diff options
| author | Gerald Carter <jerry@samba.org> | 2006-06-08 20:07:34 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2006-06-08 20:07:34 +0000 |
| commit | 3a5cc58fde0d53d83d46e37f80670ad6bd67f892 (patch) | |
| tree | af90a90140ba6578e973247176d40c6af54a167a | |
| parent | a1b3f2f9bac039395fa20f0be779367f7e23400a (diff) | |
| download | samba-3a5cc58fde0d53d83d46e37f80670ad6bd67f892.tar.gz samba-3a5cc58fde0d53d83d46e37f80670ad6bd67f892.tar.xz samba-3a5cc58fde0d53d83d46e37f80670ad6bd67f892.zip | |
r16104: Set version to 3.0.23rc2
Bring release tree up to current 3.0 tree
(svn merge -r15845:16103 $SVNURL/branches/SAMBA_3_0)
58 files changed, 1011 insertions, 244 deletions
diff --git a/source/Makefile.in b/source/Makefile.in index effd438defe..582ea752064 100644 --- a/source/Makefile.in +++ b/source/Makefile.in @@ -204,7 +204,7 @@ RPC_PARSE_OBJ0 = rpc_parse/parse_prs.o rpc_parse/parse_misc.o LIB_OBJ = $(VERSION_OBJ) lib/charcnv.o lib/debug.o lib/fault.o \ lib/getsmbpass.o lib/interface.o lib/md4.o \ - lib/interfaces.o lib/pidfile.o lib/replace.o lib/replace1.o lib/repdir.o \ + lib/interfaces.o lib/pidfile.o lib/replace.o lib/replace1.o lib/repdir.o lib/timegm.o \ lib/signal.o lib/system.o lib/sendfile.o lib/time.o \ lib/ufc.o lib/genrand.o lib/username.o \ lib/util_pw.o lib/access.o lib/smbrun.o \ @@ -577,7 +577,8 @@ NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_domain.o utils/net_help.o \ utils/net_status.o utils/net_rpc_printer.o utils/net_rpc_rights.o \ utils/net_rpc_service.o utils/net_rpc_registry.o utils/net_usershare.o \ utils/netlookup.o utils/net_sam.o utils/net_rpc_shell.o \ - utils/net_util.o utils/net_rpc_sh_acct.o utils/net_rpc_audit.o + utils/net_util.o utils/net_rpc_sh_acct.o utils/net_rpc_audit.o \ + utils/passwd_util.o NET_OBJ = $(NET_OBJ1) $(PARAM_OBJ) $(SECRETS_OBJ) $(LIBSMB_OBJ) \ $(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ @@ -594,7 +595,7 @@ CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) \ MOUNT_OBJ = client/smbmount.o \ $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) $(SECRETS_OBJ) -MNT_OBJ = client/smbmnt.o lib/replace.o $(VERSION_OBJ) $(SNPRINTF_OBJ) @SOCKWRAP@ +MNT_OBJ = client/smbmnt.o lib/replace.o lib/timegm.o $(VERSION_OBJ) $(SNPRINTF_OBJ) @SOCKWRAP@ UMOUNT_OBJ = client/smbumount.o @SOCKWRAP@ @@ -805,6 +806,8 @@ eventlogadm: SHOWFLAGS bin/eventlogadm@EXEEXT@ talloctort : SHOWFLAGS bin/talloctort@EXEEXT@ +timelimit : SHOWFLAGS bin/timelimit@EXEEXT@ + nsswitch : SHOWFLAGS bin/winbindd@EXEEXT@ bin/wbinfo@EXEEXT@ @WINBIND_NSS@ \ @WINBIND_WINS_NSS@ bin/pam_winbind.@SHLIBEXT@ @@ -1479,7 +1482,7 @@ installpammodules: $(PAM_MODULES) @$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS) $(DESTDIR) $(PAMMODULESDIR) @for module in $(PAM_MODULES); do \ echo "Installing module $${module} as $(DESTDIR)/$(PAMMODULESDIR)/$${module}.@SHLIBEXT@ "; \ - install -m $(INSTALLPERMS) bin/$${module}.@SHLIBEXT@ \ + $(INSTALLCMD) -m $(INSTALLPERMS) bin/$${module}.@SHLIBEXT@ \ "$(DESTDIR)/$(PAMMODULESDIR)"; \ done @@ -1732,11 +1735,11 @@ test_pam_modules: pam_modules ## ## Targets for 'make test' ## -test: all torture bin/timelimit +test: all torture timelimit @echo Running Test suite @sh ./script/tests/selftest.sh ${selftest_prefix}/st all "${smbtorture4_path}" -valgrindtest: all torture bin/timelimit +valgrindtest: all torture timelimit @echo Running Test suite with valgrind @NMBD_VALGRIND="xterm -n smbd -e valgrind -q --db-attach=yes --num-callers=30" \ SMBD_VALGRIND="xterm -n smbd -e valgrind -q --db-attach=yes --num-callers=30" \ diff --git a/source/VERSION b/source/VERSION index e9820322647..b2b78639071 100644 --- a/source/VERSION +++ b/source/VERSION @@ -57,7 +57,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # ######################################################## -SAMBA_VERSION_RC_RELEASE=1 +SAMBA_VERSION_RC_RELEASE=2 ######################################################## # To mark SVN snapshots this should be set to 'yes' # diff --git a/source/aclocal.m4 b/source/aclocal.m4 index 459e4d5c7a0..8abecd216f0 100644 --- a/source/aclocal.m4 +++ b/source/aclocal.m4 @@ -104,31 +104,64 @@ AC_DEFUN(AC_HAVE_DECL, ]) +dnl AC_LIBTESTFUNC(lib, function, [actions if found], [actions if not found]) dnl Check for a function in a library, but don't keep adding the same library dnl to the LIBS variable. Check whether the function is available in the dnl current LIBS before adding the library which prevents us spuriously -dnl adding libraries for symbols that are in libc. On success, this ensures that -dnl HAVE_FOO is defined. -AC_LIBTESTFUNC(lib,func) -AC_DEFUN(AC_LIBTESTFUNC, +dnl adding libraries for symbols that are in libc. +dnl +dnl On success, the default actions ensure that HAVE_FOO is defined. The lib +dnl is always added to $LIBS if it was found to be necessary. The caller +dnl can use SMB_LIB_REMOVE to strp this if necessary. +AC_DEFUN([AC_LIBTESTFUNC], [ AC_CHECK_FUNCS($2, [ # $2 was found in libc or existing $LIBS - AC_DEFINE(translit([HAVE_$2], [a-z], [A-Z]), 1, - [Whether $2 is available]) + ifelse($3, [], + [ + AC_DEFINE(translit([HAVE_$2], [a-z], [A-Z]), 1, + [Whether $2 is available]) + ], + [ + $3 + ]) ], [ # $2 was not found, try adding lib$1 case " $LIBS " in - *\ -l$1\ *) ;; - *) AC_CHECK_LIB($1, $2, + *\ -l$1\ *) + ifelse($4, [], + [ + # $2 was not found and we already had lib$1 + # nothing to do here by default + true + ], + [ $4 ]) + ;; + *) + # $2 was not found, try adding lib$1 + AC_CHECK_LIB($1, $2, [ - AC_DEFINE(translit([HAVE_$2], [a-z], [A-Z]), 1, - [Whether $2 is available]) - LIBS="-l$1 $LIBS" + LIBS="-l$1 $LIBS" + ifelse($3, [], + [ + AC_DEFINE(translit([HAVE_$2], [a-z], [A-Z]), 1, + [Whether $2 is available]) + ], + [ + $3 + ]) ], - []) + [ + ifelse($4, [], + [ + # $2 was not found in lib$1 + # nothing to do here by default + true + ], + [ $4 ]) + ]) ;; esac ]) @@ -800,3 +833,113 @@ AC_DEFUN([SMB_CHECK_SYSCONF], AC_DEFINE(SYSCONF$1, 1, [Whether sysconf($1) is available]) fi ]) + +dnl SMB_IS_LIBPTHREAD_LINKED([actions if true], [actions if false]) +dnl Test whether the current LIBS results in libpthread being present. +dnl Execute the corresponding user action list. +AC_DEFUN([SMB_IS_LIBPTHREAD_LINKED], +[ + AC_TRY_LINK([], + [return pthread_create(0, 0, 0, 0);], + [$1], + [$2]) +]) + +dnl SMB_REMOVE_LIB(lib) +dnl Remove the given library from $LIBS +AC_DEFUN([SMB_REMOVELIB], +[ + LIBS=`echo $LIBS | sed -es/-l$1//g` +]) + +dnl SMB_CHECK_DMAPI([actions if true], [actions if false]) +dnl Check whether DMAPI is available and is a version that we know +dnl how to deal with. The default truth action is to set samba_dmapi_libs +dnl to the list of necessary libraries, and to define USE_DMAPI. +AC_DEFUN([SMB_CHECK_DMAPI], +[ + samba_dmapi_libs="" + + if test x"$samba_dmapi_libs" = x"" ; then + AC_CHECK_LIB(dm, dm_get_eventlist, + [ samba_dmapi_libs="-ldm"], []) + fi + + if test x"$samba_dmapi_libs" = x"" ; then + AC_CHECK_LIB(jfsdm, dm_get_eventlist, + [samba_dmapi_libs="-ljfsdm"], []) + fi + + if test x"$samba_dmapi_libs" = x"" ; then + AC_CHECK_LIB(xdsm, dm_get_eventlist, + [samba_dmapi_libs="-lxdsm"], []) + fi + + # Only bother to test ehaders if we have a candidate DMAPI library + if test x"$samba_dmapi_libs" != x"" ; then + AC_CHECK_HEADERS(sys/dmi.h xfs/dmapi.h sys/jfsdmapi.h sys/dmapi.h) + fi + + if test x"$samba_dmapi_libs" != x"" ; then + samba_dmapi_save_LIBS="$LIBS" + LIBS="$LIBS $samba_dmapi_libs" + AC_TRY_LINK( + [ +#ifdef HAVE_XFS_DMAPI_H +#include <xfs/dmapi.h> +#elif defined(HAVE_SYS_DMI_H) +#include <sys/dmi.h> +#elif defined(HAVE_SYS_JFSDMAPI_H) +#include <sys/jfsdmapi.h> +#elif defined(HAVE_SYS_DMAPI_H) +#include <sys/dmapi.h> +#endif + ], + [ +/* This link test is designed to fail on IRI 6.4, but should + * succeed on Linux, IRIX 6.5 and AIX. + */ +void main(void) { + char * version; + dm_eventset_t events; + /* This doesn't take an argument on IRIX 6.4. */ + dm_init_service(&version); + /* IRIX 6.4 expects events to be a pointer. */ + DMEV_ISSET(DM_EVENT_READ, events); +} + ], + [ + true # DMAPI link test succeeded + ], + [ + # DMAPI link failure + samba_dmapi_libs= + ]) + LIBS="$samba_dmapi_save_LIBS" + fi + + if test x"$samba_dmapi_libs" = x"" ; then + # DMAPI detection failure actions begin + ifelse($2, [], + [ + AC_ERROR(Failed to detect a supported DMAPI implementation) + ], + [ + $2 + ]) + # DMAPI detection failure actions end + else + # DMAPI detection success actions start + ifelse($1, [], + [ + AC_DEFINE(USE_DMAPI, 1, + [Whether we should build DMAPI integration components]) + AC_MSG_NOTICE(Found DMAPI support in $samba_dmapi_libs) + ], + [ + $1 + ]) + # DMAPI detection success actions end + fi + +]) diff --git a/source/auth/auth_domain.c b/source/auth/auth_domain.c index 6360d10b692..bedd318c3c3 100644 --- a/source/auth/auth_domain.c +++ b/source/auth/auth_domain.c @@ -403,7 +403,7 @@ static NTSTATUS check_trustdomain_security(const struct auth_context *auth_conte #if 0 /* Test if machine password is expired and need to be changed */ - if (time(NULL) > last_change_time + lp_machine_password_timeout()) + if (time(NULL) > last_change_time + (time_t)lp_machine_password_timeout()) { global_machine_password_needs_changing = True; } diff --git a/source/configure.in b/source/configure.in index dabdca87565..f8eba2349f9 100644 --- a/source/configure.in +++ b/source/configure.in @@ -412,6 +412,25 @@ then LIBS="$LIBS -ldmalloc" fi +################################################# +# check for a shared memory profiling support +AC_MSG_CHECKING(whether to use profiling) +AC_ARG_WITH(profiling-data, +[ --with-profiling-data Include gathering source code profile information (default=no)], +[ case "$withval" in + yes) + AC_MSG_RESULT(yes) + AC_DEFINE(WITH_PROFILE,1,[Whether to use profiling]) + samba_cv_WITH_PROFILE=yes + ;; + *) + AC_MSG_RESULT(no) + samba_cv_WITH_PROFILE=no + ;; + esac ], + AC_MSG_RESULT(no) +) + dnl Checks for programs. ## @@ -830,7 +849,6 @@ AC_CHECK_HEADERS(sys/termio.h sys/statfs.h sys/dustat.h sys/statvfs.h stdarg.h s AC_CHECK_HEADERS(sys/sysmacros.h security/_pam_macros.h dlfcn.h) AC_CHECK_HEADERS(sys/syslog.h syslog.h) AC_CHECK_HEADERS(langinfo.h locale.h) -AC_CHECK_HEADERS(sys/dmi.h xfs/dmapi.h sys/jfsdmapi.h sys/dmapi.h) AC_CHECK_HEADERS(rpcsvc/yp_prot.h,,,[[ #if HAVE_RPC_RPC_H @@ -2024,7 +2042,22 @@ if test x"$samba_cv_HAVE_GETTIMEOFDAY_TZ" = x"yes"; then AC_DEFINE(HAVE_GETTIMEOFDAY_TZ,1,[Whether gettimeofday() is available]) fi -AC_LIBTESTFUNC(rt, clock_gettime) +if test x"$samba_cv_WITH_PROFILE" = x"yes"; then + + # On some systems (eg. Linux) librt can pull in libpthread. We + # don't want this to happen because libpthreads changes signal delivery + # semantics in ways we are not prepared for. This breaks Linux oplocks + # which rely on signals. + + AC_LIBTESTFUNC(rt, clock_gettime, + [ + SMB_IS_LIBPTHREAD_LINKED( + [ SMB_REMOVELIB(rt) ], + [ AC_DEFINE(HAVE_CLOCK_GETTIME, 1, + [Whether clock_gettime is available]) ]) + ]) + +fi AC_CACHE_CHECK([for va_copy],samba_cv_HAVE_VA_COPY,[ AC_TRY_LINK([#include <stdarg.h> @@ -2439,29 +2472,7 @@ fi ################################################# # Check for DMAPI interfaces in libdm/libjfsdm/libxsdm -AC_CHECK_LIB(dm, dm_get_eventlist, - [samba_cv_HAVE_LIBDM=yes; samba_dmapi_libs="-ldm"], - [samba_cv_HAVE_LIBDM=no]) - -if test x"$samba_cv_HAVE_LIBDM" = x"yes" ; then - AC_DEFINE(HAVE_LIBDM, 1, [Whether dmapi libdm is available]) -fi - -AC_CHECK_LIB(jfsdm, dm_get_eventlist, - [samba_cv_HAVE_LIBJFSDM=yes; samba_dmapi_libs="-ljfsdm"], - [samba_cv_HAVE_LIBJFSDM=no]) - -if test x"$samba_cv_HAVE_LIBJFSDM" = x"yes" ; then - AC_DEFINE(HAVE_LIBJFSDM, 1, [Whether dmapi libjfsdm is available]) -fi - -AC_CHECK_LIB(xdsm, dm_get_eventlist, - [samba_cv_HAVE_LIBXDSM=yes; samba_dmapi_libs="-lxdsm"], - [samba_cv_HAVE_LIBXDSM=no]) - -if test x"$samba_cv_HAVE_LIBXDSM" = x"yes" ; then - AC_DEFINE(HAVE_LIBXDSM, 1, [Whether dmapi libxdsm is available]) -fi +SMB_CHECK_DMAPI([], AC_MSG_NOTICE(DMAPI support not present) ) AC_CACHE_CHECK([for kernel share modes],samba_cv_HAVE_KERNEL_SHARE_MODES,[ AC_TRY_RUN([ @@ -3976,24 +3987,6 @@ AC_ARG_WITH(syslog, ) ################################################# -# check for a shared memory profiling support -AC_MSG_CHECKING(whether to use profiling) -AC_ARG_WITH(profiling-data, -[ --with-profiling-data Include gathering source code profile information (default=no)], -[ case "$withval" in - yes) - AC_MSG_RESULT(yes) - AC_DEFINE(WITH_PROFILE,1,[Whether to use profiling]) - ;; - *) - AC_MSG_RESULT(no) - ;; - esac ], - AC_MSG_RESULT(no) -) - - -################################################# # check for experimental disk-quotas support samba_cv_WITH_QUOTAS=auto diff --git a/source/dynconfig.c b/source/dynconfig.c index 34c716926cc..3104a12f7cf 100644 --- a/source/dynconfig.c +++ b/source/dynconfig.c @@ -58,15 +58,15 @@ pstring dyn_LMHOSTSFILE = LMHOSTSFILE; * @sa lib_path() to get the path to a file inside the LIBDIR. **/ pstring dyn_LIBDIR = LIBDIR; -const fstring dyn_SHLIBEXT = SHLIBEXT; +fstring dyn_SHLIBEXT = SHLIBEXT; /** * @brief Directory holding lock files. * * Not writable, but used to set a default in the parameter table. **/ -const pstring dyn_LOCKDIR = LOCKDIR; -const pstring dyn_PIDDIR = PIDDIR; +pstring dyn_LOCKDIR = LOCKDIR; +pstring dyn_PIDDIR = PIDDIR; -const pstring dyn_SMB_PASSWD_FILE = SMB_PASSWD_FILE; -const pstring dyn_PRIVATE_DIR = PRIVATE_DIR; +pstring dyn_SMB_PASSWD_FILE = SMB_PASSWD_FILE; +pstring dyn_PRIVATE_DIR = PRIVATE_DIR; diff --git a/source/include/dynconfig.h b/source/include/dynconfig.h index a74d77e41f7..aebc9c941ef 100644 --- a/source/include/dynconfig.h +++ b/source/include/dynconfig.h @@ -31,8 +31,8 @@ extern char const *dyn_SBINDIR, extern pstring dyn_CONFIGFILE; extern pstring dyn_LOGFILEBASE, dyn_LMHOSTSFILE; extern pstring dyn_LIBDIR; -extern const fstring dyn_SHLIBEXT; -extern const pstring dyn_LOCKDIR; -extern const pstring dyn_PIDDIR; -extern const pstring dyn_SMB_PASSWD_FILE; -extern const pstring dyn_PRIVATE_DIR; +extern fstring dyn_SHLIBEXT; +extern pstring dyn_LOCKDIR; +extern pstring dyn_PIDDIR; +extern pstring dyn_SMB_PASSWD_FILE; +extern pstring dyn_PRIVATE_DIR; diff --git a/source/include/popt_common.h b/source/include/popt_common.h index 7c0a86836dc..4c3facb48f9 100644 --- a/source/include/popt_common.h +++ b/source/include/popt_common.h @@ -28,6 +28,7 @@ extern struct poptOption popt_common_samba[]; extern struct poptOption popt_common_connection[]; extern struct poptOption popt_common_version[]; extern struct poptOption popt_common_credentials[]; +extern const struct poptOption popt_common_dynconfig[]; #ifndef POPT_TABLEEND #define POPT_TABLEEND { NULL, '\0', 0, 0, 0, NULL, NULL } @@ -37,6 +38,9 @@ extern struct poptOption popt_common_credentials[]; #define POPT_COMMON_CONNECTION { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_connection, 0, "Connection options:", NULL }, #define POPT_COMMON_VERSION { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_version, 0, "Common samba options:", NULL }, #define POPT_COMMON_CREDENTIALS { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_credentials, 0, "Authentication options:", NULL }, +#define POPT_COMMON_DYNCONFIG { NULL, 0, POPT_ARG_INCLUDE_TABLE, \ + CONST_DISCARD(poptOption *, popt_common_dynconfig), 0, \ + "Build-time configuration overrides:", NULL }, struct user_auth_info { pstring username; diff --git a/source/include/rpc_samr.h b/source/include/rpc_samr.h index 49ea36f364c..910ccee1135 100644 --- a/source/include/rpc_samr.h +++ b/source/include/rpc_samr.h @@ -260,8 +260,9 @@ typedef struct sam_user_info_25 uint32 group_rid; /* Primary Group ID */ uint32 acb_info; /* account info (ACB_xxxx bit-mask) */ + uint32 fields_present; - uint32 unknown_6[6]; + uint32 unknown_5[5]; uint8 pass[532]; diff --git a/source/include/smb.h b/source/include/smb.h index f06c551cc0e..41ffce1a155 100644 --- a/source/include/smb.h +++ b/source/include/smb.h @@ -1541,18 +1541,25 @@ extern int chain_size; /* * Bits we test with. + * Note these must fit into 16-bits. */ - + #define NO_OPLOCK 0 #define EXCLUSIVE_OPLOCK 1 #define BATCH_OPLOCK 2 #define LEVEL_II_OPLOCK 4 + +/* The following are Samba-private. */ #define INTERNAL_OPEN_ONLY 8 #define FAKE_LEVEL_II_OPLOCK 16 /* Client requested no_oplock, but we have to * inform potential level2 holders on * write. */ #define DEFERRED_OPEN_ENTRY 32 #define UNUSED_SHARE_MODE_ENTRY 64 +#define FORCE_OPLOCK_BREAK_TO_NONE 128 + +/* None of the following should ever appear in fsp->oplock_request. */ +#define SAMBA_PRIVATE_OPLOCK_MASK (INTERNAL_OPEN_ONLY|DEFERRED_OPEN_ENTRY|UNUSED_SHARE_MODE_ENTRY|FORCE_OPLOCK_BREAK_TO_NONE) #define EXCLUSIVE_OPLOCK_TYPE(lck) ((lck) & ((unsigned int)EXCLUSIVE_OPLOCK|(unsigned int)BATCH_OPLOCK)) #define BATCH_OPLOCK_TYPE(lck) ((lck) & (unsigned int)BATCH_OPLOCK) diff --git a/source/lib/popt_common.c b/source/lib/popt_common.c index 6c35213d43a..d29e171be08 100644 --- a/source/lib/popt_common.c +++ b/source/lib/popt_common.c @@ -4,6 +4,7 @@ Copyright (C) Tim Potter 2001,2002 Copyright (C) Jelmer Vernooij 2002,2003 + Copyright (C) James Peach 2006 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -39,11 +40,9 @@ extern BOOL override_logfile; struct user_auth_info cmdline_auth_info; -static void popt_common_callback(poptContext con, - enum poptCallbackReason reason, - const struct poptOption *opt, - const char *arg, const void *data) +static void set_logfile(poptContext con, const char * arg) { + pstring logfile; const char *pname; @@ -55,9 +54,18 @@ static void popt_common_callback(poptContext con, else pname++; + pstr_sprintf(logfile, "%s/log.%s", arg, pname); + lp_set_logfile(logfile); +} + +static void popt_common_callback(poptContext con, + enum poptCallbackReason reason, + const struct poptOption *opt, + const char *arg, const void *data) +{ + if (reason == POPT_CALLBACK_REASON_PRE) { - pstr_sprintf(logfile, "%s/log.%s", dyn_LOGFILEBASE, pname); - lp_set_logfile(logfile); + set_logfile(con, dyn_LOGFILEBASE); return; } @@ -94,9 +102,9 @@ static void popt_common_callback(poptContext con, case 'l': if (arg) { - pstr_sprintf(logfile, "%s/log.%s", arg, pname); - lp_set_logfile(logfile); + set_logfile(con, arg); override_logfile = True; + pstr_sprintf(dyn_LOGFILEBASE, "%s", arg); } break; @@ -128,8 +136,8 @@ struct poptOption popt_common_connection[] = { struct poptOption popt_common_samba[] = { { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE, popt_common_callback }, { "debuglevel", 'd', POPT_ARG_STRING, NULL, 'd', "Set debug level", "DEBUGLEVEL" }, - { "configfile", 's', POPT_ARG_STRING, NULL, 's', "Use alternative configuration file", "CONFIGFILE" }, - { "log-basename", 'l', POPT_ARG_STRING, NULL, 'l', "Basename for log/debug files", "LOGFILEBASE" }, + { "configfile", 's', POPT_ARG_STRING, NULL, 's', "Use alternate configuration file", "CONFIGFILE" }, + { "log-basename", 'l', POPT_ARG_STRING, NULL, 'l', "Base name for log files", "LOGFILEBASE" }, { "version", 'V', POPT_ARG_NONE, NULL, 'V', "Print version" }, POPT_TABLEEND }; @@ -141,6 +149,130 @@ struct poptOption popt_common_version[] = { }; +/* Handle command line options: + * --sbindir + * --bindir + * --swatdir + * --lmhostsfile + * --libdir + * --shlibext + * --lockdir + * --piddir + * --smb-passwd-file + * --private-dir + */ + +enum dyn_item{ + DYN_SBINDIR = 1, + DYN_BINDIR, + DYN_SWATDIR, + DYN_LMHOSTSFILE, + DYN_LIBDIR, + DYN_SHLIBEXT, + DYN_LOCKDIR, + DYN_PIDDIR, + DYN_SMB_PASSWD_FILE, + DYN_PRIVATE_DIR, +}; + + +static void popt_dynconfig_callback(poptContext con, + enum poptCallbackReason reason, + const struct poptOption *opt, + const char *arg, const void *data) +{ + + switch (opt->val) { + case DYN_SBINDIR: + if (arg) { + dyn_SBINDIR = SMB_STRDUP(arg); + } + break; + + case DYN_BINDIR: + if (arg) { + dyn_BINDIR = SMB_STRDUP(arg); + } + break; + + case DYN_SWATDIR: + if (arg) { + dyn_SWATDIR = SMB_STRDUP(arg); + } + break; + + case DYN_LMHOSTSFILE: + if (arg) { + pstrcpy(dyn_LMHOSTSFILE, arg); + } + break; + + case DYN_LIBDIR: + if (arg) { + pstrcpy(dyn_LIBDIR, arg); + } + break; + + case DYN_SHLIBEXT: + if (arg) { + fstrcpy(dyn_SHLIBEXT, arg); + } + break; + + case DYN_LOCKDIR: + if (arg) { + pstrcpy(dyn_LOCKDIR, arg); + } + break; + + case DYN_PIDDIR: + if (arg) { + pstrcpy(dyn_PIDDIR, arg); + } + break; + + case DYN_SMB_PASSWD_FILE: + if (arg) { + pstrcpy(dyn_SMB_PASSWD_FILE, arg); + } + break; + + case DYN_PRIVATE_DIR: + if (arg) { + pstrcpy(dyn_PRIVATE_DIR, arg); + } + break; + + } +} + +const struct poptOption popt_common_dynconfig[] = { + + { NULL, '\0', POPT_ARG_CALLBACK, popt_dynconfig_callback }, + + { "sbindir", '\0' , POPT_ARG_STRING, NULL, DYN_SBINDIR, + "Path to sbin directory", "SBINDIR" }, + { "bindir", '\0' , POPT_ARG_STRING, NULL, DYN_BINDIR, + "Path to bin directory", "BINDIR" }, + { "swatdir", '\0' , POPT_ARG_STRING, NULL, DYN_SWATDIR, + "Path to SWAT installation directory", "SWATDIR" }, + { "lmhostsfile", '\0' , POPT_ARG_STRING, NULL, DYN_LMHOSTSFILE, + "Path to lmhosts file", "LMHOSTSFILE" }, + { "libdir", '\0' , POPT_ARG_STRING, NULL, DYN_LIBDIR, + "Path to shared library directory", "LIBDIR" }, + { "shlibext", '\0' , POPT_ARG_STRING, NULL, DYN_SHLIBEXT, + "Shared library extension", "SHLIBEXT" }, + { "lockdir", '\0' , POPT_ARG_STRING, NULL, DYN_LOCKDIR, + "Path to lock file directory", "LOCKDIR" }, + { "piddir", '\0' , POPT_ARG_STRING, NULL, DYN_PIDDIR, + "Path to PID file directory", "PIDDIR" }, + { "smb-passwd-file", '\0' , POPT_ARG_STRING, NULL, DYN_SMB_PASSWD_FILE, + "Path to smbpasswd file", "SMB_PASSWD_FILE" }, + { "private-dir", '\0' , POPT_ARG_STRING, NULL, DYN_PRIVATE_DIR, + "Path to private data directory", "PRIVATE_DIR" }, + + POPT_TABLEEND +}; /**************************************************************************** * get a password from a a file or file descriptor diff --git a/source/lib/replace.c b/source/lib/replace.c index 120fd3a4688..9ef3503d39f 100644 --- a/source/lib/replace.c +++ b/source/lib/replace.c @@ -434,27 +434,3 @@ char *rep_inet_ntoa(struct in_addr ip) } #endif /* HAVE_SYSLOG */ #endif /* HAVE_VSYSLOG */ - - -#ifndef HAVE_TIMEGM -/* - yes, I know this looks insane, but its really needed. The function in the - Linux timegm() manpage does not work on solaris. -*/ - time_t timegm(struct tm *tm) -{ - struct tm tm2, tm3; - time_t t; - - tm2 = *tm; - - t = mktime(&tm2); - tm3 = *localtime(&t); - tm2 = *tm; - tm2.tm_isdst = tm3.tm_isdst; - t = mktime(&tm2); - t -= get_time_zone(t); - - return t; -} -#endif diff --git a/source/lib/smbldap.c b/source/lib/smbldap.c index bca984444d4..dfa6782afef 100644 --- a/source/lib/smbldap.c +++ b/source/lib/smbldap.c @@ -944,6 +944,7 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_ DEBUG(10,("ldap_connect_system: Binding to ldap server %s as \"%s\"\n", ldap_state->uri, ldap_dn)); +#ifdef HAVE_LDAP_SET_REBIND_PROC #if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) # if LDAP_SET_REBIND_PROC_ARGS == 2 ldap_set_rebind_proc(ldap_struct, &rebindproc_connect); @@ -959,6 +960,7 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_ ldap_set_rebind_proc(ldap_struct, &rebindproc_with_state, (void *)ldap_state); # endif #endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ +#endif rc = ldap_simple_bind_s(ldap_struct, ldap_dn, ldap_secret); @@ -1009,7 +1011,11 @@ static int smbldap_open(struct smbldap_state *ldap_state) if ((ldap_state->ldap_struct != NULL) && ((ldap_state->last_ping + SMBLDAP_DONT_PING_TIME) < time(NULL))) { +#ifdef HAVE_UNIXSOCKET struct sockaddr_un addr; +#else + struct sockaddr addr; +#endif socklen_t len = sizeof(addr); int sd; diff --git a/source/lib/time.c b/source/lib/time.c index 749af37cae0..f8a1538910c 100644 --- a/source/lib/time.c +++ b/source/lib/time.c @@ -153,7 +153,6 @@ void get_process_uptime(struct timeval *ret_time) GetTimeOfDay(&time_now_hires); ret_time->tv_sec = time_now_hires.tv_sec - start_time_hires.tv_sec; - ret_time->tv_usec = time_now_hires.tv_usec - start_time_hires.tv_usec; if (time_now_hires.tv_usec < start_time_hires.tv_usec) { ret_time->tv_sec -= 1; ret_time->tv_usec = 1000000 + (time_now_hires.tv_usec - start_time_hires.tv_usec); diff --git a/source/lib/timegm.c b/source/lib/timegm.c new file mode 100644 index 00000000000..0e42a863d3f --- /dev/null +++ b/source/lib/timegm.c @@ -0,0 +1,71 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + adapted for Samba4 by Andrew Tridgell +*/ + +#include "includes.h" + +#ifndef HAVE_TIMEGM + +static int is_leap(unsigned y) +{ + y += 1900; + return (y % 4) == 0 && ((y % 100) != 0 || (y % 400) == 0); +} + +time_t timegm(struct tm *tm) +{ + static const unsigned ndays[2][12] ={ + {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}, + {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}}; + time_t res = 0; + unsigned i; + + for (i = 70; i < tm->tm_year; ++i) + res += is_leap(i) ? 366 : 365; + + for (i = 0; i < tm->tm_mon; ++i) + res += ndays[is_leap(tm->tm_year)][i]; + res += tm->tm_mday - 1; + res *= 24; + res += tm->tm_hour; + res *= 60; + res += tm->tm_min; + res *= 60; + res += tm->tm_sec; + return res; +} + +#endif /* HAVE_TIMEGM */ diff --git a/source/libads/ldap_schema.c b/source/libads/ldap_schema.c index a0c735208fa..13a8ab0cb0b 100644 --- a/source/libads/ldap_schema.c +++ b/source/libads/ldap_schema.c @@ -303,13 +303,14 @@ ADS_STATUS ads_check_posix_schema_mapping(ADS_STRUCT *ads, enum wb_posix_mapping } } - talloc_destroy(ctx); - - ADS_ERROR_HAVE_NO_MEMORY(ads->schema.posix_uidnumber_attr); - ADS_ERROR_HAVE_NO_MEMORY(ads->schema.posix_gidnumber_attr); - ADS_ERROR_HAVE_NO_MEMORY(ads->schema.posix_homedir_attr); - ADS_ERROR_HAVE_NO_MEMORY(ads->schema.posix_shell_attr); - ADS_ERROR_HAVE_NO_MEMORY(ads->schema.posix_gecos_attr); + if (!ads->schema.posix_uidnumber_attr || + !ads->schema.posix_gidnumber_attr || + !ads->schema.posix_homedir_attr || + !ads->schema.posix_shell_attr || + !ads->schema.posix_gecos_attr) { + status = ADS_ERROR(LDAP_NO_MEMORY); + goto done; + } status = ADS_ERROR(LDAP_SUCCESS); diff --git a/source/libsmb/clilist.c b/source/libsmb/clilist.c index 1bd30c36e3c..9ab05d2b4af 100644 --- a/source/libsmb/clilist.c +++ b/source/libsmb/clilist.c @@ -330,7 +330,7 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute, } } - if (ff_lastname > 0) { + if (ff_searchcount > 0) { pstrcpy(mask, finfo.name); } else { pstrcpy(mask,""); diff --git a/source/locking/locking.c b/source/locking/locking.c index a532a90d0d4..b536844319a 100644 --- a/source/locking/locking.c +++ b/source/locking/locking.c @@ -1116,7 +1116,7 @@ BOOL downgrade_share_oplock(struct share_mode_lock *lck, files_struct *fsp) /**************************************************************************** Deal with the internal needs of setting the delete on close flag. Note that as the tdb locking is recursive, it is safe to call this from within - open_file_shared. JRA. + open_file_ntcreate. JRA. ****************************************************************************/ NTSTATUS can_set_delete_on_close(files_struct *fsp, BOOL delete_on_close, diff --git a/source/modules/vfs_full_audit.c b/source/modules/vfs_full_audit.c index 309f6d15ae7..b9ffd6fc05f 100644 --- a/source/modules/vfs_full_audit.c +++ b/source/modules/vfs_full_audit.c @@ -60,8 +60,6 @@ #include "includes.h" -extern struct current_user current_user; - static int vfs_full_audit_debug_level = DBGC_VFS; struct vfs_full_audit_private_data { diff --git a/source/modules/vfs_recycle.c b/source/modules/vfs_recycle.c index 7b2b15171e4..42f2f51416e 100644 --- a/source/modules/vfs_recycle.c +++ b/source/modules/vfs_recycle.c @@ -181,6 +181,23 @@ static mode_t recycle_directory_mode(vfs_handle_struct *handle) return (mode_t)dirmode; } +static mode_t recycle_subdir_mode(vfs_handle_struct *handle) +{ + int dirmode; + const char *buff; + + buff = lp_parm_const_string(SNUM(handle->conn), "recycle", "subdir_mode", NULL); + + if (buff != NULL ) { + sscanf(buff, "%o", &dirmode); + } else { + dirmode=recycle_directory_mode(handle); + } + + DEBUG(10, ("recycle: subdir_mode = %o\n", dirmode)); + return (mode_t)dirmode; +} + static BOOL recycle_directory_exist(vfs_handle_struct *handle, const char *dname) { SMB_STRUCT_STAT st; @@ -270,6 +287,7 @@ static BOOL recycle_create_dir(vfs_handle_struct *handle, const char *dname) } } safe_strcat(new_dir, "/", len); + mode = recycle_subdir_mode(handle); } ret = True; diff --git a/source/nmbd/nmbd_responserecordsdb.c b/source/nmbd/nmbd_responserecordsdb.c index 6f22fd906de..367c1f4427f 100644 --- a/source/nmbd/nmbd_responserecordsdb.c +++ b/source/nmbd/nmbd_responserecordsdb.c @@ -214,7 +214,7 @@ never happen !\n", remote_broadcast_subnet->subnet_name)); return rrec; } - DEBUG(0,("find_response_record: response packet id %hu received with no \ + DEBUG(3,("find_response_record: response packet id %hu received with no \ matching record.\n", id)); *ppsubrec = NULL; diff --git a/source/nsswitch/pam_winbind.c b/source/nsswitch/pam_winbind.c index 43ac83a99a8..8110a02a685 100644 --- a/source/nsswitch/pam_winbind.c +++ b/source/nsswitch/pam_winbind.c @@ -48,7 +48,7 @@ static int _pam_parse(int argc, const char **argv, dictionary **d) int ctrl = 0; const char *config_file = NULL; - if (d == NULL || *d == NULL) { + if (d == NULL) { goto config_from_pam; } diff --git a/source/nsswitch/wbinfo.c b/source/nsswitch/wbinfo.c index c004b842f4f..69d7a1069f9 100644 --- a/source/nsswitch/wbinfo.c +++ b/source/nsswitch/wbinfo.c @@ -332,6 +332,14 @@ static BOOL wbinfo_list_domains(BOOL list_all_domains) return True; } +/* List own domain */ + +static BOOL wbinfo_list_own_domain(void) +{ + d_printf("%s\n", get_winbind_domain()); + + return True; +} /* show sequence numbers */ static BOOL wbinfo_show_sequence(const char *domain) @@ -1080,7 +1088,8 @@ enum { OPT_ALLOCATE_UID, OPT_ALLOCATE_GID, OPT_SEPARATOR, - OPT_LIST_ALL_DOMAINS + OPT_LIST_ALL_DOMAINS, + OPT_LIST_OWN_DOMAIN }; int main(int argc, char **argv) @@ -1116,6 +1125,7 @@ int main(int argc, char **argv) { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" }, { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" }, { "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" }, + { "own-domain", 0, POPT_ARG_NONE, 0, OPT_LIST_OWN_DOMAIN, "List own domain" }, { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "Show sequence numbers of all domains" }, { "domain-info", 'D', POPT_ARG_STRING, &string_arg, 'D', "Show most of the info we have about the domain" }, { "user-info", 'i', POPT_ARG_STRING, &string_arg, 'i', "Get user info", "USER" }, @@ -1396,6 +1406,12 @@ int main(int argc, char **argv) if (!wbinfo_list_domains(True)) { goto done; } + break; + case OPT_LIST_OWN_DOMAIN: + if (!wbinfo_list_own_domain()) { + goto done; + } + break; /* generic configuration options */ case OPT_DOMAIN_NAME: break; diff --git a/source/nsswitch/winbindd_ads.c b/source/nsswitch/winbindd_ads.c index 8259fd7cd36..f777b2ae18b 100644 --- a/source/nsswitch/winbindd_ads.c +++ b/source/nsswitch/winbindd_ads.c @@ -1042,7 +1042,7 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, struct ds_domain_trust *domains = NULL; int count = 0; int i; - uint32 flags = DS_DOMAIN_DIRECT_OUTBOUND; + uint32 flags = DS_DOMAIN_IN_FOREST | DS_DOMAIN_DIRECT_OUTBOUND; struct rpc_pipe_client *cli; DEBUG(3,("ads: trusted_domains\n")); diff --git a/source/nsswitch/winbindd_cm.c b/source/nsswitch/winbindd_cm.c index c9e970c13cd..b24ed842de3 100644 --- a/source/nsswitch/winbindd_cm.c +++ b/source/nsswitch/winbindd_cm.c @@ -177,7 +177,6 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, char *ipc_username, *ipc_domain, *ipc_password; BOOL got_mutex; - BOOL add_failed_connection = True; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; @@ -233,6 +232,7 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, (peeraddr_in->sin_family != PF_INET)) { DEBUG(0,("cm_prepare_connection: %s\n", strerror(errno))); + result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -246,6 +246,7 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, if (!cli_session_request(*cli, &calling, &called)) { DEBUG(8, ("cli_session_request failed for %s\n", controller)); + result = NT_STATUS_UNSUCCESSFUL; goto done; } } @@ -254,10 +255,9 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, if (!cli_negprot(*cli)) { DEBUG(1, ("cli_negprot failed\n")); - cli_shutdown(*cli); + result = NT_STATUS_UNSUCCESSFUL; goto done; } - if ((*cli)->protocol >= PROTOCOL_NT1 && (*cli)->capabilities & CAP_EXTENDED_SECURITY) { ADS_STATUS ads_status; @@ -371,8 +371,6 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, if (NT_STATUS_IS_OK(result)) result = NT_STATUS_UNSUCCESSFUL; - cli_shutdown(*cli); - *cli = NULL; goto done; } @@ -386,7 +384,6 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, } result = NT_STATUS_OK; - add_failed_connection = False; done: if (got_mutex) { @@ -400,8 +397,12 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, SAFE_FREE(ipc_domain); SAFE_FREE(ipc_password); - if (add_failed_connection) { + if (!NT_STATUS_IS_OK(result)) { add_failed_connection_entry(domain->name, controller, result); + if ((*cli) != NULL) { + cli_shutdown(*cli); + *cli = NULL; + } } return result; @@ -579,7 +580,7 @@ static BOOL receive_getdc_response(struct in_addr dc_ip, convert an ip to a name *******************************************************************/ -static void dcip_to_name( const char *domainname, const char *realm, +static BOOL dcip_to_name( const char *domainname, const char *realm, const DOM_SID *sid, struct in_addr ip, fstring name ) { struct ip_service ip_list; @@ -595,7 +596,7 @@ static void dcip_to_name( const char *domainname, const char *realm, for (i=0; i<5; i++) { if (receive_getdc_response(ip, domainname, name)) { namecache_store(name, 0x20, 1, &ip_list); - return; + return True; } smb_msleep(500); } @@ -605,13 +606,9 @@ static void dcip_to_name( const char *domainname, const char *realm, if ( name_status_find(domainname, 0x1c, 0x20, ip, name) ) { namecache_store(name, 0x20, 1, &ip_list); - return; + return True; } - /* backup in case the netbios stuff fails */ - - fstrcpy( name, inet_ntoa(ip) ); - #ifdef WITH_ADS /* for active directory servers, try to get the ldap server name. None of these failure should be considered critical for now */ @@ -625,17 +622,18 @@ static void dcip_to_name( const char *domainname, const char *realm, if ( !ads_try_connect( ads, inet_ntoa(ip) ) ) { ads_destroy( &ads ); - return; + return False; } fstrcpy(name, ads->config.ldap_server_name); namecache_store(name, 0x20, 1, &ip_list); ads_destroy( &ads ); + return True; } #endif - return; + return False; } /******************************************************************* @@ -705,6 +703,7 @@ static BOOL find_new_dc(TALLOC_CTX *mem_ctx, int i, fd_index; + again: if (!get_dcs(mem_ctx, domain, &dcs, &num_dcs) || (num_dcs == 0)) return False; @@ -735,15 +734,22 @@ static BOOL find_new_dc(TALLOC_CTX *mem_ctx, *addr = addrs[fd_index]; - /* if we have no name on the server or just an IP address for - the name, now try to get the name */ - - if ( is_ipaddress(dcnames[fd_index]) || *dcnames[fd_index] == '\0' ) - dcip_to_name( domain->name, domain->alt_name, &domain->sid, addr->sin_addr, dcname ); - else + if (*dcnames[fd_index] != '\0' && !is_ipaddress(dcnames[fd_index])) { + /* Ok, we've got a name for the DC */ fstrcpy(dcname, dcnames[fd_index]); + return True; + } - return True; + /* Try to figure out the name */ + if (dcip_to_name( domain->name, domain->alt_name, &domain->sid, + addr->sin_addr, dcname )) { + return True; + } + + /* We can not continue without the DC's name */ + add_failed_connection_entry(domain->name, dcs[fd_index].name, + NT_STATUS_UNSUCCESSFUL); + goto again; } static NTSTATUS cm_open_connection(struct winbindd_domain *domain, @@ -769,8 +775,14 @@ static NTSTATUS cm_open_connection(struct winbindd_domain *domain, struct in_addr ip; ip = *interpret_addr2( saf_servername ); - dcip_to_name( domain->name, domain->alt_name, &domain->sid, ip, saf_name ); - fstrcpy( domain->dcname, saf_name ); + if (dcip_to_name( domain->name, domain->alt_name, + &domain->sid, ip, saf_name )) { + fstrcpy( domain->dcname, saf_name ); + } else { + add_failed_connection_entry( + domain->name, saf_name, + NT_STATUS_UNSUCCESSFUL); + } } else { diff --git a/source/nsswitch/winbindd_pam.c b/source/nsswitch/winbindd_pam.c index b02ba8e36ca..3ae7692c127 100644 --- a/source/nsswitch/winbindd_pam.c +++ b/source/nsswitch/winbindd_pam.c @@ -512,7 +512,7 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain, } strlower_m(client_princ); - local_service = talloc_asprintf(state->mem_ctx, "HOST/%s@%s", client_princ, lp_realm()); + local_service = talloc_asprintf(state->mem_ctx, "%s$@%s", client_princ, lp_realm()); if (local_service == NULL) { DEBUG(0,("winbindd_raw_kerberos_login: out of memory\n")); result = NT_STATUS_NO_MEMORY; @@ -552,9 +552,6 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain, goto failed; } - DEBUG(10,("winbindd_raw_kerberos_login: winbindd validated ticket of %s\n", - local_service)); - if (!pac_data) { DEBUG(3,("winbindd_raw_kerberos_login: no pac data\n")); result = NT_STATUS_INVALID_PARAMETER; @@ -568,6 +565,9 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain, goto failed; } + DEBUG(10,("winbindd_raw_kerberos_login: winbindd validated ticket of %s\n", + local_service)); + /* last step: * put results together */ diff --git a/source/nsswitch/winbindd_passdb.c b/source/nsswitch/winbindd_passdb.c index 2aaed1acefb..b949ea08085 100644 --- a/source/nsswitch/winbindd_passdb.c +++ b/source/nsswitch/winbindd_passdb.c @@ -443,8 +443,47 @@ static NTSTATUS password_policy(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, SAM_UNK_INFO_1 *policy) { - /* actually we have that */ - return NT_STATUS_NOT_IMPLEMENTED; + uint32 min_pass_len,pass_hist,password_properties; + time_t u_expire, u_min_age; + NTTIME nt_expire, nt_min_age; + uint32 account_policy_temp; + + if ((policy = TALLOC_ZERO_P(mem_ctx, SAM_UNK_INFO_1)) == NULL) { + return NT_STATUS_NO_MEMORY; + } + + if (!pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &account_policy_temp)) { + return NT_STATUS_ACCESS_DENIED; + } + min_pass_len = account_policy_temp; + + if (!pdb_get_account_policy(AP_PASSWORD_HISTORY, &account_policy_temp)) { + return NT_STATUS_ACCESS_DENIED; + } + pass_hist = account_policy_temp; + + if (!pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, &account_policy_temp)) { + return NT_STATUS_ACCESS_DENIED; + } + password_properties = account_policy_temp; + + if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp)) { + return NT_STATUS_ACCESS_DENIED; + } + u_expire = account_policy_temp; + + if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp)) { + return NT_STATUS_ACCESS_DENIED; + } + u_min_age = account_policy_temp; + + unix_to_nt_time_abs(&nt_expire, u_expire); + unix_to_nt_time_abs(&nt_min_age, u_min_age); + + init_unk_info1(policy, (uint16)min_pass_len, (uint16)pass_hist, + password_properties, nt_expire, nt_min_age); + + return NT_STATUS_OK; } /* get a list of trusted domains */ diff --git a/source/nsswitch/winbindd_util.c b/source/nsswitch/winbindd_util.c index 5caf48942b0..928e78a05fe 100644 --- a/source/nsswitch/winbindd_util.c +++ b/source/nsswitch/winbindd_util.c @@ -162,7 +162,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const domain->sequence_number = DOM_SEQUENCE_NONE; domain->last_seq_check = 0; domain->initialized = False; - domain->online = False; + domain->online = is_internal_domain(sid); if (sid) { sid_copy(&domain->sid, sid); } diff --git a/source/param/loadparm.c b/source/param/loadparm.c index fadd4d0ee3f..2ef1c4df2fe 100644 --- a/source/param/loadparm.c +++ b/source/param/loadparm.c @@ -234,7 +234,7 @@ typedef struct { int ldap_ssl; char *szLdapSuffix; char *szLdapAdminDn; - char *szAclCompat; + int iAclCompat; char *szCupsServer; char *szIPrintServer; int ldap_passwd_sync; @@ -967,7 +967,7 @@ static struct parm_struct parm_table[] = { {"disable netbios", P_BOOL, P_GLOBAL, &Globals.bDisableNetbios, NULL, NULL, FLAG_ADVANCED}, {"reset on zero vc", P_BOOL, P_GLOBAL, &Globals.bResetOnZeroVC, NULL, NULL, FLAG_ADVANCED}, - {"acl compatibility", P_STRING, P_GLOBAL, &Globals.szAclCompat, NULL, enum_acl_compat_vals, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL}, + {"acl compatibility", P_ENUM, P_GLOBAL, &Globals.iAclCompat, NULL, enum_acl_compat_vals, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL}, {"defer sharing violations", P_BOOL, P_GLOBAL, &Globals.bDeferSharingViolations, NULL, NULL, FLAG_ADVANCED | FLAG_GLOBAL}, {"ea support", P_BOOL, P_LOCAL, &sDefault.bEASupport, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL}, {"nt acl support", P_BOOL, P_LOCAL, &sDefault.bNTAclSupport, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL}, @@ -1611,7 +1611,6 @@ static void init_globals(BOOL first_time_only) string_set(&Globals.szTemplateShell, "/bin/false"); string_set(&Globals.szTemplateHomedir, "/home/%D/%U"); string_set(&Globals.szWinbindSeparator, "\\"); - string_set(&Globals.szAclCompat, ""); string_set(&Globals.szCupsServer, ""); string_set(&Globals.szIPrintServer, ""); @@ -1822,7 +1821,7 @@ FN_GLOBAL_STRING(lp_wins_hook, &Globals.szWINSHook) FN_GLOBAL_CONST_STRING(lp_template_homedir, &Globals.szTemplateHomedir) FN_GLOBAL_CONST_STRING(lp_template_shell, &Globals.szTemplateShell) FN_GLOBAL_CONST_STRING(lp_winbind_separator, &Globals.szWinbindSeparator) -FN_GLOBAL_INTEGER(lp_acl_compatibility, &Globals.szAclCompat) +FN_GLOBAL_INTEGER(lp_acl_compatibility, &Globals.iAclCompat) FN_GLOBAL_BOOL(lp_winbind_enum_users, &Globals.bWinbindEnumUsers) FN_GLOBAL_BOOL(lp_winbind_enum_groups, &Globals.bWinbindEnumGroups) FN_GLOBAL_BOOL(lp_winbind_use_default_domain, &Globals.bWinbindUseDefaultDomain) diff --git a/source/passdb/lookup_sid.c b/source/passdb/lookup_sid.c index 751fa597c04..8a28f75ec85 100644 --- a/source/passdb/lookup_sid.c +++ b/source/passdb/lookup_sid.c @@ -43,6 +43,7 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, DOM_SID sid; enum SID_NAME_USE type; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + struct group *grp; if (tmp_ctx == NULL) { DEBUG(0, ("talloc_new failed\n")); @@ -128,8 +129,27 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, * the expansion of group names coming in from smb.conf */ - if (flags & LOOKUP_NAME_GROUP) { - struct group *grp; + if ((flags & LOOKUP_NAME_GROUP) && ((grp = getgrnam(name)) != NULL)) { + + GROUP_MAP map; + + if (pdb_getgrgid(&map, grp->gr_gid)) { + /* The hack gets worse. Handle the case where we have + * 'force group = +unixgroup' but "unixgroup" has a + * group mapping */ + + if (sid_check_is_in_builtin(&map.sid)) { + domain = talloc_strdup( + tmp_ctx, builtin_domain_name()); + } else { + domain = talloc_strdup( + tmp_ctx, get_global_sam_name()); + } + + sid_copy(&sid, &map.sid); + type = map.sid_name_use; + goto ok; + } /* If we are using the smbpasswd backend, we need to use the * algorithmic mapping for the unix group we find. This is @@ -137,7 +157,7 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, * gid list we got from initgroups() we use gid_to_sid() that * uses algorithmic mapping if pdb_rid_algorithm() is true. */ - if (pdb_rid_algorithm() && ((grp = getgrnam(name)) != NULL) && + if (pdb_rid_algorithm() && (grp->gr_gid < max_algorithmic_gid())) { domain = talloc_strdup(tmp_ctx, get_global_sam_name()); sid_compose(&sid, get_global_sam_sid(), @@ -1013,6 +1033,10 @@ void store_gid_sid_cache(const DOM_SID *psid, gid_t gid) pc->gid = gid; sid_copy(&pc->sid, psid); DLIST_ADD(gid_sid_cache_head, pc); + + DEBUG(3,("store_gid_sid_cache: gid %u in cache -> %s\n", (unsigned int)gid, + sid_string_static(psid))); + n_gid_sid_cache++; } diff --git a/source/passdb/passdb.c b/source/passdb/passdb.c index 60f360bde9b..43171df8b07 100644 --- a/source/passdb/passdb.c +++ b/source/passdb/passdb.c @@ -1017,6 +1017,7 @@ BOOL init_sam_from_buffer_v3(struct samu *sampass, uint8 *buf, uint32 buflen) } pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET); + pdb_set_group_sid_from_rid(sampass, group_rid, PDB_SET); pdb_set_hours_len(sampass, hours_len, PDB_SET); pdb_set_bad_password_count(sampass, bad_password_count, PDB_SET); pdb_set_logon_count(sampass, logon_count, PDB_SET); diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c index 70d9e6024c8..fbc6378f685 100644 --- a/source/passdb/pdb_ldap.c +++ b/source/passdb/pdb_ldap.c @@ -4439,7 +4439,7 @@ static NTSTATUS ldapsam_get_new_rid(struct ldapsam_privates *priv, return status; } -static BOOL ldapsam_new_rid(struct pdb_methods *methods, uint32 *rid) +static NTSTATUS ldapsam_new_rid_internal(struct pdb_methods *methods, uint32 *rid) { int i; @@ -4447,18 +4447,24 @@ static BOOL ldapsam_new_rid(struct pdb_methods *methods, uint32 *rid) NTSTATUS result = ldapsam_get_new_rid(methods->private_data, rid); if (NT_STATUS_IS_OK(result)) { - return True; + return result; } if (!NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED)) { - return False; + return result; } /* The ldap update failed (maybe a race condition), retry */ } /* Tried 10 times, fail. */ - return False; + return NT_STATUS_ACCESS_DENIED; +} + +static BOOL ldapsam_new_rid(struct pdb_methods *methods, uint32 *rid) +{ + NTSTATUS result = ldapsam_new_rid_internal(methods, rid); + return NT_STATUS_IS_OK(result) ? True : False; } static BOOL ldapsam_sid_to_id(struct pdb_methods *methods, @@ -4645,7 +4651,7 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods, } /* Create the basic samu structure and generate the mods for the ldap commit */ - if (!NT_STATUS_IS_OK((ret = ldapsam_get_new_rid(ldap_state, rid)))) { + if (!NT_STATUS_IS_OK((ret = ldapsam_new_rid_internal(my_methods, rid)))) { DEBUG(1, ("ldapsam_create_user: Could not allocate a new RID\n")); return ret; } @@ -4934,7 +4940,7 @@ static NTSTATUS ldapsam_create_dom_group(struct pdb_methods *my_methods, smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr); } - if (!NT_STATUS_IS_OK((ret = ldapsam_get_new_rid(ldap_state, rid)))) { + if (!NT_STATUS_IS_OK((ret = ldapsam_new_rid_internal(my_methods, rid)))) { DEBUG(1, ("ldapsam_create_group: Could not allocate a new RID\n")); return ret; } diff --git a/source/passdb/pdb_tdb.c b/source/passdb/pdb_tdb.c index ba8124d3923..0dc46bec2d0 100644 --- a/source/passdb/pdb_tdb.c +++ b/source/passdb/pdb_tdb.c @@ -217,6 +217,7 @@ static BOOL init_sam_from_buffer_v0(struct samu *sampass, uint8 *buf, uint32 buf pdb_set_pw_history(sampass, NULL, 0, PDB_SET); pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET); + pdb_set_group_sid_from_rid(sampass, group_rid, PDB_SET); pdb_set_hours_len(sampass, hours_len, PDB_SET); pdb_set_bad_password_count(sampass, bad_password_count, PDB_SET); pdb_set_logon_count(sampass, logon_count, PDB_SET); @@ -404,6 +405,7 @@ static BOOL init_sam_from_buffer_v1(struct samu *sampass, uint8 *buf, uint32 buf pdb_set_pw_history(sampass, NULL, 0, PDB_SET); pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET); + pdb_set_group_sid_from_rid(sampass, group_rid, PDB_SET); pdb_set_hours_len(sampass, hours_len, PDB_SET); pdb_set_bad_password_count(sampass, bad_password_count, PDB_SET); pdb_set_logon_count(sampass, logon_count, PDB_SET); diff --git a/source/passdb/secrets.c b/source/passdb/secrets.c index 32793dea586..ee7c441fcfc 100644 --- a/source/passdb/secrets.c +++ b/source/passdb/secrets.c @@ -310,7 +310,7 @@ BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16], /* Test if machine password has expired and needs to be changed */ if (lp_machine_password_timeout()) { if (pass->mod_time > 0 && time(NULL) > (pass->mod_time + - lp_machine_password_timeout())) { + (time_t)lp_machine_password_timeout())) { global_machine_password_needs_changing = True; } } @@ -404,7 +404,7 @@ BOOL secrets_store_trusted_domain_password(const char* domain, const char* pwd, struct trusted_dom_pass pass; ZERO_STRUCT(pass); - if (push_ucs2_allocate(&uni_dom_name, domain) < 0) { + if (push_ucs2_allocate(&uni_dom_name, domain) == (size_t)-1) { DEBUG(0, ("Could not convert domain name %s to unicode\n", domain)); return False; @@ -735,7 +735,7 @@ NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains, } if (pull_ucs2_talloc(mem_ctx, &dom_info->name, - pass.uni_name) < 0) { + pass.uni_name) == (size_t)-1) { DEBUG(2, ("pull_ucs2_talloc failed\n")); tdb_search_list_free(keys); return NT_STATUS_NO_MEMORY; diff --git a/source/rpc_parse/parse_lsa.c b/source/rpc_parse/parse_lsa.c index ffc0f04332d..12f18d319b4 100644 --- a/source/rpc_parse/parse_lsa.c +++ b/source/rpc_parse/parse_lsa.c @@ -595,7 +595,7 @@ void init_r_enum_trust_dom(TALLOC_CTX *ctx, LSA_R_ENUM_TRUST_DOM *out, init_dom_sid2(out->domlist->domains[i].sid, &(td[i])->sid); - if (push_ucs2_talloc(ctx, &name, (td[i])->name) < 0){ + if (push_ucs2_talloc(ctx, &name, (td[i])->name) == (size_t)-1){ out->status = NT_STATUS_NO_MEMORY; return; } diff --git a/source/rpc_parse/parse_samr.c b/source/rpc_parse/parse_samr.c index 027d5fba857..d661b225e06 100644 --- a/source/rpc_parse/parse_samr.c +++ b/source/rpc_parse/parse_samr.c @@ -6041,8 +6041,10 @@ static BOOL sam_io_user_info25(const char *desc, SAM_USER_INFO_25 * usr, prs_str return False; if(!prs_uint32("acb_info ", ps, depth, &usr->acb_info)) return False; + if(!prs_uint32("fields_present ", ps, depth, &usr->fields_present)) + return False; - if(!prs_uint32s(False, "unknown_6 ", ps, depth, usr->unknown_6, 6)) + if(!prs_uint32s(False, "unknown_5 ", ps, depth, usr->unknown_5, 5)) return False; if(!prs_uint8s(False, "password ", ps, depth, usr->pass, sizeof(usr->pass))) diff --git a/source/rpc_server/srv_netlog_nt.c b/source/rpc_server/srv_netlog_nt.c index 1a7ab4ef533..d512115e832 100644 --- a/source/rpc_server/srv_netlog_nt.c +++ b/source/rpc_server/srv_netlog_nt.c @@ -510,7 +510,6 @@ NTSTATUS _net_auth_2(pipes_struct *p, NET_Q_AUTH_2 *q_u, NET_R_AUTH_2 *r_u) NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_u) { - NTSTATUS status = NT_STATUS_ACCESS_DENIED; fstring remote_machine; struct samu *sampass=NULL; BOOL ret = False; @@ -632,7 +631,7 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET * } /* set up the LSA Server Password Set response */ - init_net_r_srv_pwset(r_u, &cred_out, status); + init_net_r_srv_pwset(r_u, &cred_out, r_u->status); TALLOC_FREE(sampass); return r_u->status; diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c index c9e6b552c8d..5e82ecd0cae 100644 --- a/source/rpc_server/srv_samr_nt.c +++ b/source/rpc_server/srv_samr_nt.c @@ -2463,6 +2463,8 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, return NT_STATUS_NO_MEMORY; } + strlower_m(account); + nt_status = can_create(p->mem_ctx, account); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; @@ -3299,6 +3301,52 @@ static BOOL set_user_info_pw(uint8 *pass, struct samu *pwd) } /******************************************************************* + set_user_info_25 + ********************************************************************/ + +static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx, SAM_USER_INFO_25 *id25, + struct samu *pwd) +{ + NTSTATUS status; + + if (id25 == NULL) { + DEBUG(5, ("set_user_info_25: NULL id25\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + copy_id25_to_sam_passwd(pwd, id25); + + /* + * The funny part about the previous two calls is + * that pwd still has the password hashes from the + * passdb entry. These have not been updated from + * id21. I don't know if they need to be set. --jerry + */ + + if ( IS_SAM_CHANGED(pwd, PDB_GROUPSID) ) { + status = pdb_set_unix_primary_group(mem_ctx, pwd); + if ( !NT_STATUS_IS_OK(status) ) { + return status; + } + } + + /* Don't worry about writing out the user account since the + primary group SID is generated solely from the user's Unix + primary group. */ + + /* write the change out */ + if(!NT_STATUS_IS_OK(status = pdb_update_sam_account(pwd))) { + TALLOC_FREE(pwd); + return status; + } + + /* WARNING: No TALLOC_FREE(pwd), we are about to set the password + * hereafter! */ + + return NT_STATUS_OK; +} + +/******************************************************************* samr_reply_set_userinfo ********************************************************************/ @@ -3401,6 +3449,11 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE dump_data(100, (char *)ctr->info.id25->pass, 532); + r_u->status = set_user_info_25(p->mem_ctx, + ctr->info.id25, pwd); + if (!NT_STATUS_IS_OK(r_u->status)) { + goto done; + } if (!set_user_info_pw(ctr->info.id25->pass, pwd)) r_u->status = NT_STATUS_ACCESS_DENIED; break; @@ -3433,6 +3486,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE r_u->status = NT_STATUS_INVALID_INFO_CLASS; } + done: if ( has_enough_rights ) unbecome_root(); diff --git a/source/rpc_server/srv_samr_util.c b/source/rpc_server/srv_samr_util.c index 03a726dd926..2b65eb210fd 100644 --- a/source/rpc_server/srv_samr_util.c +++ b/source/rpc_server/srv_samr_util.c @@ -549,3 +549,192 @@ void copy_id23_to_sam_passwd(struct samu *to, SAM_USER_INFO_23 *from) DEBUG(10,("INFO_23 PADDING_2: %02X\n",from->padding2)); } + +/************************************************************* + Copies a SAM_USER_INFO_25 to a struct samu +**************************************************************/ + +void copy_id25_to_sam_passwd(struct samu *to, SAM_USER_INFO_25 *from) +{ + time_t unix_time, stored_time; + const char *old_string, *new_string; + DATA_BLOB mung; + + if (from == NULL || to == NULL) + return; + + if (from->fields_present & ACCT_LAST_LOGON) { + unix_time=nt_time_to_unix(&from->logon_time); + stored_time = pdb_get_logon_time(to); + DEBUG(10,("INFO_25 LOGON_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); + if (stored_time != unix_time) + pdb_set_logon_time(to, unix_time, PDB_CHANGED); + } + + if (from->fields_present & ACCT_LAST_LOGOFF) { + unix_time=nt_time_to_unix(&from->logoff_time); + stored_time = pdb_get_logoff_time(to); + DEBUG(10,("INFO_25 LOGOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); + if (stored_time != unix_time) + pdb_set_logoff_time(to, unix_time, PDB_CHANGED); + } + + if (from->fields_present & ACCT_EXPIRY) { + unix_time=nt_time_to_unix(&from->kickoff_time); + stored_time = pdb_get_kickoff_time(to); + DEBUG(10,("INFO_25 KICKOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); + if (stored_time != unix_time) + pdb_set_kickoff_time(to, unix_time , PDB_CHANGED); + } + + if (from->fields_present & ACCT_ALLOW_PWD_CHANGE) { + unix_time=nt_time_to_unix(&from->pass_can_change_time); + stored_time = pdb_get_pass_can_change_time(to); + DEBUG(10,("INFO_25 PASS_CAN_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); + if (stored_time != unix_time) + pdb_set_pass_can_change_time(to, unix_time, PDB_CHANGED); + } + + if (from->fields_present & ACCT_LAST_PWD_CHANGE) { + unix_time=nt_time_to_unix(&from->pass_last_set_time); + stored_time = pdb_get_pass_last_set_time(to); + DEBUG(10,("INFO_25 PASS_LAST_SET: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); + if (stored_time != unix_time) + pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED); + } + + if (from->fields_present & ACCT_FORCE_PWD_CHANGE) { + unix_time=nt_time_to_unix(&from->pass_must_change_time); + stored_time=pdb_get_pass_must_change_time(to); + DEBUG(10,("INFO_25 PASS_MUST_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); + if (stored_time != unix_time) + pdb_set_pass_must_change_time(to, unix_time, PDB_CHANGED); + } + + if ((from->fields_present & ACCT_USERNAME) && + (from->hdr_user_name.buffer)) { + old_string = pdb_get_username(to); + new_string = unistr2_static(&from->uni_user_name); + DEBUG(10,("INFO_25 UNI_USER_NAME: %s -> %s\n", old_string, new_string)); + if (STRING_CHANGED) + pdb_set_username(to , new_string, PDB_CHANGED); + } + + if ((from->fields_present & ACCT_FULL_NAME) && + (from->hdr_full_name.buffer)) { + old_string = pdb_get_fullname(to); + new_string = unistr2_static(&from->uni_full_name); + DEBUG(10,("INFO_25 UNI_FULL_NAME: %s -> %s\n",old_string, new_string)); + if (STRING_CHANGED) + pdb_set_fullname(to , new_string, PDB_CHANGED); + } + + if ((from->fields_present & ACCT_HOME_DIR) && + (from->hdr_home_dir.buffer)) { + old_string = pdb_get_homedir(to); + new_string = unistr2_static(&from->uni_home_dir); + DEBUG(10,("INFO_25 UNI_HOME_DIR: %s -> %s\n",old_string,new_string)); + if (STRING_CHANGED) + pdb_set_homedir(to , new_string, PDB_CHANGED); + } + + if ((from->fields_present & ACCT_HOME_DRIVE) && + (from->hdr_dir_drive.buffer)) { + old_string = pdb_get_dir_drive(to); + new_string = unistr2_static(&from->uni_dir_drive); + DEBUG(10,("INFO_25 UNI_DIR_DRIVE: %s -> %s\n",old_string,new_string)); + if (STRING_CHANGED) + pdb_set_dir_drive(to , new_string, PDB_CHANGED); + } + + if ((from->fields_present & ACCT_LOGON_SCRIPT) && + (from->hdr_logon_script.buffer)) { + old_string = pdb_get_logon_script(to); + new_string = unistr2_static(&from->uni_logon_script); + DEBUG(10,("INFO_25 UNI_LOGON_SCRIPT: %s -> %s\n",old_string,new_string)); + if (STRING_CHANGED) + pdb_set_logon_script(to , new_string, PDB_CHANGED); + } + + if ((from->fields_present & ACCT_PROFILE) && + (from->hdr_profile_path.buffer)) { + old_string = pdb_get_profile_path(to); + new_string = unistr2_static(&from->uni_profile_path); + DEBUG(10,("INFO_25 UNI_PROFILE_PATH: %s -> %s\n",old_string, new_string)); + if (STRING_CHANGED) + pdb_set_profile_path(to , new_string, PDB_CHANGED); + } + + if ((from->fields_present & ACCT_DESCRIPTION) && + (from->hdr_acct_desc.buffer)) { + old_string = pdb_get_acct_desc(to); + new_string = unistr2_static(&from->uni_acct_desc); + DEBUG(10,("INFO_25 UNI_ACCT_DESC: %s -> %s\n",old_string,new_string)); + if (STRING_CHANGED) + pdb_set_acct_desc(to , new_string, PDB_CHANGED); + } + + if ((from->fields_present & ACCT_WORKSTATIONS) && + (from->hdr_workstations.buffer)) { + old_string = pdb_get_workstations(to); + new_string = unistr2_static(&from->uni_workstations); + DEBUG(10,("INFO_25 UNI_WORKSTATIONS: %s -> %s\n",old_string, new_string)); + if (STRING_CHANGED) + pdb_set_workstations(to , new_string, PDB_CHANGED); + } + + /* is this right? */ + if ((from->fields_present & ACCT_ADMIN_DESC) && + (from->hdr_unknown_str.buffer)) { + old_string = pdb_get_unknown_str(to); + new_string = unistr2_static(&from->uni_unknown_str); + DEBUG(10,("INFO_25 UNI_UNKNOWN_STR: %s -> %s\n",old_string, new_string)); + if (STRING_CHANGED) + pdb_set_unknown_str(to , new_string, PDB_CHANGED); + } + + if ((from->fields_present & ACCT_CALLBACK) && + (from->hdr_munged_dial.buffer)) { + char *newstr; + old_string = pdb_get_munged_dial(to); + mung.length = from->hdr_munged_dial.uni_str_len; + mung.data = (uint8 *) from->uni_munged_dial.buffer; + newstr = (mung.length == 0) ? + NULL : base64_encode_data_blob(mung); + DEBUG(10,("INFO_25 UNI_MUNGED_DIAL: %s -> %s\n",old_string, newstr)); + if (STRING_CHANGED_NC(old_string,newstr)) + pdb_set_munged_dial(to , newstr, PDB_CHANGED); + + SAFE_FREE(newstr); + } + + if (from->fields_present & ACCT_RID) { + if (from->user_rid == 0) { + DEBUG(10, ("INFO_25: Asked to set User RID to 0 !? Skipping change!\n")); + } else if (from->user_rid != pdb_get_user_rid(to)) { + DEBUG(10,("INFO_25 USER_RID: %u -> %u NOT UPDATED!\n",pdb_get_user_rid(to),from->user_rid)); + } + } + + if (from->fields_present & ACCT_PRIMARY_GID) { + if (from->group_rid == 0) { + DEBUG(10, ("INFO_25: Asked to set Group RID to 0 !? Skipping change!\n")); + } else if (from->group_rid != pdb_get_group_rid(to)) { + DEBUG(10,("INFO_25 GROUP_RID: %u -> %u\n",pdb_get_group_rid(to),from->group_rid)); + pdb_set_group_sid_from_rid(to, from->group_rid, PDB_CHANGED); + } + } + + if (from->fields_present & ACCT_FLAGS) { + DEBUG(10,("INFO_25 ACCT_CTRL: %08X -> %08X\n",pdb_get_acct_ctrl(to),from->acb_info)); + if (from->acb_info != pdb_get_acct_ctrl(to)) { + if (!(from->acb_info & ACB_AUTOLOCK) && (pdb_get_acct_ctrl(to) & ACB_AUTOLOCK)) { + /* We're unlocking a previously locked user. Reset bad password counts. + Patch from Jianliang Lu. <Jianliang.Lu@getronics.com> */ + pdb_set_bad_password_count(to, 0, PDB_CHANGED); + pdb_set_bad_password_time(to, 0, PDB_CHANGED); + } + pdb_set_acct_ctrl(to, from->acb_info, PDB_CHANGED); + } + } +} diff --git a/source/rpc_server/srv_spoolss_nt.c b/source/rpc_server/srv_spoolss_nt.c index 2e224896c4d..0281e3da0ca 100644 --- a/source/rpc_server/srv_spoolss_nt.c +++ b/source/rpc_server/srv_spoolss_nt.c @@ -6279,7 +6279,13 @@ static WERROR publish_or_unpublish_printer(pipes_struct *p, POLICY_HND *handle, #ifdef HAVE_ADS SPOOL_PRINTER_INFO_LEVEL_7 *info7 = info->info_7; int snum; - Printer_entry *Printer = find_printer_index_by_hnd(p, handle); + Printer_entry *Printer; + + if ( lp_security() != SEC_ADS ) { + return WERR_UNKNOWN_LEVEL; + } + + Printer = find_printer_index_by_hnd(p, handle); DEBUG(5,("publish_or_unpublish_printer, action = %d\n",info7->action)); diff --git a/source/script/tests/selftest.sh b/source/script/tests/selftest.sh index cdf5b36bfa0..fe943b87b5e 100755 --- a/source/script/tests/selftest.sh +++ b/source/script/tests/selftest.sh @@ -111,6 +111,8 @@ cat >$SERVERCONFFILE<<EOF bind interfaces only = yes include = $COMMONCONFFILE + kernel oplocks = no + [tmp] path = $PREFIX_ABS/tmp read only = no diff --git a/source/script/tests/test_functions.sh b/source/script/tests/test_functions.sh index 4e3b8ce7db8..368832a506d 100644 --- a/source/script/tests/test_functions.sh +++ b/source/script/tests/test_functions.sh @@ -19,8 +19,8 @@ samba3_stop_sig_kill() { samba3_check_or_start() { if [ -n "$SERVER_TEST_FIFO" ];then - trap samba3_stop_sig_kill SIGINT SIGQUIT - trap samba3_stop_sig_kill SIGTERM + trap samba3_stop_sig_kill INT QUIT + trap samba3_stop_sig_kill TERM if [ -p "$SERVER_TEST_FIFO" ];then return 0; @@ -40,7 +40,7 @@ samba3_check_or_start() { rm -f $NMBD_TEST_LOG echo -n "STARTING NMBD..." (( - if [ -z "$NMBD_MAXTIME" ]; then + if test x"$NMBD_MAXTIME" = x; then NMBD_MAXTIME=2700 fi timelimit $NMBD_MAXTIME $NMBD_VALGRIND $SRCDIR/bin/nmbd -F -S --no-process-group -d0 -s $SERVERCONFFILE > $NMBD_TEST_LOG 2>&1 & @@ -69,7 +69,7 @@ samba3_check_or_start() { rm -f $SMBD_TEST_LOG echo -n "STARTING SMBD..." (( - if [ -z "$SMBD_MAXTIME" ]; then + if test x"$SMBD_MAXTIME" = x; then SMBD_MAXTIME=2700 fi timelimit $SMBD_MAXTIME $SMBD_VALGRIND $SRCDIR/bin/smbd -F -S --no-process-group -d0 -s $SERVERCONFFILE > $SMBD_TEST_LOG 2>&1 & diff --git a/source/script/tests/test_posix_s3.sh b/source/script/tests/test_posix_s3.sh index 1e60ec76668..2274a1f7fe5 100755 --- a/source/script/tests/test_posix_s3.sh +++ b/source/script/tests/test_posix_s3.sh @@ -32,11 +32,13 @@ raw="$raw RAW-IOCTL RAW-LOCK RAW-MKDIR RAW-MUX RAW-NOTIFY RAW-OPEN RAW-OPLOCK" raw="$raw RAW-QFILEINFO RAW-QFSINFO RAW-READ RAW-RENAME RAW-SEARCH RAW-SEEK" raw="$raw RAW-SFILEINFO RAW-SFILEINFO-BUG RAW-STREAMS RAW-UNLINK RAW-WRITE" -tests="$base $raw" +rpc="RPC-AUTHCONTEXT" + +tests="$base $raw $rpc" skipped="BASE-CHARSET BASE-DEFER_OPEN BASE-DELAYWRITE BASE-DELETE BASE-OPENATTR BASE-TCONDEV" skipped="$skipped RAW-ACLS RAW-CLOSE RAW-COMPOSITE RAW-CONTEXT RAW-EAS" -skipped="$skipped RAW-IOCTL RAW-MKDIR RAW-MUX RAW-NOTIFY RAW-OPEN RAW-OPLOCK" +skipped="$skipped RAW-IOCTL RAW-MKDIR RAW-MUX RAW-NOTIFY RAW-OPEN" skipped="$skipped RAW-QFILEINFO RAW-QFSINFO RAW-RENAME RAW-SEARCH" skipped="$skipped RAW-SFILEINFO RAW-STREAMS RAW-UNLINK RAW-WRITE" diff --git a/source/script/tests/tests_all.sh b/source/script/tests/tests_all.sh index 64a7065ee97..059f9d1a376 100755 --- a/source/script/tests/tests_all.sh +++ b/source/script/tests/tests_all.sh @@ -2,9 +2,10 @@ $SCRIPTDIR/test_smbtorture_s3.sh //$SERVER_IP/tmp $USERNAME $PASSWORD "" || failed=`expr $failed + $?` $SCRIPTDIR/test_smbclient_s3.sh $SERVER $SERVER_IP || failed=`expr $failed + $?` -if [ -n "$SMBTORTURE4" ];then +SMBTORTURE4VERSION=`$SMBTORTURE4 --version` +if [ -n "$SMBTORTURE4" -a -n "$SMBTORTURE4VERSION" ];then echo "Running Tests with Samba4's smbtorture" - $SMBTORTURE4 --version + echo $SMBTORTURE4VERSION $SCRIPTDIR/test_posix_s3.sh //$SERVER_IP/tmp $USERNAME $PASSWORD "" || failed=`expr $failed + $?` else echo "Skip Tests with Samba4's smbtorture" diff --git a/source/script/tests/timelimit.c b/source/script/tests/timelimit.c index 5b8281cb0dc..32e58f52498 100644 --- a/source/script/tests/timelimit.c +++ b/source/script/tests/timelimit.c @@ -53,17 +53,10 @@ static void sig_usr1(int sig) static void new_process_group(void) { -#ifdef BSD_SETPGRP - if (setpgrp(0,0) == -1) { - perror("setpgrp"); + if (setpgid(0,0) == -1) { + perror("setpgid"); exit(1); } -#else - if (setpgrp() == -1) { - perror("setpgrp"); - exit(1); - } -#endif } diff --git a/source/smbd/chgpasswd.c b/source/smbd/chgpasswd.c index 16b44a54bf9..011122ee575 100644 --- a/source/smbd/chgpasswd.c +++ b/source/smbd/chgpasswd.c @@ -241,7 +241,7 @@ static int expect(int master, char *issue, char *expected) if (lp_passwd_chat_debug()) DEBUG(100, ("expect: sending [%s]\n", issue)); - if ((len = write(master, issue, strlen(issue))) != strlen(issue)) { + if ((len = sys_write(master, issue, strlen(issue))) != strlen(issue)) { DEBUG(2,("expect: (short) write returned %d\n", len )); return False; } diff --git a/source/smbd/dmapi.c b/source/smbd/dmapi.c index 4a6cba293bc..a9d83c782bb 100644 --- a/source/smbd/dmapi.c +++ b/source/smbd/dmapi.c @@ -24,12 +24,6 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_DMAPI -#if defined(HAVE_LIBDM) || defined(HAVE_LIBJFSDM) || defined(HAVE_LIBXDSM) -#if defined(HAVE_XFS_DMAPI_H) || defined(HAVE_SYS_DMI_H) || defined(HAVE_SYS_JFSDMAPI_H) || defined(HAVE_SYS_DMAPI_H) -#define USE_DMAPI 1 -#endif -#endif - #ifndef USE_DMAPI int dmapi_init_session(void) { return -1; } diff --git a/source/smbd/ipc.c b/source/smbd/ipc.c index 7f9505606cc..32503879099 100644 --- a/source/smbd/ipc.c +++ b/source/smbd/ipc.c @@ -291,6 +291,12 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, return ERROR_NT(NT_STATUS_INVALID_HANDLE); } + if (vuid != p->vuid) { + DEBUG(1, ("Got pipe request (pnum %x) using invalid VUID %d, " + "expected %d\n", pnum, vuid, p->vuid)); + return ERROR_NT(NT_STATUS_INVALID_HANDLE); + } + DEBUG(3,("Got API command 0x%x on pipe \"%s\" (pnum %x)\n", subcommand, p->name, pnum)); /* record maximum data length that can be transmitted in an SMBtrans */ diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c index 3cdc4997b23..5d19d496fd9 100644 --- a/source/smbd/nttrans.c +++ b/source/smbd/nttrans.c @@ -1652,11 +1652,11 @@ static NTSTATUS copy_internals(connection_struct *conn, char *oldname, char *new fsp1 = open_file_ntcreate(conn,oldname,&sbuf1, FILE_READ_DATA, /* Read-only. */ - 0, /* No sharing. */ + FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_OPEN, 0, /* No create options. */ FILE_ATTRIBUTE_NORMAL, - INTERNAL_OPEN_ONLY, + NO_OPLOCK, &info); if (!fsp1) { @@ -1669,12 +1669,12 @@ static NTSTATUS copy_internals(connection_struct *conn, char *oldname, char *new } fsp2 = open_file_ntcreate(conn,newname,&sbuf2, - FILE_WRITE_DATA, /* Read-only. */ - 0, /* No sharing. */ + FILE_WRITE_DATA, /* Write-only. */ + FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_CREATE, 0, /* No create options. */ fattr, - INTERNAL_OPEN_ONLY, + NO_OPLOCK, &info); if (!fsp2) { @@ -1704,8 +1704,9 @@ static NTSTATUS copy_internals(connection_struct *conn, char *oldname, char *new close_ret = close_file(fsp2,NORMAL_CLOSE); - /* Grrr. We have to do this as open_file_shared1 adds aARCH when it - creates the file. This isn't the correct thing to do in the copy case. JRA */ + /* Grrr. We have to do this as open_file_ntcreate adds aARCH when it + creates the file. This isn't the correct thing to do in the copy + case. JRA */ file_set_dosmode(conn, newname, fattr, &sbuf2, True); if (ret < (SMB_OFF_T)sbuf1.st_size) { diff --git a/source/smbd/open.c b/source/smbd/open.c index 3d537b2f394..633e70ac314 100644 --- a/source/smbd/open.c +++ b/source/smbd/open.c @@ -245,7 +245,7 @@ static BOOL open_file(files_struct *fsp, /* * We can't actually truncate here as the file may be locked. - * open_file_shared will take care of the truncate later. JRA. + * open_file_ntcreate will take care of the truncate later. JRA. */ local_flags &= ~O_TRUNC; @@ -599,7 +599,7 @@ static BOOL is_delete_request(files_struct *fsp) { } /* - * 1) No files open at all: Grant whatever the client wants. + * 1) No files open at all or internal open: Grant whatever the client wants. * * 2) Exclusive (or batch) oplock around: If the requested access is a delete * request, break if the oplock around is a batch oplock. If it's another @@ -608,7 +608,10 @@ static BOOL is_delete_request(files_struct *fsp) { * 3) Only level2 around: Grant level2 and do nothing else. */ -static BOOL delay_for_oplocks(struct share_mode_lock *lck, files_struct *fsp, int pass_number) +static BOOL delay_for_oplocks(struct share_mode_lock *lck, + files_struct *fsp, + int pass_number, + int oplock_request) { int i; struct share_mode_entry *exclusive = NULL; @@ -616,7 +619,7 @@ static BOOL delay_for_oplocks(struct share_mode_lock *lck, files_struct *fsp, in BOOL delay_it = False; BOOL have_level2 = False; - if (is_stat_open(fsp->access_mask)) { + if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) { fsp->oplock_type = NO_OPLOCK; return False; } @@ -683,8 +686,16 @@ static BOOL delay_for_oplocks(struct share_mode_lock *lck, files_struct *fsp, in procid_str_static(&exclusive->pid))); exclusive->op_mid = get_current_mid(); + /* Create the message. */ share_mode_entry_to_message(msg, exclusive); + /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We don't + want this set in the share mode struct pointed to by lck. */ + + if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) { + SSVAL(msg,6,exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE); + } + become_root(); ret = message_send_pid(exclusive->pid, MSG_SMB_BREAK_REQUEST, msg, MSG_SMB_SHARE_MODE_ENTRY_SIZE, True); @@ -692,7 +703,6 @@ static BOOL delay_for_oplocks(struct share_mode_lock *lck, files_struct *fsp, in if (!ret) { DEBUG(3, ("Could not send oplock break message\n")); } - file_free(fsp); } return delay_it; @@ -1087,7 +1097,6 @@ files_struct *open_file_ntcreate(connection_struct *conn, int flags2=0; BOOL file_existed = VALID_STAT(*psbuf); BOOL def_acl = False; - BOOL internal_only_open = False; SMB_DEV_T dev = 0; SMB_INO_T inode = 0; BOOL fsp_open = False; @@ -1130,11 +1139,6 @@ files_struct *open_file_ntcreate(connection_struct *conn, create_disposition, create_options, unx_mode, oplock_request)); - if (oplock_request == INTERNAL_OPEN_ONLY) { - internal_only_open = True; - oplock_request = 0; - } - if ((pml = get_open_deferred_message(mid)) != NULL) { struct deferred_open_record *state = (struct deferred_open_record *)pml->private_data.data; @@ -1171,7 +1175,8 @@ files_struct *open_file_ntcreate(connection_struct *conn, /* ignore any oplock requests if oplocks are disabled */ if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break || IS_VETO_OPLOCK_PATH(conn, fname)) { - oplock_request = 0; + /* Mask off everything except the private Samba bits. */ + oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK; } /* this is for OS/2 long file names - say we don't support them */ @@ -1346,7 +1351,8 @@ files_struct *open_file_ntcreate(connection_struct *conn, fsp->share_access = share_access; fsp->fh->private_options = create_options; fsp->access_mask = access_mask; - fsp->oplock_type = oplock_request; + /* Ensure no SAMBA_PRIVATE bits can be set. */ + fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK); if (timeval_is_zero(&request_time)) { request_time = fsp->open_time; @@ -1361,15 +1367,17 @@ files_struct *open_file_ntcreate(connection_struct *conn, fname); if (lck == NULL) { + file_free(fsp); DEBUG(0, ("Could not get share mode lock\n")); set_saved_ntstatus(NT_STATUS_SHARING_VIOLATION); return NULL; } /* First pass - send break only on batch oplocks. */ - if (delay_for_oplocks(lck, fsp, 1)) { + if (delay_for_oplocks(lck, fsp, 1, oplock_request)) { schedule_defer_open(lck, request_time); TALLOC_FREE(lck); + file_free(fsp); return NULL; } @@ -1380,9 +1388,10 @@ files_struct *open_file_ntcreate(connection_struct *conn, if (NT_STATUS_IS_OK(status)) { /* We might be going to allow this open. Check oplock status again. */ /* Second pass - send break for both batch or exclusive oplocks. */ - if (delay_for_oplocks(lck, fsp, 2)) { + if (delay_for_oplocks(lck, fsp, 2, oplock_request)) { schedule_defer_open(lck, request_time); TALLOC_FREE(lck); + file_free(fsp); return NULL; } } @@ -1456,7 +1465,7 @@ files_struct *open_file_ntcreate(connection_struct *conn, * cope with the braindead 1 second delay. */ - if (!internal_only_open && + if (!(oplock_request & INTERNAL_OPEN_ONLY) && lp_defer_sharing_violations()) { struct timeval timeout; struct deferred_open_record state; @@ -1742,7 +1751,7 @@ files_struct *open_file_ntcreate(connection_struct *conn, if (ret == -1 && errno == ENOSYS) { errno = saved_errno; /* Ignore ENOSYS */ } else { - DEBUG(5, ("open_file_shared: reset " + DEBUG(5, ("open_file_ntcreate: reset " "attributes of file %s to 0%o\n", fname, (unsigned int)new_unx_mode)); ret = 0; /* Don't do the fchmod below. */ @@ -1751,7 +1760,7 @@ files_struct *open_file_ntcreate(connection_struct *conn, if ((ret == -1) && (SMB_VFS_FCHMOD(fsp, fsp->fh->fd, new_unx_mode) == -1)) - DEBUG(5, ("open_file_shared: failed to reset " + DEBUG(5, ("open_file_ntcreate: failed to reset " "attributes of file %s to 0%o\n", fname, (unsigned int)new_unx_mode)); } diff --git a/source/smbd/oplock.c b/source/smbd/oplock.c index 42c64a28435..1f731e17291 100644 --- a/source/smbd/oplock.c +++ b/source/smbd/oplock.c @@ -540,6 +540,7 @@ static void process_oplock_break_message(int msg_type, struct process_id src, } if ((global_client_caps & CAP_LEVEL_II_OPLOCKS) && + !(msg.op_type & FORCE_OPLOCK_BREAK_TO_NONE) && !koplocks && /* NOTE: we force levelII off for kernel oplocks - * this will change when it is supported */ lp_level2_oplocks(SNUM(fsp->conn))) { diff --git a/source/smbd/pipes.c b/source/smbd/pipes.c index 12f3d180b1e..2d90383706b 100644 --- a/source/smbd/pipes.c +++ b/source/smbd/pipes.c @@ -121,6 +121,7 @@ int reply_open_pipe_and_X(connection_struct *conn, int reply_pipe_write(char *inbuf,char *outbuf,int length,int dum_bufsize) { smb_np_struct *p = get_rpc_pipe_p(inbuf,smb_vwv0); + uint16 vuid = SVAL(inbuf,smb_uid); size_t numtowrite = SVAL(inbuf,smb_vwv1); int nwritten; int outsize; @@ -130,6 +131,10 @@ int reply_pipe_write(char *inbuf,char *outbuf,int length,int dum_bufsize) return(ERROR_DOS(ERRDOS,ERRbadfid)); } + if (p->vuid != vuid) { + return ERROR_NT(NT_STATUS_INVALID_HANDLE); + } + data = smb_buf(inbuf) + 3; if (numtowrite == 0) { @@ -161,6 +166,7 @@ int reply_pipe_write(char *inbuf,char *outbuf,int length,int dum_bufsize) int reply_pipe_write_and_X(char *inbuf,char *outbuf,int length,int bufsize) { smb_np_struct *p = get_rpc_pipe_p(inbuf,smb_vwv2); + uint16 vuid = SVAL(inbuf,smb_uid); size_t numtowrite = SVAL(inbuf,smb_vwv10); int nwritten = -1; int smb_doff = SVAL(inbuf, smb_vwv11); @@ -172,6 +178,10 @@ int reply_pipe_write_and_X(char *inbuf,char *outbuf,int length,int bufsize) return(ERROR_DOS(ERRDOS,ERRbadfid)); } + if (p->vuid != vuid) { + return ERROR_NT(NT_STATUS_INVALID_HANDLE); + } + data = smb_base(inbuf) + smb_doff; if (numtowrite == 0) { diff --git a/source/smbd/reply.c b/source/smbd/reply.c index 387ed4a47f4..d333ebf32eb 100644 --- a/source/smbd/reply.c +++ b/source/smbd/reply.c @@ -1433,9 +1433,9 @@ int reply_open_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt uint32 smb_attr = SVAL(inbuf,smb_vwv5); /* Breakout the oplock request bits so we can set the reply bits separately. */ - BOOL ex_oplock_request = EXTENDED_OPLOCK_REQUEST(inbuf); - BOOL core_oplock_request = CORE_OPLOCK_REQUEST(inbuf); - BOOL oplock_request = ex_oplock_request | core_oplock_request; + int ex_oplock_request = EXTENDED_OPLOCK_REQUEST(inbuf); + int core_oplock_request = CORE_OPLOCK_REQUEST(inbuf); + int oplock_request = ex_oplock_request | core_oplock_request; #if 0 int smb_sattr = SVAL(inbuf,smb_vwv4); uint32 smb_time = make_unix_date3(inbuf+smb_vwv6); diff --git a/source/smbd/server.c b/source/smbd/server.c index d16579f24a8..2bfeae9f541 100644 --- a/source/smbd/server.c +++ b/source/smbd/server.c @@ -744,16 +744,17 @@ void build_options(BOOL screen); poptContext pc; struct poptOption long_options[] = { - POPT_AUTOHELP + POPT_AUTOHELP {"daemon", 'D', POPT_ARG_VAL, &is_daemon, True, "Become a daemon (default)" }, {"interactive", 'i', POPT_ARG_VAL, &interactive, True, "Run interactive (not a daemon)"}, - {"foreground", 'F', POPT_ARG_VAL, &Fork, False, "Run daemon in foreground (for daemontools & etc)" }, - {"no-process-group", 0, POPT_ARG_VAL, &no_process_group, True, "Don't create a new process group" }, + {"foreground", 'F', POPT_ARG_VAL, &Fork, False, "Run daemon in foreground (for daemontools, etc.)" }, + {"no-process-group", '\0', POPT_ARG_VAL, &no_process_group, True, "Don't create a new process group" }, {"log-stdout", 'S', POPT_ARG_VAL, &log_stdout, True, "Log to stdout" }, {"build-options", 'b', POPT_ARG_NONE, NULL, 'b', "Print build options" }, {"port", 'p', POPT_ARG_STRING, &ports, 0, "Listen on the specified ports"}, POPT_COMMON_SAMBA - { NULL } + POPT_COMMON_DYNCONFIG + POPT_TABLEEND }; load_case_tables(); diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c index fc14772c57c..eda4837ba4b 100644 --- a/source/smbd/trans2.c +++ b/source/smbd/trans2.c @@ -727,7 +727,7 @@ static int call_trans2open(connection_struct *conn, char *inbuf, char *outbuf, i time_t open_time; #endif int open_ofun; - int32 open_size; + uint32 open_size; char *pname; pstring fname; SMB_OFF_T size=0; @@ -860,6 +860,30 @@ static int call_trans2open(connection_struct *conn, char *inbuf, char *outbuf, i return(ERROR_DOS(ERRDOS,ERRnoaccess)); } + /* Save the requested allocation size. */ + /* Allocate space for the file if a size hint is supplied */ + if ((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) { + SMB_BIG_UINT allocation_size = (SMB_BIG_UINT)open_size; + if (allocation_size && (allocation_size > (SMB_BIG_UINT)size)) { + fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size); + if (fsp->is_directory) { + close_file(fsp,ERROR_CLOSE); + /* Can't set allocation size on a directory. */ + return ERROR_NT(NT_STATUS_ACCESS_DENIED); + } + if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) { + close_file(fsp,ERROR_CLOSE); + return ERROR_NT(NT_STATUS_DISK_FULL); + } + + /* Adjust size here to return the right size in the reply. + Windows does it this way. */ + size = fsp->initial_allocation_size; + } else { + fsp->initial_allocation_size = smb_roundup(fsp->conn,(SMB_BIG_UINT)size); + } + } + if (total_data && smb_action == FILE_WAS_CREATED) { status = set_ea(conn, fsp, fname, ea_list); talloc_destroy(ctx); @@ -3996,15 +4020,19 @@ static int call_trans2setfilepathinfo(connection_struct *conn, char *inbuf, char new_fsp = open_file_ntcreate(conn, fname, &sbuf, FILE_WRITE_DATA, - FILE_SHARE_READ|FILE_SHARE_WRITE, + FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_OPEN, 0, FILE_ATTRIBUTE_NORMAL, - INTERNAL_OPEN_ONLY, + FORCE_OPLOCK_BREAK_TO_NONE, NULL); if (new_fsp == NULL) { - return(UNIXERROR(ERRDOS,ERRbadpath)); + if (open_was_deferred(SVAL(inbuf,smb_mid))) { + /* We have re-scheduled this call. */ + return -1; + } + return(UNIXERROR(ERRDOS,ERRnoaccess)); } ret = vfs_allocate_file_space(new_fsp, allocation_size); if (SMB_VFS_FSTAT(new_fsp,new_fsp->fh->fd,&new_sbuf) != 0) { @@ -4537,7 +4565,6 @@ size = %.0f, uid = %u, gid = %u, raw perms = 0%o\n", POSIX_LOCK, &my_lock_ctx); - /* TODO: Deal with rescheduling blocking lock fail here... */ if (lp_blocking_locks(SNUM(conn)) && ERROR_WAS_LOCK_DENIED(status)) { /* * A blocking lock was requested. Package up @@ -4636,15 +4663,19 @@ size = %.0f, uid = %u, gid = %u, raw perms = 0%o\n", new_fsp = open_file_ntcreate(conn, fname, &sbuf, FILE_WRITE_DATA, - FILE_SHARE_READ|FILE_SHARE_WRITE, + FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_OPEN, 0, FILE_ATTRIBUTE_NORMAL, - INTERNAL_OPEN_ONLY, + FORCE_OPLOCK_BREAK_TO_NONE, NULL); if (new_fsp == NULL) { - return(UNIXERROR(ERRDOS,ERRbadpath)); + if (open_was_deferred(SVAL(inbuf,smb_mid))) { + /* We have re-scheduled this call. */ + return -1; + } + return(UNIXERROR(ERRDOS,ERRnoaccess)); } ret = vfs_set_filelen(new_fsp, size); close_file(new_fsp,NORMAL_CLOSE); @@ -5238,6 +5269,7 @@ int reply_trans2(connection_struct *conn, char *inbuf,char *outbuf, } else { DEBUG(2,("Invalid smb_sucnt in trans2 call(%u)\n",state->setup_count)); DEBUG(2,("Transaction is %d\n",tran_call)); + TALLOC_FREE(state); END_PROFILE(SMBtrans2); return ERROR_NT(NT_STATUS_INVALID_PARAMETER); } diff --git a/source/utils/net.c b/source/utils/net.c index 27b64aa96e5..bef2a0a83c2 100644 --- a/source/utils/net.c +++ b/source/utils/net.c @@ -65,6 +65,7 @@ const char *opt_workgroup = NULL; int opt_long_list_entries = 0; int opt_reboot = 0; int opt_force = 0; +int opt_stdin = 0; int opt_port = 0; int opt_verbose = 0; int opt_maxusers = -1; @@ -496,13 +497,24 @@ static int net_changetrustpw(int argc, const char **argv) return net_rpc_changetrustpw(argc, argv); } +static void set_line_buffering(FILE *f) +{ + setvbuf(f, NULL, _IOLBF, 0); +} + static int net_changesecretpw(int argc, const char **argv) { char *trust_pw; uint32 sec_channel_type = SEC_CHAN_WKSTA; if(opt_force) { - trust_pw = getpass("Enter machine password: "); + if (opt_stdin) { + set_line_buffering(stdin); + set_line_buffering(stdout); + set_line_buffering(stderr); + } + + trust_pw = get_pass("Enter machine password: ", opt_stdin); if (!secrets_store_machine_password(trust_pw, lp_workgroup(), sec_channel_type)) { d_fprintf(stderr, "Unable to write the machine account password in the secrets database"); @@ -856,6 +868,7 @@ static struct functable net_func[] = { {"long", 'l', POPT_ARG_NONE, &opt_long_list_entries}, {"reboot", 'r', POPT_ARG_NONE, &opt_reboot}, {"force", 'f', POPT_ARG_NONE, &opt_force}, + {"stdin", 'i', POPT_ARG_NONE, &opt_stdin}, {"timeout", 't', POPT_ARG_INT, &opt_timeout}, {"machine-pass",'P', POPT_ARG_NONE, &opt_machine_pass}, {"myworkgroup", 'W', POPT_ARG_STRING, &opt_workgroup}, diff --git a/source/utils/smbcontrol.c b/source/utils/smbcontrol.c index ad05f8e9483..0c6a1341c03 100644 --- a/source/utils/smbcontrol.c +++ b/source/utils/smbcontrol.c @@ -890,7 +890,7 @@ static BOOL do_winbind_offline(const struct process_id pid, ret = send_message(pid, MSG_WINBIND_OFFLINE, NULL, 0, False); /* Check that the entry "WINBINDD_OFFLINE" still exists. */ - tdb->ecode = 0; + tdb->ecode = TDB_SUCCESS; d = tdb_fetch_bystring( tdb, "WINBINDD_OFFLINE" ); /* As this is a key with no data we don't need to free, we diff --git a/source/utils/smbpasswd.c b/source/utils/smbpasswd.c index c063ad8b315..24b3759605b 100644 --- a/source/utils/smbpasswd.c +++ b/source/utils/smbpasswd.c @@ -64,6 +64,7 @@ static void usage(void) printf(" -i interdomain trust account\n"); printf(" -m machine trust account\n"); printf(" -n set no password\n"); + printf(" -W use stdin ldap admin password\n"); printf(" -w PASSWORD ldap admin password\n"); printf(" -x delete user\n"); printf(" -R ORDER name resolve order\n"); |