1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00

Merge branch 'v3-devel' of ssh://git.samba.org/data/git/samba into v3-devel

(This used to be commit e038f1cf9fb305fc1e7a4189208e451d30aaa1f0)
This commit is contained in:
Simo Sorce 2008-08-26 18:56:49 -04:00
commit a1de4e988d
66 changed files with 1248 additions and 599 deletions

5
.gitignore vendored
View File

@ -12,6 +12,7 @@ source/include/stamp-h
source/include/version.h
source/Makefile
source/lib/netapi/examples/Makefile
source/lib/netapi/tests/Makefile
source/config.log
source/config.status
source/configure
@ -32,6 +33,8 @@ source/cscope.out
source/torture.tdb
source/pkgconfig/*.pc
source/st
source/exports/libsmbclient.syms
source/exports/libsmbsharemodes.syms
source/exports/libnetapi.syms
source/exports/libtalloc.syms
source/exports/libtdb.syms
@ -61,6 +64,8 @@ examples/libsmbclient/teststat3
examples/libsmbclient/testutime
examples/libsmbclient/testwrite
examples/libsmbclient/testtruncate
examples/libsmbclient/tree
examples/libsmbclient/Makefile.internal
source/librpc/gen_ndr/cli_krb5pac.*
source/librpc/gen_ndr/cli_messaging.*
source/librpc/gen_ndr/cli_misc.*

View File

@ -850,7 +850,20 @@ to run this against the PDC, from a Samba machine joined as a BDC. </para>
<para>Export users, aliases and groups from remote server to
local server. You need to run this against the PDC, from a Samba machine joined as a BDC.
</para>
</refsect2>
<refsect2>
<title>RPC VAMPIRE KEYTAB</title>
<para>Dump remote SAM database to local Kerberos keytab file.
</para>
</refsect2>
<refsect2>
<title>RPC VAMPIRE LDIF</title>
<para>Dump remote SAM database to local LDIF file or standard output.
</para>
</refsect2>
<refsect2>

View File

@ -58,23 +58,32 @@
on STDIN. An empty command line or a "q" will quit the
program.</para></listitem>
</varlistentry>
<varlistentry>
<term>destination</term>
<listitem><para>One of <parameter>nmbd</parameter>, <parameter>smbd</parameter> or a process ID.</para>
<para>The <parameter>all</parameter> destination causes the
message to "broadcast" to all running daemons including nmbd and
winbind. This is a change for Samba 3.3, prior to this the
paramter smbd used to do this.</para>
<para>The <parameter>smbd</parameter> destination causes the
message to "broadcast" to all smbd daemons.</para>
message to be sent to the smbd daemon specified in the
<filename>smbd.pid</filename> file.</para>
<para>The <parameter>nmbd</parameter> destination causes the
message to be sent to the nmbd daemon specified in the
<filename>nmbd.pid</filename> file.</para>
<para>The <parameter>winbindd</parameter> destination causes the
message to be sent to the winbind daemon specified in the
<filename>winbindd.pid</filename> file.</para>
<para>If a single process ID is given, the message is sent
to only that process.</para></listitem>
</varlistentry>
<varlistentry>
<term>message-type</term>
<listitem><para>Type of message to send. See

View File

@ -0,0 +1,15 @@
<samba:parameter name="init logon delay"
context="G"
type="integer"
advanced="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
This parameter specifies a delay in milliseconds for the hosts configured
for delayed initial samlogon with
<smbconfoption name="init logon delayed hosts"/>.
</para>
</description>
<value type="default">100</value>
</samba:parameter>

View File

@ -0,0 +1,21 @@
<samba:parameter name="init logon delayed hosts"
context="G"
type="list"
advanced="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
This parameter takes a list of host names, addresses or networks for
which the initial samlogon reply should be delayed (so other DCs get
preferred by XP workstations if there are any).
</para>
<para>
The length of the delay can be specified with the
<smbconfoption name="init logon delay"/> parameter.
</para>
</description>
<value type="default"></value>
<value type="example">150.203.5. myhost.mynet.de</value>
</samba:parameter>

View File

@ -9,5 +9,5 @@
</para>
</description>
<value type="default">900</value>
<value type="default">604800 (one week)</value>
</samba:parameter>

View File

@ -0,0 +1,15 @@
<samba:parameter name="winbind reconnect delay"
context="G"
type="integer"
advanced="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This parameter specifies the number of
seconds the <citerefentry><refentrytitle>winbindd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> daemon will wait between
attempts to contact a Domain controller for a domain that is
determined to be down or not contactable.</para>
</description>
<value type="default">30</value>
</samba:parameter>

View File

@ -0,0 +1,138 @@
# Makefile.internal.in for building the libsmbclient examples
# from within a samba build.
#
# Use Makfile for building the examples with a libsmbclient
# installed to /usr/local/samba
CC = @CC@
SAMBA_DIR = ../../source
SAMBA_INCLUDES = -I$(SAMBA_DIR)/include
SAMBA_LIBPATH = -L$(SAMBA_DIR)/bin
GTK_CFLAGS = `gtk-config --cflags`
GTK_LIBS = `gtk-config --libs`
#GTK_CFLAGS = `pkg-config gtk+-2.0 --cflags`
#GTK_LIBS = `pkg-config gtk+-2.0 --libs`
FLAGS = @CPPFLAGS@ @CFLAGS@ $(GTK_CFLAGS) $(SAMBA_INCLUDES)
PICFLAG=@PICFLAG@
LDFLAGS= $(SAMBA_LIBPATH) @PIE_LDFLAGS@ @LDFLAGS@
EXTERNAL_LIBS = @LIBS@ @LDAP_LIBS@ @KRB5_LIBS@ @NSCD_LIBS@
LIBSMBCLIENT_LIBS = -lwbclient -lsmbclient -ltalloc -ltdb -ldl -lresolv
CMDLINE_LIBS = @POPTLIBS@
LIBS = $(EXTERNAL_LIBS) $(LIBSMBCLIENT_LIBS)
# Compile a source file. (.c --> .o)
COMPILE_CC = $(CC) -I. $(FLAGS) $(PICFLAG) -c $< -o $@
COMPILE = $(COMPILE_CC)
MAKEDIR = || exec false; \
if test -d "$$dir"; then :; else \
echo mkdir "$$dir"; \
mkdir -p "$$dir" >/dev/null 2>&1 || \
test -d "$$dir" || \
mkdir "$$dir" || \
exec false; fi || exec false
TESTS= testsmbc \
testacl \
testacl2 \
testacl3 \
testbrowse \
testbrowse2 \
teststat \
teststat2 \
teststat3 \
testtruncate \
testchmod \
testutime \
testread \
testwrite
# tree \
all: $(TESTS) smbsh
.c.o:
@if (: >> $@ || : > $@) >/dev/null 2>&1; then rm -f $@; else \
dir=`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` $(MAKEDIR); fi
@echo Compiling $*.c
@$(COMPILE) && exit 0;\
echo "The following command failed:" 1>&2;\
echo "$(COMPILE_CC)" 1>&2;\
$(COMPILE_CC) >/dev/null 2>&1
testsmbc: testsmbc.o
@echo Linking testsmbc
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS)
tree: tree.o
@echo Linking tree
@$(CC) $(GTK_CFLAGS) $(FLAGS) $(LDFLAGS) -o $@ $< $(GTK_LIBS) $(LIBS)
testacl: testacl.o
@echo Linking testacl
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
testacl2: testacl2.o
@echo Linking testacl2
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
testacl3: testacl3.o
@echo Linking testacl3
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
testbrowse: testbrowse.o
@echo Linking testbrowse
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
testbrowse2: testbrowse2.o
@echo Linking testbrowse2
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
teststat: teststat.o
@echo Linking teststat
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
teststat2: teststat2.o
@echo Linking teststat2
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
teststat3: teststat3.o
@echo Linking teststat3
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
testtruncate: testtruncate.o
@echo Linking testtruncate
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
testchmod: testchmod.o
@echo Linking testchmod
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
testutime: testutime.o
@echo Linking testutime
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
testread: testread.o
@echo Linking testread
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
testwrite: testwrite.o
@echo Linking testwrite
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
testctx: testctx.o
@echo Linking testctx
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
smbsh:
make -C smbwrapper
clean:
@rm -f *.o *~ $(TESTS)
@make -C smbwrapper clean

View File

@ -3,7 +3,7 @@ DEFS = -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE
CFLAGS = -I$(SAMBA_INCL) $(EXTLIB_INCL)
LDFLAGS = -L/usr/local/samba/lib
LDFLAGS = -L/usr/local/samba/lib -L../../../source/bin
SMBINCLUDE = -I../../../source/include
CFLAGS= -fpic -g -O0 $(DEFS) $(SMBINCLUDE)

View File

@ -1109,7 +1109,7 @@ int utimes(const char *name, const struct timeval *tvp)
return (* smbw_libc.utimes)((char *) name, (struct timeval *) tvp);
}
int readlink(const char *path, char *buf, size_t bufsize)
ssize_t readlink(const char *path, char *buf, size_t bufsize)
{
check_init("readlink");

View File

@ -1,7 +1,7 @@
# Doxyfile 0.1
# Doxyfile 1.5.3
#---------------------------------------------------------------------------
# General configuration options
# Project related configuration options
#---------------------------------------------------------------------------
PROJECT_NAME = Samba
PROJECT_NUMBER = HEAD
@ -13,68 +13,84 @@ PROJECT_NUMBER = HEAD
# doesn't mind variables being redefined.
OUTPUT_DIRECTORY = dox
OUTPUT_LANGUAGE = English
EXTRACT_ALL = YES
EXTRACT_PRIVATE = YES
EXTRACT_STATIC = YES
HIDE_UNDOC_MEMBERS = NO
HIDE_UNDOC_CLASSES = NO
DOXYFILE_ENCODING = UTF-8
BRIEF_MEMBER_DESC = YES
REPEAT_BRIEF = YES
ALWAYS_DETAILED_SEC = NO
FULL_PATH_NAMES = YES
STRIP_FROM_PATH = $(PWD)/
INTERNAL_DOCS = YES
CLASS_DIAGRAMS = YES
SOURCE_BROWSER = YES
INLINE_SOURCES = YES
STRIP_CODE_COMMENTS = NO
CASE_SENSE_NAMES = YES
SHORT_NAMES = NO
HIDE_SCOPE_NAMES = YES
VERBATIM_HEADERS = YES
SHOW_INCLUDE_FILES = YES
JAVADOC_AUTOBRIEF = YES
INHERIT_DOCS = YES
TAB_SIZE = 8
ALIASES =
OPTIMIZE_OUTPUT_FOR_C = YES
DISTRIBUTE_GROUP_DOC = NO
#---------------------------------------------------------------------------
# Build related configuration options
#---------------------------------------------------------------------------
EXTRACT_ALL = YES
EXTRACT_PRIVATE = YES
EXTRACT_STATIC = YES
EXTRACT_LOCAL_CLASSES = YES
HIDE_UNDOC_MEMBERS = NO
HIDE_UNDOC_CLASSES = NO
INTERNAL_DOCS = YES
CASE_SENSE_NAMES = YES
HIDE_SCOPE_NAMES = YES
SHOW_INCLUDE_FILES = YES
INLINE_INFO = YES
SORT_MEMBER_DOCS = NO
DISTRIBUTE_GROUP_DOC = NO
TAB_SIZE = 8
SORT_BRIEF_DOCS = NO
GENERATE_TODOLIST = YES
GENERATE_TESTLIST = YES
GENERATE_BUGLIST = YES
ALIASES =
GENERATE_DEPRECATEDLIST= YES
ENABLED_SECTIONS =
MAX_INITIALIZER_LINES = 30
OPTIMIZE_OUTPUT_FOR_C = YES
SHOW_USED_FILES = YES
REFERENCED_BY_RELATION = YES
SHOW_DIRECTORIES = YES
#---------------------------------------------------------------------------
# configuration options related to warning and progress messages
#---------------------------------------------------------------------------
QUIET = YES
WARNINGS = NO
WARN_IF_UNDOCUMENTED = NO
WARN_IF_DOC_ERROR = NO
WARN_NO_PARAMDOC = NO
WARN_FORMAT = "$file:$line: $text"
WARN_LOGFILE =
#---------------------------------------------------------------------------
# configuration options related to the input files
#---------------------------------------------------------------------------
INPUT = .
INPUT_ENCODING = UTF-8
FILE_PATTERNS = *.c \
*.h \
*.idl
RECURSIVE = YES
EXCLUDE = include/includes.h \
include/proto.h
EXCLUDE_SYMLINKS = NO
EXCLUDE_PATTERNS =
EXAMPLE_PATH =
EXAMPLE_PATTERNS =
EXAMPLE_RECURSIVE = NO
IMAGE_PATH =
INPUT_FILTER =
FILTER_SOURCE_FILES = NO
#---------------------------------------------------------------------------
# configuration options related to source browsing
#---------------------------------------------------------------------------
SOURCE_BROWSER = YES
INLINE_SOURCES = YES
STRIP_CODE_COMMENTS = NO
REFERENCED_BY_RELATION = YES
REFERENCES_RELATION = YES
REFERENCES_LINK_SOURCE = YES
VERBATIM_HEADERS = YES
#---------------------------------------------------------------------------
# configuration options related to the alphabetical class index
#---------------------------------------------------------------------------
ALPHABETICAL_INDEX = YES
@ -85,13 +101,12 @@ IGNORE_PREFIX =
#---------------------------------------------------------------------------
GENERATE_HTML = YES
HTML_OUTPUT = .
HTML_FILE_EXTENSION = .html
HTML_HEADER =
HTML_FOOTER =
HTML_STYLESHEET =
HTML_ALIGN_MEMBERS = YES
GENERATE_HTMLHELP = NO
GENERATE_CHI = NO
BINARY_TOC = NO
TOC_EXPAND = NO
DISABLE_INDEX = NO
ENUM_VALUES_PER_LINE = 3
@ -152,25 +167,26 @@ PERL_PATH = /usr/bin/perl
# configuration options related to the dot tool
#---------------------------------------------------------------------------
HAVE_DOT = NO
CLASS_DIAGRAMS = YES
HIDE_UNDOC_RELATIONS = NO
CLASS_GRAPH = YES
COLLABORATION_GRAPH = YES
GROUP_GRAPHS = YES
TEMPLATE_RELATIONS = YES
INCLUDE_GRAPH = YES
INCLUDED_BY_GRAPH = YES
CALL_GRAPH = YES
CALLER_GRAPH = YES
GRAPHICAL_HIERARCHY = YES
DIRECTORY_GRAPH = YES
DOT_IMAGE_FORMAT = png
DOT_PATH =
DOTFILE_DIRS =
MAX_DOT_GRAPH_WIDTH = 1024
MAX_DOT_GRAPH_HEIGHT = 1024
DOT_GRAPH_MAX_NODES = 50
MAX_DOT_GRAPH_DEPTH = 0
GENERATE_LEGEND = YES
DOT_CLEANUP = YES
#---------------------------------------------------------------------------
# configuration::additions related to the search engine
#---------------------------------------------------------------------------
SEARCHENGINE = NO
CGI_NAME = search.cgi
CGI_URL =
DOC_URL =
DOC_ABSPATH =
BIN_ABSPATH = /usr/local/bin/
EXT_DOC_PATHS =

View File

@ -178,9 +178,9 @@ PATH_FLAGS = -DSMB_PASSWD_FILE=\"$(SMB_PASSWD_FILE)\" \
# Note that all executable programs now provide for an optional executable suffix.
SBIN_PROGS = bin/smbd@EXEEXT@ bin/nmbd@EXEEXT@ @SWAT_SBIN_TARGETS@ @EXTRA_SBIN_PROGS@
SBIN_PROGS = bin/smbd@EXEEXT@ bin/nmbd@EXEEXT@ @SWAT_SBIN_TARGETS@ @EXTRA_SBIN_PROGS@ @CIFSUPCALL_PROGS@
ROOT_SBIN_PROGS = @CIFSMOUNT_PROGS@ @CIFSUPCALL_PROGS@
ROOT_SBIN_PROGS = @CIFSMOUNT_PROGS@
BIN_PROGS1 = bin/smbclient@EXEEXT@ bin/net@EXEEXT@ bin/smbspool@EXEEXT@ \
bin/testparm@EXEEXT@ bin/smbstatus@EXEEXT@ bin/smbget@EXEEXT@
@ -339,7 +339,7 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) \
lib/module.o lib/events.o lib/ldap_escape.o @CHARSET_STATIC@ \
lib/secdesc.o lib/util_seaccess.o lib/secace.o lib/secacl.o \
libads/krb5_errs.o lib/system_smbd.o lib/audit.o $(LIBNDR_OBJ) \
lib/file_id.o
lib/file_id.o lib/idmap_cache.o
LIB_DUMMY_OBJ = lib/dummysmbd.o lib/dummyroot.o
LIB_NONSMBD_OBJ = $(LIB_OBJ) $(LIB_DUMMY_OBJ)
@ -980,7 +980,7 @@ PAM_SMBPASS_OBJ = $(PAM_SMBPASS_OBJ_0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(PASSDB_
$(SMBLDAP_OBJ) $(LIBSAMBA_OBJ) \
$(LDB_OBJ)
IDMAP_OBJ = winbindd/idmap.o winbindd/idmap_cache.o winbindd/idmap_util.o @IDMAP_STATIC@
IDMAP_OBJ = winbindd/idmap.o winbindd/idmap_util.o @IDMAP_STATIC@
NSS_INFO_OBJ = winbindd/nss_info.o @NSS_INFO_STATIC@
@ -1350,7 +1350,7 @@ bin/cifs.upcall@EXEEXT@: $(BINARY_PREREQS) $(CIFS_UPCALL_OBJ) $(LIBSMBCLIENT_OBJ
@$(CC) $(FLAGS) -o $@ $(CIFS_UPCALL_OBJ) $(DYNEXP) $(LDFLAGS) \
-lkeyutils $(LIBS) $(LIBSMBCLIENT_OBJ1) $(KRB5LIBS) \
$(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(WINBIND_LIBS) \
$(LIBTDB_LIBS)
$(LIBTDB_LIBS) $(NSCD_LIBS)
bin/testparm@EXEEXT@: $(BINARY_PREREQS) $(TESTPARM_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
@echo Linking $@
@ -1824,7 +1824,7 @@ shlibs test_shlibs: @LIBADDNS_SHARED@
#
#-------------------------------------------------------------------
LIBNETAPI_OBJ1 = lib/netapi/netapi.o \
LIBNETAPI_OBJ0 = lib/netapi/netapi.o \
lib/netapi/cm.o \
librpc/gen_ndr/ndr_libnetapi.o \
lib/netapi/libnetapi.o \
@ -1837,7 +1837,7 @@ LIBNETAPI_OBJ1 = lib/netapi/netapi.o \
lib/netapi/samr.o \
lib/netapi/sid.o
LIBNETAPI_OBJ = $(LIBNETAPI_OBJ1) $(LIBNET_OBJ) \
LIBNETAPI_OBJ = $(LIBNETAPI_OBJ0) $(LIBNET_OBJ) \
$(LIBSMBCONF_OBJ) \
$(REG_SMBCONF_OBJ) \
$(PARAM_WITHOUT_REG_OBJ) $(LIB_NONSMBD_OBJ) \
@ -1869,9 +1869,9 @@ $(LIBNETAPI_SHARED_TARGET): $(LIBNETAPI_SHARED_TARGET_SONAME)
@rm -f $@
@ln -s -f `basename $(LIBNETAPI_SHARED_TARGET_SONAME)` $@
$(LIBNETAPI_STATIC_TARGET): $(BINARY_PREREQS) $(LIBNETAPI_OBJ1)
$(LIBNETAPI_STATIC_TARGET): $(BINARY_PREREQS) $(LIBNETAPI_OBJ0)
@echo Linking non-shared library $@
@-$(AR) -rc $@ $(LIBNETAPI_OBJ1)
@-$(AR) -rc $@ $(LIBNETAPI_OBJ0)
libnetapi: $(LIBNETAPI)
@ -1917,10 +1917,13 @@ LIBSMBCLIENT_SOVER=@LIBSMBCLIENT_SOVER@
LIBSMBCLIENT_SHARED_TARGET_SONAME=$(LIBSMBCLIENT_SHARED_TARGET).$(LIBSMBCLIENT_SOVER)
LIBSMBCLIENT_STATIC_TARGET=@LIBSMBCLIENT_STATIC_TARGET@
LIBSMBCLIENT=$(LIBSMBCLIENT_STATIC_TARGET) @LIBSMBCLIENT_SHARED@
#LIBSMBCLIENT_SYMS=$(srcdir)/exports/libsmbclient.@SYMSEXT@
LIBSMBCLIENT_SYMS=$(srcdir)/exports/libsmbclient.@SYMSEXT@
LIBSMBCLIENT_HEADERS=$(srcdir)/include/libsmbclient.h
$(LIBSMBCLIENT_SHARED_TARGET_SONAME): $(BINARY_PREREQS) $(LIBSMBCLIENT_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
$(LIBSMBCLIENT_SYMS): $(LIBSMBCLIENT_HEADERS)
@$(MKSYMS_SH) $(AWK) $@ $(LIBSMBCLIENT_HEADERS)
$(LIBSMBCLIENT_SHARED_TARGET_SONAME): $(BINARY_PREREQS) $(LIBSMBCLIENT_OBJ) $(LIBSMBCLIENT_SYMS) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
@echo Linking shared library $@
@$(SHLD_DSO) $(LIBSMBCLIENT_OBJ) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS) $(LIBS) \
@ -1986,12 +1989,13 @@ LIBSMBSHAREMODES_SOVER=@LIBSMBSHAREMODES_SOVER@
LIBSMBSHAREMODES_SHARED_TARGET_SONAME=$(LIBSMBSHAREMODES_SHARED_TARGET).$(LIBSMBSHAREMODES_SOVER)
LIBSMBSHAREMODES_STATIC_TARGET=@LIBSMBSHAREMODES_STATIC_TARGET@
LIBSMBSHAREMODES=$(LIBSMBSHAREMODES_STATIC_TARGET) @LIBSMBSHAREMODES_SHARED@
#LIBSMBSHAREMODES_SYMS=$(srcdir)/exports/libsmbsharemodes.@SYMSEXT@
LIBSMBSHAREMODES_SYMS=$(srcdir)/exports/libsmbsharemodes.@SYMSEXT@
LIBSMBSHAREMODES_HEADERS=$(srcdir)/include/smb_share_modes.h
LIBSMBSHAREMODES=bin/libsmbsharemodes.a @LIBSMBSHAREMODES_SHARED@
$(LIBSMBSHAREMODES_SYMS): $(LIBSMBSHAREMODES_HEADERS)
@$(MKSYMS_SH) $(AWK) $@ $(LIBSMBSHAREMODES_HEADERS)
$(LIBSMBSHAREMODES_SHARED_TARGET_SONAME): $(BINARY_PREREQS) $(LIBSMBSHAREMODES_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
$(LIBSMBSHAREMODES_SHARED_TARGET_SONAME): $(BINARY_PREREQS) $(LIBSMBSHAREMODES_OBJ) $(LIBSMBSHAREMODES_SYMS) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
@echo Linking shared library $@
@$(SHLD_DSO) $(LIBSMBSHAREMODES_OBJ) \
$(LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \
@ -2471,7 +2475,7 @@ install-everything:: install installmodules
# is not used
installdirs::
@$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(BINDIR) $(SBINDIR) $(LIBDIR) $(VARDIR) $(PRIVATEDIR) $(PIDDIR) $(LOCKDIR) $(MANDIR)
@$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(BINDIR) $(SBINDIR) $(LIBDIR) $(VARDIR) $(PRIVATEDIR) $(PIDDIR) $(LOCKDIR) $(MANDIR) $(CODEPAGEDIR) $(MODULESDIR)
installservers:: all installdirs
@$(SHELL) script/installbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(SBINDIR) $(SBIN_PROGS)
@ -2484,8 +2488,8 @@ installcifsmount:: @CIFSMOUNT_PROGS@
@$(SHELL) script/installbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(ROOTSBINDIR) @CIFSMOUNT_PROGS@
installcifsupcall:: @CIFSUPCALL_PROGS@
@$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(ROOTSBINDIR)
@$(SHELL) script/installbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(ROOTSBINDIR) @CIFSUPCALL_PROGS@
@$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(SBINDIR)
@$(SHELL) script/installbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(SBINDIR) @CIFSUPCALL_PROGS@
# Some symlinks are required for the 'probing' of modules.
# This mechanism should go at some point..
@ -2716,3 +2720,14 @@ valgrindtest:: all torture timelimit
SMBD_VALGRIND="xterm -n smbd -e valgrind -q --db-attach=yes --num-callers=30" \
VALGRIND="valgrind -q --num-callers=30 --log-file=${selftest_prefix}/valgrind.log" \
PERL="$(PERL)" $(srcdir)/script/tests/selftest.sh ${selftest_prefix} all "${smbtorture4_path}"
##
## Examples:
##
libsmbclient_examples:
$(MAKE) -C ../examples/libsmbclient -f Makefile.internal
clean_libsmbclient_examples:
$(MAKE) -C ../examples/libsmbclient -f Makefile.internal clean

View File

@ -63,6 +63,7 @@ typedef int (*smb_pam_conv_fn)(int, const struct pam_message **, struct pam_resp
* Macros to help make life easy
*/
#define COPY_STRING(s) (s) ? SMB_STRDUP(s) : NULL
#define COPY_FSTRING(s) (s[0]) ? SMB_STRDUP(s) : NULL
/*******************************************************************
PAM error handler.
@ -327,7 +328,7 @@ static int smb_pam_passchange_conv(int num_msg,
DEBUG(100,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: We actualy sent: %s\n", current_reply));
#endif
reply[replies].resp_retcode = PAM_SUCCESS;
reply[replies].resp = COPY_STRING(current_reply);
reply[replies].resp = COPY_FSTRING(current_reply);
found = True;
break;
}
@ -355,7 +356,7 @@ static int smb_pam_passchange_conv(int num_msg,
DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: We sent: %s\n", current_reply));
pwd_sub(current_reply, udp->PAM_username, udp->PAM_password, udp->PAM_newpassword);
reply[replies].resp_retcode = PAM_SUCCESS;
reply[replies].resp = COPY_STRING(current_reply);
reply[replies].resp = COPY_FSTRING(current_reply);
#ifdef DEBUG_PASSWORD
DEBUG(100,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: We actualy sent: %s\n", current_reply));
#endif

View File

@ -29,7 +29,7 @@ create dns_resolver * * /usr/local/sbin/cifs.upcall %k
#include "cifs_spnego.h"
const char *CIFSSPNEGO_VERSION = "1.1";
const char *CIFSSPNEGO_VERSION = "1.2";
static const char *prog = "cifs.upcall";
typedef enum _secType {
KRB5,
@ -73,7 +73,7 @@ int handle_krb5_mech(const char *oid, const char *principal,
tkt_wrapped = spnego_gen_krb5_wrap(tkt, TOK_ID_KRB_AP_REQ);
/* and wrap that in a shiny SPNEGO wrapper */
*secblob = gen_negTokenInit(OID_KERBEROS5, tkt_wrapped);
*secblob = gen_negTokenInit(oid, tkt_wrapped);
data_blob_free(&tkt_wrapped);
data_blob_free(&tkt);
@ -118,6 +118,9 @@ int decode_key_description(const char *desc, int *ver, secType_t * sec,
if (strncmp(tkn + 4, "krb5", 4) == 0) {
retval |= DKD_HAVE_SEC;
*sec = KRB5;
} else if (strncmp(tkn + 4, "mskrb5", 6) == 0) {
retval |= DKD_HAVE_SEC;
*sec = MS_KRB5;
}
} else if (strncmp(tkn, "uid=", 4) == 0) {
errno = 0;
@ -220,6 +223,7 @@ int main(const int argc, char *const argv[])
int kernel_upcall_version;
int c, use_cifs_service_prefix = 0;
char *buf, *hostname = NULL;
const char *oid;
openlog(prog, 0, LOG_DAEMON);
@ -280,7 +284,7 @@ int main(const int argc, char *const argv[])
}
SAFE_FREE(buf);
if (kernel_upcall_version != CIFS_SPNEGO_UPCALL_VERSION) {
if (kernel_upcall_version > CIFS_SPNEGO_UPCALL_VERSION) {
syslog(LOG_WARNING,
"incompatible kernel upcall version: 0x%x",
kernel_upcall_version);
@ -301,6 +305,7 @@ int main(const int argc, char *const argv[])
// do mech specific authorization
switch (sectype) {
case MS_KRB5:
case KRB5:{
char *princ;
size_t len;
@ -319,8 +324,12 @@ int main(const int argc, char *const argv[])
}
strlcpy(princ + 5, hostname, len - 5);
rc = handle_krb5_mech(OID_KERBEROS5, princ,
&secblob, &sess_key);
if (sectype == MS_KRB5)
oid = OID_KERBEROS5_OLD;
else
oid = OID_KERBEROS5;
rc = handle_krb5_mech(oid, princ, &secblob, &sess_key);
SAFE_FREE(princ);
break;
}
@ -344,7 +353,7 @@ int main(const int argc, char *const argv[])
rc = 1;
goto out;
}
keydata->version = CIFS_SPNEGO_UPCALL_VERSION;
keydata->version = kernel_upcall_version;
keydata->flags = 0;
keydata->sesskey_len = sess_key.length;
keydata->secblob_len = secblob.length;

View File

@ -23,7 +23,7 @@
#ifndef _CIFS_SPNEGO_H
#define _CIFS_SPNEGO_H
#define CIFS_SPNEGO_UPCALL_VERSION 1
#define CIFS_SPNEGO_UPCALL_VERSION 2
/*
* The version field should always be set to CIFS_SPNEGO_UPCALL_VERSION.

View File

@ -473,7 +473,8 @@ static int parse_options(char ** optionsp, int * filesys_flags)
}
} else if (strncmp(data, "sec", 3) == 0) {
if (value) {
if (!strcmp(value, "none"))
if (!strncmp(value, "none", 4) ||
!strncmp(value, "krb5", 4))
got_password = 1;
}
} else if (strncmp(data, "ip", 2) == 0) {

View File

@ -2627,19 +2627,6 @@ AC_CHECK_FUNCS(getpagesize)
################################################
# look for a method of setting the effective uid
seteuid=no;
if test $seteuid = no; then
AC_CACHE_CHECK([for setresuid],samba_cv_USE_SETRESUID,[
AC_TRY_RUN([
#define AUTOCONF_TEST 1
#define USE_SETRESUID 1
#include "confdefs.h"
#include "${srcdir-.}/lib/util_sec.c"],
samba_cv_USE_SETRESUID=yes,samba_cv_USE_SETRESUID=no,samba_cv_USE_SETRESUID=cross)])
if test x"$samba_cv_USE_SETRESUID" = x"yes"; then
seteuid=yes;AC_DEFINE(USE_SETRESUID,1,[Whether setresuid() is available])
fi
fi
if test $seteuid = no; then
AC_CACHE_CHECK([for setreuid],samba_cv_USE_SETREUID,[
@ -2654,6 +2641,21 @@ if test x"$samba_cv_USE_SETREUID" = x"yes"; then
fi
fi
# we check for setresuid second as it conflicts with AIO on Linux.
# see http://samba.org/~tridge/junkcode/aio_uid.c
if test $seteuid = no; then
AC_CACHE_CHECK([for setresuid],samba_cv_USE_SETRESUID,[
AC_TRY_RUN([
#define AUTOCONF_TEST 1
#define USE_SETRESUID 1
#include "confdefs.h"
#include "${srcdir-.}/lib/util_sec.c"],
samba_cv_USE_SETRESUID=yes,samba_cv_USE_SETRESUID=no,samba_cv_USE_SETRESUID=cross)])
if test x"$samba_cv_USE_SETRESUID" = x"yes"; then
seteuid=yes;AC_DEFINE(USE_SETRESUID,1,[Whether setresuid() is available])
fi
fi
if test $seteuid = no; then
AC_CACHE_CHECK([for seteuid],samba_cv_USE_SETEUID,[
AC_TRY_RUN([
@ -4048,7 +4050,7 @@ INSTALL_CIFSUPCALL=""
UNINSTALL_CIFSUPCALL=""
AC_MSG_CHECKING(whether to build cifs.upcall)
AC_ARG_WITH(cifsupcall,
[AS_HELP_STRING([--with-cifsupcall], [Include cifs.upcall (Linux only) support (default=no)])],
[AS_HELP_STRING([--with-cifsupcall], [Include cifs.upcall (Linux only) support (default=yes)])],
[ case "$withval" in
no)
AC_MSG_RESULT(no)
@ -4074,9 +4076,24 @@ AC_ARG_WITH(cifsupcall,
esac
;;
esac ],
[
AC_MSG_RESULT(no)
]
[ case "$host_os" in
*linux*)
if test x"$use_ads" != x"yes"; then
AC_MSG_WARN(ADS support should be enabled for building cifs.upcall)
elif test x"$HAVE_KEYUTILS_H" != "x1"; then
AC_MSG_WARN(keyutils package is required for cifs.upcall)
else
AC_MSG_RESULT(yes)
AC_DEFINE(WITH_CIFSUPCALL,1,[whether to build cifs.upcall])
CIFSUPCALL_PROGS="bin/cifs.upcall"
INSTALL_CIFSUPCALL="installcifsupcall"
UNINSTALL_CIFSUPCALL="uninstallcifsupcall"
fi
;;
*)
AC_MSG_RESULT(no)
;;
esac ]
)
@ -6149,6 +6166,7 @@ AC_OUTPUT(Makefile
pkgconfig/wbclient.pc
pkgconfig/netapi.pc
pkgconfig/smbsharemodes.pc
../examples/libsmbclient/Makefile.internal
)
#################################################

View File

@ -1,4 +0,0 @@
{
global: smbc_*;
local: *;
};

View File

@ -1,3 +0,0 @@
{
global: *;
};

View File

@ -623,7 +623,7 @@ bool is_local_net(const struct sockaddr_storage *from);
void setup_linklocal_scope_id(struct sockaddr_storage *pss);
bool is_local_net_v4(struct in_addr from);
int iface_count(void);
int iface_count_v4(void);
int iface_count_v4_nl(void);
const struct in_addr *first_ipv4_iface(void);
struct interface *get_interface(int n);
const struct sockaddr_storage *iface_n_sockaddr_storage(int n);
@ -6049,6 +6049,7 @@ int lp_directory_name_cache_size(int );
int lp_smb_encrypt(int );
char lp_magicchar(const struct share_params *p );
int lp_winbind_cache_time(void);
int lp_winbind_reconnect_delay(void);
const char **lp_winbind_nss_info(void);
int lp_algorithmic_rid_base(void);
int lp_name_cache_timeout(void);

View File

@ -1330,12 +1330,19 @@ struct bitmap {
#define FILE_DELETE_ON_CLOSE 0x1000
#define FILE_OPEN_BY_FILE_ID 0x2000
/* Private create options used by the ntcreatex processing code. From Samba4. */
#define NTCREATEX_OPTIONS_PRIVATE_DENY_DOS 0x01000000
#define NTCREATEX_OPTIONS_PRIVATE_DENY_FCB 0x02000000
#define NTCREATEX_OPTIONS_MUST_IGNORE_MASK (0x008F0480)
#define NTCREATEX_OPTIONS_INVALID_PARAM_MASK (0xFF100030)
/*
* Private create options used by the ntcreatex processing code. From Samba4.
* We reuse some ignored flags for private use.
*/
#define NTCREATEX_OPTIONS_PRIVATE_DENY_DOS 0x00010000
#define NTCREATEX_OPTIONS_PRIVATE_DENY_FCB 0x00020000
/* Private options for streams support */
#define NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE 0x04000000
#define NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE 0x00040000
/* Responses when opening a file. */
#define FILE_WAS_SUPERSEDED 0

View File

@ -2,17 +2,17 @@
Unix SMB/CIFS implementation.
Database interface wrapper around ctdbd
Copyright (C) Volker Lendecke 2007
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@ -76,7 +76,7 @@ static NTSTATUS tdb_error_to_ntstatus(struct tdb_context *tdb)
/*
form a ctdb_rec_data record from a key/data pair
note that header may be NULL. If not NULL then it is included in the data portion
of the record
*/
@ -130,7 +130,8 @@ static struct ctdb_marshall_buffer *db_ctdb_marshall_add(TALLOC_CTX *mem_ctx,
}
if (m == NULL) {
m = talloc_zero_size(mem_ctx, offsetof(struct ctdb_marshall_buffer, data));
m = (struct ctdb_marshall_buffer *)talloc_zero_size(
mem_ctx, offsetof(struct ctdb_marshall_buffer, data));
if (m == NULL) {
return NULL;
}
@ -140,7 +141,8 @@ static struct ctdb_marshall_buffer *db_ctdb_marshall_add(TALLOC_CTX *mem_ctx,
m_size = talloc_get_size(m);
r_size = talloc_get_size(r);
m2 = talloc_realloc_size(mem_ctx, m, m_size + r_size);
m2 = (struct ctdb_marshall_buffer *)talloc_realloc_size(
mem_ctx, m, m_size + r_size);
if (m2 == NULL) {
talloc_free(m);
return NULL;
@ -166,7 +168,7 @@ static TDB_DATA db_ctdb_marshall_finish(struct ctdb_marshall_buffer *m)
/*
loop over a marshalling buffer
- pass r==NULL to start
- loop the number of times indicated by m->count
*/
@ -184,7 +186,7 @@ static struct ctdb_rec_data *db_ctdb_marshall_loop_next(struct ctdb_marshall_buf
if (reqid != NULL) {
*reqid = r->reqid;
}
if (key != NULL) {
key->dptr = &r->data[0];
key->dsize = r->keylen;
@ -228,7 +230,7 @@ static int db_ctdb_transaction_fetch_start(struct db_ctdb_transaction_handle *h)
struct db_ctdb_ctx *ctx = h->ctx;
TDB_DATA data;
key.dptr = discard_const(keyname);
key.dptr = (uint8_t *)discard_const(keyname);
key.dsize = strlen(keyname);
again:
@ -483,16 +485,16 @@ static int db_ctdb_transaction_store(struct db_ctdb_transaction_handle *h,
return -1;
}
}
h->m_write = db_ctdb_marshall_add(h, h->m_write, h->ctx->db_id, 0, key, &header, data);
if (h->m_write == NULL) {
DEBUG(0,(__location__ " Failed to add to marshalling record\n"));
talloc_free(tmp_ctx);
return -1;
}
rec.dsize = data.dsize + sizeof(struct ctdb_ltdb_header);
rec.dptr = talloc_size(tmp_ctx, rec.dsize);
rec.dptr = (uint8_t *)talloc_size(tmp_ctx, rec.dsize);
if (rec.dptr == NULL) {
DEBUG(0,(__location__ " Failed to alloc record\n"));
talloc_free(tmp_ctx);
@ -504,7 +506,7 @@ static int db_ctdb_transaction_store(struct db_ctdb_transaction_handle *h,
ret = tdb_store(h->ctx->wtdb->tdb, key, rec, TDB_REPLACE);
talloc_free(tmp_ctx);
return ret;
}
@ -590,7 +592,7 @@ static int ctdb_replay_transaction(struct db_ctdb_transaction_handle *h)
talloc_free(tmp_ctx);
}
}
return 0;
failed:
@ -868,7 +870,7 @@ again:
(int)crec->ctdb_ctx->db_id, keystr));
TALLOC_FREE(keystr);
}
if (tdb_chainlock(ctx->wtdb->tdb, key) != 0) {
DEBUG(3, ("tdb_chainlock failed\n"));
TALLOC_FREE(result);

View File

@ -18,7 +18,6 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.*/
#include "includes.h"
#include "winbindd.h"
/**
* Find a sid2uid mapping

View File

@ -131,15 +131,18 @@ int iface_count(void)
}
/****************************************************************************
How many interfaces do we have (v4 only) ?
How many non-loopback IPv4 interfaces do we have ?
**************************************************************************/
int iface_count_v4(void)
int iface_count_v4_nl(void)
{
int ret = 0;
struct interface *i;
for (i=local_interfaces;i;i=i->next) {
if (is_loopback_addr(&i->ip)) {
continue;
}
if (i->ip.ss_family == AF_INET) {
ret++;
}

View File

@ -2008,6 +2008,7 @@ bool str_list_sub_basic( char **list, const char *smb_name,
bool str_list_substitute(char **list, const char *pattern, const char *insert)
{
TALLOC_CTX *ctx = list;
char *p, *s, *t;
ssize_t ls, lp, li, ld, i, d;
@ -2030,7 +2031,7 @@ bool str_list_substitute(char **list, const char *pattern, const char *insert)
t = *list;
d = p -t;
if (ld) {
t = (char *) SMB_MALLOC(ls +ld +1);
t = TALLOC_ARRAY(ctx, char, ls +ld +1);
if (!t) {
DEBUG(0,("str_list_substitute: "
"Unable to allocate memory"));
@ -2038,7 +2039,7 @@ bool str_list_substitute(char **list, const char *pattern, const char *insert)
}
memcpy(t, *list, d);
memcpy(t +d +li, p +lp, ls -d -lp +1);
SAFE_FREE(*list);
TALLOC_FREE(*list);
*list = t;
ls += ld;
s = t +d +li;

View File

@ -393,9 +393,6 @@ static NTSTATUS ads_lookup_site(void)
ADS_STRUCT *ads = NULL;
ADS_STATUS ads_status;
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
struct nbt_cldap_netlogon_5 cldap_reply;
ZERO_STRUCT(cldap_reply);
ads = ads_init(lp_realm(), NULL, NULL);
if (!ads) {

View File

@ -1504,9 +1504,9 @@ NTSTATUS rpccli_netr_ServerPasswordSet2(struct rpc_pipe_client *cli,
const char *account_name /* [in] [charset(UTF16)] */,
enum netr_SchannelType secure_channel_type /* [in] */,
const char *computer_name /* [in] [charset(UTF16)] */,
struct netr_Authenticator credential /* [in] */,
struct netr_CryptPassword new_password /* [in] */,
struct netr_Authenticator *return_authenticator /* [out] [ref] */)
struct netr_Authenticator *credential /* [in] [ref] */,
struct netr_Authenticator *return_authenticator /* [out] [ref] */,
struct netr_CryptPassword *new_password /* [in] [ref] */)
{
struct netr_ServerPasswordSet2 r;
NTSTATUS status;

View File

@ -239,9 +239,9 @@ NTSTATUS rpccli_netr_ServerPasswordSet2(struct rpc_pipe_client *cli,
const char *account_name /* [in] [charset(UTF16)] */,
enum netr_SchannelType secure_channel_type /* [in] */,
const char *computer_name /* [in] [charset(UTF16)] */,
struct netr_Authenticator credential /* [in] */,
struct netr_CryptPassword new_password /* [in] */,
struct netr_Authenticator *return_authenticator /* [out] [ref] */);
struct netr_Authenticator *credential /* [in] [ref] */,
struct netr_Authenticator *return_authenticator /* [out] [ref] */,
struct netr_CryptPassword *new_password /* [in] [ref] */);
NTSTATUS rpccli_netr_ServerPasswordGet(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
const char *server_name /* [in] [unique,charset(UTF16)] */,

View File

@ -76,7 +76,7 @@ union PAC_INFO {
struct PAC_SIGNATURE_DATA srv_cksum;/* [case(PAC_TYPE_SRV_CHECKSUM)] */
struct PAC_SIGNATURE_DATA kdc_cksum;/* [case(PAC_TYPE_KDC_CHECKSUM)] */
struct PAC_LOGON_NAME logon_name;/* [case(PAC_TYPE_LOGON_NAME)] */
struct DATA_BLOB_REM unknown;/* [subcontext(0),case(PAC_TYPE_UNKNOWN_12)] */
struct DATA_BLOB_REM unknown;/* [subcontext(0),default] */
}/* [gensize,nodiscriminant,public] */;
struct PAC_BUFFER {

View File

@ -319,7 +319,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_PAC_INFO(struct ndr_push *ndr, int ndr_flags
NDR_CHECK(ndr_push_PAC_LOGON_NAME(ndr, NDR_SCALARS, &r->logon_name));
break; }
case PAC_TYPE_UNKNOWN_12: {
default: {
{
struct ndr_push *_ndr_unknown;
NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_unknown, 0, -1));
@ -328,8 +328,6 @@ _PUBLIC_ enum ndr_err_code ndr_push_PAC_INFO(struct ndr_push *ndr, int ndr_flags
}
break; }
default:
return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
}
}
if (ndr_flags & NDR_BUFFERS) {
@ -348,11 +346,9 @@ _PUBLIC_ enum ndr_err_code ndr_push_PAC_INFO(struct ndr_push *ndr, int ndr_flags
case PAC_TYPE_LOGON_NAME:
break;
case PAC_TYPE_UNKNOWN_12:
default:
break;
default:
return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
}
}
return NDR_ERR_SUCCESS;
@ -380,7 +376,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_PAC_INFO(struct ndr_pull *ndr, int ndr_flags
NDR_CHECK(ndr_pull_PAC_LOGON_NAME(ndr, NDR_SCALARS, &r->logon_name));
break; }
case PAC_TYPE_UNKNOWN_12: {
default: {
{
struct ndr_pull *_ndr_unknown;
NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_unknown, 0, -1));
@ -389,8 +385,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_PAC_INFO(struct ndr_pull *ndr, int ndr_flags
}
break; }
default:
return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
}
}
if (ndr_flags & NDR_BUFFERS) {
@ -408,11 +402,9 @@ _PUBLIC_ enum ndr_err_code ndr_pull_PAC_INFO(struct ndr_pull *ndr, int ndr_flags
case PAC_TYPE_LOGON_NAME:
break;
case PAC_TYPE_UNKNOWN_12:
default:
break;
default:
return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
}
}
return NDR_ERR_SUCCESS;
@ -440,12 +432,10 @@ _PUBLIC_ void ndr_print_PAC_INFO(struct ndr_print *ndr, const char *name, const
ndr_print_PAC_LOGON_NAME(ndr, "logon_name", &r->logon_name);
break;
case PAC_TYPE_UNKNOWN_12:
default:
ndr_print_DATA_BLOB_REM(ndr, "unknown", &r->unknown);
break;
default:
ndr_print_bad_level(ndr, name, level);
}
}

View File

@ -12310,8 +12310,14 @@ static enum ndr_err_code ndr_push_netr_ServerPasswordSet2(struct ndr_push *ndr,
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.computer_name, CH_UTF16)));
NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.computer_name, ndr_charset_length(r->in.computer_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, &r->in.credential));
NDR_CHECK(ndr_push_netr_CryptPassword(ndr, NDR_SCALARS, &r->in.new_password));
if (r->in.credential == NULL) {
return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
}
NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, r->in.credential));
if (r->in.new_password == NULL) {
return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
}
NDR_CHECK(ndr_push_netr_CryptPassword(ndr, NDR_SCALARS, r->in.new_password));
}
if (flags & NDR_OUT) {
if (r->out.return_authenticator == NULL) {
@ -12327,7 +12333,9 @@ static enum ndr_err_code ndr_pull_netr_ServerPasswordSet2(struct ndr_pull *ndr,
{
uint32_t _ptr_server_name;
TALLOC_CTX *_mem_save_server_name_0;
TALLOC_CTX *_mem_save_credential_0;
TALLOC_CTX *_mem_save_return_authenticator_0;
TALLOC_CTX *_mem_save_new_password_0;
if (flags & NDR_IN) {
ZERO_STRUCT(r->out);
@ -12364,8 +12372,20 @@ static enum ndr_err_code ndr_pull_netr_ServerPasswordSet2(struct ndr_pull *ndr,
}
NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t)));
NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16));
NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, &r->in.credential));
NDR_CHECK(ndr_pull_netr_CryptPassword(ndr, NDR_SCALARS, &r->in.new_password));
if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
NDR_PULL_ALLOC(ndr, r->in.credential);
}
_mem_save_credential_0 = NDR_PULL_GET_MEM_CTX(ndr);
NDR_PULL_SET_MEM_CTX(ndr, r->in.credential, LIBNDR_FLAG_REF_ALLOC);
NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, r->in.credential));
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_credential_0, LIBNDR_FLAG_REF_ALLOC);
if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
NDR_PULL_ALLOC(ndr, r->in.new_password);
}
_mem_save_new_password_0 = NDR_PULL_GET_MEM_CTX(ndr);
NDR_PULL_SET_MEM_CTX(ndr, r->in.new_password, LIBNDR_FLAG_REF_ALLOC);
NDR_CHECK(ndr_pull_netr_CryptPassword(ndr, NDR_SCALARS, r->in.new_password));
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_new_password_0, LIBNDR_FLAG_REF_ALLOC);
NDR_PULL_ALLOC(ndr, r->out.return_authenticator);
ZERO_STRUCTP(r->out.return_authenticator);
}
@ -12401,8 +12421,14 @@ _PUBLIC_ void ndr_print_netr_ServerPasswordSet2(struct ndr_print *ndr, const cha
ndr_print_string(ndr, "account_name", r->in.account_name);
ndr_print_netr_SchannelType(ndr, "secure_channel_type", r->in.secure_channel_type);
ndr_print_string(ndr, "computer_name", r->in.computer_name);
ndr_print_netr_Authenticator(ndr, "credential", &r->in.credential);
ndr_print_netr_CryptPassword(ndr, "new_password", &r->in.new_password);
ndr_print_ptr(ndr, "credential", r->in.credential);
ndr->depth++;
ndr_print_netr_Authenticator(ndr, "credential", r->in.credential);
ndr->depth--;
ndr_print_ptr(ndr, "new_password", r->in.new_password);
ndr->depth++;
ndr_print_netr_CryptPassword(ndr, "new_password", r->in.new_password);
ndr->depth--;
ndr->depth--;
}
if (flags & NDR_OUT) {

View File

@ -1355,8 +1355,8 @@ struct netr_ServerPasswordSet2 {
const char *account_name;/* [charset(UTF16)] */
enum netr_SchannelType secure_channel_type;
const char *computer_name;/* [charset(UTF16)] */
struct netr_Authenticator credential;
struct netr_CryptPassword new_password;
struct netr_Authenticator *credential;/* [ref] */
struct netr_CryptPassword *new_password;/* [ref] */
} in;
struct {

View File

@ -70,7 +70,7 @@ interface krb5pac
[case(PAC_TYPE_SRV_CHECKSUM)] PAC_SIGNATURE_DATA srv_cksum;
[case(PAC_TYPE_KDC_CHECKSUM)] PAC_SIGNATURE_DATA kdc_cksum;
[case(PAC_TYPE_LOGON_NAME)] PAC_LOGON_NAME logon_name;
[case(PAC_TYPE_UNKNOWN_12)] [subcontext(0)] DATA_BLOB_REM unknown;
[default] [subcontext(0)] DATA_BLOB_REM unknown;
/* [case(PAC_TYPE_UNKNOWN_12)] PAC_UNKNOWN_12 unknown; */
} PAC_INFO;

View File

@ -1182,9 +1182,9 @@ interface netlogon
[in] [string,charset(UTF16)] uint16 account_name[],
[in] netr_SchannelType secure_channel_type,
[in] [string,charset(UTF16)] uint16 computer_name[],
[in] netr_Authenticator credential,
[in] netr_CryptPassword new_password,
[out,ref] netr_Authenticator *return_authenticator
[in,ref] netr_Authenticator *credential,
[out,ref] netr_Authenticator *return_authenticator,
[in,ref] netr_CryptPassword *new_password
);
/****************/

View File

@ -1910,7 +1910,7 @@ static krb5_error_code ads_krb5_get_fwd_ticket( krb5_context context,
}
/* We now have a service ticket, now turn it into an AP-REQ. */
authenticator->length = ntohs(fwdData.length + GSSAPI_CHECKSUM_SIZE);
authenticator->length = fwdData.length + GSSAPI_CHECKSUM_SIZE;
/* Caller should call free() when they're done with this. */
authenticator->data = (char *)pChksum;

View File

@ -31,34 +31,60 @@
static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
const unsigned char orig_trust_passwd_hash[16],
const char *new_trust_pwd_cleartext,
const unsigned char new_trust_passwd_hash[16],
uint32 sec_channel_type)
{
NTSTATUS result;
uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
/* Check if the netlogon pipe is open using schannel. If so we
already have valid creds. If not we must set them up. */
result = rpccli_netlogon_setup_creds(cli,
cli->desthost, /* server name */
lp_workgroup(), /* domain */
global_myname(), /* client name */
global_myname(), /* machine account name */
orig_trust_passwd_hash,
sec_channel_type,
&neg_flags);
if (cli->auth->auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
result = rpccli_netlogon_setup_creds(cli,
cli->desthost, /* server name */
lp_workgroup(), /* domain */
global_myname(), /* client name */
global_myname(), /* machine account name */
orig_trust_passwd_hash,
sec_channel_type,
&neg_flags);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n",
nt_errstr(result)));
return result;
}
if (!NT_STATUS_IS_OK(result)) {
DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n",
nt_errstr(result)));
return result;
}
{
if (neg_flags & NETLOGON_NEG_PASSWORD_SET2) {
struct netr_Authenticator clnt_creds, srv_cred;
struct netr_CryptPassword new_password;
struct samr_CryptPassword password_buf;
netlogon_creds_client_step(cli->dc, &clnt_creds);
encode_pw_buffer(password_buf.data, new_trust_pwd_cleartext, STR_UNICODE);
SamOEMhash(password_buf.data, cli->dc->sess_key, 516);
memcpy(new_password.data, password_buf.data, 512);
new_password.length = IVAL(password_buf.data, 512);
result = rpccli_netr_ServerPasswordSet2(cli, mem_ctx,
cli->dc->remote_machine,
cli->dc->mach_acct,
sec_channel_type,
global_myname(),
&clnt_creds,
&srv_cred,
&new_password);
/* Always check returned credentials. */
if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) {
DEBUG(0,("rpccli_netr_ServerPasswordSet2: "
"credentials chain check failed\n"));
return NT_STATUS_ACCESS_DENIED;
}
} else {
struct netr_Authenticator clnt_creds, srv_cred;
struct samr_Password new_password;
@ -118,8 +144,11 @@ NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *m
E_md4hash(new_trust_passwd, new_trust_passwd_hash);
nt_status = just_change_the_password(cli, mem_ctx, orig_trust_passwd_hash,
new_trust_passwd_hash, sec_channel_type);
nt_status = just_change_the_password(cli, mem_ctx,
orig_trust_passwd_hash,
new_trust_passwd,
new_trust_passwd_hash,
sec_channel_type);
if (NT_STATUS_IS_OK(nt_status)) {
DEBUG(3,("%s : trust_pw_change_and_store_it: Changed password.\n",

View File

@ -139,7 +139,7 @@ if eval test x"$build_lib" = "xyes" ; then
LIBUC[_SHARED]=$LIBUC[_SHARED_TARGET]
AC_MSG_RESULT(yes)
if test x"$USESHARED" != x"true" -o x"$[LINK_]LIBUC" = "xSTATIC" ; then
LIBUC[_STATIC]=$LIBUC[_STATIC_TARGET]
enable_static=yes
else
LIBUC[_LIBS]=LIBLIBS
fi
@ -152,7 +152,7 @@ else
AC_MSG_RESULT(shared library not selected, but will supply static library)
fi
if test $enable_static = yes; then
LIBUC[_STATIC]=$LIBUC[_STATIC_TARGET]
LIBUC[_STATIC]=[\$\(]LIBUC[_OBJ0\)]
fi
m4_popdef([LIBNAME])

View File

@ -200,9 +200,9 @@ static bool tsmsm_is_offline(struct vfs_handle_struct *handle,
goto done;
}
lerrno = 0;
do {
lerrno = 0;
ret = dm_get_dmattr(*dmsession_id, dmhandle, dmhandle_len,
DM_NO_TOKEN, &dmname, buflen, buf, &rlen);
if (ret == -1 && errno == EINVAL) {
@ -279,10 +279,13 @@ static ssize_t tsmsm_aio_return(struct vfs_handle_struct *handle, struct files_s
static ssize_t tsmsm_sendfile(vfs_handle_struct *handle, int tofd, files_struct *fsp, const DATA_BLOB *hdr,
SMB_OFF_T offset, size_t n)
{
bool file_online = tsmsm_aio_force(handle, fsp);
bool file_offline = tsmsm_aio_force(handle, fsp);
if(!file_online)
return ENOSYS;
if (file_offline) {
DEBUG(10,("tsmsm_sendfile on offline file - rejecting\n"));
errno = ENOSYS;
return -1;
}
return SMB_VFS_NEXT_SENDFILE(handle, tofd, fsp, hdr, offset, n);
}
@ -333,7 +336,7 @@ static int tsmsm_set_offline(struct vfs_handle_struct *handle,
if (tsmd->hsmscript == NULL) {
/* no script enabled */
DEBUG(1, ("tsmsm_set_offline: No tsmsm:hsmscript configured\n"));
DEBUG(1, ("tsmsm_set_offline: No 'tsmsm:hsm script' configured\n"));
return 0;
}

View File

@ -296,8 +296,8 @@ static void reload_interfaces(time_t t)
BlockSignals(false, SIGTERM);
/* We only count IPv4 interfaces here. */
while (iface_count_v4() == 0 && !got_sig_term) {
/* We only count IPv4, non-loopback interfaces here. */
while (iface_count_v4_nl() == 0 && !got_sig_term) {
sleep(5);
load_interfaces();
}

View File

@ -434,7 +434,7 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
char *component, *dc, *q1;
char *q_orig = q;
int str_offset;
char *saveptr;
char *saveptr = NULL;
domain = get_mydnsdomname(talloc_tos());
if (!domain) {

View File

@ -195,19 +195,20 @@ struct subnet_record *make_normal_subnet(const struct interface *iface)
bool create_subnets(void)
{
/* We only count IPv4 interfaces whilst we're waiting. */
int num_interfaces = iface_count_v4();
int num_interfaces;
int i;
struct in_addr unicast_ip, ipzero;
try_interfaces_again:
if (iface_count_v4() == 0) {
DEBUG(0,("create_subnets: No local interfaces !\n"));
/* Only count IPv4, non-loopback interfaces. */
if (iface_count_v4_nl() == 0) {
DEBUG(0,("create_subnets: No local IPv4 non-loopback interfaces !\n"));
DEBUG(0,("create_subnets: Waiting for an interface to appear ...\n"));
}
/* We only count IPv4 interfaces here. */
while (iface_count_v4() == 0) {
/* We only count IPv4, non-loopback interfaces here. */
while (iface_count_v4_nl() == 0) {
void (*saved_handler)(int);
/*

View File

@ -12,6 +12,78 @@
#include "pam_winbind.h"
static const char *_pam_error_code_str(int err)
{
switch (err) {
case PAM_SUCCESS:
return "PAM_SUCCESS";
case PAM_OPEN_ERR:
return "PAM_OPEN_ERR";
case PAM_SYMBOL_ERR:
return "PAM_SYMBOL_ERR";
case PAM_SERVICE_ERR:
return "PAM_SERVICE_ERR";
case PAM_SYSTEM_ERR:
return "PAM_SYSTEM_ERR";
case PAM_BUF_ERR:
return "PAM_BUF_ERR";
case PAM_PERM_DENIED:
return "PAM_PERM_DENIED";
case PAM_AUTH_ERR:
return "PAM_AUTH_ERR";
case PAM_CRED_INSUFFICIENT:
return "PAM_CRED_INSUFFICIENT";
case PAM_AUTHINFO_UNAVAIL:
return "PAM_AUTHINFO_UNAVAIL";
case PAM_USER_UNKNOWN:
return "PAM_USER_UNKNOWN";
case PAM_MAXTRIES:
return "PAM_MAXTRIES";
case PAM_NEW_AUTHTOK_REQD:
return "PAM_NEW_AUTHTOK_REQD";
case PAM_ACCT_EXPIRED:
return "PAM_ACCT_EXPIRED";
case PAM_SESSION_ERR:
return "PAM_SESSION_ERR";
case PAM_CRED_UNAVAIL:
return "PAM_CRED_UNAVAIL";
case PAM_CRED_EXPIRED:
return "PAM_CRED_EXPIRED";
case PAM_CRED_ERR:
return "PAM_CRED_ERR";
case PAM_NO_MODULE_DATA:
return "PAM_NO_MODULE_DATA";
case PAM_CONV_ERR:
return "PAM_CONV_ERR";
case PAM_AUTHTOK_ERR:
return "PAM_AUTHTOK_ERR";
case PAM_AUTHTOK_RECOVERY_ERR:
return "PAM_AUTHTOK_RECOVERY_ERR";
case PAM_AUTHTOK_LOCK_BUSY:
return "PAM_AUTHTOK_LOCK_BUSY";
case PAM_AUTHTOK_DISABLE_AGING:
return "PAM_AUTHTOK_DISABLE_AGING";
case PAM_TRY_AGAIN:
return "PAM_TRY_AGAIN";
case PAM_IGNORE:
return "PAM_IGNORE";
case PAM_ABORT:
return "PAM_ABORT";
case PAM_AUTHTOK_EXPIRED:
return "PAM_AUTHTOK_EXPIRED";
case PAM_MODULE_UNKNOWN:
return "PAM_MODULE_UNKNOWN";
case PAM_BAD_ITEM:
return "PAM_BAD_ITEM";
case PAM_CONV_AGAIN:
return "PAM_CONV_AGAIN";
case PAM_INCOMPLETE:
return "PAM_INCOMPLETE";
default:
return NULL;
}
}
#define _PAM_LOG_FUNCTION_ENTER(function, ctx) \
do { \
_pam_log_debug(ctx, LOG_DEBUG, "[pamh: %p] ENTER: " \
@ -22,7 +94,8 @@
#define _PAM_LOG_FUNCTION_LEAVE(function, ctx, retval) \
do { \
_pam_log_debug(ctx, LOG_DEBUG, "[pamh: %p] LEAVE: " \
function " returning %d", ctx->pamh, retval); \
function " returning %d (%s)", ctx->pamh, retval, \
_pam_error_code_str(retval)); \
_pam_log_state(ctx); \
} while (0)
@ -698,8 +771,7 @@ static int pam_winbind_request_log(struct pwb_context *ctx,
/**
* send a password expiry message if required
*
* @param pamh PAM handle
* @param ctrl PAM winbind options.
* @param ctx PAM winbind context.
* @param next_change expected (calculated) next expiry date.
* @param already_expired pointer to a boolean to indicate if the password is
* already expired.
@ -760,8 +832,7 @@ static bool _pam_send_password_expiry_message(struct pwb_context *ctx,
/**
* Send a warning if the password expires in the near future
*
* @param pamh PAM handle
* @param ctrl PAM winbind options.
* @param ctx PAM winbind context.
* @param response The full authentication response structure.
* @param already_expired boolean, is the pwd already expired?
*
@ -850,8 +921,7 @@ static bool safe_append_string(char *dest,
/**
* Convert a names into a SID string, appending it to a buffer.
*
* @param pamh PAM handle
* @param ctrl PAM winbind options.
* @param ctx PAM winbind context.
* @param user User in PAM request.
* @param name Name to convert.
* @param sid_list_buffer Where to append the string sid.
@ -906,8 +976,7 @@ static bool winbind_name_to_sid_string(struct pwb_context *ctx,
/**
* Convert a list of names into a list of sids.
*
* @param pamh PAM handle
* @param ctrl PAM winbind options.
* @param ctx PAM winbind context.
* @param user User in PAM request.
* @param name_list List of names or string sids, separated by commas.
* @param sid_list_buffer Where to put the list of string sids.
@ -971,8 +1040,7 @@ out:
/**
* put krb5ccname variable into environment
*
* @param pamh PAM handle
* @param ctrl PAM winbind options.
* @param ctx PAM winbind context.
* @param krb5ccname env variable retrieved from winbindd.
*
* @return void.
@ -1010,8 +1078,7 @@ static void _pam_setup_krb5_env(struct pwb_context *ctx,
/**
* Set string into the PAM stack.
*
* @param pamh PAM handle
* @param ctrl PAM winbind options.
* @param ctx PAM winbind context.
* @param data_name Key name for pam_set_data.
* @param value String value.
*
@ -1042,8 +1109,7 @@ static void _pam_set_data_string(struct pwb_context *ctx,
/**
* Set info3 strings into the PAM stack.
*
* @param pamh PAM handle
* @param ctrl PAM winbind options.
* @param ctx PAM winbind context.
* @param data_name Key name for pam_set_data.
* @param value String value.
*
@ -1082,8 +1148,7 @@ static void _pam_free_data_info3(pam_handle_t *pamh)
/**
* Send PAM_ERROR_MSG for cached or grace logons.
*
* @param pamh PAM handle
* @param ctrl PAM winbind options.
* @param ctx PAM winbind context.
* @param username User in PAM request.
* @param info3_user_flgs Info3 flags containing logon type bits.
*
@ -1120,8 +1185,7 @@ static void _pam_warn_logon_type(struct pwb_context *ctx,
/**
* Send PAM_ERROR_MSG for krb5 errors.
*
* @param pamh PAM handle
* @param ctrl PAM winbind options.
* @param ctx PAM winbind context.
* @param username User in PAM request.
* @param info3_user_flgs Info3 flags containing logon type bits.
*
@ -1869,8 +1933,7 @@ static int get_warn_pwd_expire_from_config(struct pwb_context *ctx)
/**
* Retrieve the winbind separator.
*
* @param pamh PAM handle
* @param ctrl PAM winbind options.
* @param ctx PAM winbind context.
*
* @return string separator character. NULL on failure.
*/
@ -1894,8 +1957,7 @@ static char winbind_get_separator(struct pwb_context *ctx)
/**
* Convert a upn to a name.
*
* @param pamh PAM handle
* @param ctrl PAM winbind options.
* @param ctx PAM winbind context.
* @param upn USer UPN to be trabslated.
*
* @return converted name. NULL pointer on failure. Caller needs to free.
@ -2370,8 +2432,7 @@ out:
* evaluate whether we need to re-authenticate with kerberos after a
* password change
*
* @param pamh PAM handle
* @param ctrl PAM winbind options.
* @param ctx PAM winbind context.
* @param user The username
*
* @return boolean Returns true if required, false if not.

View File

@ -83,20 +83,20 @@ do { \
#include <security/pam_ext.h>
#endif
#define WINBIND_DEBUG_ARG (1<<0)
#define WINBIND_USE_AUTHTOK_ARG (1<<1)
#define WINBIND_UNKNOWN_OK_ARG (1<<2)
#define WINBIND_TRY_FIRST_PASS_ARG (1<<3)
#define WINBIND_USE_FIRST_PASS_ARG (1<<4)
#define WINBIND__OLD_PASSWORD (1<<5)
#define WINBIND_REQUIRED_MEMBERSHIP (1<<6)
#define WINBIND_KRB5_AUTH (1<<7)
#define WINBIND_KRB5_CCACHE_TYPE (1<<8)
#define WINBIND_CACHED_LOGIN (1<<9)
#define WINBIND_CONFIG_FILE (1<<10)
#define WINBIND_SILENT (1<<11)
#define WINBIND_DEBUG_STATE (1<<12)
#define WINBIND_WARN_PWD_EXPIRE (1<<13)
#define WINBIND_DEBUG_ARG 0x00000001
#define WINBIND_USE_AUTHTOK_ARG 0x00000002
#define WINBIND_UNKNOWN_OK_ARG 0x00000004
#define WINBIND_TRY_FIRST_PASS_ARG 0x00000008
#define WINBIND_USE_FIRST_PASS_ARG 0x00000010
#define WINBIND__OLD_PASSWORD 0x00000020
#define WINBIND_REQUIRED_MEMBERSHIP 0x00000040
#define WINBIND_KRB5_AUTH 0x00000080
#define WINBIND_KRB5_CCACHE_TYPE 0x00000100
#define WINBIND_CACHED_LOGIN 0x00000200
#define WINBIND_CONFIG_FILE 0x00000400
#define WINBIND_SILENT 0x00000800
#define WINBIND_DEBUG_STATE 0x00001000
#define WINBIND_WARN_PWD_EXPIRE 0x00002000
/*
* here is the string to inform the user that the new passwords they

View File

@ -176,11 +176,13 @@ static int winbind_named_pipe_sock(const char *dir)
/* Check permissions on unix socket directory */
if (lstat(dir, &st) == -1) {
errno = ENOENT;
return -1;
}
if (!S_ISDIR(st.st_mode) ||
(st.st_uid != 0 && st.st_uid != geteuid())) {
errno = ENOENT;
return -1;
}
@ -199,6 +201,7 @@ static int winbind_named_pipe_sock(const char *dir)
the winbindd daemon is not running. */
if (lstat(path, &st) == -1) {
errno = ENOENT;
SAFE_FREE(path);
return -1;
}
@ -208,6 +211,7 @@ static int winbind_named_pipe_sock(const char *dir)
if (!S_ISSOCK(st.st_mode) ||
(st.st_uid != 0 && st.st_uid != geteuid())) {
errno = ENOENT;
return -1;
}
@ -368,6 +372,7 @@ int winbind_write_sock(void *buffer, int count, int recursing, int need_priv)
restart:
if (winbind_open_pipe_sock(recursing, need_priv) == -1) {
errno = ENOENT;
return -1;
}
@ -564,7 +569,11 @@ NSS_STATUS winbindd_send_request(int req_type, int need_priv,
if (winbind_write_sock(request, sizeof(*request),
request->wb_flags & WBFLAG_RECURSE,
need_priv) == -1) {
need_priv) == -1)
{
/* Set ENOENT for consistency. Required by some apps */
errno = ENOENT;
return NSS_STATUS_UNAVAIL;
}
@ -572,7 +581,11 @@ NSS_STATUS winbindd_send_request(int req_type, int need_priv,
(winbind_write_sock(request->extra_data.data,
request->extra_len,
request->wb_flags & WBFLAG_RECURSE,
need_priv) == -1)) {
need_priv) == -1))
{
/* Set ENOENT for consistency. Required by some apps */
errno = ENOENT;
return NSS_STATUS_UNAVAIL;
}
@ -596,6 +609,9 @@ NSS_STATUS winbindd_get_response(struct winbindd_response *response)
/* Wait for reply */
if (winbindd_read_reply(response) == -1) {
/* Set ENOENT for consistency. Required by some apps */
errno = ENOENT;
return NSS_STATUS_UNAVAIL;
}

View File

@ -879,6 +879,33 @@ static bool wbinfo_lookupname(const char *full_name)
return true;
}
static char *wbinfo_prompt_pass(const char *prefix,
const char *username)
{
char *prompt;
const char *ret = NULL;
prompt = talloc_asprintf(talloc_tos(), "Enter %s's ", username);
if (!prompt) {
return NULL;
}
if (prefix) {
prompt = talloc_asprintf_append(prompt, "%s ", prefix);
if (!prompt) {
return NULL;
}
}
prompt = talloc_asprintf_append(prompt, "password: ");
if (!prompt) {
return NULL;
}
ret = getpass(prompt);
TALLOC_FREE(prompt);
return SMB_STRDUP(ret);
}
/* Authenticate a user with a plaintext password */
static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32 flags)
@ -887,6 +914,7 @@ static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32 flags)
struct winbindd_response response;
NSS_STATUS result;
char *p;
char *password;
/* Send off request */
@ -900,8 +928,12 @@ static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32 flags)
fstrcpy(request.data.auth.user, username);
fstrcpy(request.data.auth.pass, p + 1);
*p = '%';
} else
} else {
fstrcpy(request.data.auth.user, username);
password = wbinfo_prompt_pass(NULL, username);
fstrcpy(request.data.auth.pass, password);
SAFE_FREE(password);
}
request.flags = flags;
@ -947,7 +979,7 @@ static bool wbinfo_auth(char *username)
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
char *s = NULL;
char *p = NULL;
const char *password = NULL;
char *password = NULL;
char *name = NULL;
if ((s = SMB_STRDUP(username)) == NULL) {
@ -957,16 +989,9 @@ static bool wbinfo_auth(char *username)
if ((p = strchr(s, '%')) != NULL) {
*p = 0;
p++;
password = p;
password = SMB_STRDUP(p);
} else {
char *prompt;
asprintf(&prompt, "Enter %s's password:", username);
if (!prompt) {
return false;
}
password = getpass(prompt);
SAFE_FREE(prompt);
password = wbinfo_prompt_pass(NULL, username);
}
name = s;
@ -985,6 +1010,7 @@ static bool wbinfo_auth(char *username)
#endif
SAFE_FREE(s);
SAFE_FREE(password);
return WBC_ERROR_IS_OK(wbc_status);
}
@ -1001,26 +1027,18 @@ static bool wbinfo_auth_crap(char *username)
DATA_BLOB nt = data_blob_null;
fstring name_user;
fstring name_domain;
fstring pass;
char *pass;
char *p;
p = strchr(username, '%');
if (p) {
*p = 0;
fstrcpy(pass, p + 1);
pass = SMB_STRDUP(p + 1);
} else {
char *prompt;
asprintf(&prompt, "Enter %s's password:", username);
if (!prompt) {
return false;
}
fstrcpy(pass, getpass(prompt));
SAFE_FREE(prompt);
pass = wbinfo_prompt_pass(NULL, username);
}
parse_wbinfo_domain_user(username, name_domain, name_user);
params.account_name = name_user;
@ -1049,6 +1067,7 @@ static bool wbinfo_auth_crap(char *username)
&lm, &nt, NULL)) {
data_blob_free(&names_blob);
data_blob_free(&server_chal);
SAFE_FREE(pass);
return false;
}
data_blob_free(&names_blob);
@ -1093,6 +1112,7 @@ static bool wbinfo_auth_crap(char *username)
data_blob_free(&nt);
data_blob_free(&lm);
SAFE_FREE(pass);
return WBC_ERROR_IS_OK(wbc_status);
}

View File

@ -359,7 +359,9 @@ parse_response(int af, nss_XbyY_args_t* argp, struct winbindd_response *response
int addrcount = 0;
int len = 0;
struct in_addr *addrp;
#if defined(AF_INET6)
struct in6_addr *addrp6;
#endif
int i;
/* response is tab separated list of ip addresses with hostname
@ -391,7 +393,9 @@ parse_response(int af, nss_XbyY_args_t* argp, struct winbindd_response *response
addrp -= addrcount;
he->h_addr_list = (char **)ROUND_DOWN(addrp, sizeof (char*));
he->h_addr_list -= addrcount+1;
} else {
}
#if defined(AF_INET6)
else {
he->h_length = sizeof(struct in6_addr);
addrp6 = (struct in6_addr *)ROUND_DOWN(buffer + buflen,
sizeof(struct in6_addr));
@ -399,6 +403,7 @@ parse_response(int af, nss_XbyY_args_t* argp, struct winbindd_response *response
he->h_addr_list = (char **)ROUND_DOWN(addrp6, sizeof (char*));
he->h_addr_list -= addrcount+1;
}
#endif
/* buffer too small?! */
if((char *)he->h_addr_list < buffer ) {
@ -418,7 +423,9 @@ parse_response(int af, nss_XbyY_args_t* argp, struct winbindd_response *response
argp->erange = 1;
return NSS_STR_PARSE_ERANGE;
}
} else {
}
#if defined(AF_INET6)
else {
he->h_addr_list[i] = (char *)&addrp6[i];
if (strchr(data, ':') != 0) {
if (inet_pton(AF_INET6, data, &addrp6[i]) != 1) {
@ -434,6 +441,7 @@ parse_response(int af, nss_XbyY_args_t* argp, struct winbindd_response *response
IN6_INADDR_TO_V4MAPPED(&in4, &addrp6[i]);
}
}
#endif
data = p+1;
}
@ -481,6 +489,7 @@ _nss_winbind_ipnodes_getbyname(nss_backend_t* be, void *args)
AF_INET or for AF_INET6 and AI_ALL|AI_V4MAPPED we have to map
IPv4 to IPv6.
*/
#if defined(AF_INET6)
#ifdef HAVE_NSS_XBYY_KEY_IPNODE
af = argp->key.ipnode.af_family;
if(af == AF_INET6 && argp->key.ipnode.flags == 0) {
@ -490,6 +499,7 @@ _nss_winbind_ipnodes_getbyname(nss_backend_t* be, void *args)
#else
/* I'm not that sure if this is correct, but... */
af = AF_INET6;
#endif
#endif
strncpy(request.data.winsreq, argp->key.name, sizeof(request.data.winsreq) - 1);
@ -539,6 +549,7 @@ _nss_winbind_hosts_getbyaddr(nss_backend_t* be, void *args)
ZERO_STRUCT(response);
ZERO_STRUCT(request);
#if defined(AF_INET6)
/* winbindd currently does not resolve IPv6 */
if(argp->key.hostaddr.type == AF_INET6) {
argp->h_errno = NO_DATA;
@ -546,7 +557,15 @@ _nss_winbind_hosts_getbyaddr(nss_backend_t* be, void *args)
}
p = inet_ntop(argp->key.hostaddr.type, argp->key.hostaddr.addr,
request.data.winsreq, INET6_ADDRSTRLEN);
request.data.winsreq, sizeof request.data.winsreq);
#else
snprintf(request.data.winsreq, sizeof request.data.winsreq,
"%u.%u.%u.%u",
((unsigned char *)argp->key.hostaddr.addr)[0],
((unsigned char *)argp->key.hostaddr.addr)[1],
((unsigned char *)argp->key.hostaddr.addr)[2],
((unsigned char *)argp->key.hostaddr.addr)[3]);
#endif
ret = winbindd_request_response(WINBINDD_WINS_BYIP, &request, &response);

View File

@ -240,6 +240,7 @@ struct global {
int map_to_guest;
int oplock_break_wait_time;
int winbind_cache_time;
int winbind_reconnect_delay;
int winbind_max_idle_children;
char **szWinbindNssInfo;
int iLockSpinTime;
@ -4362,6 +4363,15 @@ static struct parm_struct parm_table[] = {
.enum_list = NULL,
.flags = FLAG_ADVANCED,
},
{
.label = "winbind reconnect delay",
.type = P_INTEGER,
.p_class = P_GLOBAL,
.ptr = &Globals.winbind_reconnect_delay,
.special = NULL,
.enum_list = NULL,
.flags = FLAG_ADVANCED,
},
{
.label = "winbind enum users",
.type = P_BOOL,
@ -4829,6 +4839,7 @@ static void init_globals(bool first_time_only)
Globals.clustering = False;
Globals.winbind_cache_time = 300; /* 5 minutes */
Globals.winbind_reconnect_delay = 30; /* 30 seconds */
Globals.bWinbindEnumUsers = False;
Globals.bWinbindEnumGroups = False;
Globals.bWinbindUseDefaultDomain = False;
@ -4839,7 +4850,7 @@ static void init_globals(bool first_time_only)
Globals.bWinbindRefreshTickets = False;
Globals.bWinbindOfflineLogon = False;
Globals.iIdmapCacheTime = 900; /* 15 minutes by default */
Globals.iIdmapCacheTime = 86400 * 7; /* a week by default */
Globals.iIdmapNegativeCacheTime = 120; /* 2 minutes by default */
Globals.bPassdbExpandExplicit = False;
@ -5082,7 +5093,7 @@ FN_GLOBAL_BOOL(lp_winbind_offline_logon, &Globals.bWinbindOfflineLogon)
FN_GLOBAL_BOOL(lp_winbind_normalize_names, &Globals.bWinbindNormalizeNames)
FN_GLOBAL_BOOL(lp_winbind_rpc_only, &Globals.bWinbindRpcOnly)
FN_GLOBAL_CONST_STRING(lp_idmap_backend, &Globals.szIdmapBackend) /* deprecated */
FN_GLOBAL_CONST_STRING(lp_idmap_backend, &Globals.szIdmapBackend)
FN_GLOBAL_STRING(lp_idmap_alloc_backend, &Globals.szIdmapAllocBackend)
FN_GLOBAL_INTEGER(lp_idmap_cache_time, &Globals.iIdmapCacheTime)
FN_GLOBAL_INTEGER(lp_idmap_negative_cache_time, &Globals.iIdmapNegativeCacheTime)
@ -5341,6 +5352,7 @@ FN_LOCAL_INTEGER(lp_directory_name_cache_size, iDirectoryNameCacheSize)
FN_LOCAL_INTEGER(lp_smb_encrypt, ismb_encrypt)
FN_LOCAL_CHAR(lp_magicchar, magic_char)
FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time)
FN_GLOBAL_INTEGER(lp_winbind_reconnect_delay, &Globals.winbind_reconnect_delay)
FN_GLOBAL_LIST(lp_winbind_nss_info, &Globals.szWinbindNssInfo)
FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, &Globals.AlgorithmicRidBase)
FN_GLOBAL_INTEGER(lp_name_cache_timeout, &Globals.name_cache_timeout)

View File

@ -1301,20 +1301,28 @@ static bool legacy_sid_to_gid(const DOM_SID *psid, gid_t *pgid)
void uid_to_sid(DOM_SID *psid, uid_t uid)
{
bool expired = true;
bool ret;
ZERO_STRUCTP(psid);
if (fetch_sid_from_uid_cache(psid, uid))
return;
if (!winbind_uid_to_sid(psid, uid)) {
if (!winbind_ping()) {
legacy_uid_to_sid(psid, uid);
/* Check the winbindd cache directly. */
ret = idmap_cache_find_uid2sid(uid, psid, &expired);
if (!ret || expired || (ret && is_null_sid(psid))) {
/* Not in cache. Ask winbindd. */
if (!winbind_uid_to_sid(psid, uid)) {
if (!winbind_ping()) {
legacy_uid_to_sid(psid, uid);
return;
}
DEBUG(5, ("uid_to_sid: winbind failed to find a sid for uid %u\n",
uid));
return;
}
DEBUG(5, ("uid_to_sid: winbind failed to find a sid for uid %u\n",
uid));
return;
}
DEBUG(10,("uid %u -> sid %s\n", (unsigned int)uid,
@ -1330,25 +1338,33 @@ void uid_to_sid(DOM_SID *psid, uid_t uid)
void gid_to_sid(DOM_SID *psid, gid_t gid)
{
bool expired = true;
bool ret;
ZERO_STRUCTP(psid);
if (fetch_sid_from_gid_cache(psid, gid))
return;
if (!winbind_gid_to_sid(psid, gid)) {
if (!winbind_ping()) {
legacy_gid_to_sid(psid, gid);
/* Check the winbindd cache directly. */
ret = idmap_cache_find_gid2sid(gid, psid, &expired);
if (!ret || expired || (ret && is_null_sid(psid))) {
/* Not in cache. Ask winbindd. */
if (!winbind_gid_to_sid(psid, gid)) {
if (!winbind_ping()) {
legacy_gid_to_sid(psid, gid);
return;
}
DEBUG(5, ("gid_to_sid: winbind failed to find a sid for gid %u\n",
gid));
return;
}
DEBUG(5, ("gid_to_sid: winbind failed to find a sid for gid %u\n",
gid));
return;
}
DEBUG(10,("gid %u -> sid %s\n", (unsigned int)gid,
sid_string_dbg(psid)));
store_gid_sid_cache(psid, gid);
return;
}
@ -1359,6 +1375,8 @@ void gid_to_sid(DOM_SID *psid, gid_t gid)
bool sid_to_uid(const DOM_SID *psid, uid_t *puid)
{
bool expired = true;
bool ret;
uint32 rid;
gid_t gid;
@ -1381,14 +1399,20 @@ bool sid_to_uid(const DOM_SID *psid, uid_t *puid)
return true;
}
if (!winbind_sid_to_uid(puid, psid)) {
if (!winbind_ping()) {
return legacy_sid_to_uid(psid, puid);
}
/* Check the winbindd cache directly. */
ret = idmap_cache_find_sid2uid(psid, puid, &expired);
DEBUG(5, ("winbind failed to find a uid for sid %s\n",
sid_string_dbg(psid)));
return false;
if (!ret || expired || (ret && (*puid == (uid_t)-1))) {
/* Not in cache. Ask winbindd. */
if (!winbind_sid_to_uid(puid, psid)) {
if (!winbind_ping()) {
return legacy_sid_to_uid(psid, puid);
}
DEBUG(5, ("winbind failed to find a uid for sid %s\n",
sid_string_dbg(psid)));
return false;
}
}
/* TODO: Here would be the place to allocate both a gid and a uid for
@ -1408,6 +1432,8 @@ bool sid_to_uid(const DOM_SID *psid, uid_t *puid)
bool sid_to_gid(const DOM_SID *psid, gid_t *pgid)
{
bool expired = true;
bool ret;
uint32 rid;
uid_t uid;
@ -1429,24 +1455,28 @@ bool sid_to_gid(const DOM_SID *psid, gid_t *pgid)
return true;
}
/* Ask winbindd if it can map this sid to a gid.
* (Idmap will check it is a valid SID and of the right type) */
/* Check the winbindd cache directly. */
ret = idmap_cache_find_sid2gid(psid, pgid, &expired);
if ( !winbind_sid_to_gid(pgid, psid) ) {
if (!winbind_ping()) {
return legacy_sid_to_gid(psid, pgid);
if (!ret || expired || (ret && (*pgid == (gid_t)-1))) {
/* Not in cache or negative. Ask winbindd. */
/* Ask winbindd if it can map this sid to a gid.
* (Idmap will check it is a valid SID and of the right type) */
if ( !winbind_sid_to_gid(pgid, psid) ) {
if (!winbind_ping()) {
return legacy_sid_to_gid(psid, pgid);
}
DEBUG(10,("winbind failed to find a gid for sid %s\n",
sid_string_dbg(psid)));
return false;
}
DEBUG(10,("winbind failed to find a gid for sid %s\n",
sid_string_dbg(psid)));
return false;
}
DEBUG(10,("sid %s -> gid %u\n", sid_string_dbg(psid),
(unsigned int)*pgid ));
store_gid_sid_cache(psid, *pgid);
return true;
}

View File

@ -979,8 +979,8 @@ static NTSTATUS rpc_api_pipe(struct rpc_pipe_client *cli,
while(1) {
RPC_HDR rhdr;
char *ret_data;
uint32 ret_data_len;
char *ret_data = NULL;
uint32 ret_data_len = 0;
/* Ensure we have enough data for a pdu. */
ret = cli_pipe_get_current_pdu(cli, &rhdr, &current_pdu);

View File

@ -521,7 +521,16 @@ NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p,
return NT_STATUS_ACCESS_DENIED;
}
srv_flgs = 0x000001ff;
/* 0x000001ff */
srv_flgs = NETLOGON_NEG_ACCOUNT_LOCKOUT |
NETLOGON_NEG_PERSISTENT_SAMREPL |
NETLOGON_NEG_ARCFOUR |
NETLOGON_NEG_PROMOTION_COUNT |
NETLOGON_NEG_CHANGELOG_BDC |
NETLOGON_NEG_FULL_SYNC_REPL |
NETLOGON_NEG_MULTIPLE_SIDS |
NETLOGON_NEG_REDO |
NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL;
if (lp_server_schannel() != false) {
srv_flgs |= NETLOGON_NEG_SCHANNEL;

View File

@ -268,12 +268,15 @@ bool schedule_aio_read_and_X(connection_struct *conn,
a->aio_sigevent.sigev_signo = RT_SIGNAL_AIO;
a->aio_sigevent.sigev_value.sival_int = aio_ex->mid;
become_root();
if (SMB_VFS_AIO_READ(fsp,a) == -1) {
DEBUG(0,("schedule_aio_read_and_X: aio_read failed. "
"Error %s\n", strerror(errno) ));
delete_aio_ex(aio_ex);
unbecome_root();
return False;
}
unbecome_root();
DEBUG(10,("schedule_aio_read_and_X: scheduled aio_read for file %s, "
"offset %.0f, len = %u (mid = %u)\n",
@ -366,13 +369,16 @@ bool schedule_aio_write_and_X(connection_struct *conn,
a->aio_sigevent.sigev_signo = RT_SIGNAL_AIO;
a->aio_sigevent.sigev_value.sival_int = aio_ex->mid;
become_root();
if (SMB_VFS_AIO_WRITE(fsp,a) == -1) {
DEBUG(3,("schedule_aio_wrote_and_X: aio_write failed. "
"Error %s\n", strerror(errno) ));
delete_aio_ex(aio_ex);
unbecome_root();
return False;
}
unbecome_root();
release_level_2_oplocks_on_change(fsp);
if (!write_through && !lp_syncalways(SNUM(fsp->conn))

View File

@ -454,6 +454,12 @@ void reply_ntcreate_and_X(struct smb_request *req)
(unsigned int)root_dir_fid,
fname));
/*
* we need to remove ignored bits when they come directly from the client
* because we reuse some of them for internal stuff
*/
create_options &= ~NTCREATEX_OPTIONS_MUST_IGNORE_MASK;
/*
* If it's an IPC, use the pipe handler.
*/
@ -858,6 +864,12 @@ static void call_nt_transact_create(connection_struct *conn,
allocation_size |= (((SMB_BIG_UINT)IVAL(params,16)) << 32);
#endif
/*
* we need to remove ignored bits when they come directly from the client
* because we reuse some of them for internal stuff
*/
create_options &= ~NTCREATEX_OPTIONS_MUST_IGNORE_MASK;
/* Ensure the data_len is correct for the sd and ea values given. */
if ((ea_len + sd_len > data_count)
|| (ea_len > data_count) || (sd_len > data_count)

View File

@ -2560,6 +2560,11 @@ NTSTATUS create_file_unixpath(connection_struct *conn,
goto fail;
}
if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
status = NT_STATUS_INVALID_PARAMETER;
goto fail;
}
if (req == NULL) {
oplock_request |= INTERNAL_OPEN_ONLY;
}

View File

@ -3198,8 +3198,9 @@ static void send_file_readX(connection_struct *conn, struct smb_request *req,
setup_readX_header((char *)headerbuf, smb_maxcnt);
if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) {
/* Returning ENOSYS means no data at all was sent. Do this as a normal read. */
if (errno == ENOSYS) {
/* Returning ENOSYS or EINVAL means no data at all was sent.
Do this as a normal read. */
if (errno == ENOSYS || errno == EINVAL) {
goto normal_read;
}

View File

@ -1738,16 +1738,19 @@ void reply_sesssetup_and_X(struct smb_request *req)
return;
}
nt_status = create_local_token(server_info);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(10, ("create_local_token failed: %s\n",
nt_errstr(nt_status)));
data_blob_free(&nt_resp);
data_blob_free(&lm_resp);
data_blob_clear_free(&plaintext_password);
reply_nterror(req, nt_status_squash(nt_status));
END_PROFILE(SMBsesssetupX);
return;
if (!server_info->ptok) {
nt_status = create_local_token(server_info);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(10, ("create_local_token failed: %s\n",
nt_errstr(nt_status)));
data_blob_free(&nt_resp);
data_blob_free(&lm_resp);
data_blob_clear_free(&plaintext_password);
reply_nterror(req, nt_status_squash(nt_status));
END_PROFILE(SMBsesssetupX);
return;
}
}
data_blob_clear_free(&plaintext_password);

View File

@ -219,7 +219,7 @@ NTSTATUS rpc_vampire_ldif_internals(struct net_context *c,
int rpc_vampire_ldif(struct net_context *c, int argc, const char **argv)
{
if (c->display_usage) {
d_printf("Usage\n"
d_printf("Usage:\n"
"net rpc vampire ldif\n"
" Dump remote SAM database to LDIF file or stdout\n");
return 0;
@ -343,7 +343,7 @@ int rpc_vampire_keytab(struct net_context *c, int argc, const char **argv)
int ret = 0;
if (c->display_usage) {
d_printf("Usage\n"
d_printf("Usage:\n"
"net rpc vampire keytab\n"
" Dump remote SAM database to Kerberos keytab file\n");
return 0;

View File

@ -476,7 +476,7 @@ bool net_find_pdc(struct sockaddr_storage *server_ss,
NTSTATUS net_make_ipc_connection(struct net_context *c, unsigned flags,
struct cli_state **pcli)
{
return net_make_ipc_connection_ex(c, NULL, NULL, NULL, flags, pcli);
return net_make_ipc_connection_ex(c, c->opt_workgroup, NULL, NULL, flags, pcli);
}
NTSTATUS net_make_ipc_connection_ex(struct net_context *c ,const char *domain,
@ -492,7 +492,8 @@ NTSTATUS net_make_ipc_connection_ex(struct net_context *c ,const char *domain,
if ( !server || !pss ) {
if (!net_find_server(c, domain, flags, &server_ss,
&server_name)) {
d_fprintf(stderr, "Unable to find a suitable server\n");
d_fprintf(stderr, "Unable to find a suitable server "
"for domain %s\n", domain);
nt_status = NT_STATUS_UNSUCCESSFUL;
goto done;
}

View File

@ -1228,9 +1228,9 @@ static struct server_id parse_dest(const char *dest)
struct server_id result = {-1};
pid_t pid;
/* Zero is a special return value for broadcast smbd */
/* Zero is a special return value for broadcast to all processes */
if (strequal(dest, "smbd")) {
if (strequal(dest, "all")) {
return interpret_pid(MSG_BROADCAST_PID_STR);
}
@ -1245,7 +1245,6 @@ static struct server_id parse_dest(const char *dest)
dest = "winbindd";
}
if (!(strequal(dest, "winbindd") || strequal(dest, "nmbd"))) {
/* Check for numeric pid number */
@ -1266,7 +1265,7 @@ static struct server_id parse_dest(const char *dest)
fprintf(stderr,"Can't find pid for destination '%s'\n", dest);
return result;
}
}
/* Execute smbcontrol command */

View File

@ -87,7 +87,7 @@ NTSTATUS idmap_gid_to_sid(const char *domname, DOM_SID *sid, gid_t gid)
DEBUG(10,("gid = [%lu]\n", (unsigned long)gid));
if (idmap_cache_find_uid2sid(gid, sid, &expired)) {
if (idmap_cache_find_gid2sid(gid, sid, &expired)) {
DEBUG(10, ("idmap_cache_find_gid2sid found %d%s\n", gid,
expired ? " (expired)": ""));
if (expired && idmap_is_online()) {

View File

@ -153,6 +153,7 @@ struct winbindd_child {
struct fd_event event;
struct timed_event *lockout_policy_event;
struct timed_event *machine_password_change_event;
struct winbindd_async_request *requests;
const struct winbindd_child_dispatch_table *table;
@ -204,6 +205,7 @@ struct winbindd_domain {
uint32_t id_range_low, id_range_high;
/* A working DC */
pid_t dc_probe_pid; /* Child we're using to detect the DC. */
fstring dcname;
struct sockaddr_storage dcaddr;

View File

@ -8,17 +8,17 @@
Copyright (C) Gerald (Jerry) Carter 2003-2005.
Copyright (C) Volker Lendecke 2004-2005
Copyright (C) Jeremy Allison 2006
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@ -27,14 +27,14 @@
We need to manage connections to domain controllers without having to
mess up the main winbindd code with other issues. The aim of the
connection manager is to:
- make connections to domain controllers and cache them
- re-establish connections when networks or servers go down
- centralise the policy on connection timeouts, domain controller
selection etc
- manage re-entrancy for when winbindd becomes able to handle
multiple outstanding rpc requests
Why not have connection management as part of the rpc layer like tng?
Good question. This code may morph into libsmb/rpc_cache.c or something
like that but at the moment it's simply staying as part of winbind. I
@ -171,20 +171,33 @@ static bool fork_child_dc_connect(struct winbindd_domain *domain)
struct dc_name_ip *dcs = NULL;
int num_dcs = 0;
TALLOC_CTX *mem_ctx = NULL;
pid_t child_pid;
pid_t parent_pid = sys_getpid();
/* Stop zombies */
CatchChild();
child_pid = sys_fork();
if (domain->dc_probe_pid != (pid_t)-1) {
/*
* We might already have a DC probe
* child working, check.
*/
if (process_exists_by_pid(domain->dc_probe_pid)) {
DEBUG(10,("fork_child_dc_connect: pid %u already "
"checking for DC's.\n",
(unsigned int)domain->dc_probe_pid));
return true;
}
domain->dc_probe_pid = (pid_t)-1;
}
if (child_pid == -1) {
domain->dc_probe_pid = sys_fork();
if (domain->dc_probe_pid == (pid_t)-1) {
DEBUG(0, ("fork_child_dc_connect: Could not fork: %s\n", strerror(errno)));
return False;
}
if (child_pid != 0) {
if (domain->dc_probe_pid != (pid_t)0) {
/* Parent */
messaging_register(winbind_messaging_context(), NULL,
MSG_WINBIND_TRY_TO_GO_ONLINE,
@ -201,6 +214,11 @@ static bool fork_child_dc_connect(struct winbindd_domain *domain)
if (!reinit_after_fork(winbind_messaging_context(), true)) {
DEBUG(0,("reinit_after_fork() failed\n"));
messaging_send_buf(winbind_messaging_context(),
pid_to_procid(parent_pid),
MSG_WINBIND_FAILED_TO_GO_ONLINE,
(uint8 *)domain->name,
strlen(domain->name)+1);
_exit(0);
}
@ -218,6 +236,11 @@ static bool fork_child_dc_connect(struct winbindd_domain *domain)
mem_ctx = talloc_init("fork_child_dc_connect");
if (!mem_ctx) {
DEBUG(0,("talloc_init failed.\n"));
messaging_send_buf(winbind_messaging_context(),
pid_to_procid(parent_pid),
MSG_WINBIND_FAILED_TO_GO_ONLINE,
(uint8 *)domain->name,
strlen(domain->name)+1);
_exit(0);
}
@ -291,12 +314,12 @@ static void check_domain_online_handler(struct event_context *ctx,
static void calc_new_online_timeout_check(struct winbindd_domain *domain)
{
int wbc = lp_winbind_cache_time();
int wbr = lp_winbind_reconnect_delay();
if (domain->startup) {
domain->check_online_timeout = 10;
} else if (domain->check_online_timeout < wbc) {
domain->check_online_timeout = wbc;
} else if (domain->check_online_timeout < wbr) {
domain->check_online_timeout = wbr;
}
}
@ -336,7 +359,7 @@ void set_domain_offline(struct winbindd_domain *domain)
}
/* If we're in statup mode, check again in 10 seconds, not in
lp_winbind_cache_time() seconds (which is 5 mins by default). */
lp_winbind_reconnect_delay() seconds (which is 30 seconds by default). */
calc_new_online_timeout_check(domain);
@ -360,7 +383,7 @@ void set_domain_offline(struct winbindd_domain *domain)
if ( domain->primary ) {
struct winbindd_child *idmap = idmap_child();
if ( idmap->pid != 0 ) {
messaging_send_buf(winbind_messaging_context(),
pid_to_procid(idmap->pid),
@ -439,7 +462,7 @@ static void set_domain_online(struct winbindd_domain *domain)
if ( domain->primary ) {
struct winbindd_child *idmap = idmap_child();
if ( idmap->pid != 0 ) {
messaging_send_buf(winbind_messaging_context(),
pid_to_procid(idmap->pid),
@ -530,7 +553,7 @@ void winbind_add_failed_connection_entry(const struct winbindd_domain *domain,
an authenticated connection if DCs have the RestrictAnonymous registry
entry set > 0, or the "Additional restrictions for anonymous
connections" set in the win2k Local Security Policy.
Caller to free() result in domain, username, password
*/
@ -539,12 +562,12 @@ static void cm_get_ipc_userpass(char **username, char **domain, char **password)
*username = (char *)secrets_fetch(SECRETS_AUTH_USER, NULL);
*domain = (char *)secrets_fetch(SECRETS_AUTH_DOMAIN, NULL);
*password = (char *)secrets_fetch(SECRETS_AUTH_PASSWORD, NULL);
if (*username && **username) {
if (!*domain || !**domain)
*domain = smb_xstrdup(lp_workgroup());
if (!*password || !**password)
*password = smb_xstrdup("");
@ -680,7 +703,7 @@ static NTSTATUS get_trust_creds(const struct winbindd_domain *domain,
{
const char *account_name;
const char *name = NULL;
/* If we are a DC and this is not our own domain */
if (IS_DC) {
@ -690,10 +713,10 @@ static NTSTATUS get_trust_creds(const struct winbindd_domain *domain,
if (!our_domain)
return NT_STATUS_INVALID_SERVER_STATE;
name = our_domain->name;
}
if (!get_trust_pw_clear(name, machine_password,
&account_name, NULL))
{
@ -715,7 +738,7 @@ static NTSTATUS get_trust_creds(const struct winbindd_domain *domain,
if (!our_domain) {
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
if (asprintf(machine_krb5_principal, "%s$@%s",
account_name, our_domain->alt_name) == -1)
{
@ -852,7 +875,7 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
result = ads_ntstatus(ads_status);
if (NT_STATUS_IS_OK(result)) {
/* Ensure creds are stored for NTLMSSP authenticated pipe access. */
cli_init_creds(*cli, machine_account, domain->name, machine_password);
cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password);
goto session_setup_done;
}
}
@ -877,7 +900,7 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
result = ads_ntstatus(ads_status);
if (NT_STATUS_IS_OK(result)) {
/* Ensure creds are stored for NTLMSSP authenticated pipe access. */
cli_init_creds(*cli, machine_account, domain->name, machine_password);
cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password);
goto session_setup_done;
}
}
@ -914,6 +937,9 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
anon_fallback:
/* Fall back to anonymous connection, this might fail later */
DEBUG(10,("cm_prepare_connection: falling back to anonymous "
"connection for DC %s\n",
controller ));
if (NT_STATUS_IS_OK(cli_session_setup(*cli, "", NULL, 0,
NULL, 0, ""))) {
@ -1316,7 +1342,7 @@ static bool find_new_dc(TALLOC_CTX *mem_ctx,
TALLOC_FREE(dcnames);
num_dcnames = 0;
TALLOC_FREE(addrs);
num_addrs = 0;
@ -1342,7 +1368,7 @@ static NTSTATUS cm_open_connection(struct winbindd_domain *domain,
/* we have to check the server affinity cache here since
later we selecte a DC based on response time and not preference */
/* Check the negative connection cache
before talking to it. It going down may have
triggered the reconnection. */
@ -1592,26 +1618,26 @@ static bool set_dc_type_and_flags_trustinfo( struct winbindd_domain *domain )
TALLOC_CTX *mem_ctx = NULL;
DEBUG(5, ("set_dc_type_and_flags_trustinfo: domain %s\n", domain->name ));
/* Our primary domain doesn't need to worry about trust flags.
Force it to go through the network setup */
if ( domain->primary ) {
return False;
}
our_domain = find_our_domain();
if ( !connection_ok(our_domain) ) {
DEBUG(3,("set_dc_type_and_flags_trustinfo: No connection to our domain!\n"));
return False;
}
/* This won't work unless our domain is AD */
if ( !our_domain->active_directory ) {
return False;
}
/* Use DsEnumerateDomainTrusts to get us the trust direction
and type */
@ -1672,13 +1698,13 @@ static bool set_dc_type_and_flags_trustinfo( struct winbindd_domain *domain )
if ( !winbindd_can_contact_domain( domain) )
domain->internal = True;
break;
}
}
talloc_destroy( mem_ctx );
return domain->initialized;
}
@ -1775,7 +1801,7 @@ no_dssetup:
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED, &pol);
if (NT_STATUS_IS_OK(result)) {
/* This particular query is exactly what Win2k clients use
to determine that the DC is active directory */
@ -1904,6 +1930,10 @@ static bool cm_get_schannel_dcinfo(struct winbindd_domain *domain,
/* Return a pointer to the struct dcinfo from the
netlogon pipe. */
if (!domain->conn.netlogon_pipe->dc) {
return false;
}
*ppdc = domain->conn.netlogon_pipe->dc;
return True;
}
@ -1930,6 +1960,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
goto done;
}
/*
* No SAMR pipe yet. Attempt to get an NTLMSSP SPNEGO authenticated
* sign and sealed pipe using the machine account password by
@ -2303,7 +2334,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
if (!NT_STATUS_IS_OK(result)) {
DEBUG(3, ("Could not open schannel'ed NETLOGON pipe. Error "
"was %s\n", nt_errstr(result)));
/* make sure we return something besides OK */
return !NT_STATUS_IS_OK(result) ? result : NT_STATUS_PIPE_NOT_AVAILABLE;
}

View File

@ -840,6 +840,111 @@ static void account_lockout_policy_handler(struct event_context *ctx,
child);
}
static time_t get_machine_password_timeout(void)
{
/* until we have gpo support use lp setting */
return lp_machine_password_timeout();
}
static bool calculate_next_machine_pwd_change(const char *domain,
struct timeval *t)
{
time_t pass_last_set_time;
time_t timeout;
time_t next_change;
char *pw;
pw = secrets_fetch_machine_password(domain,
&pass_last_set_time,
NULL);
if (pw == NULL) {
DEBUG(0,("cannot fetch own machine password ????"));
return false;
}
SAFE_FREE(pw);
timeout = get_machine_password_timeout();
if (timeout == 0) {
DEBUG(10,("machine password never expires\n"));
return false;
}
if (time(NULL) < (pass_last_set_time + timeout)) {
next_change = pass_last_set_time + timeout;
DEBUG(10,("machine password still valid until: %s\n",
http_timestring(next_change)));
*t = timeval_set(next_change, 0);
return true;
}
DEBUG(10,("machine password expired, needs immediate change\n"));
*t = timeval_zero();
return true;
}
static void machine_password_change_handler(struct event_context *ctx,
struct timed_event *te,
const struct timeval *now,
void *private_data)
{
struct winbindd_child *child =
(struct winbindd_child *)private_data;
struct rpc_pipe_client *netlogon_pipe = NULL;
TALLOC_CTX *frame;
NTSTATUS result;
struct timeval next_change;
DEBUG(10,("machine_password_change_handler called\n"));
TALLOC_FREE(child->machine_password_change_event);
if (!calculate_next_machine_pwd_change(child->domain->name,
&next_change)) {
return;
}
if (!winbindd_can_contact_domain(child->domain)) {
DEBUG(10,("machine_password_change_handler: Removing myself since I "
"do not have an incoming trust to domain %s\n",
child->domain->name));
return;
}
result = cm_connect_netlogon(child->domain, &netlogon_pipe);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(10,("machine_password_change_handler: "
"failed to connect netlogon pipe: %s\n",
nt_errstr(result)));
return;
}
frame = talloc_stackframe();
result = trust_pw_find_change_and_store_it(netlogon_pipe,
frame,
child->domain->name);
TALLOC_FREE(frame);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(10,("machine_password_change_handler: "
"failed to change machine password: %s\n",
nt_errstr(result)));
} else {
DEBUG(10,("machine_password_change_handler: "
"successfully changed machine password\n"));
}
child->machine_password_change_event = event_add_timed(winbind_event_context(), NULL,
next_change,
"machine_password_change_handler",
machine_password_change_handler,
child);
}
/* Deal with a request to go offline. */
static void child_msg_offline(struct messaging_context *msg,
@ -1138,6 +1243,21 @@ static bool fork_domain_child(struct winbindd_child *child)
child);
}
if (child->domain && child->domain->primary &&
lp_server_role() == ROLE_DOMAIN_MEMBER) {
struct timeval next_change;
if (calculate_next_machine_pwd_change(child->domain->name,
&next_change)) {
child->machine_password_change_event = event_add_timed(
winbind_event_context(), NULL, next_change,
"machine_password_change_handler",
machine_password_change_handler,
child);
}
}
while (1) {
int ret;

View File

@ -86,10 +86,7 @@ enum winbindd_result winbindd_dual_check_machine_acct(struct winbindd_domain *do
"good" : "bad"));
done:
state->response.data.auth.nt_status = NT_STATUS_V(result);
fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result));
fstrcpy(state->response.data.auth.error_string, nt_errstr(result));
state->response.data.auth.pam_error = nt_status_to_pam(result);
set_auth_errors(&state->response, result);
DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("Checking the trust account password returned %s\n",
state->response.data.auth.nt_status_string));

File diff suppressed because it is too large Load Diff

View File

@ -590,6 +590,7 @@ void winbindd_set_locator_kdc_envs(const struct winbindd_domain *domain);
void winbindd_unset_locator_kdc_env(const struct winbindd_domain *domain);
void winbindd_set_locator_kdc_envs(const struct winbindd_domain *domain);
void winbindd_unset_locator_kdc_env(const struct winbindd_domain *domain);
void set_auth_errors(struct winbindd_response *resp, NTSTATUS result);
/* The following definitions come from winbindd/winbindd_wins.c */

View File

@ -180,11 +180,11 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
domain->initialized = False;
domain->online = is_internal_domain(sid);
domain->check_online_timeout = 0;
domain->dc_probe_pid = (pid_t)-1;
if (sid) {
sid_copy(&domain->sid, sid);
}
/* Link to domain list */
DLIST_ADD_END(_domain_list, domain, struct winbindd_domain *);
@ -1544,3 +1544,15 @@ void winbindd_unset_locator_kdc_env(const struct winbindd_domain *domain)
}
#endif /* HAVE_KRB5_LOCATE_PLUGIN_H */
void set_auth_errors(struct winbindd_response *resp, NTSTATUS result)
{
resp->data.auth.nt_status = NT_STATUS_V(result);
fstrcpy(resp->data.auth.nt_status_string, nt_errstr(result));
/* we might have given a more useful error above */
if (*resp->data.auth.error_string == '\0')
fstrcpy(resp->data.auth.error_string,
get_friendly_nt_error_msg(result));
resp->data.auth.pam_error = nt_status_to_pam(result);
}