1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-28 17:47:29 +03:00

256 Commits

Author SHA1 Message Date
Gerald Carter
42571a656f only add the service name and client machine name to list of users names
for a session when in share mode security


--jerry
(This used to be commit 22d6c2c163dd578365bff85ef95abfa59fe356ea)
2001-01-23 22:13:41 +00:00
Jeremy Allison
2f7c1db093 include/vfs.h:
smbd/vfs-wrap.c:
smbd/vfs.c: Added fchmod_acl and chmod_acl.
lib/substitute.c:
smbd/lanman.c:
smbd/open.c:
smbd/process.c:
smbd/reply.c:
smbd/service.c: Removed sessetup_user variable. Added current_user_info struct
which conatins domain info etc. Added '%D' for client domain parameter.
Jeremy.
(This used to be commit 2844ec3d511680609d6794b8718001a1bda9e89f)
2001-01-23 01:52:30 +00:00
Jeremy Allison
adb91565b5 rpc_server/srv_samr.c:
smbd/reply.c:
Added fix needed for appliances. When using winbindd - a new user may
exist (from winbind) but have no home directory. Extend add user script
so it is called with a %H substitution when a user exists but their home
directory does not. Thanks to Alex Win at VA Linux for finding this one
and testing the fix.
libsmb/clidgram.c: Fixed missing return statements.
smbd/uid.c: Fixed typo in debug.
Jeremy.
(This used to be commit 7ba0a2192b89954604dd793c537b4a17c2d1ac07)
2001-01-11 18:38:55 +00:00
Jeremy Allison
71acf4cd1f Extra part of fix that Gerald missed (sorry).
Jeremy.
(This used to be commit ebf754400f443452948020d68e29f597f1b2d60c)
2000-12-12 00:05:02 +00:00
Jeremy Allison
7254a66e00 Don't forget to convert into UNIX character set before calling
winbindd.
Jeremy.
(This used to be commit 00cd72c385f1e5d075dbacf834b68769b5ac38f3)
2000-11-21 22:37:03 +00:00
Jeremy Allison
6f58dd5871 Ok - fixed a bug in our levelII oplock code. We need to break a level II on
a byte range lock (write lock only, but Win2k breaks on read lock also so I
do the same) - if you think about why, this is obvious. Also fixed our client
code to do level II oplocks, if requested, and fixed the code where we would
assume the client wanted level II if it advertised itself as being level II
capable - it may not want that.
Jeremy.
(This used to be commit 213cd0b5192307cd4b0026cae94b2f52fb1b0c02)
2000-11-16 00:59:18 +00:00
Jeremy Allison
4bce271e4f Merge from appliance head of JR's changes for driver versioning.
Jeremy.
(This used to be commit cdbd2e99775642dc2e92004be9014bf38a92d80f)
2000-11-14 21:56:32 +00:00
Gerald Carter
9fede0dc0d Large commit which restructures the local password storage API.
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+)
are broken, but they were somewhat broken before. :)

The following functions implement the storage manipulation interface

/*The following definitions come from  passdb/pdb_smbpasswd.c  */

BOOL pdb_setsampwent (BOOL update);
void pdb_endsampwent (void);
SAM_ACCOUNT* pdb_getsampwent (void);
SAM_ACCOUNT* pdb_getsampwnam (char *username);
SAM_ACCOUNT* pdb_getsampwuid (uid_t uid);
SAM_ACCOUNT* pdb_getsampwrid (uint32 rid);
BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass);
BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override);
BOOL pdb_delete_sam_account (char* username);

There is also a host of pdb_set..() and pdb_get..() functions for
manipulating SAM_ACCOUNT struct members.  Note that the struct
passdb_ops {} has gone away.  Also notice that struct smb_passwd
(formally in smb.h) has been moved to passdb/pdb_smbpasswd.c
and is not accessed outisde of static internal functions in this
file.  All local password searches should make use of the the SAM_ACCOUNT
struct and the previously mentioned functions.

I'll write some documentation for this later.  The next step is to fix
the TDB passdb backend, then work on spliting the backends out into
share libraries, and finally get the LDAP backend going.

What works and may not:

	o domain logons from Win9x 	works
	o domain logons from WinNT 4	works
	o user and group enumeration
		as implemented by Tim	works
	o file and print access		works
	o changing password from
		Win9x & NT		ummm...i'll fix this tonight :)

If I broke anything else, just yell and I'll fix it.  I think it
should be fairly quite.





-- jerry
(This used to be commit 0b92d0838ebdbe24f34f17e313ecbf61a0301389)
2000-11-13 23:03:34 +00:00
Jeremy Allison
abf055046f Ok - this is a big patch - and it may break smbd a bit (although
I hope not). If you encounter strange file-serving behavior after this
patch then back it out. I analysed our stat() usage and realised we
were doing approx. 3 stat calls per open, and 2 per getattr/setattr.
This patch should fix all that. It causes the stat struct returned
from unix_convert() (which now *must* be passed a valid SMB_STRUCT_STAT
pointer) to be passed through into the open code. This should prevent
the multiple stats that were being done so as not to violate layer
encapsulation in the API's.

Herb - if you could run a NetBench test with this code and do a
padc/par syscall test and also run with the current 2.2.0 code
and test the padc/par syscalls I'd appreciate it - you should
find the number of stat calls reduced - not sure by how much.

The patch depends on unix_convert() actually finding the file
and returning a stat struct, or returning a zero'd out stat
struct if the file didn't exist. I believe we can guarentee this
to be the case - I just wasn't confident enough to make this
an assertion before.

Ok ok - I did write this whilst at the Miami conference.....
sometimes you get a little free time at these things :-).

Jeremy.
(This used to be commit 66a5c05ec46b641224fbe01b30bd7e83571a2a1b)
2000-10-19 02:58:24 +00:00
Jean-François Micouleau
11d999f2bc a netlogon enum trust query doesn't have a function_code at end.
a sam_user_info_24 doesn't have a uint16 at end
samr_create_user also creates the unix account now
samr_set_userinfo changes the password.

        J.F.
(This used to be commit 94f4024481fcd0cb6647af1bd4364033be020641)
2000-10-10 13:08:55 +00:00
Jeremy Allison
ba00796e6d Herb's warning fixes. Also the POSIX locking fix.
We now use our own vfs layer to do get/set acl calls (hurrah!).
Jeremy.
(This used to be commit dfe77c7046cbd65ee52aea7439f21503c1eac41d)
2000-10-06 18:13:52 +00:00
Jeremy Allison
636f146abf Restructuring of vfs layer to include a "this" pointer - can be an fsp or
a conn struct depending on the call.
We need this to have a clean NT ACL call interface.
This will break any existing VFS libraries (that's why this is pre-release
code).
Andrew gets credit for this one :-) :-).

In addition - added Herb's WITH_PROFILE changes - Herb - please examine
the changes I've made to the smbd/reply.c code you added. The original
code was very ugly and I have replaced it with a
START_PROFILE(x)/END_PROFILE(x) pair using the preprocessor.
Please check this compiles ok with the --with-profile switch.
Jeremy.
(This used to be commit b07611f8159b0b3f42e7e02611be9f4d56de96f5)
2000-10-06 03:21:49 +00:00
Jeremy Allison
3ad2ee22bb utf-8 and EUC3 patch from Hiroshi Miura Samba User Group Japan staff.
mkdir high bits patch from Robert Dahlem" <Robert.Dahlem@gmx.net>.
jeremy.
(This used to be commit b40191d27180ab1e59935086073c4d312552f717)
2000-10-03 02:12:14 +00:00
Andrew Tridgell
941d82bf80 fixed a harmess mixup of bitops and a boolean
(This used to be commit 0e0f3dc577ceab540be6505a86697b14a2136b9f)
2000-09-29 04:42:29 +00:00
Jeremy Allison
b43b2e4f8a Restructuring of the code to remove dos_ChDir/dos_GetWd and re-vector them
through the VFS. All file access/directory access code in smbd should now
go via the vfs. Added vfs_chown/vfs_chmod calls. Still looking at vfs_get_nt_acl()
vfs_set_nt_acl() call API design.
Jeremy.
(This used to be commit f96625ec124adb6e110dc54632e006b3620a962b)
2000-09-27 19:09:59 +00:00
Jeremy Allison
7a3795d5df Fix to allow a timestamp of zero to cause an instantaneous changenotify
scan - then call this from renames. This allows instantaneous update for
W2k renames.
Jeremy.
(This used to be commit 07dffc4ee931cbc61197e2da277df9c404a77469)
2000-09-20 19:00:21 +00:00
Andrew Tridgell
a19836ae52 we should not lowercase the username we receive in
reply_sesssetup_and_X(). The getpwnam() wrapper handles the case
munging operations later.

this fixes a problem with mixed case usernames.
(This used to be commit 2ebfdd21b3123d7daefeeed4dae6e8bc3a7a7653)
2000-09-12 04:50:36 +00:00
Jeremy Allison
177b962dfe Added vfs_unlink call to ensure vfs is used on unlink from client.
Jeremy.
(This used to be commit 38fc56c8434c427335cf264c4b27420c5ad47566)
2000-08-30 18:33:56 +00:00
Jeremy Allison
7d93eb3483 smbd/password.c: Fixed typo in Tim's new code that caused insure overrun error.
smbd/reply.c: Fixed lowercasing UNIX character set problem.
Jeremy.
(This used to be commit 2b6e3ed7a6447d40d9dd7e9b5c286b1aabe4730d)
2000-08-28 20:45:00 +00:00
Jeremy Allison
7f36df301e Tidyup removing many of the 0xC0000000 | NT_STATUS_XXX stuff (only need NT_STATUS_XXX).
Removed IS_BITS_xxx macros as they were just reproducing "C" syntax in a more
obscure way.
Jeremy.
(This used to be commit c55bcec817f47d6162466b193d533c877194124a)
2000-08-01 18:32:34 +00:00
Jeremy Allison
fcbf694957 Added some error checking and returns to the new 'move' code.
Jeremy.
(This used to be commit 0bd88d304cd773e0bbf3e6f7fedcb3b544d41cbe)
2000-07-25 17:09:29 +00:00
Jean-François Micouleau
5a5ef18379 A rather big change set ! (listed in no particular order)
- changed the default forms flag to 2
- all short architecture name are uppercased
- get_short_archi() is now case unsensitive
- the drivers TDB is indexed by archi/version/name
- implemented code to move drivers from the upload area to the download
area. Someone else need to look at that code.
- don't return anymore a default driver if it doesn't exist in the TDB.
Instead return an error.
- cleaned prs_unistr.
- #ifdef out jeremy's new SD parsing in printer_info_2
- removed the unused MANGLE_CODE

- #ifdef out the security checking in update_printer() as it doesn't work
for me.

Zap your ntdrivers.tdb, it won't work anymore.

	J.F.
(This used to be commit ac0a145acc0953a6f362497abbf4dfe70aa522a6)
2000-07-25 13:15:16 +00:00
Jeremy Allison
03e0164270 Luke, I am moving the code back into passdb/passdb.c, this the correct
place to do this, not in smbd/passwd.c

Please don't change this without asking first, I have run this past
Andrew so talk to him (I'm on vacation next week).

I also removed the g_newXXX macros. There are essentially a private C extension,
not used anywhere else in the code, and add no functionality over malloc(XX)
and make the code harder to understand (everyone knows what malloc does).

Jeremy.
(This used to be commit e1b1b6fb6794ba02e1fea510a981fa0ce0d12b58)
2000-06-09 18:45:31 +00:00
Luke Leighton
c3487b00dd reverted jeremy's changes that removed NET_USER_INFO_3. will you please
not just undercut work in progress, thank you.
(This used to be commit 86d440a88c948727bfcfedc694c52c58f9687d8b)
2000-06-09 01:26:42 +00:00
Jeremy Allison
28555ec92e include/smb.h: Removed NET_USER_3 struct from user struct. It doesn't belong there (yet)
as there is no infrastructure for it. Replaced it with a dynamic array
				of group SIDs plus a user.
passdb/passdb.c: Added setup_user_sids() function. This is where the lookup should be done,
				eventually calling winbind.
smbd/password.c: Changed to call setup_user_sids(). Removed spurious DEBUG(0) statements.
smbd/reply.c: Removed extra parameter to register_vuid().

Jeremy.
(This used to be commit 425f4ad9a5e0e7d49620276100ade7a0cae47011)
2000-06-08 17:50:19 +00:00
Luke Leighton
84d40095e1 added a NET_USER_INFO_3 struct to user_struct.
register_vuid fills it with constructed info.
(This used to be commit b1889e4334012b1b2caa604b859da4271509fc87)
2000-06-08 13:56:07 +00:00
Jeremy Allison
295b2d31a5 Did a proper fix for the file access on IPC$. Denied all pipe opens on
trans2 open calls as we don't have the pipe open response coded up yet.
Jeremy.
(This used to be commit 8142e27c9c32aba5a7dabc48a676b93cf680151b)
2000-05-23 17:57:51 +00:00
Jeremy Allison
3cbaf59726 Fixed bug where file access was allowed on IPC$ share.
Return correct error codes on invalid share name.
Jeremy.
(This used to be commit 420d6bc4809cef9d74354175d0fa956ab4e8ac3c)
2000-05-23 01:27:19 +00:00
Jeremy Allison
b27886addb passdb/secrets.c: Fix typo in comment.
rpc_server/srv_pipe.c: Use accessor functions rather than diddling with structure
internals directly.
smbd/process.c:
smbd/reply.c: Remove READ_PREDICTION #ifdefs.
Jeremy.
(This used to be commit eba825ff030a175bd271caa6f543379dfdbbd646)
2000-05-15 17:13:50 +00:00
Andrew Tridgell
479c73559e use "winbind separator" option for domain/user separator character
(This used to be commit 6cbb826b154e61085fd651116caf472d4d438c1d)
2000-05-12 06:30:45 +00:00
Andrew Tridgell
dd8f9b5491 fixed a problem with appliance operation
(This used to be commit acf9286e82b851e25ee863f673bff713a38002e7)
2000-05-12 05:10:32 +00:00
Andrew Tridgell
43a3faab08 - changed smb_getpwnam() to use winbind style usernames
- finished ntdom -> winbind rename in head
(This used to be commit ada483cb56453afc6df4ec4be18bfe5e943c7150)
2000-05-10 14:48:33 +00:00
Andrew Tridgell
49a0e6d598 more merging voodoo
this adds "#define OLD_NTDOMAIN 1" in lots of places. Don't panic -
this isn't permanent, it should go after another few merge steps have
been done
(This used to be commit 92109d7b3c06f240452d39f669ecb8c9c86ab610)
2000-05-10 10:41:59 +00:00
Herb Lewis
c88222da0c Fix for misunderstanding of fsync added when vfs layer
was done. Samba was doing fsync's (bleagh).
Jeremy.
(This used to be commit f9a52cadbf11f7afcef754a59d783964a2edb5bc)
2000-05-10 01:31:46 +00:00
Andrew Tridgell
4c061ca15c - use smb_gwtpwnam() in another couple of places
- don't call add/del user if the scripts are empty
(This used to be commit 43860215d4d16cb1bacdc77f1c46c54e4c54abd7)
2000-05-09 15:09:52 +00:00
Andrew Tridgell
2958dfcdf8 added secrets.tdb and changed storage of trust account password to use
it
(This used to be commit 88ad00b82acc4636ab57dfe710af08ea85b82ff1)
2000-05-08 10:42:21 +00:00
Andrew Tridgell
f6844e0b7e a minimal change to get appliance mode to work with winbindd
we needed to accept usernames of the form DOMAIN/user, which means we
needed to pass the domain to a getpwnam() like routine in certain
critical spots.

What I'd rather do is get rid of "char *user" everywhere and use the
new userdom_struct, but that will have to wait a few days.
(This used to be commit 8b7a10febead8be182e7d5b1d68259e31530b69c)
2000-05-04 16:01:47 +00:00
Andrew Tridgell
29ba16f792 fixed dptr_wcard handling (need to use strdup)
(This used to be commit 0bab0300748a22b4b861fa443be2014bcd7b348c)
2000-04-30 14:59:00 +00:00
Andrew Tridgell
cb6327cd2d removed more cruft from our old wildcard matching code
(This used to be commit 4a15924ffe36ed37ec193a0ef5a0487238edc311)
2000-04-30 14:34:31 +00:00
Andrew Tridgell
34cd425c1d fixed our smbsearch code. We now store the mask with the dptr, this
turns out to be essential for a correct implementation (there ins't
enough room to store all possible masks in the status return
structure!)
(This used to be commit 38f5e133670ada6e5799a16cf1a0e2e3ee1d9afd)
2000-04-30 14:29:45 +00:00
Andrew Tridgell
700f72453e - removed all our old wildcard matching code and replaced it with a
call to ms_fnmatch(). This also removes all the Win9X semantics stuff
and a bunch of other associated cruft.

- moved the stat cache code into statcache.c

- fixed the uint16 alignment requirements of ascii_to_unistr() and
  unistr_to_ascii()

- trans2 SMB_FIND_FILE_BOTH_DIRECTORY_INFO returns the short name as
  unicode always (at least thats what NT4 does)

- fixed some errors in the in-memory tdb code. Still ugly, but doesn't
  crash as much
(This used to be commit 03e9cea004bbba72161a5323cf3b4556c94aed8e)
2000-04-30 11:04:28 +00:00
Jeremy Allison
3d9141d415 Fixed range check on writeX.
Jeremy.
(This used to be commit 9cde198108439358e99128fa9a1b3000e33f5414)
2000-04-27 17:14:45 +00:00
Jeremy Allison
c4af7ad8dc Tidyup of smbecho.
Jeremy.
(This used to be commit 4a4b7a994bbe327216f736133edc51cf9a351716)
2000-04-27 16:53:31 +00:00
Andrew Tridgell
00e3fe1324 moved trans2.h and nterr.h into includes.h with all our other includes
(This used to be commit d7cd7c88fdabb01d9e40ae8a657737907a21ac37)
2000-04-25 14:06:57 +00:00
Jeremy Allison
e82dbfcbe9 Now that fsp's are created on successful file open, the structure member
fsp->open is no longer needed (if an fsp pointer is valid, then it's open :-).

NB for Luke, this patch also did not apply to TNG. TNG is not yet
identical w.r.t file serving with HEAD. This makes it impossible for
me to help maintain TNG. Please fix asap.

lib/substitute.c: Removed unused variable (pidstr).

Jeremy.
(This used to be commit 389b700a26e8a308a0dff6fc038c38068aa0119a)
2000-04-24 19:23:51 +00:00
Andrew Tridgell
f7608e8535 fixed overlapping strcpy() found by insure
(This used to be commit 1106fa7f24d229c3877263b7a7dde359556435e6)
2000-04-22 08:28:22 +00:00
Jeremy Allison
6259f51dd9 This is a *big* checkin that may break some things, but implements the
new open mechanism Andrew & I discussed.

config.sub:
configure: Included the QNX patch.

include/vfs.h:
smbd/vfs-wrap.c:
smbd/vfs.c: Added ftruncate vfs call (needed).

Note that we will also need locking calls in the vfs (to be added).

lib/util_unistr.c:
nmbd/nmbd_processlogon.c: Fix for NT domain logons causing nmbd to core dump.
                          Also fix for sidsize DOS bug.

locking/locking.c: Check value of ret before using it for memdup.

printing/printing.c: Convert print_fsp_open to return an allocated fsp.

rpc_server/srv_lsa.c: Fix for NT domain logons.

I have removed all use of lp_share_modes() from the code (although I
left the parameter in the table for backwards compatibility). It no longer makes
sense for this to exist.

smbd/close.c: Removed lp_share_modes().
smbd/fileio.c: Fixed parameters to unlock_share_entry call in panic code.
smbd/files.c: Correctly set the unix_ERR_code to ERRnofids on fsp allocation fail.

smbd/nttrans.c:
smbd/reply.c:
smbd/trans2.c: Changed all occurrences of open_file_shared/open_directory/
               open_file_stat to return an fsp from the call.

smbd/open.c: Changed all occurrences of open_file_shared/open_directory/
             open_file_stat to return an fsp from the call.

In addition I have fixed a long standing race condition in the deny mode
processing w.r.t. two smbd's creating a file. Andrew, please note that
your original idea of using open with O_EXCL in this case would not work
(I went over the races very carefully) and so we must re-check deny modes
*after* the open() call returns. This is because there is a race between
the open with O_EXCL and the lock of the share mode entry. Imagine the
case where the first smbd does the open with O_EXCL and a deny mode of DENY_ALL,
but is pre-empted before it locks the share modes and creates the deny
mode entry for DENY_ALL. A second smbd could then come in with O_RDONLY
and a deny mode of DENY_NONE and the two opens would be allowed.

The *only* way to fix this race is to lock the share modes after the
open and then do the deny mode checks *after* this lock in the case
where the file did not originally exist.

This code will need extensive testing but seems to initially work.

Jeremy.
(This used to be commit ab0ecc39d688f16b9692fe90b991f0b89287070a)
2000-04-22 00:33:16 +00:00
Andrew Tridgell
54de56a1be the changes to the main smb code
------------
The following series of commits are for the new tdb based printing
backend. This completely replaces our old printing backend.

Major changes include:

- all print ops are now done in printing/*.c rather than scattered all
  over the place
- system job ids are decoupled from SMB job ids
- the lpq parsers don't need to be nearly so smart, they only need to
  parse the filename, the status and system job id
- we can store lots more info about a job, including the full job name
- the queue cache control is much better

I also added a new utility routine file_lines_load() that loads a text
file and parses it into lines. This is used in out lpq parsing and I
also want to use it to replace all of our fgets() based code in other
places.
(This used to be commit d870542c2884510bd45fd5b54ff2157434d53f4c)
2000-04-16 06:22:31 +00:00
Jeremy Allison
96b3bf3140 Implmented mapping of lock offset/count from 64 bit MS ranges
to either 63 or 31 bit POSIX ranges. Code to get these locks
not yet added.
Jeremy.
(This used to be commit 9c3b9146a3baff4b2e403ae8fac6c48df1b7e642)
2000-04-12 21:46:22 +00:00
Jeremy Allison
f6be38cae2 include/byteorder.h: ALIGN4/ALIGN2 macros.
include/includes.h: Added SMB_BIG_UINT_BITS.
lib/util.c: Removed align2/align4 - use macros.
libsmb/namequery.c: Use ALIGN2.
locking/locking.c: Replace do_lock, do_unlock, args with SMB_BIG_UINT, not SMB_OFF_T.
                   Needed to move to hiding POSIX locks at a lower layer.
nmbd/nmbd_processlogon.c: Use ALIGN2/ALIGN4 macros.
smbd/blocking.c: Replace do_lock, do_unlock, args with SMB_BIG_UINT, not SMB_OFF_T.
smbd/reply.c: Replace do_lock, do_unlock, args with SMB_BIG_UINT, not SMB_OFF_T.
Jeremy.
(This used to be commit 491eea8a20bf80d426625479326211dc975857a6)
2000-04-11 19:44:54 +00:00