diff --git a/source/Makefile.in b/source/Makefile.in index a2c4a360d46..0ea2c4411f8 100644 --- a/source/Makefile.in +++ b/source/Makefile.in @@ -1205,7 +1205,10 @@ installscripts: installdirs installdat: installdirs @$(SHELL) $(srcdir)/script/installdat.sh $(DESTDIR)$(LIBDIR) $(srcdir) -installswat: installdirs +installmsg: installdirs + @$(SHELL) $(srcdir)/script/installmsg.sh $(DESTDIR)$(LIBDIR) $(srcdir) + +installswat: installdirs installmsg @$(SHELL) $(srcdir)/script/installswat.sh $(DESTDIR)$(SWATDIR) $(srcdir) installclientlib: installdirs libsmbclient diff --git a/source/VERSION b/source/VERSION index 9cf8b11ef1f..d7f386ab42b 100644 --- a/source/VERSION +++ b/source/VERSION @@ -18,8 +18,8 @@ # -> "3.0.0" # ######################################################## SAMBA_VERSION_MAJOR=3 -SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=1 +SAMBA_VERSION_MINOR=1 +SAMBA_VERSION_RELEASE=0 ######################################################## # If a official release has a serious bug # @@ -41,7 +41,7 @@ SAMBA_VERSION_REVISION= # e.g. SAMBA_VERSION_PRE_RELEASE=1 # # -> "2.2.9pre1" # ######################################################## -SAMBA_VERSION_PRE_RELEASE=1 +SAMBA_VERSION_PRE_RELEASE= ######################################################## # For 'rc' releases the version will be # @@ -71,7 +71,7 @@ SAMBA_VERSION_BETA_RELEASE= # e.g. SAMBA_VERSION_ALPHA_RELEASE=1 # # -> "4.0.0alpha1" # ######################################################## -SAMBA_VERSION_ALPHA_RELEASE= +SAMBA_VERSION_ALPHA_RELEASE=1 ######################################################## # For 'test' releases the version will be # diff --git a/source/lib/afs.c b/source/lib/afs.c index b96703e986b..882442a79f1 100644 --- a/source/lib/afs.c +++ b/source/lib/afs.c @@ -35,18 +35,6 @@ _syscall5(int, afs_syscall, int, subcall, char *, cmarg, int, follow); -char *afs_cell(void) -{ - static char *cell = NULL; - - if (cell == NULL) { - cell = strdup(lp_realm()); - strlower_m(cell); - } - - return cell; -} - struct ClearToken { uint32 AuthHandle; char HandShakeKey[8]; @@ -65,7 +53,8 @@ struct ClearToken { to avoid. */ -static BOOL afs_settoken(char *username, const struct ClearToken *ctok, +static BOOL afs_settoken(const char *username, const char *cell, + const struct ClearToken *ctok, char *v4tkt_data, int v4tkt_length) { int ret; @@ -94,13 +83,13 @@ static BOOL afs_settoken(char *username, const struct ClearToken *ctok, memcpy(p, &tmp, sizeof(uint32)); p += sizeof(uint32); - tmp = strlen(afs_cell()); + tmp = strlen(cell); if (tmp >= MAXKTCREALMLEN) { DEBUG(1, ("Realm too long\n")); return False; } - strncpy(p, afs_cell(), tmp); + strncpy(p, cell, tmp); p += tmp; *p = 0; p +=1; @@ -135,12 +124,14 @@ static BOOL afs_settoken(char *username, const struct ClearToken *ctok, For the comments "Alice" is the User to be auth'ed, and "Bob" is the AFS server. */ -BOOL afs_login(char *username) +BOOL afs_login(connection_struct *conn) { fstring ticket; char *p = ticket; uint32 len; struct afs_key key; + pstring afs_username; + char *cell; struct ClearToken ct; @@ -148,13 +139,28 @@ BOOL afs_login(char *username) des_key_schedule key_schedule; - DEBUG(10, ("Trying to log into AFS for user %s@%s\n", - username, afs_cell())); + pstrcpy(afs_username, lp_afs_username_map()); + standard_sub_conn(conn, afs_username, sizeof(afs_username)); + + cell = strchr(afs_username, '@'); + + if (cell == NULL) { + DEBUG(1, ("AFS username doesn't contain a @, " + "could not find cell\n")); + return False; + } + + *cell = '\0'; + cell += 1; + strlower_m(cell); + + DEBUG(10, ("Trying to log into AFS for user %s@%s\n", + afs_username, cell)); if (!secrets_init()) return False; - if (!secrets_fetch_afs_key(afs_cell(), &key)) { + if (!secrets_fetch_afs_key(cell, &key)) { DEBUG(5, ("Could not fetch AFS service key\n")); return False; } @@ -172,14 +178,20 @@ BOOL afs_login(char *username) p += 1; /* "Alice", the client username */ - strncpy(p, username, sizeof(ticket)-PTR_DIFF(p,ticket)-1); + strncpy(p, afs_username, sizeof(ticket)-PTR_DIFF(p,ticket)-1); p += strlen(p)+1; strncpy(p, "", sizeof(ticket)-PTR_DIFF(p,ticket)-1); p += strlen(p)+1; - strncpy(p, afs_cell(), sizeof(ticket)-PTR_DIFF(p,ticket)-1); + strncpy(p, cell, sizeof(ticket)-PTR_DIFF(p,ticket)-1); p += strlen(p)+1; - ct.ViceId = getuid(); + /* As long as we still only use the effective UID we need to set the + * token for it here as well. This involves patching AFS in two + * places. Once we start using the real uid where we have the + * setresuid function, we can use getuid() here which would be more + * correct. */ + + ct.ViceId = geteuid(); DEBUG(10, ("Creating Token for uid %d\n", ct.ViceId)); /* Alice's network layer address. At least Openafs-1.2.10 @@ -235,12 +247,12 @@ BOOL afs_login(char *username) ZERO_STRUCT(key); - return afs_settoken(username, &ct, ticket, len); + return afs_settoken(afs_username, cell, &ct, ticket, len); } #else -BOOL afs_login(char *username) +BOOL afs_login(connection_struct *conn) { return True; } diff --git a/source/lib/util_sec.c b/source/lib/util_sec.c index 132748ce138..1980b8bfb7c 100644 --- a/source/lib/util_sec.c +++ b/source/lib/util_sec.c @@ -183,6 +183,10 @@ void gain_root_group_privilege(void) void set_effective_uid(uid_t uid) { #if USE_SETRESUID + /* On Systems which have this function, would it not be more + * appropriate to also set the real uid by doing + * setresuid(uid,uid,-1)? This would make patching AFS + * unnecessary. See comment in lib/afs.c. */ setresuid(-1,uid,-1); #endif diff --git a/source/param/loadparm.c b/source/param/loadparm.c index b370b6b049c..0efa2796c36 100644 --- a/source/param/loadparm.c +++ b/source/param/loadparm.c @@ -126,6 +126,7 @@ typedef struct char *szPasswordServer; char *szSocketOptions; char *szRealm; + char *szAfsUsernameMap; char *szUsernameMap; char *szLogonScript; char *szLogonPath; @@ -413,6 +414,7 @@ typedef struct BOOL bUseSendfile; BOOL bProfileAcls; BOOL bMap_acl_inherit; + BOOL bAfs_Share; param_opt_struct *param_opt; char dummy[3]; /* for alignment */ @@ -533,6 +535,7 @@ static service sDefault = { False, /* bUseSendfile */ False, /* bProfileAcls */ False, /* bMap_acl_inherit */ + False, /* bAfs_Share */ NULL, /* Parametric options */ @@ -762,6 +765,7 @@ static struct parm_struct parm_table[] = { #ifdef WITH_ADS {"realm", P_USTRING, P_GLOBAL, &Globals.szRealm, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD}, #endif + {"afs username map", P_USTRING, P_GLOBAL, &Globals.szAfsUsernameMap, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD}, {"netbios name", P_USTRING, P_GLOBAL, &Globals.szNetbiosName, handle_netbios_name, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD}, {"netbios aliases", P_LIST, P_GLOBAL, &Globals.szNetbiosAliases, handle_netbios_aliases, NULL, FLAG_ADVANCED}, {"netbios scope", P_USTRING, P_GLOBAL, &Globals.szNetbiosScope, handle_netbios_scope, NULL, FLAG_ADVANCED}, @@ -890,6 +894,7 @@ static struct parm_struct parm_table[] = { {"announce version", P_STRING, P_GLOBAL, &Globals.szAnnounceVersion, NULL, NULL, FLAG_ADVANCED}, {"announce as", P_ENUM, P_GLOBAL, &Globals.announce_as, NULL, enum_announce_as, FLAG_ADVANCED}, {"map acl inherit", P_BOOL, P_LOCAL, &sDefault.bMap_acl_inherit, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL}, + {"afs share", P_BOOL, P_LOCAL, &sDefault.bAfs_Share, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL}, {"max mux", P_INTEGER, P_GLOBAL, &Globals.max_mux, NULL, NULL, FLAG_ADVANCED}, {"max xmit", P_INTEGER, P_GLOBAL, &Globals.max_xmit, NULL, NULL, FLAG_ADVANCED}, @@ -1634,6 +1639,7 @@ FN_GLOBAL_STRING(lp_passwd_chat, &Globals.szPasswdChat) FN_GLOBAL_STRING(lp_passwordserver, &Globals.szPasswordServer) FN_GLOBAL_STRING(lp_name_resolve_order, &Globals.szNameResolveOrder) FN_GLOBAL_STRING(lp_realm, &Globals.szRealm) +FN_GLOBAL_STRING(lp_afs_username_map, &Globals.szAfsUsernameMap) FN_GLOBAL_STRING(lp_username_map, &Globals.szUsernameMap) FN_GLOBAL_CONST_STRING(lp_logon_script, &Globals.szLogonScript) FN_GLOBAL_CONST_STRING(lp_logon_path, &Globals.szLogonPath) @@ -1871,6 +1877,7 @@ FN_LOCAL_BOOL(lp_nt_acl_support, bNTAclSupport) FN_LOCAL_BOOL(_lp_use_sendfile, bUseSendfile) FN_LOCAL_BOOL(lp_profile_acls, bProfileAcls) FN_LOCAL_BOOL(lp_map_acl_inherit, bMap_acl_inherit) +FN_LOCAL_BOOL(lp_afs_share, bAfs_Share) FN_LOCAL_INTEGER(lp_create_mask, iCreate_mask) FN_LOCAL_INTEGER(lp_force_create_mode, iCreate_force_mode) FN_LOCAL_INTEGER(lp_security_mask, iSecurity_mask) diff --git a/source/script/gaptab.awk b/source/script/gaptab.awk index f9d15263610..a309089cd5b 100644 --- a/source/script/gaptab.awk +++ b/source/script/gaptab.awk @@ -23,9 +23,9 @@ function tonum(str) function fmt(val) { if (f++ % 8 == 0) - { printf ("\n '\\x%02x',", val); } + { printf ("\n 0x%02x,", val); } else - { printf (" '\\x%02x',", val); } + { printf (" 0x%02x,", val); } } { diff --git a/source/script/installmsg.sh b/source/script/installmsg.sh new file mode 100644 index 00000000000..30ad404aa0d --- /dev/null +++ b/source/script/installmsg.sh @@ -0,0 +1,23 @@ +#!/bin/sh +# first version (Sept 2003) written by Shiro Yamada +# based on the first verion (March 2002) of installdat.sh written by Herb Lewis + +MSGDIR=$1 +SRCDIR=$2/ + +echo Installing msg files in $MSGDIR + +for f in $SRCDIR/po/*.msg; do + FNAME=$MSGDIR/`basename $f` + echo $FNAME + cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges? + chmod 0644 $FNAME +done + +cat << EOF +====================================================================== +The msg files have been installed. +====================================================================== +EOF + +exit 0 diff --git a/source/smbd/service.c b/source/smbd/service.c index 70126b9e7fc..44d73b2ab27 100644 --- a/source/smbd/service.c +++ b/source/smbd/service.c @@ -644,7 +644,9 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, } #ifdef WITH_FAKE_KASERVER - afs_login(user); + if (lp_afs_share(SNUM(conn))) { + afs_login(conn); + } #endif #if CHECK_PATH_ON_TCONX diff --git a/source/utils/net.c b/source/utils/net.c index e5c078da29f..42966b4f830 100644 --- a/source/utils/net.c +++ b/source/utils/net.c @@ -476,8 +476,8 @@ static int net_afskey(int argc, const char **argv) int fd; struct afs_keyfile keyfile; - if (argc != 1) { - d_printf("usage: 'net afskey '\n"); + if (argc != 2) { + d_printf("usage: 'net afskey cell'\n"); return -1; } @@ -496,7 +496,7 @@ static int net_afskey(int argc, const char **argv) return -1; } - if (!secrets_store_afs_keyfile(afs_cell(), &keyfile)) { + if (!secrets_store_afs_keyfile(argv[1], &keyfile)) { d_printf("Could not write keyfile to secrets.tdb\n"); return -1; }