Age | Commit message (Collapse) | Author | Files | Lines |
|
smbd/reply.c smbd/service.c: cause all "add home service" calls to go through a
winbindd aware function.
Jeremy.
(This used to be commit a72d12e992e2755e925032aef1aa99be74bf6652)
|
|
for a session when in share mode security
--jerry
(This used to be commit 22d6c2c163dd578365bff85ef95abfa59fe356ea)
|
|
smbd/vfs-wrap.c:
smbd/vfs.c: Added fchmod_acl and chmod_acl.
lib/substitute.c:
smbd/lanman.c:
smbd/open.c:
smbd/process.c:
smbd/reply.c:
smbd/service.c: Removed sessetup_user variable. Added current_user_info struct
which conatins domain info etc. Added '%D' for client domain parameter.
Jeremy.
(This used to be commit 2844ec3d511680609d6794b8718001a1bda9e89f)
|
|
smbd/reply.c:
Added fix needed for appliances. When using winbindd - a new user may
exist (from winbind) but have no home directory. Extend add user script
so it is called with a %H substitution when a user exists but their home
directory does not. Thanks to Alex Win at VA Linux for finding this one
and testing the fix.
libsmb/clidgram.c: Fixed missing return statements.
smbd/uid.c: Fixed typo in debug.
Jeremy.
(This used to be commit 7ba0a2192b89954604dd793c537b4a17c2d1ac07)
|
|
Jeremy.
(This used to be commit ebf754400f443452948020d68e29f597f1b2d60c)
|
|
winbindd.
Jeremy.
(This used to be commit 00cd72c385f1e5d075dbacf834b68769b5ac38f3)
|
|
a byte range lock (write lock only, but Win2k breaks on read lock also so I
do the same) - if you think about why, this is obvious. Also fixed our client
code to do level II oplocks, if requested, and fixed the code where we would
assume the client wanted level II if it advertised itself as being level II
capable - it may not want that.
Jeremy.
(This used to be commit 213cd0b5192307cd4b0026cae94b2f52fb1b0c02)
|
|
Jeremy.
(This used to be commit cdbd2e99775642dc2e92004be9014bf38a92d80f)
|
|
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+)
are broken, but they were somewhat broken before. :)
The following functions implement the storage manipulation interface
/*The following definitions come from passdb/pdb_smbpasswd.c */
BOOL pdb_setsampwent (BOOL update);
void pdb_endsampwent (void);
SAM_ACCOUNT* pdb_getsampwent (void);
SAM_ACCOUNT* pdb_getsampwnam (char *username);
SAM_ACCOUNT* pdb_getsampwuid (uid_t uid);
SAM_ACCOUNT* pdb_getsampwrid (uint32 rid);
BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass);
BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override);
BOOL pdb_delete_sam_account (char* username);
There is also a host of pdb_set..() and pdb_get..() functions for
manipulating SAM_ACCOUNT struct members. Note that the struct
passdb_ops {} has gone away. Also notice that struct smb_passwd
(formally in smb.h) has been moved to passdb/pdb_smbpasswd.c
and is not accessed outisde of static internal functions in this
file. All local password searches should make use of the the SAM_ACCOUNT
struct and the previously mentioned functions.
I'll write some documentation for this later. The next step is to fix
the TDB passdb backend, then work on spliting the backends out into
share libraries, and finally get the LDAP backend going.
What works and may not:
o domain logons from Win9x works
o domain logons from WinNT 4 works
o user and group enumeration
as implemented by Tim works
o file and print access works
o changing password from
Win9x & NT ummm...i'll fix this tonight :)
If I broke anything else, just yell and I'll fix it. I think it
should be fairly quite.
-- jerry
(This used to be commit 0b92d0838ebdbe24f34f17e313ecbf61a0301389)
|
|
I hope not). If you encounter strange file-serving behavior after this
patch then back it out. I analysed our stat() usage and realised we
were doing approx. 3 stat calls per open, and 2 per getattr/setattr.
This patch should fix all that. It causes the stat struct returned
from unix_convert() (which now *must* be passed a valid SMB_STRUCT_STAT
pointer) to be passed through into the open code. This should prevent
the multiple stats that were being done so as not to violate layer
encapsulation in the API's.
Herb - if you could run a NetBench test with this code and do a
padc/par syscall test and also run with the current 2.2.0 code
and test the padc/par syscalls I'd appreciate it - you should
find the number of stat calls reduced - not sure by how much.
The patch depends on unix_convert() actually finding the file
and returning a stat struct, or returning a zero'd out stat
struct if the file didn't exist. I believe we can guarentee this
to be the case - I just wasn't confident enough to make this
an assertion before.
Ok ok - I did write this whilst at the Miami conference.....
sometimes you get a little free time at these things :-).
Jeremy.
(This used to be commit 66a5c05ec46b641224fbe01b30bd7e83571a2a1b)
|
|
a sam_user_info_24 doesn't have a uint16 at end
samr_create_user also creates the unix account now
samr_set_userinfo changes the password.
J.F.
(This used to be commit 94f4024481fcd0cb6647af1bd4364033be020641)
|
|
We now use our own vfs layer to do get/set acl calls (hurrah!).
Jeremy.
(This used to be commit dfe77c7046cbd65ee52aea7439f21503c1eac41d)
|
|
a conn struct depending on the call.
We need this to have a clean NT ACL call interface.
This will break any existing VFS libraries (that's why this is pre-release
code).
Andrew gets credit for this one :-) :-).
In addition - added Herb's WITH_PROFILE changes - Herb - please examine
the changes I've made to the smbd/reply.c code you added. The original
code was very ugly and I have replaced it with a
START_PROFILE(x)/END_PROFILE(x) pair using the preprocessor.
Please check this compiles ok with the --with-profile switch.
Jeremy.
(This used to be commit b07611f8159b0b3f42e7e02611be9f4d56de96f5)
|
|
mkdir high bits patch from Robert Dahlem" <Robert.Dahlem@gmx.net>.
jeremy.
(This used to be commit b40191d27180ab1e59935086073c4d312552f717)
|
|
(This used to be commit 0e0f3dc577ceab540be6505a86697b14a2136b9f)
|
|
through the VFS. All file access/directory access code in smbd should now
go via the vfs. Added vfs_chown/vfs_chmod calls. Still looking at vfs_get_nt_acl()
vfs_set_nt_acl() call API design.
Jeremy.
(This used to be commit f96625ec124adb6e110dc54632e006b3620a962b)
|
|
scan - then call this from renames. This allows instantaneous update for
W2k renames.
Jeremy.
(This used to be commit 07dffc4ee931cbc61197e2da277df9c404a77469)
|
|
reply_sesssetup_and_X(). The getpwnam() wrapper handles the case
munging operations later.
this fixes a problem with mixed case usernames.
(This used to be commit 2ebfdd21b3123d7daefeeed4dae6e8bc3a7a7653)
|
|
Jeremy.
(This used to be commit 38fc56c8434c427335cf264c4b27420c5ad47566)
|
|
smbd/reply.c: Fixed lowercasing UNIX character set problem.
Jeremy.
(This used to be commit 2b6e3ed7a6447d40d9dd7e9b5c286b1aabe4730d)
|
|
NT_STATUS_XXX).
Removed IS_BITS_xxx macros as they were just reproducing "C" syntax in a more
obscure way.
Jeremy.
(This used to be commit c55bcec817f47d6162466b193d533c877194124a)
|
|
Jeremy.
(This used to be commit 0bd88d304cd773e0bbf3e6f7fedcb3b544d41cbe)
|
|
- changed the default forms flag to 2
- all short architecture name are uppercased
- get_short_archi() is now case unsensitive
- the drivers TDB is indexed by archi/version/name
- implemented code to move drivers from the upload area to the download
area. Someone else need to look at that code.
- don't return anymore a default driver if it doesn't exist in the TDB.
Instead return an error.
- cleaned prs_unistr.
- #ifdef out jeremy's new SD parsing in printer_info_2
- removed the unused MANGLE_CODE
- #ifdef out the security checking in update_printer() as it doesn't work
for me.
Zap your ntdrivers.tdb, it won't work anymore.
J.F.
(This used to be commit ac0a145acc0953a6f362497abbf4dfe70aa522a6)
|
|
place to do this, not in smbd/passwd.c
Please don't change this without asking first, I have run this past
Andrew so talk to him (I'm on vacation next week).
I also removed the g_newXXX macros. There are essentially a private C extension,
not used anywhere else in the code, and add no functionality over malloc(XX)
and make the code harder to understand (everyone knows what malloc does).
Jeremy.
(This used to be commit e1b1b6fb6794ba02e1fea510a981fa0ce0d12b58)
|
|
not just undercut work in progress, thank you.
(This used to be commit 86d440a88c948727bfcfedc694c52c58f9687d8b)
|
|
there (yet)
as there is no infrastructure for it. Replaced it with a dynamic array
of group SIDs plus a user.
passdb/passdb.c: Added setup_user_sids() function. This is where the lookup should be done,
eventually calling winbind.
smbd/password.c: Changed to call setup_user_sids(). Removed spurious DEBUG(0) statements.
smbd/reply.c: Removed extra parameter to register_vuid().
Jeremy.
(This used to be commit 425f4ad9a5e0e7d49620276100ade7a0cae47011)
|
|
register_vuid fills it with constructed info.
(This used to be commit b1889e4334012b1b2caa604b859da4271509fc87)
|
|
trans2 open calls as we don't have the pipe open response coded up yet.
Jeremy.
(This used to be commit 8142e27c9c32aba5a7dabc48a676b93cf680151b)
|
|
Return correct error codes on invalid share name.
Jeremy.
(This used to be commit 420d6bc4809cef9d74354175d0fa956ab4e8ac3c)
|
|
rpc_server/srv_pipe.c: Use accessor functions rather than diddling with structure
internals directly.
smbd/process.c:
smbd/reply.c: Remove READ_PREDICTION #ifdefs.
Jeremy.
(This used to be commit eba825ff030a175bd271caa6f543379dfdbbd646)
|
|
(This used to be commit 6cbb826b154e61085fd651116caf472d4d438c1d)
|
|
(This used to be commit acf9286e82b851e25ee863f673bff713a38002e7)
|
|
- finished ntdom -> winbind rename in head
(This used to be commit ada483cb56453afc6df4ec4be18bfe5e943c7150)
|
|
this adds "#define OLD_NTDOMAIN 1" in lots of places. Don't panic -
this isn't permanent, it should go after another few merge steps have
been done
(This used to be commit 92109d7b3c06f240452d39f669ecb8c9c86ab610)
|
|
was done. Samba was doing fsync's (bleagh).
Jeremy.
(This used to be commit f9a52cadbf11f7afcef754a59d783964a2edb5bc)
|
|
- don't call add/del user if the scripts are empty
(This used to be commit 43860215d4d16cb1bacdc77f1c46c54e4c54abd7)
|
|
it
(This used to be commit 88ad00b82acc4636ab57dfe710af08ea85b82ff1)
|
|
we needed to accept usernames of the form DOMAIN/user, which means we
needed to pass the domain to a getpwnam() like routine in certain
critical spots.
What I'd rather do is get rid of "char *user" everywhere and use the
new userdom_struct, but that will have to wait a few days.
(This used to be commit 8b7a10febead8be182e7d5b1d68259e31530b69c)
|
|
(This used to be commit 0bab0300748a22b4b861fa443be2014bcd7b348c)
|
|
(This used to be commit 4a15924ffe36ed37ec193a0ef5a0487238edc311)
|
|
turns out to be essential for a correct implementation (there ins't
enough room to store all possible masks in the status return
structure!)
(This used to be commit 38f5e133670ada6e5799a16cf1a0e2e3ee1d9afd)
|
|
call to ms_fnmatch(). This also removes all the Win9X semantics stuff
and a bunch of other associated cruft.
- moved the stat cache code into statcache.c
- fixed the uint16 alignment requirements of ascii_to_unistr() and
unistr_to_ascii()
- trans2 SMB_FIND_FILE_BOTH_DIRECTORY_INFO returns the short name as
unicode always (at least thats what NT4 does)
- fixed some errors in the in-memory tdb code. Still ugly, but doesn't
crash as much
(This used to be commit 03e9cea004bbba72161a5323cf3b4556c94aed8e)
|
|
Jeremy.
(This used to be commit 9cde198108439358e99128fa9a1b3000e33f5414)
|
|
Jeremy.
(This used to be commit 4a4b7a994bbe327216f736133edc51cf9a351716)
|
|
(This used to be commit d7cd7c88fdabb01d9e40ae8a657737907a21ac37)
|
|
fsp->open is no longer needed (if an fsp pointer is valid, then it's open :-).
NB for Luke, this patch also did not apply to TNG. TNG is not yet
identical w.r.t file serving with HEAD. This makes it impossible for
me to help maintain TNG. Please fix asap.
lib/substitute.c: Removed unused variable (pidstr).
Jeremy.
(This used to be commit 389b700a26e8a308a0dff6fc038c38068aa0119a)
|
|
(This used to be commit 1106fa7f24d229c3877263b7a7dde359556435e6)
|
|
new open mechanism Andrew & I discussed.
config.sub:
configure: Included the QNX patch.
include/vfs.h:
smbd/vfs-wrap.c:
smbd/vfs.c: Added ftruncate vfs call (needed).
Note that we will also need locking calls in the vfs (to be added).
lib/util_unistr.c:
nmbd/nmbd_processlogon.c: Fix for NT domain logons causing nmbd to core dump.
Also fix for sidsize DOS bug.
locking/locking.c: Check value of ret before using it for memdup.
printing/printing.c: Convert print_fsp_open to return an allocated fsp.
rpc_server/srv_lsa.c: Fix for NT domain logons.
I have removed all use of lp_share_modes() from the code (although I
left the parameter in the table for backwards compatibility). It no longer makes
sense for this to exist.
smbd/close.c: Removed lp_share_modes().
smbd/fileio.c: Fixed parameters to unlock_share_entry call in panic code.
smbd/files.c: Correctly set the unix_ERR_code to ERRnofids on fsp allocation fail.
smbd/nttrans.c:
smbd/reply.c:
smbd/trans2.c: Changed all occurrences of open_file_shared/open_directory/
open_file_stat to return an fsp from the call.
smbd/open.c: Changed all occurrences of open_file_shared/open_directory/
open_file_stat to return an fsp from the call.
In addition I have fixed a long standing race condition in the deny mode
processing w.r.t. two smbd's creating a file. Andrew, please note that
your original idea of using open with O_EXCL in this case would not work
(I went over the races very carefully) and so we must re-check deny modes
*after* the open() call returns. This is because there is a race between
the open with O_EXCL and the lock of the share mode entry. Imagine the
case where the first smbd does the open with O_EXCL and a deny mode of DENY_ALL,
but is pre-empted before it locks the share modes and creates the deny
mode entry for DENY_ALL. A second smbd could then come in with O_RDONLY
and a deny mode of DENY_NONE and the two opens would be allowed.
The *only* way to fix this race is to lock the share modes after the
open and then do the deny mode checks *after* this lock in the case
where the file did not originally exist.
This code will need extensive testing but seems to initially work.
Jeremy.
(This used to be commit ab0ecc39d688f16b9692fe90b991f0b89287070a)
|
|
------------
The following series of commits are for the new tdb based printing
backend. This completely replaces our old printing backend.
Major changes include:
- all print ops are now done in printing/*.c rather than scattered all
over the place
- system job ids are decoupled from SMB job ids
- the lpq parsers don't need to be nearly so smart, they only need to
parse the filename, the status and system job id
- we can store lots more info about a job, including the full job name
- the queue cache control is much better
I also added a new utility routine file_lines_load() that loads a text
file and parses it into lines. This is used in out lpq parsing and I
also want to use it to replace all of our fgets() based code in other
places.
(This used to be commit d870542c2884510bd45fd5b54ff2157434d53f4c)
|
|
to either 63 or 31 bit POSIX ranges. Code to get these locks
not yet added.
Jeremy.
(This used to be commit 9c3b9146a3baff4b2e403ae8fac6c48df1b7e642)
|