| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
Delete OriginalDir stuff.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
code. This code is now implemented as a stack of security contexts, where
a security context is defined as a set of effective user, group and
supplementary group ids.
The following functions are implemented:
BOOL push_sec_ctx(void);
Create a new security context on the stack which is the same as the
current security context.
void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups);
Set the current security context to a given set of user and group
ids.
void set_root_sec_ctx(void);
Set to uid = gid = 0. No supplementary groups are set.
BOOL pop_sec_ctx(void);
Pop a security context from the stack and restore the user and group
permissions of the previous context.
void init_sec_ctx(void);
Initialise the security context stack. This must be called before any
of the other operations are used or weird things may happen.
The idea is that there is a base security context which is either root or
some authenticated unix user. Other security contexts can be pushed and
popped as needed for things like changing passwords, or rpc pipe operations
where the rpc pipe user is different from the smb user.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
and the main code is declared as VOLATILE SIG_ATOMIC_T.
Jeremy.
|
| | |
|
| |
|
|
|
|
|
| |
prevent possible deadlocks with kernel leases and harmless when kernel
leases are not used.
basically we don't ever want smbd to block
|
| |
|
|
|
| |
I suspect we will either get rid of them or do them properly at some
stage.
|
| | |
|
| | |
|
| |
|
|
|
| |
reporting a memory leak in the cache module. I've modified the cache
code to prevent insure getting confused, so the patch can now be removed.
|
| | |
|
| |
|
|
| |
cause a notify)
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
handling in Samba. This was needed due to several limitations and
races in the previous code - as a side effect the new code is much
cleaner :)
in summary:
- changed sys_select() to avoid a signal/select race condition. It is a
rare race but once we have signals doing notification and oplocks it
is important.
- changed our main processing loop to take advantage of the new
sys_select semantics
- split the notify code into implementaion dependent and general
parts. Added the following structure that defines an implementation:
struct cnotify_fns {
void * (*register_notify)(connection_struct *conn, char *path, uint32 flags);
BOOL (*check_notify)(connection_struct *conn, uint16 vuid, char *path, uint32 flags, void *data, time_t t);
void (*remove_notify)(void *data);
};
then I wrote two implementations, one using hash/poll (like our old
code) and the other using the new Linux kernel change notify. It
should be easy to add other change notify implementations by creating
a sructure of the above type.
- fixed a bug in change notify where we were returning the wrong error
code.
- rewrote the core change notify code to be much simpler
- moved to real-time signals for leases and change notify
Amazingly, it all seems to work. I was very surprised!
|
| | |
|
| |
|
|
|
|
|
|
| |
smbd/notify.c. All the data structures are now private to that
module.
this is in preparation for Linux kernel support for change notify
(coming soon to a CVS tree near you)
|
| | |
|
| |
|
|
|
|
| |
I used a trick where CAP_LEASE isn't claimed until it is needed. This
means we avoid a system call per setreuid(), and never call capset()
unless a user tries to get a oplock on a file that they don't own
|
| |
|
|
|
| |
I had to modify sys_select() to not loop on EINTR. I added a wrapper
called sys_select_intr() which gives the old behaviour.
|
| | |
|
| |
|
|
|
| |
modular form. In this pass I added oplock_irix.c and added a "struct
kernel_oplocks" that describes a kernel oplock implementation.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
place to do this, not in smbd/passwd.c
Please don't change this without asking first, I have run this past
Andrew so talk to him (I'm on vacation next week).
I also removed the g_newXXX macros. There are essentially a private C extension,
not used anywhere else in the code, and add no functionality over malloc(XX)
and make the code harder to understand (everyone knows what malloc does).
Jeremy.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
jeremy, the intent is to call se_access_check() with usr-sid, grp-sid,
array-of-group-rids (but array-of-group-sids would do).
please do look at smbd/lanman.c's api_NetWkstaGetInfo, it will show you
that we really do need to store the entire NET_USER_INFO_3 structure.
then again, api_NetWkstaGetInfo is only used by win9x so who cares :)
|
| |
|
|
| |
not just undercut work in progress, thank you.
|
| |
|
|
|
|
| |
to make "printer driver file" a share parameter. This fits better with
the new NT printing subsystem.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
there (yet)
as there is no infrastructure for it. Replaced it with a dynamic array
of group SIDs plus a user.
passdb/passdb.c: Added setup_user_sids() function. This is where the lookup should be done,
eventually calling winbind.
smbd/password.c: Changed to call setup_user_sids(). Removed spurious DEBUG(0) statements.
smbd/reply.c: Removed extra parameter to register_vuid().
Jeremy.
|
| |
|
|
| |
register_vuid fills it with constructed info.
|
| |
|
|
| |
- added autoconf test for HAVE_KERNEL_OPLOCKS_LINUX
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
| |
Removed ugly hack for NT printing.
Fixed up tdb parse stuff memory leaks.
Jeremy.
|
| | |
|
| |
|
|
|
|
| |
rpc_server/srv_spoolss_nt.c: Fixed more memory leaks.
smbd/nttrans.c: Fixed shadow variable problem.
Jeremy.
|
| |
|
|
|
|
|
|
| |
passdb/smbpass.c: Insure uninitialized memory reference fix.
printing/nt_printing.c:
rpc_server/srv_spoolss_nt.c: Insure memory leak fixes.
smbd/unix_acls.c: Shadow ref fix.
Jeremy.
|
| |
|
|
|
|
|
| |
Added patches for random -> sys_random.
Added set_effective_xxx patches for AFS code.
Memory allocation changes in spoolss code.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Fixed trans2 calls on IPC$ to let dfs referral calls through.
|
| | |
|
| |
|
|
|
| |
trans2 open calls as we don't have the pipe open response coded up yet.
Jeremy.
|
| |
|
|
|
| |
Return correct error codes on invalid share name.
Jeremy.
|
| |
|
|
| |
on the samba server.
|
