summaryrefslogtreecommitdiff
path: root/source3/smbd/service.c
AgeCommit message (Collapse)AuthorFilesLines
2001-01-04Changes from APPLIANCE_HEAD:David O'Neill1-1/+1
source/Makefile.in - changes to ctags and etags rules that somehow got lost along the way. source/include/proto.h - make proto source/smbd/sec_ctx.c source/smbd/password.c - merge debugs for debugging user groups and NT token stuff. source/lib/util_str.c - capitalise domain name returned from parse_domain_user() source/nsswitch/wb_client.c - fix broken conditional in debug statement. source/include/rpc_secdes.h source/include/rpc_spoolss.h source/printing/nt_printing.c source/lib/util_seaccess.c - fix printer permission bugs related to ACE masks for printers. This adds mapping of generic access rights to object specific rights for NT printers. Still need to work out whether or not to ignore ACEs with certain flags set, though. See comments in util_seaccess.c:check_ace() for details. source/printing/nt_printing.c source/printing/printing.c - use PRINTER_ACCESS_ADMINISTER instead of JOB_ACCESS_ADMINISTER until we sort out printer/printjob permission stuff. (This used to be commit 1dba9c5cd1e6389734c648f6903abcb7c8d5b2f0)
2000-12-12Compile fix for new arg to create_nt_token()Tim Potter1-1/+3
(This used to be commit 806185ca8cc8d28f16745a1db9427f52eb8d22e4)
2000-11-17we don't need the separate lp_status() connection records any moreAndrew Tridgell1-12/+0
(This used to be commit 209e20365e562371aafafea301b4ffecc3d4c3ed)
2000-11-17fixed the problem with messages not getting throughAndrew Tridgell1-33/+27
the problem had nothing to do with being your own pid, it was instead a problem with IPC$ connections not being registered in the connections database and an incorrect test for -1 in the messaging code. These changes also mean that IPC$ shares now show up in smbstatus. That is probably a good thing. (This used to be commit 3575ad10985a18f897e38179ca69fa9a49a7ea02)
2000-11-06Added a VFS version return to init call. Allows smbd to fail an init ifJeremy Allison1-0/+2
versions don't match. Jeremy. (This used to be commit d0fbb4f5d999abade8930cc6fff231a2af6cccfb)
2000-10-13Fix to allow smbd to call winbindd if it is running for all group enumeration,Jeremy Allison1-10/+6
falling back to the UNIX calls on error. This should fix all problems with smbd enumerating all users in all groups in all trusted domains via winbindd. Also changed GETDC to query 1C name rather than 1b name as only the PDC registers 1b. Jeremy. (This used to be commit 5b0038a2afd8abbd6fd4a58f5477a40d1926d498)
2000-10-11Don't initialise groups twice.Tim Potter1-1/+0
(This used to be commit 15d7f16bdc2ff4f2ae82871eb9f318ba45cf4d1c)
2000-10-06Restructuring of vfs layer to include a "this" pointer - can be an fsp orJeremy Allison1-42/+2
a conn struct depending on the call. We need this to have a clean NT ACL call interface. This will break any existing VFS libraries (that's why this is pre-release code). Andrew gets credit for this one :-) :-). In addition - added Herb's WITH_PROFILE changes - Herb - please examine the changes I've made to the smbd/reply.c code you added. The original code was very ugly and I have replaced it with a START_PROFILE(x)/END_PROFILE(x) pair using the preprocessor. Please check this compiles ok with the --with-profile switch. Jeremy. (This used to be commit b07611f8159b0b3f42e7e02611be9f4d56de96f5)
2000-09-27Restructuring of the code to remove dos_ChDir/dos_GetWd and re-vector themJeremy Allison1-5/+5
through the VFS. All file access/directory access code in smbd should now go via the vfs. Added vfs_chown/vfs_chmod calls. Still looking at vfs_get_nt_acl() vfs_set_nt_acl() call API design. Jeremy. (This used to be commit f96625ec124adb6e110dc54632e006b3620a962b)
2000-08-31fixed "admin users" option with new security codeAndrew Tridgell1-0/+5
(This used to be commit b69c5de6bad9fad3aed1280e7d12fbfed276a16f)
2000-08-28Merge from appliance branch.Tim Potter1-0/+1
(This used to be commit 567b0095b1b8393b3b1e32533aa2860ab3dbfa47)
2000-08-03Added an NT_USER_TOKEN structure that is copied/passed around associatedJeremy Allison1-65/+73
with the current user. This will allow se_access_check() to quickly do a SD check without having to translate uid/gid's to SIDs. Still needs work on pipe calls. Jeremy. (This used to be commit e28d01b744b3dbd33e0e54af4e7f426fa8c082b8)
2000-08-02Started to canonicalize our handling of uid -> sid code in order toJeremy Allison1-2/+2
get ready and fix se_access_check(). Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid() functions that look via winbind first the fall back on local lookup. All Samba should use these rather than trying to call winbindd code directly. Added NT_USER_TOKEN struct in user_struct, contains list of NT sids associated with this user. se_access_check() should use this (cached) value rather than attempting to do the same thing itself when given a uid/gid pair. More work needs to be done to preserve these things accross security context changes (especially with the tricky pipe problem) but I'm beginning to see how this will be done..... probably by registering a new vuid for an authenticated RPC pipe and not treating the pipe calls specially. More thoughts needed - but we're almost there... Jeremy. (This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8)
2000-07-25Fix for mounting a printer as a share. Not that there's anythingTim Potter1-0/+5
specifically wrong with this, but Samba is fooled by the client into thinking the printer is a file share. Files copied to the share gather dust in the spool directory and aren't printed. This patch has the effect of not allowing printers to be mounted as file shares. Not sure whether this is the correct solution or not. {Jeremy,JF,Tridge} please check! (This used to be commit dcf3249bb9fef2a05b376e9c8c1a0a7d602d8a2e)
2000-05-23Fixed bug where file access was allowed on IPC$ share.Jeremy Allison1-2/+2
Return correct error codes on invalid share name. Jeremy. (This used to be commit 420d6bc4809cef9d74354175d0fa956ab4e8ac3c)
2000-05-12added spool_io_printer_driver_info_level_6()Andrew Tridgell1-1/+1
thsi function and the associated header structure were autogenerated using a little awk based code geerator I wroe ths evening. I'll commit that next ... (This used to be commit 974813f0d4afb6c14ed27c48ab24b19932557f9f)
2000-05-10- changed smb_getpwnam() to use winbind style usernamesAndrew Tridgell1-1/+1
- finished ntdom -> winbind rename in head (This used to be commit ada483cb56453afc6df4ec4be18bfe5e943c7150)
2000-05-10more merging voodooAndrew Tridgell1-0/+4
this adds "#define OLD_NTDOMAIN 1" in lots of places. Don't panic - this isn't permanent, it should go after another few merge steps have been done (This used to be commit 92109d7b3c06f240452d39f669ecb8c9c86ab610)
2000-05-04a minimal change to get appliance mode to work with winbinddAndrew Tridgell1-2/+2
we needed to accept usernames of the form DOMAIN/user, which means we needed to pass the domain to a getpwnam() like routine in certain critical spots. What I'd rather do is get rid of "char *user" everywhere and use the new userdom_struct, but that will have to wait a few days. (This used to be commit 8b7a10febead8be182e7d5b1d68259e31530b69c)
2000-05-02Added sys_fork() and sys_getpid() functions to stop the overheadJeremy Allison1-1/+1
of doing a system call every time we want to just get our pid. Jeremy. (This used to be commit 148628b616b5c29ba6340d65fc3ddbcabba6e67a)
2000-04-28Moved deletion of vfs handle into smbd/conn.c as it was being done tooJeremy Allison1-16/+0
soon in smbd/service.c (file operations were being done after the handle was closed). It looks cleaner in smbd/conn.c as it is part of the closing of a conn struct anyway. Jeremy. (This used to be commit 858eb53dc510d1b27c4f91045fa932a3ef546754)
2000-04-22don't copy a null groups listAndrew Tridgell1-2/+6
(This used to be commit d0fc1675df35e65488a19d7f5929792fba347b07)
2000-04-19- got rid of the "passive" optionAndrew Tridgell1-5/+5
- cleaned up the standard_sub_*() calls a lot (This used to be commit 2c2d95d77d3667eaa9252506a82b9054b0d0e01c)
2000-04-11finally got sick of the "extern int Client" code and the stupidAndrew Tridgell1-5/+3
assumption that we have one socket everywhere while doing so I discovered a few bugs! 1) the clientgen session retarget code if used from smbd or nmbd would cause a crash as it called close_sockets() which closed our main socket! fixed by removing close_sockets() completely - it is unnecessary 2) the caching in client_addr() and client_name() was bogus - it could easily get fooled and give the wrong result. fixed. 3) the retarget could could recurse, allowing an easy denial of service attack on nmbd. fixed. (This used to be commit 5937ab14d222696e40a3fc6f0e6a536f2d7305d3)
2000-02-03Mega-VFS merge. Yeah baby!Tim Potter1-1/+91
Synopsis: change every disk access function to work through a vfs_ops structure contained in the connection_struct. (This used to be commit 3aad500c0fb61232ed3431ff4b743b5d18ec852f)
1999-12-21first cut at using the tdb code for the connections structure, theAndrew Tridgell1-4/+4
SWAT status page and smbstatus. It made the code _much_ simpler, I wish we'd done a database module a long time ago! (This used to be commit 4951755413c11d4c5b9af4699a6e622056d52433)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-144/+118
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-12changed function name of get_home_dir() to get_unixhome_dir(), to stopLuke Leighton1-2/+2
clash with gnu readline library. fixed issue with [homes] service not being there - call lp_add_home() just before starting the msrpc processing. (This used to be commit 054195df9b6187c663ede5cf4489499abbdc29fc)
1999-07-22Copy service name into vfs_connection_struct.Tim Potter1-0/+2
(This used to be commit 19242cd44e059d90e91f1c27bfb45899ce5de26a)
1999-06-29improving authentication code (tidyup).Luke Leighton1-2/+2
(This used to be commit ab1a6aa42db5217f025941fb5107436556bc23b7)
1999-06-13Moved code that changes the pw_passwd entry (i.e shadow password andTim Potter1-1/+1
weird unixware stuff) into _Get_Pwnam() to fix a memory allocation bug. Note that the Get_Pwnam() function now returns a const struct passwd * as a hint to other developers not to change entries in the struct passwd. (This used to be commit 36d7cb4ccc42268e8e6a7b783c945d1853624958)
1999-04-20Changed the way a VFS is initialised. The vfs_init() function isTim Potter1-4/+51
executed from the VFS object file and it returns a pointer to a vfs_ops structure. If any of the function pointers in vfs_ops are NULL, then they are replaced with the standard disk functions. This should allow disk-related VFS modules to be easily added. I've written an auditing VFS module which logs various calls (connect, disconnect, mkdir, rmdir, open and a few others) to syslog in a couple of pages of code. Thanks to tridge for various useful suggestions. (This used to be commit 346c78d7078d87bc95abc274f2bc66476aeee54c)
1999-04-05Disable VFS routines if no libdl available.Tim Potter1-0/+7
(This used to be commit cbfd8a8990b4d06d0c866274e7d28e4a5e384686)
1999-04-04Call VFS initialisation, share connect and share disconnect functions.Tim Potter1-1/+35
Initialise VFS function pointers with symbols from the 'vfs object' file, use disk pointers otherwise. Added a hook to check for a 'default' VFS share (like the [homes] section). Currently empty - I'm unsure whether this will be useful or not. (This used to be commit 15805164fe77b127372eba1ec51c70758467adee)
1998-12-14trying to track down issues in get_home_dir().Luke Leighton1-2/+4
(This used to be commit 2cce78aa00f31b79d51aaf46da72019b926e8226)
1998-11-29don't allow ".." in service name when doing "default service"Andrew Tridgell1-1/+3
processing. (This used to be commit 702263bba555a1d7c7999d40e5789b7e920dbce4)
1998-11-25Makefile.in: Added maintainer mode fixes.Jeremy Allison1-5/+5
aclocal.m4: Added AC_LIBTESTFUNC. configure.in: Fixed -lsecurity -lsec problems. client.c: dos_ fixes. groupdb/aliasunix.c: Dead code removal. include/includes.h: Added default PRINTCAP_NAME. lib/genrand.c: dos_ fixes. lib/replace.c: Added strtoul. lib/system.c: dos_ fixes. lib/util.c: dos_ fixes. lib/util_sid.c: Signed/unsigned fixes. lib/util_str.c: removed bad const. locking/locking_slow.c: dos_ fixes. printing/printing.c: dos_ fixes. rpc_server/srv_samr.c: Dead code removal. rpc_server/srv_sid.c: global_myworkgroup defined with wrong size AGAIN ! smbd/dir.c: dos_ fixes. smbd/open.c: dos_ fixes. smbd/oplock.c: dos_ fixes. smbd/reply.c smbd/server.c smbd/service.c smbd/uid.c: dos_ fixes. Jeremy. (This used to be commit 6acb4b68f68d516e2ac3c47e500f5600d653435e)
1998-11-17- group database API. oops and oh dear, the threat has been carried out:Luke Leighton1-1/+1
the pre-alpha "domain group" etc parameters have disappeared. - interactive debug detection - re-added mem_man (andrew's memory management, detects memory corruption) - american spellings of "initialise" replaced with english spelling of "initialise". - started on "lookup_name()" and "lookup_sid()" functions. proper ones. - moved lots of functions around. created some modules of commonly used code. e.g the password file locking code, which is used in groupfile.c and aliasfile.c and smbpass.c - moved RID_TYPE_MASK up another bit. this is really unfortunate, but there is no other "fast" way to identify users from groups from aliases. i do not believe that this code saves us anything (the multipliers) and puts us at a disadvantage (reduces the useable rid space). the designers of NT aren't silly: if they can get away with a user- interface-speed LsaLookupNames / LsaLookupSids, then so can we. i spoke with isaac at the cifs conference, the only time for example that they do a security context check is on file create. certainly not on individual file reads / writes, which would drastically hit their performance and ours, too. - renamed myworkgroup to global_sam_name, amongst other things, when used in the rpc code. there is also a global_member_name, as we are always responsible for a SAM database, the scope of which is limited by the role of the machine (e.g if a member of a workgroup, your SAM is for _local_ logins only, and its name is the name of your server. you even still have a SID. see LsaQueryInfoPolicy, levels 3 and 5). - updated functionality of groupname.c to be able to cope with names like DOMAIN\group and SERVER\alias. used this code to be able to do aliases as well as groups. this code may actually be better off being used in username mapping, too. - created a connect to serverlist function in clientgen.c and used it in password.c - initialisation in server.c depends on the role of the server. well, it does now. - rpctorture. smbtorture. EXERCISE EXTREME CAUTION. (This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
1998-09-29Got very strict about the differences and uses ofJeremy Allison1-1/+1
uid_t, gid_t and vuid. Added sys_getgroups() to get around the int * return problem. Set correct datatypes for all uid, gid and vuid variables. Jeremy. (This used to be commit e570db46fc3a78e499523fd342e9a34cebb18998)
1998-08-17this completes the splitup of server.c.Andrew Tridgell1-0/+542
the splitup was done with an axe, not a scalpel, so there are some rough edges. I mostly wanted to get the general form right with fine tuning of what goes where to come later. Still, this is better than what we had before where server.c was a general repository for anything that didn't fit elsewhere. (This used to be commit a6d194886a4a5f7507fa37289ff96c1be56f14a6)