| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
username rather than the Unix username. The Windows username will then be
shown in the port monitor regardless of the Unix username used to spool the
job.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- make proto
- addition of function to convert from errno values to NT status codes
(source/lib/error.c)
- purge queue done without full access permission will purge only the
jobs owned by that user, rather than failing.
- unlock job database tdb before sending job to printer
- in print_job_start(), ensure that we don't pick a jobid with an existing
temporary file that may be owned by another user, as it causes silent
failures.
- fixes for printer permission checking for NT5 clients
(source/include/rpc_spoolss.h, source/printing/nt_printing.c,
source/printing/printing.c, source/rpc_server/srv_spoolss_nt.c)
- change from uint8 to 'enum SID_NAME_USE' (source/rpc_server/srv_lsa.c)
- fixed memory leaks for win95 driver download process
(source/smbd/lanman.c)
- properly free prs_structs and dacl in testsuite/printing/psec.c
|
| |
|
|
|
|
| |
possible printjobs from that printer (I think this is correct).
Added error code returns for print_queue_XXX() functions.
Jeremy.
|
| |
|
|
|
| |
errors to NT error for print job failure returns. Patch from John Reilly at HP.
Jeremy.
|
| |
|
|
| |
any user in that list can do anything to a printer
|
| |
|
|
|
|
| |
from the NT printer tdb.
Also added checks for time restrictions before allowing a job to print.
Jeremy.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A user can now pause, resume or delete their own job even if they don't
have the Manage Documents privilege.
Added call to se_access_check() for changing printer properties. The Full
Access privilege is required for the user to perform this.
Several uninitialised variables and memory leaks plugged.
Modified default ACL created on new printers to be Everyone / Print instead
of Everyone / Full Access. This required some random stuffing around with
the value of the revision field to correspond with the ACL that NT produces
when setting the same permission on the printer.
Fixed dodgy function call in printing/printfsp.c
|
| |
|
|
|
|
|
|
| |
printing/printing.c: priority needs to be 1 not zero (found by checked build).
rpc_server/srv_spoolss_nt.c: Log invalid handle access, also print out if this is a different
pid handle. This will help track down client access after a connection
is closed.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
| |
User details are passed into the printing back end from the spoolss code.
For each print operation these details are checked using the
se_access_check() function using information from the winbind daemon.
Fixed bug in nt_printing_setsec() where the user and group SIDs were
trashed if the permissions were changed from NT. It is necessary to merge
these sids from the previous value of the security descriptor before
storing it in the tdb.
|
| | |
|
| |
|
|
| |
made the run_print_command a varargs fn
|
| |
|
|
|
|
|
| |
got rid of the forms, drivers and printers files in the nt drivers
directory and instead use a single tdb
note that this is _not_ all finished.
|
| |
|
|
|
|
|
|
|
| |
of tdb_{store,get}_int() to store the length of the string key + 1 so the
stored key contains the trailing NULL character. This allows normal
string library routines to manipulate keys.
Also renamed tdb_get_int() to tdb_fetch_int() to keep the set of verbs
consistent.
|
| | |
|
| |
|
|
|
| |
of doing a system call every time we want to just get our pid.
Jeremy.
|
| | |
|
| |
|
|
| |
in TNG
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
new open mechanism Andrew & I discussed.
config.sub:
configure: Included the QNX patch.
include/vfs.h:
smbd/vfs-wrap.c:
smbd/vfs.c: Added ftruncate vfs call (needed).
Note that we will also need locking calls in the vfs (to be added).
lib/util_unistr.c:
nmbd/nmbd_processlogon.c: Fix for NT domain logons causing nmbd to core dump.
Also fix for sidsize DOS bug.
locking/locking.c: Check value of ret before using it for memdup.
printing/printing.c: Convert print_fsp_open to return an allocated fsp.
rpc_server/srv_lsa.c: Fix for NT domain logons.
I have removed all use of lp_share_modes() from the code (although I
left the parameter in the table for backwards compatibility). It no longer makes
sense for this to exist.
smbd/close.c: Removed lp_share_modes().
smbd/fileio.c: Fixed parameters to unlock_share_entry call in panic code.
smbd/files.c: Correctly set the unix_ERR_code to ERRnofids on fsp allocation fail.
smbd/nttrans.c:
smbd/reply.c:
smbd/trans2.c: Changed all occurrences of open_file_shared/open_directory/
open_file_stat to return an fsp from the call.
smbd/open.c: Changed all occurrences of open_file_shared/open_directory/
open_file_stat to return an fsp from the call.
In addition I have fixed a long standing race condition in the deny mode
processing w.r.t. two smbd's creating a file. Andrew, please note that
your original idea of using open with O_EXCL in this case would not work
(I went over the races very carefully) and so we must re-check deny modes
*after* the open() call returns. This is because there is a race between
the open with O_EXCL and the lock of the share mode entry. Imagine the
case where the first smbd does the open with O_EXCL and a deny mode of DENY_ALL,
but is pre-empted before it locks the share modes and creates the deny
mode entry for DENY_ALL. A second smbd could then come in with O_RDONLY
and a deny mode of DENY_NONE and the two opens would be allowed.
The *only* way to fix this race is to lock the share modes after the
open and then do the deny mode checks *after* this lock in the case
where the file did not originally exist.
This code will need extensive testing but seems to initially work.
Jeremy.
|
| | |
|
| |
|
|
|
|
|
|
| |
printing/printing.c: Cast tdb_delete to (tdb_traverse_func) to stop warning.
tmpfile gives mirror warning.
smbd/groupname.c: Remember to file_lines_free() on exit.
tdb/tdb.h: Add tdb_traverse_func typedef.
Jeremy
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
printing/load.c
so swat can get it without linking to the backend code
------------
The following series of commits are for the new tdb based printing
backend. This completely replaces our old printing backend.
Major changes include:
- all print ops are now done in printing/*.c rather than scattered all
over the place
- system job ids are decoupled from SMB job ids
- the lpq parsers don't need to be nearly so smart, they only need to
parse the filename, the status and system job id
- we can store lots more info about a job, including the full job name
- the queue cache control is much better
I also added a new utility routine file_lines_load() that loads a text
file and parses it into lines. This is used in out lpq parsing and I
also want to use it to replace all of our fgets() based code in other
places.
|
| |
|
|
|
|
|
|
|
|
| |
it in print_open_file()
that removes a lot of special cases in open.c and makes the print
handling code much easier to understand.
there is still lots to do in printing.c, but this at least gets
printing separated from the mainline code
|
| |
|
|
|
|
| |
printing/lpq_parse.c
getting ready for the new printing backend
|
| |
|
|
|
|
|
|
| |
it, to prevent false status return value.
Jeremy, it's a gross hack but you should consider it for 2.0.7 also.
J.F.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pdus, and then feeds them over either a "local" function call or a "remote"
function call to an msrpc service. the "remote" msrpc daemon, on the
other side of a unix socket, then calls the same "local" function that
smbd would, if the msrpc service were being run from inside smbd.
this allows a transition from local msrpc services (inside the same smbd
process) to remote (over a unix socket).
removed reference to pipes_struct in msrpc services. all msrpc processing
functions take rpcsrv_struct which is a structure containing state info
for the msrpc functions to decode and create pdus.
created become_vuser() which does everything not related to connection_struct
that become_user() does.
removed, as best i could, connection_struct dependencies from the nt spoolss
printing code.
todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific
info on a per-connection basis, and if the connection dies then so does
the info, and that's a fairly serious problem.
had to put pretty much everything that is in user_struct into parse_creds.c
to feed unix user info over to the msrpc daemons. why? because it's
expensive to do unix password/group database lookups, and it's definitely
expensive to do nt user profile lookups, not to mention pretty difficult
and if you did either of these it would introduce a complication /
unnecessary interdependency. so, send uid/gid/num_groups/gid_t* +
SID+num_rids+domain_group_rids* + unix username + nt username + nt domain
+ user session key etc. this is the MINIMUM info identified so far that's
actually implemented. missing bits include the called and calling
netbios names etc. (basically, anything that can be loaded into
standard_sub() and standard_sub_basic()...)
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
aclocal.m4: Added AC_LIBTESTFUNC.
configure.in: Fixed -lsecurity -lsec problems.
client.c: dos_ fixes.
groupdb/aliasunix.c: Dead code removal.
include/includes.h: Added default PRINTCAP_NAME.
lib/genrand.c: dos_ fixes.
lib/replace.c: Added strtoul.
lib/system.c: dos_ fixes.
lib/util.c: dos_ fixes.
lib/util_sid.c: Signed/unsigned fixes.
lib/util_str.c: removed bad const.
locking/locking_slow.c: dos_ fixes.
printing/printing.c: dos_ fixes.
rpc_server/srv_samr.c: Dead code removal.
rpc_server/srv_sid.c: global_myworkgroup defined with wrong size AGAIN !
smbd/dir.c: dos_ fixes.
smbd/open.c: dos_ fixes.
smbd/oplock.c: dos_ fixes.
smbd/reply.c smbd/server.c smbd/service.c smbd/uid.c: dos_ fixes.
Jeremy.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Tidied up some of the mess (no other word for it). Still doesn't
compile cleanly. There are calls with incorrect parameters that
don't seem to be doing the right thing.
This code still needs surgery :-(.
Jeremy.
|
| |
|
|
|
|
|
| |
string wrappers.
printing/printing.c: Added OSF1 fix.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
include/smb.h:
param/loadparm.c: Made GUEST_SESSSETUP run time selectable. Horror of horrors :-).
printing/printing.c: Added J.F.'s latest fix.
rpc_parse/parse_misc.c:
parse_reg.c:
rpcclient/cmd_reg.c:
rpcclient/display.c: SGI compiler signed/unsigned issues.
smbd/reply.c: Made GUEST_SESSSETUP run time selectable. Horror of horrors :-).
utils/testparm.c: Added extra test.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
client/client.c:
client/clitar.c:
include/client.h:
smbwrapper/smbw_dir.c:
smbwrapper/smbw_stat.c:
smbwrapper/smbw.c:
lib/util.c: Converted all use of 'mode' to uint16.
smbd/quotas.c: Fixed stupid comment bug I put in there :-(.
printing/printing.c: Fix from J.F. to new code.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
smbd/quotas.c:
Added quotas patch for autoconf from Dejan Ilic <svedja@lysator.liu.se>.
printing/printing.c: Filenames with spaces patch from Allan Bjorklund <allan@umich.edu>
utils/nmblookup.c: Fix usage() function.
smbd/reply.c: Split out the security=server and security=domain checks into
check_server_security() and check_domain_security() to aid the
writing of the 'hack' appliance mode invented by John Schimmel.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to check for stat64 and friends, and then changes much of Samba
to use the data type SMB_OFF_T for file size information.
stat/fstat/lstat/lseek/ftruncate have now become sys_stat etc. to hide
the 64 bit calls if needed.
Note that this still does not expose 64 bit functionality to the
client, as the changes to the reply_xxx smb's are not yet done.
This code change should make these changes possible.
Still to do before full 64 bit-ness to the client:
fcntl lock code.
statfs code
widening of dev_t and ino_t (now possible due to SMB_DEV_T and SMB_OFF_T
types being in place).
Let me know if wierd things happen after this check-in and I'll
fix them :-).
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bit file interface for the NT SMB's.
Created a new define, SMB_STRUCT_STAT that currently is
defined to be struct stat - this wil change to a user
defined type containing 64 bit info when the correct
wrappers are written for 64 bit stat(), fstat() and lstat()
calls.
Also changed all sys_xxxx() calls that were previously just
wrappers to the same call prefixed by a dos_to_unix() call
into dos_xxxx() calls. This makes it explicit when a pathname
translation is being done, and when it is not.
Now, all sys_xxx() calls are meant to be wrappers to mask
OS differences, and not silently converting filenames on
the fly.
Jeremy.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
configure.in: Source for header changes.
client/clitar.c: Fixed isXXX macros & debugs for gcc pedantic compile.
include/config.h.in: Added MEMSET, BZERO, MEMORY, RPCSVC_YPCLNT, STRINGS headers.
include/includes.h: Headers for the above.
include/smb.h: Made SIGNAL_CAST POSIX by default void (*)(int).
lib/access.c: Fixed isXXX macros & debugs for gcc pedantic compile.
lib/charset.c: Fixed isXXX macros & debugs for gcc pedantic compile.
lib/debug.c: Fixed signal functs.
lib/kanji.c: Fixed isXXX macros & debugs for gcc pedantic compile.
lib/smbrun.c: Fixed isXXX macros & debugs for gcc pedantic compile.
lib/util.c: Fixed isXXX macros & debugs for gcc pedantic compile.
libsmb/namequery.c: Fixed isXXX macros & debugs for gcc pedantic compile.
locking/shmem.c: Fixed isXXX macros & debugs for gcc pedantic compile.
locking/shmem_sysv.c: Fixed error messages in sysV stuff.
nmbd/asyncdns.c: Fixed signal functs.
nmbd/nmbd.c: Fixed isXXX macros & debugs for gcc pedantic compile.
passdb/passdb.c: Fixed isXXX macros & debugs for gcc pedantic compile.
passdb/smbpassfile.c: Fixed isXXX macros & debugs for gcc pedantic compile.
smbd/chgpasswd.c: Fixed isXXX macros & debugs for gcc pedantic compile.
smbd/ipc.c: Fixed isXXX macros & debugs for gcc pedantic compile.
smbd/nttrans.c: Fixed fsp code path.
smbd/password.c: fixed HAVE_YP_GET_DEFAULT_DOMAIN problem.
smbd/printing.c: Fixed isXXX macros & debugs for gcc pedantic compile.
smbd/reply.c: Fixed isXXX macros & debugs for gcc pedantic compile.
smbd/server.c: Fixed isXXX macros & debugs for gcc pedantic compile.
smbd/trans2.c: Fixed core dump bug.
smbd/uid.c: Fixed isXXX macros & debugs for gcc pedantic compile.
Jeremy.
|
| |
|
|
|
|
|
|
| |
Connections[] is now a local array in server.c
I might have broken something with this change. In particular the
oplock code is suspect and some .dll files aren't being oplocked when
I expected them to be. I'll look at it after I've got some sleep.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
ipc.c:
loadparm.c:
printing.c:
Added code from <Dirk.DeWachter@rug.ac.be> to implement print
queue pausing. New parameters are "queuepause command" and
"queueresume command".
util.c: Added fix for mount options in autmount map.
lib/rpc/include/rpc_misc.h: Removed duplicate pipe names for Jean-Francois.
Jeremy.
|
| |
|
|
|
|
|
|
| |
reply.c: Fixed password length modifiers to always be done
is none-encrypted mode used. This fixes Samba for
people who are using non-encrypted passwords with
security=server.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It removed all ocurrences of the following functions :
sprintf
strcpy
strcat
The replacements are slprintf, safe_strcpy and safe_strcat.
It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.
Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.
Jeremy.
|
| |
|
|
|
|
|
| |
everywhere. I've implemented slprintf() as a bounds checked sprintf()
using mprotect() and a non-writeable page.
This should prevent any sprintf based security holes.
|
| |
|
|
|
|
|
| |
problem....
smbpass.c: Removed Luke's dire warning - as some of the functions in here
*need* to be called externally :-).
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Essentially, multiple session_setup_and_X's may be done
to an smbd. As there is only one global variable containing
the requested connection name (sessionsetup_user), then any
subsequent sessionsetups overwrite this name (causing %U
and %G to get the wrong name). This is particularly common
when an NT client does a null session setup to get a
browse list after the user has connected, but before
a share has been mounted.
These changes store the requested_name in the vuid structure
(so this only really works for user level and above security)
and copies this name back into the global variable before
the standard_sub call.
Jeremy.
|
