summaryrefslogtreecommitdiff
path: root/source3/smbd/service.c
AgeCommit message (Collapse)AuthorFilesLines
2002-08-26Updates!Andrew Bartlett1-1/+1
- Don't print an uninitialised buffer in service.c - Change some charcnv.c functions to take smb_ucs2_t ** instead of void ** - Update NTLMv2 code to use dynamic buffers - Update experimental SMB signing code - still more work to do - Move sys_getgrouplist() to SAFE_FREE() and do a DEBUG() on initgroups() failure. Andrew Bartlett (This used to be commit de1964f7fa855022258a84556b266100b917444b)
2002-08-20Based orginally by work by Kai, this patch moves our NT_TOKEN generation intoAndrew Bartlett1-15/+20
our authenticaion code - removing some of the duplication from the current code. This also gets us *much* closer to supporting a real SAM backend, becouse the SAM can give us the right info then. This also changes our service.c code, so that we do a VUID (rather than uid) cache on the connection struct, and do full NT ACL/NT_TOKEN checks (or cached equivilant) on every packet, for the same r or rw mode the whole share was open for. Andrew Bartlett (This used to be commit d8122cee059fc7098bfa7e42e638a9958b3ac902)
2002-08-17Add const.Andrew Bartlett1-1/+1
(This used to be commit fb28abd120310a591bdf5fa1afc5521443c3d34c)
2002-08-11Make 'remote_machine' private to lib/substitute.c, and fix all the user to useAndrew Bartlett1-6/+4
the new accessor functions. Andrew Bartlett (This used to be commit f393de2310e997d05674eb7f1268655373e03647)
2002-07-27This should fix a nastly little bug where if a user had already done oneAndrew Bartlett1-6/+10
session setup, it would not correctly pick up the [homes] share on a subsequent session setup. The new rules are: If you want to connect to [homes], then it must have been available at session setup time, or you must be in security=share. At each session setup, the user's copy of [homes] is updated to ensure it has the right path etc. Andrew Bartlett (This used to be commit 5d2c7816a3ea02a67c5b501626d91d43557e9dd9)
2002-07-24If lp_add_home() fails, don't go any further, just return -1.Andrew Bartlett1-1/+3
Andrew Bartlett (This used to be commit 2febc7ce1aa6b01ec68bd007ce0286813dff301d)
2002-07-24Give an idea what service didn't have the directory.Andrew Bartlett1-1/+1
(This used to be commit 0229f610a8cf9e82618cc6850a431ac89ffc7630)
2002-07-18Use of uninitialized variable caught by valgrind.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 44410af397c386f58067679012856150b07b47e8)
2002-07-15fixed a call to get_current_groups()Andrew Tridgell1-1/+1
(This used to be commit 61c524e8102d4f5cdcf7c949b55b5dc67a320c74)
2002-07-11last check in for tonight.Gerald Carter1-1/+1
* DeletePrinterDriverEx() now has the ability to delete driver files. I need to do some more testing tro veriofy that we are in fact not deleting a file out from under another driver, but it looks ok so far. * DeletePrinterDriver() noiw deletes all versions of the specified driver (cversion == 0, 1, 2, 3) (This used to be commit 17bb780e1327663fa2fcd6a3cb25dd461a29c537)
2002-07-04Fix from Andrew Esh for coredump...Jeremy Allison1-8/+11
Jeremy. (This used to be commit aad40894404d000b925024e2f63977f87ecb5a6b)
2002-07-04Always free_conn() after all the DEBUG()s etc.Andrew Bartlett1-3/+3
(This used to be commit 06529c0433bf75790aad27dd3cecf7005612c694)
2002-07-02Address the string_sub problem by changing len = 0 to mean "no expand".Jeremy Allison1-5/+5
Went through and checked all string_subs I could to ensure they're being used correctly. Jeremy. (This used to be commit 17cae0d683be404be69554cd0e84117bdcc56c87)
2002-06-27It's fairly obvious that no one has tried to upload a driverGerald Carter1-0/+28
to a Samba print server running HEAD in a while. This has been broken since tridge's changes to make_connection() to not do the chdir() to the connect_path. Sorry it took me so long to get around to fixing it. The problem occured with our internal use of make_connection(). jerry (This used to be commit b5bc8aa0f68ceebfb5c0ec15ff93b0172cec36d8)
2002-06-16Further updates to the service.c code. authorise_login() is now a bit simpilerAndrew Bartlett1-3/+5
and we seem to have eliminated the segfault. Unfortunetly I'm still at a bit of a loss as to why it did segfault, but the patch is correct in any case. Andrew Bartlett (This used to be commit 70c16188c7a267f9f3f8de0b6830f66c9e68a2c7)
2002-06-15Rework much of the service.c code:Andrew Bartlett1-100/+187
The aim of this execise is to give the 'security>=user' code a straight paper path. Security=share will sill call authorise_login(), but otherwise we avoid that mess. This allow *much* more accurate error code reporting, beocuse we don't start pretending that we can use the (nonexistant) password etc. Also in this patch is code to create the 'homes' share at session setup time (as we have done in the past - been broken recently) and to record this on the user's vuser struct for later reference. The changes here should also allow for much better use of %H (some more changes to come here). The service.c changes move a lot of code around, but are not as drastric as they look... (Also included is a fix to srv_srvsvc_nt.c where 'total_entries' not '*total_entries' was compared). This code is needs testing, but passes my basic tests. I expect we have lost some functionality, but the stuff I had expected to loose was already broken before I started. In particular, we don't 'fall back' to guest if the user cannot access a share (for security=user). If you want this kind of stuff then you really want security=share anyway. Andrew Bartlett (This used to be commit 4c0cbcaed95231f8cf11edb43f6adbec9a0d0b5c)
2002-06-14moved lp_list_* functions away from param/loadparm.c, put int lib/util_str.cSimo Sorce1-6/+6
and renamed to str_list_* as it is a better name. Elrond should be satisfied now :) (This used to be commit 4ae260adb9505384fcccfb4c9929cb60a45f2e84)
2002-05-18A few things in this commit:Andrew Bartlett1-7/+12
cleanup some of the code in net_rpc_join re const warnings and fstrings. Passdb: Make the %u and %U substituions in passdb work. This is done by declaring these paramters to be 'const' and doing the substitution manually. I'm told this is us going full circle, but I can't really see a better way. Finally these things actually seem to work properly... Make the lanman code use the pdb's recorded values for homedir etc rather than the values from lp_*() Add code to set the plaintext password in the passdb, where it can decide how to store/set it. For use with a future 'ldap password change' option, or somthing like that... Add pdb_unix, so as to remove the 'not in passdb' special cases from the local_lookup_*() code. Quite small, as it uses the new 'struct passwd -> SAM_ACCOUNT' code that is now in just one place. (also used by pdb_smbpasswd) Other: Fix up the adding of [homes] at session setup time to actually pass the right string, that is the unix homedir, not the UNC path. Fix up [homes] so that for winbind users is picks the correct name. (bad interactions with the default domain code previously) Change the rpc_server/srv_lsa_nt.c code to match NT when for the SATUS_NONE_MAPPED reply: This was only being triggered on no queries, now it is on the 'no mappings' (ie all mappings failed). Checked against Win2k. Policy Question: Should SID -> unix_user.234/unix_group.364 be considered a mapping or not? Currently it isn't. Andrew Bartlett (This used to be commit c28668068b5a3b3cf3c4317e5fb32ec9957f3e34)
2002-04-15make sure that we leave the tree unused after disconnectingAndrew Tridgell1-0/+4
(This used to be commit e75e4ad7d3af5beee48b3001fd904eede8df033f)
2002-04-14win2000 does not check the permissions on the share directory onAndrew Tridgell1-3/+19
tconx, so win2000 clients don't expect a permissions error in tconx. We now match this behaviour, by only checking that the directory exists during tconx and relying on the permissions on other calls to protect directories (This used to be commit 4fc476686476da31cc2b45badb05cb0765259f98)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-27Some more 'winbind default domain' support patches from Alexander BokovoyAndrew Bartlett1-6/+2
<a.bokovoy@sam-solutions.net>. This patch is designed to remove the 'special cases' required for this support. In particular this now kills off winbind_initgroups, as it appears no longer to be required. Andrew Bartlett (This used to be commit f1d8d509766e9169d39332559162cfec249bfc70)
2002-01-27Yes, dev is an 'input/output' paramater...Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 8cac618174365825e8b1824f70cb42afbce5e500)
2002-01-16Separate out get_user_home_dir() from get_user_home_service_dir().Jeremy Allison1-2/+2
Jeremy. (This used to be commit c1b97226db63daf64359e79083a4754e7c7f8054)
2002-01-16Roll back PSTRING_SANCTIFY patch; just leave non-controversial typeMartin Pool1-16/+23
and constness changes. (This used to be commit cee0ec72746122c962e6c5278a736266a7f2c424)
2002-01-14Removed MAXSTATUS which was set incorrectly - thus causing tdb traversalJeremy Allison1-10/+4
of the connections db on smbd startup. This should fix the Solaris large load bug.... (fingers crossed). Jeremy. (This used to be commit 5b2b9c25af28543e67762805d1387524cbb6c39d)
2002-01-11Make this error match Win2k.Andrew Bartlett1-1/+1
(This used to be commit 490d3aaf20f04d04c91c4748896d7a021581a229)
2001-11-03Added NT_USER_TOKEN into server_info to fix extra groups problem.Jeremy Allison1-1/+1
Got "medieval on our ass" about const warnings (as many as I could :-). Jeremy. (This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808)
2001-10-31This is a farily large patch (3300 lines) and reworks most of the AuthRewriteAndrew Bartlett1-6/+6
code. In particular this assists tpot in some of his work, becouse it provides the connection between the authenticaion and the vuid generation. Major Changes: - Fully malloc'ed structures. - Massive rework of the code so that all structures are made and destroyed using malloc and free, rather than hanging around on the stack. - SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them to be declared 'invalid' without the chance that people might get ROOT by default. - kill off some of the "DOMAIN\user" lookups. These can be readded at a more appropriate place (probably domain_client_validate.c) in the future. They don't belong in session setups. - Massive introduction of DATA_BLOB structures, particularly for passwords. - Use NTLMSSP flags to tell the backend what its getting, rather than magic lenghths. - Fix winbind back up again, but tpot is redoing this soon anyway. - Abstract much of the work in srv_netlog_nt back into auth helper functions. This is a LARGE change, and any assistance is testing it is appriciated. Domain logons are still broken (as far as I can tell) but other functionality seems intact. Needs testing with a wide variety of MS clients. Andrew Bartlett (This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
2001-10-29This commit is number 3 of 4.Andrew Bartlett1-1/+1
In particular this commit focuses on: Changing the Get_Pwnam code so that it can work in a const-enforced environment. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes allow for 'const' in the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username (This used to be commit e7634f81c5116ff4addfb7e495f54b6bb78e8f77)
2001-10-20add non_root_mode() checkAndrew Tridgell1-1/+1
(This used to be commit 96f910bae510fb45e2f1181c1e3ad607a50a64d7)
2001-10-18Merge the become_XXX -> change_to_XXX fixes from 2.2.2 to HEAD.Jeremy Allison1-28/+30
Ensure make_conection() can only be called as root. Jeremy. (This used to be commit 8d23a7441b4687458ee021bfe8880558506eddba)
2001-10-18Renamed vfs_init() to smbd_vfs_init() to allow vfs modules to compile.Tim Potter1-1/+1
(This used to be commit 7c3542ba8764be48b88255dd7f73ea6d87be10ac)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-4/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-20Rearrange the ordering of the checks in make_connection(). The new order hasAndrew Bartlett1-37/+56
some sainity, avoiding things like 'root preexec' when the connection would otherwise already be denied (max connections). This does change behaviour, but I think its for the best. Andrew Bartlett (This used to be commit 99e8a263ada41de2662a0290fda3dd9df3ac0cd4)
2001-09-19got rid of bogus write list substitution error messagesAndrew Tridgell1-15/+18
(This used to be commit 0deae6c407faa86ea871a219ad52fdd285166274)
2001-09-15Kill off the //server/share%user hack in share level security.Andrew Bartlett1-20/+13
This should help make much of this code simpiler. Andrew Bartlett (This used to be commit fb0c3629c360fd0c57129500474960e6da6f9ef0)
2001-09-15Actually fill in the status for sainity checksAndrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit d47016de52e9e5c468edf4c87dc60535a9796b99)
2001-08-27converted another bunch of stuff to NTSTATUSAndrew Tridgell1-22/+22
(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
2001-08-17OK, so not freeing these was a mistake. I'll try to be less exuberent nextAndrew Bartlett1-0/+2
time :-) (This used to be commit 8c3cf2db95a0fcf48b21274cac93f13abb42d4bf)
2001-08-17Move the claim_connection stuff till a little later in the process.Andrew Bartlett1-16/+14
(You don't have to clean up somthing you haven't done yet...) (This used to be commit ba76564c2a06bf7feefdaf9ef06cbf77c776b6e6)
2001-08-17Move admin user check into a helper function.Andrew Bartlett1-18/+35
Formatting fixes. (This used to be commit 6fd8eb08c12d0446ab639becf8825d26bce8eb8a)
2001-08-17Move read only check into a helper funcion. Ensure conn->service is setAndrew Bartlett1-40/+50
before we use it to find a share's details. (This used to be commit 7dc716f174c38e73b8e6d07130a1bc39f4499ce3)
2001-08-17smbd/auth_server: Doco, we want to use cli_nt_error here soonAndrew Bartlett1-30/+43
smbd/password.c: We don't use globals here anymore smbd/reply.c: Tidyness, global_myworkgroup must die! smbd/service.c: Move some of the make_connection code into a helper function. (This used to be commit 15c87e404fcaff9e360a40b8b673938c6e611daf)
2001-07-26better debug messages + fix typo in debug messageSimo Sorce1-2/+2
(This used to be commit b377f06fd90f607fa9e0e2e61981e835527b568c)
2001-07-25- don't try to print pointersAndrew Tridgell1-2/+2
- removed some unused mangling code (This used to be commit 36af1c0dc41f72ec6a5c671fd6b4f6eb2590b8b4)
2001-07-24Convert other parameters (read list, write list, valid users...) to the ↵Simo Sorce1-12/+17
P_LIST format. changed functions to use list instead of strings addedd lp_list_substitute function (This used to be commit 7257d07563ba21bd88733d5d2b4ec4829fab2507)
2001-07-17Tidied up calling yield_connection on connection allocation fail.Jeremy Allison1-0/+4
Restore debug message to level zero. Jeremy. (This used to be commit 0b13f495b31887d526b46a48a812fa3fd418ce8e)
2001-07-04strchr and strrchr are macros when compiling with optimisation in gcc, so we ↵Andrew Tridgell1-1/+1
can't redefine them. damn. (This used to be commit c41fc06376d1a2b83690612304e85010b5e5f3cf)
2001-07-04The big character set handling changeover!Andrew Tridgell1-3/+0
This commit gets rid of all our old codepage handling and replaces it with iconv. All internal strings in Samba are now in "unix" charset, which may be multi-byte. See internals.doc and my posting to samba-technical for a more complete explanation. (This used to be commit debb471267960e56005a741817ebd227ecfc512a)