Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit e84607eedf3be454f8f709c70cafc5ded4ea951d)
|
|
(This used to be commit 3c4a5f624bfa69eb81d998530d9227e158edd109)
|
|
structure so authenticated pipe users can have their unix groups set when
become_authenticated_pipe_user() is called.
(This used to be commit 55c9bf124dc661df43bfe582ef14b1297aeaf0fa)
|
|
Jeremy.
(This used to be commit 2aa21db960666736331b18956422b7c13aad0f0f)
|
|
jreilly@hp.com.
Memory leak fix for new sec_ctx code (sorry Tim :-).
Jeremy.
(This used to be commit edaf49c66d5a5ccf6689b358c301e208599a468f)
|
|
(This used to be commit d0f55e04c9400481e4a981431715e167a8246e45)
|
|
(This used to be commit 3d0f1845c8cefccfabcfd35694264c1e5f52c3af)
|
|
Implemented become_root() and friends in terms of push/pop/set security
contexts.
(This used to be commit 0bcdcd0606fc2b6aba35b03255aad5bb2bd8e848)
|
|
Delete OriginalDir stuff.
(This used to be commit db5e6ad3a69a6fd744d8a22066587908470e3815)
|
|
code. This code is now implemented as a stack of security contexts, where
a security context is defined as a set of effective user, group and
supplementary group ids.
The following functions are implemented:
BOOL push_sec_ctx(void);
Create a new security context on the stack which is the same as the
current security context.
void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups);
Set the current security context to a given set of user and group
ids.
void set_root_sec_ctx(void);
Set to uid = gid = 0. No supplementary groups are set.
BOOL pop_sec_ctx(void);
Pop a security context from the stack and restore the user and group
permissions of the previous context.
void init_sec_ctx(void);
Initialise the security context stack. This must be called before any
of the other operations are used or weird things may happen.
The idea is that there is a base security context which is either root or
some authenticated unix user. Other security contexts can be pushed and
popped as needed for things like changing passwords, or rpc pipe operations
where the rpc pipe user is different from the smb user.
(This used to be commit 87c78d6d5a6bf8d0907d6f8ef5ee0d642946cad3)
|
|
Jeremy.
(This used to be commit 711f15ac230092bac000e63f99e8dfaa4a644847)
|
|
and the main code is declared as VOLATILE SIG_ATOMIC_T.
Jeremy.
(This used to be commit b737c784e34b0e1af014cb828ef37d5b6d73c3e2)
|
|
(This used to be commit 6120d03200ed6d89640332aedc75172bdf77e2a0)
|
|
prevent possible deadlocks with kernel leases and harmless when kernel
leases are not used.
basically we don't ever want smbd to block
(This used to be commit 9fd67b94a7e43c9dcbe098940b88879ae8743c00)
|
|
I suspect we will either get rid of them or do them properly at some
stage.
(This used to be commit fabe1f350e1fc58db33d22cebd38652950697ced)
|
|
(This used to be commit b1441d9622609af5ef598c5e1e1f5af438dc0731)
|
|
(This used to be commit efe7f818c927a925f2dee1ef4f6040c137e0c84e)
|
|
reporting a memory leak in the cache module. I've modified the cache
code to prevent insure getting confused, so the patch can now be removed.
(This used to be commit 50599b0fa2b78109e3bd2cf50007dc69c4059955)
|
|
(This used to be commit 9f542484d11b7b908d3170b702b3bad82ba71525)
|
|
cause a notify)
(This used to be commit 20a06b7fb7c855e874b79b86251d597e7797b3c0)
|
|
(This used to be commit c6be511fcc1be79619a0184f03d4c33dbfe12f04)
|
|
handling in Samba. This was needed due to several limitations and
races in the previous code - as a side effect the new code is much
cleaner :)
in summary:
- changed sys_select() to avoid a signal/select race condition. It is a
rare race but once we have signals doing notification and oplocks it
is important.
- changed our main processing loop to take advantage of the new
sys_select semantics
- split the notify code into implementaion dependent and general
parts. Added the following structure that defines an implementation:
struct cnotify_fns {
void * (*register_notify)(connection_struct *conn, char *path, uint32 flags);
BOOL (*check_notify)(connection_struct *conn, uint16 vuid, char *path, uint32 flags, void *data, time_t t);
void (*remove_notify)(void *data);
};
then I wrote two implementations, one using hash/poll (like our old
code) and the other using the new Linux kernel change notify. It
should be easy to add other change notify implementations by creating
a sructure of the above type.
- fixed a bug in change notify where we were returning the wrong error
code.
- rewrote the core change notify code to be much simpler
- moved to real-time signals for leases and change notify
Amazingly, it all seems to work. I was very surprised!
(This used to be commit 44766c39e0027c762bee8b33b12c621c109a3267)
|
|
(This used to be commit 02577ab7d275dfb49e104f3358cb3caa66b3b09e)
|
|
smbd/notify.c. All the data structures are now private to that
module.
this is in preparation for Linux kernel support for change notify
(coming soon to a CVS tree near you)
(This used to be commit 1bb0aad4f66dbfa2d0f767ea90f926affff20b17)
|
|
(This used to be commit cc0e919fdcb116c8f9688a4f5d7803fc8d7f9588)
|
|
I used a trick where CAP_LEASE isn't claimed until it is needed. This
means we avoid a system call per setreuid(), and never call capset()
unless a user tries to get a oplock on a file that they don't own
(This used to be commit afa98d511f70f455d599c3a36dd25e49fe74ac09)
|
|
I had to modify sys_select() to not loop on EINTR. I added a wrapper
called sys_select_intr() which gives the old behaviour.
(This used to be commit b28cc4163bc2faaa80c5782fc02c8f03c410cdeb)
|
|
(This used to be commit 3253085d9883a181c04b9c9ecf7d0ccdfbcee88d)
|
|
modular form. In this pass I added oplock_irix.c and added a "struct
kernel_oplocks" that describes a kernel oplock implementation.
(This used to be commit b5ceab810292602ea9a81696c20a781c16b706c2)
|
|
Jeremy.
(This used to be commit cc447fbe3cd77d57e18c3d1dff94a95d6032c311)
|
|
place to do this, not in smbd/passwd.c
Please don't change this without asking first, I have run this past
Andrew so talk to him (I'm on vacation next week).
I also removed the g_newXXX macros. There are essentially a private C extension,
not used anywhere else in the code, and add no functionality over malloc(XX)
and make the code harder to understand (everyone knows what malloc does).
Jeremy.
(This used to be commit e1b1b6fb6794ba02e1fea510a981fa0ce0d12b58)
|
|
(This used to be commit 70dcc791b45ac64fc536ef449e4e6b53b2b68fd4)
|
|
(This used to be commit 6b888d600d95e2595c3f79494edcc55e88e2980d)
|
|
(This used to be commit 2f056c2aadd2e16d89b66aabd1c166ab8d5abd76)
|
|
jeremy, the intent is to call se_access_check() with usr-sid, grp-sid,
array-of-group-rids (but array-of-group-sids would do).
please do look at smbd/lanman.c's api_NetWkstaGetInfo, it will show you
that we really do need to store the entire NET_USER_INFO_3 structure.
then again, api_NetWkstaGetInfo is only used by win9x so who cares :)
(This used to be commit bd34f652390adc32c4959d164c628687f526d977)
|
|
not just undercut work in progress, thank you.
(This used to be commit 86d440a88c948727bfcfedc694c52c58f9687d8b)
|
|
to make "printer driver file" a share parameter. This fits better with
the new NT printing subsystem.
Jeremy.
(This used to be commit 7afb68461f3938a647a6c48689293af8ed36ccb7)
|
|
Jeremy.
(This used to be commit b0242080fe464e71815431559fe54d109e0b92f2)
|
|
there (yet)
as there is no infrastructure for it. Replaced it with a dynamic array
of group SIDs plus a user.
passdb/passdb.c: Added setup_user_sids() function. This is where the lookup should be done,
eventually calling winbind.
smbd/password.c: Changed to call setup_user_sids(). Removed spurious DEBUG(0) statements.
smbd/reply.c: Removed extra parameter to register_vuid().
Jeremy.
(This used to be commit 425f4ad9a5e0e7d49620276100ade7a0cae47011)
|
|
register_vuid fills it with constructed info.
(This used to be commit b1889e4334012b1b2caa604b859da4271509fc87)
|
|
- added autoconf test for HAVE_KERNEL_OPLOCKS_LINUX
(This used to be commit 0368f68529a9244663c199068e95d1a1d93152fa)
|
|
Jeremy.
(This used to be commit 341d07c516865bdd9be99f98cd0754d12b25f9c0)
|
|
Removed ugly hack for NT printing.
Fixed up tdb parse stuff memory leaks.
Jeremy.
(This used to be commit 8ef41f31c53e14ad057d883810a1cd2301fede2a)
|
|
(This used to be commit f890bcf06786e7c63bf76fad2fd46d287a99a270)
|
|
rpc_server/srv_spoolss_nt.c: Fixed more memory leaks.
smbd/nttrans.c: Fixed shadow variable problem.
Jeremy.
(This used to be commit f0a7540831181d3a47e7f8ce8be55a36a2f2aba1)
|
|
passdb/smbpass.c: Insure uninitialized memory reference fix.
printing/nt_printing.c:
rpc_server/srv_spoolss_nt.c: Insure memory leak fixes.
smbd/unix_acls.c: Shadow ref fix.
Jeremy.
(This used to be commit d175d3ebefc053e9badd91ca5f2d8bd03eb6705d)
|
|
Added patches for random -> sys_random.
Added set_effective_xxx patches for AFS code.
Memory allocation changes in spoolss code.
Jeremy.
(This used to be commit c2099cfb033c2cdb6035f4f7f50ce21b98e1584d)
|
|
Jeremy.
(This used to be commit 4534eae405f952d4b93e445571fc487e66a7541b)
|
|
Jeremy.
(This used to be commit f09c53f6b15e96ab1d306c044cbdcd086006c977)
|
|
Jeremy.
(This used to be commit 400263245b4e5344b496c5de52a659f040206798)
|