Age | Commit message (Collapse) | Author | Files | Lines |
|
source/lib/util_seaccess.c
- added se_create_child_secdesc() function which takes a parent
(container) security descriptor and creates a security descriptor
which has the inheritance flags for each ACE applied. In NT a
print job is a child object of a printer so deleting and
pausing/resuming jobs requires a check against the child security
descriptor, not the parent. The values seen in NT printer
security descriptors now all fit together in a natural and
elegant way which is always nice.
- Removed #ifdef'ed out portion of check_ace() when the
INHERIT_ONLY flag is set as the se_create_child_secdesc()
function now creates a security descriptor which can be used
without this hack.
(This used to be commit f125b9a94413fd481ae9f05ec5096ef79f0d49e4)
|
|
codepath.
(This used to be commit 767f73aee62438d74248facf7122b2c49645d5c7)
|
|
source/rpc_parse/parse_lsa.c
- off by one unistr length bug in init_lsa_trans_name()
source/lib/util_sid.c
- resolve more BUILTIN sid values to names.
source/nsswitch/wb_client.c
- fix typo in debug message
- set errno on error so we don't get bogus value from last failure.
source/rpc_server/srv_spoolss_nt.c
- add debug to track number of open printer handles for ease of
tracking handle leaks in the future.
source/rpc_server/srv_lsa.c
- fix off-by-one string bug. This was preventing NT from
displaying names for well-know SIDs in printer permissions
dialog.
(This used to be commit 59229b9025cff54cbdd05e374616ffbf9c6fee33)
|
|
it slows us down and doesn't gain anything
(This used to be commit 30fb31a3ab05ab6bb6c89cb457e2216e34b963e6)
|
|
Ensure HAVE_NO_ACLS is set in configure if ACL support not selected.
Jeremy
(This used to be commit 523c91935621ec2d200a79385046694806f7c837)
|
|
Now the debugging starts.... :-).
Jeremy.
(This used to be commit 2300ac79f5eba84225288a87129b4df5bd471466)
|
|
testsuite/printing/psec.c
- Use lock directory from smb.conf parameter when peeking at the
ntdrivers.tdb file.
source/rpc_parse/parse_sec.c
- fix typo in debug message
source/script/installbin.sh
- create private directory as part of 'make install'.
source/nsswitch/winbindd_cache.c
source/nsswitch/winbindd_idmap.c
source/passdb/secrets.c
source/smbd/connection.c
- always convert tdb key to unix code-page when generating.
source/printing/nt_printing.c
- always convert tdb key to unix code-page when generating.
- don't prepend path to a filename that is NULL in
add_a_printer_driver_3().
source/rpc_server/srv_spoolss_nt.c
- always convert tdb key to unix code-page when generating.
- don't prepend server name to a path/filename that is NULL in the
fill_printer_driver_info functions.
source/printing/printing.c
- always convert tdb key to unix code-page when generating.
- move access check for print_queue_purge() outside of job delete
loop.
source/smbd/unix_acls.c
- fix for setting ACLs (this got missed earlier)
source/lib/messages.c
- trivial sync with appliance_head
(This used to be commit 376601d17d53ef7bfaafa576bd770e554516e808)
|
|
Jeremy.
(This used to be commit 6dc83a8c665dd6774ce597cf7269ad4d8c5380cf)
|
|
Deniz Akkus <akkus@alum.mit.edu>
(This used to be commit 5650c143a706a0a65dfd55dea2248c6636a57912)
|
|
source/Makefile.in
- changes to ctags and etags rules that somehow got lost along the way.
source/include/proto.h
- make proto
source/smbd/sec_ctx.c
source/smbd/password.c
- merge debugs for debugging user groups and NT token stuff.
source/lib/util_str.c
- capitalise domain name returned from parse_domain_user()
source/nsswitch/wb_client.c
- fix broken conditional in debug statement.
source/include/rpc_secdes.h
source/include/rpc_spoolss.h
source/printing/nt_printing.c
source/lib/util_seaccess.c
- fix printer permission bugs related to ACE masks for printers.
This adds mapping of generic access rights to object specific
rights for NT printers. Still need to work out whether or not to
ignore ACEs with certain flags set, though. See comments in
util_seaccess.c:check_ace() for details.
source/printing/nt_printing.c
source/printing/printing.c
- use PRINTER_ACCESS_ADMINISTER instead of JOB_ACCESS_ADMINISTER
until we sort out printer/printjob permission stuff.
(This used to be commit 1dba9c5cd1e6389734c648f6903abcb7c8d5b2f0)
|
|
(This used to be commit 44c5eb4def9a264f660b2398d28b72f54e6547e6)
|
|
Jeremy.
(This used to be commit 56a93567a106f25e87df093e1861f6bdd1d3196a)
|
|
easier wrapping of non-POSIX ACL interfaces.
Jeremy.
(This used to be commit 1a31b4eb082b23d60e3d9040b3c0110eef1f9385)
|
|
Jeremy.
(This used to be commit a83702c99f1ecd6e68f8c178b20823fce6d4c6c6)
|
|
function.
lib/util_unistr.c: Check lengths *before* reading source - prevent uninitialised
memory reads.
Jeremy.
(This used to be commit ce4f461965c872fbfc9fe5f6b98aed58bb3dd67a)
|
|
rewrote unistr2_to_ascii() to correct a bug seen on SGI boxes.
rpc_parse/parse_misc.c:
rpc_parse/parse_prs.c:
rewrote of BUFFER5 handling to NOT byteswap when it was already in
network byte order.
rpc_parse/parse_samr.c:
cleanup of samr_io_q_lookup_domain(), remove the over-parsing by 2
bytes.
rpc_server/srv_lsa.c:
UNISTR2 strings need to be NULL terminated to pleased W2K.
rpc_server/srv_spoolss_nt.c:
use snprintf instead of safe_strcpy as we want the string
truncated at 32 chars.
That should fix SUN and SGI box not able to act as printserver and the
problem with joining from a W2K wks.
J.F.
(This used to be commit 69fe739303b105f2c488f266f13977da1b6b201d)
|
|
in fixes from appliance-head and 2.2. Fixed multiple connection.tdb open
problem.
Jeremy.
(This used to be commit 0a40bc83e14c69a09948ec09bb6fc5026c4f4c14)
|
|
with a Solaris system call.
(This used to be commit 5e547ddcb526be5562db9213c5b36e505e735a2e)
|
|
(correctly)
when the NT_USER_TOKEN is *created*.
Jeremy.
(This used to be commit 27d72ed1cf8ece2bede812341279ba5a7262ace4)
|
|
Jeremy.
(This used to be commit 05fcb124dfbb1a257828e9dc6a7793fc3dc73c4b)
|
|
o added some comments
o abstracted a few code bits
o cleaned up some code by removing unused code paths
-- jerry
(This used to be commit 679453af36c06ae9c82dd20742a56272ec73f427)
|
|
o check the username in all lowercase
o check the username as transmitted if this would be a different case
o check the username in all upper case if this is a new version
-- jerry
(This used to be commit 059f4fee5d8ad72cd699995c660263ed2cc4f25f)
|
|
Jeremy.
(This used to be commit f575f4d67a5b45e47c29de30f02901c55cef4621)
|
|
Gerald, could you check to see I haven't introduced any bugs into
rpcclient/cmd_spoolss.c?
(This used to be commit 77b0bda4df3217cd186d5b8f902a50f35346d98d)
|
|
on read.
Jeremy.
(This used to be commit 76b8dd376d13eb4469417be217c966d54d333367)
|
|
Jeremy.
(This used to be commit da6ae57501e3cb971e82eac5bb05efcd9cf443ae)
|
|
ACL patch from http://acl.bestbits.at/.
configure support needs more work (just assumes correct headers at
the moment). ACL writing needs adding.
Jeremy.
(This used to be commit 6ae63e502e6adf3666a34aa87860c74e106fdb84)
|
|
Currently does exactly the same thing (returns ACLs the same way). This
code is written to try and get a POSIX ACL via the abstract sys_XX interface,
then fall back to providing a UNIX based ACL if the calls fail. Seems to
work. Next step is to add a --with-posix-acls to configure.in and then
check on a POSIX ACL system that a complex ACL is returned correctly
as an NT ACL. Note that the ACL set (a more complex problem) is not
addressed yet.
Jeremy.
(This used to be commit 4339e20202a876dbadc07980b731f711463b7299)
|
|
(This used to be commit 6553f1d02792d81987dda51af76b4fc06d73a787)
|
|
include/smb_acls.h lib/sysacls.c: Added as interface definitions.
Jeremy.
(This used to be commit 8359375bba5b3ae24956f66b066dedf11d3583df)
|
|
a --with-spinlocks option to configure, this does mean the on-disk tdb
format has changed, so 2.2alphaX sites will need to re-create their
tdb's. The upside is no more tdb fragmentation and a +5% on netbench.
Swings and roundabouts....
Jeremy.
(This used to be commit 9dea7b7c257db487f8ced7dad3fce92fba03ea91)
|
|
(This used to be commit 1d63160c751fa968e3a7618d1feb84a9feaa13dc)
|
|
(This used to be commit 46007a541cd2497c14659a10ba24a6d0a375ac5a)
|
|
Found by Joseph Cheek <joseph@cheek.com>
(This used to be commit ec74fdc631fbd5f0b5450df02acb9cd98c153823)
|
|
o added BOOL own_memory flag in SAM_ACCOUNT so we could
use static memory for string pointer assignment or
allocate a new string
o added a reference TDB passdb backend. This is only a reference
and should not be used in production because
- RID's are generated using the same algorithm as with smbpasswd
- a TDB can only have one key (w/o getting into problems) and we
need three. Therefore the pdb_sam-getpwuid() and
pdb_getsampwrid() functions are interative searches :-(
we need transaction support, multiple indexes, and a nice open
source DBM. The Berkeley DB (from sleepycat.com seems to fit
this criteria now)
o added a new parameter "private dir" as many places in the code were
using lp_smb_passwd_file() and chopping off the filename part.
This makes more sense to me and I will docuement it in the man pages
o Ran through Insure-lite and corrected memory leaks. Need for
a public flogging this time Jeremy (-:
-- jerry
(This used to be commit 4792029a2991bd84251d152a62b1033dec62cee2)
|
|
the problem had nothing to do with being your own pid, it was instead
a problem with IPC$ connections not being registered in the
connections database and an incorrect test for -1 in the messaging
code.
These changes also mean that IPC$ shares now show up in
smbstatus. That is probably a good thing.
(This used to be commit 3575ad10985a18f897e38179ca69fa9a49a7ea02)
|
|
(This used to be commit 34f0379096d0701c74a51c51649ffe4cb1a24291)
|
|
Jeremy.
(This used to be commit 6e18a2aa58bc485e3c803ff357acc1b7fe6d95e1)
|
|
processors. Fixed.
(This used to be commit 64d38c24100cb3409b38b9923734f2a6202bdc2a)
|
|
(This used to be commit 30048cff12e03c95ef43ba4ee16af1df2de9dbc8)
|
|
messaging system as a notification mechanism, and the speed of notification
greatly exceeds the speed of message recovery, then you get a massively (>75Mb)
growing tdb. If the message is a simple notification, then the message is
static, and you only need one of them in transit to a target process at
any one time.
This patch adds a BOOL "allow_duplicates" to the message_send_XX primitives.
If set to False, then before sending a message the sender checks the existing
message queue for a target pid for a duplicate of this message, and doesn't
add to it if one already exists.
Also added code into msgtest.c to test this.
Jeremy.
(This used to be commit 3aa7995660395ecb85c8e35b638fa9fbbb952558)
|
|
Jeremy.
(This used to be commit b8753b92fbeb1d6768d0559e12ff2aa1d0148419)
|
|
a byte range lock (write lock only, but Win2k breaks on read lock also so I
do the same) - if you think about why, this is obvious. Also fixed our client
code to do level II oplocks, if requested, and fixed the code where we would
assume the client wanted level II if it advertised itself as being level II
capable - it may not want that.
Jeremy.
(This used to be commit 213cd0b5192307cd4b0026cae94b2f52fb1b0c02)
|
|
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+)
are broken, but they were somewhat broken before. :)
The following functions implement the storage manipulation interface
/*The following definitions come from passdb/pdb_smbpasswd.c */
BOOL pdb_setsampwent (BOOL update);
void pdb_endsampwent (void);
SAM_ACCOUNT* pdb_getsampwent (void);
SAM_ACCOUNT* pdb_getsampwnam (char *username);
SAM_ACCOUNT* pdb_getsampwuid (uid_t uid);
SAM_ACCOUNT* pdb_getsampwrid (uint32 rid);
BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass);
BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override);
BOOL pdb_delete_sam_account (char* username);
There is also a host of pdb_set..() and pdb_get..() functions for
manipulating SAM_ACCOUNT struct members. Note that the struct
passdb_ops {} has gone away. Also notice that struct smb_passwd
(formally in smb.h) has been moved to passdb/pdb_smbpasswd.c
and is not accessed outisde of static internal functions in this
file. All local password searches should make use of the the SAM_ACCOUNT
struct and the previously mentioned functions.
I'll write some documentation for this later. The next step is to fix
the TDB passdb backend, then work on spliting the backends out into
share libraries, and finally get the LDAP backend going.
What works and may not:
o domain logons from Win9x works
o domain logons from WinNT 4 works
o user and group enumeration
as implemented by Tim works
o file and print access works
o changing password from
Win9x & NT ummm...i'll fix this tonight :)
If I broke anything else, just yell and I'll fix it. I think it
should be fairly quite.
-- jerry
(This used to be commit 0b92d0838ebdbe24f34f17e313ecbf61a0301389)
|
|
Jeremy.
(This used to be commit 3be056c71aa8e0a4ba70d397107199004bdb7d3f)
|
|
Jeremy.
(This used to be commit 24d76c5fbda29d89c96d7c22193ec2eb93ad3887)
|
|
Jeremy.
(This used to be commit 4d25a53c36ad2c33cc2ecaf1486e18f1536eff95)
|
|
Jeremy.
(This used to be commit 9a5471b3e861aa864ffff5fc87ac2681de7b0068)
|
|
(This used to be commit 852de9226d50ccac71ec1691052a6e395283ca56)
|
|
IBM-Japan. Co. Jp.
Jeremy.
(This used to be commit 9c2272e056aef741c4b86f9a247c3534944d9eff)
|