1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

46 Commits

Author SHA1 Message Date
Jelmer Vernooij
23302413b3 Remove unused include param/param.h. 2008-10-24 16:37:56 +02:00
Kai Blin
a71f36e2b8 ntvfs: Use wbclient in vsf_unixuid, not sidmap
(This used to be commit 2908a77fa5)
2008-04-02 23:07:17 +02:00
Jelmer Vernooij
a72c5053c5 r26353: Remove use of global_loadparm.
(This used to be commit 17637e4490)
2007-12-21 05:48:57 +01:00
Jelmer Vernooij
51db4c3f3d r26228: Store loadparm context in auth context, move more loadparm_contexts up the call stack.
(This used to be commit ba75f1613a)
2007-12-21 05:47:05 +01:00
Jelmer Vernooij
2151cde580 r25554: Convert last instances of BOOL, True and False to the standard types.
(This used to be commit 566aa14139)
2007-10-10 15:07:55 -05:00
Andrew Tridgell
0479a2f1cb r23792: convert Samba4 to GPLv3
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac)
2007-10-10 14:59:12 -05:00
Stefan Metzmacher
42c1ef4025 r23067: use 'const union smb_search_data *file' also in the server code to get rid
of compiler warnings in the cifs backend

metze
(This used to be commit 34ef07b1f5)
2007-10-10 14:52:47 -05:00
Andrew Tridgell
667cff3699 r21214: fixed a valgrind error that can be caused by a semi-async call inside
a nested ntvfs call. The req structure can go away while processing a
ntvfs request
(This used to be commit f62b3c505f)
2007-10-10 14:44:47 -05:00
Stefan Metzmacher
a8958391e8 r16980: - make struct smb_notify a union and add levels RAW_NOTIFY_NTTRANS,RAW_NOTIFY_SMB2
- parse SMB2 Notify reponse

metze
(This used to be commit de50e0ccdd)
2007-10-10 14:10:06 -05:00
Andrew Tridgell
507e502c35 r15826: ensure we don't dereference sec when NULL
(This used to be commit b6bf6b17cd)
2007-10-10 14:08:28 -05:00
James Peach
7baa8a13aa r15188: Restore svn rev. 15183, 15184 and 15185, which I inadvertantly clobbered
in r15186. I don't think I should be allowed to use quilt and svn at the
same time any more :(
(This used to be commit e0ca5ead27)
2007-10-10 14:04:14 -05:00
James Peach
6ab33938d5 r15186: Introduce ISDOT and ISDOTDOT macros for testing whether a filename is
"." for "..". These express the intention better that strcmp or strequal
and improve searchability via cscope/ctags.
(This used to be commit 7e4ad7e8e5)
2007-10-10 14:04:14 -05:00
James Peach
f380d365ea r15185: Force all NTVFS modules to provide a critical sizes structure so
the version information can be checked when modules are registered.
(This used to be commit 95eb558063)
2007-10-10 14:04:14 -05:00
Stefan Metzmacher
2e894625e7 r14964: - move sidmap code from ntvfs_common to SAMDB
- make ntvfs_common a library
- create sys_notify library

metze
(This used to be commit a3e1d56cf7)
2007-10-10 14:00:47 -05:00
Andrew Tridgell
05c53f70f0 r14838: fix the build. Looks like I still haven't quite got the hang of the
new dependency/proto system :-)
(This used to be commit 63ae3f21e3)
2007-10-10 13:59:25 -05:00
Stefan Metzmacher
ad06a8bd65 r14736: - the ntvfs subsystem should not know about smb_server.h
- the process module subsystem should not know about smb_server.h
- the smb_server module should not know about process models

metze
(This used to be commit bac95bb8f4)
2007-10-10 13:59:17 -05:00
Andrew Tridgell
830b744710 r14615: add notify to unixuid ntvfs module
(This used to be commit 79af976d18)
2007-10-10 13:59:02 -05:00
Stefan Metzmacher
d3087451c4 r14487: split smbsrv_request into two parts, one will be moved to ntvfs_request
but I don't to get the commit to large, to I'll do this tomorrow...

metze
(This used to be commit 10e627032d)
2007-10-10 13:57:32 -05:00
Stefan Metzmacher
307e43bb56 r14173: change smb interface structures to always use
a union smb_file, to abtract
- const char *path fot qpathinfo and setpathinfo
- uint16_t fnum for SMB
- smb2_handle handle for SMB2

the idea is to later add a struct ntvfs_handle *ntvfs
so that the ntvfs subsystem don't need to know the difference between SMB and SMB2

metze
(This used to be commit 2ef3f59709)
2007-10-10 13:56:57 -05:00
Stefan Metzmacher
86497db611 r14157: - pass a struct ntvfs_request to the ntvfs layer
(for now we just do #define ntvfs_request smbsrv_request,
   but it's the first step...)
- rename ntvfs_openfile() -> ntvfs_open()
- fix the talloc hierachie in some places in the ntvfs_map_*() code

metze
(This used to be commit ed9ed1f48f)
2007-10-10 13:56:55 -05:00
Stefan Metzmacher
5497dfe64a r13129: fix the memory hierachie
metze
(This used to be commit 19205b8d89)
2007-10-10 13:51:28 -05:00
Jelmer Vernooij
d4de4c2d21 r12608: Remove some unused #include lines.
(This used to be commit 70e7449318)
2007-10-10 13:49:03 -05:00
Jelmer Vernooij
0a3c167f6b r12528: Add seperate proto headers for ntvfs, tdr, smb_server and nbt_server.
(This used to be commit 87f665a1d5)
2007-10-10 13:47:51 -05:00
Alexander Bokovoy
ad9022e304 r9320: Fix premature dereference bug found by Coverty and also get rid of non-used memory context
(This used to be commit 127e06492a)
2007-10-10 13:33:24 -05:00
Stefan Metzmacher
3be75a4c6d r9240: - move struct security_token to the idl file, with this we can
the ndr_pull/push/print functions for it in the ntacl-lsm module

- fix compiler warnings in the ldap_encode_ndr_* code

metze
(This used to be commit 83d65d0d7e)
2007-10-10 13:31:37 -05:00
Andrew Tridgell
e82aad1ce3 r5298: - got rid of pstring.h from includes.h. This at least makes it a bit
less likely that anyone will use pstring for new code

 - got rid of winbind_client.h from includes.h. This one triggered a
   huge change, as winbind_client.h was including system/filesys.h and
   defining the old uint32 and uint16 types, as well as its own
   pstring and fstring.
(This used to be commit 9db6c79e90)
2007-10-10 13:09:38 -05:00
Andrew Tridgell
759da3b915 r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the
large commit. I thought this was worthwhile to get done for
consistency.
(This used to be commit ec32b22ed5)
2007-10-10 13:09:15 -05:00
Andrew Tridgell
cc55aef7c1 r4547: - added talloc_new(ctx) macro that is a neater form of the common talloc(ctx, 0) call.
- cleaned up some talloc usage in various files

I'd like to get to the point that we have no calls to talloc(), at
which point we will rename talloc_p() to talloc(), to encourage
everyone to use the typesafe functions.
(This used to be commit e6c81d7c9f)
2007-10-10 13:08:20 -05:00
Stefan Metzmacher
b5b1c52a98 r4419: move security_token stuff to the libcli/security/
and debug privileges

metze
(This used to be commit c981808ed4)
2007-10-10 13:07:47 -05:00
Andrew Tridgell
6ca874f71a r4147: converted from NT_USER_TOKEN to struct security_token
this is mostly just a tidyup, but also adds the privilege_mask, which
I will be using shortly in ACL checking.

note that I had to move the definition of struct security_token out of
security.idl as pidl doesn't yet handle arrays of pointers, and the
usual workaround (to use a intermediate structure) would make things
too cumbersome for this structure, especially given we never encode it
to NDR.
(This used to be commit 7b446af09b)
2007-10-10 13:06:31 -05:00
Andrew Tridgell
6895228b5c r3982: split out the sid -> uid/gid mapping routines into a ntvfs_sidmap
subsystem. This is in preparation for adding better default ACL
generation in pvfs, which will require uid/gid -> sid mapping.
(This used to be commit b31108e492)
2007-10-10 13:06:11 -05:00
Andrew Tridgell
bc7b4abc3a r3832: added NT ACL query/set to the posix NTVFS backend. The default ACL is
based on the current nttoken, which is completely wrong, but works as a start.

The ACL is stored in the xattr system.DosAcl, using a NDR encoded IDL
union with a version number to allow for future expansion.

pvfs does not yet check the ACL for file access. At the moment the ACL
is just query/set.

We also need to do some RPC work to allow the windows ACL editor to be
used. At the moment is queries the ACL fine, but displays an error
when it fails to map the SIDs via rpc.
(This used to be commit 3a1f20d874)
2007-10-10 13:05:57 -05:00
Jelmer Vernooij
31ded4901b r3737: - Get rid of the register_subsystem() and register_backend() functions.
- Re-disable tdbtool (it was building fine on my Debian box but other
					machines were having problems)
(This used to be commit 0d7bb2c40b)
2007-10-10 13:05:48 -05:00
Andrew Tridgell
c870ae8b89 r3528: added support for the SMBntcancel() operation, which cancels any
outstanding async operation (triggering an immediate timeout).

pvfs now passes the RAW-MUX test
(This used to be commit 3423e2f414)
2007-10-10 13:05:28 -05:00
Andrew Tridgell
aa34fcebf8 r3466: split out request.h, signing.h, and smb_server.h
(This used to be commit 7c4e6ebf05)
2007-10-10 13:05:17 -05:00
Andrew Tridgell
2df2d1b67f r3461: another place where "open" was used as a structure element
(This used to be commit 1087ea830e)
2007-10-10 13:05:16 -05:00
Andrew Tridgell
edbfc0f6e7 r3453: - split out the auth and popt includes
- tidied up some of the system includes

- moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl
  knows about inter-IDL dependencies
(This used to be commit 7b7477ac42)
2007-10-10 13:05:13 -05:00
Stefan Metzmacher
fbb44e9616 r3290: allow SID_ANONYMOUS ( "S-1-5-7" ) to be the users sid
metze
(This used to be commit 177afd4855)
2007-10-10 13:04:51 -05:00
Andrew Bartlett
f7c6a9438d r3185: Machines can login with krb5, so we need to allow them to map to a unix account.
Andrew Bartlett
(This used to be commit fbe932ddd4)
2007-10-10 13:04:38 -05:00
Andrew Tridgell
142d295aa8 r3039: This solves the problem of async handlers in ntvfs backends not being
in the right state when called. For example, when we use the unixuid
handler in the chain of handlers, and a backend decides to continue a
call asynchronously then we need to ensure that the continuation
happens with the right security context.

The solution is to add a new ntvfs operation ntvfs_async_setup(),
which calls all the way down through the layers, setting up anything
that is required, and takes a private pointer. The backend wanting to
make a async calls can use ntvfs_async_setup() to ensure that the
modules above it are called when doing async processing.
(This used to be commit a256e71029)
2007-10-10 13:00:01 -05:00
Andrew Tridgell
e81230df4b r3024: run the *_connect() NTVFS initialisation operation as root, to allow
backends to open databases and perform any other privileged
operations that might be needed.
(This used to be commit 54fd395025)
2007-10-10 12:59:59 -05:00
Andrew Tridgell
59d3259171 r2934: - changed the unixuid module to use the nt_user_token instead of the server supplied info structure.
- added SID_WORLD and SID_NETWORK to the foreign sids in the
  provisioning, as these are auto-added to the nt_user_token (why is
  that done? Andrew?)
(This used to be commit 1dff12fba8)
2007-10-10 12:59:49 -05:00
Andrew Tridgell
ca23572f70 r2930: added a security context cache to the unixuid module. The module
doesn't actually leave us in the requested sec context between
requests yet, but it does prevent us from doing the samdb lookup on
every packet.

This change speeds up the BASE-MANGLE test against Samba4 with 5000
operations from 61 seconds to 16 seconds. For reference, Samba3 takes
27 seconds for the same test (the string and filename handling in
Samba4 is much more efficient than Samba3)
(This used to be commit da0481ac75)
2007-10-10 12:59:49 -05:00
Andrew Tridgell
fe3294f7f0 r2803: allow unixuid module to work with foreign security principles
(This used to be commit f522728728)
2007-10-10 12:59:35 -05:00
Andrew Tridgell
c5722fb81b r2796: - changed ldap attributes "UnixID" to "unixID" and "UnixName" to "unixName" to be more ldap traditional
- register the unixuid module as all 3 ntvfs backend types, as it doesn't care what type of backend
  it filters
(This used to be commit cd43def6ce)
2007-10-10 12:59:34 -05:00
Andrew Tridgell
5a872512b0 r2794: a very simple version of the unixuid NTVFS pass-thru module. In
conjunction with the posix backend this gives us a way to correctly
setup the unix security context in Samba4.

I chose the following method to determine the unix uid's and gid's to
use given the list of SIDs from the login process

 - look for a "UnixID" field in the sam record. If present, then use it
   (check if the record is of the right type as well)

 - if UnixID is not present, then look for the "UnixName" sam
   field. If it is present then use getpwnam() or getgrnam() to find
   the unix id.

 - if UnixID and UnixName are not present, then look for a unix
   account of the right type called by the same name as the sAMAccountName field.

 - if none of the above work then fail the operation with NT_STATUS_ACCESS_DENIED

obviously these steps only work well with a local SAM. It will need to
be more sophisticated in future.

I did not put any cache in place at all. That will need to be added
for decent performance.
(This used to be commit 78b67d19b9)
2007-10-10 12:59:34 -05:00