| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Added a become_root()/unbecome_root() (push/pop security context)
around the initgroups() call to ensure it would succeed. Hmmm - I
wonder if this call being done as non-root might explain any "group access"
bugs we've had in the past....
Jeremy.
|
|
|
|
|
|
|
| |
with the current user. This will allow se_access_check() to quickly do
a SD check without having to translate uid/gid's to SIDs.
Still needs work on pipe calls.
Jeremy.
|
|
|
|
|
|
|
| |
now reproduce the bug I had with adding a printer driver, and PrintMig.exe
crashes if I use my SD code but works with his.
I stand completely corrected :-). - So I'm reverting to his code as it works :-).
Jeremy.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
get ready and fix se_access_check().
Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid()
functions that look via winbind first the fall back on local lookup.
All Samba should use these rather than trying to call winbindd code
directly.
Added NT_USER_TOKEN struct in user_struct, contains list of NT sids
associated with this user.
se_access_check() should use this (cached) value rather than attempting
to do the same thing itself when given a uid/gid pair.
More work needs to be done to preserve these things accross security
context changes (especially with the tricky pipe problem) but I'm
beginning to see how this will be done..... probably by registering
a new vuid for an authenticated RPC pipe and not treating the
pipe calls specially.
More thoughts needed - but we're almost there...
Jeremy.
|
|
|
|
|
|
|
|
| |
NT_STATUS_XXX).
Removed IS_BITS_xxx macros as they were just reproducing "C" syntax in a more
obscure way.
Jeremy.
|
|
|
|
|
|
| |
from the NT printer tdb.
Also added checks for time restrictions before allowing a job to print.
Jeremy.
|
|
|
|
| |
Jeremy.
|
|
|
|
|
|
|
|
|
|
| |
fix for the Win9x printer drivers.
Changed command names to add "command" string on the end for some consistancy
with the other scripting commands.
Added '%P' option to tdbpack/unpack to store long comment string.
Made port name be "Samba Printer Port" if no enum port script given.
Fixed prs_uint32_pre code to cope with null args.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fixed to work with Jeremy's recent changes re: dunamic
memory allocation when unmarshalling unistr[2]
* included EnumPorts level 1
* more work on AddPrinterEx
--jerry
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fixed to work with Jeremy's recent changes re: dunamic
memory allocation when unmarshalling unistr[2]
* included EnumPorts level 1
* more work on AddPrinterEx
--jerry
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
J.F.
|
|
|
|
|
|
| |
that bug was *subtle* :-(
J.F.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in the RPC code. This change was prompted by trying to save a long (>256)
character comment in the printer properties page.
The new system associates a TALLOC_CTX with the pipe struct, and frees
the pool on return of a complete PDU.
A global TALLOC_CTX is used for the odd buffer allocated in the BUFFERxx
code, and is freed in the main loop.
This code works with insure, and seems to be free of memory leaks and
crashes (so far) but there are probably the occasional problem with
code that uses UNISTRxx structs on the stack and expects them to contain
storage without doing a init_unistrXX().
This means that rpcclient will probably be horribly broken.
A TALLOC_CTX also needed associating with the struct cli_state also,
to make the prs_xx code there work.
The main interface change is the addition of a TALLOC_CTX to the
prs_init calls - used for dynamic allocation in the prs_XXX calls.
Now this is in place it should make dynamic allocation of all RPC
memory on unmarshall *much* easier to fix.
Jeremy.
|
|
|
|
| |
J.F.
|
|
|
|
|
|
|
|
|
| |
So fixed enumprinterdatas in rpcclient to debug the server code,
and found that the parsing code was missing 2 prs_align().
We are not crashing NT anymore. :-)
J.F.
|
| |
|
| |
|
| |
|
|
|
|
| |
Jeremy.
|
|
|
|
| |
--jerry
|
|
|
|
|
|
|
| |
'cause it's not all written.
-jerry
|
|
|
|
| |
then the two sids are not equal
|
|
|
|
| |
Jeremy.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- changed the default forms flag to 2
- all short architecture name are uppercased
- get_short_archi() is now case unsensitive
- the drivers TDB is indexed by archi/version/name
- implemented code to move drivers from the upload area to the download
area. Someone else need to look at that code.
- don't return anymore a default driver if it doesn't exist in the TDB.
Instead return an error.
- cleaned prs_unistr.
- #ifdef out jeremy's new SD parsing in printer_info_2
- removed the unused MANGLE_CODE
- #ifdef out the security checking in update_printer() as it doesn't work
for me.
Zap your ntdrivers.tdb, it won't work anymore.
J.F.
|
|
|
|
|
|
|
|
|
|
| |
specifically wrong with this, but Samba is fooled by the client into
thinking the printer is a file share. Files copied to the share gather
dust in the spool directory and aren't printed.
This patch has the effect of not allowing printers to be mounted as file
shares. Not sure whether this is the correct solution or not.
{Jeremy,JF,Tridge} please check!
|
|
|
|
|
| |
is beginning to come together...
Jeremy.
|
|
|
|
| |
main daemon was not catching sighup and reloading the service file.
|
| |
|
|
|
|
|
|
| |
in order - moved them into open_printer_hnd().
Added saving of comment field.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
| |
* Fixed an off-by-one bug noticed by JF in GetPrinterDriverDirectory()
jerry
|
|
|
|
|
|
|
|
|
| |
with the other spoolss client calls.
Also cleaned up output for 'help' command.
jerry
|
|
|
|
|
|
|
|
|
|
| |
with the other spoolss client calls.
Also cleaned up output for 'help' command.
jerry
|
|
|
|
|
|
|
|
|
|
| |
Tim, You should also look at new_smb_io_printer_info_2()
and see if the change from NULL to &i regarding the secdesc is ok.
jerry
|
| |
|
|
|
|
|
|
|
|
| |
the file up i think. Later.
--jerry
|
|
|
|
|
|
|
|
|
| |
rpcclient command to fail on shared printers.
jerry
|
|
|
|
|
|
| |
filed to be ignored when an upload is done.
Modified to code to goto err on problems, simplifies it.
Jeremy.
|
|
|
|
|
| |
printer driver download if looking for the default driver files fail.
Jeremy.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
string), the wins_srv module now hands back a struct in_addr when it's
called. It caches the IP address once it has been looked up. The IP
is cleared (and must be looked up again) if the 'wins server' parameter
is reread, or if the node is marked 'dead'. A dead node will not be
re-tried for 10 minutes (per a #define in wins_srv.c).
As it was, the code was reading the WINS server name or IP directly from
lp_wins_server. That's okay, except that if the value was expressed as
a name, then a DNS lookup would be done every time the client wanted to
talk to the server.
I still need to work out the implications of failover regarding the
'unicast subnet' list.
Chris -)-----
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
*Note: failover doesn't actually work yet!* It's just that the code I'm
adding provides all of the pieces necessary.
I do have one big question. Something that I'll have to ask Jeremy, I'm
thinkin'. In nmbd/nmbd_subnetdb.c the IP of the WINS server is used to
set up the Unicast subnet.
...so what happens if the WINS server changes?
My guess is either:
a) nothing.
b) I'd have to change the unicast subnet entry whenever the WINS server
changes.
Urq.
BTW, the lp_wins_server() function no longer returns the WINS server name
or IP. It returns the list of WINS servers entered in smb.conf. To get
the currently 'live' WINS server, use the wins_srv() function.
Fun, eh?
Chris -)-----
|
|
|
|
|
|
| |
checked to see that only one server was listed. As I am working on an
enhancement that allows multiple servers to be listed...this was a bit
contrary. ;)
|