mirror of
https://github.com/samba-team/samba.git
synced 2025-01-26 10:04:02 +03:00
Merge branch 'v3-devel' of ssh://git.samba.org/data/git/samba into v3-devel
(This used to be commit e038f1cf9fb305fc1e7a4189208e451d30aaa1f0)
This commit is contained in:
commit
a1de4e988d
5
.gitignore
vendored
5
.gitignore
vendored
@ -12,6 +12,7 @@ source/include/stamp-h
|
||||
source/include/version.h
|
||||
source/Makefile
|
||||
source/lib/netapi/examples/Makefile
|
||||
source/lib/netapi/tests/Makefile
|
||||
source/config.log
|
||||
source/config.status
|
||||
source/configure
|
||||
@ -32,6 +33,8 @@ source/cscope.out
|
||||
source/torture.tdb
|
||||
source/pkgconfig/*.pc
|
||||
source/st
|
||||
source/exports/libsmbclient.syms
|
||||
source/exports/libsmbsharemodes.syms
|
||||
source/exports/libnetapi.syms
|
||||
source/exports/libtalloc.syms
|
||||
source/exports/libtdb.syms
|
||||
@ -61,6 +64,8 @@ examples/libsmbclient/teststat3
|
||||
examples/libsmbclient/testutime
|
||||
examples/libsmbclient/testwrite
|
||||
examples/libsmbclient/testtruncate
|
||||
examples/libsmbclient/tree
|
||||
examples/libsmbclient/Makefile.internal
|
||||
source/librpc/gen_ndr/cli_krb5pac.*
|
||||
source/librpc/gen_ndr/cli_messaging.*
|
||||
source/librpc/gen_ndr/cli_misc.*
|
||||
|
@ -850,7 +850,20 @@ to run this against the PDC, from a Samba machine joined as a BDC. </para>
|
||||
<para>Export users, aliases and groups from remote server to
|
||||
local server. You need to run this against the PDC, from a Samba machine joined as a BDC.
|
||||
</para>
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>RPC VAMPIRE KEYTAB</title>
|
||||
|
||||
<para>Dump remote SAM database to local Kerberos keytab file.
|
||||
</para>
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>RPC VAMPIRE LDIF</title>
|
||||
|
||||
<para>Dump remote SAM database to local LDIF file or standard output.
|
||||
</para>
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
|
@ -58,23 +58,32 @@
|
||||
on STDIN. An empty command line or a "q" will quit the
|
||||
program.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>destination</term>
|
||||
<listitem><para>One of <parameter>nmbd</parameter>, <parameter>smbd</parameter> or a process ID.</para>
|
||||
|
||||
<para>The <parameter>all</parameter> destination causes the
|
||||
message to "broadcast" to all running daemons including nmbd and
|
||||
winbind. This is a change for Samba 3.3, prior to this the
|
||||
paramter smbd used to do this.</para>
|
||||
|
||||
<para>The <parameter>smbd</parameter> destination causes the
|
||||
message to "broadcast" to all smbd daemons.</para>
|
||||
message to be sent to the smbd daemon specified in the
|
||||
<filename>smbd.pid</filename> file.</para>
|
||||
|
||||
<para>The <parameter>nmbd</parameter> destination causes the
|
||||
message to be sent to the nmbd daemon specified in the
|
||||
<filename>nmbd.pid</filename> file.</para>
|
||||
|
||||
<para>The <parameter>winbindd</parameter> destination causes the
|
||||
message to be sent to the winbind daemon specified in the
|
||||
<filename>winbindd.pid</filename> file.</para>
|
||||
|
||||
<para>If a single process ID is given, the message is sent
|
||||
to only that process.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>message-type</term>
|
||||
<listitem><para>Type of message to send. See
|
||||
|
15
docs-xml/smbdotconf/logon/initlogondelay.xml
Normal file
15
docs-xml/smbdotconf/logon/initlogondelay.xml
Normal file
@ -0,0 +1,15 @@
|
||||
<samba:parameter name="init logon delay"
|
||||
context="G"
|
||||
type="integer"
|
||||
advanced="1" developer="1"
|
||||
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
||||
<description>
|
||||
<para>
|
||||
This parameter specifies a delay in milliseconds for the hosts configured
|
||||
for delayed initial samlogon with
|
||||
<smbconfoption name="init logon delayed hosts"/>.
|
||||
</para>
|
||||
</description>
|
||||
|
||||
<value type="default">100</value>
|
||||
</samba:parameter>
|
21
docs-xml/smbdotconf/logon/initlogondelayedhosts.xml
Normal file
21
docs-xml/smbdotconf/logon/initlogondelayedhosts.xml
Normal file
@ -0,0 +1,21 @@
|
||||
<samba:parameter name="init logon delayed hosts"
|
||||
context="G"
|
||||
type="list"
|
||||
advanced="1" developer="1"
|
||||
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
||||
<description>
|
||||
<para>
|
||||
This parameter takes a list of host names, addresses or networks for
|
||||
which the initial samlogon reply should be delayed (so other DCs get
|
||||
preferred by XP workstations if there are any).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The length of the delay can be specified with the
|
||||
<smbconfoption name="init logon delay"/> parameter.
|
||||
</para>
|
||||
</description>
|
||||
|
||||
<value type="default"></value>
|
||||
<value type="example">150.203.5. myhost.mynet.de</value>
|
||||
</samba:parameter>
|
@ -9,5 +9,5 @@
|
||||
</para>
|
||||
</description>
|
||||
|
||||
<value type="default">900</value>
|
||||
<value type="default">604800 (one week)</value>
|
||||
</samba:parameter>
|
||||
|
15
docs-xml/smbdotconf/winbind/winbindreconnectdelay.xml
Normal file
15
docs-xml/smbdotconf/winbind/winbindreconnectdelay.xml
Normal file
@ -0,0 +1,15 @@
|
||||
<samba:parameter name="winbind reconnect delay"
|
||||
context="G"
|
||||
type="integer"
|
||||
advanced="1" developer="1"
|
||||
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
||||
<description>
|
||||
<para>This parameter specifies the number of
|
||||
seconds the <citerefentry><refentrytitle>winbindd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry> daemon will wait between
|
||||
attempts to contact a Domain controller for a domain that is
|
||||
determined to be down or not contactable.</para>
|
||||
</description>
|
||||
|
||||
<value type="default">30</value>
|
||||
</samba:parameter>
|
138
examples/libsmbclient/Makefile.internal.in
Normal file
138
examples/libsmbclient/Makefile.internal.in
Normal file
@ -0,0 +1,138 @@
|
||||
# Makefile.internal.in for building the libsmbclient examples
|
||||
# from within a samba build.
|
||||
#
|
||||
# Use Makfile for building the examples with a libsmbclient
|
||||
# installed to /usr/local/samba
|
||||
|
||||
CC = @CC@
|
||||
|
||||
SAMBA_DIR = ../../source
|
||||
SAMBA_INCLUDES = -I$(SAMBA_DIR)/include
|
||||
SAMBA_LIBPATH = -L$(SAMBA_DIR)/bin
|
||||
|
||||
GTK_CFLAGS = `gtk-config --cflags`
|
||||
GTK_LIBS = `gtk-config --libs`
|
||||
|
||||
#GTK_CFLAGS = `pkg-config gtk+-2.0 --cflags`
|
||||
#GTK_LIBS = `pkg-config gtk+-2.0 --libs`
|
||||
|
||||
FLAGS = @CPPFLAGS@ @CFLAGS@ $(GTK_CFLAGS) $(SAMBA_INCLUDES)
|
||||
|
||||
PICFLAG=@PICFLAG@
|
||||
LDFLAGS= $(SAMBA_LIBPATH) @PIE_LDFLAGS@ @LDFLAGS@
|
||||
|
||||
EXTERNAL_LIBS = @LIBS@ @LDAP_LIBS@ @KRB5_LIBS@ @NSCD_LIBS@
|
||||
LIBSMBCLIENT_LIBS = -lwbclient -lsmbclient -ltalloc -ltdb -ldl -lresolv
|
||||
CMDLINE_LIBS = @POPTLIBS@
|
||||
LIBS = $(EXTERNAL_LIBS) $(LIBSMBCLIENT_LIBS)
|
||||
|
||||
# Compile a source file. (.c --> .o)
|
||||
COMPILE_CC = $(CC) -I. $(FLAGS) $(PICFLAG) -c $< -o $@
|
||||
COMPILE = $(COMPILE_CC)
|
||||
|
||||
MAKEDIR = || exec false; \
|
||||
if test -d "$$dir"; then :; else \
|
||||
echo mkdir "$$dir"; \
|
||||
mkdir -p "$$dir" >/dev/null 2>&1 || \
|
||||
test -d "$$dir" || \
|
||||
mkdir "$$dir" || \
|
||||
exec false; fi || exec false
|
||||
|
||||
TESTS= testsmbc \
|
||||
testacl \
|
||||
testacl2 \
|
||||
testacl3 \
|
||||
testbrowse \
|
||||
testbrowse2 \
|
||||
teststat \
|
||||
teststat2 \
|
||||
teststat3 \
|
||||
testtruncate \
|
||||
testchmod \
|
||||
testutime \
|
||||
testread \
|
||||
testwrite
|
||||
|
||||
# tree \
|
||||
|
||||
all: $(TESTS) smbsh
|
||||
|
||||
.c.o:
|
||||
@if (: >> $@ || : > $@) >/dev/null 2>&1; then rm -f $@; else \
|
||||
dir=`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` $(MAKEDIR); fi
|
||||
@echo Compiling $*.c
|
||||
@$(COMPILE) && exit 0;\
|
||||
echo "The following command failed:" 1>&2;\
|
||||
echo "$(COMPILE_CC)" 1>&2;\
|
||||
$(COMPILE_CC) >/dev/null 2>&1
|
||||
|
||||
testsmbc: testsmbc.o
|
||||
@echo Linking testsmbc
|
||||
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS)
|
||||
|
||||
tree: tree.o
|
||||
@echo Linking tree
|
||||
@$(CC) $(GTK_CFLAGS) $(FLAGS) $(LDFLAGS) -o $@ $< $(GTK_LIBS) $(LIBS)
|
||||
|
||||
testacl: testacl.o
|
||||
@echo Linking testacl
|
||||
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
|
||||
|
||||
testacl2: testacl2.o
|
||||
@echo Linking testacl2
|
||||
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
|
||||
|
||||
testacl3: testacl3.o
|
||||
@echo Linking testacl3
|
||||
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
|
||||
|
||||
testbrowse: testbrowse.o
|
||||
@echo Linking testbrowse
|
||||
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
|
||||
|
||||
testbrowse2: testbrowse2.o
|
||||
@echo Linking testbrowse2
|
||||
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
|
||||
|
||||
teststat: teststat.o
|
||||
@echo Linking teststat
|
||||
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
|
||||
|
||||
teststat2: teststat2.o
|
||||
@echo Linking teststat2
|
||||
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
|
||||
|
||||
teststat3: teststat3.o
|
||||
@echo Linking teststat3
|
||||
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
|
||||
|
||||
testtruncate: testtruncate.o
|
||||
@echo Linking testtruncate
|
||||
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
|
||||
|
||||
testchmod: testchmod.o
|
||||
@echo Linking testchmod
|
||||
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
|
||||
|
||||
testutime: testutime.o
|
||||
@echo Linking testutime
|
||||
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
|
||||
|
||||
testread: testread.o
|
||||
@echo Linking testread
|
||||
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
|
||||
|
||||
testwrite: testwrite.o
|
||||
@echo Linking testwrite
|
||||
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
|
||||
|
||||
testctx: testctx.o
|
||||
@echo Linking testctx
|
||||
@$(CC) $(FLAGS) $(LDFLAGS) -o $@ $< $(LIBS) $(CMDLINE_LIBS)
|
||||
|
||||
smbsh:
|
||||
make -C smbwrapper
|
||||
|
||||
clean:
|
||||
@rm -f *.o *~ $(TESTS)
|
||||
@make -C smbwrapper clean
|
@ -3,7 +3,7 @@ DEFS = -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE
|
||||
|
||||
CFLAGS = -I$(SAMBA_INCL) $(EXTLIB_INCL)
|
||||
|
||||
LDFLAGS = -L/usr/local/samba/lib
|
||||
LDFLAGS = -L/usr/local/samba/lib -L../../../source/bin
|
||||
|
||||
SMBINCLUDE = -I../../../source/include
|
||||
CFLAGS= -fpic -g -O0 $(DEFS) $(SMBINCLUDE)
|
||||
|
@ -1109,7 +1109,7 @@ int utimes(const char *name, const struct timeval *tvp)
|
||||
return (* smbw_libc.utimes)((char *) name, (struct timeval *) tvp);
|
||||
}
|
||||
|
||||
int readlink(const char *path, char *buf, size_t bufsize)
|
||||
ssize_t readlink(const char *path, char *buf, size_t bufsize)
|
||||
{
|
||||
check_init("readlink");
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
# Doxyfile 0.1
|
||||
# Doxyfile 1.5.3
|
||||
|
||||
#---------------------------------------------------------------------------
|
||||
# General configuration options
|
||||
# Project related configuration options
|
||||
#---------------------------------------------------------------------------
|
||||
PROJECT_NAME = Samba
|
||||
PROJECT_NUMBER = HEAD
|
||||
@ -13,68 +13,84 @@ PROJECT_NUMBER = HEAD
|
||||
# doesn't mind variables being redefined.
|
||||
|
||||
OUTPUT_DIRECTORY = dox
|
||||
|
||||
OUTPUT_LANGUAGE = English
|
||||
EXTRACT_ALL = YES
|
||||
EXTRACT_PRIVATE = YES
|
||||
EXTRACT_STATIC = YES
|
||||
HIDE_UNDOC_MEMBERS = NO
|
||||
HIDE_UNDOC_CLASSES = NO
|
||||
DOXYFILE_ENCODING = UTF-8
|
||||
BRIEF_MEMBER_DESC = YES
|
||||
REPEAT_BRIEF = YES
|
||||
ALWAYS_DETAILED_SEC = NO
|
||||
FULL_PATH_NAMES = YES
|
||||
STRIP_FROM_PATH = $(PWD)/
|
||||
INTERNAL_DOCS = YES
|
||||
CLASS_DIAGRAMS = YES
|
||||
SOURCE_BROWSER = YES
|
||||
INLINE_SOURCES = YES
|
||||
STRIP_CODE_COMMENTS = NO
|
||||
CASE_SENSE_NAMES = YES
|
||||
SHORT_NAMES = NO
|
||||
HIDE_SCOPE_NAMES = YES
|
||||
VERBATIM_HEADERS = YES
|
||||
SHOW_INCLUDE_FILES = YES
|
||||
JAVADOC_AUTOBRIEF = YES
|
||||
INHERIT_DOCS = YES
|
||||
TAB_SIZE = 8
|
||||
ALIASES =
|
||||
OPTIMIZE_OUTPUT_FOR_C = YES
|
||||
DISTRIBUTE_GROUP_DOC = NO
|
||||
#---------------------------------------------------------------------------
|
||||
# Build related configuration options
|
||||
#---------------------------------------------------------------------------
|
||||
EXTRACT_ALL = YES
|
||||
EXTRACT_PRIVATE = YES
|
||||
EXTRACT_STATIC = YES
|
||||
EXTRACT_LOCAL_CLASSES = YES
|
||||
HIDE_UNDOC_MEMBERS = NO
|
||||
HIDE_UNDOC_CLASSES = NO
|
||||
INTERNAL_DOCS = YES
|
||||
CASE_SENSE_NAMES = YES
|
||||
HIDE_SCOPE_NAMES = YES
|
||||
SHOW_INCLUDE_FILES = YES
|
||||
INLINE_INFO = YES
|
||||
SORT_MEMBER_DOCS = NO
|
||||
DISTRIBUTE_GROUP_DOC = NO
|
||||
TAB_SIZE = 8
|
||||
SORT_BRIEF_DOCS = NO
|
||||
GENERATE_TODOLIST = YES
|
||||
GENERATE_TESTLIST = YES
|
||||
GENERATE_BUGLIST = YES
|
||||
ALIASES =
|
||||
GENERATE_DEPRECATEDLIST= YES
|
||||
ENABLED_SECTIONS =
|
||||
MAX_INITIALIZER_LINES = 30
|
||||
OPTIMIZE_OUTPUT_FOR_C = YES
|
||||
SHOW_USED_FILES = YES
|
||||
REFERENCED_BY_RELATION = YES
|
||||
SHOW_DIRECTORIES = YES
|
||||
#---------------------------------------------------------------------------
|
||||
# configuration options related to warning and progress messages
|
||||
#---------------------------------------------------------------------------
|
||||
QUIET = YES
|
||||
WARNINGS = NO
|
||||
WARN_IF_UNDOCUMENTED = NO
|
||||
WARN_IF_DOC_ERROR = NO
|
||||
WARN_NO_PARAMDOC = NO
|
||||
WARN_FORMAT = "$file:$line: $text"
|
||||
WARN_LOGFILE =
|
||||
#---------------------------------------------------------------------------
|
||||
# configuration options related to the input files
|
||||
#---------------------------------------------------------------------------
|
||||
INPUT = .
|
||||
INPUT_ENCODING = UTF-8
|
||||
FILE_PATTERNS = *.c \
|
||||
*.h \
|
||||
*.idl
|
||||
RECURSIVE = YES
|
||||
EXCLUDE = include/includes.h \
|
||||
include/proto.h
|
||||
EXCLUDE_SYMLINKS = NO
|
||||
EXCLUDE_PATTERNS =
|
||||
EXAMPLE_PATH =
|
||||
EXAMPLE_PATTERNS =
|
||||
EXAMPLE_RECURSIVE = NO
|
||||
IMAGE_PATH =
|
||||
INPUT_FILTER =
|
||||
FILTER_SOURCE_FILES = NO
|
||||
#---------------------------------------------------------------------------
|
||||
# configuration options related to source browsing
|
||||
#---------------------------------------------------------------------------
|
||||
SOURCE_BROWSER = YES
|
||||
INLINE_SOURCES = YES
|
||||
STRIP_CODE_COMMENTS = NO
|
||||
REFERENCED_BY_RELATION = YES
|
||||
REFERENCES_RELATION = YES
|
||||
REFERENCES_LINK_SOURCE = YES
|
||||
VERBATIM_HEADERS = YES
|
||||
#---------------------------------------------------------------------------
|
||||
# configuration options related to the alphabetical class index
|
||||
#---------------------------------------------------------------------------
|
||||
ALPHABETICAL_INDEX = YES
|
||||
@ -85,13 +101,12 @@ IGNORE_PREFIX =
|
||||
#---------------------------------------------------------------------------
|
||||
GENERATE_HTML = YES
|
||||
HTML_OUTPUT = .
|
||||
HTML_FILE_EXTENSION = .html
|
||||
HTML_HEADER =
|
||||
HTML_FOOTER =
|
||||
HTML_STYLESHEET =
|
||||
HTML_ALIGN_MEMBERS = YES
|
||||
GENERATE_HTMLHELP = NO
|
||||
GENERATE_CHI = NO
|
||||
BINARY_TOC = NO
|
||||
TOC_EXPAND = NO
|
||||
DISABLE_INDEX = NO
|
||||
ENUM_VALUES_PER_LINE = 3
|
||||
@ -152,25 +167,26 @@ PERL_PATH = /usr/bin/perl
|
||||
# configuration options related to the dot tool
|
||||
#---------------------------------------------------------------------------
|
||||
HAVE_DOT = NO
|
||||
CLASS_DIAGRAMS = YES
|
||||
HIDE_UNDOC_RELATIONS = NO
|
||||
CLASS_GRAPH = YES
|
||||
COLLABORATION_GRAPH = YES
|
||||
GROUP_GRAPHS = YES
|
||||
TEMPLATE_RELATIONS = YES
|
||||
INCLUDE_GRAPH = YES
|
||||
INCLUDED_BY_GRAPH = YES
|
||||
CALL_GRAPH = YES
|
||||
CALLER_GRAPH = YES
|
||||
GRAPHICAL_HIERARCHY = YES
|
||||
DIRECTORY_GRAPH = YES
|
||||
DOT_IMAGE_FORMAT = png
|
||||
DOT_PATH =
|
||||
DOTFILE_DIRS =
|
||||
MAX_DOT_GRAPH_WIDTH = 1024
|
||||
MAX_DOT_GRAPH_HEIGHT = 1024
|
||||
DOT_GRAPH_MAX_NODES = 50
|
||||
MAX_DOT_GRAPH_DEPTH = 0
|
||||
GENERATE_LEGEND = YES
|
||||
DOT_CLEANUP = YES
|
||||
#---------------------------------------------------------------------------
|
||||
# configuration::additions related to the search engine
|
||||
#---------------------------------------------------------------------------
|
||||
SEARCHENGINE = NO
|
||||
CGI_NAME = search.cgi
|
||||
CGI_URL =
|
||||
DOC_URL =
|
||||
DOC_ABSPATH =
|
||||
BIN_ABSPATH = /usr/local/bin/
|
||||
EXT_DOC_PATHS =
|
||||
|
@ -178,9 +178,9 @@ PATH_FLAGS = -DSMB_PASSWD_FILE=\"$(SMB_PASSWD_FILE)\" \
|
||||
|
||||
# Note that all executable programs now provide for an optional executable suffix.
|
||||
|
||||
SBIN_PROGS = bin/smbd@EXEEXT@ bin/nmbd@EXEEXT@ @SWAT_SBIN_TARGETS@ @EXTRA_SBIN_PROGS@
|
||||
SBIN_PROGS = bin/smbd@EXEEXT@ bin/nmbd@EXEEXT@ @SWAT_SBIN_TARGETS@ @EXTRA_SBIN_PROGS@ @CIFSUPCALL_PROGS@
|
||||
|
||||
ROOT_SBIN_PROGS = @CIFSMOUNT_PROGS@ @CIFSUPCALL_PROGS@
|
||||
ROOT_SBIN_PROGS = @CIFSMOUNT_PROGS@
|
||||
|
||||
BIN_PROGS1 = bin/smbclient@EXEEXT@ bin/net@EXEEXT@ bin/smbspool@EXEEXT@ \
|
||||
bin/testparm@EXEEXT@ bin/smbstatus@EXEEXT@ bin/smbget@EXEEXT@
|
||||
@ -339,7 +339,7 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) \
|
||||
lib/module.o lib/events.o lib/ldap_escape.o @CHARSET_STATIC@ \
|
||||
lib/secdesc.o lib/util_seaccess.o lib/secace.o lib/secacl.o \
|
||||
libads/krb5_errs.o lib/system_smbd.o lib/audit.o $(LIBNDR_OBJ) \
|
||||
lib/file_id.o
|
||||
lib/file_id.o lib/idmap_cache.o
|
||||
|
||||
LIB_DUMMY_OBJ = lib/dummysmbd.o lib/dummyroot.o
|
||||
LIB_NONSMBD_OBJ = $(LIB_OBJ) $(LIB_DUMMY_OBJ)
|
||||
@ -980,7 +980,7 @@ PAM_SMBPASS_OBJ = $(PAM_SMBPASS_OBJ_0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(PASSDB_
|
||||
$(SMBLDAP_OBJ) $(LIBSAMBA_OBJ) \
|
||||
$(LDB_OBJ)
|
||||
|
||||
IDMAP_OBJ = winbindd/idmap.o winbindd/idmap_cache.o winbindd/idmap_util.o @IDMAP_STATIC@
|
||||
IDMAP_OBJ = winbindd/idmap.o winbindd/idmap_util.o @IDMAP_STATIC@
|
||||
|
||||
NSS_INFO_OBJ = winbindd/nss_info.o @NSS_INFO_STATIC@
|
||||
|
||||
@ -1350,7 +1350,7 @@ bin/cifs.upcall@EXEEXT@: $(BINARY_PREREQS) $(CIFS_UPCALL_OBJ) $(LIBSMBCLIENT_OBJ
|
||||
@$(CC) $(FLAGS) -o $@ $(CIFS_UPCALL_OBJ) $(DYNEXP) $(LDFLAGS) \
|
||||
-lkeyutils $(LIBS) $(LIBSMBCLIENT_OBJ1) $(KRB5LIBS) \
|
||||
$(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(WINBIND_LIBS) \
|
||||
$(LIBTDB_LIBS)
|
||||
$(LIBTDB_LIBS) $(NSCD_LIBS)
|
||||
|
||||
bin/testparm@EXEEXT@: $(BINARY_PREREQS) $(TESTPARM_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
|
||||
@echo Linking $@
|
||||
@ -1824,7 +1824,7 @@ shlibs test_shlibs: @LIBADDNS_SHARED@
|
||||
#
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
LIBNETAPI_OBJ1 = lib/netapi/netapi.o \
|
||||
LIBNETAPI_OBJ0 = lib/netapi/netapi.o \
|
||||
lib/netapi/cm.o \
|
||||
librpc/gen_ndr/ndr_libnetapi.o \
|
||||
lib/netapi/libnetapi.o \
|
||||
@ -1837,7 +1837,7 @@ LIBNETAPI_OBJ1 = lib/netapi/netapi.o \
|
||||
lib/netapi/samr.o \
|
||||
lib/netapi/sid.o
|
||||
|
||||
LIBNETAPI_OBJ = $(LIBNETAPI_OBJ1) $(LIBNET_OBJ) \
|
||||
LIBNETAPI_OBJ = $(LIBNETAPI_OBJ0) $(LIBNET_OBJ) \
|
||||
$(LIBSMBCONF_OBJ) \
|
||||
$(REG_SMBCONF_OBJ) \
|
||||
$(PARAM_WITHOUT_REG_OBJ) $(LIB_NONSMBD_OBJ) \
|
||||
@ -1869,9 +1869,9 @@ $(LIBNETAPI_SHARED_TARGET): $(LIBNETAPI_SHARED_TARGET_SONAME)
|
||||
@rm -f $@
|
||||
@ln -s -f `basename $(LIBNETAPI_SHARED_TARGET_SONAME)` $@
|
||||
|
||||
$(LIBNETAPI_STATIC_TARGET): $(BINARY_PREREQS) $(LIBNETAPI_OBJ1)
|
||||
$(LIBNETAPI_STATIC_TARGET): $(BINARY_PREREQS) $(LIBNETAPI_OBJ0)
|
||||
@echo Linking non-shared library $@
|
||||
@-$(AR) -rc $@ $(LIBNETAPI_OBJ1)
|
||||
@-$(AR) -rc $@ $(LIBNETAPI_OBJ0)
|
||||
|
||||
libnetapi: $(LIBNETAPI)
|
||||
|
||||
@ -1917,10 +1917,13 @@ LIBSMBCLIENT_SOVER=@LIBSMBCLIENT_SOVER@
|
||||
LIBSMBCLIENT_SHARED_TARGET_SONAME=$(LIBSMBCLIENT_SHARED_TARGET).$(LIBSMBCLIENT_SOVER)
|
||||
LIBSMBCLIENT_STATIC_TARGET=@LIBSMBCLIENT_STATIC_TARGET@
|
||||
LIBSMBCLIENT=$(LIBSMBCLIENT_STATIC_TARGET) @LIBSMBCLIENT_SHARED@
|
||||
#LIBSMBCLIENT_SYMS=$(srcdir)/exports/libsmbclient.@SYMSEXT@
|
||||
LIBSMBCLIENT_SYMS=$(srcdir)/exports/libsmbclient.@SYMSEXT@
|
||||
LIBSMBCLIENT_HEADERS=$(srcdir)/include/libsmbclient.h
|
||||
|
||||
$(LIBSMBCLIENT_SHARED_TARGET_SONAME): $(BINARY_PREREQS) $(LIBSMBCLIENT_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
|
||||
$(LIBSMBCLIENT_SYMS): $(LIBSMBCLIENT_HEADERS)
|
||||
@$(MKSYMS_SH) $(AWK) $@ $(LIBSMBCLIENT_HEADERS)
|
||||
|
||||
$(LIBSMBCLIENT_SHARED_TARGET_SONAME): $(BINARY_PREREQS) $(LIBSMBCLIENT_OBJ) $(LIBSMBCLIENT_SYMS) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
|
||||
@echo Linking shared library $@
|
||||
@$(SHLD_DSO) $(LIBSMBCLIENT_OBJ) \
|
||||
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS) $(LIBS) \
|
||||
@ -1986,12 +1989,13 @@ LIBSMBSHAREMODES_SOVER=@LIBSMBSHAREMODES_SOVER@
|
||||
LIBSMBSHAREMODES_SHARED_TARGET_SONAME=$(LIBSMBSHAREMODES_SHARED_TARGET).$(LIBSMBSHAREMODES_SOVER)
|
||||
LIBSMBSHAREMODES_STATIC_TARGET=@LIBSMBSHAREMODES_STATIC_TARGET@
|
||||
LIBSMBSHAREMODES=$(LIBSMBSHAREMODES_STATIC_TARGET) @LIBSMBSHAREMODES_SHARED@
|
||||
#LIBSMBSHAREMODES_SYMS=$(srcdir)/exports/libsmbsharemodes.@SYMSEXT@
|
||||
LIBSMBSHAREMODES_SYMS=$(srcdir)/exports/libsmbsharemodes.@SYMSEXT@
|
||||
LIBSMBSHAREMODES_HEADERS=$(srcdir)/include/smb_share_modes.h
|
||||
|
||||
LIBSMBSHAREMODES=bin/libsmbsharemodes.a @LIBSMBSHAREMODES_SHARED@
|
||||
$(LIBSMBSHAREMODES_SYMS): $(LIBSMBSHAREMODES_HEADERS)
|
||||
@$(MKSYMS_SH) $(AWK) $@ $(LIBSMBSHAREMODES_HEADERS)
|
||||
|
||||
$(LIBSMBSHAREMODES_SHARED_TARGET_SONAME): $(BINARY_PREREQS) $(LIBSMBSHAREMODES_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
|
||||
$(LIBSMBSHAREMODES_SHARED_TARGET_SONAME): $(BINARY_PREREQS) $(LIBSMBSHAREMODES_OBJ) $(LIBSMBSHAREMODES_SYMS) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
|
||||
@echo Linking shared library $@
|
||||
@$(SHLD_DSO) $(LIBSMBSHAREMODES_OBJ) \
|
||||
$(LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \
|
||||
@ -2471,7 +2475,7 @@ install-everything:: install installmodules
|
||||
# is not used
|
||||
|
||||
installdirs::
|
||||
@$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(BINDIR) $(SBINDIR) $(LIBDIR) $(VARDIR) $(PRIVATEDIR) $(PIDDIR) $(LOCKDIR) $(MANDIR)
|
||||
@$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(BINDIR) $(SBINDIR) $(LIBDIR) $(VARDIR) $(PRIVATEDIR) $(PIDDIR) $(LOCKDIR) $(MANDIR) $(CODEPAGEDIR) $(MODULESDIR)
|
||||
|
||||
installservers:: all installdirs
|
||||
@$(SHELL) script/installbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(SBINDIR) $(SBIN_PROGS)
|
||||
@ -2484,8 +2488,8 @@ installcifsmount:: @CIFSMOUNT_PROGS@
|
||||
@$(SHELL) script/installbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(ROOTSBINDIR) @CIFSMOUNT_PROGS@
|
||||
|
||||
installcifsupcall:: @CIFSUPCALL_PROGS@
|
||||
@$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(ROOTSBINDIR)
|
||||
@$(SHELL) script/installbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(ROOTSBINDIR) @CIFSUPCALL_PROGS@
|
||||
@$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(SBINDIR)
|
||||
@$(SHELL) script/installbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(SBINDIR) @CIFSUPCALL_PROGS@
|
||||
|
||||
# Some symlinks are required for the 'probing' of modules.
|
||||
# This mechanism should go at some point..
|
||||
@ -2716,3 +2720,14 @@ valgrindtest:: all torture timelimit
|
||||
SMBD_VALGRIND="xterm -n smbd -e valgrind -q --db-attach=yes --num-callers=30" \
|
||||
VALGRIND="valgrind -q --num-callers=30 --log-file=${selftest_prefix}/valgrind.log" \
|
||||
PERL="$(PERL)" $(srcdir)/script/tests/selftest.sh ${selftest_prefix} all "${smbtorture4_path}"
|
||||
|
||||
|
||||
##
|
||||
## Examples:
|
||||
##
|
||||
|
||||
libsmbclient_examples:
|
||||
$(MAKE) -C ../examples/libsmbclient -f Makefile.internal
|
||||
|
||||
clean_libsmbclient_examples:
|
||||
$(MAKE) -C ../examples/libsmbclient -f Makefile.internal clean
|
||||
|
@ -63,6 +63,7 @@ typedef int (*smb_pam_conv_fn)(int, const struct pam_message **, struct pam_resp
|
||||
* Macros to help make life easy
|
||||
*/
|
||||
#define COPY_STRING(s) (s) ? SMB_STRDUP(s) : NULL
|
||||
#define COPY_FSTRING(s) (s[0]) ? SMB_STRDUP(s) : NULL
|
||||
|
||||
/*******************************************************************
|
||||
PAM error handler.
|
||||
@ -327,7 +328,7 @@ static int smb_pam_passchange_conv(int num_msg,
|
||||
DEBUG(100,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: We actualy sent: %s\n", current_reply));
|
||||
#endif
|
||||
reply[replies].resp_retcode = PAM_SUCCESS;
|
||||
reply[replies].resp = COPY_STRING(current_reply);
|
||||
reply[replies].resp = COPY_FSTRING(current_reply);
|
||||
found = True;
|
||||
break;
|
||||
}
|
||||
@ -355,7 +356,7 @@ static int smb_pam_passchange_conv(int num_msg,
|
||||
DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: We sent: %s\n", current_reply));
|
||||
pwd_sub(current_reply, udp->PAM_username, udp->PAM_password, udp->PAM_newpassword);
|
||||
reply[replies].resp_retcode = PAM_SUCCESS;
|
||||
reply[replies].resp = COPY_STRING(current_reply);
|
||||
reply[replies].resp = COPY_FSTRING(current_reply);
|
||||
#ifdef DEBUG_PASSWORD
|
||||
DEBUG(100,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: We actualy sent: %s\n", current_reply));
|
||||
#endif
|
||||
|
@ -29,7 +29,7 @@ create dns_resolver * * /usr/local/sbin/cifs.upcall %k
|
||||
|
||||
#include "cifs_spnego.h"
|
||||
|
||||
const char *CIFSSPNEGO_VERSION = "1.1";
|
||||
const char *CIFSSPNEGO_VERSION = "1.2";
|
||||
static const char *prog = "cifs.upcall";
|
||||
typedef enum _secType {
|
||||
KRB5,
|
||||
@ -73,7 +73,7 @@ int handle_krb5_mech(const char *oid, const char *principal,
|
||||
tkt_wrapped = spnego_gen_krb5_wrap(tkt, TOK_ID_KRB_AP_REQ);
|
||||
|
||||
/* and wrap that in a shiny SPNEGO wrapper */
|
||||
*secblob = gen_negTokenInit(OID_KERBEROS5, tkt_wrapped);
|
||||
*secblob = gen_negTokenInit(oid, tkt_wrapped);
|
||||
|
||||
data_blob_free(&tkt_wrapped);
|
||||
data_blob_free(&tkt);
|
||||
@ -118,6 +118,9 @@ int decode_key_description(const char *desc, int *ver, secType_t * sec,
|
||||
if (strncmp(tkn + 4, "krb5", 4) == 0) {
|
||||
retval |= DKD_HAVE_SEC;
|
||||
*sec = KRB5;
|
||||
} else if (strncmp(tkn + 4, "mskrb5", 6) == 0) {
|
||||
retval |= DKD_HAVE_SEC;
|
||||
*sec = MS_KRB5;
|
||||
}
|
||||
} else if (strncmp(tkn, "uid=", 4) == 0) {
|
||||
errno = 0;
|
||||
@ -220,6 +223,7 @@ int main(const int argc, char *const argv[])
|
||||
int kernel_upcall_version;
|
||||
int c, use_cifs_service_prefix = 0;
|
||||
char *buf, *hostname = NULL;
|
||||
const char *oid;
|
||||
|
||||
openlog(prog, 0, LOG_DAEMON);
|
||||
|
||||
@ -280,7 +284,7 @@ int main(const int argc, char *const argv[])
|
||||
}
|
||||
SAFE_FREE(buf);
|
||||
|
||||
if (kernel_upcall_version != CIFS_SPNEGO_UPCALL_VERSION) {
|
||||
if (kernel_upcall_version > CIFS_SPNEGO_UPCALL_VERSION) {
|
||||
syslog(LOG_WARNING,
|
||||
"incompatible kernel upcall version: 0x%x",
|
||||
kernel_upcall_version);
|
||||
@ -301,6 +305,7 @@ int main(const int argc, char *const argv[])
|
||||
|
||||
// do mech specific authorization
|
||||
switch (sectype) {
|
||||
case MS_KRB5:
|
||||
case KRB5:{
|
||||
char *princ;
|
||||
size_t len;
|
||||
@ -319,8 +324,12 @@ int main(const int argc, char *const argv[])
|
||||
}
|
||||
strlcpy(princ + 5, hostname, len - 5);
|
||||
|
||||
rc = handle_krb5_mech(OID_KERBEROS5, princ,
|
||||
&secblob, &sess_key);
|
||||
if (sectype == MS_KRB5)
|
||||
oid = OID_KERBEROS5_OLD;
|
||||
else
|
||||
oid = OID_KERBEROS5;
|
||||
|
||||
rc = handle_krb5_mech(oid, princ, &secblob, &sess_key);
|
||||
SAFE_FREE(princ);
|
||||
break;
|
||||
}
|
||||
@ -344,7 +353,7 @@ int main(const int argc, char *const argv[])
|
||||
rc = 1;
|
||||
goto out;
|
||||
}
|
||||
keydata->version = CIFS_SPNEGO_UPCALL_VERSION;
|
||||
keydata->version = kernel_upcall_version;
|
||||
keydata->flags = 0;
|
||||
keydata->sesskey_len = sess_key.length;
|
||||
keydata->secblob_len = secblob.length;
|
||||
|
@ -23,7 +23,7 @@
|
||||
#ifndef _CIFS_SPNEGO_H
|
||||
#define _CIFS_SPNEGO_H
|
||||
|
||||
#define CIFS_SPNEGO_UPCALL_VERSION 1
|
||||
#define CIFS_SPNEGO_UPCALL_VERSION 2
|
||||
|
||||
/*
|
||||
* The version field should always be set to CIFS_SPNEGO_UPCALL_VERSION.
|
||||
|
@ -473,7 +473,8 @@ static int parse_options(char ** optionsp, int * filesys_flags)
|
||||
}
|
||||
} else if (strncmp(data, "sec", 3) == 0) {
|
||||
if (value) {
|
||||
if (!strcmp(value, "none"))
|
||||
if (!strncmp(value, "none", 4) ||
|
||||
!strncmp(value, "krb5", 4))
|
||||
got_password = 1;
|
||||
}
|
||||
} else if (strncmp(data, "ip", 2) == 0) {
|
||||
|
@ -2627,19 +2627,6 @@ AC_CHECK_FUNCS(getpagesize)
|
||||
################################################
|
||||
# look for a method of setting the effective uid
|
||||
seteuid=no;
|
||||
if test $seteuid = no; then
|
||||
AC_CACHE_CHECK([for setresuid],samba_cv_USE_SETRESUID,[
|
||||
AC_TRY_RUN([
|
||||
#define AUTOCONF_TEST 1
|
||||
#define USE_SETRESUID 1
|
||||
#include "confdefs.h"
|
||||
#include "${srcdir-.}/lib/util_sec.c"],
|
||||
samba_cv_USE_SETRESUID=yes,samba_cv_USE_SETRESUID=no,samba_cv_USE_SETRESUID=cross)])
|
||||
if test x"$samba_cv_USE_SETRESUID" = x"yes"; then
|
||||
seteuid=yes;AC_DEFINE(USE_SETRESUID,1,[Whether setresuid() is available])
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
if test $seteuid = no; then
|
||||
AC_CACHE_CHECK([for setreuid],samba_cv_USE_SETREUID,[
|
||||
@ -2654,6 +2641,21 @@ if test x"$samba_cv_USE_SETREUID" = x"yes"; then
|
||||
fi
|
||||
fi
|
||||
|
||||
# we check for setresuid second as it conflicts with AIO on Linux.
|
||||
# see http://samba.org/~tridge/junkcode/aio_uid.c
|
||||
if test $seteuid = no; then
|
||||
AC_CACHE_CHECK([for setresuid],samba_cv_USE_SETRESUID,[
|
||||
AC_TRY_RUN([
|
||||
#define AUTOCONF_TEST 1
|
||||
#define USE_SETRESUID 1
|
||||
#include "confdefs.h"
|
||||
#include "${srcdir-.}/lib/util_sec.c"],
|
||||
samba_cv_USE_SETRESUID=yes,samba_cv_USE_SETRESUID=no,samba_cv_USE_SETRESUID=cross)])
|
||||
if test x"$samba_cv_USE_SETRESUID" = x"yes"; then
|
||||
seteuid=yes;AC_DEFINE(USE_SETRESUID,1,[Whether setresuid() is available])
|
||||
fi
|
||||
fi
|
||||
|
||||
if test $seteuid = no; then
|
||||
AC_CACHE_CHECK([for seteuid],samba_cv_USE_SETEUID,[
|
||||
AC_TRY_RUN([
|
||||
@ -4048,7 +4050,7 @@ INSTALL_CIFSUPCALL=""
|
||||
UNINSTALL_CIFSUPCALL=""
|
||||
AC_MSG_CHECKING(whether to build cifs.upcall)
|
||||
AC_ARG_WITH(cifsupcall,
|
||||
[AS_HELP_STRING([--with-cifsupcall], [Include cifs.upcall (Linux only) support (default=no)])],
|
||||
[AS_HELP_STRING([--with-cifsupcall], [Include cifs.upcall (Linux only) support (default=yes)])],
|
||||
[ case "$withval" in
|
||||
no)
|
||||
AC_MSG_RESULT(no)
|
||||
@ -4074,9 +4076,24 @@ AC_ARG_WITH(cifsupcall,
|
||||
esac
|
||||
;;
|
||||
esac ],
|
||||
[
|
||||
AC_MSG_RESULT(no)
|
||||
]
|
||||
[ case "$host_os" in
|
||||
*linux*)
|
||||
if test x"$use_ads" != x"yes"; then
|
||||
AC_MSG_WARN(ADS support should be enabled for building cifs.upcall)
|
||||
elif test x"$HAVE_KEYUTILS_H" != "x1"; then
|
||||
AC_MSG_WARN(keyutils package is required for cifs.upcall)
|
||||
else
|
||||
AC_MSG_RESULT(yes)
|
||||
AC_DEFINE(WITH_CIFSUPCALL,1,[whether to build cifs.upcall])
|
||||
CIFSUPCALL_PROGS="bin/cifs.upcall"
|
||||
INSTALL_CIFSUPCALL="installcifsupcall"
|
||||
UNINSTALL_CIFSUPCALL="uninstallcifsupcall"
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
AC_MSG_RESULT(no)
|
||||
;;
|
||||
esac ]
|
||||
)
|
||||
|
||||
|
||||
@ -6149,6 +6166,7 @@ AC_OUTPUT(Makefile
|
||||
pkgconfig/wbclient.pc
|
||||
pkgconfig/netapi.pc
|
||||
pkgconfig/smbsharemodes.pc
|
||||
../examples/libsmbclient/Makefile.internal
|
||||
)
|
||||
|
||||
#################################################
|
||||
|
@ -1,4 +0,0 @@
|
||||
{
|
||||
global: smbc_*;
|
||||
local: *;
|
||||
};
|
@ -1,3 +0,0 @@
|
||||
{
|
||||
global: *;
|
||||
};
|
@ -623,7 +623,7 @@ bool is_local_net(const struct sockaddr_storage *from);
|
||||
void setup_linklocal_scope_id(struct sockaddr_storage *pss);
|
||||
bool is_local_net_v4(struct in_addr from);
|
||||
int iface_count(void);
|
||||
int iface_count_v4(void);
|
||||
int iface_count_v4_nl(void);
|
||||
const struct in_addr *first_ipv4_iface(void);
|
||||
struct interface *get_interface(int n);
|
||||
const struct sockaddr_storage *iface_n_sockaddr_storage(int n);
|
||||
@ -6049,6 +6049,7 @@ int lp_directory_name_cache_size(int );
|
||||
int lp_smb_encrypt(int );
|
||||
char lp_magicchar(const struct share_params *p );
|
||||
int lp_winbind_cache_time(void);
|
||||
int lp_winbind_reconnect_delay(void);
|
||||
const char **lp_winbind_nss_info(void);
|
||||
int lp_algorithmic_rid_base(void);
|
||||
int lp_name_cache_timeout(void);
|
||||
|
@ -1330,12 +1330,19 @@ struct bitmap {
|
||||
#define FILE_DELETE_ON_CLOSE 0x1000
|
||||
#define FILE_OPEN_BY_FILE_ID 0x2000
|
||||
|
||||
/* Private create options used by the ntcreatex processing code. From Samba4. */
|
||||
#define NTCREATEX_OPTIONS_PRIVATE_DENY_DOS 0x01000000
|
||||
#define NTCREATEX_OPTIONS_PRIVATE_DENY_FCB 0x02000000
|
||||
#define NTCREATEX_OPTIONS_MUST_IGNORE_MASK (0x008F0480)
|
||||
|
||||
#define NTCREATEX_OPTIONS_INVALID_PARAM_MASK (0xFF100030)
|
||||
|
||||
/*
|
||||
* Private create options used by the ntcreatex processing code. From Samba4.
|
||||
* We reuse some ignored flags for private use.
|
||||
*/
|
||||
#define NTCREATEX_OPTIONS_PRIVATE_DENY_DOS 0x00010000
|
||||
#define NTCREATEX_OPTIONS_PRIVATE_DENY_FCB 0x00020000
|
||||
|
||||
/* Private options for streams support */
|
||||
#define NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE 0x04000000
|
||||
#define NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE 0x00040000
|
||||
|
||||
/* Responses when opening a file. */
|
||||
#define FILE_WAS_SUPERSEDED 0
|
||||
|
@ -2,17 +2,17 @@
|
||||
Unix SMB/CIFS implementation.
|
||||
Database interface wrapper around ctdbd
|
||||
Copyright (C) Volker Lendecke 2007
|
||||
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
@ -76,7 +76,7 @@ static NTSTATUS tdb_error_to_ntstatus(struct tdb_context *tdb)
|
||||
|
||||
/*
|
||||
form a ctdb_rec_data record from a key/data pair
|
||||
|
||||
|
||||
note that header may be NULL. If not NULL then it is included in the data portion
|
||||
of the record
|
||||
*/
|
||||
@ -130,7 +130,8 @@ static struct ctdb_marshall_buffer *db_ctdb_marshall_add(TALLOC_CTX *mem_ctx,
|
||||
}
|
||||
|
||||
if (m == NULL) {
|
||||
m = talloc_zero_size(mem_ctx, offsetof(struct ctdb_marshall_buffer, data));
|
||||
m = (struct ctdb_marshall_buffer *)talloc_zero_size(
|
||||
mem_ctx, offsetof(struct ctdb_marshall_buffer, data));
|
||||
if (m == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
@ -140,7 +141,8 @@ static struct ctdb_marshall_buffer *db_ctdb_marshall_add(TALLOC_CTX *mem_ctx,
|
||||
m_size = talloc_get_size(m);
|
||||
r_size = talloc_get_size(r);
|
||||
|
||||
m2 = talloc_realloc_size(mem_ctx, m, m_size + r_size);
|
||||
m2 = (struct ctdb_marshall_buffer *)talloc_realloc_size(
|
||||
mem_ctx, m, m_size + r_size);
|
||||
if (m2 == NULL) {
|
||||
talloc_free(m);
|
||||
return NULL;
|
||||
@ -166,7 +168,7 @@ static TDB_DATA db_ctdb_marshall_finish(struct ctdb_marshall_buffer *m)
|
||||
|
||||
/*
|
||||
loop over a marshalling buffer
|
||||
|
||||
|
||||
- pass r==NULL to start
|
||||
- loop the number of times indicated by m->count
|
||||
*/
|
||||
@ -184,7 +186,7 @@ static struct ctdb_rec_data *db_ctdb_marshall_loop_next(struct ctdb_marshall_buf
|
||||
if (reqid != NULL) {
|
||||
*reqid = r->reqid;
|
||||
}
|
||||
|
||||
|
||||
if (key != NULL) {
|
||||
key->dptr = &r->data[0];
|
||||
key->dsize = r->keylen;
|
||||
@ -228,7 +230,7 @@ static int db_ctdb_transaction_fetch_start(struct db_ctdb_transaction_handle *h)
|
||||
struct db_ctdb_ctx *ctx = h->ctx;
|
||||
TDB_DATA data;
|
||||
|
||||
key.dptr = discard_const(keyname);
|
||||
key.dptr = (uint8_t *)discard_const(keyname);
|
||||
key.dsize = strlen(keyname);
|
||||
|
||||
again:
|
||||
@ -483,16 +485,16 @@ static int db_ctdb_transaction_store(struct db_ctdb_transaction_handle *h,
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
h->m_write = db_ctdb_marshall_add(h, h->m_write, h->ctx->db_id, 0, key, &header, data);
|
||||
if (h->m_write == NULL) {
|
||||
DEBUG(0,(__location__ " Failed to add to marshalling record\n"));
|
||||
talloc_free(tmp_ctx);
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
rec.dsize = data.dsize + sizeof(struct ctdb_ltdb_header);
|
||||
rec.dptr = talloc_size(tmp_ctx, rec.dsize);
|
||||
rec.dptr = (uint8_t *)talloc_size(tmp_ctx, rec.dsize);
|
||||
if (rec.dptr == NULL) {
|
||||
DEBUG(0,(__location__ " Failed to alloc record\n"));
|
||||
talloc_free(tmp_ctx);
|
||||
@ -504,7 +506,7 @@ static int db_ctdb_transaction_store(struct db_ctdb_transaction_handle *h,
|
||||
ret = tdb_store(h->ctx->wtdb->tdb, key, rec, TDB_REPLACE);
|
||||
|
||||
talloc_free(tmp_ctx);
|
||||
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -590,7 +592,7 @@ static int ctdb_replay_transaction(struct db_ctdb_transaction_handle *h)
|
||||
talloc_free(tmp_ctx);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return 0;
|
||||
|
||||
failed:
|
||||
@ -868,7 +870,7 @@ again:
|
||||
(int)crec->ctdb_ctx->db_id, keystr));
|
||||
TALLOC_FREE(keystr);
|
||||
}
|
||||
|
||||
|
||||
if (tdb_chainlock(ctx->wtdb->tdb, key) != 0) {
|
||||
DEBUG(3, ("tdb_chainlock failed\n"));
|
||||
TALLOC_FREE(result);
|
||||
|
@ -18,7 +18,6 @@
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.*/
|
||||
|
||||
#include "includes.h"
|
||||
#include "winbindd.h"
|
||||
|
||||
/**
|
||||
* Find a sid2uid mapping
|
@ -131,15 +131,18 @@ int iface_count(void)
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
How many interfaces do we have (v4 only) ?
|
||||
How many non-loopback IPv4 interfaces do we have ?
|
||||
**************************************************************************/
|
||||
|
||||
int iface_count_v4(void)
|
||||
int iface_count_v4_nl(void)
|
||||
{
|
||||
int ret = 0;
|
||||
struct interface *i;
|
||||
|
||||
for (i=local_interfaces;i;i=i->next) {
|
||||
if (is_loopback_addr(&i->ip)) {
|
||||
continue;
|
||||
}
|
||||
if (i->ip.ss_family == AF_INET) {
|
||||
ret++;
|
||||
}
|
||||
|
@ -2008,6 +2008,7 @@ bool str_list_sub_basic( char **list, const char *smb_name,
|
||||
|
||||
bool str_list_substitute(char **list, const char *pattern, const char *insert)
|
||||
{
|
||||
TALLOC_CTX *ctx = list;
|
||||
char *p, *s, *t;
|
||||
ssize_t ls, lp, li, ld, i, d;
|
||||
|
||||
@ -2030,7 +2031,7 @@ bool str_list_substitute(char **list, const char *pattern, const char *insert)
|
||||
t = *list;
|
||||
d = p -t;
|
||||
if (ld) {
|
||||
t = (char *) SMB_MALLOC(ls +ld +1);
|
||||
t = TALLOC_ARRAY(ctx, char, ls +ld +1);
|
||||
if (!t) {
|
||||
DEBUG(0,("str_list_substitute: "
|
||||
"Unable to allocate memory"));
|
||||
@ -2038,7 +2039,7 @@ bool str_list_substitute(char **list, const char *pattern, const char *insert)
|
||||
}
|
||||
memcpy(t, *list, d);
|
||||
memcpy(t +d +li, p +lp, ls -d -lp +1);
|
||||
SAFE_FREE(*list);
|
||||
TALLOC_FREE(*list);
|
||||
*list = t;
|
||||
ls += ld;
|
||||
s = t +d +li;
|
||||
|
@ -393,9 +393,6 @@ static NTSTATUS ads_lookup_site(void)
|
||||
ADS_STRUCT *ads = NULL;
|
||||
ADS_STATUS ads_status;
|
||||
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
|
||||
struct nbt_cldap_netlogon_5 cldap_reply;
|
||||
|
||||
ZERO_STRUCT(cldap_reply);
|
||||
|
||||
ads = ads_init(lp_realm(), NULL, NULL);
|
||||
if (!ads) {
|
||||
|
@ -1504,9 +1504,9 @@ NTSTATUS rpccli_netr_ServerPasswordSet2(struct rpc_pipe_client *cli,
|
||||
const char *account_name /* [in] [charset(UTF16)] */,
|
||||
enum netr_SchannelType secure_channel_type /* [in] */,
|
||||
const char *computer_name /* [in] [charset(UTF16)] */,
|
||||
struct netr_Authenticator credential /* [in] */,
|
||||
struct netr_CryptPassword new_password /* [in] */,
|
||||
struct netr_Authenticator *return_authenticator /* [out] [ref] */)
|
||||
struct netr_Authenticator *credential /* [in] [ref] */,
|
||||
struct netr_Authenticator *return_authenticator /* [out] [ref] */,
|
||||
struct netr_CryptPassword *new_password /* [in] [ref] */)
|
||||
{
|
||||
struct netr_ServerPasswordSet2 r;
|
||||
NTSTATUS status;
|
||||
|
@ -239,9 +239,9 @@ NTSTATUS rpccli_netr_ServerPasswordSet2(struct rpc_pipe_client *cli,
|
||||
const char *account_name /* [in] [charset(UTF16)] */,
|
||||
enum netr_SchannelType secure_channel_type /* [in] */,
|
||||
const char *computer_name /* [in] [charset(UTF16)] */,
|
||||
struct netr_Authenticator credential /* [in] */,
|
||||
struct netr_CryptPassword new_password /* [in] */,
|
||||
struct netr_Authenticator *return_authenticator /* [out] [ref] */);
|
||||
struct netr_Authenticator *credential /* [in] [ref] */,
|
||||
struct netr_Authenticator *return_authenticator /* [out] [ref] */,
|
||||
struct netr_CryptPassword *new_password /* [in] [ref] */);
|
||||
NTSTATUS rpccli_netr_ServerPasswordGet(struct rpc_pipe_client *cli,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
const char *server_name /* [in] [unique,charset(UTF16)] */,
|
||||
|
@ -76,7 +76,7 @@ union PAC_INFO {
|
||||
struct PAC_SIGNATURE_DATA srv_cksum;/* [case(PAC_TYPE_SRV_CHECKSUM)] */
|
||||
struct PAC_SIGNATURE_DATA kdc_cksum;/* [case(PAC_TYPE_KDC_CHECKSUM)] */
|
||||
struct PAC_LOGON_NAME logon_name;/* [case(PAC_TYPE_LOGON_NAME)] */
|
||||
struct DATA_BLOB_REM unknown;/* [subcontext(0),case(PAC_TYPE_UNKNOWN_12)] */
|
||||
struct DATA_BLOB_REM unknown;/* [subcontext(0),default] */
|
||||
}/* [gensize,nodiscriminant,public] */;
|
||||
|
||||
struct PAC_BUFFER {
|
||||
|
@ -319,7 +319,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_PAC_INFO(struct ndr_push *ndr, int ndr_flags
|
||||
NDR_CHECK(ndr_push_PAC_LOGON_NAME(ndr, NDR_SCALARS, &r->logon_name));
|
||||
break; }
|
||||
|
||||
case PAC_TYPE_UNKNOWN_12: {
|
||||
default: {
|
||||
{
|
||||
struct ndr_push *_ndr_unknown;
|
||||
NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_unknown, 0, -1));
|
||||
@ -328,8 +328,6 @@ _PUBLIC_ enum ndr_err_code ndr_push_PAC_INFO(struct ndr_push *ndr, int ndr_flags
|
||||
}
|
||||
break; }
|
||||
|
||||
default:
|
||||
return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
|
||||
}
|
||||
}
|
||||
if (ndr_flags & NDR_BUFFERS) {
|
||||
@ -348,11 +346,9 @@ _PUBLIC_ enum ndr_err_code ndr_push_PAC_INFO(struct ndr_push *ndr, int ndr_flags
|
||||
case PAC_TYPE_LOGON_NAME:
|
||||
break;
|
||||
|
||||
case PAC_TYPE_UNKNOWN_12:
|
||||
default:
|
||||
break;
|
||||
|
||||
default:
|
||||
return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
|
||||
}
|
||||
}
|
||||
return NDR_ERR_SUCCESS;
|
||||
@ -380,7 +376,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_PAC_INFO(struct ndr_pull *ndr, int ndr_flags
|
||||
NDR_CHECK(ndr_pull_PAC_LOGON_NAME(ndr, NDR_SCALARS, &r->logon_name));
|
||||
break; }
|
||||
|
||||
case PAC_TYPE_UNKNOWN_12: {
|
||||
default: {
|
||||
{
|
||||
struct ndr_pull *_ndr_unknown;
|
||||
NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_unknown, 0, -1));
|
||||
@ -389,8 +385,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_PAC_INFO(struct ndr_pull *ndr, int ndr_flags
|
||||
}
|
||||
break; }
|
||||
|
||||
default:
|
||||
return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
|
||||
}
|
||||
}
|
||||
if (ndr_flags & NDR_BUFFERS) {
|
||||
@ -408,11 +402,9 @@ _PUBLIC_ enum ndr_err_code ndr_pull_PAC_INFO(struct ndr_pull *ndr, int ndr_flags
|
||||
case PAC_TYPE_LOGON_NAME:
|
||||
break;
|
||||
|
||||
case PAC_TYPE_UNKNOWN_12:
|
||||
default:
|
||||
break;
|
||||
|
||||
default:
|
||||
return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
|
||||
}
|
||||
}
|
||||
return NDR_ERR_SUCCESS;
|
||||
@ -440,12 +432,10 @@ _PUBLIC_ void ndr_print_PAC_INFO(struct ndr_print *ndr, const char *name, const
|
||||
ndr_print_PAC_LOGON_NAME(ndr, "logon_name", &r->logon_name);
|
||||
break;
|
||||
|
||||
case PAC_TYPE_UNKNOWN_12:
|
||||
default:
|
||||
ndr_print_DATA_BLOB_REM(ndr, "unknown", &r->unknown);
|
||||
break;
|
||||
|
||||
default:
|
||||
ndr_print_bad_level(ndr, name, level);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -12310,8 +12310,14 @@ static enum ndr_err_code ndr_push_netr_ServerPasswordSet2(struct ndr_push *ndr,
|
||||
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
|
||||
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.computer_name, CH_UTF16)));
|
||||
NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.computer_name, ndr_charset_length(r->in.computer_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
|
||||
NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, &r->in.credential));
|
||||
NDR_CHECK(ndr_push_netr_CryptPassword(ndr, NDR_SCALARS, &r->in.new_password));
|
||||
if (r->in.credential == NULL) {
|
||||
return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
|
||||
}
|
||||
NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, r->in.credential));
|
||||
if (r->in.new_password == NULL) {
|
||||
return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
|
||||
}
|
||||
NDR_CHECK(ndr_push_netr_CryptPassword(ndr, NDR_SCALARS, r->in.new_password));
|
||||
}
|
||||
if (flags & NDR_OUT) {
|
||||
if (r->out.return_authenticator == NULL) {
|
||||
@ -12327,7 +12333,9 @@ static enum ndr_err_code ndr_pull_netr_ServerPasswordSet2(struct ndr_pull *ndr,
|
||||
{
|
||||
uint32_t _ptr_server_name;
|
||||
TALLOC_CTX *_mem_save_server_name_0;
|
||||
TALLOC_CTX *_mem_save_credential_0;
|
||||
TALLOC_CTX *_mem_save_return_authenticator_0;
|
||||
TALLOC_CTX *_mem_save_new_password_0;
|
||||
if (flags & NDR_IN) {
|
||||
ZERO_STRUCT(r->out);
|
||||
|
||||
@ -12364,8 +12372,20 @@ static enum ndr_err_code ndr_pull_netr_ServerPasswordSet2(struct ndr_pull *ndr,
|
||||
}
|
||||
NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t)));
|
||||
NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16));
|
||||
NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, &r->in.credential));
|
||||
NDR_CHECK(ndr_pull_netr_CryptPassword(ndr, NDR_SCALARS, &r->in.new_password));
|
||||
if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
|
||||
NDR_PULL_ALLOC(ndr, r->in.credential);
|
||||
}
|
||||
_mem_save_credential_0 = NDR_PULL_GET_MEM_CTX(ndr);
|
||||
NDR_PULL_SET_MEM_CTX(ndr, r->in.credential, LIBNDR_FLAG_REF_ALLOC);
|
||||
NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, r->in.credential));
|
||||
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_credential_0, LIBNDR_FLAG_REF_ALLOC);
|
||||
if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
|
||||
NDR_PULL_ALLOC(ndr, r->in.new_password);
|
||||
}
|
||||
_mem_save_new_password_0 = NDR_PULL_GET_MEM_CTX(ndr);
|
||||
NDR_PULL_SET_MEM_CTX(ndr, r->in.new_password, LIBNDR_FLAG_REF_ALLOC);
|
||||
NDR_CHECK(ndr_pull_netr_CryptPassword(ndr, NDR_SCALARS, r->in.new_password));
|
||||
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_new_password_0, LIBNDR_FLAG_REF_ALLOC);
|
||||
NDR_PULL_ALLOC(ndr, r->out.return_authenticator);
|
||||
ZERO_STRUCTP(r->out.return_authenticator);
|
||||
}
|
||||
@ -12401,8 +12421,14 @@ _PUBLIC_ void ndr_print_netr_ServerPasswordSet2(struct ndr_print *ndr, const cha
|
||||
ndr_print_string(ndr, "account_name", r->in.account_name);
|
||||
ndr_print_netr_SchannelType(ndr, "secure_channel_type", r->in.secure_channel_type);
|
||||
ndr_print_string(ndr, "computer_name", r->in.computer_name);
|
||||
ndr_print_netr_Authenticator(ndr, "credential", &r->in.credential);
|
||||
ndr_print_netr_CryptPassword(ndr, "new_password", &r->in.new_password);
|
||||
ndr_print_ptr(ndr, "credential", r->in.credential);
|
||||
ndr->depth++;
|
||||
ndr_print_netr_Authenticator(ndr, "credential", r->in.credential);
|
||||
ndr->depth--;
|
||||
ndr_print_ptr(ndr, "new_password", r->in.new_password);
|
||||
ndr->depth++;
|
||||
ndr_print_netr_CryptPassword(ndr, "new_password", r->in.new_password);
|
||||
ndr->depth--;
|
||||
ndr->depth--;
|
||||
}
|
||||
if (flags & NDR_OUT) {
|
||||
|
@ -1355,8 +1355,8 @@ struct netr_ServerPasswordSet2 {
|
||||
const char *account_name;/* [charset(UTF16)] */
|
||||
enum netr_SchannelType secure_channel_type;
|
||||
const char *computer_name;/* [charset(UTF16)] */
|
||||
struct netr_Authenticator credential;
|
||||
struct netr_CryptPassword new_password;
|
||||
struct netr_Authenticator *credential;/* [ref] */
|
||||
struct netr_CryptPassword *new_password;/* [ref] */
|
||||
} in;
|
||||
|
||||
struct {
|
||||
|
@ -70,7 +70,7 @@ interface krb5pac
|
||||
[case(PAC_TYPE_SRV_CHECKSUM)] PAC_SIGNATURE_DATA srv_cksum;
|
||||
[case(PAC_TYPE_KDC_CHECKSUM)] PAC_SIGNATURE_DATA kdc_cksum;
|
||||
[case(PAC_TYPE_LOGON_NAME)] PAC_LOGON_NAME logon_name;
|
||||
[case(PAC_TYPE_UNKNOWN_12)] [subcontext(0)] DATA_BLOB_REM unknown;
|
||||
[default] [subcontext(0)] DATA_BLOB_REM unknown;
|
||||
/* [case(PAC_TYPE_UNKNOWN_12)] PAC_UNKNOWN_12 unknown; */
|
||||
} PAC_INFO;
|
||||
|
||||
|
@ -1182,9 +1182,9 @@ interface netlogon
|
||||
[in] [string,charset(UTF16)] uint16 account_name[],
|
||||
[in] netr_SchannelType secure_channel_type,
|
||||
[in] [string,charset(UTF16)] uint16 computer_name[],
|
||||
[in] netr_Authenticator credential,
|
||||
[in] netr_CryptPassword new_password,
|
||||
[out,ref] netr_Authenticator *return_authenticator
|
||||
[in,ref] netr_Authenticator *credential,
|
||||
[out,ref] netr_Authenticator *return_authenticator,
|
||||
[in,ref] netr_CryptPassword *new_password
|
||||
);
|
||||
|
||||
/****************/
|
||||
|
@ -1910,7 +1910,7 @@ static krb5_error_code ads_krb5_get_fwd_ticket( krb5_context context,
|
||||
}
|
||||
|
||||
/* We now have a service ticket, now turn it into an AP-REQ. */
|
||||
authenticator->length = ntohs(fwdData.length + GSSAPI_CHECKSUM_SIZE);
|
||||
authenticator->length = fwdData.length + GSSAPI_CHECKSUM_SIZE;
|
||||
|
||||
/* Caller should call free() when they're done with this. */
|
||||
authenticator->data = (char *)pChksum;
|
||||
|
@ -31,34 +31,60 @@
|
||||
|
||||
static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
|
||||
const unsigned char orig_trust_passwd_hash[16],
|
||||
const char *new_trust_pwd_cleartext,
|
||||
const unsigned char new_trust_passwd_hash[16],
|
||||
uint32 sec_channel_type)
|
||||
{
|
||||
NTSTATUS result;
|
||||
uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
|
||||
|
||||
/* Check if the netlogon pipe is open using schannel. If so we
|
||||
already have valid creds. If not we must set them up. */
|
||||
result = rpccli_netlogon_setup_creds(cli,
|
||||
cli->desthost, /* server name */
|
||||
lp_workgroup(), /* domain */
|
||||
global_myname(), /* client name */
|
||||
global_myname(), /* machine account name */
|
||||
orig_trust_passwd_hash,
|
||||
sec_channel_type,
|
||||
&neg_flags);
|
||||
|
||||
if (cli->auth->auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
|
||||
uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
|
||||
|
||||
result = rpccli_netlogon_setup_creds(cli,
|
||||
cli->desthost, /* server name */
|
||||
lp_workgroup(), /* domain */
|
||||
global_myname(), /* client name */
|
||||
global_myname(), /* machine account name */
|
||||
orig_trust_passwd_hash,
|
||||
sec_channel_type,
|
||||
&neg_flags);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n",
|
||||
nt_errstr(result)));
|
||||
return result;
|
||||
}
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n",
|
||||
nt_errstr(result)));
|
||||
return result;
|
||||
}
|
||||
|
||||
{
|
||||
if (neg_flags & NETLOGON_NEG_PASSWORD_SET2) {
|
||||
|
||||
struct netr_Authenticator clnt_creds, srv_cred;
|
||||
struct netr_CryptPassword new_password;
|
||||
struct samr_CryptPassword password_buf;
|
||||
|
||||
netlogon_creds_client_step(cli->dc, &clnt_creds);
|
||||
|
||||
encode_pw_buffer(password_buf.data, new_trust_pwd_cleartext, STR_UNICODE);
|
||||
|
||||
SamOEMhash(password_buf.data, cli->dc->sess_key, 516);
|
||||
memcpy(new_password.data, password_buf.data, 512);
|
||||
new_password.length = IVAL(password_buf.data, 512);
|
||||
|
||||
result = rpccli_netr_ServerPasswordSet2(cli, mem_ctx,
|
||||
cli->dc->remote_machine,
|
||||
cli->dc->mach_acct,
|
||||
sec_channel_type,
|
||||
global_myname(),
|
||||
&clnt_creds,
|
||||
&srv_cred,
|
||||
&new_password);
|
||||
|
||||
/* Always check returned credentials. */
|
||||
if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) {
|
||||
DEBUG(0,("rpccli_netr_ServerPasswordSet2: "
|
||||
"credentials chain check failed\n"));
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
} else {
|
||||
|
||||
struct netr_Authenticator clnt_creds, srv_cred;
|
||||
struct samr_Password new_password;
|
||||
|
||||
@ -118,8 +144,11 @@ NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *m
|
||||
|
||||
E_md4hash(new_trust_passwd, new_trust_passwd_hash);
|
||||
|
||||
nt_status = just_change_the_password(cli, mem_ctx, orig_trust_passwd_hash,
|
||||
new_trust_passwd_hash, sec_channel_type);
|
||||
nt_status = just_change_the_password(cli, mem_ctx,
|
||||
orig_trust_passwd_hash,
|
||||
new_trust_passwd,
|
||||
new_trust_passwd_hash,
|
||||
sec_channel_type);
|
||||
|
||||
if (NT_STATUS_IS_OK(nt_status)) {
|
||||
DEBUG(3,("%s : trust_pw_change_and_store_it: Changed password.\n",
|
||||
|
4
source3/m4/aclocal.m4
vendored
4
source3/m4/aclocal.m4
vendored
@ -139,7 +139,7 @@ if eval test x"$build_lib" = "xyes" ; then
|
||||
LIBUC[_SHARED]=$LIBUC[_SHARED_TARGET]
|
||||
AC_MSG_RESULT(yes)
|
||||
if test x"$USESHARED" != x"true" -o x"$[LINK_]LIBUC" = "xSTATIC" ; then
|
||||
LIBUC[_STATIC]=$LIBUC[_STATIC_TARGET]
|
||||
enable_static=yes
|
||||
else
|
||||
LIBUC[_LIBS]=LIBLIBS
|
||||
fi
|
||||
@ -152,7 +152,7 @@ else
|
||||
AC_MSG_RESULT(shared library not selected, but will supply static library)
|
||||
fi
|
||||
if test $enable_static = yes; then
|
||||
LIBUC[_STATIC]=$LIBUC[_STATIC_TARGET]
|
||||
LIBUC[_STATIC]=[\$\(]LIBUC[_OBJ0\)]
|
||||
fi
|
||||
|
||||
m4_popdef([LIBNAME])
|
||||
|
@ -200,9 +200,9 @@ static bool tsmsm_is_offline(struct vfs_handle_struct *handle,
|
||||
goto done;
|
||||
}
|
||||
|
||||
lerrno = 0;
|
||||
|
||||
do {
|
||||
lerrno = 0;
|
||||
|
||||
ret = dm_get_dmattr(*dmsession_id, dmhandle, dmhandle_len,
|
||||
DM_NO_TOKEN, &dmname, buflen, buf, &rlen);
|
||||
if (ret == -1 && errno == EINVAL) {
|
||||
@ -279,10 +279,13 @@ static ssize_t tsmsm_aio_return(struct vfs_handle_struct *handle, struct files_s
|
||||
static ssize_t tsmsm_sendfile(vfs_handle_struct *handle, int tofd, files_struct *fsp, const DATA_BLOB *hdr,
|
||||
SMB_OFF_T offset, size_t n)
|
||||
{
|
||||
bool file_online = tsmsm_aio_force(handle, fsp);
|
||||
bool file_offline = tsmsm_aio_force(handle, fsp);
|
||||
|
||||
if(!file_online)
|
||||
return ENOSYS;
|
||||
if (file_offline) {
|
||||
DEBUG(10,("tsmsm_sendfile on offline file - rejecting\n"));
|
||||
errno = ENOSYS;
|
||||
return -1;
|
||||
}
|
||||
|
||||
return SMB_VFS_NEXT_SENDFILE(handle, tofd, fsp, hdr, offset, n);
|
||||
}
|
||||
@ -333,7 +336,7 @@ static int tsmsm_set_offline(struct vfs_handle_struct *handle,
|
||||
|
||||
if (tsmd->hsmscript == NULL) {
|
||||
/* no script enabled */
|
||||
DEBUG(1, ("tsmsm_set_offline: No tsmsm:hsmscript configured\n"));
|
||||
DEBUG(1, ("tsmsm_set_offline: No 'tsmsm:hsm script' configured\n"));
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -296,8 +296,8 @@ static void reload_interfaces(time_t t)
|
||||
|
||||
BlockSignals(false, SIGTERM);
|
||||
|
||||
/* We only count IPv4 interfaces here. */
|
||||
while (iface_count_v4() == 0 && !got_sig_term) {
|
||||
/* We only count IPv4, non-loopback interfaces here. */
|
||||
while (iface_count_v4_nl() == 0 && !got_sig_term) {
|
||||
sleep(5);
|
||||
load_interfaces();
|
||||
}
|
||||
|
@ -434,7 +434,7 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
|
||||
char *component, *dc, *q1;
|
||||
char *q_orig = q;
|
||||
int str_offset;
|
||||
char *saveptr;
|
||||
char *saveptr = NULL;
|
||||
|
||||
domain = get_mydnsdomname(talloc_tos());
|
||||
if (!domain) {
|
||||
|
@ -195,19 +195,20 @@ struct subnet_record *make_normal_subnet(const struct interface *iface)
|
||||
bool create_subnets(void)
|
||||
{
|
||||
/* We only count IPv4 interfaces whilst we're waiting. */
|
||||
int num_interfaces = iface_count_v4();
|
||||
int num_interfaces;
|
||||
int i;
|
||||
struct in_addr unicast_ip, ipzero;
|
||||
|
||||
try_interfaces_again:
|
||||
|
||||
if (iface_count_v4() == 0) {
|
||||
DEBUG(0,("create_subnets: No local interfaces !\n"));
|
||||
/* Only count IPv4, non-loopback interfaces. */
|
||||
if (iface_count_v4_nl() == 0) {
|
||||
DEBUG(0,("create_subnets: No local IPv4 non-loopback interfaces !\n"));
|
||||
DEBUG(0,("create_subnets: Waiting for an interface to appear ...\n"));
|
||||
}
|
||||
|
||||
/* We only count IPv4 interfaces here. */
|
||||
while (iface_count_v4() == 0) {
|
||||
/* We only count IPv4, non-loopback interfaces here. */
|
||||
while (iface_count_v4_nl() == 0) {
|
||||
void (*saved_handler)(int);
|
||||
|
||||
/*
|
||||
|
@ -12,6 +12,78 @@
|
||||
|
||||
#include "pam_winbind.h"
|
||||
|
||||
static const char *_pam_error_code_str(int err)
|
||||
{
|
||||
switch (err) {
|
||||
case PAM_SUCCESS:
|
||||
return "PAM_SUCCESS";
|
||||
case PAM_OPEN_ERR:
|
||||
return "PAM_OPEN_ERR";
|
||||
case PAM_SYMBOL_ERR:
|
||||
return "PAM_SYMBOL_ERR";
|
||||
case PAM_SERVICE_ERR:
|
||||
return "PAM_SERVICE_ERR";
|
||||
case PAM_SYSTEM_ERR:
|
||||
return "PAM_SYSTEM_ERR";
|
||||
case PAM_BUF_ERR:
|
||||
return "PAM_BUF_ERR";
|
||||
case PAM_PERM_DENIED:
|
||||
return "PAM_PERM_DENIED";
|
||||
case PAM_AUTH_ERR:
|
||||
return "PAM_AUTH_ERR";
|
||||
case PAM_CRED_INSUFFICIENT:
|
||||
return "PAM_CRED_INSUFFICIENT";
|
||||
case PAM_AUTHINFO_UNAVAIL:
|
||||
return "PAM_AUTHINFO_UNAVAIL";
|
||||
case PAM_USER_UNKNOWN:
|
||||
return "PAM_USER_UNKNOWN";
|
||||
case PAM_MAXTRIES:
|
||||
return "PAM_MAXTRIES";
|
||||
case PAM_NEW_AUTHTOK_REQD:
|
||||
return "PAM_NEW_AUTHTOK_REQD";
|
||||
case PAM_ACCT_EXPIRED:
|
||||
return "PAM_ACCT_EXPIRED";
|
||||
case PAM_SESSION_ERR:
|
||||
return "PAM_SESSION_ERR";
|
||||
case PAM_CRED_UNAVAIL:
|
||||
return "PAM_CRED_UNAVAIL";
|
||||
case PAM_CRED_EXPIRED:
|
||||
return "PAM_CRED_EXPIRED";
|
||||
case PAM_CRED_ERR:
|
||||
return "PAM_CRED_ERR";
|
||||
case PAM_NO_MODULE_DATA:
|
||||
return "PAM_NO_MODULE_DATA";
|
||||
case PAM_CONV_ERR:
|
||||
return "PAM_CONV_ERR";
|
||||
case PAM_AUTHTOK_ERR:
|
||||
return "PAM_AUTHTOK_ERR";
|
||||
case PAM_AUTHTOK_RECOVERY_ERR:
|
||||
return "PAM_AUTHTOK_RECOVERY_ERR";
|
||||
case PAM_AUTHTOK_LOCK_BUSY:
|
||||
return "PAM_AUTHTOK_LOCK_BUSY";
|
||||
case PAM_AUTHTOK_DISABLE_AGING:
|
||||
return "PAM_AUTHTOK_DISABLE_AGING";
|
||||
case PAM_TRY_AGAIN:
|
||||
return "PAM_TRY_AGAIN";
|
||||
case PAM_IGNORE:
|
||||
return "PAM_IGNORE";
|
||||
case PAM_ABORT:
|
||||
return "PAM_ABORT";
|
||||
case PAM_AUTHTOK_EXPIRED:
|
||||
return "PAM_AUTHTOK_EXPIRED";
|
||||
case PAM_MODULE_UNKNOWN:
|
||||
return "PAM_MODULE_UNKNOWN";
|
||||
case PAM_BAD_ITEM:
|
||||
return "PAM_BAD_ITEM";
|
||||
case PAM_CONV_AGAIN:
|
||||
return "PAM_CONV_AGAIN";
|
||||
case PAM_INCOMPLETE:
|
||||
return "PAM_INCOMPLETE";
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
#define _PAM_LOG_FUNCTION_ENTER(function, ctx) \
|
||||
do { \
|
||||
_pam_log_debug(ctx, LOG_DEBUG, "[pamh: %p] ENTER: " \
|
||||
@ -22,7 +94,8 @@
|
||||
#define _PAM_LOG_FUNCTION_LEAVE(function, ctx, retval) \
|
||||
do { \
|
||||
_pam_log_debug(ctx, LOG_DEBUG, "[pamh: %p] LEAVE: " \
|
||||
function " returning %d", ctx->pamh, retval); \
|
||||
function " returning %d (%s)", ctx->pamh, retval, \
|
||||
_pam_error_code_str(retval)); \
|
||||
_pam_log_state(ctx); \
|
||||
} while (0)
|
||||
|
||||
@ -698,8 +771,7 @@ static int pam_winbind_request_log(struct pwb_context *ctx,
|
||||
/**
|
||||
* send a password expiry message if required
|
||||
*
|
||||
* @param pamh PAM handle
|
||||
* @param ctrl PAM winbind options.
|
||||
* @param ctx PAM winbind context.
|
||||
* @param next_change expected (calculated) next expiry date.
|
||||
* @param already_expired pointer to a boolean to indicate if the password is
|
||||
* already expired.
|
||||
@ -760,8 +832,7 @@ static bool _pam_send_password_expiry_message(struct pwb_context *ctx,
|
||||
/**
|
||||
* Send a warning if the password expires in the near future
|
||||
*
|
||||
* @param pamh PAM handle
|
||||
* @param ctrl PAM winbind options.
|
||||
* @param ctx PAM winbind context.
|
||||
* @param response The full authentication response structure.
|
||||
* @param already_expired boolean, is the pwd already expired?
|
||||
*
|
||||
@ -850,8 +921,7 @@ static bool safe_append_string(char *dest,
|
||||
/**
|
||||
* Convert a names into a SID string, appending it to a buffer.
|
||||
*
|
||||
* @param pamh PAM handle
|
||||
* @param ctrl PAM winbind options.
|
||||
* @param ctx PAM winbind context.
|
||||
* @param user User in PAM request.
|
||||
* @param name Name to convert.
|
||||
* @param sid_list_buffer Where to append the string sid.
|
||||
@ -906,8 +976,7 @@ static bool winbind_name_to_sid_string(struct pwb_context *ctx,
|
||||
/**
|
||||
* Convert a list of names into a list of sids.
|
||||
*
|
||||
* @param pamh PAM handle
|
||||
* @param ctrl PAM winbind options.
|
||||
* @param ctx PAM winbind context.
|
||||
* @param user User in PAM request.
|
||||
* @param name_list List of names or string sids, separated by commas.
|
||||
* @param sid_list_buffer Where to put the list of string sids.
|
||||
@ -971,8 +1040,7 @@ out:
|
||||
/**
|
||||
* put krb5ccname variable into environment
|
||||
*
|
||||
* @param pamh PAM handle
|
||||
* @param ctrl PAM winbind options.
|
||||
* @param ctx PAM winbind context.
|
||||
* @param krb5ccname env variable retrieved from winbindd.
|
||||
*
|
||||
* @return void.
|
||||
@ -1010,8 +1078,7 @@ static void _pam_setup_krb5_env(struct pwb_context *ctx,
|
||||
/**
|
||||
* Set string into the PAM stack.
|
||||
*
|
||||
* @param pamh PAM handle
|
||||
* @param ctrl PAM winbind options.
|
||||
* @param ctx PAM winbind context.
|
||||
* @param data_name Key name for pam_set_data.
|
||||
* @param value String value.
|
||||
*
|
||||
@ -1042,8 +1109,7 @@ static void _pam_set_data_string(struct pwb_context *ctx,
|
||||
/**
|
||||
* Set info3 strings into the PAM stack.
|
||||
*
|
||||
* @param pamh PAM handle
|
||||
* @param ctrl PAM winbind options.
|
||||
* @param ctx PAM winbind context.
|
||||
* @param data_name Key name for pam_set_data.
|
||||
* @param value String value.
|
||||
*
|
||||
@ -1082,8 +1148,7 @@ static void _pam_free_data_info3(pam_handle_t *pamh)
|
||||
/**
|
||||
* Send PAM_ERROR_MSG for cached or grace logons.
|
||||
*
|
||||
* @param pamh PAM handle
|
||||
* @param ctrl PAM winbind options.
|
||||
* @param ctx PAM winbind context.
|
||||
* @param username User in PAM request.
|
||||
* @param info3_user_flgs Info3 flags containing logon type bits.
|
||||
*
|
||||
@ -1120,8 +1185,7 @@ static void _pam_warn_logon_type(struct pwb_context *ctx,
|
||||
/**
|
||||
* Send PAM_ERROR_MSG for krb5 errors.
|
||||
*
|
||||
* @param pamh PAM handle
|
||||
* @param ctrl PAM winbind options.
|
||||
* @param ctx PAM winbind context.
|
||||
* @param username User in PAM request.
|
||||
* @param info3_user_flgs Info3 flags containing logon type bits.
|
||||
*
|
||||
@ -1869,8 +1933,7 @@ static int get_warn_pwd_expire_from_config(struct pwb_context *ctx)
|
||||
/**
|
||||
* Retrieve the winbind separator.
|
||||
*
|
||||
* @param pamh PAM handle
|
||||
* @param ctrl PAM winbind options.
|
||||
* @param ctx PAM winbind context.
|
||||
*
|
||||
* @return string separator character. NULL on failure.
|
||||
*/
|
||||
@ -1894,8 +1957,7 @@ static char winbind_get_separator(struct pwb_context *ctx)
|
||||
/**
|
||||
* Convert a upn to a name.
|
||||
*
|
||||
* @param pamh PAM handle
|
||||
* @param ctrl PAM winbind options.
|
||||
* @param ctx PAM winbind context.
|
||||
* @param upn USer UPN to be trabslated.
|
||||
*
|
||||
* @return converted name. NULL pointer on failure. Caller needs to free.
|
||||
@ -2370,8 +2432,7 @@ out:
|
||||
* evaluate whether we need to re-authenticate with kerberos after a
|
||||
* password change
|
||||
*
|
||||
* @param pamh PAM handle
|
||||
* @param ctrl PAM winbind options.
|
||||
* @param ctx PAM winbind context.
|
||||
* @param user The username
|
||||
*
|
||||
* @return boolean Returns true if required, false if not.
|
||||
|
@ -83,20 +83,20 @@ do { \
|
||||
#include <security/pam_ext.h>
|
||||
#endif
|
||||
|
||||
#define WINBIND_DEBUG_ARG (1<<0)
|
||||
#define WINBIND_USE_AUTHTOK_ARG (1<<1)
|
||||
#define WINBIND_UNKNOWN_OK_ARG (1<<2)
|
||||
#define WINBIND_TRY_FIRST_PASS_ARG (1<<3)
|
||||
#define WINBIND_USE_FIRST_PASS_ARG (1<<4)
|
||||
#define WINBIND__OLD_PASSWORD (1<<5)
|
||||
#define WINBIND_REQUIRED_MEMBERSHIP (1<<6)
|
||||
#define WINBIND_KRB5_AUTH (1<<7)
|
||||
#define WINBIND_KRB5_CCACHE_TYPE (1<<8)
|
||||
#define WINBIND_CACHED_LOGIN (1<<9)
|
||||
#define WINBIND_CONFIG_FILE (1<<10)
|
||||
#define WINBIND_SILENT (1<<11)
|
||||
#define WINBIND_DEBUG_STATE (1<<12)
|
||||
#define WINBIND_WARN_PWD_EXPIRE (1<<13)
|
||||
#define WINBIND_DEBUG_ARG 0x00000001
|
||||
#define WINBIND_USE_AUTHTOK_ARG 0x00000002
|
||||
#define WINBIND_UNKNOWN_OK_ARG 0x00000004
|
||||
#define WINBIND_TRY_FIRST_PASS_ARG 0x00000008
|
||||
#define WINBIND_USE_FIRST_PASS_ARG 0x00000010
|
||||
#define WINBIND__OLD_PASSWORD 0x00000020
|
||||
#define WINBIND_REQUIRED_MEMBERSHIP 0x00000040
|
||||
#define WINBIND_KRB5_AUTH 0x00000080
|
||||
#define WINBIND_KRB5_CCACHE_TYPE 0x00000100
|
||||
#define WINBIND_CACHED_LOGIN 0x00000200
|
||||
#define WINBIND_CONFIG_FILE 0x00000400
|
||||
#define WINBIND_SILENT 0x00000800
|
||||
#define WINBIND_DEBUG_STATE 0x00001000
|
||||
#define WINBIND_WARN_PWD_EXPIRE 0x00002000
|
||||
|
||||
/*
|
||||
* here is the string to inform the user that the new passwords they
|
||||
|
@ -176,11 +176,13 @@ static int winbind_named_pipe_sock(const char *dir)
|
||||
/* Check permissions on unix socket directory */
|
||||
|
||||
if (lstat(dir, &st) == -1) {
|
||||
errno = ENOENT;
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (!S_ISDIR(st.st_mode) ||
|
||||
(st.st_uid != 0 && st.st_uid != geteuid())) {
|
||||
errno = ENOENT;
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -199,6 +201,7 @@ static int winbind_named_pipe_sock(const char *dir)
|
||||
the winbindd daemon is not running. */
|
||||
|
||||
if (lstat(path, &st) == -1) {
|
||||
errno = ENOENT;
|
||||
SAFE_FREE(path);
|
||||
return -1;
|
||||
}
|
||||
@ -208,6 +211,7 @@ static int winbind_named_pipe_sock(const char *dir)
|
||||
|
||||
if (!S_ISSOCK(st.st_mode) ||
|
||||
(st.st_uid != 0 && st.st_uid != geteuid())) {
|
||||
errno = ENOENT;
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -368,6 +372,7 @@ int winbind_write_sock(void *buffer, int count, int recursing, int need_priv)
|
||||
restart:
|
||||
|
||||
if (winbind_open_pipe_sock(recursing, need_priv) == -1) {
|
||||
errno = ENOENT;
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -564,7 +569,11 @@ NSS_STATUS winbindd_send_request(int req_type, int need_priv,
|
||||
|
||||
if (winbind_write_sock(request, sizeof(*request),
|
||||
request->wb_flags & WBFLAG_RECURSE,
|
||||
need_priv) == -1) {
|
||||
need_priv) == -1)
|
||||
{
|
||||
/* Set ENOENT for consistency. Required by some apps */
|
||||
errno = ENOENT;
|
||||
|
||||
return NSS_STATUS_UNAVAIL;
|
||||
}
|
||||
|
||||
@ -572,7 +581,11 @@ NSS_STATUS winbindd_send_request(int req_type, int need_priv,
|
||||
(winbind_write_sock(request->extra_data.data,
|
||||
request->extra_len,
|
||||
request->wb_flags & WBFLAG_RECURSE,
|
||||
need_priv) == -1)) {
|
||||
need_priv) == -1))
|
||||
{
|
||||
/* Set ENOENT for consistency. Required by some apps */
|
||||
errno = ENOENT;
|
||||
|
||||
return NSS_STATUS_UNAVAIL;
|
||||
}
|
||||
|
||||
@ -596,6 +609,9 @@ NSS_STATUS winbindd_get_response(struct winbindd_response *response)
|
||||
|
||||
/* Wait for reply */
|
||||
if (winbindd_read_reply(response) == -1) {
|
||||
/* Set ENOENT for consistency. Required by some apps */
|
||||
errno = ENOENT;
|
||||
|
||||
return NSS_STATUS_UNAVAIL;
|
||||
}
|
||||
|
||||
|
@ -879,6 +879,33 @@ static bool wbinfo_lookupname(const char *full_name)
|
||||
return true;
|
||||
}
|
||||
|
||||
static char *wbinfo_prompt_pass(const char *prefix,
|
||||
const char *username)
|
||||
{
|
||||
char *prompt;
|
||||
const char *ret = NULL;
|
||||
|
||||
prompt = talloc_asprintf(talloc_tos(), "Enter %s's ", username);
|
||||
if (!prompt) {
|
||||
return NULL;
|
||||
}
|
||||
if (prefix) {
|
||||
prompt = talloc_asprintf_append(prompt, "%s ", prefix);
|
||||
if (!prompt) {
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
prompt = talloc_asprintf_append(prompt, "password: ");
|
||||
if (!prompt) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ret = getpass(prompt);
|
||||
TALLOC_FREE(prompt);
|
||||
|
||||
return SMB_STRDUP(ret);
|
||||
}
|
||||
|
||||
/* Authenticate a user with a plaintext password */
|
||||
|
||||
static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32 flags)
|
||||
@ -887,6 +914,7 @@ static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32 flags)
|
||||
struct winbindd_response response;
|
||||
NSS_STATUS result;
|
||||
char *p;
|
||||
char *password;
|
||||
|
||||
/* Send off request */
|
||||
|
||||
@ -900,8 +928,12 @@ static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32 flags)
|
||||
fstrcpy(request.data.auth.user, username);
|
||||
fstrcpy(request.data.auth.pass, p + 1);
|
||||
*p = '%';
|
||||
} else
|
||||
} else {
|
||||
fstrcpy(request.data.auth.user, username);
|
||||
password = wbinfo_prompt_pass(NULL, username);
|
||||
fstrcpy(request.data.auth.pass, password);
|
||||
SAFE_FREE(password);
|
||||
}
|
||||
|
||||
request.flags = flags;
|
||||
|
||||
@ -947,7 +979,7 @@ static bool wbinfo_auth(char *username)
|
||||
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
|
||||
char *s = NULL;
|
||||
char *p = NULL;
|
||||
const char *password = NULL;
|
||||
char *password = NULL;
|
||||
char *name = NULL;
|
||||
|
||||
if ((s = SMB_STRDUP(username)) == NULL) {
|
||||
@ -957,16 +989,9 @@ static bool wbinfo_auth(char *username)
|
||||
if ((p = strchr(s, '%')) != NULL) {
|
||||
*p = 0;
|
||||
p++;
|
||||
password = p;
|
||||
password = SMB_STRDUP(p);
|
||||
} else {
|
||||
char *prompt;
|
||||
asprintf(&prompt, "Enter %s's password:", username);
|
||||
if (!prompt) {
|
||||
return false;
|
||||
}
|
||||
|
||||
password = getpass(prompt);
|
||||
SAFE_FREE(prompt);
|
||||
password = wbinfo_prompt_pass(NULL, username);
|
||||
}
|
||||
|
||||
name = s;
|
||||
@ -985,6 +1010,7 @@ static bool wbinfo_auth(char *username)
|
||||
#endif
|
||||
|
||||
SAFE_FREE(s);
|
||||
SAFE_FREE(password);
|
||||
|
||||
return WBC_ERROR_IS_OK(wbc_status);
|
||||
}
|
||||
@ -1001,26 +1027,18 @@ static bool wbinfo_auth_crap(char *username)
|
||||
DATA_BLOB nt = data_blob_null;
|
||||
fstring name_user;
|
||||
fstring name_domain;
|
||||
fstring pass;
|
||||
char *pass;
|
||||
char *p;
|
||||
|
||||
p = strchr(username, '%');
|
||||
|
||||
if (p) {
|
||||
*p = 0;
|
||||
fstrcpy(pass, p + 1);
|
||||
pass = SMB_STRDUP(p + 1);
|
||||
} else {
|
||||
char *prompt;
|
||||
asprintf(&prompt, "Enter %s's password:", username);
|
||||
if (!prompt) {
|
||||
return false;
|
||||
}
|
||||
|
||||
fstrcpy(pass, getpass(prompt));
|
||||
SAFE_FREE(prompt);
|
||||
|
||||
pass = wbinfo_prompt_pass(NULL, username);
|
||||
}
|
||||
|
||||
|
||||
parse_wbinfo_domain_user(username, name_domain, name_user);
|
||||
|
||||
params.account_name = name_user;
|
||||
@ -1049,6 +1067,7 @@ static bool wbinfo_auth_crap(char *username)
|
||||
&lm, &nt, NULL)) {
|
||||
data_blob_free(&names_blob);
|
||||
data_blob_free(&server_chal);
|
||||
SAFE_FREE(pass);
|
||||
return false;
|
||||
}
|
||||
data_blob_free(&names_blob);
|
||||
@ -1093,6 +1112,7 @@ static bool wbinfo_auth_crap(char *username)
|
||||
|
||||
data_blob_free(&nt);
|
||||
data_blob_free(&lm);
|
||||
SAFE_FREE(pass);
|
||||
|
||||
return WBC_ERROR_IS_OK(wbc_status);
|
||||
}
|
||||
|
@ -359,7 +359,9 @@ parse_response(int af, nss_XbyY_args_t* argp, struct winbindd_response *response
|
||||
int addrcount = 0;
|
||||
int len = 0;
|
||||
struct in_addr *addrp;
|
||||
#if defined(AF_INET6)
|
||||
struct in6_addr *addrp6;
|
||||
#endif
|
||||
int i;
|
||||
|
||||
/* response is tab separated list of ip addresses with hostname
|
||||
@ -391,7 +393,9 @@ parse_response(int af, nss_XbyY_args_t* argp, struct winbindd_response *response
|
||||
addrp -= addrcount;
|
||||
he->h_addr_list = (char **)ROUND_DOWN(addrp, sizeof (char*));
|
||||
he->h_addr_list -= addrcount+1;
|
||||
} else {
|
||||
}
|
||||
#if defined(AF_INET6)
|
||||
else {
|
||||
he->h_length = sizeof(struct in6_addr);
|
||||
addrp6 = (struct in6_addr *)ROUND_DOWN(buffer + buflen,
|
||||
sizeof(struct in6_addr));
|
||||
@ -399,6 +403,7 @@ parse_response(int af, nss_XbyY_args_t* argp, struct winbindd_response *response
|
||||
he->h_addr_list = (char **)ROUND_DOWN(addrp6, sizeof (char*));
|
||||
he->h_addr_list -= addrcount+1;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* buffer too small?! */
|
||||
if((char *)he->h_addr_list < buffer ) {
|
||||
@ -418,7 +423,9 @@ parse_response(int af, nss_XbyY_args_t* argp, struct winbindd_response *response
|
||||
argp->erange = 1;
|
||||
return NSS_STR_PARSE_ERANGE;
|
||||
}
|
||||
} else {
|
||||
}
|
||||
#if defined(AF_INET6)
|
||||
else {
|
||||
he->h_addr_list[i] = (char *)&addrp6[i];
|
||||
if (strchr(data, ':') != 0) {
|
||||
if (inet_pton(AF_INET6, data, &addrp6[i]) != 1) {
|
||||
@ -434,6 +441,7 @@ parse_response(int af, nss_XbyY_args_t* argp, struct winbindd_response *response
|
||||
IN6_INADDR_TO_V4MAPPED(&in4, &addrp6[i]);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
data = p+1;
|
||||
}
|
||||
|
||||
@ -481,6 +489,7 @@ _nss_winbind_ipnodes_getbyname(nss_backend_t* be, void *args)
|
||||
AF_INET or for AF_INET6 and AI_ALL|AI_V4MAPPED we have to map
|
||||
IPv4 to IPv6.
|
||||
*/
|
||||
#if defined(AF_INET6)
|
||||
#ifdef HAVE_NSS_XBYY_KEY_IPNODE
|
||||
af = argp->key.ipnode.af_family;
|
||||
if(af == AF_INET6 && argp->key.ipnode.flags == 0) {
|
||||
@ -490,6 +499,7 @@ _nss_winbind_ipnodes_getbyname(nss_backend_t* be, void *args)
|
||||
#else
|
||||
/* I'm not that sure if this is correct, but... */
|
||||
af = AF_INET6;
|
||||
#endif
|
||||
#endif
|
||||
|
||||
strncpy(request.data.winsreq, argp->key.name, sizeof(request.data.winsreq) - 1);
|
||||
@ -539,6 +549,7 @@ _nss_winbind_hosts_getbyaddr(nss_backend_t* be, void *args)
|
||||
ZERO_STRUCT(response);
|
||||
ZERO_STRUCT(request);
|
||||
|
||||
#if defined(AF_INET6)
|
||||
/* winbindd currently does not resolve IPv6 */
|
||||
if(argp->key.hostaddr.type == AF_INET6) {
|
||||
argp->h_errno = NO_DATA;
|
||||
@ -546,7 +557,15 @@ _nss_winbind_hosts_getbyaddr(nss_backend_t* be, void *args)
|
||||
}
|
||||
|
||||
p = inet_ntop(argp->key.hostaddr.type, argp->key.hostaddr.addr,
|
||||
request.data.winsreq, INET6_ADDRSTRLEN);
|
||||
request.data.winsreq, sizeof request.data.winsreq);
|
||||
#else
|
||||
snprintf(request.data.winsreq, sizeof request.data.winsreq,
|
||||
"%u.%u.%u.%u",
|
||||
((unsigned char *)argp->key.hostaddr.addr)[0],
|
||||
((unsigned char *)argp->key.hostaddr.addr)[1],
|
||||
((unsigned char *)argp->key.hostaddr.addr)[2],
|
||||
((unsigned char *)argp->key.hostaddr.addr)[3]);
|
||||
#endif
|
||||
|
||||
ret = winbindd_request_response(WINBINDD_WINS_BYIP, &request, &response);
|
||||
|
||||
|
@ -240,6 +240,7 @@ struct global {
|
||||
int map_to_guest;
|
||||
int oplock_break_wait_time;
|
||||
int winbind_cache_time;
|
||||
int winbind_reconnect_delay;
|
||||
int winbind_max_idle_children;
|
||||
char **szWinbindNssInfo;
|
||||
int iLockSpinTime;
|
||||
@ -4362,6 +4363,15 @@ static struct parm_struct parm_table[] = {
|
||||
.enum_list = NULL,
|
||||
.flags = FLAG_ADVANCED,
|
||||
},
|
||||
{
|
||||
.label = "winbind reconnect delay",
|
||||
.type = P_INTEGER,
|
||||
.p_class = P_GLOBAL,
|
||||
.ptr = &Globals.winbind_reconnect_delay,
|
||||
.special = NULL,
|
||||
.enum_list = NULL,
|
||||
.flags = FLAG_ADVANCED,
|
||||
},
|
||||
{
|
||||
.label = "winbind enum users",
|
||||
.type = P_BOOL,
|
||||
@ -4829,6 +4839,7 @@ static void init_globals(bool first_time_only)
|
||||
Globals.clustering = False;
|
||||
|
||||
Globals.winbind_cache_time = 300; /* 5 minutes */
|
||||
Globals.winbind_reconnect_delay = 30; /* 30 seconds */
|
||||
Globals.bWinbindEnumUsers = False;
|
||||
Globals.bWinbindEnumGroups = False;
|
||||
Globals.bWinbindUseDefaultDomain = False;
|
||||
@ -4839,7 +4850,7 @@ static void init_globals(bool first_time_only)
|
||||
Globals.bWinbindRefreshTickets = False;
|
||||
Globals.bWinbindOfflineLogon = False;
|
||||
|
||||
Globals.iIdmapCacheTime = 900; /* 15 minutes by default */
|
||||
Globals.iIdmapCacheTime = 86400 * 7; /* a week by default */
|
||||
Globals.iIdmapNegativeCacheTime = 120; /* 2 minutes by default */
|
||||
|
||||
Globals.bPassdbExpandExplicit = False;
|
||||
@ -5082,7 +5093,7 @@ FN_GLOBAL_BOOL(lp_winbind_offline_logon, &Globals.bWinbindOfflineLogon)
|
||||
FN_GLOBAL_BOOL(lp_winbind_normalize_names, &Globals.bWinbindNormalizeNames)
|
||||
FN_GLOBAL_BOOL(lp_winbind_rpc_only, &Globals.bWinbindRpcOnly)
|
||||
|
||||
FN_GLOBAL_CONST_STRING(lp_idmap_backend, &Globals.szIdmapBackend) /* deprecated */
|
||||
FN_GLOBAL_CONST_STRING(lp_idmap_backend, &Globals.szIdmapBackend)
|
||||
FN_GLOBAL_STRING(lp_idmap_alloc_backend, &Globals.szIdmapAllocBackend)
|
||||
FN_GLOBAL_INTEGER(lp_idmap_cache_time, &Globals.iIdmapCacheTime)
|
||||
FN_GLOBAL_INTEGER(lp_idmap_negative_cache_time, &Globals.iIdmapNegativeCacheTime)
|
||||
@ -5341,6 +5352,7 @@ FN_LOCAL_INTEGER(lp_directory_name_cache_size, iDirectoryNameCacheSize)
|
||||
FN_LOCAL_INTEGER(lp_smb_encrypt, ismb_encrypt)
|
||||
FN_LOCAL_CHAR(lp_magicchar, magic_char)
|
||||
FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time)
|
||||
FN_GLOBAL_INTEGER(lp_winbind_reconnect_delay, &Globals.winbind_reconnect_delay)
|
||||
FN_GLOBAL_LIST(lp_winbind_nss_info, &Globals.szWinbindNssInfo)
|
||||
FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, &Globals.AlgorithmicRidBase)
|
||||
FN_GLOBAL_INTEGER(lp_name_cache_timeout, &Globals.name_cache_timeout)
|
||||
|
@ -1301,20 +1301,28 @@ static bool legacy_sid_to_gid(const DOM_SID *psid, gid_t *pgid)
|
||||
|
||||
void uid_to_sid(DOM_SID *psid, uid_t uid)
|
||||
{
|
||||
bool expired = true;
|
||||
bool ret;
|
||||
ZERO_STRUCTP(psid);
|
||||
|
||||
if (fetch_sid_from_uid_cache(psid, uid))
|
||||
return;
|
||||
|
||||
if (!winbind_uid_to_sid(psid, uid)) {
|
||||
if (!winbind_ping()) {
|
||||
legacy_uid_to_sid(psid, uid);
|
||||
/* Check the winbindd cache directly. */
|
||||
ret = idmap_cache_find_uid2sid(uid, psid, &expired);
|
||||
|
||||
if (!ret || expired || (ret && is_null_sid(psid))) {
|
||||
/* Not in cache. Ask winbindd. */
|
||||
if (!winbind_uid_to_sid(psid, uid)) {
|
||||
if (!winbind_ping()) {
|
||||
legacy_uid_to_sid(psid, uid);
|
||||
return;
|
||||
}
|
||||
|
||||
DEBUG(5, ("uid_to_sid: winbind failed to find a sid for uid %u\n",
|
||||
uid));
|
||||
return;
|
||||
}
|
||||
|
||||
DEBUG(5, ("uid_to_sid: winbind failed to find a sid for uid %u\n",
|
||||
uid));
|
||||
return;
|
||||
}
|
||||
|
||||
DEBUG(10,("uid %u -> sid %s\n", (unsigned int)uid,
|
||||
@ -1330,25 +1338,33 @@ void uid_to_sid(DOM_SID *psid, uid_t uid)
|
||||
|
||||
void gid_to_sid(DOM_SID *psid, gid_t gid)
|
||||
{
|
||||
bool expired = true;
|
||||
bool ret;
|
||||
ZERO_STRUCTP(psid);
|
||||
|
||||
if (fetch_sid_from_gid_cache(psid, gid))
|
||||
return;
|
||||
|
||||
if (!winbind_gid_to_sid(psid, gid)) {
|
||||
if (!winbind_ping()) {
|
||||
legacy_gid_to_sid(psid, gid);
|
||||
/* Check the winbindd cache directly. */
|
||||
ret = idmap_cache_find_gid2sid(gid, psid, &expired);
|
||||
|
||||
if (!ret || expired || (ret && is_null_sid(psid))) {
|
||||
/* Not in cache. Ask winbindd. */
|
||||
if (!winbind_gid_to_sid(psid, gid)) {
|
||||
if (!winbind_ping()) {
|
||||
legacy_gid_to_sid(psid, gid);
|
||||
return;
|
||||
}
|
||||
|
||||
DEBUG(5, ("gid_to_sid: winbind failed to find a sid for gid %u\n",
|
||||
gid));
|
||||
return;
|
||||
}
|
||||
|
||||
DEBUG(5, ("gid_to_sid: winbind failed to find a sid for gid %u\n",
|
||||
gid));
|
||||
return;
|
||||
}
|
||||
|
||||
DEBUG(10,("gid %u -> sid %s\n", (unsigned int)gid,
|
||||
sid_string_dbg(psid)));
|
||||
|
||||
|
||||
store_gid_sid_cache(psid, gid);
|
||||
return;
|
||||
}
|
||||
@ -1359,6 +1375,8 @@ void gid_to_sid(DOM_SID *psid, gid_t gid)
|
||||
|
||||
bool sid_to_uid(const DOM_SID *psid, uid_t *puid)
|
||||
{
|
||||
bool expired = true;
|
||||
bool ret;
|
||||
uint32 rid;
|
||||
gid_t gid;
|
||||
|
||||
@ -1381,14 +1399,20 @@ bool sid_to_uid(const DOM_SID *psid, uid_t *puid)
|
||||
return true;
|
||||
}
|
||||
|
||||
if (!winbind_sid_to_uid(puid, psid)) {
|
||||
if (!winbind_ping()) {
|
||||
return legacy_sid_to_uid(psid, puid);
|
||||
}
|
||||
/* Check the winbindd cache directly. */
|
||||
ret = idmap_cache_find_sid2uid(psid, puid, &expired);
|
||||
|
||||
DEBUG(5, ("winbind failed to find a uid for sid %s\n",
|
||||
sid_string_dbg(psid)));
|
||||
return false;
|
||||
if (!ret || expired || (ret && (*puid == (uid_t)-1))) {
|
||||
/* Not in cache. Ask winbindd. */
|
||||
if (!winbind_sid_to_uid(puid, psid)) {
|
||||
if (!winbind_ping()) {
|
||||
return legacy_sid_to_uid(psid, puid);
|
||||
}
|
||||
|
||||
DEBUG(5, ("winbind failed to find a uid for sid %s\n",
|
||||
sid_string_dbg(psid)));
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/* TODO: Here would be the place to allocate both a gid and a uid for
|
||||
@ -1408,6 +1432,8 @@ bool sid_to_uid(const DOM_SID *psid, uid_t *puid)
|
||||
|
||||
bool sid_to_gid(const DOM_SID *psid, gid_t *pgid)
|
||||
{
|
||||
bool expired = true;
|
||||
bool ret;
|
||||
uint32 rid;
|
||||
uid_t uid;
|
||||
|
||||
@ -1429,24 +1455,28 @@ bool sid_to_gid(const DOM_SID *psid, gid_t *pgid)
|
||||
return true;
|
||||
}
|
||||
|
||||
/* Ask winbindd if it can map this sid to a gid.
|
||||
* (Idmap will check it is a valid SID and of the right type) */
|
||||
/* Check the winbindd cache directly. */
|
||||
ret = idmap_cache_find_sid2gid(psid, pgid, &expired);
|
||||
|
||||
if ( !winbind_sid_to_gid(pgid, psid) ) {
|
||||
if (!winbind_ping()) {
|
||||
return legacy_sid_to_gid(psid, pgid);
|
||||
if (!ret || expired || (ret && (*pgid == (gid_t)-1))) {
|
||||
/* Not in cache or negative. Ask winbindd. */
|
||||
/* Ask winbindd if it can map this sid to a gid.
|
||||
* (Idmap will check it is a valid SID and of the right type) */
|
||||
|
||||
if ( !winbind_sid_to_gid(pgid, psid) ) {
|
||||
if (!winbind_ping()) {
|
||||
return legacy_sid_to_gid(psid, pgid);
|
||||
}
|
||||
|
||||
DEBUG(10,("winbind failed to find a gid for sid %s\n",
|
||||
sid_string_dbg(psid)));
|
||||
return false;
|
||||
}
|
||||
|
||||
DEBUG(10,("winbind failed to find a gid for sid %s\n",
|
||||
sid_string_dbg(psid)));
|
||||
return false;
|
||||
}
|
||||
|
||||
DEBUG(10,("sid %s -> gid %u\n", sid_string_dbg(psid),
|
||||
(unsigned int)*pgid ));
|
||||
|
||||
store_gid_sid_cache(psid, *pgid);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -979,8 +979,8 @@ static NTSTATUS rpc_api_pipe(struct rpc_pipe_client *cli,
|
||||
|
||||
while(1) {
|
||||
RPC_HDR rhdr;
|
||||
char *ret_data;
|
||||
uint32 ret_data_len;
|
||||
char *ret_data = NULL;
|
||||
uint32 ret_data_len = 0;
|
||||
|
||||
/* Ensure we have enough data for a pdu. */
|
||||
ret = cli_pipe_get_current_pdu(cli, &rhdr, ¤t_pdu);
|
||||
|
@ -521,7 +521,16 @@ NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p,
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
srv_flgs = 0x000001ff;
|
||||
/* 0x000001ff */
|
||||
srv_flgs = NETLOGON_NEG_ACCOUNT_LOCKOUT |
|
||||
NETLOGON_NEG_PERSISTENT_SAMREPL |
|
||||
NETLOGON_NEG_ARCFOUR |
|
||||
NETLOGON_NEG_PROMOTION_COUNT |
|
||||
NETLOGON_NEG_CHANGELOG_BDC |
|
||||
NETLOGON_NEG_FULL_SYNC_REPL |
|
||||
NETLOGON_NEG_MULTIPLE_SIDS |
|
||||
NETLOGON_NEG_REDO |
|
||||
NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL;
|
||||
|
||||
if (lp_server_schannel() != false) {
|
||||
srv_flgs |= NETLOGON_NEG_SCHANNEL;
|
||||
|
@ -268,12 +268,15 @@ bool schedule_aio_read_and_X(connection_struct *conn,
|
||||
a->aio_sigevent.sigev_signo = RT_SIGNAL_AIO;
|
||||
a->aio_sigevent.sigev_value.sival_int = aio_ex->mid;
|
||||
|
||||
become_root();
|
||||
if (SMB_VFS_AIO_READ(fsp,a) == -1) {
|
||||
DEBUG(0,("schedule_aio_read_and_X: aio_read failed. "
|
||||
"Error %s\n", strerror(errno) ));
|
||||
delete_aio_ex(aio_ex);
|
||||
unbecome_root();
|
||||
return False;
|
||||
}
|
||||
unbecome_root();
|
||||
|
||||
DEBUG(10,("schedule_aio_read_and_X: scheduled aio_read for file %s, "
|
||||
"offset %.0f, len = %u (mid = %u)\n",
|
||||
@ -366,13 +369,16 @@ bool schedule_aio_write_and_X(connection_struct *conn,
|
||||
a->aio_sigevent.sigev_signo = RT_SIGNAL_AIO;
|
||||
a->aio_sigevent.sigev_value.sival_int = aio_ex->mid;
|
||||
|
||||
become_root();
|
||||
if (SMB_VFS_AIO_WRITE(fsp,a) == -1) {
|
||||
DEBUG(3,("schedule_aio_wrote_and_X: aio_write failed. "
|
||||
"Error %s\n", strerror(errno) ));
|
||||
delete_aio_ex(aio_ex);
|
||||
unbecome_root();
|
||||
return False;
|
||||
}
|
||||
|
||||
unbecome_root();
|
||||
|
||||
release_level_2_oplocks_on_change(fsp);
|
||||
|
||||
if (!write_through && !lp_syncalways(SNUM(fsp->conn))
|
||||
|
@ -454,6 +454,12 @@ void reply_ntcreate_and_X(struct smb_request *req)
|
||||
(unsigned int)root_dir_fid,
|
||||
fname));
|
||||
|
||||
/*
|
||||
* we need to remove ignored bits when they come directly from the client
|
||||
* because we reuse some of them for internal stuff
|
||||
*/
|
||||
create_options &= ~NTCREATEX_OPTIONS_MUST_IGNORE_MASK;
|
||||
|
||||
/*
|
||||
* If it's an IPC, use the pipe handler.
|
||||
*/
|
||||
@ -858,6 +864,12 @@ static void call_nt_transact_create(connection_struct *conn,
|
||||
allocation_size |= (((SMB_BIG_UINT)IVAL(params,16)) << 32);
|
||||
#endif
|
||||
|
||||
/*
|
||||
* we need to remove ignored bits when they come directly from the client
|
||||
* because we reuse some of them for internal stuff
|
||||
*/
|
||||
create_options &= ~NTCREATEX_OPTIONS_MUST_IGNORE_MASK;
|
||||
|
||||
/* Ensure the data_len is correct for the sd and ea values given. */
|
||||
if ((ea_len + sd_len > data_count)
|
||||
|| (ea_len > data_count) || (sd_len > data_count)
|
||||
|
@ -2560,6 +2560,11 @@ NTSTATUS create_file_unixpath(connection_struct *conn,
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
|
||||
status = NT_STATUS_INVALID_PARAMETER;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if (req == NULL) {
|
||||
oplock_request |= INTERNAL_OPEN_ONLY;
|
||||
}
|
||||
|
@ -3198,8 +3198,9 @@ static void send_file_readX(connection_struct *conn, struct smb_request *req,
|
||||
setup_readX_header((char *)headerbuf, smb_maxcnt);
|
||||
|
||||
if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) {
|
||||
/* Returning ENOSYS means no data at all was sent. Do this as a normal read. */
|
||||
if (errno == ENOSYS) {
|
||||
/* Returning ENOSYS or EINVAL means no data at all was sent.
|
||||
Do this as a normal read. */
|
||||
if (errno == ENOSYS || errno == EINVAL) {
|
||||
goto normal_read;
|
||||
}
|
||||
|
||||
|
@ -1738,16 +1738,19 @@ void reply_sesssetup_and_X(struct smb_request *req)
|
||||
return;
|
||||
}
|
||||
|
||||
nt_status = create_local_token(server_info);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
DEBUG(10, ("create_local_token failed: %s\n",
|
||||
nt_errstr(nt_status)));
|
||||
data_blob_free(&nt_resp);
|
||||
data_blob_free(&lm_resp);
|
||||
data_blob_clear_free(&plaintext_password);
|
||||
reply_nterror(req, nt_status_squash(nt_status));
|
||||
END_PROFILE(SMBsesssetupX);
|
||||
return;
|
||||
if (!server_info->ptok) {
|
||||
nt_status = create_local_token(server_info);
|
||||
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
DEBUG(10, ("create_local_token failed: %s\n",
|
||||
nt_errstr(nt_status)));
|
||||
data_blob_free(&nt_resp);
|
||||
data_blob_free(&lm_resp);
|
||||
data_blob_clear_free(&plaintext_password);
|
||||
reply_nterror(req, nt_status_squash(nt_status));
|
||||
END_PROFILE(SMBsesssetupX);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
data_blob_clear_free(&plaintext_password);
|
||||
|
@ -219,7 +219,7 @@ NTSTATUS rpc_vampire_ldif_internals(struct net_context *c,
|
||||
int rpc_vampire_ldif(struct net_context *c, int argc, const char **argv)
|
||||
{
|
||||
if (c->display_usage) {
|
||||
d_printf("Usage\n"
|
||||
d_printf("Usage:\n"
|
||||
"net rpc vampire ldif\n"
|
||||
" Dump remote SAM database to LDIF file or stdout\n");
|
||||
return 0;
|
||||
@ -343,7 +343,7 @@ int rpc_vampire_keytab(struct net_context *c, int argc, const char **argv)
|
||||
int ret = 0;
|
||||
|
||||
if (c->display_usage) {
|
||||
d_printf("Usage\n"
|
||||
d_printf("Usage:\n"
|
||||
"net rpc vampire keytab\n"
|
||||
" Dump remote SAM database to Kerberos keytab file\n");
|
||||
return 0;
|
||||
|
@ -476,7 +476,7 @@ bool net_find_pdc(struct sockaddr_storage *server_ss,
|
||||
NTSTATUS net_make_ipc_connection(struct net_context *c, unsigned flags,
|
||||
struct cli_state **pcli)
|
||||
{
|
||||
return net_make_ipc_connection_ex(c, NULL, NULL, NULL, flags, pcli);
|
||||
return net_make_ipc_connection_ex(c, c->opt_workgroup, NULL, NULL, flags, pcli);
|
||||
}
|
||||
|
||||
NTSTATUS net_make_ipc_connection_ex(struct net_context *c ,const char *domain,
|
||||
@ -492,7 +492,8 @@ NTSTATUS net_make_ipc_connection_ex(struct net_context *c ,const char *domain,
|
||||
if ( !server || !pss ) {
|
||||
if (!net_find_server(c, domain, flags, &server_ss,
|
||||
&server_name)) {
|
||||
d_fprintf(stderr, "Unable to find a suitable server\n");
|
||||
d_fprintf(stderr, "Unable to find a suitable server "
|
||||
"for domain %s\n", domain);
|
||||
nt_status = NT_STATUS_UNSUCCESSFUL;
|
||||
goto done;
|
||||
}
|
||||
|
@ -1228,9 +1228,9 @@ static struct server_id parse_dest(const char *dest)
|
||||
struct server_id result = {-1};
|
||||
pid_t pid;
|
||||
|
||||
/* Zero is a special return value for broadcast smbd */
|
||||
/* Zero is a special return value for broadcast to all processes */
|
||||
|
||||
if (strequal(dest, "smbd")) {
|
||||
if (strequal(dest, "all")) {
|
||||
return interpret_pid(MSG_BROADCAST_PID_STR);
|
||||
}
|
||||
|
||||
@ -1245,7 +1245,6 @@ static struct server_id parse_dest(const char *dest)
|
||||
dest = "winbindd";
|
||||
}
|
||||
|
||||
|
||||
if (!(strequal(dest, "winbindd") || strequal(dest, "nmbd"))) {
|
||||
/* Check for numeric pid number */
|
||||
|
||||
@ -1266,7 +1265,7 @@ static struct server_id parse_dest(const char *dest)
|
||||
fprintf(stderr,"Can't find pid for destination '%s'\n", dest);
|
||||
|
||||
return result;
|
||||
}
|
||||
}
|
||||
|
||||
/* Execute smbcontrol command */
|
||||
|
||||
|
@ -87,7 +87,7 @@ NTSTATUS idmap_gid_to_sid(const char *domname, DOM_SID *sid, gid_t gid)
|
||||
|
||||
DEBUG(10,("gid = [%lu]\n", (unsigned long)gid));
|
||||
|
||||
if (idmap_cache_find_uid2sid(gid, sid, &expired)) {
|
||||
if (idmap_cache_find_gid2sid(gid, sid, &expired)) {
|
||||
DEBUG(10, ("idmap_cache_find_gid2sid found %d%s\n", gid,
|
||||
expired ? " (expired)": ""));
|
||||
if (expired && idmap_is_online()) {
|
||||
|
@ -153,6 +153,7 @@ struct winbindd_child {
|
||||
|
||||
struct fd_event event;
|
||||
struct timed_event *lockout_policy_event;
|
||||
struct timed_event *machine_password_change_event;
|
||||
struct winbindd_async_request *requests;
|
||||
|
||||
const struct winbindd_child_dispatch_table *table;
|
||||
@ -204,6 +205,7 @@ struct winbindd_domain {
|
||||
uint32_t id_range_low, id_range_high;
|
||||
|
||||
/* A working DC */
|
||||
pid_t dc_probe_pid; /* Child we're using to detect the DC. */
|
||||
fstring dcname;
|
||||
struct sockaddr_storage dcaddr;
|
||||
|
||||
|
@ -8,17 +8,17 @@
|
||||
Copyright (C) Gerald (Jerry) Carter 2003-2005.
|
||||
Copyright (C) Volker Lendecke 2004-2005
|
||||
Copyright (C) Jeremy Allison 2006
|
||||
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
@ -27,14 +27,14 @@
|
||||
We need to manage connections to domain controllers without having to
|
||||
mess up the main winbindd code with other issues. The aim of the
|
||||
connection manager is to:
|
||||
|
||||
|
||||
- make connections to domain controllers and cache them
|
||||
- re-establish connections when networks or servers go down
|
||||
- centralise the policy on connection timeouts, domain controller
|
||||
selection etc
|
||||
- manage re-entrancy for when winbindd becomes able to handle
|
||||
multiple outstanding rpc requests
|
||||
|
||||
|
||||
Why not have connection management as part of the rpc layer like tng?
|
||||
Good question. This code may morph into libsmb/rpc_cache.c or something
|
||||
like that but at the moment it's simply staying as part of winbind. I
|
||||
@ -171,20 +171,33 @@ static bool fork_child_dc_connect(struct winbindd_domain *domain)
|
||||
struct dc_name_ip *dcs = NULL;
|
||||
int num_dcs = 0;
|
||||
TALLOC_CTX *mem_ctx = NULL;
|
||||
pid_t child_pid;
|
||||
pid_t parent_pid = sys_getpid();
|
||||
|
||||
/* Stop zombies */
|
||||
CatchChild();
|
||||
|
||||
child_pid = sys_fork();
|
||||
if (domain->dc_probe_pid != (pid_t)-1) {
|
||||
/*
|
||||
* We might already have a DC probe
|
||||
* child working, check.
|
||||
*/
|
||||
if (process_exists_by_pid(domain->dc_probe_pid)) {
|
||||
DEBUG(10,("fork_child_dc_connect: pid %u already "
|
||||
"checking for DC's.\n",
|
||||
(unsigned int)domain->dc_probe_pid));
|
||||
return true;
|
||||
}
|
||||
domain->dc_probe_pid = (pid_t)-1;
|
||||
}
|
||||
|
||||
if (child_pid == -1) {
|
||||
domain->dc_probe_pid = sys_fork();
|
||||
|
||||
if (domain->dc_probe_pid == (pid_t)-1) {
|
||||
DEBUG(0, ("fork_child_dc_connect: Could not fork: %s\n", strerror(errno)));
|
||||
return False;
|
||||
}
|
||||
|
||||
if (child_pid != 0) {
|
||||
if (domain->dc_probe_pid != (pid_t)0) {
|
||||
/* Parent */
|
||||
messaging_register(winbind_messaging_context(), NULL,
|
||||
MSG_WINBIND_TRY_TO_GO_ONLINE,
|
||||
@ -201,6 +214,11 @@ static bool fork_child_dc_connect(struct winbindd_domain *domain)
|
||||
|
||||
if (!reinit_after_fork(winbind_messaging_context(), true)) {
|
||||
DEBUG(0,("reinit_after_fork() failed\n"));
|
||||
messaging_send_buf(winbind_messaging_context(),
|
||||
pid_to_procid(parent_pid),
|
||||
MSG_WINBIND_FAILED_TO_GO_ONLINE,
|
||||
(uint8 *)domain->name,
|
||||
strlen(domain->name)+1);
|
||||
_exit(0);
|
||||
}
|
||||
|
||||
@ -218,6 +236,11 @@ static bool fork_child_dc_connect(struct winbindd_domain *domain)
|
||||
mem_ctx = talloc_init("fork_child_dc_connect");
|
||||
if (!mem_ctx) {
|
||||
DEBUG(0,("talloc_init failed.\n"));
|
||||
messaging_send_buf(winbind_messaging_context(),
|
||||
pid_to_procid(parent_pid),
|
||||
MSG_WINBIND_FAILED_TO_GO_ONLINE,
|
||||
(uint8 *)domain->name,
|
||||
strlen(domain->name)+1);
|
||||
_exit(0);
|
||||
}
|
||||
|
||||
@ -291,12 +314,12 @@ static void check_domain_online_handler(struct event_context *ctx,
|
||||
|
||||
static void calc_new_online_timeout_check(struct winbindd_domain *domain)
|
||||
{
|
||||
int wbc = lp_winbind_cache_time();
|
||||
int wbr = lp_winbind_reconnect_delay();
|
||||
|
||||
if (domain->startup) {
|
||||
domain->check_online_timeout = 10;
|
||||
} else if (domain->check_online_timeout < wbc) {
|
||||
domain->check_online_timeout = wbc;
|
||||
} else if (domain->check_online_timeout < wbr) {
|
||||
domain->check_online_timeout = wbr;
|
||||
}
|
||||
}
|
||||
|
||||
@ -336,7 +359,7 @@ void set_domain_offline(struct winbindd_domain *domain)
|
||||
}
|
||||
|
||||
/* If we're in statup mode, check again in 10 seconds, not in
|
||||
lp_winbind_cache_time() seconds (which is 5 mins by default). */
|
||||
lp_winbind_reconnect_delay() seconds (which is 30 seconds by default). */
|
||||
|
||||
calc_new_online_timeout_check(domain);
|
||||
|
||||
@ -360,7 +383,7 @@ void set_domain_offline(struct winbindd_domain *domain)
|
||||
|
||||
if ( domain->primary ) {
|
||||
struct winbindd_child *idmap = idmap_child();
|
||||
|
||||
|
||||
if ( idmap->pid != 0 ) {
|
||||
messaging_send_buf(winbind_messaging_context(),
|
||||
pid_to_procid(idmap->pid),
|
||||
@ -439,7 +462,7 @@ static void set_domain_online(struct winbindd_domain *domain)
|
||||
|
||||
if ( domain->primary ) {
|
||||
struct winbindd_child *idmap = idmap_child();
|
||||
|
||||
|
||||
if ( idmap->pid != 0 ) {
|
||||
messaging_send_buf(winbind_messaging_context(),
|
||||
pid_to_procid(idmap->pid),
|
||||
@ -530,7 +553,7 @@ void winbind_add_failed_connection_entry(const struct winbindd_domain *domain,
|
||||
an authenticated connection if DCs have the RestrictAnonymous registry
|
||||
entry set > 0, or the "Additional restrictions for anonymous
|
||||
connections" set in the win2k Local Security Policy.
|
||||
|
||||
|
||||
Caller to free() result in domain, username, password
|
||||
*/
|
||||
|
||||
@ -539,12 +562,12 @@ static void cm_get_ipc_userpass(char **username, char **domain, char **password)
|
||||
*username = (char *)secrets_fetch(SECRETS_AUTH_USER, NULL);
|
||||
*domain = (char *)secrets_fetch(SECRETS_AUTH_DOMAIN, NULL);
|
||||
*password = (char *)secrets_fetch(SECRETS_AUTH_PASSWORD, NULL);
|
||||
|
||||
|
||||
if (*username && **username) {
|
||||
|
||||
if (!*domain || !**domain)
|
||||
*domain = smb_xstrdup(lp_workgroup());
|
||||
|
||||
|
||||
if (!*password || !**password)
|
||||
*password = smb_xstrdup("");
|
||||
|
||||
@ -680,7 +703,7 @@ static NTSTATUS get_trust_creds(const struct winbindd_domain *domain,
|
||||
{
|
||||
const char *account_name;
|
||||
const char *name = NULL;
|
||||
|
||||
|
||||
/* If we are a DC and this is not our own domain */
|
||||
|
||||
if (IS_DC) {
|
||||
@ -690,10 +713,10 @@ static NTSTATUS get_trust_creds(const struct winbindd_domain *domain,
|
||||
|
||||
if (!our_domain)
|
||||
return NT_STATUS_INVALID_SERVER_STATE;
|
||||
|
||||
|
||||
name = our_domain->name;
|
||||
}
|
||||
|
||||
|
||||
if (!get_trust_pw_clear(name, machine_password,
|
||||
&account_name, NULL))
|
||||
{
|
||||
@ -715,7 +738,7 @@ static NTSTATUS get_trust_creds(const struct winbindd_domain *domain,
|
||||
if (!our_domain) {
|
||||
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
|
||||
}
|
||||
|
||||
|
||||
if (asprintf(machine_krb5_principal, "%s$@%s",
|
||||
account_name, our_domain->alt_name) == -1)
|
||||
{
|
||||
@ -852,7 +875,7 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
|
||||
result = ads_ntstatus(ads_status);
|
||||
if (NT_STATUS_IS_OK(result)) {
|
||||
/* Ensure creds are stored for NTLMSSP authenticated pipe access. */
|
||||
cli_init_creds(*cli, machine_account, domain->name, machine_password);
|
||||
cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password);
|
||||
goto session_setup_done;
|
||||
}
|
||||
}
|
||||
@ -877,7 +900,7 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
|
||||
result = ads_ntstatus(ads_status);
|
||||
if (NT_STATUS_IS_OK(result)) {
|
||||
/* Ensure creds are stored for NTLMSSP authenticated pipe access. */
|
||||
cli_init_creds(*cli, machine_account, domain->name, machine_password);
|
||||
cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password);
|
||||
goto session_setup_done;
|
||||
}
|
||||
}
|
||||
@ -914,6 +937,9 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
|
||||
anon_fallback:
|
||||
|
||||
/* Fall back to anonymous connection, this might fail later */
|
||||
DEBUG(10,("cm_prepare_connection: falling back to anonymous "
|
||||
"connection for DC %s\n",
|
||||
controller ));
|
||||
|
||||
if (NT_STATUS_IS_OK(cli_session_setup(*cli, "", NULL, 0,
|
||||
NULL, 0, ""))) {
|
||||
@ -1316,7 +1342,7 @@ static bool find_new_dc(TALLOC_CTX *mem_ctx,
|
||||
|
||||
TALLOC_FREE(dcnames);
|
||||
num_dcnames = 0;
|
||||
|
||||
|
||||
TALLOC_FREE(addrs);
|
||||
num_addrs = 0;
|
||||
|
||||
@ -1342,7 +1368,7 @@ static NTSTATUS cm_open_connection(struct winbindd_domain *domain,
|
||||
|
||||
/* we have to check the server affinity cache here since
|
||||
later we selecte a DC based on response time and not preference */
|
||||
|
||||
|
||||
/* Check the negative connection cache
|
||||
before talking to it. It going down may have
|
||||
triggered the reconnection. */
|
||||
@ -1592,26 +1618,26 @@ static bool set_dc_type_and_flags_trustinfo( struct winbindd_domain *domain )
|
||||
TALLOC_CTX *mem_ctx = NULL;
|
||||
|
||||
DEBUG(5, ("set_dc_type_and_flags_trustinfo: domain %s\n", domain->name ));
|
||||
|
||||
|
||||
/* Our primary domain doesn't need to worry about trust flags.
|
||||
Force it to go through the network setup */
|
||||
if ( domain->primary ) {
|
||||
return False;
|
||||
}
|
||||
|
||||
|
||||
our_domain = find_our_domain();
|
||||
|
||||
|
||||
if ( !connection_ok(our_domain) ) {
|
||||
DEBUG(3,("set_dc_type_and_flags_trustinfo: No connection to our domain!\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
/* This won't work unless our domain is AD */
|
||||
|
||||
|
||||
if ( !our_domain->active_directory ) {
|
||||
return False;
|
||||
}
|
||||
|
||||
|
||||
/* Use DsEnumerateDomainTrusts to get us the trust direction
|
||||
and type */
|
||||
|
||||
@ -1672,13 +1698,13 @@ static bool set_dc_type_and_flags_trustinfo( struct winbindd_domain *domain )
|
||||
|
||||
if ( !winbindd_can_contact_domain( domain) )
|
||||
domain->internal = True;
|
||||
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
talloc_destroy( mem_ctx );
|
||||
|
||||
|
||||
return domain->initialized;
|
||||
}
|
||||
|
||||
@ -1775,7 +1801,7 @@ no_dssetup:
|
||||
|
||||
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
|
||||
SEC_RIGHTS_MAXIMUM_ALLOWED, &pol);
|
||||
|
||||
|
||||
if (NT_STATUS_IS_OK(result)) {
|
||||
/* This particular query is exactly what Win2k clients use
|
||||
to determine that the DC is active directory */
|
||||
@ -1904,6 +1930,10 @@ static bool cm_get_schannel_dcinfo(struct winbindd_domain *domain,
|
||||
/* Return a pointer to the struct dcinfo from the
|
||||
netlogon pipe. */
|
||||
|
||||
if (!domain->conn.netlogon_pipe->dc) {
|
||||
return false;
|
||||
}
|
||||
|
||||
*ppdc = domain->conn.netlogon_pipe->dc;
|
||||
return True;
|
||||
}
|
||||
@ -1930,6 +1960,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* No SAMR pipe yet. Attempt to get an NTLMSSP SPNEGO authenticated
|
||||
* sign and sealed pipe using the machine account password by
|
||||
@ -2303,7 +2334,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
DEBUG(3, ("Could not open schannel'ed NETLOGON pipe. Error "
|
||||
"was %s\n", nt_errstr(result)));
|
||||
|
||||
|
||||
/* make sure we return something besides OK */
|
||||
return !NT_STATUS_IS_OK(result) ? result : NT_STATUS_PIPE_NOT_AVAILABLE;
|
||||
}
|
||||
|
@ -840,6 +840,111 @@ static void account_lockout_policy_handler(struct event_context *ctx,
|
||||
child);
|
||||
}
|
||||
|
||||
static time_t get_machine_password_timeout(void)
|
||||
{
|
||||
/* until we have gpo support use lp setting */
|
||||
return lp_machine_password_timeout();
|
||||
}
|
||||
|
||||
static bool calculate_next_machine_pwd_change(const char *domain,
|
||||
struct timeval *t)
|
||||
{
|
||||
time_t pass_last_set_time;
|
||||
time_t timeout;
|
||||
time_t next_change;
|
||||
char *pw;
|
||||
|
||||
pw = secrets_fetch_machine_password(domain,
|
||||
&pass_last_set_time,
|
||||
NULL);
|
||||
|
||||
if (pw == NULL) {
|
||||
DEBUG(0,("cannot fetch own machine password ????"));
|
||||
return false;
|
||||
}
|
||||
|
||||
SAFE_FREE(pw);
|
||||
|
||||
timeout = get_machine_password_timeout();
|
||||
if (timeout == 0) {
|
||||
DEBUG(10,("machine password never expires\n"));
|
||||
return false;
|
||||
}
|
||||
|
||||
if (time(NULL) < (pass_last_set_time + timeout)) {
|
||||
next_change = pass_last_set_time + timeout;
|
||||
DEBUG(10,("machine password still valid until: %s\n",
|
||||
http_timestring(next_change)));
|
||||
*t = timeval_set(next_change, 0);
|
||||
return true;
|
||||
}
|
||||
|
||||
DEBUG(10,("machine password expired, needs immediate change\n"));
|
||||
|
||||
*t = timeval_zero();
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static void machine_password_change_handler(struct event_context *ctx,
|
||||
struct timed_event *te,
|
||||
const struct timeval *now,
|
||||
void *private_data)
|
||||
{
|
||||
struct winbindd_child *child =
|
||||
(struct winbindd_child *)private_data;
|
||||
struct rpc_pipe_client *netlogon_pipe = NULL;
|
||||
TALLOC_CTX *frame;
|
||||
NTSTATUS result;
|
||||
struct timeval next_change;
|
||||
|
||||
DEBUG(10,("machine_password_change_handler called\n"));
|
||||
|
||||
TALLOC_FREE(child->machine_password_change_event);
|
||||
|
||||
if (!calculate_next_machine_pwd_change(child->domain->name,
|
||||
&next_change)) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!winbindd_can_contact_domain(child->domain)) {
|
||||
DEBUG(10,("machine_password_change_handler: Removing myself since I "
|
||||
"do not have an incoming trust to domain %s\n",
|
||||
child->domain->name));
|
||||
return;
|
||||
}
|
||||
|
||||
result = cm_connect_netlogon(child->domain, &netlogon_pipe);
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
DEBUG(10,("machine_password_change_handler: "
|
||||
"failed to connect netlogon pipe: %s\n",
|
||||
nt_errstr(result)));
|
||||
return;
|
||||
}
|
||||
|
||||
frame = talloc_stackframe();
|
||||
|
||||
result = trust_pw_find_change_and_store_it(netlogon_pipe,
|
||||
frame,
|
||||
child->domain->name);
|
||||
TALLOC_FREE(frame);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
DEBUG(10,("machine_password_change_handler: "
|
||||
"failed to change machine password: %s\n",
|
||||
nt_errstr(result)));
|
||||
} else {
|
||||
DEBUG(10,("machine_password_change_handler: "
|
||||
"successfully changed machine password\n"));
|
||||
}
|
||||
|
||||
child->machine_password_change_event = event_add_timed(winbind_event_context(), NULL,
|
||||
next_change,
|
||||
"machine_password_change_handler",
|
||||
machine_password_change_handler,
|
||||
child);
|
||||
}
|
||||
|
||||
/* Deal with a request to go offline. */
|
||||
|
||||
static void child_msg_offline(struct messaging_context *msg,
|
||||
@ -1138,6 +1243,21 @@ static bool fork_domain_child(struct winbindd_child *child)
|
||||
child);
|
||||
}
|
||||
|
||||
if (child->domain && child->domain->primary &&
|
||||
lp_server_role() == ROLE_DOMAIN_MEMBER) {
|
||||
|
||||
struct timeval next_change;
|
||||
|
||||
if (calculate_next_machine_pwd_change(child->domain->name,
|
||||
&next_change)) {
|
||||
child->machine_password_change_event = event_add_timed(
|
||||
winbind_event_context(), NULL, next_change,
|
||||
"machine_password_change_handler",
|
||||
machine_password_change_handler,
|
||||
child);
|
||||
}
|
||||
}
|
||||
|
||||
while (1) {
|
||||
|
||||
int ret;
|
||||
|
@ -86,10 +86,7 @@ enum winbindd_result winbindd_dual_check_machine_acct(struct winbindd_domain *do
|
||||
"good" : "bad"));
|
||||
|
||||
done:
|
||||
state->response.data.auth.nt_status = NT_STATUS_V(result);
|
||||
fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result));
|
||||
fstrcpy(state->response.data.auth.error_string, nt_errstr(result));
|
||||
state->response.data.auth.pam_error = nt_status_to_pam(result);
|
||||
set_auth_errors(&state->response, result);
|
||||
|
||||
DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("Checking the trust account password returned %s\n",
|
||||
state->response.data.auth.nt_status_string));
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -590,6 +590,7 @@ void winbindd_set_locator_kdc_envs(const struct winbindd_domain *domain);
|
||||
void winbindd_unset_locator_kdc_env(const struct winbindd_domain *domain);
|
||||
void winbindd_set_locator_kdc_envs(const struct winbindd_domain *domain);
|
||||
void winbindd_unset_locator_kdc_env(const struct winbindd_domain *domain);
|
||||
void set_auth_errors(struct winbindd_response *resp, NTSTATUS result);
|
||||
|
||||
/* The following definitions come from winbindd/winbindd_wins.c */
|
||||
|
||||
|
@ -180,11 +180,11 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
|
||||
domain->initialized = False;
|
||||
domain->online = is_internal_domain(sid);
|
||||
domain->check_online_timeout = 0;
|
||||
domain->dc_probe_pid = (pid_t)-1;
|
||||
if (sid) {
|
||||
sid_copy(&domain->sid, sid);
|
||||
}
|
||||
|
||||
|
||||
/* Link to domain list */
|
||||
DLIST_ADD_END(_domain_list, domain, struct winbindd_domain *);
|
||||
|
||||
@ -1544,3 +1544,15 @@ void winbindd_unset_locator_kdc_env(const struct winbindd_domain *domain)
|
||||
}
|
||||
|
||||
#endif /* HAVE_KRB5_LOCATE_PLUGIN_H */
|
||||
|
||||
void set_auth_errors(struct winbindd_response *resp, NTSTATUS result)
|
||||
{
|
||||
resp->data.auth.nt_status = NT_STATUS_V(result);
|
||||
fstrcpy(resp->data.auth.nt_status_string, nt_errstr(result));
|
||||
|
||||
/* we might have given a more useful error above */
|
||||
if (*resp->data.auth.error_string == '\0')
|
||||
fstrcpy(resp->data.auth.error_string,
|
||||
get_friendly_nt_error_msg(result));
|
||||
resp->data.auth.pam_error = nt_status_to_pam(result);
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user