Age | Commit message (Collapse) | Author | Files | Lines |
|
In particular this commit focuses on:
Changing the Get_Pwnam code so that it can work in a const-enforced
environment.
While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
----
These changes allow for 'const' in the Samba tree.
There are a number of good reasons to do this:
- I want to allow the SAM_ACCOUNT structure to move from wasteful
pstrings and fstrings to allocated strings. We can't do that if
people are modifying these outputs, as they may well make
assumptions about getting pstrings and fstrings
- I want --with-pam_smbpass to compile with a slightly sane
volume of warnings, currently its pretty bad, even in 2.2
where is compiles at all.
- Tridge assures me that he no longer opposes 'const religion'
based on the ability to #define const the problem away.
- Changed Get_Pwnam(x,y) into two variants (so that the const
parameter can work correctly): - Get_Pwnam(const x) and
Get_Pwnam_Modify(x).
- Reworked smbd/chgpasswd.c to work with these mods, passing
around a 'struct passwd' rather than the modified username
(This used to be commit e7634f81c5116ff4addfb7e495f54b6bb78e8f77)
|
|
(This used to be commit 96f910bae510fb45e2f1181c1e3ad607a50a64d7)
|
|
Ensure make_conection() can only be called as root.
Jeremy.
(This used to be commit 8d23a7441b4687458ee021bfe8880558506eddba)
|
|
(This used to be commit 7c3542ba8764be48b88255dd7f73ea6d87be10ac)
|
|
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
|
|
some sainity, avoiding things like 'root preexec' when the connection would
otherwise already be denied (max connections).
This does change behaviour, but I think its for the best.
Andrew Bartlett
(This used to be commit 99e8a263ada41de2662a0290fda3dd9df3ac0cd4)
|
|
(This used to be commit 0deae6c407faa86ea871a219ad52fdd285166274)
|
|
This should help make much of this code simpiler.
Andrew Bartlett
(This used to be commit fb0c3629c360fd0c57129500474960e6da6f9ef0)
|
|
Andrew Bartlett
(This used to be commit d47016de52e9e5c468edf4c87dc60535a9796b99)
|
|
(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
|
|
time :-)
(This used to be commit 8c3cf2db95a0fcf48b21274cac93f13abb42d4bf)
|
|
(You don't have to clean up somthing you haven't done yet...)
(This used to be commit ba76564c2a06bf7feefdaf9ef06cbf77c776b6e6)
|
|
Formatting fixes.
(This used to be commit 6fd8eb08c12d0446ab639becf8825d26bce8eb8a)
|
|
before we use it to find a share's details.
(This used to be commit 7dc716f174c38e73b8e6d07130a1bc39f4499ce3)
|
|
smbd/password.c: We don't use globals here anymore
smbd/reply.c: Tidyness, global_myworkgroup must die!
smbd/service.c: Move some of the make_connection code into a helper
function.
(This used to be commit 15c87e404fcaff9e360a40b8b673938c6e611daf)
|
|
(This used to be commit b377f06fd90f607fa9e0e2e61981e835527b568c)
|
|
- removed some unused mangling code
(This used to be commit 36af1c0dc41f72ec6a5c671fd6b4f6eb2590b8b4)
|
|
P_LIST format.
changed functions to use list instead of strings
addedd lp_list_substitute function
(This used to be commit 7257d07563ba21bd88733d5d2b4ec4829fab2507)
|
|
Restore debug message to level zero.
Jeremy.
(This used to be commit 0b13f495b31887d526b46a48a812fa3fd418ce8e)
|
|
can't redefine them. damn.
(This used to be commit c41fc06376d1a2b83690612304e85010b5e5f3cf)
|
|
This commit gets rid of all our old codepage handling and replaces it with
iconv. All internal strings in Samba are now in "unix" charset, which may
be multi-byte. See internals.doc and my posting to samba-technical for
a more complete explanation.
(This used to be commit debb471267960e56005a741817ebd227ecfc512a)
|
|
Added vfs calls to symlink() and readlink() with appropriate configure
checks.
Jeremy.
(This used to be commit c24e6b41ea60ab4bac2fcd19da947851d6df3c7c)
|
|
(to allow unmount)
(This used to be commit 15b17a80db605a55f667c95fb7e316877a441887)
|
|
debug 0 warning.
Jeremy.
(This used to be commit be7e1d0f2c078bd07c7087e1e36636dcd6d0a5d8)
|
|
Jeremy.
(This used to be commit fc76681812b1469208ad6c8847afdfc68bc6db49)
|
|
be read.
Jeremy.
(This used to be commit e7d59d6de89a5fdd201e4b5c6072dab08b1519db)
|
|
Jeremy.
(This used to be commit 20b13bafdff2fd7be9219ed164e7fe91b597298d)
|
|
Jeremy.
(This used to be commit 036b1a8b09fe6a7cca83d631624145574acad7f2)
|
|
Jeremy.
(This used to be commit f50ea32dd0deb07c626c211caedd86dc1ccd5427)
|
|
connection fail.
Jeremy.
(This used to be commit 07cee46d1de1caaf6f9f1b6139dd21bcc5d67e8e)
|
|
to do RPC calls down this treeid.
Jeremy.
(This used to be commit 83133bab0ed59e303a183fd91812165f08e88484)
|
|
RPC code to merge with new passdb code.
Currently rpcclient doesn't compile. I'm working on it...
Jeremy.
(This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
|
|
smbd/reply.c smbd/service.c: cause all "add home service" calls to go through a
winbindd aware function.
Jeremy.
(This used to be commit a72d12e992e2755e925032aef1aa99be74bf6652)
|
|
for a session when in share mode security
--jerry
(This used to be commit 22d6c2c163dd578365bff85ef95abfa59fe356ea)
|
|
smbd/vfs-wrap.c:
smbd/vfs.c: Added fchmod_acl and chmod_acl.
lib/substitute.c:
smbd/lanman.c:
smbd/open.c:
smbd/process.c:
smbd/reply.c:
smbd/service.c: Removed sessetup_user variable. Added current_user_info struct
which conatins domain info etc. Added '%D' for client domain parameter.
Jeremy.
(This used to be commit 2844ec3d511680609d6794b8718001a1bda9e89f)
|
|
source/rpc_server/srv_spoolss_nt.c
- Unrolled construct_notify_jobs_info() loop to only fetch
printer info_2 structure once rather than num_print_jobs times.
- convert command to unix codepage.
- remove lp_remove_service() call as it prevents lp_killservice()
from working.
- Modified some DEBUG and DEBUGADD statements.
source/param/loadparm.c
source/param/params.c
- change printer, preload, auto services to FLAG_DOS_STRING,
reverted earlier changes to szPrintername et al, add comments.
source/printing/load.c
- fix bug with lp_auto_services() and strtok()
source/printing/nt_printing.c
source/printing/printing.c
- remove redundant test that used SERVICE(snum)
source/printing/pcap.c
- add unix_to_dos() calls, add notes wrt FIXMEs for
xxx_printer_fn() functions.
source/web/swat.c
- added FIXME comment.
source/smbd/service.c
- added comment re: dos codepage
(This used to be commit 7b774b72c2857af9519012106714a9e2cb099da3)
|
|
source/Makefile.in
- changes to ctags and etags rules that somehow got lost along the way.
source/include/proto.h
- make proto
source/smbd/sec_ctx.c
source/smbd/password.c
- merge debugs for debugging user groups and NT token stuff.
source/lib/util_str.c
- capitalise domain name returned from parse_domain_user()
source/nsswitch/wb_client.c
- fix broken conditional in debug statement.
source/include/rpc_secdes.h
source/include/rpc_spoolss.h
source/printing/nt_printing.c
source/lib/util_seaccess.c
- fix printer permission bugs related to ACE masks for printers.
This adds mapping of generic access rights to object specific
rights for NT printers. Still need to work out whether or not to
ignore ACEs with certain flags set, though. See comments in
util_seaccess.c:check_ace() for details.
source/printing/nt_printing.c
source/printing/printing.c
- use PRINTER_ACCESS_ADMINISTER instead of JOB_ACCESS_ADMINISTER
until we sort out printer/printjob permission stuff.
(This used to be commit 1dba9c5cd1e6389734c648f6903abcb7c8d5b2f0)
|
|
(This used to be commit 806185ca8cc8d28f16745a1db9427f52eb8d22e4)
|
|
(This used to be commit 209e20365e562371aafafea301b4ffecc3d4c3ed)
|
|
the problem had nothing to do with being your own pid, it was instead
a problem with IPC$ connections not being registered in the
connections database and an incorrect test for -1 in the messaging
code.
These changes also mean that IPC$ shares now show up in
smbstatus. That is probably a good thing.
(This used to be commit 3575ad10985a18f897e38179ca69fa9a49a7ea02)
|
|
versions don't match.
Jeremy.
(This used to be commit d0fbb4f5d999abade8930cc6fff231a2af6cccfb)
|
|
falling back to the UNIX calls on error. This should fix all problems with
smbd enumerating all users in all groups in all trusted domains via winbindd.
Also changed GETDC to query 1C name rather than 1b name as only the PDC
registers 1b.
Jeremy.
(This used to be commit 5b0038a2afd8abbd6fd4a58f5477a40d1926d498)
|
|
(This used to be commit 15d7f16bdc2ff4f2ae82871eb9f318ba45cf4d1c)
|
|
a conn struct depending on the call.
We need this to have a clean NT ACL call interface.
This will break any existing VFS libraries (that's why this is pre-release
code).
Andrew gets credit for this one :-) :-).
In addition - added Herb's WITH_PROFILE changes - Herb - please examine
the changes I've made to the smbd/reply.c code you added. The original
code was very ugly and I have replaced it with a
START_PROFILE(x)/END_PROFILE(x) pair using the preprocessor.
Please check this compiles ok with the --with-profile switch.
Jeremy.
(This used to be commit b07611f8159b0b3f42e7e02611be9f4d56de96f5)
|
|
through the VFS. All file access/directory access code in smbd should now
go via the vfs. Added vfs_chown/vfs_chmod calls. Still looking at vfs_get_nt_acl()
vfs_set_nt_acl() call API design.
Jeremy.
(This used to be commit f96625ec124adb6e110dc54632e006b3620a962b)
|
|
(This used to be commit b69c5de6bad9fad3aed1280e7d12fbfed276a16f)
|
|
(This used to be commit 567b0095b1b8393b3b1e32533aa2860ab3dbfa47)
|
|
with the current user. This will allow se_access_check() to quickly do
a SD check without having to translate uid/gid's to SIDs.
Still needs work on pipe calls.
Jeremy.
(This used to be commit e28d01b744b3dbd33e0e54af4e7f426fa8c082b8)
|
|
get ready and fix se_access_check().
Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid()
functions that look via winbind first the fall back on local lookup.
All Samba should use these rather than trying to call winbindd code
directly.
Added NT_USER_TOKEN struct in user_struct, contains list of NT sids
associated with this user.
se_access_check() should use this (cached) value rather than attempting
to do the same thing itself when given a uid/gid pair.
More work needs to be done to preserve these things accross security
context changes (especially with the tricky pipe problem) but I'm
beginning to see how this will be done..... probably by registering
a new vuid for an authenticated RPC pipe and not treating the
pipe calls specially.
More thoughts needed - but we're almost there...
Jeremy.
(This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8)
|
|
specifically wrong with this, but Samba is fooled by the client into
thinking the printer is a file share. Files copied to the share gather
dust in the spool directory and aren't printed.
This patch has the effect of not allowing printers to be mounted as file
shares. Not sure whether this is the correct solution or not.
{Jeremy,JF,Tridge} please check!
(This used to be commit dcf3249bb9fef2a05b376e9c8c1a0a7d602d8a2e)
|