Changeset 204 for branches/samba-3.2.x/source/libsmb
- Timestamp:
- May 20, 2009, 6:46:53 PM (16 years ago)
- Location:
- branches/samba-3.2.x/source/libsmb
- Files:
-
- 5 edited
-
async_smb.c (modified) (8 diffs)
-
clikrb5.c (modified) (1 diff)
-
libsmb_xattr.c (modified) (9 diffs)
-
samlogon_cache.c (modified) (1 diff)
-
trusts_util.c (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.2.x/source/libsmb/async_smb.c
r149 r204 320 320 struct cli_state *cli = (struct cli_state *)p; 321 321 struct cli_request *req; 322 NTSTATUS status; 322 323 323 324 DEBUG(11, ("cli_state_handler called with flags %d\n", flags)); … … 332 333 DEBUG(10, ("ioctl(FIONREAD) failed: %s\n", 333 334 strerror(errno))); 335 status = map_nt_error_from_unix(errno); 334 336 goto sock_error; 335 337 } … … 337 339 if (available == 0) { 338 340 /* EOF */ 341 status = NT_STATUS_END_OF_FILE; 339 342 goto sock_error; 340 343 } … … 345 348 if (new_size < old_size) { 346 349 /* wrap */ 350 status = NT_STATUS_UNEXPECTED_IO_ERROR; 347 351 goto sock_error; 348 352 } … … 352 356 if (tmp == NULL) { 353 357 /* nomem */ 358 status = NT_STATUS_NO_MEMORY; 354 359 goto sock_error; 355 360 } … … 359 364 if (res == -1) { 360 365 DEBUG(10, ("recv failed: %s\n", strerror(errno))); 366 status = map_nt_error_from_unix(errno); 361 367 goto sock_error; 362 368 } … … 403 409 404 410 if (sent < 0) { 411 status = map_nt_error_from_unix(errno); 405 412 goto sock_error; 406 413 } … … 416 423 sock_error: 417 424 for (req = cli->outstanding_requests; req; req = req->next) { 418 req->async->state = ASYNC_REQ_ERROR; 419 req->async->status = map_nt_error_from_unix(errno); 425 async_req_error(req->async, status); 420 426 } 421 427 TALLOC_FREE(cli->fd_event); -
branches/samba-3.2.x/source/libsmb/clikrb5.c
r149 r204 744 744 &in_data ); 745 745 if (retval) { 746 DEBUG( 1, ("ads_krb5_get_fwd_ticket failed (%s)\n", error_message( retval ) ) ); 747 goto cleanup_creds; 748 } 749 750 if (retval) { 751 DEBUG( 1, ("krb5_auth_con_set_req_cksumtype failed (%s)\n", 752 error_message( retval ) ) ); 753 goto cleanup_creds; 754 } 755 746 DEBUG( 3, ("ads_krb5_get_fwd_ticket failed (%s)\n", error_message( retval ) ) ); 747 748 /* 749 * This is not fatal. Delete the *auth_context and continue 750 * with krb5_mk_req_extended to get a non-forwardable ticket. 751 */ 752 753 if (in_data.data) { 754 free( in_data.data ); 755 in_data.data = NULL; 756 in_data.length = 0; 757 } 758 krb5_auth_con_free(context, *auth_context); 759 *auth_context = NULL; 760 } 756 761 } 757 762 #endif -
branches/samba-3.2.x/source/libsmb/libsmb_xattr.c
r133 r204 747 747 uint16 mode = 0; 748 748 SMB_INO_T ino = 0; 749 749 struct cli_state *cli = srv->cli; 750 750 struct { 751 751 const char * create_time_attr; … … 884 884 */ 885 885 if (ipc_cli && (all || some_nt || all_nt_acls)) { 886 char *targetpath = NULL; 887 struct cli_state *targetcli = NULL; 888 886 889 /* Point to the portion after "system.nt_sec_desc." */ 887 890 name += 19; /* if (all) this will be invalid but unused */ 888 891 892 if (!cli_resolve_path(ctx, "", cli, filename, 893 &targetcli, &targetpath)) { 894 DEBUG(5, ("cacl_get Could not resolve %s\n", 895 filename)); 896 errno = ENOENT; 897 return -1; 898 } 899 889 900 /* ... then obtain any NT attributes which were requested */ 890 fnum = cli_nt_create( cli, filename, CREATE_ACCESS_READ);891 901 fnum = cli_nt_create(targetcli, targetpath, CREATE_ACCESS_READ); 902 892 903 if (fnum == -1) { 893 894 filename, cli_errstr(cli)));895 896 897 898 899 sd = cli_query_secdesc(cli, fnum, ctx);900 904 DEBUG(5, ("cacl_get failed to open %s: %s\n", 905 targetpath, cli_errstr(targetcli))); 906 errno = 0; 907 return -1; 908 } 909 910 sd = cli_query_secdesc(targetcli, fnum, ctx); 911 901 912 if (!sd) { 902 913 DEBUG(5, … … 905 916 return -1; 906 917 } 907 908 cli_close( cli, fnum);909 918 919 cli_close(targetcli, fnum); 920 910 921 if (! exclude_nt_revision) { 911 922 if (all || all_nt) { … … 1504 1515 char *p; 1505 1516 bool numeric = True; 1506 1517 char *targetpath = NULL; 1518 struct cli_state *targetcli = NULL; 1519 1507 1520 /* the_acl will be null for REMOVE_ALL operations */ 1508 1521 if (the_acl) { … … 1533 1546 return -1; 1534 1547 } 1535 1548 1549 if (!cli_resolve_path(ctx, "", cli, filename, 1550 &targetcli, &targetpath)) { 1551 DEBUG(5,("cacl_set: Could not resolve %s\n", filename)); 1552 errno = ENOENT; 1553 return -1; 1554 } 1555 1536 1556 /* The desired access below is the only one I could find that works 1537 1557 with NT4, W2KP and Samba */ 1538 1539 fnum = cli_nt_create( cli, filename, CREATE_ACCESS_READ);1540 1558 1559 fnum = cli_nt_create(targetcli, targetpath, CREATE_ACCESS_READ); 1560 1541 1561 if (fnum == -1) { 1542 1562 DEBUG(5, ("cacl_set failed to open %s: %s\n", 1543 filename, cli_errstr(cli)));1563 targetpath, cli_errstr(targetcli))); 1544 1564 errno = 0; 1545 1565 return -1; 1546 1566 } 1547 1548 old = cli_query_secdesc( cli, fnum, ctx);1549 1567 1568 old = cli_query_secdesc(targetcli, fnum, ctx); 1569 1550 1570 if (!old) { 1551 1571 DEBUG(5, ("cacl_set Failed to query old descriptor\n")); … … 1553 1573 return -1; 1554 1574 } 1555 1556 cli_close( cli, fnum);1557 1575 1576 cli_close(targetcli, fnum); 1577 1558 1578 switch (mode) { 1559 1579 case SMBC_XATTR_MODE_REMOVE_ALL: … … 1561 1581 dacl = old->dacl; 1562 1582 break; 1563 1583 1564 1584 case SMBC_XATTR_MODE_REMOVE: 1565 1585 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) { 1566 1586 bool found = False; 1567 1587 1568 1588 for (j=0;old->dacl && j<old->dacl->num_aces;j++) { 1569 1589 if (sec_ace_equal(&sd->dacl->aces[i], … … 1643 1663 owner_sid, group_sid, NULL, dacl, &sd_size); 1644 1664 1645 fnum = cli_nt_create( cli, filename,1665 fnum = cli_nt_create(targetcli, targetpath, 1646 1666 WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS); 1647 1667 1648 1668 if (fnum == -1) { 1649 1669 DEBUG(5, ("cacl_set failed to open %s: %s\n", 1650 filename, cli_errstr(cli)));1670 targetpath, cli_errstr(targetcli))); 1651 1671 errno = 0; 1652 1672 return -1; 1653 1673 } 1654 1674 1655 if (!cli_set_secdesc(cli, fnum, sd)) { 1656 DEBUG(5, ("ERROR: secdesc set failed: %s\n", cli_errstr(cli))); 1675 if (!cli_set_secdesc(targetcli, fnum, sd)) { 1676 DEBUG(5, ("ERROR: secdesc set failed: %s\n", 1677 cli_errstr(targetcli))); 1657 1678 ret = -1; 1658 1679 } … … 1661 1682 1662 1683 failed: 1663 cli_close( cli, fnum);1684 cli_close(targetcli, fnum); 1664 1685 1665 1686 if (err != 0) { -
branches/samba-3.2.x/source/libsmb/samlogon_cache.c
r136 r204 60 60 ***********************************************************************/ 61 61 62 void netsamlogon_clear_cached_user(TDB_CONTEXT *tdb, struct netr_SamInfo3 *info3) 63 { 64 bool got_tdb = false; 65 DOM_SID sid; 66 fstring key_str, sid_string; 67 68 /* We may need to call this function from smbd which will not have 69 winbindd_cache.tdb open. Open the tdb if a NULL is passed. */ 70 71 if (!tdb) { 72 tdb = tdb_open_log(lock_path("winbindd_cache.tdb"), 73 WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE, 74 TDB_DEFAULT, O_RDWR, 0600); 75 if (!tdb) { 76 DEBUG(5, ("netsamlogon_clear_cached_user: failed to open cache\n")); 77 return; 78 } 79 got_tdb = true; 80 } 81 82 sid_copy(&sid, info3->base.domain_sid); 83 sid_append_rid(&sid, info3->base.rid); 84 85 /* Clear U/SID cache entry */ 86 87 fstr_sprintf(key_str, "U/%s", sid_to_fstring(sid_string, &sid)); 88 89 DEBUG(10, ("netsamlogon_clear_cached_user: clearing %s\n", key_str)); 90 91 tdb_delete(tdb, string_tdb_data(key_str)); 92 93 /* Clear UG/SID cache entry */ 94 95 fstr_sprintf(key_str, "UG/%s", sid_to_fstring(sid_string, &sid)); 96 97 DEBUG(10, ("netsamlogon_clear_cached_user: clearing %s\n", key_str)); 98 99 tdb_delete(tdb, string_tdb_data(key_str)); 100 101 if (got_tdb) { 102 tdb_close(tdb); 103 } 62 void netsamlogon_clear_cached_user(struct netr_SamInfo3 *info3) 63 { 64 DOM_SID user_sid; 65 fstring keystr, tmp; 66 67 if (!info3) { 68 return; 69 } 70 71 if (!netsamlogon_cache_init()) { 72 DEBUG(0,("netsamlogon_clear_cached_user: cannot open " 73 "%s for write!\n", 74 NETSAMLOGON_TDB)); 75 return; 76 } 77 sid_copy(&user_sid, info3->base.domain_sid); 78 sid_append_rid(&user_sid, info3->base.rid); 79 80 /* Prepare key as DOMAIN-SID/USER-RID string */ 81 slprintf(keystr, sizeof(keystr), "%s", sid_to_fstring(tmp, &user_sid)); 82 83 DEBUG(10,("netsamlogon_clear_cached_user: SID [%s]\n", keystr)); 84 85 tdb_delete_bystring(netsamlogon_tdb, keystr); 104 86 } 105 87 -
branches/samba-3.2.x/source/libsmb/trusts_util.c
r133 r204 32 32 static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 33 33 const unsigned char orig_trust_passwd_hash[16], 34 const char *new_trust_pwd_cleartext, 34 35 const unsigned char new_trust_passwd_hash[16], 35 36 uint32 sec_channel_type) 36 37 { 37 38 NTSTATUS result; 38 39 /* Check if the netlogon pipe is open using schannel. If so we 40 already have valid creds. If not we must set them up. */ 41 42 if (cli->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) { 43 uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; 44 45 result = rpccli_netlogon_setup_creds(cli, 46 cli->cli->desthost, /* server name */ 47 lp_workgroup(), /* domain */ 48 global_myname(), /* client name */ 49 global_myname(), /* machine account name */ 50 orig_trust_passwd_hash, 51 sec_channel_type, 52 &neg_flags); 53 54 if (!NT_STATUS_IS_OK(result)) { 55 DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n", 56 nt_errstr(result))); 57 return result; 39 uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; 40 41 result = rpccli_netlogon_setup_creds(cli, 42 cli->cli->desthost, /* server name */ 43 lp_workgroup(), /* domain */ 44 global_myname(), /* client name */ 45 global_myname(), /* machine account name */ 46 orig_trust_passwd_hash, 47 sec_channel_type, 48 &neg_flags); 49 50 if (!NT_STATUS_IS_OK(result)) { 51 DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n", 52 nt_errstr(result))); 53 return result; 54 } 55 56 if (neg_flags & NETLOGON_NEG_PASSWORD_SET2) { 57 58 struct netr_Authenticator clnt_creds, srv_cred; 59 struct netr_CryptPassword new_password; 60 struct samr_CryptPassword password_buf; 61 62 netlogon_creds_client_step(cli->dc, &clnt_creds); 63 64 encode_pw_buffer(password_buf.data, new_trust_pwd_cleartext, STR_UNICODE); 65 66 SamOEMhash(password_buf.data, cli->dc->sess_key, 516); 67 memcpy(new_password.data, password_buf.data, 512); 68 new_password.length = IVAL(password_buf.data, 512); 69 70 result = rpccli_netr_ServerPasswordSet2(cli, mem_ctx, 71 cli->dc->remote_machine, 72 cli->dc->mach_acct, 73 sec_channel_type, 74 global_myname(), 75 &clnt_creds, 76 &srv_cred, 77 &new_password); 78 79 /* Always check returned credentials. */ 80 if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) { 81 DEBUG(0,("rpccli_netr_ServerPasswordSet2: " 82 "credentials chain check failed\n")); 83 return NT_STATUS_ACCESS_DENIED; 58 84 } 59 } 60 61 { 85 86 } else { 87 62 88 struct netr_Authenticator clnt_creds, srv_cred; 63 89 struct samr_Password new_password; … … 119 145 E_md4hash(new_trust_passwd, new_trust_passwd_hash); 120 146 121 nt_status = just_change_the_password(cli, mem_ctx, orig_trust_passwd_hash, 122 new_trust_passwd_hash, sec_channel_type); 147 nt_status = just_change_the_password(cli, mem_ctx, 148 orig_trust_passwd_hash, 149 new_trust_passwd, 150 new_trust_passwd_hash, 151 sec_channel_type); 123 152 124 153 if (NT_STATUS_IS_OK(nt_status)) {
Note:
See TracChangeset
for help on using the changeset viewer.
