diff options
author | Jelmer Vernooij <jelmer@samba.org> | 2009-03-26 15:28:18 +0100 |
---|---|---|
committer | Jelmer Vernooij <jelmer@samba.org> | 2009-03-26 15:28:18 +0100 |
commit | 30a3dec549dc408940710409c80276077b4d9701 (patch) | |
tree | b0c0106ccbb9874875100ae5e18ec301e5c9f777 | |
parent | c42fc5e103d9d210c2f370e237a952e6df361792 (diff) | |
parent | 853f9283fb8fbcd2078e3cf8e99d6c8e24d77346 (diff) | |
download | samba-30a3dec549dc408940710409c80276077b4d9701.tar.gz samba-30a3dec549dc408940710409c80276077b4d9701.tar.bz2 samba-30a3dec549dc408940710409c80276077b4d9701.zip |
Merge branch 'master' of ssh://git.samba.org/data/git/samba into displaysec
-rw-r--r-- | libcli/util/doserr.c | 1 | ||||
-rw-r--r-- | libcli/util/werror.h | 1 | ||||
-rw-r--r-- | source3/Makefile.in | 28 | ||||
-rw-r--r-- | source3/include/proto.h | 7 | ||||
-rw-r--r-- | source3/lib/avahi.c | 7 | ||||
-rw-r--r-- | source3/lib/netapi/cm.c | 5 | ||||
-rw-r--r-- | source3/lib/netapi/user.c | 18 | ||||
-rw-r--r-- | source3/lib/util_file.c | 2 | ||||
-rw-r--r-- | source3/locking/locking.c | 3 | ||||
-rw-r--r-- | source3/registry/regfio.c | 26 | ||||
-rw-r--r-- | source3/rpc_parse/parse_misc.c | 57 | ||||
-rw-r--r-- | source3/rpc_parse/parse_sec.c | 436 | ||||
-rw-r--r-- | source3/smbd/nttrans.c | 4 | ||||
-rw-r--r-- | source3/smbd/reply.c | 6 | ||||
-rw-r--r-- | source3/smbd/trans2.c | 2 | ||||
-rw-r--r-- | source3/utils/net_rpc_printer.c | 9 | ||||
-rw-r--r-- | source4/auth/credentials/credentials_krb5.h | 1 | ||||
-rw-r--r-- | source4/auth/kerberos/clikrb5.c | 6 | ||||
-rwxr-xr-x | source4/dsdb/samdb/ldb_modules/tests/possibleinferiors.py | 166 | ||||
-rw-r--r-- | source4/heimdal_build/replace.c | 4 | ||||
-rw-r--r-- | source4/heimdal_build/roken.h | 19 | ||||
-rw-r--r-- | source4/kdc/kdc.c | 2 |
22 files changed, 236 insertions, 574 deletions
diff --git a/libcli/util/doserr.c b/libcli/util/doserr.c index 5104c3ee02..1a7422e3f6 100644 --- a/libcli/util/doserr.c +++ b/libcli/util/doserr.c @@ -124,6 +124,7 @@ static const struct werror_code_struct dos_errs[] = { "WERR_DS_DRA_DB_ERROR", WERR_DS_DRA_DB_ERROR }, { "WERR_DS_DRA_NO_REPLICA", WERR_DS_DRA_NO_REPLICA }, { "WERR_DS_DRA_ACCESS_DENIED", WERR_DS_DRA_ACCESS_DENIED }, + { "WERR_DS_DRA_SOURCE_DISABLED", WERR_DS_DRA_SOURCE_DISABLED }, { "WERR_DS_DNS_LOOKUP_FAILURE", WERR_DS_DNS_LOOKUP_FAILURE }, { "WERR_DS_WRONG_LINKED_ATTRIBUTE_SYNTAX", WERR_DS_WRONG_LINKED_ATTRIBUTE_SYNTAX }, { "WERR_DS_NO_MSDS_INTID", WERR_DS_NO_MSDS_INTID }, diff --git a/libcli/util/werror.h b/libcli/util/werror.h index d92232706a..a69587f361 100644 --- a/libcli/util/werror.h +++ b/libcli/util/werror.h @@ -248,6 +248,7 @@ typedef uint32_t WERROR; #define WERR_DS_DRA_DB_ERROR W_ERROR(0x00002103) #define WERR_DS_DRA_NO_REPLICA W_ERROR(0x00002104) #define WERR_DS_DRA_ACCESS_DENIED W_ERROR(0x00002105) +#define WERR_DS_DRA_SOURCE_DISABLED W_ERROR(0x00002108) #define WERR_DS_DNS_LOOKUP_FAILURE W_ERROR(0x0000214c) #define WERR_DS_WRONG_LINKED_ATTRIBUTE_SYNTAX W_ERROR(0x00002150) #define WERR_DS_NO_MSDS_INTID W_ERROR(0x00002194) diff --git a/source3/Makefile.in b/source3/Makefile.in index 22911bf772..fd753128d4 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -319,7 +319,7 @@ RPC_PARSE_OBJ0 = rpc_parse/parse_prs.o rpc_parse/parse_misc.o # this includes only the low level parse code, not stuff # that requires knowledge of security contexts -RPC_PARSE_OBJ1 = $(RPC_PARSE_OBJ0) rpc_parse/parse_sec.o +RPC_PARSE_OBJ1 = $(RPC_PARSE_OBJ0) RPC_PARSE_OBJ2 = rpc_parse/parse_rpc.o \ rpc_client/init_netlogon.o \ @@ -1442,19 +1442,19 @@ bin/smbspool@EXEEXT@: $(BINARY_PREREQS) $(CUPS_OBJ) @BUILD_POPT@ @LIBTALLOC_SHAR @$(CC) -o $@ $(CUPS_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) \ $(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(ZLIB_LIBS) -bin/mount.cifs@EXEEXT@: $(BINARY_PREREQS) $(CIFS_MOUNT_OBJ) @BUILD_POPT@ +bin/mount.cifs@EXEEXT@: $(BINARY_PREREQS) $(CIFS_MOUNT_OBJ) @echo Linking $@ - @$(CC) -o $@ $(CIFS_MOUNT_OBJ) $(DYNEXP) $(LDFLAGS) $(POPT_LIBS) + @$(CC) -o $@ $(CIFS_MOUNT_OBJ) $(DYNEXP) $(LDFLAGS) -bin/umount.cifs@EXEEXT@: $(BINARY_PREREQS) $(CIFS_UMOUNT_OBJ) @BUILD_POPT@ +bin/umount.cifs@EXEEXT@: $(BINARY_PREREQS) $(CIFS_UMOUNT_OBJ) @echo Linking $@ - @$(CC) -o $@ $(CIFS_UMOUNT_OBJ) $(DYNEXP) $(LDFLAGS) $(POPT_LIBS) + @$(CC) -o $@ $(CIFS_UMOUNT_OBJ) $(DYNEXP) $(LDFLAGS) -bin/cifs.upcall@EXEEXT@: $(BINARY_PREREQS) $(CIFS_UPCALL_OBJ) $(LIBSMBCLIENT_OBJ1) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@ +bin/cifs.upcall@EXEEXT@: $(BINARY_PREREQS) $(CIFS_UPCALL_OBJ) $(LIBSMBCLIENT_OBJ1) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@ @echo Linking $@ @$(CC) -o $@ $(CIFS_UPCALL_OBJ) $(DYNEXP) $(LDFLAGS) \ -lkeyutils $(LIBS) $(LIBSMBCLIENT_OBJ1) $(KRB5LIBS) \ - $(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(WINBIND_LIBS) \ + $(LDAP_LIBS) $(LIBTALLOC_LIBS) $(WINBIND_LIBS) \ $(LIBTDB_LIBS) $(NSCD_LIBS) bin/testparm@EXEEXT@: $(BINARY_PREREQS) $(TESTPARM_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @@ -1618,37 +1618,37 @@ bin/ldbedit: $(BINARY_PREREQS) $(LDBEDIT_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @L @echo Linking $@ @$(CC) -o $@ $(LDBEDIT_OBJ) $(DYNEXP) $(LDFLAGS) \ $(LIBS) $(POPT_LIBS) $(LDAP_LIBS) \ - $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS) + $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) bin/ldbsearch: $(BINARY_PREREQS) $(LDBSEARCH_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@ @echo Linking $@ @$(CC) -o $@ $(LDBSEARCH_OBJ) $(DYNEXP) $(LDFLAGS) \ $(LIBS) $(POPT_LIBS) $(LDAP_LIBS) \ - $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS) + $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) bin/ldbadd: $(BINARY_PREREQS) $(LDBADD_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@ @echo Linking $@ @$(CC) -o $@ $(LDBADD_OBJ) $(DYNEXP) $(LDFLAGS) \ $(LIBS) $(POPT_LIBS) $(LDAP_LIBS) \ - $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS) + $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) bin/ldbmodify: $(BINARY_PREREQS) $(LDBMODIFY_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@ @echo Linking $@ @$(CC) -o $@ $(LDBMODIFY_OBJ) $(DYNEXP) $(LDFLAGS) \ $(LIBS) $(POPT_LIBS) $(LDAP_LIBS) \ - $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS) + $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) bin/ldbdel: $(BINARY_PREREQS) $(LDBDEL_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@ @echo Linking $@ @$(CC) -o $@ $(LDBDEL_OBJ) $(DYNEXP) $(LDFLAGS) \ $(LIBS) $(POPT_LIBS) $(LDAP_LIBS) \ - $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS) + $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) bin/ldbrename: $(BINARY_PREREQS) $(LDBRENAME_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@ @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(LDBRENAME_OBJ) $(DYNEXP) $(LDFLAGS) \ $(LIBS) $(POPT_LIBS) $(LDAP_LIBS) \ - $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS) + $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) bin/versiontest: $(BINARY_PREREQS) lib/version_test.o $(VERSION_OBJ) @echo Linking $@ @@ -2661,7 +2661,7 @@ bin/ntlm_auth@EXEEXT@: $(BINARY_PREREQS) $(NTLM_AUTH_OBJ) $(PARAM_OBJ) \ bin/pam_smbpass.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_SMBPASS_OBJ) @LIBTALLOC_SHARED@ @LIBWBCLIENT_SHARED@ @LIBTDB_SHARED@ @echo "Linking shared library $@" @$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_SMBPASS_OBJ) -lpam $(DYNEXP) \ - $(LIBS) $(LDAP_LIBS) $(KRB5LIBS) $(NSCD_LIBS) \ + $(LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS) bin/tdbbackup@EXEEXT@: $(BINARY_PREREQS) $(TDBBACKUP_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ diff --git a/source3/include/proto.h b/source3/include/proto.h index 3b4b1cf3f1..77be0aba09 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -5693,10 +5693,8 @@ NTSTATUS cli_do_rpc_ndr(struct rpc_pipe_client *cli, bool smb_io_time(const char *desc, NTTIME *nttime, prs_struct *ps, int depth); bool smb_io_system_time(const char *desc, prs_struct *ps, int depth, SYSTEMTIME *systime); bool make_systemtime(SYSTEMTIME *systime, struct tm *unixtime); -bool smb_io_dom_sid(const char *desc, DOM_SID *sid, prs_struct *ps, int depth); bool smb_io_uuid(const char *desc, struct GUID *uuid, prs_struct *ps, int depth); -void init_unistr(UNISTR *str, const char *buf); void init_unistr2(UNISTR2 *str, const char *buf, enum unistr2_term_codes flags); /* The following definitions come from rpc_parse/parse_prs.c */ @@ -5818,11 +5816,6 @@ bool smb_io_rpc_auth_schannel_chk(const char *desc, int auth_len, RPC_AUTH_SCHANNEL_CHK * chk, prs_struct *ps, int depth); -/* The following definitions come from rpc_parse/parse_sec.c */ - -bool sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth); -bool sec_io_desc_buf(const char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int depth); - /* The following definitions come from rpc_server/srv_eventlog_lib.c */ TDB_CONTEXT *elog_init_tdb( char *tdbfilename ); diff --git a/source3/lib/avahi.c b/source3/lib/avahi.c index ac9867a1fc..269b329e64 100644 --- a/source3/lib/avahi.c +++ b/source3/lib/avahi.c @@ -207,6 +207,13 @@ static void avahi_timeout_update(AvahiTimeout *t, const struct timeval *tv) { TALLOC_FREE(t->te); + if (tv == NULL) { + /* + * Disable this timer + */ + return; + } + t->te = tevent_add_timer(t->ctx->ev, t, *tv, avahi_timeout_handler, t); /* * No failure mode defined here diff --git a/source3/lib/netapi/cm.c b/source3/lib/netapi/cm.c index b676ae63dd..d28b2b2126 100644 --- a/source3/lib/netapi/cm.c +++ b/source3/lib/netapi/cm.c @@ -57,6 +57,11 @@ static WERROR libnetapi_open_ipc_connection(struct libnetapi_ctx *ctx, false, false, PROTOCOL_NT1, 0, 0x20); + if (cli_ipc) { + cli_set_username(cli_ipc, ctx->username); + cli_set_password(cli_ipc, ctx->password); + cli_set_domain(cli_ipc, ctx->workgroup); + } TALLOC_FREE(auth_info); if (!cli_ipc) { diff --git a/source3/lib/netapi/user.c b/source3/lib/netapi/user.c index e760a8b1de..1cbb883169 100644 --- a/source3/lib/netapi/user.c +++ b/source3/lib/netapi/user.c @@ -1497,6 +1497,9 @@ WERROR NetQueryDisplayInformation_r(struct libnetapi_ctx *ctx, NTSTATUS status = NT_STATUS_OK; WERROR werr; + WERROR werr_tmp; + + *r->out.entries_read = 0; ZERO_STRUCT(connect_handle); ZERO_STRUCT(domain_handle); @@ -1540,15 +1543,18 @@ WERROR NetQueryDisplayInformation_r(struct libnetapi_ctx *ctx, &total_size, &returned_size, &info); - if (!NT_STATUS_IS_OK(status)) { - werr = ntstatus_to_werror(status); + werr = ntstatus_to_werror(status); + if (NT_STATUS_IS_ERR(status)) { goto done; } - werr = convert_samr_dispinfo_to_NET_DISPLAY(ctx, &info, - r->in.level, - r->out.entries_read, - r->out.buffer); + werr_tmp = convert_samr_dispinfo_to_NET_DISPLAY(ctx, &info, + r->in.level, + r->out.entries_read, + r->out.buffer); + if (!W_ERROR_IS_OK(werr_tmp)) { + werr = werr_tmp; + } done: /* if last query */ if (NT_STATUS_IS_OK(status) || diff --git a/source3/lib/util_file.c b/source3/lib/util_file.c index c5a9b7c29a..50ff844762 100644 --- a/source3/lib/util_file.c +++ b/source3/lib/util_file.c @@ -39,7 +39,7 @@ static char *file_pload(const char *syscmd, size_t *size) total = 0; while ((n = read(fd, buf, sizeof(buf))) > 0) { - p = (char *)SMB_REALLOC(p, total + n + 1); + p = talloc_realloc(NULL, p, char, total + n + 1); if (!p) { DEBUG(0,("file_pload: failed to expand buffer!\n")); close(fd); diff --git a/source3/locking/locking.c b/source3/locking/locking.c index bafb89522a..70841225a7 100644 --- a/source3/locking/locking.c +++ b/source3/locking/locking.c @@ -887,7 +887,8 @@ struct share_mode_lock *fetch_share_mode_unlocked(TALLOC_CTX *mem_ctx, } if (!fill_share_mode_lock(lck, id, servicepath, fname, data, NULL)) { - DEBUG(3, ("fill_share_mode_lock failed\n")); + DEBUG(10, ("fetch_share_mode_unlocked: no share_mode record " + "around (file not open)\n")); TALLOC_FREE(lck); return NULL; } diff --git a/source3/registry/regfio.c b/source3/registry/regfio.c index d002bd72e7..e1c04c4777 100644 --- a/source3/registry/regfio.c +++ b/source3/registry/regfio.c @@ -712,8 +712,30 @@ static bool hbin_prs_sk_rec( const char *desc, REGF_HBIN *hbin, int depth, REGF_ if ( !prs_uint32( "size", ps, depth, &sk->size)) return False; - if ( !sec_io_desc( "sec_desc", &sk->sec_desc, ps, depth )) - return False; + { + NTSTATUS status; + TALLOC_CTX *mem_ctx = prs_get_mem_context(&hbin->ps); + DATA_BLOB blob; + + if (MARSHALLING(&hbin->ps)) { + status = marshall_sec_desc(mem_ctx, + sk->sec_desc, + &blob.data, &blob.length); + if (!NT_STATUS_IS_OK(status)) + return False; + if (!prs_copy_data_in(&hbin->ps, (const char *)blob.data, blob.length)) + return False; + } else { + blob = data_blob_const(prs_data_p(&hbin->ps), + prs_data_size(&hbin->ps)); + status = unmarshall_sec_desc(mem_ctx, + blob.data, blob.length, + &sk->sec_desc); + if (!NT_STATUS_IS_OK(status)) + return False; + prs_set_offset(&hbin->ps, blob.length); + } + } end_off = prs_offset( &hbin->ps ); diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c index 8b4135a1e8..1ea4ecf46f 100644 --- a/source3/rpc_parse/parse_misc.c +++ b/source3/rpc_parse/parse_misc.c @@ -101,44 +101,6 @@ bool make_systemtime(SYSTEMTIME *systime, struct tm *unixtime) } /******************************************************************* - Reads or writes a DOM_SID structure. -********************************************************************/ - -bool smb_io_dom_sid(const char *desc, DOM_SID *sid, prs_struct *ps, int depth) -{ - int i; - - if (sid == NULL) - return False; - - prs_debug(ps, depth, desc, "smb_io_dom_sid"); - depth++; - - if(!prs_uint8 ("sid_rev_num", ps, depth, &sid->sid_rev_num)) - return False; - - if(!prs_uint8 ("num_auths ", ps, depth, (uint8 *)&sid->num_auths)) - return False; - - for (i = 0; i < 6; i++) - { - fstring tmp; - slprintf(tmp, sizeof(tmp) - 1, "id_auth[%d] ", i); - if(!prs_uint8 (tmp, ps, depth, &sid->id_auth[i])) - return False; - } - - /* oops! XXXX should really issue a warning here... */ - if (sid->num_auths > MAXSUBAUTHS) - sid->num_auths = MAXSUBAUTHS; - - if(!prs_uint32s(False, "sub_auths ", ps, depth, sid->sub_auths, sid->num_auths)) - return False; - - return True; -} - -/******************************************************************* Reads or writes a struct GUID ********************************************************************/ @@ -167,25 +129,6 @@ bool smb_io_uuid(const char *desc, struct GUID *uuid, } /******************************************************************* - Inits a UNISTR structure. -********************************************************************/ - -void init_unistr(UNISTR *str, const char *buf) -{ - size_t len; - - if (buf == NULL) { - str->buffer = NULL; - return; - } - - len = rpcstr_push_talloc(talloc_tos(), &str->buffer, buf); - if (len == (size_t)-1) { - str->buffer = NULL; - } -} - -/******************************************************************* Inits a UNISTR2 structure. ********************************************************************/ diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c deleted file mode 100644 index 91d8591a05..0000000000 --- a/source3/rpc_parse/parse_sec.c +++ /dev/null @@ -1,436 +0,0 @@ -/* - * Unix SMB/Netbios implementation. - * Version 1.9. - * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-1998, - * Copyright (C) Jeremy R. Allison 1995-2005. - * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, - * Copyright (C) Paul Ashton 1997-1998. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see <http://www.gnu.org/licenses/>. - */ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_RPC_PARSE - -/******************************************************************* - Reads or writes a SEC_ACE structure. -********************************************************************/ - -static bool sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, - int depth) -{ - uint32 old_offset; - uint32 offset_ace_size; - uint8 type; - - if (psa == NULL) - return False; - - prs_debug(ps, depth, desc, "sec_io_ace"); - depth++; - - old_offset = prs_offset(ps); - - if (MARSHALLING(ps)) { - type = (uint8)psa->type; - } - - if(!prs_uint8("type ", ps, depth, &type)) - return False; - - if (UNMARSHALLING(ps)) { - psa->type = (enum security_ace_type)type; - } - - if(!prs_uint8("flags", ps, depth, &psa->flags)) - return False; - - if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_ace_size)) - return False; - - if(!prs_uint32("access_mask", ps, depth, &psa->access_mask)) - return False; - - /* check whether object access is present */ - if (!sec_ace_object(psa->type)) { - if (!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth)) - return False; - } else { - if (!prs_uint32("obj_flags", ps, depth, &psa->object.object.flags)) - return False; - - if (psa->object.object.flags & SEC_ACE_OBJECT_TYPE_PRESENT) - if (!smb_io_uuid("obj_guid", &psa->object.object.type.type, ps,depth)) - return False; - - if (psa->object.object.flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) - if (!smb_io_uuid("inh_guid", &psa->object.object.inherited_type.inherited_type, ps,depth)) - return False; - - if(!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth)) - return False; - } - - /* Theorectically an ACE can have a size greater than the - sum of its components. When marshalling, pad with extra null bytes up to the - correct size. */ - - if (MARSHALLING(ps) && (psa->size > prs_offset(ps) - old_offset)) { - uint32 extra_len = psa->size - (prs_offset(ps) - old_offset); - uint32 i; - uint8 c = 0; - - for (i = 0; i < extra_len; i++) { - if (!prs_uint8("ace extra space", ps, depth, &c)) - return False; - } - } - - if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_ace_size, old_offset)) - return False; - - return True; -} - -/******************************************************************* - Reads or writes a SEC_ACL structure. - - First of the xx_io_xx functions that allocates its data structures - for you as it reads them. -********************************************************************/ - -static bool sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, - int depth) -{ - unsigned int i; - uint32 old_offset; - uint32 offset_acl_size; - SEC_ACL *psa; - uint16 revision; - - /* - * Note that the size is always a multiple of 4 bytes due to the - * nature of the data structure. Therefore the prs_align() calls - * have been removed as they through us off when doing two-layer - * marshalling such as in the printing code (RPC_BUFFER). --jerry - */ - - if (ppsa == NULL) - return False; - - psa = *ppsa; - - if(UNMARSHALLING(ps) && psa == NULL) { - /* - * This is a read and we must allocate the stuct to read into. - */ - if((psa = PRS_ALLOC_MEM(ps, SEC_ACL, 1)) == NULL) - return False; - *ppsa = psa; - } - - prs_debug(ps, depth, desc, "sec_io_acl"); - depth++; - - old_offset = prs_offset(ps); - - if (MARSHALLING(ps)) { - revision = (uint16)psa->revision; - } - - if(!prs_uint16("revision", ps, depth, &revision)) - return False; - - if (UNMARSHALLING(ps)) { - psa->revision = (enum security_acl_revision)revision; - } - - if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_acl_size)) - return False; - - if(!prs_uint32("num_aces ", ps, depth, &psa->num_aces)) - return False; - - if (UNMARSHALLING(ps)) { - if (psa->num_aces) { - if((psa->aces = PRS_ALLOC_MEM(ps, SEC_ACE, psa->num_aces)) == NULL) - return False; - } else { - psa->aces = NULL; - } - } - - for (i = 0; i < psa->num_aces; i++) { - fstring tmp; - slprintf(tmp, sizeof(tmp)-1, "ace_list[%02d]: ", i); - if(!sec_io_ace(tmp, &psa->aces[i], ps, depth)) - return False; - } - - /* Theorectically an ACL can have a size greater than the - sum of its components. When marshalling, pad with extra null bytes up to the - correct size. */ - - if (MARSHALLING(ps) && (psa->size > prs_offset(ps) - old_offset)) { - uint32 extra_len = psa->size - (prs_offset(ps) - old_offset); - uint8 c = 0; - - for (i = 0; i < extra_len; i++) { - if (!prs_uint8("acl extra space", ps, depth, &c)) - return False; - } - } - - if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_acl_size, old_offset)) - return False; - - return True; -} - -/******************************************************************* - Reads or writes a SEC_DESC structure. - If reading and the *ppsd = NULL, allocates the structure. -********************************************************************/ - -bool sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) -{ - uint32 old_offset; - uint32 max_offset = 0; /* after we're done, move offset to end */ - uint32 tmp_offset = 0; - uint32 off_sacl, off_dacl, off_owner_sid, off_grp_sid; - uint16 revision; - - SEC_DESC *psd; - - if (ppsd == NULL) - return False; - - psd = *ppsd; - - if (psd == NULL) { - if(UNMARSHALLING(ps)) { - if((psd = PRS_ALLOC_MEM(ps,SEC_DESC,1)) == NULL) - return False; - *ppsd = psd; - } else { - /* Marshalling - just ignore. */ - return True; - } - } - - prs_debug(ps, depth, desc, "sec_io_desc"); - depth++; - - /* start of security descriptor stored for back-calc offset purposes */ - old_offset = prs_offset(ps); - - if (MARSHALLING(ps)) { - revision = (uint16)psd->revision; - } - - if(!prs_uint16("revision", ps, depth, &revision)) - return False; - - if (UNMARSHALLING(ps)) { - psd->revision = (enum security_descriptor_revision)revision; - } - - if(!prs_uint16("type ", ps, depth, &psd->type)) - return False; - - if (MARSHALLING(ps)) { - uint32 offset = SEC_DESC_HEADER_SIZE; - - /* - * Work out the offsets here, as we write it out. - */ - - if (psd->sacl != NULL) { - off_sacl = offset; - offset += psd->sacl->size; - } else { - off_sacl = 0; - } - - if (psd->dacl != NULL) { - off_dacl = offset; - offset += psd->dacl->size; - } else { - off_dacl = 0; - } - - if (psd->owner_sid != NULL) { - off_owner_sid = offset; - offset += ndr_size_dom_sid(psd->owner_sid, NULL, 0); - } else { - off_owner_sid = 0; - } - - if (psd->group_sid != NULL) { - off_grp_sid = offset; - offset += ndr_size_dom_sid(psd->group_sid, NULL, 0); - } else { - off_grp_sid = 0; - } - } - - if(!prs_uint32("off_owner_sid", ps, depth, &off_owner_sid)) - return False; - - if(!prs_uint32("off_grp_sid ", ps, depth, &off_grp_sid)) - return False; - - if(!prs_uint32("off_sacl ", ps, depth, &off_sacl)) - return False; - - if(!prs_uint32("off_dacl ", ps, depth, &off_dacl)) - return False; - - max_offset = MAX(max_offset, prs_offset(ps)); - - if (off_owner_sid != 0) { - - tmp_offset = prs_offset(ps); - if(!prs_set_offset(ps, old_offset + off_owner_sid)) - return False; - - if (UNMARSHALLING(ps)) { - /* reading */ - if((psd->owner_sid = PRS_ALLOC_MEM(ps,DOM_SID,1)) == NULL) - return False; - } - - if(!smb_io_dom_sid("owner_sid ", psd->owner_sid , ps, depth)) - return False; - - max_offset = MAX(max_offset, prs_offset(ps)); - - if (!prs_set_offset(ps,tmp_offset)) - return False; - } - - if (psd->group_sid != 0) { - - tmp_offset = prs_offset(ps); - if(!prs_set_offset(ps, old_offset + off_grp_sid)) - return False; - - if (UNMARSHALLING(ps)) { - /* reading */ - if((psd->group_sid = PRS_ALLOC_MEM(ps,DOM_SID,1)) == NULL) - return False; - } - - if(!smb_io_dom_sid("grp_sid", psd->group_sid, ps, depth)) - return False; - - max_offset = MAX(max_offset, prs_offset(ps)); - - if (!prs_set_offset(ps,tmp_offset)) - return False; - } - - if ((psd->type & SEC_DESC_SACL_PRESENT) && off_sacl) { - tmp_offset = prs_offset(ps); - if(!prs_set_offset(ps, old_offset + off_sacl)) - return False; - if(!sec_io_acl("sacl", &psd->sacl, ps, depth)) - return False; - max_offset = MAX(max_offset, prs_offset(ps)); - if (!prs_set_offset(ps,tmp_offset)) - return False; - } - - if ((psd->type & SEC_DESC_DACL_PRESENT) && off_dacl != 0) { - tmp_offset = prs_offset(ps); - if(!prs_set_offset(ps, old_offset + off_dacl)) - return False; - if(!sec_io_acl("dacl", &psd->dacl, ps, depth)) - return False; - max_offset = MAX(max_offset, prs_offset(ps)); - if (!prs_set_offset(ps,tmp_offset)) - return False; - } - - if(!prs_set_offset(ps, max_offset)) - return False; - - return True; -} - -/******************************************************************* - Reads or writes a SEC_DESC_BUF structure. -********************************************************************/ - -bool sec_io_desc_buf(const char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int depth) -{ - uint32 off_len; - uint32 off_max_len; - uint32 old_offset; - uint32 size; - uint32 len; - SEC_DESC_BUF *psdb; - uint32 ptr; - - if (ppsdb == NULL) - return False; - - psdb = *ppsdb; - - if (UNMARSHALLING(ps) && psdb == NULL) { - if((psdb = PRS_ALLOC_MEM(ps,SEC_DESC_BUF,1)) == NULL) - return False; - *ppsdb = psdb; - } - - prs_debug(ps, depth, desc, "sec_io_desc_buf"); - depth++; - - if(!prs_align(ps)) - return False; - - if(!prs_uint32_pre("max_len", ps, depth, &psdb->sd_size, &off_max_len)) - return False; - - ptr = 1; - if(!prs_uint32 ("ptr ", ps, depth, &ptr)) - return False; - - len = ndr_size_security_descriptor(psdb->sd, NULL, 0); - if(!prs_uint32_pre("len ", ps, depth, &len, &off_len)) - return False; - - old_offset = prs_offset(ps); - - /* reading, length is non-zero; writing, descriptor is non-NULL */ - if ((UNMARSHALLING(ps) && psdb->sd_size != 0) || (MARSHALLING(ps) && psdb->sd != NULL)) { - if(!sec_io_desc("sec ", &psdb->sd, ps, depth)) - return False; - } - - if(!prs_align(ps)) - return False; - - size = prs_offset(ps) - old_offset; - if(!prs_uint32_post("max_len", ps, depth, &psdb->sd_size, off_max_len, size == 0 ? psdb->sd_size : size)) - return False; - - if(!prs_uint32_post("len ", ps, depth, &len, off_len, size)) - return False; - - return True; -} diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 628fc1bd32..7e75eea6b4 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -441,6 +441,8 @@ void reply_ntcreate_and_X(struct smb_request *req) START_PROFILE(SMBntcreateX); + SET_STAT_INVALID(sbuf); + if (req->wct < 24) { reply_nterror(req, NT_STATUS_INVALID_PARAMETER); return; @@ -865,6 +867,8 @@ static void call_nt_transact_create(connection_struct *conn, uint8_t oplock_granted; TALLOC_CTX *ctx = talloc_tos(); + SET_STAT_INVALID(sbuf); + DEBUG(5,("call_nt_transact_create\n")); /* diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 6f19a58178..16eb4a7fd7 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -1606,6 +1606,8 @@ void reply_open(struct smb_request *req) START_PROFILE(SMBopen); + SET_STAT_INVALID(sbuf); + if (req->wct < 2) { reply_nterror(req, NT_STATUS_INVALID_PARAMETER); END_PROFILE(SMBopen); @@ -1741,6 +1743,8 @@ void reply_open_and_X(struct smb_request *req) return; } + SET_STAT_INVALID(sbuf); + open_flags = SVAL(req->vwv+2, 0); deny_mode = SVAL(req->vwv+3, 0); smb_attr = SVAL(req->vwv+5, 0); @@ -1945,6 +1949,7 @@ void reply_mknew(struct smb_request *req) START_PROFILE(SMBcreate); ZERO_STRUCT(ft); + SET_STAT_INVALID(sbuf); if (req->wct < 3) { reply_nterror(req, NT_STATUS_INVALID_PARAMETER); @@ -2123,6 +2128,7 @@ void reply_ctemp(struct smb_request *req) return; } + SET_STAT_INVALID(sbuf); SMB_VFS_STAT(conn,fname,&sbuf); /* We should fail if file does not exist. */ diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index df01a39893..04b1145e58 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -895,6 +895,8 @@ static void call_trans2open(connection_struct *conn, uint32 create_options = 0; TALLOC_CTX *ctx = talloc_tos(); + SET_STAT_INVALID(sbuf); + /* * Ensure we have enough parameters to perform the operation. */ diff --git a/source3/utils/net_rpc_printer.c b/source3/utils/net_rpc_printer.c index 1d0e9a38be..9721628f02 100644 --- a/source3/utils/net_rpc_printer.c +++ b/source3/utils/net_rpc_printer.c @@ -2260,14 +2260,13 @@ NTSTATUS rpc_printer_migrate_settings_internals(struct net_context *c, info_dst.info2.secdesc = NULL; #if 0 - if (asprintf(&devicename, "\\\\%s\\%s", longname, - printername) < 0) { + info_dst.info2.devmode.devicename = + talloc_asprintf(mem_ctx, "\\\\%s\\%s", + longname, printername); + if (!info_dst.info2.devmode.devicename) { nt_status = NT_STATUS_NO_MEMORY; goto done; } - - init_unistr(&ctr_dst.printers_2->devmode->devicename, - devicename); #endif if (!net_spoolss_setprinter(pipe_hnd_dst, mem_ctx, &hnd_dst, level, &info_dst)) diff --git a/source4/auth/credentials/credentials_krb5.h b/source4/auth/credentials/credentials_krb5.h index 0d0e9f330f..5e56752eb4 100644 --- a/source4/auth/credentials/credentials_krb5.h +++ b/source4/auth/credentials/credentials_krb5.h @@ -24,6 +24,7 @@ #define __CREDENTIALS_KRB5_H__ #include <gssapi/gssapi.h> +#include <gssapi/gssapi_krb5.h> #include <krb5.h> struct gssapi_creds_container { diff --git a/source4/auth/kerberos/clikrb5.c b/source4/auth/kerberos/clikrb5.c index cf87d13cf2..68e7eb90cc 100644 --- a/source4/auth/kerberos/clikrb5.c +++ b/source4/auth/kerberos/clikrb5.c @@ -74,13 +74,9 @@ void kerberos_free_data_contents(krb5_context context, krb5_data *pdata) { -#if defined(HAVE_KRB5_FREE_DATA_CONTENTS) if (pdata->data) { - krb5_free_data_contents(context, pdata); + krb5_data_free(pdata); } -#else - SAFE_FREE(pdata->data); -#endif } krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry) diff --git a/source4/dsdb/samdb/ldb_modules/tests/possibleinferiors.py b/source4/dsdb/samdb/ldb_modules/tests/possibleinferiors.py index 0e74456dac..ec426c099b 100755 --- a/source4/dsdb/samdb/ldb_modules/tests/possibleinferiors.py +++ b/source4/dsdb/samdb/ldb_modules/tests/possibleinferiors.py @@ -71,7 +71,7 @@ schema_base = rootDse["schemaNamingContext"][0] def possible_inferiors_search(db, oc): """return the possible inferiors via a search for the possibleInferiors attribute""" res = db.search(base=schema_base, - expression=("ldapdisplayname=%s" % oc), + expression=("ldapDisplayName=%s" % oc), attrs=["possibleInferiors"]) poss=[] @@ -86,47 +86,137 @@ def possible_inferiors_search(db, oc): # see [MS-ADTS] section 3.1.1.4.5.21 -# for this algorithm +# and section 3.1.1.4.2 for this algorithm # !systemOnly=TRUE # !objectClassCategory=2 # !objectClassCategory=3 -def POSSINFERIORS(db, oc): - """returns a list of possible inferiors to a class. Returned list has the ldapdisplayname, systemOnly and objectClassCategory for each element""" - expanded = [oc] - res = db.search(base=schema_base, - expression=("subclassof=%s" % str(oc["ldapdisplayname"][0])), - attrs=["ldapdisplayname", "systemOnly", "objectClassCategory"]) +def SUPCLASSES(classinfo, oc): + list = [] + if oc == "top": + return list + if classinfo[oc].get("SUPCLASSES") is not None: + return classinfo[oc]["SUPCLASSES"] + res = classinfo[oc]["subClassOf"]; for r in res: - expanded.extend(POSSINFERIORS(db,r)) - return expanded + list.append(r) + list.extend(SUPCLASSES(classinfo,r)) + classinfo[oc]["SUPCLASSES"] = list + return list -def possible_inferiors_constructed(db, oc): - """return the possbible inferiors via a recursive search and match""" - res = db.search(base=schema_base, - expression=("(&(objectclass=classSchema)(|(posssuperiors=%s)(systemposssuperiors=%s)))" % (oc,oc)), - attrs=["ldapdisplayname", "systemOnly", "objectClassCategory"]) +def AUXCLASSES(classinfo, oclist): + list = [] + if oclist == []: + return list + for oc in oclist: + if classinfo[oc].get("AUXCLASSES") is not None: + list.extend(classinfo[oc]["AUXCLASSES"]) + else: + list2 = [] + list2.extend(classinfo[oc]["systemAuxiliaryClass"]) + list2.extend(AUXCLASSES(classinfo, classinfo[oc]["systemAuxiliaryClass"])) + list2.extend(classinfo[oc]["auxiliaryClass"]) + list2.extend(AUXCLASSES(classinfo, classinfo[oc]["auxiliaryClass"])) + list2.extend(AUXCLASSES(classinfo, SUPCLASSES(classinfo, oc))) + classinfo[oc]["AUXCLASSES"] = list2 + list.extend(list2) + return list - poss = [] +def SUBCLASSES(classinfo, oclist): + list = [] + for oc in oclist: + list.extend(classinfo[oc]["SUBCLASSES"]) + return list + +def POSSSUPERIORS(classinfo, oclist): + list = [] + for oc in oclist: + if classinfo[oc].get("POSSSUPERIORS") is not None: + list.extend(classinfo[oc]["POSSSUPERIORS"]) + else: + list2 = [] + list2.extend(classinfo[oc]["systemPossSuperiors"]) + list2.extend(classinfo[oc]["possSuperiors"]) + list2.extend(POSSSUPERIORS(classinfo, SUPCLASSES(classinfo, oc))) + # the WSPP docs suggest we should do this: + # list2.extend(POSSSUPERIORS(classinfo, AUXCLASSES(classinfo, [oc]))) + # but testing against w2k3 and w2k8 shows that we need to do this instead + list2.extend(SUBCLASSES(classinfo, list2)) + classinfo[oc]["POSSSUPERIORS"] = list2 + list.extend(list2) + return list + +def pull_classinfo(db): + """At startup we build a classinfo[] dictionary that holds all the information needed to construct the possible inferiors""" + classinfo = {} + res = db.search(base=schema_base, + expression="objectclass=classSchema", + attrs=["ldapDisplayName", "systemOnly", "objectClassCategory", + "possSuperiors", "systemPossSuperiors", + "auxiliaryClass", "systemAuxiliaryClass", "subClassOf"]) for r in res: - poss.extend(POSSINFERIORS(db,r)) - - poss2 = [] - for p in poss: - if (not (p["systemOnly"][0] == "TRUE" or - int(p["objectClassCategory"][0]) == 2 or - int(p["objectClassCategory"][0]) == 3)): - poss2.append(p["ldapdisplayname"][0]) - - poss2 = uniq_list(poss2) - poss2.sort() - return poss2 - -def test_class(db, oc): + name = str(r["ldapDisplayName"][0]) + classinfo[name] = {} + if str(r["systemOnly"]) == "TRUE": + classinfo[name]["systemOnly"] = True + else: + classinfo[name]["systemOnly"] = False + if r.get("objectClassCategory"): + classinfo[name]["objectClassCategory"] = int(r["objectClassCategory"][0]) + else: + classinfo[name]["objectClassCategory"] = 0 + for a in [ "possSuperiors", "systemPossSuperiors", + "auxiliaryClass", "systemAuxiliaryClass", + "subClassOf" ]: + classinfo[name][a] = [] + if r.get(a): + for i in r[a]: + classinfo[name][a].append(str(i)) + + # build a list of subclasses for each class + def subclasses_recurse(subclasses, oc): + list = subclasses[oc] + for c in list: + list.extend(subclasses_recurse(subclasses, c)) + return list + + subclasses = {} + for oc in classinfo: + subclasses[oc] = [] + for oc in classinfo: + for c in classinfo[oc]["subClassOf"]: + if not c == oc: + subclasses[c].append(oc) + for oc in classinfo: + classinfo[oc]["SUBCLASSES"] = uniq_list(subclasses_recurse(subclasses, oc)) + + return classinfo + +def is_in_list(list, c): + for a in list: + if c == a: + return True + return False + +def possible_inferiors_constructed(db, classinfo, c): + list = [] + for oc in classinfo: + superiors = POSSSUPERIORS(classinfo, [oc]) + if (is_in_list(superiors, c) and + classinfo[oc]["systemOnly"] == False and + classinfo[oc]["objectClassCategory"] != 2 and + classinfo[oc]["objectClassCategory"] != 3): + list.append(oc) + list = uniq_list(list) + list.sort() + return list + +def test_class(db, classinfo, oc): """test to see if one objectclass returns the correct possibleInferiors""" + print "testing objectClass %s" % oc poss1 = possible_inferiors_search(db, oc) - poss2 = possible_inferiors_constructed(db, oc) + poss2 = possible_inferiors_constructed(db, classinfo, oc) if poss1 != poss2: print "Returned incorrect list for objectclass %s" % oc print poss1 @@ -137,19 +227,17 @@ def test_class(db, oc): def get_object_classes(db): """return a list of all object classes""" - res = db.search(base=schema_base, - expression="objectClass=classSchema", - attrs=["ldapdisplayname"]) list=[] - for item in res: - list.append(item["ldapdisplayname"][0]) + for item in classinfo: + list.append(item) return list +classinfo = pull_classinfo(db) + if objectclass is None: for oc in get_object_classes(db): - print "testing objectClass %s" % oc - test_class(db,oc) + test_class(db,classinfo,oc) else: - test_class(db,objectclass) + test_class(db,classinfo,objectclass) print "Lists match OK" diff --git a/source4/heimdal_build/replace.c b/source4/heimdal_build/replace.c index 41309fea6e..ba43dd9495 100644 --- a/source4/heimdal_build/replace.c +++ b/source4/heimdal_build/replace.c @@ -84,3 +84,7 @@ return -1; } #endif + +const char *heimdal_version = "samba-internal-heimdal"; +const char *heimdal_long_version = "samba-interal-heimdal"; + diff --git a/source4/heimdal_build/roken.h b/source4/heimdal_build/roken.h index 3edeb2fb2e..e3edd53872 100644 --- a/source4/heimdal_build/roken.h +++ b/source4/heimdal_build/roken.h @@ -41,6 +41,22 @@ #define HAVE_STRNDUP #endif +#ifndef HAVE_STRLCPY +#define HAVE_STRLCPY +#endif + +#ifndef HAVE_STRLCAT +#define HAVE_STRLCAT +#endif + +#ifndef HAVE_STRCASECMP +#define HAVE_STRCASECMP +#endif + +#ifndef HAVE_MKSTEMP +#define HAVE_MKSTEMP +#endif + #ifndef HAVE_SETENV #define HAVE_SETENV #endif @@ -84,4 +100,7 @@ #undef SOCKET_WRAPPER_REPLACE #include "heimdal/lib/roken/roken.h.in" +extern const char *heimdal_version; +extern const char *heimdal_long_version; + #endif diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c index 1cfe9852f0..3d11441062 100644 --- a/source4/kdc/kdc.c +++ b/source4/kdc/kdc.c @@ -345,7 +345,7 @@ static bool kdc_process(struct kdc_server *kdc, } if (k5_reply.length) { *reply = data_blob_talloc(mem_ctx, k5_reply.data, k5_reply.length); - krb5_free_data_contents(kdc->smb_krb5_context->krb5_context, &k5_reply); + krb5_data_free(&k5_reply); } else { *reply = data_blob(NULL, 0); } |