summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2003-09-24 15:16:57 +0000
committerGerald Carter <jerry@samba.org>2003-09-24 15:16:57 +0000
commit602ad283b4724acac0a416cd1fd1124ce89ee316 (patch)
tree0a0a995abaa76d3a350d450ddb996ee260ca4f3a
parent4b10dd945476a93fd9a7d3e047cff7592935ad34 (diff)
downloadsamba-602ad283b4724acac0a416cd1fd1124ce89ee316.tar.gz
samba-602ad283b4724acac0a416cd1fd1124ce89ee316.tar.bz2
samba-602ad283b4724acac0a416cd1fd1124ce89ee316.zip
* sync more files from 3.0
* set version string to "CVS 3.1.0alpha1" (This used to be commit c6a61ffcbd0c95afd94bd33fd832b24bc8209de5)
-rw-r--r--source3/Makefile.in5
-rw-r--r--source3/VERSION8
-rw-r--r--source3/lib/afs.c60
-rw-r--r--source3/lib/util_sec.c4
-rw-r--r--source3/param/loadparm.c7
-rw-r--r--source3/script/gaptab.awk4
-rw-r--r--source3/script/installmsg.sh23
-rw-r--r--source3/smbd/service.c4
-rw-r--r--source3/utils/net.c6
9 files changed, 86 insertions, 35 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index a2c4a360d4..0ea2c4411f 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -1205,7 +1205,10 @@ installscripts: installdirs
installdat: installdirs
@$(SHELL) $(srcdir)/script/installdat.sh $(DESTDIR)$(LIBDIR) $(srcdir)
-installswat: installdirs
+installmsg: installdirs
+ @$(SHELL) $(srcdir)/script/installmsg.sh $(DESTDIR)$(LIBDIR) $(srcdir)
+
+installswat: installdirs installmsg
@$(SHELL) $(srcdir)/script/installswat.sh $(DESTDIR)$(SWATDIR) $(srcdir)
installclientlib: installdirs libsmbclient
diff --git a/source3/VERSION b/source3/VERSION
index 9cf8b11ef1..d7f386ab42 100644
--- a/source3/VERSION
+++ b/source3/VERSION
@@ -18,8 +18,8 @@
# -> "3.0.0" #
########################################################
SAMBA_VERSION_MAJOR=3
-SAMBA_VERSION_MINOR=0
-SAMBA_VERSION_RELEASE=1
+SAMBA_VERSION_MINOR=1
+SAMBA_VERSION_RELEASE=0
########################################################
# If a official release has a serious bug #
@@ -41,7 +41,7 @@ SAMBA_VERSION_REVISION=
# e.g. SAMBA_VERSION_PRE_RELEASE=1 #
# -> "2.2.9pre1" #
########################################################
-SAMBA_VERSION_PRE_RELEASE=1
+SAMBA_VERSION_PRE_RELEASE=
########################################################
# For 'rc' releases the version will be #
@@ -71,7 +71,7 @@ SAMBA_VERSION_BETA_RELEASE=
# e.g. SAMBA_VERSION_ALPHA_RELEASE=1 #
# -> "4.0.0alpha1" #
########################################################
-SAMBA_VERSION_ALPHA_RELEASE=
+SAMBA_VERSION_ALPHA_RELEASE=1
########################################################
# For 'test' releases the version will be #
diff --git a/source3/lib/afs.c b/source3/lib/afs.c
index b96703e986..882442a79f 100644
--- a/source3/lib/afs.c
+++ b/source3/lib/afs.c
@@ -35,18 +35,6 @@ _syscall5(int, afs_syscall, int, subcall,
char *, cmarg,
int, follow);
-char *afs_cell(void)
-{
- static char *cell = NULL;
-
- if (cell == NULL) {
- cell = strdup(lp_realm());
- strlower_m(cell);
- }
-
- return cell;
-}
-
struct ClearToken {
uint32 AuthHandle;
char HandShakeKey[8];
@@ -65,7 +53,8 @@ struct ClearToken {
to avoid.
*/
-static BOOL afs_settoken(char *username, const struct ClearToken *ctok,
+static BOOL afs_settoken(const char *username, const char *cell,
+ const struct ClearToken *ctok,
char *v4tkt_data, int v4tkt_length)
{
int ret;
@@ -94,13 +83,13 @@ static BOOL afs_settoken(char *username, const struct ClearToken *ctok,
memcpy(p, &tmp, sizeof(uint32));
p += sizeof(uint32);
- tmp = strlen(afs_cell());
+ tmp = strlen(cell);
if (tmp >= MAXKTCREALMLEN) {
DEBUG(1, ("Realm too long\n"));
return False;
}
- strncpy(p, afs_cell(), tmp);
+ strncpy(p, cell, tmp);
p += tmp;
*p = 0;
p +=1;
@@ -135,12 +124,14 @@ static BOOL afs_settoken(char *username, const struct ClearToken *ctok,
For the comments "Alice" is the User to be auth'ed, and "Bob" is the
AFS server. */
-BOOL afs_login(char *username)
+BOOL afs_login(connection_struct *conn)
{
fstring ticket;
char *p = ticket;
uint32 len;
struct afs_key key;
+ pstring afs_username;
+ char *cell;
struct ClearToken ct;
@@ -148,13 +139,28 @@ BOOL afs_login(char *username)
des_key_schedule key_schedule;
- DEBUG(10, ("Trying to log into AFS for user %s@%s\n",
- username, afs_cell()));
+ pstrcpy(afs_username, lp_afs_username_map());
+ standard_sub_conn(conn, afs_username, sizeof(afs_username));
+
+ cell = strchr(afs_username, '@');
+
+ if (cell == NULL) {
+ DEBUG(1, ("AFS username doesn't contain a @, "
+ "could not find cell\n"));
+ return False;
+ }
+
+ *cell = '\0';
+ cell += 1;
+ strlower_m(cell);
+
+ DEBUG(10, ("Trying to log into AFS for user %s@%s\n",
+ afs_username, cell));
if (!secrets_init())
return False;
- if (!secrets_fetch_afs_key(afs_cell(), &key)) {
+ if (!secrets_fetch_afs_key(cell, &key)) {
DEBUG(5, ("Could not fetch AFS service key\n"));
return False;
}
@@ -172,14 +178,20 @@ BOOL afs_login(char *username)
p += 1;
/* "Alice", the client username */
- strncpy(p, username, sizeof(ticket)-PTR_DIFF(p,ticket)-1);
+ strncpy(p, afs_username, sizeof(ticket)-PTR_DIFF(p,ticket)-1);
p += strlen(p)+1;
strncpy(p, "", sizeof(ticket)-PTR_DIFF(p,ticket)-1);
p += strlen(p)+1;
- strncpy(p, afs_cell(), sizeof(ticket)-PTR_DIFF(p,ticket)-1);
+ strncpy(p, cell, sizeof(ticket)-PTR_DIFF(p,ticket)-1);
p += strlen(p)+1;
- ct.ViceId = getuid();
+ /* As long as we still only use the effective UID we need to set the
+ * token for it here as well. This involves patching AFS in two
+ * places. Once we start using the real uid where we have the
+ * setresuid function, we can use getuid() here which would be more
+ * correct. */
+
+ ct.ViceId = geteuid();
DEBUG(10, ("Creating Token for uid %d\n", ct.ViceId));
/* Alice's network layer address. At least Openafs-1.2.10
@@ -235,12 +247,12 @@ BOOL afs_login(char *username)
ZERO_STRUCT(key);
- return afs_settoken(username, &ct, ticket, len);
+ return afs_settoken(afs_username, cell, &ct, ticket, len);
}
#else
-BOOL afs_login(char *username)
+BOOL afs_login(connection_struct *conn)
{
return True;
}
diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c
index 132748ce13..1980b8bfb7 100644
--- a/source3/lib/util_sec.c
+++ b/source3/lib/util_sec.c
@@ -183,6 +183,10 @@ void gain_root_group_privilege(void)
void set_effective_uid(uid_t uid)
{
#if USE_SETRESUID
+ /* On Systems which have this function, would it not be more
+ * appropriate to also set the real uid by doing
+ * setresuid(uid,uid,-1)? This would make patching AFS
+ * unnecessary. See comment in lib/afs.c. */
setresuid(-1,uid,-1);
#endif
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index b370b6b049..0efa2796c3 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -126,6 +126,7 @@ typedef struct
char *szPasswordServer;
char *szSocketOptions;
char *szRealm;
+ char *szAfsUsernameMap;
char *szUsernameMap;
char *szLogonScript;
char *szLogonPath;
@@ -413,6 +414,7 @@ typedef struct
BOOL bUseSendfile;
BOOL bProfileAcls;
BOOL bMap_acl_inherit;
+ BOOL bAfs_Share;
param_opt_struct *param_opt;
char dummy[3]; /* for alignment */
@@ -533,6 +535,7 @@ static service sDefault = {
False, /* bUseSendfile */
False, /* bProfileAcls */
False, /* bMap_acl_inherit */
+ False, /* bAfs_Share */
NULL, /* Parametric options */
@@ -762,6 +765,7 @@ static struct parm_struct parm_table[] = {
#ifdef WITH_ADS
{"realm", P_USTRING, P_GLOBAL, &Globals.szRealm, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD},
#endif
+ {"afs username map", P_USTRING, P_GLOBAL, &Globals.szAfsUsernameMap, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD},
{"netbios name", P_USTRING, P_GLOBAL, &Globals.szNetbiosName, handle_netbios_name, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD},
{"netbios aliases", P_LIST, P_GLOBAL, &Globals.szNetbiosAliases, handle_netbios_aliases, NULL, FLAG_ADVANCED},
{"netbios scope", P_USTRING, P_GLOBAL, &Globals.szNetbiosScope, handle_netbios_scope, NULL, FLAG_ADVANCED},
@@ -890,6 +894,7 @@ static struct parm_struct parm_table[] = {
{"announce version", P_STRING, P_GLOBAL, &Globals.szAnnounceVersion, NULL, NULL, FLAG_ADVANCED},
{"announce as", P_ENUM, P_GLOBAL, &Globals.announce_as, NULL, enum_announce_as, FLAG_ADVANCED},
{"map acl inherit", P_BOOL, P_LOCAL, &sDefault.bMap_acl_inherit, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL},
+ {"afs share", P_BOOL, P_LOCAL, &sDefault.bAfs_Share, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL},
{"max mux", P_INTEGER, P_GLOBAL, &Globals.max_mux, NULL, NULL, FLAG_ADVANCED},
{"max xmit", P_INTEGER, P_GLOBAL, &Globals.max_xmit, NULL, NULL, FLAG_ADVANCED},
@@ -1634,6 +1639,7 @@ FN_GLOBAL_STRING(lp_passwd_chat, &Globals.szPasswdChat)
FN_GLOBAL_STRING(lp_passwordserver, &Globals.szPasswordServer)
FN_GLOBAL_STRING(lp_name_resolve_order, &Globals.szNameResolveOrder)
FN_GLOBAL_STRING(lp_realm, &Globals.szRealm)
+FN_GLOBAL_STRING(lp_afs_username_map, &Globals.szAfsUsernameMap)
FN_GLOBAL_STRING(lp_username_map, &Globals.szUsernameMap)
FN_GLOBAL_CONST_STRING(lp_logon_script, &Globals.szLogonScript)
FN_GLOBAL_CONST_STRING(lp_logon_path, &Globals.szLogonPath)
@@ -1871,6 +1877,7 @@ FN_LOCAL_BOOL(lp_nt_acl_support, bNTAclSupport)
FN_LOCAL_BOOL(_lp_use_sendfile, bUseSendfile)
FN_LOCAL_BOOL(lp_profile_acls, bProfileAcls)
FN_LOCAL_BOOL(lp_map_acl_inherit, bMap_acl_inherit)
+FN_LOCAL_BOOL(lp_afs_share, bAfs_Share)
FN_LOCAL_INTEGER(lp_create_mask, iCreate_mask)
FN_LOCAL_INTEGER(lp_force_create_mode, iCreate_force_mode)
FN_LOCAL_INTEGER(lp_security_mask, iSecurity_mask)
diff --git a/source3/script/gaptab.awk b/source3/script/gaptab.awk
index f9d1526361..a309089cd5 100644
--- a/source3/script/gaptab.awk
+++ b/source3/script/gaptab.awk
@@ -23,9 +23,9 @@ function tonum(str)
function fmt(val)
{
if (f++ % 8 == 0)
- { printf ("\n '\\x%02x',", val); }
+ { printf ("\n 0x%02x,", val); }
else
- { printf (" '\\x%02x',", val); }
+ { printf (" 0x%02x,", val); }
}
{
diff --git a/source3/script/installmsg.sh b/source3/script/installmsg.sh
new file mode 100644
index 0000000000..30ad404aa0
--- /dev/null
+++ b/source3/script/installmsg.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+# first version (Sept 2003) written by Shiro Yamada <shiro@miraclelinux.com>
+# based on the first verion (March 2002) of installdat.sh written by Herb Lewis
+
+MSGDIR=$1
+SRCDIR=$2/
+
+echo Installing msg files in $MSGDIR
+
+for f in $SRCDIR/po/*.msg; do
+ FNAME=$MSGDIR/`basename $f`
+ echo $FNAME
+ cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges?
+ chmod 0644 $FNAME
+done
+
+cat << EOF
+======================================================================
+The msg files have been installed.
+======================================================================
+EOF
+
+exit 0
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 70126b9e7f..44d73b2ab2 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -644,7 +644,9 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
}
#ifdef WITH_FAKE_KASERVER
- afs_login(user);
+ if (lp_afs_share(SNUM(conn))) {
+ afs_login(conn);
+ }
#endif
#if CHECK_PATH_ON_TCONX
diff --git a/source3/utils/net.c b/source3/utils/net.c
index e5c078da29..42966b4f83 100644
--- a/source3/utils/net.c
+++ b/source3/utils/net.c
@@ -476,8 +476,8 @@ static int net_afskey(int argc, const char **argv)
int fd;
struct afs_keyfile keyfile;
- if (argc != 1) {
- d_printf("usage: 'net afskey <keyfile>'\n");
+ if (argc != 2) {
+ d_printf("usage: 'net afskey <keyfile> cell'\n");
return -1;
}
@@ -496,7 +496,7 @@ static int net_afskey(int argc, const char **argv)
return -1;
}
- if (!secrets_store_afs_keyfile(afs_cell(), &keyfile)) {
+ if (!secrets_store_afs_keyfile(argv[1], &keyfile)) {
d_printf("Could not write keyfile to secrets.tdb\n");
return -1;
}