| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
samr_query_aliasmembers (cool!)
util_pwdb.c sids.c nmbd.c server.c smbpasswd.c swat.c :
pwdb_initialise(BOOL is_server) now creates / reads DOMAIN_NAME.SID
if is_server is True, and does LsaQueryInfoPolicy(levels 3 and 5)
to obtain member and pdc sids.
|
| |
|
|
|
| |
modified map_nt_and_unix_names() to never refuse a mapping (returns void
now not BOOL).
|
| |
|
|
|
|
| |
restriction and "domain user map" seems to work.
amazing.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
i may simply go for a response in the NetSamLogon returning the
unix username, forcing the NT user to appear to be a unix user,
however even that is fraught with implications.
might just have to go the whole hog and do this tuple thing,
"unix_name + nt_name" always associated together...
issue with api_net_sam_logon, getsam21pwent() being called twice,
the second time overwriting static buffer data (argh) so had to
make a copy.
noticed a nested "become_root()"/"unbecome_root()" which will have
to be tracked down...
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- lib/sids.c:
generate_sam_sid() modified to take a domain name: it now
generates "DOMAIN_NAME.SID". reasons:
1) if you run multiple samba servers on the same machine
under different netbios names as members of a domain,
they won't all use the same SID, which is a _big_ mistake
but it would happen _by default_.
2) we have (had) a problem with sid_to_string() and string_to_sid()
which cause SIDs to be incorrectly read. one of the major
reasons for *NOT* making this change was so as not to disrupt
existing users. but as they will be anyway by this bug,
we might as well go ahead.
- passdb/smbpass.c:
wanted to change the meaning of the name in the smbpasswd
file to an "nt" name not a "unix" name. this is probably
not a good idea: reverted this.
- output formatting / bug-fixing in rpcclient query_useraliases code.
|
| |
|
|
| |
added their replacements, added sam password database API modules
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- split sam_passwd and smb_passwd into separate higher-order function tables
- renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user"
plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd
password databases to fill in the blank entries that are not obtained
from whatever password database API instance is being used.
NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST
be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c
for the only example outside of the password database APIs i could find.
- added query_useraliases code to rpcclient.
- dealt with some nasty interdependencies involving non-smbd programs
and the password database API. this is still not satisfactorily
resolved completelely, but it's the best i can do for now.
- #ifdef'd out some password database options so that people don't
mistakenly set them unless they recompile to _use_ those options.
lots of debugging done, it's still not finished. the unix/NT uid/gid
and user-rid/group-rid issues are better, but not perfect. the "BUILTIN"
domain is still missing: users cannot be added to "BUILTIN" groups yet,
as we only have an "alias" db API and a "group" db API but not "builtin-alias"
db API...
|
| |
|
|
| |
processing.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
aclocal.m4: Added AC_LIBTESTFUNC.
configure.in: Fixed -lsecurity -lsec problems.
client.c: dos_ fixes.
groupdb/aliasunix.c: Dead code removal.
include/includes.h: Added default PRINTCAP_NAME.
lib/genrand.c: dos_ fixes.
lib/replace.c: Added strtoul.
lib/system.c: dos_ fixes.
lib/util.c: dos_ fixes.
lib/util_sid.c: Signed/unsigned fixes.
lib/util_str.c: removed bad const.
locking/locking_slow.c: dos_ fixes.
printing/printing.c: dos_ fixes.
rpc_server/srv_samr.c: Dead code removal.
rpc_server/srv_sid.c: global_myworkgroup defined with wrong size AGAIN !
smbd/dir.c: dos_ fixes.
smbd/open.c: dos_ fixes.
smbd/oplock.c: dos_ fixes.
smbd/reply.c smbd/server.c smbd/service.c smbd/uid.c: dos_ fixes.
Jeremy.
|
| | |
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| | |
|
| | |
|
| |
|
|
| |
use all_string_sub() if you don't want this.
|
| |
|
|
| |
session_request fails.
|
| | |
|
| |
|
|
|
| |
web/swat.c: Changed '?' to help.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
| |
Added HPUX autoconf changes.
Added "gross hack" printer code.
Jeremy.
|
| |
|
|
|
| |
(which is not the case with open directories).
Jeremy.
|
| |
|
|
|
|
|
| |
If a client does a modify timestamp on an open file (which will
do no good at all on UNIX :-) then keep the modify request pending
in the files_struct and apply it at close instead.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
| |
Tidied up some of the mess (no other word for it). Still doesn't
compile cleanly. There are calls with incorrect parameters that
don't seem to be doing the right thing.
This code still needs surgery :-(.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the pre-alpha "domain group" etc parameters have disappeared.
- interactive debug detection
- re-added mem_man (andrew's memory management, detects memory corruption)
- american spellings of "initialise" replaced with english spelling of
"initialise".
- started on "lookup_name()" and "lookup_sid()" functions. proper ones.
- moved lots of functions around. created some modules of commonly used
code. e.g the password file locking code, which is used in groupfile.c
and aliasfile.c and smbpass.c
- moved RID_TYPE_MASK up another bit. this is really unfortunate, but
there is no other "fast" way to identify users from groups from aliases.
i do not believe that this code saves us anything (the multipliers)
and puts us at a disadvantage (reduces the useable rid space).
the designers of NT aren't silly: if they can get away with a user-
interface-speed LsaLookupNames / LsaLookupSids, then so can we. i
spoke with isaac at the cifs conference, the only time for example that
they do a security context check is on file create. certainly not on
individual file reads / writes, which would drastically hit their
performance and ours, too.
- renamed myworkgroup to global_sam_name, amongst other things, when used
in the rpc code. there is also a global_member_name, as we are always
responsible for a SAM database, the scope of which is limited by the role
of the machine (e.g if a member of a workgroup, your SAM is for _local_
logins only, and its name is the name of your server. you even still
have a SID. see LsaQueryInfoPolicy, levels 3 and 5).
- updated functionality of groupname.c to be able to cope with names
like DOMAIN\group and SERVER\alias. used this code to be able to
do aliases as well as groups. this code may actually be better
off being used in username mapping, too.
- created a connect to serverlist function in clientgen.c and used it
in password.c
- initialisation in server.c depends on the role of the server. well,
it does now.
- rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
|
| |
|
|
|
|
| |
script/installman.sh: Make installman ignore ROFF argument if it is "".
smbd/oplock.c: Move location of oplock test file to lockdir.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
UNIXWARE.
groupdb/aliasdb.c groupdb/aliasfile.c groupdb/groupfile.c: Don't use snprinf, use slprintf.
include/includes.h: Fix YP problem.
include/smb.h: Fix ZERO_STRUCTP.
lib/util_sock.c: Added strerror() in debugs.
passdb/ldap.c: Don't use snprinf, use slprintf.
rpc_client/cli_lsarpc.c rpc_client/cli_pipe.c rpc_parse/parse_sec.c rpc_server/srv_pipe.c: Don't use snprinf, use slprintf.
script/installman.sh: DGUX changes.
smbd/open.c smbd/oplock.c: Fixed gcc warnings.
web/swat.c: Changes USER to SWAT_USER.
|
| |
|
|
|
|
|
| |
lib/util_sock.c: Added strerror() calls to getpeername failures (which seem to be giving IRIX trouble at the moment).
rpc_parse/parse_sec.c: Changed use of ZERO_STRUCTPN to ZERO_STRUCTP which again does zero pointer protection.
smbd/quotas.c: Fixed typo.
Jeremy.
|
| |
|
|
| |
instead of opening pipes and other horrible stuff.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
include/smb.h:
param/loadparm.c: Made GUEST_SESSSETUP run time selectable. Horror of horrors :-).
printing/printing.c: Added J.F.'s latest fix.
rpc_parse/parse_misc.c:
parse_reg.c:
rpcclient/cmd_reg.c:
rpcclient/display.c: SGI compiler signed/unsigned issues.
smbd/reply.c: Made GUEST_SESSSETUP run time selectable. Horror of horrors :-).
utils/testparm.c: Added extra test.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
client/client.c:
client/clitar.c:
include/client.h:
smbwrapper/smbw_dir.c:
smbwrapper/smbw_stat.c:
smbwrapper/smbw.c:
lib/util.c: Converted all use of 'mode' to uint16.
smbd/quotas.c: Fixed stupid comment bug I put in there :-(.
printing/printing.c: Fix from J.F. to new code.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I did this when I saw yet another bug report complaining about
smbclient intermittently missing files. Rather than applying more
patches to smbclient it was better to move to the more robust
clientgen.c code.
The conversion wasn't perfect, I probably lost some features of
smbclient while doing it, but at least smbclient should be consistent
now. It if fails it should _always_ fail rather than giving people the
false impression of a reliable utility.
the tar stuff seems to work, but hasn't had much testing as I never
use it myself. I'm sure someone will find bugs in my conversion of
smbtar.c. It was quite tricky as it did a lot of its own SMB calls. It
now uses clientgen.c exclusively.
smbclient is still quite messy, but at least it doesn't build its own
SMB packets.
I haven't touched smbmount as I never use it. Mike, do you want to
convert smbmount to use clientgen.c?
|
| |
|
|
|
|
|
|
|
| |
param/loadparm.c: Removed "networkstation user login", "domain controller", and "domain sid" parameters.
passdb/passdb.c: Removed "networkstation user login" code and changed bug test code
to only check once for a bad password server. This will stop the
complaints of many "bad login" audit records in NT PDC logs.
utils/smbpasswd.c: Removed check for "domain controller".
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
| |
libsmb/namequery.c: Fix to remove 2 second wait is we are doing a unicast
and got a reply.
smbd/dfree.c:
smbd/noquotas.c:
smbd/quotas.c: Fixes from Dejan Ilic <svedja@lysator.liu.se> for the quota
code.
utils/smbpasswd.c: Fixes to allow smbpasswd to be called from swat.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
smbd/quotas.c:
Added quotas patch for autoconf from Dejan Ilic <svedja@lysator.liu.se>.
printing/printing.c: Filenames with spaces patch from Allan Bjorklund <allan@umich.edu>
utils/nmblookup.c: Fix usage() function.
smbd/reply.c: Split out the security=server and security=domain checks into
check_server_security() and check_domain_security() to aid the
writing of the 'hack' appliance mode invented by John Schimmel.
Jeremy.
|
| | |
|
| |
|
|
|
|
|
|
| |
that caused NetBench to fail as the wrong error code was being
returned from a getatr call. Change was not to set the
unix_ERR_class global when you are not returning an error. This
is a big of Samba internal folklore that is *important*.
Jeremy.
|
| |
|
|
|
|
| |
Chris - feel free to fix these things differently if these fixes don't
work for you.
Jeremy.
|
| |
|
|
|
| |
fix username overwriting problem in security=share.
Jeremy.
|
| | |
|
| |
|
|
|
|
| |
Ensured offset was being reported correctly for 64 bit file access,
ensured delete on close bit was being reported correctly.
Jeremy.
|
| |
|
|
|
|
| |
changes uses the unique index number from a SMB_QUERY_FILE_ALL_INFO to
try to provide inode numbers. If it is 0 then use the hash of the
filename as before.
|
| |
|
|
|
|
| |
don't have the ALLOW_DELETE_ON_CLOSE share flag enabled. Told you
this was fiddly code :-).
Jeremy.
|
| |
|
|
|
| |
with a call to nt_lm_owf_gen. if this still doesn't get the NT hash
generated correctly then there may instead be a bug in mod_smbpwd_entry().
|
| |
|
|
|
|
| |
open_file_shared().
Jeremy.
|
