Changeset 274 for branches/samba-3.3.x/source
- Timestamp:
- Jun 17, 2009, 2:19:52 PM (16 years ago)
- Location:
- branches/samba-3.3.x/source
- Files:
-
- 40 edited
-
VERSION (modified) (1 diff)
-
auth/auth_util.c (modified) (4 diffs)
-
configure (modified) (1 diff)
-
configure.in (modified) (1 diff)
-
groupdb/mapping_ldb.c (modified) (1 diff)
-
include/config.h.in (modified) (1 diff)
-
include/ntdomain.h (modified) (1 diff)
-
include/smbldap.h (modified) (1 diff)
-
include/version.h (modified) (1 diff)
-
lib/ctdbd_conn.c (modified) (1 diff)
-
lib/netapi/examples/netdomjoin-gui/netdomjoin-gui.c (modified) (1 diff)
-
lib/smbldap.c (modified) (1 diff)
-
librpc/gen_ndr/ndr_samr.c (modified) (2 diffs)
-
librpc/idl/samr.idl (modified) (1 diff)
-
libsmb/credentials.c (modified) (1 diff)
-
libsmb/passchange.c (modified) (1 diff)
-
locking/locking.c (modified) (1 diff)
-
param/loadparm.c (modified) (8 diffs)
-
passdb/lookup_sid.c (modified) (2 diffs)
-
passdb/pdb_interface.c (modified) (1 diff)
-
passdb/pdb_ldap.c (modified) (3 diffs)
-
rpc_server/srv_netlog_nt.c (modified) (8 diffs)
-
rpc_server/srv_samr_nt.c (modified) (11 diffs)
-
script/installmo.sh (modified) (1 diff)
-
smbd/file_access.c (modified) (3 diffs)
-
smbd/filename.c (modified) (6 diffs)
-
smbd/msdfs.c (modified) (2 diffs)
-
smbd/posix_acls.c (modified) (2 diffs)
-
smbd/posix_acls.c# (modified) (1 diff)
-
smbd/server.c (modified) (1 diff)
-
smbd/service.c (modified) (2 diffs)
-
smbd/uid.c (modified) (5 diffs)
-
utils/net_dom.c (modified) (1 diff)
-
utils/net_groupmap.c (modified) (1 diff)
-
utils/net_rap.c (modified) (2 diffs)
-
utils/smbget.c (modified) (1 diff)
-
winbindd/idmap_ldap.c (modified) (2 diffs)
-
winbindd/idmap_tdb.c (modified) (3 diffs)
-
winbindd/idmap_tdb2.c (modified) (2 diffs)
-
winbindd/winbindd.c (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.3.x/source/VERSION
r271 r274 26 26 SAMBA_VERSION_MAJOR=3 27 27 SAMBA_VERSION_MINOR=3 28 SAMBA_VERSION_RELEASE= 428 SAMBA_VERSION_RELEASE=5 29 29 30 30 ######################################################## -
branches/samba-3.3.x/source/auth/auth_util.c
r222 r274 293 293 unsigned char key[16]; 294 294 295 ZERO_STRUCT(key); 296 memcpy(key, dc_sess_key, 8); 295 memcpy(key, dc_sess_key, 16); 297 296 298 297 if (lm_interactive_pwd) … … 885 884 pdb_get_username(sam_acct)); 886 885 886 /* 887 * If the SID from lookup_name() was the guest sid, passdb knows 888 * about the mapping of guest sid to lp_guestaccount() 889 * username and will return the unix_pw info for a guest 890 * user. Use it if it's there, else lookup the *uid details 891 * using getpwnam_alloc(). See bug #6291 for details. JRA. 892 */ 893 894 /* We must always assign the *uid. */ 895 if (sam_acct->unix_pw == NULL) { 896 struct passwd *pwd = getpwnam_alloc(sam_acct, *found_username ); 897 if (!pwd) { 898 DEBUG(10, ("getpwnam_alloc failed for %s\n", 899 *found_username)); 900 result = NT_STATUS_NO_SUCH_USER; 901 goto done; 902 } 903 result = samu_set_unix(sam_acct, pwd ); 904 if (!NT_STATUS_IS_OK(result)) { 905 DEBUG(10, ("samu_set_unix failed for %s\n", 906 *found_username)); 907 result = NT_STATUS_NO_SUCH_USER; 908 goto done; 909 } 910 } 911 *uid = sam_acct->unix_pw->pw_uid; 912 887 913 } else if (sid_check_is_in_unix_users(&user_sid)) { 888 914 … … 901 927 902 928 if (!sid_to_uid(&user_sid, uid)) { 903 DEBUG(1, (" sid_to_uid for %s (%s) failed\n",929 DEBUG(1, ("unix_user case, sid_to_uid for %s (%s) failed\n", 904 930 username, sid_string_dbg(&user_sid))); 931 result = NT_STATUS_NO_SUCH_USER; 905 932 goto done; 906 933 } … … 954 981 955 982 uint32 dummy; 983 984 /* We must always assign the *uid. */ 985 if (!sid_to_uid(&user_sid, uid)) { 986 DEBUG(1, ("winbindd case, sid_to_uid for %s (%s) failed\n", 987 username, sid_string_dbg(&user_sid))); 988 result = NT_STATUS_NO_SUCH_USER; 989 goto done; 990 } 956 991 957 992 num_group_sids = 1; -
branches/samba-3.3.x/source/configure
r224 r274 76541 76541 76542 76542 76543 ############################################ 76544 # See if we have the a broken readlink syscall. 76545 76546 { $as_echo "$as_me:$LINENO: checking for a broken readlink syscall" >&5 76547 $as_echo_n "checking for a broken readlink syscall... " >&6; } 76548 if test "${samba_cv_HAVE_BROKEN_READLINK+set}" = set; then 76549 $as_echo_n "(cached) " >&6 76550 else 76551 76552 if test "$cross_compiling" = yes; then 76553 samba_cv_HAVE_BROKEN_READLINK=cross 76554 else 76555 cat >conftest.$ac_ext <<_ACEOF 76556 /* confdefs.h. */ 76557 _ACEOF 76558 cat confdefs.h >>conftest.$ac_ext 76559 cat >>conftest.$ac_ext <<_ACEOF 76560 /* end confdefs.h. */ 76561 #include "${srcdir-.}/../tests/readlink.c" 76562 _ACEOF 76563 rm -f conftest$ac_exeext 76564 if { (ac_try="$ac_link" 76565 case "(($ac_try" in 76566 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; 76567 *) ac_try_echo=$ac_try;; 76568 esac 76569 eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" 76570 $as_echo "$ac_try_echo") >&5 76571 (eval "$ac_link") 2>&5 76572 ac_status=$? 76573 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 76574 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' 76575 { (case "(($ac_try" in 76576 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; 76577 *) ac_try_echo=$ac_try;; 76578 esac 76579 eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" 76580 $as_echo "$ac_try_echo") >&5 76581 (eval "$ac_try") 2>&5 76582 ac_status=$? 76583 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 76584 (exit $ac_status); }; }; then 76585 samba_cv_HAVE_BROKEN_READLINK=no 76586 else 76587 $as_echo "$as_me: program exited with status $ac_status" >&5 76588 $as_echo "$as_me: failed program was:" >&5 76589 sed 's/^/| /' conftest.$ac_ext >&5 76590 76591 ( exit $ac_status ) 76592 samba_cv_HAVE_BROKEN_READLINK=yes 76593 fi 76594 rm -rf conftest.dSYM 76595 rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext 76596 fi 76597 76598 76599 76600 fi 76601 { $as_echo "$as_me:$LINENO: result: $samba_cv_HAVE_BROKEN_READLINK" >&5 76602 $as_echo "$samba_cv_HAVE_BROKEN_READLINK" >&6; } 76603 if test x"$samba_cv_HAVE_BROKEN_READLINK" = x"yes"; then 76604 76605 cat >>confdefs.h <<\_ACEOF 76606 #define HAVE_BROKEN_READLINK 1 76607 _ACEOF 76608 76609 fi 76543 76610 76544 76611 ################################################# -
branches/samba-3.3.x/source/configure.in
r224 r274 5928 5928 AC_HAVE_DECL(splice, [#include <fcntl.h>]) 5929 5929 5930 ############################################ 5931 # See if we have the a broken readlink syscall. 5932 5933 AC_CACHE_CHECK([for a broken readlink syscall],samba_cv_HAVE_BROKEN_READLINK,[ 5934 AC_TRY_RUN([#include "${srcdir-.}/../tests/readlink.c"], 5935 samba_cv_HAVE_BROKEN_READLINK=no,samba_cv_HAVE_BROKEN_READLINK=yes,samba_cv_HAVE_BROKEN_READLINK=cross) 5936 ]) 5937 if test x"$samba_cv_HAVE_BROKEN_READLINK" = x"yes"; then 5938 AC_DEFINE(HAVE_BROKEN_READLINK,1,[Whether the readlink syscall is broken]) 5939 fi 5930 5940 5931 5941 ################################################# -
branches/samba-3.3.x/source/groupdb/mapping_ldb.c
r263 r274 532 532 if (el == NULL) { 533 533 talloc_free(dn); 534 return NT_STATUS_ INTERNAL_DB_CORRUPTION;534 return NT_STATUS_OK; 535 535 } 536 536 -
branches/samba-3.3.x/source/include/config.h.in
r223 r274 237 237 /* Whether readdir() returns the wrong name offset */ 238 238 #undef HAVE_BROKEN_READDIR_NAME 239 240 /* Whether the readlink syscall is broken */ 241 #undef HAVE_BROKEN_READLINK 239 242 240 243 /* Define to 1 if you have the `bzero' function. */ -
branches/samba-3.3.x/source/include/ntdomain.h
r206 r274 140 140 struct netr_Credential srv_chal; /* Server credential */ 141 141 142 unsigned char sess_key[16]; /* Session key - 8 bytes followed by 8 zero bytes*/142 unsigned char sess_key[16]; /* Session key */ 143 143 unsigned char mach_pw[16]; /* md4(machine password) */ 144 144 -
branches/samba-3.3.x/source/include/smbldap.h
r206 r274 213 213 const char *attribute, 214 214 TALLOC_CTX *mem_ctx); 215 char * smbldap_talloc_smallest_attribute(LDAP *ldap_struct, LDAPMessage *entry, 216 const char *attribute, 217 TALLOC_CTX *mem_ctx); 215 218 void talloc_autofree_ldapmsg(TALLOC_CTX *mem_ctx, LDAPMessage *result); 216 219 void talloc_autofree_ldapmod(TALLOC_CTX *mem_ctx, LDAPMod **mod); -
branches/samba-3.3.x/source/include/version.h
r271 r274 2 2 #define SAMBA_VERSION_MAJOR 3 3 3 #define SAMBA_VERSION_MINOR 3 4 #define SAMBA_VERSION_RELEASE 45 #define SAMBA_VERSION_OFFICIAL_STRING "3.3. 4"4 #define SAMBA_VERSION_RELEASE 5 5 #define SAMBA_VERSION_OFFICIAL_STRING "3.3.5" 6 6 #define SAMBA_VERSION_STRING samba_version_string() -
branches/samba-3.3.x/source/lib/ctdbd_conn.c
r221 r274 1095 1095 1096 1096 status = ctdbd_init_connection(NULL, &conn); 1097 if (!NT_STATUS_IS_OK(status)) { 1098 DEBUG(0, ("ctdbd_init_connection failed: %s\n", 1099 nt_errstr(status))); 1100 return status; 1101 } 1097 1102 1098 1103 t.db_id = db_id; -
branches/samba-3.3.x/source/lib/netapi/examples/netdomjoin-gui/netdomjoin-gui.c
r224 r274 656 656 join_creds_required = FALSE; 657 657 unjoin_flags = NETSETUP_JOIN_DOMAIN | 658 NETSETUP_ACCT_DELETE; 658 NETSETUP_ACCT_DELETE | 659 NETSETUP_IGNORE_UNSUPPORTED_FLAGS; 659 660 } 660 661 -
branches/samba-3.3.x/source/lib/smbldap.c
r221 r274 334 334 } 335 335 336 char * smbldap_talloc_smallest_attribute(LDAP *ldap_struct, LDAPMessage *entry, 337 const char *attribute, 338 TALLOC_CTX *mem_ctx) 339 { 340 char **values; 341 char *result; 342 size_t converted_size; 343 int i, num_values; 344 345 if (attribute == NULL) { 346 return NULL; 347 } 348 349 values = ldap_get_values(ldap_struct, entry, attribute); 350 351 if (values == NULL) { 352 DEBUG(10, ("attribute %s does not exist\n", attribute)); 353 return NULL; 354 } 355 356 if (!pull_utf8_talloc(mem_ctx, &result, values[0], &converted_size)) { 357 DEBUG(10, ("pull_utf8_talloc failed\n")); 358 ldap_value_free(values); 359 return NULL; 360 } 361 362 num_values = ldap_count_values(values); 363 364 for (i=1; i<num_values; i++) { 365 char *tmp; 366 367 if (!pull_utf8_talloc(mem_ctx, &tmp, values[i], 368 &converted_size)) { 369 DEBUG(10, ("pull_utf8_talloc failed\n")); 370 TALLOC_FREE(result); 371 ldap_value_free(values); 372 return NULL; 373 } 374 375 if (StrCaseCmp(tmp, result) < 0) { 376 TALLOC_FREE(result); 377 result = tmp; 378 } else { 379 TALLOC_FREE(tmp); 380 } 381 } 382 383 ldap_value_free(values); 384 385 #ifdef DEBUG_PASSWORDS 386 DEBUG (100, ("smbldap_get_single_attribute: [%s] = [%s]\n", 387 attribute, result)); 388 #endif 389 return result; 390 } 391 392 char * smbldap_talloc_smallest_attribute(LDAP *ldap_struct, LDAPMessage *entry, 393 const char *attribute, 394 TALLOC_CTX *mem_ctx) 395 { 396 char **values; 397 char *result; 398 size_t converted_size; 399 int i, num_values; 400 401 if (attribute == NULL) { 402 return NULL; 403 } 404 405 values = ldap_get_values(ldap_struct, entry, attribute); 406 407 if (values == NULL) { 408 DEBUG(10, ("attribute %s does not exist\n", attribute)); 409 return NULL; 410 } 411 412 if (!pull_utf8_talloc(mem_ctx, &result, values[0], &converted_size)) { 413 DEBUG(10, ("pull_utf8_talloc failed\n")); 414 ldap_value_free(values); 415 return NULL; 416 } 417 418 num_values = ldap_count_values(values); 419 420 for (i=1; i<num_values; i++) { 421 char *tmp; 422 423 if (!pull_utf8_talloc(mem_ctx, &tmp, values[i], 424 &converted_size)) { 425 DEBUG(10, ("pull_utf8_talloc failed\n")); 426 TALLOC_FREE(result); 427 ldap_value_free(values); 428 return NULL; 429 } 430 431 if (StrCaseCmp(tmp, result) < 0) { 432 TALLOC_FREE(result); 433 result = tmp; 434 } else { 435 TALLOC_FREE(tmp); 436 } 437 } 438 439 ldap_value_free(values); 440 441 #ifdef DEBUG_PASSWORDS 442 DEBUG (100, ("smbldap_get_single_attribute: [%s] = [%s]\n", 443 attribute, result)); 444 #endif 445 return result; 446 } 447 336 448 static int ldapmsg_destructor(LDAPMessage **result) { 337 449 ldap_msgfree(*result); -
branches/samba-3.3.x/source/librpc/gen_ndr/ndr_samr.c
r224 r274 4431 4431 static enum ndr_err_code ndr_push_samr_ConnectVersion(struct ndr_push *ndr, int ndr_flags, enum samr_ConnectVersion r) 4432 4432 { 4433 NDR_CHECK(ndr_push_uint 16(ndr, NDR_SCALARS, r));4433 NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r)); 4434 4434 return NDR_ERR_SUCCESS; 4435 4435 } … … 4437 4437 static enum ndr_err_code ndr_pull_samr_ConnectVersion(struct ndr_pull *ndr, int ndr_flags, enum samr_ConnectVersion *r) 4438 4438 { 4439 uint 16_t v;4440 NDR_CHECK(ndr_pull_uint 16(ndr, NDR_SCALARS, &v));4439 uint32_t v; 4440 NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v)); 4441 4441 *r = v; 4442 4442 return NDR_ERR_SUCCESS; -
branches/samba-3.3.x/source/librpc/idl/samr.idl
r224 r274 1371 1371 /* Function 0x3e */ 1372 1372 1373 typedef enum {1373 typedef [v1_enum] enum { 1374 1374 SAMR_CONNECT_PRE_W2K = 1, 1375 1375 SAMR_CONNECT_W2K = 2, -
branches/samba-3.3.x/source/libsmb/credentials.c
r206 r274 256 256 struct dcinfo tmp_dc = *dc; 257 257 258 if (!received_cred || !cred_out) { 259 return false; 260 } 261 258 262 /* Do all operations on a temporary copy of the dc, 259 263 which we throw away if the checks fail. */ -
branches/samba-3.3.x/source/libsmb/passchange.c
r206 r274 188 188 "failed. Error was %s, but LANMAN password " 189 189 "changed are disabled\n", 190 nt_errstr(result), remote_machine) == -1) {190 remote_machine, nt_errstr(result)) == -1) { 191 191 *err_str = NULL; 192 192 } -
branches/samba-3.3.x/source/locking/locking.c
r223 r274 1365 1365 if (fsp->conn->admin_user) { 1366 1366 tok_copy = copy_unix_token(lck, tok); 1367 tok_copy->uid = (uid_t)0;1368 1367 if (tok_copy == NULL) { 1369 1368 TALLOC_FREE(lck); 1370 1369 return false; 1371 1370 } 1371 tok_copy->uid = (uid_t)0; 1372 1372 tok = tok_copy; 1373 1373 } -
branches/samba-3.3.x/source/param/loadparm.c
r239 r274 671 671 static void set_allowed_client_auth(void); 672 672 673 static void add_to_file_list(const char *fname, const char *subfname); 674 673 675 static const struct enum_list enum_protocol[] = { 674 676 {PROTOCOL_NT1, "NT1"}, … … 6615 6617 } 6616 6618 } 6619 if (iServiceIndex >= 0) { 6620 return service_ok(iServiceIndex); 6621 } 6617 6622 return true; 6618 6623 } … … 6632 6637 goto done; 6633 6638 } 6639 6640 add_to_file_list(INCLUDE_REGISTRY_NAME, INCLUDE_REGISTRY_NAME); 6634 6641 6635 6642 ret = do_parameter("registry shares", "yes", NULL); … … 6701 6708 return ret; 6702 6709 } 6710 6711 #define MAX_INCLUDE_DEPTH 100 6712 6713 static uint8_t include_depth; 6703 6714 6704 6715 static struct file_lists { … … 6774 6785 DEBUG(6, ("lp_file_list_changed()\n")); 6775 6786 6776 if (lp_config_backend_is_registry()) {6777 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();6778 6779 if (conf_ctx == NULL) {6780 return false;6781 }6782 if (smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL)) {6783 DEBUGADD(6, ("registry config changed\n"));6784 return true;6785 }6786 }6787 6788 6787 while (f) { 6789 6788 char *n2 = NULL; 6790 6789 time_t mod_time; 6791 6790 6792 n2 = alloc_sub_basic(get_current_username(), 6793 current_user_info.domain, 6794 f->name); 6795 if (!n2) { 6796 return false; 6791 if (strequal(f->name, INCLUDE_REGISTRY_NAME)) { 6792 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx(); 6793 6794 if (conf_ctx == NULL) { 6795 return false; 6796 } 6797 if (smbconf_changed(conf_ctx, &conf_last_csn, NULL, 6798 NULL)) 6799 { 6800 DEBUGADD(6, ("registry config changed\n")); 6801 return true; 6802 } 6803 } else { 6804 n2 = alloc_sub_basic(get_current_username(), 6805 current_user_info.domain, 6806 f->name); 6807 if (!n2) { 6808 return false; 6809 } 6810 DEBUGADD(6, ("file %s -> %s last mod_time: %s\n", 6811 f->name, n2, ctime(&f->modtime))); 6812 6813 mod_time = file_modtime(n2); 6814 6815 if (mod_time && 6816 ((f->modtime != mod_time) || 6817 (f->subfname == NULL) || 6818 (strcmp(n2, f->subfname) != 0))) 6819 { 6820 DEBUGADD(6, 6821 ("file %s modified: %s\n", n2, 6822 ctime(&mod_time))); 6823 f->modtime = mod_time; 6824 SAFE_FREE(f->subfname); 6825 f->subfname = n2; /* Passing ownership of 6826 return from alloc_sub_basic 6827 above. */ 6828 return true; 6829 } 6830 SAFE_FREE(n2); 6797 6831 } 6798 DEBUGADD(6, ("file %s -> %s last mod_time: %s\n",6799 f->name, n2, ctime(&f->modtime)));6800 6801 mod_time = file_modtime(n2);6802 6803 if (mod_time && ((f->modtime != mod_time) || (f->subfname == NULL) || (strcmp(n2, f->subfname) != 0))) {6804 DEBUGADD(6,6805 ("file %s modified: %s\n", n2,6806 ctime(&mod_time)));6807 f->modtime = mod_time;6808 SAFE_FREE(f->subfname);6809 f->subfname = n2; /* Passing ownership of6810 return from alloc_sub_basic6811 above. */6812 return true;6813 }6814 SAFE_FREE(n2);6815 6832 f = f->next; 6816 6833 } … … 6889 6906 char *fname; 6890 6907 6908 if (include_depth >= MAX_INCLUDE_DEPTH) { 6909 DEBUG(0, ("Error: Maximum include depth (%u) exceeded!\n", 6910 include_depth)); 6911 return false; 6912 } 6913 6891 6914 if (strequal(pszParmValue, INCLUDE_REGISTRY_NAME)) { 6892 6915 if (!bAllowIncludeRegistry) { … … 6894 6917 } 6895 6918 if (bInGlobalSection) { 6896 return process_registry_globals(); 6919 bool ret; 6920 include_depth++; 6921 ret = process_registry_globals(); 6922 include_depth--; 6923 return ret; 6897 6924 } else { 6898 6925 DEBUG(1, ("\"include = registry\" only effective " … … 6911 6938 6912 6939 if (file_exist(fname, NULL)) { 6913 bool ret = pm_process(fname, do_section, do_parameter, NULL); 6940 bool ret; 6941 include_depth++; 6942 ret = pm_process(fname, do_section, do_parameter, NULL); 6943 include_depth--; 6914 6944 SAFE_FREE(fname); 6915 6945 return ret; -
branches/samba-3.3.x/source/passdb/lookup_sid.c
r223 r274 469 469 470 470 if (num_rids) { 471 *names = TALLOC_ ARRAY(mem_ctx, const char *, num_rids);471 *names = TALLOC_ZERO_ARRAY(mem_ctx, const char *, num_rids); 472 472 *types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_rids); 473 473 … … 475 475 return false; 476 476 } 477 478 for (i = 0; i < num_rids; i++) 479 (*types)[i] = SID_NAME_UNKNOWN; 477 480 } else { 478 481 *names = NULL; -
branches/samba-3.3.x/source/passdb/pdb_interface.c
r206 r274 1075 1075 "without algorithmic RIDs is chosen.\n")); 1076 1076 DEBUGADD(0, ("Please map all used groups using 'net groupmap " 1077 "add', set the maximum used RID using\n"));1078 DEBUGADD(0, (" 'net setmaxrid'and remove the parameter\n"));1077 "add', set the maximum used RID\n")); 1078 DEBUGADD(0, ("and remove the parameter\n")); 1079 1079 return False; 1080 1080 } -
branches/samba-3.3.x/source/passdb/pdb_ldap.c
r221 r274 560 560 } 561 561 562 if (!(username = smbldap_talloc_s ingle_attribute(priv2ld(ldap_state),562 if (!(username = smbldap_talloc_smallest_attribute(priv2ld(ldap_state), 563 563 entry, 564 564 "uid", … … 3283 3283 3284 3284 if ((rc == LDAP_NAMING_VIOLATION) || 3285 (rc == LDAP_NOT_ALLOWED_ON_RDN) || 3285 3286 (rc == LDAP_OBJECT_CLASS_VIOLATION)) { 3286 3287 const char *attrs[] = { "sambaGroupType", "description", … … 3297 3298 3298 3299 if ((rc == LDAP_NAMING_VIOLATION) || 3300 (rc == LDAP_NOT_ALLOWED_ON_RDN) || 3299 3301 (rc == LDAP_OBJECT_CLASS_VIOLATION)) { 3300 3302 const char *attrs[] = { "sambaGroupType", "description", -
branches/samba-3.3.x/source/rpc_server/srv_netlog_nt.c
r221 r274 473 473 NTSTATUS status; 474 474 uint32_t srv_flgs; 475 /* r->in.negotiate_flags is an aliased pointer to r->out.negotiate_flags, 476 * so use a copy to avoid destroying the client values. */ 477 uint32_t in_neg_flags = *r->in.negotiate_flags; 475 478 struct netr_Credential srv_chal_out; 476 479 … … 478 481 * Windows 7 looks at the negotiate_flags 479 482 * returned in this structure *even if the 480 * call fails with access denied ! So in order483 * call fails with access denied* ! So in order 481 484 * to allow Win7 to connect to a Samba NT style 482 485 * PDC we set the flags before we know if it's … … 495 498 NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL; 496 499 500 /* Ensure we support strong (128-bit) keys. */ 501 if (in_neg_flags & NETLOGON_NEG_128BIT) { 502 srv_flgs |= NETLOGON_NEG_128BIT; 503 } 504 497 505 if (lp_server_schannel() != false) { 498 506 srv_flgs |= NETLOGON_NEG_SCHANNEL; 499 507 } 500 501 *r->out.negotiate_flags = srv_flgs;502 508 503 509 /* We use this as the key to store the creds: */ … … 507 513 DEBUG(0,("_netr_ServerAuthenticate2: no challenge sent to client %s\n", 508 514 r->in.computer_name)); 509 return NT_STATUS_ACCESS_DENIED; 515 status = NT_STATUS_ACCESS_DENIED; 516 goto out; 510 517 } 511 518 512 519 if ( (lp_server_schannel() == true) && 513 (( *r->in.negotiate_flags & NETLOGON_NEG_SCHANNEL) == 0) ) {520 ((in_neg_flags & NETLOGON_NEG_SCHANNEL) == 0) ) { 514 521 515 522 /* schannel must be used, but client did not offer it. */ … … 517 524 "to offer it. Client was %s\n", 518 525 r->in.account_name)); 519 return NT_STATUS_ACCESS_DENIED; 526 status = NT_STATUS_ACCESS_DENIED; 527 goto out; 520 528 } 521 529 … … 528 536 r->in.account_name, nt_errstr(status) )); 529 537 /* always return NT_STATUS_ACCESS_DENIED */ 530 return NT_STATUS_ACCESS_DENIED; 538 status = NT_STATUS_ACCESS_DENIED; 539 goto out; 531 540 } 532 541 533 542 /* From the client / server challenges and md4 password, generate sess key */ 534 creds_server_init( *r->in.negotiate_flags,543 creds_server_init(in_neg_flags, 535 544 p->dc, 536 545 &p->dc->clnt_chal, /* Stored client chal. */ … … 545 554 r->in.computer_name, 546 555 r->in.account_name)); 547 return NT_STATUS_ACCESS_DENIED; 556 status = NT_STATUS_ACCESS_DENIED; 557 goto out; 548 558 } 549 559 /* set up the LSA AUTH 2 response */ … … 563 573 p->dc); 564 574 unbecome_root(); 565 566 return NT_STATUS_OK; 575 status = NT_STATUS_OK; 576 577 out: 578 579 *r->out.negotiate_flags = srv_flgs; 580 return status; 567 581 } 568 582 -
branches/samba-3.3.x/source/rpc_server/srv_samr_nt.c
r224 r274 863 863 sid_string_dbg(&pol_sid))); 864 864 865 status = access_check_samr_function(acc_granted,866 STD_RIGHT_READ_CONTROL_ACCESS,867 "_samr_QuerySecurity");868 if (!NT_STATUS_IS_OK(status)) {869 return status;870 }871 872 865 /* Check what typ of SID is beeing queried (e.g Domain SID, User SID, Group SID) */ 873 866 … … 1166 1159 num_groups, groups); 1167 1160 1161 if (MAX_SAM_ENTRIES <= num_groups) { 1162 status = STATUS_MORE_ENTRIES; 1163 } else { 1164 status = NT_STATUS_OK; 1165 } 1166 1168 1167 samr_array->count = num_groups; 1169 1168 samr_array->entries = samr_entries; … … 1234 1233 DEBUG(5,("_samr_EnumDomainAliases: %d\n", __LINE__)); 1235 1234 1235 if (MAX_SAM_ENTRIES <= num_aliases) { 1236 status = STATUS_MORE_ENTRIES; 1237 } else { 1238 status = NT_STATUS_OK; 1239 } 1240 1236 1241 samr_array->count = num_aliases; 1237 1242 samr_array->entries = samr_entries; … … 1475 1480 DEBUG(5,("_samr_QueryDisplayInfo: Nothing in BUILTIN\n")); 1476 1481 return NT_STATUS_OK; 1477 }1478 1479 status = access_check_samr_function(info->acc_granted,1480 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,1481 "_samr_QueryDisplayInfo");1482 if (!NT_STATUS_IS_OK(status)) {1483 return status;1484 1482 } 1485 1483 … … 2066 2064 return NT_STATUS_INVALID_HANDLE; 2067 2065 2068 status = access_check_samr_function(acc_granted,2069 0, /* Don't know the acc_bits yet */2070 "_samr_LookupRids");2071 if (!NT_STATUS_IS_OK(status)) {2072 return status;2073 }2074 2075 2066 if (num_rids > 1000) { 2076 2067 DEBUG(0, ("Got asked for %d rids (more than 1000) -- according " … … 2623 2614 return NT_STATUS_INVALID_HANDLE; 2624 2615 2625 status = access_check_samr_function(info->acc_granted,2626 SAMR_USER_ACCESS_GET_ATTRIBUTES,2627 "_samr_QueryUserInfo");2628 if (!NT_STATUS_IS_OK(status)) {2629 return status;2630 }2631 2632 2616 domain_sid = info->sid; 2633 2617 … … 2890 2874 } 2891 2875 2892 status = access_check_samr_function(info->acc_granted,2893 SAMR_ACCESS_LOOKUP_DOMAIN,2894 "_samr_QueryDomainInfo" );2895 2896 if ( !NT_STATUS_IS_OK(status) )2897 return status;2898 2899 2876 switch (r->in.level) { 2900 2877 case 0x01: … … 5638 5615 time_t u_logout; 5639 5616 time_t u_lock_duration, u_reset_time; 5640 NTSTATUS result;5641 5617 5642 5618 DEBUG(5,("_samr_SetDomainInfo: %d\n", __LINE__)); … … 5645 5621 if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info)) 5646 5622 return NT_STATUS_INVALID_HANDLE; 5647 5648 /* We do have different access bits for info5649 * levels here, but we're really just looking for5650 * GENERIC_RIGHTS_DOMAIN_WRITE access. Unfortunately5651 * this maps to different specific bits. So5652 * assume if we have SAMR_DOMAIN_ACCESS_SET_INFO_15653 * set we are ok. */5654 5655 result = access_check_samr_function(info->acc_granted,5656 SAMR_DOMAIN_ACCESS_SET_INFO_1,5657 "_samr_SetDomainInfo");5658 5659 if (!NT_STATUS_IS_OK(result))5660 return result;5661 5623 5662 5624 DEBUG(5,("_samr_SetDomainInfo: level: %d\n", r->in.level)); … … 5717 5679 uint32_t num_account = 0; 5718 5680 struct samr_displayentry *entries = NULL; 5719 NTSTATUS status;5720 5681 5721 5682 DEBUG(5,("_samr_GetDisplayEnumerationIndex: %d\n", __LINE__)); … … 5724 5685 if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info)) { 5725 5686 return NT_STATUS_INVALID_HANDLE; 5726 }5727 5728 status = access_check_samr_function(info->acc_granted,5729 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,5730 "_samr_GetDisplayEnumerationIndex");5731 if (!NT_STATUS_IS_OK(status)) {5732 return status;5733 5687 } 5734 5688 -
branches/samba-3.3.x/source/script/installmo.sh
r206 r274 36 36 echo "Installing $f as $FNAME" 37 37 touch "$FNAME" 38 $MSGFMT "$f" -f -o "$FNAME"38 $MSGFMT -f -o "$FNAME" "$f" 39 39 if test ! -f "$FNAME"; then 40 40 echo "Cannot install $FNAME. Does $USER have privileges?" -
branches/samba-3.3.x/source/smbd/file_access.c
r222 r274 93 93 94 94 #ifdef S_ISVTX 95 /* sticky bit means delete only by owner or root. */ 95 /* sticky bit means delete only by owner of file or by root or 96 * by owner of directory. */ 96 97 if (sbuf.st_mode & S_ISVTX) { 97 98 SMB_STRUCT_STAT sbuf_file; … … 102 103 return True; 103 104 } 105 DEBUG(10,("can_delete_file_in_directory: can't " 106 "stat file %s (%s)", 107 fname, strerror(errno) )); 104 108 return False; 105 109 } … … 108 112 * for bug #3348. Don't assume owning sticky bit 109 113 * directory means write access allowed. 114 * Fail to delete if we're not the owner of the file, 115 * or the owner of the directory as we have no possible 116 * chance of deleting. Otherwise, go on and check the ACL. 110 117 */ 111 if (conn->server_info->utok.uid != sbuf_file.st_uid) { 118 if ((conn->server_info->utok.uid != sbuf.st_uid) && 119 (conn->server_info->utok.uid != sbuf_file.st_uid)) { 120 DEBUG(10,("can_delete_file_in_directory: not " 121 "owner of file %s or directory %s", 122 fname, dname)); 112 123 return False; 113 124 } -
branches/samba-3.3.x/source/smbd/filename.c
r224 r274 37 37 const char *name, TALLOC_CTX *mem_ctx, 38 38 char **found_name); 39 static int get_real_filename_internal(connection_struct *conn, 40 const char *path, const char *name, 41 bool mangled, 42 TALLOC_CTX *mem_ctx, char **found_name); 39 43 40 44 /**************************************************************************** … … 494 498 } 495 499 496 /* ENOENT is the only valid error here. */ 497 if ((errno != 0) && (errno != ENOENT)) { 500 /* 501 * ENOENT/EACCESS are the only valid errors 502 * here. EACCESS needs handling here for 503 * "dropboxes", i.e. directories where users 504 * can only put stuff with permission -wx. 505 */ 506 if ((errno != 0) && (errno != ENOENT) 507 && (errno != EACCES)) { 498 508 /* 499 509 * ENOTDIR and ELOOP both map to … … 505 515 result = 506 516 NT_STATUS_OBJECT_PATH_NOT_FOUND; 507 } 508 else { 517 } else { 509 518 result = 510 519 map_nt_error_from_unix(errno); … … 838 847 /* Name is now unmangled. */ 839 848 name = unmangled_name; 840 } 841 return get_real_filename(conn, path, name, mem_ctx, 842 found_name); 849 } else { 850 /* 851 * If we have mangled names, do not ask the VFS'es 852 * GET_REAL_FILENAME. The Unix file system below does 853 * not know about Samba's style of mangling. 854 * 855 * Boolean flags passed down are evil, the alternative 856 * would be to pass a comparison function down into 857 * the loop in get_real_filename_internal(). For now, 858 * do the quick&dirty boolean flag approach. 859 */ 860 return get_real_filename_internal(conn, path, name, 861 true, 862 mem_ctx, found_name); 863 } 843 864 } 844 865 … … 847 868 } 848 869 849 int get_real_filename(connection_struct *conn, const char *path, 850 const char *name, TALLOC_CTX *mem_ctx, 851 char **found_name) 870 static int get_real_filename_internal(connection_struct *conn, 871 const char *path, const char *name, 872 bool mangled, 873 TALLOC_CTX *mem_ctx, char **found_name) 852 874 { 853 875 struct smb_Dir *cur_dir; 854 876 const char *dname; 855 bool mangled;856 877 char *unmangled_name = NULL; 857 878 long curpos; … … 902 923 errno = ENOENT; 903 924 return -1; 925 } 926 927 928 929 int get_real_filename(connection_struct *conn, 930 const char *path, const char *name, 931 TALLOC_CTX *mem_ctx, char **found_name) 932 { 933 /* 934 * This is the default VFS function. If we end up here, we know we 935 * don't have mangled names around. 936 */ 937 return get_real_filename_internal(conn, path, name, false, 938 mem_ctx, found_name); 904 939 } 905 940 -
branches/samba-3.3.x/source/smbd/msdfs.c
r206 r274 264 264 } 265 265 266 conn->fs_capabilities = SMB_VFS_FS_CAPABILITIES(conn); 267 266 268 /* 267 269 * Windows seems to insist on doing trans2getdfsreferral() calls on … … 403 405 SMB_STRUCT_STAT st; 404 406 int referral_len = 0; 407 #if defined(HAVE_BROKEN_READLINK) 408 char link_target_buf[PATH_MAX]; 409 #else 405 410 char link_target_buf[7]; 411 #endif 406 412 size_t bufsize = 0; 407 413 char *link_target = NULL; -
branches/samba-3.3.x/source/smbd/posix_acls.c
r224 r274 1118 1118 return True; 1119 1119 1120 /* Assume that the current user is in the current group (force group) */ 1121 1122 if (uid_ace->unix_ug.uid == current_user.ut.uid && group_ace->unix_ug.gid == current_user.ut.gid) 1123 return True; 1120 /* 1121 * if it's the current user, we already have the unix token 1122 * and don't need to do the complex user_in_group_sid() call 1123 */ 1124 if (uid_ace->unix_ug.uid == current_user.ut.uid) { 1125 size_t i; 1126 1127 if (group_ace->unix_ug.gid == current_user.ut.gid) { 1128 return True; 1129 } 1130 1131 for (i=0; i < current_user.ut.ngroups; i++) { 1132 if (group_ace->unix_ug.gid == current_user.ut.groups[i]) { 1133 return True; 1134 } 1135 } 1136 } 1124 1137 1125 1138 /* u_name talloc'ed off tos. */ … … 1128 1141 return False; 1129 1142 } 1143 1144 /* notice that this is not reliable for users exported by winbindd! */ 1130 1145 return user_in_group_sid(u_name, &group_ace->trustee); 1131 1146 } -
branches/samba-3.3.x/source/smbd/posix_acls.c#
r206 r274 1 1 *************** 2 *** 4289,4298 **** 3 if (!S_ISDIR(sbuf.st_mode)) { 2 *** 1117,1132 **** 3 if (sid_equal(&group_ace->trustee, &global_sid_World)) 4 return True; 5 6 - /* Assume that the current user is in the current group (force group) */ 7 8 - if (uid_ace->unix_ug.uid == current_user.ut.uid && group_ace->unix_ug.gid == current_user.ut.gid) 9 - return True; 10 11 /* u_name talloc'ed off tos. */ 12 u_name = uidtoname(uid_ace->unix_ug.uid); 13 if (!u_name) { 4 14 return False; 5 15 } 6 if (current_user.ut.uid == 0 || conn->admin_user) { 7 /* I'm sorry sir, I didn't know you were root... */ 16 return user_in_group_sid(u_name, &group_ace->trustee); 17 } 18 19 --- 1117,1147 ---- 20 if (sid_equal(&group_ace->trustee, &global_sid_World)) 8 21 return True; 9 }10 22 11 /* Check primary owner write access. */ 12 if (current_user.ut.uid == sbuf.st_uid) { 13 --- 4289,4301 ---- 14 if (!S_ISDIR(sbuf.st_mode)) { 23 + /* 24 + * if it's the current user, we already have the unix token 25 + * and don't need to do the complex user_in_group_sid() call 26 + */ 27 + if (uid_ace->unix_ug.uid == current_user.ut.uid) { 28 + size_t i; 29 30 + if (group_ace->unix_ug.gid == current_user.ut.gid) { 31 + return True; 32 + } 33 + 34 + for (i=0; i < current_user.ut.ngroups; i++) { 35 + if (group_ace->unix_ug.gid == current_user.ut.groups[i]) { 36 + return True; 37 + } 38 + } 39 + } 40 41 /* u_name talloc'ed off tos. */ 42 u_name = uidtoname(uid_ace->unix_ug.uid); 43 if (!u_name) { 15 44 return False; 16 45 } 17 + #ifndef __OS2__ 18 + /* Samba always runs as root on OS/2 */ 19 if (current_user.ut.uid == 0 || conn->admin_user) { 20 /* I'm sorry sir, I didn't know you were root... */ 21 return True; 22 } 23 + #endif 46 + 47 + /* notice that this is not reliable for users exported by winbindd! */ 48 return user_in_group_sid(u_name, &group_ace->trustee); 49 } 24 50 25 /* Check primary owner write access. */26 if (current_user.ut.uid == sbuf.st_uid) { -
branches/samba-3.3.x/source/smbd/server.c
r223 r274 591 591 /* Kick off our mDNS registration. */ 592 592 if (dns_port != 0) { 593 #ifdef WITH_DNSSD_SUPPORT594 dns_register_smbd(&dns_reg, dns_port, &maxfd,595 &r_fds, &idle_timeout);596 #endif597 593 #ifdef WITH_AVAHI_SUPPORT 598 594 void *avahi_conn; -
branches/samba-3.3.x/source/smbd/service.c
r264 r274 291 291 } 292 292 293 if (!service_ok(res)) { 294 res = -1; 295 } 296 293 297 error: 294 298 … … 741 745 742 746 if (!NT_STATUS_IS_OK(status)) { 743 DEBUG( 0, ("create_connection_server_info failed: %s\n",747 DEBUG(1, ("create_connection_server_info failed: %s\n", 744 748 nt_errstr(status))); 745 749 *pstatus = status; -
branches/samba-3.3.x/source/smbd/uid.c
r224 r274 55 55 } 56 56 57 /**************************************************************************** 58 talloc free the conn->server_info if not used in the vuid cache. 59 ****************************************************************************/ 60 61 static void free_conn_server_info_if_unused(connection_struct *conn) 62 { 63 unsigned int i; 64 65 for (i = 0; i < VUID_CACHE_SIZE; i++) { 66 struct vuid_cache_entry *ent; 67 ent = &conn->vuid_cache.array[i]; 68 if (ent->vuid != UID_FIELD_INVALID && 69 conn->server_info == ent->server_info) { 70 return; 71 } 72 } 73 /* Not used, safe to free. */ 74 TALLOC_FREE(conn->server_info); 75 } 76 57 77 /******************************************************************* 58 78 Check if a username is OK. … … 78 98 ent = &conn->vuid_cache.array[i]; 79 99 if (ent->vuid == vuid) { 100 free_conn_server_info_if_unused(conn); 80 101 conn->server_info = ent->server_info; 81 102 conn->read_only = ent->read_only; … … 143 164 ent->read_only = readonly_share; 144 165 ent->admin_user = admin_user; 166 free_conn_server_info_if_unused(conn); 145 167 conn->server_info = ent->server_info; 146 168 } … … 154 176 /**************************************************************************** 155 177 Clear a vuid out of the connection's vuid cache 178 This is only called on SMBulogoff. 156 179 ****************************************************************************/ 157 180 … … 167 190 if (ent->vuid == vuid) { 168 191 ent->vuid = UID_FIELD_INVALID; 169 /* Ensure we're not freeing an active pointer. */ 192 /* 193 * We need to keep conn->server_info around 194 * if it's equal to ent->server_info as a SMBulogoff 195 * is often followed by a SMBtdis (with an invalid 196 * vuid). The debug code (or regular code in 197 * vfs_full_audit) wants to refer to the 198 * conn->server_info pointer to print debug 199 * statements. Theoretically this is a bug, 200 * as once the vuid is gone the server_info 201 * on the conn struct isn't valid any more, 202 * but there's enough code that assumes 203 * conn->server_info is never null that 204 * it's easier to hold onto the old pointer 205 * until we get a new sessionsetupX. 206 * As everything is hung off the 207 * conn pointer as a talloc context we're not 208 * leaking memory here. See bug #6315. JRA. 209 */ 170 210 if (conn->server_info == ent->server_info) { 171 conn->server_info = NULL; 211 ent->server_info = NULL; 212 } else { 213 TALLOC_FREE(ent->server_info); 172 214 } 173 TALLOC_FREE(ent->server_info);174 215 ent->read_only = False; 175 216 ent->admin_user = False; -
branches/samba-3.3.x/source/utils/net_dom.c
r206 r274 39 39 const char *password = NULL; 40 40 uint32_t unjoin_flags = NETSETUP_ACCT_DELETE | 41 NETSETUP_JOIN_DOMAIN; 41 NETSETUP_JOIN_DOMAIN | 42 NETSETUP_IGNORE_UNSUPPORTED_FLAGS; 42 43 struct cli_state *cli = NULL; 43 44 bool do_reboot = false; -
branches/samba-3.3.x/source/utils/net_groupmap.c
r206 r274 620 620 /* The case (opt_domaingroup && opt_localgroup) was tested for above */ 621 621 622 if ( strlen(c->opt_comment) > 0)622 if ((c->opt_comment != NULL) && (strlen(c->opt_comment) > 0)) { 623 623 fstrcpy(map.comment, c->opt_comment); 624 625 if (strlen(c->opt_newntname) > 0) 624 } 625 626 if ((c->opt_newntname != NULL) && (strlen(c->opt_newntname) > 0)) { 626 627 fstrcpy(map.nt_name, c->opt_newntname); 628 } 627 629 628 630 if (grp != NULL) -
branches/samba-3.3.x/source/utils/net_rap.c
r206 r274 823 823 userinfo.userflags = c->opt_flags; 824 824 userinfo.reserved1 = '\0'; 825 userinfo.comment = smb_xstrdup(c->opt_comment);825 userinfo.comment = smb_xstrdup(c->opt_comment ? c->opt_comment : ""); 826 826 userinfo.priv = 1; 827 827 userinfo.home_dir = NULL; … … 963 963 safe_strcpy(grinfo.group_name, argv[0], sizeof(grinfo.group_name)-1); 964 964 grinfo.reserved1 = '\0'; 965 grinfo.comment = smb_xstrdup(c->opt_comment );965 grinfo.comment = smb_xstrdup(c->opt_comment ? c->opt_comment : ""); 966 966 967 967 ret = cli_NetGroupAdd(cli, &grinfo); -
branches/samba-3.3.x/source/utils/smbget.c
r221 r274 583 583 {"keep-permissions", 'P', POPT_ARG_NONE, &keep_permissions, 'P', "Keep permissions" }, 584 584 {"blocksize", 'b', POPT_ARG_INT, &blocksize, 'b', "Change number of bytes in a block"}, 585 {"rcfile", 'f', POPT_ARG_STRING, NULL, 0, "Use specified rc file"},585 {"rcfile", 'f', POPT_ARG_STRING, NULL, 'f', "Use specified rc file"}, 586 586 POPT_AUTOHELP 587 587 POPT_TABLEEND -
branches/samba-3.3.x/source/winbindd/idmap_ldap.c
r222 r274 766 766 struct idmap_ldap_context *ctx = NULL; 767 767 char *config_option = NULL; 768 const char *range = NULL;769 768 const char *tmp = NULL; 770 769 … … 780 779 } 781 780 782 config_option = talloc_asprintf(ctx, "idmap config %s", dom->name); 783 if ( ! config_option) { 784 DEBUG(0, ("Out of memory!\n")); 785 ret = NT_STATUS_NO_MEMORY; 786 goto done; 787 } 788 789 /* load ranges */ 790 range = lp_parm_const_string(-1, config_option, "range", NULL); 791 if (range && range[0]) { 792 if ((sscanf(range, "%u - %u", &ctx->filter_low_id, 793 &ctx->filter_high_id) != 2) || 794 (ctx->filter_low_id > ctx->filter_high_id)) { 795 DEBUG(1, ("ERROR: invalid filter range [%s]", range)); 796 ctx->filter_low_id = 0; 797 ctx->filter_high_id = 0; 798 } 781 if (strequal(dom->name, "*")) { 782 uid_t low_uid = 0; 783 uid_t high_uid = 0; 784 gid_t low_gid = 0; 785 gid_t high_gid = 0; 786 787 ctx->filter_low_id = 0; 788 ctx->filter_high_id = 0; 789 790 if (lp_idmap_uid(&low_uid, &high_uid)) { 791 ctx->filter_low_id = low_uid; 792 ctx->filter_high_id = high_uid; 793 } else { 794 DEBUG(3, ("Warning: 'idmap uid' not set!\n")); 795 } 796 797 if (lp_idmap_gid(&low_gid, &high_gid)) { 798 if ((low_gid != low_uid) || (high_gid != high_uid)) { 799 DEBUG(1, ("Warning: 'idmap uid' and 'idmap gid'" 800 " ranges do not agree -- building " 801 "intersection\n")); 802 ctx->filter_low_id = MAX(ctx->filter_low_id, 803 low_gid); 804 ctx->filter_high_id = MIN(ctx->filter_high_id, 805 high_gid); 806 } 807 } else { 808 DEBUG(3, ("Warning: 'idmap gid' not set!\n")); 809 } 810 } else { 811 const char *range = NULL; 812 813 config_option = talloc_asprintf(ctx, "idmap config %s", dom->name); 814 if ( ! config_option) { 815 DEBUG(0, ("Out of memory!\n")); 816 ret = NT_STATUS_NO_MEMORY; 817 goto done; 818 } 819 820 /* load ranges */ 821 range = lp_parm_const_string(-1, config_option, "range", NULL); 822 if (range && range[0]) { 823 if ((sscanf(range, "%u - %u", &ctx->filter_low_id, 824 &ctx->filter_high_id) != 2)) 825 { 826 DEBUG(1, ("ERROR: invalid filter range [%s]", range)); 827 ctx->filter_low_id = 0; 828 ctx->filter_high_id = 0; 829 } 830 } 831 } 832 833 if (ctx->filter_low_id > ctx->filter_high_id) { 834 DEBUG(1, ("ERROR: invalid filter range [%u-%u]", 835 ctx->filter_low_id, ctx->filter_high_id)); 836 ctx->filter_low_id = 0; 837 ctx->filter_high_id = 0; 799 838 } 800 839 -
branches/samba-3.3.x/source/winbindd/idmap_tdb.c
r222 r274 570 570 NTSTATUS ret; 571 571 struct idmap_tdb_context *ctx; 572 char *config_option = NULL;573 const char *range;574 572 575 573 ctx = talloc(dom, struct idmap_tdb_context); … … 579 577 } 580 578 581 config_option = talloc_asprintf(ctx, "idmap config %s", dom->name); 582 if ( ! config_option) { 583 DEBUG(0, ("Out of memory!\n")); 584 ret = NT_STATUS_NO_MEMORY; 585 goto failed; 586 } 579 if (strequal(dom->name, "*")) { 580 uid_t low_uid = 0; 581 uid_t high_uid = 0; 582 gid_t low_gid = 0; 583 gid_t high_gid = 0; 584 585 ctx->filter_low_id = 0; 586 ctx->filter_high_id = 0; 587 588 if (lp_idmap_uid(&low_uid, &high_uid)) { 589 ctx->filter_low_id = low_uid; 590 ctx->filter_high_id = high_uid; 591 } else { 592 DEBUG(3, ("Warning: 'idmap uid' not set!\n")); 593 } 594 595 if (lp_idmap_gid(&low_gid, &high_gid)) { 596 if ((low_gid != low_uid) || (high_gid != high_uid)) { 597 DEBUG(1, ("Warning: 'idmap uid' and 'idmap gid'" 598 " ranges do not agree -- building " 599 "intersection\n")); 600 ctx->filter_low_id = MAX(ctx->filter_low_id, 601 low_gid); 602 ctx->filter_high_id = MIN(ctx->filter_high_id, 603 high_gid); 604 } 605 } else { 606 DEBUG(3, ("Warning: 'idmap gid' not set!\n")); 607 } 608 } else { 609 char *config_option = NULL; 610 const char *range; 611 612 config_option = talloc_asprintf(ctx, "idmap config %s", dom->name); 613 if ( ! config_option) { 614 DEBUG(0, ("Out of memory!\n")); 615 ret = NT_STATUS_NO_MEMORY; 616 goto failed; 617 } 618 619 range = lp_parm_const_string(-1, config_option, "range", NULL); 620 if (( ! range) || 621 (sscanf(range, "%u - %u", &ctx->filter_low_id, &ctx->filter_high_id) != 2)) 622 { 623 ctx->filter_low_id = 0; 624 ctx->filter_high_id = 0; 625 } 626 627 talloc_free(config_option); 628 } 629 630 if (ctx->filter_low_id > ctx->filter_high_id) { 631 ctx->filter_low_id = 0; 632 ctx->filter_high_id = 0; 633 } 634 635 DEBUG(10, ("idmap_tdb_db_init: filter range %u-%u loaded for domain " 636 "'%s'\n", ctx->filter_low_id, ctx->filter_high_id, dom->name)); 587 637 588 638 ret = idmap_tdb_open_db(ctx, &ctx->tdb); … … 591 641 } 592 642 593 range = lp_parm_const_string(-1, config_option, "range", NULL);594 if (( ! range) ||595 (sscanf(range, "%u - %u", &ctx->filter_low_id, &ctx->filter_high_id) != 2) ||596 (ctx->filter_low_id > ctx->filter_high_id)) {597 ctx->filter_low_id = 0;598 ctx->filter_high_id = 0;599 }600 601 643 dom->private_data = ctx; 602 644 603 talloc_free(config_option);604 645 return NT_STATUS_OK; 605 646 -
branches/samba-3.3.x/source/winbindd/idmap_tdb2.c
r222 r274 343 343 NTSTATUS ret; 344 344 struct idmap_tdb2_context *ctx; 345 char *config_option = NULL;346 const char *range;347 345 NTSTATUS status; 348 346 … … 356 354 } 357 355 358 config_option = talloc_asprintf(ctx, "idmap config %s", dom->name); 359 if ( ! config_option) { 360 DEBUG(0, ("Out of memory!\n")); 361 ret = NT_STATUS_NO_MEMORY; 362 goto failed; 363 } 364 365 range = lp_parm_const_string(-1, config_option, "range", NULL); 366 if (( ! range) || 367 (sscanf(range, "%u - %u", &ctx->filter_low_id, &ctx->filter_high_id) != 2) || 368 (ctx->filter_low_id > ctx->filter_high_id)) { 356 if (strequal(dom->name, "*")) { 357 uid_t low_uid = 0; 358 uid_t high_uid = 0; 359 gid_t low_gid = 0; 360 gid_t high_gid = 0; 361 369 362 ctx->filter_low_id = 0; 370 363 ctx->filter_high_id = 0; 364 365 if (lp_idmap_uid(&low_uid, &high_uid)) { 366 ctx->filter_low_id = low_uid; 367 ctx->filter_high_id = high_uid; 368 } else { 369 DEBUG(3, ("Warning: 'idmap uid' not set!\n")); 370 } 371 372 if (lp_idmap_gid(&low_gid, &high_gid)) { 373 if ((low_gid != low_uid) || (high_gid != high_uid)) { 374 DEBUG(1, ("Warning: 'idmap uid' and 'idmap gid'" 375 " ranges do not agree -- building " 376 "intersection\n")); 377 ctx->filter_low_id = MAX(ctx->filter_low_id, 378 low_gid); 379 ctx->filter_high_id = MIN(ctx->filter_high_id, 380 high_gid); 381 } 382 } else { 383 DEBUG(3, ("Warning: 'idmap gid' not set!\n")); 384 } 385 } else { 386 char *config_option = NULL; 387 const char *range; 388 config_option = talloc_asprintf(ctx, "idmap config %s", dom->name); 389 if ( ! config_option) { 390 DEBUG(0, ("Out of memory!\n")); 391 ret = NT_STATUS_NO_MEMORY; 392 goto failed; 393 } 394 395 range = lp_parm_const_string(-1, config_option, "range", NULL); 396 if (( ! range) || 397 (sscanf(range, "%u - %u", &ctx->filter_low_id, &ctx->filter_high_id) != 2)) 398 { 399 ctx->filter_low_id = 0; 400 ctx->filter_high_id = 0; 401 } 402 403 talloc_free(config_option); 404 } 405 406 if (ctx->filter_low_id > ctx->filter_high_id) { 407 ctx->filter_low_id = 0; 408 ctx->filter_high_id = 0; 371 409 } 372 410 373 411 dom->private_data = ctx; 374 412 375 talloc_free(config_option);376 413 return NT_STATUS_OK; 377 414 -
branches/samba-3.3.x/source/winbindd/winbindd.c
r222 r274 779 779 for (state = winbindd_client_list(); state; state = state->next) { 780 780 if (state->response.result != WINBINDD_PENDING && 781 state->fd_event.flags == EVENT_FD_READ && 781 782 !state->getpwent_state && !state->getgrent_state) { 782 783 nidle++;
Note:
See TracChangeset
for help on using the changeset viewer.
