mirror of
https://github.com/samba-team/samba.git
synced 2025-08-03 04:22:09 +03:00
@ -29,7 +29,7 @@ programmers who have contributed.
|
||||
|
||||
The indent utility can be used to format C files in the general
|
||||
samba coding style. The arguments you should give to indent are:
|
||||
-bad -bap -br -ce -cdw -nbc -brs -bbb -nbc -npsl
|
||||
-bad -bap -br -ce -cdw -nbc -brs -bbb -nbc -npsl -ut -i8
|
||||
|
||||
Following are some considerations you should use when adding new code to
|
||||
Samba. First and foremost remember that:
|
||||
|
@ -18,9 +18,11 @@ LDFLAGS=@LDFLAGS@
|
||||
LDSHFLAGS=@LDSHFLAGS@ @LDFLAGS@ @CFLAGS@
|
||||
AWK=@AWK@
|
||||
DYNEXP=@DYNEXP@
|
||||
PYTHON=@PYTHON@
|
||||
|
||||
TERMLDFLAGS=@TERMLDFLAGS@
|
||||
TERMLIBS=@TERMLIBS@
|
||||
PRINTLIBS=@PRINTLIBS@
|
||||
|
||||
LINK=$(CC) $(FLAGS) $(LDFLAGS)
|
||||
|
||||
@ -106,7 +108,7 @@ LPROGS = $(WINBIND_PAM_PROGS) $(WINBIND_LPROGS)
|
||||
|
||||
PROGS = $(PROGS1) $(PROGS2) $(MPROGS) bin/nmblookup bin/pdbedit bin/smbgroupedit
|
||||
TORTURE_PROGS = bin/smbtorture bin/msgtest bin/masktest bin/locktest \
|
||||
bin/locktest2 bin/nsstest
|
||||
bin/locktest2 bin/nsstest bin/vfstest
|
||||
SHLIBS = @LIBSMBCLIENT@
|
||||
|
||||
SCRIPTS = $(srcdir)/script/smbtar $(srcdir)/script/addtosmbpass $(srcdir)/script/convert_smbpasswd \
|
||||
@ -124,7 +126,7 @@ TDB_OBJ = $(TDBBASE_OBJ) tdb/tdbutil.o
|
||||
LIB_OBJ = lib/charcnv.o lib/debug.o lib/fault.o \
|
||||
lib/getsmbpass.o lib/interface.o lib/md4.o \
|
||||
lib/interfaces.o lib/pidfile.o lib/replace.o \
|
||||
lib/signal.o lib/system.o lib/time.o \
|
||||
lib/signal.o lib/system.o lib/sendfile.o lib/time.o \
|
||||
lib/ufc.o lib/genrand.o lib/username.o \
|
||||
lib/util_getent.o lib/util_pw.o lib/access.o lib/smbrun.o \
|
||||
lib/bitmap.o lib/crc32.o lib/snprintf.o lib/dprintf.o \
|
||||
@ -134,11 +136,11 @@ LIB_OBJ = lib/charcnv.o lib/debug.o lib/fault.o \
|
||||
lib/util.o lib/util_sock.o lib/util_sec.o \
|
||||
lib/talloc.o lib/hash.o lib/substitute.o lib/fsusage.o \
|
||||
lib/ms_fnmatch.o lib/select.o lib/error.o lib/messages.o \
|
||||
lib/server_mutex.o lib/tallocmsg.o lib/dmallocmsg.o \
|
||||
lib/tallocmsg.o lib/dmallocmsg.o \
|
||||
lib/md5.o lib/hmacmd5.o lib/iconv.o lib/smbpasswd.o \
|
||||
nsswitch/wb_client.o nsswitch/wb_common.o \
|
||||
lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \
|
||||
lib/adt_tree.o lib/popt_common.o $(TDB_OBJ)
|
||||
lib/adt_tree.o lib/popt_common.o lib/gencache.o $(TDB_OBJ)
|
||||
|
||||
LIB_SMBD_OBJ = lib/system_smbd.o lib/util_smbd.o
|
||||
|
||||
@ -152,7 +154,7 @@ PARAM_OBJ = param/loadparm.o param/params.o dynconfig.o
|
||||
LIBADS_OBJ = libads/ldap.o libads/ldap_printer.o libads/sasl.o \
|
||||
libads/krb5_setpw.o libads/kerberos.o libads/ldap_user.o \
|
||||
libads/ads_struct.o libads/ads_status.o \
|
||||
libads/disp_sec.o
|
||||
libads/disp_sec.o libads/ads_utils.o
|
||||
|
||||
LIBADS_SERVER_OBJ = libads/util.o libads/kerberos_verify.o
|
||||
|
||||
@ -180,6 +182,7 @@ LIBMSRPC_SERVER_OBJ = libsmb/trust_passwd.o
|
||||
|
||||
LIBMSRPC_PICOBJ = $(LIBMSRPC_OBJ:.o=.po)
|
||||
|
||||
REGOBJS_OBJ = registry/reg_objects.o
|
||||
REGISTRY_OBJ = registry/reg_frontend.o registry/reg_cachehook.o registry/reg_printing.o \
|
||||
registry/reg_db.o
|
||||
|
||||
@ -190,7 +193,7 @@ RPC_SERVER_OBJ = rpc_server/srv_lsa.o rpc_server/srv_lsa_nt.o \
|
||||
rpc_server/srv_srvsvc.o rpc_server/srv_srvsvc_nt.o \
|
||||
rpc_server/srv_util.o rpc_server/srv_wkssvc.o rpc_server/srv_wkssvc_nt.o \
|
||||
rpc_server/srv_pipe.o rpc_server/srv_dfs.o rpc_server/srv_dfs_nt.o \
|
||||
rpc_server/srv_spoolss.o rpc_server/srv_spoolss_nt.o $(REGISTRY_OBJ)
|
||||
rpc_server/srv_spoolss.o rpc_server/srv_spoolss_nt.o
|
||||
|
||||
# this includes only the low level parse code, not stuff
|
||||
# that requires knowledge of security contexts
|
||||
@ -201,7 +204,8 @@ RPC_PARSE_OBJ = rpc_parse/parse_lsa.o rpc_parse/parse_net.o \
|
||||
rpc_parse/parse_reg.o rpc_parse/parse_rpc.o \
|
||||
rpc_parse/parse_samr.o rpc_parse/parse_srv.o \
|
||||
rpc_parse/parse_wks.o \
|
||||
rpc_parse/parse_spoolss.o rpc_parse/parse_dfs.o
|
||||
rpc_parse/parse_spoolss.o rpc_parse/parse_dfs.o \
|
||||
$(REGOBJS_OBJ)
|
||||
|
||||
|
||||
RPC_CLIENT_OBJ = rpc_client/cli_pipe.o
|
||||
@ -213,8 +217,15 @@ PASSDB_GET_SET_OBJ = passdb/pdb_get_set.o
|
||||
PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \
|
||||
passdb/machine_sid.o passdb/pdb_smbpasswd.o \
|
||||
passdb/pdb_tdb.o passdb/pdb_ldap.o passdb/pdb_plugin.o \
|
||||
passdb/pdb_nisplus.o passdb/pdb_unix.o passdb/util_sam_sid.o \
|
||||
passdb/pdb_compat.o
|
||||
passdb/pdb_unix.o passdb/util_sam_sid.o \
|
||||
passdb/pdb_compat.o passdb/pdb_nisplus.o
|
||||
|
||||
SAM_STATIC_MODULES = sam/sam_plugin.o
|
||||
|
||||
SAM_OBJ = sam/account.o sam/get_set_account.o sam/get_set_group.o \
|
||||
sam/get_set_domain.o sam/interface.o sam/api.o $(SAM_STATIC_MODULES)
|
||||
|
||||
SAMTEST_OBJ = torture/samtest.o torture/cmd_sam.o $(SAM_OBJ) $(LIB_OBJ) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(READLINE_OBJ) lib/util_seaccess.o $(LIBADS_OBJ) $(PASSDB_OBJ) $(SECRETS_OBJ) $(GROUPDB_OBJ)
|
||||
|
||||
GROUPDB_OBJ = groupdb/mapping.o
|
||||
|
||||
@ -232,11 +243,14 @@ UNIGRP_OBJ = libsmb/netlogon_unigrp.o
|
||||
|
||||
AUTH_OBJ = auth/auth.o auth/auth_sam.o auth/auth_server.o auth/auth_domain.o \
|
||||
auth/auth_rhosts.o auth/auth_unix.o auth/auth_util.o auth/auth_winbind.o \
|
||||
auth/auth_builtin.o auth/auth_compat.o $(PLAINTEXT_AUTH_OBJ) $(UNIGRP_OBJ)
|
||||
auth/auth_builtin.o auth/auth_compat.o \
|
||||
$(PLAINTEXT_AUTH_OBJ) $(UNIGRP_OBJ)
|
||||
|
||||
MANGLE_OBJ = smbd/mangle.o smbd/mangle_hash.o smbd/mangle_map.o smbd/mangle_hash2.o
|
||||
|
||||
SMBD_OBJ1 = smbd/server.o smbd/files.o smbd/chgpasswd.o smbd/connection.o \
|
||||
SMBD_OBJ_MAIN = smbd/server.o
|
||||
|
||||
SMBD_OBJ_SRV = smbd/files.o smbd/chgpasswd.o smbd/connection.o \
|
||||
smbd/utmp.o smbd/session.o \
|
||||
smbd/dfree.o smbd/dir.o smbd/password.o smbd/conn.o smbd/fileio.o \
|
||||
smbd/ipc.o smbd/lanman.o smbd/negprot.o \
|
||||
@ -245,13 +259,22 @@ SMBD_OBJ1 = smbd/server.o smbd/files.o smbd/chgpasswd.o smbd/connection.o \
|
||||
smbd/dosmode.o smbd/filename.o smbd/open.o smbd/close.o \
|
||||
smbd/blocking.o smbd/sec_ctx.o \
|
||||
smbd/vfs.o smbd/vfs-wrap.o smbd/statcache.o \
|
||||
smbd/posix_acls.o lib/sysacls.o \
|
||||
smbd/posix_acls.o lib/sysacls.o lib/server_mutex.o \
|
||||
smbd/process.o smbd/service.o smbd/error.o \
|
||||
printing/printfsp.o lib/util_seaccess.o smbd/srvstr.o \
|
||||
smbd/build_options.o \
|
||||
smbd/change_trust_pw.o \
|
||||
$(MANGLE_OBJ)
|
||||
|
||||
SMBD_OBJ_BASE = $(SMBD_OBJ_SRV) $(MSDFS_OBJ) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \
|
||||
$(RPC_SERVER_OBJ) $(RPC_PARSE_OBJ) $(SECRETS_OBJ) \
|
||||
$(LOCKING_OBJ) $(PASSDB_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) \
|
||||
$(LIB_OBJ) $(PRINTBACKEND_OBJ) $(QUOTAOBJS) $(OPLOCK_OBJ) \
|
||||
$(NOTIFY_OBJ) $(GROUPDB_OBJ) $(AUTH_OBJ) \
|
||||
$(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) \
|
||||
$(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) \
|
||||
$(LIB_SMBD_OBJ) $(REGISTRY_OBJ)
|
||||
|
||||
|
||||
PRINTING_OBJ = printing/pcap.o printing/print_svid.o \
|
||||
printing/print_cups.o printing/print_generic.o \
|
||||
@ -261,15 +284,7 @@ PRINTBACKEND_OBJ = printing/printing.o printing/nt_printing.o printing/notify.o
|
||||
|
||||
MSDFS_OBJ = msdfs/msdfs.o
|
||||
|
||||
SMBD_OBJ = $(SMBD_OBJ1) $(MSDFS_OBJ) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \
|
||||
$(RPC_SERVER_OBJ) $(RPC_PARSE_OBJ) $(SECRETS_OBJ) \
|
||||
$(LOCKING_OBJ) $(PASSDB_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) \
|
||||
$(LIB_OBJ) $(PRINTBACKEND_OBJ) $(QUOTAOBJS) $(OPLOCK_OBJ) \
|
||||
$(NOTIFY_OBJ) $(GROUPDB_OBJ) $(AUTH_OBJ) \
|
||||
$(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) \
|
||||
$(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) \
|
||||
$(LIB_SMBD_OBJ)
|
||||
|
||||
SMBD_OBJ = $(SMBD_OBJ_MAIN) $(SMBD_OBJ_BASE)
|
||||
|
||||
NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \
|
||||
nmbd/nmbd_become_lmb.o nmbd/nmbd_browserdb.o \
|
||||
@ -343,13 +358,6 @@ RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \
|
||||
$(READLINE_OBJ) $(GROUPDB_OBJ) \
|
||||
$(LIBADS_OBJ) $(SECRETS_OBJ)
|
||||
|
||||
SAMSYNC_OBJ1 = rpcclient/samsync.o rpcclient/display_sec.o
|
||||
|
||||
SAMSYNC_OBJ = $(SAMSYNC_OBJ1) \
|
||||
$(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
|
||||
$(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(LIBMSRPC_OBJ) \
|
||||
$(GROUPDB_OBJ) $(SECRETS_OBJ)
|
||||
|
||||
PAM_WINBIND_OBJ = nsswitch/pam_winbind.po nsswitch/wb_common.po lib/snprintf.po
|
||||
|
||||
SMBW_OBJ1 = smbwrapper/smbw.o \
|
||||
@ -373,12 +381,13 @@ CLIENT_OBJ1 = client/client.o client/clitar.o
|
||||
CLIENT_OBJ = $(CLIENT_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
|
||||
$(READLINE_OBJ)
|
||||
|
||||
NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_help.o \
|
||||
utils/net_rap.o utils/net_rpc.o \
|
||||
utils/net_rpc_join.o utils/net_time.o utils/net_lookup.o
|
||||
NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_ads_cldap.o utils/net_help.o \
|
||||
utils/net_rap.o utils/net_rpc.o utils/net_rpc_samsync.o \
|
||||
utils/net_rpc_join.o utils/net_time.o utils/net_lookup.o \
|
||||
utils/net_cache.o
|
||||
|
||||
NET_OBJ = $(NET_OBJ1) $(SECRETS_OBJ) $(LIBSMB_OBJ) \
|
||||
$(RPC_PARSE_OBJ) $(PASSDB_GET_SET_OBJ) \
|
||||
$(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
|
||||
$(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
|
||||
$(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) \
|
||||
$(LIBADS_OBJ) $(LIBADS_SERVER_OBJ)
|
||||
@ -414,6 +423,8 @@ LOCKTEST_OBJ = torture/locktest.o $(LOCKING_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) \
|
||||
NSSTEST_OBJ = torture/nsstest.o $(LIBSMB_OBJ) $(PARAM_OBJ) \
|
||||
$(UBIQX_OBJ) $(LIB_OBJ)
|
||||
|
||||
VFSTEST_OBJ = torture/cmd_vfs.o torture/vfstest.o $(SMBD_OBJ_BASE) $(READLINE_OBJ)
|
||||
|
||||
LOCKTEST2_OBJ = torture/locktest2.o $(LOCKING_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) \
|
||||
$(UBIQX_OBJ) $(LIB_OBJ)
|
||||
|
||||
@ -438,15 +449,16 @@ DEBUG2HTML_OBJ = utils/debug2html.o ubiqx/debugparse.o
|
||||
SMBFILTER_OBJ = utils/smbfilter.o $(LIBSMB_OBJ) $(PARAM_OBJ) \
|
||||
$(UBIQX_OBJ) $(LIB_OBJ)
|
||||
|
||||
PROTO_OBJ = $(SMBD_OBJ1) $(NMBD_OBJ1) $(SWAT_OBJ1) $(LIB_OBJ) $(LIBSMB_OBJ) \
|
||||
$(SMBWRAPPER_OBJ1) $(SMBTORTURE_OBJ1) $(RPCCLIENT_OBJ1) \
|
||||
PROTO_OBJ = $(SMBD_OBJ_MAIN) \
|
||||
$(SMBD_OBJ_SRV) $(NMBD_OBJ1) $(SWAT_OBJ1) $(LIB_OBJ) $(LIBSMB_OBJ) \
|
||||
$(SMBW_OBJ1) $(SMBWRAPPER_OBJ1) $(SMBTORTURE_OBJ1) $(RPCCLIENT_OBJ1) \
|
||||
$(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) $(RPC_CLIENT_OBJ) \
|
||||
$(RPC_SERVER_OBJ) $(RPC_PARSE_OBJ) \
|
||||
$(AUTH_OBJ) $(PARAM_OBJ) $(LOCKING_OBJ) $(SECRETS_OBJ) \
|
||||
$(PRINTING_OBJ) $(PRINTBACKEND_OBJ) $(OPLOCK_OBJ) $(NOTIFY_OBJ) \
|
||||
$(QUOTAOBJS) $(PASSDB_OBJ) $(GROUPDB_OBJ) $(MSDFS_OBJ) \
|
||||
$(READLINE_OBJ) $(PROFILE_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) \
|
||||
$(LIB_SMBD_OBJ)
|
||||
$(LIB_SMBD_OBJ) $(SAM_OBJ) $(REGISTRY_OBJ)
|
||||
|
||||
NSS_OBJ_0 = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) $(LIBSMB_OBJ) \
|
||||
$(LIB_OBJ) $(NSSWINS_OBJ)
|
||||
@ -534,7 +546,7 @@ nsswitch : SHOWFLAGS $(WINBIND_PROGS) $(WINBIND_SPROGS) $(LPROGS)
|
||||
|
||||
wins : SHOWFLAGS nsswitch/libnss_wins.so
|
||||
|
||||
everything: all libsmbclient debug2html smbfilter talloctort bin/samsync bin/make_printerdef
|
||||
everything: all libsmbclient debug2html smbfilter talloctort bin/make_printerdef
|
||||
|
||||
.SUFFIXES:
|
||||
.SUFFIXES: .c .o .po .po32 .lo
|
||||
@ -605,7 +617,7 @@ bin/.dummy:
|
||||
|
||||
bin/smbd: $(SMBD_OBJ) bin/.dummy
|
||||
@echo Linking $@
|
||||
@$(CC) $(FLAGS) -o $@ $(SMBD_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS)
|
||||
@$(CC) $(FLAGS) -o $@ $(SMBD_OBJ) $(LDFLAGS) $(DYNEXP) $(PRINTLIBS) $(LIBS)
|
||||
|
||||
bin/nmbd: $(NMBD_OBJ) bin/.dummy
|
||||
@echo Linking $@
|
||||
@ -617,16 +629,12 @@ bin/wrepld: $(WREPL_OBJ) bin/.dummy
|
||||
|
||||
bin/swat: $(SWAT_OBJ) bin/.dummy
|
||||
@echo Linking $@
|
||||
@$(CC) $(FLAGS) -o $@ $(SWAT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS)
|
||||
@$(CC) $(FLAGS) -o $@ $(SWAT_OBJ) $(LDFLAGS) $(DYNEXP) $(PRINTLIBS) $(LIBS)
|
||||
|
||||
bin/rpcclient: $(RPCCLIENT_OBJ) @BUILD_POPT@ bin/.dummy
|
||||
@echo Linking $@
|
||||
@$(CC) $(FLAGS) -o $@ $(RPCCLIENT_OBJ) $(LDFLAGS) $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) @BUILD_POPT@
|
||||
|
||||
bin/samsync: $(SAMSYNC_OBJ) bin/.dummy
|
||||
@echo Linking $@
|
||||
@$(CC) $(FLAGS) -o $@ $(SAMSYNC_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS)
|
||||
|
||||
bin/smbclient: $(CLIENT_OBJ) bin/.dummy
|
||||
@echo Linking $@
|
||||
@$(CC) $(FLAGS) -o $@ $(CLIENT_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS)
|
||||
@ -657,7 +665,7 @@ bin/testparm: $(TESTPARM_OBJ) bin/.dummy
|
||||
|
||||
bin/testprns: $(TESTPRNS_OBJ) bin/.dummy
|
||||
@echo Linking $@
|
||||
@$(CC) $(FLAGS) -o $@ $(TESTPRNS_OBJ) $(LDFLAGS) $(LIBS)
|
||||
@$(CC) $(FLAGS) -o $@ $(TESTPRNS_OBJ) $(LDFLAGS) $(PRINTLIBS) $(LIBS)
|
||||
|
||||
bin/smbstatus: $(STATUS_OBJ) @BUILD_POPT@ bin/.dummy
|
||||
@echo Linking $@
|
||||
@ -679,6 +687,10 @@ bin/pdbedit: $(PDBEDIT_OBJ) bin/.dummy
|
||||
@echo Linking $@
|
||||
@$(CC) $(FLAGS) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @BUILD_POPT@
|
||||
|
||||
bin/samtest: $(SAMTEST_OBJ) bin/.dummy
|
||||
@echo Linking $@
|
||||
@$(CC) $(FLAGS) -o $@ $(SAMTEST_OBJ) $(LDFLAGS) $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(LIBS) @BUILD_POPT@
|
||||
|
||||
bin/smbgroupedit: $(SMBGROUPEDIT_OBJ) bin/.dummy
|
||||
@echo Linking $@
|
||||
@$(CC) $(FLAGS) -o $@ $(SMBGROUPEDIT_OBJ) $(LDFLAGS) $(LIBS)
|
||||
@ -719,6 +731,10 @@ bin/nsstest: $(NSSTEST_OBJ) bin/.dummy
|
||||
@echo Linking $@
|
||||
@$(CC) $(FLAGS) -o $@ $(NSSTEST_OBJ) $(LDFLAGS) $(LIBS)
|
||||
|
||||
bin/vfstest: $(VFSTEST_OBJ) bin/.dummy
|
||||
@echo Linking $@
|
||||
@$(CC) $(FLAGS) -o $@ $(VFSTEST_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(PRINTLIBS) $(LIBS) @BUILD_POPT@
|
||||
|
||||
bin/locktest2: $(LOCKTEST2_OBJ) bin/.dummy
|
||||
@echo Linking $@
|
||||
@$(CC) $(FLAGS) -o $@ $(LOCKTEST2_OBJ) $(LDFLAGS) $(LIBS)
|
||||
@ -802,10 +818,6 @@ bin/pam_smbpass.@SHLIBEXT@: $(PAM_SMBPASS_PICOOBJ)
|
||||
bin/libmsrpc.a: $(LIBMSRPC_PICOBJ)
|
||||
-$(AR) -rc $@ $(LIBMSRPC_PICOBJ)
|
||||
|
||||
bin/spamsync: rpcclient/samsync.o bin/libmsrpc.a
|
||||
@$(LINK) -o $@ rpcclient/samsync.o bin/libmsrpc.a \
|
||||
$(UBIQX_OBJ) $(LIBS)
|
||||
|
||||
bin/tdbbackup: $(TDBBACKUP_OBJ) bin/.dummy
|
||||
@echo Linking $@
|
||||
@$(CC) $(FLAGS) -o $@ $(TDBBACKUP_OBJ)
|
||||
@ -836,6 +848,53 @@ installclientlib:
|
||||
-$(INSTALLCMD) -d ${prefix}/include
|
||||
-$(INSTALLCMD) include/libsmbclient.h ${prefix}/include
|
||||
|
||||
# Python extensions
|
||||
|
||||
PYTHON_OBJS = $(LIB_OBJ) $(LIBSMB_OBJ) $(RPC_PARSE_OBJ) $(UBIQX_OBJ) \
|
||||
$(PARAM_OBJ) $(LIBMSRPC_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) $(SECRETS_OBJ)
|
||||
|
||||
PY_SPOOLSS_PROTO_OBJ = python/py_spoolss.o \
|
||||
python/py_spoolss_printers.o python/py_spoolss_printers_conv.o\
|
||||
python/py_spoolss_forms.o python/py_spoolss_forms_conv.o \
|
||||
python/py_spoolss_ports.o python/py_spoolss_ports_conv.o \
|
||||
python/py_spoolss_drivers.o python/py_spoolss_drivers_conv.o \
|
||||
python/py_spoolss_jobs.o python/py_spoolss_jobs_conv.o \
|
||||
python/py_spoolss_printerdata.o
|
||||
|
||||
PY_LSA_PROTO_OBJ = python/py_lsa.o
|
||||
|
||||
PY_COMMON_PROTO_OBJ = python/py_common.c python/py_ntsec.c
|
||||
|
||||
python_proto: python_spoolss_proto python_lsa_proto python_common_proto
|
||||
|
||||
python_spoolss_proto:
|
||||
@cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \
|
||||
-h _PY_SPOOLSS_PROTO_H python/py_spoolss_proto.h \
|
||||
$(PY_SPOOLSS_PROTO_OBJ)
|
||||
|
||||
python_lsa_proto:
|
||||
@cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \
|
||||
-h _PY_LSA_PROTO_H python/py_lsa_proto.h \
|
||||
$(PY_LSA_PROTO_OBJ)
|
||||
|
||||
python_common_proto:
|
||||
@cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \
|
||||
-h _PY_COMMON_PROTO_H python/py_common_proto.h \
|
||||
$(PY_COMMON_PROTO_OBJ)
|
||||
|
||||
python_ext: $(PYTHON_OBJS)
|
||||
PYTHON_OBJS="$(PYTHON_OBJS)" PYTHON_CFLAGS="$(CFLAGS) $(CPPFLAGS) $(FLAGS)" \
|
||||
LIBS="$(LIBS)" \
|
||||
$(PYTHON) python/setup.py build
|
||||
|
||||
python_install: $(PYTHON_OBJS)
|
||||
PYTHON_OBJS="$(PYTHON_OBJS)" PYTHON_CFLAGS="$(CFLAGS) $(CPPFLAGS)" \
|
||||
LIBS="$(LIBS)" \
|
||||
$(PYTHON) python/setup.py install
|
||||
|
||||
python_clean:
|
||||
@if test -n "$(PYTHON)"; then $(PYTHON) python/setup.py clean; fi
|
||||
|
||||
# revert to the previously installed version
|
||||
revert:
|
||||
@$(SHELL) $(srcdir)/script/revert.sh $(SBINDIR) $(SPROGS)
|
||||
@ -871,7 +930,7 @@ uninstallscripts:
|
||||
# Toplevel clean files
|
||||
TOPFILES=dynconfig.o dynconfig.po
|
||||
|
||||
clean: delheaders
|
||||
clean: delheaders python_clean
|
||||
-rm -f core */*~ *~ */*.o */*.po */*.po32 */*.@SHLIBEXT@ \
|
||||
$(TOPFILES) $(PROGS) $(SPROGS) .headers.stamp
|
||||
|
||||
@ -949,7 +1008,7 @@ etags:
|
||||
ctags:
|
||||
ctags `find $(srcdir) -name "*.[ch]" | grep -v /CVS/`
|
||||
|
||||
realclean: clean
|
||||
realclean: clean delheaders
|
||||
-rm -f config.log $(PROGS) $(SPROGS) bin/.dummy
|
||||
-rmdir bin
|
||||
|
||||
|
@ -166,6 +166,7 @@
|
||||
#undef MMAP_BLACKLIST
|
||||
#undef HAVE_IMMEDIATE_STRUCTURES
|
||||
#undef HAVE_CUPS
|
||||
#undef WITH_SAM
|
||||
#undef WITH_LDAP_SAM
|
||||
#undef WITH_NISPLUS_SAM
|
||||
#undef WITH_TDB_SAM
|
||||
@ -186,6 +187,7 @@
|
||||
#undef HAVE_LDAP
|
||||
#undef HAVE_STAT_ST_BLOCKS
|
||||
#undef STAT_ST_BLOCKSIZE
|
||||
#undef HAVE_STAT_ST_BLKSIZE
|
||||
#undef HAVE_DEVICE_MAJOR_FN
|
||||
#undef HAVE_DEVICE_MINOR_FN
|
||||
#undef HAVE_PASSWD_PW_COMMENT
|
||||
@ -220,4 +222,11 @@
|
||||
#endif
|
||||
|
||||
#undef LDAP_SET_REBIND_PROC_ARGS
|
||||
|
||||
#undef HAVE_SENDFILE
|
||||
#undef HAVE_SENDFILE64
|
||||
#undef LINUX_SENDFILE_API
|
||||
#undef LINUX_BROKEN_SENDFILE_API
|
||||
#undef WITH_SENDFILE
|
||||
#undef FREEBSD_SENDFILE_API
|
||||
#undef HPUX_SENDFILE_API
|
||||
#undef WITH_ADS
|
||||
|
@ -41,13 +41,8 @@ static NTSTATUS check_guest_security(const struct auth_context *auth_context,
|
||||
NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
|
||||
|
||||
if (!(user_info->internal_username.str
|
||||
&& *user_info->internal_username.str)) {
|
||||
if (make_server_info_guest(server_info)) {
|
||||
nt_status = NT_STATUS_OK;
|
||||
} else {
|
||||
nt_status = NT_STATUS_NO_SUCH_USER;
|
||||
}
|
||||
}
|
||||
&& *user_info->internal_username.str))
|
||||
nt_status = make_server_info_guest(server_info);
|
||||
|
||||
return nt_status;
|
||||
}
|
||||
@ -194,7 +189,7 @@ NTSTATUS auth_init_plugin(struct auth_context *auth_context, const char *param,
|
||||
trim_string(plugin_name, " ", " ");
|
||||
|
||||
DEBUG(5, ("Trying to load auth plugin %s\n", plugin_name));
|
||||
dl_handle = sys_dlopen(plugin_name, RTLD_NOW | RTLD_GLOBAL );
|
||||
dl_handle = sys_dlopen(plugin_name, RTLD_NOW );
|
||||
if (!dl_handle) {
|
||||
DEBUG(0, ("Failed to load auth plugin %s using sys_dlopen (%s)\n", plugin_name, sys_dlerror()));
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
|
@ -48,7 +48,7 @@ static NTSTATUS ads_resolve_dc(fstring remote_machine,
|
||||
|
||||
DEBUG(4,("ads_resolve_dc: realm=%s\n", ads->config.realm));
|
||||
|
||||
ads->auth.no_bind = 1;
|
||||
ads->auth.flags |= ADS_AUTH_NO_BIND;
|
||||
|
||||
#ifdef HAVE_ADS
|
||||
/* a full ads_connect() is actually overkill, as we don't srictly need
|
||||
@ -131,6 +131,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli,
|
||||
struct in_addr dest_ip;
|
||||
fstring remote_machine;
|
||||
NTSTATUS result;
|
||||
uint32 neg_flags = 0x000001ff;
|
||||
|
||||
if (lp_security() == SEC_ADS) {
|
||||
result = ads_resolve_dc(remote_machine, &dest_ip);
|
||||
@ -206,7 +207,7 @@ machine %s. Error was : %s.\n", remote_machine, cli_errstr(*cli)));
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
result = cli_nt_setup_creds(*cli, sec_chan, trust_passwd);
|
||||
result = cli_nt_setup_creds(*cli, sec_chan, trust_passwd, &neg_flags, 2);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
DEBUG(0,("connect_to_domain_password_server: unable to setup the PDC credentials to machine \
|
||||
@ -250,7 +251,7 @@ static NTSTATUS attempt_connect_to_dc(struct cli_state **cli,
|
||||
}
|
||||
|
||||
/***********************************************************************
|
||||
We have been asked to dynamcially determine the IP addresses of
|
||||
We have been asked to dynamically determine the IP addresses of
|
||||
the PDC and BDC's for DOMAIN, and query them in turn.
|
||||
************************************************************************/
|
||||
static NTSTATUS find_connect_pdc(struct cli_state **cli,
|
||||
|
@ -106,7 +106,10 @@ static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB ntv2_response,
|
||||
client_key_data = data_blob(ntv2_response.data+16, ntv2_response.length-16);
|
||||
memcpy(client_response, ntv2_response.data, sizeof(client_response));
|
||||
|
||||
ntv2_owf_gen(part_passwd, user, domain, kr);
|
||||
if (!ntv2_owf_gen(part_passwd, user, domain, kr)) {
|
||||
return False;
|
||||
}
|
||||
|
||||
SMBOWFencrypt_ntv2(kr, sec_blob, client_key_data, value_from_encryption);
|
||||
if (user_sess_key != NULL)
|
||||
{
|
||||
@ -233,17 +236,17 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
|
||||
return NT_STATUS_OK;
|
||||
} else {
|
||||
if (lp_ntlm_auth()) {
|
||||
/* Apparently NT accepts NT responses in the LM feild
|
||||
- I think this is related to Win9X pass-though authenticaion
|
||||
/* Apparently NT accepts NT responses in the LM field
|
||||
- I think this is related to Win9X pass-though authentication
|
||||
*/
|
||||
DEBUG(4,("sam_password_ok: Checking NT MD4 password in LM feild\n"));
|
||||
DEBUG(4,("sam_password_ok: Checking NT MD4 password in LM field\n"));
|
||||
if (smb_pwd_check_ntlmv1(user_info->lm_resp,
|
||||
nt_pw, auth_context->challenge,
|
||||
user_sess_key))
|
||||
{
|
||||
return NT_STATUS_OK;
|
||||
} else {
|
||||
DEBUG(3,("sam_password_ok: NT MD4 password in LM feild failed for user %s\n",pdb_get_username(sampass)));
|
||||
DEBUG(3,("sam_password_ok: NT MD4 password in LM field failed for user %s\n",pdb_get_username(sampass)));
|
||||
return NT_STATUS_WRONG_PASSWORD;
|
||||
}
|
||||
}
|
||||
@ -403,9 +406,9 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
if (!make_server_info_sam(server_info, sampass)) {
|
||||
DEBUG(0,("failed to malloc memory for server_info\n"));
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
if (!NT_STATUS_IS_OK(nt_status = make_server_info_sam(server_info, sampass))) {
|
||||
DEBUG(0,("check_sam_security: make_server_info_sam() failed with '%s'\n", nt_errstr(nt_status)));
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
lm_hash = pdb_get_lanman_passwd((*server_info)->sam_account);
|
||||
|
@ -285,7 +285,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context
|
||||
* need to detect this as some versions of NT4.x are broken. JRA.
|
||||
*/
|
||||
|
||||
/* I sure as hell hope that there arn't servers out there that take
|
||||
/* I sure as hell hope that there aren't servers out there that take
|
||||
* NTLMv2 and have this bug, as we don't test for that...
|
||||
* - abartlet@samba.org
|
||||
*/
|
||||
@ -375,9 +375,7 @@ use this machine as the password server.\n"));
|
||||
if NT_STATUS_IS_OK(nt_status) {
|
||||
struct passwd *pass = Get_Pwnam(user_info->internal_username.str);
|
||||
if (pass) {
|
||||
if (!make_server_info_pw(server_info, pass)) {
|
||||
nt_status = NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
nt_status = make_server_info_pw(server_info, pass);
|
||||
} else {
|
||||
nt_status = NT_STATUS_NO_SUCH_USER;
|
||||
}
|
||||
|
@ -4,6 +4,7 @@
|
||||
Copyright (C) Andrew Tridgell 1992-1998
|
||||
Copyright (C) Andrew Bartlett 2001
|
||||
Copyright (C) Jeremy Allison 2000-2001
|
||||
Copyright (C) Rafal Szczesniak 2002
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
@ -26,6 +27,11 @@
|
||||
#define DBGC_CLASS DBGC_AUTH
|
||||
|
||||
extern pstring global_myname;
|
||||
extern DOM_SID global_sid_World;
|
||||
extern DOM_SID global_sid_Network;
|
||||
extern DOM_SID global_sid_Builtin_Guests;
|
||||
extern DOM_SID global_sid_Authenticated_Users;
|
||||
|
||||
|
||||
/****************************************************************************
|
||||
Create a UNIX user on demand.
|
||||
@ -76,7 +82,7 @@ void smb_user_control(const auth_usersupplied_info *user_info, auth_serversuppli
|
||||
Create an auth_usersupplied_data structure
|
||||
****************************************************************************/
|
||||
|
||||
static BOOL make_user_info(auth_usersupplied_info **user_info,
|
||||
static NTSTATUS make_user_info(auth_usersupplied_info **user_info,
|
||||
const char *smb_name,
|
||||
const char *internal_username,
|
||||
const char *client_domain,
|
||||
@ -92,7 +98,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
|
||||
*user_info = malloc(sizeof(**user_info));
|
||||
if (!user_info) {
|
||||
DEBUG(0,("malloc failed for user_info (size %d)\n", sizeof(*user_info)));
|
||||
return False;
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
ZERO_STRUCTP(*user_info);
|
||||
@ -104,7 +110,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
|
||||
(*user_info)->smb_name.len = strlen(smb_name);
|
||||
} else {
|
||||
free_user_info(user_info);
|
||||
return False;
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
(*user_info)->internal_username.str = strdup(internal_username);
|
||||
@ -112,7 +118,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
|
||||
(*user_info)->internal_username.len = strlen(internal_username);
|
||||
} else {
|
||||
free_user_info(user_info);
|
||||
return False;
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
(*user_info)->domain.str = strdup(domain);
|
||||
@ -120,7 +126,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
|
||||
(*user_info)->domain.len = strlen(domain);
|
||||
} else {
|
||||
free_user_info(user_info);
|
||||
return False;
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
(*user_info)->client_domain.str = strdup(client_domain);
|
||||
@ -128,7 +134,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
|
||||
(*user_info)->client_domain.len = strlen(client_domain);
|
||||
} else {
|
||||
free_user_info(user_info);
|
||||
return False;
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
(*user_info)->wksta_name.str = strdup(wksta_name);
|
||||
@ -136,7 +142,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
|
||||
(*user_info)->wksta_name.len = strlen(wksta_name);
|
||||
} else {
|
||||
free_user_info(user_info);
|
||||
return False;
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
DEBUG(5,("making blobs for %s's user_info struct\n", internal_username));
|
||||
@ -150,14 +156,14 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
|
||||
|
||||
DEBUG(10,("made an %sencrypted user_info for %s (%s)\n", encrypted ? "":"un" , internal_username, smb_name));
|
||||
|
||||
return True;
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
Create an auth_usersupplied_data structure after appropriate mapping.
|
||||
****************************************************************************/
|
||||
|
||||
BOOL make_user_info_map(auth_usersupplied_info **user_info,
|
||||
NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
|
||||
const char *smb_name,
|
||||
const char *client_domain,
|
||||
const char *wksta_name,
|
||||
@ -198,7 +204,7 @@ BOOL make_user_info_map(auth_usersupplied_info **user_info,
|
||||
client_domain, lp_winbind_separator(),
|
||||
smb_name) < 0) {
|
||||
DEBUG(0, ("make_user_info_map: asprintf() failed!\n"));
|
||||
return False;
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
DEBUG(5, ("make_user_info_map: testing for user %s\n", user));
|
||||
@ -240,6 +246,7 @@ BOOL make_user_info_netlogon_network(auth_usersupplied_info **user_info,
|
||||
const uchar *nt_network_pwd, int nt_pwd_len)
|
||||
{
|
||||
BOOL ret;
|
||||
NTSTATUS nt_status;
|
||||
DATA_BLOB lm_blob = data_blob(lm_network_pwd, lm_pwd_len);
|
||||
DATA_BLOB nt_blob = data_blob(nt_network_pwd, nt_pwd_len);
|
||||
DATA_BLOB plaintext_blob = data_blob(NULL, 0);
|
||||
@ -253,13 +260,15 @@ BOOL make_user_info_netlogon_network(auth_usersupplied_info **user_info,
|
||||
auth_flags |= AUTH_FLAG_NTLMv2_RESP;
|
||||
}
|
||||
|
||||
ret = make_user_info_map(user_info,
|
||||
nt_status = make_user_info_map(user_info,
|
||||
smb_name, client_domain,
|
||||
wksta_name,
|
||||
lm_blob, nt_blob,
|
||||
plaintext_blob,
|
||||
auth_flags, True);
|
||||
|
||||
ret = NT_STATUS_IS_OK(nt_status) ? True : False;
|
||||
|
||||
data_blob_free(&lm_blob);
|
||||
data_blob_free(&nt_blob);
|
||||
return ret;
|
||||
@ -324,6 +333,7 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
|
||||
|
||||
{
|
||||
BOOL ret;
|
||||
NTSTATUS nt_status;
|
||||
DATA_BLOB local_lm_blob = data_blob(local_lm_response, sizeof(local_lm_response));
|
||||
DATA_BLOB local_nt_blob = data_blob(local_nt_response, sizeof(local_nt_response));
|
||||
DATA_BLOB plaintext_blob = data_blob(NULL, 0);
|
||||
@ -333,7 +343,7 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
|
||||
if (nt_interactive_pwd)
|
||||
auth_flags |= AUTH_FLAG_NTLM_RESP;
|
||||
|
||||
ret = make_user_info_map(user_info,
|
||||
nt_status = make_user_info_map(user_info,
|
||||
smb_name, client_domain,
|
||||
wksta_name,
|
||||
local_lm_blob,
|
||||
@ -341,6 +351,7 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
|
||||
plaintext_blob,
|
||||
auth_flags, True);
|
||||
|
||||
ret = NT_STATUS_IS_OK(nt_status) ? True : False;
|
||||
data_blob_free(&local_lm_blob);
|
||||
data_blob_free(&local_nt_blob);
|
||||
return ret;
|
||||
@ -361,7 +372,7 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info,
|
||||
|
||||
DATA_BLOB local_lm_blob;
|
||||
DATA_BLOB local_nt_blob;
|
||||
BOOL ret = False;
|
||||
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
|
||||
uint32 auth_flags = AUTH_FLAG_NONE;
|
||||
|
||||
/*
|
||||
@ -400,14 +411,14 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info,
|
||||
auth_flags, False);
|
||||
|
||||
data_blob_free(&local_lm_blob);
|
||||
return ret;
|
||||
return NT_STATUS_IS_OK(ret) ? True : False;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
Create an auth_usersupplied_data structure
|
||||
****************************************************************************/
|
||||
|
||||
BOOL make_user_info_for_reply_enc(auth_usersupplied_info **user_info,
|
||||
NTSTATUS make_user_info_for_reply_enc(auth_usersupplied_info **user_info,
|
||||
const char *smb_name,
|
||||
const char *client_domain,
|
||||
DATA_BLOB lm_resp, DATA_BLOB nt_resp)
|
||||
@ -445,47 +456,338 @@ BOOL make_user_info_guest(auth_usersupplied_info **user_info)
|
||||
DATA_BLOB nt_blob = data_blob(NULL, 0);
|
||||
DATA_BLOB plaintext_blob = data_blob(NULL, 0);
|
||||
uint32 auth_flags = AUTH_FLAG_NONE;
|
||||
NTSTATUS nt_status;
|
||||
|
||||
return make_user_info(user_info,
|
||||
nt_status = make_user_info(user_info,
|
||||
"","",
|
||||
"","",
|
||||
"",
|
||||
nt_blob, lm_blob,
|
||||
plaintext_blob,
|
||||
auth_flags, True);
|
||||
|
||||
return NT_STATUS_IS_OK(nt_status) ? True : False;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
prints a NT_USER_TOKEN to debug output.
|
||||
****************************************************************************/
|
||||
|
||||
void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token)
|
||||
{
|
||||
fstring sid_str;
|
||||
int i;
|
||||
|
||||
if (!token) {
|
||||
DEBUGC(dbg_class, dbg_lev, ("NT user token: (NULL)\n"));
|
||||
return;
|
||||
}
|
||||
|
||||
DEBUGC(dbg_class, dbg_lev, ("NT user token of user %s\n",
|
||||
sid_to_string(sid_str, &token->user_sids[0]) ));
|
||||
DEBUGADDC(dbg_class, dbg_lev, ("contains %i SIDs\n", token->num_sids));
|
||||
for (i = 0; i < token->num_sids; i++)
|
||||
DEBUGADDC(dbg_class, dbg_lev, ("SID[%3i]: %s\n", i,
|
||||
sid_to_string(sid_str, &token->user_sids[i])));
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
prints a UNIX 'token' to debug output.
|
||||
****************************************************************************/
|
||||
|
||||
void debug_unix_user_token(int dbg_class, int dbg_lev, uid_t uid, gid_t gid, int n_groups, gid_t *groups)
|
||||
{
|
||||
int i;
|
||||
DEBUGC(dbg_class, dbg_lev, ("UNIX token of user %ld\n", (long int)uid));
|
||||
|
||||
DEBUGADDC(dbg_class, dbg_lev, ("Primary group is %ld and contains %i supplementary groups\n", (long int)gid, n_groups));
|
||||
for (i = 0; i < n_groups; i++)
|
||||
DEBUGADDC(dbg_class, dbg_lev, ("Group[%3i]: %ld\n", i,
|
||||
(long int)groups[i]));
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
Create the SID list for this user.
|
||||
****************************************************************************/
|
||||
|
||||
static NTSTATUS create_nt_user_token(const DOM_SID *user_sid, const DOM_SID *group_sid,
|
||||
int n_groupSIDs, DOM_SID *groupSIDs,
|
||||
BOOL is_guest, NT_USER_TOKEN **token)
|
||||
{
|
||||
NTSTATUS nt_status = NT_STATUS_OK;
|
||||
NT_USER_TOKEN *ptoken;
|
||||
int i;
|
||||
int sid_ndx;
|
||||
|
||||
if ((ptoken = malloc( sizeof(NT_USER_TOKEN) ) ) == NULL) {
|
||||
DEBUG(0, ("create_nt_token: Out of memory allocating token\n"));
|
||||
nt_status = NT_STATUS_NO_MEMORY;
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
ZERO_STRUCTP(ptoken);
|
||||
|
||||
ptoken->num_sids = n_groupSIDs + 5;
|
||||
|
||||
if ((ptoken->user_sids = (DOM_SID *)malloc( sizeof(DOM_SID) * ptoken->num_sids )) == NULL) {
|
||||
DEBUG(0, ("create_nt_token: Out of memory allocating SIDs\n"));
|
||||
nt_status = NT_STATUS_NO_MEMORY;
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
memset((char*)ptoken->user_sids,0,sizeof(DOM_SID) * ptoken->num_sids);
|
||||
|
||||
/*
|
||||
* Note - user SID *MUST* be first in token !
|
||||
* se_access_check depends on this.
|
||||
*
|
||||
* Primary group SID is second in token. Convention.
|
||||
*/
|
||||
|
||||
sid_copy(&ptoken->user_sids[PRIMARY_USER_SID_INDEX], user_sid);
|
||||
if (group_sid)
|
||||
sid_copy(&ptoken->user_sids[PRIMARY_GROUP_SID_INDEX], group_sid);
|
||||
|
||||
/*
|
||||
* Finally add the "standard" SIDs.
|
||||
* The only difference between guest and "anonymous" (which we
|
||||
* don't really support) is the addition of Authenticated_Users.
|
||||
*/
|
||||
|
||||
sid_copy(&ptoken->user_sids[2], &global_sid_World);
|
||||
sid_copy(&ptoken->user_sids[3], &global_sid_Network);
|
||||
|
||||
if (is_guest)
|
||||
sid_copy(&ptoken->user_sids[4], &global_sid_Builtin_Guests);
|
||||
else
|
||||
sid_copy(&ptoken->user_sids[4], &global_sid_Authenticated_Users);
|
||||
|
||||
sid_ndx = 5; /* next available spot */
|
||||
|
||||
for (i = 0; i < n_groupSIDs; i++) {
|
||||
int check_sid_idx;
|
||||
for (check_sid_idx = 1; check_sid_idx < ptoken->num_sids; check_sid_idx++) {
|
||||
if (sid_equal(&ptoken->user_sids[check_sid_idx],
|
||||
&groupSIDs[i])) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (check_sid_idx >= ptoken->num_sids) /* Not found already */ {
|
||||
sid_copy(&ptoken->user_sids[sid_ndx++], &groupSIDs[i]);
|
||||
} else {
|
||||
ptoken->num_sids--;
|
||||
}
|
||||
}
|
||||
|
||||
debug_nt_user_token(DBGC_AUTH, 10, ptoken);
|
||||
|
||||
*token = ptoken;
|
||||
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
Create the SID list for this user.
|
||||
****************************************************************************/
|
||||
|
||||
NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups, BOOL is_guest)
|
||||
{
|
||||
DOM_SID user_sid;
|
||||
DOM_SID group_sid;
|
||||
DOM_SID *group_sids;
|
||||
NT_USER_TOKEN *token;
|
||||
int i;
|
||||
|
||||
if (!uid_to_sid(&user_sid, uid)) {
|
||||
return NULL;
|
||||
}
|
||||
if (!gid_to_sid(&group_sid, gid)) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
group_sids = malloc(sizeof(DOM_SID) * ngroups);
|
||||
if (!group_sids) {
|
||||
DEBUG(0, ("create_nt_token: malloc() failed for DOM_SID list!\n"));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
for (i = 0; i < ngroups; i++) {
|
||||
if (!gid_to_sid(&(group_sids)[i], (groups)[i])) {
|
||||
DEBUG(1, ("create_nt_token: failed to convert gid %ld to a sid!\n", (long int)groups[i]));
|
||||
SAFE_FREE(group_sids);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
if (!NT_STATUS_IS_OK(create_nt_user_token(&user_sid, &group_sid,
|
||||
ngroups, group_sids, is_guest, &token))) {
|
||||
SAFE_FREE(group_sids);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
SAFE_FREE(group_sids);
|
||||
|
||||
return token;
|
||||
}
|
||||
|
||||
/******************************************************************************
|
||||
* this function returns the groups (SIDs) of the local SAM the user is in.
|
||||
* If this samba server is a DC of the domain the user belongs to, it returns
|
||||
* both domain groups and local / builtin groups. If the user is in a trusted
|
||||
* domain, or samba is a member server of a domain, then this function returns
|
||||
* local and builtin groups the user is a member of.
|
||||
*
|
||||
* currently this is a hack, as there is no sam implementation that is capable
|
||||
* of groups.
|
||||
******************************************************************************/
|
||||
|
||||
static NTSTATUS get_user_groups_from_local_sam(const DOM_SID *user_sid,
|
||||
int *n_groups, DOM_SID **groups, gid_t **unix_groups)
|
||||
{
|
||||
uid_t uid;
|
||||
enum SID_NAME_USE snu;
|
||||
fstring str;
|
||||
int n_unix_groups;
|
||||
int i;
|
||||
struct passwd *usr;
|
||||
|
||||
*n_groups = 0;
|
||||
*groups = NULL;
|
||||
|
||||
if (!sid_to_uid(user_sid, &uid, &snu)) {
|
||||
DEBUG(2, ("get_user_groups_from_local_sam: Failed to convert user SID %s to a uid!\n",
|
||||
sid_to_string(str, user_sid)));
|
||||
/* This might be a non-unix account */
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
/*
|
||||
* This is _essential_ to prevent occasional segfaults when
|
||||
* winbind can't find uid -> username mapping
|
||||
*/
|
||||
if (!(usr = getpwuid_alloc(uid))) {
|
||||
DEBUG(0, ("Couldn't find passdb structure for UID = %d ! Aborting.\n", uid));
|
||||
return NT_STATUS_NO_SUCH_USER;
|
||||
};
|
||||
|
||||
n_unix_groups = groups_max();
|
||||
if ((*unix_groups = malloc( sizeof(gid_t) * groups_max() ) ) == NULL) {
|
||||
DEBUG(0, ("get_user_groups_from_local_sam: Out of memory allocating unix group list\n"));
|
||||
passwd_free(&usr);
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
if (sys_getgrouplist(usr->pw_name, usr->pw_gid, *unix_groups, &n_unix_groups) == -1) {
|
||||
*unix_groups = Realloc(unix_groups, sizeof(gid_t) * n_unix_groups);
|
||||
if (sys_getgrouplist(usr->pw_name, usr->pw_gid, *unix_groups, &n_unix_groups) == -1) {
|
||||
DEBUG(0, ("get_user_groups_from_local_sam: failed to get the unix group list\n"));
|
||||
SAFE_FREE(unix_groups);
|
||||
passwd_free(&usr);
|
||||
return NT_STATUS_NO_SUCH_USER; /* what should this return value be? */
|
||||
}
|
||||
}
|
||||
|
||||
debug_unix_user_token(DBGC_CLASS, 5, usr->pw_uid, usr->pw_gid, n_unix_groups, *unix_groups);
|
||||
|
||||
passwd_free(&usr);
|
||||
|
||||
if (n_unix_groups > 0) {
|
||||
*groups = malloc(sizeof(DOM_SID) * n_unix_groups);
|
||||
if (!*groups) {
|
||||
DEBUG(0, ("get_user_group_from_local_sam: malloc() failed for DOM_SID list!\n"));
|
||||
SAFE_FREE(unix_groups);
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
}
|
||||
|
||||
*n_groups = n_unix_groups;
|
||||
|
||||
for (i = 0; i < *n_groups; i++) {
|
||||
if (!gid_to_sid(&(*groups)[i], (*unix_groups)[i])) {
|
||||
DEBUG(1, ("get_user_groups_from_local_sam: failed to convert gid %ld to a sid!\n", (long int)unix_groups[i+1]));
|
||||
SAFE_FREE(groups);
|
||||
SAFE_FREE(unix_groups);
|
||||
return NT_STATUS_NO_SUCH_USER;
|
||||
}
|
||||
}
|
||||
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
Make a user_info struct
|
||||
***************************************************************************/
|
||||
|
||||
static BOOL make_server_info(auth_serversupplied_info **server_info)
|
||||
static NTSTATUS make_server_info(auth_serversupplied_info **server_info, SAM_ACCOUNT *sampass)
|
||||
{
|
||||
*server_info = malloc(sizeof(**server_info));
|
||||
if (!*server_info) {
|
||||
DEBUG(0,("make_server_info: malloc failed!\n"));
|
||||
return False;
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
ZERO_STRUCTP(*server_info);
|
||||
return True;
|
||||
|
||||
(*server_info)->sam_fill_level = SAM_FILL_ALL;
|
||||
(*server_info)->sam_account = sampass;
|
||||
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
Make (and fill) a user_info struct from a SAM_ACCOUNT
|
||||
***************************************************************************/
|
||||
|
||||
BOOL make_server_info_sam(auth_serversupplied_info **server_info, SAM_ACCOUNT *sampass)
|
||||
NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info,
|
||||
SAM_ACCOUNT *sampass)
|
||||
{
|
||||
if (!make_server_info(server_info)) {
|
||||
return False;
|
||||
NTSTATUS nt_status = NT_STATUS_OK;
|
||||
const DOM_SID *user_sid = pdb_get_user_sid(sampass);
|
||||
const DOM_SID *group_sid = pdb_get_group_sid(sampass);
|
||||
int n_groupSIDs = 0;
|
||||
DOM_SID *groupSIDs = NULL;
|
||||
gid_t *unix_groups = NULL;
|
||||
NT_USER_TOKEN *token;
|
||||
BOOL is_guest;
|
||||
uint32 rid;
|
||||
|
||||
if (!NT_STATUS_IS_OK(nt_status = make_server_info(server_info, sampass))) {
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
(*server_info)->sam_fill_level = SAM_FILL_ALL;
|
||||
(*server_info)->sam_account = sampass;
|
||||
if (!NT_STATUS_IS_OK(nt_status
|
||||
= get_user_groups_from_local_sam(pdb_get_user_sid(sampass),
|
||||
&n_groupSIDs, &groupSIDs, &unix_groups)))
|
||||
{
|
||||
DEBUG(4,("get_user_groups_from_local_sam failed\n"));
|
||||
free_server_info(server_info);
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
is_guest = (sid_peek_rid(user_sid, &rid) && rid == DOMAIN_USER_RID_GUEST);
|
||||
|
||||
if (!NT_STATUS_IS_OK(nt_status = create_nt_user_token(user_sid, group_sid,
|
||||
n_groupSIDs, groupSIDs, is_guest,
|
||||
&token)))
|
||||
{
|
||||
DEBUG(4,("create_nt_user_token failed\n"));
|
||||
SAFE_FREE(groupSIDs);
|
||||
SAFE_FREE(unix_groups);
|
||||
free_server_info(server_info);
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
SAFE_FREE(groupSIDs);
|
||||
|
||||
(*server_info)->n_groups = n_groupSIDs;
|
||||
(*server_info)->groups = unix_groups;
|
||||
|
||||
(*server_info)->ptok = token;
|
||||
|
||||
DEBUG(5,("make_server_info_sam: made server info for user %s\n",
|
||||
pdb_get_username((*server_info)->sam_account)));
|
||||
return True;
|
||||
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
@ -493,75 +795,42 @@ BOOL make_server_info_sam(auth_serversupplied_info **server_info, SAM_ACCOUNT *s
|
||||
to a SAM_ACCOUNT
|
||||
***************************************************************************/
|
||||
|
||||
BOOL make_server_info_pw(auth_serversupplied_info **server_info, const struct passwd *pwd)
|
||||
NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info, const struct passwd *pwd)
|
||||
{
|
||||
NTSTATUS nt_status;
|
||||
SAM_ACCOUNT *sampass = NULL;
|
||||
if (!NT_STATUS_IS_OK(pdb_init_sam_pw(&sampass, pwd))) {
|
||||
return False;
|
||||
if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_pw(&sampass, pwd))) {
|
||||
return nt_status;
|
||||
}
|
||||
return make_server_info_sam(server_info, sampass);
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
Free a user_info struct
|
||||
Make (and fill) a user_info struct for a guest login.
|
||||
***************************************************************************/
|
||||
|
||||
void free_user_info(auth_usersupplied_info **user_info)
|
||||
NTSTATUS make_server_info_guest(auth_serversupplied_info **server_info)
|
||||
{
|
||||
DEBUG(5,("attempting to free (and zero) a user_info structure\n"));
|
||||
if (*user_info != NULL) {
|
||||
if ((*user_info)->smb_name.str) {
|
||||
DEBUG(10,("structure was created for %s\n", (*user_info)->smb_name.str));
|
||||
}
|
||||
SAFE_FREE((*user_info)->smb_name.str);
|
||||
SAFE_FREE((*user_info)->internal_username.str);
|
||||
SAFE_FREE((*user_info)->client_domain.str);
|
||||
SAFE_FREE((*user_info)->domain.str);
|
||||
SAFE_FREE((*user_info)->wksta_name.str);
|
||||
data_blob_free(&(*user_info)->lm_resp);
|
||||
data_blob_free(&(*user_info)->nt_resp);
|
||||
SAFE_FREE((*user_info)->interactive_password);
|
||||
data_blob_clear_free(&(*user_info)->plaintext_password);
|
||||
ZERO_STRUCT(**user_info);
|
||||
}
|
||||
SAFE_FREE(*user_info);
|
||||
NTSTATUS nt_status;
|
||||
SAM_ACCOUNT *sampass = NULL;
|
||||
DOM_SID guest_sid;
|
||||
|
||||
if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&sampass))) {
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
Clear out a server_info struct that has been allocated
|
||||
***************************************************************************/
|
||||
sid_copy(&guest_sid, get_global_sam_sid());
|
||||
sid_append_rid(&guest_sid, DOMAIN_USER_RID_GUEST);
|
||||
|
||||
void free_server_info(auth_serversupplied_info **server_info)
|
||||
{
|
||||
if (*server_info != NULL) {
|
||||
pdb_free_sam(&(*server_info)->sam_account);
|
||||
|
||||
/* call pam_end here, unless we know we are keeping it */
|
||||
delete_nt_token( &(*server_info)->ptok );
|
||||
ZERO_STRUCT(**server_info);
|
||||
}
|
||||
SAFE_FREE(*server_info);
|
||||
if (!pdb_getsampwsid(sampass, &guest_sid)) {
|
||||
return NT_STATUS_NO_SUCH_USER;
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
Make a server_info struct for a guest user
|
||||
***************************************************************************/
|
||||
nt_status = make_server_info_sam(server_info, sampass);
|
||||
|
||||
BOOL make_server_info_guest(auth_serversupplied_info **server_info)
|
||||
{
|
||||
struct passwd *pass = getpwnam_alloc(lp_guestaccount());
|
||||
|
||||
if (pass) {
|
||||
if (!make_server_info_pw(server_info, pass)) {
|
||||
passwd_free(&pass);
|
||||
return False;
|
||||
}
|
||||
(*server_info)->guest = True;
|
||||
passwd_free(&pass);
|
||||
return True;
|
||||
}
|
||||
DEBUG(0,("make_server_info_guest: getpwnam_alloc() failed on guest account!\n"));
|
||||
return False;
|
||||
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
@ -589,6 +858,15 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
|
||||
uid_t uid;
|
||||
gid_t gid;
|
||||
|
||||
int n_lgroupSIDs;
|
||||
DOM_SID *lgroupSIDs = NULL;
|
||||
|
||||
gid_t *unix_groups = NULL;
|
||||
NT_USER_TOKEN *token;
|
||||
|
||||
DOM_SID *all_group_SIDs;
|
||||
int i;
|
||||
|
||||
/*
|
||||
Here is where we should check the list of
|
||||
trusted domains, and verify that the SID
|
||||
@ -698,49 +976,128 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
if (!make_server_info_sam(server_info, sam_account)) {
|
||||
DEBUG(0, ("make_server_info_info3: make_server_info_sam failed!\n"));
|
||||
if (!NT_STATUS_IS_OK(nt_status = make_server_info(server_info, sam_account))) {
|
||||
DEBUG(4, ("make_server_info failed!\n"));
|
||||
pdb_free_sam(&sam_account);
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
/* Store the user group information in the server_info
|
||||
returned to the caller. */
|
||||
|
||||
if (info3->num_groups2 != 0) {
|
||||
int i;
|
||||
NT_USER_TOKEN *ptok;
|
||||
auth_serversupplied_info *pserver_info = *server_info;
|
||||
|
||||
if ((pserver_info->ptok = malloc( sizeof(NT_USER_TOKEN) ) ) == NULL) {
|
||||
DEBUG(0, ("domain_client_validate: out of memory allocating rid group membership\n"));
|
||||
nt_status = NT_STATUS_NO_MEMORY;
|
||||
free_server_info(server_info);
|
||||
if (!NT_STATUS_IS_OK(nt_status
|
||||
= get_user_groups_from_local_sam(&user_sid,
|
||||
&n_lgroupSIDs,
|
||||
&lgroupSIDs,
|
||||
&unix_groups)))
|
||||
{
|
||||
DEBUG(4,("get_user_groups_from_local_sam failed\n"));
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
ptok = pserver_info->ptok;
|
||||
ptok->num_sids = (size_t)info3->num_groups2;
|
||||
(*server_info)->groups = unix_groups;
|
||||
(*server_info)->n_groups = n_lgroupSIDs;
|
||||
|
||||
if ((ptok->user_sids = (DOM_SID *)malloc( sizeof(DOM_SID) * ptok->num_sids )) == NULL) {
|
||||
DEBUG(0, ("domain_client_validate: Out of memory allocating group SIDS\n"));
|
||||
nt_status = NT_STATUS_NO_MEMORY;
|
||||
free_server_info(server_info);
|
||||
return nt_status;
|
||||
/* Create a 'combined' list of all SIDs we might want in the SD */
|
||||
all_group_SIDs = malloc(sizeof(DOM_SID) *
|
||||
(n_lgroupSIDs + info3->num_groups2 +
|
||||
info3->num_other_sids));
|
||||
if (!all_group_SIDs) {
|
||||
DEBUG(0, ("create_nt_token_info3: malloc() failed for DOM_SID list!\n"));
|
||||
SAFE_FREE(lgroupSIDs);
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
for (i = 0; i < ptok->num_sids; i++) {
|
||||
sid_copy(&ptok->user_sids[i], &(info3->dom_sid.sid));
|
||||
if (!sid_append_rid(&ptok->user_sids[i], info3->gids[i].g_rid)) {
|
||||
/* Copy the 'local' sids */
|
||||
memcpy(all_group_SIDs, lgroupSIDs, sizeof(DOM_SID) * n_lgroupSIDs);
|
||||
SAFE_FREE(lgroupSIDs);
|
||||
|
||||
/* and create (by appending rids) the 'domain' sids */
|
||||
for (i = 0; i < info3->num_groups2; i++) {
|
||||
sid_copy(&all_group_SIDs[i+n_lgroupSIDs], &(info3->dom_sid.sid));
|
||||
if (!sid_append_rid(&all_group_SIDs[i+n_lgroupSIDs], info3->gids[i].g_rid)) {
|
||||
nt_status = NT_STATUS_INVALID_PARAMETER;
|
||||
free_server_info(server_info);
|
||||
DEBUG(3,("create_nt_token_info3: could not append additional group rid 0x%x\n",
|
||||
info3->gids[i].g_rid));
|
||||
SAFE_FREE(lgroupSIDs);
|
||||
return nt_status;
|
||||
}
|
||||
}
|
||||
|
||||
/* Copy 'other' sids. We need to do sid filtering here to
|
||||
prevent possible elevation of privileges. See:
|
||||
|
||||
http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp
|
||||
*/
|
||||
|
||||
for (i = 0; i < info3->num_other_sids; i++)
|
||||
sid_copy(&all_group_SIDs[
|
||||
n_lgroupSIDs + info3->num_groups2 + i],
|
||||
&info3->other_sids[i].sid);
|
||||
|
||||
/* Where are the 'global' sids... */
|
||||
|
||||
/* can the user be guest? if yes, where is it stored? */
|
||||
if (!NT_STATUS_IS_OK(
|
||||
nt_status = create_nt_user_token(
|
||||
&user_sid, &group_sid,
|
||||
n_lgroupSIDs + info3->num_groups2 + info3->num_other_sids,
|
||||
all_group_SIDs, False, &token))) {
|
||||
DEBUG(4,("create_nt_user_token failed\n"));
|
||||
SAFE_FREE(all_group_SIDs);
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
(*server_info)->ptok = token;
|
||||
|
||||
SAFE_FREE(all_group_SIDs);
|
||||
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
Free a user_info struct
|
||||
***************************************************************************/
|
||||
|
||||
void free_user_info(auth_usersupplied_info **user_info)
|
||||
{
|
||||
DEBUG(5,("attempting to free (and zero) a user_info structure\n"));
|
||||
if (*user_info != NULL) {
|
||||
if ((*user_info)->smb_name.str) {
|
||||
DEBUG(10,("structure was created for %s\n", (*user_info)->smb_name.str));
|
||||
}
|
||||
SAFE_FREE((*user_info)->smb_name.str);
|
||||
SAFE_FREE((*user_info)->internal_username.str);
|
||||
SAFE_FREE((*user_info)->client_domain.str);
|
||||
SAFE_FREE((*user_info)->domain.str);
|
||||
SAFE_FREE((*user_info)->wksta_name.str);
|
||||
data_blob_free(&(*user_info)->lm_resp);
|
||||
data_blob_free(&(*user_info)->nt_resp);
|
||||
SAFE_FREE((*user_info)->interactive_password);
|
||||
data_blob_clear_free(&(*user_info)->plaintext_password);
|
||||
ZERO_STRUCT(**user_info);
|
||||
}
|
||||
SAFE_FREE(*user_info);
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
Clear out a server_info struct that has been allocated
|
||||
***************************************************************************/
|
||||
|
||||
void free_server_info(auth_serversupplied_info **server_info)
|
||||
{
|
||||
DEBUG(5,("attempting to free (and zero) a server_info structure\n"));
|
||||
if (*server_info != NULL) {
|
||||
pdb_free_sam(&(*server_info)->sam_account);
|
||||
|
||||
/* call pam_end here, unless we know we are keeping it */
|
||||
delete_nt_token( &(*server_info)->ptok );
|
||||
SAFE_FREE((*server_info)->groups);
|
||||
ZERO_STRUCT(**server_info);
|
||||
}
|
||||
SAFE_FREE(*server_info);
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
Make an auth_methods struct
|
||||
***************************************************************************/
|
||||
|
@ -4,7 +4,7 @@
|
||||
Winbind authentication mechnism
|
||||
|
||||
Copyright (C) Tim Potter 2000
|
||||
Copyright (C) Andrew Bartlett 2001
|
||||
Copyright (C) Andrew Bartlett 2001 - 2002
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -2,7 +2,7 @@
|
||||
Unix SMB/CIFS implementation.
|
||||
SMB client
|
||||
Copyright (C) Andrew Tridgell 1994-1998
|
||||
Copyright (C) Simo Sorce 2001
|
||||
Copyright (C) Simo Sorce 2001-2002
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
@ -307,7 +307,7 @@ static BOOL do_this_one(file_info *finfo)
|
||||
|
||||
if (*fileselection &&
|
||||
!mask_match(finfo->name,fileselection,False)) {
|
||||
DEBUG(3,("match_match %s failed\n", finfo->name));
|
||||
DEBUG(3,("mask_match %s failed\n", finfo->name));
|
||||
return False;
|
||||
}
|
||||
|
||||
@ -649,7 +649,7 @@ static int cmd_du(void)
|
||||
/****************************************************************************
|
||||
get a file from rname to lname
|
||||
****************************************************************************/
|
||||
static int do_get(char *rname,char *lname)
|
||||
static int do_get(char *rname, char *lname, BOOL reget)
|
||||
{
|
||||
int handle = 0, fnum;
|
||||
BOOL newhandle = False;
|
||||
@ -658,6 +658,7 @@ static int do_get(char *rname,char *lname)
|
||||
int read_size = io_bufsize;
|
||||
uint16 attr;
|
||||
size_t size;
|
||||
off_t start = 0;
|
||||
off_t nread = 0;
|
||||
int rc = 0;
|
||||
|
||||
@ -676,8 +677,19 @@ static int do_get(char *rname,char *lname)
|
||||
|
||||
if(!strcmp(lname,"-")) {
|
||||
handle = fileno(stdout);
|
||||
} else {
|
||||
if (reget) {
|
||||
handle = sys_open(lname, O_WRONLY|O_CREAT, 0644);
|
||||
if (handle >= 0) {
|
||||
start = sys_lseek(handle, 0, SEEK_END);
|
||||
if (start == -1) {
|
||||
d_printf("Error seeking local file\n");
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
handle = sys_open(lname, O_WRONLY|O_CREAT|O_TRUNC, 0644);
|
||||
}
|
||||
newhandle = True;
|
||||
}
|
||||
if (handle < 0) {
|
||||
@ -695,7 +707,7 @@ static int do_get(char *rname,char *lname)
|
||||
}
|
||||
|
||||
DEBUG(2,("getting file %s of size %.0f as %s ",
|
||||
lname, (double)size, lname));
|
||||
rname, (double)size, lname));
|
||||
|
||||
if(!(data = (char *)malloc(read_size))) {
|
||||
d_printf("malloc fail for size %d\n", read_size);
|
||||
@ -704,7 +716,7 @@ static int do_get(char *rname,char *lname)
|
||||
}
|
||||
|
||||
while (1) {
|
||||
int n = cli_read(cli, fnum, data, nread, read_size);
|
||||
int n = cli_read(cli, fnum, data, nread + start, read_size);
|
||||
|
||||
if (n <= 0) break;
|
||||
|
||||
@ -717,7 +729,7 @@ static int do_get(char *rname,char *lname)
|
||||
nread += n;
|
||||
}
|
||||
|
||||
if (nread < size) {
|
||||
if (nread + start < size) {
|
||||
DEBUG (0, ("Short read when getting file %s. Only got %ld bytes.\n",
|
||||
rname, (long)nread));
|
||||
|
||||
@ -782,7 +794,7 @@ static int cmd_get(void)
|
||||
|
||||
next_token_nr(NULL,lname,NULL,sizeof(lname));
|
||||
|
||||
return do_get(rname, lname);
|
||||
return do_get(rname, lname, False);
|
||||
}
|
||||
|
||||
|
||||
@ -816,7 +828,7 @@ static void do_mget(file_info *finfo)
|
||||
if (!(finfo->mode & aDIR)) {
|
||||
pstrcpy(rname,cur_dir);
|
||||
pstrcat(rname,finfo->name);
|
||||
do_get(rname,finfo->name);
|
||||
do_get(rname, finfo->name, False);
|
||||
return;
|
||||
}
|
||||
|
||||
@ -880,7 +892,7 @@ static int cmd_more(void)
|
||||
}
|
||||
dos_clean_name(rname);
|
||||
|
||||
rc = do_get(rname,lname);
|
||||
rc = do_get(rname, lname, False);
|
||||
|
||||
pager=getenv("PAGER");
|
||||
|
||||
@ -1046,10 +1058,11 @@ static int cmd_altname(void)
|
||||
/****************************************************************************
|
||||
put a single file
|
||||
****************************************************************************/
|
||||
static int do_put(char *rname,char *lname)
|
||||
static int do_put(char *rname, char *lname, BOOL reput)
|
||||
{
|
||||
int fnum;
|
||||
XFILE *f;
|
||||
int start = 0;
|
||||
int nread = 0;
|
||||
char *buf = NULL;
|
||||
int maxwrite = io_bufsize;
|
||||
@ -1058,7 +1071,18 @@ static int do_put(char *rname,char *lname)
|
||||
struct timeval tp_start;
|
||||
GetTimeOfDay(&tp_start);
|
||||
|
||||
if (reput) {
|
||||
fnum = cli_open(cli, rname, O_RDWR|O_CREAT, DENY_NONE);
|
||||
if (fnum >= 0) {
|
||||
if (!cli_qfileinfo(cli, fnum, NULL, &start, NULL, NULL, NULL, NULL, NULL) &&
|
||||
!cli_getattrE(cli, fnum, NULL, &start, NULL, NULL, NULL)) {
|
||||
d_printf("getattrib: %s\n",cli_errstr(cli));
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
fnum = cli_open(cli, rname, O_RDWR|O_CREAT|O_TRUNC, DENY_NONE);
|
||||
}
|
||||
|
||||
if (fnum == -1) {
|
||||
d_printf("%s opening remote file %s\n",cli_errstr(cli),rname);
|
||||
@ -1075,6 +1099,12 @@ static int do_put(char *rname,char *lname)
|
||||
/* size of file is not known */
|
||||
} else {
|
||||
f = x_fopen(lname,O_RDONLY, 0);
|
||||
if (f && reput) {
|
||||
if (x_tseek(f, start, SEEK_SET) == -1) {
|
||||
d_printf("Error seeking local file\n");
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!f) {
|
||||
@ -1104,7 +1134,7 @@ static int do_put(char *rname,char *lname)
|
||||
break;
|
||||
}
|
||||
|
||||
ret = cli_write(cli, fnum, 0, buf, nread, n);
|
||||
ret = cli_write(cli, fnum, 0, buf, nread + start, n);
|
||||
|
||||
if (n != ret) {
|
||||
d_printf("Error writing file: %s\n", cli_errstr(cli));
|
||||
@ -1192,7 +1222,7 @@ static int cmd_put(void)
|
||||
}
|
||||
}
|
||||
|
||||
return do_put(rname,lname);
|
||||
return do_put(rname, lname, False);
|
||||
}
|
||||
|
||||
/*************************************
|
||||
@ -1384,7 +1414,7 @@ static int cmd_mput(void)
|
||||
|
||||
dos_format(rname);
|
||||
|
||||
do_put(rname, lname);
|
||||
do_put(rname, lname, False);
|
||||
}
|
||||
free_file_list(file_list);
|
||||
SAFE_FREE(quest);
|
||||
@ -1456,7 +1486,7 @@ static int cmd_print(void)
|
||||
slprintf(rname, sizeof(rname)-1, "stdin-%d", (int)sys_getpid());
|
||||
}
|
||||
|
||||
return do_put(rname, lname);
|
||||
return do_put(rname, lname, False);
|
||||
}
|
||||
|
||||
|
||||
@ -1880,6 +1910,68 @@ static int cmd_lcd(void)
|
||||
return 0;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
get a file restarting at end of local file
|
||||
****************************************************************************/
|
||||
static int cmd_reget(void)
|
||||
{
|
||||
pstring local_name;
|
||||
pstring remote_name;
|
||||
char *p;
|
||||
|
||||
pstrcpy(remote_name, cur_dir);
|
||||
pstrcat(remote_name, "\\");
|
||||
|
||||
p = remote_name + strlen(remote_name);
|
||||
|
||||
if (!next_token_nr(NULL, p, NULL, sizeof(remote_name) - strlen(remote_name))) {
|
||||
d_printf("reget <filename>\n");
|
||||
return 1;
|
||||
}
|
||||
pstrcpy(local_name, p);
|
||||
dos_clean_name(remote_name);
|
||||
|
||||
next_token_nr(NULL, local_name, NULL, sizeof(local_name));
|
||||
|
||||
return do_get(remote_name, local_name, True);
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
put a file restarting at end of local file
|
||||
****************************************************************************/
|
||||
static int cmd_reput(void)
|
||||
{
|
||||
pstring local_name;
|
||||
pstring remote_name;
|
||||
fstring buf;
|
||||
char *p = buf;
|
||||
SMB_STRUCT_STAT st;
|
||||
|
||||
pstrcpy(remote_name, cur_dir);
|
||||
pstrcat(remote_name, "\\");
|
||||
|
||||
if (!next_token_nr(NULL, p, NULL, sizeof(buf))) {
|
||||
d_printf("reput <filename>\n");
|
||||
return 1;
|
||||
}
|
||||
pstrcpy(local_name, p);
|
||||
|
||||
if (!file_exist(local_name, &st)) {
|
||||
d_printf("%s does not exist\n", local_name);
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (next_token_nr(NULL, p, NULL, sizeof(buf)))
|
||||
pstrcat(remote_name, p);
|
||||
else
|
||||
pstrcat(remote_name, local_name);
|
||||
|
||||
dos_clean_name(remote_name);
|
||||
|
||||
return do_put(remote_name, local_name, True);
|
||||
}
|
||||
|
||||
|
||||
/****************************************************************************
|
||||
list a share name
|
||||
****************************************************************************/
|
||||
@ -2009,7 +2101,9 @@ static struct
|
||||
{"quit",cmd_quit,"logoff the server",{COMPL_NONE,COMPL_NONE}},
|
||||
{"rd",cmd_rmdir,"<directory> remove a directory",{COMPL_NONE,COMPL_NONE}},
|
||||
{"recurse",cmd_recurse,"toggle directory recursion for mget and mput",{COMPL_NONE,COMPL_NONE}},
|
||||
{"reget",cmd_reget,"<remote name> [local name] get a file restarting at end of local file",{COMPL_REMOTE,COMPL_LOCAL}},
|
||||
{"rename",cmd_rename,"<src> <dest> rename some files",{COMPL_REMOTE,COMPL_REMOTE}},
|
||||
{"reput",cmd_reput,"<local name> [remote name] put a file restarting at end of remote file",{COMPL_LOCAL,COMPL_REMOTE}},
|
||||
{"rm",cmd_del,"<mask> delete all matching files",{COMPL_REMOTE,COMPL_NONE}},
|
||||
{"rmdir",cmd_rmdir,"<directory> remove a directory",{COMPL_NONE,COMPL_NONE}},
|
||||
{"setmode",cmd_setmode,"filename <setmode string> change modes of file",{COMPL_REMOTE,COMPL_NONE}},
|
||||
@ -2524,16 +2618,21 @@ static int do_message_op(void)
|
||||
{
|
||||
struct in_addr ip;
|
||||
struct nmb_name called, calling;
|
||||
|
||||
zero_ip(&ip);
|
||||
fstring server_name;
|
||||
char name_type_hex[10];
|
||||
|
||||
make_nmb_name(&calling, global_myname, 0x0);
|
||||
make_nmb_name(&called , desthost, name_type);
|
||||
|
||||
safe_strcpy(server_name, desthost, sizeof(server_name));
|
||||
snprintf(name_type_hex, sizeof(name_type_hex), "#%X", name_type);
|
||||
safe_strcat(server_name, name_type_hex, sizeof(server_name));
|
||||
|
||||
zero_ip(&ip);
|
||||
if (have_ip) ip = dest_ip;
|
||||
|
||||
if (!(cli=cli_initialise(NULL)) || (cli_set_port(cli, port) != port) || !cli_connect(cli, desthost, &ip)) {
|
||||
if (!(cli=cli_initialise(NULL)) || (cli_set_port(cli, port) != port) ||
|
||||
!cli_connect(cli, server_name, &ip)) {
|
||||
d_printf("Connection to %s failed\n", desthost);
|
||||
return 1;
|
||||
}
|
||||
@ -2659,7 +2758,6 @@ static void remember_query_host(const char *arg,
|
||||
got_pass = True;
|
||||
memset(strchr_m(getenv("USER"),'%')+1,'X',strlen(password));
|
||||
}
|
||||
strupper(username);
|
||||
}
|
||||
|
||||
/* modification to support PASSWD environmental var
|
||||
@ -2676,7 +2774,6 @@ static void remember_query_host(const char *arg,
|
||||
|
||||
if (*username == 0 && getenv("LOGNAME")) {
|
||||
pstrcpy(username,getenv("LOGNAME"));
|
||||
strupper(username);
|
||||
}
|
||||
|
||||
if (*username == 0) {
|
||||
|
@ -148,8 +148,8 @@ do_mount(char *share_name, unsigned int flags, struct smb_mount_data *data)
|
||||
|
||||
uname(&uts);
|
||||
release = uts.release;
|
||||
major = strsep(&release, ".");
|
||||
minor = strsep(&release, ".");
|
||||
major = strtok(release, ".");
|
||||
minor = strtok(NULL, ".");
|
||||
if (major && minor && atoi(major) == 2 && atoi(minor) < 4) {
|
||||
/* < 2.4, assume struct */
|
||||
data1 = (char *) data;
|
||||
|
2198
source3/configure
vendored
2198
source3/configure
vendored
File diff suppressed because it is too large
Load Diff
@ -147,6 +147,7 @@ AC_SUBST(POBAD_CC)
|
||||
AC_SUBST(SHLIBEXT)
|
||||
AC_SUBST(LIBSMBCLIENT_SHARED)
|
||||
AC_SUBST(LIBSMBCLIENT)
|
||||
AC_SUBST(PRINTLIBS)
|
||||
|
||||
# compile with optimization and without debugging by default
|
||||
CFLAGS="-O ${CFLAGS}"
|
||||
@ -431,6 +432,7 @@ AC_CHECK_HEADERS(sys/mman.h sys/filio.h sys/priv.h sys/shm.h string.h strings.h
|
||||
AC_CHECK_HEADERS(sys/mount.h sys/vfs.h sys/fs/s5param.h sys/filsys.h termios.h termio.h)
|
||||
AC_CHECK_HEADERS(sys/termio.h sys/statfs.h sys/dustat.h sys/statvfs.h stdarg.h sys/sockio.h)
|
||||
AC_CHECK_HEADERS(security/pam_modules.h security/_pam_macros.h ldap.h lber.h dlfcn.h)
|
||||
AC_CHECK_HEADERS(sys/syslog.h syslog.h)
|
||||
|
||||
#
|
||||
# HPUX has a bug in that including shadow.h causes a re-definition of MAXINT.
|
||||
@ -496,7 +498,7 @@ if test x$enable_cups != xno; then
|
||||
AC_DEFINE(HAVE_CUPS)
|
||||
CFLAGS="$CFLAGS `$CUPS_CONFIG --cflags`"
|
||||
LDFLAGS="$LDFLAGS `$CUPS_CONFIG --ldflags`"
|
||||
LIBS="$LIBS `$CUPS_CONFIG --libs`"
|
||||
PRINTLIBS="$PRINTLIBS `$CUPS_CONFIG --libs`"
|
||||
fi
|
||||
fi
|
||||
|
||||
@ -894,7 +896,14 @@ case "$host_os" in
|
||||
SONAMEFLAG="-Wl,-h,"
|
||||
PICFLAG="-KPIC" # Is this correct for SunOS
|
||||
;;
|
||||
*bsd*) BLDSHARED="true"
|
||||
*freebsd*) BLDSHARED="true"
|
||||
LDSHFLAGS="-shared"
|
||||
DYNEXP="-Wl,--export-dynamic"
|
||||
SONAMEFLAG="-Wl,-soname,"
|
||||
PICFLAG="-fPIC -DPIC"
|
||||
AC_DEFINE(STAT_ST_BLOCKSIZE,512)
|
||||
;;
|
||||
*openbsd*) BLDSHARED="true"
|
||||
LDSHFLAGS="-shared"
|
||||
DYNEXP="-Wl,-Bdynamic"
|
||||
SONAMEFLAG="-Wl,-soname,"
|
||||
@ -922,12 +931,10 @@ case "$host_os" in
|
||||
BLDSHARED="true"
|
||||
LDSHFLAGS="-Wl,-bexpall,-bM:SRE,-bnoentry"
|
||||
DYNEXP="-Wl,-brtl,-bexpall"
|
||||
if test "${GCC}" = "yes"; then
|
||||
PICFLAG="-O2"
|
||||
else
|
||||
PICFLAG="-O2 -qmaxmem=6000"
|
||||
if test "${GCC}" != "yes"; then
|
||||
## for funky AIX compiler using strncpy()
|
||||
CFLAGS="$CFLAGS -D_LINUX_SOURCE_COMPAT"
|
||||
CFLAGS="$CFLAGS -D_LINUX_SOURCE_COMPAT -qmaxmem=32000"
|
||||
fi
|
||||
|
||||
AC_DEFINE(STAT_ST_BLOCKSIZE,DEV_BSIZE)
|
||||
@ -1820,6 +1827,16 @@ if test x"$samba_cv_HAVE_STAT_ST_BLOCKS" = x"yes"; then
|
||||
AC_DEFINE(HAVE_STAT_ST_BLOCKS)
|
||||
fi
|
||||
|
||||
AC_CACHE_CHECK([for st_blksize in struct stat],samba_cv_HAVE_STAT_ST_BLKSIZE,[
|
||||
AC_TRY_COMPILE([#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <unistd.h>],
|
||||
[struct stat st; st.st_blksize = 0;],
|
||||
samba_cv_HAVE_STAT_ST_BLKSIZE=yes,samba_cv_HAVE_STAT_ST_BLKSIZE=no,samba_cv_HAVE_STAT_ST_BLKSIZE=cross)])
|
||||
if test x"$samba_cv_HAVE_STAT_ST_BLKSIZE" = x"yes"; then
|
||||
AC_DEFINE(HAVE_STAT_ST_BLKSIZE)
|
||||
fi
|
||||
|
||||
case "$host_os" in
|
||||
*linux*)
|
||||
AC_CACHE_CHECK([for broken RedHat 7.2 system header files],samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS,[
|
||||
@ -1924,19 +1941,29 @@ AC_ARG_WITH(dfs,
|
||||
AC_MSG_RESULT(no)
|
||||
)
|
||||
|
||||
|
||||
#################################################
|
||||
# see if this box has the RedHat location for kerberos
|
||||
AC_MSG_CHECKING(for /usr/kerberos)
|
||||
if test -d /usr/kerberos; then
|
||||
LDFLAGS="$LDFLAGS -L/usr/kerberos/lib"
|
||||
CFLAGS="$CFLAGS -I/usr/kerberos/include"
|
||||
CPPFLAGS="$CPPFLAGS -I/usr/kerberos/include"
|
||||
AC_MSG_RESULT(yes)
|
||||
else
|
||||
AC_MSG_RESULT(no)
|
||||
# active directory support
|
||||
|
||||
with_ads_support=yes
|
||||
AC_MSG_CHECKING([whether to use Active Directory])
|
||||
|
||||
AC_ARG_WITH(ads,
|
||||
[ --with-ads Active Directory support (default yes)],
|
||||
[ case "$withval" in
|
||||
no)
|
||||
with_ads_support=no
|
||||
;;
|
||||
esac ])
|
||||
|
||||
if test x"$with_ads_support" = x"yes"; then
|
||||
AC_DEFINE(WITH_ADS)
|
||||
fi
|
||||
|
||||
AC_MSG_RESULT($with_ads_support)
|
||||
|
||||
FOUND_KRB5=no
|
||||
if test x"$with_ads_support" = x"yes"; then
|
||||
|
||||
#################################################
|
||||
# check for location of Kerberos 5 install
|
||||
AC_MSG_CHECKING(for kerberos 5 install path)
|
||||
@ -1952,11 +1979,28 @@ AC_ARG_WITH(krb5,
|
||||
CFLAGS="$CFLAGS -I$withval/include"
|
||||
CPPFLAGS="$CPPFLAGS -I$withval/include"
|
||||
LDFLAGS="$LDFLAGS -L$withval/lib"
|
||||
FOUND_KRB5=yes
|
||||
;;
|
||||
esac ],
|
||||
AC_MSG_RESULT(no)
|
||||
)
|
||||
|
||||
|
||||
if test x$FOUND_KRB5 = x"no"; then
|
||||
#################################################
|
||||
# see if this box has the RedHat location for kerberos
|
||||
AC_MSG_CHECKING(for /usr/kerberos)
|
||||
if test -d /usr/kerberos; then
|
||||
LDFLAGS="$LDFLAGS -L/usr/kerberos/lib"
|
||||
CFLAGS="$CFLAGS -I/usr/kerberos/include"
|
||||
CPPFLAGS="$CPPFLAGS -I/usr/kerberos/include"
|
||||
AC_MSG_RESULT(yes)
|
||||
else
|
||||
AC_MSG_RESULT(no)
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
# now check for krb5.h. Some systems have the libraries without the headers!
|
||||
# note that this check is done here to allow for different kerberos
|
||||
# include paths
|
||||
@ -1981,6 +2025,25 @@ AC_CHECK_LIB(krb5, krb5_mk_req_extended, [LIBS="$LIBS -lkrb5";
|
||||
# now see if we can find the gssapi libs in standard paths
|
||||
AC_CHECK_LIB(gssapi_krb5, gss_display_status, [LIBS="$LIBS -lgssapi_krb5";
|
||||
AC_DEFINE(HAVE_GSSAPI)])
|
||||
fi
|
||||
|
||||
########################################################
|
||||
# Compile with LDAP support?
|
||||
|
||||
with_ldap_support=yes
|
||||
AC_MSG_CHECKING([whether to use LDAP])
|
||||
|
||||
AC_ARG_WITH(ldap,
|
||||
[ --with-ldap LDAP support (default yes)],
|
||||
[ case "$withval" in
|
||||
no)
|
||||
with_ldap_support=no
|
||||
;;
|
||||
esac ])
|
||||
|
||||
AC_MSG_RESULT($with_ldap_support)
|
||||
|
||||
if test x"$with_ldap_support" = x"yes"; then
|
||||
|
||||
##################################################################
|
||||
# we might need the lber lib on some systems. To avoid link errors
|
||||
@ -2003,6 +2066,7 @@ AC_CHECK_LIB(ldap, ldap_domain2hostlist, [LIBS="$LIBS -lldap";
|
||||
#include <ldap.h>], [ldap_set_rebind_proc(0, 0, 0);], [pam_ldap_cv_ldap_set_rebind_proc=3], [pam_ldap_cv_ldap_set_rebind_proc=2]) ])
|
||||
AC_DEFINE_UNQUOTED(LDAP_SET_REBIND_PROC_ARGS, $pam_ldap_cv_ldap_set_rebind_proc)
|
||||
fi
|
||||
fi
|
||||
|
||||
#################################################
|
||||
# check for automount support
|
||||
@ -2104,7 +2168,7 @@ AC_ARG_WITH(pam_smbpass,
|
||||
###############################################
|
||||
# test for where we get crypt() from, but only
|
||||
# if not using PAM
|
||||
if test $with_pam_for_crypt = no; then
|
||||
if test x"$with_pam_for_crypt" = x"no"; then
|
||||
AC_CHECK_FUNCS(crypt)
|
||||
if test x"$ac_cv_func_crypt" = x"no"; then
|
||||
AC_CHECK_LIB(crypt, crypt, [LIBS="$LIBS -lcrypt";
|
||||
@ -2127,6 +2191,22 @@ if test x"$samba_cv_HAVE_TRUNCATED_SALT" = x"yes"; then
|
||||
fi
|
||||
fi
|
||||
|
||||
# New experimental SAM system
|
||||
|
||||
AC_MSG_CHECKING([whether to build the new (experimental) SAM database])
|
||||
AC_ARG_WITH(sam,
|
||||
[ --with-sam Build new (experimental) SAM database (default=no)],
|
||||
[ case "$withval" in
|
||||
yes)
|
||||
AC_MSG_RESULT(yes)
|
||||
AC_DEFINE(WITH_SAM)
|
||||
;;
|
||||
*)
|
||||
AC_MSG_RESULT(no)
|
||||
;;
|
||||
esac ],
|
||||
AC_MSG_RESULT(no)
|
||||
)
|
||||
|
||||
|
||||
########################################################################################
|
||||
@ -2633,6 +2713,163 @@ samba_cv_HAVE_ACL_GET_PERM_NP=yes,samba_cv_HAVE_ACL_GET_PERM_NP=no)])
|
||||
AC_MSG_RESULT(no)
|
||||
)
|
||||
|
||||
#################################################
|
||||
# check for sendfile support
|
||||
|
||||
AC_MSG_CHECKING(whether to support sendfile)
|
||||
AC_ARG_WITH(sendfile-support,
|
||||
[ --with-sendfile-support Include sendfile support (default=no)],
|
||||
[ case "$withval" in
|
||||
yes)
|
||||
|
||||
case "$host_os" in
|
||||
*linux*)
|
||||
AC_CACHE_CHECK([for linux sendfile64 support],samba_cv_HAVE_SENDFILE64,[
|
||||
AC_TRY_LINK([#include <sys/sendfile.h>],
|
||||
[\
|
||||
int tofd, fromfd;
|
||||
off64_t offset;
|
||||
size_t total;
|
||||
ssize_t nwritten = sendfile64(tofd, fromfd, &offset, total);
|
||||
],
|
||||
samba_cv_HAVE_SENDFILE64=yes,samba_cv_HAVE_SENDFILE64=no)])
|
||||
|
||||
AC_CACHE_CHECK([for linux sendfile support],samba_cv_HAVE_SENDFILE,[
|
||||
AC_TRY_LINK([#include <sys/sendfile.h>],
|
||||
[\
|
||||
int tofd, fromfd;
|
||||
off_t offset;
|
||||
size_t total;
|
||||
ssize_t nwritten = sendfile(tofd, fromfd, &offset, total);
|
||||
],
|
||||
samba_cv_HAVE_SENDFILE=yes,samba_cv_HAVE_SENDFILE=no)])
|
||||
|
||||
# Try and cope with broken Linux sendfile....
|
||||
AC_CACHE_CHECK([for broken linux sendfile support],samba_cv_HAVE_BROKEN_LINUX_SENDFILE,[
|
||||
AC_TRY_LINK([\
|
||||
#if defined(_FILE_OFFSET_BITS) && (_FILE_OFFSET_BITS == 64)
|
||||
#undef _FILE_OFFSET_BITS
|
||||
#endif
|
||||
#include <sys/sendfile.h>],
|
||||
[\
|
||||
int tofd, fromfd;
|
||||
off_t offset;
|
||||
size_t total;
|
||||
ssize_t nwritten = sendfile(tofd, fromfd, &offset, total);
|
||||
],
|
||||
samba_cv_HAVE_BROKEN_LINUX_SENDFILE=yes,samba_cv_HAVE_BROKEN_LINUX_SENDFILE=no)])
|
||||
|
||||
if test x"$samba_cv_HAVE_SENDFILE64" = x"yes"; then
|
||||
AC_DEFINE(HAVE_SENDFILE64)
|
||||
AC_DEFINE(LINUX_SENDFILE_API)
|
||||
AC_DEFINE(WITH_SENDFILE)
|
||||
elif test x"$samba_cv_HAVE_SENDFILE" = x"yes"; then
|
||||
AC_DEFINE(HAVE_SENDFILE)
|
||||
AC_DEFINE(LINUX_SENDFILE_API)
|
||||
AC_DEFINE(WITH_SENDFILE)
|
||||
elif test x"$samba_cv_HAVE_BROKEN_LINUX_SENDFILE" = x"yes"; then
|
||||
AC_DEFINE(LINUX_BROKEN_SENDFILE_API)
|
||||
AC_DEFINE(WITH_SENDFILE)
|
||||
else
|
||||
AC_MSG_RESULT(no);
|
||||
fi
|
||||
|
||||
;;
|
||||
*freebsd*)
|
||||
AC_CACHE_CHECK([for freebsd sendfile support],samba_cv_HAVE_SENDFILE,[
|
||||
AC_TRY_LINK([\
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/uio.h>],
|
||||
[\
|
||||
int fromfd, tofd;
|
||||
off_t offset, nwritten;
|
||||
struct sf_hdtr hdr;
|
||||
struct iovec hdtrl;
|
||||
hdr->headers = &hdtrl;
|
||||
hdr->hdr_cnt = 1;
|
||||
hdr->trailers = NULL;
|
||||
hdr->trl_cnt = 0;
|
||||
hdtrl.iov_base = NULL;
|
||||
hdtrl.iov_len = 0;
|
||||
int ret = sendfile(fromfd, tofd, offset, total, &hdr, &nwritten, 0);
|
||||
],
|
||||
samba_cv_HAVE_SENDFILE=yes,samba_cv_HAVE_SENDFILE=no)])
|
||||
|
||||
if test x"$samba_cv_HAVE_SENDFILE" = x"yes"; then
|
||||
AC_DEFINE(HAVE_SENDFILE)
|
||||
AC_DEFINE(FREEBSD_SENDFILE_API)
|
||||
AC_DEFINE(WITH_SENDFILE)
|
||||
else
|
||||
AC_MSG_RESULT(no);
|
||||
fi
|
||||
;;
|
||||
|
||||
*hpux*)
|
||||
AC_CACHE_CHECK([for hpux sendfile64 support],samba_cv_HAVE_SENDFILE64,[
|
||||
AC_TRY_LINK([\
|
||||
#include <sys/socket.h>
|
||||
#include <sys/uio.h>],
|
||||
[\
|
||||
int fromfd, tofd;
|
||||
size_t total=0;
|
||||
struct iovec hdtrl[2];
|
||||
ssize_t nwritten;
|
||||
off64_t offset;
|
||||
|
||||
hdtrl[0].iov_base = 0;
|
||||
hdtrl[0].iov_len = 0;
|
||||
|
||||
nwritten = sendfile64(tofd, fromfd, offset, total, &hdtrl[0], 0);
|
||||
],
|
||||
samba_cv_HAVE_SENDFILE64=yes,samba_cv_HAVE_SENDFILE64=no)])
|
||||
if test x"$samba_cv_HAVE_SENDFILE64" = x"yes"; then
|
||||
AC_DEFINE(HAVE_SENDFILE64)
|
||||
AC_DEFINE(HPUX_SENDFILE_API)
|
||||
AC_DEFINE(WITH_SENDFILE)
|
||||
else
|
||||
AC_MSG_RESULT(no);
|
||||
fi
|
||||
|
||||
AC_CACHE_CHECK([for hpux sendfile support],samba_cv_HAVE_SENDFILE,[
|
||||
AC_TRY_LINK([\
|
||||
#include <sys/socket.h>
|
||||
#include <sys/uio.h>],
|
||||
[\
|
||||
int fromfd, tofd;
|
||||
size_t total=0;
|
||||
struct iovec hdtrl[2];
|
||||
ssize_t nwritten;
|
||||
off_t offset;
|
||||
|
||||
hdtrl[0].iov_base = 0;
|
||||
hdtrl[0].iov_len = 0;
|
||||
|
||||
nwritten = sendfile(tofd, fromfd, offset, total, &hdtrl[0], 0);
|
||||
],
|
||||
samba_cv_HAVE_SENDFILE=yes,samba_cv_HAVE_SENDFILE=no)])
|
||||
if test x"$samba_cv_HAVE_SENDFILE" = x"yes"; then
|
||||
AC_DEFINE(HAVE_SENDFILE)
|
||||
AC_DEFINE(HPUX_SENDFILE_API)
|
||||
AC_DEFINE(WITH_SENDFILE)
|
||||
else
|
||||
AC_MSG_RESULT(no);
|
||||
fi
|
||||
|
||||
;;
|
||||
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
*)
|
||||
AC_MSG_RESULT(no)
|
||||
;;
|
||||
esac ],
|
||||
AC_MSG_RESULT(no)
|
||||
)
|
||||
|
||||
|
||||
#################################################
|
||||
# Check whether winbind is supported on this platform. If so we need to
|
||||
# build and install client programs (WINBIND_TARGETS), sbin programs
|
||||
@ -2778,6 +3015,26 @@ fi
|
||||
AC_SUBST(BUILD_POPT)
|
||||
AC_SUBST(FLAGS1)
|
||||
|
||||
#################################################
|
||||
# Check if the user wants Python
|
||||
|
||||
# At the moment, you can use this to set which Python binary to link
|
||||
# against. (Libraries built for Python2.2 can't be used by 2.1,
|
||||
# though they can coexist in different directories.) In the future
|
||||
# this might make the Python stuff be built by default.
|
||||
|
||||
AC_ARG_WITH(python,
|
||||
[ --with-python=PYTHONNAME build Python libraries],
|
||||
[ case "${withval-python}" in
|
||||
yes)
|
||||
PYTHON=python
|
||||
;;
|
||||
*)
|
||||
PYTHON=${withval-python}
|
||||
;;
|
||||
esac ])
|
||||
AC_SUBST(PYTHON)
|
||||
|
||||
#################################################
|
||||
# do extra things if we are running insure
|
||||
|
||||
@ -2797,7 +3054,10 @@ AC_TRY_RUN([#include "${srcdir-.}/tests/summary.c"],
|
||||
builddir=`pwd`
|
||||
AC_SUBST(builddir)
|
||||
|
||||
AC_OUTPUT(include/stamp-h Makefile script/findsmb ../examples/VFS/Makefile ../examples/VFS/block/Makefile)
|
||||
# I added make files that are outside /source directory.
|
||||
# I know this is not a good solution, will work out a better
|
||||
# solution soon. --simo
|
||||
AC_OUTPUT(include/stamp-h Makefile script/findsmb ../examples/VFS/Makefile ../examples/pdb/mysql/Makefile ../examples/pdb/xml/Makefile ../examples/sam/Makefile)
|
||||
|
||||
#################################################
|
||||
# Print very concise instructions on building/use
|
||||
|
@ -41,9 +41,7 @@ BOOL initialise_alias_db(void)
|
||||
return True;
|
||||
}
|
||||
|
||||
#ifdef WITH_NISPLUS
|
||||
aldb_ops = nisplus_initialise_alias_db();
|
||||
#elif defined(WITH_LDAP)
|
||||
#ifdef WITH_LDAP
|
||||
aldb_ops = ldap_initialise_alias_db();
|
||||
#else
|
||||
aldb_ops = file_initialise_alias_db();
|
||||
|
@ -39,9 +39,7 @@ BOOL initialise_group_db(void)
|
||||
return True;
|
||||
}
|
||||
|
||||
#ifdef WITH_NISPLUS
|
||||
gpdb_ops = nisplus_initialise_group_db();
|
||||
#elif defined(WITH_LDAP)
|
||||
#ifdef WITH_LDAP
|
||||
gpdb_ops = ldap_initialise_group_db();
|
||||
#else
|
||||
gpdb_ops = file_initialise_group_db();
|
||||
|
@ -434,7 +434,7 @@ BOOL check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set)
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
remove a privilege to a privilege array
|
||||
remove a privilege from a privilege array
|
||||
****************************************************************************/
|
||||
BOOL remove_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set)
|
||||
{
|
||||
@ -1156,16 +1156,42 @@ BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids)
|
||||
Create a UNIX group on demand.
|
||||
****************************************************************************/
|
||||
|
||||
int smb_create_group(char *unix_group)
|
||||
int smb_create_group(char *unix_group, gid_t *new_gid)
|
||||
{
|
||||
pstring add_script;
|
||||
int ret;
|
||||
int fd = 0;
|
||||
|
||||
pstrcpy(add_script, lp_addgroup_script());
|
||||
if (! *add_script) return -1;
|
||||
pstring_sub(add_script, "%g", unix_group);
|
||||
ret = smbrun(add_script,NULL);
|
||||
ret = smbrun(add_script, (new_gid!=NULL) ? &fd : NULL);
|
||||
DEBUG(3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret));
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
if (fd != 0) {
|
||||
fstring output;
|
||||
|
||||
*new_gid = 0;
|
||||
if (read(fd, output, sizeof(output)) > 0) {
|
||||
*new_gid = (gid_t)strtoul(output, NULL, 10);
|
||||
}
|
||||
close(fd);
|
||||
|
||||
if (*new_gid == 0) {
|
||||
/* The output was garbage. We assume nobody
|
||||
will create group 0 via smbd. Now we try to
|
||||
get the group via getgrnam. */
|
||||
|
||||
struct group *grp = getgrnam(unix_group);
|
||||
if (grp != NULL)
|
||||
*new_gid = grp->gr_gid;
|
||||
else
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -1187,7 +1213,25 @@ int smb_delete_group(char *unix_group)
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
Create a UNIX group on demand.
|
||||
Set a user's primary UNIX group.
|
||||
****************************************************************************/
|
||||
int smb_set_primary_group(const char *unix_group, const char* unix_user)
|
||||
{
|
||||
pstring add_script;
|
||||
int ret;
|
||||
|
||||
pstrcpy(add_script, lp_setprimarygroup_script());
|
||||
if (! *add_script) return -1;
|
||||
all_string_sub(add_script, "%g", unix_group, sizeof(add_script));
|
||||
all_string_sub(add_script, "%u", unix_user, sizeof(add_script));
|
||||
ret = smbrun(add_script,NULL);
|
||||
DEBUG(3,("smb_set_primary_group: "
|
||||
"Running the command `%s' gave %d\n",add_script,ret));
|
||||
return ret;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
Add a user to a UNIX group.
|
||||
****************************************************************************/
|
||||
|
||||
int smb_add_user_group(char *unix_group, char *unix_user)
|
||||
@ -1205,7 +1249,7 @@ int smb_add_user_group(char *unix_group, char *unix_user)
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
Delete a UNIX group on demand.
|
||||
Delete a user from a UNIX group
|
||||
****************************************************************************/
|
||||
|
||||
int smb_delete_user_group(const char *unix_group, const char *unix_user)
|
||||
|
@ -24,7 +24,8 @@ typedef struct {
|
||||
char *password;
|
||||
char *user_name;
|
||||
char *kdc_server;
|
||||
int no_bind;
|
||||
unsigned flags;
|
||||
int time_offset;
|
||||
} auth;
|
||||
|
||||
/* info derived from the servers config */
|
||||
@ -32,6 +33,7 @@ typedef struct {
|
||||
char *realm;
|
||||
char *bind_path;
|
||||
char *ldap_server_name;
|
||||
time_t current_time;
|
||||
} config;
|
||||
} ADS_STRUCT;
|
||||
|
||||
@ -92,11 +94,14 @@ typedef struct {
|
||||
|
||||
/* there are 4 possible types of errors the ads subsystem can produce */
|
||||
enum ads_error_type {ADS_ERROR_KRB5, ADS_ERROR_GSS,
|
||||
ADS_ERROR_LDAP, ADS_ERROR_SYSTEM};
|
||||
ADS_ERROR_LDAP, ADS_ERROR_SYSTEM, ADS_ERROR_NT};
|
||||
|
||||
typedef struct {
|
||||
enum ads_error_type error_type;
|
||||
union err_state{
|
||||
int rc;
|
||||
NTSTATUS nt_status;
|
||||
} err;
|
||||
/* For error_type = ADS_ERROR_GSS minor_status describe GSS API error */
|
||||
/* Where rc represents major_status of GSS API error */
|
||||
int minor_status;
|
||||
@ -109,12 +114,14 @@ typedef void **ADS_MODLIST;
|
||||
#endif
|
||||
|
||||
/* macros to simplify error returning */
|
||||
#define ADS_ERROR(rc) ads_build_error(ADS_ERROR_LDAP, rc, 0)
|
||||
#define ADS_ERROR(rc) ADS_ERROR_LDAP(rc)
|
||||
#define ADS_ERROR_LDAP(rc) ads_build_error(ADS_ERROR_LDAP, rc, 0)
|
||||
#define ADS_ERROR_SYSTEM(rc) ads_build_error(ADS_ERROR_SYSTEM, rc?rc:EINVAL, 0)
|
||||
#define ADS_ERROR_KRB5(rc) ads_build_error(ADS_ERROR_KRB5, rc, 0)
|
||||
#define ADS_ERROR_GSS(rc, minor) ads_build_error(ADS_ERROR_GSS, rc, minor)
|
||||
#define ADS_ERROR_NT(rc) ads_build_nt_error(ADS_ERROR_NT,rc)
|
||||
|
||||
#define ADS_ERR_OK(status) ((status).rc == 0)
|
||||
#define ADS_ERR_OK(status) ((status.error_type == ADS_ERROR_NT) ? NT_STATUS_IS_OK(status.err.nt_status):(status.err.rc == 0))
|
||||
#define ADS_SUCCESS ADS_ERROR(0)
|
||||
|
||||
/* time between reconnect attempts */
|
||||
@ -127,24 +134,102 @@ typedef void **ADS_MODLIST;
|
||||
#define ADS_PAGE_CTL_OID "1.2.840.113556.1.4.319"
|
||||
#define ADS_NO_REFERRALS_OID "1.2.840.113556.1.4.1339"
|
||||
#define ADS_SERVER_SORT_OID "1.2.840.113556.1.4.473"
|
||||
#define ADS_PERMIT_MODIFY_OID "1.2.840.113556.1.4.1413"
|
||||
|
||||
#define UF_DONT_EXPIRE_PASSWD 0x10000
|
||||
#define UF_MNS_LOGON_ACCOUNT 0x20000
|
||||
#define UF_SMARTCARD_REQUIRED 0x40000
|
||||
#define UF_TRUSTED_FOR_DELEGATION 0x80000
|
||||
#define UF_NOT_DELEGATED 0x100000
|
||||
#define UF_USE_DES_KEY_ONLY 0x200000
|
||||
#define UF_DONT_REQUIRE_PREAUTH 0x400000
|
||||
/* UserFlags for userAccountControl */
|
||||
#define UF_SCRIPT 0x00000001
|
||||
#define UF_ACCOUNTDISABLE 0x00000002
|
||||
#define UF_UNUSED_1 0x00000004
|
||||
#define UF_HOMEDIR_REQUIRED 0x00000008
|
||||
|
||||
#define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
|
||||
#define UF_NORMAL_ACCOUNT 0x0200
|
||||
#define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
|
||||
#define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
|
||||
#define UF_SERVER_TRUST_ACCOUNT 0x2000
|
||||
#define UF_LOCKOUT 0x00000010
|
||||
#define UF_PASSWD_NOTREQD 0x00000020
|
||||
#define UF_PASSWD_CANT_CHANGE 0x00000040
|
||||
#define UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED 0x00000080
|
||||
|
||||
/* account types */
|
||||
#define ATYPE_GROUP 0x10000000
|
||||
#define ATYPE_USER 0x30000000
|
||||
#define UF_TEMP_DUPLICATE_ACCOUNT 0x00000100
|
||||
#define UF_NORMAL_ACCOUNT 0x00000200
|
||||
#define UF_UNUSED_2 0x00000400
|
||||
#define UF_INTERDOMAIN_TRUST_ACCOUNT 0x00000800
|
||||
|
||||
#define UF_WORKSTATION_TRUST_ACCOUNT 0x00001000
|
||||
#define UF_SERVER_TRUST_ACCOUNT 0x00002000
|
||||
#define UF_UNUSED_3 0x00004000
|
||||
#define UF_UNUSED_4 0x00008000
|
||||
|
||||
#define UF_DONT_EXPIRE_PASSWD 0x00010000
|
||||
#define UF_MNS_LOGON_ACCOUNT 0x00020000
|
||||
#define UF_SMARTCARD_REQUIRED 0x00040000
|
||||
#define UF_TRUSTED_FOR_DELEGATION 0x00080000
|
||||
|
||||
#define UF_NOT_DELEGATED 0x00100000
|
||||
#define UF_USE_DES_KEY_ONLY 0x00200000
|
||||
#define UF_DONT_REQUIRE_PREAUTH 0x00400000
|
||||
#define UF_UNUSED_5 0x00800000
|
||||
|
||||
#define UF_UNUSED_6 0x01000000
|
||||
#define UF_UNUSED_7 0x02000000
|
||||
#define UF_UNUSED_8 0x04000000
|
||||
#define UF_UNUSED_9 0x08000000
|
||||
|
||||
#define UF_UNUSED_10 0x10000000
|
||||
#define UF_UNUSED_11 0x20000000
|
||||
#define UF_UNUSED_12 0x40000000
|
||||
#define UF_UNUSED_13 0x80000000
|
||||
|
||||
#define UF_MACHINE_ACCOUNT_MASK (\
|
||||
UF_INTERDOMAIN_TRUST_ACCOUNT |\
|
||||
UF_WORKSTATION_TRUST_ACCOUNT |\
|
||||
UF_SERVER_TRUST_ACCOUNT \
|
||||
)
|
||||
|
||||
#define UF_ACCOUNT_TYPE_MASK (\
|
||||
UF_TEMP_DUPLICATE_ACCOUNT |\
|
||||
UF_NORMAL_ACCOUNT |\
|
||||
UF_INTERDOMAIN_TRUST_ACCOUNT |\
|
||||
UF_WORKSTATION_TRUST_ACCOUNT |\
|
||||
UF_SERVER_TRUST_ACCOUNT \
|
||||
)
|
||||
|
||||
#define UF_SETTABLE_BITS (\
|
||||
UF_SCRIPT |\
|
||||
UF_ACCOUNTDISABLE |\
|
||||
UF_HOMEDIR_REQUIRED |\
|
||||
UF_LOCKOUT |\
|
||||
UF_PASSWD_NOTREQD |\
|
||||
UF_PASSWD_CANT_CHANGE |\
|
||||
UF_ACCOUNT_TYPE_MASK | \
|
||||
UF_DONT_EXPIRE_PASSWD | \
|
||||
UF_MNS_LOGON_ACCOUNT |\
|
||||
UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED |\
|
||||
UF_SMARTCARD_REQUIRED |\
|
||||
UF_TRUSTED_FOR_DELEGATION |\
|
||||
UF_NOT_DELEGATED |\
|
||||
UF_USE_DES_KEY_ONLY |\
|
||||
UF_DONT_REQUIRE_PREAUTH \
|
||||
)
|
||||
|
||||
/* sAMAccountType */
|
||||
#define ATYPE_NORMAL_ACCOUNT 0x30000000 /* 805306368 */
|
||||
#define ATYPE_WORKSTATION_TRUST 0x30000001 /* 805306369 */
|
||||
#define ATYPE_INTERDOMAIN_TRUST 0x30000002 /* 805306370 */
|
||||
#define ATYPE_SECURITY_GLOBAL_GROUP 0x10000000 /* 268435456 */
|
||||
#define ATYPE_DISTRIBUTION_GLOBAL_GROUP 0x10000001 /* 268435457 */
|
||||
#define ATYPE_DISTRIBUTION_UNIVERSAL_GROUP ATYPE_DISTRIBUTION_GLOBAL_GROUP
|
||||
#define ATYPE_SECURITY_LOCAL_GROUP 0x20000000 /* 536870912 */
|
||||
#define ATYPE_DISTRIBUTION_LOCAL_GROUP 0x20000001 /* 536870913 */
|
||||
|
||||
#define ATYPE_ACCOUNT ATYPE_NORMAL_ACCOUNT /* 0x30000000 805306368 */
|
||||
#define ATYPE_GLOBAL_GROUP ATYPE_SECURITY_GLOBAL_GROUP /* 0x10000000 268435456 */
|
||||
#define ATYPE_LOCAL_GROUP ATYPE_SECURITY_LOCAL_GROUP /* 0x20000000 536870912 */
|
||||
|
||||
/* groupType */
|
||||
#define GTYPE_SECURITY_BUILTIN_LOCAL_GROUP 0x80000005 /* -2147483643 */
|
||||
#define GTYPE_SECURITY_DOMAIN_LOCAL_GROUP 0x80000004 /* -2147483644 */
|
||||
#define GTYPE_SECURITY_GLOBAL_GROUP 0x80000002 /* -2147483646 */
|
||||
#define GTYPE_DISTRIBUTION_GLOBAL_GROUP 0x00000002 /* 2 */
|
||||
#define GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP 0x00000004 /* 4 */
|
||||
#define GTYPE_DISTRIBUTION_UNIVERSAL_GROUP 0x00000008 /* 8 */
|
||||
|
||||
/* Mailslot or cldap getdcname response flags */
|
||||
#define ADS_PDC 0x00000001 /* DC is PDC */
|
||||
@ -167,3 +252,8 @@ typedef void **ADS_MODLIST;
|
||||
/* DomainCntrollerAddressType */
|
||||
#define ADS_INET_ADDRESS 0x00000001
|
||||
#define ADS_NETBIOS_ADDRESS 0x00000002
|
||||
|
||||
|
||||
/* ads auth control flags */
|
||||
#define ADS_AUTH_DISABLE_KERBEROS 1
|
||||
#define ADS_AUTH_NO_BIND 2
|
||||
|
@ -45,6 +45,7 @@ typedef struct {
|
||||
#define ASN1_BOOLEAN 0x1
|
||||
#define ASN1_INTEGER 0x2
|
||||
#define ASN1_ENUMERATED 0xa
|
||||
#define ASN1_SET 0x31
|
||||
|
||||
#define ASN1_MAX_OIDS 20
|
||||
|
||||
|
@ -60,6 +60,7 @@ struct print_job_info
|
||||
typedef struct smb_sign_info {
|
||||
BOOL use_smb_signing;
|
||||
BOOL negotiated_smb_signing;
|
||||
BOOL temp_smb_signing;
|
||||
size_t mac_key_len;
|
||||
uint8 mac_key[44];
|
||||
uint32 send_seq_num;
|
||||
|
@ -232,6 +232,7 @@
|
||||
#undef MMAP_BLACKLIST
|
||||
#undef HAVE_IMMEDIATE_STRUCTURES
|
||||
#undef HAVE_CUPS
|
||||
#undef WITH_SAM
|
||||
#undef WITH_LDAP_SAM
|
||||
#undef WITH_NISPLUS_SAM
|
||||
#undef WITH_TDB_SAM
|
||||
@ -252,6 +253,7 @@
|
||||
#undef HAVE_LDAP
|
||||
#undef HAVE_STAT_ST_BLOCKS
|
||||
#undef STAT_ST_BLOCKSIZE
|
||||
#undef HAVE_STAT_ST_BLKSIZE
|
||||
#undef HAVE_DEVICE_MAJOR_FN
|
||||
#undef HAVE_DEVICE_MINOR_FN
|
||||
#undef HAVE_PASSWD_PW_COMMENT
|
||||
@ -286,6 +288,14 @@
|
||||
#endif
|
||||
|
||||
#undef LDAP_SET_REBIND_PROC_ARGS
|
||||
#undef HAVE_SENDFILE
|
||||
#undef HAVE_SENDFILE64
|
||||
#undef LINUX_SENDFILE_API
|
||||
#undef LINUX_BROKEN_SENDFILE_API
|
||||
#undef WITH_SENDFILE
|
||||
#undef FREEBSD_SENDFILE_API
|
||||
#undef HPUX_SENDFILE_API
|
||||
#undef WITH_ADS
|
||||
|
||||
/* The number of bytes in a int. */
|
||||
#undef SIZEOF_INT
|
||||
@ -1088,6 +1098,9 @@
|
||||
/* Define if you have the <sys/syscall.h> header file. */
|
||||
#undef HAVE_SYS_SYSCALL_H
|
||||
|
||||
/* Define if you have the <sys/syslog.h> header file. */
|
||||
#undef HAVE_SYS_SYSLOG_H
|
||||
|
||||
/* Define if you have the <sys/termio.h> header file. */
|
||||
#undef HAVE_SYS_TERMIO_H
|
||||
|
||||
@ -1106,6 +1119,9 @@
|
||||
/* Define if you have the <syscall.h> header file. */
|
||||
#undef HAVE_SYSCALL_H
|
||||
|
||||
/* Define if you have the <syslog.h> header file. */
|
||||
#undef HAVE_SYSLOG_H
|
||||
|
||||
/* Define if you have the <termio.h> header file. */
|
||||
#undef HAVE_TERMIO_H
|
||||
|
||||
|
@ -89,9 +89,10 @@ extern int DEBUGLEVEL;
|
||||
#define DBGC_RPC_SRV 6
|
||||
#define DBGC_RPC_CLI 7
|
||||
#define DBGC_PASSDB 8
|
||||
#define DBGC_AUTH 9
|
||||
#define DBGC_WINBIND 10
|
||||
|
||||
#define DBGC_SAM 9
|
||||
#define DBGC_AUTH 10
|
||||
#define DBGC_WINBIND 11
|
||||
#define DBGC_VFS 12
|
||||
|
||||
/* So you can define DBGC_CLASS before including debug.h */
|
||||
#ifndef DBGC_CLASS
|
||||
|
@ -148,17 +148,20 @@
|
||||
/* these are win32 error codes. There are only a few places where
|
||||
these matter for Samba, primarily in the NT printing code */
|
||||
#define WERR_OK W_ERROR(0)
|
||||
#define WERR_BADFUNC W_ERROR(1)
|
||||
#define WERR_BADFILE W_ERROR(2)
|
||||
#define WERR_ACCESS_DENIED W_ERROR(5)
|
||||
#define WERR_BADFID W_ERROR(6)
|
||||
#define WERR_BADFUNC W_ERROR(1)
|
||||
#define WERR_INSUFFICIENT_BUFFER W_ERROR(122)
|
||||
#define WERR_NOMEM W_ERROR(8)
|
||||
#define WERR_GENERAL_FAILURE W_ERROR(31)
|
||||
#define WERR_NOT_SUPPORTED W_ERROR(50)
|
||||
#define WERR_PRINTQ_FULL W_ERROR(61)
|
||||
#define WERR_NO_SPOOL_SPACE W_ERROR(62)
|
||||
#define WERR_NO_SUCH_SHARE W_ERROR(67)
|
||||
#define WERR_ALREADY_EXISTS W_ERROR(80)
|
||||
#define WERR_INVALID_PARAM W_ERROR(87)
|
||||
#define WERR_NOT_SUPPORTED W_ERROR(50)
|
||||
#define WERR_BAD_PASSWORD W_ERROR(86)
|
||||
#define WERR_NOMEM W_ERROR(8)
|
||||
#define WERR_INVALID_PARAM W_ERROR(87)
|
||||
#define WERR_INSUFFICIENT_BUFFER W_ERROR(122)
|
||||
#define WERR_INVALID_NAME W_ERROR(123)
|
||||
#define WERR_UNKNOWN_LEVEL W_ERROR(124)
|
||||
#define WERR_OBJECT_PATH_INVALID W_ERROR(161)
|
||||
|
@ -216,7 +216,15 @@
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <netdb.h>
|
||||
|
||||
#ifdef HAVE_SYSLOG_H
|
||||
#include <syslog.h>
|
||||
#else
|
||||
#ifdef HAVE_SYS_SYSLOG_H
|
||||
#include <sys/syslog.h>
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#include <sys/file.h>
|
||||
|
||||
#ifdef HAVE_NETINET_TCP_H
|
||||
@ -406,18 +414,14 @@
|
||||
|
||||
#if HAVE_GSSAPI_GSSAPI_H
|
||||
#include <gssapi/gssapi.h>
|
||||
#else
|
||||
#undef HAVE_KRB5
|
||||
#endif
|
||||
|
||||
#if HAVE_GSSAPI_GSSAPI_GENERIC_H
|
||||
#include <gssapi/gssapi_generic.h>
|
||||
#else
|
||||
#undef HAVE_KRB5
|
||||
#endif
|
||||
|
||||
/* we support ADS if we have krb5 and ldap libs */
|
||||
#if defined(HAVE_KRB5) && defined(HAVE_LDAP) && defined(HAVE_GSSAPI)
|
||||
/* we support ADS if we want it and have krb5 and ldap libs */
|
||||
#if defined(WITH_ADS) && defined(HAVE_KRB5) && defined(HAVE_LDAP)
|
||||
#define HAVE_ADS
|
||||
#endif
|
||||
|
||||
@ -702,6 +706,7 @@ extern int errno;
|
||||
#include "../tdb/spinlock.h"
|
||||
#include "../tdb/tdbutil.h"
|
||||
#include "talloc.h"
|
||||
#include "nt_status.h"
|
||||
#include "ads.h"
|
||||
#include "interfaces.h"
|
||||
#include "hash.h"
|
||||
@ -747,6 +752,8 @@ extern int errno;
|
||||
|
||||
#include "passdb.h"
|
||||
|
||||
#include "sam.h"
|
||||
|
||||
#include "session.h"
|
||||
|
||||
#include "asn_1.h"
|
||||
@ -755,6 +762,8 @@ extern int errno;
|
||||
|
||||
#include "mangle.h"
|
||||
|
||||
#include "nsswitch/winbind_client.h"
|
||||
|
||||
/*
|
||||
* Type for wide character dirent structure.
|
||||
* Only d_name is defined by POSIX.
|
||||
@ -794,6 +803,11 @@ struct functable {
|
||||
|
||||
#include "nsswitch/nss.h"
|
||||
|
||||
/* forward declaration from printing.h to get around
|
||||
header file dependencies */
|
||||
|
||||
struct printjob;
|
||||
|
||||
/***** automatically generated prototypes *****/
|
||||
#include "proto.h"
|
||||
|
||||
@ -895,24 +909,6 @@ struct functable {
|
||||
#define ULTRIX_AUTH 1
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_LIBREADLINE
|
||||
# ifdef HAVE_READLINE_READLINE_H
|
||||
# include <readline/readline.h>
|
||||
# ifdef HAVE_READLINE_HISTORY_H
|
||||
# include <readline/history.h>
|
||||
# endif
|
||||
# else
|
||||
# ifdef HAVE_READLINE_H
|
||||
# include <readline.h>
|
||||
# ifdef HAVE_HISTORY_H
|
||||
# include <history.h>
|
||||
# endif
|
||||
# else
|
||||
# undef HAVE_LIBREADLINE
|
||||
# endif
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_STRDUP
|
||||
char *strdup(const char *s);
|
||||
#endif
|
||||
|
@ -333,7 +333,7 @@ typedef struct _SMBCCTX {
|
||||
|
||||
/** Space to store private data of the server cache.
|
||||
*/
|
||||
void * server_cache;
|
||||
struct smbc_server_cache * server_cache;
|
||||
|
||||
/** INTERNAL functions
|
||||
* do _NOT_ touch these from your program !
|
||||
|
@ -67,10 +67,6 @@
|
||||
#define MAX_OPEN_FILES 10000
|
||||
#endif
|
||||
|
||||
/* the max number of simultanous connections to the server by all clients */
|
||||
/* zero means no limit. */
|
||||
#define MAXSTATUS 0
|
||||
|
||||
#define WORDMAX 0xFFFF
|
||||
|
||||
/* the maximum password length before we declare a likely attack */
|
||||
@ -117,7 +113,7 @@
|
||||
#endif
|
||||
|
||||
/* the size of the uid cache used to reduce valid user checks */
|
||||
#define UID_CACHE_SIZE 4
|
||||
#define VUID_CACHE_SIZE 32
|
||||
|
||||
/* the following control timings of various actions. Don't change
|
||||
them unless you know what you are doing. These are all in seconds */
|
||||
@ -126,7 +122,6 @@
|
||||
#define IDLE_CLOSED_TIMEOUT (60)
|
||||
#define DPTR_IDLE_TIMEOUT (120)
|
||||
#define SMBD_SELECT_TIMEOUT (60)
|
||||
#define SMBD_SELECT_TIMEOUT_WITH_PENDING_LOCKS (10)
|
||||
#define NMBD_SELECT_LOOP (10)
|
||||
#define BROWSE_INTERVAL (60)
|
||||
#define REGISTRATION_INTERVAL (10*60)
|
||||
|
@ -59,4 +59,12 @@
|
||||
#define MSG_SMB_SAM_SYNC 3003
|
||||
#define MSG_SMB_SAM_REPL 3004
|
||||
|
||||
/* Flags to classify messages - used in message_send_all() */
|
||||
/* Sender will filter by flag. */
|
||||
|
||||
#define FLAG_MSG_GENERAL 0x0001
|
||||
#define FLAG_MSG_SMBD 0x0002
|
||||
#define FLAG_MSG_NMBD 0x0004
|
||||
#define FLAG_MSG_PRINTING 0x0008
|
||||
|
||||
#endif
|
||||
|
@ -181,6 +181,7 @@ typedef struct nt_printer_driver_info_level
|
||||
#define SPOOL_DSDRIVER_KEY "DsDriver"
|
||||
#define SPOOL_DSUSER_KEY "DsUser"
|
||||
#define SPOOL_PNPDATA_KEY "PnPData"
|
||||
#define SPOOL_OID_KEY "OID"
|
||||
|
||||
/* container for a single registry key */
|
||||
|
||||
@ -350,7 +351,7 @@ typedef struct _form
|
||||
|
||||
#define SPOOLSS_NOTIFY_MSG_UNIX_JOBID 0x0001 /* Job id is unix */
|
||||
|
||||
struct spoolss_notify_msg {
|
||||
typedef struct spoolss_notify_msg {
|
||||
fstring printer; /* Name of printer notified */
|
||||
uint32 type; /* Printer or job notify */
|
||||
uint32 field; /* Notify field changed */
|
||||
@ -361,6 +362,18 @@ struct spoolss_notify_msg {
|
||||
uint32 value[2];
|
||||
char *data;
|
||||
} notify;
|
||||
};
|
||||
} SPOOLSS_NOTIFY_MSG;
|
||||
|
||||
typedef struct {
|
||||
fstring printername;
|
||||
uint32 num_msgs;
|
||||
SPOOLSS_NOTIFY_MSG *msgs;
|
||||
} SPOOLSS_NOTIFY_MSG_GROUP;
|
||||
|
||||
typedef struct {
|
||||
TALLOC_CTX *ctx;
|
||||
uint32 num_groups;
|
||||
SPOOLSS_NOTIFY_MSG_GROUP *msg_groups;
|
||||
} SPOOLSS_NOTIFY_MSG_CTR;
|
||||
|
||||
#endif /* NT_PRINTING_H_ */
|
||||
|
@ -43,6 +43,7 @@ struct printjob {
|
||||
fstring jobname; /* the job name given to us by the client */
|
||||
fstring user; /* the user who started the job */
|
||||
fstring queuename; /* service number of printer for this job */
|
||||
NT_DEVICEMODE *nt_devmode;
|
||||
};
|
||||
|
||||
/* Information for print interfaces */
|
||||
|
@ -4,6 +4,7 @@
|
||||
Copyright (C) Andrew Tridgell 1992-1997
|
||||
Copyright (C) Luke Kenneth Casson Leighton 1996-1997
|
||||
Copyright (C) Paul Ashton 1997
|
||||
Copyright (C) Jean Fran<61>ois Micouleau 2002
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
@ -36,6 +37,7 @@
|
||||
#define NET_LOGON_CTRL2 0x0e
|
||||
#define NET_SAM_SYNC 0x10
|
||||
#define NET_TRUST_DOM_LIST 0x13
|
||||
#define NET_AUTH3 0x1a
|
||||
|
||||
/* Secure Channel types. used in NetrServerAuthenticate negotiation */
|
||||
#define SEC_CHAN_WKSTA 2
|
||||
@ -43,22 +45,27 @@
|
||||
#define SEC_CHAN_BDC 6
|
||||
|
||||
/* Returned delta types */
|
||||
#define SAM_DELTA_DOMAIN_INFO 0x01 /* Domain */
|
||||
#define SAM_DELTA_GROUP_INFO 0x02 /* Domain groups */
|
||||
#define SAM_DELTA_ACCOUNT_INFO 0x05 /* Users */
|
||||
#define SAM_DELTA_GROUP_MEM 0x08 /* Group membership */
|
||||
#define SAM_DELTA_ALIAS_INFO 0x09 /* Local groups */
|
||||
#define SAM_DELTA_ALIAS_MEM 0x0C /* Local group membership */
|
||||
#define SAM_DELTA_DOM_INFO 0x0D /* Privilige stuff */
|
||||
#define SAM_DELTA_UNK0E_INFO 0x0e /* Privilige stuff */
|
||||
#define SAM_DELTA_PRIVS_INFO 0x10 /* Privilige stuff */
|
||||
#define SAM_DELTA_UNK12_INFO 0x12 /* Privilige stuff */
|
||||
#define SAM_DELTA_SAM_STAMP 0x16 /* Some kind of journal record? */
|
||||
#define SAM_DELTA_DOMAIN_INFO 0x01
|
||||
#define SAM_DELTA_GROUP_INFO 0x02
|
||||
#define SAM_DELTA_RENAME_GROUP 0x04
|
||||
#define SAM_DELTA_ACCOUNT_INFO 0x05
|
||||
#define SAM_DELTA_RENAME_USER 0x07
|
||||
#define SAM_DELTA_GROUP_MEM 0x08
|
||||
#define SAM_DELTA_ALIAS_INFO 0x09
|
||||
#define SAM_DELTA_RENAME_ALIAS 0x0b
|
||||
#define SAM_DELTA_ALIAS_MEM 0x0c
|
||||
#define SAM_DELTA_POLICY_INFO 0x0d
|
||||
#define SAM_DELTA_TRUST_DOMS 0x0e
|
||||
#define SAM_DELTA_PRIVS_INFO 0x10 /* DT_DELTA_ACCOUNTS */
|
||||
#define SAM_DELTA_SECRET_INFO 0x12
|
||||
#define SAM_DELTA_DELETE_GROUP 0x14
|
||||
#define SAM_DELTA_DELETE_USER 0x15
|
||||
#define SAM_DELTA_MODIFIED_COUNT 0x16
|
||||
|
||||
/* SAM database types */
|
||||
#define SAM_DATABASE_DOMAIN 0x00 /* Domain users and groups */
|
||||
#define SAM_DATABASE_BUILTIN 0x01 /* BUILTIN users and groups */
|
||||
#define SAM_DATABASE_PRIVS 0x02 /* Priviliges? */
|
||||
#define SAM_DATABASE_PRIVS 0x02 /* Privileges */
|
||||
|
||||
#if 0
|
||||
/* I think this is correct - it's what gets parsed on the wire. JRA. */
|
||||
@ -157,8 +164,8 @@ typedef struct net_user_info_3
|
||||
uint32 buffer_dom_id; /* undocumented logon domain id pointer */
|
||||
uint8 padding[40]; /* unused padding bytes. expansion room */
|
||||
|
||||
uint32 num_other_sids; /* 0 - num_sids */
|
||||
uint32 buffer_other_sids; /* NULL - undocumented pointer to SIDs. */
|
||||
uint32 num_other_sids; /* number of foreign/trusted domain sids */
|
||||
uint32 buffer_other_sids;
|
||||
|
||||
UNISTR2 uni_user_name; /* username unicode string */
|
||||
UNISTR2 uni_full_name; /* user's full name unicode string */
|
||||
@ -177,7 +184,7 @@ typedef struct net_user_info_3
|
||||
|
||||
uint32 num_other_groups; /* other groups */
|
||||
DOM_GID *other_gids; /* group info */
|
||||
DOM_SID2 *other_sids; /* undocumented - domain SIDs */
|
||||
DOM_SID2 *other_sids; /* foreign/trusted domain SIDs */
|
||||
|
||||
} NET_USER_INFO_3;
|
||||
|
||||
@ -370,6 +377,23 @@ typedef struct net_r_auth2_info
|
||||
NTSTATUS status; /* return code */
|
||||
} NET_R_AUTH_2;
|
||||
|
||||
/* NET_Q_AUTH_3 */
|
||||
typedef struct net_q_auth3_info
|
||||
{
|
||||
DOM_LOG_INFO clnt_id; /* client identification info */
|
||||
DOM_CHAL clnt_chal; /* client-calculated credentials */
|
||||
NEG_FLAGS clnt_flgs; /* usually 0x6007 ffff */
|
||||
} NET_Q_AUTH_3;
|
||||
|
||||
/* NET_R_AUTH_3 */
|
||||
typedef struct net_r_auth3_info
|
||||
{
|
||||
DOM_CHAL srv_chal; /* server-calculated credentials */
|
||||
NEG_FLAGS srv_flgs; /* usually 0x6007 ffff */
|
||||
uint32 unknown; /* 0x0000045b */
|
||||
NTSTATUS status; /* return code */
|
||||
} NET_R_AUTH_3;
|
||||
|
||||
|
||||
/* NET_Q_SRV_PWSET */
|
||||
typedef struct net_q_srv_pwset_info
|
||||
@ -692,51 +716,37 @@ typedef struct sam_alias_mem_info_info
|
||||
} SAM_ALIAS_MEM_INFO;
|
||||
|
||||
|
||||
/* SAM_DELTA_DOM (0x0D) */
|
||||
/* SAM_DELTA_POLICY (0x0D) */
|
||||
typedef struct
|
||||
{
|
||||
uint32 unknown1; /* 0x5000 */
|
||||
uint32 unknown2; /* 0 */
|
||||
uint32 unknown3; /* 0 */
|
||||
uint32 unknown4; /* 0 */
|
||||
uint32 count1;
|
||||
uint32 ptr1;
|
||||
uint16 count2;
|
||||
uint16 count3;
|
||||
uint32 ptr2;
|
||||
uint32 ptr3;
|
||||
uint32 max_log_size; /* 0x5000 */
|
||||
UINT64_S audit_retention_period; /* 0 */
|
||||
uint32 auditing_mode; /* 0 */
|
||||
uint32 num_events;
|
||||
uint32 ptr_events;
|
||||
UNIHDR hdr_dom_name;
|
||||
uint32 sid_ptr;
|
||||
|
||||
uint32 unknown4b; /* 0x02000000 */
|
||||
uint32 unknown5; /* 0x00100000 */
|
||||
uint32 unknown6; /* 0x00010000 */
|
||||
uint32 unknown7; /* 0x0f000000 */
|
||||
uint32 unknown8; /* 0 */
|
||||
uint32 unknown9; /* 0 */
|
||||
uint32 unknown10; /* 0 */
|
||||
uint32 unknown11; /* 0x3c*/
|
||||
uint32 unknown12; /* 0*/
|
||||
uint32 paged_pool_limit; /* 0x02000000 */
|
||||
uint32 non_paged_pool_limit; /* 0x00100000 */
|
||||
uint32 min_workset_size; /* 0x00010000 */
|
||||
uint32 max_workset_size; /* 0x0f000000 */
|
||||
uint32 page_file_limit; /* 0 */
|
||||
UINT64_S time_limit; /* 0 */
|
||||
NTTIME modify_time; /* 0x3c*/
|
||||
NTTIME create_time; /* a7080110 */
|
||||
BUFHDR2 hdr_sec_desc;
|
||||
|
||||
uint32 unknown13; /* a7080110 */
|
||||
uint32 unknown14; /* 01bfb0dd */
|
||||
uint32 unknown15; /* 0f */
|
||||
uint32 unknown16; /* 68 */
|
||||
uint32 unknown17; /* 00169000 */
|
||||
|
||||
uint32 count4;
|
||||
uint32 unknown18; /* 0 times count4 */
|
||||
|
||||
uint32 unknown19; /* 8 */
|
||||
|
||||
uint32 unknown20; /* 0x04 times count1 */
|
||||
|
||||
uint32 ptr4;
|
||||
uint32 num_event_audit_options;
|
||||
uint32 event_audit_option;
|
||||
|
||||
UNISTR2 domain_name;
|
||||
DOM_SID2 domain_sid;
|
||||
|
||||
} SAM_DELTA_DOM;
|
||||
BUFFER4 buf_sec_desc;
|
||||
} SAM_DELTA_POLICY;
|
||||
|
||||
/* SAM_DELTA_UNK0E (0x0e) */
|
||||
/* SAM_DELTA_TRUST_DOMS */
|
||||
typedef struct
|
||||
{
|
||||
uint32 buf_size;
|
||||
@ -754,34 +764,29 @@ typedef struct
|
||||
uint32 unknown3;
|
||||
UNISTR2 domain;
|
||||
|
||||
} SAM_DELTA_UNK0E;
|
||||
} SAM_DELTA_TRUSTDOMS;
|
||||
|
||||
/* SAM_DELTA_PRIVS (0x10) */
|
||||
typedef struct
|
||||
{
|
||||
uint32 buf_size;
|
||||
SEC_DESC *sec_desc;
|
||||
DOM_SID2 sid;
|
||||
|
||||
uint32 priv_count;
|
||||
uint32 reserved1; /* 0x0 */
|
||||
uint32 priv_control;
|
||||
|
||||
uint32 ptr1;
|
||||
uint32 ptr2;
|
||||
uint32 priv_attr_ptr;
|
||||
uint32 priv_name_ptr;
|
||||
|
||||
uint32 unknown1;
|
||||
uint32 unknown2;
|
||||
uint32 unknown3;
|
||||
uint32 unknown4;
|
||||
uint32 unknown5;
|
||||
uint32 unknown6;
|
||||
uint32 unknown7;
|
||||
uint32 unknown8;
|
||||
uint32 unknown9;
|
||||
uint32 paged_pool_limit; /* 0x02000000 */
|
||||
uint32 non_paged_pool_limit; /* 0x00100000 */
|
||||
uint32 min_workset_size; /* 0x00010000 */
|
||||
uint32 max_workset_size; /* 0x0f000000 */
|
||||
uint32 page_file_limit; /* 0 */
|
||||
UINT64_S time_limit; /* 0 */
|
||||
uint32 system_flags; /* 1 */
|
||||
BUFHDR2 hdr_sec_desc;
|
||||
|
||||
uint32 buf_size2;
|
||||
uint32 ptr3;
|
||||
uint32 unknown10; /* 48 bytes 0x0*/
|
||||
|
||||
uint32 attribute_count;
|
||||
uint32 *attributes;
|
||||
@ -790,10 +795,10 @@ typedef struct
|
||||
UNIHDR *hdr_privslist;
|
||||
UNISTR2 *uni_privslist;
|
||||
|
||||
|
||||
BUFFER4 buf_sec_desc;
|
||||
} SAM_DELTA_PRIVS;
|
||||
|
||||
/* SAM_DELTA_UNK12 (0x12) */
|
||||
/* SAM_DELTA_SECRET */
|
||||
typedef struct
|
||||
{
|
||||
uint32 buf_size;
|
||||
@ -827,15 +832,15 @@ typedef struct
|
||||
uint32 buf_size3;
|
||||
SEC_DESC *sec_desc2;
|
||||
|
||||
} SAM_DELTA_UNK12;
|
||||
} SAM_DELTA_SECRET;
|
||||
|
||||
/* SAM_DELTA_STAMP (0x16) */
|
||||
/* SAM_DELTA_MOD_COUNT (0x16) */
|
||||
typedef struct
|
||||
{
|
||||
uint32 seqnum;
|
||||
uint32 dom_mod_count_ptr;
|
||||
UINT64_S dom_mod_count; /* domain mod count at last sync */
|
||||
} SAM_DELTA_STAMP;
|
||||
} SAM_DELTA_MOD_COUNT;
|
||||
|
||||
typedef union sam_delta_ctr_info
|
||||
{
|
||||
@ -845,11 +850,11 @@ typedef union sam_delta_ctr_info
|
||||
SAM_GROUP_MEM_INFO grp_mem_info;
|
||||
SAM_ALIAS_INFO alias_info ;
|
||||
SAM_ALIAS_MEM_INFO als_mem_info;
|
||||
SAM_DELTA_DOM dom_info;
|
||||
SAM_DELTA_POLICY policy_info;
|
||||
SAM_DELTA_PRIVS privs_info;
|
||||
SAM_DELTA_STAMP stamp;
|
||||
SAM_DELTA_UNK0E unk0e_info;
|
||||
SAM_DELTA_UNK12 unk12_info;
|
||||
SAM_DELTA_MOD_COUNT mod_count;
|
||||
SAM_DELTA_TRUSTDOMS trustdoms_info;
|
||||
SAM_DELTA_SECRET secret_info;
|
||||
} SAM_DELTA_CTR;
|
||||
|
||||
/* NET_R_SAM_SYNC */
|
||||
|
@ -1240,8 +1240,8 @@ typedef struct job_info_ctr_info
|
||||
{
|
||||
union
|
||||
{
|
||||
JOB_INFO_1 **job_info_1;
|
||||
JOB_INFO_2 **job_info_2;
|
||||
JOB_INFO_1 *job_info_1;
|
||||
JOB_INFO_2 *job_info_2;
|
||||
void *info;
|
||||
} job;
|
||||
|
||||
|
@ -3,7 +3,7 @@
|
||||
SMB parameters and setup, plus a whole lot more.
|
||||
|
||||
Copyright (C) Andrew Tridgell 1992-2000
|
||||
Copyright (C) John H Terpstra 1996-2000
|
||||
Copyright (C) John H Terpstra 1996-2002
|
||||
Copyright (C) Luke Kenneth Casson Leighton 1996-2000
|
||||
Copyright (C) Paul Ashton 1998-2000
|
||||
Copyright (C) Simo Sorce 2001-2002
|
||||
@ -193,44 +193,6 @@ typedef struct nttime_info
|
||||
} NTTIME;
|
||||
|
||||
|
||||
/* The Splint code analysis tool doesn't like immediate structures. */
|
||||
|
||||
#ifdef _SPLINT_ /* http://www.splint.org */
|
||||
#undef HAVE_IMMEDIATE_STRUCTURES
|
||||
#endif
|
||||
|
||||
/* the following rather strange looking definitions of NTSTATUS and WERROR
|
||||
and there in order to catch common coding errors where different error types
|
||||
are mixed up. This is especially important as we slowly convert Samba
|
||||
from using BOOL for internal functions
|
||||
*/
|
||||
|
||||
#if defined(HAVE_IMMEDIATE_STRUCTURES)
|
||||
typedef struct {uint32 v;} NTSTATUS;
|
||||
#define NT_STATUS(x) ((NTSTATUS) { x })
|
||||
#define NT_STATUS_V(x) ((x).v)
|
||||
#else
|
||||
typedef uint32 NTSTATUS;
|
||||
#define NT_STATUS(x) (x)
|
||||
#define NT_STATUS_V(x) (x)
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_IMMEDIATE_STRUCTURES)
|
||||
typedef struct {uint32 v;} WERROR;
|
||||
#define W_ERROR(x) ((WERROR) { x })
|
||||
#define W_ERROR_V(x) ((x).v)
|
||||
#else
|
||||
typedef uint32 WERROR;
|
||||
#define W_ERROR(x) (x)
|
||||
#define W_ERROR_V(x) (x)
|
||||
#endif
|
||||
|
||||
#define NT_STATUS_IS_OK(x) (NT_STATUS_V(x) == 0)
|
||||
#define NT_STATUS_IS_ERR(x) ((NT_STATUS_V(x) & 0xc0000000) == 0xc0000000)
|
||||
#define NT_STATUS_EQUAL(x,y) (NT_STATUS_V(x) == NT_STATUS_V(y))
|
||||
#define W_ERROR_IS_OK(x) (W_ERROR_V(x) == 0)
|
||||
|
||||
|
||||
/* Allowable account control bits */
|
||||
#define ACB_DISABLED 0x0001 /* 1 = User account disabled */
|
||||
#define ACB_HOMDIRREQ 0x0002 /* 1 = Home directory required */
|
||||
@ -391,6 +353,7 @@ typedef struct files_struct
|
||||
BOOL delete_on_close;
|
||||
SMB_OFF_T pos;
|
||||
SMB_OFF_T size;
|
||||
SMB_OFF_T initial_allocation_size; /* Faked up initial allocation on disk. */
|
||||
mode_t mode;
|
||||
uint16 vuid;
|
||||
write_bmpx_struct *wbmpx_ptr;
|
||||
@ -430,9 +393,9 @@ typedef struct
|
||||
time_t status_time;
|
||||
} dir_status_struct;
|
||||
|
||||
struct uid_cache {
|
||||
int entries;
|
||||
uid_t list[UID_CACHE_SIZE];
|
||||
struct vuid_cache {
|
||||
unsigned int entries;
|
||||
uint16 list[VUID_CACHE_SIZE];
|
||||
};
|
||||
|
||||
typedef struct
|
||||
@ -461,7 +424,8 @@ typedef struct connection_struct
|
||||
unsigned cnum; /* an index passed over the wire */
|
||||
int service;
|
||||
BOOL force_user;
|
||||
struct uid_cache uid_cache;
|
||||
BOOL force_group;
|
||||
struct vuid_cache vuid_cache;
|
||||
void *dirptr;
|
||||
BOOL printer;
|
||||
BOOL ipc;
|
||||
@ -652,7 +616,7 @@ typedef struct sam_passwd
|
||||
|
||||
DATA_BLOB lm_pw; /* .data is Null if no password */
|
||||
DATA_BLOB nt_pw; /* .data is Null if no password */
|
||||
DATA_BLOB plaintext_pw; /* .data is Null if not available */
|
||||
char* plaintext_pw; /* is Null if not available */
|
||||
|
||||
uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
|
||||
uint32 unknown_3; /* 0x00ff ffff */
|
||||
@ -716,6 +680,7 @@ struct connections_data {
|
||||
char addr[24];
|
||||
char machine[FSTRING_LEN];
|
||||
time_t start;
|
||||
uint32 bcast_msg_flags;
|
||||
};
|
||||
|
||||
|
||||
@ -788,12 +753,16 @@ struct bitmap {
|
||||
int n;
|
||||
};
|
||||
|
||||
#define FLAG_BASIC 0x01 /* fundamental options */
|
||||
#define FLAG_SHARE 0x02 /* file sharing options */
|
||||
#define FLAG_PRINT 0x04 /* printing options */
|
||||
#define FLAG_GLOBAL 0x08 /* local options that should be globally settable in SWAT */
|
||||
#define FLAG_DEPRECATED 0x10 /* options that should no longer be used */
|
||||
#define FLAG_HIDE 0x20 /* options that should be hidden in SWAT */
|
||||
#define FLAG_BASIC 0x0001 /* fundamental options */
|
||||
#define FLAG_SHARE 0x0002 /* file sharing options */
|
||||
#define FLAG_PRINT 0x0004 /* printing options */
|
||||
#define FLAG_GLOBAL 0x0008 /* local options that should be globally settable in SWAT */
|
||||
#define FLAG_WIZARD 0x0010 /* Parameters that the wizard will operate on */
|
||||
#define FLAG_ADVANCED 0x0020 /* Parameters that the wizard will operate on */
|
||||
#define FLAG_DEVELOPER 0x0040 /* Parameters that the wizard will operate on */
|
||||
#define FLAG_DEPRECATED 0x1000 /* options that should no longer be used */
|
||||
#define FLAG_HIDE 0x2000 /* options that should be hidden in SWAT */
|
||||
#define FLAG_DOS_STRING 0x4000 /* convert from UNIX to DOS codepage when reading this string. */
|
||||
|
||||
#ifndef LOCKING_VERSION
|
||||
#define LOCKING_VERSION 4
|
||||
@ -1147,12 +1116,12 @@ struct bitmap {
|
||||
#define FILE_SHARE_DELETE 4
|
||||
|
||||
/* FileAttributesField */
|
||||
#define FILE_ATTRIBUTE_READONLY aRONLY
|
||||
#define FILE_ATTRIBUTE_HIDDEN aHIDDEN
|
||||
#define FILE_ATTRIBUTE_SYSTEM aSYSTEM
|
||||
#define FILE_ATTRIBUTE_DIRECTORY aDIR
|
||||
#define FILE_ATTRIBUTE_ARCHIVE aARCH
|
||||
#define FILE_ATTRIBUTE_NORMAL 0x80L
|
||||
#define FILE_ATTRIBUTE_READONLY 0x001L
|
||||
#define FILE_ATTRIBUTE_HIDDEN 0x002L
|
||||
#define FILE_ATTRIBUTE_SYSTEM 0x004L
|
||||
#define FILE_ATTRIBUTE_DIRECTORY 0x010L
|
||||
#define FILE_ATTRIBUTE_ARCHIVE 0x020L
|
||||
#define FILE_ATTRIBUTE_NORMAL 0x080L
|
||||
#define FILE_ATTRIBUTE_TEMPORARY 0x100L
|
||||
#define FILE_ATTRIBUTE_SPARSE 0x200L
|
||||
#define FILE_ATTRIBUTE_COMPRESSED 0x800L
|
||||
@ -1185,8 +1154,10 @@ struct bitmap {
|
||||
#define FILE_EIGHT_DOT_THREE_ONLY 0x0400
|
||||
#define FILE_RANDOM_ACCESS 0x0800
|
||||
#define FILE_DELETE_ON_CLOSE 0x1000
|
||||
#define FILE_OPEN_BY_FILE_ID 0x2000
|
||||
|
||||
/* Responses when opening a file. */
|
||||
#define FILE_WAS_SUPERSEDED 0
|
||||
#define FILE_WAS_OPENED 1
|
||||
#define FILE_WAS_CREATED 2
|
||||
#define FILE_WAS_OVERWRITTEN 3
|
||||
@ -1299,7 +1270,7 @@ char *strdup(char *s);
|
||||
*/
|
||||
|
||||
#define DEFAULT_MAJOR_VERSION 0x04
|
||||
#define DEFAULT_MINOR_VERSION 0x05
|
||||
#define DEFAULT_MINOR_VERSION 0x09
|
||||
|
||||
/* Browser Election Values */
|
||||
#define BROWSER_ELECTION_VERSION 0x010f
|
||||
@ -1375,6 +1346,9 @@ enum schema_types {SCHEMA_COMPAT, SCHEMA_AD, SCHEMA_SAMBA};
|
||||
/* LDAP SSL options */
|
||||
enum ldap_ssl_types {LDAP_SSL_ON, LDAP_SSL_OFF, LDAP_SSL_START_TLS};
|
||||
|
||||
/* LDAP PASSWD SYNC methods */
|
||||
enum ldap_passwd_sync_types {LDAP_PASSWD_SYNC_ON, LDAP_PASSWD_SYNC_OFF, LDAP_PASSWD_SYNC_ONLY};
|
||||
|
||||
/* Remote architectures we know about. */
|
||||
enum remote_arch_types {RA_UNKNOWN, RA_WFWG, RA_OS2, RA_WIN95, RA_WINNT, RA_WIN2K, RA_SAMBA};
|
||||
|
||||
@ -1656,8 +1630,6 @@ struct unix_error_map {
|
||||
|
||||
#define SAFE_NETBIOS_CHARS ". -_"
|
||||
|
||||
#include "nsswitch/winbindd_nss.h"
|
||||
|
||||
/* generic iconv conversion structure */
|
||||
typedef struct {
|
||||
size_t (*direct)(void *cd, char **inbuf, size_t *inbytesleft,
|
||||
|
@ -20,9 +20,6 @@
|
||||
|
||||
#ifndef _SMB_ACLS_H
|
||||
#define _SMB_ACLS_H
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#if defined(HAVE_POSIX_ACLS)
|
||||
|
||||
/* This is an identity mapping (just remove the SMB_). */
|
||||
|
@ -92,6 +92,9 @@
|
||||
#define CHECK_ERROR(fsp) if (HAS_CACHED_ERROR(fsp)) \
|
||||
return(CACHED_ERROR(fsp))
|
||||
|
||||
#define ERROR_WAS_LOCK_DENIED(status) (NT_STATUS_EQUAL((status), NT_STATUS_LOCK_NOT_GRANTED) || \
|
||||
NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT) )
|
||||
|
||||
/* translates a connection number into a service number */
|
||||
#define SNUM(conn) ((conn)?(conn)->service:-1)
|
||||
|
||||
@ -165,8 +168,7 @@
|
||||
/* this is how errors are generated */
|
||||
#define UNIXERROR(defclass,deferror) unix_error_packet(outbuf,defclass,deferror,__LINE__,__FILE__)
|
||||
|
||||
#define SMB_ROUNDUP(x,g) (((x)+((g)-1))&~((g)-1))
|
||||
#define SMB_ROUNDUP_ALLOCATION(s) ((s) ? (SMB_ROUNDUP((SMB_OFF_T)((s)+1), ((SMB_OFF_T)SMB_ROUNDUP_ALLOCATION_SIZE))) : 0 )
|
||||
#define SMB_ROUNDUP(x,r) ( ((x)%(r)) ? ( (((x)+(r))/(r))*(r) ) : (x))
|
||||
|
||||
/* Extra macros added by Ying Chen at IBM - speed increase by inlining. */
|
||||
#define smb_buf(buf) (((char *)(buf)) + smb_size + CVAL(buf,smb_wct)*2)
|
||||
|
@ -34,7 +34,7 @@ enum flush_reason_enum { SEEK_FLUSH, READ_FLUSH, WRITE_FLUSH, READRAW_FLUSH,
|
||||
|
||||
#define PROF_SHMEM_KEY ((key_t)0x07021999)
|
||||
#define PROF_SHM_MAGIC 0x6349985
|
||||
#define PROF_SHM_VERSION 6
|
||||
#define PROF_SHM_VERSION 7
|
||||
|
||||
/* time values in the following structure are in microseconds */
|
||||
|
||||
@ -65,6 +65,9 @@ struct profile_stats {
|
||||
unsigned syscall_write_bytes; /* bytes written with write syscall */
|
||||
unsigned syscall_lseek_count;
|
||||
unsigned syscall_lseek_time;
|
||||
unsigned syscall_sendfile_count;
|
||||
unsigned syscall_sendfile_time;
|
||||
unsigned syscall_sendfile_bytes; /* bytes read with sendfile syscall */
|
||||
unsigned syscall_rename_count;
|
||||
unsigned syscall_rename_time;
|
||||
unsigned syscall_fsync_count;
|
||||
|
@ -193,11 +193,14 @@ Byte offset Type name description
|
||||
} FSINFO;
|
||||
*************************************************************/
|
||||
|
||||
#define SMB_INFO_STANDARD 1
|
||||
#define SMB_INFO_QUERY_EA_SIZE 2
|
||||
#define SMB_INFO_QUERY_EAS_FROM_LIST 3
|
||||
#define SMB_INFO_QUERY_ALL_EAS 4
|
||||
#define SMB_INFO_STANDARD 1 /* FILESTATUS3 struct */
|
||||
#define SMB_INFO_SET_EA 2 /* EAOP2 struct, only valid on set not query */
|
||||
#define SMB_INFO_QUERY_EA_SIZE 2 /* FILESTATUS4 struct, only valid on query not set */
|
||||
#define SMB_INFO_QUERY_EAS_FROM_LIST 3 /* only valid on query not set */
|
||||
#define SMB_INFO_QUERY_ALL_EAS 4 /* only valid on query not set */
|
||||
#define SMB_INFO_IS_NAME_VALID 6
|
||||
#define SMB_INFO_STANDARD_LONG 11 /* similar to level 1, ie struct FileStatus3 */
|
||||
#define SMB_QUERY_EA_SIZE_LONG 12 /* similar to level 2, ie struct FileStatus4 */
|
||||
#define SMB_QUERY_FS_LABEL_INFO 0x101
|
||||
#define SMB_QUERY_FS_VOLUME_INFO 0x102
|
||||
#define SMB_QUERY_FS_SIZE_INFO 0x103
|
||||
|
@ -1 +1 @@
|
||||
#define VERSION "3.0-alpha18"
|
||||
#define VERSION "3.0-alpha19"
|
||||
|
@ -44,17 +44,18 @@
|
||||
/* Changed to version 2 for CIFS UNIX extensions (mknod and link added). JRA. */
|
||||
/* Changed to version 3 for POSIX acl extensions. JRA. */
|
||||
/* Changed to version 4 for cascaded VFS interface. Alexander Bokovoy. */
|
||||
/* Changed to version 5 for sendfile addition. JRA. */
|
||||
#define SMB_VFS_INTERFACE_VERSION 5
|
||||
|
||||
|
||||
/* Version of supported cascaded interface backward copmatibility.
|
||||
(version 4 corresponds to SMB_VFS_INTERFACE_VERSION 4)
|
||||
(version 5 corresponds to SMB_VFS_INTERFACE_VERSION 5)
|
||||
It is used in vfs_init_custom() to detect VFS modules which conform to cascaded
|
||||
VFS interface but implement elder version than current version of Samba uses.
|
||||
This allows to use old modules with new VFS interface as far as combined VFS operation
|
||||
set is coherent (will be in most cases).
|
||||
*/
|
||||
#define SMB_VFS_INTERFACE_CASCADED 4
|
||||
#define SMB_VFS_INTERFACE_CASCADED 5
|
||||
|
||||
/*
|
||||
Each VFS module must provide following global functions:
|
||||
@ -116,6 +117,7 @@ struct vfs_ops {
|
||||
ssize_t (*read)(struct files_struct *fsp, int fd, void *data, size_t n);
|
||||
ssize_t (*write)(struct files_struct *fsp, int fd, const void *data, size_t n);
|
||||
SMB_OFF_T (*lseek)(struct files_struct *fsp, int filedes, SMB_OFF_T offset, int whence);
|
||||
ssize_t (*sendfile)(int tofd, files_struct *fsp, int fromfd, const DATA_BLOB *header, SMB_OFF_T offset, size_t count);
|
||||
int (*rename)(struct connection_struct *conn, const char *old, const char *new);
|
||||
int (*fsync)(struct files_struct *fsp, int fd);
|
||||
int (*stat)(struct connection_struct *conn, const char *fname, SMB_STRUCT_STAT *sbuf);
|
||||
@ -210,6 +212,7 @@ typedef enum _vfs_op_type {
|
||||
SMB_VFS_OP_READ,
|
||||
SMB_VFS_OP_WRITE,
|
||||
SMB_VFS_OP_LSEEK,
|
||||
SMB_VFS_OP_SENDFILE,
|
||||
SMB_VFS_OP_RENAME,
|
||||
SMB_VFS_OP_FSYNC,
|
||||
SMB_VFS_OP_STAT,
|
||||
|
@ -128,7 +128,7 @@ BOOL account_policy_get(int field, uint32 *value)
|
||||
return False;
|
||||
}
|
||||
if (!tdb_fetch_uint32(tdb, name, value)) {
|
||||
DEBUG(1, ("account_policy_get: tdb_fetch_uint32 failed for feild %d (%s), returning 0", field, name));
|
||||
DEBUG(1, ("account_policy_get: tdb_fetch_uint32 failed for efild %d (%s), returning 0", field, name));
|
||||
return False;
|
||||
}
|
||||
DEBUG(10,("account_policy_get: %s:%d\n", name, *value));
|
||||
@ -151,7 +151,7 @@ BOOL account_policy_set(int field, uint32 value)
|
||||
}
|
||||
|
||||
if (!tdb_store_uint32(tdb, name, value)) {
|
||||
DEBUG(1, ("tdb_store_uint32 failed for feild %d (%s) on value %u", field, name, value));
|
||||
DEBUG(1, ("tdb_store_uint32 failed for field %d (%s) on value %u", field, name, value));
|
||||
return False;
|
||||
}
|
||||
|
||||
|
@ -432,13 +432,14 @@ int push_ucs2(const void *base_ptr, void *dest, const char *src, int dest_len, i
|
||||
* @param dest always set at least to NULL
|
||||
*
|
||||
* @retval The number of bytes occupied by the string in the destination
|
||||
* or -1 in case of error.
|
||||
**/
|
||||
int push_ucs2_talloc(TALLOC_CTX *ctx, void **dest, const char *src)
|
||||
int push_ucs2_talloc(TALLOC_CTX *ctx, smb_ucs2_t **dest, const char *src)
|
||||
{
|
||||
int src_len = strlen(src)+1;
|
||||
|
||||
*dest = NULL;
|
||||
return convert_string_talloc(ctx, CH_UNIX, CH_UCS2, src, src_len, dest);
|
||||
return convert_string_talloc(ctx, CH_UNIX, CH_UCS2, src, src_len, (void **)dest);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -447,13 +448,14 @@ int push_ucs2_talloc(TALLOC_CTX *ctx, void **dest, const char *src)
|
||||
* @param dest always set at least to NULL
|
||||
*
|
||||
* @retval The number of bytes occupied by the string in the destination
|
||||
* or -1 in case of error.
|
||||
**/
|
||||
int push_ucs2_allocate(void **dest, const char *src)
|
||||
int push_ucs2_allocate(smb_ucs2_t **dest, const char *src)
|
||||
{
|
||||
int src_len = strlen(src)+1;
|
||||
|
||||
*dest = NULL;
|
||||
return convert_string_allocate(CH_UNIX, CH_UCS2, src, src_len, dest);
|
||||
return convert_string_allocate(CH_UNIX, CH_UCS2, src, src_len, (void **)dest);
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
|
@ -153,8 +153,10 @@ static const char *default_classname_table[] = {
|
||||
"rpc_srv", /* DBGC_RPC_SRV */
|
||||
"rpc_cli", /* DBGC_RPC_CLI */
|
||||
"passdb", /* DBGC_PASSDB */
|
||||
"sam", /* DBGC_SAM */
|
||||
"auth", /* DBGC_AUTH */
|
||||
"winbind", /* DBGC_WINBIND */
|
||||
"vfs", /* DBGC_VFS */
|
||||
NULL
|
||||
};
|
||||
|
||||
@ -350,7 +352,7 @@ int debug_lookup_classname(const char *classname)
|
||||
|
||||
|
||||
/****************************************************************************
|
||||
dump the current registered denug levels
|
||||
dump the current registered debug levels
|
||||
****************************************************************************/
|
||||
static void debug_dump_status(int level)
|
||||
{
|
||||
@ -371,8 +373,7 @@ static void debug_dump_status(int level)
|
||||
parse the debug levels from smbcontrol. Example debug level parameter:
|
||||
printdrivers:7
|
||||
****************************************************************************/
|
||||
BOOL debug_parse_params(char **params, int *debuglevel_class,
|
||||
BOOL *debuglevel_class_isset)
|
||||
static BOOL debug_parse_params(char **params)
|
||||
{
|
||||
int i, ndx;
|
||||
char *class_name;
|
||||
@ -385,8 +386,8 @@ BOOL debug_parse_params(char **params, int *debuglevel_class,
|
||||
* v.s. "all:10", this is the traditional way to set DEBUGLEVEL
|
||||
*/
|
||||
if (isdigit((int)params[0][0])) {
|
||||
debuglevel_class[DBGC_ALL] = atoi(params[0]);
|
||||
debuglevel_class_isset[DBGC_ALL] = True;
|
||||
DEBUGLEVEL_CLASS[DBGC_ALL] = atoi(params[0]);
|
||||
DEBUGLEVEL_CLASS_ISSET[DBGC_ALL] = True;
|
||||
i = 1; /* start processing at the next params */
|
||||
}
|
||||
else
|
||||
@ -397,8 +398,8 @@ BOOL debug_parse_params(char **params, int *debuglevel_class,
|
||||
if ((class_name=strtok(params[i],":")) &&
|
||||
(class_level=strtok(NULL, "\0")) &&
|
||||
((ndx = debug_lookup_classname(class_name)) != -1)) {
|
||||
debuglevel_class[ndx] = atoi(class_level);
|
||||
debuglevel_class_isset[ndx] = True;
|
||||
DEBUGLEVEL_CLASS[ndx] = atoi(class_level);
|
||||
DEBUGLEVEL_CLASS_ISSET[ndx] = True;
|
||||
} else {
|
||||
DEBUG(0,("debug_parse_params: unrecognized debug class name or format [%s]\n", params[i]));
|
||||
return False;
|
||||
@ -425,8 +426,7 @@ BOOL debug_parse_levels(const char *params_str)
|
||||
|
||||
params = str_list_make(params_str, NULL);
|
||||
|
||||
if (debug_parse_params(params, DEBUGLEVEL_CLASS,
|
||||
DEBUGLEVEL_CLASS_ISSET))
|
||||
if (debug_parse_params(params))
|
||||
{
|
||||
debug_dump_status(5);
|
||||
str_list_free(¶ms);
|
||||
|
@ -45,6 +45,9 @@ const struct unix_error_map unix_dos_nt_errmap[] = {
|
||||
#endif
|
||||
#ifdef EROFS
|
||||
{ EROFS, ERRHRD, ERRnowrite, NT_STATUS_ACCESS_DENIED },
|
||||
#endif
|
||||
#ifdef ENAMETOOLONG
|
||||
{ ENAMETOOLONG, ERRDOS, 206, NT_STATUS_OBJECT_NAME_INVALID },
|
||||
#endif
|
||||
{ 0, 0, 0, NT_STATUS_OK }
|
||||
};
|
||||
|
@ -382,6 +382,7 @@ void message_deregister(int msg_type)
|
||||
|
||||
struct msg_all {
|
||||
int msg_type;
|
||||
uint32 msg_flag;
|
||||
const void *buf;
|
||||
size_t len;
|
||||
BOOL duplicates;
|
||||
@ -405,13 +406,20 @@ static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, void
|
||||
if (crec.cnum != -1)
|
||||
return 0;
|
||||
|
||||
/* if the msg send fails because the pid was not found (i.e. smbd died),
|
||||
/* Don't send if the receiver hasn't registered an interest. */
|
||||
|
||||
if(!(crec.bcast_msg_flags & msg_all->msg_flag))
|
||||
return 0;
|
||||
|
||||
/* If the msg send fails because the pid was not found (i.e. smbd died),
|
||||
* the msg has already been deleted from the messages.tdb.*/
|
||||
|
||||
if (!message_send_pid(crec.pid, msg_all->msg_type,
|
||||
msg_all->buf, msg_all->len,
|
||||
msg_all->duplicates)) {
|
||||
|
||||
/* if the pid was not found delete the entry from connections.tdb */
|
||||
/* If the pid was not found delete the entry from connections.tdb */
|
||||
|
||||
if (errno == ESRCH) {
|
||||
DEBUG(2,("pid %u doesn't exist - deleting connections %d [%s]\n",
|
||||
(unsigned int)crec.pid, crec.cnum, crec.name));
|
||||
@ -442,6 +450,17 @@ BOOL message_send_all(TDB_CONTEXT *conn_tdb, int msg_type,
|
||||
struct msg_all msg_all;
|
||||
|
||||
msg_all.msg_type = msg_type;
|
||||
if (msg_type < 1000)
|
||||
msg_all.msg_flag = FLAG_MSG_GENERAL;
|
||||
else if (msg_type > 1000 && msg_type < 2000)
|
||||
msg_all.msg_flag = FLAG_MSG_NMBD;
|
||||
else if (msg_type > 2000 && msg_type < 3000)
|
||||
msg_all.msg_flag = FLAG_MSG_PRINTING;
|
||||
else if (msg_type > 3000 && msg_type < 4000)
|
||||
msg_all.msg_flag = FLAG_MSG_SMBD;
|
||||
else
|
||||
return False;
|
||||
|
||||
msg_all.buf = buf;
|
||||
msg_all.len = len;
|
||||
msg_all.duplicates = duplicates_allowed;
|
||||
@ -452,73 +471,4 @@ BOOL message_send_all(TDB_CONTEXT *conn_tdb, int msg_type,
|
||||
*n_sent = msg_all.n_sent;
|
||||
return True;
|
||||
}
|
||||
|
||||
static SIG_ATOMIC_T gotalarm;
|
||||
|
||||
/***************************************************************
|
||||
Signal function to tell us we timed out.
|
||||
****************************************************************/
|
||||
|
||||
static void gotalarm_sig(void)
|
||||
{
|
||||
gotalarm = 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Lock the messaging tdb based on a string - this is used as a primitive
|
||||
* form of mutex between smbd instances.
|
||||
*
|
||||
* @param name A string identifying the name of the mutex.
|
||||
*/
|
||||
|
||||
BOOL message_named_mutex(char *name, unsigned int timeout)
|
||||
{
|
||||
TDB_DATA key;
|
||||
int ret;
|
||||
void (*oldsig_handler)(int) = NULL;
|
||||
|
||||
if (!message_init())
|
||||
return False;
|
||||
|
||||
key.dptr = name;
|
||||
key.dsize = strlen(name)+1;
|
||||
|
||||
if (timeout) {
|
||||
gotalarm = 0;
|
||||
oldsig_handler = CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig);
|
||||
alarm(timeout);
|
||||
}
|
||||
|
||||
ret = tdb_chainlock(tdb, key);
|
||||
|
||||
if (timeout) {
|
||||
alarm(0);
|
||||
CatchSignal(SIGALRM, SIGNAL_CAST oldsig_handler);
|
||||
if (gotalarm)
|
||||
return False;
|
||||
}
|
||||
|
||||
if (ret == 0)
|
||||
DEBUG(10,("message_named_mutex: got mutex for %s\n", name ));
|
||||
|
||||
return (ret == 0);
|
||||
}
|
||||
|
||||
/**
|
||||
* Unlock a named mutex.
|
||||
*
|
||||
* @param name A string identifying the name of the mutex.
|
||||
*/
|
||||
|
||||
void message_named_mutex_release(char *name)
|
||||
{
|
||||
TDB_DATA key;
|
||||
|
||||
key.dptr = name;
|
||||
key.dsize = strlen(name)+1;
|
||||
|
||||
tdb_chainunlock(tdb, key);
|
||||
DEBUG(10,("message_named_mutex: released mutex for %s\n", name ));
|
||||
}
|
||||
|
||||
/** @} **/
|
||||
|
@ -33,7 +33,7 @@ static void debug_callback(poptContext con,
|
||||
switch(opt->val) {
|
||||
case 'd':
|
||||
if (arg) {
|
||||
DEBUGLEVEL = atoi(arg);
|
||||
debug_parse_levels(arg);
|
||||
AllowDebugChange = False;
|
||||
}
|
||||
|
||||
@ -43,7 +43,7 @@ static void debug_callback(poptContext con,
|
||||
|
||||
struct poptOption popt_common_debug[] = {
|
||||
{ NULL, 0, POPT_ARG_CALLBACK, debug_callback },
|
||||
{ "debuglevel", 'd', POPT_ARG_INT, NULL, 'd', "Set debug level",
|
||||
{ "debuglevel", 'd', POPT_ARG_STRING, NULL, 'd', "Set debug level",
|
||||
"DEBUGLEVEL" },
|
||||
{ 0 }
|
||||
};
|
||||
|
@ -21,6 +21,24 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#ifdef HAVE_LIBREADLINE
|
||||
# ifdef HAVE_READLINE_READLINE_H
|
||||
# include <readline/readline.h>
|
||||
# ifdef HAVE_READLINE_HISTORY_H
|
||||
# include <readline/history.h>
|
||||
# endif
|
||||
# else
|
||||
# ifdef HAVE_READLINE_H
|
||||
# include <readline.h>
|
||||
# ifdef HAVE_HISTORY_H
|
||||
# include <history.h>
|
||||
# endif
|
||||
# else
|
||||
# undef HAVE_LIBREADLINE
|
||||
# endif
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_NEW_LIBREADLINE
|
||||
# define RL_COMPLETION_CAST (rl_completion_func_t *)
|
||||
#else
|
||||
|
@ -38,7 +38,7 @@ BOOL grab_server_mutex(const char *name)
|
||||
DEBUG(0,("grab_server_mutex: malloc failed for %s\n", name));
|
||||
return False;
|
||||
}
|
||||
if (!message_named_mutex(mutex_server_name, 20)) {
|
||||
if (!secrets_named_mutex(mutex_server_name, 10)) {
|
||||
DEBUG(10,("grab_server_mutex: failed for %s\n", name));
|
||||
SAFE_FREE(mutex_server_name);
|
||||
return False;
|
||||
@ -50,8 +50,7 @@ BOOL grab_server_mutex(const char *name)
|
||||
void release_server_mutex(void)
|
||||
{
|
||||
if (mutex_server_name) {
|
||||
message_named_mutex_release(mutex_server_name);
|
||||
secrets_named_mutex_release(mutex_server_name);
|
||||
SAFE_FREE(mutex_server_name);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -297,8 +297,13 @@ void standard_sub_basic(const char *smb_name, char *str,size_t len)
|
||||
case 'L' :
|
||||
if (local_machine_name && *local_machine_name)
|
||||
string_sub(p,"%L", local_machine_name,l);
|
||||
else
|
||||
string_sub(p,"%L", global_myname,l);
|
||||
else {
|
||||
pstring temp_name;
|
||||
|
||||
pstrcpy(temp_name, global_myname);
|
||||
strlower(temp_name);
|
||||
string_sub(p,"%L", temp_name,l);
|
||||
}
|
||||
break;
|
||||
case 'M' :
|
||||
string_sub(p,"%M", client_name(),l);
|
||||
@ -675,6 +680,19 @@ void standard_sub_conn(connection_struct *conn, char *str, size_t len)
|
||||
conn->gid, current_user_info.smb_name, str, len);
|
||||
}
|
||||
|
||||
char *talloc_sub_conn(TALLOC_CTX *mem_ctx, connection_struct *conn, char *str)
|
||||
{
|
||||
return talloc_sub_advanced(mem_ctx, SNUM(conn), conn->user,
|
||||
conn->connectpath, conn->gid,
|
||||
current_user_info.smb_name, str);
|
||||
}
|
||||
|
||||
char *alloc_sub_conn(connection_struct *conn, char *str)
|
||||
{
|
||||
return alloc_sub_advanced(SNUM(conn), conn->user, conn->connectpath,
|
||||
conn->gid, current_user_info.smb_name, str);
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
Like standard_sub but by snum.
|
||||
****************************************************************************/
|
||||
|
@ -1233,26 +1233,23 @@ int sys_dup2(int oldfd, int newfd)
|
||||
Wrapper for Admin Logs.
|
||||
****************************************************************************/
|
||||
|
||||
void sys_adminlog(int priority, const char *format_str, ...)
|
||||
void sys_adminlog(int priority, char *format_str, ...)
|
||||
{
|
||||
va_list ap;
|
||||
int ret;
|
||||
char **msgbuf = NULL;
|
||||
|
||||
if (!lp_admin_log())
|
||||
return;
|
||||
char *msgbuf = NULL;
|
||||
|
||||
va_start( ap, format_str );
|
||||
ret = vasprintf( msgbuf, format_str, ap );
|
||||
ret = vasprintf( &msgbuf, format_str, ap );
|
||||
va_end( ap );
|
||||
|
||||
if (ret == -1)
|
||||
return;
|
||||
|
||||
#if defined(HAVE_SYSLOG)
|
||||
syslog( priority, "%s", *msgbuf );
|
||||
syslog( priority, "%s", msgbuf );
|
||||
#else
|
||||
DEBUG(0,("%s", *msgbuf ));
|
||||
DEBUG(0,("%s", msgbuf ));
|
||||
#endif
|
||||
SAFE_FREE(*msgbuf);
|
||||
SAFE_FREE(msgbuf);
|
||||
}
|
||||
|
@ -41,6 +41,11 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, in
|
||||
gid_t *gids_saved;
|
||||
int ret, ngrp_saved;
|
||||
|
||||
if (non_root_mode()) {
|
||||
*grpcnt = 0;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* work out how many groups we need to save */
|
||||
ngrp_saved = getgroups(0, NULL);
|
||||
if (ngrp_saved == -1) {
|
||||
@ -56,13 +61,14 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, in
|
||||
|
||||
ngrp_saved = getgroups(ngrp_saved, gids_saved);
|
||||
if (ngrp_saved == -1) {
|
||||
free(gids_saved);
|
||||
SAFE_FREE(gids_saved);
|
||||
/* very strange! */
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (initgroups(user, gid) != 0) {
|
||||
free(gids_saved);
|
||||
DEBUG(0, ("getgrouplist_internals: initgroups() failed!\n"));
|
||||
SAFE_FREE(gids_saved);
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -101,5 +107,6 @@ int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt)
|
||||
become_root();
|
||||
retval = getgrouplist_internals(user, gid, groups, grpcnt);
|
||||
unbecome_root();
|
||||
return retval;
|
||||
#endif
|
||||
}
|
||||
|
@ -40,6 +40,12 @@ int extra_time_offset = 0;
|
||||
#define TIME_T_MAX (~ (time_t) 0 - TIME_T_MIN)
|
||||
#endif
|
||||
|
||||
void get_nttime_max(NTTIME *t)
|
||||
{
|
||||
/* FIXME: This is incorrect */
|
||||
unix_to_nt_time(t, get_time_t_max());
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
External access to time_t_min and time_t_max.
|
||||
********************************************************************/
|
||||
|
@ -273,27 +273,6 @@ done:
|
||||
return ret;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
Get_Pwnam wrapper for modification.
|
||||
NOTE: This can potentially modify 'user'!
|
||||
****************************************************************************/
|
||||
|
||||
struct passwd *Get_Pwnam_Modify(fstring user)
|
||||
{
|
||||
fstring user2;
|
||||
struct passwd *ret;
|
||||
|
||||
fstrcpy(user2, user);
|
||||
|
||||
ret = Get_Pwnam_internals(user, user2);
|
||||
|
||||
/* If caller wants the modified username, ensure they get it */
|
||||
fstrcpy(user,user2);
|
||||
|
||||
/* We can safely assume ret is NULL if none of the above succeed */
|
||||
return(ret);
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
Get_Pwnam wrapper without modification.
|
||||
NOTE: This with NOT modify 'user'!
|
||||
@ -636,39 +615,3 @@ static struct passwd * uname_string_combinations(char *s,struct passwd * (*fn)(c
|
||||
return(NULL);
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
These wrappers allow appliance mode to work. In appliance mode the username
|
||||
takes the form DOMAIN/user.
|
||||
****************************************************************************/
|
||||
|
||||
struct passwd *smb_getpwnam(char *user, BOOL allow_change)
|
||||
{
|
||||
struct passwd *pw;
|
||||
char *p;
|
||||
char *sep;
|
||||
extern pstring global_myname;
|
||||
|
||||
if (allow_change)
|
||||
pw = Get_Pwnam_Modify(user);
|
||||
else
|
||||
pw = Get_Pwnam(user);
|
||||
|
||||
if (pw)
|
||||
return pw;
|
||||
|
||||
/*
|
||||
* If it is a domain qualified name and it isn't in our password
|
||||
* database but the domain portion matches our local machine name then
|
||||
* lookup just the username portion locally.
|
||||
*/
|
||||
|
||||
sep = lp_winbind_separator();
|
||||
p = strchr_m(user,*sep);
|
||||
if (p && strncasecmp(global_myname, user, strlen(global_myname))==0) {
|
||||
if (allow_change)
|
||||
pw = Get_Pwnam_Modify(p+1);
|
||||
else
|
||||
pw = Get_Pwnam(p+1);
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
@ -260,7 +260,7 @@ void show_msg(char *buf)
|
||||
int i;
|
||||
int bcc=0;
|
||||
|
||||
if (DEBUGLEVEL < 5) return;
|
||||
if (!DEBUGLVL(5)) return;
|
||||
|
||||
DEBUG(5,("size=%d\nsmb_com=0x%x\nsmb_rcls=%d\nsmb_reh=%d\nsmb_err=%d\nsmb_flg=%d\nsmb_flg2=%d\n",
|
||||
smb_len(buf),
|
||||
@ -270,29 +270,24 @@ void show_msg(char *buf)
|
||||
(int)SVAL(buf,smb_err),
|
||||
(int)CVAL(buf,smb_flg),
|
||||
(int)SVAL(buf,smb_flg2)));
|
||||
DEBUG(5,("smb_tid=%d\nsmb_pid=%d\nsmb_uid=%d\nsmb_mid=%d\nsmt_wct=%d\n",
|
||||
DEBUGADD(5,("smb_tid=%d\nsmb_pid=%d\nsmb_uid=%d\nsmb_mid=%d\n",
|
||||
(int)SVAL(buf,smb_tid),
|
||||
(int)SVAL(buf,smb_pid),
|
||||
(int)SVAL(buf,smb_uid),
|
||||
(int)SVAL(buf,smb_mid),
|
||||
(int)CVAL(buf,smb_wct)));
|
||||
(int)SVAL(buf,smb_mid)));
|
||||
DEBUGADD(5,("smt_wct=%d\n",(int)CVAL(buf,smb_wct)));
|
||||
|
||||
for (i=0;i<(int)CVAL(buf,smb_wct);i++)
|
||||
{
|
||||
DEBUG(5,("smb_vwv[%d]=%d (0x%X)\n",i,
|
||||
DEBUGADD(5,("smb_vwv[%2d]=%5d (0x%X)\n",i,
|
||||
SVAL(buf,smb_vwv+2*i),SVAL(buf,smb_vwv+2*i)));
|
||||
}
|
||||
|
||||
bcc = (int)SVAL(buf,smb_vwv+2*(CVAL(buf,smb_wct)));
|
||||
|
||||
DEBUG(5,("smb_bcc=%d\n",bcc));
|
||||
DEBUGADD(5,("smb_bcc=%d\n",bcc));
|
||||
|
||||
if (DEBUGLEVEL < 10) return;
|
||||
|
||||
if (DEBUGLEVEL < 50)
|
||||
{
|
||||
bcc = MIN(bcc, 512);
|
||||
}
|
||||
if (DEBUGLEVEL < 50) bcc = MIN(bcc, 512);
|
||||
|
||||
dump_data(10, smb_buf(buf), bcc);
|
||||
}
|
||||
@ -1140,8 +1135,18 @@ something really nasty happened - panic!
|
||||
void smb_panic(char *why)
|
||||
{
|
||||
char *cmd = lp_panic_action();
|
||||
int result;
|
||||
|
||||
if (cmd && *cmd) {
|
||||
system(cmd);
|
||||
DEBUG(0, ("smb_panic(): calling panic action [%s]\n", cmd));
|
||||
result = system(cmd);
|
||||
|
||||
if (result == -1)
|
||||
DEBUG(0, ("smb_panic(): fork failed in panic action: %s\n",
|
||||
strerror(errno)));
|
||||
else
|
||||
DEBUG(0, ("smb_panic(): action returned status %d\n",
|
||||
WEXITSTATUS(result)));
|
||||
}
|
||||
DEBUG(0,("PANIC: %s\n", why));
|
||||
dbgflush();
|
||||
@ -1568,30 +1573,30 @@ void dump_data(int level, const char *buf1,int len)
|
||||
int i=0;
|
||||
if (len<=0) return;
|
||||
|
||||
DEBUG(level,("[%03X] ",i));
|
||||
if (!DEBUGLVL(level)) return;
|
||||
|
||||
DEBUGADD(level,("[%03X] ",i));
|
||||
for (i=0;i<len;) {
|
||||
DEBUG(level,("%02X ",(int)buf[i]));
|
||||
DEBUGADD(level,("%02X ",(int)buf[i]));
|
||||
i++;
|
||||
if (i%8 == 0) DEBUG(level,(" "));
|
||||
if (i%8 == 0) DEBUGADD(level,(" "));
|
||||
if (i%16 == 0) {
|
||||
print_asc(level,&buf[i-16],8); DEBUG(level,(" "));
|
||||
print_asc(level,&buf[i-8],8); DEBUG(level,("\n"));
|
||||
if (i<len) DEBUG(level,("[%03X] ",i));
|
||||
print_asc(level,&buf[i-16],8); DEBUGADD(level,(" "));
|
||||
print_asc(level,&buf[i-8],8); DEBUGADD(level,("\n"));
|
||||
if (i<len) DEBUGADD(level,("[%03X] ",i));
|
||||
}
|
||||
}
|
||||
if (i%16) {
|
||||
int n;
|
||||
|
||||
n = 16 - (i%16);
|
||||
DEBUG(level,(" "));
|
||||
if (n>8) DEBUG(level,(" "));
|
||||
while (n--) DEBUG(level,(" "));
|
||||
|
||||
DEBUGADD(level,(" "));
|
||||
if (n>8) DEBUGADD(level,(" "));
|
||||
while (n--) DEBUGADD(level,(" "));
|
||||
n = MIN(8,i%16);
|
||||
print_asc(level,&buf[i-(i%16)],n); DEBUG(level,(" "));
|
||||
print_asc(level,&buf[i-(i%16)],n); DEBUGADD(level,( " " ));
|
||||
n = (i%16) - n;
|
||||
if (n>0) print_asc(level,&buf[i-n],n);
|
||||
DEBUG(level,("\n"));
|
||||
DEBUGADD(level,("\n"));
|
||||
}
|
||||
}
|
||||
|
||||
@ -1819,6 +1824,17 @@ char *smb_xstrdup(const char *s)
|
||||
return s1;
|
||||
}
|
||||
|
||||
/**
|
||||
strndup that aborts on malloc fail.
|
||||
**/
|
||||
char *smb_xstrndup(const char *s, size_t n)
|
||||
{
|
||||
char *s1 = strndup(s, n);
|
||||
if (!s1)
|
||||
smb_panic("smb_xstrndup: malloc fail\n");
|
||||
return s1;
|
||||
}
|
||||
|
||||
/*
|
||||
vasprintf that aborts on malloc fail
|
||||
*/
|
||||
|
@ -21,6 +21,8 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
extern DOM_SID global_sid_Builtin;
|
||||
|
||||
/**********************************************************************************
|
||||
Check if this ACE has a SID in common with the token.
|
||||
**********************************************************************************/
|
||||
@ -42,7 +44,7 @@ static BOOL token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace)
|
||||
bits not yet granted. Zero means permission allowed (no more needed bits).
|
||||
**********************************************************************************/
|
||||
|
||||
static uint32 check_ace(SEC_ACE *ace, NT_USER_TOKEN *token, uint32 acc_desired,
|
||||
static uint32 check_ace(SEC_ACE *ace, const NT_USER_TOKEN *token, uint32 acc_desired,
|
||||
NTSTATUS *status)
|
||||
{
|
||||
uint32 mask = ace->info.mask;
|
||||
@ -102,7 +104,7 @@ static uint32 check_ace(SEC_ACE *ace, NT_USER_TOKEN *token, uint32 acc_desired,
|
||||
include other bits requested.
|
||||
**********************************************************************************/
|
||||
|
||||
static BOOL get_max_access( SEC_ACL *the_acl, NT_USER_TOKEN *token, uint32 *granted,
|
||||
static BOOL get_max_access( SEC_ACL *the_acl, const NT_USER_TOKEN *token, uint32 *granted,
|
||||
uint32 desired,
|
||||
NTSTATUS *status)
|
||||
{
|
||||
@ -224,7 +226,7 @@ void se_map_standard(uint32 *access_mask, struct standard_mapping *mapping)
|
||||
"Access-Checking" document in MSDN.
|
||||
*****************************************************************************/
|
||||
|
||||
BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token,
|
||||
BOOL se_access_check(SEC_DESC *sd, const NT_USER_TOKEN *token,
|
||||
uint32 acc_desired, uint32 *acc_granted,
|
||||
NTSTATUS *status)
|
||||
{
|
||||
@ -262,13 +264,14 @@ BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token,
|
||||
}
|
||||
|
||||
/* The user sid is the first in the token */
|
||||
|
||||
if (DEBUGLVL(3)) {
|
||||
DEBUG(3, ("se_access_check: user sid is %s\n", sid_to_string(sid_str, &token->user_sids[PRIMARY_USER_SID_INDEX]) ));
|
||||
|
||||
for (i = 1; i < token->num_sids; i++) {
|
||||
DEBUG(3, ("se_access_check: also %s\n",
|
||||
DEBUGADD(3, ("se_access_check: also %s\n",
|
||||
sid_to_string(sid_str, &token->user_sids[i])));
|
||||
}
|
||||
}
|
||||
|
||||
/* Is the token the owner of the SID ? */
|
||||
|
||||
@ -297,7 +300,7 @@ BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token,
|
||||
for ( i = 0 ; i < the_acl->num_aces && tmp_acc_desired != 0; i++) {
|
||||
SEC_ACE *ace = &the_acl->ace[i];
|
||||
|
||||
DEBUG(10,("se_access_check: ACE %u: type %d, flags = 0x%02x, SID = %s mask = %x, current desired = %x\n",
|
||||
DEBUGADD(10,("se_access_check: ACE %u: type %d, flags = 0x%02x, SID = %s mask = %x, current desired = %x\n",
|
||||
(unsigned int)i, ace->type, ace->flags,
|
||||
sid_to_string(sid_str, &ace->trustee),
|
||||
(unsigned int) ace->info.mask,
|
||||
@ -442,3 +445,42 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
|
||||
|
||||
return sdb;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
samr_make_sam_obj_sd
|
||||
********************************************************************/
|
||||
|
||||
NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size)
|
||||
{
|
||||
extern DOM_SID global_sid_World;
|
||||
DOM_SID adm_sid;
|
||||
DOM_SID act_sid;
|
||||
|
||||
SEC_ACE ace[3];
|
||||
SEC_ACCESS mask;
|
||||
|
||||
SEC_ACL *psa = NULL;
|
||||
|
||||
sid_copy(&adm_sid, &global_sid_Builtin);
|
||||
sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS);
|
||||
|
||||
sid_copy(&act_sid, &global_sid_Builtin);
|
||||
sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
|
||||
|
||||
/*basic access for every one*/
|
||||
init_sec_access(&mask, SAMR_EXECUTE | SAMR_READ);
|
||||
init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
|
||||
|
||||
/*full access for builtin aliases Administrators and Account Operators*/
|
||||
init_sec_access(&mask, SAMR_ALL_ACCESS);
|
||||
init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
|
||||
init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
|
||||
|
||||
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
|
||||
if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL)
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
@ -30,13 +30,11 @@ extern fstring global_myworkgroup;
|
||||
* Some useful sids
|
||||
*/
|
||||
|
||||
DOM_SID global_sid_Builtin; /* Local well-known domain */
|
||||
DOM_SID global_sid_World_Domain; /* Everyone domain */
|
||||
DOM_SID global_sid_World; /* Everyone */
|
||||
DOM_SID global_sid_Creator_Owner_Domain; /* Creator Owner domain */
|
||||
DOM_SID global_sid_NT_Authority; /* NT Authority */
|
||||
DOM_SID global_sid_NULL; /* NULL sid */
|
||||
DOM_SID global_sid_Builtin_Guests; /* Builtin guest users */
|
||||
DOM_SID global_sid_Authenticated_Users; /* All authenticated rids */
|
||||
DOM_SID global_sid_Network; /* Network rids */
|
||||
|
||||
@ -44,6 +42,11 @@ static DOM_SID global_sid_Creator_Owner; /* Creator Owner */
|
||||
static DOM_SID global_sid_Creator_Group; /* Creator Group */
|
||||
static DOM_SID global_sid_Anonymous; /* Anonymous login */
|
||||
|
||||
DOM_SID global_sid_Builtin; /* Local well-known domain */
|
||||
DOM_SID global_sid_Builtin_Administrators;
|
||||
DOM_SID global_sid_Builtin_Users;
|
||||
DOM_SID global_sid_Builtin_Guests; /* Builtin guest users */
|
||||
|
||||
/*
|
||||
* An NT compatible anonymous token.
|
||||
*/
|
||||
@ -99,6 +102,8 @@ const char *sid_type_lookup(uint32 sid_type)
|
||||
void generate_wellknown_sids(void)
|
||||
{
|
||||
string_to_sid(&global_sid_Builtin, "S-1-5-32");
|
||||
string_to_sid(&global_sid_Builtin_Administrators, "S-1-5-32-544");
|
||||
string_to_sid(&global_sid_Builtin_Users, "S-1-5-32-545");
|
||||
string_to_sid(&global_sid_Builtin_Guests, "S-1-5-32-546");
|
||||
string_to_sid(&global_sid_World_Domain, "S-1-1");
|
||||
string_to_sid(&global_sid_World, "S-1-1-0");
|
||||
@ -525,3 +530,18 @@ char *sid_binstring(DOM_SID *sid)
|
||||
return s;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
print a GUID structure for debugging
|
||||
*/
|
||||
void print_guid(GUID *guid)
|
||||
{
|
||||
int i;
|
||||
|
||||
d_printf("%08x-%04x-%04x",
|
||||
IVAL(guid->info, 0), SVAL(guid->info, 4), SVAL(guid->info, 6));
|
||||
d_printf("-%02x%02x-", guid->info[8], guid->info[9]);
|
||||
for (i=10;i<GUID_SIZE;i++)
|
||||
d_printf("%02x", guid->info[i]);
|
||||
d_printf("\n");
|
||||
}
|
||||
|
@ -871,7 +871,7 @@ static BOOL matchname(char *remotehost,struct in_addr addr)
|
||||
|
||||
/* Look up the host address in the address list we just got. */
|
||||
for (i = 0; hp->h_addr_list[i]; i++) {
|
||||
if (memcmp(hp->h_addr_list[i], (caddr_t) & addr, sizeof(addr)) == 0)
|
||||
if (memcmp(hp->h_addr_list[i], (char *) & addr, sizeof(addr)) == 0)
|
||||
return True;
|
||||
}
|
||||
|
||||
@ -976,6 +976,7 @@ int create_pipe_sock(const char *socket_dir,
|
||||
const char *socket_name,
|
||||
mode_t dir_perms)
|
||||
{
|
||||
#ifdef HAVE_UNIXSOCKET
|
||||
struct sockaddr_un sunaddr;
|
||||
struct stat st;
|
||||
int sock;
|
||||
@ -1064,6 +1065,10 @@ int create_pipe_sock(const char *socket_dir,
|
||||
/* Success! */
|
||||
|
||||
return sock;
|
||||
#else
|
||||
DEBUG(0, ("create_pipe_sock: No Unix sockets on this system\n"));
|
||||
return -1;
|
||||
#endif /* HAVE_UNIXSOCKET */
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
|
@ -218,6 +218,16 @@ void unistr2_to_ascii(char *dest, const UNISTR2 *str, size_t maxlen)
|
||||
pull_ucs2(NULL, dest, str->buffer, maxlen, str->uni_str_len*2, STR_NOALIGN);
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
give a static string for displaying a UNISTR2
|
||||
********************************************************************/
|
||||
const char *unistr2_static(const UNISTR2 *str)
|
||||
{
|
||||
static pstring ret;
|
||||
unistr2_to_ascii(ret, str, sizeof(ret));
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
/*******************************************************************
|
||||
duplicate a UNISTR2 string into a null terminated char*
|
||||
|
@ -43,6 +43,7 @@ XFILE *x_stderr = &_x_stderr;
|
||||
|
||||
#define X_FLAG_EOF 1
|
||||
#define X_FLAG_ERROR 2
|
||||
#define X_FLAG_EINVAL 3
|
||||
|
||||
/* simulate setvbuf() */
|
||||
int x_setvbuf(XFILE *f, char *buf, int mode, size_t size)
|
||||
@ -341,3 +342,36 @@ char *x_fgets(char *s, int size, XFILE *stream)
|
||||
*s = 0;
|
||||
return s0;
|
||||
}
|
||||
|
||||
/* trivial seek, works only for SEEK_SET and SEEK_END if SEEK_CUR is
|
||||
* set then an error is returned */
|
||||
off_t x_tseek(XFILE *f, off_t offset, int whence)
|
||||
{
|
||||
if (f->flags & X_FLAG_ERROR)
|
||||
return -1;
|
||||
|
||||
/* only SEEK_SET and SEEK_END are supported */
|
||||
/* SEEK_CUR needs internal offset counter */
|
||||
if (whence != SEEK_SET && whence != SEEK_END) {
|
||||
f->flags |= X_FLAG_EINVAL;
|
||||
errno = EINVAL;
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* empty the buffer */
|
||||
switch (f->open_flags & O_ACCMODE) {
|
||||
case O_RDONLY:
|
||||
f->bufused = 0;
|
||||
break;
|
||||
case O_WRONLY:
|
||||
if (x_fflush(f) != 0)
|
||||
return -1;
|
||||
break;
|
||||
default:
|
||||
errno = EINVAL;
|
||||
return -1;
|
||||
}
|
||||
|
||||
f->flags &= ~X_FLAG_EOF;
|
||||
return (off_t)sys_lseek(f->fd, offset, whence);
|
||||
}
|
||||
|
@ -30,19 +30,49 @@ ADS_STATUS ads_build_error(enum ads_error_type etype,
|
||||
int rc, int minor_status)
|
||||
{
|
||||
ADS_STATUS ret;
|
||||
|
||||
if (etype == ADS_ERROR_NT) {
|
||||
DEBUG(0,("don't use ads_build_error with ADS_ERROR_NT!\n"));
|
||||
ret.err.rc = -1;
|
||||
ret.error_type = ADS_ERROR_SYSTEM;
|
||||
ret.minor_status = 0;
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret.err.rc = rc;
|
||||
ret.error_type = etype;
|
||||
ret.rc = rc;
|
||||
ret.minor_status = minor_status;
|
||||
return ret;
|
||||
}
|
||||
|
||||
ADS_STATUS ads_build_nt_error(enum ads_error_type etype,
|
||||
NTSTATUS nt_status)
|
||||
{
|
||||
ADS_STATUS ret;
|
||||
|
||||
if (etype != ADS_ERROR_NT) {
|
||||
DEBUG(0,("don't use ads_build_nt_error without ADS_ERROR_NT!\n"));
|
||||
ret.err.rc = -1;
|
||||
ret.error_type = ADS_ERROR_SYSTEM;
|
||||
ret.minor_status = 0;
|
||||
return ret;
|
||||
}
|
||||
ret.err.nt_status = nt_status;
|
||||
ret.error_type = etype;
|
||||
ret.minor_status = 0;
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
do a rough conversion between ads error codes and NT status codes
|
||||
we'll need to fill this in more
|
||||
*/
|
||||
NTSTATUS ads_ntstatus(ADS_STATUS rc)
|
||||
NTSTATUS ads_ntstatus(ADS_STATUS status)
|
||||
{
|
||||
if (ADS_ERR_OK(rc)) return NT_STATUS_OK;
|
||||
if (status.error_type == ADS_ERROR_NT){
|
||||
return status.err.nt_status;
|
||||
}
|
||||
if (ADS_ERR_OK(status)) return NT_STATUS_OK;
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
|
||||
@ -59,14 +89,14 @@ const char *ads_errstr(ADS_STATUS status)
|
||||
|
||||
switch (status.error_type) {
|
||||
case ADS_ERROR_SYSTEM:
|
||||
return strerror(status.rc);
|
||||
return strerror(status.err.rc);
|
||||
#ifdef HAVE_LDAP
|
||||
case ADS_ERROR_LDAP:
|
||||
return ldap_err2string(status.rc);
|
||||
return ldap_err2string(status.err.rc);
|
||||
#endif
|
||||
#ifdef HAVE_KRB5
|
||||
case ADS_ERROR_KRB5:
|
||||
return error_message(status.rc);
|
||||
return error_message(status.err.rc);
|
||||
#endif
|
||||
#ifdef HAVE_GSSAPI
|
||||
case ADS_ERROR_GSS:
|
||||
@ -76,7 +106,7 @@ const char *ads_errstr(ADS_STATUS status)
|
||||
gss_buffer_desc msg1, msg2;
|
||||
msg1.value = NULL;
|
||||
msg2.value = NULL;
|
||||
gss_display_status(&minor, status.rc, GSS_C_GSS_CODE,
|
||||
gss_display_status(&minor, status.err.rc, GSS_C_GSS_CODE,
|
||||
GSS_C_NULL_OID, &msg_ctx, &msg1);
|
||||
gss_display_status(&minor, status.minor_status, GSS_C_MECH_CODE,
|
||||
GSS_C_NULL_OID, &msg_ctx, &msg2);
|
||||
@ -86,6 +116,8 @@ const char *ads_errstr(ADS_STATUS status)
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
case ADS_ERROR_NT:
|
||||
return nt_errstr(ads_ntstatus(status));
|
||||
default:
|
||||
return "Unknown ADS error type!? (not compiled in?)";
|
||||
}
|
||||
|
@ -50,7 +50,7 @@ kerb_prompter(krb5_context ctx, void *data,
|
||||
simulate a kinit, putting the tgt in the default cache location
|
||||
remus@snapserver.com
|
||||
*/
|
||||
int kerberos_kinit_password(const char *principal, const char *password)
|
||||
int kerberos_kinit_password(const char *principal, const char *password, int time_offset)
|
||||
{
|
||||
krb5_context ctx;
|
||||
krb5_error_code code = 0;
|
||||
@ -61,6 +61,10 @@ int kerberos_kinit_password(const char *principal, const char *password)
|
||||
if ((code = krb5_init_context(&ctx)))
|
||||
return code;
|
||||
|
||||
if (time_offset != 0) {
|
||||
krb5_set_real_time(ctx, time(NULL) + time_offset, 0);
|
||||
}
|
||||
|
||||
if ((code = krb5_cc_default(ctx, &cc))) {
|
||||
krb5_free_context(ctx);
|
||||
return code;
|
||||
@ -111,7 +115,7 @@ int ads_kinit_password(ADS_STRUCT *ads)
|
||||
int ret;
|
||||
|
||||
asprintf(&s, "%s@%s", ads->auth.user_name, ads->auth.realm);
|
||||
ret = kerberos_kinit_password(s, ads->auth.password);
|
||||
ret = kerberos_kinit_password(s, ads->auth.password, ads->auth.time_offset);
|
||||
|
||||
if (ret) {
|
||||
DEBUG(0,("kerberos_kinit_password %s failed: %s\n",
|
||||
|
@ -248,7 +248,8 @@ static krb5_error_code parse_setpw_reply(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
ADS_STATUS krb5_set_password(const char *kdc_host, const char *princ, const char *newpw)
|
||||
ADS_STATUS krb5_set_password(const char *kdc_host, const char *princ, const char *newpw,
|
||||
int time_offset)
|
||||
{
|
||||
krb5_context context;
|
||||
krb5_auth_context auth_context = NULL;
|
||||
@ -268,6 +269,10 @@ ADS_STATUS krb5_set_password(const char *kdc_host, const char *princ, const char
|
||||
return ADS_ERROR_KRB5(ret);
|
||||
}
|
||||
|
||||
if (time_offset != 0) {
|
||||
krb5_set_real_time(context, time(NULL) + time_offset, 0);
|
||||
}
|
||||
|
||||
ret = krb5_cc_default(context, &ccache);
|
||||
if (ret) {
|
||||
krb5_free_context(context);
|
||||
@ -452,16 +457,17 @@ ADS_STATUS krb5_set_password(const char *kdc_host, const char *princ, const char
|
||||
|
||||
ADS_STATUS kerberos_set_password(const char *kpasswd_server,
|
||||
const char *auth_principal, const char *auth_password,
|
||||
const char *target_principal, const char *new_password)
|
||||
const char *target_principal, const char *new_password,
|
||||
int time_offset)
|
||||
{
|
||||
int ret;
|
||||
|
||||
if ((ret = kerberos_kinit_password(auth_principal, auth_password))) {
|
||||
if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset))) {
|
||||
DEBUG(1,("Failed kinit for principal %s (%s)\n", auth_principal, error_message(ret)));
|
||||
return ADS_ERROR_KRB5(ret);
|
||||
}
|
||||
|
||||
return krb5_set_password(kpasswd_server, target_principal, new_password);
|
||||
return krb5_set_password(kpasswd_server, target_principal, new_password, time_offset);
|
||||
}
|
||||
|
||||
|
||||
|
@ -63,6 +63,7 @@ static BOOL ads_try_connect(ADS_STRUCT *ads, const char *server, unsigned port)
|
||||
ads->ldap_port = port;
|
||||
ads->ldap_ip = *interpret_addr2(srv);
|
||||
free(srv);
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
@ -204,7 +205,6 @@ static BOOL ads_try_netbios(ADS_STRUCT *ads)
|
||||
ADS_STATUS ads_connect(ADS_STRUCT *ads)
|
||||
{
|
||||
int version = LDAP_VERSION3;
|
||||
int code;
|
||||
ADS_STATUS status;
|
||||
|
||||
ads->last_attempt = time(NULL);
|
||||
@ -274,12 +274,7 @@ got_connection:
|
||||
}
|
||||
#endif
|
||||
|
||||
if (ads->auth.password) {
|
||||
if ((code = ads_kinit_password(ads)))
|
||||
return ADS_ERROR_KRB5(code);
|
||||
}
|
||||
|
||||
if (ads->auth.no_bind) {
|
||||
if (ads->auth.flags & ADS_AUTH_NO_BIND) {
|
||||
return ADS_SUCCESS;
|
||||
}
|
||||
|
||||
@ -613,14 +608,17 @@ ADS_STATUS ads_do_search(ADS_STRUCT *ads, const char *bind_path, int scope,
|
||||
char *utf8_exp, *utf8_path, **search_attrs = NULL;
|
||||
TALLOC_CTX *ctx;
|
||||
|
||||
if (!(ctx = talloc_init()))
|
||||
if (!(ctx = talloc_init())) {
|
||||
DEBUG(1,("ads_do_search: talloc_init() failed!"));
|
||||
return ADS_ERROR(LDAP_NO_MEMORY);
|
||||
}
|
||||
|
||||
/* 0 means the conversion worked but the result was empty
|
||||
so we only fail if it's negative. In any case, it always
|
||||
at least nulls out the dest */
|
||||
if ((push_utf8_talloc(ctx, &utf8_exp, exp) < 0) ||
|
||||
(push_utf8_talloc(ctx, &utf8_path, bind_path) < 0)) {
|
||||
DEBUG(1,("ads_do_search: push_utf8_talloc() failed!"));
|
||||
rc = LDAP_NO_MEMORY;
|
||||
goto done;
|
||||
}
|
||||
@ -632,6 +630,7 @@ ADS_STATUS ads_do_search(ADS_STRUCT *ads, const char *bind_path, int scope,
|
||||
/* if (!(search_attrs = ads_push_strvals(ctx, attrs))) */
|
||||
if (!(str_list_copy(&search_attrs, attrs)))
|
||||
{
|
||||
DEBUG(1,("ads_do_search: str_list_copy() failed!"));
|
||||
rc = LDAP_NO_MEMORY;
|
||||
goto done;
|
||||
}
|
||||
@ -826,7 +825,11 @@ static ADS_STATUS ads_modlist_add(TALLOC_CTX *ctx, ADS_MODLIST *mods,
|
||||
ADS_STATUS ads_mod_str(TALLOC_CTX *ctx, ADS_MODLIST *mods,
|
||||
const char *name, const char *val)
|
||||
{
|
||||
const char *values[2] = {val, NULL};
|
||||
const char *values[2];
|
||||
|
||||
values[0] = val;
|
||||
values[1] = NULL;
|
||||
|
||||
if (!val)
|
||||
return ads_modlist_add(ctx, mods, LDAP_MOD_DELETE, name, NULL);
|
||||
return ads_modlist_add(ctx, mods, LDAP_MOD_REPLACE, name,
|
||||
@ -861,7 +864,10 @@ ADS_STATUS ads_mod_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods,
|
||||
static ADS_STATUS ads_mod_ber(TALLOC_CTX *ctx, ADS_MODLIST *mods,
|
||||
const char *name, const struct berval *val)
|
||||
{
|
||||
const struct berval *values[2] = {val, NULL};
|
||||
const struct berval *values[2];
|
||||
|
||||
values[0] = val;
|
||||
values[1] = NULL;
|
||||
if (!val)
|
||||
return ads_modlist_add(ctx, mods, LDAP_MOD_DELETE, name, NULL);
|
||||
return ads_modlist_add(ctx, mods, LDAP_MOD_REPLACE|LDAP_MOD_BVALUES,
|
||||
@ -884,7 +890,7 @@ ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods)
|
||||
non-existent attribute (but allowable for the object) to run
|
||||
*/
|
||||
LDAPControl PermitModify = {
|
||||
"1.2.840.113556.1.4.1413",
|
||||
ADS_PERMIT_MODIFY_OID,
|
||||
{0, NULL},
|
||||
(char) 1};
|
||||
LDAPControl *controls[2];
|
||||
@ -1410,7 +1416,7 @@ ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
|
||||
*/
|
||||
asprintf(&principal, "%s$@%s", host, ads->auth.realm);
|
||||
|
||||
status = krb5_set_password(ads->auth.kdc_server, principal, password);
|
||||
status = krb5_set_password(ads->auth.kdc_server, principal, password, ads->auth.time_offset);
|
||||
|
||||
free(host);
|
||||
free(principal);
|
||||
@ -1616,6 +1622,26 @@ ADS_STATUS ads_USN(ADS_STRUCT *ads, uint32 *usn)
|
||||
return ADS_SUCCESS;
|
||||
}
|
||||
|
||||
/* parse a ADS timestring - typical string is
|
||||
'20020917091222.0Z0' which means 09:12.22 17th September
|
||||
2002, timezone 0 */
|
||||
static time_t ads_parse_time(const char *str)
|
||||
{
|
||||
struct tm tm;
|
||||
|
||||
ZERO_STRUCT(tm);
|
||||
|
||||
if (sscanf(str, "%4d%2d%2d%2d%2d%2d",
|
||||
&tm.tm_year, &tm.tm_mon, &tm.tm_mday,
|
||||
&tm.tm_hour, &tm.tm_min, &tm.tm_sec) != 6) {
|
||||
return 0;
|
||||
}
|
||||
tm.tm_year -= 1900;
|
||||
tm.tm_mon -= 1;
|
||||
|
||||
return timegm(&tm);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Find the servers name and realm - this can be done before authentication
|
||||
@ -1626,22 +1652,37 @@ ADS_STATUS ads_USN(ADS_STRUCT *ads, uint32 *usn)
|
||||
**/
|
||||
ADS_STATUS ads_server_info(ADS_STRUCT *ads)
|
||||
{
|
||||
const char *attrs[] = {"ldapServiceName", NULL};
|
||||
const char *attrs[] = {"ldapServiceName", "currentTime", NULL};
|
||||
ADS_STATUS status;
|
||||
void *res;
|
||||
char **values;
|
||||
char *value;
|
||||
char *p;
|
||||
char *timestr;
|
||||
TALLOC_CTX *ctx;
|
||||
|
||||
if (!(ctx = talloc_init())) {
|
||||
return ADS_ERROR(LDAP_NO_MEMORY);
|
||||
}
|
||||
|
||||
status = ads_do_search(ads, "", LDAP_SCOPE_BASE, "(objectclass=*)", attrs, &res);
|
||||
if (!ADS_ERR_OK(status)) return status;
|
||||
|
||||
values = ldap_get_values(ads->ld, res, "ldapServiceName");
|
||||
if (!values || !values[0]) return ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
|
||||
value = ads_pull_string(ads, ctx, res, "ldapServiceName");
|
||||
if (!value) {
|
||||
return ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
|
||||
}
|
||||
|
||||
timestr = ads_pull_string(ads, ctx, res, "currentTime");
|
||||
if (!timestr) {
|
||||
return ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
|
||||
}
|
||||
|
||||
p = strchr(values[0], ':');
|
||||
if (!p) {
|
||||
ldap_value_free(values);
|
||||
ldap_msgfree(res);
|
||||
|
||||
p = strchr(value, ':');
|
||||
if (!p) {
|
||||
talloc_destroy(ctx);
|
||||
DEBUG(1, ("ads_server_info: returned ldap server name did not contain a ':' so was deemed invalid\n"));
|
||||
return ADS_ERROR(LDAP_DECODING_ERROR);
|
||||
}
|
||||
|
||||
@ -1650,9 +1691,9 @@ ADS_STATUS ads_server_info(ADS_STRUCT *ads)
|
||||
ads->config.ldap_server_name = strdup(p+1);
|
||||
p = strchr(ads->config.ldap_server_name, '$');
|
||||
if (!p || p[1] != '@') {
|
||||
ldap_value_free(values);
|
||||
ldap_msgfree(res);
|
||||
talloc_destroy(ctx);
|
||||
SAFE_FREE(ads->config.ldap_server_name);
|
||||
DEBUG(1, ("ads_server_info: returned ldap server name did not contain '$@' so was deemed invalid\n"));
|
||||
return ADS_ERROR(LDAP_DECODING_ERROR);
|
||||
}
|
||||
|
||||
@ -1667,6 +1708,15 @@ ADS_STATUS ads_server_info(ADS_STRUCT *ads)
|
||||
DEBUG(3,("got ldap server name %s@%s\n",
|
||||
ads->config.ldap_server_name, ads->config.realm));
|
||||
|
||||
ads->config.current_time = ads_parse_time(timestr);
|
||||
|
||||
if (ads->config.current_time != 0) {
|
||||
ads->auth.time_offset = ads->config.current_time - time(NULL);
|
||||
DEBUG(4,("time offset is %d seconds\n", ads->auth.time_offset));
|
||||
}
|
||||
|
||||
talloc_destroy(ctx);
|
||||
|
||||
return ADS_SUCCESS;
|
||||
}
|
||||
|
||||
|
@ -28,7 +28,7 @@
|
||||
results can be used. It should be freed using ads_msgfree.
|
||||
*/
|
||||
ADS_STATUS ads_find_printer_on_server(ADS_STRUCT *ads, void **res,
|
||||
char *printer, char *servername)
|
||||
const char *printer, char *servername)
|
||||
{
|
||||
ADS_STATUS status;
|
||||
char *srv_dn, **srv_cn, *exp;
|
||||
|
@ -22,37 +22,198 @@
|
||||
|
||||
#ifdef HAVE_ADS
|
||||
|
||||
#if USE_CYRUS_SASL
|
||||
/*
|
||||
this is a minimal interact function, just enough for SASL to talk
|
||||
GSSAPI/kerberos to W2K
|
||||
Error handling is a bit of a problem. I can't see how to get Cyrus-sasl
|
||||
to give sensible errors
|
||||
perform a LDAP/SASL/SPNEGO/NTLMSSP bind (just how many layers can
|
||||
we fit on one socket??)
|
||||
*/
|
||||
static int sasl_interact(LDAP *ld,unsigned flags,void *defaults,void *in)
|
||||
static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
|
||||
{
|
||||
sasl_interact_t *interact = in;
|
||||
const char *mechs[] = {OID_NTLMSSP, NULL};
|
||||
DATA_BLOB msg1;
|
||||
DATA_BLOB blob, chal1, chal2, auth;
|
||||
uint8 challenge[8];
|
||||
uint8 nthash[24], lmhash[24], sess_key[16];
|
||||
uint32 neg_flags;
|
||||
struct berval cred, *scred;
|
||||
ADS_STATUS status;
|
||||
extern pstring global_myname;
|
||||
int rc;
|
||||
|
||||
while (interact->id != SASL_CB_LIST_END) {
|
||||
interact->result = strdup("");
|
||||
interact->len = strlen(interact->result);
|
||||
interact++;
|
||||
if (!ads->auth.password) {
|
||||
/* No password, don't segfault below... */
|
||||
return ADS_ERROR_NT(NT_STATUS_LOGON_FAILURE);
|
||||
}
|
||||
|
||||
return LDAP_SUCCESS;
|
||||
neg_flags = NTLMSSP_NEGOTIATE_UNICODE |
|
||||
NTLMSSP_NEGOTIATE_128 |
|
||||
NTLMSSP_NEGOTIATE_NTLM;
|
||||
|
||||
memset(sess_key, 0, 16);
|
||||
|
||||
/* generate the ntlmssp negotiate packet */
|
||||
msrpc_gen(&blob, "CddB",
|
||||
"NTLMSSP",
|
||||
NTLMSSP_NEGOTIATE,
|
||||
neg_flags,
|
||||
sess_key, 16);
|
||||
|
||||
/* and wrap it in a SPNEGO wrapper */
|
||||
msg1 = gen_negTokenTarg(mechs, blob);
|
||||
data_blob_free(&blob);
|
||||
|
||||
cred.bv_val = msg1.data;
|
||||
cred.bv_len = msg1.length;
|
||||
|
||||
rc = ldap_sasl_bind_s(ads->ld, NULL, "GSS-SPNEGO", &cred, NULL, NULL, &scred);
|
||||
if (rc != LDAP_SASL_BIND_IN_PROGRESS) {
|
||||
status = ADS_ERROR(rc);
|
||||
goto failed;
|
||||
}
|
||||
|
||||
blob = data_blob(scred->bv_val, scred->bv_len);
|
||||
|
||||
/* the server gives us back two challenges */
|
||||
if (!spnego_parse_challenge(blob, &chal1, &chal2)) {
|
||||
DEBUG(3,("Failed to parse challenges\n"));
|
||||
status = ADS_ERROR(LDAP_OPERATIONS_ERROR);
|
||||
goto failed;
|
||||
}
|
||||
|
||||
data_blob_free(&blob);
|
||||
|
||||
/* encrypt the password with the challenge */
|
||||
memcpy(challenge, chal1.data + 24, 8);
|
||||
SMBencrypt(ads->auth.password, challenge,lmhash);
|
||||
SMBNTencrypt(ads->auth.password, challenge,nthash);
|
||||
|
||||
data_blob_free(&chal1);
|
||||
data_blob_free(&chal2);
|
||||
|
||||
/* this generates the actual auth packet */
|
||||
msrpc_gen(&blob, "CdBBUUUBd",
|
||||
"NTLMSSP",
|
||||
NTLMSSP_AUTH,
|
||||
lmhash, 24,
|
||||
nthash, 24,
|
||||
lp_workgroup(),
|
||||
ads->auth.user_name,
|
||||
global_myname,
|
||||
sess_key, 16,
|
||||
neg_flags);
|
||||
|
||||
/* wrap it in SPNEGO */
|
||||
auth = spnego_gen_auth(blob);
|
||||
|
||||
data_blob_free(&blob);
|
||||
|
||||
/* now send the auth packet and we should be done */
|
||||
cred.bv_val = auth.data;
|
||||
cred.bv_len = auth.length;
|
||||
|
||||
rc = ldap_sasl_bind_s(ads->ld, NULL, "GSS-SPNEGO", &cred, NULL, NULL, &scred);
|
||||
|
||||
return ADS_ERROR(rc);
|
||||
|
||||
failed:
|
||||
return status;
|
||||
}
|
||||
|
||||
/*
|
||||
perform a LDAP/SASL/SPNEGO/KRB5 bind
|
||||
*/
|
||||
static ADS_STATUS ads_sasl_spnego_krb5_bind(ADS_STRUCT *ads, const char *principal)
|
||||
{
|
||||
DATA_BLOB blob;
|
||||
struct berval cred, *scred;
|
||||
int rc;
|
||||
|
||||
blob = spnego_gen_negTokenTarg(principal, ads->auth.time_offset);
|
||||
|
||||
if (!blob.data) {
|
||||
return ADS_ERROR(LDAP_OPERATIONS_ERROR);
|
||||
}
|
||||
|
||||
/* now send the auth packet and we should be done */
|
||||
cred.bv_val = blob.data;
|
||||
cred.bv_len = blob.length;
|
||||
|
||||
rc = ldap_sasl_bind_s(ads->ld, NULL, "GSS-SPNEGO", &cred, NULL, NULL, &scred);
|
||||
|
||||
data_blob_free(&blob);
|
||||
|
||||
return ADS_ERROR(rc);
|
||||
}
|
||||
|
||||
/*
|
||||
this performs a SASL/SPNEGO bind
|
||||
*/
|
||||
static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
|
||||
{
|
||||
struct berval *scred=NULL;
|
||||
int rc, i;
|
||||
ADS_STATUS status;
|
||||
DATA_BLOB blob;
|
||||
char *principal;
|
||||
char *OIDs[ASN1_MAX_OIDS];
|
||||
BOOL got_kerberos_mechanism = False;
|
||||
|
||||
rc = ldap_sasl_bind_s(ads->ld, NULL, "GSS-SPNEGO", NULL, NULL, NULL, &scred);
|
||||
|
||||
if (rc != LDAP_SASL_BIND_IN_PROGRESS) {
|
||||
status = ADS_ERROR(rc);
|
||||
goto failed;
|
||||
}
|
||||
|
||||
blob = data_blob(scred->bv_val, scred->bv_len);
|
||||
|
||||
#if 0
|
||||
file_save("sasl_spnego.dat", blob.data, blob.length);
|
||||
#endif
|
||||
|
||||
/* the server sent us the first part of the SPNEGO exchange in the negprot
|
||||
reply */
|
||||
if (!spnego_parse_negTokenInit(blob, OIDs, &principal)) {
|
||||
data_blob_free(&blob);
|
||||
status = ADS_ERROR(LDAP_OPERATIONS_ERROR);
|
||||
goto failed;
|
||||
}
|
||||
data_blob_free(&blob);
|
||||
|
||||
/* make sure the server understands kerberos */
|
||||
for (i=0;OIDs[i];i++) {
|
||||
DEBUG(3,("got OID=%s\n", OIDs[i]));
|
||||
if (strcmp(OIDs[i], OID_KERBEROS5_OLD) == 0 ||
|
||||
strcmp(OIDs[i], OID_KERBEROS5) == 0) {
|
||||
got_kerberos_mechanism = True;
|
||||
}
|
||||
free(OIDs[i]);
|
||||
}
|
||||
DEBUG(3,("got principal=%s\n", principal));
|
||||
|
||||
if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) &&
|
||||
got_kerberos_mechanism && ads_kinit_password(ads) == 0) {
|
||||
return ads_sasl_spnego_krb5_bind(ads, principal);
|
||||
}
|
||||
|
||||
/* lets do NTLMSSP ... this has the big advantage that we don't need
|
||||
to sync clocks, and we don't rely on special versions of the krb5
|
||||
library for HMAC_MD4 encryption */
|
||||
return ads_sasl_spnego_ntlmssp_bind(ads);
|
||||
|
||||
failed:
|
||||
return status;
|
||||
}
|
||||
|
||||
#ifdef HAVE_GSSAPI
|
||||
#define MAX_GSS_PASSES 3
|
||||
|
||||
/* this performs a SASL/gssapi bind
|
||||
we avoid using cyrus-sasl to make Samba more robust. cyrus-sasl
|
||||
is very dependent on correctly configured DNS whereas
|
||||
this routine is much less fragile
|
||||
see RFC2078 for details
|
||||
see RFC2078 and RFC2222 for details
|
||||
*/
|
||||
ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
|
||||
static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
|
||||
{
|
||||
int minor_status;
|
||||
gss_name_t serv_name;
|
||||
@ -68,6 +229,7 @@ ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
|
||||
uint8 *p;
|
||||
uint32 max_msg_size;
|
||||
char *sname;
|
||||
unsigned sec_layer;
|
||||
ADS_STATUS status;
|
||||
krb5_principal principal;
|
||||
krb5_context ctx;
|
||||
@ -159,22 +321,25 @@ ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
|
||||
|
||||
p = (uint8 *)output_token.value;
|
||||
|
||||
file_save("sasl_gssapi.dat", output_token.value, output_token.length);
|
||||
|
||||
max_msg_size = (p[1]<<16) | (p[2]<<8) | p[3];
|
||||
sec_layer = *p;
|
||||
|
||||
gss_release_buffer(&minor_status, &output_token);
|
||||
|
||||
output_token.value = malloc(strlen(ads->config.bind_path) + 8);
|
||||
p = output_token.value;
|
||||
|
||||
*p++ = 1; /* no sign or seal */
|
||||
*p++ = 1; /* no sign & seal selection */
|
||||
/* choose the same size as the server gave us */
|
||||
*p++ = max_msg_size>>16;
|
||||
*p++ = max_msg_size>>8;
|
||||
*p++ = max_msg_size;
|
||||
snprintf(p, strlen(ads->config.bind_path)+4, "dn:%s", ads->config.bind_path);
|
||||
p += strlen(ads->config.bind_path);
|
||||
p += strlen(p);
|
||||
|
||||
output_token.length = strlen(ads->config.bind_path) + 8;
|
||||
output_token.length = PTR_DIFF(p, output_token.value);
|
||||
|
||||
gss_rc = gss_wrap(&minor_status, context_handle,0,GSS_C_QOP_DEFAULT,
|
||||
&output_token, &conf_state,
|
||||
@ -198,18 +363,51 @@ ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
|
||||
failed:
|
||||
return status;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* mapping between SASL mechanisms and functions */
|
||||
static struct {
|
||||
const char *name;
|
||||
ADS_STATUS (*fn)(ADS_STRUCT *);
|
||||
} sasl_mechanisms[] = {
|
||||
{"GSS-SPNEGO", ads_sasl_spnego_bind},
|
||||
#ifdef HAVE_GSSAPI
|
||||
{"GSSAPI", ads_sasl_gssapi_bind}, /* doesn't work with .NET RC1. No idea why */
|
||||
#endif
|
||||
{NULL, NULL}
|
||||
};
|
||||
|
||||
ADS_STATUS ads_sasl_bind(ADS_STRUCT *ads)
|
||||
{
|
||||
#if USE_CYRUS_SASL
|
||||
int rc;
|
||||
rc = ldap_sasl_interactive_bind_s(ads->ld, NULL, NULL, NULL, NULL,
|
||||
LDAP_SASL_QUIET,
|
||||
sasl_interact, NULL);
|
||||
return ADS_ERROR(rc);
|
||||
#else
|
||||
return ads_sasl_gssapi_bind(ads);
|
||||
#endif
|
||||
const char *attrs[] = {"supportedSASLMechanisms", NULL};
|
||||
char **values;
|
||||
ADS_STATUS status;
|
||||
int i, j;
|
||||
void *res;
|
||||
|
||||
/* get a list of supported SASL mechanisms */
|
||||
status = ads_do_search(ads, "", LDAP_SCOPE_BASE, "(objectclass=*)", attrs, &res);
|
||||
if (!ADS_ERR_OK(status)) return status;
|
||||
|
||||
values = ldap_get_values(ads->ld, res, "supportedSASLMechanisms");
|
||||
|
||||
/* try our supported mechanisms in order */
|
||||
for (i=0;sasl_mechanisms[i].name;i++) {
|
||||
/* see if the server supports it */
|
||||
for (j=0;values && values[j];j++) {
|
||||
if (strcmp(values[j], sasl_mechanisms[i].name) == 0) {
|
||||
DEBUG(4,("Found SASL mechanism %s\n", values[j]));
|
||||
status = sasl_mechanisms[i].fn(ads);
|
||||
ldap_value_free(values);
|
||||
ldap_msgfree(res);
|
||||
return status;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
ldap_value_free(values);
|
||||
ldap_msgfree(res);
|
||||
return ADS_ERROR(LDAP_AUTH_METHOD_NOT_SUPPORTED);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@ -40,7 +40,7 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip
|
||||
asprintf(&service_principal, "HOST/%s", host_principal);
|
||||
|
||||
ret = kerberos_set_password(ads->auth.kdc_server, host_principal, password,
|
||||
service_principal, new_password);
|
||||
service_principal, new_password, ads->auth.time_offset);
|
||||
|
||||
if (!secrets_store_machine_password(new_password)) {
|
||||
DEBUG(1,("Failed to save machine password\n"));
|
||||
|
@ -174,6 +174,16 @@ BOOL asn1_write_BOOLEAN(ASN1_DATA *data, BOOL v)
|
||||
return !data->has_error;
|
||||
}
|
||||
|
||||
/* write a BOOLEAN - hmm, I suspect this one is the correct one, and the
|
||||
above boolean is bogus. Need to check */
|
||||
BOOL asn1_write_BOOLEAN2(ASN1_DATA *data, BOOL v)
|
||||
{
|
||||
asn1_push_tag(data, ASN1_BOOLEAN);
|
||||
asn1_write_uint8(data, v);
|
||||
asn1_pop_tag(data);
|
||||
return !data->has_error;
|
||||
}
|
||||
|
||||
/* check a BOOLEAN */
|
||||
BOOL asn1_check_BOOLEAN(ASN1_DATA *data, BOOL v)
|
||||
{
|
||||
@ -244,15 +254,12 @@ BOOL asn1_start_tag(ASN1_DATA *data, uint8 tag)
|
||||
asn1_read_uint8(data, &b);
|
||||
if (b & 0x80) {
|
||||
int n = b & 0x7f;
|
||||
if (n > 2) {
|
||||
data->has_error = True;
|
||||
return False;
|
||||
}
|
||||
asn1_read_uint8(data, &b);
|
||||
nesting->taglen = b;
|
||||
if (n == 2) {
|
||||
while (n > 1) {
|
||||
asn1_read_uint8(data, &b);
|
||||
nesting->taglen = (nesting->taglen << 8) | b;
|
||||
n--;
|
||||
}
|
||||
} else {
|
||||
nesting->taglen = b;
|
||||
@ -366,6 +373,7 @@ BOOL asn1_read_GeneralString(ASN1_DATA *data, char **s)
|
||||
BOOL asn1_read_OctetString(ASN1_DATA *data, DATA_BLOB *blob)
|
||||
{
|
||||
int len;
|
||||
ZERO_STRUCTP(blob);
|
||||
if (!asn1_start_tag(data, ASN1_OCTET_STRING)) return False;
|
||||
len = asn1_tag_remaining(data);
|
||||
*blob = data_blob(NULL, len);
|
||||
@ -382,7 +390,8 @@ BOOL asn1_read_Integer(ASN1_DATA *data, int *i)
|
||||
|
||||
if (!asn1_start_tag(data, ASN1_INTEGER)) return False;
|
||||
while (asn1_tag_remaining(data)>0) {
|
||||
*i = (*i << 8) + asn1_read_uint8(data, &b);
|
||||
asn1_read_uint8(data, &b);
|
||||
*i = (*i << 8) + b;
|
||||
}
|
||||
return asn1_end_tag(data);
|
||||
|
||||
|
@ -50,14 +50,12 @@ static BOOL cli_session_setup_lanman2(struct cli_state *cli, char *user,
|
||||
fstring pword;
|
||||
char *p;
|
||||
|
||||
if (passlen > sizeof(pword)-1) {
|
||||
if (passlen > sizeof(pword)-1)
|
||||
return False;
|
||||
}
|
||||
|
||||
/* if in share level security then don't send a password now */
|
||||
if (!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) {
|
||||
if (!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL))
|
||||
passlen = 0;
|
||||
}
|
||||
|
||||
if (passlen > 0 && (cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && passlen != 24) {
|
||||
/* Encrypted mode needed, and non encrypted password supplied. */
|
||||
@ -99,9 +97,8 @@ static BOOL cli_session_setup_lanman2(struct cli_state *cli, char *user,
|
||||
|
||||
show_msg(cli->inbuf);
|
||||
|
||||
if (cli_is_error(cli)) {
|
||||
if (cli_is_error(cli))
|
||||
return False;
|
||||
}
|
||||
|
||||
/* use the returned vuid from now on */
|
||||
cli->vuid = SVAL(cli->inbuf,smb_uid);
|
||||
@ -118,17 +115,14 @@ static uint32 cli_session_setup_capabilities(struct cli_state *cli)
|
||||
{
|
||||
uint32 capabilities = CAP_NT_SMBS;
|
||||
|
||||
if (!cli->force_dos_errors) {
|
||||
if (!cli->force_dos_errors)
|
||||
capabilities |= CAP_STATUS32;
|
||||
}
|
||||
|
||||
if (cli->use_level_II_oplocks) {
|
||||
if (cli->use_level_II_oplocks)
|
||||
capabilities |= CAP_LEVEL_II_OPLOCKS;
|
||||
}
|
||||
|
||||
if (cli->capabilities & CAP_UNICODE) {
|
||||
if (cli->capabilities & CAP_UNICODE)
|
||||
capabilities |= CAP_UNICODE;
|
||||
}
|
||||
|
||||
return capabilities;
|
||||
}
|
||||
@ -167,9 +161,8 @@ static BOOL cli_session_setup_guest(struct cli_state *cli)
|
||||
|
||||
show_msg(cli->inbuf);
|
||||
|
||||
if (cli_is_error(cli)) {
|
||||
if (cli_is_error(cli))
|
||||
return False;
|
||||
}
|
||||
|
||||
cli->vuid = SVAL(cli->inbuf,smb_uid);
|
||||
|
||||
@ -223,9 +216,8 @@ static BOOL cli_session_setup_plaintext(struct cli_state *cli, char *user,
|
||||
|
||||
show_msg(cli->inbuf);
|
||||
|
||||
if (cli_is_error(cli)) {
|
||||
if (cli_is_error(cli))
|
||||
return False;
|
||||
}
|
||||
|
||||
cli->vuid = SVAL(cli->inbuf,smb_uid);
|
||||
p = smb_buf(cli->inbuf);
|
||||
@ -237,15 +229,41 @@ static BOOL cli_session_setup_plaintext(struct cli_state *cli, char *user,
|
||||
return True;
|
||||
}
|
||||
|
||||
static void set_signing_on_cli (struct cli_state *cli, char* pass, uint8 response[24])
|
||||
{
|
||||
uint8 zero_sig[8];
|
||||
ZERO_STRUCT(zero_sig);
|
||||
|
||||
/**
|
||||
DEBUG(5, ("Server returned security sig:\n"));
|
||||
dump_data(5, &cli->inbuf[smb_ss_field], 8);
|
||||
|
||||
if (cli->sign_info.use_smb_signing) {
|
||||
DEBUG(5, ("smb signing already active on connection\n"));
|
||||
} else if (memcmp(&cli->inbuf[smb_ss_field], zero_sig, 8) != 0) {
|
||||
|
||||
DEBUG(3, ("smb signing enabled!\n"));
|
||||
cli->sign_info.use_smb_signing = True;
|
||||
cli_calculate_mac_key(cli, pass, response);
|
||||
} else {
|
||||
DEBUG(5, ("smb signing NOT enabled!\n"));
|
||||
}
|
||||
}
|
||||
|
||||
static void set_temp_signing_on_cli(struct cli_state *cli)
|
||||
{
|
||||
if (cli->sign_info.negotiated_smb_signing)
|
||||
cli->sign_info.temp_smb_signing = True;
|
||||
}
|
||||
|
||||
|
||||
/****************************************************************************
|
||||
do a NT1 NTLM/LM encrypted session setup
|
||||
@param cli client state to create do session setup on
|
||||
@param user username
|
||||
@param pass *either* cleartext password (passlen !=24) or LM response.
|
||||
@param ntpass NT response, implies ntpasslen >=24, implies pass is not clear
|
||||
@param workgroup The user's domain.
|
||||
*/
|
||||
****************************************************************************/
|
||||
|
||||
static BOOL cli_session_setup_nt1(struct cli_state *cli, char *user,
|
||||
char *pass, int passlen,
|
||||
@ -256,11 +274,10 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, char *user,
|
||||
uchar pword[24];
|
||||
uchar ntpword[24];
|
||||
char *p;
|
||||
BOOL tried_signing = False;
|
||||
BOOL have_plaintext = False;
|
||||
|
||||
if (passlen > sizeof(pword) || ntpasslen > sizeof(ntpword)) {
|
||||
if (passlen > sizeof(pword) || ntpasslen > sizeof(ntpword))
|
||||
return False;
|
||||
}
|
||||
|
||||
if (passlen != 24) {
|
||||
/* non encrypted password supplied. Ignore ntpass. */
|
||||
@ -268,20 +285,19 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, char *user,
|
||||
ntpasslen = 24;
|
||||
SMBencrypt(pass,cli->secblob.data,pword);
|
||||
SMBNTencrypt(pass,cli->secblob.data,ntpword);
|
||||
if (!cli->sign_info.use_smb_signing && cli->sign_info.negotiated_smb_signing) {
|
||||
cli_calculate_mac_key(cli, pass, ntpword);
|
||||
tried_signing = True;
|
||||
}
|
||||
|
||||
have_plaintext = True;
|
||||
set_temp_signing_on_cli(cli);
|
||||
} else {
|
||||
/* pre-encrypted password supplied. Only used for security=server, can't do
|
||||
/* pre-encrypted password supplied. Only used for
|
||||
security=server, can't do
|
||||
signing becouse we don't have oringial key */
|
||||
memcpy(pword, pass, 24);
|
||||
if (ntpasslen == 24) {
|
||||
if (ntpasslen == 24)
|
||||
memcpy(ntpword, ntpass, 24);
|
||||
} else {
|
||||
else
|
||||
ZERO_STRUCT(ntpword);
|
||||
}
|
||||
}
|
||||
|
||||
/* send a session setup command */
|
||||
memset(cli->outbuf,'\0',smb_size);
|
||||
@ -301,31 +317,22 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, char *user,
|
||||
p = smb_buf(cli->outbuf);
|
||||
memcpy(p,pword,passlen); p += passlen;
|
||||
memcpy(p,ntpword,ntpasslen); p += ntpasslen;
|
||||
p += clistr_push(cli, p, user, -1, STR_TERMINATE|STR_UPPER);
|
||||
p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE|STR_UPPER);
|
||||
p += clistr_push(cli, p, user, -1, STR_TERMINATE);
|
||||
p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE);
|
||||
p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
|
||||
p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
|
||||
cli_setup_bcc(cli, p);
|
||||
|
||||
cli_send_smb(cli);
|
||||
if (!cli_receive_smb(cli)) {
|
||||
if (tried_signing) {
|
||||
/* We only use it if we have a successful non-guest connect */
|
||||
cli->sign_info.use_smb_signing = False;
|
||||
}
|
||||
if (!cli_send_smb(cli))
|
||||
return False;
|
||||
|
||||
if (!cli_receive_smb(cli))
|
||||
return False;
|
||||
}
|
||||
|
||||
show_msg(cli->inbuf);
|
||||
|
||||
if (tried_signing && (cli_is_error(cli) || SVAL(cli->inbuf,smb_vwv2) /* guest */)) {
|
||||
/* We only use it if we have a successful non-guest connect */
|
||||
cli->sign_info.use_smb_signing = False;
|
||||
}
|
||||
|
||||
if (cli_is_error(cli)) {
|
||||
if (cli_is_error(cli))
|
||||
return False;
|
||||
}
|
||||
|
||||
/* use the returned vuid from now on */
|
||||
cli->vuid = SVAL(cli->inbuf,smb_uid);
|
||||
@ -337,6 +344,11 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, char *user,
|
||||
|
||||
fstrcpy(cli->user_name, user);
|
||||
|
||||
if (have_plaintext) {
|
||||
/* Have plaintext orginal */
|
||||
set_signing_on_cli(cli, pass, ntpword);
|
||||
}
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
@ -360,6 +372,9 @@ static DATA_BLOB cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
|
||||
|
||||
set_message(cli->outbuf,12,0,True);
|
||||
SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
|
||||
|
||||
set_temp_signing_on_cli(cli);
|
||||
|
||||
cli_setup_packet(cli);
|
||||
|
||||
SCVAL(cli->outbuf,smb_vwv0,0xFF);
|
||||
@ -375,8 +390,8 @@ static DATA_BLOB cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
|
||||
p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
|
||||
p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
|
||||
cli_setup_bcc(cli, p);
|
||||
|
||||
cli_send_smb(cli);
|
||||
|
||||
if (!cli_receive_smb(cli))
|
||||
return blob2;
|
||||
|
||||
@ -404,7 +419,6 @@ static DATA_BLOB cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
|
||||
return blob2;
|
||||
}
|
||||
|
||||
|
||||
#ifdef HAVE_KRB5
|
||||
/****************************************************************************
|
||||
Do a spnego/kerberos encrypted session setup.
|
||||
@ -417,7 +431,7 @@ static BOOL cli_session_setup_kerberos(struct cli_state *cli, char *principal, c
|
||||
DEBUG(2,("Doing kerberos session setup\n"));
|
||||
|
||||
/* generate the encapsulated kerberos5 ticket */
|
||||
negTokenTarg = spnego_gen_negTokenTarg(cli, principal);
|
||||
negTokenTarg = spnego_gen_negTokenTarg(principal, 0);
|
||||
|
||||
if (!negTokenTarg.data) return False;
|
||||
|
||||
@ -443,28 +457,32 @@ static BOOL cli_session_setup_kerberos(struct cli_state *cli, char *principal, c
|
||||
static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, char *user,
|
||||
char *pass, char *workgroup)
|
||||
{
|
||||
const char *mechs[] = {OID_NTLMSSP, NULL};
|
||||
DATA_BLOB msg1;
|
||||
DATA_BLOB blob, chal1, chal2, auth;
|
||||
DATA_BLOB msg1, struct_blob;
|
||||
DATA_BLOB blob, chal1, chal2, auth, challenge_blob;
|
||||
uint8 challenge[8];
|
||||
uint8 nthash[24], lmhash[24], sess_key[16];
|
||||
uint32 neg_flags;
|
||||
uint32 neg_flags, chal_flags, ntlmssp_command, unkn1, unkn2;
|
||||
pstring server_domain; /* FIX THIS, SHOULD be UCS2-LE */
|
||||
|
||||
neg_flags = NTLMSSP_NEGOTIATE_UNICODE |
|
||||
NTLMSSP_NEGOTIATE_LM_KEY |
|
||||
NTLMSSP_NEGOTIATE_128 |
|
||||
NTLMSSP_NEGOTIATE_NTLM;
|
||||
|
||||
memset(sess_key, 0, 16);
|
||||
|
||||
DEBUG(10, ("sending NTLMSSP_NEGOTIATE\n"));
|
||||
|
||||
/* generate the ntlmssp negotiate packet */
|
||||
msrpc_gen(&blob, "CddB",
|
||||
msrpc_gen(&blob, "CddAA",
|
||||
"NTLMSSP",
|
||||
NTLMSSP_NEGOTIATE,
|
||||
neg_flags,
|
||||
sess_key, 16);
|
||||
|
||||
workgroup, strlen(workgroup),
|
||||
cli->calling.name, strlen(cli->calling.name) + 1);
|
||||
DEBUG(10, ("neg_flags: %0X, workgroup: %s, calling name %s\n",
|
||||
neg_flags, workgroup, cli->calling.name));
|
||||
/* and wrap it in a SPNEGO wrapper */
|
||||
msg1 = gen_negTokenTarg(mechs, blob);
|
||||
msg1 = gen_negTokenInit(OID_NTLMSSP, blob);
|
||||
data_blob_free(&blob);
|
||||
|
||||
/* now send that blob on its way */
|
||||
@ -472,9 +490,8 @@ static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, char *user,
|
||||
|
||||
data_blob_free(&msg1);
|
||||
|
||||
if (!NT_STATUS_EQUAL(cli_nt_error(cli), NT_STATUS_MORE_PROCESSING_REQUIRED)) {
|
||||
if (!NT_STATUS_EQUAL(cli_nt_error(cli), NT_STATUS_MORE_PROCESSING_REQUIRED))
|
||||
return False;
|
||||
}
|
||||
|
||||
#if 0
|
||||
file_save("chal.dat", blob.data, blob.length);
|
||||
@ -488,10 +505,38 @@ static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, char *user,
|
||||
|
||||
data_blob_free(&blob);
|
||||
|
||||
/* encrypt the password with the challenge */
|
||||
memcpy(challenge, chal1.data + 24, 8);
|
||||
/*
|
||||
* Ok, chal1 and chal2 are actually two identical copies of
|
||||
* the NTLMSSP Challenge BLOB, and they contain, encoded in them
|
||||
* the challenge to use.
|
||||
*/
|
||||
|
||||
if (!msrpc_parse(&chal1, "CdUdbddB",
|
||||
"NTLMSSP",
|
||||
&ntlmssp_command,
|
||||
&server_domain,
|
||||
&chal_flags,
|
||||
&challenge_blob, 8,
|
||||
&unkn1, &unkn2,
|
||||
&struct_blob)) {
|
||||
DEBUG(0, ("Failed to parse the NTLMSSP Challenge\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
if (ntlmssp_command != NTLMSSP_CHALLENGE) {
|
||||
DEBUG(0, ("NTLMSSP Response != NTLMSSP_CHALLENGE. Got %0X\n",
|
||||
ntlmssp_command));
|
||||
return False;
|
||||
}
|
||||
|
||||
DEBUG(10, ("Challenge:\n"));
|
||||
dump_data(10, challenge_blob.data, 8);
|
||||
|
||||
/* encrypt the password with the challenge which is in the blob */
|
||||
memcpy(challenge, challenge_blob.data, 8);
|
||||
SMBencrypt(pass, challenge,lmhash);
|
||||
SMBNTencrypt(pass, challenge,nthash);
|
||||
data_blob_free(&challenge_blob);
|
||||
|
||||
#if 0
|
||||
file_save("nthash.dat", nthash, 24);
|
||||
@ -511,7 +556,7 @@ static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, char *user,
|
||||
workgroup,
|
||||
user,
|
||||
cli->calling.name,
|
||||
sess_key, 16,
|
||||
sess_key, 0,
|
||||
neg_flags);
|
||||
|
||||
/* wrap it in SPNEGO */
|
||||
@ -525,7 +570,12 @@ static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, char *user,
|
||||
data_blob_free(&auth);
|
||||
data_blob_free(&blob);
|
||||
|
||||
return !cli_is_error(cli);
|
||||
if (cli_is_error(cli))
|
||||
return False;
|
||||
|
||||
set_signing_on_cli(cli, pass, nthash);
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
@ -537,17 +587,14 @@ static BOOL cli_session_setup_spnego(struct cli_state *cli, char *user,
|
||||
{
|
||||
char *principal;
|
||||
char *OIDs[ASN1_MAX_OIDS];
|
||||
uint8 guid[16];
|
||||
int i;
|
||||
BOOL got_kerberos_mechanism = False;
|
||||
|
||||
/* spnego security cannot use SMB signing (for now). */
|
||||
cli->sign_info.use_smb_signing = False;
|
||||
DATA_BLOB blob;
|
||||
|
||||
DEBUG(2,("Doing spnego session setup (blob length=%d)\n", cli->secblob.length));
|
||||
|
||||
/* the server might not even do spnego */
|
||||
if (cli->secblob.length == 16) {
|
||||
if (cli->secblob.length <= 16) {
|
||||
DEBUG(3,("server didn't supply a full spnego negprot\n"));
|
||||
goto ntlmssp;
|
||||
}
|
||||
@ -556,11 +603,16 @@ static BOOL cli_session_setup_spnego(struct cli_state *cli, char *user,
|
||||
file_save("negprot.dat", cli->secblob.data, cli->secblob.length);
|
||||
#endif
|
||||
|
||||
/* there is 16 bytes of GUID before the real spnego packet starts */
|
||||
blob = data_blob(cli->secblob.data+16, cli->secblob.length-16);
|
||||
|
||||
/* the server sent us the first part of the SPNEGO exchange in the negprot
|
||||
reply */
|
||||
if (!spnego_parse_negTokenInit(cli->secblob, guid, OIDs, &principal)) {
|
||||
if (!spnego_parse_negTokenInit(blob, OIDs, &principal)) {
|
||||
data_blob_free(&blob);
|
||||
return False;
|
||||
}
|
||||
data_blob_free(&blob);
|
||||
|
||||
/* make sure the server understands kerberos */
|
||||
for (i=0;OIDs[i];i++) {
|
||||
@ -620,35 +672,38 @@ BOOL cli_session_setup(struct cli_state *cli,
|
||||
flow a bit easier to understand (tridge) */
|
||||
|
||||
/* if its an older server then we have to use the older request format */
|
||||
if (cli->protocol < PROTOCOL_NT1) {
|
||||
|
||||
if (cli->protocol < PROTOCOL_NT1)
|
||||
return cli_session_setup_lanman2(cli, user, pass, passlen, workgroup);
|
||||
}
|
||||
|
||||
/* if no user is supplied then we have to do an anonymous connection.
|
||||
passwords are ignored */
|
||||
if (!user || !*user) {
|
||||
|
||||
if (!user || !*user)
|
||||
return cli_session_setup_guest(cli);
|
||||
}
|
||||
|
||||
/* if the server is share level then send a plaintext null
|
||||
password at this point. The password is sent in the tree
|
||||
connect */
|
||||
if ((cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) == 0) {
|
||||
|
||||
if ((cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) == 0)
|
||||
return cli_session_setup_plaintext(cli, user, "", workgroup);
|
||||
}
|
||||
|
||||
/* if the server doesn't support encryption then we have to use
|
||||
plaintext. The second password is ignored */
|
||||
if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
|
||||
|
||||
if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0)
|
||||
return cli_session_setup_plaintext(cli, user, pass, workgroup);
|
||||
}
|
||||
|
||||
/* Indidicate signing */
|
||||
|
||||
/* if the server supports extended security then use SPNEGO */
|
||||
if (cli->capabilities & CAP_EXTENDED_SECURITY) {
|
||||
|
||||
if (cli->capabilities & CAP_EXTENDED_SECURITY)
|
||||
return cli_session_setup_spnego(cli, user, pass, workgroup);
|
||||
}
|
||||
|
||||
/* otherwise do a NT1 style session setup */
|
||||
|
||||
return cli_session_setup_nt1(cli, user,
|
||||
pass, passlen, ntpass, ntpasslen,
|
||||
workgroup);
|
||||
@ -738,15 +793,13 @@ BOOL cli_send_tconX(struct cli_state *cli,
|
||||
if (!cli_receive_smb(cli))
|
||||
return False;
|
||||
|
||||
if (cli_is_error(cli)) {
|
||||
if (cli_is_error(cli))
|
||||
return False;
|
||||
}
|
||||
|
||||
clistr_pull(cli, cli->dev, smb_buf(cli->inbuf), sizeof(fstring), -1, STR_TERMINATE|STR_ASCII);
|
||||
|
||||
if (strcasecmp(share,"IPC$")==0) {
|
||||
if (strcasecmp(share,"IPC$")==0)
|
||||
fstrcpy(cli->dev, "IPC");
|
||||
}
|
||||
|
||||
if (cli->protocol >= PROTOCOL_NT1 &&
|
||||
smb_buflen(cli->inbuf) == 3) {
|
||||
@ -786,9 +839,8 @@ void cli_negprot_send(struct cli_state *cli)
|
||||
char *p;
|
||||
int numprots;
|
||||
|
||||
if (cli->protocol < PROTOCOL_NT1) {
|
||||
if (cli->protocol < PROTOCOL_NT1)
|
||||
cli->use_spnego = False;
|
||||
}
|
||||
|
||||
memset(cli->outbuf,'\0',smb_size);
|
||||
|
||||
@ -827,9 +879,8 @@ BOOL cli_negprot(struct cli_state *cli)
|
||||
return False;
|
||||
}
|
||||
|
||||
if (cli->protocol < PROTOCOL_NT1) {
|
||||
if (cli->protocol < PROTOCOL_NT1)
|
||||
cli->use_spnego = False;
|
||||
}
|
||||
|
||||
memset(cli->outbuf,'\0',smb_size);
|
||||
|
||||
@ -891,13 +942,9 @@ BOOL cli_negprot(struct cli_state *cli)
|
||||
smb_buflen(cli->inbuf)-8, STR_UNICODE|STR_NOALIGN);
|
||||
}
|
||||
|
||||
/* A way to attempt to force SMB signing */
|
||||
if (getenv("CLI_FORCE_SMB_SIGNING"))
|
||||
if ((cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED))
|
||||
cli->sign_info.negotiated_smb_signing = True;
|
||||
|
||||
if (cli->sign_info.negotiated_smb_signing && !(cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED))
|
||||
cli->sign_info.negotiated_smb_signing = False;
|
||||
|
||||
} else if (cli->protocol >= PROTOCOL_LANMAN1) {
|
||||
cli->use_spnego = False;
|
||||
cli->sec_mode = SVAL(cli->inbuf,smb_vwv1);
|
||||
@ -920,9 +967,8 @@ BOOL cli_negprot(struct cli_state *cli)
|
||||
cli->max_xmit = MIN(cli->max_xmit, CLI_BUFFER_SIZE);
|
||||
|
||||
/* a way to force ascii SMB */
|
||||
if (getenv("CLI_FORCE_ASCII")) {
|
||||
if (getenv("CLI_FORCE_ASCII"))
|
||||
cli->capabilities &= ~CAP_UNICODE;
|
||||
}
|
||||
|
||||
return True;
|
||||
}
|
||||
@ -938,15 +984,6 @@ BOOL cli_session_request(struct cli_state *cli,
|
||||
int len = 4;
|
||||
extern pstring user_socket_options;
|
||||
|
||||
/* 445 doesn't have session request */
|
||||
if (cli->port == 445) return True;
|
||||
|
||||
if (cli->sign_info.use_smb_signing) {
|
||||
DEBUG(0, ("Cannot send session resquest again, particularly after setting up SMB Signing\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
/* send a session request (RFC 1002) */
|
||||
memcpy(&(cli->calling), calling, sizeof(*calling));
|
||||
memcpy(&(cli->called ), called , sizeof(*called ));
|
||||
|
||||
@ -960,6 +997,16 @@ BOOL cli_session_request(struct cli_state *cli,
|
||||
name_mangle(cli->calling.name, p, cli->calling.name_type);
|
||||
len += name_len(p);
|
||||
|
||||
/* 445 doesn't have session request */
|
||||
if (cli->port == 445)
|
||||
return True;
|
||||
|
||||
if (cli->sign_info.use_smb_signing) {
|
||||
DEBUG(0, ("Cannot send session resquest again, particularly after setting up SMB Signing\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
/* send a session request (RFC 1002) */
|
||||
/* setup the packet length
|
||||
* Remove four bytes from the length count, since the length
|
||||
* field in the NBT Session Service header counts the number
|
||||
@ -1066,7 +1113,8 @@ BOOL cli_connect(struct cli_state *cli, const char *host, struct in_addr *ip)
|
||||
cli->fd = open_socket_out(SOCK_STREAM, &cli->dest_ip,
|
||||
port, cli->timeout);
|
||||
}
|
||||
if (cli->fd != -1) cli->port = port;
|
||||
if (cli->fd != -1)
|
||||
cli->port = port;
|
||||
}
|
||||
if (cli->fd == -1) {
|
||||
DEBUG(1,("Error connecting to %s (%s)\n",
|
||||
@ -1141,11 +1189,10 @@ NTSTATUS cli_full_connection(struct cli_state **output_cli,
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
|
||||
if (dest_ip) {
|
||||
if (dest_ip)
|
||||
ip = *dest_ip;
|
||||
} else {
|
||||
else
|
||||
ZERO_STRUCT(ip);
|
||||
}
|
||||
|
||||
again:
|
||||
|
||||
@ -1162,8 +1209,7 @@ again:
|
||||
char *p;
|
||||
DEBUG(1,("session request to %s failed (%s)\n",
|
||||
called.name, cli_errstr(cli)));
|
||||
cli_shutdown(cli);
|
||||
if ((p=strchr(called.name, '.'))) {
|
||||
if ((p=strchr(called.name, '.')) && !is_ipaddress(called.name)) {
|
||||
*p = 0;
|
||||
goto again;
|
||||
}
|
||||
@ -1174,11 +1220,10 @@ again:
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
|
||||
if (flags & CLI_FULL_CONNECTION_DONT_SPNEGO) {
|
||||
if (flags & CLI_FULL_CONNECTION_DONT_SPNEGO)
|
||||
cli->use_spnego = False;
|
||||
} else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS) {
|
||||
else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS)
|
||||
cli->use_kerberos = True;
|
||||
}
|
||||
|
||||
if (!cli_negprot(cli)) {
|
||||
DEBUG(1,("failed negprot\n"));
|
||||
@ -1261,18 +1306,22 @@ BOOL attempt_netbios_session_request(struct cli_state *cli, char *srchost, char
|
||||
|
||||
DEBUG(0,("attempt_netbios_session_request: %s rejected the session for name *SMBSERVER \
|
||||
with error %s.\n", desthost, cli_errstr(cli) ));
|
||||
cli_shutdown(cli);
|
||||
return False;
|
||||
}
|
||||
|
||||
cli_shutdown(cli);
|
||||
/*
|
||||
* We need to close the connection here but can't call cli_shutdown as
|
||||
* will free an allocated cli struct. cli_close_connection was invented
|
||||
* for this purpose. JRA. Based on work by "Kim R. Pedersen" <krp@filanet.dk>.
|
||||
*/
|
||||
|
||||
cli_close_connection(cli);
|
||||
|
||||
if (!cli_initialise(cli) ||
|
||||
!cli_connect(cli, desthost, pdest_ip) ||
|
||||
!cli_session_request(cli, &calling, &smbservername)) {
|
||||
DEBUG(0,("attempt_netbios_session_request: %s rejected the session for \
|
||||
name *SMBSERVER with error %s\n", desthost, cli_errstr(cli) ));
|
||||
cli_shutdown(cli);
|
||||
return False;
|
||||
}
|
||||
}
|
||||
|
@ -32,7 +32,7 @@ int cli_set_port(struct cli_state *cli, int port)
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
read an smb from a fd ignoring all keepalive packets. Note that the buffer
|
||||
Read an smb from a fd ignoring all keepalive packets. Note that the buffer
|
||||
*MUST* be of size BUFFER_SIZE+SAFETY_MARGIN.
|
||||
The timeout is in milliseconds
|
||||
|
||||
@ -46,12 +46,10 @@ static BOOL client_receive_smb(int fd,char *buffer, unsigned int timeout)
|
||||
{
|
||||
BOOL ret;
|
||||
|
||||
for(;;)
|
||||
{
|
||||
for(;;) {
|
||||
ret = receive_smb(fd, buffer, timeout);
|
||||
|
||||
if (!ret)
|
||||
{
|
||||
if (!ret) {
|
||||
DEBUG(10,("client_receive_smb failed\n"));
|
||||
show_msg(buffer);
|
||||
return ret;
|
||||
@ -65,16 +63,17 @@ static BOOL client_receive_smb(int fd,char *buffer, unsigned int timeout)
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
/****************************************************************************
|
||||
recv an smb
|
||||
Recv an smb.
|
||||
****************************************************************************/
|
||||
|
||||
BOOL cli_receive_smb(struct cli_state *cli)
|
||||
{
|
||||
BOOL ret;
|
||||
|
||||
/* fd == -1 causes segfaults -- Tom (tom@ninja.nl) */
|
||||
if (cli->fd == -1) return False;
|
||||
if (cli->fd == -1)
|
||||
return False;
|
||||
|
||||
again:
|
||||
ret = client_receive_smb(cli->fd,cli->inbuf,cli->timeout);
|
||||
@ -151,34 +150,32 @@ void cli_setup_packet(struct cli_state *cli)
|
||||
uint16 flags2;
|
||||
SCVAL(cli->outbuf,smb_flg,0x8);
|
||||
flags2 = FLAGS2_LONG_PATH_COMPONENTS;
|
||||
if (cli->capabilities & CAP_UNICODE) {
|
||||
if (cli->capabilities & CAP_UNICODE)
|
||||
flags2 |= FLAGS2_UNICODE_STRINGS;
|
||||
}
|
||||
if (cli->capabilities & CAP_STATUS32) {
|
||||
if (cli->capabilities & CAP_STATUS32)
|
||||
flags2 |= FLAGS2_32_BIT_ERROR_CODES;
|
||||
}
|
||||
if (cli->use_spnego) {
|
||||
if (cli->use_spnego)
|
||||
flags2 |= FLAGS2_EXTENDED_SECURITY;
|
||||
}
|
||||
if (cli->sign_info.use_smb_signing)
|
||||
if (cli->sign_info.use_smb_signing
|
||||
|| cli->sign_info.temp_smb_signing)
|
||||
flags2 |= FLAGS2_SMB_SECURITY_SIGNATURES;
|
||||
SSVAL(cli->outbuf,smb_flg2, flags2);
|
||||
}
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
setup the bcc length of the packet from a pointer to the end of the data
|
||||
Setup the bcc length of the packet from a pointer to the end of the data.
|
||||
****************************************************************************/
|
||||
|
||||
void cli_setup_bcc(struct cli_state *cli, void *p)
|
||||
{
|
||||
set_message_bcc(cli->outbuf, PTR_DIFF(p, smb_buf(cli->outbuf)));
|
||||
}
|
||||
|
||||
|
||||
|
||||
/****************************************************************************
|
||||
initialise credentials of a client structure
|
||||
Initialise credentials of a client structure.
|
||||
****************************************************************************/
|
||||
|
||||
void cli_init_creds(struct cli_state *cli, const struct ntuser_creds *usr)
|
||||
{
|
||||
/* copy_nt_creds(&cli->usr, usr); */
|
||||
@ -193,10 +190,10 @@ void cli_init_creds(struct cli_state *cli, const struct ntuser_creds *usr)
|
||||
cli->ntlmssp_flags,cli->ntlmssp_cli_flgs));
|
||||
}
|
||||
|
||||
|
||||
/****************************************************************************
|
||||
initialise a client structure
|
||||
Initialise a client structure.
|
||||
****************************************************************************/
|
||||
|
||||
struct cli_state *cli_initialise(struct cli_state *cli)
|
||||
{
|
||||
BOOL alloced_cli = False;
|
||||
@ -215,9 +212,8 @@ struct cli_state *cli_initialise(struct cli_state *cli)
|
||||
alloced_cli = True;
|
||||
}
|
||||
|
||||
if (cli->initialised) {
|
||||
cli_shutdown(cli);
|
||||
}
|
||||
if (cli->initialised)
|
||||
cli_close_connection(cli);
|
||||
|
||||
ZERO_STRUCTP(cli);
|
||||
|
||||
@ -234,7 +230,9 @@ struct cli_state *cli_initialise(struct cli_state *cli)
|
||||
cli->outbuf = (char *)malloc(cli->bufsize);
|
||||
cli->inbuf = (char *)malloc(cli->bufsize);
|
||||
cli->oplock_handler = cli_oplock_ack;
|
||||
if (lp_use_spnego()) {
|
||||
cli->use_spnego = True;
|
||||
}
|
||||
|
||||
/* Set the CLI_FORCE_DOSERR environment variable to test
|
||||
client routines using DOS errors instead of STATUS32
|
||||
@ -243,6 +241,10 @@ struct cli_state *cli_initialise(struct cli_state *cli)
|
||||
cli->force_dos_errors = True;
|
||||
}
|
||||
|
||||
/* A way to attempt to force SMB signing */
|
||||
if (getenv("CLI_FORCE_SMB_SIGNING"))
|
||||
cli->sign_info.negotiated_smb_signing = True;
|
||||
|
||||
if (!cli->outbuf || !cli->inbuf)
|
||||
goto error;
|
||||
|
||||
@ -273,43 +275,75 @@ struct cli_state *cli_initialise(struct cli_state *cli)
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
shutdown a client structure
|
||||
Close a client connection and free the memory without destroying cli itself.
|
||||
****************************************************************************/
|
||||
void cli_shutdown(struct cli_state *cli)
|
||||
|
||||
void cli_close_connection(struct cli_state *cli)
|
||||
{
|
||||
BOOL allocated;
|
||||
SAFE_FREE(cli->outbuf);
|
||||
SAFE_FREE(cli->inbuf);
|
||||
|
||||
data_blob_free(&cli->secblob);
|
||||
|
||||
if (cli->mem_ctx)
|
||||
if (cli->mem_ctx) {
|
||||
talloc_destroy(cli->mem_ctx);
|
||||
cli->mem_ctx = NULL;
|
||||
}
|
||||
|
||||
if (cli->fd != -1)
|
||||
close(cli->fd);
|
||||
allocated = cli->allocated;
|
||||
cli->fd = -1;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
Shutdown a client structure.
|
||||
****************************************************************************/
|
||||
|
||||
void cli_shutdown(struct cli_state *cli)
|
||||
{
|
||||
BOOL allocated = cli->allocated;
|
||||
cli_close_connection(cli);
|
||||
ZERO_STRUCTP(cli);
|
||||
if (allocated) {
|
||||
free(cli);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/****************************************************************************
|
||||
set socket options on a open connection
|
||||
Set socket options on a open connection.
|
||||
****************************************************************************/
|
||||
|
||||
void cli_sockopt(struct cli_state *cli, char *options)
|
||||
{
|
||||
set_socket_options(cli->fd, options);
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
set the PID to use for smb messages. Return the old pid.
|
||||
Set the PID to use for smb messages. Return the old pid.
|
||||
****************************************************************************/
|
||||
|
||||
uint16 cli_setpid(struct cli_state *cli, uint16 pid)
|
||||
{
|
||||
uint16 ret = cli->pid;
|
||||
cli->pid = pid;
|
||||
return ret;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
Send a keepalive packet to the server
|
||||
****************************************************************************/
|
||||
BOOL cli_send_keepalive(struct cli_state *cli)
|
||||
{
|
||||
if (cli->fd == -1) {
|
||||
DEBUG(3, ("cli_send_keepalive: fd == -1\n"));
|
||||
return False;
|
||||
}
|
||||
if (!send_keepalive(cli->fd)) {
|
||||
close(cli->fd);
|
||||
cli->fd = -1;
|
||||
DEBUG(0,("Error sending keepalive packet to client.\n"));
|
||||
return False;
|
||||
}
|
||||
return True;
|
||||
}
|
||||
|
||||
|
@ -156,7 +156,7 @@ void cli_dos_error(struct cli_state *cli, uint8 *eclass, uint32 *ecode)
|
||||
|
||||
/* Return a UNIX errno from a dos error class, error number tuple */
|
||||
|
||||
int cli_errno_from_dos(uint8 eclass, uint32 num)
|
||||
static int cli_errno_from_dos(uint8 eclass, uint32 num)
|
||||
{
|
||||
if (eclass == ERRDOS) {
|
||||
switch (num) {
|
||||
@ -205,7 +205,7 @@ static struct {
|
||||
{NT_STATUS(0), 0}
|
||||
};
|
||||
|
||||
int cli_errno_from_nt(NTSTATUS status)
|
||||
static int cli_errno_from_nt(NTSTATUS status)
|
||||
{
|
||||
int i;
|
||||
DEBUG(10,("cli_errno_from_nt: 32 bit codes: code=%08x\n", NT_STATUS_V(status)));
|
||||
|
@ -94,7 +94,7 @@ uint32 unix_perms_to_wire(mode_t perms)
|
||||
ret |= ((perms & S_ISGID) ? UNIX_SET_GID : 0);
|
||||
#endif
|
||||
#ifdef S_ISUID
|
||||
ret |= ((perms & S_ISVTX) ? UNIX_SET_UID : 0);
|
||||
ret |= ((perms & S_ISUID) ? UNIX_SET_UID : 0);
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
|
@ -64,6 +64,14 @@ static krb5_error_code krb5_mk_req2(krb5_context context,
|
||||
goto cleanup_creds;
|
||||
}
|
||||
|
||||
/* cope with the ticket being in the future due to clock skew */
|
||||
if ((unsigned)credsp->times.starttime > time(NULL)) {
|
||||
time_t t = time(NULL);
|
||||
int time_offset = (unsigned)credsp->times.starttime - t;
|
||||
DEBUG(4,("Advancing clock by %d seconds to cope with clock skew\n", time_offset));
|
||||
krb5_set_real_time(context, t + time_offset + 1, 0);
|
||||
}
|
||||
|
||||
in_data.length = 0;
|
||||
retval = krb5_mk_req_extended(context, auth_context, ap_req_options,
|
||||
&in_data, credsp, outbuf);
|
||||
@ -86,7 +94,7 @@ cleanup_princ:
|
||||
/*
|
||||
get a kerberos5 ticket for the given service
|
||||
*/
|
||||
DATA_BLOB krb5_get_ticket(char *principal)
|
||||
DATA_BLOB krb5_get_ticket(char *principal, time_t time_offset)
|
||||
{
|
||||
krb5_error_code retval;
|
||||
krb5_data packet;
|
||||
@ -94,7 +102,12 @@ DATA_BLOB krb5_get_ticket(char *principal)
|
||||
krb5_context context;
|
||||
krb5_auth_context auth_context = NULL;
|
||||
DATA_BLOB ret;
|
||||
krb5_enctype enc_types[] = {ENCTYPE_DES_CBC_MD5, ENCTYPE_NULL};
|
||||
krb5_enctype enc_types[] = {
|
||||
#ifdef ENCTYPE_ARCFOUR_HMAC
|
||||
ENCTYPE_ARCFOUR_HMAC,
|
||||
#endif
|
||||
ENCTYPE_DES_CBC_MD5,
|
||||
ENCTYPE_NULL};
|
||||
|
||||
retval = krb5_init_context(&context);
|
||||
if (retval) {
|
||||
@ -103,6 +116,10 @@ DATA_BLOB krb5_get_ticket(char *principal)
|
||||
goto failed;
|
||||
}
|
||||
|
||||
if (time_offset != 0) {
|
||||
krb5_set_real_time(context, time(NULL) + time_offset, 0);
|
||||
}
|
||||
|
||||
if ((retval = krb5_cc_default(context, &ccdef))) {
|
||||
DEBUG(1,("krb5_cc_default failed (%s)\n",
|
||||
error_message(retval)));
|
||||
@ -137,7 +154,7 @@ failed:
|
||||
|
||||
#else /* HAVE_KRB5 */
|
||||
/* this saves a few linking headaches */
|
||||
DATA_BLOB krb5_get_ticket(char *principal)
|
||||
DATA_BLOB krb5_get_ticket(char *principal, time_t time_offset)
|
||||
{
|
||||
DEBUG(0,("NO KERBEROS SUPPORT\n"));
|
||||
return data_blob(NULL, 0);
|
||||
|
@ -22,13 +22,13 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
|
||||
/****************************************************************************
|
||||
interpret a long filename structure - this is mostly guesses at the moment
|
||||
Interpret a long filename structure - this is mostly guesses at the moment.
|
||||
The length of the structure is returned
|
||||
The structure of a long filename depends on the info level. 260 is used
|
||||
by NT and 2 is used by OS/2
|
||||
****************************************************************************/
|
||||
|
||||
static int interpret_long_filename(struct cli_state *cli,
|
||||
int level,char *p,file_info *finfo)
|
||||
{
|
||||
@ -41,8 +41,7 @@ static int interpret_long_filename(struct cli_state *cli,
|
||||
|
||||
memcpy(finfo,&def_finfo,sizeof(*finfo));
|
||||
|
||||
switch (level)
|
||||
{
|
||||
switch (level) {
|
||||
case 1: /* OS/2 understands this */
|
||||
/* these dates are converted to GMT by
|
||||
make_unix_date */
|
||||
@ -132,10 +131,10 @@ static int interpret_long_filename(struct cli_state *cli,
|
||||
return(SVAL(p,0));
|
||||
}
|
||||
|
||||
|
||||
/****************************************************************************
|
||||
do a directory listing, calling fn on each file found
|
||||
Do a directory listing, calling fn on each file found.
|
||||
****************************************************************************/
|
||||
|
||||
int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
void (*fn)(file_info *, const char *, void *), void *state)
|
||||
{
|
||||
@ -307,12 +306,11 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
return(total_received);
|
||||
}
|
||||
|
||||
|
||||
|
||||
/****************************************************************************
|
||||
interpret a short filename structure
|
||||
The length of the structure is returned
|
||||
Interpret a short filename structure.
|
||||
The length of the structure is returned.
|
||||
****************************************************************************/
|
||||
|
||||
static int interpret_short_filename(struct cli_state *cli, char *p,file_info *finfo)
|
||||
{
|
||||
extern file_info def_finfo;
|
||||
@ -334,10 +332,11 @@ static int interpret_short_filename(struct cli_state *cli, char *p,file_info *fi
|
||||
|
||||
|
||||
/****************************************************************************
|
||||
do a directory listing, calling fn on each file found
|
||||
Do a directory listing, calling fn on each file found.
|
||||
this uses the old SMBsearch interface. It is needed for testing Samba,
|
||||
but should otherwise not be used
|
||||
but should otherwise not be used.
|
||||
****************************************************************************/
|
||||
|
||||
int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
void (*fn)(file_info *, const char *, void *), void *state)
|
||||
{
|
||||
@ -453,16 +452,15 @@ int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
return(num_received);
|
||||
}
|
||||
|
||||
|
||||
/****************************************************************************
|
||||
do a directory listing, calling fn on each file found
|
||||
this auto-switches between old and new style
|
||||
Do a directory listing, calling fn on each file found.
|
||||
This auto-switches between old and new style.
|
||||
****************************************************************************/
|
||||
|
||||
int cli_list(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
void (*fn)(file_info *, const char *, void *), void *state)
|
||||
{
|
||||
if (cli->protocol <= PROTOCOL_LANMAN1) {
|
||||
if (cli->protocol <= PROTOCOL_LANMAN1)
|
||||
return cli_list_old(cli, Mask, attribute, fn, state);
|
||||
}
|
||||
return cli_list_new(cli, Mask, attribute, fn, state);
|
||||
}
|
||||
|
@ -127,7 +127,7 @@ ssize_t cli_read(struct cli_state *cli, int fnum, char *buf, off_t offset, size_
|
||||
return total;
|
||||
}
|
||||
|
||||
#if 0 /* relies on client_recieve_smb(), now a static in libsmb/clientgen.c */
|
||||
#if 0 /* relies on client_receive_smb(), now a static in libsmb/clientgen.c */
|
||||
|
||||
/* This call is INCOMPATIBLE with SMB signing. If you remove the #if 0
|
||||
you must fix ensure you don't attempt to sign the packets - data
|
||||
|
@ -73,13 +73,56 @@ DATA_BLOB spnego_gen_negTokenInit(uint8 guid[16],
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
Generate a negTokenInit as used by the client side ... It has a mechType
|
||||
(OID), and a mechToken (a security blob) ...
|
||||
|
||||
Really, we need to break out the NTLMSSP stuff as well, because it could be
|
||||
raw in the packets!
|
||||
*/
|
||||
DATA_BLOB gen_negTokenInit(const char *OID, DATA_BLOB blob)
|
||||
{
|
||||
ASN1_DATA data;
|
||||
DATA_BLOB ret;
|
||||
|
||||
memset(&data, 0, sizeof(data));
|
||||
|
||||
asn1_push_tag(&data, ASN1_APPLICATION(0));
|
||||
asn1_write_OID(&data,OID_SPNEGO);
|
||||
asn1_push_tag(&data, ASN1_CONTEXT(0));
|
||||
asn1_push_tag(&data, ASN1_SEQUENCE(0));
|
||||
|
||||
asn1_push_tag(&data, ASN1_CONTEXT(0));
|
||||
asn1_push_tag(&data, ASN1_SEQUENCE(0));
|
||||
asn1_write_OID(&data, OID);
|
||||
asn1_pop_tag(&data);
|
||||
asn1_pop_tag(&data);
|
||||
|
||||
asn1_push_tag(&data, ASN1_CONTEXT(2));
|
||||
asn1_write_OctetString(&data,blob.data,blob.length);
|
||||
asn1_pop_tag(&data);
|
||||
|
||||
asn1_pop_tag(&data);
|
||||
asn1_pop_tag(&data);
|
||||
|
||||
asn1_pop_tag(&data);
|
||||
|
||||
if (data.has_error) {
|
||||
DEBUG(1,("Failed to build negTokenInit at offset %d\n", (int)data.ofs));
|
||||
asn1_free(&data);
|
||||
}
|
||||
|
||||
ret = data_blob(data.data, data.length);
|
||||
asn1_free(&data);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
parse a negTokenInit packet giving a GUID, a list of supported
|
||||
OIDs (the mechanisms) and a principal name string
|
||||
*/
|
||||
BOOL spnego_parse_negTokenInit(DATA_BLOB blob,
|
||||
uint8 guid[16],
|
||||
char *OIDs[ASN1_MAX_OIDS],
|
||||
char **principal)
|
||||
{
|
||||
@ -89,7 +132,6 @@ BOOL spnego_parse_negTokenInit(DATA_BLOB blob,
|
||||
|
||||
asn1_load(&data, blob);
|
||||
|
||||
asn1_read(&data, guid, 16);
|
||||
asn1_start_tag(&data,ASN1_APPLICATION(0));
|
||||
asn1_check_OID(&data,OID_SPNEGO);
|
||||
asn1_start_tag(&data,ASN1_CONTEXT(0));
|
||||
@ -279,13 +321,13 @@ BOOL spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket)
|
||||
generate a SPNEGO negTokenTarg packet, ready for a EXTENDED_SECURITY
|
||||
kerberos session setup
|
||||
*/
|
||||
DATA_BLOB spnego_gen_negTokenTarg(struct cli_state *cli, char *principal)
|
||||
DATA_BLOB spnego_gen_negTokenTarg(const char *principal, int time_offset)
|
||||
{
|
||||
DATA_BLOB tkt, tkt_wrapped, targ;
|
||||
const char *krb_mechs[] = {OID_KERBEROS5_OLD, OID_NTLMSSP, NULL};
|
||||
|
||||
/* get a kerberos ticket for the service */
|
||||
tkt = krb5_get_ticket(principal);
|
||||
tkt = krb5_get_ticket(principal, time_offset);
|
||||
|
||||
/* wrap that up in a nice GSS-API wrapping */
|
||||
tkt_wrapped = spnego_gen_krb5_wrap(tkt);
|
||||
@ -473,8 +515,10 @@ DATA_BLOB spnego_gen_auth_response(void)
|
||||
|
||||
U = unicode string (input is unix string)
|
||||
a = address (1 byte type, 1 byte length, unicode string, all inline)
|
||||
A = ASCII string (pointer + length) Actually same as B
|
||||
B = data blob (pointer + length)
|
||||
b = data blob in header (pointer + length)
|
||||
D
|
||||
d = word (4 bytes)
|
||||
C = constant ascii string
|
||||
*/
|
||||
@ -502,6 +546,7 @@ BOOL msrpc_gen(DATA_BLOB *blob,
|
||||
s = va_arg(ap, char *);
|
||||
data_size += (str_charnum(s) * 2) + 4;
|
||||
break;
|
||||
case 'A':
|
||||
case 'B':
|
||||
b = va_arg(ap, uint8 *);
|
||||
head_size += 8;
|
||||
@ -554,6 +599,7 @@ BOOL msrpc_gen(DATA_BLOB *blob,
|
||||
data_ofs += n*2;
|
||||
break;
|
||||
|
||||
case 'A':
|
||||
case 'B':
|
||||
b = va_arg(ap, uint8 *);
|
||||
n = va_arg(ap, int);
|
||||
@ -688,37 +734,39 @@ BOOL msrpc_parse(DATA_BLOB *blob,
|
||||
|
||||
void debug_ntlmssp_flags(uint32 neg_flags)
|
||||
{
|
||||
DEBUG(3,("Got NTLMSSP neg_flags=0x%08x\n", neg_flags));
|
||||
|
||||
if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE)
|
||||
DEBUG(4, (" NTLMSSP_NEGOTIATE_UNICODE\n"));
|
||||
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_UNICODE\n"));
|
||||
if (neg_flags & NTLMSSP_NEGOTIATE_OEM)
|
||||
DEBUG(4, (" NTLMSSP_NEGOTIATE_OEM\n"));
|
||||
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_OEM\n"));
|
||||
if (neg_flags & NTLMSSP_REQUEST_TARGET)
|
||||
DEBUG(4, (" NTLMSSP_REQUEST_TARGET\n"));
|
||||
DEBUGADD(4, (" NTLMSSP_REQUEST_TARGET\n"));
|
||||
if (neg_flags & NTLMSSP_NEGOTIATE_SIGN)
|
||||
DEBUG(4, (" NTLMSSP_NEGOTIATE_SIGN\n"));
|
||||
if (neg_flags & NTLMSSP_NEGOTIATE_SIGN)
|
||||
DEBUG(4, (" NTLMSSP_NEGOTIATE_SEAL\n"));
|
||||
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_SIGN\n"));
|
||||
if (neg_flags & NTLMSSP_NEGOTIATE_SEAL)
|
||||
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_SEAL\n"));
|
||||
if (neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
|
||||
DEBUG(4, (" NTLMSSP_NEGOTIATE_LM_KEY\n"));
|
||||
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_LM_KEY\n"));
|
||||
if (neg_flags & NTLMSSP_NEGOTIATE_NETWARE)
|
||||
DEBUG(4, (" NTLMSSP_NEGOTIATE_NETWARE\n"));
|
||||
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NETWARE\n"));
|
||||
if (neg_flags & NTLMSSP_NEGOTIATE_NTLM)
|
||||
DEBUG(4, (" NTLMSSP_NEGOTIATE_NTLM\n"));
|
||||
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NTLM\n"));
|
||||
if (neg_flags & NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED)
|
||||
DEBUG(4, (" NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED\n"));
|
||||
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED\n"));
|
||||
if (neg_flags & NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED)
|
||||
DEBUG(4, (" NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED\n"));
|
||||
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED\n"));
|
||||
if (neg_flags & NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL)
|
||||
DEBUG(4, (" NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL\n"));
|
||||
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL\n"));
|
||||
if (neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
|
||||
DEBUG(4, (" NTLMSSP_NEGOTIATE_ALWAYS_SIGN\n"));
|
||||
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_ALWAYS_SIGN\n"));
|
||||
if (neg_flags & NTLMSSP_NEGOTIATE_NTLM2)
|
||||
DEBUG(4, (" NTLMSSP_NEGOTIATE_NTLM2\n"));
|
||||
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NTLM2\n"));
|
||||
if (neg_flags & NTLMSSP_CHAL_TARGET_INFO)
|
||||
DEBUG(4, (" NTLMSSP_CHAL_TARGET_INFO\n"));
|
||||
DEBUGADD(4, (" NTLMSSP_CHAL_TARGET_INFO\n"));
|
||||
if (neg_flags & NTLMSSP_NEGOTIATE_128)
|
||||
DEBUG(4, (" NTLMSSP_NEGOTIATE_128\n"));
|
||||
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_128\n"));
|
||||
if (neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)
|
||||
DEBUG(4, (" NTLMSSP_NEGOTIATE_KEY_EXCH\n"));
|
||||
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_KEY_EXCH\n"));
|
||||
}
|
||||
|
||||
|
@ -89,7 +89,7 @@ static int smbc_add_cached_server(SMBCCTX * context, SMBCSRV * new,
|
||||
goto failed;
|
||||
}
|
||||
|
||||
DLIST_ADD(((struct smbc_server_cache *)context->server_cache), srvcache);
|
||||
DLIST_ADD((context->server_cache), srvcache);
|
||||
return 0;
|
||||
|
||||
failed:
|
||||
@ -139,7 +139,7 @@ static int smbc_remove_cached_server(SMBCCTX * context, SMBCSRV * server)
|
||||
if (server == srv->server) {
|
||||
|
||||
/* remove this sucker */
|
||||
DLIST_REMOVE(((struct smbc_server_cache *)context->server_cache), srv);
|
||||
DLIST_REMOVE(context->server_cache, srv);
|
||||
SAFE_FREE(srv->server_name);
|
||||
SAFE_FREE(srv->share_name);
|
||||
SAFE_FREE(srv->workgroup);
|
||||
|
@ -180,14 +180,13 @@ smbc_parse_path(SMBCCTX *context, const char *fname, char *server, char *share,
|
||||
|
||||
static int smbc_errno(SMBCCTX *context, struct cli_state *c)
|
||||
{
|
||||
int ret;
|
||||
int ret = cli_errno(c);
|
||||
|
||||
if (cli_is_dos_error(c)) {
|
||||
uint8 eclass;
|
||||
uint32 ecode;
|
||||
|
||||
cli_dos_error(c, &eclass, &ecode);
|
||||
ret = cli_errno_from_dos(eclass, ecode);
|
||||
|
||||
DEBUG(3,("smbc_error %d %d (0x%x) -> %d\n",
|
||||
(int)eclass, (int)ecode, (int)ecode, ret));
|
||||
@ -195,10 +194,9 @@ static int smbc_errno(SMBCCTX *context, struct cli_state *c)
|
||||
NTSTATUS status;
|
||||
|
||||
status = cli_nt_error(c);
|
||||
ret = cli_errno_from_nt(status);
|
||||
|
||||
DEBUG(3,("smbc errno %s -> %d\n",
|
||||
get_nt_error_msg(status), ret));
|
||||
nt_errstr(status), ret));
|
||||
}
|
||||
|
||||
return ret;
|
||||
@ -213,7 +211,7 @@ static int smbc_errno(SMBCCTX *context, struct cli_state *c)
|
||||
*/
|
||||
int smbc_check_server(SMBCCTX * context, SMBCSRV * server)
|
||||
{
|
||||
if ( cli_send_keepalive(&server->cli) == False )
|
||||
if ( send_keepalive(server->cli.fd) == False )
|
||||
return 1;
|
||||
|
||||
/* connection is ok */
|
||||
@ -380,7 +378,7 @@ SMBCSRV *smbc_server(SMBCCTX *context,
|
||||
fstring remote_name;
|
||||
struct in_addr rem_ip;
|
||||
|
||||
if (!inet_aton(server, &rem_ip)) {
|
||||
if ((rem_ip.s_addr=inet_addr(server)) == INADDR_NONE) {
|
||||
DEBUG(4, ("Could not convert IP address %s to struct in_addr\n", server));
|
||||
errno = ENOENT;
|
||||
return NULL;
|
||||
|
@ -29,24 +29,24 @@ static TDB_CONTEXT *namecache_tdb;
|
||||
struct nc_value {
|
||||
time_t expiry; /* When entry expires */
|
||||
int count; /* Number of addresses */
|
||||
struct in_addr ip_list[0]; /* Address list */
|
||||
struct in_addr ip_list[1]; /* Address list */
|
||||
};
|
||||
|
||||
/* Initialise namecache system */
|
||||
|
||||
void namecache_enable(void)
|
||||
BOOL namecache_enable(void)
|
||||
{
|
||||
/* Check if we have been here before, or name caching disabled
|
||||
by setting the name cache timeout to zero. */
|
||||
|
||||
if (done_namecache_init)
|
||||
return;
|
||||
return False;
|
||||
|
||||
done_namecache_init = True;
|
||||
|
||||
if (lp_name_cache_timeout() == 0) {
|
||||
DEBUG(5, ("namecache_init: disabling netbios name cache\n"));
|
||||
return;
|
||||
return False;
|
||||
}
|
||||
|
||||
/* Open namecache tdb in read/write or readonly mode */
|
||||
@ -58,13 +58,15 @@ void namecache_enable(void)
|
||||
if (!namecache_tdb) {
|
||||
DEBUG(5, ("namecache_init: could not open %s\n",
|
||||
lock_path("namecache.tdb")));
|
||||
return;
|
||||
return False;
|
||||
}
|
||||
|
||||
DEBUG(5, ("namecache_init: enabling netbios namecache, timeout %d "
|
||||
"seconds\n", lp_name_cache_timeout()));
|
||||
|
||||
enable_namecache = True;
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
/* Return a key for a name and name type. The caller must free
|
||||
@ -91,17 +93,20 @@ static TDB_DATA namecache_value(struct in_addr *ip_list, int num_names,
|
||||
{
|
||||
TDB_DATA retval;
|
||||
struct nc_value *value;
|
||||
int size;
|
||||
int size = sizeof(struct nc_value);
|
||||
|
||||
size = sizeof(struct nc_value) + sizeof(struct in_addr) *
|
||||
num_names;
|
||||
if (num_names > 0)
|
||||
size += sizeof(struct in_addr) * (num_names-1);
|
||||
|
||||
value = (struct nc_value *)malloc(size);
|
||||
|
||||
memset(value, 0, size);
|
||||
|
||||
value->expiry = expiry;
|
||||
value->count = num_names;
|
||||
|
||||
memcpy(value->ip_list, ip_list, num_names * sizeof(struct in_addr));
|
||||
if (ip_list)
|
||||
memcpy(value->ip_list, ip_list, sizeof(struct in_addr) * num_names);
|
||||
|
||||
retval.dptr = (char *)value;
|
||||
retval.dsize = size;
|
||||
@ -160,6 +165,9 @@ BOOL namecache_fetch(const char *name, int name_type, struct in_addr **ip_list,
|
||||
time_t now;
|
||||
int i;
|
||||
|
||||
*ip_list = NULL;
|
||||
*num_names = 0;
|
||||
|
||||
if (!enable_namecache)
|
||||
return False;
|
||||
|
||||
@ -209,21 +217,24 @@ BOOL namecache_fetch(const char *name, int name_type, struct in_addr **ip_list,
|
||||
|
||||
/* Extract and return namelist */
|
||||
|
||||
DEBUG(5, ("namecache_fetch: returning %d address%s for %s#%02x: ",
|
||||
data->count, data->count == 1 ? "" : "es", name, name_type));
|
||||
|
||||
if (data->count) {
|
||||
|
||||
*ip_list = (struct in_addr *)malloc(
|
||||
sizeof(struct in_addr) * data->count);
|
||||
|
||||
memcpy(*ip_list, data->ip_list, sizeof(struct in_addr) *
|
||||
data->count);
|
||||
memcpy(*ip_list, data->ip_list, sizeof(struct in_addr) * data->count);
|
||||
|
||||
*num_names = data->count;
|
||||
|
||||
DEBUG(5, ("namecache_fetch: returning %d address%s for %s#%02x: ",
|
||||
*num_names, *num_names == 1 ? "" : "es", name, name_type));
|
||||
|
||||
for (i = 0; i < *num_names; i++)
|
||||
DEBUGADD(5, ("%s%s", inet_ntoa((*ip_list)[i]),
|
||||
i == (*num_names - 1) ? "" : ", "));
|
||||
|
||||
}
|
||||
|
||||
DEBUGADD(5, ("\n"));
|
||||
|
||||
done:
|
||||
|
@ -28,7 +28,7 @@ typedef const struct
|
||||
NTSTATUS nt_errcode;
|
||||
} nt_err_code_struct;
|
||||
|
||||
nt_err_code_struct nt_errs[] =
|
||||
static nt_err_code_struct nt_errs[] =
|
||||
{
|
||||
{ "NT_STATUS_OK", NT_STATUS_OK },
|
||||
{ "NT_STATUS_UNSUCCESSFUL", NT_STATUS_UNSUCCESSFUL },
|
||||
|
@ -116,31 +116,55 @@ void nt_lm_owf_gen(const char *pwd, uchar nt_p16[16], uchar p16[16])
|
||||
}
|
||||
|
||||
/* Does both the NTLMv2 owfs of a user's password */
|
||||
void ntv2_owf_gen(const uchar owf[16],
|
||||
const char *user_n, const char *domain_n, uchar kr_buf[16])
|
||||
BOOL ntv2_owf_gen(const uchar owf[16],
|
||||
const char *user_in, const char *domain_in, uchar kr_buf[16])
|
||||
{
|
||||
pstring user_u;
|
||||
pstring dom_u;
|
||||
smb_ucs2_t *user;
|
||||
smb_ucs2_t *domain;
|
||||
|
||||
int user_byte_len;
|
||||
int domain_byte_len;
|
||||
|
||||
HMACMD5Context ctx;
|
||||
|
||||
int user_l = strlen(user_n);
|
||||
int domain_l = strlen(domain_n);
|
||||
user_byte_len = push_ucs2_allocate(&user, user_in);
|
||||
if (user_byte_len < 0) {
|
||||
DEBUG(0, ("push_uss2_allocate() for user returned %d (probably malloc() failure)\n", user_byte_len));
|
||||
return False;
|
||||
}
|
||||
|
||||
push_ucs2(NULL, user_u, user_n, (user_l+1)*2, STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER);
|
||||
push_ucs2(NULL, dom_u, domain_n, (domain_l+1)*2, STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER);
|
||||
domain_byte_len = push_ucs2_allocate(&domain, domain_in);
|
||||
if (domain_byte_len < 0) {
|
||||
DEBUG(0, ("push_uss2_allocate() for domain returned %d (probably malloc() failure)\n", user_byte_len));
|
||||
return False;
|
||||
}
|
||||
|
||||
strupper_w(user);
|
||||
strupper_w(domain);
|
||||
|
||||
/* We don't want null termination */
|
||||
user_byte_len = user_byte_len - 2;
|
||||
domain_byte_len = domain_byte_len - 2;
|
||||
|
||||
SMB_ASSERT(user_byte_len >= 0);
|
||||
SMB_ASSERT(domain_byte_len >= 0);
|
||||
|
||||
hmac_md5_init_limK_to_64(owf, 16, &ctx);
|
||||
hmac_md5_update((const unsigned char *)user_u, user_l * 2, &ctx);
|
||||
hmac_md5_update((const unsigned char *)dom_u, domain_l * 2, &ctx);
|
||||
hmac_md5_update((const unsigned char *)user, user_byte_len, &ctx);
|
||||
hmac_md5_update((const unsigned char *)domain, domain_byte_len, &ctx);
|
||||
hmac_md5_final(kr_buf, &ctx);
|
||||
|
||||
#ifdef DEBUG_PASSWORD
|
||||
DEBUG(100, ("ntv2_owf_gen: user, domain, owfkey, kr\n"));
|
||||
dump_data(100, user_u, user_l * 2);
|
||||
dump_data(100, dom_u, domain_l * 2);
|
||||
dump_data(100, (const char *)user, user_byte_len);
|
||||
dump_data(100, (const char *)domain, domain_byte_len);
|
||||
dump_data(100, owf, 16);
|
||||
dump_data(100, kr_buf, 16);
|
||||
#endif
|
||||
|
||||
SAFE_FREE(user);
|
||||
SAFE_FREE(domain);
|
||||
return True;
|
||||
}
|
||||
|
||||
/* Does the des encryption from the NT or LM MD4 hash. */
|
||||
@ -148,7 +172,7 @@ void SMBOWFencrypt(const uchar passwd[16], const uchar *c8, uchar p24[24])
|
||||
{
|
||||
uchar p21[21];
|
||||
|
||||
memset(p21,'\0',21);
|
||||
ZERO_STRUCT(p21);
|
||||
|
||||
memcpy(p21, passwd, 16);
|
||||
E_P24(p21, c8, p24);
|
||||
@ -362,6 +386,12 @@ void cli_caclulate_sign_mac(struct cli_state *cli)
|
||||
unsigned char calc_md5_mac[16];
|
||||
struct MD5Context md5_ctx;
|
||||
|
||||
if (cli->sign_info.temp_smb_signing) {
|
||||
memcpy(&cli->outbuf[smb_ss_field], "SignRequest", 8);
|
||||
cli->sign_info.temp_smb_signing = False;
|
||||
return;
|
||||
}
|
||||
|
||||
if (!cli->sign_info.use_smb_signing) {
|
||||
return;
|
||||
}
|
||||
@ -380,6 +410,8 @@ void cli_caclulate_sign_mac(struct cli_state *cli)
|
||||
MD5Final(calc_md5_mac, &md5_ctx);
|
||||
|
||||
memcpy(&cli->outbuf[smb_ss_field], calc_md5_mac, 8);
|
||||
/* cli->outbuf[smb_ss_field+2]=0;
|
||||
Uncomment this to test if the remote server actually verifies signitures...*/
|
||||
cli->sign_info.send_seq_num++;
|
||||
cli->sign_info.reply_seq_num = cli->sign_info.send_seq_num;
|
||||
cli->sign_info.send_seq_num++;
|
||||
|
@ -35,8 +35,9 @@ static NTSTATUS just_change_the_password(struct cli_state *cli, TALLOC_CTX *mem_
|
||||
unsigned char new_trust_passwd_hash[16])
|
||||
{
|
||||
NTSTATUS result;
|
||||
result = cli_nt_setup_creds(cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ?
|
||||
SEC_CHAN_WKSTA : SEC_CHAN_BDC, orig_trust_passwd_hash);
|
||||
uint32 neg_flags = 0x000001ff;
|
||||
|
||||
result = cli_nt_setup_creds(cli, get_sec_chan(), orig_trust_passwd_hash, &neg_flags, 2);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
DEBUG(1,("just_change_the_password: unable to setup creds (%s)!\n",
|
||||
|
@ -142,7 +142,7 @@ static NTSTATUS do_lock(files_struct *fsp,connection_struct *conn, uint16 lock_p
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
Utility function called by locking requests. This is *DISGISTING*. It also
|
||||
Utility function called by locking requests. This is *DISGUSTING*. It also
|
||||
appears to be "What Windows Does" (tm). Andrew, ever wonder why Windows 2000
|
||||
is so slow on the locking tests...... ? This is the reason. Much though I hate
|
||||
it, we need this. JRA.
|
||||
|
@ -334,7 +334,8 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
|
||||
/* Push domain components */
|
||||
dc = domain;
|
||||
q1 = q;
|
||||
while ((component = strsep(&dc, "."))) {
|
||||
while ((component = strtok(dc, "."))) {
|
||||
dc = NULL;
|
||||
size = push_ascii(&q[1], component, -1, 0);
|
||||
SCVAL(q, 0, size);
|
||||
q += (size + 1);
|
||||
|
@ -70,7 +70,11 @@ static void sync_child(char *name, int nm_type,
|
||||
uint32 local_type = local ? SV_TYPE_LOCAL_LIST_ONLY : 0;
|
||||
struct nmb_name called, calling;
|
||||
|
||||
if (!cli_initialise(&cli) || !cli_connect(&cli, name, &ip)) {
|
||||
/* W2K DMB's return empty browse lists on port 445. Use 139.
|
||||
* Patch from Andy Levine andyl@epicrealm.com.
|
||||
*/
|
||||
|
||||
if (!cli_initialise(&cli) || !cli_set_port(&cli, 139) || !cli_connect(&cli, name, &ip)) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -11,11 +11,6 @@
|
||||
|
||||
#include "pam_winbind.h"
|
||||
|
||||
/* prototypes from common.c */
|
||||
void init_request(struct winbindd_request *req,int rq_type);
|
||||
int write_sock(void *buffer, int count);
|
||||
int read_reply(struct winbindd_response *response);
|
||||
|
||||
/* data tokens */
|
||||
|
||||
#define MAX_PASSWD_TRIES 3
|
||||
@ -99,24 +94,30 @@ static int _make_remark(pam_handle_t * pamh, int type, const char *text)
|
||||
return retval;
|
||||
}
|
||||
|
||||
static int winbind_request(enum winbindd_cmd req_type,
|
||||
static int pam_winbind_request(enum winbindd_cmd req_type,
|
||||
struct winbindd_request *request,
|
||||
struct winbindd_response *response)
|
||||
{
|
||||
|
||||
/* Fill in request and send down pipe */
|
||||
init_request(request, req_type);
|
||||
|
||||
if (write_sock(request, sizeof(*request)) == -1) {
|
||||
_pam_log(LOG_ERR, "write to socket failed!");
|
||||
close_sock();
|
||||
return PAM_SERVICE_ERR;
|
||||
}
|
||||
|
||||
/* Wait for reply */
|
||||
if (read_reply(response) == -1) {
|
||||
_pam_log(LOG_ERR, "read from socket failed!");
|
||||
close_sock();
|
||||
return PAM_SERVICE_ERR;
|
||||
}
|
||||
|
||||
/* We are done with the socket - close it and avoid mischeif */
|
||||
close_sock();
|
||||
|
||||
/* Copy reply data from socket */
|
||||
if (response->result != WINBINDD_OK) {
|
||||
if (response->data.auth.pam_error != PAM_SUCCESS) {
|
||||
@ -148,7 +149,7 @@ static int winbind_auth_request(const char *user, const char *pass, int ctrl)
|
||||
strncpy(request.data.auth.pass, pass,
|
||||
sizeof(request.data.auth.pass)-1);
|
||||
|
||||
retval = winbind_request(WINBINDD_PAM_AUTH, &request, &response);
|
||||
retval = pam_winbind_request(WINBINDD_PAM_AUTH, &request, &response);
|
||||
|
||||
switch (retval) {
|
||||
case PAM_AUTH_ERR:
|
||||
@ -217,7 +218,7 @@ static int winbind_chauthtok_request(const char *user, const char *oldpass,
|
||||
request.data.chauthtok.newpass[0] = '\0';
|
||||
}
|
||||
|
||||
return winbind_request(WINBINDD_PAM_CHAUTHTOK, &request, &response);
|
||||
return pam_winbind_request(WINBINDD_PAM_CHAUTHTOK, &request, &response);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -90,5 +90,4 @@ do { \
|
||||
#define on(x, y) (x & y)
|
||||
#define off(x, y) (!(x & y))
|
||||
|
||||
#include "winbind_nss_config.h"
|
||||
#include "winbindd_nss.h"
|
||||
#include "winbind_client.h"
|
||||
|
@ -5,6 +5,8 @@
|
||||
|
||||
Copyright (C) Tim Potter 2000
|
||||
Copyright (C) Andrew Tridgell 2000
|
||||
Copyright (C) Andrew Bartlett 2002
|
||||
|
||||
|
||||
This library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Library General Public
|
||||
@ -75,7 +77,7 @@ void init_response(struct winbindd_response *response)
|
||||
|
||||
/* Close established socket */
|
||||
|
||||
static void close_sock(void)
|
||||
void close_sock(void)
|
||||
{
|
||||
if (winbindd_fd != -1) {
|
||||
close(winbindd_fd);
|
||||
@ -83,14 +85,75 @@ static void close_sock(void)
|
||||
}
|
||||
}
|
||||
|
||||
/* Make sure socket handle isn't stdin, stdout or stderr */
|
||||
#define RECURSION_LIMIT 3
|
||||
|
||||
static int make_nonstd_fd_internals(int fd, int limit /* Recursion limiter */)
|
||||
{
|
||||
int new_fd;
|
||||
if (fd >= 0 && fd <= 2) {
|
||||
#ifdef F_DUPFD
|
||||
if ((new_fd = fcntl(fd, F_DUPFD, 3)) == -1) {
|
||||
return -1;
|
||||
}
|
||||
/* Parinoia */
|
||||
if (new_fd < 3) {
|
||||
close(new_fd);
|
||||
return -1;
|
||||
}
|
||||
close(fd);
|
||||
return new_fd;
|
||||
#else
|
||||
if (limit <= 0)
|
||||
return -1;
|
||||
|
||||
new_fd = dup(fd);
|
||||
if (new_fd == -1)
|
||||
return -1;
|
||||
|
||||
/* use the program stack to hold our list of FDs to close */
|
||||
new_fd = make_nonstd_fd_internals(new_fd, limit - 1);
|
||||
close(fd);
|
||||
return new_fd;
|
||||
#endif
|
||||
}
|
||||
return fd;
|
||||
}
|
||||
|
||||
static int make_safe_fd(int fd)
|
||||
{
|
||||
int result, flags;
|
||||
int new_fd = make_nonstd_fd_internals(fd, RECURSION_LIMIT);
|
||||
if (new_fd == -1) {
|
||||
close(fd);
|
||||
return -1;
|
||||
}
|
||||
/* Socket should be closed on exec() */
|
||||
|
||||
#ifdef FD_CLOEXEC
|
||||
result = flags = fcntl(new_fd, F_GETFD, 0);
|
||||
if (flags >= 0) {
|
||||
flags |= FD_CLOEXEC;
|
||||
result = fcntl( new_fd, F_SETFD, flags );
|
||||
}
|
||||
if (result < 0) {
|
||||
close(new_fd);
|
||||
return -1;
|
||||
}
|
||||
#endif
|
||||
return new_fd;
|
||||
}
|
||||
|
||||
/* Connect to winbindd socket */
|
||||
|
||||
int winbind_open_pipe_sock(void)
|
||||
{
|
||||
#ifdef HAVE_UNIXSOCKET
|
||||
struct sockaddr_un sunaddr;
|
||||
static pid_t our_pid;
|
||||
struct stat st;
|
||||
pstring path;
|
||||
int fd;
|
||||
|
||||
if (our_pid != getpid()) {
|
||||
close_sock();
|
||||
@ -144,10 +207,14 @@ int winbind_open_pipe_sock(void)
|
||||
|
||||
/* Connect to socket */
|
||||
|
||||
if ((winbindd_fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
|
||||
if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
if ((winbindd_fd = make_safe_fd( fd)) == -1) {
|
||||
return winbindd_fd;
|
||||
}
|
||||
|
||||
if (connect(winbindd_fd, (struct sockaddr *)&sunaddr,
|
||||
sizeof(sunaddr)) == -1) {
|
||||
close_sock();
|
||||
@ -155,6 +222,9 @@ int winbind_open_pipe_sock(void)
|
||||
}
|
||||
|
||||
return winbindd_fd;
|
||||
#else
|
||||
return -1;
|
||||
#endif /* HAVE_UNIXSOCKET */
|
||||
}
|
||||
|
||||
/* Write data to winbindd socket */
|
||||
|
@ -28,11 +28,7 @@
|
||||
#undef DBGC_CLASS
|
||||
#define DBGC_CLASS DBGC_WINBIND
|
||||
|
||||
/* Prototypes from common.h */
|
||||
|
||||
NSS_STATUS winbindd_request(int req_type,
|
||||
struct winbindd_request *request,
|
||||
struct winbindd_response *response);
|
||||
extern int winbindd_fd;
|
||||
|
||||
static char winbind_separator(void)
|
||||
{
|
||||
@ -450,6 +446,7 @@ static BOOL wbinfo_auth(char *username)
|
||||
d_printf("plaintext password authentication %s\n",
|
||||
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
|
||||
|
||||
if (response.data.auth.nt_status)
|
||||
d_printf("error code was %s (0x%x)\n",
|
||||
response.data.auth.nt_status_string,
|
||||
response.data.auth.nt_status);
|
||||
@ -504,6 +501,7 @@ static BOOL wbinfo_auth_crap(char *username)
|
||||
d_printf("challenge/response password authentication %s\n",
|
||||
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
|
||||
|
||||
if (response.data.auth.nt_status)
|
||||
d_printf("error code was %s (0x%x)\n",
|
||||
response.data.auth.nt_status_string,
|
||||
response.data.auth.nt_status);
|
||||
@ -613,38 +611,12 @@ static BOOL wbinfo_ping(void)
|
||||
|
||||
/* Display response */
|
||||
|
||||
d_printf("'ping' to winbindd %s\n",
|
||||
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
|
||||
d_printf("'ping' to winbindd %s on fd %d\n",
|
||||
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", winbindd_fd);
|
||||
|
||||
return result == NSS_STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
/* Print program usage */
|
||||
|
||||
static void usage(void)
|
||||
{
|
||||
d_printf("Usage: wbinfo -ug | -n name | -sSY sid | -UG uid/gid | -tm "
|
||||
"| -[aA] user%%password\n");
|
||||
d_printf("\t-u\t\t\tlists all domain users\n");
|
||||
d_printf("\t-g\t\t\tlists all domain groups\n");
|
||||
d_printf("\t-n name\t\t\tconverts name to sid\n");
|
||||
d_printf("\t-s sid\t\t\tconverts sid to name\n");
|
||||
d_printf("\t-N name\t\t\tconverts NetBIOS name to IP (WINS)\n");
|
||||
d_printf("\t-I name\t\t\tconverts IP address to NetBIOS name (WINS)\n");
|
||||
d_printf("\t-U uid\t\t\tconverts uid to sid\n");
|
||||
d_printf("\t-G gid\t\t\tconverts gid to sid\n");
|
||||
d_printf("\t-S sid\t\t\tconverts sid to uid\n");
|
||||
d_printf("\t-Y sid\t\t\tconverts sid to gid\n");
|
||||
d_printf("\t-t\t\t\tcheck shared secret\n");
|
||||
d_printf("\t-m\t\t\tlist trusted domains\n");
|
||||
d_printf("\t-r user\t\t\tget user groups\n");
|
||||
d_printf("\t-a user%%password\tauthenticate user\n");
|
||||
d_printf("\t-A user%%password\tstore user and password used by winbindd (root only)\n");
|
||||
d_printf("\t-p\t\t\t'ping' winbindd to see if it is alive\n");
|
||||
d_printf("\t--sequence\t\tshow sequence numbers of all domains\n");
|
||||
d_printf("\t--set-auth-user DOMAIN\\user%%password\tset password for restrict anonymous\n");
|
||||
}
|
||||
|
||||
/* Main program */
|
||||
|
||||
enum {
|
||||
@ -664,28 +636,28 @@ int main(int argc, char **argv)
|
||||
int result = 1;
|
||||
|
||||
struct poptOption long_options[] = {
|
||||
POPT_AUTOHELP
|
||||
|
||||
/* longName, shortName, argInfo, argPtr, value, descrip,
|
||||
argDesc */
|
||||
|
||||
{ "help", 'h', POPT_ARG_NONE, 0, 'h' },
|
||||
{ "domain-users", 'u', POPT_ARG_NONE, 0, 'u' },
|
||||
{ "domain-groups", 'g', POPT_ARG_NONE, 0, 'g' },
|
||||
{ "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N' },
|
||||
{ "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I' },
|
||||
{ "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n' },
|
||||
{ "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's' },
|
||||
{ "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U' },
|
||||
{ "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G' },
|
||||
{ "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S' },
|
||||
{ "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y' },
|
||||
{ "check-secret", 't', POPT_ARG_NONE, 0, 't' },
|
||||
{ "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm' },
|
||||
{ "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE },
|
||||
{ "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r' },
|
||||
{ "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a' },
|
||||
{ "set-auth-user", 'A', POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER },
|
||||
{ "ping", 'p', POPT_ARG_NONE, 0, 'p' },
|
||||
{ "domain-users", 'u', POPT_ARG_NONE, 0, 'u', "Lists all domain users"},
|
||||
{ "domain-groups", 'g', POPT_ARG_NONE, 0, 'g', "Lists all domain groups" },
|
||||
{ "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N', "Converts NetBIOS name to IP (WINS)" },
|
||||
{ "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I', "Converts IP address to NetBIOS name (WINS)" },
|
||||
{ "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n', "Converts name to sid" },
|
||||
{ "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's', "Converts sid to name" },
|
||||
{ "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U', "Converts uid to sid" },
|
||||
{ "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid" },
|
||||
{ "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid" },
|
||||
{ "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid" },
|
||||
{ "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
|
||||
{ "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
|
||||
{ "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "show sequence numbers of all domains" },
|
||||
{ "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups" },
|
||||
{ "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
|
||||
{ "set-auth-user", 'A', POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" },
|
||||
{ "ping", 'p', POPT_ARG_NONE, 0, 'p', "'ping' winbindd to see if it is alive" },
|
||||
{ 0, 0, 0, 0 }
|
||||
};
|
||||
|
||||
@ -708,17 +680,17 @@ int main(int argc, char **argv)
|
||||
|
||||
load_interfaces();
|
||||
|
||||
/* Parse command line options */
|
||||
|
||||
if (argc == 1) {
|
||||
usage();
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Parse options */
|
||||
|
||||
pc = poptGetContext("wbinfo", argc, (const char **)argv, long_options, 0);
|
||||
|
||||
/* Parse command line options */
|
||||
|
||||
if (argc == 1) {
|
||||
poptPrintHelp(pc, stderr, 0);
|
||||
return 1;
|
||||
}
|
||||
|
||||
while((opt = poptGetNextOpt(pc)) != -1) {
|
||||
if (got_command) {
|
||||
d_fprintf(stderr, "No more than one command may be specified at once.\n");
|
||||
@ -734,10 +706,6 @@ int main(int argc, char **argv)
|
||||
|
||||
while((opt = poptGetNextOpt(pc)) != -1) {
|
||||
switch (opt) {
|
||||
case 'h':
|
||||
usage();
|
||||
result = 0;
|
||||
goto done;
|
||||
case 'u':
|
||||
if (!print_domain_users()) {
|
||||
d_printf("Error looking up domain users\n");
|
||||
@ -859,7 +827,7 @@ int main(int argc, char **argv)
|
||||
break;
|
||||
default:
|
||||
d_fprintf(stderr, "Invalid option\n");
|
||||
usage();
|
||||
poptPrintHelp(pc, stderr, 0);
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
@ -21,8 +21,7 @@
|
||||
Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
#include "winbind_nss_config.h"
|
||||
#include "winbindd_nss.h"
|
||||
#include "winbind_client.h"
|
||||
|
||||
#ifdef HAVE_NS_API_H
|
||||
#undef VOLATILE
|
||||
@ -37,17 +36,6 @@
|
||||
|
||||
extern int winbindd_fd;
|
||||
|
||||
void init_request(struct winbindd_request *req,int rq_type);
|
||||
NSS_STATUS winbindd_send_request(int req_type,
|
||||
struct winbindd_request *request);
|
||||
NSS_STATUS winbindd_get_response(struct winbindd_response *response);
|
||||
NSS_STATUS winbindd_request(int req_type,
|
||||
struct winbindd_request *request,
|
||||
struct winbindd_response *response);
|
||||
int winbind_open_pipe_sock(void);
|
||||
int write_sock(void *buffer, int count);
|
||||
int read_reply(struct winbindd_response *response);
|
||||
void free_response(struct winbindd_response *response);
|
||||
|
||||
#ifdef HAVE_NS_API_H
|
||||
/* IRIX version */
|
||||
|
@ -38,6 +38,10 @@
|
||||
#include <unistd.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_SYS_SELECT_H
|
||||
#include <sys/select.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_SYS_SOCKET_H
|
||||
#include <sys/socket.h>
|
||||
#endif
|
||||
@ -58,6 +62,14 @@
|
||||
#include <string.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_FCNTL_H
|
||||
#include <fcntl.h>
|
||||
#else
|
||||
#ifdef HAVE_SYS_FCNTL_H
|
||||
#include <sys/fcntl.h>
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <errno.h>
|
||||
|
@ -628,8 +628,8 @@ static void process_loop(int accept_sock)
|
||||
|
||||
if (state->read_buf_len >= sizeof(uint32)
|
||||
&& *(uint32 *) &state->request != sizeof(state->request)) {
|
||||
DEBUG(0,("process_loop: Invalid request size (%d) send, should be (%d)\n",
|
||||
*(uint32 *) &state->request, sizeof(state->request)));
|
||||
DEBUG(0,("process_loop: Invalid request size from pid %d: %d bytes sent, should be %d\n",
|
||||
state->request.pid, *(uint32 *) &state->request, sizeof(state->request)));
|
||||
|
||||
remove_client(state);
|
||||
break;
|
||||
@ -858,6 +858,7 @@ static void usage(void)
|
||||
pidfile_create("winbindd");
|
||||
}
|
||||
|
||||
|
||||
#if HAVE_SETPGID
|
||||
/*
|
||||
* If we're interactive we want to set our own process group for
|
||||
|
@ -143,7 +143,7 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain)
|
||||
/* if we get ECONNREFUSED then it might be a NT4
|
||||
server, fall back to MSRPC */
|
||||
if (status.error_type == ADS_ERROR_SYSTEM &&
|
||||
status.rc == ECONNREFUSED) {
|
||||
status.err.rc == ECONNREFUSED) {
|
||||
DEBUG(1,("Trying MSRPC methods\n"));
|
||||
domain->methods = &msrpc_methods;
|
||||
}
|
||||
@ -170,9 +170,9 @@ static void sid_from_rid(struct winbindd_domain *domain, uint32 rid, DOM_SID *si
|
||||
static enum SID_NAME_USE ads_atype_map(uint32 atype)
|
||||
{
|
||||
switch (atype & 0xF0000000) {
|
||||
case ATYPE_GROUP:
|
||||
case ATYPE_GLOBAL_GROUP:
|
||||
return SID_NAME_DOM_GRP;
|
||||
case ATYPE_USER:
|
||||
case ATYPE_ACCOUNT:
|
||||
return SID_NAME_USER;
|
||||
default:
|
||||
DEBUG(1,("hmm, need to map account type 0x%x\n", atype));
|
||||
@ -339,7 +339,7 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
|
||||
|
||||
if (!ads_pull_uint32(ads, msg, "sAMAccountType",
|
||||
&account_type) ||
|
||||
!(account_type & ATYPE_GROUP)) continue;
|
||||
!(account_type & ATYPE_GLOBAL_GROUP)) continue;
|
||||
|
||||
name = pull_username(ads, mem_ctx, msg);
|
||||
gecos = ads_pull_string(ads, mem_ctx, msg, "name");
|
||||
|
@ -109,7 +109,7 @@ static BOOL cm_ads_find_dc(const char *domain, struct in_addr *dc_ip, fstring sr
|
||||
}
|
||||
|
||||
/* we don't need to bind, just connect */
|
||||
ads->auth.no_bind = 1;
|
||||
ads->auth.flags |= ADS_AUTH_NO_BIND;
|
||||
|
||||
DEBUG(4,("cm_ads_find_dc: domain=%s\n", domain));
|
||||
|
||||
@ -145,12 +145,17 @@ static BOOL cm_rpc_find_dc(const char *domain, struct in_addr *dc_ip, fstring sr
|
||||
|
||||
/* Lookup domain controller name. Try the real PDC first to avoid
|
||||
SAM sync delays */
|
||||
if (!get_dc_list(True, domain, &ip_list, &count)) {
|
||||
if (get_dc_list(True, domain, &ip_list, &count) &&
|
||||
name_status_find(domain, 0x1c, 0x20, ip_list[0], srv_name)) {
|
||||
*dc_ip = ip_list[0];
|
||||
SAFE_FREE(ip_list);
|
||||
return True;
|
||||
}
|
||||
|
||||
if (!get_dc_list(False, domain, &ip_list, &count)) {
|
||||
DEBUG(3, ("Could not look up dc's for domain %s\n", domain));
|
||||
return False;
|
||||
}
|
||||
}
|
||||
|
||||
/* Pick a nice close server */
|
||||
/* Look for DC on local net */
|
||||
@ -377,16 +382,6 @@ static NTSTATUS cm_open_connection(const char *domain,const char *pipe_name,
|
||||
fstrcpy(new_conn->domain, domain);
|
||||
fstrcpy(new_conn->pipe_name, pipe_name);
|
||||
|
||||
/* Look for a domain controller for this domain. Negative results
|
||||
are cached so don't bother applying the caching for this
|
||||
function just yet. */
|
||||
|
||||
if (!cm_get_dc_name(domain, new_conn->controller, &dc_ip)) {
|
||||
result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
|
||||
add_failed_connection_entry(new_conn, result);
|
||||
return result;
|
||||
}
|
||||
|
||||
/* Return false if we have tried to look up this domain and netbios
|
||||
name before and failed. */
|
||||
|
||||
@ -418,6 +413,16 @@ static NTSTATUS cm_open_connection(const char *domain,const char *pipe_name,
|
||||
return result;
|
||||
}
|
||||
|
||||
/* Look for a domain controller for this domain. Negative results
|
||||
are cached so don't bother applying the caching for this
|
||||
function just yet. */
|
||||
|
||||
if (!cm_get_dc_name(domain, new_conn->controller, &dc_ip)) {
|
||||
result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
|
||||
add_failed_connection_entry(new_conn, result);
|
||||
return result;
|
||||
}
|
||||
|
||||
/* Initialise SMB connection */
|
||||
|
||||
cm_get_ipc_userpass(&ipc_username, &ipc_domain, &ipc_password);
|
||||
@ -859,6 +864,7 @@ NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd,
|
||||
{
|
||||
NTSTATUS result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
|
||||
struct winbindd_cm_conn *conn;
|
||||
uint32 neg_flags = 0x000001ff;
|
||||
|
||||
if (!cli) {
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
@ -870,8 +876,7 @@ NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd,
|
||||
return result;
|
||||
}
|
||||
|
||||
result = cli_nt_setup_creds(conn->cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ?
|
||||
SEC_CHAN_WKSTA : SEC_CHAN_BDC, trust_passwd);
|
||||
result = cli_nt_setup_creds(conn->cli, get_sec_chan(), trust_passwd, &neg_flags, 2);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
DEBUG(0, ("error connecting to domain password server: %s\n",
|
||||
@ -884,8 +889,7 @@ NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd,
|
||||
}
|
||||
|
||||
/* Try again */
|
||||
result = cli_nt_setup_creds(conn->cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ?
|
||||
SEC_CHAN_WKSTA : SEC_CHAN_BDC, trust_passwd);
|
||||
result = cli_nt_setup_creds( conn->cli, get_sec_chan(),trust_passwd, &neg_flags, 2);
|
||||
}
|
||||
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
|
@ -127,6 +127,9 @@ struct winbindd_request {
|
||||
uid_t uid; /* getpwuid, uid_to_sid */
|
||||
gid_t gid; /* getgrgid, gid_to_sid */
|
||||
struct {
|
||||
/* We deliberatedly don't split into domain/user to
|
||||
avoid having the client know what the separator
|
||||
character is. */
|
||||
fstring user;
|
||||
fstring pass;
|
||||
} auth; /* pam_winbind auth module */
|
||||
|
@ -147,7 +147,7 @@ done:
|
||||
fstrcpy(state->response.data.auth.error_string, nt_errstr(result));
|
||||
state->response.data.auth.pam_error = nt_status_to_pam(result);
|
||||
|
||||
DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("Plain-text authenticaion for user %s returned %s (PAM: %d)\n",
|
||||
DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("Plain-text authentication for user %s returned %s (PAM: %d)\n",
|
||||
state->request.data.auth.user,
|
||||
state->response.data.auth.nt_status_string,
|
||||
state->response.data.auth.pam_error));
|
||||
@ -183,7 +183,7 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
|
||||
/* Ensure null termination */
|
||||
state->request.data.auth_crap.domain[sizeof(state->request.data.auth_crap.domain)-1]='\0';
|
||||
|
||||
if (!(mem_ctx = talloc_init_named("winbind pam auth crap for (utf8) %s", state->request.data.auth.user))) {
|
||||
if (!(mem_ctx = talloc_init_named("winbind pam auth crap for (utf8) %s", state->request.data.auth_crap.user))) {
|
||||
DEBUG(0, ("winbindd_pam_auth_crap: could not talloc_init()!\n"));
|
||||
result = NT_STATUS_NO_MEMORY;
|
||||
goto done;
|
||||
@ -292,7 +292,7 @@ done:
|
||||
state->response.data.auth.pam_error = nt_status_to_pam(result);
|
||||
|
||||
DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2,
|
||||
("NTLM CRAP authenticaion for user [%s]\\[%s] returned %s (PAM: %d)\n",
|
||||
("NTLM CRAP authentication for user [%s]\\[%s] returned %s (PAM: %d)\n",
|
||||
domain,
|
||||
user,
|
||||
state->response.data.auth.nt_status_string,
|
||||
|
@ -315,6 +315,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
|
||||
cli_samr_close(hnd->cli, mem_ctx, &user_pol);
|
||||
got_user_pol = False;
|
||||
|
||||
user_info->user_rid = user_rid;
|
||||
user_info->group_rid = ctr->info.id21->group_rid;
|
||||
user_info->acct_name = unistr2_tdup(mem_ctx,
|
||||
&ctr->info.id21->uni_user_name);
|
||||
@ -419,7 +420,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
|
||||
uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
|
||||
BOOL got_dom_pol = False, got_group_pol = False;
|
||||
|
||||
DEBUG(3,("rpc: lookup_groupmem rid=%u\n", group_rid));
|
||||
DEBUG(10,("rpc: lookup_groupmem %s rid=%u\n", domain->name, group_rid));
|
||||
|
||||
*num_names = 0;
|
||||
|
||||
@ -523,7 +524,7 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
|
||||
BOOL got_dom_pol = False;
|
||||
uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
|
||||
|
||||
DEBUG(3,("rpc: sequence_number\n"));
|
||||
DEBUG(10,("rpc: fetch sequence_number for %s\n", domain->name));
|
||||
|
||||
*seq = DOM_SEQUENCE_NONE;
|
||||
|
||||
|
@ -83,10 +83,16 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
|
||||
/* We can't call domain_list() as this function is called from
|
||||
init_domain_list() and we'll get stuck in a loop. */
|
||||
for (domain = _domain_list; domain; domain = domain->next) {
|
||||
if (strcmp(domain_name, domain->name) == 0 ||
|
||||
strcmp(domain_name, domain->alt_name) == 0) {
|
||||
if (strcasecmp(domain_name, domain->name) == 0 ||
|
||||
strcasecmp(domain_name, domain->alt_name) == 0) {
|
||||
return domain;
|
||||
}
|
||||
if (alt_name && *alt_name) {
|
||||
if (strcasecmp(alt_name, domain->name) == 0 ||
|
||||
strcasecmp(alt_name, domain->alt_name) == 0) {
|
||||
return domain;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Create new domain entry */
|
||||
|
@ -96,6 +96,8 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
|
||||
char *pass_old;
|
||||
char *pass_new;
|
||||
|
||||
NTSTATUS nt_status;
|
||||
|
||||
/* Samba initialization. */
|
||||
setup_logging( "pam_smbpass", False );
|
||||
in_client = True;
|
||||
@ -124,10 +126,11 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
|
||||
}
|
||||
|
||||
/* obtain user record */
|
||||
pdb_init_sam(&sampass);
|
||||
pdb_getsampwnam(sampass,user);
|
||||
if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&sampass))) {
|
||||
return nt_status_to_pam(nt_status);
|
||||
}
|
||||
|
||||
if (sampass == NULL) {
|
||||
if (!pdb_getsampwnam(sampass,user)) {
|
||||
_log_err( LOG_ALERT, "Failed to find entry for user %s.", user );
|
||||
return PAM_USER_UNKNOWN;
|
||||
}
|
||||
|
@ -112,6 +112,7 @@ typedef struct
|
||||
char *szSMBPasswdFile;
|
||||
char *szPrivateDir;
|
||||
char **szPassdbBackend;
|
||||
char **szSamBackend;
|
||||
char *szPasswordServer;
|
||||
char *szSocketOptions;
|
||||
char *szWorkGroup;
|
||||
@ -139,6 +140,7 @@ typedef struct
|
||||
char *szDelGroupScript;
|
||||
char *szAddUserToGroupScript;
|
||||
char *szDelUserFromGroupScript;
|
||||
char *szSetPrimaryGroupScript;
|
||||
char *szAddMachineScript;
|
||||
char *szShutdownScript;
|
||||
char *szAbortShutdownScript;
|
||||
@ -171,7 +173,6 @@ typedef struct
|
||||
int max_xmit;
|
||||
int max_mux;
|
||||
int max_open_files;
|
||||
int max_packet;
|
||||
int pwordlevel;
|
||||
int unamelevel;
|
||||
int deadtime;
|
||||
@ -206,11 +207,11 @@ typedef struct
|
||||
int iLockSpinTime;
|
||||
char *szLdapMachineSuffix;
|
||||
char *szLdapUserSuffix;
|
||||
int ldap_port;
|
||||
int ldap_ssl;
|
||||
char *szLdapSuffix;
|
||||
char *szLdapFilter;
|
||||
char *szLdapAdminDn;
|
||||
int ldap_passwd_sync;
|
||||
BOOL bMsAddPrinterWizard;
|
||||
BOOL bDNSproxy;
|
||||
BOOL bWINSsupport;
|
||||
@ -231,7 +232,6 @@ typedef struct
|
||||
BOOL bReadPrediction;
|
||||
BOOL bReadbmpx;
|
||||
BOOL bSyslogOnly;
|
||||
BOOL bAdminLog;
|
||||
BOOL bBrowseList;
|
||||
BOOL bNISHomeMap;
|
||||
BOOL bTimeServer;
|
||||
@ -335,7 +335,6 @@ typedef struct
|
||||
int iOplockContentionLimit;
|
||||
int iCSCPolicy;
|
||||
int iBlock_size;
|
||||
BOOL bAlternatePerm;
|
||||
BOOL bPreexecClose;
|
||||
BOOL bRootpreexecClose;
|
||||
BOOL bCaseSensitive;
|
||||
@ -343,6 +342,7 @@ typedef struct
|
||||
BOOL bShortCasePreserve;
|
||||
BOOL bCaseMangle;
|
||||
BOOL bHideDotFiles;
|
||||
BOOL bHideSpecialFiles;
|
||||
BOOL bHideUnReadable;
|
||||
BOOL bHideUnWriteableFiles;
|
||||
BOOL bBrowseable;
|
||||
@ -385,6 +385,10 @@ typedef struct
|
||||
BOOL bUseClientDriver;
|
||||
BOOL bDefaultDevmode;
|
||||
BOOL bNTAclSupport;
|
||||
#ifdef WITH_SENDFILE
|
||||
BOOL bUseSendfile;
|
||||
#endif
|
||||
BOOL bProfileAcls;
|
||||
|
||||
char dummy[3]; /* for alignment */
|
||||
}
|
||||
@ -455,7 +459,6 @@ static service sDefault = {
|
||||
2, /* iOplockContentionLimit */
|
||||
0, /* iCSCPolicy */
|
||||
1024, /* iBlock_size */
|
||||
False, /* bAlternatePerm */
|
||||
False, /* bPreexecClose */
|
||||
False, /* bRootpreexecClose */
|
||||
False, /* case sensitive */
|
||||
@ -463,6 +466,7 @@ static service sDefault = {
|
||||
True, /* short case preserve */
|
||||
False, /* case mangle */
|
||||
True, /* bHideDotFiles */
|
||||
False, /* bHideSpecialFiles */
|
||||
False, /* bHideUnReadable */
|
||||
False, /* bHideUnWriteableFiles */
|
||||
True, /* bBrowseable */
|
||||
@ -505,6 +509,10 @@ static service sDefault = {
|
||||
False, /* bUseClientDriver */
|
||||
False, /* bDefaultDevmode */
|
||||
True, /* bNTAclSupport */
|
||||
#ifdef WITH_SENDFILE
|
||||
False, /* bUseSendfile */
|
||||
#endif
|
||||
False, /* bProfileAcls */
|
||||
|
||||
"" /* dummy */
|
||||
};
|
||||
@ -592,6 +600,22 @@ static struct enum_list enum_ldap_ssl[] = {
|
||||
{-1, NULL}
|
||||
};
|
||||
|
||||
static struct enum_list enum_ldap_passwd_sync[] = {
|
||||
{LDAP_PASSWD_SYNC_ON, "Yes"},
|
||||
{LDAP_PASSWD_SYNC_ON, "yes"},
|
||||
{LDAP_PASSWD_SYNC_ON, "on"},
|
||||
{LDAP_PASSWD_SYNC_ON, "On"},
|
||||
{LDAP_PASSWD_SYNC_OFF, "no"},
|
||||
{LDAP_PASSWD_SYNC_OFF, "No"},
|
||||
{LDAP_PASSWD_SYNC_OFF, "off"},
|
||||
{LDAP_PASSWD_SYNC_OFF, "Off"},
|
||||
#ifdef LDAP_EXOP_X_MODIFY_PASSWD
|
||||
{LDAP_PASSWD_SYNC_ONLY, "Only"},
|
||||
{LDAP_PASSWD_SYNC_ONLY, "only"},
|
||||
#endif /* LDAP_EXOP_X_MODIFY_PASSWD */
|
||||
{-1, NULL}
|
||||
};
|
||||
|
||||
/* Types of machine we can announce as. */
|
||||
#define ANNOUNCE_AS_NT_SERVER 1
|
||||
#define ANNOUNCE_AS_WIN95 2
|
||||
@ -666,66 +690,75 @@ static struct enum_list enum_map_to_guest[] = {
|
||||
{-1, NULL}
|
||||
};
|
||||
|
||||
/* note that we do not initialise the defaults union - it is not allowed in ANSI C */
|
||||
/* Note: We do not initialise the defaults union - it is not allowed in ANSI C
|
||||
*
|
||||
* Note: We have a flag called FLAG_DEVELOPER but is not used at this time, it
|
||||
* is implied in current control logic. This may change at some later time. A
|
||||
* flag value of 0 means - show as development option only.
|
||||
*
|
||||
* The FLAG_HIDE is explicit. Paramters set this way do NOT appear in any edit
|
||||
* screen in SWAT. This is used to exclude parameters as well as to squash all
|
||||
* parameters that have been duplicated by pseudonyms.
|
||||
*/
|
||||
static struct parm_struct parm_table[] = {
|
||||
{"Base Options", P_SEP, P_SEPARATOR},
|
||||
|
||||
{"dos charset", P_STRING, P_GLOBAL, &Globals.dos_charset, NULL, NULL, 0},
|
||||
{"unix charset", P_STRING, P_GLOBAL, &Globals.unix_charset, NULL, NULL, 0},
|
||||
{"display charset", P_STRING, P_GLOBAL, &Globals.display_charset, NULL, NULL, 0},
|
||||
{"comment", P_STRING, P_LOCAL, &sDefault.comment, NULL, NULL, FLAG_BASIC | FLAG_SHARE | FLAG_PRINT},
|
||||
{"path", P_STRING, P_LOCAL, &sDefault.szPath, NULL, NULL, FLAG_BASIC | FLAG_SHARE | FLAG_PRINT},
|
||||
{"directory", P_STRING, P_LOCAL, &sDefault.szPath, NULL, NULL, 0},
|
||||
{"workgroup", P_USTRING, P_GLOBAL, &Globals.szWorkGroup, NULL, NULL, FLAG_BASIC},
|
||||
{"realm", P_USTRING, P_GLOBAL, &Globals.szRealm, NULL, NULL, FLAG_BASIC},
|
||||
{"ADS server", P_STRING, P_GLOBAL, &Globals.szADSserver, NULL, NULL, FLAG_BASIC},
|
||||
{"netbios name", P_UGSTRING, P_GLOBAL, global_myname, handle_netbios_name, NULL, FLAG_BASIC},
|
||||
{"netbios aliases", P_LIST, P_GLOBAL, &Globals.szNetbiosAliases, NULL, NULL, 0},
|
||||
{"netbios scope", P_UGSTRING, P_GLOBAL, global_scope, NULL, NULL, 0},
|
||||
{"server string", P_STRING, P_GLOBAL, &Globals.szServerString, NULL, NULL, FLAG_BASIC },
|
||||
{"interfaces", P_LIST, P_GLOBAL, &Globals.szInterfaces, NULL, NULL, FLAG_BASIC},
|
||||
{"bind interfaces only", P_BOOL, P_GLOBAL, &Globals.bBindInterfacesOnly, NULL, NULL, 0},
|
||||
{"dos charset", P_STRING, P_GLOBAL, &Globals.dos_charset, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"unix charset", P_STRING, P_GLOBAL, &Globals.unix_charset, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"display charset", P_STRING, P_GLOBAL, &Globals.display_charset, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"comment", P_STRING, P_LOCAL, &sDefault.comment, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT | FLAG_DEVELOPER},
|
||||
{"path", P_STRING, P_LOCAL, &sDefault.szPath, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT | FLAG_DEVELOPER},
|
||||
{"directory", P_STRING, P_LOCAL, &sDefault.szPath, NULL, NULL, FLAG_HIDE},
|
||||
{"workgroup", P_USTRING, P_GLOBAL, &Globals.szWorkGroup, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
|
||||
{"realm", P_USTRING, P_GLOBAL, &Globals.szRealm, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
|
||||
{"ADS server", P_STRING, P_GLOBAL, &Globals.szADSserver, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
|
||||
{"netbios name", P_UGSTRING, P_GLOBAL, global_myname, handle_netbios_name, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
|
||||
{"netbios aliases", P_LIST, P_GLOBAL, &Globals.szNetbiosAliases, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
|
||||
{"netbios scope", P_UGSTRING, P_GLOBAL, global_scope, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"server string", P_STRING, P_GLOBAL, &Globals.szServerString, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"interfaces", P_LIST, P_GLOBAL, &Globals.szInterfaces, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
|
||||
{"bind interfaces only", P_BOOL, P_GLOBAL, &Globals.bBindInterfacesOnly, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
|
||||
|
||||
{"Security Options", P_SEP, P_SEPARATOR},
|
||||
|
||||
{"security", P_ENUM, P_GLOBAL, &Globals.security, NULL, enum_security, FLAG_BASIC},
|
||||
{"auth methods", P_LIST, P_GLOBAL, &Globals.AuthMethods, NULL, NULL, FLAG_BASIC},
|
||||
{"encrypt passwords", P_BOOL, P_GLOBAL, &Globals.bEncryptPasswords, NULL, NULL, FLAG_BASIC},
|
||||
{"update encrypted", P_BOOL, P_GLOBAL, &Globals.bUpdateEncrypt, NULL, NULL, FLAG_BASIC},
|
||||
{"allow trusted domains", P_BOOL, P_GLOBAL, &Globals.bAllowTrustedDomains, NULL, NULL, 0},
|
||||
{"alternate permissions", P_BOOL, P_LOCAL, &sDefault.bAlternatePerm, NULL, NULL, FLAG_GLOBAL | FLAG_DEPRECATED},
|
||||
{"hosts equiv", P_STRING, P_GLOBAL, &Globals.szHostsEquiv, NULL, NULL, 0},
|
||||
{"min passwd length", P_INTEGER, P_GLOBAL, &Globals.min_passwd_length, NULL, NULL, 0},
|
||||
{"min password length", P_INTEGER, P_GLOBAL, &Globals.min_passwd_length, NULL, NULL, 0},
|
||||
{"map to guest", P_ENUM, P_GLOBAL, &Globals.map_to_guest, NULL, enum_map_to_guest, 0},
|
||||
{"null passwords", P_BOOL, P_GLOBAL, &Globals.bNullPasswords, NULL, NULL, 0},
|
||||
{"obey pam restrictions", P_BOOL, P_GLOBAL, &Globals.bObeyPamRestrictions, NULL, NULL, 0},
|
||||
{"password server", P_STRING, P_GLOBAL, &Globals.szPasswordServer, NULL, NULL, 0},
|
||||
{"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, 0},
|
||||
{"private dir", P_STRING, P_GLOBAL, &Globals.szPrivateDir, NULL, NULL, 0},
|
||||
{"passdb backend", P_LIST, P_GLOBAL, &Globals.szPassdbBackend, NULL, NULL, 0},
|
||||
{"non unix account range", P_STRING, P_GLOBAL, &Globals.szNonUnixAccountRange, handle_non_unix_account_range, NULL, 0},
|
||||
{"algorithmic rid base", P_INTEGER, P_GLOBAL, &Globals.bAlgorithmicRidBase, NULL, NULL, 0},
|
||||
{"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0},
|
||||
{"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0},
|
||||
{"root", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0},
|
||||
{"guest account", P_STRING, P_GLOBAL, &Globals.szGuestaccount, NULL, NULL, FLAG_BASIC},
|
||||
{"security", P_ENUM, P_GLOBAL, &Globals.security, NULL, enum_security, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
|
||||
{"auth methods", P_LIST, P_GLOBAL, &Globals.AuthMethods, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
|
||||
{"encrypt passwords", P_BOOL, P_GLOBAL, &Globals.bEncryptPasswords, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
|
||||
{"update encrypted", P_BOOL, P_GLOBAL, &Globals.bUpdateEncrypt, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"allow trusted domains", P_BOOL, P_GLOBAL, &Globals.bAllowTrustedDomains, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"hosts equiv", P_STRING, P_GLOBAL, &Globals.szHostsEquiv, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"min passwd length", P_INTEGER, P_GLOBAL, &Globals.min_passwd_length, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"min password length", P_INTEGER, P_GLOBAL, &Globals.min_passwd_length, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"map to guest", P_ENUM, P_GLOBAL, &Globals.map_to_guest, NULL, enum_map_to_guest, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"null passwords", P_BOOL, P_GLOBAL, &Globals.bNullPasswords, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"obey pam restrictions", P_BOOL, P_GLOBAL, &Globals.bObeyPamRestrictions, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"password server", P_STRING, P_GLOBAL, &Globals.szPasswordServer, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
|
||||
{"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"private dir", P_STRING, P_GLOBAL, &Globals.szPrivateDir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"passdb backend", P_LIST, P_GLOBAL, &Globals.szPassdbBackend, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"sam backend", P_LIST, P_GLOBAL, &Globals.szSamBackend, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"non unix account range", P_STRING, P_GLOBAL, &Globals.szNonUnixAccountRange, handle_non_unix_account_range, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"algorithmic rid base", P_INTEGER, P_GLOBAL, &Globals.bAlgorithmicRidBase, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"root", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_HIDE | FLAG_DEVELOPER},
|
||||
{"guest account", P_STRING, P_GLOBAL, &Globals.szGuestaccount, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
|
||||
{"pam password change", P_BOOL, P_GLOBAL, &Globals.bPamPasswordChange, NULL, NULL, 0},
|
||||
{"passwd program", P_STRING, P_GLOBAL, &Globals.szPasswdProgram, NULL, NULL, 0},
|
||||
{"passwd chat", P_STRING, P_GLOBAL, &Globals.szPasswdChat, NULL, NULL, 0},
|
||||
{"passwd chat debug", P_BOOL, P_GLOBAL, &Globals.bPasswdChatDebug, NULL, NULL, 0},
|
||||
{"username map", P_STRING, P_GLOBAL, &Globals.szUsernameMap, NULL, NULL, 0},
|
||||
{"password level", P_INTEGER, P_GLOBAL, &Globals.pwordlevel, NULL, NULL, 0},
|
||||
{"username level", P_INTEGER, P_GLOBAL, &Globals.unamelevel, NULL, NULL, 0},
|
||||
{"unix password sync", P_BOOL, P_GLOBAL, &Globals.bUnixPasswdSync, NULL, NULL, 0},
|
||||
{"restrict anonymous", P_INTEGER, P_GLOBAL, &Globals.restrict_anonymous, NULL, NULL, 0},
|
||||
{"lanman auth", P_BOOL, P_GLOBAL, &Globals.bLanmanAuth, NULL, NULL, 0},
|
||||
{"ntlm auth", P_BOOL, P_GLOBAL, &Globals.bNTLMAuth, NULL, NULL, 0},
|
||||
{"pam password change", P_BOOL, P_GLOBAL, &Globals.bPamPasswordChange, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"passwd program", P_STRING, P_GLOBAL, &Globals.szPasswdProgram, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"passwd chat", P_STRING, P_GLOBAL, &Globals.szPasswdChat, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"passwd chat debug", P_BOOL, P_GLOBAL, &Globals.bPasswdChatDebug, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"username map", P_STRING, P_GLOBAL, &Globals.szUsernameMap, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER | FLAG_DEVELOPER},
|
||||
{"password level", P_INTEGER, P_GLOBAL, &Globals.pwordlevel, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"username level", P_INTEGER, P_GLOBAL, &Globals.unamelevel, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"unix password sync", P_BOOL, P_GLOBAL, &Globals.bUnixPasswdSync, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"restrict anonymous", P_INTEGER, P_GLOBAL, &Globals.restrict_anonymous, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"lanman auth", P_BOOL, P_GLOBAL, &Globals.bLanmanAuth, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"ntlm auth", P_BOOL, P_GLOBAL, &Globals.bNTLMAuth, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
|
||||
{"username", P_STRING, P_LOCAL, &sDefault.szUsername, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
|
||||
{"user", P_STRING, P_LOCAL, &sDefault.szUsername, NULL, NULL, 0},
|
||||
{"users", P_STRING, P_LOCAL, &sDefault.szUsername, NULL, NULL, 0},
|
||||
{"user", P_STRING, P_LOCAL, &sDefault.szUsername, NULL, NULL, FLAG_HIDE},
|
||||
{"users", P_STRING, P_LOCAL, &sDefault.szUsername, NULL, NULL, FLAG_HIDE},
|
||||
|
||||
{"invalid users", P_LIST, P_LOCAL, &sDefault.szInvalidUsers, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
|
||||
{"valid users", P_LIST, P_LOCAL, &sDefault.szValidUsers, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
|
||||
@ -735,12 +768,12 @@ static struct parm_struct parm_table[] = {
|
||||
{"printer admin", P_LIST, P_LOCAL, &sDefault.printer_admin, NULL, NULL, FLAG_GLOBAL | FLAG_PRINT},
|
||||
{"force user", P_STRING, P_LOCAL, &sDefault.force_user, NULL, NULL, FLAG_SHARE},
|
||||
{"force group", P_STRING, P_LOCAL, &sDefault.force_group, NULL, NULL, FLAG_SHARE},
|
||||
{"group", P_STRING, P_LOCAL, &sDefault.force_group, NULL, NULL, 0},
|
||||
{"group", P_STRING, P_LOCAL, &sDefault.force_group, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
|
||||
{"read only", P_BOOL, P_LOCAL, &sDefault.bRead_only, NULL, NULL, FLAG_BASIC | FLAG_SHARE},
|
||||
{"write ok", P_BOOLREV, P_LOCAL, &sDefault.bRead_only, NULL, NULL, 0},
|
||||
{"writeable", P_BOOLREV, P_LOCAL, &sDefault.bRead_only, NULL, NULL, 0},
|
||||
{"writable", P_BOOLREV, P_LOCAL, &sDefault.bRead_only, NULL, NULL, 0},
|
||||
{"read only", P_BOOL, P_LOCAL, &sDefault.bRead_only, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE},
|
||||
{"write ok", P_BOOLREV, P_LOCAL, &sDefault.bRead_only, NULL, NULL, FLAG_HIDE},
|
||||
{"writeable", P_BOOLREV, P_LOCAL, &sDefault.bRead_only, NULL, NULL, FLAG_HIDE},
|
||||
{"writable", P_BOOLREV, P_LOCAL, &sDefault.bRead_only, NULL, NULL, FLAG_HIDE},
|
||||
|
||||
{"create mask", P_OCTAL, P_LOCAL, &sDefault.iCreate_mask, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
|
||||
{"create mode", P_OCTAL, P_LOCAL, &sDefault.iCreate_mask, NULL, NULL, FLAG_GLOBAL},
|
||||
@ -755,101 +788,103 @@ static struct parm_struct parm_table[] = {
|
||||
{"inherit permissions", P_BOOL, P_LOCAL, &sDefault.bInheritPerms, NULL, NULL, FLAG_SHARE},
|
||||
{"inherit acls", P_BOOL, P_LOCAL, &sDefault.bInheritACLS, NULL, NULL, FLAG_SHARE},
|
||||
{"guest only", P_BOOL, P_LOCAL, &sDefault.bGuest_only, NULL, NULL, FLAG_SHARE},
|
||||
{"only guest", P_BOOL, P_LOCAL, &sDefault.bGuest_only, NULL, NULL, 0},
|
||||
{"only guest", P_BOOL, P_LOCAL, &sDefault.bGuest_only, NULL, NULL, FLAG_HIDE},
|
||||
|
||||
{"guest ok", P_BOOL, P_LOCAL, &sDefault.bGuest_ok, NULL, NULL, FLAG_BASIC | FLAG_SHARE | FLAG_PRINT},
|
||||
{"public", P_BOOL, P_LOCAL, &sDefault.bGuest_ok, NULL, NULL, 0},
|
||||
{"guest ok", P_BOOL, P_LOCAL, &sDefault.bGuest_ok, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT | FLAG_DEVELOPER},
|
||||
{"public", P_BOOL, P_LOCAL, &sDefault.bGuest_ok, NULL, NULL, FLAG_HIDE},
|
||||
|
||||
{"only user", P_BOOL, P_LOCAL, &sDefault.bOnlyUser, NULL, NULL, FLAG_SHARE},
|
||||
{"hosts allow", P_LIST, P_LOCAL, &sDefault.szHostsallow, NULL, NULL, FLAG_GLOBAL | FLAG_BASIC | FLAG_SHARE | FLAG_PRINT},
|
||||
{"allow hosts", P_LIST, P_LOCAL, &sDefault.szHostsallow, NULL, NULL, 0},
|
||||
{"hosts deny", P_LIST, P_LOCAL, &sDefault.szHostsdeny, NULL, NULL, FLAG_GLOBAL | FLAG_BASIC | FLAG_SHARE | FLAG_PRINT},
|
||||
{"deny hosts", P_LIST, P_LOCAL, &sDefault.szHostsdeny, NULL, NULL, 0},
|
||||
{"hosts allow", P_LIST, P_LOCAL, &sDefault.szHostsallow, NULL, NULL, FLAG_GLOBAL | FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT | FLAG_DEVELOPER},
|
||||
{"allow hosts", P_LIST, P_LOCAL, &sDefault.szHostsallow, NULL, NULL, FLAG_HIDE},
|
||||
{"hosts deny", P_LIST, P_LOCAL, &sDefault.szHostsdeny, NULL, NULL, FLAG_GLOBAL | FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT | FLAG_DEVELOPER},
|
||||
{"deny hosts", P_LIST, P_LOCAL, &sDefault.szHostsdeny, NULL, NULL, FLAG_HIDE},
|
||||
|
||||
{"Logging Options", P_SEP, P_SEPARATOR},
|
||||
|
||||
{"admin log", P_BOOL, P_GLOBAL, &Globals.bAdminLog, NULL, NULL, 0},
|
||||
{"log level", P_STRING, P_GLOBAL, &Globals.szLogLevel, handle_debug_list, NULL, 0},
|
||||
{"debuglevel", P_STRING, P_GLOBAL, &Globals.szLogLevel, handle_debug_list, NULL, 0},
|
||||
{"syslog", P_INTEGER, P_GLOBAL, &Globals.syslog, NULL, NULL, 0},
|
||||
{"syslog only", P_BOOL, P_GLOBAL, &Globals.bSyslogOnly, NULL, NULL, 0},
|
||||
{"log file", P_STRING, P_GLOBAL, &Globals.szLogFile, NULL, NULL, 0},
|
||||
{"log level", P_STRING, P_GLOBAL, &Globals.szLogLevel, handle_debug_list, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"debuglevel", P_STRING, P_GLOBAL, &Globals.szLogLevel, handle_debug_list, NULL, FLAG_HIDE},
|
||||
{"syslog", P_INTEGER, P_GLOBAL, &Globals.syslog, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"syslog only", P_BOOL, P_GLOBAL, &Globals.bSyslogOnly, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"log file", P_STRING, P_GLOBAL, &Globals.szLogFile, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
|
||||
{"max log size", P_INTEGER, P_GLOBAL, &Globals.max_log_size, NULL, NULL, 0},
|
||||
{"timestamp logs", P_BOOL, P_GLOBAL, &Globals.bTimestampLogs, NULL, NULL, 0},
|
||||
{"debug timestamp", P_BOOL, P_GLOBAL, &Globals.bTimestampLogs, NULL, NULL, 0},
|
||||
{"debug hires timestamp", P_BOOL, P_GLOBAL, &Globals.bDebugHiresTimestamp, NULL, NULL, 0},
|
||||
{"debug pid", P_BOOL, P_GLOBAL, &Globals.bDebugPid, NULL, NULL, 0},
|
||||
{"debug uid", P_BOOL, P_GLOBAL, &Globals.bDebugUid, NULL, NULL, 0},
|
||||
{"max log size", P_INTEGER, P_GLOBAL, &Globals.max_log_size, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"timestamp logs", P_BOOL, P_GLOBAL, &Globals.bTimestampLogs, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"debug timestamp", P_BOOL, P_GLOBAL, &Globals.bTimestampLogs, NULL, NULL, FLAG_DEVELOPER},
|
||||
{"debug hires timestamp", P_BOOL, P_GLOBAL, &Globals.bDebugHiresTimestamp, NULL, NULL, FLAG_DEVELOPER},
|
||||
{"debug pid", P_BOOL, P_GLOBAL, &Globals.bDebugPid, NULL, NULL, FLAG_DEVELOPER},
|
||||
{"debug uid", P_BOOL, P_GLOBAL, &Globals.bDebugUid, NULL, NULL, FLAG_DEVELOPER},
|
||||
|
||||
{"Protocol Options", P_SEP, P_SEPARATOR},
|
||||
|
||||
{"smb ports", P_STRING, P_GLOBAL, &Globals.smb_ports, NULL, NULL, 0},
|
||||
{"protocol", P_ENUM, P_GLOBAL, &Globals.maxprotocol, NULL, enum_protocol, 0},
|
||||
{"large readwrite", P_BOOL, P_GLOBAL, &Globals.bLargeReadwrite, NULL, NULL, 0},
|
||||
{"max protocol", P_ENUM, P_GLOBAL, &Globals.maxprotocol, NULL, enum_protocol, 0},
|
||||
{"min protocol", P_ENUM, P_GLOBAL, &Globals.minprotocol, NULL, enum_protocol, 0},
|
||||
{"unicode", P_BOOL, P_GLOBAL, &Globals.bUnicode, NULL, NULL, 0},
|
||||
{"read bmpx", P_BOOL, P_GLOBAL, &Globals.bReadbmpx, NULL, NULL, 0},
|
||||
{"read raw", P_BOOL, P_GLOBAL, &Globals.bReadRaw, NULL, NULL, 0},
|
||||
{"write raw", P_BOOL, P_GLOBAL, &Globals.bWriteRaw, NULL, NULL, 0},
|
||||
{"disable netbios", P_BOOL, P_GLOBAL, &Globals.bDisableNetbios, NULL, NULL, 0},
|
||||
{"smb ports", P_STRING, P_GLOBAL, &Globals.smb_ports, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"protocol", P_ENUM, P_GLOBAL, &Globals.maxprotocol, NULL, enum_protocol, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"large readwrite", P_BOOL, P_GLOBAL, &Globals.bLargeReadwrite, NULL, NULL, FLAG_DEVELOPER},
|
||||
{"max protocol", P_ENUM, P_GLOBAL, &Globals.maxprotocol, NULL, enum_protocol, FLAG_DEVELOPER},
|
||||
{"min protocol", P_ENUM, P_GLOBAL, &Globals.minprotocol, NULL, enum_protocol, FLAG_DEVELOPER},
|
||||
{"unicode", P_BOOL, P_GLOBAL, &Globals.bUnicode, NULL, NULL, FLAG_DEVELOPER},
|
||||
{"read bmpx", P_BOOL, P_GLOBAL, &Globals.bReadbmpx, NULL, NULL, FLAG_DEVELOPER},
|
||||
{"read raw", P_BOOL, P_GLOBAL, &Globals.bReadRaw, NULL, NULL, FLAG_DEVELOPER},
|
||||
{"write raw", P_BOOL, P_GLOBAL, &Globals.bWriteRaw, NULL, NULL, FLAG_DEVELOPER},
|
||||
{"disable netbios", P_BOOL, P_GLOBAL, &Globals.bDisableNetbios, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
|
||||
{"nt pipe support", P_BOOL, P_GLOBAL, &Globals.bNTPipeSupport, NULL, NULL, 0},
|
||||
{"nt acl support", P_BOOL, P_LOCAL, &sDefault.bNTAclSupport, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE },
|
||||
{"nt status support", P_BOOL, P_GLOBAL, &Globals.bNTStatusSupport, NULL, NULL, 0},
|
||||
{"announce version", P_STRING, P_GLOBAL, &Globals.szAnnounceVersion, NULL, NULL, 0},
|
||||
{"announce as", P_ENUM, P_GLOBAL, &Globals.announce_as, NULL, enum_announce_as, 0},
|
||||
{"max mux", P_INTEGER, P_GLOBAL, &Globals.max_mux, NULL, NULL, 0},
|
||||
{"max xmit", P_INTEGER, P_GLOBAL, &Globals.max_xmit, NULL, NULL, 0},
|
||||
{"nt pipe support", P_BOOL, P_GLOBAL, &Globals.bNTPipeSupport, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"nt acl support", P_BOOL, P_LOCAL, &sDefault.bNTAclSupport, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE | FLAG_ADVANCED | FLAG_WIZARD},
|
||||
{"nt status support", P_BOOL, P_GLOBAL, &Globals.bNTStatusSupport, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"profile acls", P_BOOL, P_LOCAL, &sDefault.bProfileAcls, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE | FLAG_ADVANCED | FLAG_WIZARD},
|
||||
|
||||
{"name resolve order", P_STRING, P_GLOBAL, &Globals.szNameResolveOrder, NULL, NULL, 0},
|
||||
{"max packet", P_INTEGER, P_GLOBAL, &Globals.max_packet, NULL, NULL, 0},
|
||||
{"packet size", P_INTEGER, P_GLOBAL, &Globals.max_packet, NULL, NULL, 0},
|
||||
{"max ttl", P_INTEGER, P_GLOBAL, &Globals.max_ttl, NULL, NULL, 0},
|
||||
{"max wins ttl", P_INTEGER, P_GLOBAL, &Globals.max_wins_ttl, NULL, NULL, 0},
|
||||
{"min wins ttl", P_INTEGER, P_GLOBAL, &Globals.min_wins_ttl, NULL, NULL, 0},
|
||||
{"time server", P_BOOL, P_GLOBAL, &Globals.bTimeServer, NULL, NULL, 0},
|
||||
{"unix extensions", P_BOOL, P_GLOBAL, &Globals.bUnixExtensions, NULL, NULL, 0},
|
||||
{"use spnego", P_BOOL, P_GLOBAL, &Globals.bUseSpnego, NULL, NULL, 0},
|
||||
{"announce version", P_STRING, P_GLOBAL, &Globals.szAnnounceVersion, NULL, NULL, FLAG_DEVELOPER},
|
||||
{"announce as", P_ENUM, P_GLOBAL, &Globals.announce_as, NULL, enum_announce_as, FLAG_DEVELOPER},
|
||||
{"max mux", P_INTEGER, P_GLOBAL, &Globals.max_mux, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"max xmit", P_INTEGER, P_GLOBAL, &Globals.max_xmit, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
|
||||
{"name resolve order", P_STRING, P_GLOBAL, &Globals.szNameResolveOrder, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
|
||||
{"max ttl", P_INTEGER, P_GLOBAL, &Globals.max_ttl, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"max wins ttl", P_INTEGER, P_GLOBAL, &Globals.max_wins_ttl, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"min wins ttl", P_INTEGER, P_GLOBAL, &Globals.min_wins_ttl, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"time server", P_BOOL, P_GLOBAL, &Globals.bTimeServer, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"unix extensions", P_BOOL, P_GLOBAL, &Globals.bUnixExtensions, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"use spnego", P_BOOL, P_GLOBAL, &Globals.bUseSpnego, NULL, NULL, FLAG_DEVELOPER},
|
||||
|
||||
{"Tuning Options", P_SEP, P_SEPARATOR},
|
||||
|
||||
{"block size", P_INTEGER, P_LOCAL, &sDefault.iBlock_size, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
|
||||
{"change notify timeout", P_INTEGER, P_GLOBAL, &Globals.change_notify_timeout, NULL, NULL, 0},
|
||||
{"deadtime", P_INTEGER, P_GLOBAL, &Globals.deadtime, NULL, NULL, 0},
|
||||
{"getwd cache", P_BOOL, P_GLOBAL, &use_getwd_cache, NULL, NULL, 0},
|
||||
{"keepalive", P_INTEGER, P_GLOBAL, &keepalive, NULL, NULL, 0},
|
||||
{"change notify timeout", P_INTEGER, P_GLOBAL, &Globals.change_notify_timeout, NULL, NULL, FLAG_DEVELOPER},
|
||||
{"deadtime", P_INTEGER, P_GLOBAL, &Globals.deadtime, NULL, NULL, FLAG_DEVELOPER},
|
||||
{"getwd cache", P_BOOL, P_GLOBAL, &use_getwd_cache, NULL, NULL, FLAG_DEVELOPER},
|
||||
{"keepalive", P_INTEGER, P_GLOBAL, &keepalive, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
|
||||
{"lpq cache time", P_INTEGER, P_GLOBAL, &Globals.lpqcachetime, NULL, NULL, 0},
|
||||
{"max smbd processes", P_INTEGER, P_GLOBAL, &Globals.iMaxSmbdProcesses, NULL, NULL, 0},
|
||||
{"lpq cache time", P_INTEGER, P_GLOBAL, &Globals.lpqcachetime, NULL, NULL, FLAG_DEVELOPER},
|
||||
{"max smbd processes", P_INTEGER, P_GLOBAL, &Globals.iMaxSmbdProcesses, NULL, NULL, FLAG_DEVELOPER},
|
||||
{"max connections", P_INTEGER, P_LOCAL, &sDefault.iMaxConnections, NULL, NULL, FLAG_SHARE},
|
||||
{"paranoid server security", P_BOOL, P_GLOBAL, &Globals.paranoid_server_security, NULL, NULL, 0},
|
||||
{"max disk size", P_INTEGER, P_GLOBAL, &Globals.maxdisksize, NULL, NULL, 0},
|
||||
{"max open files", P_INTEGER, P_GLOBAL, &Globals.max_open_files, NULL, NULL, 0},
|
||||
{"paranoid server security", P_BOOL, P_GLOBAL, &Globals.paranoid_server_security, NULL, NULL, FLAG_DEVELOPER},
|
||||
{"max disk size", P_INTEGER, P_GLOBAL, &Globals.maxdisksize, NULL, NULL, FLAG_DEVELOPER},
|
||||
{"max open files", P_INTEGER, P_GLOBAL, &Globals.max_open_files, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"min print space", P_INTEGER, P_LOCAL, &sDefault.iMinPrintSpace, NULL, NULL, FLAG_PRINT},
|
||||
{"read size", P_INTEGER, P_GLOBAL, &Globals.ReadSize, NULL, NULL, 0},
|
||||
{"read size", P_INTEGER, P_GLOBAL, &Globals.ReadSize, NULL, NULL, FLAG_DEVELOPER},
|
||||
|
||||
{"socket options", P_GSTRING, P_GLOBAL, user_socket_options, NULL, NULL, 0},
|
||||
{"stat cache size", P_INTEGER, P_GLOBAL, &Globals.stat_cache_size, NULL, NULL, 0},
|
||||
{"socket options", P_GSTRING, P_GLOBAL, user_socket_options, NULL, NULL, FLAG_DEVELOPER},
|
||||
{"stat cache size", P_INTEGER, P_GLOBAL, &Globals.stat_cache_size, NULL, NULL, FLAG_DEVELOPER},
|
||||
{"strict allocate", P_BOOL, P_LOCAL, &sDefault.bStrictAllocate, NULL, NULL, FLAG_SHARE},
|
||||
{"strict sync", P_BOOL, P_LOCAL, &sDefault.bStrictSync, NULL, NULL, FLAG_SHARE},
|
||||
{"sync always", P_BOOL, P_LOCAL, &sDefault.bSyncAlways, NULL, NULL, FLAG_SHARE},
|
||||
{"use mmap", P_BOOL, P_GLOBAL, &Globals.bUseMmap, NULL, NULL, 0},
|
||||
{"hostname lookups", P_BOOL, P_GLOBAL, &Globals.bHostnameLookups, NULL, NULL, 0},
|
||||
{"use mmap", P_BOOL, P_GLOBAL, &Globals.bUseMmap, NULL, NULL, FLAG_DEVELOPER},
|
||||
#ifdef WITH_SENDFILE
|
||||
{"use sendfile", P_BOOL, P_LOCAL, &sDefault.bUseSendfile, NULL, NULL, FLAG_SHARE},
|
||||
#endif
|
||||
{"hostname lookups", P_BOOL, P_GLOBAL, &Globals.bHostnameLookups, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"write cache size", P_INTEGER, P_LOCAL, &sDefault.iWriteCacheSize, NULL, NULL, FLAG_SHARE},
|
||||
|
||||
{"name cache timeout", P_INTEGER, P_GLOBAL, &Globals.name_cache_timeout, NULL, NULL, 0},
|
||||
{"name cache timeout", P_INTEGER, P_GLOBAL, &Globals.name_cache_timeout, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
|
||||
{"Printing Options", P_SEP, P_SEPARATOR},
|
||||
|
||||
{"total print jobs", P_INTEGER, P_GLOBAL, &Globals.iTotalPrintJobs, NULL, NULL, FLAG_PRINT},
|
||||
{"max print jobs", P_INTEGER, P_LOCAL, &sDefault.iMaxPrintJobs, NULL, NULL, FLAG_PRINT},
|
||||
{"load printers", P_BOOL, P_GLOBAL, &Globals.bLoadPrinters, NULL, NULL, FLAG_PRINT},
|
||||
{"printcap name", P_STRING, P_GLOBAL, &Globals.szPrintcapname, NULL, NULL, FLAG_PRINT},
|
||||
{"printcap", P_STRING, P_GLOBAL, &Globals.szPrintcapname, NULL, NULL, 0},
|
||||
{"printcap name", P_STRING, P_GLOBAL, &Globals.szPrintcapname, NULL, NULL, FLAG_PRINT | FLAG_DEVELOPER},
|
||||
{"printcap", P_STRING, P_GLOBAL, &Globals.szPrintcapname, NULL, NULL, FLAG_HIDE},
|
||||
{"printable", P_BOOL, P_LOCAL, &sDefault.bPrint_ok, NULL, NULL, FLAG_PRINT},
|
||||
{"print ok", P_BOOL, P_LOCAL, &sDefault.bPrint_ok, NULL, NULL, 0},
|
||||
{"print ok", P_BOOL, P_LOCAL, &sDefault.bPrint_ok, NULL, NULL, FLAG_HIDE},
|
||||
{"postscript", P_BOOL, P_LOCAL, &sDefault.bPostscript, NULL, NULL, FLAG_PRINT | FLAG_DEPRECATED},
|
||||
{"printing", P_ENUM, P_LOCAL, &sDefault.iPrinting, NULL, enum_printing, FLAG_PRINT | FLAG_GLOBAL},
|
||||
{"print command", P_STRING, P_LOCAL, &sDefault.szPrintcommand, NULL, NULL, FLAG_PRINT | FLAG_GLOBAL},
|
||||
@ -861,14 +896,14 @@ static struct parm_struct parm_table[] = {
|
||||
{"queuepause command", P_STRING, P_LOCAL, &sDefault.szQueuepausecommand, NULL, NULL, FLAG_PRINT | FLAG_GLOBAL},
|
||||
{"queueresume command", P_STRING, P_LOCAL, &sDefault.szQueueresumecommand, NULL, NULL, FLAG_PRINT | FLAG_GLOBAL},
|
||||
|
||||
{"enumports command", P_STRING, P_GLOBAL, &Globals.szEnumPortsCommand, NULL, NULL, 0},
|
||||
{"addprinter command", P_STRING, P_GLOBAL, &Globals.szAddPrinterCommand, NULL, NULL, 0},
|
||||
{"deleteprinter command", P_STRING, P_GLOBAL, &Globals.szDeletePrinterCommand, NULL, NULL, 0},
|
||||
{"show add printer wizard", P_BOOL, P_GLOBAL, &Globals.bMsAddPrinterWizard, NULL, NULL, 0},
|
||||
{"os2 driver map", P_STRING, P_GLOBAL, &Globals.szOs2DriverMap, NULL, NULL, 0},
|
||||
{"enumports command", P_STRING, P_GLOBAL, &Globals.szEnumPortsCommand, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"addprinter command", P_STRING, P_GLOBAL, &Globals.szAddPrinterCommand, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"deleteprinter command", P_STRING, P_GLOBAL, &Globals.szDeletePrinterCommand, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"show add printer wizard", P_BOOL, P_GLOBAL, &Globals.bMsAddPrinterWizard, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"os2 driver map", P_STRING, P_GLOBAL, &Globals.szOs2DriverMap, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
|
||||
{"printer name", P_STRING, P_LOCAL, &sDefault.szPrintername, NULL, NULL, FLAG_PRINT},
|
||||
{"printer", P_STRING, P_LOCAL, &sDefault.szPrintername, NULL, NULL, 0},
|
||||
{"printer", P_STRING, P_LOCAL, &sDefault.szPrintername, NULL, NULL, FLAG_HIDE},
|
||||
{"use client driver", P_BOOL, P_LOCAL, &sDefault.bUseClientDriver, NULL, NULL, FLAG_PRINT},
|
||||
{"default devmode", P_BOOL, P_LOCAL, &sDefault.bDefaultDevmode, NULL, NULL, FLAG_PRINT},
|
||||
{"printer driver", P_STRING, P_LOCAL, &sDefault.szPrinterDriver, NULL, NULL, FLAG_PRINT | FLAG_DEPRECATED},
|
||||
@ -876,18 +911,19 @@ static struct parm_struct parm_table[] = {
|
||||
{"printer driver location", P_STRING, P_LOCAL, &sDefault.szPrinterDriverLocation, NULL, NULL, FLAG_PRINT | FLAG_GLOBAL | FLAG_DEPRECATED},
|
||||
|
||||
{"Filename Handling", P_SEP, P_SEPARATOR},
|
||||
{"strip dot", P_BOOL, P_GLOBAL, &Globals.bStripDot, NULL, NULL, 0},
|
||||
{"mangling method", P_STRING, P_GLOBAL, &Globals.szManglingMethod, NULL, NULL, 0},
|
||||
{"strip dot", P_BOOL, P_GLOBAL, &Globals.bStripDot, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"mangling method", P_STRING, P_GLOBAL, &Globals.szManglingMethod, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
|
||||
{"mangled stack", P_INTEGER, P_GLOBAL, &Globals.mangled_stack, NULL, NULL, 0},
|
||||
{"mangled stack", P_INTEGER, P_GLOBAL, &Globals.mangled_stack, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"default case", P_ENUM, P_LOCAL, &sDefault.iDefaultCase, NULL, enum_case, FLAG_SHARE},
|
||||
{"case sensitive", P_BOOL, P_LOCAL, &sDefault.bCaseSensitive, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
|
||||
{"casesignames", P_BOOL, P_LOCAL, &sDefault.bCaseSensitive, NULL, NULL, 0},
|
||||
{"casesignames", P_BOOL, P_LOCAL, &sDefault.bCaseSensitive, NULL, NULL, FLAG_HIDE},
|
||||
{"preserve case", P_BOOL, P_LOCAL, &sDefault.bCasePreserve, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
|
||||
{"short preserve case", P_BOOL, P_LOCAL, &sDefault.bShortCasePreserve, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
|
||||
{"mangle case", P_BOOL, P_LOCAL, &sDefault.bCaseMangle, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
|
||||
{"mangling char", P_CHAR, P_LOCAL, &sDefault.magic_char, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
|
||||
{"hide dot files", P_BOOL, P_LOCAL, &sDefault.bHideDotFiles, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
|
||||
{"hide special files", P_BOOL, P_LOCAL, &sDefault.bHideSpecialFiles, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
|
||||
{"hide unreadable", P_BOOL, P_LOCAL, &sDefault.bHideUnReadable, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
|
||||
{"hide unwriteable files", P_BOOL, P_LOCAL, &sDefault.bHideUnWriteableFiles, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
|
||||
{"delete veto files", P_BOOL, P_LOCAL, &sDefault.bDeleteVetoFiles, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
|
||||
@ -899,52 +935,53 @@ static struct parm_struct parm_table[] = {
|
||||
{"map archive", P_BOOL, P_LOCAL, &sDefault.bMap_archive, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
|
||||
{"mangled names", P_BOOL, P_LOCAL, &sDefault.bMangledNames, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
|
||||
{"mangled map", P_STRING, P_LOCAL, &sDefault.szMangledMap, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
|
||||
{"stat cache", P_BOOL, P_GLOBAL, &Globals.bStatCache, NULL, NULL, 0},
|
||||
{"stat cache", P_BOOL, P_GLOBAL, &Globals.bStatCache, NULL, NULL, FLAG_DEVELOPER},
|
||||
|
||||
{"Domain Options", P_SEP, P_SEPARATOR},
|
||||
|
||||
{"machine password timeout", P_INTEGER, P_GLOBAL, &Globals.machine_password_timeout, NULL, NULL, 0},
|
||||
{"machine password timeout", P_INTEGER, P_GLOBAL, &Globals.machine_password_timeout, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
|
||||
|
||||
{"Logon Options", P_SEP, P_SEPARATOR},
|
||||
|
||||
{"add user script", P_STRING, P_GLOBAL, &Globals.szAddUserScript, NULL, NULL, 0},
|
||||
{"delete user script", P_STRING, P_GLOBAL, &Globals.szDelUserScript, NULL, NULL, 0},
|
||||
{"add group script", P_STRING, P_GLOBAL, &Globals.szAddGroupScript, NULL, NULL, 0},
|
||||
{"delete group script", P_STRING, P_GLOBAL, &Globals.szDelGroupScript, NULL, NULL, 0},
|
||||
{"add user to group script", P_STRING, P_GLOBAL, &Globals.szAddUserToGroupScript, NULL, NULL, 0},
|
||||
{"delete user from group script", P_STRING, P_GLOBAL, &Globals.szDelUserFromGroupScript, NULL, NULL, 0},
|
||||
{"add machine script", P_STRING, P_GLOBAL, &Globals.szAddMachineScript, NULL, NULL, 0},
|
||||
{"shutdown script", P_STRING, P_GLOBAL, &Globals.szShutdownScript, NULL, NULL, 0},
|
||||
{"abort shutdown script", P_STRING, P_GLOBAL, &Globals.szAbortShutdownScript, NULL, NULL, 0},
|
||||
{"add user script", P_STRING, P_GLOBAL, &Globals.szAddUserScript, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"delete user script", P_STRING, P_GLOBAL, &Globals.szDelUserScript, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"add group script", P_STRING, P_GLOBAL, &Globals.szAddGroupScript, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"delete group script", P_STRING, P_GLOBAL, &Globals.szDelGroupScript, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"add user to group script", P_STRING, P_GLOBAL, &Globals.szAddUserToGroupScript, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"delete user from group script", P_STRING, P_GLOBAL, &Globals.szDelUserFromGroupScript, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"set primary group script", P_STRING, P_GLOBAL, &Globals.szSetPrimaryGroupScript, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"add machine script", P_STRING, P_GLOBAL, &Globals.szAddMachineScript, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"shutdown script", P_STRING, P_GLOBAL, &Globals.szShutdownScript, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"abort shutdown script", P_STRING, P_GLOBAL, &Globals.szAbortShutdownScript, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
|
||||
{"logon script", P_STRING, P_GLOBAL, &Globals.szLogonScript, NULL, NULL, 0},
|
||||
{"logon path", P_STRING, P_GLOBAL, &Globals.szLogonPath, NULL, NULL, 0},
|
||||
{"logon drive", P_STRING, P_GLOBAL, &Globals.szLogonDrive, NULL, NULL, 0},
|
||||
{"logon home", P_STRING, P_GLOBAL, &Globals.szLogonHome, NULL, NULL, 0},
|
||||
{"domain logons", P_BOOL, P_GLOBAL, &Globals.bDomainLogons, NULL, NULL, 0},
|
||||
{"logon script", P_STRING, P_GLOBAL, &Globals.szLogonScript, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"logon path", P_STRING, P_GLOBAL, &Globals.szLogonPath, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"logon drive", P_STRING, P_GLOBAL, &Globals.szLogonDrive, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"logon home", P_STRING, P_GLOBAL, &Globals.szLogonHome, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"domain logons", P_BOOL, P_GLOBAL, &Globals.bDomainLogons, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
|
||||
{"Browse Options", P_SEP, P_SEPARATOR},
|
||||
|
||||
{"os level", P_INTEGER, P_GLOBAL, &Globals.os_level, NULL, NULL, FLAG_BASIC},
|
||||
{"lm announce", P_ENUM, P_GLOBAL, &Globals.lm_announce, NULL, enum_bool_auto, 0},
|
||||
{"lm interval", P_INTEGER, P_GLOBAL, &Globals.lm_interval, NULL, NULL, 0},
|
||||
{"preferred master", P_ENUM, P_GLOBAL, &Globals.bPreferredMaster, NULL, enum_bool_auto, FLAG_BASIC},
|
||||
{"os level", P_INTEGER, P_GLOBAL, &Globals.os_level, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"lm announce", P_ENUM, P_GLOBAL, &Globals.lm_announce, NULL, enum_bool_auto, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"lm interval", P_INTEGER, P_GLOBAL, &Globals.lm_interval, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"preferred master", P_ENUM, P_GLOBAL, &Globals.bPreferredMaster, NULL, enum_bool_auto, FLAG_BASIC | FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"prefered master", P_ENUM, P_GLOBAL, &Globals.bPreferredMaster, NULL, enum_bool_auto, FLAG_HIDE},
|
||||
{"local master", P_BOOL, P_GLOBAL, &Globals.bLocalMaster, NULL, NULL, FLAG_BASIC},
|
||||
{"domain master", P_ENUM, P_GLOBAL, &Globals.bDomainMaster, NULL, enum_bool_auto, FLAG_BASIC},
|
||||
{"browse list", P_BOOL, P_GLOBAL, &Globals.bBrowseList, NULL, NULL, 0},
|
||||
{"browseable", P_BOOL, P_LOCAL, &sDefault.bBrowseable, NULL, NULL, FLAG_BASIC | FLAG_SHARE | FLAG_PRINT},
|
||||
{"browsable", P_BOOL, P_LOCAL, &sDefault.bBrowseable, NULL, NULL, 0},
|
||||
{"enhanced browsing", P_BOOL, P_GLOBAL, &Globals.enhanced_browsing, NULL, NULL},
|
||||
{"local master", P_BOOL, P_GLOBAL, &Globals.bLocalMaster, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"domain master", P_ENUM, P_GLOBAL, &Globals.bDomainMaster, NULL, enum_bool_auto, FLAG_BASIC | FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"browse list", P_BOOL, P_GLOBAL, &Globals.bBrowseList, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"browseable", P_BOOL, P_LOCAL, &sDefault.bBrowseable, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT | FLAG_DEVELOPER},
|
||||
{"browsable", P_BOOL, P_LOCAL, &sDefault.bBrowseable, NULL, NULL, FLAG_HIDE},
|
||||
{"enhanced browsing", P_BOOL, P_GLOBAL, &Globals.enhanced_browsing, NULL, NULL, FLAG_DEVELOPER | FLAG_ADVANCED},
|
||||
|
||||
{"WINS Options", P_SEP, P_SEPARATOR},
|
||||
{"dns proxy", P_BOOL, P_GLOBAL, &Globals.bDNSproxy, NULL, NULL, 0},
|
||||
{"wins proxy", P_BOOL, P_GLOBAL, &Globals.bWINSproxy, NULL, NULL, 0},
|
||||
{"dns proxy", P_BOOL, P_GLOBAL, &Globals.bDNSproxy, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"wins proxy", P_BOOL, P_GLOBAL, &Globals.bWINSproxy, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
|
||||
{"wins server", P_LIST, P_GLOBAL, &Globals.szWINSservers, NULL, NULL, FLAG_BASIC},
|
||||
{"wins support", P_BOOL, P_GLOBAL, &Globals.bWINSsupport, NULL, NULL, FLAG_BASIC},
|
||||
{"wins hook", P_STRING, P_GLOBAL, &Globals.szWINSHook, NULL, NULL, 0},
|
||||
{"wins partners", P_STRING, P_GLOBAL, &Globals.szWINSPartners, NULL, NULL, 0},
|
||||
{"wins server", P_LIST, P_GLOBAL, &Globals.szWINSservers, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
|
||||
{"wins support", P_BOOL, P_GLOBAL, &Globals.bWINSsupport, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
|
||||
{"wins hook", P_STRING, P_GLOBAL, &Globals.szWINSHook, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"wins partners", P_STRING, P_GLOBAL, &Globals.szWINSPartners, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
|
||||
|
||||
{"Locking Options", P_SEP, P_SEPARATOR},
|
||||
|
||||
@ -966,57 +1003,58 @@ static struct parm_struct parm_table[] = {
|
||||
|
||||
{"Ldap Options", P_SEP, P_SEPARATOR},
|
||||
|
||||
{"ldap suffix", P_STRING, P_GLOBAL, &Globals.szLdapSuffix, handle_ldap_suffix, NULL, 0},
|
||||
{"ldap machine suffix", P_STRING, P_GLOBAL, &Globals.szLdapMachineSuffix, handle_ldap_machine_suffix, NULL, 0},
|
||||
{"ldap user suffix", P_STRING, P_GLOBAL, &Globals.szLdapUserSuffix, handle_ldap_user_suffix, NULL, 0},
|
||||
{"ldap filter", P_STRING, P_GLOBAL, &Globals.szLdapFilter, NULL, NULL, 0},
|
||||
{"ldap admin dn", P_STRING, P_GLOBAL, &Globals.szLdapAdminDn, NULL, NULL, 0},
|
||||
{"ldap ssl", P_ENUM, P_GLOBAL, &Globals.ldap_ssl, NULL, enum_ldap_ssl, 0},
|
||||
{"ldap suffix", P_STRING, P_GLOBAL, &Globals.szLdapSuffix, handle_ldap_suffix, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"ldap machine suffix", P_STRING, P_GLOBAL, &Globals.szLdapMachineSuffix, handle_ldap_machine_suffix, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"ldap user suffix", P_STRING, P_GLOBAL, &Globals.szLdapUserSuffix, handle_ldap_user_suffix, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"ldap filter", P_STRING, P_GLOBAL, &Globals.szLdapFilter, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"ldap admin dn", P_STRING, P_GLOBAL, &Globals.szLdapAdminDn, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"ldap ssl", P_ENUM, P_GLOBAL, &Globals.ldap_ssl, NULL, enum_ldap_ssl, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"ldap passwd sync", P_ENUM, P_GLOBAL, &Globals.ldap_passwd_sync, NULL, enum_ldap_passwd_sync, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
|
||||
{"Miscellaneous Options", P_SEP, P_SEPARATOR},
|
||||
{"add share command", P_STRING, P_GLOBAL, &Globals.szAddShareCommand, NULL, NULL, 0},
|
||||
{"change share command", P_STRING, P_GLOBAL, &Globals.szChangeShareCommand, NULL, NULL, 0},
|
||||
{"delete share command", P_STRING, P_GLOBAL, &Globals.szDeleteShareCommand, NULL, NULL, 0},
|
||||
{"add share command", P_STRING, P_GLOBAL, &Globals.szAddShareCommand, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"change share command", P_STRING, P_GLOBAL, &Globals.szChangeShareCommand, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"delete share command", P_STRING, P_GLOBAL, &Globals.szDeleteShareCommand, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
|
||||
{"config file", P_STRING, P_GLOBAL, &Globals.szConfigFile, NULL, NULL, FLAG_HIDE},
|
||||
{"preload", P_STRING, P_GLOBAL, &Globals.szAutoServices, NULL, NULL, 0},
|
||||
{"auto services", P_STRING, P_GLOBAL, &Globals.szAutoServices, NULL, NULL, 0},
|
||||
{"lock dir", P_STRING, P_GLOBAL, &Globals.szLockDir, NULL, NULL, 0},
|
||||
{"lock directory", P_STRING, P_GLOBAL, &Globals.szLockDir, NULL, NULL, 0},
|
||||
{"pid directory", P_STRING, P_GLOBAL, &Globals.szPidDir, NULL, NULL, 0},
|
||||
{"preload", P_STRING, P_GLOBAL, &Globals.szAutoServices, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"auto services", P_STRING, P_GLOBAL, &Globals.szAutoServices, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"lock dir", P_STRING, P_GLOBAL, &Globals.szLockDir, NULL, NULL, FLAG_HIDE},
|
||||
{"lock directory", P_STRING, P_GLOBAL, &Globals.szLockDir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"pid directory", P_STRING, P_GLOBAL, &Globals.szPidDir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
#ifdef WITH_UTMP
|
||||
{"utmp directory", P_STRING, P_GLOBAL, &Globals.szUtmpDir, NULL, NULL, 0},
|
||||
{"wtmp directory", P_STRING, P_GLOBAL, &Globals.szWtmpDir, NULL, NULL, 0},
|
||||
{"utmp", P_BOOL, P_GLOBAL, &Globals.bUtmp, NULL, NULL, 0},
|
||||
{"utmp directory", P_STRING, P_GLOBAL, &Globals.szUtmpDir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"wtmp directory", P_STRING, P_GLOBAL, &Globals.szWtmpDir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"utmp", P_BOOL, P_GLOBAL, &Globals.bUtmp, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
#endif
|
||||
|
||||
{"default service", P_STRING, P_GLOBAL, &Globals.szDefaultService, NULL, NULL, 0},
|
||||
{"default", P_STRING, P_GLOBAL, &Globals.szDefaultService, NULL, NULL, 0},
|
||||
{"message command", P_STRING, P_GLOBAL, &Globals.szMsgCommand, NULL, NULL, 0},
|
||||
{"dfree command", P_STRING, P_GLOBAL, &Globals.szDfree, NULL, NULL, 0},
|
||||
{"remote announce", P_STRING, P_GLOBAL, &Globals.szRemoteAnnounce, NULL, NULL, 0},
|
||||
{"remote browse sync", P_STRING, P_GLOBAL, &Globals.szRemoteBrowseSync, NULL, NULL, 0},
|
||||
{"socket address", P_STRING, P_GLOBAL, &Globals.szSocketAddress, NULL, NULL, 0},
|
||||
{"homedir map", P_STRING, P_GLOBAL, &Globals.szNISHomeMapName, NULL, NULL, 0},
|
||||
{"time offset", P_INTEGER, P_GLOBAL, &extra_time_offset, NULL, NULL, 0},
|
||||
{"NIS homedir", P_BOOL, P_GLOBAL, &Globals.bNISHomeMap, NULL, NULL, 0},
|
||||
{"default service", P_STRING, P_GLOBAL, &Globals.szDefaultService, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"default", P_STRING, P_GLOBAL, &Globals.szDefaultService, NULL, NULL, FLAG_DEVELOPER},
|
||||
{"message command", P_STRING, P_GLOBAL, &Globals.szMsgCommand, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"dfree command", P_STRING, P_GLOBAL, &Globals.szDfree, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"remote announce", P_STRING, P_GLOBAL, &Globals.szRemoteAnnounce, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"remote browse sync", P_STRING, P_GLOBAL, &Globals.szRemoteBrowseSync, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"socket address", P_STRING, P_GLOBAL, &Globals.szSocketAddress, NULL, NULL, FLAG_DEVELOPER},
|
||||
{"homedir map", P_STRING, P_GLOBAL, &Globals.szNISHomeMapName, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"time offset", P_INTEGER, P_GLOBAL, &extra_time_offset, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"NIS homedir", P_BOOL, P_GLOBAL, &Globals.bNISHomeMap, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"-valid", P_BOOL, P_LOCAL, &sDefault.valid, NULL, NULL, FLAG_HIDE},
|
||||
|
||||
{"copy", P_STRING, P_LOCAL, &sDefault.szCopy, handle_copy, NULL, FLAG_HIDE},
|
||||
{"include", P_STRING, P_LOCAL, &sDefault.szInclude, handle_include, NULL, FLAG_HIDE},
|
||||
{"exec", P_STRING, P_LOCAL, &sDefault.szPreExec, NULL, NULL, FLAG_SHARE | FLAG_PRINT},
|
||||
{"preexec", P_STRING, P_LOCAL, &sDefault.szPreExec, NULL, NULL, 0},
|
||||
{"preexec", P_STRING, P_LOCAL, &sDefault.szPreExec, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
|
||||
{"preexec close", P_BOOL, P_LOCAL, &sDefault.bPreexecClose, NULL, NULL, FLAG_SHARE},
|
||||
{"postexec", P_STRING, P_LOCAL, &sDefault.szPostExec, NULL, NULL, FLAG_SHARE | FLAG_PRINT},
|
||||
{"root preexec", P_STRING, P_LOCAL, &sDefault.szRootPreExec, NULL, NULL, FLAG_SHARE | FLAG_PRINT},
|
||||
{"root preexec close", P_BOOL, P_LOCAL, &sDefault.bRootpreexecClose, NULL, NULL, FLAG_SHARE},
|
||||
{"root postexec", P_STRING, P_LOCAL, &sDefault.szRootPostExec, NULL, NULL, FLAG_SHARE | FLAG_PRINT},
|
||||
{"available", P_BOOL, P_LOCAL, &sDefault.bAvailable, NULL, NULL, FLAG_BASIC | FLAG_SHARE | FLAG_PRINT},
|
||||
{"available", P_BOOL, P_LOCAL, &sDefault.bAvailable, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT},
|
||||
{"volume", P_STRING, P_LOCAL, &sDefault.volume, NULL, NULL, FLAG_SHARE },
|
||||
{"fstype", P_STRING, P_LOCAL, &sDefault.fstype, NULL, NULL, FLAG_SHARE},
|
||||
{"set directory", P_BOOLREV, P_LOCAL, &sDefault.bNo_set_dir, NULL, NULL, FLAG_SHARE},
|
||||
{"source environment", P_STRING, P_GLOBAL, &Globals.szSourceEnv, handle_source_env, NULL, 0},
|
||||
{"source environment", P_STRING, P_GLOBAL, &Globals.szSourceEnv, handle_source_env, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"wide links", P_BOOL, P_LOCAL, &sDefault.bWidelinks, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
|
||||
{"follow symlinks", P_BOOL, P_LOCAL, &sDefault.bSymlinks, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
|
||||
{"dont descend", P_STRING, P_LOCAL, &sDefault.szDontdescend, NULL, NULL, FLAG_SHARE},
|
||||
@ -1028,9 +1066,8 @@ static struct parm_struct parm_table[] = {
|
||||
{"dos filetime resolution", P_BOOL, P_LOCAL, &sDefault.bDosFiletimeResolution, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
|
||||
|
||||
{"fake directory create times", P_BOOL, P_LOCAL, &sDefault.bFakeDirCreateTimes, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
|
||||
{"panic action", P_STRING, P_GLOBAL, &Globals.szPanicAction, NULL, NULL, 0},
|
||||
{"hide local users", P_BOOL, P_GLOBAL, &Globals.bHideLocalUsers, NULL,
|
||||
NULL, 0},
|
||||
{"panic action", P_STRING, P_GLOBAL, &Globals.szPanicAction, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"hide local users", P_BOOL, P_GLOBAL, &Globals.bHideLocalUsers, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
|
||||
{"VFS module options", P_SEP, P_SEPARATOR},
|
||||
|
||||
@ -1040,19 +1077,19 @@ static struct parm_struct parm_table[] = {
|
||||
|
||||
|
||||
{"msdfs root", P_BOOL, P_LOCAL, &sDefault.bMSDfsRoot, NULL, NULL, FLAG_SHARE},
|
||||
{"host msdfs", P_BOOL, P_GLOBAL, &Globals.bHostMSDfs, NULL, NULL, 0},
|
||||
{"host msdfs", P_BOOL, P_GLOBAL, &Globals.bHostMSDfs, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
|
||||
{"Winbind options", P_SEP, P_SEPARATOR},
|
||||
|
||||
{"winbind uid", P_STRING, P_GLOBAL, &Globals.szWinbindUID, handle_winbind_uid, NULL, 0},
|
||||
{"winbind gid", P_STRING, P_GLOBAL, &Globals.szWinbindGID, handle_winbind_gid, NULL, 0},
|
||||
{"template homedir", P_STRING, P_GLOBAL, &Globals.szTemplateHomedir, NULL, NULL, 0},
|
||||
{"template shell", P_STRING, P_GLOBAL, &Globals.szTemplateShell, NULL, NULL, 0},
|
||||
{"winbind separator", P_STRING, P_GLOBAL, &Globals.szWinbindSeparator, NULL, NULL, 0},
|
||||
{"winbind cache time", P_INTEGER, P_GLOBAL, &Globals.winbind_cache_time, NULL, NULL, 0},
|
||||
{"winbind enum users", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumUsers, NULL, NULL, 0},
|
||||
{"winbind enum groups", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumGroups, NULL, NULL, 0},
|
||||
{"winbind use default domain", P_BOOL, P_GLOBAL, &Globals.bWinbindUseDefaultDomain, NULL, NULL, 0},
|
||||
{"winbind uid", P_STRING, P_GLOBAL, &Globals.szWinbindUID, handle_winbind_uid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"winbind gid", P_STRING, P_GLOBAL, &Globals.szWinbindGID, handle_winbind_gid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"template homedir", P_STRING, P_GLOBAL, &Globals.szTemplateHomedir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"template shell", P_STRING, P_GLOBAL, &Globals.szTemplateShell, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"winbind separator", P_STRING, P_GLOBAL, &Globals.szWinbindSeparator, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"winbind cache time", P_INTEGER, P_GLOBAL, &Globals.winbind_cache_time, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"winbind enum users", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumUsers, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"winbind enum groups", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumGroups, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"winbind use default domain", P_BOOL, P_GLOBAL, &Globals.bWinbindUseDefaultDomain, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
|
||||
{NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0}
|
||||
};
|
||||
@ -1250,7 +1287,6 @@ static void init_globals(void)
|
||||
Globals.bAlgorithmicRidBase = BASE_RID;
|
||||
|
||||
Globals.bLoadPrinters = True;
|
||||
Globals.max_packet = 65535;
|
||||
Globals.mangled_stack = 50;
|
||||
Globals.max_xmit = 65535;
|
||||
Globals.max_mux = 50; /* This is *needed* for profile support. */
|
||||
@ -1279,7 +1315,6 @@ static void init_globals(void)
|
||||
Globals.bStripDot = False;
|
||||
Globals.syslog = 1;
|
||||
Globals.bSyslogOnly = False;
|
||||
Globals.bAdminLog = False;
|
||||
Globals.bTimestampLogs = True;
|
||||
string_set(&Globals.szLogLevel, "0");
|
||||
Globals.bDebugHiresTimestamp = False;
|
||||
@ -1339,6 +1374,7 @@ static void init_globals(void)
|
||||
string_set(&Globals.szLdapFilter, "(&(uid=%u)(objectclass=sambaAccount))");
|
||||
string_set(&Globals.szLdapAdminDn, "");
|
||||
Globals.ldap_ssl = LDAP_SSL_ON;
|
||||
Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
|
||||
|
||||
/* these parameters are set to defaults that are more appropriate
|
||||
for the increasing samba install base:
|
||||
@ -1521,6 +1557,7 @@ FN_GLOBAL_STRING(lp_nis_home_map_name, &Globals.szNISHomeMapName)
|
||||
static FN_GLOBAL_STRING(lp_announce_version, &Globals.szAnnounceVersion)
|
||||
FN_GLOBAL_LIST(lp_netbios_aliases, &Globals.szNetbiosAliases)
|
||||
FN_GLOBAL_LIST(lp_passdb_backend, &Globals.szPassdbBackend)
|
||||
FN_GLOBAL_LIST(lp_sam_backend, &Globals.szSamBackend)
|
||||
FN_GLOBAL_STRING(lp_panic_action, &Globals.szPanicAction)
|
||||
FN_GLOBAL_STRING(lp_adduser_script, &Globals.szAddUserScript)
|
||||
FN_GLOBAL_STRING(lp_deluser_script, &Globals.szDelUserScript)
|
||||
@ -1530,6 +1567,7 @@ FN_GLOBAL_STRING(lp_addgroup_script, &Globals.szAddGroupScript)
|
||||
FN_GLOBAL_STRING(lp_delgroup_script, &Globals.szDelGroupScript)
|
||||
FN_GLOBAL_STRING(lp_addusertogroup_script, &Globals.szAddUserToGroupScript)
|
||||
FN_GLOBAL_STRING(lp_deluserfromgroup_script, &Globals.szDelUserFromGroupScript)
|
||||
FN_GLOBAL_STRING(lp_setprimarygroup_script, &Globals.szSetPrimaryGroupScript)
|
||||
|
||||
FN_GLOBAL_STRING(lp_addmachine_script, &Globals.szAddMachineScript)
|
||||
|
||||
@ -1550,6 +1588,7 @@ FN_GLOBAL_STRING(lp_ldap_user_suffix, &Globals.szLdapUserSuffix)
|
||||
FN_GLOBAL_STRING(lp_ldap_filter, &Globals.szLdapFilter)
|
||||
FN_GLOBAL_STRING(lp_ldap_admin_dn, &Globals.szLdapAdminDn)
|
||||
FN_GLOBAL_INTEGER(lp_ldap_ssl, &Globals.ldap_ssl)
|
||||
FN_GLOBAL_INTEGER(lp_ldap_passwd_sync, &Globals.ldap_passwd_sync)
|
||||
FN_GLOBAL_STRING(lp_add_share_cmd, &Globals.szAddShareCommand)
|
||||
FN_GLOBAL_STRING(lp_change_share_cmd, &Globals.szChangeShareCommand)
|
||||
FN_GLOBAL_STRING(lp_delete_share_cmd, &Globals.szDeleteShareCommand)
|
||||
@ -1574,7 +1613,6 @@ FN_GLOBAL_BOOL(lp_strip_dot, &Globals.bStripDot)
|
||||
FN_GLOBAL_BOOL(lp_encrypted_passwords, &Globals.bEncryptPasswords)
|
||||
FN_GLOBAL_BOOL(lp_update_encrypted, &Globals.bUpdateEncrypt)
|
||||
FN_GLOBAL_BOOL(lp_syslog_only, &Globals.bSyslogOnly)
|
||||
FN_GLOBAL_BOOL(lp_admin_log, &Globals.bAdminLog)
|
||||
FN_GLOBAL_BOOL(lp_timestamp_logs, &Globals.bTimestampLogs)
|
||||
FN_GLOBAL_BOOL(lp_debug_hires_timestamp, &Globals.bDebugHiresTimestamp)
|
||||
FN_GLOBAL_BOOL(lp_debug_pid, &Globals.bDebugPid)
|
||||
@ -1686,6 +1724,7 @@ FN_LOCAL_BOOL(lp_preservecase, bCasePreserve)
|
||||
FN_LOCAL_BOOL(lp_shortpreservecase, bShortCasePreserve)
|
||||
FN_LOCAL_BOOL(lp_casemangle, bCaseMangle)
|
||||
FN_LOCAL_BOOL(lp_hide_dot_files, bHideDotFiles)
|
||||
FN_LOCAL_BOOL(lp_hide_special_files, bHideSpecialFiles)
|
||||
FN_LOCAL_BOOL(lp_hideunreadable, bHideUnReadable)
|
||||
FN_LOCAL_BOOL(lp_hideunwriteable_files, bHideUnWriteableFiles)
|
||||
FN_LOCAL_BOOL(lp_browseable, bBrowseable)
|
||||
@ -1724,6 +1763,10 @@ FN_LOCAL_BOOL(lp_inherit_acls, bInheritACLS)
|
||||
FN_LOCAL_BOOL(lp_use_client_driver, bUseClientDriver)
|
||||
FN_LOCAL_BOOL(lp_default_devmode, bDefaultDevmode)
|
||||
FN_LOCAL_BOOL(lp_nt_acl_support, bNTAclSupport)
|
||||
#ifdef WITH_SENDFILE
|
||||
FN_LOCAL_BOOL(lp_use_sendfile, bUseSendfile)
|
||||
#endif
|
||||
FN_LOCAL_BOOL(lp_profile_acls, bProfileAcls)
|
||||
FN_LOCAL_INTEGER(lp_create_mask, iCreate_mask)
|
||||
FN_LOCAL_INTEGER(lp_force_create_mode, iCreate_force_mode)
|
||||
FN_LOCAL_INTEGER(lp_security_mask, iSecurity_mask)
|
||||
@ -3507,30 +3550,44 @@ static void set_server_role(void)
|
||||
case SEC_SHARE:
|
||||
if (lp_domain_logons())
|
||||
DEBUG(0, ("Server's Role (logon server) conflicts with share-level security\n"));
|
||||
DEBUG(10,("set_server_role: ROLE_STANDALONE\n"));
|
||||
break;
|
||||
case SEC_SERVER:
|
||||
case SEC_DOMAIN:
|
||||
case SEC_ADS:
|
||||
if (lp_domain_logons()) {
|
||||
server_role = ROLE_DOMAIN_PDC;
|
||||
DEBUG(10,("set_server_role:ROLE_DOMAIN_PDC\n"));
|
||||
break;
|
||||
}
|
||||
server_role = ROLE_DOMAIN_MEMBER;
|
||||
DEBUG(10,("set_server_role: ROLE_DOMAIN_MEMBER\n"));
|
||||
break;
|
||||
case SEC_USER:
|
||||
if (lp_domain_logons()) {
|
||||
|
||||
if (Globals.bDomainMaster) /* auto or yes */
|
||||
server_role = ROLE_DOMAIN_PDC;
|
||||
DEBUG(10,("set_server_role: ROLE_DOMAIN_PDC\n"));
|
||||
break;
|
||||
else
|
||||
server_role = ROLE_DOMAIN_BDC;
|
||||
}
|
||||
DEBUG(10,("set_server_role: ROLE_STANDALONE\n"));
|
||||
break;
|
||||
default:
|
||||
DEBUG(0, ("Server's Role undefined due to unknown security mode\n"));
|
||||
DEBUG(10,("set_server_role: ROLE_STANDALONE\n"));
|
||||
break;
|
||||
}
|
||||
|
||||
DEBUG(10, ("set_server_role: role = "));
|
||||
|
||||
switch(server_role) {
|
||||
case ROLE_STANDALONE:
|
||||
DEBUGADD(10, ("ROLE_STANDALONE\n"));
|
||||
break;
|
||||
case ROLE_DOMAIN_MEMBER:
|
||||
DEBUGADD(10, ("ROLE_DOMAIN_MEMBER\n"));
|
||||
break;
|
||||
case ROLE_DOMAIN_BDC:
|
||||
DEBUGADD(10, ("ROLE_DOMAIN_BDC\n"));
|
||||
break;
|
||||
case ROLE_DOMAIN_PDC:
|
||||
DEBUGADD(10, ("ROLE_DOMAIN_PDC\n"));
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -3555,12 +3612,13 @@ BOOL lp_load(const char *pszFname, BOOL global_only, BOOL save_defaults,
|
||||
|
||||
bRetval = False;
|
||||
|
||||
DEBUG(3, ("lp_load: refreshing parmaters\n"));
|
||||
DEBUG(3, ("lp_load: refreshing parameters\n"));
|
||||
|
||||
bInGlobalSection = True;
|
||||
bGlobalOnly = global_only;
|
||||
|
||||
init_globals();
|
||||
debug_init();
|
||||
|
||||
if (save_defaults)
|
||||
{
|
||||
|
@ -80,7 +80,6 @@ static BOOL pdb_generate_sam_sid(void)
|
||||
{
|
||||
char *fname = NULL;
|
||||
extern pstring global_myname;
|
||||
extern fstring global_myworkgroup;
|
||||
BOOL is_dc = False;
|
||||
|
||||
if(global_sam_sid==NULL)
|
||||
@ -106,11 +105,11 @@ static BOOL pdb_generate_sam_sid(void)
|
||||
if (!is_dc)
|
||||
return True;
|
||||
|
||||
if (!secrets_fetch_domain_sid(global_myworkgroup, &domain_sid)) {
|
||||
if (!secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) {
|
||||
|
||||
/* No domain sid and we're a pdc/bdc. Store it */
|
||||
|
||||
if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) {
|
||||
if (!secrets_store_domain_sid(lp_workgroup(), global_sam_sid)) {
|
||||
DEBUG(0,("pdb_generate_sam_sid: Can't store domain SID as a pdc/bdc.\n"));
|
||||
return False;
|
||||
}
|
||||
@ -122,7 +121,7 @@ static BOOL pdb_generate_sam_sid(void)
|
||||
/* Domain name sid doesn't match global sam sid. Re-store global sam sid as domain sid. */
|
||||
|
||||
DEBUG(0,("pdb_generate_sam_sid: Mismatched SIDs as a pdc/bdc.\n"));
|
||||
if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) {
|
||||
if (!secrets_store_domain_sid(lp_workgroup(), global_sam_sid)) {
|
||||
DEBUG(0,("pdb_generate_sam_sid: Can't re-store domain SID as a pdc/bdc.\n"));
|
||||
return False;
|
||||
}
|
||||
@ -145,7 +144,7 @@ static BOOL pdb_generate_sam_sid(void)
|
||||
}
|
||||
unlink(fname);
|
||||
if (is_dc) {
|
||||
if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) {
|
||||
if (!secrets_store_domain_sid(lp_workgroup(), global_sam_sid)) {
|
||||
DEBUG(0,("pdb_generate_sam_sid: Failed to store domain SID from file.\n"));
|
||||
SAFE_FREE(fname);
|
||||
return False;
|
||||
@ -168,7 +167,7 @@ static BOOL pdb_generate_sam_sid(void)
|
||||
return False;
|
||||
}
|
||||
if (is_dc) {
|
||||
if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) {
|
||||
if (!secrets_store_domain_sid(lp_workgroup(), global_sam_sid)) {
|
||||
DEBUG(0,("pdb_generate_sam_sid: Failed to store generated domain SID.\n"));
|
||||
return False;
|
||||
}
|
||||
|
@ -75,11 +75,19 @@ static void pdb_fill_default_sam(SAM_ACCOUNT *user)
|
||||
user->private.workstations = "";
|
||||
user->private.unknown_str = "";
|
||||
user->private.munged_dial = "";
|
||||
|
||||
user->private.plaintext_pw = NULL;
|
||||
|
||||
}
|
||||
|
||||
static void destroy_pdb_talloc(SAM_ACCOUNT **user)
|
||||
{
|
||||
if (*user) {
|
||||
data_blob_clear_free(&((*user)->private.lm_pw));
|
||||
data_blob_clear_free(&((*user)->private.nt_pw));
|
||||
|
||||
if((*user)->private.plaintext_pw!=NULL)
|
||||
memset((*user)->private.plaintext_pw,'\0',strlen((*user)->private.plaintext_pw));
|
||||
talloc_destroy((*user)->mem_ctx);
|
||||
*user = NULL;
|
||||
}
|
||||
@ -251,6 +259,15 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd)
|
||||
pwd->pw_name, global_myname,
|
||||
pwd->pw_uid, pwd->pw_gid),
|
||||
False);
|
||||
if (!pdb_set_acct_ctrl(sam_account, ACB_NORMAL)) {
|
||||
DEBUG(1, ("Failed to set 'normal account' flags for user %s.\n", pwd->pw_name));
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
} else {
|
||||
if (!pdb_set_acct_ctrl(sam_account, ACB_WSTRUST)) {
|
||||
DEBUG(1, ("Failed to set 'trusted workstation account' flags for user %s.\n", pwd->pw_name));
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
}
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
@ -301,7 +318,8 @@ static void pdb_free_sam_contents(SAM_ACCOUNT *user)
|
||||
|
||||
data_blob_clear_free(&(user->private.lm_pw));
|
||||
data_blob_clear_free(&(user->private.nt_pw));
|
||||
data_blob_clear_free(&(user->private.plaintext_pw));
|
||||
if (user->private.plaintext_pw!=NULL)
|
||||
memset(user->private.plaintext_pw,'\0',strlen(user->private.plaintext_pw));
|
||||
}
|
||||
|
||||
|
||||
@ -823,11 +841,14 @@ BOOL local_sid_to_uid(uid_t *puid, const DOM_SID *psid, enum SID_NAME_USE *name_
|
||||
return False;
|
||||
|
||||
if (pdb_getsampwsid(sam_user, psid)) {
|
||||
*puid = pdb_get_uid(sam_user);
|
||||
if (*puid == -1) {
|
||||
|
||||
if (!(pdb_get_init_flag(sam_user) & FLAG_SAM_UID)) {
|
||||
pdb_free_sam(&sam_user);
|
||||
return False;
|
||||
}
|
||||
|
||||
*puid = pdb_get_uid(sam_user);
|
||||
|
||||
DEBUG(10,("local_sid_to_uid: SID %s -> uid (%u) (%s).\n", sid_to_string( str, psid),
|
||||
(unsigned int)*puid, pdb_get_username(sam_user)));
|
||||
pdb_free_sam(&sam_user);
|
||||
@ -982,6 +1003,7 @@ BOOL local_password_change(const char *user_name, int local_flags,
|
||||
{
|
||||
struct passwd *pwd = NULL;
|
||||
SAM_ACCOUNT *sam_pass=NULL;
|
||||
uint16 other_acb;
|
||||
|
||||
*err_str = '\0';
|
||||
*msg_str = '\0';
|
||||
@ -1021,31 +1043,33 @@ BOOL local_password_change(const char *user_name, int local_flags,
|
||||
return False;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
/* the entry already existed */
|
||||
local_flags &= ~LOCAL_ADD_USER;
|
||||
}
|
||||
|
||||
/* the 'other' acb bits not being changed here */
|
||||
other_acb = (pdb_get_acct_ctrl(sam_pass) & (!(ACB_WSTRUST|ACB_DOMTRUST|ACB_SVRTRUST|ACB_NORMAL)));
|
||||
if (local_flags & LOCAL_TRUST_ACCOUNT) {
|
||||
if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST)) {
|
||||
if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST | other_acb) ) {
|
||||
slprintf(err_str, err_str_len - 1, "Failed to set 'trusted workstation account' flags for user %s.\n", user_name);
|
||||
pdb_free_sam(&sam_pass);
|
||||
return False;
|
||||
}
|
||||
} else if (local_flags & LOCAL_INTERDOM_ACCOUNT) {
|
||||
if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST)) {
|
||||
if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST | other_acb)) {
|
||||
slprintf(err_str, err_str_len - 1, "Failed to set 'domain trust account' flags for user %s.\n", user_name);
|
||||
pdb_free_sam(&sam_pass);
|
||||
return False;
|
||||
}
|
||||
} else {
|
||||
if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL)) {
|
||||
if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL | other_acb)) {
|
||||
slprintf(err_str, err_str_len - 1, "Failed to set 'normal account' flags for user %s.\n", user_name);
|
||||
pdb_free_sam(&sam_pass);
|
||||
return False;
|
||||
}
|
||||
}
|
||||
|
||||
} else {
|
||||
/* the entry already existed */
|
||||
local_flags &= ~LOCAL_ADD_USER;
|
||||
}
|
||||
|
||||
/*
|
||||
* We are root - just write the new password
|
||||
* and the valid last change time.
|
||||
|
@ -151,7 +151,7 @@ const uint8* pdb_get_lanman_passwd (const SAM_ACCOUNT *sampass)
|
||||
const char* pdb_get_plaintext_passwd (const SAM_ACCOUNT *sampass)
|
||||
{
|
||||
if (sampass) {
|
||||
return ((char*)sampass->private.plaintext_pw.data);
|
||||
return (sampass->private.plaintext_pw);
|
||||
}
|
||||
else
|
||||
return (NULL);
|
||||
@ -956,14 +956,24 @@ BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, const uint8 pwd[16])
|
||||
below)
|
||||
********************************************************************/
|
||||
|
||||
BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const uint8 *password, size_t len)
|
||||
BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const char *password)
|
||||
{
|
||||
if (!sampass)
|
||||
return False;
|
||||
|
||||
data_blob_clear_free(&sampass->private.plaintext_pw);
|
||||
if (password) {
|
||||
if (sampass->private.plaintext_pw!=NULL)
|
||||
memset(sampass->private.plaintext_pw,'\0',strlen(sampass->private.plaintext_pw)+1);
|
||||
sampass->private.plaintext_pw = talloc_strdup(sampass->mem_ctx, password);
|
||||
|
||||
sampass->private.plaintext_pw = data_blob(password, len);
|
||||
if (!sampass->private.plaintext_pw) {
|
||||
DEBUG(0, ("pdb_set_unknown_str: talloc_strdup() failed!\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
} else {
|
||||
sampass->private.plaintext_pw = NULL;
|
||||
}
|
||||
|
||||
return True;
|
||||
}
|
||||
@ -1063,6 +1073,9 @@ BOOL pdb_set_plaintext_passwd (SAM_ACCOUNT *sampass, const char *plaintext)
|
||||
if (!pdb_set_lanman_passwd (sampass, new_lanman_p16))
|
||||
return False;
|
||||
|
||||
if (!pdb_set_plaintext_pw_only (sampass, plaintext))
|
||||
return False;
|
||||
|
||||
if (!pdb_set_pass_changed_now (sampass))
|
||||
return False;
|
||||
|
||||
|
@ -34,13 +34,14 @@ const struct pdb_init_function_entry builtin_pdb_init_functions[] = {
|
||||
{ "ldapsam", pdb_init_ldapsam },
|
||||
{ "ldapsam_nua", pdb_init_ldapsam_nua },
|
||||
{ "unixsam", pdb_init_unixsam },
|
||||
{ "nisplussam", pdb_init_nisplussam },
|
||||
{ "plugin", pdb_init_plugin },
|
||||
{ NULL, NULL}
|
||||
};
|
||||
|
||||
static BOOL context_setsampwent(struct pdb_context *context, BOOL update)
|
||||
{
|
||||
if ((!context) || (!context->pdb_methods) || (!context->pdb_methods->setsampwent)) {
|
||||
if (!context) {
|
||||
DEBUG(0, ("invalid pdb_context specified!\n"));
|
||||
return False;
|
||||
}
|
||||
@ -52,7 +53,7 @@ static BOOL context_setsampwent(struct pdb_context *context, BOOL update)
|
||||
return True;
|
||||
}
|
||||
|
||||
while (!(context->pwent_methods->setsampwent(context->pwent_methods, update))) {
|
||||
while (!(context->pwent_methods->setsampwent) || !(context->pwent_methods->setsampwent(context->pwent_methods, update))) {
|
||||
context->pwent_methods = context->pwent_methods->next;
|
||||
if (context->pwent_methods == NULL)
|
||||
return False;
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user