diff options
| author | Gerald Carter <jerry@samba.org> | 2006-02-20 15:36:45 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2006-02-20 15:36:45 +0000 |
| commit | 775bc4f682981f2fa95d255ad5bb3ede735f557f (patch) | |
| tree | b90be7d259618c29b3423f82c33a4f617c01f7cf /source | |
| parent | ef644163def74608c1cdfc309f5a699887424c86 (diff) | |
| download | samba-775bc4f682981f2fa95d255ad5bb3ede735f557f.tar.gz samba-775bc4f682981f2fa95d255ad5bb3ede735f557f.tar.xz samba-775bc4f682981f2fa95d255ad5bb3ede735f557f.zip | |
r13567: merge for 3.0.21c
svn merge -r13559:13563 $SVNURL/branches/SAMBA_3_0
svn merge -r13557:13559 $SVNURL/branches/SAMBA_3_0
svn merge -r13546:13547 $SVNURL/branches/SAMBA_3_0
svn merge -r13198:13202 $SVNURL/branches/SAMBA_3_0
svn merge -r13209:13211 $SVNURL/branches/SAMBA_3_0
svn merge -r13216:13222 $SVNURL/branches/SAMBA_3_0
svn merge -r13224:13229 $SVNURL/branches/SAMBA_3_0
svn merge -r13231:13232 $SVNURL/branches/SAMBA_3_0
svn merge -r13235:13238 $SVNURL/branches/SAMBA_3_0
svn merge -r13238:13257 $SVNURL/branches/SAMBA_3_0
svn merge -r13257:13262 $SVNURL/branches/SAMBA_3_0
svn merge -r13288:13290 $SVNURL/branches/SAMBA_3_0
svn merge -r13294:13296 $SVNURL/branches/SAMBA_3_0
svn merge -r13299:13306 $SVNURL/branches/SAMBA_3_0
svn merge -r13310:13314 $SVNURL/branches/SAMBA_3_0
svn merge -r13322:13327 $SVNURL/branches/SAMBA_3_0
svn merge -r13351:13363 $SVNURL/branches/SAMBA_3_0
svn merge -r13363:13364 $SVNURL/branches/SAMBA_3_0
svn merge -r13364:13366 $SVNURL/branches/SAMBA_3_0
svn merge -r13375:13376 $SVNURL/branches/SAMBA_3_0
svn merge -r13382:13384 $SVNURL/branches/SAMBA_3_0
svn merge -r13391:13392 $SVNURL/branches/SAMBA_3_0
svn merge -r13392:13393 $SVNURL/branches/SAMBA_3_0
svn merge -r13393:13394 $SVNURL/branches/SAMBA_3_0
svn merge -r13407:13408 $SVNURL/branches/SAMBA_3_0
svn merge -r13410:13411 $SVNURL/branches/SAMBA_3_0
svn merge -r13412:13416 $SVNURL/branches/SAMBA_3_0
svn merge -r13416:13417 $SVNURL/branches/SAMBA_3_0
svn merge -r13460:13473 $SVNURL/branches/SAMBA_3_0
svn merge -r13475:13477 $SVNURL/branches/SAMBA_3_0
svn merge -r13484:13489 $SVNURL/branches/SAMBA_3_0
svn merge -r13489:13491 $SVNURL/branches/SAMBA_3_0
svn merge -r13495:13497 $SVNURL/branches/SAMBA_3_0
svn merge -r13497:13498 $SVNURL/branches/SAMBA_3_0
svn merge -r13498:13500 $SVNURL/branches/SAMBA_3_0
svn merge -r13510:13511 $SVNURL/branches/SAMBA_3_0
svn merge -r13513:13514 $SVNURL/branches/SAMBA_3_0
svn merge -r13515:13517 $SVNURL/branches/SAMBA_3_0
svn merge -r13523:13524 $SVNURL/branches/SAMBA_3_0
svn merge -r13524:13525 $SVNURL/branches/SAMBA_3_0
svn merge -r13525:13526 $SVNURL/branches/SAMBA_3_0
svn merge -r13526:13527 $SVNURL/branches/SAMBA_3_0
svn merge -r13527:13535 $SVNURL/branches/SAMBA_3_0
Diffstat (limited to 'source')
40 files changed, 359 insertions, 202 deletions
diff --git a/source/Makefile.in b/source/Makefile.in index e610766a171..c67938727e0 100644 --- a/source/Makefile.in +++ b/source/Makefile.in @@ -481,14 +481,15 @@ TESTPARM_OBJ = utils/testparm.o \ $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \ $(SECRETS_OBJ) $(LIBSAMBA_OBJ) -SMBPASSWD_OBJ = utils/smbpasswd.o $(PASSCHANGE_OBJ) $(PARAM_OBJ) $(SECRETS_OBJ) \ - $(LIBSMB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ)\ - $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) \ - $(SMBLDAP_OBJ) $(RPC_PARSE_OBJ) $(LIBMSRPC_OBJ) +SMBPASSWD_OBJ = utils/smbpasswd.o utils/passwd_util.o $(PASSCHANGE_OBJ) \ + $(PARAM_OBJ) $(SECRETS_OBJ) $(LIBSMB_OBJ) $(PASSDB_OBJ) \ + $(GROUPDB_OBJ) $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) \ + $(POPT_OBJS) $(SMBLDAP_OBJ) $(RPC_PARSE_OBJ) $(LIBMSRPC_OBJ) -PDBEDIT_OBJ = utils/pdbedit.o $(PARAM_OBJ) $(PASSDB_OBJ) $(LIBSAMBA_OBJ) \ - $(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) $(SECRETS_OBJ) \ - $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) libsmb/asn1.o +PDBEDIT_OBJ = utils/pdbedit.o utils/passwd_util.o $(PARAM_OBJ) $(PASSDB_OBJ) \ + $(LIBSAMBA_OBJ) $(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) \ + $(SECRETS_OBJ) $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) libsmb/asn1.o \ + $(RPC_PARSE_OBJ1) $(DOSERR_OBJ) SMBGET_OBJ = utils/smbget.o $(POPT_LIB_OBJ) $(LIBSMBCLIENT_OBJ) @@ -663,7 +664,7 @@ PROTO_OBJ = $(SMBD_OBJ_MAIN) \ $(RPC_SVC_OBJ) $(RPC_WKS_OBJ) $(RPC_DFS_OBJ) $(RPC_SPOOLSS_OBJ) \ $(RPC_ECHO_OBJ) $(RPC_SVCCTL_OBJ) $(RPC_EVENTLOG_OBJ) $(SMBLDAP_OBJ) \ $(IDMAP_OBJ) libsmb/spnego.o $(PASSCHANGE_OBJ) \ - $(RPC_NTSVCS_OBJ) + $(RPC_NTSVCS_OBJ) utils/passwd_util.o WINBIND_WINS_NSS_OBJ = nsswitch/wins.o $(PARAM_OBJ) \ $(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) $(NSSWINS_OBJ) $(KRBCLIENT_OBJ) @@ -864,7 +865,7 @@ smbd/build_options.c: include/config.h.in script/mkbuildoptions.awk @echo Generating $@ @dir=smbd $(MAKEDIR) && $(AWK) -f $(srcdir)/script/mkbuildoptions.awk > $(builddir)/smbd/build_options.c < $(srcdir)/include/config.h.in -.c.@PICSUFFIX@: +.c.@PICSUFFIX@: @if (: >> $@ || : > $@) >/dev/null 2>&1; then rm -f $@; else \ dir=`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` $(MAKEDIR); fi @echo Compiling $*.c with @PICFLAGS@ @@ -1172,13 +1173,13 @@ bin/winbindd@EXEEXT@: $(WINBINDD_OBJ) @BUILD_POPT@ bin/.dummy @WINBIND_NSS@: $(WINBIND_NSS_PICOBJS) @echo "Linking $@" @$(SHLD) $(WINBIND_NSS_LDSHFLAGS) -o $@ $(WINBIND_NSS_PICOBJS) \ - @WINBIND_NSS_EXTRA_LIBS@ @SONAMEFLAG@`basename $@` + @WINBIND_NSS_EXTRA_LIBS@ @SONAMEFLAG@`basename $@`@SONAMEVERSIONSUFFIX@ @WINBIND_WINS_NSS@: $(WINBIND_WINS_NSS_PICOBJS) @echo "Linking $@" @$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_WINS_NSS_PICOBJS) \ - $(LDAP_LIBS) $(KRB5LIBS) -lc \ - @SONAMEFLAG@`basename $@` + $(LDAP_LIBS) $(KRB5LIBS) \ + @SONAMEFLAG@`basename $@`@SONAMEVERSIONSUFFIX@ nsswitch/pam_winbind.@SHLIBEXT@: $(PAM_WINBIND_PICOBJ) bin/.dummy @echo "Linking $@" @@ -1356,7 +1357,7 @@ bin/ntlm_auth@EXEEXT@: $(NTLM_AUTH_OBJ) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \ bin/pam_smbpass.@SHLIBEXT@: $(PAM_SMBPASS_PICOOBJ) @echo "Linking shared library $@" - @$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_SMBPASS_PICOOBJ) -lpam $(DYNEXP) $(LIBS) -lc $(LDAP_LIBS) $(KRB5LIBS) + @$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_SMBPASS_PICOOBJ) -lpam $(DYNEXP) $(LIBS) $(LDAP_LIBS) $(KRB5LIBS) bin/tdbbackup@EXEEXT@: $(TDBBACKUP_OBJ) bin/.dummy @echo Linking $@ @@ -1479,7 +1480,7 @@ python_install: $(PYTHON_PICOBJS) PYTHON_OBJS="$(PYTHON_PICOBJS)" \ PYTHON_CFLAGS="$(CFLAGS) $(CPPFLAGS)" \ LIBS="$(LDFLAGS) $(LIBS)" \ - $(PYTHON) python/setup.py install + $(PYTHON) python/setup.py install --root=$(DESTDIR) python_clean: @-if test -n "$(PYTHON)"; then $(PYTHON) python/setup.py clean; fi @@ -1494,7 +1495,7 @@ installman: installdirs .PHONY: showlayout -showlayout: +showlayout: @echo "Samba will be installed into:" @echo " basedir: $(BASEDIR)" @echo " bindir: $(BINDIR)" @@ -1572,27 +1573,32 @@ include/wrepld_proto.h: -h _WREPLD_PROTO_H_ $(builddir)/include/wrepld_proto.h \ $(WREPL_OBJ1) -nsswitch/winbindd_proto.h: +nsswitch/winbindd_proto.h: @cd $(srcdir) && $(SHELL) $(MKPROTO_SH) $(AWK) \ -h _WINBINDD_PROTO_H_ $(builddir)/nsswitch/winbindd_proto.h \ $(WINBINDD_OBJ1) -web/swat_proto.h: +web/swat_proto.h: @cd $(srcdir) && $(SHELL) $(MKPROTO_SH) $(AWK) \ -h _SWAT_PROTO_H_ $(builddir)/web/swat_proto.h \ $(SWAT_OBJ1) -client/client_proto.h: +client/client_proto.h: @cd $(srcdir) && $(SHELL) $(MKPROTO_SH) $(AWK) \ -h _CLIENT_PROTO_H_ $(builddir)/client/client_proto.h \ $(CLIENT_OBJ1) -utils/net_proto.h: +utils/net_proto.h: @cd $(srcdir) && $(SHELL) $(MKPROTO_SH) $(AWK) \ -h _NET_PROTO_H_ $(builddir)/utils/net_proto.h \ $(NET_OBJ1) -utils/ntlm_auth_proto.h: +utils/passwd_proto.h: + @cd $(srcdir) && $(SHELL) $(MKPROTO_SH) $(AWK) \ + -h _PASSWD_PROTO_H_ $(builddir)/utils/passwd_proto.h \ + utils/passwd_util.o + +utils/ntlm_auth_proto.h: @cd $(srcdir) && $(SHELL) $(MKPROTO_SH) $(AWK) \ -h _NTLM_AUTH_PROTO_H_ $(builddir)/utils/ntlm_auth_proto.h \ $(NTLM_AUTH_OBJ1) @@ -1600,7 +1606,7 @@ utils/ntlm_auth_proto.h: # "make headers" or "make proto" calls a subshell because we need to # make sure these commands are executed in sequence even for a # parallel make. -headers: +headers: $(MAKE) delheaders; \ $(MAKE) smbd/build_options.c; \ $(MAKE) include/proto.h; \ @@ -1610,7 +1616,8 @@ headers: $(MAKE) web/swat_proto.h; \ $(MAKE) client/client_proto.h; \ $(MAKE) utils/ntlm_auth_proto.h; \ - $(MAKE) utils/net_proto.h; + $(MAKE) utils/net_proto.h; \ + $(MAKE) utils/passwd_proto.h; proto: headers diff --git a/source/VERSION b/source/VERSION index 36aca8bb1f3..3f800b0dc94 100644 --- a/source/VERSION +++ b/source/VERSION @@ -37,7 +37,7 @@ SAMBA_VERSION_RELEASE=21 # e.g. SAMBA_VERSION_REVISION=a # # -> "2.2.8a" # ######################################################## -SAMBA_VERSION_REVISION=b +SAMBA_VERSION_REVISION=c ######################################################## # For 'pre' releases the version will be # diff --git a/source/client/clitar.c b/source/client/clitar.c index c15d24d619a..cd0ce27eb5f 100644 --- a/source/client/clitar.c +++ b/source/client/clitar.c @@ -1698,8 +1698,8 @@ int tar_parseargs(int argc, char *argv[], const char *Optarg, int Optind) return 0; } newOptind++; - Optind++; - if (! read_inclusion_file(argv[Optind])) { + /* Optind points at the tar output file, Optind+1 at the inclusion file. */ + if (! read_inclusion_file(argv[Optind+1])) { return 0; } } else if (Optind+1<argc && !tar_re_search) { /* For backwards compatibility */ @@ -1738,7 +1738,8 @@ int tar_parseargs(int argc, char *argv[], const char *Optarg, int Optind) newOptind += clipn; } - if (Optind+1<argc && tar_re_search) { /* Doing regular expression seaches */ + if (Optind+1<argc && tar_re_search && tar_clipfl != 'F') { + /* Doing regular expression seaches not from an inclusion file. */ clipn=argc-Optind-1; cliplist=argv+Optind+1; newOptind += clipn; diff --git a/source/client/smbmount.c b/source/client/smbmount.c index d8254ef23a7..d0ea18d9835 100644 --- a/source/client/smbmount.c +++ b/source/client/smbmount.c @@ -868,6 +868,8 @@ static void parse_mount_smb(int argc, char **argv) DEBUGLEVEL = 1; + load_case_tables(); + /* here we are interactive, even if run from autofs */ setup_logging("mount.smbfs",True); diff --git a/source/configure.in b/source/configure.in index f72864ed117..b011361a4df 100644 --- a/source/configure.in +++ b/source/configure.in @@ -206,6 +206,7 @@ dnl Unique-to-Samba variables we'll be playing with. AC_SUBST(SHELL) AC_SUBST(LDSHFLAGS) AC_SUBST(SONAMEFLAG) +AC_SUBST(SONAMEVERSIONSUFFIX) AC_SUBST(SHLD) AC_SUBST(HOST_OS) AC_SUBST(PICFLAGS) @@ -1382,6 +1383,7 @@ BLDSHARED="false" HOST_OS="$host_os" LDSHFLAGS="-shared" SONAMEFLAG="#" +SONAMEVERSIONSUFFIX="" SHLD="\${CC} \${CFLAGS}" PICFLAGS="" PICSUFFIX="po" @@ -1406,6 +1408,7 @@ if test "$enable_shared" = "yes"; then DYNEXP="-Wl,--export-dynamic" PICFLAGS="-fPIC" SONAMEFLAG="-Wl,-soname=" + SONAMEVERSIONSUFFIX=".2" AC_DEFINE(STAT_ST_BLOCKSIZE,512) ;; *solaris*) AC_DEFINE(SUNOS5,1,[Whether the host os is solaris]) diff --git a/source/include/includes.h b/source/include/includes.h index 6342925877c..6849970d7cd 100644 --- a/source/include/includes.h +++ b/source/include/includes.h @@ -533,9 +533,11 @@ /* If we have --enable-developer and the valgrind header is present, * then we're OK to use it. Set a macro so this logic can be done only * once. */ -#if defined(DEVELOPER) && (HAVE_VALGRIND_H || HAVE_VALGRIND_VALGRIND_H) +#if defined(DEVELOPER) && !defined(HAVE_64BIT_LINUX) +#if (HAVE_VALGRIND_H || HAVE_VALGRIND_VALGRIND_H) #define VALGRIND #endif +#endif /* we support ADS if we want it and have krb5 and ldap libs */ diff --git a/source/include/smb.h b/source/include/smb.h index 36d8cd318de..d28b9f6cdcf 100644 --- a/source/include/smb.h +++ b/source/include/smb.h @@ -173,7 +173,7 @@ typedef smb_ucs2_t wfstring[FSTRING_LEN]; #define UCS2_CHAR(c) ((c) << UCS2_SHIFT) /* return an ascii version of a ucs2 character */ -#define UCS2_TO_CHAR(c) ((c) & 0xff) +#define UCS2_TO_CHAR(c) (((c) >> UCS2_SHIFT) & 0xff) /* Copy into a smb_ucs2_t from a possibly unaligned buffer. Return the copied smb_ucs2_t */ #define COPY_UCS2_CHAR(dest,src) (((unsigned char *)(dest))[0] = ((unsigned char *)(src))[0],\ diff --git a/source/lib/util_str.c b/source/lib/util_str.c index 0b02487f774..07626a3feca 100644 --- a/source/lib/util_str.c +++ b/source/lib/util_str.c @@ -1797,6 +1797,9 @@ int str_list_count( const char **list ) { int i = 0; + if ( ! list ) + return 0; + /* count the number of list members */ for ( i=0; *list; i++, list++ ); diff --git a/source/libmsrpc/cac_samr.c b/source/libmsrpc/cac_samr.c index 65141ca3195..bf34ec55b83 100644 --- a/source/libmsrpc/cac_samr.c +++ b/source/libmsrpc/cac_samr.c @@ -891,7 +891,7 @@ int cac_SamClearGroupMembers(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, POLICY_H int result = CAC_SUCCESS; - uint32 i = 0; + int i = 0; uint32 num_mem = 0; uint32 *rid = NULL; @@ -1389,7 +1389,7 @@ int cac_SamClearAliasMembers(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, POLICY_H int result = CAC_SUCCESS; - uint32 i = 0; + int i = 0; uint32 num_mem = 0; DOM_SID *sid = NULL; diff --git a/source/libsmb/conncache.c b/source/libsmb/conncache.c index fe863db422a..2af4d57b804 100644 --- a/source/libsmb/conncache.c +++ b/source/libsmb/conncache.c @@ -105,10 +105,11 @@ void add_failed_connection_entry(const char *domain, const char *server, NTSTATU a domain, but maybe not a specific DC name. */ for (fcc = failed_connection_cache; fcc; fcc = fcc->next) { - if ( strequal(fcc->domain_name, domain) && strequal(fcc->controller, server) ) - { + if ( strequal(fcc->domain_name, domain) && strequal(fcc->controller, server) ) { DEBUG(10, ("add_failed_connection_entry: domain %s (%s) already tried and failed\n", domain, server )); + /* Update the failed time. */ + fcc->lookup_time = time(NULL); return; } } diff --git a/source/libsmb/ntlmssp.c b/source/libsmb/ntlmssp.c index c891ede9bb7..e1ef69aed99 100644 --- a/source/libsmb/ntlmssp.c +++ b/source/libsmb/ntlmssp.c @@ -72,6 +72,8 @@ void debug_ntlmssp_flags(uint32 neg_flags) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_SIGN\n")); if (neg_flags & NTLMSSP_NEGOTIATE_SEAL) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_SEAL\n")); + if (neg_flags & NTLMSSP_NEGOTIATE_DATAGRAM_STYLE) + DEBUGADD(4, (" NTLMSSP_NEGOTIATE_DATAGRAM_STYLE\n")); if (neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_LM_KEY\n")); if (neg_flags & NTLMSSP_NEGOTIATE_NETWARE) @@ -86,6 +88,10 @@ void debug_ntlmssp_flags(uint32 neg_flags) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL\n")); if (neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_ALWAYS_SIGN\n")); + if (neg_flags & NTLMSSP_CHAL_ACCEPT_RESPONSE) + DEBUGADD(4, (" NTLMSSP_CHAL_ACCEPT_RESPONSE\n")); + if (neg_flags & NTLMSSP_CHAL_NON_NT_SESSION_KEY) + DEBUGADD(4, (" NTLMSSP_CHAL_NON_NT_SESSION_KEY\n")); if (neg_flags & NTLMSSP_NEGOTIATE_NTLM2) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NTLM2\n")); if (neg_flags & NTLMSSP_CHAL_TARGET_INFO) @@ -94,6 +100,8 @@ void debug_ntlmssp_flags(uint32 neg_flags) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_128\n")); if (neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_KEY_EXCH\n")); + if (neg_flags & NTLMSSP_NEGOTIATE_56) + DEBUGADD(4, (" NTLMSSP_NEGOTIATE_56\n")); } /** @@ -382,11 +390,16 @@ static void ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state, by the client lanman auth/lanman auth parameters, it isn't too bad. */ -void ntlmssp_weaken_keys(NTLMSSP_STATE *ntlmssp_state) +DATA_BLOB ntlmssp_weaken_keys(NTLMSSP_STATE *ntlmssp_state, TALLOC_CTX *mem_ctx) { + DATA_BLOB weakened_key = data_blob_talloc(mem_ctx, + ntlmssp_state->session_key.data, + ntlmssp_state->session_key.length); + /* Nothing to weaken. We certainly don't want to 'extend' the length... */ - if (ntlmssp_state->session_key.length < 8) { - return; + if (weakened_key.length < 16) { + /* perhaps there was no key? */ + return weakened_key; } /* Key weakening not performed on the master key for NTLM2 @@ -395,17 +408,19 @@ void ntlmssp_weaken_keys(NTLMSSP_STATE *ntlmssp_state) */ if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) { - if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_128) { - ; - } else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) { - ntlmssp_state->session_key.data[7] = 0xa0; + /* LM key doesn't support 128 bit crypto, so this is + * the best we can do. If you negotiate 128 bit, but + * not 56, you end up with 40 bit... */ + if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) { + weakened_key.data[7] = 0xa0; } else { /* forty bits */ - ntlmssp_state->session_key.data[5] = 0xe5; - ntlmssp_state->session_key.data[6] = 0x38; - ntlmssp_state->session_key.data[7] = 0xb0; + weakened_key.data[5] = 0xe5; + weakened_key.data[6] = 0x38; + weakened_key.data[7] = 0xb0; } - ntlmssp_state->session_key.length = 8; + weakened_key.length = 8; } + return weakened_key; } /** @@ -775,9 +790,6 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, ntlmssp_state->session_key = session_key; } - /* The client might need us to use a partial-strength session key */ - ntlmssp_weaken_keys(ntlmssp_state); - if (!NT_STATUS_IS_OK(nt_status)) { ntlmssp_state->session_key = data_blob(NULL, 0); } else if (ntlmssp_state->session_key.length) { @@ -1093,9 +1105,6 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, ntlmssp_state->session_key = session_key; - /* The client might be using 56 or 40 bit weakened keys */ - ntlmssp_weaken_keys(ntlmssp_state); - ntlmssp_state->chal = challenge_blob; ntlmssp_state->lm_resp = lm_response; ntlmssp_state->nt_resp = nt_response; diff --git a/source/libsmb/ntlmssp_sign.c b/source/libsmb/ntlmssp_sign.c index cc6323718b3..42ed0f94184 100644 --- a/source/libsmb/ntlmssp_sign.c +++ b/source/libsmb/ntlmssp_sign.c @@ -236,8 +236,6 @@ NTSTATUS ntlmssp_seal_packet(NTLMSSP_STATE *ntlmssp_state, uchar *whole_pdu, size_t pdu_length, DATA_BLOB *sig) { - NTSTATUS nt_status; - if (!(ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL)) { DEBUG(3, ("NTLMSSP Sealing not negotiated - cannot seal packet!\n")); return NT_STATUS_INVALID_PARAMETER; @@ -254,10 +252,14 @@ NTSTATUS ntlmssp_seal_packet(NTLMSSP_STATE *ntlmssp_state, /* The order of these two operations matters - we must first seal the packet, then seal the sequence number - this is becouse the send_seal_hash is not constant, but is is rather updated with each iteration */ - nt_status = ntlmssp_make_packet_signature(ntlmssp_state, + NTSTATUS nt_status = ntlmssp_make_packet_signature(ntlmssp_state, data, length, whole_pdu, pdu_length, NTLMSSP_SEND, sig, False); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } + smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state, data, length); if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) { smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state, sig->data+4, 8); @@ -283,8 +285,6 @@ NTSTATUS ntlmssp_seal_packet(NTLMSSP_STATE *ntlmssp_state, smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4); ntlmssp_state->ntlmv1_seq_num++; - - nt_status = NT_STATUS_OK; } dump_data_pw("ntlmssp signature\n", sig->data, sig->length); dump_data_pw("ntlmssp sealed data\n", data, length); @@ -327,18 +327,24 @@ NTSTATUS ntlmssp_unseal_packet(NTLMSSP_STATE *ntlmssp_state, NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state) { unsigned char p24[24]; + TALLOC_CTX *mem_ctx; ZERO_STRUCT(p24); + mem_ctx = talloc_init("weak_keys"); + if (!mem_ctx) { + return NT_STATUS_NO_MEMORY; + } + DEBUG(3, ("NTLMSSP Sign/Seal - Initialising with flags:\n")); debug_ntlmssp_flags(ntlmssp_state->neg_flags); - if (!ntlmssp_state->session_key.length) { + if (ntlmssp_state->session_key.length < 8) { + talloc_free(mem_ctx); DEBUG(3, ("NO session key, cannot intialise signing\n")); return NT_STATUS_NO_USER_SESSION_KEY; } - if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) - { + if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { DATA_BLOB weak_session_key = ntlmssp_state->session_key; const char *send_sign_const; const char *send_seal_const; @@ -359,11 +365,8 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state) recv_seal_const = CLI_SEAL; break; default: - send_sign_const = "unknown role"; - send_seal_const = "unknown role"; - recv_sign_const = "unknown role"; - recv_seal_const = "unknown role"; - break; + talloc_free(mem_ctx); + return NT_STATUS_INTERNAL_ERROR; } /** @@ -374,7 +377,7 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state) if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_128) { ; } else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) { - weak_session_key.length = 6; + weak_session_key.length = 7; } else { /* forty bits */ weak_session_key.length = 5; } @@ -383,12 +386,13 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state) weak_session_key.data, weak_session_key.length); - /* SEND */ + /* SEND: sign key */ calc_ntlmv2_key(ntlmssp_state->send_sign_key, ntlmssp_state->session_key, send_sign_const); dump_data_pw("NTLMSSP send sign key:\n", ntlmssp_state->send_sign_key, 16); + /* SEND: seal ARCFOUR pad */ calc_ntlmv2_key(ntlmssp_state->send_seal_key, weak_session_key, send_seal_const); dump_data_pw("NTLMSSP send seal key:\n", @@ -401,12 +405,13 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state) ntlmssp_state->send_seal_arc4_state, sizeof(ntlmssp_state->send_seal_arc4_state)); - /* RECV */ + /* RECV: sign key */ calc_ntlmv2_key(ntlmssp_state->recv_sign_key, ntlmssp_state->session_key, recv_sign_const); dump_data_pw("NTLMSSP recv send sign key:\n", ntlmssp_state->recv_sign_key, 16); + /* RECV: seal ARCFOUR pad */ calc_ntlmv2_key(ntlmssp_state->recv_seal_key, weak_session_key, recv_seal_const); @@ -446,10 +451,12 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state) weak_session_key.length); #endif + DATA_BLOB weak_session_key = ntlmssp_weaken_keys(ntlmssp_state, mem_ctx); + DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n")); smb_arc4_init(ntlmssp_state->ntlmv1_arc4_state, - ntlmssp_state->session_key.data, ntlmssp_state->session_key.length); + weak_session_key.data, weak_session_key.length); dump_data_pw("NTLMv1 arc4 state:\n", ntlmssp_state->ntlmv1_arc4_state, sizeof(ntlmssp_state->ntlmv1_arc4_state)); @@ -457,5 +464,6 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state) ntlmssp_state->ntlmv1_seq_num = 0; } + talloc_free(mem_ctx); return NT_STATUS_OK; } diff --git a/source/libsmb/passchange.c b/source/libsmb/passchange.c index b104a4678d9..8b811b06ead 100644 --- a/source/libsmb/passchange.c +++ b/source/libsmb/passchange.c @@ -34,6 +34,7 @@ BOOL remote_password_change(const char *remote_machine, const char *user_name, struct in_addr ip; NTSTATUS result; + BOOL pass_must_change = False; *err_str = '\0'; @@ -73,6 +74,28 @@ BOOL remote_password_change(const char *remote_machine, const char *user_name, /* Given things like SMB signing, restrict anonymous and the like, try an authenticated connection first */ if (!cli_session_setup(&cli, user_name, old_passwd, strlen(old_passwd)+1, old_passwd, strlen(old_passwd)+1, "")) { + + result = cli_nt_error(&cli); + + if (!NT_STATUS_IS_OK(result)) { + + /* Password must change is the only valid error + * condition here from where we can proceed, the rest + * like account locked out or logon failure will lead + * to errors later anyway */ + + if (!NT_STATUS_EQUAL(result, + NT_STATUS_PASSWORD_MUST_CHANGE)) { + slprintf(err_str, err_str_len-1, "Could not " + "connect to machine %s: %s\n", + remote_machine, cli_errstr(&cli)); + cli_shutdown(&cli); + return False; + } + + pass_must_change = True; + } + /* * We should connect as the anonymous user here, in case * the server has "must change password" checked... @@ -100,13 +123,25 @@ BOOL remote_password_change(const char *remote_machine, const char *user_name, /* Try not to give the password away too easily */ - pipe_hnd = cli_rpc_pipe_open_ntlmssp(&cli, + if (!pass_must_change) { + pipe_hnd = cli_rpc_pipe_open_ntlmssp(&cli, PI_SAMR, PIPE_AUTH_LEVEL_PRIVACY, "", /* what domain... ? */ user_name, old_passwd, &result); + } else { + /* + * If the user password must be changed the ntlmssp bind will + * fail the same way as the session setup above did. The + * difference ist that with a pipe bind we don't get a good + * error message, the result will be that the rpc call below + * will just fail. So we do it anonymously, there's no other + * way. + */ + pipe_hnd = cli_rpc_pipe_open_noauth(&cli, PI_SAMR, &result); + } if (!pipe_hnd) { if (lp_client_lanman_auth()) { diff --git a/source/modules/getdate.c b/source/modules/getdate.c index 491c51294e9..51211f316d5 100644 --- a/source/modules/getdate.c +++ b/source/modules/getdate.c @@ -138,6 +138,7 @@ #endif #include <ctype.h> +#include <string.h> #if HAVE_STDLIB_H # include <stdlib.h> /* for `free'; used by Bison 1.27 */ diff --git a/source/modules/getdate.y b/source/modules/getdate.y index aab37f4d235..60b1aa577ec 100644 --- a/source/modules/getdate.y +++ b/source/modules/getdate.y @@ -43,6 +43,7 @@ #endif #include <ctype.h> +#include <string.h> #if HAVE_STDLIB_H # include <stdlib.h> /* for `free'; used by Bison 1.27 */ diff --git a/source/pam_smbpass/pam_smb_auth.c b/source/pam_smbpass/pam_smb_auth.c index 70275abf922..5be6b4ec09c 100644 --- a/source/pam_smbpass/pam_smb_auth.c +++ b/source/pam_smbpass/pam_smb_auth.c @@ -67,7 +67,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, SAM_ACCOUNT *sampass = NULL; extern BOOL in_client; const char *name; - void (*oldsig_handler)(int); + void (*oldsig_handler)(int) = NULL; BOOL found; /* Points to memory managed by the PAM library. Do not free. */ diff --git a/source/param/loadparm.c b/source/param/loadparm.c index 526bce9b60e..c535903d2b7 100644 --- a/source/param/loadparm.c +++ b/source/param/loadparm.c @@ -1623,10 +1623,7 @@ static void init_globals(void) operations as root */ Globals.bEnablePrivileges = False; - Globals.bASUSupport = True; - - Globals.szServicesList = str_list_make( "Spooler NETLOGON", NULL ); } static TALLOC_CTX *lp_talloc; diff --git a/source/printing/nt_printing.c b/source/printing/nt_printing.c index 3649da1ac05..1df6bb605aa 100644 --- a/source/printing/nt_printing.c +++ b/source/printing/nt_printing.c @@ -4779,6 +4779,11 @@ static BOOL delete_driver_files( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3, struct return False; } + if ( !CAN_WRITE(conn) ) { + DEBUG(3,("delete_driver_files: Cannot delete print driver when [print$] is read-only\n")); + return False; + } + /* Save who we are - we are temporarily becoming the connection user. */ if ( !become_user(conn, conn->vuid) ) { diff --git a/source/printing/print_iprint.c b/source/printing/print_iprint.c index 6193dbe2ca9..fc606676284 100644 --- a/source/printing/print_iprint.c +++ b/source/printing/print_iprint.c @@ -1206,7 +1206,7 @@ static int iprint_queue_get(const char *sharename, static int iprint_queue_pause(int snum) { - return(-1); //Not supported without credentials + return(-1); /* Not supported without credentials */ } @@ -1216,7 +1216,7 @@ static int iprint_queue_pause(int snum) static int iprint_queue_resume(int snum) { - return(-1); //Not supported without credentials + return(-1); /* Not supported without credentials */ } /******************************************************************* diff --git a/source/python/setup.py b/source/python/setup.py index ffdafd70877..ce417710b30 100755 --- a/source/python/setup.py +++ b/source/python/setup.py @@ -63,9 +63,9 @@ for lib in string.split(samba_libs): next_is_flag = 0; elif lib == "-Wl,-rpath": next_is_path = 1; - elif lib[0:2] in ("-l"): + elif lib[0:2] == ("-l"): libraries.append(lib[2:]) - elif lib[0:8] in ("-pthread"): + elif lib[0:8] == ("-pthread"): pass # Skip linker flags elif lib[0:2] == "-L": library_dirs.append(lib[2:]) diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c index cd8f3201d78..4e6ebeaf64f 100644 --- a/source/rpc_server/srv_samr_nt.c +++ b/source/rpc_server/srv_samr_nt.c @@ -252,6 +252,17 @@ static DISP_INFO *get_samr_dispinfo_by_sid(DOM_SID *psid, const char *sid_str) TALLOC_CTX *mem_ctx; DISP_INFO *dpi; + /* There are two cases to consider here: + 1) The SID is a domain SID and we look for an equality match, or + 2) This is an account SID and so we return the DISP_INFO* for our + domain */ + + if ( psid && sid_check_is_in_our_domain( psid ) ) { + DEBUG(10,("get_samr_dispinfo_by_sid: Replacing %s with our domain SID\n", + sid_str)); + psid = get_global_sam_sid(); + } + for (dpi = disp_info_list; dpi; dpi = dpi->next) { if (sid_equal(psid, &dpi->sid)) { return dpi; diff --git a/source/rpc_server/srv_spoolss_nt.c b/source/rpc_server/srv_spoolss_nt.c index 334158bbbd2..bf7e01ddf3c 100644 --- a/source/rpc_server/srv_spoolss_nt.c +++ b/source/rpc_server/srv_spoolss_nt.c @@ -1967,9 +1967,20 @@ WERROR _spoolss_deleteprinterdriver(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIVER struct current_user user; WERROR status; WERROR status_win2k = WERR_ACCESS_DENIED; + SE_PRIV se_printop = SE_PRINT_OPERATOR; get_current_user(&user, p); + /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, + and not a printer admin, then fail */ + + if ( (user.uid != 0) + && !user_has_privileges(user.nt_user_token, &se_printop ) + && !user_in_list(uidtoname(user.uid), lp_printer_admin(-1), user.groups, user.ngroups) ) + { + return WERR_ACCESS_DENIED; + } + unistr2_to_ascii(driver, &q_u->driver, sizeof(driver)-1 ); unistr2_to_ascii(arch, &q_u->arch, sizeof(arch)-1 ); @@ -2053,9 +2064,20 @@ WERROR _spoolss_deleteprinterdriverex(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIV struct current_user user; WERROR status; WERROR status_win2k = WERR_ACCESS_DENIED; + SE_PRIV se_printop = SE_PRINT_OPERATOR; get_current_user(&user, p); + /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, + and not a printer admin, then fail */ + + if ( (user.uid != 0) + && !user_has_privileges(user.nt_user_token, &se_printop ) + && !user_in_list(uidtoname(user.uid), lp_printer_admin(-1), user.groups, user.ngroups) ) + { + return WERR_ACCESS_DENIED; + } + unistr2_to_ascii(driver, &q_u->driver, sizeof(driver)-1 ); unistr2_to_ascii(arch, &q_u->arch, sizeof(arch)-1 ); diff --git a/source/rpc_server/srv_svcctl_nt.c b/source/rpc_server/srv_svcctl_nt.c index 049bdf60756..a0b8b66f508 100644 --- a/source/rpc_server/srv_svcctl_nt.c +++ b/source/rpc_server/srv_svcctl_nt.c @@ -72,7 +72,7 @@ BOOL init_service_op_table( void ) /* services listed in smb.conf get the rc.init interface */ - for ( i=0; service_list[i]; i++ ) { + for ( i=0; service_list && service_list[i]; i++ ) { svcctl_ops[i].name = talloc_strdup( svcctl_ops, service_list[i] ); svcctl_ops[i].ops = &rcinit_svc_ops; } diff --git a/source/rpcclient/rpcclient.c b/source/rpcclient/rpcclient.c index 5bca67d7a63..6bed52c3960 100644 --- a/source/rpcclient/rpcclient.c +++ b/source/rpcclient/rpcclient.c @@ -689,6 +689,7 @@ out_free: struct in_addr server_ip; NTSTATUS nt_status; static int opt_port = 0; + fstring new_workgroup; /* make sure the vars that get altered (4th field) are in a fixed location or certain compilers complain */ @@ -755,11 +756,22 @@ out_free: if (!init_names()) return 1; + /* save the workgroup... + + FIXME!! do we need to do this for other options as well + (or maybe a generic way to keep lp_load() from overwriting + everything)? */ + + fstrcpy( new_workgroup, lp_workgroup() ); + /* Load smb.conf file */ if (!lp_load(dyn_CONFIGFILE,True,False,False)) fprintf(stderr, "Can't load %s\n", dyn_CONFIGFILE); + if ( strlen(new_workgroup) != 0 ) + set_global_myworkgroup( new_workgroup ); + /* * Get password * from stdin if necessary diff --git a/source/services/services_db.c b/source/services/services_db.c index a16657c0edc..6c38c6ed0a9 100644 --- a/source/services/services_db.c +++ b/source/services/services_db.c @@ -436,7 +436,7 @@ void svcctl_init_keys( void ) for ( i=0; builtin_svcs[i].servicename; i++ ) add_new_svc_name( key, subkeys, builtin_svcs[i].servicename ); - for ( i=0; service_list[i]; i++ ) { + for ( i=0; service_list && service_list[i]; i++ ) { /* only add new services */ if ( regsubkey_ctr_key_exists( subkeys, service_list[i] ) ) diff --git a/source/smbadduser.in b/source/smbadduser.in index 05da7de08ee..4b9671319a3 100644 --- a/source/smbadduser.in +++ b/source/smbadduser.in @@ -10,15 +10,15 @@ PRIVATEDIR=@privatedir@ CONFIGDIR=@configdir@ unalias * -set path = ($path /usr/local/samba/bin) +set path = ($path /usr/bin) set smbpasswd = $PRIVATEDIR/smbpasswd -set user_map = $CONFIGDIR/users.map +set user_map = $CONFIGDIR/smbusers # # Set to site specific passwd command # -set passwd = "cat /etc/passwd" +set passwd = "getent passwd" #set passwd = "niscat passwd.org_dir" #set passwd = "ypcat passwd" diff --git a/source/smbd/open.c b/source/smbd/open.c index 431db00ab03..dca8581874e 100644 --- a/source/smbd/open.c +++ b/source/smbd/open.c @@ -73,23 +73,6 @@ int fd_close(struct connection_struct *conn, return fd_close_posix(conn, fsp); } - -/**************************************************************************** - Check a filename for the pipe string. -****************************************************************************/ - -static void check_for_pipe(const char *fname) -{ - /* special case of pipe opens */ - char s[10]; - StrnCpy(s,fname,sizeof(s)-1); - strlower_m(s); - if (strstr(s,"pipe/")) { - DEBUG(3,("Rejecting named pipe open for %s\n",fname)); - set_saved_error_triple(ERRSRV, ERRaccess, NT_STATUS_ACCESS_DENIED); - } -} - /**************************************************************************** Change the ownership of a file to that of the parent directory. Do this by fd if possible. @@ -226,7 +209,6 @@ static BOOL open_file(files_struct *fsp, /* It's a read-only share - fail if we wanted to write. */ if(accmode != O_RDONLY) { DEBUG(3,("Permission denied opening %s\n",fname)); - check_for_pipe(fname); return False; } else if(flags & O_CREAT) { /* We don't want to write - but we must make sure that @@ -292,7 +274,6 @@ static BOOL open_file(files_struct *fsp, DEBUG(3,("Error opening file %s (%s) (local_flags=%d) " "(flags=%d)\n", fname,strerror(errno),local_flags,flags)); - check_for_pipe(fname); return False; } @@ -1832,12 +1813,6 @@ files_struct *open_directory(connection_struct *conn, return NULL; } - if (dir_existed && !S_ISDIR(psbuf->st_mode)) { - DEBUG(0,("open_directory: %s is not a directory !\n", fname )); - set_saved_ntstatus(NT_STATUS_NOT_A_DIRECTORY); - return NULL; - } - switch( create_disposition ) { case FILE_OPEN: /* If directory exists open. If directory doesn't diff --git a/source/smbd/oplock.c b/source/smbd/oplock.c index 755bcffc7f7..5cc027fcc98 100644 --- a/source/smbd/oplock.c +++ b/source/smbd/oplock.c @@ -56,23 +56,14 @@ BOOL oplock_message_waiting(fd_set *fds) } /**************************************************************************** - Read an oplock break message from either the oplock UDP fd or the - kernel (if kernel oplocks are supported). - - If timeout is zero then *fds contains the file descriptors that - are ready to be read and acted upon. If timeout is non-zero then - *fds contains the file descriptors to be selected on for read. - The timeout is in milliseconds - + Find out if there are any kernel oplock messages waiting and process them + if so. pfds is the fd_set from the main select loop (which contains any + kernel oplock fd if that's what the system uses (IRIX). If may be NULL if + we're calling this in a shutting down state. ****************************************************************************/ -void process_kernel_oplocks(void) +void process_kernel_oplocks(fd_set *pfds) { - fd_set fds; - - FD_ZERO(&fds); - smb_read_error = 0; - /* * We need to check for kernel oplocks before going into the select * here, as the EINTR generated by the linux kernel oplock may have @@ -83,11 +74,11 @@ void process_kernel_oplocks(void) return; } - while (koplocks->msg_waiting(&fds)) { + while (koplocks->msg_waiting(pfds)) { files_struct *fsp; char msg[MSG_SMB_KERNEL_BREAK_SIZE]; - fsp = koplocks->receive_message(&fds); + fsp = koplocks->receive_message(pfds); if (fsp == NULL) { DEBUG(3, ("Kernel oplock message announced, but none " diff --git a/source/smbd/oplock_irix.c b/source/smbd/oplock_irix.c index 2224f9a6682..fa86211c7f6 100644 --- a/source/smbd/oplock_irix.c +++ b/source/smbd/oplock_irix.c @@ -93,6 +93,9 @@ static files_struct *irix_oplock_receive_message(fd_set *fds) char dummy; files_struct *fsp; + /* Ensure we only get one call per select fd set. */ + FD_CLR(oplock_pipe_read, fds); + /* * Read one byte of zero to clear the * kernel break notify message. @@ -204,14 +207,32 @@ oplock state of %x.\n", fsp->fsp_name, (unsigned int)fsp->dev, /**************************************************************************** Set *maxfd to include oplock read pipe. + Note that fds MAY BE NULL ! If so we must do our own select. ****************************************************************************/ static BOOL irix_oplock_msg_waiting(fd_set *fds) { + int maxfd, selrtn; + fd_set myfds; + struct timeval to; + if (oplock_pipe_read == -1) return False; - return FD_ISSET(oplock_pipe_read,fds); + if (fds) { + return FD_ISSET(oplock_pipe_read, fds); + } + + /* Do a zero-time select. We just need to find out if there + * are any outstanding messages. We use sys_select_intr as + * we need to ignore any signals. */ + + FD_ZERO(&myfds); + FD_SET(oplock_pipe_read, &myfds); + + to = timeval_set(0, 0); + selrtn = sys_select_intr(oplock_pipe_read+1,&myfds,NULL,NULL,&to); + return (selrtn == 1) ? True : False; } /**************************************************************************** diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c index 568880f2526..610fce866a3 100644 --- a/source/smbd/posix_acls.c +++ b/source/smbd/posix_acls.c @@ -4218,7 +4218,6 @@ BOOL can_write_to_file(connection_struct *conn, const char *fname, SMB_STRUCT_ST SEC_DESC* get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname) { SEC_DESC *psd, *ret_sd; - size_t sd_size; connection_struct conn; files_struct finfo; struct fd_handle fh; @@ -4229,7 +4228,7 @@ SEC_DESC* get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname) conn.service = -1; if ( !(conn.mem_ctx = talloc_init( "novfs_get_nt_acl" )) ) { - DEBUG(0,("novfs_get_nt_acl: talloc() failed!\n")); + DEBUG(0,("get_nt_acl_no_snum: talloc() failed!\n")); return NULL; } @@ -4237,7 +4236,8 @@ SEC_DESC* get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname) string_set(&conn.connectpath, path); if (!smbd_vfs_init(&conn)) { - DEBUG(0,("novfs_get_nt_acl: Unable to create a fake connection struct!\n")); + DEBUG(0,("get_nt_acl_no_snum: Unable to create a fake connection struct!\n")); + conn_free_internal( &conn ); return NULL; } @@ -4251,7 +4251,11 @@ SEC_DESC* get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname) pstrcpy( filename, fname ); finfo.fsp_name = filename; - sd_size = get_nt_acl( &finfo, DACL_SECURITY_INFORMATION, &psd ); + if (get_nt_acl( &finfo, DACL_SECURITY_INFORMATION, &psd ) == 0) { + DEBUG(0,("get_nt_acl_no_snum: get_nt_acl returned zero.\n")); + conn_free_internal( &conn ); + return NULL; + } ret_sd = dup_sec_desc( ctx, psd ); diff --git a/source/smbd/process.c b/source/smbd/process.c index 0b7b94cce21..38d6e4d7cf1 100644 --- a/source/smbd/process.c +++ b/source/smbd/process.c @@ -398,13 +398,13 @@ struct idle_event *add_idle_event(TALLOC_CTX *mem_ctx, notify events etc. ****************************************************************************/ -static void async_processing(void) +static void async_processing(fd_set *pfds) { DEBUG(10,("async_processing: Doing async processing.\n")); process_aio_queue(); - process_kernel_oplocks(); + process_kernel_oplocks(pfds); /* Do the aio check again after receive_local_message as it does a select and may have eaten our signal. */ @@ -527,7 +527,7 @@ static BOOL receive_message_or_smb(char *buffer, int buffer_len, int timeout) if (oplock_message_waiting(&fds)) { DEBUG(10,("receive_message_or_smb: oplock_message is waiting.\n")); - async_processing(); + async_processing(&fds); /* * After async processing we must go and do the select again, as * the state of the flag in fds for the server file descriptor is @@ -554,7 +554,7 @@ static BOOL receive_message_or_smb(char *buffer, int buffer_len, int timeout) is the best we can do until the oplock code knows more about signals */ if (selrtn == -1 && errno == EINTR) { - async_processing(); + async_processing(&fds); /* * After async processing we must go and do the select again, as * the state of the flag in fds for the server file descriptor is @@ -583,7 +583,7 @@ static BOOL receive_message_or_smb(char *buffer, int buffer_len, int timeout) */ if (oplock_message_waiting(&fds)) { - async_processing(); + async_processing(&fds); /* * After async processing we must go and do the select again, as * the state of the flag in fds for the server file descriptor is @@ -632,7 +632,7 @@ void respond_to_all_remaining_local_messages(void) return; } - process_kernel_oplocks(); + process_kernel_oplocks(NULL); return; } diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c index a95e0163e16..6830644d8d1 100644 --- a/source/smbd/trans2.c +++ b/source/smbd/trans2.c @@ -1927,6 +1927,8 @@ resume_key = %d resume name = %s continue=%d level = %d\n", case SMB_FIND_FILE_FULL_DIRECTORY_INFO: case SMB_FIND_FILE_NAMES_INFO: case SMB_FIND_FILE_BOTH_DIRECTORY_INFO: + case SMB_FIND_ID_FULL_DIRECTORY_INFO: + case SMB_FIND_ID_BOTH_DIRECTORY_INFO: break; case SMB_FIND_FILE_UNIX: if (!lp_unix_extensions()) diff --git a/source/utils/nmblookup.c b/source/utils/nmblookup.c index e88d7862901..acc8a74dc22 100644 --- a/source/utils/nmblookup.c +++ b/source/utils/nmblookup.c @@ -169,13 +169,12 @@ static BOOL query_one(const char *lookup, unsigned int lookup_type) } } d_printf("%s %s<%02x>\n",inet_ntoa(ip_list[j]),lookup, lookup_type); - } - - /* We can only do find_status if the ip address returned - was valid - ie. name_query returned true. - */ - if (find_status) { - do_node_status(ServerFD, lookup, lookup_type, ip_list[0]); + /* We can only do find_status if the ip address returned + was valid - ie. name_query returned true. + */ + if (find_status) { + do_node_status(ServerFD, lookup, lookup_type, ip_list[j]); + } } safe_free(ip_list); diff --git a/source/utils/passwd_util.c b/source/utils/passwd_util.c new file mode 100644 index 00000000000..8ce83ecbf48 --- /dev/null +++ b/source/utils/passwd_util.c @@ -0,0 +1,69 @@ +/* + Unix SMB/CIFS implementation. + passdb editing frontend + + Copyright (C) Jeremy Allison 1998 + Copyright (C) Andrew Tridgell 1998 + Copyright (C) Tim Potter 2000 + Copyright (C) Simo Sorce 2000 + Copyright (C) Martin Pool 2001 + Copyright (C) Gerald Carter 2002 + Copyright (C) Andrew Bartlett 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +/************************************************************* + Utility function to prompt for passwords from stdin. Each + password entered must end with a newline. +*************************************************************/ +char *stdin_new_passwd( void) +{ + static fstring new_pw; + size_t len; + + ZERO_ARRAY(new_pw); + + /* + * if no error is reported from fgets() and string at least contains + * the newline that ends the password, then replace the newline with + * a null terminator. + */ + if ( fgets(new_pw, sizeof(new_pw), stdin) != NULL) { + if ((len = strlen(new_pw)) > 0) { + if(new_pw[len-1] == '\n') + new_pw[len - 1] = 0; + } + } + return(new_pw); +} + +/************************************************************* + Utility function to get passwords via tty or stdin + Used if the '-s' (smbpasswd) or '-t' (pdbedit) option is set + to silently get passwords to enable scripting. +*************************************************************/ +char *get_pass( const char *prompt, BOOL stdin_get) +{ + char *p; + if (stdin_get) { + p = stdin_new_passwd(); + } else { + p = getpass( prompt); + } + return smb_xstrdup( p); +} diff --git a/source/utils/pdbedit.c b/source/utils/pdbedit.c index ddf0eea169b..01799f18de9 100644 --- a/source/utils/pdbedit.c +++ b/source/utils/pdbedit.c @@ -490,12 +490,14 @@ static int set_user_info (struct pdb_context *in, const char *username, static int new_user (struct pdb_context *in, const char *username, const char *fullname, const char *homedir, const char *drive, const char *script, - const char *profile, char *user_sid, char *group_sid) + const char *profile, char *user_sid, char *group_sid, + BOOL stdin_get) { SAM_ACCOUNT *sam_pwent=NULL; - char *password1, *password2, *staticpass; - + char *password1, *password2; + int rc_pwd_cmp; + get_global_sam_sid(); if (!NT_STATUS_IS_OK(pdb_init_sam_new(&sam_pwent, username, 0))) { @@ -503,28 +505,24 @@ static int new_user (struct pdb_context *in, const char *username, return -1; } - staticpass = getpass("new password:"); - password1 = SMB_STRDUP(staticpass); - memset(staticpass, 0, strlen(staticpass)); - staticpass = getpass("retype new password:"); - password2 = SMB_STRDUP(staticpass); - memset(staticpass, 0, strlen(staticpass)); - if (strcmp (password1, password2)) { - fprintf (stderr, "Passwords does not match!\n"); - memset(password1, 0, strlen(password1)); - SAFE_FREE(password1); - memset(password2, 0, strlen(password2)); - SAFE_FREE(password2); + password1 = get_pass( "new password:", stdin_get); + password2 = get_pass( "retype new password:", stdin_get); + if ((rc_pwd_cmp = strcmp (password1, password2))) { + fprintf (stderr, "Passwords do not match!\n"); pdb_free_sam (&sam_pwent); - return -1; + } else { + pdb_set_plaintext_passwd(sam_pwent, password1); } - pdb_set_plaintext_passwd(sam_pwent, password1); memset(password1, 0, strlen(password1)); SAFE_FREE(password1); memset(password2, 0, strlen(password2)); SAFE_FREE(password2); + /* pwds do _not_ match? */ + if (rc_pwd_cmp) + return -1; + if (fullname) pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED); if (homedir) @@ -732,6 +730,7 @@ int main (int argc, char **argv) static char *pwd_can_change_time = NULL; static char *pwd_must_change_time = NULL; static char *pwd_time_format = NULL; + BOOL pw_from_stdin = False; struct pdb_context *bin; struct pdb_context *bout; @@ -769,8 +768,9 @@ int main (int argc, char **argv) {"bad-password-count-reset", 'z', POPT_ARG_NONE, &badpw_reset, 0, "reset bad password count", NULL}, {"logon-hours-reset", 'Z', POPT_ARG_NONE, &hours_reset, 0, "reset logon hours", NULL}, {"pwd-can-change-time", 0, POPT_ARG_STRING, &pwd_can_change_time, 0, "Set password can change time (unix time in seconds since 1970 if time format not provided)", NULL }, - {"pwd-must-change-time", 0, POPT_ARG_STRING, &pwd_must_change_time, 0, "Set password can change time (unix time in seconds since 1970 if time format not provided)", NULL }, + {"pwd-must-change-time", 0, POPT_ARG_STRING, &pwd_must_change_time, 0, "Set password must change time (unix time in seconds since 1970 if time format not provided)", NULL }, {"time-format", 0, POPT_ARG_STRING, &pwd_time_format, 0, "The time format for time parameters", NULL }, + {"password-from-stdin", 't', POPT_ARG_NONE, &pw_from_stdin, 0, "get password from standard in", NULL}, POPT_COMMON_SAMBA POPT_TABLEEND }; @@ -979,7 +979,8 @@ int main (int argc, char **argv) } else { return new_user (bdef, user_name, full_name, home_dir, home_drive, logon_script, - profile_path, user_sid, group_sid); + profile_path, user_sid, group_sid, + pw_from_stdin); } } diff --git a/source/utils/profiles.c b/source/utils/profiles.c index 05971b0d2e4..9629dffaea2 100644 --- a/source/utils/profiles.c +++ b/source/utils/profiles.c @@ -145,6 +145,8 @@ int main( int argc, char *argv[] ) }; poptContext pc; + load_case_tables(); + /* setup logging options */ setup_logging( "profiles", True ); diff --git a/source/utils/smbpasswd.c b/source/utils/smbpasswd.c index 7659bb2997a..38e56bd6a12 100644 --- a/source/utils/smbpasswd.c +++ b/source/utils/smbpasswd.c @@ -197,48 +197,6 @@ static int process_options(int argc, char **argv, int local_flags) } /************************************************************* - Utility function to prompt for passwords from stdin. Each - password entered must end with a newline. -*************************************************************/ -static char *stdin_new_passwd(void) -{ - static fstring new_pw; - size_t len; - - ZERO_ARRAY(new_pw); - - /* - * if no error is reported from fgets() and string at least contains - * the newline that ends the password, then replace the newline with - * a null terminator. - */ - if ( fgets(new_pw, sizeof(new_pw), stdin) != NULL) { - if ((len = strlen(new_pw)) > 0) { - if(new_pw[len-1] == '\n') - new_pw[len - 1] = 0; - } - } - return(new_pw); -} - - -/************************************************************* - Utility function to get passwords via tty or stdin - Used if the '-s' option is set to silently get passwords - to enable scripting. -*************************************************************/ -static char *get_pass( const char *prompt, BOOL stdin_get) -{ - char *p; - if (stdin_get) { - p = stdin_new_passwd(); - } else { - p = getpass(prompt); - } - return smb_xstrdup(p); -} - -/************************************************************* Utility function to prompt for new password. *************************************************************/ static char *prompt_for_new_password(BOOL stdin_get) diff --git a/source/utils/status.c b/source/utils/status.c index eeaf83d1772..1089a96e4a9 100644 --- a/source/utils/status.c +++ b/source/utils/status.c @@ -101,6 +101,11 @@ static BOOL Ucrit_addPid( pid_t pid ) static void print_share_mode(const struct share_mode_entry *e, const char *sharepath, const char *fname) { static int count; + + if (!is_valid_share_mode_entry(e)) { + return; + } + if (count==0) { d_printf("Locked files:\n"); d_printf("Pid DenyMode Access R/W Oplock SharePath Name\n"); diff --git a/source/web/statuspage.c b/source/web/statuspage.c index 24d7eaf72e7..7430f4ebf59 100644 --- a/source/web/statuspage.c +++ b/source/web/statuspage.c @@ -109,7 +109,13 @@ static char *tstring(time_t t) static void print_share_mode(const struct share_mode_entry *e, const char *sharepath, const char *fname) { char *utf8_fname; - int deny_mode = map_share_mode_to_deny_mode(e->share_access, + int deny_mode; + + if (!is_valid_share_mode_entry(e)) { + return; + } + + deny_mode = map_share_mode_to_deny_mode(e->share_access, e->private_options); printf("<tr><td>%s</td>",_(mapPid2Machine(e->pid))); diff --git a/source/web/swat.c b/source/web/swat.c index 372d473bdb5..91550f7cc9e 100644 --- a/source/web/swat.c +++ b/source/web/swat.c @@ -580,7 +580,11 @@ static void ViewModeBoxes(int mode) ****************************************************************************/ static void welcome_page(void) { - include_html("help/welcome.html"); + if (file_exist("help/welcome.html", NULL)) { + include_html("help/welcome.html"); + } else { + include_html("help/welcome-no-samba-doc.html"); + } } /**************************************************************************** |