1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-06 13:18:07 +03:00
Commit Graph

1711 Commits

Author SHA1 Message Date
Jeremy Allison
0bc19c0bdb Fix lseek-on-pipe problem in VFS (where it belongs IMHO).
Jeremy.
(This used to be commit ebef2e7bc8)
2002-03-02 00:44:38 +00:00
Andrew Bartlett
d79e11ad6d Various comment fixes from Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>
(This used to be commit 3bf4b42771)
2002-03-01 01:24:30 +00:00
Andrew Tridgell
276ff4df82 this allows us to support foreign SIDs in winbindd and smbd
this means "xcopy /o" has a chance of working with ACLs that contain
ACEs that use SIDs that the Samba server has no knowledge of.

It's a bit hackish, Tim, can you look at my uid.c changes?
(This used to be commit fe2db31485)
2002-02-27 23:51:25 +00:00
Jeremy Allison
2da4d64cfc Added "nt status support" parameter. Fix offline synchronisation.
Jeremy.
(This used to be commit 9243a9778e)
2002-02-27 21:46:53 +00:00
Tim Potter
9e2a06611d Fixed usage of uninitialised variable in strict_allocate_ftruncate()
(This used to be commit b1d56956fe)
2002-02-27 18:06:47 +00:00
Andrew Bartlett
14c6277840 This should fix up the level 0 'convert_string' debug messages that we have
been seing since the unicode conversion.  It looks like a simple oversight in
the move away from StrnCpy (which takes amount of space -1 as an arg) to
push_ascii etc which take the absolute amount of space.

Andrew Bartlett
(This used to be commit 4447c6bd4d)
2002-02-27 13:18:51 +00:00
Andrew Tridgell
97d96862ca This is a nasty hack to fix "xcopy /o" from win2000 on a Samba share
The hack passes the true ntcreate desired_access down to open_file_shared1()
from the ntcreatex function. This is used to determine if share modes
should be used in denying this open.

This hack will become unnecessary when we redo open.c to use the proper
NTCreateX semantics rather than trying to jam the ntcreate semantics into
openX semantics.
(This used to be commit d09ae0c667)
2002-02-26 05:45:33 +00:00
Andrew Tridgell
c75396cf49 This fixes 4 info levels in a trans2 find_first that should not be null
terminated for the filenames.

this is what caused win2k to go into a loop sending 20000 packets to set
an acl on a directory. It didn't recognise ".." with a null termination as
being ".."
(This used to be commit a75a2e9e2f)
2002-02-25 02:12:38 +00:00
Andrew Tridgell
566fafdb25 don't do an ADS init when not in ADS mode
(This used to be commit 68693ba4e8)
2002-02-22 03:14:58 +00:00
Andrew Tridgell
93ea482597 this fixes the security tab on mapped drives for unicode clients.
Jeremy, this is wrong in 2.2.x
(This used to be commit 367358c738)
2002-02-21 04:26:32 +00:00
Andrew Bartlett
d04aeaace9 in dos_unmangle() the only function call was to *mangle()*. Adding the
'un' dramaticly increses the functionality of this code :-).

Andrew Bartlett
(This used to be commit 15b9b63db5)
2002-02-19 06:13:16 +00:00
Tim Potter
cd38c3a71c Merge of smbclient print crash bug fix from app head.
(This used to be commit a56298d56a)
2002-02-15 02:46:13 +00:00
Andrew Bartlett
c1d83be9b5 Do the reverse DNS lookup, but only if 'hostname lookups = yes'
Andrew Bartlett
(This used to be commit dfecd6a453)
2002-02-09 03:29:36 +00:00
Andrew Tridgell
4ddd288f9a check for empty parameters in qpathinfo
(This used to be commit c78b16c1f8)
2002-02-05 01:31:16 +00:00
Simo Sorce
407cd42143 better debug messages!
(This used to be commit e3bb686745)
2002-02-04 00:59:23 +00:00
Jeremy Allison
69adbb0ce3 Fix from Michael Steffens <michael_steffens@hp.com> to make signal
processing work correctly in winbindd. This is a really good patch
that gives full select semantics to the Samba modified select.
Jeremy.
(This used to be commit 3af16ade17)
2002-01-31 23:26:12 +00:00
Tim Potter
cd68afe312 Removed version number from file header.
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06)
2002-01-30 06:08:46 +00:00
Gerald Carter
c3b9cc08e8 merge from 2.2
(This used to be commit 69a9c005c2)
2002-01-30 05:45:09 +00:00
Jeremy Allison
15f2c69c4f Fix "strict allocate" to write the data out on ftruncate with extend.
Jeremy.
(This used to be commit 48fc42c710)
2002-01-29 01:17:44 +00:00
Tim Potter
86aa1d20f9 Since we have dynamic initialisation in the group mapping code, make
init_group_mapping() a static function and don't call it from any client
programs.

Not sure whether I've made a bigger mess here or not...
(This used to be commit 3c887d9021)
2002-01-29 01:01:14 +00:00
Andrew Bartlett
7b671e34f5 Some more 'winbind default domain' support patches from Alexander Bokovoy
<a.bokovoy@sam-solutions.net>.

This patch is designed to remove the 'special cases' required for this support.

In particular this now kills off winbind_initgroups, as it appears no longer to
be required.

Andrew Bartlett
(This used to be commit f1d8d50976)
2002-01-27 12:12:22 +00:00
Andrew Bartlett
184cc84ada Yes, dev is an 'input/output' paramater...
Andrew Bartlett
(This used to be commit 8cac618174)
2002-01-27 12:06:27 +00:00
Andrew Bartlett
59b17ff597 - Provide sid->name lookup support for non-unix accounts.
- Rework the name -> sid lookup function to always try local lookup first (for
local domain names) before trying winbind.  This seems to eliminate my winbind
feedback loop problems.  (I don't use winbind for nsswitch, where there are
almost certainly further issues).

Andrew Bartlett
(This used to be commit 25cadce67b)
2002-01-26 12:24:18 +00:00
Andrew Bartlett
b1da5c0253 Rework lookup_name() to take seperate username/domain args, and to remove
varioius crazy 'if winbind didn't find it' cases.  This makes winbind default
domain support easier to intergrate with smbd.
(This used to be commit 3e71521957)
2002-01-26 10:05:10 +00:00
Andrew Bartlett
714cdd47cb Fix up a security issue with the way we handle domain groups retuned on the
info3.  These are RIDs, and it only makes sense to combine them with the domain
SID returned with them.  This is important for trusted domains, where that sid
might be other than the one we currently reterive from the secrets.tdb.

Also remove the become_root()/unbecome_root() wrapper from around both
remaining TDB users:  Both are now initialised at smbd startup.

Andrew Bartlett
(This used to be commit 554842e0a5)
2002-01-26 06:24:53 +00:00
Jeremy Allison
9d8ed7220f Fixed display of "remote downlevel document" in old print job submission
case.
Jeremy.
(This used to be commit 248770d730)
2002-01-25 20:16:14 +00:00
Gerald Carter
107b12ec11 merge from 2.2
(This used to be commit 7dc1c34145)
2002-01-25 15:47:12 +00:00
Andrew Bartlett
30802965d2 Fix a 'const' warning.
(This used to be commit 56be51d648)
2002-01-25 10:38:00 +00:00
Simo Sorce
2836f3fbdd micro fix :-)
(This used to be commit 8929f07a15)
2002-01-25 09:55:29 +00:00
Simo Sorce
114eaabdcb minor fixes
(This used to be commit 04f492980b)
2002-01-25 00:35:14 +00:00
Andrew Tridgell
dfed852520 handle filenames like .bashrc better in the new mangling code
(This used to be commit 05adb30eab)
2002-01-24 13:31:34 +00:00
Jim McDonough
723b368dc2 Check request flag for unicode capability and respond accordingly, rather than only doing unicode. smbfs didn't work.
(This used to be commit 95857a3515)
2002-01-23 18:09:56 +00:00
Andrew Bartlett
7c05db4803 Oops...
(This used to be commit 9b63a87223)
2002-01-23 13:44:32 +00:00
Andrew Bartlett
44dd648a64 Change the order of this a bit - as unix password change can fail.
This due for abstraction into chgpasswd.c shortly.

Andrew Bartlett
(This used to be commit 635942ae21)
2002-01-23 11:57:11 +00:00
Jeremy Allison
73af0a70f5 Ensure fsp->size is correct so readraw's return correct data.
Jeremy.
(This used to be commit 443d2530a7)
2002-01-22 07:24:12 +00:00
Jeremy Allison
2383fd87a7 Found and fixed the logic bug in write cache code. Amazingly helpful
work from Juergen.Hasch@de.bosch.com in tracking this down.
Jermy.
(This used to be commit 40060fe345)
2002-01-21 23:34:13 +00:00
Andrew Bartlett
a03b5e3864 One less Get_Pwnam_Modify call!
(the passdb backend is case-insensitive, so there isn't any point to this).

Andrew Bartlett
(This used to be commit 5e868b4033)
2002-01-21 00:32:26 +00:00
Tim Potter
1f670cfb27 Spelling fixes.
(This used to be commit e67c7c5852)
2002-01-20 22:50:23 +00:00
Andrew Bartlett
1a74d8d1f0 This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem.  In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.

This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime.  The 'passdb backend' paramater
has been created (and documented!) to support this.

As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.

This patch also introduces two new backends:  smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd.  These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.

While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly).  Most of this was
to do with % macro expansion on stored data.  It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them.  tdbsam needs
to use a similar system to pdb_ldap in this regard.

This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these.  I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.

Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.

The non-unix-account support in this patch has been proven!  It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!

Other changes:

Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.

pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend).  Extra checks have been added in
some places.

Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.

pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.

The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly.  This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.

Doco:

I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c5)
2002-01-20 14:30:58 +00:00
Andrew Bartlett
32101155d4 Kill off another ugly wart from the side of the passdb subsystem.
This time its the pdb_getsampwuid() function - which was only being used by the
SAMR rpc subsystem to gain a 'user session key'.  This 'user session key' is
actually generated at login time, and the other changes here simply move that
data around.

This also means that (when I check some details) we will be able to use the
user session key, even when we are not actually the DC, becouse its one of the
components of the info3 struct returned on logon.

Andrew Bartlett
(This used to be commit 799ac01fe0)
2002-01-20 13:26:31 +00:00
Andrew Bartlett
f46db61068 Kill off the old varient of 'check_plaintext_password' (new version just
committed in auth/auth_compat.c and use the new version to make the plaintext
password change slightly sane...  (Needs testing).

Andrew Bartlett
(This used to be commit 996d0cd89c)
2002-01-20 09:00:32 +00:00
Andrew Bartlett
bb6af711b8 This is the current patch from Luke Leighton <lckl@samba-tng.org> to add a
degree of seperation betwen reading/writing the raw NamedPipe SMB packets
and the matching operations inside smbd's RPC components.

This patch is designed for no change in behaviour, and my tests hold that to be
true.  This patch does however allow for the future loadable modules interface
to specify function pointers in replacement of the fixed state.

The pipes_struct has been split into two peices, with smb_np_struct taking the
information that should be generic to where the data ends up.

Some other minor changes are made: we get another small helper function in
util_sock.c and some of the original code has better failure debugs and
variable use. (As per on-list comments).

Andrew Bartlett
(This used to be commit 8ef13cabdd)
2002-01-20 02:40:05 +00:00
Andrew Bartlett
93a8358910 This patch makes the 'winbind use default domain' code interact better with
smbd, and also makes it much cleaner inside winbindd.

It is mostly my code, with a few changes and testing performed by Alexander
Bokovoy <a.bokovoy@sam-solutions.net>.  ab has tested it in security=domain and
security=ads, but more testing is always appricatiated.

The idea is that we no longer cart around a 'domain\user' string, we keep them
seperate until the last moment - when we push that string into a pwent on onto
the socket.

This removes the need to be constantly parsing that string - the domain prefix
is almost always already provided, (only a couple of functions actually changed
arguments in all this).

Some consequential changes to the RPC client code, to stop it concatonating the
two strings (it now passes them both back as params).

I havn't changed the cache code, however the usernames will no longer have a
double domain prefix in the key string.  The actual structures are unchanged
 - but the meaning of 'username' in the 'rid' will have changed.  (The cache is
invalidated at startup, so on-disk formats are not an issue here).

Andrew Bartlett
(This used to be commit e870f0e727)
2002-01-20 01:24:59 +00:00
Jeremy Allison
a6541401b0 Ensure identical between 2.2.3 and 3.0 - no need for difference here..
Jeremy.
(This used to be commit 7c5c035e41)
2002-01-20 01:01:46 +00:00
Jeremy Allison
2590721a36 Fix file size calculations for write cache code.
Jeremy.
(This used to be commit 71d647b6c0)
2002-01-20 00:43:28 +00:00
Jeremy Allison
427896866a Attempt to fix bugs in write cache code (yes I know it's going away :-).
Jeremy.
(This used to be commit ccda82b457)
2002-01-20 00:04:15 +00:00
Jeremy Allison
e400bfce39 Report write fail in smb_dump.
Jeremy.
(This used to be commit 832b9e7838)
2002-01-19 21:29:20 +00:00
Jeremy Allison
efdb29d0e0 Ensure (C) message is output on startup.
Jeremy.
(This used to be commit 7d05175494)
2002-01-18 03:26:53 +00:00
Andrew Bartlett
c311d24ce3 A nice *big* change to the fundemental way we do things.
Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps
them around for a long time - often past the next call...

This adds a getpwnam_alloc and a getpwuid_alloc to the collection.

These function as expected, returning a malloced structure that can be
free()ed with passwd_free(&passwd).

This patch also cuts down on the number of calls to getpwnam - mostly by
taking advantage of the fact that the passdb interface is already
case-insensiteve.

With this patch most of the recursive cases have been removed (that I know
of) and the problems are reduced further by not using the sys_ interface
in the new code.  This means that pointers to the cache won't be affected.
(This is a tempoary HACK, I intend to kill the password cache entirly).

The only change I'm a little worried about is the change to
rpc_server/srv_samr_nt.c for private groups.  In this case we are getting
groups from the new group mapping DB.  Do we still need to check for private
groups?  I've toned down the check to a case sensitve match with the new code,
but we might be able to kill it entirly.

I've also added a make_modifyable_passwd() function, that copies a passwd
struct into the form that the old sys_getpw* code provided.  As far as I can
tell this is only actually used in the pass_check.c crazies, where I moved
the final 'special case' for shadow passwords (out of _Get_Pwnam()).

The matching case for getpwent() is dealt with already, in lib/util_getent.c

Also included in here is a small change to register the [homes] share at vuid
creation rather than just in one varient of the session setup.  (This picks
up the SPNEGO cases).  The home directory is now stored on the vuid, and I
am hoping this might provide a saner way to do %H substitions.

TODO:  Kill off remaining Get_Pwnam_Modify calls (they are not needed), change
the remaining sys_getpwnam() callers to use getpwnam_alloc() and move
Get_Pwnam to return an allocated struct.

Andrew Bartlett
(This used to be commit 1d86c7f942)
2002-01-17 08:45:58 +00:00
Andrew Tridgell
630e0ae8ef don't use O_NONBLOCK in open(). This was added erroneously for kernel
oplocks and really shouldn't be used
(This used to be commit c3a83002cf)
2002-01-17 00:25:13 +00:00