| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
| |
from Max Khon <max@iclub.nsu.ru>.
chgpasswd.c: Allow old RAP change password to work with encrypted
passwords. Samba can now allow Windows 95/NT clients to securely
change the Lanman password ! (But not the NT hash - that gets lost).
ipc.c:
smbdes.c:
smbpass.c: Support for the above.
server.c: #ifdef'ed out fix for NT redirector bug.
util.c: Fix NIS bug with server name.
Jeremy.
|
| |
|
|
|
|
|
| |
server.c: Test fix for NT worstation SMBmv oplock bug.
smbdes.c: Addition of 'forward' parameter in preparation of allowing
password change.
Jeremy.
|
| |
|
|
|
|
| |
server.c: Fixed security=share problem where the vuid was still being
looked at.
Jeremy.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
PAM silent about it's actions. This reduced error logging for EVERY password
validation request. Refer to password.c PAM section for further info.
Fiels Affected: password.c
|
| |
|
|
|
| |
when NT sends up a mdrcnt of zero.
Jeremy.
|
| |
|
|
|
|
|
|
| |
2551c2551
< #endif /NO_FORK_DEBUG */
---
> #endif /* NO_FORK_DEBUG */
Chris -)-----
|
| |
|
|
|
| |
field is invalid.
Jeremy.
|
| | |
|
| |
|
|
| |
changes to ipc.c to use new printers.def file
|
| |
|
|
|
|
| |
Sending nmbd/smbd a SIGUSR1 will raise the debug level by one (capped at 10)
sending a SIGUSR2 will lower it (lower limit at zero).
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
with smb_mode (smb_vwv[3]) of 0x20 == DENY_WRITE + read-only-open.
and smb_ofun (smb_vwv[8]) of 0x11 == Create if not exist plus append
on a read-only share.
This was mapped into the strange unix flags of (O_RDONLY|O_CREAT)
- essentially O_CREAT as O_RDONLY == 0.
We were checking the unix flags directly against O_RDONLY instead
of masking off the open mode flag bits before doing the comparison,
so this open was being refused even though it was valid on a
read-only share.
Also ensured that the O_CREAT bit was masked out of the flags
bit if the open was done on a read-only share (as doing a unix
open( filename, O_RDONLY|O_CREAT, xxx) will create a zero length
file if the user had permission to write into the directory - which
should be denied on a read-only share.
Thanks to Mark Peek @ Whistle for giving me this test case.
Jeremy.
|
| |
|
|
|
| |
Reported by Brian McCauley <B.A.McCauley@bham.ac.uk>.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
| |
<hoch@hplcgh.hpl.hp.com>
server.c, util.c: Added fix for oplock break requests blocking due to server being
blocked in read call. Bug found by Charles Hoch <hoch@hplcgh.hpl.hp.com>.
Jeremy.
|
| |
|
|
|
|
| |
util.c: Applied fix from Branko Cibej <branko.cibej@hermes.si> where
StrnCaseCmp tests one character too many.
Jeremy.
|
| |
|
|
|
|
| |
common bug in MS clients where they try to reuse a file descriptor
from an earlier smb connection. This code increases the chance that
the errant client will get an error rather than causing corruption
|
| |
|
|
|
| |
with doing a dir /s into a unix directory ending in a ':'.
Jeremy.
|
| |
|
|
| |
spaces
|
| |
|
|
|
| |
security by changing a setting in local.h or adding it to their
Makefile. See comment in local.h
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
nameelect.c: Tidied up settings of work->ServerType when unbecoming things.
nmbd.c: Fixed pidFile warning.
server.c: Fixed pidFile warning.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
| |
reply.c: Changed reply_open_and_X to split out the oplock
request bits from core and extended and if an oplock was granted only set
the corresponding bit on reply.
server.c: Added code to dynamically allocate i/o buffers in oplock_break
(prevents recursion problems) , also made reset of sent_oplock_break
explicit.
Jeremy.
|
| |
|
|
|
| |
use the same process_exists() code on all systems (it's probably
faster anyway)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
can't sent a oplock break twice on the same file.
changed some debug levels in the oplock code to level 0 so we can
track down a bug
zero the returned Files[] entry in find_free_file()
don't try to overcome client bugs in the handling of non-encrypted
passwords if in server level security mode
added paranoid null termination of password buffers
slight change to my ajt_panic() routine
|
| |
|
|
| |
It's fixed properly now :-)
|
| |
|
|
|
|
|
|
|
| |
files that aren't open if the file happened to close while the oplock
was in transit. We would end up sending a oplock break request on
another random file (actually the open file that happened to have the
highest fnum). Then we wouldn't get a response, so smbd would keep
sending and would actually flood the net with an infinite number of
oplock break requests!
|
| | |
|
| |
|
|
|
|
|
|
| |
with local message processing.
reply.c: Added check to reply_lockingX for chain after oplock break.
server.c: Added receive_next_smb().
trans2.c: Changed reply_trans2 to use receive_next_smb() to cope
with local message processing.
|
| |
|
|
|
|
|
|
| |
make_printerdef.c: Fixed warning.
quotas.c: Fixed irix root errors.
server.c: Fixed oplock reference count bug.
smb.h: Added IS_VETO_OPLOCK_PATH().
Jeremy.
|
| |
|
|
|
|
| |
outstanding to client. Done to allay Andrews' fears about
readbraw crossing on the wire :-).
Jeremy.
|
| | |
|
| |
|
|
|
| |
remove problems.
Jeremy
|
| |
|
|
|
|
|
|
|
|
|
|
| |
separated out smb server-mode password validation into a separate file.
added called and calling netbios names to client gen state: referenced
section in rfc1002.txt.
created workstation trust account checking code in ntclient.c
there might be a bug in reply_session_setup_andX. i indented and added { }
around single-line if statements: the lm password checking code now doesn't
look right (around the GUEST_SESSSETUP bits). *no code semantics have been
changed by the indentation process*.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
added a #define around the alignment thing: it's a way to stop
NetMonitor from decoding your packets!!!!
proto.h :
usual.
reply.c :
added what i believe to be the correct error messages for getting
correct domain joining.
smb.h :
some guesses at good names of the SAMR_XXXX functions. sorting
out the SAMR_LOOKUP_RIDS function. this is *not* the same as
the LSA_LOOKUP_RIDS function, unless paul accidentally put it
on the ntlsa pipe by mistake, instead of the samr pipe :-)
rpc_pipes/lsa_hnd.c rpc_pipes/pipe_hnd.c :
moved creation and allocation of unique policy handles into this module.
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c rpc_pipes/smbparse.c :
SAMR_LOOKUP_RIDS is beginning to look _suspiciously_ like the
LSA_LOOKUP_RIDS function. but i know that there are subtle
discrepancies.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
mangle.c server.c proto.h
mangle.c
I am planning to replace the mangled_stack array with a proper stack,
but found many style inconsistencies (no, really). As you might expect,
I have standardized on my own preferences. ;)
I also found a potential problem in create_mangled_stack (which I've
renamed as reset_mangled_stack). If the stack size were passed into
the function as 0 or less, there was the possibility that the array
would have been freed twice. I doubt that this ever happens, but I
don't like to leave holes.
Of course, the fix will be irrelevent once I replace the array with
a linked-list-based stack.
server.c
Changed the call to create_mangled_stack() to a call to reset_mangled_stack().
proto.h
Regenerated to match the above changes. (A real comment! How unusual!)
|
| |
|
|
|
|
|
|
| |
luke changed it.
proto.h: The usual.
uid.c: Fix crash bug when attaching with smbclient -mCORE. A vuid
pointer was being used when it was null.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
|
| |
|
|
|
|
|
|
| |
proto.h: The usual.
server.c: Added timestring() messages to oplock logs. Added fix
to allow file open processing to continue is an oplock
break message times out.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
loadparm.c : to equivalent to version 1.67
reply.c : to equivalent to version 1.69
server.c : to equivalent to version 1.122
util.c : to equivalent to version 1.98
to remove the incorrect changes.
proto.h: The usual.
rpc_pipes/smbparse.c : Backeting stuff that SHOULD NOT BE IN THE
none-NTDOMAIN build !
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
'<' and '|' characters indicate read file and execute command respectively,
and feed the output into the parameter (!!!).
'<$' and '|$' means run standard_sub_basic() on them.
this is going to be fun to document in smb.conf.5....
also, Christian created a new "online" service parameter. services can
be taken "off-line"....
|
| |
|
|
| |
techniques more accurately.
|
| |
|
|
| |
don't need to restart smbd after a DST change.
|
| |
|
|
| |
pipes array.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
simply adding pipes.o to SMBDOBJ3.
rpc_pipes/pipe_hnd.c :
created pipe handles module.
pipes.c server.c :
use of pipe_hnd functions in SMBopenX and SMBclose, on the IPC$ pipe.
|
| |
|
|
|
|
|
|
| |
which are pipes on the IPC$ connection.
created mechanism to record pipe names in a separate pipes_struct. it
is planned to expand this, to return sensible things like interface
structures, and policy handles (RPC_IFACE and LSA_POL_HND). and the like.
|
| | |
|
