summaryrefslogtreecommitdiff
path: root/source3/smbd/service.c
AgeCommit message (Collapse)AuthorFilesLines
2011-07-20s3-auth Remove seperate guest booleanAndrew Bartlett1-3/+7
Instead, we base our guest calculations on the presence or absense of the authenticated users group in the token, ensuring that we have only one canonical source of this important piece of authorization data Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use the common auth_session_infoAndrew Bartlett1-5/+5
This patch finally has the same structure being used to describe the authorization data of a user across the whole codebase. This will allow of our session handling to be accomplished with common code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth use auth_user_info not netr_SamInfo3 in auth3_session_infoAndrew Bartlett1-6/+6
This makes auth3_session_info identical to auth_session_info The logic to convert the info3 to a struct auth_user_info is essentially moved up the stack from the named pipe proxy in source3/rpc_server to create_local_token(). Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use guest boolean in auth_user_info_unixAndrew Bartlett1-2/+2
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use struct auth_user_info_unix for unix_name and sanitized_usernameAndrew Bartlett1-16/+16
This is closer to the layout of struct auth_session_info in auth.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use *unix_token rather than utok in struct auth3_session_infoAndrew Bartlett1-7/+7
This brings this structure one step closer to the struct auth_session_info. A few SMB_ASSERT calls are added in some key places to ensure that this pointer is initialised, to make tracing any bugs here easier in future. NOTE: Many of the users of this structure should be reviewed, as unix and NT access checks are mixed in a way that should just be done using the NT ACL. This patch has not changed this behaviour however. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use struct auth3_session_info outside the auth subsystemAndrew Bartlett1-7/+7
This seperation between the structure used inside the auth modules and in the wider codebase allows for a gradual migration from struct auth_serversupplied_info -> struct auth_session_info (from auth.idl) The idea here is that we keep a clear seperation between the structure before and after the local groups, local user lookup and the session key modifications have been processed, as the lack of this seperation has caused issues in the past. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-05s3: Calculate&store the maximum share access maskVolker Lendecke1-22/+15
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-07-05s3: Return "granted" from share_access_checkVolker Lendecke1-6/+7
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-07-04s3-smbd: Replace client_id in smbd service.Andreas Schneider1-6/+21
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-06-29param: Merge param headers into lib/param/loadparm.hAndrew Bartlett1-0/+1
This defines a common table format, so we can in future define a common table. Andrew Bartlett
2011-05-31s3-globals Remove smbd_event_context() (use server_event_context())Andrew Bartlett1-1/+1
This has been a wrapper around server_event_context() for some time now, and removing this from dummmysmbd.c assists with library dependencies. Andrew Bartlett
2011-05-31s3-param split service.c into param and smbd componentsAndrew Bartlett1-226/+0
The dependency chain of find_service can't be satisfied sensibly outside smbd, so don't include this in the main 'param' subsystem. Also remove the duplicate find_service() and conn_snum_used() from dummysmbd.c: The WAF build does not need these dummies any more, but file. Andrew Bartlett
2011-04-29s3-tsocket: only include ../lib/tsocket/tsocket.h where needed.Günther Deschner1-0/+1
Guenther
2011-04-05s3-auth use create_local_token() to transform server_info -> session_infoAndrew Bartlett1-3/+3
Before a auth_serversupplied_info struct can be used for authorization, the local groups and privileges must be calculated. create_local_token() now copies the server_info, and then sets the calulated token and unix groups. Soon, it will also transform the result into an expanded struct auth_session_info. Until then, the variable name (server_info vs session_info provides a clue to the developer about what information has been entered in the structure). By moving the calls to create_local_token within the codebase, we remove duplication, and ensure that the session key (where modified) is consistently copied into the new structure. Andrew Bartlett
2011-03-30s3-auth: smbd needs auth.hGünther Deschner1-0/+1
Guenther
2011-03-30s3: include smbd/smbd.h where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-passdb: use passdb headers where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-includes: only include system/filesys.h when needed.Günther Deschner1-0/+1
Guenther
2011-03-04s3-printing: follow force user/group for driver IODavid Disseldorp1-56/+71
Configuring force user/group settings for the print$ share currently has unexpected results, this is explained by how the driver upload/add process takes place. Consider the following example: [print$] path = /print-drv write list = $DRIVER_UPLOAD_USER force group = ntadmin - the client connects to the [print$] share and uploads all driver files to the /print-drv/W32X86 directory. - This is permitted, as /print-drv/W32X86 is owned by group ntadmin, and the "force group = ntadmin" takes effect for the [print$] session. - Once all files are uploaded, the client connects to the [ipc$] share and issues an AddPrinterDriverEx spoolss request. - In handling this request move_driver_to_download_area() is called, which attempts to create the directory /print-drv/W32X86/3 - The create directory fails, as it is done as the user connected to the [ipc$] share which does not have permission to write to the driver directory. The [print$] "force group = ntadmin" has no effect. This is a regression from previous behaviour prior to the commit: 783ab04 Convert move_driver_to_download_area to use create_conn_struct. https://bugzilla.samba.org/show_bug.cgi?id=7921 Signed-off-by: Andreas Schneider <asn@samba.org>
2011-02-22s3-printing: fix pcacp prototypes and includes.Günther Deschner1-0/+1
Guenther
2011-02-22s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_infoAndrew Bartlett1-40/+40
These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-10s3-auth Rename cryptic 'ptok' to security_tokenAndrew Bartlett1-4/+4
This will allow the auth_serversupplied_info struct to be migrated to auth_session_info easier. Adnrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-11-20Move the uglyness of #ifdef REALPATH_TAKES_NULL into the vfs_defaultJeremy Allison1-10/+1
module, change the signature of VFS_REALPATH to always return a malloc'ed string. Needed to make some privileges work I plan on doing shortly easier to code. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Nov 20 02:15:50 CET 2010 on sn-devel-104
2010-11-10Fix bug 7781 - Samba transforms ShareName to lowercase (sharename) when ↵Jeremy Allison1-36/+74
adding new share via MMC Change the find_service() interface to not depend on fstring, and create a useable talloc-based interface. Jeremy.
2010-11-10Remove fstring from map_username. Create a more sane interface than the ↵Jeremy Allison1-6/+13
called-parameter-is-modified. Jeremy.
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-0/+1
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-08-31s3-auth Rename NT_USER_TOKEN user_sids -> sidsAndrew Bartlett1-1/+1
This is closer to the struct security_token from security.idl
2010-08-22s3: Replace calls to check_access by allow_accessVolker Lendecke1-4/+5
We already have both the name and address of the client stored now
2010-08-18s3: Remove an unused variableVolker Lendecke1-1/+0
2010-08-18s3: Remove unneeded "client_address" from connection_structVolker Lendecke1-12/+2
2010-08-16s3: Remove smbd_server_fd() from make_connectionVolker Lendecke1-2/+2
2010-08-16s3: Remove smbd_server_fd() from share_sanity_checksVolker Lendecke1-3/+4
2010-08-16s3: Remove smbd_server_fd() from make_connection_snumVolker Lendecke1-4/+11
2010-08-16s3: Remove get_client_fd()Volker Lendecke1-2/+2
2010-08-06s3-netlogon: remove global include of netlogon.h.Günther Deschner1-0/+1
This reduces precompiled headers by another 4 MB and also slightly speeds up the build. Guenther
2010-07-05s3: Remove smbd_messaging_context() from make_connection_snum()Volker Lendecke1-1/+1
2010-07-05s3: Remove procid_self() from make_connection_snum()Volker Lendecke1-1/+2
2010-07-04s3: Remove unused msg_flags from connections.tdbVolker Lendecke1-1/+1
This breaks rolling code upgrade!
2010-06-12s3: Remove smbd_server_conn from make_connection_snumVolker Lendecke1-1/+1
2010-06-12s3: Fix some nonempty linesVolker Lendecke1-8/+7
2010-05-31s3:smbd map_username() doesn't need sconn anymoreSimo Sorce1-3/+2
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-05-28s3:auth use info3 in auth_serversupplied_infoSimo Sorce1-6/+6
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett1-2/+2
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-20Fix bug #7410 - samba sends "raw" inode number as uniqueid with unix ↵Jeremy Allison1-0/+1
extensions. Move to a consistent get_FileIndex() function for all inode returns, that checks if st_dev on the file is identical to the top directory dev_t of the exported share, and if so uses the raw 64-bit inode number. If it isn't (we've traversed a mount point) - return what we used to do for Windows which is the concatination of the bottom 32-bits of the inode with the 32-bit device number. We can get more creative with this over time (hashing?) if we want as now all inode returns go through this single function. Jeremy.
2010-03-25Fix bug 7297 - smbd crashes with CUPS printers and no [printers] share defined.Jeremy Allison1-1/+1
Ensure we don't dereference an array with an index of -1. Jeremy.
2010-03-15Remove the bool admin_user from conn struct. We no longer look at this to ↵Jeremy Allison1-1/+0
make access decisions. Jeremy.
2010-02-23s3: Consolidate server_id_self into the equivalent procid_self()Volker Lendecke1-1/+1
2010-02-17Fix bug #6557 - Do not work VFS full_auditJeremy Allison1-51/+34
Re-arrange the operations order so SMB_VFS_CONNECT is done first as root (to allow modules to correctly initialize themselves). Reviewed modules to check if they needed CONNECT invoked as a user (which we previously did) and it turns out any of them that cared needed root permissions anyway. Jeremy.
2010-02-13s3: Fix a C++ warningVolker Lendecke1-1/+1