Changeset 989 for vendor/current/source3
- Timestamp:
- Nov 25, 2016, 8:04:54 PM (9 years ago)
- Location:
- vendor/current/source3
- Files:
-
- 3 added
- 2 deleted
- 93 edited
-
auth/auth_generic.c (modified) (4 diffs)
-
auth/token_util.c (modified) (2 diffs)
-
client/smbspool.c (modified) (1 diff)
-
client/smbspool_krb5_wrapper.c (modified) (3 diffs)
-
include/event.h (deleted)
-
include/includes.h (modified) (1 diff)
-
include/proto.h (modified) (1 diff)
-
include/smb_macros.h (modified) (1 diff)
-
include/util_event.h (added)
-
include/vfs.h (modified) (1 diff)
-
lib/dbwrap/dbwrap_ctdb.c (modified) (5 diffs)
-
lib/dumpcore.c (modified) (1 diff)
-
lib/events.c (deleted)
-
lib/gencache.c (modified) (1 diff)
-
lib/msghdr.c (modified) (1 diff)
-
lib/poll_funcs/poll_funcs_tevent.c (modified) (2 diffs)
-
lib/server_contexts.c (modified) (1 diff)
-
lib/substitute.c (modified) (2 diffs)
-
lib/sysquotas_4B.c (modified) (1 diff)
-
lib/util_event.c (added)
-
libads/cldap.c (modified) (1 diff)
-
libads/kerberos.c (modified) (1 diff)
-
libads/kerberos_keytab.c (modified) (1 diff)
-
libads/sasl.c (modified) (5 diffs)
-
libnet/libnet_join.c (modified) (6 diffs)
-
librpc/idl/smbXsrv.idl (modified) (2 diffs)
-
libsmb/cli_smb2_fnum.c (modified) (13 diffs)
-
libsmb/cliconnect.c (modified) (2 diffs)
-
libsmb/clifile.c (modified) (1 diff)
-
locking/share_mode_lock.c (modified) (2 diffs)
-
modules/getdate.c (modified) (1 diff)
-
modules/getdate.y (modified) (1 diff)
-
modules/vfs_acl_common.c (modified) (28 diffs)
-
modules/vfs_acl_tdb.c (modified) (3 diffs)
-
modules/vfs_acl_xattr.c (modified) (2 diffs)
-
modules/vfs_ceph.c (modified) (1 diff)
-
modules/vfs_default.c (modified) (1 diff)
-
modules/vfs_fake_dfq.c (modified) (4 diffs)
-
modules/vfs_fruit.c (modified) (3 diffs)
-
modules/vfs_glusterfs.c (modified) (2 diffs)
-
modules/vfs_shadow_copy2.c (modified) (3 diffs)
-
nmbd/nmbd_packets.c (modified) (20 diffs)
-
param/loadparm.c (modified) (2 diffs)
-
passdb/pdb_ldap.c (modified) (3 diffs)
-
printing/nt_printing_migrate.c (modified) (4 diffs)
-
rpc_client/cli_winreg_spoolss.c (modified) (2 diffs)
-
rpc_server/mdssd.c (modified) (1 diff)
-
rpc_server/mdssvc/mdssvc.c (modified) (1 diff)
-
rpc_server/mdssvc/sparql_parser.c (modified) (1 diff)
-
rpc_server/rpc_ncacn_np.c (modified) (2 diffs)
-
rpc_server/spoolss/srv_spoolss_nt.c (modified) (2 diffs)
-
rpcclient/rpcclient.c (modified) (4 diffs)
-
script/tests/test_dfree_quota.sh (modified) (7 diffs)
-
script/tests/test_rpcclient_pw_nt_hash.sh (added)
-
script/tests/test_shadow_copy.sh (modified) (6 diffs)
-
script/tests/test_smbclient_ntlm.sh (modified) (1 diff)
-
selftest/tests.py (modified) (6 diffs)
-
smbd/aio.c (modified) (2 diffs)
-
smbd/close.c (modified) (7 diffs)
-
smbd/dfree.c (modified) (6 diffs)
-
smbd/dosmode.c (modified) (4 diffs)
-
smbd/filename.c (modified) (1 diff)
-
smbd/globals.h (modified) (1 diff)
-
smbd/notifyd/notifyd.c (modified) (1 diff)
-
smbd/open.c (modified) (6 diffs)
-
smbd/oplock.c (modified) (3 diffs)
-
smbd/pipes.c (modified) (1 diff)
-
smbd/posix_acls.c (modified) (1 diff)
-
smbd/process.c (modified) (1 diff)
-
smbd/proto.h (modified) (6 diffs)
-
smbd/quotas.c (modified) (7 diffs)
-
smbd/reply.c (modified) (6 diffs)
-
smbd/server.c (modified) (3 diffs)
-
smbd/service.c (modified) (2 diffs)
-
smbd/sesssetup.c (modified) (6 diffs)
-
smbd/smb2_glue.c (modified) (1 diff)
-
smbd/smb2_ioctl_filesys.c (modified) (1 diff)
-
smbd/smb2_ioctl_network_fs.c (modified) (1 diff)
-
smbd/smb2_server.c (modified) (8 diffs)
-
smbd/trans2.c (modified) (7 diffs)
-
smbd/vfs.c (modified) (1 diff)
-
utils/net_ads.c (modified) (1 diff)
-
utils/net_printing.c (modified) (6 diffs)
-
utils/net_rpc.c (modified) (2 diffs)
-
utils/ntlm_auth.c (modified) (2 diffs)
-
utils/smbcquotas.c (modified) (3 diffs)
-
utils/smbget.c (modified) (2 diffs)
-
winbindd/idmap_rfc2307.c (modified) (1 diff)
-
winbindd/idmap_util.c (modified) (1 diff)
-
winbindd/wb_lookupsids.c (modified) (4 diffs)
-
winbindd/winbindd_cache.c (modified) (19 diffs)
-
winbindd/winbindd_dual.c (modified) (2 diffs)
-
winbindd/winbindd_dual_srv.c (modified) (1 diff)
-
winbindd/winbindd_pam.c (modified) (2 diffs)
-
winbindd/winbindd_proto.h (modified) (1 diff)
-
winbindd/winbindd_util.c (modified) (1 diff)
-
wscript (modified) (1 diff)
-
wscript_build (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
vendor/current/source3/auth/auth_generic.c
r988 r989 29 29 #ifdef HAVE_KRB5 30 30 #include "auth/kerberos/pac_utils.h" 31 #include "nsswitch/libwbclient/wbclient.h" 31 32 #endif 32 33 #include "librpc/crypto/gse.h" … … 64 65 if (pac_blob) { 65 66 #ifdef HAVE_KRB5 67 struct wbcAuthUserParams params = {}; 68 struct wbcAuthUserInfo *info = NULL; 69 struct wbcAuthErrorInfo *err = NULL; 70 wbcErr wbc_err; 71 72 /* 73 * Let winbind decode the PAC. 74 * This will also store the user 75 * data in the netsamlogon cache. 76 * 77 * We need to do this *before* we 78 * call get_user_from_kerberos_info() 79 * as that does a user lookup that 80 * expects info in the netsamlogon cache. 81 * 82 * See BUG: https://bugzilla.samba.org/show_bug.cgi?id=11259 83 */ 84 params.level = WBC_AUTH_USER_LEVEL_PAC; 85 params.password.pac.data = pac_blob->data; 86 params.password.pac.length = pac_blob->length; 87 88 become_root(); 89 wbc_err = wbcAuthenticateUserEx(¶ms, &info, &err); 90 unbecome_root(); 91 92 /* 93 * As this is merely a cache prime 94 * WBC_ERR_WINBIND_NOT_AVAILABLE 95 * is not a fatal error, treat it 96 * as success. 97 */ 98 99 switch (wbc_err) { 100 case WBC_ERR_WINBIND_NOT_AVAILABLE: 101 case WBC_ERR_SUCCESS: 102 break; 103 case WBC_ERR_AUTH_ERROR: 104 status = NT_STATUS(err->nt_status); 105 wbcFreeMemory(err); 106 goto done; 107 default: 108 status = NT_STATUS_LOGON_FAILURE; 109 goto done; 110 } 111 66 112 status = kerberos_pac_logon_info(tmp_ctx, *pac_blob, NULL, NULL, 67 113 NULL, NULL, 0, &logon_info); … … 102 148 } 103 149 104 /* savethe PAC data if we have it */150 /* Get the info3 from the PAC data if we have it */ 105 151 if (logon_info) { 106 152 status = create_info3_from_pac_logon_info(tmp_ctx, … … 110 156 goto done; 111 157 } 112 netsamlogon_cache_store(ntuser, info3_copy);113 158 } 114 159 -
vendor/current/source3/auth/token_util.c
r988 r989 673 673 gid_t *gids; 674 674 struct dom_sid *group_sids; 675 struct dom_sid tmp_sid; 675 676 uint32_t num_group_sids; 676 677 uint32_t num_gids; … … 754 755 755 756 } else if (sid_check_is_in_unix_users(user_sid)) { 756 struct dom_sid tmp_sid;757 757 uint32_t getgroups_num_group_sids; 758 758 /* This is a unix user not in passdb. We need to ask nss -
vendor/current/source3/client/smbspool.c
r988 r989 251 251 */ 252 252 253 setup_logging("smbspool", DEBUG_STD OUT);253 setup_logging("smbspool", DEBUG_STDERR); 254 254 255 255 smb_init_locale(); -
vendor/current/source3/client/smbspool_krb5_wrapper.c
r988 r989 25 25 26 26 #include <errno.h> 27 #include <stdlib.h> 27 28 #include <string.h> 28 29 … … 30 31 31 32 #include "dynconfig/dynconfig.h" 33 34 #undef calloc 32 35 33 36 enum cups_smb_dbglvl_e { … … 196 199 * environment variables set. 197 200 */ 201 #ifdef HAVE_CLEARENV 198 202 clearenv(); 203 #else 204 { 205 extern char **environ; 206 environ = calloc(1, sizeof(*environ)); 207 } 208 #endif 199 209 200 210 CUPS_SMB_DEBUG("Setting KRB5CCNAME to '%s'", gen_cc); -
vendor/current/source3/include/includes.h
r988 r989 311 311 312 312 #include <talloc.h> 313 314 #include " event.h"313 #include <tevent.h> 314 #include "util_event.h" 315 315 316 316 #include "../lib/util/data_blob.h" -
vendor/current/source3/include/proto.h
r988 r989 1021 1021 void lp_set_mangling_method(const char *new_method); 1022 1022 bool lp_posix_pathnames(void); 1023 void lp_set_posix_pathnames(void);1023 bool lp_set_posix_pathnames(bool newval); 1024 1024 enum brl_flavour lp_posix_cifsu_locktype(files_struct *fsp); 1025 1025 void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val); -
vendor/current/source3/include/smb_macros.h
r988 r989 56 56 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) && \ 57 57 (fsp->access_mask & FILE_EXECUTE)))) 58 59 /* An IOCTL readability check (validating read access 60 * when the IOCTL code requires it) 61 * http://social.technet.microsoft.com/wiki/contents/articles/24653.decoding-io-control-codes-ioctl-fsctl-and-deviceiocodes-with-table-of-known-values.aspx 62 * ). On Windows servers, this is done by the IO manager, which is unaware of 63 * the "if execute is granted then also grant read" arrangement. 64 */ 65 #define CHECK_READ_IOCTL(fsp, req) (((fsp)->fh->fd != -1) && ((fsp)->can_read)) 58 66 59 67 #define CHECK_WRITE(fsp) ((fsp)->can_write && ((fsp)->fh->fd != -1)) -
vendor/current/source3/include/vfs.h
r988 r989 237 237 uint32_t access_mask; /* NTCreateX access bits (FILE_READ_DATA etc.) */ 238 238 uint32_t share_access; /* NTCreateX share constants (FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE). */ 239 240 bool kernel_share_modes_taken; 239 241 240 242 bool update_write_time_triggered; -
vendor/current/source3/lib/dbwrap/dbwrap_ctdb.c
r988 r989 1217 1217 bool ask_for_readonly_copy; 1218 1218 bool done; 1219 bool empty_record; 1219 1220 }; 1220 1221 … … 1236 1237 1237 1238 if (db_ctdb_can_use_local_hdr(header, true)) { 1238 state->parser(key, data, state->private_data); 1239 /* 1240 * A record consisting only of the ctdb header can be 1241 * a validly created empty record or a tombstone 1242 * record of a deleted record (not vacuumed yet). Mark 1243 * it accordingly. 1244 */ 1245 state->empty_record = (data.dsize == 0); 1246 if (!state->empty_record) { 1247 state->parser(key, data, state->private_data); 1248 } 1239 1249 state->done = true; 1240 1250 } else { … … 1262 1272 state.parser = parser; 1263 1273 state.private_data = private_data; 1274 state.empty_record = false; 1264 1275 1265 1276 if (ctx->transaction != NULL) { … … 1293 1304 ctx, key, db_ctdb_parse_record_parser_nonpersistent, &state); 1294 1305 if (NT_STATUS_IS_OK(status) && state.done) { 1306 if (state.empty_record) { 1307 /* 1308 * We know authoritatively, that this is an empty 1309 * record. Since ctdb does not distinguish between empty 1310 * and deleted records, this can be a record stored as 1311 * empty or a not-yet-vacuumed tombstone record of a 1312 * deleted record. Now Samba right now can live without 1313 * empty records, so we can safely report this record 1314 * as non-existing. 1315 * 1316 * See bugs 10008 and 12005. 1317 */ 1318 return NT_STATUS_NOT_FOUND; 1319 } 1295 1320 return NT_STATUS_OK; 1296 1321 } … … 1299 1324 state.ask_for_readonly_copy, parser, private_data); 1300 1325 if (ret != 0) { 1326 if (ret == ENOENT) { 1327 /* 1328 * This maps to 1329 * NT_STATUS_OBJECT_NAME_NOT_FOUND. Our upper 1330 * layers expect NT_STATUS_NOT_FOUND for "no 1331 * record around". We need to convert dbwrap 1332 * to 0/errno away from NTSTATUS ... :-) 1333 */ 1334 return NT_STATUS_NOT_FOUND; 1335 } 1301 1336 return map_nt_error_from_unix(ret); 1302 1337 } -
vendor/current/source3/lib/dumpcore.c
r988 r989 252 252 } 253 253 254 255 #ifdef HAVE_GETRLIMIT256 #ifdef RLIMIT_CORE257 {258 struct rlimit rlp;259 getrlimit(RLIMIT_CORE, &rlp);260 rlp.rlim_cur = MAX(16*1024*1024,rlp.rlim_cur);261 setrlimit(RLIMIT_CORE, &rlp);262 getrlimit(RLIMIT_CORE, &rlp);263 DEBUG(3,("Maximum core file size limits now %d(soft) %d(hard)\n",264 (int)rlp.rlim_cur,(int)rlp.rlim_max));265 }266 #endif267 #endif268 269 254 /* FIXME: if we have a core-plus-pid facility, configurably set 270 255 * this up here. -
vendor/current/source3/lib/gencache.c
r988 r989 671 671 } 672 672 673 res = tdb_lockall (cache_notrans->tdb);673 res = tdb_lockall_nonblock(cache_notrans->tdb); 674 674 if (res != 0) { 675 675 tdb_transaction_cancel(cache->tdb); -
vendor/current/source3/lib/msghdr.c
r988 r989 205 205 msgsize - offsetof(struct msghdr_buf, buf) : 0; 206 206 207 fd_len = msghdr_prep_fds(&msg->msg, msg->buf, bufsize, fds, num_fds); 207 if (msg != NULL) { 208 msg->msg = (struct msghdr) { 0 }; 209 210 fd_len = msghdr_prep_fds(&msg->msg, msg->buf, bufsize, 211 fds, num_fds); 212 } else { 213 fd_len = msghdr_prep_fds(NULL, NULL, bufsize, fds, num_fds); 214 } 208 215 209 216 if (fd_len == -1) { -
vendor/current/source3/lib/poll_funcs/poll_funcs_tevent.c
r988 r989 303 303 TALLOC_FREE(state->watches[i]); 304 304 } 305 for (i=0; i<state->num_contexts; i++) { 306 TALLOC_FREE(state->contexts[i]); 307 } 305 308 return 0; 306 309 } … … 316 319 unsigned i; 317 320 321 /* Look for an existing match first. */ 318 322 for (i=0; i<state->num_contexts; i++) { 319 323 struct poll_funcs_tevent_context *ctx = state->contexts[i]; 320 324 321 if ( (ctx == NULL) || (ctx->ev == ev)) {325 if (ctx != NULL && ctx->ev == ev) { 322 326 *slot = i; 323 327 return true; 324 328 } 325 329 } 330 331 /* Now look for a free slot. */ 332 for (i=0; i<state->num_contexts; i++) { 333 struct poll_funcs_tevent_context *ctx = state->contexts[i]; 334 335 if (ctx == NULL) { 336 *slot = i; 337 return true; 338 } 339 } 340 326 341 327 342 contexts = talloc_realloc(state, state->contexts, -
vendor/current/source3/lib/server_contexts.c
r988 r989 32 32 * children exiting. 33 33 */ 34 server_event_ctx = s 3_tevent_context_init(NULL);34 server_event_ctx = samba_tevent_context_init(NULL); 35 35 } 36 36 if (!server_event_ctx) { -
vendor/current/source3/lib/substitute.c
r988 r989 500 500 case 'G' : { 501 501 struct passwd *pass; 502 bool is_domain_name = false; 503 const char *sep = lp_winbind_separator(); 502 504 503 505 if (domain_name != NULL && domain_name[0] != '\0' && 504 !strequal(domain_name, my_sam_name()))505 {506 (lp_security() == SEC_ADS || 507 lp_security() == SEC_DOMAIN)) { 506 508 r = talloc_asprintf(tmp_ctx, 507 509 "%s%c%s", 508 510 domain_name, 509 * lp_winbind_separator(),511 *sep, 510 512 smb_name); 513 is_domain_name = true; 511 514 } else { 512 515 r = talloc_strdup(tmp_ctx, smb_name); … … 518 521 pass = Get_Pwnam_alloc(tmp_ctx, r); 519 522 if (pass != NULL) { 520 a_string = realloc_string_sub( 521 a_string, "%G", 522 gidtoname(pass->pw_gid)); 523 char *group_name; 524 525 group_name = gidtoname(pass->pw_gid); 526 if (is_domain_name) { 527 p = strchr_m(group_name, *sep); 528 if (p != NULL) { 529 group_name = p + 1; 530 } 531 } 532 a_string = realloc_string_sub(a_string, 533 "%G", 534 group_name); 523 535 } 524 536 TALLOC_FREE(pass); -
vendor/current/source3/lib/sysquotas_4B.c
r988 r989 82 82 dp->curblocks = XLATE_TO_BLOCKS(qblk->dqb_curbytes); 83 83 #undef XLATE_TO_BLOCKS 84 #else 85 dp->bsize = DEV_BSIZE; 86 87 dp->softlimit = qblk->dqb_bsoftlimit; 88 dp->hardlimit = qblk->dqb_bhardlimit; 89 dp->curblocks = qblk->dqb_curblocks; 84 90 #endif 85 91 -
vendor/current/source3/libads/cldap.c
r988 r989 118 118 state->servers[i], 119 119 &state->cldap[i]); 120 if (tevent_req_nterror(req, status)) { 121 return tevent_req_post(req, ev); 120 if (!NT_STATUS_IS_OK(status)) { 121 /* 122 * Don't error out all sends just 123 * because one cldap_socket_init() failed. 124 * Log it here, and the cldap_netlogon_send() 125 * will catch it (with in.dest_address == NULL) 126 * and correctly error out in 127 * cldap_multi_netlogon_done(). This still allows 128 * the other requests to be concurrently sent. 129 */ 130 DBG_NOTICE("cldap_socket_init failed for %s " 131 " error %s\n", 132 tsocket_address_string(state->servers[i], 133 req), 134 nt_errstr(status)); 122 135 } 123 136 -
vendor/current/source3/libads/kerberos.c
r988 r989 48 48 { 49 49 if (num_prompts == 0) return 0; 50 #if HAVE_KRB5_PROMPT_TYPE 51 52 /* 53 * only heimdal has a prompt type and we need to deal with it here to 54 * avoid loops. 55 * 56 * removing the prompter completely is not an option as at least these 57 * versions would crash: heimdal-1.0.2 and heimdal-1.1. Later heimdal 58 * version have looping detection and return with a proper error code. 59 */ 60 61 if ((num_prompts == 2) && 62 (prompts[0].type == KRB5_PROMPT_TYPE_NEW_PASSWORD) && 63 (prompts[1].type == KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN)) { 50 if (num_prompts == 2) { 64 51 /* 65 * We don't want to change passwords here. We're 66 * called from heimal when the KDC returns 67 * KRB5KDC_ERR_KEY_EXPIRED, but at this point we don't 68 * have the chance to ask the user for a new 69 * password. If we return 0 (i.e. success), we will be 70 * spinning in the endless for-loop in 71 * change_password() in 72 * source4/heimdal/lib/krb5/init_creds_pw.c:526ff 52 * only heimdal has a prompt type and we need to deal with it here to 53 * avoid loops. 54 * 55 * removing the prompter completely is not an option as at least these 56 * versions would crash: heimdal-1.0.2 and heimdal-1.1. Later heimdal 57 * version have looping detection and return with a proper error code. 73 58 */ 74 return KRB5KDC_ERR_KEY_EXPIRED; 75 } 76 #endif /* HAVE_KRB5_PROMPT_TYPE */ 59 60 #if HAVE_KRB5_PROMPT_TYPE /* Heimdal */ 61 if (prompts[0].type == KRB5_PROMPT_TYPE_NEW_PASSWORD && 62 prompts[1].type == KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN) { 63 /* 64 * We don't want to change passwords here. We're 65 * called from heimal when the KDC returns 66 * KRB5KDC_ERR_KEY_EXPIRED, but at this point we don't 67 * have the chance to ask the user for a new 68 * password. If we return 0 (i.e. success), we will be 69 * spinning in the endless for-loop in 70 * change_password() in 71 * source4/heimdal/lib/krb5/init_creds_pw.c:526ff 72 */ 73 return KRB5KDC_ERR_KEY_EXPIRED; 74 } 75 #elif defined(HAVE_KRB5_GET_PROMPT_TYPES) /* MIT */ 76 krb5_prompt_type *prompt_types = NULL; 77 78 prompt_types = krb5_get_prompt_types(ctx); 79 if (prompt_types != NULL) { 80 if (prompt_types[0] == KRB5_PROMPT_TYPE_NEW_PASSWORD && 81 prompt_types[1] == KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN) { 82 return KRB5KDC_ERR_KEY_EXP; 83 } 84 } 85 #endif 86 } 87 77 88 memset(prompts[0].reply->data, '\0', prompts[0].reply->length); 78 89 if (prompts[0].reply->length > 0) { -
vendor/current/source3/libads/kerberos_keytab.c
r988 r989 745 745 TALLOC_FREE(frame); 746 746 747 {747 if (context) { 748 748 krb5_keytab_entry zero_kt_entry; 749 krb5_kt_cursor zero_csr; 750 749 751 ZERO_STRUCT(zero_kt_entry); 752 ZERO_STRUCT(zero_csr); 753 750 754 if (memcmp(&zero_kt_entry, &kt_entry, 751 755 sizeof(krb5_keytab_entry))) { 752 756 smb_krb5_kt_free_entry(context, &kt_entry); 753 757 } 754 }755 {756 krb5_kt_cursor zero_csr;757 ZERO_STRUCT(zero_csr);758 758 if ((memcmp(&cursor, &zero_csr, 759 759 sizeof(krb5_kt_cursor)) != 0) && keytab) { 760 760 krb5_kt_end_seq_get(context, keytab, &cursor); 761 761 } 762 } 763 if (keytab) { 764 krb5_kt_close(context, keytab); 765 } 766 if (context) { 762 if (keytab) { 763 krb5_kt_close(context, keytab); 764 } 767 765 krb5_free_context(context); 768 766 } -
vendor/current/source3/libads/sasl.c
r988 r989 27 27 #include "system/gssapi.h" 28 28 #include "lib/param/loadparm.h" 29 #include "krb5_env.h" 29 30 30 31 #ifdef HAVE_LDAP … … 697 698 int rc, i; 698 699 ADS_STATUS status; 699 DATA_BLOB blob ;700 DATA_BLOB blob = data_blob_null; 700 701 char *given_principal = NULL; 701 702 char *OIDs[ASN1_MAX_OIDS]; … … 749 750 got_kerberos_mechanism) 750 751 { 751 status = ads_sasl_spnego_gensec_bind(ads, "GSS-SPNEGO", 752 CRED_MUST_USE_KERBEROS, 753 p.service, p.hostname, 754 blob); 755 if (ADS_ERR_OK(status)) { 756 ads_free_service_principal(&p); 757 goto done; 758 } 759 760 DEBUG(10,("ads_sasl_spnego_gensec_bind(KRB5) failed with: %s, " 761 "calling kinit\n", ads_errstr(status))); 752 if (ads->auth.password == NULL || 753 ads->auth.password[0] == '\0') 754 { 755 756 status = ads_sasl_spnego_gensec_bind(ads, "GSS-SPNEGO", 757 CRED_MUST_USE_KERBEROS, 758 p.service, p.hostname, 759 blob); 760 if (ADS_ERR_OK(status)) { 761 ads_free_service_principal(&p); 762 goto done; 763 } 764 765 DEBUG(10,("ads_sasl_spnego_gensec_bind(KRB5) failed with: %s, " 766 "calling kinit\n", ads_errstr(status))); 767 } 762 768 763 769 status = ADS_ERROR_KRB5(ads_kinit_password(ads)); … … 793 799 ads_free_service_principal(&p); 794 800 TALLOC_FREE(frame); 801 if (blob.data != NULL) { 802 data_blob_free(&blob); 803 } 795 804 return status; 796 805 } … … 1019 1028 } 1020 1029 1021 status = ads_sasl_gssapi_do_bind(ads, p.name); 1022 if (ADS_ERR_OK(status)) { 1023 ads_free_service_principal(&p); 1024 return status; 1025 } 1026 1027 DEBUG(10,("ads_sasl_gssapi_do_bind failed with: %s, " 1028 "calling kinit\n", ads_errstr(status))); 1030 if (ads->auth.password == NULL || 1031 ads->auth.password[0] == '\0') { 1032 status = ads_sasl_gssapi_do_bind(ads, p.name); 1033 if (ADS_ERR_OK(status)) { 1034 ads_free_service_principal(&p); 1035 return status; 1036 } 1037 1038 DEBUG(10,("ads_sasl_gssapi_do_bind failed with: %s, " 1039 "calling kinit\n", ads_errstr(status))); 1040 } 1029 1041 1030 1042 status = ADS_ERROR_KRB5(ads_kinit_password(ads)); -
vendor/current/source3/libnet/libnet_join.c
r988 r989 464 464 char *spn = NULL; 465 465 bool ok; 466 const char **netbios_aliases = NULL; 466 467 467 468 /* Find our DN */ … … 522 523 return ADS_ERROR_LDAP(LDAP_NO_MEMORY); 523 524 } 525 } 526 } 527 528 netbios_aliases = lp_netbios_aliases(); 529 if (netbios_aliases != NULL) { 530 for (; *netbios_aliases != NULL; netbios_aliases++) { 531 /* 532 * Add HOST/NETBIOSNAME 533 */ 534 spn = talloc_asprintf(mem_ctx, "HOST/%s", *netbios_aliases); 535 if (spn == NULL) { 536 TALLOC_FREE(spn); 537 return ADS_ERROR_LDAP(LDAP_NO_MEMORY); 538 } 539 if (!strupper_m(spn)) { 540 TALLOC_FREE(spn); 541 return ADS_ERROR_LDAP(LDAP_NO_MEMORY); 542 } 543 544 ok = ads_element_in_array(spn_array, num_spns, spn); 545 if (ok) { 546 TALLOC_FREE(spn); 547 continue; 548 } 549 ok = add_string_to_array(spn_array, spn, 550 &spn_array, &num_spns); 551 if (!ok) { 552 TALLOC_FREE(spn); 553 return ADS_ERROR_LDAP(LDAP_NO_MEMORY); 554 } 555 TALLOC_FREE(spn); 556 557 /* 558 * Add HOST/netbiosname.domainname 559 */ 560 if (r->out.dns_domain_name == NULL) { 561 continue; 562 } 563 fstr_sprintf(my_fqdn, "%s.%s", 564 *netbios_aliases, 565 r->out.dns_domain_name); 566 567 spn = talloc_asprintf(mem_ctx, "HOST/%s", my_fqdn); 568 if (spn == NULL) { 569 return ADS_ERROR_LDAP(LDAP_NO_MEMORY); 570 } 571 572 ok = ads_element_in_array(spn_array, num_spns, spn); 573 if (ok) { 574 TALLOC_FREE(spn); 575 continue; 576 } 577 ok = add_string_to_array(spn_array, spn, 578 &spn_array, &num_spns); 579 if (!ok) { 580 TALLOC_FREE(spn); 581 return ADS_ERROR_LDAP(LDAP_NO_MEMORY); 582 } 583 TALLOC_FREE(spn); 524 584 } 525 585 } … … 2244 2304 bool valid_workgroup = false; 2245 2305 bool valid_realm = false; 2306 bool ignored_realm = false; 2246 2307 2247 2308 /* check if configuration is already set correctly */ … … 2263 2324 switch (lp_security()) { 2264 2325 case SEC_DOMAIN: 2326 if (!valid_realm && lp_winbind_rpc_only()) { 2327 valid_realm = true; 2328 ignored_realm = true; 2329 } 2265 2330 case SEC_ADS: 2266 2331 valid_security = true; … … 2268 2333 2269 2334 if (valid_workgroup && valid_realm && valid_security) { 2335 if (ignored_realm && !r->in.modify_config) 2336 { 2337 libnet_join_set_error_string(mem_ctx, r, 2338 "Warning: ignoring realm when " 2339 "joining AD domain with " 2340 "'security=domain' and " 2341 "'winbind rpc only = yes'. " 2342 "(realm set to '%s', " 2343 "should be '%s').", lp_realm(), 2344 r->out.dns_domain_name); 2345 } 2270 2346 /* nothing to be done */ 2271 2347 return WERR_OK; … … 2441 2517 create_local_private_krb5_conf_for_domain( 2442 2518 r->out.dns_domain_name, r->out.netbios_domain_name, 2443 NULL, smbXcli_conn_remote_sockaddr(cli->conn));2519 sitename, smbXcli_conn_remote_sockaddr(cli->conn)); 2444 2520 2445 2521 if (r->out.domain_is_ad && -
vendor/current/source3/librpc/idl/smbXsrv.idl
r988 r989 431 431 boolean8 durable; 432 432 DATA_BLOB backend_cookie; 433 hyper channel_sequence; 433 434 } smbXsrv_open_global0; 434 435 … … 471 472 smbXsrv_open_flags flags; 472 473 uint32 create_action; 474 hyper request_count; 475 hyper pre_request_count; 473 476 } smbXsrv_open; 474 477 -
vendor/current/source3/libsmb/cli_smb2_fnum.c
r988 r989 177 177 struct tevent_req *req, *subreq; 178 178 struct cli_smb2_create_fnum_state *state; 179 size_t fname_len = 0; 179 180 180 181 req = tevent_req_create(mem_ctx, &state, … … 198 199 if (*fname == '\\') { 199 200 fname++; 201 } 202 203 /* Or end in a '\' */ 204 fname_len = strlen(fname); 205 if (fname_len > 0 && fname[fname_len-1] == '\\') { 206 char *new_fname = talloc_strdup(state, fname); 207 if (tevent_req_nomem(new_fname, req)) { 208 return tevent_req_post(req, ev); 209 } 210 new_fname[fname_len-1] = '\0'; 211 fname = new_fname; 200 212 } 201 213 … … 263 275 264 276 if (tevent_req_is_nterror(req, &status)) { 277 state->cli->raw_status = status; 265 278 return status; 266 279 } … … 271 284 *cr = state->cr; 272 285 } 286 state->cli->raw_status = NT_STATUS_OK; 273 287 return NT_STATUS_OK; 274 288 } … … 391 405 NTSTATUS cli_smb2_close_fnum_recv(struct tevent_req *req) 392 406 { 393 return tevent_req_simple_recv_ntstatus(req); 407 struct cli_smb2_close_fnum_state *state = tevent_req_data( 408 req, struct cli_smb2_close_fnum_state); 409 NTSTATUS status = tevent_req_simple_recv_ntstatus(req); 410 state->cli->raw_status = status; 411 return status; 394 412 } 395 413 … … 2303 2321 2304 2322 if (tevent_req_is_nterror(req, &status)) { 2323 state->cli->raw_status = status; 2305 2324 return status; 2306 2325 } … … 2312 2331 *received = (ssize_t)state->received; 2313 2332 *rcvbuf = state->buf; 2333 state->cli->raw_status = NT_STATUS_OK; 2314 2334 return NT_STATUS_OK; 2315 2335 } … … 2410 2430 2411 2431 if (tevent_req_is_nterror(req, &status)) { 2432 state->cli->raw_status = status; 2412 2433 tevent_req_received(req); 2413 2434 return status; … … 2417 2438 *pwritten = (size_t)state->written; 2418 2439 } 2440 state->cli->raw_status = NT_STATUS_OK; 2419 2441 tevent_req_received(req); 2420 2442 return NT_STATUS_OK; … … 2574 2596 2575 2597 if (tevent_req_is_nterror(req, &status)) { 2598 state->cli->raw_status = status; 2576 2599 return status; 2577 2600 } … … 2579 2602 *pwritten = (size_t)state->written; 2580 2603 } 2604 state->cli->raw_status = NT_STATUS_OK; 2581 2605 return NT_STATUS_OK; 2582 2606 } … … 2839 2863 2840 2864 if (tevent_req_is_nterror(req, &status)) { 2865 state->cli->raw_status = status; 2841 2866 tevent_req_received(req); 2842 2867 return status; … … 2845 2870 *written = state->written; 2846 2871 } 2872 state->cli->raw_status = NT_STATUS_OK; 2847 2873 tevent_req_received(req); 2848 2874 return NT_STATUS_OK; -
vendor/current/source3/libsmb/cliconnect.c
r988 r989 1589 1589 * 1590 1590 * So just pretend we are completely done. 1591 * 1592 * Note that smbXcli_session_is_guest() 1593 * always returns false if we require signing. 1591 1594 */ 1592 1595 state->blob_in = data_blob_null; … … 3106 3109 3107 3110 state->desthost = host; 3108 } else {3111 } else if (dest_ss != NULL) { 3109 3112 state->desthost = print_canonical_sockaddr(state, dest_ss); 3110 3113 if (tevent_req_nomem(state->desthost, req)) { 3111 3114 return tevent_req_post(req, ev); 3112 3115 } 3116 } else { 3117 /* No host or dest_ss given. Error out. */ 3118 tevent_req_error(req, EINVAL); 3119 return tevent_req_post(req, ev); 3113 3120 } 3114 3121 -
vendor/current/source3/libsmb/clifile.c
r988 r989 4594 4594 setup, 1, 0, 4595 4595 param, param_len, 2, 4596 data, data_len, CLI_BUFFER_SIZE,4596 data, data_len, 0, 4597 4597 NULL, 4598 4598 NULL, 0, NULL, /* rsetup */ -
vendor/current/source3/locking/share_mode_lock.c
r988 r989 442 442 443 443 /* 444 * Release the dptr as well before reparenting to NULL 445 * (in-memory cache) context. 446 */ 447 TALLOC_FREE(data.dptr); 448 /* 444 449 * Reparent d into the in-memory cache so it can be reused if the 445 450 * sequence number matches. See parse_share_modes() … … 615 620 struct share_mode_lock *lck = talloc_get_type_abort( 616 621 private_data, struct share_mode_lock); 622 623 if (data.dsize == 0) { 624 /* Likely a ctdb tombstone record, ignore it */ 625 lck->data = NULL; 626 return; 627 } 617 628 618 629 lck->data = parse_share_modes(lck, key, data); -
vendor/current/source3/modules/getdate.c
r414 r989 182 182 #endif 183 183 184 #if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 8) || __STRICT_ANSI__184 #ifndef HAVE___ATTRIBUTE__ 185 185 # define __attribute__(x) 186 186 #endif -
vendor/current/source3/modules/getdate.y
r414 r989 73 73 #endif 74 74 75 #if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 8) || __STRICT_ANSI__75 #ifndef HAVE___ATTRIBUTE__ 76 76 # define __attribute__(x) 77 77 #endif -
vendor/current/source3/modules/vfs_acl_common.c
r988 r989 25 25 #include "../librpc/gen_ndr/ndr_security.h" 26 26 #include "../lib/util/bitmap.h" 27 #include "passdb/lookup_sid.h" 27 28 28 29 static NTSTATUS create_acl_blob(const struct security_descriptor *psd, … … 45 46 SECINFO_DACL | \ 46 47 SECINFO_SACL) 48 49 enum default_acl_style {DEFAULT_ACL_POSIX, DEFAULT_ACL_WINDOWS}; 50 51 static const struct enum_list default_acl_style[] = { 52 {DEFAULT_ACL_POSIX, "posix"}, 53 {DEFAULT_ACL_WINDOWS, "windows"} 54 }; 55 56 struct acl_common_config { 57 bool ignore_system_acls; 58 enum default_acl_style default_acl_style; 59 }; 60 61 static bool init_acl_common_config(vfs_handle_struct *handle) 62 { 63 struct acl_common_config *config = NULL; 64 65 config = talloc_zero(handle->conn, struct acl_common_config); 66 if (config == NULL) { 67 DBG_ERR("talloc_zero() failed\n"); 68 errno = ENOMEM; 69 return false; 70 } 71 72 config->ignore_system_acls = lp_parm_bool(SNUM(handle->conn), 73 ACL_MODULE_NAME, 74 "ignore system acls", 75 false); 76 config->default_acl_style = lp_parm_enum(SNUM(handle->conn), 77 ACL_MODULE_NAME, 78 "default acl style", 79 default_acl_style, 80 DEFAULT_ACL_POSIX); 81 82 SMB_VFS_HANDLE_SET_DATA(handle, config, NULL, 83 struct acl_common_config, 84 return false); 85 86 return true; 87 } 88 47 89 48 90 /******************************************************************* … … 103 145 104 146 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { 105 D EBUG(5, ("parse_acl_blob:ndr_pull_xattr_NTACL failed: %s\n",106 ndr_errstr(ndr_err)));147 DBG_INFO("ndr_pull_xattr_NTACL failed: %s\n", 148 ndr_errstr(ndr_err)); 107 149 TALLOC_FREE(frame); 108 150 return ndr_map_error2ntstatus(ndr_err); … … 200 242 201 243 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { 202 D EBUG(5, ("create_acl_blob:ndr_push_xattr_NTACL failed: %s\n",203 ndr_errstr(ndr_err)));244 DBG_INFO("ndr_push_xattr_NTACL failed: %s\n", 245 ndr_errstr(ndr_err)); 204 246 return ndr_map_error2ntstatus(ndr_err); 205 247 } … … 246 288 247 289 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { 248 D EBUG(5, ("create_acl_blob:ndr_push_xattr_NTACL failed: %s\n",249 ndr_errstr(ndr_err)));290 DBG_INFO("ndr_push_xattr_NTACL failed: %s\n", 291 ndr_errstr(ndr_err)); 250 292 return ndr_map_error2ntstatus(ndr_err); 251 293 } … … 304 346 mode = dir_mode | file_mode; 305 347 306 DEBUG(10, ("add_directory_inheritable_components: directory %s, " 307 "mode = 0%o\n", 308 name, 309 (unsigned int)mode )); 348 DBG_DEBUG("directory %s, mode = 0%o\n", name, (unsigned int)mode); 310 349 311 350 if (num_aces) { … … 359 398 } 360 399 361 /******************************************************************* 362 Pull a DATA_BLOB from an xattr given a pathname. 363 If the hash doesn't match, or doesn't exist - return the underlying 364 filesystem sd. 365 *******************************************************************/ 366 367 static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle, 368 files_struct *fsp, 369 const char *name, 370 uint32_t security_info, 371 TALLOC_CTX *mem_ctx, 372 struct security_descriptor **ppdesc) 373 { 374 DATA_BLOB blob = data_blob_null; 400 static NTSTATUS make_default_acl_posix(TALLOC_CTX *ctx, 401 const char *name, 402 SMB_STRUCT_STAT *psbuf, 403 struct security_descriptor **ppdesc) 404 { 405 struct dom_sid owner_sid, group_sid; 406 size_t size = 0; 407 struct security_ace aces[4]; 408 uint32_t access_mask = 0; 409 mode_t mode = psbuf->st_ex_mode; 410 struct security_acl *new_dacl = NULL; 411 int idx = 0; 412 413 DBG_DEBUG("file %s mode = 0%o\n",name, (int)mode); 414 415 uid_to_sid(&owner_sid, psbuf->st_ex_uid); 416 gid_to_sid(&group_sid, psbuf->st_ex_gid); 417 418 /* 419 We provide up to 4 ACEs 420 - Owner 421 - Group 422 - Everyone 423 - NT System 424 */ 425 426 if (mode & S_IRUSR) { 427 if (mode & S_IWUSR) { 428 access_mask |= SEC_RIGHTS_FILE_ALL; 429 } else { 430 access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE; 431 } 432 } 433 if (mode & S_IWUSR) { 434 access_mask |= SEC_RIGHTS_FILE_WRITE | SEC_STD_DELETE; 435 } 436 437 init_sec_ace(&aces[idx], 438 &owner_sid, 439 SEC_ACE_TYPE_ACCESS_ALLOWED, 440 access_mask, 441 0); 442 idx++; 443 444 access_mask = 0; 445 if (mode & S_IRGRP) { 446 access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE; 447 } 448 if (mode & S_IWGRP) { 449 /* note that delete is not granted - this matches posix behaviour */ 450 access_mask |= SEC_RIGHTS_FILE_WRITE; 451 } 452 if (access_mask) { 453 init_sec_ace(&aces[idx], 454 &group_sid, 455 SEC_ACE_TYPE_ACCESS_ALLOWED, 456 access_mask, 457 0); 458 idx++; 459 } 460 461 access_mask = 0; 462 if (mode & S_IROTH) { 463 access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE; 464 } 465 if (mode & S_IWOTH) { 466 access_mask |= SEC_RIGHTS_FILE_WRITE; 467 } 468 if (access_mask) { 469 init_sec_ace(&aces[idx], 470 &global_sid_World, 471 SEC_ACE_TYPE_ACCESS_ALLOWED, 472 access_mask, 473 0); 474 idx++; 475 } 476 477 init_sec_ace(&aces[idx], 478 &global_sid_System, 479 SEC_ACE_TYPE_ACCESS_ALLOWED, 480 SEC_RIGHTS_FILE_ALL, 481 0); 482 idx++; 483 484 new_dacl = make_sec_acl(ctx, 485 NT4_ACL_REVISION, 486 idx, 487 aces); 488 489 if (!new_dacl) { 490 return NT_STATUS_NO_MEMORY; 491 } 492 493 *ppdesc = make_sec_desc(ctx, 494 SECURITY_DESCRIPTOR_REVISION_1, 495 SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, 496 &owner_sid, 497 &group_sid, 498 NULL, 499 new_dacl, 500 &size); 501 if (!*ppdesc) { 502 return NT_STATUS_NO_MEMORY; 503 } 504 return NT_STATUS_OK; 505 } 506 507 static NTSTATUS make_default_acl_windows(TALLOC_CTX *ctx, 508 const char *name, 509 SMB_STRUCT_STAT *psbuf, 510 struct security_descriptor **ppdesc) 511 { 512 struct dom_sid owner_sid, group_sid; 513 size_t size = 0; 514 struct security_ace aces[4]; 515 uint32_t access_mask = 0; 516 mode_t mode = psbuf->st_ex_mode; 517 struct security_acl *new_dacl = NULL; 518 int idx = 0; 519 520 DBG_DEBUG("file [%s] mode [0%o]\n", name, (int)mode); 521 522 uid_to_sid(&owner_sid, psbuf->st_ex_uid); 523 gid_to_sid(&group_sid, psbuf->st_ex_gid); 524 525 /* 526 * We provide 2 ACEs: 527 * - Owner 528 * - NT System 529 */ 530 531 if (mode & S_IRUSR) { 532 if (mode & S_IWUSR) { 533 access_mask |= SEC_RIGHTS_FILE_ALL; 534 } else { 535 access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE; 536 } 537 } 538 if (mode & S_IWUSR) { 539 access_mask |= SEC_RIGHTS_FILE_WRITE | SEC_STD_DELETE; 540 } 541 542 init_sec_ace(&aces[idx], 543 &owner_sid, 544 SEC_ACE_TYPE_ACCESS_ALLOWED, 545 access_mask, 546 0); 547 idx++; 548 549 init_sec_ace(&aces[idx], 550 &global_sid_System, 551 SEC_ACE_TYPE_ACCESS_ALLOWED, 552 SEC_RIGHTS_FILE_ALL, 553 0); 554 idx++; 555 556 new_dacl = make_sec_acl(ctx, 557 NT4_ACL_REVISION, 558 idx, 559 aces); 560 561 if (!new_dacl) { 562 return NT_STATUS_NO_MEMORY; 563 } 564 565 *ppdesc = make_sec_desc(ctx, 566 SECURITY_DESCRIPTOR_REVISION_1, 567 SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, 568 &owner_sid, 569 &group_sid, 570 NULL, 571 new_dacl, 572 &size); 573 if (!*ppdesc) { 574 return NT_STATUS_NO_MEMORY; 575 } 576 return NT_STATUS_OK; 577 } 578 579 static NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx, 580 struct acl_common_config *config, 581 const char *name, 582 SMB_STRUCT_STAT *psbuf, 583 struct security_descriptor **ppdesc) 584 { 585 NTSTATUS status; 586 587 switch (config->default_acl_style) { 588 589 case DEFAULT_ACL_POSIX: 590 status = make_default_acl_posix(ctx, name, psbuf, ppdesc); 591 break; 592 593 case DEFAULT_ACL_WINDOWS: 594 status = make_default_acl_windows(ctx, name, psbuf, ppdesc); 595 break; 596 597 default: 598 DBG_ERR("unknown acl style %d", config->default_acl_style); 599 status = NT_STATUS_INTERNAL_ERROR; 600 break; 601 } 602 603 return status; 604 } 605 606 /** 607 * Validate an ACL blob 608 * 609 * This validates an ACL blob against the underlying filesystem ACL. If this 610 * function returns NT_STATUS_OK ppsd can be 611 * 612 * 1. the ACL from the blob (psd_from_fs=false), or 613 * 2. the ACL from the fs (psd_from_fs=true), or 614 * 3. NULL (!) 615 * 616 * If the return value is anything else then NT_STATUS_OK, ppsd is set to NULL 617 * and psd_from_fs set to false. 618 * 619 * Returning the underlying filesystem ACL in case no. 2 is really just an 620 * optimisation, because some validations have to fetch the filesytem ACL as 621 * part of the validation, so we already have it available and callers might 622 * need it as well. 623 **/ 624 static NTSTATUS validate_nt_acl_blob(TALLOC_CTX *mem_ctx, 625 vfs_handle_struct *handle, 626 files_struct *fsp, 627 const char *name, 628 const DATA_BLOB *blob, 629 struct security_descriptor **ppsd, 630 bool *psd_is_from_fs) 631 { 375 632 NTSTATUS status; 376 633 uint16_t hash_type = XATTR_SD_HASH_TYPE_NONE; … … 381 638 uint8_t sys_acl_hash_tmp[XATTR_SD_HASH_SIZE]; 382 639 struct security_descriptor *psd = NULL; 383 struct security_descriptor *pdesc_next = NULL; 384 bool ignore_file_system_acl = lp_parm_bool(SNUM(handle->conn), 385 ACL_MODULE_NAME, 386 "ignore system acls", 387 false); 388 TALLOC_CTX *frame = talloc_stackframe(); 389 390 if (fsp && name == NULL) { 391 name = fsp->fsp_name->base_name; 392 } 393 394 DEBUG(10, ("get_nt_acl_internal: name=%s\n", name)); 395 396 status = get_acl_blob(frame, handle, fsp, name, &blob); 640 struct security_descriptor *psd_blob = NULL; 641 struct security_descriptor *psd_fs = NULL; 642 char *sys_acl_blob_description = NULL; 643 DATA_BLOB sys_acl_blob = { 0 }; 644 struct acl_common_config *config = NULL; 645 646 *ppsd = NULL; 647 *psd_is_from_fs = false; 648 649 SMB_VFS_HANDLE_GET_DATA(handle, config, 650 struct acl_common_config, 651 return NT_STATUS_UNSUCCESSFUL); 652 653 status = parse_acl_blob(blob, 654 mem_ctx, 655 &psd_blob, 656 &hash_type, 657 &xattr_version, 658 &hash[0], 659 &sys_acl_hash[0]); 660 397 661 if (!NT_STATUS_IS_OK(status)) { 398 DEBUG(10, ("get_nt_acl_internal: get_acl_blob returned %s\n", 399 nt_errstr(status))); 400 psd = NULL; 401 goto out; 402 } else { 403 status = parse_acl_blob(&blob, mem_ctx, &psd, 404 &hash_type, &xattr_version, &hash[0], &sys_acl_hash[0]); 405 if (!NT_STATUS_IS_OK(status)) { 406 DEBUG(10, ("parse_acl_blob returned %s\n", 407 nt_errstr(status))); 408 psd = NULL; 409 goto out; 410 } 411 } 412 413 /* Ensure we don't leak psd if we don't choose it. 414 * 415 * We don't allocate it onto frame as it is preferred not to 416 * steal from a talloc pool. 417 */ 418 talloc_steal(frame, psd); 662 DBG_DEBUG("parse_acl_blob returned %s\n", nt_errstr(status)); 663 goto fail; 664 } 419 665 420 666 /* determine which type of xattr we got */ … … 426 672 * the NTVFS file server uses version 1, but 427 673 * 'samba-tool ntacl' can set these as well */ 428 goto out; 674 *ppsd = psd_blob; 675 return NT_STATUS_OK; 429 676 case 3: 430 677 case 4: 431 if (ignore_file_system_acl) { 432 goto out; 678 if (config->ignore_system_acls) { 679 *ppsd = psd_blob; 680 return NT_STATUS_OK; 433 681 } 434 682 435 683 break; 436 684 default: 437 DEBUG(10, ("get_nt_acl_internal: ACL blob revision " 438 "mismatch (%u) for file %s\n", 439 (unsigned int)hash_type, 440 name)); 441 TALLOC_FREE(psd); 442 psd = NULL; 443 goto out; 685 DBG_DEBUG("ACL blob revision mismatch (%u) for file %s\n", 686 (unsigned int)hash_type, name); 687 TALLOC_FREE(psd_blob); 688 return NT_STATUS_OK; 444 689 } 445 690 446 691 /* determine which type of xattr we got */ 447 692 if (hash_type != XATTR_SD_HASH_TYPE_SHA256) { 448 DEBUG(10, ("get_nt_acl_internal: ACL blob hash type " 449 "(%u) unexpected for file %s\n", 450 (unsigned int)hash_type, 451 name)); 452 TALLOC_FREE(psd); 453 psd = NULL; 454 goto out; 693 DBG_DEBUG("ACL blob hash type (%u) unexpected for file %s\n", 694 (unsigned int)hash_type, name); 695 TALLOC_FREE(psd_blob); 696 return NT_STATUS_OK; 455 697 } 456 698 … … 460 702 { 461 703 int ret; 462 char *sys_acl_blob_description;463 DATA_BLOB sys_acl_blob;464 704 if (fsp) { 465 705 /* Get the full underlying sd, then hash. */ 466 706 ret = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, 467 707 fsp, 468 frame,708 mem_ctx, 469 709 &sys_acl_blob_description, 470 710 &sys_acl_blob); … … 473 713 ret = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, 474 714 name, 475 frame,715 mem_ctx, 476 716 &sys_acl_blob_description, 477 717 &sys_acl_blob); … … 483 723 status = hash_blob_sha256(sys_acl_blob, sys_acl_hash_tmp); 484 724 if (!NT_STATUS_IS_OK(status)) { 485 TALLOC_FREE(frame); 486 return status; 725 goto fail; 487 726 } 727 728 TALLOC_FREE(sys_acl_blob_description); 729 TALLOC_FREE(sys_acl_blob.data); 488 730 489 731 if (memcmp(&sys_acl_hash[0], &sys_acl_hash_tmp[0], 490 732 XATTR_SD_HASH_SIZE) == 0) { 491 733 /* Hash matches, return blob sd. */ 492 D EBUG(10, ("get_nt_acl_internal: blob hash "493 "matches for file %s\n",494 name ));495 goto out;734 DBG_DEBUG("blob hash matches for file %s\n", 735 name); 736 *ppsd = psd_blob; 737 return NT_STATUS_OK; 496 738 } 497 739 } … … 507 749 HASH_SECURITY_INFO, 508 750 mem_ctx, 509 &p desc_next);751 &psd_fs); 510 752 } else { 511 753 status = SMB_VFS_NEXT_GET_NT_ACL(handle, … … 513 755 HASH_SECURITY_INFO, 514 756 mem_ctx, 515 &p desc_next);757 &psd_fs); 516 758 } 517 759 518 760 if (!NT_STATUS_IS_OK(status)) { 519 DEBUG(10, ("get_nt_acl_internal: get_next_acl for file %s " 520 "returned %s\n", 521 name, 522 nt_errstr(status))); 523 TALLOC_FREE(frame); 524 return status; 525 } 526 527 /* Ensure we don't leak psd_next if we don't choose it. 528 * 529 * We don't allocate it onto frame as it is preferred not to 530 * steal from a talloc pool. 531 */ 532 talloc_steal(frame, pdesc_next); 533 534 status = hash_sd_sha256(pdesc_next, hash_tmp); 761 DBG_DEBUG("get_next_acl for file %s returned %s\n", 762 name, nt_errstr(status)); 763 goto fail; 764 } 765 766 status = hash_sd_sha256(psd_fs, hash_tmp); 535 767 if (!NT_STATUS_IS_OK(status)) { 536 TALLOC_FREE(psd); 537 psd = pdesc_next; 538 goto out; 768 TALLOC_FREE(psd_blob); 769 *ppsd = psd_fs; 770 *psd_is_from_fs = true; 771 return NT_STATUS_OK; 539 772 } 540 773 541 774 if (memcmp(&hash[0], &hash_tmp[0], XATTR_SD_HASH_SIZE) == 0) { 542 775 /* Hash matches, return blob sd. */ 543 DEBUG(10, ("get_nt_acl_internal: blob hash " 544 "matches for file %s\n", 545 name )); 546 goto out; 776 DBG_DEBUG("blob hash matches for file %s\n", name); 777 *ppsd = psd_blob; 778 return NT_STATUS_OK; 547 779 } 548 780 549 781 /* Hash doesn't match, return underlying sd. */ 550 DEBUG(10, ("get_nt_acl_internal: blob hash " 551 "does not match for file %s - returning " 552 "file system SD mapping.\n", 553 name )); 782 DBG_DEBUG("blob hash does not match for file %s - returning " 783 "file system SD mapping.\n", name); 554 784 555 785 if (DEBUGLEVEL >= 10) { 556 DEBUG(10,("get_nt_acl_internal: acl for blob hash for %s is:\n", 557 name )); 558 NDR_PRINT_DEBUG(security_descriptor, pdesc_next); 559 } 560 561 TALLOC_FREE(psd); 562 psd = pdesc_next; 563 } 564 out: 786 DBG_DEBUG("acl for blob hash for %s is:\n", name); 787 NDR_PRINT_DEBUG(security_descriptor, psd_fs); 788 } 789 790 TALLOC_FREE(psd_blob); 791 *ppsd = psd_fs; 792 *psd_is_from_fs = true; 793 } 794 795 return NT_STATUS_OK; 796 797 fail: 798 TALLOC_FREE(psd); 799 TALLOC_FREE(psd_blob); 800 TALLOC_FREE(psd_fs); 801 TALLOC_FREE(sys_acl_blob_description); 802 TALLOC_FREE(sys_acl_blob.data); 803 return status; 804 } 805 806 static NTSTATUS stat_fsp_or_name(vfs_handle_struct *handle, 807 files_struct *fsp, 808 const char *name, 809 SMB_STRUCT_STAT *sbuf, 810 SMB_STRUCT_STAT **psbuf) 811 { 812 NTSTATUS status; 813 int ret; 814 815 if (fsp) { 816 status = vfs_stat_fsp(fsp); 817 if (!NT_STATUS_IS_OK(status)) { 818 return status; 819 } 820 *psbuf = &fsp->fsp_name->st; 821 } else { 822 /* 823 * https://bugzilla.samba.org/show_bug.cgi?id=11249 824 * 825 * We are currently guaranteed that 'name' here is a 826 * smb_fname->base_name, which *cannot* contain a stream name 827 * (':'). vfs_stat_smb_fname() splits a name into a base name + 828 * stream name, which when we get here we know we've already 829 * done. So we have to call the stat or lstat VFS calls 830 * directly here. Else, a base_name that contains a ':' (from a 831 * demangled name) will get split again. 832 * 833 * FIXME. 834 * This uglyness will go away once smb_fname is fully plumbed 835 * through the VFS. 836 */ 837 ret = vfs_stat_smb_basename(handle->conn, 838 name, 839 sbuf); 840 if (ret == -1) { 841 return map_nt_error_from_unix(errno); 842 } 843 } 844 845 return NT_STATUS_OK; 846 } 847 848 /******************************************************************* 849 Pull a DATA_BLOB from an xattr given a pathname. 850 If the hash doesn't match, or doesn't exist - return the underlying 851 filesystem sd. 852 *******************************************************************/ 853 854 static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle, 855 files_struct *fsp, 856 const char *name, 857 uint32_t security_info, 858 TALLOC_CTX *mem_ctx, 859 struct security_descriptor **ppdesc) 860 { 861 DATA_BLOB blob = data_blob_null; 862 NTSTATUS status; 863 struct security_descriptor *psd = NULL; 864 bool psd_is_from_fs = false; 865 struct acl_common_config *config = NULL; 866 867 SMB_VFS_HANDLE_GET_DATA(handle, config, 868 struct acl_common_config, 869 return NT_STATUS_UNSUCCESSFUL); 870 871 if (fsp && name == NULL) { 872 name = fsp->fsp_name->base_name; 873 } 874 875 DBG_DEBUG("name=%s\n", name); 876 877 status = get_acl_blob(mem_ctx, handle, fsp, name, &blob); 878 if (NT_STATUS_IS_OK(status)) { 879 status = validate_nt_acl_blob(mem_ctx, 880 handle, 881 fsp, 882 name, 883 &blob, 884 &psd, 885 &psd_is_from_fs); 886 TALLOC_FREE(blob.data); 887 if (!NT_STATUS_IS_OK(status)) { 888 DBG_DEBUG("ACL validation for [%s] failed\n", 889 name); 890 goto fail; 891 } 892 } 565 893 566 894 if (psd == NULL) { … … 568 896 * blob for the hash, or the revision/hash type wasn't 569 897 * known */ 570 if (fsp) { 571 status = SMB_VFS_NEXT_FGET_NT_ACL(handle, 572 fsp, 573 security_info, 574 mem_ctx, 575 &pdesc_next); 898 899 if (config->ignore_system_acls) { 900 SMB_STRUCT_STAT sbuf; 901 SMB_STRUCT_STAT *psbuf = &sbuf; 902 903 status = stat_fsp_or_name(handle, fsp, name, 904 &sbuf, &psbuf); 905 if (!NT_STATUS_IS_OK(status)) { 906 goto fail; 907 } 908 909 status = make_default_filesystem_acl( 910 mem_ctx, 911 config, 912 name, 913 psbuf, 914 &psd); 915 if (!NT_STATUS_IS_OK(status)) { 916 goto fail; 917 } 576 918 } else { 577 status = SMB_VFS_NEXT_GET_NT_ACL(handle, 578 name, 579 security_info, 580 mem_ctx, 581 &pdesc_next); 582 } 583 584 if (!NT_STATUS_IS_OK(status)) { 585 DEBUG(10, ("get_nt_acl_internal: get_next_acl for file %s " 586 "returned %s\n", 587 name, 588 nt_errstr(status))); 589 TALLOC_FREE(frame); 590 return status; 591 } 592 593 /* Ensure we don't leak psd_next if we don't choose it. 594 * 595 * We don't allocate it onto frame as it is preferred not to 596 * steal from a talloc pool. 597 */ 598 talloc_steal(frame, pdesc_next); 599 psd = pdesc_next; 600 } 601 602 if (psd != pdesc_next) { 603 /* We're returning the blob, throw 604 * away the filesystem SD. */ 605 TALLOC_FREE(pdesc_next); 606 } else { 919 if (fsp) { 920 status = SMB_VFS_NEXT_FGET_NT_ACL(handle, 921 fsp, 922 security_info, 923 mem_ctx, 924 &psd); 925 } else { 926 status = SMB_VFS_NEXT_GET_NT_ACL(handle, 927 name, 928 security_info, 929 mem_ctx, 930 &psd); 931 } 932 933 if (!NT_STATUS_IS_OK(status)) { 934 DBG_DEBUG("get_next_acl for file %s " 935 "returned %s\n", name, 936 nt_errstr(status)); 937 goto fail; 938 } 939 940 psd_is_from_fs = true; 941 } 942 } 943 944 if (psd_is_from_fs) { 607 945 SMB_STRUCT_STAT sbuf; 608 946 SMB_STRUCT_STAT *psbuf = &sbuf; 609 947 bool is_directory = false; 948 610 949 /* 611 950 * We're returning the underlying ACL from the … … 613 952 * inheritable ACE entries we have to fake them. 614 953 */ 615 if (fsp) { 616 status = vfs_stat_fsp(fsp); 954 955 status = stat_fsp_or_name(handle, fsp, name, 956 &sbuf, &psbuf); 957 if (!NT_STATUS_IS_OK(status)) { 958 goto fail; 959 } 960 961 is_directory = S_ISDIR(psbuf->st_ex_mode); 962 963 if (is_directory && !sd_has_inheritable_components(psd, true)) { 964 status = add_directory_inheritable_components( 965 handle, 966 name, 967 psbuf, 968 psd); 617 969 if (!NT_STATUS_IS_OK(status)) { 618 TALLOC_FREE(frame); 619 return status; 970 goto fail; 620 971 } 621 psbuf = &fsp->fsp_name->st; 622 } else { 623 /* 624 * https://bugzilla.samba.org/show_bug.cgi?id=11249 625 * 626 * We are currently guaranteed that 'name' here is 627 * a smb_fname->base_name, which *cannot* contain 628 * a stream name (':'). vfs_stat_smb_fname() splits 629 * a name into a base name + stream name, which 630 * when we get here we know we've already done. 631 * So we have to call the stat or lstat VFS 632 * calls directly here. Else, a base_name that 633 * contains a ':' (from a demangled name) will 634 * get split again. 635 * 636 * FIXME. 637 * This uglyness will go away once smb_fname 638 * is fully plumbed through the VFS. 639 */ 640 int ret = vfs_stat_smb_basename(handle->conn, 641 name, 642 &sbuf); 643 if (ret == -1) { 644 TALLOC_FREE(frame); 645 return map_nt_error_from_unix(errno); 646 } 647 } 648 is_directory = S_ISDIR(psbuf->st_ex_mode); 649 650 if (ignore_file_system_acl) { 651 TALLOC_FREE(pdesc_next); 652 status = make_default_filesystem_acl(mem_ctx, 653 name, 654 psbuf, 655 &psd); 656 if (!NT_STATUS_IS_OK(status)) { 657 TALLOC_FREE(frame); 658 return status; 659 } 660 } else { 661 if (is_directory && 662 !sd_has_inheritable_components(psd, 663 true)) { 664 status = add_directory_inheritable_components( 665 handle, 666 name, 667 psbuf, 668 psd); 669 if (!NT_STATUS_IS_OK(status)) { 670 TALLOC_FREE(frame); 671 return status; 672 } 673 } 674 /* The underlying POSIX module always sets 675 the ~SEC_DESC_DACL_PROTECTED bit, as ACLs 676 can't be inherited in this way under POSIX. 677 Remove it for Windows-style ACLs. */ 678 psd->type &= ~SEC_DESC_DACL_PROTECTED; 679 } 972 } 973 974 /* 975 * The underlying POSIX module always sets the 976 * ~SEC_DESC_DACL_PROTECTED bit, as ACLs can't be inherited in 977 * this way under POSIX. Remove it for Windows-style ACLs. 978 */ 979 psd->type &= ~SEC_DESC_DACL_PROTECTED; 680 980 } 681 981 … … 695 995 } 696 996 697 TALLOC_FREE(blob.data);698 699 997 if (DEBUGLEVEL >= 10) { 700 DEBUG(10,("get_nt_acl_internal: returning acl for %s is:\n", 701 name )); 998 DBG_DEBUG("returning acl for %s is:\n", name); 702 999 NDR_PRINT_DEBUG(security_descriptor, psd); 703 1000 } 704 1001 705 /* The VFS API is that the ACL is expected to be on mem_ctx */ 706 *ppdesc = talloc_move(mem_ctx, &psd); 707 708 TALLOC_FREE(frame); 1002 *ppdesc = psd; 1003 709 1004 return NT_STATUS_OK; 1005 1006 fail: 1007 TALLOC_FREE(psd); 1008 return status; 710 1009 } 711 1010 … … 760 1059 } 761 1060 762 DEBUG(10, ("fset_nt_acl_common: overriding chown on file %s " 763 "for sid %s\n", 764 fsp_str_dbg(fsp), sid_string_tos(psd->owner_sid))); 1061 DBG_DEBUG("overriding chown on file %s for sid %s\n", 1062 fsp_str_dbg(fsp), sid_string_tos(psd->owner_sid)); 765 1063 766 1064 /* Ok, we failed to chown and we have … … 785 1083 786 1084 if (DEBUGLEVEL >= 10) { 787 D EBUG(10, ("fset_nt_acl_xattr:storing xattr sd for file %s\n",788 fsp_str_dbg(fsp)));1085 DBG_DEBUG("storing xattr sd for file %s\n", 1086 fsp_str_dbg(fsp)); 789 1087 NDR_PRINT_DEBUG( 790 1088 security_descriptor, … … 792 1090 793 1091 if (pdesc_next != NULL) { 794 DEBUG(10, ("fset_nt_acl_xattr: storing has in xattr sd " 795 "based on \n")); 1092 DBG_DEBUG("storing xattr sd based on \n"); 796 1093 NDR_PRINT_DEBUG( 797 1094 security_descriptor, … … 799 1096 pdesc_next)); 800 1097 } else { 801 DEBUG(10, 802 ("fset_nt_acl_xattr: ignoring underlying sd\n")); 1098 DBG_DEBUG("ignoring underlying sd\n"); 803 1099 } 804 1100 } 805 1101 status = create_acl_blob(psd, &blob, XATTR_SD_HASH_TYPE_SHA256, hash); 806 1102 if (!NT_STATUS_IS_OK(status)) { 807 D EBUG(10, ("fset_nt_acl_xattr: create_acl_blob failed\n"));1103 DBG_DEBUG("create_acl_blob failed\n"); 808 1104 return status; 809 1105 } … … 834 1130 835 1131 if (DEBUGLEVEL >= 10) { 836 DEBUG(10,("fset_nt_acl_xattr: incoming sd for file %s\n", 837 fsp_str_dbg(fsp))); 1132 DBG_DEBUG("incoming sd for file %s\n", fsp_str_dbg(fsp)); 838 1133 NDR_PRINT_DEBUG(security_descriptor, 839 1134 discard_const_p(struct security_descriptor, orig_psd)); … … 953 1248 954 1249 if (DEBUGLEVEL >= 10) { 955 D EBUG(10,("fset_nt_acl_xattr:storing xattr sd for file %s based on system ACL\n",956 fsp_str_dbg(fsp)) );1250 DBG_DEBUG("storing xattr sd for file %s based on system ACL\n", 1251 fsp_str_dbg(fsp)); 957 1252 NDR_PRINT_DEBUG(security_descriptor, 958 1253 discard_const_p(struct security_descriptor, psd)); 959 1254 960 D EBUG(10,("fset_nt_acl_xattr: storing hash in xattr sd based on system ACL and:\n"));1255 DBG_DEBUG("storing hash in xattr sd based on system ACL and:\n"); 961 1256 NDR_PRINT_DEBUG(security_descriptor, 962 1257 discard_const_p(struct security_descriptor, pdesc_next)); … … 970 1265 sys_acl_description, sys_acl_hash); 971 1266 if (!NT_STATUS_IS_OK(status)) { 972 D EBUG(10, ("fset_nt_acl_xattr: create_sys_acl_blob failed\n"));1267 DBG_DEBUG("create_sys_acl_blob failed\n"); 973 1268 TALLOC_FREE(frame); 974 1269 return status; … … 1007 1302 } 1008 1303 1009 DEBUG(10,("acl_common_remove_object: removing %s %s/%s\n", 1010 is_directory ? "directory" : "file", 1011 parent_dir, final_component )); 1304 DBG_DEBUG("removing %s %s/%s\n", is_directory ? "directory" : "file", 1305 parent_dir, final_component); 1012 1306 1013 1307 /* cd into the parent dir to pin it. */ … … 1042 1336 1043 1337 if (!fsp) { 1044 DEBUG(10,("acl_common_remove_object: %s %s/%s " 1045 "not an open file\n", 1046 is_directory ? "directory" : "file", 1047 parent_dir, final_component )); 1338 DBG_DEBUG("%s %s/%s not an open file\n", 1339 is_directory ? "directory" : "file", 1340 parent_dir, final_component); 1048 1341 saved_errno = EACCES; 1049 1342 goto out; … … 1093 1386 } 1094 1387 1095 DEBUG(10,("rmdir_acl_common: unlink of %s failed %s\n", 1096 path, 1097 strerror(errno) )); 1388 DBG_DEBUG("unlink of %s failed %s\n", path, strerror(errno)); 1098 1389 return -1; 1099 1390 } … … 1122 1413 } 1123 1414 1124 D EBUG(10,("unlink_acl_common:unlink of %s failed %s\n",1125 smb_fname->base_name,1126 strerror(errno)));1415 DBG_DEBUG("unlink of %s failed %s\n", 1416 smb_fname->base_name, 1417 strerror(errno)); 1127 1418 return -1; 1128 1419 } -
vendor/current/source3/modules/vfs_acl_tdb.c
r988 r989 306 306 { 307 307 int ret = SMB_VFS_NEXT_CONNECT(handle, service, user); 308 bool ok; 309 struct acl_common_config *config = NULL; 308 310 309 311 if (ret < 0) { … … 313 315 if (!acl_tdb_init()) { 314 316 SMB_VFS_NEXT_DISCONNECT(handle); 317 return -1; 318 } 319 320 ok = init_acl_common_config(handle); 321 if (!ok) { 322 DBG_ERR("init_acl_common_config failed\n"); 315 323 return -1; 316 324 } … … 326 334 lp_do_parameter(SNUM(handle->conn), "dos filemode", "true"); 327 335 lp_do_parameter(SNUM(handle->conn), "force unknown acl user", "true"); 336 337 SMB_VFS_HANDLE_GET_DATA(handle, config, 338 struct acl_common_config, 339 return -1); 340 341 if (config->ignore_system_acls) { 342 DBG_NOTICE("setting 'create mask = 0666', " 343 "'directory mask = 0777', " 344 "'store dos attributes = yes' and all " 345 "'map ...' options to 'no'\n"); 346 347 lp_do_parameter(SNUM(handle->conn), "create mask", "0666"); 348 lp_do_parameter(SNUM(handle->conn), "directory mask", "0777"); 349 lp_do_parameter(SNUM(handle->conn), "map archive", "no"); 350 lp_do_parameter(SNUM(handle->conn), "map hidden", "no"); 351 lp_do_parameter(SNUM(handle->conn), "map readonly", "no"); 352 lp_do_parameter(SNUM(handle->conn), "map system", "no"); 353 lp_do_parameter(SNUM(handle->conn), "store dos attributes", 354 "yes"); 355 } 328 356 329 357 return 0; -
vendor/current/source3/modules/vfs_acl_xattr.c
r988 r989 181 181 { 182 182 int ret = SMB_VFS_NEXT_CONNECT(handle, service, user); 183 bool ok; 184 struct acl_common_config *config = NULL; 183 185 184 186 if (ret < 0) { 185 187 return ret; 188 } 189 190 ok = init_acl_common_config(handle); 191 if (!ok) { 192 DBG_ERR("init_acl_common_config failed\n"); 193 return -1; 186 194 } 187 195 … … 196 204 lp_do_parameter(SNUM(handle->conn), "dos filemode", "true"); 197 205 lp_do_parameter(SNUM(handle->conn), "force unknown acl user", "true"); 206 207 SMB_VFS_HANDLE_GET_DATA(handle, config, 208 struct acl_common_config, 209 return -1); 210 211 if (config->ignore_system_acls) { 212 DBG_NOTICE("setting 'create mask = 0666', " 213 "'directory mask = 0777', " 214 "'store dos attributes = yes' and all " 215 "'map ...' options to 'no'\n"); 216 217 lp_do_parameter(SNUM(handle->conn), "create mask", "0666"); 218 lp_do_parameter(SNUM(handle->conn), "directory mask", "0777"); 219 lp_do_parameter(SNUM(handle->conn), "map archive", "no"); 220 lp_do_parameter(SNUM(handle->conn), "map hidden", "no"); 221 lp_do_parameter(SNUM(handle->conn), "map readonly", "no"); 222 lp_do_parameter(SNUM(handle->conn), "map system", "no"); 223 lp_do_parameter(SNUM(handle->conn), "store dos attributes", 224 "yes"); 225 } 198 226 199 227 return 0; -
vendor/current/source3/modules/vfs_ceph.c
r988 r989 818 818 819 819 /* available disk space is enough or not? */ 820 space_avail = get_dfree_info(fsp->conn, 821 fsp->fsp_name->base_name, 822 &bsize, &dfree, &dsize); 820 space_avail = 821 get_dfree_info(fsp->conn, fsp->fsp_name, &bsize, &dfree, &dsize); 823 822 /* space_avail is 1k blocks */ 824 823 if (space_avail == (uint64_t)-1 || -
vendor/current/source3/modules/vfs_default.c
r988 r989 1921 1921 1922 1922 /* available disk space is enough or not? */ 1923 space_avail = get_dfree_info(fsp->conn, 1924 fsp->fsp_name->base_name, 1925 &bsize, &dfree, &dsize); 1923 space_avail = 1924 get_dfree_info(fsp->conn, fsp->fsp_name, &bsize, &dfree, &dsize); 1926 1925 /* space_avail is 1k blocks */ 1927 1926 if (space_avail == (uint64_t)-1 || -
vendor/current/source3/modules/vfs_fake_dfq.c
r988 r989 111 111 (unsigned long long)id.gid); 112 112 break; 113 case SMB_USER_FS_QUOTA_TYPE: 114 section = talloc_strdup(talloc_tos(), "udflt"); 115 break; 116 case SMB_GROUP_FS_QUOTA_TYPE: 117 section = talloc_strdup(talloc_tos(), "gdflt"); 118 break; 113 119 default: 114 120 break; … … 119 125 } 120 126 121 bsize = dfq_load_param(snum, rpath, section, "block size", 0);127 bsize = dfq_load_param(snum, rpath, section, "block size", 4096); 122 128 if (bsize == 0) { 123 129 goto dflt; … … 126 132 if (dfq_load_param(snum, rpath, section, "err", 0) != 0) { 127 133 errno = ENOTSUP; 134 rc = -1; 135 goto out; 136 } 137 138 if (dfq_load_param(snum, rpath, section, "nosys", 0) != 0) { 139 errno = ENOSYS; 128 140 rc = -1; 129 141 goto out; … … 141 153 dfq_load_param(snum, rpath, section, "inode soft limit", 0); 142 154 qt->curinodes = dfq_load_param(snum, rpath, section, "cur inodes", 0); 155 qt->qflags = dfq_load_param(snum, rpath, section, "qflags", QUOTAS_DENY_DISK); 143 156 144 157 if (dfq_load_param(snum, rpath, section, "edquot", 0) != 0) { -
vendor/current/source3/modules/vfs_fruit.c
r988 r989 133 133 bool copyfile_enabled; 134 134 bool veto_appledouble; 135 bool posix_rename; 135 136 136 137 /* … … 1356 1357 "copyfile", false); 1357 1358 1359 config->posix_rename = lp_parm_bool( 1360 SNUM(handle->conn), FRUIT_PARAM_TYPE_NAME, "posix_rename", true); 1361 1358 1362 config->readdir_attr_rsize = lp_parm_bool( 1359 1363 SNUM(handle->conn), "readdir_attr", "aapl_rsize", true); … … 3428 3432 } 3429 3433 3430 if ( fsp->is_directory) {3434 if (config->posix_rename && fsp->is_directory) { 3431 3435 /* 3432 3436 * Enable POSIX directory rename behaviour -
vendor/current/source3/modules/vfs_glusterfs.c
r988 r989 42 42 #include "lib/util/dlinklist.h" 43 43 #include "lib/util/tevent_unix.h" 44 #include "lib/tevent/tevent_internal.h"45 44 #include "smbd/globals.h" 46 45 #include "lib/util/sys_rw.h" … … 224 223 DEBUG(0, ("%s: Failed to set xlator option:" 225 224 " snapdir-entry-path\n", volume)); 226 glfs_fini(fs); 227 return -1; 225 goto done; 228 226 } 229 227 -
vendor/current/source3/modules/vfs_shadow_copy2.c
r988 r989 1793 1793 char *tmp = NULL; 1794 1794 char *result = NULL; 1795 char *parent_dir = NULL; 1795 1796 int saved_errno; 1796 1797 size_t rootpath_len = 0; … … 1809 1810 &rootpath_len); 1810 1811 if (tmp == NULL) { 1811 goto done; 1812 if (errno != ENOENT) { 1813 goto done; 1814 } 1815 1816 /* 1817 * If the converted path does not exist, and converting 1818 * the parent yields something that does exist, then 1819 * this path refers to something that has not been 1820 * created yet, relative to the parent path. 1821 * The snapshot finding is relative to the parent. 1822 * (usually snapshots are read/only but this is not 1823 * necessarily true). 1824 * This code also covers getting a wildcard in the 1825 * last component, because this function is called 1826 * prior to sanitizing the path, and in SMB1 we may 1827 * get wildcards in path names. 1828 */ 1829 if (!parent_dirname(talloc_tos(), stripped, &parent_dir, 1830 NULL)) { 1831 errno = ENOMEM; 1832 goto done; 1833 } 1834 1835 tmp = shadow_copy2_do_convert(talloc_tos(), handle, parent_dir, 1836 timestamp, &rootpath_len); 1837 if (tmp == NULL) { 1838 goto done; 1839 } 1812 1840 } 1813 1841 … … 1827 1855 TALLOC_FREE(tmp); 1828 1856 TALLOC_FREE(stripped); 1857 TALLOC_FREE(parent_dir); 1829 1858 errno = saved_errno; 1830 1859 return result; -
vendor/current/source3/nmbd/nmbd_packets.c
r988 r989 1684 1684 enum packet_type type; 1685 1685 bool broadcast; 1686 int fd; 1687 bool triggered; 1686 1688 }; 1687 1689 1688 static bool create_listen_pollfds(struct pollfd **pfds, 1689 struct socket_attributes **pattrs, 1690 static bool create_listen_array(struct socket_attributes **pattrs, 1690 1691 int *pnum_sockets) 1691 1692 { … … 1693 1694 int count = 0; 1694 1695 int num = 0; 1695 struct pollfd *fds;1696 1696 struct socket_attributes *attrs; 1697 1697 … … 1717 1717 } 1718 1718 1719 fds = talloc_zero_array(NULL, struct pollfd, count);1720 if ( fds == NULL) {1721 DEBUG(1, (" create_listen_pollfds: malloc fail for fds. "1719 attrs = talloc_zero_array(NULL, struct socket_attributes, count); 1720 if (attrs == NULL) { 1721 DEBUG(1, ("talloc fail for attrs. " 1722 1722 "size %d\n", count)); 1723 1723 return true; 1724 1724 } 1725 1725 1726 attrs = talloc_array(NULL, struct socket_attributes, count);1727 if (fds == NULL) {1728 DEBUG(1, ("create_listen_pollfds: malloc fail for attrs. "1729 "size %d\n", count));1730 TALLOC_FREE(fds);1731 return true;1732 }1733 1734 1726 num = 0; 1735 1727 1736 fds[num].fd = ClientNMB;1728 attrs[num].fd = ClientNMB; 1737 1729 attrs[num].type = NMB_PACKET; 1738 1730 attrs[num].broadcast = false; 1739 1731 num += 1; 1740 1732 1741 fds[num].fd = ClientDGRAM;1733 attrs[num].fd = ClientDGRAM; 1742 1734 attrs[num].type = DGRAM_PACKET; 1743 1735 attrs[num].broadcast = false; … … 1747 1739 1748 1740 if (subrec->nmb_sock != -1) { 1749 fds[num].fd = subrec->nmb_sock;1741 attrs[num].fd = subrec->nmb_sock; 1750 1742 attrs[num].type = NMB_PACKET; 1751 1743 attrs[num].broadcast = false; … … 1754 1746 1755 1747 if (subrec->nmb_bcast != -1) { 1756 fds[num].fd = subrec->nmb_bcast;1748 attrs[num].fd = subrec->nmb_bcast; 1757 1749 attrs[num].type = NMB_PACKET; 1758 1750 attrs[num].broadcast = true; … … 1761 1753 1762 1754 if (subrec->dgram_sock != -1) { 1763 fds[num].fd = subrec->dgram_sock;1755 attrs[num].fd = subrec->dgram_sock; 1764 1756 attrs[num].type = DGRAM_PACKET; 1765 1757 attrs[num].broadcast = false; … … 1768 1760 1769 1761 if (subrec->dgram_bcast != -1) { 1770 fds[num].fd = subrec->dgram_bcast;1762 attrs[num].fd = subrec->dgram_bcast; 1771 1763 attrs[num].type = DGRAM_PACKET; 1772 1764 attrs[num].broadcast = true; … … 1774 1766 } 1775 1767 } 1776 1777 TALLOC_FREE(*pfds);1778 *pfds = fds;1779 1768 1780 1769 TALLOC_FREE(*pattrs); … … 1865 1854 1866 1855 /**************************************************************************** 1856 Timeout callback - just notice we timed out. 1857 ***************************************************************************/ 1858 1859 static void nmbd_timeout_handler(struct tevent_context *ev, 1860 struct tevent_timer *te, 1861 struct timeval current_time, 1862 void *private_data) 1863 { 1864 bool *got_timeout = private_data; 1865 *got_timeout = true; 1866 } 1867 1868 /**************************************************************************** 1869 fd callback - remember the fd that triggered. 1870 ***************************************************************************/ 1871 1872 static void nmbd_fd_handler(struct tevent_context *ev, 1873 struct tevent_fd *fde, 1874 uint16_t flags, 1875 void *private_data) 1876 { 1877 struct socket_attributes *attr = private_data; 1878 attr->triggered = true; 1879 } 1880 1881 /**************************************************************************** 1867 1882 Listens for NMB or DGRAM packets, and queues them. 1868 1883 return True if the socket is dead … … 1871 1886 bool listen_for_packets(struct messaging_context *msg, bool run_election) 1872 1887 { 1873 static struct pollfd *fds = NULL;1874 1888 static struct socket_attributes *attrs = NULL; 1875 1889 static int listen_number = 0; 1876 1890 int num_sockets; 1877 1891 int i; 1878 1879 int pollrtn;1880 int timeout; 1892 int loop_rtn; 1893 int timeout_secs; 1894 1881 1895 #ifndef SYNC_DNS 1882 1896 int dns_fd; … … 1884 1898 #endif 1885 1899 struct processed_packet *processed_packet_list = NULL; 1886 1887 if ((fds == NULL) || rescan_listen_set) { 1888 if (create_listen_pollfds(&fds, &attrs, &listen_number)) { 1900 struct tevent_timer *te = NULL; 1901 bool got_timeout = false; 1902 TALLOC_CTX *frame = talloc_stackframe(); 1903 1904 if ((attrs == NULL) || rescan_listen_set) { 1905 if (create_listen_array(&attrs, &listen_number)) { 1889 1906 DEBUG(0,("listen_for_packets: Fatal error. unable to create listen set. Exiting.\n")); 1907 TALLOC_FREE(frame); 1890 1908 return True; 1891 1909 } … … 1893 1911 } 1894 1912 1895 /*1896 * "fds" can be enlarged by event_add_to_poll_args1897 * below. Shrink it again to what was given to us by1898 * create_listen_pollfds.1899 */1900 1901 fds = talloc_realloc(NULL, fds, struct pollfd, listen_number);1902 if (fds == NULL) {1903 return true;1904 }1905 1913 num_sockets = listen_number; 1906 1914 … … 1908 1916 dns_fd = asyncdns_fd(); 1909 1917 if (dns_fd != -1) { 1910 fds = talloc_realloc(NULL, fds, struct pollfd, num_sockets+1); 1911 if (fds == NULL) { 1918 attrs = talloc_realloc(NULL, 1919 attrs, 1920 struct socket_attributes, 1921 num_sockets + 1); 1922 if (attrs == NULL) { 1923 TALLOC_FREE(frame); 1912 1924 return true; 1913 1925 } 1914 1926 dns_pollidx = num_sockets; 1915 fds[num_sockets].fd = dns_fd; 1927 attrs[dns_pollidx].fd = dns_fd; 1928 /* 1929 * dummy values, we only need 1930 * fd and triggered. 1931 */ 1932 attrs[dns_pollidx].type = NMB_PACKET; 1933 attrs[dns_pollidx].broadcast = false; 1916 1934 num_sockets += 1; 1917 1935 } … … 1919 1937 1920 1938 for (i=0; i<num_sockets; i++) { 1921 fds[i].events = POLLIN|POLLHUP; 1922 } 1923 1924 /* Process a signal and timer events now... */ 1925 if (run_events_poll(nmbd_event_context(), 0, NULL, 0)) { 1926 return False; 1939 struct tevent_fd *tfd = tevent_add_fd(nmbd_event_context(), 1940 frame, 1941 attrs[i].fd, 1942 TEVENT_FD_READ, 1943 nmbd_fd_handler, 1944 &attrs[i]); 1945 if (tfd == NULL) { 1946 TALLOC_FREE(frame); 1947 return true; 1948 } 1949 attrs[i].triggered = false; 1927 1950 } 1928 1951 … … 1934 1957 */ 1935 1958 1936 timeout = ((run_election||num_response_packets) 1937 ? 1 : NMBD_SELECT_LOOP) * 1000; 1938 1939 event_add_to_poll_args(nmbd_event_context(), NULL, 1940 &fds, &num_sockets, &timeout); 1941 1942 pollrtn = poll(fds, num_sockets, timeout); 1943 1944 if (run_events_poll(nmbd_event_context(), pollrtn, fds, num_sockets)) { 1945 return False; 1946 } 1947 1948 if (pollrtn == -1) { 1949 return False; 1959 if (run_election||num_response_packets) { 1960 timeout_secs = 1; 1961 } else { 1962 timeout_secs = NMBD_SELECT_LOOP; 1963 } 1964 1965 te = tevent_add_timer(nmbd_event_context(), 1966 frame, 1967 tevent_timeval_current_ofs(timeout_secs, 0), 1968 nmbd_timeout_handler, 1969 &got_timeout); 1970 if (te == NULL) { 1971 TALLOC_FREE(frame); 1972 return true; 1973 } 1974 1975 loop_rtn = tevent_loop_once(nmbd_event_context()); 1976 1977 if (loop_rtn == -1) { 1978 TALLOC_FREE(frame); 1979 return true; 1980 } 1981 1982 if (got_timeout) { 1983 TALLOC_FREE(frame); 1984 return false; 1950 1985 } 1951 1986 1952 1987 #ifndef SYNC_DNS 1953 1988 if ((dns_fd != -1) && (dns_pollidx != -1) && 1954 (fds[dns_pollidx].revents & (POLLIN|POLLHUP|POLLERR))){1989 attrs[dns_pollidx].triggered){ 1955 1990 run_dns_queue(msg); 1991 TALLOC_FREE(frame); 1992 return false; 1956 1993 } 1957 1994 #endif … … 1964 2001 int client_port; 1965 2002 1966 if ( (fds[i].revents & (POLLIN|POLLHUP|POLLERR)) == 0) {2003 if (!attrs[i].triggered) { 1967 2004 continue; 1968 2005 } … … 1982 2019 } 1983 2020 1984 packet = read_packet( fds[i].fd, packet_type);2021 packet = read_packet(attrs[i].fd, packet_type); 1985 2022 if (!packet) { 1986 2023 continue; … … 1992 2029 */ 1993 2030 if (lp_bind_interfaces_only() && 1994 ( fds[i].fd == client_fd) &&2031 (attrs[i].fd == client_fd) && 1995 2032 (!is_local_net_v4(packet->ip))) { 1996 2033 DEBUG(7,("discarding %s packet sent to broadcast socket from %s:%d\n", … … 2031 2068 if (attrs[i].broadcast) { 2032 2069 /* this is a broadcast socket */ 2033 packet->send_fd = fds[i-1].fd;2070 packet->send_fd = attrs[i-1].fd; 2034 2071 } else { 2035 2072 /* this is already a unicast socket */ 2036 packet->send_fd = fds[i].fd;2073 packet->send_fd = attrs[i].fd; 2037 2074 } 2038 2075 … … 2041 2078 2042 2079 free_processed_packet_list(&processed_packet_list); 2080 TALLOC_FREE(frame); 2043 2081 return False; 2044 2082 } -
vendor/current/source3/param/loadparm.c
r988 r989 872 872 Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL); 873 873 874 Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc spoolssdrsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);874 Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL); 875 875 876 876 Globals.tls_enabled = true; … … 4338 4338 4339 4339 /******************************************************************* 4340 Change everything needed to ensure POSIX pathname processing (currently 4341 not much). 4340 Set posix pathnames to new value. Returns old value. 4342 4341 ********************************************************************/ 4343 4342 4344 void lp_set_posix_pathnames(void) 4345 { 4346 posix_pathnames = true; 4343 bool lp_set_posix_pathnames(bool newval) 4344 { 4345 bool oldval = posix_pathnames; 4346 posix_pathnames = newval; 4347 return oldval; 4347 4348 } 4348 4349 -
vendor/current/source3/passdb/pdb_ldap.c
r988 r989 1006 1006 "gecos", 1007 1007 ctx); 1008 if (unix_pw.pw_gecos ) {1008 if (unix_pw.pw_gecos == NULL) { 1009 1009 unix_pw.pw_gecos = fullname; 1010 1010 } … … 1014 1014 "homeDirectory", 1015 1015 ctx); 1016 if (unix_pw.pw_dir ) {1016 if (unix_pw.pw_dir == NULL) { 1017 1017 unix_pw.pw_dir = discard_const_p(char, ""); 1018 1018 } … … 1022 1022 "loginShell", 1023 1023 ctx); 1024 if (unix_pw.pw_shell ) {1024 if (unix_pw.pw_shell == NULL) { 1025 1025 unix_pw.pw_shell = discard_const_p(char, ""); 1026 1026 } -
vendor/current/source3/printing/nt_printing_migrate.c
r988 r989 4 4 * 5 5 * Copyright (c) Andreas Schneider 2010. 6 * Copyright (C) Bjoern Baumbach <bb@sernet.de> 2011 6 7 * 7 8 * This program is free software; you can redistribute it and/or modify … … 28 29 #include "rpc_client/cli_winreg_spoolss.h" 29 30 31 static const char *driver_file_basename(const char *file) 32 { 33 const char *basefile; 34 35 basefile = strrchr(file, '\\'); 36 if (basefile == NULL) { 37 basefile = file; 38 } else { 39 basefile++; 40 } 41 42 return basefile; 43 } 44 30 45 NTSTATUS printing_tdb_migrate_form(TALLOC_CTX *mem_ctx, 31 46 struct rpc_pipe_client *winreg_pipe, … … 102 117 const char *driver_name; 103 118 uint32_t driver_version; 119 int i; 104 120 105 121 blob = data_blob_const(data, length); … … 124 140 ZERO_STRUCT(a); 125 141 142 /* remove paths from file names */ 143 if (r.dependent_files != NULL) { 144 for (i = 0 ; r.dependent_files[i] != NULL; i++) { 145 r.dependent_files[i] = driver_file_basename(r.dependent_files[i]); 146 } 147 } 126 148 a.string = r.dependent_files; 149 150 r.driverpath = driver_file_basename(r.driverpath); 151 r.configfile = driver_file_basename(r.configfile); 152 r.datafile = driver_file_basename(r.datafile); 153 r.helpfile = driver_file_basename(r.helpfile); 127 154 128 155 d3.architecture = r.environment; -
vendor/current/source3/rpc_client/cli_winreg_spoolss.c
r988 r989 530 530 char *str; 531 531 532 /* FIXME: check format is right, 533 * this needs to be something like: 6.1.7600.16385 */ 532 /* 533 * this needs to be something like: 6.1.7600.16385 534 */ 534 535 str = talloc_asprintf(mem_ctx, "%u.%u.%u.%u", 535 536 (unsigned)((data >> 48) & 0xFFFF), … … 575 576 ((uint64_t)(v2 & 0xFFFF) << 32) + 576 577 ((uint64_t)(v3 & 0xFFFF) << 16) + 577 (uint64_t)(v 2& 0xFFFF);578 (uint64_t)(v4 & 0xFFFF); 578 579 579 580 return WERR_OK; -
vendor/current/source3/rpc_server/mdssd.c
r988 r989 668 668 } 669 669 670 status = reinit_after_fork(msg_ctx, ev_ctx, true, "mdssd-master");670 status = smbd_reinit_after_fork(msg_ctx, ev_ctx, true, "mdssd-master"); 671 671 if (!NT_STATUS_IS_OK(status)) { 672 672 DEBUG(0,("reinit_after_fork() failed\n")); -
vendor/current/source3/rpc_server/mdssvc/mdssvc.c
r988 r989 1784 1784 1785 1785 /** 1786 * Init callbacks at startup , nothing to do here really1786 * Init callbacks at startup 1787 1787 **/ 1788 1788 bool mds_init(struct messaging_context *msg_ctx) 1789 1789 { 1790 #if (GLIB_MAJOR_VERSION < 3) && (GLIB_MINOR_VERSION < 36) 1791 g_type_init(); 1792 #endif 1790 1793 return true; 1791 1794 } -
vendor/current/source3/rpc_server/mdssvc/sparql_parser.c
r988 r989 242 242 243 243 #ifndef YY_ATTRIBUTE 244 # if (defined __GNUC__ \ 245 && (2 < __GNUC__ || (__GNUC__ == 2 && 96 <= __GNUC_MINOR__))) \ 246 || defined __SUNPRO_C && 0x5110 <= __SUNPRO_C 244 # if HAVE___ATTRIBUTE__ 247 245 # define YY_ATTRIBUTE(Spec) __attribute__(Spec) 248 246 # else -
vendor/current/source3/rpc_server/rpc_ncacn_np.c
r988 r989 710 710 } 711 711 712 ev_ctx = s 3_tevent_context_init(tmp_ctx);712 ev_ctx = samba_tevent_context_init(tmp_ctx); 713 713 if (ev_ctx == NULL) { 714 DEBUG(0, ("s 3_tevent_context_init failed\n"));714 DEBUG(0, ("samba_tevent_context_init failed\n")); 715 715 status = NT_STATUS_NO_MEMORY; 716 716 goto out; … … 818 818 } 819 819 820 ev = s 3_tevent_context_init(talloc_tos());820 ev = samba_tevent_context_init(talloc_tos()); 821 821 if (ev == NULL) { 822 DEBUG(0, ("s 3_tevent_context_init failed\n"));822 DEBUG(0, ("samba_tevent_context_init failed\n")); 823 823 goto fail; 824 824 } -
vendor/current/source3/rpc_server/spoolss/srv_spoolss_nt.c
r988 r989 705 705 if (!found) { 706 706 gencache_set(cache_key, printer_not_found, 707 time _mono(NULL) + 300);707 time(NULL) + 300); 708 708 TALLOC_FREE(cache_key); 709 709 DEBUGADD(4,("Printer not found\n")); … … 711 711 } 712 712 713 gencache_set(cache_key, sname, time _mono(NULL) + 300);713 gencache_set(cache_key, sname, time(NULL) + 300); 714 714 TALLOC_FREE(cache_key); 715 715 -
vendor/current/source3/rpcclient/rpcclient.c
r988 r989 905 905 char *user, *domain, *q; 906 906 const char *host; 907 int signing_state = SMB_SIGNING_IPC_DEFAULT; 907 908 908 909 /* make sure the vars that get altered (4th field) are in … … 1078 1079 } 1079 1080 1081 signing_state = get_cmdline_auth_info_signing_state(rpcclient_auth_info); 1082 switch (signing_state) { 1083 case SMB_SIGNING_OFF: 1084 lp_set_cmdline("client ipc signing", "no"); 1085 break; 1086 case SMB_SIGNING_REQUIRED: 1087 lp_set_cmdline("client ipc signing", "required"); 1088 break; 1089 } 1090 1080 1091 if (get_cmdline_auth_info_use_kerberos(rpcclient_auth_info)) { 1081 1092 flags |= CLI_FULL_CONNECTION_USE_KERBEROS | … … 1084 1095 if (get_cmdline_auth_info_use_ccache(rpcclient_auth_info)) { 1085 1096 flags |= CLI_FULL_CONNECTION_USE_CCACHE; 1097 } 1098 if (get_cmdline_auth_info_use_pw_nt_hash(rpcclient_auth_info)) { 1099 flags |= CLI_FULL_CONNECTION_USE_NT_HASH; 1086 1100 } 1087 1101 … … 1105 1119 get_cmdline_auth_info_password(rpcclient_auth_info), 1106 1120 flags, 1107 get_cmdline_auth_info_signing_state(rpcclient_auth_info));1121 SMB_SIGNING_IPC_DEFAULT); 1108 1122 1109 1123 if (!NT_STATUS_IS_OK(nt_status)) { -
vendor/current/source3/script/tests/test_dfree_quota.sh
r988 r989 6 6 if [ $# -lt 6 ]; then 7 7 cat <<EOF 8 Usage: test_dfree_quota.sh SERVER DOMAIN USERNAME PASSWORD LOCAL_PATH SMBCLIENT SMBCQUOTAS 8 Usage: test_dfree_quota.sh SERVER DOMAIN USERNAME PASSWORD LOCAL_PATH SMBCLIENT SMBCQUOTAS SMBCACLS 9 9 EOF 10 10 exit 1; … … 19 19 smbclient=$6 20 20 smbcquotas=$7 21 shift 7 21 smbcacls=$8 22 shift 8 22 23 failed=0 23 24 … … 36 37 uid=$(id -u $USERNAME) 37 38 gid=$(id -g $USERNAME) 39 uid1=$(id -u user1) 40 uid2=$(id -u user2) 38 41 cat <<ABC 39 42 conf1:df:block size = 512:disk free = 10:disk size = 20 … … 65 68 trygrp2:u$uid:block size = 4096:hard limit = 0:soft limit = 0:cur blocks = 41 66 69 trygrp2:g$gid:block size = 4096:hard limit = 60:soft limit = 60:cur blocks = 56 70 notenforce:df:block size = 4096:disk free = 10:disk size = 80 71 notenforce:u$uid:block size = 4096:hard limit = 40:soft limit = 40:cur blocks = 37 72 notenforce:udflt:block size = 4096:qflags = 0 73 nfs:df:block size = 4096:disk free = 10:disk size = 80 74 nfs:u$uid:block size = 4096:hard limit = 40:soft limit = 40:cur blocks = 37 75 nfs:udflt:nosys = 1 76 confdfqp:df:block size = 4096:disk free = 10:disk size = 80 77 confdfqp:u$uid1:block size = 4096:hard limit = 40:soft limit = 40:cur blocks = 36 78 confdfqp:u$uid2:block size = 4096:hard limit = 41:soft limit = 41:cur blocks = 36 67 79 ABC 68 80 } … … 94 106 test_smbclient_dfree() { 95 107 name="$1" 96 dir="$2" 97 confs="$3" 98 expected="$4" 99 shift 108 share="$2" 109 dir="$3" 110 confs="$4" 111 expected="$5" 112 shift 100 113 shift 101 114 shift … … 103 116 subunit_start_test "$name" 104 117 setup_conf $confs 105 output=$($VALGRIND $smbclient //$SERVER/dfq-c "cd $dir; l" $@ 2>&1)118 output=$($VALGRIND $smbclient //$SERVER/$share -c "cd $dir; l" $@ 2>&1) 106 119 status=$? 107 120 if [ "$status" = "0" ]; then … … 145 158 146 159 #basic disk-free tests 147 test_smbclient_dfree "Test dfree share root SMB3 no quota" "." "conf1 ." "10 1024. 5" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1`148 test_smbclient_dfree "Test dfree subdir SMB3 no quota" "subdir1" "conf1 . conf2 subdir1" "20 1024. 10" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1`149 test_smbclient_dfree "Test dfree subdir NT1 no quota" "subdir1" "conf1 . conf2 subdir1" "10 1024. 5" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=NT1 || failed=`expr $failed + 1`150 test_smbclient_dfree "Test large disk" "." "conf3 ." "1125899906842624 1024. 3000" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1`160 test_smbclient_dfree "Test dfree share root SMB3 no quota" dfq "." "conf1 ." "10 1024. 5" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 161 test_smbclient_dfree "Test dfree subdir SMB3 no quota" dfq "subdir1" "conf1 . conf2 subdir1" "20 1024. 10" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 162 test_smbclient_dfree "Test dfree subdir NT1 no quota" dfq "subdir1" "conf1 . conf2 subdir1" "10 1024. 5" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=NT1 || failed=`expr $failed + 1` 163 test_smbclient_dfree "Test large disk" dfq "." "conf3 ." "1125899906842624 1024. 3000" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 151 164 #basic quota test (SMB1 only) 152 165 test_smbcquotas "Test user quota" confq1 $USERNAME "40960/4096000/3072000" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=NT1 || failed=`expr $failed + 1` 153 166 154 167 #quota limit > disk size, remaining quota > disk free 155 test_smbclient_dfree "Test dfree share root df vs quota case 1" "." "confdfq1 ." "80 1024. 40" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1`168 test_smbclient_dfree "Test dfree share root df vs quota case 1" dfq "." "confdfq1 ." "80 1024. 40" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 156 169 #quota limit > disk size, remaining quota < disk free 157 test_smbclient_dfree "Test dfree share root df vs quota case 2" "." "confdfq2 ." "80 1024. 12" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1`170 test_smbclient_dfree "Test dfree share root df vs quota case 2" dfq "." "confdfq2 ." "80 1024. 12" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 158 171 #quota limit < disk size, remaining quota > disk free 159 test_smbclient_dfree "Test dfree share root df vs quota case 3" "." "confdfq3 ." "160 1024. 40" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1`172 test_smbclient_dfree "Test dfree share root df vs quota case 3" dfq "." "confdfq3 ." "160 1024. 40" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 160 173 #quota limit < disk size, remaining quota < disk free 161 test_smbclient_dfree "Test dfree share root df vs quota case 4" "." "confdfq4 ." "160 1024. 12" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1`162 test_smbclient_dfree "Test dfree subdir df vs quota case 4" "subdir1" "confdfq4 subdir1" "160 1024. 12" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1`174 test_smbclient_dfree "Test dfree share root df vs quota case 4" dfq "." "confdfq4 ." "160 1024. 12" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 175 test_smbclient_dfree "Test dfree subdir df vs quota case 4" dfq "subdir1" "confdfq4 subdir1" "160 1024. 12" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 163 176 164 177 #quota-->disk free special cases 165 test_smbclient_dfree "Test quota->dfree edquot" "subdir1" "edquot subdir1" "164 1024. 0" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 166 test_smbclient_dfree "Test quota->dfree soft limit" "subdir1" "slimit subdir1" "168 1024. 0" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 167 test_smbclient_dfree "Test quota->dfree hard limit" "subdir1" "hlimit subdir1" "180 1024. 0" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 168 test_smbclient_dfree "Test quota->dfree inode soft limit" "subdir1" "islimit subdir1" "148 1024. 0" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 169 test_smbclient_dfree "Test quota->dfree inode hard limit" "subdir1" "ihlimit subdir1" "148 1024. 0" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 170 test_smbclient_dfree "Test quota->dfree err try group" "subdir1" "trygrp1 subdir1" "240 1024. 20" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 171 test_smbclient_dfree "Test quota->dfree no-quota try group" "subdir1" "trygrp2 subdir1" "240 1024. 16" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 178 test_smbclient_dfree "Test quota->dfree edquot" dfq "subdir1" "edquot subdir1" "164 1024. 0" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 179 test_smbclient_dfree "Test quota->dfree soft limit" dfq "subdir1" "slimit subdir1" "168 1024. 0" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 180 test_smbclient_dfree "Test quota->dfree hard limit" dfq "subdir1" "hlimit subdir1" "180 1024. 0" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 181 test_smbclient_dfree "Test quota->dfree inode soft limit" dfq "subdir1" "islimit subdir1" "148 1024. 0" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 182 test_smbclient_dfree "Test quota->dfree inode hard limit" dfq "subdir1" "ihlimit subdir1" "148 1024. 0" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 183 test_smbclient_dfree "Test quota->dfree err try group" dfq "subdir1" "trygrp1 subdir1" "240 1024. 20" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 184 test_smbclient_dfree "Test quota->dfree no-quota try group" dfq "subdir1" "trygrp2 subdir1" "240 1024. 16" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 185 186 #quota configured but not enforced 187 test_smbclient_dfree "Test dfree share root quota not enforced" dfq "." "notenforce ." "320 1024. 40" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 188 189 #FS quota not implemented (NFS case) 190 test_smbclient_dfree "Test dfree share root FS quota not implemented" dfq "." "nfs ." "160 1024. 12" -U$USERNAME%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 191 192 #test for dfree when owner is inherited 193 #setup two folders with different owners 194 rm -rf $WORKDIR/subdir3/* 195 for d in / subdir3 196 do 197 $VALGRIND $smbcacls -U$USERNAME%$PASSWORD -D "ACL:$SERVER\user1:ALLOWED/0x0/FULL" //$SERVER/dfq $d > /dev/null 2>&1 198 $VALGRIND $smbcacls -U$USERNAME%$PASSWORD -a "ACL:$SERVER\user1:ALLOWED/0x0/FULL" //$SERVER/dfq $d || failed=`expr $failed + 1` 199 $VALGRIND $smbcacls -U$USERNAME%$PASSWORD -D "ACL:$SERVER\user2:ALLOWED/0x0/FULL" //$SERVER/dfq $d > /dev/null 2>&1 200 $VALGRIND $smbcacls -U$USERNAME%$PASSWORD -a "ACL:$SERVER\user2:ALLOWED/0x0/FULL" //$SERVER/dfq $d || failed=`expr $failed + 1` 201 done 202 203 $VALGRIND $smbclient //$SERVER/dfq -c "cd subdir3; mkdir user1" -Uuser1%$PASSWORD --option=clientmaxprotocol=SMB3 > /dev/null 2>&1 || failed=`expr $failed + 1` 204 $VALGRIND $smbclient //$SERVER/dfq -c "cd subdir3; mkdir user2" -Uuser2%$PASSWORD --option=clientmaxprotocol=SMB3 > /dev/null 2>&1 || failed=`expr $failed + 1` 205 #test quotas 206 test_smbclient_dfree "Test dfree without inherit owner - user1 at user1" \ 207 dfq "subdir3/user1" "confdfqp subdir3/user1 confdfqp subdir3/user2" "160 1024. 16" \ 208 -Uuser1%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 209 test_smbclient_dfree "Test dfree without inherit owner - user1 at user2" \ 210 dfq "subdir3/user2" "confdfqp subdir3/user1 confdfqp subdir3/user2" "160 1024. 16" \ 211 -Uuser1%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 212 test_smbclient_dfree "Test dfree with inherit owner - user1 at user1" \ 213 dfq_owner "subdir3/user1" "confdfqp subdir3/user1 confdfqp subdir3/user2" "160 1024. 16" \ 214 -Uuser1%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 215 test_smbclient_dfree "Test dfree with inherit owner - user1 at user2" \ 216 dfq_owner "subdir3/user2" "confdfqp subdir3/user1 confdfqp subdir3/user2" "164 1024. 20" \ 217 -Uuser1%$PASSWORD --option=clientmaxprotocol=SMB3 || failed=`expr $failed + 1` 172 218 173 219 setup_conf -
vendor/current/source3/script/tests/test_shadow_copy.sh
r988 r989 43 43 local version 44 44 local destdir 45 local content 45 46 rootdir=$1 46 47 prefix=$2 47 48 version=$3 49 content=$4 48 50 if [ -n "$prefix" ] ; then 49 51 destdir=$rootdir/$prefix … … 57 59 # for non-snapshot version, create legit files 58 60 # so that wide-link checks focus on snapshot files 59 touch$destdir/foo61 echo "$content" > $destdir/foo 60 62 mkdir -p $destdir/bar 61 touch$destdir/bar/baz62 touch$destdir/bar/lfoo63 touch$destdir/bar/letcpasswd64 touch$destdir/bar/loutside63 echo "$content" > $destdir/bar/baz 64 echo "$content" > $destdir/bar/lfoo 65 echo "$content" > $destdir/bar/letcpasswd 66 echo "$content" > $destdir/bar/loutside 65 67 elif [ "$version" = "fullsnap" ] ; then 66 68 #snapshot files 67 touch$destdir/foo69 echo "$content" > $destdir/foo 68 70 mkdir -p $destdir/bar 69 touch$destdir/bar/baz71 echo "$content" > $destdir/bar/baz 70 72 ln -fs ../foo $destdir/bar/lfoo 71 73 ln -fs /etc/passwd $destdir/bar/letcpasswd 72 74 ln -fs ../../outside $destdir/bar/loutside 73 touch`dirname $destdir`/outside75 echo "$content" > `dirname $destdir`/outside 74 76 else #subshare snapshot - at bar 75 touch$destdir/baz77 echo "$content" > $destdir/baz 76 78 ln -fs ../foo $destdir/lfoo 77 79 ln -fs /etc/passwd $destdir/letcpasswd 78 80 ln -fs ../../outside $destdir/loutside 79 touch`dirname $destdir`/../outside81 echo "$content" > `dirname $destdir`/../outside 80 82 fi 81 83 … … 118 120 snapname=${SNAPSHOTS[$i]} 119 121 mkdir $snapdir/$snapname 120 build_files $snapdir/$snapname "$prefix" $version 122 build_files $snapdir/$snapname "$prefix" $version "$snapname" 121 123 done 122 124 } … … 128 130 local path 129 131 local expected_count 132 local skip_content 130 133 local versions 134 local tstamps 135 local tstamp 136 local content 137 local is_dir 131 138 132 139 share=$1 133 140 path=$2 134 141 expected_count=$3 142 skip_content=$4 135 143 versions=`$SMBCLIENT -U$USERNAME%$PASSWORD "//$SERVER/$share" -I $SERVER_IP -c "allinfo $path" | grep "^create_time:" | wc -l` 136 if [ "$versions" = "$expected_count" ] ; then 137 true 138 else 144 if [ "$versions" != "$expected_count" ] ; then 139 145 echo "expected $expected_count versions of $path, got $versions" 140 false 141 fi 146 return 1 147 fi 148 149 is_dir=0 150 $SMBCLIENT -U$USERNAME%$PASSWORD "//$SERVER/$share" -I $SERVER_IP -c "allinfo $path" | grep "^attributes:.*D" && is_dir=1 151 if [ $is_dir = 1 ] ; then 152 skip_content=1 153 fi 154 155 #readable snapshots 156 tstamps=`$SMBCLIENT -U$USERNAME%$PASSWORD "//$SERVER/$share" -I $SERVER_IP -c "allinfo $path" | awk '/^@GMT-/ {snapshot=$1} /^create_time:/ {printf "%s\n", snapshot}'` 157 for tstamp in $tstamps ; do 158 if [ $is_dir = 0 ] ; 159 then 160 if ! $SMBCLIENT -U$USERNAME%$PASSWORD "//$SERVER/$share" -I $SERVER_IP -c "get $tstamp\\$path $WORKDIR/foo" ; then 161 echo "Failed getting \\\\$SERVER\\$share\\$tstamp\\$path" 162 return 1 163 fi 164 else 165 if ! $SMBCLIENT -U$USERNAME%$PASSWORD "//$SERVER/$share" -I $SERVER_IP -c "ls $tstamp\\$path\\*" ; then 166 echo "Failed listing \\\\$SERVER\\$share\\$tstamp\\$path" 167 return 1 168 fi 169 fi 170 171 #also check the content, but not for wide links 172 if [ "x$skip_content" != "x1" ] ; then 173 content=`cat $WORKDIR/foo` 174 if [ "$content" != "$tstamp" ] ; then 175 echo "incorrect content of \\\\$SERVER\\$share\\$tstamp\\$path expected [$tstamp] got [$content]" 176 return 1 177 fi 178 fi 179 done 180 181 #non-readable snapshots 182 tstamps=`$SMBCLIENT -U$USERNAME%$PASSWORD "//$SERVER/$share" -I $SERVER_IP -c "allinfo $path" | \ 183 awk '/^@GMT-/ {if (snapshot!=""){printf "%s\n", snapshot} ; snapshot=$1} /^create_time:/ {snapshot=""} END {if (snapshot!=""){printf "%s\n", snapshot}}'` 184 for tstamp in $tstamps ; do 185 if [ $is_dir = 0 ] ; 186 then 187 if $SMBCLIENT -U$USERNAME%$PASSWORD "//$SERVER/$share" -I $SERVER_IP -c "get $tstamp\\$path $WORKDIR/foo" ; then 188 echo "Unexpected success getting \\\\$SERVER\\$share\\$tstamp\\$path" 189 return 1 190 fi 191 else 192 if $SMBCLIENT -U$USERNAME%$PASSWORD "//$SERVER/$share" -I $SERVER_IP -c "ls $tstamp\\$path\\*" ; then 193 echo "Unexpected success listing \\\\$SERVER\\$share\\$tstamp\\$path" 194 return 1 195 fi 196 fi 197 done 142 198 } 143 199 … … 195 251 196 252 testit "$msg - abs symlink outside" \ 197 test_count_versions $share bar/letcpasswd $ncopies_blocked || \253 test_count_versions $share bar/letcpasswd $ncopies_blocked 1 || \ 198 254 failed=`expr $failed + 1` 199 255 200 256 testit "$msg - rel symlink outside" \ 201 test_count_versions $share bar/loutside $ncopies_blocked || \ 257 test_count_versions $share bar/loutside $ncopies_blocked 1 || \ 258 failed=`expr $failed + 1` 259 260 testit "$msg - list directory" \ 261 test_count_versions $share bar $ncopies_allowed || \ 202 262 failed=`expr $failed + 1` 203 263 } … … 263 323 264 324 #build "latest" files 265 build_files $WORKDIR/mount base/share "latest" 325 build_files $WORKDIR/mount base/share "latest" "latest" 266 326 267 327 failed=0 -
vendor/current/source3/script/tests/test_smbclient_ntlm.sh
r988 r989 38 38 testit "smbclient baduser.badpassword.NT1NEW.guest" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mNT1 -c quit $ADDARGS 39 39 testit "smbclient baduser.badpassword.SMB3.guest" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mSMB3 -c quit $ADDARGS 40 41 testit_expect_failure "smbclient baduser.badpassword.NT1OLD.signfail" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mNT1 --option=clientusespnego=no --option=clientntlmv2auth=no --signing=required -c quit $ADDARGS 42 testit_expect_failure "smbclient baduser.badpassword.NT1NEW.signfail" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mNT1 --signing=required -c quit $ADDARGS 43 testit_expect_failure "smbclient baduser.badpassword.SMB3.signfail" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mSMB3 --signing=required -c quit $ADDARGS 40 44 fi -
vendor/current/source3/selftest/tests.py
r988 r989 183 183 plantestsuite("samba3.blackbox.preserve_case (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_preserve_case.sh"), '$SERVER', '$DOMAIN', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3]) 184 184 plantestsuite("samba3.blackbox.dfree_command (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_dfree_command.sh"), '$SERVER', '$DOMAIN', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3]) 185 plantestsuite("samba3.blackbox.dfree_quota (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_dfree_quota.sh"), '$SERVER', '$DOMAIN', '$USERNAME', '$PASSWORD', '$LOCAL_PATH', smbclient3, smbcquotas ])185 plantestsuite("samba3.blackbox.dfree_quota (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_dfree_quota.sh"), '$SERVER', '$DOMAIN', '$USERNAME', '$PASSWORD', '$LOCAL_PATH', smbclient3, smbcquotas, smbcacls]) 186 186 plantestsuite("samba3.blackbox.valid_users (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_valid_users.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3]) 187 187 plantestsuite("samba3.blackbox.offline (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_offline.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$USERNAME', '$PASSWORD', '$LOCAL_PATH/offline', smbclient3]) … … 304 304 local = ["local.nss", "local.ndr"] 305 305 306 idmap = [ "idmap.rfc2307"]306 idmap = ["idmap.rfc2307", "idmap.alloc"] 307 307 308 308 rap = ["rap.basic", "rap.rpc", "rap.printing", "rap.sam"] … … 314 314 libsmbclient = ["libsmbclient"] 315 315 316 vfs = ["vfs.fruit" ]316 vfs = ["vfs.fruit", "vfs.acl_xattr"] 317 317 318 318 tests= base + raw + smb2 + rpc + unix + local + rap + nbt + libsmbclient + idmap + vfs … … 369 369 elif t == "idmap.rfc2307": 370 370 plantestsuite(t, "ad_member_rfc2307", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_rfc2307.sh"), '$DOMAIN', 'Administrator', '2000000', 'Guest', '2000001', '"Domain Users"', '2000002', 'DnsAdmins', '2000003', 'ou=idmap,dc=samba,dc=example,dc=com', '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD']) 371 elif t == "idmap.alloc": 372 plantestsuite(t, "ad_member_rfc2307", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_nss.sh"), '$DOMAIN']) 371 373 elif t == "raw.acls": 372 374 plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') … … 406 408 plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD --signing=required') 407 409 plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD --signing=required') 410 elif t == "smb2.dosmode": 411 plansmbtorture4testsuite(t, "simpleserver", '//$SERVER/dosmode -U$USERNAME%$PASSWORD') 412 elif t == "vfs.acl_xattr": 413 plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') 408 414 else: 409 415 plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') … … 462 468 os.path.join(bindir(), "rpcclient"), "tmp"]) 463 469 470 plantestsuite("samba3.blackbox.rpcclient.pw-nt-hash", "simpleserver", 471 [os.path.join(samba3srcdir, "script/tests/test_rpcclient_pw_nt_hash.sh"), 472 "$USERNAME", "$PASSWORD", "$SERVER", 473 os.path.join(bindir(), "rpcclient")]) 474 464 475 options_list = ["", "-e"] 465 476 for options in options_list: -
vendor/current/source3/smbd/aio.c
r988 r989 273 273 int outsize; 274 274 char *outbuf = (char *)aio_ex->outbuf.data; 275 char *data = smb_buf(outbuf) + 1 /* padding byte */;276 275 ssize_t nread; 277 276 int err; … … 302 301 outsize = srv_set_message(outbuf,0,0,true); 303 302 } else { 304 outsize = srv_set_message(outbuf, 12, 305 nread + 1 /* padding byte */, false); 306 SSVAL(outbuf,smb_vwv2, 0xFFFF); /* Remaining - must be * -1. */ 307 SSVAL(outbuf,smb_vwv5, nread); 308 SSVAL(outbuf,smb_vwv6, smb_offset(data,outbuf)); 309 SSVAL(outbuf,smb_vwv7, ((nread >> 16) & 1)); 310 SSVAL(smb_buf(outbuf), -2, nread); 303 outsize = setup_readX_header(outbuf, nread); 311 304 312 305 aio_ex->fsp->fh->pos = aio_ex->offset + nread; -
vendor/current/source3/smbd/close.c
r988 r989 169 169 TALLOC_CTX *frame = talloc_stackframe(); 170 170 NTSTATUS status; 171 bool saved_posix_pathnames; 171 172 172 173 status = vfs_streaminfo(conn, NULL, fname, talloc_tos(), … … 192 193 return NT_STATUS_OK; 193 194 } 195 196 /* 197 * Any stream names *must* be treated as Windows 198 * pathnames, even if we're using UNIX extensions. 199 */ 200 201 saved_posix_pathnames = lp_set_posix_pathnames(false); 194 202 195 203 for (i=0; i<num_streams; i++) { … … 224 232 225 233 fail: 234 235 (void)lp_set_posix_pathnames(saved_posix_pathnames); 226 236 TALLOC_FREE(frame); 227 237 return status; … … 247 257 bool got_tokens = false; 248 258 bool normal_close; 249 int ret_flock;250 259 251 260 /* Ensure any pending write time updates are done. */ … … 268 277 "lock for file %s\n", fsp_str_dbg(fsp))); 269 278 return NT_STATUS_INVALID_PARAMETER; 279 } 280 281 /* Remove the oplock before potentially deleting the file. */ 282 if(fsp->oplock_type) { 283 remove_oplock_under_lock(fsp, lck); 270 284 } 271 285 … … 471 485 } 472 486 473 /* remove filesystem sharemodes */ 474 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, 0, 0); 475 if (ret_flock == -1) { 476 DEBUG(2, ("close_remove_share_mode: removing kernel flock for " 477 "%s failed: %s\n", fsp_str_dbg(fsp), 478 strerror(errno))); 487 if (fsp->kernel_share_modes_taken) { 488 int ret_flock; 489 490 /* remove filesystem sharemodes */ 491 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, 0, 0); 492 if (ret_flock == -1) { 493 DEBUG(2, ("close_remove_share_mode: removing kernel " 494 "flock for %s failed: %s\n", 495 fsp_str_dbg(fsp), strerror(errno))); 496 } 479 497 } 480 498 … … 732 750 file_free(req, fsp); 733 751 return NT_STATUS_OK; 734 }735 736 /* Remove the oplock before potentially deleting the file. */737 if(fsp->oplock_type) {738 remove_oplock(fsp);739 752 } 740 753 -
vendor/current/source3/smbd/dfree.c
r988 r989 50 50 ****************************************************************************/ 51 51 52 uint64_t sys_disk_free(connection_struct *conn, const char *path,52 uint64_t sys_disk_free(connection_struct *conn, struct smb_filename *fname, 53 53 uint64_t *bsize, uint64_t *dfree, uint64_t *dsize) 54 54 { … … 59 59 const char *dfree_command; 60 60 static bool dfree_broken = false; 61 const char *path = fname->base_name; 61 62 62 63 (*dfree) = (*dsize) = 0; … … 124 125 } 125 126 126 if (disk_quotas(conn, path, &bsize_q, &dfree_q, &dsize_q)) {127 if (disk_quotas(conn, fname, &bsize_q, &dfree_q, &dsize_q)) { 127 128 uint64_t min_bsize = MIN(*bsize, bsize_q); 128 129 … … 168 169 ****************************************************************************/ 169 170 170 uint64_t get_dfree_info(connection_struct *conn, 171 const char *path, 172 uint64_t *bsize, 173 uint64_t *dfree, 174 uint64_t *dsize) 171 uint64_t get_dfree_info(connection_struct *conn, struct smb_filename *fname, 172 uint64_t *bsize, uint64_t *dfree, uint64_t *dsize) 175 173 { 176 174 int dfree_cache_time = lp_dfree_cache_time(SNUM(conn)); … … 179 177 180 178 if (!dfree_cache_time) { 181 return sys_disk_free(conn, path, bsize, dfree, dsize);179 return sys_disk_free(conn, fname, bsize, dfree, dsize); 182 180 } 183 181 … … 190 188 } 191 189 192 dfree_ret = sys_disk_free(conn, path, bsize, dfree, dsize);190 dfree_ret = sys_disk_free(conn, fname, bsize, dfree, dsize); 193 191 194 192 if (dfree_ret == (uint64_t)-1) { -
vendor/current/source3/smbd/dosmode.c
r988 r989 258 258 ****************************************************************************/ 259 259 260 staticbool get_ea_dos_attribute(connection_struct *conn,261 262 260 bool get_ea_dos_attribute(connection_struct *conn, 261 struct smb_filename *smb_fname, 262 uint32_t *pattr) 263 263 { 264 264 struct xattr_DOSATTRIB dosattrib; … … 553 553 } 554 554 555 static uint32_t dos_mode_from_name(connection_struct *conn, 556 const struct smb_filename *smb_fname, 557 uint32_t dosmode) 558 { 559 const char *p = NULL; 560 uint32_t result = dosmode; 561 562 if (!(result & FILE_ATTRIBUTE_HIDDEN) && 563 lp_hide_dot_files(SNUM(conn))) 564 { 565 p = strrchr_m(smb_fname->base_name, '/'); 566 if (p) { 567 p++; 568 } else { 569 p = smb_fname->base_name; 570 } 571 572 /* Only . and .. are not hidden. */ 573 if ((p[0] == '.') && 574 !((p[1] == '\0') || (p[1] == '.' && p[2] == '\0'))) 575 { 576 result |= FILE_ATTRIBUTE_HIDDEN; 577 } 578 } 579 580 if (!(result & FILE_ATTRIBUTE_HIDDEN) && 581 IS_HIDDEN_PATH(conn, smb_fname->base_name)) 582 { 583 result |= FILE_ATTRIBUTE_HIDDEN; 584 } 585 586 return result; 587 } 588 555 589 /**************************************************************************** 556 590 Change a unix mode to a dos mode. … … 568 602 if (!VALID_STAT(smb_fname->st)) { 569 603 return 0; 570 }571 572 /* First do any modifications that depend on the path name. */573 /* hide files with a name starting with a . */574 if (lp_hide_dot_files(SNUM(conn))) {575 const char *p = strrchr_m(smb_fname->base_name,'/');576 if (p) {577 p++;578 } else {579 p = smb_fname->base_name;580 }581 582 /* Only . and .. are not hidden. */583 if (p[0] == '.' && !((p[1] == '\0') ||584 (p[1] == '.' && p[2] == '\0'))) {585 result |= FILE_ATTRIBUTE_HIDDEN;586 }587 604 } 588 605 … … 606 623 } 607 624 608 /* Optimization : Only call is_hidden_path if it's not already 609 hidden. */ 610 if (!(result & FILE_ATTRIBUTE_HIDDEN) && 611 IS_HIDDEN_PATH(conn, smb_fname->base_name)) { 612 result |= FILE_ATTRIBUTE_HIDDEN; 613 } 625 result |= dos_mode_from_name(conn, smb_fname, result); 614 626 615 627 if (result == 0) { 616 result = FILE_ATTRIBUTE_NORMAL; 628 if (S_ISDIR(smb_fname->st.st_ex_mode)) { 629 result = FILE_ATTRIBUTE_DIRECTORY; 630 } else { 631 result = FILE_ATTRIBUTE_NORMAL; 632 } 617 633 } 618 634 -
vendor/current/source3/smbd/filename.c
r988 r989 940 940 TALLOC_FREE(found_name); 941 941 } /* end else */ 942 943 #ifdef DEVELOPER944 /*945 * This sucks!946 * We should never provide different behaviors947 * depending on DEVELOPER!!!948 */949 if (VALID_STAT(smb_fname->st)) {950 bool delete_pending;951 uint32_t name_hash;952 953 status = file_name_hash(conn,954 smb_fname_str_dbg(smb_fname),955 &name_hash);956 if (!NT_STATUS_IS_OK(status)) {957 goto fail;958 }959 960 get_file_infos(vfs_file_id_from_sbuf(conn,961 &smb_fname->st),962 name_hash,963 &delete_pending, NULL);964 if (delete_pending) {965 status = NT_STATUS_DELETE_PENDING;966 goto fail;967 }968 }969 #endif970 942 971 943 /* -
vendor/current/source3/smbd/globals.h
r988 r989 728 728 729 729 /* 730 * Keep track of whether the outstanding request counters 731 * had been updated in dispatch, so that they need to be 732 * adapted again in reply. 733 */ 734 bool request_counters_updated; 735 736 /* 730 737 * The sub request for async backend calls. 731 738 * This is used for SMB2 Cancel. -
vendor/current/source3/smbd/notifyd/notifyd.c
r988 r989 1247 1247 size_t i; 1248 1248 1249 dbwrap_traverse_read(p->db, notifyd_db_del_syswatches, NULL, NULL); 1249 if (p->db != NULL) { 1250 dbwrap_traverse_read(p->db, notifyd_db_del_syswatches, 1251 NULL, NULL); 1252 } 1250 1253 1251 1254 for (i = 0; i<state->num_peers; i++) { -
vendor/current/source3/smbd/open.c
r988 r989 884 884 } 885 885 886 if (local_flags & O_NONBLOCK) { 887 /* 888 * GPFS can return ETIMEDOUT for pread on 889 * nonblocking file descriptors when files 890 * migrated to tape need to be recalled. I 891 * could imagine this happens elsehwere 892 * too. With blocking file descriptors this 893 * does not happen. 894 */ 895 ret = set_blocking(fsp->fh->fd, true); 896 if (ret == -1) { 897 status = map_nt_error_from_unix(errno); 898 DBG_WARNING("Could not set fd to blocking: " 899 "%s\n", strerror(errno)); 900 fd_close(fsp); 901 return status; 902 } 903 } 904 886 905 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st); 887 906 if (ret == -1) { … … 2518 2537 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK; 2519 2538 if (file_existed) { 2520 existing_dos_attributes = dos_mode(conn, smb_fname); 2539 /* 2540 * Only use strored DOS attributes for checks 2541 * against requested attributes (below via 2542 * open_match_attributes()), cf bug #11992 2543 * for details. -slow 2544 */ 2545 bool ok; 2546 uint32_t attr = 0; 2547 2548 ok = get_ea_dos_attribute(conn, smb_fname, &attr); 2549 if (ok) { 2550 existing_dos_attributes = attr; 2551 } 2521 2552 } 2522 2553 } … … 3085 3116 return NT_STATUS_SHARING_VIOLATION; 3086 3117 } 3118 3119 fsp->kernel_share_modes_taken = true; 3087 3120 } 3088 3121 … … 3858 3891 TALLOC_CTX *frame = talloc_stackframe(); 3859 3892 NTSTATUS status; 3893 bool saved_posix_pathnames; 3860 3894 3861 3895 status = vfs_streaminfo(conn, NULL, fname, talloc_tos(), … … 3889 3923 goto fail; 3890 3924 } 3925 3926 /* 3927 * Any stream names *must* be treated as Windows 3928 * pathnames, even if we're using UNIX extensions. 3929 */ 3930 3931 saved_posix_pathnames = lp_set_posix_pathnames(false); 3891 3932 3892 3933 for (i=0; i<num_streams; i++) { … … 3957 3998 3958 3999 fail: 4000 4001 (void)lp_set_posix_pathnames(saved_posix_pathnames); 3959 4002 TALLOC_FREE(frame); 3960 4003 return status; -
vendor/current/source3/smbd/oplock.c
r988 r989 191 191 * If we're the only one, we don't need a brlock entry 192 192 */ 193 remove_stale_share_mode_entries(d); 193 194 SMB_ASSERT(d->num_share_modes == 1); 194 195 SMB_ASSERT(EXCLUSIVE_OPLOCK_TYPE(d->share_modes[0].op_type)); … … 220 221 TALLOC_FREE(br_lck); 221 222 return true; 223 } 224 225 /**************************************************************************** 226 Remove a file oplock with lock already held. Copes with level II and exclusive. 227 ****************************************************************************/ 228 229 bool remove_oplock_under_lock(files_struct *fsp, struct share_mode_lock *lck) 230 { 231 bool ret; 232 233 ret = remove_share_oplock(lck, fsp); 234 if (!ret) { 235 DBG_ERR("failed to remove share oplock for " 236 "file %s, %s, %s\n", 237 fsp_str_dbg(fsp), fsp_fnum_dbg(fsp), 238 file_id_string_tos(&fsp->file_id)); 239 } 240 release_file_oplock(fsp); 241 242 ret = update_num_read_oplocks(fsp, lck); 243 if (!ret) { 244 DBG_ERR("update_num_read_oplocks failed for " 245 "file %s, %s, %s\n", 246 fsp_str_dbg(fsp), fsp_fnum_dbg(fsp), 247 file_id_string_tos(&fsp->file_id)); 248 } 249 250 return ret; 222 251 } 223 252 … … 233 262 struct share_mode_lock *lck; 234 263 235 DEBUG(10, ("remove_oplock called for %s\n", 236 fsp_str_dbg(fsp))); 264 DBG_DEBUG("remove_oplock called for %s\n", fsp_str_dbg(fsp)); 237 265 238 266 /* Remove the oplock flag from the sharemode. */ 239 267 lck = get_existing_share_mode_lock(talloc_tos(), fsp->file_id); 240 268 if (lck == NULL) { 241 DEBUG(0,("remove_oplock: failed to lock share entry for " 242 "file %s\n", fsp_str_dbg(fsp))); 243 return False; 244 } 245 246 ret = remove_share_oplock(lck, fsp); 247 if (!ret) { 248 DEBUG(0,("remove_oplock: failed to remove share oplock for " 249 "file %s, %s, %s\n", 250 fsp_str_dbg(fsp), fsp_fnum_dbg(fsp), 251 file_id_string_tos(&fsp->file_id))); 252 } 253 release_file_oplock(fsp); 254 255 ret = update_num_read_oplocks(fsp, lck); 256 if (!ret) { 257 DEBUG(0, ("%s: update_num_read_oplocks failed for " 258 "file %s, %s, %s\n", 259 __func__, fsp_str_dbg(fsp), fsp_fnum_dbg(fsp), 260 file_id_string_tos(&fsp->file_id))); 261 } 269 DBG_ERR("failed to lock share entry for " 270 "file %s\n", fsp_str_dbg(fsp)); 271 return false; 272 } 273 274 ret = remove_oplock_under_lock(fsp, lck); 262 275 263 276 TALLOC_FREE(lck); -
vendor/current/source3/smbd/pipes.c
r988 r989 493 493 + 2 /* the buflen field */ 494 494 + 1); /* padding byte */ 495 SSVAL(req->outbuf,smb_vwv11,state->smb_maxcnt);496 495 497 496 DEBUG(3,("readX-IPC min=%d max=%d nread=%d\n", -
vendor/current/source3/smbd/posix_acls.c
r988 r989 4663 4663 } 4664 4664 4665 /* Stolen shamelessly from pvfs_default_acl() in source4 :-). */4666 4667 NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx,4668 const char *name,4669 SMB_STRUCT_STAT *psbuf,4670 struct security_descriptor **ppdesc)4671 {4672 struct dom_sid owner_sid, group_sid;4673 size_t size = 0;4674 struct security_ace aces[4];4675 uint32_t access_mask = 0;4676 mode_t mode = psbuf->st_ex_mode;4677 struct security_acl *new_dacl = NULL;4678 int idx = 0;4679 4680 DEBUG(10,("make_default_filesystem_acl: file %s mode = 0%o\n",4681 name, (int)mode ));4682 4683 uid_to_sid(&owner_sid, psbuf->st_ex_uid);4684 gid_to_sid(&group_sid, psbuf->st_ex_gid);4685 4686 /*4687 We provide up to 4 ACEs4688 - Owner4689 - Group4690 - Everyone4691 - NT System4692 */4693 4694 if (mode & S_IRUSR) {4695 if (mode & S_IWUSR) {4696 access_mask |= SEC_RIGHTS_FILE_ALL;4697 } else {4698 access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;4699 }4700 }4701 if (mode & S_IWUSR) {4702 access_mask |= SEC_RIGHTS_FILE_WRITE | SEC_STD_DELETE;4703 }4704 4705 init_sec_ace(&aces[idx],4706 &owner_sid,4707 SEC_ACE_TYPE_ACCESS_ALLOWED,4708 access_mask,4709 0);4710 idx++;4711 4712 access_mask = 0;4713 if (mode & S_IRGRP) {4714 access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;4715 }4716 if (mode & S_IWGRP) {4717 /* note that delete is not granted - this matches posix behaviour */4718 access_mask |= SEC_RIGHTS_FILE_WRITE;4719 }4720 if (access_mask) {4721 init_sec_ace(&aces[idx],4722 &group_sid,4723 SEC_ACE_TYPE_ACCESS_ALLOWED,4724 access_mask,4725 0);4726 idx++;4727 }4728 4729 access_mask = 0;4730 if (mode & S_IROTH) {4731 access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;4732 }4733 if (mode & S_IWOTH) {4734 access_mask |= SEC_RIGHTS_FILE_WRITE;4735 }4736 if (access_mask) {4737 init_sec_ace(&aces[idx],4738 &global_sid_World,4739 SEC_ACE_TYPE_ACCESS_ALLOWED,4740 access_mask,4741 0);4742 idx++;4743 }4744 4745 init_sec_ace(&aces[idx],4746 &global_sid_System,4747 SEC_ACE_TYPE_ACCESS_ALLOWED,4748 SEC_RIGHTS_FILE_ALL,4749 0);4750 idx++;4751 4752 new_dacl = make_sec_acl(ctx,4753 NT4_ACL_REVISION,4754 idx,4755 aces);4756 4757 if (!new_dacl) {4758 return NT_STATUS_NO_MEMORY;4759 }4760 4761 *ppdesc = make_sec_desc(ctx,4762 SECURITY_DESCRIPTOR_REVISION_1,4763 SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT,4764 &owner_sid,4765 &group_sid,4766 NULL,4767 new_dacl,4768 &size);4769 if (!*ppdesc) {4770 return NT_STATUS_NO_MEMORY;4771 }4772 return NT_STATUS_OK;4773 }4774 4775 4665 int posix_sys_acl_blob_get_file(vfs_handle_struct *handle, 4776 4666 const char *path_p, -
vendor/current/source3/smbd/process.c
r988 r989 3224 3224 state->xconn = xconn; 3225 3225 state->parent_pipe = parent_pipe; 3226 state->ev = s 3_tevent_context_init(state);3226 state->ev = samba_tevent_context_init(state); 3227 3227 if (state->ev == NULL) { 3228 DEBUG(1, (" tevent_context_init failed\n"));3228 DEBUG(1, ("samba_tevent_context_init failed\n")); 3229 3229 TALLOC_FREE(state); 3230 3230 return; -
vendor/current/source3/smbd/proto.h
r988 r989 172 172 /* The following definitions come from smbd/dfree.c */ 173 173 174 uint64_t sys_disk_free(connection_struct *conn, const char *path, 175 uint64_t *bsize,uint64_t *dfree,uint64_t *dsize); 176 uint64_t get_dfree_info(connection_struct *conn, 177 const char *path, 178 uint64_t *bsize, 179 uint64_t *dfree, 180 uint64_t *dsize); 174 uint64_t sys_disk_free(connection_struct *conn, struct smb_filename *fname, 175 uint64_t *bsize, uint64_t *dfree, uint64_t *dsize); 176 uint64_t get_dfree_info(connection_struct *conn, struct smb_filename *fname, 177 uint64_t *bsize, uint64_t *dfree, uint64_t *dsize); 181 178 182 179 /* The following definitions come from smbd/dir.c */ … … 260 257 int file_set_dosmode(connection_struct *conn, struct smb_filename *smb_fname, 261 258 uint32_t dosmode, const char *parent_dir, bool newfile); 259 bool get_ea_dos_attribute(connection_struct *conn, 260 struct smb_filename *smb_fname, 261 uint32_t *pattr); 262 262 NTSTATUS file_set_sparse(connection_struct *conn, 263 263 struct files_struct *fsp, … … 681 681 void break_kernel_oplock(struct messaging_context *msg_ctx, files_struct *fsp); 682 682 NTSTATUS set_file_oplock(files_struct *fsp); 683 bool remove_oplock_under_lock(files_struct *fsp, struct share_mode_lock *lck); 683 684 bool remove_oplock(files_struct *fsp); 684 685 bool downgrade_oplock(files_struct *fsp); … … 762 763 uint32_t security_info_wanted, 763 764 struct security_descriptor **sd); 764 NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx,765 const char *name,766 SMB_STRUCT_STAT *psbuf,767 struct security_descriptor **ppdesc);768 765 int posix_sys_acl_blob_get_file(vfs_handle_struct *handle, 769 766 const char *path_p, … … 830 827 /* The following definitions come from smbd/quotas.c */ 831 828 832 bool disk_quotas(connection_struct *conn, const char *path, uint64_t *bsize, 833 uint64_t *dfree, uint64_t *dsize); 834 bool disk_quotas_vxfs(const char *name, char *path, uint64_t *bsize, uint64_t *dfree, uint64_t *dsize); 829 bool disk_quotas(connection_struct *conn, struct smb_filename *fname, 830 uint64_t *bsize, uint64_t *dfree, uint64_t *dsize); 835 831 836 832 /* The following definitions come from smbd/reply.c */ … … 916 912 void reply_readbraw(struct smb_request *req); 917 913 void reply_lockread(struct smb_request *req); 914 int setup_readX_header(char *outbuf, size_t smb_maxcnt); 918 915 void reply_read(struct smb_request *req); 919 916 void reply_read_and_X(struct smb_request *req); -
vendor/current/source3/smbd/quotas.c
r988 r989 237 237 ****************************************************************************/ 238 238 239 bool disk_quotas(connection_struct *conn, const char *path, uint64_t *bsize,240 uint64_t * dfree, uint64_t *dsize)239 bool disk_quotas(connection_struct *conn, struct smb_filename *fname, 240 uint64_t *bsize, uint64_t *dfree, uint64_t *dsize) 241 241 { 242 242 uid_t euser_id; … … 255 255 SMB_DEV_T devno; 256 256 bool found = false; 257 const char *path = fname->base_name; 257 258 258 259 euser_id = geteuid(); 259 260 260 if (sys_stat(path, &sbuf, false) == -1) { 261 return false; 262 } 263 264 devno = sbuf.st_ex_dev ; 261 devno = fname->st.st_ex_dev; 265 262 DEBUG(5,("disk_quotas: looking for path \"%s\" devno=%x\n", 266 263 path, (unsigned int)devno)); … … 427 424 ****************************************************************************/ 428 425 429 bool disk_quotas(connection_struct *conn, const char *path, uint64_t *bsize,430 uint64_t * dfree, uint64_t *dsize)426 bool disk_quotas(connection_struct *conn, struct smb_filename *fname, 427 uint64_t *bsize, uint64_t *dfree, uint64_t *dsize) 431 428 { 432 429 int r; 433 430 struct dqblk D; 434 431 uid_t euser_id; 432 const char *path = fname->base_name; 435 433 #if !defined(AIX) 436 434 char dev_disk[256]; 437 SMB_STRUCT_STAT S ;435 SMB_STRUCT_STAT S = fname->st; 438 436 439 437 /* find the block device file */ … … 658 656 #else /* WITH_QUOTAS */ 659 657 660 bool disk_quotas(connection_struct *conn, const char *path, uint64_t *bsize,661 uint64_t * dfree, uint64_t *dsize)658 bool disk_quotas(connection_struct *conn, struct smb_filename *fname, 659 uint64_t *bsize, uint64_t *dfree, uint64_t *dsize) 662 660 { 663 661 (*bsize) = 512; /* This value should be ignored */ … … 677 675 this file should be removed later 678 676 */ 679 bool disk_quotas(connection_struct *conn, const char *path, uint64_t *bsize,680 uint64_t * dfree, uint64_t *dsize)677 bool disk_quotas(connection_struct *conn, struct smb_filename *fname, 678 uint64_t *bsize, uint64_t *dfree, uint64_t *dsize) 681 679 { 682 680 int r; … … 684 682 unid_t id; 685 683 684 /* 685 * First of all, check whether user quota is 686 * enforced. If the call fails, assume it is 687 * not enforced. 688 */ 689 ZERO_STRUCT(D); 690 id.uid = -1; 691 r = SMB_VFS_GET_QUOTA(conn, fname->base_name, SMB_USER_FS_QUOTA_TYPE, 692 id, &D); 693 if (r == -1 && errno != ENOSYS) { 694 goto try_group_quota; 695 } 696 if (r == 0 && (D.qflags & QUOTAS_DENY_DISK) == 0) { 697 goto try_group_quota; 698 } 699 700 ZERO_STRUCT(D); 686 701 id.uid = geteuid(); 687 702 688 ZERO_STRUCT(D); 689 r = SMB_VFS_GET_QUOTA(conn, path, SMB_USER_QUOTA_TYPE, id, &D); 703 /* if new files created under this folder get this 704 * folder's UID, then available space is governed by 705 * the quota of the folder's UID, not the creating user. 706 */ 707 if (lp_inherit_owner(SNUM(conn)) && 708 id.uid != fname->st.st_ex_uid && id.uid != sec_initial_uid()) { 709 int save_errno; 710 711 id.uid = fname->st.st_ex_uid; 712 become_root(); 713 r = SMB_VFS_GET_QUOTA(conn, fname->base_name, 714 SMB_USER_QUOTA_TYPE, id, &D); 715 save_errno = errno; 716 unbecome_root(); 717 errno = save_errno; 718 } else { 719 r = SMB_VFS_GET_QUOTA(conn, fname->base_name, 720 SMB_USER_QUOTA_TYPE, id, &D); 721 } 690 722 691 723 /* Use softlimit to determine disk space, except when it has been exceeded */ … … 723 755 724 756 try_group_quota: 757 /* 758 * First of all, check whether group quota is 759 * enforced. If the call fails, assume it is 760 * not enforced. 761 */ 762 ZERO_STRUCT(D); 763 id.gid = -1; 764 r = SMB_VFS_GET_QUOTA(conn, fname->base_name, SMB_GROUP_FS_QUOTA_TYPE, 765 id, &D); 766 if (r == -1 && errno != ENOSYS) { 767 return false; 768 } 769 if (r == 0 && (D.qflags & QUOTAS_DENY_DISK) == 0) { 770 return false; 771 } 772 725 773 id.gid = getegid(); 726 774 727 775 ZERO_STRUCT(D); 728 r = SMB_VFS_GET_QUOTA(conn, path, SMB_GROUP_QUOTA_TYPE, id, &D); 776 r = SMB_VFS_GET_QUOTA(conn, fname->base_name, SMB_GROUP_QUOTA_TYPE, id, 777 &D); 729 778 730 779 /* Use softlimit to determine disk space, except when it has been exceeded */ -
vendor/current/source3/smbd/reply.c
r988 r989 1574 1574 uint64_t ret; 1575 1575 uint64_t dfree,dsize,bsize; 1576 struct smb_filename smb_fname; 1576 1577 START_PROFILE(SMBdskattr); 1577 1578 1578 ret = get_dfree_info(conn, ".", &bsize, &dfree, &dsize); 1579 ZERO_STRUCT(smb_fname); 1580 smb_fname.base_name = discard_const_p(char, "."); 1581 1582 if (SMB_VFS_STAT(conn, &smb_fname) != 0) { 1583 reply_nterror(req, map_nt_error_from_unix(errno)); 1584 DBG_WARNING("stat of . failed (%s)\n", strerror(errno)); 1585 END_PROFILE(SMBdskattr); 1586 return; 1587 } 1588 1589 ret = get_dfree_info(conn, &smb_fname, &bsize, &dfree, &dsize); 1579 1590 if (ret == (uint64_t)-1) { 1580 1591 reply_nterror(req, map_nt_error_from_unix(errno)); … … 3897 3908 ****************************************************************************/ 3898 3909 3899 static int setup_readX_header(struct smb_request *req, char *outbuf, 3900 size_t smb_maxcnt) 3910 int setup_readX_header(char *outbuf, size_t smb_maxcnt) 3901 3911 { 3902 3912 int outsize; … … 3917 3927 + 1); /* padding byte */ 3918 3928 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16)); 3919 SSVAL(outbuf,smb_vwv11,smb_maxcnt);3920 3929 SCVAL(smb_buf(outbuf), 0, 0); /* padding byte */ 3921 3930 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */ … … 3985 3994 3986 3995 construct_reply_common_req(req, (char *)headerbuf); 3987 setup_readX_header( req,(char *)headerbuf, smb_maxcnt);3996 setup_readX_header((char *)headerbuf, smb_maxcnt); 3988 3997 3989 3998 nread = SMB_VFS_SENDFILE(xconn->transport.sock, fsp, &header, … … 4086 4095 4087 4096 construct_reply_common_req(req, (char *)headerbuf); 4088 setup_readX_header( req,(char *)headerbuf, smb_maxcnt);4097 setup_readX_header((char *)headerbuf, smb_maxcnt); 4089 4098 4090 4099 /* Send out the header. */ … … 4136 4145 } 4137 4146 4138 setup_readX_header( req,(char *)req->outbuf, nread);4147 setup_readX_header((char *)req->outbuf, nread); 4139 4148 4140 4149 DEBUG(3, ("send_file_readX %s max=%d nread=%d\n", -
vendor/current/source3/smbd/server.c
r988 r989 397 397 } 398 398 399 status = reinit_after_fork(msg, ev, true, "smbd-notifyd");399 status = smbd_reinit_after_fork(msg, ev, true, "smbd-notifyd"); 400 400 if (!NT_STATUS_IS_OK(status)) { 401 401 DEBUG(1, ("%s: reinit_after_fork failed: %s\n", … … 479 479 close(up_pipe[0]); 480 480 481 status = reinit_after_fork(msg, ev, true, "cleanupd");481 status = smbd_reinit_after_fork(msg, ev, true, "cleanupd"); 482 482 if (!NT_STATUS_IS_OK(status)) { 483 483 DBG_WARNING("reinit_after_fork failed: %s\n", … … 1413 1413 * initialized before the messaging context, cause the messaging 1414 1414 * context holds an event context. 1415 * FIXME: This should be s3_tevent_context_init()1416 1415 */ 1417 1416 ev_ctx = server_event_context(); -
vendor/current/source3/smbd/service.c
r988 r989 182 182 { 183 183 int snum; 184 enum remote_arch_types ra_type; 184 185 185 186 if (!conn) { … … 207 208 last_flags = flags; 208 209 209 /* Obey the client case sensitivity requests - only for clients that support it. */ 210 /* 211 * Obey the client case sensitivity requests - only for clients that 212 * support it. */ 210 213 switch (lp_case_sensitive(snum)) { 211 case Auto: 212 { 213 /* We need this uglyness due to DOS/Win9x clients that lie about case insensitivity. */ 214 enum remote_arch_types ra_type = get_remote_arch(); 215 if ((ra_type != RA_SAMBA) && (ra_type != RA_CIFSFS)) { 216 /* Client can't support per-packet case sensitive pathnames. */ 217 conn->case_sensitive = False; 218 } else { 219 conn->case_sensitive = !(flags & FLAG_CASELESS_PATHNAMES); 220 } 221 } 222 break; 223 case True: 224 conn->case_sensitive = True; 225 break; 226 default: 227 conn->case_sensitive = False; 228 break; 229 } 230 return(True); 214 case Auto: 215 /* 216 * We need this uglyness due to DOS/Win9x clients that lie 217 * about case insensitivity. */ 218 ra_type = get_remote_arch(); 219 if (conn->sconn->using_smb2) { 220 conn->case_sensitive = false; 221 } else if ((ra_type != RA_SAMBA) && (ra_type != RA_CIFSFS)) { 222 /* 223 * Client can't support per-packet case sensitive 224 * pathnames. */ 225 conn->case_sensitive = false; 226 } else { 227 conn->case_sensitive = 228 !(flags & FLAG_CASELESS_PATHNAMES); 229 } 230 break; 231 case True: 232 conn->case_sensitive = true; 233 break; 234 default: 235 conn->case_sensitive = false; 236 break; 237 } 238 return true; 231 239 } 232 240 -
vendor/current/source3/smbd/sesssetup.c
r988 r989 131 131 struct smbd_server_connection *sconn = req->sconn; 132 132 uint16_t action = 0; 133 bool is_authenticated = false; 133 134 NTTIME now = timeval_to_nttime(&req->request_time); 134 135 struct smbXsrv_session *session = NULL; … … 337 338 338 339 if (security_session_user_level(session_info, NULL) >= SECURITY_USER) { 340 is_authenticated = true; 339 341 session->compat->homes_snum = 340 342 register_homes_share(session_info->unix_info->unix_name); … … 342 344 343 345 if (srv_is_signing_negotiated(xconn) && 344 action == 0&&346 is_authenticated && 345 347 session->global->signing_key.length > 0) 346 348 { … … 602 604 uint16_t smb_flag2 = req->flags2; 603 605 uint16_t action = 0; 606 bool is_authenticated = false; 604 607 NTTIME now = timeval_to_nttime(&req->request_time); 605 608 struct smbXsrv_session *session = NULL; … … 1039 1042 1040 1043 if (security_session_user_level(session_info, NULL) >= SECURITY_USER) { 1044 is_authenticated = true; 1041 1045 session->compat->homes_snum = 1042 1046 register_homes_share(session_info->unix_info->unix_name); … … 1044 1048 1045 1049 if (srv_is_signing_negotiated(xconn) && 1046 action == 0&&1050 is_authenticated && 1047 1051 session->global->signing_key.length > 0) 1048 1052 { -
vendor/current/source3/smbd/smb2_glue.c
r988 r989 49 49 FLAGS2_LONG_PATH_COMPONENTS | 50 50 FLAGS2_IS_LONG_NAME; 51 52 /* This is not documented in revision 49 of [MS-SMB2] but should be 53 * added in a later revision (and torture test smb2.read.access 54 * as well as smb2.ioctl_copy_chunk_bad_access against 55 * Server 2012R2 confirms this) 56 * 57 * If FILE_EXECUTE is granted to a handle then the SMB2 server 58 * acts as if FILE_READ_DATA has also been granted. We must still 59 * keep the original granted mask, because with ioctl requests, 60 * access checks are made on the file handle, "below" the SMB2 61 * server, and the object store below the SMB layer is not aware 62 * of this arrangement (see smb2.ioctl.copy_chunk_bad_access 63 * torture test). 64 */ 65 smbreq->flags2 |= FLAGS2_READ_PERMIT_EXECUTE; 66 51 67 if (IVAL(inhdr, SMB2_HDR_FLAGS) & SMB2_HDR_FLAG_DFS) { 52 68 smbreq->flags2 |= FLAGS2_DFS_PATHNAMES; -
vendor/current/source3/smbd/smb2_ioctl_filesys.c
r988 r989 49 49 /* Windows doesn't check for SEC_FILE_READ_ATTRIBUTE permission here */ 50 50 51 if ((fsp->conn->fs_capabilities & FILE_FILE_COMPRESSION) == 0) {52 DEBUG(4, ("FS does not advertise compression support\n"));53 return NT_STATUS_NOT_SUPPORTED;54 }55 56 51 ZERO_STRUCT(cmpr_state); 57 status = SMB_VFS_GET_COMPRESSION(fsp->conn, 58 mem_ctx, 59 fsp, 60 NULL, 61 &cmpr_state.format); 62 if (!NT_STATUS_IS_OK(status)) { 63 return status; 52 if (fsp->conn->fs_capabilities & FILE_FILE_COMPRESSION) { 53 status = SMB_VFS_GET_COMPRESSION(fsp->conn, 54 mem_ctx, 55 fsp, 56 NULL, 57 &cmpr_state.format); 58 if (!NT_STATUS_IS_OK(status)) { 59 return status; 60 } 61 } else { 62 /* 63 * bso#12144: The underlying filesystem doesn't support 64 * compression, so we should respond with "not-compressed" 65 * (like WS2016 ReFS) instead of STATUS_NOT_SUPPORTED or 66 * NT_STATUS_INVALID_DEVICE_REQUEST. 67 */ 68 cmpr_state.format = COMPRESSION_FORMAT_NONE; 64 69 } 65 70 -
vendor/current/source3/smbd/smb2_ioctl_network_fs.c
r988 r989 118 118 * FILE_READ_DATA, and the CtlCode is FSCTL_SRV_COPYCHUNK. 119 119 */ 120 if ((ctl_code == FSCTL_SRV_COPYCHUNK) 121 && !CHECK_READ(dst_fsp, smb1req)) {120 if ((ctl_code == FSCTL_SRV_COPYCHUNK) && 121 !CHECK_READ_IOCTL(dst_fsp, smb1req)) { 122 122 DEBUG(5, ("copy chunk no read on dest handle (%s).\n", 123 123 smb_fname_str_dbg(dst_fsp->fsp_name) )); -
vendor/current/source3/smbd/smb2_server.c
r988 r989 47 47 uint16_t fileid_ofs; 48 48 bool allow_invalid_fileid; 49 bool modify; 49 50 } smbd_smb2_table[] = { 50 51 #define _OP(o) .opcode = o, .name = #o … … 99 100 .need_tcon = true, 100 101 .fileid_ofs = 0x10, 102 .modify = true, 101 103 },{ 102 104 _OP(SMB2_OP_LOCK), … … 110 112 .fileid_ofs = 0x08, 111 113 .allow_invalid_fileid = true, 114 .modify = true, 112 115 },{ 113 116 _OP(SMB2_OP_CANCEL), … … 136 139 .need_tcon = true, 137 140 .fileid_ofs = 0x10, 141 .modify = true, 138 142 },{ 139 143 _OP(SMB2_OP_BREAK), … … 2108 2112 } 2109 2113 2114 static NTSTATUS smbd_smb2_request_dispatch_update_counts( 2115 struct smbd_smb2_request *req, 2116 bool modify_call) 2117 { 2118 struct smbXsrv_connection *xconn = req->xconn; 2119 const uint8_t *inhdr; 2120 uint16_t channel_sequence; 2121 uint32_t flags; 2122 int cmp; 2123 struct smbXsrv_open *op; 2124 bool update_open = false; 2125 NTSTATUS status = NT_STATUS_OK; 2126 2127 req->request_counters_updated = false; 2128 2129 if (xconn->protocol < PROTOCOL_SMB2_22) { 2130 return NT_STATUS_OK; 2131 } 2132 2133 if (req->compat_chain_fsp == NULL) { 2134 return NT_STATUS_OK; 2135 } 2136 2137 op = req->compat_chain_fsp->op; 2138 if (op == NULL) { 2139 return NT_STATUS_OK; 2140 } 2141 2142 inhdr = SMBD_SMB2_IN_HDR_PTR(req); 2143 flags = IVAL(inhdr, SMB2_HDR_FLAGS); 2144 channel_sequence = SVAL(inhdr, SMB2_HDR_CHANNEL_SEQUENCE); 2145 2146 cmp = channel_sequence - op->global->channel_sequence; 2147 2148 if (abs(cmp) > INT16_MAX) { 2149 /* 2150 * [MS-SMB2] 3.3.5.2.10 - Verifying the Channel Sequence Number: 2151 * 2152 * If the channel sequence number of the request and the one 2153 * known to the server are not equal, the channel sequence 2154 * number and outstanding request counts are only updated 2155 * "... if the unsigned difference using 16-bit arithmetic 2156 * between ChannelSequence and Open.ChannelSequence is less than 2157 * or equal to 0x7FFF ...". 2158 * Otherwise, an error is returned for the modifying 2159 * calls write, set_info, and ioctl. 2160 * 2161 * There are currently two issues with the description: 2162 * 2163 * * For the other calls, the document seems to imply 2164 * that processing continues without adapting the 2165 * counters (if the sequence numbers are not equal). 2166 * 2167 * TODO: This needs clarification! 2168 * 2169 * * Also, the behaviour if the difference is larger 2170 * than 0x7FFF is not clear. The document seems to 2171 * imply that if such a difference is reached, 2172 * the server starts to ignore the counters or 2173 * in the case of the modifying calls, return errors. 2174 * 2175 * TODO: This needs clarification! 2176 * 2177 * At this point Samba tries to be a little more 2178 * clever than the description in the MS-SMB2 document 2179 * by heuristically detecting and properly treating 2180 * a 16 bit overflow of the client-submitted sequence 2181 * number: 2182 * 2183 * If the stored channel squence number is more than 2184 * 0x7FFF larger than the one from the request, then 2185 * the client-provided sequence number has likely 2186 * overflown. We treat this case as valid instead 2187 * of as failure. 2188 * 2189 * The MS-SMB2 behaviour would be setting cmp = -1. 2190 */ 2191 cmp *= -1; 2192 } 2193 2194 if (!(flags & SMB2_HDR_FLAG_REPLAY_OPERATION)) { 2195 if (cmp == 0) { 2196 op->request_count += 1; 2197 req->request_counters_updated = true; 2198 } else if (cmp > 0) { 2199 op->pre_request_count += op->request_count; 2200 op->request_count = 1; 2201 op->global->channel_sequence = channel_sequence; 2202 update_open = true; 2203 req->request_counters_updated = true; 2204 } else if (modify_call) { 2205 return NT_STATUS_FILE_NOT_AVAILABLE; 2206 } 2207 } else { 2208 if (cmp == 0 && op->pre_request_count == 0) { 2209 op->request_count += 1; 2210 req->request_counters_updated = true; 2211 } else if (cmp > 0 && op->pre_request_count == 0) { 2212 op->pre_request_count += op->request_count; 2213 op->request_count = 1; 2214 op->global->channel_sequence = channel_sequence; 2215 update_open = true; 2216 req->request_counters_updated = true; 2217 } else if (modify_call) { 2218 return NT_STATUS_FILE_NOT_AVAILABLE; 2219 } 2220 } 2221 2222 if (update_open) { 2223 status = smbXsrv_open_update(op); 2224 } 2225 2226 return status; 2227 } 2228 2110 2229 NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) 2111 2230 { … … 2405 2524 } 2406 2525 2526 status = smbd_smb2_request_dispatch_update_counts(req, call->modify); 2527 if (!NT_STATUS_IS_OK(status)) { 2528 return smbd_smb2_request_error(req, status); 2529 } 2530 2407 2531 if (call->as_root) { 2408 2532 SMB_ASSERT(call->fileid_ofs == 0); … … 2553 2677 } 2554 2678 2679 static void smbd_smb2_request_reply_update_counts(struct smbd_smb2_request *req) 2680 { 2681 struct smbXsrv_connection *xconn = req->xconn; 2682 const uint8_t *inhdr; 2683 uint16_t channel_sequence; 2684 struct smbXsrv_open *op; 2685 2686 if (!req->request_counters_updated) { 2687 return; 2688 } 2689 2690 if (xconn->protocol < PROTOCOL_SMB2_22) { 2691 return; 2692 } 2693 2694 if (req->compat_chain_fsp == NULL) { 2695 return; 2696 } 2697 2698 op = req->compat_chain_fsp->op; 2699 if (op == NULL) { 2700 return; 2701 } 2702 2703 inhdr = SMBD_SMB2_IN_HDR_PTR(req); 2704 channel_sequence = SVAL(inhdr, SMB2_HDR_CHANNEL_SEQUENCE); 2705 2706 if (op->global->channel_sequence == channel_sequence) { 2707 SMB_ASSERT(op->request_count > 0); 2708 op->request_count -= 1; 2709 } else { 2710 SMB_ASSERT(op->pre_request_count > 0); 2711 op->pre_request_count -= 1; 2712 } 2713 } 2714 2555 2715 static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req) 2556 2716 { … … 2565 2725 req->subreq = NULL; 2566 2726 TALLOC_FREE(req->async_te); 2727 2728 /* MS-SMB2: 3.3.4.1 Sending Any Outgoing Message */ 2729 smbd_smb2_request_reply_update_counts(req); 2567 2730 2568 2731 if (req->do_encryption && -
vendor/current/source3/smbd/trans2.c
r988 r989 3378 3378 uint64_t dfree,dsize,bsize,block_size,sectors_per_unit; 3379 3379 data_len = 18; 3380 df_ret = get_dfree_info(conn, filename, &bsize, &dfree,3381 &d size);3380 df_ret = get_dfree_info(conn, &smb_fname, &bsize, 3381 &dfree, &dsize); 3382 3382 if (df_ret == (uint64_t)-1) { 3383 3383 return map_nt_error_from_unix(errno); … … 3529 3529 uint64_t dfree,dsize,bsize,block_size,sectors_per_unit; 3530 3530 data_len = 24; 3531 df_ret = get_dfree_info(conn, filename, &bsize, &dfree,3532 &d size);3531 df_ret = get_dfree_info(conn, &smb_fname, &bsize, 3532 &dfree, &dsize); 3533 3533 if (df_ret == (uint64_t)-1) { 3534 3534 return map_nt_error_from_unix(errno); … … 3563 3563 uint64_t dfree,dsize,bsize,block_size,sectors_per_unit; 3564 3564 data_len = 32; 3565 df_ret = get_dfree_info(conn, filename, &bsize, &dfree,3566 &d size);3565 df_ret = get_dfree_info(conn, &smb_fname, &bsize, 3566 &dfree, &dsize); 3567 3567 if (df_ret == (uint64_t)-1) { 3568 3568 return map_nt_error_from_unix(errno); … … 4153 4153 /* Here is where we must switch to posix pathname processing... */ 4154 4154 if (xconn->smb1.unix_info.client_cap_low & CIFS_UNIX_POSIX_PATHNAMES_CAP) { 4155 lp_set_posix_pathnames();4155 (void)lp_set_posix_pathnames(true); 4156 4156 mangle_change_to_posix(); 4157 4157 } … … 5701 5701 if (info_level == SMB_QUERY_FILE_UNIX_BASIC || 5702 5702 info_level == SMB_QUERY_FILE_UNIX_INFO2 || 5703 info_level == SMB_QUERY_FILE_UNIX_LINK) { 5703 info_level == SMB_QUERY_FILE_UNIX_LINK || 5704 req->posix_pathnames) { 5704 5705 ucf_flags |= UCF_UNIX_NAME_LOOKUP; 5705 5706 } … … 5762 5763 } 5763 5764 5764 if (INFO_LEVEL_IS_UNIX(info_level) ) {5765 if (INFO_LEVEL_IS_UNIX(info_level) || req->posix_pathnames) { 5765 5766 /* Always do lstat for UNIX calls. */ 5766 5767 if (SMB_VFS_LSTAT(conn, smb_fname_base) != 0) { … … 5808 5809 } 5809 5810 5810 if (INFO_LEVEL_IS_UNIX(info_level) ) {5811 if (INFO_LEVEL_IS_UNIX(info_level) || req->posix_pathnames) { 5811 5812 /* Always do lstat for UNIX calls. */ 5812 5813 if (SMB_VFS_LSTAT(conn, smb_fname)) { -
vendor/current/source3/smbd/vfs.c
r988 r989 594 594 len -= fsp->fsp_name->st.st_ex_size; 595 595 len /= 1024; /* Len is now number of 1k blocks needed. */ 596 space_avail = get_dfree_info(conn, fsp->fsp_name->base_name,597 596 space_avail = 597 get_dfree_info(conn, fsp->fsp_name, &bsize, &dfree, &dsize); 598 598 if (space_avail == (uint64_t)-1) { 599 599 return -1; -
vendor/current/source3/utils/net_ads.c
r988 r989 1597 1597 } 1598 1598 1599 /* print out informative error string in case there is one */ 1600 if (r->out.error_string != NULL) { 1601 d_printf("%s\n", r->out.error_string); 1602 } 1603 1599 1604 /* 1600 1605 * We try doing the dns update (if it was compiled in -
vendor/current/source3/utils/net_printing.c
r988 r989 265 265 266 266 if (strncmp((const char *)kbuf.dptr, FORMS_PREFIX, strlen(FORMS_PREFIX)) == 0) { 267 dump_form(ctx, (const char *)kbuf.dptr+strlen(FORMS_PREFIX), dbuf.dptr, dbuf.dsize); 267 char *key_name = NULL; 268 size_t converted_size = 0; 269 bool ok; 270 271 ok = pull_ascii_talloc(ctx, 272 &key_name, 273 (const char *) kbuf.dptr + strlen(FORMS_PREFIX), 274 &converted_size); 275 if (!ok) { 276 continue; 277 } 278 279 dump_form(ctx, key_name, dbuf.dptr, dbuf.dsize); 280 TALLOC_FREE(key_name); 268 281 SAFE_FREE(dbuf.dptr); 269 282 continue; … … 271 284 272 285 if (strncmp((const char *)kbuf.dptr, DRIVERS_PREFIX, strlen(DRIVERS_PREFIX)) == 0) { 286 char *key_name = NULL; 287 size_t converted_size = 0; 288 bool ok; 289 290 ok = pull_ascii_talloc(ctx, 291 &key_name, 292 (const char *) kbuf.dptr + strlen(DRIVERS_PREFIX), 293 &converted_size); 294 if (!ok) { 295 continue; 296 } 297 273 298 dump_driver(ctx, 274 (const char *)kbuf.dptr+strlen(DRIVERS_PREFIX),299 key_name, 275 300 dbuf.dptr, 276 301 dbuf.dsize, 277 302 do_string_conversion); 303 TALLOC_FREE(key_name); 278 304 SAFE_FREE(dbuf.dptr); 279 305 continue; … … 281 307 282 308 if (strncmp((const char *)kbuf.dptr, PRINTERS_PREFIX, strlen(PRINTERS_PREFIX)) == 0) { 309 char *key_name = NULL; 310 size_t converted_size = 0; 311 bool ok; 312 313 ok = pull_ascii_talloc(ctx, 314 &key_name, 315 (const char *) kbuf.dptr + strlen(PRINTERS_PREFIX), 316 &converted_size); 317 if (!ok) { 318 continue; 319 } 320 283 321 dump_printer(ctx, 284 (const char *)kbuf.dptr+strlen(PRINTERS_PREFIX),322 key_name, 285 323 dbuf.dptr, 286 324 dbuf.dsize, 287 325 do_string_conversion); 326 TALLOC_FREE(key_name); 288 327 SAFE_FREE(dbuf.dptr); 289 328 continue; … … 358 397 359 398 if (strncmp((const char *) kbuf.dptr, FORMS_PREFIX, strlen(FORMS_PREFIX)) == 0) { 399 char *key_name = NULL; 400 size_t converted_size = 0; 401 bool ok; 402 403 ok = pull_ascii_talloc(tmp_ctx, 404 &key_name, 405 (const char *) kbuf.dptr + strlen(FORMS_PREFIX), 406 &converted_size); 407 if (!ok) { 408 continue; 409 } 410 360 411 printing_tdb_migrate_form(tmp_ctx, 361 412 winreg_pipe, 362 (const char *) kbuf.dptr + strlen(FORMS_PREFIX),413 key_name, 363 414 dbuf.dptr, 364 415 dbuf.dsize); 416 TALLOC_FREE(key_name); 365 417 SAFE_FREE(dbuf.dptr); 366 418 continue; … … 368 420 369 421 if (strncmp((const char *) kbuf.dptr, DRIVERS_PREFIX, strlen(DRIVERS_PREFIX)) == 0) { 422 char *key_name = NULL; 423 size_t converted_size = 0; 424 bool ok; 425 426 ok = pull_ascii_talloc(tmp_ctx, 427 &key_name, 428 (const char *) kbuf.dptr + strlen(DRIVERS_PREFIX), 429 &converted_size); 430 if (!ok) { 431 continue; 432 } 433 370 434 printing_tdb_migrate_driver(tmp_ctx, 371 435 winreg_pipe, 372 (const char *) kbuf.dptr + strlen(DRIVERS_PREFIX),436 key_name, 373 437 dbuf.dptr, 374 438 dbuf.dsize, 375 439 do_string_conversion); 440 TALLOC_FREE(key_name); 376 441 SAFE_FREE(dbuf.dptr); 377 442 continue; … … 379 444 380 445 if (strncmp((const char *) kbuf.dptr, PRINTERS_PREFIX, strlen(PRINTERS_PREFIX)) == 0) { 446 char *key_name = NULL; 447 size_t converted_size = 0; 448 bool ok; 449 450 ok = pull_ascii_talloc(tmp_ctx, 451 &key_name, 452 (const char *) kbuf.dptr + strlen(PRINTERS_PREFIX), 453 &converted_size); 454 if (!ok) { 455 continue; 456 } 457 381 458 printing_tdb_migrate_printer(tmp_ctx, 382 459 winreg_pipe, 383 (const char *) kbuf.dptr + strlen(PRINTERS_PREFIX),460 key_name, 384 461 dbuf.dptr, 385 462 dbuf.dsize, 386 463 do_string_conversion); 464 TALLOC_FREE(key_name); 387 465 SAFE_FREE(dbuf.dptr); 388 466 continue; -
vendor/current/source3/utils/net_rpc.c
r988 r989 429 429 } 430 430 431 /* print out informative error string in case there is one */ 432 if (r->out.error_string != NULL) { 433 d_printf("%s\n", r->out.error_string); 434 } 435 431 436 TALLOC_FREE(mem_ctx); 432 437 … … 606 611 d_printf("Joined '%s' to domain '%s'\n", r->in.machine_name, 607 612 r->out.netbios_domain_name); 613 } 614 615 /* print out informative error string in case there is one */ 616 if (r->out.error_string != NULL) { 617 d_printf("%s\n", r->out.error_string); 608 618 } 609 619 -
vendor/current/source3/utils/ntlm_auth.c
r988 r989 28 28 #include "lib/param/param.h" 29 29 #include "popt_common.h" 30 #include "libcli/security/security.h" 30 31 #include "utils/ntlm_auth.h" 31 32 #include "../libcli/auth/libcli_auth.h" … … 711 712 struct auth_session_info **session_info_out) 712 713 { 713 char *unix_username = (char *)server_returned_info; 714 struct auth_session_info *session_info = talloc_zero(mem_ctx, struct auth_session_info); 715 if (!session_info) { 714 const char *unix_username = (const char *)server_returned_info; 715 bool ok; 716 struct dom_sid *sids = NULL; 717 struct auth_session_info *session_info = NULL; 718 719 session_info = talloc_zero(mem_ctx, struct auth_session_info); 720 if (session_info == NULL) { 716 721 return NT_STATUS_NO_MEMORY; 717 722 } 718 723 719 724 session_info->unix_info = talloc_zero(session_info, struct auth_user_info_unix); 720 if ( !session_info->unix_info) {725 if (session_info->unix_info == NULL) { 721 726 TALLOC_FREE(session_info); 722 727 return NT_STATUS_NO_MEMORY; 723 728 } 724 session_info->unix_info->unix_name = talloc_steal(session_info->unix_info, unix_username); 729 session_info->unix_info->unix_name = talloc_strdup(session_info->unix_info, 730 unix_username); 731 if (session_info->unix_info->unix_name == NULL) { 732 TALLOC_FREE(session_info); 733 return NT_STATUS_NO_MEMORY; 734 } 735 736 session_info->security_token = talloc_zero(session_info, struct security_token); 737 if (session_info->security_token == NULL) { 738 TALLOC_FREE(session_info); 739 return NT_STATUS_NO_MEMORY; 740 } 741 742 sids = talloc_zero_array(session_info->security_token, 743 struct dom_sid, 3); 744 if (sids == NULL) { 745 TALLOC_FREE(session_info); 746 return NT_STATUS_NO_MEMORY; 747 } 748 ok = dom_sid_parse(SID_WORLD, &sids[0]); 749 if (!ok) { 750 TALLOC_FREE(session_info); 751 return NT_STATUS_INTERNAL_ERROR; 752 } 753 ok = dom_sid_parse(SID_NT_NETWORK, &sids[1]); 754 if (!ok) { 755 TALLOC_FREE(session_info); 756 return NT_STATUS_INTERNAL_ERROR; 757 } 758 ok = dom_sid_parse(SID_NT_AUTHENTICATED_USERS, &sids[2]); 759 if (!ok) { 760 TALLOC_FREE(session_info); 761 return NT_STATUS_INTERNAL_ERROR; 762 } 763 764 session_info->security_token->num_sids = talloc_array_length(sids); 765 session_info->security_token->sids = sids; 725 766 726 767 *session_info_out = session_info; -
vendor/current/source3/utils/smbcquotas.c
r988 r989 569 569 struct cli_state *cli; 570 570 bool fix_user = False; 571 bool ok; 571 572 SMB_NTQUOTA_STRUCT qt; 572 573 TALLOC_CTX *frame = talloc_stackframe(); … … 602 603 fault_setup(); 603 604 604 lp_load_global(get_dyn_CONFIGFILE());605 load_interfaces();606 607 605 smbcquotas_auth_info = user_auth_info_init(frame); 608 606 if (smbcquotas_auth_info == NULL) { … … 695 693 popt_burn_cmdline_password(argc, argv); 696 694 695 ok = lp_load_global(get_dyn_CONFIGFILE()); 696 if (!ok) { 697 DBG_ERR("ERROR: Loading config file %s - " 698 "run testparm to debug it\n", 699 get_dyn_CONFIGFILE()); 700 exit(EXIT_PARSE_ERROR); 701 } 702 703 /* We must load interfaces after we load the smb.conf */ 704 load_interfaces(); 705 697 706 string_replace(path, '/', '\\'); 698 707 -
vendor/current/source3/utils/smbget.c
r988 r989 106 106 static char *savedun; 107 107 static char *savedpw; 108 char tmp[128];109 108 110 109 if (hasasked) { … … 116 115 hasasked = true; 117 116 118 if (!opt.nonprompt && !opt.username_specified) { 119 printf("Username for %s at %s [guest] ", shr, srv); 120 if (fgets(tmp, sizeof(tmp), stdin) == NULL) { 121 return; 122 } 123 if ((strlen(tmp) > 0) && (tmp[strlen(tmp) - 1] == '\n')) { 124 tmp[strlen(tmp) - 1] = '\0'; 125 } 126 strncpy(un, tmp, unlen - 1); 127 } else if (opt.username != NULL) { 117 /* 118 * If no user has been specified un is initialized with the current 119 * username of the user who started smbget. 120 */ 121 if (opt.username_specified) { 128 122 strncpy(un, opt.username, unlen - 1); 129 123 } 130 124 131 if (!opt.nonprompt && !opt.password_specified ) {125 if (!opt.nonprompt && !opt.password_specified && pw[0] == '\0') { 132 126 char *prompt; 133 if (asprintf(&prompt, "Password for %s at %s: ", shr, srv) == 134 -1) { 127 int rc; 128 129 rc = asprintf(&prompt, 130 "Password for [%s] connecting to //%s/%s: ", 131 un, shr, srv); 132 if (rc == -1) { 135 133 return; 136 134 } -
vendor/current/source3/winbindd/idmap_rfc2307.c
r988 r989 671 671 672 672 default: 673 DEBUG(10, ("Nothing to do for SID %s, " 674 "previous name lookup failed\n", 675 sid_string_dbg(map->map->sid))); 673 break; 676 674 } 677 675 -
vendor/current/source3/winbindd/idmap_util.c
r988 r989 161 161 bool idmap_unix_id_is_in_range(uint32_t id, struct idmap_domain *dom) 162 162 { 163 if (id == 0) {164 /* 0 is not an allowed unix id for id mapping */165 return false;166 }167 168 163 if ((dom->low_id && (id < dom->low_id)) || 169 164 (dom->high_id && (id > dom->high_id))) -
vendor/current/source3/winbindd/wb_lookupsids.c
r988 r989 73 73 */ 74 74 uint32_t *single_sids; 75 /* Pointer into the "domains" array above*/ 76 struct wb_lookupsids_domain **single_domains; 75 77 uint32_t num_single_sids; 76 78 uint32_t single_sids_done; … … 126 128 state->single_sids = talloc_array(state, uint32_t, num_sids); 127 129 if (tevent_req_nomem(state->single_sids, req)) { 130 return tevent_req_post(req, ev); 131 } 132 state->single_domains = talloc_zero_array(state, 133 struct wb_lookupsids_domain *, 134 num_sids); 135 if (tevent_req_nomem(state->single_domains, req)) { 128 136 return tevent_req_post(req, ev); 129 137 } … … 456 464 state->single_sids[state->num_single_sids] = 457 465 res_sid_index; 466 state->single_domains[state->num_single_sids] = d; 458 467 state->num_single_sids += 1; 459 468 } … … 515 524 TALLOC_FREE(subreq); 516 525 if (!NT_STATUS_IS_OK(status)) { 526 struct wb_lookupsids_domain *wb_domain; 527 const char *tmpname; 528 517 529 type = SID_NAME_UNKNOWN; 518 530 519 domain_name = talloc_strdup(talloc_tos(), ""); 531 wb_domain = state->single_domains[state->single_sids_done]; 532 if (wb_domain != NULL) { 533 /* 534 * If the lookupsid failed because the rid not 535 * found in a domain and we have a reference 536 * to the lookup domain, use the name from 537 * there. 538 * 539 * Callers like sid2xid will use the domain 540 * name in the idmap backend to figure out 541 * which domain to use in processing. 542 */ 543 tmpname = wb_domain->domain->name; 544 } else { 545 tmpname = ""; 546 } 547 domain_name = talloc_strdup(talloc_tos(), tmpname); 520 548 if (tevent_req_nomem(domain_name, req)) { 521 549 return; -
vendor/current/source3/winbindd/winbindd_cache.c
r988 r989 510 510 511 511 /* 512 refresh the domain sequence number. If force is true 513 then always refresh it, no matter how recently we fetched it 512 refresh the domain sequence number on timeout. 514 513 */ 515 514 516 static void refresh_sequence_number(struct winbindd_domain *domain , bool force)515 static void refresh_sequence_number(struct winbindd_domain *domain) 517 516 { 518 517 NTSTATUS status; … … 537 536 538 537 /* see if we have to refetch the domain sequence number */ 539 if ( !force &&(time_diff < cache_time) &&538 if ((time_diff < cache_time) && 540 539 (domain->sequence_number != DOM_SEQUENCE_NONE) && 541 540 NT_STATUS_IS_OK(domain->last_status)) { … … 711 710 } 712 711 713 refresh_sequence_number(domain , false);712 refresh_sequence_number(domain); 714 713 715 714 va_start(ap, format); … … 1559 1558 1560 1559 /* and save it */ 1561 refresh_sequence_number(domain , false);1560 refresh_sequence_number(domain); 1562 1561 if (!NT_STATUS_IS_OK(status)) { 1563 1562 return status; … … 1671 1670 } 1672 1671 /* and save it */ 1673 refresh_sequence_number(domain , false);1672 refresh_sequence_number(domain); 1674 1673 if (!NT_STATUS_IS_OK(status)) { 1675 1674 return status; … … 1776 1775 } 1777 1776 /* and save it */ 1778 refresh_sequence_number(domain , false);1777 refresh_sequence_number(domain); 1779 1778 if (!NT_STATUS_IS_OK(status)) { 1780 1779 return status; … … 1891 1890 } 1892 1891 /* and save it */ 1893 refresh_sequence_number(domain , false);1892 refresh_sequence_number(domain); 1894 1893 1895 1894 if (domain->online && … … 2005 2004 } 2006 2005 /* and save it */ 2007 refresh_sequence_number(domain , false);2006 refresh_sequence_number(domain); 2008 2007 if (!NT_STATUS_IS_OK(status)) { 2009 2008 return status; … … 2230 2229 } 2231 2230 2232 refresh_sequence_number(domain , false);2231 refresh_sequence_number(domain); 2233 2232 2234 2233 for (i=0; i<num_rids; i++) { … … 2391 2390 } 2392 2391 /* and save it */ 2393 refresh_sequence_number(domain , false);2392 refresh_sequence_number(domain); 2394 2393 if (!NT_STATUS_IS_OK(status)) { 2395 2394 return status; … … 2509 2508 2510 2509 /* and save it */ 2511 refresh_sequence_number(domain , false);2510 refresh_sequence_number(domain); 2512 2511 if (!NT_STATUS_IS_OK(status)) { 2513 2512 return status; … … 2662 2661 } 2663 2662 /* and save it */ 2664 refresh_sequence_number(domain , false);2663 refresh_sequence_number(domain); 2665 2664 if (!NT_STATUS_IS_OK(status)) { 2666 2665 return status; … … 2798 2797 } 2799 2798 /* and save it */ 2800 refresh_sequence_number(domain , false);2799 refresh_sequence_number(domain); 2801 2800 if (!NT_STATUS_IS_OK(status)) { 2802 2801 return status; … … 2821 2820 static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32_t *seq) 2822 2821 { 2823 refresh_sequence_number(domain , false);2822 refresh_sequence_number(domain); 2824 2823 2825 2824 *seq = domain->sequence_number; … … 2999 2998 } 3000 2999 /* and save it */ 3001 refresh_sequence_number(domain, false);3000 refresh_sequence_number(domain); 3002 3001 if (!NT_STATUS_IS_OK(status)) { 3003 3002 return status; … … 3071 3070 } 3072 3071 /* and save it */ 3073 refresh_sequence_number(domain , false);3072 refresh_sequence_number(domain); 3074 3073 if (!NT_STATUS_IS_OK(status)) { 3075 3074 return status; … … 3332 3331 } 3333 3332 3333 /* 3334 * Cache a name to sid without checking the sequence number. 3335 * Used when caching from a trusted PAC. 3336 */ 3337 3338 void cache_name2sid_trusted(struct winbindd_domain *domain, 3339 const char *domain_name, 3340 const char *name, 3341 enum lsa_SidType type, 3342 const struct dom_sid *sid) 3343 { 3344 /* 3345 * Ensure we store the mapping with the 3346 * existing sequence number from the cache. 3347 */ 3348 get_cache(domain); 3349 (void)fetch_cache_seqnum(domain, time(NULL)); 3350 wcache_save_name_to_sid(domain, 3351 NT_STATUS_OK, 3352 domain_name, 3353 name, 3354 sid, 3355 type); 3356 } 3357 3334 3358 void cache_name2sid(struct winbindd_domain *domain, 3335 3359 const char *domain_name, const char *name, 3336 3360 enum lsa_SidType type, const struct dom_sid *sid) 3337 3361 { 3338 refresh_sequence_number(domain , false);3362 refresh_sequence_number(domain); 3339 3363 wcache_save_name_to_sid(domain, NT_STATUS_OK, domain_name, name, 3340 3364 sid, type); … … 3472 3496 NTSTATUS status; 3473 3497 int ret; 3474 struct cred_list *cred, * oldest = NULL;3498 struct cred_list *cred, *next, *oldest = NULL; 3475 3499 3476 3500 if (!cache->tdb) { … … 3541 3565 } 3542 3566 done: 3543 SAFE_FREE(wcache_cred_list); 3567 for (cred = wcache_cred_list; cred; cred = next) { 3568 next = cred->next; 3569 DLIST_REMOVE(wcache_cred_list, cred); 3570 SAFE_FREE(cred); 3571 } 3544 3572 SAFE_FREE(oldest); 3545 3573 -
vendor/current/source3/winbindd/winbindd_dual.c
r988 r989 836 836 DEBUG(10,("winbind_msg_dump_event_list received\n")); 837 837 838 dump_event_list(winbind_event_context());838 DBG_WARNING("dump event list no longer implemented\n"); 839 839 840 840 for (child = winbindd_children; child != NULL; child = child->next) { … … 1241 1241 { 1242 1242 DEBUG(5,("child_msg_dump_event_list received\n")); 1243 1244 dump_event_list(winbind_event_context()); 1243 DBG_WARNING("dump_event_list no longer implemented\n"); 1245 1244 } 1246 1245 -
vendor/current/source3/winbindd/winbindd_dual_srv.c
r988 r989 203 203 for (j=0; j<num_ids; j++) { 204 204 struct wbint_TransID *id = &r->in.ids->ids[id_idx[j]]; 205 206 if (!idmap_unix_id_is_in_range(ids[j].xid.id, dom)) { 207 ids[j].status = ID_UNMAPPED; 208 } 205 209 206 210 if (ids[j].status != ID_MAPPED) { -
vendor/current/source3/winbindd/winbindd_pam.c
r988 r989 2560 2560 2561 2561 if (logon_info) { 2562 /* Signature verification succeeded, trust the PAC */ 2562 /* 2563 * Signature verification succeeded, we can 2564 * trust the PAC and prime the netsamlogon 2565 * and name2sid caches. DO NOT DO THIS 2566 * in the signature verification failed 2567 * code path. 2568 */ 2569 struct winbindd_domain *domain = NULL; 2570 2563 2571 result = create_info3_from_pac_logon_info(state->mem_ctx, 2564 2572 logon_info, … … 2568 2576 } 2569 2577 netsamlogon_cache_store(NULL, info3_copy); 2578 2579 /* 2580 * We're in the parent here, so find the child 2581 * pointer from the PAC domain name. 2582 */ 2583 domain = find_domain_from_name_noinit( 2584 info3_copy->base.logon_domain.string); 2585 if (domain && domain->primary ) { 2586 struct dom_sid user_sid; 2587 2588 sid_compose(&user_sid, 2589 info3_copy->base.domain_sid, 2590 info3_copy->base.rid); 2591 2592 cache_name2sid_trusted(domain, 2593 info3_copy->base.logon_domain.string, 2594 info3_copy->base.account_name.string, 2595 SID_NAME_USER, 2596 &user_sid); 2597 2598 DBG_INFO("PAC for user %s\%s SID %s primed cache\n", 2599 info3_copy->base.logon_domain.string, 2600 info3_copy->base.account_name.string, 2601 sid_string_dbg(&user_sid)); 2602 } 2570 2603 2571 2604 } else { -
vendor/current/source3/winbindd/winbindd_proto.h
r988 r989 87 87 struct dom_sid *sid, 88 88 enum lsa_SidType *type); 89 void cache_name2sid_trusted(struct winbindd_domain *domain, 90 const char *domain_name, 91 const char *name, 92 enum lsa_SidType type, 93 const struct dom_sid *sid); 89 94 void cache_name2sid(struct winbindd_domain *domain, 90 95 const char *domain_name, const char *name, -
vendor/current/source3/winbindd/winbindd_util.c
r988 r989 1103 1103 if ( !p ) { 1104 1104 fstrcpy(user, domuser); 1105 1106 if ( assume_domain(lp_workgroup())) { 1105 p = strchr(domuser, '@'); 1106 1107 if ( assume_domain(lp_workgroup()) && p == NULL) { 1107 1108 fstrcpy(domain, lp_workgroup()); 1108 } else if ( (p = strchr(domuser, '@'))!= NULL) {1109 } else if (p != NULL) { 1109 1110 fstrcpy(domain, p + 1); 1110 1111 user[PTR_DIFF(p, domuser)] = 0; -
vendor/current/source3/wscript
r988 r989 111 111 conf.CHECK_FUNCS('fdopendir') 112 112 conf.CHECK_FUNCS('fstatat') 113 conf.CHECK_FUNCS('getpwent_r setenv strcasecmp fcvt fcvtl')113 conf.CHECK_FUNCS('getpwent_r setenv clearenv strcasecmp fcvt fcvtl') 114 114 conf.CHECK_FUNCS('syslog vsyslog timegm setlocale') 115 115 conf.CHECK_FUNCS_IN('nanosleep', 'rt') -
vendor/current/source3/wscript_build
r988 r989 331 331 intl/lang_tdb.c 332 332 lib/gencache.c 333 lib/ events.c333 lib/util_event.c 334 334 lib/server_contexts.c 335 335 lib/server_prefork.c
Note:
See TracChangeset
for help on using the changeset viewer.
