Jeremy Allison [Thu, 24 Jul 2003 06:19:37 +0000 (06:19 +0000)]
SMB signing is now working with change notify. Need to fix the disconnect
when bad signature received, plus check the oplock breaks....
Jermey.
Jeremy Allison [Thu, 24 Jul 2003 04:25:37 +0000 (04:25 +0000)]
Server side NTLM signing works - until the first async packet. Working on this
next....
Jeremy.
Tim Potter [Thu, 24 Jul 2003 00:01:10 +0000 (00:01 +0000)]
Some more [ug]id_t printf fixes.
Tim Potter [Wed, 23 Jul 2003 23:30:46 +0000 (23:30 +0000)]
Ensure a prototype is generated for smb_snprintf()
Final bit for bug 187.
Gerald Carter [Wed, 23 Jul 2003 19:58:01 +0000 (19:58 +0000)]
connect to the right realm or domain for trusted AD domains
Gerald Carter [Wed, 23 Jul 2003 12:42:48 +0000 (12:42 +0000)]
fix typo
Gerald Carter [Wed, 23 Jul 2003 12:33:59 +0000 (12:33 +0000)]
convert snprintf() calls using pstrings & fstrings
to pstr_sprintf() and fstr_sprintf() to try to standardize.
lots of snprintf() calls were using len-1; some were using
len. At least this helps to be consistent.
Andrew Tridgell [Wed, 23 Jul 2003 10:09:29 +0000 (10:09 +0000)]
fixed segv in calls to pstrcpy() in cliprint.c
Tim Potter [Wed, 23 Jul 2003 07:14:33 +0000 (07:14 +0000)]
Fix out of date comment.
Tim Potter [Wed, 23 Jul 2003 06:37:51 +0000 (06:37 +0000)]
Move a function to avoid a warning.
Tim Potter [Wed, 23 Jul 2003 06:11:38 +0000 (06:11 +0000)]
Typo in comment.
Jeremy Allison [Wed, 23 Jul 2003 06:04:20 +0000 (06:04 +0000)]
Don't check in two places for signing turned off...
Jeremy.
Tim Potter [Wed, 23 Jul 2003 03:59:57 +0000 (03:59 +0000)]
A fix for bug 174. I'm pushing this to the tree to test it on one of
the build farm machines that I don't have direct access to (hpntc9I).
Tim Potter [Wed, 23 Jul 2003 01:26:46 +0000 (01:26 +0000)]
Fix two memory leaks in the smb module:
- free talloc context when cli_query_secdesc() fails
- dispose of cli_state when python cli_state_object is garbage collected
Gerald Carter [Tue, 22 Jul 2003 15:08:34 +0000 (15:08 +0000)]
removing unused function
Gerald Carter [Tue, 22 Jul 2003 15:02:39 +0000 (15:02 +0000)]
bumping version string
Alexander Bokovoy [Tue, 22 Jul 2003 14:43:05 +0000 (14:43 +0000)]
Fix comment
Gerald Carter [Tue, 22 Jul 2003 13:10:57 +0000 (13:10 +0000)]
sync from bea3 release
Tim Potter [Tue, 22 Jul 2003 06:52:39 +0000 (06:52 +0000)]
Another round of uid/gid/pid format string changes I missed the
first time.
Tim Potter [Tue, 22 Jul 2003 04:31:20 +0000 (04:31 +0000)]
Fixup a bunch of printf-style functions and debugs to use unsigned long when
displaying pid_t, uid_t and gid_t values. This removes a whole lot of warnings
on some of the 64-bit build farm machines as well as help us out when 64-bit
uid/gid/pid values come along.
Tim Potter [Tue, 22 Jul 2003 01:18:24 +0000 (01:18 +0000)]
Use %p for a pointer type in a printf-style format string. Also casting
a pointer to a uint32 value is incorrect on a 64-bit architecture.
Tim Potter [Tue, 22 Jul 2003 00:20:53 +0000 (00:20 +0000)]
Replace the eight (!) copies of dummy become/unbecome root with a single one.
Tim Potter [Tue, 22 Jul 2003 00:16:39 +0000 (00:16 +0000)]
Use lp_idmap_[ug]id() instead of lp_winbind_[ug]id()
Tim Potter [Mon, 21 Jul 2003 23:42:45 +0000 (23:42 +0000)]
Metze's AD/LDAP detection patches mainly to do with library detection.
Tested on a large combination of operating systems and versions.
Hopefully the build farm will find any remaining nasties if they
exist.
Richard Sharpe [Mon, 21 Jul 2003 20:20:09 +0000 (20:20 +0000)]
Clarify a debug log a little. The path might not exist, so say so.
Rafal Szczesniak [Sun, 20 Jul 2003 21:43:41 +0000 (21:43 +0000)]
This creates passdb backend files automatically when adding first account.
An extra message notifying that needed file didn't exist is displayed.
There's still a little catch with tdb backend, but it's better than it was,
from end-user's point of view.
This fixes #198
rafal
Rafal Szczesniak [Sun, 20 Jul 2003 14:50:38 +0000 (14:50 +0000)]
Typo fixes.
Jelmer Vernooij [Sun, 20 Jul 2003 00:34:24 +0000 (00:34 +0000)]
Fix typo
Volker Lendecke [Sat, 19 Jul 2003 11:28:15 +0000 (11:28 +0000)]
Fix memleak
Andrew Bartlett [Sat, 19 Jul 2003 00:36:43 +0000 (00:36 +0000)]
Fix StrCaseCmp() to avoid calling smb_panic() on invalid multibyte strings.
This fix results in
- we no longer use fixed-size buffers in StrCaseCmp (previously limited to
a pstring)
- we return strcmp(s, t) if either of the strings is invalid
- for non-ascii cases, we call iconv twice, not 4 times.
The basic idea with this fix is that if a string is not valid in the currnet
charset, then (unless it is byte-equivilant) it cannot be case-equivilant
to any other string.
This should address the majority of our smb_panic() cases on this matter. It
will not fix them all - we still call unix_strupper(), aka strupper_m()
elsewhere, but this was being called on every file in the directory when
we performed unix_convert().
Tested with the stf unit tests for this routine.
Andrew Bartlett
Rafal Szczesniak [Sat, 19 Jul 2003 00:23:08 +0000 (00:23 +0000)]
According to the result of voting, net has default debug level with
ability to change it by command line instead of turn-off cmdline switch
for debug messages.
It's a bit more comfortable to use now.
Volker Lendecke [Fri, 18 Jul 2003 11:36:16 +0000 (11:36 +0000)]
Fix memleak
Volker Lendecke [Fri, 18 Jul 2003 09:05:30 +0000 (09:05 +0000)]
Fix two memleaks in pdb_ldap.c.
Whoever put the private.backend_private_data_free_fn thingy into
SAM_ACCOUNT, could you please revisit my change to pdb_get_set.c and
comment on my comment there?
Thanks,
Volker
Andrew Tridgell [Fri, 18 Jul 2003 07:07:29 +0000 (07:07 +0000)]
make sure we don't allow the creation of directories containing
wildcard characters. I've only put this in mkdir at the moment, but I
suspect this will apply to all places that can create new filenames.
We need to allow the opening of existing filenames that contain
wildcards, but not allow the creation of new ones.
Andrew Tridgell [Fri, 18 Jul 2003 06:48:28 +0000 (06:48 +0000)]
this fixes a bug where Samba would under some circumstances return
incomplete directory listings. The problem was the exact_match
optimisation that short circuited directory listings on exact
matches. This optimisation doesn't work when the unix filename
contains Microsoft wildcard characters.
Tim Potter [Fri, 18 Jul 2003 03:04:13 +0000 (03:04 +0000)]
Fix spelling typo.
Tim Potter [Fri, 18 Jul 2003 02:57:43 +0000 (02:57 +0000)]
Uninstall modules as part of uninstall. Partial fix for 236.
We still don't uninstall swat or the man pages properly.
Andrew Tridgell [Fri, 18 Jul 2003 01:36:11 +0000 (01:36 +0000)]
fixed the pstrcpy() bug in directory recursion properly
Jeremy Allison [Fri, 18 Jul 2003 00:53:34 +0000 (00:53 +0000)]
Signing so far... the client code fails on a SMBtrans2 secondary transaction
I think (my changes haven't affected this I believe). Initial support on the
server side for smbclient. Still doesn't work for w2k clients I think...
Work in progress..... (don't change).
Jeremy.
Jeremy Allison [Thu, 17 Jul 2003 18:55:40 +0000 (18:55 +0000)]
Formatting tidyups to match the rest of the source.
Jeremy.
Volker Lendecke [Thu, 17 Jul 2003 11:24:54 +0000 (11:24 +0000)]
Disconnect an idle LDAP connection after 150 seconds.
Not strictly a bugfix, but it should considerably reduce the load we
put on LDAP servers given that at least nss_ldap on Linux keeps a
connection open.
And it should also stress our reconnect-code a bit more ;-)
Thanks to metze for this!
Volker
Volker Lendecke [Thu, 17 Jul 2003 10:03:37 +0000 (10:03 +0000)]
Ban getgrouplist on linux glibc systems with glibc <= 2.3.
This segfaults when you have to many group membership entries
in /etc/group.
Fixed in glibc CVS end of April 2003.
Volker
Tim Potter [Thu, 17 Jul 2003 04:17:58 +0000 (04:17 +0000)]
Fix for bug 222 from Marcin Owsiany.
Don't get stuck in an infinite loop listing directories recursively
if the server returns an empty directory name. This can happen with
incorrect i18n configuration on a Samba server.
Tim Potter [Thu, 17 Jul 2003 03:53:43 +0000 (03:53 +0000)]
Don't use pstrcpy on non-pstrings.
Andrew Bartlett [Thu, 17 Jul 2003 01:34:05 +0000 (01:34 +0000)]
In the presense of RPC fragments, schannel is not strictly request/reply,
so the shared sequence number will not be strictly odd/even.
Andrew Bartlett
Jeremy Allison [Thu, 17 Jul 2003 00:58:14 +0000 (00:58 +0000)]
Correctly toggle the signing state to what it was previosly when sending
an oplock break.
Jeremy.
Jeremy Allison [Thu, 17 Jul 2003 00:53:37 +0000 (00:53 +0000)]
Don't allow read/write raw when signing is active.
Jeremy.
Jeremy Allison [Thu, 17 Jul 2003 00:48:21 +0000 (00:48 +0000)]
Putting the framework for server signing in place. Ensure we don't use
sendfile when signing (I need to add this for readbraw/writebraw too...).
Jeremy.
Jeremy Allison [Wed, 16 Jul 2003 22:57:56 +0000 (22:57 +0000)]
Refactor signing code to remove most dependencies on 'struct cli'.
Ensure a server can't do a downgrade attack if client signing is mandatory.
Add a lp_server_signing() function and a 'server signing' parameter that
will act as the client one does.
Jeremy
Eloy Paris [Wed, 16 Jul 2003 21:30:02 +0000 (21:30 +0000)]
Further Debian fixes.
Jeremy Allison [Wed, 16 Jul 2003 21:06:21 +0000 (21:06 +0000)]
Add API framework for server SMB signing.
Jeremy.
Jeremy Allison [Wed, 16 Jul 2003 19:17:33 +0000 (19:17 +0000)]
Add krb5_princ_component to Heimdal. Remove cli_ from mark packet signed.
Jeremy.
Jeremy Allison [Wed, 16 Jul 2003 18:06:27 +0000 (18:06 +0000)]
Reformatting fixes to bring in line with the rest of the source.
Jeremy.
Gerald Carter [Wed, 16 Jul 2003 16:51:51 +0000 (16:51 +0000)]
adding command for moving a record from one tdb to another
Gerald Carter [Wed, 16 Jul 2003 16:26:40 +0000 (16:26 +0000)]
make tdbtool deal with NULL and non-NULL terminated keys
Gerald Carter [Wed, 16 Jul 2003 15:01:26 +0000 (15:01 +0000)]
sync with release tree
Volker Lendecke [Wed, 16 Jul 2003 13:57:53 +0000 (13:57 +0000)]
Fix memleak
Volker Lendecke [Wed, 16 Jul 2003 13:35:23 +0000 (13:35 +0000)]
typo
Tim Potter [Wed, 16 Jul 2003 05:51:10 +0000 (05:51 +0000)]
Spelling.
John Terpstra [Wed, 16 Jul 2003 05:42:10 +0000 (05:42 +0000)]
Documentation Update for Beta3.
Gerald Carter [Wed, 16 Jul 2003 04:53:57 +0000 (04:53 +0000)]
removing outdated scripts
Gerald Carter [Wed, 16 Jul 2003 04:50:45 +0000 (04:50 +0000)]
remove outdated doc
Gerald Carter [Wed, 16 Jul 2003 03:54:08 +0000 (03:54 +0000)]
adding another missing doc
Gerald Carter [Wed, 16 Jul 2003 03:51:25 +0000 (03:51 +0000)]
updating WHATSNEW
removing old readme (not part of WHATSNEW)
Andrew Bartlett [Wed, 16 Jul 2003 03:22:43 +0000 (03:22 +0000)]
Fix up our auth_pipe code to always cope with fragmented datagrams,
in both SCHANNEL and NTLMSSP.
(Try not to deal with a general case as individual special cases...)
Andrew Bartlett
Gerald Carter [Wed, 16 Jul 2003 02:51:28 +0000 (02:51 +0000)]
fix typo in debug log
Gerald Carter [Wed, 16 Jul 2003 02:20:53 +0000 (02:20 +0000)]
fixes for 'net rpc vampire'. I can now take a blank Samba host
and migrate an NT4 domain and still logon from domain members
(tested logon scripts, system policies, profiles, & home directories)
(passdb backend = tdbsam)
removed call to idmap_init_wellknown_sids() from winbindd.c
since the local domain should be handled by the guest passdb backend
(and you don't really always want the Administrator account to be root)
...and we didn't pay attention to this anyways now.
Gerald Carter [Wed, 16 Jul 2003 02:17:55 +0000 (02:17 +0000)]
Volker's patch for open_socket_out() to speed up connections
Tim Potter [Wed, 16 Jul 2003 00:13:40 +0000 (00:13 +0000)]
Fix from Dragan Krnic for handling files in tar archives > 8GB.
Fixes bug 102.
Jeremy Allison [Tue, 15 Jul 2003 23:05:57 +0000 (23:05 +0000)]
Added the "required" keyword to the "client signing" parameter to force it
on. Fail if missmatch. Small format tidyups in smbd/sesssetup.c. Preparing
to add signing on server side.
Jeremy.
Jeremy Allison [Tue, 15 Jul 2003 22:26:47 +0000 (22:26 +0000)]
Add a cli_ prefix to a few functions to ensure everything that takes a struct cli_state
is so marked.
Jeremy
Gerald Carter [Tue, 15 Jul 2003 21:33:28 +0000 (21:33 +0000)]
fix schannel processing on fragmented PDUs. 'net rpc vampire' works again.
Volker Lendecke [Tue, 15 Jul 2003 17:27:39 +0000 (17:27 +0000)]
Fix memleak
Volker Lendecke [Tue, 15 Jul 2003 17:23:36 +0000 (17:23 +0000)]
We should report if a group mapping fails. This should fix bug#225.
Jerry, this is assigned to you. Do you want to answer it?
However, we have to decide what to do if a mapping is to be done for a
unix group not in LDAP....
Volker
Eloy Paris [Tue, 15 Jul 2003 17:22:38 +0000 (17:22 +0000)]
Debian updates. Brings files in packaging/Debian on par with the
latest Debian official packages for Debian unstable. Also fixes
patches that got out of date in the beta2->beta3 development process.
Alexander Bokovoy [Tue, 15 Jul 2003 17:21:21 +0000 (17:21 +0000)]
Add support for MSG_SMB_CONF_UPDATED and MSG_SHUTDOWN to all daemons (smbd, nmbd, winbindd). Reviewed by jerry and tridge.
Volker Lendecke [Tue, 15 Jul 2003 17:00:11 +0000 (17:00 +0000)]
Fix memleaks
Volker Lendecke [Tue, 15 Jul 2003 16:46:20 +0000 (16:46 +0000)]
Fix memleak
Volker Lendecke [Tue, 15 Jul 2003 16:07:50 +0000 (16:07 +0000)]
Jim, could you please look at this? smbpasswd -a <username> was broken
for me without this patch. I'm not sure if I interpreted your patch to
this code right.
Thanks,
Volker
Gerald Carter [Tue, 15 Jul 2003 16:02:51 +0000 (16:02 +0000)]
Mandrake packaging updates from Buchan
Alexander Bokovoy [Tue, 15 Jul 2003 13:00:20 +0000 (13:00 +0000)]
Accept --with-expsam=no as valid option (do nothing on it). Simplifies automatic option generation for spec files
Alexander Bokovoy [Tue, 15 Jul 2003 12:12:15 +0000 (12:12 +0000)]
Fix cut&paste bug in strdup() usage example. Found by Metze
Alexander Bokovoy [Tue, 15 Jul 2003 09:50:44 +0000 (09:50 +0000)]
Add mandir to installdir target. Otherwise installman fails for clean DESTDIR
Gerald Carter [Tue, 15 Jul 2003 04:38:20 +0000 (04:38 +0000)]
odding some more docs
Gerald Carter [Tue, 15 Jul 2003 04:33:37 +0000 (04:33 +0000)]
adding docs on hew parameters I added.
Gerald Carter [Tue, 15 Jul 2003 04:24:37 +0000 (04:24 +0000)]
update docs to reflect the change in default behavior for winbindd
Gerald Carter [Tue, 15 Jul 2003 04:19:57 +0000 (04:19 +0000)]
remove -B and default to dual-daemon mode (-Y to run as a single process)
Gerald Carter [Tue, 15 Jul 2003 02:27:00 +0000 (02:27 +0000)]
make sure to fallback to rid algoruthm for users not in smbpasswd (e.g. force user = foo)
Andrew Bartlett [Tue, 15 Jul 2003 01:07:12 +0000 (01:07 +0000)]
SPNEGO SMB signing is now fixed for NTLMSSP, with kerberos to follow shortly.
Andrew Bartlett
Gerald Carter [Mon, 14 Jul 2003 19:51:34 +0000 (19:51 +0000)]
fix cache coherency bug in print handle print_info_2 cache.
Needs to be rewritten to use a reference counter, but this
will work for now.
also the memory allocation in the printing code needs to be cleaned
up to use talloc exclusively.
Alexander Bokovoy [Mon, 14 Jul 2003 15:03:19 +0000 (15:03 +0000)]
Small documentation fixes from Metze
Andrew Bartlett [Mon, 14 Jul 2003 12:56:30 +0000 (12:56 +0000)]
Fix compile error noticed by Ken Cross, use the utility function instead
of an inline replacement...
Andrew Bartlett
Andrew Bartlett [Mon, 14 Jul 2003 10:38:23 +0000 (10:38 +0000)]
Fix SMB signing when using NTLMSSP...
It's so simple now I know how it works - and it has nothing to do with
NTLMSSP (it's just a slightly different use of the old algorithm). :-).
Note: This is actually less secure then the non-NTLMSSP code, as there is
no per-session random data included for NTLM logins. (NTLMv2 is better,
fortunetly).
Andrew Bartlett
Andrew Bartlett [Mon, 14 Jul 2003 08:46:32 +0000 (08:46 +0000)]
Jeremy requested that I get my NTLMSSP patch into CVS. He didn't request
the schannel code, but I've included that anyway. :-)
This patch revives the client-side NTLMSSP support for RPC named pipes
in Samba, and cleans up the client and server schannel code. The use of the
new code is enabled by the 'sign', 'seal' and 'schannel' commands in
rpcclient.
The aim was to prove that our separate NTLMSSP client library actually
implements NTLMSSP signing and sealing as per Microsoft's NTLMv1 implementation,
in the hope that knowing this will assist us in correctly implementing
NTLMSSP signing for SMB packets. (Still not yet functional)
This patch replaces the NTLMSSP implementation in rpc_client/cli_pipe.c with
calls to libsmb/ntlmssp.c. In the process, we have gained the ability to
use the more secure NT password, and the ability to sign-only, instead of
having to seal the pipe connection. (Previously we were limited to sealing,
and could only use the LM-password derived key).
Our new client-side NTLMSSP code also needed alteration to cope with our
comparatively simple server-side implementation. A future step is to replace
it with calls to the same NTLMSSP library.
Also included in this patch is the schannel 'sign only' patch I submitted to
the team earlier. While not enabled (and not functional, at this stage) the
work in this patch makes the code paths *much* easier to follow. I have also
included similar hooks in rpccleint to allow the use of schannel on *any* pipe.
rpcclient now defaults to not using schannel (or any other extra per-pipe
authenticiation) for any connection. The 'schannel' command enables schannel
for all pipes until disabled.
This code is also much more secure than the previous code, as changes to our
cli_pipe routines ensure that the authentication footer cannot be removed
by an attacker, and more error states are correctly handled.
(The same needs to be done to our server)
Andrew Bartlett
John Terpstra [Mon, 14 Jul 2003 05:17:52 +0000 (05:17 +0000)]
Typo fixes from Vorlon.
Tim Potter [Mon, 14 Jul 2003 05:13:30 +0000 (05:13 +0000)]
Don't bomb out when trying to unmarshall a zero length printerdata value.
Fixes remote printer publishing of shared printers from a Samba server.
Tim Potter [Mon, 14 Jul 2003 01:49:07 +0000 (01:49 +0000)]
Delete obsolete comment.
Tim Potter [Mon, 14 Jul 2003 01:18:43 +0000 (01:18 +0000)]
Undo 'Fix compiler warning'. It didn't work because the value of inbuf changes so
we end up freeing a pointer we didn't mallocate.
Also, calling strdup() in a frequently called function just to clear up a
const compiler warning seems inelegant and inefficient.
Simo Sorce [Sun, 13 Jul 2003 21:41:23 +0000 (21:41 +0000)]
use the specific funtion we have to check if a SID belong to our domain
Rafal Szczesniak [Sun, 13 Jul 2003 16:25:55 +0000 (16:25 +0000)]
Fix compiler warning.