- Timestamp:
- Mar 11, 2009, 9:14:55 AM (16 years ago)
- Location:
- branches/samba-3.0
- Files:
-
- 77 edited
-
WHATSNEW.txt (modified) (5 diffs)
-
packaging/RHEL/makerpms.sh (modified) (1 diff)
-
packaging/RHEL/samba.spec (modified) (1 diff)
-
source/Makefile.in (modified) (7 diffs)
-
source/auth/pampass.c (modified) (3 diffs)
-
source/client/client_proto.h (modified) (2 diffs)
-
source/client/mount.cifs.c (modified) (47 diffs)
-
source/client/umount.cifs.c (modified) (3 diffs)
-
source/configure.in (modified) (4 diffs)
-
source/include/ads.h (modified) (1 diff)
-
source/include/config.h.in (modified) (3 diffs)
-
source/include/rpc_dce.h (modified) (1 diff)
-
source/include/rpc_netlogon.h (modified) (2 diffs)
-
source/include/smb.h (modified) (2 diffs)
-
source/lib/charcnv.c (modified) (46 diffs)
-
source/lib/debug.c (modified) (2 diffs)
-
source/lib/events.c (modified) (3 diffs)
-
source/lib/genrand.c (modified) (1 diff)
-
source/lib/iconv.c (modified) (1 diff)
-
source/lib/interfaces.c (modified) (1 diff)
-
source/lib/messages.c (modified) (1 diff)
-
source/lib/replace/autoconf-2.60.m4 (modified) (2 diffs)
-
source/lib/select.c (modified) (2 diffs)
-
source/lib/util.c (modified) (2 diffs)
-
source/lib/util_sock.c (modified) (1 diff)
-
source/lib/util_tdb.c (modified) (1 diff)
-
source/libads/ldap.c (modified) (4 diffs)
-
source/libsmb/cliconnect.c (modified) (4 diffs)
-
source/libsmb/libsmbclient.c (modified) (7 diffs)
-
source/libsmb/namequery.c (modified) (7 diffs)
-
source/libsmb/trusts_util.c (modified) (3 diffs)
-
source/nsswitch/pam_winbind.c (modified) (1 diff)
-
source/nsswitch/winbind_nss_solaris.c (modified) (9 diffs)
-
source/nsswitch/winbindd.c (modified) (4 diffs)
-
source/nsswitch/winbindd_ads.c (modified) (4 diffs)
-
source/nsswitch/winbindd_cm.c (modified) (7 diffs)
-
source/nsswitch/winbindd_cred_cache.c (modified) (14 diffs)
-
source/nsswitch/winbindd_dual.c (modified) (13 diffs)
-
source/nsswitch/winbindd_nss.h (modified) (1 diff)
-
source/nsswitch/winbindd_pam.c (modified) (1 diff)
-
source/nsswitch/winbindd_passdb.c (modified) (1 diff)
-
source/nsswitch/winbindd_proto.h (modified) (2 diffs)
-
source/nsswitch/winbindd_rpc.c (modified) (6 diffs)
-
source/nsswitch/winbindd_util.c (modified) (2 diffs)
-
source/param/loadparm.c (modified) (2 diffs)
-
source/printing/print_generic.c (modified) (1 diff)
-
source/rpc_client/cli_netlogon.c (modified) (1 diff)
-
source/rpc_parse/parse_net.c (modified) (1 diff)
-
source/rpc_server/srv_srvsvc_nt.c (modified) (6 diffs)
-
source/script/uninstalldat.sh (modified) ( previous)
-
source/script/uninstallmsg.sh (modified) ( previous)
-
source/script/uninstallswat.sh (modified) ( previous)
-
source/smbd/aio.c (modified) (2 diffs)
-
source/smbd/build_options.c (modified) (3 diffs)
-
source/smbd/conn.c (modified) (1 diff)
-
source/smbd/dosmode.c (modified) (2 diffs)
-
source/smbd/files.c (modified) (1 diff)
-
source/smbd/msdfs.c (modified) (5 diffs)
-
source/smbd/notify.c (modified) (1 diff)
-
source/smbd/password.c (modified) (2 diffs)
-
source/smbd/posix_acls.c (modified) (6 diffs)
-
source/smbd/process.c (modified) (1 diff)
-
source/smbd/reply.c (modified) (3 diffs)
-
source/smbd/server.c (modified) (4 diffs)
-
source/smbd/sesssetup.c (modified) (6 diffs)
-
source/smbd/share_access.c (modified) (2 diffs)
-
source/smbd/trans2.c (modified) (6 diffs)
-
source/smbd/uid.c (modified) (5 diffs)
-
source/tdb/common/io.c (modified) (2 diffs)
-
source/tdb/common/open.c (modified) (3 diffs)
-
source/tdb/common/transaction.c (modified) (1 diff)
-
source/utils/net_ads.c (modified) (2 diffs)
-
source/utils/net_rpc.c (modified) (1 diff)
-
source/utils/ntlm_auth.c (modified) (1 diff)
-
source/utils/smbtree.c (modified) (3 diffs)
-
source/web/statuspage.c (modified) (1 diff)
-
source/web/swat.c (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.0/WHATSNEW.txt
r158 r165 1 ============================== 2 Release Notes for Samba 3.0.34 3 January, 20 2009 4 ============================== 5 6 7 This is a bug fix release of the Samba 3.0 series. 8 9 Major enhancements included in Samba 3.0.34 are: 10 11 o Fix update of machine account passwords. 12 o Fix SMB signing issue on Windows Vista with MS Hotfix KB955302. 13 o Fix Winbind crashes. 14 o Correctly detect if the current dc is the closest one. 15 o Add saf_join_store() function to memorize the dc used at join time. 16 This avoids problems caused by replication delays shortly after domain 17 joins. 18 o Fix write list in setups using "security = share". 19 20 21 ###################################################################### 22 Changes 23 ####### 24 25 Changes since 3.0.33 26 -------------------- 27 28 29 o Michael Adam <obnox@samba.org> 30 * Fix linking cifs.upcall when nscd_flush_cache() is found. 31 * Fix smbd hanging on Solaris when winbindd closes socket. 32 * Use the reconnect methods instead of the rpc methods directly. 33 34 35 o Jeremy Allison <jra@samba.org> 36 * BUG 1254: Fix write list in setups using "security = share". 37 * BUG 5052: Not work cancel inheritance on share. 38 * BUG 5729: Explicitly allow "-valid" parameter. 39 * BUG 5737: Fix Winbind crash in an unusual failure mode. 40 * BUG 5750: Fix SMB signing issue on Windows Vista with MS Hotfix KB955302. 41 * BUG 5751: Backport to fix showing of ACLson DFS with smbclient. 42 * BUG 5790: Fix returning STATUS_OBJECT_NAME_NOT_FOUND on set file 43 disposition call. 44 * BUG 5814: Fix core dump of Winbind while doing "rescan_trusted_domain". 45 * BUG 5873: Fix ACL inheritance. 46 * BUG 5914: Fix build failure (redefinition of struct name_list). 47 * BUG 5937: Fix filenames with "*" char hiding other files. 48 * BUG 6019: File corruption in Clustered SMB/NFS environment 49 managed via CTDB. 50 * BUG 6035: Fix possible race between fcntl F_SETLKW and alarm delivery. 51 * Remove unecessary msync. 52 * Rename cifs.spnego to cifs.upcall. 53 * Fix segfault when execution cifs.upcall without any arguments. 54 * Ensure we emit the notify message before renaming the open files. 55 * Fix use of DLIST_REMOVE. 56 * Cope with bad trans2mkdir requests from System in QNTC IBM SMB client. 57 * Fix memory leak in error path. 58 * Fix logic bug introduced in backport of ccache_regain_all_now. 59 60 61 o Kai Blin <kai@samba.org> 62 * Reformat the WBFLAGS defines to prepare for adding a new flag. 63 * Put huge NTLMv2 blobs into extra_data on CRAP auth. 64 65 66 o GÃŒnther Deschner <gd@samba.org> 67 * BUG 5710: Fix update of machine account passwords. 68 * Define NET_SRVPWSET2 call. 69 * Net should just use machine account creds when changing passwords. 70 * Fix net_io_q_srv_pwset2. 71 72 73 o Carsten Dumke <carsten@cdumke.de> 74 * BUG 5892: Fix documentation of net rap printq info. 75 76 77 o Dina Fine <dina@exanet.com> 78 * BUG 5908: Fix failing of internal change notify on share directory. 79 80 81 o Steve French <stevef@smf-t60p.smfdom> 82 * Fix compile warning in cifs.upcall. 83 * Fix cifs.upcall manpage and comments. 84 85 86 o Jeff Layton <jlayton@redhat.com> 87 * Build cifs.upcall by default on Linux. 88 * Fix negatively instantiate keys on error in cifs.upcall. 89 * Handle handle MSKRB5 OID properly in cifs.upcall. 90 * Bump SPNEGO msg version number and don't reject old versions in 91 cifs.upcall. 92 * Fix several problems when mounting subdirectories of shares in 93 mount.cifs. 94 * Don't prompt for password on krb5 mounts in mount.cifs. 95 * Have uppercase_string return success on NULL pointer in mount.cifs. 96 * Make return codes match the return codes for /bin/mount in mount.cifs. 97 * Use lock/unlock_mtab scheme from util-linux-ng mount prog. 98 99 100 o Volker Lendecke <vl@samba.org> 101 * BUG 5965: Fix creation of the first share using SWAT. 102 * Fix bug triggered by the RAW-SAMBA3OPLOCKLOGOFF test. 103 104 105 o David Leonard <David.Leonard@quest.com> 106 * BUG 4516: No IPv6 on Solaris 2.6. 107 108 109 o Igor Mammedov <niallain@gmail.com> 110 * Add support for cifs.spnego helper into configure and Makefile.in. 111 * Add checks for spnego prereq keyutils.h and kerberos in configure.in. 112 * Add helper source for handling cifs kernel module upcall for kerberos 113 authorization. 114 * Add -c option to set service prefix to "cifs" in service principal by 115 default service prefix "host" is used. 116 * Add support for cifs.resolver upcall. 117 118 119 o Stefan Metzmacher <metze@samba.org> 120 * Correctly detect if the current dc is the closest one. 121 * For CLDAP we need to use get_sorted_dc_list() to avoid recursion. 122 * Add fallback to return all dcs, when none is available in the requested 123 site. 124 * Add saf_join_store() function to memorize the dc used at join time. 125 * Return an error instead of crashing when no realm is given. 126 * Handle the SMB signing states the same in the krb5 and ntlmssp cases. 127 128 129 o Andreas Schneider <mail@cynapses.org> 130 * Delete the krb5 ccname variable from the PAM environment if set. 131 * Fix the build of pam_winbind. 132 * Fix circular dependency error with autoconf 2.6.3. 133 134 135 o Simo Sorce <idra@samba.org> 136 * Fix an ifdef check. 137 * Fix warning. 138 139 140 o Yasuma Takeda <yasuma@osstech.co.jp> 141 * BUG 5909: Fix MS-DFS links inlcuding multibyte characters on Vista. 142 143 144 o Andrew Tridgell <tridge@samba.org> 145 * Avoid a race condition in glibc between AIO and setresuid(). 146 * Become root for AIO operations. 147 148 149 o Bo Yang <boyang@novell.com> 150 * Don't set child->requests to NULL in parent after fork. 151 * Backport of the clean event context after fork and krb5 152 refresh chain fixes. 153 * Fix null pointer refrence in event context in backport from v3-3-test. 154 155 156 o Qiao Yang <geoyang@ironport.com> 157 * Fix a memleak. 158 159 160 ###################################################################### 161 Reporting bugs & Development Discussion 162 ####################################### 163 164 Please discuss this release on the samba-technical mailing list or by 165 joining the #samba-technical IRC channel on irc.freenode.net. 166 167 If you do report problems then please try to send high quality 168 feedback. If you don't provide vital information to help us track down 169 the problem then you will probably be ignored. All bug reports should 170 be filed under the Samba 3.0 product in the project's Bugzilla 171 database (https://bugzilla.samba.org/). 172 173 174 ====================================================================== 175 == Our Code, Our Bugs, Our Responsibility. 176 == The Samba Team 177 ====================================================================== 178 179 180 Release notes for older releases follow: 181 -------------------------------------------------- 182 ============================== 183 Release Notes for Samba 3.0.33 184 November, 27 2008 185 ============================== 186 187 188 This is a security release in order to address CVE-2008-4314 ("Potential leak of 189 arbitrary memory contents"). 190 191 o CVE-2008-4314 192 Samba 3.0.29 to 3.2.4 can potentially leak 193 arbitrary memory contents to malicious 194 clients. 195 196 The original security announcement for this and past advisories can 197 be found http://www.samba.org/samba/security/ 198 199 ###################################################################### 200 Changes 201 ####### 202 203 Changes since 3.0.32 204 -------------------- 205 206 207 o Volker Lendecke <vl@samba.org> 208 * Fix for CVE-2008-4314. 209 210 211 -------------------------------------------------- 1 212 =============================== 2 213 Release Notes for Samba 3.0.32 … … 61 272 * Corrections to various man pages. 62 273 63 64 65 66 Release notes for older releases follow:67 274 68 275 -------------------------------------------------- … … 548 755 549 756 550 Release notes for older releases follow:551 552 --------------------------------------------------553 757 554 758 ============================== … … 583 787 584 788 585 586 789 -------------------------------------------------- 587 790 791 =============================== 792 Release Notes for Samba 3.0.27a 793 Nov 20, 2007 794 =============================== 795 796 Samba 3.0.27a is a bug fix release and is the current release 797 for production servers running the Samba 3.0 series. 798 799 Important fixes in 3.0.27a include: 800 801 o A crash bug regression experienced by smbfs clients caused 802 by the fix for CVE-2007-4572. 803 804 805 806 ###################################################################### 807 Changes 808 ####### 809 810 Changes since 3.0.27 811 -------------------- 812 813 o Michael Adam <obnox@samba.org> 814 * BUG 4308: Add missing become_root/unbecome_root around calls of 815 add_aliases. Add same changes in create_token_from_username() 816 surrounding the call to getsampwsid(). 817 * BUG 5083: Make solarisacl_sys_acl_get_fd() return a result when 818 there is one (thereby fixing a memleak). 819 * BUG 5023: Fix smbd's interaction with NFSv4 ACL compatible VFS 820 plugins such as GPFS and ZFS. 821 822 823 o Jeremy Allison <jra@samba.org> 824 * BUG 4978: Ensure that DOS attributes are copied with folders. 825 * Fix bug where tdb lock call interrupted with an alarm sig would 826 not terminate and could lead to runaway smbd processes. 827 * Fix smbd crash bug which resulted from a regression in the patch 828 for CVE-2007-4572 patch. 829 * Prevent nmbd from adding non-initialized name to IP address 830 mappings to it's WINS database. 831 832 833 o Dmitry Butskoy <buc@odusz.so-cdu.ru> 834 * Properly catch errors in the query_user() callback to avoid 835 generated struct passwd replies with zero length usernames. 836 837 838 o Gerald (Jerry) Carter <jerry@samba.org> 839 * Prevent segv in winbindd running on a DC using the "idmap 840 backend" syntax. 841 842 843 o Steve Langasek <vorlon@debian.org> 844 * BUG 4781: Allow cleaning of /etc/mtab by canonicalizing mountpoint. 845 846 847 o Volker Lendecke <vl@samba.org> 848 * BUG 4028: Fix message popup sent via "smbclient -M". 849 * BUG 4984: Filename unix_convert() fixes for WinNT 4.0 clients. 850 851 852 o Stefan Metzmacher <metze@samba.org> 853 * Fix crash bug in pidl generated client code caused by 854 [in,out,unique] pointers. 855 * Fix crash bug in the group mapping code. 856 857 858 o Heinrich Mislik <Heinrich.Mislik@univie.ac.at> 859 * Fixes for AIX quota support. 860 861 862 o Tomasz Ostrowski <tometzky@batory.org.pl> 863 * BUG 4393: Prevent smbclient from dropping 0 bytes files from tar 864 archives. 865 866 867 o Simo Sorce <idra@samba.org> 868 * Fixes for internal idmap domain list when "winbind trusted 869 domains only" is enabled. 870 * Fix 32/64-bit compatibility issues in the winbind request/response 871 structures. 872 873 874 o Martin Zielinski <mz@seh.de> 875 * Error code path fix for get_mydnsdomname(). 876 877 878 879 -------------------------------------------------- 880 881 ============================== 882 Release Notes for Samba 3.0.27 883 Nov 15, 2007 884 ============================== 885 886 Samba 3.0.27 is a security release in order to address the following 887 defects: 888 889 o CVE-2007-4572 890 Stack buffer overflow in nmbd's logon request processing. 891 892 o CVE-2007-5398 893 Remote code execution in Samba's WINS server daemon (nmbd) 894 when processing name registration followed name query requests. 895 896 The original security announcement for this and past advisories can 897 be found http://www.samba.org/samba/security/ 898 899 ###################################################################### 900 Changes 901 ####### 902 903 Changes since 3.0.26a 904 --------------------- 905 906 o Jeremy Allison <jra@samba.org> 907 * Fix for CVE-2007-4572. 908 * Fix for CVE-2007-5398. 909 910 911 o Simo Sorce <idra@samba.org> 912 * Additional fixes for CVE-2007-4572. 913 914 915 -------------------------------------------------- 588 916 =============================== 589 917 Release Notes for Samba 3.0.26a 590 918 Sep 11, 2007 591 919 =============================== 592 593 This is a bug fix release of the Samba 3.0.26 code base and is the594 version that servers should be run for for all current bug Samba 3.0.x595 fixes.596 920 597 921 Major bug fixes included in Samba 3.0.26a are: … … 654 978 * BUG 4772: Fix us of ldap_base_dn for the idmap_ldap plugin. 655 979 980 981 Release notes for older releases follow: 656 982 657 983 -------------------------------------------------- -
branches/samba-3.0/packaging/RHEL/makerpms.sh
r158 r165 21 21 USERID=`id -u` 22 22 GRPID=`id -g` 23 VERSION='3.0.3 2'23 VERSION='3.0.34' 24 24 REVISION='' 25 25 SPECFILE="samba.spec" -
branches/samba-3.0/packaging/RHEL/samba.spec
r158 r165 6 6 Packager: Samba Team <samba@samba.org> 7 7 Name: samba 8 Version: 3.0.3 28 Version: 3.0.34 9 9 Release: 1 10 10 Epoch: 0 -
branches/samba-3.0/source/Makefile.in
r134 r165 145 145 # Note that all executable programs now provide for an optional executable suffix. 146 146 147 SBIN_PROGS = bin/smbd@EXEEXT@ bin/nmbd@EXEEXT@ bin/swat@EXEEXT@ @EXTRA_SBIN_PROGS@ 147 SBIN_PROGS = bin/smbd@EXEEXT@ bin/nmbd@EXEEXT@ bin/swat@EXEEXT@ @EXTRA_SBIN_PROGS@ @CIFSUPCALL_PROGS@ 148 148 149 149 ROOT_SBIN_PROGS = @CIFSMOUNT_PROGS@ … … 643 643 UMOUNT_OBJ = client/smbumount.o $(SOCKET_WRAPPER_OBJ) 644 644 645 CIFS_MOUNT_OBJ = client/mount.cifs.o 646 647 CIFS_UMOUNT_OBJ = client/umount.cifs.o 645 CIFS_MOUNT_OBJ = client/mount.cifs.o client/mtab.o 646 647 CIFS_UMOUNT_OBJ = client/umount.cifs.o client/mtab.o 648 649 CIFS_UPCALL_OBJ = client/cifs.upcall.o 648 650 649 651 NMBLOOKUP_OBJ = utils/nmblookup.o $(PARAM_OBJ) $(LIBNMB_OBJ) $(RPC_PARSE_OBJ1) $(DOSERR_OBJ) \ … … 1023 1025 @$(CC) $(FLAGS) -o $@ $(CIFS_UMOUNT_OBJ) $(DYNEXP) $(LDFLAGS) 1024 1026 1027 bin/cifs.upcall@EXEEXT@: $(BINARY_PREREQS) $(CIFS_UPCALL_OBJ) $(LIBSMBCLIENT_OBJ) bin/.dummy 1028 @echo Linking $@ 1029 @$(CC) $(FLAGS) -o $@ $(CIFS_UPCALL_OBJ) $(DYNEXP) $(LDFLAGS) -lkeyutils $(LIBS) \ 1030 $(LIBSMBCLIENT_OBJ) $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) 1031 1025 1032 bin/testparm@EXEEXT@: proto_exists $(TESTPARM_OBJ) @BUILD_POPT@ bin/.dummy 1026 1033 @echo Linking $@ … … 1567 1574 @$(CC) $(FLAGS) -o $@ $(DYNEXP) script/tests/timelimit.o 1568 1575 1569 install: installservers installbin @INSTALL_CIFSMOUNT@ installman installscripts installdat installswat installmodules @INSTALL_LIBSMBCLIENT@ @INSTALL_LIBMSRPC@ @INSTALL_PAM_MODULES@ @INSTALL_LIBSMBSHAREMODES@ 1570 1576 install: installservers installbin @INSTALL_CIFSMOUNT@ @INSTALL_CIFSUPCALL@ installman installscripts installdat installswat installmodules @INSTALL_LIBSMBCLIENT@ @INSTALL_LIBMSRPC@ @INSTALL_PAM_MODULES@ @INSTALL_LIBSMBSHAREMODES@ 1571 1577 1572 1578 install-everything: install installmodules … … 1592 1598 @$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS) $(DESTDIR) $(ROOTSBINDIR) 1593 1599 @$(SHELL) script/installbin.sh $(INSTALLPERMS) $(DESTDIR) $(prefix) $(ROOTSBINDIR) @CIFSMOUNT_PROGS@ 1600 1601 installcifsupcall: @CIFSUPCALL_PROGS@ 1602 @$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(SBINDIR) 1603 @$(SHELL) script/installbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(SBINDIR) @CIFSUPCALL_PROGS@ 1594 1604 1595 1605 # Some symlinks are required for the 'probing' of modules. … … 1710 1720 1711 1721 1712 uninstall: uninstallman uninstallservers uninstallbin @UNINSTALL_CIFSMOUNT@ uninstallscripts uninstalldat uninstallswat uninstallmodules @UNINSTALL_LIBSMBCLIENT@ @UNINSTALL_LIBMSRPC@ @UNINSTALL_PAM_MODULES@ @UNINSTALL_LIBSMBSHAREMODES@1722 uninstall: uninstallman uninstallservers uninstallbin @UNINSTALL_CIFSMOUNT@ @UNINSTALL_CIFSUPCALL@ uninstallscripts uninstalldat uninstallswat uninstallmodules @UNINSTALL_LIBSMBCLIENT@ @UNINSTALL_LIBMSRPC@ @UNINSTALL_PAM_MODULES@ @UNINSTALL_LIBSMBSHAREMODES@ 1713 1723 1714 1724 uninstallman: … … 1723 1733 uninstallcifsmount: 1724 1734 @$(SHELL) script/uninstallbin.sh $(INSTALLPERMS) $(DESTDIR) $(prefix) $(ROOTSBINDIR) @CIFSMOUNT_PROGS@ 1735 1736 uninstallcifsupcall: 1737 @$(SHELL) script/uninstallbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(ROOTSBINDIR) @CIFSUPCALL_PROGS@ 1725 1738 1726 1739 uninstallmodules: -
branches/samba-3.0/source/auth/pampass.c
r1 r165 61 61 */ 62 62 #define COPY_STRING(s) (s) ? SMB_STRDUP(s) : NULL 63 #define COPY_FSTRING(s) (s[0]) ? SMB_STRDUP(s) : NULL 63 64 64 65 /******************************************************************* … … 318 319 #endif 319 320 reply[replies].resp_retcode = PAM_SUCCESS; 320 reply[replies].resp = COPY_ STRING(current_reply);321 reply[replies].resp = COPY_FSTRING(current_reply); 321 322 found = True; 322 323 break; … … 346 347 pwd_sub(current_reply, udp->PAM_username, udp->PAM_password, udp->PAM_newpassword); 347 348 reply[replies].resp_retcode = PAM_SUCCESS; 348 reply[replies].resp = COPY_ STRING(current_reply);349 reply[replies].resp = COPY_FSTRING(current_reply); 349 350 #ifdef DEBUG_PASSWORD 350 351 DEBUG(100,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: We actualy sent: %s\n", current_reply)); -
branches/samba-3.0/source/client/client_proto.h
r134 r165 93 93 NTSTATUS rpccli_net_srv_pwset(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 94 94 const char *machine_name, const uint8 hashed_mach_pwd[16]); 95 NTSTATUS rpccli_net_srv_pwset2(struct rpc_pipe_client *cli, 96 TALLOC_CTX *mem_ctx, 97 const char *machine_name, 98 const char *clear_text_mach_pwd); 95 99 96 100 /* The following definitions come from rpc_client/cli_pipe.c */ … … 232 236 BOOL net_io_q_srv_pwset(const char *desc, NET_Q_SRV_PWSET *q_s, prs_struct *ps, int depth); 233 237 BOOL net_io_r_srv_pwset(const char *desc, NET_R_SRV_PWSET *r_s, prs_struct *ps, int depth); 238 void init_q_srv_pwset2(NET_Q_SRV_PWSET2 *q_s, 239 const char *logon_srv, 240 const char *sess_key, 241 const char *acct_name, 242 uint16 sec_chan, 243 const char *comp_name, 244 DOM_CRED *cred, 245 const char *clear_text_mach_pwd); 246 BOOL net_io_q_srv_pwset2(const char *desc, NET_Q_SRV_PWSET2 *q_s, prs_struct *ps, int depth); 247 BOOL net_io_r_srv_pwset2(const char *desc, NET_R_SRV_PWSET2 *r_s, prs_struct *ps, int depth); 234 248 void init_id_info1(NET_ID_INFO_1 *id, const char *domain_name, 235 249 uint32 param_ctrl, uint32 log_id_low, uint32 log_id_high, -
branches/samba-3.0/source/client/mount.cifs.c
r140 r165 40 40 #include <fcntl.h> 41 41 #include <limits.h> 42 #include "mount.h" 42 43 43 44 #define MOUNT_CIFS_VERSION_MAJOR "1" 44 #define MOUNT_CIFS_VERSION_MINOR "1 0"45 #define MOUNT_CIFS_VERSION_MINOR "12" 45 46 46 47 #ifndef MOUNT_CIFS_VENDOR_SUFFIX … … 65 66 #endif 66 67 68 #define MAX_UNC_LEN 1024 69 67 70 #define CONST_DISCARD(type, ptr) ((type) ((void *) (ptr))) 68 71 … … 76 79 static int got_uid = 0; 77 80 static int got_gid = 0; 78 static int free_share_name = 0;79 81 static char * user_name = NULL; 80 82 static char * mountpassword = NULL; … … 87 89 /* like strncpy but does not 0 fill the buffer and always null 88 90 * terminates. bufsize is the size of the destination buffer */ 89 s ize_t strlcpy(char *d, const char *s, size_t bufsize)91 static size_t strlcpy(char *d, const char *s, size_t bufsize) 90 92 { 91 93 size_t len = strlen(s); … … 101 103 * terminates. bufsize is the length of the buffer, which should 102 104 * be one more than the maximum resulting string length */ 103 s ize_t strlcat(char *d, const char *s, size_t bufsize)105 static size_t strlcat(char *d, const char *s, size_t bufsize) 104 106 { 105 107 size_t len1 = strlen(d); … … 159 161 mountpassword = NULL; 160 162 } 161 exit( 1);163 exit(EX_USAGE); 162 164 } 163 165 … … 220 222 memset(mountpassword,0,64); 221 223 } 222 exit( 1);224 exit(EX_USAGE); 223 225 } else { 224 226 got_user = 1; … … 246 248 memset(mountpassword,0,64); 247 249 } 248 exit( 1);250 exit(EX_USAGE); 249 251 } else { 250 252 if(mountpassword == NULL) { … … 276 278 memset(mountpassword,0,64); 277 279 } 278 exit( 1);280 exit(EX_USAGE); 279 281 } else { 280 282 if(domain_name == NULL) { … … 313 315 if (mountpassword == NULL) { 314 316 printf("malloc failed\n"); 315 exit( 1);317 exit(EX_SYSERR); 316 318 } 317 319 … … 321 323 printf("mount.cifs failed. %s attempting to open password file %s\n", 322 324 strerror(errno),filename); 323 exit( 1);325 exit(EX_SYSERR); 324 326 } 325 327 } … … 333 335 if(filename != NULL) 334 336 close(file_descript); 335 exit( 1);337 exit(EX_SYSERR); 336 338 } else if(rc == 0) { 337 339 if(mountpassword[0] == 0) { … … 477 479 } else if (strncmp(data, "sec", 3) == 0) { 478 480 if (value) { 479 if (!strcmp(value, "none")) 481 if (!strncmp(value, "none", 4) || 482 !strncmp(value, "krb5", 4)) 480 483 got_password = 1; 481 484 } … … 552 555 if (!(pw = getpwnam(value))) { 553 556 printf("bad user name \"%s\"\n", value); 554 exit( 1);557 exit(EX_USAGE); 555 558 } 556 559 snprintf(user, sizeof(user), "%u", pw->pw_uid); … … 568 571 if (!(gr = getgrnam(value))) { 569 572 printf("bad group name \"%s\"\n", value); 570 exit( 1);573 exit(EX_USAGE); 571 574 } 572 575 snprintf(group, sizeof(group), "%u", gr->gr_gid); … … 663 666 if (out == NULL) { 664 667 perror("malloc"); 665 exit( 1);668 exit(EX_SYSERR); 666 669 } 667 670 … … 688 691 if (out == NULL) { 689 692 perror("malloc"); 690 exit( 1);693 exit(EX_SYSERR); 691 694 } 692 695 … … 704 707 if (out == NULL) { 705 708 perror("malloc"); 706 exit( 1);709 exit(EX_SYSERR); 707 710 } 708 711 … … 842 845 } 843 846 847 /* replace all occurances of "from" in a string with "to" */ 848 static void replace_char(char *string, char from, char to, int maxlen) 849 { 850 char *lastchar = string + maxlen; 851 while (string) { 852 string = strchr(string, from); 853 if (string) { 854 *string = to; 855 if (string >= lastchar) 856 return; 857 } 858 } 859 } 860 844 861 /* Note that caller frees the returned buffer if necessary */ 845 862 static char * parse_server(char ** punc_name) 846 863 { 847 864 char * unc_name = *punc_name; 848 int length = strnlen(unc_name, 1024);865 int length = strnlen(unc_name, MAX_UNC_LEN); 849 866 char * share; 850 867 char * ipaddress_string = NULL; … … 852 869 struct in_addr server_ipaddr; 853 870 854 if(length > 1023) {871 if(length > (MAX_UNC_LEN - 1)) { 855 872 printf("mount error: UNC name too long"); 856 873 return NULL; … … 871 888 share = strchr(unc_name,':'); 872 889 if(share) { 873 free_share_name = 1;874 890 *punc_name = (char *)malloc(length+3); 875 891 if(*punc_name == NULL) { … … 879 895 return NULL; 880 896 } 881 882 897 *share = '/'; 883 898 strncpy((*punc_name)+2,unc_name,length); 899 free(unc_name); 884 900 unc_name = *punc_name; 885 901 unc_name[length+2] = 0; … … 895 911 unc_name[1] = '/'; 896 912 unc_name += 2; 897 if ((share = strchr(unc_name, '/')) || 898 (share = strchr(unc_name,'\\'))) { 913 914 /* allow for either delimiter between host and sharename */ 915 if ((share = strpbrk(unc_name, "/\\"))) { 899 916 *share = 0; /* temporarily terminate the string */ 900 917 share += 1; … … 902 919 host_entry = gethostbyname(unc_name); 903 920 } 904 *(share - 1) = '/'; /* put the slash back */ 905 if ((prefixpath = strchr(share, '/'))) { 921 *(share - 1) = '/'; /* put delimiter back */ 922 923 /* we don't convert the prefixpath delimiters since '\\' is a valid char in posix paths */ 924 if ((prefixpath = strpbrk(share, "/\\"))) { 906 925 *prefixpath = 0; /* permanently terminate the string */ 907 926 if (!strlen(++prefixpath)) … … 968 987 }; 969 988 989 /* convert a string to uppercase. return false if the string 990 * wasn't ASCII. Return success on a NULL ptr */ 991 static int 992 uppercase_string(char *string) 993 { 994 if (!string) 995 return 1; 996 997 while (*string) { 998 /* check for unicode */ 999 if ((unsigned char) string[0] & 0x80) 1000 return 0; 1001 *string = toupper((unsigned char) *string); 1002 string++; 1003 } 1004 1005 return 1; 1006 } 1007 970 1008 int main(int argc, char ** argv) 971 1009 { … … 980 1018 char * resolved_path = NULL; 981 1019 char * temp; 1020 char * dev_name; 982 1021 int rc; 983 1022 int rsize = 0; … … 1003 1042 } else { 1004 1043 mount_cifs_usage(); 1005 exit( 1);1044 exit(EX_USAGE); 1006 1045 } 1007 1046 … … 1016 1055 #endif */ 1017 1056 if(argc > 2) { 1018 share_name = argv[1]; 1057 dev_name = argv[1]; 1058 share_name = strndup(argv[1], MAX_UNC_LEN); 1059 if (share_name == NULL) { 1060 fprintf(stderr, "%s: %s", argv[0], strerror(ENOMEM)); 1061 exit(EX_SYSERR); 1062 } 1019 1063 mountpoint = argv[2]; 1064 } else { 1065 mount_cifs_usage(); 1066 exit(EX_USAGE); 1020 1067 } 1021 1068 … … 1039 1086 case 'h': /* help */ 1040 1087 mount_cifs_usage (); 1041 exit( 1);1088 exit(EX_USAGE); 1042 1089 case 'n': 1043 1090 ++nomtab; … … 1096 1143 if (*ep) { 1097 1144 printf("bad uid value \"%s\"\n", optarg); 1098 exit( 1);1145 exit(EX_USAGE); 1099 1146 } 1100 1147 } else { … … 1103 1150 if (!(pw = getpwnam(optarg))) { 1104 1151 printf("bad user name \"%s\"\n", optarg); 1105 exit( 1);1152 exit(EX_USAGE); 1106 1153 } 1107 1154 uid = pw->pw_uid; … … 1116 1163 if (*ep) { 1117 1164 printf("bad gid value \"%s\"\n", optarg); 1118 exit( 1);1165 exit(EX_USAGE); 1119 1166 } 1120 1167 } else { … … 1123 1170 if (!(gr = getgrnam(optarg))) { 1124 1171 printf("bad user name \"%s\"\n", optarg); 1125 exit( 1);1172 exit(EX_USAGE); 1126 1173 } 1127 1174 gid = gr->gr_gid; … … 1153 1200 printf("unknown mount option %c\n",c); 1154 1201 mount_cifs_usage(); 1155 exit( 1);1156 } 1157 } 1158 1159 if((argc < 3) || ( share_name == NULL) || (mountpoint == NULL)) {1202 exit(EX_USAGE); 1203 } 1204 } 1205 1206 if((argc < 3) || (dev_name == NULL) || (mountpoint == NULL)) { 1160 1207 mount_cifs_usage(); 1161 exit( 1);1208 exit(EX_USAGE); 1162 1209 } 1163 1210 … … 1176 1223 1177 1224 if (orgoptions && parse_options(&orgoptions, &flags)) { 1178 rc = -1;1225 rc = EX_USAGE; 1179 1226 goto mount_exit; 1180 1227 } … … 1182 1229 if((ipaddr == NULL) && (got_ip == 0)) { 1183 1230 printf("No ip address specified and hostname not found\n"); 1184 rc = -1;1231 rc = EX_USAGE; 1185 1232 goto mount_exit; 1186 1233 } … … 1197 1244 if(chdir(mountpoint)) { 1198 1245 printf("mount error: can not change directory into mount target %s\n",mountpoint); 1199 rc = -1;1246 rc = EX_USAGE; 1200 1247 goto mount_exit; 1201 1248 } … … 1203 1250 if(stat (".", &statbuf)) { 1204 1251 printf("mount error: mount point %s does not exist\n",mountpoint); 1205 rc = -1;1252 rc = EX_USAGE; 1206 1253 goto mount_exit; 1207 1254 } … … 1209 1256 if (S_ISDIR(statbuf.st_mode) == 0) { 1210 1257 printf("mount error: mount point %s is not a directory\n",mountpoint); 1211 rc = -1;1258 rc = EX_USAGE; 1212 1259 goto mount_exit; 1213 1260 } … … 1222 1269 } else { 1223 1270 printf("mount error: permission denied or not superuser and mount.cifs not installed SUID\n"); 1224 return -1;1271 exit(EX_USAGE); 1225 1272 } 1226 1273 } … … 1237 1284 mountpassword = (char *)calloc(65,1); 1238 1285 if (!tmp_pass || !mountpassword) { 1239 printf("Password not entered, exiting .\n");1240 return -1;1286 printf("Password not entered, exiting\n"); 1287 exit(EX_USAGE); 1241 1288 } 1242 1289 strncpy(mountpassword, tmp_pass, 64); … … 1257 1304 printf("No server share name specified\n"); 1258 1305 printf("\nMounting the DFS root for server not implemented yet\n"); 1259 exit( 1);1306 exit(EX_USAGE); 1260 1307 } 1261 1308 if(user_name) … … 1274 1321 if(options == NULL) { 1275 1322 printf("Could not allocate memory for mount options\n"); 1276 return -1;1323 exit(EX_SYSERR); 1277 1324 } 1278 1325 … … 1326 1373 if(verboseflag) 1327 1374 printf("\nmount.cifs kernel mount options %s \n",options); 1328 if(mount(share_name, mountpoint, "cifs", flags, options)) { 1375 1376 /* convert all '\\' to '/' in share portion so that /proc/mounts looks pretty */ 1377 replace_char(dev_name, '\\', '/', strlen(share_name)); 1378 1379 if(mount(dev_name, mountpoint, "cifs", flags, options)) { 1329 1380 /* remember to kill daemon on error */ 1330 char * tmp;1331 1332 1381 switch (errno) { 1333 1382 case 0: … … 1340 1389 if(retry == 0) { 1341 1390 retry = 1; 1342 tmp = share_name; 1343 while (*tmp && !(((unsigned char)tmp[0]) & 0x80)) { 1344 *tmp = toupper((unsigned char)*tmp); 1345 tmp++; 1346 } 1347 if(!*tmp) { 1391 if (uppercase_string(dev_name) && 1392 uppercase_string(share_name) && 1393 uppercase_string(prefixpath)) { 1348 1394 printf("retrying with upper case share name\n"); 1349 1395 goto mount_retry; … … 1354 1400 } 1355 1401 printf("Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)\n"); 1356 rc = -1; 1357 goto mount_exit; 1402 rc = EX_FAIL; 1358 1403 } else { 1404 atexit(unlock_mtab); 1405 rc = lock_mtab(); 1406 if (rc) { 1407 printf("cannot lock mtab"); 1408 goto mount_exit; 1409 } 1359 1410 pmntfile = setmntent(MOUNTED, "a+"); 1360 if(pmntfile) { 1361 mountent.mnt_fsname = share_name; 1362 mountent.mnt_dir = mountpoint; 1363 mountent.mnt_type = CONST_DISCARD(char *,"cifs"); 1364 mountent.mnt_opts = (char *)malloc(220); 1365 if(mountent.mnt_opts) { 1366 char * mount_user = getusername(); 1367 memset(mountent.mnt_opts,0,200); 1368 if(flags & MS_RDONLY) 1369 strlcat(mountent.mnt_opts,"ro",220); 1370 else 1371 strlcat(mountent.mnt_opts,"rw",220); 1372 if(flags & MS_MANDLOCK) 1373 strlcat(mountent.mnt_opts,",mand",220); 1374 if(flags & MS_NOEXEC) 1375 strlcat(mountent.mnt_opts,",noexec",220); 1376 if(flags & MS_NOSUID) 1377 strlcat(mountent.mnt_opts,",nosuid",220); 1378 if(flags & MS_NODEV) 1379 strlcat(mountent.mnt_opts,",nodev",220); 1380 if(flags & MS_SYNCHRONOUS) 1381 strlcat(mountent.mnt_opts,",synch",220); 1382 if(mount_user) { 1383 if(getuid() != 0) { 1384 strlcat(mountent.mnt_opts,",user=",220); 1385 strlcat(mountent.mnt_opts,mount_user,220); 1386 } 1387 /* free(mount_user); do not free static mem */ 1388 } 1389 } 1390 mountent.mnt_freq = 0; 1391 mountent.mnt_passno = 0; 1392 rc = addmntent(pmntfile,&mountent); 1393 endmntent(pmntfile); 1394 if(mountent.mnt_opts) { 1395 free(mountent.mnt_opts); 1396 mountent.mnt_opts = NULL; 1397 } 1398 } else { 1399 printf("could not update mount table\n"); 1400 } 1401 } 1402 rc = 0; 1411 if (!pmntfile) { 1412 printf("could not update mount table\n"); 1413 unlock_mtab(); 1414 rc = EX_FILEIO; 1415 goto mount_exit; 1416 } 1417 mountent.mnt_fsname = dev_name; 1418 mountent.mnt_dir = mountpoint; 1419 mountent.mnt_type = CONST_DISCARD(char *,"cifs"); 1420 mountent.mnt_opts = (char *)malloc(220); 1421 if(mountent.mnt_opts) { 1422 char * mount_user = getusername(); 1423 memset(mountent.mnt_opts,0,200); 1424 if(flags & MS_RDONLY) 1425 strlcat(mountent.mnt_opts,"ro",220); 1426 else 1427 strlcat(mountent.mnt_opts,"rw",220); 1428 if(flags & MS_MANDLOCK) 1429 strlcat(mountent.mnt_opts,",mand",220); 1430 if(flags & MS_NOEXEC) 1431 strlcat(mountent.mnt_opts,",noexec",220); 1432 if(flags & MS_NOSUID) 1433 strlcat(mountent.mnt_opts,",nosuid",220); 1434 if(flags & MS_NODEV) 1435 strlcat(mountent.mnt_opts,",nodev",220); 1436 if(flags & MS_SYNCHRONOUS) 1437 strlcat(mountent.mnt_opts,",sync",220); 1438 if(mount_user) { 1439 if(getuid() != 0) { 1440 strlcat(mountent.mnt_opts, 1441 ",user=", 220); 1442 strlcat(mountent.mnt_opts, 1443 mount_user, 220); 1444 } 1445 } 1446 } 1447 mountent.mnt_freq = 0; 1448 mountent.mnt_passno = 0; 1449 rc = addmntent(pmntfile,&mountent); 1450 endmntent(pmntfile); 1451 unlock_mtab(); 1452 if(mountent.mnt_opts) { 1453 free(mountent.mnt_opts); 1454 mountent.mnt_opts = NULL; 1455 } 1456 if (rc) 1457 rc = EX_FILEIO; 1458 } 1403 1459 mount_exit: 1404 1460 if(mountpassword) { … … 1425 1481 } 1426 1482 1427 if(free_share_name) { 1428 free(share_name); 1429 share_name = NULL; 1430 } 1431 return rc; 1483 free(share_name); 1484 exit(rc); 1432 1485 } -
branches/samba-3.0/source/client/umount.cifs.c
r124 r165 35 35 #include <string.h> 36 36 #include <mntent.h> 37 #include "mount.h" 37 38 38 39 #define UNMOUNT_CIFS_VERSION_MAJOR "0" 39 #define UNMOUNT_CIFS_VERSION_MINOR " 5"40 #define UNMOUNT_CIFS_VERSION_MINOR "6" 40 41 41 42 #ifndef UNMOUNT_CIFS_VENDOR_SUFFIX … … 139 140 } 140 141 141 static int lock_mtab(void)142 {143 int rc;144 145 rc = mknod(MOUNTED_LOCK , 0600, 0);146 if(rc == -1)147 printf("\ngetting lock file %s failed with %s\n",MOUNTED_LOCK,148 strerror(errno));149 150 return rc;151 152 }153 154 static void unlock_mtab(void)155 {156 unlink(MOUNTED_LOCK);157 }158 159 142 static int remove_from_mtab(char * mountpoint) 160 143 { … … 170 153 /* Do we first need to check if it is writable? */ 171 154 155 atexit(unlock_mtab); 172 156 if (lock_mtab()) { 173 157 printf("Mount table locked\n"); -
branches/samba-3.0/source/configure.in
r140 r165 315 315 AC_SUBST(INSTALL_CIFSMOUNT) 316 316 AC_SUBST(UNINSTALL_CIFSMOUNT) 317 AC_SUBST(CIFSUPCALL_PROGS) 318 AC_SUBST(INSTALL_CIFSUPCALL) 319 AC_SUBST(UNINSTALL_CIFSUPCALL) 317 320 AC_SUBST(EXTRA_SBIN_PROGS) 318 321 AC_SUBST(EXTRA_ALL_TARGETS) … … 2870 2873 # look for a method of setting the effective uid 2871 2874 seteuid=no; 2875 2876 if test $seteuid = no; then 2877 AC_CACHE_CHECK([for setreuid],samba_cv_USE_SETREUID,[ 2878 AC_TRY_RUN([ 2879 #define AUTOCONF_TEST 1 2880 #define USE_SETREUID 1 2881 #include "confdefs.h" 2882 #include "${srcdir-.}/lib/util_sec.c"], 2883 samba_cv_USE_SETREUID=yes,samba_cv_USE_SETREUID=no,samba_cv_USE_SETREUID=cross)]) 2884 if test x"$samba_cv_USE_SETREUID" = x"yes"; then 2885 seteuid=yes;AC_DEFINE(USE_SETREUID,1,[Whether setreuid() is available]) 2886 fi 2887 fi 2888 2889 # we check for setresuid second as it conflicts with AIO on Linux. 2890 # see http://samba.org/~tridge/junkcode/aio_uid.c 2872 2891 if test $seteuid = no; then 2873 2892 AC_CACHE_CHECK([for setresuid],samba_cv_USE_SETRESUID,[ … … 2880 2899 if test x"$samba_cv_USE_SETRESUID" = x"yes"; then 2881 2900 seteuid=yes;AC_DEFINE(USE_SETRESUID,1,[Whether setresuid() is available]) 2882 fi2883 fi2884 2885 2886 if test $seteuid = no; then2887 AC_CACHE_CHECK([for setreuid],samba_cv_USE_SETREUID,[2888 AC_TRY_RUN([2889 #define AUTOCONF_TEST 12890 #define USE_SETREUID 12891 #include "confdefs.h"2892 #include "${srcdir-.}/lib/util_sec.c"],2893 samba_cv_USE_SETREUID=yes,samba_cv_USE_SETREUID=no,samba_cv_USE_SETREUID=cross)])2894 if test x"$samba_cv_USE_SETREUID" = x"yes"; then2895 seteuid=yes;AC_DEFINE(USE_SETREUID,1,[Whether setreuid() is available])2896 2901 fi 2897 2902 fi … … 4219 4224 INSTALL_CIFSMOUNT="installcifsmount" 4220 4225 UNINSTALL_CIFSMOUNT="uninstallcifsmount" 4226 ;; 4227 *) 4228 AC_MSG_RESULT(no) 4229 ;; 4230 esac ] 4231 ) 4232 4233 ################################################# 4234 # check for cifs.upcall support 4235 AC_CHECK_HEADERS([keyutils.h], [HAVE_KEYUTILS_H=1], [HAVE_KEYUTILS_H=0]) 4236 CIFSUPCALL_PROGS="" 4237 INSTALL_CIFSUPCALL="" 4238 UNINSTALL_CIFSUPCALL="" 4239 AC_MSG_CHECKING(whether to build cifs.upcall) 4240 AC_ARG_WITH(cifsupcall, 4241 [ --with-cifsupcall Include cifs.upcall (Linux only) support (default=yes)], 4242 [ case "$withval" in 4243 no) 4244 AC_MSG_RESULT(no) 4245 ;; 4246 *) 4247 case "$host_os" in 4248 *linux*) 4249 if test x"$use_ads" != x"yes"; then 4250 AC_MSG_ERROR(ADS support should be enabled for building cifs.upcall) 4251 elif test x"$HAVE_KEYUTILS_H" != "x1"; then 4252 AC_MSG_ERROR(keyutils package is required for cifs.upcall) 4253 else 4254 AC_MSG_RESULT(yes) 4255 AC_DEFINE(WITH_CIFSUPCALL,1,[whether to build cifs.upcall]) 4256 CIFSUPCALL_PROGS="bin/cifs.upcall" 4257 INSTALL_CIFSUPCALL="installcifsupcall" 4258 UNINSTALL_CIFSUPCALL="uninstallcifsupcall" 4259 fi 4260 ;; 4261 *) 4262 AC_MSG_ERROR(not on a linux system!) 4263 ;; 4264 esac 4265 ;; 4266 esac ], 4267 [ case "$host_os" in 4268 *linux*) 4269 if test x"$use_ads" != x"yes"; then 4270 AC_MSG_WARN(ADS support should be enabled for building cifs.upcall) 4271 elif test x"$HAVE_KEYUTILS_H" != "x1"; then 4272 AC_MSG_WARN(keyutils package is required for cifs.upcall) 4273 else 4274 AC_MSG_RESULT(yes) 4275 AC_DEFINE(WITH_CIFSUPCALL,1,[whether to build cifs.upcall]) 4276 CIFSUPCALL_PROGS="bin/cifs.upcall" 4277 INSTALL_CIFSUPCALL="installcifsupcall" 4278 UNINSTALL_CIFSUPCALL="uninstallcifsupcall" 4279 fi 4221 4280 ;; 4222 4281 *) -
branches/samba-3.0/source/include/ads.h
r124 r165 57 57 char *client_site_name; 58 58 time_t current_time; 59 int tried_closest_dc;60 59 } config; 61 60 } ADS_STRUCT; -
branches/samba-3.0/source/include/config.h.in
r124 r165 716 716 #undef HAVE_KERNEL_SHARE_MODES 717 717 718 /* Define to 1 if you have the <keyutils.h> header file. */ 719 #undef HAVE_KEYUTILS_H 720 718 721 /* Whether to have KRB5 support */ 719 722 #undef HAVE_KRB5 … … 2460 2463 /* Whether to build mount.cifs and umount.cifs */ 2461 2464 #undef WITH_CIFSMOUNT 2465 2466 /* whether to build cifs.upcall */ 2467 #undef WITH_CIFSUPCALL 2462 2468 2463 2469 /* Whether to include DFS support */ … … 2570 2576 # undef _POSIX_PTHREAD_SEMANTICS 2571 2577 #endif 2578 #ifndef _TANDEM_SOURCE 2579 # undef _TANDEM_SOURCE 2580 #endif 2572 2581 2573 2582 /* Whether to build auth_builtin as shared module */ -
branches/samba-3.0/source/include/rpc_dce.h
r134 r165 105 105 #define NETLOGON_NEG_SCHANNEL 0x40000000 106 106 107 #define NETLOGON_NEG_PASSWORD_SET2 0x00020000 108 107 109 /* The 7 here seems to be required to get Win2k not to downgrade us 108 110 to NT4. Actually, anything other than 1ff would seem to do... */ -
branches/samba-3.0/source/include/rpc_netlogon.h
r44 r165 43 43 #define NET_DSR_GETDCNAMEEX 0x1b 44 44 #define NET_DSR_GETSITENAME 0x1c 45 #define NET_SRVPWSET2 0x1e 45 46 #define NET_DSR_GETDCNAMEEX2 0x22 46 47 #define NET_SAMLOGON_EX 0x27 … … 530 531 NTSTATUS status; /* return code */ 531 532 } NET_R_SRV_PWSET; 533 534 typedef struct net_crypt_password { 535 uint8_t data[512]; 536 uint32_t length; 537 } NET_CRYPT_PWD; 538 539 /* NET_Q_SRV_PWSET2 */ 540 typedef struct net_q_srv_pwset2_info { 541 DOM_CLNT_INFO clnt_id; /* client identification/authentication info */ 542 NET_CRYPT_PWD pwd; /* new password */ 543 } NET_Q_SRV_PWSET2; 544 545 /* NET_R_SRV_PWSET2 */ 546 typedef struct net_r_srv_pwset2_info { 547 DOM_CRED srv_cred; /* server-calculated credentials */ 548 NTSTATUS status; /* return code */ 549 } NET_R_SRV_PWSET2; 532 550 533 551 /* NET_ID_INFO_2 */ -
branches/samba-3.0/source/include/smb.h
r140 r165 29 29 30 30 /* logged when starting the various Samba daemons */ 31 #define COPYRIGHT_STARTUP_MESSAGE "Copyright Andrew Tridgell and the Samba Team 1992-200 8"31 #define COPYRIGHT_STARTUP_MESSAGE "Copyright Andrew Tridgell and the Samba Team 1992-2009" 32 32 33 33 … … 1564 1564 1565 1565 /* LDAP SSL options */ 1566 enum ldap_ssl_types {LDAP_SSL_O N, LDAP_SSL_OFF, LDAP_SSL_START_TLS};1566 enum ldap_ssl_types {LDAP_SSL_OFF, LDAP_SSL_START_TLS}; 1567 1567 1568 1568 /* LDAP PASSWD SYNC methods */ -
branches/samba-3.0/source/lib/charcnv.c
r124 r165 1 /* 1 /* 2 2 Unix SMB/CIFS implementation. 3 3 Character set conversion Extensions … … 6 6 Copyright (C) Simo Sorce 2001 7 7 Copyright (C) Martin Pool 2003 8 8 9 9 This program is free software; you can redistribute it and/or modify 10 10 it under the terms of the GNU General Public License as published by 11 11 the Free Software Foundation; either version 2 of the License, or 12 12 (at your option) any later version. 13 13 14 14 This program is distributed in the hope that it will be useful, 15 15 but WITHOUT ANY WARRANTY; without even the implied warranty of 16 16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 17 GNU General Public License for more details. 18 18 19 19 You should have received a copy of the GNU General Public License 20 20 along with this program; if not, write to the Free Software … … 35 35 * 36 36 * @brief Character-set conversion routines built on our iconv. 37 * 37 * 38 38 * @note Samba's internal character set (at least in the 3.0 series) 39 39 * is always the same as the one for the Unix filesystem. It is … … 145 145 const char *n2 = charset_name((charset_t)c2); 146 146 if (conv_handles[c1][c2] && 147 148 147 strcmp(n1, conv_handles[c1][c2]->from_name) == 0 && 148 strcmp(n2, conv_handles[c1][c2]->to_name) == 0) 149 149 continue; 150 150 … … 202 202 203 203 static size_t convert_string_internal(charset_t from, charset_t to, 204 void const *src, size_t srclen,205 204 void const *src, size_t srclen, 205 void *dest, size_t destlen, BOOL allow_bad_conv) 206 206 { 207 207 size_t i_len, o_len; … … 237 237 retval = smb_iconv(descriptor, &inbuf, &i_len, &outbuf, &o_len); 238 238 if(retval==(size_t)-1) { 239 239 const char *reason="unknown error"; 240 240 switch(errno) { 241 241 case EINVAL: … … 247 247 break; 248 248 case E2BIG: 249 reason="No more room"; 249 reason="No more room"; 250 250 if (!conv_silent) { 251 251 if (from == CH_UNIX) { … … 278 278 use_as_is: 279 279 280 /* 280 /* 281 281 * Conversion not supported. This is actually an error, but there are so 282 282 * many misconfigured iconv systems and smb.conf's out there we can't just … … 376 376 377 377 size_t convert_string(charset_t from, charset_t to, 378 void const *src, size_t srclen,379 378 void const *src, size_t srclen, 379 void *dest, size_t destlen, BOOL allow_bad_conv) 380 380 { 381 381 /* … … 518 518 * 519 519 * Ensure the srclen contains the terminating zero. 520 * 520 * 521 521 * I hate the goto's in this function. It's embarressing..... 522 522 * There has to be a cleaner way to do this. JRA. … … 524 524 525 525 size_t convert_string_allocate(TALLOC_CTX *ctx, charset_t from, charset_t to, 526 526 void const *src, size_t srclen, void *dst, BOOL allow_bad_conv) 527 527 { 528 528 size_t i_len, o_len, destlen = (srclen * 3) / 2; … … 584 584 &inbuf, &i_len, 585 585 &outbuf, &o_len); 586 if(retval == (size_t)-1) {587 586 if(retval == (size_t)-1) { 587 const char *reason="unknown error"; 588 588 switch(errno) { 589 589 case EINVAL: … … 595 595 break; 596 596 case E2BIG: 597 goto convert; 597 goto convert; 598 598 case EILSEQ: 599 599 reason="Illegal multibyte sequence"; … … 630 630 ob[destlen] = '\0'; 631 631 ob[destlen+1] = '\0'; 632 632 633 return destlen; 633 634 634 635 use_as_is: 635 636 636 /* 637 /* 637 638 * Conversion not supported. This is actually an error, but there are so 638 639 * many misconfigured iconv systems and smb.conf's out there we can't just … … 720 721 * 721 722 * @param srclen length of source buffer. 722 * @param dest always set at least to NULL 723 * @param dest always set at least to NULL 723 724 * @note -1 is not accepted for srclen. 724 725 * … … 726 727 **/ 727 728 size_t convert_string_talloc(TALLOC_CTX *ctx, charset_t from, charset_t to, 728 729 729 void const *src, size_t srclen, void *dst, 730 BOOL allow_bad_conv) 730 731 { 731 732 void **dest = (void **)dst; … … 745 746 size_t size; 746 747 smb_ucs2_t *buffer; 747 748 748 749 size = push_ucs2_allocate(&buffer, src); 749 750 if (size == (size_t)-1) { … … 754 755 return srclen; 755 756 } 756 757 757 758 size = convert_string(CH_UTF16LE, CH_UNIX, buffer, size, dest, destlen, True); 758 759 free(buffer); … … 797 798 798 799 strupper_w(buffer); 799 800 800 801 size = convert_string(CH_UTF16LE, CH_UNIX, buffer, -1, out_buffer, sizeof(out_buffer), True); 801 802 if (size == (size_t)-1) { … … 811 812 size_t size; 812 813 smb_ucs2_t *buffer = NULL; 813 814 814 815 size = convert_string_allocate(NULL, CH_UNIX, CH_UTF16LE, src, srclen, 815 816 (void **)(void *)&buffer, True); 816 817 if (size == (size_t)-1 || !buffer) { 817 818 smb_panic("failed to create UCS2 buffer"); … … 835 836 smb_ucs2_t *buffer = NULL; 836 837 char *out_buffer; 837 838 838 839 size = push_ucs2_allocate(&buffer, s); 839 840 if (size == -1 || !buffer) { … … 842 843 843 844 strlower_w(buffer); 844 845 845 846 size = pull_ucs2_allocate(&out_buffer, buffer); 846 847 SAFE_FREE(buffer); … … 849 850 return NULL; 850 851 } 851 852 852 853 return out_buffer; 853 854 } … … 879 880 size_t src_len = strlen(src); 880 881 pstring tmpbuf; 881 882 883 884 885 882 size_t ret; 883 884 /* No longer allow a length of -1 */ 885 if (dest_len == (size_t)-1) 886 smb_panic("push_ascii - dest_len == -1"); 886 887 887 888 if (flags & STR_UPPER) { … … 894 895 src_len++; 895 896 896 ret =convert_string(CH_UNIX, CH_DOS, src, src_len, dest, dest_len, True); 897 if (ret == (size_t)-1 && 898 (flags & (STR_TERMINATE | STR_TERMINATE_ASCII)) 899 && dest_len > 0) { 900 ((char *)dest)[0] = '\0'; 901 } 902 return ret; 903 897 ret =convert_string(CH_UNIX, CH_DOS, src, src_len, dest, dest_len, True); 898 if (ret == (size_t)-1 && 899 (flags & (STR_TERMINATE | STR_TERMINATE_ASCII)) 900 && dest_len > 0) { 901 ((char *)dest)[0] = '\0'; 902 } 903 return ret; 904 904 } 905 905 … … 1030 1030 * <dl> 1031 1031 * <dt>STR_TERMINATE <dd>means include the null termination. 1032 * <dt>STR_UPPER 1032 * <dt>STR_UPPER <dd>means uppercase in the destination. 1033 1033 * <dt>STR_NOALIGN <dd>means don't do alignment. 1034 1034 * </dl> … … 1094 1094 * allocating a buffer using talloc(). 1095 1095 * 1096 * @param dest always set at least to NULL 1096 * @param dest always set at least to NULL 1097 1097 * 1098 1098 * @returns The number of bytes occupied by the string in the destination 1099 * 1099 * or -1 in case of error. 1100 1100 **/ 1101 1101 size_t push_ucs2_talloc(TALLOC_CTX *ctx, smb_ucs2_t **dest, const char *src) … … 1111 1111 * Copy a string from a unix char* src to a UCS2 destination, allocating a buffer 1112 1112 * 1113 * @param dest always set at least to NULL 1113 * @param dest always set at least to NULL 1114 1114 * 1115 1115 * @returns The number of bytes occupied by the string in the destination 1116 * 1116 * or -1 in case of error. 1117 1117 **/ 1118 1118 … … 1130 1130 Flags can have: 1131 1131 STR_TERMINATE means include the null termination 1132 STR_UPPER 1132 STR_UPPER means uppercase in the destination 1133 1133 dest_len is the maximum length allowed in the destination. If dest_len 1134 1134 is -1 then no maxiumum is used. … … 1164 1164 * Copy a string from a unix char* src to a UTF-8 destination, allocating a buffer using talloc 1165 1165 * 1166 * @param dest always set at least to NULL 1166 * @param dest always set at least to NULL 1167 1167 * 1168 1168 * @returns The number of bytes occupied by the string in the destination … … 1180 1180 * Copy a string from a unix char* src to a UTF-8 destination, allocating a buffer 1181 1181 * 1182 * @param dest always set at least to NULL 1182 * @param dest always set at least to NULL 1183 1183 * 1184 1184 * @returns The number of bytes occupied by the string in the destination … … 1190 1190 1191 1191 *dest = NULL; 1192 return convert_string_allocate(NULL, CH_UNIX, CH_UTF8, src, src_len, (void **)dest, True); 1192 return convert_string_allocate(NULL, CH_UNIX, CH_UTF8, src, src_len, (void **)dest, True); 1193 1193 } 1194 1194 … … 1231 1231 if (src_len != (size_t)-1) 1232 1232 src_len &= ~1; 1233 1233 1234 1234 ret = convert_string(CH_UTF16LE, CH_UNIX, src, src_len, dest, dest_len, True); 1235 1235 if (ret == (size_t)-1) { … … 1239 1239 if (src_len == (size_t)-1) 1240 1240 src_len = ret*2; 1241 1241 1242 1242 if (dest_len && ret) { 1243 1243 /* Did we already process the terminating zero ? */ … … 1265 1265 * Copy a string from a UCS2 src to a unix char * destination, allocating a buffer using talloc 1266 1266 * 1267 * @param dest always set at least to NULL 1267 * @param dest always set at least to NULL 1268 1268 * 1269 1269 * @returns The number of bytes occupied by the string in the destination … … 1280 1280 * Copy a string from a UCS2 src to a unix char * destination, allocating a buffer 1281 1281 * 1282 * @param dest always set at least to NULL 1282 * @param dest always set at least to NULL 1283 1283 * 1284 1284 * @returns The number of bytes occupied by the string in the destination … … 1295 1295 * Copy a string from a UTF-8 src to a unix char * destination, allocating a buffer using talloc 1296 1296 * 1297 * @param dest always set at least to NULL 1297 * @param dest always set at least to NULL 1298 1298 * 1299 1299 * @returns The number of bytes occupied by the string in the destination … … 1310 1310 * Copy a string from a UTF-8 src to a unix char * destination, allocating a buffer 1311 1311 * 1312 * @param dest always set at least to NULL 1312 * @param dest always set at least to NULL 1313 1313 * 1314 1314 * @returns The number of bytes occupied by the string in the destination … … 1321 1321 return convert_string_allocate(NULL, CH_UTF8, CH_UNIX, src, src_len, (void **)dest, True); 1322 1322 } 1323 1323 1324 1324 /** 1325 1325 * Copy a string from a DOS src to a unix char * destination, allocating a buffer using talloc 1326 1326 * 1327 * @param dest always set at least to NULL 1327 * @param dest always set at least to NULL 1328 1328 * 1329 1329 * @returns The number of bytes occupied by the string in the destination … … 1339 1339 /** 1340 1340 Copy a string from a char* src to a unicode or ascii 1341 dos codepage destination choosing unicode or ascii based on the 1341 dos codepage destination choosing unicode or ascii based on the 1342 1342 flags in the SMB buffer starting at base_ptr. 1343 1343 Return the number of bytes occupied by the string in the destination. 1344 1344 flags can have: 1345 1345 STR_TERMINATE means include the null termination. 1346 STR_UPPER 1347 STR_ASCII 1346 STR_UPPER means uppercase in the destination. 1347 STR_ASCII use ascii even with unicode packet. 1348 1348 STR_NOALIGN means don't do alignment. 1349 1349 dest_len is the maximum length allowed in the destination. If dest_len … … 1370 1370 1371 1371 if (!(flags & STR_ASCII) && \ 1372 1373 1372 ((flags & STR_UNICODE || \ 1373 (SVAL(base_ptr, smb_flg2) & FLAGS2_UNICODE_STRINGS)))) { 1374 1374 return push_ucs2(base_ptr, dest, src, dest_len, flags); 1375 1375 } … … 1384 1384 STR_TERMINATE means the string in src is null terminated. 1385 1385 STR_UNICODE means to force as unicode. 1386 STR_ASCII 1386 STR_ASCII use ascii even with unicode packet. 1387 1387 STR_NOALIGN means don't do alignment. 1388 1388 if STR_TERMINATE is set then src_len is ignored is it is -1 … … 1400 1400 1401 1401 if (!(flags & STR_ASCII) && \ 1402 1403 1402 ((flags & STR_UNICODE || \ 1403 (SVAL(base_ptr, smb_flg2) & FLAGS2_UNICODE_STRINGS)))) { 1404 1404 return pull_ucs2(base_ptr, dest, src, dest_len, src_len, flags); 1405 1405 } … … 1410 1410 { 1411 1411 if (!(flags & STR_ASCII) && \ 1412 1413 1412 ((flags & STR_UNICODE || \ 1413 (SVAL(base_ptr, smb_flg2) & FLAGS2_UNICODE_STRINGS)))) { 1414 1414 return ucs2_align(base_ptr, p, flags); 1415 1415 } … … 1434 1434 #ifdef __OS2__ 1435 1435 size_t ilen_max; 1436 size_t olen_orig; 1437 const char *inbuf; 1436 1438 #endif 1437 1439 size_t ilen_orig; 1438 1440 size_t ilen; 1439 size_t olen_orig;1440 1441 size_t olen; 1441 const char *inbuf; 1442 1442 1443 char *outbuf; 1443 1444 … … 1491 1492 break; 1492 1493 1494 1493 1495 case EINVAL : 1494 1496 #ifndef __OS2__ -
branches/samba-3.0/source/lib/debug.c
r124 r165 693 693 * loop check do a new check as root. 694 694 */ 695 695 696 if( geteuid() != 0 ) 696 697 return; … … 715 716 } 716 717 } 718 717 719 /* 718 720 * Here's where we need to panic if dbf == NULL.. -
branches/samba-3.0/source/lib/events.c
r1 r165 65 65 DEBUG(10, ("Destroying timed event %lx \"%s\"\n", (unsigned long)te, 66 66 te->event_name)); 67 DLIST_REMOVE(te->event_ctx->timed_events, te); 67 if (te->event_ctx) { 68 DLIST_REMOVE(te->event_ctx->timed_events, te); 69 } 68 70 return 0; 69 71 } … … 135 137 struct event_context *event_ctx = fde->event_ctx; 136 138 137 DLIST_REMOVE(event_ctx->fd_events, fde); 139 if (event_ctx) { 140 DLIST_REMOVE(event_ctx->fd_events, fde); 141 } 138 142 return 0; 139 143 } … … 298 302 } 299 303 304 static int event_context_destructor(struct event_context *ev) 305 { 306 while (ev->fd_events != NULL) { 307 ev->fd_events->event_ctx = NULL; 308 DLIST_REMOVE(ev->fd_events, ev->fd_events); 309 } 310 while (ev->timed_events != NULL) { 311 ev->timed_events->event_ctx = NULL; 312 DLIST_REMOVE(ev->timed_events, ev->timed_events); 313 } 314 return 0; 315 } 316 317 void event_context_reinit(struct event_context *ev) 318 { 319 event_context_destructor(ev); 320 return; 321 } 322 300 323 struct event_context *event_context_init(TALLOC_CTX *mem_ctx) 301 324 { 302 return TALLOC_ZERO_P(NULL, struct event_context); 303 } 304 305 int set_event_dispatch_time(struct event_context *event_ctx, 306 const char *event_name, struct timeval when) 307 { 308 struct timed_event *te; 309 310 for (te = event_ctx->timed_events; te; te = te->next) { 311 if (strcmp(event_name, te->event_name) == 0) { 312 DLIST_REMOVE(event_ctx->timed_events, te); 313 te->when = when; 314 add_event_by_time(te); 315 return 1; 316 } 317 } 318 return 0; 319 } 320 321 /* Returns 1 if event was found and cancelled, 0 otherwise. */ 322 323 int cancel_named_event(struct event_context *event_ctx, 324 const char *event_name) 325 { 326 struct timed_event *te; 327 328 for (te = event_ctx->timed_events; te; te = te->next) { 329 if (strcmp(event_name, te->event_name) == 0) { 330 TALLOC_FREE(te); 331 return 1; 332 } 333 } 334 return 0; 335 } 325 struct event_context *result; 326 327 result = TALLOC_ZERO_P(mem_ctx, struct event_context); 328 if (result == NULL) { 329 return NULL; 330 } 331 332 talloc_set_destructor(result, event_context_destructor); 333 return result; 334 } -
branches/samba-3.0/source/lib/genrand.c
r1 r165 29 29 static void (*reseed_callback)(int *newseed); 30 30 31 32 31 /**************************************************************** 33 32 Copy any user given reseed data. -
branches/samba-3.0/source/lib/iconv.c
r62 r165 187 187 } 188 188 189 189 190 /* otherwise we have to do it chunks at a time */ 190 191 while (*inbytesleft > 0) { -
branches/samba-3.0/source/lib/interfaces.c
r1 r165 83 83 #include "interfaces.h" 84 84 85 #if defHAVE_IFACE_IFCONF85 #if HAVE_IFACE_IFCONF 86 86 87 87 /* this works for Linux 2.2, Solaris 2.5, SunOS4, HPUX 10.20, OSF1 -
branches/samba-3.0/source/lib/messages.c
r62 r165 128 128 0, TDB_CLEAR_IF_FIRST|TDB_DEFAULT, 129 129 O_RDWR|O_CREAT,0600); 130 130 131 if (!tdb) { 131 132 DEBUG(0,("ERROR: Failed to initialise messages database\n")); -
branches/samba-3.0/source/lib/replace/autoconf-2.60.m4
r39 r165 180 180 # Enable extensions on systems that normally disable them, 181 181 # typically due to standards-conformance issues. 182 m4_ifndef([AC_USE_SYSTEM_EXTENSIONS],[ 182 183 AC_DEFUN([AC_USE_SYSTEM_EXTENSIONS], 183 184 [ … … 209 210 AC_DEFINE([_POSIX_PTHREAD_SEMANTICS]) 210 211 ]) 212 ]) -
branches/samba-3.0/source/lib/select.c
r33 r165 29 29 This means all Samba signal handlers should call sys_select_signal(). 30 30 */ 31 31 32 static pid_t initialised; 32 33 static int select_pipe[2]; … … 95 96 errno = 0; 96 97 ret = select(maxfd,readfds2,writefds,errorfds,tval); 98 97 99 if (ret <= 0) { 98 100 FD_ZERO(readfds2); -
branches/samba-3.0/source/lib/util.c
r105 r165 1992 1992 SMB_STRUCT_FLOCK lock; 1993 1993 int ret; 1994 1995 DEBUG(8,("fcntl_lock fd=%d op=%d offset=%.0f count=%.0f type=%d\n", 1996 fd,op,(double)offset,(double)count,type)); 1994 1997 1995 1998 lock.l_type = type; … … 3335 3338 return talloc_named_const(context, size, name); 3336 3339 } 3340 3341 bool reinit_after_fork(struct messaging_context *msg_ctx, 3342 struct event_context *ev_ctx, 3343 bool parent_longlived) 3344 { 3345 set_need_random_reseed(); 3346 if (tdb_reopen_all(parent_longlived ? 1 : 0) == -1) { 3347 DEBUG(0, ("tdb_reopen_all failed.\n")); 3348 return false; 3349 } 3350 event_context_reinit(ev_ctx); 3351 return true; 3352 } -
branches/samba-3.0/source/lib/util_sock.c
r161 r165 155 155 {"TCP_KEEPINTVL", IPPROTO_TCP, TCP_KEEPINTVL, 0, OPT_INT}, 156 156 #endif 157 #if defined(IPTOS_LOWDELAY) && !defined(TCPV40HDRS)157 #ifdef IPTOS_LOWDELAY 158 158 {"IPTOS_LOWDELAY", IPPROTO_IP, IP_TOS, IPTOS_LOWDELAY, OPT_ON}, 159 159 #endif 160 #if defined(IPTOS_THROUGHPUT) && !defined(TCPV40HDRS)160 #ifdef IPTOS_THROUGHPUT 161 161 {"IPTOS_THROUGHPUT", IPPROTO_IP, IP_TOS, IPTOS_THROUGHPUT, OPT_ON}, 162 162 #endif -
branches/samba-3.0/source/lib/util_tdb.c
r134 r165 82 82 tdb_setalarm_sigptr(tdb, NULL); 83 83 CatchSignal(SIGALRM, SIGNAL_CAST SIG_IGN); 84 if (gotalarm ) {84 if (gotalarm && (ret == -1)) { 85 85 DEBUG(0,("tdb_chainlock_with_timeout_internal: alarm (%u) timed out for key %s in tdb %s\n", 86 86 timeout, key.dptr, tdb_name(tdb))); -
branches/samba-3.0/source/libads/ldap.c
r134 r165 157 157 } 158 158 159 if (ads->config.client_site_name == NULL) { 160 DEBUG(10,("ads_closest_dc: client belongs to no site\n")); 161 return True; 162 } 163 159 164 DEBUG(10,("ads_closest_dc: %s is not the closest DC\n", 160 165 ads->config.ldap_server_name)); … … 244 249 static NTSTATUS ads_find_dc(ADS_STRUCT *ads) 245 250 { 251 const char *c_domain; 246 252 const char *c_realm; 247 253 int count, i=0; 248 254 struct ip_service *ip_list; 255 pstring domain; 249 256 pstring realm; 250 257 BOOL got_realm = False; … … 278 285 c_realm = lp_workgroup(); 279 286 } 280 281 if ( !c_realm || !*c_realm ) { 282 DEBUG(0,("ads_find_dc: no realm or workgroup! Don't know what to do\n")); 283 return NT_STATUS_INVALID_PARAMETER; /* rather need MISSING_PARAMETER ... */ 284 } 285 } 286 287 } 288 289 if ( !c_realm || !*c_realm ) { 290 DEBUG(0,("ads_find_dc: no realm or workgroup! Don't know what to do\n")); 291 return NT_STATUS_INVALID_PARAMETER; /* rather need MISSING_PARAMETER ... */ 292 } 293 294 if ( use_own_domain ) { 295 c_domain = lp_workgroup(); 296 } else { 297 c_domain = ads->server.workgroup; 298 } 299 300 pstrcpy( domain, c_domain ); 287 301 pstrcpy( realm, c_realm ); 288 302 303 /* 304 * In case of LDAP we use get_dc_name() as that 305 * creates the custom krb5.conf file 306 */ 307 if (!(ads->auth.flags & ADS_AUTH_NO_BIND)) { 308 fstring srv_name; 309 struct in_addr ip_out; 310 311 DEBUG(6,("ads_find_dc: (ldap) looking for %s '%s'\n", 312 (got_realm ? "realm" : "domain"), realm)); 313 314 if (get_dc_name(domain, realm, srv_name, &ip_out)) { 315 /* 316 * we call ads_try_connect() to fill in the 317 * ads->config details 318 */ 319 if (ads_try_connect(ads, srv_name)) { 320 return NT_STATUS_OK; 321 } 322 } 323 324 return NT_STATUS_NO_LOGON_SERVERS; 325 } 326 289 327 sitename = sitename_fetch(realm); 290 328 291 329 again: 292 330 293 DEBUG(6,("ads_find_dc: looking for %s '%s'\n",331 DEBUG(6,("ads_find_dc: (cldap) looking for %s '%s'\n", 294 332 (got_realm ? "realm" : "domain"), realm)); 295 333 … … 436 474 /* cache the successful connection for workgroup and realm */ 437 475 if (ads_closest_dc(ads)) { 438 saf_store( ads->server.workgroup, inet_ntoa(ads->ldap_ip));439 saf_store( ads->server.realm, inet_ntoa(ads->ldap_ip));476 saf_store( ads->server.workgroup, ads->config.ldap_server_name); 477 saf_store( ads->server.realm, ads->config.ldap_server_name); 440 478 } 441 479 -
branches/samba-3.0/source/libsmb/cliconnect.c
r140 r165 539 539 #define BASE_SESSSETUP_BLOB_PACKET_SIZE (35 + 24 + 22) 540 540 541 static BOOL cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob , DATA_BLOB session_key_krb5)541 static BOOL cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob) 542 542 { 543 543 int32 remaining = blob.length; … … 563 563 remaining -= max_blob_size; 564 564 } else { 565 DATA_BLOB null_blob = data_blob(NULL, 0);566 567 565 send_blob.length = remaining; 568 566 remaining = 0; 569 570 /* This is the last packet in the sequence - turn signing on. */571 cli_simple_set_signing(cli, session_key_krb5, null_blob);572 567 } 573 568 … … 617 612 DATA_BLOB negTokenTarg; 618 613 DATA_BLOB session_key_krb5; 614 DATA_BLOB null_blob = data_blob(NULL, 0); 615 NTSTATUS nt_status; 616 BOOL res; 619 617 int rc; 618 619 cli_temp_set_signing(cli); 620 620 621 621 DEBUG(2,("Doing kerberos session setup\n")); … … 634 634 #endif 635 635 636 if (!cli_session_setup_blob(cli, negTokenTarg, session_key_krb5)) { 637 data_blob_free(&negTokenTarg); 638 data_blob_free(&session_key_krb5); 639 return ADS_ERROR_NT(cli_nt_error(cli)); 636 if (!cli_session_setup_blob(cli, negTokenTarg)) { 637 nt_status = cli_nt_error(cli); 638 goto nt_error; 639 } 640 641 if (cli_is_error(cli)) { 642 nt_status = cli_nt_error(cli); 643 if (NT_STATUS_IS_OK(nt_status)) { 644 nt_status = NT_STATUS_UNSUCCESSFUL; 645 } 646 goto nt_error; 640 647 } 641 648 642 649 cli_set_session_key(cli, session_key_krb5); 650 651 res = cli_simple_set_signing(cli, session_key_krb5, null_blob); 652 if (res) { 653 /* 'resign' the last message, so we get the right sequence numbers 654 for checking the first reply from the server */ 655 cli_calculate_sign_mac(cli); 656 657 if (!cli_check_sign_mac(cli)) { 658 nt_status = NT_STATUS_ACCESS_DENIED; 659 goto nt_error; 660 } 661 } 643 662 644 663 data_blob_free(&negTokenTarg); 645 664 data_blob_free(&session_key_krb5); 646 665 647 if (cli_is_error(cli)) { 648 if (NT_STATUS_IS_OK(cli_nt_error(cli))) { 649 return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); 650 } 651 } 652 return ADS_ERROR_NT(cli_nt_error(cli)); 666 return ADS_ERROR_NT(NT_STATUS_OK); 667 668 nt_error: 669 data_blob_free(&negTokenTarg); 670 data_blob_free(&session_key_krb5); 671 cli->vuid = 0; 672 return ADS_ERROR_NT(nt_status); 653 673 } 654 674 #endif /* HAVE_KRB5 */ -
branches/samba-3.0/source/libsmb/libsmbclient.c
r134 r165 4527 4527 */ 4528 4528 if (ipc_cli && (all || some_nt || all_nt_acls)) { 4529 pstring targetpath; 4530 struct cli_state *targetcli; 4531 4529 4532 /* Point to the portion after "system.nt_sec_desc." */ 4530 4533 name += 19; /* if (all) this will be invalid but unused */ 4531 4534 4535 if (!cli_resolve_path("", cli, filename, 4536 &targetcli, targetpath)) 4537 { 4538 d_printf("Could not resolve %s\n", filename); 4539 return -1; 4540 } 4541 4532 4542 /* ... then obtain any NT attributes which were requested */ 4533 fnum = cli_nt_create( cli, filename, CREATE_ACCESS_READ);4543 fnum = cli_nt_create(targetcli, targetpath, CREATE_ACCESS_READ); 4534 4544 4535 4545 if (fnum == -1) { 4536 4546 DEBUG(5, ("cacl_get failed to open %s: %s\n", 4537 filename, cli_errstr(cli)));4547 targetpath, cli_errstr(targetcli))); 4538 4548 errno = 0; 4539 4549 return -1; 4540 4550 } 4541 4551 4542 sd = cli_query_secdesc( cli, fnum, ctx);4552 sd = cli_query_secdesc(targetcli, fnum, ctx); 4543 4553 4544 4554 if (!sd) { … … 4549 4559 } 4550 4560 4551 cli_close( cli, fnum);4561 cli_close(targetcli, fnum); 4552 4562 4553 4563 if (! exclude_nt_revision) { … … 5149 5159 BOOL numeric = True; 5150 5160 5161 pstring targetpath; 5162 struct cli_state *targetcli; 5163 5151 5164 /* the_acl will be null for REMOVE_ALL operations */ 5152 5165 if (the_acl) { … … 5178 5191 } 5179 5192 5193 if (!cli_resolve_path("", cli, filename, 5194 &targetcli, targetpath)) 5195 { 5196 d_printf("Could not resolve %s\n", filename); 5197 errno = ENOENT; 5198 return -1; 5199 } 5200 5180 5201 /* The desired access below is the only one I could find that works 5181 5202 with NT4, W2KP and Samba */ 5182 5203 5183 fnum = cli_nt_create( cli, filename, CREATE_ACCESS_READ);5204 fnum = cli_nt_create(targetcli, targetpath, CREATE_ACCESS_READ); 5184 5205 5185 5206 if (fnum == -1) { 5186 5207 DEBUG(5, ("cacl_set failed to open %s: %s\n", 5187 filename, cli_errstr(cli)));5208 targetpath, cli_errstr(targetcli))); 5188 5209 errno = 0; 5189 5210 return -1; 5190 5211 } 5191 5212 5192 old = cli_query_secdesc( cli, fnum, ctx);5213 old = cli_query_secdesc(targetcli, fnum, ctx); 5193 5214 5194 5215 if (!old) { … … 5198 5219 } 5199 5220 5200 cli_close( cli, fnum);5221 cli_close(targetcli, fnum); 5201 5222 5202 5223 switch (mode) { … … 5287 5308 owner_sid, group_sid, NULL, dacl, &sd_size); 5288 5309 5289 fnum = cli_nt_create( cli, filename,5310 fnum = cli_nt_create(targetcli, targetpath, 5290 5311 WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS); 5291 5312 5292 5313 if (fnum == -1) { 5293 5314 DEBUG(5, ("cacl_set failed to open %s: %s\n", 5294 filename, cli_errstr(cli)));5315 targetpath, cli_errstr(targetcli))); 5295 5316 errno = 0; 5296 5317 return -1; 5297 5318 } 5298 5319 5299 if (!cli_set_secdesc( cli, fnum, sd)) {5300 DEBUG(5, ("ERROR: secdesc set failed: %s\n", cli_errstr( cli)));5320 if (!cli_set_secdesc(targetcli, fnum, sd)) { 5321 DEBUG(5, ("ERROR: secdesc set failed: %s\n", cli_errstr(targetcli))); 5301 5322 ret = -1; 5302 5323 } … … 5305 5326 5306 5327 failed: 5307 cli_close( cli, fnum);5328 cli_close(targetcli, fnum); 5308 5329 5309 5330 if (err != 0) { -
branches/samba-3.0/source/libsmb/namequery.c
r140 r165 35 35 #define SAFKEY_FMT "SAF/DOMAIN/%s" 36 36 #define SAF_TTL 900 37 #define SAFJOINKEY_FMT "SAFJOIN/DOMAIN/%s" 38 #define SAFJOIN_TTL 3600 37 39 38 40 static char *saf_key(const char *domain) … … 41 43 42 44 asprintf( &keystr, SAFKEY_FMT, strupper_static(domain) ); 45 46 return keystr; 47 } 48 49 static char *saf_join_key(const char *domain) 50 { 51 char *keystr; 52 53 asprintf( &keystr, SAFJOINKEY_FMT, strupper_static(domain) ); 43 54 44 55 return keystr; … … 68 79 69 80 key = saf_key( domain ); 70 expire = time( NULL ) + SAF_TTL;81 expire = time( NULL ) + lp_parm_int(-1, "saf","ttl", SAF_TTL); 71 82 72 83 … … 81 92 } 82 93 94 BOOL saf_join_store( const char *domain, const char *servername ) 95 { 96 char *key; 97 time_t expire; 98 BOOL ret = False; 99 100 if ( !domain || !servername ) { 101 DEBUG(2,("saf_join_store: Refusing to store empty domain or servername!\n")); 102 return False; 103 } 104 105 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) { 106 DEBUG(0,("saf_join_store: refusing to store 0 length domain or servername!\n")); 107 return False; 108 } 109 110 if ( !gencache_init() ) 111 return False; 112 113 key = saf_join_key( domain ); 114 expire = time( NULL ) + lp_parm_int(-1, "saf","join ttl", SAFJOIN_TTL); 115 116 DEBUG(10,("saf_join_store: domain = [%s], server = [%s], expire = [%u]\n", 117 domain, servername, (unsigned int)expire )); 118 119 ret = gencache_set( key, servername, expire ); 120 121 SAFE_FREE( key ); 122 123 return ret; 124 } 125 83 126 BOOL saf_delete( const char *domain ) 84 127 { … … 94 137 return False; 95 138 139 key = saf_join_key(domain); 140 ret = gencache_del(key); 141 SAFE_FREE(key); 142 143 if (ret) { 144 DEBUG(10,("saf_delete[join]: domain = [%s]\n", domain )); 145 } 146 96 147 key = saf_key(domain); 97 148 ret = gencache_del(key); 98 149 SAFE_FREE(key); 150 99 151 if (ret) { 100 152 DEBUG(10,("saf_delete: domain = [%s]\n", domain )); 101 153 } 102 103 SAFE_FREE( key );104 154 105 155 return ret; … … 123 173 if ( !gencache_init() ) 124 174 return False; 125 175 176 key = saf_join_key( domain ); 177 178 ret = gencache_get( key, &server, &timeout ); 179 180 SAFE_FREE( key ); 181 182 if ( ret ) { 183 DEBUG(5,("saf_fetch[join]: Returning \"%s\" for \"%s\" domain\n", 184 server, domain )); 185 return server; 186 } 187 126 188 key = saf_key( domain ); 127 189 … … 1649 1711 1650 1712 status = get_dc_list(domain, sitename, ip_list, count, lookup_type, &ordered); 1713 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_LOGON_SERVERS) && sitename) { 1714 DEBUG(3,("get_sorted_dc_list: no server for name %s available" 1715 " in site %s, fallback to all servers\n", 1716 domain, sitename)); 1717 status = get_dc_list(domain, NULL, ip_list, count, 1718 lookup_type, &ordered); 1719 } 1720 1651 1721 if (!NT_STATUS_IS_OK(status)) { 1652 1722 return status; -
branches/samba-3.0/source/libsmb/trusts_util.c
r134 r165 33 33 static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 34 34 const unsigned char orig_trust_passwd_hash[16], 35 const char *new_trust_pwd_cleartext, 35 36 const unsigned char new_trust_passwd_hash[16], 36 37 uint32 sec_channel_type) 37 38 { 38 39 NTSTATUS result; 39 40 /* Check if the netlogon pipe is open using schannel. If so we 41 already have valid creds. If not we must set them up. */ 42 43 if (cli->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) { 44 uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; 45 46 result = rpccli_netlogon_setup_creds(cli, 40 uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; 41 42 result = rpccli_netlogon_setup_creds(cli, 47 43 cli->cli->desthost, /* server name */ 48 44 lp_workgroup(), /* domain */ … … 53 49 &neg_flags); 54 50 55 if (!NT_STATUS_IS_OK(result)) { 56 DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n", 57 nt_errstr(result))); 58 return result; 59 } 60 } 61 62 result = rpccli_net_srv_pwset(cli, mem_ctx, global_myname(), new_trust_passwd_hash); 51 if (!NT_STATUS_IS_OK(result)) { 52 DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n", 53 nt_errstr(result))); 54 return result; 55 } 56 57 if (neg_flags & NETLOGON_NEG_PASSWORD_SET2) { 58 result = rpccli_net_srv_pwset2(cli, mem_ctx, global_myname(), 59 new_trust_pwd_cleartext); 60 } else { 61 result = rpccli_net_srv_pwset(cli, mem_ctx, global_myname(), 62 new_trust_passwd_hash); 63 } 63 64 64 65 if (!NT_STATUS_IS_OK(result)) { … … 96 97 97 98 nt_status = just_change_the_password(cli, mem_ctx, orig_trust_passwd_hash, 99 new_trust_passwd, 98 100 new_trust_passwd_hash, sec_channel_type); 99 101 -
branches/samba-3.0/source/nsswitch/pam_winbind.c
r140 r165 1894 1894 } 1895 1895 1896 /* 1897 * Delete the krb5 ccname variable from the PAM environment 1898 * if it was set by winbind. 1899 */ 1900 if (ctrl & WINBIND_KRB5_AUTH) { 1901 pam_putenv(pamh, "KRB5CCNAME"); 1902 } 1903 1896 1904 _PAM_LOG_FUNCTION_LEAVE("pam_sm_close_session", pamh, ctrl, retval); 1897 1905 -
branches/samba-3.0/source/nsswitch/winbind_nss_solaris.c
r1 r165 361 361 int len = 0; 362 362 struct in_addr *addrp; 363 #if defined(AF_INET6) 363 364 struct in6_addr *addrp6; 365 #endif 364 366 int i; 365 367 … … 393 395 he->h_addr_list = (char **)ROUND_DOWN(addrp, sizeof (char*)); 394 396 he->h_addr_list -= addrcount+1; 395 } else { 397 } 398 #if defined(AF_INET6) 399 else { 396 400 he->h_length = sizeof(struct in6_addr); 397 401 addrp6 = (struct in6_addr *)ROUND_DOWN(buffer + buflen, … … 401 405 he->h_addr_list -= addrcount+1; 402 406 } 407 #endif 403 408 404 409 /* buffer too small?! */ … … 420 425 return NSS_STR_PARSE_ERANGE; 421 426 } 422 } else { 427 } 428 #if defined(AF_INET6) 429 else { 423 430 he->h_addr_list[i] = (char *)&addrp6[i]; 424 431 if (strchr(data, ':') != 0) { … … 436 443 } 437 444 } 445 #endif 438 446 data = p+1; 439 447 } … … 483 491 IPv4 to IPv6. 484 492 */ 493 #if defined(AF_INET6) 485 494 #ifdef HAVE_NSS_XBYY_KEY_IPNODE 486 495 af = argp->key.ipnode.af_family; … … 493 502 af = AF_INET6; 494 503 #endif 504 #endif 495 505 496 506 strncpy(request.data.winsreq, argp->key.name, sizeof(request.data.winsreq) - 1); … … 541 551 ZERO_STRUCT(request); 542 552 553 #if defined(AF_INET6) 543 554 /* winbindd currently does not resolve IPv6 */ 544 555 if(argp->key.hostaddr.type == AF_INET6) { … … 548 559 549 560 p = inet_ntop(argp->key.hostaddr.type, argp->key.hostaddr.addr, 550 request.data.winsreq, INET6_ADDRSTRLEN); 561 request.data.winsreq, sizeof request.data.winsreq); 562 #else 563 snprintf(request.data.winsreq, sizeof request.data.winsreq, 564 "%u.%u.%u.%u", 565 ((unsigned char *)argp->key.hostaddr.addr)[0], 566 ((unsigned char *)argp->key.hostaddr.addr)[1], 567 ((unsigned char *)argp->key.hostaddr.addr)[2], 568 ((unsigned char *)argp->key.hostaddr.addr)[3]); 569 #endif 551 570 552 571 ret = winbindd_request_response(WINBINDD_WINS_BYIP, &request, &response); -
branches/samba-3.0/source/nsswitch/winbindd.c
r158 r165 478 478 } 479 479 480 SAFE_FREE(state->request.extra_data.data);481 480 SAFE_FREE(state->response.extra_data.data); 482 481 … … 513 512 static void request_finished(struct winbindd_cli_state *state) 514 513 { 514 /* Make sure request.extra_data is freed when finish processing a request */ 515 SAFE_FREE(state->request.extra_data.data); 515 516 setup_async_write(&state->fd_event, &state->response, 516 517 sizeof(state->response), response_main_sent, state); … … 669 670 static void remove_client(struct winbindd_cli_state *state) 670 671 { 672 char c = 0; 673 671 674 /* It's a dead client - hold a funeral */ 672 675 … … 674 677 return; 675 678 } 676 679 680 /* tell client, we are closing ... */ 681 write(state->sock, &c, sizeof(c)); 682 677 683 /* Close socket */ 678 684 -
branches/samba-3.0/source/nsswitch/winbindd_ads.c
r39 r165 391 391 } 392 392 393 /* convert a single name to a sid in a domain - use rpc methods */ 394 static NTSTATUS name_to_sid(struct winbindd_domain *domain, 395 TALLOC_CTX *mem_ctx, 396 const char *domain_name, 397 const char *name, 398 DOM_SID *sid, 399 enum lsa_SidType *type) 400 { 401 return reconnect_methods.name_to_sid(domain, mem_ctx, 402 domain_name, name, 403 sid, type); 404 } 405 406 /* convert a domain SID to a user or group name - use rpc methods */ 407 static NTSTATUS sid_to_name(struct winbindd_domain *domain, 408 TALLOC_CTX *mem_ctx, 409 const DOM_SID *sid, 410 char **domain_name, 411 char **name, 412 enum lsa_SidType *type) 413 { 414 return reconnect_methods.sid_to_name(domain, mem_ctx, sid, 415 domain_name, name, type); 416 } 417 418 /* convert a list of rids to names - use rpc methods */ 419 static NTSTATUS rids_to_names(struct winbindd_domain *domain, 420 TALLOC_CTX *mem_ctx, 421 const DOM_SID *sid, 422 uint32 *rids, 423 size_t num_rids, 424 char **domain_name, 425 char ***names, 426 enum lsa_SidType **types) 427 { 428 return reconnect_methods.rids_to_names(domain, mem_ctx, sid, 429 rids, num_rids, 430 domain_name, names, types); 431 } 432 393 433 /* convert a DN to a name, SID and name type 394 434 this might become a major speed bottleneck if groups have … … 830 870 ads_msgfree(ads, msg); 831 871 return status; 872 } 873 874 /* Lookup aliases a user is member of - use rpc methods */ 875 static NTSTATUS lookup_useraliases(struct winbindd_domain *domain, 876 TALLOC_CTX *mem_ctx, 877 uint32 num_sids, const DOM_SID *sids, 878 uint32 *num_aliases, uint32 **alias_rids) 879 { 880 return reconnect_methods.lookup_useraliases(domain, mem_ctx, 881 num_sids, sids, 882 num_aliases, 883 alias_rids); 832 884 } 833 885 … … 1036 1088 } 1037 1089 1090 /* find the lockout policy of a domain - use rpc methods */ 1091 static NTSTATUS lockout_policy(struct winbindd_domain *domain, 1092 TALLOC_CTX *mem_ctx, 1093 SAM_UNK_INFO_12 *policy) 1094 { 1095 return reconnect_methods.lockout_policy(domain, mem_ctx, policy); 1096 } 1097 1098 /* find the password policy of a domain - use rpc methods */ 1099 static NTSTATUS password_policy(struct winbindd_domain *domain, 1100 TALLOC_CTX *mem_ctx, 1101 SAM_UNK_INFO_1 *policy) 1102 { 1103 return reconnect_methods.password_policy(domain, mem_ctx, policy); 1104 } 1105 1038 1106 /* get a list of trusted domains */ 1039 1107 static NTSTATUS trusted_domains(struct winbindd_domain *domain, … … 1114 1182 enum_dom_groups, 1115 1183 enum_local_groups, 1116 msrpc_name_to_sid,1117 msrpc_sid_to_name,1118 msrpc_rids_to_names,1184 name_to_sid, 1185 sid_to_name, 1186 rids_to_names, 1119 1187 query_user, 1120 1188 lookup_usergroups, 1121 msrpc_lookup_useraliases,1189 lookup_useraliases, 1122 1190 lookup_groupmem, 1123 1191 sequence_number, 1124 msrpc_lockout_policy,1125 msrpc_password_policy,1192 lockout_policy, 1193 password_policy, 1126 1194 trusted_domains, 1127 1195 }; -
branches/samba-3.0/source/nsswitch/winbindd_cm.c
r140 r165 162 162 ****************************************************************/ 163 163 164 bool winbindd_reinit_after_fork(const char *logfile); 165 164 166 static BOOL fork_child_dc_connect(struct winbindd_domain *domain) 165 167 { … … 169 171 pid_t child_pid; 170 172 pid_t parent_pid = sys_getpid(); 173 pstring logfile; 171 174 172 175 /* Stop zombies */ … … 198 201 199 202 /* tdb needs special fork handling */ 200 if (tdb_reopen_all(1) == -1) { 201 DEBUG(0,("tdb_reopen_all failed.\n")); 203 if (!override_logfile) { 204 pstr_sprintf(logfile, "%s/log.winbindd-dc-connect", dyn_LOGFILEBASE); 205 } 206 if (!winbindd_reinit_after_fork(logfile)) { 207 DEBUG(0,("winbindd_reinit_after_fork failed.\n")); 208 message_send_pid(pid_to_procid(parent_pid), MSG_WINBIND_FAILED_TO_GO_ONLINE, 209 domain->name, 210 strlen(domain->name)+1, False); 202 211 _exit(0); 203 }204 205 close_conns_after_fork();206 207 if (!override_logfile) {208 pstring logfile;209 pstr_sprintf(logfile, "%s/log.winbindd-dc-connect", dyn_LOGFILEBASE);210 lp_set_logfile(logfile);211 reopen_logs();212 212 } 213 213 … … 352 352 ****************************************************************/ 353 353 354 void ccache_regain_all_now(void); 355 354 356 static void set_domain_online(struct winbindd_domain *domain) 355 357 { 356 struct timeval now;357 358 358 DEBUG(10,("set_domain_online: called for domain %s\n", 359 359 domain->name )); … … 372 372 373 373 /* If we are waiting to get a krb5 ticket, trigger immediately. */ 374 GetTimeOfDay(&now); 375 set_event_dispatch_time(winbind_event_context(), 376 "krb5_ticket_gain_handler", now); 374 ccache_regain_all_now(); 377 375 378 376 /* Ok, we're out of any startup mode now... */ … … 427 425 because network manager seems to lie. 428 426 Wait at least 5 seconds. Heuristics suck... */ 427 GetTimeOfDay(&tev); 428 429 /* Go into "startup" mode again. */ 430 domain->startup_time = tev.tv_sec; 431 domain->startup = True; 432 433 tev.tv_sec += 5; 429 434 430 435 if (!domain->check_online_event) { … … 437 442 domain->name )); 438 443 439 domain->check_online_event = event_add_timed(winbind_event_context(), 440 NULL, 441 timeval_current_ofs(5, 0), 442 "check_domain_online_handler", 443 check_domain_online_handler, 444 domain); 445 446 /* The above *has* to succeed for winbindd to work. */ 447 if (!domain->check_online_event) { 448 smb_panic("set_domain_online_request: failed to add online handler.\n"); 449 } 450 } 451 452 GetTimeOfDay(&tev); 453 454 /* Go into "startup" mode again. */ 455 domain->startup_time = tev.tv_sec; 456 domain->startup = True; 457 458 tev.tv_sec += 5; 459 460 set_event_dispatch_time(winbind_event_context(), "check_domain_online_handler", tev); 444 } 445 TALLOC_FREE(domain->check_online_event); 446 447 domain->check_online_event = event_add_timed(winbind_event_context(), 448 NULL, 449 tev, 450 "check_domain_online_handler", 451 check_domain_online_handler, 452 domain); 453 454 /* The above *has* to succeed for winbindd to work. */ 455 if (!domain->check_online_event) { 456 smb_panic("set_domain_online_request: failed to add online handler.\n"); 457 } 461 458 } 462 459 -
branches/samba-3.0/source/nsswitch/winbindd_cred_cache.c
r124 r165 36 36 37 37 static struct WINBINDD_CCACHE_ENTRY *ccache_list; 38 static void add_krb5_ticket_gain_handler_event(struct WINBINDD_CCACHE_ENTRY *entry, 39 struct timeval t); 38 40 39 41 /* The Krb5 ticket refresh handler should be scheduled … … 71 73 } 72 74 return i; 75 } 76 77 void ccache_remove_all_after_fork(void) 78 { 79 struct WINBINDD_CCACHE_ENTRY *cur; 80 cur = ccache_list; 81 while (cur) { 82 DLIST_REMOVE(ccache_list, cur); 83 TALLOC_FREE(cur->event); 84 TALLOC_FREE(cur); 85 cur = ccache_list; 86 } 87 } 88 89 static void krb5_ticket_gain_handler(struct event_context *event_ctx, 90 struct timed_event *te, 91 const struct timeval *now, 92 void *private_data); 93 static void krb5_ticket_refresh_handler(struct event_context *event_ctx, 94 struct timed_event *te, 95 const struct timeval *now, 96 void *private_data); 97 98 void ccache_regain_all_now(void) 99 { 100 struct WINBINDD_CCACHE_ENTRY *cur; 101 struct timeval t = timeval_current(); 102 103 for (cur = ccache_list; cur; cur = cur->next) { 104 struct timed_event *new_event; 105 106 /* 107 * if refresh_time is 0, we know that the 108 * the event has the krb5_ticket_gain_handler 109 */ 110 if (cur->refresh_time == 0) { 111 new_event = event_add_timed(winbind_event_context(), 112 cur, t, 113 "krb5_ticket_gain_handler", 114 krb5_ticket_gain_handler, 115 cur); 116 } else { 117 new_event = event_add_timed(winbind_event_context(), 118 cur, t, 119 "krb5_ticket_refresh_handler", 120 krb5_ticket_refresh_handler, 121 cur); 122 } 123 if (!new_event) { 124 continue; 125 } 126 127 TALLOC_FREE(cur->event); 128 cur->event = new_event; 129 } 130 return; 131 } 132 133 /**************************************************************** 134 The gain initial ticket is recognized as entry->refresh_time is 135 always zero. 136 ****************************************************************/ 137 138 static void add_krb5_ticket_gain_handler_event(struct WINBINDD_CCACHE_ENTRY *entry, 139 struct timeval t) 140 { 141 entry->refresh_time = 0; 142 entry->event = event_add_timed(winbind_event_context(), entry, 143 t, 144 "krb5_ticket_gain_handler", 145 krb5_ticket_gain_handler, 146 entry); 73 147 } 74 148 … … 87 161 int ret; 88 162 time_t new_start; 163 time_t expire_time = 0; 89 164 struct WINBINDD_MEMORY_CREDS *cred_ptr = entry->cred_ptr; 90 165 #endif … … 98 173 99 174 /* Kinit again if we have the user password and we can't renew the old 100 * tgt anymore */ 101 102 if ((entry->renew_until < time(NULL)) && cred_ptr && cred_ptr->pass) { 103 104 set_effective_uid(entry->uid); 105 106 ret = kerberos_kinit_password_ext(entry->principal_name, 107 cred_ptr->pass, 108 0, /* hm, can we do time correction here ? */ 109 &entry->refresh_time, 110 &entry->renew_until, 111 entry->ccname, 112 False, /* no PAC required anymore */ 113 True, 114 WINBINDD_PAM_AUTH_KRB5_RENEW_TIME); 115 gain_root_privilege(); 116 117 if (ret) { 118 DEBUG(3,("krb5_ticket_refresh_handler: could not re-kinit: %s\n", 119 error_message(ret))); 120 TALLOC_FREE(entry->event); 121 return; 122 } 123 124 DEBUG(10,("krb5_ticket_refresh_handler: successful re-kinit " 125 "for: %s in ccache: %s\n", 126 entry->principal_name, entry->ccname)); 127 175 * tgt anymore 176 * NB 177 * This happens when machine are put to sleep for a very long time. */ 178 179 if (entry->renew_until < time(NULL)) { 180 rekinit: 181 if (cred_ptr && cred_ptr->pass) { 182 183 set_effective_uid(entry->uid); 184 185 ret = kerberos_kinit_password_ext(entry->principal_name, 186 cred_ptr->pass, 187 0, /* hm, can we do time correction here ? */ 188 &entry->refresh_time, 189 &entry->renew_until, 190 entry->ccname, 191 False, /* no PAC required anymore */ 192 True, 193 WINBINDD_PAM_AUTH_KRB5_RENEW_TIME); 194 gain_root_privilege(); 195 196 if (ret) { 197 DEBUG(3,("krb5_ticket_refresh_handler: " 198 "could not re-kinit: %s\n", 199 error_message(ret))); 200 /* destroy the ticket because we cannot rekinit 201 * it, ignore error here */ 202 ads_kdestroy(entry->ccname); 203 204 /* Don't break the ticket refresh chain: retry 205 * refreshing ticket sometime later when KDC is 206 * unreachable -- BoYang. 207 * More error handling here? KRB5_CC_IO, 208 * KRB5KRB_AP_ERR_SKEW. 209 * */ 210 211 if ((ret == KRB5_KDC_UNREACH) 212 || (ret == KRB5_REALM_CANT_RESOLVE)) { 128 213 #if defined(DEBUG_KRB5_TKT_RENEWAL) 129 new_start = time(NULL) + 30; 130 #else 131 /* The tkt should be refreshed at one-half the period 132 from now to the expiration time */ 133 new_start = KRB5_EVENT_REFRESH_TIME(entry->refresh_time); 134 #endif 135 136 goto done; 137 } 214 new_start = time(NULL) + 30; 215 #else 216 new_start = time(NULL) + 217 MAX(30, lp_winbind_cache_time()); 218 #endif 219 /* try to regain ticket here */ 220 add_krb5_ticket_gain_handler_event(entry, 221 timeval_set(new_start, 0)); 222 return; 223 } 224 TALLOC_FREE(entry->event); 225 return; 226 } 227 228 DEBUG(10,("krb5_ticket_refresh_handler: successful re-kinit " 229 "for: %s in ccache: %s\n", 230 entry->principal_name, entry->ccname)); 231 232 #if defined(DEBUG_KRB5_TKT_RENEWAL) 233 new_start = time(NULL) + 30; 234 #else 235 /* The tkt should be refreshed at one-half the period 236 from now to the expiration time */ 237 expire_time = entry->refresh_time; 238 new_start = KRB5_EVENT_REFRESH_TIME(entry->refresh_time); 239 #endif 240 goto done; 241 } else { 242 /* can this happen? 243 * No cached credentials 244 * destroy ticket and refresh chain 245 * */ 246 ads_kdestroy(entry->ccname); 247 TALLOC_FREE(entry->event); 248 return; 249 } 250 } 138 251 139 252 set_effective_uid(entry->uid); … … 146 259 new_start = time(NULL) + 30; 147 260 #else 261 expire_time = new_start; 148 262 new_start = KRB5_EVENT_REFRESH_TIME(new_start); 149 263 #endif … … 156 270 /* maybe we are beyond the renewing window */ 157 271 272 /* evil rises here, we refresh ticket failed, 273 * but the ticket might be expired. Therefore, 274 * When we refresh ticket failed, destory the 275 * ticket */ 276 277 ads_kdestroy(entry->ccname); 278 158 279 /* avoid breaking the renewal chain: retry in lp_winbind_cache_time() 159 * seconds when the KDC was not available right now. */ 160 161 if (ret == KRB5_KDC_UNREACH) { 162 new_start = time(NULL) + MAX(30, lp_winbind_cache_time()); 163 goto done; 164 } 280 * seconds when the KDC was not available right now. 281 * the return code can be KRB5_REALM_CANT_RESOLVE 282 * More error handling here? KRB5_CC_IO, KRB5KRB_AP_ERR_SKEW. */ 283 284 if ((ret == KRB5_KDC_UNREACH) 285 || (ret == KRB5_REALM_CANT_RESOLVE)) { 286 #if defined(DEBUG_KRB5_TKT_RENEWAL) 287 new_start = time(NULL) + 30; 288 #else 289 new_start = time(NULL) + 290 MAX(30, lp_winbind_cache_time()); 291 #endif 292 /* ticket is destroyed here, we have to regain it 293 * if it is possible */ 294 add_krb5_ticket_gain_handler_event(entry, timeval_set(new_start, 0)); 295 return; 296 } 297 /* This is evil, if the ticket was already expired. 298 * renew ticket function returns KRB5KRB_AP_ERR_TKT_EXPIRED. 299 * But there is still a chance that we can rekinit it. 300 * 301 * This happens when user login in online mode, and then network 302 * down or something cause winbind goes offline for a very long time, 303 * and then goes online again. ticket expired, renew failed. 304 * This happens when machine are put to sleep for a long time, 305 * but shorter than entry->renew_util. 306 * NB 307 * Looks like the KDC is reachable, we want to rekinit as soon as 308 * possible instead of waiting some time later. */ 309 if ((ret == KRB5KRB_AP_ERR_TKT_EXPIRED) 310 || (ret == KRB5_FCC_NOFILE)) goto rekinit; 311 165 312 166 313 return; … … 168 315 169 316 done: 170 317 /* in cases that ticket will be unrenewable soon, we don't try to renew ticket 318 * but try to regain ticket if it is possible */ 319 if (entry->renew_until && expire_time 320 && (entry->renew_until <= expire_time)) { 321 /* try to regain ticket 10 seconds beforre expiration */ 322 expire_time -= 10; 323 add_krb5_ticket_gain_handler_event(entry, timeval_set(expire_time, 0)); 324 return; 325 } 326 327 if (!entry->refresh_time) { 328 entry->refresh_time = new_start; 329 } 171 330 entry->event = event_add_timed(winbind_event_context(), entry, 172 331 timeval_set(new_start, 0), … … 231 390 DEBUG(3,("krb5_ticket_gain_handler: could not kinit: %s\n", 232 391 error_message(ret))); 392 /* evil. If we cannot do it, destroy any the __maybe__ 393 * __existing__ ticket */ 394 ads_kdestroy(entry->ccname); 233 395 goto retry_later; 234 396 } … … 241 403 242 404 retry_later: 243 244 entry->event = event_add_timed(winbind_event_context(), entry, 245 timeval_current_ofs(MAX(30, lp_winbind_cache_time()), 0), 246 "krb5_ticket_gain_handler",247 krb5_ticket_gain_handler, 248 entry);405 #if defined(DEBUG_KRB5_TKT_REGAIN) 406 t = timeval_set(time(NULL) + 30, 0); 407 #else 408 t = timeval_current_ofs(MAX(30, lp_winbind_cache_time()), 0); 409 #endif 410 add_krb5_ticket_gain_handler_event(entry, t); 249 411 250 412 return; … … 257 419 t = timeval_set(KRB5_EVENT_REFRESH_TIME(entry->refresh_time), 0); 258 420 #endif 259 421 422 if (!entry->refresh_time) { 423 entry->refresh_time = t.tv_sec; 424 } 260 425 entry->event = event_add_timed(winbind_event_context(), entry, 261 426 t, … … 315 480 { 316 481 struct WINBINDD_CCACHE_ENTRY *entry = NULL; 482 NTSTATUS ntret; 483 #ifdef HAVE_KRB5 484 int ret; 485 #endif 317 486 318 487 if ((username == NULL && princ_name == NULL) || ccname == NULL || uid < 0) { … … 324 493 return NT_STATUS_NO_MORE_ENTRIES; 325 494 } 495 496 /* If it is cached login, destroy krb5 ticket 497 * to avoid surprise. */ 498 #ifdef HAVE_KRB5 499 if (postponed_request) { 500 /* ignore KRB5_FCC_NOFILE error here */ 501 ret = ads_kdestroy(ccname); 502 if (ret == KRB5_FCC_NOFILE) { 503 ret = 0; 504 } 505 if (ret) { 506 DEBUG(0, ("add_ccache_to_list: failed to destroy " 507 "user krb5 ccache %s with %s\n", ccname, 508 error_message(ret))); 509 return krb5_to_nt_status(ret); 510 } else { 511 DEBUG(10, ("add_ccache_to_list: successfully destroyed " 512 "krb5 ccache %s for user %s\n", ccname, 513 username)); 514 } 515 } 516 #endif 326 517 327 518 /* Reference count old entries */ … … 336 527 username, entry->ref_count)); 337 528 /* FIXME: in this case we still might want to have a krb5 cred 338 * event handler created - gd*/ 529 * event handler created - gd 530 * Add ticket refresh handler here */ 531 532 if (!lp_winbind_refresh_tickets() || renew_until <= 0) { 533 return NT_STATUS_OK; 534 } 535 536 if (!entry->event) { 537 struct timeval t; 538 if (postponed_request) { 539 t = timeval_current_ofs(MAX(30, lp_winbind_cache_time()), 0); 540 add_krb5_ticket_gain_handler_event(entry, t); 541 } else { 542 /* Renew at 1/2 the ticket expiration time */ 543 #if defined(DEBUG_KRB5_TKT_RENEWAL) 544 t = timeval_set(time(NULL)+30, 0); 545 #else 546 t = timeval_set(KRB5_EVENT_REFRESH_TIME(ticket_end), 0); 547 #endif 548 if (!entry->refresh_time) { 549 entry->refresh_time = t.tv_sec; 550 } 551 entry->event = event_add_timed(winbind_event_context(), 552 entry, 553 t, 554 "krb5_ticket_refresh_handler", 555 krb5_ticket_refresh_handler, 556 entry); 557 } 558 559 if (!entry->event) { 560 ntret = remove_ccache(username); 561 if (!NT_STATUS_IS_OK(ntret)) { 562 DEBUG(0, ("add_ccache_to_list: Failed to remove krb5 " 563 "ccache %s for user %s\n", entry->ccname, 564 entry->username)); 565 DEBUG(0, ("add_ccache_to_list: error is %s\n", 566 nt_errstr(ntret))); 567 return ntret; 568 } 569 return NT_STATUS_NO_MEMORY; 570 } 571 572 DEBUG(10,("add_ccache_to_list: added krb5_ticket handler\n")); 573 } 574 339 575 return NT_STATUS_OK; 340 576 } … … 382 618 383 619 if (lp_winbind_refresh_tickets() && renew_until > 0) { 620 struct timeval t; 384 621 if (postponed_request) { 385 entry->event = event_add_timed(winbind_event_context(), entry, 386 timeval_current_ofs(MAX(30, lp_winbind_cache_time()), 0), 387 "krb5_ticket_gain_handler", 388 krb5_ticket_gain_handler, 389 entry); 622 add_krb5_ticket_gain_handler_event(entry, t); 390 623 } else { 391 624 /* Renew at 1/2 the ticket expiration time */ 625 #if defined(DEBUG_KRB5_TKT_RENEWAL) 626 t = timeval_set(time(NULL)+30, 0); 627 #else 628 t = timeval_set(KRB5_EVENT_REFRESH_TIME(ticket_end), 0); 629 #endif 630 if (!entry->refresh_time) { 631 entry->refresh_time = t.tv_sec; 632 } 392 633 entry->event = event_add_timed(winbind_event_context(), entry, 393 #if defined(DEBUG_KRB5_TKT_RENEWAL) 394 timeval_set(time(NULL)+30, 0), 395 #else 396 timeval_set(KRB5_EVENT_REFRESH_TIME(ticket_end), 0), 397 #endif 634 t, 398 635 "krb5_ticket_refresh_handler", 399 636 krb5_ticket_refresh_handler, -
branches/samba-3.0/source/nsswitch/winbindd_dual.c
r158 r165 195 195 TALLOC_FREE(state->reply_timeout_event); 196 196 197 SMB_ASSERT(state->child_pid != (pid_t)0); 198 199 /* If not already reaped, send kill signal to child. */ 200 if (state->child->pid == state->child_pid) { 197 /* If child exists and is not already reaped, 198 send kill signal to child. */ 199 200 if ((state->child->pid != (pid_t)0) && 201 (state->child->pid != (pid_t)-1) && 202 (state->child->pid == state->child_pid)) { 201 203 kill(state->child_pid, SIGTERM); 202 204 … … 293 295 } 294 296 297 /* 298 * This may be a reschedule, so we might 299 * have an existing timeout event pending on 300 * the first entry in the child->requests list 301 * (we only send one request at a time). 302 * Ensure we free it before we reschedule. 303 * Bug #5814, from hargagan <shargagan@novell.com>. 304 * JRA. 305 */ 306 307 TALLOC_FREE(request->reply_timeout_event); 308 295 309 if ((child->pid == 0) && (!fork_domain_child(child))) { 296 /* Cancel all outstanding requests */ 310 /* fork_domain_child failed. 311 Cancel all outstanding requests */ 297 312 298 313 while (request != NULL) { 299 314 /* request might be free'd in the continuation */ 300 315 struct winbindd_async_request *next = request->next; 301 request->continuation(request->private_data, False); 316 317 async_request_fail(request); 302 318 request = next; 303 319 } … … 536 552 child->pid = 0; 537 553 554 if (child->requests) { 555 /* 556 * schedule_async_request() will also 557 * clear this event but the call is 558 * idempotent so it doesn't hurt to 559 * cover all possible future code 560 * paths. JRA. 561 */ 562 TALLOC_FREE(child->requests->reply_timeout_event); 563 } 564 538 565 schedule_async_request(child); 539 566 } … … 753 780 { 754 781 struct winbindd_domain *domain; 782 struct winbindd_domain *primary_domain = NULL; 755 783 const char *domainname = (const char *)buf; 756 784 … … 772 800 } 773 801 802 primary_domain = find_our_domain(); 803 774 804 /* Mark the requested domain offline. */ 775 805 … … 781 811 DEBUG(5,("child_msg_offline: marking %s offline.\n", domain->name)); 782 812 set_domain_offline(domain); 813 /* we are in the trusted domain, set the primary domain 814 * offline too */ 815 if (domain != primary_domain) { 816 set_domain_offline(primary_domain); 817 } 783 818 } 784 819 } … … 791 826 { 792 827 struct winbindd_domain *domain; 828 struct winbindd_domain *primary_domain = NULL; 793 829 const char *domainname = (const char *)buf; 794 830 … … 803 839 return; 804 840 } 841 842 primary_domain = find_our_domain(); 805 843 806 844 /* Set our global state as online. */ … … 818 856 winbindd_flush_negative_conn_cache(domain); 819 857 set_domain_online_request(domain); 858 859 /* we can be in trusted domain, which will contact primary domain 860 * we have to bring primary domain online in trusted domain process 861 * see, winbindd_dual_pam_auth() --> winbindd_dual_pam_auth_samlogon() 862 * --> contact_domain = find_our_domain() 863 * */ 864 if (domain != primary_domain) { 865 winbindd_flush_negative_conn_cache(primary_domain); 866 set_domain_online_request(primary_domain); 867 } 820 868 } 821 869 } … … 881 929 } 882 930 931 bool reinit_after_fork(struct messaging_context *msg_ctx, 932 struct event_context *ev_ctx, 933 bool parent_longlived); 934 void ccache_remove_all_after_fork(void); 935 936 bool winbindd_reinit_after_fork(const char *logfile) 937 { 938 struct winbindd_domain *dom; 939 struct winbindd_child *cl; 940 941 if (!reinit_after_fork(NULL, 942 winbind_event_context(), true)) { 943 DEBUG(0, ("reinit_after_fork failed.\n")); 944 return false; 945 } 946 947 close_conns_after_fork(); 948 949 if (!override_logfile && logfile) { 950 lp_set_logfile(logfile); 951 reopen_logs(); 952 } 953 954 /* Don't handle the same messages as our parent. */ 955 message_deregister(MSG_SMB_CONF_UPDATED); 956 message_deregister(MSG_SHUTDOWN); 957 message_deregister(MSG_WINBIND_OFFLINE); 958 message_deregister(MSG_WINBIND_ONLINE); 959 message_deregister(MSG_WINBIND_ONLINESTATUS); 960 961 ccache_remove_all_after_fork(); 962 963 for (dom = domain_list(); dom; dom = dom->next) { 964 TALLOC_FREE(dom->check_online_event); 965 } 966 967 for (cl = children; cl; cl = cl->next) { 968 struct winbindd_async_request *request; 969 970 for (request = cl->requests; request; request = request->next) { 971 TALLOC_FREE(request->reply_timeout_event); 972 } 973 TALLOC_FREE(cl->lockout_policy_event); 974 } 975 976 return true; 977 } 978 883 979 static BOOL fork_domain_child(struct winbindd_child *child) 884 980 { 885 981 int fdpair[2]; 886 982 struct winbindd_cli_state state; 887 struct winbindd_domain *domain;888 983 struct winbindd_domain *primary_domain = NULL; 889 984 … … 916 1011 child->event.fd = fdpair[1]; 917 1012 child->event.flags = 0; 918 child->requests = NULL;919 1013 add_fd_event(&child->event); 920 1014 /* We're ok with online/offline messages now. */ … … 932 1026 933 1027 /* tdb needs special fork handling */ 934 if ( tdb_reopen_all(1) == -1) {935 DEBUG(0, ("tdb_reopen_allfailed.\n"));1028 if (!winbindd_reinit_after_fork(child->logfilename)) { 1029 DEBUG(0, ("winbindd_reinit_after_fork failed.\n")); 936 1030 _exit(0); 937 1031 } 938 939 close_conns_after_fork();940 941 if (!override_logfile) {942 lp_set_logfile(child->logfilename);943 reopen_logs();944 }945 946 /* Don't handle the same messages as our parent. */947 message_deregister(MSG_SMB_CONF_UPDATED);948 message_deregister(MSG_SHUTDOWN);949 message_deregister(MSG_WINBIND_OFFLINE);950 message_deregister(MSG_WINBIND_ONLINE);951 message_deregister(MSG_WINBIND_ONLINESTATUS);952 1032 953 1033 /* The child is ok with online/offline messages now. */ … … 960 1040 NULL); 961 1041 1042 primary_domain = find_our_domain(); 1043 1044 if (primary_domain == NULL) { 1045 smb_panic("no primary domain found"); 1046 } 1047 1048 /* It doesn't matter if we allow cache login, 1049 * try to bring domain online after fork. */ 962 1050 if ( child->domain ) { 963 1051 child->domain->startup = True; 964 1052 child->domain->startup_time = time(NULL); 965 } 966 967 /* Ensure we have no pending check_online events other 968 than one for this domain or the primary domain. */ 969 970 for (domain = domain_list(); domain; domain = domain->next) { 971 if (domain->primary) { 972 primary_domain = domain; 973 } 974 if ((domain != child->domain) && !domain->primary) { 975 TALLOC_FREE(domain->check_online_event); 976 } 977 } 978 979 /* Ensure we're not handling an event inherited from 980 our parent. */ 981 982 cancel_named_event(winbind_event_context(), 983 "krb5_ticket_refresh_handler"); 1053 /* we can be in primary domain or in trusted domain 1054 * If we are in trusted domain, set the primary domain 1055 * in start-up mode */ 1056 if (!(child->domain->internal)) { 1057 set_domain_online_request(child->domain); 1058 if (!(child->domain->primary)) { 1059 primary_domain->startup = True; 1060 primary_domain->startup_time = time(NULL); 1061 set_domain_online_request(primary_domain); 1062 } 1063 } 1064 } 984 1065 985 1066 /* We might be in the idmap child...*/ -
branches/samba-3.0/source/nsswitch/winbindd_nss.h
r124 r165 189 189 190 190 191 #define WBFLAG_PAM_INFO3_NDR 0x0001192 #define WBFLAG_PAM_INFO3_TEXT 0x0002193 #define WBFLAG_PAM_USER_SESSION_KEY 0x0004194 #define WBFLAG_PAM_LMKEY 0x0008195 #define WBFLAG_PAM_CONTACT_TRUSTDOM 0x0010196 #define WBFLAG_QUERY_ONLY 0x00 20197 #define WBFLAG_PAM_UNIX_NAME 0x0080198 #define WBFLAG_PAM_AFS_TOKEN 0x0100199 #define WBFLAG_PAM_NT_STATUS_SQUASH 0x0200191 #define WBFLAG_PAM_INFO3_NDR 0x00000001 192 #define WBFLAG_PAM_INFO3_TEXT 0x00000002 193 #define WBFLAG_PAM_USER_SESSION_KEY 0x00000004 194 #define WBFLAG_PAM_LMKEY 0x00000008 195 #define WBFLAG_PAM_CONTACT_TRUSTDOM 0x00000010 196 #define WBFLAG_QUERY_ONLY 0x00000020 197 #define WBFLAG_PAM_UNIX_NAME 0x00000080 198 #define WBFLAG_PAM_AFS_TOKEN 0x00000100 199 #define WBFLAG_PAM_NT_STATUS_SQUASH 0x00000200 200 200 201 201 /* This is a flag that can only be sent from parent to child */ 202 #define WBFLAG_IS_PRIVILEGED 0x0400202 #define WBFLAG_IS_PRIVILEGED 0x00000400 203 203 /* Flag to say this is a winbindd internal send - don't recurse. */ 204 #define WBFLAG_RECURSE 0x0800 205 206 #define WBFLAG_PAM_KRB5 0x1000 207 #define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x2000 208 #define WBFLAG_PAM_CACHED_LOGIN 0x4000 209 #define WBFLAG_PAM_GET_PWD_POLICY 0x8000 204 #define WBFLAG_RECURSE 0x00000800 205 206 #define WBFLAG_PAM_KRB5 0x00001000 207 #define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x00002000 208 #define WBFLAG_PAM_CACHED_LOGIN 0x00004000 209 #define WBFLAG_PAM_GET_PWD_POLICY 0x00008000 210 #define WBFLAG_BIG_NTLMV2_BLOB 0x00010000 210 211 211 212 #define WINBINDD_MAX_EXTRA_DATA (128*1024) -
branches/samba-3.0/source/nsswitch/winbindd_pam.c
r140 r165 1763 1763 if (state->request.data.auth_crap.lm_resp_len > sizeof(state->request.data.auth_crap.lm_resp) 1764 1764 || state->request.data.auth_crap.nt_resp_len > sizeof(state->request.data.auth_crap.nt_resp)) { 1765 DEBUG(0, ("winbindd_pam_auth_crap: invalid password length %u/%u\n", 1766 state->request.data.auth_crap.lm_resp_len, 1767 state->request.data.auth_crap.nt_resp_len)); 1768 result = NT_STATUS_INVALID_PARAMETER; 1769 goto done; 1765 if (!state->request.flags & WBFLAG_BIG_NTLMV2_BLOB || 1766 state->request.extra_len != state->request.data.auth_crap.nt_resp_len) { 1767 DEBUG(0, ("winbindd_pam_auth_crap: invalid password length %u/%u\n", 1768 state->request.data.auth_crap.lm_resp_len, 1769 state->request.data.auth_crap.nt_resp_len)); 1770 result = NT_STATUS_INVALID_PARAMETER; 1771 goto done; 1772 } 1770 1773 } 1771 1774 1772 1775 lm_resp = data_blob_talloc(state->mem_ctx, state->request.data.auth_crap.lm_resp, 1773 1776 state->request.data.auth_crap.lm_resp_len); 1774 nt_resp = data_blob_talloc(state->mem_ctx, state->request.data.auth_crap.nt_resp, 1775 state->request.data.auth_crap.nt_resp_len); 1777 if (state->request.flags & WBFLAG_BIG_NTLMV2_BLOB) { 1778 nt_resp = data_blob_talloc(state->mem_ctx, 1779 state->request.extra_data.data, 1780 state->request.data.auth_crap.nt_resp_len); 1781 } else { 1782 nt_resp = data_blob_talloc(state->mem_ctx, 1783 state->request.data.auth_crap.nt_resp, 1784 state->request.data.auth_crap.nt_resp_len); 1785 } 1776 1786 1777 1787 /* what domain should we contact? */ -
branches/samba-3.0/source/nsswitch/winbindd_passdb.c
r140 r165 221 221 222 222 if (!pdb_getsampwsid(user, user_sid ) ) { 223 TALLOC_FREE( user ); 223 224 return NT_STATUS_NO_SUCH_USER; 224 225 } -
branches/samba-3.0/source/nsswitch/winbindd_proto.h
r158 r165 199 199 /* The following definitions come from nsswitch/winbindd_cred_cache.c */ 200 200 201 void ccache_remove_all_after_fork(void); 202 void ccache_regain_all_now(void); 201 203 BOOL ccache_entry_exists(const char *username); 202 204 BOOL ccache_entry_identical(const char *username, uid_t uid, const char *ccname); … … 346 348 /* The following definitions come from nsswitch/winbindd_rpc.c */ 347 349 348 NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,349 TALLOC_CTX *mem_ctx,350 const char *domain_name,351 const char *name,352 DOM_SID *sid,353 enum lsa_SidType *type);354 NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain,355 TALLOC_CTX *mem_ctx,356 const DOM_SID *sid,357 char **domain_name,358 char **name,359 enum lsa_SidType *type);360 NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain,361 TALLOC_CTX *mem_ctx,362 const DOM_SID *sid,363 uint32 *rids,364 size_t num_rids,365 char **domain_name,366 char ***names,367 enum lsa_SidType **types);368 NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain,369 TALLOC_CTX *mem_ctx,370 uint32 num_sids, const DOM_SID *sids,371 uint32 *num_aliases, uint32 **alias_rids);372 NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,373 TALLOC_CTX *mem_ctx,374 SAM_UNK_INFO_12 *lockout_policy);375 NTSTATUS msrpc_password_policy(struct winbindd_domain *domain,376 TALLOC_CTX *mem_ctx,377 SAM_UNK_INFO_1 *password_policy);378 350 379 351 /* The following definitions come from nsswitch/winbindd_sid.c */ -
branches/samba-3.0/source/nsswitch/winbindd_rpc.c
r71 r165 236 236 237 237 /* convert a single name to a sid in a domain */ 238 NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,239 240 241 242 243 238 static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, 239 TALLOC_CTX *mem_ctx, 240 const char *domain_name, 241 const char *name, 242 DOM_SID *sid, 243 enum lsa_SidType *type) 244 244 { 245 245 NTSTATUS result; … … 287 287 convert a domain SID to a user or group name 288 288 */ 289 NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain,290 291 292 293 294 289 static NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain, 290 TALLOC_CTX *mem_ctx, 291 const DOM_SID *sid, 292 char **domain_name, 293 char **name, 294 enum lsa_SidType *type) 295 295 { 296 296 char **domains; … … 323 323 } 324 324 325 NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain,326 327 328 329 330 331 332 325 static NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain, 326 TALLOC_CTX *mem_ctx, 327 const DOM_SID *sid, 328 uint32 *rids, 329 size_t num_rids, 330 char **domain_name, 331 char ***names, 332 enum lsa_SidType **types) 333 333 { 334 334 char **domains; … … 531 531 } 532 532 533 NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain, 534 TALLOC_CTX *mem_ctx, 535 uint32 num_sids, const DOM_SID *sids, 536 uint32 *num_aliases, uint32 **alias_rids) 533 static NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain, 534 TALLOC_CTX *mem_ctx, 535 uint32 num_sids, const DOM_SID *sids, 536 uint32 *num_aliases, 537 uint32 **alias_rids) 537 538 { 538 539 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; … … 956 957 957 958 /* find the lockout policy for a domain */ 958 NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,959 960 959 static NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain, 960 TALLOC_CTX *mem_ctx, 961 SAM_UNK_INFO_12 *lockout_policy) 961 962 { 962 963 NTSTATUS result; … … 988 989 989 990 /* find the password policy for a domain */ 990 NTSTATUS msrpc_password_policy(struct winbindd_domain *domain,991 992 991 static NTSTATUS msrpc_password_policy(struct winbindd_domain *domain, 992 TALLOC_CTX *mem_ctx, 993 SAM_UNK_INFO_1 *password_policy) 993 994 { 994 995 NTSTATUS result; -
branches/samba-3.0/source/nsswitch/winbindd_util.c
r140 r165 772 772 773 773 while(temp != NULL) { 774 struct getent_state *next ;774 struct getent_state *next = temp->next; 775 775 776 776 /* Free sam entries then list entry */ … … 778 778 SAFE_FREE(state->sam_entries); 779 779 DLIST_REMOVE(state, state); 780 next = temp->next;781 780 782 781 SAFE_FREE(temp); -
branches/samba-3.0/source/param/loadparm.c
r140 r165 1617 1617 1618 1618 string_set(&Globals.szLdapAdminDn, ""); 1619 Globals.ldap_ssl = LDAP_SSL_O N;1619 Globals.ldap_ssl = LDAP_SSL_OFF; 1620 1620 Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF; 1621 1621 Globals.ldap_delete_dn = False; … … 2796 2796 int iIndex; 2797 2797 2798 if (*pszParmName == '-' )2798 if (*pszParmName == '-' && !strequal(pszParmName, "-valid")) 2799 2799 return (-1); 2800 2800 -
branches/samba-3.0/source/printing/print_generic.c
r124 r165 180 180 int numlines, i, qcount; 181 181 print_queue_struct *queue = NULL; 182 183 DEBUG(1,("generic_queue_get\n")); //PS20080208 182 184 183 /* never do substitution when running the 'lpq command' since we can't 185 184 get it rigt when using the background update daemon. Make the caller -
branches/samba-3.0/source/rpc_client/cli_netlogon.c
r140 r165 1083 1083 return result; 1084 1084 } 1085 1086 /*************************************************************************** 1087 LSA Server Password Set2. 1088 ****************************************************************************/ 1089 1090 NTSTATUS rpccli_net_srv_pwset2(struct rpc_pipe_client *cli, 1091 TALLOC_CTX *mem_ctx, 1092 const char *machine_name, 1093 const char *clear_text_mach_pwd) 1094 { 1095 prs_struct rbuf; 1096 prs_struct qbuf; 1097 DOM_CRED clnt_creds; 1098 NET_Q_SRV_PWSET2 q; 1099 NET_R_SRV_PWSET2 r; 1100 uint16 sec_chan_type = 2; 1101 NTSTATUS result; 1102 1103 creds_client_step(cli->dc, &clnt_creds); 1104 1105 DEBUG(4,("cli_net_srv_pwset2: srv:%s acct:%s sc: %d mc: %s\n", 1106 cli->dc->remote_machine, cli->dc->mach_acct, sec_chan_type, machine_name)); 1107 1108 /* store the parameters */ 1109 init_q_srv_pwset2(&q, cli->dc->remote_machine, (const char *)cli->dc->sess_key, 1110 cli->dc->mach_acct, sec_chan_type, machine_name, 1111 &clnt_creds, clear_text_mach_pwd); 1112 1113 CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SRVPWSET2, 1114 q, r, 1115 qbuf, rbuf, 1116 net_io_q_srv_pwset2, 1117 net_io_r_srv_pwset2, 1118 NT_STATUS_UNSUCCESSFUL); 1119 1120 result = r.status; 1121 1122 if (!NT_STATUS_IS_OK(result)) { 1123 /* report error code */ 1124 DEBUG(0,("cli_net_srv_pwset2: %s\n", nt_errstr(result))); 1125 } 1126 1127 /* Always check returned credentials. */ 1128 if (!creds_client_check(cli->dc, &r.srv_cred.challenge)) { 1129 DEBUG(0,("rpccli_net_srv_pwset2: credentials chain check failed\n")); 1130 return NT_STATUS_ACCESS_DENIED; 1131 } 1132 1133 return result; 1134 } -
branches/samba-3.0/source/rpc_parse/parse_net.c
r134 r165 997 997 } 998 998 999 /******************************************************************* 1000 Inits a NET_Q_SRV_PWSET2. 1001 ********************************************************************/ 1002 1003 void init_q_srv_pwset2(NET_Q_SRV_PWSET2 *q_s, 1004 const char *logon_srv, 1005 const char *sess_key, 1006 const char *acct_name, 1007 uint16 sec_chan, 1008 const char *comp_name, 1009 DOM_CRED *cred, 1010 const char *clear_text_mach_pwd) 1011 { 1012 uint8_t password_buf[516]; 1013 NET_CRYPT_PWD new_password; 1014 1015 DEBUG(5,("init_q_srv_pwset2\n")); 1016 1017 /* Process the new password. */ 1018 1019 encode_pw_buffer(password_buf, clear_text_mach_pwd, STR_UNICODE); 1020 1021 SamOEMhash(password_buf, (const unsigned char *)sess_key, 516); 1022 memcpy(new_password.data, password_buf, 512); 1023 new_password.length = IVAL(password_buf, 512); 1024 1025 init_clnt_info(&q_s->clnt_id, logon_srv, acct_name, sec_chan, comp_name, cred); 1026 1027 memcpy(&q_s->pwd, &new_password, sizeof(q_s->pwd)); 1028 } 1029 1030 /******************************************************************* 1031 Reads or writes a structure. 1032 ********************************************************************/ 1033 1034 BOOL net_io_q_srv_pwset2(const char *desc, NET_Q_SRV_PWSET2 *q_s, prs_struct *ps, int depth) 1035 { 1036 if (q_s == NULL) 1037 return False; 1038 1039 prs_debug(ps, depth, desc, "net_io_q_srv_pwset2"); 1040 depth++; 1041 1042 if(!prs_align(ps)) 1043 return False; 1044 1045 if(!smb_io_clnt_info("", &q_s->clnt_id, ps, depth)) /* client identification/authentication info */ 1046 return False; 1047 if(!prs_uint8s(False, "pwd.data", ps, depth, q_s->pwd.data, 512)) /* new password - undocumented */ 1048 return False; 1049 if(!prs_uint32("pwd.length", ps, depth, &q_s->pwd.length)) /* new password - undocumented */ 1050 return False; 1051 1052 return True; 1053 } 1054 1055 /******************************************************************* 1056 Reads or writes a structure. 1057 ********************************************************************/ 1058 1059 BOOL net_io_r_srv_pwset2(const char *desc, NET_R_SRV_PWSET2 *r_s, prs_struct *ps, int depth) 1060 { 1061 if (r_s == NULL) 1062 return False; 1063 1064 prs_debug(ps, depth, desc, "net_io_r_srv_pwset2"); 1065 depth++; 1066 1067 if(!prs_align(ps)) 1068 return False; 1069 1070 if(!smb_io_cred("", &r_s->srv_cred, ps, depth)) /* server challenge */ 1071 return False; 1072 1073 if(!prs_ntstatus("status", ps, depth, &r_s->status)) 1074 return False; 1075 1076 return True; 1077 } 1078 999 1079 /************************************************************************* 1000 1080 Init DOM_SID2 array from a string containing multiple sids -
branches/samba-3.0/source/rpc_server/srv_srvsvc_nt.c
r124 r165 157 157 158 158 if ( strcmp( fname, "." ) == 0 ) { 159 pstr_sprintf( fullpath, "%s%s", 160 (strchr( sharepath,':')) ? "" : "C:", sharepath ); 159 pstr_sprintf( fullpath, "C:%s", sharepath ); 161 160 } else { 162 pstr_sprintf( fullpath, "%s%s/%s", 163 (strchr( sharepath,':')) ? "" : "C:", sharepath, fname ); 161 pstr_sprintf( fullpath, "C:%s/%s", sharepath, fname ); 164 162 } 165 163 string_replace( fullpath, '/', '\\' ); … … 265 263 pstrcpy(remark, lp_comment(snum)); 266 264 standard_sub_conn(p->conn, remark,sizeof(remark)); 267 if (strchr( lp_pathname(snum), ':')) 268 pstrcpy(path, ""); 269 else 270 pstrcpy(path, "C:"); 265 pstrcpy(path, "C:"); 271 266 pstrcat(path, lp_pathname(snum)); 272 267 … … 348 343 pstrcpy(remark, lp_comment(snum)); 349 344 standard_sub_conn(p->conn, remark,sizeof(remark)); 350 if (strchr( lp_pathname(snum), ':')) 351 pstrcpy(path, ""); 352 else 353 pstrcpy(path, "C:"); 345 pstrcpy(path, "C:"); 354 346 pstrcat(path, lp_pathname(snum)); 355 347 … … 1452 1444 /* NT is braindead - it wants a C: prefix to a pathname ! So strip it. */ 1453 1445 ptr = dos_pathname; 1454 1455 #ifdef __OS2__1456 1457 /* Only absolute paths allowed. */1458 if (strlen(dos_pathname) < 2 || ptr[1] != ':')1459 return NULL;1460 #else1461 1462 1446 if (strlen(dos_pathname) > 2 && ptr[1] == ':' && ptr[0] != '/') 1463 1447 ptr += 2; … … 1466 1450 if (*ptr != '/') 1467 1451 return NULL; 1468 #endif1469 1452 1470 1453 return ptr; … … 2189 2172 ***********************************************************************************/ 2190 2173 2191 static const char *server_disks[] = {"C:" 2192 #ifdef __OS2__ 2193 // YD we can use a better implementation (real time scan or above idea) 2194 ,"D:","E:","F:","G:","H:","I:","J:","K:","L:","M:","N:","O:" 2195 ,"P:","Q:","R:","S:","T:","U:","V:","W:","X:","Y:","Z:" 2196 #endif 2197 }; 2174 static const char *server_disks[] = {"C:"}; 2198 2175 2199 2176 static uint32 get_server_disk_count(void) -
branches/samba-3.0/source/smbd/aio.c
r44 r165 254 254 a->aio_sigevent.sigev_value.sival_int = aio_ex->mid; 255 255 256 become_root(); 256 257 if (SMB_VFS_AIO_READ(fsp,a) == -1) { 257 258 DEBUG(0,("schedule_aio_read_and_X: aio_read failed. " 258 259 "Error %s\n", strerror(errno) )); 259 260 delete_aio_ex(aio_ex); 260 return False; 261 } 261 unbecome_root(); 262 return False; 263 } 264 unbecome_root(); 262 265 263 266 DEBUG(10,("schedule_aio_read_and_X: scheduled aio_read for file %s, " … … 344 347 a->aio_sigevent.sigev_value.sival_int = aio_ex->mid; 345 348 349 become_root(); 346 350 if (SMB_VFS_AIO_WRITE(fsp,a) == -1) { 347 351 DEBUG(3,("schedule_aio_wrote_and_X: aio_write failed. " 348 352 "Error %s\n", strerror(errno) )); 349 353 delete_aio_ex(aio_ex); 350 return False; 351 } 354 unbecome_root(); 355 return False; 356 } 357 unbecome_root(); 352 358 353 359 if (!write_through && !lp_syncalways(SNUM(fsp->conn)) -
branches/samba-3.0/source/smbd/build_options.c
r124 r165 345 345 output(screen, " HAVE_INTTYPES_H\n"); 346 346 #endif 347 #ifdef HAVE_KEYUTILS_H 348 output(screen, " HAVE_KEYUTILS_H\n"); 349 #endif 347 350 #ifdef HAVE_KRB5_H 348 351 output(screen, " HAVE_KRB5_H\n"); … … 2265 2268 output(screen, " WITH_CIFSMOUNT\n"); 2266 2269 #endif 2270 #ifdef WITH_CIFSUPCALL 2271 output(screen, " WITH_CIFSUPCALL\n"); 2272 #endif 2267 2273 #ifdef WITH_DFS 2268 2274 output(screen, " WITH_DFS\n"); … … 2613 2619 #ifdef WITH_CIFSMOUNT 2614 2620 output(screen, " WITH_CIFSMOUNT\n"); 2621 #endif 2622 #ifdef WITH_CIFSUPCALL 2623 output(screen, " WITH_CIFSUPCALL\n"); 2615 2624 #endif 2616 2625 #ifdef WITH_DFS -
branches/samba-3.0/source/smbd/conn.c
r134 r165 262 262 handle = conn->vfs_handles; 263 263 while(handle) { 264 thandle = handle->next; 264 265 DLIST_REMOVE(conn->vfs_handles, handle); 265 thandle = handle->next;266 266 if (handle->free_data) 267 267 handle->free_data(&handle->data); -
branches/samba-3.0/source/smbd/dosmode.c
r124 r165 78 78 mode_t dir_mode = 0; /* Mode of the inherit_from directory if 79 79 * inheriting. */ 80 80 81 if (!lp_store_dos_attributes(SNUM(conn)) && IS_DOS_READONLY(dosmode)) { 81 82 result &= ~(S_IWUSR | S_IWGRP | S_IWOTH); … … 167 168 } 168 169 } /* Else never set the readonly bit. */ 170 169 171 #ifndef __OS2__ 170 172 if (MAP_ARCHIVE(conn) && ((sbuf->st_mode & S_IXUSR) != 0)) -
branches/samba-3.0/source/smbd/files.c
r44 r165 125 125 chain_fsp = fsp; 126 126 127 /* A new fsp invalidates a negative fsp_fi_cache. */ 128 if (fsp_fi_cache.fsp == NULL) { 129 ZERO_STRUCT(fsp_fi_cache); 130 } 127 /* A new fsp invalidates the positive and 128 negative fsp_fi_cache as the new fsp is pushed 129 at the start of the list and we search from 130 a cache hit to the *end* of the list. */ 131 132 ZERO_STRUCT(fsp_fi_cache); 131 133 132 134 *result = fsp; -
branches/samba-3.0/source/smbd/msdfs.c
r134 r165 714 714 char **ppdata, 715 715 struct junction_map *junction, 716 int consumedcnt,717 716 BOOL self_referral) 718 717 { … … 771 770 772 771 /* create the header */ 773 SSVAL(pdata,0,consumedcnt * 2); /* path consumed */ 772 SSVAL(pdata,0,requestedpathlen - 2); /* UCS2 of path consumed minus 773 774 774 SSVAL(pdata,2,junction->referral_count); /* number of referral in this pkt */ 775 775 if(self_referral) { … … 815 815 char **ppdata, 816 816 struct junction_map *junction, 817 int consumedcnt,818 817 BOOL self_referral) 819 818 { … … 853 852 854 853 /* create the header */ 855 SSVAL(pdata,0,consumedcnt * 2); /* path consumed */ 854 SSVAL(pdata,0,reqpathlen - 2); /* UCS2 of path consumed minus 855 2 byte null */ 856 856 857 SSVAL(pdata,2,junction->referral_count); /* number of referral */ 857 858 if(self_referral) { … … 975 976 case 2: 976 977 reply_size = setup_ver2_dfs_referral(pathnamep, ppdata, &junction, 977 consumedcnt,self_referral);978 self_referral); 978 979 break; 979 980 case 3: 980 981 reply_size = setup_ver3_dfs_referral(pathnamep, ppdata, &junction, 981 consumedcnt,self_referral);982 self_referral); 982 983 break; 983 984 default: -
branches/samba-3.0/source/smbd/notify.c
r124 r165 349 349 { 350 350 char *fullpath; 351 352 if (path[0] == '.' && path[1] == '/') { 353 path += 2; 354 } 351 355 352 356 if (asprintf(&fullpath, "%s/%s", conn->connectpath, path) == -1) { -
branches/samba-3.0/source/smbd/password.c
r124 r165 271 271 const char *unix_homedir = 272 272 pdb_get_unix_homedir(server_info->sam_account); 273 274 273 if (unix_homedir) { 275 274 vuser->unix_homedir = … … 356 355 vuser->unix_homedir[1] = ':'; 357 356 #endif 358 359 357 360 358 if ( (!vuser->guest) && vuser->unix_homedir && *(vuser->unix_homedir)) -
branches/samba-3.0/source/smbd/posix_acls.c
r140 r165 3120 3120 } 3121 3121 3122 #if 0 3123 /* Disable this - prevents ACL inheritance from the ACL editor. JRA. */ 3124 3122 3125 /**************************************************************************** 3123 3126 Take care of parent ACL inheritance. … … 3301 3304 } 3302 3305 3303 parent_sd->dacl->aces = new_ace; 3304 parent_sd->dacl->num_aces = i; 3305 3306 *pp_new_sd = parent_sd; 3306 /* This sucks. psd should be const and we should 3307 * be doing a deep-copy here. We're getting away 3308 * with is as we know parent_sd is talloced off 3309 * talloc_tos() as well as psd. JRA. */ 3310 3311 psd->dacl->aces = new_ace; 3312 psd->dacl->num_aces = i; 3313 psd->type &= ~(SE_DESC_DACL_AUTO_INHERITED| 3314 SE_DESC_DACL_AUTO_INHERIT_REQ); 3315 3316 *pp_new_sd = psd; 3307 3317 return status; 3308 3318 } 3319 #endif 3309 3320 3310 3321 /**************************************************************************** … … 3420 3431 create_file_sids(&sbuf, &file_owner_sid, &file_grp_sid); 3421 3432 3433 #if 0 3434 /* Disable this - prevents ACL inheritance from the ACL editor. JRA. */ 3435 3436 /* See here: http://www.codeproject.com/KB/winsdk/accessctrl2.aspx 3437 * for details and also the log trace in bug #4308. JRA. 3438 */ 3439 3422 3440 if ((security_info_sent & DACL_SECURITY_INFORMATION) && 3423 3441 psd->dacl != NULL && … … 3431 3449 } 3432 3450 } 3451 #endif 3433 3452 3434 3453 acl_perms = unpack_canon_ace( fsp, &sbuf, &file_owner_sid, &file_grp_sid, … … 4271 4290 return False; 4272 4291 } 4292 #ifndef __OS2__ 4293 /* Samba always runs as root on OS/2 */ 4273 4294 if (current_user.ut.uid == 0 || conn->admin_user) { 4274 4295 /* I'm sorry sir, I didn't know you were root... */ 4275 4296 return True; 4276 4297 } 4298 #endif 4277 4299 4278 4300 /* Check primary owner write access. */ … … 4327 4349 (unsigned int)access_mask, fname )); 4328 4350 4329 #ifndef __OS2__4330 /* Samba always runs as root on OS/2 */4331 4351 if (current_user.ut.uid == 0 || conn->admin_user) { 4332 4352 /* I'm sorry sir, I didn't know you were root... */ 4333 4353 return True; 4334 4354 } 4335 #endif 4355 4336 4356 if (!VALID_STAT(*psbuf)) { 4337 4357 /* Get the file permission mask and owners. */ -
branches/samba-3.0/source/smbd/process.c
r135 r165 968 968 969 969 if (!change_to_user(conn,session_tag)) { 970 remove_deferred_open_smb_message( 971 SVAL(inbuf, smb_mid)); 970 972 return(ERROR_NT(NT_STATUS_DOS(ERRSRV,ERRbaduid))); 971 973 } -
branches/samba-3.0/source/smbd/reply.c
r134 r165 169 169 170 170 *d = '\0'; 171 172 171 return ret; 173 172 } … … 2215 2214 2216 2215 if ( SMB_VFS_SENDFILE( smbd_server_fd(), fsp, fsp->fh->fd, &header, startpos, nread) == -1) { 2217 /* Returning ENOSYS means no data at all was sent. Do this as a normal read. */ 2216 /* Returning ENOSYS means no data at all was sent. 2217 Do this as a normal read. */ 2218 2218 if (errno == ENOSYS) { 2219 2219 goto normal_readbraw; … … 4645 4645 DEBUG(3,("rename_internals: succeeded doing rename " 4646 4646 "on %s -> %s\n", directory, newname)); 4647 notify_rename(conn, S_ISDIR(sbuf1.st_mode), 4648 directory, newname); 4647 4649 rename_open_files(conn, lck, sbuf1.st_dev, 4648 4650 sbuf1.st_ino, newname); 4649 4651 TALLOC_FREE(lck); 4650 notify_rename(conn, S_ISDIR(sbuf1.st_mode),4651 directory, newname);4652 4652 return NT_STATUS_OK; 4653 4653 } -
branches/samba-3.0/source/smbd/server.c
r124 r165 300 300 Open the socket communication. 301 301 ****************************************************************************/ 302 303 bool reinit_after_fork(struct messaging_context *msg_ctx, 304 struct event_context *ev_ctx, 305 bool parent_longlived); 302 306 303 307 static BOOL open_sockets_smbd(BOOL is_daemon, BOOL interactive, const char *smb_ports) … … 561 565 False); 562 566 563 /* Reset the state of the random 564 * number generation system, so 565 * children do not get the same random 566 * numbers as each other */ 567 568 set_need_random_reseed(); 569 /* tdb needs special fork handling - remove 570 * CLEAR_IF_FIRST flags */ 571 if (tdb_reopen_all(1) == -1) { 572 DEBUG(0,("tdb_reopen_all failed.\n")); 573 smb_panic("tdb_reopen_all failed."); 567 if (!reinit_after_fork(smbd_messaging_context(), 568 smbd_event_context(), 569 true)) { 570 DEBUG(0, ("reinit_after_fork failed.\n")); 571 smb_panic("reinit_after_fork failed.\n"); 574 572 } 575 573 576 574 return True; 577 575 } 576 /* The parent doesn't need this socket */ 577 close(smbd_server_fd()); 578 578 579 579 /* Sun May 6 18:56:14 2001 ackley@cs.unm.edu: … … 946 946 947 947 reopen_logs(); 948 948 949 #ifdef __OS2__ 949 950 unsigned long _System DosSetPriority (unsigned long ulScope, unsigned long ulClass, long lDelta, unsigned long ulID); … … 956 957 DEBUG(0,( "Server priority set to PRTYC_FOREGROUNDSERVER\n")); 957 958 #endif 959 958 960 DEBUG(0,( "smbd version %s started.\n", SAMBA_VERSION_STRING)); 959 961 DEBUGADD( 0, ( "%s\n", COPYRIGHT_STARTUP_MESSAGE ) ); -
branches/samba-3.0/source/smbd/sesssetup.c
r158 r165 99 99 /**************************************************************************** 100 100 Send a security blob via a session setup reply. 101 We must already have called set_message(outbuf,4,0,True) 102 before calling this function. 101 103 ****************************************************************************/ 102 104 … … 109 111 ERROR_NT(nt_status_squash(nt_status)); 110 112 } else { 111 set_message(outbuf,4,0,True);112 113 113 nt_status = nt_status_squash(nt_status); 114 114 SIVAL(outbuf, smb_rcls, NT_STATUS_V(nt_status)); … … 519 519 SAFE_FREE(client); 520 520 521 set_message(outbuf,4,0,True); 522 521 523 if (sess_vuid == UID_FIELD_INVALID ) { 522 524 ret = NT_STATUS_LOGON_FAILURE; … … 525 527 reload_services( True ); 526 528 527 set_message(outbuf,4,0,True);528 529 SSVAL(outbuf, smb_vwv3, 0); 529 530 … … 582 583 } 583 584 585 set_message(outbuf,4,0,True); 586 584 587 if (NT_STATUS_IS_OK(nt_status)) { 585 588 int sess_vuid; … … 598 601 reload_services( True ); 599 602 600 set_message(outbuf,4,0,True);601 603 SSVAL(outbuf, smb_vwv3, 0); 602 604 -
branches/samba-3.0/source/smbd/share_access.c
r1 r165 193 193 */ 194 194 195 BOOL user_ok_token(const char *username, struct nt_user_token *token, int snum)195 BOOL user_ok_token(const char *username, const struct nt_user_token *token, int snum) 196 196 { 197 197 if (lp_invalid_users(snum) != NULL) { … … 250 250 251 251 BOOL is_share_read_only_for_token(const char *username, 252 struct nt_user_token *token, int snum)252 const struct nt_user_token *token, int snum) 253 253 { 254 254 BOOL result = lp_readonly(snum); -
branches/samba-3.0/source/smbd/trans2.c
r159 r165 205 205 } 206 206 207 if (sizeret == -1) {208 return NULL; }207 if (sizeret == -1) 208 return NULL; 209 209 210 210 DEBUG(10,("get_ea_list_from_file: ea_namelist size = %u\n", (unsigned int)sizeret )); … … 303 303 size_t total_ea_len = 0; 304 304 TALLOC_CTX *mem_ctx = NULL; 305 305 306 if (!lp_ea_support(SNUM(conn))) { 306 307 return 0; … … 865 866 return ERROR_NT(NT_STATUS_INVALID_PARAMETER); 866 867 } 867 } else if (IVAL(pdata,0) != 4) {868 return ERROR_NT(NT_STATUS_INVALID_PARAMETER);869 868 } 870 869 … … 977 976 if (mask[0] == '.' && mask[1] == 0) 978 977 return False; 978 if (dptr_has_wild(conn->dirptr)) { 979 return False; 980 } 979 981 if (conn->case_sensitive) 980 982 return strcmp(str,mask)==0; 981 if (StrCaseCmp(str,mask) != 0) { 982 return False; 983 } 984 if (dptr_has_wild(conn->dirptr)) { 985 return False; 986 } 987 return True; 983 else 984 return StrCaseCmp(str,mask) == 0; 988 985 } 989 986 … … 4162 4159 fsp_set_pending_modtime(fsp, ts[1]); 4163 4160 } 4161 4164 4162 } 4165 4163 #ifdef __OS2__ … … 6190 6188 return ERROR_NT(NT_STATUS_INVALID_PARAMETER); 6191 6189 } 6190 /* If total_data == 4 Windows doesn't care what values 6191 * are placed in that field, it just ignores them. 6192 * The System i QNTC IBM SMB client puts bad values here, 6193 * so ignore them. */ 6192 6194 6193 6195 status = create_directory(conn, directory); -
branches/samba-3.0/source/smbd/uid.c
r106 r165 143 143 } 144 144 145 /******************************************************************* 146 Check if a username is OK in share level security. 147 ********************************************************************/ 148 149 static bool check_user_ok_sharelevel_security(connection_struct *conn, 150 const char *unix_name, 151 int snum) 152 { 153 NT_USER_TOKEN *token = conn->nt_user_token; 154 155 if (!user_ok_token(unix_name, token, snum)) { 156 return false; 157 } 158 159 conn->read_only = is_share_read_only_for_token(unix_name, 160 token, 161 snum); 162 163 if (!conn->read_only && 164 !share_access_check(token, lp_servicename(snum), 165 FILE_WRITE_DATA)) { 166 /* smb.conf allows r/w, but the security descriptor denies 167 * write. Fall back to looking at readonly. */ 168 conn->read_only = true; 169 DEBUG(5,("falling back to read-only access-evaluation due to " 170 "security descriptor\n")); 171 } 172 173 if (!share_access_check(token, lp_servicename(snum), 174 conn->read_only ? 175 FILE_READ_DATA : FILE_WRITE_DATA)) { 176 return false; 177 } 178 179 conn->admin_user = token_contains_name_in_list( 180 unix_name, NULL, token, 181 lp_admin_users(SNUM(conn))); 182 183 return true; 184 } 185 186 145 187 /**************************************************************************** 146 188 Become the user of a connection number without changing the security context … … 150 192 BOOL change_to_user(connection_struct *conn, uint16 vuid) 151 193 { 194 enum security_types sec = (enum security_types)lp_security(); 152 195 user_struct *vuser = get_valid_user_struct(vuid); 153 154 196 int snum; 155 197 gid_t gid; … … 173 215 */ 174 216 175 if(( lp_security()== SEC_SHARE) && (current_user.conn == conn) &&217 if((sec == SEC_SHARE) && (current_user.conn == conn) && 176 218 (current_user.ut.uid == conn->uid)) { 177 219 DEBUG(4,("change_to_user: Skipping user change - already " … … 194 236 lp_servicename(snum))); 195 237 return False; 238 } else if ((sec == SEC_SHARE) && !check_user_ok_sharelevel_security(conn, 239 conn->user, snum)) { 240 DEBUG(2,("change_to_user: unix user %s " 241 "not permitted access to share %s.\n", 242 conn->user, 243 lp_servicename(snum))); 244 return false; 196 245 } 197 246 … … 273 322 DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n", 274 323 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid())); 275 324 276 325 return(True); 277 326 } -
branches/samba-3.0/source/tdb/common/io.c
r124 r165 101 101 if (tdb->map_ptr) { 102 102 memcpy(off + (char *)tdb->map_ptr, buf, len); 103 } else if (pwrite(tdb->fd, buf, len, off) != (ssize_t)len) { 104 /* Ensure ecode is set for log fn. */ 105 tdb->ecode = TDB_ERR_IO; 106 TDB_LOG((tdb, TDB_DEBUG_FATAL,"tdb_write failed at %d len=%d (%s)\n", 107 off, len, strerror(errno))); 108 } else { 109 ssize_t written = pwrite(tdb->fd, buf, len, off); 110 if ((written != (ssize_t)len) && (written != -1)) { 111 /* try once more */ 112 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_write: wrote only " 113 "%d of %d bytes at %d, trying once more\n", 103 } else { 104 ssize_t written = pwrite(tdb->fd, buf, len, off); 105 if ((written != (ssize_t)len) && (written != -1)) { 106 /* try once more */ 107 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_write: wrote only " 108 "%d of %d bytes at %d, trying once more\n", 114 109 (uint32_t)written, len, off)); 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 110 errno = ENOSPC; 111 written = pwrite(tdb->fd, (void *)((char *)buf+written), 112 len-written, 113 off+written); 114 } 115 if (written == -1) { 116 /* Ensure ecode is set for log fn. */ 117 tdb->ecode = TDB_ERR_IO; 118 TDB_LOG((tdb, TDB_DEBUG_FATAL,"tdb_write failed at %d " 119 "len=%d (%s)\n", off, len, strerror(errno))); 120 return TDB_ERRCODE(TDB_ERR_IO, -1); 121 } else if (written != (ssize_t)len) { 122 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_write: failed to " 123 "write %d bytes at %d in two attempts\n", 124 len, off)); 125 errno = ENOSPC; 131 126 #ifdef __OS2__ 132 127 // remove our lock … … 215 210 #ifdef HAVE_MMAP 216 211 if (tdb->map_ptr) { 217 int ret = munmap(tdb->map_ptr, tdb->map_size); 212 int ret; 213 214 ret = munmap(tdb->map_ptr, tdb->map_size); 218 215 if (ret != 0) 219 216 return ret; -
branches/samba-3.0/source/tdb/common/open.c
r62 r165 364 364 * do with disk files, and resume here by releasing their 365 365 * global lock and hooking into the active list. */ 366 #ifndef __OS2__ 367 if (tdb->methods->tdb_brlock(tdb, GLOBAL_LOCK, F_UNLCK, F_SETLKW, 0, 1) == -1) 368 goto fail; 369 #endif 366 370 tdb->next = tdbs; 367 371 tdbs = tdb; … … 370 374 fail: 371 375 { int save_errno = errno; 372 tdb->methods->tdb_brlock(tdb, GLOBAL_LOCK, F_UNLCK, F_SETLKW, 0, 1);373 376 374 377 if (!tdb) … … 555 558 if ((tdb->flags & TDB_CLEAR_IF_FIRST) && 556 559 (tdb->methods->tdb_brlock(tdb, ACTIVE_LOCK, F_RDLCK, F_SETLKW, 0, 1) == -1)) { 557 // YD sem handle was wrong, testme #ifndef __OS2__ // PS 20070511 hack for WINS server crash558 560 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_reopen: failed to obtain active lock\n")); 559 561 goto fail; 560 //#endif561 562 } 562 563 if (fstat(tdb->fd, &st) != 0) { -
branches/samba-3.0/source/tdb/common/transaction.c
r61 r165 558 558 return -1; 559 559 } 560 #ifdef MS_SYNC560 #ifdef HAVE_MMAP 561 561 if (tdb->map_ptr) { 562 562 tdb_off_t moffset = offset & ~(tdb->page_size-1); -
branches/samba-3.0/source/utils/net_ads.c
r134 r165 307 307 tried_closest_dc = True; /* avoid loop */ 308 308 309 if (!ads ->config.tried_closest_dc) {309 if (!ads_closest_dc(ads)) { 310 310 311 311 namecache_delete(ads->server.realm, 0x1C); … … 1575 1575 goto fail; 1576 1576 } 1577 1578 saf_join_store(ads->server.workgroup, ads->config.ldap_server_name); 1579 saf_join_store(ads->server.realm, ads->config.ldap_server_name); 1577 1580 1578 1581 /* Verify that everything is ok */ -
branches/samba-3.0/source/utils/net_rpc.c
r140 r165 228 228 int net_rpc_changetrustpw(int argc, const char **argv) 229 229 { 230 net_use_machine_account(); 231 230 232 return run_rpc_command(NULL, PI_NETLOGON, NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC, 231 233 rpc_changetrustpw_internals, -
branches/samba-3.0/source/utils/ntlm_auth.c
r134 r165 351 351 352 352 if (nt_response && nt_response->length) { 353 memcpy(request.data.auth_crap.nt_resp, 354 nt_response->data, 355 MIN(nt_response->length, sizeof(request.data.auth_crap.nt_resp))); 353 if (nt_response->length > sizeof(request.data.auth_crap.nt_resp)) { 354 request.flags = request.flags | WBFLAG_BIG_NTLMV2_BLOB; 355 request.extra_len = nt_response->length; 356 request.extra_data.data = SMB_MALLOC_ARRAY(char, request.extra_len); 357 if (request.extra_data.data == NULL) { 358 return NT_STATUS_NO_MEMORY; 359 } 360 memcpy(request.extra_data.data, nt_response->data, 361 nt_response->length); 362 363 } else { 364 memcpy(request.data.auth_crap.nt_resp, 365 nt_response->data, nt_response->length); 366 } 356 367 request.data.auth_crap.nt_resp_len = nt_response->length; 357 368 } 358 369 359 370 result = winbindd_request_response(WINBINDD_PAM_AUTH_CRAP, &request, &response); 371 SAFE_FREE(request.extra_data.data); 360 372 361 373 /* Display response */ -
branches/samba-3.0/source/utils/smbtree.c
r1 r165 32 32 /* Holds a list of workgroups or servers */ 33 33 34 struct name_list {35 struct name_list *prev, *next;34 struct smb_name_list { 35 struct smb_name_list *prev, *next; 36 36 pstring name, comment; 37 37 uint32 server_type; 38 38 }; 39 39 40 static struct name_list *workgroups, *servers, *shares;41 42 static void free_name_list(struct name_list *list)40 static struct smb_name_list *workgroups, *servers, *shares; 41 42 static void free_name_list(struct smb_name_list *list) 43 43 { 44 44 while(list) … … 49 49 const char *comment, void *state) 50 50 { 51 struct name_list **name_list = (structname_list **)state;52 struct name_list *new_name;53 54 new_name = SMB_MALLOC_P(struct name_list);51 struct smb_name_list **name_list = (struct smb_name_list **)state; 52 struct smb_name_list *new_name; 53 54 new_name = SMB_MALLOC_P(struct smb_name_list); 55 55 56 56 if (!new_name) … … 200 200 static BOOL print_tree(struct user_auth_info *user_info) 201 201 { 202 struct name_list *wg, *sv, *sh;202 struct smb_name_list *wg, *sv, *sh; 203 203 204 204 /* List workgroups */ -
branches/samba-3.0/source/web/statuspage.c
r30 r165 43 43 /* show machine name rather PID on table "Open Files"? */ 44 44 if (PID_or_Machine) { 45 PIDMAP *p; 46 47 for (p = pidmap; p != NULL; ) { 45 PIDMAP *p, *next; 46 47 for (p = pidmap; p != NULL; p = next) { 48 next = p->next; 48 49 DLIST_REMOVE(pidmap, p); 49 50 SAFE_FREE(p->machine); -
branches/samba-3.0/source/web/swat.c
r1 r165 464 464 465 465 write_config(f, False); 466 if (snum )466 if (snum >= 0) 467 467 lp_dump_one(f, False, snum); 468 468 fclose(f);
Note:
See TracChangeset
for help on using the changeset viewer.
