| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
smb.h: More code towards NT protocol.
time.c: Fix for sco bug.
Jeremy.
|
| |
|
|
|
|
|
| |
This patch may not yet compile with -DUSE_SSL enabled, further
Makefile changes may be needed. But it was important to get
this code in place before I go off to USENIX.
Jeremy.
|
| |
|
|
|
|
| |
clientutil.c: Fixed NT session to add NT password.
groupname.c: Added lookup function.
Jeremy.
|
| |
|
|
|
|
|
| |
smbumount.c: Added fixes to compile under Linux.
includes.h: Added SunOS 4.x QSORT_CAST fix.
reply.c: Fixed user name mapping function for security=server, security=domain.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
groupname.o
includes.h: Added ubi_sLinkList.h include.
loadparm.c: Added groupname map parameter.
password.c: Fix HPUX big_crypt.
username.c: New user_in_list() code. Moved groupname map code to groupname.c
lib/rpc/server/srv_util.c: Added lookup_wellknown_sid_from_name().
New groupname map stuff. Note that nothing currently uses this but at
compiles ok.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
| |
reply.c: map_username is now a BOOL function.
server.c: Added capability to do map_username on service names
when looking for a home directory. That's what the
original code would do.
lib/rpc/server/srv_util.c: Changed domain_ to builtin_ for
BUILTIN aliases.
username.c: Work in progress on groupname map parameter.
Jeremy
|
| |
|
|
|
| |
does the signed/unsigned warnings I've been missing.
Jeremy
|
| |
|
|
|
|
|
|
|
|
|
|
| |
username case conversion wrapper. It is now (very) explicit where we are
mapping between an incoming Windows username, and when we are doing a
UNIX password entry lookup, which may change the case of the given
username.
This makes things *much* clearer (IMHO:-) and will ease the adding of
the 'groupname map' parameter, and the addition of the special 'jeremy'
mode for Samba where unix users will not be needed. (We must think of
a better name for it :-).
Jeremy.
|
| |
|
|
|
|
|
| |
available) when scanning server/workgroup/share lists.
ipc.c: Removed redundent definition of ERROR_MORE_DATA (234) we already have
ERRmoredata in smb.h
Jeremy.
|
| |
|
|
|
|
|
|
|
|
| |
gives a too-small buffer for share info. Fix from Gil Kloepfer <gil@arlut.utexas.edu>
smb.h:
server.c: Fix for a nastly little security problem with multi-user Windows NT
servers and Samba where the contents of the open-file cache can end
up being served out to users who shouldn't have access. This is some
*seriously* ugly code.
Jeremy.
|
| |
|
|
|
|
|
|
|
| |
password.c: Added code to tell server.c when machine password needs changing.
server.c: Change machine password in idle cycles if it needs it.
smbpassfile.c: Fixed up length calculations for machine password file.
smbpasswd.c: Moved domain joining code/machine password changing code.
lib/rpc/client/cli_netlogon.c: And this is where it now lives.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
| |
smbpass.c: Do *NOT* make this function static. It breaks the compile on gcc
util.c: Getting closer to MS wildcard semantics. A trailing '*' matches
any trailing dot-separated components.
trans2.c: Removed hacks that change multiple '?' -> '*' as this
breaks things now.
trans2.h: Removed NT_FILE_ATTRIBUTE_NORMAL - now FILE_ATTRIBUTE_NORMAL is defined
in smb.h.
Jeremy.
|
| |
|
|
|
|
|
|
|
| |
dir.c & mangle.c. This was possible after I checked the tree code to make
sure that the tree code did not reference functions by macro name. Also,
note that the AVL module has been removed to prevent conflict with the
SplayTree macro defines.
Chris -)-----
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
for dir.h, which I've fixed. Andrew did not add includes.h to the ubiqx
headers, which is good because it would cause internal conflicts within the
ubiqx tree modules. It's also bad because the definitions and includes
that are part of includes.h are now in the ubiqx C files, but not in the
header files. So, if includes.h were to redefine int, for example, the
new definition would be in the ubiqx C files, but not in the headers.
So, until Andrew and I can work something out that we both agree upon,
there are three basic rules:
1) Don't include includes.h in the ubiqx headers. Problems may arise.
2) The ubiqx headers must follow includes.h in any Samba module that
uses them.
This can and should all be worked out. We just have to talk about it.
Chris -)-----
|
| |
|
|
|
| |
mode.
Jeremy.
|
| |
|
|
|
|
|
|
| |
reply.c: Fixed password length modifiers to always be done
is none-encrypted mode used. This fixes Samba for
people who are using non-encrypted passwords with
security=server.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
| |
as NT.
You do not want to know how this code works :-).
Jeremy
|
| |
|
|
|
|
|
|
| |
function table, selectable at compile time. This should make the
code that implements all the password functions much cleaner, as
it's now very clear exactly what a particular password database
needs to provide to Samba.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ldap.c: Stoped dummy_function being prototyped.
loadparm.c: Fixed slprintf sizes.
nisppass.c: Fixed safe_strcpy sizes.
nmbd_processlogon.c: Changed back to getsmb... from getsam...
nttrans.c: Just a dump of new code.
passdb.c: Moved stuff around a lot - stopped any lookups by rid. This
needs to be indirected through a function table (soon).
password.c: Changed back to getsmb... from getsam...
reply.c: Changed back to getsmb... from getsam...
slprintf.c: Fixed prototype problems.
smb.h: Fixed prototype problems.
smbpass.c: Changed to getsmbfile....
smbpasswd.c: Changed back to getsmb... from getsam...
lib/rpc/server/srv_netlog.c: Changed back to getsmb... from getsam...
lib/rpc/server/srv_samr.c: Fixed rid lookup - use uid or gid lookup.
lib/rpc/server/srv_util.c: Changed back to getsmb... from getsam...
Jeremy.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
server.c: Moved generate_machine_sid() into passdb.c for Jean-Francois
(who might want an LDAP version). Changed locking to free exclusive
lock as soon as possible to prevent contention.
lib/rpc/parse/parse_samr.c
lib/rpc/server/srv_samr.c: Changed last SID-as-string manipulation
function to use DOM_SID structure.
Jeremy.
|
| |
|
|
|
|
| |
server.c: Added MACHINE.SID file generation - use lp_domain_sid() be default.
smbpass.c: Exposed do_file_lock() as I now use it in server.c
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ipc.c: Caused samba password changing not to be done if UNIX password
changing requested and not successful.
util.c: Added string_to_sid() and sid_to_string() functions.
lib/rpc/client/cli_samr.c:
lib/rpc/include/rpc_misc.h:
lib/rpc/parse/parse_lsa.c:
lib/rpc/parse/parse_misc.c:
lib/rpc/parse/parse_net.c:
lib/rpc/parse/parse_samr.c:
lib/rpc/server/srv_lsa.c:
lib/rpc/server/srv_lsa_hnd.c:
lib/rpc/server/srv_netlog.c:
lib/rpc/server/srv_samr.c:
lib/rpc/server/srv_util.c: Changes so that instead of passing SIDs
around as char *, they are converted to DOM_SID at the earliest
opportunity, and passed around as that. Also added dynamic memory
allocation of group sids. Preparing to auto-generate machine sid.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It removed all ocurrences of the following functions :
sprintf
strcpy
strcat
The replacements are slprintf, safe_strcpy and safe_strcat.
It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.
Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.
Jeremy.
|
| |
|
|
|
|
|
| |
and null session setup done.
smbpasswd.c: Fix from Gerald Carter <cartegw@Eng.Auburn.EDU> to fix incorrect
use of pointer.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Makefile:
created PASSBD_OBJ group
includes.h:
added #ifdef USE_LDAP to #include <ldap> headers
ldap.c:
- renamed "_machine" to "_trust" everywhere.
- added sam_passwd support routines
- removed get_ldappwd_entry function: replaced with get_sampwd_entry
- removed getldappwnam/uid: replaced with getsampwnam/uid
- other messing about bits which are probably going to annoy the
hell out of jean-francois (sorry!)
mkproto.awk:
- added stuff to wrap ldap.c protos with #ifdef USE_LDAP
- added uid_t and gid_t return results to the prototype generation
passdb.c:
- created getsam21pwent, add_sam21pwd_entry, mod_sam21pwd_entry.
- modified getsampwnam/uid and created getsam21pwnam/rid functions
to replace the local get_smbpwd_entry() and get_ldappwd_entry()
functions, which jeremy didn't like anyway because they were
dual-purpose.
- added utility routines which are or may be useful to all the
password database routines.
password.c:
- renamed "machine_" to "trust_" everywhere.
smbpass.c:
- removed get_smbpwd_entry function: replaced it with get_sampwd_entry
functions in passdb.c
- moved code that decoded acct_ctrl into passdb.c
- moved encode_acct_ctrl into passdb.c
- removed getsmbpwnam/uid: replaced with getsampwnam/uid
- renamed "machine_" to "trust_" everywhere.
smbpasswd.c:
- renamed "machine_" to "trust_" everywhere.
util.c:
- moved gethexpwd function into passdb.c
lib/rpc/server/srv_util.c:
- moved user_rid_to_uid, group_rid_to_rid etc etc into passdb.c
|
| |
|
|
|
|
|
| |
everywhere. I've implemented slprintf() as a bounds checked sprintf()
using mprotect() and a non-writeable page.
This should prevent any sprintf based security holes.
|
| |
|
|
|
|
| |
This now tries Enhanced passwords first and if this fails trys Basic
mode (ie: Unix /etc/passwd) authentication. This only happens when
OSF1_ENH_SEC is defined at compilation.
|
| |
|
|
|
|
|
|
|
| |
messages.
nttrans.c: More updates.
smb.h: Removed stuff that didn't belong in the smb_passwd struct. Persuaded Luke
to use a new structure.
web/swat.c: Fixed gcc complaints about shadowing global 'string'.
Jeremy.
|
| |
|
|
|
| |
trans2.c: Paranoia bugfixes added when studying nttrans.c.
Jeremy.
|
| |
|
|
|
| |
compiled yet, just checked in for safe keeping :-).
Jeremy.
|
| |
|
|
|
|
|
| |
problem....
smbpass.c: Removed Luke's dire warning - as some of the functions in here
*need* to be called externally :-).
Jeremy.
|
| |
|
|
|
|
|
|
|
| |
smbpasswd or ldap passwd, at compile-time (-DUSE_LDAP).
_none_ of the functions in ldap.c or smbpass.c should be called directly:
only those in passdb.c should be used.
-DUSE_LDAP is unlikely to compile at the moment.
|
| |
|
|
|
|
|
| |
He also suggested that some systems may implement free() as a macro (but
I think he was looking for an excuse ;). Anyway, I've added a function
to mangle.c that calls free().
Chris -)-----
|
| |
|
|
|
|
| |
password.c: Fixed machine_passwd_lock() problems.
lib/rpc/server/srv_ldap_helpers.c: Oops - broke proto.h with dummy function. Fixed now.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
server.c: Moved %U, %G and %N into standard_sub() from standard_sub_basic()
as only smbd knows about usernames. Also fixes problem with calling
standard_sub_basic() from loadparm.c.
smbpass.c: Partial tidyup of machine_password_lock() code - not finished yet.
util.c: Moved %U, %G and %N into standard_sub() from standard_sub_basic()
as only smbd knows about usernames. Also fixes problem with calling
standard_sub_basic() from loadparm.c.
lib/rpc/server/srv_ldap_helpers.c: Added #ifdef USE_LDAP around ldap code.
lib/rpc/server/srv_samr.c: Added #ifdef USE_LDAP around ldap code.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Essentially, multiple session_setup_and_X's may be done
to an smbd. As there is only one global variable containing
the requested connection name (sessionsetup_user), then any
subsequent sessionsetups overwrite this name (causing %U
and %G to get the wrong name). This is particularly common
when an NT client does a null session setup to get a
browse list after the user has connected, but before
a share has been mounted.
These changes store the requested_name in the vuid structure
(so this only really works for user level and above security)
and copies this name back into the global variable before
the standard_sub call.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
ipc.c: Fix for duplicate printer names being long.
loadparm.c: Set bNetWkstaUserLogon to false by default - new code in password.c
protects us.
nmbd_logonnames.c:
nmbd_namequery.c:
nmbd_namerelease.c: Debug messages fix.
password.c: SGI compile warning fix, fix for tcon() with bNetWkstaUserLogon call.
reply.c: SGI compile warning fix.
server.c Debug messages fix.
smbpass.c: Fix for incorrect pointer.
Jeremy.
|
| |
|
|
|
|
|
|
| |
passwords to be stored over time, allowing a smbpasswd file migration.
Adds new parameter "update encrypted".
Will also add to 1.9.18 branch.
Docs update to follow.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
| |
loadparm.c: Patch from tim@quiknet.com for static string problems.
server.c: Setup global_myname.
smbpass.c: Fix up locking. Add machine_password_delete() call.
smbpasswd.c: Added provisional code to add to a domain.
lib/rpc/client/cli_login.c: Fixed incorrect cred_hash3 call when setting machine password.
lib/rpc/server/srv_netlog.c: Fixed incorrect cred_hash3 call when setting machine password.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
| |
password.c: Stopped cli_nt_logout call (we don't have it correct yet).
Added Luke object-orientation fix :-).
smb.h: Added clnt_name_slash to cli_state.
lib/rpc/client/cli_login.c: Changed global_myname to clnt_name_slash where needed.
lib/rpc/client/cli_netlogon.c: Fixed debug messages, don't check creds on error.
lib/rpc/client/cli_pipe.c: Fixed debug messages, Added Luke object-orientation fix.
lib/rpc/parse/parse_misc.c: Fixed STRING2 linearization bug that was adding 1.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
added become_root / unbecome_root around the get machine account password.
smbpass.c:
cleaning up code.
- turning if (BOOL_expr == False) into if (BOOL_expr)
what if you test if (BOOL_expr == True) and someone defines
True to be -1 on one system and 1 on another? or if you get
inconsistent return results between developers
- removed if ((FILE*) == 0) and made this if ((FILE*) == NULL) -
cannot assume that NULL is zero integer. plus there are typecast
issues to deal with
- removed return (ret == 0) ? True : False and made this return ret == 0
rely on the compiler to return correct BOOL value: not all developers
will return True or False #defines: stick with BOOL test (non-zero).
- removed if (ret == False) replaced with if (!ret)
- bug where instead of if (sizeof(pstring)-len-len-6 < 0) it had a
boolean test if (pstring-len-len-6).
- removed "." after debugging of filenames: the "." - a fullstop -
looked like it was part of the filename, making things difficult
to sort out.
still to be resolved: the global_myname isn't set up, such that the
machine account password file is named "TEST3..mac".
|
| |
|
|
|
|
|
|
|
|
|
| |
WARNING - so far this has only been tested against a Samba PDC
(still waiting for IS to add me the machine accounts :-).
Still missing is the code in smbpasswd that will add a machine
account password and change it on the domain controller, but
this is not hard, and I will check it in soon.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
| |
It is changing the global variables "myname" and "myworkgroup"
to "global_myname" and "global_myworkgroup" respectively.
This is to make it very explicit when we are messing
with a global (don't ask - it makes the domain client
code much clearer :-).
Jeremy.
|
| |
|
|
|
|
|
|
|
| |
clientgen.c: Added nt_error as an entry in the struct client_state.
password.c: Open the netlogon pipe.
smb.h: Added nt_error as an entry in the struct client_state.
lib/rpc/parse/parse_net.c: Added comments on net logon.
lib/rpc/server/srv_netlog.c: Added comments on net logon.
Jeremy.
|
| |
|
|
|
|
|
| |
password.c: Changed global cli -> pw_cli, removed strtok (bad strtok, bad :-)
use in security=server, started to extend security=domain code.
smbpasswd.c: Removed rap error code functions.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
| |
password.c: Started the initial code for domain_client_validate(). All
bracketed with #ifdef DOMAIN_CLIENT for now.
reply.c: Call to domain_client_validate(). All
bracketed with #ifdef DOMAIN_CLIENT for now.
smbpass.c: New code to get/set machine passwords. Tidied up nesting
of lock calls.
Jeremy.
|
