Tim Potter [Thu, 6 Jul 2000 07:12:13 +0000 (07:12 +0000)]
se_access_check() tests.
Tim Potter [Thu, 6 Jul 2000 07:10:32 +0000 (07:10 +0000)]
Don't check NT permissions when printing from lanman.
Tim Potter [Thu, 6 Jul 2000 07:06:05 +0000 (07:06 +0000)]
Implemented NT printer descriptor checking. Yay!
User details are passed into the printing back end from the spoolss code.
For each print operation these details are checked using the
se_access_check() function using information from the winbind daemon.
Fixed bug in nt_printing_setsec() where the user and group SIDs were
trashed if the permissions were changed from NT. It is necessary to merge
these sids from the previous value of the security descriptor before
storing it in the tdb.
Tim Potter [Thu, 6 Jul 2000 07:01:37 +0000 (07:01 +0000)]
Moved authenticated pipe user details into a current_user struct.
Tim Potter [Thu, 6 Jul 2000 07:00:24 +0000 (07:00 +0000)]
Moved printer ACE mask values from nt_printing.h to rpc_spoolss.h
Tim Potter [Thu, 6 Jul 2000 06:59:27 +0000 (06:59 +0000)]
Include nss.h if present or define enough values to allow client access to
winbind.
Tim Potter [Thu, 6 Jul 2000 06:57:22 +0000 (06:57 +0000)]
Rewrite of se_access_check() function. Added comments and fixed a bunch of
bugs. I think there is a problem though with the permissions granted when
SEC_RIGHTS_MAXIMUM_ALLOWED is passed as the permissions requested.
Tim Potter [Thu, 6 Jul 2000 06:53:47 +0000 (06:53 +0000)]
Pass either an authenticated pipe or SMB user in a current_user struct down
to the printing back end functions.
Tim Potter [Thu, 6 Jul 2000 06:51:55 +0000 (06:51 +0000)]
Pass pipes_struct rather than vuid down to startdocprinter, setprinter and
setjob spoolss server commands.
Tim Potter [Thu, 6 Jul 2000 06:48:54 +0000 (06:48 +0000)]
Added global_sid_NULL S-1-0-0 to list of global sids.
Tim Potter [Thu, 6 Jul 2000 06:48:01 +0000 (06:48 +0000)]
Make prototypes for functions returning an enum nss_status.
Tim Potter [Thu, 6 Jul 2000 06:47:38 +0000 (06:47 +0000)]
Changed checking for WINBINDD_OK return value instead of NSS_STATUS_SUCCESS
when looking up sids from winbindd.
Tim Potter [Thu, 6 Jul 2000 06:43:30 +0000 (06:43 +0000)]
Moved lib/util_seaccess.o from LIB_OBJ to SMBD1_OBJ as it is only used by
smbd.
Andrew Tridgell [Thu, 6 Jul 2000 03:54:22 +0000 (03:54 +0000)]
new protos
Andrew Tridgell [Thu, 6 Jul 2000 03:54:07 +0000 (03:54 +0000)]
the smbw sample prog
Andrew Tridgell [Thu, 6 Jul 2000 03:53:49 +0000 (03:53 +0000)]
don't need shmem any more
Andrew Tridgell [Thu, 6 Jul 2000 03:52:47 +0000 (03:52 +0000)]
wrote a little sample smbw program
build using "make bin/smbw_sample"
this is to show people how to use smbw
Andrew Tridgell [Thu, 6 Jul 2000 03:39:11 +0000 (03:39 +0000)]
added -L option
Andrew Tridgell [Thu, 6 Jul 2000 02:28:44 +0000 (02:28 +0000)]
got smbw to compile again on Linux
Tim Potter [Thu, 6 Jul 2000 01:30:41 +0000 (01:30 +0000)]
Bracked unbracketed macro arguments while looking for another bug.
Tim Potter [Wed, 5 Jul 2000 11:24:26 +0000 (11:24 +0000)]
Merge of wbinfo program from TNG.
Jean-François Micouleau [Tue, 4 Jul 2000 22:51:05 +0000 (22:51 +0000)]
the dummy field in driver_info_6 is before the driver version and not
after.
I don't know who broke all that code, but I'm ******** (censured)
J.F.
Jean-François Micouleau [Tue, 4 Jul 2000 21:58:45 +0000 (21:58 +0000)]
driver_info_6 had a prs_align() that should not have been there.
J.F.
Tim Potter [Mon, 3 Jul 2000 06:52:31 +0000 (06:52 +0000)]
Some more sec_ctx changes. Modified some fields in the pipe_struct
structure so authenticated pipe users can have their unix groups set when
become_authenticated_pipe_user() is called.
Gerald Carter [Mon, 3 Jul 2000 04:29:17 +0000 (04:29 +0000)]
first pass at merging rpcclient from TNG to HEAD. You can get a
semi-connection and a rpcclient prompt, but no functionality there yet.
Will be a few more days on that.
I need to clean this up a little. Will work on that some more.
--jerry
Gerald Carter [Mon, 3 Jul 2000 04:28:29 +0000 (04:28 +0000)]
first pass at merging rpcclient from TNG to HEAD. You can get a
semi-connection and a rpcclient prompt, but no functionality there yet.
Will be a few more days on that.
--jerry
Gerald Carter [Mon, 3 Jul 2000 04:26:37 +0000 (04:26 +0000)]
first pass at merging rpcclient from TNG to HEAD. You can get a
semi-connection and a rpcclient prompt, but no functionality there yet.
Will be a few more days on that.
The changes to the header files were minor. A few struct's and a few
additional fields to existing ones. No deletions. **minimal change
necessary** :-) Well, maybe not minimal, but I tried.
All other programs compile, link and run ok from what I can tell so
I don;t think I broke anything.
--jerry
Gerald Carter [Mon, 3 Jul 2000 04:24:31 +0000 (04:24 +0000)]
first pass at merging rpcclient from TNG to HEAD. You can get a
semi-connection and a rpcclient prompt, but no functionality there yet.
Will be a few more days on that.
These files changed only with the addition of some support functions
from TNG
--jerry
Tim Potter [Mon, 3 Jul 2000 00:58:13 +0000 (00:58 +0000)]
Renamed generic_request() to winbindd_request()
Tim Potter [Mon, 3 Jul 2000 00:57:15 +0000 (00:57 +0000)]
Re-ran autoconf
Jean-François Micouleau [Sat, 1 Jul 2000 16:40:10 +0000 (16:40 +0000)]
reverting Jeremy's changes to enumprinterdata.
Jeremy, the out_max_value_len and out_max_data_len were good. Your change
is breaking NT4SP6 checked version.
J.F.
Jean-François Micouleau [Sat, 1 Jul 2000 09:34:37 +0000 (09:34 +0000)]
Found that the minimum priority is 1 and not 0 on NT.
Changed back the devicemode's devicename to "\\server\printer".
I'm 100% sure it is correct, it's what NT sends on the wire. And that's
the printer's name and NOT the port's name as it has to be unique. It must
also be a UNC because it's a remote printer (remote for the client).
J.F.
Jeremy Allison [Sat, 1 Jul 2000 05:44:49 +0000 (05:44 +0000)]
Removed unneccessary ()'s afer &'s that made it look like we
don't know how the C language works :-).
Jeremy
Tim Potter [Fri, 30 Jun 2000 06:48:47 +0000 (06:48 +0000)]
Merge from TNG.
Tim Potter [Fri, 30 Jun 2000 06:18:42 +0000 (06:18 +0000)]
Added more args to smbclient wrapper - there's probably a better way
to do this.
Tim Potter [Fri, 30 Jun 2000 06:10:36 +0000 (06:10 +0000)]
Updated documentation for wbinfo and winbindd.
Jeremy Allison [Fri, 30 Jun 2000 01:07:26 +0000 (01:07 +0000)]
Fixed oops with missing MANGLE_PATH directive.
Jeremy.
Andrew Tridgell [Thu, 29 Jun 2000 08:23:56 +0000 (08:23 +0000)]
simpler configure test
Andrew Tridgell [Thu, 29 Jun 2000 08:22:00 +0000 (08:22 +0000)]
slightly saner defaults
Jeremy Allison [Thu, 29 Jun 2000 00:52:40 +0000 (00:52 +0000)]
Tidy up current spool code - added some JRATEST ifdefs to allow
experimentation with what is making spoolss.exe crash - may be removed
later.
Jeremy.
Jeremy Allison [Wed, 28 Jun 2000 16:52:59 +0000 (16:52 +0000)]
Removed extra uint32 field in auto-notify reply. This fixes some spoolss.exe
crashes but there are still more to work on.
Jeremy.
Jeremy Allison [Mon, 26 Jun 2000 22:08:20 +0000 (22:08 +0000)]
Changing drivers using the properties page works - but only if getting/setting
security descriptors is disabled (as it is in this code).
If get/set sd's is enabled spooler.exe crashes on NT.
I'll investigate and fix that issue next.
Jeremy.
Jeremy Allison [Mon, 26 Jun 2000 17:41:06 +0000 (17:41 +0000)]
Fixed display of "Everyone" in SD's.
Jeremy.
Andrew Tridgell [Mon, 26 Jun 2000 08:18:42 +0000 (08:18 +0000)]
fixed size alignment in talloc
Jeremy Allison [Sat, 24 Jun 2000 00:15:08 +0000 (00:15 +0000)]
lib/util_sid.c: Uninitialized memory read.
rpc_parse/parse_spoolss.c: Added note about prs_align when marshalling a SEC_DESC...
rpc_server/srv_lsa.c: Tim - your changes broke the display of the 'everyone' group
when doing file access with no winbindd running. This is a partial
fix - more when I have analysed this more.
rpc_server/srv_spoolss_nt.c: Fix for the 'change driver' problem ! Hurrah !
Jeremy.
Jeremy Allison [Fri, 23 Jun 2000 19:57:42 +0000 (19:57 +0000)]
Fix a malloc of zero problem.
Jeremy.
Jeremy Allison [Fri, 23 Jun 2000 17:31:38 +0000 (17:31 +0000)]
lib/util_unistr.c: Off-by-one fix for dos_PutUniStr from John Reilly jreilly@hp.com.
Memory leak fix for new sec_ctx code (sorry Tim :-).
Jeremy.
Tim Potter [Fri, 23 Jun 2000 07:02:59 +0000 (07:02 +0000)]
Don't return a value for a void function.
Tim Potter [Fri, 23 Jun 2000 07:00:43 +0000 (07:00 +0000)]
Test harness stuff for compiling things.
Tim Potter [Fri, 23 Jun 2000 06:53:33 +0000 (06:53 +0000)]
make proto
Tim Potter [Fri, 23 Jun 2000 06:47:11 +0000 (06:47 +0000)]
Some compile fixes.
Tim Potter [Fri, 23 Jun 2000 06:43:08 +0000 (06:43 +0000)]
Got a bit carried away deleting things.
Tim Potter [Fri, 23 Jun 2000 06:36:22 +0000 (06:36 +0000)]
Removed unused variables.
Tim Potter [Fri, 23 Jun 2000 06:31:45 +0000 (06:31 +0000)]
Added parenthesis around definition of PRINTER_ACE_PRINT.
Tim Potter [Fri, 23 Jun 2000 06:27:05 +0000 (06:27 +0000)]
Added return for become_authenticated_pipe_user() function.
Tim Potter [Fri, 23 Jun 2000 06:21:08 +0000 (06:21 +0000)]
Tests for new security context stuff.
Tim Potter [Fri, 23 Jun 2000 06:20:03 +0000 (06:20 +0000)]
make proto
Tim Potter [Fri, 23 Jun 2000 06:19:26 +0000 (06:19 +0000)]
Added MAX_SEC_CTX_DEPTH
Tim Potter [Fri, 23 Jun 2000 05:57:48 +0000 (05:57 +0000)]
Delete OriginalDir stuff.
Tim Potter [Fri, 23 Jun 2000 05:57:20 +0000 (05:57 +0000)]
Moved some static functions to sec_ctx.c
Implemented become_root() and friends in terms of push/pop/set security
contexts.
Tim Potter [Fri, 23 Jun 2000 05:55:41 +0000 (05:55 +0000)]
Added smbd/sec_ctx.o to smbd objects.
Tim Potter [Fri, 23 Jun 2000 05:54:49 +0000 (05:54 +0000)]
Call init_sec_ctx() instead of init_uid().
Delete OriginalDir stuff.
Tim Potter [Fri, 23 Jun 2000 05:53:18 +0000 (05:53 +0000)]
Removed save directory argument to become_root() calls. Probably most of
this stuff doesn't need to be done as root anyway.
Tim Potter [Fri, 23 Jun 2000 05:49:11 +0000 (05:49 +0000)]
I've been working on refactoring some of the mess that is the become_user()
code. This code is now implemented as a stack of security contexts, where
a security context is defined as a set of effective user, group and
supplementary group ids.
The following functions are implemented:
BOOL push_sec_ctx(void);
Create a new security context on the stack which is the same as the
current security context.
void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups);
Set the current security context to a given set of user and group
ids.
void set_root_sec_ctx(void);
Set to uid = gid = 0. No supplementary groups are set.
BOOL pop_sec_ctx(void);
Pop a security context from the stack and restore the user and group
permissions of the previous context.
void init_sec_ctx(void);
Initialise the security context stack. This must be called before any
of the other operations are used or weird things may happen.
The idea is that there is a base security context which is either root or
some authenticated unix user. Other security contexts can be pushed and
popped as needed for things like changing passwords, or rpc pipe operations
where the rpc pipe user is different from the smb user.
Gerald Carter [Fri, 23 Jun 2000 00:09:21 +0000 (00:09 +0000)]
just enough to get rpcclient to compile. Look for #if 0
blocks around a few unimplemented functions. Also had to
add cli_reg.c to Makefile.in
--jerry
Jeremy Allison [Thu, 22 Jun 2000 23:59:22 +0000 (23:59 +0000)]
Changed enumports to show printernames as ports. In line with 'the grand plan' :-)
Gerald & I discussed with HP. More changes to follow.
Jeremy.
Jeremy Allison [Thu, 22 Jun 2000 01:39:17 +0000 (01:39 +0000)]
lib/util_unistr.c: Removed ascii_to_unistr() as it does no codepage.
Removed unistr_to_ascii() as it was never used.
printing/nt_printing.c: Removed "DUMMY.XX" files.
rpc_server/srv_spoolss_nt.c: Use dos_PutUniCode() instead of ascii_to_unistr().
Attempted to fix the "return value" size code based on J.F's
comments. This needs looking at.
Jeremy.
Andrew Tridgell [Wed, 21 Jun 2000 12:14:51 +0000 (12:14 +0000)]
fixed two minor bugs in new sys_select()
Tim Potter [Wed, 21 Jun 2000 06:26:21 +0000 (06:26 +0000)]
A neater way of solving the S_ISSOCK, S_ISFIFO problem.
Moved the S_* macros from smb.h to includes.h
Jeremy Allison [Wed, 21 Jun 2000 02:24:59 +0000 (02:24 +0000)]
Changed default printer driver to "" from NULL.
Jeremy.
Jeremy Allison [Tue, 20 Jun 2000 23:58:56 +0000 (23:58 +0000)]
Fixes for Win2k "add printer driver" INFO_LEVEL_6 was wrong, also some
memory fixes.
Jeremy.
Jeremy Allison [Tue, 20 Jun 2000 00:32:32 +0000 (00:32 +0000)]
Fixes for IRIX kernel oplocks and systems that don't have nss.h
Jeremy.
Jeremy Allison [Mon, 19 Jun 2000 21:30:27 +0000 (21:30 +0000)]
Paranoia changes to ensure that anything touched by a signal handler
and the main code is declared as VOLATILE SIG_ATOMIC_T.
Jeremy.
Andrew Tridgell [Fri, 16 Jun 2000 23:57:09 +0000 (23:57 +0000)]
reverted lukes changes in param/
apparently they were not deliberate, they were probably a result of
Luke accidentally copying a CVS directory from one spot to another in
error
Luke Leighton [Fri, 16 Jun 2000 15:53:13 +0000 (15:53 +0000)]
more update.
Tim Potter [Fri, 16 Jun 2000 08:47:52 +0000 (08:47 +0000)]
Forgot pipes_struct conversion for api_samr_enum_dom_aliases()
Tim Potter [Fri, 16 Jun 2000 08:47:04 +0000 (08:47 +0000)]
Whoops - dodgy make proto.
Tim Potter [Fri, 16 Jun 2000 08:25:08 +0000 (08:25 +0000)]
make proto
Tim Potter [Fri, 16 Jun 2000 08:24:45 +0000 (08:24 +0000)]
Pass the vuid from the connection_struct to the printing back end functions.
Tim Potter [Fri, 16 Jun 2000 08:24:11 +0000 (08:24 +0000)]
Changed function prototype for pipe api functions to take a pipes_struct
instead of two prs_data pointers.
Tim Potter [Fri, 16 Jun 2000 08:23:30 +0000 (08:23 +0000)]
Added some permission constants that are set for NT printer security
descriptors. These seem to be made up of the standard and generic access
rights rather than object specific access rights.
Tim Potter [Fri, 16 Jun 2000 08:21:51 +0000 (08:21 +0000)]
Call print_access_check() function from printing back end.
Tim Potter [Fri, 16 Jun 2000 08:20:44 +0000 (08:20 +0000)]
Added print_access_check() function for checking printer security
descriptors. Currently returns True (plus debug output) which should not
affect the behaviour of nt or lanman printing.
Tim Potter [Fri, 16 Jun 2000 08:18:57 +0000 (08:18 +0000)]
Pass the vuid from the connection_struct to the printing back end functions.
Tim Potter [Fri, 16 Jun 2000 08:18:09 +0000 (08:18 +0000)]
Simplified server pipe implementation by changing arguments passed down
through to the individual pipe api calls. Instead of passing two
prs_struct pointers, we now pass the pipes_struct pointer which contains
the former information as well as other useful stuff like the vuid.
Pass the vuid from the pipes_struct down to the lower level spoolss
functions to perform security checks.
ZERO_STRUCTP the info_2 structure before filling it. Free the device mode
field before freeing the info_2 to avoid a memory leak. Fixed
uninitialised pointer bug in fill_job_info_2().
Tim Potter [Fri, 16 Jun 2000 08:15:01 +0000 (08:15 +0000)]
Simplified server pipe implementation by changing arguments passed down
through to the individual pipe api calls. Instead of passing two
prs_struct pointers, we now pass the pipes_struct pointer which contains
the former information as well as other useful stuff like the vuid.
Pass the vuid from the pipes_struct down to the lower level spoolss
functions to perform security checks.
Tim Potter [Fri, 16 Jun 2000 08:12:23 +0000 (08:12 +0000)]
Simplified server pipe implementation by changing arguments passed down
through to the individual pipe api calls. Instead of passing two
prs_struct pointers, we now pass the pipes_struct pointer which contains
the former information as well as other useful stuff like the vuid.
Removed dependency on extern current_user and fetch the vuid from the
pipes_struct.
Tim Potter [Fri, 16 Jun 2000 08:11:32 +0000 (08:11 +0000)]
Simplified server pipe implementation by changing arguments passed down
through to the individual pipe api calls. Instead of passing two
prs_struct pointers, we now pass the pipes_struct pointer which contains
the former information as well as other useful stuff like the vuid.
Andrew Tridgell [Thu, 15 Jun 2000 15:30:37 +0000 (15:30 +0000)]
support both read and write locks inside the tdb
Andrew Tridgell [Thu, 15 Jun 2000 15:29:39 +0000 (15:29 +0000)]
- use read locks when possible
- don't use as many locks on a store
Andrew Tridgell [Thu, 15 Jun 2000 15:28:56 +0000 (15:28 +0000)]
use the right MMAP flag
Andrew Tridgell [Thu, 15 Jun 2000 14:15:48 +0000 (14:15 +0000)]
open files with O_NONBLOCK when available. This is necessary to
prevent possible deadlocks with kernel leases and harmless when kernel
leases are not used.
basically we don't ever want smbd to block
Andrew Tridgell [Thu, 15 Jun 2000 09:35:37 +0000 (09:35 +0000)]
added support for kernel level share modes. These are a (small) hack,
I suspect we will either get rid of them or do them properly at some
stage.
Andrew Tridgell [Thu, 15 Jun 2000 09:31:34 +0000 (09:31 +0000)]
add -d debuglevel option
Tim Potter [Thu, 15 Jun 2000 02:26:54 +0000 (02:26 +0000)]
Removed some debugs.
Tim Potter [Wed, 14 Jun 2000 10:25:19 +0000 (10:25 +0000)]
Added nsswitch/common.o to SMBD_OBJ1
Tim Potter [Wed, 14 Jun 2000 10:02:48 +0000 (10:02 +0000)]
Changed server side lsa_lookup_sids function to look up SIDs that we are
not authoritative for using winbindd.
Tim Potter [Wed, 14 Jun 2000 10:00:31 +0000 (10:00 +0000)]
#include nsswitch/winbind_nss.h
Tim Potter [Wed, 14 Jun 2000 09:58:12 +0000 (09:58 +0000)]
Merge from TNG.
Tim Potter [Wed, 14 Jun 2000 09:57:51 +0000 (09:57 +0000)]
Merged parse_domain_user() from TNG.