sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-01 04:58:35 +03:00
Code

Merge branch 'master' of ssh://git.samba.org/data/git/samba into arc4

Browse Source
This commit is contained in:
Jelmer Vernooij 2008-10-11 14:44:10 +02:00
commit 6a78e56277
374 changed files with 17006 additions and 14118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.gitignore vendored
View File

@ -252,10 +252,10 @@ source4/param/proto.h
source4/param/secrets_proto.h
source4/param/share_proto.h
source4/passdb/proto.h
source4/pidl/blib
source4/pidl/cover_db
source4/pidl/Makefile
source4/pidl/pm_to_blib
pidl/blib
pidl/cover_db
pidl/Makefile
pidl/pm_to_blib
source4/rpc_server/common/proto.h
source4/rpc_server/dcerpc_server_proto.h
source4/rpc_server/lsa/proto.h

67
README.Coding
View File

@ -1,6 +1,7 @@
##
## Coding conventions in the Samba 3 tree
##
Coding conventions in the Samba tree
------------------------------------
.. contents::
===========
Quick Start
@ -14,15 +15,13 @@ style should never outweigh coding itself and so the the guidelines
described here are hopefully easy enough to follow as they are very
common and supported by tools and editors.
The basic style, also mentioned in the SAMBA_4_0/prog_guide.txt is the
Linux kernel coding style (See Documentation/CodingStyle in the kernel
source tree). The closely matches what most Samba developers use already
anyways.
The basic style, also mentioned in prog_guide4.txt, is the Linux kernel coding
style (See Documentation/CodingStyle in the kernel source tree). This closely
matches what most Samba developers use already anyways.
But to save you the trouble of reading the Linux kernel style guide, here
are the highlights.
* Maximum Line Width is 80 Characters
The reason is not for people with low-res screens but rather sticking
to 80 columns prevents you from easily nesting more than one level of
@ -59,14 +58,14 @@ Vi
--
(Thanks to SATOH Fumiyasu <fumiyas@osstech.jp> for these hints):
For the basic vi editor including with all variants of *nix, add the
For the basic vi editor including with all variants of \*nix, add the
following to $HOME/.exrc:
set tabstop=8
set shiftwidth=8
For Vim, the following settings in $HOME/.vimrc will also deal with
displaying trailing whitespace:
displaying trailing whitespace::
if has("syntax") && (&t_Co > 2 || has("gui_running"))
syntax on
@ -91,7 +90,7 @@ FAQ & Statement Reference
Comments
--------
Comments should always use the standard C syntax. I.e. /* ... */. C++
Comments should always use the standard C syntax. C++
style comments are not currently allowed.
@ -145,7 +144,7 @@ The exception to the ending rule is when the closing brace is followed by
another language keyword such as else or the closing while in a do..while
loop.
Good examples:
Good examples::
if (x == 1) {
printf("good\n");
@ -162,7 +161,7 @@ Good examples:
printf("also good\n");
} while (1);
Bad examples:
Bad examples::
while (1)
{
@ -177,43 +176,43 @@ evil, they can greatly enhance readability and reduce memory leaks when used
as the single exit point from a function. But in no Samba world what so ever
is a goto outside of a function or block of code a good idea.
Good Examples:
Good Examples::
int function foo(int y)
{
int *z = NULL;
int ret = 0;
int function foo(int y)
{
int *z = NULL;
int ret = 0;
if ( y < 10 ) {
z = malloc(sizeof(int)*y);
if (!z) {
ret = 1;
goto done;
if ( y < 10 ) {
z = malloc(sizeof(int)*y);
if (!z) {
ret = 1;
goto done;
}
}
print("Allocated %d elements.\n", y);
done:
if (z)
free(z);
return ret;
}
print("Allocated %d elements.\n", y);
done:
if (z)
free(z);
return ret;
}
Checking Pointer Values
-----------------------
When invoking functions that return pointer values, either of the following
are acceptable. Use you best judgement and choose the more readable option.
Remember that many other people will review it.
Remember that many other people will review it.::
if ((x = malloc(sizeof(short)*10)) == NULL ) {
fprintf(stderr, "Unable to alloc memory!\n");
}
or
or::
x = malloc(sizeof(short)*10);
if (!x) {

89
docs-xml/manpages-3/idmap_adex.8.xml Normal file
View File

@ -0,0 +1,89 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="idmap_adex.8">
<refmeta>
<refentrytitle>idmap_adex</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>idmap_adex</refname>
<refpurpose>Samba's idmap_adex Backend for Winbind</refpurpose>
</refnamediv>
<refsynopsisdiv>
<title>DESCRIPTION</title>
<para>
The idmap_adex plugin provides a way for Winbind to read
id mappings from an AD server that uses RFC2307 schema
extensions. This module implements both the idmap and nss_info
APIs and supports domain trustes as well as two-way cross
forest trusts. It is a read-only plugin requiring that the
administrator provide mappings in advance by adding the
POSIX attribute information to the users and groups objects
in AD. The most common means of doing this is using &quot;Identity
Services for Unix&quot; support on Windows 2003 R2 and later.
</para>
<para>
Note that you must add the uidNumber, gidNumber, and uid
attributes to the partial attribute set of the forest global
catalog servers. This can be done using the Active Directory Schema
Management MMC plugin (schmmgmt.dll).
</para>
</refsynopsisdiv>
<refsynopsisdiv>
<title>NSS_INFO</title>
<para>
The nss_info plugin supports reading the unixHomeDirectory,
gidNumber, loginShell, and uidNumber attributes from the user
object and the gidNumber attribute from the group object to
fill in information required by the libc getpwnam() and
getgrnam() family of functions. Group membership is filled in
according to the Windows group membership and not the
msSFU30PosixMember attribute.
</para>
<para>
Username aliases are implement by setting the uid attribute
on the user object. While group name aliases are implemented
by reading the displayname attribute from the group object.
</para>
</refsynopsisdiv>
<refsect1>
<title>EXAMPLES</title>
<para>
The following example shows how to retrieve idmappings and NSS data
from our principal and trusted AD domains.
</para>
<programlisting>
[global]
idmap backend = adex
idmap uid = 1000-4000000000
idmap gid = 1000-4000000000
winbind nss info = adex
winbind normalize names = yes
</programlisting>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
</para>
</refsect1>
</refentry>

76
docs-xml/manpages-3/idmap_hash.8.xml Normal file
View File

@ -0,0 +1,76 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="idmap_hash.8">
<refmeta>
<refentrytitle>idmap_hash</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>idmap_hash</refname>
<refpurpose>Samba's idmap_hash Backend for Winbind</refpurpose>
</refnamediv>
<refsynopsisdiv>
<title>DESCRIPTION</title>
<para>The idmap_hash plugin implements a hashing algorithm used
map SIDs for domain users and groups to a 31-bit uid and gid.
This plugin also implements the nss_info API and can be used
to support a local name mapping files if enabled via the
&quot;winbind normlaize names&quot; and &quot;winbind nss info&quot;
parameters in smb.conf.
</para>
</refsynopsisdiv>
<refsect1>
<title>IDMAP OPTIONS</title>
<variablelist>
<varlistentry>
<term>name_map</term>
<listitem><para>
Specifies the absolute path to the name mapping
file used by the nss_info API. Entries in the file
are of the form &quot;<replaceable>unix name</replaceable>
= <replaceable>qualified domain name</replaceable>&quote;.
Mapping of both user and group names is supported.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para>The following example utilizes the idmap_hash plugin for
the idmap and nss_info information.
</para>
<programlisting>
[global]
idmap backend = hash
idmap uid = 1000-4000000000
idmap gid = 1000-4000000000
winbind nss info = hash
winbind normalize names = yes
idmap_hash:name_map = /etc/samba/name_map.cfg
</programlisting>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
</para>
</refsect1>
</refentry>

8
docs-xml/manpages-3/pam_winbind.7.xml
View File

@ -134,6 +134,14 @@
</para></listitem>
</varlistentry>
<varlistentry>
<term>mkhomedir</term>
<listitem><para>
Create homedirectory for a user on-the-fly, option is valid in
PAM session block.
</para></listitem>
</varlistentry>
</variablelist>

157
docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml Normal file
View File

@ -0,0 +1,157 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="vfs_smb_traffic_analyzer.8">
<refmeta>
<refentrytitle>smb_traffic_analyzer</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<refnamediv>
<refname>vfs_smb_traffic_analyzer</refname>
<refpurpose>log Samba VFS read and write operations through a socket
to a helper application</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>vfs objects = smb_traffic_analyzer</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This VFS module is part of the
<citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>The <command>vfs_smb_traffic_analyzer</command> VFS module logs
client write and read operations on a Samba server and sends this data
over a socket to a helper program, which feeds a SQL database. More
information on the helper programs can be obtained from the
homepage of the project at:
http://holger123.wordpress.com/smb-traffic-analyzer/
</para>
<para><command>vfs_smb_traffic_analyzer</command> currently is aware
of the following VFS operations:</para>
<simplelist>
<member>write</member>
<member>pwrite</member>
<member>read</member>
<member>pread</member>
</simplelist>
<para><command>vfs_smb_traffic_analyzer</command> sends the following data
in a fixed format seperated by a comma through either an internet or a
unix domain socket:</para>
<programlisting>
BYTES|USER|DOMAIN|READ/WRITE|SHARE|FILENAME|TIMESTAMP
</programlisting>
<para>Description of the records:
<itemizedlist>
<listitem><para><command>BYTES</command> - the length in bytes of the VFS operation</para></listitem>
<listitem><para><command>USER</command> - the user who initiated the operation</para></listitem>
<listitem><para><command>DOMAIN</command> - the domain of the user</para></listitem>
<listitem><para><command>READ/WRITE</command> - either "W" for a write operation or "R" for read</para></listitem>
<listitem><para><command>SHARE</command> - the name of the share on which the VFS operation occured</para></listitem>
<listitem><para><command>FILENAME</command> - the name of the file that was used by the VFS operation</para></listitem>
<listitem><para><command>TIMESTAMP</command> - a timestamp, formatted as "yyyy-mm-dd hh-mm-ss.ms" indicating when the VFS operation occured</para></listitem>
</itemizedlist>
</para>
<para>This module is stackable.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>smb_traffic_analyzer:mode = STRING</term>
<listitem>
<para>If STRING matches to "unix_domain_socket", the module will
use a unix domain socket located at /var/tmp/stadsocket, if
STRING contains an different string or is not defined, the module will
use an internet domain socket for data transfer.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>smb_traffic_analyzer:host = STRING</term>
<listitem>
<para>The module will send the data to the system named with
the hostname STRING.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>smb_traffic_analyzer:port = STRING</term>
<listitem>
<para>The module will send the data using the TCP port given
in STRING
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para>The module running on share "example_share", using a unix domain socket</para>
<programlisting>
<smbconfsection name="[example_share]"/>
<smbconfoption name="path">/data/example</smbconfoption>
<smbconfoption name="vfs objects">smb_traffic_analyzer</smbconfoption>
<smbconfoption name="smb_traffic_analyzer:mode">unix_domain_socket</smbconfoption>
</programlisting>
<para>The module running on share "example_share", using an internet domain socket,
connecting to host "examplehost" on port 3491.</para>
<programlisting>
<smbconfsection name="[example_share]"/>
<smbconfoption name="path">/data/example</smbconfoption>
<smbconfoption name="vfs objects">smb_traffic_analyzer</smbconfoption>
<smbconfoption name="smb_traffic_analyzer:host">examplehost</smbconfoption>
<smbconfoption name="smb_traffic_analyzer:port">3490</smbconfoption>
</programlisting>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.3 of the Samba suite.
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>The original version of the VFS module and the
helper tools were created by Holger Hetterich.</para>
</refsect1>
</refentry>

20
docs-xml/smbdotconf/printing/cupsconnectiontimeout.xml Normal file
View File

@ -0,0 +1,20 @@
<samba:parameter name="cups connection timeout"
context="G"
type="integer"
print="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
This parameter is only applicable if <smbconfoption name="printing"/> is set to <constant>cups</constant>.
</para>
<para>
If set, this option specifies the number of seconds that smbd will wait
whilst trying to contact to the CUPS server. The connection will fail
if it takes longer than this number of seconds.
</para>
</description>
<value type="default">30</value>
<value type="example">60</value>
</samba:parameter>

17
docs-xml/smbdotconf/printing/cupstimeout.xml
View File

@ -1,17 +0,0 @@
<samba:parameter name="cups timeout"
context="G"
type="integer"
print="1"
advanced="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
This parameter determines the timeout for connections to a CUPS server
in seconds.
</para>
</description>
<value type="default">30</value>
<value type="example">cups timeout = 10</value>
</samba:parameter>

27
docs-xml/smbdotconf/winbind/winbindnormalizenames.xml
View File

@ -5,14 +5,25 @@
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This parameter controls whether winbindd will replace
whitespace in user and group names with an underscore (_) character.
For example, whether the name &quot;Space Kadet&quot; should be
replaced with the string &quot;space_kadet&quot;.
Frequently Unix shell scripts will have difficulty with usernames
contains whitespace due to the default field separator in the shell.
Do not enable this option if the underscore character is used in
account names within your domain
</para>
whitespace in user and group names with an underscore (_) character.
For example, whether the name &quot;Space Kadet&quot; should be
replaced with the string &quot;space_kadet&quot;.
Frequently Unix shell scripts will have difficulty with usernames
contains whitespace due to the default field separator in the shell.
If your domain possesses names containing the underscore character,
this option may cause problems unless the name aliasing feature
is supported by your nss_info plugin.
</para>
<para>This feature also enables the name aliasing API which can
be used to make domain user and group names to a non-qlaified
version. Please refer to the manpage for the configured
idmap and nss_info plugin for the specifics on how to configure
name aliasing for a specific configuration. Name aliasing takes
precendence (and is mutually exclusive) over the whitespace
replacement mechanism discussed previsouly.
</para>
</description>
<value type="default">no</value>

2
examples/VFS/skel_opaque.c
View File

@ -315,7 +315,7 @@ static size_t skel_get_nt_acl(vfs_handle_struct *handle,
}
static NTSTATUS skel_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info_sent, SEC_DESC *psd)
uint32 security_info_sent, const SEC_DESC *psd)
{
errno = ENOSYS;
return NT_STATUS_NOT_IMPLEMENTED;

2
examples/VFS/skel_transparent.c
View File

@ -302,7 +302,7 @@ static NTSTATUS skel_get_nt_acl(vfs_handle_struct *handle,
}
static NTSTATUS skel_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info_sent, SEC_DESC *psd)
uint32 security_info_sent, const SEC_DESC *psd)
{
return SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
}

3
examples/pam_winbind/pam_winbind.conf
View File

@ -33,3 +33,6 @@
# omit pam conversations
;silent = no
# create homedirectory on the fly
;mkhomedir = no

38
lib/socket_wrapper/socket_wrapper.c
View File

@ -750,7 +750,7 @@ static struct swrap_packet *swrap_packet_init(struct timeval *tval,
int socket_type,
const unsigned char *payload,
size_t payload_len,
unsigned long tcp_seq,
unsigned long tcp_seqno,
unsigned long tcp_ack,
unsigned char tcp_ctl,
int unreachable,
@ -852,7 +852,7 @@ static struct swrap_packet *swrap_packet_init(struct timeval *tval,
case SOCK_STREAM:
packet->ip.p.tcp.source_port = src_port;
packet->ip.p.tcp.dest_port = dest_port;
packet->ip.p.tcp.seq_num = htonl(tcp_seq);
packet->ip.p.tcp.seq_num = htonl(tcp_seqno);
packet->ip.p.tcp.ack_num = htonl(tcp_ack);
packet->ip.p.tcp.hdr_length = 0x50; /* 5 * 32 bit words */
packet->ip.p.tcp.control = tcp_ctl;
@ -916,7 +916,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si,
{
const struct sockaddr_in *src_addr;
const struct sockaddr_in *dest_addr;
unsigned long tcp_seq = 0;
unsigned long tcp_seqno = 0;
unsigned long tcp_ack = 0;
unsigned char tcp_ctl = 0;
int unreachable = 0;
@ -937,7 +937,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si,
src_addr = (const struct sockaddr_in *)si->myname;
dest_addr = (const struct sockaddr_in *)addr;
tcp_seq = si->io.pck_snd;
tcp_seqno = si->io.pck_snd;
tcp_ack = si->io.pck_rcv;
tcp_ctl = 0x02; /* SYN */
@ -951,7 +951,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si,
dest_addr = (const struct sockaddr_in *)si->myname;
src_addr = (const struct sockaddr_in *)addr;
tcp_seq = si->io.pck_rcv;
tcp_seqno = si->io.pck_rcv;
tcp_ack = si->io.pck_snd;
tcp_ctl = 0x12; /** SYN,ACK */
@ -966,7 +966,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si,
src_addr = (const struct sockaddr_in *)addr;
/* Unreachable: resend the data of SWRAP_CONNECT_SEND */
tcp_seq = si->io.pck_snd - 1;
tcp_seqno = si->io.pck_snd - 1;
tcp_ack = si->io.pck_rcv;
tcp_ctl = 0x02; /* SYN */
unreachable = 1;
@ -979,7 +979,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si,
src_addr = (const struct sockaddr_in *)si->myname;
dest_addr = (const struct sockaddr_in *)addr;
tcp_seq = si->io.pck_snd;
tcp_seqno = si->io.pck_snd;
tcp_ack = si->io.pck_rcv;
tcp_ctl = 0x10; /* ACK */
@ -991,7 +991,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si,
dest_addr = (const struct sockaddr_in *)si->myname;
src_addr = (const struct sockaddr_in *)addr;
tcp_seq = si->io.pck_rcv;
tcp_seqno = si->io.pck_rcv;
tcp_ack = si->io.pck_snd;
tcp_ctl = 0x02; /* SYN */
@ -1005,7 +1005,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si,
src_addr = (const struct sockaddr_in *)si->myname;
dest_addr = (const struct sockaddr_in *)addr;
tcp_seq = si->io.pck_snd;
tcp_seqno = si->io.pck_snd;
tcp_ack = si->io.pck_rcv;
tcp_ctl = 0x12; /* SYN,ACK */
@ -1019,7 +1019,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si,
dest_addr = (const struct sockaddr_in *)si->myname;
src_addr = (const struct sockaddr_in *)addr;
tcp_seq = si->io.pck_rcv;
tcp_seqno = si->io.pck_rcv;
tcp_ack = si->io.pck_snd;
tcp_ctl = 0x10; /* ACK */
@ -1029,7 +1029,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si,
src_addr = (const struct sockaddr_in *)si->myname;
dest_addr = (const struct sockaddr_in *)si->peername;
tcp_seq = si->io.pck_snd;
tcp_seqno = si->io.pck_snd;
tcp_ack = si->io.pck_rcv;
tcp_ctl = 0x18; /* PSH,ACK */
@ -1047,7 +1047,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si,
buf, len, packet_len);
}
tcp_seq = si->io.pck_rcv;
tcp_seqno = si->io.pck_rcv;
tcp_ack = si->io.pck_snd;
tcp_ctl = 0x14; /** RST,ACK */
@ -1061,7 +1061,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si,
return NULL;
}
tcp_seq = si->io.pck_rcv;
tcp_seqno = si->io.pck_rcv;
tcp_ack = si->io.pck_snd;
tcp_ctl = 0x14; /* RST,ACK */
@ -1071,7 +1071,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si,
dest_addr = (const struct sockaddr_in *)si->myname;
src_addr = (const struct sockaddr_in *)si->peername;
tcp_seq = si->io.pck_rcv;
tcp_seqno = si->io.pck_rcv;
tcp_ack = si->io.pck_snd;
tcp_ctl = 0x18; /* PSH,ACK */
@ -1087,7 +1087,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si,
return NULL;
}
tcp_seq = si->io.pck_rcv;
tcp_seqno = si->io.pck_rcv;
tcp_ack = si->io.pck_snd;
tcp_ctl = 0x14; /* RST,ACK */
@ -1123,7 +1123,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si,
src_addr = (const struct sockaddr_in *)si->myname;
dest_addr = (const struct sockaddr_in *)si->peername;
tcp_seq = si->io.pck_snd;
tcp_seqno = si->io.pck_snd;
tcp_ack = si->io.pck_rcv;
tcp_ctl = 0x11; /* FIN, ACK */
@ -1137,7 +1137,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si,
dest_addr = (const struct sockaddr_in *)si->myname;
src_addr = (const struct sockaddr_in *)si->peername;
tcp_seq = si->io.pck_rcv;
tcp_seqno = si->io.pck_rcv;
tcp_ack = si->io.pck_snd;
tcp_ctl = 0x11; /* FIN,ACK */
@ -1151,7 +1151,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si,
src_addr = (const struct sockaddr_in *)si->myname;
dest_addr = (const struct sockaddr_in *)si->peername;
tcp_seq = si->io.pck_snd;
tcp_seqno = si->io.pck_snd;
tcp_ack = si->io.pck_rcv;
tcp_ctl = 0x10; /* ACK */
@ -1164,7 +1164,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si,
return swrap_packet_init(&tv, src_addr, dest_addr, si->type,
(const unsigned char *)buf, len,
tcp_seq, tcp_ack, tcp_ctl, unreachable,
tcp_seqno, tcp_ack, tcp_ctl, unreachable,
packet_len);
}

0
source4/script/harness2subunit.pl → lib/subunit/harness2subunit.pl
View File

0
source4/scripting/python/subunit/__init__.py → lib/subunit/python/subunit/__init__.py
View File

80
lib/subunit/python/subunit/tests/TestUtil.py Normal file
View File

@ -0,0 +1,80 @@
# Copyright (c) 2004 Canonical Limited
# Author: Robert Collins <robert.collins@canonical.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
import logging
import unittest
class LogCollector(logging.Handler):
def __init__(self):
logging.Handler.__init__(self)
self.records=[]
def emit(self, record):
self.records.append(record.getMessage())
def makeCollectingLogger():
"""I make a logger instance that collects its logs for programmatic analysis
-> (logger, collector)"""
logger=logging.Logger("collector")
handler=LogCollector()
handler.setFormatter(logging.Formatter("%(levelname)s: %(message)s"))
logger.addHandler(handler)
return logger, handler
def visitTests(suite, visitor):
"""A foreign method for visiting the tests in a test suite."""
for test in suite._tests:
#Abusing types to avoid monkey patching unittest.TestCase.
# Maybe that would be better?
try:
test.visit(visitor)
except AttributeError:
if isinstance(test, unittest.TestCase):
visitor.visitCase(test)
elif isinstance(test, unittest.TestSuite):
visitor.visitSuite(test)
visitTests(test, visitor)
else:
print "unvisitable non-unittest.TestCase element %r (%r)" % (test, test.__class__)
class TestSuite(unittest.TestSuite):
"""I am an extended TestSuite with a visitor interface.
This is primarily to allow filtering of tests - and suites or
more in the future. An iterator of just tests wouldn't scale..."""
def visit(self, visitor):
"""visit the composite. Visiting is depth-first.
current callbacks are visitSuite and visitCase."""
visitor.visitSuite(self)
visitTests(self, visitor)
class TestLoader(unittest.TestLoader):
"""Custome TestLoader to set the right TestSuite class."""
suiteClass = TestSuite
class TestVisitor(object):
"""A visitor for Tests"""
def visitSuite(self, aTestSuite):
pass
def visitCase(self, aTestCase):
pass

25
lib/subunit/python/subunit/tests/__init__.py Normal file
View File

@ -0,0 +1,25 @@
#
# subunit: extensions to python unittest to get test results from subprocesses.
# Copyright (C) 2005 Robert Collins <robertc@robertcollins.net>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
from subunit.tests import TestUtil, test_test_protocol
def test_suite():
result = TestUtil.TestSuite()
result.addTest(test_test_protocol.test_suite())
return result

11
lib/subunit/python/subunit/tests/sample-script.py Executable file
View File

@ -0,0 +1,11 @@
#!/usr/bin/env python
import sys
print "test old mcdonald"
print "success old mcdonald"
print "test bing crosby"
print "failure bing crosby ["
print "foo.c:53:ERROR invalid state"
print "]"
print "test an error"
print "error an error"
sys.exit(0)

7
lib/subunit/python/subunit/tests/sample-two-script.py Executable file
View File

@ -0,0 +1,7 @@
#!/usr/bin/env python
import sys
print "test old mcdonald"
print "success old mcdonald"
print "test bing crosby"
print "success bing crosby"
sys.exit(0)

730
lib/subunit/python/subunit/tests/test_test_protocol.py Normal file
View File

@ -0,0 +1,730 @@
#
# subunit: extensions to python unittest to get test results from subprocesses.
# Copyright (C) 2005 Robert Collins <robertc@robertcollins.net>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import unittest
from StringIO import StringIO
import os
import subunit
import sys
try:
class MockTestProtocolServerClient(object):
"""A mock protocol server client to test callbacks."""
def __init__(self):
self.end_calls = []
self.error_calls = []
self.failure_calls = []
self.start_calls = []
self.success_calls = []
super(MockTestProtocolServerClient, self).__init__()
def addError(self, test, error):
self.error_calls.append((test, error))
def addFailure(self, test, error):
self.failure_calls.append((test, error))
def addSuccess(self, test):
self.success_calls.append(test)
def stopTest(self, test):
self.end_calls.append(test)
def startTest(self, test):
self.start_calls.append(test)
except AttributeError:
MockTestProtocolServer = None
class TestMockTestProtocolServer(unittest.TestCase):
def test_start_test(self):
protocol = MockTestProtocolServerClient()
protocol.startTest(subunit.RemotedTestCase("test old mcdonald"))
self.assertEqual(protocol.start_calls,
[subunit.RemotedTestCase("test old mcdonald")])
self.assertEqual(protocol.end_calls, [])
self.assertEqual(protocol.error_calls, [])
self.assertEqual(protocol.failure_calls, [])
self.assertEqual(protocol.success_calls, [])
def test_add_error(self):
protocol = MockTestProtocolServerClient()
protocol.addError(subunit.RemotedTestCase("old mcdonald"),
subunit.RemoteError("omg it works"))
self.assertEqual(protocol.start_calls, [])
self.assertEqual(protocol.end_calls, [])
self.assertEqual(protocol.error_calls, [(
subunit.RemotedTestCase("old mcdonald"),
subunit.RemoteError("omg it works"))])
self.assertEqual(protocol.failure_calls, [])
self.assertEqual(protocol.success_calls, [])
def test_add_failure(self):
protocol = MockTestProtocolServerClient()
protocol.addFailure(subunit.RemotedTestCase("old mcdonald"),
subunit.RemoteError("omg it works"))
self.assertEqual(protocol.start_calls, [])
self.assertEqual(protocol.end_calls, [])
self.assertEqual(protocol.error_calls, [])
self.assertEqual(protocol.failure_calls, [
(subunit.RemotedTestCase("old mcdonald"),
subunit.RemoteError("omg it works"))])
self.assertEqual(protocol.success_calls, [])
def test_add_success(self):
protocol = MockTestProtocolServerClient()
protocol.addSuccess(subunit.RemotedTestCase("test old mcdonald"))
self.assertEqual(protocol.start_calls, [])
self.assertEqual(protocol.end_calls, [])
self.assertEqual(protocol.error_calls, [])
self.assertEqual(protocol.failure_calls, [])
self.assertEqual(protocol.success_calls,
[subunit.RemotedTestCase("test old mcdonald")])
def test_end_test(self):
protocol = MockTestProtocolServerClient()
protocol.stopTest(subunit.RemotedTestCase("test old mcdonald"))
self.assertEqual(protocol.end_calls,
[subunit.RemotedTestCase("test old mcdonald")])
self.assertEqual(protocol.error_calls, [])
self.assertEqual(protocol.failure_calls, [])
self.assertEqual(protocol.success_calls, [])
self.assertEqual(protocol.start_calls, [])
class TestTestImports(unittest.TestCase):
def test_imports(self):
from subunit import TestProtocolServer
from subunit import RemotedTestCase
from subunit import RemoteError
from subunit import ExecTestCase
from subunit import IsolatedTestCase
from subunit import TestProtocolClient
class TestTestProtocolServerPipe(unittest.TestCase):
def test_story(self):
client = unittest.TestResult()
protocol = subunit.TestProtocolServer(client)
pipe = StringIO("test old mcdonald\n"
"success old mcdonald\n"
"test bing crosby\n"
"failure bing crosby [\n"
"foo.c:53:ERROR invalid state\n"
"]\n"
"test an error\n"
"error an error\n")
protocol.readFrom(pipe)
mcdonald = subunit.RemotedTestCase("old mcdonald")
bing = subunit.RemotedTestCase("bing crosby")
an_error = subunit.RemotedTestCase("an error")
self.assertEqual(client.errors,
[(an_error, 'RemoteException: \n\n')])
self.assertEqual(
client.failures,
[(bing, "RemoteException: foo.c:53:ERROR invalid state\n\n")])
self.assertEqual(client.testsRun, 3)
class TestTestProtocolServerStartTest(unittest.TestCase):
def setUp(self):
self.client = MockTestProtocolServerClient()
self.protocol = subunit.TestProtocolServer(self.client)
def test_start_test(self):
self.protocol.lineReceived("test old mcdonald\n")
self.assertEqual(self.client.start_calls,
[subunit.RemotedTestCase("old mcdonald")])
def test_start_testing(self):
self.protocol.lineReceived("testing old mcdonald\n")
self.assertEqual(self.client.start_calls,
[subunit.RemotedTestCase("old mcdonald")])
def test_start_test_colon(self):
self.protocol.lineReceived("test: old mcdonald\n")
self.assertEqual(self.client.start_calls,
[subunit.RemotedTestCase("old mcdonald")])
def test_start_testing_colon(self):
self.protocol.lineReceived("testing: old mcdonald\n")
self.assertEqual(self.client.start_calls,
[subunit.RemotedTestCase("old mcdonald")])
class TestTestProtocolServerPassThrough(unittest.TestCase):
def setUp(self):
from StringIO import StringIO
self.stdout = StringIO()
self.test = subunit.RemotedTestCase("old mcdonald")
self.client = MockTestProtocolServerClient()
self.protocol = subunit.TestProtocolServer(self.client, self.stdout)
def keywords_before_test(self):
self.protocol.lineReceived("failure a\n")
self.protocol.lineReceived("failure: a\n")
self.protocol.lineReceived("error a\n")
self.protocol.lineReceived("error: a\n")
self.protocol.lineReceived("success a\n")
self.protocol.lineReceived("success: a\n")
self.protocol.lineReceived("successful a\n")
self.protocol.lineReceived("successful: a\n")
self.protocol.lineReceived("]\n")
self.assertEqual(self.stdout.getvalue(), "failure a\n"
"failure: a\n"
"error a\n"
"error: a\n"
"success a\n"
"success: a\n"
"successful a\n"
"successful: a\n"
"]\n")
def test_keywords_before_test(self):
self.keywords_before_test()
self.assertEqual(self.client.start_calls, [])
self.assertEqual(self.client.error_calls, [])
self.assertEqual(self.client.failure_calls, [])
self.assertEqual(self.client.success_calls, [])
def test_keywords_after_error(self):
self.protocol.lineReceived("test old mcdonald\n")
self.protocol.lineReceived("error old mcdonald\n")
self.keywords_before_test()
self.assertEqual(self.client.start_calls, [self.test])
self.assertEqual(self.client.end_calls, [self.test])
self.assertEqual(self.client.error_calls,
[(self.test, subunit.RemoteError(""))])
self.assertEqual(self.client.failure_calls, [])
self.assertEqual(self.client.success_calls, [])
def test_keywords_after_failure(self):
self.protocol.lineReceived("test old mcdonald\n")
self.protocol.lineReceived("failure old mcdonald\n")
self.keywords_before_test()
self.assertEqual(self.client.start_calls, [self.test])
self.assertEqual(self.client.end_calls, [self.test])
self.assertEqual(self.client.error_calls, [])
self.assertEqual(self.client.failure_calls,
[(self.test, subunit.RemoteError())])
self.assertEqual(self.client.success_calls, [])
def test_keywords_after_success(self):
self.protocol.lineReceived("test old mcdonald\n")
self.protocol.lineReceived("success old mcdonald\n")
self.keywords_before_test()
self.assertEqual(self.client.start_calls, [self.test])
self.assertEqual(self.client.end_calls, [self.test])
self.assertEqual(self.client.error_calls, [])
self.assertEqual(self.client.failure_calls, [])
self.assertEqual(self.client.success_calls, [self.test])
def test_keywords_after_test(self):
self.protocol.lineReceived("test old mcdonald\n")
self.protocol.lineReceived("test old mcdonald\n")
self.protocol.lineReceived("failure a\n")
self.protocol.lineReceived("failure: a\n")
self.protocol.lineReceived("error a\n")
self.protocol.lineReceived("error: a\n")
self.protocol.lineReceived("success a\n")
self.protocol.lineReceived("success: a\n")
self.protocol.lineReceived("successful a\n")
self.protocol.lineReceived("successful: a\n")
self.protocol.lineReceived("]\n")
self.protocol.lineReceived("failure old mcdonald\n")
self.assertEqual(self.stdout.getvalue(), "test old mcdonald\n"
"failure a\n"
"failure: a\n"
"error a\n"
"error: a\n"
"success a\n"
"success: a\n"
"successful a\n"
"successful: a\n"
"]\n")
self.assertEqual(self.client.start_calls, [self.test])
self.assertEqual(self.client.end_calls, [self.test])
self.assertEqual(self.client.failure_calls,
[(self.test, subunit.RemoteError())])
self.assertEqual(self.client.error_calls, [])
self.assertEqual(self.client.success_calls, [])
def test_keywords_during_failure(self):
self.protocol.lineReceived("test old mcdonald\n")
self.protocol.lineReceived("failure: old mcdonald [\n")
self.protocol.lineReceived("test old mcdonald\n")
self.protocol.lineReceived("failure a\n")
self.protocol.lineReceived("failure: a\n")
self.protocol.lineReceived("error a\n")
self.protocol.lineReceived("error: a\n")
self.protocol.lineReceived("success a\n")
self.protocol.lineReceived("success: a\n")
self.protocol.lineReceived("successful a\n")
self.protocol.lineReceived("successful: a\n")
self.protocol.lineReceived(" ]\n")
self.protocol.lineReceived("]\n")
self.assertEqual(self.stdout.getvalue(), "")
self.assertEqual(self.client.start_calls, [self.test])
self.assertEqual(self.client.failure_calls,
[(self.test, subunit.RemoteError("test old mcdonald\n"
"failure a\n"
"failure: a\n"
"error a\n"
"error: a\n"
"success a\n"
"success: a\n"
"successful a\n"
"successful: a\n"
"]\n"))])
self.assertEqual(self.client.end_calls, [self.test])
self.assertEqual(self.client.error_calls, [])
self.assertEqual(self.client.success_calls, [])
def test_stdout_passthrough(self):
"""Lines received which cannot be interpreted as any protocol action
should be passed through to sys.stdout.
"""
bytes = "randombytes\n"
self.protocol.lineReceived(bytes)
self.assertEqual(self.stdout.getvalue(), bytes)
class TestTestProtocolServerLostConnection(unittest.TestCase):
def setUp(self):
self.client = MockTestProtocolServerClient()
self.protocol = subunit.TestProtocolServer(self.client)
self.test = subunit.RemotedTestCase("old mcdonald")
def test_lost_connection_no_input(self):
self.protocol.lostConnection()
self.assertEqual(self.client.start_calls, [])
self.assertEqual(self.client.error_calls, [])
self.assertEqual(self.client.failure_calls, [])
self.assertEqual(self.client.success_calls, [])
def test_lost_connection_after_start(self):
self.protocol.lineReceived("test old mcdonald\n")
self.protocol.lostConnection()
self.assertEqual(self.client.start_calls, [self.test])
self.assertEqual(self.client.end_calls, [self.test])
self.assertEqual(self.client.error_calls, [
(self.test, subunit.RemoteError("lost connection during "
"test 'old mcdonald'"))])
self.assertEqual(self.client.failure_calls, [])
self.assertEqual(self.client.success_calls, [])
def test_lost_connected_after_error(self):
self.protocol.lineReceived("test old mcdonald\n")
self.protocol.lineReceived("error old mcdonald\n")
self.protocol.lostConnection()
self.assertEqual(self.client.start_calls, [self.test])
self.assertEqual(self.client.failure_calls, [])
self.assertEqual(self.client.end_calls, [self.test])
self.assertEqual(self.client.error_calls, [
(self.test, subunit.RemoteError(""))])
self.assertEqual(self.client.success_calls, [])
def test_lost_connection_during_error(self):
self.protocol.lineReceived("test old mcdonald\n")
self.protocol.lineReceived("error old mcdonald [\n")
self.protocol.lostConnection()
self.assertEqual(self.client.start_calls, [self.test])
self.assertEqual(self.client.end_calls, [self.test])
self.assertEqual(self.client.error_calls, [
(self.test, subunit.RemoteError("lost connection during error "
"report of test 'old mcdonald'"))])
self.assertEqual(self.client.failure_calls, [])
self.assertEqual(self.client.success_calls, [])
def test_lost_connected_after_failure(self):
self.protocol.lineReceived("test old mcdonald\n")
self.protocol.lineReceived("failure old mcdonald\n")
self.protocol.lostConnection()
test = subunit.RemotedTestCase("old mcdonald")
self.assertEqual(self.client.start_calls, [self.test])
self.assertEqual(self.client.end_calls, [self.test])
self.assertEqual(self.client.error_calls, [])
self.assertEqual(self.client.failure_calls,
[(self.test, subunit.RemoteError())])
self.assertEqual(self.client.success_calls, [])
def test_lost_connection_during_failure(self):
self.protocol.lineReceived("test old mcdonald\n")
self.protocol.lineReceived("failure old mcdonald [\n")
self.protocol.lostConnection()
self.assertEqual(self.client.start_calls, [self.test])
self.assertEqual(self.client.end_calls, [self.test])
self.assertEqual(self.client.error_calls,
[(self.test,
subunit.RemoteError("lost connection during "
"failure report"
" of test 'old mcdonald'"))])
self.assertEqual(self.client.failure_calls, [])
self.assertEqual(self.client.success_calls, [])
def test_lost_connection_after_success(self):
self.protocol.lineReceived("test old mcdonald\n")
self.protocol.lineReceived("success old mcdonald\n")
self.protocol.lostConnection()
self.assertEqual(self.client.start_calls, [self.test])
self.assertEqual(self.client.end_calls, [self.test])
self.assertEqual(self.client.error_calls, [])
self.assertEqual(self.client.failure_calls, [])
self.assertEqual(self.client.success_calls, [self.test])
class TestTestProtocolServerAddError(unittest.TestCase):
def setUp(self):
self.client = MockTestProtocolServerClient()
self.protocol = subunit.TestProtocolServer(self.client)
self.protocol.lineReceived("test mcdonalds farm\n")
self.test = subunit.RemotedTestCase("mcdonalds farm")
def simple_error_keyword(self, keyword):
self.protocol.lineReceived("%s mcdonalds farm\n" % keyword)
self.assertEqual(self.client.start_calls, [self.test])
self.assertEqual(self.client.end_calls, [self.test])
self.assertEqual(self.client.error_calls, [
(self.test, subunit.RemoteError(""))])
self.assertEqual(self.client.failure_calls, [])
def test_simple_error(self):
self.simple_error_keyword("error")
def test_simple_error_colon(self):
self.simple_error_keyword("error:")
def test_error_empty_message(self):
self.protocol.lineReceived("error mcdonalds farm [\n")
self.protocol.lineReceived("]\n")
self.assertEqual(self.client.start_calls, [self.test])
self.assertEqual(self.client.end_calls, [self.test])
self.assertEqual(self.client.error_calls, [
(self.test, subunit.RemoteError(""))])
self.assertEqual(self.client.failure_calls, [])
def error_quoted_bracket(self, keyword):
self.protocol.lineReceived("%s mcdonalds farm [\n" % keyword)
self.protocol.lineReceived(" ]\n")
self.protocol.lineReceived("]\n")
self.assertEqual(self.client.start_calls, [self.test])
self.assertEqual(self.client.end_calls, [self.test])
self.assertEqual(self.client.error_calls, [
(self.test, subunit.RemoteError("]\n"))])
self.assertEqual(self.client.failure_calls, [])
def test_error_quoted_bracket(self):
self.error_quoted_bracket("error")
def test_error_colon_quoted_bracket(self):
self.error_quoted_bracket("error:")
class TestTestProtocolServerAddFailure(unittest.TestCase):
def setUp(self):
self.client = MockTestProtocolServerClient()
self.protocol = subunit.TestProtocolServer(self.client)
self.protocol.lineReceived("test mcdonalds farm\n")
self.test = subunit.RemotedTestCase("mcdonalds farm")
def simple_failure_keyword(self, keyword):
self.protocol.lineReceived("%s mcdonalds farm\n" % keyword)
self.assertEqual(self.client.start_calls, [self.test])
self.assertEqual(self.client.end_calls, [self.test])
self.assertEqual(self.client.error_calls, [])
self.assertEqual(self.client.failure_calls,
[(self.test, subunit.RemoteError())])
def test_simple_failure(self):
self.simple_failure_keyword("failure")
def test_simple_failure_colon(self):
self.simple_failure_keyword("failure:")
def test_failure_empty_message(self):
self.protocol.lineReceived("failure mcdonalds farm [\n")
self.protocol.lineReceived("]\n")
self.assertEqual(self.client.start_calls, [self.test])
self.assertEqual(self.client.end_calls, [self.test])
self.assertEqual(self.client.error_calls, [])
self.assertEqual(self.client.failure_calls,
[(self.test, subunit.RemoteError())])
def failure_quoted_bracket(self, keyword):
self.protocol.lineReceived("%s mcdonalds farm [\n" % keyword)
self.protocol.lineReceived(" ]\n")
self.protocol.lineReceived("]\n")
self.assertEqual(self.client.start_calls, [self.test])
self.assertEqual(self.client.end_calls, [self.test])
self.assertEqual(self.client.error_calls, [])
self.assertEqual(self.client.failure_calls,
[(self.test, subunit.RemoteError("]\n"))])
def test_failure_quoted_bracket(self):
self.failure_quoted_bracket("failure")
def test_failure_colon_quoted_bracket(self):
self.failure_quoted_bracket("failure:")
class TestTestProtocolServerAddSuccess(unittest.TestCase):
def setUp(self):
self.client = MockTestProtocolServerClient()
self.protocol = subunit.TestProtocolServer(self.client)
self.protocol.lineReceived("test mcdonalds farm\n")
self.test = subunit.RemotedTestCase("mcdonalds farm")
def simple_success_keyword(self, keyword):
self.protocol.lineReceived("%s mcdonalds farm\n" % keyword)
self.assertEqual(self.client.start_calls, [self.test])
self.assertEqual(self.client.end_calls, [self.test])
self.assertEqual(self.client.error_calls, [])
self.assertEqual(self.client.success_calls, [self.test])
def test_simple_success(self):
self.simple_success_keyword("failure")
def test_simple_success_colon(self):
self.simple_success_keyword("failure:")
def test_simple_success(self):
self.simple_success_keyword("successful")
def test_simple_success_colon(self):
self.simple_success_keyword("successful:")
class TestRemotedTestCase(unittest.TestCase):
def test_simple(self):
test = subunit.RemotedTestCase("A test description")
self.assertRaises(NotImplementedError, test.setUp)
self.assertRaises(NotImplementedError, test.tearDown)
self.assertEqual("A test description",
test.shortDescription())
self.assertEqual("subunit.RemotedTestCase.A test description",
test.id())
self.assertEqual("A test description (subunit.RemotedTestCase)", "%s" % test)
self.assertEqual("<subunit.RemotedTestCase description="
"'A test description'>", "%r" % test)
result = unittest.TestResult()
test.run(result)
self.assertEqual([(test, "RemoteException: "
"Cannot run RemotedTestCases.\n\n")],
result.errors)
self.assertEqual(1, result.testsRun)
another_test = subunit.RemotedTestCase("A test description")
self.assertEqual(test, another_test)
different_test = subunit.RemotedTestCase("ofo")
self.assertNotEqual(test, different_test)
self.assertNotEqual(another_test, different_test)
class TestRemoteError(unittest.TestCase):
def test_eq(self):
error = subunit.RemoteError("Something went wrong")
another_error = subunit.RemoteError("Something went wrong")
different_error = subunit.RemoteError("boo!")
self.assertEqual(error, another_error)
self.assertNotEqual(error, different_error)
self.assertNotEqual(different_error, another_error)
def test_empty_constructor(self):
self.assertEqual(subunit.RemoteError(), subunit.RemoteError(""))
class TestExecTestCase(unittest.TestCase):
class SampleExecTestCase(subunit.ExecTestCase):
def test_sample_method(self):
"""sample-script.py"""
# the sample script runs three tests, one each
# that fails, errors and succeeds
def test_construct(self):
test = self.SampleExecTestCase("test_sample_method")
self.assertEqual(test.script,
subunit.join_dir(__file__, 'sample-script.py'))
def test_run(self):
runner = MockTestProtocolServerClient()
test = self.SampleExecTestCase("test_sample_method")
test.run(runner)
mcdonald = subunit.RemotedTestCase("old mcdonald")
bing = subunit.RemotedTestCase("bing crosby")
an_error = subunit.RemotedTestCase("an error")
self.assertEqual(runner.error_calls,
[(an_error, subunit.RemoteError())])
self.assertEqual(runner.failure_calls,
[(bing,
subunit.RemoteError(
"foo.c:53:ERROR invalid state\n"))])
self.assertEqual(runner.start_calls, [mcdonald, bing, an_error])
self.assertEqual(runner.end_calls, [mcdonald, bing, an_error])
def test_debug(self):
test = self.SampleExecTestCase("test_sample_method")
test.debug()
def test_count_test_cases(self):
"""TODO run the child process and count responses to determine the count."""
def test_join_dir(self):
sibling = subunit.join_dir(__file__, 'foo')
expected = '%s/foo' % (os.path.split(__file__)[0],)
self.assertEqual(sibling, expected)
class DoExecTestCase(subunit.ExecTestCase):
def test_working_script(self):
"""sample-two-script.py"""
class TestIsolatedTestCase(unittest.TestCase):
class SampleIsolatedTestCase(subunit.IsolatedTestCase):
SETUP = False
TEARDOWN = False
TEST = False
def setUp(self):
TestIsolatedTestCase.SampleIsolatedTestCase.SETUP = True
def tearDown(self):
TestIsolatedTestCase.SampleIsolatedTestCase.TEARDOWN = True
def test_sets_global_state(self):
TestIsolatedTestCase.SampleIsolatedTestCase.TEST = True
def test_construct(self):
test = self.SampleIsolatedTestCase("test_sets_global_state")
def test_run(self):
result = unittest.TestResult()
test = self.SampleIsolatedTestCase("test_sets_global_state")
test.run(result)
self.assertEqual(result.testsRun, 1)
self.assertEqual(self.SampleIsolatedTestCase.SETUP, False)
self.assertEqual(self.SampleIsolatedTestCase.TEARDOWN, False)
self.assertEqual(self.SampleIsolatedTestCase.TEST, False)
def test_debug(self):
pass
#test = self.SampleExecTestCase("test_sample_method")
#test.debug()
class TestIsolatedTestSuite(unittest.TestCase):
class SampleTestToIsolate(unittest.TestCase):
SETUP = False
TEARDOWN = False
TEST = False
def setUp(self):
TestIsolatedTestSuite.SampleTestToIsolate.SETUP = True
def tearDown(self):
TestIsolatedTestSuite.SampleTestToIsolate.TEARDOWN = True
def test_sets_global_state(self):
TestIsolatedTestSuite.SampleTestToIsolate.TEST = True
def test_construct(self):
suite = subunit.IsolatedTestSuite()
def test_run(self):
result = unittest.TestResult()
suite = subunit.IsolatedTestSuite()
sub_suite = unittest.TestSuite()
sub_suite.addTest(self.SampleTestToIsolate("test_sets_global_state"))
sub_suite.addTest(self.SampleTestToIsolate("test_sets_global_state"))
suite.addTest(sub_suite)
suite.addTest(self.SampleTestToIsolate("test_sets_global_state"))
suite.run(result)
self.assertEqual(result.testsRun, 3)
self.assertEqual(self.SampleTestToIsolate.SETUP, False)
self.assertEqual(self.SampleTestToIsolate.TEARDOWN, False)
self.assertEqual(self.SampleTestToIsolate.TEST, False)
class TestTestProtocolClient(unittest.TestCase):
def setUp(self):
self.io = StringIO()
self.protocol = subunit.TestProtocolClient(self.io)
self.test = TestTestProtocolClient("test_start_test")
def test_start_test(self):
"""Test startTest on a TestProtocolClient."""
self.protocol.startTest(self.test)
self.assertEqual(self.io.getvalue(), "test: %s\n" % self.test.id())
def test_stop_test(self):
"""Test stopTest on a TestProtocolClient."""
self.protocol.stopTest(self.test)
self.assertEqual(self.io.getvalue(), "")
def test_add_success(self):
"""Test addSuccess on a TestProtocolClient."""
self.protocol.addSuccess(self.test)
self.assertEqual(
self.io.getvalue(), "successful: %s\n" % self.test.id())
def test_add_failure(self):
"""Test addFailure on a TestProtocolClient."""
self.protocol.addFailure(self.test, subunit.RemoteError("boo"))
self.assertEqual(
self.io.getvalue(),
'failure: %s [\nRemoteException: boo\n]\n' % self.test.id())
def test_add_error(self):
"""Test stopTest on a TestProtocolClient."""
self.protocol.addError(self.test, subunit.RemoteError("phwoar"))
self.assertEqual(
self.io.getvalue(),
'error: %s [\n'
"RemoteException: phwoar\n"
"]\n" % self.test.id())
def test_suite():
loader = subunit.tests.TestUtil.TestLoader()
result = loader.loadTestsFromName(__name__)
return result

43
lib/talloc/talloc_guide.txt
View File

@ -1,5 +1,7 @@
Using talloc in Samba4
----------------------
======================
.. contents::
Andrew Tridgell
September 2004
@ -18,7 +20,7 @@ get used to it.
Perhaps the biggest change from Samba3 is that there is no distinction
between a "talloc context" and a "talloc pointer". Any pointer
returned from talloc() is itself a valid talloc context. This means
you can do this:
you can do this::
struct foo *X = talloc(mem_ctx, struct foo);
X->name = talloc_strdup(X, "foo");
@ -271,7 +273,7 @@ equivalent to:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
void *talloc_named_const(const void *context, size_t size, const char *name);
This is equivalent to:
This is equivalent to::
ptr = talloc_size(context, size);
talloc_set_name_const(ptr, name);
@ -288,7 +290,7 @@ talloc_set_name() for details.
void *talloc_init(const char *fmt, ...);
This function creates a zero length named talloc context as a top
level context. It is equivalent to:
level context. It is equivalent to::
talloc_named(NULL, 0, fmt, ...);
@ -309,7 +311,7 @@ The talloc_realloc() macro changes the size of a talloc
pointer. The "count" argument is the number of elements of type "type"
that you want the resulting pointer to hold.
talloc_realloc() has the following equivalences:
talloc_realloc() has the following equivalences::
talloc_realloc(context, NULL, type, 1) ==> talloc(context, type);
talloc_realloc(context, NULL, type, N) ==> talloc_array(context, type, N);
@ -490,7 +492,7 @@ This disables tracking of the NULL memory context.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
(type *)talloc_zero(const void *ctx, type);
The talloc_zero() macro is equivalent to:
The talloc_zero() macro is equivalent to::
ptr = talloc(ctx, type);
if (ptr) memset(ptr, 0, sizeof(type));
@ -505,7 +507,7 @@ The talloc_zero_size() function is useful when you don't have a known type
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
void *talloc_memdup(const void *ctx, const void *p, size_t size);
The talloc_memdup() function is equivalent to:
The talloc_memdup() function is equivalent to::
ptr = talloc_size(ctx, size);
if (ptr) memcpy(ptr, p, size);
@ -514,13 +516,14 @@ The talloc_memdup() function is equivalent to:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
char *talloc_strdup(const void *ctx, const char *p);
The talloc_strdup() function is equivalent to:
The talloc_strdup() function is equivalent to::
ptr = talloc_size(ctx, strlen(p)+1);
if (ptr) memcpy(ptr, p, strlen(p)+1);
This functions sets the name of the new pointer to the passed
string. This is equivalent to:
string. This is equivalent to::
talloc_set_name_const(ptr, ptr)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
@ -540,7 +543,8 @@ The talloc_append_string() function appends the given formatted
string to the given string.
This function sets the name of the new pointer to the new
string. This is equivalent to:
string. This is equivalent to::
talloc_set_name_const(ptr, ptr)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
@ -550,7 +554,8 @@ The talloc_vasprintf() function is the talloc equivalent of the C
library function vasprintf()
This functions sets the name of the new pointer to the new
string. This is equivalent to:
string. This is equivalent to::
talloc_set_name_const(ptr, ptr)
@ -561,7 +566,8 @@ The talloc_asprintf() function is the talloc equivalent of the C
library function asprintf()
This functions sets the name of the new pointer to the new
string. This is equivalent to:
string. This is equivalent to::
talloc_set_name_const(ptr, ptr)
@ -574,7 +580,8 @@ Use this varient when the string in the current talloc buffer may
have been truncated in length.
This functions sets the name of the new pointer to the new
string. This is equivalent to:
string. This is equivalent to::
talloc_set_name_const(ptr, ptr)
@ -587,14 +594,15 @@ Use this varient when the string in the current talloc buffer has
not been changed.
This functions sets the name of the new pointer to the new
string. This is equivalent to:
string. This is equivalent to::
talloc_set_name_const(ptr, ptr)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
((type *)talloc_array(const void *ctx, type, uint_t count);
The talloc_array() macro is equivalent to:
The talloc_array() macro is equivalent to::
(type *)talloc_size(ctx, sizeof(type) * count);
@ -648,7 +656,7 @@ then the pointer is returned. It it doesn't then NULL is returned.
This macro allows you to do type checking on talloc pointers. It is
particularly useful for void* private pointers. It is equivalent to
this:
this::
(type *)talloc_check_name(ptr, #type)
@ -660,7 +668,8 @@ This macro allows you to force the name of a pointer to be a
particular type. This can be used in conjunction with
talloc_get_type() to do type checking on void* pointers.
It is equivalent to this:
It is equivalent to this::
talloc_set_name_const(ptr, #type)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

2
lib/tdb/configure.ac
View File

@ -2,7 +2,7 @@ AC_PREREQ(2.50)
AC_DEFUN([SMB_MODULE_DEFAULT], [echo -n ""])
AC_DEFUN([SMB_LIBRARY_ENABLE], [echo -n ""])
AC_DEFUN([SMB_ENABLE], [echo -n ""])
AC_INIT(tdb, 1.1.2)
AC_INIT(tdb, 1.1.3)
AC_CONFIG_SRCDIR([common/tdb.c])
AC_CONFIG_HEADER(include/config.h)
AC_LIBREPLACE_ALL_CHECKS

90
libcli/netlogon.c
View File

@ -22,6 +22,13 @@
#include "includes.h"
#include "../libcli/netlogon.h"
#undef DEBUG
#define DEBUG(x, y)
#undef DEBUGLVL
#define DEBUGLVL(x) false
#undef DEBUGLEVEL
#define DEBUGLEVEL 0
NTSTATUS push_netlogon_samlogon_response(DATA_BLOB *data, TALLOC_CTX *mem_ctx,
struct smb_iconv_convenience *iconv_convenience,
struct netlogon_samlogon_response *response)
@ -30,17 +37,17 @@ NTSTATUS push_netlogon_samlogon_response(DATA_BLOB *data, TALLOC_CTX *mem_ctx,
if (response->ntver == NETLOGON_NT_VERSION_1) {
ndr_err = ndr_push_struct_blob(data, mem_ctx,
iconv_convenience,
&response->nt4,
&response->data.nt4,
(ndr_push_flags_fn_t)ndr_push_NETLOGON_SAM_LOGON_RESPONSE_NT40);
} else if (response->ntver & NETLOGON_NT_VERSION_5EX) {
ndr_err = ndr_push_struct_blob(data, mem_ctx,
iconv_convenience,
&response->nt5_ex,
&response->data.nt5_ex,
(ndr_push_flags_fn_t)ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags);
} else if (response->ntver & NETLOGON_NT_VERSION_5) {
ndr_err = ndr_push_struct_blob(data, mem_ctx,
iconv_convenience,
&response->nt5,
&response->data.nt5,
(ndr_push_flags_fn_t)ndr_push_NETLOGON_SAM_LOGON_RESPONSE);
} else {
DEBUG(0, ("Asked to push unknown netlogon response type 0x%02x\n", response->ntver));
@ -79,11 +86,12 @@ NTSTATUS pull_netlogon_samlogon_response(DATA_BLOB *data, TALLOC_CTX *mem_ctx,
if (ntver == NETLOGON_NT_VERSION_1) {
ndr_err = ndr_pull_struct_blob_all(data, mem_ctx,
iconv_convenience,
&response->nt4,
&response->data.nt4,
(ndr_pull_flags_fn_t)ndr_pull_NETLOGON_SAM_LOGON_RESPONSE_NT40);
response->ntver = NETLOGON_NT_VERSION_1;
if (NDR_ERR_CODE_IS_SUCCESS(ndr_err) && DEBUGLEVEL >= 10) {
NDR_PRINT_DEBUG(NETLOGON_SAM_LOGON_RESPONSE_NT40, &response->nt4);
NDR_PRINT_DEBUG(NETLOGON_SAM_LOGON_RESPONSE_NT40,
&response->data.nt4);
}
} else if (ntver & NETLOGON_NT_VERSION_5EX) {
@ -92,7 +100,9 @@ NTSTATUS pull_netlogon_samlogon_response(DATA_BLOB *data, TALLOC_CTX *mem_ctx,
if (!ndr) {
return NT_STATUS_NO_MEMORY;
}
ndr_err = ndr_pull_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags(ndr, NDR_SCALARS|NDR_BUFFERS, &response->nt5_ex, ntver);
ndr_err = ndr_pull_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags(
ndr, NDR_SCALARS|NDR_BUFFERS, &response->data.nt5_ex,
ntver);
if (ndr->offset < ndr->data_size) {
ndr_err = ndr_pull_error(ndr, NDR_ERR_UNREAD_BYTES,
"not all bytes consumed ofs[%u] size[%u]",
@ -100,17 +110,19 @@ NTSTATUS pull_netlogon_samlogon_response(DATA_BLOB *data, TALLOC_CTX *mem_ctx,
}
response->ntver = NETLOGON_NT_VERSION_5EX;
if (NDR_ERR_CODE_IS_SUCCESS(ndr_err) && DEBUGLEVEL >= 10) {
NDR_PRINT_DEBUG(NETLOGON_SAM_LOGON_RESPONSE_EX, &response->nt5_ex);
NDR_PRINT_DEBUG(NETLOGON_SAM_LOGON_RESPONSE_EX,
&response->data.nt5_ex);
}
} else if (ntver & NETLOGON_NT_VERSION_5) {
ndr_err = ndr_pull_struct_blob_all(data, mem_ctx,
iconv_convenience,
&response->nt5,
&response->data.nt5,
(ndr_pull_flags_fn_t)ndr_pull_NETLOGON_SAM_LOGON_RESPONSE);
response->ntver = NETLOGON_NT_VERSION_5;
if (NDR_ERR_CODE_IS_SUCCESS(ndr_err) && DEBUGLEVEL >= 10) {
NDR_PRINT_DEBUG(NETLOGON_SAM_LOGON_RESPONSE, &response->nt5);
NDR_PRINT_DEBUG(NETLOGON_SAM_LOGON_RESPONSE,
&response->data.nt5);
}
} else {
DEBUG(2,("failed to parse netlogon response of type 0x%02x - unknown response type\n",
@ -137,34 +149,34 @@ void map_netlogon_samlogon_response(struct netlogon_samlogon_response *response)
break;
case NETLOGON_NT_VERSION_5:
ZERO_STRUCT(response_5_ex);
response_5_ex.command = response->nt5.command;
response_5_ex.pdc_name = response->nt5.pdc_name;
response_5_ex.user_name = response->nt5.user_name;
response_5_ex.domain = response->nt5.domain_name;
response_5_ex.domain_uuid = response->nt5.domain_uuid;
response_5_ex.forest = response->nt5.forest;
response_5_ex.dns_domain = response->nt5.dns_domain;
response_5_ex.pdc_dns_name = response->nt5.pdc_dns_name;
response_5_ex.sockaddr.pdc_ip = response->nt5.pdc_ip;
response_5_ex.server_type = response->nt5.server_type;
response_5_ex.nt_version = response->nt5.nt_version;
response_5_ex.lmnt_token = response->nt5.lmnt_token;
response_5_ex.lm20_token = response->nt5.lm20_token;
response_5_ex.command = response->data.nt5.command;
response_5_ex.pdc_name = response->data.nt5.pdc_name;
response_5_ex.user_name = response->data.nt5.user_name;
response_5_ex.domain = response->data.nt5.domain_name;
response_5_ex.domain_uuid = response->data.nt5.domain_uuid;
response_5_ex.forest = response->data.nt5.forest;
response_5_ex.dns_domain = response->data.nt5.dns_domain;
response_5_ex.pdc_dns_name = response->data.nt5.pdc_dns_name;
response_5_ex.sockaddr.pdc_ip = response->data.nt5.pdc_ip;
response_5_ex.server_type = response->data.nt5.server_type;
response_5_ex.nt_version = response->data.nt5.nt_version;
response_5_ex.lmnt_token = response->data.nt5.lmnt_token;
response_5_ex.lm20_token = response->data.nt5.lm20_token;
response->ntver = NETLOGON_NT_VERSION_5EX;
response->nt5_ex = response_5_ex;
response->data.nt5_ex = response_5_ex;
break;
case NETLOGON_NT_VERSION_1:
ZERO_STRUCT(response_5_ex);
response_5_ex.command = response->nt4.command;
response_5_ex.pdc_name = response->nt4.server;
response_5_ex.user_name = response->nt4.user_name;
response_5_ex.domain = response->nt4.domain;
response_5_ex.nt_version = response->nt4.nt_version;
response_5_ex.lmnt_token = response->nt4.lmnt_token;
response_5_ex.lm20_token = response->nt4.lm20_token;
response_5_ex.command = response->data.nt4.command;
response_5_ex.pdc_name = response->data.nt4.server;
response_5_ex.user_name = response->data.nt4.user_name;
response_5_ex.domain = response->data.nt4.domain;
response_5_ex.nt_version = response->data.nt4.nt_version;
response_5_ex.lmnt_token = response->data.nt4.lmnt_token;
response_5_ex.lm20_token = response->data.nt4.lm20_token;
response->ntver = NETLOGON_NT_VERSION_5EX;
response->nt5_ex = response_5_ex;
response->data.nt5_ex = response_5_ex;
break;
}
return;
@ -178,7 +190,9 @@ NTSTATUS push_nbt_netlogon_response(DATA_BLOB *data, TALLOC_CTX *mem_ctx,
enum ndr_err_code ndr_err;
switch (response->response_type) {
case NETLOGON_GET_PDC:
ndr_err = ndr_push_struct_blob(data, mem_ctx, iconv_convenience, &response->get_pdc,
ndr_err = ndr_push_struct_blob(data, mem_ctx,
iconv_convenience,
&response->data.get_pdc,
(ndr_push_flags_fn_t)ndr_push_nbt_netlogon_response_from_pdc);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
status = ndr_map_error2ntstatus(ndr_err);
@ -192,7 +206,9 @@ NTSTATUS push_nbt_netlogon_response(DATA_BLOB *data, TALLOC_CTX *mem_ctx,
status = NT_STATUS_OK;
break;
case NETLOGON_SAMLOGON:
status = push_netlogon_samlogon_response(data, mem_ctx, iconv_convenience, &response->samlogon);
status = push_netlogon_samlogon_response(
data, mem_ctx, iconv_convenience,
&response->data.samlogon);
break;
}
return status;
@ -214,7 +230,9 @@ NTSTATUS pull_nbt_netlogon_response(DATA_BLOB *data, TALLOC_CTX *mem_ctx,
switch (command) {
case NETLOGON_RESPONSE_FROM_PDC:
ndr_err = ndr_pull_struct_blob_all(data, mem_ctx, iconv_convenience, &response->get_pdc,
ndr_err = ndr_pull_struct_blob_all(data, mem_ctx,
iconv_convenience,
&response->data.get_pdc,
(ndr_pull_flags_fn_t)ndr_pull_nbt_netlogon_response_from_pdc);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
status = ndr_map_error2ntstatus(ndr_err);
@ -234,7 +252,9 @@ NTSTATUS pull_nbt_netlogon_response(DATA_BLOB *data, TALLOC_CTX *mem_ctx,
case LOGON_SAM_LOGON_RESPONSE_EX:
case LOGON_SAM_LOGON_PAUSE_RESPONSE_EX:
case LOGON_SAM_LOGON_USER_UNKNOWN_EX:
status = pull_netlogon_samlogon_response(data, mem_ctx, iconv_convenience, &response->samlogon);
status = pull_netlogon_samlogon_response(
data, mem_ctx, iconv_convenience,
&response->data.samlogon);
response->response_type = NETLOGON_SAMLOGON;
break;

4
libcli/netlogon.h
View File

@ -36,7 +36,7 @@ struct netlogon_samlogon_response
struct NETLOGON_SAM_LOGON_RESPONSE_NT40 nt4;
struct NETLOGON_SAM_LOGON_RESPONSE nt5;
struct NETLOGON_SAM_LOGON_RESPONSE_EX nt5_ex;
};
} data;
};
@ -46,7 +46,7 @@ struct nbt_netlogon_response
union {
struct nbt_netlogon_response_from_pdc get_pdc;
struct netlogon_samlogon_response samlogon;
};
} data;
};
#include "../libcli/netlogon_proto.h"

3
pidl/TODO
View File

@ -1,8 +1,5 @@
- warn when union instances don't have a discriminant
- EJS output backend shouldn't use the NDR levels stuff but instead
as the "C levels" and NDR levels don't necessarily match.
- true multiple dimension array / strings in arrays support
- compatibility mode for generating MIDL-readable data:

4
pidl/config.mk
View File

@ -1,13 +1,13 @@
PIDL = $(PERL) $(pidldir)/pidl
$(pidldir)/Makefile: $(pidldir)/Makefile.PL
cd $(pidldir) && $(PERL) Makefile.PL PREFIX=$(prefix)
@cd $(pidldir) && $(PERL) Makefile.PL PREFIX=$(prefix)
pidl-testcov: $(pidldir)/Makefile
cd $(pidldir) && cover -test
installpidl:: $(pidldir)/Makefile
$(MAKE) -C $(pidldir) install_vendor VENDORPREFIX=$(prefix) \
@$(MAKE) -C $(pidldir) install_vendor VENDORPREFIX=$(prefix) \
INSTALLVENDORLIB=$(datarootdir)/perl5 \
INSTALLVENDORBIN=$(bindir) \
INSTALLVENDORSCRIPT=$(bindir) \

4
pidl/lib/Parse/Pidl/ODL.pm
View File

@ -57,6 +57,10 @@ sub ODL2IDL
if ($x->{TYPE} eq "IMPORT") {
foreach my $idl_file (@{$x->{PATHS}}) {
$idl_file = unmake_str($idl_file);
unless (-f "$basedir/$idl_file") {
error($x, "Unable to open include file `$idl_file'");
next;
}
my $podl = Parse::Pidl::IDL::parse_file("$basedir/$idl_file", $opt_incdirs);
if (defined(@$podl)) {
require Parse::Pidl::Typelist;

10
pidl/lib/Parse/Pidl/Samba4/Python.pm
View File

@ -1173,6 +1173,7 @@ sub Parse($$$$$)
$self->pidl("{");
$self->indent;
$self->pidl("PyObject *m;");
$self->pidl("NTSTATUS status;");
$self->pidl("");
foreach (@{$self->{ready_types}}) {
@ -1208,6 +1209,15 @@ sub Parse($$$$$)
$self->pidl("PyModule_AddObject(m, \"$object_name\", $c_name);");
}
$self->pidl("");
$self->pidl("status = dcerpc_init();");
$self->pidl("if (!NT_STATUS_IS_OK(status)) {");
$self->indent;
$self->pidl("PyErr_SetNTSTATUS(status);");
$self->pidl("return;");
$self->deindent;
$self->pidl("}");
$self->deindent;
$self->pidl("}");
return ($self->{res_hdr}, $self->{res});

0
pidl/tests/samba3-srv.pl Normal file → Executable file
View File

31
prog_guide4.txt
View File

@ -5,7 +5,9 @@ FROM A FEW PEOPLE. DON'T TAKE THIS AS THE FINAL VERSION YET.
Samba4 Programming Guide
------------------------
========================
.. contents::
The internals of Samba4 are quite different from previous versions of
Samba, so even if you are an experienced Samba developer please take
@ -144,8 +146,7 @@ data is a bug waiting to happen.
Static data is evil as it has the following consequences:
- it makes code much less likely to be thread-safe
- it makes code much less likely to be recursion-safe
- it leads to subtle side effects when the same code is called from
multiple places
- it leads to subtle side effects when the same code is called from multiple places
- doesn't play well with shared libraries or plugins
Static data is particularly evil in library code (such as our internal
@ -273,9 +274,9 @@ generating the right offsets.
The same rule applies to strings. In many places in the SMB and MSRPC
protocols complex strings are used on the wire, with complex rules
about padding, format, alighment, termination etc. None of that
information is useful to a high level calling routine or to a backend
- its all just so much wire fluff. So, in Samba4 these strings are
just "char *" and are always in our internal multi-byte format (which
information is useful to a high level calling routine or to a backend - its
all just so much wire fluff. So, in Samba4 these strings are
just "char \*" and are always in our internal multi-byte format (which
is usually UTF8). It is up to the parse functions to worry about
translating the format and getting the padding right.
@ -580,13 +581,17 @@ DCERPC Handles
The various handles that are used in the RPC servers should be created and
fetch using the dcesrv_handle_* functions.
Use dcesrv_handle_new(struct dcesrv_connection *, uint8 handle_type) to obtain
Use dcesrv_handle_new(struct dcesrv_connection \*, uint8 handle_type) to obtain
a new handle of the specified type. Handle types are unique within each
pipe.
The handle can later be fetched again using
struct dcesrv_handle *dcesrv_handle_fetch(struct dcesrv_connection *dce_conn, struct policy_handle *p, uint8 handle_type)
and destroyed by dcesrv_handle_destroy(struct dcesrv_handle *).
The handle can later be fetched again using::
struct dcesrv_handle *dcesrv_handle_fetch(struct dcesrv_connection *dce_conn, struct policy_handle *p, uint8 handle_type)
and destroyed by::
dcesrv_handle_destroy(struct dcesrv_handle *).
User data should be stored in the 'data' member of the dcesrv_handle struct.
@ -765,12 +770,10 @@ BUGS:
no 137 resolution not possible
should not fallback to anon when pass supplied
should check pass-thu cap bit, and skip lots of tests
possibly allow the test suite to say "allow oversized replies" for
trans2 and other calls
possibly allow the test suite to say "allow oversized replies" for trans2 and other calls
handle servers that don't have the setattre call in torture
add max file coponent length test and max path len test
check for alloc failure in all core reply.c and trans2.c code where
allocation size depends on client parameter
check for alloc failure in all core reply.c and trans2.c code where allocation size depends on client parameter
case-insenstive idea:
all filenames on disk lowercase

50
source3/Makefile.in
View File

@ -127,6 +127,7 @@ LOGFILEBASE = @logfilebase@
CONFIGFILE = $(CONFIGDIR)/smb.conf
LMHOSTSFILE = $(CONFIGDIR)/lmhosts
CTDBDIR = @ctdbdir@
NCALRPCDIR = @ncalrpcdir@
# This is where smbpasswd et al go
PRIVATEDIR = @privatedir@
@ -166,6 +167,7 @@ PATH_FLAGS = -DSMB_PASSWD_FILE=\"$(SMB_PASSWD_FILE)\" \
-DLOGFILEBASE=\"$(LOGFILEBASE)\" \
-DSHLIBEXT=\"@SHLIBEXT@\" \
-DCTDBDIR=\"$(CTDBDIR)\" \
-DNCALRPCDIR=\"$(NCALRPCDIR)\" \
-DCONFIGDIR=\"$(CONFIGDIR)\" \
-DCODEPAGEDIR=\"$(CODEPAGEDIR)\" \
-DCACHEDIR=\"$(CACHEDIR)\" \
@ -621,6 +623,7 @@ VFS_FILEID_OBJ = modules/vfs_fileid.o
VFS_AIO_FORK_OBJ = modules/vfs_aio_fork.o
VFS_SYNCOPS_OBJ = modules/vfs_syncops.o
VFS_ACL_XATTR_OBJ = modules/vfs_acl_xattr.o
VFS_SMB_TRAFFIC_ANALYZER_OBJ = modules/vfs_smb_traffic_analyzer.o
PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o
@ -635,6 +638,7 @@ AUTH_SERVER_OBJ = auth/auth_server.o
AUTH_UNIX_OBJ = auth/auth_unix.o
AUTH_WINBIND_OBJ = auth/auth_winbind.o
AUTH_SCRIPT_OBJ = auth/auth_script.o
AUTH_NETLOGOND_OBJ = auth/auth_netlogond.o
AUTH_OBJ = auth/auth.o @AUTH_STATIC@ auth/auth_util.o auth/token_util.o \
auth/auth_compat.o auth/auth_ntlmssp.o \
@ -738,6 +742,10 @@ TESTPARM_OBJ = utils/testparm.o \
$(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \
$(LIBSAMBA_OBJ)
TEST_LP_LOAD_OBJ = param/test_lp_load.o \
$(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \
$(POPT_LIB_OBJ) $(LIBSAMBA_OBJ)
PASSWD_UTIL_OBJ = utils/passwd_util.o
SMBPASSWD_OBJ = utils/smbpasswd.o $(PASSWD_UTIL_OBJ) $(PASSCHANGE_OBJ) \
@ -1070,7 +1078,7 @@ LDBDEL_OBJ = $(LDB_CMDLINE_OBJ) lib/ldb/tools/ldbdel.o
LDBMODIFY_OBJ = $(LDB_CMDLINE_OBJ) lib/ldb/tools/ldbmodify.o
WINBIND_KRB5_LOCATOR_OBJ1 = nsswitch/winbind_krb5_locator.o
WINBIND_KRB5_LOCATOR_OBJ = $(WINBIND_KRB5_LOCATOR_OBJ1) $(WBCOMMON_OBJ) $(LIBREPLACE_OBJ)
WINBIND_KRB5_LOCATOR_OBJ = $(WINBIND_KRB5_LOCATOR_OBJ1) $(LIBREPLACE_OBJ)
POPT_OBJ=../lib/popt/findme.o ../lib/popt/popt.o ../lib/popt/poptconfig.o \
../lib/popt/popthelp.o ../lib/popt/poptparse.o
@ -1138,6 +1146,8 @@ pam_smbpass: SHOWFLAGS bin/pam_smbpass.@SHLIBEXT@
pam_winbind: SHOWFLAGS bin/pam_winbind.@SHLIBEXT@
gpext_modules:: $(GPEXT_MODULES)
torture:: SHOWFLAGS $(TORTURE_PROGS)
smbtorture : SHOWFLAGS bin/smbtorture@EXEEXT@
@ -1708,6 +1718,7 @@ LIBWBCLIENT_OBJ0 = nsswitch/libwbclient/wbclient.o \
nsswitch/libwbclient/wbc_pwd.o \
nsswitch/libwbclient/wbc_idmap.o \
nsswitch/libwbclient/wbc_sid.o \
nsswitch/libwbclient/wbc_guid.o \
nsswitch/libwbclient/wbc_pam.o
LIBWBCLIENT_OBJ = $(LIBWBCLIENT_OBJ0) \
$(WBCOMMON_OBJ) \
@ -2166,15 +2177,15 @@ bin/vlp@EXEEXT@: $(BINARY_PREREQS) $(VLP_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
$(LDAP_LIBS) $(KRB5LIBS) $(LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \
@SONAMEFLAG@`basename $@`@NSSSONAMEVERSIONSUFFIX@
bin/winbind_krb5_locator.@SHLIBEXT@: $(BINARY_PREREQS) $(WINBIND_KRB5_LOCATOR_OBJ)
bin/winbind_krb5_locator.@SHLIBEXT@: $(BINARY_PREREQS) $(WINBIND_KRB5_LOCATOR_OBJ) @LIBWBCLIENT_SHARED@
@echo "Linking $@"
@$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_KRB5_LOCATOR_OBJ) \
@$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_KRB5_LOCATOR_OBJ) $(WINBIND_LIBS) \
@SONAMEFLAG@`basename $@`
bin/pam_winbind.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_WINBIND_OBJ)
bin/pam_winbind.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_WINBIND_OBJ) @LIBTALLOC_SHARED@ @LIBWBCLIENT_SHARED@
@echo "Linking shared library $@"
@$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_WINBIND_OBJ) -lpam @INIPARSERLIBS@ \
$(PAM_WINBIND_EXTRA_LIBS) @SONAMEFLAG@`basename $@`
$(PAM_WINBIND_EXTRA_LIBS) $(LIBTALLOC_LIBS) $(WINBIND_LIBS) @SONAMEFLAG@`basename $@`
bin/builtin.@SHLIBEXT@: $(BINARY_PREREQS) $(AUTH_BUILTIN_OBJ)
@echo "Building plugin $@"
@ -2188,6 +2199,10 @@ bin/script.@SHLIBEXT@: $(BINARY_PREREQS) $(AUTH_SCRIPT_OBJ)
@echo "Building plugin $@"
@$(SHLD_MODULE) $(AUTH_SCRIPT_OBJ)
bin/netlogond.@SHLIBEXT@: $(BINARY_PREREQS) $(AUTH_NETLOGOND_OBJ)
@echo "Building plugin $@"
@$(SHLD_MODULE) $(AUTH_NETLOGOND_OBJ)
bin/smbserver.@SHLIBEXT@: $(BINARY_PREREQS) $(AUTH_SERVER_OBJ)
@echo "Building plugin $@"
@$(SHLD_MODULE) $(AUTH_SERVER_OBJ)
@ -2403,6 +2418,10 @@ bin/acl_xattr.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_ACL_XATTR_OBJ)
@echo "Building plugin $@"
@$(SHLD_MODULE) $(VFS_ACL_XATTR_OBJ)
bin/smb_traffic_analyzer.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_SMB_TRAFFIC_ANALYZER_OBJ)
@echo "Building plugin $@"
@$(SHLD_MODULE) $(VFS_SMB_TRAFFIC_ANALYZER_OBJ)
bin/registry.@SHLIBEXT@: $(BINARY_PREREQS) libgpo/gpext/registry.o
@echo "Building plugin $@"
@$(SHLD_MODULE) libgpo/gpext/registry.o
@ -2411,6 +2430,10 @@ bin/scripts.@SHLIBEXT@: $(BINARY_PREREQS) libgpo/gpext/scripts.o
@echo "Building plugin $@"
@$(SHLD_MODULE) libgpo/gpext/scripts.o
bin/security.@SHLIBEXT@: $(BINARY_PREREQS) libgpo/gpext/security.o
@echo "Building plugin $@"
@$(SHLD_MODULE) libgpo/gpext/security.o
#########################################################
## IdMap NSS plugins
@ -2483,6 +2506,13 @@ bin/rpc_open_tcp@EXEEXT@: $(BINARY_PREREQS) $(RPC_OPEN_TCP_OBJ) @LIBTALLOC_SHARE
$(LIBS) $(LIBTALLOC_LIBS) @LIBTDB_SHARED@ $(WINBIND_LIBS) \
$(LDAP_LIBS) $(KRB5LIBS) $(NSCD_LIBS)
bin/test_lp_load@EXEEXT@: $(BINARY_PREREQS) $(TEST_LP_LOAD_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
@echo "Linking $@"
@$(CC) $(FLAGS) -o $@ $(TEST_LP_LOAD_OBJ) \
$(LDFLAGS) $(DYNEEXP) $(LIBS) \
$(LDAP_LIBS) \
$(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
install:: installservers installbin @INSTALL_CIFSMOUNT@ @INSTALL_CIFSUPCALL@ installman \
installscripts installdat installmodules @SWAT_INSTALL_TARGETS@ \
@INSTALL_PAM_MODULES@ installlibs
@ -2533,6 +2563,8 @@ installmodules:: modules installdirs
@$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(AUTHLIBDIR) domain.@SHLIBEXT@ trustdomain.@SHLIBEXT@ ntdomain.@SHLIBEXT@
@$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(AUTHLIBDIR) builtin.@SHLIBEXT@ guest.@SHLIBEXT@ fixed_challenge.@SHLIBEXT@ name_to_ntstatus.@SHLIBEXT@
@$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(NSSINFOLIBDIR) ../idmap/ad.@SHLIBEXT@ rfc2307.@SHLIBEXT@ sfu.@SHLIBEXT@ sfu20.@SHLIBEXT@
@$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(NSSINFOLIBDIR) ../idmap/adex.@SHLIBEXT@ adex.@SHLIBEXT@
@$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(NSSINFOLIBDIR) ../idmap/hash.@SHLIBEXT@ hash.@SHLIBEXT@
installscripts:: installdirs
@$(SHELL) $(srcdir)/script/installscripts.sh $(INSTALLPERMS_BIN) $(DESTDIR)$(BINDIR) $(SCRIPTS)
@ -2628,6 +2660,10 @@ uninstallpammodules::
# Toplevel clean files
TOPFILES=dynconfig.o
cleanlibs::
-rm -f ../lib/*/*.o ../lib/*/*/*.o \
../libcli/*.o ../libcli/*/*.o
clean:: cleanlibs
-rm -f include/build_env.h
-rm -f smbd/build_options.c
@ -2738,6 +2774,10 @@ valgrindtest:: all torture timelimit
VALGRIND="valgrind -q --num-callers=30 --log-file=${selftest_prefix}/valgrind.log" \
PERL="$(PERL)" $(srcdir)/script/tests/selftest.sh ${selftest_prefix} all "${smbtorture4_path}"
# Check for Winbind struct 32/64bit padding
test_wbpad:
@echo "Testing winbind request/response structure for 32/64bit padding"
@./script/tests/wb_pad.sh || exit 1;
##
## Examples:

65
source3/auth/auth_domain.c
View File

@ -26,6 +26,71 @@
extern bool global_machine_password_needs_changing;
static struct named_mutex *mutex;
/*
* Change machine password (called from main loop
* idle timeout. Must be done as root.
*/
void attempt_machine_password_change(void)
{
unsigned char trust_passwd_hash[16];
time_t lct;
void *lock;
if (!global_machine_password_needs_changing) {
return;
}
if (lp_security() != SEC_DOMAIN) {
return;
}
/*
* We're in domain level security, and the code that
* read the machine password flagged that the machine
* password needs changing.
*/
/*
* First, open the machine password file with an exclusive lock.
*/
lock = secrets_get_trust_account_lock(NULL, lp_workgroup());
if (lock == NULL) {
DEBUG(0,("attempt_machine_password_change: unable to lock "
"the machine account password for machine %s in "
"domain %s.\n",
global_myname(), lp_workgroup() ));
return;
}
if(!secrets_fetch_trust_account_password(lp_workgroup(),
trust_passwd_hash, &lct, NULL)) {
DEBUG(0,("attempt_machine_password_change: unable to read the "
"machine account password for %s in domain %s.\n",
global_myname(), lp_workgroup()));
TALLOC_FREE(lock);
return;
}
/*
* Make sure someone else hasn't already done this.
*/
if(time(NULL) < lct + lp_machine_password_timeout()) {
global_machine_password_needs_changing = false;
TALLOC_FREE(lock);
return;
}
/* always just contact the PDC here */
change_trust_account_password( lp_workgroup(), NULL);
global_machine_password_needs_changing = false;
TALLOC_FREE(lock);
}
/**
* Connect to a remote server for (inter)domain security authenticaion.
*

321
source3/auth/auth_netlogond.c Normal file
View File

@ -0,0 +1,321 @@
/*
Unix SMB/CIFS implementation.
Authenticate against a netlogon pipe listening on a unix domain socket
Copyright (C) Volker Lendecke 2008
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
static NTSTATUS netlogond_validate(TALLOC_CTX *mem_ctx,
const struct auth_context *auth_context,
const char *ncalrpc_sockname,
uint8_t schannel_key[16],
const auth_usersupplied_info *user_info,
struct netr_SamInfo3 **pinfo3,
NTSTATUS *schannel_bind_result)
{
struct rpc_pipe_client *p;
struct cli_pipe_auth_data *auth;
struct netr_SamInfo3 *info3 = NULL;
NTSTATUS status;
*schannel_bind_result = NT_STATUS_OK;
status = rpc_pipe_open_ncalrpc(talloc_tos(), ncalrpc_sockname,
&ndr_table_netlogon.syntax_id, &p);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("rpc_pipe_open_ncalrpc failed: %s\n",
nt_errstr(status)));
return status;
}
status = rpccli_schannel_bind_data(p, lp_workgroup(),
PIPE_AUTH_LEVEL_PRIVACY,
schannel_key, &auth);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("rpccli_schannel_bind_data failed: %s\n",
nt_errstr(status)));
TALLOC_FREE(p);
return status;
}
status = rpc_pipe_bind(p, auth);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("rpc_pipe_bind failed: %s\n", nt_errstr(status)));
TALLOC_FREE(p);
*schannel_bind_result = status;
return status;
}
/*
* We have to fake a struct dcinfo, so that
* rpccli_netlogon_sam_network_logon_ex can decrypt the session keys.
*/
p->dc = talloc(p, struct dcinfo);
if (p->dc == NULL) {
DEBUG(0, ("talloc failed\n"));
TALLOC_FREE(p);
return NT_STATUS_NO_MEMORY;
}
memcpy(p->dc->sess_key, schannel_key, 16);
status = rpccli_netlogon_sam_network_logon_ex(
p, p,
user_info->logon_parameters,/* flags such as 'allow
* workstation logon' */
global_myname(), /* server name */
user_info->smb_name, /* user name logging on. */
user_info->client_domain, /* domain name */
user_info->wksta_name, /* workstation name */
(uchar *)auth_context->challenge.data, /* 8 byte challenge. */
user_info->lm_resp, /* lanman 24 byte response */
user_info->nt_resp, /* nt 24 byte response */
&info3); /* info3 out */
DEBUG(10, ("rpccli_netlogon_sam_network_logon_ex returned %s\n",
nt_errstr(status)));
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(p);
return status;
}
*pinfo3 = talloc_move(mem_ctx, &info3);
TALLOC_FREE(p);
return NT_STATUS_OK;
}
static char *mymachinepw(TALLOC_CTX *mem_ctx)
{
fstring pwd;
const char *script;
char *to_free = NULL;
ssize_t nread;
int ret, fd;
script = lp_parm_const_string(
GLOBAL_SECTION_SNUM, "auth_netlogond", "machinepwscript",
NULL);
if (script == NULL) {
to_free = talloc_asprintf(talloc_tos(), "%s/%s",
get_dyn_SBINDIR(), "mymachinepw");
script = to_free;
}
if (script == NULL) {
return NULL;
}
ret = smbrun(script, &fd);
DEBUG(ret ? 0 : 3, ("mymachinepw: Running the command `%s' gave %d\n",
script, ret));
TALLOC_FREE(to_free);
if (ret != 0) {
return NULL;
}
pwd[sizeof(pwd)-1] = '\0';
nread = read(fd, pwd, sizeof(pwd)-1);
close(fd);
if (nread <= 0) {
DEBUG(3, ("mymachinepwd: Could not read password\n"));
return NULL;
}
DEBUG(0, ("pwd: %d [%s]\n", (int)nread, pwd));
if (pwd[nread-1] == '\n') {
pwd[nread-1] = '\0';
}
return talloc_strdup(mem_ctx, pwd);
}
static NTSTATUS check_netlogond_security(const struct auth_context *auth_context,
void *my_private_data,
TALLOC_CTX *mem_ctx,
const auth_usersupplied_info *user_info,
auth_serversupplied_info **server_info)
{
TALLOC_CTX *frame = talloc_stackframe();
struct netr_SamInfo3 *info3 = NULL;
struct rpc_pipe_client *p;
struct cli_pipe_auth_data *auth;
uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
char *plaintext_machinepw;
uint8_t machine_password[16];
uint8_t schannel_key[16];
NTSTATUS schannel_bind_result, status;
struct named_mutex *mutex;
const char *ncalrpcsock;
ncalrpcsock = lp_parm_const_string(
GLOBAL_SECTION_SNUM, "auth_netlogond", "socket", NULL);
if (ncalrpcsock == NULL) {
ncalrpcsock = talloc_asprintf(talloc_tos(), "%s/%s",
get_dyn_NCALRPCDIR(), "DEFAULT");
}
if (ncalrpcsock == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
}
if (!secrets_fetch_local_schannel_key(schannel_key)) {
goto new_key;
}
status = netlogond_validate(talloc_tos(), auth_context, ncalrpcsock,
schannel_key, user_info, &info3,
&schannel_bind_result);
DEBUG(10, ("netlogond_validate returned %s\n", nt_errstr(status)));
if (NT_STATUS_IS_OK(status)) {
goto okay;
}
if (NT_STATUS_IS_OK(schannel_bind_result)) {
/*
* This is a real failure from the DC
*/
goto done;
}
new_key:
mutex = grab_named_mutex(talloc_tos(), "LOCAL_SCHANNEL_KEY", 60);
if (mutex == NULL) {
DEBUG(10, ("Could not get mutex LOCAL_SCHANNEL_KEY\n"));
status = NT_STATUS_ACCESS_DENIED;
goto done;
}
DEBUG(10, ("schannel bind failed, setting up new key\n"));
status = rpc_pipe_open_ncalrpc(talloc_tos(), ncalrpcsock,
&ndr_table_netlogon.syntax_id, &p);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("rpc_pipe_open_ncalrpc failed: %s\n",
nt_errstr(status)));
goto done;
}
status = rpccli_anon_bind_data(p, &auth);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("rpccli_anon_bind_data failed: %s\n",
nt_errstr(status)));
goto done;
}
status = rpc_pipe_bind(p, auth);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("rpc_pipe_bind failed: %s\n", nt_errstr(status)));
goto done;
}
TALLOC_FREE(auth);
plaintext_machinepw = mymachinepw(talloc_tos());
if (plaintext_machinepw == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
}
E_md4hash(plaintext_machinepw, machine_password);
TALLOC_FREE(plaintext_machinepw);
status = rpccli_netlogon_setup_creds(
p, global_myname(), lp_workgroup(), global_myname(),
global_myname(), machine_password, SEC_CHAN_BDC, &neg_flags);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("rpccli_netlogon_setup_creds failed: %s\n",
nt_errstr(status)));
goto done;
}
memcpy(schannel_key, p->dc->sess_key, 16);
secrets_store_local_schannel_key(schannel_key);
TALLOC_FREE(p);
/*
* Retry the authentication with the mutex held. This way nobody else
* can step on our toes.
*/
status = netlogond_validate(talloc_tos(), auth_context, ncalrpcsock,
schannel_key, user_info, &info3,
&schannel_bind_result);
DEBUG(10, ("netlogond_validate returned %s\n", nt_errstr(status)));
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
okay:
status = make_server_info_info3(mem_ctx, user_info->smb_name,
user_info->domain, server_info,
info3);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("make_server_info_info3 failed: %s\n",
nt_errstr(status)));
TALLOC_FREE(frame);
return status;
}
status = NT_STATUS_OK;
done:
TALLOC_FREE(frame);
return status;
}
/* module initialisation */
static NTSTATUS auth_init_netlogond(struct auth_context *auth_context,
const char *param,
auth_methods **auth_method)
{
if (!make_auth_methods(auth_context, auth_method)) {
return NT_STATUS_NO_MEMORY;
}
(*auth_method)->name = "netlogond";
(*auth_method)->auth = check_netlogond_security;
return NT_STATUS_OK;
}
NTSTATUS auth_netlogond_init(void)
{
smb_register_auth(AUTH_INTERFACE_VERSION, "netlogond",
auth_init_netlogond);
return NT_STATUS_OK;
}

14
source3/autogen.sh
View File

@ -2,6 +2,18 @@
# Run this script to build samba from GIT.
while true; do
case $1 in
(--version-file)
VERSION_FILE=$2
shift 2
;;
(*)
break
;;
esac
done
## insert all possible names (only works with
## autoconf 2.x)
TESTAUTOHEADER="autoheader autoheader-2.53 autoheader2.50 autoheader259 autoheader253"
@ -48,7 +60,7 @@ if test "$AUTOCONFFOUND" = "0" -o "$AUTOHEADERFOUND" = "0"; then
fi
echo "$0: running script/mkversion.sh"
./script/mkversion.sh || exit 1
./script/mkversion.sh $VERSION_FILE || exit 1
rm -rf autom4te*.cache
rm -f configure include/config.h*

16
source3/client/client.c
View File

@ -4345,6 +4345,8 @@ cleanup:
}
}
static bool finished;
/****************************************************************************
Make sure we swallow keepalives during idle time.
****************************************************************************/
@ -4391,6 +4393,8 @@ static void readline_callback(void)
DEBUG(0, ("Read from server failed, maybe it closed "
"the connection\n"));
finished = true;
smb_readline_done();
if (NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE)) {
set_smb_read_error(&cli->smb_rw_error,
SMB_READ_EOF);
@ -4417,9 +4421,17 @@ static void readline_callback(void)
/* Ping the server to keep the connection alive using SMBecho. */
{
NTSTATUS status;
unsigned char garbage[16];
memset(garbage, 0xf0, sizeof(garbage));
cli_echo(cli, 1, data_blob_const(garbage, sizeof(garbage)));
status = cli_echo(cli, 1, data_blob_const(garbage, sizeof(garbage)));
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("SMBecho failed. Maybe server has closed "
"the connection\n"));
finished = true;
smb_readline_done();
}
}
}
@ -4431,7 +4443,7 @@ static int process_stdin(void)
{
int rc = 0;
while (1) {
while (!finished) {
TALLOC_CTX *frame = talloc_stackframe();
char *tok = NULL;
char *the_prompt = NULL;

86
source3/client/mount.cifs.c
View File

@ -79,6 +79,15 @@
#define MOUNT_PASSWD_SIZE 64
#define DOMAIN_SIZE 64
/* exit status - bits below are ORed */
#define EX_USAGE 1 /* incorrect invocation or permission */
#define EX_SYSERR 2 /* out of memory, cannot fork, ... */
#define EX_SOFTWARE 4 /* internal mount bug or wrong version */
#define EX_USER 8 /* user interrupt */
#define EX_FILEIO 16 /* problems writing, locking, ... mtab/fstab */
#define EX_FAIL 32 /* mount failure */
#define EX_SOMEOK 64 /* some mount succeeded */
const char *thisprogram;
int verboseflag = 0;
static int got_password = 0;
@ -174,7 +183,7 @@ static void mount_cifs_usage(void)
printf("\n\t%s -V\n",thisprogram);
SAFE_FREE(mountpassword);
exit(1);
exit(EX_USAGE);
}
/* caller frees username if necessary */
@ -233,7 +242,7 @@ static int open_cred_file(char * file_name)
if(length > 4086) {
printf("mount.cifs failed due to malformed username in credentials file");
memset(line_buf,0,4096);
exit(1);
exit(EX_USAGE);
} else {
got_user = 1;
user_name = (char *)calloc(1 + length,1);
@ -257,7 +266,7 @@ static int open_cred_file(char * file_name)
if(length > MOUNT_PASSWD_SIZE) {
printf("mount.cifs failed: password in credentials file too long\n");
memset(line_buf,0, 4096);
exit(1);
exit(EX_USAGE);
} else {
if(mountpassword == NULL) {
mountpassword = (char *)calloc(MOUNT_PASSWD_SIZE+1,1);
@ -285,7 +294,7 @@ static int open_cred_file(char * file_name)
}
if(length > DOMAIN_SIZE) {
printf("mount.cifs failed: domain in credentials file too long\n");
exit(1);
exit(EX_USAGE);
} else {
if(domain_name == NULL) {
domain_name = (char *)calloc(DOMAIN_SIZE+1,1);
@ -318,7 +327,7 @@ static int get_password_from_file(int file_descript, char * filename)
if (mountpassword == NULL) {
printf("malloc failed\n");
exit(1);
exit(EX_SYSERR);
}
if(filename != NULL) {
@ -326,7 +335,7 @@ static int get_password_from_file(int file_descript, char * filename)
if(file_descript < 0) {
printf("mount.cifs failed. %s attempting to open password file %s\n",
strerror(errno),filename);
exit(1);
exit(EX_SYSERR);
}
}
/* else file already open and fd provided */
@ -337,7 +346,7 @@ static int get_password_from_file(int file_descript, char * filename)
printf("mount.cifs failed. Error %s reading password file\n",strerror(errno));
if(filename != NULL)
close(file_descript);
exit(1);
exit(EX_SYSERR);
} else if(rc == 0) {
if(mountpassword[0] == 0) {
if(verboseflag)
@ -563,7 +572,7 @@ static int parse_options(char ** optionsp, int * filesys_flags)
if (!(pw = getpwnam(value))) {
printf("bad user name \"%s\"\n", value);
exit(1);
exit(EX_USAGE);
}
snprintf(user, sizeof(user), "%u", pw->pw_uid);
} else {
@ -579,7 +588,7 @@ static int parse_options(char ** optionsp, int * filesys_flags)
if (!(gr = getgrnam(value))) {
printf("bad group name \"%s\"\n", value);
exit(1);
exit(EX_USAGE);
}
snprintf(group, sizeof(group), "%u", gr->gr_gid);
} else {
@ -674,7 +683,7 @@ static int parse_options(char ** optionsp, int * filesys_flags)
out = (char *)realloc(out, out_len + word_len + 2);
if (out == NULL) {
perror("malloc");
exit(1);
exit(EX_SYSERR);
}
if (out_len) {
@ -699,7 +708,7 @@ nocopy:
out = (char *)realloc(out, out_len + word_len + 6);
if (out == NULL) {
perror("malloc");
exit(1);
exit(EX_SYSERR);
}
if (out_len) {
@ -715,7 +724,7 @@ nocopy:
out = (char *)realloc(out, out_len + 1 + word_len + 6);
if (out == NULL) {
perror("malloc");
exit(1);
exit(EX_SYSERR);
}
if (out_len) {
@ -996,12 +1005,12 @@ static struct option longopts[] = {
};
/* convert a string to uppercase. return false if the string
* wasn't ASCII or was a NULL ptr */
* wasn't ASCII. Return success on a NULL ptr */
static int
uppercase_string(char *string)
{
if (!string)
return 0;
return 1;
while (*string) {
/* check for unicode */
@ -1050,7 +1059,7 @@ int main(int argc, char ** argv)
thisprogram = argv[0];
} else {
mount_cifs_usage();
exit(1);
exit(EX_USAGE);
}
if(thisprogram == NULL)
@ -1067,12 +1076,12 @@ int main(int argc, char ** argv)
share_name = strndup(argv[1], MAX_UNC_LEN);
if (share_name == NULL) {
fprintf(stderr, "%s: %s", argv[0], strerror(ENOMEM));
exit(1);
exit(EX_SYSERR);
}
mountpoint = argv[2];
} else {
mount_cifs_usage();
exit(1);
exit(EX_USAGE);
}
/* add sharename in opts string as unc= parm */
@ -1094,7 +1103,7 @@ int main(int argc, char ** argv)
case '?':
case 'h': /* help */
mount_cifs_usage ();
exit(1);
exit(EX_USAGE);
case 'n':
++nomtab;
break;
@ -1148,14 +1157,14 @@ int main(int argc, char ** argv)
uid = strtoul(optarg, &ep, 10);
if (*ep) {
printf("bad uid value \"%s\"\n", optarg);
exit(1);
exit(EX_USAGE);
}
} else {
struct passwd *pw;
if (!(pw = getpwnam(optarg))) {
printf("bad user name \"%s\"\n", optarg);
exit(1);
exit(EX_USAGE);
}
uid = pw->pw_uid;
endpwent();
@ -1168,14 +1177,14 @@ int main(int argc, char ** argv)
gid = strtoul(optarg, &ep, 10);
if (*ep) {
printf("bad gid value \"%s\"\n", optarg);
exit(1);
exit(EX_USAGE);
}
} else {
struct group *gr;
if (!(gr = getgrnam(optarg))) {
printf("bad user name \"%s\"\n", optarg);
exit(1);
exit(EX_USAGE);
}
gid = gr->gr_gid;
endpwent();
@ -1205,13 +1214,13 @@ int main(int argc, char ** argv)
default:
printf("unknown mount option %c\n",c);
mount_cifs_usage();
exit(1);
exit(EX_USAGE);
}
}
if((argc < 3) || (dev_name == NULL) || (mountpoint == NULL)) {
mount_cifs_usage();
exit(1);
exit(EX_USAGE);
}
if (getenv("PASSWD")) {
@ -1228,13 +1237,13 @@ int main(int argc, char ** argv)
}
if (orgoptions && parse_options(&orgoptions, &flags)) {
rc = -1;
rc = EX_USAGE;
goto mount_exit;
}
ipaddr = parse_server(&share_name);
if((ipaddr == NULL) && (got_ip == 0)) {
printf("No ip address specified and hostname not found\n");
rc = -1;
rc = EX_USAGE;
goto mount_exit;
}
@ -1249,19 +1258,19 @@ int main(int argc, char ** argv)
}
if(chdir(mountpoint)) {
printf("mount error: can not change directory into mount target %s\n",mountpoint);
rc = -1;
rc = EX_USAGE;
goto mount_exit;
}
if(stat (".", &statbuf)) {
printf("mount error: mount point %s does not exist\n",mountpoint);
rc = -1;
rc = EX_USAGE;
goto mount_exit;
}
if (S_ISDIR(statbuf.st_mode) == 0) {
printf("mount error: mount point %s is not a directory\n",mountpoint);
rc = -1;
rc = EX_USAGE;
goto mount_exit;
}
@ -1274,7 +1283,7 @@ int main(int argc, char ** argv)
#endif
} else {
printf("mount error: permission denied or not superuser and mount.cifs not installed SUID\n");
return -1;
exit(EX_USAGE);
}
}
@ -1289,7 +1298,7 @@ int main(int argc, char ** argv)
mountpassword = (char *)calloc(MOUNT_PASSWD_SIZE+1,1);
if (!tmp_pass || !mountpassword) {
printf("Password not entered, exiting\n");
return -1;
exit(EX_USAGE);
}
strlcpy(mountpassword, tmp_pass, MOUNT_PASSWD_SIZE+1);
got_password = 1;
@ -1307,7 +1316,7 @@ mount_retry:
else {
printf("No server share name specified\n");
printf("\nMounting the DFS root for server not implemented yet\n");
exit(1);
exit(EX_USAGE);
}
if(user_name)
optlen += strlen(user_name) + 6;
@ -1321,7 +1330,7 @@ mount_retry:
if(options == NULL) {
printf("Could not allocate memory for mount options\n");
return -1;
exit(EX_SYSERR);
}
options[0] = 0;
@ -1400,8 +1409,7 @@ mount_retry:
printf("mount error %d = %s\n",errno,strerror(errno));
}
printf("Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)\n");
rc = -1;
goto mount_exit;
rc = EX_FAIL;
} else {
pmntfile = setmntent(MOUNTED, "a+");
if(pmntfile) {
@ -1439,11 +1447,13 @@ mount_retry:
rc = addmntent(pmntfile,&mountent);
endmntent(pmntfile);
SAFE_FREE(mountent.mnt_opts);
if (rc)
rc = EX_FILEIO;
} else {
printf("could not update mount table\n");
printf("could not update mount table\n");
rc = EX_FILEIO;
}
}
rc = 0;
mount_exit:
if(mountpassword) {
int len = strlen(mountpassword);
@ -1455,5 +1465,5 @@ mount_exit:
SAFE_FREE(orgoptions);
SAFE_FREE(resolved_path);
SAFE_FREE(share_name);
return rc;
exit(rc);
}

14
source3/configure.in
View File

@ -128,7 +128,7 @@ fi
if test "x$debug" = "xyes" ; then
CFLAGS="${CFLAGS} -g"
else
CFLAGS="-O"
CFLAGS="${CFLAGS} -O"
fi
m4_include(../lib/socket_wrapper/config.m4)
@ -404,10 +404,10 @@ AC_SUBST(DYNEXP)
dnl Add modules that have to be built by default here
dnl These have to be built static:
default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsarpc rpc_samr rpc_winreg rpc_initshutdown rpc_dssetup rpc_wkssvc rpc_svcctl2 rpc_ntsvcs2 rpc_netlogon rpc_netdfs rpc_srvsvc rpc_spoolss rpc_eventlog2 auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin vfs_default nss_info_template"
default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsarpc rpc_samr rpc_winreg rpc_initshutdown rpc_dssetup rpc_wkssvc rpc_svcctl2 rpc_ntsvcs2 rpc_netlogon rpc_netdfs rpc_srvsvc rpc_spoolss rpc_eventlog2 auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin auth_netlogond vfs_default nss_info_template"
dnl These are preferably build shared, and static if dlopen() is not available
default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs vfs_shadow_copy vfs_shadow_copy2 charset_CP850 charset_CP437 auth_script vfs_readahead vfs_xattr_tdb vfs_streams_xattr vfs_acl_xattr"
default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs vfs_shadow_copy vfs_shadow_copy2 charset_CP850 charset_CP437 auth_script vfs_readahead vfs_xattr_tdb vfs_streams_xattr vfs_acl_xattr vfs_smb_traffic_analyzer"
if test "x$developer" = xyes; then
default_static_modules="$default_static_modules rpc_rpcecho"
@ -6077,6 +6077,7 @@ SMB_MODULE(auth_server, \$(AUTH_SERVER_OBJ), "bin/smbserver.$SHLIBEXT", AUTH)
SMB_MODULE(auth_domain, \$(AUTH_DOMAIN_OBJ), "bin/domain.$SHLIBEXT", AUTH)
SMB_MODULE(auth_builtin, \$(AUTH_BUILTIN_OBJ), "bin/builtin.$SHLIBEXT", AUTH)
SMB_MODULE(auth_script, \$(AUTH_SCRIPT_OBJ), "bin/script.$SHLIBEXT", AUTH)
SMB_MODULE(auth_netlogond, \$(AUTH_NETLOGOND_OBJ), "bin/netlogond.$SHLIBEXT", AUTH)
SMB_SUBSYSTEM(AUTH,auth/auth.o)
SMB_MODULE(vfs_default, \$(VFS_DEFAULT_OBJ), "bin/default.$SHLIBEXT", VFS)
@ -6116,12 +6117,13 @@ SMB_MODULE(vfs_syncops, \$(VFS_SYNCOPS_OBJ), "bin/syncops.$SHLIBEXT", VFS)
SMB_MODULE(vfs_zfsacl, \$(VFS_ZFSACL_OBJ), "bin/zfsacl.$SHLIBEXT", VFS)
SMB_MODULE(vfs_notify_fam, \$(VFS_NOTIFY_FAM_OBJ), "bin/notify_fam.$SHLIBEXT", VFS)
SMB_MODULE(vfs_acl_xattr, \$(VFS_ACL_XATTR_OBJ), "bin/acl_xattr.$SHLIBEXT", VFS)
SMB_MODULE(vfs_smb_traffic_analyzer, \$(VFS_SMB_TRAFFIC_ANALYZER_OBJ), "bin/smb_traffic_analyzer.$SHLIBEXT", VFS)
SMB_SUBSYSTEM(VFS,smbd/vfs.o)
SMB_MODULE(gpext_registry, libgpo/gpext/registry.o, "bin/registry.$SHLIBEXT", GPEXT)
SMB_MODULE(gpext_scripts, libgpo/gpext/scripts.o, "bin/scripts.$SHLIBEXT", GPEXT)
SMB_MODULE(gpext_security, libgpo/gpext/security.o, "bin/security.$SHLIBEXT", GPEXT)
SMB_SUBSYSTEM(GPEXT, libgpo/gpext/gpext.o)
AC_DEFINE_UNQUOTED(STRING_STATIC_MODULES, "$string_static_modules", [String list of builtin modules])
@ -6276,6 +6278,10 @@ CFLAGS="${CFLAGS} \$(FLAGS)"
if test x$MERGED_BUILD != x1; then
CFLAGS="${CFLAGS} -D_SAMBA_BUILD_=3"
else
if test x"$BLDSHARED" = x"true" ; then
LDFLAGS="$LDFLAGS -L./bin"
fi
fi
AC_OUTPUT(Makefile

1
source3/dynconfig.c
View File

@ -77,6 +77,7 @@ DEFINE_DYN_CONFIG_PARAM(MODULESDIR)
DEFINE_DYN_CONFIG_PARAM(SHLIBEXT)
DEFINE_DYN_CONFIG_PARAM(LOCKDIR)
DEFINE_DYN_CONFIG_PARAM(PIDDIR)
DEFINE_DYN_CONFIG_PARAM(NCALRPCDIR)
DEFINE_DYN_CONFIG_PARAM(SMB_PASSWD_FILE)
DEFINE_DYN_CONFIG_PARAM(PRIVATE_DIR)

5
source3/groupdb/mapping_tdb.c
View File

@ -666,8 +666,7 @@ static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
if (num == 0) {
status = dbwrap_delete_bystring(db, key);
TALLOC_FREE(sids);
goto cancel;
goto commit;
}
member_string = talloc_strdup(sids, "");
@ -693,7 +692,7 @@ static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
status = dbwrap_store_bystring(
db, key, string_term_tdb_data(member_string), 0);
commit:
TALLOC_FREE(sids);
if (!NT_STATUS_IS_OK(status)) {

4
source3/include/dynconfig.h
View File

@ -71,6 +71,10 @@ const char *get_dyn_PIDDIR(void);
const char *set_dyn_PIDDIR(const char *newpath);
bool is_default_dyn_PIDDIR(void);
const char *get_dyn_NCALRPCDIR(void);
const char *set_dyn_NCALRPCDIR(const char *newpath);
bool is_default_dyn_NCALRPCDIR(void);
const char *get_dyn_SMB_PASSWD_FILE(void);
const char *set_dyn_SMB_PASSWD_FILE(const char *newpath);
bool is_default_dyn_SMB_PASSWD_FILE(void);

3045
source3/include/libmsrpc.h
View File

File diff suppressed because it is too large Load Diff

73
source3/include/libmsrpc_internal.h
View File

@ -1,73 +0,0 @@
/*
* Unix SMB/CIFS implementation.
* MS-RPC client internal definitions
* Copyright (C) Chris Nicholls 2005.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#ifndef LIBMSRPC_INTERNAL_H
#define LIBMSRPC_INTERNAL_H
#include "libmsrpc.h"
/*definitions*/
struct CacServerHandleInternal {
/*stores the os type of the server*/
uint16 srv_level;
/*stores the initialized/active pipes*/
bool pipes[PI_MAX_PIPES];
/*underlying smbc context*/
SMBCCTX *ctx;
/*did the user supply this SMBCCTX?*/
bool user_supplied_ctx;
};
/*used to get a struct rpc_pipe_client* to be passed into rpccli* calls*/
/*nessecary prototypes*/
bool rid_in_list(uint32 rid, uint32 *list, uint32 list_len);
int cac_ParseRegPath(char *path, uint32 *reg_type, char **key_name);
REG_VALUE_DATA *cac_MakeRegValueData(TALLOC_CTX *mem_ctx, uint32 data_type, REGVAL_BUFFER buf);
RPC_DATA_BLOB *cac_MakeRpcDataBlob(TALLOC_CTX *mem_ctx, uint32 data_type, REG_VALUE_DATA data);
SAM_USERINFO_CTR *cac_MakeUserInfoCtr(TALLOC_CTX *mem_ctx, CacUserInfo *info);
CacUserInfo *cac_MakeUserInfo(TALLOC_CTX *mem_ctx, SAM_USERINFO_CTR *ctr);
CacGroupInfo *cac_MakeGroupInfo(TALLOC_CTX *mem_ctx, GROUP_INFO_CTR *ctr);
GROUP_INFO_CTR *cac_MakeGroupInfoCtr(TALLOC_CTX *mem_ctx, CacGroupInfo *info);
CacAliasInfo *cac_MakeAliasInfo(TALLOC_CTX *mem_ctx, ALIAS_INFO_CTR ctr);
ALIAS_INFO_CTR *cac_MakeAliasInfoCtr(TALLOC_CTX *mem_ctx, CacAliasInfo *info);
CacDomainInfo *cac_MakeDomainInfo(TALLOC_CTX *mem_ctx, SAM_UNK_INFO_1 *info1, SAM_UNK_INFO_2 *info2, SAM_UNK_INFO_12 *info12);
CacService *cac_MakeServiceArray(TALLOC_CTX *mem_ctx, ENUM_SERVICES_STATUS *svc, uint32 num_services);
int cac_InitCacServiceConfig(TALLOC_CTX *mem_ctx, SERVICE_CONFIG *src, CacServiceConfig *dest);
/*moved to libmsrpc.h*/
/*struct rpc_pipe_client *cac_GetPipe(CacServerHandle *hnd, int pi_idx);*/
SMBCSRV *smbc_attr_server(SMBCCTX *context,
const char *server, const char *share,
fstring workgroup,
fstring username, fstring password,
POLICY_HND *pol);
#endif /* LIBMSRPC_INTERNAL_H */

11
source3/include/nameserv.h
View File

@ -539,17 +539,6 @@ struct packet_struct
} packet;
};
/* NETLOGON opcodes */
#define QUERYFORPDC 7 /* Query for PDC. */
#define SAM_UAS_CHANGE 10 /* Announce change to UAS or SAM. */
#define QUERYFORPDC_R 12 /* Response to Query for PDC. */
#define SAMLOGON 18
#define SAMLOGON_R 19
#define SAMLOGON_UNK_R 21
#define SAMLOGON_AD_UNK_R 23
#define SAMLOGON_AD_R 25
/* Ids for netbios packet types. */
#define ANN_HostAnnouncement 1

2
source3/include/printing.h
View File

@ -77,7 +77,7 @@ extern struct printif iprint_printif;
#define NEXT_JOBID(j) ((j+1) % PRINT_MAX_JOBID > 0 ? (j+1) % PRINT_MAX_JOBID : 1)
#define MAX_CACHE_VALID_TIME 3600
#define CUPS_DEFAULT_TIMEOUT 30
#define CUPS_DEFAULT_CONNECTION_TIMEOUT 30
#ifndef PRINT_SPOOL_PREFIX
#define PRINT_SPOOL_PREFIX "smbprn."

31
source3/include/proto.h
View File

@ -43,7 +43,10 @@ bool password_ok(const char *smb_name, DATA_BLOB password_blob);
/* The following definitions come from auth/auth_domain.c */
NTSTATUS auth_domain_init(void) ;
void attempt_machine_password_change(void);
NTSTATUS auth_domain_init(void);
NTSTATUS auth_netlogond_init(void);
/* The following definitions come from auth/auth_ntlmssp.c */
@ -489,7 +492,7 @@ TALLOC_CTX *debug_ctx(void);
/* The following definitions come from lib/display_sec.c */
char *get_sec_mask_str(TALLOC_CTX *ctx, uint32 type);
void display_sec_access(SEC_ACCESS *info);
void display_sec_access(uint32_t *info);
void display_sec_ace_flags(uint8_t flags);
void display_sec_ace(SEC_ACE *ace);
void display_sec_acl(SEC_ACL *sec_acl);
@ -507,6 +510,7 @@ void display_set_stderr(void);
/* The following definitions come from lib/errmap_unix.c */
NTSTATUS map_nt_error_from_unix(int unix_error);
int map_errno_from_nt_status(NTSTATUS status);
/* The following definitions come from lib/events.c */
@ -702,6 +706,7 @@ bool privilege_set_to_se_priv( SE_PRIV *mask, struct lsa_PrivilegeSet *privset )
/* The following definitions come from lib/readline.c */
void smb_readline_done(void);
char *smb_readline(const char *prompt, void (*callback)(void),
char **(completion_fn)(const char *text, int start, int end));
const char *smb_readline_get_line_buffer(void);
@ -766,7 +771,6 @@ NTSTATUS sec_desc_mod_sid(SEC_DESC *sd, DOM_SID *sid, uint32 mask);
NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, size_t *sd_size);
SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
bool child_container);
void init_sec_access(uint32 *t, uint32 mask);
/* The following definitions come from lib/select.c */
@ -1421,6 +1425,7 @@ WERROR registry_push_value(TALLOC_CTX *mem_ctx,
/* The following definitions come from lib/util_seaccess.c */
void se_map_generic(uint32 *access_mask, const struct generic_mapping *mapping);
void security_acl_map_generic(struct security_acl *sa, const struct generic_mapping *mapping);
void se_map_standard(uint32 *access_mask, struct standard_mapping *mapping);
bool se_access_check(const SEC_DESC *sd, const NT_USER_TOKEN *token,
uint32 acc_desired, uint32 *acc_granted,
@ -5819,7 +5824,7 @@ const char **lp_svcctl_list(void);
char *lp_cups_options(int );
char *lp_cups_server(void);
char *lp_iprint_server(void);
int lp_cups_timeout(void);
int lp_cups_connection_timeout(void);
const char *lp_ctdbd_socket(void);
const char **lp_cluster_addresses(void);
bool lp_clustering(void);
@ -5985,7 +5990,7 @@ bool dump_a_parameter(int snum, char *parm_name, FILE * f, bool isGlobal);
struct parm_struct *lp_get_parameter(const char *param_name);
struct parm_struct *lp_next_parameter(int snum, int *i, int allparameters);
bool lp_snum_ok(int iService);
void lp_add_one_printer(char *name, char *comment);
void lp_add_one_printer(const char *name, const char *comment, void *pdata);
bool lp_loaded(void);
void lp_killunused(bool (*snumused) (int));
void lp_kill_all_services(void);
@ -6414,6 +6419,8 @@ bool secrets_restore_schannel_session_info(TALLOC_CTX *mem_ctx,
struct dcinfo **ppdc);
bool secrets_store_generic(const char *owner, const char *key, const char *secret);
char *secrets_fetch_generic(const char *owner, const char *key);
bool secrets_store_local_schannel_key(uint8_t schannel_key[16]);
bool secrets_fetch_local_schannel_key(uint8_t schannel_key[16]);
/* The following definitions come from passdb/util_builtin.c */
@ -6556,11 +6563,15 @@ char* get_server_name( Printer_entry *printer );
/* The following definitions come from printing/pcap.c */
bool pcap_cache_add_specific(struct pcap_cache **ppcache, const char *name, const char *comment);
void pcap_cache_destroy_specific(struct pcap_cache **ppcache);
bool pcap_cache_add(const char *name, const char *comment);
bool pcap_cache_loaded(void);
void pcap_cache_replace(const struct pcap_cache *cache);
void pcap_cache_reload(void);
bool pcap_printername_ok(const char *printername);
void pcap_printer_fn(void (*fn)(char *, char *));
void pcap_printer_fn_specific(const struct pcap_cache *, void (*fn)(const char *, const char *, void *), void *);
void pcap_printer_fn(void (*fn)(const char *, const char *, void *), void *);
/* The following definitions come from printing/print_aix.c */
@ -9545,7 +9556,6 @@ NTSTATUS open_fake_file(connection_struct *conn,
const char *fname,
uint32 access_mask,
files_struct **result);
void destroy_fake_file_handle(struct fake_file_handle **fh);
NTSTATUS close_fake_file(files_struct *fsp);
/* The following definitions come from smbd/file_access.c */
@ -9911,14 +9921,17 @@ void reply_pipe_close(connection_struct *conn, struct smb_request *req);
/* The following definitions come from smbd/posix_acls.c */
NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, SEC_DESC *psd);
NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, const SEC_DESC *psd);
SMB_ACL_T free_empty_sys_acl(connection_struct *conn, SMB_ACL_T the_acl);
NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info,
SEC_DESC **ppdesc);
NTSTATUS posix_get_nt_acl(struct connection_struct *conn, const char *name,
uint32_t security_info, SEC_DESC **ppdesc);
int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid);
NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd);
NTSTATUS append_parent_acl(files_struct *fsp,
const SEC_DESC *pcsd,
SEC_DESC **pp_new_sd);
NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd);
int get_acl_group_bits( connection_struct *conn, const char *fname, mode_t *mode );
int chmod_acl(connection_struct *conn, const char *name, mode_t mode);
int inherit_access_posix_acl(connection_struct *conn, const char *inherit_from_dir,

3
source3/include/rpc_secdes.h
View File

@ -70,9 +70,6 @@
PROTECTED_SACL_SECURITY_INFORMATION|\
PROTECTED_DACL_SECURITY_INFORMATION)
/* SEC_ACCESS */
typedef uint32 SEC_ACCESS;
/* SEC_ACE */
typedef struct security_ace SEC_ACE;
#define SEC_ACE_HEADER_SIZE (2 * sizeof(uint8) + sizeof(uint16) + sizeof(uint32))

2
source3/include/secrets.h
View File

@ -45,6 +45,8 @@
#define SECRETS_LDAP_BIND_PW "SECRETS/LDAP_BIND_PW"
#define SECRETS_LOCAL_SCHANNEL_KEY "SECRETS/LOCAL_SCHANNEL_KEY"
/* Authenticated user info is stored in secrets.tdb under these keys */
#define SECRETS_AUTH_USER "SECRETS/AUTH_USER"

1
source3/include/smb.h
View File

@ -391,6 +391,7 @@ struct idle_event;
struct share_mode_entry;
struct uuid;
struct named_mutex;
struct pcap_cache;
struct vfs_fsp_data {
struct vfs_fsp_data *next;

16
source3/include/smb_macros.h
View File

@ -75,22 +75,6 @@
return ERROR_NT(NT_STATUS_INVALID_HANDLE); \
} while(0)
/* you must add the following extern declaration to files using this macro
* (do not add it to the macro as that causes nested extern declaration warnings)
* extern struct current_user current_user;
*/
#define CHECK_FSP(fsp,conn) do {\
if (!(fsp) || !(conn)) \
return ERROR_NT(NT_STATUS_INVALID_HANDLE); \
else if (((conn) != (fsp)->conn) || current_user.vuid != (fsp)->vuid) \
return ERROR_NT(NT_STATUS_INVALID_HANDLE); \
else if ((fsp)->is_directory) \
return ERROR_NT(NT_STATUS_INVALID_DEVICE_REQUEST); \
else if ((fsp)->fh->fd == -1) \
return ERROR_NT(NT_STATUS_ACCESS_DENIED); \
(fsp)->num_smb_operations++;\
} while(0)
#define CHECK_READ(fsp,inbuf) (((fsp)->fh->fd != -1) && ((fsp)->can_read || \
((SVAL((inbuf),smb_flg2) & FLAGS2_READ_PERMIT_EXECUTE) && \
(fsp->access_mask & FILE_EXECUTE))))

5
source3/include/vfs.h
View File

@ -108,8 +108,9 @@
/* Leave at 22 - not yet released. Remove parameter fd from close_fn. - obnox */
/* Changed to version 23 - remove set_nt_acl call. This can only be done via an
open handle. JRA. */
/* Changed to version 24 - make security descriptor const in fset_nt_acl. JRA. */
#define SMB_VFS_INTERFACE_VERSION 23
#define SMB_VFS_INTERFACE_VERSION 24
/* to bug old modules which are trying to compile with the old functions */
@ -365,7 +366,7 @@ struct vfs_ops {
NTSTATUS (*fset_nt_acl)(struct vfs_handle_struct *handle,
struct files_struct *fsp,
uint32 security_info_sent,
struct security_descriptor *psd);
const struct security_descriptor *psd);
/* POSIX ACL operations. */

3
source3/lib/async_sock.c
View File

@ -658,12 +658,13 @@ struct async_req *async_connect(TALLOC_CTX *mem_ctx, struct event_context *ev,
state->fde = event_add_fd(ev, state, fd,
EVENT_FD_READ | EVENT_FD_WRITE,
async_connect_callback, state);
async_connect_callback, result);
if (state->fde == NULL) {
sys_fcntl_long(fd, F_SETFL, p->old_sockflags);
TALLOC_FREE(result);
return NULL;
}
result->private_data = state;
state->param.param_connect.fd = fd;
state->param.param_connect.address = address;

4
source3/lib/ctdbd_conn.c
View File

@ -260,7 +260,7 @@ static struct messaging_rec *ctdb_pull_messaging_rec(TALLOC_CTX *mem_ctx,
blob = data_blob_const(msg->data, msg->datalen);
ndr_err = ndr_pull_struct_blob(
&blob, result, result,
&blob, result, NULL, result,
(ndr_pull_flags_fn_t)ndr_pull_messaging_rec);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@ -636,7 +636,7 @@ NTSTATUS ctdbd_messaging_send(struct ctdbd_connection *conn,
}
ndr_err = ndr_push_struct_blob(
&blob, mem_ctx, msg,
&blob, mem_ctx, NULL, msg,
(ndr_push_flags_fn_t)ndr_push_messaging_rec);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {

14
source3/lib/dbwrap_ctdb.c
View File

@ -405,8 +405,9 @@ static struct db_record *db_ctdb_fetch_locked_transaction(struct db_ctdb_ctx *ct
return result;
}
static int db_ctdb_record_destructor(struct db_record *rec)
static int db_ctdb_record_destructor(struct db_record **recp)
{
struct db_record *rec = talloc_get_type_abort(*recp, struct db_record);
struct db_ctdb_transaction_handle *h = talloc_get_type_abort(
rec->private_data, struct db_ctdb_transaction_handle);
int ret = h->ctx->db->transaction_commit(h->ctx->db);
@ -424,7 +425,7 @@ static struct db_record *db_ctdb_fetch_locked_persistent(struct db_ctdb_ctx *ctx
TDB_DATA key)
{
int res;
struct db_record *rec;
struct db_record *rec, **recp;
res = db_ctdb_transaction_start(ctx->db);
if (res == -1) {
@ -438,7 +439,14 @@ static struct db_record *db_ctdb_fetch_locked_persistent(struct db_ctdb_ctx *ctx
}
/* destroy this transaction when we release the lock */
talloc_set_destructor((struct db_record *)talloc_new(rec), db_ctdb_record_destructor);
recp = talloc(rec, struct db_record *);
if (recp == NULL) {
ctx->db->transaction_cancel(ctx->db);
talloc_free(rec);
return NULL;
}
*recp = rec;
talloc_set_destructor(recp, db_ctdb_record_destructor);
return rec;
}

4
source3/lib/debug.c
View File

@ -578,7 +578,9 @@ void setup_logging(const char *pname, bool interactive)
stdout_logging = False;
if (dbf) {
x_fflush(dbf);
(void) x_fclose(dbf);
if (dbf != x_stdout) {
(void) x_fclose(dbf);
}
}
dbf = NULL;

2
source3/lib/display_sec.c
View File

@ -118,7 +118,7 @@ char *get_sec_mask_str(TALLOC_CTX *ctx, uint32 type)
/****************************************************************************
display sec_access structure
****************************************************************************/
void display_sec_access(SEC_ACCESS *info)
void display_sec_access(uint32_t *info)
{
char *mask_str = get_sec_mask_str(NULL, *info);
printf("\t\tPermissions: 0x%x: %s\n", *info, mask_str ? mask_str : "");

15
source3/lib/dummysmbd.c
View File

@ -51,3 +51,18 @@ NTSTATUS can_delete_directory(struct connection_struct *conn,
{
return NT_STATUS_OK;
}
bool change_to_root_user(void)
{
return false;
}
struct event_context *smbd_event_context(void)
{
return NULL;
}
struct messaging_context *smbd_messaging_context(void)
{
return NULL;
}

136
source3/lib/errmap_unix.c
View File

@ -128,3 +128,139 @@ NTSTATUS map_nt_error_from_unix(int unix_error)
/* Default return */
return NT_STATUS_ACCESS_DENIED;
}
/* Return a UNIX errno from a NT status code */
static const struct {
NTSTATUS status;
int error;
} nt_errno_map[] = {
{NT_STATUS_ACCESS_VIOLATION, EACCES},
{NT_STATUS_INVALID_HANDLE, EBADF},
{NT_STATUS_ACCESS_DENIED, EACCES},
{NT_STATUS_OBJECT_NAME_NOT_FOUND, ENOENT},
{NT_STATUS_OBJECT_PATH_NOT_FOUND, ENOENT},
{NT_STATUS_SHARING_VIOLATION, EBUSY},
{NT_STATUS_OBJECT_PATH_INVALID, ENOTDIR},
{NT_STATUS_OBJECT_NAME_COLLISION, EEXIST},
{NT_STATUS_PATH_NOT_COVERED, ENOENT},
{NT_STATUS_UNSUCCESSFUL, EINVAL},
{NT_STATUS_NOT_IMPLEMENTED, ENOSYS},
{NT_STATUS_IN_PAGE_ERROR, EFAULT},
{NT_STATUS_BAD_NETWORK_NAME, ENOENT},
#ifdef EDQUOT
{NT_STATUS_PAGEFILE_QUOTA, EDQUOT},
{NT_STATUS_QUOTA_EXCEEDED, EDQUOT},
{NT_STATUS_REGISTRY_QUOTA_LIMIT, EDQUOT},
{NT_STATUS_LICENSE_QUOTA_EXCEEDED, EDQUOT},
#endif
#ifdef ETIME
{NT_STATUS_TIMER_NOT_CANCELED, ETIME},
#endif
{NT_STATUS_INVALID_PARAMETER, EINVAL},
{NT_STATUS_NO_SUCH_DEVICE, ENODEV},
{NT_STATUS_NO_SUCH_FILE, ENOENT},
#ifdef ENODATA
{NT_STATUS_END_OF_FILE, ENODATA},
#endif
#ifdef ENOMEDIUM
{NT_STATUS_NO_MEDIA_IN_DEVICE, ENOMEDIUM},
{NT_STATUS_NO_MEDIA, ENOMEDIUM},
#endif
{NT_STATUS_NONEXISTENT_SECTOR, ESPIPE},
{NT_STATUS_NO_MEMORY, ENOMEM},
{NT_STATUS_CONFLICTING_ADDRESSES, EADDRINUSE},
{NT_STATUS_NOT_MAPPED_VIEW, EINVAL},
{NT_STATUS_UNABLE_TO_FREE_VM, EADDRINUSE},
{NT_STATUS_ACCESS_DENIED, EACCES},
{NT_STATUS_BUFFER_TOO_SMALL, ENOBUFS},
{NT_STATUS_WRONG_PASSWORD, EACCES},
{NT_STATUS_LOGON_FAILURE, EACCES},
{NT_STATUS_INVALID_WORKSTATION, EACCES},
{NT_STATUS_INVALID_LOGON_HOURS, EACCES},
{NT_STATUS_PASSWORD_EXPIRED, EACCES},
{NT_STATUS_ACCOUNT_DISABLED, EACCES},
{NT_STATUS_DISK_FULL, ENOSPC},
{NT_STATUS_INVALID_PIPE_STATE, EPIPE},
{NT_STATUS_PIPE_BUSY, EPIPE},
{NT_STATUS_PIPE_DISCONNECTED, EPIPE},
{NT_STATUS_PIPE_NOT_AVAILABLE, ENOSYS},
{NT_STATUS_FILE_IS_A_DIRECTORY, EISDIR},
{NT_STATUS_NOT_SUPPORTED, ENOSYS},
{NT_STATUS_NOT_A_DIRECTORY, ENOTDIR},
{NT_STATUS_DIRECTORY_NOT_EMPTY, ENOTEMPTY},
{NT_STATUS_NETWORK_UNREACHABLE, ENETUNREACH},
{NT_STATUS_HOST_UNREACHABLE, EHOSTUNREACH},
{NT_STATUS_CONNECTION_ABORTED, ECONNABORTED},
{NT_STATUS_CONNECTION_REFUSED, ECONNREFUSED},
{NT_STATUS_TOO_MANY_LINKS, EMLINK},
{NT_STATUS_NETWORK_BUSY, EBUSY},
{NT_STATUS_DEVICE_DOES_NOT_EXIST, ENODEV},
#ifdef ELIBACC
{NT_STATUS_DLL_NOT_FOUND, ELIBACC},
#endif
{NT_STATUS_PIPE_BROKEN, EPIPE},
{NT_STATUS_REMOTE_NOT_LISTENING, ECONNREFUSED},
{NT_STATUS_NETWORK_ACCESS_DENIED, EACCES},
{NT_STATUS_TOO_MANY_OPENED_FILES, EMFILE},
#ifdef EPROTO
{NT_STATUS_DEVICE_PROTOCOL_ERROR, EPROTO},
#endif
{NT_STATUS_FLOAT_OVERFLOW, ERANGE},
{NT_STATUS_FLOAT_UNDERFLOW, ERANGE},
{NT_STATUS_INTEGER_OVERFLOW, ERANGE},
{NT_STATUS_MEDIA_WRITE_PROTECTED, EROFS},
{NT_STATUS_PIPE_CONNECTED, EISCONN},
{NT_STATUS_MEMORY_NOT_ALLOCATED, EFAULT},
{NT_STATUS_FLOAT_INEXACT_RESULT, ERANGE},
{NT_STATUS_ILL_FORMED_PASSWORD, EACCES},
{NT_STATUS_PASSWORD_RESTRICTION, EACCES},
{NT_STATUS_ACCOUNT_RESTRICTION, EACCES},
{NT_STATUS_PORT_CONNECTION_REFUSED, ECONNREFUSED},
{NT_STATUS_NAME_TOO_LONG, ENAMETOOLONG},
{NT_STATUS_REMOTE_DISCONNECT, ESHUTDOWN},
{NT_STATUS_CONNECTION_DISCONNECTED, ECONNABORTED},
{NT_STATUS_CONNECTION_RESET, ENETRESET},
#ifdef ENOTUNIQ
{NT_STATUS_IP_ADDRESS_CONFLICT1, ENOTUNIQ},
{NT_STATUS_IP_ADDRESS_CONFLICT2, ENOTUNIQ},
#endif
{NT_STATUS_PORT_MESSAGE_TOO_LONG, EMSGSIZE},
{NT_STATUS_PROTOCOL_UNREACHABLE, ENOPROTOOPT},
{NT_STATUS_ADDRESS_ALREADY_EXISTS, EADDRINUSE},
{NT_STATUS_PORT_UNREACHABLE, EHOSTUNREACH},
{NT_STATUS_IO_TIMEOUT, ETIMEDOUT},
{NT_STATUS_RETRY, EAGAIN},
#ifdef ENOTUNIQ
{NT_STATUS_DUPLICATE_NAME, ENOTUNIQ},
#endif
#ifdef ECOMM
{NT_STATUS_NET_WRITE_FAULT, ECOMM},
#endif
#ifdef EXDEV
{NT_STATUS_NOT_SAME_DEVICE, EXDEV},
#endif
{NT_STATUS(0), 0}
};
int map_errno_from_nt_status(NTSTATUS status)
{
int i;
DEBUG(10,("map_errno_from_nt_status: 32 bit codes: code=%08x\n",
NT_STATUS_V(status)));
/* Status codes without this bit set are not errors */
if (!(NT_STATUS_V(status) & 0xc0000000)) {
return 0;
}
for (i=0;nt_errno_map[i].error;i++) {
if (NT_STATUS_V(nt_errno_map[i].status) ==
NT_STATUS_V(status)) {
return nt_errno_map[i].error;
}
}
/* for all other cases - a default code */
return EINVAL;
}

1
source3/lib/ldb/common/ldb.c
View File

@ -787,6 +787,7 @@ int ldb_search(struct ldb_context *ldb,
done:
if (ret != LDB_SUCCESS) {
talloc_free(res);
res = NULL;
}
*_res = res;

3
source3/lib/netapi/file.c
View File

@ -47,7 +47,8 @@ WERROR NetFileClose_r(struct libnetapi_ctx *ctx,
r->in.server_name,
r->in.fileid,
&werr);
if (!W_ERROR_IS_OK(werr)) {
if (!NT_STATUS_IS_OK(status)) {
werr = ntstatus_to_werror(status);
goto done;
}

4
source3/lib/netapi/getdc.c
View File

@ -58,6 +58,10 @@ WERROR NetGetDCName_r(struct libnetapi_ctx *ctx,
r->in.domain_name,
(const char **)r->out.buffer,
&werr);
if (!NT_STATUS_IS_OK(status)) {
werr = ntstatus_to_werror(status);
}
done:
return werr;

3
source3/lib/netapi/share.c
View File

@ -271,7 +271,8 @@ WERROR NetShareDel_r(struct libnetapi_ctx *ctx,
r->in.net_name,
r->in.reserved,
&werr);
if (!W_ERROR_IS_OK(werr)) {
if (!NT_STATUS_IS_OK(status)) {
werr = ntstatus_to_werror(status);
goto done;
}

53
source3/lib/netapi/user.c
View File

@ -108,18 +108,18 @@ static void convert_USER_INFO_X_to_samr_user_info21(struct USER_INFO_X *infoX,
infoX->usriX_workstations,
infoX->usriX_usr_comment,
&zero_parameters,
0,
infoX->usriX_user_id,
infoX->usriX_primary_group_id,
infoX->usriX_flags,
fields_present,
zero_logon_hours,
0,
0,
infoX->usriX_bad_pw_count,
infoX->usriX_num_logons,
infoX->usriX_country_code,
infoX->usriX_code_page,
0,
0,
0,
0);
infoX->usriX_password_expired);
}
/****************************************************************
@ -132,6 +132,7 @@ static NTSTATUS construct_USER_INFO_X(uint32_t level,
struct USER_INFO_0 *u0 = NULL;
struct USER_INFO_1 *u1 = NULL;
struct USER_INFO_2 *u2 = NULL;
struct USER_INFO_3 *u3 = NULL;
struct USER_INFO_1003 *u1003 = NULL;
struct USER_INFO_1006 *u1006 = NULL;
struct USER_INFO_1007 *u1007 = NULL;
@ -193,6 +194,37 @@ static NTSTATUS construct_USER_INFO_X(uint32_t level,
uX->usriX_country_code = u2->usri2_country_code;
uX->usriX_code_page = u2->usri2_code_page;
break;
case 3:
u3 = (struct USER_INFO_3 *)buffer;
uX->usriX_name = u3->usri3_name;
uX->usriX_password_age = u3->usri3_password_age;
uX->usriX_priv = u3->usri3_priv;
uX->usriX_home_dir = u3->usri3_home_dir;
uX->usriX_comment = u3->usri3_comment;
uX->usriX_flags = u3->usri3_flags;
uX->usriX_script_path = u3->usri3_script_path;
uX->usriX_auth_flags = u3->usri3_auth_flags;
uX->usriX_full_name = u3->usri3_full_name;
uX->usriX_usr_comment = u3->usri3_usr_comment;
uX->usriX_parms = u3->usri3_parms;
uX->usriX_workstations = u3->usri3_workstations;
uX->usriX_last_logon = u3->usri3_last_logon;
uX->usriX_last_logoff = u3->usri3_last_logoff;
uX->usriX_acct_expires = u3->usri3_acct_expires;
uX->usriX_max_storage = u3->usri3_max_storage;
uX->usriX_units_per_week= u3->usri3_units_per_week;
uX->usriX_logon_hours = u3->usri3_logon_hours;
uX->usriX_bad_pw_count = u3->usri3_bad_pw_count;
uX->usriX_num_logons = u3->usri3_num_logons;
uX->usriX_logon_server = u3->usri3_logon_server;
uX->usriX_country_code = u3->usri3_country_code;
uX->usriX_code_page = u3->usri3_code_page;
uX->usriX_user_id = u3->usri3_user_id;
uX->usriX_primary_group_id = u3->usri3_primary_group_id;
uX->usriX_profile = u3->usri3_profile;
uX->usriX_home_dir_drive = u3->usri3_home_dir_drive;
uX->usriX_password_expired = u3->usri3_password_expired;
break;
case 1003:
u1003 = (struct USER_INFO_1003 *)buffer;
uX->usriX_password = u1003->usri1003_password;
@ -237,7 +269,6 @@ static NTSTATUS construct_USER_INFO_X(uint32_t level,
u1053 = (struct USER_INFO_1053 *)buffer;
uX->usriX_home_dir_drive = u1053->usri1053_home_dir_drive;
break;
case 3:
case 4:
default:
return NT_STATUS_INVALID_INFO_CLASS;
@ -1753,9 +1784,17 @@ WERROR NetUserSetInfo_r(struct libnetapi_ctx *ctx,
user_mask = SAMR_USER_ACCESS_SET_ATTRIBUTES |
SAMR_USER_ACCESS_GET_GROUPS;
break;
case 3:
user_mask = STD_RIGHT_READ_CONTROL_ACCESS |
STD_RIGHT_WRITE_DAC_ACCESS |
SAMR_USER_ACCESS_GET_GROUPS |
SAMR_USER_ACCESS_SET_PASSWORD |
SAMR_USER_ACCESS_SET_ATTRIBUTES |
SAMR_USER_ACCESS_GET_ATTRIBUTES |
SAMR_USER_ACCESS_SET_LOC_COM;
break;
case 1:
case 2:
case 3:
case 4:
case 21:
case 22:

21
source3/lib/readline.c
View File

@ -45,6 +45,24 @@
# define RL_COMPLETION_CAST
#endif /* HAVE_NEW_LIBREADLINE */
static bool smb_rl_done;
#if HAVE_LIBREADLINE
/*
* MacOS/X does not have rl_done in readline.h, but
* readline.so has it
*/
extern int rl_done;
#endif
void smb_readline_done(void)
{
smb_rl_done = true;
#if HAVE_LIBREADLINE
rl_done = 1;
#endif
}
/****************************************************************************
Display the prompt and wait for input. Call callback() regularly
****************************************************************************/
@ -69,7 +87,7 @@ static char *smb_readline_replacement(const char *prompt, void (*callback)(void)
return NULL;
}
while (1) {
while (!smb_rl_done) {
timeout.tv_sec = 5;
timeout.tv_usec = 0;
@ -87,6 +105,7 @@ static char *smb_readline_replacement(const char *prompt, void (*callback)(void)
callback();
}
}
return NULL;
}
/****************************************************************************

2
source3/lib/secace.c
View File

@ -55,7 +55,7 @@ void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src)
********************************************************************/
void init_sec_ace(SEC_ACE *t, const DOM_SID *sid, enum security_ace_type type,
uint32 mask, uint8 flag)
uint32_t mask, uint8 flag)
{
t->type = type;
t->flags = flag;

13
source3/lib/secdesc.c
View File

@ -512,7 +512,7 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
if (!inherit)
continue;
init_sec_access(&new_ace->access_mask, ace->access_mask);
new_ace->access_mask = ace->access_mask;
init_sec_ace(new_ace, &ace->trustee, ace->type,
new_ace->access_mask, new_flags);
@ -546,14 +546,3 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
return sdb;
}
/*******************************************************************
Sets up a SEC_ACCESS structure.
********************************************************************/
void init_sec_access(uint32 *t, uint32 mask)
{
*t = mask;
}

8
source3/lib/sharesec.c
View File

@ -124,7 +124,7 @@ static bool share_info_db_init(void)
SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def_access)
{
SEC_ACCESS sa;
uint32_t sa;
SEC_ACE ace;
SEC_ACL *psa = NULL;
SEC_DESC *psd = NULL;
@ -132,7 +132,7 @@ SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def
se_map_generic(&spec_access, &file_generic_mapping);
init_sec_access(&sa, def_access | spec_access );
sa = (def_access | spec_access );
init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &ace)) != NULL) {
@ -332,7 +332,7 @@ bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd)
}
for (i = 0; i < num_aces; i++) {
SEC_ACCESS sa;
uint32_t sa;
uint32 g_access;
uint32 s_access;
DOM_SID sid;
@ -380,7 +380,7 @@ bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd)
pacl++; /* Go past any ',' */
se_map_generic(&s_access, &file_generic_mapping);
init_sec_access(&sa, g_access | s_access );
sa = (g_access | s_access);
init_sec_ace(&ace_list[i], &sid, type, sa, 0);
}

32
source3/lib/util_seaccess.c
View File

@ -30,7 +30,7 @@ extern NT_USER_TOKEN anonymous_token;
static uint32 check_ace(SEC_ACE *ace, const NT_USER_TOKEN *token, uint32 acc_desired,
NTSTATUS *status)
{
uint32 mask = ace->access_mask;
uint32_t mask = ace->access_mask;
/*
* Inherit only is ignored.
@ -176,6 +176,24 @@ void se_map_generic(uint32 *access_mask, const struct generic_mapping *mapping)
}
}
/* Map generic access rights to object specific rights for all the ACE's
* in a security_acl.
*/
void security_acl_map_generic(struct security_acl *sa,
const struct generic_mapping *mapping)
{
unsigned int i;
if (!sa) {
return;
}
for (i = 0; i < sa->num_aces; i++) {
se_map_generic(&sa->aces[i].access_mask, mapping);
}
}
/* Map standard access rights to object specific rights. This technique is
used to give meaning to assigning read, write, execute and all access to
objects. Each type of object has its own mapping of standard to object
@ -328,7 +346,6 @@ NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size)
DOM_SID act_sid;
SEC_ACE ace[3];
SEC_ACCESS mask;
SEC_ACL *psa = NULL;
@ -339,13 +356,14 @@ NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size)
sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
/*basic access for every one*/
init_sec_access(&mask, GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ);
init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ, 0);
/*full access for builtin aliases Administrators and Account Operators*/
init_sec_access(&mask, GENERIC_RIGHTS_SAM_ALL_ACCESS);
init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
init_sec_ace(&ace[1], &adm_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0);
init_sec_ace(&ace[2], &act_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0);
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
return NT_STATUS_NO_MEMORY;

1
source3/libaddns/dnsmarshall.c
View File

@ -252,6 +252,7 @@ void dns_unmarshall_domain_name(TALLOC_CTX *mem_ctx,
if (!(name = talloc(mem_ctx, struct dns_domain_name))) {
buf->error = ERROR_DNS_NO_MEMORY;
return;
}
dns_unmarshall_label(name, 0, buf, &name->pLabelList);

4
source3/libaddns/dnsrecord.c
View File

@ -378,10 +378,10 @@ DNS_ERROR dns_create_update_request(TALLOC_CTX *mem_ctx,
if (!ERR_DNS_IS_OK(err)) return err;
/*
* The zone must be used at all
* Use the same prereq as WinXP -- No CNAME records for this host.
*/
err = dns_create_rrec(req, domainname, QTYPE_ANY, DNS_CLASS_ANY,
err = dns_create_rrec(req, hostname, QTYPE_CNAME, DNS_CLASS_NONE,
0, 0, NULL, &rec);
if (!ERR_DNS_IS_OK(err)) goto error;

2
source3/libads/cldap.c
View File

@ -283,7 +283,7 @@ bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx,
return false;
}
*reply5 = reply->nt5_ex;
*reply5 = reply->data.nt5_ex;
return true;
}

1
source3/libads/ldap.c
View File

@ -2828,6 +2828,7 @@ ADS_STATUS ads_domain_func_level(ADS_STRUCT *ads, uint32 *val)
if ( (ads_s = ads_init( ads->server.realm, ads->server.workgroup,
ads->server.ldap_server )) == NULL )
{
status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
goto done;
}
ads_s->auth.flags = ADS_AUTH_ANON_BIND;

2
source3/libads/util.c
View File

@ -86,6 +86,8 @@ ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads,
server_realm = SMB_STRDUP(ads->config.realm);
if (!server || !server_realm) {
SAFE_FREE(server);
SAFE_FREE(server_realm);
return ADS_ERROR(LDAP_NO_MEMORY);
}

2
source3/libgpo/gpext/scripts.c
View File

@ -93,7 +93,7 @@ static NTSTATUS generate_gp_registry_entry(TALLOC_CTX *mem_ctx,
data->type = data_type;
switch (data->type) {
case REG_QWORD:
data->v.qword = (uint64_t)data_p;
data->v.qword = *(uint64_t *)data_p;
break;
case REG_SZ:
data->v.sz.str = talloc_strdup(mem_ctx, (char *)data_p);

267
source3/libgpo/gpext/security.c Normal file
View File

@ -0,0 +1,267 @@
/*
* Unix SMB/CIFS implementation.
* Group Policy Support
* Copyright (C) Guenther Deschner 2005-2008
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "libgpo/gpo_ini.h"
#define GP_EXT_NAME "security"
#define GPTTMPL_UNIX_PATH "Microsoft/Windows NT/SecEdit/GptTmpl.inf"
#define GPTTMPL_SECTION_UNICODE "Unicode"
#define GPTTMPL_SECTION_VERSION "Version"
#define GPTTMPL_SECTION_REGISTRY_VALUES "Registry Values"
#define GPTTMPL_SECTION_SYSTEM_ACCESS "System Access"
#define GPTTMPL_SECTION_KERBEROS_POLICY "Kerberos Policy"
#define GPTTMPL_SECTION_EVENT_AUDIT "Event Audit"
#define GPTTMPL_SECTION_PRIVILEGE_RIGHTS "Privilege Rights"
#define GPTTMPL_SECTION_APPLICATION_LOG "Application Log"
#define GPTTMPL_SECTION_SECURITY_LOG "Security Log"
#define GPTTMPL_SECTION_SYSTEM_LOG "System Log"
#define GPTTMPL_SECTION_GROUP_MEMBERSHIP "Group Membership"
#define GPTTMPL_SECTION_FILE_SECURITY "File Security"
#define GPTTMPL_SECTION_SERVICE_GENERAL_SETTING "Service General Setting"
static TALLOC_CTX *ctx = NULL;
struct gpttmpl_table {
const char *section;
const char *parameter;
enum winreg_Type type;
};
/****************************************************************
parse the Version section from gpttmpl file
****************************************************************/
#define GPTTMPL_PARAMETER_REVISION "Revision"
#define GPTTMPL_PARAMETER_SIGNATURE "signature"
#define GPTTMPL_VALUE_CHICAGO "$CHICAGO$" /* whatever this is good for... */
#define GPTTMPL_PARAMETER_UNICODE "Unicode"
static NTSTATUS gpttmpl_parse_header(dictionary *dict,
uint32_t *version_out)
{
const char *signature = NULL;
uint32_t version;
if (!dict) {
return NT_STATUS_INVALID_PARAMETER;
}
if ((signature = iniparser_getstring(dict, GPTTMPL_SECTION_VERSION
":"GPTTMPL_PARAMETER_SIGNATURE, NULL)) == NULL) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
if (!strequal(signature, GPTTMPL_VALUE_CHICAGO)) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
if ((version = iniparser_getint(dict, GPTTMPL_SECTION_VERSION
":"GPTTMPL_PARAMETER_REVISION, Undefined)) == Undefined) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
if (version_out) {
*version_out = version;
}
/* treat that as boolean */
if ((!iniparser_getboolean(dict, GPTTMPL_SECTION_UNICODE
":"GPTTMPL_PARAMETER_UNICODE, Undefined)) == Undefined) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
return NT_STATUS_OK;
}
/****************************************************************
****************************************************************/
static NTSTATUS gpttmpl_init_context(TALLOC_CTX *mem_ctx,
uint32_t flags,
const char *unix_path,
struct gp_inifile_context **ini_ctx)
{
NTSTATUS status;
uint32_t version;
struct gp_inifile_context *tmp_ctx = NULL;
status = gp_inifile_init_context(mem_ctx, flags, unix_path,
GPTTMPL_UNIX_PATH, &tmp_ctx);
NT_STATUS_NOT_OK_RETURN(status);
status = gpttmpl_parse_header(tmp_ctx->dict, &version);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1,("gpttmpl_init_context: failed: %s\n",
nt_errstr(status)));
TALLOC_FREE(tmp_ctx);
return status;
}
*ini_ctx = tmp_ctx;
return NT_STATUS_OK;
}
/****************************************************************
****************************************************************/
static NTSTATUS gpttmpl_process(struct gp_inifile_context *ini_ctx,
struct registry_key *root_key,
uint32_t flags)
{
return NT_STATUS_OK;
}
/****************************************************************
****************************************************************/
static NTSTATUS security_process_group_policy(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
uint32_t flags,
struct registry_key *root_key,
const struct nt_user_token *token,
struct GROUP_POLICY_OBJECT *gpo,
const char *extension_guid,
const char *snapin_guid)
{
NTSTATUS status;
char *unix_path = NULL;
struct gp_inifile_context *ini_ctx = NULL;
debug_gpext_header(0, "security_process_group_policy", flags, gpo,
extension_guid, snapin_guid);
/* this handler processes the gpttmpl files and merge output to the
* registry */
status = gpo_get_unix_path(mem_ctx, gpo, &unix_path);
if (!NT_STATUS_IS_OK(status)) {
goto out;
}
status = gpttmpl_init_context(mem_ctx, flags, unix_path, &ini_ctx);
if (!NT_STATUS_IS_OK(status)) {
goto out;
}
status = gpttmpl_process(ini_ctx, root_key, flags);
if (!NT_STATUS_IS_OK(status)) {
goto out;
}
out:
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("security_process_group_policy: %s\n",
nt_errstr(status)));
}
TALLOC_FREE(ini_ctx);
return status;
}
/****************************************************************
****************************************************************/
static NTSTATUS security_get_reg_config(TALLOC_CTX *mem_ctx,
struct gp_extension_reg_info **reg_info)
{
NTSTATUS status;
struct gp_extension_reg_info *info = NULL;
struct gp_extension_reg_table table[] = {
/* FIXME: how can we store the "(Default)" value ??? */
/* { "", REG_SZ, "Security" }, */
{ "ProcessGroupPolicy", REG_SZ, "security_process_group_policy" },
{ "NoUserPolicy", REG_DWORD, "1" },
{ "ExtensionDebugLevel", REG_DWORD, "1" },
{ NULL, REG_NONE, NULL }
};
info = TALLOC_ZERO_P(mem_ctx, struct gp_extension_reg_info);
NT_STATUS_HAVE_NO_MEMORY(info);
status = gp_ext_info_add_entry(mem_ctx, GP_EXT_NAME,
GP_EXT_GUID_SECURITY,
table, info);
NT_STATUS_NOT_OK_RETURN(status);
*reg_info = info;
return NT_STATUS_OK;
}
/****************************************************************
****************************************************************/
static NTSTATUS security_initialize(TALLOC_CTX *mem_ctx)
{
return NT_STATUS_OK;
}
/****************************************************************
****************************************************************/
static NTSTATUS security_shutdown(void)
{
NTSTATUS status;
status = unregister_gp_extension(GP_EXT_NAME);
if (NT_STATUS_IS_OK(status)) {
return status;
}
TALLOC_FREE(ctx);
return NT_STATUS_OK;
}
/****************************************************************
****************************************************************/
static struct gp_extension_methods security_methods = {
.initialize = security_initialize,
.process_group_policy = security_process_group_policy,
.get_reg_config = security_get_reg_config,
.shutdown = security_shutdown
};
/****************************************************************
****************************************************************/
static NTSTATUS gpext_security_init(void)
{
NTSTATUS status;
ctx = talloc_init("gpext_security_init");
NT_STATUS_HAVE_NO_MEMORY(ctx);
status = register_gp_extension(ctx, SMB_GPEXT_INTERFACE_VERSION,
GP_EXT_NAME, GP_EXT_GUID_SECURITY,
&security_methods);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(ctx);
}
return status;
}

14
source3/libgpo/gpo_reg.c
View File

@ -689,25 +689,25 @@ static WERROR gp_reg_generate_sd(TALLOC_CTX *mem_ctx,
size_t *sd_size)
{
SEC_ACE ace[6];
SEC_ACCESS mask;
uint32_t mask;
SEC_ACL *acl = NULL;
uint8_t inherit_flags;
init_sec_access(&mask, REG_KEY_ALL);
mask = REG_KEY_ALL;
init_sec_ace(&ace[0],
&global_sid_System,
SEC_ACE_TYPE_ACCESS_ALLOWED,
mask, 0);
init_sec_access(&mask, REG_KEY_ALL);
mask = REG_KEY_ALL;
init_sec_ace(&ace[1],
&global_sid_Builtin_Administrators,
SEC_ACE_TYPE_ACCESS_ALLOWED,
mask, 0);
init_sec_access(&mask, REG_KEY_READ);
mask = REG_KEY_READ;
init_sec_ace(&ace[2],
sid ? sid : &global_sid_Authenticated_Users,
SEC_ACE_TYPE_ACCESS_ALLOWED,
@ -717,19 +717,19 @@ static WERROR gp_reg_generate_sd(TALLOC_CTX *mem_ctx,
SEC_ACE_FLAG_CONTAINER_INHERIT |
SEC_ACE_FLAG_INHERIT_ONLY;
init_sec_access(&mask, REG_KEY_ALL);
mask = REG_KEY_ALL;
init_sec_ace(&ace[3],
&global_sid_System,
SEC_ACE_TYPE_ACCESS_ALLOWED,
mask, inherit_flags);
init_sec_access(&mask, REG_KEY_ALL);
mask = REG_KEY_ALL;
init_sec_ace(&ace[4],
&global_sid_Builtin_Administrators,
SEC_ACE_TYPE_ACCESS_ALLOWED,
mask, inherit_flags);
init_sec_access(&mask, REG_KEY_READ);
mask = REG_KEY_READ;
init_sec_ace(&ace[5],
sid ? sid : &global_sid_Authenticated_Users,
SEC_ACE_TYPE_ACCESS_ALLOWED,

11
source3/libnet/libnet_join.c
View File

@ -357,10 +357,15 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
strupper_m(spn);
spn_array[0] = spn;
if (name_to_fqdn(my_fqdn, r->in.machine_name) &&
!strequal(my_fqdn, r->in.machine_name)) {
if (!name_to_fqdn(my_fqdn, r->in.machine_name)
|| (strchr(my_fqdn, '.') == NULL)) {
fstr_sprintf(my_fqdn, "%s.%s", r->in.machine_name,
r->out.dns_domain_name);
}
strlower_m(my_fqdn);
strlower_m(my_fqdn);
if (!strequal(my_fqdn, r->in.machine_name)) {
spn = talloc_asprintf(mem_ctx, "HOST/%s", my_fqdn);
if (!spn) {
return ADS_ERROR_LDAP(LDAP_NO_MEMORY);

2
source3/libnet/libnet_proto.h
View File

@ -53,7 +53,7 @@ krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx);
struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *ctx,
const char *principal, int kvno,
const const krb5_enctype enctype,
const krb5_enctype enctype,
TALLOC_CTX *mem_ctx);
#endif

2
source3/librpc/gen_ndr/nbt.h
View File

@ -391,7 +391,7 @@ struct nbt_dgram_packet {
}/* [public,flag(LIBNDR_FLAG_NOALIGN|LIBNDR_FLAG_BIGENDIAN|LIBNDR_PRINT_ARRAY_HEX)] */;
struct nbt_sockaddr {
uint32_t sa_family;
uint32_t sockaddr_family;
const char * pdc_ip;/* [flag(LIBNDR_FLAG_BIGENDIAN)] */
DATA_BLOB remaining;/* [flag(LIBNDR_FLAG_REMAINING)] */
}/* [gensize,public] */;

6
source3/librpc/gen_ndr/ndr_nbt.c
View File

@ -1531,7 +1531,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_nbt_sockaddr(struct ndr_push *ndr, int ndr_f
{
if (ndr_flags & NDR_SCALARS) {
NDR_CHECK(ndr_push_align(ndr, 4));
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->sa_family));
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->sockaddr_family));
{
uint32_t _flags_save_ipv4address = ndr->flags;
ndr_set_flags(&ndr->flags, LIBNDR_FLAG_BIGENDIAN);
@ -1554,7 +1554,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_nbt_sockaddr(struct ndr_pull *ndr, int ndr_f
{
if (ndr_flags & NDR_SCALARS) {
NDR_CHECK(ndr_pull_align(ndr, 4));
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sa_family));
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sockaddr_family));
{
uint32_t _flags_save_ipv4address = ndr->flags;
ndr_set_flags(&ndr->flags, LIBNDR_FLAG_BIGENDIAN);
@ -1577,7 +1577,7 @@ _PUBLIC_ void ndr_print_nbt_sockaddr(struct ndr_print *ndr, const char *name, co
{
ndr_print_struct(ndr, name, "nbt_sockaddr");
ndr->depth++;
ndr_print_uint32(ndr, "sa_family", r->sa_family);
ndr_print_uint32(ndr, "sockaddr_family", r->sockaddr_family);
ndr_print_ipv4address(ndr, "pdc_ip", r->pdc_ip);
ndr_print_DATA_BLOB(ndr, "remaining", r->remaining);
ndr->depth--;

2
source3/librpc/idl/nbt.idl
View File

@ -339,7 +339,7 @@ interface nbt
*/
typedef [public,gensize] struct {
uint32 sa_family;
uint32 sockaddr_family;
[flag(NDR_BIG_ENDIAN)] ipv4address pdc_ip;
[flag(NDR_REMAINING)] DATA_BLOB remaining;
} nbt_sockaddr;

4
source3/libsmb/async_smb.c
View File

@ -924,7 +924,7 @@ static void cli_state_handler(struct event_context *event_ctx,
}
cli->evt_inbuf = tmp;
res = recv(cli->fd, cli->evt_inbuf + old_size, available, 0);
res = sys_recv(cli->fd, cli->evt_inbuf + old_size, available, 0);
if (res == -1) {
DEBUG(10, ("recv failed: %s\n", strerror(errno)));
status = map_nt_error_from_unix(errno);
@ -970,7 +970,7 @@ static void cli_state_handler(struct event_context *event_ctx,
return;
}
sent = send(cli->fd, req->outbuf + req->sent,
sent = sys_send(cli->fd, req->outbuf + req->sent,
to_send - req->sent, 0);
if (sent < 0) {

4
source3/libsmb/clidgram.c
View File

@ -279,8 +279,8 @@ bool receive_getdc_response(TALLOC_CTX *mem_ctx,
/* do we still need this ? */
*nt_version = r.ntver;
returned_domain = r.nt5_ex.domain;
returned_dc = r.nt5_ex.pdc_name;
returned_domain = r.data.nt5_ex.domain;
returned_dc = r.data.nt5_ex.pdc_name;
if (!strequal(returned_domain, domain_name)) {
DEBUG(3, ("GetDC: Expected domain %s, got %s\n",

140
source3/libsmb/clierror.c
View File

@ -236,142 +236,6 @@ void cli_dos_error(struct cli_state *cli, uint8 *eclass, uint32 *ecode)
*ecode = SVAL(cli->inbuf,smb_err);
}
/* Return a UNIX errno from a NT status code */
static const struct {
NTSTATUS status;
int error;
} nt_errno_map[] = {
{NT_STATUS_ACCESS_VIOLATION, EACCES},
{NT_STATUS_INVALID_HANDLE, EBADF},
{NT_STATUS_ACCESS_DENIED, EACCES},
{NT_STATUS_OBJECT_NAME_NOT_FOUND, ENOENT},
{NT_STATUS_OBJECT_PATH_NOT_FOUND, ENOENT},
{NT_STATUS_SHARING_VIOLATION, EBUSY},
{NT_STATUS_OBJECT_PATH_INVALID, ENOTDIR},
{NT_STATUS_OBJECT_NAME_COLLISION, EEXIST},
{NT_STATUS_PATH_NOT_COVERED, ENOENT},
{NT_STATUS_UNSUCCESSFUL, EINVAL},
{NT_STATUS_NOT_IMPLEMENTED, ENOSYS},
{NT_STATUS_IN_PAGE_ERROR, EFAULT},
{NT_STATUS_BAD_NETWORK_NAME, ENOENT},
#ifdef EDQUOT
{NT_STATUS_PAGEFILE_QUOTA, EDQUOT},
{NT_STATUS_QUOTA_EXCEEDED, EDQUOT},
{NT_STATUS_REGISTRY_QUOTA_LIMIT, EDQUOT},
{NT_STATUS_LICENSE_QUOTA_EXCEEDED, EDQUOT},
#endif
#ifdef ETIME
{NT_STATUS_TIMER_NOT_CANCELED, ETIME},
#endif
{NT_STATUS_INVALID_PARAMETER, EINVAL},
{NT_STATUS_NO_SUCH_DEVICE, ENODEV},
{NT_STATUS_NO_SUCH_FILE, ENOENT},
#ifdef ENODATA
{NT_STATUS_END_OF_FILE, ENODATA},
#endif
#ifdef ENOMEDIUM
{NT_STATUS_NO_MEDIA_IN_DEVICE, ENOMEDIUM},
{NT_STATUS_NO_MEDIA, ENOMEDIUM},
#endif
{NT_STATUS_NONEXISTENT_SECTOR, ESPIPE},
{NT_STATUS_NO_MEMORY, ENOMEM},
{NT_STATUS_CONFLICTING_ADDRESSES, EADDRINUSE},
{NT_STATUS_NOT_MAPPED_VIEW, EINVAL},
{NT_STATUS_UNABLE_TO_FREE_VM, EADDRINUSE},
{NT_STATUS_ACCESS_DENIED, EACCES},
{NT_STATUS_BUFFER_TOO_SMALL, ENOBUFS},
{NT_STATUS_WRONG_PASSWORD, EACCES},
{NT_STATUS_LOGON_FAILURE, EACCES},
{NT_STATUS_INVALID_WORKSTATION, EACCES},
{NT_STATUS_INVALID_LOGON_HOURS, EACCES},
{NT_STATUS_PASSWORD_EXPIRED, EACCES},
{NT_STATUS_ACCOUNT_DISABLED, EACCES},
{NT_STATUS_DISK_FULL, ENOSPC},
{NT_STATUS_INVALID_PIPE_STATE, EPIPE},
{NT_STATUS_PIPE_BUSY, EPIPE},
{NT_STATUS_PIPE_DISCONNECTED, EPIPE},
{NT_STATUS_PIPE_NOT_AVAILABLE, ENOSYS},
{NT_STATUS_FILE_IS_A_DIRECTORY, EISDIR},
{NT_STATUS_NOT_SUPPORTED, ENOSYS},
{NT_STATUS_NOT_A_DIRECTORY, ENOTDIR},
{NT_STATUS_DIRECTORY_NOT_EMPTY, ENOTEMPTY},
{NT_STATUS_NETWORK_UNREACHABLE, ENETUNREACH},
{NT_STATUS_HOST_UNREACHABLE, EHOSTUNREACH},
{NT_STATUS_CONNECTION_ABORTED, ECONNABORTED},
{NT_STATUS_CONNECTION_REFUSED, ECONNREFUSED},
{NT_STATUS_TOO_MANY_LINKS, EMLINK},
{NT_STATUS_NETWORK_BUSY, EBUSY},
{NT_STATUS_DEVICE_DOES_NOT_EXIST, ENODEV},
#ifdef ELIBACC
{NT_STATUS_DLL_NOT_FOUND, ELIBACC},
#endif
{NT_STATUS_PIPE_BROKEN, EPIPE},
{NT_STATUS_REMOTE_NOT_LISTENING, ECONNREFUSED},
{NT_STATUS_NETWORK_ACCESS_DENIED, EACCES},
{NT_STATUS_TOO_MANY_OPENED_FILES, EMFILE},
#ifdef EPROTO
{NT_STATUS_DEVICE_PROTOCOL_ERROR, EPROTO},
#endif
{NT_STATUS_FLOAT_OVERFLOW, ERANGE},
{NT_STATUS_FLOAT_UNDERFLOW, ERANGE},
{NT_STATUS_INTEGER_OVERFLOW, ERANGE},
{NT_STATUS_MEDIA_WRITE_PROTECTED, EROFS},
{NT_STATUS_PIPE_CONNECTED, EISCONN},
{NT_STATUS_MEMORY_NOT_ALLOCATED, EFAULT},
{NT_STATUS_FLOAT_INEXACT_RESULT, ERANGE},
{NT_STATUS_ILL_FORMED_PASSWORD, EACCES},
{NT_STATUS_PASSWORD_RESTRICTION, EACCES},
{NT_STATUS_ACCOUNT_RESTRICTION, EACCES},
{NT_STATUS_PORT_CONNECTION_REFUSED, ECONNREFUSED},
{NT_STATUS_NAME_TOO_LONG, ENAMETOOLONG},
{NT_STATUS_REMOTE_DISCONNECT, ESHUTDOWN},
{NT_STATUS_CONNECTION_DISCONNECTED, ECONNABORTED},
{NT_STATUS_CONNECTION_RESET, ENETRESET},
#ifdef ENOTUNIQ
{NT_STATUS_IP_ADDRESS_CONFLICT1, ENOTUNIQ},
{NT_STATUS_IP_ADDRESS_CONFLICT2, ENOTUNIQ},
#endif
{NT_STATUS_PORT_MESSAGE_TOO_LONG, EMSGSIZE},
{NT_STATUS_PROTOCOL_UNREACHABLE, ENOPROTOOPT},
{NT_STATUS_ADDRESS_ALREADY_EXISTS, EADDRINUSE},
{NT_STATUS_PORT_UNREACHABLE, EHOSTUNREACH},
{NT_STATUS_IO_TIMEOUT, ETIMEDOUT},
{NT_STATUS_RETRY, EAGAIN},
#ifdef ENOTUNIQ
{NT_STATUS_DUPLICATE_NAME, ENOTUNIQ},
#endif
#ifdef ECOMM
{NT_STATUS_NET_WRITE_FAULT, ECOMM},
#endif
#ifdef EXDEV
{NT_STATUS_NOT_SAME_DEVICE, EXDEV},
#endif
{NT_STATUS(0), 0}
};
/****************************************************************************
The following mappings need tidying up and moving into libsmb/errormap.c...
****************************************************************************/
static int cli_errno_from_nt(NTSTATUS status)
{
int i;
DEBUG(10,("cli_errno_from_nt: 32 bit codes: code=%08x\n", NT_STATUS_V(status)));
/* Status codes without this bit set are not errors */
if (!(NT_STATUS_V(status) & 0xc0000000)) {
return 0;
}
for (i=0;nt_errno_map[i].error;i++) {
if (NT_STATUS_V(nt_errno_map[i].status) ==
NT_STATUS_V(status)) return nt_errno_map[i].error;
}
/* for all other cases - a default code */
return EINVAL;
}
/* Return a UNIX errno appropriate for the error received in the last
packet. */
@ -382,7 +246,7 @@ int cli_errno(struct cli_state *cli)
if (cli_is_nt_error(cli)) {
status = cli_nt_error(cli);
return cli_errno_from_nt(status);
return map_errno_from_nt_status(status);
}
if (cli_is_dos_error(cli)) {
@ -391,7 +255,7 @@ int cli_errno(struct cli_state *cli)
cli_dos_error(cli, &eclass, &ecode);
status = dos_to_ntstatus(eclass, ecode);
return cli_errno_from_nt(status);
return map_errno_from_nt_status(status);
}
/*

50
source3/libsmb/cliquota.c
View File

@ -2,17 +2,17 @@
Unix SMB/CIFS implementation.
client quota functions
Copyright (C) Stefan (metze) Metzmacher 2003
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@ -25,7 +25,7 @@ bool cli_get_quota_handle(struct cli_state *cli, int *quota_fnum)
0x00000016, DESIRED_ACCESS_PIPE,
0x00000000, FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN, 0x00000000, 0x03);
if (*quota_fnum == (-1)) {
return False;
}
@ -37,7 +37,7 @@ void free_ntquota_list(SMB_NTQUOTA_LIST **qt_list)
{
if (!qt_list)
return;
if ((*qt_list)->mem_ctx)
talloc_destroy((*qt_list)->mem_ctx);
@ -60,7 +60,7 @@ static bool parse_user_quota_record(const char *rdata, unsigned int rdata_count,
if (rdata_count < 40) {
return False;
}
/* offset to next quota record.
* 4 bytes IVAL(rdata,0)
* unused here...
@ -116,7 +116,7 @@ static bool parse_user_quota_record(const char *rdata, unsigned int rdata_count,
return False;
}
#endif /* LARGE_SMB_OFF_T */
sid_parse(rdata+40,sid_len,&qt.sid);
qt.qtype = SMB_USER_QUOTA_TYPE;
@ -149,13 +149,13 @@ bool cli_get_user_quota(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_STRUC
SIVAL(params, 4,0x00000024);
SIVAL(params, 8,0x00000000);
SIVAL(params,12,0x00000024);
sid_len = ndr_size_dom_sid(&pqt->sid, 0);
data_len = sid_len+8;
SIVAL(data, 0, 0x00000000);
SIVAL(data, 4, sid_len);
sid_linearize(data+8, sid_len, &pqt->sid);
if (!cli_send_nt_trans(cli,
NT_TRANSACT_GET_USER_QUOTA,
0,
@ -204,7 +204,7 @@ bool cli_set_user_quota(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_STRUC
unsigned int rparam_count=0, rdata_count=0;
unsigned int sid_len;
memset(data,'\0',112);
if (!cli||!pqt) {
smb_panic("cli_set_user_quota() called with NULL Pointer!");
}
@ -221,7 +221,7 @@ bool cli_set_user_quota(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_STRUC
SBIG_UINT(data,24,pqt->softlim);
SBIG_UINT(data,32,pqt->hardlim);
sid_linearize(data+40, sid_len, &pqt->sid);
if (!cli_send_nt_trans(cli,
NT_TRANSACT_SET_USER_QUOTA,
0,
@ -278,7 +278,7 @@ bool cli_list_user_quota(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_LIST
SIVAL(params, 4,0x00000000);
SIVAL(params, 8,0x00000000);
SIVAL(params,12,0x00000000);
if (!cli_send_nt_trans(cli,
NT_TRANSACT_GET_USER_QUOTA,
0,
@ -353,7 +353,7 @@ bool cli_list_user_quota(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_LIST
DEBUG(1,("Failed to send NT_TRANSACT_GET_USER_QUOTA\n"));
goto cleanup;
}
SAFE_FREE(rparam);
SAFE_FREE(rdata);
if (!cli_receive_nt_trans(cli,
@ -369,7 +369,7 @@ bool cli_list_user_quota(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_LIST
} else {
ret = True;
}
if (rdata_count == 0) {
break;
}
@ -389,26 +389,26 @@ bool cli_list_user_quota(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_LIST
talloc_destroy(mem_ctx);
goto cleanup;
}
if ((tmp_list_ent->quotas=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_STRUCT))==NULL) {
DEBUG(0,("TALLOC_ZERO() failed\n"));
talloc_destroy(mem_ctx);
goto cleanup;
}
memcpy(tmp_list_ent->quotas,&qt,sizeof(qt));
tmp_list_ent->mem_ctx = mem_ctx;
DLIST_ADD((*pqt_list),tmp_list_ent);
}
}
ret = True;
cleanup:
SAFE_FREE(rparam);
SAFE_FREE(rdata);
return ret;
}
@ -427,9 +427,9 @@ bool cli_get_fs_quota_info(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_ST
}
setup = TRANSACT2_QFSINFO;
SSVAL(param,0,SMB_FS_QUOTA_INFORMATION);
if (!cli_send_trans(cli, SMBtrans2,
NULL,
0, 0,
@ -438,7 +438,7 @@ bool cli_get_fs_quota_info(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_ST
NULL, 0, 560)) {
goto cleanup;
}
if (!cli_receive_trans(cli, SMBtrans2,
&rparam, &rparam_count,
&rdata, &rdata_count)) {
@ -455,7 +455,7 @@ bool cli_get_fs_quota_info(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_ST
if (rdata_count < 48) {
goto cleanup;
}
/* unknown_1 24 NULL bytes in pdata*/
/* the soft quotas 8 bytes (SMB_BIG_UINT)*/
@ -541,7 +541,7 @@ bool cli_set_fs_quota_info(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_ST
data, 48, 0)) {
goto cleanup;
}
if (!cli_receive_trans(cli, SMBtrans2,
&rparam, &rparam_count,
&rdata, &rdata_count)) {
@ -604,7 +604,7 @@ void dump_ntquota(SMB_NTQUOTA_STRUCT *qt, bool _verbose, bool _numeric, void (*_
case SMB_USER_QUOTA_TYPE:
{
fstring username_str = {0};
if (_sidtostring) {
_sidtostring(username_str,&qt->sid,_numeric);
} else {

210
source3/libsmb/dsgetdcname.c
View File

@ -35,7 +35,7 @@ struct ip_service_name {
static NTSTATUS make_dc_info_from_cldap_reply(TALLOC_CTX *mem_ctx,
uint32_t flags,
struct sockaddr_storage *ss,
struct netlogon_samlogon_response *r,
struct NETLOGON_SAM_LOGON_RESPONSE_EX *r,
struct netr_DsRGetDCNameInfo **info);
/****************************************************************
@ -200,7 +200,7 @@ static NTSTATUS store_cldap_reply(TALLOC_CTX *mem_ctx,
/* FIXME */
r->sockaddr_size = 0x10; /* the w32 winsock addr size */
r->sockaddr.sa_family = 2; /* AF_INET */
r->sockaddr.sockaddr_family = 2; /* AF_INET */
r->sockaddr.pdc_ip = talloc_strdup(mem_ctx, addr);
ndr_err = ndr_push_struct_blob(&blob, mem_ctx, NULL, r,
@ -228,6 +228,8 @@ static NTSTATUS store_cldap_reply(TALLOC_CTX *mem_ctx,
}
}
status = NT_STATUS_OK;
done:
data_blob_free(&blob);
@ -272,12 +274,12 @@ static uint32_t get_cldap_reply_server_flags(struct netlogon_samlogon_response *
case 3:
case 18:
case 19:
return r->nt5.server_type;
return r->data.nt5.server_type;
case 4:
case 5:
case 6:
case 7:
return r->nt5_ex.server_type;
return r->data.nt5_ex.server_type;
case 8:
case 9:
case 10:
@ -286,7 +288,7 @@ static uint32_t get_cldap_reply_server_flags(struct netlogon_samlogon_response *
case 13:
case 14:
case 15:
return r->nt5_ex.server_type;
return r->data.nt5_ex.server_type;
case 20:
case 21:
case 22:
@ -296,11 +298,11 @@ static uint32_t get_cldap_reply_server_flags(struct netlogon_samlogon_response *
case 26:
case 27:
case 28:
return r->nt5_ex.server_type;
return r->data.nt5_ex.server_type;
case 29:
case 30:
case 31:
return r->nt5_ex.server_type;
return r->data.nt5_ex.server_type;
default:
return 0;
}
@ -358,7 +360,6 @@ static NTSTATUS dsgetdcname_cache_fetch(TALLOC_CTX *mem_ctx,
DATA_BLOB blob;
enum ndr_err_code ndr_err;
struct netr_DsRGetDCNameInfo *info;
struct netlogon_samlogon_response p;
struct NETLOGON_SAM_LOGON_RESPONSE_EX r;
NTSTATUS status;
@ -389,10 +390,8 @@ static NTSTATUS dsgetdcname_cache_fetch(TALLOC_CTX *mem_ctx,
return ndr_map_error2ntstatus(ndr_err);
}
p.nt5_ex = r;
status = make_dc_info_from_cldap_reply(mem_ctx, flags, NULL,
&p, &info);
&r, &info);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@ -787,7 +786,7 @@ static void map_dc_and_domain_names(uint32_t flags,
static NTSTATUS make_dc_info_from_cldap_reply(TALLOC_CTX *mem_ctx,
uint32_t flags,
struct sockaddr_storage *ss,
struct netlogon_samlogon_response *r,
struct NETLOGON_SAM_LOGON_RESPONSE_EX *r,
struct netr_DsRGetDCNameInfo **info)
{
const char *dc_hostname = NULL;
@ -808,164 +807,29 @@ static NTSTATUS make_dc_info_from_cldap_reply(TALLOC_CTX *mem_ctx,
dc_address_type = DS_ADDRESS_TYPE_INET;
}
switch (r->ntver & 0x0000001f) {
case 0:
case 1:
case 16:
case 17:
if (!ss) {
dc_address = r->nt4.server;
dc_address_type = DS_ADDRESS_TYPE_NETBIOS;
}
map_dc_and_domain_names(flags,
r->nt4.server,
r->nt4.domain,
NULL,
NULL,
&dc_flags,
&dc_hostname,
&dc_domain_name);
if (flags & DS_PDC_REQUIRED) {
dc_flags = NBT_SERVER_WRITABLE | NBT_SERVER_PDC;
}
break;
case 2:
case 3:
case 18:
case 19:
if (!ss) {
dc_address = r->nt5.pdc_ip;
dc_address_type = DS_ADDRESS_TYPE_INET;
}
map_dc_and_domain_names(flags,
r->nt5.pdc_name,
r->nt5.domain_name,
r->nt5.pdc_dns_name,
r->nt5.dns_domain,
&dc_flags,
&dc_hostname,
&dc_domain_name);
dc_flags |= r->nt5.server_type;
dc_forest = r->nt5.forest;
dc_domain_guid = &r->nt5.domain_uuid;
break;
case 4:
case 5:
case 6:
case 7:
if (!ss) {
dc_address = r->nt5_ex.pdc_name;
dc_address_type = DS_ADDRESS_TYPE_NETBIOS;
}
map_dc_and_domain_names(flags,
r->nt5_ex.pdc_name,
r->nt5_ex.domain,
r->nt5_ex.pdc_dns_name,
r->nt5_ex.dns_domain,
&dc_flags,
&dc_hostname,
&dc_domain_name);
dc_flags |= r->nt5_ex.server_type;
dc_forest = r->nt5_ex.forest;
dc_domain_guid = &r->nt5_ex.domain_uuid;
dc_server_site = r->nt5_ex.server_site;
dc_client_site = r->nt5_ex.client_site;
break;
case 8:
case 9:
case 10:
case 11:
case 12:
case 13:
case 14:
case 15:
if (!ss) {
dc_address = r->nt5_ex.sockaddr.pdc_ip;
dc_address_type = DS_ADDRESS_TYPE_INET;
}
map_dc_and_domain_names(flags,
r->nt5_ex.pdc_name,
r->nt5_ex.domain,
r->nt5_ex.pdc_dns_name,
r->nt5_ex.dns_domain,
&dc_flags,
&dc_hostname,
&dc_domain_name);
dc_flags |= r->nt5_ex.server_type;
dc_forest = r->nt5_ex.forest;
dc_domain_guid = &r->nt5_ex.domain_uuid;
dc_server_site = r->nt5_ex.server_site;
dc_client_site = r->nt5_ex.client_site;
break;
case 20:
case 21:
case 22:
case 23:
case 24:
case 25:
case 26:
case 27:
case 28:
if (!ss) {
dc_address = r->nt5_ex.pdc_name;
dc_address_type = DS_ADDRESS_TYPE_NETBIOS;
}
map_dc_and_domain_names(flags,
r->nt5_ex.pdc_name,
r->nt5_ex.domain,
r->nt5_ex.pdc_dns_name,
r->nt5_ex.dns_domain,
&dc_flags,
&dc_hostname,
&dc_domain_name);
dc_flags |= r->nt5_ex.server_type;
dc_forest = r->nt5_ex.forest;
dc_domain_guid = &r->nt5_ex.domain_uuid;
dc_server_site = r->nt5_ex.server_site;
dc_client_site = r->nt5_ex.client_site;
break;
case 29:
case 30:
case 31:
if (!ss) {
dc_address = r->nt5_ex.sockaddr.pdc_ip;
dc_address_type = DS_ADDRESS_TYPE_INET;
}
map_dc_and_domain_names(flags,
r->nt5_ex.pdc_name,
r->nt5_ex.domain,
r->nt5_ex.pdc_dns_name,
r->nt5_ex.dns_domain,
&dc_flags,
&dc_hostname,
&dc_domain_name);
dc_flags |= r->nt5_ex.server_type;
dc_forest = r->nt5_ex.forest;
dc_domain_guid = &r->nt5_ex.domain_uuid;
dc_server_site = r->nt5_ex.server_site;
dc_client_site = r->nt5_ex.client_site;
break;
default:
return NT_STATUS_INVALID_PARAMETER;
if (!ss && r->sockaddr.pdc_ip) {
dc_address = r->sockaddr.pdc_ip;
dc_address_type = DS_ADDRESS_TYPE_INET;
} else {
dc_address = r->pdc_name;
dc_address_type = DS_ADDRESS_TYPE_NETBIOS;
}
map_dc_and_domain_names(flags,
r->pdc_name,
r->domain,
r->pdc_dns_name,
r->dns_domain,
&dc_flags,
&dc_hostname,
&dc_domain_name);
dc_flags |= r->server_type;
dc_forest = r->forest;
dc_domain_guid = &r->domain_uuid;
dc_server_site = r->server_site;
dc_client_site = r->client_site;
return make_domain_controller_info(mem_ctx,
dc_hostname,
dc_address,
@ -1051,10 +915,10 @@ static NTSTATUS process_dc_dns(TALLOC_CTX *mem_ctx,
}
status = make_dc_info_from_cldap_reply(mem_ctx, flags, &dclist[i].ss,
r, info);
&r->data.nt5_ex, info);
if (NT_STATUS_IS_OK(status)) {
return store_cldap_reply(mem_ctx, flags, &dclist[i].ss,
nt_version, &r->nt5_ex);
nt_version, &r->data.nt5_ex);
}
return status;
@ -1173,7 +1037,7 @@ static NTSTATUS process_dc_netbios(TALLOC_CTX *mem_ctx,
logon1.domain = talloc_strdup_upper(mem_ctx, domain_name);
NT_STATUS_HAVE_NO_MEMORY(logon1.domain);
r->nt4 = logon1;
r->data.nt4 = logon1;
r->ntver = nt_version;
namecache_store(tmp_dc_name, NBT_NAME_SERVER, 1, &ip_list);
@ -1187,10 +1051,10 @@ static NTSTATUS process_dc_netbios(TALLOC_CTX *mem_ctx,
make_reply:
status = make_dc_info_from_cldap_reply(mem_ctx, flags, &dclist[i].ss,
r, info);
&r->data.nt5_ex, info);
if (NT_STATUS_IS_OK(status) && store_cache) {
return store_cldap_reply(mem_ctx, flags, &dclist[i].ss,
nt_version, &r->nt5_ex);
nt_version, &r->data.nt5_ex);
}
return status;

2
source3/libsmb/libsmb_xattr.c
View File

@ -266,7 +266,7 @@ parse_ace(struct cli_state *ipc_cli,
unsigned int aflags;
unsigned int amask;
DOM_SID sid;
SEC_ACCESS mask;
uint32_t mask;
const struct perm_value *v;
struct perm_value {
const char *perm;

19
source3/m4/check_path.m4
View File

@ -18,6 +18,7 @@ AC_PREFIX_DEFAULT(/usr/local/samba)
rootsbindir="\${SBINDIR}"
lockdir="\${VARDIR}/locks"
piddir="\${VARDIR}/locks"
ncalrpcdir="\${VARDIR}/ncalrpc"
test "${mandir}" || mandir="\${prefix}/man"
logfilebase="\${VARDIR}"
privatedir="\${prefix}/private"
@ -46,6 +47,7 @@ AC_ARG_WITH(fhs,
codepagedir="\${MODULESDIR}"
statedir="\${VARDIR}/lib/samba"
cachedir="\${VARDIR}/lib/samba"
ncalrpcdir="\${VARDIR}/ncalrpc"
AC_DEFINE(FHS_COMPATIBLE, 1, [Whether to use fully FHS-compatible paths])
;;
esac])
@ -114,6 +116,22 @@ AC_ARG_WITH(piddir,
;;
esac])
#################################################
# set ncalrpc directory location
AC_ARG_WITH(ncalprcdir,
[AS_HELP_STRING([--with-ncalprcdir=DIR], [Where to put ncalrpc sockets ($ac_default_prefix/var/ncalrpc)])],
[ case "$withval" in
yes|no)
#
# Just in case anybody calls it without argument
#
AC_MSG_WARN([--with-ncalrpcdir called without argument - will use default])
;;
* )
ncalrpcdir="$withval"
;;
esac])
#################################################
# set SWAT directory location
AC_ARG_WITH(swatdir,
@ -227,6 +245,7 @@ AC_ARG_WITH(mandir,
AC_SUBST(configdir)
AC_SUBST(lockdir)
AC_SUBST(piddir)
AC_SUBST(ncalrpcdir)
AC_SUBST(logfilebase)
AC_SUBST(ctdbdir)
AC_SUBST(privatedir)

14
source3/modules/nfs4_acls.c
View File

@ -44,10 +44,6 @@ typedef struct _SMB_ACL4_INT_T
SMB_ACE4_INT_T *last;
} SMB_ACL4_INT_T;
extern int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid);
extern NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp,
uint32 security_info_sent, SEC_DESC *psd);
static SMB_ACL4_INT_T *get_validated_aclint(SMB4ACL_T *acl)
{
SMB_ACL4_INT_T *aclint = (SMB_ACL4_INT_T *)acl;
@ -225,7 +221,7 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T *acl, /* in */
}
for (aceint=aclint->first; aceint!=NULL; aceint=(SMB_ACE4_INT_T *)aceint->next) {
SEC_ACCESS mask;
uint32_t mask;
DOM_SID sid;
SMB_ACE4PROP_T *ace = &aceint->prop;
@ -260,7 +256,7 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T *acl, /* in */
DEBUG(10, ("mapped %d to %s\n", ace->who.id,
sid_string_dbg(&sid)));
init_sec_access(&mask, ace->aceMask);
mask = ace->aceMask;
init_sec_ace(&nt_ace_list[good_aces++], &sid,
ace->aceType, mask,
ace->aceFlags & 0xf);
@ -518,7 +514,7 @@ static bool smbacl4_fill_ace4(
smbacl4_vfs_params *params,
uid_t ownerUID,
gid_t ownerGID,
SEC_ACE *ace_nt, /* input */
const SEC_ACE *ace_nt, /* input */
SMB_ACE4PROP_T *ace_v4 /* output */
)
{
@ -650,7 +646,7 @@ static int smbacl4_MergeIgnoreReject(
static SMB4ACL_T *smbacl4_win2nfs4(
const char *filename,
SEC_ACL *dacl,
const SEC_ACL *dacl,
smbacl4_vfs_params *pparams,
uid_t ownerUID,
gid_t ownerGID
@ -694,7 +690,7 @@ static SMB4ACL_T *smbacl4_win2nfs4(
NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp,
uint32 security_info_sent,
SEC_DESC *psd,
const SEC_DESC *psd,
set_nfs4acl_native_fn_t set_nfs4_native)
{
smbacl4_vfs_params params;

84
source3/modules/vfs_acl_xattr.c
View File

@ -89,7 +89,7 @@ static NTSTATUS get_acl_blob(TALLOC_CTX *ctx,
uint8_t *val = NULL;
uint8_t *tmp;
ssize_t sizeret;
int saved_errno;
int saved_errno = 0;
ZERO_STRUCTP(pblob);
@ -133,26 +133,6 @@ static NTSTATUS get_acl_blob(TALLOC_CTX *ctx,
return NT_STATUS_OK;
}
static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t mode)
{
return SMB_VFS_NEXT_MKDIR(handle, path, mode);
}
static int rmdir_acl_xattr(vfs_handle_struct *handle, const char *path)
{
return SMB_VFS_NEXT_RMDIR(handle, path);
}
static int open_acl_xattr(vfs_handle_struct *handle, const char *fname, files_struct *fsp, int flags, mode_t mode)
{
return SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode);
}
static int unlink_acl_xattr(vfs_handle_struct *handle, const char *fname)
{
return SMB_VFS_NEXT_UNLINK(handle, fname);
}
static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle,
files_struct *fsp,
const char *name,
@ -198,6 +178,42 @@ static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle,
return status;
}
static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t mode)
{
return SMB_VFS_NEXT_MKDIR(handle, path, mode);
}
/*********************************************************************
* Currently this only works for existing files. Need to work on
* inheritance for new files.
*********************************************************************/
static int open_acl_xattr(vfs_handle_struct *handle, const char *fname, files_struct *fsp, int flags, mode_t mode)
{
uint32_t access_granted = 0;
SEC_DESC *pdesc = NULL;
NTSTATUS status = get_nt_acl_xattr_internal(handle,
NULL,
fname,
(OWNER_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION),
&pdesc);
if (NT_STATUS_IS_OK(status)) {
/* See if we can access it. */
if (!se_access_check(pdesc,
handle->conn->server_info->ptok,
fsp->access_mask,
&access_granted,
&status)) {
errno = map_errno_from_nt_status(status);
return -1;
}
}
return SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode);
}
static NTSTATUS fget_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info, SEC_DESC **ppdesc)
{
@ -222,7 +238,7 @@ static NTSTATUS get_nt_acl_xattr(vfs_handle_struct *handle,
security_info, ppdesc);
}
static NTSTATUS create_acl_blob(SEC_DESC *psd, DATA_BLOB *pblob)
static NTSTATUS create_acl_blob(const SEC_DESC *psd, DATA_BLOB *pblob)
{
struct xattr_NTACL xacl;
struct security_descriptor_timestamp sd_ts;
@ -241,7 +257,7 @@ static NTSTATUS create_acl_blob(SEC_DESC *psd, DATA_BLOB *pblob)
xacl.version = 2;
xacl.info.sd_ts = &sd_ts;
xacl.info.sd_ts->sd = psd;
xacl.info.sd_ts->sd = CONST_DISCARD(SEC_DESC *, psd);
unix_timespec_to_nt_time(&xacl.info.sd_ts->last_changed, curr);
ndr_err = ndr_push_struct_blob(
@ -261,7 +277,7 @@ static NTSTATUS store_acl_blob(files_struct *fsp,
DATA_BLOB *pblob)
{
int ret;
int saved_errno;
int saved_errno = 0;
DEBUG(10,("store_acl_blob: storing blob length %u on file %s\n",
(unsigned int)pblob->length, fsp->fsp_name));
@ -291,7 +307,7 @@ static NTSTATUS store_acl_blob(files_struct *fsp,
}
static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info_sent, SEC_DESC *psd)
uint32 security_info_sent, const SEC_DESC *psd)
{
NTSTATUS status;
DATA_BLOB blob;
@ -301,6 +317,22 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
return status;
}
if ((security_info_sent & DACL_SECURITY_INFORMATION) &&
psd->dacl != NULL &&
(psd->type & (SE_DESC_DACL_AUTO_INHERITED|
SE_DESC_DACL_AUTO_INHERIT_REQ))==
(SE_DESC_DACL_AUTO_INHERITED|
SE_DESC_DACL_AUTO_INHERIT_REQ) ) {
SEC_DESC *new_psd = NULL;
status = append_parent_acl(fsp, psd, &new_psd);
if (!NT_STATUS_IS_OK(status)) {
/* Lower level acl set succeeded,
* so still return OK. */
return NT_STATUS_OK;
}
psd = new_psd;
}
create_acl_blob(psd, &blob);
store_acl_blob(fsp, &blob);
@ -312,9 +344,7 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
static vfs_op_tuple skel_op_tuples[] =
{
{SMB_VFS_OP(mkdir_acl_xattr), SMB_VFS_OP_MKDIR, SMB_VFS_LAYER_TRANSPARENT},
{SMB_VFS_OP(rmdir_acl_xattr), SMB_VFS_OP_RMDIR, SMB_VFS_LAYER_TRANSPARENT},
{SMB_VFS_OP(open_acl_xattr), SMB_VFS_OP_OPEN, SMB_VFS_LAYER_TRANSPARENT},
{SMB_VFS_OP(unlink_acl_xattr),SMB_VFS_OP_UNLINK,SMB_VFS_LAYER_TRANSPARENT},
/* NT File ACL operations */

16
source3/modules/vfs_afsacl.c
View File

@ -592,7 +592,6 @@ static size_t afs_to_nt_acl_common(struct afs_acl *afs_acl,
{
SEC_ACE *nt_ace_list;
DOM_SID owner_sid, group_sid;
SEC_ACCESS mask;
SEC_ACL *psa = NULL;
int good_aces;
size_t sd_size;
@ -616,7 +615,7 @@ static size_t afs_to_nt_acl_common(struct afs_acl *afs_acl,
good_aces = 0;
while (afs_ace != NULL) {
uint32 nt_rights;
uint32_t nt_rights;
uint8 flag = SEC_ACE_FLAG_OBJECT_INHERIT |
SEC_ACE_FLAG_CONTAINER_INHERIT;
@ -633,9 +632,8 @@ static size_t afs_to_nt_acl_common(struct afs_acl *afs_acl,
else
nt_rights = afs_to_nt_file_rights(afs_ace->rights);
init_sec_access(&mask, nt_rights);
init_sec_ace(&nt_ace_list[good_aces++], &(afs_ace->sid),
SEC_ACE_TYPE_ACCESS_ALLOWED, mask, flag);
SEC_ACE_TYPE_ACCESS_ALLOWED, nt_rights, flag);
afs_ace = afs_ace->next;
}
@ -717,12 +715,12 @@ static bool mappable_sid(const DOM_SID *sid)
static bool nt_to_afs_acl(const char *filename,
uint32 security_info_sent,
struct security_descriptor *psd,
const struct security_descriptor *psd,
uint32 (*nt_to_afs_rights)(const char *filename,
const SEC_ACE *ace),
struct afs_acl *afs_acl)
{
SEC_ACL *dacl;
const SEC_ACL *dacl;
int i;
/* Currently we *only* look at the dacl */
@ -737,7 +735,7 @@ static bool nt_to_afs_acl(const char *filename,
dacl = psd->dacl;
for (i = 0; i < dacl->num_aces; i++) {
SEC_ACE *ace = &(dacl->aces[i]);
const SEC_ACE *ace = &(dacl->aces[i]);
const char *dom_name, *name;
enum lsa_SidType name_type;
char *p;
@ -887,7 +885,7 @@ static void merge_unknown_aces(struct afs_acl *src, struct afs_acl *dst)
static NTSTATUS afs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info_sent,
struct security_descriptor *psd)
const struct security_descriptor *psd)
{
struct afs_acl old_afs_acl, new_afs_acl;
struct afs_acl dir_acl, file_acl;
@ -1040,7 +1038,7 @@ static NTSTATUS afsacl_get_nt_acl(struct vfs_handle_struct *handle,
NTSTATUS afsacl_fset_nt_acl(vfs_handle_struct *handle,
files_struct *fsp,
uint32 security_info_sent,
SEC_DESC *psd)
const SEC_DESC *psd)
{
return afs_set_nt_acl(handle, fsp, security_info_sent, psd);
}

4
source3/modules/vfs_aixacl2.c
View File

@ -371,7 +371,7 @@ static bool aixjfs2_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl)
return True;
}
static NTSTATUS aixjfs2_set_nt_acl_common(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
static NTSTATUS aixjfs2_set_nt_acl_common(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd)
{
acl_type_t acl_type_info;
NTSTATUS result = NT_STATUS_ACCESS_DENIED;
@ -395,7 +395,7 @@ static NTSTATUS aixjfs2_set_nt_acl_common(files_struct *fsp, uint32 security_inf
return result;
}
NTSTATUS aixjfs2_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
NTSTATUS aixjfs2_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd)
{
return aixjfs2_set_nt_acl_common(fsp, security_info_sent, psd);
}

2
source3/modules/vfs_default.c
View File

@ -1036,7 +1036,7 @@ static NTSTATUS vfswrap_get_nt_acl(vfs_handle_struct *handle,
return result;
}
static NTSTATUS vfswrap_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
static NTSTATUS vfswrap_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd)
{
NTSTATUS result;

4
source3/modules/vfs_full_audit.c
View File

@ -202,7 +202,7 @@ static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
SEC_DESC **ppdesc);
static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info_sent,
SEC_DESC *psd);
const SEC_DESC *psd);
static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
const char *path, mode_t mode);
static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
@ -1582,7 +1582,7 @@ static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info_sent,
SEC_DESC *psd)
const SEC_DESC *psd)
{
NTSTATUS result;

10
source3/modules/vfs_gpfs.c
View File

@ -179,7 +179,7 @@ static int gpfs_get_nfs4_acl(const char *fname, SMB4ACL_T **ppacl)
"who: %d\n", gace->aceType, gace->aceIFlags,
gace->aceFlags, gace->aceMask, gace->aceWho));
memset(&smbace, 0, sizeof(SMB4ACE_T));
ZERO_STRUCT(smbace);
if (gace->aceIFlags & ACE4_IFLAG_SPECIAL_ID) {
smbace.flags |= SMB_ACE4_ID_SPECIAL;
switch (gace->aceWho) {
@ -365,7 +365,7 @@ static bool gpfsacl_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl)
return True;
}
static NTSTATUS gpfsacl_set_nt_acl_internal(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
static NTSTATUS gpfsacl_set_nt_acl_internal(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd)
{
struct gpfs_acl *acl;
NTSTATUS result = NT_STATUS_ACCESS_DENIED;
@ -386,7 +386,7 @@ static NTSTATUS gpfsacl_set_nt_acl_internal(files_struct *fsp, uint32 security_i
return result;
}
static NTSTATUS gpfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
static NTSTATUS gpfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd)
{
return gpfsacl_set_nt_acl_internal(fsp, security_info_sent, psd);
}
@ -739,7 +739,7 @@ static int gpfsacl_emu_chmod(const char *path, mode_t mode)
if (haveAllowEntry[i]==True)
continue;
memset(&ace, 0, sizeof(SMB_ACE4PROP_T));
ZERO_STRUCT(ace);
ace.aceType = SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE;
ace.flags |= SMB_ACE4_ID_SPECIAL;
ace.who.special_id = i;
@ -761,7 +761,7 @@ static int gpfsacl_emu_chmod(const char *path, mode_t mode)
}
/* don't add complementary DENY ACEs here */
memset(&fake_fsp, 0, sizeof(struct files_struct));
ZERO_STRUCT(fake_fsp);
fake_fsp.fsp_name = (char *)path; /* no file_new is needed here */
/* put the acl */

406
source3/modules/vfs_smb_traffic_analyzer.c Normal file
View File

@ -0,0 +1,406 @@
/*
* traffic-analyzer VFS module. Measure the smb traffic users create
* on the net.
*
* Copyright (C) Holger Hetterich, 2008
* Copyright (C) Jeremy Allison, 2008
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
/* abstraction for the send_over_network function */
enum sock_type {INTERNET_SOCKET = 0, UNIX_DOMAIN_SOCKET};
#define LOCAL_PATHNAME "/var/tmp/stadsocket"
static int vfs_smb_traffic_analyzer_debug_level = DBGC_VFS;
static enum sock_type smb_traffic_analyzer_connMode(vfs_handle_struct *handle)
{
connection_struct *conn = handle->conn;
const char *Mode;
Mode=lp_parm_const_string(SNUM(conn), "smb_traffic_analyzer","mode", \
"internet_socket");
if (strstr(Mode,"unix_domain_socket")) {
return UNIX_DOMAIN_SOCKET;
} else {
return INTERNET_SOCKET;
}
}
/* Connect to an internet socket */
static int smb_traffic_analyzer_connect_inet_socket(vfs_handle_struct *handle,
const char *name, uint16_t port)
{
/* Create a streaming Socket */
int sockfd = -1;
struct addrinfo hints;
struct addrinfo *ailist = NULL;
struct addrinfo *res = NULL;
int ret;
ZERO_STRUCT(hints);
/* By default make sure it supports TCP. */
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = AI_ADDRCONFIG;
ret = getaddrinfo(name,
NULL,
&hints,
&ailist);
if (ret) {
DEBUG(3,("smb_traffic_analyzer_connect_inet_socket: "
"getaddrinfo failed for name %s [%s]\n",
name,
gai_strerror(ret) ));
return -1;
}
DEBUG(3,("smb_traffic_analyzer: Internet socket mode. Hostname: %s,"
"Port: %i\n", name, port));
for (res = ailist; res; res = res->ai_next) {
struct sockaddr_storage ss;
if (!res->ai_addr || res->ai_addrlen == 0) {
continue;
}
ZERO_STRUCT(ss);
memcpy(&ss, res->ai_addr, res->ai_addrlen);
sockfd = open_socket_out(SOCK_STREAM, &ss, port, 10000);
if (sockfd != -1) {
break;
}
}
if (ailist) {
freeaddrinfo(ailist);
}
if (sockfd == -1) {
DEBUG(1, ("smb_traffic_analyzer: unable to create "
"socket, error is %s",
strerror(errno)));
return -1;
}
return sockfd;
}
/* Connect to a unix domain socket */
static int smb_traffic_analyzer_connect_unix_socket(vfs_handle_struct *handle,
const char *name)
{
/* Create the socket to stad */
int len, sock;
struct sockaddr_un remote;
DEBUG(7, ("smb_traffic_analyzer_connect_unix_socket: "
"Unix domain socket mode. Using %s\n",
name ));
if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
DEBUG(1, ("smb_traffic_analyzer_connect_unix_socket: "
"Couldn't create socket, "
"make sure stad is running!\n"));
}
remote.sun_family = AF_UNIX;
strlcpy(remote.sun_path, name,
sizeof(remote.sun_path));
len=strlen(remote.sun_path) + sizeof(remote.sun_family);
if (connect(sock, (struct sockaddr *)&remote, len) == -1 ) {
DEBUG(1, ("smb_traffic_analyzer_connect_unix_socket: "
"Could not connect to "
"socket, make sure\nstad is running!\n"));
close(sock);
return -1;
}
return sock;
}
/* Private data allowing shared connection sockets. */
struct refcounted_sock {
struct refcounted_sock *next, *prev;
char *name;
uint16_t port;
int sock;
unsigned int ref_count;
};
/* Send data over a socket */
static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle,
ssize_t result,
const char *file_name,
bool Write)
{
struct refcounted_sock *rf_sock = NULL;
struct timeval tv;
time_t tv_sec;
struct tm *tm = NULL;
int seconds;
char *str = NULL;
size_t len;
SMB_VFS_HANDLE_GET_DATA(handle, rf_sock, struct refcounted_sock, return);
if (rf_sock == NULL || rf_sock->sock == -1) {
DEBUG(1, ("smb_traffic_analyzer_send_data: socket is "
"closed\n"));
return;
}
GetTimeOfDay(&tv);
tv_sec = convert_timespec_to_time_t(convert_timeval_to_timespec(tv));
tm = localtime(&tv_sec);
if (!tm) {
return;
}
seconds=(float) (tv.tv_usec / 1000);
str = talloc_asprintf(talloc_tos(),
"V1,%u,\"%s\",\"%s\",\"%c\",\"%s\",\"%s\","
"\"%04d-%02d-%02d %02d:%02d:%02d.%03d\"\n",
(unsigned int)result,
handle->conn->server_info->sanitized_username,
pdb_get_domain(handle->conn->server_info->sam_account),
Write ? 'W' : 'R',
handle->conn->connectpath,
file_name,
tm->tm_year+1900,
tm->tm_mon+1,
tm->tm_mday,
tm->tm_hour,
tm->tm_min,
tm->tm_sec,
(int)seconds);
if (!str) {
return;
}
len = strlen(str);
DEBUG(10, ("smb_traffic_analyzer_send_data_socket: sending %s\n",
str));
if (write_data(rf_sock->sock, str, len) != len) {
DEBUG(1, ("smb_traffic_analyzer_send_data_socket: "
"error sending data to socket!\n"));
return ;
}
}
static struct refcounted_sock *sock_list;
static void smb_traffic_analyzer_free_data(void **pptr)
{
struct refcounted_sock *rf_sock = *(struct refcounted_sock **)pptr;
if (rf_sock == NULL) {
return;
}
rf_sock->ref_count--;
if (rf_sock->ref_count != 0) {
return;
}
if (rf_sock->sock != -1) {
close(rf_sock->sock);
}
DLIST_REMOVE(sock_list, rf_sock);
TALLOC_FREE(rf_sock);
}
static int smb_traffic_analyzer_connect(struct vfs_handle_struct *handle,
const char *service,
const char *user)
{
connection_struct *conn = handle->conn;
enum sock_type st = smb_traffic_analyzer_connMode(handle);
struct refcounted_sock *rf_sock = NULL;
const char *name = (st == UNIX_DOMAIN_SOCKET) ? LOCAL_PATHNAME :
lp_parm_const_string(SNUM(conn),
"smb_traffic_analyzer",
"host", "localhost");
uint16_t port = (st == UNIX_DOMAIN_SOCKET) ? 0 :
atoi( lp_parm_const_string(SNUM(conn),
"smb_traffic_analyzer", "port", "9430"));
/* Are we already connected ? */
for (rf_sock = sock_list; rf_sock; rf_sock = rf_sock->next) {
if (port == rf_sock->port &&
(strcmp(name, rf_sock->name) == 0)) {
break;
}
}
/* If we're connected already, just increase the
* reference count. */
if (rf_sock) {
rf_sock->ref_count++;
} else {
/* New connection. */
rf_sock = TALLOC_ZERO_P(NULL, struct refcounted_sock);
if (rf_sock == NULL) {
errno = ENOMEM;
return -1;
}
rf_sock->name = talloc_strdup(rf_sock, name);
if (rf_sock->name == NULL) {
TALLOC_FREE(rf_sock);
errno = ENOMEM;
return -1;
}
rf_sock->port = port;
rf_sock->ref_count = 1;
if (st == UNIX_DOMAIN_SOCKET) {
rf_sock->sock = smb_traffic_analyzer_connect_unix_socket(handle,
name);
} else {
rf_sock->sock = smb_traffic_analyzer_connect_inet_socket(handle,
name,
port);
}
if (rf_sock->sock == -1) {
TALLOC_FREE(rf_sock);
return -1;
}
DLIST_ADD(sock_list, rf_sock);
}
/* Store the private data. */
SMB_VFS_HANDLE_SET_DATA(handle, rf_sock, smb_traffic_analyzer_free_data,
struct refcounted_sock, return -1);
return SMB_VFS_NEXT_CONNECT(handle, service, user);
}
/* VFS Functions: write, read, pread, pwrite for now */
static ssize_t smb_traffic_analyzer_read(vfs_handle_struct *handle, \
files_struct *fsp, void *data, size_t n)
{
ssize_t result;
result = SMB_VFS_NEXT_READ(handle, fsp, data, n);
DEBUG(10, ("smb_traffic_analyzer_read: READ: %s\n", fsp->fsp_name ));
smb_traffic_analyzer_send_data(handle,
result,
fsp->fsp_name,
false);
return result;
}
static ssize_t smb_traffic_analyzer_pread(vfs_handle_struct *handle, \
files_struct *fsp, void *data, size_t n, SMB_OFF_T offset)
{
ssize_t result;
result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
DEBUG(10, ("smb_traffic_analyzer_pread: PREAD: %s\n", fsp->fsp_name ));
smb_traffic_analyzer_send_data(handle,
result,
fsp->fsp_name,
false);
return result;
}
static ssize_t smb_traffic_analyzer_write(vfs_handle_struct *handle, \
files_struct *fsp, const void *data, size_t n)
{
ssize_t result;
result = SMB_VFS_NEXT_WRITE(handle, fsp, data, n);
DEBUG(10, ("smb_traffic_analyzer_write: WRITE: %s\n", fsp->fsp_name ));
smb_traffic_analyzer_send_data(handle,
result,
fsp->fsp_name,
true);
return result;
}
static ssize_t smb_traffic_analyzer_pwrite(vfs_handle_struct *handle, \
files_struct *fsp, const void *data, size_t n, SMB_OFF_T offset)
{
ssize_t result;
result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
DEBUG(10, ("smb_traffic_analyzer_pwrite: PWRITE: %s\n", fsp->fsp_name ));
smb_traffic_analyzer_send_data(handle,
result,
fsp->fsp_name,
true);
return result;
}
/* VFS operations we use */
static vfs_op_tuple smb_traffic_analyzer_tuples[] = {
{SMB_VFS_OP(smb_traffic_analyzer_connect), SMB_VFS_OP_CONNECT,
SMB_VFS_LAYER_LOGGER},
{SMB_VFS_OP(smb_traffic_analyzer_read), SMB_VFS_OP_READ,
SMB_VFS_LAYER_LOGGER},
{SMB_VFS_OP(smb_traffic_analyzer_pread), SMB_VFS_OP_PREAD,
SMB_VFS_LAYER_LOGGER},
{SMB_VFS_OP(smb_traffic_analyzer_write), SMB_VFS_OP_WRITE,
SMB_VFS_LAYER_LOGGER},
{SMB_VFS_OP(smb_traffic_analyzer_pwrite), SMB_VFS_OP_PWRITE,
SMB_VFS_LAYER_LOGGER},
{SMB_VFS_OP(NULL),SMB_VFS_OP_NOOP,SMB_VFS_LAYER_NOOP}
};
/* Module initialization */
NTSTATUS vfs_smb_traffic_analyzer_init(void)
{
NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, \
"smb_traffic_analyzer", smb_traffic_analyzer_tuples);
if (!NT_STATUS_IS_OK(ret)) {
return ret;
}
vfs_smb_traffic_analyzer_debug_level =
debug_add_class("smb_traffic_analyzer");
if (vfs_smb_traffic_analyzer_debug_level == -1) {
vfs_smb_traffic_analyzer_debug_level = DBGC_VFS;
DEBUG(1, ("smb_traffic_analyzer_init: Couldn't register custom"
"debugging class!\n"));
} else {
DEBUG(3, ("smb_traffic_analyzer_init: Debug class number of"
"'smb_traffic_analyzer': %d\n", \
vfs_smb_traffic_analyzer_debug_level));
}
return ret;
}

4
source3/modules/vfs_zfsacl.c
View File

@ -166,7 +166,7 @@ static bool zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl)
*/
static NTSTATUS zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info_sent,
struct security_descriptor *psd)
const struct security_descriptor *psd)
{
return smb_set_nt_acl_nfs4(fsp, security_info_sent, psd,
zfs_process_smbacl);
@ -207,7 +207,7 @@ static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle,
static NTSTATUS zfsacl_fset_nt_acl(vfs_handle_struct *handle,
files_struct *fsp,
uint32 security_info_sent,
SEC_DESC *psd)
const SEC_DESC *psd)
{
return zfs_set_nt_acl(handle, fsp, security_info_sent, psd);
}

30
source3/nmbd/nmbd_processlogon.c
View File

@ -178,7 +178,7 @@ logons are not enabled.\n", inet_ntoa(p->ip) ));
break;
}
case QUERYFORPDC:
case LOGON_PRIMARY_QUERY:
{
fstring mach_str, getdc_str;
fstring source_name;
@ -253,7 +253,7 @@ logons are not enabled.\n", inet_ntoa(p->ip) ));
/* Construct reply. */
q = outbuf;
SSVAL(q, 0, QUERYFORPDC_R);
SSVAL(q, 0, NETLOGON_RESPONSE_FROM_PDC);
q += 2;
fstrcpy(reply_name,my_name);
@ -292,7 +292,7 @@ logons are not enabled.\n", inet_ntoa(p->ip) ));
DEBUG(5,("process_logon_packet: GETDC request from %s at IP %s, \
reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
mach_str,inet_ntoa(p->ip), reply_name, lp_workgroup(),
QUERYFORPDC_R, (uint32)ntversion, (uint32)lmnttoken,
NETLOGON_RESPONSE_FROM_PDC, (uint32)ntversion, (uint32)lmnttoken,
(uint32)lm20token ));
dump_data(4, (uint8 *)outbuf, PTR_DIFF(q, outbuf));
@ -309,7 +309,7 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
return;
}
case SAMLOGON:
case LOGON_SAM_LOGON_REQUEST:
{
fstring getdc_str;
@ -351,7 +351,7 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
domainsidsize = IVAL(q, 0);
q += 4;
DEBUG(5,("process_logon_packet: SAMLOGON sidsize %d, len = %d\n", domainsidsize, len));
DEBUG(5,("process_logon_packet: LOGON_SAM_LOGON_REQUEST sidsize %d, len = %d\n", domainsidsize, len));
if (domainsidsize < (len - PTR_DIFF(q, buf)) && (domainsidsize != 0)) {
q += domainsidsize;
@ -383,7 +383,7 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
lm20token = SVAL(q, 6);
q += 8;
DEBUG(3,("process_logon_packet: SAMLOGON sidsize %d ntv %d\n", domainsidsize, ntversion));
DEBUG(3,("process_logon_packet: LOGON_SAM_LOGON_REQUEST sidsize %d ntv %d\n", domainsidsize, ntversion));
/*
* we respond regadless of whether the machine is in our password
@ -392,14 +392,14 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
*/
pull_ucs2_fstring(ascuser, uniuser);
pull_ucs2_fstring(asccomp, unicomp);
DEBUG(5,("process_logon_packet: SAMLOGON user %s\n", ascuser));
DEBUG(5,("process_logon_packet: LOGON_SAM_LOGON_REQUEST user %s\n", ascuser));
fstrcpy(reply_name, "\\\\"); /* Here it wants \\LOGONSERVER. */
fstrcat(reply_name, my_name);
DEBUG(5,("process_logon_packet: SAMLOGON request from %s(%s) for %s, returning logon svr %s domain %s code %x token=%x\n",
DEBUG(5,("process_logon_packet: LOGON_SAM_LOGON_REQUEST request from %s(%s) for %s, returning logon svr %s domain %s code %x token=%x\n",
asccomp,inet_ntoa(p->ip), ascuser, reply_name, lp_workgroup(),
SAMLOGON_R ,lmnttoken));
LOGON_SAM_LOGON_RESPONSE ,lmnttoken));
/* Construct reply. */
@ -408,9 +408,9 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
/* never, at least for now */
if ((ntversion < 11) || (SEC_ADS != lp_security()) || (ROLE_DOMAIN_PDC != lp_server_role())) {
if (SVAL(uniuser, 0) == 0) {
SSVAL(q, 0, SAMLOGON_UNK_R); /* user unknown */
SSVAL(q, 0, LOGON_SAM_LOGON_USER_UNKNOWN); /* user unknown */
} else {
SSVAL(q, 0, SAMLOGON_R);
SSVAL(q, 0, LOGON_SAM_LOGON_RESPONSE);
}
q += 2;
@ -453,9 +453,9 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
return;
}
if (SVAL(uniuser, 0) == 0) {
SIVAL(q, 0, SAMLOGON_AD_UNK_R); /* user unknown */
SIVAL(q, 0, LOGON_SAM_LOGON_USER_UNKNOWN_EX); /* user unknown */
} else {
SIVAL(q, 0, SAMLOGON_AD_R);
SIVAL(q, 0, LOGON_SAM_LOGON_RESPONSE_EX);
}
q += 4;
@ -684,8 +684,8 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
/* Announce change to UAS or SAM. Send by the domain controller when a
replication event is required. */
case SAM_UAS_CHANGE:
DEBUG(5, ("Got SAM_UAS_CHANGE\n"));
case NETLOGON_ANNOUNCE_UAS:
DEBUG(5, ("Got NETLOGON_ANNOUNCE_UAS\n"));
break;
default:

118
source3/nsswitch/libwbclient/wbc_guid.c Normal file
View File

@ -0,0 +1,118 @@
/*
Unix SMB/CIFS implementation.
Winbind client API
Copyright (C) Gerald (Jerry) Carter 2007
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 3 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/* Required Headers */
#include "libwbclient.h"
/** @brief Convert a binary GUID to a character string
*
* @param guid Binary Guid
* @param **guid_string Resulting character string
*
* @return #wbcErr
**/
wbcErr wbcGuidToString(const struct wbcGuid *guid,
char **guid_string)
{
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
if (!guid) {
wbc_status = WBC_ERR_INVALID_PARAM;
BAIL_ON_WBC_ERROR(wbc_status);
}
*guid_string = talloc_asprintf(NULL,
"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
guid->time_low, guid->time_mid,
guid->time_hi_and_version,
guid->clock_seq[0],
guid->clock_seq[1],
guid->node[0], guid->node[1],
guid->node[2], guid->node[3],
guid->node[4], guid->node[5]);
BAIL_ON_PTR_ERROR((*guid_string), wbc_status);
wbc_status = WBC_ERR_SUCCESS;
done:
return wbc_status;
}
/** @brief Convert a character string to a binary GUID
*
* @param *str Character string
* @param guid Resulting binary GUID
*
* @return #wbcErr
**/
wbcErr wbcStringToGuid(const char *str,
struct wbcGuid *guid)
{
uint32_t time_low;
uint32_t time_mid, time_hi_and_version;
uint32_t clock_seq[2];
uint32_t node[6];
int i;
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
if (!guid) {
wbc_status = WBC_ERR_INVALID_PARAM;
BAIL_ON_WBC_ERROR(wbc_status);
}
if (!str) {
wbc_status = WBC_ERR_INVALID_PARAM;
BAIL_ON_WBC_ERROR(wbc_status);
}
if (11 == sscanf(str, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
&time_low, &time_mid, &time_hi_and_version,
&clock_seq[0], &clock_seq[1],
&node[0], &node[1], &node[2], &node[3], &node[4], &node[5])) {
wbc_status = WBC_ERR_SUCCESS;
} else if (11 == sscanf(str, "{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}",
&time_low, &time_mid, &time_hi_and_version,
&clock_seq[0], &clock_seq[1],
&node[0], &node[1], &node[2], &node[3], &node[4], &node[5])) {
wbc_status = WBC_ERR_SUCCESS;
}
BAIL_ON_WBC_ERROR(wbc_status);
guid->time_low = time_low;
guid->time_mid = time_mid;
guid->time_hi_and_version = time_hi_and_version;
guid->clock_seq[0] = clock_seq[0];
guid->clock_seq[1] = clock_seq[1];
for (i=0;i<6;i++) {
guid->node[i] = node[i];
}
wbc_status = WBC_ERR_SUCCESS;
done:
return wbc_status;
}

2
source3/nsswitch/libwbclient/wbc_idmap.c
View File

@ -394,7 +394,7 @@ wbcErr wbcSetUidHwm(uid_t uid_hwm)
/** @brief Set the highwater mark for allocated gids.
*
* @param uid_hwm The new gid highwater mark value
* @param gid_hwm The new gid highwater mark value
*
* @return #wbcErr
**/

301
source3/nsswitch/libwbclient/wbc_pam.c
View File

@ -4,6 +4,7 @@
Winbind client API
Copyright (C) Gerald (Jerry) Carter 2007
Copyright (C) Guenther Deschner 2008
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@ -260,6 +261,50 @@ done:
return wbc_status;
}
static wbcErr wbc_create_logon_info(TALLOC_CTX *mem_ctx,
const struct winbindd_response *resp,
struct wbcLogonUserInfo **_i)
{
wbcErr wbc_status = WBC_ERR_SUCCESS;
struct wbcLogonUserInfo *i;
i = talloc_zero(mem_ctx, struct wbcLogonUserInfo);
BAIL_ON_PTR_ERROR(i, wbc_status);
wbc_status = wbc_create_auth_info(i, resp, &i->info);
BAIL_ON_WBC_ERROR(wbc_status);
if (resp->data.auth.krb5ccname) {
wbc_status = wbcAddNamedBlob(&i->num_blobs,
&i->blobs,
"krb5ccname",
0,
(uint8_t *)resp->data.auth.krb5ccname,
strlen(resp->data.auth.krb5ccname)+1);
BAIL_ON_WBC_ERROR(wbc_status);
}
if (resp->data.auth.unix_username) {
wbc_status = wbcAddNamedBlob(&i->num_blobs,
&i->blobs,
"unix_username",
0,
(uint8_t *)resp->data.auth.unix_username,
strlen(resp->data.auth.unix_username)+1);
BAIL_ON_WBC_ERROR(wbc_status);
}
*_i = i;
i = NULL;
done:
if (!WBC_ERROR_IS_OK(wbc_status) && i) {
wbcFreeMemory(i->blobs);
}
talloc_free(i);
return wbc_status;
}
/** @brief Authenticate with more detailed information
*
* @param params Input parameters, WBC_AUTH_USER_LEVEL_HASH
@ -331,6 +376,7 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
params->account_name,
sizeof(request.data.auth.user)-1);
}
strncpy(request.data.auth.pass,
params->password.plaintext,
sizeof(request.data.auth.pass)-1);
@ -416,6 +462,10 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
BAIL_ON_WBC_ERROR(wbc_status);
}
if (params->flags) {
request.flags |= params->flags;
}
wbc_status = wbcRequestResponse(cmd,
&request,
&response);
@ -497,6 +547,101 @@ wbcErr wbcCheckTrustCredentials(const char *domain,
return wbc_status;
}
/** @brief Trigger an extended logoff notification to Winbind for a specific user
*
* @param params A wbcLogoffUserParams structure
* @param error User output details on error
*
* @return #wbcErr
*
**/
wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params,
struct wbcAuthErrorInfo **error)
{
struct winbindd_request request;
struct winbindd_response response;
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
int i;
/* validate input */
if (!params || !params->username) {
wbc_status = WBC_ERR_INVALID_PARAM;
BAIL_ON_WBC_ERROR(wbc_status);
}
if ((params->num_blobs > 0) && (params->blobs == NULL)) {
wbc_status = WBC_ERR_INVALID_PARAM;
BAIL_ON_WBC_ERROR(wbc_status);
}
if ((params->num_blobs == 0) && (params->blobs != NULL)) {
wbc_status = WBC_ERR_INVALID_PARAM;
BAIL_ON_WBC_ERROR(wbc_status);
}
ZERO_STRUCT(request);
ZERO_STRUCT(response);
strncpy(request.data.logoff.user, params->username,
sizeof(request.data.logoff.user)-1);
for (i=0; i<params->num_blobs; i++) {
if (strcasecmp(params->blobs[i].name, "ccfilename") == 0) {
if (params->blobs[i].blob.data) {
strncpy(request.data.logoff.krb5ccname,
(const char *)params->blobs[i].blob.data,
sizeof(request.data.logoff.krb5ccname) - 1);
}
continue;
}
if (strcasecmp(params->blobs[i].name, "user_uid") == 0) {
if (params->blobs[i].blob.data) {
memcpy(&request.data.logoff.uid,
params->blobs[i].blob.data,
MIN(params->blobs[i].blob.length,
sizeof(request.data.logoff.uid)));
}
continue;
}
if (strcasecmp(params->blobs[i].name, "flags") == 0) {
if (params->blobs[i].blob.data) {
memcpy(&request.flags,
params->blobs[i].blob.data,
MIN(params->blobs[i].blob.length,
sizeof(request.flags)));
}
continue;
}
}
/* Send request */
wbc_status = wbcRequestResponse(WINBINDD_PAM_LOGOFF,
&request,
&response);
/* Take the response above and return it to the caller */
if (response.data.auth.nt_status != 0) {
if (error) {
wbc_status = wbc_create_error_info(NULL,
&response,
error);
BAIL_ON_WBC_ERROR(wbc_status);
}
wbc_status = WBC_ERR_AUTH_ERROR;
BAIL_ON_WBC_ERROR(wbc_status);
}
BAIL_ON_WBC_ERROR(wbc_status);
done:
return wbc_status;
}
/** @brief Trigger a logoff notification to Winbind for a specific user
*
* @param username Name of user to remove from Winbind's list of
@ -794,3 +939,159 @@ wbcErr wbcChangeUserPassword(const char *username,
done:
return wbc_status;
}
/** @brief Logon a User
*
* @param[in] params Pointer to a wbcLogonUserParams structure
* @param[out] info Pointer to a pointer to a wbcLogonUserInfo structure
* @param[out] error Pointer to a pointer to a wbcAuthErrorInfo structure
* @param[out] policy Pointer to a pointer to a wbcUserPasswordPolicyInfo structure
*
* @return #wbcErr
*
**/
wbcErr wbcLogonUser(const struct wbcLogonUserParams *params,
struct wbcLogonUserInfo **info,
struct wbcAuthErrorInfo **error,
struct wbcUserPasswordPolicyInfo **policy)
{
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
int cmd = 0;
struct winbindd_request request;
struct winbindd_response response;
uint32_t i;
ZERO_STRUCT(request);
ZERO_STRUCT(response);
if (info) {
*info = NULL;
}
if (error) {
*error = NULL;
}
if (policy) {
*policy = NULL;
}
if (!params) {
wbc_status = WBC_ERR_INVALID_PARAM;
BAIL_ON_WBC_ERROR(wbc_status);
}
if (!params->username) {
wbc_status = WBC_ERR_INVALID_PARAM;
BAIL_ON_WBC_ERROR(wbc_status);
}
if ((params->num_blobs > 0) && (params->blobs == NULL)) {
wbc_status = WBC_ERR_INVALID_PARAM;
BAIL_ON_WBC_ERROR(wbc_status);
}
if ((params->num_blobs == 0) && (params->blobs != NULL)) {
wbc_status = WBC_ERR_INVALID_PARAM;
BAIL_ON_WBC_ERROR(wbc_status);
}
/* Initialize request */
cmd = WINBINDD_PAM_AUTH;
request.flags = WBFLAG_PAM_INFO3_TEXT |
WBFLAG_PAM_USER_SESSION_KEY |
WBFLAG_PAM_LMKEY;
if (!params->password) {
wbc_status = WBC_ERR_INVALID_PARAM;
BAIL_ON_WBC_ERROR(wbc_status);
}
strncpy(request.data.auth.user,
params->username,
sizeof(request.data.auth.user)-1);
strncpy(request.data.auth.pass,
params->password,
sizeof(request.data.auth.pass)-1);
for (i=0; i<params->num_blobs; i++) {
if (strcasecmp(params->blobs[i].name, "krb5_cc_type") == 0) {
if (params->blobs[i].blob.data) {
strncpy(request.data.auth.krb5_cc_type,
(const char *)params->blobs[i].blob.data,
sizeof(request.data.auth.krb5_cc_type) - 1);
}
continue;
}
if (strcasecmp(params->blobs[i].name, "user_uid") == 0) {
if (params->blobs[i].blob.data) {
memcpy(&request.data.auth.uid,
params->blobs[i].blob.data,
MIN(sizeof(request.data.auth.uid),
params->blobs[i].blob.length));
}
continue;
}
if (strcasecmp(params->blobs[i].name, "flags") == 0) {
if (params->blobs[i].blob.data) {
uint32_t flags;
memcpy(&flags,
params->blobs[i].blob.data,
MIN(sizeof(flags),
params->blobs[i].blob.length));
request.flags |= flags;
}
continue;
}
if (strcasecmp(params->blobs[i].name, "membership_of") == 0) {
if (params->blobs[i].blob.data &&
params->blobs[i].blob.data[0] > 0) {
strncpy(request.data.auth.require_membership_of_sid,
(const char *)params->blobs[i].blob.data,
sizeof(request.data.auth.require_membership_of_sid) - 1);
}
continue;
}
}
wbc_status = wbcRequestResponse(cmd,
&request,
&response);
if (response.data.auth.nt_status != 0) {
if (error) {
wbc_status = wbc_create_error_info(NULL,
&response,
error);
BAIL_ON_WBC_ERROR(wbc_status);
}
wbc_status = WBC_ERR_AUTH_ERROR;
BAIL_ON_WBC_ERROR(wbc_status);
}
BAIL_ON_WBC_ERROR(wbc_status);
if (info) {
wbc_status = wbc_create_logon_info(NULL,
&response,
info);
BAIL_ON_WBC_ERROR(wbc_status);
}
if (policy) {
wbc_status = wbc_create_password_policy_info(NULL,
&response,
policy);
BAIL_ON_WBC_ERROR(wbc_status);
}
done:
if (response.extra_data.data)
free(response.extra_data.data);
return wbc_status;
}

Some files were not shown because too many files have changed in this diff Show More