summaryrefslogtreecommitdiff
path: root/source3/smbd
AgeCommit message (Collapse)AuthorFilesLines
2002-01-17A nice *big* change to the fundemental way we do things.Andrew Bartlett4-18/+25
Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps them around for a long time - often past the next call... This adds a getpwnam_alloc and a getpwuid_alloc to the collection. These function as expected, returning a malloced structure that can be free()ed with passwd_free(&passwd). This patch also cuts down on the number of calls to getpwnam - mostly by taking advantage of the fact that the passdb interface is already case-insensiteve. With this patch most of the recursive cases have been removed (that I know of) and the problems are reduced further by not using the sys_ interface in the new code. This means that pointers to the cache won't be affected. (This is a tempoary HACK, I intend to kill the password cache entirly). The only change I'm a little worried about is the change to rpc_server/srv_samr_nt.c for private groups. In this case we are getting groups from the new group mapping DB. Do we still need to check for private groups? I've toned down the check to a case sensitve match with the new code, but we might be able to kill it entirly. I've also added a make_modifyable_passwd() function, that copies a passwd struct into the form that the old sys_getpw* code provided. As far as I can tell this is only actually used in the pass_check.c crazies, where I moved the final 'special case' for shadow passwords (out of _Get_Pwnam()). The matching case for getpwent() is dealt with already, in lib/util_getent.c Also included in here is a small change to register the [homes] share at vuid creation rather than just in one varient of the session setup. (This picks up the SPNEGO cases). The home directory is now stored on the vuid, and I am hoping this might provide a saner way to do %H substitions. TODO: Kill off remaining Get_Pwnam_Modify calls (they are not needed), change the remaining sys_getpwnam() callers to use getpwnam_alloc() and move Get_Pwnam to return an allocated struct. Andrew Bartlett (This used to be commit 1d86c7f94230bc53daebd4d2cd829da6292e05da)
2002-01-17don't use O_NONBLOCK in open(). This was added erroneously for kernelAndrew Tridgell1-4/+0
oplocks and really shouldn't be used (This used to be commit c3a83002cfc2e0b5158cae1898eda8bafcb41e48)
2002-01-16Separate out get_user_home_dir() from get_user_home_service_dir().Jeremy Allison1-2/+2
Jeremy. (This used to be commit c1b97226db63daf64359e79083a4754e7c7f8054)
2002-01-16Fixup error mapping so we have only one table containing errno -> dos error ↵Jeremy Allison1-38/+14
-> NT STATUS maps. Fixes problem with disk full returning incorrect error. Jeremy. (This used to be commit 16fcbf3c1ccf1d704765653f68395dd596c0d841)
2002-01-16Roll back PSTRING_SANCTIFY patch; just leave non-controversial typeMartin Pool1-16/+23
and constness changes. (This used to be commit cee0ec72746122c962e6c5278a736266a7f2c424)
2002-01-16Roll back PSTR insertion.Martin Pool1-23/+21
Just leave the fstrcpy/pstrcpy bugfix, and conversion to pstr_sprintf rather than manual calculation of length. (This used to be commit e38e7a2bdcf2901359035ac4aa79ebf33599e0c8)
2002-01-15Convert to the new pstring interface. This diff is a pretty goodMartin Pool1-26/+29
example of the scope of change the new pstrings would entail: basically inserting PSTR() or FSTR() everywhere you need to coerce one to a char*. It's also a good example of the kind of bug we might catch: on about line 540, we were doing a pstrcpy into an fstring, which might overflow. It's not a problem in this particular case, but it is in general. (This used to be commit 5a403da4a735a8fb8d118a0a67f3a15127152e18)
2002-01-14Removed MAXSTATUS which was set incorrectly - thus causing tdb traversalJeremy Allison3-27/+14
of the connections db on smbd startup. This should fix the Solaris large load bug.... (fingers crossed). Jeremy. (This used to be commit 5b2b9c25af28543e67762805d1387524cbb6c39d)
2002-01-12Many thanks to Alexander Bokovoy <a.bokovoy@sam-solutions.net>.Andrew Bartlett1-0/+1
This work was sponsored by Optifacio Software Services, Inc. Andrew Bartlett (various e-mails announcements merged into some form of commit message below:) This patch which adds basics of universal groups support into Samba 3. Currently, only Winbind with RPC calls supports this, ADS support requires additional (possibly huge) work on KRB5 PAC. However, basic infrastructure is here. This patch adds: 1. Storing of universal groups for particular user logged into Samba software (smbd/ two winbind-pam methods) into netlogon_unigrp.tdb as array of uint32 supplemental group rids keyed as DOMAIN_SID/USER_RID in tdb. 2. Fetching of unversal groups for given user rid and domain sid from netlogon_unigrp.tdb. Since this is used in both smbd and winbindd, main code is in source/lib/netlogon_uingrp.c. Dependencies are added to AUTH_OBJ as UNIGRP_OBJ and WINBINDD_OBJ as UNIGRP_OBJ. This patch has had a few versions, the final version in particular: Many thanks to Andrew Bartlett for critics and comments, and partly rewritten code. New: - updated fetching code to changed byte order macros - moved functions to proper namespace - optimized memory usage by reusing caller's memory context - enhanced code to more follow Samba coding rules Todo: - proper universal group expiration after timeout (This used to be commit 80c2aefbe7c1aa363dd286a47d50c5d8b4595f43)
2002-01-12Added the O_NOFOLLOW flag if follow symlinks is set off.Jeremy Allison1-0/+6
Jeremy. (This used to be commit 4f1f5f28b514dda86f6f49465bd5887357e37bc6)
2002-01-11Same fix as went into 2.2 (I'm waiting for jerry to finish some code).Jeremy Allison5-55/+55
Jeremy. (This used to be commit 01ff6ce4963e1daff019f2b936cef218e1c93f67)
2002-01-11fixed a crash in merge_aces()Andrew Tridgell1-0/+1
when we free curr_ace_outer we need to not try to use it again :) (This used to be commit 1c5e19a418136c0ae524e62a4907501212ebac3d)
2002-01-11Make this error match Win2k.Andrew Bartlett1-1/+1
(This used to be commit 490d3aaf20f04d04c91c4748896d7a021581a229)
2002-01-11Back out the crazy notion that the NTLMSSP flags actually mean anything...Andrew Bartlett1-1/+12
Replace this with some flags that *we* define. We can do a mapping later if we actually get some more reliable info about what passwords are actually valid. Andrew Bartlett (This used to be commit 7f7a42c3e4d5798ac87ea16a42e4976c3778a76b)
2002-01-10First part of UNIX extensions (#ifdefed out) more to follow.Jeremy Allison2-2/+170
Jeremy. (This used to be commit 02b18f2cca6d6d046d2d8fd7375b207d44031ddc)
2002-01-10Getting ready to add UNIX extensions in HEAD also.Jeremy Allison2-0/+32
Jeremy (This used to be commit 6210d4aa196c944e47076e316980f76ac9c6b02d)
2002-01-09Add two more memory-debug smbcontrol messages: these ones shouldMartin Pool1-0/+1
prompt dmalloc to log information about what happening, so you can see in flight why smbd is getting bloated. (This used to be commit bcb443c5c4bf97fe6b5b0993e42496c2e64f0124)
2002-01-09Better explanation message for dmalloc.Martin Pool3-7/+7
Also more insertion of parenthesis to handle struct members called 'free'. You can now get useful dmalloc output, as long as it is compatible with your C library. On RH7.1 it looks like you have to rebuild dmalloc to allow free(0) by default, because something in libcrypt does that. (sigh) (This used to be commit 391cbb690196537c8b6292b42c2e27408cc7e249)
2002-01-09Add UNUSED(paramname) macro to be used in parameter lists, to quietenMartin Pool1-1/+2
gcc warnings about unused parameters. (This used to be commit b29775d442c36f667a6db5ba9dbe47d1a133525f)
2002-01-09Fixed up atomic update code.Jeremy Allison2-4/+4
Jeremy. (This used to be commit 274b04d4a6123fbfe363afc214e908ab36c7e8a7)
2002-01-06Get this code back to where it belongs...Andrew Bartlett1-7/+7
Apparently (and I will doublecheck) its legal to do an annoymous session setup when we negoitiated SPNEGO, but we can't do an authenticated one becouse we didn't give a challange. Andrew Bartlett (This used to be commit 08a5c5bf940fac7a779be01db01ae7d97df80f79)
2002-01-06Some more SPNEGO fixes.Andrew Bartlett1-1/+1
(This used to be commit 0e564cb32acc70c1fc43f1be5ceb3637f0dc7361)
2002-01-05Fix up the SPNEGO segfault.Andrew Bartlett1-2/+2
(This used to be commit 17b1c83dd02035048bd38b305460c96c6c09343a)
2002-01-05I've decided to move the auth code around a bit more...Andrew Bartlett4-76/+94
The auth_authsupplied_info typedef is now just a plain struct - auth_context, but it has been modified to contain the function pointers to the rest of the auth subsystem's components. (Who needs non-static functions anyway?) In working all this mess out, I fixed a number of memory leaks and moved the entire auth subsystem over to talloc(). Note that the TALLOC_CTX attached to the auth_context can be rather long-lived, it is provided for things that are intended to live as long. (The global_negprot_auth_context lasts the whole life of the smbd). I've also adjusted a few things in auth_domain.c, mainly passing the domain as a paramater to a few functions instead of looking up lp_workgroup(). I'm hopign to make this entire thing a bit more trusted domains (as PDC) freindly in the near future. Other than that, I moved a bit of the code around, hence the rather messy diff. Andrew Bartlett (This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048)
2002-01-04Missed error return is can_rename fails.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 2db99fa49b538e230f2c606d1004871111ea2bf6)
2002-01-04Re-wrote the guts of the rename_internals code to cope with a reportedJeremy Allison3-41/+102
bug (renaming name -> name was failing, on W2K it succeeds). Simplified the common case, did a lot of work to ensure NT error codes are correctly reported back to client. Jeremy. (This used to be commit e6b27f3d8069ae304baaebe09341c58d46b05fe4)
2002-01-03Ensure modtime is set correctly on destination files in copy command.Jeremy Allison1-0/+4
Jeremy. (This used to be commit fb1ab02553e01df0464f0df3eea7ae6a66b4104b)
2002-01-03Fix talloc msg registrationMartin Pool1-1/+1
(This used to be commit 9a473ecf96fca35d146756c0c313b156aba8d9d9)
2002-01-03smbd children should also register for POOL_USAGEMartin Pool1-0/+1
(This used to be commit b46d874f4736493bdc4244ec6cdf95e77347e7d5)
2002-01-03smbd should register to receive MSG_REQ_POOL_USAGE. Response shouldMartin Pool1-0/+1
be information about memory usage, but this is not done yet. (This used to be commit 830a126a442bdde28fc42e23e7260c344b6534b9)
2002-01-02debug statement fixups.Jeremy Allison1-5/+0
Merge SAFE_FREE fix in tdb from 2.2, and IRIX fix. Jeremy. (This used to be commit eb6607466565bcd5b3800492d0bc1ae8a44da4f6)
2002-01-02Actually enforce the passdb API.Andrew Bartlett1-1/+1
Thou shalt not reference SAM_ACCOUNT members directly - always use pdb_get/pdb_set. This is achived by making the whole of SAM_ACCOUNT have a .private member, where the real members live. This caught a pile of examples, and these have beeen fixed. The pdb_get..() functions are 'const' (have been for some time) and this required a few small changes to constify other functions. I've also added some debugs to the pdb get and set, they can be removed if requested. I've rewritten the copy_id2x_to_sam_pass() functions to use the new passdb interface, but I need the flags info to do it properly. The pdb_free_sam() funciton now blanks out the LM and NT hashes, and as such I have removed many extra 'samr_clear_sam_passwd(smbpass)' calls as a result. Finally, any and all testing is always appriciated - but the basics seem to work. Andrew Bartlett (This used to be commit d3dd28f6c443187b8d820d5a39c7c5b3be2fa95c)
2002-01-01A farily large commit:Andrew Bartlett1-0/+152
- Move rpc_client/cli_trust.c to smbd/change_trust_pw.c - It hasn't been used by anything else since smbpasswd lost its -j - Add a TALLOC_CTX to the auth subsytem. These are only valid for the length of the calls to the individual modules, if you want a longer context hide it in your private data. Similarly, all returns (like the server_info) should still be malloced. - Move the 'ntdomain' module (security=domain in oldspeak) over to use the new libsmb domain logon code. Also rework much of the code to use some better helper functions for the connection - getting us much better error returns (the new code is NTSTATUS). The only remaining thing to do is to figure out if tpot's 0xdead 0xbeef for the LUID feilds is sufficient, or if we should do random LUIDs as per the old code. Similarly, I'll move winbind over to this when I get a chance. This leaves the SPOOLSS code and some cli_pipe code as the only stuff still in rpc_client, at least as far as smbd is concerned. While I've given this a basic rundown, any testing is as always appriciated. Andrew Bartlett (This used to be commit d870edce76ecca259230fbdbdacd0c86793b4837)
2001-12-31- portablitity fixes for cc -64 on irixAndrew Tridgell1-1/+1
- fixed gid* bug in rpc_server (This used to be commit 48aa90c48c5f0e3054c4acdc49668e222e7c0d36)
2001-12-30When running interactive we want to set our own process group forJeremy Allison1-0/+9
signal management. Jeremy. (This used to be commit fffae94dd5699f44c0b1c8081587deafd89b3fc0)
2001-12-29Fixup -i interactive modes.Jeremy Allison1-6/+12
Jeremy. (This used to be commit 9343b613d3778b0330bc4d610d3befd363797360)
2001-12-29passing NULL to print_queue_status()'s status parameter could end in a segfaultSimo Sorce1-1/+2
(This used to be commit 79254d2b0490ba400832ef6d460895d45cc4273f)
2001-12-27moving SAM_ACCOUNT to include a bit field for initializedGerald Carter1-8/+8
members (such as uid and gid). This way we will be able to keep ourselves from writing out default smb.conf settings when the admin doesn't want to, That part is not done yet. Tested compiles with ldap/tdb/smbpasswd. Tested connection with smbpasswd backend. oh...and smbpasswd doesn'y automatically expire accounts after 21 days from the last password change either now. Just ifdef'd out that code in build_sam_account(). Will merge updates into 2.2 as they are necessary. jerry (This used to be commit f0d43791157d8f04a13a07d029f203ad4384d317)
2001-12-21Add an output parameter to message_send_all that says how manyMartin Pool1-1/+1
messages were sent, so you know how many replies to expect. Const and doc religion. (This used to be commit 22e510ea0d69356be4fd2fa5ad9e9f4e84f62337)
2001-12-20check for a winbindd username when doing a kerberos authAndrew Tridgell1-0/+11
(This used to be commit 39f2e2e1623a011e2c99ecca64e0643b1e450657)
2001-12-20Removed global debugf. Replaced with lp_set_logfile(name).Jeremy Allison1-5/+7
Fixed winbindd to finally stop leaving log. file droppings :-). Jeremy. (This used to be commit 0bea6cf79a44f79fa3a4f2c8381e898e79c66509)
2001-12-20don't use server_info after its been freedAndrew Tridgell1-2/+4
(This used to be commit ee161a57289409e2fa43e33b045473077c7b6ba5)
2001-12-20support "map to guest" with spnegoAndrew Tridgell1-21/+43
(This used to be commit e873d0ff1eee9442ff6152d666b8d874b6a01972)
2001-12-20fixed long filenames on win98Andrew Tridgell1-1/+3
the fstype must not be null terminated or win98 doesn't recognise it (This used to be commit c8a040f2aa733e926280af010513849b6406741d)
2001-12-20Grr - numbers printed in hexadecimal should be preceeded by 0xTim Potter1-7/+7
(This used to be commit 7d8082a8ad7d5de5daf653903efd36fb84b3cedc)
2001-12-19Allow ACL set to fail gracefully on HP HFS filesystems.Jeremy Allison1-0/+12
Jeremy. (This used to be commit 2d7b81e692ac2bcfd6e31223d3f8545c255cb47c)
2001-12-19added trusted realm support to ADS authenticationAndrew Tridgell1-5/+10
the method used for checking if a domain is a trusted domain is very crude, we should really call a backend fn of some sort. For now I'm using winbindd to do the dirty work. (This used to be commit adf44a9bd0d997ba4dcfadc564a29149531525af)
2001-12-18Tidyup utmp code to cope with hostname = NULL.Jeremy Allison1-11/+13
Jeremy (This used to be commit 2a1b531a1c4f1a4772c95c867f35eac50ed1c7fa)
2001-12-18Return NT_STATUS_OBJECT_NOT_FOUND or ERRbadpipe if pipe name not found.Jeremy Allison2-2/+2
Jeremy. (This used to be commit d5fdb1f096e8db3e9cf7a65ddb75f7cafd1958c0)
2001-12-18Fixed the bug with descending into mangled directories.Jeremy Allison1-5/+8
The problem is that name_map_mangle can *change* the length of a patchname. Ensure that all the character pointer messing about can cope with changing sizes of components. This code is too ugly to live..... This also needs *lots* of testing. Jeremy. (This used to be commit 9f2b6a07429da5dec59e562fa5489b8079978677)