summaryrefslogtreecommitdiff
path: root/source3/smbd/service.c
AgeCommit message (Collapse)AuthorFilesLines
2004-03-01Ok here it is my latest work on privilegesSimo Sorce1-0/+4
This patch add privilege support for samba Currently it is implemented only for tdbsam backend but estending it to other sam backends is straightforward. I must make a big thank to JFM for his teachings on the matter and the functions at the base of this work. At thye moment only samr_create_user honours SeAddUsersPrivilege and SeMachineAccountPrivilege to permit any user to add machines and/or users to the server. The command "net priv" has been provided to manipulate the privileges database. There are still many things to do (like support in "net rpc vampire") but the working core is here. Feel free to comment/extend on this work. Of course I will deny that any bug may affect this code :-) Simo. This patch adds also my patch about add share command enhancements. (This used to be commit 7a78c3605e203bd8e0d7ae244605f076a5d0b0bc)
2004-02-13Fixup the 'multiple-vuids' bugs.Jeremy Allison1-81/+3
Jeremy. (This used to be commit a7d4a6d1167f7657113148cdf68ea3c491b51b14)
2003-10-03cleaning out patch list; patch from Steve L. to change the cwd before the ↵Gerald Carter1-3/+3
postexec script (This used to be commit bbc403ec6ee119f1bbb636deb40563dfdf258a74)
2003-09-29Merge from 3.0:Tim Potter1-6/+13
>Ensure %S gets expanded in read/write lists. >Jeremy. (This used to be commit 424acd6ee92c46c565886c3305c3492737538d3d)
2003-09-24* sync more files from 3.0Gerald Carter1-1/+3
* set version string to "CVS 3.1.0alpha1" (This used to be commit c6a61ffcbd0c95afd94bd33fd832b24bc8209de5)
2003-09-09sync 3.0 into HEAD for the last timeGerald Carter1-2/+7
(This used to be commit c17a7dc9a190156a069da3e861c18fd3f81224ad)
2003-08-02port latest changes from SAMBA_3_0 treeSimo Sorce1-1/+1
(This used to be commit 3101c236b8241dc0183995ffceed551876427de4)
2003-07-16trying to get HEAD building again. If you want the codeGerald Carter1-18/+13
prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE (This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
2003-05-14spellingTim Potter1-1/+1
(This used to be commit 249a6974702d050644d6d61f33f0034ce2a689ee)
2003-04-21Use fstrcpy/pstrcpy when that's what we really mean...Andrew Bartlett1-3/+4
Andrew Bartlett (This used to be commit e8aa615591dc44de4de85322d455a47b3122b9eb)
2003-04-11cleanup lanman printing= for win98; device type is LPT1:; patch by Steve L.Gerald Carter1-3/+3
(This used to be commit beedde03fcdd37b567661d96d97efaac640601bd)
2003-04-09Fix from Steve Langasek <vorlon@netexpress.net> for non-RPC printing.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 186d53cbc1642ee5dd1daf0277dc08de621eede2)
2003-03-30This changes our handling of invalid service types that theVolker Lendecke1-7/+12
client requested on tconx. We now return the same error code like NT4SP6 and W2kSP3 return. TCONDEV is a little test for this. Volker (This used to be commit 6ab88f31d6773f16baff8421ec9e530461cc8f93)
2003-03-18Ensure dev in make_connection is const.Jeremy Allison1-3/+9
Jeremy. (This used to be commit e8155fade61e9dc308a82f442453803160c36806)
2003-03-16Missed one when I move 'share_sanity_checks' to use an fstring for 'dev'.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit a0208a4f74f9c61eb1e346d9cb62dbe00ef4c24a)
2003-03-16Make sure we mark the assumption of a fstring parameter for 'devicetype'Andrew Bartlett1-6/+6
in the function prototype, and change callers to respect this. Andrew Bartlett (This used to be commit 9f3d3c380120f16d76d68f346799282d61eec892)
2003-02-19Fix logfile formatting, we were missing a "\n"Andrew Bartlett1-2/+2
(This used to be commit 53b8f8a44141a9f6d36ed1b237ff65c67119edd0)
2003-02-17This patch fixes one of my longest-standing pet hates with Samba :-).Andrew Bartlett1-9/+9
When we look see if a user is in a list, and we try to 'expand' an @group, we should lookup the user's own list of groups, rather than looking for all the members of a group. I'm sure this will fix some nasty performance issues, particularly on large domains etc. In particular, this avoids contacting winbind at all, if the group is not a winbind group. (This caused a deadlock on my winbind-on-PDC setup). The groups list always includes the user's primary group, as per the getgrouplist manpage, and my recent changes to our implementation. Andrew Bartlett (This used to be commit 9be21976f7662ebe6eb92fff7cecbdb352eca334)
2003-01-12Oops, this is the change to use an fstring for the incoming service buffer -Andrew Bartlett1-3/+3
the commit to reply.c just matches a pstrcpy for the pstring. (harmless, fixes it for the automated test). Andrew Bartlett (This used to be commit ef9c7586ac152304cacaf2c16115adc2bccefc22)
2003-01-06Fix a segfault when we don't correctly load a VFS module (don't keep it inAndrew Bartlett1-3/+3
the loaded list on error). Also change some of the error returns, becouse NT_STATUS_UNSUCCESSFUL gives a most useless error message on the client. As for which error, my logic is that a share without a valid VFS module is not a valid share, and therefore should return the same error as a non-existant share. Andrew Bartlett (This used to be commit 41178afdbd2b3de94cf272ce32764a1947e73ea8)
2002-12-29Add msdfs proxy functionality to HEAD.Shirish Kalele1-0/+7
(This used to be commit 9df93b1ffc9ce98302540cc3d2cbd66787abc4fd)
2002-11-19a better for for using %U in smb.confAndrew Tridgell1-3/+0
this follows the method used for remote_machine and also fixes the problem of anonymous connections clobbering the string (This used to be commit 9ead4fc3c3f8b83f03c762a4dab77a64aabccbf9)
2002-11-18the change in the way %U is handled to use current_user has brokenAndrew Tridgell1-0/+3
some basic usages like 'include = smb.conf.%U' This changes fixes things again, by checking for reload after we setup current_user in tconx. (This used to be commit d664e6b4d20d545b31910666d9cea7384fd40a73)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-2/+2
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit 82b8f749a36b42e22186297482aad2abb04fab8a)
2002-09-04Add bcast_msg_flags to connection struct. Allows sender to filter whenJeremy Allison1-1/+1
sending broadcast messages. Also initial cut-down of printing notify messages (not yet finished). Jeremy. (This used to be commit aca333719695b278843c59e1c6eb07d6655fd59c)
2002-08-26Updates!Andrew Bartlett1-1/+1
- Don't print an uninitialised buffer in service.c - Change some charcnv.c functions to take smb_ucs2_t ** instead of void ** - Update NTLMv2 code to use dynamic buffers - Update experimental SMB signing code - still more work to do - Move sys_getgrouplist() to SAFE_FREE() and do a DEBUG() on initgroups() failure. Andrew Bartlett (This used to be commit de1964f7fa855022258a84556b266100b917444b)
2002-08-20Based orginally by work by Kai, this patch moves our NT_TOKEN generation intoAndrew Bartlett1-15/+20
our authenticaion code - removing some of the duplication from the current code. This also gets us *much* closer to supporting a real SAM backend, becouse the SAM can give us the right info then. This also changes our service.c code, so that we do a VUID (rather than uid) cache on the connection struct, and do full NT ACL/NT_TOKEN checks (or cached equivilant) on every packet, for the same r or rw mode the whole share was open for. Andrew Bartlett (This used to be commit d8122cee059fc7098bfa7e42e638a9958b3ac902)
2002-08-17Add const.Andrew Bartlett1-1/+1
(This used to be commit fb28abd120310a591bdf5fa1afc5521443c3d34c)
2002-08-11Make 'remote_machine' private to lib/substitute.c, and fix all the user to useAndrew Bartlett1-6/+4
the new accessor functions. Andrew Bartlett (This used to be commit f393de2310e997d05674eb7f1268655373e03647)
2002-07-27This should fix a nastly little bug where if a user had already done oneAndrew Bartlett1-6/+10
session setup, it would not correctly pick up the [homes] share on a subsequent session setup. The new rules are: If you want to connect to [homes], then it must have been available at session setup time, or you must be in security=share. At each session setup, the user's copy of [homes] is updated to ensure it has the right path etc. Andrew Bartlett (This used to be commit 5d2c7816a3ea02a67c5b501626d91d43557e9dd9)
2002-07-24If lp_add_home() fails, don't go any further, just return -1.Andrew Bartlett1-1/+3
Andrew Bartlett (This used to be commit 2febc7ce1aa6b01ec68bd007ce0286813dff301d)
2002-07-24Give an idea what service didn't have the directory.Andrew Bartlett1-1/+1
(This used to be commit 0229f610a8cf9e82618cc6850a431ac89ffc7630)
2002-07-18Use of uninitialized variable caught by valgrind.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 44410af397c386f58067679012856150b07b47e8)
2002-07-15fixed a call to get_current_groups()Andrew Tridgell1-1/+1
(This used to be commit 61c524e8102d4f5cdcf7c949b55b5dc67a320c74)
2002-07-11last check in for tonight.Gerald Carter1-1/+1
* DeletePrinterDriverEx() now has the ability to delete driver files. I need to do some more testing tro veriofy that we are in fact not deleting a file out from under another driver, but it looks ok so far. * DeletePrinterDriver() noiw deletes all versions of the specified driver (cversion == 0, 1, 2, 3) (This used to be commit 17bb780e1327663fa2fcd6a3cb25dd461a29c537)
2002-07-04Fix from Andrew Esh for coredump...Jeremy Allison1-8/+11
Jeremy. (This used to be commit aad40894404d000b925024e2f63977f87ecb5a6b)
2002-07-04Always free_conn() after all the DEBUG()s etc.Andrew Bartlett1-3/+3
(This used to be commit 06529c0433bf75790aad27dd3cecf7005612c694)
2002-07-02Address the string_sub problem by changing len = 0 to mean "no expand".Jeremy Allison1-5/+5
Went through and checked all string_subs I could to ensure they're being used correctly. Jeremy. (This used to be commit 17cae0d683be404be69554cd0e84117bdcc56c87)
2002-06-27It's fairly obvious that no one has tried to upload a driverGerald Carter1-0/+28
to a Samba print server running HEAD in a while. This has been broken since tridge's changes to make_connection() to not do the chdir() to the connect_path. Sorry it took me so long to get around to fixing it. The problem occured with our internal use of make_connection(). jerry (This used to be commit b5bc8aa0f68ceebfb5c0ec15ff93b0172cec36d8)
2002-06-16Further updates to the service.c code. authorise_login() is now a bit simpilerAndrew Bartlett1-3/+5
and we seem to have eliminated the segfault. Unfortunetly I'm still at a bit of a loss as to why it did segfault, but the patch is correct in any case. Andrew Bartlett (This used to be commit 70c16188c7a267f9f3f8de0b6830f66c9e68a2c7)
2002-06-15Rework much of the service.c code:Andrew Bartlett1-100/+187
The aim of this execise is to give the 'security>=user' code a straight paper path. Security=share will sill call authorise_login(), but otherwise we avoid that mess. This allow *much* more accurate error code reporting, beocuse we don't start pretending that we can use the (nonexistant) password etc. Also in this patch is code to create the 'homes' share at session setup time (as we have done in the past - been broken recently) and to record this on the user's vuser struct for later reference. The changes here should also allow for much better use of %H (some more changes to come here). The service.c changes move a lot of code around, but are not as drastric as they look... (Also included is a fix to srv_srvsvc_nt.c where 'total_entries' not '*total_entries' was compared). This code is needs testing, but passes my basic tests. I expect we have lost some functionality, but the stuff I had expected to loose was already broken before I started. In particular, we don't 'fall back' to guest if the user cannot access a share (for security=user). If you want this kind of stuff then you really want security=share anyway. Andrew Bartlett (This used to be commit 4c0cbcaed95231f8cf11edb43f6adbec9a0d0b5c)
2002-06-14moved lp_list_* functions away from param/loadparm.c, put int lib/util_str.cSimo Sorce1-6/+6
and renamed to str_list_* as it is a better name. Elrond should be satisfied now :) (This used to be commit 4ae260adb9505384fcccfb4c9929cb60a45f2e84)
2002-05-18A few things in this commit:Andrew Bartlett1-7/+12
cleanup some of the code in net_rpc_join re const warnings and fstrings. Passdb: Make the %u and %U substituions in passdb work. This is done by declaring these paramters to be 'const' and doing the substitution manually. I'm told this is us going full circle, but I can't really see a better way. Finally these things actually seem to work properly... Make the lanman code use the pdb's recorded values for homedir etc rather than the values from lp_*() Add code to set the plaintext password in the passdb, where it can decide how to store/set it. For use with a future 'ldap password change' option, or somthing like that... Add pdb_unix, so as to remove the 'not in passdb' special cases from the local_lookup_*() code. Quite small, as it uses the new 'struct passwd -> SAM_ACCOUNT' code that is now in just one place. (also used by pdb_smbpasswd) Other: Fix up the adding of [homes] at session setup time to actually pass the right string, that is the unix homedir, not the UNC path. Fix up [homes] so that for winbind users is picks the correct name. (bad interactions with the default domain code previously) Change the rpc_server/srv_lsa_nt.c code to match NT when for the SATUS_NONE_MAPPED reply: This was only being triggered on no queries, now it is on the 'no mappings' (ie all mappings failed). Checked against Win2k. Policy Question: Should SID -> unix_user.234/unix_group.364 be considered a mapping or not? Currently it isn't. Andrew Bartlett (This used to be commit c28668068b5a3b3cf3c4317e5fb32ec9957f3e34)
2002-04-15make sure that we leave the tree unused after disconnectingAndrew Tridgell1-0/+4
(This used to be commit e75e4ad7d3af5beee48b3001fd904eede8df033f)
2002-04-14win2000 does not check the permissions on the share directory onAndrew Tridgell1-3/+19
tconx, so win2000 clients don't expect a permissions error in tconx. We now match this behaviour, by only checking that the directory exists during tconx and relying on the permissions on other calls to protect directories (This used to be commit 4fc476686476da31cc2b45badb05cb0765259f98)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-27Some more 'winbind default domain' support patches from Alexander BokovoyAndrew Bartlett1-6/+2
<a.bokovoy@sam-solutions.net>. This patch is designed to remove the 'special cases' required for this support. In particular this now kills off winbind_initgroups, as it appears no longer to be required. Andrew Bartlett (This used to be commit f1d8d509766e9169d39332559162cfec249bfc70)
2002-01-27Yes, dev is an 'input/output' paramater...Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 8cac618174365825e8b1824f70cb42afbce5e500)
2002-01-16Separate out get_user_home_dir() from get_user_home_service_dir().Jeremy Allison1-2/+2
Jeremy. (This used to be commit c1b97226db63daf64359e79083a4754e7c7f8054)
2002-01-16Roll back PSTRING_SANCTIFY patch; just leave non-controversial typeMartin Pool1-16/+23
and constness changes. (This used to be commit cee0ec72746122c962e6c5278a736266a7f2c424)