| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
srv_samr.c: Fix for pw caching.
smbd/nttrans.c: Fix to allow trans create to set ACL on open.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
uses cache max 100 times.
Jeremy.
|
| |
|
|
|
|
|
|
| |
<rabollinger@home.com>
jerry
|
| |
|
|
| |
jerry
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
source/rpc_server/srv_spoolss_nt.c
- add an access check to _spoolss_deleteprinter() to stop random
users and passers by from deleting printers.
source/lib/messages.c
- converted global msg_all struct to a local in message_send_all()
function.
source/include/smb.h
- added a success error code to the spoolss return codes.
source/include/proto.h
source/param/loadparm.c
source/printing/printing.c
- Added new parameter "total print jobs" to limit the total number
of print jobs across all queues. Currently individual queues are
limited by "max print jobs".
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
smbd/vfs-wrap.c:
smbd/vfs.c: Added fchmod_acl and chmod_acl.
lib/substitute.c:
smbd/lanman.c:
smbd/open.c:
smbd/process.c:
smbd/reply.c:
smbd/service.c: Removed sessetup_user variable. Added current_user_info struct
which conatins domain info etc. Added '%D' for client domain parameter.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
source/lib/util_seaccess.c
- added se_create_child_secdesc() function which takes a parent
(container) security descriptor and creates a security descriptor
which has the inheritance flags for each ACE applied. In NT a
print job is a child object of a printer so deleting and
pausing/resuming jobs requires a check against the child security
descriptor, not the parent. The values seen in NT printer
security descriptors now all fit together in a natural and
elegant way which is always nice.
- Removed #ifdef'ed out portion of check_ace() when the
INHERIT_ONLY flag is set as the se_create_child_secdesc()
function now creates a security descriptor which can be used
without this hack.
|
| |
|
|
| |
codepath.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
source/rpc_parse/parse_lsa.c
- off by one unistr length bug in init_lsa_trans_name()
source/lib/util_sid.c
- resolve more BUILTIN sid values to names.
source/nsswitch/wb_client.c
- fix typo in debug message
- set errno on error so we don't get bogus value from last failure.
source/rpc_server/srv_spoolss_nt.c
- add debug to track number of open printer handles for ease of
tracking handle leaks in the future.
source/rpc_server/srv_lsa.c
- fix off-by-one string bug. This was preventing NT from
displaying names for well-know SIDs in printer permissions
dialog.
|
| |
|
|
| |
it slows us down and doesn't gain anything
|
| |
|
|
|
| |
Ensure HAVE_NO_ACLS is set in configure if ACL support not selected.
Jeremy
|
| |
|
|
|
| |
Now the debugging starts.... :-).
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
testsuite/printing/psec.c
- Use lock directory from smb.conf parameter when peeking at the
ntdrivers.tdb file.
source/rpc_parse/parse_sec.c
- fix typo in debug message
source/script/installbin.sh
- create private directory as part of 'make install'.
source/nsswitch/winbindd_cache.c
source/nsswitch/winbindd_idmap.c
source/passdb/secrets.c
source/smbd/connection.c
- always convert tdb key to unix code-page when generating.
source/printing/nt_printing.c
- always convert tdb key to unix code-page when generating.
- don't prepend path to a filename that is NULL in
add_a_printer_driver_3().
source/rpc_server/srv_spoolss_nt.c
- always convert tdb key to unix code-page when generating.
- don't prepend server name to a path/filename that is NULL in the
fill_printer_driver_info functions.
source/printing/printing.c
- always convert tdb key to unix code-page when generating.
- move access check for print_queue_purge() outside of job delete
loop.
source/smbd/unix_acls.c
- fix for setting ACLs (this got missed earlier)
source/lib/messages.c
- trivial sync with appliance_head
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Deniz Akkus <akkus@alum.mit.edu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
source/Makefile.in
- changes to ctags and etags rules that somehow got lost along the way.
source/include/proto.h
- make proto
source/smbd/sec_ctx.c
source/smbd/password.c
- merge debugs for debugging user groups and NT token stuff.
source/lib/util_str.c
- capitalise domain name returned from parse_domain_user()
source/nsswitch/wb_client.c
- fix broken conditional in debug statement.
source/include/rpc_secdes.h
source/include/rpc_spoolss.h
source/printing/nt_printing.c
source/lib/util_seaccess.c
- fix printer permission bugs related to ACE masks for printers.
This adds mapping of generic access rights to object specific
rights for NT printers. Still need to work out whether or not to
ignore ACEs with certain flags set, though. See comments in
util_seaccess.c:check_ace() for details.
source/printing/nt_printing.c
source/printing/printing.c
- use PRINTER_ACCESS_ADMINISTER instead of JOB_ACCESS_ADMINISTER
until we sort out printer/printjob permission stuff.
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
easier wrapping of non-POSIX ACL interfaces.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
| |
function.
lib/util_unistr.c: Check lengths *before* reading source - prevent uninitialised
memory reads.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rewrote unistr2_to_ascii() to correct a bug seen on SGI boxes.
rpc_parse/parse_misc.c:
rpc_parse/parse_prs.c:
rewrote of BUFFER5 handling to NOT byteswap when it was already in
network byte order.
rpc_parse/parse_samr.c:
cleanup of samr_io_q_lookup_domain(), remove the over-parsing by 2
bytes.
rpc_server/srv_lsa.c:
UNISTR2 strings need to be NULL terminated to pleased W2K.
rpc_server/srv_spoolss_nt.c:
use snprintf instead of safe_strcpy as we want the string
truncated at 32 chars.
That should fix SUN and SGI box not able to act as printserver and the
problem with joining from a W2K wks.
J.F.
|
| |
|
|
|
|
| |
in fixes from appliance-head and 2.2. Fixed multiple connection.tdb open
problem.
Jeremy.
|
| |
|
|
| |
with a Solaris system call.
|
| |
|
|
|
|
|
| |
(correctly)
when the NT_USER_TOKEN is *created*.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
|
| |
o added some comments
o abstracted a few code bits
o cleaned up some code by removing unused code paths
-- jerry
|
| |
|
|
|
|
|
|
|
| |
o check the username in all lowercase
o check the username as transmitted if this would be a different case
o check the username in all upper case if this is a new version
-- jerry
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
Gerald, could you check to see I haven't introduced any bugs into
rpcclient/cmd_spoolss.c?
|
| |
|
|
|
| |
on read.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
| |
ACL patch from http://acl.bestbits.at/.
configure support needs more work (just assumes correct headers at
the moment). ACL writing needs adding.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently does exactly the same thing (returns ACLs the same way). This
code is written to try and get a POSIX ACL via the abstract sys_XX interface,
then fall back to providing a UNIX based ACL if the calls fail. Seems to
work. Next step is to add a --with-posix-acls to configure.in and then
check on a POSIX ACL system that a complex ACL is returned correctly
as an NT ACL. Note that the ACL set (a more complex problem) is not
addressed yet.
Jeremy.
|
| | |
|
| |
|
|
|
| |
include/smb_acls.h lib/sysacls.c: Added as interface definitions.
Jeremy.
|
| |
|
|
|
|
|
|
| |
a --with-spinlocks option to configure, this does mean the on-disk tdb
format has changed, so 2.2alphaX sites will need to re-create their
tdb's. The upside is no more tdb fragmentation and a +5% on netbench.
Swings and roundabouts....
Jeremy.
|
| | |
|
| | |
|
| |
|
|
| |
Found by Joseph Cheek <joseph@cheek.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
o added BOOL own_memory flag in SAM_ACCOUNT so we could
use static memory for string pointer assignment or
allocate a new string
o added a reference TDB passdb backend. This is only a reference
and should not be used in production because
- RID's are generated using the same algorithm as with smbpasswd
- a TDB can only have one key (w/o getting into problems) and we
need three. Therefore the pdb_sam-getpwuid() and
pdb_getsampwrid() functions are interative searches :-(
we need transaction support, multiple indexes, and a nice open
source DBM. The Berkeley DB (from sleepycat.com seems to fit
this criteria now)
o added a new parameter "private dir" as many places in the code were
using lp_smb_passwd_file() and chopping off the filename part.
This makes more sense to me and I will docuement it in the man pages
o Ran through Insure-lite and corrected memory leaks. Need for
a public flogging this time Jeremy (-:
-- jerry
|
| |
|
|
|
|
|
|
|
|
| |
the problem had nothing to do with being your own pid, it was instead
a problem with IPC$ connections not being registered in the
connections database and an incorrect test for -1 in the messaging
code.
These changes also mean that IPC$ shares now show up in
smbstatus. That is probably a good thing.
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
processors. Fixed.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
messaging system as a notification mechanism, and the speed of notification
greatly exceeds the speed of message recovery, then you get a massively (>75Mb)
growing tdb. If the message is a simple notification, then the message is
static, and you only need one of them in transit to a target process at
any one time.
This patch adds a BOOL "allow_duplicates" to the message_send_XX primitives.
If set to False, then before sending a message the sender checks the existing
message queue for a target pid for a duplicate of this message, and doesn't
add to it if one already exists.
Also added code into msgtest.c to test this.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
| |
a byte range lock (write lock only, but Win2k breaks on read lock also so I
do the same) - if you think about why, this is obvious. Also fixed our client
code to do level II oplocks, if requested, and fixed the code where we would
assume the client wanted level II if it advertised itself as being level II
capable - it may not want that.
Jeremy.
|
