdr( level, DBGC_CLASS, __FILE__, FUNCTION_MACRO, (__LINE__) ) ) @@ -179,7 +194,7 @@ extern bool *DEBUGLEVEL_CLASS_ISSET; #define DEBUG( level, body ) \ (void)( ((level) <= MAX_DEBUG_LEVEL) && \ - ((DEBUGLEVEL_CLASS[ DBGC_CLASS ] >= (level))|| \ + unlikely((DEBUGLEVEL_CLASS[ DBGC_CLASS ] >= (level))|| \ (!DEBUGLEVEL_CLASS_ISSET[ DBGC_CLASS ] && \ DEBUGLEVEL_CLASS[ DBGC_ALL ] >= (level)) ) \ && (dbghdr( level, DBGC_CLASS, __FILE__, FUNCTION_MACRO, (__LINE__) )) \ @@ -187,7 +202,7 @@ extern bool *DEBUGLEVEL_CLASS_ISSET; #define DEBUGC( dbgc_class, level, body ) \ (void)( ((level) <= MAX_DEBUG_LEVEL) && \ - ((DEBUGLEVEL_CLASS[ dbgc_class ] >= (level))|| \ + unlikely((DEBUGLEVEL_CLASS[ dbgc_class ] >= (level))|| \ (!DEBUGLEVEL_CLASS_ISSET[ dbgc_class ] && \ DEBUGLEVEL_CLASS[ DBGC_ALL ] >= (level)) ) \ && (dbghdr( level, DBGC_CLASS, __FILE__, FUNCTION_MACRO, (__LINE__) )) \ @@ -195,14 +210,14 @@ extern bool *DEBUGLEVEL_CLASS_ISSET; #define DEBUGADD( level, body ) \ (void)( ((level) <= MAX_DEBUG_LEVEL) && \ - ((DEBUGLEVEL_CLASS[ DBGC_CLASS ] >= (level))|| \ + unlikely((DEBUGLEVEL_CLASS[ DBGC_CLASS ] >= (level))|| \ (!DEBUGLEVEL_CLASS_ISSET[ DBGC_CLASS ] && \ DEBUGLEVEL_CLASS[ DBGC_ALL ] >= (level)) ) \ && (dbgtext body) ) #define DEBUGADDC( dbgc_class, level, body ) \ (void)( ((level) <= MAX_DEBUG_LEVEL) && \ - ((DEBUGLEVEL_CLASS[ dbgc_class ] >= (level))|| \ + unlikely((DEBUGLEVEL_CLASS[ dbgc_class ] >= (level))|| \ (!DEBUGLEVEL_CLASS_ISSET[ dbgc_class ] && \ DEBUGLEVEL_CLASS[ DBGC_ALL ] >= (level)) ) \ && (dbgtext body) ) -- cgit From 94ee39c23f6e4a8c31701240795c288299d6bb08 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 28 Dec 2007 00:12:14 +0100 Subject: Fix the non-gcc branch of "likely" (This used to be commit 1e07368b5f96e4ada622682e38d260eb0c6185f2) --- source3/include/debug.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/include') diff --git a/source3/include/debug.h b/source3/include/debug.h index 41d1c82366..284671c730 100644 --- a/source3/include/debug.h +++ b/source3/include/debug.h @@ -172,8 +172,8 @@ extern bool *DEBUGLEVEL_CLASS_ISSET; #define likely(x) __builtin_expect(!!(x), 1) #define unlikely(x) __builtin_expect(!!(x), 0) #else -#define likely(x) x -#define unlikely(x) x +#define likely(x) (x) +#define unlikely(x) (x) #endif #define DEBUGLVL( level ) \ -- cgit From afce2b245a8ff137a4ecea547c3cfb65ab58dc15 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 27 Dec 2007 23:51:03 -0800 Subject: Add the capability to set "smb encrypt = required" on a share (or global) and have the server reply with ACCESS_DENIED for all non-encrypted traffic (except that used to query encryption requirements and set encryption state). Jeremy. (This used to be commit d241bfa57729bb934ada6beabf842a2ca7b4f8a2) --- source3/include/smb.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/include') diff --git a/source3/include/smb.h b/source3/include/smb.h index 2ffd530fb0..aca0009688 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -658,6 +658,7 @@ typedef struct connection_struct { bool used; int num_files_open; unsigned int num_smb_operations; /* Count of smb operations on this tree. */ + int encrypt_level; /* Semantics requested by the client or forced by the server config. */ bool case_sensitive; -- cgit From 3c99b7773ef62d13a7e3611be0603a5807315d9d Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 28 Dec 2007 13:13:29 +0100 Subject: Convert csamuser to memcache (This used to be commit 476d3abf9c6142d99822212141fc3d843aca4798) --- source3/include/memcache.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/include') diff --git a/source3/include/memcache.h b/source3/include/memcache.h index c4a2974b62..c615efa695 100644 --- a/source3/include/memcache.h +++ b/source3/include/memcache.h @@ -33,6 +33,7 @@ enum memcache_number { GETWD_CACHE, GETPWNAM_CACHE, /* talloc */ MANGLE_HASH2_CACHE, + PDB_GETPWSID_CACHE, /* talloc */ SINGLETON_CACHE }; -- cgit From 245537f9bd1bddc496da0155012c34a2c7a18668 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 28 Dec 2007 17:24:39 +0100 Subject: Convert get_root_nt_token to memcache (This used to be commit fada689893314bed2fc78588b3fd9b144f4c808a) --- source3/include/memcache.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/include') diff --git a/source3/include/memcache.h b/source3/include/memcache.h index c615efa695..5a0ce63cb7 100644 --- a/source3/include/memcache.h +++ b/source3/include/memcache.h @@ -34,6 +34,7 @@ enum memcache_number { GETPWNAM_CACHE, /* talloc */ MANGLE_HASH2_CACHE, PDB_GETPWSID_CACHE, /* talloc */ + SINGLETON_CACHE_TALLOC, /* talloc */ SINGLETON_CACHE }; -- cgit From 9b5ec6ba03963776486bc6259dcb2d00c2fbdaa5 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 2 Jan 2008 12:55:53 +0100 Subject: Happy new year ! Guenther (This used to be commit 9a58cd57953d6aead14789daa47a3badef19496d) --- source3/include/smb.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/include') diff --git a/source3/include/smb.h b/source3/include/smb.h index aca0009688..75fe31e041 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -27,7 +27,7 @@ #define _SMB_H /* logged when starting the various Samba daemons */ -#define COPYRIGHT_STARTUP_MESSAGE "Copyright Andrew Tridgell and the Samba Team 1992-2007" +#define COPYRIGHT_STARTUP_MESSAGE "Copyright Andrew Tridgell and the Samba Team 1992-2008" #if defined(LARGE_SMB_OFF_T) -- cgit From 2242f2673c66bcce530e5134920ed041e6b31af7 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 3 Jan 2008 10:24:11 +0100 Subject: Add comments Jeremy was able to use this correctly without comments, so the code can't be *that* bad :-) (This used to be commit 6f22f7c13fd08ee772ac3aa593d2f4b37eb2cbee) --- source3/include/memcache.h | 55 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 54 insertions(+), 1 deletion(-) (limited to 'source3/include') diff --git a/source3/include/memcache.h b/source3/include/memcache.h index 5a0ce63cb7..0a596b91a5 100644 --- a/source3/include/memcache.h +++ b/source3/include/memcache.h @@ -1,7 +1,7 @@ /* Unix SMB/CIFS implementation. In-memory cache - Copyright (C) Volker Lendecke 2005-2007 + Copyright (C) Volker Lendecke 2007-2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -24,6 +24,15 @@ struct memcache; +/* + * A memcache can store different subkeys with overlapping keys, the + * memcache_number becomes part of the key. Feel free to add caches of your + * own here. + * + * If you add talloc type caches, also note this in the switch statement in + * memcache_is_talloc(). + */ + enum memcache_number { STAT_CACHE, UID_SID_CACHE, @@ -38,25 +47,69 @@ enum memcache_number { SINGLETON_CACHE }; +/* + * Create a memcache structure. max_size is in bytes, if you set it 0 it will + * not forget anything. + */ + struct memcache *memcache_init(TALLOC_CTX *mem_ctx, size_t max_size); +/* + * If you set this global memcache, use it as the default cache when NULL is + * passed to the memcache functions below. This is a workaround for many + * situations where passing the cache everywhere would be a big hassle. + */ + void memcache_set_global(struct memcache *cache); +/* + * Add a data blob to the cache + */ + void memcache_add(struct memcache *cache, enum memcache_number n, DATA_BLOB key, DATA_BLOB value); +/* + * Add a talloc object to the cache. The difference to memcache_add() is that + * when the objects is to be discared, talloc_free is called for it. Also + * talloc_move() ownership of the object to the cache. + * + * Please note that the current implementation has a fixed relationship + * between what cache subtypes store talloc objects and which ones store plain + * blobs. We can fix this, but for now we don't have a mixed use of blobs vs + * talloc objects in the cache types. + */ + void memcache_add_talloc(struct memcache *cache, enum memcache_number n, DATA_BLOB key, void *ptr); +/* + * Delete an object from the cache + */ + void memcache_delete(struct memcache *cache, enum memcache_number n, DATA_BLOB key); +/* + * Look up an object from the cache. Memory still belongs to the cache, so + * make a copy of it if needed. + */ + bool memcache_lookup(struct memcache *cache, enum memcache_number n, DATA_BLOB key, DATA_BLOB *value); +/* + * Look up an object from the cache. Memory still belongs to the cache, so + * make a copy of it if needed. + */ + void *memcache_lookup_talloc(struct memcache *cache, enum memcache_number n, DATA_BLOB key); +/* + * Flush a complete cache subset. + */ + void memcache_flush(struct memcache *cache, enum memcache_number n); #endif -- cgit From f8dacb9860dfcf1b19191ebeb4a1c0279955464f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 3 Jan 2008 16:40:04 +0100 Subject: Add some more join related werror codes. Guenther (This used to be commit 62e7d467ab1b2f98327960eec3a3a925b2f04bda) --- source3/include/doserr.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/include') diff --git a/source3/include/doserr.h b/source3/include/doserr.h index 079a5664dd..08f5b3e39d 100644 --- a/source3/include/doserr.h +++ b/source3/include/doserr.h @@ -216,12 +216,14 @@ #define WERR_BUF_TOO_SMALL W_ERROR(2123) #define WERR_JOB_NOT_FOUND W_ERROR(2151) #define WERR_DEST_NOT_FOUND W_ERROR(2152) +#define WERR_USER_EXISTS W_ERROR(2224) #define WERR_NOT_LOCAL_DOMAIN W_ERROR(2320) #define WERR_DOMAIN_CONTROLLER_NOT_FOUND W_ERROR(2453) #define WERR_SETUP_ALREADY_JOINED W_ERROR(2691) #define WERR_SETUP_NOT_JOINED W_ERROR(2692) #define WERR_SETUP_DOMAIN_CONTROLLER W_ERROR(2693) +#define WERR_DEFAULT_JOIN_REQUIRED W_ERROR(2694) #define WERR_DEVICE_NOT_AVAILABLE W_ERROR(4319) #define WERR_STATUS_MORE_ENTRIES W_ERROR(0x0105) -- cgit From b076a7e802a89bdc5b369e98c7d69d8f970d8265 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 3 Jan 2008 17:28:09 +0100 Subject: Add ads_get_joinable_ous(). Guenther (This used to be commit 5bbceac88159ef6ff83d9cc62c77c7af2116967d) --- source3/include/ads_protos.h | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/include') diff --git a/source3/include/ads_protos.h b/source3/include/ads_protos.h index 0292d91f4f..738df3ed40 100644 --- a/source3/include/ads_protos.h +++ b/source3/include/ads_protos.h @@ -114,3 +114,7 @@ ADS_STATUS ads_get_tokensids(ADS_STRUCT *ads, DOM_SID *primary_group_sid, DOM_SID **sids, size_t *num_sids); +ADS_STATUS ads_get_joinable_ous(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + char ***ous, + size_t *num_ous); -- cgit From 9254bb4ef1c3c3a52ea8e935edb0e7a86ec3ea7a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 4 Jan 2008 12:56:23 -0800 Subject: Refactor the crypto code after a very helpful conversation with Volker. Mostly making sure we have data on the incoming packet type, not stored in the smb header. Jeremy. (This used to be commit c4e5a505043965eec77b5bb9bc60957e8f3b97c8) --- source3/include/smb.h | 4 ++++ source3/include/smb_macros.h | 11 +++++++---- 2 files changed, 11 insertions(+), 4 deletions(-) (limited to 'source3/include') diff --git a/source3/include/smb.h b/source3/include/smb.h index 75fe31e041..49245eaa83 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -659,6 +659,7 @@ typedef struct connection_struct { int num_files_open; unsigned int num_smb_operations; /* Count of smb operations on this tree. */ int encrypt_level; + bool encrypted_tid; /* Semantics requested by the client or forced by the server config. */ bool case_sensitive; @@ -694,6 +695,8 @@ struct smb_request { const uint8 *inbuf; uint8 *outbuf; size_t unread_bytes; + bool encrypted; + connection_struct *conn; }; /* Defines for the sent_oplock_break field above. */ @@ -757,6 +760,7 @@ struct pending_message_list { struct pending_message_list *next, *prev; struct timeval request_time; /* When was this first issued? */ struct timeval end_time; /* When does this time out? */ + bool encrypted; DATA_BLOB buf; DATA_BLOB private_data; }; diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h index 9bacdce1db..3324f3fc02 100644 --- a/source3/include/smb_macros.h +++ b/source3/include/smb_macros.h @@ -158,10 +158,10 @@ #define SMB_LARGE_LKLEN_OFFSET_HIGH(indx) (12 + (20 * (indx))) #define SMB_LARGE_LKLEN_OFFSET_LOW(indx) (16 + (20 * (indx))) -#define ERROR_DOS(class,code) error_packet(inbuf,outbuf,class,code,NT_STATUS_OK,__LINE__,__FILE__) -#define ERROR_NT(status) error_packet(inbuf,outbuf,0,0,status,__LINE__,__FILE__) -#define ERROR_FORCE_NT(status) error_packet(inbuf,outbuf,-1,-1,status,__LINE__,__FILE__) -#define ERROR_BOTH(status,class,code) error_packet(inbuf,outbuf,class,code,status,__LINE__,__FILE__) +#define ERROR_DOS(class,code) error_packet(outbuf,class,code,NT_STATUS_OK,__LINE__,__FILE__) +#define ERROR_NT(status) error_packet(outbuf,0,0,status,__LINE__,__FILE__) +#define ERROR_FORCE_NT(status) error_packet(outbuf,-1,-1,status,__LINE__,__FILE__) +#define ERROR_BOTH(status,class,code) error_packet(outbuf,class,code,status,__LINE__,__FILE__) #define reply_nterror(req,status) reply_nt_error(req,status,__LINE__,__FILE__) #define reply_force_nterror(req,status) reply_force_nt_error(req,status,__LINE__,__FILE__) @@ -192,6 +192,9 @@ #define _smb_setlen_large(buf,len) do { buf[0] = 0; buf[1] = ((len)&0xFF0000)>>16; \ buf[2] = ((len)&0xFF00)>>8; buf[3] = (len)&0xFF; } while (0) +#define ENCRYPTION_REQUIRED(conn) ((conn) ? ((conn)->encrypt_level == Required) : false) +#define IS_CONN_ENCRYPTED(conn) ((conn) ? (conn)->encrypted_tid : false) + /******************************************************************* find the difference in milliseconds between two struct timeval values -- cgit From 9baa97a46ebb92a5968ceba0fb5c2de51e6fa8f0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 5 Jan 2008 00:23:35 -0800 Subject: Add general '-e' option to enable smb encryption on tools. Jeremy. (This used to be commit 757653966fc1384159bd2d57c5670cd8af0cae96) --- source3/include/popt_common.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/include') diff --git a/source3/include/popt_common.h b/source3/include/popt_common.h index 1d3cc57acd..9e5503f270 100644 --- a/source3/include/popt_common.h +++ b/source3/include/popt_common.h @@ -49,6 +49,7 @@ struct user_auth_info { bool got_pass; bool use_kerberos; int signing_state; + bool smb_encrypt; }; #endif /* _POPT_COMMON_H */ -- cgit From 1be3fcbf2f897b559bf72b72d54aa40805abd819 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 5 Jan 2008 00:51:18 -0800 Subject: Add the options smb_encrypt_level to set the requested encrypt level and smb_encrypt_on to query it. Jeremy. (This used to be commit 07d47996f9535731ccdc1792c405c8bee1a082ae) --- source3/include/libsmb_internal.h | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source3/include') diff --git a/source3/include/libsmb_internal.h b/source3/include/libsmb_internal.h index 19a3edc9bf..dbc115429b 100644 --- a/source3/include/libsmb_internal.h +++ b/source3/include/libsmb_internal.h @@ -106,6 +106,13 @@ struct smbc_internal_data { * and retrieved with smbc_option_set() and smbc_option_get(). */ void * _user_data; + + /* + * Should we attempt UNIX smb encryption ? + * Set to 0 if we should never attempt, set to 1 if + * encryption requested, set to 2 if encryption required. + */ + int _smb_encryption_level; }; -- cgit