Makefile: Added krb5 option from Nathan Neulinger <nneul@umr.edu>

includes.h:	Added krb5 option from Nathan Neulinger  <nneul@umr.edu>, added SGI5 fix.
password.c: Added krb5 option from Nathan Neulinger  <nneul@umr.edu>
quotas.c: Added inode quote fix.
reply.c: removed redundent code.
server.c: Changed error debug to 0, removed redundent check.
util.c: Added close_low_fd() to become_daemon - fix for rsh from Johnathan Knight.
Jeremy (jallison@whistle.com)

6 files changed, 101 insertions, 15 deletions

diff --git a/source/include/includes.h b/source/include/includes.h
index a5adb350775..7dcff542865 100644
--- a/source/include/includes.h
+++ b/source/include/includes.h
@@ -348,6 +348,8 @@ char *getwd(char *);
 #ifdef SGI5
 #include <arpa/inet.h>
 #include <netinet/tcp.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
 #include <sys/statvfs.h>
 #include <string.h>
 #include <signal.h>
@@ -1059,6 +1061,10 @@ struct spwd { /* fake shadow password structure */
 #include <dce/sec_login.h>
 #endif
 
+#ifdef KRB5_AUTH
+#include <krb5.h>
+#endif
+
 #ifdef NO_UTIMBUF
 struct utimbuf {
   time_t actime;
diff --git a/source/lib/util.c b/source/lib/util.c
index 9d6229dbf96..0d7c32be892 100644
--- a/source/lib/util.c
+++ b/source/lib/util.c
@@ -2527,7 +2527,7 @@ void become_daemon(void)
   /* detach from the terminal */
 #ifdef USE_SETSID
   setsid();
-#else
+#else /* USE_SETSID */
 #ifdef TIOCNOTTY
   {
     int i = open("/dev/tty", O_RDWR);
@@ -2537,9 +2537,11 @@ void become_daemon(void)
 	close(i);
       }
   }
-#endif
-#endif
-#endif
+#endif /* TIOCNOTTY */
+#endif /* USE_SETSID */
+  /* Close fd's 0,1,2. Needed if started by rsh */
+  close_low_fds();
+#endif /* NO_FORK_DEBUG */
 }
 
 
diff --git a/source/smbd/password.c b/source/smbd/password.c
index 2ba09f5ad99..e00028d87e1 100644
--- a/source/smbd/password.c
+++ b/source/smbd/password.c
@@ -585,6 +585,86 @@ void dfs_unlogin(void)
 
 #endif
 
+#ifdef KRB5_AUTH
+/*******************************************************************
+check on Kerberos authentication
+********************************************************************/
+static BOOL krb5_auth(char *this_user,char *password)
+{
+	krb5_data tgtname = {
+		0,
+		KRB5_TGS_NAME_SIZE,
+	 	KRB5_TGS_NAME
+ 	};
+	krb5_context kcontext;
+	krb5_principal kprinc;
+	krb5_principal server;
+	krb5_creds kcreds;
+	int options = 0;
+	krb5_address **addrs = (krb5_address **)0;
+	krb5_preauthtype *preauth = NULL;
+	krb5_keytab keytab = NULL;
+	krb5_timestamp now;
+	krb5_ccache ccache = NULL;
+	int retval;
+	char *name;
+
+	if ( retval=krb5_init_context(&kcontext))
+	{
+		return(False);
+	}
+
+	if ( retval = krb5_timeofday(kcontext, &now) )
+	{
+		return(False);
+	}
+
+	if ( retval = krb5_cc_default(kcontext, &ccache) )
+	{
+		return(False);
+	}
+	
+	if ( retval = krb5_parse_name(kcontext, this_user, &kprinc) )
+	{
+		return(False);
+	}
+
+	memset((char *)&kcreds, 0, sizeof(kcreds));
+
+	kcreds.client = kprinc;
+	
+	if ((retval = krb5_build_principal_ext(kcontext, &server,
+		krb5_princ_realm(kcontext, kprinc)->length,
+		krb5_princ_realm(kcontext, kprinc)->data,
+		tgtname.length,
+		tgtname.data,
+		krb5_princ_realm(kcontext, kprinc)->length,
+		krb5_princ_realm(kcontext, kprinc)->data,
+		0)))
+	{
+ 		return(False);
+	}
+
+	kcreds.server = server;
+
+	retval = krb5_get_in_tkt_with_password(kcontext,
+		options,
+		addrs,
+		NULL,
+		preauth,
+		password,
+		0,
+		&kcreds,
+		0);
+
+	if ( retval )
+	{
+		return(False);
+	}
+
+	return(True);
+}
+#endif /* KRB5_AUTH */
 
 #ifdef LINUX_BIGCRYPT
 /****************************************************************************
@@ -687,6 +767,10 @@ Hence we make a direct return to avoid a second chance!!!
   if (dfs_auth(this_user,password)) return(True);
 #endif 
 
+#ifdef KRB5_AUTH
+  if (krb5_auth(this_user,password)) return(True);
+#endif
+
 #ifdef PWDAUTH
   if (pwdauth(this_user,password) == 0)
     return(True);
@@ -1318,7 +1402,8 @@ static BOOL check_user_equiv(char *user, char *remote, char *equiv_file)
 	}
 	file_host = strtok(bp, " \t\n");
 	file_user = strtok(NULL, " \t\n");
-	DEBUG(7, ("check_user_equiv %s %s\n", file_host, file_user));
+	DEBUG(7, ("check_user_equiv %s %s\n", file_host ? file_host : "(null)", 
+                 file_user ? file_user : "(null)" ));
 	if (file_host && *file_host) 
 	{
 	  BOOL host_ok = False;
diff --git a/source/smbd/quotas.c b/source/smbd/quotas.c
index 262eea31004..8cbe46d9e12 100644
--- a/source/smbd/quotas.c
+++ b/source/smbd/quotas.c
@@ -437,7 +437,7 @@ BOOL disk_quotas(char *path, int *bsize, int *dfree, int *dsize)
   /* Use softlimit to determine disk space, except when it has been exceeded */
   if ((D.dqb_curblocks>D.dqb_bsoftlimit)
 #if !defined(__FreeBSD__)
-||(D.dqb_curfiles>D.dqb_fsoftlimit)
+||((D.dqb_curfiles>D.dqb_fsoftlimit) && (D.dqb_fsoftlimit != 0))
 #endif
     ) {
       *dfree = 0;
diff --git a/source/smbd/reply.c b/source/smbd/reply.c
index 8f650cb994e..315c7fbb51d 100644
--- a/source/smbd/reply.c
+++ b/source/smbd/reply.c
@@ -1026,7 +1026,6 @@ int reply_open_and_X(char *inbuf,char *outbuf,int length,int bufsize)
   pstring fname;
   int cnum = SVAL(inbuf,smb_tid);
   int fnum = -1;
-  int openmode = 0;
   int smb_mode = SVAL(inbuf,smb_vwv3);
   int smb_attr = SVAL(inbuf,smb_vwv5);
   BOOL oplock_request = BITSETW(inbuf+smb_vwv2,1);
@@ -1050,12 +1049,6 @@ int reply_open_and_X(char *inbuf,char *outbuf,int length,int bufsize)
   strcpy(fname,smb_buf(inbuf));
   unix_convert(fname,cnum,0);
     
-  /* now add create and trunc bits */
-  if (smb_ofun & 0x10)
-    openmode |= O_CREAT;
-  if ((smb_ofun & 0x3) == 2)
-    openmode |= O_TRUNC;
-  
   fnum = find_free_file();
   if (fnum < 0)
     return(ERROR(ERRSRV,ERRnofids));
diff --git a/source/smbd/server.c b/source/smbd/server.c
index 41f23ed02f1..29696242156 100644
--- a/source/smbd/server.c
+++ b/source/smbd/server.c
@@ -1577,9 +1577,9 @@ void open_file_shared(int fnum,int cnum,char *fname,int share_mode,int ofun,
       int old_open_mode = old_shares[i].share_mode &0xF;
       int old_deny_mode = (old_shares[i].share_mode >>4)&7;
 
-      if (deny_mode > 4 || old_deny_mode > 4 || old_open_mode > 2) 
+      if (old_deny_mode > 4 || old_open_mode > 2) 
       {
-	DEBUG(2,("Invalid share mode (%d,%d,%d) on file %s\n",
+	DEBUG(0,("Invalid share mode found (%d,%d,%d) on file %s\n",
 		 deny_mode,old_deny_mode,old_open_mode,fname));
         free((char *)old_shares);
         if(share_locked)