Makefile.in: Fixed bug with continuation line causing proto to fail.

Added $(PROGS) $(SPROGS) as targets for make clean.
acconfig.h: Added HAVE_IRIX_SPECIFIC_CAPABILITIES.
configure.in: Added sys/capability.h header check.
              Added function checks for srandom random srand rand.
              Added HAVE_IRIX_SPECIFIC_CAPABILITIES test.
includes.h: Added #include <sys/capability.h>.
ntdomain.h: Moved struct acct_info into here from smb.h
smb.h: Added KERNEL_OPLOCK_CAPABILITY define.
       Moved enum action_type into rpcclient.h
       Moved struct cli_state into client.h
       Moved struct nt_client_info, struct tar_client_info, struct client_info
             into rpcclient.h
lib/genrand.c: Changed to use sys_random() & friends.
lib/smbrun.c: Lose capabilities after fork.
lib/system.c: Added set_process_capability(), set_inherited_process_capability()
              sys_random(), sys_srandom().
lib/util.c: Added Ander's EFBIG lock check to fcntl_lock for 64 bit access to an
            32 bit mounted NFS filesystem.
nmbd/nmbd.c: Changed to use sys_random() & friends.
nmbd/nmbd_browsesync.c: Changed to use sys_random() & friends.
passdb/ldap.c: Missed one pdb_encode_acct_ctrl call.
passdb/passdb.c: Changed to Ander's code for ' ' characters.
passdb/smbpass.c: Added Ander's code to reset ACB_PWNOTREQ.
script/mkproto.awk: Added 'long' to prototypes.
smbd/chgpasswd.c: Lose capabilities after fork.
smbd/open.c: Do the mmap *after* the kernel oplock.
smbd/oplock.c: Removed stub code from kernel oplock path.
               Added set_process_capability(), set_inherited_process_capability() calls.
smbd/reply.c: Initialize count = 0, offset = 0.
smbd/server.c: Added set_process_capability(), set_inherited_process_capability() calls.
tests/summary.c: Ensure we have RANDOM or RAND.
utils/smbpasswd.c: Added Ander's code to reset ACB_PWNOTREQ.
utils/torture.c: Changed to use sys_random() & friends.

Jeremy.
(This used to be commit e8be306f23963ac00b1a383ebe0cc1421529fb02)

source3/Makefile.in

@@ -186,7 +186,7 @@ RPCCLIENT_OBJ = rpcclient/rpcclient.o \
              $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
              $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_OBJ)
 #             rpcclient/cmd_netlogon.o \
-#             rpcclient/cmd_srvsvc.o \
+#             rpcclient/cmd_srvsvc.o
 
 CLIENT_OBJ = client/client.o client/clientutil.o client/clitar.o \
              $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
@@ -319,7 +319,7 @@ uninstallcp:
 	@$(SHELL) $(srcdir)/script/uninstallcp.sh $(CODEPAGEDIR) $(CODEPAGELIST)
 
 clean: 
-	-rm -f core */*~ *~ */*.o
+	-rm -f core */*~ *~ */*.o $(PROGS) $(SPROGS)
 
 proto:
 	@echo rebuilding include/proto.h

source3/acconfig.h

@@ -66,3 +66,4 @@
 #undef STAT_STATVFS64
 #undef HAVE_LIBREADLINE
 #undef HAVE_KERNEL_OPLOCKS
+#undef HAVE_IRIX_SPECIFIC_CAPABILITIES

source3/configure.in

@@ -40,7 +40,7 @@ AC_CHECK_HEADERS(sys/mount.h sys/vfs.h sys/fs/s5param.h sys/filsys.h termios.h)
 AC_CHECK_HEADERS(sys/statfs.h sys/dustat.h sys/statvfs.h stdarg.h sys/sockio.h)
 AC_CHECK_HEADERS(shadow.h netinet/tcp.h sys/security.h security/pam_appl.h)
 AC_CHECK_HEADERS(stropts.h poll.h readline.h history.h readline/readline.h)
-AC_CHECK_HEADERS(readline/history.h)
+AC_CHECK_HEADERS(readline/history.h sys/capability.h)
 
 AC_CHECK_SIZEOF(int,cross)
 AC_CHECK_SIZEOF(long,cross)
@@ -161,6 +161,7 @@ AC_CHECK_FUNCS(initgroups select rdchk getgrnam pathconf putprpwnam)
 AC_CHECK_FUNCS(setuidx setgroups mktime rename ftruncate stat64 fstat64 lstat64)
 AC_CHECK_FUNCS(set_auth_parameters atexit grantpt getspnam dup2 lseek64 ftruncate64)
 AC_CHECK_FUNCS(fseek64 ftell64 bigcrypt getprpwnam setluid yp_get_default_domain getpwanam)
+AC_CHECK_FUNCS(srandom random srand rand)
 
 AC_CACHE_CHECK([for long long],samba_cv_have_longlong,[
 AC_TRY_RUN([#include <stdio.h>
@@ -289,6 +290,22 @@ if test x"$samba_cv_HAVE_KERNEL_OPLOCKS" = x"yes"; then
     AC_DEFINE(HAVE_KERNEL_OPLOCKS)
 fi
 
+AC_CACHE_CHECK([for irix specific capabilities],samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES,[
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <sys/capability.h>],
+[cap_t cap;
+
+ if ((cap = cap_get_proc()) == NULL)
+   exit(1);
+ cap->cap_effective |= CAP_NETWORK_MGT;
+ cap->cap_inheritable |= CAP_NETWORK_MGT;
+ if (cap_set_proc(cap) == -1)
+   exit(1);
+],
+samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES=yes,samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES=no)])
+if test x"$samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES" = x"yes"; then
+    AC_DEFINE(HAVE_IRIX_SPECIFIC_CAPABILITIES)
+fi
 
 AC_MSG_CHECKING([for test routines])
 AC_TRY_RUN([#include "${srcdir-.}/tests/trivial.c"],

source3/include/config.h.in

@@ -123,6 +123,7 @@
 #undef STAT_STATVFS64
 #undef HAVE_LIBREADLINE
 #undef HAVE_KERNEL_OPLOCKS
+#undef HAVE_IRIX_SPECIFIC_CAPABILITIES
 
 /* The number of bytes in a int.  */
 #undef SIZEOF_INT
@@ -247,6 +248,12 @@
 /* Define if you have the putprpwnam function.  */
 #undef HAVE_PUTPRPWNAM
 
+/* Define if you have the rand function.  */
+#undef HAVE_RAND
+
+/* Define if you have the random function.  */
+#undef HAVE_RANDOM
+
 /* Define if you have the rdchk function.  */
 #undef HAVE_RDCHK
 
@@ -280,6 +287,12 @@
 /* Define if you have the sigprocmask function.  */
 #undef HAVE_SIGPROCMASK
 
+/* Define if you have the srand function.  */
+#undef HAVE_SRAND
+
+/* Define if you have the srandom function.  */
+#undef HAVE_SRANDOM
+
 /* Define if you have the stat64 function.  */
 #undef HAVE_STAT64
 
@@ -397,6 +410,9 @@
 /* Define if you have the <stropts.h> header file.  */
 #undef HAVE_STROPTS_H
 
+/* Define if you have the <sys/capability.h> header file.  */
+#undef HAVE_SYS_CAPABILITY_H
+
 /* Define if you have the <sys/dir.h> header file.  */
 #undef HAVE_SYS_DIR_H
 

source3/include/includes.h

@@ -265,6 +265,10 @@
 #include <poll.h>
 #endif
 
+#ifdef HAVE_SYS_CAPABILITY_H
+#include <sys/capability.h>
+#endif
+
 #ifndef uchar
 #define uchar unsigned char
 #endif

source3/include/ntdomain.h

@@ -122,5 +122,11 @@ typedef struct
 
 } rid_name;
 
+struct acct_info
+{
+    fstring acct_name; /* account name */
+    uint32 smb_userid; /* domain-relative RID */
+};
+
 #endif /* _NT_DOMAIN_H */
 

source3/include/proto.h

@@ -183,6 +183,10 @@ char *dos_getwd(char *s);
 int sys_chown(char *fname,int uid,int gid);
 int sys_chroot(char *dname);
 struct hostent *sys_gethostbyname(char *name);
+BOOL set_process_capability( uint32 cap_flag, BOOL enable );
+BOOL set_inherited_process_capability( uint32 cap_flag, BOOL enable );
+long sys_random(void);
+void sys_srandom(unsigned int seed);
 
 /*The following definitions come from  lib/time.c  */
 

source3/include/smb.h

@@ -1401,9 +1401,6 @@ enum remote_arch_types {RA_UNKNOWN, RA_WFWG, RA_OS2, RA_WIN95, RA_WINNT, RA_SAMB
 /* case handling */
 enum case_handling {CASE_LOWER,CASE_UPPER};
 
-/* display info */
-enum action_type    { ACTION_HEADER, ACTION_ENUMERATE, ACTION_FOOTER };
-
 #ifdef WITH_SSL
 /* SSL version options */
 enum ssl_version_enum {SMB_SSL_V2,SMB_SSL_V3,SMB_SSL_V23,SMB_SSL_TLS1};
@@ -1544,6 +1541,12 @@ extern int unix_ERR_code;
 #define OPLOCK_BREAK_INODE_OFFSET (OPLOCK_BREAK_DEV_OFFSET + sizeof(SMB_DEV_T))
 #define OPLOCK_BREAK_MSG_LEN (OPLOCK_BREAK_INODE_OFFSET + sizeof(SMB_INO_T))
 
+/*
+ * Capabilities abstracted for different systems.
+ */
+
+#define KERNEL_OPLOCK_CAPABILITY 0x1
+
 #if defined(HAVE_KERNEL_OPLOCKS)
 /*
  * Oplock break command code sent via the kernel interface.
@@ -1591,151 +1594,8 @@ struct nmb_name {
   unsigned int name_type;
 };
 
-struct cli_state {
-  int fd;
-  int cnum;
-  int pid;
-  int mid;
-  int uid;
-  int protocol;
-  int sec_mode;
-  int rap_error;
-  int privilages;
-
-  fstring eff_name;
-  fstring desthost;
-  fstring user_name;
-  fstring domain;
-
-  fstring share;
-  fstring dev;
-  struct nmb_name called;
-  struct nmb_name calling;
-  fstring full_dest_host_name;
-  struct in_addr dest_ip;
-
-  struct pwd_info pwd;
-  char cryptkey[8];
-  uint32 sesskey;
-  int serverzone;
-  uint32 servertime;
-  int readbraw_supported;
-  int writebraw_supported;
-  int timeout;
-  int max_xmit;
-  char *outbuf;
-  char *inbuf;
-  int bufsize;
-  int initialised;
-  /*
-   * Only used in NT domain calls.
-   */
-  uint32 nt_error;                   /* NT RPC error code. */
-  uint16 nt_pipe_fnum;               /* Pipe handle. */
-  unsigned char sess_key[16];        /* Current session key. */
-  DOM_CRED clnt_cred;                /* Client credential. */
-  fstring mach_acct;                 /* MYNAME$. */
-  fstring srv_name_slash;            /* \\remote server. */
-  fstring clnt_name_slash;            /* \\local client. */
-};
-
-struct acct_info
-{
-	fstring acct_name; /* account name */
-	uint32 smb_userid; /* domain-relative RID */
-};
-
-struct nt_client_info
-{
-	/************* \PIPE\NETLOGON stuff ******************/
-
-	fstring mach_acct;
-
-	uint8 sess_key[16];
-	DOM_CRED clnt_cred;
-	DOM_CRED rtn_cred;
-
-	NET_ID_INFO_CTR ctr;
-	NET_USER_INFO_3 user_info3;
-
-	/************** \PIPE\lsarpc stuff ********************/
-
-	POLICY_HND lsa_info_pol;
-
-	/* domain member */
-	fstring level3_dom;
-	fstring level3_sid;
-
-	/* domain controller */
-	fstring level5_dom;
-	fstring level5_sid;
-
-	/************** \PIPE\samr stuff  ********************/
-
-	POLICY_HND samr_pol_connect;
-	POLICY_HND samr_pol_open_domain;
-	POLICY_HND samr_pol_open_user;
-
-	struct acct_info *sam;
-	int num_sam_entries;
-};
-
-
-struct tar_client_info
-{
-	int blocksize;
-	BOOL inc;
-	BOOL reset;
-	BOOL excl;
-	char type;
-	int attrib;
-	char **cliplist;
-	int clipn;
-	int tp;
-	int num_files;
-	int buf_size;
-	int bytes_written;
-	char *buf;
-	int handle;
-	int print_mode;
-	char *file_mode;
-};
-
-struct client_info 
-{
-	struct in_addr dest_ip;
-	fstring dest_host;
-	fstring query_host;
-	uint8 name_type;
-
-	fstring myhostname;
-	fstring mach_acct;
-
-	pstring cur_dir;
-	pstring base_dir;
-	pstring file_sel;
-
-	fstring service;
-	fstring share;
-	fstring svc_type;
-
-	time_t newer_than;
-	int archive_level;
-	int dir_total;
-	int put_total_time_ms;
-	int put_total_size;
-	int get_total_time_ms;
-	int get_total_size;
-	int print_mode;
-	BOOL translation;
-	BOOL recurse_dir;
-	BOOL prompt;
-	BOOL lowercase;
-	BOOL abort_mget;
-
-	struct tar_client_info tar;
-	struct nt_client_info dom;
-};
+#include "client.h"
+#include "rpcclient.h"
 
 /*
  * Size of new password account encoding string. DO NOT CHANGE.

source3/lib/genrand.c

@@ -192,7 +192,7 @@ void generate_random_buffer( unsigned char *out, int len, BOOL re_seed)
   unsigned char *p;
 
   if(!done_reseed || re_seed) {
-	  srandom(do_reseed(md4_buf));
+	  sys_srandom(do_reseed(md4_buf));
 	  done_reseed = True;
   }
 
@@ -218,7 +218,7 @@ void generate_random_buffer( unsigned char *out, int len, BOOL re_seed)
     memcpy(md4_buf, tmp_buf, sizeof(md4_buf));
     /* XOR in output from random(). */
     for(i = 0; i < 4; i++)
-      SIVAL(tmp_buf, i*4, (IVAL(tmp_buf, i*4) ^ (uint32)random()));
+      SIVAL(tmp_buf, i*4, (IVAL(tmp_buf, i*4) ^ (uint32)sys_random()));
     memcpy(p, tmp_buf, copy_len);
     p += copy_len;
     len -= copy_len;

source3/lib/smbrun.c

@@ -89,6 +89,12 @@ int smbrun(char *cmd,char *outfile,BOOL shared)
 	int uid = current_user.uid;
 	int gid = current_user.gid;
 
+    /*
+     * Lose any kernel oplock capabilities we may have.
+     */
+    set_process_capability(KERNEL_OPLOCK_CAPABILITY, False);
+    set_inherited_process_capability(KERNEL_OPLOCK_CAPABILITY, False);
+
 #ifndef HAVE_EXECL
 	int ret;
 	pstring syscmd;  

source3/lib/system.c

@@ -533,3 +533,104 @@ struct hostent *sys_gethostbyname(char *name)
   return(gethostbyname(name));
 #endif /* REDUCE_ROOT_DNS_LOOKUPS */
 }
+
+
+/**************************************************************************
+ Try and abstract process capabilities (for systems that have them).
+****************************************************************************/
+
+BOOL set_process_capability( uint32 cap_flag, BOOL enable )
+{
+#if defined(HAVE_IRIX_SPECIFIC_CAPABILITIES)
+  if(cap_flag == KERNEL_OPLOCK_CAPABILITY)
+  {
+    cap_t cap = cap_get_proc();
+
+    if (cap == NULL) {
+      DEBUG(0,("set_process_capability: cap_get_proc failed. Error was %s\n",
+            strerror(errno)));
+      return False;
+    }
+
+    if(enable)
+      cap->cap_effective |= CAP_NETWORK_MGT;
+    else
+      cap->cap_effective &= ~CAP_NETWORK_MGT;
+
+    if (cap_set_proc(cap) == -1) {
+      DEBUG(0,("set_process_capability: cap_set_proc failed. Error was %s\n",
+            strerror(errno)));
+      return False;
+    }
+
+    DEBUG(10,("set_process_capability: Set KERNEL_OPLOCK_CAPABILITY.\n"));
+  }
+#endif
+  return True;
+}
+
+/**************************************************************************
+ Try and abstract inherited process capabilities (for systems that have them).
+****************************************************************************/
+
+BOOL set_inherited_process_capability( uint32 cap_flag, BOOL enable )
+{
+#if defined(HAVE_IRIX_SPECIFIC_CAPABILITIES)
+  if(cap_flag == KERNEL_OPLOCK_CAPABILITY)
+  {
+    cap_t cap = cap_get_proc();
+
+    if (cap == NULL) {
+      DEBUG(0,("set_inherited_process_capability: cap_get_proc failed. Error was %s\n",
+            strerror(errno)));
+      return False;
+    }
+
+    if(enable)
+      cap->cap_inheritable |= CAP_NETWORK_MGT;
+    else
+      cap->cap_inheritable &= ~CAP_NETWORK_MGT;
+
+    if (cap_set_proc(cap) == -1) {
+      DEBUG(0,("set_inherited_process_capability: cap_set_proc failed. Error was %s\n", 
+            strerror(errno)));
+      return False;
+    }
+
+    DEBUG(10,("set_inherited_process_capability: Set KERNEL_OPLOCK_CAPABILITY.\n"));
+  }
+#endif
+  return True;
+}
+
+/**************************************************************************
+ Wrapper for random().
+****************************************************************************/
+
+long sys_random(void)
+{
+#if defined(HAVE_RANDOM)
+  return (long)random();
+#elif defined(HAVE_RAND)
+  return (long)rand();
+#else
+  DEBUG(0,("Error - no random function available !\n"));
+  exit(1);
+#endif
+}
+
+/**************************************************************************
+ Wrapper for srandom().
+****************************************************************************/
+
+void sys_srandom(unsigned int seed)
+{
+#if defined(HAVE_SRANDOM)
+  srandom(seed);
+#elif defined(HAVE_SRAND)
+  srand(seed);
+#else
+  DEBUG(0,("Error - no srandom function available !\n"));
+  exit(1);
+#endif
+}

source3/lib/util.c

@@ -4328,6 +4328,19 @@ BOOL fcntl_lock(int fd, int op, SMB_OFF_T offset, SMB_OFF_T count, int type)
   errno = 0;
 
   ret = fcntl(fd,op,&lock);
+  if (errno == EFBIG)
+  {
+    if( DEBUGLVL( 0 ))
+    {
+      dbgtext("fcntl_lock: WARNING: lock request at offset %.0f, length %.0f returned\n", (double)offset,(double)count);
+      dbgtext("a 'file too large' error. This can happen when using 64 bit lock offsets\n");
+      dbgtext("on 32 bit NFS mounted file systems. Retrying with 32 bit truncated length.\n");
+    }
+    /* 32 bit NFS file system, retry with smaller offset */
+    errno = 0;
+    lock.l_len = count & 0xffffffff;
+    ret = fcntl(fd,op,&lock);
+  }
 
   if (errno != 0)
     DEBUG(3,("fcntl lock gave errno %d (%s)\n",errno,strerror(errno)));

source3/nmbd/nmbd.c

@@ -557,7 +557,7 @@ static void usage(char *pname)
 
   StartupTime = time(NULL);
 
-  srandom(time(NULL) ^ getpid());
+  sys_srandom(time(NULL) ^ getpid());
 
   TimeInit();
 

source3/nmbd/nmbd_browsesync.c

@@ -593,7 +593,7 @@ void sync_all_dmbs(time_t t)
 	/* sync with a probability of 1/count */
 	for (work=unicast_subnet->workgrouplist; work; work = work->next) {
 		if (strcmp(global_myworkgroup, work->work_group)) {
-			if (((unsigned)random()) % count != 0) continue;
+			if (((unsigned)sys_random()) % count != 0) continue;
 
 			lastrun = t;
 

source3/passdb/ldap.c

@@ -708,7 +708,7 @@ static BOOL modadd_ldap21pwd_entry(struct sam_passwd *newpwd, int flag)
 	
 	make_a_mod(&mods, ldap_state, "rid", rid);
 	make_a_mod(&mods, ldap_state, "pwdLastSet", lst);
-	make_a_mod(&mods, ldap_state, "userAccountControl", pdb_encode_acct_ctrl(newpwd->acct_ctrl));
+	make_a_mod(&mods, ldap_state, "userAccountControl", pdb_encode_acct_ctrl(newpwd->acct_ctrl,NEW_PW_FORMAT_SPACE_PADDED_LEN));
 	
 	ldap_modify_s(ldap_struct, dn, mods);
 	

source3/passdb/passdb.c

@@ -558,7 +558,7 @@ uint16 pdb_decode_acct_ctrl(char *p)
 			case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ } 
 			case 'X': { acct_ctrl |= ACB_PWNOEXP  ; break; /* No 'X'piry on password */ } 
 			case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ }
-            case ' ':
+            case ' ': { break; }
 			case ':':
 			case '\n':
 			case '\0': 

source3/passdb/smbpass.c

@@ -770,6 +770,16 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
   p += 33; /* Move to the first character of the line after
               the NT password. */
 
+  /*
+   * If both NT and lanman passwords are provided - reset password
+   * not required flag.
+   */
+
+  if(pwd->smb_passwd != NULL || pwd->smb_nt_passwd != NULL) {
+    /* Reqiure password in the future (should ACB_DISABLED also be reset?) */
+    pwd->acct_ctrl &= ~(ACB_PWNOTREQ);
+  }
+
   if (*p == '[') {
 
     i = 0;

source3/script/mkproto.awk

@@ -80,7 +80,7 @@ END {
   next;
 }
 
-!/^connection_struct|^pipes_struct|^file_fd_struct|^files_struct|^connection_struct|^uid_t|^gid_t|^unsigned|^mode_t|^DIR|^user|^int|^char|^uint|^struct|^BOOL|^void|^time|^smb_shm_offset_t|^shm_offset_t|^enum remote_arch_types|^FILE|^SMB_OFF_T|^size_t|^ssize_t|^SMB_BIG_UINT/ {
+!/^connection_struct|^pipes_struct|^file_fd_struct|^files_struct|^connection_struct|^uid_t|^gid_t|^unsigned|^mode_t|^DIR|^user|^int|^long|^char|^uint|^struct|^BOOL|^void|^time|^smb_shm_offset_t|^shm_offset_t|^enum remote_arch_types|^FILE|^SMB_OFF_T|^size_t|^ssize_t|^SMB_BIG_UINT/ {
   next;
 }
 

source3/smbd/chgpasswd.c

@@ -343,6 +343,12 @@ static BOOL chat_with_program(char *passwordprogram,char *name,char *chatsequenc
   } else {
     /* CHILD */
 
+    /*
+     * Lose any oplock capabilities.
+     */
+    set_process_capability(KERNEL_OPLOCK_CAPABILITY, False);
+    set_inherited_process_capability(KERNEL_OPLOCK_CAPABILITY, False);
+
     /* make sure it doesn't freeze */
     alarm(20);
 

source3/smbd/open.c

@@ -535,18 +535,30 @@ static void open_file(files_struct *fsp,connection_struct *conn,
 	     conn->num_files_open));
 
   }
+}
 
+/****************************************************************************
+ If it's a read-only file, and we were compiled with mmap enabled,
+ try and mmap the file. This is split out from open_file() above
+ as mmap'ing the file can cause the kernel reference count to
+ be incremented, which can cause kernel oplocks to be refused.
+ Splitting this call off allows the kernel oplock to be granted, then
+ the file mmap'ed.
+****************************************************************************/
+
+static void mmap_open_file(files_struct *fsp)
+{
 #if WITH_MMAP
   /* mmap it if read-only */
   if (!fsp->can_write) {
-	  fsp->mmap_size = file_size(fname);
+	  fsp->mmap_size = file_size(fsp->fsp_name);
 	  if (fsp->mmap_size < MAX_MMAP_SIZE) {
 		  fsp->mmap_ptr = (char *)mmap(NULL,fsp->mmap_size,
 					       PROT_READ,MAP_SHARED,fsp->fd_ptr->fd,0);
 
 		  if (fsp->mmap_ptr == (char *)-1 || !fsp->mmap_ptr) {
 			  DEBUG(3,("Failed to mmap() %s - %s\n",
-				   fname,strerror(errno)));
+				   fsp->fsp_name,strerror(errno)));
 			  fsp->mmap_ptr = NULL;
 		  }
 	  }
@@ -554,7 +566,6 @@ static void open_file(files_struct *fsp,connection_struct *conn,
 #endif
 }
 
-
 /****************************************************************************
   C. Hoch 11/22/95
   Helper for open_file_shared. 
@@ -938,6 +949,13 @@ dev = %x, inode = %.0f\n", old_shares[i].op_type, fname, (unsigned int)dev, (dou
 
     if ((flags2&O_TRUNC) && file_existed)
       truncate_unless_locked(fsp,conn,token,&share_locked);
+
+    /*
+     * Attempt to mmap a read only file.
+     * Moved until after a kernel oplock may
+     * be granted due to reference count issues. JRA.
+     */
+    mmap_open_file(fsp);
   }
 
   if (share_locked && lp_share_modes(SNUM(conn)))

source3/smbd/oplock.c

@@ -240,39 +240,9 @@ BOOL set_file_oplock(files_struct *fsp)
 {
 #if defined(HAVE_KERNEL_OPLOCKS)
   if(lp_kernel_oplocks()) {
-#if 0 /* for now. */
-    extern struct current_user current_user;
-#endif
-    int saved_errno;
-    int fcntl_ret;
 
-#if 0 /* for now. */
-    /*
-     * Go back to being root.
-     */
-
-    unbecome_user();
-#endif
-
-    fcntl_ret = fcntl(fsp->fd_ptr->fd, F_OPLKREG, oplock_pipe_write);
-    saved_errno = errno;
-
-#if 0 /* for now. */
-    /*
-     * Go back to being the correct user.
-     */
-    if(!become_user(fsp->conn, current_user.vuid))
-    {
-      DEBUG( 0, ( "set_file_oplock: unable to re-become user!" ) );
-      DEBUGADD( 0, ( "Shutting down server\n" ) );
-      close_sockets();
-      close(oplock_sock);
-      exit_server("unable to re-become user");
-    }
-#endif
-
-    if(fcntl_ret < 0) {
-      if(saved_errno != EAGAIN) {
+    if(fcntl(fsp->fd_ptr->fd, F_OPLKREG, oplock_pipe_write) < 0 ) {
+      if(errno != EAGAIN) {
         DEBUG(0,("set_file_oplock: Unable to get kernel oplock on file %s, dev = %x, \
 inode = %.0f. Error was %s\n", 
               fsp->fsp_name, (unsigned int)fsp->fd_ptr->dev, (double)fsp->fd_ptr->inode,
@@ -284,6 +254,10 @@ inode = %.0f. Another process had the file open.\n",
       }
       return False;
     }
+
+    DEBUG(10,("set_file_oplock: got kernel oplock on file %s, dev = %x, inode = %.0f\n",
+          fsp->fsp_name, (unsigned int)fsp->fd_ptr->dev, (double)fsp->fd_ptr->inode));
+
   }
 #endif /* HAVE_KERNEL_OPLOCKS */
 
@@ -305,7 +279,8 @@ inode = %.0f. Another process had the file open.\n",
 static void release_file_oplock(files_struct *fsp)
 {
 #if defined(HAVE_KERNEL_OPLOCKS)
-  if(fsp->granted_oplock && lp_kernel_oplocks())
+
+  if(lp_kernel_oplocks())
   {
     if( DEBUGLVL( 10 ))
     {
@@ -320,7 +295,7 @@ oplock state of %x.\n", fsp->fsp_name, (unsigned int)fsp->fd_ptr->dev,
     }
 
     /*
-     * Remove the kernel oplock on this file.
+     * Remote the kernel oplock on this file.
      */
 
     if(fcntl(fsp->fd_ptr->fd, F_OPLKACK, OP_REVOKE) < 0)
@@ -1057,6 +1032,9 @@ void check_kernel_oplocks(void)
     int pfd[2];
     pstring tmpname;
 
+    set_process_capability(KERNEL_OPLOCK_CAPABILITY,True);
+    set_inherited_process_capability(KERNEL_OPLOCK_CAPABILITY,True);
+
     slprintf( tmpname, sizeof(tmpname)-1, "/tmp/ot.%d.XXXXXX", (unsigned int)getpid());
     mktemp(tmpname);
 

source3/smbd/reply.c

@@ -3544,7 +3544,7 @@ int reply_lockingX(connection_struct *conn, char *inbuf,char *outbuf,int length,
 #endif
   uint16 num_ulocks = SVAL(inbuf,smb_vwv6);
   uint16 num_locks = SVAL(inbuf,smb_vwv7);
-  SMB_OFF_T count, offset;
+  SMB_OFF_T count = 0, offset = 0;
   int32 lock_timeout = IVAL(inbuf,smb_vwv4);
   int i;
   char *data;

source3/smbd/server.c

@@ -240,6 +240,14 @@ max can be %d\n",
 				   that client substitutions will be
 				   done correctly in the process.  */
 				reset_globals_after_fork();
+
+                /*
+                 * Ensure this child has kernel oplock
+                 * capabilities, but not it's children.
+                 */
+                set_process_capability(KERNEL_OPLOCK_CAPABILITY, True);
+                set_inherited_process_capability(KERNEL_OPLOCK_CAPABILITY, False);
+
 				return True; 
 			}
 			/* The parent doesn't need this socket */
@@ -661,8 +669,6 @@ static void usage(char *pname)
 
 	DEBUG(3,( "loaded services\n"));
 
-    check_kernel_oplocks();
-
 	if (!is_daemon && !is_a_socket(0)) {
 		DEBUG(0,("standard input is not a socket, assuming -D option\n"));
 		is_daemon = True;
@@ -673,6 +679,8 @@ static void usage(char *pname)
 		become_daemon();
 	}
 
+    check_kernel_oplocks();
+
 	if (!directory_exist(lp_lockdir(), NULL)) {
 		mkdir(lp_lockdir(), 0755);
 	}

source3/tests/summary.c

@@ -24,5 +24,10 @@ main()
 	exit(1);
 #endif
 
+#if !((defined(HAVE_RANDOM) || defined(HAVE_RAND)) && (defined(HAVE_SRANDOM) || defined(HAVE_SRAND)))
+    printf("ERROR: No random or srandom routine!\n");
+    exit(1);
+#endif
+
 	exit(0);
 }

source3/utils/smbpasswd.c

@@ -639,9 +639,13 @@ int main(int argc, char **argv)
       smb_pwent->smb_nt_passwd = new_nt_p16;
     }
     smb_pwent->acct_ctrl &= ~ACB_DISABLED;
-  } else if (set_no_password)
+  } else if (set_no_password) {
     smb_pwent->acct_ctrl |= ACB_PWNOTREQ;
-  else {
+    /* This is needed to preserve ACB_PWNOTREQ in mod_smbfilepwd_entry */
+    smb_pwent->smb_passwd = NULL;
+    smb_pwent->smb_nt_passwd = NULL;
+  } else {
+    smb_pwent->acct_ctrl &= ~ACB_PWNOTREQ;
     smb_pwent->smb_passwd = new_p16;
     smb_pwent->smb_nt_passwd = new_nt_p16;
   }

source3/utils/torture.c

@@ -130,7 +130,7 @@ static BOOL rw_torture(struct cli_state *c, int numops)
 
 
 	for (i=0;i<numops;i++) {
-		unsigned n = (unsigned)random()%10;
+		unsigned n = (unsigned)sys_random()%10;
 		if (i % 10 == 0) {
 			printf("%d\r", i); fflush(stdout);
 		}
@@ -611,7 +611,7 @@ static void run_unlinktest(void)
 static void rand_buf(char *buf, int len)
 {
 	while (len--) {
-		*buf = random();
+		*buf = sys_random();
 		buf++;
 	}
 }
@@ -639,8 +639,8 @@ static void run_randomipc(void)
 	}
 
 	for (i=0;i<1000;i++) {
-		api = random() % 500;
-		param_len = random() % 64;
+		api = sys_random() % 500;
+		param_len = sys_random() % 64;
 
 		rand_buf(param, param_len);
   
@@ -860,7 +860,7 @@ static void create_procs(int nprocs, int numops)
 	for (i=0;i<nprocs;i++) {
 		if (fork() == 0) {
 			int mypid = getpid();
-			srandom(mypid ^ time(NULL));
+			sys_srandom(mypid ^ time(NULL));
 			run_torture(numops);
 			_exit(0);
 		}