Changeset 272 for branches/samba-3.2.x/source
- Timestamp:
- Jun 16, 2009, 5:52:30 PM (16 years ago)
- Location:
- branches/samba-3.2.x/source
- Files:
-
- 32 edited
-
VERSION (modified) (1 diff)
-
auth/auth_util.c (modified) (4 diffs)
-
configure (modified) (1 diff)
-
configure.in (modified) (1 diff)
-
groupdb/mapping_ldb.c (modified) (7 diffs)
-
include/ntdomain.h (modified) (1 diff)
-
include/version.h (modified) (1 diff)
-
lib/ldb/common/ldb.c (modified) (1 diff)
-
lib/replace/getpass.c (modified) (1 diff)
-
lib/replace/system/passwd.h (modified) (1 diff)
-
libads/ldap.c (modified) (1 diff)
-
librpc/gen_ndr/ndr_samr.c (modified) (2 diffs)
-
librpc/idl/samr.idl (modified) (1 diff)
-
libsmb/credentials.c (modified) (1 diff)
-
passdb/lookup_sid.c (modified) (2 diffs)
-
passdb/pdb_interface.c (modified) (1 diff)
-
passdb/pdb_ldap.c (modified) (2 diffs)
-
registry/reg_api.c (modified) (1 diff)
-
rpc_server/srv_lsa_nt.c (modified) (4 diffs)
-
rpc_server/srv_netlog_nt.c (modified) (8 diffs)
-
rpc_server/srv_samr_nt.c (modified) (11 diffs)
-
script/tests/test_wbinfo_s3.sh (modified) (1 diff)
-
smbd/msdfs.c (modified) (1 diff)
-
smbd/posix_acls.c (modified) (9 diffs)
-
smbd/trans2.c (modified) (1 diff)
-
smbd/uid.c (modified) (1 diff)
-
utils/net.c (modified) (3 diffs)
-
utils/net.h (modified) (1 diff)
-
utils/net_help.c (modified) (1 diff)
-
utils/net_rpc.c (modified) (8 diffs)
-
winbindd/idmap.c (modified) (1 diff)
-
winbindd/winbindd.c (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.2.x/source/VERSION
r235 r272 26 26 SAMBA_VERSION_MAJOR=3 27 27 SAMBA_VERSION_MINOR=2 28 SAMBA_VERSION_RELEASE=1 128 SAMBA_VERSION_RELEASE=12 29 29 30 30 ######################################################## -
branches/samba-3.2.x/source/auth/auth_util.c
r233 r272 293 293 unsigned char key[16]; 294 294 295 ZERO_STRUCT(key); 296 memcpy(key, dc_sess_key, 8); 295 memcpy(key, dc_sess_key, 16); 297 296 298 297 if (lm_interactive_pwd) … … 868 867 pdb_get_username(sam_acct)); 869 868 869 /* 870 * If the SID from lookup_name() was the guest sid, passdb knows 871 * about the mapping of guest sid to lp_guestaccount() 872 * username and will return the unix_pw info for a guest 873 * user. Use it if it's there, else lookup the *uid details 874 * using getpwnam_alloc(). See bug #6291 for details. JRA. 875 */ 876 877 /* We must always assign the *uid. */ 878 if (sam_acct->unix_pw == NULL) { 879 struct passwd *pwd = getpwnam_alloc(sam_acct, *found_username ); 880 if (!pwd) { 881 DEBUG(10, ("getpwnam_alloc failed for %s\n", 882 *found_username)); 883 result = NT_STATUS_NO_SUCH_USER; 884 goto done; 885 } 886 result = samu_set_unix(sam_acct, pwd ); 887 if (!NT_STATUS_IS_OK(result)) { 888 DEBUG(10, ("samu_set_unix failed for %s\n", 889 *found_username)); 890 result = NT_STATUS_NO_SUCH_USER; 891 goto done; 892 } 893 } 894 *uid = sam_acct->unix_pw->pw_uid; 895 870 896 } else if (sid_check_is_in_unix_users(&user_sid)) { 871 897 … … 884 910 885 911 if (!sid_to_uid(&user_sid, uid)) { 886 DEBUG(1, (" sid_to_uid for %s (%s) failed\n",912 DEBUG(1, ("unix_user case, sid_to_uid for %s (%s) failed\n", 887 913 username, sid_string_dbg(&user_sid))); 914 result = NT_STATUS_NO_SUCH_USER; 888 915 goto done; 889 916 } … … 937 964 938 965 uint32 dummy; 966 967 /* We must always assign the *uid. */ 968 if (!sid_to_uid(&user_sid, uid)) { 969 DEBUG(1, ("winbindd case, sid_to_uid for %s (%s) failed\n", 970 username, sid_string_dbg(&user_sid))); 971 result = NT_STATUS_NO_SUCH_USER; 972 goto done; 973 } 939 974 940 975 num_group_sids = 1; -
branches/samba-3.2.x/source/configure
r233 r272 11929 11929 CFLAGS="${CFLAGS} -g" 11930 11930 else 11931 CFLAGS=" -O"11931 CFLAGS="${CFLAGS} -O" 11932 11932 fi 11933 11933 -
branches/samba-3.2.x/source/configure.in
r232 r272 128 128 CFLAGS="${CFLAGS} -g" 129 129 else 130 CFLAGS=" -O"130 CFLAGS="${CFLAGS} -O" 131 131 fi 132 132 -
branches/samba-3.2.x/source/groupdb/mapping_ldb.c
r228 r272 223 223 224 224 ret = ldb_search(ldb, dn, LDB_SCOPE_BASE, NULL, NULL, &res); 225 if (ret != LDB_SUCCESS) { 226 goto failed; 227 } 225 228 talloc_steal(dn, res); 226 if (re t != LDB_SUCCESS || res->count != 1) {229 if (res->count != 1) { 227 230 goto failed; 228 231 } … … 252 255 253 256 ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, expr, NULL, &res); 257 if (ret != LDB_SUCCESS) { 258 goto failed; 259 } 254 260 talloc_steal(expr, res); 255 if (ret != LDB_SUCCESS || res->count != 1) goto failed; 261 if (res->count != 1) { 262 goto failed; 263 } 256 264 257 265 if (!msg_to_group_map(res->msgs[0], map)) goto failed; … … 278 286 279 287 ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, expr, NULL, &res); 288 if (ret != LDB_SUCCESS) { 289 goto failed; 290 } 280 291 talloc_steal(expr, res); 281 if (ret != LDB_SUCCESS || res->count != 1) goto failed; 292 if (res->count != 1) { 293 goto failed; 294 } 282 295 283 296 if (!msg_to_group_map(res->msgs[0], map)) goto failed; … … 343 356 344 357 ret = ldb_search(ldb, basedn, LDB_SCOPE_SUBTREE, expr, NULL, &res); 358 if (ret != LDB_SUCCESS) goto failed; 345 359 talloc_steal(tmp_ctx, res); 346 if (ret != LDB_SUCCESS) goto failed;347 360 348 361 (*pp_rmap) = NULL; … … 396 409 397 410 ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, expr, attrs, &res); 411 if (ret != LDB_SUCCESS) { 412 goto failed; 413 } 398 414 talloc_steal(expr, res); 399 if (ret != LDB_SUCCESS) {400 goto failed;401 }402 415 403 416 for (i=0;i<res->count;i++) { … … 517 530 518 531 ret = ldb_search(ldb, dn, LDB_SCOPE_BASE, NULL, attrs, &res); 519 talloc_steal(dn, res);520 532 if (ret == LDB_SUCCESS && res->count == 0) { 533 talloc_free(res); 521 534 talloc_free(dn); 522 535 return NT_STATUS_OK; … … 526 539 return NT_STATUS_INTERNAL_DB_CORRUPTION; 527 540 } 541 talloc_steal(dn, res); 528 542 529 543 el = ldb_msg_find_element(res->msgs[0], "member"); 530 544 if (el == NULL) { 531 545 talloc_free(dn); 532 return NT_STATUS_ INTERNAL_DB_CORRUPTION;546 return NT_STATUS_OK; 533 547 } 534 548 -
branches/samba-3.2.x/source/include/ntdomain.h
r133 r272 140 140 struct netr_Credential srv_chal; /* Server credential */ 141 141 142 unsigned char sess_key[16]; /* Session key - 8 bytes followed by 8 zero bytes*/142 unsigned char sess_key[16]; /* Session key */ 143 143 unsigned char mach_pw[16]; /* md4(machine password) */ 144 144 -
branches/samba-3.2.x/source/include/version.h
r235 r272 2 2 #define SAMBA_VERSION_MAJOR 3 3 3 #define SAMBA_VERSION_MINOR 2 4 #define SAMBA_VERSION_RELEASE 1 15 #define SAMBA_VERSION_OFFICIAL_STRING "3.2.1 1"4 #define SAMBA_VERSION_RELEASE 12 5 #define SAMBA_VERSION_OFFICIAL_STRING "3.2.12" 6 6 #define SAMBA_VERSION_STRING samba_version_string() -
branches/samba-3.2.x/source/lib/ldb/common/ldb.c
r201 r272 788 788 if (ret != LDB_SUCCESS) { 789 789 talloc_free(res); 790 res = NULL; 790 791 } 791 792 -
branches/samba-3.2.x/source/lib/replace/getpass.c
r136 r272 153 153 /* Try to write to and read from the terminal if we can. 154 154 If we can't open the terminal, use stderr and stdin. */ 155 156 155 in = fopen ("/dev/tty", "w+"); 157 156 if (in == NULL) { -
branches/samba-3.2.x/source/lib/replace/system/passwd.h
r133 r272 68 68 #endif 69 69 70 #if def REPLACE_GETPASS70 #if defined(REPLACE_GETPASS) && !defined(__OS2__) 71 71 #if defined(REPLACE_GETPASS_BY_GETPASSPHRASE) 72 72 #define getpass(prompt) getpassphrase(prompt) -
branches/samba-3.2.x/source/libads/ldap.c
r233 r272 119 119 return LDAP_TIMELIMIT_EXCEEDED; 120 120 121 /* 122 * A bug in OpenLDAP means ldap_search_ext_s can return 123 * LDAP_SUCCESS but with a NULL res pointer. Cope with 124 * this. See bug #6279 for details. JRA. 125 */ 126 127 if (*res == NULL) { 128 return LDAP_TIMELIMIT_EXCEEDED; 129 } 130 121 131 return result; 122 132 } -
branches/samba-3.2.x/source/librpc/gen_ndr/ndr_samr.c
r228 r272 4431 4431 static enum ndr_err_code ndr_push_samr_ConnectVersion(struct ndr_push *ndr, int ndr_flags, enum samr_ConnectVersion r) 4432 4432 { 4433 NDR_CHECK(ndr_push_uint 16(ndr, NDR_SCALARS, r));4433 NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r)); 4434 4434 return NDR_ERR_SUCCESS; 4435 4435 } … … 4437 4437 static enum ndr_err_code ndr_pull_samr_ConnectVersion(struct ndr_pull *ndr, int ndr_flags, enum samr_ConnectVersion *r) 4438 4438 { 4439 uint 16_t v;4440 NDR_CHECK(ndr_pull_uint 16(ndr, NDR_SCALARS, &v));4439 uint32_t v; 4440 NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v)); 4441 4441 *r = v; 4442 4442 return NDR_ERR_SUCCESS; -
branches/samba-3.2.x/source/librpc/idl/samr.idl
r228 r272 1247 1247 /* Function 0x3e */ 1248 1248 1249 typedef enum {1249 typedef [v1_enum] enum { 1250 1250 SAMR_CONNECT_PRE_W2K = 1, 1251 1251 SAMR_CONNECT_W2K = 2, -
branches/samba-3.2.x/source/libsmb/credentials.c
r133 r272 256 256 struct dcinfo tmp_dc = *dc; 257 257 258 if (!received_cred || !cred_out) { 259 return false; 260 } 261 258 262 /* Do all operations on a temporary copy of the dc, 259 263 which we throw away if the checks fail. */ -
branches/samba-3.2.x/source/passdb/lookup_sid.c
r233 r272 469 469 470 470 if (num_rids) { 471 *names = TALLOC_ ARRAY(mem_ctx, const char *, num_rids);471 *names = TALLOC_ZERO_ARRAY(mem_ctx, const char *, num_rids); 472 472 *types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_rids); 473 473 … … 475 475 return false; 476 476 } 477 478 for (i = 0; i < num_rids; i++) 479 (*types)[i] = SID_NAME_UNKNOWN; 477 480 } else { 478 481 *names = NULL; -
branches/samba-3.2.x/source/passdb/pdb_interface.c
r228 r272 1063 1063 "without algorithmic RIDs is chosen.\n")); 1064 1064 DEBUGADD(0, ("Please map all used groups using 'net groupmap " 1065 "add', set the maximum used RID using\n"));1066 DEBUGADD(0, (" 'net setmaxrid'and remove the parameter\n"));1065 "add', set the maximum used RID\n")); 1066 DEBUGADD(0, ("and remove the parameter\n")); 1067 1067 return False; 1068 1068 } -
branches/samba-3.2.x/source/passdb/pdb_ldap.c
r228 r272 3281 3281 3282 3282 if ((rc == LDAP_NAMING_VIOLATION) || 3283 (rc == LDAP_NOT_ALLOWED_ON_RDN) || 3283 3284 (rc == LDAP_OBJECT_CLASS_VIOLATION)) { 3284 3285 const char *attrs[] = { "sambaGroupType", "description", … … 3295 3296 3296 3297 if ((rc == LDAP_NAMING_VIOLATION) || 3298 (rc == LDAP_NOT_ALLOWED_ON_RDN) || 3297 3299 (rc == LDAP_OBJECT_CLASS_VIOLATION)) { 3298 3300 const char *attrs[] = { "sambaGroupType", "description", -
branches/samba-3.2.x/source/registry/reg_api.c
r133 r272 456 456 WERROR err; 457 457 458 /* 459 * We must refuse to handle subkey-paths containing 460 * a '/' character because at a lower level, after 461 * normalization, '/' is treated as a key separator 462 * just like '\\'. 463 */ 464 if (strchr(subkeypath, '/') != NULL) { 465 return WERR_INVALID_PARAM; 466 } 467 458 468 if (!(mem_ctx = talloc_new(ctx))) return WERR_NOMEM; 459 469 -
branches/samba-3.2.x/source/rpc_server/srv_lsa_nt.c
r235 r272 1630 1630 return NT_STATUS_INVALID_HANDLE; 1631 1631 1632 if (!(info->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))1633 return NT_STATUS_ACCESS_DENIED;1634 1635 1632 if ( !get_privileges_for_sids( &mask, &info->sid, 1 ) ) 1636 1633 return NT_STATUS_OBJECT_NAME_NOT_FOUND; … … 1692 1689 if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info)) 1693 1690 return NT_STATUS_INVALID_HANDLE; 1694 1695 if (!(info->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))1696 return NT_STATUS_ACCESS_DENIED;1697 1691 1698 1692 if (!lookup_sid(p->mem_ctx, &info->sid, NULL, NULL, NULL)) … … 2098 2092 return NT_STATUS_INVALID_HANDLE; 2099 2093 2100 if (!(info->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))2101 return NT_STATUS_ACCESS_DENIED;2102 2103 2094 /* according to an NT4 PDC, you can add privileges to SIDs even without 2104 2095 call_lsa_create_account() first. And you can use any arbitrary SID. */ … … 2142 2133 if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info)) 2143 2134 return NT_STATUS_INVALID_HANDLE; 2144 2145 if (!(info->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))2146 return NT_STATUS_ACCESS_DENIED;2147 2135 2148 2136 name = r->in.name->string; -
branches/samba-3.2.x/source/rpc_server/srv_netlog_nt.c
r233 r272 473 473 NTSTATUS status; 474 474 uint32_t srv_flgs; 475 /* r->in.negotiate_flags is an aliased pointer to r->out.negotiate_flags, 476 * so use a copy to avoid destroying the client values. */ 477 uint32_t in_neg_flags = *r->in.negotiate_flags; 475 478 struct netr_Credential srv_chal_out; 476 479 … … 478 481 * Windows 7 looks at the negotiate_flags 479 482 * returned in this structure *even if the 480 * call fails with access denied ! So in order483 * call fails with access denied* ! So in order 481 484 * to allow Win7 to connect to a Samba NT style 482 485 * PDC we set the flags before we know if it's … … 495 498 NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL; 496 499 500 /* Ensure we support strong (128-bit) keys. */ 501 if (in_neg_flags & NETLOGON_NEG_128BIT) { 502 srv_flgs |= NETLOGON_NEG_128BIT; 503 } 504 497 505 if (lp_server_schannel() != false) { 498 506 srv_flgs |= NETLOGON_NEG_SCHANNEL; 499 507 } 500 501 *r->out.negotiate_flags = srv_flgs;502 508 503 509 /* We use this as the key to store the creds: */ … … 507 513 DEBUG(0,("_netr_ServerAuthenticate2: no challenge sent to client %s\n", 508 514 r->in.computer_name)); 509 return NT_STATUS_ACCESS_DENIED; 515 status = NT_STATUS_ACCESS_DENIED; 516 goto out; 510 517 } 511 518 512 519 if ( (lp_server_schannel() == true) && 513 (( *r->in.negotiate_flags & NETLOGON_NEG_SCHANNEL) == 0) ) {520 ((in_neg_flags & NETLOGON_NEG_SCHANNEL) == 0) ) { 514 521 515 522 /* schannel must be used, but client did not offer it. */ … … 517 524 "to offer it. Client was %s\n", 518 525 r->in.account_name)); 519 return NT_STATUS_ACCESS_DENIED; 526 status = NT_STATUS_ACCESS_DENIED; 527 goto out; 520 528 } 521 529 … … 528 536 r->in.account_name, nt_errstr(status) )); 529 537 /* always return NT_STATUS_ACCESS_DENIED */ 530 return NT_STATUS_ACCESS_DENIED; 538 status = NT_STATUS_ACCESS_DENIED; 539 goto out; 531 540 } 532 541 533 542 /* From the client / server challenges and md4 password, generate sess key */ 534 creds_server_init( *r->in.negotiate_flags,543 creds_server_init(in_neg_flags, 535 544 p->dc, 536 545 &p->dc->clnt_chal, /* Stored client chal. */ … … 545 554 r->in.computer_name, 546 555 r->in.account_name)); 547 return NT_STATUS_ACCESS_DENIED; 556 status = NT_STATUS_ACCESS_DENIED; 557 goto out; 548 558 } 549 559 … … 564 574 p->dc); 565 575 unbecome_root(); 566 567 return NT_STATUS_OK; 576 status = NT_STATUS_OK; 577 578 out: 579 580 *r->out.negotiate_flags = srv_flgs; 581 return status; 568 582 } 569 583 -
branches/samba-3.2.x/source/rpc_server/srv_samr_nt.c
r235 r272 863 863 sid_string_dbg(&pol_sid))); 864 864 865 status = access_check_samr_function(acc_granted,866 STD_RIGHT_READ_CONTROL_ACCESS,867 "_samr_QuerySecurity");868 if (!NT_STATUS_IS_OK(status)) {869 return status;870 }871 872 865 /* Check what typ of SID is beeing queried (e.g Domain SID, User SID, Group SID) */ 873 866 … … 1166 1159 num_groups, groups); 1167 1160 1161 if (MAX_SAM_ENTRIES <= num_groups) { 1162 status = STATUS_MORE_ENTRIES; 1163 } else { 1164 status = NT_STATUS_OK; 1165 } 1166 1168 1167 samr_array->count = num_groups; 1169 1168 samr_array->entries = samr_entries; … … 1234 1233 DEBUG(5,("_samr_EnumDomainAliases: %d\n", __LINE__)); 1235 1234 1235 if (MAX_SAM_ENTRIES <= num_aliases) { 1236 status = STATUS_MORE_ENTRIES; 1237 } else { 1238 status = NT_STATUS_OK; 1239 } 1240 1236 1241 samr_array->count = num_aliases; 1237 1242 samr_array->entries = samr_entries; … … 1471 1476 if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info)) 1472 1477 return NT_STATUS_INVALID_HANDLE; 1473 1474 status = access_check_samr_function(info->acc_granted,1475 SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,1476 "_samr_QueryDisplayInfo");1477 if (!NT_STATUS_IS_OK(status)) {1478 return status;1479 }1480 1478 1481 1479 /* … … 2121 2119 return NT_STATUS_INVALID_HANDLE; 2122 2120 2123 status = access_check_samr_function(acc_granted,2124 0, /* Don't know the acc_bits yet */2125 "_samr__LookupRids");2126 if (!NT_STATUS_IS_OK(status)) {2127 return status;2128 }2129 2130 2121 if (num_rids > 1000) { 2131 2122 DEBUG(0, ("Got asked for %d rids (more than 1000) -- according " … … 2700 2691 return NT_STATUS_INVALID_HANDLE; 2701 2692 2702 status = access_check_samr_function(info->acc_granted,2703 SAMR_USER_ACCESS_GET_ATTRIBUTES,2704 "_samr_QueryUserInfo");2705 if (!NT_STATUS_IS_OK(status)) {2706 return status;2707 }2708 2709 2693 domain_sid = info->sid; 2710 2694 … … 2949 2933 return NT_STATUS_INVALID_HANDLE; 2950 2934 } 2951 2952 status = access_check_samr_function(info->acc_granted,2953 SA_RIGHT_SAM_LOOKUP_DOMAIN,2954 "_samr_QueryDomainInfo" );2955 2956 if ( !NT_STATUS_IS_OK(status) )2957 return status;2958 2935 2959 2936 switch (r->in.level) { … … 5671 5648 time_t u_logout; 5672 5649 time_t u_lock_duration, u_reset_time; 5673 NTSTATUS result;5674 5650 5675 5651 DEBUG(5,("_samr_SetDomainInfo: %d\n", __LINE__)); … … 5678 5654 if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info)) 5679 5655 return NT_STATUS_INVALID_HANDLE; 5680 5681 /* We do have different access bits for info5682 * levels here, but we're really just looking for5683 * GENERIC_RIGHTS_DOMAIN_WRITE access. Unfortunately5684 * this maps to different specific bits. So5685 * assume if we have SA_RIGHT_DOMAIN_SET_INFO_15686 * set we are ok. */5687 5688 result = access_check_samr_function(info->acc_granted,5689 SA_RIGHT_DOMAIN_SET_INFO_1,5690 "_samr_SetDomainInfo");5691 5692 if (!NT_STATUS_IS_OK(result))5693 return result;5694 5656 5695 5657 DEBUG(5,("_samr_SetDomainInfo: level: %d\n", r->in.level)); … … 5750 5712 uint32_t num_account = 0; 5751 5713 struct samr_displayentry *entries = NULL; 5752 NTSTATUS status;5753 5714 5754 5715 DEBUG(5,("_samr_GetDisplayEnumerationIndex: %d\n", __LINE__)); … … 5757 5718 if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info)) { 5758 5719 return NT_STATUS_INVALID_HANDLE; 5759 }5760 5761 status = access_check_samr_function(info->acc_granted,5762 SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,5763 "_samr_GetDisplayEnumerationIndex");5764 if (!NT_STATUS_IS_OK(status)) {5765 return status;5766 5720 } 5767 5721 -
branches/samba-3.2.x/source/script/tests/test_wbinfo_s3.sh
r138 r272 35 35 #Didn't pass yet# tests="$tests:--user-info=$username" 36 36 tests="$tests:--user-groups=$username" 37 tests="$tests:--allocate-uid" 38 tests="$tests:--allocate-gid" 37 39 38 40 failed=0 -
branches/samba-3.2.x/source/smbd/msdfs.c
r228 r272 260 260 return status; 261 261 } 262 263 conn->fs_capabilities = SMB_VFS_FS_CAPABILITIES(conn); 262 264 263 265 /* -
branches/samba-3.2.x/source/smbd/posix_acls.c
r233 r272 4 4 Copyright (C) Jeremy Allison 1994-2000. 5 5 Copyright (C) Andreas Gruenbacher 2002. 6 Copyright (C) Simo Sorce <idra@samba.org> 2009. 6 7 7 8 This program is free software; you can redistribute it and/or modify … … 1119 1120 return True; 1120 1121 1121 /* Assume that the current user is in the current group (force group) */ 1122 1123 if (uid_ace->unix_ug.uid == current_user.ut.uid && group_ace->unix_ug.gid == current_user.ut.gid) 1124 return True; 1122 /* 1123 * if it's the current user, we already have the unix token 1124 * and don't need to do the complex user_in_group_sid() call 1125 */ 1126 if (uid_ace->unix_ug.uid == current_user.ut.uid) { 1127 size_t i; 1128 1129 if (group_ace->unix_ug.gid == current_user.ut.gid) { 1130 return True; 1131 } 1132 1133 for (i=0; i < current_user.ut.ngroups; i++) { 1134 if (group_ace->unix_ug.gid == current_user.ut.groups[i]) { 1135 return True; 1136 } 1137 } 1138 } 1125 1139 1126 1140 /* u_name talloc'ed off tos. */ … … 1129 1143 return False; 1130 1144 } 1145 1146 /* notice that this is not reliable for users exported by winbindd! */ 1131 1147 return user_in_group_sid(u_name, &group_ace->trustee); 1132 1148 } … … 2815 2831 } 2816 2832 2833 /* 2834 * Add or Replace ACE entry. 2835 * In some cases we need to add a specific ACE for compatibility reasons. 2836 * When doing that we must make sure we are not actually creating a duplicate 2837 * entry. So we need to search whether an ACE entry already exist and eventually 2838 * replacce the access mask, or add a completely new entry if none was found. 2839 * 2840 * This function assumes the array has enough space to add a new entry without 2841 * any reallocation of memory. 2842 */ 2843 2844 static void add_or_replace_ace(SEC_ACE *nt_ace_list, size_t *num_aces, 2845 const DOM_SID *sid, enum security_ace_type type, 2846 uint32_t mask, uint8_t flags) 2847 { 2848 int i; 2849 2850 /* first search for a duplicate */ 2851 for (i = 0; i < *num_aces; i++) { 2852 if (sid_equal(&nt_ace_list[i].trustee, sid) && 2853 (nt_ace_list[i].flags == flags)) break; 2854 } 2855 2856 if (i < *num_aces) { /* found */ 2857 nt_ace_list[i].type = type; 2858 nt_ace_list[i].access_mask = mask; 2859 DEBUG(10, ("Replacing ACE %d with SID %s and flags %02x\n", 2860 i, sid_string_dbg(sid), flags)); 2861 return; 2862 } 2863 2864 /* not found, append it */ 2865 init_sec_ace(&nt_ace_list[(*num_aces)++], sid, type, mask, flags); 2866 } 2867 2868 2817 2869 /**************************************************************************** 2818 2870 Reply to query a security descriptor from an fsp. If it succeeds it allocates … … 2842 2894 SEC_ACE *nt_ace_list = NULL; 2843 2895 size_t num_profile_acls = 0; 2896 DOM_SID orig_owner_sid; 2844 2897 SEC_DESC *psd = NULL; 2898 int i; 2845 2899 2846 2900 /* … … 2848 2902 */ 2849 2903 2904 create_file_sids(sbuf, &owner_sid, &group_sid); 2905 2850 2906 if (lp_profile_acls(SNUM(conn))) { 2851 2907 /* For WXP SP1 the owner must be administrators. */ 2908 sid_copy(&orig_owner_sid, &owner_sid); 2852 2909 sid_copy(&owner_sid, &global_sid_Builtin_Administrators); 2853 2910 sid_copy(&group_sid, &global_sid_Builtin_Users); 2854 num_profile_acls = 2; 2855 } else { 2856 create_file_sids(sbuf, &owner_sid, &group_sid); 2911 num_profile_acls = 3; 2857 2912 } 2858 2913 … … 2978 3033 * if we can't map the SID. */ 2979 3034 if (lp_profile_acls(SNUM(conn))) { 2980 SEC_ACCESS acc; 2981 2982 init_sec_access(&acc,FILE_GENERIC_ALL); 2983 init_sec_ace(&nt_ace_list[num_aces++], 2984 &global_sid_Builtin_Users, 2985 SEC_ACE_TYPE_ACCESS_ALLOWED, 2986 acc, 0); 3035 add_or_replace_ace(nt_ace_list, &num_aces, 3036 &global_sid_Builtin_Users, 3037 SEC_ACE_TYPE_ACCESS_ALLOWED, 3038 FILE_GENERIC_ALL, 0); 2987 3039 } 2988 3040 … … 3008 3060 * if we can't map the SID. */ 3009 3061 if (lp_profile_acls(SNUM(conn))) { 3010 SEC_ACCESS acc; 3011 3012 init_sec_access(&acc,FILE_GENERIC_ALL); 3013 init_sec_ace(&nt_ace_list[num_aces++], &global_sid_Builtin_Users, SEC_ACE_TYPE_ACCESS_ALLOWED, acc, 3014 SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT| 3015 SEC_ACE_FLAG_INHERIT_ONLY|0); 3062 add_or_replace_ace(nt_ace_list, &num_aces, 3063 &global_sid_Builtin_Users, 3064 SEC_ACE_TYPE_ACCESS_ALLOWED, 3065 FILE_GENERIC_ALL, 3066 SEC_ACE_FLAG_OBJECT_INHERIT | 3067 SEC_ACE_FLAG_CONTAINER_INHERIT | 3068 SEC_ACE_FLAG_INHERIT_ONLY); 3016 3069 } 3017 3070 … … 3024 3077 num_aces = merge_default_aces(nt_ace_list, num_aces); 3025 3078 3079 if (lp_profile_acls(SNUM(conn))) { 3080 for (i = 0; i < num_aces; i++) { 3081 if (sid_equal(&nt_ace_list[i].trustee, &owner_sid)) { 3082 add_or_replace_ace(nt_ace_list, &num_aces, 3083 &orig_owner_sid, 3084 nt_ace_list[i].type, 3085 nt_ace_list[i].access_mask, 3086 nt_ace_list[i].flags); 3087 break; 3088 } 3089 } 3090 } 3026 3091 } 3027 3092 -
branches/samba-3.2.x/source/smbd/trans2.c
r233 r272 6382 6382 } else if((wire_open_mode & SMB_O_CREAT) == SMB_O_CREAT) { 6383 6383 create_disp = FILE_OPEN_IF; 6384 } else if ((wire_open_mode & (SMB_O_CREAT | SMB_O_EXCL | SMB_O_TRUNC)) == 0) { 6385 create_disp = FILE_OPEN; 6384 6386 } else { 6385 6387 DEBUG(5,("smb_posix_open: invalid create mode 0x%x\n", -
branches/samba-3.2.x/source/smbd/uid.c
r228 r272 192 192 { 193 193 #ifndef __OS2__ 194 194 enum security_types sec = (enum security_types)lp_security(); 195 195 user_struct *vuser = get_valid_user_struct(vuid); 196 196 int snum; -
branches/samba-3.2.x/source/utils/net.c
r228 r272 73 73 int opt_flags = -1; 74 74 int opt_timeout = 0; 75 int opt_request_timeout = 0; 75 76 const char *opt_target_workgroup = NULL; 76 77 int opt_machine_pass = 0; … … 572 573 nt_errstr(nt_status)); 573 574 cli = NULL; 575 } else if (opt_request_timeout) { 576 cli_set_timeout(cli, opt_request_timeout * 1000); 574 577 } 575 578 … … 1043 1046 {"stdin", 'i', POPT_ARG_NONE, &opt_stdin}, 1044 1047 {"timeout", 't', POPT_ARG_INT, &opt_timeout}, 1048 {"request-timeout",0,POPT_ARG_INT, &opt_request_timeout}, 1045 1049 {"machine-pass",'P', POPT_ARG_NONE, &opt_machine_pass}, 1046 1050 {"myworkgroup", 'W', POPT_ARG_STRING, &opt_workgroup}, -
branches/samba-3.2.x/source/utils/net.h
r138 r272 101 101 extern int opt_machine_pass; 102 102 extern int opt_timeout; 103 extern int opt_request_timeout; 103 104 extern const char *opt_host; 104 105 extern const char *opt_user_name; -
branches/samba-3.2.x/source/utils/net_help.c
r138 r272 49 49 d_printf("\t-V or --version\t\t\tPrint samba version information\n"); 50 50 d_printf("\t-P or --machine-pass\t\tAuthenticate as machine account\n"); 51 d_printf("\t-e or --encrypt\t\tEncrypt SMB transport (UNIX extended servers only)\n"); 51 d_printf("\t-e or --encrypt\t\t\tEncrypt SMB transport (UNIX extended servers only)\n"); 52 d_printf("\t--request-timeout\t\tThe timeout for smb and rpc requests in seconds\n"); 52 53 return -1; 53 54 } -
branches/samba-3.2.x/source/utils/net_rpc.c
r235 r272 119 119 DOM_SID *domain_sid; 120 120 const char *domain_name; 121 int ret = -1; 121 122 122 123 /* make use of cli_state handed over as an argument, if possible */ … … 140 141 if (!(mem_ctx = talloc_init("run_rpc_command"))) { 141 142 DEBUG(0, ("talloc_init() failed\n")); 142 cli_shutdown(cli); 143 return -1; 143 goto fail; 144 144 } 145 145 … … 147 147 &domain_name); 148 148 if (!NT_STATUS_IS_OK(nt_status)) { 149 cli_shutdown(cli); 150 return -1; 149 goto fail; 151 150 } 152 151 … … 161 160 DEBUG(0, ("Could not initialise schannel netlogon pipe. Error was %s\n", 162 161 nt_errstr(nt_status) )); 163 cli_shutdown(cli); 164 return -1; 162 goto fail; 165 163 } 166 164 } else { … … 170 168 cli_get_pipe_name(pipe_idx), 171 169 nt_errstr(nt_status) )); 172 cli_shutdown(cli); 173 return -1; 170 goto fail; 174 171 } 175 172 } … … 181 178 DEBUG(1, ("rpc command function failed! (%s)\n", nt_errstr(nt_status))); 182 179 } else { 180 ret = 0; 183 181 DEBUG(5, ("rpc command function succedded\n")); 184 182 } … … 190 188 } 191 189 190 fail: 192 191 /* close the connection only if it was opened here */ 193 192 if (!cli_arg) { … … 196 195 197 196 talloc_destroy(mem_ctx); 198 return (!NT_STATUS_IS_OK(nt_status));197 return ret; 199 198 } 200 199 -
branches/samba-3.2.x/source/winbindd/idmap.c
r204 r272 556 556 talloc_set_destructor(dom, close_domain_destructor); 557 557 558 dom->params = talloc_strdup(dom, compat_params); 559 IDMAP_CHECK_ALLOC(dom->params); 558 if (compat_params) { 559 dom->params = talloc_strdup(dom, compat_params); 560 IDMAP_CHECK_ALLOC(dom->params); 561 } else { 562 dom->params = NULL; 563 } 560 564 561 565 /* Finally instance a backend copy for this domain */ -
branches/samba-3.2.x/source/winbindd/winbindd.c
r232 r272 799 799 for (state = winbindd_client_list(); state; state = state->next) { 800 800 if (state->response.result != WINBINDD_PENDING && 801 state->fd_event.flags == EVENT_FD_READ && 801 802 !state->getpwent_state && !state->getgrent_state) { 802 803 nidle++;
Note:
See TracChangeset
for help on using the changeset viewer.
