1
0
mirror of https://github.com/samba-team/samba.git synced 2025-08-03 04:22:09 +03:00

sync'ing up for 3.0alpha20 release

(This used to be commit 65e7b5273b)
This commit is contained in:
Gerald Carter
2002-09-25 15:19:00 +00:00
parent 115a39775c
commit a834a73e34
176 changed files with 10983 additions and 6381 deletions

View File

@ -29,7 +29,7 @@ programmers who have contributed.
The indent utility can be used to format C files in the general
samba coding style. The arguments you should give to indent are:
-bad -bap -br -ce -cdw -nbc -brs -bbb -nbc -npsl
-bad -bap -br -ce -cdw -nbc -brs -bbb -nbc -npsl -ut -i8
Following are some considerations you should use when adding new code to
Samba. First and foremost remember that:

View File

@ -18,9 +18,11 @@ LDFLAGS=@LDFLAGS@
LDSHFLAGS=@LDSHFLAGS@ @LDFLAGS@ @CFLAGS@
AWK=@AWK@
DYNEXP=@DYNEXP@
PYTHON=@PYTHON@
TERMLDFLAGS=@TERMLDFLAGS@
TERMLIBS=@TERMLIBS@
PRINTLIBS=@PRINTLIBS@
LINK=$(CC) $(FLAGS) $(LDFLAGS)
@ -106,7 +108,7 @@ LPROGS = $(WINBIND_PAM_PROGS) $(WINBIND_LPROGS)
PROGS = $(PROGS1) $(PROGS2) $(MPROGS) bin/nmblookup bin/pdbedit bin/smbgroupedit
TORTURE_PROGS = bin/smbtorture bin/msgtest bin/masktest bin/locktest \
bin/locktest2 bin/nsstest
bin/locktest2 bin/nsstest bin/vfstest
SHLIBS = @LIBSMBCLIENT@
SCRIPTS = $(srcdir)/script/smbtar $(srcdir)/script/addtosmbpass $(srcdir)/script/convert_smbpasswd \
@ -124,7 +126,7 @@ TDB_OBJ = $(TDBBASE_OBJ) tdb/tdbutil.o
LIB_OBJ = lib/charcnv.o lib/debug.o lib/fault.o \
lib/getsmbpass.o lib/interface.o lib/md4.o \
lib/interfaces.o lib/pidfile.o lib/replace.o \
lib/signal.o lib/system.o lib/time.o \
lib/signal.o lib/system.o lib/sendfile.o lib/time.o \
lib/ufc.o lib/genrand.o lib/username.o \
lib/util_getent.o lib/util_pw.o lib/access.o lib/smbrun.o \
lib/bitmap.o lib/crc32.o lib/snprintf.o lib/dprintf.o \
@ -134,11 +136,11 @@ LIB_OBJ = lib/charcnv.o lib/debug.o lib/fault.o \
lib/util.o lib/util_sock.o lib/util_sec.o \
lib/talloc.o lib/hash.o lib/substitute.o lib/fsusage.o \
lib/ms_fnmatch.o lib/select.o lib/error.o lib/messages.o \
lib/server_mutex.o lib/tallocmsg.o lib/dmallocmsg.o \
lib/tallocmsg.o lib/dmallocmsg.o \
lib/md5.o lib/hmacmd5.o lib/iconv.o lib/smbpasswd.o \
nsswitch/wb_client.o nsswitch/wb_common.o \
lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \
lib/adt_tree.o lib/popt_common.o $(TDB_OBJ)
lib/adt_tree.o lib/popt_common.o lib/gencache.o $(TDB_OBJ)
LIB_SMBD_OBJ = lib/system_smbd.o lib/util_smbd.o
@ -152,7 +154,7 @@ PARAM_OBJ = param/loadparm.o param/params.o dynconfig.o
LIBADS_OBJ = libads/ldap.o libads/ldap_printer.o libads/sasl.o \
libads/krb5_setpw.o libads/kerberos.o libads/ldap_user.o \
libads/ads_struct.o libads/ads_status.o \
libads/disp_sec.o
libads/disp_sec.o libads/ads_utils.o
LIBADS_SERVER_OBJ = libads/util.o libads/kerberos_verify.o
@ -180,6 +182,7 @@ LIBMSRPC_SERVER_OBJ = libsmb/trust_passwd.o
LIBMSRPC_PICOBJ = $(LIBMSRPC_OBJ:.o=.po)
REGOBJS_OBJ = registry/reg_objects.o
REGISTRY_OBJ = registry/reg_frontend.o registry/reg_cachehook.o registry/reg_printing.o \
registry/reg_db.o
@ -190,7 +193,7 @@ RPC_SERVER_OBJ = rpc_server/srv_lsa.o rpc_server/srv_lsa_nt.o \
rpc_server/srv_srvsvc.o rpc_server/srv_srvsvc_nt.o \
rpc_server/srv_util.o rpc_server/srv_wkssvc.o rpc_server/srv_wkssvc_nt.o \
rpc_server/srv_pipe.o rpc_server/srv_dfs.o rpc_server/srv_dfs_nt.o \
rpc_server/srv_spoolss.o rpc_server/srv_spoolss_nt.o $(REGISTRY_OBJ)
rpc_server/srv_spoolss.o rpc_server/srv_spoolss_nt.o
# this includes only the low level parse code, not stuff
# that requires knowledge of security contexts
@ -201,7 +204,8 @@ RPC_PARSE_OBJ = rpc_parse/parse_lsa.o rpc_parse/parse_net.o \
rpc_parse/parse_reg.o rpc_parse/parse_rpc.o \
rpc_parse/parse_samr.o rpc_parse/parse_srv.o \
rpc_parse/parse_wks.o \
rpc_parse/parse_spoolss.o rpc_parse/parse_dfs.o
rpc_parse/parse_spoolss.o rpc_parse/parse_dfs.o \
$(REGOBJS_OBJ)
RPC_CLIENT_OBJ = rpc_client/cli_pipe.o
@ -213,8 +217,15 @@ PASSDB_GET_SET_OBJ = passdb/pdb_get_set.o
PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \
passdb/machine_sid.o passdb/pdb_smbpasswd.o \
passdb/pdb_tdb.o passdb/pdb_ldap.o passdb/pdb_plugin.o \
passdb/pdb_nisplus.o passdb/pdb_unix.o passdb/util_sam_sid.o \
passdb/pdb_compat.o
passdb/pdb_unix.o passdb/util_sam_sid.o \
passdb/pdb_compat.o passdb/pdb_nisplus.o
SAM_STATIC_MODULES = sam/sam_plugin.o
SAM_OBJ = sam/account.o sam/get_set_account.o sam/get_set_group.o \
sam/get_set_domain.o sam/interface.o sam/api.o $(SAM_STATIC_MODULES)
SAMTEST_OBJ = torture/samtest.o torture/cmd_sam.o $(SAM_OBJ) $(LIB_OBJ) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(READLINE_OBJ) lib/util_seaccess.o $(LIBADS_OBJ) $(PASSDB_OBJ) $(SECRETS_OBJ) $(GROUPDB_OBJ)
GROUPDB_OBJ = groupdb/mapping.o
@ -232,11 +243,14 @@ UNIGRP_OBJ = libsmb/netlogon_unigrp.o
AUTH_OBJ = auth/auth.o auth/auth_sam.o auth/auth_server.o auth/auth_domain.o \
auth/auth_rhosts.o auth/auth_unix.o auth/auth_util.o auth/auth_winbind.o \
auth/auth_builtin.o auth/auth_compat.o $(PLAINTEXT_AUTH_OBJ) $(UNIGRP_OBJ)
auth/auth_builtin.o auth/auth_compat.o \
$(PLAINTEXT_AUTH_OBJ) $(UNIGRP_OBJ)
MANGLE_OBJ = smbd/mangle.o smbd/mangle_hash.o smbd/mangle_map.o smbd/mangle_hash2.o
SMBD_OBJ1 = smbd/server.o smbd/files.o smbd/chgpasswd.o smbd/connection.o \
SMBD_OBJ_MAIN = smbd/server.o
SMBD_OBJ_SRV = smbd/files.o smbd/chgpasswd.o smbd/connection.o \
smbd/utmp.o smbd/session.o \
smbd/dfree.o smbd/dir.o smbd/password.o smbd/conn.o smbd/fileio.o \
smbd/ipc.o smbd/lanman.o smbd/negprot.o \
@ -245,13 +259,22 @@ SMBD_OBJ1 = smbd/server.o smbd/files.o smbd/chgpasswd.o smbd/connection.o \
smbd/dosmode.o smbd/filename.o smbd/open.o smbd/close.o \
smbd/blocking.o smbd/sec_ctx.o \
smbd/vfs.o smbd/vfs-wrap.o smbd/statcache.o \
smbd/posix_acls.o lib/sysacls.o \
smbd/posix_acls.o lib/sysacls.o lib/server_mutex.o \
smbd/process.o smbd/service.o smbd/error.o \
printing/printfsp.o lib/util_seaccess.o smbd/srvstr.o \
smbd/build_options.o \
smbd/change_trust_pw.o \
$(MANGLE_OBJ)
SMBD_OBJ_BASE = $(SMBD_OBJ_SRV) $(MSDFS_OBJ) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \
$(RPC_SERVER_OBJ) $(RPC_PARSE_OBJ) $(SECRETS_OBJ) \
$(LOCKING_OBJ) $(PASSDB_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) \
$(LIB_OBJ) $(PRINTBACKEND_OBJ) $(QUOTAOBJS) $(OPLOCK_OBJ) \
$(NOTIFY_OBJ) $(GROUPDB_OBJ) $(AUTH_OBJ) \
$(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) \
$(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) \
$(LIB_SMBD_OBJ) $(REGISTRY_OBJ)
PRINTING_OBJ = printing/pcap.o printing/print_svid.o \
printing/print_cups.o printing/print_generic.o \
@ -261,15 +284,7 @@ PRINTBACKEND_OBJ = printing/printing.o printing/nt_printing.o printing/notify.o
MSDFS_OBJ = msdfs/msdfs.o
SMBD_OBJ = $(SMBD_OBJ1) $(MSDFS_OBJ) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \
$(RPC_SERVER_OBJ) $(RPC_PARSE_OBJ) $(SECRETS_OBJ) \
$(LOCKING_OBJ) $(PASSDB_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) \
$(LIB_OBJ) $(PRINTBACKEND_OBJ) $(QUOTAOBJS) $(OPLOCK_OBJ) \
$(NOTIFY_OBJ) $(GROUPDB_OBJ) $(AUTH_OBJ) \
$(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) \
$(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) \
$(LIB_SMBD_OBJ)
SMBD_OBJ = $(SMBD_OBJ_MAIN) $(SMBD_OBJ_BASE)
NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \
nmbd/nmbd_become_lmb.o nmbd/nmbd_browserdb.o \
@ -343,13 +358,6 @@ RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \
$(READLINE_OBJ) $(GROUPDB_OBJ) \
$(LIBADS_OBJ) $(SECRETS_OBJ)
SAMSYNC_OBJ1 = rpcclient/samsync.o rpcclient/display_sec.o
SAMSYNC_OBJ = $(SAMSYNC_OBJ1) \
$(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
$(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(LIBMSRPC_OBJ) \
$(GROUPDB_OBJ) $(SECRETS_OBJ)
PAM_WINBIND_OBJ = nsswitch/pam_winbind.po nsswitch/wb_common.po lib/snprintf.po
SMBW_OBJ1 = smbwrapper/smbw.o \
@ -373,12 +381,13 @@ CLIENT_OBJ1 = client/client.o client/clitar.o
CLIENT_OBJ = $(CLIENT_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
$(READLINE_OBJ)
NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_help.o \
utils/net_rap.o utils/net_rpc.o \
utils/net_rpc_join.o utils/net_time.o utils/net_lookup.o
NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_ads_cldap.o utils/net_help.o \
utils/net_rap.o utils/net_rpc.o utils/net_rpc_samsync.o \
utils/net_rpc_join.o utils/net_time.o utils/net_lookup.o \
utils/net_cache.o
NET_OBJ = $(NET_OBJ1) $(SECRETS_OBJ) $(LIBSMB_OBJ) \
$(RPC_PARSE_OBJ) $(PASSDB_GET_SET_OBJ) \
$(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
$(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
$(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) \
$(LIBADS_OBJ) $(LIBADS_SERVER_OBJ)
@ -414,6 +423,8 @@ LOCKTEST_OBJ = torture/locktest.o $(LOCKING_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) \
NSSTEST_OBJ = torture/nsstest.o $(LIBSMB_OBJ) $(PARAM_OBJ) \
$(UBIQX_OBJ) $(LIB_OBJ)
VFSTEST_OBJ = torture/cmd_vfs.o torture/vfstest.o $(SMBD_OBJ_BASE) $(READLINE_OBJ)
LOCKTEST2_OBJ = torture/locktest2.o $(LOCKING_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) \
$(UBIQX_OBJ) $(LIB_OBJ)
@ -438,15 +449,16 @@ DEBUG2HTML_OBJ = utils/debug2html.o ubiqx/debugparse.o
SMBFILTER_OBJ = utils/smbfilter.o $(LIBSMB_OBJ) $(PARAM_OBJ) \
$(UBIQX_OBJ) $(LIB_OBJ)
PROTO_OBJ = $(SMBD_OBJ1) $(NMBD_OBJ1) $(SWAT_OBJ1) $(LIB_OBJ) $(LIBSMB_OBJ) \
$(SMBWRAPPER_OBJ1) $(SMBTORTURE_OBJ1) $(RPCCLIENT_OBJ1) \
PROTO_OBJ = $(SMBD_OBJ_MAIN) \
$(SMBD_OBJ_SRV) $(NMBD_OBJ1) $(SWAT_OBJ1) $(LIB_OBJ) $(LIBSMB_OBJ) \
$(SMBW_OBJ1) $(SMBWRAPPER_OBJ1) $(SMBTORTURE_OBJ1) $(RPCCLIENT_OBJ1) \
$(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) $(RPC_CLIENT_OBJ) \
$(RPC_SERVER_OBJ) $(RPC_PARSE_OBJ) \
$(AUTH_OBJ) $(PARAM_OBJ) $(LOCKING_OBJ) $(SECRETS_OBJ) \
$(PRINTING_OBJ) $(PRINTBACKEND_OBJ) $(OPLOCK_OBJ) $(NOTIFY_OBJ) \
$(QUOTAOBJS) $(PASSDB_OBJ) $(GROUPDB_OBJ) $(MSDFS_OBJ) \
$(READLINE_OBJ) $(PROFILE_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) \
$(LIB_SMBD_OBJ)
$(LIB_SMBD_OBJ) $(SAM_OBJ) $(REGISTRY_OBJ)
NSS_OBJ_0 = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) $(LIBSMB_OBJ) \
$(LIB_OBJ) $(NSSWINS_OBJ)
@ -534,7 +546,7 @@ nsswitch : SHOWFLAGS $(WINBIND_PROGS) $(WINBIND_SPROGS) $(LPROGS)
wins : SHOWFLAGS nsswitch/libnss_wins.so
everything: all libsmbclient debug2html smbfilter talloctort bin/samsync bin/make_printerdef
everything: all libsmbclient debug2html smbfilter talloctort bin/make_printerdef
.SUFFIXES:
.SUFFIXES: .c .o .po .po32 .lo
@ -605,7 +617,7 @@ bin/.dummy:
bin/smbd: $(SMBD_OBJ) bin/.dummy
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(SMBD_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS)
@$(CC) $(FLAGS) -o $@ $(SMBD_OBJ) $(LDFLAGS) $(DYNEXP) $(PRINTLIBS) $(LIBS)
bin/nmbd: $(NMBD_OBJ) bin/.dummy
@echo Linking $@
@ -617,16 +629,12 @@ bin/wrepld: $(WREPL_OBJ) bin/.dummy
bin/swat: $(SWAT_OBJ) bin/.dummy
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(SWAT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS)
@$(CC) $(FLAGS) -o $@ $(SWAT_OBJ) $(LDFLAGS) $(DYNEXP) $(PRINTLIBS) $(LIBS)
bin/rpcclient: $(RPCCLIENT_OBJ) @BUILD_POPT@ bin/.dummy
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(RPCCLIENT_OBJ) $(LDFLAGS) $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) @BUILD_POPT@
bin/samsync: $(SAMSYNC_OBJ) bin/.dummy
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(SAMSYNC_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS)
bin/smbclient: $(CLIENT_OBJ) bin/.dummy
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(CLIENT_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS)
@ -657,7 +665,7 @@ bin/testparm: $(TESTPARM_OBJ) bin/.dummy
bin/testprns: $(TESTPRNS_OBJ) bin/.dummy
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(TESTPRNS_OBJ) $(LDFLAGS) $(LIBS)
@$(CC) $(FLAGS) -o $@ $(TESTPRNS_OBJ) $(LDFLAGS) $(PRINTLIBS) $(LIBS)
bin/smbstatus: $(STATUS_OBJ) @BUILD_POPT@ bin/.dummy
@echo Linking $@
@ -679,6 +687,10 @@ bin/pdbedit: $(PDBEDIT_OBJ) bin/.dummy
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @BUILD_POPT@
bin/samtest: $(SAMTEST_OBJ) bin/.dummy
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(SAMTEST_OBJ) $(LDFLAGS) $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(LIBS) @BUILD_POPT@
bin/smbgroupedit: $(SMBGROUPEDIT_OBJ) bin/.dummy
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(SMBGROUPEDIT_OBJ) $(LDFLAGS) $(LIBS)
@ -719,6 +731,10 @@ bin/nsstest: $(NSSTEST_OBJ) bin/.dummy
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(NSSTEST_OBJ) $(LDFLAGS) $(LIBS)
bin/vfstest: $(VFSTEST_OBJ) bin/.dummy
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(VFSTEST_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(PRINTLIBS) $(LIBS) @BUILD_POPT@
bin/locktest2: $(LOCKTEST2_OBJ) bin/.dummy
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(LOCKTEST2_OBJ) $(LDFLAGS) $(LIBS)
@ -802,10 +818,6 @@ bin/pam_smbpass.@SHLIBEXT@: $(PAM_SMBPASS_PICOOBJ)
bin/libmsrpc.a: $(LIBMSRPC_PICOBJ)
-$(AR) -rc $@ $(LIBMSRPC_PICOBJ)
bin/spamsync: rpcclient/samsync.o bin/libmsrpc.a
@$(LINK) -o $@ rpcclient/samsync.o bin/libmsrpc.a \
$(UBIQX_OBJ) $(LIBS)
bin/tdbbackup: $(TDBBACKUP_OBJ) bin/.dummy
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(TDBBACKUP_OBJ)
@ -836,6 +848,53 @@ installclientlib:
-$(INSTALLCMD) -d ${prefix}/include
-$(INSTALLCMD) include/libsmbclient.h ${prefix}/include
# Python extensions
PYTHON_OBJS = $(LIB_OBJ) $(LIBSMB_OBJ) $(RPC_PARSE_OBJ) $(UBIQX_OBJ) \
$(PARAM_OBJ) $(LIBMSRPC_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) $(SECRETS_OBJ)
PY_SPOOLSS_PROTO_OBJ = python/py_spoolss.o \
python/py_spoolss_printers.o python/py_spoolss_printers_conv.o\
python/py_spoolss_forms.o python/py_spoolss_forms_conv.o \
python/py_spoolss_ports.o python/py_spoolss_ports_conv.o \
python/py_spoolss_drivers.o python/py_spoolss_drivers_conv.o \
python/py_spoolss_jobs.o python/py_spoolss_jobs_conv.o \
python/py_spoolss_printerdata.o
PY_LSA_PROTO_OBJ = python/py_lsa.o
PY_COMMON_PROTO_OBJ = python/py_common.c python/py_ntsec.c
python_proto: python_spoolss_proto python_lsa_proto python_common_proto
python_spoolss_proto:
@cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \
-h _PY_SPOOLSS_PROTO_H python/py_spoolss_proto.h \
$(PY_SPOOLSS_PROTO_OBJ)
python_lsa_proto:
@cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \
-h _PY_LSA_PROTO_H python/py_lsa_proto.h \
$(PY_LSA_PROTO_OBJ)
python_common_proto:
@cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \
-h _PY_COMMON_PROTO_H python/py_common_proto.h \
$(PY_COMMON_PROTO_OBJ)
python_ext: $(PYTHON_OBJS)
PYTHON_OBJS="$(PYTHON_OBJS)" PYTHON_CFLAGS="$(CFLAGS) $(CPPFLAGS) $(FLAGS)" \
LIBS="$(LIBS)" \
$(PYTHON) python/setup.py build
python_install: $(PYTHON_OBJS)
PYTHON_OBJS="$(PYTHON_OBJS)" PYTHON_CFLAGS="$(CFLAGS) $(CPPFLAGS)" \
LIBS="$(LIBS)" \
$(PYTHON) python/setup.py install
python_clean:
@if test -n "$(PYTHON)"; then $(PYTHON) python/setup.py clean; fi
# revert to the previously installed version
revert:
@$(SHELL) $(srcdir)/script/revert.sh $(SBINDIR) $(SPROGS)
@ -871,7 +930,7 @@ uninstallscripts:
# Toplevel clean files
TOPFILES=dynconfig.o dynconfig.po
clean: delheaders
clean: delheaders python_clean
-rm -f core */*~ *~ */*.o */*.po */*.po32 */*.@SHLIBEXT@ \
$(TOPFILES) $(PROGS) $(SPROGS) .headers.stamp
@ -949,7 +1008,7 @@ etags:
ctags:
ctags `find $(srcdir) -name "*.[ch]" | grep -v /CVS/`
realclean: clean
realclean: clean delheaders
-rm -f config.log $(PROGS) $(SPROGS) bin/.dummy
-rmdir bin

View File

@ -166,6 +166,7 @@
#undef MMAP_BLACKLIST
#undef HAVE_IMMEDIATE_STRUCTURES
#undef HAVE_CUPS
#undef WITH_SAM
#undef WITH_LDAP_SAM
#undef WITH_NISPLUS_SAM
#undef WITH_TDB_SAM
@ -186,6 +187,7 @@
#undef HAVE_LDAP
#undef HAVE_STAT_ST_BLOCKS
#undef STAT_ST_BLOCKSIZE
#undef HAVE_STAT_ST_BLKSIZE
#undef HAVE_DEVICE_MAJOR_FN
#undef HAVE_DEVICE_MINOR_FN
#undef HAVE_PASSWD_PW_COMMENT
@ -220,4 +222,11 @@
#endif
#undef LDAP_SET_REBIND_PROC_ARGS
#undef HAVE_SENDFILE
#undef HAVE_SENDFILE64
#undef LINUX_SENDFILE_API
#undef LINUX_BROKEN_SENDFILE_API
#undef WITH_SENDFILE
#undef FREEBSD_SENDFILE_API
#undef HPUX_SENDFILE_API
#undef WITH_ADS

View File

@ -41,13 +41,8 @@ static NTSTATUS check_guest_security(const struct auth_context *auth_context,
NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
if (!(user_info->internal_username.str
&& *user_info->internal_username.str)) {
if (make_server_info_guest(server_info)) {
nt_status = NT_STATUS_OK;
} else {
nt_status = NT_STATUS_NO_SUCH_USER;
}
}
&& *user_info->internal_username.str))
nt_status = make_server_info_guest(server_info);
return nt_status;
}
@ -194,7 +189,7 @@ NTSTATUS auth_init_plugin(struct auth_context *auth_context, const char *param,
trim_string(plugin_name, " ", " ");
DEBUG(5, ("Trying to load auth plugin %s\n", plugin_name));
dl_handle = sys_dlopen(plugin_name, RTLD_NOW | RTLD_GLOBAL );
dl_handle = sys_dlopen(plugin_name, RTLD_NOW );
if (!dl_handle) {
DEBUG(0, ("Failed to load auth plugin %s using sys_dlopen (%s)\n", plugin_name, sys_dlerror()));
return NT_STATUS_UNSUCCESSFUL;

View File

@ -48,7 +48,7 @@ static NTSTATUS ads_resolve_dc(fstring remote_machine,
DEBUG(4,("ads_resolve_dc: realm=%s\n", ads->config.realm));
ads->auth.no_bind = 1;
ads->auth.flags |= ADS_AUTH_NO_BIND;
#ifdef HAVE_ADS
/* a full ads_connect() is actually overkill, as we don't srictly need
@ -131,6 +131,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli,
struct in_addr dest_ip;
fstring remote_machine;
NTSTATUS result;
uint32 neg_flags = 0x000001ff;
if (lp_security() == SEC_ADS) {
result = ads_resolve_dc(remote_machine, &dest_ip);
@ -206,7 +207,7 @@ machine %s. Error was : %s.\n", remote_machine, cli_errstr(*cli)));
return NT_STATUS_NO_MEMORY;
}
result = cli_nt_setup_creds(*cli, sec_chan, trust_passwd);
result = cli_nt_setup_creds(*cli, sec_chan, trust_passwd, &neg_flags, 2);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(0,("connect_to_domain_password_server: unable to setup the PDC credentials to machine \
@ -250,7 +251,7 @@ static NTSTATUS attempt_connect_to_dc(struct cli_state **cli,
}
/***********************************************************************
We have been asked to dynamcially determine the IP addresses of
We have been asked to dynamically determine the IP addresses of
the PDC and BDC's for DOMAIN, and query them in turn.
************************************************************************/
static NTSTATUS find_connect_pdc(struct cli_state **cli,

View File

@ -106,7 +106,10 @@ static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB ntv2_response,
client_key_data = data_blob(ntv2_response.data+16, ntv2_response.length-16);
memcpy(client_response, ntv2_response.data, sizeof(client_response));
ntv2_owf_gen(part_passwd, user, domain, kr);
if (!ntv2_owf_gen(part_passwd, user, domain, kr)) {
return False;
}
SMBOWFencrypt_ntv2(kr, sec_blob, client_key_data, value_from_encryption);
if (user_sess_key != NULL)
{
@ -233,17 +236,17 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
return NT_STATUS_OK;
} else {
if (lp_ntlm_auth()) {
/* Apparently NT accepts NT responses in the LM feild
- I think this is related to Win9X pass-though authenticaion
/* Apparently NT accepts NT responses in the LM field
- I think this is related to Win9X pass-though authentication
*/
DEBUG(4,("sam_password_ok: Checking NT MD4 password in LM feild\n"));
DEBUG(4,("sam_password_ok: Checking NT MD4 password in LM field\n"));
if (smb_pwd_check_ntlmv1(user_info->lm_resp,
nt_pw, auth_context->challenge,
user_sess_key))
{
return NT_STATUS_OK;
} else {
DEBUG(3,("sam_password_ok: NT MD4 password in LM feild failed for user %s\n",pdb_get_username(sampass)));
DEBUG(3,("sam_password_ok: NT MD4 password in LM field failed for user %s\n",pdb_get_username(sampass)));
return NT_STATUS_WRONG_PASSWORD;
}
}
@ -403,9 +406,9 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
return nt_status;
}
if (!make_server_info_sam(server_info, sampass)) {
DEBUG(0,("failed to malloc memory for server_info\n"));
return NT_STATUS_NO_MEMORY;
if (!NT_STATUS_IS_OK(nt_status = make_server_info_sam(server_info, sampass))) {
DEBUG(0,("check_sam_security: make_server_info_sam() failed with '%s'\n", nt_errstr(nt_status)));
return nt_status;
}
lm_hash = pdb_get_lanman_passwd((*server_info)->sam_account);

View File

@ -285,7 +285,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context
* need to detect this as some versions of NT4.x are broken. JRA.
*/
/* I sure as hell hope that there arn't servers out there that take
/* I sure as hell hope that there aren't servers out there that take
* NTLMv2 and have this bug, as we don't test for that...
* - abartlet@samba.org
*/
@ -375,9 +375,7 @@ use this machine as the password server.\n"));
if NT_STATUS_IS_OK(nt_status) {
struct passwd *pass = Get_Pwnam(user_info->internal_username.str);
if (pass) {
if (!make_server_info_pw(server_info, pass)) {
nt_status = NT_STATUS_NO_MEMORY;
}
nt_status = make_server_info_pw(server_info, pass);
} else {
nt_status = NT_STATUS_NO_SUCH_USER;
}

View File

@ -4,6 +4,7 @@
Copyright (C) Andrew Tridgell 1992-1998
Copyright (C) Andrew Bartlett 2001
Copyright (C) Jeremy Allison 2000-2001
Copyright (C) Rafal Szczesniak 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -26,6 +27,11 @@
#define DBGC_CLASS DBGC_AUTH
extern pstring global_myname;
extern DOM_SID global_sid_World;
extern DOM_SID global_sid_Network;
extern DOM_SID global_sid_Builtin_Guests;
extern DOM_SID global_sid_Authenticated_Users;
/****************************************************************************
Create a UNIX user on demand.
@ -76,7 +82,7 @@ void smb_user_control(const auth_usersupplied_info *user_info, auth_serversuppli
Create an auth_usersupplied_data structure
****************************************************************************/
static BOOL make_user_info(auth_usersupplied_info **user_info,
static NTSTATUS make_user_info(auth_usersupplied_info **user_info,
const char *smb_name,
const char *internal_username,
const char *client_domain,
@ -92,7 +98,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
*user_info = malloc(sizeof(**user_info));
if (!user_info) {
DEBUG(0,("malloc failed for user_info (size %d)\n", sizeof(*user_info)));
return False;
return NT_STATUS_NO_MEMORY;
}
ZERO_STRUCTP(*user_info);
@ -104,7 +110,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
(*user_info)->smb_name.len = strlen(smb_name);
} else {
free_user_info(user_info);
return False;
return NT_STATUS_NO_MEMORY;
}
(*user_info)->internal_username.str = strdup(internal_username);
@ -112,7 +118,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
(*user_info)->internal_username.len = strlen(internal_username);
} else {
free_user_info(user_info);
return False;
return NT_STATUS_NO_MEMORY;
}
(*user_info)->domain.str = strdup(domain);
@ -120,7 +126,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
(*user_info)->domain.len = strlen(domain);
} else {
free_user_info(user_info);
return False;
return NT_STATUS_NO_MEMORY;
}
(*user_info)->client_domain.str = strdup(client_domain);
@ -128,7 +134,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
(*user_info)->client_domain.len = strlen(client_domain);
} else {
free_user_info(user_info);
return False;
return NT_STATUS_NO_MEMORY;
}
(*user_info)->wksta_name.str = strdup(wksta_name);
@ -136,7 +142,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
(*user_info)->wksta_name.len = strlen(wksta_name);
} else {
free_user_info(user_info);
return False;
return NT_STATUS_NO_MEMORY;
}
DEBUG(5,("making blobs for %s's user_info struct\n", internal_username));
@ -150,14 +156,14 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
DEBUG(10,("made an %sencrypted user_info for %s (%s)\n", encrypted ? "":"un" , internal_username, smb_name));
return True;
return NT_STATUS_OK;
}
/****************************************************************************
Create an auth_usersupplied_data structure after appropriate mapping.
****************************************************************************/
BOOL make_user_info_map(auth_usersupplied_info **user_info,
NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
const char *wksta_name,
@ -198,7 +204,7 @@ BOOL make_user_info_map(auth_usersupplied_info **user_info,
client_domain, lp_winbind_separator(),
smb_name) < 0) {
DEBUG(0, ("make_user_info_map: asprintf() failed!\n"));
return False;
return NT_STATUS_NO_MEMORY;
}
DEBUG(5, ("make_user_info_map: testing for user %s\n", user));
@ -240,6 +246,7 @@ BOOL make_user_info_netlogon_network(auth_usersupplied_info **user_info,
const uchar *nt_network_pwd, int nt_pwd_len)
{
BOOL ret;
NTSTATUS nt_status;
DATA_BLOB lm_blob = data_blob(lm_network_pwd, lm_pwd_len);
DATA_BLOB nt_blob = data_blob(nt_network_pwd, nt_pwd_len);
DATA_BLOB plaintext_blob = data_blob(NULL, 0);
@ -253,13 +260,15 @@ BOOL make_user_info_netlogon_network(auth_usersupplied_info **user_info,
auth_flags |= AUTH_FLAG_NTLMv2_RESP;
}
ret = make_user_info_map(user_info,
nt_status = make_user_info_map(user_info,
smb_name, client_domain,
wksta_name,
lm_blob, nt_blob,
plaintext_blob,
auth_flags, True);
ret = NT_STATUS_IS_OK(nt_status) ? True : False;
data_blob_free(&lm_blob);
data_blob_free(&nt_blob);
return ret;
@ -324,6 +333,7 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
{
BOOL ret;
NTSTATUS nt_status;
DATA_BLOB local_lm_blob = data_blob(local_lm_response, sizeof(local_lm_response));
DATA_BLOB local_nt_blob = data_blob(local_nt_response, sizeof(local_nt_response));
DATA_BLOB plaintext_blob = data_blob(NULL, 0);
@ -333,7 +343,7 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
if (nt_interactive_pwd)
auth_flags |= AUTH_FLAG_NTLM_RESP;
ret = make_user_info_map(user_info,
nt_status = make_user_info_map(user_info,
smb_name, client_domain,
wksta_name,
local_lm_blob,
@ -341,6 +351,7 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
plaintext_blob,
auth_flags, True);
ret = NT_STATUS_IS_OK(nt_status) ? True : False;
data_blob_free(&local_lm_blob);
data_blob_free(&local_nt_blob);
return ret;
@ -361,7 +372,7 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info,
DATA_BLOB local_lm_blob;
DATA_BLOB local_nt_blob;
BOOL ret = False;
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
uint32 auth_flags = AUTH_FLAG_NONE;
/*
@ -400,14 +411,14 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info,
auth_flags, False);
data_blob_free(&local_lm_blob);
return ret;
return NT_STATUS_IS_OK(ret) ? True : False;
}
/****************************************************************************
Create an auth_usersupplied_data structure
****************************************************************************/
BOOL make_user_info_for_reply_enc(auth_usersupplied_info **user_info,
NTSTATUS make_user_info_for_reply_enc(auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
DATA_BLOB lm_resp, DATA_BLOB nt_resp)
@ -445,47 +456,338 @@ BOOL make_user_info_guest(auth_usersupplied_info **user_info)
DATA_BLOB nt_blob = data_blob(NULL, 0);
DATA_BLOB plaintext_blob = data_blob(NULL, 0);
uint32 auth_flags = AUTH_FLAG_NONE;
NTSTATUS nt_status;
return make_user_info(user_info,
nt_status = make_user_info(user_info,
"","",
"","",
"",
nt_blob, lm_blob,
plaintext_blob,
auth_flags, True);
return NT_STATUS_IS_OK(nt_status) ? True : False;
}
/****************************************************************************
prints a NT_USER_TOKEN to debug output.
****************************************************************************/
void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token)
{
fstring sid_str;
int i;
if (!token) {
DEBUGC(dbg_class, dbg_lev, ("NT user token: (NULL)\n"));
return;
}
DEBUGC(dbg_class, dbg_lev, ("NT user token of user %s\n",
sid_to_string(sid_str, &token->user_sids[0]) ));
DEBUGADDC(dbg_class, dbg_lev, ("contains %i SIDs\n", token->num_sids));
for (i = 0; i < token->num_sids; i++)
DEBUGADDC(dbg_class, dbg_lev, ("SID[%3i]: %s\n", i,
sid_to_string(sid_str, &token->user_sids[i])));
}
/****************************************************************************
prints a UNIX 'token' to debug output.
****************************************************************************/
void debug_unix_user_token(int dbg_class, int dbg_lev, uid_t uid, gid_t gid, int n_groups, gid_t *groups)
{
int i;
DEBUGC(dbg_class, dbg_lev, ("UNIX token of user %ld\n", (long int)uid));
DEBUGADDC(dbg_class, dbg_lev, ("Primary group is %ld and contains %i supplementary groups\n", (long int)gid, n_groups));
for (i = 0; i < n_groups; i++)
DEBUGADDC(dbg_class, dbg_lev, ("Group[%3i]: %ld\n", i,
(long int)groups[i]));
}
/****************************************************************************
Create the SID list for this user.
****************************************************************************/
static NTSTATUS create_nt_user_token(const DOM_SID *user_sid, const DOM_SID *group_sid,
int n_groupSIDs, DOM_SID *groupSIDs,
BOOL is_guest, NT_USER_TOKEN **token)
{
NTSTATUS nt_status = NT_STATUS_OK;
NT_USER_TOKEN *ptoken;
int i;
int sid_ndx;
if ((ptoken = malloc( sizeof(NT_USER_TOKEN) ) ) == NULL) {
DEBUG(0, ("create_nt_token: Out of memory allocating token\n"));
nt_status = NT_STATUS_NO_MEMORY;
return nt_status;
}
ZERO_STRUCTP(ptoken);
ptoken->num_sids = n_groupSIDs + 5;
if ((ptoken->user_sids = (DOM_SID *)malloc( sizeof(DOM_SID) * ptoken->num_sids )) == NULL) {
DEBUG(0, ("create_nt_token: Out of memory allocating SIDs\n"));
nt_status = NT_STATUS_NO_MEMORY;
return nt_status;
}
memset((char*)ptoken->user_sids,0,sizeof(DOM_SID) * ptoken->num_sids);
/*
* Note - user SID *MUST* be first in token !
* se_access_check depends on this.
*
* Primary group SID is second in token. Convention.
*/
sid_copy(&ptoken->user_sids[PRIMARY_USER_SID_INDEX], user_sid);
if (group_sid)
sid_copy(&ptoken->user_sids[PRIMARY_GROUP_SID_INDEX], group_sid);
/*
* Finally add the "standard" SIDs.
* The only difference between guest and "anonymous" (which we
* don't really support) is the addition of Authenticated_Users.
*/
sid_copy(&ptoken->user_sids[2], &global_sid_World);
sid_copy(&ptoken->user_sids[3], &global_sid_Network);
if (is_guest)
sid_copy(&ptoken->user_sids[4], &global_sid_Builtin_Guests);
else
sid_copy(&ptoken->user_sids[4], &global_sid_Authenticated_Users);
sid_ndx = 5; /* next available spot */
for (i = 0; i < n_groupSIDs; i++) {
int check_sid_idx;
for (check_sid_idx = 1; check_sid_idx < ptoken->num_sids; check_sid_idx++) {
if (sid_equal(&ptoken->user_sids[check_sid_idx],
&groupSIDs[i])) {
break;
}
}
if (check_sid_idx >= ptoken->num_sids) /* Not found already */ {
sid_copy(&ptoken->user_sids[sid_ndx++], &groupSIDs[i]);
} else {
ptoken->num_sids--;
}
}
debug_nt_user_token(DBGC_AUTH, 10, ptoken);
*token = ptoken;
return nt_status;
}
/****************************************************************************
Create the SID list for this user.
****************************************************************************/
NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups, BOOL is_guest)
{
DOM_SID user_sid;
DOM_SID group_sid;
DOM_SID *group_sids;
NT_USER_TOKEN *token;
int i;
if (!uid_to_sid(&user_sid, uid)) {
return NULL;
}
if (!gid_to_sid(&group_sid, gid)) {
return NULL;
}
group_sids = malloc(sizeof(DOM_SID) * ngroups);
if (!group_sids) {
DEBUG(0, ("create_nt_token: malloc() failed for DOM_SID list!\n"));
return NULL;
}
for (i = 0; i < ngroups; i++) {
if (!gid_to_sid(&(group_sids)[i], (groups)[i])) {
DEBUG(1, ("create_nt_token: failed to convert gid %ld to a sid!\n", (long int)groups[i]));
SAFE_FREE(group_sids);
return NULL;
}
}
if (!NT_STATUS_IS_OK(create_nt_user_token(&user_sid, &group_sid,
ngroups, group_sids, is_guest, &token))) {
SAFE_FREE(group_sids);
return NULL;
}
SAFE_FREE(group_sids);
return token;
}
/******************************************************************************
* this function returns the groups (SIDs) of the local SAM the user is in.
* If this samba server is a DC of the domain the user belongs to, it returns
* both domain groups and local / builtin groups. If the user is in a trusted
* domain, or samba is a member server of a domain, then this function returns
* local and builtin groups the user is a member of.
*
* currently this is a hack, as there is no sam implementation that is capable
* of groups.
******************************************************************************/
static NTSTATUS get_user_groups_from_local_sam(const DOM_SID *user_sid,
int *n_groups, DOM_SID **groups, gid_t **unix_groups)
{
uid_t uid;
enum SID_NAME_USE snu;
fstring str;
int n_unix_groups;
int i;
struct passwd *usr;
*n_groups = 0;
*groups = NULL;
if (!sid_to_uid(user_sid, &uid, &snu)) {
DEBUG(2, ("get_user_groups_from_local_sam: Failed to convert user SID %s to a uid!\n",
sid_to_string(str, user_sid)));
/* This might be a non-unix account */
return NT_STATUS_OK;
}
/*
* This is _essential_ to prevent occasional segfaults when
* winbind can't find uid -> username mapping
*/
if (!(usr = getpwuid_alloc(uid))) {
DEBUG(0, ("Couldn't find passdb structure for UID = %d ! Aborting.\n", uid));
return NT_STATUS_NO_SUCH_USER;
};
n_unix_groups = groups_max();
if ((*unix_groups = malloc( sizeof(gid_t) * groups_max() ) ) == NULL) {
DEBUG(0, ("get_user_groups_from_local_sam: Out of memory allocating unix group list\n"));
passwd_free(&usr);
return NT_STATUS_NO_MEMORY;
}
if (sys_getgrouplist(usr->pw_name, usr->pw_gid, *unix_groups, &n_unix_groups) == -1) {
*unix_groups = Realloc(unix_groups, sizeof(gid_t) * n_unix_groups);
if (sys_getgrouplist(usr->pw_name, usr->pw_gid, *unix_groups, &n_unix_groups) == -1) {
DEBUG(0, ("get_user_groups_from_local_sam: failed to get the unix group list\n"));
SAFE_FREE(unix_groups);
passwd_free(&usr);
return NT_STATUS_NO_SUCH_USER; /* what should this return value be? */
}
}
debug_unix_user_token(DBGC_CLASS, 5, usr->pw_uid, usr->pw_gid, n_unix_groups, *unix_groups);
passwd_free(&usr);
if (n_unix_groups > 0) {
*groups = malloc(sizeof(DOM_SID) * n_unix_groups);
if (!*groups) {
DEBUG(0, ("get_user_group_from_local_sam: malloc() failed for DOM_SID list!\n"));
SAFE_FREE(unix_groups);
return NT_STATUS_NO_MEMORY;
}
}
*n_groups = n_unix_groups;
for (i = 0; i < *n_groups; i++) {
if (!gid_to_sid(&(*groups)[i], (*unix_groups)[i])) {
DEBUG(1, ("get_user_groups_from_local_sam: failed to convert gid %ld to a sid!\n", (long int)unix_groups[i+1]));
SAFE_FREE(groups);
SAFE_FREE(unix_groups);
return NT_STATUS_NO_SUCH_USER;
}
}
return NT_STATUS_OK;
}
/***************************************************************************
Make a user_info struct
***************************************************************************/
static BOOL make_server_info(auth_serversupplied_info **server_info)
static NTSTATUS make_server_info(auth_serversupplied_info **server_info, SAM_ACCOUNT *sampass)
{
*server_info = malloc(sizeof(**server_info));
if (!*server_info) {
DEBUG(0,("make_server_info: malloc failed!\n"));
return False;
return NT_STATUS_NO_MEMORY;
}
ZERO_STRUCTP(*server_info);
return True;
(*server_info)->sam_fill_level = SAM_FILL_ALL;
(*server_info)->sam_account = sampass;
return NT_STATUS_OK;
}
/***************************************************************************
Make (and fill) a user_info struct from a SAM_ACCOUNT
***************************************************************************/
BOOL make_server_info_sam(auth_serversupplied_info **server_info, SAM_ACCOUNT *sampass)
NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info,
SAM_ACCOUNT *sampass)
{
if (!make_server_info(server_info)) {
return False;
NTSTATUS nt_status = NT_STATUS_OK;
const DOM_SID *user_sid = pdb_get_user_sid(sampass);
const DOM_SID *group_sid = pdb_get_group_sid(sampass);
int n_groupSIDs = 0;
DOM_SID *groupSIDs = NULL;
gid_t *unix_groups = NULL;
NT_USER_TOKEN *token;
BOOL is_guest;
uint32 rid;
if (!NT_STATUS_IS_OK(nt_status = make_server_info(server_info, sampass))) {
return nt_status;
}
(*server_info)->sam_fill_level = SAM_FILL_ALL;
(*server_info)->sam_account = sampass;
if (!NT_STATUS_IS_OK(nt_status
= get_user_groups_from_local_sam(pdb_get_user_sid(sampass),
&n_groupSIDs, &groupSIDs, &unix_groups)))
{
DEBUG(4,("get_user_groups_from_local_sam failed\n"));
free_server_info(server_info);
return nt_status;
}
is_guest = (sid_peek_rid(user_sid, &rid) && rid == DOMAIN_USER_RID_GUEST);
if (!NT_STATUS_IS_OK(nt_status = create_nt_user_token(user_sid, group_sid,
n_groupSIDs, groupSIDs, is_guest,
&token)))
{
DEBUG(4,("create_nt_user_token failed\n"));
SAFE_FREE(groupSIDs);
SAFE_FREE(unix_groups);
free_server_info(server_info);
return nt_status;
}
SAFE_FREE(groupSIDs);
(*server_info)->n_groups = n_groupSIDs;
(*server_info)->groups = unix_groups;
(*server_info)->ptok = token;
DEBUG(5,("make_server_info_sam: made server info for user %s\n",
pdb_get_username((*server_info)->sam_account)));
return True;
return nt_status;
}
/***************************************************************************
@ -493,75 +795,42 @@ BOOL make_server_info_sam(auth_serversupplied_info **server_info, SAM_ACCOUNT *s
to a SAM_ACCOUNT
***************************************************************************/
BOOL make_server_info_pw(auth_serversupplied_info **server_info, const struct passwd *pwd)
NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info, const struct passwd *pwd)
{
NTSTATUS nt_status;
SAM_ACCOUNT *sampass = NULL;
if (!NT_STATUS_IS_OK(pdb_init_sam_pw(&sampass, pwd))) {
return False;
if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_pw(&sampass, pwd))) {
return nt_status;
}
return make_server_info_sam(server_info, sampass);
}
/***************************************************************************
Free a user_info struct
Make (and fill) a user_info struct for a guest login.
***************************************************************************/
void free_user_info(auth_usersupplied_info **user_info)
NTSTATUS make_server_info_guest(auth_serversupplied_info **server_info)
{
DEBUG(5,("attempting to free (and zero) a user_info structure\n"));
if (*user_info != NULL) {
if ((*user_info)->smb_name.str) {
DEBUG(10,("structure was created for %s\n", (*user_info)->smb_name.str));
}
SAFE_FREE((*user_info)->smb_name.str);
SAFE_FREE((*user_info)->internal_username.str);
SAFE_FREE((*user_info)->client_domain.str);
SAFE_FREE((*user_info)->domain.str);
SAFE_FREE((*user_info)->wksta_name.str);
data_blob_free(&(*user_info)->lm_resp);
data_blob_free(&(*user_info)->nt_resp);
SAFE_FREE((*user_info)->interactive_password);
data_blob_clear_free(&(*user_info)->plaintext_password);
ZERO_STRUCT(**user_info);
}
SAFE_FREE(*user_info);
NTSTATUS nt_status;
SAM_ACCOUNT *sampass = NULL;
DOM_SID guest_sid;
if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&sampass))) {
return nt_status;
}
/***************************************************************************
Clear out a server_info struct that has been allocated
***************************************************************************/
sid_copy(&guest_sid, get_global_sam_sid());
sid_append_rid(&guest_sid, DOMAIN_USER_RID_GUEST);
void free_server_info(auth_serversupplied_info **server_info)
{
if (*server_info != NULL) {
pdb_free_sam(&(*server_info)->sam_account);
/* call pam_end here, unless we know we are keeping it */
delete_nt_token( &(*server_info)->ptok );
ZERO_STRUCT(**server_info);
}
SAFE_FREE(*server_info);
if (!pdb_getsampwsid(sampass, &guest_sid)) {
return NT_STATUS_NO_SUCH_USER;
}
/***************************************************************************
Make a server_info struct for a guest user
***************************************************************************/
nt_status = make_server_info_sam(server_info, sampass);
BOOL make_server_info_guest(auth_serversupplied_info **server_info)
{
struct passwd *pass = getpwnam_alloc(lp_guestaccount());
if (pass) {
if (!make_server_info_pw(server_info, pass)) {
passwd_free(&pass);
return False;
}
(*server_info)->guest = True;
passwd_free(&pass);
return True;
}
DEBUG(0,("make_server_info_guest: getpwnam_alloc() failed on guest account!\n"));
return False;
return nt_status;
}
/***************************************************************************
@ -589,6 +858,15 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
uid_t uid;
gid_t gid;
int n_lgroupSIDs;
DOM_SID *lgroupSIDs = NULL;
gid_t *unix_groups = NULL;
NT_USER_TOKEN *token;
DOM_SID *all_group_SIDs;
int i;
/*
Here is where we should check the list of
trusted domains, and verify that the SID
@ -698,49 +976,128 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
if (!make_server_info_sam(server_info, sam_account)) {
DEBUG(0, ("make_server_info_info3: make_server_info_sam failed!\n"));
if (!NT_STATUS_IS_OK(nt_status = make_server_info(server_info, sam_account))) {
DEBUG(4, ("make_server_info failed!\n"));
pdb_free_sam(&sam_account);
return NT_STATUS_NO_MEMORY;
return nt_status;
}
/* Store the user group information in the server_info
returned to the caller. */
if (info3->num_groups2 != 0) {
int i;
NT_USER_TOKEN *ptok;
auth_serversupplied_info *pserver_info = *server_info;
if ((pserver_info->ptok = malloc( sizeof(NT_USER_TOKEN) ) ) == NULL) {
DEBUG(0, ("domain_client_validate: out of memory allocating rid group membership\n"));
nt_status = NT_STATUS_NO_MEMORY;
free_server_info(server_info);
if (!NT_STATUS_IS_OK(nt_status
= get_user_groups_from_local_sam(&user_sid,
&n_lgroupSIDs,
&lgroupSIDs,
&unix_groups)))
{
DEBUG(4,("get_user_groups_from_local_sam failed\n"));
return nt_status;
}
ptok = pserver_info->ptok;
ptok->num_sids = (size_t)info3->num_groups2;
(*server_info)->groups = unix_groups;
(*server_info)->n_groups = n_lgroupSIDs;
if ((ptok->user_sids = (DOM_SID *)malloc( sizeof(DOM_SID) * ptok->num_sids )) == NULL) {
DEBUG(0, ("domain_client_validate: Out of memory allocating group SIDS\n"));
nt_status = NT_STATUS_NO_MEMORY;
free_server_info(server_info);
return nt_status;
/* Create a 'combined' list of all SIDs we might want in the SD */
all_group_SIDs = malloc(sizeof(DOM_SID) *
(n_lgroupSIDs + info3->num_groups2 +
info3->num_other_sids));
if (!all_group_SIDs) {
DEBUG(0, ("create_nt_token_info3: malloc() failed for DOM_SID list!\n"));
SAFE_FREE(lgroupSIDs);
return NT_STATUS_NO_MEMORY;
}
for (i = 0; i < ptok->num_sids; i++) {
sid_copy(&ptok->user_sids[i], &(info3->dom_sid.sid));
if (!sid_append_rid(&ptok->user_sids[i], info3->gids[i].g_rid)) {
/* Copy the 'local' sids */
memcpy(all_group_SIDs, lgroupSIDs, sizeof(DOM_SID) * n_lgroupSIDs);
SAFE_FREE(lgroupSIDs);
/* and create (by appending rids) the 'domain' sids */
for (i = 0; i < info3->num_groups2; i++) {
sid_copy(&all_group_SIDs[i+n_lgroupSIDs], &(info3->dom_sid.sid));
if (!sid_append_rid(&all_group_SIDs[i+n_lgroupSIDs], info3->gids[i].g_rid)) {
nt_status = NT_STATUS_INVALID_PARAMETER;
free_server_info(server_info);
DEBUG(3,("create_nt_token_info3: could not append additional group rid 0x%x\n",
info3->gids[i].g_rid));
SAFE_FREE(lgroupSIDs);
return nt_status;
}
}
/* Copy 'other' sids. We need to do sid filtering here to
prevent possible elevation of privileges. See:
http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp
*/
for (i = 0; i < info3->num_other_sids; i++)
sid_copy(&all_group_SIDs[
n_lgroupSIDs + info3->num_groups2 + i],
&info3->other_sids[i].sid);
/* Where are the 'global' sids... */
/* can the user be guest? if yes, where is it stored? */
if (!NT_STATUS_IS_OK(
nt_status = create_nt_user_token(
&user_sid, &group_sid,
n_lgroupSIDs + info3->num_groups2 + info3->num_other_sids,
all_group_SIDs, False, &token))) {
DEBUG(4,("create_nt_user_token failed\n"));
SAFE_FREE(all_group_SIDs);
return nt_status;
}
(*server_info)->ptok = token;
SAFE_FREE(all_group_SIDs);
return NT_STATUS_OK;
}
/***************************************************************************
Free a user_info struct
***************************************************************************/
void free_user_info(auth_usersupplied_info **user_info)
{
DEBUG(5,("attempting to free (and zero) a user_info structure\n"));
if (*user_info != NULL) {
if ((*user_info)->smb_name.str) {
DEBUG(10,("structure was created for %s\n", (*user_info)->smb_name.str));
}
SAFE_FREE((*user_info)->smb_name.str);
SAFE_FREE((*user_info)->internal_username.str);
SAFE_FREE((*user_info)->client_domain.str);
SAFE_FREE((*user_info)->domain.str);
SAFE_FREE((*user_info)->wksta_name.str);
data_blob_free(&(*user_info)->lm_resp);
data_blob_free(&(*user_info)->nt_resp);
SAFE_FREE((*user_info)->interactive_password);
data_blob_clear_free(&(*user_info)->plaintext_password);
ZERO_STRUCT(**user_info);
}
SAFE_FREE(*user_info);
}
/***************************************************************************
Clear out a server_info struct that has been allocated
***************************************************************************/
void free_server_info(auth_serversupplied_info **server_info)
{
DEBUG(5,("attempting to free (and zero) a server_info structure\n"));
if (*server_info != NULL) {
pdb_free_sam(&(*server_info)->sam_account);
/* call pam_end here, unless we know we are keeping it */
delete_nt_token( &(*server_info)->ptok );
SAFE_FREE((*server_info)->groups);
ZERO_STRUCT(**server_info);
}
SAFE_FREE(*server_info);
}
/***************************************************************************
Make an auth_methods struct
***************************************************************************/

View File

@ -4,7 +4,7 @@
Winbind authentication mechnism
Copyright (C) Tim Potter 2000
Copyright (C) Andrew Bartlett 2001
Copyright (C) Andrew Bartlett 2001 - 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by

View File

@ -2,7 +2,7 @@
Unix SMB/CIFS implementation.
SMB client
Copyright (C) Andrew Tridgell 1994-1998
Copyright (C) Simo Sorce 2001
Copyright (C) Simo Sorce 2001-2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -307,7 +307,7 @@ static BOOL do_this_one(file_info *finfo)
if (*fileselection &&
!mask_match(finfo->name,fileselection,False)) {
DEBUG(3,("match_match %s failed\n", finfo->name));
DEBUG(3,("mask_match %s failed\n", finfo->name));
return False;
}
@ -649,7 +649,7 @@ static int cmd_du(void)
/****************************************************************************
get a file from rname to lname
****************************************************************************/
static int do_get(char *rname,char *lname)
static int do_get(char *rname, char *lname, BOOL reget)
{
int handle = 0, fnum;
BOOL newhandle = False;
@ -658,6 +658,7 @@ static int do_get(char *rname,char *lname)
int read_size = io_bufsize;
uint16 attr;
size_t size;
off_t start = 0;
off_t nread = 0;
int rc = 0;
@ -676,8 +677,19 @@ static int do_get(char *rname,char *lname)
if(!strcmp(lname,"-")) {
handle = fileno(stdout);
} else {
if (reget) {
handle = sys_open(lname, O_WRONLY|O_CREAT, 0644);
if (handle >= 0) {
start = sys_lseek(handle, 0, SEEK_END);
if (start == -1) {
d_printf("Error seeking local file\n");
return 1;
}
}
} else {
handle = sys_open(lname, O_WRONLY|O_CREAT|O_TRUNC, 0644);
}
newhandle = True;
}
if (handle < 0) {
@ -695,7 +707,7 @@ static int do_get(char *rname,char *lname)
}
DEBUG(2,("getting file %s of size %.0f as %s ",
lname, (double)size, lname));
rname, (double)size, lname));
if(!(data = (char *)malloc(read_size))) {
d_printf("malloc fail for size %d\n", read_size);
@ -704,7 +716,7 @@ static int do_get(char *rname,char *lname)
}
while (1) {
int n = cli_read(cli, fnum, data, nread, read_size);
int n = cli_read(cli, fnum, data, nread + start, read_size);
if (n <= 0) break;
@ -717,7 +729,7 @@ static int do_get(char *rname,char *lname)
nread += n;
}
if (nread < size) {
if (nread + start < size) {
DEBUG (0, ("Short read when getting file %s. Only got %ld bytes.\n",
rname, (long)nread));
@ -782,7 +794,7 @@ static int cmd_get(void)
next_token_nr(NULL,lname,NULL,sizeof(lname));
return do_get(rname, lname);
return do_get(rname, lname, False);
}
@ -816,7 +828,7 @@ static void do_mget(file_info *finfo)
if (!(finfo->mode & aDIR)) {
pstrcpy(rname,cur_dir);
pstrcat(rname,finfo->name);
do_get(rname,finfo->name);
do_get(rname, finfo->name, False);
return;
}
@ -880,7 +892,7 @@ static int cmd_more(void)
}
dos_clean_name(rname);
rc = do_get(rname,lname);
rc = do_get(rname, lname, False);
pager=getenv("PAGER");
@ -1046,10 +1058,11 @@ static int cmd_altname(void)
/****************************************************************************
put a single file
****************************************************************************/
static int do_put(char *rname,char *lname)
static int do_put(char *rname, char *lname, BOOL reput)
{
int fnum;
XFILE *f;
int start = 0;
int nread = 0;
char *buf = NULL;
int maxwrite = io_bufsize;
@ -1058,7 +1071,18 @@ static int do_put(char *rname,char *lname)
struct timeval tp_start;
GetTimeOfDay(&tp_start);
if (reput) {
fnum = cli_open(cli, rname, O_RDWR|O_CREAT, DENY_NONE);
if (fnum >= 0) {
if (!cli_qfileinfo(cli, fnum, NULL, &start, NULL, NULL, NULL, NULL, NULL) &&
!cli_getattrE(cli, fnum, NULL, &start, NULL, NULL, NULL)) {
d_printf("getattrib: %s\n",cli_errstr(cli));
return 1;
}
}
} else {
fnum = cli_open(cli, rname, O_RDWR|O_CREAT|O_TRUNC, DENY_NONE);
}
if (fnum == -1) {
d_printf("%s opening remote file %s\n",cli_errstr(cli),rname);
@ -1075,6 +1099,12 @@ static int do_put(char *rname,char *lname)
/* size of file is not known */
} else {
f = x_fopen(lname,O_RDONLY, 0);
if (f && reput) {
if (x_tseek(f, start, SEEK_SET) == -1) {
d_printf("Error seeking local file\n");
return 1;
}
}
}
if (!f) {
@ -1104,7 +1134,7 @@ static int do_put(char *rname,char *lname)
break;
}
ret = cli_write(cli, fnum, 0, buf, nread, n);
ret = cli_write(cli, fnum, 0, buf, nread + start, n);
if (n != ret) {
d_printf("Error writing file: %s\n", cli_errstr(cli));
@ -1192,7 +1222,7 @@ static int cmd_put(void)
}
}
return do_put(rname,lname);
return do_put(rname, lname, False);
}
/*************************************
@ -1384,7 +1414,7 @@ static int cmd_mput(void)
dos_format(rname);
do_put(rname, lname);
do_put(rname, lname, False);
}
free_file_list(file_list);
SAFE_FREE(quest);
@ -1456,7 +1486,7 @@ static int cmd_print(void)
slprintf(rname, sizeof(rname)-1, "stdin-%d", (int)sys_getpid());
}
return do_put(rname, lname);
return do_put(rname, lname, False);
}
@ -1880,6 +1910,68 @@ static int cmd_lcd(void)
return 0;
}
/****************************************************************************
get a file restarting at end of local file
****************************************************************************/
static int cmd_reget(void)
{
pstring local_name;
pstring remote_name;
char *p;
pstrcpy(remote_name, cur_dir);
pstrcat(remote_name, "\\");
p = remote_name + strlen(remote_name);
if (!next_token_nr(NULL, p, NULL, sizeof(remote_name) - strlen(remote_name))) {
d_printf("reget <filename>\n");
return 1;
}
pstrcpy(local_name, p);
dos_clean_name(remote_name);
next_token_nr(NULL, local_name, NULL, sizeof(local_name));
return do_get(remote_name, local_name, True);
}
/****************************************************************************
put a file restarting at end of local file
****************************************************************************/
static int cmd_reput(void)
{
pstring local_name;
pstring remote_name;
fstring buf;
char *p = buf;
SMB_STRUCT_STAT st;
pstrcpy(remote_name, cur_dir);
pstrcat(remote_name, "\\");
if (!next_token_nr(NULL, p, NULL, sizeof(buf))) {
d_printf("reput <filename>\n");
return 1;
}
pstrcpy(local_name, p);
if (!file_exist(local_name, &st)) {
d_printf("%s does not exist\n", local_name);
return 1;
}
if (next_token_nr(NULL, p, NULL, sizeof(buf)))
pstrcat(remote_name, p);
else
pstrcat(remote_name, local_name);
dos_clean_name(remote_name);
return do_put(remote_name, local_name, True);
}
/****************************************************************************
list a share name
****************************************************************************/
@ -2009,7 +2101,9 @@ static struct
{"quit",cmd_quit,"logoff the server",{COMPL_NONE,COMPL_NONE}},
{"rd",cmd_rmdir,"<directory> remove a directory",{COMPL_NONE,COMPL_NONE}},
{"recurse",cmd_recurse,"toggle directory recursion for mget and mput",{COMPL_NONE,COMPL_NONE}},
{"reget",cmd_reget,"<remote name> [local name] get a file restarting at end of local file",{COMPL_REMOTE,COMPL_LOCAL}},
{"rename",cmd_rename,"<src> <dest> rename some files",{COMPL_REMOTE,COMPL_REMOTE}},
{"reput",cmd_reput,"<local name> [remote name] put a file restarting at end of remote file",{COMPL_LOCAL,COMPL_REMOTE}},
{"rm",cmd_del,"<mask> delete all matching files",{COMPL_REMOTE,COMPL_NONE}},
{"rmdir",cmd_rmdir,"<directory> remove a directory",{COMPL_NONE,COMPL_NONE}},
{"setmode",cmd_setmode,"filename <setmode string> change modes of file",{COMPL_REMOTE,COMPL_NONE}},
@ -2524,16 +2618,21 @@ static int do_message_op(void)
{
struct in_addr ip;
struct nmb_name called, calling;
zero_ip(&ip);
fstring server_name;
char name_type_hex[10];
make_nmb_name(&calling, global_myname, 0x0);
make_nmb_name(&called , desthost, name_type);
safe_strcpy(server_name, desthost, sizeof(server_name));
snprintf(name_type_hex, sizeof(name_type_hex), "#%X", name_type);
safe_strcat(server_name, name_type_hex, sizeof(server_name));
zero_ip(&ip);
if (have_ip) ip = dest_ip;
if (!(cli=cli_initialise(NULL)) || (cli_set_port(cli, port) != port) || !cli_connect(cli, desthost, &ip)) {
if (!(cli=cli_initialise(NULL)) || (cli_set_port(cli, port) != port) ||
!cli_connect(cli, server_name, &ip)) {
d_printf("Connection to %s failed\n", desthost);
return 1;
}
@ -2659,7 +2758,6 @@ static void remember_query_host(const char *arg,
got_pass = True;
memset(strchr_m(getenv("USER"),'%')+1,'X',strlen(password));
}
strupper(username);
}
/* modification to support PASSWD environmental var
@ -2676,7 +2774,6 @@ static void remember_query_host(const char *arg,
if (*username == 0 && getenv("LOGNAME")) {
pstrcpy(username,getenv("LOGNAME"));
strupper(username);
}
if (*username == 0) {

View File

@ -148,8 +148,8 @@ do_mount(char *share_name, unsigned int flags, struct smb_mount_data *data)
uname(&uts);
release = uts.release;
major = strsep(&release, ".");
minor = strsep(&release, ".");
major = strtok(release, ".");
minor = strtok(NULL, ".");
if (major && minor && atoi(major) == 2 && atoi(minor) < 4) {
/* < 2.4, assume struct */
data1 = (char *) data;

2198
source3/configure vendored

File diff suppressed because it is too large Load Diff

View File

@ -147,6 +147,7 @@ AC_SUBST(POBAD_CC)
AC_SUBST(SHLIBEXT)
AC_SUBST(LIBSMBCLIENT_SHARED)
AC_SUBST(LIBSMBCLIENT)
AC_SUBST(PRINTLIBS)
# compile with optimization and without debugging by default
CFLAGS="-O ${CFLAGS}"
@ -431,6 +432,7 @@ AC_CHECK_HEADERS(sys/mman.h sys/filio.h sys/priv.h sys/shm.h string.h strings.h
AC_CHECK_HEADERS(sys/mount.h sys/vfs.h sys/fs/s5param.h sys/filsys.h termios.h termio.h)
AC_CHECK_HEADERS(sys/termio.h sys/statfs.h sys/dustat.h sys/statvfs.h stdarg.h sys/sockio.h)
AC_CHECK_HEADERS(security/pam_modules.h security/_pam_macros.h ldap.h lber.h dlfcn.h)
AC_CHECK_HEADERS(sys/syslog.h syslog.h)
#
# HPUX has a bug in that including shadow.h causes a re-definition of MAXINT.
@ -496,7 +498,7 @@ if test x$enable_cups != xno; then
AC_DEFINE(HAVE_CUPS)
CFLAGS="$CFLAGS `$CUPS_CONFIG --cflags`"
LDFLAGS="$LDFLAGS `$CUPS_CONFIG --ldflags`"
LIBS="$LIBS `$CUPS_CONFIG --libs`"
PRINTLIBS="$PRINTLIBS `$CUPS_CONFIG --libs`"
fi
fi
@ -894,7 +896,14 @@ case "$host_os" in
SONAMEFLAG="-Wl,-h,"
PICFLAG="-KPIC" # Is this correct for SunOS
;;
*bsd*) BLDSHARED="true"
*freebsd*) BLDSHARED="true"
LDSHFLAGS="-shared"
DYNEXP="-Wl,--export-dynamic"
SONAMEFLAG="-Wl,-soname,"
PICFLAG="-fPIC -DPIC"
AC_DEFINE(STAT_ST_BLOCKSIZE,512)
;;
*openbsd*) BLDSHARED="true"
LDSHFLAGS="-shared"
DYNEXP="-Wl,-Bdynamic"
SONAMEFLAG="-Wl,-soname,"
@ -922,12 +931,10 @@ case "$host_os" in
BLDSHARED="true"
LDSHFLAGS="-Wl,-bexpall,-bM:SRE,-bnoentry"
DYNEXP="-Wl,-brtl,-bexpall"
if test "${GCC}" = "yes"; then
PICFLAG="-O2"
else
PICFLAG="-O2 -qmaxmem=6000"
if test "${GCC}" != "yes"; then
## for funky AIX compiler using strncpy()
CFLAGS="$CFLAGS -D_LINUX_SOURCE_COMPAT"
CFLAGS="$CFLAGS -D_LINUX_SOURCE_COMPAT -qmaxmem=32000"
fi
AC_DEFINE(STAT_ST_BLOCKSIZE,DEV_BSIZE)
@ -1820,6 +1827,16 @@ if test x"$samba_cv_HAVE_STAT_ST_BLOCKS" = x"yes"; then
AC_DEFINE(HAVE_STAT_ST_BLOCKS)
fi
AC_CACHE_CHECK([for st_blksize in struct stat],samba_cv_HAVE_STAT_ST_BLKSIZE,[
AC_TRY_COMPILE([#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>],
[struct stat st; st.st_blksize = 0;],
samba_cv_HAVE_STAT_ST_BLKSIZE=yes,samba_cv_HAVE_STAT_ST_BLKSIZE=no,samba_cv_HAVE_STAT_ST_BLKSIZE=cross)])
if test x"$samba_cv_HAVE_STAT_ST_BLKSIZE" = x"yes"; then
AC_DEFINE(HAVE_STAT_ST_BLKSIZE)
fi
case "$host_os" in
*linux*)
AC_CACHE_CHECK([for broken RedHat 7.2 system header files],samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS,[
@ -1924,19 +1941,29 @@ AC_ARG_WITH(dfs,
AC_MSG_RESULT(no)
)
#################################################
# see if this box has the RedHat location for kerberos
AC_MSG_CHECKING(for /usr/kerberos)
if test -d /usr/kerberos; then
LDFLAGS="$LDFLAGS -L/usr/kerberos/lib"
CFLAGS="$CFLAGS -I/usr/kerberos/include"
CPPFLAGS="$CPPFLAGS -I/usr/kerberos/include"
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
# active directory support
with_ads_support=yes
AC_MSG_CHECKING([whether to use Active Directory])
AC_ARG_WITH(ads,
[ --with-ads Active Directory support (default yes)],
[ case "$withval" in
no)
with_ads_support=no
;;
esac ])
if test x"$with_ads_support" = x"yes"; then
AC_DEFINE(WITH_ADS)
fi
AC_MSG_RESULT($with_ads_support)
FOUND_KRB5=no
if test x"$with_ads_support" = x"yes"; then
#################################################
# check for location of Kerberos 5 install
AC_MSG_CHECKING(for kerberos 5 install path)
@ -1952,11 +1979,28 @@ AC_ARG_WITH(krb5,
CFLAGS="$CFLAGS -I$withval/include"
CPPFLAGS="$CPPFLAGS -I$withval/include"
LDFLAGS="$LDFLAGS -L$withval/lib"
FOUND_KRB5=yes
;;
esac ],
AC_MSG_RESULT(no)
)
if test x$FOUND_KRB5 = x"no"; then
#################################################
# see if this box has the RedHat location for kerberos
AC_MSG_CHECKING(for /usr/kerberos)
if test -d /usr/kerberos; then
LDFLAGS="$LDFLAGS -L/usr/kerberos/lib"
CFLAGS="$CFLAGS -I/usr/kerberos/include"
CPPFLAGS="$CPPFLAGS -I/usr/kerberos/include"
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
fi
# now check for krb5.h. Some systems have the libraries without the headers!
# note that this check is done here to allow for different kerberos
# include paths
@ -1981,6 +2025,25 @@ AC_CHECK_LIB(krb5, krb5_mk_req_extended, [LIBS="$LIBS -lkrb5";
# now see if we can find the gssapi libs in standard paths
AC_CHECK_LIB(gssapi_krb5, gss_display_status, [LIBS="$LIBS -lgssapi_krb5";
AC_DEFINE(HAVE_GSSAPI)])
fi
########################################################
# Compile with LDAP support?
with_ldap_support=yes
AC_MSG_CHECKING([whether to use LDAP])
AC_ARG_WITH(ldap,
[ --with-ldap LDAP support (default yes)],
[ case "$withval" in
no)
with_ldap_support=no
;;
esac ])
AC_MSG_RESULT($with_ldap_support)
if test x"$with_ldap_support" = x"yes"; then
##################################################################
# we might need the lber lib on some systems. To avoid link errors
@ -2003,6 +2066,7 @@ AC_CHECK_LIB(ldap, ldap_domain2hostlist, [LIBS="$LIBS -lldap";
#include <ldap.h>], [ldap_set_rebind_proc(0, 0, 0);], [pam_ldap_cv_ldap_set_rebind_proc=3], [pam_ldap_cv_ldap_set_rebind_proc=2]) ])
AC_DEFINE_UNQUOTED(LDAP_SET_REBIND_PROC_ARGS, $pam_ldap_cv_ldap_set_rebind_proc)
fi
fi
#################################################
# check for automount support
@ -2104,7 +2168,7 @@ AC_ARG_WITH(pam_smbpass,
###############################################
# test for where we get crypt() from, but only
# if not using PAM
if test $with_pam_for_crypt = no; then
if test x"$with_pam_for_crypt" = x"no"; then
AC_CHECK_FUNCS(crypt)
if test x"$ac_cv_func_crypt" = x"no"; then
AC_CHECK_LIB(crypt, crypt, [LIBS="$LIBS -lcrypt";
@ -2127,6 +2191,22 @@ if test x"$samba_cv_HAVE_TRUNCATED_SALT" = x"yes"; then
fi
fi
# New experimental SAM system
AC_MSG_CHECKING([whether to build the new (experimental) SAM database])
AC_ARG_WITH(sam,
[ --with-sam Build new (experimental) SAM database (default=no)],
[ case "$withval" in
yes)
AC_MSG_RESULT(yes)
AC_DEFINE(WITH_SAM)
;;
*)
AC_MSG_RESULT(no)
;;
esac ],
AC_MSG_RESULT(no)
)
########################################################################################
@ -2633,6 +2713,163 @@ samba_cv_HAVE_ACL_GET_PERM_NP=yes,samba_cv_HAVE_ACL_GET_PERM_NP=no)])
AC_MSG_RESULT(no)
)
#################################################
# check for sendfile support
AC_MSG_CHECKING(whether to support sendfile)
AC_ARG_WITH(sendfile-support,
[ --with-sendfile-support Include sendfile support (default=no)],
[ case "$withval" in
yes)
case "$host_os" in
*linux*)
AC_CACHE_CHECK([for linux sendfile64 support],samba_cv_HAVE_SENDFILE64,[
AC_TRY_LINK([#include <sys/sendfile.h>],
[\
int tofd, fromfd;
off64_t offset;
size_t total;
ssize_t nwritten = sendfile64(tofd, fromfd, &offset, total);
],
samba_cv_HAVE_SENDFILE64=yes,samba_cv_HAVE_SENDFILE64=no)])
AC_CACHE_CHECK([for linux sendfile support],samba_cv_HAVE_SENDFILE,[
AC_TRY_LINK([#include <sys/sendfile.h>],
[\
int tofd, fromfd;
off_t offset;
size_t total;
ssize_t nwritten = sendfile(tofd, fromfd, &offset, total);
],
samba_cv_HAVE_SENDFILE=yes,samba_cv_HAVE_SENDFILE=no)])
# Try and cope with broken Linux sendfile....
AC_CACHE_CHECK([for broken linux sendfile support],samba_cv_HAVE_BROKEN_LINUX_SENDFILE,[
AC_TRY_LINK([\
#if defined(_FILE_OFFSET_BITS) && (_FILE_OFFSET_BITS == 64)
#undef _FILE_OFFSET_BITS
#endif
#include <sys/sendfile.h>],
[\
int tofd, fromfd;
off_t offset;
size_t total;
ssize_t nwritten = sendfile(tofd, fromfd, &offset, total);
],
samba_cv_HAVE_BROKEN_LINUX_SENDFILE=yes,samba_cv_HAVE_BROKEN_LINUX_SENDFILE=no)])
if test x"$samba_cv_HAVE_SENDFILE64" = x"yes"; then
AC_DEFINE(HAVE_SENDFILE64)
AC_DEFINE(LINUX_SENDFILE_API)
AC_DEFINE(WITH_SENDFILE)
elif test x"$samba_cv_HAVE_SENDFILE" = x"yes"; then
AC_DEFINE(HAVE_SENDFILE)
AC_DEFINE(LINUX_SENDFILE_API)
AC_DEFINE(WITH_SENDFILE)
elif test x"$samba_cv_HAVE_BROKEN_LINUX_SENDFILE" = x"yes"; then
AC_DEFINE(LINUX_BROKEN_SENDFILE_API)
AC_DEFINE(WITH_SENDFILE)
else
AC_MSG_RESULT(no);
fi
;;
*freebsd*)
AC_CACHE_CHECK([for freebsd sendfile support],samba_cv_HAVE_SENDFILE,[
AC_TRY_LINK([\
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/uio.h>],
[\
int fromfd, tofd;
off_t offset, nwritten;
struct sf_hdtr hdr;
struct iovec hdtrl;
hdr->headers = &hdtrl;
hdr->hdr_cnt = 1;
hdr->trailers = NULL;
hdr->trl_cnt = 0;
hdtrl.iov_base = NULL;
hdtrl.iov_len = 0;
int ret = sendfile(fromfd, tofd, offset, total, &hdr, &nwritten, 0);
],
samba_cv_HAVE_SENDFILE=yes,samba_cv_HAVE_SENDFILE=no)])
if test x"$samba_cv_HAVE_SENDFILE" = x"yes"; then
AC_DEFINE(HAVE_SENDFILE)
AC_DEFINE(FREEBSD_SENDFILE_API)
AC_DEFINE(WITH_SENDFILE)
else
AC_MSG_RESULT(no);
fi
;;
*hpux*)
AC_CACHE_CHECK([for hpux sendfile64 support],samba_cv_HAVE_SENDFILE64,[
AC_TRY_LINK([\
#include <sys/socket.h>
#include <sys/uio.h>],
[\
int fromfd, tofd;
size_t total=0;
struct iovec hdtrl[2];
ssize_t nwritten;
off64_t offset;
hdtrl[0].iov_base = 0;
hdtrl[0].iov_len = 0;
nwritten = sendfile64(tofd, fromfd, offset, total, &hdtrl[0], 0);
],
samba_cv_HAVE_SENDFILE64=yes,samba_cv_HAVE_SENDFILE64=no)])
if test x"$samba_cv_HAVE_SENDFILE64" = x"yes"; then
AC_DEFINE(HAVE_SENDFILE64)
AC_DEFINE(HPUX_SENDFILE_API)
AC_DEFINE(WITH_SENDFILE)
else
AC_MSG_RESULT(no);
fi
AC_CACHE_CHECK([for hpux sendfile support],samba_cv_HAVE_SENDFILE,[
AC_TRY_LINK([\
#include <sys/socket.h>
#include <sys/uio.h>],
[\
int fromfd, tofd;
size_t total=0;
struct iovec hdtrl[2];
ssize_t nwritten;
off_t offset;
hdtrl[0].iov_base = 0;
hdtrl[0].iov_len = 0;
nwritten = sendfile(tofd, fromfd, offset, total, &hdtrl[0], 0);
],
samba_cv_HAVE_SENDFILE=yes,samba_cv_HAVE_SENDFILE=no)])
if test x"$samba_cv_HAVE_SENDFILE" = x"yes"; then
AC_DEFINE(HAVE_SENDFILE)
AC_DEFINE(HPUX_SENDFILE_API)
AC_DEFINE(WITH_SENDFILE)
else
AC_MSG_RESULT(no);
fi
;;
*)
;;
esac
;;
*)
AC_MSG_RESULT(no)
;;
esac ],
AC_MSG_RESULT(no)
)
#################################################
# Check whether winbind is supported on this platform. If so we need to
# build and install client programs (WINBIND_TARGETS), sbin programs
@ -2778,6 +3015,26 @@ fi
AC_SUBST(BUILD_POPT)
AC_SUBST(FLAGS1)
#################################################
# Check if the user wants Python
# At the moment, you can use this to set which Python binary to link
# against. (Libraries built for Python2.2 can't be used by 2.1,
# though they can coexist in different directories.) In the future
# this might make the Python stuff be built by default.
AC_ARG_WITH(python,
[ --with-python=PYTHONNAME build Python libraries],
[ case "${withval-python}" in
yes)
PYTHON=python
;;
*)
PYTHON=${withval-python}
;;
esac ])
AC_SUBST(PYTHON)
#################################################
# do extra things if we are running insure
@ -2797,7 +3054,10 @@ AC_TRY_RUN([#include "${srcdir-.}/tests/summary.c"],
builddir=`pwd`
AC_SUBST(builddir)
AC_OUTPUT(include/stamp-h Makefile script/findsmb ../examples/VFS/Makefile ../examples/VFS/block/Makefile)
# I added make files that are outside /source directory.
# I know this is not a good solution, will work out a better
# solution soon. --simo
AC_OUTPUT(include/stamp-h Makefile script/findsmb ../examples/VFS/Makefile ../examples/pdb/mysql/Makefile ../examples/pdb/xml/Makefile ../examples/sam/Makefile)
#################################################
# Print very concise instructions on building/use

View File

@ -41,9 +41,7 @@ BOOL initialise_alias_db(void)
return True;
}
#ifdef WITH_NISPLUS
aldb_ops = nisplus_initialise_alias_db();
#elif defined(WITH_LDAP)
#ifdef WITH_LDAP
aldb_ops = ldap_initialise_alias_db();
#else
aldb_ops = file_initialise_alias_db();

View File

@ -39,9 +39,7 @@ BOOL initialise_group_db(void)
return True;
}
#ifdef WITH_NISPLUS
gpdb_ops = nisplus_initialise_group_db();
#elif defined(WITH_LDAP)
#ifdef WITH_LDAP
gpdb_ops = ldap_initialise_group_db();
#else
gpdb_ops = file_initialise_group_db();

View File

@ -434,7 +434,7 @@ BOOL check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set)
}
/****************************************************************************
remove a privilege to a privilege array
remove a privilege from a privilege array
****************************************************************************/
BOOL remove_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set)
{
@ -1156,16 +1156,42 @@ BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids)
Create a UNIX group on demand.
****************************************************************************/
int smb_create_group(char *unix_group)
int smb_create_group(char *unix_group, gid_t *new_gid)
{
pstring add_script;
int ret;
int fd = 0;
pstrcpy(add_script, lp_addgroup_script());
if (! *add_script) return -1;
pstring_sub(add_script, "%g", unix_group);
ret = smbrun(add_script,NULL);
ret = smbrun(add_script, (new_gid!=NULL) ? &fd : NULL);
DEBUG(3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret));
if (ret != 0)
return ret;
if (fd != 0) {
fstring output;
*new_gid = 0;
if (read(fd, output, sizeof(output)) > 0) {
*new_gid = (gid_t)strtoul(output, NULL, 10);
}
close(fd);
if (*new_gid == 0) {
/* The output was garbage. We assume nobody
will create group 0 via smbd. Now we try to
get the group via getgrnam. */
struct group *grp = getgrnam(unix_group);
if (grp != NULL)
*new_gid = grp->gr_gid;
else
return 1;
}
}
return ret;
}
@ -1187,7 +1213,25 @@ int smb_delete_group(char *unix_group)
}
/****************************************************************************
Create a UNIX group on demand.
Set a user's primary UNIX group.
****************************************************************************/
int smb_set_primary_group(const char *unix_group, const char* unix_user)
{
pstring add_script;
int ret;
pstrcpy(add_script, lp_setprimarygroup_script());
if (! *add_script) return -1;
all_string_sub(add_script, "%g", unix_group, sizeof(add_script));
all_string_sub(add_script, "%u", unix_user, sizeof(add_script));
ret = smbrun(add_script,NULL);
DEBUG(3,("smb_set_primary_group: "
"Running the command `%s' gave %d\n",add_script,ret));
return ret;
}
/****************************************************************************
Add a user to a UNIX group.
****************************************************************************/
int smb_add_user_group(char *unix_group, char *unix_user)
@ -1205,7 +1249,7 @@ int smb_add_user_group(char *unix_group, char *unix_user)
}
/****************************************************************************
Delete a UNIX group on demand.
Delete a user from a UNIX group
****************************************************************************/
int smb_delete_user_group(const char *unix_group, const char *unix_user)

View File

@ -24,7 +24,8 @@ typedef struct {
char *password;
char *user_name;
char *kdc_server;
int no_bind;
unsigned flags;
int time_offset;
} auth;
/* info derived from the servers config */
@ -32,6 +33,7 @@ typedef struct {
char *realm;
char *bind_path;
char *ldap_server_name;
time_t current_time;
} config;
} ADS_STRUCT;
@ -92,11 +94,14 @@ typedef struct {
/* there are 4 possible types of errors the ads subsystem can produce */
enum ads_error_type {ADS_ERROR_KRB5, ADS_ERROR_GSS,
ADS_ERROR_LDAP, ADS_ERROR_SYSTEM};
ADS_ERROR_LDAP, ADS_ERROR_SYSTEM, ADS_ERROR_NT};
typedef struct {
enum ads_error_type error_type;
union err_state{
int rc;
NTSTATUS nt_status;
} err;
/* For error_type = ADS_ERROR_GSS minor_status describe GSS API error */
/* Where rc represents major_status of GSS API error */
int minor_status;
@ -109,12 +114,14 @@ typedef void **ADS_MODLIST;
#endif
/* macros to simplify error returning */
#define ADS_ERROR(rc) ads_build_error(ADS_ERROR_LDAP, rc, 0)
#define ADS_ERROR(rc) ADS_ERROR_LDAP(rc)
#define ADS_ERROR_LDAP(rc) ads_build_error(ADS_ERROR_LDAP, rc, 0)
#define ADS_ERROR_SYSTEM(rc) ads_build_error(ADS_ERROR_SYSTEM, rc?rc:EINVAL, 0)
#define ADS_ERROR_KRB5(rc) ads_build_error(ADS_ERROR_KRB5, rc, 0)
#define ADS_ERROR_GSS(rc, minor) ads_build_error(ADS_ERROR_GSS, rc, minor)
#define ADS_ERROR_NT(rc) ads_build_nt_error(ADS_ERROR_NT,rc)
#define ADS_ERR_OK(status) ((status).rc == 0)
#define ADS_ERR_OK(status) ((status.error_type == ADS_ERROR_NT) ? NT_STATUS_IS_OK(status.err.nt_status):(status.err.rc == 0))
#define ADS_SUCCESS ADS_ERROR(0)
/* time between reconnect attempts */
@ -127,24 +134,102 @@ typedef void **ADS_MODLIST;
#define ADS_PAGE_CTL_OID "1.2.840.113556.1.4.319"
#define ADS_NO_REFERRALS_OID "1.2.840.113556.1.4.1339"
#define ADS_SERVER_SORT_OID "1.2.840.113556.1.4.473"
#define ADS_PERMIT_MODIFY_OID "1.2.840.113556.1.4.1413"
#define UF_DONT_EXPIRE_PASSWD 0x10000
#define UF_MNS_LOGON_ACCOUNT 0x20000
#define UF_SMARTCARD_REQUIRED 0x40000
#define UF_TRUSTED_FOR_DELEGATION 0x80000
#define UF_NOT_DELEGATED 0x100000
#define UF_USE_DES_KEY_ONLY 0x200000
#define UF_DONT_REQUIRE_PREAUTH 0x400000
/* UserFlags for userAccountControl */
#define UF_SCRIPT 0x00000001
#define UF_ACCOUNTDISABLE 0x00000002
#define UF_UNUSED_1 0x00000004
#define UF_HOMEDIR_REQUIRED 0x00000008
#define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
#define UF_NORMAL_ACCOUNT 0x0200
#define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
#define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
#define UF_SERVER_TRUST_ACCOUNT 0x2000
#define UF_LOCKOUT 0x00000010
#define UF_PASSWD_NOTREQD 0x00000020
#define UF_PASSWD_CANT_CHANGE 0x00000040
#define UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED 0x00000080
/* account types */
#define ATYPE_GROUP 0x10000000
#define ATYPE_USER 0x30000000
#define UF_TEMP_DUPLICATE_ACCOUNT 0x00000100
#define UF_NORMAL_ACCOUNT 0x00000200
#define UF_UNUSED_2 0x00000400
#define UF_INTERDOMAIN_TRUST_ACCOUNT 0x00000800
#define UF_WORKSTATION_TRUST_ACCOUNT 0x00001000
#define UF_SERVER_TRUST_ACCOUNT 0x00002000
#define UF_UNUSED_3 0x00004000
#define UF_UNUSED_4 0x00008000
#define UF_DONT_EXPIRE_PASSWD 0x00010000
#define UF_MNS_LOGON_ACCOUNT 0x00020000
#define UF_SMARTCARD_REQUIRED 0x00040000
#define UF_TRUSTED_FOR_DELEGATION 0x00080000
#define UF_NOT_DELEGATED 0x00100000
#define UF_USE_DES_KEY_ONLY 0x00200000
#define UF_DONT_REQUIRE_PREAUTH 0x00400000
#define UF_UNUSED_5 0x00800000
#define UF_UNUSED_6 0x01000000
#define UF_UNUSED_7 0x02000000
#define UF_UNUSED_8 0x04000000
#define UF_UNUSED_9 0x08000000
#define UF_UNUSED_10 0x10000000
#define UF_UNUSED_11 0x20000000
#define UF_UNUSED_12 0x40000000
#define UF_UNUSED_13 0x80000000
#define UF_MACHINE_ACCOUNT_MASK (\
UF_INTERDOMAIN_TRUST_ACCOUNT |\
UF_WORKSTATION_TRUST_ACCOUNT |\
UF_SERVER_TRUST_ACCOUNT \
)
#define UF_ACCOUNT_TYPE_MASK (\
UF_TEMP_DUPLICATE_ACCOUNT |\
UF_NORMAL_ACCOUNT |\
UF_INTERDOMAIN_TRUST_ACCOUNT |\
UF_WORKSTATION_TRUST_ACCOUNT |\
UF_SERVER_TRUST_ACCOUNT \
)
#define UF_SETTABLE_BITS (\
UF_SCRIPT |\
UF_ACCOUNTDISABLE |\
UF_HOMEDIR_REQUIRED |\
UF_LOCKOUT |\
UF_PASSWD_NOTREQD |\
UF_PASSWD_CANT_CHANGE |\
UF_ACCOUNT_TYPE_MASK | \
UF_DONT_EXPIRE_PASSWD | \
UF_MNS_LOGON_ACCOUNT |\
UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED |\
UF_SMARTCARD_REQUIRED |\
UF_TRUSTED_FOR_DELEGATION |\
UF_NOT_DELEGATED |\
UF_USE_DES_KEY_ONLY |\
UF_DONT_REQUIRE_PREAUTH \
)
/* sAMAccountType */
#define ATYPE_NORMAL_ACCOUNT 0x30000000 /* 805306368 */
#define ATYPE_WORKSTATION_TRUST 0x30000001 /* 805306369 */
#define ATYPE_INTERDOMAIN_TRUST 0x30000002 /* 805306370 */
#define ATYPE_SECURITY_GLOBAL_GROUP 0x10000000 /* 268435456 */
#define ATYPE_DISTRIBUTION_GLOBAL_GROUP 0x10000001 /* 268435457 */
#define ATYPE_DISTRIBUTION_UNIVERSAL_GROUP ATYPE_DISTRIBUTION_GLOBAL_GROUP
#define ATYPE_SECURITY_LOCAL_GROUP 0x20000000 /* 536870912 */
#define ATYPE_DISTRIBUTION_LOCAL_GROUP 0x20000001 /* 536870913 */
#define ATYPE_ACCOUNT ATYPE_NORMAL_ACCOUNT /* 0x30000000 805306368 */
#define ATYPE_GLOBAL_GROUP ATYPE_SECURITY_GLOBAL_GROUP /* 0x10000000 268435456 */
#define ATYPE_LOCAL_GROUP ATYPE_SECURITY_LOCAL_GROUP /* 0x20000000 536870912 */
/* groupType */
#define GTYPE_SECURITY_BUILTIN_LOCAL_GROUP 0x80000005 /* -2147483643 */
#define GTYPE_SECURITY_DOMAIN_LOCAL_GROUP 0x80000004 /* -2147483644 */
#define GTYPE_SECURITY_GLOBAL_GROUP 0x80000002 /* -2147483646 */
#define GTYPE_DISTRIBUTION_GLOBAL_GROUP 0x00000002 /* 2 */
#define GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP 0x00000004 /* 4 */
#define GTYPE_DISTRIBUTION_UNIVERSAL_GROUP 0x00000008 /* 8 */
/* Mailslot or cldap getdcname response flags */
#define ADS_PDC 0x00000001 /* DC is PDC */
@ -167,3 +252,8 @@ typedef void **ADS_MODLIST;
/* DomainCntrollerAddressType */
#define ADS_INET_ADDRESS 0x00000001
#define ADS_NETBIOS_ADDRESS 0x00000002
/* ads auth control flags */
#define ADS_AUTH_DISABLE_KERBEROS 1
#define ADS_AUTH_NO_BIND 2

View File

@ -45,6 +45,7 @@ typedef struct {
#define ASN1_BOOLEAN 0x1
#define ASN1_INTEGER 0x2
#define ASN1_ENUMERATED 0xa
#define ASN1_SET 0x31
#define ASN1_MAX_OIDS 20

View File

@ -60,6 +60,7 @@ struct print_job_info
typedef struct smb_sign_info {
BOOL use_smb_signing;
BOOL negotiated_smb_signing;
BOOL temp_smb_signing;
size_t mac_key_len;
uint8 mac_key[44];
uint32 send_seq_num;

View File

@ -232,6 +232,7 @@
#undef MMAP_BLACKLIST
#undef HAVE_IMMEDIATE_STRUCTURES
#undef HAVE_CUPS
#undef WITH_SAM
#undef WITH_LDAP_SAM
#undef WITH_NISPLUS_SAM
#undef WITH_TDB_SAM
@ -252,6 +253,7 @@
#undef HAVE_LDAP
#undef HAVE_STAT_ST_BLOCKS
#undef STAT_ST_BLOCKSIZE
#undef HAVE_STAT_ST_BLKSIZE
#undef HAVE_DEVICE_MAJOR_FN
#undef HAVE_DEVICE_MINOR_FN
#undef HAVE_PASSWD_PW_COMMENT
@ -286,6 +288,14 @@
#endif
#undef LDAP_SET_REBIND_PROC_ARGS
#undef HAVE_SENDFILE
#undef HAVE_SENDFILE64
#undef LINUX_SENDFILE_API
#undef LINUX_BROKEN_SENDFILE_API
#undef WITH_SENDFILE
#undef FREEBSD_SENDFILE_API
#undef HPUX_SENDFILE_API
#undef WITH_ADS
/* The number of bytes in a int. */
#undef SIZEOF_INT
@ -1088,6 +1098,9 @@
/* Define if you have the <sys/syscall.h> header file. */
#undef HAVE_SYS_SYSCALL_H
/* Define if you have the <sys/syslog.h> header file. */
#undef HAVE_SYS_SYSLOG_H
/* Define if you have the <sys/termio.h> header file. */
#undef HAVE_SYS_TERMIO_H
@ -1106,6 +1119,9 @@
/* Define if you have the <syscall.h> header file. */
#undef HAVE_SYSCALL_H
/* Define if you have the <syslog.h> header file. */
#undef HAVE_SYSLOG_H
/* Define if you have the <termio.h> header file. */
#undef HAVE_TERMIO_H

View File

@ -89,9 +89,10 @@ extern int DEBUGLEVEL;
#define DBGC_RPC_SRV 6
#define DBGC_RPC_CLI 7
#define DBGC_PASSDB 8
#define DBGC_AUTH 9
#define DBGC_WINBIND 10
#define DBGC_SAM 9
#define DBGC_AUTH 10
#define DBGC_WINBIND 11
#define DBGC_VFS 12
/* So you can define DBGC_CLASS before including debug.h */
#ifndef DBGC_CLASS

View File

@ -148,17 +148,20 @@
/* these are win32 error codes. There are only a few places where
these matter for Samba, primarily in the NT printing code */
#define WERR_OK W_ERROR(0)
#define WERR_BADFUNC W_ERROR(1)
#define WERR_BADFILE W_ERROR(2)
#define WERR_ACCESS_DENIED W_ERROR(5)
#define WERR_BADFID W_ERROR(6)
#define WERR_BADFUNC W_ERROR(1)
#define WERR_INSUFFICIENT_BUFFER W_ERROR(122)
#define WERR_NOMEM W_ERROR(8)
#define WERR_GENERAL_FAILURE W_ERROR(31)
#define WERR_NOT_SUPPORTED W_ERROR(50)
#define WERR_PRINTQ_FULL W_ERROR(61)
#define WERR_NO_SPOOL_SPACE W_ERROR(62)
#define WERR_NO_SUCH_SHARE W_ERROR(67)
#define WERR_ALREADY_EXISTS W_ERROR(80)
#define WERR_INVALID_PARAM W_ERROR(87)
#define WERR_NOT_SUPPORTED W_ERROR(50)
#define WERR_BAD_PASSWORD W_ERROR(86)
#define WERR_NOMEM W_ERROR(8)
#define WERR_INVALID_PARAM W_ERROR(87)
#define WERR_INSUFFICIENT_BUFFER W_ERROR(122)
#define WERR_INVALID_NAME W_ERROR(123)
#define WERR_UNKNOWN_LEVEL W_ERROR(124)
#define WERR_OBJECT_PATH_INVALID W_ERROR(161)

View File

@ -216,7 +216,15 @@
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#ifdef HAVE_SYSLOG_H
#include <syslog.h>
#else
#ifdef HAVE_SYS_SYSLOG_H
#include <sys/syslog.h>
#endif
#endif
#include <sys/file.h>
#ifdef HAVE_NETINET_TCP_H
@ -406,18 +414,14 @@
#if HAVE_GSSAPI_GSSAPI_H
#include <gssapi/gssapi.h>
#else
#undef HAVE_KRB5
#endif
#if HAVE_GSSAPI_GSSAPI_GENERIC_H
#include <gssapi/gssapi_generic.h>
#else
#undef HAVE_KRB5
#endif
/* we support ADS if we have krb5 and ldap libs */
#if defined(HAVE_KRB5) && defined(HAVE_LDAP) && defined(HAVE_GSSAPI)
/* we support ADS if we want it and have krb5 and ldap libs */
#if defined(WITH_ADS) && defined(HAVE_KRB5) && defined(HAVE_LDAP)
#define HAVE_ADS
#endif
@ -702,6 +706,7 @@ extern int errno;
#include "../tdb/spinlock.h"
#include "../tdb/tdbutil.h"
#include "talloc.h"
#include "nt_status.h"
#include "ads.h"
#include "interfaces.h"
#include "hash.h"
@ -747,6 +752,8 @@ extern int errno;
#include "passdb.h"
#include "sam.h"
#include "session.h"
#include "asn_1.h"
@ -755,6 +762,8 @@ extern int errno;
#include "mangle.h"
#include "nsswitch/winbind_client.h"
/*
* Type for wide character dirent structure.
* Only d_name is defined by POSIX.
@ -794,6 +803,11 @@ struct functable {
#include "nsswitch/nss.h"
/* forward declaration from printing.h to get around
header file dependencies */
struct printjob;
/***** automatically generated prototypes *****/
#include "proto.h"
@ -895,24 +909,6 @@ struct functable {
#define ULTRIX_AUTH 1
#endif
#ifdef HAVE_LIBREADLINE
# ifdef HAVE_READLINE_READLINE_H
# include <readline/readline.h>
# ifdef HAVE_READLINE_HISTORY_H
# include <readline/history.h>
# endif
# else
# ifdef HAVE_READLINE_H
# include <readline.h>
# ifdef HAVE_HISTORY_H
# include <history.h>
# endif
# else
# undef HAVE_LIBREADLINE
# endif
# endif
#endif
#ifndef HAVE_STRDUP
char *strdup(const char *s);
#endif

View File

@ -333,7 +333,7 @@ typedef struct _SMBCCTX {
/** Space to store private data of the server cache.
*/
void * server_cache;
struct smbc_server_cache * server_cache;
/** INTERNAL functions
* do _NOT_ touch these from your program !

View File

@ -67,10 +67,6 @@
#define MAX_OPEN_FILES 10000
#endif
/* the max number of simultanous connections to the server by all clients */
/* zero means no limit. */
#define MAXSTATUS 0
#define WORDMAX 0xFFFF
/* the maximum password length before we declare a likely attack */
@ -117,7 +113,7 @@
#endif
/* the size of the uid cache used to reduce valid user checks */
#define UID_CACHE_SIZE 4
#define VUID_CACHE_SIZE 32
/* the following control timings of various actions. Don't change
them unless you know what you are doing. These are all in seconds */
@ -126,7 +122,6 @@
#define IDLE_CLOSED_TIMEOUT (60)
#define DPTR_IDLE_TIMEOUT (120)
#define SMBD_SELECT_TIMEOUT (60)
#define SMBD_SELECT_TIMEOUT_WITH_PENDING_LOCKS (10)
#define NMBD_SELECT_LOOP (10)
#define BROWSE_INTERVAL (60)
#define REGISTRATION_INTERVAL (10*60)

View File

@ -59,4 +59,12 @@
#define MSG_SMB_SAM_SYNC 3003
#define MSG_SMB_SAM_REPL 3004
/* Flags to classify messages - used in message_send_all() */
/* Sender will filter by flag. */
#define FLAG_MSG_GENERAL 0x0001
#define FLAG_MSG_SMBD 0x0002
#define FLAG_MSG_NMBD 0x0004
#define FLAG_MSG_PRINTING 0x0008
#endif

View File

@ -181,6 +181,7 @@ typedef struct nt_printer_driver_info_level
#define SPOOL_DSDRIVER_KEY "DsDriver"
#define SPOOL_DSUSER_KEY "DsUser"
#define SPOOL_PNPDATA_KEY "PnPData"
#define SPOOL_OID_KEY "OID"
/* container for a single registry key */
@ -350,7 +351,7 @@ typedef struct _form
#define SPOOLSS_NOTIFY_MSG_UNIX_JOBID 0x0001 /* Job id is unix */
struct spoolss_notify_msg {
typedef struct spoolss_notify_msg {
fstring printer; /* Name of printer notified */
uint32 type; /* Printer or job notify */
uint32 field; /* Notify field changed */
@ -361,6 +362,18 @@ struct spoolss_notify_msg {
uint32 value[2];
char *data;
} notify;
};
} SPOOLSS_NOTIFY_MSG;
typedef struct {
fstring printername;
uint32 num_msgs;
SPOOLSS_NOTIFY_MSG *msgs;
} SPOOLSS_NOTIFY_MSG_GROUP;
typedef struct {
TALLOC_CTX *ctx;
uint32 num_groups;
SPOOLSS_NOTIFY_MSG_GROUP *msg_groups;
} SPOOLSS_NOTIFY_MSG_CTR;
#endif /* NT_PRINTING_H_ */

View File

@ -43,6 +43,7 @@ struct printjob {
fstring jobname; /* the job name given to us by the client */
fstring user; /* the user who started the job */
fstring queuename; /* service number of printer for this job */
NT_DEVICEMODE *nt_devmode;
};
/* Information for print interfaces */

View File

@ -4,6 +4,7 @@
Copyright (C) Andrew Tridgell 1992-1997
Copyright (C) Luke Kenneth Casson Leighton 1996-1997
Copyright (C) Paul Ashton 1997
Copyright (C) Jean Fran<61>ois Micouleau 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -36,6 +37,7 @@
#define NET_LOGON_CTRL2 0x0e
#define NET_SAM_SYNC 0x10
#define NET_TRUST_DOM_LIST 0x13
#define NET_AUTH3 0x1a
/* Secure Channel types. used in NetrServerAuthenticate negotiation */
#define SEC_CHAN_WKSTA 2
@ -43,22 +45,27 @@
#define SEC_CHAN_BDC 6
/* Returned delta types */
#define SAM_DELTA_DOMAIN_INFO 0x01 /* Domain */
#define SAM_DELTA_GROUP_INFO 0x02 /* Domain groups */
#define SAM_DELTA_ACCOUNT_INFO 0x05 /* Users */
#define SAM_DELTA_GROUP_MEM 0x08 /* Group membership */
#define SAM_DELTA_ALIAS_INFO 0x09 /* Local groups */
#define SAM_DELTA_ALIAS_MEM 0x0C /* Local group membership */
#define SAM_DELTA_DOM_INFO 0x0D /* Privilige stuff */
#define SAM_DELTA_UNK0E_INFO 0x0e /* Privilige stuff */
#define SAM_DELTA_PRIVS_INFO 0x10 /* Privilige stuff */
#define SAM_DELTA_UNK12_INFO 0x12 /* Privilige stuff */
#define SAM_DELTA_SAM_STAMP 0x16 /* Some kind of journal record? */
#define SAM_DELTA_DOMAIN_INFO 0x01
#define SAM_DELTA_GROUP_INFO 0x02
#define SAM_DELTA_RENAME_GROUP 0x04
#define SAM_DELTA_ACCOUNT_INFO 0x05
#define SAM_DELTA_RENAME_USER 0x07
#define SAM_DELTA_GROUP_MEM 0x08
#define SAM_DELTA_ALIAS_INFO 0x09
#define SAM_DELTA_RENAME_ALIAS 0x0b
#define SAM_DELTA_ALIAS_MEM 0x0c
#define SAM_DELTA_POLICY_INFO 0x0d
#define SAM_DELTA_TRUST_DOMS 0x0e
#define SAM_DELTA_PRIVS_INFO 0x10 /* DT_DELTA_ACCOUNTS */
#define SAM_DELTA_SECRET_INFO 0x12
#define SAM_DELTA_DELETE_GROUP 0x14
#define SAM_DELTA_DELETE_USER 0x15
#define SAM_DELTA_MODIFIED_COUNT 0x16
/* SAM database types */
#define SAM_DATABASE_DOMAIN 0x00 /* Domain users and groups */
#define SAM_DATABASE_BUILTIN 0x01 /* BUILTIN users and groups */
#define SAM_DATABASE_PRIVS 0x02 /* Priviliges? */
#define SAM_DATABASE_PRIVS 0x02 /* Privileges */
#if 0
/* I think this is correct - it's what gets parsed on the wire. JRA. */
@ -157,8 +164,8 @@ typedef struct net_user_info_3
uint32 buffer_dom_id; /* undocumented logon domain id pointer */
uint8 padding[40]; /* unused padding bytes. expansion room */
uint32 num_other_sids; /* 0 - num_sids */
uint32 buffer_other_sids; /* NULL - undocumented pointer to SIDs. */
uint32 num_other_sids; /* number of foreign/trusted domain sids */
uint32 buffer_other_sids;
UNISTR2 uni_user_name; /* username unicode string */
UNISTR2 uni_full_name; /* user's full name unicode string */
@ -177,7 +184,7 @@ typedef struct net_user_info_3
uint32 num_other_groups; /* other groups */
DOM_GID *other_gids; /* group info */
DOM_SID2 *other_sids; /* undocumented - domain SIDs */
DOM_SID2 *other_sids; /* foreign/trusted domain SIDs */
} NET_USER_INFO_3;
@ -370,6 +377,23 @@ typedef struct net_r_auth2_info
NTSTATUS status; /* return code */
} NET_R_AUTH_2;
/* NET_Q_AUTH_3 */
typedef struct net_q_auth3_info
{
DOM_LOG_INFO clnt_id; /* client identification info */
DOM_CHAL clnt_chal; /* client-calculated credentials */
NEG_FLAGS clnt_flgs; /* usually 0x6007 ffff */
} NET_Q_AUTH_3;
/* NET_R_AUTH_3 */
typedef struct net_r_auth3_info
{
DOM_CHAL srv_chal; /* server-calculated credentials */
NEG_FLAGS srv_flgs; /* usually 0x6007 ffff */
uint32 unknown; /* 0x0000045b */
NTSTATUS status; /* return code */
} NET_R_AUTH_3;
/* NET_Q_SRV_PWSET */
typedef struct net_q_srv_pwset_info
@ -692,51 +716,37 @@ typedef struct sam_alias_mem_info_info
} SAM_ALIAS_MEM_INFO;
/* SAM_DELTA_DOM (0x0D) */
/* SAM_DELTA_POLICY (0x0D) */
typedef struct
{
uint32 unknown1; /* 0x5000 */
uint32 unknown2; /* 0 */
uint32 unknown3; /* 0 */
uint32 unknown4; /* 0 */
uint32 count1;
uint32 ptr1;
uint16 count2;
uint16 count3;
uint32 ptr2;
uint32 ptr3;
uint32 max_log_size; /* 0x5000 */
UINT64_S audit_retention_period; /* 0 */
uint32 auditing_mode; /* 0 */
uint32 num_events;
uint32 ptr_events;
UNIHDR hdr_dom_name;
uint32 sid_ptr;
uint32 unknown4b; /* 0x02000000 */
uint32 unknown5; /* 0x00100000 */
uint32 unknown6; /* 0x00010000 */
uint32 unknown7; /* 0x0f000000 */
uint32 unknown8; /* 0 */
uint32 unknown9; /* 0 */
uint32 unknown10; /* 0 */
uint32 unknown11; /* 0x3c*/
uint32 unknown12; /* 0*/
uint32 paged_pool_limit; /* 0x02000000 */
uint32 non_paged_pool_limit; /* 0x00100000 */
uint32 min_workset_size; /* 0x00010000 */
uint32 max_workset_size; /* 0x0f000000 */
uint32 page_file_limit; /* 0 */
UINT64_S time_limit; /* 0 */
NTTIME modify_time; /* 0x3c*/
NTTIME create_time; /* a7080110 */
BUFHDR2 hdr_sec_desc;
uint32 unknown13; /* a7080110 */
uint32 unknown14; /* 01bfb0dd */
uint32 unknown15; /* 0f */
uint32 unknown16; /* 68 */
uint32 unknown17; /* 00169000 */
uint32 count4;
uint32 unknown18; /* 0 times count4 */
uint32 unknown19; /* 8 */
uint32 unknown20; /* 0x04 times count1 */
uint32 ptr4;
uint32 num_event_audit_options;
uint32 event_audit_option;
UNISTR2 domain_name;
DOM_SID2 domain_sid;
} SAM_DELTA_DOM;
BUFFER4 buf_sec_desc;
} SAM_DELTA_POLICY;
/* SAM_DELTA_UNK0E (0x0e) */
/* SAM_DELTA_TRUST_DOMS */
typedef struct
{
uint32 buf_size;
@ -754,34 +764,29 @@ typedef struct
uint32 unknown3;
UNISTR2 domain;
} SAM_DELTA_UNK0E;
} SAM_DELTA_TRUSTDOMS;
/* SAM_DELTA_PRIVS (0x10) */
typedef struct
{
uint32 buf_size;
SEC_DESC *sec_desc;
DOM_SID2 sid;
uint32 priv_count;
uint32 reserved1; /* 0x0 */
uint32 priv_control;
uint32 ptr1;
uint32 ptr2;
uint32 priv_attr_ptr;
uint32 priv_name_ptr;
uint32 unknown1;
uint32 unknown2;
uint32 unknown3;
uint32 unknown4;
uint32 unknown5;
uint32 unknown6;
uint32 unknown7;
uint32 unknown8;
uint32 unknown9;
uint32 paged_pool_limit; /* 0x02000000 */
uint32 non_paged_pool_limit; /* 0x00100000 */
uint32 min_workset_size; /* 0x00010000 */
uint32 max_workset_size; /* 0x0f000000 */
uint32 page_file_limit; /* 0 */
UINT64_S time_limit; /* 0 */
uint32 system_flags; /* 1 */
BUFHDR2 hdr_sec_desc;
uint32 buf_size2;
uint32 ptr3;
uint32 unknown10; /* 48 bytes 0x0*/
uint32 attribute_count;
uint32 *attributes;
@ -790,10 +795,10 @@ typedef struct
UNIHDR *hdr_privslist;
UNISTR2 *uni_privslist;
BUFFER4 buf_sec_desc;
} SAM_DELTA_PRIVS;
/* SAM_DELTA_UNK12 (0x12) */
/* SAM_DELTA_SECRET */
typedef struct
{
uint32 buf_size;
@ -827,15 +832,15 @@ typedef struct
uint32 buf_size3;
SEC_DESC *sec_desc2;
} SAM_DELTA_UNK12;
} SAM_DELTA_SECRET;
/* SAM_DELTA_STAMP (0x16) */
/* SAM_DELTA_MOD_COUNT (0x16) */
typedef struct
{
uint32 seqnum;
uint32 dom_mod_count_ptr;
UINT64_S dom_mod_count; /* domain mod count at last sync */
} SAM_DELTA_STAMP;
} SAM_DELTA_MOD_COUNT;
typedef union sam_delta_ctr_info
{
@ -845,11 +850,11 @@ typedef union sam_delta_ctr_info
SAM_GROUP_MEM_INFO grp_mem_info;
SAM_ALIAS_INFO alias_info ;
SAM_ALIAS_MEM_INFO als_mem_info;
SAM_DELTA_DOM dom_info;
SAM_DELTA_POLICY policy_info;
SAM_DELTA_PRIVS privs_info;
SAM_DELTA_STAMP stamp;
SAM_DELTA_UNK0E unk0e_info;
SAM_DELTA_UNK12 unk12_info;
SAM_DELTA_MOD_COUNT mod_count;
SAM_DELTA_TRUSTDOMS trustdoms_info;
SAM_DELTA_SECRET secret_info;
} SAM_DELTA_CTR;
/* NET_R_SAM_SYNC */

View File

@ -1240,8 +1240,8 @@ typedef struct job_info_ctr_info
{
union
{
JOB_INFO_1 **job_info_1;
JOB_INFO_2 **job_info_2;
JOB_INFO_1 *job_info_1;
JOB_INFO_2 *job_info_2;
void *info;
} job;

View File

@ -3,7 +3,7 @@
SMB parameters and setup, plus a whole lot more.
Copyright (C) Andrew Tridgell 1992-2000
Copyright (C) John H Terpstra 1996-2000
Copyright (C) John H Terpstra 1996-2002
Copyright (C) Luke Kenneth Casson Leighton 1996-2000
Copyright (C) Paul Ashton 1998-2000
Copyright (C) Simo Sorce 2001-2002
@ -193,44 +193,6 @@ typedef struct nttime_info
} NTTIME;
/* The Splint code analysis tool doesn't like immediate structures. */
#ifdef _SPLINT_ /* http://www.splint.org */
#undef HAVE_IMMEDIATE_STRUCTURES
#endif
/* the following rather strange looking definitions of NTSTATUS and WERROR
and there in order to catch common coding errors where different error types
are mixed up. This is especially important as we slowly convert Samba
from using BOOL for internal functions
*/
#if defined(HAVE_IMMEDIATE_STRUCTURES)
typedef struct {uint32 v;} NTSTATUS;
#define NT_STATUS(x) ((NTSTATUS) { x })
#define NT_STATUS_V(x) ((x).v)
#else
typedef uint32 NTSTATUS;
#define NT_STATUS(x) (x)
#define NT_STATUS_V(x) (x)
#endif
#if defined(HAVE_IMMEDIATE_STRUCTURES)
typedef struct {uint32 v;} WERROR;
#define W_ERROR(x) ((WERROR) { x })
#define W_ERROR_V(x) ((x).v)
#else
typedef uint32 WERROR;
#define W_ERROR(x) (x)
#define W_ERROR_V(x) (x)
#endif
#define NT_STATUS_IS_OK(x) (NT_STATUS_V(x) == 0)
#define NT_STATUS_IS_ERR(x) ((NT_STATUS_V(x) & 0xc0000000) == 0xc0000000)
#define NT_STATUS_EQUAL(x,y) (NT_STATUS_V(x) == NT_STATUS_V(y))
#define W_ERROR_IS_OK(x) (W_ERROR_V(x) == 0)
/* Allowable account control bits */
#define ACB_DISABLED 0x0001 /* 1 = User account disabled */
#define ACB_HOMDIRREQ 0x0002 /* 1 = Home directory required */
@ -391,6 +353,7 @@ typedef struct files_struct
BOOL delete_on_close;
SMB_OFF_T pos;
SMB_OFF_T size;
SMB_OFF_T initial_allocation_size; /* Faked up initial allocation on disk. */
mode_t mode;
uint16 vuid;
write_bmpx_struct *wbmpx_ptr;
@ -430,9 +393,9 @@ typedef struct
time_t status_time;
} dir_status_struct;
struct uid_cache {
int entries;
uid_t list[UID_CACHE_SIZE];
struct vuid_cache {
unsigned int entries;
uint16 list[VUID_CACHE_SIZE];
};
typedef struct
@ -461,7 +424,8 @@ typedef struct connection_struct
unsigned cnum; /* an index passed over the wire */
int service;
BOOL force_user;
struct uid_cache uid_cache;
BOOL force_group;
struct vuid_cache vuid_cache;
void *dirptr;
BOOL printer;
BOOL ipc;
@ -652,7 +616,7 @@ typedef struct sam_passwd
DATA_BLOB lm_pw; /* .data is Null if no password */
DATA_BLOB nt_pw; /* .data is Null if no password */
DATA_BLOB plaintext_pw; /* .data is Null if not available */
char* plaintext_pw; /* is Null if not available */
uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
uint32 unknown_3; /* 0x00ff ffff */
@ -716,6 +680,7 @@ struct connections_data {
char addr[24];
char machine[FSTRING_LEN];
time_t start;
uint32 bcast_msg_flags;
};
@ -788,12 +753,16 @@ struct bitmap {
int n;
};
#define FLAG_BASIC 0x01 /* fundamental options */
#define FLAG_SHARE 0x02 /* file sharing options */
#define FLAG_PRINT 0x04 /* printing options */
#define FLAG_GLOBAL 0x08 /* local options that should be globally settable in SWAT */
#define FLAG_DEPRECATED 0x10 /* options that should no longer be used */
#define FLAG_HIDE 0x20 /* options that should be hidden in SWAT */
#define FLAG_BASIC 0x0001 /* fundamental options */
#define FLAG_SHARE 0x0002 /* file sharing options */
#define FLAG_PRINT 0x0004 /* printing options */
#define FLAG_GLOBAL 0x0008 /* local options that should be globally settable in SWAT */
#define FLAG_WIZARD 0x0010 /* Parameters that the wizard will operate on */
#define FLAG_ADVANCED 0x0020 /* Parameters that the wizard will operate on */
#define FLAG_DEVELOPER 0x0040 /* Parameters that the wizard will operate on */
#define FLAG_DEPRECATED 0x1000 /* options that should no longer be used */
#define FLAG_HIDE 0x2000 /* options that should be hidden in SWAT */
#define FLAG_DOS_STRING 0x4000 /* convert from UNIX to DOS codepage when reading this string. */
#ifndef LOCKING_VERSION
#define LOCKING_VERSION 4
@ -1147,12 +1116,12 @@ struct bitmap {
#define FILE_SHARE_DELETE 4
/* FileAttributesField */
#define FILE_ATTRIBUTE_READONLY aRONLY
#define FILE_ATTRIBUTE_HIDDEN aHIDDEN
#define FILE_ATTRIBUTE_SYSTEM aSYSTEM
#define FILE_ATTRIBUTE_DIRECTORY aDIR
#define FILE_ATTRIBUTE_ARCHIVE aARCH
#define FILE_ATTRIBUTE_NORMAL 0x80L
#define FILE_ATTRIBUTE_READONLY 0x001L
#define FILE_ATTRIBUTE_HIDDEN 0x002L
#define FILE_ATTRIBUTE_SYSTEM 0x004L
#define FILE_ATTRIBUTE_DIRECTORY 0x010L
#define FILE_ATTRIBUTE_ARCHIVE 0x020L
#define FILE_ATTRIBUTE_NORMAL 0x080L
#define FILE_ATTRIBUTE_TEMPORARY 0x100L
#define FILE_ATTRIBUTE_SPARSE 0x200L
#define FILE_ATTRIBUTE_COMPRESSED 0x800L
@ -1185,8 +1154,10 @@ struct bitmap {
#define FILE_EIGHT_DOT_THREE_ONLY 0x0400
#define FILE_RANDOM_ACCESS 0x0800
#define FILE_DELETE_ON_CLOSE 0x1000
#define FILE_OPEN_BY_FILE_ID 0x2000
/* Responses when opening a file. */
#define FILE_WAS_SUPERSEDED 0
#define FILE_WAS_OPENED 1
#define FILE_WAS_CREATED 2
#define FILE_WAS_OVERWRITTEN 3
@ -1299,7 +1270,7 @@ char *strdup(char *s);
*/
#define DEFAULT_MAJOR_VERSION 0x04
#define DEFAULT_MINOR_VERSION 0x05
#define DEFAULT_MINOR_VERSION 0x09
/* Browser Election Values */
#define BROWSER_ELECTION_VERSION 0x010f
@ -1375,6 +1346,9 @@ enum schema_types {SCHEMA_COMPAT, SCHEMA_AD, SCHEMA_SAMBA};
/* LDAP SSL options */
enum ldap_ssl_types {LDAP_SSL_ON, LDAP_SSL_OFF, LDAP_SSL_START_TLS};
/* LDAP PASSWD SYNC methods */
enum ldap_passwd_sync_types {LDAP_PASSWD_SYNC_ON, LDAP_PASSWD_SYNC_OFF, LDAP_PASSWD_SYNC_ONLY};
/* Remote architectures we know about. */
enum remote_arch_types {RA_UNKNOWN, RA_WFWG, RA_OS2, RA_WIN95, RA_WINNT, RA_WIN2K, RA_SAMBA};
@ -1656,8 +1630,6 @@ struct unix_error_map {
#define SAFE_NETBIOS_CHARS ". -_"
#include "nsswitch/winbindd_nss.h"
/* generic iconv conversion structure */
typedef struct {
size_t (*direct)(void *cd, char **inbuf, size_t *inbytesleft,

View File

@ -20,9 +20,6 @@
#ifndef _SMB_ACLS_H
#define _SMB_ACLS_H
#include "includes.h"
#if defined(HAVE_POSIX_ACLS)
/* This is an identity mapping (just remove the SMB_). */

View File

@ -92,6 +92,9 @@
#define CHECK_ERROR(fsp) if (HAS_CACHED_ERROR(fsp)) \
return(CACHED_ERROR(fsp))
#define ERROR_WAS_LOCK_DENIED(status) (NT_STATUS_EQUAL((status), NT_STATUS_LOCK_NOT_GRANTED) || \
NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT) )
/* translates a connection number into a service number */
#define SNUM(conn) ((conn)?(conn)->service:-1)
@ -165,8 +168,7 @@
/* this is how errors are generated */
#define UNIXERROR(defclass,deferror) unix_error_packet(outbuf,defclass,deferror,__LINE__,__FILE__)
#define SMB_ROUNDUP(x,g) (((x)+((g)-1))&~((g)-1))
#define SMB_ROUNDUP_ALLOCATION(s) ((s) ? (SMB_ROUNDUP((SMB_OFF_T)((s)+1), ((SMB_OFF_T)SMB_ROUNDUP_ALLOCATION_SIZE))) : 0 )
#define SMB_ROUNDUP(x,r) ( ((x)%(r)) ? ( (((x)+(r))/(r))*(r) ) : (x))
/* Extra macros added by Ying Chen at IBM - speed increase by inlining. */
#define smb_buf(buf) (((char *)(buf)) + smb_size + CVAL(buf,smb_wct)*2)

View File

@ -34,7 +34,7 @@ enum flush_reason_enum { SEEK_FLUSH, READ_FLUSH, WRITE_FLUSH, READRAW_FLUSH,
#define PROF_SHMEM_KEY ((key_t)0x07021999)
#define PROF_SHM_MAGIC 0x6349985
#define PROF_SHM_VERSION 6
#define PROF_SHM_VERSION 7
/* time values in the following structure are in microseconds */
@ -65,6 +65,9 @@ struct profile_stats {
unsigned syscall_write_bytes; /* bytes written with write syscall */
unsigned syscall_lseek_count;
unsigned syscall_lseek_time;
unsigned syscall_sendfile_count;
unsigned syscall_sendfile_time;
unsigned syscall_sendfile_bytes; /* bytes read with sendfile syscall */
unsigned syscall_rename_count;
unsigned syscall_rename_time;
unsigned syscall_fsync_count;

View File

@ -193,11 +193,14 @@ Byte offset Type name description
} FSINFO;
*************************************************************/
#define SMB_INFO_STANDARD 1
#define SMB_INFO_QUERY_EA_SIZE 2
#define SMB_INFO_QUERY_EAS_FROM_LIST 3
#define SMB_INFO_QUERY_ALL_EAS 4
#define SMB_INFO_STANDARD 1 /* FILESTATUS3 struct */
#define SMB_INFO_SET_EA 2 /* EAOP2 struct, only valid on set not query */
#define SMB_INFO_QUERY_EA_SIZE 2 /* FILESTATUS4 struct, only valid on query not set */
#define SMB_INFO_QUERY_EAS_FROM_LIST 3 /* only valid on query not set */
#define SMB_INFO_QUERY_ALL_EAS 4 /* only valid on query not set */
#define SMB_INFO_IS_NAME_VALID 6
#define SMB_INFO_STANDARD_LONG 11 /* similar to level 1, ie struct FileStatus3 */
#define SMB_QUERY_EA_SIZE_LONG 12 /* similar to level 2, ie struct FileStatus4 */
#define SMB_QUERY_FS_LABEL_INFO 0x101
#define SMB_QUERY_FS_VOLUME_INFO 0x102
#define SMB_QUERY_FS_SIZE_INFO 0x103

View File

@ -1 +1 @@
#define VERSION "3.0-alpha18"
#define VERSION "3.0-alpha19"

View File

@ -44,17 +44,18 @@
/* Changed to version 2 for CIFS UNIX extensions (mknod and link added). JRA. */
/* Changed to version 3 for POSIX acl extensions. JRA. */
/* Changed to version 4 for cascaded VFS interface. Alexander Bokovoy. */
/* Changed to version 5 for sendfile addition. JRA. */
#define SMB_VFS_INTERFACE_VERSION 5
/* Version of supported cascaded interface backward copmatibility.
(version 4 corresponds to SMB_VFS_INTERFACE_VERSION 4)
(version 5 corresponds to SMB_VFS_INTERFACE_VERSION 5)
It is used in vfs_init_custom() to detect VFS modules which conform to cascaded
VFS interface but implement elder version than current version of Samba uses.
This allows to use old modules with new VFS interface as far as combined VFS operation
set is coherent (will be in most cases).
*/
#define SMB_VFS_INTERFACE_CASCADED 4
#define SMB_VFS_INTERFACE_CASCADED 5
/*
Each VFS module must provide following global functions:
@ -116,6 +117,7 @@ struct vfs_ops {
ssize_t (*read)(struct files_struct *fsp, int fd, void *data, size_t n);
ssize_t (*write)(struct files_struct *fsp, int fd, const void *data, size_t n);
SMB_OFF_T (*lseek)(struct files_struct *fsp, int filedes, SMB_OFF_T offset, int whence);
ssize_t (*sendfile)(int tofd, files_struct *fsp, int fromfd, const DATA_BLOB *header, SMB_OFF_T offset, size_t count);
int (*rename)(struct connection_struct *conn, const char *old, const char *new);
int (*fsync)(struct files_struct *fsp, int fd);
int (*stat)(struct connection_struct *conn, const char *fname, SMB_STRUCT_STAT *sbuf);
@ -210,6 +212,7 @@ typedef enum _vfs_op_type {
SMB_VFS_OP_READ,
SMB_VFS_OP_WRITE,
SMB_VFS_OP_LSEEK,
SMB_VFS_OP_SENDFILE,
SMB_VFS_OP_RENAME,
SMB_VFS_OP_FSYNC,
SMB_VFS_OP_STAT,

View File

@ -128,7 +128,7 @@ BOOL account_policy_get(int field, uint32 *value)
return False;
}
if (!tdb_fetch_uint32(tdb, name, value)) {
DEBUG(1, ("account_policy_get: tdb_fetch_uint32 failed for feild %d (%s), returning 0", field, name));
DEBUG(1, ("account_policy_get: tdb_fetch_uint32 failed for efild %d (%s), returning 0", field, name));
return False;
}
DEBUG(10,("account_policy_get: %s:%d\n", name, *value));
@ -151,7 +151,7 @@ BOOL account_policy_set(int field, uint32 value)
}
if (!tdb_store_uint32(tdb, name, value)) {
DEBUG(1, ("tdb_store_uint32 failed for feild %d (%s) on value %u", field, name, value));
DEBUG(1, ("tdb_store_uint32 failed for field %d (%s) on value %u", field, name, value));
return False;
}

View File

@ -432,13 +432,14 @@ int push_ucs2(const void *base_ptr, void *dest, const char *src, int dest_len, i
* @param dest always set at least to NULL
*
* @retval The number of bytes occupied by the string in the destination
* or -1 in case of error.
**/
int push_ucs2_talloc(TALLOC_CTX *ctx, void **dest, const char *src)
int push_ucs2_talloc(TALLOC_CTX *ctx, smb_ucs2_t **dest, const char *src)
{
int src_len = strlen(src)+1;
*dest = NULL;
return convert_string_talloc(ctx, CH_UNIX, CH_UCS2, src, src_len, dest);
return convert_string_talloc(ctx, CH_UNIX, CH_UCS2, src, src_len, (void **)dest);
}
/**
@ -447,13 +448,14 @@ int push_ucs2_talloc(TALLOC_CTX *ctx, void **dest, const char *src)
* @param dest always set at least to NULL
*
* @retval The number of bytes occupied by the string in the destination
* or -1 in case of error.
**/
int push_ucs2_allocate(void **dest, const char *src)
int push_ucs2_allocate(smb_ucs2_t **dest, const char *src)
{
int src_len = strlen(src)+1;
*dest = NULL;
return convert_string_allocate(CH_UNIX, CH_UCS2, src, src_len, dest);
return convert_string_allocate(CH_UNIX, CH_UCS2, src, src_len, (void **)dest);
}
/****************************************************************************

View File

@ -153,8 +153,10 @@ static const char *default_classname_table[] = {
"rpc_srv", /* DBGC_RPC_SRV */
"rpc_cli", /* DBGC_RPC_CLI */
"passdb", /* DBGC_PASSDB */
"sam", /* DBGC_SAM */
"auth", /* DBGC_AUTH */
"winbind", /* DBGC_WINBIND */
"vfs", /* DBGC_VFS */
NULL
};
@ -350,7 +352,7 @@ int debug_lookup_classname(const char *classname)
/****************************************************************************
dump the current registered denug levels
dump the current registered debug levels
****************************************************************************/
static void debug_dump_status(int level)
{
@ -371,8 +373,7 @@ static void debug_dump_status(int level)
parse the debug levels from smbcontrol. Example debug level parameter:
printdrivers:7
****************************************************************************/
BOOL debug_parse_params(char **params, int *debuglevel_class,
BOOL *debuglevel_class_isset)
static BOOL debug_parse_params(char **params)
{
int i, ndx;
char *class_name;
@ -385,8 +386,8 @@ BOOL debug_parse_params(char **params, int *debuglevel_class,
* v.s. "all:10", this is the traditional way to set DEBUGLEVEL
*/
if (isdigit((int)params[0][0])) {
debuglevel_class[DBGC_ALL] = atoi(params[0]);
debuglevel_class_isset[DBGC_ALL] = True;
DEBUGLEVEL_CLASS[DBGC_ALL] = atoi(params[0]);
DEBUGLEVEL_CLASS_ISSET[DBGC_ALL] = True;
i = 1; /* start processing at the next params */
}
else
@ -397,8 +398,8 @@ BOOL debug_parse_params(char **params, int *debuglevel_class,
if ((class_name=strtok(params[i],":")) &&
(class_level=strtok(NULL, "\0")) &&
((ndx = debug_lookup_classname(class_name)) != -1)) {
debuglevel_class[ndx] = atoi(class_level);
debuglevel_class_isset[ndx] = True;
DEBUGLEVEL_CLASS[ndx] = atoi(class_level);
DEBUGLEVEL_CLASS_ISSET[ndx] = True;
} else {
DEBUG(0,("debug_parse_params: unrecognized debug class name or format [%s]\n", params[i]));
return False;
@ -425,8 +426,7 @@ BOOL debug_parse_levels(const char *params_str)
params = str_list_make(params_str, NULL);
if (debug_parse_params(params, DEBUGLEVEL_CLASS,
DEBUGLEVEL_CLASS_ISSET))
if (debug_parse_params(params))
{
debug_dump_status(5);
str_list_free(&params);

View File

@ -45,6 +45,9 @@ const struct unix_error_map unix_dos_nt_errmap[] = {
#endif
#ifdef EROFS
{ EROFS, ERRHRD, ERRnowrite, NT_STATUS_ACCESS_DENIED },
#endif
#ifdef ENAMETOOLONG
{ ENAMETOOLONG, ERRDOS, 206, NT_STATUS_OBJECT_NAME_INVALID },
#endif
{ 0, 0, 0, NT_STATUS_OK }
};

View File

@ -382,6 +382,7 @@ void message_deregister(int msg_type)
struct msg_all {
int msg_type;
uint32 msg_flag;
const void *buf;
size_t len;
BOOL duplicates;
@ -405,13 +406,20 @@ static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, void
if (crec.cnum != -1)
return 0;
/* if the msg send fails because the pid was not found (i.e. smbd died),
/* Don't send if the receiver hasn't registered an interest. */
if(!(crec.bcast_msg_flags & msg_all->msg_flag))
return 0;
/* If the msg send fails because the pid was not found (i.e. smbd died),
* the msg has already been deleted from the messages.tdb.*/
if (!message_send_pid(crec.pid, msg_all->msg_type,
msg_all->buf, msg_all->len,
msg_all->duplicates)) {
/* if the pid was not found delete the entry from connections.tdb */
/* If the pid was not found delete the entry from connections.tdb */
if (errno == ESRCH) {
DEBUG(2,("pid %u doesn't exist - deleting connections %d [%s]\n",
(unsigned int)crec.pid, crec.cnum, crec.name));
@ -442,6 +450,17 @@ BOOL message_send_all(TDB_CONTEXT *conn_tdb, int msg_type,
struct msg_all msg_all;
msg_all.msg_type = msg_type;
if (msg_type < 1000)
msg_all.msg_flag = FLAG_MSG_GENERAL;
else if (msg_type > 1000 && msg_type < 2000)
msg_all.msg_flag = FLAG_MSG_NMBD;
else if (msg_type > 2000 && msg_type < 3000)
msg_all.msg_flag = FLAG_MSG_PRINTING;
else if (msg_type > 3000 && msg_type < 4000)
msg_all.msg_flag = FLAG_MSG_SMBD;
else
return False;
msg_all.buf = buf;
msg_all.len = len;
msg_all.duplicates = duplicates_allowed;
@ -452,73 +471,4 @@ BOOL message_send_all(TDB_CONTEXT *conn_tdb, int msg_type,
*n_sent = msg_all.n_sent;
return True;
}
static SIG_ATOMIC_T gotalarm;
/***************************************************************
Signal function to tell us we timed out.
****************************************************************/
static void gotalarm_sig(void)
{
gotalarm = 1;
}
/**
* Lock the messaging tdb based on a string - this is used as a primitive
* form of mutex between smbd instances.
*
* @param name A string identifying the name of the mutex.
*/
BOOL message_named_mutex(char *name, unsigned int timeout)
{
TDB_DATA key;
int ret;
void (*oldsig_handler)(int) = NULL;
if (!message_init())
return False;
key.dptr = name;
key.dsize = strlen(name)+1;
if (timeout) {
gotalarm = 0;
oldsig_handler = CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig);
alarm(timeout);
}
ret = tdb_chainlock(tdb, key);
if (timeout) {
alarm(0);
CatchSignal(SIGALRM, SIGNAL_CAST oldsig_handler);
if (gotalarm)
return False;
}
if (ret == 0)
DEBUG(10,("message_named_mutex: got mutex for %s\n", name ));
return (ret == 0);
}
/**
* Unlock a named mutex.
*
* @param name A string identifying the name of the mutex.
*/
void message_named_mutex_release(char *name)
{
TDB_DATA key;
key.dptr = name;
key.dsize = strlen(name)+1;
tdb_chainunlock(tdb, key);
DEBUG(10,("message_named_mutex: released mutex for %s\n", name ));
}
/** @} **/

View File

@ -33,7 +33,7 @@ static void debug_callback(poptContext con,
switch(opt->val) {
case 'd':
if (arg) {
DEBUGLEVEL = atoi(arg);
debug_parse_levels(arg);
AllowDebugChange = False;
}
@ -43,7 +43,7 @@ static void debug_callback(poptContext con,
struct poptOption popt_common_debug[] = {
{ NULL, 0, POPT_ARG_CALLBACK, debug_callback },
{ "debuglevel", 'd', POPT_ARG_INT, NULL, 'd', "Set debug level",
{ "debuglevel", 'd', POPT_ARG_STRING, NULL, 'd', "Set debug level",
"DEBUGLEVEL" },
{ 0 }
};

View File

@ -21,6 +21,24 @@
#include "includes.h"
#ifdef HAVE_LIBREADLINE
# ifdef HAVE_READLINE_READLINE_H
# include <readline/readline.h>
# ifdef HAVE_READLINE_HISTORY_H
# include <readline/history.h>
# endif
# else
# ifdef HAVE_READLINE_H
# include <readline.h>
# ifdef HAVE_HISTORY_H
# include <history.h>
# endif
# else
# undef HAVE_LIBREADLINE
# endif
# endif
#endif
#ifdef HAVE_NEW_LIBREADLINE
# define RL_COMPLETION_CAST (rl_completion_func_t *)
#else

View File

@ -38,7 +38,7 @@ BOOL grab_server_mutex(const char *name)
DEBUG(0,("grab_server_mutex: malloc failed for %s\n", name));
return False;
}
if (!message_named_mutex(mutex_server_name, 20)) {
if (!secrets_named_mutex(mutex_server_name, 10)) {
DEBUG(10,("grab_server_mutex: failed for %s\n", name));
SAFE_FREE(mutex_server_name);
return False;
@ -50,8 +50,7 @@ BOOL grab_server_mutex(const char *name)
void release_server_mutex(void)
{
if (mutex_server_name) {
message_named_mutex_release(mutex_server_name);
secrets_named_mutex_release(mutex_server_name);
SAFE_FREE(mutex_server_name);
}
}

View File

@ -297,8 +297,13 @@ void standard_sub_basic(const char *smb_name, char *str,size_t len)
case 'L' :
if (local_machine_name && *local_machine_name)
string_sub(p,"%L", local_machine_name,l);
else
string_sub(p,"%L", global_myname,l);
else {
pstring temp_name;
pstrcpy(temp_name, global_myname);
strlower(temp_name);
string_sub(p,"%L", temp_name,l);
}
break;
case 'M' :
string_sub(p,"%M", client_name(),l);
@ -675,6 +680,19 @@ void standard_sub_conn(connection_struct *conn, char *str, size_t len)
conn->gid, current_user_info.smb_name, str, len);
}
char *talloc_sub_conn(TALLOC_CTX *mem_ctx, connection_struct *conn, char *str)
{
return talloc_sub_advanced(mem_ctx, SNUM(conn), conn->user,
conn->connectpath, conn->gid,
current_user_info.smb_name, str);
}
char *alloc_sub_conn(connection_struct *conn, char *str)
{
return alloc_sub_advanced(SNUM(conn), conn->user, conn->connectpath,
conn->gid, current_user_info.smb_name, str);
}
/****************************************************************************
Like standard_sub but by snum.
****************************************************************************/

View File

@ -1233,26 +1233,23 @@ int sys_dup2(int oldfd, int newfd)
Wrapper for Admin Logs.
****************************************************************************/
void sys_adminlog(int priority, const char *format_str, ...)
void sys_adminlog(int priority, char *format_str, ...)
{
va_list ap;
int ret;
char **msgbuf = NULL;
if (!lp_admin_log())
return;
char *msgbuf = NULL;
va_start( ap, format_str );
ret = vasprintf( msgbuf, format_str, ap );
ret = vasprintf( &msgbuf, format_str, ap );
va_end( ap );
if (ret == -1)
return;
#if defined(HAVE_SYSLOG)
syslog( priority, "%s", *msgbuf );
syslog( priority, "%s", msgbuf );
#else
DEBUG(0,("%s", *msgbuf ));
DEBUG(0,("%s", msgbuf ));
#endif
SAFE_FREE(*msgbuf);
SAFE_FREE(msgbuf);
}

View File

@ -41,6 +41,11 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, in
gid_t *gids_saved;
int ret, ngrp_saved;
if (non_root_mode()) {
*grpcnt = 0;
return 0;
}
/* work out how many groups we need to save */
ngrp_saved = getgroups(0, NULL);
if (ngrp_saved == -1) {
@ -56,13 +61,14 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, in
ngrp_saved = getgroups(ngrp_saved, gids_saved);
if (ngrp_saved == -1) {
free(gids_saved);
SAFE_FREE(gids_saved);
/* very strange! */
return -1;
}
if (initgroups(user, gid) != 0) {
free(gids_saved);
DEBUG(0, ("getgrouplist_internals: initgroups() failed!\n"));
SAFE_FREE(gids_saved);
return -1;
}
@ -101,5 +107,6 @@ int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt)
become_root();
retval = getgrouplist_internals(user, gid, groups, grpcnt);
unbecome_root();
return retval;
#endif
}

View File

@ -40,6 +40,12 @@ int extra_time_offset = 0;
#define TIME_T_MAX (~ (time_t) 0 - TIME_T_MIN)
#endif
void get_nttime_max(NTTIME *t)
{
/* FIXME: This is incorrect */
unix_to_nt_time(t, get_time_t_max());
}
/*******************************************************************
External access to time_t_min and time_t_max.
********************************************************************/

View File

@ -273,27 +273,6 @@ done:
return ret;
}
/****************************************************************************
Get_Pwnam wrapper for modification.
NOTE: This can potentially modify 'user'!
****************************************************************************/
struct passwd *Get_Pwnam_Modify(fstring user)
{
fstring user2;
struct passwd *ret;
fstrcpy(user2, user);
ret = Get_Pwnam_internals(user, user2);
/* If caller wants the modified username, ensure they get it */
fstrcpy(user,user2);
/* We can safely assume ret is NULL if none of the above succeed */
return(ret);
}
/****************************************************************************
Get_Pwnam wrapper without modification.
NOTE: This with NOT modify 'user'!
@ -636,39 +615,3 @@ static struct passwd * uname_string_combinations(char *s,struct passwd * (*fn)(c
return(NULL);
}
/****************************************************************************
These wrappers allow appliance mode to work. In appliance mode the username
takes the form DOMAIN/user.
****************************************************************************/
struct passwd *smb_getpwnam(char *user, BOOL allow_change)
{
struct passwd *pw;
char *p;
char *sep;
extern pstring global_myname;
if (allow_change)
pw = Get_Pwnam_Modify(user);
else
pw = Get_Pwnam(user);
if (pw)
return pw;
/*
* If it is a domain qualified name and it isn't in our password
* database but the domain portion matches our local machine name then
* lookup just the username portion locally.
*/
sep = lp_winbind_separator();
p = strchr_m(user,*sep);
if (p && strncasecmp(global_myname, user, strlen(global_myname))==0) {
if (allow_change)
pw = Get_Pwnam_Modify(p+1);
else
pw = Get_Pwnam(p+1);
}
return NULL;
}

View File

@ -260,7 +260,7 @@ void show_msg(char *buf)
int i;
int bcc=0;
if (DEBUGLEVEL < 5) return;
if (!DEBUGLVL(5)) return;
DEBUG(5,("size=%d\nsmb_com=0x%x\nsmb_rcls=%d\nsmb_reh=%d\nsmb_err=%d\nsmb_flg=%d\nsmb_flg2=%d\n",
smb_len(buf),
@ -270,29 +270,24 @@ void show_msg(char *buf)
(int)SVAL(buf,smb_err),
(int)CVAL(buf,smb_flg),
(int)SVAL(buf,smb_flg2)));
DEBUG(5,("smb_tid=%d\nsmb_pid=%d\nsmb_uid=%d\nsmb_mid=%d\nsmt_wct=%d\n",
DEBUGADD(5,("smb_tid=%d\nsmb_pid=%d\nsmb_uid=%d\nsmb_mid=%d\n",
(int)SVAL(buf,smb_tid),
(int)SVAL(buf,smb_pid),
(int)SVAL(buf,smb_uid),
(int)SVAL(buf,smb_mid),
(int)CVAL(buf,smb_wct)));
(int)SVAL(buf,smb_mid)));
DEBUGADD(5,("smt_wct=%d\n",(int)CVAL(buf,smb_wct)));
for (i=0;i<(int)CVAL(buf,smb_wct);i++)
{
DEBUG(5,("smb_vwv[%d]=%d (0x%X)\n",i,
DEBUGADD(5,("smb_vwv[%2d]=%5d (0x%X)\n",i,
SVAL(buf,smb_vwv+2*i),SVAL(buf,smb_vwv+2*i)));
}
bcc = (int)SVAL(buf,smb_vwv+2*(CVAL(buf,smb_wct)));
DEBUG(5,("smb_bcc=%d\n",bcc));
DEBUGADD(5,("smb_bcc=%d\n",bcc));
if (DEBUGLEVEL < 10) return;
if (DEBUGLEVEL < 50)
{
bcc = MIN(bcc, 512);
}
if (DEBUGLEVEL < 50) bcc = MIN(bcc, 512);
dump_data(10, smb_buf(buf), bcc);
}
@ -1140,8 +1135,18 @@ something really nasty happened - panic!
void smb_panic(char *why)
{
char *cmd = lp_panic_action();
int result;
if (cmd && *cmd) {
system(cmd);
DEBUG(0, ("smb_panic(): calling panic action [%s]\n", cmd));
result = system(cmd);
if (result == -1)
DEBUG(0, ("smb_panic(): fork failed in panic action: %s\n",
strerror(errno)));
else
DEBUG(0, ("smb_panic(): action returned status %d\n",
WEXITSTATUS(result)));
}
DEBUG(0,("PANIC: %s\n", why));
dbgflush();
@ -1568,30 +1573,30 @@ void dump_data(int level, const char *buf1,int len)
int i=0;
if (len<=0) return;
DEBUG(level,("[%03X] ",i));
if (!DEBUGLVL(level)) return;
DEBUGADD(level,("[%03X] ",i));
for (i=0;i<len;) {
DEBUG(level,("%02X ",(int)buf[i]));
DEBUGADD(level,("%02X ",(int)buf[i]));
i++;
if (i%8 == 0) DEBUG(level,(" "));
if (i%8 == 0) DEBUGADD(level,(" "));
if (i%16 == 0) {
print_asc(level,&buf[i-16],8); DEBUG(level,(" "));
print_asc(level,&buf[i-8],8); DEBUG(level,("\n"));
if (i<len) DEBUG(level,("[%03X] ",i));
print_asc(level,&buf[i-16],8); DEBUGADD(level,(" "));
print_asc(level,&buf[i-8],8); DEBUGADD(level,("\n"));
if (i<len) DEBUGADD(level,("[%03X] ",i));
}
}
if (i%16) {
int n;
n = 16 - (i%16);
DEBUG(level,(" "));
if (n>8) DEBUG(level,(" "));
while (n--) DEBUG(level,(" "));
DEBUGADD(level,(" "));
if (n>8) DEBUGADD(level,(" "));
while (n--) DEBUGADD(level,(" "));
n = MIN(8,i%16);
print_asc(level,&buf[i-(i%16)],n); DEBUG(level,(" "));
print_asc(level,&buf[i-(i%16)],n); DEBUGADD(level,( " " ));
n = (i%16) - n;
if (n>0) print_asc(level,&buf[i-n],n);
DEBUG(level,("\n"));
DEBUGADD(level,("\n"));
}
}
@ -1819,6 +1824,17 @@ char *smb_xstrdup(const char *s)
return s1;
}
/**
strndup that aborts on malloc fail.
**/
char *smb_xstrndup(const char *s, size_t n)
{
char *s1 = strndup(s, n);
if (!s1)
smb_panic("smb_xstrndup: malloc fail\n");
return s1;
}
/*
vasprintf that aborts on malloc fail
*/

View File

@ -21,6 +21,8 @@
#include "includes.h"
extern DOM_SID global_sid_Builtin;
/**********************************************************************************
Check if this ACE has a SID in common with the token.
**********************************************************************************/
@ -42,7 +44,7 @@ static BOOL token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace)
bits not yet granted. Zero means permission allowed (no more needed bits).
**********************************************************************************/
static uint32 check_ace(SEC_ACE *ace, NT_USER_TOKEN *token, uint32 acc_desired,
static uint32 check_ace(SEC_ACE *ace, const NT_USER_TOKEN *token, uint32 acc_desired,
NTSTATUS *status)
{
uint32 mask = ace->info.mask;
@ -102,7 +104,7 @@ static uint32 check_ace(SEC_ACE *ace, NT_USER_TOKEN *token, uint32 acc_desired,
include other bits requested.
**********************************************************************************/
static BOOL get_max_access( SEC_ACL *the_acl, NT_USER_TOKEN *token, uint32 *granted,
static BOOL get_max_access( SEC_ACL *the_acl, const NT_USER_TOKEN *token, uint32 *granted,
uint32 desired,
NTSTATUS *status)
{
@ -224,7 +226,7 @@ void se_map_standard(uint32 *access_mask, struct standard_mapping *mapping)
"Access-Checking" document in MSDN.
*****************************************************************************/
BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token,
BOOL se_access_check(SEC_DESC *sd, const NT_USER_TOKEN *token,
uint32 acc_desired, uint32 *acc_granted,
NTSTATUS *status)
{
@ -262,13 +264,14 @@ BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token,
}
/* The user sid is the first in the token */
if (DEBUGLVL(3)) {
DEBUG(3, ("se_access_check: user sid is %s\n", sid_to_string(sid_str, &token->user_sids[PRIMARY_USER_SID_INDEX]) ));
for (i = 1; i < token->num_sids; i++) {
DEBUG(3, ("se_access_check: also %s\n",
DEBUGADD(3, ("se_access_check: also %s\n",
sid_to_string(sid_str, &token->user_sids[i])));
}
}
/* Is the token the owner of the SID ? */
@ -297,7 +300,7 @@ BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token,
for ( i = 0 ; i < the_acl->num_aces && tmp_acc_desired != 0; i++) {
SEC_ACE *ace = &the_acl->ace[i];
DEBUG(10,("se_access_check: ACE %u: type %d, flags = 0x%02x, SID = %s mask = %x, current desired = %x\n",
DEBUGADD(10,("se_access_check: ACE %u: type %d, flags = 0x%02x, SID = %s mask = %x, current desired = %x\n",
(unsigned int)i, ace->type, ace->flags,
sid_to_string(sid_str, &ace->trustee),
(unsigned int) ace->info.mask,
@ -442,3 +445,42 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
return sdb;
}
/*******************************************************************
samr_make_sam_obj_sd
********************************************************************/
NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size)
{
extern DOM_SID global_sid_World;
DOM_SID adm_sid;
DOM_SID act_sid;
SEC_ACE ace[3];
SEC_ACCESS mask;
SEC_ACL *psa = NULL;
sid_copy(&adm_sid, &global_sid_Builtin);
sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS);
sid_copy(&act_sid, &global_sid_Builtin);
sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
/*basic access for every one*/
init_sec_access(&mask, SAMR_EXECUTE | SAMR_READ);
init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
/*full access for builtin aliases Administrators and Account Operators*/
init_sec_access(&mask, SAMR_ALL_ACCESS);
init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
return NT_STATUS_NO_MEMORY;
if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL)
return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
}

View File

@ -30,13 +30,11 @@ extern fstring global_myworkgroup;
* Some useful sids
*/
DOM_SID global_sid_Builtin; /* Local well-known domain */
DOM_SID global_sid_World_Domain; /* Everyone domain */
DOM_SID global_sid_World; /* Everyone */
DOM_SID global_sid_Creator_Owner_Domain; /* Creator Owner domain */
DOM_SID global_sid_NT_Authority; /* NT Authority */
DOM_SID global_sid_NULL; /* NULL sid */
DOM_SID global_sid_Builtin_Guests; /* Builtin guest users */
DOM_SID global_sid_Authenticated_Users; /* All authenticated rids */
DOM_SID global_sid_Network; /* Network rids */
@ -44,6 +42,11 @@ static DOM_SID global_sid_Creator_Owner; /* Creator Owner */
static DOM_SID global_sid_Creator_Group; /* Creator Group */
static DOM_SID global_sid_Anonymous; /* Anonymous login */
DOM_SID global_sid_Builtin; /* Local well-known domain */
DOM_SID global_sid_Builtin_Administrators;
DOM_SID global_sid_Builtin_Users;
DOM_SID global_sid_Builtin_Guests; /* Builtin guest users */
/*
* An NT compatible anonymous token.
*/
@ -99,6 +102,8 @@ const char *sid_type_lookup(uint32 sid_type)
void generate_wellknown_sids(void)
{
string_to_sid(&global_sid_Builtin, "S-1-5-32");
string_to_sid(&global_sid_Builtin_Administrators, "S-1-5-32-544");
string_to_sid(&global_sid_Builtin_Users, "S-1-5-32-545");
string_to_sid(&global_sid_Builtin_Guests, "S-1-5-32-546");
string_to_sid(&global_sid_World_Domain, "S-1-1");
string_to_sid(&global_sid_World, "S-1-1-0");
@ -525,3 +530,18 @@ char *sid_binstring(DOM_SID *sid)
return s;
}
/*
print a GUID structure for debugging
*/
void print_guid(GUID *guid)
{
int i;
d_printf("%08x-%04x-%04x",
IVAL(guid->info, 0), SVAL(guid->info, 4), SVAL(guid->info, 6));
d_printf("-%02x%02x-", guid->info[8], guid->info[9]);
for (i=10;i<GUID_SIZE;i++)
d_printf("%02x", guid->info[i]);
d_printf("\n");
}

View File

@ -871,7 +871,7 @@ static BOOL matchname(char *remotehost,struct in_addr addr)
/* Look up the host address in the address list we just got. */
for (i = 0; hp->h_addr_list[i]; i++) {
if (memcmp(hp->h_addr_list[i], (caddr_t) & addr, sizeof(addr)) == 0)
if (memcmp(hp->h_addr_list[i], (char *) & addr, sizeof(addr)) == 0)
return True;
}
@ -976,6 +976,7 @@ int create_pipe_sock(const char *socket_dir,
const char *socket_name,
mode_t dir_perms)
{
#ifdef HAVE_UNIXSOCKET
struct sockaddr_un sunaddr;
struct stat st;
int sock;
@ -1064,6 +1065,10 @@ int create_pipe_sock(const char *socket_dir,
/* Success! */
return sock;
#else
DEBUG(0, ("create_pipe_sock: No Unix sockets on this system\n"));
return -1;
#endif /* HAVE_UNIXSOCKET */
}
/*******************************************************************

View File

@ -218,6 +218,16 @@ void unistr2_to_ascii(char *dest, const UNISTR2 *str, size_t maxlen)
pull_ucs2(NULL, dest, str->buffer, maxlen, str->uni_str_len*2, STR_NOALIGN);
}
/*******************************************************************
give a static string for displaying a UNISTR2
********************************************************************/
const char *unistr2_static(const UNISTR2 *str)
{
static pstring ret;
unistr2_to_ascii(ret, str, sizeof(ret));
return ret;
}
/*******************************************************************
duplicate a UNISTR2 string into a null terminated char*

View File

@ -43,6 +43,7 @@ XFILE *x_stderr = &_x_stderr;
#define X_FLAG_EOF 1
#define X_FLAG_ERROR 2
#define X_FLAG_EINVAL 3
/* simulate setvbuf() */
int x_setvbuf(XFILE *f, char *buf, int mode, size_t size)
@ -341,3 +342,36 @@ char *x_fgets(char *s, int size, XFILE *stream)
*s = 0;
return s0;
}
/* trivial seek, works only for SEEK_SET and SEEK_END if SEEK_CUR is
* set then an error is returned */
off_t x_tseek(XFILE *f, off_t offset, int whence)
{
if (f->flags & X_FLAG_ERROR)
return -1;
/* only SEEK_SET and SEEK_END are supported */
/* SEEK_CUR needs internal offset counter */
if (whence != SEEK_SET && whence != SEEK_END) {
f->flags |= X_FLAG_EINVAL;
errno = EINVAL;
return -1;
}
/* empty the buffer */
switch (f->open_flags & O_ACCMODE) {
case O_RDONLY:
f->bufused = 0;
break;
case O_WRONLY:
if (x_fflush(f) != 0)
return -1;
break;
default:
errno = EINVAL;
return -1;
}
f->flags &= ~X_FLAG_EOF;
return (off_t)sys_lseek(f->fd, offset, whence);
}

View File

@ -30,19 +30,49 @@ ADS_STATUS ads_build_error(enum ads_error_type etype,
int rc, int minor_status)
{
ADS_STATUS ret;
if (etype == ADS_ERROR_NT) {
DEBUG(0,("don't use ads_build_error with ADS_ERROR_NT!\n"));
ret.err.rc = -1;
ret.error_type = ADS_ERROR_SYSTEM;
ret.minor_status = 0;
return ret;
}
ret.err.rc = rc;
ret.error_type = etype;
ret.rc = rc;
ret.minor_status = minor_status;
return ret;
}
ADS_STATUS ads_build_nt_error(enum ads_error_type etype,
NTSTATUS nt_status)
{
ADS_STATUS ret;
if (etype != ADS_ERROR_NT) {
DEBUG(0,("don't use ads_build_nt_error without ADS_ERROR_NT!\n"));
ret.err.rc = -1;
ret.error_type = ADS_ERROR_SYSTEM;
ret.minor_status = 0;
return ret;
}
ret.err.nt_status = nt_status;
ret.error_type = etype;
ret.minor_status = 0;
return ret;
}
/*
do a rough conversion between ads error codes and NT status codes
we'll need to fill this in more
*/
NTSTATUS ads_ntstatus(ADS_STATUS rc)
NTSTATUS ads_ntstatus(ADS_STATUS status)
{
if (ADS_ERR_OK(rc)) return NT_STATUS_OK;
if (status.error_type == ADS_ERROR_NT){
return status.err.nt_status;
}
if (ADS_ERR_OK(status)) return NT_STATUS_OK;
return NT_STATUS_UNSUCCESSFUL;
}
@ -59,14 +89,14 @@ const char *ads_errstr(ADS_STATUS status)
switch (status.error_type) {
case ADS_ERROR_SYSTEM:
return strerror(status.rc);
return strerror(status.err.rc);
#ifdef HAVE_LDAP
case ADS_ERROR_LDAP:
return ldap_err2string(status.rc);
return ldap_err2string(status.err.rc);
#endif
#ifdef HAVE_KRB5
case ADS_ERROR_KRB5:
return error_message(status.rc);
return error_message(status.err.rc);
#endif
#ifdef HAVE_GSSAPI
case ADS_ERROR_GSS:
@ -76,7 +106,7 @@ const char *ads_errstr(ADS_STATUS status)
gss_buffer_desc msg1, msg2;
msg1.value = NULL;
msg2.value = NULL;
gss_display_status(&minor, status.rc, GSS_C_GSS_CODE,
gss_display_status(&minor, status.err.rc, GSS_C_GSS_CODE,
GSS_C_NULL_OID, &msg_ctx, &msg1);
gss_display_status(&minor, status.minor_status, GSS_C_MECH_CODE,
GSS_C_NULL_OID, &msg_ctx, &msg2);
@ -86,6 +116,8 @@ const char *ads_errstr(ADS_STATUS status)
return ret;
}
#endif
case ADS_ERROR_NT:
return nt_errstr(ads_ntstatus(status));
default:
return "Unknown ADS error type!? (not compiled in?)";
}

View File

@ -50,7 +50,7 @@ kerb_prompter(krb5_context ctx, void *data,
simulate a kinit, putting the tgt in the default cache location
remus@snapserver.com
*/
int kerberos_kinit_password(const char *principal, const char *password)
int kerberos_kinit_password(const char *principal, const char *password, int time_offset)
{
krb5_context ctx;
krb5_error_code code = 0;
@ -61,6 +61,10 @@ int kerberos_kinit_password(const char *principal, const char *password)
if ((code = krb5_init_context(&ctx)))
return code;
if (time_offset != 0) {
krb5_set_real_time(ctx, time(NULL) + time_offset, 0);
}
if ((code = krb5_cc_default(ctx, &cc))) {
krb5_free_context(ctx);
return code;
@ -111,7 +115,7 @@ int ads_kinit_password(ADS_STRUCT *ads)
int ret;
asprintf(&s, "%s@%s", ads->auth.user_name, ads->auth.realm);
ret = kerberos_kinit_password(s, ads->auth.password);
ret = kerberos_kinit_password(s, ads->auth.password, ads->auth.time_offset);
if (ret) {
DEBUG(0,("kerberos_kinit_password %s failed: %s\n",

View File

@ -248,7 +248,8 @@ static krb5_error_code parse_setpw_reply(krb5_context context,
return 0;
}
ADS_STATUS krb5_set_password(const char *kdc_host, const char *princ, const char *newpw)
ADS_STATUS krb5_set_password(const char *kdc_host, const char *princ, const char *newpw,
int time_offset)
{
krb5_context context;
krb5_auth_context auth_context = NULL;
@ -268,6 +269,10 @@ ADS_STATUS krb5_set_password(const char *kdc_host, const char *princ, const char
return ADS_ERROR_KRB5(ret);
}
if (time_offset != 0) {
krb5_set_real_time(context, time(NULL) + time_offset, 0);
}
ret = krb5_cc_default(context, &ccache);
if (ret) {
krb5_free_context(context);
@ -452,16 +457,17 @@ ADS_STATUS krb5_set_password(const char *kdc_host, const char *princ, const char
ADS_STATUS kerberos_set_password(const char *kpasswd_server,
const char *auth_principal, const char *auth_password,
const char *target_principal, const char *new_password)
const char *target_principal, const char *new_password,
int time_offset)
{
int ret;
if ((ret = kerberos_kinit_password(auth_principal, auth_password))) {
if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset))) {
DEBUG(1,("Failed kinit for principal %s (%s)\n", auth_principal, error_message(ret)));
return ADS_ERROR_KRB5(ret);
}
return krb5_set_password(kpasswd_server, target_principal, new_password);
return krb5_set_password(kpasswd_server, target_principal, new_password, time_offset);
}

View File

@ -63,6 +63,7 @@ static BOOL ads_try_connect(ADS_STRUCT *ads, const char *server, unsigned port)
ads->ldap_port = port;
ads->ldap_ip = *interpret_addr2(srv);
free(srv);
return True;
}
@ -204,7 +205,6 @@ static BOOL ads_try_netbios(ADS_STRUCT *ads)
ADS_STATUS ads_connect(ADS_STRUCT *ads)
{
int version = LDAP_VERSION3;
int code;
ADS_STATUS status;
ads->last_attempt = time(NULL);
@ -274,12 +274,7 @@ got_connection:
}
#endif
if (ads->auth.password) {
if ((code = ads_kinit_password(ads)))
return ADS_ERROR_KRB5(code);
}
if (ads->auth.no_bind) {
if (ads->auth.flags & ADS_AUTH_NO_BIND) {
return ADS_SUCCESS;
}
@ -613,14 +608,17 @@ ADS_STATUS ads_do_search(ADS_STRUCT *ads, const char *bind_path, int scope,
char *utf8_exp, *utf8_path, **search_attrs = NULL;
TALLOC_CTX *ctx;
if (!(ctx = talloc_init()))
if (!(ctx = talloc_init())) {
DEBUG(1,("ads_do_search: talloc_init() failed!"));
return ADS_ERROR(LDAP_NO_MEMORY);
}
/* 0 means the conversion worked but the result was empty
so we only fail if it's negative. In any case, it always
at least nulls out the dest */
if ((push_utf8_talloc(ctx, &utf8_exp, exp) < 0) ||
(push_utf8_talloc(ctx, &utf8_path, bind_path) < 0)) {
DEBUG(1,("ads_do_search: push_utf8_talloc() failed!"));
rc = LDAP_NO_MEMORY;
goto done;
}
@ -632,6 +630,7 @@ ADS_STATUS ads_do_search(ADS_STRUCT *ads, const char *bind_path, int scope,
/* if (!(search_attrs = ads_push_strvals(ctx, attrs))) */
if (!(str_list_copy(&search_attrs, attrs)))
{
DEBUG(1,("ads_do_search: str_list_copy() failed!"));
rc = LDAP_NO_MEMORY;
goto done;
}
@ -826,7 +825,11 @@ static ADS_STATUS ads_modlist_add(TALLOC_CTX *ctx, ADS_MODLIST *mods,
ADS_STATUS ads_mod_str(TALLOC_CTX *ctx, ADS_MODLIST *mods,
const char *name, const char *val)
{
const char *values[2] = {val, NULL};
const char *values[2];
values[0] = val;
values[1] = NULL;
if (!val)
return ads_modlist_add(ctx, mods, LDAP_MOD_DELETE, name, NULL);
return ads_modlist_add(ctx, mods, LDAP_MOD_REPLACE, name,
@ -861,7 +864,10 @@ ADS_STATUS ads_mod_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods,
static ADS_STATUS ads_mod_ber(TALLOC_CTX *ctx, ADS_MODLIST *mods,
const char *name, const struct berval *val)
{
const struct berval *values[2] = {val, NULL};
const struct berval *values[2];
values[0] = val;
values[1] = NULL;
if (!val)
return ads_modlist_add(ctx, mods, LDAP_MOD_DELETE, name, NULL);
return ads_modlist_add(ctx, mods, LDAP_MOD_REPLACE|LDAP_MOD_BVALUES,
@ -884,7 +890,7 @@ ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods)
non-existent attribute (but allowable for the object) to run
*/
LDAPControl PermitModify = {
"1.2.840.113556.1.4.1413",
ADS_PERMIT_MODIFY_OID,
{0, NULL},
(char) 1};
LDAPControl *controls[2];
@ -1410,7 +1416,7 @@ ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
*/
asprintf(&principal, "%s$@%s", host, ads->auth.realm);
status = krb5_set_password(ads->auth.kdc_server, principal, password);
status = krb5_set_password(ads->auth.kdc_server, principal, password, ads->auth.time_offset);
free(host);
free(principal);
@ -1616,6 +1622,26 @@ ADS_STATUS ads_USN(ADS_STRUCT *ads, uint32 *usn)
return ADS_SUCCESS;
}
/* parse a ADS timestring - typical string is
'20020917091222.0Z0' which means 09:12.22 17th September
2002, timezone 0 */
static time_t ads_parse_time(const char *str)
{
struct tm tm;
ZERO_STRUCT(tm);
if (sscanf(str, "%4d%2d%2d%2d%2d%2d",
&tm.tm_year, &tm.tm_mon, &tm.tm_mday,
&tm.tm_hour, &tm.tm_min, &tm.tm_sec) != 6) {
return 0;
}
tm.tm_year -= 1900;
tm.tm_mon -= 1;
return timegm(&tm);
}
/**
* Find the servers name and realm - this can be done before authentication
@ -1626,22 +1652,37 @@ ADS_STATUS ads_USN(ADS_STRUCT *ads, uint32 *usn)
**/
ADS_STATUS ads_server_info(ADS_STRUCT *ads)
{
const char *attrs[] = {"ldapServiceName", NULL};
const char *attrs[] = {"ldapServiceName", "currentTime", NULL};
ADS_STATUS status;
void *res;
char **values;
char *value;
char *p;
char *timestr;
TALLOC_CTX *ctx;
if (!(ctx = talloc_init())) {
return ADS_ERROR(LDAP_NO_MEMORY);
}
status = ads_do_search(ads, "", LDAP_SCOPE_BASE, "(objectclass=*)", attrs, &res);
if (!ADS_ERR_OK(status)) return status;
values = ldap_get_values(ads->ld, res, "ldapServiceName");
if (!values || !values[0]) return ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
value = ads_pull_string(ads, ctx, res, "ldapServiceName");
if (!value) {
return ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
}
timestr = ads_pull_string(ads, ctx, res, "currentTime");
if (!timestr) {
return ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
}
p = strchr(values[0], ':');
if (!p) {
ldap_value_free(values);
ldap_msgfree(res);
p = strchr(value, ':');
if (!p) {
talloc_destroy(ctx);
DEBUG(1, ("ads_server_info: returned ldap server name did not contain a ':' so was deemed invalid\n"));
return ADS_ERROR(LDAP_DECODING_ERROR);
}
@ -1650,9 +1691,9 @@ ADS_STATUS ads_server_info(ADS_STRUCT *ads)
ads->config.ldap_server_name = strdup(p+1);
p = strchr(ads->config.ldap_server_name, '$');
if (!p || p[1] != '@') {
ldap_value_free(values);
ldap_msgfree(res);
talloc_destroy(ctx);
SAFE_FREE(ads->config.ldap_server_name);
DEBUG(1, ("ads_server_info: returned ldap server name did not contain '$@' so was deemed invalid\n"));
return ADS_ERROR(LDAP_DECODING_ERROR);
}
@ -1667,6 +1708,15 @@ ADS_STATUS ads_server_info(ADS_STRUCT *ads)
DEBUG(3,("got ldap server name %s@%s\n",
ads->config.ldap_server_name, ads->config.realm));
ads->config.current_time = ads_parse_time(timestr);
if (ads->config.current_time != 0) {
ads->auth.time_offset = ads->config.current_time - time(NULL);
DEBUG(4,("time offset is %d seconds\n", ads->auth.time_offset));
}
talloc_destroy(ctx);
return ADS_SUCCESS;
}

View File

@ -28,7 +28,7 @@
results can be used. It should be freed using ads_msgfree.
*/
ADS_STATUS ads_find_printer_on_server(ADS_STRUCT *ads, void **res,
char *printer, char *servername)
const char *printer, char *servername)
{
ADS_STATUS status;
char *srv_dn, **srv_cn, *exp;

View File

@ -22,37 +22,198 @@
#ifdef HAVE_ADS
#if USE_CYRUS_SASL
/*
this is a minimal interact function, just enough for SASL to talk
GSSAPI/kerberos to W2K
Error handling is a bit of a problem. I can't see how to get Cyrus-sasl
to give sensible errors
perform a LDAP/SASL/SPNEGO/NTLMSSP bind (just how many layers can
we fit on one socket??)
*/
static int sasl_interact(LDAP *ld,unsigned flags,void *defaults,void *in)
static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
{
sasl_interact_t *interact = in;
const char *mechs[] = {OID_NTLMSSP, NULL};
DATA_BLOB msg1;
DATA_BLOB blob, chal1, chal2, auth;
uint8 challenge[8];
uint8 nthash[24], lmhash[24], sess_key[16];
uint32 neg_flags;
struct berval cred, *scred;
ADS_STATUS status;
extern pstring global_myname;
int rc;
while (interact->id != SASL_CB_LIST_END) {
interact->result = strdup("");
interact->len = strlen(interact->result);
interact++;
if (!ads->auth.password) {
/* No password, don't segfault below... */
return ADS_ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
return LDAP_SUCCESS;
neg_flags = NTLMSSP_NEGOTIATE_UNICODE |
NTLMSSP_NEGOTIATE_128 |
NTLMSSP_NEGOTIATE_NTLM;
memset(sess_key, 0, 16);
/* generate the ntlmssp negotiate packet */
msrpc_gen(&blob, "CddB",
"NTLMSSP",
NTLMSSP_NEGOTIATE,
neg_flags,
sess_key, 16);
/* and wrap it in a SPNEGO wrapper */
msg1 = gen_negTokenTarg(mechs, blob);
data_blob_free(&blob);
cred.bv_val = msg1.data;
cred.bv_len = msg1.length;
rc = ldap_sasl_bind_s(ads->ld, NULL, "GSS-SPNEGO", &cred, NULL, NULL, &scred);
if (rc != LDAP_SASL_BIND_IN_PROGRESS) {
status = ADS_ERROR(rc);
goto failed;
}
blob = data_blob(scred->bv_val, scred->bv_len);
/* the server gives us back two challenges */
if (!spnego_parse_challenge(blob, &chal1, &chal2)) {
DEBUG(3,("Failed to parse challenges\n"));
status = ADS_ERROR(LDAP_OPERATIONS_ERROR);
goto failed;
}
data_blob_free(&blob);
/* encrypt the password with the challenge */
memcpy(challenge, chal1.data + 24, 8);
SMBencrypt(ads->auth.password, challenge,lmhash);
SMBNTencrypt(ads->auth.password, challenge,nthash);
data_blob_free(&chal1);
data_blob_free(&chal2);
/* this generates the actual auth packet */
msrpc_gen(&blob, "CdBBUUUBd",
"NTLMSSP",
NTLMSSP_AUTH,
lmhash, 24,
nthash, 24,
lp_workgroup(),
ads->auth.user_name,
global_myname,
sess_key, 16,
neg_flags);
/* wrap it in SPNEGO */
auth = spnego_gen_auth(blob);
data_blob_free(&blob);
/* now send the auth packet and we should be done */
cred.bv_val = auth.data;
cred.bv_len = auth.length;
rc = ldap_sasl_bind_s(ads->ld, NULL, "GSS-SPNEGO", &cred, NULL, NULL, &scred);
return ADS_ERROR(rc);
failed:
return status;
}
/*
perform a LDAP/SASL/SPNEGO/KRB5 bind
*/
static ADS_STATUS ads_sasl_spnego_krb5_bind(ADS_STRUCT *ads, const char *principal)
{
DATA_BLOB blob;
struct berval cred, *scred;
int rc;
blob = spnego_gen_negTokenTarg(principal, ads->auth.time_offset);
if (!blob.data) {
return ADS_ERROR(LDAP_OPERATIONS_ERROR);
}
/* now send the auth packet and we should be done */
cred.bv_val = blob.data;
cred.bv_len = blob.length;
rc = ldap_sasl_bind_s(ads->ld, NULL, "GSS-SPNEGO", &cred, NULL, NULL, &scred);
data_blob_free(&blob);
return ADS_ERROR(rc);
}
/*
this performs a SASL/SPNEGO bind
*/
static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
{
struct berval *scred=NULL;
int rc, i;
ADS_STATUS status;
DATA_BLOB blob;
char *principal;
char *OIDs[ASN1_MAX_OIDS];
BOOL got_kerberos_mechanism = False;
rc = ldap_sasl_bind_s(ads->ld, NULL, "GSS-SPNEGO", NULL, NULL, NULL, &scred);
if (rc != LDAP_SASL_BIND_IN_PROGRESS) {
status = ADS_ERROR(rc);
goto failed;
}
blob = data_blob(scred->bv_val, scred->bv_len);
#if 0
file_save("sasl_spnego.dat", blob.data, blob.length);
#endif
/* the server sent us the first part of the SPNEGO exchange in the negprot
reply */
if (!spnego_parse_negTokenInit(blob, OIDs, &principal)) {
data_blob_free(&blob);
status = ADS_ERROR(LDAP_OPERATIONS_ERROR);
goto failed;
}
data_blob_free(&blob);
/* make sure the server understands kerberos */
for (i=0;OIDs[i];i++) {
DEBUG(3,("got OID=%s\n", OIDs[i]));
if (strcmp(OIDs[i], OID_KERBEROS5_OLD) == 0 ||
strcmp(OIDs[i], OID_KERBEROS5) == 0) {
got_kerberos_mechanism = True;
}
free(OIDs[i]);
}
DEBUG(3,("got principal=%s\n", principal));
if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) &&
got_kerberos_mechanism && ads_kinit_password(ads) == 0) {
return ads_sasl_spnego_krb5_bind(ads, principal);
}
/* lets do NTLMSSP ... this has the big advantage that we don't need
to sync clocks, and we don't rely on special versions of the krb5
library for HMAC_MD4 encryption */
return ads_sasl_spnego_ntlmssp_bind(ads);
failed:
return status;
}
#ifdef HAVE_GSSAPI
#define MAX_GSS_PASSES 3
/* this performs a SASL/gssapi bind
we avoid using cyrus-sasl to make Samba more robust. cyrus-sasl
is very dependent on correctly configured DNS whereas
this routine is much less fragile
see RFC2078 for details
see RFC2078 and RFC2222 for details
*/
ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
{
int minor_status;
gss_name_t serv_name;
@ -68,6 +229,7 @@ ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
uint8 *p;
uint32 max_msg_size;
char *sname;
unsigned sec_layer;
ADS_STATUS status;
krb5_principal principal;
krb5_context ctx;
@ -159,22 +321,25 @@ ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
p = (uint8 *)output_token.value;
file_save("sasl_gssapi.dat", output_token.value, output_token.length);
max_msg_size = (p[1]<<16) | (p[2]<<8) | p[3];
sec_layer = *p;
gss_release_buffer(&minor_status, &output_token);
output_token.value = malloc(strlen(ads->config.bind_path) + 8);
p = output_token.value;
*p++ = 1; /* no sign or seal */
*p++ = 1; /* no sign & seal selection */
/* choose the same size as the server gave us */
*p++ = max_msg_size>>16;
*p++ = max_msg_size>>8;
*p++ = max_msg_size;
snprintf(p, strlen(ads->config.bind_path)+4, "dn:%s", ads->config.bind_path);
p += strlen(ads->config.bind_path);
p += strlen(p);
output_token.length = strlen(ads->config.bind_path) + 8;
output_token.length = PTR_DIFF(p, output_token.value);
gss_rc = gss_wrap(&minor_status, context_handle,0,GSS_C_QOP_DEFAULT,
&output_token, &conf_state,
@ -198,18 +363,51 @@ ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
failed:
return status;
}
#endif
/* mapping between SASL mechanisms and functions */
static struct {
const char *name;
ADS_STATUS (*fn)(ADS_STRUCT *);
} sasl_mechanisms[] = {
{"GSS-SPNEGO", ads_sasl_spnego_bind},
#ifdef HAVE_GSSAPI
{"GSSAPI", ads_sasl_gssapi_bind}, /* doesn't work with .NET RC1. No idea why */
#endif
{NULL, NULL}
};
ADS_STATUS ads_sasl_bind(ADS_STRUCT *ads)
{
#if USE_CYRUS_SASL
int rc;
rc = ldap_sasl_interactive_bind_s(ads->ld, NULL, NULL, NULL, NULL,
LDAP_SASL_QUIET,
sasl_interact, NULL);
return ADS_ERROR(rc);
#else
return ads_sasl_gssapi_bind(ads);
#endif
const char *attrs[] = {"supportedSASLMechanisms", NULL};
char **values;
ADS_STATUS status;
int i, j;
void *res;
/* get a list of supported SASL mechanisms */
status = ads_do_search(ads, "", LDAP_SCOPE_BASE, "(objectclass=*)", attrs, &res);
if (!ADS_ERR_OK(status)) return status;
values = ldap_get_values(ads->ld, res, "supportedSASLMechanisms");
/* try our supported mechanisms in order */
for (i=0;sasl_mechanisms[i].name;i++) {
/* see if the server supports it */
for (j=0;values && values[j];j++) {
if (strcmp(values[j], sasl_mechanisms[i].name) == 0) {
DEBUG(4,("Found SASL mechanism %s\n", values[j]));
status = sasl_mechanisms[i].fn(ads);
ldap_value_free(values);
ldap_msgfree(res);
return status;
}
}
}
ldap_value_free(values);
ldap_msgfree(res);
return ADS_ERROR(LDAP_AUTH_METHOD_NOT_SUPPORTED);
}
#endif

View File

@ -40,7 +40,7 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip
asprintf(&service_principal, "HOST/%s", host_principal);
ret = kerberos_set_password(ads->auth.kdc_server, host_principal, password,
service_principal, new_password);
service_principal, new_password, ads->auth.time_offset);
if (!secrets_store_machine_password(new_password)) {
DEBUG(1,("Failed to save machine password\n"));

View File

@ -174,6 +174,16 @@ BOOL asn1_write_BOOLEAN(ASN1_DATA *data, BOOL v)
return !data->has_error;
}
/* write a BOOLEAN - hmm, I suspect this one is the correct one, and the
above boolean is bogus. Need to check */
BOOL asn1_write_BOOLEAN2(ASN1_DATA *data, BOOL v)
{
asn1_push_tag(data, ASN1_BOOLEAN);
asn1_write_uint8(data, v);
asn1_pop_tag(data);
return !data->has_error;
}
/* check a BOOLEAN */
BOOL asn1_check_BOOLEAN(ASN1_DATA *data, BOOL v)
{
@ -244,15 +254,12 @@ BOOL asn1_start_tag(ASN1_DATA *data, uint8 tag)
asn1_read_uint8(data, &b);
if (b & 0x80) {
int n = b & 0x7f;
if (n > 2) {
data->has_error = True;
return False;
}
asn1_read_uint8(data, &b);
nesting->taglen = b;
if (n == 2) {
while (n > 1) {
asn1_read_uint8(data, &b);
nesting->taglen = (nesting->taglen << 8) | b;
n--;
}
} else {
nesting->taglen = b;
@ -366,6 +373,7 @@ BOOL asn1_read_GeneralString(ASN1_DATA *data, char **s)
BOOL asn1_read_OctetString(ASN1_DATA *data, DATA_BLOB *blob)
{
int len;
ZERO_STRUCTP(blob);
if (!asn1_start_tag(data, ASN1_OCTET_STRING)) return False;
len = asn1_tag_remaining(data);
*blob = data_blob(NULL, len);
@ -382,7 +390,8 @@ BOOL asn1_read_Integer(ASN1_DATA *data, int *i)
if (!asn1_start_tag(data, ASN1_INTEGER)) return False;
while (asn1_tag_remaining(data)>0) {
*i = (*i << 8) + asn1_read_uint8(data, &b);
asn1_read_uint8(data, &b);
*i = (*i << 8) + b;
}
return asn1_end_tag(data);

View File

@ -50,14 +50,12 @@ static BOOL cli_session_setup_lanman2(struct cli_state *cli, char *user,
fstring pword;
char *p;
if (passlen > sizeof(pword)-1) {
if (passlen > sizeof(pword)-1)
return False;
}
/* if in share level security then don't send a password now */
if (!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) {
if (!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL))
passlen = 0;
}
if (passlen > 0 && (cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && passlen != 24) {
/* Encrypted mode needed, and non encrypted password supplied. */
@ -99,9 +97,8 @@ static BOOL cli_session_setup_lanman2(struct cli_state *cli, char *user,
show_msg(cli->inbuf);
if (cli_is_error(cli)) {
if (cli_is_error(cli))
return False;
}
/* use the returned vuid from now on */
cli->vuid = SVAL(cli->inbuf,smb_uid);
@ -118,17 +115,14 @@ static uint32 cli_session_setup_capabilities(struct cli_state *cli)
{
uint32 capabilities = CAP_NT_SMBS;
if (!cli->force_dos_errors) {
if (!cli->force_dos_errors)
capabilities |= CAP_STATUS32;
}
if (cli->use_level_II_oplocks) {
if (cli->use_level_II_oplocks)
capabilities |= CAP_LEVEL_II_OPLOCKS;
}
if (cli->capabilities & CAP_UNICODE) {
if (cli->capabilities & CAP_UNICODE)
capabilities |= CAP_UNICODE;
}
return capabilities;
}
@ -167,9 +161,8 @@ static BOOL cli_session_setup_guest(struct cli_state *cli)
show_msg(cli->inbuf);
if (cli_is_error(cli)) {
if (cli_is_error(cli))
return False;
}
cli->vuid = SVAL(cli->inbuf,smb_uid);
@ -223,9 +216,8 @@ static BOOL cli_session_setup_plaintext(struct cli_state *cli, char *user,
show_msg(cli->inbuf);
if (cli_is_error(cli)) {
if (cli_is_error(cli))
return False;
}
cli->vuid = SVAL(cli->inbuf,smb_uid);
p = smb_buf(cli->inbuf);
@ -237,15 +229,41 @@ static BOOL cli_session_setup_plaintext(struct cli_state *cli, char *user,
return True;
}
static void set_signing_on_cli (struct cli_state *cli, char* pass, uint8 response[24])
{
uint8 zero_sig[8];
ZERO_STRUCT(zero_sig);
/**
DEBUG(5, ("Server returned security sig:\n"));
dump_data(5, &cli->inbuf[smb_ss_field], 8);
if (cli->sign_info.use_smb_signing) {
DEBUG(5, ("smb signing already active on connection\n"));
} else if (memcmp(&cli->inbuf[smb_ss_field], zero_sig, 8) != 0) {
DEBUG(3, ("smb signing enabled!\n"));
cli->sign_info.use_smb_signing = True;
cli_calculate_mac_key(cli, pass, response);
} else {
DEBUG(5, ("smb signing NOT enabled!\n"));
}
}
static void set_temp_signing_on_cli(struct cli_state *cli)
{
if (cli->sign_info.negotiated_smb_signing)
cli->sign_info.temp_smb_signing = True;
}
/****************************************************************************
do a NT1 NTLM/LM encrypted session setup
@param cli client state to create do session setup on
@param user username
@param pass *either* cleartext password (passlen !=24) or LM response.
@param ntpass NT response, implies ntpasslen >=24, implies pass is not clear
@param workgroup The user's domain.
*/
****************************************************************************/
static BOOL cli_session_setup_nt1(struct cli_state *cli, char *user,
char *pass, int passlen,
@ -256,11 +274,10 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, char *user,
uchar pword[24];
uchar ntpword[24];
char *p;
BOOL tried_signing = False;
BOOL have_plaintext = False;
if (passlen > sizeof(pword) || ntpasslen > sizeof(ntpword)) {
if (passlen > sizeof(pword) || ntpasslen > sizeof(ntpword))
return False;
}
if (passlen != 24) {
/* non encrypted password supplied. Ignore ntpass. */
@ -268,20 +285,19 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, char *user,
ntpasslen = 24;
SMBencrypt(pass,cli->secblob.data,pword);
SMBNTencrypt(pass,cli->secblob.data,ntpword);
if (!cli->sign_info.use_smb_signing && cli->sign_info.negotiated_smb_signing) {
cli_calculate_mac_key(cli, pass, ntpword);
tried_signing = True;
}
have_plaintext = True;
set_temp_signing_on_cli(cli);
} else {
/* pre-encrypted password supplied. Only used for security=server, can't do
/* pre-encrypted password supplied. Only used for
security=server, can't do
signing becouse we don't have oringial key */
memcpy(pword, pass, 24);
if (ntpasslen == 24) {
if (ntpasslen == 24)
memcpy(ntpword, ntpass, 24);
} else {
else
ZERO_STRUCT(ntpword);
}
}
/* send a session setup command */
memset(cli->outbuf,'\0',smb_size);
@ -301,31 +317,22 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, char *user,
p = smb_buf(cli->outbuf);
memcpy(p,pword,passlen); p += passlen;
memcpy(p,ntpword,ntpasslen); p += ntpasslen;
p += clistr_push(cli, p, user, -1, STR_TERMINATE|STR_UPPER);
p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE|STR_UPPER);
p += clistr_push(cli, p, user, -1, STR_TERMINATE);
p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE);
p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
cli_setup_bcc(cli, p);
cli_send_smb(cli);
if (!cli_receive_smb(cli)) {
if (tried_signing) {
/* We only use it if we have a successful non-guest connect */
cli->sign_info.use_smb_signing = False;
}
if (!cli_send_smb(cli))
return False;
if (!cli_receive_smb(cli))
return False;
}
show_msg(cli->inbuf);
if (tried_signing && (cli_is_error(cli) || SVAL(cli->inbuf,smb_vwv2) /* guest */)) {
/* We only use it if we have a successful non-guest connect */
cli->sign_info.use_smb_signing = False;
}
if (cli_is_error(cli)) {
if (cli_is_error(cli))
return False;
}
/* use the returned vuid from now on */
cli->vuid = SVAL(cli->inbuf,smb_uid);
@ -337,6 +344,11 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, char *user,
fstrcpy(cli->user_name, user);
if (have_plaintext) {
/* Have plaintext orginal */
set_signing_on_cli(cli, pass, ntpword);
}
return True;
}
@ -360,6 +372,9 @@ static DATA_BLOB cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
set_message(cli->outbuf,12,0,True);
SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
set_temp_signing_on_cli(cli);
cli_setup_packet(cli);
SCVAL(cli->outbuf,smb_vwv0,0xFF);
@ -375,8 +390,8 @@ static DATA_BLOB cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
cli_setup_bcc(cli, p);
cli_send_smb(cli);
if (!cli_receive_smb(cli))
return blob2;
@ -404,7 +419,6 @@ static DATA_BLOB cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
return blob2;
}
#ifdef HAVE_KRB5
/****************************************************************************
Do a spnego/kerberos encrypted session setup.
@ -417,7 +431,7 @@ static BOOL cli_session_setup_kerberos(struct cli_state *cli, char *principal, c
DEBUG(2,("Doing kerberos session setup\n"));
/* generate the encapsulated kerberos5 ticket */
negTokenTarg = spnego_gen_negTokenTarg(cli, principal);
negTokenTarg = spnego_gen_negTokenTarg(principal, 0);
if (!negTokenTarg.data) return False;
@ -443,28 +457,32 @@ static BOOL cli_session_setup_kerberos(struct cli_state *cli, char *principal, c
static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, char *user,
char *pass, char *workgroup)
{
const char *mechs[] = {OID_NTLMSSP, NULL};
DATA_BLOB msg1;
DATA_BLOB blob, chal1, chal2, auth;
DATA_BLOB msg1, struct_blob;
DATA_BLOB blob, chal1, chal2, auth, challenge_blob;
uint8 challenge[8];
uint8 nthash[24], lmhash[24], sess_key[16];
uint32 neg_flags;
uint32 neg_flags, chal_flags, ntlmssp_command, unkn1, unkn2;
pstring server_domain; /* FIX THIS, SHOULD be UCS2-LE */
neg_flags = NTLMSSP_NEGOTIATE_UNICODE |
NTLMSSP_NEGOTIATE_LM_KEY |
NTLMSSP_NEGOTIATE_128 |
NTLMSSP_NEGOTIATE_NTLM;
memset(sess_key, 0, 16);
DEBUG(10, ("sending NTLMSSP_NEGOTIATE\n"));
/* generate the ntlmssp negotiate packet */
msrpc_gen(&blob, "CddB",
msrpc_gen(&blob, "CddAA",
"NTLMSSP",
NTLMSSP_NEGOTIATE,
neg_flags,
sess_key, 16);
workgroup, strlen(workgroup),
cli->calling.name, strlen(cli->calling.name) + 1);
DEBUG(10, ("neg_flags: %0X, workgroup: %s, calling name %s\n",
neg_flags, workgroup, cli->calling.name));
/* and wrap it in a SPNEGO wrapper */
msg1 = gen_negTokenTarg(mechs, blob);
msg1 = gen_negTokenInit(OID_NTLMSSP, blob);
data_blob_free(&blob);
/* now send that blob on its way */
@ -472,9 +490,8 @@ static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, char *user,
data_blob_free(&msg1);
if (!NT_STATUS_EQUAL(cli_nt_error(cli), NT_STATUS_MORE_PROCESSING_REQUIRED)) {
if (!NT_STATUS_EQUAL(cli_nt_error(cli), NT_STATUS_MORE_PROCESSING_REQUIRED))
return False;
}
#if 0
file_save("chal.dat", blob.data, blob.length);
@ -488,10 +505,38 @@ static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, char *user,
data_blob_free(&blob);
/* encrypt the password with the challenge */
memcpy(challenge, chal1.data + 24, 8);
/*
* Ok, chal1 and chal2 are actually two identical copies of
* the NTLMSSP Challenge BLOB, and they contain, encoded in them
* the challenge to use.
*/
if (!msrpc_parse(&chal1, "CdUdbddB",
"NTLMSSP",
&ntlmssp_command,
&server_domain,
&chal_flags,
&challenge_blob, 8,
&unkn1, &unkn2,
&struct_blob)) {
DEBUG(0, ("Failed to parse the NTLMSSP Challenge\n"));
return False;
}
if (ntlmssp_command != NTLMSSP_CHALLENGE) {
DEBUG(0, ("NTLMSSP Response != NTLMSSP_CHALLENGE. Got %0X\n",
ntlmssp_command));
return False;
}
DEBUG(10, ("Challenge:\n"));
dump_data(10, challenge_blob.data, 8);
/* encrypt the password with the challenge which is in the blob */
memcpy(challenge, challenge_blob.data, 8);
SMBencrypt(pass, challenge,lmhash);
SMBNTencrypt(pass, challenge,nthash);
data_blob_free(&challenge_blob);
#if 0
file_save("nthash.dat", nthash, 24);
@ -511,7 +556,7 @@ static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, char *user,
workgroup,
user,
cli->calling.name,
sess_key, 16,
sess_key, 0,
neg_flags);
/* wrap it in SPNEGO */
@ -525,7 +570,12 @@ static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, char *user,
data_blob_free(&auth);
data_blob_free(&blob);
return !cli_is_error(cli);
if (cli_is_error(cli))
return False;
set_signing_on_cli(cli, pass, nthash);
return True;
}
/****************************************************************************
@ -537,17 +587,14 @@ static BOOL cli_session_setup_spnego(struct cli_state *cli, char *user,
{
char *principal;
char *OIDs[ASN1_MAX_OIDS];
uint8 guid[16];
int i;
BOOL got_kerberos_mechanism = False;
/* spnego security cannot use SMB signing (for now). */
cli->sign_info.use_smb_signing = False;
DATA_BLOB blob;
DEBUG(2,("Doing spnego session setup (blob length=%d)\n", cli->secblob.length));
/* the server might not even do spnego */
if (cli->secblob.length == 16) {
if (cli->secblob.length <= 16) {
DEBUG(3,("server didn't supply a full spnego negprot\n"));
goto ntlmssp;
}
@ -556,11 +603,16 @@ static BOOL cli_session_setup_spnego(struct cli_state *cli, char *user,
file_save("negprot.dat", cli->secblob.data, cli->secblob.length);
#endif
/* there is 16 bytes of GUID before the real spnego packet starts */
blob = data_blob(cli->secblob.data+16, cli->secblob.length-16);
/* the server sent us the first part of the SPNEGO exchange in the negprot
reply */
if (!spnego_parse_negTokenInit(cli->secblob, guid, OIDs, &principal)) {
if (!spnego_parse_negTokenInit(blob, OIDs, &principal)) {
data_blob_free(&blob);
return False;
}
data_blob_free(&blob);
/* make sure the server understands kerberos */
for (i=0;OIDs[i];i++) {
@ -620,35 +672,38 @@ BOOL cli_session_setup(struct cli_state *cli,
flow a bit easier to understand (tridge) */
/* if its an older server then we have to use the older request format */
if (cli->protocol < PROTOCOL_NT1) {
if (cli->protocol < PROTOCOL_NT1)
return cli_session_setup_lanman2(cli, user, pass, passlen, workgroup);
}
/* if no user is supplied then we have to do an anonymous connection.
passwords are ignored */
if (!user || !*user) {
if (!user || !*user)
return cli_session_setup_guest(cli);
}
/* if the server is share level then send a plaintext null
password at this point. The password is sent in the tree
connect */
if ((cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) == 0) {
if ((cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) == 0)
return cli_session_setup_plaintext(cli, user, "", workgroup);
}
/* if the server doesn't support encryption then we have to use
plaintext. The second password is ignored */
if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0)
return cli_session_setup_plaintext(cli, user, pass, workgroup);
}
/* Indidicate signing */
/* if the server supports extended security then use SPNEGO */
if (cli->capabilities & CAP_EXTENDED_SECURITY) {
if (cli->capabilities & CAP_EXTENDED_SECURITY)
return cli_session_setup_spnego(cli, user, pass, workgroup);
}
/* otherwise do a NT1 style session setup */
return cli_session_setup_nt1(cli, user,
pass, passlen, ntpass, ntpasslen,
workgroup);
@ -738,15 +793,13 @@ BOOL cli_send_tconX(struct cli_state *cli,
if (!cli_receive_smb(cli))
return False;
if (cli_is_error(cli)) {
if (cli_is_error(cli))
return False;
}
clistr_pull(cli, cli->dev, smb_buf(cli->inbuf), sizeof(fstring), -1, STR_TERMINATE|STR_ASCII);
if (strcasecmp(share,"IPC$")==0) {
if (strcasecmp(share,"IPC$")==0)
fstrcpy(cli->dev, "IPC");
}
if (cli->protocol >= PROTOCOL_NT1 &&
smb_buflen(cli->inbuf) == 3) {
@ -786,9 +839,8 @@ void cli_negprot_send(struct cli_state *cli)
char *p;
int numprots;
if (cli->protocol < PROTOCOL_NT1) {
if (cli->protocol < PROTOCOL_NT1)
cli->use_spnego = False;
}
memset(cli->outbuf,'\0',smb_size);
@ -827,9 +879,8 @@ BOOL cli_negprot(struct cli_state *cli)
return False;
}
if (cli->protocol < PROTOCOL_NT1) {
if (cli->protocol < PROTOCOL_NT1)
cli->use_spnego = False;
}
memset(cli->outbuf,'\0',smb_size);
@ -891,13 +942,9 @@ BOOL cli_negprot(struct cli_state *cli)
smb_buflen(cli->inbuf)-8, STR_UNICODE|STR_NOALIGN);
}
/* A way to attempt to force SMB signing */
if (getenv("CLI_FORCE_SMB_SIGNING"))
if ((cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED))
cli->sign_info.negotiated_smb_signing = True;
if (cli->sign_info.negotiated_smb_signing && !(cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED))
cli->sign_info.negotiated_smb_signing = False;
} else if (cli->protocol >= PROTOCOL_LANMAN1) {
cli->use_spnego = False;
cli->sec_mode = SVAL(cli->inbuf,smb_vwv1);
@ -920,9 +967,8 @@ BOOL cli_negprot(struct cli_state *cli)
cli->max_xmit = MIN(cli->max_xmit, CLI_BUFFER_SIZE);
/* a way to force ascii SMB */
if (getenv("CLI_FORCE_ASCII")) {
if (getenv("CLI_FORCE_ASCII"))
cli->capabilities &= ~CAP_UNICODE;
}
return True;
}
@ -938,15 +984,6 @@ BOOL cli_session_request(struct cli_state *cli,
int len = 4;
extern pstring user_socket_options;
/* 445 doesn't have session request */
if (cli->port == 445) return True;
if (cli->sign_info.use_smb_signing) {
DEBUG(0, ("Cannot send session resquest again, particularly after setting up SMB Signing\n"));
return False;
}
/* send a session request (RFC 1002) */
memcpy(&(cli->calling), calling, sizeof(*calling));
memcpy(&(cli->called ), called , sizeof(*called ));
@ -960,6 +997,16 @@ BOOL cli_session_request(struct cli_state *cli,
name_mangle(cli->calling.name, p, cli->calling.name_type);
len += name_len(p);
/* 445 doesn't have session request */
if (cli->port == 445)
return True;
if (cli->sign_info.use_smb_signing) {
DEBUG(0, ("Cannot send session resquest again, particularly after setting up SMB Signing\n"));
return False;
}
/* send a session request (RFC 1002) */
/* setup the packet length
* Remove four bytes from the length count, since the length
* field in the NBT Session Service header counts the number
@ -1066,7 +1113,8 @@ BOOL cli_connect(struct cli_state *cli, const char *host, struct in_addr *ip)
cli->fd = open_socket_out(SOCK_STREAM, &cli->dest_ip,
port, cli->timeout);
}
if (cli->fd != -1) cli->port = port;
if (cli->fd != -1)
cli->port = port;
}
if (cli->fd == -1) {
DEBUG(1,("Error connecting to %s (%s)\n",
@ -1141,11 +1189,10 @@ NTSTATUS cli_full_connection(struct cli_state **output_cli,
return NT_STATUS_UNSUCCESSFUL;
}
if (dest_ip) {
if (dest_ip)
ip = *dest_ip;
} else {
else
ZERO_STRUCT(ip);
}
again:
@ -1162,8 +1209,7 @@ again:
char *p;
DEBUG(1,("session request to %s failed (%s)\n",
called.name, cli_errstr(cli)));
cli_shutdown(cli);
if ((p=strchr(called.name, '.'))) {
if ((p=strchr(called.name, '.')) && !is_ipaddress(called.name)) {
*p = 0;
goto again;
}
@ -1174,11 +1220,10 @@ again:
return NT_STATUS_UNSUCCESSFUL;
}
if (flags & CLI_FULL_CONNECTION_DONT_SPNEGO) {
if (flags & CLI_FULL_CONNECTION_DONT_SPNEGO)
cli->use_spnego = False;
} else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS) {
else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS)
cli->use_kerberos = True;
}
if (!cli_negprot(cli)) {
DEBUG(1,("failed negprot\n"));
@ -1261,18 +1306,22 @@ BOOL attempt_netbios_session_request(struct cli_state *cli, char *srchost, char
DEBUG(0,("attempt_netbios_session_request: %s rejected the session for name *SMBSERVER \
with error %s.\n", desthost, cli_errstr(cli) ));
cli_shutdown(cli);
return False;
}
cli_shutdown(cli);
/*
* We need to close the connection here but can't call cli_shutdown as
* will free an allocated cli struct. cli_close_connection was invented
* for this purpose. JRA. Based on work by "Kim R. Pedersen" <krp@filanet.dk>.
*/
cli_close_connection(cli);
if (!cli_initialise(cli) ||
!cli_connect(cli, desthost, pdest_ip) ||
!cli_session_request(cli, &calling, &smbservername)) {
DEBUG(0,("attempt_netbios_session_request: %s rejected the session for \
name *SMBSERVER with error %s\n", desthost, cli_errstr(cli) ));
cli_shutdown(cli);
return False;
}
}

View File

@ -32,7 +32,7 @@ int cli_set_port(struct cli_state *cli, int port)
}
/****************************************************************************
read an smb from a fd ignoring all keepalive packets. Note that the buffer
Read an smb from a fd ignoring all keepalive packets. Note that the buffer
*MUST* be of size BUFFER_SIZE+SAFETY_MARGIN.
The timeout is in milliseconds
@ -46,12 +46,10 @@ static BOOL client_receive_smb(int fd,char *buffer, unsigned int timeout)
{
BOOL ret;
for(;;)
{
for(;;) {
ret = receive_smb(fd, buffer, timeout);
if (!ret)
{
if (!ret) {
DEBUG(10,("client_receive_smb failed\n"));
show_msg(buffer);
return ret;
@ -65,16 +63,17 @@ static BOOL client_receive_smb(int fd,char *buffer, unsigned int timeout)
return ret;
}
/****************************************************************************
recv an smb
Recv an smb.
****************************************************************************/
BOOL cli_receive_smb(struct cli_state *cli)
{
BOOL ret;
/* fd == -1 causes segfaults -- Tom (tom@ninja.nl) */
if (cli->fd == -1) return False;
if (cli->fd == -1)
return False;
again:
ret = client_receive_smb(cli->fd,cli->inbuf,cli->timeout);
@ -151,34 +150,32 @@ void cli_setup_packet(struct cli_state *cli)
uint16 flags2;
SCVAL(cli->outbuf,smb_flg,0x8);
flags2 = FLAGS2_LONG_PATH_COMPONENTS;
if (cli->capabilities & CAP_UNICODE) {
if (cli->capabilities & CAP_UNICODE)
flags2 |= FLAGS2_UNICODE_STRINGS;
}
if (cli->capabilities & CAP_STATUS32) {
if (cli->capabilities & CAP_STATUS32)
flags2 |= FLAGS2_32_BIT_ERROR_CODES;
}
if (cli->use_spnego) {
if (cli->use_spnego)
flags2 |= FLAGS2_EXTENDED_SECURITY;
}
if (cli->sign_info.use_smb_signing)
if (cli->sign_info.use_smb_signing
|| cli->sign_info.temp_smb_signing)
flags2 |= FLAGS2_SMB_SECURITY_SIGNATURES;
SSVAL(cli->outbuf,smb_flg2, flags2);
}
}
/****************************************************************************
setup the bcc length of the packet from a pointer to the end of the data
Setup the bcc length of the packet from a pointer to the end of the data.
****************************************************************************/
void cli_setup_bcc(struct cli_state *cli, void *p)
{
set_message_bcc(cli->outbuf, PTR_DIFF(p, smb_buf(cli->outbuf)));
}
/****************************************************************************
initialise credentials of a client structure
Initialise credentials of a client structure.
****************************************************************************/
void cli_init_creds(struct cli_state *cli, const struct ntuser_creds *usr)
{
/* copy_nt_creds(&cli->usr, usr); */
@ -193,10 +190,10 @@ void cli_init_creds(struct cli_state *cli, const struct ntuser_creds *usr)
cli->ntlmssp_flags,cli->ntlmssp_cli_flgs));
}
/****************************************************************************
initialise a client structure
Initialise a client structure.
****************************************************************************/
struct cli_state *cli_initialise(struct cli_state *cli)
{
BOOL alloced_cli = False;
@ -215,9 +212,8 @@ struct cli_state *cli_initialise(struct cli_state *cli)
alloced_cli = True;
}
if (cli->initialised) {
cli_shutdown(cli);
}
if (cli->initialised)
cli_close_connection(cli);
ZERO_STRUCTP(cli);
@ -234,7 +230,9 @@ struct cli_state *cli_initialise(struct cli_state *cli)
cli->outbuf = (char *)malloc(cli->bufsize);
cli->inbuf = (char *)malloc(cli->bufsize);
cli->oplock_handler = cli_oplock_ack;
if (lp_use_spnego()) {
cli->use_spnego = True;
}
/* Set the CLI_FORCE_DOSERR environment variable to test
client routines using DOS errors instead of STATUS32
@ -243,6 +241,10 @@ struct cli_state *cli_initialise(struct cli_state *cli)
cli->force_dos_errors = True;
}
/* A way to attempt to force SMB signing */
if (getenv("CLI_FORCE_SMB_SIGNING"))
cli->sign_info.negotiated_smb_signing = True;
if (!cli->outbuf || !cli->inbuf)
goto error;
@ -273,43 +275,75 @@ struct cli_state *cli_initialise(struct cli_state *cli)
}
/****************************************************************************
shutdown a client structure
Close a client connection and free the memory without destroying cli itself.
****************************************************************************/
void cli_shutdown(struct cli_state *cli)
void cli_close_connection(struct cli_state *cli)
{
BOOL allocated;
SAFE_FREE(cli->outbuf);
SAFE_FREE(cli->inbuf);
data_blob_free(&cli->secblob);
if (cli->mem_ctx)
if (cli->mem_ctx) {
talloc_destroy(cli->mem_ctx);
cli->mem_ctx = NULL;
}
if (cli->fd != -1)
close(cli->fd);
allocated = cli->allocated;
cli->fd = -1;
}
/****************************************************************************
Shutdown a client structure.
****************************************************************************/
void cli_shutdown(struct cli_state *cli)
{
BOOL allocated = cli->allocated;
cli_close_connection(cli);
ZERO_STRUCTP(cli);
if (allocated) {
free(cli);
}
}
/****************************************************************************
set socket options on a open connection
Set socket options on a open connection.
****************************************************************************/
void cli_sockopt(struct cli_state *cli, char *options)
{
set_socket_options(cli->fd, options);
}
/****************************************************************************
set the PID to use for smb messages. Return the old pid.
Set the PID to use for smb messages. Return the old pid.
****************************************************************************/
uint16 cli_setpid(struct cli_state *cli, uint16 pid)
{
uint16 ret = cli->pid;
cli->pid = pid;
return ret;
}
/****************************************************************************
Send a keepalive packet to the server
****************************************************************************/
BOOL cli_send_keepalive(struct cli_state *cli)
{
if (cli->fd == -1) {
DEBUG(3, ("cli_send_keepalive: fd == -1\n"));
return False;
}
if (!send_keepalive(cli->fd)) {
close(cli->fd);
cli->fd = -1;
DEBUG(0,("Error sending keepalive packet to client.\n"));
return False;
}
return True;
}

View File

@ -156,7 +156,7 @@ void cli_dos_error(struct cli_state *cli, uint8 *eclass, uint32 *ecode)
/* Return a UNIX errno from a dos error class, error number tuple */
int cli_errno_from_dos(uint8 eclass, uint32 num)
static int cli_errno_from_dos(uint8 eclass, uint32 num)
{
if (eclass == ERRDOS) {
switch (num) {
@ -205,7 +205,7 @@ static struct {
{NT_STATUS(0), 0}
};
int cli_errno_from_nt(NTSTATUS status)
static int cli_errno_from_nt(NTSTATUS status)
{
int i;
DEBUG(10,("cli_errno_from_nt: 32 bit codes: code=%08x\n", NT_STATUS_V(status)));

View File

@ -94,7 +94,7 @@ uint32 unix_perms_to_wire(mode_t perms)
ret |= ((perms & S_ISGID) ? UNIX_SET_GID : 0);
#endif
#ifdef S_ISUID
ret |= ((perms & S_ISVTX) ? UNIX_SET_UID : 0);
ret |= ((perms & S_ISUID) ? UNIX_SET_UID : 0);
#endif
return ret;
}

View File

@ -64,6 +64,14 @@ static krb5_error_code krb5_mk_req2(krb5_context context,
goto cleanup_creds;
}
/* cope with the ticket being in the future due to clock skew */
if ((unsigned)credsp->times.starttime > time(NULL)) {
time_t t = time(NULL);
int time_offset = (unsigned)credsp->times.starttime - t;
DEBUG(4,("Advancing clock by %d seconds to cope with clock skew\n", time_offset));
krb5_set_real_time(context, t + time_offset + 1, 0);
}
in_data.length = 0;
retval = krb5_mk_req_extended(context, auth_context, ap_req_options,
&in_data, credsp, outbuf);
@ -86,7 +94,7 @@ cleanup_princ:
/*
get a kerberos5 ticket for the given service
*/
DATA_BLOB krb5_get_ticket(char *principal)
DATA_BLOB krb5_get_ticket(char *principal, time_t time_offset)
{
krb5_error_code retval;
krb5_data packet;
@ -94,7 +102,12 @@ DATA_BLOB krb5_get_ticket(char *principal)
krb5_context context;
krb5_auth_context auth_context = NULL;
DATA_BLOB ret;
krb5_enctype enc_types[] = {ENCTYPE_DES_CBC_MD5, ENCTYPE_NULL};
krb5_enctype enc_types[] = {
#ifdef ENCTYPE_ARCFOUR_HMAC
ENCTYPE_ARCFOUR_HMAC,
#endif
ENCTYPE_DES_CBC_MD5,
ENCTYPE_NULL};
retval = krb5_init_context(&context);
if (retval) {
@ -103,6 +116,10 @@ DATA_BLOB krb5_get_ticket(char *principal)
goto failed;
}
if (time_offset != 0) {
krb5_set_real_time(context, time(NULL) + time_offset, 0);
}
if ((retval = krb5_cc_default(context, &ccdef))) {
DEBUG(1,("krb5_cc_default failed (%s)\n",
error_message(retval)));
@ -137,7 +154,7 @@ failed:
#else /* HAVE_KRB5 */
/* this saves a few linking headaches */
DATA_BLOB krb5_get_ticket(char *principal)
DATA_BLOB krb5_get_ticket(char *principal, time_t time_offset)
{
DEBUG(0,("NO KERBEROS SUPPORT\n"));
return data_blob(NULL, 0);

View File

@ -22,13 +22,13 @@
#include "includes.h"
/****************************************************************************
interpret a long filename structure - this is mostly guesses at the moment
Interpret a long filename structure - this is mostly guesses at the moment.
The length of the structure is returned
The structure of a long filename depends on the info level. 260 is used
by NT and 2 is used by OS/2
****************************************************************************/
static int interpret_long_filename(struct cli_state *cli,
int level,char *p,file_info *finfo)
{
@ -41,8 +41,7 @@ static int interpret_long_filename(struct cli_state *cli,
memcpy(finfo,&def_finfo,sizeof(*finfo));
switch (level)
{
switch (level) {
case 1: /* OS/2 understands this */
/* these dates are converted to GMT by
make_unix_date */
@ -132,10 +131,10 @@ static int interpret_long_filename(struct cli_state *cli,
return(SVAL(p,0));
}
/****************************************************************************
do a directory listing, calling fn on each file found
Do a directory listing, calling fn on each file found.
****************************************************************************/
int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
void (*fn)(file_info *, const char *, void *), void *state)
{
@ -307,12 +306,11 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
return(total_received);
}
/****************************************************************************
interpret a short filename structure
The length of the structure is returned
Interpret a short filename structure.
The length of the structure is returned.
****************************************************************************/
static int interpret_short_filename(struct cli_state *cli, char *p,file_info *finfo)
{
extern file_info def_finfo;
@ -334,10 +332,11 @@ static int interpret_short_filename(struct cli_state *cli, char *p,file_info *fi
/****************************************************************************
do a directory listing, calling fn on each file found
Do a directory listing, calling fn on each file found.
this uses the old SMBsearch interface. It is needed for testing Samba,
but should otherwise not be used
but should otherwise not be used.
****************************************************************************/
int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute,
void (*fn)(file_info *, const char *, void *), void *state)
{
@ -453,16 +452,15 @@ int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute,
return(num_received);
}
/****************************************************************************
do a directory listing, calling fn on each file found
this auto-switches between old and new style
Do a directory listing, calling fn on each file found.
This auto-switches between old and new style.
****************************************************************************/
int cli_list(struct cli_state *cli,const char *Mask,uint16 attribute,
void (*fn)(file_info *, const char *, void *), void *state)
{
if (cli->protocol <= PROTOCOL_LANMAN1) {
if (cli->protocol <= PROTOCOL_LANMAN1)
return cli_list_old(cli, Mask, attribute, fn, state);
}
return cli_list_new(cli, Mask, attribute, fn, state);
}

View File

@ -127,7 +127,7 @@ ssize_t cli_read(struct cli_state *cli, int fnum, char *buf, off_t offset, size_
return total;
}
#if 0 /* relies on client_recieve_smb(), now a static in libsmb/clientgen.c */
#if 0 /* relies on client_receive_smb(), now a static in libsmb/clientgen.c */
/* This call is INCOMPATIBLE with SMB signing. If you remove the #if 0
you must fix ensure you don't attempt to sign the packets - data

View File

@ -73,13 +73,56 @@ DATA_BLOB spnego_gen_negTokenInit(uint8 guid[16],
return ret;
}
/*
Generate a negTokenInit as used by the client side ... It has a mechType
(OID), and a mechToken (a security blob) ...
Really, we need to break out the NTLMSSP stuff as well, because it could be
raw in the packets!
*/
DATA_BLOB gen_negTokenInit(const char *OID, DATA_BLOB blob)
{
ASN1_DATA data;
DATA_BLOB ret;
memset(&data, 0, sizeof(data));
asn1_push_tag(&data, ASN1_APPLICATION(0));
asn1_write_OID(&data,OID_SPNEGO);
asn1_push_tag(&data, ASN1_CONTEXT(0));
asn1_push_tag(&data, ASN1_SEQUENCE(0));
asn1_push_tag(&data, ASN1_CONTEXT(0));
asn1_push_tag(&data, ASN1_SEQUENCE(0));
asn1_write_OID(&data, OID);
asn1_pop_tag(&data);
asn1_pop_tag(&data);
asn1_push_tag(&data, ASN1_CONTEXT(2));
asn1_write_OctetString(&data,blob.data,blob.length);
asn1_pop_tag(&data);
asn1_pop_tag(&data);
asn1_pop_tag(&data);
asn1_pop_tag(&data);
if (data.has_error) {
DEBUG(1,("Failed to build negTokenInit at offset %d\n", (int)data.ofs));
asn1_free(&data);
}
ret = data_blob(data.data, data.length);
asn1_free(&data);
return ret;
}
/*
parse a negTokenInit packet giving a GUID, a list of supported
OIDs (the mechanisms) and a principal name string
*/
BOOL spnego_parse_negTokenInit(DATA_BLOB blob,
uint8 guid[16],
char *OIDs[ASN1_MAX_OIDS],
char **principal)
{
@ -89,7 +132,6 @@ BOOL spnego_parse_negTokenInit(DATA_BLOB blob,
asn1_load(&data, blob);
asn1_read(&data, guid, 16);
asn1_start_tag(&data,ASN1_APPLICATION(0));
asn1_check_OID(&data,OID_SPNEGO);
asn1_start_tag(&data,ASN1_CONTEXT(0));
@ -279,13 +321,13 @@ BOOL spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket)
generate a SPNEGO negTokenTarg packet, ready for a EXTENDED_SECURITY
kerberos session setup
*/
DATA_BLOB spnego_gen_negTokenTarg(struct cli_state *cli, char *principal)
DATA_BLOB spnego_gen_negTokenTarg(const char *principal, int time_offset)
{
DATA_BLOB tkt, tkt_wrapped, targ;
const char *krb_mechs[] = {OID_KERBEROS5_OLD, OID_NTLMSSP, NULL};
/* get a kerberos ticket for the service */
tkt = krb5_get_ticket(principal);
tkt = krb5_get_ticket(principal, time_offset);
/* wrap that up in a nice GSS-API wrapping */
tkt_wrapped = spnego_gen_krb5_wrap(tkt);
@ -473,8 +515,10 @@ DATA_BLOB spnego_gen_auth_response(void)
U = unicode string (input is unix string)
a = address (1 byte type, 1 byte length, unicode string, all inline)
A = ASCII string (pointer + length) Actually same as B
B = data blob (pointer + length)
b = data blob in header (pointer + length)
D
d = word (4 bytes)
C = constant ascii string
*/
@ -502,6 +546,7 @@ BOOL msrpc_gen(DATA_BLOB *blob,
s = va_arg(ap, char *);
data_size += (str_charnum(s) * 2) + 4;
break;
case 'A':
case 'B':
b = va_arg(ap, uint8 *);
head_size += 8;
@ -554,6 +599,7 @@ BOOL msrpc_gen(DATA_BLOB *blob,
data_ofs += n*2;
break;
case 'A':
case 'B':
b = va_arg(ap, uint8 *);
n = va_arg(ap, int);
@ -688,37 +734,39 @@ BOOL msrpc_parse(DATA_BLOB *blob,
void debug_ntlmssp_flags(uint32 neg_flags)
{
DEBUG(3,("Got NTLMSSP neg_flags=0x%08x\n", neg_flags));
if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE)
DEBUG(4, (" NTLMSSP_NEGOTIATE_UNICODE\n"));
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_UNICODE\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_OEM)
DEBUG(4, (" NTLMSSP_NEGOTIATE_OEM\n"));
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_OEM\n"));
if (neg_flags & NTLMSSP_REQUEST_TARGET)
DEBUG(4, (" NTLMSSP_REQUEST_TARGET\n"));
DEBUGADD(4, (" NTLMSSP_REQUEST_TARGET\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_SIGN)
DEBUG(4, (" NTLMSSP_NEGOTIATE_SIGN\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_SIGN)
DEBUG(4, (" NTLMSSP_NEGOTIATE_SEAL\n"));
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_SIGN\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_SEAL)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_SEAL\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
DEBUG(4, (" NTLMSSP_NEGOTIATE_LM_KEY\n"));
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_LM_KEY\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_NETWARE)
DEBUG(4, (" NTLMSSP_NEGOTIATE_NETWARE\n"));
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NETWARE\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_NTLM)
DEBUG(4, (" NTLMSSP_NEGOTIATE_NTLM\n"));
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NTLM\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED)
DEBUG(4, (" NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED\n"));
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED)
DEBUG(4, (" NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED\n"));
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL)
DEBUG(4, (" NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL\n"));
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
DEBUG(4, (" NTLMSSP_NEGOTIATE_ALWAYS_SIGN\n"));
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_ALWAYS_SIGN\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_NTLM2)
DEBUG(4, (" NTLMSSP_NEGOTIATE_NTLM2\n"));
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NTLM2\n"));
if (neg_flags & NTLMSSP_CHAL_TARGET_INFO)
DEBUG(4, (" NTLMSSP_CHAL_TARGET_INFO\n"));
DEBUGADD(4, (" NTLMSSP_CHAL_TARGET_INFO\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_128)
DEBUG(4, (" NTLMSSP_NEGOTIATE_128\n"));
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_128\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)
DEBUG(4, (" NTLMSSP_NEGOTIATE_KEY_EXCH\n"));
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_KEY_EXCH\n"));
}

View File

@ -89,7 +89,7 @@ static int smbc_add_cached_server(SMBCCTX * context, SMBCSRV * new,
goto failed;
}
DLIST_ADD(((struct smbc_server_cache *)context->server_cache), srvcache);
DLIST_ADD((context->server_cache), srvcache);
return 0;
failed:
@ -139,7 +139,7 @@ static int smbc_remove_cached_server(SMBCCTX * context, SMBCSRV * server)
if (server == srv->server) {
/* remove this sucker */
DLIST_REMOVE(((struct smbc_server_cache *)context->server_cache), srv);
DLIST_REMOVE(context->server_cache, srv);
SAFE_FREE(srv->server_name);
SAFE_FREE(srv->share_name);
SAFE_FREE(srv->workgroup);

View File

@ -180,14 +180,13 @@ smbc_parse_path(SMBCCTX *context, const char *fname, char *server, char *share,
static int smbc_errno(SMBCCTX *context, struct cli_state *c)
{
int ret;
int ret = cli_errno(c);
if (cli_is_dos_error(c)) {
uint8 eclass;
uint32 ecode;
cli_dos_error(c, &eclass, &ecode);
ret = cli_errno_from_dos(eclass, ecode);
DEBUG(3,("smbc_error %d %d (0x%x) -> %d\n",
(int)eclass, (int)ecode, (int)ecode, ret));
@ -195,10 +194,9 @@ static int smbc_errno(SMBCCTX *context, struct cli_state *c)
NTSTATUS status;
status = cli_nt_error(c);
ret = cli_errno_from_nt(status);
DEBUG(3,("smbc errno %s -> %d\n",
get_nt_error_msg(status), ret));
nt_errstr(status), ret));
}
return ret;
@ -213,7 +211,7 @@ static int smbc_errno(SMBCCTX *context, struct cli_state *c)
*/
int smbc_check_server(SMBCCTX * context, SMBCSRV * server)
{
if ( cli_send_keepalive(&server->cli) == False )
if ( send_keepalive(server->cli.fd) == False )
return 1;
/* connection is ok */
@ -380,7 +378,7 @@ SMBCSRV *smbc_server(SMBCCTX *context,
fstring remote_name;
struct in_addr rem_ip;
if (!inet_aton(server, &rem_ip)) {
if ((rem_ip.s_addr=inet_addr(server)) == INADDR_NONE) {
DEBUG(4, ("Could not convert IP address %s to struct in_addr\n", server));
errno = ENOENT;
return NULL;

View File

@ -29,24 +29,24 @@ static TDB_CONTEXT *namecache_tdb;
struct nc_value {
time_t expiry; /* When entry expires */
int count; /* Number of addresses */
struct in_addr ip_list[0]; /* Address list */
struct in_addr ip_list[1]; /* Address list */
};
/* Initialise namecache system */
void namecache_enable(void)
BOOL namecache_enable(void)
{
/* Check if we have been here before, or name caching disabled
by setting the name cache timeout to zero. */
if (done_namecache_init)
return;
return False;
done_namecache_init = True;
if (lp_name_cache_timeout() == 0) {
DEBUG(5, ("namecache_init: disabling netbios name cache\n"));
return;
return False;
}
/* Open namecache tdb in read/write or readonly mode */
@ -58,13 +58,15 @@ void namecache_enable(void)
if (!namecache_tdb) {
DEBUG(5, ("namecache_init: could not open %s\n",
lock_path("namecache.tdb")));
return;
return False;
}
DEBUG(5, ("namecache_init: enabling netbios namecache, timeout %d "
"seconds\n", lp_name_cache_timeout()));
enable_namecache = True;
return True;
}
/* Return a key for a name and name type. The caller must free
@ -91,17 +93,20 @@ static TDB_DATA namecache_value(struct in_addr *ip_list, int num_names,
{
TDB_DATA retval;
struct nc_value *value;
int size;
int size = sizeof(struct nc_value);
size = sizeof(struct nc_value) + sizeof(struct in_addr) *
num_names;
if (num_names > 0)
size += sizeof(struct in_addr) * (num_names-1);
value = (struct nc_value *)malloc(size);
memset(value, 0, size);
value->expiry = expiry;
value->count = num_names;
memcpy(value->ip_list, ip_list, num_names * sizeof(struct in_addr));
if (ip_list)
memcpy(value->ip_list, ip_list, sizeof(struct in_addr) * num_names);
retval.dptr = (char *)value;
retval.dsize = size;
@ -160,6 +165,9 @@ BOOL namecache_fetch(const char *name, int name_type, struct in_addr **ip_list,
time_t now;
int i;
*ip_list = NULL;
*num_names = 0;
if (!enable_namecache)
return False;
@ -209,21 +217,24 @@ BOOL namecache_fetch(const char *name, int name_type, struct in_addr **ip_list,
/* Extract and return namelist */
DEBUG(5, ("namecache_fetch: returning %d address%s for %s#%02x: ",
data->count, data->count == 1 ? "" : "es", name, name_type));
if (data->count) {
*ip_list = (struct in_addr *)malloc(
sizeof(struct in_addr) * data->count);
memcpy(*ip_list, data->ip_list, sizeof(struct in_addr) *
data->count);
memcpy(*ip_list, data->ip_list, sizeof(struct in_addr) * data->count);
*num_names = data->count;
DEBUG(5, ("namecache_fetch: returning %d address%s for %s#%02x: ",
*num_names, *num_names == 1 ? "" : "es", name, name_type));
for (i = 0; i < *num_names; i++)
DEBUGADD(5, ("%s%s", inet_ntoa((*ip_list)[i]),
i == (*num_names - 1) ? "" : ", "));
}
DEBUGADD(5, ("\n"));
done:

View File

@ -28,7 +28,7 @@ typedef const struct
NTSTATUS nt_errcode;
} nt_err_code_struct;
nt_err_code_struct nt_errs[] =
static nt_err_code_struct nt_errs[] =
{
{ "NT_STATUS_OK", NT_STATUS_OK },
{ "NT_STATUS_UNSUCCESSFUL", NT_STATUS_UNSUCCESSFUL },

View File

@ -116,31 +116,55 @@ void nt_lm_owf_gen(const char *pwd, uchar nt_p16[16], uchar p16[16])
}
/* Does both the NTLMv2 owfs of a user's password */
void ntv2_owf_gen(const uchar owf[16],
const char *user_n, const char *domain_n, uchar kr_buf[16])
BOOL ntv2_owf_gen(const uchar owf[16],
const char *user_in, const char *domain_in, uchar kr_buf[16])
{
pstring user_u;
pstring dom_u;
smb_ucs2_t *user;
smb_ucs2_t *domain;
int user_byte_len;
int domain_byte_len;
HMACMD5Context ctx;
int user_l = strlen(user_n);
int domain_l = strlen(domain_n);
user_byte_len = push_ucs2_allocate(&user, user_in);
if (user_byte_len < 0) {
DEBUG(0, ("push_uss2_allocate() for user returned %d (probably malloc() failure)\n", user_byte_len));
return False;
}
push_ucs2(NULL, user_u, user_n, (user_l+1)*2, STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER);
push_ucs2(NULL, dom_u, domain_n, (domain_l+1)*2, STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER);
domain_byte_len = push_ucs2_allocate(&domain, domain_in);
if (domain_byte_len < 0) {
DEBUG(0, ("push_uss2_allocate() for domain returned %d (probably malloc() failure)\n", user_byte_len));
return False;
}
strupper_w(user);
strupper_w(domain);
/* We don't want null termination */
user_byte_len = user_byte_len - 2;
domain_byte_len = domain_byte_len - 2;
SMB_ASSERT(user_byte_len >= 0);
SMB_ASSERT(domain_byte_len >= 0);
hmac_md5_init_limK_to_64(owf, 16, &ctx);
hmac_md5_update((const unsigned char *)user_u, user_l * 2, &ctx);
hmac_md5_update((const unsigned char *)dom_u, domain_l * 2, &ctx);
hmac_md5_update((const unsigned char *)user, user_byte_len, &ctx);
hmac_md5_update((const unsigned char *)domain, domain_byte_len, &ctx);
hmac_md5_final(kr_buf, &ctx);
#ifdef DEBUG_PASSWORD
DEBUG(100, ("ntv2_owf_gen: user, domain, owfkey, kr\n"));
dump_data(100, user_u, user_l * 2);
dump_data(100, dom_u, domain_l * 2);
dump_data(100, (const char *)user, user_byte_len);
dump_data(100, (const char *)domain, domain_byte_len);
dump_data(100, owf, 16);
dump_data(100, kr_buf, 16);
#endif
SAFE_FREE(user);
SAFE_FREE(domain);
return True;
}
/* Does the des encryption from the NT or LM MD4 hash. */
@ -148,7 +172,7 @@ void SMBOWFencrypt(const uchar passwd[16], const uchar *c8, uchar p24[24])
{
uchar p21[21];
memset(p21,'\0',21);
ZERO_STRUCT(p21);
memcpy(p21, passwd, 16);
E_P24(p21, c8, p24);
@ -362,6 +386,12 @@ void cli_caclulate_sign_mac(struct cli_state *cli)
unsigned char calc_md5_mac[16];
struct MD5Context md5_ctx;
if (cli->sign_info.temp_smb_signing) {
memcpy(&cli->outbuf[smb_ss_field], "SignRequest", 8);
cli->sign_info.temp_smb_signing = False;
return;
}
if (!cli->sign_info.use_smb_signing) {
return;
}
@ -380,6 +410,8 @@ void cli_caclulate_sign_mac(struct cli_state *cli)
MD5Final(calc_md5_mac, &md5_ctx);
memcpy(&cli->outbuf[smb_ss_field], calc_md5_mac, 8);
/* cli->outbuf[smb_ss_field+2]=0;
Uncomment this to test if the remote server actually verifies signitures...*/
cli->sign_info.send_seq_num++;
cli->sign_info.reply_seq_num = cli->sign_info.send_seq_num;
cli->sign_info.send_seq_num++;

View File

@ -35,8 +35,9 @@ static NTSTATUS just_change_the_password(struct cli_state *cli, TALLOC_CTX *mem_
unsigned char new_trust_passwd_hash[16])
{
NTSTATUS result;
result = cli_nt_setup_creds(cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ?
SEC_CHAN_WKSTA : SEC_CHAN_BDC, orig_trust_passwd_hash);
uint32 neg_flags = 0x000001ff;
result = cli_nt_setup_creds(cli, get_sec_chan(), orig_trust_passwd_hash, &neg_flags, 2);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(1,("just_change_the_password: unable to setup creds (%s)!\n",

View File

@ -142,7 +142,7 @@ static NTSTATUS do_lock(files_struct *fsp,connection_struct *conn, uint16 lock_p
}
/****************************************************************************
Utility function called by locking requests. This is *DISGISTING*. It also
Utility function called by locking requests. This is *DISGUSTING*. It also
appears to be "What Windows Does" (tm). Andrew, ever wonder why Windows 2000
is so slow on the locking tests...... ? This is the reason. Much though I hate
it, we need this. JRA.

View File

@ -334,7 +334,8 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
/* Push domain components */
dc = domain;
q1 = q;
while ((component = strsep(&dc, "."))) {
while ((component = strtok(dc, "."))) {
dc = NULL;
size = push_ascii(&q[1], component, -1, 0);
SCVAL(q, 0, size);
q += (size + 1);

View File

@ -70,7 +70,11 @@ static void sync_child(char *name, int nm_type,
uint32 local_type = local ? SV_TYPE_LOCAL_LIST_ONLY : 0;
struct nmb_name called, calling;
if (!cli_initialise(&cli) || !cli_connect(&cli, name, &ip)) {
/* W2K DMB's return empty browse lists on port 445. Use 139.
* Patch from Andy Levine andyl@epicrealm.com.
*/
if (!cli_initialise(&cli) || !cli_set_port(&cli, 139) || !cli_connect(&cli, name, &ip)) {
return;
}

View File

@ -11,11 +11,6 @@
#include "pam_winbind.h"
/* prototypes from common.c */
void init_request(struct winbindd_request *req,int rq_type);
int write_sock(void *buffer, int count);
int read_reply(struct winbindd_response *response);
/* data tokens */
#define MAX_PASSWD_TRIES 3
@ -99,24 +94,30 @@ static int _make_remark(pam_handle_t * pamh, int type, const char *text)
return retval;
}
static int winbind_request(enum winbindd_cmd req_type,
static int pam_winbind_request(enum winbindd_cmd req_type,
struct winbindd_request *request,
struct winbindd_response *response)
{
/* Fill in request and send down pipe */
init_request(request, req_type);
if (write_sock(request, sizeof(*request)) == -1) {
_pam_log(LOG_ERR, "write to socket failed!");
close_sock();
return PAM_SERVICE_ERR;
}
/* Wait for reply */
if (read_reply(response) == -1) {
_pam_log(LOG_ERR, "read from socket failed!");
close_sock();
return PAM_SERVICE_ERR;
}
/* We are done with the socket - close it and avoid mischeif */
close_sock();
/* Copy reply data from socket */
if (response->result != WINBINDD_OK) {
if (response->data.auth.pam_error != PAM_SUCCESS) {
@ -148,7 +149,7 @@ static int winbind_auth_request(const char *user, const char *pass, int ctrl)
strncpy(request.data.auth.pass, pass,
sizeof(request.data.auth.pass)-1);
retval = winbind_request(WINBINDD_PAM_AUTH, &request, &response);
retval = pam_winbind_request(WINBINDD_PAM_AUTH, &request, &response);
switch (retval) {
case PAM_AUTH_ERR:
@ -217,7 +218,7 @@ static int winbind_chauthtok_request(const char *user, const char *oldpass,
request.data.chauthtok.newpass[0] = '\0';
}
return winbind_request(WINBINDD_PAM_CHAUTHTOK, &request, &response);
return pam_winbind_request(WINBINDD_PAM_CHAUTHTOK, &request, &response);
}
/*

View File

@ -90,5 +90,4 @@ do { \
#define on(x, y) (x & y)
#define off(x, y) (!(x & y))
#include "winbind_nss_config.h"
#include "winbindd_nss.h"
#include "winbind_client.h"

View File

@ -5,6 +5,8 @@
Copyright (C) Tim Potter 2000
Copyright (C) Andrew Tridgell 2000
Copyright (C) Andrew Bartlett 2002
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public
@ -75,7 +77,7 @@ void init_response(struct winbindd_response *response)
/* Close established socket */
static void close_sock(void)
void close_sock(void)
{
if (winbindd_fd != -1) {
close(winbindd_fd);
@ -83,14 +85,75 @@ static void close_sock(void)
}
}
/* Make sure socket handle isn't stdin, stdout or stderr */
#define RECURSION_LIMIT 3
static int make_nonstd_fd_internals(int fd, int limit /* Recursion limiter */)
{
int new_fd;
if (fd >= 0 && fd <= 2) {
#ifdef F_DUPFD
if ((new_fd = fcntl(fd, F_DUPFD, 3)) == -1) {
return -1;
}
/* Parinoia */
if (new_fd < 3) {
close(new_fd);
return -1;
}
close(fd);
return new_fd;
#else
if (limit <= 0)
return -1;
new_fd = dup(fd);
if (new_fd == -1)
return -1;
/* use the program stack to hold our list of FDs to close */
new_fd = make_nonstd_fd_internals(new_fd, limit - 1);
close(fd);
return new_fd;
#endif
}
return fd;
}
static int make_safe_fd(int fd)
{
int result, flags;
int new_fd = make_nonstd_fd_internals(fd, RECURSION_LIMIT);
if (new_fd == -1) {
close(fd);
return -1;
}
/* Socket should be closed on exec() */
#ifdef FD_CLOEXEC
result = flags = fcntl(new_fd, F_GETFD, 0);
if (flags >= 0) {
flags |= FD_CLOEXEC;
result = fcntl( new_fd, F_SETFD, flags );
}
if (result < 0) {
close(new_fd);
return -1;
}
#endif
return new_fd;
}
/* Connect to winbindd socket */
int winbind_open_pipe_sock(void)
{
#ifdef HAVE_UNIXSOCKET
struct sockaddr_un sunaddr;
static pid_t our_pid;
struct stat st;
pstring path;
int fd;
if (our_pid != getpid()) {
close_sock();
@ -144,10 +207,14 @@ int winbind_open_pipe_sock(void)
/* Connect to socket */
if ((winbindd_fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
return -1;
}
if ((winbindd_fd = make_safe_fd( fd)) == -1) {
return winbindd_fd;
}
if (connect(winbindd_fd, (struct sockaddr *)&sunaddr,
sizeof(sunaddr)) == -1) {
close_sock();
@ -155,6 +222,9 @@ int winbind_open_pipe_sock(void)
}
return winbindd_fd;
#else
return -1;
#endif /* HAVE_UNIXSOCKET */
}
/* Write data to winbindd socket */

View File

@ -28,11 +28,7 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
/* Prototypes from common.h */
NSS_STATUS winbindd_request(int req_type,
struct winbindd_request *request,
struct winbindd_response *response);
extern int winbindd_fd;
static char winbind_separator(void)
{
@ -450,6 +446,7 @@ static BOOL wbinfo_auth(char *username)
d_printf("plaintext password authentication %s\n",
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
if (response.data.auth.nt_status)
d_printf("error code was %s (0x%x)\n",
response.data.auth.nt_status_string,
response.data.auth.nt_status);
@ -504,6 +501,7 @@ static BOOL wbinfo_auth_crap(char *username)
d_printf("challenge/response password authentication %s\n",
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
if (response.data.auth.nt_status)
d_printf("error code was %s (0x%x)\n",
response.data.auth.nt_status_string,
response.data.auth.nt_status);
@ -613,38 +611,12 @@ static BOOL wbinfo_ping(void)
/* Display response */
d_printf("'ping' to winbindd %s\n",
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
d_printf("'ping' to winbindd %s on fd %d\n",
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", winbindd_fd);
return result == NSS_STATUS_SUCCESS;
}
/* Print program usage */
static void usage(void)
{
d_printf("Usage: wbinfo -ug | -n name | -sSY sid | -UG uid/gid | -tm "
"| -[aA] user%%password\n");
d_printf("\t-u\t\t\tlists all domain users\n");
d_printf("\t-g\t\t\tlists all domain groups\n");
d_printf("\t-n name\t\t\tconverts name to sid\n");
d_printf("\t-s sid\t\t\tconverts sid to name\n");
d_printf("\t-N name\t\t\tconverts NetBIOS name to IP (WINS)\n");
d_printf("\t-I name\t\t\tconverts IP address to NetBIOS name (WINS)\n");
d_printf("\t-U uid\t\t\tconverts uid to sid\n");
d_printf("\t-G gid\t\t\tconverts gid to sid\n");
d_printf("\t-S sid\t\t\tconverts sid to uid\n");
d_printf("\t-Y sid\t\t\tconverts sid to gid\n");
d_printf("\t-t\t\t\tcheck shared secret\n");
d_printf("\t-m\t\t\tlist trusted domains\n");
d_printf("\t-r user\t\t\tget user groups\n");
d_printf("\t-a user%%password\tauthenticate user\n");
d_printf("\t-A user%%password\tstore user and password used by winbindd (root only)\n");
d_printf("\t-p\t\t\t'ping' winbindd to see if it is alive\n");
d_printf("\t--sequence\t\tshow sequence numbers of all domains\n");
d_printf("\t--set-auth-user DOMAIN\\user%%password\tset password for restrict anonymous\n");
}
/* Main program */
enum {
@ -664,28 +636,28 @@ int main(int argc, char **argv)
int result = 1;
struct poptOption long_options[] = {
POPT_AUTOHELP
/* longName, shortName, argInfo, argPtr, value, descrip,
argDesc */
{ "help", 'h', POPT_ARG_NONE, 0, 'h' },
{ "domain-users", 'u', POPT_ARG_NONE, 0, 'u' },
{ "domain-groups", 'g', POPT_ARG_NONE, 0, 'g' },
{ "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N' },
{ "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I' },
{ "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n' },
{ "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's' },
{ "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U' },
{ "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G' },
{ "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S' },
{ "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y' },
{ "check-secret", 't', POPT_ARG_NONE, 0, 't' },
{ "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm' },
{ "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE },
{ "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r' },
{ "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a' },
{ "set-auth-user", 'A', POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER },
{ "ping", 'p', POPT_ARG_NONE, 0, 'p' },
{ "domain-users", 'u', POPT_ARG_NONE, 0, 'u', "Lists all domain users"},
{ "domain-groups", 'g', POPT_ARG_NONE, 0, 'g', "Lists all domain groups" },
{ "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N', "Converts NetBIOS name to IP (WINS)" },
{ "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I', "Converts IP address to NetBIOS name (WINS)" },
{ "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n', "Converts name to sid" },
{ "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's', "Converts sid to name" },
{ "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U', "Converts uid to sid" },
{ "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid" },
{ "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid" },
{ "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid" },
{ "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
{ "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
{ "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "show sequence numbers of all domains" },
{ "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups" },
{ "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
{ "set-auth-user", 'A', POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" },
{ "ping", 'p', POPT_ARG_NONE, 0, 'p', "'ping' winbindd to see if it is alive" },
{ 0, 0, 0, 0 }
};
@ -708,17 +680,17 @@ int main(int argc, char **argv)
load_interfaces();
/* Parse command line options */
if (argc == 1) {
usage();
return 1;
}
/* Parse options */
pc = poptGetContext("wbinfo", argc, (const char **)argv, long_options, 0);
/* Parse command line options */
if (argc == 1) {
poptPrintHelp(pc, stderr, 0);
return 1;
}
while((opt = poptGetNextOpt(pc)) != -1) {
if (got_command) {
d_fprintf(stderr, "No more than one command may be specified at once.\n");
@ -734,10 +706,6 @@ int main(int argc, char **argv)
while((opt = poptGetNextOpt(pc)) != -1) {
switch (opt) {
case 'h':
usage();
result = 0;
goto done;
case 'u':
if (!print_domain_users()) {
d_printf("Error looking up domain users\n");
@ -859,7 +827,7 @@ int main(int argc, char **argv)
break;
default:
d_fprintf(stderr, "Invalid option\n");
usage();
poptPrintHelp(pc, stderr, 0);
goto done;
}
}

View File

@ -21,8 +21,7 @@
Boston, MA 02111-1307, USA.
*/
#include "winbind_nss_config.h"
#include "winbindd_nss.h"
#include "winbind_client.h"
#ifdef HAVE_NS_API_H
#undef VOLATILE
@ -37,17 +36,6 @@
extern int winbindd_fd;
void init_request(struct winbindd_request *req,int rq_type);
NSS_STATUS winbindd_send_request(int req_type,
struct winbindd_request *request);
NSS_STATUS winbindd_get_response(struct winbindd_response *response);
NSS_STATUS winbindd_request(int req_type,
struct winbindd_request *request,
struct winbindd_response *response);
int winbind_open_pipe_sock(void);
int write_sock(void *buffer, int count);
int read_reply(struct winbindd_response *response);
void free_response(struct winbindd_response *response);
#ifdef HAVE_NS_API_H
/* IRIX version */

View File

@ -38,6 +38,10 @@
#include <unistd.h>
#endif
#ifdef HAVE_SYS_SELECT_H
#include <sys/select.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
@ -58,6 +62,14 @@
#include <string.h>
#endif
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#else
#ifdef HAVE_SYS_FCNTL_H
#include <sys/fcntl.h>
#endif
#endif
#include <sys/types.h>
#include <sys/stat.h>
#include <errno.h>

View File

@ -628,8 +628,8 @@ static void process_loop(int accept_sock)
if (state->read_buf_len >= sizeof(uint32)
&& *(uint32 *) &state->request != sizeof(state->request)) {
DEBUG(0,("process_loop: Invalid request size (%d) send, should be (%d)\n",
*(uint32 *) &state->request, sizeof(state->request)));
DEBUG(0,("process_loop: Invalid request size from pid %d: %d bytes sent, should be %d\n",
state->request.pid, *(uint32 *) &state->request, sizeof(state->request)));
remove_client(state);
break;
@ -858,6 +858,7 @@ static void usage(void)
pidfile_create("winbindd");
}
#if HAVE_SETPGID
/*
* If we're interactive we want to set our own process group for

View File

@ -143,7 +143,7 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain)
/* if we get ECONNREFUSED then it might be a NT4
server, fall back to MSRPC */
if (status.error_type == ADS_ERROR_SYSTEM &&
status.rc == ECONNREFUSED) {
status.err.rc == ECONNREFUSED) {
DEBUG(1,("Trying MSRPC methods\n"));
domain->methods = &msrpc_methods;
}
@ -170,9 +170,9 @@ static void sid_from_rid(struct winbindd_domain *domain, uint32 rid, DOM_SID *si
static enum SID_NAME_USE ads_atype_map(uint32 atype)
{
switch (atype & 0xF0000000) {
case ATYPE_GROUP:
case ATYPE_GLOBAL_GROUP:
return SID_NAME_DOM_GRP;
case ATYPE_USER:
case ATYPE_ACCOUNT:
return SID_NAME_USER;
default:
DEBUG(1,("hmm, need to map account type 0x%x\n", atype));
@ -339,7 +339,7 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
if (!ads_pull_uint32(ads, msg, "sAMAccountType",
&account_type) ||
!(account_type & ATYPE_GROUP)) continue;
!(account_type & ATYPE_GLOBAL_GROUP)) continue;
name = pull_username(ads, mem_ctx, msg);
gecos = ads_pull_string(ads, mem_ctx, msg, "name");

View File

@ -109,7 +109,7 @@ static BOOL cm_ads_find_dc(const char *domain, struct in_addr *dc_ip, fstring sr
}
/* we don't need to bind, just connect */
ads->auth.no_bind = 1;
ads->auth.flags |= ADS_AUTH_NO_BIND;
DEBUG(4,("cm_ads_find_dc: domain=%s\n", domain));
@ -145,12 +145,17 @@ static BOOL cm_rpc_find_dc(const char *domain, struct in_addr *dc_ip, fstring sr
/* Lookup domain controller name. Try the real PDC first to avoid
SAM sync delays */
if (!get_dc_list(True, domain, &ip_list, &count)) {
if (get_dc_list(True, domain, &ip_list, &count) &&
name_status_find(domain, 0x1c, 0x20, ip_list[0], srv_name)) {
*dc_ip = ip_list[0];
SAFE_FREE(ip_list);
return True;
}
if (!get_dc_list(False, domain, &ip_list, &count)) {
DEBUG(3, ("Could not look up dc's for domain %s\n", domain));
return False;
}
}
/* Pick a nice close server */
/* Look for DC on local net */
@ -377,16 +382,6 @@ static NTSTATUS cm_open_connection(const char *domain,const char *pipe_name,
fstrcpy(new_conn->domain, domain);
fstrcpy(new_conn->pipe_name, pipe_name);
/* Look for a domain controller for this domain. Negative results
are cached so don't bother applying the caching for this
function just yet. */
if (!cm_get_dc_name(domain, new_conn->controller, &dc_ip)) {
result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
add_failed_connection_entry(new_conn, result);
return result;
}
/* Return false if we have tried to look up this domain and netbios
name before and failed. */
@ -418,6 +413,16 @@ static NTSTATUS cm_open_connection(const char *domain,const char *pipe_name,
return result;
}
/* Look for a domain controller for this domain. Negative results
are cached so don't bother applying the caching for this
function just yet. */
if (!cm_get_dc_name(domain, new_conn->controller, &dc_ip)) {
result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
add_failed_connection_entry(new_conn, result);
return result;
}
/* Initialise SMB connection */
cm_get_ipc_userpass(&ipc_username, &ipc_domain, &ipc_password);
@ -859,6 +864,7 @@ NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd,
{
NTSTATUS result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
struct winbindd_cm_conn *conn;
uint32 neg_flags = 0x000001ff;
if (!cli) {
return NT_STATUS_INVALID_PARAMETER;
@ -870,8 +876,7 @@ NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd,
return result;
}
result = cli_nt_setup_creds(conn->cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ?
SEC_CHAN_WKSTA : SEC_CHAN_BDC, trust_passwd);
result = cli_nt_setup_creds(conn->cli, get_sec_chan(), trust_passwd, &neg_flags, 2);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(0, ("error connecting to domain password server: %s\n",
@ -884,8 +889,7 @@ NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd,
}
/* Try again */
result = cli_nt_setup_creds(conn->cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ?
SEC_CHAN_WKSTA : SEC_CHAN_BDC, trust_passwd);
result = cli_nt_setup_creds( conn->cli, get_sec_chan(),trust_passwd, &neg_flags, 2);
}
if (!NT_STATUS_IS_OK(result)) {

View File

@ -127,6 +127,9 @@ struct winbindd_request {
uid_t uid; /* getpwuid, uid_to_sid */
gid_t gid; /* getgrgid, gid_to_sid */
struct {
/* We deliberatedly don't split into domain/user to
avoid having the client know what the separator
character is. */
fstring user;
fstring pass;
} auth; /* pam_winbind auth module */

View File

@ -147,7 +147,7 @@ done:
fstrcpy(state->response.data.auth.error_string, nt_errstr(result));
state->response.data.auth.pam_error = nt_status_to_pam(result);
DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("Plain-text authenticaion for user %s returned %s (PAM: %d)\n",
DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("Plain-text authentication for user %s returned %s (PAM: %d)\n",
state->request.data.auth.user,
state->response.data.auth.nt_status_string,
state->response.data.auth.pam_error));
@ -183,7 +183,7 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
/* Ensure null termination */
state->request.data.auth_crap.domain[sizeof(state->request.data.auth_crap.domain)-1]='\0';
if (!(mem_ctx = talloc_init_named("winbind pam auth crap for (utf8) %s", state->request.data.auth.user))) {
if (!(mem_ctx = talloc_init_named("winbind pam auth crap for (utf8) %s", state->request.data.auth_crap.user))) {
DEBUG(0, ("winbindd_pam_auth_crap: could not talloc_init()!\n"));
result = NT_STATUS_NO_MEMORY;
goto done;
@ -292,7 +292,7 @@ done:
state->response.data.auth.pam_error = nt_status_to_pam(result);
DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2,
("NTLM CRAP authenticaion for user [%s]\\[%s] returned %s (PAM: %d)\n",
("NTLM CRAP authentication for user [%s]\\[%s] returned %s (PAM: %d)\n",
domain,
user,
state->response.data.auth.nt_status_string,

View File

@ -315,6 +315,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
cli_samr_close(hnd->cli, mem_ctx, &user_pol);
got_user_pol = False;
user_info->user_rid = user_rid;
user_info->group_rid = ctr->info.id21->group_rid;
user_info->acct_name = unistr2_tdup(mem_ctx,
&ctr->info.id21->uni_user_name);
@ -419,7 +420,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
BOOL got_dom_pol = False, got_group_pol = False;
DEBUG(3,("rpc: lookup_groupmem rid=%u\n", group_rid));
DEBUG(10,("rpc: lookup_groupmem %s rid=%u\n", domain->name, group_rid));
*num_names = 0;
@ -523,7 +524,7 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
BOOL got_dom_pol = False;
uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
DEBUG(3,("rpc: sequence_number\n"));
DEBUG(10,("rpc: fetch sequence_number for %s\n", domain->name));
*seq = DOM_SEQUENCE_NONE;

View File

@ -83,10 +83,16 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
/* We can't call domain_list() as this function is called from
init_domain_list() and we'll get stuck in a loop. */
for (domain = _domain_list; domain; domain = domain->next) {
if (strcmp(domain_name, domain->name) == 0 ||
strcmp(domain_name, domain->alt_name) == 0) {
if (strcasecmp(domain_name, domain->name) == 0 ||
strcasecmp(domain_name, domain->alt_name) == 0) {
return domain;
}
if (alt_name && *alt_name) {
if (strcasecmp(alt_name, domain->name) == 0 ||
strcasecmp(alt_name, domain->alt_name) == 0) {
return domain;
}
}
}
/* Create new domain entry */

View File

@ -96,6 +96,8 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
char *pass_old;
char *pass_new;
NTSTATUS nt_status;
/* Samba initialization. */
setup_logging( "pam_smbpass", False );
in_client = True;
@ -124,10 +126,11 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
}
/* obtain user record */
pdb_init_sam(&sampass);
pdb_getsampwnam(sampass,user);
if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&sampass))) {
return nt_status_to_pam(nt_status);
}
if (sampass == NULL) {
if (!pdb_getsampwnam(sampass,user)) {
_log_err( LOG_ALERT, "Failed to find entry for user %s.", user );
return PAM_USER_UNKNOWN;
}

View File

@ -112,6 +112,7 @@ typedef struct
char *szSMBPasswdFile;
char *szPrivateDir;
char **szPassdbBackend;
char **szSamBackend;
char *szPasswordServer;
char *szSocketOptions;
char *szWorkGroup;
@ -139,6 +140,7 @@ typedef struct
char *szDelGroupScript;
char *szAddUserToGroupScript;
char *szDelUserFromGroupScript;
char *szSetPrimaryGroupScript;
char *szAddMachineScript;
char *szShutdownScript;
char *szAbortShutdownScript;
@ -171,7 +173,6 @@ typedef struct
int max_xmit;
int max_mux;
int max_open_files;
int max_packet;
int pwordlevel;
int unamelevel;
int deadtime;
@ -206,11 +207,11 @@ typedef struct
int iLockSpinTime;
char *szLdapMachineSuffix;
char *szLdapUserSuffix;
int ldap_port;
int ldap_ssl;
char *szLdapSuffix;
char *szLdapFilter;
char *szLdapAdminDn;
int ldap_passwd_sync;
BOOL bMsAddPrinterWizard;
BOOL bDNSproxy;
BOOL bWINSsupport;
@ -231,7 +232,6 @@ typedef struct
BOOL bReadPrediction;
BOOL bReadbmpx;
BOOL bSyslogOnly;
BOOL bAdminLog;
BOOL bBrowseList;
BOOL bNISHomeMap;
BOOL bTimeServer;
@ -335,7 +335,6 @@ typedef struct
int iOplockContentionLimit;
int iCSCPolicy;
int iBlock_size;
BOOL bAlternatePerm;
BOOL bPreexecClose;
BOOL bRootpreexecClose;
BOOL bCaseSensitive;
@ -343,6 +342,7 @@ typedef struct
BOOL bShortCasePreserve;
BOOL bCaseMangle;
BOOL bHideDotFiles;
BOOL bHideSpecialFiles;
BOOL bHideUnReadable;
BOOL bHideUnWriteableFiles;
BOOL bBrowseable;
@ -385,6 +385,10 @@ typedef struct
BOOL bUseClientDriver;
BOOL bDefaultDevmode;
BOOL bNTAclSupport;
#ifdef WITH_SENDFILE
BOOL bUseSendfile;
#endif
BOOL bProfileAcls;
char dummy[3]; /* for alignment */
}
@ -455,7 +459,6 @@ static service sDefault = {
2, /* iOplockContentionLimit */
0, /* iCSCPolicy */
1024, /* iBlock_size */
False, /* bAlternatePerm */
False, /* bPreexecClose */
False, /* bRootpreexecClose */
False, /* case sensitive */
@ -463,6 +466,7 @@ static service sDefault = {
True, /* short case preserve */
False, /* case mangle */
True, /* bHideDotFiles */
False, /* bHideSpecialFiles */
False, /* bHideUnReadable */
False, /* bHideUnWriteableFiles */
True, /* bBrowseable */
@ -505,6 +509,10 @@ static service sDefault = {
False, /* bUseClientDriver */
False, /* bDefaultDevmode */
True, /* bNTAclSupport */
#ifdef WITH_SENDFILE
False, /* bUseSendfile */
#endif
False, /* bProfileAcls */
"" /* dummy */
};
@ -592,6 +600,22 @@ static struct enum_list enum_ldap_ssl[] = {
{-1, NULL}
};
static struct enum_list enum_ldap_passwd_sync[] = {
{LDAP_PASSWD_SYNC_ON, "Yes"},
{LDAP_PASSWD_SYNC_ON, "yes"},
{LDAP_PASSWD_SYNC_ON, "on"},
{LDAP_PASSWD_SYNC_ON, "On"},
{LDAP_PASSWD_SYNC_OFF, "no"},
{LDAP_PASSWD_SYNC_OFF, "No"},
{LDAP_PASSWD_SYNC_OFF, "off"},
{LDAP_PASSWD_SYNC_OFF, "Off"},
#ifdef LDAP_EXOP_X_MODIFY_PASSWD
{LDAP_PASSWD_SYNC_ONLY, "Only"},
{LDAP_PASSWD_SYNC_ONLY, "only"},
#endif /* LDAP_EXOP_X_MODIFY_PASSWD */
{-1, NULL}
};
/* Types of machine we can announce as. */
#define ANNOUNCE_AS_NT_SERVER 1
#define ANNOUNCE_AS_WIN95 2
@ -666,66 +690,75 @@ static struct enum_list enum_map_to_guest[] = {
{-1, NULL}
};
/* note that we do not initialise the defaults union - it is not allowed in ANSI C */
/* Note: We do not initialise the defaults union - it is not allowed in ANSI C
*
* Note: We have a flag called FLAG_DEVELOPER but is not used at this time, it
* is implied in current control logic. This may change at some later time. A
* flag value of 0 means - show as development option only.
*
* The FLAG_HIDE is explicit. Paramters set this way do NOT appear in any edit
* screen in SWAT. This is used to exclude parameters as well as to squash all
* parameters that have been duplicated by pseudonyms.
*/
static struct parm_struct parm_table[] = {
{"Base Options", P_SEP, P_SEPARATOR},
{"dos charset", P_STRING, P_GLOBAL, &Globals.dos_charset, NULL, NULL, 0},
{"unix charset", P_STRING, P_GLOBAL, &Globals.unix_charset, NULL, NULL, 0},
{"display charset", P_STRING, P_GLOBAL, &Globals.display_charset, NULL, NULL, 0},
{"comment", P_STRING, P_LOCAL, &sDefault.comment, NULL, NULL, FLAG_BASIC | FLAG_SHARE | FLAG_PRINT},
{"path", P_STRING, P_LOCAL, &sDefault.szPath, NULL, NULL, FLAG_BASIC | FLAG_SHARE | FLAG_PRINT},
{"directory", P_STRING, P_LOCAL, &sDefault.szPath, NULL, NULL, 0},
{"workgroup", P_USTRING, P_GLOBAL, &Globals.szWorkGroup, NULL, NULL, FLAG_BASIC},
{"realm", P_USTRING, P_GLOBAL, &Globals.szRealm, NULL, NULL, FLAG_BASIC},
{"ADS server", P_STRING, P_GLOBAL, &Globals.szADSserver, NULL, NULL, FLAG_BASIC},
{"netbios name", P_UGSTRING, P_GLOBAL, global_myname, handle_netbios_name, NULL, FLAG_BASIC},
{"netbios aliases", P_LIST, P_GLOBAL, &Globals.szNetbiosAliases, NULL, NULL, 0},
{"netbios scope", P_UGSTRING, P_GLOBAL, global_scope, NULL, NULL, 0},
{"server string", P_STRING, P_GLOBAL, &Globals.szServerString, NULL, NULL, FLAG_BASIC },
{"interfaces", P_LIST, P_GLOBAL, &Globals.szInterfaces, NULL, NULL, FLAG_BASIC},
{"bind interfaces only", P_BOOL, P_GLOBAL, &Globals.bBindInterfacesOnly, NULL, NULL, 0},
{"dos charset", P_STRING, P_GLOBAL, &Globals.dos_charset, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"unix charset", P_STRING, P_GLOBAL, &Globals.unix_charset, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"display charset", P_STRING, P_GLOBAL, &Globals.display_charset, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"comment", P_STRING, P_LOCAL, &sDefault.comment, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT | FLAG_DEVELOPER},
{"path", P_STRING, P_LOCAL, &sDefault.szPath, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT | FLAG_DEVELOPER},
{"directory", P_STRING, P_LOCAL, &sDefault.szPath, NULL, NULL, FLAG_HIDE},
{"workgroup", P_USTRING, P_GLOBAL, &Globals.szWorkGroup, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"realm", P_USTRING, P_GLOBAL, &Globals.szRealm, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"ADS server", P_STRING, P_GLOBAL, &Globals.szADSserver, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"netbios name", P_UGSTRING, P_GLOBAL, global_myname, handle_netbios_name, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"netbios aliases", P_LIST, P_GLOBAL, &Globals.szNetbiosAliases, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"netbios scope", P_UGSTRING, P_GLOBAL, global_scope, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"server string", P_STRING, P_GLOBAL, &Globals.szServerString, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_DEVELOPER},
{"interfaces", P_LIST, P_GLOBAL, &Globals.szInterfaces, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"bind interfaces only", P_BOOL, P_GLOBAL, &Globals.bBindInterfacesOnly, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"Security Options", P_SEP, P_SEPARATOR},
{"security", P_ENUM, P_GLOBAL, &Globals.security, NULL, enum_security, FLAG_BASIC},
{"auth methods", P_LIST, P_GLOBAL, &Globals.AuthMethods, NULL, NULL, FLAG_BASIC},
{"encrypt passwords", P_BOOL, P_GLOBAL, &Globals.bEncryptPasswords, NULL, NULL, FLAG_BASIC},
{"update encrypted", P_BOOL, P_GLOBAL, &Globals.bUpdateEncrypt, NULL, NULL, FLAG_BASIC},
{"allow trusted domains", P_BOOL, P_GLOBAL, &Globals.bAllowTrustedDomains, NULL, NULL, 0},
{"alternate permissions", P_BOOL, P_LOCAL, &sDefault.bAlternatePerm, NULL, NULL, FLAG_GLOBAL | FLAG_DEPRECATED},
{"hosts equiv", P_STRING, P_GLOBAL, &Globals.szHostsEquiv, NULL, NULL, 0},
{"min passwd length", P_INTEGER, P_GLOBAL, &Globals.min_passwd_length, NULL, NULL, 0},
{"min password length", P_INTEGER, P_GLOBAL, &Globals.min_passwd_length, NULL, NULL, 0},
{"map to guest", P_ENUM, P_GLOBAL, &Globals.map_to_guest, NULL, enum_map_to_guest, 0},
{"null passwords", P_BOOL, P_GLOBAL, &Globals.bNullPasswords, NULL, NULL, 0},
{"obey pam restrictions", P_BOOL, P_GLOBAL, &Globals.bObeyPamRestrictions, NULL, NULL, 0},
{"password server", P_STRING, P_GLOBAL, &Globals.szPasswordServer, NULL, NULL, 0},
{"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, 0},
{"private dir", P_STRING, P_GLOBAL, &Globals.szPrivateDir, NULL, NULL, 0},
{"passdb backend", P_LIST, P_GLOBAL, &Globals.szPassdbBackend, NULL, NULL, 0},
{"non unix account range", P_STRING, P_GLOBAL, &Globals.szNonUnixAccountRange, handle_non_unix_account_range, NULL, 0},
{"algorithmic rid base", P_INTEGER, P_GLOBAL, &Globals.bAlgorithmicRidBase, NULL, NULL, 0},
{"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0},
{"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0},
{"root", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0},
{"guest account", P_STRING, P_GLOBAL, &Globals.szGuestaccount, NULL, NULL, FLAG_BASIC},
{"security", P_ENUM, P_GLOBAL, &Globals.security, NULL, enum_security, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"auth methods", P_LIST, P_GLOBAL, &Globals.AuthMethods, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"encrypt passwords", P_BOOL, P_GLOBAL, &Globals.bEncryptPasswords, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"update encrypted", P_BOOL, P_GLOBAL, &Globals.bUpdateEncrypt, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_DEVELOPER},
{"allow trusted domains", P_BOOL, P_GLOBAL, &Globals.bAllowTrustedDomains, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"hosts equiv", P_STRING, P_GLOBAL, &Globals.szHostsEquiv, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"min passwd length", P_INTEGER, P_GLOBAL, &Globals.min_passwd_length, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"min password length", P_INTEGER, P_GLOBAL, &Globals.min_passwd_length, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"map to guest", P_ENUM, P_GLOBAL, &Globals.map_to_guest, NULL, enum_map_to_guest, FLAG_ADVANCED | FLAG_DEVELOPER},
{"null passwords", P_BOOL, P_GLOBAL, &Globals.bNullPasswords, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"obey pam restrictions", P_BOOL, P_GLOBAL, &Globals.bObeyPamRestrictions, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"password server", P_STRING, P_GLOBAL, &Globals.szPasswordServer, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"private dir", P_STRING, P_GLOBAL, &Globals.szPrivateDir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"passdb backend", P_LIST, P_GLOBAL, &Globals.szPassdbBackend, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"sam backend", P_LIST, P_GLOBAL, &Globals.szSamBackend, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"non unix account range", P_STRING, P_GLOBAL, &Globals.szNonUnixAccountRange, handle_non_unix_account_range, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"algorithmic rid base", P_INTEGER, P_GLOBAL, &Globals.bAlgorithmicRidBase, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"root", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_HIDE | FLAG_DEVELOPER},
{"guest account", P_STRING, P_GLOBAL, &Globals.szGuestaccount, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_DEVELOPER},
{"pam password change", P_BOOL, P_GLOBAL, &Globals.bPamPasswordChange, NULL, NULL, 0},
{"passwd program", P_STRING, P_GLOBAL, &Globals.szPasswdProgram, NULL, NULL, 0},
{"passwd chat", P_STRING, P_GLOBAL, &Globals.szPasswdChat, NULL, NULL, 0},
{"passwd chat debug", P_BOOL, P_GLOBAL, &Globals.bPasswdChatDebug, NULL, NULL, 0},
{"username map", P_STRING, P_GLOBAL, &Globals.szUsernameMap, NULL, NULL, 0},
{"password level", P_INTEGER, P_GLOBAL, &Globals.pwordlevel, NULL, NULL, 0},
{"username level", P_INTEGER, P_GLOBAL, &Globals.unamelevel, NULL, NULL, 0},
{"unix password sync", P_BOOL, P_GLOBAL, &Globals.bUnixPasswdSync, NULL, NULL, 0},
{"restrict anonymous", P_INTEGER, P_GLOBAL, &Globals.restrict_anonymous, NULL, NULL, 0},
{"lanman auth", P_BOOL, P_GLOBAL, &Globals.bLanmanAuth, NULL, NULL, 0},
{"ntlm auth", P_BOOL, P_GLOBAL, &Globals.bNTLMAuth, NULL, NULL, 0},
{"pam password change", P_BOOL, P_GLOBAL, &Globals.bPamPasswordChange, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"passwd program", P_STRING, P_GLOBAL, &Globals.szPasswdProgram, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"passwd chat", P_STRING, P_GLOBAL, &Globals.szPasswdChat, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"passwd chat debug", P_BOOL, P_GLOBAL, &Globals.bPasswdChatDebug, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"username map", P_STRING, P_GLOBAL, &Globals.szUsernameMap, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER | FLAG_DEVELOPER},
{"password level", P_INTEGER, P_GLOBAL, &Globals.pwordlevel, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"username level", P_INTEGER, P_GLOBAL, &Globals.unamelevel, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"unix password sync", P_BOOL, P_GLOBAL, &Globals.bUnixPasswdSync, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"restrict anonymous", P_INTEGER, P_GLOBAL, &Globals.restrict_anonymous, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"lanman auth", P_BOOL, P_GLOBAL, &Globals.bLanmanAuth, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"ntlm auth", P_BOOL, P_GLOBAL, &Globals.bNTLMAuth, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"username", P_STRING, P_LOCAL, &sDefault.szUsername, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
{"user", P_STRING, P_LOCAL, &sDefault.szUsername, NULL, NULL, 0},
{"users", P_STRING, P_LOCAL, &sDefault.szUsername, NULL, NULL, 0},
{"user", P_STRING, P_LOCAL, &sDefault.szUsername, NULL, NULL, FLAG_HIDE},
{"users", P_STRING, P_LOCAL, &sDefault.szUsername, NULL, NULL, FLAG_HIDE},
{"invalid users", P_LIST, P_LOCAL, &sDefault.szInvalidUsers, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
{"valid users", P_LIST, P_LOCAL, &sDefault.szValidUsers, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
@ -735,12 +768,12 @@ static struct parm_struct parm_table[] = {
{"printer admin", P_LIST, P_LOCAL, &sDefault.printer_admin, NULL, NULL, FLAG_GLOBAL | FLAG_PRINT},
{"force user", P_STRING, P_LOCAL, &sDefault.force_user, NULL, NULL, FLAG_SHARE},
{"force group", P_STRING, P_LOCAL, &sDefault.force_group, NULL, NULL, FLAG_SHARE},
{"group", P_STRING, P_LOCAL, &sDefault.force_group, NULL, NULL, 0},
{"group", P_STRING, P_LOCAL, &sDefault.force_group, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"read only", P_BOOL, P_LOCAL, &sDefault.bRead_only, NULL, NULL, FLAG_BASIC | FLAG_SHARE},
{"write ok", P_BOOLREV, P_LOCAL, &sDefault.bRead_only, NULL, NULL, 0},
{"writeable", P_BOOLREV, P_LOCAL, &sDefault.bRead_only, NULL, NULL, 0},
{"writable", P_BOOLREV, P_LOCAL, &sDefault.bRead_only, NULL, NULL, 0},
{"read only", P_BOOL, P_LOCAL, &sDefault.bRead_only, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE},
{"write ok", P_BOOLREV, P_LOCAL, &sDefault.bRead_only, NULL, NULL, FLAG_HIDE},
{"writeable", P_BOOLREV, P_LOCAL, &sDefault.bRead_only, NULL, NULL, FLAG_HIDE},
{"writable", P_BOOLREV, P_LOCAL, &sDefault.bRead_only, NULL, NULL, FLAG_HIDE},
{"create mask", P_OCTAL, P_LOCAL, &sDefault.iCreate_mask, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
{"create mode", P_OCTAL, P_LOCAL, &sDefault.iCreate_mask, NULL, NULL, FLAG_GLOBAL},
@ -755,101 +788,103 @@ static struct parm_struct parm_table[] = {
{"inherit permissions", P_BOOL, P_LOCAL, &sDefault.bInheritPerms, NULL, NULL, FLAG_SHARE},
{"inherit acls", P_BOOL, P_LOCAL, &sDefault.bInheritACLS, NULL, NULL, FLAG_SHARE},
{"guest only", P_BOOL, P_LOCAL, &sDefault.bGuest_only, NULL, NULL, FLAG_SHARE},
{"only guest", P_BOOL, P_LOCAL, &sDefault.bGuest_only, NULL, NULL, 0},
{"only guest", P_BOOL, P_LOCAL, &sDefault.bGuest_only, NULL, NULL, FLAG_HIDE},
{"guest ok", P_BOOL, P_LOCAL, &sDefault.bGuest_ok, NULL, NULL, FLAG_BASIC | FLAG_SHARE | FLAG_PRINT},
{"public", P_BOOL, P_LOCAL, &sDefault.bGuest_ok, NULL, NULL, 0},
{"guest ok", P_BOOL, P_LOCAL, &sDefault.bGuest_ok, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT | FLAG_DEVELOPER},
{"public", P_BOOL, P_LOCAL, &sDefault.bGuest_ok, NULL, NULL, FLAG_HIDE},
{"only user", P_BOOL, P_LOCAL, &sDefault.bOnlyUser, NULL, NULL, FLAG_SHARE},
{"hosts allow", P_LIST, P_LOCAL, &sDefault.szHostsallow, NULL, NULL, FLAG_GLOBAL | FLAG_BASIC | FLAG_SHARE | FLAG_PRINT},
{"allow hosts", P_LIST, P_LOCAL, &sDefault.szHostsallow, NULL, NULL, 0},
{"hosts deny", P_LIST, P_LOCAL, &sDefault.szHostsdeny, NULL, NULL, FLAG_GLOBAL | FLAG_BASIC | FLAG_SHARE | FLAG_PRINT},
{"deny hosts", P_LIST, P_LOCAL, &sDefault.szHostsdeny, NULL, NULL, 0},
{"hosts allow", P_LIST, P_LOCAL, &sDefault.szHostsallow, NULL, NULL, FLAG_GLOBAL | FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT | FLAG_DEVELOPER},
{"allow hosts", P_LIST, P_LOCAL, &sDefault.szHostsallow, NULL, NULL, FLAG_HIDE},
{"hosts deny", P_LIST, P_LOCAL, &sDefault.szHostsdeny, NULL, NULL, FLAG_GLOBAL | FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT | FLAG_DEVELOPER},
{"deny hosts", P_LIST, P_LOCAL, &sDefault.szHostsdeny, NULL, NULL, FLAG_HIDE},
{"Logging Options", P_SEP, P_SEPARATOR},
{"admin log", P_BOOL, P_GLOBAL, &Globals.bAdminLog, NULL, NULL, 0},
{"log level", P_STRING, P_GLOBAL, &Globals.szLogLevel, handle_debug_list, NULL, 0},
{"debuglevel", P_STRING, P_GLOBAL, &Globals.szLogLevel, handle_debug_list, NULL, 0},
{"syslog", P_INTEGER, P_GLOBAL, &Globals.syslog, NULL, NULL, 0},
{"syslog only", P_BOOL, P_GLOBAL, &Globals.bSyslogOnly, NULL, NULL, 0},
{"log file", P_STRING, P_GLOBAL, &Globals.szLogFile, NULL, NULL, 0},
{"log level", P_STRING, P_GLOBAL, &Globals.szLogLevel, handle_debug_list, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"debuglevel", P_STRING, P_GLOBAL, &Globals.szLogLevel, handle_debug_list, NULL, FLAG_HIDE},
{"syslog", P_INTEGER, P_GLOBAL, &Globals.syslog, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"syslog only", P_BOOL, P_GLOBAL, &Globals.bSyslogOnly, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"log file", P_STRING, P_GLOBAL, &Globals.szLogFile, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"max log size", P_INTEGER, P_GLOBAL, &Globals.max_log_size, NULL, NULL, 0},
{"timestamp logs", P_BOOL, P_GLOBAL, &Globals.bTimestampLogs, NULL, NULL, 0},
{"debug timestamp", P_BOOL, P_GLOBAL, &Globals.bTimestampLogs, NULL, NULL, 0},
{"debug hires timestamp", P_BOOL, P_GLOBAL, &Globals.bDebugHiresTimestamp, NULL, NULL, 0},
{"debug pid", P_BOOL, P_GLOBAL, &Globals.bDebugPid, NULL, NULL, 0},
{"debug uid", P_BOOL, P_GLOBAL, &Globals.bDebugUid, NULL, NULL, 0},
{"max log size", P_INTEGER, P_GLOBAL, &Globals.max_log_size, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"timestamp logs", P_BOOL, P_GLOBAL, &Globals.bTimestampLogs, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"debug timestamp", P_BOOL, P_GLOBAL, &Globals.bTimestampLogs, NULL, NULL, FLAG_DEVELOPER},
{"debug hires timestamp", P_BOOL, P_GLOBAL, &Globals.bDebugHiresTimestamp, NULL, NULL, FLAG_DEVELOPER},
{"debug pid", P_BOOL, P_GLOBAL, &Globals.bDebugPid, NULL, NULL, FLAG_DEVELOPER},
{"debug uid", P_BOOL, P_GLOBAL, &Globals.bDebugUid, NULL, NULL, FLAG_DEVELOPER},
{"Protocol Options", P_SEP, P_SEPARATOR},
{"smb ports", P_STRING, P_GLOBAL, &Globals.smb_ports, NULL, NULL, 0},
{"protocol", P_ENUM, P_GLOBAL, &Globals.maxprotocol, NULL, enum_protocol, 0},
{"large readwrite", P_BOOL, P_GLOBAL, &Globals.bLargeReadwrite, NULL, NULL, 0},
{"max protocol", P_ENUM, P_GLOBAL, &Globals.maxprotocol, NULL, enum_protocol, 0},
{"min protocol", P_ENUM, P_GLOBAL, &Globals.minprotocol, NULL, enum_protocol, 0},
{"unicode", P_BOOL, P_GLOBAL, &Globals.bUnicode, NULL, NULL, 0},
{"read bmpx", P_BOOL, P_GLOBAL, &Globals.bReadbmpx, NULL, NULL, 0},
{"read raw", P_BOOL, P_GLOBAL, &Globals.bReadRaw, NULL, NULL, 0},
{"write raw", P_BOOL, P_GLOBAL, &Globals.bWriteRaw, NULL, NULL, 0},
{"disable netbios", P_BOOL, P_GLOBAL, &Globals.bDisableNetbios, NULL, NULL, 0},
{"smb ports", P_STRING, P_GLOBAL, &Globals.smb_ports, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"protocol", P_ENUM, P_GLOBAL, &Globals.maxprotocol, NULL, enum_protocol, FLAG_ADVANCED | FLAG_DEVELOPER},
{"large readwrite", P_BOOL, P_GLOBAL, &Globals.bLargeReadwrite, NULL, NULL, FLAG_DEVELOPER},
{"max protocol", P_ENUM, P_GLOBAL, &Globals.maxprotocol, NULL, enum_protocol, FLAG_DEVELOPER},
{"min protocol", P_ENUM, P_GLOBAL, &Globals.minprotocol, NULL, enum_protocol, FLAG_DEVELOPER},
{"unicode", P_BOOL, P_GLOBAL, &Globals.bUnicode, NULL, NULL, FLAG_DEVELOPER},
{"read bmpx", P_BOOL, P_GLOBAL, &Globals.bReadbmpx, NULL, NULL, FLAG_DEVELOPER},
{"read raw", P_BOOL, P_GLOBAL, &Globals.bReadRaw, NULL, NULL, FLAG_DEVELOPER},
{"write raw", P_BOOL, P_GLOBAL, &Globals.bWriteRaw, NULL, NULL, FLAG_DEVELOPER},
{"disable netbios", P_BOOL, P_GLOBAL, &Globals.bDisableNetbios, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"nt pipe support", P_BOOL, P_GLOBAL, &Globals.bNTPipeSupport, NULL, NULL, 0},
{"nt acl support", P_BOOL, P_LOCAL, &sDefault.bNTAclSupport, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE },
{"nt status support", P_BOOL, P_GLOBAL, &Globals.bNTStatusSupport, NULL, NULL, 0},
{"announce version", P_STRING, P_GLOBAL, &Globals.szAnnounceVersion, NULL, NULL, 0},
{"announce as", P_ENUM, P_GLOBAL, &Globals.announce_as, NULL, enum_announce_as, 0},
{"max mux", P_INTEGER, P_GLOBAL, &Globals.max_mux, NULL, NULL, 0},
{"max xmit", P_INTEGER, P_GLOBAL, &Globals.max_xmit, NULL, NULL, 0},
{"nt pipe support", P_BOOL, P_GLOBAL, &Globals.bNTPipeSupport, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"nt acl support", P_BOOL, P_LOCAL, &sDefault.bNTAclSupport, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE | FLAG_ADVANCED | FLAG_WIZARD},
{"nt status support", P_BOOL, P_GLOBAL, &Globals.bNTStatusSupport, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"profile acls", P_BOOL, P_LOCAL, &sDefault.bProfileAcls, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE | FLAG_ADVANCED | FLAG_WIZARD},
{"name resolve order", P_STRING, P_GLOBAL, &Globals.szNameResolveOrder, NULL, NULL, 0},
{"max packet", P_INTEGER, P_GLOBAL, &Globals.max_packet, NULL, NULL, 0},
{"packet size", P_INTEGER, P_GLOBAL, &Globals.max_packet, NULL, NULL, 0},
{"max ttl", P_INTEGER, P_GLOBAL, &Globals.max_ttl, NULL, NULL, 0},
{"max wins ttl", P_INTEGER, P_GLOBAL, &Globals.max_wins_ttl, NULL, NULL, 0},
{"min wins ttl", P_INTEGER, P_GLOBAL, &Globals.min_wins_ttl, NULL, NULL, 0},
{"time server", P_BOOL, P_GLOBAL, &Globals.bTimeServer, NULL, NULL, 0},
{"unix extensions", P_BOOL, P_GLOBAL, &Globals.bUnixExtensions, NULL, NULL, 0},
{"use spnego", P_BOOL, P_GLOBAL, &Globals.bUseSpnego, NULL, NULL, 0},
{"announce version", P_STRING, P_GLOBAL, &Globals.szAnnounceVersion, NULL, NULL, FLAG_DEVELOPER},
{"announce as", P_ENUM, P_GLOBAL, &Globals.announce_as, NULL, enum_announce_as, FLAG_DEVELOPER},
{"max mux", P_INTEGER, P_GLOBAL, &Globals.max_mux, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"max xmit", P_INTEGER, P_GLOBAL, &Globals.max_xmit, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"name resolve order", P_STRING, P_GLOBAL, &Globals.szNameResolveOrder, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"max ttl", P_INTEGER, P_GLOBAL, &Globals.max_ttl, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"max wins ttl", P_INTEGER, P_GLOBAL, &Globals.max_wins_ttl, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"min wins ttl", P_INTEGER, P_GLOBAL, &Globals.min_wins_ttl, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"time server", P_BOOL, P_GLOBAL, &Globals.bTimeServer, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"unix extensions", P_BOOL, P_GLOBAL, &Globals.bUnixExtensions, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"use spnego", P_BOOL, P_GLOBAL, &Globals.bUseSpnego, NULL, NULL, FLAG_DEVELOPER},
{"Tuning Options", P_SEP, P_SEPARATOR},
{"block size", P_INTEGER, P_LOCAL, &sDefault.iBlock_size, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
{"change notify timeout", P_INTEGER, P_GLOBAL, &Globals.change_notify_timeout, NULL, NULL, 0},
{"deadtime", P_INTEGER, P_GLOBAL, &Globals.deadtime, NULL, NULL, 0},
{"getwd cache", P_BOOL, P_GLOBAL, &use_getwd_cache, NULL, NULL, 0},
{"keepalive", P_INTEGER, P_GLOBAL, &keepalive, NULL, NULL, 0},
{"change notify timeout", P_INTEGER, P_GLOBAL, &Globals.change_notify_timeout, NULL, NULL, FLAG_DEVELOPER},
{"deadtime", P_INTEGER, P_GLOBAL, &Globals.deadtime, NULL, NULL, FLAG_DEVELOPER},
{"getwd cache", P_BOOL, P_GLOBAL, &use_getwd_cache, NULL, NULL, FLAG_DEVELOPER},
{"keepalive", P_INTEGER, P_GLOBAL, &keepalive, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"lpq cache time", P_INTEGER, P_GLOBAL, &Globals.lpqcachetime, NULL, NULL, 0},
{"max smbd processes", P_INTEGER, P_GLOBAL, &Globals.iMaxSmbdProcesses, NULL, NULL, 0},
{"lpq cache time", P_INTEGER, P_GLOBAL, &Globals.lpqcachetime, NULL, NULL, FLAG_DEVELOPER},
{"max smbd processes", P_INTEGER, P_GLOBAL, &Globals.iMaxSmbdProcesses, NULL, NULL, FLAG_DEVELOPER},
{"max connections", P_INTEGER, P_LOCAL, &sDefault.iMaxConnections, NULL, NULL, FLAG_SHARE},
{"paranoid server security", P_BOOL, P_GLOBAL, &Globals.paranoid_server_security, NULL, NULL, 0},
{"max disk size", P_INTEGER, P_GLOBAL, &Globals.maxdisksize, NULL, NULL, 0},
{"max open files", P_INTEGER, P_GLOBAL, &Globals.max_open_files, NULL, NULL, 0},
{"paranoid server security", P_BOOL, P_GLOBAL, &Globals.paranoid_server_security, NULL, NULL, FLAG_DEVELOPER},
{"max disk size", P_INTEGER, P_GLOBAL, &Globals.maxdisksize, NULL, NULL, FLAG_DEVELOPER},
{"max open files", P_INTEGER, P_GLOBAL, &Globals.max_open_files, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"min print space", P_INTEGER, P_LOCAL, &sDefault.iMinPrintSpace, NULL, NULL, FLAG_PRINT},
{"read size", P_INTEGER, P_GLOBAL, &Globals.ReadSize, NULL, NULL, 0},
{"read size", P_INTEGER, P_GLOBAL, &Globals.ReadSize, NULL, NULL, FLAG_DEVELOPER},
{"socket options", P_GSTRING, P_GLOBAL, user_socket_options, NULL, NULL, 0},
{"stat cache size", P_INTEGER, P_GLOBAL, &Globals.stat_cache_size, NULL, NULL, 0},
{"socket options", P_GSTRING, P_GLOBAL, user_socket_options, NULL, NULL, FLAG_DEVELOPER},
{"stat cache size", P_INTEGER, P_GLOBAL, &Globals.stat_cache_size, NULL, NULL, FLAG_DEVELOPER},
{"strict allocate", P_BOOL, P_LOCAL, &sDefault.bStrictAllocate, NULL, NULL, FLAG_SHARE},
{"strict sync", P_BOOL, P_LOCAL, &sDefault.bStrictSync, NULL, NULL, FLAG_SHARE},
{"sync always", P_BOOL, P_LOCAL, &sDefault.bSyncAlways, NULL, NULL, FLAG_SHARE},
{"use mmap", P_BOOL, P_GLOBAL, &Globals.bUseMmap, NULL, NULL, 0},
{"hostname lookups", P_BOOL, P_GLOBAL, &Globals.bHostnameLookups, NULL, NULL, 0},
{"use mmap", P_BOOL, P_GLOBAL, &Globals.bUseMmap, NULL, NULL, FLAG_DEVELOPER},
#ifdef WITH_SENDFILE
{"use sendfile", P_BOOL, P_LOCAL, &sDefault.bUseSendfile, NULL, NULL, FLAG_SHARE},
#endif
{"hostname lookups", P_BOOL, P_GLOBAL, &Globals.bHostnameLookups, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"write cache size", P_INTEGER, P_LOCAL, &sDefault.iWriteCacheSize, NULL, NULL, FLAG_SHARE},
{"name cache timeout", P_INTEGER, P_GLOBAL, &Globals.name_cache_timeout, NULL, NULL, 0},
{"name cache timeout", P_INTEGER, P_GLOBAL, &Globals.name_cache_timeout, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"Printing Options", P_SEP, P_SEPARATOR},
{"total print jobs", P_INTEGER, P_GLOBAL, &Globals.iTotalPrintJobs, NULL, NULL, FLAG_PRINT},
{"max print jobs", P_INTEGER, P_LOCAL, &sDefault.iMaxPrintJobs, NULL, NULL, FLAG_PRINT},
{"load printers", P_BOOL, P_GLOBAL, &Globals.bLoadPrinters, NULL, NULL, FLAG_PRINT},
{"printcap name", P_STRING, P_GLOBAL, &Globals.szPrintcapname, NULL, NULL, FLAG_PRINT},
{"printcap", P_STRING, P_GLOBAL, &Globals.szPrintcapname, NULL, NULL, 0},
{"printcap name", P_STRING, P_GLOBAL, &Globals.szPrintcapname, NULL, NULL, FLAG_PRINT | FLAG_DEVELOPER},
{"printcap", P_STRING, P_GLOBAL, &Globals.szPrintcapname, NULL, NULL, FLAG_HIDE},
{"printable", P_BOOL, P_LOCAL, &sDefault.bPrint_ok, NULL, NULL, FLAG_PRINT},
{"print ok", P_BOOL, P_LOCAL, &sDefault.bPrint_ok, NULL, NULL, 0},
{"print ok", P_BOOL, P_LOCAL, &sDefault.bPrint_ok, NULL, NULL, FLAG_HIDE},
{"postscript", P_BOOL, P_LOCAL, &sDefault.bPostscript, NULL, NULL, FLAG_PRINT | FLAG_DEPRECATED},
{"printing", P_ENUM, P_LOCAL, &sDefault.iPrinting, NULL, enum_printing, FLAG_PRINT | FLAG_GLOBAL},
{"print command", P_STRING, P_LOCAL, &sDefault.szPrintcommand, NULL, NULL, FLAG_PRINT | FLAG_GLOBAL},
@ -861,14 +896,14 @@ static struct parm_struct parm_table[] = {
{"queuepause command", P_STRING, P_LOCAL, &sDefault.szQueuepausecommand, NULL, NULL, FLAG_PRINT | FLAG_GLOBAL},
{"queueresume command", P_STRING, P_LOCAL, &sDefault.szQueueresumecommand, NULL, NULL, FLAG_PRINT | FLAG_GLOBAL},
{"enumports command", P_STRING, P_GLOBAL, &Globals.szEnumPortsCommand, NULL, NULL, 0},
{"addprinter command", P_STRING, P_GLOBAL, &Globals.szAddPrinterCommand, NULL, NULL, 0},
{"deleteprinter command", P_STRING, P_GLOBAL, &Globals.szDeletePrinterCommand, NULL, NULL, 0},
{"show add printer wizard", P_BOOL, P_GLOBAL, &Globals.bMsAddPrinterWizard, NULL, NULL, 0},
{"os2 driver map", P_STRING, P_GLOBAL, &Globals.szOs2DriverMap, NULL, NULL, 0},
{"enumports command", P_STRING, P_GLOBAL, &Globals.szEnumPortsCommand, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"addprinter command", P_STRING, P_GLOBAL, &Globals.szAddPrinterCommand, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"deleteprinter command", P_STRING, P_GLOBAL, &Globals.szDeletePrinterCommand, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"show add printer wizard", P_BOOL, P_GLOBAL, &Globals.bMsAddPrinterWizard, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"os2 driver map", P_STRING, P_GLOBAL, &Globals.szOs2DriverMap, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"printer name", P_STRING, P_LOCAL, &sDefault.szPrintername, NULL, NULL, FLAG_PRINT},
{"printer", P_STRING, P_LOCAL, &sDefault.szPrintername, NULL, NULL, 0},
{"printer", P_STRING, P_LOCAL, &sDefault.szPrintername, NULL, NULL, FLAG_HIDE},
{"use client driver", P_BOOL, P_LOCAL, &sDefault.bUseClientDriver, NULL, NULL, FLAG_PRINT},
{"default devmode", P_BOOL, P_LOCAL, &sDefault.bDefaultDevmode, NULL, NULL, FLAG_PRINT},
{"printer driver", P_STRING, P_LOCAL, &sDefault.szPrinterDriver, NULL, NULL, FLAG_PRINT | FLAG_DEPRECATED},
@ -876,18 +911,19 @@ static struct parm_struct parm_table[] = {
{"printer driver location", P_STRING, P_LOCAL, &sDefault.szPrinterDriverLocation, NULL, NULL, FLAG_PRINT | FLAG_GLOBAL | FLAG_DEPRECATED},
{"Filename Handling", P_SEP, P_SEPARATOR},
{"strip dot", P_BOOL, P_GLOBAL, &Globals.bStripDot, NULL, NULL, 0},
{"mangling method", P_STRING, P_GLOBAL, &Globals.szManglingMethod, NULL, NULL, 0},
{"strip dot", P_BOOL, P_GLOBAL, &Globals.bStripDot, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"mangling method", P_STRING, P_GLOBAL, &Globals.szManglingMethod, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"mangled stack", P_INTEGER, P_GLOBAL, &Globals.mangled_stack, NULL, NULL, 0},
{"mangled stack", P_INTEGER, P_GLOBAL, &Globals.mangled_stack, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"default case", P_ENUM, P_LOCAL, &sDefault.iDefaultCase, NULL, enum_case, FLAG_SHARE},
{"case sensitive", P_BOOL, P_LOCAL, &sDefault.bCaseSensitive, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
{"casesignames", P_BOOL, P_LOCAL, &sDefault.bCaseSensitive, NULL, NULL, 0},
{"casesignames", P_BOOL, P_LOCAL, &sDefault.bCaseSensitive, NULL, NULL, FLAG_HIDE},
{"preserve case", P_BOOL, P_LOCAL, &sDefault.bCasePreserve, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
{"short preserve case", P_BOOL, P_LOCAL, &sDefault.bShortCasePreserve, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
{"mangle case", P_BOOL, P_LOCAL, &sDefault.bCaseMangle, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
{"mangling char", P_CHAR, P_LOCAL, &sDefault.magic_char, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
{"hide dot files", P_BOOL, P_LOCAL, &sDefault.bHideDotFiles, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
{"hide special files", P_BOOL, P_LOCAL, &sDefault.bHideSpecialFiles, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
{"hide unreadable", P_BOOL, P_LOCAL, &sDefault.bHideUnReadable, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
{"hide unwriteable files", P_BOOL, P_LOCAL, &sDefault.bHideUnWriteableFiles, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
{"delete veto files", P_BOOL, P_LOCAL, &sDefault.bDeleteVetoFiles, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
@ -899,52 +935,53 @@ static struct parm_struct parm_table[] = {
{"map archive", P_BOOL, P_LOCAL, &sDefault.bMap_archive, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
{"mangled names", P_BOOL, P_LOCAL, &sDefault.bMangledNames, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
{"mangled map", P_STRING, P_LOCAL, &sDefault.szMangledMap, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
{"stat cache", P_BOOL, P_GLOBAL, &Globals.bStatCache, NULL, NULL, 0},
{"stat cache", P_BOOL, P_GLOBAL, &Globals.bStatCache, NULL, NULL, FLAG_DEVELOPER},
{"Domain Options", P_SEP, P_SEPARATOR},
{"machine password timeout", P_INTEGER, P_GLOBAL, &Globals.machine_password_timeout, NULL, NULL, 0},
{"machine password timeout", P_INTEGER, P_GLOBAL, &Globals.machine_password_timeout, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"Logon Options", P_SEP, P_SEPARATOR},
{"add user script", P_STRING, P_GLOBAL, &Globals.szAddUserScript, NULL, NULL, 0},
{"delete user script", P_STRING, P_GLOBAL, &Globals.szDelUserScript, NULL, NULL, 0},
{"add group script", P_STRING, P_GLOBAL, &Globals.szAddGroupScript, NULL, NULL, 0},
{"delete group script", P_STRING, P_GLOBAL, &Globals.szDelGroupScript, NULL, NULL, 0},
{"add user to group script", P_STRING, P_GLOBAL, &Globals.szAddUserToGroupScript, NULL, NULL, 0},
{"delete user from group script", P_STRING, P_GLOBAL, &Globals.szDelUserFromGroupScript, NULL, NULL, 0},
{"add machine script", P_STRING, P_GLOBAL, &Globals.szAddMachineScript, NULL, NULL, 0},
{"shutdown script", P_STRING, P_GLOBAL, &Globals.szShutdownScript, NULL, NULL, 0},
{"abort shutdown script", P_STRING, P_GLOBAL, &Globals.szAbortShutdownScript, NULL, NULL, 0},
{"add user script", P_STRING, P_GLOBAL, &Globals.szAddUserScript, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"delete user script", P_STRING, P_GLOBAL, &Globals.szDelUserScript, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"add group script", P_STRING, P_GLOBAL, &Globals.szAddGroupScript, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"delete group script", P_STRING, P_GLOBAL, &Globals.szDelGroupScript, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"add user to group script", P_STRING, P_GLOBAL, &Globals.szAddUserToGroupScript, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"delete user from group script", P_STRING, P_GLOBAL, &Globals.szDelUserFromGroupScript, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"set primary group script", P_STRING, P_GLOBAL, &Globals.szSetPrimaryGroupScript, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"add machine script", P_STRING, P_GLOBAL, &Globals.szAddMachineScript, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"shutdown script", P_STRING, P_GLOBAL, &Globals.szShutdownScript, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"abort shutdown script", P_STRING, P_GLOBAL, &Globals.szAbortShutdownScript, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"logon script", P_STRING, P_GLOBAL, &Globals.szLogonScript, NULL, NULL, 0},
{"logon path", P_STRING, P_GLOBAL, &Globals.szLogonPath, NULL, NULL, 0},
{"logon drive", P_STRING, P_GLOBAL, &Globals.szLogonDrive, NULL, NULL, 0},
{"logon home", P_STRING, P_GLOBAL, &Globals.szLogonHome, NULL, NULL, 0},
{"domain logons", P_BOOL, P_GLOBAL, &Globals.bDomainLogons, NULL, NULL, 0},
{"logon script", P_STRING, P_GLOBAL, &Globals.szLogonScript, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"logon path", P_STRING, P_GLOBAL, &Globals.szLogonPath, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"logon drive", P_STRING, P_GLOBAL, &Globals.szLogonDrive, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"logon home", P_STRING, P_GLOBAL, &Globals.szLogonHome, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"domain logons", P_BOOL, P_GLOBAL, &Globals.bDomainLogons, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"Browse Options", P_SEP, P_SEPARATOR},
{"os level", P_INTEGER, P_GLOBAL, &Globals.os_level, NULL, NULL, FLAG_BASIC},
{"lm announce", P_ENUM, P_GLOBAL, &Globals.lm_announce, NULL, enum_bool_auto, 0},
{"lm interval", P_INTEGER, P_GLOBAL, &Globals.lm_interval, NULL, NULL, 0},
{"preferred master", P_ENUM, P_GLOBAL, &Globals.bPreferredMaster, NULL, enum_bool_auto, FLAG_BASIC},
{"os level", P_INTEGER, P_GLOBAL, &Globals.os_level, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_DEVELOPER},
{"lm announce", P_ENUM, P_GLOBAL, &Globals.lm_announce, NULL, enum_bool_auto, FLAG_ADVANCED | FLAG_DEVELOPER},
{"lm interval", P_INTEGER, P_GLOBAL, &Globals.lm_interval, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"preferred master", P_ENUM, P_GLOBAL, &Globals.bPreferredMaster, NULL, enum_bool_auto, FLAG_BASIC | FLAG_ADVANCED | FLAG_DEVELOPER},
{"prefered master", P_ENUM, P_GLOBAL, &Globals.bPreferredMaster, NULL, enum_bool_auto, FLAG_HIDE},
{"local master", P_BOOL, P_GLOBAL, &Globals.bLocalMaster, NULL, NULL, FLAG_BASIC},
{"domain master", P_ENUM, P_GLOBAL, &Globals.bDomainMaster, NULL, enum_bool_auto, FLAG_BASIC},
{"browse list", P_BOOL, P_GLOBAL, &Globals.bBrowseList, NULL, NULL, 0},
{"browseable", P_BOOL, P_LOCAL, &sDefault.bBrowseable, NULL, NULL, FLAG_BASIC | FLAG_SHARE | FLAG_PRINT},
{"browsable", P_BOOL, P_LOCAL, &sDefault.bBrowseable, NULL, NULL, 0},
{"enhanced browsing", P_BOOL, P_GLOBAL, &Globals.enhanced_browsing, NULL, NULL},
{"local master", P_BOOL, P_GLOBAL, &Globals.bLocalMaster, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_DEVELOPER},
{"domain master", P_ENUM, P_GLOBAL, &Globals.bDomainMaster, NULL, enum_bool_auto, FLAG_BASIC | FLAG_ADVANCED | FLAG_DEVELOPER},
{"browse list", P_BOOL, P_GLOBAL, &Globals.bBrowseList, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"browseable", P_BOOL, P_LOCAL, &sDefault.bBrowseable, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT | FLAG_DEVELOPER},
{"browsable", P_BOOL, P_LOCAL, &sDefault.bBrowseable, NULL, NULL, FLAG_HIDE},
{"enhanced browsing", P_BOOL, P_GLOBAL, &Globals.enhanced_browsing, NULL, NULL, FLAG_DEVELOPER | FLAG_ADVANCED},
{"WINS Options", P_SEP, P_SEPARATOR},
{"dns proxy", P_BOOL, P_GLOBAL, &Globals.bDNSproxy, NULL, NULL, 0},
{"wins proxy", P_BOOL, P_GLOBAL, &Globals.bWINSproxy, NULL, NULL, 0},
{"dns proxy", P_BOOL, P_GLOBAL, &Globals.bDNSproxy, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"wins proxy", P_BOOL, P_GLOBAL, &Globals.bWINSproxy, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"wins server", P_LIST, P_GLOBAL, &Globals.szWINSservers, NULL, NULL, FLAG_BASIC},
{"wins support", P_BOOL, P_GLOBAL, &Globals.bWINSsupport, NULL, NULL, FLAG_BASIC},
{"wins hook", P_STRING, P_GLOBAL, &Globals.szWINSHook, NULL, NULL, 0},
{"wins partners", P_STRING, P_GLOBAL, &Globals.szWINSPartners, NULL, NULL, 0},
{"wins server", P_LIST, P_GLOBAL, &Globals.szWINSservers, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"wins support", P_BOOL, P_GLOBAL, &Globals.bWINSsupport, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"wins hook", P_STRING, P_GLOBAL, &Globals.szWINSHook, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"wins partners", P_STRING, P_GLOBAL, &Globals.szWINSPartners, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"Locking Options", P_SEP, P_SEPARATOR},
@ -966,57 +1003,58 @@ static struct parm_struct parm_table[] = {
{"Ldap Options", P_SEP, P_SEPARATOR},
{"ldap suffix", P_STRING, P_GLOBAL, &Globals.szLdapSuffix, handle_ldap_suffix, NULL, 0},
{"ldap machine suffix", P_STRING, P_GLOBAL, &Globals.szLdapMachineSuffix, handle_ldap_machine_suffix, NULL, 0},
{"ldap user suffix", P_STRING, P_GLOBAL, &Globals.szLdapUserSuffix, handle_ldap_user_suffix, NULL, 0},
{"ldap filter", P_STRING, P_GLOBAL, &Globals.szLdapFilter, NULL, NULL, 0},
{"ldap admin dn", P_STRING, P_GLOBAL, &Globals.szLdapAdminDn, NULL, NULL, 0},
{"ldap ssl", P_ENUM, P_GLOBAL, &Globals.ldap_ssl, NULL, enum_ldap_ssl, 0},
{"ldap suffix", P_STRING, P_GLOBAL, &Globals.szLdapSuffix, handle_ldap_suffix, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"ldap machine suffix", P_STRING, P_GLOBAL, &Globals.szLdapMachineSuffix, handle_ldap_machine_suffix, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"ldap user suffix", P_STRING, P_GLOBAL, &Globals.szLdapUserSuffix, handle_ldap_user_suffix, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"ldap filter", P_STRING, P_GLOBAL, &Globals.szLdapFilter, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"ldap admin dn", P_STRING, P_GLOBAL, &Globals.szLdapAdminDn, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"ldap ssl", P_ENUM, P_GLOBAL, &Globals.ldap_ssl, NULL, enum_ldap_ssl, FLAG_ADVANCED | FLAG_DEVELOPER},
{"ldap passwd sync", P_ENUM, P_GLOBAL, &Globals.ldap_passwd_sync, NULL, enum_ldap_passwd_sync, FLAG_ADVANCED | FLAG_DEVELOPER},
{"Miscellaneous Options", P_SEP, P_SEPARATOR},
{"add share command", P_STRING, P_GLOBAL, &Globals.szAddShareCommand, NULL, NULL, 0},
{"change share command", P_STRING, P_GLOBAL, &Globals.szChangeShareCommand, NULL, NULL, 0},
{"delete share command", P_STRING, P_GLOBAL, &Globals.szDeleteShareCommand, NULL, NULL, 0},
{"add share command", P_STRING, P_GLOBAL, &Globals.szAddShareCommand, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"change share command", P_STRING, P_GLOBAL, &Globals.szChangeShareCommand, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"delete share command", P_STRING, P_GLOBAL, &Globals.szDeleteShareCommand, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"config file", P_STRING, P_GLOBAL, &Globals.szConfigFile, NULL, NULL, FLAG_HIDE},
{"preload", P_STRING, P_GLOBAL, &Globals.szAutoServices, NULL, NULL, 0},
{"auto services", P_STRING, P_GLOBAL, &Globals.szAutoServices, NULL, NULL, 0},
{"lock dir", P_STRING, P_GLOBAL, &Globals.szLockDir, NULL, NULL, 0},
{"lock directory", P_STRING, P_GLOBAL, &Globals.szLockDir, NULL, NULL, 0},
{"pid directory", P_STRING, P_GLOBAL, &Globals.szPidDir, NULL, NULL, 0},
{"preload", P_STRING, P_GLOBAL, &Globals.szAutoServices, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"auto services", P_STRING, P_GLOBAL, &Globals.szAutoServices, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"lock dir", P_STRING, P_GLOBAL, &Globals.szLockDir, NULL, NULL, FLAG_HIDE},
{"lock directory", P_STRING, P_GLOBAL, &Globals.szLockDir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"pid directory", P_STRING, P_GLOBAL, &Globals.szPidDir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
#ifdef WITH_UTMP
{"utmp directory", P_STRING, P_GLOBAL, &Globals.szUtmpDir, NULL, NULL, 0},
{"wtmp directory", P_STRING, P_GLOBAL, &Globals.szWtmpDir, NULL, NULL, 0},
{"utmp", P_BOOL, P_GLOBAL, &Globals.bUtmp, NULL, NULL, 0},
{"utmp directory", P_STRING, P_GLOBAL, &Globals.szUtmpDir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"wtmp directory", P_STRING, P_GLOBAL, &Globals.szWtmpDir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"utmp", P_BOOL, P_GLOBAL, &Globals.bUtmp, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
#endif
{"default service", P_STRING, P_GLOBAL, &Globals.szDefaultService, NULL, NULL, 0},
{"default", P_STRING, P_GLOBAL, &Globals.szDefaultService, NULL, NULL, 0},
{"message command", P_STRING, P_GLOBAL, &Globals.szMsgCommand, NULL, NULL, 0},
{"dfree command", P_STRING, P_GLOBAL, &Globals.szDfree, NULL, NULL, 0},
{"remote announce", P_STRING, P_GLOBAL, &Globals.szRemoteAnnounce, NULL, NULL, 0},
{"remote browse sync", P_STRING, P_GLOBAL, &Globals.szRemoteBrowseSync, NULL, NULL, 0},
{"socket address", P_STRING, P_GLOBAL, &Globals.szSocketAddress, NULL, NULL, 0},
{"homedir map", P_STRING, P_GLOBAL, &Globals.szNISHomeMapName, NULL, NULL, 0},
{"time offset", P_INTEGER, P_GLOBAL, &extra_time_offset, NULL, NULL, 0},
{"NIS homedir", P_BOOL, P_GLOBAL, &Globals.bNISHomeMap, NULL, NULL, 0},
{"default service", P_STRING, P_GLOBAL, &Globals.szDefaultService, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"default", P_STRING, P_GLOBAL, &Globals.szDefaultService, NULL, NULL, FLAG_DEVELOPER},
{"message command", P_STRING, P_GLOBAL, &Globals.szMsgCommand, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"dfree command", P_STRING, P_GLOBAL, &Globals.szDfree, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"remote announce", P_STRING, P_GLOBAL, &Globals.szRemoteAnnounce, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"remote browse sync", P_STRING, P_GLOBAL, &Globals.szRemoteBrowseSync, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"socket address", P_STRING, P_GLOBAL, &Globals.szSocketAddress, NULL, NULL, FLAG_DEVELOPER},
{"homedir map", P_STRING, P_GLOBAL, &Globals.szNISHomeMapName, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"time offset", P_INTEGER, P_GLOBAL, &extra_time_offset, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"NIS homedir", P_BOOL, P_GLOBAL, &Globals.bNISHomeMap, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"-valid", P_BOOL, P_LOCAL, &sDefault.valid, NULL, NULL, FLAG_HIDE},
{"copy", P_STRING, P_LOCAL, &sDefault.szCopy, handle_copy, NULL, FLAG_HIDE},
{"include", P_STRING, P_LOCAL, &sDefault.szInclude, handle_include, NULL, FLAG_HIDE},
{"exec", P_STRING, P_LOCAL, &sDefault.szPreExec, NULL, NULL, FLAG_SHARE | FLAG_PRINT},
{"preexec", P_STRING, P_LOCAL, &sDefault.szPreExec, NULL, NULL, 0},
{"preexec", P_STRING, P_LOCAL, &sDefault.szPreExec, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"preexec close", P_BOOL, P_LOCAL, &sDefault.bPreexecClose, NULL, NULL, FLAG_SHARE},
{"postexec", P_STRING, P_LOCAL, &sDefault.szPostExec, NULL, NULL, FLAG_SHARE | FLAG_PRINT},
{"root preexec", P_STRING, P_LOCAL, &sDefault.szRootPreExec, NULL, NULL, FLAG_SHARE | FLAG_PRINT},
{"root preexec close", P_BOOL, P_LOCAL, &sDefault.bRootpreexecClose, NULL, NULL, FLAG_SHARE},
{"root postexec", P_STRING, P_LOCAL, &sDefault.szRootPostExec, NULL, NULL, FLAG_SHARE | FLAG_PRINT},
{"available", P_BOOL, P_LOCAL, &sDefault.bAvailable, NULL, NULL, FLAG_BASIC | FLAG_SHARE | FLAG_PRINT},
{"available", P_BOOL, P_LOCAL, &sDefault.bAvailable, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT},
{"volume", P_STRING, P_LOCAL, &sDefault.volume, NULL, NULL, FLAG_SHARE },
{"fstype", P_STRING, P_LOCAL, &sDefault.fstype, NULL, NULL, FLAG_SHARE},
{"set directory", P_BOOLREV, P_LOCAL, &sDefault.bNo_set_dir, NULL, NULL, FLAG_SHARE},
{"source environment", P_STRING, P_GLOBAL, &Globals.szSourceEnv, handle_source_env, NULL, 0},
{"source environment", P_STRING, P_GLOBAL, &Globals.szSourceEnv, handle_source_env, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"wide links", P_BOOL, P_LOCAL, &sDefault.bWidelinks, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
{"follow symlinks", P_BOOL, P_LOCAL, &sDefault.bSymlinks, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
{"dont descend", P_STRING, P_LOCAL, &sDefault.szDontdescend, NULL, NULL, FLAG_SHARE},
@ -1028,9 +1066,8 @@ static struct parm_struct parm_table[] = {
{"dos filetime resolution", P_BOOL, P_LOCAL, &sDefault.bDosFiletimeResolution, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
{"fake directory create times", P_BOOL, P_LOCAL, &sDefault.bFakeDirCreateTimes, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
{"panic action", P_STRING, P_GLOBAL, &Globals.szPanicAction, NULL, NULL, 0},
{"hide local users", P_BOOL, P_GLOBAL, &Globals.bHideLocalUsers, NULL,
NULL, 0},
{"panic action", P_STRING, P_GLOBAL, &Globals.szPanicAction, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"hide local users", P_BOOL, P_GLOBAL, &Globals.bHideLocalUsers, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"VFS module options", P_SEP, P_SEPARATOR},
@ -1040,19 +1077,19 @@ static struct parm_struct parm_table[] = {
{"msdfs root", P_BOOL, P_LOCAL, &sDefault.bMSDfsRoot, NULL, NULL, FLAG_SHARE},
{"host msdfs", P_BOOL, P_GLOBAL, &Globals.bHostMSDfs, NULL, NULL, 0},
{"host msdfs", P_BOOL, P_GLOBAL, &Globals.bHostMSDfs, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"Winbind options", P_SEP, P_SEPARATOR},
{"winbind uid", P_STRING, P_GLOBAL, &Globals.szWinbindUID, handle_winbind_uid, NULL, 0},
{"winbind gid", P_STRING, P_GLOBAL, &Globals.szWinbindGID, handle_winbind_gid, NULL, 0},
{"template homedir", P_STRING, P_GLOBAL, &Globals.szTemplateHomedir, NULL, NULL, 0},
{"template shell", P_STRING, P_GLOBAL, &Globals.szTemplateShell, NULL, NULL, 0},
{"winbind separator", P_STRING, P_GLOBAL, &Globals.szWinbindSeparator, NULL, NULL, 0},
{"winbind cache time", P_INTEGER, P_GLOBAL, &Globals.winbind_cache_time, NULL, NULL, 0},
{"winbind enum users", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumUsers, NULL, NULL, 0},
{"winbind enum groups", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumGroups, NULL, NULL, 0},
{"winbind use default domain", P_BOOL, P_GLOBAL, &Globals.bWinbindUseDefaultDomain, NULL, NULL, 0},
{"winbind uid", P_STRING, P_GLOBAL, &Globals.szWinbindUID, handle_winbind_uid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"winbind gid", P_STRING, P_GLOBAL, &Globals.szWinbindGID, handle_winbind_gid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"template homedir", P_STRING, P_GLOBAL, &Globals.szTemplateHomedir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"template shell", P_STRING, P_GLOBAL, &Globals.szTemplateShell, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"winbind separator", P_STRING, P_GLOBAL, &Globals.szWinbindSeparator, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"winbind cache time", P_INTEGER, P_GLOBAL, &Globals.winbind_cache_time, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"winbind enum users", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumUsers, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"winbind enum groups", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumGroups, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"winbind use default domain", P_BOOL, P_GLOBAL, &Globals.bWinbindUseDefaultDomain, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0}
};
@ -1250,7 +1287,6 @@ static void init_globals(void)
Globals.bAlgorithmicRidBase = BASE_RID;
Globals.bLoadPrinters = True;
Globals.max_packet = 65535;
Globals.mangled_stack = 50;
Globals.max_xmit = 65535;
Globals.max_mux = 50; /* This is *needed* for profile support. */
@ -1279,7 +1315,6 @@ static void init_globals(void)
Globals.bStripDot = False;
Globals.syslog = 1;
Globals.bSyslogOnly = False;
Globals.bAdminLog = False;
Globals.bTimestampLogs = True;
string_set(&Globals.szLogLevel, "0");
Globals.bDebugHiresTimestamp = False;
@ -1339,6 +1374,7 @@ static void init_globals(void)
string_set(&Globals.szLdapFilter, "(&(uid=%u)(objectclass=sambaAccount))");
string_set(&Globals.szLdapAdminDn, "");
Globals.ldap_ssl = LDAP_SSL_ON;
Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
/* these parameters are set to defaults that are more appropriate
for the increasing samba install base:
@ -1521,6 +1557,7 @@ FN_GLOBAL_STRING(lp_nis_home_map_name, &Globals.szNISHomeMapName)
static FN_GLOBAL_STRING(lp_announce_version, &Globals.szAnnounceVersion)
FN_GLOBAL_LIST(lp_netbios_aliases, &Globals.szNetbiosAliases)
FN_GLOBAL_LIST(lp_passdb_backend, &Globals.szPassdbBackend)
FN_GLOBAL_LIST(lp_sam_backend, &Globals.szSamBackend)
FN_GLOBAL_STRING(lp_panic_action, &Globals.szPanicAction)
FN_GLOBAL_STRING(lp_adduser_script, &Globals.szAddUserScript)
FN_GLOBAL_STRING(lp_deluser_script, &Globals.szDelUserScript)
@ -1530,6 +1567,7 @@ FN_GLOBAL_STRING(lp_addgroup_script, &Globals.szAddGroupScript)
FN_GLOBAL_STRING(lp_delgroup_script, &Globals.szDelGroupScript)
FN_GLOBAL_STRING(lp_addusertogroup_script, &Globals.szAddUserToGroupScript)
FN_GLOBAL_STRING(lp_deluserfromgroup_script, &Globals.szDelUserFromGroupScript)
FN_GLOBAL_STRING(lp_setprimarygroup_script, &Globals.szSetPrimaryGroupScript)
FN_GLOBAL_STRING(lp_addmachine_script, &Globals.szAddMachineScript)
@ -1550,6 +1588,7 @@ FN_GLOBAL_STRING(lp_ldap_user_suffix, &Globals.szLdapUserSuffix)
FN_GLOBAL_STRING(lp_ldap_filter, &Globals.szLdapFilter)
FN_GLOBAL_STRING(lp_ldap_admin_dn, &Globals.szLdapAdminDn)
FN_GLOBAL_INTEGER(lp_ldap_ssl, &Globals.ldap_ssl)
FN_GLOBAL_INTEGER(lp_ldap_passwd_sync, &Globals.ldap_passwd_sync)
FN_GLOBAL_STRING(lp_add_share_cmd, &Globals.szAddShareCommand)
FN_GLOBAL_STRING(lp_change_share_cmd, &Globals.szChangeShareCommand)
FN_GLOBAL_STRING(lp_delete_share_cmd, &Globals.szDeleteShareCommand)
@ -1574,7 +1613,6 @@ FN_GLOBAL_BOOL(lp_strip_dot, &Globals.bStripDot)
FN_GLOBAL_BOOL(lp_encrypted_passwords, &Globals.bEncryptPasswords)
FN_GLOBAL_BOOL(lp_update_encrypted, &Globals.bUpdateEncrypt)
FN_GLOBAL_BOOL(lp_syslog_only, &Globals.bSyslogOnly)
FN_GLOBAL_BOOL(lp_admin_log, &Globals.bAdminLog)
FN_GLOBAL_BOOL(lp_timestamp_logs, &Globals.bTimestampLogs)
FN_GLOBAL_BOOL(lp_debug_hires_timestamp, &Globals.bDebugHiresTimestamp)
FN_GLOBAL_BOOL(lp_debug_pid, &Globals.bDebugPid)
@ -1686,6 +1724,7 @@ FN_LOCAL_BOOL(lp_preservecase, bCasePreserve)
FN_LOCAL_BOOL(lp_shortpreservecase, bShortCasePreserve)
FN_LOCAL_BOOL(lp_casemangle, bCaseMangle)
FN_LOCAL_BOOL(lp_hide_dot_files, bHideDotFiles)
FN_LOCAL_BOOL(lp_hide_special_files, bHideSpecialFiles)
FN_LOCAL_BOOL(lp_hideunreadable, bHideUnReadable)
FN_LOCAL_BOOL(lp_hideunwriteable_files, bHideUnWriteableFiles)
FN_LOCAL_BOOL(lp_browseable, bBrowseable)
@ -1724,6 +1763,10 @@ FN_LOCAL_BOOL(lp_inherit_acls, bInheritACLS)
FN_LOCAL_BOOL(lp_use_client_driver, bUseClientDriver)
FN_LOCAL_BOOL(lp_default_devmode, bDefaultDevmode)
FN_LOCAL_BOOL(lp_nt_acl_support, bNTAclSupport)
#ifdef WITH_SENDFILE
FN_LOCAL_BOOL(lp_use_sendfile, bUseSendfile)
#endif
FN_LOCAL_BOOL(lp_profile_acls, bProfileAcls)
FN_LOCAL_INTEGER(lp_create_mask, iCreate_mask)
FN_LOCAL_INTEGER(lp_force_create_mode, iCreate_force_mode)
FN_LOCAL_INTEGER(lp_security_mask, iSecurity_mask)
@ -3507,30 +3550,44 @@ static void set_server_role(void)
case SEC_SHARE:
if (lp_domain_logons())
DEBUG(0, ("Server's Role (logon server) conflicts with share-level security\n"));
DEBUG(10,("set_server_role: ROLE_STANDALONE\n"));
break;
case SEC_SERVER:
case SEC_DOMAIN:
case SEC_ADS:
if (lp_domain_logons()) {
server_role = ROLE_DOMAIN_PDC;
DEBUG(10,("set_server_role:ROLE_DOMAIN_PDC\n"));
break;
}
server_role = ROLE_DOMAIN_MEMBER;
DEBUG(10,("set_server_role: ROLE_DOMAIN_MEMBER\n"));
break;
case SEC_USER:
if (lp_domain_logons()) {
if (Globals.bDomainMaster) /* auto or yes */
server_role = ROLE_DOMAIN_PDC;
DEBUG(10,("set_server_role: ROLE_DOMAIN_PDC\n"));
break;
else
server_role = ROLE_DOMAIN_BDC;
}
DEBUG(10,("set_server_role: ROLE_STANDALONE\n"));
break;
default:
DEBUG(0, ("Server's Role undefined due to unknown security mode\n"));
DEBUG(10,("set_server_role: ROLE_STANDALONE\n"));
break;
}
DEBUG(10, ("set_server_role: role = "));
switch(server_role) {
case ROLE_STANDALONE:
DEBUGADD(10, ("ROLE_STANDALONE\n"));
break;
case ROLE_DOMAIN_MEMBER:
DEBUGADD(10, ("ROLE_DOMAIN_MEMBER\n"));
break;
case ROLE_DOMAIN_BDC:
DEBUGADD(10, ("ROLE_DOMAIN_BDC\n"));
break;
case ROLE_DOMAIN_PDC:
DEBUGADD(10, ("ROLE_DOMAIN_PDC\n"));
break;
}
}
@ -3555,12 +3612,13 @@ BOOL lp_load(const char *pszFname, BOOL global_only, BOOL save_defaults,
bRetval = False;
DEBUG(3, ("lp_load: refreshing parmaters\n"));
DEBUG(3, ("lp_load: refreshing parameters\n"));
bInGlobalSection = True;
bGlobalOnly = global_only;
init_globals();
debug_init();
if (save_defaults)
{

View File

@ -80,7 +80,6 @@ static BOOL pdb_generate_sam_sid(void)
{
char *fname = NULL;
extern pstring global_myname;
extern fstring global_myworkgroup;
BOOL is_dc = False;
if(global_sam_sid==NULL)
@ -106,11 +105,11 @@ static BOOL pdb_generate_sam_sid(void)
if (!is_dc)
return True;
if (!secrets_fetch_domain_sid(global_myworkgroup, &domain_sid)) {
if (!secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) {
/* No domain sid and we're a pdc/bdc. Store it */
if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) {
if (!secrets_store_domain_sid(lp_workgroup(), global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Can't store domain SID as a pdc/bdc.\n"));
return False;
}
@ -122,7 +121,7 @@ static BOOL pdb_generate_sam_sid(void)
/* Domain name sid doesn't match global sam sid. Re-store global sam sid as domain sid. */
DEBUG(0,("pdb_generate_sam_sid: Mismatched SIDs as a pdc/bdc.\n"));
if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) {
if (!secrets_store_domain_sid(lp_workgroup(), global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Can't re-store domain SID as a pdc/bdc.\n"));
return False;
}
@ -145,7 +144,7 @@ static BOOL pdb_generate_sam_sid(void)
}
unlink(fname);
if (is_dc) {
if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) {
if (!secrets_store_domain_sid(lp_workgroup(), global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Failed to store domain SID from file.\n"));
SAFE_FREE(fname);
return False;
@ -168,7 +167,7 @@ static BOOL pdb_generate_sam_sid(void)
return False;
}
if (is_dc) {
if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) {
if (!secrets_store_domain_sid(lp_workgroup(), global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Failed to store generated domain SID.\n"));
return False;
}

View File

@ -75,11 +75,19 @@ static void pdb_fill_default_sam(SAM_ACCOUNT *user)
user->private.workstations = "";
user->private.unknown_str = "";
user->private.munged_dial = "";
user->private.plaintext_pw = NULL;
}
static void destroy_pdb_talloc(SAM_ACCOUNT **user)
{
if (*user) {
data_blob_clear_free(&((*user)->private.lm_pw));
data_blob_clear_free(&((*user)->private.nt_pw));
if((*user)->private.plaintext_pw!=NULL)
memset((*user)->private.plaintext_pw,'\0',strlen((*user)->private.plaintext_pw));
talloc_destroy((*user)->mem_ctx);
*user = NULL;
}
@ -251,6 +259,15 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd)
pwd->pw_name, global_myname,
pwd->pw_uid, pwd->pw_gid),
False);
if (!pdb_set_acct_ctrl(sam_account, ACB_NORMAL)) {
DEBUG(1, ("Failed to set 'normal account' flags for user %s.\n", pwd->pw_name));
return NT_STATUS_UNSUCCESSFUL;
}
} else {
if (!pdb_set_acct_ctrl(sam_account, ACB_WSTRUST)) {
DEBUG(1, ("Failed to set 'trusted workstation account' flags for user %s.\n", pwd->pw_name));
return NT_STATUS_UNSUCCESSFUL;
}
}
return NT_STATUS_OK;
}
@ -301,7 +318,8 @@ static void pdb_free_sam_contents(SAM_ACCOUNT *user)
data_blob_clear_free(&(user->private.lm_pw));
data_blob_clear_free(&(user->private.nt_pw));
data_blob_clear_free(&(user->private.plaintext_pw));
if (user->private.plaintext_pw!=NULL)
memset(user->private.plaintext_pw,'\0',strlen(user->private.plaintext_pw));
}
@ -823,11 +841,14 @@ BOOL local_sid_to_uid(uid_t *puid, const DOM_SID *psid, enum SID_NAME_USE *name_
return False;
if (pdb_getsampwsid(sam_user, psid)) {
*puid = pdb_get_uid(sam_user);
if (*puid == -1) {
if (!(pdb_get_init_flag(sam_user) & FLAG_SAM_UID)) {
pdb_free_sam(&sam_user);
return False;
}
*puid = pdb_get_uid(sam_user);
DEBUG(10,("local_sid_to_uid: SID %s -> uid (%u) (%s).\n", sid_to_string( str, psid),
(unsigned int)*puid, pdb_get_username(sam_user)));
pdb_free_sam(&sam_user);
@ -982,6 +1003,7 @@ BOOL local_password_change(const char *user_name, int local_flags,
{
struct passwd *pwd = NULL;
SAM_ACCOUNT *sam_pass=NULL;
uint16 other_acb;
*err_str = '\0';
*msg_str = '\0';
@ -1021,31 +1043,33 @@ BOOL local_password_change(const char *user_name, int local_flags,
return False;
}
}
} else {
/* the entry already existed */
local_flags &= ~LOCAL_ADD_USER;
}
/* the 'other' acb bits not being changed here */
other_acb = (pdb_get_acct_ctrl(sam_pass) & (!(ACB_WSTRUST|ACB_DOMTRUST|ACB_SVRTRUST|ACB_NORMAL)));
if (local_flags & LOCAL_TRUST_ACCOUNT) {
if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST)) {
if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST | other_acb) ) {
slprintf(err_str, err_str_len - 1, "Failed to set 'trusted workstation account' flags for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
}
} else if (local_flags & LOCAL_INTERDOM_ACCOUNT) {
if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST)) {
if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST | other_acb)) {
slprintf(err_str, err_str_len - 1, "Failed to set 'domain trust account' flags for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
}
} else {
if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL)) {
if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL | other_acb)) {
slprintf(err_str, err_str_len - 1, "Failed to set 'normal account' flags for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
}
}
} else {
/* the entry already existed */
local_flags &= ~LOCAL_ADD_USER;
}
/*
* We are root - just write the new password
* and the valid last change time.

View File

@ -151,7 +151,7 @@ const uint8* pdb_get_lanman_passwd (const SAM_ACCOUNT *sampass)
const char* pdb_get_plaintext_passwd (const SAM_ACCOUNT *sampass)
{
if (sampass) {
return ((char*)sampass->private.plaintext_pw.data);
return (sampass->private.plaintext_pw);
}
else
return (NULL);
@ -956,14 +956,24 @@ BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, const uint8 pwd[16])
below)
********************************************************************/
BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const uint8 *password, size_t len)
BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const char *password)
{
if (!sampass)
return False;
data_blob_clear_free(&sampass->private.plaintext_pw);
if (password) {
if (sampass->private.plaintext_pw!=NULL)
memset(sampass->private.plaintext_pw,'\0',strlen(sampass->private.plaintext_pw)+1);
sampass->private.plaintext_pw = talloc_strdup(sampass->mem_ctx, password);
sampass->private.plaintext_pw = data_blob(password, len);
if (!sampass->private.plaintext_pw) {
DEBUG(0, ("pdb_set_unknown_str: talloc_strdup() failed!\n"));
return False;
}
} else {
sampass->private.plaintext_pw = NULL;
}
return True;
}
@ -1063,6 +1073,9 @@ BOOL pdb_set_plaintext_passwd (SAM_ACCOUNT *sampass, const char *plaintext)
if (!pdb_set_lanman_passwd (sampass, new_lanman_p16))
return False;
if (!pdb_set_plaintext_pw_only (sampass, plaintext))
return False;
if (!pdb_set_pass_changed_now (sampass))
return False;

View File

@ -34,13 +34,14 @@ const struct pdb_init_function_entry builtin_pdb_init_functions[] = {
{ "ldapsam", pdb_init_ldapsam },
{ "ldapsam_nua", pdb_init_ldapsam_nua },
{ "unixsam", pdb_init_unixsam },
{ "nisplussam", pdb_init_nisplussam },
{ "plugin", pdb_init_plugin },
{ NULL, NULL}
};
static BOOL context_setsampwent(struct pdb_context *context, BOOL update)
{
if ((!context) || (!context->pdb_methods) || (!context->pdb_methods->setsampwent)) {
if (!context) {
DEBUG(0, ("invalid pdb_context specified!\n"));
return False;
}
@ -52,7 +53,7 @@ static BOOL context_setsampwent(struct pdb_context *context, BOOL update)
return True;
}
while (!(context->pwent_methods->setsampwent(context->pwent_methods, update))) {
while (!(context->pwent_methods->setsampwent) || !(context->pwent_methods->setsampwent(context->pwent_methods, update))) {
context->pwent_methods = context->pwent_methods->next;
if (context->pwent_methods == NULL)
return False;

Some files were not shown because too many files have changed in this diff Show More