| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
we already have space for this we just need to understand the length correctly).
Jeremy.
|
| |
|
|
|
|
|
|
| |
CAP_LARGE_READX|CAP_LARGE_WRITEX bits on negprot and out W2K
performance goes through the roof......
And as we *always* offer 64 buffers we can do this with this
simple change.....
Jeremy.
|
| |
|
|
|
| |
think....).
Jeremy.
|
| | |
|
| |
|
|
| |
but I haven't actually run it yet so it probably doesn't work. (-:
|
| |
|
|
|
|
|
| |
I did some basic tests but I have probably broken something. Notably the
password changing. So don't cry ;-)
J.F.
|
| |
|
|
|
|
|
|
| |
- cleaned up GNUC printf attribute macros
- added enum handling in mkproto
- removed non-vararg code
- made slprintf and vslprintf just macros for snprintf and vsnprintf
- don't need slprintf code any more
|
| |
|
|
|
|
|
|
|
|
|
| |
for memory allocation. This fixes a long standing seg fault
(i knew i would get around to it one day :) )
Tested with NT4 and Win2k. Needs a little more testing with the
"create the machine account on the fly" code for NT4.
Simo, this is probably going to break the tdb passdb code.
Can you look at that when you get a chance and see what you think?
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
when copying to a full disk problem, I discovered that we were not allowing
the delete on close flag to be set properly, this led to other things, and
after investigation of the proper delete on close semantics and their relationship
to the file_share_delete flag I discovered there were some cases where we
weren't doing the deny modes properly. And this after only 5 years working
on them..... :-) :-).
So here's the latest attempt. I realised the delete on close flag needs to
be set across all smbds with a dev/ino pair open - in addition, the delete
on close flag, allow share delete and delete access requested all need to
be stored in the share mode tdb.
The "delete_on_close" entry in the fsp struct is now redundant and should
really be removed. This may also mean we can get rid of the "iterate_fsp"
calls that I didn't like adding in the first place. Whilst doing this patch,
I also discovered we needed to do the se_map_generic() call for file opens
and POSIX ACL mapping, so I added that also.
This code, although ugly, now passes the deny mode torture tests plus the
delete on close tests I added. I do need to add one more multiple connection
delete on close test to make sure I got the semantics exactly right, plus we
should also (as Andrew suggested) move to random testing here.
The good news is that NT should now correctly delete the file on disk
full error when copying to a disk :-).
Jeremy.
|
| |
|
|
|
|
|
|
|
| |
now in pipe struct (where used) rather than user_struct.
Secured machine account password changing in srv_netlog_nt.c - ensure
that only the given machine can change its own password. May need to
free this up later for NT admin tools, but this is a fail-safe secure
position for now.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
system header files...
Jeremy.
|
| |
|
|
| |
macros to STR_
|
| |
|
|
| |
libsmbclient.c: fix problems with return codes on smbc_unlink_print_job
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
include/smb.h: Added LPQ_xx enums to correspond with the NT JOB_STATUS_XXX. We
need these to be different as we're storing LPQ_xx enums in the tdb
already.
rpc_server/srv_spoolss_nt.c: Don't need to return status strings as we're now
returning status codes.
smbd/lanman.c: Change the RAP status codes to have "RAP" in the name.
printing/printing.c: Keep track of the status of a job. Allow a job to be
deleted from one smbd when being submitted by another.
Made logic in mutex clearer.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
source/rpc_server/srv_spoolss_nt.c
- add an access check to _spoolss_deleteprinter() to stop random
users and passers by from deleting printers.
source/lib/messages.c
- converted global msg_all struct to a local in message_send_all()
function.
source/include/smb.h
- added a success error code to the spoolss return codes.
source/include/proto.h
source/param/loadparm.c
source/printing/printing.c
- Added new parameter "total print jobs" to limit the total number
of print jobs across all queues. Currently individual queues are
limited by "max print jobs".
|
| |
|
|
|
|
|
| |
list of structures rather than the dodgy parsing code we had before
this also gets smbw working correctly with no initial workgroup (using
name_status_find on __MSBROWSE__ returns)
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently does exactly the same thing (returns ACLs the same way). This
code is written to try and get a POSIX ACL via the abstract sys_XX interface,
then fall back to providing a UNIX based ACL if the calls fail. Seems to
work. Next step is to add a --with-posix-acls to configure.in and then
check on a POSIX ACL system that a complex ACL is returned correctly
as an NT ACL. Note that the ACL set (a more complex problem) is not
addressed yet.
Jeremy.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
a single
statement after an 'if'. Tracking this down took 4 hours from my life and ANDREW I WANT
THEM BACK !!!!! :-).
include/smb.h smbd/password.c: Fixed the bug veritas reported with realloc of the validated_users
array growing without bounds. This is now a linked list as god (Andrew) intended :-).
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
o added BOOL own_memory flag in SAM_ACCOUNT so we could
use static memory for string pointer assignment or
allocate a new string
o added a reference TDB passdb backend. This is only a reference
and should not be used in production because
- RID's are generated using the same algorithm as with smbpasswd
- a TDB can only have one key (w/o getting into problems) and we
need three. Therefore the pdb_sam-getpwuid() and
pdb_getsampwrid() functions are interative searches :-(
we need transaction support, multiple indexes, and a nice open
source DBM. The Berkeley DB (from sleepycat.com seems to fit
this criteria now)
o added a new parameter "private dir" as many places in the code were
using lp_smb_passwd_file() and chopping off the filename part.
This makes more sense to me and I will docuement it in the man pages
o Ran through Insure-lite and corrected memory leaks. Need for
a public flogging this time Jeremy (-:
-- jerry
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
| |
- merged Tim's vlp (virtual lp) test program. Enable it with
-DDEVELOPER or by using ./configure.developer
(source/include/smb.h source/configure.developer
source/printing/lpq_parse.c source/param/loadparm.c
testsuite/printing/.cvsignore testsuite/printing/Makefile.vlp
testsuite/printing/vlp.c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+)
are broken, but they were somewhat broken before. :)
The following functions implement the storage manipulation interface
/*The following definitions come from passdb/pdb_smbpasswd.c */
BOOL pdb_setsampwent (BOOL update);
void pdb_endsampwent (void);
SAM_ACCOUNT* pdb_getsampwent (void);
SAM_ACCOUNT* pdb_getsampwnam (char *username);
SAM_ACCOUNT* pdb_getsampwuid (uid_t uid);
SAM_ACCOUNT* pdb_getsampwrid (uint32 rid);
BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass);
BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override);
BOOL pdb_delete_sam_account (char* username);
There is also a host of pdb_set..() and pdb_get..() functions for
manipulating SAM_ACCOUNT struct members. Note that the struct
passdb_ops {} has gone away. Also notice that struct smb_passwd
(formally in smb.h) has been moved to passdb/pdb_smbpasswd.c
and is not accessed outisde of static internal functions in this
file. All local password searches should make use of the the SAM_ACCOUNT
struct and the previously mentioned functions.
I'll write some documentation for this later. The next step is to fix
the TDB passdb backend, then work on spliting the backends out into
share libraries, and finally get the LDAP backend going.
What works and may not:
o domain logons from Win9x works
o domain logons from WinNT 4 works
o user and group enumeration
as implemented by Tim works
o file and print access works
o changing password from
Win9x & NT ummm...i'll fix this tonight :)
If I broke anything else, just yell and I'll fix it. I think it
should be fairly quite.
-- jerry
|
| |
|
|
|
| |
This also updates the printing.tdb db version to 2.
Jeremy.
|
| |
|
|
|
|
|
|
|
| |
Jim McDonough
Infoprint Manager Development
Linux Technology Center
IBM Boulder
Jeremy.
|
| |
|
|
|
| |
Added "codepage directory" patch from Peter.Polkinghorne@brunel.ac.uk
Jeremy.
|
| |
|
|
|
| |
We now use our own vfs layer to do get/set acl calls (hurrah!).
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a conn struct depending on the call.
We need this to have a clean NT ACL call interface.
This will break any existing VFS libraries (that's why this is pre-release
code).
Andrew gets credit for this one :-) :-).
In addition - added Herb's WITH_PROFILE changes - Herb - please examine
the changes I've made to the smbd/reply.c code you added. The original
code was very ugly and I have replaced it with a
START_PROFILE(x)/END_PROFILE(x) pair using the preprocessor.
Please check this compiles ok with the --with-profile switch.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
| |
ERROR_INSUFICIENT_BUFFER when working out what space is needed. This fix
gives us the same return that WinNT does.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
| |
with the current user. This will allow se_access_check() to quickly do
a SD check without having to translate uid/gid's to SIDs.
Still needs work on pipe calls.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
get ready and fix se_access_check().
Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid()
functions that look via winbind first the fall back on local lookup.
All Samba should use these rather than trying to call winbindd code
directly.
Added NT_USER_TOKEN struct in user_struct, contains list of NT sids
associated with this user.
se_access_check() should use this (cached) value rather than attempting
to do the same thing itself when given a uid/gid pair.
More work needs to be done to preserve these things accross security
context changes (especially with the tricky pipe problem) but I'm
beginning to see how this will be done..... probably by registering
a new vuid for an authenticated RPC pipe and not treating the
pipe calls specially.
More thoughts needed - but we're almost there...
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- changed the default forms flag to 2
- all short architecture name are uppercased
- get_short_archi() is now case unsensitive
- the drivers TDB is indexed by archi/version/name
- implemented code to move drivers from the upload area to the download
area. Someone else need to look at that code.
- don't return anymore a default driver if it doesn't exist in the TDB.
Instead return an error.
- cleaned prs_unistr.
- #ifdef out jeremy's new SD parsing in printer_info_2
- removed the unused MANGLE_CODE
- #ifdef out the security checking in update_printer() as it doesn't work
for me.
Zap your ntdrivers.tdb, it won't work anymore.
J.F.
|
| |
|
|
|
|
|
| |
Removed msrpc_local struct
--jerry
|
| | |
|
| |
|
|
|
| |
structure so authenticated pipe users can have their unix groups set when
become_authenticated_pipe_user() is called.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
semi-connection and a rpcclient prompt, but no functionality there yet.
Will be a few more days on that.
The changes to the header files were minor. A few struct's and a few
additional fields to existing ones. No deletions. **minimal change
necessary** :-) Well, maybe not minimal, but I tried.
All other programs compile, link and run ok from what I can tell so
I don;t think I broke anything.
--jerry
|
| |
|
|
| |
Moved the S_* macros from smb.h to includes.h
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
handling in Samba. This was needed due to several limitations and
races in the previous code - as a side effect the new code is much
cleaner :)
in summary:
- changed sys_select() to avoid a signal/select race condition. It is a
rare race but once we have signals doing notification and oplocks it
is important.
- changed our main processing loop to take advantage of the new
sys_select semantics
- split the notify code into implementaion dependent and general
parts. Added the following structure that defines an implementation:
struct cnotify_fns {
void * (*register_notify)(connection_struct *conn, char *path, uint32 flags);
BOOL (*check_notify)(connection_struct *conn, uint16 vuid, char *path, uint32 flags, void *data, time_t t);
void (*remove_notify)(void *data);
};
then I wrote two implementations, one using hash/poll (like our old
code) and the other using the new Linux kernel change notify. It
should be easy to add other change notify implementations by creating
a sructure of the above type.
- fixed a bug in change notify where we were returning the wrong error
code.
- rewrote the core change notify code to be much simpler
- moved to real-time signals for leases and change notify
Amazingly, it all seems to work. I was very surprised!
|
| | |
|
| |
|
|
|
| |
modular form. In this pass I added oplock_irix.c and added a "struct
kernel_oplocks" that describes a kernel oplock implementation.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
place to do this, not in smbd/passwd.c
Please don't change this without asking first, I have run this past
Andrew so talk to him (I'm on vacation next week).
I also removed the g_newXXX macros. There are essentially a private C extension,
not used anywhere else in the code, and add no functionality over malloc(XX)
and make the code harder to understand (everyone knows what malloc does).
Jeremy.
|
