| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
source/rpc_server/srv_spoolss_nt.c
- add an access check to _spoolss_deleteprinter() to stop random
users and passers by from deleting printers.
source/lib/messages.c
- converted global msg_all struct to a local in message_send_all()
function.
source/include/smb.h
- added a success error code to the spoolss return codes.
source/include/proto.h
source/param/loadparm.c
source/printing/printing.c
- Added new parameter "total print jobs" to limit the total number
of print jobs across all queues. Currently individual queues are
limited by "max print jobs".
(This used to be commit 02f154e729b0e8465d3e1e2ac794e6ab3844ce57)
|
|
list of structures rather than the dodgy parsing code we had before
this also gets smbw working correctly with no initial workgroup (using
name_status_find on __MSBROWSE__ returns)
(This used to be commit f2be88a8738a39ca5c98936edb7537cd701348a1)
|
|
Currently does exactly the same thing (returns ACLs the same way). This
code is written to try and get a POSIX ACL via the abstract sys_XX interface,
then fall back to providing a UNIX based ACL if the calls fail. Seems to
work. Next step is to add a --with-posix-acls to configure.in and then
check on a POSIX ACL system that a complex ACL is returned correctly
as an NT ACL. Note that the ACL set (a more complex problem) is not
addressed yet.
Jeremy.
(This used to be commit 4339e20202a876dbadc07980b731f711463b7299)
|
|
(This used to be commit a2d07994e0376a8d530d262573c96710bdff2236)
|
|
a single
statement after an 'if'. Tracking this down took 4 hours from my life and ANDREW I WANT
THEM BACK !!!!! :-).
include/smb.h smbd/password.c: Fixed the bug veritas reported with realloc of the validated_users
array growing without bounds. This is now a linked list as god (Andrew) intended :-).
Jeremy.
(This used to be commit 346f2f9206b9b4ed123e2a61c0a48de630397b8a)
|
|
o added BOOL own_memory flag in SAM_ACCOUNT so we could
use static memory for string pointer assignment or
allocate a new string
o added a reference TDB passdb backend. This is only a reference
and should not be used in production because
- RID's are generated using the same algorithm as with smbpasswd
- a TDB can only have one key (w/o getting into problems) and we
need three. Therefore the pdb_sam-getpwuid() and
pdb_getsampwrid() functions are interative searches :-(
we need transaction support, multiple indexes, and a nice open
source DBM. The Berkeley DB (from sleepycat.com seems to fit
this criteria now)
o added a new parameter "private dir" as many places in the code were
using lp_smb_passwd_file() and chopping off the filename part.
This makes more sense to me and I will docuement it in the man pages
o Ran through Insure-lite and corrected memory leaks. Need for
a public flogging this time Jeremy (-:
-- jerry
(This used to be commit 4792029a2991bd84251d152a62b1033dec62cee2)
|
|
Jeremy.
(This used to be commit f571e1efd01c7b1b500a833df3bd074a8c4c65ec)
|
|
- merged Tim's vlp (virtual lp) test program. Enable it with
-DDEVELOPER or by using ./configure.developer
(source/include/smb.h source/configure.developer
source/printing/lpq_parse.c source/param/loadparm.c
testsuite/printing/.cvsignore testsuite/printing/Makefile.vlp
testsuite/printing/vlp.c)
(This used to be commit fbcf83140da1823e74f63227f0a95d07c6e76764)
|
|
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+)
are broken, but they were somewhat broken before. :)
The following functions implement the storage manipulation interface
/*The following definitions come from passdb/pdb_smbpasswd.c */
BOOL pdb_setsampwent (BOOL update);
void pdb_endsampwent (void);
SAM_ACCOUNT* pdb_getsampwent (void);
SAM_ACCOUNT* pdb_getsampwnam (char *username);
SAM_ACCOUNT* pdb_getsampwuid (uid_t uid);
SAM_ACCOUNT* pdb_getsampwrid (uint32 rid);
BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass);
BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override);
BOOL pdb_delete_sam_account (char* username);
There is also a host of pdb_set..() and pdb_get..() functions for
manipulating SAM_ACCOUNT struct members. Note that the struct
passdb_ops {} has gone away. Also notice that struct smb_passwd
(formally in smb.h) has been moved to passdb/pdb_smbpasswd.c
and is not accessed outisde of static internal functions in this
file. All local password searches should make use of the the SAM_ACCOUNT
struct and the previously mentioned functions.
I'll write some documentation for this later. The next step is to fix
the TDB passdb backend, then work on spliting the backends out into
share libraries, and finally get the LDAP backend going.
What works and may not:
o domain logons from Win9x works
o domain logons from WinNT 4 works
o user and group enumeration
as implemented by Tim works
o file and print access works
o changing password from
Win9x & NT ummm...i'll fix this tonight :)
If I broke anything else, just yell and I'll fix it. I think it
should be fairly quite.
-- jerry
(This used to be commit 0b92d0838ebdbe24f34f17e313ecbf61a0301389)
|
|
This also updates the printing.tdb db version to 2.
Jeremy.
(This used to be commit 13395514c632341e7be36eb9589011bb0949b075)
|
|
Jim McDonough
Infoprint Manager Development
Linux Technology Center
IBM Boulder
Jeremy.
(This used to be commit d9eedd5db1728be8e23d73c954db13bbbcadf3fb)
|
|
Added "codepage directory" patch from Peter.Polkinghorne@brunel.ac.uk
Jeremy.
(This used to be commit e49566c2e21fcd16980e5110495645c5ae5a36da)
|
|
We now use our own vfs layer to do get/set acl calls (hurrah!).
Jeremy.
(This used to be commit dfe77c7046cbd65ee52aea7439f21503c1eac41d)
|
|
a conn struct depending on the call.
We need this to have a clean NT ACL call interface.
This will break any existing VFS libraries (that's why this is pre-release
code).
Andrew gets credit for this one :-) :-).
In addition - added Herb's WITH_PROFILE changes - Herb - please examine
the changes I've made to the smbd/reply.c code you added. The original
code was very ugly and I have replaced it with a
START_PROFILE(x)/END_PROFILE(x) pair using the preprocessor.
Please check this compiles ok with the --with-profile switch.
Jeremy.
(This used to be commit b07611f8159b0b3f42e7e02611be9f4d56de96f5)
|
|
Jeremy.
(This used to be commit 7914e9351abb5271ebb4990c3b1fe495d15a4eda)
|
|
ERROR_INSUFICIENT_BUFFER when working out what space is needed. This fix
gives us the same return that WinNT does.
Jeremy.
(This used to be commit a87f6277b1faa1ea492f31add4ce33556bdf3695)
|
|
Jeremy.
(This used to be commit e203324d4a3b9aac99ed0b22cbd8c373461919dd)
|
|
Jeremy.
(This used to be commit e466c863f5540e13776f4477b6d58e3fbfe7276d)
|
|
with the current user. This will allow se_access_check() to quickly do
a SD check without having to translate uid/gid's to SIDs.
Still needs work on pipe calls.
Jeremy.
(This used to be commit e28d01b744b3dbd33e0e54af4e7f426fa8c082b8)
|
|
get ready and fix se_access_check().
Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid()
functions that look via winbind first the fall back on local lookup.
All Samba should use these rather than trying to call winbindd code
directly.
Added NT_USER_TOKEN struct in user_struct, contains list of NT sids
associated with this user.
se_access_check() should use this (cached) value rather than attempting
to do the same thing itself when given a uid/gid pair.
More work needs to be done to preserve these things accross security
context changes (especially with the tricky pipe problem) but I'm
beginning to see how this will be done..... probably by registering
a new vuid for an authenticated RPC pipe and not treating the
pipe calls specially.
More thoughts needed - but we're almost there...
Jeremy.
(This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8)
|
|
- changed the default forms flag to 2
- all short architecture name are uppercased
- get_short_archi() is now case unsensitive
- the drivers TDB is indexed by archi/version/name
- implemented code to move drivers from the upload area to the download
area. Someone else need to look at that code.
- don't return anymore a default driver if it doesn't exist in the TDB.
Instead return an error.
- cleaned prs_unistr.
- #ifdef out jeremy's new SD parsing in printer_info_2
- removed the unused MANGLE_CODE
- #ifdef out the security checking in update_printer() as it doesn't work
for me.
Zap your ntdrivers.tdb, it won't work anymore.
J.F.
(This used to be commit ac0a145acc0953a6f362497abbf4dfe70aa522a6)
|
|
Removed msrpc_local struct
--jerry
(This used to be commit b2317babb557f5bce390c7162c9936f5d46f4da3)
|
|
(This used to be commit a81371a4fd6f7972b054bea90428d1d2fd6d1d22)
|
|
structure so authenticated pipe users can have their unix groups set when
become_authenticated_pipe_user() is called.
(This used to be commit 55c9bf124dc661df43bfe582ef14b1297aeaf0fa)
|
|
semi-connection and a rpcclient prompt, but no functionality there yet.
Will be a few more days on that.
The changes to the header files were minor. A few struct's and a few
additional fields to existing ones. No deletions. **minimal change
necessary** :-) Well, maybe not minimal, but I tried.
All other programs compile, link and run ok from what I can tell so
I don;t think I broke anything.
--jerry
(This used to be commit cd7f0b0b91afd3331c0607ba2fcb3ccdd41ecebf)
|
|
Moved the S_* macros from smb.h to includes.h
(This used to be commit b37539e323361239659256ef0837f63b6714ab95)
|
|
(This used to be commit ce40ba9fba62d4debc43ab53b8564fc24d1f9e3b)
|
|
(This used to be commit b1441d9622609af5ef598c5e1e1f5af438dc0731)
|
|
(This used to be commit 17d3c3a14885a42889d69459e7b3af7040a45499)
|
|
handling in Samba. This was needed due to several limitations and
races in the previous code - as a side effect the new code is much
cleaner :)
in summary:
- changed sys_select() to avoid a signal/select race condition. It is a
rare race but once we have signals doing notification and oplocks it
is important.
- changed our main processing loop to take advantage of the new
sys_select semantics
- split the notify code into implementaion dependent and general
parts. Added the following structure that defines an implementation:
struct cnotify_fns {
void * (*register_notify)(connection_struct *conn, char *path, uint32 flags);
BOOL (*check_notify)(connection_struct *conn, uint16 vuid, char *path, uint32 flags, void *data, time_t t);
void (*remove_notify)(void *data);
};
then I wrote two implementations, one using hash/poll (like our old
code) and the other using the new Linux kernel change notify. It
should be easy to add other change notify implementations by creating
a sructure of the above type.
- fixed a bug in change notify where we were returning the wrong error
code.
- rewrote the core change notify code to be much simpler
- moved to real-time signals for leases and change notify
Amazingly, it all seems to work. I was very surprised!
(This used to be commit 44766c39e0027c762bee8b33b12c621c109a3267)
|
|
(This used to be commit 3253085d9883a181c04b9c9ecf7d0ccdfbcee88d)
|
|
modular form. In this pass I added oplock_irix.c and added a "struct
kernel_oplocks" that describes a kernel oplock implementation.
(This used to be commit b5ceab810292602ea9a81696c20a781c16b706c2)
|
|
place to do this, not in smbd/passwd.c
Please don't change this without asking first, I have run this past
Andrew so talk to him (I'm on vacation next week).
I also removed the g_newXXX macros. There are essentially a private C extension,
not used anywhere else in the code, and add no functionality over malloc(XX)
and make the code harder to understand (everyone knows what malloc does).
Jeremy.
(This used to be commit e1b1b6fb6794ba02e1fea510a981fa0ce0d12b58)
|
|
not just undercut work in progress, thank you.
(This used to be commit 86d440a88c948727bfcfedc694c52c58f9687d8b)
|
|
there (yet)
as there is no infrastructure for it. Replaced it with a dynamic array
of group SIDs plus a user.
passdb/passdb.c: Added setup_user_sids() function. This is where the lookup should be done,
eventually calling winbind.
smbd/password.c: Changed to call setup_user_sids(). Removed spurious DEBUG(0) statements.
smbd/reply.c: Removed extra parameter to register_vuid().
Jeremy.
(This used to be commit 425f4ad9a5e0e7d49620276100ade7a0cae47011)
|
|
register_vuid fills it with constructed info.
(This used to be commit b1889e4334012b1b2caa604b859da4271509fc87)
|
|
- added autoconf test for HAVE_KERNEL_OPLOCKS_LINUX
(This used to be commit 0368f68529a9244663c199068e95d1a1d93152fa)
|
|
(This used to be commit 82e47e268ca33dd7e692c5e6d0571428307b5287)
|
|
(This used to be commit f9f2a04fdb7b2af1cfe5bf26ec6f0d955ea948b9)
|
|
on the samba server.
(This used to be commit 15e7d8f6c5cddf6ce409ee2505744250d181ec34)
|
|
- got rid of guest map code in lpq parser
(This used to be commit 8e53f781d3cf6a7007764916a0d8e8f1abea1f66)
|
|
userdom_struct. As the name implies this also contains a domain
(unused at the moment).
This will be important shortly, as operation in appliance mode needs
the domain to be always carried with the username.
(This used to be commit ee8546342d5be90e730372b985710d764564b124)
|
|
This implementation keeps all POSIX lock records in a separate in memory
tdb database only known about in locking/posix.c. In addition, the pending
close fd's are also held in a tdb which has an array of fd's indexed by
device and inode.
The walk-split code uglyness has been moved to posix.c from brlock.c,
which is the only place that needs to know about it, and the extra
functions hacked into brlock to expose internal state have been removed.
This implementation passes smbtorture locktest4, the only thing I need
to check now for completeness is what to do about lock upgrade/downgrades
which Win32 allows under some *very* strange circumstances.
Jeremy.
(This used to be commit 3f655de1c764b9ee1472a111621d4317f19f624d)
|
|
Added dfs_server announcement in set_default_server_announce_type()
(This used to be commit 99d07e13520b04d99999938d259d56fa65c8a8ea)
|
|
When a file is being closed, once it passes the fnum and tid tests then
the locking context should be ignored when removing all locks. This is
what is done in the brl close case, but when you have outstanding
POSIX locks, then you cannot remove all the brl locks in one go, you
have to get the lock list and call do_unlock individually. As this
uses global_smbpid as the locking context, you need to make sure
that this is set correctly for the specific lock being removed. I
now do this by storing the smbpid in each entry in the unlock list returned from
the query call. I removed the smbpid from fsp (not needed) and
things seem ok (even with the stupid smbpid tricks that smbtorture plays :-).
Jeremy.
(This used to be commit 6baa96bb466915cc17e8cbad50254d6bd47b967b)
|
|
smbpid used when a file was opened in the files_struct. Else we use
the wrong global_smbpid when we are closing the file and trying to
remove the brl locks - this causes the brl locks to be left when the
file is closed as the samba_context check fails.
Jeremy.
(This used to be commit 2746e5602e493e5b022764b4b839eb4d2f14363b)
|
|
removed from the smbd/open.c code.
We now use a dlink list of structures indexed by dev/inode to store
all pending fd's for close. This could be rewritten to use lib/hash.c
if this is discovered to be too slow in use.
Andrew, please take a look and let me know if this is what you
had in mind.
Jeremy.
(This used to be commit 0487841120a7584da9a2b83b9574562c415d7024)
|
|
test. Was miscounting posix locks, plus was not taking into account
the case where other_fsp == fsp in the 'move locks' case. DOH ! This
code will be re-written anyway :-).
Jeremy.
(This used to be commit 5278ec016cb24d8263fe6e7c1d389f466270ef24)
|
|
HEAD should now map brl locks correctly into POSIX locks, including the
really nasty case of large range unlock.
There is a lot of pretty ASCII art in locking/brlock.c explaining
exactly how this code works. If it is unclear, please ask me.
Jeremy.
(This used to be commit 135855dbd3b8934a49229b81646cd4469acba926)
|
|
open on the same dev/inode pair with existing POSIX locks.
This is done at the smbd/open layer, so smbd just calls fd_close() and
the transfer of any open fd's is done under the covers of fd_close().
When an fsp is closed and no other fsp's open on the same dev/inode
pair have existing POSIX locks then all fd's associated with this fsp
are closed.
Now only the hard part of doing the POSIX range unlock code when read
locks overlap remains for full POSIX/SMB lock integration....
Jeremy.
(This used to be commit 1df48ed55ee303b6d84d7277fd79761cfe5f7052)
|
