summaryrefslogtreecommitdiff
path: root/source3/smbd
AgeCommit message (Collapse)AuthorFilesLines
2000-08-04Fixed up the user/group contexts when using authenticated pipes.Jeremy Allison2-5/+7
Added a become_root()/unbecome_root() (push/pop security context) around the initgroups() call to ensure it would succeed. Hmmm - I wonder if this call being done as non-root might explain any "group access" bugs we've had in the past.... Jeremy. (This used to be commit 06a65972e872f37d88b84f22ea714feebd38f6c0)
2000-08-03Added an NT_USER_TOKEN structure that is copied/passed around associatedJeremy Allison5-97/+179
with the current user. This will allow se_access_check() to quickly do a SD check without having to translate uid/gid's to SIDs. Still needs work on pipe calls. Jeremy. (This used to be commit e28d01b744b3dbd33e0e54af4e7f426fa8c082b8)
2000-08-02Started to canonicalize our handling of uid -> sid code in order toJeremy Allison6-94/+91
get ready and fix se_access_check(). Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid() functions that look via winbind first the fall back on local lookup. All Samba should use these rather than trying to call winbindd code directly. Added NT_USER_TOKEN struct in user_struct, contains list of NT sids associated with this user. se_access_check() should use this (cached) value rather than attempting to do the same thing itself when given a uid/gid pair. More work needs to be done to preserve these things accross security context changes (especially with the tricky pipe problem) but I'm beginning to see how this will be done..... probably by registering a new vuid for an authenticated RPC pipe and not treating the pipe calls specially. More thoughts needed - but we're almost there... Jeremy. (This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8)
2000-08-01Tidyup removing many of the 0xC0000000 | NT_STATUS_XXX stuff (only need ↵Jeremy Allison3-36/+25
NT_STATUS_XXX). Removed IS_BITS_xxx macros as they were just reproducing "C" syntax in a more obscure way. Jeremy. (This used to be commit c55bcec817f47d6162466b193d533c877194124a)
2000-08-01Added print job substitutions for %{printername}, %{sharename} and %{portname}Jeremy Allison1-16/+14
from the NT printer tdb. Also added checks for time restrictions before allowing a job to print. Jeremy. (This used to be commit 8cfb55e81abebf0354e6d470ed68bbac1d6560ad)
2000-07-31Added John Reilly's enumports/addprinter/delprinter scripting code plus theJeremy Allison1-49/+43
fix for the Win9x printer drivers. Changed command names to add "command" string on the end for some consistancy with the other scripting commands. Added '%P' option to tdbpack/unpack to store long comment string. Made port name be "Samba Printer Port" if no enum port script given. Fixed prs_uint32_pre code to cope with null args. Jeremy. (This used to be commit 902ada63799cf27924c72e24e7593a8c9fb5eba9)
2000-07-27Ok - this is a *BIG* change - but it fixes the problems with static stringsJeremy Allison2-2/+21
in the RPC code. This change was prompted by trying to save a long (>256) character comment in the printer properties page. The new system associates a TALLOC_CTX with the pipe struct, and frees the pool on return of a complete PDU. A global TALLOC_CTX is used for the odd buffer allocated in the BUFFERxx code, and is freed in the main loop. This code works with insure, and seems to be free of memory leaks and crashes (so far) but there are probably the occasional problem with code that uses UNISTRxx structs on the stack and expects them to contain storage without doing a init_unistrXX(). This means that rpcclient will probably be horribly broken. A TALLOC_CTX also needed associating with the struct cli_state also, to make the prs_xx code there work. The main interface change is the addition of a TALLOC_CTX to the prs_init calls - used for dynamic allocation in the prs_XXX calls. Now this is in place it should make dynamic allocation of all RPC memory on unmarshall *much* easier to fix. Jeremy. (This used to be commit 0ff2ce543ee54f7364e6d839db6d06e7ef1edcf4)
2000-07-25Fixed up error checking and move printer file code. Fixed a memory leak.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 5130dd0f8b80aed5fb3c0df290b627057cc9b825)
2000-07-25Added some error checking and returns to the new 'move' code.Jeremy Allison1-0/+2
Jeremy. (This used to be commit 0bd88d304cd773e0bbf3e6f7fedcb3b544d41cbe)
2000-07-25A rather big change set ! (listed in no particular order)Jean-François Micouleau1-8/+20
- changed the default forms flag to 2 - all short architecture name are uppercased - get_short_archi() is now case unsensitive - the drivers TDB is indexed by archi/version/name - implemented code to move drivers from the upload area to the download area. Someone else need to look at that code. - don't return anymore a default driver if it doesn't exist in the TDB. Instead return an error. - cleaned prs_unistr. - #ifdef out jeremy's new SD parsing in printer_info_2 - removed the unused MANGLE_CODE - #ifdef out the security checking in update_printer() as it doesn't work for me. Zap your ntdrivers.tdb, it won't work anymore. J.F. (This used to be commit ac0a145acc0953a6f362497abbf4dfe70aa522a6)
2000-07-25Fix for mounting a printer as a share. Not that there's anythingTim Potter1-0/+5
specifically wrong with this, but Samba is fooled by the client into thinking the printer is a file share. Files copied to the share gather dust in the spool directory and aren't printed. This patch has the effect of not allowing printers to be mounted as file shares. Not sure whether this is the correct solution or not. {Jeremy,JF,Tridge} please check! (This used to be commit dcf3249bb9fef2a05b376e9c8c1a0a7d602d8a2e)
2000-07-24Run main server loop with sys_select() instead of sys_select_intr(). TheTim Potter1-2/+13
main daemon was not catching sighup and reloading the service file. (This used to be commit f026a897e9296a71fb5c4d5f6e1b4d3287689bde)
2000-07-19Modified the patch to look in the tdb *first* - thus allowing legacy textJeremy Allison1-75/+91
filed to be ignored when an upload is done. Modified to code to goto err on problems, simplifies it. Jeremy. (This used to be commit 9157a6ab2646c035a731d53aa3be010488ccf51a)
2000-07-19Code from John Reilly <jreilly@hp.com> to add tdb lookups into the Win95Jeremy Allison1-7/+44
printer driver download if looking for the default driver files fail. Jeremy. (This used to be commit 1192d867c4e863471f9bc12afceb68a23ba2142e)
2000-07-10Fixes for various compile warnings on Solaris 8.Tim Potter1-1/+3
(This used to be commit 898a483cdab1ed7d8ff902c0dc0e0620440ae4cd)
2000-07-10Re-instated lanman printing security checks (oops).Tim Potter1-3/+7
A user can now pause, resume or delete their own job even if they don't have the Manage Documents privilege. Added call to se_access_check() for changing printer properties. The Full Access privilege is required for the user to perform this. Several uninitialised variables and memory leaks plugged. Modified default ACL created on new printers to be Everyone / Print instead of Everyone / Full Access. This required some random stuffing around with the value of the revision field to correspond with the ACL that NT produces when setting the same permission on the printer. Fixed dodgy function call in printing/printfsp.c (This used to be commit 2abce4dcfa351051df6e5f789b34fa99c9b81c22)
2000-07-10Spelling fixes.Tim Potter1-3/+3
(This used to be commit c1d242f1dd5b6addbe5d2df22e4759f6682fd9ef)
2000-07-06Don't check NT permissions when printing from lanman.Tim Potter1-6/+6
(This used to be commit e84607eedf3be454f8f709c70cafc5ded4ea951d)
2000-07-06Moved authenticated pipe user details into a current_user struct.Tim Potter1-1/+1
(This used to be commit 3c4a5f624bfa69eb81d998530d9227e158edd109)
2000-07-03Some more sec_ctx changes. Modified some fields in the pipe_structTim Potter1-1/+2
structure so authenticated pipe users can have their unix groups set when become_authenticated_pipe_user() is called. (This used to be commit 55c9bf124dc661df43bfe582ef14b1297aeaf0fa)
2000-06-23Fix a malloc of zero problem.Jeremy Allison1-38/+49
Jeremy. (This used to be commit 2aa21db960666736331b18956422b7c13aad0f0f)
2000-06-23lib/util_unistr.c: Off-by-one fix for dos_PutUniStr from John Reilly ↵Jeremy Allison1-1/+5
jreilly@hp.com. Memory leak fix for new sec_ctx code (sorry Tim :-). Jeremy. (This used to be commit edaf49c66d5a5ccf6689b358c301e208599a468f)
2000-06-23Added return for become_authenticated_pipe_user() function.Tim Potter1-0/+2
(This used to be commit d0f55e04c9400481e4a981431715e167a8246e45)
2000-06-23Delete OriginalDir stuff.Tim Potter3-16/+20
(This used to be commit 3d0f1845c8cefccfabcfd35694264c1e5f52c3af)
2000-06-23Moved some static functions to sec_ctx.cTim Potter1-222/+30
Implemented become_root() and friends in terms of push/pop/set security contexts. (This used to be commit 0bcdcd0606fc2b6aba35b03255aad5bb2bd8e848)
2000-06-23Call init_sec_ctx() instead of init_uid().Tim Potter1-9/+1
Delete OriginalDir stuff. (This used to be commit db5e6ad3a69a6fd744d8a22066587908470e3815)
2000-06-23I've been working on refactoring some of the mess that is the become_user()Tim Potter1-0/+295
code. This code is now implemented as a stack of security contexts, where a security context is defined as a set of effective user, group and supplementary group ids. The following functions are implemented: BOOL push_sec_ctx(void); Create a new security context on the stack which is the same as the current security context. void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups); Set the current security context to a given set of user and group ids. void set_root_sec_ctx(void); Set to uid = gid = 0. No supplementary groups are set. BOOL pop_sec_ctx(void); Pop a security context from the stack and restore the user and group permissions of the previous context. void init_sec_ctx(void); Initialise the security context stack. This must be called before any of the other operations are used or weird things may happen. The idea is that there is a base security context which is either root or some authenticated unix user. Other security contexts can be pushed and popped as needed for things like changing passwords, or rpc pipe operations where the rpc pipe user is different from the smb user. (This used to be commit 87c78d6d5a6bf8d0907d6f8ef5ee0d642946cad3)
2000-06-20Fixes for IRIX kernel oplocks and systems that don't have nss.hJeremy Allison1-1/+1
Jeremy. (This used to be commit 711f15ac230092bac000e63f99e8dfaa4a644847)
2000-06-19Paranoia changes to ensure that anything touched by a signal handlerJeremy Allison2-17/+18
and the main code is declared as VOLATILE SIG_ATOMIC_T. Jeremy. (This used to be commit b737c784e34b0e1af014cb828ef37d5b6d73c3e2)
2000-06-16Pass the vuid from the connection_struct to the printing back end functions.Tim Potter1-6/+6
(This used to be commit 6120d03200ed6d89640332aedc75172bdf77e2a0)
2000-06-15open files with O_NONBLOCK when available. This is necessary toAndrew Tridgell1-1/+6
prevent possible deadlocks with kernel leases and harmless when kernel leases are not used. basically we don't ever want smbd to block (This used to be commit 9fd67b94a7e43c9dcbe098940b88879ae8743c00)
2000-06-15added support for kernel level share modes. These are a (small) hack,Andrew Tridgell1-1/+24
I suspect we will either get rid of them or do them properly at some stage. (This used to be commit fabe1f350e1fc58db33d22cebd38652950697ced)
2000-06-14allow the notify implementation to choose the select timeout changeAndrew Tridgell4-16/+18
(This used to be commit b1441d9622609af5ef598c5e1e1f5af438dc0731)
2000-06-14ZERO_STRUCT() of info3 structure before using it.Tim Potter1-0/+2
(This used to be commit efe7f818c927a925f2dee1ef4f6040c137e0c84e)
2000-06-13Removed a patch that Andrew had added because 'insure' was incorrectlyChristopher R. Hertel1-9/+0
reporting a memory leak in the cache module. I've modified the cache code to prevent insure getting confused, so the patch can now be removed. (This used to be commit 50599b0fa2b78109e3bd2cf50007dc69c4059955)
2000-06-13use DN_ATTRIB kernel change notify attributeAndrew Tridgell1-3/+7
(This used to be commit 9f542484d11b7b908d3170b702b3bad82ba71525)
2000-06-13always use the DN_CREATE mask (NT expects file creation always toAndrew Tridgell1-8/+3
cause a notify) (This used to be commit 20a06b7fb7c855e874b79b86251d597e7797b3c0)
2000-06-12enable the Linux change notify code and change some notify debug codeAndrew Tridgell3-15/+64
(This used to be commit c6be511fcc1be79619a0184f03d4c33dbfe12f04)
2000-06-12totally rewrote the async signal, notification and oplock notificationAndrew Tridgell8-465/+647
handling in Samba. This was needed due to several limitations and races in the previous code - as a side effect the new code is much cleaner :) in summary: - changed sys_select() to avoid a signal/select race condition. It is a rare race but once we have signals doing notification and oplocks it is important. - changed our main processing loop to take advantage of the new sys_select semantics - split the notify code into implementaion dependent and general parts. Added the following structure that defines an implementation: struct cnotify_fns { void * (*register_notify)(connection_struct *conn, char *path, uint32 flags); BOOL (*check_notify)(connection_struct *conn, uint16 vuid, char *path, uint32 flags, void *data, time_t t); void (*remove_notify)(void *data); }; then I wrote two implementations, one using hash/poll (like our old code) and the other using the new Linux kernel change notify. It should be easy to add other change notify implementations by creating a sructure of the above type. - fixed a bug in change notify where we were returning the wrong error code. - rewrote the core change notify code to be much simpler - moved to real-time signals for leases and change notify Amazingly, it all seems to work. I was very surprised! (This used to be commit 44766c39e0027c762bee8b33b12c621c109a3267)
2000-06-12fixed comments at top of moduleAndrew Tridgell1-2/+3
(This used to be commit 02577ab7d275dfb49e104f3358cb3caa66b3b09e)
2000-06-12split all the change notify code out into a separate moduleAndrew Tridgell2-392/+427
smbd/notify.c. All the data structures are now private to that module. this is in preparation for Linux kernel support for change notify (coming soon to a CVS tree near you) (This used to be commit 1bb0aad4f66dbfa2d0f767ea90f926affff20b17)
2000-06-11a better test for oplocks being enabled in this kernelAndrew Tridgell1-1/+18
(This used to be commit cc0e919fdcb116c8f9688a4f5d7803fc8d7f9588)
2000-06-11fixed Linux capabilities handlingAndrew Tridgell1-21/+39
I used a trick where CAP_LEASE isn't claimed until it is needed. This means we avoid a system call per setreuid(), and never call capset() unless a user tries to get a oplock on a file that they don't own (This used to be commit afa98d511f70f455d599c3a36dd25e49fe74ac09)
2000-06-11Linux kernel oplocks now seem to work, but need a _lot_ of testingAndrew Tridgell5-60/+125
I had to modify sys_select() to not loop on EINTR. I added a wrapper called sys_select_intr() which gives the old behaviour. (This used to be commit b28cc4163bc2faaa80c5782fc02c8f03c410cdeb)
2000-06-10a first pass at Linux kernel oplocks supportAndrew Tridgell3-15/+207
(This used to be commit 3253085d9883a181c04b9c9ecf7d0ccdfbcee88d)
2000-06-10continued the split of the kernel level oplocks code into a moreAndrew Tridgell3-392/+412
modular form. In this pass I added oplock_irix.c and added a "struct kernel_oplocks" that describes a kernel oplock implementation. (This used to be commit b5ceab810292602ea9a81696c20a781c16b706c2)
2000-06-09(Correct) fix for desired_access being zero in map_share_mode().Jeremy Allison1-12/+12
Jeremy. (This used to be commit cc447fbe3cd77d57e18c3d1dff94a95d6032c311)
2000-06-09Luke, I am moving the code back into passdb/passdb.c, this the correctJeremy Allison2-55/+15
place to do this, not in smbd/passwd.c Please don't change this without asking first, I have run this past Andrew so talk to him (I'm on vacation next week). I also removed the g_newXXX macros. There are essentially a private C extension, not used anywhere else in the code, and add no functionality over malloc(XX) and make the code harder to understand (everyone knows what malloc does). Jeremy. (This used to be commit e1b1b6fb6794ba02e1fea510a981fa0ce0d12b58)
2000-06-09clean up oplock capability code ready for Linux codeAndrew Tridgell3-161/+155
(This used to be commit 70dcc791b45ac64fc536ef449e4e6b53b2b68fd4)
2000-06-09split some of the irix kernel oplocks code into a functionAndrew Tridgell1-68/+74
(This used to be commit 6b888d600d95e2595c3f79494edcc55e88e2980d)