Age | Commit message (Collapse) | Author | Files | Lines |
|
Added a become_root()/unbecome_root() (push/pop security context)
around the initgroups() call to ensure it would succeed. Hmmm - I
wonder if this call being done as non-root might explain any "group access"
bugs we've had in the past....
Jeremy.
(This used to be commit 06a65972e872f37d88b84f22ea714feebd38f6c0)
|
|
get ready and fix se_access_check().
Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid()
functions that look via winbind first the fall back on local lookup.
All Samba should use these rather than trying to call winbindd code
directly.
Added NT_USER_TOKEN struct in user_struct, contains list of NT sids
associated with this user.
se_access_check() should use this (cached) value rather than attempting
to do the same thing itself when given a uid/gid pair.
More work needs to be done to preserve these things accross security
context changes (especially with the tricky pipe problem) but I'm
beginning to see how this will be done..... probably by registering
a new vuid for an authenticated RPC pipe and not treating the
pipe calls specially.
More thoughts needed - but we're almost there...
Jeremy.
(This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8)
|
|
NT_STATUS_XXX).
Removed IS_BITS_xxx macros as they were just reproducing "C" syntax in a more
obscure way.
Jeremy.
(This used to be commit c55bcec817f47d6162466b193d533c877194124a)
|
|
from the NT printer tdb.
Also added checks for time restrictions before allowing a job to print.
Jeremy.
(This used to be commit 8cfb55e81abebf0354e6d470ed68bbac1d6560ad)
|
|
Jeremy.
(This used to be commit c0648c981edef2a29b3a22a7d08aa226ca724e95)
|
|
fix for the Win9x printer drivers.
Changed command names to add "command" string on the end for some consistancy
with the other scripting commands.
Added '%P' option to tdbpack/unpack to store long comment string.
Made port name be "Samba Printer Port" if no enum port script given.
Fixed prs_uint32_pre code to cope with null args.
Jeremy.
(This used to be commit 902ada63799cf27924c72e24e7593a8c9fb5eba9)
|
|
in the RPC code. This change was prompted by trying to save a long (>256)
character comment in the printer properties page.
The new system associates a TALLOC_CTX with the pipe struct, and frees
the pool on return of a complete PDU.
A global TALLOC_CTX is used for the odd buffer allocated in the BUFFERxx
code, and is freed in the main loop.
This code works with insure, and seems to be free of memory leaks and
crashes (so far) but there are probably the occasional problem with
code that uses UNISTRxx structs on the stack and expects them to contain
storage without doing a init_unistrXX().
This means that rpcclient will probably be horribly broken.
A TALLOC_CTX also needed associating with the struct cli_state also,
to make the prs_xx code there work.
The main interface change is the addition of a TALLOC_CTX to the
prs_init calls - used for dynamic allocation in the prs_XXX calls.
Now this is in place it should make dynamic allocation of all RPC
memory on unmarshall *much* easier to fix.
Jeremy.
(This used to be commit 0ff2ce543ee54f7364e6d839db6d06e7ef1edcf4)
|
|
J.F.
(This used to be commit c267b23620677a11f702bfea4885a28e66a05b05)
|
|
(This used to be commit 1f49788442b0d1264c70166e727b8588b936e6ec)
|
|
Jeremy.
(This used to be commit 5130dd0f8b80aed5fb3c0df290b627057cc9b825)
|
|
Jeremy.
(This used to be commit 0bd88d304cd773e0bbf3e6f7fedcb3b544d41cbe)
|
|
- changed the default forms flag to 2
- all short architecture name are uppercased
- get_short_archi() is now case unsensitive
- the drivers TDB is indexed by archi/version/name
- implemented code to move drivers from the upload area to the download
area. Someone else need to look at that code.
- don't return anymore a default driver if it doesn't exist in the TDB.
Instead return an error.
- cleaned prs_unistr.
- #ifdef out jeremy's new SD parsing in printer_info_2
- removed the unused MANGLE_CODE
- #ifdef out the security checking in update_printer() as it doesn't work
for me.
Zap your ntdrivers.tdb, it won't work anymore.
J.F.
(This used to be commit ac0a145acc0953a6f362497abbf4dfe70aa522a6)
|
|
is beginning to come together...
Jeremy.
(This used to be commit 614bf56186b5836020a7813855a5108da0ee8433)
|
|
in order - moved them into open_printer_hnd().
Added saving of comment field.
Jeremy.
(This used to be commit a0ee774fe92e5d0bc84d1d6729e8c538c67e8aba)
|
|
rpc_parse/parse_spoolss.c: Fixed the security descriptor marshalling in a INFO_2 struct.
for some reason SD's should be done inline after the info2, not
as the last buffer marshall.
rpc_server/srv_spoolss_nt.c: Removed extraneous ()'s.
Jeremy.
(This used to be commit f038a24e9f624fdb04cd52769d45783248ce8a38)
|
|
(This used to be commit 5c1c5622269c54dca89eb178ca25981ab7928e75)
|
|
(This used to be commit bc5f9c00be5b8c2f6d258f0c95ed3b4fc0201b87)
|
|
(This used to be commit 714b50b47dab46f5cdde49d7c200b353c2e0398a)
|
|
and samr_enum_dom_aliases commands. Unfortunately the algorithm for
determining winbind groups from normal groups is simply to check for the
presence of the lp_winbind_separator() character. )-:
(This used to be commit 363a9c45bf0a7d3266ccdf4eeb0b9f5e3d38389f)
|
|
add_a_printer() now.
- correctly unpack the private part of a devmode and remove a memleak
- correctly retrieve the pair(value,data) for getprinterdata
- handle null devicemode in printer_info_2
I still have some bugs but I'm not crashing anymore NT4SP6 d/c build :-)
J.F.
(This used to be commit 493f7d11acf753ba24c88e6cbb73d86a8595a66a)
|
|
Jeremy.
(This used to be commit 7a95c289cd0b4615d2a5aa8a148c767b57460ffa)
|
|
(This used to be commit 898a483cdab1ed7d8ff902c0dc0e0620440ae4cd)
|
|
nsswitch/wb_client.c
Merge of nsswitch/common.c rename to nsswitch/wb_common.c from TNG.
(This used to be commit f866c18f6be65db67d9d2a6c0b42e1af3b421e6c)
|
|
A user can now pause, resume or delete their own job even if they don't
have the Manage Documents privilege.
Added call to se_access_check() for changing printer properties. The Full
Access privilege is required for the user to perform this.
Several uninitialised variables and memory leaks plugged.
Modified default ACL created on new printers to be Everyone / Print instead
of Everyone / Full Access. This required some random stuffing around with
the value of the revision field to correspond with the ACL that NT produces
when setting the same permission on the printer.
Fixed dodgy function call in printing/printfsp.c
(This used to be commit 2abce4dcfa351051df6e5f789b34fa99c9b81c22)
|
|
printing/printing.c: priority needs to be 1 not zero (found by checked build).
rpc_server/srv_spoolss_nt.c: Log invalid handle access, also print out if this is a different
pid handle. This will help track down client access after a connection
is closed.
Jeremy.
(This used to be commit 4ff949228c40b6abb2008df8db985562ac2895d2)
|
|
to the printing back end functions.
(This used to be commit a2751a269e05d5e46d4b22d6082a5898cdb4526f)
|
|
setjob spoolss server commands.
(This used to be commit f35745137451f769a0723cb0665ba0b9d4801ad8)
|
|
when looking up sids from winbindd.
(This used to be commit 79fb877bf13ba462ad0a878d8975f8b5183e3ea3)
|
|
structure so authenticated pipe users can have their unix groups set when
become_authenticated_pipe_user() is called.
(This used to be commit 55c9bf124dc661df43bfe582ef14b1297aeaf0fa)
|
|
(This used to be commit d9041958558fc8e3c7b0491eb0f7e45bee9d19c5)
|
|
Jeremy, the out_max_value_len and out_max_data_len were good. Your change
is breaking NT4SP6 checked version.
J.F.
(This used to be commit 5f2be8ba7dcd1eacc169e8d1d53c309e45a5cce6)
|
|
Changed back the devicemode's devicename to "\\server\printer".
I'm 100% sure it is correct, it's what NT sends on the wire. And that's
the printer's name and NOT the port's name as it has to be unique. It must
also be a UNC because it's a remote printer (remote for the client).
J.F.
(This used to be commit a7098c47b6ecbd7bb5df1330ea176aa4d463aad3)
|
|
Jeremy.
(This used to be commit fb6b5a964512dec37f85f8de39c0c06f702aabbd)
|
|
experimentation with what is making spoolss.exe crash - may be removed
later.
Jeremy.
(This used to be commit f3fe384dc39ce49c639a7adf35179a50cb86abf0)
|
|
security descriptors is disabled (as it is in this code).
If get/set sd's is enabled spooler.exe crashes on NT.
I'll investigate and fix that issue next.
Jeremy.
(This used to be commit 8c9ed874363e6a710bc0fe521bb8c4f7ee219587)
|
|
Jeremy.
(This used to be commit 3c7fdaa576c09dab2e4de78ed353b1fa1d65a40d)
|
|
rpc_parse/parse_spoolss.c: Added note about prs_align when marshalling a SEC_DESC...
rpc_server/srv_lsa.c: Tim - your changes broke the display of the 'everyone' group
when doing file access with no winbindd running. This is a partial
fix - more when I have analysed this more.
rpc_server/srv_spoolss_nt.c: Fix for the 'change driver' problem ! Hurrah !
Jeremy.
(This used to be commit 151b131ee01ef916c072bcdaa9943a2e984a0f45)
|
|
(This used to be commit 211391d88e10d94edcc81b83fefcadb4a905ea56)
|
|
(This used to be commit a75e738211e744adb966bcbc24371554c9642220)
|
|
this stuff doesn't need to be done as root anyway.
(This used to be commit c3cad0ff6482784f95fd54ba51ee5be2354bb95d)
|
|
plan' :-)
Gerald & I discussed with HP. More changes to follow.
Jeremy.
(This used to be commit 193a248beda99103c73a0b0ea5e2fbcbb516ce8e)
|
|
Removed unistr_to_ascii() as it was never used.
printing/nt_printing.c: Removed "DUMMY.XX" files.
rpc_server/srv_spoolss_nt.c: Use dos_PutUniCode() instead of ascii_to_unistr().
Attempted to fix the "return value" size code based on J.F's
comments. This needs looking at.
Jeremy.
(This used to be commit de99011bf3b2a23bd1854a047382a107aaeb9c68)
|
|
memory fixes.
Jeremy.
(This used to be commit 2a9e645cbddef1cddc5c978310b7efed492758d2)
|
|
(This used to be commit 66372765e7c3f85240d54894547a150351426d5f)
|
|
through to the individual pipe api calls. Instead of passing two
prs_struct pointers, we now pass the pipes_struct pointer which contains
the former information as well as other useful stuff like the vuid.
Pass the vuid from the pipes_struct down to the lower level spoolss
functions to perform security checks.
ZERO_STRUCTP the info_2 structure before filling it. Free the device mode
field before freeing the info_2 to avoid a memory leak. Fixed
uninitialised pointer bug in fill_job_info_2().
(This used to be commit a9547b7e3a068941cda5619f05a64e798584535a)
|
|
through to the individual pipe api calls. Instead of passing two
prs_struct pointers, we now pass the pipes_struct pointer which contains
the former information as well as other useful stuff like the vuid.
Pass the vuid from the pipes_struct down to the lower level spoolss
functions to perform security checks.
(This used to be commit f6436aacd631abeda60b87d671993f9e426cc684)
|
|
through to the individual pipe api calls. Instead of passing two
prs_struct pointers, we now pass the pipes_struct pointer which contains
the former information as well as other useful stuff like the vuid.
Removed dependency on extern current_user and fetch the vuid from the
pipes_struct.
(This used to be commit 1b06451fff11f54be7def4a427a1528bbb52f3d7)
|
|
through to the individual pipe api calls. Instead of passing two
prs_struct pointers, we now pass the pipes_struct pointer which contains
the former information as well as other useful stuff like the vuid.
(This used to be commit 96addba216bad2189120d78f5531d5caa6f37880)
|
|
(This used to be commit 6faa963b232b4c4d883c1b346c73b2f2b6da6370)
|
|
not authoritative for using winbindd.
(This used to be commit a39cdffb141a8e4188b00dfb6eb3317f134cddda)
|