| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
Thanks to Elrond for pointing this out.
Jeremy.
|
| |
|
|
| |
jerry
|
| |
|
|
| |
jerry
|
| |
|
|
|
|
| |
Added debug messages to se_access_check().
Added FULL_ACCESS acl to default acl on printers.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- cleaned up some code
- Fixed a few memory leaks of my own making
- Add AddPrinterDriver(); I'm missing some of the semantics
here as the call is done correctly, but I'm not getting all
the information right in the DRIVER_INFO_3 struct I think.
Will work on it tomorrow some more...
--jerry
|
| |
|
|
|
| |
as the SID list. Now to go through and tidy up the algorithm.
Jeremy.
|
| |
|
|
|
|
|
| |
with the current user. This will allow se_access_check() to quickly do
a SD check without having to translate uid/gid's to SIDs.
Still needs work on pipe calls.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
get ready and fix se_access_check().
Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid()
functions that look via winbind first the fall back on local lookup.
All Samba should use these rather than trying to call winbindd code
directly.
Added NT_USER_TOKEN struct in user_struct, contains list of NT sids
associated with this user.
se_access_check() should use this (cached) value rather than attempting
to do the same thing itself when given a uid/gid pair.
More work needs to be done to preserve these things accross security
context changes (especially with the tricky pipe problem) but I'm
beginning to see how this will be done..... probably by registering
a new vuid for an authenticated RPC pipe and not treating the
pipe calls specially.
More thoughts needed - but we're almost there...
Jeremy.
|
| |
|
|
|
|
|
|
| |
NT_STATUS_XXX).
Removed IS_BITS_xxx macros as they were just reproducing "C" syntax in a more
obscure way.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Fixed to work with Jeremy's recent changes re: dunamic
memory allocation when unmarshalling unistr[2]
* included EnumPorts level 1
* more work on AddPrinterEx
--jerry
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in the RPC code. This change was prompted by trying to save a long (>256)
character comment in the printer properties page.
The new system associates a TALLOC_CTX with the pipe struct, and frees
the pool on return of a complete PDU.
A global TALLOC_CTX is used for the odd buffer allocated in the BUFFERxx
code, and is freed in the main loop.
This code works with insure, and seems to be free of memory leaks and
crashes (so far) but there are probably the occasional problem with
code that uses UNISTRxx structs on the stack and expects them to contain
storage without doing a init_unistrXX().
This means that rpcclient will probably be horribly broken.
A TALLOC_CTX also needed associating with the struct cli_state also,
to make the prs_xx code there work.
The main interface change is the addition of a TALLOC_CTX to the
prs_init calls - used for dynamic allocation in the prs_XXX calls.
Now this is in place it should make dynamic allocation of all RPC
memory on unmarshall *much* easier to fix.
Jeremy.
|
| |
|
|
| |
then the two sids are not equal
|
| |
|
|
|
|
|
|
|
| |
with the other spoolss client calls.
Also cleaned up output for 'help' command.
jerry
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
string), the wins_srv module now hands back a struct in_addr when it's
called. It caches the IP address once it has been looked up. The IP
is cleared (and must be looked up again) if the 'wins server' parameter
is reread, or if the node is marked 'dead'. A dead node will not be
re-tried for 10 minutes (per a #define in wins_srv.c).
As it was, the code was reading the WINS server name or IP directly from
lp_wins_server. That's okay, except that if the value was expressed as
a name, then a DNS lookup would be done every time the client wanted to
talk to the server.
I still need to work out the implications of failover regarding the
'unicast subnet' list.
Chris -)-----
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
*Note: failover doesn't actually work yet!* It's just that the code I'm
adding provides all of the pieces necessary.
I do have one big question. Something that I'll have to ask Jeremy, I'm
thinkin'. In nmbd/nmbd_subnetdb.c the IP of the WINS server is used to
set up the Unicast subnet.
...so what happens if the WINS server changes?
My guess is either:
a) nothing.
b) I'd have to change the unicast subnet entry whenever the WINS server
changes.
Urq.
BTW, the lp_wins_server() function no longer returns the WINS server name
or IP. It returns the list of WINS servers entered in smb.conf. To get
the currently 'live' WINS server, use the wins_srv() function.
Fun, eh?
Chris -)-----
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
implemented in util_array.c so I wrote a smaller (and simplier
package).
I would like to replace the use of util_array.c functions
in the rest of the source tree if no one objects.
This will be an interface change, but not really a difference
in the functionality provided.
--jerry
|
| |
|
|
|
| |
Changed interface to se_access_check to take a user struct instead of each
bit as a separate parameter.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
the command line, the password would still be cached in memory
in plain text for the lifetime of the rpcclient command line session.
removed loopback connection functions from msrpc-client.c since
we don't support that in the server code now anyways. simplify,
simplify, ...
--jerry
|
| | |
|
| |
|
|
| |
jerry
|
| | |
|
| |
|
|
|
|
| |
nsswitch/wb_client.c
Merge of nsswitch/common.c rename to nsswitch/wb_common.c from TNG.
|
| |
|
|
| |
Fixes for se_access_check() when you are the owner of the object.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* fixes some readline bugs from the merge
* first attempt at commands (spoolenum almost works)
* no changes to existing functions in HEAD; only additions
of new functions. I'll weed out what I can as I go.
--jerry
|
| |
|
|
|
| |
bugs. I think there is a problem though with the permissions granted when
SEC_RIGHTS_MAXIMUM_ALLOWED is passed as the permissions requested.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
semi-connection and a rpcclient prompt, but no functionality there yet.
Will be a few more days on that.
--jerry
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
rpc_parse/parse_spoolss.c: Added note about prs_align when marshalling a SEC_DESC...
rpc_server/srv_lsa.c: Tim - your changes broke the display of the 'everyone' group
when doing file access with no winbindd running. This is a partial
fix - more when I have analysed this more.
rpc_server/srv_spoolss_nt.c: Fix for the 'change driver' problem ! Hurrah !
Jeremy.
|
| |
|
|
|
|
|
| |
jreilly@hp.com.
Memory leak fix for new sec_ctx code (sorry Tim :-).
Jeremy.
|
| |
|
|
|
|
|
|
|
| |
Removed unistr_to_ascii() as it was never used.
printing/nt_printing.c: Removed "DUMMY.XX" files.
rpc_server/srv_spoolss_nt.c: Use dos_PutUniCode() instead of ascii_to_unistr().
Attempted to fix the "return value" size code based on J.F's
comments. This needs looking at.
Jeremy.
|
| | |
|
| |
|
|
|
| |
and the main code is declared as VOLATILE SIG_ATOMIC_T.
Jeremy.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
handling in Samba. This was needed due to several limitations and
races in the previous code - as a side effect the new code is much
cleaner :)
in summary:
- changed sys_select() to avoid a signal/select race condition. It is a
rare race but once we have signals doing notification and oplocks it
is important.
- changed our main processing loop to take advantage of the new
sys_select semantics
- split the notify code into implementaion dependent and general
parts. Added the following structure that defines an implementation:
struct cnotify_fns {
void * (*register_notify)(connection_struct *conn, char *path, uint32 flags);
BOOL (*check_notify)(connection_struct *conn, uint16 vuid, char *path, uint32 flags, void *data, time_t t);
void (*remove_notify)(void *data);
};
then I wrote two implementations, one using hash/poll (like our old
code) and the other using the new Linux kernel change notify. It
should be easy to add other change notify implementations by creating
a sructure of the above type.
- fixed a bug in change notify where we were returning the wrong error
code.
- rewrote the core change notify code to be much simpler
- moved to real-time signals for leases and change notify
Amazingly, it all seems to work. I was very surprised!
|
| |
|
|
| |
sigprocmask()
|
| |
|
|
|
| |
I had to modify sys_select() to not loop on EINTR. I added a wrapper
called sys_select_intr() which gives the old behaviour.
|
| |
|
|
|
| |
modular form. In this pass I added oplock_irix.c and added a "struct
kernel_oplocks" that describes a kernel oplock implementation.
|
| |
|
|
|
| |
sincerely hope :-). Thanks elrond !
Jeremy.
|
| |
|
|
|
|
|
| |
and if you have unix realname=yes, you get the gecos name when locking the
station.
J.F.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Added patches for random -> sys_random.
Added set_effective_xxx patches for AFS code.
Memory allocation changes in spoolss code.
Jeremy.
|
| |
|
|
|
| |
to make the acl functionality regular (we can have smbd/posix_acls etc).
Jeremy.
|
| |
|
|
|
|
|
| |
Domain SID is saved in secrets.tdb upon joining domain.
Added "Authenticated Users" and "SYSTEM" well-known SIDs (under
NT Authority).
|
