| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
being done if any of the directory timestamps were changed.
Jeremy.
|
| |
|
|
|
|
| |
scan - then call this from renames. This allows instantaneous update for
W2k renames.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
authorising logins. If a user connected to a share as guest, then
the snum was getting flagged as "force guest", meaning that all
subsequent connections to it, even under a different vuid, would
be bounced to guest.
This explains several very hard to reproduce access denied bugs,
and as the NT client also has bugs in that it will sometimes
erroneously use guest instead of the correct vuid on an IPC$
connection lead to a *very* hard problem to find.
This fix should be propagated into all branches (TNG/Applience
take note) and I'll also make a separate patch availalble on the
samba-technical list.
Jeremy.
|
| |
|
|
|
|
|
| |
reply_sesssetup_and_X(). The getpwnam() wrapper handles the case
munging operations later.
this fixes a problem with mixed case usernames.
|
| |
|
|
|
| |
The motivation for this system is to replace the UDP message for
oplocks, but this commit only does the "set debug level" message.
|
| | |
|
| |
|
|
|
| |
with security=domain. Also fixed to dynamically allocate the SIDs and GIDs.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- make proto
- addition of function to convert from errno values to NT status codes
(source/lib/error.c)
- purge queue done without full access permission will purge only the
jobs owned by that user, rather than failing.
- unlock job database tdb before sending job to printer
- in print_job_start(), ensure that we don't pick a jobid with an existing
temporary file that may be owned by another user, as it causes silent
failures.
- fixes for printer permission checking for NT5 clients
(source/include/rpc_spoolss.h, source/printing/nt_printing.c,
source/printing/printing.c, source/rpc_server/srv_spoolss_nt.c)
- change from uint8 to 'enum SID_NAME_USE' (source/rpc_server/srv_lsa.c)
- fixed memory leaks for win95 driver download process
(source/smbd/lanman.c)
- properly free prs_structs and dacl in testsuite/printing/psec.c
|
| | |
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
| |
possible printjobs from that printer (I think this is correct).
Added error code returns for print_queue_XXX() functions.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
| |
Thought I had already committed this.
jerry
|
| |
|
|
|
| |
acl code over to POSIX acls.
Jeremy.
|
| |
|
|
|
| |
smbd/reply.c: Fixed lowercasing UNIX character set problem.
Jeremy.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
code....
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
stored in the TDB. See the message I posted about
this on samba-technical
* If the admin does not desire the new NT print driver
support, nothing needs to be done. All existing
parameters work the same.
* If the admin wants to take advantage of NT printer
driver support but does not want to migrate the 9x drivers
to the new setup, the leave the existing printers.def
file. When smbd attempts to locate a 9x driver for the
printer in the TDB and fails it will drop down to
using the printers.def (and all associated parameters).
The make_printerdef tool will also remain for backwards
compatibility but will be moved to the "this tool is the
old way of doing it" pile.
* If the admin installs a 9x driver for a printer on
a Samba host (in the printing TDB), this information will
take precedence and the three old printing parameters
will be ignored (including print driver location).
* If an admin wants to migrate the printers.def file into
the new setup, I can write a script to do this using
rpcclient. The main problem is the driver namespace
(we need the NT driver name first in order to
be consistent).
jerry
|
| |
|
|
|
|
| |
Added debug messages to se_access_check().
Added FULL_ACCESS acl to default acl on printers.
Jeremy.
|
| |
|
|
|
| |
unbecome_root() - typo.
Jeremy.
|
| |
|
|
|
|
|
|
| |
Added a become_root()/unbecome_root() (push/pop security context)
around the initgroups() call to ensure it would succeed. Hmmm - I
wonder if this call being done as non-root might explain any "group access"
bugs we've had in the past....
Jeremy.
|
| |
|
|
|
|
|
| |
with the current user. This will allow se_access_check() to quickly do
a SD check without having to translate uid/gid's to SIDs.
Still needs work on pipe calls.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
get ready and fix se_access_check().
Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid()
functions that look via winbind first the fall back on local lookup.
All Samba should use these rather than trying to call winbindd code
directly.
Added NT_USER_TOKEN struct in user_struct, contains list of NT sids
associated with this user.
se_access_check() should use this (cached) value rather than attempting
to do the same thing itself when given a uid/gid pair.
More work needs to be done to preserve these things accross security
context changes (especially with the tricky pipe problem) but I'm
beginning to see how this will be done..... probably by registering
a new vuid for an authenticated RPC pipe and not treating the
pipe calls specially.
More thoughts needed - but we're almost there...
Jeremy.
|
| |
|
|
|
|
|
|
| |
NT_STATUS_XXX).
Removed IS_BITS_xxx macros as they were just reproducing "C" syntax in a more
obscure way.
Jeremy.
|
| |
|
|
|
|
| |
from the NT printer tdb.
Also added checks for time restrictions before allowing a job to print.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
| |
fix for the Win9x printer drivers.
Changed command names to add "command" string on the end for some consistancy
with the other scripting commands.
Added '%P' option to tdbpack/unpack to store long comment string.
Made port name be "Samba Printer Port" if no enum port script given.
Fixed prs_uint32_pre code to cope with null args.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in the RPC code. This change was prompted by trying to save a long (>256)
character comment in the printer properties page.
The new system associates a TALLOC_CTX with the pipe struct, and frees
the pool on return of a complete PDU.
A global TALLOC_CTX is used for the odd buffer allocated in the BUFFERxx
code, and is freed in the main loop.
This code works with insure, and seems to be free of memory leaks and
crashes (so far) but there are probably the occasional problem with
code that uses UNISTRxx structs on the stack and expects them to contain
storage without doing a init_unistrXX().
This means that rpcclient will probably be horribly broken.
A TALLOC_CTX also needed associating with the struct cli_state also,
to make the prs_xx code there work.
The main interface change is the addition of a TALLOC_CTX to the
prs_init calls - used for dynamic allocation in the prs_XXX calls.
Now this is in place it should make dynamic allocation of all RPC
memory on unmarshall *much* easier to fix.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- changed the default forms flag to 2
- all short architecture name are uppercased
- get_short_archi() is now case unsensitive
- the drivers TDB is indexed by archi/version/name
- implemented code to move drivers from the upload area to the download
area. Someone else need to look at that code.
- don't return anymore a default driver if it doesn't exist in the TDB.
Instead return an error.
- cleaned prs_unistr.
- #ifdef out jeremy's new SD parsing in printer_info_2
- removed the unused MANGLE_CODE
- #ifdef out the security checking in update_printer() as it doesn't work
for me.
Zap your ntdrivers.tdb, it won't work anymore.
J.F.
|
| |
|
|
|
|
|
|
|
|
| |
specifically wrong with this, but Samba is fooled by the client into
thinking the printer is a file share. Files copied to the share gather
dust in the spool directory and aren't printed.
This patch has the effect of not allowing printers to be mounted as file
shares. Not sure whether this is the correct solution or not.
{Jeremy,JF,Tridge} please check!
|
| |
|
|
| |
main daemon was not catching sighup and reloading the service file.
|
| |
|
|
|
|
| |
filed to be ignored when an upload is done.
Modified to code to goto err on problems, simplifies it.
Jeremy.
|
| |
|
|
|
| |
printer driver download if looking for the default driver files fail.
Jeremy.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A user can now pause, resume or delete their own job even if they don't
have the Manage Documents privilege.
Added call to se_access_check() for changing printer properties. The Full
Access privilege is required for the user to perform this.
Several uninitialised variables and memory leaks plugged.
Modified default ACL created on new printers to be Everyone / Print instead
of Everyone / Full Access. This required some random stuffing around with
the value of the revision field to correspond with the ACL that NT produces
when setting the same permission on the printer.
Fixed dodgy function call in printing/printfsp.c
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
structure so authenticated pipe users can have their unix groups set when
become_authenticated_pipe_user() is called.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
| |
jreilly@hp.com.
Memory leak fix for new sec_ctx code (sorry Tim :-).
Jeremy.
|
| | |
|
| | |
|
| |
|
|
|
| |
Implemented become_root() and friends in terms of push/pop/set security
contexts.
|
| |
|
|
| |
Delete OriginalDir stuff.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
code. This code is now implemented as a stack of security contexts, where
a security context is defined as a set of effective user, group and
supplementary group ids.
The following functions are implemented:
BOOL push_sec_ctx(void);
Create a new security context on the stack which is the same as the
current security context.
void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups);
Set the current security context to a given set of user and group
ids.
void set_root_sec_ctx(void);
Set to uid = gid = 0. No supplementary groups are set.
BOOL pop_sec_ctx(void);
Pop a security context from the stack and restore the user and group
permissions of the previous context.
void init_sec_ctx(void);
Initialise the security context stack. This must be called before any
of the other operations are used or weird things may happen.
The idea is that there is a base security context which is either root or
some authenticated unix user. Other security contexts can be pushed and
popped as needed for things like changing passwords, or rpc pipe operations
where the rpc pipe user is different from the smb user.
|
