Changeset 732 for branches/samba-3.5.x/source3
- Timestamp:
- Nov 12, 2012, 4:35:55 PM (13 years ago)
- Location:
- branches/samba-3.5.x/source3
- Files:
-
- 31 edited
-
Makefile.in (modified) (1 diff)
-
VERSION (modified) (1 diff)
-
build.cmd (modified) (5 diffs)
-
client/client.c (modified) (3 diffs)
-
include/local.h (modified) (1 diff)
-
include/proto.h (modified) (6 diffs)
-
include/smb.h (modified) (1 diff)
-
lib/netapi/netapi.c (modified) (3 diffs)
-
lib/util.c (modified) (1 diff)
-
libnet/libnet_join.c (modified) (6 diffs)
-
libsmb/cliconnect.c (modified) (4 diffs)
-
libsmb/clifile.c (modified) (6 diffs)
-
locking/locking.c (modified) (1 diff)
-
modules/vfs_acl_common.c (modified) (5 diffs)
-
nmbd/nmbd_packets.c (modified) (2 diffs)
-
param/loadparm.c (modified) (4 diffs)
-
rpc_server/srv_wkssvc_nt.c (modified) (2 diffs)
-
smbd/filename.c (modified) (4 diffs)
-
smbd/msdfs.c (modified) (2 diffs)
-
smbd/nttrans.c (modified) (3 diffs)
-
smbd/open.c (modified) (4 diffs)
-
smbd/posix_acls.c (modified) (11 diffs)
-
smbd/process.c (modified) (1 diff)
-
smbd/reply.c (modified) (3 diffs)
-
smbd/statcache.c (modified) (4 diffs)
-
smbd/trans2.c (modified) (7 diffs)
-
web/swat.c (modified) (2 diffs)
-
winbindd/wb_group_members.c (modified) (1 diff)
-
winbindd/winbindd.c (modified) (1 diff)
-
winbindd/winbindd_dual.c (modified) (4 diffs)
-
winbindd/winbindd_pam.c (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.5.x/source3/Makefile.in
r599 r732 29 29 30 30 ## Dynamic shared libraries build settings 31 DSO_EXPORTS_CMD=-Wl,--version-script,$(srcdir)/exports/`basename $@ | sed 's /@SHLIBEXT@\(.[0-9]\{1,\}\)\{0,1\}$$/@SYMSEXT@/'`31 DSO_EXPORTS_CMD=-Wl,--version-script,$(srcdir)/exports/`basename $@ | sed 's:\.@SHLIBEXT@[\.0-9]*$$:.@SYMSEXT@:'` 32 32 DSO_EXPORTS=@DSO_EXPORTS@ 33 33 SHLD_DSO = $(SHLD) $(LDSHFLAGS) $(DSO_EXPORTS) -o $@ -
branches/samba-3.5.x/source3/VERSION
r620 r732 26 26 SAMBA_VERSION_MAJOR=3 27 27 SAMBA_VERSION_MINOR=5 28 SAMBA_VERSION_RELEASE=1 128 SAMBA_VERSION_RELEASE=12 29 29 30 30 ######################################################## -
branches/samba-3.5.x/source3/build.cmd
r698 r732 15 15 /* version 0.3.7 from 23.04.2012 Silvan (compile and link flags need to be 16 16 set here [happy birthday Jason]) */ 17 /* version 0.3.8 from 09.11.2012 Silvan (eliminated the 2nd brand function) */ 17 18 18 19 /* load the sysfuncs if not already loaded */ … … 24 25 25 26 /* init the version string (don't forget to change) */ 26 version = "0.3. 7"27 version_date = " 23.04.2012"27 version = "0.3.8" 28 version_date = "09.11.2012" 28 29 29 30 /* number of make jobs to execute at the same time */ … … 112 113 end 113 114 115 say "Building with: " || build_parms 116 say 114 117 ok = SysFileTree(".\include\version.h",versionh.,'FO') 115 118 116 if versionh.0 = 0 & conf = "YES"then do119 if (versionh.0 = 0 & conf = "YES") | (brand = "YES") then do 117 120 svninfo = ".\svninfo" 118 121 address cmd 'svn status -q -u | grep "^Status against revision:" | sed -e "s/Status against revision: *//">'svninfo … … 159 162 end 160 163 161 if brand = "YES" then do162 svninfo = ".\svninfo"163 address cmd 'svn status -q -u | grep "^Status against revision:" | sed -e "s/Status against revision: *//">'svninfo164 revision = strip(translate(linein(svninfo)))165 ok = stream(svninfo,'c','close')166 call brand revision167 end168 169 164 if make <> "" then do 170 say build_parms171 165 address cmd 'make -j 'jobs' 2>&1 | tee build.log' 172 166 end … … 257 251 ok = SysFileDelete(NewVersion) 258 252 verstring = suffix'-'Major'.'minor'.'release'.'revision'-'vendor'-'date('S') 259 say "Samba "verstring 253 say "Samba branded as: "verstring 254 say 260 255 return 261 256 -
branches/samba-3.5.x/source3/client/client.c
r593 r732 1669 1669 if (!NT_STATUS_IS_OK(status)) { 1670 1670 d_fprintf(stderr, "cli_push returned %s\n", nt_errstr(status)); 1671 rc = 1; 1671 1672 } 1672 1673 … … 1701 1702 if (f == x_stdin) { 1702 1703 cli_shutdown(cli); 1703 exit( 0);1704 exit(rc); 1704 1705 } 1705 1706 … … 2305 2306 2306 2307 if (!NT_STATUS_IS_OK(cli_posix_open(targetcli, targetname, O_CREAT|O_RDWR, mode, &fnum))) { 2307 if ( !NT_STATUS_IS_OK(cli_posix_open(targetcli, targetname, O_CREAT|O_RDONLY, mode, &fnum))) {2308 d_printf("posix_open file %s: for read /writefnum %d\n", targetname, fnum);2308 if (NT_STATUS_IS_OK(cli_posix_open(targetcli, targetname, O_CREAT|O_RDONLY, mode, &fnum))) { 2309 d_printf("posix_open file %s: for readonly fnum %d\n", targetname, fnum); 2309 2310 } else { 2310 2311 d_printf("Failed to open file %s. %s\n", targetname, cli_errstr(cli)); -
branches/samba-3.5.x/source3/include/local.h
r599 r732 241 241 #define WINBIND_SERVER_MUTEX_WAIT_TIME (( ((NUM_CLI_AUTH_CONNECT_RETRIES) * ((CLI_AUTH_TIMEOUT)/1000)) + 5)*2) 242 242 243 /* Max number of simultaneous winbindd socket connections. */244 #define WINBINDD_MAX_SIMULTANEOUS_CLIENTS 200245 246 243 /* Buffer size to use when printing backtraces */ 247 244 #define BACKTRACE_STACK_SIZE 64 -
branches/samba-3.5.x/source3/include/proto.h
r599 r732 1243 1243 struct tevent_context *ev, 1244 1244 NTSTATUS *status); 1245 bool is_executable(const char *fname); 1246 bool map_open_params_to_ntcreate(const char *smb_base_fname, 1247 int deny_mode, int open_func, 1248 uint32 *paccess_mask, 1249 uint32 *pshare_mode, 1250 uint32 *pcreate_disposition, 1251 uint32 *pcreate_options); 1245 1252 1246 1253 /* The following definitions come from lib/util_file.c */ … … 4258 4265 int lp_winbind_cache_time(void); 4259 4266 int lp_winbind_reconnect_delay(void); 4267 int lp_winbind_max_clients(void); 4260 4268 const char **lp_winbind_nss_info(void); 4261 4269 int lp_algorithmic_rid_base(void); … … 6347 6355 struct smb_filename **smb_fname, 6348 6356 uint32_t ucf_flags); 6357 NTSTATUS check_veto_path(connection_struct *conn, const char *name); 6349 6358 NTSTATUS check_name(connection_struct *conn, const char *name); 6350 6359 int get_real_filename(connection_struct *conn, const char *path, … … 6609 6618 const char *fname, 6610 6619 SMB_STRUCT_STAT *psbuf); 6611 bool is_executable(const char *fname);6612 6620 bool is_stat_open(uint32 access_mask); 6613 6621 bool request_timed_out(struct timeval request_time, … … 6629 6637 uint32 share_access, 6630 6638 uint32 create_options); 6631 bool map_open_params_to_ntcreate(const struct smb_filename *smb_fname,6632 int deny_mode, int open_func,6633 uint32 *paccess_mask,6634 uint32 *pshare_mode,6635 uint32 *pcreate_disposition,6636 uint32 *pcreate_options);6637 6639 NTSTATUS open_file_fchmod(connection_struct *conn, 6638 6640 struct smb_filename *smb_fname, … … 7054 7056 bool case_sensitive); 7055 7057 bool stat_cache_lookup(connection_struct *conn, 7058 bool posix_paths, 7056 7059 char **pp_name, 7057 7060 char **pp_dirpath, -
branches/samba-3.5.x/source3/include/smb.h
r480 r732 1958 1958 #define UCF_COND_ALLOW_WCARD_LCOMP 0x00000004 1959 1959 #define UCF_POSIX_PATHNAMES 0x00000008 1960 #define UCF_UNIX_NAME_LOOKUP 0x00000010 1960 1961 1961 1962 /* -
branches/samba-3.5.x/source3/lib/netapi/netapi.c
r414 r732 56 56 NET_API_STATUS status; 57 57 struct libnetapi_ctx *ctx = NULL; 58 char *krb5_cc_env = NULL;59 58 60 59 if (stat_ctx && libnetapi_initialized) { … … 101 100 102 101 BlockSignals(True, SIGPIPE); 103 104 krb5_cc_env = getenv(KRB5_ENV_CCNAME);105 if (!krb5_cc_env || (strlen(krb5_cc_env) == 0)) {106 ctx->krb5_cc_env = talloc_strdup(frame, "MEMORY:libnetapi");107 setenv(KRB5_ENV_CCNAME, ctx->krb5_cc_env, 1);108 }109 102 110 103 if (getenv("USER")) { … … 251 244 } 252 245 246 /**************************************************************** 247 ****************************************************************/ 248 253 249 NET_API_STATUS libnetapi_set_use_ccache(struct libnetapi_ctx *ctx) 254 250 { -
branches/samba-3.5.x/source3/lib/util.c
r599 r732 3076 3076 return ret; 3077 3077 } 3078 3079 /******************************************************************* 3080 Return True if the filename is one of the special executable types. 3081 ********************************************************************/ 3082 3083 bool is_executable(const char *fname) 3084 { 3085 if ((fname = strrchr_m(fname,'.'))) { 3086 if (strequal(fname,".com") || 3087 strequal(fname,".dll") || 3088 strequal(fname,".exe") || 3089 strequal(fname,".sym")) { 3090 return True; 3091 } 3092 } 3093 return False; 3094 } 3095 3096 /**************************************************************************** 3097 Open a file with a share mode - old openX method - map into NTCreate. 3098 ****************************************************************************/ 3099 3100 bool map_open_params_to_ntcreate(const char *smb_base_fname, 3101 int deny_mode, int open_func, 3102 uint32 *paccess_mask, 3103 uint32 *pshare_mode, 3104 uint32 *pcreate_disposition, 3105 uint32 *pcreate_options) 3106 { 3107 uint32 access_mask; 3108 uint32 share_mode; 3109 uint32 create_disposition; 3110 uint32 create_options = FILE_NON_DIRECTORY_FILE; 3111 3112 DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, " 3113 "open_func = 0x%x\n", 3114 smb_base_fname, (unsigned int)deny_mode, 3115 (unsigned int)open_func )); 3116 3117 /* Create the NT compatible access_mask. */ 3118 switch (GET_OPENX_MODE(deny_mode)) { 3119 case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */ 3120 case DOS_OPEN_RDONLY: 3121 access_mask = FILE_GENERIC_READ; 3122 break; 3123 case DOS_OPEN_WRONLY: 3124 access_mask = FILE_GENERIC_WRITE; 3125 break; 3126 case DOS_OPEN_RDWR: 3127 case DOS_OPEN_FCB: 3128 access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE; 3129 break; 3130 default: 3131 DEBUG(10,("map_open_params_to_ntcreate: bad open mode = 0x%x\n", 3132 (unsigned int)GET_OPENX_MODE(deny_mode))); 3133 return False; 3134 } 3135 3136 /* Create the NT compatible create_disposition. */ 3137 switch (open_func) { 3138 case OPENX_FILE_EXISTS_FAIL|OPENX_FILE_CREATE_IF_NOT_EXIST: 3139 create_disposition = FILE_CREATE; 3140 break; 3141 3142 case OPENX_FILE_EXISTS_OPEN: 3143 create_disposition = FILE_OPEN; 3144 break; 3145 3146 case OPENX_FILE_EXISTS_OPEN|OPENX_FILE_CREATE_IF_NOT_EXIST: 3147 create_disposition = FILE_OPEN_IF; 3148 break; 3149 3150 case OPENX_FILE_EXISTS_TRUNCATE: 3151 create_disposition = FILE_OVERWRITE; 3152 break; 3153 3154 case OPENX_FILE_EXISTS_TRUNCATE|OPENX_FILE_CREATE_IF_NOT_EXIST: 3155 create_disposition = FILE_OVERWRITE_IF; 3156 break; 3157 3158 default: 3159 /* From samba4 - to be confirmed. */ 3160 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_EXEC) { 3161 create_disposition = FILE_CREATE; 3162 break; 3163 } 3164 DEBUG(10,("map_open_params_to_ntcreate: bad " 3165 "open_func 0x%x\n", (unsigned int)open_func)); 3166 return False; 3167 } 3168 3169 /* Create the NT compatible share modes. */ 3170 switch (GET_DENY_MODE(deny_mode)) { 3171 case DENY_ALL: 3172 share_mode = FILE_SHARE_NONE; 3173 break; 3174 3175 case DENY_WRITE: 3176 share_mode = FILE_SHARE_READ; 3177 break; 3178 3179 case DENY_READ: 3180 share_mode = FILE_SHARE_WRITE; 3181 break; 3182 3183 case DENY_NONE: 3184 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE; 3185 break; 3186 3187 case DENY_DOS: 3188 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS; 3189 if (is_executable(smb_base_fname)) { 3190 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE; 3191 } else { 3192 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_RDONLY) { 3193 share_mode = FILE_SHARE_READ; 3194 } else { 3195 share_mode = FILE_SHARE_NONE; 3196 } 3197 } 3198 break; 3199 3200 case DENY_FCB: 3201 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB; 3202 share_mode = FILE_SHARE_NONE; 3203 break; 3204 3205 default: 3206 DEBUG(10,("map_open_params_to_ntcreate: bad deny_mode 0x%x\n", 3207 (unsigned int)GET_DENY_MODE(deny_mode) )); 3208 return False; 3209 } 3210 3211 DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, " 3212 "share_mode = 0x%x, create_disposition = 0x%x, " 3213 "create_options = 0x%x\n", 3214 smb_base_fname, 3215 (unsigned int)access_mask, 3216 (unsigned int)share_mode, 3217 (unsigned int)create_disposition, 3218 (unsigned int)create_options )); 3219 3220 if (paccess_mask) { 3221 *paccess_mask = access_mask; 3222 } 3223 if (pshare_mode) { 3224 *pshare_mode = share_mode; 3225 } 3226 if (pcreate_disposition) { 3227 *pcreate_disposition = create_disposition; 3228 } 3229 if (pcreate_options) { 3230 *pcreate_options = create_options; 3231 } 3232 3233 return True; 3234 3235 } -
branches/samba-3.5.x/source3/libnet/libnet_join.c
r599 r732 1621 1621 static int libnet_destroy_JoinCtx(struct libnet_JoinCtx *r) 1622 1622 { 1623 const char *krb5_cc_env = NULL;1624 1625 1623 if (r->in.ads) { 1626 1624 ads_destroy(&r->in.ads); 1627 1625 } 1628 1626 1629 krb5_cc_env = getenv(KRB5_ENV_CCNAME);1630 if (krb5_cc_env && StrCaseCmp(krb5_cc_env, "MEMORY:libnetjoin")) {1631 unsetenv(KRB5_ENV_CCNAME);1632 }1633 1634 1627 return 0; 1635 1628 } … … 1640 1633 static int libnet_destroy_UnjoinCtx(struct libnet_UnjoinCtx *r) 1641 1634 { 1642 const char *krb5_cc_env = NULL;1643 1644 1635 if (r->in.ads) { 1645 1636 ads_destroy(&r->in.ads); 1646 1637 } 1647 1638 1648 krb5_cc_env = getenv(KRB5_ENV_CCNAME);1649 if (krb5_cc_env && StrCaseCmp(krb5_cc_env, "MEMORY:libnetjoin")) {1650 unsetenv(KRB5_ENV_CCNAME);1651 }1652 1653 1639 return 0; 1654 1640 } … … 1661 1647 { 1662 1648 struct libnet_JoinCtx *ctx; 1663 const char *krb5_cc_env = NULL;1664 1649 1665 1650 ctx = talloc_zero(mem_ctx, struct libnet_JoinCtx); … … 1673 1658 W_ERROR_HAVE_NO_MEMORY(ctx->in.machine_name); 1674 1659 1675 krb5_cc_env = getenv(KRB5_ENV_CCNAME);1676 if (!krb5_cc_env || (strlen(krb5_cc_env) == 0)) {1677 krb5_cc_env = talloc_strdup(mem_ctx, "MEMORY:libnetjoin");1678 W_ERROR_HAVE_NO_MEMORY(krb5_cc_env);1679 setenv(KRB5_ENV_CCNAME, krb5_cc_env, 1);1680 }1681 1682 1660 ctx->in.secure_channel_type = SEC_CHAN_WKSTA; 1683 1661 … … 1694 1672 { 1695 1673 struct libnet_UnjoinCtx *ctx; 1696 const char *krb5_cc_env = NULL;1697 1674 1698 1675 ctx = talloc_zero(mem_ctx, struct libnet_UnjoinCtx); … … 1705 1682 ctx->in.machine_name = talloc_strdup(mem_ctx, global_myname()); 1706 1683 W_ERROR_HAVE_NO_MEMORY(ctx->in.machine_name); 1707 1708 krb5_cc_env = getenv(KRB5_ENV_CCNAME);1709 if (!krb5_cc_env || (strlen(krb5_cc_env) == 0)) {1710 krb5_cc_env = talloc_strdup(mem_ctx, "MEMORY:libnetjoin");1711 W_ERROR_HAVE_NO_MEMORY(krb5_cc_env);1712 setenv(KRB5_ENV_CCNAME, krb5_cc_env, 1);1713 }1714 1684 1715 1685 *r = ctx; -
branches/samba-3.5.x/source3/libsmb/cliconnect.c
r599 r732 1075 1075 if (dest_realm) { 1076 1076 realm = SMB_STRDUP(dest_realm); 1077 if (!realm) { 1078 return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); 1079 } 1077 1080 strupper_m(realm); 1078 1081 } else { … … 1086 1089 } 1087 1090 1088 if (realm && *realm) { 1089 principal = talloc_asprintf(talloc_tos(), 1090 "cifs/%s@%s", 1091 cli->desthost, 1092 realm); 1093 if (!principal) { 1094 SAFE_FREE(realm); 1091 if (realm == NULL || *realm == '\0') { 1092 realm = SMB_STRDUP(lp_realm()); 1093 if (!realm) { 1095 1094 return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); 1096 1095 } 1097 DEBUG(3,("cli_session_setup_spnego: guessed " 1098 "server principal=%s\n", 1099 principal ? principal : "<null>")); 1096 strupper_m(realm); 1097 DEBUG(3,("cli_session_setup_spnego: cannot " 1098 "get realm from dest_realm %s, " 1099 "desthost %s. Using default " 1100 "smb.conf realm %s\n", 1101 dest_realm ? dest_realm : "<null>", 1102 cli->desthost, 1103 realm)); 1100 1104 } 1105 1106 principal = talloc_asprintf(talloc_tos(), 1107 "cifs/%s@%s", 1108 cli->desthost, 1109 realm); 1110 if (!principal) { 1111 SAFE_FREE(realm); 1112 return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); 1113 } 1114 DEBUG(3,("cli_session_setup_spnego: guessed " 1115 "server principal=%s\n", 1116 principal ? principal : "<null>")); 1117 1101 1118 SAFE_FREE(realm); 1102 1119 } … … 1700 1717 struct timespec ts; 1701 1718 bool negotiated_smb_signing = false; 1719 1720 if (wct != 0x11) { 1721 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE); 1722 return; 1723 } 1702 1724 1703 1725 /* NT protocol */ … … 1766 1788 1767 1789 } else if (cli->protocol >= PROTOCOL_LANMAN1) { 1790 if (wct != 0x0D) { 1791 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE); 1792 return; 1793 } 1794 1768 1795 cli->use_spnego = False; 1769 1796 cli->sec_mode = SVAL(vwv + 1, 0); -
branches/samba-3.5.x/source3/libsmb/clifile.c
r454 r732 2150 2150 2151 2151 struct cli_open_state { 2152 struct tevent_context *ev; 2153 struct cli_state *cli; 2154 const char *fname; 2152 2155 uint16_t vwv[15]; 2153 2156 uint16_t fnum; 2157 unsigned openfn; 2158 unsigned dos_deny; 2159 uint8_t additional_flags; 2154 2160 struct iovec bytes; 2155 2161 }; 2156 2162 2157 2163 static void cli_open_done(struct tevent_req *subreq); 2164 static void cli_open_ntcreate_done(struct tevent_req *subreq); 2158 2165 2159 2166 struct tevent_req *cli_open_create(TALLOC_CTX *mem_ctx, … … 2165 2172 struct tevent_req *req, *subreq; 2166 2173 struct cli_open_state *state; 2167 unsigned openfn;2168 unsigned accessmode;2169 uint8_t additional_flags;2170 2174 uint8_t *bytes; 2171 2175 … … 2174 2178 return NULL; 2175 2179 } 2176 2177 openfn = 0; 2180 state->ev = ev; 2181 state->cli = cli; 2182 state->fname = fname; 2183 2178 2184 if (flags & O_CREAT) { 2179 openfn |= (1<<4);2185 state->openfn |= (1<<4); 2180 2186 } 2181 2187 if (!(flags & O_EXCL)) { 2182 2188 if (flags & O_TRUNC) 2183 openfn |= (1<<1);2189 state->openfn |= (1<<1); 2184 2190 else 2185 openfn |= (1<<0);2186 } 2187 2188 accessmode= (share_mode<<4);2191 state->openfn |= (1<<0); 2192 } 2193 2194 state->dos_deny = (share_mode<<4); 2189 2195 2190 2196 if ((flags & O_ACCMODE) == O_RDWR) { 2191 accessmode|= 2;2197 state->dos_deny |= 2; 2192 2198 } else if ((flags & O_ACCMODE) == O_WRONLY) { 2193 accessmode|= 1;2199 state->dos_deny |= 1; 2194 2200 } 2195 2201 2196 2202 #if defined(O_SYNC) 2197 2203 if ((flags & O_SYNC) == O_SYNC) { 2198 accessmode|= (1<<14);2204 state->dos_deny |= (1<<14); 2199 2205 } 2200 2206 #endif /* O_SYNC */ 2201 2207 2202 2208 if (share_mode == DENY_FCB) { 2203 accessmode= 0xFF;2209 state->dos_deny = 0xFF; 2204 2210 } 2205 2211 … … 2208 2214 SSVAL(state->vwv + 1, 0, 0); 2209 2215 SSVAL(state->vwv + 2, 0, 0); /* no additional info */ 2210 SSVAL(state->vwv + 3, 0, accessmode);2216 SSVAL(state->vwv + 3, 0, state->dos_deny); 2211 2217 SSVAL(state->vwv + 4, 0, aSYSTEM | aHIDDEN); 2212 2218 SSVAL(state->vwv + 5, 0, 0); 2213 2219 SIVAL(state->vwv + 6, 0, 0); 2214 SSVAL(state->vwv + 8, 0, openfn);2220 SSVAL(state->vwv + 8, 0, state->openfn); 2215 2221 SIVAL(state->vwv + 9, 0, 0); 2216 2222 SIVAL(state->vwv + 11, 0, 0); 2217 2223 SIVAL(state->vwv + 13, 0, 0); 2218 2224 2219 additional_flags = 0;2220 2221 2225 if (cli->use_oplocks) { 2222 2226 /* if using oplocks then ask for a batch oplock via 2223 2227 core and extended methods */ 2224 additional_flags =2228 state->additional_flags = 2225 2229 FLAG_REQUEST_OPLOCK|FLAG_REQUEST_BATCH_OPLOCK; 2226 2230 SSVAL(state->vwv+2, 0, SVAL(state->vwv+2, 0) | 6); … … 2238 2242 state->bytes.iov_len = talloc_get_size(bytes); 2239 2243 2240 subreq = cli_smb_req_create(state, ev, cli, SMBopenX, additional_flags, 2244 subreq = cli_smb_req_create(state, ev, cli, SMBopenX, 2245 state->additional_flags, 2241 2246 15, state->vwv, 1, &state->bytes); 2242 2247 if (subreq == NULL) { … … 2279 2284 uint16_t *vwv; 2280 2285 NTSTATUS status; 2286 uint32_t access_mask, share_mode, create_disposition, create_options; 2281 2287 2282 2288 status = cli_smb_recv(subreq, 3, &wct, &vwv, NULL, NULL); 2283 if (!NT_STATUS_IS_OK(status)) { 2284 TALLOC_FREE(subreq); 2289 TALLOC_FREE(subreq); 2290 2291 if (NT_STATUS_IS_OK(status)) { 2292 state->fnum = SVAL(vwv+2, 0); 2293 tevent_req_done(req); 2294 return; 2295 } 2296 2297 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) { 2285 2298 tevent_req_nterror(req, status); 2286 2299 return; 2287 2300 } 2288 state->fnum = SVAL(vwv+2, 0); 2301 2302 /* 2303 * For the new shiny OS/X Lion SMB server, try a ntcreate 2304 * fallback. 2305 */ 2306 2307 if (!map_open_params_to_ntcreate(state->fname, state->dos_deny, 2308 state->openfn, &access_mask, 2309 &share_mode, &create_disposition, 2310 &create_options)) { 2311 tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED); 2312 return; 2313 } 2314 2315 subreq = cli_ntcreate_send(state, state->ev, state->cli, 2316 state->fname, 0, access_mask, 2317 0, share_mode, create_disposition, 2318 create_options, 0); 2319 if (tevent_req_nomem(subreq, req)) { 2320 return; 2321 } 2322 tevent_req_set_callback(subreq, cli_open_ntcreate_done, req); 2323 } 2324 2325 static void cli_open_ntcreate_done(struct tevent_req *subreq) 2326 { 2327 struct tevent_req *req = tevent_req_callback_data( 2328 subreq, struct tevent_req); 2329 struct cli_open_state *state = tevent_req_data( 2330 req, struct cli_open_state); 2331 NTSTATUS status; 2332 2333 status = cli_ntcreate_recv(subreq, &state->fnum); 2334 TALLOC_FREE(subreq); 2335 2336 if (!NT_STATUS_IS_OK(status)) { 2337 tevent_req_nterror(req, status); 2338 return; 2339 } 2289 2340 tevent_req_done(req); 2290 2341 } -
branches/samba-3.5.x/source3/locking/locking.c
r414 r732 1351 1351 if (fsp->is_directory) { 1352 1352 SMB_ASSERT(!is_ntfs_stream_smb_fname(fsp->fsp_name)); 1353 1354 /* Or the root of a share. */ 1355 if (ISDOT(fsp->fsp_name->base_name)) { 1356 DEBUG(10,("can_set_delete_on_close: can't set delete on " 1357 "close for the root of a share.\n")); 1358 return NT_STATUS_ACCESS_DENIED; 1359 } 1360 1353 1361 return can_delete_directory(fsp->conn, 1354 1362 fsp->fsp_name->base_name); -
branches/samba-3.5.x/source3/modules/vfs_acl_common.c
r599 r732 248 248 struct security_descriptor **ppdesc) 249 249 { 250 DATA_BLOB blob ;250 DATA_BLOB blob = data_blob_null; 251 251 NTSTATUS status; 252 252 uint16_t hash_type; … … 826 826 struct smb_filename local_fname; 827 827 int saved_errno = 0; 828 char *saved_dir = NULL; 829 830 saved_dir = vfs_GetWd(talloc_tos(),conn); 831 if (!saved_dir) { 832 saved_errno = errno; 833 goto out; 834 } 828 835 829 836 if (!parent_dirname(talloc_tos(), path, … … 838 845 839 846 /* cd into the parent dir to pin it. */ 840 ret = SMB_VFS_CHDIR(conn, parent_dir);847 ret = vfs_ChDir(conn, parent_dir); 841 848 if (ret == -1) { 842 849 saved_errno = errno; … … 856 863 /* Ensure we have this file open with DELETE access. */ 857 864 id = vfs_file_id_from_sbuf(conn, &local_fname.st); 858 for (fsp = file_find_di_first(id); fsp; f ile_find_di_next(fsp)) {865 for (fsp = file_find_di_first(id); fsp; fsp = file_find_di_next(fsp)) { 859 866 if (fsp->access_mask & DELETE_ACCESS && 860 867 fsp->delete_on_close) { … … 891 898 TALLOC_FREE(parent_dir); 892 899 893 vfs_ChDir(conn, conn->connectpath); 900 if (saved_dir) { 901 vfs_ChDir(conn, saved_dir); 902 } 894 903 if (saved_errno) { 895 904 errno = saved_errno; -
branches/samba-3.5.x/source3/nmbd/nmbd_packets.c
r620 r732 1716 1716 errno = EBADF; 1717 1717 SAFE_FREE(pset); 1718 SAFE_FREE(sock_array); 1718 1719 return True; 1719 1720 } … … 1753 1754 errno = EBADF; 1754 1755 SAFE_FREE(pset); 1756 SAFE_FREE(sock_array); 1755 1757 return True; 1756 1758 } -
branches/samba-3.5.x/source3/param/loadparm.c
r690 r732 255 255 int winbind_cache_time; 256 256 int winbind_reconnect_delay; 257 int winbind_max_ idle_children;257 int winbind_max_clients; 258 258 char **szWinbindNssInfo; 259 259 int iLockSpinTime; … … 4556 4556 }, 4557 4557 { 4558 .label = "winbind max clients", 4559 .type = P_INTEGER, 4560 .p_class = P_GLOBAL, 4561 .ptr = &Globals.winbind_max_clients, 4562 .special = NULL, 4563 .enum_list = NULL, 4564 .flags = FLAG_ADVANCED, 4565 }, 4566 { 4558 4567 .label = "winbind enum users", 4559 4568 .type = P_BOOL, … … 5223 5232 Globals.winbind_cache_time = 300; /* 5 minutes */ 5224 5233 Globals.winbind_reconnect_delay = 30; /* 30 seconds */ 5234 Globals.winbind_max_clients = 200; 5225 5235 Globals.bWinbindEnumUsers = False; 5226 5236 Globals.bWinbindEnumGroups = False; … … 5790 5800 FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time) 5791 5801 FN_GLOBAL_INTEGER(lp_winbind_reconnect_delay, &Globals.winbind_reconnect_delay) 5802 FN_GLOBAL_INTEGER(lp_winbind_max_clients, &Globals.winbind_max_clients) 5792 5803 FN_GLOBAL_LIST(lp_winbind_nss_info, &Globals.szWinbindNssInfo) 5793 5804 FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, &Globals.AlgorithmicRidBase) -
branches/samba-3.5.x/source3/rpc_server/srv_wkssvc_nt.c
r414 r732 846 846 847 847 become_root(); 848 setenv(KRB5_ENV_CCNAME, "MEMORY:_wkssvc_NetrJoinDomain2", 1); 848 849 werr = libnet_Join(p->mem_ctx, j); 850 unsetenv(KRB5_ENV_CCNAME); 849 851 unbecome_root(); 850 852 … … 912 914 913 915 become_root(); 916 setenv(KRB5_ENV_CCNAME, "MEMORY:_wkssvc_NetrUnjoinDomain2", 1); 914 917 werr = libnet_Unjoin(p->mem_ctx, u); 918 unsetenv(KRB5_ENV_CCNAME); 915 919 unbecome_root(); 916 920 -
branches/samba-3.5.x/source3/smbd/filename.c
r599 r732 296 296 if((!conn->case_sensitive || !(conn->fs_capabilities & 297 297 FILE_CASE_SENSITIVE_SEARCH)) && 298 stat_cache_lookup(conn, &smb_fname->base_name, &dirpath, &start,298 stat_cache_lookup(conn, posix_pathnames, &smb_fname->base_name, &dirpath, &start, 299 299 &smb_fname->st)) { 300 300 goto done; … … 840 840 841 841 /**************************************************************************** 842 Ensure a path is not vetod. 843 ****************************************************************************/ 844 845 NTSTATUS check_veto_path(connection_struct *conn, const char *name) 846 { 847 if (IS_VETO_PATH(conn, name)) { 848 /* Is it not dot or dot dot. */ 849 if (!(ISDOT(name) || ISDOTDOT(name))) { 850 DEBUG(5,("check_veto_path: file path name %s vetoed\n", 851 name)); 852 return map_nt_error_from_unix(ENOENT); 853 } 854 } 855 return NT_STATUS_OK; 856 } 857 858 /**************************************************************************** 842 859 Check a filename - possibly calling check_reduced_name. 843 860 This is called by every routine before it allows an operation on a filename. … … 848 865 NTSTATUS check_name(connection_struct *conn, const char *name) 849 866 { 850 if (IS_VETO_PATH(conn, name)) { 851 /* Is it not dot or dot dot. */ 852 if (!((name[0] == '.') && (!name[1] || 853 (name[1] == '.' && !name[2])))) { 854 DEBUG(5,("check_name: file path name %s vetoed\n", 855 name)); 856 return map_nt_error_from_unix(ENOENT); 857 } 867 NTSTATUS status = check_veto_path(conn, name); 868 869 if (!NT_STATUS_IS_OK(status)) { 870 return status; 858 871 } 859 872 860 873 if (!lp_widelinks(SNUM(conn)) || !lp_symlinks(SNUM(conn))) { 861 NTSTATUSstatus = check_reduced_name(conn,name);874 status = check_reduced_name(conn,name); 862 875 if (!NT_STATUS_IS_OK(status)) { 863 876 DEBUG(5,("check_name: name %s failed with %s\n",name, … … 1177 1190 } 1178 1191 1192 if ((ucf_flags & UCF_UNIX_NAME_LOOKUP) && 1193 VALID_STAT((*pp_smb_fname)->st) && 1194 S_ISLNK((*pp_smb_fname)->st.st_ex_mode)) { 1195 return check_veto_path(conn, (*pp_smb_fname)->base_name); 1196 } 1197 1179 1198 status = check_name(conn, (*pp_smb_fname)->base_name); 1180 1199 if (!NT_STATUS_IS_OK(status)) { -
branches/samba-3.5.x/source3/smbd/msdfs.c
r596 r732 526 526 527 527 /* 528 * Note the unix path conversion here we're doing we can 528 * Note the unix path conversion here we're doing we 529 529 * throw away. We're looking for a symlink for a dfs 530 530 * resolution, if we don't find it we'll do another 531 531 * unix_convert later in the codepath. 532 * If we needed to remember what we'd resolved in533 * dp->reqpath (as the original code did) we'd534 * copy (localhost, dp->reqpath) on any code535 * path below that returns True - but I don't536 * think this is needed. JRA.537 532 */ 538 533 … … 545 540 return status; 546 541 } 547 548 /* Create an smb_fname to use below. */ 549 status = create_synthetic_smb_fname(ctx, pdp->reqpath, NULL, 550 NULL, &smb_fname); 551 if (!NT_STATUS_IS_OK(status)) { 542 if (smb_fname == NULL || smb_fname->base_name == NULL) { 552 543 return status; 553 544 } -
branches/samba-3.5.x/source3/smbd/nttrans.c
r599 r732 861 861 /* Ensure we have at least one thing set. */ 862 862 if ((security_info_sent & (SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL)) == 0) { 863 if (security_info_sent & SECINFO_LABEL) { 864 /* Only consider SECINFO_LABEL if no other 865 bits are set. Just like W2K3 we don't 866 store this. */ 867 return NT_STATUS_OK; 868 } 863 869 return NT_STATUS_INVALID_PARAMETER; 864 870 } … … 1850 1856 } 1851 1857 1858 if (security_info_wanted & (SECINFO_DACL|SECINFO_OWNER| 1859 SECINFO_GROUP|SECINFO_SACL)) { 1860 /* Don't return SECINFO_LABEL if anything else was 1861 requested. See bug #8458. */ 1862 security_info_wanted &= ~SECINFO_LABEL; 1863 } 1864 1852 1865 if (!lp_nt_acl_support(SNUM(conn))) { 1866 status = get_null_nt_acl(talloc_tos(), &psd); 1867 } else if (security_info_wanted & SECINFO_LABEL) { 1868 /* Like W2K3 return a null object. */ 1853 1869 status = get_null_nt_acl(talloc_tos(), &psd); 1854 1870 } else { … … 1882 1898 security_info_wanted & DACL_SECURITY_INFORMATION) 1883 1899 psd->type |= SEC_DESC_DACL_PRESENT; 1900 1901 if (security_info_wanted & SECINFO_LABEL) { 1902 /* Like W2K3 return a null object. */ 1903 psd->owner_sid = NULL; 1904 psd->group_sid = NULL; 1905 psd->dacl = NULL; 1906 psd->sacl = NULL; 1907 psd->type &= ~(SEC_DESC_DACL_PRESENT|SEC_DESC_SACL_PRESENT); 1908 } 1884 1909 1885 1910 sd_size = ndr_size_security_descriptor(psd, NULL, 0); -
branches/samba-3.5.x/source3/smbd/open.c
r620 r732 661 661 } 662 662 663 /*******************************************************************664 Return True if the filename is one of the special executable types.665 ********************************************************************/666 667 bool is_executable(const char *fname)668 {669 if ((fname = strrchr_m(fname,'.'))) {670 if (strequal(fname,".com") ||671 strequal(fname,".dll") ||672 strequal(fname,".exe") ||673 strequal(fname,".sym")) {674 return True;675 }676 }677 return False;678 }679 680 663 /**************************************************************************** 681 664 Check if we can open a file with a share mode. … … 1221 1204 return dup_file_fsp(req, fsp, access_mask, share_access, 1222 1205 create_options, fsp_to_dup_into); 1223 }1224 1225 /****************************************************************************1226 Open a file with a share mode - old openX method - map into NTCreate.1227 ****************************************************************************/1228 1229 bool map_open_params_to_ntcreate(const struct smb_filename *smb_fname,1230 int deny_mode, int open_func,1231 uint32 *paccess_mask,1232 uint32 *pshare_mode,1233 uint32 *pcreate_disposition,1234 uint32 *pcreate_options)1235 {1236 uint32 access_mask;1237 uint32 share_mode;1238 uint32 create_disposition;1239 uint32 create_options = FILE_NON_DIRECTORY_FILE;1240 1241 DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, "1242 "open_func = 0x%x\n",1243 smb_fname_str_dbg(smb_fname), (unsigned int)deny_mode,1244 (unsigned int)open_func ));1245 1246 /* Create the NT compatible access_mask. */1247 switch (GET_OPENX_MODE(deny_mode)) {1248 case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */1249 case DOS_OPEN_RDONLY:1250 access_mask = FILE_GENERIC_READ;1251 break;1252 case DOS_OPEN_WRONLY:1253 access_mask = FILE_GENERIC_WRITE;1254 break;1255 case DOS_OPEN_RDWR:1256 case DOS_OPEN_FCB:1257 access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE;1258 break;1259 default:1260 DEBUG(10,("map_open_params_to_ntcreate: bad open mode = 0x%x\n",1261 (unsigned int)GET_OPENX_MODE(deny_mode)));1262 return False;1263 }1264 1265 /* Create the NT compatible create_disposition. */1266 switch (open_func) {1267 case OPENX_FILE_EXISTS_FAIL|OPENX_FILE_CREATE_IF_NOT_EXIST:1268 create_disposition = FILE_CREATE;1269 break;1270 1271 case OPENX_FILE_EXISTS_OPEN:1272 create_disposition = FILE_OPEN;1273 break;1274 1275 case OPENX_FILE_EXISTS_OPEN|OPENX_FILE_CREATE_IF_NOT_EXIST:1276 create_disposition = FILE_OPEN_IF;1277 break;1278 1279 case OPENX_FILE_EXISTS_TRUNCATE:1280 create_disposition = FILE_OVERWRITE;1281 break;1282 1283 case OPENX_FILE_EXISTS_TRUNCATE|OPENX_FILE_CREATE_IF_NOT_EXIST:1284 create_disposition = FILE_OVERWRITE_IF;1285 break;1286 1287 default:1288 /* From samba4 - to be confirmed. */1289 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_EXEC) {1290 create_disposition = FILE_CREATE;1291 break;1292 }1293 DEBUG(10,("map_open_params_to_ntcreate: bad "1294 "open_func 0x%x\n", (unsigned int)open_func));1295 return False;1296 }1297 1298 /* Create the NT compatible share modes. */1299 switch (GET_DENY_MODE(deny_mode)) {1300 case DENY_ALL:1301 share_mode = FILE_SHARE_NONE;1302 break;1303 1304 case DENY_WRITE:1305 share_mode = FILE_SHARE_READ;1306 break;1307 1308 case DENY_READ:1309 share_mode = FILE_SHARE_WRITE;1310 break;1311 1312 case DENY_NONE:1313 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;1314 break;1315 1316 case DENY_DOS:1317 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS;1318 if (is_executable(smb_fname->base_name)) {1319 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;1320 } else {1321 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_RDONLY) {1322 share_mode = FILE_SHARE_READ;1323 } else {1324 share_mode = FILE_SHARE_NONE;1325 }1326 }1327 break;1328 1329 case DENY_FCB:1330 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB;1331 share_mode = FILE_SHARE_NONE;1332 break;1333 1334 default:1335 DEBUG(10,("map_open_params_to_ntcreate: bad deny_mode 0x%x\n",1336 (unsigned int)GET_DENY_MODE(deny_mode) ));1337 return False;1338 }1339 1340 DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, "1341 "share_mode = 0x%x, create_disposition = 0x%x, "1342 "create_options = 0x%x\n",1343 smb_fname_str_dbg(smb_fname),1344 (unsigned int)access_mask,1345 (unsigned int)share_mode,1346 (unsigned int)create_disposition,1347 (unsigned int)create_options ));1348 1349 if (paccess_mask) {1350 *paccess_mask = access_mask;1351 }1352 if (pshare_mode) {1353 *pshare_mode = share_mode;1354 }1355 if (pcreate_disposition) {1356 *pcreate_disposition = create_disposition;1357 }1358 if (pcreate_options) {1359 *pcreate_options = create_options;1360 }1361 1362 return True;1363 1364 1206 } 1365 1207 … … 1503 1345 ZERO_STRUCT(id); 1504 1346 1505 /* Windows allows a new file to be created and1506 silently removes a FILE_ATTRIBUTE_DIRECTORY1507 sent by the client. Do the same. */1508 1509 new_dos_attributes &= ~FILE_ATTRIBUTE_DIRECTORY;1510 1511 1347 if (conn->printer) { 1512 1348 /* … … 1542 1378 new_dos_attributes = 0; 1543 1379 } else { 1380 /* Windows allows a new file to be created and 1381 silently removes a FILE_ATTRIBUTE_DIRECTORY 1382 sent by the client. Do the same. */ 1383 1384 new_dos_attributes &= ~FILE_ATTRIBUTE_DIRECTORY; 1385 1544 1386 /* We add aARCH to this as this mode is only used if the file is 1545 1387 * created new. */ -
branches/samba-3.5.x/source3/smbd/posix_acls.c
r599 r732 1398 1398 pace->trustee = *pfile_owner_sid; 1399 1399 pace->attr = ALLOW_ACE; 1400 /* Start with existing permissions, principle of least 1401 surprises for the user. */ 1402 pace->perms = pst->st_ex_mode; 1400 1403 1401 1404 if (setting_acl) { 1402 1405 /* See if the owning user is in any of the other groups in 1403 the ACE . If so, OR in the permissions from that group. */1404 1405 bool group_matched = False; 1406 the ACE, or if there's a matching user entry. 1407 If so, OR in the permissions from that entry. */ 1408 1406 1409 canon_ace *pace_iter; 1407 1410 1408 1411 for (pace_iter = *pp_ace; pace_iter; pace_iter = pace_iter->next) { 1409 if (pace_iter->type == SMB_ACL_GROUP_OBJ || pace_iter->type == SMB_ACL_GROUP) { 1412 if (pace_iter->type == SMB_ACL_USER && 1413 pace_iter->unix_ug.uid == pace->unix_ug.uid) { 1414 pace->perms |= pace_iter->perms; 1415 } else if (pace_iter->type == SMB_ACL_GROUP_OBJ || pace_iter->type == SMB_ACL_GROUP) { 1410 1416 if (uid_entry_in_group(pace, pace_iter)) { 1411 1417 pace->perms |= pace_iter->perms; 1412 group_matched = True;1413 1418 } 1414 1419 } 1415 1420 } 1416 1421 1417 /* If we only got an "everyone" perm, just use that. */1418 if (!group_matched) {1422 if (pace->perms == 0) { 1423 /* If we only got an "everyone" perm, just use that. */ 1419 1424 if (got_other) 1420 1425 pace->perms = pace_other->perms; 1421 else1422 pace->perms = 0;1423 1426 } 1424 1427 … … 1485 1488 If it does not have them, check if there are any entries where the trustee is the 1486 1489 file owner or the owning group, and map these to SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ. 1490 Note we must not do this to default directory ACLs. 1487 1491 ****************************************************************************/ 1488 1492 … … 1524 1528 if (!got_group_obj) 1525 1529 DEBUG(10,("check_owning_objs: ACL is missing an owning group entry.\n")); 1526 }1527 1528 /****************************************************************************1529 If an ACE entry is SMB_ACL_USER_OBJ and not CREATOR_OWNER, map to SMB_ACL_USER.1530 If an ACE entry is SMB_ACL_GROUP_OBJ and not CREATOR_GROUP, map to SMB_ACL_GROUP1531 ****************************************************************************/1532 1533 static bool dup_owning_ace(canon_ace *dir_ace, canon_ace *ace)1534 {1535 /* dir ace must be followings.1536 SMB_ACL_USER_OBJ : trustee(CREATOR_OWNER) -> Posix ACL d:u::perm1537 SMB_ACL_USER : not trustee -> Posix ACL u:user:perm1538 SMB_ACL_USER_OBJ : trustee -> convert to SMB_ACL_USER : trustee1539 Posix ACL u:trustee:perm1540 1541 SMB_ACL_GROUP_OBJ: trustee(CREATOR_GROUP) -> Posix ACL d:g::perm1542 SMB_ACL_GROUP : not trustee -> Posix ACL g:group:perm1543 SMB_ACL_GROUP_OBJ: trustee -> convert to SMB_ACL_GROUP : trustee1544 Posix ACL g:trustee:perm1545 */1546 1547 if (ace->type == SMB_ACL_USER_OBJ &&1548 !(sid_equal(&ace->trustee, &global_sid_Creator_Owner))) {1549 canon_ace *dup_ace = dup_canon_ace(ace);1550 1551 if (dup_ace == NULL) {1552 return false;1553 }1554 dup_ace->type = SMB_ACL_USER;1555 DLIST_ADD_END(dir_ace, dup_ace, canon_ace *);1556 }1557 1558 if (ace->type == SMB_ACL_GROUP_OBJ &&1559 !(sid_equal(&ace->trustee, &global_sid_Creator_Group))) {1560 canon_ace *dup_ace = dup_canon_ace(ace);1561 1562 if (dup_ace == NULL) {1563 return false;1564 }1565 dup_ace->type = SMB_ACL_GROUP;1566 DLIST_ADD_END(dir_ace, dup_ace, canon_ace *);1567 }1568 1569 return true;1570 1530 } 1571 1531 … … 1793 1753 (SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT)) { 1794 1754 1755 canon_ace *current_dir_ace = current_ace; 1795 1756 DLIST_ADD_END(dir_ace, current_ace, canon_ace *); 1796 1757 … … 1818 1779 dbgtext("create_canon_ace_lists: adding dir ACL:\n"); 1819 1780 print_canon_ace( current_ace, 0); 1820 }1821 1822 /*1823 * We have a lossy mapping: directory ACE entries1824 * CREATOR_OWNER ------\1825 * (map to) +---> SMB_ACL_USER_OBJ1826 * owning sid ------/1827 *1828 * CREATOR_GROUP ------\1829 * (map to) +---> SMB_ACL_GROUP_OBJ1830 * primary group sid --/1831 *1832 * on set. And on read of a directory ACL1833 *1834 * SMB_ACL_USER_OBJ ----> CREATOR_OWNER1835 * SMB_ACL_GROUP_OBJ ---> CREATOR_GROUP.1836 *1837 * Deal with this on set by duplicating1838 * owning sid and primary group sid ACE1839 * entries into the directory ACL.1840 * Fix from Tsukasa Hamano <hamano@osstech.co.jp>.1841 */1842 1843 if (!dup_owning_ace(dir_ace, current_ace)) {1844 DEBUG(0,("create_canon_ace_lists: malloc fail !\n"));1845 free_canon_ace_list(file_ace);1846 free_canon_ace_list(dir_ace);1847 return false;1848 1781 } 1849 1782 … … 1882 1815 current_ace = NULL; 1883 1816 } 1817 1818 /* 1819 * current_ace is now either owned by file_ace 1820 * or is NULL. We can safely operate on current_dir_ace 1821 * to treat mapping for default acl entries differently 1822 * than access acl entries. 1823 */ 1824 1825 if (current_dir_ace->owner_type == UID_ACE) { 1826 /* 1827 * We already decided above this is a uid, 1828 * for default acls ace's only CREATOR_OWNER 1829 * maps to ACL_USER_OBJ. All other uid 1830 * ace's are ACL_USER. 1831 */ 1832 if (sid_equal(¤t_dir_ace->trustee, 1833 &global_sid_Creator_Owner)) { 1834 current_dir_ace->type = SMB_ACL_USER_OBJ; 1835 } else { 1836 current_dir_ace->type = SMB_ACL_USER; 1837 } 1838 } 1839 1840 if (current_dir_ace->owner_type == GID_ACE) { 1841 /* 1842 * We already decided above this is a gid, 1843 * for default acls ace's only CREATOR_GROUP 1844 * maps to ACL_GROUP_OBJ. All other uid 1845 * ace's are ACL_GROUP. 1846 */ 1847 if (sid_equal(¤t_dir_ace->trustee, 1848 &global_sid_Creator_Group)) { 1849 current_dir_ace->type = SMB_ACL_GROUP_OBJ; 1850 } else { 1851 current_dir_ace->type = SMB_ACL_GROUP; 1852 } 1853 } 1884 1854 } 1885 1855 } … … 1943 1913 } else { 1944 1914 /* 1945 * Check if we have SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries in each 1946 * ACL. If we don't have them, check if any SMB_ACL_USER/SMB_ACL_GROUP 1947 * entries can be converted to *_OBJ. Usually we will already have these 1948 * entries in the Default ACL, and the Access ACL will not have them. 1915 * Check if we have SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries in 1916 * the file ACL. If we don't have them, check if any SMB_ACL_USER/SMB_ACL_GROUP 1917 * entries can be converted to *_OBJ. Don't do this for the default 1918 * ACL, we will create them separately for this if needed inside 1919 * ensure_canon_entry_valid(). 1949 1920 */ 1950 1921 if (file_ace) { 1951 1922 check_owning_objs(file_ace, pfile_owner_sid, pfile_grp_sid); 1952 }1953 if (dir_ace) {1954 check_owning_objs(dir_ace, pfile_owner_sid, pfile_grp_sid);1955 1923 } 1956 1924 } … … 2275 2243 2276 2244 /**************************************************************************** 2277 Create a default mode that will be used if a security descriptor entry has2278 no user/group/world entries.2279 ****************************************************************************/2280 2281 static mode_t create_default_mode(files_struct *fsp, bool interitable_mode)2282 {2283 int snum = SNUM(fsp->conn);2284 mode_t and_bits = (mode_t)0;2285 mode_t or_bits = (mode_t)0;2286 mode_t mode;2287 2288 if (interitable_mode) {2289 mode = unix_mode(fsp->conn, FILE_ATTRIBUTE_ARCHIVE,2290 fsp->fsp_name, NULL);2291 } else {2292 mode = S_IRUSR;2293 }2294 2295 if (fsp->is_directory)2296 mode |= (S_IWUSR|S_IXUSR);2297 2298 /*2299 * Now AND with the create mode/directory mode bits then OR with the2300 * force create mode/force directory mode bits.2301 */2302 2303 if (fsp->is_directory) {2304 and_bits = lp_dir_security_mask(snum);2305 or_bits = lp_force_dir_security_mode(snum);2306 } else {2307 and_bits = lp_security_mask(snum);2308 or_bits = lp_force_security_mode(snum);2309 }2310 2311 return ((mode & and_bits)|or_bits);2312 }2313 2314 /****************************************************************************2315 2245 Unpack a SEC_DESC into two canonical ace lists. We don't depend on this 2316 2246 succeeding. … … 2326 2256 const SEC_DESC *psd) 2327 2257 { 2328 SMB_STRUCT_STAT st;2329 2258 canon_ace *file_ace = NULL; 2330 2259 canon_ace *dir_ace = NULL; … … 2390 2319 print_canon_ace_list( "file ace - before valid", file_ace); 2391 2320 2392 st = *pst;2393 2394 /*2395 * A default 3 element mode entry for a file should be r-- --- ---.2396 * A default 3 element mode entry for a directory should be rwx --- ---.2397 */2398 2399 st.st_ex_mode = create_default_mode(fsp, False);2400 2401 2321 if (!ensure_canon_entry_valid(&file_ace, fsp->conn->params, 2402 fsp->is_directory, pfile_owner_sid, pfile_grp_sid, &st, True)) {2322 fsp->is_directory, pfile_owner_sid, pfile_grp_sid, pst, True)) { 2403 2323 free_canon_ace_list(file_ace); 2404 2324 free_canon_ace_list(dir_ace); … … 2408 2328 print_canon_ace_list( "dir ace - before valid", dir_ace); 2409 2329 2410 /*2411 * A default inheritable 3 element mode entry for a directory should be the2412 * mode Samba will use to create a file within. Ensure user rwx bits are set if2413 * it's a directory.2414 */2415 2416 st.st_ex_mode = create_default_mode(fsp, True);2417 2418 2330 if (dir_ace && !ensure_canon_entry_valid(&dir_ace, fsp->conn->params, 2419 fsp->is_directory, pfile_owner_sid, pfile_grp_sid, &st, True)) {2331 fsp->is_directory, pfile_owner_sid, pfile_grp_sid, pst, True)) { 2420 2332 free_canon_ace_list(file_ace); 2421 2333 free_canon_ace_list(dir_ace); -
branches/samba-3.5.x/source3/smbd/process.c
r599 r732 1910 1910 1911 1911 /* 1912 * Check if the client tries to fool us. The request so far uses the 1913 * space to the end of the byte buffer in the request just 1914 * processed. The chain_offset can't point into that area. If that was 1915 * the case, we could end up with an endless processing of the chain, 1916 * we would always handle the same request. 1917 */ 1918 1919 already_used = PTR_DIFF(req->buf+req->buflen, smb_base(req->inbuf)); 1920 if (chain_offset < already_used) { 1912 * Check if the client tries to fool us. The chain offset 1913 * needs to point beyond the current request in the chain, it 1914 * needs to strictly grow. Otherwise we might be tricked into 1915 * an endless loop always processing the same request over and 1916 * over again. We used to assume that vwv and the byte buffer 1917 * array in a chain are always attached, but OS/2 the 1918 * Write&X/Read&X chain puts the Read&X vwv array right behind 1919 * the Write&X vwv chain. The Write&X bcc array is put behind 1920 * the Read&X vwv array. So now we check whether the chain 1921 * offset points strictly behind the previous vwv 1922 * array. req->buf points right after the vwv array of the 1923 * previous request. See 1924 * https://bugzilla.samba.org/show_bug.cgi?id=8360 for more 1925 * information. 1926 */ 1927 1928 already_used = PTR_DIFF(req->buf, smb_base(req->inbuf)); 1929 if (chain_offset <= already_used) { 1921 1930 goto error; 1922 1931 } -
branches/samba-3.5.x/source3/smbd/reply.c
r590 r732 1754 1754 } 1755 1755 1756 if (!map_open_params_to_ntcreate(smb_fname , deny_mode,1756 if (!map_open_params_to_ntcreate(smb_fname->base_name, deny_mode, 1757 1757 OPENX_FILE_EXISTS_OPEN, &access_mask, 1758 1758 &share_mode, &create_disposition, … … 1927 1927 } 1928 1928 1929 if (!map_open_params_to_ntcreate(smb_fname, deny_mode, smb_ofun, 1929 if (!map_open_params_to_ntcreate(smb_fname->base_name, deny_mode, 1930 smb_ofun, 1930 1931 &access_mask, &share_mode, 1931 1932 &create_disposition, … … 6436 6437 new_create_disposition = FILE_OPEN; 6437 6438 } else { 6438 if (!map_open_params_to_ntcreate(smb_fname_dst_tmp, 0, ofun, 6439 if (!map_open_params_to_ntcreate(smb_fname_dst_tmp->base_name, 6440 0, ofun, 6439 6441 NULL, NULL, 6440 6442 &new_create_disposition, -
branches/samba-3.5.x/source3/smbd/statcache.c
r414 r732 146 146 * 147 147 * @param conn A connection struct to do the stat() with. 148 * @param posix_paths Whether to lookup using stat() or lstat() 148 149 * @param name The path we are attempting to cache, modified by this routine 149 150 * to be correct as far as the cache can tell us. We assume that … … 162 163 163 164 bool stat_cache_lookup(connection_struct *conn, 165 bool posix_paths, 164 166 char **pp_name, 165 167 char **pp_dirpath, … … 177 179 TALLOC_CTX *ctx = talloc_tos(); 178 180 struct smb_filename smb_fname; 181 int ret; 179 182 180 183 *pp_dirpath = NULL; … … 279 282 smb_fname.base_name = translated_path; 280 283 281 if (SMB_VFS_STAT(conn, &smb_fname) != 0) { 284 if (posix_paths) { 285 ret = SMB_VFS_LSTAT(conn, &smb_fname); 286 } else { 287 ret = SMB_VFS_STAT(conn, &smb_fname); 288 } 289 290 if (ret != 0) { 282 291 /* Discard this entry - it doesn't exist in the filesystem. */ 283 292 memcache_delete(smbd_memcache(), STAT_CACHE, -
branches/samba-3.5.x/source3/smbd/trans2.c
r599 r732 1082 1082 } 1083 1083 1084 if (!map_open_params_to_ntcreate(smb_fname, deny_mode, open_ofun, 1084 if (!map_open_params_to_ntcreate(smb_fname->base_name, deny_mode, 1085 open_ofun, 1085 1086 &access_mask, &share_mode, 1086 1087 &create_disposition, … … 2246 2247 struct dptr_struct *dirptr = NULL; 2247 2248 struct smbd_server_connection *sconn = smbd_server_conn; 2249 uint32_t ucf_flags = (UCF_SAVE_LCOMP | UCF_ALWAYS_ALLOW_WCARD_LCOMP); 2248 2250 2249 2251 if (total_params < 13) { … … 2289 2291 goto out; 2290 2292 } 2293 ucf_flags |= UCF_UNIX_NAME_LOOKUP; 2291 2294 break; 2292 2295 default: … … 2306 2309 req->flags2 & FLAGS2_DFS_PATHNAMES, 2307 2310 directory, 2308 (UCF_SAVE_LCOMP | 2309 UCF_ALWAYS_ALLOW_WCARD_LCOMP), 2311 ucf_flags, 2310 2312 &mask_contains_wcard, 2311 2313 &smb_dname); … … 5102 5104 } else { 5103 5105 char *fname = NULL; 5106 uint32_t ucf_flags = 0; 5104 5107 5105 5108 /* qpathinfo */ … … 5113 5116 DEBUG(3,("call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = %d\n", info_level)); 5114 5117 5115 if (INFO_LEVEL_IS_UNIX(info_level) && !lp_unix_extensions()) { 5116 reply_nterror(req, NT_STATUS_INVALID_LEVEL); 5117 return; 5118 if (INFO_LEVEL_IS_UNIX(info_level)) { 5119 if (!lp_unix_extensions()) { 5120 reply_nterror(req, NT_STATUS_INVALID_LEVEL); 5121 return; 5122 } 5123 if (info_level == SMB_QUERY_FILE_UNIX_BASIC || 5124 info_level == SMB_QUERY_FILE_UNIX_INFO2 || 5125 info_level == SMB_QUERY_FILE_UNIX_LINK) { 5126 ucf_flags |= UCF_UNIX_NAME_LOOKUP; 5127 } 5118 5128 } 5119 5129 … … 5130 5140 req->flags2 & FLAGS2_DFS_PATHNAMES, 5131 5141 fname, 5132 0,5142 ucf_flags, 5133 5143 NULL, 5134 5144 &smb_fname); -
branches/samba-3.5.x/source3/web/swat.c
r617 r732 169 169 170 170 snprintf(tmp, sizeof(tmp), "%02x", token[i]); 171 str ncat(token_str, tmp, sizeof(tmp));171 strlcat(token_str, tmp, sizeof(tmp)); 172 172 } 173 173 } … … 193 193 const char *token = cgi_variable_nonull(XSRF_TOKEN); 194 194 const char *time_str = cgi_variable_nonull(XSRF_TIME); 195 char *p = NULL; 196 long long xsrf_time_ll = 0; 195 197 time_t xsrf_time = 0; 196 198 time_t now = time(NULL); 197 199 198 if (sizeof(time_t) == sizeof(int)) { 199 xsrf_time = atoi(time_str); 200 } else if (sizeof(time_t) == sizeof(long)) { 201 xsrf_time = atol(time_str); 202 } else if (sizeof(time_t) == sizeof(long long)) { 203 xsrf_time = atoll(time_str); 204 } 200 errno = 0; 201 xsrf_time_ll = strtoll(time_str, &p, 10); 202 if (errno != 0) { 203 return false; 204 } 205 if (p == NULL) { 206 return false; 207 } 208 if (PTR_DIFF(p, time_str) > strlen(time_str)) { 209 return false; 210 } 211 if (xsrf_time_ll > _TYPE_MAXIMUM(time_t)) { 212 return false; 213 } 214 if (xsrf_time_ll < _TYPE_MINIMUM(time_t)) { 215 return false; 216 } 217 xsrf_time = xsrf_time_ll; 205 218 206 219 if (abs(now - xsrf_time) > XSRF_TIMEOUT) { -
branches/samba-3.5.x/source3/winbindd/wb_group_members.c
r414 r732 214 214 215 215 if (!NT_STATUS_IS_OK(status)) { 216 tevent_req_nterror(req, status); 217 return; 216 if (!NT_STATUS_EQUAL( 217 status, NT_STATUS_TRUSTED_DOMAIN_FAILURE)) { 218 tevent_req_nterror(req, status); 219 return; 220 } 221 num_members = 0; 218 222 } 219 223 -
branches/samba-3.5.x/source3/winbindd/winbindd.c
r599 r732 904 904 struct winbindd_listen_state); 905 905 906 while (winbindd_num_clients() > 907 WINBINDD_MAX_SIMULTANEOUS_CLIENTS - 1) { 906 while (winbindd_num_clients() > lp_winbind_max_clients() - 1) { 908 907 DEBUG(5,("winbindd: Exceeding %d client " 909 908 "connections, removing idle " 910 "connection.\n", 911 WINBINDD_MAX_SIMULTANEOUS_CLIENTS)); 909 "connection.\n", lp_winbind_max_clients())); 912 910 if (!remove_idle_client()) { 913 911 DEBUG(0,("winbindd: Exceeding %d " 914 912 "client connections, no idle " 915 913 "connection found\n", 916 WINBINDD_MAX_SIMULTANEOUS_CLIENTS));914 lp_winbind_max_clients())); 917 915 break; 918 916 } -
branches/samba-3.5.x/source3/winbindd/winbindd_dual.c
r593 r732 135 135 struct tevent_req *subreq; 136 136 137 if ((state->child-> pid == 0) && (!fork_domain_child(state->child))) {137 if ((state->child->sock == -1) && (!fork_domain_child(state->child))) { 138 138 tevent_req_error(req, errno); 139 139 return; … … 165 165 TALLOC_FREE(subreq); 166 166 if (ret == -1) { 167 /* 168 * The basic parent/child communication broke, close 169 * our socket 170 */ 171 close(state->child->sock); 172 state->child->sock = -1; 167 173 tevent_req_error(req, err); 168 174 return; … … 503 509 } 504 510 511 child->sock = -1; 505 512 child->domain = domain; 506 513 child->table = table; … … 531 538 532 539 DLIST_REMOVE(children, child); 533 534 close(child->sock);535 child->sock = -1;536 540 child->pid = 0; 537 541 } -
branches/samba-3.5.x/source3/winbindd/winbindd_pam.c
r599 r732 1383 1383 &my_info3); 1384 1384 1385 if ((NT_STATUS_V(result) == DCERPC_FAULT_OP_RNG_ERROR) 1386 && contact_domain->can_do_samlogon_ex) { 1387 DEBUG(3, ("Got a DC that can not do NetSamLogonEx, " 1388 "retrying with NetSamLogon\n")); 1389 contact_domain->can_do_samlogon_ex = false; 1385 if (NT_STATUS_V(result) == DCERPC_FAULT_OP_RNG_ERROR) { 1386 1390 1387 /* 1391 1388 * It's likely that the server also does not support … … 1393 1390 */ 1394 1391 domain->can_do_validation6 = false; 1395 retry = true; 1396 continue; 1392 1393 if (contact_domain->can_do_samlogon_ex) { 1394 DEBUG(3, ("Got a DC that can not do NetSamLogonEx, " 1395 "retrying with NetSamLogon\n")); 1396 contact_domain->can_do_samlogon_ex = false; 1397 retry = true; 1398 continue; 1399 } 1400 1401 /* Got DCERPC_FAULT_OP_RNG_ERROR for SamLogon 1402 * (no Ex). This happens against old Samba 1403 * DCs. Drop the connection. 1404 */ 1405 invalidate_cm_connection(&contact_domain->conn); 1406 result = NT_STATUS_LOGON_FAILURE; 1407 break; 1397 1408 } 1398 1409 … … 1997 2008 &info3); 1998 2009 1999 if ((NT_STATUS_V(result) == DCERPC_FAULT_OP_RNG_ERROR) 2000 && contact_domain->can_do_samlogon_ex) { 2001 DEBUG(3, ("Got a DC that can not do NetSamLogonEx, " 2002 "retrying with NetSamLogon\n")); 2003 contact_domain->can_do_samlogon_ex = false; 2010 if (NT_STATUS_V(result) == DCERPC_FAULT_OP_RNG_ERROR) { 2011 2004 2012 /* 2005 2013 * It's likely that the server also does not support … … 2007 2015 */ 2008 2016 domain->can_do_validation6 = false; 2009 retry = true; 2010 continue; 2017 2018 if (contact_domain->can_do_samlogon_ex) { 2019 DEBUG(3, ("Got a DC that can not do NetSamLogonEx, " 2020 "retrying with NetSamLogon\n")); 2021 contact_domain->can_do_samlogon_ex = false; 2022 retry = true; 2023 continue; 2024 } 2025 2026 /* Got DCERPC_FAULT_OP_RNG_ERROR for SamLogon 2027 * (no Ex). This happens against old Samba 2028 * DCs. Drop the connection. 2029 */ 2030 invalidate_cm_connection(&contact_domain->conn); 2031 result = NT_STATUS_LOGON_FAILURE; 2032 break; 2011 2033 } 2012 2034
Note:
See TracChangeset
for help on using the changeset viewer.
