diff options
author | Jeremy Allison <jra@samba.org> | 1998-07-14 21:23:59 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 1998-07-14 21:23:59 +0000 |
commit | 59d07445b61e26321e3a1770c13756ac5948aabb (patch) | |
tree | 86286c7a304d26109ece60f7c3a5af5374a7757e /source3/smbd | |
parent | a5ddf0881e2410b7d4d8f1a389785e4db28d989e (diff) | |
download | samba-59d07445b61e26321e3a1770c13756ac5948aabb.tar.gz samba-59d07445b61e26321e3a1770c13756ac5948aabb.tar.bz2 samba-59d07445b61e26321e3a1770c13756ac5948aabb.zip |
loadparm.c:
With apologies to Charlton Heston and Pierre Boule.
"You damn fools, you finally did it".
Changed default security mode to be security=user.
Yes this is a big (although small in code) change.
It's something we've been discussing for a while, to
finally wean people off the legacy security=share mode
which is *never* what you want.
Jeremy.
nmbd_incomingrequests.c: Bug fix for nmbd core dumps caused by overrun.
Found by <samuel@public.szonline.net>.
nttrans.c: More NT smb stuff.
reply.c: Unlink will overwrite an existing file. Well you learn
something new about POSIX every day. :-).
server.c: Tidyup unreadable code.
smbpasswd.c: Code to allow -U remote_username to allow ordinary
users to change remote passwords if their NT username
is different from their UNIX username.
Patch from <torbjorn.lindh@allgon.se>.
Jeremy.
(This used to be commit 4eccb47cfb3c8907a6558b6ea9a02b0184458e34)
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/nttrans.c | 3 | ||||
-rw-r--r-- | source3/smbd/reply.c | 26 | ||||
-rw-r--r-- | source3/smbd/server.c | 176 |
3 files changed, 102 insertions, 103 deletions
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index fa47bc7a17..65f2b0274e 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -766,7 +766,8 @@ static int call_nt_transact_rename(char *inbuf, char *outbuf, int bufsize, int c StrnCpy(new_name,params+4,fname_len); new_name[fname_len] = '\0'; - outsize = rename_internals(inbuf, outbuf, Files[fnum].name, newname, replace_if_exists); + outsize = rename_internals(inbuf, outbuf, Files[fnum].name, + newname, replace_if_exists); if(outsize == 0) { /* * Rename was successful. diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index cb659e3ef9..07b72738c5 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -3258,21 +3258,21 @@ int rename_internals(char *inbuf, char *outbuf, char *name, char *newname, BOOL if(replace_if_exists) { /* - * NT SMB specific flag - we must remove a target - * file with the same name before continuing. + * NT SMB specific flag - rename can overwrite + * file with the same name so don't check for + * file_exist(). */ if(resolve_wildcards(directory,newname) && can_rename(directory,cnum) && - file_exist(newname,NULL)) { - sys_unlink(newname); - } - } - - if (resolve_wildcards(directory,newname) && - can_rename(directory,cnum) && - !file_exist(newname,NULL) && !sys_rename(directory,newname)) - count++; + count++; + } else { + if (resolve_wildcards(directory,newname) && + can_rename(directory,cnum) && + !file_exist(newname,NULL) && + !sys_rename(directory,newname)) + count++; + } DEBUG(3,("rename_internals: %s doing rename on %s -> %s\n",(count != 0) ? "succeeded" : "failed", directory,newname)); @@ -3319,9 +3319,7 @@ int rename_internals(char *inbuf, char *outbuf, char *name, char *newname, BOOL continue; } - if (replace_if_exists && file_exist(destname,NULL)) { - sys_unlink(destname); - } else if(file_exist(destname,NULL)) { + if (!replace_if_exists && file_exist(destname,NULL)) { DEBUG(6,("file_exist %s\n", destname)); error = 183; continue; diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 374c41c1f5..154f8ed93e 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -4787,126 +4787,126 @@ static int switch_message(int type,char *inbuf,char *outbuf,int size,int bufsize /* make sure this is an SMB packet */ if (strncmp(smb_base(inbuf),"\377SMB",4) != 0) - { - DEBUG(2,("Non-SMB packet of length %d\n",smb_len(inbuf))); - return(-1); - } + { + DEBUG(2,("Non-SMB packet of length %d\n",smb_len(inbuf))); + return(-1); + } for (match=0;match<num_smb_messages;match++) if (smb_messages[match].code == type) break; if (match == num_smb_messages) - { - DEBUG(0,("Unknown message type %d!\n",type)); - outsize = reply_unknown(inbuf,outbuf); - } + { + DEBUG(0,("Unknown message type %d!\n",type)); + outsize = reply_unknown(inbuf,outbuf); + } else - { - DEBUG(3,("switch message %s (pid %d)\n",smb_messages[match].name,pid)); + { + DEBUG(3,("switch message %s (pid %d)\n",smb_messages[match].name,pid)); - if(global_oplock_break && (smb_messages[match].flags & QUEUE_IN_OPLOCK)) - { - /* - * Queue this message as we are the process of an oplock break. - */ + if(global_oplock_break && (smb_messages[match].flags & QUEUE_IN_OPLOCK)) + { + /* + * Queue this message as we are the process of an oplock break. + */ - DEBUG(2,("%s: switch_message: queueing message due to being in oplock break state.\n", - timestring() )); + DEBUG(2,("%s: switch_message: queueing message due to being in oplock break state.\n", + timestring() )); - push_smb_message( inbuf, size); - return -1; - } + push_smb_message( inbuf, size); + return -1; + } - if (smb_messages[match].fn) - { - int cnum = SVAL(inbuf,smb_tid); - int flags = smb_messages[match].flags; - static uint16 last_session_tag = UID_FIELD_INVALID; - /* In share mode security we must ignore the vuid. */ - uint16 session_tag = (lp_security() == SEC_SHARE) ? UID_FIELD_INVALID : SVAL(inbuf,smb_uid); - /* Ensure this value is replaced in the incoming packet. */ - SSVAL(inbuf,smb_uid,session_tag); + if (smb_messages[match].fn) + { + int cnum = SVAL(inbuf,smb_tid); + int flags = smb_messages[match].flags; + static uint16 last_session_tag = UID_FIELD_INVALID; + /* In share mode security we must ignore the vuid. */ + uint16 session_tag = (lp_security() == SEC_SHARE) ? UID_FIELD_INVALID : SVAL(inbuf,smb_uid); + /* Ensure this value is replaced in the incoming packet. */ + SSVAL(inbuf,smb_uid,session_tag); - /* - * Ensure the correct username is in sesssetup_user. - * This is a really ugly bugfix for problems with - * multiple session_setup_and_X's being done and - * allowing %U and %G substitutions to work correctly. - * There is a reason this code is done here, don't - * move it unless you know what you're doing... :-). - * JRA. - */ - if(session_tag != last_session_tag ) { - user_struct *vuser = NULL; - - last_session_tag = session_tag; - if(session_tag != UID_FIELD_INVALID) - vuser = get_valid_user_struct(session_tag); - if(vuser != NULL) - pstrcpy( sesssetup_user, vuser->requested_name); - } + /* + * Ensure the correct username is in sesssetup_user. + * This is a really ugly bugfix for problems with + * multiple session_setup_and_X's being done and + * allowing %U and %G substitutions to work correctly. + * There is a reason this code is done here, don't + * move it unless you know what you're doing... :-). + * JRA. + */ + if(session_tag != last_session_tag ) { + user_struct *vuser = NULL; + + last_session_tag = session_tag; + if(session_tag != UID_FIELD_INVALID) + vuser = get_valid_user_struct(session_tag); + if(vuser != NULL) + pstrcpy( sesssetup_user, vuser->requested_name); + } - /* does this protocol need to be run as root? */ - if (!(flags & AS_USER)) - unbecome_user(); + /* does this protocol need to be run as root? */ + if (!(flags & AS_USER)) + unbecome_user(); - /* does this protocol need to be run as the connected user? */ - if ((flags & AS_USER) && !become_user(&Connections[cnum], cnum,session_tag)) { - if (flags & AS_GUEST) - flags &= ~AS_USER; - else - return(ERROR(ERRSRV,ERRinvnid)); - } - /* this code is to work around a bug is MS client 3 without - introducing a security hole - it needs to be able to do - print queue checks as guest if it isn't logged in properly */ - if (flags & AS_USER) - flags &= ~AS_GUEST; + /* does this protocol need to be run as the connected user? */ + if ((flags & AS_USER) && !become_user(&Connections[cnum], cnum,session_tag)) { + if (flags & AS_GUEST) + flags &= ~AS_USER; + else + return(ERROR(ERRSRV,ERRinvnid)); + } + /* this code is to work around a bug is MS client 3 without + introducing a security hole - it needs to be able to do + print queue checks as guest if it isn't logged in properly */ + if (flags & AS_USER) + flags &= ~AS_GUEST; - /* does it need write permission? */ - if ((flags & NEED_WRITE) && !CAN_WRITE(cnum)) - return(ERROR(ERRSRV,ERRaccess)); + /* does it need write permission? */ + if ((flags & NEED_WRITE) && !CAN_WRITE(cnum)) + return(ERROR(ERRSRV,ERRaccess)); - /* ipc services are limited */ - if (IS_IPC(cnum) && (flags & AS_USER) && !(flags & CAN_IPC)) - return(ERROR(ERRSRV,ERRaccess)); + /* ipc services are limited */ + if (IS_IPC(cnum) && (flags & AS_USER) && !(flags & CAN_IPC)) + return(ERROR(ERRSRV,ERRaccess)); - /* load service specific parameters */ - if (OPEN_CNUM(cnum) && !become_service(cnum,(flags & AS_USER)?True:False)) - return(ERROR(ERRSRV,ERRaccess)); + /* load service specific parameters */ + if (OPEN_CNUM(cnum) && !become_service(cnum,(flags & AS_USER)?True:False)) + return(ERROR(ERRSRV,ERRaccess)); - /* does this protocol need to be run as guest? */ - if ((flags & AS_GUEST) && (!become_guest() || !check_access(-1))) - return(ERROR(ERRSRV,ERRaccess)); + /* does this protocol need to be run as guest? */ + if ((flags & AS_GUEST) && (!become_guest() || !check_access(-1))) + return(ERROR(ERRSRV,ERRaccess)); - last_inbuf = inbuf; + last_inbuf = inbuf; - outsize = smb_messages[match].fn(inbuf,outbuf,size,bufsize); - } - else - { - outsize = reply_unknown(inbuf,outbuf); - } + outsize = smb_messages[match].fn(inbuf,outbuf,size,bufsize); + } + else + { + outsize = reply_unknown(inbuf,outbuf); } + } #if PROFILING GetTimeOfDay(&msg_end_time); if (!(smb_messages[match].flags & TIME_INIT)) - { - smb_messages[match].time = 0; - smb_messages[match].flags |= TIME_INIT; - } + { + smb_messages[match].time = 0; + smb_messages[match].flags |= TIME_INIT; + } { unsigned long this_time = (msg_end_time.tv_sec - msg_start_time.tv_sec)*1e6 + - (msg_end_time.tv_usec - msg_start_time.tv_usec); + (msg_end_time.tv_usec - msg_start_time.tv_usec); smb_messages[match].time += this_time; total_time += this_time; } DEBUG(2,("TIME %s %d usecs %g pct\n", - smb_fn_name(type),smb_messages[match].time, - (100.0*smb_messages[match].time) / total_time)); + smb_fn_name(type),smb_messages[match].time, + (100.0*smb_messages[match].time) / total_time)); #endif return(outsize); |