Age | Commit message (Collapse) | Author | Files | Lines |
|
descriptor
buffers.
Make security access masks simply a uint32 rather than a structure
with a uint32 in it.
(This used to be commit b41c52b9db5fc4a553b20a7a5a051a4afced9366)
|
|
(This used to be commit 5de76767e857e9d159ea46e2ded612ccd6d6bf19)
|
|
Compiled it on systems with and without LDAP, I hope it does not break the
build farm too badly. If it does, I'll fix it tomorrow.
Volker
(This used to be commit b2ff9680ebe0979fbeef7f2dabc2e3f27c959d11)
|
|
(This used to be commit b7ec240880af0072ef20b2c0d688ef3cc386d484)
|
|
to do the upper layer directories but this is what
everyone is waiting for....
Jeremy.
(This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
|
|
realm name in ads_init() in nt_printer_publish().
(This used to be commit a25e75e78db092b3992dfc6f7e2737023d43e2c3)
|
|
where we don't correctly check the return from memdup.
Jeremy.
(This used to be commit ce14daf51c7ee2f9c68c77f7f4674e6f0e35c9ca)
|
|
examining Klockwork #1519. get_printer_subkeys()
could return zero without initializing it's return
pointer arg. Fixed this. Added free of subkey pointer
return in registry/reg_printing.c (interesting that
neithe Coverity or Klocwork found this one).
Jeremy.
(This used to be commit 4fbeae1a3ac3499e5d9f566655cbafccd9d691cb)
|
|
Jeremy.
(This used to be commit b581fee9824712b9385e9975739a8ddbb297bca8)
|
|
few other problems Klocwork missed.
Jeremy.
(This used to be commit fe05769a1a85f924c67be7e5dcee4871a86948d7)
|
|
correct error
code here?
Thanks,
Volker
(This used to be commit 5787bd0ee90b081ae12a4a976893cb297fa7bed4)
|
|
The motivating factor is to not require more privileges for
the user account than Windows does when joining a domain.
The points of interest are
* net_ads_join() uses same rpc mechanisms as net_rpc_join()
* Enable CLDAP queries for filling in the majority of the
ADS_STRUCT->config information
* Remove ldap_initialized() from sam/idmap_ad.c and
libads/ldap.c
* Remove some unnecessary fields from ADS_STRUCT
* Manually set the dNSHostName and servicePrincipalName attribute
using the machine account after the join
Thanks to Guenther and Simo for the review.
Still to do:
* Fix the userAccountControl for DES only systems
* Set the userPrincipalName in order to support things like
'kinit -k' (although we might be able to just use the sAMAccountName
instead)
* Re-add support for pre-creating the machine account in
a specific OU
(This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
|
|
(This used to be commit 037f9f831e001a12261419e37c725558dd717af9)
|
|
does not
have the timeout argument in Samba4. Add a new routine
tdb_lock_bystring_with_timeout.
Volker
(This used to be commit b9c6e3f55602fa505859a4b2cd137b74105d685f)
|
|
Guenther
(This used to be commit aae8f8ae7a79d06c74151186f3c2470bdec5687d)
|
|
but make the intent clearer.
Jeremy.
(This used to be commit 2703df7a8f26a315ae6ab53de8f7814fa66a1c54)
|
|
Jeremy.
(This used to be commit d2be8163f2cf69681150ed7de720a37ffaa8e937)
|
|
Jeremy.
(This used to be commit 21b70035f39973e9edff323219c3c7eeb1550e2b)
|
|
Jeremy.
(This used to be commit c76092a0662714b49c3c519d6f01174b8995a036)
|
|
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.
The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :
tmp = realloc(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :
p = realloc(p, size)
if (!p) {
return error;
}
which will leak the memory pointed to by p on realloc fail.
This commit (hopefully) fixes all these cases by moving to
a standard idiom of :
p = SMB_REALLOC(p, size)
if (!p) {
return error;
}
Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.
For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :
tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).
It remains to be seen what this will do to our Coverity bug count :-).
Jeremy.
(This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
|
|
code relied upon file permissions alone. Now we check that
the user is a printer administrator and that the share has not been
marked read only for that user.
(This used to be commit 117d9fd9e16a7afbc6772506a4f8c33ff99d33f7)
|
|
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
|
|
by saving the UNIX token used to set a delete on close flag,
and using it when doing the delete. libsmbsharemodes.so still
needs updating to cope with this change.
Samba4 torture tests to follow.
Jeremy.
(This used to be commit 23f16cbc2e8cde97c486831e26bcafd4ab4a9654)
|
|
accessing a previously freed pointer
(This used to be commit bcce3b69f83f52deb308d8c2f5165000468bd552)
|
|
only tell at parse time from the wire if an incoming name
has wildcards or not. If it's a mangled name and we demangle
the demangled name may contain wildcard characters. Ensure
these are ignored.
Jeremy.
(This used to be commit 4cd8e2a96b98ff711905e8c6f416b22440c16062)
|
|
* BUG 3087: allow smbspool to establisha geust connection
using a username with no password
(This used to be commit 39369c8041e0633e88c30e0c62530c2393ef80f6)
|
|
Guenther
(This used to be commit daa61ef75b4f7cf510b17cd0b85f5830c73b9279)
|
|
the new talloc() features:
Note that the REGSUB_CTR and REGVAL_CTR objects *must* be talloc()'d
since the methods use the object pointer as the talloc context for
internal private data.
There is no longer a regXXX_ctr_intit() and regXXX_ctr_destroy()
pair of functions. Simply TALLOC_ZERO_P() and TALLOC_FREE() the
object.
Also had to convert the printer_info_2->NT_PRINTER_DATA field
to be talloc()'d as well. This is just a stop on the road to
cleaning up the printer memory management.
(This used to be commit ef721333ab9639cb5346067497e99fbd0d4425dd)
|
|
the wire
* fix dup_a_regval() when size is 0
* ensure we pass a pstring to unlink_internals (fixes delete_driver
code)
(This used to be commit 353e63ff421c564a1b7c7cfe95982f31c871a227)
|
|
but make sure to write the new version to the ntdrivers.tdb.
(This used to be commit 9e50d696c3e101174670c47ecbd6401bec2ab3d3)
|
|
for NT4 clients enumerating printer data on slow CPUs)
* fix pinter and secdesc record upgrade to normalize the key
(rev'd printer tdb version)
* fixed problem that was normalizing the printername name field
in general, this should fix the issues upgrading print servers
from 3.0.14a to 3.0.20
(This used to be commit d07179de2f2a6eb1d13d0e25ac10de1a21475559)
|
|
tests on this as it's very late NY time (just wanted to get this work
into the tree). I'll test this over the weekend....
Jerry - in looking at the difference between the two trees there
seem to be some printing/ntprinting.c and registry changes we might
want to examine to try keep in sync.
Jeremy.
(This used to be commit c7fe18761e2c753afbffd3a78abff46472a9b8eb)
|
|
(This used to be commit d3427960b0676c506c639b582a2544dc58990c9e)
|
|
when packing values. It is a compatible change though and will
not require a tdb version upgrade
* Can successfully create new printer subkeys via winreg that
are immediately available via spoolss calls. Still cannot delete
keys yet though. That comes next.
(This used to be commit 00bce2b3bb78a44842a258b1737076281297d247)
|
|
nver normalized the string used for printer and
sec_desc key lookups ?????
normalized sharename to lower case before storing/fetching
from tdb.
Need to look at drivers and forms tdb as well (perhaps).
(This used to be commit 4aec5dce5c2d0b5c686123a624b58097be9d911a)
|
|
(This used to be commit 5f4a3f61a354346d7dde11d6d7930abe007b9603)
|
|
safe for using our headers and linking with C++ modules. Stops us
from using C++ reserved keywords in our code.
Jeremy
(This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
|
|
(This used to be commit a091b37d59d1e0228a9c8d4bd2a31e9bbaafde99)
|
|
* start adding write support to the Samba registry
Flesh out the server implementations of
RegCreateKey(), RegSetValue(), RegDeleteKey() and RegDeleteValue()
I can create a new key using regedit.exe now but the 'New Key #1'
key cannot be deleted yet.
(This used to be commit e188fdbef8f0ad202b0ecf3c30be2941ebe6d5b1)
|
|
(not move) to the W32X86/{2,3}/ directory. Printmig.exe
copies the driver files for all drivers to print$/W32X86
and the calls AddPrinterDriver() for each driver. If we
move the file, then adding a driver which shares a file with
a previous driver will fail.
I can now restore drivers in bulk to a Samba 3 server.
(This used to be commit 46cd95c9b48a00a51139d3654352d4399b774a9b)
|
|
provide better error messages to clients when a AddPrinterDriver[Ex]() call fails
(This used to be commit c98e17446afffc4b12f1a31f6e5cce517fc0a95b)
|
|
(This used to be commit 26387fc74c1157157e7e8728003a39d10aeb4cc1)
|
|
Jeremy.
(This used to be commit 0b6f87d5e14da461bd2b1c3a4e6f47a69d2cd1c4)
|
|
(This used to be commit ec3ef5ddbe12fa6ebe8f58979625c671d181c519)
|
|
some issues in the printer security descriptors.
Ensure that each printer sd has an oaner and group SID
(BUILTIN\Administrators) and that we utilize more than
the generic bits assigned in <= 3.0.14a.
(This used to be commit c72182c1e20225a655376fd23915ac6053b94633)
|
|
initializable
statically.
Volker
(This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9)
|
|
(This used to be commit efea76ac71412f8622cd233912309e91b9ea52da)
|
|
file/directory
will be owned by the same uid as the containing directory. Doing this for directories
in a race-free mannor has only been tested on Linux (it depends on being able to open
a directory and then do a fchown on that file descriptor). If this functionality is
not available then the code silently downgrades to not changing the ownership of a
new directory. This new parameter (docs to follow) finally makes it possible to create
"drop boxes" on Samba, which requires all files within a directory to be commonly owned.
A HOWTO on how to use this will follow.
Jeremy.
(This used to be commit 2e1f727184b9d025d2e3413bdd3d01d5ca803a41)
|
|
NT x86' driver remains'
(This used to be commit 743ddbc7f204977431b8eaa48c3838b3cc9bdb11)
|
|
as the longname in the published printer information since this
is what we will have used when we joined the domain.
More testing on this tomorrow.
(This used to be commit d64fd1116d5fe29807be29c73809317f88fdb033)
|