summaryrefslogtreecommitdiff
path: root/source3/lib/substitute.c
AgeCommit message (Collapse)AuthorFilesLines
2002-08-11Make 'remote_machine' private to lib/substitute.c, and fix all the user to useAndrew Bartlett1-1/+3
the new accessor functions. Andrew Bartlett (This used to be commit f393de2310e997d05674eb7f1268655373e03647)
2002-08-10Fix the %m security bug again - and try to make it harder to reintroduce inAndrew Bartlett1-8/+41
future. This moves us from fstrcpy() and global variables to 'get' and 'set' functions. In particular, the 'set' function sainity-checks the input, in the same way as we always have. Andrew Bartlett (This used to be commit e57a896f06b16fe7e336e1ae63a0c9e4cc75fd36)
2002-07-15don't use C++ comments in C - it doesn't work on many compilersAndrew Tridgell1-1/+1
(This used to be commit cf853314f9eda479c6f18bfc725fa0b5d88d0a38)
2002-07-14addedd new (t)alloc_sub_* functionsSimo Sorce1-28/+302
they will get a const string and return a (t)alloced epanded one. also modified passdb/* stuff to use this one. (This used to be commit d378ac1e2efb0efc9a0f983d69cf678ca6255fd5)
2002-07-02Address the string_sub problem by changing len = 0 to mean "no expand".Jeremy Allison1-31/+55
Went through and checked all string_subs I could to ensure they're being used correctly. Jeremy. (This used to be commit 17cae0d683be404be69554cd0e84117bdcc56c87)
2002-06-15Simplify this code further. Just substitute %H, and let the normal codeAndrew Bartlett1-36/+0
paths handle the rest later. Andrew Bartlett (This used to be commit 09754ec797c4232d2016c7eff2e74044f28ebb7c)
2002-06-15Rework much of the service.c code:Andrew Bartlett1-3/+10
The aim of this execise is to give the 'security>=user' code a straight paper path. Security=share will sill call authorise_login(), but otherwise we avoid that mess. This allow *much* more accurate error code reporting, beocuse we don't start pretending that we can use the (nonexistant) password etc. Also in this patch is code to create the 'homes' share at session setup time (as we have done in the past - been broken recently) and to record this on the user's vuser struct for later reference. The changes here should also allow for much better use of %H (some more changes to come here). The service.c changes move a lot of code around, but are not as drastric as they look... (Also included is a fix to srv_srvsvc_nt.c where 'total_entries' not '*total_entries' was compared). This code is needs testing, but passes my basic tests. I expect we have lost some functionality, but the stuff I had expected to loose was already broken before I started. In particular, we don't 'fall back' to guest if the user cannot access a share (for security=user). If you want this kind of stuff then you really want security=share anyway. Andrew Bartlett (This used to be commit 4c0cbcaed95231f8cf11edb43f6adbec9a0d0b5c)
2002-05-25Clean up a few unused functions, add a bit of static etc.Andrew Bartlett1-18/+1
Importantly: The removal of the silly 'delete user script' behaviour when secuity=domain. I have left the name the same - as it still does the (previously documented, but not in smb.conf(5)) sane behaviour of deleting users on request. When we decide what to do with the 'add user' functionality, we might rename it. Andrew Bartlett (This used to be commit cdcfe3671eb7570e15649b77f708e6579055e7bc)
2002-05-18A few things in this commit:Andrew Bartlett1-0/+52
cleanup some of the code in net_rpc_join re const warnings and fstrings. Passdb: Make the %u and %U substituions in passdb work. This is done by declaring these paramters to be 'const' and doing the substitution manually. I'm told this is us going full circle, but I can't really see a better way. Finally these things actually seem to work properly... Make the lanman code use the pdb's recorded values for homedir etc rather than the values from lp_*() Add code to set the plaintext password in the passdb, where it can decide how to store/set it. For use with a future 'ldap password change' option, or somthing like that... Add pdb_unix, so as to remove the 'not in passdb' special cases from the local_lookup_*() code. Quite small, as it uses the new 'struct passwd -> SAM_ACCOUNT' code that is now in just one place. (also used by pdb_smbpasswd) Other: Fix up the adding of [homes] at session setup time to actually pass the right string, that is the unix homedir, not the UNC path. Fix up [homes] so that for winbind users is picks the correct name. (bad interactions with the default domain code previously) Change the rpc_server/srv_lsa_nt.c code to match NT when for the SATUS_NONE_MAPPED reply: This was only being triggered on no queries, now it is on the 'no mappings' (ie all mappings failed). Checked against Win2k. Policy Question: Should SID -> unix_user.234/unix_group.364 be considered a mapping or not? Currently it isn't. Andrew Bartlett (This used to be commit c28668068b5a3b3cf3c4317e5fb32ec9957f3e34)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-17A nice *big* change to the fundemental way we do things.Andrew Bartlett1-1/+0
Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps them around for a long time - often past the next call... This adds a getpwnam_alloc and a getpwuid_alloc to the collection. These function as expected, returning a malloced structure that can be free()ed with passwd_free(&passwd). This patch also cuts down on the number of calls to getpwnam - mostly by taking advantage of the fact that the passdb interface is already case-insensiteve. With this patch most of the recursive cases have been removed (that I know of) and the problems are reduced further by not using the sys_ interface in the new code. This means that pointers to the cache won't be affected. (This is a tempoary HACK, I intend to kill the password cache entirly). The only change I'm a little worried about is the change to rpc_server/srv_samr_nt.c for private groups. In this case we are getting groups from the new group mapping DB. Do we still need to check for private groups? I've toned down the check to a case sensitve match with the new code, but we might be able to kill it entirly. I've also added a make_modifyable_passwd() function, that copies a passwd struct into the form that the old sys_getpw* code provided. As far as I can tell this is only actually used in the pass_check.c crazies, where I moved the final 'special case' for shadow passwords (out of _Get_Pwnam()). The matching case for getpwent() is dealt with already, in lib/util_getent.c Also included in here is a small change to register the [homes] share at vuid creation rather than just in one varient of the session setup. (This picks up the SPNEGO cases). The home directory is now stored on the vuid, and I am hoping this might provide a saner way to do %H substitions. TODO: Kill off remaining Get_Pwnam_Modify calls (they are not needed), change the remaining sys_getpwnam() callers to use getpwnam_alloc() and move Get_Pwnam to return an allocated struct. Andrew Bartlett (This used to be commit 1d86c7f94230bc53daebd4d2cd829da6292e05da)
2002-01-16Separate out get_user_home_dir() from get_user_home_service_dir().Jeremy Allison1-5/+1
Jeremy. (This used to be commit c1b97226db63daf64359e79083a4754e7c7f8054)
2002-01-16Merged in %S fixes and XX_NOT_CHANGED fixes from 2.2.Jeremy Allison1-16/+53
Jeremy. (This used to be commit 0fcca6c627a5c9c2219ec9714df5e0bc1a44cc29)
2001-12-31const religionSimo Sorce1-3/+3
(This used to be commit c0904d96170a9166b8cd405b75ce4a9bbc32ad1b)
2001-12-06again an intrusive patch:Jean-François Micouleau1-11/+9
- removed the ugly as hell sam_logon_in_ssb variable, I changed a bit the definition of standard_sub_basic() to cope with that. - removed the smb.conf: 'domain admin group' and 'domain guest group' parameters ! We're not playing anymore with the user's group RIDs ! - in get_domain_user_groups(), if the user's gid is a group, put it first in the group RID list. I just have to write an HOWTO now ;-) J.F. (This used to be commit fef52c4b96c987115fb1818c00c2352c67790e50)
2001-11-30Ensured the %G substitution exactly matches what the man page states.Jeremy Allison1-1/+2
Jeremy. (This used to be commit 518084a70d0b20347411535f1dcf7453981499cf)
2001-10-29This commit is number 3 of 4.Andrew Bartlett1-1/+1
In particular this commit focuses on: Changing the Get_Pwnam code so that it can work in a const-enforced environment. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes allow for 'const' in the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username (This used to be commit e7634f81c5116ff4addfb7e495f54b6bb78e8f77)
2001-10-29This commit is number 2 of 4.Andrew Bartlett1-3/+14
In particular this commit focuses on: The guts of the moving about inside passdb. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes allow for the introduction of a large dose of 'const' to the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username passdb/ - Kill off disp_info stuff, it isn't used any more - Kill off support for writing to the old smbpasswd format, it isn't relevent to Samba 3.0 - Move around and modify the pdb_...() helper functions, adding one that sets the last changed time to 'now' and that sets the must change time appropriately. - Remove the ugly forced update of the LCT- value in pdb_smbpasswd. - Remove the implicit modification of the ACB flags when both NT and LM passwords are set. - Removed substation in pdb_getsampwnam output, as a single password change will render them inoperable in any case (they will be substituted and stored) - Added a default RID to the init_sam_from_pw() function, based on our rid algorithm. - Added checks that an smbpasswd stored user has a uid-based RID. - Fail to store tdb based users without a RID lib/ - Change the substituion code to use global_myname if there is no connection (and therefore no called name) at the present time. (This used to be commit 8f607810eb24ed1157bbd2e896c2c167bc34d986)
2001-10-20removed an unused variableAndrew Tridgell1-1/+0
(This used to be commit 9355f251656d0233395dae6978c58f4e520e069b)
2001-10-18Merge Gerry's %G change from 2.2.2.Jeremy Allison1-7/+8
Jeremy. (This used to be commit d8262286ddb6105a9d3b0730912447ea2401a3fb)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-4/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-07-04strchr and strrchr are macros when compiling with optimisation in gcc, so we ↵Andrew Tridgell1-4/+4
can't redefine them. damn. (This used to be commit c41fc06376d1a2b83690612304e85010b5e5f3cf)
2001-04-25Fixed %U and %D substitutions. %U is lowercase user name, %D is uppercaseJeremy Allison1-2/+12
domain name. Jeremy. (This used to be commit 5f005952f6d8c281cf91ac0855e83342a2fd7e45)
2001-04-08Got "medieval on our ass" about adding the -1 to slprintf.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 94747b4639ed9b19f7d0fb896e43aa392a84989a)
2001-03-26Patch to make automount lookup fallback to get home directory from getpwnam.Jeremy Allison1-9/+15
From Robert Montjoy <Rob_Montjoy@ECECS.UC.EDU>. Jeremy. (This used to be commit 1fe60064bddf29fd778918d3f1a7026002029bd7)
2001-01-23include/vfs.h:Jeremy Allison1-2/+3
smbd/vfs-wrap.c: smbd/vfs.c: Added fchmod_acl and chmod_acl. lib/substitute.c: smbd/lanman.c: smbd/open.c: smbd/process.c: smbd/reply.c: smbd/service.c: Removed sessetup_user variable. Added current_user_info struct which conatins domain info etc. Added '%D' for client domain parameter. Jeremy. (This used to be commit 2844ec3d511680609d6794b8718001a1bda9e89f)
2000-08-25- fixed the %U macro so that the old (and documented) semantics workAndrew Tridgell1-2/+13
again. This got broken with one of the substitute.c updates a couple of months ago. - also fixed %u to return the username from the current_user structure when called via a method that does not have direct access to the username. I cache the uidtoname() result to prevent thrashing nss. (This used to be commit 2520a0eff9c5decbec79aababe9910db3535890a)
2000-06-09do some standard_sub_advanced() in api_net_sam_logon on lp_logon_xxx().Jean-François Micouleau1-1/+1
and if you have unix realname=yes, you get the gecos name when locking the station. J.F. (This used to be commit b5ad24ae0b15643df5832e2369fb4e43c98a1359)
2000-05-02split the username in the vuser structure into a separateAndrew Tridgell1-2/+2
userdom_struct. As the name implies this also contains a domain (unused at the moment). This will be important shortly, as operation in appliance mode needs the domain to be always carried with the username. (This used to be commit ee8546342d5be90e730372b985710d764564b124)
2000-05-02Added sys_fork() and sys_getpid() functions to stop the overheadJeremy Allison1-1/+1
of doing a system call every time we want to just get our pid. Jeremy. (This used to be commit 148628b616b5c29ba6340d65fc3ddbcabba6e67a)
2000-04-24Now that fsp's are created on successful file open, the structure memberJeremy Allison1-1/+0
fsp->open is no longer needed (if an fsp pointer is valid, then it's open :-). NB for Luke, this patch also did not apply to TNG. TNG is not yet identical w.r.t file serving with HEAD. This makes it impossible for me to help maintain TNG. Please fix asap. lib/substitute.c: Removed unused variable (pidstr). Jeremy. (This used to be commit 389b700a26e8a308a0dff6fc038c38068aa0119a)
2000-04-23split out standard_sub_basic() again to fix a bug where %p was beingAndrew Tridgell1-14/+29
substituted in the loadparm code and thus leaving lpq with no printer (This used to be commit b7c7a4d564d36885aa7c3efb2a87caec470df7fe)
2000-04-19- got rid of the "passive" optionAndrew Tridgell1-70/+54
- cleaned up the standard_sub_*() calls a lot (This used to be commit 2c2d95d77d3667eaa9252506a82b9054b0d0e01c)
2000-04-17moved standard_sub() and friends into a separate moduleAndrew Tridgell1-0/+295
(This used to be commit 030ec8e71f9ef533b5d6aece01e67d357e23b7d2)