* BUG 1606: Force smbd to disable sendfile with DOS clients
and ensure that the chained header is filled in for ...&X
commands.
+ * BUG 1602: Fix access to shares when all symlink support
+ has been disabled.
+
+
+o Gerald (Jerry) Carter <jerry@samba.org>
+ * Tighten the cache consistency with the ntprinters.tdb entry
+ an the in memory cache associated with open printer handles.
+ * Make sure that register_messages_flags() doesn't overwrite
+ the originally registers flags.
o Steve French <sfrench@us.ibm.com>
- o prevent infinite recusion in reopen_logs() when expanding
+ * prevent infinite recusion in reopen_logs() when expanding
the smb.conf variable %I.
+o Luke Howard <lukeh@padl.com>
+ * Correctly use uid_to_sid() and gid_to_sid() in
+ pdb_set_sam_sids().
+
o Volker Lendecke <vl@samba.org>
- o Improved NT->AFS ACL mapping VFS module.
+ * Improved NT->AFS ACL mapping VFS module.
o Lars Mueller <lmuelle@suse.de>
- o Fix compiler warnings in the kerberos client code.
+ * Fix compiler warnings in the kerberos client code.
o James Peach <jpeach@sgi.com>
in a directory.
+o Jelmer Vernooij <jelmer@samba.org>
+ * BUG 1474: Fix build of --with-expsma stuff on Solaris.
+
+
Changes since 3.0.5
-------------------
IDMAP_LIBS=@IDMAP_LIBS@
KRB5LIBS=@KRB5_LIBS@
LDAP_LIBS=@LDAP_LIBS@
+XML_LIBS=@XML_LIBS@
+MYSQL_LIBS=@MYSQL_LIBS@
+PGSQL_LIBS=@PGSQL_LIBS@
LINK=$(CC) $(FLAGS) $(LDFLAGS)
utils/net_rap.o utils/net_rpc.o utils/net_rpc_samsync.o \
utils/net_rpc_join.o utils/net_time.o utils/net_lookup.o \
utils/net_cache.o utils/net_groupmap.o utils/net_idmap.o \
- utils/net_status.o
+ utils/net_status.o
NET_OBJ = $(NET_OBJ1) $(PARAM_OBJ) $(SECRETS_OBJ) $(LIBSMB_OBJ) \
$(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(PASSDB_LIBS) $(RPCCLIENT_OBJ) \
$(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) @POPTLIBS@ \
- $(KRB5LIBS) $(LDAP_LIBS)
+ $(KRB5LIBS) $(LDAP_LIBS) \
+ $(XML_LIBS) $(MYSQL_LIBS) $(PGSQL_LIBS)
bin/smbclient@EXEEXT@: $(CLIENT_OBJ) @BUILD_POPT@ bin/.dummy
@echo Linking $@
bin/mysql.@SHLIBEXT@: $(MYSQL_OBJ:.o=.@PICSUFFIX@)
@echo "Building plugin $@"
- @$(SHLD) $(LDSHFLAGS) -o $@ $(MYSQL_OBJ:.o=.@PICSUFFIX@) @MYSQL_LIBS@ \
+ @$(SHLD) $(LDSHFLAGS) -o $@ $(MYSQL_OBJ:.o=.@PICSUFFIX@) $(MYSQL_LIBS) \
@SONAMEFLAG@`basename $@`
bin/pgsql.@SHLIBEXT@: $(PGSQL_OBJ:.o=.@PICSUFFIX@)
@echo "Building plugin $@"
- @$(SHLD) $(LDSHFLAGS) -o $@ $(PGSQL_OBJ:.o=.@PICSUFFIX@) @PGSQL_LIBS@ \
+ @$(SHLD) $(LDSHFLAGS) -o $@ $(PGSQL_OBJ:.o=.@PICSUFFIX@) $(PGSQL_LIBS) \
@SONAMEFLAG@`basename $@`
bin/ldapsam.@SHLIBEXT@: passdb/pdb_ldap.@PICSUFFIX@
bin/xml.@SHLIBEXT@: $(XML_OBJ:.o=.@PICSUFFIX@)
@echo "Building plugin $@"
- @$(SHLD) $(LDSHFLAGS) -o $@ $(XML_OBJ:.o=.@PICSUFFIX@) @XML_LIBS@ \
+ @$(SHLD) $(LDSHFLAGS) -o $@ $(XML_OBJ:.o=.@PICSUFFIX@) $(XML_LIBS) \
@SONAMEFLAG@`basename $@`
bin/audit.@SHLIBEXT@: $(VFS_AUDIT_OBJ:.o=.@PICSUFFIX@)
/* printing messages */
/* #define MSG_PRINTER_NOTIFY 2001*/ /* Obsolete */
-#define MSG_PRINTER_DRVUPGRADE 2002
-#define MSG_PRINTER_NOTIFY2 2003
-#define MSG_PRINTERDATA_INIT_RESET 2004
-#define MSG_PRINTER_UPDATE 2005
+#define MSG_PRINTER_NOTIFY2 2002
+
+#define MSG_PRINTER_DRVUPGRADE 2101
+#define MSG_PRINTERDATA_INIT_RESET 2102
+#define MSG_PRINTER_UPDATE 2103
+#define MSG_PRINTER_MOD 2104
/* smbd messages */
#define MSG_SMB_CONF_UPDATED 3001
#define FLAG_MSG_GENERAL 0x0001
#define FLAG_MSG_SMBD 0x0002
#define FLAG_MSG_NMBD 0x0004
-#define FLAG_MSG_PRINTING 0x0008
+#define FLAG_MSG_PRINT_NOTIFY 0x0008
+#define FLAG_MSG_PRINT_GENERAL 0x0010
#endif
msg_all.msg_flag = FLAG_MSG_GENERAL;
else if (msg_type > 1000 && msg_type < 2000)
msg_all.msg_flag = FLAG_MSG_NMBD;
- else if (msg_type > 2000 && msg_type < 3000)
- msg_all.msg_flag = FLAG_MSG_PRINTING;
+ else if (msg_type > 2000 && msg_type < 2100)
+ msg_all.msg_flag = FLAG_MSG_PRINT_NOTIFY;
+ else if (msg_type > 2100 && msg_type < 3000)
+ msg_all.msg_flag = FLAG_MSG_PRINT_GENERAL;
else if (msg_type > 3000 && msg_type < 4000)
msg_all.msg_flag = FLAG_MSG_SMBD;
else
const char *guest_account = lp_guestaccount();
GROUP_MAP map;
BOOL ret;
-
+ DOM_SID user_sid;
+ DOM_SID group_sid;
+
if (!account_data || !pwd) {
return NT_STATUS_INVALID_PARAMETER;
}
/* this is a hack this thing should not be set
this way --SSS */
if (!(guest_account && *guest_account)) {
- DEBUG(1, ("NULL guest account!?!?\n"));
+ DEBUG(1, ("pdb_set_sam_sids: NULL guest account!?!?\n"));
return NT_STATUS_UNSUCCESSFUL;
} else {
/* Ensure this *must* be set right */
}
}
- if (!pdb_set_user_sid_from_rid(account_data, fallback_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) {
- DEBUG(0,("Can't set User SID from RID!\n"));
+ if (NT_STATUS_IS_OK(uid_to_sid(&user_sid, pwd->pw_uid))) {
+ if (!pdb_set_user_sid(account_data, &user_sid, PDB_SET)) {
+ DEBUG(0,("pdb_set_sam_sids: Can't set User SID from mapped UID\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ } else if (!pdb_set_user_sid_from_rid(account_data, algorithmic_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) {
+ DEBUG(0,("pdb_set_sam_sids: Can't set User SID from RID!\n"));
return NT_STATUS_INVALID_PARAMETER;
}
if( ret ) {
if (!pdb_set_group_sid(account_data, &map.sid, PDB_SET)){
- DEBUG(0,("Can't set Group SID!\n"));
+ DEBUG(0,("pdb_set_sam_sids: Can't set Group SID!\n"));
return NT_STATUS_INVALID_PARAMETER;
}
}
else {
- if (!pdb_set_group_sid_from_rid(account_data, pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) {
- DEBUG(0,("Can't set Group SID\n"));
+ if (NT_STATUS_IS_OK(gid_to_sid(&group_sid, pwd->pw_gid))) {
+ if (!pdb_set_group_sid(account_data, &group_sid, PDB_SET)) {
+ DEBUG(0,("pdb_set_sam_sids: Can't set Group SID from mapped GID\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ } else if (!pdb_set_group_sid_from_rid(account_data, pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) {
+ DEBUG(0,("pdb_set_sam_sids: Can't set Group SID\n"));
return NT_STATUS_INVALID_PARAMETER;
}
}
/* see if we need to generate a new rid using the 2.2 algorithm */
if ( rid == 0 && lp_enable_rid_algorithm() ) {
DEBUG(10,("pdb_init_sam_new: no RID specified. Generating one via old algorithm\n"));
- rid = fallback_pdb_uid_to_user_rid(pwd->pw_uid);
+ rid = algorithmic_pdb_uid_to_user_rid(pwd->pw_uid);
}
/* set the new SID */
Converts NT user RID to a UNIX uid.
********************************************************************/
-uid_t fallback_pdb_user_rid_to_uid(uint32 user_rid)
+uid_t algorithmic_pdb_user_rid_to_uid(uint32 user_rid)
{
int rid_offset = algorithmic_rid_base();
return (uid_t)(((user_rid & (~USER_RID_TYPE)) - rid_offset)/RID_MULTIPLIER);
converts UNIX uid to an NT User RID.
********************************************************************/
-uint32 fallback_pdb_uid_to_user_rid(uid_t uid)
+uint32 algorithmic_pdb_uid_to_user_rid(uid_t uid)
{
int rid_offset = algorithmic_rid_base();
return (((((uint32)uid)*RID_MULTIPLIER) + rid_offset) | USER_RID_TYPE);
Decides if a RID is a user or group RID.
********************************************************************/
-BOOL fallback_pdb_rid_is_user(uint32 rid)
+BOOL algorithmic_pdb_rid_is_user(uint32 rid)
{
- /* lkcl i understand that NT attaches an enumeration to a RID
- * such that it can be identified as either a user, group etc
- * type. there are 5 such categories, and they are documented.
- */
- /* However, they are not in the RID, just somthing you can query
- seperatly. Sorry luke :-) */
-
- if(pdb_rid_is_well_known(rid)) {
- /*
- * The only well known user RIDs are DOMAIN_USER_RID_ADMIN
- * and DOMAIN_USER_RID_GUEST.
- */
- if(rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST)
- return True;
- } else if((rid & RID_TYPE_MASK) == USER_RID_TYPE) {
- return True;
- }
- return False;
+ if(pdb_rid_is_well_known(rid)) {
+ /*
+ * The only well known user RIDs are DOMAIN_USER_RID_ADMIN
+ * and DOMAIN_USER_RID_GUEST.
+ */
+ if(rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST)
+ return True;
+ } else if((rid & RID_TYPE_MASK) == USER_RID_TYPE) {
+ return True;
+ }
+ return False;
}
/*******************************************************************
return True;
}
- if (fallback_pdb_rid_is_user(rid)) {
+ if (algorithmic_pdb_rid_is_user(rid)) {
uid_t uid;
struct passwd *pw = NULL;
DEBUG(5, ("assuming RID %u is a user\n", (unsigned)rid));
- uid = fallback_pdb_user_rid_to_uid(rid);
+ uid = algorithmic_pdb_user_rid_to_uid(rid);
pw = sys_getpwuid( uid );
DEBUG(5,("local_lookup_sid: looking up uid %u %s\n", (unsigned int)uid,
DEBUG(5,("local_lookup_sid: found group %s for rid %u\n", name,
(unsigned int)rid ));
- /* assume fallback groups aer domain global groups */
+ /* assume algorithmic groups are domain global groups */
*psid_name_use = SID_NAME_DOM_GRP;
DEBUG(8,("algorithmic_uid_to_sid: falling back to RID algorithm\n"));
sid_copy( psid, get_global_sam_sid() );
- sid_append_rid( psid, fallback_pdb_uid_to_user_rid(uid) );
+ sid_append_rid( psid, algorithmic_pdb_uid_to_user_rid(uid) );
DEBUG(10,("algorithmic_uid_to_sid: uid (%d) -> SID %s.\n",
(unsigned int)uid, sid_string_static(psid) ));
if ( !ret ) {
- /* fallback to rid mapping if enabled */
+ /* algorithmic to rid mapping if enabled */
if ( lp_enable_rid_algorithm() ) {
if ( !ret ) {
- /* fallback to rid mapping if enabled */
+ /* Fallback to algorithmic rid mapping if enabled */
if ( lp_enable_rid_algorithm() ) {
DEBUG(10,("local_sid_to_gid: Fall back to algorithmic mapping\n"));
- if (fallback_pdb_rid_is_user(rid)) {
+ if (algorithmic_pdb_rid_is_user(rid)) {
DEBUG(3, ("local_sid_to_gid: SID %s is *NOT* a group\n", sid_string_static(psid)));
return False;
} else {
return False;
}
- *low = fallback_pdb_uid_to_user_rid(id_low);
- if (fallback_pdb_user_rid_to_uid((uint32)-1) < id_high) {
+ *low = algorithmic_pdb_uid_to_user_rid(id_low);
+ if (algorithmic_pdb_user_rid_to_uid((uint32)-1) < id_high) {
*high = (uint32)-1;
} else {
- *high = fallback_pdb_uid_to_user_rid(id_high);
+ *high = algorithmic_pdb_uid_to_user_rid(id_high);
}
return True;
smb_pw->smb_userid=passwd->pw_uid;
passwd_free(&passwd);
- } else if (fallback_pdb_rid_is_user(rid)) {
- smb_pw->smb_userid=fallback_pdb_user_rid_to_uid(rid);
+ } else if (algorithmic_pdb_rid_is_user(rid)) {
+ smb_pw->smb_userid=algorithmic_pdb_user_rid_to_uid(rid);
} else {
DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n"));
return False;
return nt_status;
}
- while ( ((smb_pw=getsmbfilepwent(smbpasswd_state, fp)) != NULL) && (fallback_pdb_uid_to_user_rid(smb_pw->smb_userid) != rid) )
+ while ( ((smb_pw=getsmbfilepwent(smbpasswd_state, fp)) != NULL) && (algorithmic_pdb_uid_to_user_rid(smb_pw->smb_userid) != rid) )
/* do nothing */ ;
endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
message_register( MSG_PRINTERDATA_INIT_RESET, reset_all_printerdata );
+ /*
+ * register callback to handle invalidating the printer cache
+ * between smbd processes.
+ */
+
+ message_register( MSG_PRINTER_MOD, receive_printer_mod_msg);
+
+ /* of course, none of the message callbacks matter if you don't
+ tell messages.c that you interested in receiving PRINT_GENERAL
+ msgs. This is done in claim_connection() */
+
return True;
}
#endif
}
+/********************************************************************
+ Send a message to all smbds about the printer that just changed
+ ********************************************************************/
+
+static BOOL send_printer_mod_msg( char* printername )
+{
+ int len = strlen(printername);
+
+ if (!len)
+ return False;
+
+ DEBUG(10,("send_printer_mod_msg: Sending message about printer change [%s]\n",
+ printername));
+
+ /* spam everyone that we just changed this printer */
+
+ message_send_all( conn_tdb_ctx(), MSG_PRINTER_MOD, printername, len+1, False, NULL );
+
+ return True;
+}
+
/*
* The function below are the high level ones.
* only those ones must be called from the spoolss code.
*/
invalidate_printer_hnd_cache( printer.info_2->sharename );
+ send_printer_mod_msg( printer.info_2->sharename );
switch (level) {
case 2:
DEBUG(5,("start_background_queue: background LPQ thread started\n"));
claim_connection( NULL, "smbd lpq backend", 0, False,
- FLAG_MSG_GENERAL|FLAG_MSG_SMBD|FLAG_MSG_PRINTING );
+ FLAG_MSG_GENERAL|FLAG_MSG_SMBD|FLAG_MSG_PRINT_GENERAL);
if (!locking_init(0)) {
exit(1);
/* Tell the connections db we're no longer interested in
* printer notify messages. */
- register_message_flags( False, FLAG_MSG_PRINTING );
+ register_message_flags( False, FLAG_MSG_PRINT_NOTIFY );
}
smb_connections--;
notify2_unpack_msg( ¬ify, &msg_tv, msg_ptr, msg_len );
msg_ptr += msg_len;
- /* we don't know if the change was from us or not so kill
- any cached printer objects */
-
- if ( notify.type == PRINTER_NOTIFY_TYPE )
- invalidate_printer_hnd_cache( notify.printer );
-
/* add to correct list in container */
notify_msg_ctr_addmsg( &messages, ¬ify );
return;
}
+/********************************************************************
+ callback to MSG_PRINTER_CHANGED. When a printer is changed by
+ one smbd, all of processes must clear their printer cache immediately.
+ ********************************************************************/
+
+void receive_printer_mod_msg(int msg_type, pid_t src, void *buf, size_t len)
+{
+ fstring printername;
+
+ fstrcpy( printername, buf );
+
+ DEBUG(10,("receive_printer_mod_msg: Printer change [%s]\n", printername ));
+
+ invalidate_printer_hnd_cache( printername );
+}
+
/********************************************************************
Send a message to ourself about new driver being installed
so we can upgrade the information for each printer bound to this
message_register(MSG_PRINTER_NOTIFY2, receive_notify2_message_list);
/* Tell the connections db we're now interested in printer
* notify messages. */
- register_message_flags( True, FLAG_MSG_PRINTING );
+ register_message_flags( True, FLAG_MSG_PRINT_NOTIFY );
}
/*
}
pcrec = (struct connections_data *)dbuf.dptr;
- pcrec->bcast_msg_flags = msg_flags;
if (doreg)
pcrec->bcast_msg_flags |= msg_flags;
else
reload_services(True);
reopen_logs();
- claim_connection(NULL,"",0,True,FLAG_MSG_GENERAL|FLAG_MSG_SMBD);
+ claim_connection(NULL,"",0,True,FLAG_MSG_GENERAL|FLAG_MSG_SMBD|FLAG_MSG_PRINT_GENERAL);
already_got_session = True;
break;
exit(1);
/* Setup the main smbd so that we can get messages. */
+ /* don't worry about general printing messages here */
+
claim_connection(NULL,"",0,True,FLAG_MSG_GENERAL|FLAG_MSG_SMBD);
/* only start the background queue daemon if we are
it is below dir in the heirachy. This uses realpath.
********************************************************************/
-BOOL reduce_name(connection_struct *conn, pstring fname)
+BOOL reduce_name(connection_struct *conn, const pstring fname)
{
#ifdef REALPATH_TAKES_NULL
BOOL free_resolved_name = True;
}
if (!*p) {
- pstrcpy(resolved_name, ".");
+ if (fname[0] == '.' && fname[1] == '/' && fname[2] == '\0') {
+ pstrcpy(resolved_name, "./");
+ } else {
+ pstrcpy(resolved_name, ".");
+ }
p = resolved_name;
}