[Pkg-samba-maint] r1755 - in branches/samba/upstream: . examples/logon/genlogon packaging/Example packaging/RHEL source source/auth source/client source/groupdb source/include source/lib source/lib/replace source/lib/replace/system source/libads source/libmsrpc source/libsmb source/modules source/nmbd source/nsswitch source/pam_smbpass source/param source/passdb source/python source/rpc_client source/rpc_parse source/rpc_server source/rpcclient source/smbd source/tdb/common source/tdb/tools source/torture source/utils
vorlon at alioth.debian.org
vorlon at alioth.debian.org
Sun Mar 9 10:22:44 UTC 2008
Author: vorlon
Date: 2008-03-09 10:22:43 +0000 (Sun, 09 Mar 2008)
New Revision: 1755
Added:
branches/samba/upstream/source/lib/ldap_debug_handler.c
Modified:
branches/samba/upstream/.gitignore
branches/samba/upstream/WHATSNEW.txt
branches/samba/upstream/examples/logon/genlogon/genlogon.pl
branches/samba/upstream/packaging/Example/setup.sh
branches/samba/upstream/packaging/RHEL/makerpms.sh
branches/samba/upstream/packaging/RHEL/samba.spec
branches/samba/upstream/source/Makefile.in
branches/samba/upstream/source/VERSION
branches/samba/upstream/source/auth/auth_domain.c
branches/samba/upstream/source/auth/auth_ntlmssp.c
branches/samba/upstream/source/auth/auth_server.c
branches/samba/upstream/source/auth/auth_util.c
branches/samba/upstream/source/client/client.c
branches/samba/upstream/source/client/mount.cifs.c
branches/samba/upstream/source/client/umount.cifs.c
branches/samba/upstream/source/configure
branches/samba/upstream/source/configure.in
branches/samba/upstream/source/groupdb/mapping.c
branches/samba/upstream/source/include/ads.h
branches/samba/upstream/source/include/config.h.in
branches/samba/upstream/source/include/includes.h
branches/samba/upstream/source/include/rpc_dce.h
branches/samba/upstream/source/include/rpc_samr.h
branches/samba/upstream/source/include/smb.h
branches/samba/upstream/source/include/version.h
branches/samba/upstream/source/lib/charcnv.c
branches/samba/upstream/source/lib/clobber.c
branches/samba/upstream/source/lib/replace/getpass.c
branches/samba/upstream/source/lib/replace/getpass.m4
branches/samba/upstream/source/lib/replace/libreplace.m4
branches/samba/upstream/source/lib/replace/system/network.h
branches/samba/upstream/source/lib/system.c
branches/samba/upstream/source/lib/util_str.c
branches/samba/upstream/source/libads/kerberos.c
branches/samba/upstream/source/libads/sasl.c
branches/samba/upstream/source/libads/util.c
branches/samba/upstream/source/libmsrpc/cac_samr.c
branches/samba/upstream/source/libsmb/cliconnect.c
branches/samba/upstream/source/libsmb/clierror.c
branches/samba/upstream/source/libsmb/clikrb5.c
branches/samba/upstream/source/libsmb/clilist.c
branches/samba/upstream/source/libsmb/clitrans.c
branches/samba/upstream/source/libsmb/nmblib.c
branches/samba/upstream/source/libsmb/smb_signing.c
branches/samba/upstream/source/libsmb/smbencrypt.c
branches/samba/upstream/source/libsmb/trusts_util.c
branches/samba/upstream/source/libsmb/unexpected.c
branches/samba/upstream/source/modules/vfs_default.c
branches/samba/upstream/source/modules/vfs_hpuxacl.c
branches/samba/upstream/source/modules/vfs_notify_fam.c
branches/samba/upstream/source/nmbd/nmbd.c
branches/samba/upstream/source/nmbd/nmbd_namelistdb.c
branches/samba/upstream/source/nmbd/nmbd_nameregister.c
branches/samba/upstream/source/nmbd/nmbd_packets.c
branches/samba/upstream/source/nmbd/nmbd_responserecordsdb.c
branches/samba/upstream/source/nsswitch/idmap.c
branches/samba/upstream/source/nsswitch/pam_winbind.c
branches/samba/upstream/source/nsswitch/winbind_nss_config.h
branches/samba/upstream/source/nsswitch/winbindd.c
branches/samba/upstream/source/nsswitch/winbindd_async.c
branches/samba/upstream/source/nsswitch/winbindd_cm.c
branches/samba/upstream/source/nsswitch/winbindd_cred_cache.c
branches/samba/upstream/source/nsswitch/winbindd_dual.c
branches/samba/upstream/source/nsswitch/winbindd_nss.h
branches/samba/upstream/source/nsswitch/winbindd_pam.c
branches/samba/upstream/source/nsswitch/winbindd_util.c
branches/samba/upstream/source/pam_smbpass/pam_smb_acct.c
branches/samba/upstream/source/pam_smbpass/pam_smb_auth.c
branches/samba/upstream/source/pam_smbpass/pam_smb_passwd.c
branches/samba/upstream/source/param/loadparm.c
branches/samba/upstream/source/passdb/lookup_sid.c
branches/samba/upstream/source/passdb/pdb_ldap.c
branches/samba/upstream/source/passdb/secrets.c
branches/samba/upstream/source/python/py_samr.c
branches/samba/upstream/source/rpc_client/cli_pipe.c
branches/samba/upstream/source/rpc_parse/parse_samr.c
branches/samba/upstream/source/rpc_server/srv_lsa_nt.c
branches/samba/upstream/source/rpc_server/srv_samr_nt.c
branches/samba/upstream/source/rpc_server/srv_spoolss_nt.c
branches/samba/upstream/source/rpc_server/srv_srvsvc_nt.c
branches/samba/upstream/source/rpcclient/cmd_samr.c
branches/samba/upstream/source/rpcclient/rpcclient.c
branches/samba/upstream/source/smbd/chgpasswd.c
branches/samba/upstream/source/smbd/dosmode.c
branches/samba/upstream/source/smbd/notify.c
branches/samba/upstream/source/smbd/notify_inotify.c
branches/samba/upstream/source/smbd/open.c
branches/samba/upstream/source/smbd/password.c
branches/samba/upstream/source/smbd/posix_acls.c
branches/samba/upstream/source/smbd/reply.c
branches/samba/upstream/source/smbd/server.c
branches/samba/upstream/source/smbd/sesssetup.c
branches/samba/upstream/source/smbd/trans2.c
branches/samba/upstream/source/tdb/common/io.c
branches/samba/upstream/source/tdb/tools/tdbtool.c
branches/samba/upstream/source/torture/torture.c
branches/samba/upstream/source/utils/net.c
branches/samba/upstream/source/utils/net_domain.c
branches/samba/upstream/source/utils/net_rpc.c
branches/samba/upstream/source/utils/net_rpc_join.c
branches/samba/upstream/source/utils/net_rpc_samsync.c
branches/samba/upstream/source/utils/net_sam.c
branches/samba/upstream/source/utils/smbcacls.c
branches/samba/upstream/source/utils/smbpasswd.c
branches/samba/upstream/source/utils/status.c
Log:
Load samba-3.0.28a into branches/samba/upstream.
Modified: branches/samba/upstream/.gitignore
===================================================================
--- branches/samba/upstream/.gitignore 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/.gitignore 2008-03-09 10:22:43 UTC (rev 1755)
@@ -28,4 +28,4 @@
source/library-versions
source/nsswitch/*.so
source/proto_exists
-source/winbindd/winbindd_proto.h
+source/nsswitch/winbindd_proto.h
Modified: branches/samba/upstream/WHATSNEW.txt
===================================================================
--- branches/samba/upstream/WHATSNEW.txt 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/WHATSNEW.txt 2008-03-09 10:22:43 UTC (rev 1755)
@@ -1,3 +1,205 @@
+ ===============================
+ Release Notes for Samba 3.0.28a
+ Mar 8, 2008
+ ===============================
+
+This is the second production release of the Samba 3.0.28 code
+base and is the version that servers should be run for for all
+current bug fixes.
+
+Major bug fixes included in Samba 3.0.28a are:
+
+ o Failure to join Windows 2008 domains
+ o Windows Vista (including SP1 RC) interop issues
+
+
+
+######################################################################
+Changes
+#######
+
+smb.conf changes
+----------------
+
+ Parameter Name Description Default
+ -------------- ----------- -------
+ administrative share New No
+ ldap debug level New 0
+ ldap debug threshold New 10
+
+
+Changes since 3.0.28
+--------------------
+
+o Michael Adam <obnox at samba.org>
+ * Fix bug in version string's vendor tag.
+ * Prevent net getdomainsid from crashing when called as non-root.
+ * BUG 4801: Correctly implement LSA lookup levels for LookupNames.
+ * Fixes for internal LookupNames() calls for unqualified users and
+ groups.
+ * Remove unnecessary functions when managing domain trust
+ passwords.
+ * Fix winbindd on a Samba DC talking to a trusted domain DC
+ (again).
+ * Consolidate the detection of the machine_account_name when
+ obtaining trust credentials from the local database.
+ * Refactor trust account database routines and session key
+ management.
+ * Fix retrieval of trusted domain password policies when
+ authenticating a user (only when WBFLAG_PAM_GET_PWD is config
+ flags is set).
+ * Refactor Winbind's cm_connect_sam().
+ * Enable building the notify_fam module.
+ * Add "ldap debug level" and "ldap debug threshold" smb.conf options.
+
+
+o Jeremy Allison <jra at samba.org>
+ * Fix cut-n-paste bug when filling in form values for Printer
+ info.
+ * Fix SMB signing bug found by Volker.
+ * Create locking.tdb when running smbstatus before smbd to avoid
+ confusing error messages.
+ * Add a portable version of strlcpy and strlcat.
+ * BUG 4780: Cause user mounts to inherit uid= and gid= from the
+ calling user when called as non-root, except when overridden on
+ the command line. Original patch by Steve Langasek.
+ * BUG 5802: Recent versions of Linux-PAM support localization of
+ user prompts, so Samba must use the C locale when invoking PAM
+ * Merge Vista principal detection changes by Andreas Schneider
+ from 3.2 branch.
+ * BUG 5121: Fix problems running unix passwd sync on streams based
+ systems.
+ * BUG 4612: Fix smbd crash when connecting from an OS/2 client.
+ * Back port Volker's ACL fixes on newly create files form 3.2.
+ * Ensure that send_getdc_request() matches the 3.2 code base.
+ * BUG 3617: Fix crash in nmbd caused by referencing freed memory.
+ * Fixes for issues reported by IBM checker.
+ * Fixes for issues reported by Coverity.
+ * Back port Volker's fix for nlink count.
+ * Back port SAMR flag fixes from Matt Geddes
+ <musicalcarrion at gmail.com>.
+ * BUG 4929: Cope with protected ACL set correctly (based on work
+ from Jim McDonough).
+ * Fix ACL set bug when group being set is the primary group.
+ * Ensure NDR wire-reads of string types are always null
+ terminated.
+ * BUG 5247: Fix mget wildcard expansion in smbclient.
+ * Fix bug in SPNEGO negotiation.
+ * BUG 3617: Fix "Invalid read of size 4" errors.
+ * BUG 5267: Prevent nmbd from shutting down when no network
+ interfaces can be located.
+
+
+o Kai Blin <kai at samba.org>
+ * libsmb: Do not upper-case target name on NTLMv2 hash generation.
+ * Fix an incompatible pointer type warning.
+
+
+o Gerald Carter <jerry at samba.org>
+ * Restrict the enctypes in the generated krb5.conf files to
+ Win2003 types.
+
+
+o Steven Danneman <steven.danneman at isilon.com>
+ * Error path memory leak fixes.
+
+
+o Guenther Deschner <gd at samba.org>
+ * Fix PAC decoding from Vista SP1 client.
+ * Fix get_trust_creds() to return always an upper-cased krb5
+ principal.
+ * Back port additional fixes necessary for support Windows 2008
+ domain joins from the 3.2 branch.
+
+
+o Mathias Gug <mathiaz at ubuntu.com>
+ * BUG 5802: Recent versions of Linux-PAM support localization of
+ user prompts, so Samba must use the C locale when invoking PAM
+
+
+o Steve Langasek <vorlon at debian.org>
+ * BUG 3727: Fix smbpasswd abort when called by non-root user.
+ * BUG 4784: Prevent umount.cifs from allowing all users to unmount shares.
+ * BUG 5802: Recent versions of Linux-PAM support localization of
+ user prompts, so Samba must use the C locale when invoking PAM
+
+
+o Volker Lendecke <vl at samba.org>
+ * When allocating a new vuid, also avoid partial ones. Also
+ fully invalidate intermediate ones.
+ * Fix error path exit in create_local_nt_token() to correctly roll
+ back security contexts.
+ * Fix valgrind warnings in nmbd.
+ * Pointer initialization fixes in notify_marshall_changes().
+ * BUG 5208: Fix uninitialized variables in vfs_hpuxacl.c (reported
+ by David Leonard <David.Leonard at quest.com>).
+ * Copy the 3.2 version of string_replace to 3.0.
+ * Port SMB_FS_OBJECTID_INFORMATION from 3.2 (Patch by Corinna
+ Vinschen).
+ * Memory leak fixes.
+ * Fix error code propagation from cli_session_setup_kerberos().
+ * BUG 5217: Fix inotify detection.
+ * BUG 5279: Correctly check return of rename().
+ * BUG 5252: Fix confusing error messages in mount.cifs.
+ * BUG 5307: Respect FAMChanged (Thanks to Ricardo Santos).
+ * Work around a handle leak in XP 64 bit.
+
+
+o Guenter Kukkukk <linux at kukkukk.com>
+ * OS/2 returns eclass == ERRDOS && ecode == ERRnofiles for a zero
+ entry directory listing.
+
+
+o Tom Maher <tmaher at watson.org>
+ * BUG 5175: Support krb5 auth in smbcacls.
+
+
+o Hans Mayer <hans.mayer at ages.at>
+ * BUG 5141: Solaris 9 compile fix.
+
+
+o Stefan Metzmacher <metze at samba.org>
+ * Fix default printing system detection in libreplace.
+
+
+o Laurent Pinchart <pinchart at skynet.be>
+ * BUG 5163: Return better error codes when a password cannot be
+ set in and LDAP directory.
+
+
+o Jiri Sasek <Jiri.Sasek at Sun.COM>
+ * BUG 4866: Correct password routine detection on Solaris.
+
+
+o Andreas Schneider <anschneider at suse.de>
+ * Remove trailing slashes on server names when parsing input from
+ smbclient.
+ * Support Windows 2008 domain joins (variant of Todd Stecher's
+ original patch).
+ * Add "administrative share" service parameter for defining hidden
+ administrative shares that cannot be managed from Windows.
+
+
+o Karolin Seeger <kseeger at samba.org>
+ * Use the "ldap user suffix" when enumerating a users group
+ memberships.
+
+
+o Simo Sorce <idra at samba.org>
+ * Don't assume NULL termination when copying the principal name
+ in kerberos_get_default_realm_from_ccache().
+ * Fix winbindd running on a Samba DC (again).
+
+
+o Bo Yang <boyang at novell.com>
+ * Fix bad private_data pointer in winbindd_lookupname_async().
+
+
+
+Release notes for older releases follow:
+
+ --------------------------------------------------
+
==============================
Release Notes for Samba 3.0.28
Dec 10, 2007
@@ -29,8 +231,6 @@
when failing to add local groups in create_local_nt_token().
-Release notes for older releases follow:
-
--------------------------------------------------
===============================
Modified: branches/samba/upstream/examples/logon/genlogon/genlogon.pl
===================================================================
--- branches/samba/upstream/examples/logon/genlogon/genlogon.pl 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/examples/logon/genlogon/genlogon.pl 2008-03-09 10:22:43 UTC (rev 1755)
@@ -45,7 +45,7 @@
}
# Connect shares just used by Administration staff
-If ($ARGV[1] eq "ADMIN" || $ARGV[0] eq "admin")
+if ($ARGV[1] eq "ADMIN" || $ARGV[0] eq "admin")
{
print LOGON "NET USE L: \\\\$ARGV[2]\\ADMIN\r\n";
print LOGON "NET USE K: \\\\$ARGV[2]\\MKTING\r\n";
Modified: branches/samba/upstream/packaging/Example/setup.sh
===================================================================
--- branches/samba/upstream/packaging/Example/setup.sh 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/packaging/Example/setup.sh 2008-03-09 10:22:43 UTC (rev 1755)
@@ -24,4 +24,4 @@
ln /sbin/init.d/samba.init /sbin/samba
echo "Done."
echo "To start / stop samba:"
-echo " execute: samba [start | stop]
+echo " execute: samba [start | stop]"
Modified: branches/samba/upstream/packaging/RHEL/makerpms.sh
===================================================================
--- branches/samba/upstream/packaging/RHEL/makerpms.sh 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/packaging/RHEL/makerpms.sh 2008-03-09 10:22:43 UTC (rev 1755)
@@ -20,7 +20,7 @@
USERID=`id -u`
GRPID=`id -g`
-VERSION='3.0.28'
+VERSION='3.0.28a'
REVISION=''
SPECFILE="samba.spec"
RPMVER=`rpm --version | awk '{print $3}'`
Modified: branches/samba/upstream/packaging/RHEL/samba.spec
===================================================================
--- branches/samba/upstream/packaging/RHEL/samba.spec 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/packaging/RHEL/samba.spec 2008-03-09 10:22:43 UTC (rev 1755)
@@ -5,7 +5,7 @@
Vendor: Samba Team
Packager: Samba Team <samba at samba.org>
Name: samba
-Version: 3.0.28
+Version: 3.0.28a
Release: 1
Epoch: 0
License: GNU GPL version 2
Modified: branches/samba/upstream/source/Makefile.in
===================================================================
--- branches/samba/upstream/source/Makefile.in 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/Makefile.in 2008-03-09 10:22:43 UTC (rev 1755)
@@ -270,7 +270,7 @@
# Be sure to include them into your application
POPT_LIB_OBJ = lib/popt_common.o
-PARAM_OBJ = dynconfig.o param/loadparm.o param/params.o lib/sharesec.o
+PARAM_OBJ = dynconfig.o param/loadparm.o param/params.o lib/sharesec.o lib/ldap_debug_handler.o
KRBCLIENT_OBJ = libads/kerberos.o libads/ads_status.o
@@ -286,9 +286,9 @@
libads/krb5_setpw.o libads/ldap_user.o \
libads/ads_struct.o libads/kerberos_keytab.o \
libads/disp_sec.o libads/ads_utils.o libads/ldap_utils.o \
- libads/authdata.o libads/cldap.o
+ libads/authdata.o libads/cldap.o libads/util.o
-LIBADS_SERVER_OBJ = libads/util.o libads/kerberos_verify.o \
+LIBADS_SERVER_OBJ = libads/kerberos_verify.o \
libads/ldap_schema.o
SECRETS_OBJ = passdb/secrets.o passdb/machine_sid.o
@@ -1681,6 +1681,7 @@
python_clean:
@-if test -n "$(PYTHON)"; then $(PYTHON) python/setup.py clean; fi
+ @-rm -rf build/
# revert to the previously installed version
revert:
@@ -1869,6 +1870,7 @@
distclean: realclean
-rm -f include/stamp-h
+ -rm -f smbadduser
-rm -f include/config.h Makefile
-rm -f config.status config.cache so_locations
-rm -rf .deps TAGS
Modified: branches/samba/upstream/source/VERSION
===================================================================
--- branches/samba/upstream/source/VERSION 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/VERSION 2008-03-09 10:22:43 UTC (rev 1755)
@@ -36,7 +36,7 @@
# e.g. SAMBA_VERSION_REVISION=a #
# -> "2.2.8a" #
########################################################
-SAMBA_VERSION_REVISION=
+SAMBA_VERSION_REVISION=a
########################################################
# For 'pre' releases the version will be #
Modified: branches/samba/upstream/source/auth/auth_domain.c
===================================================================
--- branches/samba/upstream/source/auth/auth_domain.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/auth/auth_domain.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -125,11 +125,14 @@
if (!lp_client_schannel()) {
/* We need to set up a creds chain on an unauthenticated netlogon pipe. */
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+ uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
uint32 sec_chan_type = 0;
unsigned char machine_pwd[16];
+ const char *account_name;
- if (!get_trust_pw(domain, machine_pwd, &sec_chan_type)) {
+ if (!get_trust_pw_hash(domain, machine_pwd, &account_name,
+ &sec_chan_type))
+ {
DEBUG(0, ("connect_to_domain_password_server: could not fetch "
"trust account password for domain '%s'\n",
domain));
@@ -143,7 +146,7 @@
dc_name, /* server name */
domain, /* domain */
global_myname(), /* client name */
- global_myname(), /* machine account name */
+ account_name, /* machine account name */
machine_pwd,
sec_chan_type,
&neg_flags);
Modified: branches/samba/upstream/source/auth/auth_ntlmssp.c
===================================================================
--- branches/samba/upstream/source/auth/auth_ntlmssp.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/auth/auth_ntlmssp.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -187,8 +187,14 @@
void auth_ntlmssp_end(AUTH_NTLMSSP_STATE **auth_ntlmssp_state)
{
- TALLOC_CTX *mem_ctx = (*auth_ntlmssp_state)->mem_ctx;
+ TALLOC_CTX *mem_ctx;
+ if (*auth_ntlmssp_state == NULL) {
+ return;
+ }
+
+ mem_ctx = (*auth_ntlmssp_state)->mem_ctx;
+
if ((*auth_ntlmssp_state)->ntlmssp_state) {
ntlmssp_end(&(*auth_ntlmssp_state)->ntlmssp_state);
}
Modified: branches/samba/upstream/source/auth/auth_server.c
===================================================================
--- branches/samba/upstream/source/auth/auth_server.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/auth/auth_server.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -71,6 +71,7 @@
connection (tridge) */
if (!grab_server_mutex(desthost)) {
+ cli_shutdown(cli);
return NULL;
}
Modified: branches/samba/upstream/source/auth/auth_util.c
===================================================================
--- branches/samba/upstream/source/auth/auth_util.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/auth/auth_util.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -811,7 +811,7 @@
return NT_STATUS_NO_MEMORY;
}
fstr_sprintf( root_name, "%s\\root", get_global_sam_name() );
- ret = lookup_name( ctx, root_name, 0, NULL, NULL, &root_sid, &type );
+ ret = lookup_name( ctx, root_name, LOOKUP_NAME_DOMAIN, NULL, NULL, &root_sid, &type );
TALLOC_FREE( ctx );
if ( ret ) {
Modified: branches/samba/upstream/source/client/client.c
===================================================================
--- branches/samba/upstream/source/client/client.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/client/client.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -279,10 +279,12 @@
pstrcpy(cur_dir,p);
} else {
pstrcat(cur_dir,p);
- if ((cur_dir[0] != '\0') && (*(cur_dir+strlen(cur_dir)-1) != CLI_DIRSEP_CHAR)) {
- pstrcat(cur_dir, CLI_DIRSEP_STR);
- }
}
+
+ /* Ensure cur_dir ends in a DIRSEP */
+ if ((cur_dir[0] != '\0') && (*(cur_dir+strlen(cur_dir)-1) != CLI_DIRSEP_CHAR)) {
+ pstrcat(cur_dir, CLI_DIRSEP_STR);
+ }
clean_name(cur_dir);
pstrcpy( dname, cur_dir );
@@ -699,18 +701,12 @@
int rc;
dir_total = 0;
- if (strcmp(cur_dir, CLI_DIRSEP_STR) != 0) {
- pstrcpy(mask,cur_dir);
- if ((mask[0] != '\0') && (mask[strlen(mask)-1]!=CLI_DIRSEP_CHAR))
- pstrcat(mask,CLI_DIRSEP_STR);
- } else {
- pstrcpy(mask, CLI_DIRSEP_STR);
- }
+ pstrcpy(mask,cur_dir);
if (next_token_nr(NULL,buf,NULL,sizeof(buf))) {
dos_format(p);
if (*p == CLI_DIRSEP_CHAR)
- pstrcpy(mask,p + 1);
+ pstrcpy(mask,p);
else
pstrcat(mask,p);
} else {
@@ -745,9 +741,7 @@
dir_total = 0;
pstrcpy(mask,cur_dir);
- if ((mask[0] != '\0') && (mask[strlen(mask)-1]!=CLI_DIRSEP_CHAR))
- pstrcat(mask,CLI_DIRSEP_STR);
-
+
if (next_token_nr(NULL,buf,NULL,sizeof(buf))) {
dos_format(p);
if (*p == CLI_DIRSEP_CHAR)
@@ -912,7 +906,6 @@
char *p;
pstrcpy(rname,cur_dir);
- pstrcat(rname,CLI_DIRSEP_STR);
p = rname + strlen(rname);
@@ -1007,7 +1000,6 @@
int rc = 0;
pstrcpy(rname,cur_dir);
- pstrcat(rname,CLI_DIRSEP_STR);
slprintf(lname,sizeof(lname)-1, "%s/smbmore.XXXXXX",tmpdir());
fd = smb_mkstemp(lname);
@@ -1056,8 +1048,6 @@
while (next_token_nr(NULL,p,NULL,sizeof(buf))) {
pstrcpy(mget_mask,cur_dir);
- if ((mget_mask[0] != '\0') && (mget_mask[strlen(mget_mask)-1]!=CLI_DIRSEP_CHAR))
- pstrcat(mget_mask,CLI_DIRSEP_STR);
if (*p == CLI_DIRSEP_CHAR)
pstrcpy(mget_mask,p);
@@ -1068,8 +1058,6 @@
if (!*mget_mask) {
pstrcpy(mget_mask,cur_dir);
- if(mget_mask[strlen(mget_mask)-1]!=CLI_DIRSEP_CHAR)
- pstrcat(mget_mask,CLI_DIRSEP_STR);
pstrcat(mget_mask,"*");
do_list(mget_mask, attribute,do_mget,False,True);
}
@@ -1348,7 +1336,6 @@
char *p=buf;
pstrcpy(rname,cur_dir);
- pstrcat(rname,CLI_DIRSEP_STR);
if (!next_token_nr(NULL,p,NULL,sizeof(buf))) {
d_printf("put <filename>\n");
@@ -1997,6 +1984,7 @@
CLI_DIRSEP_CHAR = '/';
*CLI_DIRSEP_STR = '/';
pstrcpy(cur_dir, CLI_DIRSEP_STR);
+ do_cd(cur_dir);
}
return 0;
@@ -2902,7 +2890,6 @@
char *p;
pstrcpy(remote_name, cur_dir);
- pstrcat(remote_name, CLI_DIRSEP_STR);
p = remote_name + strlen(remote_name);
@@ -2931,7 +2918,6 @@
SMB_STRUCT_STAT st;
pstrcpy(remote_name, cur_dir);
- pstrcat(remote_name, CLI_DIRSEP_STR);
if (!next_token_nr(NULL, p, NULL, sizeof(buf))) {
d_printf("reput <filename>\n");
@@ -3857,6 +3843,7 @@
int main(int argc,char *argv[])
{
pstring base_directory;
+ int len = 0;
int opt;
pstring query_host;
BOOL message = False;
@@ -3907,7 +3894,7 @@
set_global_myworkgroup( "" );
set_global_myname( "" );
- /* set default debug level to 0 regardless of what smb.conf sets */
+ /* set default debug level to 1 regardless of what smb.conf sets */
setup_logging( "smbclient", True );
DEBUGLEVEL_CLASS[DBGC_ALL] = 1;
if ((dbf = x_fdup(x_stderr))) {
@@ -4068,6 +4055,12 @@
poptPrintUsage(pc, stderr, 0);
exit(1);
}
+ /* Remove trailing slashes */
+ len = strlen(service);
+ while(len > 0 && service[len - 1] == '\\') {
+ --len;
+ service[len] = '\0';
+ }
}
if ( strlen(new_workgroup) != 0 )
Modified: branches/samba/upstream/source/client/mount.cifs.c
===================================================================
--- branches/samba/upstream/source/client/mount.cifs.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/client/mount.cifs.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -80,7 +80,41 @@
char * domain_name = NULL;
char * prefixpath = NULL;
+/* glibc doesn't have strlcpy, strlcat. Ensure we do. JRA. We
+ * don't link to libreplace so need them here. */
+/* like strncpy but does not 0 fill the buffer and always null
+ * terminates. bufsize is the size of the destination buffer */
+size_t strlcpy(char *d, const char *s, size_t bufsize)
+{
+ size_t len = strlen(s);
+ size_t ret = len;
+ if (bufsize <= 0) return 0;
+ if (len >= bufsize) len = bufsize-1;
+ memcpy(d, s, len);
+ d[len] = 0;
+ return ret;
+}
+
+/* like strncat but does not 0 fill the buffer and always null
+ * terminates. bufsize is the length of the buffer, which should
+ * be one more than the maximum resulting string length */
+size_t strlcat(char *d, const char *s, size_t bufsize)
+{
+ size_t len1 = strlen(d);
+ size_t len2 = strlen(s);
+ size_t ret = len1 + len2;
+
+ if (len1+len2 >= bufsize) {
+ len2 = bufsize - (len1+1);
+ }
+ if (len2 > 0) {
+ memcpy(d+len1, s, len2);
+ d[len1+len2] = 0;
+ }
+ return ret;
+}
+
/* BB finish BB
cifs_umount
@@ -169,8 +203,10 @@
/* go past equals sign */
temp_val++;
for(length = 0;length<4087;length++) {
- if(temp_val[length] == '\n')
+ if ((temp_val[length] == '\n')
+ || (temp_val[length] == '\0')) {
break;
+ }
}
if(length > 4086) {
printf("mount.cifs failed due to malformed username in credentials file");
@@ -193,8 +229,10 @@
/* go past equals sign */
temp_val++;
for(length = 0;length<65;length++) {
- if(temp_val[length] == '\n')
+ if ((temp_val[length] == '\n')
+ || (temp_val[length] == '\0')) {
break;
+ }
}
if(length > 64) {
printf("mount.cifs failed: password in credentials file too long\n");
@@ -222,8 +260,10 @@
if(verboseflag)
printf("\nDomain %s\n",temp_val);
for(length = 0;length<65;length++) {
- if(temp_val[length] == '\n')
- break;
+ if ((temp_val[length] == '\n')
+ || (temp_val[length] == '\0')) {
+ break;
+ }
}
if(length > 64) {
printf("mount.cifs failed: domain in credentials file too long\n");
@@ -321,6 +361,8 @@
int out_len = 0;
int word_len;
int rc = 0;
+ char user[32];
+ char group[32];
if (!optionsp || !*optionsp)
return 1;
@@ -331,6 +373,13 @@
/* BB fixme check for separator override BB */
+ if (getuid()) {
+ got_uid = 1;
+ snprintf(user,sizeof(user),"%u",getuid());
+ got_gid = 1;
+ snprintf(group,sizeof(group),"%u",getgid());
+ }
+
/* while ((data = strsep(&options, ",")) != NULL) { */
while(data != NULL) {
/* check if ends with trailing comma */
@@ -493,33 +542,33 @@
got_uid = 1;
if (!isdigit(*value)) {
struct passwd *pw;
- static char temp[32];
if (!(pw = getpwnam(value))) {
printf("bad user name \"%s\"\n", value);
exit(1);
}
- sprintf(temp, "%u", pw->pw_uid);
- value = temp;
- endpwent();
+ snprintf(user, sizeof(user), "%u", pw->pw_uid);
+ } else {
+ strlcpy(user,value,sizeof(user));
}
}
+ goto nocopy;
} else if (strncmp(data, "gid", 3) == 0) {
if (value && *value) {
got_gid = 1;
if (!isdigit(*value)) {
struct group *gr;
- static char temp[32];
if (!(gr = getgrnam(value))) {
printf("bad group name \"%s\"\n", value);
exit(1);
}
- sprintf(temp, "%u", gr->gr_gid);
- value = temp;
- endpwent();
+ snprintf(group, sizeof(group), "%u", gr->gr_gid);
+ } else {
+ strlcpy(group,value,sizeof(group));
}
}
+ goto nocopy;
/* fmask and dmask synonyms for people used to smbfs syntax */
} else if (strcmp(data, "file_mode") == 0 || strcmp(data, "fmask")==0) {
if (!value || !*value) {
@@ -610,17 +659,55 @@
exit(1);
}
- if (out_len)
- out[out_len++] = ',';
+ if (out_len) {
+ strlcat(out, ",", out_len + word_len + 2);
+ out_len++;
+ }
+
if (value)
- sprintf(out + out_len, "%s=%s", data, value);
+ snprintf(out + out_len, word_len + 1, "%s=%s", data, value);
else
- sprintf(out + out_len, "%s", data);
+ snprintf(out + out_len, word_len + 1, "%s", data);
out_len = strlen(out);
nocopy:
data = next_keyword;
}
+
+ /* special-case the uid and gid */
+ if (got_uid) {
+ word_len = strlen(user);
+
+ out = (char *)realloc(out, out_len + word_len + 6);
+ if (out == NULL) {
+ perror("malloc");
+ exit(1);
+ }
+
+ if (out_len) {
+ strlcat(out, ",", out_len + word_len + 6);
+ out_len++;
+ }
+ snprintf(out + out_len, word_len + 5, "uid=%s", user);
+ out_len = strlen(out);
+ }
+ if (got_gid) {
+ word_len = strlen(group);
+
+ out = (char *)realloc(out, out_len + 1 + word_len + 6);
+ if (out == NULL) {
+ perror("malloc");
+ exit(1);
+ }
+
+ if (out_len) {
+ strlcat(out, ",", out_len + word_len + 6);
+ out_len++;
+ }
+ snprintf(out + out_len, word_len + 5, "gid=%s", group);
+ out_len = strlen(out);
+ }
+
free(*optionsp);
*optionsp = out;
return 0;
@@ -723,7 +810,7 @@
if(domainnm == NULL)
return NULL;
- strcpy(domainnm,*ppuser);
+ strlcpy(domainnm,*ppuser,len+1);
/* move_string(*ppuser, usernm+1) */
len = strlen(usernm+1);
@@ -894,6 +981,7 @@
int gid = 0;
int optlen = 0;
int orgoptlen = 0;
+ size_t options_size = 0;
int retry = 0; /* set when we have to retry mount with uppercase */
struct stat statbuf;
struct utsname sysinfo;
@@ -1163,38 +1251,38 @@
optlen += strlen(mountpassword) + 6;
if(options)
free(options);
- options = (char *)malloc(optlen + 10 + 64 /* space for commas in password */ + 8 /* space for domain= , domain name itself was counted as part of the length username string above */);
+ options_size = optlen + 10 + 64;
+ options = (char *)malloc(options_size /* space for commas in password */ + 8 /* space for domain= , domain name itself was counted as part of the length username string above */);
if(options == NULL) {
printf("Could not allocate memory for mount options\n");
return -1;
}
-
options[0] = 0;
- strncat(options,"unc=",4);
- strcat(options,share_name);
+ strlcpy(options,"unc=",options_size);
+ strlcat(options,share_name,options_size);
/* scan backwards and reverse direction of slash */
temp = strrchr(options, '/');
if(temp > options + 6)
*temp = '\\';
if(ipaddr) {
- strncat(options,",ip=",4);
- strcat(options,ipaddr);
+ strlcat(options,",ip=",options_size);
+ strlcat(options,ipaddr,options_size);
}
if(user_name) {
/* check for syntax like user=domain\user */
if(got_domain == 0)
domain_name = check_for_domain(&user_name);
- strncat(options,",user=",6);
- strcat(options,user_name);
+ strlcat(options,",user=",options_size);
+ strlcat(options,user_name,options_size);
}
if(retry == 0) {
- if(domain_name) {
+ if(domain_name) {
/* extra length accounted for in option string above */
- strncat(options,",domain=",8);
- strcat(options,domain_name);
+ strlcat(options,",domain=",options_size);
+ strlcat(options,domain_name,options_size);
}
}
if(mountpassword) {
@@ -1203,21 +1291,21 @@
/* if(sep is not set)*/
if(retry == 0)
check_for_comma(&mountpassword);
- strncat(options,",pass=",6);
- strcat(options,mountpassword);
+ strlcat(options,",pass=",options_size);
+ strlcat(options,mountpassword,options_size);
}
- strncat(options,",ver=",5);
- strcat(options,MOUNT_CIFS_VERSION_MAJOR);
+ strlcat(options,",ver=",options_size);
+ strlcat(options,MOUNT_CIFS_VERSION_MAJOR,options_size);
if(orgoptions) {
- strcat(options,",");
- strcat(options,orgoptions);
+ strlcat(options,",",options_size);
+ strlcat(options,orgoptions,options_size);
}
if(prefixpath) {
- strncat(options,",prefixpath=",12);
- strcat(options,prefixpath); /* no need to cat the / */
- }
+ strlcat(options,",prefixpath=",options_size);
+ strlcat(options,prefixpath,options_size); /* no need to cat the / */
+ }
if(verboseflag)
printf("\nmount.cifs kernel mount options %s \n",options);
if(mount(share_name, mountpoint, "cifs", flags, options)) {
@@ -1261,23 +1349,23 @@
char * mount_user = getusername();
memset(mountent.mnt_opts,0,200);
if(flags & MS_RDONLY)
- strcat(mountent.mnt_opts,"ro");
+ strlcat(mountent.mnt_opts,"ro",220);
else
- strcat(mountent.mnt_opts,"rw");
+ strlcat(mountent.mnt_opts,"rw",220);
if(flags & MS_MANDLOCK)
- strcat(mountent.mnt_opts,",mand");
+ strlcat(mountent.mnt_opts,",mand",220);
if(flags & MS_NOEXEC)
- strcat(mountent.mnt_opts,",noexec");
+ strlcat(mountent.mnt_opts,",noexec",220);
if(flags & MS_NOSUID)
- strcat(mountent.mnt_opts,",nosuid");
+ strlcat(mountent.mnt_opts,",nosuid",220);
if(flags & MS_NODEV)
- strcat(mountent.mnt_opts,",nodev");
+ strlcat(mountent.mnt_opts,",nodev",220);
if(flags & MS_SYNCHRONOUS)
- strcat(mountent.mnt_opts,",synch");
+ strlcat(mountent.mnt_opts,",synch",220);
if(mount_user) {
if(getuid() != 0) {
- strcat(mountent.mnt_opts,",user=");
- strcat(mountent.mnt_opts,mount_user);
+ strlcat(mountent.mnt_opts,",user=",220);
+ strlcat(mountent.mnt_opts,mount_user,220);
}
/* free(mount_user); do not free static mem */
}
@@ -1318,4 +1406,3 @@
}
return rc;
}
-
Modified: branches/samba/upstream/source/client/umount.cifs.c
===================================================================
--- branches/samba/upstream/source/client/umount.cifs.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/client/umount.cifs.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -131,7 +131,7 @@
printf("user unmounting via %s is an optional feature of",thisprogram);
printf(" the cifs filesystem driver (cifs.ko)");
printf("\n\tand requires cifs.ko version 1.32 or later\n");
- } else if (rc > 0)
+ } else if (rc != 0)
printf("user unmount of %s failed with %d %s\n",dir,errno,strerror(errno));
close(fileid);
Modified: branches/samba/upstream/source/configure
===================================================================
--- branches/samba/upstream/source/configure 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/configure 2008-03-09 10:22:43 UTC (rev 1755)
@@ -14277,7 +14277,146 @@
done
+for ac_header in stropts.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+ ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+
+ ;;
+esac
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
{ echo "$as_me:$LINENO: checking for usable net/if.h" >&5
echo $ECHO_N "checking for usable net/if.h... $ECHO_C" >&6; }
if test "${libreplace_cv_USABLE_NET_IF_H+set}" = set; then
@@ -19001,6 +19140,190 @@
LIBS="$save_LIBS"
+{ echo "$as_me:$LINENO: checking for getpass" >&5
+echo $ECHO_N "checking for getpass... $ECHO_C" >&6; }
+if test "${ac_cv_func_getpass+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define getpass to an innocuous variant, in case <limits.h> declares getpass.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define getpass innocuous_getpass
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char getpass (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef getpass
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getpass ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_getpass || defined __stub___getpass
+choke me
+#endif
+
+int
+main ()
+{
+return getpass ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_getpass=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_getpass=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_getpass" >&5
+echo "${ECHO_T}$ac_cv_func_getpass" >&6; }
+if test $ac_cv_func_getpass = yes; then
+ samba_cv_HAVE_GETPASS=yes
+fi
+
+{ echo "$as_me:$LINENO: checking for getpassphrase" >&5
+echo $ECHO_N "checking for getpassphrase... $ECHO_C" >&6; }
+if test "${ac_cv_func_getpassphrase+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define getpassphrase to an innocuous variant, in case <limits.h> declares getpassphrase.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define getpassphrase innocuous_getpassphrase
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char getpassphrase (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef getpassphrase
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getpassphrase ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_getpassphrase || defined __stub___getpassphrase
+choke me
+#endif
+
+int
+main ()
+{
+return getpassphrase ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_getpassphrase=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_getpassphrase=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_getpassphrase" >&5
+echo "${ECHO_T}$ac_cv_func_getpassphrase" >&6; }
+if test $ac_cv_func_getpassphrase = yes; then
+ samba_cv_HAVE_GETPASSPHRASE=yes
+fi
+
+if test x"$samba_cv_HAVE_GETPASS" = x"yes" -a x"$samba_cv_HAVE_GETPASSPHRASE" = x"yes"; then
+
+cat >>confdefs.h <<\_ACEOF
+#define REPLACE_GETPASS_BY_GETPASSPHRASE 1
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define REPLACE_GETPASS 1
+_ACEOF
+
+ LIBREPLACEOBJ="${LIBREPLACEOBJ} getpass.o"
+else
+
{ echo "$as_me:$LINENO: checking whether getpass should be replaced" >&5
echo $ECHO_N "checking whether getpass should be replaced... $ECHO_C" >&6; }
if test "${samba_cv_REPLACE_GETPASS+set}" = set; then
@@ -19071,6 +19394,8 @@
LIBREPLACEOBJ="${LIBREPLACEOBJ} getpass.o"
fi
+fi
+
{ echo "$as_me:$LINENO: checking whether strptime is available and works" >&5
echo $ECHO_N "checking whether strptime is available and works... $ECHO_C" >&6; }
if test "${libreplace_cv_STRPTIME_OK+set}" = set; then
@@ -43756,9 +44081,13 @@
done
-{ echo "$as_me:$LINENO: checking for inotify_init" >&5
-echo $ECHO_N "checking for inotify_init... $ECHO_C" >&6; }
-if test "${ac_cv_func_inotify_init+set}" = set; then
+
+for ac_func in inotify_init
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
cat >conftest.$ac_ext <<_ACEOF
@@ -43767,12 +44096,12 @@
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
-/* Define inotify_init to an innocuous variant, in case <limits.h> declares inotify_init.
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
For example, HP-UX 11i <limits.h> declares gettimeofday. */
-#define inotify_init innocuous_inotify_init
+#define $ac_func innocuous_$ac_func
/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char inotify_init (); below.
+ which can conflict with char $ac_func (); below.
Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
<limits.h> exists even on freestanding compilers. */
@@ -43782,7 +44111,7 @@
# include <assert.h>
#endif
-#undef inotify_init
+#undef $ac_func
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
@@ -43790,18 +44119,18 @@
#ifdef __cplusplus
extern "C"
#endif
-char inotify_init ();
+char $ac_func ();
/* The GNU C library defines this for functions which it implements
to always fail with ENOSYS. Some functions are actually named
something starting with __ and the normal name is an alias. */
-#if defined __stub_inotify_init || defined __stub___inotify_init
+#if defined __stub_$ac_func || defined __stub___$ac_func
choke me
#endif
int
main ()
{
-return inotify_init ();
+return $ac_func ();
;
return 0;
}
@@ -43824,21 +44153,29 @@
test ! -s conftest.err
} && test -s conftest$ac_exeext &&
$as_test_x conftest$ac_exeext; then
- ac_cv_func_inotify_init=yes
+ eval "$as_ac_var=yes"
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
- ac_cv_func_inotify_init=no
+ eval "$as_ac_var=no"
fi
rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
conftest$ac_exeext conftest.$ac_ext
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_inotify_init" >&5
-echo "${ECHO_T}$ac_cv_func_inotify_init" >&6; }
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+fi
+done
+
{ echo "$as_me:$LINENO: checking for __NR_inotify_init declaration" >&5
echo $ECHO_N "checking for __NR_inotify_init declaration... $ECHO_C" >&6; }
if test "${ac_cv_have___NR_inotify_init_decl+set}" = set; then
@@ -48274,6 +48611,67 @@
fi
+ #######################################################
+ # if we have LBER_OPT_LOG_PRINT_FN, we can intercept
+ # ldap logging and print it out in the samba logs
+ { echo "$as_me:$LINENO: checking for LBER_OPT_LOG_PRINT_FN" >&5
+echo $ECHO_N "checking for LBER_OPT_LOG_PRINT_FN... $ECHO_C" >&6; }
+if test "${samba_cv_HAVE_LBER_OPT_LOG_PRINT_FN+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <lber.h>
+int
+main ()
+{
+int val = LBER_OPT_LOG_PRINT_FN;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ samba_cv_HAVE_LBER_OPT_LOG_PRINT_FN=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ samba_cv_HAVE_LBER_OPT_LOG_PRINT_FN=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $samba_cv_HAVE_LBER_OPT_LOG_PRINT_FN" >&5
+echo "${ECHO_T}$samba_cv_HAVE_LBER_OPT_LOG_PRINT_FN" >&6; }
+
+ if test x"$samba_cv_HAVE_LBER_OPT_LOG_PRINT_FN" = x"yes"; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_LBER_LOG_PRINT_FN 1
+_ACEOF
+
+ fi
+
########################################################
# now see if we can find the ldap libs in standard paths
@@ -55931,6 +56329,128 @@
fi
+ { echo "$as_me:$LINENO: checking for krb5_principal_get_realm" >&5
+echo $ECHO_N "checking for krb5_principal_get_realm... $ECHO_C" >&6; }
+if test "${samba_cv_HAVE_KRB5_PRINCIPAL_GET_REALM+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <krb5.h>
+int
+main ()
+{
+krb5_context ctx = NULL; krb5_principal princ = NULL; const char *str = krb5_principal_get_realm(ctx, princ);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ samba_cv_HAVE_KRB5_PRINCIPAL_GET_REALM=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ samba_cv_HAVE_KRB5_PRINCIPAL_GET_REALM=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $samba_cv_HAVE_KRB5_PRINCIPAL_GET_REALM" >&5
+echo "${ECHO_T}$samba_cv_HAVE_KRB5_PRINCIPAL_GET_REALM" >&6; }
+
+ if test x"$samba_cv_HAVE_KRB5_PRINCIPAL_GET_REALM" = x"yes"; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_KRB5_PRINCIPAL_GET_REALM 1
+_ACEOF
+
+ fi
+
+ { echo "$as_me:$LINENO: checking for krb5_princ_realm" >&5
+echo $ECHO_N "checking for krb5_princ_realm... $ECHO_C" >&6; }
+if test "${samba_cv_HAVE_KRB5_PRINC_REALM+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <krb5.h>
+int
+main ()
+{
+krb5_context ctx = NULL; krb5_principal princ = NULL; const char *str = krb5_princ_realm(ctx, princ)->data;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ samba_cv_HAVE_KRB5_PRINC_REALM=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ samba_cv_HAVE_KRB5_PRINC_REALM=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $samba_cv_HAVE_KRB5_PRINC_REALM" >&5
+echo "${ECHO_T}$samba_cv_HAVE_KRB5_PRINC_REALM" >&6; }
+
+ if test x"$samba_cv_HAVE_KRB5_PRINC_REALM" = x"yes"; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_KRB5_PRINC_REALM 1
+_ACEOF
+
+ fi
+
#
#
# Now the decisions whether we can support krb5
@@ -66139,10 +66659,47 @@
fi
+ { echo "$as_me:$LINENO: checking how to build vfs_notify_fam" >&5
+echo $ECHO_N "checking how to build vfs_notify_fam... $ECHO_C" >&6; }
+ if test "$MODULE_vfs_notify_fam"; then
+ DEST=$MODULE_vfs_notify_fam
+ elif test "$MODULE_vfs" -a "$MODULE_DEFAULT_vfs_notify_fam"; then
+ DEST=$MODULE_vfs
+ else
+ DEST=$MODULE_DEFAULT_vfs_notify_fam
+ fi
+ if test x"$DEST" = xSHARED; then
+cat >>confdefs.h <<\_ACEOF
+#define vfs_notify_fam_init init_module
+_ACEOF
+ VFS_MODULES="$VFS_MODULES "bin/notify_fam.$SHLIBEXT""
+ { echo "$as_me:$LINENO: result: shared" >&5
+echo "${ECHO_T}shared" >&6; }
+ string_shared_modules="$string_shared_modules vfs_notify_fam"
+ elif test x"$DEST" = xSTATIC; then
+ init_static_modules_vfs="$init_static_modules_vfs vfs_notify_fam_init();"
+ decl_static_modules_vfs="$decl_static_modules_vfs extern NTSTATUS vfs_notify_fam_init(void);"
+ string_static_modules="$string_static_modules vfs_notify_fam"
+ VFS_STATIC="$VFS_STATIC \$(VFS_NOTIFY_FAM_OBJ)"
+
+
+ { echo "$as_me:$LINENO: result: static" >&5
+echo "${ECHO_T}static" >&6; }
+ else
+ string_ignored_modules="$string_ignored_modules vfs_notify_fam"
+ { echo "$as_me:$LINENO: result: not" >&5
+echo "${ECHO_T}not" >&6; }
+ fi
+
+
+
+
+
+
cat >>confdefs.h <<_ACEOF
#define static_init_vfs {$init_static_modules_vfs}
_ACEOF
Modified: branches/samba/upstream/source/configure.in
===================================================================
--- branches/samba/upstream/source/configure.in 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/configure.in 2008-03-09 10:22:43 UTC (rev 1755)
@@ -2541,7 +2541,7 @@
AC_CACHE_CHECK([for inotify support],samba_cv_HAVE_INOTIFY,[
AC_CHECK_HEADERS(linux/inotify.h asm/unistd.h)
-AC_CHECK_FUNC(inotify_init)
+AC_CHECK_FUNCS(inotify_init)
AC_HAVE_DECL(__NR_inotify_init, [#include <asm/unistd.h>])
],
samba_cv_HAVE_INOTIFY=yes,
@@ -3243,6 +3243,21 @@
# this test must be before the libldap test
AC_CHECK_LIB_EXT(lber, LDAP_LIBS, ber_scanf)
+ #######################################################
+ # if we have LBER_OPT_LOG_PRINT_FN, we can intercept
+ # ldap logging and print it out in the samba logs
+ AC_CACHE_CHECK([for LBER_OPT_LOG_PRINT_FN],
+ samba_cv_HAVE_LBER_OPT_LOG_PRINT_FN,
+ [AC_TRY_COMPILE([#include <lber.h>],
+ [int val = LBER_OPT_LOG_PRINT_FN;],
+ samba_cv_HAVE_LBER_OPT_LOG_PRINT_FN=yes,
+ samba_cv_HAVE_LBER_OPT_LOG_PRINT_FN=no)])
+
+ if test x"$samba_cv_HAVE_LBER_OPT_LOG_PRINT_FN" = x"yes"; then
+ AC_DEFINE(HAVE_LBER_LOG_PRINT_FN, 1,
+ [Support for LDAP/LBER logging interception])
+ fi
+
########################################################
# now see if we can find the ldap libs in standard paths
AC_CHECK_LIB_EXT(ldap, LDAP_LIBS, ldap_init)
@@ -3944,6 +3959,30 @@
fi
+ AC_CACHE_CHECK([for krb5_principal_get_realm],
+ samba_cv_HAVE_KRB5_PRINCIPAL_GET_REALM,[
+ AC_TRY_LINK([#include <krb5.h>],
+ [krb5_context ctx = NULL; krb5_principal princ = NULL; const char *str = krb5_principal_get_realm(ctx, princ);],
+ samba_cv_HAVE_KRB5_PRINCIPAL_GET_REALM=yes,
+ samba_cv_HAVE_KRB5_PRINCIPAL_GET_REALM=no)])
+
+ if test x"$samba_cv_HAVE_KRB5_PRINCIPAL_GET_REALM" = x"yes"; then
+ AC_DEFINE(HAVE_KRB5_PRINCIPAL_GET_REALM,1,
+ [Whether the function krb5_principal_get_realm is defined])
+ fi
+
+ AC_CACHE_CHECK([for krb5_princ_realm],
+ samba_cv_HAVE_KRB5_PRINC_REALM,[
+ AC_TRY_LINK([#include <krb5.h>],
+ [krb5_context ctx = NULL; krb5_principal princ = NULL; const char *str = krb5_princ_realm(ctx, princ)->data;],
+ samba_cv_HAVE_KRB5_PRINC_REALM=yes,
+ samba_cv_HAVE_KRB5_PRINC_REALM=no)])
+
+ if test x"$samba_cv_HAVE_KRB5_PRINC_REALM" = x"yes"; then
+ AC_DEFINE(HAVE_KRB5_PRINC_REALM,1,
+ [Whether the macro krb5_princ_realm is defined])
+ fi
+
#
#
# Now the decisions whether we can support krb5
@@ -6099,6 +6138,7 @@
SMB_MODULE(vfs_commit, \$(VFS_COMMIT_OBJ), "bin/commit.$SHLIBEXT", VFS)
SMB_MODULE(vfs_gpfs, \$(VFS_GPFS_OBJ), "bin/gpfs.$SHLIBEXT", VFS)
SMB_MODULE(vfs_readahead, \$(VFS_READAHEAD_OBJ), "bin/readahead.$SHLIBEXT", VFS)
+SMB_MODULE(vfs_notify_fam, \$(VFS_NOTIFY_FAM_OBJ), "bin/notify_fam.$SHLIBEXT", VFS)
SMB_SUBSYSTEM(VFS,smbd/vfs.o)
Modified: branches/samba/upstream/source/groupdb/mapping.c
===================================================================
--- branches/samba/upstream/source/groupdb/mapping.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/groupdb/mapping.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -452,7 +452,7 @@
return NT_STATUS_NO_MEMORY;
}
- exists = lookup_name(mem_ctx, name, LOOKUP_NAME_ISOLATED,
+ exists = lookup_name(mem_ctx, name, LOOKUP_NAME_LOCAL,
NULL, NULL, &sid, &type);
TALLOC_FREE(mem_ctx);
Modified: branches/samba/upstream/source/include/ads.h
===================================================================
--- branches/samba/upstream/source/include/ads.h 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/include/ads.h 2008-03-09 10:22:43 UTC (rev 1755)
@@ -321,4 +321,7 @@
int val;
int critical;
} ads_control;
+
+#define ADS_IGNORE_PRINCIPAL "not_defined_in_RFC4178 at please_ignore"
+
#endif /* _INCLUDE_ADS_H_ */
Modified: branches/samba/upstream/source/include/config.h.in
===================================================================
--- branches/samba/upstream/source/include/config.h.in 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/include/config.h.in 2008-03-09 10:22:43 UTC (rev 1755)
@@ -685,6 +685,9 @@
/* Whether kernel has inotify support */
#undef HAVE_INOTIFY
+/* Define to 1 if you have the `inotify_init' function. */
+#undef HAVE_INOTIFY_INIT
+
/* Whether int16 typedef is included by rpc/rpc.h */
#undef HAVE_INT16_FROM_RPC_RPC_H
@@ -842,9 +845,15 @@
/* Define to 1 if you have the `krb5_principal_get_comp_string' function. */
#undef HAVE_KRB5_PRINCIPAL_GET_COMP_STRING
+/* Whether the function krb5_principal_get_realm is defined */
+#undef HAVE_KRB5_PRINCIPAL_GET_REALM
+
/* Whether krb5_princ_component is available */
#undef HAVE_KRB5_PRINC_COMPONENT
+/* Whether the macro krb5_princ_realm is defined */
+#undef HAVE_KRB5_PRINC_REALM
+
/* Define to 1 if you have the `krb5_princ_size' function. */
#undef HAVE_KRB5_PRINC_SIZE
@@ -890,6 +899,9 @@
/* Define to 1 if you have the <lber.h> header file. */
#undef HAVE_LBER_H
+/* Support for LDAP/LBER logging interception */
+#undef HAVE_LBER_LOG_PRINT_FN
+
/* Whether ldap is available */
#undef HAVE_LDAP
@@ -1571,6 +1583,9 @@
/* Define to 1 if you have the `strnlen' function. */
#undef HAVE_STRNLEN
+/* Define to 1 if you have the <stropts.h> header file. */
+#undef HAVE_STROPTS_H
+
/* Define to 1 if you have the `strpbrk' function. */
#undef HAVE_STRPBRK
@@ -2279,6 +2294,9 @@
/* Whether getpass should be replaced */
#undef REPLACE_GETPASS
+/* getpass returns <9 chars where getpassphrase returns <265 chars */
+#undef REPLACE_GETPASS_BY_GETPASSPHRASE
+
/* Whether inet_ntoa should be replaced */
#undef REPLACE_INET_NTOA
@@ -2825,6 +2843,9 @@
/* Whether to build vfs_netatalk as shared module */
#undef vfs_netatalk_init
+/* Whether to build vfs_notify_fam as shared module */
+#undef vfs_notify_fam_init
+
/* Whether to build vfs_posixacl as shared module */
#undef vfs_posixacl_init
Modified: branches/samba/upstream/source/include/includes.h
===================================================================
--- branches/samba/upstream/source/include/includes.h 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/include/includes.h 2008-03-09 10:22:43 UTC (rev 1755)
@@ -107,7 +107,6 @@
#include "system/locale.h"
#include "system/network.h"
#include "system/passwd.h"
-#include "system/printing.h"
#include "system/readline.h"
#include "system/select.h"
#include "system/shmem.h"
Modified: branches/samba/upstream/source/include/rpc_dce.h
===================================================================
--- branches/samba/upstream/source/include/rpc_dce.h 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/include/rpc_dce.h 2008-03-09 10:22:43 UTC (rev 1755)
@@ -112,6 +112,8 @@
/* these are the flags that ADS clients use */
#define NETLOGON_NEG_AUTH2_ADS_FLAGS (0x200fbffb | NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT | NETLOGON_NEG_SCHANNEL)
+#define NETLOGON_NEG_SELECT_AUTH2_FLAGS ((lp_security() == SEC_ADS) ? NETLOGON_NEG_AUTH2_ADS_FLAGS : NETLOGON_NEG_AUTH2_FLAGS)
+
enum schannel_direction {
SENDER_IS_INITIATOR,
SENDER_IS_ACCEPTOR
Modified: branches/samba/upstream/source/include/rpc_samr.h
===================================================================
--- branches/samba/upstream/source/include/rpc_samr.h 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/include/rpc_samr.h 2008-03-09 10:22:43 UTC (rev 1755)
@@ -146,6 +146,31 @@
#define SAMR_CHGPASSWD_USER3 0x3F
#define SAMR_CONNECT5 0x40
+/* SAMR account creation flags/permissions */
+#define SAMR_USER_GETNAME 0x1
+#define SAMR_USER_GETLOCALE 0x2
+#define SAMR_USER_GETLOCCOM 0x4
+#define SAMR_USER_GETLOGONINFO 0x8
+#define SAMR_USER_GETATTR 0x10
+#define SAMR_USER_SETATTR 0x20
+#define SAMR_USER_CHPASS 0x40
+#define SAMR_USER_SETPASS 0x80
+#define SAMR_USER_GETGROUPS 0x100
+#define SAMR_USER_GETMEMBERSHIP 0x200
+#define SAMR_USER_CHMEMBERSHIP 0x400
+#define SAMR_STANDARD_DELETE 0x10000
+#define SAMR_STANDARD_READCTRL 0x20000
+#define SAMR_STANDARD_WRITEDAC 0x40000
+#define SAMR_STANDARD_WRITEOWNER 0x80000
+#define SAMR_STANDARD_SYNC 0x100000
+#define SAMR_GENERIC_ACCESSSACL 0x800000
+#define SAMR_GENERIC_MAXALLOWED 0x2000000
+#define SAMR_GENERIC_ALL 0x10000000
+#define SAMR_GENERIC_EXECUTE 0x20000000
+#define SAMR_GENERIC_WRITE 0x40000000
+#define SAMR_GENERIC_READ 0x80000000
+
+
typedef struct logon_hours_info
{
uint32 max_len; /* normally 1260 bytes */
@@ -1557,7 +1582,7 @@
UNISTR2 uni_name; /* unicode account name */
uint32 acb_info; /* account control info */
- uint32 access_mask; /* 0xe005 00b0 */
+ uint32 acct_flags; /* 0xe005 00b0 */
} SAMR_Q_CREATE_USER;
Modified: branches/samba/upstream/source/include/smb.h
===================================================================
--- branches/samba/upstream/source/include/smb.h 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/include/smb.h 2008-03-09 10:22:43 UTC (rev 1755)
@@ -28,7 +28,7 @@
#define _SMB_H
/* logged when starting the various Samba daemons */
-#define COPYRIGHT_STARTUP_MESSAGE "Copyright Andrew Tridgell and the Samba Team 1992-2007"
+#define COPYRIGHT_STARTUP_MESSAGE "Copyright Andrew Tridgell and the Samba Team 1992-2008"
#if defined(LARGE_SMB_OFF_T)
@@ -257,12 +257,28 @@
SID_NAME_COMPUTER /* sid for a computer */
};
-#define LOOKUP_NAME_ISOLATED 1 /* Look up unqualified names */
-#define LOOKUP_NAME_REMOTE 2 /* Ask others */
-#define LOOKUP_NAME_ALL (LOOKUP_NAME_ISOLATED|LOOKUP_NAME_REMOTE)
-#define LOOKUP_NAME_GROUP 4 /* (unused) This is a NASTY hack for valid users = @foo
- * where foo also exists in as user. */
+#define LOOKUP_NAME_NONE 0x00000000
+#define LOOKUP_NAME_ISOLATED 0x00000001 /* Look up unqualified names */
+#define LOOKUP_NAME_REMOTE 0x00000002 /* Ask others */
+#define LOOKUP_NAME_GROUP 0x00000004 /* (unused) This is a NASTY hack for
+ valid users = @foo where foo also
+ exists in as user. */
+#define LOOKUP_NAME_EXPLICIT 0x00000008 /* Only include
+ explicitly mapped names and not
+ the Unix {User,Group} domain */
+#define LOOKUP_NAME_BUILTIN 0x00000010 /* builtin names */
+#define LOOKUP_NAME_WKN 0x00000020 /* well known names */
+#define LOOKUP_NAME_DOMAIN 0x00000040 /* only lookup own domain */
+#define LOOKUP_NAME_LOCAL (LOOKUP_NAME_ISOLATED\
+ |LOOKUP_NAME_BUILTIN\
+ |LOOKUP_NAME_WKN\
+ |LOOKUP_NAME_DOMAIN)
+#define LOOKUP_NAME_ALL (LOOKUP_NAME_ISOLATED\
+ |LOOKUP_NAME_REMOTE\
+ |LOOKUP_NAME_BUILTIN\
+ |LOOKUP_NAME_WKN\
+ |LOOKUP_NAME_DOMAIN)
/**
* @brief Security Identifier
@@ -1918,4 +1934,15 @@
/* Different reasons for closing a file. */
enum file_close_type {NORMAL_CLOSE=0,SHUTDOWN_CLOSE,ERROR_CLOSE};
+/* Used in SMB_FS_OBJECTID_INFORMATION requests. Must be exactly 48 bytes. */
+#define SAMBA_EXTENDED_INFO_MAGIC 0x536d4261 /* "SmBa" */
+#define SAMBA_EXTENDED_INFO_VERSION_STRING_LENGTH 28
+struct smb_extended_info {
+ uint32 samba_magic; /* Always SAMBA_EXTRA_INFO_MAGIC */
+ uint32 samba_version; /* Major/Minor/Release/Revision */
+ uint32 samba_subversion; /* Prerelease/RC/Vendor patch */
+ NTTIME samba_gitcommitdate;
+ char samba_version_string[SAMBA_EXTENDED_INFO_VERSION_STRING_LENGTH];
+};
+
#endif /* _SMB_H */
Modified: branches/samba/upstream/source/include/version.h
===================================================================
--- branches/samba/upstream/source/include/version.h 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/include/version.h 2008-03-09 10:22:43 UTC (rev 1755)
@@ -2,5 +2,6 @@
#define SAMBA_VERSION_MAJOR 3
#define SAMBA_VERSION_MINOR 0
#define SAMBA_VERSION_RELEASE 28
-#define SAMBA_VERSION_OFFICIAL_STRING "3.0.28"
+#define SAMBA_VERSION_REVISION "a"
+#define SAMBA_VERSION_OFFICIAL_STRING "3.0.28a"
#define SAMBA_VERSION_STRING samba_version_string()
Modified: branches/samba/upstream/source/lib/charcnv.c
===================================================================
--- branches/samba/upstream/source/lib/charcnv.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/lib/charcnv.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -525,7 +525,7 @@
size_t convert_string_allocate(TALLOC_CTX *ctx, charset_t from, charset_t to,
void const *src, size_t srclen, void *dst, BOOL allow_bad_conv)
{
- size_t i_len, o_len, destlen = MAX(srclen, 512);
+ size_t i_len, o_len, destlen = (srclen * 3) / 2;
size_t retval;
const char *inbuf = (const char *)src;
char *outbuf = NULL, *ob = NULL;
@@ -551,7 +551,8 @@
convert:
- if ((destlen*2) < destlen) {
+ /* +2 is for ucs2 null termination. */
+ if ((destlen*2)+2 < destlen) {
/* wrapped ! abort. */
if (!conv_silent)
DEBUG(0, ("convert_string_allocate: destlen wrapped !\n"));
@@ -562,10 +563,11 @@
destlen = destlen * 2;
}
+ /* +2 is for ucs2 null termination. */
if (ctx) {
- ob = (char *)TALLOC_REALLOC(ctx, ob, destlen);
+ ob = (char *)TALLOC_REALLOC(ctx, ob, destlen + 2);
} else {
- ob = (char *)SMB_REALLOC(ob, destlen);
+ ob = (char *)SMB_REALLOC(ob, destlen + 2);
}
if (!ob) {
@@ -611,9 +613,10 @@
destlen = destlen - o_len;
if (ctx) {
- ob = (char *)TALLOC_REALLOC(ctx,ob,destlen);
+ /* We're shrinking here so we know the +2 is safe from wrap. */
+ ob = (char *)TALLOC_REALLOC(ctx,ob,destlen + 2);
} else {
- ob = (char *)SMB_REALLOC(ob,destlen);
+ ob = (char *)SMB_REALLOC(ob,destlen + 2);
}
if (destlen && !ob) {
@@ -622,6 +625,11 @@
}
*dest = ob;
+
+ /* Must ucs2 null terminate in the extra space we allocated. */
+ ob[destlen] = '\0';
+ ob[destlen+1] = '\0';
+
return destlen;
use_as_is:
Modified: branches/samba/upstream/source/lib/clobber.c
===================================================================
--- branches/samba/upstream/source/lib/clobber.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/lib/clobber.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -54,7 +54,11 @@
* (This is not redundant with the clobbering above. The
* marking might not actually take effect if we're not running
* under valgrind.) */
+#if defined(VALGRIND_MAKE_MEM_UNDEFINED)
+ VALGRIND_MAKE_MEM_UNDEFINED(dest, len);
+#elif defined(VALGRIND_MAKE_WRITABLE)
VALGRIND_MAKE_WRITABLE(dest, len);
+#endif
#endif /* VALGRIND */
#endif /* DEVELOPER */
}
Added: branches/samba/upstream/source/lib/ldap_debug_handler.c
===================================================================
--- branches/samba/upstream/source/lib/ldap_debug_handler.c (rev 0)
+++ branches/samba/upstream/source/lib/ldap_debug_handler.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -0,0 +1,52 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Intercept libldap debug output.
+ * Copyright (C) Michael Adam 2008
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+#if HAVE_LDAP
+
+static void samba_ldap_log_print_fn(LDAP_CONST char *data)
+{
+ DEBUG(lp_ldap_debug_threshold(), ("[LDAP] %s", data));
+}
+
+#endif
+
+void init_ldap_debugging(void)
+{
+#if defined(HAVE_LDAP) && defined(HAVE_LBER_LOG_PRINT_FN)
+ int ret;
+ int ldap_debug_level = lp_ldap_debug_level();
+
+ ret = ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &ldap_debug_level);
+ if (ret != LDAP_OPT_SUCCESS) {
+ DEBUG(10, ("Error setting LDAP debug level.\n"));
+ }
+
+ if (ldap_debug_level == 0) {
+ return;
+ }
+
+ ret = ber_set_option(NULL, LBER_OPT_LOG_PRINT_FN,
+ (void *)samba_ldap_log_print_fn);
+ if (ret != LBER_OPT_SUCCESS) {
+ DEBUG(10, ("Error setting LBER log print function.\n"));
+ }
+#endif /* HAVE_LDAP && HAVE_LBER_LOG_PRINT_FN */
+}
Modified: branches/samba/upstream/source/lib/replace/getpass.c
===================================================================
--- branches/samba/upstream/source/lib/replace/getpass.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/lib/replace/getpass.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -20,6 +20,19 @@
#include "replace.h"
+#if defined(REPLACE_GETPASS_BY_GETPASSPHRASE)
+
+#if defined(HAVE_STDIO_H)
+#include <stdio.h>
+#endif
+
+char *getsmbpass(const char *prompt)
+{
+ return getpassphrase(prompt);
+}
+
+#else /* !REPLACE_GETPASS_BY_GETPASSPHRASE */
+
#if defined(HAVE_TERMIOS_H)
/* POSIX terminal handling. */
#include <termios.h>
@@ -210,3 +223,5 @@
void getsmbpasswd_dummy(void);
void getsmbpasswd_dummy(void) {;}
#endif
+
+#endif /* REPLACE_GETPASS_BY_GETPASSPHRASE */
Modified: branches/samba/upstream/source/lib/replace/getpass.m4
===================================================================
--- branches/samba/upstream/source/lib/replace/getpass.m4 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/lib/replace/getpass.m4 2008-03-09 10:22:43 UTC (rev 1755)
@@ -1,3 +1,11 @@
+AC_CHECK_FUNC(getpass, samba_cv_HAVE_GETPASS=yes)
+AC_CHECK_FUNC(getpassphrase, samba_cv_HAVE_GETPASSPHRASE=yes)
+if test x"$samba_cv_HAVE_GETPASS" = x"yes" -a x"$samba_cv_HAVE_GETPASSPHRASE" = x"yes"; then
+ AC_DEFINE(REPLACE_GETPASS_BY_GETPASSPHRASE, 1, [getpass returns <9 chars where getpassphrase returns <265 chars])
+ AC_DEFINE(REPLACE_GETPASS,1,[Whether getpass should be replaced])
+ LIBREPLACEOBJ="${LIBREPLACEOBJ} getpass.o"
+else
+
AC_CACHE_CHECK([whether getpass should be replaced],samba_cv_REPLACE_GETPASS,[
SAVE_CPPFLAGS="$CPPFLAGS"
CPPFLAGS="$CPPFLAGS -I$libreplacedir/"
@@ -15,3 +23,5 @@
AC_DEFINE(REPLACE_GETPASS,1,[Whether getpass should be replaced])
LIBREPLACEOBJ="${LIBREPLACEOBJ} getpass.o"
fi
+
+fi
Modified: branches/samba/upstream/source/lib/replace/libreplace.m4
===================================================================
--- branches/samba/upstream/source/lib/replace/libreplace.m4 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/lib/replace/libreplace.m4 2008-03-09 10:22:43 UTC (rev 1755)
@@ -99,8 +99,8 @@
AC_CHECK_HEADERS(sys/socket.h netinet/in.h netdb.h arpa/inet.h)
AC_CHECK_HEADERS(netinet/ip.h netinet/tcp.h netinet/in_systm.h netinet/in_ip.h)
AC_CHECK_HEADERS(sys/sockio.h sys/un.h)
+AC_CHECK_HEADERS(stropts.h)
-
dnl we need to check that net/if.h really can be used, to cope with hpux
dnl where including it always fails
AC_CACHE_CHECK([for usable net/if.h],libreplace_cv_USABLE_NET_IF_H,[
Modified: branches/samba/upstream/source/lib/replace/system/network.h
===================================================================
--- branches/samba/upstream/source/lib/replace/system/network.h 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/lib/replace/system/network.h 2008-03-09 10:22:43 UTC (rev 1755)
@@ -74,6 +74,10 @@
#include <sys/ioctl.h>
#endif
+#ifdef HAVE_STROPTS_H
+#include <stropts.h>
+#endif
+
#ifdef SOCKET_WRAPPER
#ifndef SOCKET_WRAPPER_NOT_REPLACE
#define SOCKET_WRAPPER_REPLACE
Modified: branches/samba/upstream/source/lib/system.c
===================================================================
--- branches/samba/upstream/source/lib/system.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/lib/system.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -2161,9 +2161,10 @@
#elif defined(HAVE_ATTROPEN)
int ret = -1;
int myflags = O_RDWR;
+ int attrfd;
if (flags & XATTR_CREATE) myflags |= O_EXCL;
if (!(flags & XATTR_REPLACE)) myflags |= O_CREAT;
- int attrfd = solaris_attropen(path, name, myflags, (mode_t) SOLARIS_ATTRMODE);
+ attrfd = solaris_attropen(path, name, myflags, (mode_t) SOLARIS_ATTRMODE);
if (attrfd >= 0) {
ret = solaris_write_xattr(attrfd, value, size);
close(attrfd);
@@ -2224,9 +2225,10 @@
#elif defined(HAVE_ATTROPEN)
int ret = -1;
int myflags = O_RDWR | AT_SYMLINK_NOFOLLOW;
+ int attrfd;
if (flags & XATTR_CREATE) myflags |= O_EXCL;
if (!(flags & XATTR_REPLACE)) myflags |= O_CREAT;
- int attrfd = solaris_attropen(path, name, myflags, (mode_t) SOLARIS_ATTRMODE);
+ attrfd = solaris_attropen(path, name, myflags, (mode_t) SOLARIS_ATTRMODE);
if (attrfd >= 0) {
ret = solaris_write_xattr(attrfd, value, size);
close(attrfd);
@@ -2288,9 +2290,10 @@
#elif defined(HAVE_ATTROPEN)
int ret = -1;
int myflags = O_RDWR | O_XATTR;
+ int attrfd;
if (flags & XATTR_CREATE) myflags |= O_EXCL;
if (!(flags & XATTR_REPLACE)) myflags |= O_CREAT;
- int attrfd = solaris_openat(filedes, name, myflags, (mode_t) SOLARIS_ATTRMODE);
+ attrfd = solaris_openat(filedes, name, myflags, (mode_t) SOLARIS_ATTRMODE);
if (attrfd >= 0) {
ret = solaris_write_xattr(attrfd, value, size);
close(attrfd);
Modified: branches/samba/upstream/source/lib/util_str.c
===================================================================
--- branches/samba/upstream/source/lib/util_str.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/lib/util_str.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -394,7 +394,11 @@
NOTE: oldc and newc must be 7 bit characters
**/
-void string_replace( pstring s, char oldc, char newc )
+/**
+ String replace.
+ NOTE: oldc and newc must be 7 bit characters
+**/
+void string_replace( char *s, char oldc, char newc )
{
char *p;
@@ -406,8 +410,9 @@
for (p = s; *p; p++) {
if (*p & 0x80) /* mb string - slow path. */
break;
- if (*p == oldc)
+ if (*p == oldc) {
*p = newc;
+ }
}
if (!*p)
@@ -418,9 +423,18 @@
/* With compose characters we must restart from the beginning. JRA. */
p = s;
#endif
- push_ucs2(NULL, tmpbuf, p, sizeof(tmpbuf), STR_TERMINATE);
- string_replace_w(tmpbuf, UCS2_CHAR(oldc), UCS2_CHAR(newc));
- pull_ucs2(NULL, p, tmpbuf, -1, sizeof(tmpbuf), STR_TERMINATE);
+
+ while (*p) {
+ size_t c_size;
+ next_codepoint(p, &c_size);
+
+ if (c_size == 1) {
+ if (*p == oldc) {
+ *p = newc;
+ }
+ }
+ p += c_size;
+ }
}
/**
Modified: branches/samba/upstream/source/libads/kerberos.c
===================================================================
--- branches/samba/upstream/source/libads/kerberos.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/libads/kerberos.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -362,7 +362,62 @@
return salt;
}
+/************************************************************************
+ Routine to get the default realm from the kerberos credentials cache.
+ Caller must free if the return value is not NULL.
+************************************************************************/
+char *kerberos_get_default_realm_from_ccache( void )
+{
+ char *realm = NULL;
+ krb5_context ctx = NULL;
+ krb5_ccache cc = NULL;
+ krb5_principal princ = NULL;
+
+ initialize_krb5_error_table();
+ if (krb5_init_context(&ctx)) {
+ return NULL;
+ }
+
+ DEBUG(5,("kerberos_get_default_realm_from_ccache: "
+ "Trying to read krb5 cache: %s\n",
+ krb5_cc_default_name(ctx)));
+ if (krb5_cc_default(ctx, &cc)) {
+ DEBUG(0,("kerberos_get_default_realm_from_ccache: "
+ "failed to read default cache\n"));
+ goto out;
+ }
+ if (krb5_cc_get_principal(ctx, cc, &princ)) {
+ DEBUG(0,("kerberos_get_default_realm_from_ccache: "
+ "failed to get default principal\n"));
+ goto out;
+ }
+
+#if defined(HAVE_KRB5_PRINCIPAL_GET_REALM)
+ realm = SMB_STRDUP(krb5_principal_get_realm(ctx, princ));
+#elif defined(HAVE_KRB5_PRINC_REALM)
+ {
+ krb5_data *realm_data = krb5_princ_realm(ctx, princ);
+ realm = SMB_STRNDUP(realm_data->data, realm_data->length);
+ }
+#endif
+
+ out:
+
+ if (princ) {
+ krb5_free_principal(ctx, princ);
+ }
+ if (cc) {
+ krb5_cc_close(ctx, cc);
+ }
+ if (ctx) {
+ krb5_free_context(ctx);
+ }
+
+ return realm;
+}
+
+
/************************************************************************
Routine to get the salting principal for this service. This is
maintained for backwards compatibilty with releases prior to 3.0.24.
@@ -621,12 +676,16 @@
TALLOC_FREE(dname);
return False;
}
-
- file_contents = talloc_asprintf(fname, "[libdefaults]\n\tdefault_realm = %s\n\n"
- "[realms]\n\t%s = {\n"
- "\t%s\t}\n",
- realm_upper, realm_upper, kdc_ip_string);
+ file_contents = talloc_asprintf(fname,
+ "[libdefaults]\n\tdefault_realm = %s\n"
+ "default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
+ "default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
+ "preferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n\n"
+ "[realms]\n\t%s = {\n"
+ "\t%s\t}\n",
+ realm_upper, realm_upper, kdc_ip_string);
+
if (!file_contents) {
TALLOC_FREE(dname);
return False;
Modified: branches/samba/upstream/source/libads/sasl.c
===================================================================
--- branches/samba/upstream/source/libads/sasl.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/libads/sasl.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -137,10 +137,81 @@
}
#ifdef HAVE_KRB5
+struct ads_service_principal {
+ char *string;
+#ifdef HAVE_GSSAPI
+ gss_name_t name;
+#endif
+};
+
+static void ads_free_service_principal(struct ads_service_principal *p)
+{
+ SAFE_FREE(p->string);
+
+#ifdef HAVE_GSSAPI
+ if (p->name) {
+ uint32 minor_status;
+ gss_release_name(&minor_status, &p->name);
+ }
+#endif
+ ZERO_STRUCTP(p);
+}
+
+static ADS_STATUS ads_generate_service_principal(ADS_STRUCT *ads,
+ const char *given_principal,
+ struct ads_service_principal *p)
+{
+ ADS_STATUS status;
+#ifdef HAVE_GSSAPI
+ gss_buffer_desc input_name;
+ /* GSS_KRB5_NT_PRINCIPAL_NAME */
+ gss_OID_desc nt_principal =
+ {10, CONST_DISCARD(char *, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01")};
+ uint32 minor_status;
+ int gss_rc;
+#endif
+
+ ZERO_STRUCTP(p);
+
+ /* I've seen a child Windows 2000 domain not send
+ the principal name back in the first round of
+ the SASL bind reply. So we guess based on server
+ name and realm. --jerry */
+ /* Also try best guess when we get the w2k8 ignore
+ principal back - gd */
+
+ if (!given_principal ||
+ strequal(given_principal, ADS_IGNORE_PRINCIPAL)) {
+
+ status = ads_guess_service_principal(ads, &p->string);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+ } else {
+ p->string = SMB_STRDUP(given_principal);
+ if (!p->string) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+ }
+
+#ifdef HAVE_GSSAPI
+ input_name.value = p->string;
+ input_name.length = strlen(p->string);
+
+ gss_rc = gss_import_name(&minor_status, &input_name, &nt_principal, &p->name);
+ if (gss_rc) {
+ ads_free_service_principal(p);
+ return ADS_ERROR_GSS(gss_rc, minor_status);
+ }
+#endif
+
+ return ADS_SUCCESS;
+}
+
/*
perform a LDAP/SASL/SPNEGO/KRB5 bind
*/
-static ADS_STATUS ads_sasl_spnego_krb5_bind(ADS_STRUCT *ads, const char *principal)
+static ADS_STATUS ads_sasl_spnego_rawkrb5_bind(ADS_STRUCT *ads, const char *principal)
{
DATA_BLOB blob = data_blob(NULL, 0);
struct berval cred, *scred = NULL;
@@ -167,6 +238,13 @@
return ADS_ERROR(rc);
}
+
+static ADS_STATUS ads_sasl_spnego_krb5_bind(ADS_STRUCT *ads,
+ struct ads_service_principal *p)
+{
+ return ads_sasl_spnego_rawkrb5_bind(ads, p->string);
+}
+
#endif
/*
@@ -178,7 +256,7 @@
int rc, i;
ADS_STATUS status;
DATA_BLOB blob;
- char *principal = NULL;
+ char *given_principal = NULL;
char *OIDs[ASN1_MAX_OIDS];
#ifdef HAVE_KRB5
BOOL got_kerberos_mechanism = False;
@@ -201,7 +279,7 @@
/* the server sent us the first part of the SPNEGO exchange in the negprot
reply */
- if (!spnego_parse_negTokenInit(blob, OIDs, &principal)) {
+ if (!spnego_parse_negTokenInit(blob, OIDs, &given_principal)) {
data_blob_free(&blob);
status = ADS_ERROR(LDAP_OPERATIONS_ERROR);
goto failed;
@@ -219,42 +297,23 @@
#endif
free(OIDs[i]);
}
- DEBUG(3,("ads_sasl_spnego_bind: got server principal name = %s\n", principal));
+ DEBUG(3,("ads_sasl_spnego_bind: got server principal name = %s\n", given_principal));
#ifdef HAVE_KRB5
if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) &&
got_kerberos_mechanism)
{
- /* I've seen a child Windows 2000 domain not send
- the principal name back in the first round of
- the SASL bind reply. So we guess based on server
- name and realm. --jerry */
- if ( !principal ) {
- if ( ads->server.realm && ads->server.ldap_server ) {
- char *server, *server_realm;
-
- server = SMB_STRDUP( ads->server.ldap_server );
- server_realm = SMB_STRDUP( ads->server.realm );
-
- if ( !server || !server_realm )
- return ADS_ERROR(LDAP_NO_MEMORY);
+ struct ads_service_principal p;
- strlower_m( server );
- strupper_m( server_realm );
- asprintf( &principal, "ldap/%s@%s", server, server_realm );
+ status = ads_generate_service_principal(ads, given_principal, &p);
+ SAFE_FREE(given_principal);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
- SAFE_FREE( server );
- SAFE_FREE( server_realm );
-
- if ( !principal )
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- }
-
- status = ads_sasl_spnego_krb5_bind(ads, principal);
+ status = ads_sasl_spnego_krb5_bind(ads, &p);
if (ADS_ERR_OK(status)) {
- SAFE_FREE(principal);
+ ads_free_service_principal(&p);
return status;
}
@@ -264,20 +323,27 @@
status = ADS_ERROR_KRB5(ads_kinit_password(ads));
if (ADS_ERR_OK(status)) {
- status = ads_sasl_spnego_krb5_bind(ads, principal);
+ status = ads_sasl_spnego_krb5_bind(ads, &p);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(0,("kinit succeeded but "
+ "ads_sasl_spnego_krb5_bind failed: %s\n",
+ ads_errstr(status)));
+ }
}
+ ads_free_service_principal(&p);
+
/* only fallback to NTLMSSP if allowed */
if (ADS_ERR_OK(status) ||
!(ads->auth.flags & ADS_AUTH_ALLOW_NTLMSSP)) {
- SAFE_FREE(principal);
return status;
}
+ } else
+#endif
+ {
+ SAFE_FREE(given_principal);
}
-#endif
- SAFE_FREE(principal);
-
/* lets do NTLMSSP ... this has the big advantage that we don't need
to sync clocks, and we don't rely on special versions of the krb5
library for HMAC_MD4 encryption */
Modified: branches/samba/upstream/source/libads/util.c
===================================================================
--- branches/samba/upstream/source/libads/util.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/libads/util.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -52,4 +52,61 @@
SAFE_FREE(password);
return ret;
}
+
+ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads,
+ char **returned_principal)
+{
+ char *princ = NULL;
+
+ if (ads->server.realm && ads->server.ldap_server) {
+ char *server, *server_realm;
+
+ server = SMB_STRDUP(ads->server.ldap_server);
+ server_realm = SMB_STRDUP(ads->server.realm);
+
+ if (!server || !server_realm) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ strlower_m(server);
+ strupper_m(server_realm);
+ asprintf(&princ, "ldap/%s@%s", server, server_realm);
+
+ SAFE_FREE(server);
+ SAFE_FREE(server_realm);
+
+ if (!princ) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+ } else if (ads->config.realm && ads->config.ldap_server_name) {
+ char *server, *server_realm;
+
+ server = SMB_STRDUP(ads->config.ldap_server_name);
+ server_realm = SMB_STRDUP(ads->config.realm);
+
+ if (!server || !server_realm) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ strlower_m(server);
+ strupper_m(server_realm);
+ asprintf(&princ, "ldap/%s@%s", server, server_realm);
+
+ SAFE_FREE(server);
+ SAFE_FREE(server_realm);
+
+ if (!princ) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+ }
+
+ if (!princ) {
+ return ADS_ERROR(LDAP_PARAM_ERROR);
+ }
+
+ *returned_principal = princ;
+
+ return ADS_SUCCESS;
+}
+
#endif
Modified: branches/samba/upstream/source/libmsrpc/cac_samr.c
===================================================================
--- branches/samba/upstream/source/libmsrpc/cac_samr.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/libmsrpc/cac_samr.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -365,10 +365,8 @@
POLICY_HND *user_out = NULL;
uint32 rid_out;
+ uint32 acct_flags=0;
- /**found in rpcclient/cmd_samr.c*/
- uint32 unknown = 0xe005000b;
-
if ( !hnd )
return CAC_FAILURE;
@@ -395,10 +393,16 @@
return CAC_FAILURE;
}
+ acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
+ SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
+ SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
+ SAMR_USER_SETATTR;
+ DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
+
hnd->status =
rpccli_samr_create_dom_user( pipe_hnd, mem_ctx,
op->in.dom_hnd, op->in.name,
- op->in.acb_mask, unknown,
+ op->in.acb_mask, acct_flags,
user_out, &rid_out );
if ( !NT_STATUS_IS_OK( hnd->status ) )
Modified: branches/samba/upstream/source/libsmb/cliconnect.c
===================================================================
--- branches/samba/upstream/source/libsmb/cliconnect.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/libsmb/cliconnect.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -40,6 +40,8 @@
{-1,NULL}
};
+static const char *star_smbserver_name = "*SMBSERVER";
+
/**
* Set the user session key for a connection
* @param cli The cli structure to add it too
@@ -628,7 +630,7 @@
if (!cli_session_setup_blob(cli, negTokenTarg, session_key_krb5)) {
data_blob_free(&negTokenTarg);
data_blob_free(&session_key_krb5);
- ADS_ERROR_NT(cli_nt_error(cli));
+ return ADS_ERROR_NT(cli_nt_error(cli));
}
cli_set_session_key(cli, session_key_krb5);
@@ -861,11 +863,56 @@
}
}
- rc = cli_session_setup_kerberos(cli, principal, domain);
- if (ADS_ERR_OK(rc) || !cli->fallback_after_kerberos) {
+ /* If we get a bad principal, try to guess it if
+ we have a valid host NetBIOS name.
+ */
+ if (strequal(principal, ADS_IGNORE_PRINCIPAL)) {
SAFE_FREE(principal);
- return rc;
}
+ if (principal == NULL &&
+ !is_ipaddress(cli->desthost) &&
+ !strequal(star_smbserver_name,
+ cli->desthost)) {
+ char *realm = NULL;
+ char *machine = NULL;
+ char *host = NULL;
+ DEBUG(3,("cli_session_setup_spnego: got a "
+ "bad server principal, trying to guess ...\n"));
+
+ host = strchr_m(cli->desthost, '.');
+ if (host) {
+ machine = SMB_STRNDUP(cli->desthost,
+ host - cli->desthost);
+ } else {
+ machine = SMB_STRDUP(cli->desthost);
+ }
+ if (machine == NULL) {
+ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ }
+
+ realm = kerberos_get_default_realm_from_ccache();
+ if (realm && *realm) {
+ if (asprintf(&principal, "%s$@%s",
+ machine, realm) < 0) {
+ SAFE_FREE(machine);
+ SAFE_FREE(realm);
+ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ }
+ DEBUG(3,("cli_session_setup_spnego: guessed "
+ "server principal=%s\n",
+ principal ? principal : "<null>"));
+ }
+ SAFE_FREE(machine);
+ SAFE_FREE(realm);
+ }
+
+ if (principal) {
+ rc = cli_session_setup_kerberos(cli, principal, domain);
+ if (ADS_ERR_OK(rc) || !cli->fallback_after_kerberos) {
+ SAFE_FREE(principal);
+ return rc;
+ }
+ }
}
#endif
@@ -1412,7 +1459,7 @@
char *p;
/* reasonable default hostname */
- if (!host) host = "*SMBSERVER";
+ if (!host) host = star_smbserver_name;
fstrcpy(cli->desthost, host);
@@ -1527,8 +1574,8 @@
*p = 0;
goto again;
}
- if (strcmp(called.name, "*SMBSERVER")) {
- make_nmb_name(&called , "*SMBSERVER", 0x20);
+ if (strcmp(called.name, star_smbserver_name)) {
+ make_nmb_name(&called , star_smbserver_name, 0x20);
goto again;
}
return NT_STATUS_BAD_NETWORK_NAME;
@@ -1652,7 +1699,7 @@
*/
if(is_ipaddress(desthost)) {
- make_nmb_name(&called, "*SMBSERVER", 0x20);
+ make_nmb_name(&called, star_smbserver_name, 0x20);
} else {
make_nmb_name(&called, desthost, 0x20);
}
@@ -1661,7 +1708,7 @@
NTSTATUS status;
struct nmb_name smbservername;
- make_nmb_name(&smbservername , "*SMBSERVER", 0x20);
+ make_nmb_name(&smbservername, star_smbserver_name, 0x20);
/*
* If the name wasn't *SMBSERVER then
Modified: branches/samba/upstream/source/libsmb/clierror.c
===================================================================
--- branches/samba/upstream/source/libsmb/clierror.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/libsmb/clierror.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -469,3 +469,15 @@
SSVAL(cli->inbuf,smb_flg2, SVAL(cli->inbuf,smb_flg2)|FLAGS2_32_BIT_ERROR_CODES);
SIVAL(cli->inbuf, smb_rcls, NT_STATUS_V(status));
}
+
+/* Reset an error. */
+
+void cli_reset_error(struct cli_state *cli)
+{
+ if (SVAL(cli->inbuf,smb_flg2) & FLAGS2_32_BIT_ERROR_CODES) {
+ SIVAL(cli->inbuf, smb_rcls, NT_STATUS_V(NT_STATUS_OK));
+ } else {
+ SCVAL(cli->inbuf,smb_rcls,0);
+ SSVAL(cli->inbuf,smb_err,0);
+ }
+}
Modified: branches/samba/upstream/source/libsmb/clikrb5.c
===================================================================
--- branches/samba/upstream/source/libsmb/clikrb5.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/libsmb/clikrb5.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -336,8 +336,8 @@
got_auth_data_pac = unwrap_pac(mem_ctx, &auth_data_wrapped, auth_data);
data_blob_free(&auth_data_wrapped);
- if (!got_auth_data_pac) {
- continue;
+ if (got_auth_data_pac) {
+ return true;
}
}
@@ -363,9 +363,9 @@
/* check if it is a PAC */
got_auth_data_pac = unwrap_pac(mem_ctx, &auth_data_wrapped, auth_data);
data_blob_free(&auth_data_wrapped);
-
- if (!got_auth_data_pac) {
- continue;
+
+ if (got_auth_data_pac) {
+ return true;
}
}
Modified: branches/samba/upstream/source/libsmb/clilist.c
===================================================================
--- branches/samba/upstream/source/libsmb/clilist.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/libsmb/clilist.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -247,7 +247,7 @@
&rparam, ¶m_len,
&rdata, &data_len) &&
cli_is_dos_error(cli)) {
- /* we need to work around a Win95 bug - sometimes
+ /* We need to work around a Win95 bug - sometimes
it gives ERRSRV/ERRerror temprarily */
uint8 eclass;
uint32 ecode;
@@ -256,6 +256,20 @@
SAFE_FREE(rparam);
cli_dos_error(cli, &eclass, &ecode);
+
+ /*
+ * OS/2 might return "no more files",
+ * which just tells us, that searchcount is zero
+ * in this search.
+ * Guenter Kukkukk <linux at kukkukk.com>
+ */
+
+ if (eclass == ERRDOS && ecode == ERRnofiles) {
+ ff_searchcount = 0;
+ cli_reset_error(cli);
+ break;
+ }
+
if (eclass != ERRSRV || ecode != ERRerror)
break;
smb_msleep(100);
Modified: branches/samba/upstream/source/libsmb/clitrans.c
===================================================================
--- branches/samba/upstream/source/libsmb/clitrans.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/libsmb/clitrans.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -95,14 +95,9 @@
return False;
}
- /* Note we're in a trans state. Save the sequence
- * numbers for replies. */
- client_set_trans_sign_state_on(cli, mid);
-
if (this_ldata < ldata || this_lparam < lparam) {
/* receive interim response */
if (!cli_receive_smb(cli) || cli_is_error(cli)) {
- client_set_trans_sign_state_off(cli, mid);
return(False);
}
@@ -144,7 +139,6 @@
show_msg(cli->outbuf);
if (!cli_send_smb(cli)) {
- client_set_trans_sign_state_off(cli, mid);
return False;
}
@@ -323,7 +317,6 @@
out:
- client_set_trans_sign_state_off(cli, SVAL(cli->inbuf,smb_mid));
return ret;
}
@@ -391,14 +384,9 @@
return False;
}
- /* Note we're in a trans state. Save the sequence
- * numbers for replies. */
- client_set_trans_sign_state_on(cli, mid);
-
if (this_ldata < ldata || this_lparam < lparam) {
/* receive interim response */
if (!cli_receive_smb(cli) || cli_is_error(cli)) {
- client_set_trans_sign_state_off(cli, mid);
return(False);
}
@@ -440,7 +428,6 @@
show_msg(cli->outbuf);
if (!cli_send_smb(cli)) {
- client_set_trans_sign_state_off(cli, mid);
return False;
}
@@ -640,6 +627,5 @@
out:
- client_set_trans_sign_state_off(cli, SVAL(cli->inbuf,smb_mid));
return ret;
}
Modified: branches/samba/upstream/source/libsmb/nmblib.c
===================================================================
--- branches/samba/upstream/source/libsmb/nmblib.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/libsmb/nmblib.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -702,6 +702,8 @@
if (!p)
return(NULL);
+ ZERO_STRUCTP(p); /* initialize for possible padding */
+
p->next = NULL;
p->prev = NULL;
p->ip = lastip;
Modified: branches/samba/upstream/source/libsmb/smb_signing.c
===================================================================
--- branches/samba/upstream/source/libsmb/smb_signing.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/libsmb/smb_signing.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -26,7 +26,6 @@
struct outstanding_packet_lookup *prev, *next;
uint16 mid;
uint32 reply_seq_num;
- BOOL can_delete; /* Set to False in trans state. */
};
struct smb_basic_signing_context {
@@ -43,7 +42,9 @@
/* Ensure we only add a mid once. */
for (t = *list; t; t = t->next) {
if (t->mid == mid) {
- return False;
+ DLIST_REMOVE(*list, t);
+ SAFE_FREE(t);
+ break;
}
}
@@ -52,7 +53,6 @@
t->mid = mid;
t->reply_seq_num = reply_seq_num;
- t->can_delete = True;
/*
* Add to the *start* of the list not the end of the list.
@@ -79,29 +79,14 @@
*reply_seq_num = t->reply_seq_num;
DEBUG(10,("get_sequence_for_reply: found seq = %u mid = %u\n",
(unsigned int)t->reply_seq_num, (unsigned int)t->mid ));
- if (t->can_delete) {
- DLIST_REMOVE(*list, t);
- SAFE_FREE(t);
- }
+ DLIST_REMOVE(*list, t);
+ SAFE_FREE(t);
return True;
}
}
return False;
}
-static BOOL set_sequence_can_delete_flag(struct outstanding_packet_lookup **list, uint16 mid, BOOL can_delete_entry)
-{
- struct outstanding_packet_lookup *t;
-
- for (t = *list; t; t = t->next) {
- if (t->mid == mid) {
- t->can_delete = can_delete_entry;
- return True;
- }
- }
- return False;
-}
-
/***********************************************************
SMB signing - Common code before we set a new signing implementation
************************************************************/
@@ -604,60 +589,6 @@
}
/***********************************************************
- Enter trans/trans2/nttrans state.
-************************************************************/
-
-BOOL client_set_trans_sign_state_on(struct cli_state *cli, uint16 mid)
-{
- struct smb_sign_info *si = &cli->sign_info;
- struct smb_basic_signing_context *data = (struct smb_basic_signing_context *)si->signing_context;
-
- if (!si->doing_signing) {
- return True;
- }
-
- if (!data) {
- return False;
- }
-
- if (!set_sequence_can_delete_flag(&data->outstanding_packet_list, mid, False)) {
- return False;
- }
-
- return True;
-}
-
-/***********************************************************
- Leave trans/trans2/nttrans state.
-************************************************************/
-
-BOOL client_set_trans_sign_state_off(struct cli_state *cli, uint16 mid)
-{
- uint32 reply_seq_num;
- struct smb_sign_info *si = &cli->sign_info;
- struct smb_basic_signing_context *data = (struct smb_basic_signing_context *)si->signing_context;
-
- if (!si->doing_signing) {
- return True;
- }
-
- if (!data) {
- return False;
- }
-
- if (!set_sequence_can_delete_flag(&data->outstanding_packet_list, mid, True)) {
- return False;
- }
-
- /* Now delete the stored mid entry. */
- if (!get_sequence_for_reply(&data->outstanding_packet_list, mid, &reply_seq_num)) {
- return False;
- }
-
- return True;
-}
-
-/***********************************************************
SMB signing - Server implementation - send the MAC.
************************************************************/
Modified: branches/samba/upstream/source/libsmb/smbencrypt.c
===================================================================
--- branches/samba/upstream/source/libsmb/smbencrypt.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/libsmb/smbencrypt.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -444,7 +444,7 @@
the username and domain.
This prevents username swapping during the auth exchange
*/
- if (!ntv2_owf_gen(nt_hash, user, domain, True, ntlm_v2_hash)) {
+ if (!ntv2_owf_gen(nt_hash, user, domain, False, ntlm_v2_hash)) {
return False;
}
Modified: branches/samba/upstream/source/libsmb/trusts_util.c
===================================================================
--- branches/samba/upstream/source/libsmb/trusts_util.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/libsmb/trusts_util.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -41,7 +41,7 @@
already have valid creds. If not we must set them up. */
if (cli->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+ uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
result = rpccli_netlogon_setup_creds(cli,
cli->cli->desthost, /* server name */
Modified: branches/samba/upstream/source/libsmb/unexpected.c
===================================================================
--- branches/samba/upstream/source/libsmb/unexpected.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/libsmb/unexpected.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -59,6 +59,8 @@
len = build_packet(buf, p);
+ ZERO_STRUCT(key); /* needed for potential alignment */
+
key.packet_type = p->packet_type;
key.timestamp = p->timestamp;
key.count = count++;
@@ -81,6 +83,10 @@
{
struct unexpected_key key;
+ if (kbuf.dsize != sizeof(key)) {
+ tdb_delete(ttdb, kbuf);
+ }
+
memcpy(&key, kbuf.dptr, sizeof(key));
if (lastt - key.timestamp > NMBD_UNEXPECTED_TIMEOUT) {
@@ -120,6 +126,10 @@
struct unexpected_key key;
struct packet_struct *p;
+ if (kbuf.dsize != sizeof(key)) {
+ return 0;
+ }
+
memcpy(&key, kbuf.dptr, sizeof(key));
if (key.packet_type != match_type) return 0;
Modified: branches/samba/upstream/source/modules/vfs_default.c
===================================================================
--- branches/samba/upstream/source/modules/vfs_default.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/modules/vfs_default.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -444,7 +444,7 @@
START_PROFILE(syscall_rename);
result = rename(oldname, newname);
- if (errno == EXDEV) {
+ if ((result == -1) && (errno == EXDEV)) {
/* Rename across filesystems needed. */
result = copy_reg(oldname, newname);
}
Modified: branches/samba/upstream/source/modules/vfs_hpuxacl.c
===================================================================
--- branches/samba/upstream/source/modules/vfs_hpuxacl.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/modules/vfs_hpuxacl.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -141,7 +141,7 @@
{
SMB_ACL_T result = NULL;
int count;
- HPUX_ACL_T hpux_acl;
+ HPUX_ACL_T hpux_acl = NULL;
DEBUG(10, ("hpuxacl_sys_acl_get_file called for file '%s'.\n",
path_p));
@@ -215,7 +215,7 @@
{
int ret = -1;
SMB_STRUCT_STAT s;
- HPUX_ACL_T hpux_acl;
+ HPUX_ACL_T hpux_acl = NULL;
int count;
DEBUG(10, ("hpuxacl_sys_acl_set_file called for file '%s'\n",
Modified: branches/samba/upstream/source/modules/vfs_notify_fam.c
===================================================================
--- branches/samba/upstream/source/modules/vfs_notify_fam.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/modules/vfs_notify_fam.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -156,6 +156,9 @@
fam_event.filename));
switch (fam_event.code) {
+ case FAMChanged:
+ ne.action = NOTIFY_ACTION_MODIFIED;
+ break;
case FAMCreated:
ne.action = NOTIFY_ACTION_ADDED;
break;
Modified: branches/samba/upstream/source/nmbd/nmbd.c
===================================================================
--- branches/samba/upstream/source/nmbd/nmbd.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/nmbd/nmbd.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -150,23 +150,30 @@
/************************************************************************** **
Reload the list of network interfaces.
+ Doesn't return until a network interface is up.
************************************************************************** */
-static BOOL reload_interfaces(time_t t)
+static void reload_interfaces(time_t t)
{
static time_t lastt;
int n;
struct subnet_record *subrec;
- if (t && ((t - lastt) < NMBD_INTERFACES_RELOAD)) return False;
+ if (t && ((t - lastt) < NMBD_INTERFACES_RELOAD)) {
+ return;
+ }
lastt = t;
- if (!interfaces_changed()) return False;
+ if (!interfaces_changed()) {
+ return;
+ }
/* the list of probed interfaces has changed, we may need to add/remove
some subnets */
load_interfaces();
+ try_again:
+
/* find any interfaces that need adding */
for (n=iface_count() - 1; n >= 0; n--) {
struct interface *iface = get_interface(n);
@@ -221,15 +228,35 @@
close_subnet(subrec);
}
}
-
+
rescan_listen_set = True;
- /* We need to shutdown if there are no subnets... */
+ /* We need to wait if there are no subnets... */
if (FIRST_SUBNET == NULL) {
- DEBUG(0,("reload_interfaces: No subnets to listen to. Shutting down...\n"));
- return True;
+ void (*saved_handler)(int);
+
+ DEBUG(0,("reload_interfaces: "
+ "No subnets to listen to. Waiting..\n"));
+
+ /*
+ * Whilst we're waiting for an interface, allow SIGTERM to
+ * cause us to exit.
+ */
+
+ saved_handler = CatchSignal( SIGTERM, SIGNAL_CAST SIG_DFL );
+
+ while (iface_count() == 0) {
+ sleep(5);
+ load_interfaces();
+ }
+
+ /*
+ * We got an interface, restore our normal term handler.
+ */
+
+ CatchSignal( SIGTERM, SIGNAL_CAST saved_handler );
+ goto try_again;
}
- return False;
}
/**************************************************************************** **
@@ -267,8 +294,6 @@
/**************************************************************************** **
* React on 'smbcontrol nmbd reload-config' in the same way as to SIGHUP
- * We use buf here to return BOOL result to process() when reload_interfaces()
- * detects that there are no subnets.
**************************************************************************** */
static void msg_reload_nmbd_services(int msg_type, struct process_id src,
@@ -278,14 +303,7 @@
dump_all_namelists();
reload_nmbd_services( True );
reopen_logs();
-
- if(buf) {
- /* We were called from process() */
- /* If reload_interfaces() returned True */
- /* we need to shutdown if there are no subnets... */
- /* pass this info back to process() */
- *((BOOL*)buf) = reload_interfaces(0);
- }
+ reload_interfaces(0);
}
static void msg_nmbd_send_packet(int msg_type, struct process_id src,
@@ -348,7 +366,6 @@
static void process(void)
{
BOOL run_election;
- BOOL no_subnets;
while( True ) {
time_t t = time(NULL);
@@ -558,19 +575,16 @@
if(reload_after_sighup) {
DEBUG( 0, ( "Got SIGHUP dumping debug info.\n" ) );
msg_reload_nmbd_services(MSG_SMB_CONF_UPDATED,
- pid_to_procid(0), (void*) &no_subnets, 0, NULL);
- if(no_subnets)
- return;
+ pid_to_procid(0), NULL, 0, NULL);
reload_after_sighup = 0;
}
/* check for new network interfaces */
- if(reload_interfaces(t))
- return;
+ reload_interfaces(t);
/* free up temp memory */
- lp_TALLOC_FREE();
+ lp_TALLOC_FREE();
}
}
Modified: branches/samba/upstream/source/nmbd/nmbd_namelistdb.c
===================================================================
--- branches/samba/upstream/source/nmbd/nmbd_namelistdb.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/nmbd/nmbd_namelistdb.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -294,7 +294,6 @@
******************************************************************/
void standard_fail_register( struct subnet_record *subrec,
- struct response_record *rrec,
struct nmb_name *nmbname )
{
struct name_record *namerec;
Modified: branches/samba/upstream/source/nmbd/nmbd_nameregister.c
===================================================================
--- branches/samba/upstream/source/nmbd/nmbd_nameregister.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/nmbd/nmbd_nameregister.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -153,10 +153,11 @@
if( rrec->success_fn)
(*(register_name_success_function)rrec->success_fn)(subrec, rrec->userdata, answer_name, nb_flags, ttl, register_ip);
} else {
+ struct nmb_name qname = *question_name;
if( rrec->fail_fn)
(*(register_name_fail_function)rrec->fail_fn)(subrec, rrec, question_name);
/* Remove the name. */
- standard_fail_register( subrec, rrec, question_name);
+ standard_fail_register( subrec, &qname);
}
/* Ensure we don't retry. */
@@ -281,10 +282,11 @@
if( rrec->success_fn)
(*(register_name_success_function)rrec->success_fn)(subrec, rrec->userdata, question_name, nb_flags, ttl, registered_ip);
} else {
+ struct nmb_name qname = *question_name;
if( rrec->fail_fn)
(*(register_name_fail_function)rrec->fail_fn)(subrec, rrec, question_name);
/* Remove the name. */
- standard_fail_register( subrec, rrec, question_name);
+ standard_fail_register( subrec, &qname);
}
/* Ensure we don't retry. */
Modified: branches/samba/upstream/source/nmbd/nmbd_packets.c
===================================================================
--- branches/samba/upstream/source/nmbd/nmbd_packets.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/nmbd/nmbd_packets.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -1606,6 +1606,8 @@
for (subrec = FIRST_SUBNET; subrec; subrec = get_next_subnet_maybe_unicast_or_wins_server(subrec)) {
struct response_record *rrec, *nextrrec;
+ restart:
+
for (rrec = subrec->responselist; rrec; rrec = nextrrec) {
nextrrec = rrec->next;
@@ -1644,6 +1646,9 @@
no timeout function. */
remove_response_record(subrec, rrec);
}
+ /* We have changed subrec->responselist,
+ * restart from the beginning of this list. */
+ goto restart;
} /* !rrec->in_expitation_processing */
} /* rrec->repeat_count > 0 */
} /* rrec->repeat_time <= t */
Modified: branches/samba/upstream/source/nmbd/nmbd_responserecordsdb.c
===================================================================
--- branches/samba/upstream/source/nmbd/nmbd_responserecordsdb.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/nmbd/nmbd_responserecordsdb.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -32,26 +32,12 @@
static void add_response_record(struct subnet_record *subrec,
struct response_record *rrec)
{
- struct response_record *rrec2;
-
num_response_packets++; /* count of total number of packets still around */
DEBUG(4,("add_response_record: adding response record id:%hu to subnet %s. num_records:%d\n",
rrec->response_id, subrec->subnet_name, num_response_packets));
- if (!subrec->responselist) {
- subrec->responselist = rrec;
- rrec->prev = NULL;
- rrec->next = NULL;
- return;
- }
-
- for (rrec2 = subrec->responselist; rrec2->next; rrec2 = rrec2->next)
- ;
-
- rrec2->next = rrec;
- rrec->next = NULL;
- rrec->prev = rrec2;
+ DLIST_ADD_END(subrec->responselist, rrec, struct response_record *);
}
/***************************************************************************
@@ -61,14 +47,26 @@
void remove_response_record(struct subnet_record *subrec,
struct response_record *rrec)
{
- if (rrec->prev)
- rrec->prev->next = rrec->next;
- if (rrec->next)
- rrec->next->prev = rrec->prev;
+ /* It is possible this can be called twice,
+ with a rrec pointer that has been freed. So
+ before we inderect into rrec, search for it
+ on the responselist first. Bug #3617. JRA. */
- if (subrec->responselist == rrec)
- subrec->responselist = rrec->next;
+ struct response_record *p = NULL;
+ for (p = subrec->responselist; p; p = p->next) {
+ if (p == rrec) {
+ break;
+ }
+ }
+
+ if (p == NULL) {
+ /* We didn't find rrec on the list. */
+ return;
+ }
+
+ DLIST_REMOVE(subrec->responselist, rrec);
+
if(rrec->userdata) {
if(rrec->userdata->free_fn) {
(*rrec->userdata->free_fn)(rrec->userdata);
Modified: branches/samba/upstream/source/nsswitch/idmap.c
===================================================================
--- branches/samba/upstream/source/nsswitch/idmap.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/nsswitch/idmap.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -367,7 +367,7 @@
/* terminate */
dl[1] = NULL;
- dom_list = dl;
+ dom_list = (const char **)dl;
default_domain = dl[0];
}
@@ -906,7 +906,7 @@
if ( (dom = find_idmap_domain_from_sid( map->sid )) == NULL ) {
/* huh, couldn't find a suitable domain,
* let's just leave it unmapped */
- DEBUG(10, ("Could not find idmap backend for SID %s",
+ DEBUG(10, ("Could not find idmap backend for SID %s\n",
sid_string_static(map->sid)));
return NT_STATUS_NO_SUCH_DOMAIN;
}
Modified: branches/samba/upstream/source/nsswitch/pam_winbind.c
===================================================================
--- branches/samba/upstream/source/nsswitch/pam_winbind.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/nsswitch/pam_winbind.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -1028,7 +1028,9 @@
request.data.auth.krb5_cc_type[0] = '\0';
request.data.auth.uid = -1;
- request.flags = WBFLAG_PAM_INFO3_TEXT | WBFLAG_PAM_CONTACT_TRUSTDOM;
+ request.flags = WBFLAG_PAM_INFO3_TEXT |
+ WBFLAG_PAM_GET_PWD_POLICY |
+ WBFLAG_PAM_CONTACT_TRUSTDOM;
if (ctrl & (WINBIND_KRB5_AUTH|WINBIND_CACHED_LOGIN)) {
struct passwd *pwd = NULL;
Modified: branches/samba/upstream/source/nsswitch/winbind_nss_config.h
===================================================================
--- branches/samba/upstream/source/nsswitch/winbind_nss_config.h 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/nsswitch/winbind_nss_config.h 2008-03-09 10:22:43 UTC (rev 1755)
@@ -36,9 +36,9 @@
#include "lib/replace/replace.h"
#endif
-#include "system/passwd.h"
#include "system/filesys.h"
#include "system/network.h"
+#include "system/passwd.h"
#include "nsswitch/winbind_nss.h"
Modified: branches/samba/upstream/source/nsswitch/winbindd.c
===================================================================
--- branches/samba/upstream/source/nsswitch/winbindd.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/nsswitch/winbindd.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -541,7 +541,7 @@
if (*(uint32 *)(&state->request) != sizeof(state->request)) {
DEBUG(0,("request_len_recv: Invalid request size received: %d (expected %d)\n",
- *(uint32 *)(&state->request), sizeof(state->request)));
+ *(uint32 *)(&state->request), (uint32)sizeof(state->request)));
state->finished = True;
return;
}
Modified: branches/samba/upstream/source/nsswitch/winbindd_async.c
===================================================================
--- branches/samba/upstream/source/nsswitch/winbindd_async.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/nsswitch/winbindd_async.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -782,6 +782,12 @@
This is the second callback after contacting the forest root
********************************************************************/
+struct lookupname_state {
+ char *dom_name;
+ char *name;
+ void *caller_private_data;
+};
+
static void lookupname_recv2(TALLOC_CTX *mem_ctx, BOOL success,
struct winbindd_response *response,
void *c, void *private_data)
@@ -790,27 +796,28 @@
enum lsa_SidType type) =
(void (*)(void *, BOOL, const DOM_SID *, enum lsa_SidType))c;
DOM_SID sid;
+ struct lookupname_state *s = talloc_get_type_abort(private_data, struct lookupname_state);
if (!success) {
DEBUG(5, ("Could not trigger lookup_name\n"));
- cont(private_data, False, NULL, SID_NAME_UNKNOWN);
+ cont(s->caller_private_data, False, NULL, SID_NAME_UNKNOWN);
return;
}
if (response->result != WINBINDD_OK) {
DEBUG(5, ("lookup_name returned an error\n"));
- cont(private_data, False, NULL, SID_NAME_UNKNOWN);
+ cont(s->caller_private_data, False, NULL, SID_NAME_UNKNOWN);
return;
}
if (!string_to_sid(&sid, response->data.sid.sid)) {
DEBUG(0, ("Could not convert string %s to sid\n",
response->data.sid.sid));
- cont(private_data, False, NULL, SID_NAME_UNKNOWN);
+ cont(s->caller_private_data, False, NULL, SID_NAME_UNKNOWN);
return;
}
- cont(private_data, True, &sid,
+ cont(s->caller_private_data, True, &sid,
(enum lsa_SidType)response->data.sid.type);
}
@@ -826,36 +833,32 @@
enum lsa_SidType type) =
(void (*)(void *, BOOL, const DOM_SID *, enum lsa_SidType))c;
DOM_SID sid;
+ struct lookupname_state *s = talloc_get_type_abort(private_data, struct lookupname_state);
if (!success) {
DEBUG(5, ("lookupname_recv: lookup_name() failed!\n"));
- cont(private_data, False, NULL, SID_NAME_UNKNOWN);
+ cont(s->caller_private_data, False, NULL, SID_NAME_UNKNOWN);
return;
}
if (response->result != WINBINDD_OK) {
/* Try again using the forest root */
struct winbindd_domain *root_domain = find_root_domain();
- struct winbindd_cli_state *state = (struct winbindd_cli_state*)private_data;
- struct winbindd_request request;
- char *name_domain, *name_account;
-
+ struct winbindd_request request;
+
if ( !root_domain ) {
DEBUG(5,("lookupname_recv: unable to determine forest root\n"));
- cont(private_data, False, NULL, SID_NAME_UNKNOWN);
+ cont(s->caller_private_data, False, NULL, SID_NAME_UNKNOWN);
return;
}
- name_domain = state->request.data.name.dom_name;
- name_account = state->request.data.name.name;
-
ZERO_STRUCT(request);
request.cmd = WINBINDD_LOOKUPNAME;
- fstrcpy(request.data.name.dom_name, name_domain);
- fstrcpy(request.data.name.name, name_account);
+ fstrcpy(request.data.name.dom_name, s->dom_name);
+ fstrcpy(request.data.name.name, s->name);
do_async_domain(mem_ctx, root_domain, &request, lookupname_recv2,
- (void *)cont, private_data);
+ (void *)cont, s);
return;
}
@@ -863,11 +866,11 @@
if (!string_to_sid(&sid, response->data.sid.sid)) {
DEBUG(0, ("Could not convert string %s to sid\n",
response->data.sid.sid));
- cont(private_data, False, NULL, SID_NAME_UNKNOWN);
+ cont(s->caller_private_data, False, NULL, SID_NAME_UNKNOWN);
return;
}
- cont(private_data, True, &sid,
+ cont(s->caller_private_data, True, &sid,
(enum lsa_SidType)response->data.sid.type);
}
@@ -886,6 +889,7 @@
{
struct winbindd_request request;
struct winbindd_domain *domain;
+ struct lookupname_state *s;
if ( (domain = find_lookup_domain_from_name(dom_name)) == NULL ) {
DEBUG(5, ("Could not find domain for name %s\n", dom_name));
@@ -898,8 +902,23 @@
fstrcpy(request.data.name.dom_name, dom_name);
fstrcpy(request.data.name.name, name);
+ if ( (s = TALLOC_ZERO_P(mem_ctx, struct lookupname_state)) == NULL ) {
+ DEBUG(0, ("winbindd_lookupname_async: talloc failed\n"));
+ cont(private_data, False, NULL, SID_NAME_UNKNOWN);
+ return;
+ }
+
+ s->dom_name = talloc_strdup( s, dom_name );
+ s->name = talloc_strdup( s, name );
+ if (!s->dom_name || !s->name) {
+ cont(private_data, False, NULL, SID_NAME_UNKNOWN);
+ return;
+ }
+
+ s->caller_private_data = private_data;
+
do_async_domain(mem_ctx, domain, &request, lookupname_recv,
- (void *)cont, private_data);
+ (void *)cont, s);
}
enum winbindd_result winbindd_dual_lookupname(struct winbindd_domain *domain,
Modified: branches/samba/upstream/source/nsswitch/winbindd_cm.c
===================================================================
--- branches/samba/upstream/source/nsswitch/winbindd_cm.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/nsswitch/winbindd_cm.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -585,6 +585,44 @@
return True;
}
+/**
+ * Helper function to assemble trust password and account name
+ */
+static NTSTATUS get_trust_creds(const struct winbindd_domain *domain,
+ char **machine_password,
+ char **machine_account,
+ char **machine_krb5_principal)
+{
+ const char *account_name;
+
+ if (!get_trust_pw_clear(domain->name, machine_password,
+ &account_name, NULL))
+ {
+ return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+ }
+
+ if ((machine_account != NULL) &&
+ (asprintf(machine_account, "%s$", account_name) == -1))
+ {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /* this is at least correct when domain is our domain,
+ * which is the only case, when this is currently used: */
+ if (machine_krb5_principal != NULL)
+ {
+ if (asprintf(machine_krb5_principal, "%s$@%s",
+ account_name, domain->alt_name) == -1)
+ {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ strupper_m(*machine_krb5_principal);
+ }
+
+ return NT_STATUS_OK;
+}
+
/************************************************************************
Given a fd with a just-connected TCP connection to a DC, open a connection
to the pipe.
@@ -596,8 +634,12 @@
struct cli_state **cli,
BOOL *retry)
{
- char *machine_password, *machine_krb5_principal, *machine_account;
- char *ipc_username, *ipc_domain, *ipc_password;
+ char *machine_password = NULL;
+ char *machine_krb5_principal = NULL;
+ char *machine_account = NULL;
+ char *ipc_username = NULL;
+ char *ipc_domain = NULL;
+ char *ipc_password = NULL;
BOOL got_mutex;
@@ -611,23 +653,6 @@
DEBUG(10,("cm_prepare_connection: connecting to DC %s for domain %s\n",
controller, domain->name ));
- machine_password = secrets_fetch_machine_password(lp_workgroup(), NULL,
- NULL);
-
- if (asprintf(&machine_account, "%s$", global_myname()) == -1) {
- SAFE_FREE(machine_password);
- return NT_STATUS_NO_MEMORY;
- }
-
- if (asprintf(&machine_krb5_principal, "%s$@%s", global_myname(),
- lp_realm()) == -1) {
- SAFE_FREE(machine_account);
- SAFE_FREE(machine_password);
- return NT_STATUS_NO_MEMORY;
- }
-
- cm_get_ipc_userpass(&ipc_username, &ipc_domain, &ipc_password);
-
*retry = True;
got_mutex = secrets_named_mutex(controller,
@@ -684,10 +709,20 @@
result = NT_STATUS_UNSUCCESSFUL;
goto done;
}
-
- if ((*cli)->protocol >= PROTOCOL_NT1 && (*cli)->capabilities & CAP_EXTENDED_SECURITY) {
+
+ if (!is_trusted_domain_situation(domain->name) &&
+ (*cli)->protocol >= PROTOCOL_NT1 &&
+ (*cli)->capabilities & CAP_EXTENDED_SECURITY)
+ {
ADS_STATUS ads_status;
+ result = get_trust_creds(domain, &machine_password,
+ &machine_account,
+ &machine_krb5_principal);
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
+ }
+
if (lp_security() == SEC_ADS) {
/* Try a krb5 session */
@@ -700,7 +735,7 @@
ads_status = cli_session_setup_spnego(*cli,
machine_krb5_principal,
machine_password,
- lp_workgroup());
+ domain->name);
if (!ADS_ERR_OK(ads_status)) {
DEBUG(4,("failed kerberos session setup with %s\n",
@@ -710,7 +745,7 @@
result = ads_ntstatus(ads_status);
if (NT_STATUS_IS_OK(result)) {
/* Ensure creds are stored for NTLMSSP authenticated pipe access. */
- cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password);
+ cli_init_creds(*cli, machine_account, domain->name, machine_password);
goto session_setup_done;
}
}
@@ -720,12 +755,12 @@
DEBUG(5, ("connecting to %s from %s with username "
"[%s]\\[%s]\n", controller, global_myname(),
- lp_workgroup(), machine_account));
+ domain->name, machine_account));
ads_status = cli_session_setup_spnego(*cli,
machine_account,
machine_password,
- lp_workgroup());
+ domain->name);
if (!ADS_ERR_OK(ads_status)) {
DEBUG(4, ("authenticated session setup failed with %s\n",
ads_errstr(ads_status)));
@@ -734,15 +769,17 @@
result = ads_ntstatus(ads_status);
if (NT_STATUS_IS_OK(result)) {
/* Ensure creds are stored for NTLMSSP authenticated pipe access. */
- cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password);
+ cli_init_creds(*cli, machine_account, domain->name, machine_password);
goto session_setup_done;
}
}
- /* Fall back to non-kerberos session setup */
+ /* Fall back to non-kerberos session setup with auth_user */
(*cli)->use_kerberos = False;
+ cm_get_ipc_userpass(&ipc_username, &ipc_domain, &ipc_password);
+
if ((((*cli)->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) != 0) &&
(strlen(ipc_username) > 0)) {
@@ -907,13 +944,22 @@
SIVAL(p, 0, 0); /* The sender's token ... */
p += 2;
- p += dos_PutUniCode(p, global_myname(), sizeof(pstring), True);
+ p += dos_PutUniCode(p, global_myname(),
+ sizeof(outbuf) - PTR_DIFF(p, outbuf), True);
fstr_sprintf(my_acct_name, "%s$", global_myname());
- p += dos_PutUniCode(p, my_acct_name, sizeof(pstring), True);
+ p += dos_PutUniCode(p, my_acct_name,
+ sizeof(outbuf) - PTR_DIFF(p, outbuf), True);
+ if (strlen(my_mailslot)+1 > sizeof(outbuf) - PTR_DIFF(p, outbuf)) {
+ return False;
+ }
+
memcpy(p, my_mailslot, strlen(my_mailslot)+1);
p += strlen(my_mailslot)+1;
+ if (sizeof(outbuf) - PTR_DIFF(p, outbuf) < 8) {
+ return False;
+ }
SIVAL(p, 0, 0x80);
p+=4;
@@ -922,7 +968,15 @@
p = ALIGN4(p, outbuf);
- sid_linearize(p, sid_size(sid), sid);
+ if (PTR_DIFF(p, outbuf) > sizeof(outbuf)) {
+ return False;
+ }
+
+ if (sid_size(sid) + 8 > sizeof(outbuf) - PTR_DIFF(p, outbuf)) {
+ return False;
+ }
+
+ sid_linearize(p, sizeof(outbuf) - PTR_DIFF(p, outbuf), sid);
p += sid_size(sid);
SIVAL(p, 0, 1);
@@ -1689,6 +1743,9 @@
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
fstring conn_pwd;
struct dcinfo *p_dcinfo;
+ char *machine_password = NULL;
+ char *machine_account = NULL;
+ char *domain_name = NULL;
result = init_dc_connection(domain);
if (!NT_STATUS_IS_OK(result)) {
@@ -1711,34 +1768,49 @@
pwd_get_cleartext(&conn->cli->pwd, conn_pwd);
if ((conn->cli->user_name[0] == '\0') ||
(conn->cli->domain[0] == '\0') ||
- (conn_pwd[0] == '\0')) {
- DEBUG(10, ("cm_connect_sam: No no user available for "
- "domain %s, trying schannel\n", conn->cli->domain));
- goto schannel;
+ (conn_pwd[0] == '\0'))
+ {
+ result = get_trust_creds(domain, &machine_password,
+ &machine_account, NULL);
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(10, ("cm_connect_sam: No no user available for "
+ "domain %s, trying schannel\n", conn->cli->domain));
+ goto schannel;
+ }
+ domain_name = domain->name;
+ } else {
+ machine_password = SMB_STRDUP(conn_pwd);
+ machine_account = SMB_STRDUP(conn->cli->user_name);
+ domain_name = conn->cli->domain;
}
+ if (!machine_password || !machine_account) {
+ result = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
/* We have an authenticated connection. Use a NTLMSSP SPNEGO
authenticated SAMR pipe with sign & seal. */
conn->samr_pipe =
cli_rpc_pipe_open_spnego_ntlmssp(conn->cli, PI_SAMR,
PIPE_AUTH_LEVEL_PRIVACY,
- conn->cli->domain,
- conn->cli->user_name,
- conn_pwd, &result);
+ domain_name,
+ machine_account,
+ machine_password, &result);
if (conn->samr_pipe == NULL) {
DEBUG(10,("cm_connect_sam: failed to connect to SAMR "
"pipe for domain %s using NTLMSSP "
"authenticated pipe: user %s\\%s. Error was "
- "%s\n", domain->name, conn->cli->domain,
- conn->cli->user_name, nt_errstr(result)));
+ "%s\n", domain->name, domain_name,
+ machine_account, nt_errstr(result)));
goto schannel;
}
DEBUG(10,("cm_connect_sam: connected to SAMR pipe for "
"domain %s using NTLMSSP authenticated "
"pipe: user %s\\%s\n", domain->name,
- conn->cli->domain, conn->cli->user_name ));
+ domain_name, machine_account));
result = rpccli_samr_connect(conn->samr_pipe, mem_ctx,
SEC_RIGHTS_MAXIMUM_ALLOWED,
@@ -1823,6 +1895,8 @@
*cli = conn->samr_pipe;
*sam_handle = conn->sam_domain_handle;
+ SAFE_FREE(machine_password);
+ SAFE_FREE(machine_account);
return result;
}
@@ -1953,7 +2027,7 @@
struct winbindd_cm_conn *conn;
NTSTATUS result;
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+ uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
uint8 mach_pwd[16];
uint32 sec_chan_type;
const char *account_name;
@@ -1973,36 +2047,27 @@
return NT_STATUS_OK;
}
- if (!get_trust_pw(domain->name, mach_pwd, &sec_chan_type)) {
- return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
- }
-
netlogon_pipe = cli_rpc_pipe_open_noauth(conn->cli, PI_NETLOGON,
&result);
if (netlogon_pipe == NULL) {
return result;
}
+ if ((!IS_DC) && (!domain->primary)) {
+ /* Clear the schannel request bit and drop down */
+ neg_flags &= ~NETLOGON_NEG_SCHANNEL;
+ goto no_schannel;
+ }
+
if (lp_client_schannel() != False) {
neg_flags |= NETLOGON_NEG_SCHANNEL;
}
- /* if we are a DC and this is a trusted domain, then we need to use our
- domain name in the net_req_auth2() request */
-
- if ( IS_DC
- && !strequal(domain->name, lp_workgroup())
- && lp_allow_trusted_domains() )
+ if (!get_trust_pw_hash(domain->name, mach_pwd, &account_name,
+ &sec_chan_type))
{
- account_name = lp_workgroup();
- } else {
- account_name = domain->primary ?
- global_myname() : domain->name;
- }
-
- if (account_name == NULL) {
cli_rpc_pipe_close(netlogon_pipe);
- return NT_STATUS_NO_MEMORY;
+ return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
result = rpccli_netlogon_setup_creds(
@@ -2027,6 +2092,7 @@
return NT_STATUS_ACCESS_DENIED;
}
+ no_schannel:
if ((lp_client_schannel() == False) ||
((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) {
/* We're done - just keep the existing connection to NETLOGON
Modified: branches/samba/upstream/source/nsswitch/winbindd_cred_cache.c
===================================================================
--- branches/samba/upstream/source/nsswitch/winbindd_cred_cache.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/nsswitch/winbindd_cred_cache.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -426,7 +426,7 @@
NTSTATUS remove_ccache(const char *username)
{
struct WINBINDD_CCACHE_ENTRY *entry = get_ccache_by_username(username);
- NTSTATUS status;
+ NTSTATUS status = NT_STATUS_OK;
#ifdef HAVE_KRB5
krb5_error_code ret;
#endif
Modified: branches/samba/upstream/source/nsswitch/winbindd_dual.c
===================================================================
--- branches/samba/upstream/source/nsswitch/winbindd_dual.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/nsswitch/winbindd_dual.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -35,6 +35,7 @@
#define DBGC_CLASS DBGC_WINBIND
extern BOOL override_logfile;
+extern struct winbindd_methods cache_methods;
/* Read some data from a client connection */
@@ -988,6 +989,16 @@
child);
}
+ /* Special case for Winbindd on a Samba DC,
+ * We want to make sure the child can connect to smbd
+ * but not the main daemon */
+
+ if (child->domain && child->domain->internal && IS_DC) {
+ child->domain->internal = False;
+ child->domain->methods = &cache_methods;
+ child->domain->online = False;
+ }
+
while (1) {
int ret;
Modified: branches/samba/upstream/source/nsswitch/winbindd_nss.h
===================================================================
--- branches/samba/upstream/source/nsswitch/winbindd_nss.h 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/nsswitch/winbindd_nss.h 2008-03-09 10:22:43 UTC (rev 1755)
@@ -206,7 +206,7 @@
#define WBFLAG_PAM_KRB5 0x1000
#define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x2000
#define WBFLAG_PAM_CACHED_LOGIN 0x4000
-#define WBFLAG_PAM_GET_PWD_POLICY 0x8000 /* not used */
+#define WBFLAG_PAM_GET_PWD_POLICY 0x8000
#define WINBINDD_MAX_EXTRA_DATA (128*1024)
Modified: branches/samba/upstream/source/nsswitch/winbindd_pam.c
===================================================================
--- branches/samba/upstream/source/nsswitch/winbindd_pam.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/nsswitch/winbindd_pam.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -1517,11 +1517,13 @@
}
}
- result = fillup_password_policy(domain, state);
+ if (state->request.flags & WBFLAG_PAM_GET_PWD_POLICY) {
+ result = fillup_password_policy(domain, state);
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(10,("Failed to get password policies: %s\n", nt_errstr(result)));
- goto done;
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(10,("Failed to get password policies: %s\n", nt_errstr(result)));
+ goto done;
+ }
}
if (state->request.flags & WBFLAG_PAM_UNIX_NAME) {
Modified: branches/samba/upstream/source/nsswitch/winbindd_util.c
===================================================================
--- branches/samba/upstream/source/nsswitch/winbindd_util.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/nsswitch/winbindd_util.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -83,9 +83,6 @@
if (sid == NULL)
return False;
- if ( IS_DC )
- return sid_check_is_builtin(sid);
-
return (sid_check_is_domain(sid) || sid_check_is_builtin(sid));
}
@@ -94,9 +91,6 @@
if (sid == NULL)
return False;
- if ( IS_DC )
- return sid_check_is_in_builtin(sid);
-
return (sid_check_is_in_our_domain(sid) || sid_check_is_in_builtin(sid));
}
Modified: branches/samba/upstream/source/pam_smbpass/pam_smb_acct.c
===================================================================
--- branches/samba/upstream/source/pam_smbpass/pam_smb_acct.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/pam_smbpass/pam_smb_acct.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -70,6 +70,11 @@
_log_err( LOG_DEBUG, "acct: username [%s] obtained", name );
}
+ if (geteuid() != 0) {
+ _log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
+ return PAM_AUTHINFO_UNAVAIL;
+ }
+
/* Getting into places that might use LDAP -- protect the app
from a SIGPIPE it's not expecting */
oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
Modified: branches/samba/upstream/source/pam_smbpass/pam_smb_auth.c
===================================================================
--- branches/samba/upstream/source/pam_smbpass/pam_smb_auth.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/pam_smbpass/pam_smb_auth.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -101,6 +101,12 @@
_log_err( LOG_DEBUG, "username [%s] obtained", name );
}
+ if (geteuid() != 0) {
+ _log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
+ retval = PAM_AUTHINFO_UNAVAIL;
+ AUTH_RETURN;
+ }
+
if (!initialize_password_db(True)) {
_log_err( LOG_ALERT, "Cannot access samba password database" );
retval = PAM_AUTHINFO_UNAVAIL;
Modified: branches/samba/upstream/source/pam_smbpass/pam_smb_passwd.c
===================================================================
--- branches/samba/upstream/source/pam_smbpass/pam_smb_passwd.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/pam_smbpass/pam_smb_passwd.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -125,6 +125,11 @@
_log_err( LOG_DEBUG, "username [%s] obtained", user );
}
+ if (geteuid() != 0) {
+ _log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
+ return PAM_AUTHINFO_UNAVAIL;
+ }
+
/* Getting into places that might use LDAP -- protect the app
from a SIGPIPE it's not expecting */
oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
Modified: branches/samba/upstream/source/param/loadparm.c
===================================================================
--- branches/samba/upstream/source/param/loadparm.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/param/loadparm.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -237,6 +237,8 @@
int ldap_ssl;
char *szLdapSuffix;
char *szLdapAdminDn;
+ int ldap_debug_level;
+ int ldap_debug_threshold;
int iAclCompat;
char *szCupsServer;
char *szIPrintServer;
@@ -403,6 +405,7 @@
BOOL bRead_only;
BOOL bNo_set_dir;
BOOL bGuest_only;
+ BOOL bAdministrative_share;
BOOL bGuest_ok;
BOOL bPrint_ok;
BOOL bMap_system;
@@ -545,6 +548,7 @@
True, /* bRead_only */
True, /* bNo_set_dir */
False, /* bGuest_only */
+ False, /* bAdministrative_share */
False, /* bGuest_ok */
False, /* bPrint_ok */
False, /* bMap_system */
@@ -634,6 +638,7 @@
static BOOL handle_netbios_scope( int snum, const char *pszParmValue, char **ptr );
static BOOL handle_charset( int snum, const char *pszParmValue, char **ptr );
static BOOL handle_printing( int snum, const char *pszParmValue, char **ptr);
+static BOOL handle_ldap_debug_level( int snum, const char *pszParmValue, char **ptr);
static void set_server_role(void);
static void set_default_server_announce_type(void);
@@ -935,6 +940,7 @@
{"inherit owner", P_BOOL, P_LOCAL, &sDefault.bInheritOwner, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE},
{"guest only", P_BOOL, P_LOCAL, &sDefault.bGuest_only, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE},
{"only guest", P_BOOL, P_LOCAL, &sDefault.bGuest_only, NULL, NULL, FLAG_HIDE},
+ {"administrative share", P_BOOL, P_LOCAL, &sDefault.bAdministrative_share, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT},
{"guest ok", P_BOOL, P_LOCAL, &sDefault.bGuest_ok, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT},
{"public", P_BOOL, P_LOCAL, &sDefault.bGuest_ok, NULL, NULL, FLAG_HIDE},
@@ -1189,6 +1195,10 @@
{"ldap page size", P_INTEGER, P_GLOBAL, &Globals.ldap_page_size, NULL, NULL, FLAG_ADVANCED},
{"ldap user suffix", P_STRING, P_GLOBAL, &Globals.szLdapUserSuffix, NULL, NULL, FLAG_ADVANCED},
+ {"ldap debug level", P_INTEGER, P_GLOBAL, &Globals.ldap_debug_level, handle_ldap_debug_level, NULL, FLAG_ADVANCED},
+ {"ldap debug threshold", P_INTEGER, P_GLOBAL, &Globals.ldap_debug_threshold, NULL, NULL, FLAG_ADVANCED},
+
+
{N_("Miscellaneous Options"), P_SEP, P_SEPARATOR},
{"add share command", P_STRING, P_GLOBAL, &Globals.szAddShareCommand, NULL, NULL, FLAG_ADVANCED},
{"change share command", P_STRING, P_GLOBAL, &Globals.szChangeShareCommand, NULL, NULL, FLAG_ADVANCED},
@@ -1592,6 +1602,9 @@
Globals.ldap_timeout = LDAP_CONNECT_DEFAULT_TIMEOUT;
Globals.ldap_page_size = LDAP_PAGE_SIZE;
+ Globals.ldap_debug_level = 0;
+ Globals.ldap_debug_threshold = 10;
+
/* This is what we tell the afs client. in reality we set the token
* to never expire, though, when this runs out the afs client will
* forget the token. Set to 0 to get NEVERDATE.*/
@@ -1918,6 +1931,8 @@
FN_GLOBAL_INTEGER(lp_ldap_replication_sleep, &Globals.ldap_replication_sleep)
FN_GLOBAL_INTEGER(lp_ldap_timeout, &Globals.ldap_timeout)
FN_GLOBAL_INTEGER(lp_ldap_page_size, &Globals.ldap_page_size)
+FN_GLOBAL_INTEGER(lp_ldap_debug_level, &Globals.ldap_debug_level)
+FN_GLOBAL_INTEGER(lp_ldap_debug_threshold, &Globals.ldap_debug_threshold)
FN_GLOBAL_STRING(lp_add_share_cmd, &Globals.szAddShareCommand)
FN_GLOBAL_STRING(lp_change_share_cmd, &Globals.szChangeShareCommand)
FN_GLOBAL_STRING(lp_delete_share_cmd, &Globals.szDeleteShareCommand)
@@ -2081,6 +2096,7 @@
FN_LOCAL_BOOL(lp_no_set_dir, bNo_set_dir)
FN_LOCAL_BOOL(lp_guest_ok, bGuest_ok)
FN_LOCAL_BOOL(lp_guest_only, bGuest_only)
+FN_LOCAL_BOOL(lp_administrative_share, bAdministrative_share)
FN_LOCAL_BOOL(lp_print_ok, bPrint_ok)
FN_LOCAL_BOOL(lp_map_hidden, bMap_hidden)
FN_LOCAL_BOOL(lp_map_archive, bMap_archive)
@@ -2701,6 +2717,7 @@
ServicePtrs[i]->bAvailable = True;
ServicePtrs[i]->bRead_only = True;
ServicePtrs[i]->bGuest_only = False;
+ ServicePtrs[i]->bAdministrative_share = True;
ServicePtrs[i]->bGuest_ok = guest_ok;
ServicePtrs[i]->bPrint_ok = False;
ServicePtrs[i]->bBrowseable = sDefault.bBrowseable;
@@ -3227,6 +3244,13 @@
return (bRetval);
}
+static BOOL handle_ldap_debug_level(int snum, const char *pszParmValue, char **ptr)
+{
+ Globals.ldap_debug_level = lp_int(pszParmValue);
+ init_ldap_debugging();
+ return True;
+}
+
/***************************************************************************
Handle idmap/non unix account uid and gid allocation parameters. The format of these
parameters is:
Modified: branches/samba/upstream/source/passdb/lookup_sid.c
===================================================================
--- branches/samba/upstream/source/passdb/lookup_sid.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/passdb/lookup_sid.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -60,17 +60,20 @@
name = talloc_strdup(tmp_ctx, full_name);
}
- DEBUG(10,("lookup_name: %s => %s (domain), %s (name)\n",
- full_name, domain, name));
-
if ((domain == NULL) || (name == NULL)) {
DEBUG(0, ("talloc failed\n"));
TALLOC_FREE(tmp_ctx);
return False;
}
- if (strequal(domain, get_global_sam_name())) {
+ DEBUG(10,("lookup_name: %s => %s (domain), %s (name)\n",
+ full_name, domain, name));
+ DEBUG(10, ("lookup_name: flags = 0x0%x\n", flags));
+ if ((flags & LOOKUP_NAME_DOMAIN) &&
+ strequal(domain, get_global_sam_name()))
+ {
+
/* It's our own domain, lookup the name in passdb */
if (lookup_global_sam_name(name, flags, &rid, &type)) {
sid_copy(&sid, get_global_sam_sid());
@@ -81,8 +84,9 @@
return False;
}
- if (strequal(domain, builtin_domain_name())) {
-
+ if ((flags & LOOKUP_NAME_BUILTIN) &&
+ strequal(domain, builtin_domain_name()))
+ {
/* Explicit request for a name in BUILTIN */
if (lookup_builtin_name(name, &rid)) {
sid_copy(&sid, &global_sid_Builtin);
@@ -98,6 +102,7 @@
* domain yet at this point yet. This comes later. */
if ((domain[0] != '\0') &&
+ (flags & ~(LOOKUP_NAME_DOMAIN|LOOKUP_NAME_ISOLATED)) &&
(winbind_lookup_name(domain, name, &sid, &type))) {
goto ok;
}
@@ -132,14 +137,18 @@
/* 1. well-known names */
- if (lookup_wellknown_name(tmp_ctx, name, &sid, &domain)) {
+ if ((flags & LOOKUP_NAME_WKN) &&
+ lookup_wellknown_name(tmp_ctx, name, &sid, &domain))
+ {
type = SID_NAME_WKN_GRP;
goto ok;
}
/* 2. Builtin domain as such */
- if (strequal(name, builtin_domain_name())) {
+ if ((flags & (LOOKUP_NAME_BUILTIN|LOOKUP_NAME_REMOTE)) &&
+ strequal(name, builtin_domain_name()))
+ {
/* Swap domain and name */
tmp = name; name = domain; domain = tmp;
sid_copy(&sid, &global_sid_Builtin);
@@ -149,7 +158,9 @@
/* 3. Account domain */
- if (strequal(name, get_global_sam_name())) {
+ if ((flags & LOOKUP_NAME_DOMAIN) &&
+ strequal(name, get_global_sam_name()))
+ {
if (!secrets_fetch_domain_sid(name, &sid)) {
DEBUG(3, ("Could not fetch my SID\n"));
TALLOC_FREE(tmp_ctx);
@@ -163,7 +174,9 @@
/* 4. Primary domain */
- if (!IS_DC && strequal(name, lp_workgroup())) {
+ if ((flags & LOOKUP_NAME_DOMAIN) && !IS_DC &&
+ strequal(name, lp_workgroup()))
+ {
if (!secrets_fetch_domain_sid(name, &sid)) {
DEBUG(3, ("Could not fetch the domain SID\n"));
TALLOC_FREE(tmp_ctx);
@@ -178,8 +191,9 @@
/* 5. Trusted domains as such, to me it looks as if members don't do
this, tested an XP workstation in a NT domain -- vl */
- if (IS_DC && (secrets_fetch_trusted_domain_password(name, NULL,
- &sid, NULL))) {
+ if ((flags & LOOKUP_NAME_REMOTE) && IS_DC &&
+ (secrets_fetch_trusted_domain_password(name, NULL, &sid, NULL)))
+ {
/* Swap domain and name */
tmp = name; name = domain; domain = tmp;
type = SID_NAME_DOMAIN;
@@ -188,7 +202,9 @@
/* 6. Builtin aliases */
- if (lookup_builtin_name(name, &rid)) {
+ if ((flags & LOOKUP_NAME_BUILTIN) &&
+ lookup_builtin_name(name, &rid))
+ {
domain = talloc_strdup(tmp_ctx, builtin_domain_name());
sid_copy(&sid, &global_sid_Builtin);
sid_append_rid(&sid, rid);
@@ -201,7 +217,9 @@
/* Both cases are done by looking at our passdb */
- if (lookup_global_sam_name(name, flags, &rid, &type)) {
+ if ((flags & LOOKUP_NAME_DOMAIN) &&
+ lookup_global_sam_name(name, flags, &rid, &type))
+ {
domain = talloc_strdup(tmp_ctx, get_global_sam_name());
sid_copy(&sid, get_global_sam_sid());
sid_append_rid(&sid, rid);
Modified: branches/samba/upstream/source/passdb/pdb_ldap.c
===================================================================
--- branches/samba/upstream/source/passdb/pdb_ldap.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/passdb/pdb_ldap.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -1651,6 +1651,10 @@
pdb_get_username(newpwd), ldap_err2string(rc), ld_error?ld_error:"unknown"));
SAFE_FREE(ld_error);
ber_bvfree(bv);
+#if defined(LDAP_CONSTRAINT_VIOLATION)
+ if (rc == LDAP_CONSTRAINT_VIOLATION)
+ return NT_STATUS_PASSWORD_RESTRICTION;
+#endif
return NT_STATUS_UNSUCCESSFUL;
} else {
DEBUG(3,("ldapsam_modify_entry: LDAP Password changed for user %s\n",pdb_get_username(newpwd)));
@@ -2454,7 +2458,7 @@
goto done;
}
- rc = smbldap_search(conn, lp_ldap_user_suffix(),
+ rc = smbldap_search(conn, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, sid_attrs, 0,
&result);
@@ -2510,7 +2514,7 @@
LDAP_OBJ_SAMBASAMACCOUNT,
gidstr);
- rc = smbldap_search(conn, lp_ldap_user_suffix(),
+ rc = smbldap_search(conn, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, sid_attrs, 0,
&result);
@@ -2594,7 +2598,7 @@
goto done;
}
- rc = smbldap_search(conn, lp_ldap_user_suffix(),
+ rc = smbldap_search(conn, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result);
if (rc != LDAP_SUCCESS)
Modified: branches/samba/upstream/source/passdb/secrets.c
===================================================================
--- branches/samba/upstream/source/passdb/secrets.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/passdb/secrets.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -268,27 +268,19 @@
/************************************************************************
Routine to get the trust account password for a domain.
+ This only tries to get the legacy hashed version of the password.
The user of this function must have locked the trust password file using
the above secrets_lock_trust_account_password().
************************************************************************/
-BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
- time_t *pass_last_set_time,
- uint32 *channel)
+BOOL secrets_fetch_trust_account_password_legacy(const char *domain,
+ uint8 ret_pwd[16],
+ time_t *pass_last_set_time,
+ uint32 *channel)
{
struct machine_acct_pass *pass;
- char *plaintext;
size_t size = 0;
- plaintext = secrets_fetch_machine_password(domain, pass_last_set_time,
- channel);
- if (plaintext) {
- DEBUG(4,("Using cleartext machine password\n"));
- E_md4hash(plaintext, ret_pwd);
- SAFE_FREE(plaintext);
- return True;
- }
-
if (!(pass = (struct machine_acct_pass *)secrets_fetch(
trust_keystr(domain), &size))) {
DEBUG(5, ("secrets_fetch failed!\n"));
@@ -321,6 +313,32 @@
return True;
}
+/************************************************************************
+ Routine to get the trust account password for a domain.
+ The user of this function must have locked the trust password file using
+ the above secrets_lock_trust_account_password().
+************************************************************************/
+
+BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
+ time_t *pass_last_set_time,
+ uint32 *channel)
+{
+ char *plaintext;
+
+ plaintext = secrets_fetch_machine_password(domain, pass_last_set_time,
+ channel);
+ if (plaintext) {
+ DEBUG(4,("Using cleartext machine password\n"));
+ E_md4hash(plaintext, ret_pwd);
+ SAFE_FREE(plaintext);
+ return True;
+ }
+
+ return secrets_fetch_trust_account_password_legacy(domain, ret_pwd,
+ pass_last_set_time,
+ channel);
+}
+
/**
* Pack SID passed by pointer
*
@@ -500,20 +518,6 @@
return True;
}
-/************************************************************************
- Routine to set the trust account password for a domain.
-************************************************************************/
-
-BOOL secrets_store_trust_account_password(const char *domain, uint8 new_pwd[16])
-{
- struct machine_acct_pass pass;
-
- pass.mod_time = time(NULL);
- memcpy(pass.hash, new_pwd, 16);
-
- return secrets_store(trust_keystr(domain), (void *)&pass, sizeof(pass));
-}
-
/**
* Routine to store the password for trusted domain
*
@@ -655,54 +659,103 @@
return ret;
}
+BOOL is_trusted_domain_situation(const char *domain_name)
+{
+ return IS_DC &&
+ lp_allow_trusted_domains() &&
+ !strequal(domain_name, lp_workgroup());
+}
+
/*******************************************************************
- Wrapper around retrieving the trust account password
+ Wrapper around retrieving the clear text trust account password.
+ appropriate account name is stored in account_name.
+ Caller must free password, but not account_name.
*******************************************************************/
-
-BOOL get_trust_pw(const char *domain, uint8 ret_pwd[16], uint32 *channel)
+
+BOOL get_trust_pw_clear(const char *domain, char **ret_pwd,
+ const char **account_name, uint32 *channel)
{
- DOM_SID sid;
char *pwd;
time_t last_set_time;
-
+
/* if we are a DC and this is not our domain, then lookup an account
- for the domain trust */
-
- if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains() ) {
- if (!secrets_fetch_trusted_domain_password(domain, &pwd, &sid,
- &last_set_time)) {
+ * for the domain trust */
+
+ if (is_trusted_domain_situation(domain)) {
+ if (!secrets_fetch_trusted_domain_password(domain, ret_pwd,
+ NULL, &last_set_time))
+ {
DEBUG(0, ("get_trust_pw: could not fetch trust "
"account password for trusted domain %s\n",
domain));
return False;
}
-
- *channel = SEC_CHAN_DOMAIN;
- E_md4hash(pwd, ret_pwd);
- SAFE_FREE(pwd);
+ if (channel != NULL) {
+ *channel = SEC_CHAN_DOMAIN;
+ }
+
+ if (account_name != NULL) {
+ *account_name = lp_workgroup();
+ }
+
return True;
}
-
+
/* Just get the account for the requested domain. In the future this
* might also cover to be member of more than one domain. */
-
- if (secrets_fetch_trust_account_password(domain, ret_pwd,
- &last_set_time, channel))
+
+ pwd = secrets_fetch_machine_password(domain, &last_set_time, channel);
+
+ if (pwd != NULL) {
+ *ret_pwd = pwd;
+ if (account_name != NULL) {
+ *account_name = global_myname();
+ }
+
return True;
+ }
- DEBUG(5, ("get_trust_pw: could not fetch trust account "
- "password for domain %s\n", domain));
+ DEBUG(5, ("get_trust_pw_clear: could not fetch clear text trust "
+ "account password for domain %s\n", domain));
return False;
}
-/************************************************************************
- Routine to delete the machine trust account password file for a domain.
-************************************************************************/
+/*******************************************************************
+ Wrapper around retrieving the trust account password.
+ appropriate account name is stored in account_name.
+*******************************************************************/
-BOOL trust_password_delete(const char *domain)
+BOOL get_trust_pw_hash(const char *domain, uint8 ret_pwd[16],
+ const char **account_name, uint32 *channel)
{
- return secrets_delete(trust_keystr(domain));
+ char *pwd = NULL;
+ time_t last_set_time;
+
+ if (get_trust_pw_clear(domain, &pwd, account_name, channel)) {
+ E_md4hash(pwd, ret_pwd);
+ SAFE_FREE(pwd);
+ return True;
+ } else if (is_trusted_domain_situation(domain)) {
+ return False;
+ }
+
+ /* as a fallback, try to get the hashed pwd directly from the tdb... */
+
+ if (secrets_fetch_trust_account_password_legacy(domain, ret_pwd,
+ &last_set_time,
+ channel))
+ {
+ if (account_name != NULL) {
+ *account_name = global_myname();
+ }
+
+ return True;
+ }
+
+ DEBUG(5, ("get_trust_pw_hash: could not fetch trust account "
+ "password for domain %s\n", domain));
+ return False;
}
/************************************************************************
Modified: branches/samba/upstream/source/python/py_samr.c
===================================================================
--- branches/samba/upstream/source/python/py_samr.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/python/py_samr.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -463,7 +463,7 @@
static char *kwlist[] = { "account_name", "acb_info", NULL };
char *account_name;
NTSTATUS ntstatus;
- uint32 unknown = 0xe005000b; /* Access mask? */
+ uint32 acct_flags = 0;
uint32 user_rid;
PyObject *result = NULL;
TALLOC_CTX *mem_ctx;
@@ -479,9 +479,14 @@
return NULL;
}
+ acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
+ SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
+ SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
+ SAMR_USER_SETATTR;
+ DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
ntstatus = rpccli_samr_create_dom_user(
domain_hnd->cli, mem_ctx, &domain_hnd->domain_pol,
- account_name, acb_info, unknown, &user_pol, &user_rid);
+ account_name, acb_info, acct_flags, &user_pol, &user_rid);
if (!NT_STATUS_IS_OK(ntstatus)) {
PyErr_SetObject(samr_ntstatus, py_ntstatus_tuple(ntstatus));
Modified: branches/samba/upstream/source/rpc_client/cli_pipe.c
===================================================================
--- branches/samba/upstream/source/rpc_client/cli_pipe.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/rpc_client/cli_pipe.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -1806,6 +1806,7 @@
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0,("rpc_finish_auth3_bind: NTLMSSP update using server blob failed.\n"));
+ data_blob_free(&server_response);
return nt_status;
}
@@ -2363,8 +2364,8 @@
goto err;
}
- DEBUG(10,("cli_rpc_pipe_open_ntlmssp_internal: opened pipe %s to machine %s and"
- "bound NTLMSSP as user %s\\%s.\n",
+ DEBUG(10,("cli_rpc_pipe_open_ntlmssp_internal: opened pipe %s to "
+ "machine %s and bound NTLMSSP as user %s\\%s.\n",
result->pipe_name, cli->desthost,
domain, username ));
@@ -2423,49 +2424,29 @@
}
/****************************************************************************
- Open a netlogon pipe and get the schannel session key.
- Now exposed to external callers.
+ Get a the schannel session key out of an already opened netlogon pipe.
****************************************************************************/
-
-struct rpc_pipe_client *get_schannel_session_key(struct cli_state *cli,
- const char *domain,
- uint32 *pneg_flags,
- NTSTATUS *perr)
+static BOOL get_schannel_session_key_common(struct rpc_pipe_client *netlogon_pipe,
+ struct cli_state *cli,
+ const char *domain,
+ uint32 *pneg_flags,
+ NTSTATUS *perr)
{
- struct rpc_pipe_client *netlogon_pipe = NULL;
uint32 sec_chan_type = 0;
unsigned char machine_pwd[16];
- fstring machine_account;
+ const char *machine_account;
- netlogon_pipe = cli_rpc_pipe_open_noauth(cli, PI_NETLOGON, perr);
- if (!netlogon_pipe) {
- return NULL;
- }
-
/* Get the machine account credentials from secrets.tdb. */
- if (!get_trust_pw(domain, machine_pwd, &sec_chan_type)) {
+ if (!get_trust_pw_hash(domain, machine_pwd, &machine_account,
+ &sec_chan_type))
+ {
DEBUG(0, ("get_schannel_session_key: could not fetch "
"trust account password for domain '%s'\n",
domain));
- cli_rpc_pipe_close(netlogon_pipe);
*perr = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
- return NULL;
+ return False;
}
- /* A DC should use DOMAIN$ as its account name.
- A member server can only use it's machine name since it
- does not have an account in a trusted domain.
-
- We don't check the domain against lp_workgroup() here since
- 'net ads join' has to continue to work with only the realm
- specified in smb.conf. -- jerry */
-
- if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) {
- fstrcpy( machine_account, lp_workgroup() );
- } else {
- fstrcpy(machine_account, global_myname());
- }
-
*perr = rpccli_netlogon_setup_creds(netlogon_pipe,
cli->desthost, /* server name */
domain, /* domain */
@@ -2476,21 +2457,47 @@
pneg_flags);
if (!NT_STATUS_IS_OK(*perr)) {
- DEBUG(3,("get_schannel_session_key: rpccli_netlogon_setup_creds "
+ DEBUG(3,("get_schannel_session_key_common: rpccli_netlogon_setup_creds "
"failed with result %s to server %s, domain %s, machine account %s.\n",
nt_errstr(*perr), cli->desthost, domain, machine_account ));
- cli_rpc_pipe_close(netlogon_pipe);
- return NULL;
+ return False;
}
if (((*pneg_flags) & NETLOGON_NEG_SCHANNEL) == 0) {
DEBUG(3, ("get_schannel_session_key: Server %s did not offer schannel\n",
cli->desthost));
- cli_rpc_pipe_close(netlogon_pipe);
*perr = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ return False;
+ }
+
+ return True;
+}
+
+/****************************************************************************
+ Open a netlogon pipe and get the schannel session key.
+ Now exposed to external callers.
+ ****************************************************************************/
+
+
+struct rpc_pipe_client *get_schannel_session_key(struct cli_state *cli,
+ const char *domain,
+ uint32 *pneg_flags,
+ NTSTATUS *perr)
+{
+ struct rpc_pipe_client *netlogon_pipe = NULL;
+
+ netlogon_pipe = cli_rpc_pipe_open_noauth(cli, PI_NETLOGON, perr);
+ if (!netlogon_pipe) {
return NULL;
}
+ if (!get_schannel_session_key_common(netlogon_pipe, cli, domain,
+ pneg_flags, perr))
+ {
+ cli_rpc_pipe_close(netlogon_pipe);
+ return NULL;
+ }
+
return netlogon_pipe;
}
@@ -2559,64 +2566,19 @@
NTSTATUS *perr)
{
struct rpc_pipe_client *netlogon_pipe = NULL;
- uint32 sec_chan_type = 0;
- unsigned char machine_pwd[16];
- fstring machine_account;
netlogon_pipe = cli_rpc_pipe_open_spnego_ntlmssp(cli, PI_NETLOGON, PIPE_AUTH_LEVEL_PRIVACY, domain, username, password, perr);
if (!netlogon_pipe) {
return NULL;
}
- /* Get the machine account credentials from secrets.tdb. */
- if (!get_trust_pw(domain, machine_pwd, &sec_chan_type)) {
- DEBUG(0, ("get_schannel_session_key_auth_ntlmssp: could not fetch "
- "trust account password for domain '%s'\n",
- domain));
+ if (!get_schannel_session_key_common(netlogon_pipe, cli, domain,
+ pneg_flags, perr))
+ {
cli_rpc_pipe_close(netlogon_pipe);
- *perr = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
return NULL;
}
- /* if we are a DC and this is a trusted domain, then we need to use our
- domain name in the net_req_auth2() request */
-
- if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) {
- fstrcpy( machine_account, lp_workgroup() );
- } else {
- /* Hmmm. Is this correct for trusted domains when we're a member server ? JRA. */
- if (strequal(domain, lp_workgroup())) {
- fstrcpy(machine_account, global_myname());
- } else {
- fstrcpy(machine_account, domain);
- }
- }
-
- *perr = rpccli_netlogon_setup_creds(netlogon_pipe,
- cli->desthost, /* server name */
- domain, /* domain */
- global_myname(), /* client name */
- machine_account, /* machine account name */
- machine_pwd,
- sec_chan_type,
- pneg_flags);
-
- if (!NT_STATUS_IS_OK(*perr)) {
- DEBUG(3,("get_schannel_session_key_auth_ntlmssp: rpccli_netlogon_setup_creds "
- "failed with result %s\n",
- nt_errstr(*perr) ));
- cli_rpc_pipe_close(netlogon_pipe);
- return NULL;
- }
-
- if (((*pneg_flags) & NETLOGON_NEG_SCHANNEL) == 0) {
- DEBUG(3, ("get_schannel_session_key_auth_ntlmssp: Server %s did not offer schannel\n",
- cli->desthost));
- cli_rpc_pipe_close(netlogon_pipe);
- *perr = NT_STATUS_INVALID_NETWORK_RESPONSE;
- return NULL;
- }
-
return netlogon_pipe;
}
@@ -2634,7 +2596,7 @@
const char *password,
NTSTATUS *perr)
{
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
+ uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
struct rpc_pipe_client *netlogon_pipe = NULL;
struct rpc_pipe_client *result = NULL;
@@ -2668,7 +2630,7 @@
const char *domain,
NTSTATUS *perr)
{
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
+ uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
struct rpc_pipe_client *netlogon_pipe = NULL;
struct rpc_pipe_client *result = NULL;
Modified: branches/samba/upstream/source/rpc_parse/parse_samr.c
===================================================================
--- branches/samba/upstream/source/rpc_parse/parse_samr.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/rpc_parse/parse_samr.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -5182,7 +5182,7 @@
void init_samr_q_create_user(SAMR_Q_CREATE_USER * q_u,
POLICY_HND *pol,
const char *name,
- uint32 acb_info, uint32 access_mask)
+ uint32 acb_info, uint32 acct_flags)
{
DEBUG(5, ("samr_init_samr_q_create_user\n"));
@@ -5192,7 +5192,7 @@
init_uni_hdr(&q_u->hdr_name, &q_u->uni_name);
q_u->acb_info = acb_info;
- q_u->access_mask = access_mask;
+ q_u->acct_flags = acct_flags;
}
/*******************************************************************
@@ -5223,7 +5223,7 @@
return False;
if(!prs_uint32("acb_info ", ps, depth, &q_u->acb_info))
return False;
- if(!prs_uint32("access_mask", ps, depth, &q_u->access_mask))
+ if(!prs_uint32("acct_flags", ps, depth, &q_u->acct_flags))
return False;
return True;
@@ -5870,6 +5870,25 @@
}
}
+
+/*************************************************************************
+ init_samr_user_info25P
+ fields_present = ACCT_NT_PWD_SET | ACCT_LM_PWD_SET | ACCT_FLAGS
+*************************************************************************/
+
+void init_sam_user_info25P(SAM_USER_INFO_25 * usr,
+ uint32 fields_present, uint32 acb_info,
+ char newpass[532])
+{
+ usr->fields_present = fields_present;
+ ZERO_STRUCT(usr->padding1);
+ ZERO_STRUCT(usr->padding2);
+
+ usr->acb_info = acb_info;
+ memcpy(usr->pass, newpass, sizeof(usr->pass));
+}
+
+
/*******************************************************************
reads or writes a structure.
********************************************************************/
Modified: branches/samba/upstream/source/rpc_server/srv_lsa_nt.c
===================================================================
--- branches/samba/upstream/source/rpc_server/srv_lsa_nt.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/rpc_server/srv_lsa_nt.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -1032,6 +1032,31 @@
return r_u->status;
}
+static int lsa_lookup_level_to_flags(uint16 level)
+{
+ int flags;
+
+ switch (level) {
+ case 1:
+ flags = LOOKUP_NAME_ALL;
+ break;
+ case 2:
+ flags = LOOKUP_NAME_DOMAIN|LOOKUP_NAME_REMOTE|LOOKUP_NAME_ISOLATED;
+ break;
+ case 3:
+ flags = LOOKUP_NAME_DOMAIN|LOOKUP_NAME_ISOLATED;
+ break;
+ case 4:
+ case 5:
+ case 6:
+ default:
+ flags = LOOKUP_NAME_NONE;
+ break;
+ }
+
+ return flags;
+}
+
/***************************************************************************
lsa_reply_lookup_names
***************************************************************************/
@@ -1051,10 +1076,7 @@
DEBUG(5,("_lsa_lookup_names: truncating name lookup list to %d\n", num_entries));
}
- /* Probably the lookup_level is some sort of bitmask. */
- if (q_u->lookup_level == 1) {
- flags = LOOKUP_NAME_ALL;
- }
+ flags = lsa_lookup_level_to_flags(q_u->lookup_level);
ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
if (!ref) {
@@ -1120,12 +1142,9 @@
num_entries = MAX_LOOKUP_SIDS;
DEBUG(5,("_lsa_lookup_names2: truncating name lookup list to %d\n", num_entries));
}
-
- /* Probably the lookup_level is some sort of bitmask. */
- if (q_u->lookup_level == 1) {
- flags = LOOKUP_NAME_ALL;
- }
+ flags = lsa_lookup_level_to_flags(q_u->lookup_level);
+
ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
if (ref == NULL) {
r_u->status = NT_STATUS_NO_MEMORY;
Modified: branches/samba/upstream/source/rpc_server/srv_samr_nt.c
===================================================================
--- branches/samba/upstream/source/rpc_server/srv_samr_nt.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/rpc_server/srv_samr_nt.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -2507,9 +2507,9 @@
DEBUG(10, ("Checking whether [%s] can be created\n", new_name));
become_root();
- /* Lookup in our local databases (only LOOKUP_NAME_ISOLATED set)
+ /* Lookup in our local databases (LOOKUP_NAME_REMOTE not set)
* whether the name already exists */
- result = lookup_name(mem_ctx, new_name, LOOKUP_NAME_ISOLATED,
+ result = lookup_name(mem_ctx, new_name, LOOKUP_NAME_LOCAL,
NULL, NULL, NULL, &type);
unbecome_root();
Modified: branches/samba/upstream/source/rpc_server/srv_spoolss_nt.c
===================================================================
--- branches/samba/upstream/source/rpc_server/srv_spoolss_nt.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/rpc_server/srv_spoolss_nt.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -1403,8 +1403,8 @@
len = unistrlen(devmode->formname.buffer);
if (len != -1) {
- d->devicename.buffer = TALLOC_ARRAY(ctx, uint16, len);
- if (!d->devicename.buffer) {
+ d->formname.buffer = TALLOC_ARRAY(ctx, uint16, len);
+ if (!d->formname.buffer) {
return NULL;
}
if (unistrcpy(d->formname.buffer, devmode->formname.buffer) != len)
Modified: branches/samba/upstream/source/rpc_server/srv_srvsvc_nt.c
===================================================================
--- branches/samba/upstream/source/rpc_server/srv_srvsvc_nt.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/rpc_server/srv_srvsvc_nt.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -203,9 +203,6 @@
********************************************************************/
static uint32 get_share_type(int snum)
{
- char *net_name = lp_servicename(snum);
- int len_net_name = strlen(net_name);
-
/* work out the share type */
uint32 type = STYPE_DISKTREE;
@@ -213,7 +210,7 @@
type = STYPE_PRINTQ;
if (strequal(lp_fstype(snum), "IPC"))
type = STYPE_IPC;
- if (net_name[len_net_name-1] == '$')
+ if (lp_administrative_share(snum))
type |= STYPE_HIDDEN;
return type;
Modified: branches/samba/upstream/source/rpcclient/cmd_samr.c
===================================================================
--- branches/samba/upstream/source/rpcclient/cmd_samr.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/rpcclient/cmd_samr.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -1450,7 +1450,7 @@
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
const char *acct_name;
uint32 acb_info;
- uint32 unknown, user_rid;
+ uint32 acct_flags, user_rid;
uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
if ((argc < 2) || (argc > 3)) {
@@ -1483,10 +1483,13 @@
/* Create domain user */
acb_info = ACB_NORMAL;
- unknown = 0xe005000b; /* No idea what this is - a permission mask? */
-
+ acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
+ SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
+ SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
+ SAMR_USER_SETATTR;
+ DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
result = rpccli_samr_create_dom_user(cli, mem_ctx, &domain_pol,
- acct_name, acb_info, unknown,
+ acct_name, acb_info, acct_flags,
&user_pol, &user_rid);
if (!NT_STATUS_IS_OK(result))
Modified: branches/samba/upstream/source/rpcclient/rpcclient.c
===================================================================
--- branches/samba/upstream/source/rpcclient/rpcclient.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/rpcclient/rpcclient.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -568,7 +568,7 @@
}
if (cmd_entry->pipe_idx == PI_NETLOGON) {
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+ uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
uint32 sec_channel_type;
uchar trust_password[16];
Modified: branches/samba/upstream/source/smbd/chgpasswd.c
===================================================================
--- branches/samba/upstream/source/smbd/chgpasswd.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/smbd/chgpasswd.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -126,6 +126,7 @@
struct termios stermios;
gid_t gid;
uid_t uid;
+ char * const eptrs[1] = { NULL };
if (pass == NULL)
{
@@ -153,19 +154,19 @@
DEBUG(3, ("More weirdness, could not open %s\n", slavedev));
return (False);
}
-#if defined(I_PUSH) && defined(I_FIND)
+#if defined(TIOCSCTTY)
+ if (ioctl(slave, TIOCSCTTY, 0) < 0)
+ {
+ DEBUG(3, ("Error in ioctl call for slave pty\n"));
+ /* return(False); */
+ }
+#elif defined(I_PUSH) && defined(I_FIND)
if (ioctl(slave, I_FIND, "ptem") == 0) {
ioctl(slave, I_PUSH, "ptem");
}
if (ioctl(slave, I_FIND, "ldterm") == 0) {
ioctl(slave, I_PUSH, "ldterm");
}
-#elif defined(TIOCSCTTY)
- if (ioctl(slave, TIOCSCTTY, 0) < 0)
- {
- DEBUG(3, ("Error in ioctl call for slave pty\n"));
- /* return(False); */
- }
#endif
/* Close master. */
@@ -222,7 +223,7 @@
passwordprogram));
/* execl() password-change application */
- if (execl("/bin/sh", "sh", "-c", passwordprogram, NULL) < 0)
+ if (execle("/bin/sh", "sh", "-c", passwordprogram, NULL, eptrs) < 0)
{
DEBUG(3, ("Bad status returned from %s\n", passwordprogram));
return (False);
@@ -498,6 +499,9 @@
#ifdef WITH_PAM
if (lp_pam_password_change()) {
BOOL ret;
+#ifdef HAVE_SETLOCALE
+ char *prevlocale = setlocale(LC_ALL, "C");
+#endif
if (as_root)
become_root();
@@ -511,6 +515,10 @@
if (as_root)
unbecome_root();
+#ifdef HAVE_SETLOCALE
+ setlocale(LC_ALL, prevlocale);
+#endif
+
return ret;
}
#endif
Modified: branches/samba/upstream/source/smbd/dosmode.c
===================================================================
--- branches/samba/upstream/source/smbd/dosmode.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/smbd/dosmode.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -438,12 +438,19 @@
dosmode &= SAMBA_ATTRIBUTES_MASK;
DEBUG(10,("file_set_dosmode: setting dos mode 0x%x on file %s\n", dosmode, fname));
- if (!st || (st && !VALID_STAT(*st))) {
+
+ if (st == NULL) {
+ SET_STAT_INVALID(st1);
st = &st1;
+ }
+
+ if (!VALID_STAT(*st)) {
if (SMB_VFS_STAT(conn,fname,st))
return(-1);
}
+ unixmode = st->st_mode;
+
get_acl_group_bits(conn, fname, &st->st_mode);
if (S_ISDIR(st->st_mode))
@@ -451,11 +458,14 @@
else
dosmode &= ~aDIR;
- if (dos_mode(conn,fname,st) == dosmode)
+ if (dos_mode(conn,fname,st) == dosmode) {
+ st->st_mode = unixmode;
return(0);
+ }
/* Store the DOS attributes in an EA by preference. */
if (set_ea_dos_attribute(conn, fname, st, dosmode)) {
+ st->st_mode = unixmode;
return 0;
}
@@ -494,6 +504,7 @@
if ((ret = SMB_VFS_CHMOD(conn,fname,unixmode)) == 0) {
notify_fname(conn, NOTIFY_ACTION_MODIFIED,
FILE_NOTIFY_CHANGE_ATTRIBUTES, fname);
+ st->st_mode = unixmode;
return 0;
}
@@ -526,6 +537,9 @@
close_file_fchmod(fsp);
notify_fname(conn, NOTIFY_ACTION_MODIFIED,
FILE_NOTIFY_CHANGE_ATTRIBUTES, fname);
+ if (ret == 0) {
+ st->st_mode = unixmode;
+ }
}
return( ret );
Modified: branches/samba/upstream/source/smbd/notify.c
===================================================================
--- branches/samba/upstream/source/smbd/notify.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/smbd/notify.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -66,6 +66,8 @@
int i;
UNISTR uni_name;
+ uni_name.buffer = NULL;
+
for (i=0; i<num_changes; i++) {
struct notify_change *c;
size_t namelen;
Modified: branches/samba/upstream/source/smbd/notify_inotify.c
===================================================================
--- branches/samba/upstream/source/smbd/notify_inotify.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/smbd/notify_inotify.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -30,10 +30,12 @@
#include <asm/types.h>
#endif
+#ifndef HAVE_INOTIFY_INIT
+
#include <linux/inotify.h>
#include <asm/unistd.h>
-#ifndef HAVE_INOTIFY_INIT
+
/*
glibc doesn't define these functions yet (as of March 2006)
*/
@@ -51,6 +53,10 @@
{
return syscall(__NR_inotify_rm_watch, fd, wd);
}
+#else
+
+#include <sys/inotify.h>
+
#endif
Modified: branches/samba/upstream/source/smbd/open.c
===================================================================
--- branches/samba/upstream/source/smbd/open.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/smbd/open.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -1375,7 +1375,7 @@
}
#endif /* O_SYNC */
- if (posix_open & (access_mask & FILE_APPEND_DATA)) {
+ if (posix_open && (access_mask & FILE_APPEND_DATA)) {
flags2 |= O_APPEND;
}
@@ -1818,9 +1818,15 @@
if (lp_map_archive(SNUM(conn)) ||
lp_store_dos_attributes(SNUM(conn))) {
if (!posix_open) {
- file_set_dosmode(conn, fname,
- new_dos_attributes | aARCH, NULL,
- parent_dir);
+ SMB_STRUCT_STAT tmp_sbuf;
+ SET_STAT_INVALID(tmp_sbuf);
+ if (file_set_dosmode(
+ conn, fname,
+ new_dos_attributes | aARCH,
+ &tmp_sbuf,
+ parent_dir) == 0) {
+ unx_mode = tmp_sbuf.st_mode;
+ }
}
}
}
Modified: branches/samba/upstream/source/smbd/password.c
===================================================================
--- branches/samba/upstream/source/smbd/password.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/smbd/password.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -91,11 +91,15 @@
if (vuser == NULL)
return;
-
+
SAFE_FREE(vuser->homedir);
SAFE_FREE(vuser->unix_homedir);
SAFE_FREE(vuser->logon_script);
-
+
+ if (vuser->auth_ntlmssp_state) {
+ auth_ntlmssp_end(&vuser->auth_ntlmssp_state);
+ }
+
session_yield(vuser);
SAFE_FREE(vuser->session_keystr);
@@ -116,6 +120,23 @@
num_validated_vuids--;
}
+void invalidate_intermediate_vuid(uint16 vuid)
+{
+ user_struct *vuser = get_partial_auth_user_struct(vuid);
+
+ if (vuser == NULL)
+ return;
+
+ if (vuser->auth_ntlmssp_state) {
+ auth_ntlmssp_end(&vuser->auth_ntlmssp_state);
+ }
+
+ DLIST_REMOVE(validated_users, vuser);
+
+ SAFE_FREE(vuser);
+ num_validated_vuids--;
+}
+
/****************************************************************************
Invalidate all vuid entries for this process.
****************************************************************************/
@@ -163,19 +184,22 @@
/* Limit allowed vuids to 16bits - VUID_OFFSET. */
if (num_validated_vuids >= 0xFFFF-VUID_OFFSET) {
data_blob_free(&session_key);
+ TALLOC_FREE(server_info);
return UID_FIELD_INVALID;
}
if((vuser = SMB_MALLOC_P(user_struct)) == NULL) {
DEBUG(0,("Failed to malloc users struct!\n"));
data_blob_free(&session_key);
+ TALLOC_FREE(server_info);
return UID_FIELD_INVALID;
}
ZERO_STRUCTP(vuser);
/* Allocate a free vuid. Yes this is a linear search... :-) */
- while( get_valid_user_struct(next_vuid) != NULL ) {
+ while( (get_valid_user_struct(next_vuid) != NULL)
+ || (get_partial_auth_user_struct(next_vuid) != NULL) ) {
next_vuid++;
/* Check for vuid wrap. */
if (next_vuid == UID_FIELD_INVALID)
Modified: branches/samba/upstream/source/smbd/posix_acls.c
===================================================================
--- branches/samba/upstream/source/smbd/posix_acls.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/smbd/posix_acls.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -1336,12 +1336,12 @@
psa1->flags |= (psa2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT));
psa2->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT);
-
+
} else if (psa2->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
psa2->flags |= (psa1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT));
psa1->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT);
-
+
}
}
}
@@ -1402,10 +1402,22 @@
} else if (sid_to_uid( ¤t_ace->trustee, ¤t_ace->unix_ug.uid)) {
current_ace->owner_type = UID_ACE;
- current_ace->type = SMB_ACL_USER;
+ /* If it's the owning user, this is a user_obj, not
+ * a user. */
+ if (current_ace->unix_ug.uid == pst->st_uid) {
+ current_ace->type = SMB_ACL_USER_OBJ;
+ } else {
+ current_ace->type = SMB_ACL_USER;
+ }
} else if (sid_to_gid( ¤t_ace->trustee, ¤t_ace->unix_ug.gid)) {
current_ace->owner_type = GID_ACE;
- current_ace->type = SMB_ACL_GROUP;
+ /* If it's the primary group, this is a group_obj, not
+ * a group. */
+ if (current_ace->unix_ug.gid == pst->st_gid) {
+ current_ace->type = SMB_ACL_GROUP_OBJ;
+ } else {
+ current_ace->type = SMB_ACL_GROUP;
+ }
} else {
fstring str;
@@ -3099,57 +3111,8 @@
return ret;
}
-static NTSTATUS append_ugw_ace(files_struct *fsp,
- SMB_STRUCT_STAT *psbuf,
- mode_t unx_mode,
- int ugw,
- SEC_ACE *se)
-{
- mode_t perms;
- SEC_ACCESS acc;
- int nt_acl_type; /* Tru64 has "acl_type" as a macro.. */
- DOM_SID trustee;
-
- switch (ugw) {
- case S_IRUSR:
- perms = unix_perms_to_acl_perms(unx_mode,
- S_IRUSR,
- S_IWUSR,
- S_IXUSR);
- uid_to_sid(&trustee, psbuf->st_uid );
- break;
- case S_IRGRP:
- perms = unix_perms_to_acl_perms(unx_mode,
- S_IRGRP,
- S_IWGRP,
- S_IXGRP);
- gid_to_sid(&trustee, psbuf->st_gid );
- break;
- case S_IROTH:
- perms = unix_perms_to_acl_perms(unx_mode,
- S_IROTH,
- S_IWOTH,
- S_IXOTH);
- sid_copy(&trustee, &global_sid_World);
- break;
- default:
- return NT_STATUS_INVALID_PARAMETER;
- }
- acc = map_canon_ace_perms(SNUM(fsp->conn),
- &nt_acl_type,
- perms,
- fsp->is_directory);
-
- init_sec_ace(se,
- &trustee,
- nt_acl_type,
- acc,
- 0);
- return NT_STATUS_OK;
-}
-
/****************************************************************************
- If this is an
+ Take care of parent ACL inheritance.
****************************************************************************/
static NTSTATUS append_parent_acl(files_struct *fsp,
@@ -3168,7 +3131,7 @@
int info;
size_t sd_size;
unsigned int i, j;
- mode_t unx_mode;
+ BOOL is_dacl_protected = (psd->type & SE_DESC_DACL_PROTECTED);
ZERO_STRUCT(sbuf);
@@ -3183,12 +3146,6 @@
return NT_STATUS_NO_MEMORY;
}
- /* Create a default mode for u/g/w. */
- unx_mode = unix_mode(fsp->conn,
- aARCH | (fsp->is_directory ? aDIR : 0),
- fsp->fsp_name,
- parent_name);
-
status = open_directory(fsp->conn,
parent_name,
&sbuf,
@@ -3213,22 +3170,25 @@
return NT_STATUS_ACCESS_DENIED;
}
- /*
+ /*
* Make room for potentially all the ACLs from
- * the parent, plus the user/group/other triple.
+ * the parent. We used to add the ugw triple here,
+ * as we knew we were dealing with POSIX ACLs.
+ * We no longer need to do so as we can guarentee
+ * that a default ACL from the parent directory will
+ * be well formed for POSIX ACLs if it came from a
+ * POSIX ACL source, and if we're not writing to a
+ * POSIX ACL sink then we don't care if it's not well
+ * formed. JRA.
*/
- num_aces += parent_sd->dacl->num_aces + 3;
+ num_aces += parent_sd->dacl->num_aces;
if((new_ace = TALLOC_ZERO_ARRAY(mem_ctx, SEC_ACE,
num_aces)) == NULL) {
return NT_STATUS_NO_MEMORY;
}
- DEBUG(10,("append_parent_acl: parent ACL has %u entries. New "
- "ACL has %u entries\n",
- parent_sd->dacl->num_aces, num_aces ));
-
/* Start by copying in all the given ACE entries. */
for (i = 0; i < psd->dacl->num_aces; i++) {
sec_ace_copy(&new_ace[i], &psd->dacl->aces[i]);
@@ -3239,49 +3199,97 @@
* as that really only applies to newly created files. JRA.
*/
- /*
- * Append u/g/w.
- */
-
- status = append_ugw_ace(fsp, psbuf, unx_mode, S_IRUSR, &new_ace[i++]);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- status = append_ugw_ace(fsp, psbuf, unx_mode, S_IRGRP, &new_ace[i++]);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- status = append_ugw_ace(fsp, psbuf, unx_mode, S_IROTH, &new_ace[i++]);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
/* Finally append any inherited ACEs. */
for (j = 0; j < parent_sd->dacl->num_aces; j++) {
SEC_ACE *se = &parent_sd->dacl->aces[j];
- uint32 i_flags = se->flags & (SEC_ACE_FLAG_OBJECT_INHERIT|
- SEC_ACE_FLAG_CONTAINER_INHERIT|
- SEC_ACE_FLAG_INHERIT_ONLY);
if (fsp->is_directory) {
- if (i_flags == SEC_ACE_FLAG_OBJECT_INHERIT) {
- /* Should only apply to a file - ignore. */
+ if (!(se->flags & SEC_ACE_FLAG_CONTAINER_INHERIT)) {
+ /* Doesn't apply to a directory - ignore. */
+ DEBUG(10,("append_parent_acl: directory %s "
+ "ignoring non container "
+ "inherit flags %u on ACE with sid %s "
+ "from parent %s\n",
+ fsp->fsp_name,
+ (unsigned int)se->flags,
+ sid_string_static(&se->trustee),
+ parent_name));
continue;
}
} else {
- if ((i_flags & (SEC_ACE_FLAG_OBJECT_INHERIT|
- SEC_ACE_FLAG_INHERIT_ONLY)) !=
- SEC_ACE_FLAG_OBJECT_INHERIT) {
- /* Should not apply to a file - ignore. */
+ if (!(se->flags & SEC_ACE_FLAG_OBJECT_INHERIT)) {
+ /* Doesn't apply to a file - ignore. */
+ DEBUG(10,("append_parent_acl: file %s "
+ "ignoring non object "
+ "inherit flags %u on ACE with sid %s "
+ "from parent %s\n",
+ fsp->fsp_name,
+ (unsigned int)se->flags,
+ sid_string_static(&se->trustee),
+ parent_name));
continue;
}
}
+
+ if (is_dacl_protected) {
+ /* If the DACL is protected it means we must
+ * not overwrite an existing ACE entry with the
+ * same SID. This is order N^2. Ouch :-(. JRA. */
+ unsigned int k;
+ for (k = 0; k < psd->dacl->num_aces; k++) {
+ if (sid_equal(&psd->dacl->aces[k].trustee,
+ &se->trustee)) {
+ break;
+ }
+ }
+ if (k < psd->dacl->num_aces) {
+ /* SID matched. Ignore. */
+ DEBUG(10,("append_parent_acl: path %s "
+ "ignoring ACE with protected sid %s "
+ "from parent %s\n",
+ fsp->fsp_name,
+ sid_string_static(&se->trustee),
+ parent_name));
+ continue;
+ }
+ }
+
sec_ace_copy(&new_ace[i], se);
if (se->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) {
new_ace[i].flags &= ~(SEC_ACE_FLAG_VALID_INHERIT);
}
new_ace[i].flags |= SEC_ACE_FLAG_INHERITED_ACE;
+
+ if (fsp->is_directory) {
+ /*
+ * Strip off any inherit only. It's applied.
+ */
+ new_ace[i].flags &= ~(SEC_ACE_FLAG_INHERIT_ONLY);
+ if (se->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) {
+ /* No further inheritance. */
+ new_ace[i].flags &=
+ ~(SEC_ACE_FLAG_CONTAINER_INHERIT|
+ SEC_ACE_FLAG_OBJECT_INHERIT);
+ }
+ } else {
+ /*
+ * Strip off any container or inherit
+ * flags, they can't apply to objects.
+ */
+ new_ace[i].flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|
+ SEC_ACE_FLAG_INHERIT_ONLY|
+ SEC_ACE_FLAG_NO_PROPAGATE_INHERIT);
+ }
+
i++;
+
+ DEBUG(10,("append_parent_acl: path %s "
+ "inheriting ACE with sid %s "
+ "from parent %s\n",
+ fsp->fsp_name,
+ sid_string_static(&se->trustee),
+ parent_name));
+
}
parent_sd->dacl->aces = new_ace;
Modified: branches/samba/upstream/source/smbd/reply.c
===================================================================
--- branches/samba/upstream/source/smbd/reply.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/smbd/reply.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -5169,11 +5169,13 @@
status = check_name(conn, fname);
if (!NT_STATUS_IS_OK(status)) {
+ CloseDir(dir_hnd);
return ERROR_NT(status);
}
status = check_name(conn, destname);
if (!NT_STATUS_IS_OK(status)) {
+ CloseDir(dir_hnd);
return ERROR_NT(status);
}
Modified: branches/samba/upstream/source/smbd/server.c
===================================================================
--- branches/samba/upstream/source/smbd/server.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/smbd/server.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -30,7 +30,7 @@
int last_message = -1;
/* a useful macro to debug the last message processed */
-#define LAST_MESSAGE() smb_fn_name(last_message)
+#define LAST_MESSAGE() (last_message != -1 ? smb_fn_name(last_message) : "")
extern struct auth_context *negprot_global_auth_context;
extern pstring user_socket_options;
Modified: branches/samba/upstream/source/smbd/sesssetup.c
===================================================================
--- branches/samba/upstream/source/smbd/sesssetup.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/smbd/sesssetup.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -624,7 +624,7 @@
/* NB. This is *NOT* an error case. JRA */
auth_ntlmssp_end(auth_ntlmssp_state);
/* Kill the intermediate vuid */
- invalidate_vuid(vuid);
+ invalidate_intermediate_vuid(vuid);
}
return ret;
@@ -690,7 +690,7 @@
status = parse_spnego_mechanisms(blob1, &secblob, &got_kerberos_mechanism);
if (!NT_STATUS_IS_OK(status)) {
/* Kill the intermediate vuid */
- invalidate_vuid(vuid);
+ invalidate_intermediate_vuid(vuid);
return ERROR_NT(nt_status_squash(status));
}
@@ -704,12 +704,21 @@
data_blob_free(&secblob);
if (destroy_vuid) {
/* Kill the intermediate vuid */
- invalidate_vuid(vuid);
+ invalidate_intermediate_vuid(vuid);
}
return ret;
}
#endif
+ if (got_kerberos_mechanism) {
+ invalidate_intermediate_vuid(vuid);
+ DEBUG(3,("reply_spnego_negotiate: network "
+ "misconfiguration, client sent us a "
+ "krb5 ticket and kerberos security "
+ "not enabled"));
+ return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
+ }
+
if (*auth_ntlmssp_state) {
auth_ntlmssp_end(auth_ntlmssp_state);
}
@@ -717,7 +726,7 @@
status = auth_ntlmssp_start(auth_ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
/* Kill the intermediate vuid */
- invalidate_vuid(vuid);
+ invalidate_intermediate_vuid(vuid);
return ERROR_NT(nt_status_squash(status));
}
@@ -755,9 +764,9 @@
file_save("auth.dat", blob1.data, blob1.length);
#endif
/* Kill the intermediate vuid */
- invalidate_vuid(vuid);
+ invalidate_intermediate_vuid(vuid);
- return ERROR_NT(nt_status_squash(NT_STATUS_INVALID_PARAMETER));
+ return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
}
if (auth.data[0] == ASN1_APPLICATION(0)) {
@@ -776,7 +785,7 @@
data_blob_free(&auth);
if (destroy_vuid) {
/* Kill the intermediate vuid */
- invalidate_vuid(vuid);
+ invalidate_intermediate_vuid(vuid);
}
return ret;
}
@@ -786,24 +795,24 @@
/* If we get here it wasn't a negTokenTarg auth packet. */
data_blob_free(&secblob);
-
+
if (!*auth_ntlmssp_state) {
/* Kill the intermediate vuid */
- invalidate_vuid(vuid);
+ invalidate_intermediate_vuid(vuid);
/* auth before negotiatiate? */
- return ERROR_NT(nt_status_squash(NT_STATUS_INVALID_PARAMETER));
+ return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
-
- status = auth_ntlmssp_update(*auth_ntlmssp_state,
+
+ status = auth_ntlmssp_update(*auth_ntlmssp_state,
auth, &auth_reply);
data_blob_free(&auth);
- reply_spnego_ntlmssp(conn, inbuf, outbuf, vuid,
+ reply_spnego_ntlmssp(conn, inbuf, outbuf, vuid,
auth_ntlmssp_state,
&auth_reply, status, True);
-
+
data_blob_free(&auth_reply);
/* and tell smbd that we have already replied to this packet */
@@ -1112,7 +1121,7 @@
if (!NT_STATUS_IS_OK(status)) {
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
/* Real error - kill the intermediate vuid */
- invalidate_vuid(vuid);
+ invalidate_intermediate_vuid(vuid);
}
data_blob_free(&blob1);
return ERROR_NT(nt_status_squash(status));
@@ -1140,7 +1149,7 @@
status = auth_ntlmssp_start(&vuser->auth_ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
/* Kill the intermediate vuid */
- invalidate_vuid(vuid);
+ invalidate_intermediate_vuid(vuid);
data_blob_free(&blob1);
return ERROR_NT(nt_status_squash(status));
}
Modified: branches/samba/upstream/source/smbd/trans2.c
===================================================================
--- branches/samba/upstream/source/smbd/trans2.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/smbd/trans2.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -2223,6 +2223,41 @@
return(-1);
}
+static void samba_extended_info_version(struct smb_extended_info *extended_info)
+{
+ SMB_ASSERT(extended_info != NULL);
+
+ extended_info->samba_magic = SAMBA_EXTENDED_INFO_MAGIC;
+ extended_info->samba_version = ((SAMBA_VERSION_MAJOR & 0xff) << 24)
+ | ((SAMBA_VERSION_MINOR & 0xff) << 16)
+ | ((SAMBA_VERSION_RELEASE & 0xff) << 8);
+#ifdef SAMBA_VERSION_REVISION
+ extended_info->samba_version |= (tolower(*SAMBA_VERSION_REVISION) - 'a' + 1) & 0xff;
+#endif
+ extended_info->samba_subversion = 0;
+#ifdef SAMBA_VERSION_RC_RELEASE
+ extended_info->samba_subversion |= (SAMBA_VERSION_RC_RELEASE & 0xff) << 24;
+#else
+#ifdef SAMBA_VERSION_PRE_RELEASE
+ extended_info->samba_subversion |= (SAMBA_VERSION_PRE_RELEASE & 0xff) << 16;
+#endif
+#endif
+#ifdef SAMBA_VERSION_VENDOR_PATCH
+ extended_info->samba_subversion |= (SAMBA_VERSION_VENDOR_PATCH & 0xffff);
+#endif
+ extended_info->samba_subversion = 0;
+#ifdef SAMBA_VERSION_GIT_COMMIT_TIME
+ unix_to_nt_time(&extended_info->samba_gitcommitdate, SAMBA_VERSION_GIT_COMMIT_TIME);
+#endif
+
+ memset(extended_info->samba_version_string, 0,
+ sizeof(extended_info->samba_version_string));
+
+ snprintf (extended_info->samba_version_string,
+ sizeof(extended_info->samba_version_string),
+ "%s", samba_version_string());
+}
+
/****************************************************************************
Reply to a TRANS2_QFSINFO (query filesystem info).
****************************************************************************/
@@ -2330,6 +2365,7 @@
SIVAL(pdata,0,FILE_CASE_PRESERVED_NAMES|FILE_CASE_SENSITIVE_SEARCH|
(lp_nt_acl_support(SNUM(conn)) ? FILE_PERSISTENT_ACLS : 0)|
+ FILE_UNICODE_ON_DISK|
quota_flag); /* FS ATTRIBUTES */
SIVAL(pdata,4,255); /* Max filename component length */
@@ -2511,8 +2547,20 @@
}
#endif /* HAVE_SYS_QUOTAS */
case SMB_FS_OBJECTID_INFORMATION:
+ {
+ /*
+ * No object id, but we transmit version information.
+ */
+ struct smb_extended_info extended_info;
+ samba_extended_info_version (&extended_info);
+ SIVAL(pdata,16,extended_info.samba_magic);
+ SIVAL(pdata,20,extended_info.samba_version);
+ SIVAL(pdata,24,extended_info.samba_subversion);
+ SBIG_UINT(pdata,28,extended_info.samba_gitcommitdate);
+ memcpy(pdata+36,extended_info.samba_version_string,28);
data_len = 64;
break;
+ }
/*
* Query the version and capabilities of the CIFS UNIX extensions
@@ -3299,17 +3347,6 @@
}
}
- nlink = sbuf.st_nlink;
-
- if ((nlink > 0) && S_ISDIR(sbuf.st_mode)) {
- /* NTFS does not seem to count ".." */
- nlink -= 1;
- }
-
- if ((nlink > 0) && delete_pending) {
- nlink -= 1;
- }
-
if (INFO_LEVEL_IS_UNIX(info_level) && !lp_unix_extensions()) {
return ERROR_NT(NT_STATUS_INVALID_LEVEL);
}
@@ -3327,6 +3364,16 @@
if (!mode)
mode = FILE_ATTRIBUTE_NORMAL;
+ nlink = sbuf.st_nlink;
+
+ if (nlink && (mode&aDIR)) {
+ nlink = 1;
+ }
+
+ if ((nlink > 0) && delete_pending) {
+ nlink -= 1;
+ }
+
fullpathname = fname;
if (!(mode & aDIR))
file_size = get_file_size(sbuf);
Modified: branches/samba/upstream/source/tdb/common/io.c
===================================================================
--- branches/samba/upstream/source/tdb/common/io.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/tdb/common/io.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -95,7 +95,7 @@
/* try once more */
TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_write: wrote only "
"%d of %d bytes at %d, trying once more\n",
- written, len, off));
+ (uint32_t)written, len, off));
errno = ENOSPC;
written = pwrite(tdb->fd, (void *)((char *)buf+written),
len-written,
@@ -275,11 +275,12 @@
return -1;
} else if (written == -1) {
TDB_LOG((tdb, TDB_DEBUG_FATAL, "expand_file write of "
- "%d bytes failed (%s)\n", n, strerror(errno)));
+ "%d bytes failed (%s)\n", (uint32_t)n, strerror(errno)));
return -1;
} else if (written != n) {
TDB_LOG((tdb, TDB_DEBUG_WARNING, "expand_file: wrote "
- "only %d of %d bytes - retrying\n", written,n));
+ "only %d of %d bytes - retrying\n",
+ (uint32_t)written, (uint32_t)n));
}
addition -= written;
size += written;
Modified: branches/samba/upstream/source/tdb/tools/tdbtool.c
===================================================================
--- branches/samba/upstream/source/tdb/tools/tdbtool.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/tdb/tools/tdbtool.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -151,7 +151,7 @@
if (len<=0) return;
printf("[%03X] ",i);
for (i=0;i<len;) {
- printf("%02X ",(int)buf[i]);
+ printf("%02X ",(int)((unsigned char)buf[i]));
i++;
if (i%8 == 0) printf(" ");
if (i%16 == 0) {
Modified: branches/samba/upstream/source/torture/torture.c
===================================================================
--- branches/samba/upstream/source/torture/torture.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/torture/torture.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -4781,6 +4781,47 @@
return True;
}
+static BOOL run_sesssetup_bench(int dummy)
+{
+ static struct cli_state *c;
+ NTSTATUS status;
+ int i;
+
+ if (!(c = open_nbt_connection())) {
+ return false;
+ }
+
+ if (!cli_negprot(c)) {
+ printf("%s rejected the NT-error negprot (%s)\n", host,
+ cli_errstr(c));
+ cli_shutdown(c);
+ return false;
+ }
+
+ for (i=0; i<torture_numops; i++) {
+ status = cli_session_setup(
+ c, username,
+ password, strlen(password),
+ password, strlen(password),
+ workgroup);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("(%s) cli_session_setup failed: %s\n",
+ __location__, nt_errstr(status));
+ return false;
+ }
+
+ if (!cli_ulogoff(c)) {
+ d_printf("(%s) cli_ulogoff failed: %s\n",
+ __location__, cli_errstr(c));
+ return false;
+ }
+
+ c->vuid = 0;
+ }
+
+ return True;
+}
+
static BOOL run_local_substitute(int dummy)
{
TALLOC_CTX *mem_ctx;
@@ -5026,6 +5067,7 @@
{"CHKPATH", torture_chkpath_test, 0},
{"FDSESS", run_fdsesstest, 0},
{ "EATEST", run_eatest, 0},
+ { "SESSSETUP_BENCH", run_sesssetup_bench, 0},
{ "LOCAL-SUBSTITUTE", run_local_substitute, 0},
{ "LOCAL-GENCACHE", run_local_gencache, 0},
{NULL, NULL, 0}};
Modified: branches/samba/upstream/source/utils/net.c
===================================================================
--- branches/samba/upstream/source/utils/net.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/utils/net.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -677,6 +677,16 @@
"backend knowlege (such as the sid stored in LDAP)\n"));
}
+ /* first check to see if we can even access secrets, so we don't
+ panic when we can't. */
+
+ if (!secrets_init()) {
+ d_fprintf(stderr, "Unable to open secrets.tdb. "
+ "Can't fetch domainSID for name: %s\n",
+ get_global_sam_name());
+ return 1;
+ }
+
/* Generate one, if it doesn't exist */
get_global_sam_sid();
Modified: branches/samba/upstream/source/utils/net_domain.c
===================================================================
--- branches/samba/upstream/source/utils/net_domain.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/utils/net_domain.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -209,10 +209,15 @@
uint32 num_rids, *name_types, *user_rids;
uint32 flags = 0x3e8;
uint32 acb_info = ACB_WSTRUST;
- uchar pwbuf[516];
+ uint32 acct_flags=0;
+ uint32 fields_present;
+ uchar pwbuf[532];
SAM_USERINFO_CTR ctr;
- SAM_USER_INFO_24 p24;
- SAM_USER_INFO_16 p16;
+ SAM_USER_INFO_25 p25;
+ const int infolevel = 25;
+ struct MD5Context md5ctx;
+ uchar md5buffer[16];
+ DATA_BLOB digested_session_key;
uchar md4_trust_password[16];
/* Open the domain */
@@ -242,8 +247,13 @@
/* Don't try to set any acb_info flags other than ACB_WSTRUST */
+ acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
+ SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
+ SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
+ SAMR_USER_SETATTR;
+ DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
- acct_name, acb_info, 0xe005000b, &user_pol, &user_rid);
+ acct_name, acb_info, acct_flags, &user_pol, &user_rid);
if ( !NT_STATUS_IS_OK(status)
&& !NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS))
@@ -283,24 +293,49 @@
status = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
SEC_RIGHTS_MAXIMUM_ALLOWED, user_rid, &user_pol);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
- /* Create a random machine account password */
+ /* Create a random machine account password and generate the hash */
- E_md4hash( clear_pw, md4_trust_password);
+ E_md4hash(clear_pw, md4_trust_password);
encode_pw_buffer(pwbuf, clear_pw, STR_UNICODE);
+
+ generate_random_buffer((uint8*)md5buffer, sizeof(md5buffer));
+ digested_session_key = data_blob_talloc(mem_ctx, 0, 16);
+
+ MD5Init(&md5ctx);
+ MD5Update(&md5ctx, md5buffer, sizeof(md5buffer));
+ MD5Update(&md5ctx, cli->user_session_key.data, cli->user_session_key.length);
+ MD5Final(digested_session_key.data, &md5ctx);
+
+ SamOEMhashBlob(pwbuf, sizeof(pwbuf), &digested_session_key);
+ memcpy(&pwbuf[516], md5buffer, sizeof(md5buffer));
- /* Set password on machine account */
+ /* Fill in the additional account flags now */
+ acb_info |= ACB_PWNOEXP;
+ if ( dom_type == ND_TYPE_AD ) {
+#if !defined(ENCTYPE_ARCFOUR_HMAC)
+ acb_info |= ACB_USE_DES_KEY_ONLY;
+#endif
+ ;;
+ }
+
+ /* Set password and account flags on machine account */
+
ZERO_STRUCT(ctr);
- ZERO_STRUCT(p24);
+ ZERO_STRUCT(p25);
- init_sam_user_info24(&p24, (char *)pwbuf,24);
+ fields_present = ACCT_NT_PWD_SET | ACCT_LM_PWD_SET | ACCT_FLAGS;
+ init_sam_user_info25P(&p25, fields_present, acb_info, (char *)pwbuf);
- ctr.switch_value = 24;
- ctr.info.id24 = &p24;
+ ctr.switch_value = infolevel;
+ ctr.info.id25 = &p25;
- status = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol,
- 24, &cli->user_session_key, &ctr);
+ status = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol,
+ infolevel, &cli->user_session_key, &ctr);
if ( !NT_STATUS_IS_OK(status) ) {
d_fprintf( stderr, "Failed to set password for machine account (%s)\n",
@@ -308,35 +343,6 @@
return status;
}
-
- /* Why do we have to try to (re-)set the ACB to be the same as what
- we passed in the samr_create_dom_user() call? When a NT
- workstation is joined to a domain by an administrator the
- acb_info is set to 0x80. For a normal user with "Add
- workstations to the domain" rights the acb_info is 0x84. I'm
- not sure whether it is supposed to make a difference or not. NT
- seems to cope with either value so don't bomb out if the set
- userinfo2 level 0x10 fails. -tpot */
-
- ZERO_STRUCT(ctr);
- ctr.switch_value = 16;
- ctr.info.id16 = &p16;
-
- /* Fill in the additional account flags now */
-
- acb_info |= ACB_PWNOEXP;
- if ( dom_type == ND_TYPE_AD ) {
-#if !defined(ENCTYPE_ARCFOUR_HMAC)
- acb_info |= ACB_USE_DES_KEY_ONLY;
-#endif
- ;;
- }
-
- init_sam_user_info16(&p16, acb_info);
-
- status = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol, 16,
- &cli->user_session_key, &ctr);
-
rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
cli_rpc_pipe_close(pipe_hnd); /* Done with this pipe */
Modified: branches/samba/upstream/source/utils/net_rpc.c
===================================================================
--- branches/samba/upstream/source/utils/net_rpc.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/utils/net_rpc.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -381,7 +381,7 @@
* @param argc Standard main() style argv. Initial components are already
* stripped
*
- * Main 'net_rpc_join()' (where the admain username/password is used) is
+ * Main 'net_rpc_join()' (where the admin username/password is used) is
* in net_rpc_join.c
* Try to just change the password, but if that doesn't work, use/prompt
* for a username/password.
@@ -581,7 +581,8 @@
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
const char *acct_name;
uint32 acb_info;
- uint32 unknown, user_rid;
+ uint32 acct_flags=0;
+ uint32 user_rid;
if (argc < 1) {
d_printf("User must be specified\n");
@@ -611,10 +612,14 @@
/* Create domain user */
acb_info = ACB_NORMAL;
- unknown = 0xe005000b; /* No idea what this is - a permission mask? */
+ acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
+ SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
+ SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
+ SAMR_USER_SETATTR;
+ DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
- acct_name, acb_info, unknown,
+ acct_name, acb_info, acct_flags,
&user_pol, &user_rid);
if (!NT_STATUS_IS_OK(result)) {
goto done;
@@ -5335,7 +5340,8 @@
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
char *acct_name;
uint32 acb_info;
- uint32 unknown, user_rid;
+ uint32 user_rid;
+ uint32 acct_flags=0;
if (argc != 2) {
d_printf("Usage: net rpc trustdom add <domain_name> <pw>\n");
@@ -5369,11 +5375,13 @@
/* Create trusting domain's account */
acb_info = ACB_NORMAL;
- unknown = 0xe00500b0; /* No idea what this is - a permission mask?
- mimir: yes, most probably it is */
+ acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
+ SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
+ SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
+ SAMR_USER_SETATTR;
result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
- acct_name, acb_info, unknown,
+ acct_name, acb_info, acct_flags,
&user_pol, &user_rid);
if (!NT_STATUS_IS_OK(result)) {
goto done;
Modified: branches/samba/upstream/source/utils/net_rpc_join.c
===================================================================
--- branches/samba/upstream/source/utils/net_rpc_join.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/utils/net_rpc_join.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -43,7 +43,7 @@
**/
int net_rpc_join_ok(const char *domain, const char *server, struct in_addr *ip )
{
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
+ uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
struct cli_state *cli = NULL;
struct rpc_pipe_client *pipe_hnd = NULL;
struct rpc_pipe_client *netlogon_pipe = NULL;
@@ -114,7 +114,7 @@
struct cli_state *cli;
TALLOC_CTX *mem_ctx;
uint32 acb_info = ACB_WSTRUST;
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0);
+ uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0);
uint32 sec_channel_type;
struct rpc_pipe_client *pipe_hnd = NULL;
@@ -142,6 +142,7 @@
uint32 flags = 0x3e8;
char *acct_name;
const char *const_acct_name;
+ uint32 acct_flags=0;
/* check what type of join */
if (argc >= 0) {
@@ -229,9 +230,14 @@
strlower_m(acct_name);
const_acct_name = acct_name;
+ acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
+ SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
+ SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
+ SAMR_USER_SETATTR;
+ DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
acct_name, acb_info,
- 0xe005000b, &user_pol,
+ acct_flags, &user_pol,
&user_rid);
if (!NT_STATUS_IS_OK(result) &&
Modified: branches/samba/upstream/source/utils/net_rpc_samsync.c
===================================================================
--- branches/samba/upstream/source/utils/net_rpc_samsync.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/utils/net_rpc_samsync.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -238,7 +238,7 @@
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
uchar trust_password[16];
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+ uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
uint32 sec_channel_type = 0;
if (!secrets_fetch_trust_account_password(domain_name,
Modified: branches/samba/upstream/source/utils/net_sam.c
===================================================================
--- branches/samba/upstream/source/utils/net_sam.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/utils/net_sam.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -42,7 +42,7 @@
return -1;
}
- if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED,
+ if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL,
&dom, &name, &sid, &type)) {
d_fprintf(stderr, "Could not find name %s\n", argv[0]);
return -1;
@@ -139,7 +139,7 @@
return -1;
}
- if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED,
+ if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL,
&dom, &name, &sid, &type)) {
d_fprintf(stderr, "Could not find name %s\n", argv[0]);
return -1;
@@ -223,7 +223,7 @@
return -1;
}
- if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED,
+ if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL,
&dom, &name, &sid, &type)) {
d_fprintf(stderr, "Could not find name %s\n", argv[0]);
return -1;
@@ -284,7 +284,7 @@
return -1;
}
- if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED,
+ if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL,
&dom, &name, &sid, &type)) {
d_fprintf(stderr, "Could not find name %s\n", argv[0]);
return -1;
@@ -639,7 +639,7 @@
return -1;
}
- if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED,
+ if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL,
&groupdomain, &groupname, &group, &grouptype)) {
d_fprintf(stderr, "Could not find group %s\n", argv[0]);
return -1;
@@ -647,7 +647,7 @@
/* check to see if the member to be added is a name or a SID */
- if (!lookup_name(tmp_talloc_ctx(), argv[1], LOOKUP_NAME_ISOLATED,
+ if (!lookup_name(tmp_talloc_ctx(), argv[1], LOOKUP_NAME_LOCAL,
&memberdomain, &membername, &member, &membertype))
{
/* try it as a SID */
@@ -712,13 +712,13 @@
return -1;
}
- if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED,
+ if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL,
&groupdomain, &groupname, &group, &grouptype)) {
d_fprintf(stderr, "Could not find group %s\n", argv[0]);
return -1;
}
- if (!lookup_name(tmp_talloc_ctx(), argv[1], LOOKUP_NAME_ISOLATED,
+ if (!lookup_name(tmp_talloc_ctx(), argv[1], LOOKUP_NAME_LOCAL,
&memberdomain, &membername, &member, NULL)) {
if (!string_to_sid(&member, argv[1])) {
d_fprintf(stderr, "Could not find member %s\n",
@@ -770,7 +770,7 @@
return -1;
}
- if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED,
+ if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL,
&groupdomain, &groupname, &group, &grouptype)) {
d_fprintf(stderr, "Could not find group %s\n", argv[0]);
return -1;
@@ -918,7 +918,7 @@
return -1;
}
- if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_ISOLATED,
+ if (!lookup_name(tmp_talloc_ctx(), argv[0], LOOKUP_NAME_LOCAL,
&dom, &name, &sid, &type)) {
d_fprintf(stderr, "Could not find name %s\n", argv[0]);
return -1;
Modified: branches/samba/upstream/source/utils/smbcacls.c
===================================================================
--- branches/samba/upstream/source/utils/smbcacls.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/utils/smbcacls.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -788,7 +788,8 @@
&ip, 0,
share, "?????",
cmdline_auth_info.username, lp_workgroup(),
- cmdline_auth_info.password, 0,
+ cmdline_auth_info.password,
+ cmdline_auth_info.use_kerberos ? CLI_FULL_CONNECTION_USE_KERBEROS : 0,
cmdline_auth_info.signing_state, NULL))) {
return c;
} else {
Modified: branches/samba/upstream/source/utils/smbpasswd.c
===================================================================
--- branches/samba/upstream/source/utils/smbpasswd.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/utils/smbpasswd.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -96,6 +96,12 @@
while ((ch = getopt(argc, argv, "c:axdehminjr:sw:R:D:U:LW")) != EOF) {
switch(ch) {
case 'L':
+#if !defined(DEVELOPER)
+ if (getuid() != 0) {
+ fprintf(stderr, "smbpasswd -L can only be used by root.\n");
+ exit(1);
+ }
+#endif
local_flags |= LOCAL_AM_ROOT;
break;
case 'c':
Modified: branches/samba/upstream/source/utils/status.c
===================================================================
--- branches/samba/upstream/source/utils/status.c 2008-03-09 09:58:03 UTC (rev 1754)
+++ branches/samba/upstream/source/utils/status.c 2008-03-09 10:22:43 UTC (rev 1755)
@@ -367,6 +367,16 @@
if ( show_locks ) {
int ret;
+ tdb = tdb_open_log(lock_path("locking.tdb"), 0, TDB_DEFAULT, O_RDONLY, 0);
+
+ if (!tdb) {
+ d_printf("%s not initialised\n", lock_path("locking.tdb"));
+ d_printf("This is normal if an SMB client has never connected to your server.\n");
+ exit(0);
+ } else {
+ tdb_close(tdb);
+ }
+
if (!locking_init(1)) {
d_printf("Can't initialise locking module - exiting\n");
exit(1);
More information about the Pkg-samba-maint
mailing list