summaryrefslogtreecommitdiff
path: root/source3/lib
AgeCommit message (Collapse)AuthorFilesLines
2000-08-04Fixed up se_access_check() to use the token list from the user structJeremy Allison1-82/+32
as the SID list. Now to go through and tidy up the algorithm. Jeremy. (This used to be commit 1f7300df6713a6728feb1600ca7e62fc213232fc)
2000-08-03Added an NT_USER_TOKEN structure that is copied/passed around associatedJeremy Allison1-3/+5
with the current user. This will allow se_access_check() to quickly do a SD check without having to translate uid/gid's to SIDs. Still needs work on pipe calls. Jeremy. (This used to be commit e28d01b744b3dbd33e0e54af4e7f426fa8c082b8)
2000-08-02Started to canonicalize our handling of uid -> sid code in order toJeremy Allison1-19/+27
get ready and fix se_access_check(). Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid() functions that look via winbind first the fall back on local lookup. All Samba should use these rather than trying to call winbindd code directly. Added NT_USER_TOKEN struct in user_struct, contains list of NT sids associated with this user. se_access_check() should use this (cached) value rather than attempting to do the same thing itself when given a uid/gid pair. More work needs to be done to preserve these things accross security context changes (especially with the tricky pipe problem) but I'm beginning to see how this will be done..... probably by registering a new vuid for an authenticated RPC pipe and not treating the pipe calls specially. More thoughts needed - but we're almost there... Jeremy. (This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8)
2000-08-01Tidyup removing many of the 0xC0000000 | NT_STATUS_XXX stuff (only need ↵Jeremy Allison1-13/+7
NT_STATUS_XXX). Removed IS_BITS_xxx macros as they were just reproducing "C" syntax in a more obscure way. Jeremy. (This used to be commit c55bcec817f47d6162466b193d533c877194124a)
2000-07-31More work on rpcclient...Gerald Carter1-4/+2
* Fixed to work with Jeremy's recent changes re: dunamic memory allocation when unmarshalling unistr[2] * included EnumPorts level 1 * more work on AddPrinterEx --jerry (This used to be commit 45fbf31b698d6e754630590034cff712c0a716b1)
2000-07-27Ok - this is a *BIG* change - but it fixes the problems with static stringsJeremy Allison3-2/+10
in the RPC code. This change was prompted by trying to save a long (>256) character comment in the printer properties page. The new system associates a TALLOC_CTX with the pipe struct, and frees the pool on return of a complete PDU. A global TALLOC_CTX is used for the odd buffer allocated in the BUFFERxx code, and is freed in the main loop. This code works with insure, and seems to be free of memory leaks and crashes (so far) but there are probably the occasional problem with code that uses UNISTRxx structs on the stack and expects them to contain storage without doing a init_unistrXX(). This means that rpcclient will probably be horribly broken. A TALLOC_CTX also needed associating with the struct cli_state also, to make the prs_xx code there work. The main interface change is the addition of a TALLOC_CTX to the prs_init calls - used for dynamic allocation in the prs_XXX calls. Now this is in place it should make dynamic allocation of all RPC memory on unmarshall *much* easier to fix. Jeremy. (This used to be commit 0ff2ce543ee54f7364e6d839db6d06e7ef1edcf4)
2000-07-25if the sids are not the same pointer and either of the sids are NULLAndrew Tridgell1-0/+3
then the two sids are not equal (This used to be commit 9ccf3b1dc5baf0e00d032d8b932ab0fb5b1e11b1)
2000-07-21Added EnumPorts() and fixed up some problemsGerald Carter1-48/+27
with the other spoolss client calls. Also cleaned up output for 'help' command. jerry (This used to be commit a0e8a55c279af50c1f770c7b913262094b9b593a)
2000-07-19Instead of handing back a string (which might be a DNS name or an IPChristopher R. Hertel1-33/+85
string), the wins_srv module now hands back a struct in_addr when it's called. It caches the IP address once it has been looked up. The IP is cleared (and must be looked up again) if the 'wins server' parameter is reread, or if the node is marked 'dead'. A dead node will not be re-tried for 10 minutes (per a #define in wins_srv.c). As it was, the code was reading the WINS server name or IP directly from lp_wins_server. That's okay, except that if the value was expressed as a name, then a DNS lookup would be done every time the client wanted to talk to the server. I still need to work out the implications of failover regarding the 'unicast subnet' list. Chris -)----- (This used to be commit 73aa188320fd3bf10b5dfc057323f40aff2c13bd)
2000-07-19First cut toward adding WINS server failover.Christopher R. Hertel1-0/+218
*Note: failover doesn't actually work yet!* It's just that the code I'm adding provides all of the pieces necessary. I do have one big question. Something that I'll have to ask Jeremy, I'm thinkin'. In nmbd/nmbd_subnetdb.c the IP of the WINS server is used to set up the Unicast subnet. ...so what happens if the WINS server changes? My guess is either: a) nothing. b) I'd have to change the unicast subnet entry whenever the WINS server changes. Urq. BTW, the lp_wins_server() function no longer returns the WINS server name or IP. It returns the list of WINS servers entered in smb.conf. To get the currently 'live' WINS server, use the wins_srv() function. Fun, eh? Chris -)----- (This used to be commit cc08bdc74f4cd111fdc582ee7babef47ed8a950d)
2000-07-18I really didn't like the way generic arrays (lists) wereGerald Carter1-0/+321
implemented in util_array.c so I wrote a smaller (and simplier package). I would like to replace the use of util_array.c functions in the rest of the source tree if no one objects. This will be an interface change, but not really a difference in the functionality provided. --jerry (This used to be commit 0863ce3a31e4c76c8356850ac128f6d96ea54917)
2000-07-17Added some debugs.Tim Potter1-13/+27
Changed interface to se_access_check to take a user struct instead of each bit as a separate parameter. (This used to be commit ff7938310d0636b165b03a2b0a15e51494b2459f)
2000-07-14Fixed a bug in cmd_interp.c where if user%pass was entered onGerald Carter2-206/+3
the command line, the password would still be cached in memory in plain text for the lifetime of the rpcclient command line session. removed loopback connection functions from msrpc-client.c since we don't support that in the server code now anyways. simplify, simplify, ... --jerry (This used to be commit 8599e1bc394b1caee2483ec72d439a34d3f30629)
2000-07-13Uninitialised variables.Tim Potter1-0/+2
(This used to be commit a895868912a24589de3a904ca537cf3367a645bf)
2000-07-10Fixed a bug in parsing the command line.Gerald Carter1-1/+1
jerry (This used to be commit ebcb7473c6b62266c30e276d02186d8e50a5629a)
2000-07-10Fixes for various compile warnings on Solaris 8.Tim Potter1-1/+2
(This used to be commit 898a483cdab1ed7d8ff902c0dc0e0620440ae4cd)
2000-07-10Moved winbind client functions from various odd locations toTim Potter1-64/+0
nsswitch/wb_client.c Merge of nsswitch/common.c rename to nsswitch/wb_common.c from TNG. (This used to be commit f866c18f6be65db67d9d2a6c0b42e1af3b421e6c)
2000-07-10Added some useful debugging stuff.Tim Potter1-10/+66
Fixes for se_access_check() when you are the owner of the object. (This used to be commit 1478198b709b26d0007a8ff0586c34fc6f37a9d2)
2000-07-07More rpcclient merge issues:Gerald Carter3-9/+221
* fixes some readline bugs from the merge * first attempt at commands (spoolenum almost works) * no changes to existing functions in HEAD; only additions of new functions. I'll weed out what I can as I go. --jerry (This used to be commit 61d2aad5dc2b212b11c981f1eca47efa627e9fc8)
2000-07-06Rewrite of se_access_check() function. Added comments and fixed a bunch ofTim Potter1-189/+287
bugs. I think there is a problem though with the permissions granted when SEC_RIGHTS_MAXIMUM_ALLOWED is passed as the permissions requested. (This used to be commit 27d821913c87dddd44a0690f4b191c9d2445817e)
2000-07-06Added global_sid_NULL S-1-0-0 to list of global sids.Tim Potter1-0/+2
(This used to be commit f49905e74c6e3891b5816b136fd1d0d77c392e2f)
2000-07-06Bracked unbracketed macro arguments while looking for another bug.Tim Potter1-2/+2
(This used to be commit 873774e36dfc877727133a86fbc2c2ddc2d563cd)
2000-07-03first pass at merging rpcclient from TNG to HEAD. You can get aGerald Carter2-0/+1395
semi-connection and a rpcclient prompt, but no functionality there yet. Will be a few more days on that. --jerry (This used to be commit 269051aa0c52728278a1d290148564f11cf7f189)
2000-06-26fixed size alignment in tallocAndrew Tridgell1-2/+2
(This used to be commit 064cdb7ee69bff3af12d1e0b3c3b59207c594681)
2000-06-24lib/util_sid.c: Uninitialized memory read.Jeremy Allison1-0/+2
rpc_parse/parse_spoolss.c: Added note about prs_align when marshalling a SEC_DESC... rpc_server/srv_lsa.c: Tim - your changes broke the display of the 'everyone' group when doing file access with no winbindd running. This is a partial fix - more when I have analysed this more. rpc_server/srv_spoolss_nt.c: Fix for the 'change driver' problem ! Hurrah ! Jeremy. (This used to be commit 151b131ee01ef916c072bcdaa9943a2e984a0f45)
2000-06-23lib/util_unistr.c: Off-by-one fix for dos_PutUniStr from John Reilly ↵Jeremy Allison1-1/+1
jreilly@hp.com. Memory leak fix for new sec_ctx code (sorry Tim :-). Jeremy. (This used to be commit edaf49c66d5a5ccf6689b358c301e208599a468f)
2000-06-22lib/util_unistr.c: Removed ascii_to_unistr() as it does no codepage.Jeremy Allison1-48/+3
Removed unistr_to_ascii() as it was never used. printing/nt_printing.c: Removed "DUMMY.XX" files. rpc_server/srv_spoolss_nt.c: Use dos_PutUniCode() instead of ascii_to_unistr(). Attempted to fix the "return value" size code based on J.F's comments. This needs looking at. Jeremy. (This used to be commit de99011bf3b2a23bd1854a047382a107aaeb9c68)
2000-06-21fixed two minor bugs in new sys_select()Andrew Tridgell1-5/+5
(This used to be commit 5afc5f503144c81ebc6139719fd88335fd30f4ad)
2000-06-19Paranoia changes to ensure that anything touched by a signal handlerJeremy Allison1-1/+1
and the main code is declared as VOLATILE SIG_ATOMIC_T. Jeremy. (This used to be commit b737c784e34b0e1af014cb828ef37d5b6d73c3e2)
2000-06-14Merged parse_domain_user() from TNG.Tim Potter1-0/+20
(This used to be commit f64ac9d9068901862290f7b25874156d6f0d4d73)
2000-06-13forgot to checkin select.cAndrew Tridgell1-0/+107
(This used to be commit 719bc2f130393a55058f5c45ca6fbd30a78de2dc)
2000-06-12totally rewrote the async signal, notification and oplock notificationAndrew Tridgell2-109/+4
handling in Samba. This was needed due to several limitations and races in the previous code - as a side effect the new code is much cleaner :) in summary: - changed sys_select() to avoid a signal/select race condition. It is a rare race but once we have signals doing notification and oplocks it is important. - changed our main processing loop to take advantage of the new sys_select semantics - split the notify code into implementaion dependent and general parts. Added the following structure that defines an implementation: struct cnotify_fns { void * (*register_notify)(connection_struct *conn, char *path, uint32 flags); BOOL (*check_notify)(connection_struct *conn, uint16 vuid, char *path, uint32 flags, void *data, time_t t); void (*remove_notify)(void *data); }; then I wrote two implementations, one using hash/poll (like our old code) and the other using the new Linux kernel change notify. It should be easy to add other change notify implementations by creating a sructure of the above type. - fixed a bug in change notify where we were returning the wrong error code. - rewrote the core change notify code to be much simpler - moved to real-time signals for leases and change notify Amazingly, it all seems to work. I was very surprised! (This used to be commit 44766c39e0027c762bee8b33b12c621c109a3267)
2000-06-12fixed a bug in BlockSignals() for systems that don't haveAndrew Tridgell1-4/+2
sigprocmask() (This used to be commit abf06fa90ba49f6a1ec5458d056f8b8cf20b6512)
2000-06-11Linux kernel oplocks now seem to work, but need a _lot_ of testingAndrew Tridgell3-11/+21
I had to modify sys_select() to not loop on EINTR. I added a wrapper called sys_select_intr() which gives the old behaviour. (This used to be commit b28cc4163bc2faaa80c5782fc02c8f03c410cdeb)
2000-06-10continued the split of the kernel level oplocks code into a moreAndrew Tridgell1-0/+2
modular form. In this pass I added oplock_irix.c and added a "struct kernel_oplocks" that describes a kernel oplock implementation. (This used to be commit b5ceab810292602ea9a81696c20a781c16b706c2)
2000-06-09Fix from Elrond for hash table corruption. Should fix stat cache bug (IJeremy Allison1-2/+10
sincerely hope :-). Thanks elrond ! Jeremy. (This used to be commit 0d59e8c6bf49e06f11b386f9d805474771365f52)
2000-06-09do some standard_sub_advanced() in api_net_sam_logon on lp_logon_xxx().Jean-François Micouleau1-1/+1
and if you have unix realname=yes, you get the gecos name when locking the station. J.F. (This used to be commit b5ad24ae0b15643df5832e2369fb4e43c98a1359)
2000-06-09clean up oplock capability code ready for Linux codeAndrew Tridgell2-13/+20
(This used to be commit 70dcc791b45ac64fc536ef449e4e6b53b2b68fd4)
2000-06-08added se_access_check.Luke Leighton2-0/+281
(This used to be commit 6de329f6bf9c26e132869cf43d4976d4881e285c)
2000-06-01Getting back to a compilable state (not there yet but close).Jeremy Allison1-1/+1
Added patches for random -> sys_random. Added set_effective_xxx patches for AFS code. Memory allocation changes in spoolss code. Jeremy. (This used to be commit c2099cfb033c2cdb6035f4f7f50ce21b98e1584d)
2000-05-31The functionality in this file has been moved into smbd/unix_acls.c in orderJeremy Allison1-679/+0
to make the acl functionality regular (we can have smbd/posix_acls etc). Jeremy. (This used to be commit 9adb9399df27c5c1d7fec04f80d49e5476200738)
2000-05-29Fixed LsaQueryInformationPolicy level 3 to return primary domain info.Matthew Chapman1-9/+12
Domain SID is saved in secrets.tdb upon joining domain. Added "Authenticated Users" and "SYSTEM" well-known SIDs (under NT Authority). (This used to be commit 7710b4f48d3e8532df5e37f99a779758f750efdb)
2000-05-29don't return a passwd struct for usernames that don'tAndrew Tridgell1-2/+12
belong to us (This used to be commit 2740a80e30cbf512d51ba76684905a904c2fddf7)
2000-05-27getting and setting security descriptors on printers now worksAndrew Tridgell1-0/+2
this needed some fixes in tdb_unpack(). Tim, you'll need to update (This used to be commit 9422719ab4c35e4ce3199b62dd632433bf391283)
2000-05-27prs_give_memory in wrong place, also poss. was losing mem.Luke Leighton1-2/+2
(This used to be commit 9805e17cd0ce427c329a8b5a8318d5f75227e283)
2000-05-27unistr_to_dos not unistr_to_asciiLuke Leighton1-0/+22
(This used to be commit f46c4fe876a0cabe7044ca30c17e6c217d618635)
2000-05-27fixed nttrans.cLuke Leighton2-1/+680
(This used to be commit 06cd46b0ec10b32af54edd8256d2fdbec45e1371)
2000-05-17Changed name of case_sensitive in mask_match to avaid gcc "shadow global"Jeremy Allison1-4/+2
warning. Jeremy. (This used to be commit 36629d2a934fe61e68f87c5d2faf67158b365ae6)
2000-05-12Added unicode_to_dos_char() function to address converting single UNICODEJeremy Allison1-0/+22
characters to one or more DOS codepage characters. Jeremy. (This used to be commit eefbfb5e16fcf40f335edc840a49f837f6b64111)
2000-05-12use "winbind separator" option for domain/user separator characterAndrew Tridgell1-14/+0
(This used to be commit 6cbb826b154e61085fd651116caf472d4d438c1d)