diff options
| author | Jeremy Allison <jra@samba.org> | 2008-05-30 10:09:22 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2008-05-30 10:09:22 -0700 |
| commit | a991c5a7c30253fa36e1ee65fb717d62acf3a806 (patch) | |
| tree | f744dcbdef7864a1f5915564bde3e11e133a1ecd /source3 | |
| parent | 2e9136e085f9a88741c594b44037b2f86474882f (diff) | |
| parent | 3e20aeb18e418a5a1a7821fd8c3f0d0bc5169489 (diff) | |
| download | samba-a991c5a7c30253fa36e1ee65fb717d62acf3a806.tar.gz samba-a991c5a7c30253fa36e1ee65fb717d62acf3a806.tar.bz2 samba-a991c5a7c30253fa36e1ee65fb717d62acf3a806.zip | |
Merge branch 'v3-3-test' of ssh://jra@git.samba.org/data/git/samba into v3-3-test
(This used to be commit 3d01248f63d0d476c16236453983ffe759d0b2c2)
Diffstat (limited to 'source3')
35 files changed, 188 insertions, 286 deletions
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index b07884c49b..31d1d37fbf 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -270,13 +270,15 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context const auth_usersupplied_info *user_info, auth_serversupplied_info **server_info) { + struct server_security_state *state = talloc_get_type_abort( + my_private_data, struct server_security_state); struct cli_state *cli; static bool tested_password_server = False; static bool bad_password_server = False; NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; bool locally_made_cli = False; - cli = (struct cli_state *)my_private_data; + cli = state->cli; if (cli) { } else { @@ -285,7 +287,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context } if (!cli || !cli->initialised) { - DEBUG(1,("password server is not connected (cli not initilised)\n")); + DEBUG(1,("password server is not connected (cli not initialised)\n")); return NT_STATUS_LOGON_FAILURE; } diff --git a/source3/client/client.c b/source3/client/client.c index cc0da18d4d..8c939fc3ec 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -4382,7 +4382,7 @@ static void readline_callback(void) set_smb_read_error(&cli->smb_rw_error, SMB_READ_OK); - status = receive_smb_raw(cli->fd, cli->inbuf, 0, 0, &len); + status = receive_smb_raw(cli->fd, cli->inbuf, cli->bufsize, 0, 0, &len); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("Read from server failed, maybe it closed " diff --git a/source3/include/doserr.h b/source3/include/doserr.h index 44ce73973c..68dc0c13c0 100644 --- a/source3/include/doserr.h +++ b/source3/include/doserr.h @@ -206,6 +206,7 @@ #define WERR_INVALID_COMPUTER_NAME W_ERROR(1210) #define WERR_INVALID_DOMAINNAME W_ERROR(1212) #define WERR_MACHINE_LOCKED W_ERROR(1271) +#define WERR_REVISION_MISMATCH W_ERROR(1306) #define WERR_NO_LOGON_SERVERS W_ERROR(1311) #define WERR_NO_SUCH_LOGON_SESSION W_ERROR(1312) #define WERR_USER_ALREADY_EXISTS W_ERROR(1316) diff --git a/source3/include/messages.h b/source3/include/messages.h index 8f0112acc5..b3ac5e4d98 100644 --- a/source3/include/messages.h +++ b/source3/include/messages.h @@ -87,6 +87,10 @@ */ #define MSG_SMB_BRL_VALIDATE 0x0311 #define MSG_SMB_RELEASE_IP 0x0312 +/* + * Close a specific file given a share entry. + */ +#define MSG_SMB_CLOSE_FILE 0x0313 /* winbind messages */ #define MSG_WINBIND_FINISHED 0x0401 diff --git a/source3/include/proto.h b/source3/include/proto.h index f85b667c84..761c720497 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1582,8 +1582,12 @@ NTSTATUS read_smb_length_return_keepalive(int fd, char *inbuf, size_t *len); NTSTATUS read_smb_length(int fd, char *inbuf, unsigned int timeout, size_t *len); -NTSTATUS receive_smb_raw(int fd, char *buffer, unsigned int timeout, - size_t maxlen, size_t *p_len); +NTSTATUS receive_smb_raw(int fd, + char *buffer, + size_t buflen, + unsigned int timeout, + size_t maxlen, + size_t *p_len); int open_socket_in(int type, uint16_t port, int dlevel, @@ -5270,7 +5274,7 @@ void locking_close_file(struct messaging_context *msg_ctx, bool locking_init(void); bool locking_init_readonly(void); bool locking_end(void); -char *share_mode_str(TALLOC_CTX *ctx, int num, struct share_mode_entry *e); +char *share_mode_str(TALLOC_CTX *ctx, int num, const struct share_mode_entry *e); struct share_mode_lock *get_share_mode_lock(TALLOC_CTX *mem_ctx, const struct file_id id, const char *servicepath, @@ -9462,6 +9466,11 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw void set_close_write_time(struct files_struct *fsp, struct timespec ts); NTSTATUS close_file(files_struct *fsp, enum file_close_type close_type); +void msg_close_file(struct messaging_context *msg_ctx, + void *private_data, + uint32_t msg_type, + struct server_id server_id, + DATA_BLOB *data); /* The following definitions come from smbd/conn.c */ @@ -9937,7 +9946,7 @@ bool downgrade_oplock(files_struct *fsp); int oplock_notify_fd(void); void reply_to_oplock_break_requests(files_struct *fsp); void release_level_2_oplocks_on_change(files_struct *fsp); -void share_mode_entry_to_message(char *msg, struct share_mode_entry *e); +void share_mode_entry_to_message(char *msg, const struct share_mode_entry *e); void message_to_share_mode_entry(struct share_mode_entry *e, char *msg); bool init_oplocks(struct messaging_context *msg_ctx); diff --git a/source3/include/smb.h b/source3/include/smb.h index e7860b7903..76cc389a10 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -1709,7 +1709,8 @@ minimum length == 18. enum smbd_capability { KERNEL_OPLOCK_CAPABILITY, - DMAPI_ACCESS_CAPABILITY + DMAPI_ACCESS_CAPABILITY, + LEASE_CAPABILITY }; /* if a kernel does support oplocks then a structure of the following diff --git a/source3/lib/events.c b/source3/lib/events.c index 9decf213b4..8134a7ac1c 100644 --- a/source3/lib/events.c +++ b/source3/lib/events.c @@ -356,7 +356,7 @@ int event_loop_once(struct event_context *ev) struct event_context *event_context_init(TALLOC_CTX *mem_ctx) { - return TALLOC_ZERO_P(NULL, struct event_context); + return TALLOC_ZERO_P(mem_ctx, struct event_context); } int set_event_dispatch_time(struct event_context *event_ctx, diff --git a/source3/lib/system.c b/source3/lib/system.c index fa50955ef6..eabb6d6dc4 100644 --- a/source3/lib/system.c +++ b/source3/lib/system.c @@ -733,6 +733,11 @@ static bool set_process_capability(enum smbd_capability capability, cap_vals[num_cap_vals++] = CAP_MKNOD; #endif break; + case LEASE_CAPABILITY: +#ifdef CAP_LEASE + cap_vals[num_cap_vals++] = CAP_LEASE; +#endif + break; } SMB_ASSERT(num_cap_vals <= ARRAY_SIZE(cap_vals)); diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index f252377b7e..b2a1ece5db 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -1151,16 +1151,15 @@ NTSTATUS read_smb_length(int fd, char *inbuf, unsigned int timeout, } /**************************************************************************** - Read an smb from a fd. Note that the buffer *MUST* be of size - BUFFER_SIZE+SAFETY_MARGIN. + Read an smb from a fd. The timeout is in milliseconds. This function will return on receipt of a session keepalive packet. maxlen is the max number of bytes to return, not including the 4 byte - length. If zero it means BUFFER_SIZE+SAFETY_MARGIN limit. + length. If zero it means buflen limit. Doesn't check the MAC on signed packets. ****************************************************************************/ -NTSTATUS receive_smb_raw(int fd, char *buffer, unsigned int timeout, +NTSTATUS receive_smb_raw(int fd, char *buffer, size_t buflen, unsigned int timeout, size_t maxlen, size_t *p_len) { size_t len; @@ -1173,17 +1172,10 @@ NTSTATUS receive_smb_raw(int fd, char *buffer, unsigned int timeout, return status; } - /* - * A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes - * of header. Don't print the error if this fits.... JRA. - */ - - if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) { + if (len > buflen) { DEBUG(0,("Invalid packet length! (%lu bytes).\n", (unsigned long)len)); - if (len > BUFFER_SIZE + (SAFETY_MARGIN/2)) { - return NT_STATUS_INVALID_PARAMETER; - } + return NT_STATUS_INVALID_PARAMETER; } if(len > 0) { diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 2adf6a4700..c4135f24a1 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -649,6 +649,10 @@ bool kerberos_secrets_store_salting_principal(const char *service, SAFE_FREE(princ_s); SAFE_FREE(unparsed_name); + if (princ) { + krb5_free_principal(context, princ); + } + if (context) { krb5_free_context(context); } diff --git a/source3/libads/util.c b/source3/libads/util.c index af96c3e10a..72f5dee80c 100644 --- a/source3/libads/util.c +++ b/source3/libads/util.c @@ -64,6 +64,8 @@ ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads, server_realm = SMB_STRDUP(ads->server.realm); if (!server || !server_realm) { + SAFE_FREE(server); + SAFE_FREE(server_realm); return ADS_ERROR(LDAP_NO_MEMORY); } diff --git a/source3/librpc/gen_ndr/nbt.h b/source3/librpc/gen_ndr/nbt.h index b77b7c34dd..62ad524a91 100644 --- a/source3/librpc/gen_ndr/nbt.h +++ b/source3/librpc/gen_ndr/nbt.h @@ -469,7 +469,7 @@ struct nbt_netlogon_response_from_pdc { #define NBT_SERVER_FULL_SECRET_DOMAIN_6 ( 0x00001000 ) struct nbt_dc_sock_addr { - uint32_t sa_family; + uint32_t family; const char * pdc_ip;/* [flag(LIBNDR_FLAG_BIGENDIAN)] */ DATA_BLOB remaining;/* [flag(LIBNDR_FLAG_REMAINING)] */ }; diff --git a/source3/librpc/gen_ndr/ndr_nbt.c b/source3/librpc/gen_ndr/ndr_nbt.c index aa67d41fd5..240b58e1d9 100644 --- a/source3/librpc/gen_ndr/ndr_nbt.c +++ b/source3/librpc/gen_ndr/ndr_nbt.c @@ -1933,7 +1933,7 @@ static enum ndr_err_code ndr_push_nbt_dc_sock_addr(struct ndr_push *ndr, int ndr { if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_push_align(ndr, 4)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->sa_family)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->family)); { uint32_t _flags_save_ipv4address = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_FLAG_BIGENDIAN); @@ -1956,7 +1956,7 @@ static enum ndr_err_code ndr_pull_nbt_dc_sock_addr(struct ndr_pull *ndr, int ndr { if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sa_family)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->family)); { uint32_t _flags_save_ipv4address = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_FLAG_BIGENDIAN); @@ -1979,7 +1979,7 @@ _PUBLIC_ void ndr_print_nbt_dc_sock_addr(struct ndr_print *ndr, const char *name { ndr_print_struct(ndr, name, "nbt_dc_sock_addr"); ndr->depth++; - ndr_print_uint32(ndr, "sa_family", r->sa_family); + ndr_print_uint32(ndr, "family", r->family); ndr_print_ipv4address(ndr, "pdc_ip", r->pdc_ip); ndr_print_DATA_BLOB(ndr, "remaining", r->remaining); ndr->depth--; diff --git a/source3/librpc/idl/nbt.idl b/source3/librpc/idl/nbt.idl index 7e98aa7580..9f5c4a9a5f 100644 --- a/source3/librpc/idl/nbt.idl +++ b/source3/librpc/idl/nbt.idl @@ -412,7 +412,7 @@ interface nbt } nbt_server_type; typedef struct { - uint32 sa_family; + uint32 family; [flag(NDR_BIG_ENDIAN)] ipv4address pdc_ip; [flag(NDR_REMAINING)] DATA_BLOB remaining; } nbt_dc_sock_addr; diff --git a/source3/librpc/ndr/ndr_drsuapi.c b/source3/librpc/ndr/ndr_drsuapi.c index f12ac0ba61..8cd42b2cc1 100644 --- a/source3/librpc/ndr/ndr_drsuapi.c +++ b/source3/librpc/ndr/ndr_drsuapi.c @@ -144,7 +144,7 @@ enum ndr_err_code ndr_pull_drsuapi_DsReplicaOID(struct ndr_pull *ndr, int ndr_fl } else { _OID_PULL_CHECK(ber_read_OID_String(ndr, _oid_array, &_oid)); } - data_blob_free(&_oid_array); + TALLOC_FREE(_oid_array.data); talloc_steal(r->oid, _oid); r->oid = _oid; } diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index e64b6fa278..60ec632b83 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -57,8 +57,7 @@ int cli_set_port(struct cli_state *cli, int port) } /**************************************************************************** - Read an smb from a fd ignoring all keepalive packets. Note that the buffer - *MUST* be of size BUFFER_SIZE+SAFETY_MARGIN. + Read an smb from a fd ignoring all keepalive packets. The timeout is in milliseconds This is exactly the same as receive_smb except that it never returns @@ -76,8 +75,8 @@ static ssize_t client_receive_smb(struct cli_state *cli, size_t maxlen) set_smb_read_error(&cli->smb_rw_error, SMB_READ_OK); - status = receive_smb_raw(cli->fd, cli->inbuf, cli->timeout, - maxlen, &len); + status = receive_smb_raw(cli->fd, cli->inbuf, cli->bufsize, + cli->timeout, maxlen, &len); if (!NT_STATUS_IS_OK(status)) { DEBUG(10,("client_receive_smb failed\n")); show_msg(cli->inbuf); @@ -225,93 +224,6 @@ ssize_t cli_receive_smb_data(struct cli_state *cli, char *buffer, size_t len) return -1; } -/**************************************************************************** - Read a smb readX header. - We can only use this if encryption and signing are off. -****************************************************************************/ - -bool cli_receive_smb_readX_header(struct cli_state *cli) -{ - ssize_t len, offset; - - if (cli->fd == -1) - return false; - - again: - - /* Read up to the size of a readX header reply. */ - len = client_receive_smb(cli, (smb_size - 4) + 24); - - if (len > 0) { - /* it might be an oplock break request */ - if (!(CVAL(cli->inbuf, smb_flg) & FLAG_REPLY) && - CVAL(cli->inbuf,smb_com) == SMBlockingX && - SVAL(cli->inbuf,smb_vwv6) == 0 && - SVAL(cli->inbuf,smb_vwv7) == 0) { - ssize_t total_len = smb_len(cli->inbuf); - - if (total_len > CLI_SAMBA_MAX_LARGE_READX_SIZE+SAFETY_MARGIN) { - goto read_err; - } - - /* Read the rest of the data. */ - if ((total_len - len > 0) && - !cli_receive_smb_data(cli,cli->inbuf+len,total_len - len)) { - goto read_err; - } - - if (cli->oplock_handler) { - int fnum = SVAL(cli->inbuf,smb_vwv2); - unsigned char level = CVAL(cli->inbuf,smb_vwv3+1); - if (!cli->oplock_handler(cli, fnum, level)) return false; - } - /* try to prevent loops */ - SCVAL(cli->inbuf,smb_com,0xFF); - goto again; - } - } - - /* If it's not the above size it probably was an error packet. */ - - if ((len == (smb_size - 4) + 24) && !cli_is_error(cli)) { - /* Check it's a non-chained readX reply. */ - if (!(CVAL(cli->inbuf, smb_flg) & FLAG_REPLY) || - (CVAL(cli->inbuf,smb_vwv0) != 0xFF) || - (CVAL(cli->inbuf,smb_com) != SMBreadX)) { - /* - * We're not coping here with asnyc replies to - * other calls. Punt here - we need async client - * libs for this. - */ - goto read_err; - } - - /* - * We know it's a readX reply - ensure we've read the - * padding bytes also. - */ - - offset = SVAL(cli->inbuf,smb_vwv6); - if (offset > len) { - ssize_t ret; - size_t padbytes = offset - len; - ret = cli_receive_smb_data(cli,smb_buf(cli->inbuf),padbytes); - if (ret != padbytes) { - goto read_err; - } - } - } - - return true; - - read_err: - - cli->smb_rw_error = SMB_READ_ERROR; - close(cli->fd); - cli->fd = -1; - return false; -} - static ssize_t write_socket(int fd, const char *buf, size_t len) { ssize_t ret=0; diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c index 515471e003..057e647983 100644 --- a/source3/libsmb/clireadwrite.c +++ b/source3/libsmb/clireadwrite.c @@ -472,106 +472,6 @@ ssize_t cli_read(struct cli_state *cli, int fnum, char *buf, return ret; } -#if 0 /* relies on client_receive_smb(), now a static in libsmb/clientgen.c */ - -/* This call is INCOMPATIBLE with SMB signing. If you remove the #if 0 - you must fix ensure you don't attempt to sign the packets - data - *will* be currupted */ - -/**************************************************************************** -Issue a single SMBreadraw and don't wait for a reply. -****************************************************************************/ - -static bool cli_issue_readraw(struct cli_state *cli, int fnum, off_t offset, - size_t size, int i) -{ - - if (!cli->sign_info.use_smb_signing) { - DEBUG(0, ("Cannot use readraw and SMB Signing\n")); - return False; - } - - memset(cli->outbuf,'\0',smb_size); - memset(cli->inbuf,'\0',smb_size); - - cli_set_message(cli->outbuf,10,0,True); - - SCVAL(cli->outbuf,smb_com,SMBreadbraw); - SSVAL(cli->outbuf,smb_tid,cli->cnum); - cli_setup_packet(cli); - - SSVAL(cli->outbuf,smb_vwv0,fnum); - SIVAL(cli->outbuf,smb_vwv1,offset); - SSVAL(cli->outbuf,smb_vwv2,size); - SSVAL(cli->outbuf,smb_vwv3,size); - SSVAL(cli->outbuf,smb_mid,cli->mid + i); - - return cli_send_smb(cli); -} - -/**************************************************************************** - Tester for the readraw call. -****************************************************************************/ - -ssize_t cli_readraw(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t size) -{ - char *p; - int size2; - size_t readsize; - ssize_t total = 0; - - if (size == 0) - return 0; - - /* - * Set readsize to the maximum size we can handle in one readraw. - */ - - readsize = 0xFFFF; - - while (total < size) { - readsize = MIN(readsize, size-total); - - /* Issue a read and receive a reply */ - - if (!cli_issue_readraw(cli, fnum, offset, readsize, 0)) - return -1; - - if (!client_receive_smb(cli->fd, cli->inbuf, cli->timeout)) - return -1; - - size2 = smb_len(cli->inbuf); - - if (size2 > readsize) { - DEBUG(5,("server returned more than we wanted!\n")); - return -1; - } else if (size2 < 0) { - DEBUG(5,("read return < 0!\n")); - return -1; - } - - /* Copy data into buffer */ - - if (size2) { - p = cli->inbuf + 4; - memcpy(buf + total, p, size2); - } - - total += size2; - offset += size2; - - /* - * If the server returned less than we asked for we're at EOF. - */ - - if (size2 < readsize) - break; - } - - return total; -} -#endif - /**************************************************************************** Issue a single SMBwrite and don't wait for a reply. ****************************************************************************/ diff --git a/source3/libsmb/doserr.c b/source3/libsmb/doserr.c index 450d6ee911..163656fb55 100644 --- a/source3/libsmb/doserr.c +++ b/source3/libsmb/doserr.c @@ -64,6 +64,7 @@ werror_code_struct dos_errs[] = { "WERR_DEST_NOT_FOUND", WERR_DEST_NOT_FOUND }, { "WERR_NOT_LOCAL_DOMAIN", WERR_NOT_LOCAL_DOMAIN }, { "WERR_USER_EXISTS", WERR_USER_EXISTS }, + { "WERR_REVISION_MISMATCH", WERR_REVISION_MISMATCH }, { "WERR_NO_LOGON_SERVERS", WERR_NO_LOGON_SERVERS }, { "WERR_NO_SUCH_LOGON_SESSION", WERR_NO_SUCH_LOGON_SESSION }, { "WERR_USER_ALREADY_EXISTS", WERR_USER_ALREADY_EXISTS }, diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c index be38db1a3a..8d75593ddc 100644 --- a/source3/libsmb/dsgetdcname.c +++ b/source3/libsmb/dsgetdcname.c @@ -205,7 +205,7 @@ static NTSTATUS map_logon29_from_cldap_reply(TALLOC_CTX *mem_ctx, /* FIXME */ p->dc_sock_addr_size = 0x10; /* the w32 winsock addr size */ - p->dc_sock_addr.sa_family = 2; /* AF_INET */ + p->dc_sock_addr.family = 2; /* AF_INET */ p->dc_sock_addr.pdc_ip = talloc_strdup(mem_ctx, addr); switch (nt_version & 0x0000001f) { diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index f339b6b9f6..a8a88a8a7e 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -181,6 +181,7 @@ bool ntv2_owf_gen(const uchar owf[16], if (!push_ucs2_allocate(&domain, domain_in, &domain_byte_len)) { DEBUG(0, ("push_uss2_allocate() for domain failed: %s\n", strerror(errno))); + SAFE_FREE(user); return False; } diff --git a/source3/locking/locking.c b/source3/locking/locking.c index 17131d9194..accd3f7014 100644 --- a/source3/locking/locking.c +++ b/source3/locking/locking.c @@ -443,7 +443,7 @@ static TDB_DATA locking_key(const struct file_id *id, struct file_id *tmp) Print out a share mode. ********************************************************************/ -char *share_mode_str(TALLOC_CTX *ctx, int num, struct share_mode_entry *e) +char *share_mode_str(TALLOC_CTX *ctx, int num, const struct share_mode_entry *e) { return talloc_asprintf(ctx, "share_mode_entry[%d]: %s " "pid = %s, share_access = 0x%x, private_options = 0x%x, " diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index 6385094235..c109625abf 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -309,7 +309,7 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, } strncpy(request.data.auth.pass, params->password.plaintext, - sizeof(request.data.auth.user)-1); + sizeof(request.data.auth.pass)-1); break; case WBC_AUTH_USER_LEVEL_HASH: diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index 7bb4abe9b2..2fb46c4a2f 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -958,7 +958,14 @@ static bool wbinfo_auth(char *username) p++; password = p; } else { - password = ""; + char *prompt; + asprintf(&prompt, "Enter %s's password:", username); + if (!prompt) { + return false; + } + + password = getpass(prompt); + SAFE_FREE(prompt); } name = s; @@ -1001,6 +1008,16 @@ static bool wbinfo_auth_crap(char *username) if (p) { *p = 0; fstrcpy(pass, p + 1); + } else { + char *prompt; + asprintf(&prompt, "Enter %s's password:", username); + if (!prompt) { + return false; + } + + fstrcpy(pass, getpass(prompt)); + SAFE_FREE(prompt); + } parse_wbinfo_domain_user(username, name_domain, name_user); diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index c272274837..a5623a25c0 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -6591,6 +6591,8 @@ static bool process_registry_shares(void) goto done; } + ret = true; + for (count = 0; count < num_shares; count++) { if (strequal(service[count]->name, GLOBAL_NAME)) { continue; diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 9ffe9a569f..6f7b232071 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -2399,14 +2399,67 @@ WERROR _srvsvc_NetNameValidate(pipes_struct *p, return WERR_OK; } +/******************************************************************* +********************************************************************/ + +static void enum_file_close_fn( const struct share_mode_entry *e, + const char *sharepath, const char *fname, + void *private_data ) +{ + char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE]; + struct srvsvc_NetFileClose *r = + (struct srvsvc_NetFileClose *)private_data; + uint32_t fid = (((uint32_t)(procid_to_pid(&e->pid))<<16) | e->share_file_id); + + if (fid != r->in.fid) { + return; /* Not this file. */ + } + + if (!process_exists(e->pid) ) { + return; + } + + /* Ok - send the close message. */ + DEBUG(10,("enum_file_close_fn: request to close file %s, %s\n", + sharepath, + share_mode_str(talloc_tos(), 0, e) )); + + share_mode_entry_to_message(msg, e); + + r->out.result = ntstatus_to_werror( + messaging_send_buf(smbd_messaging_context(), + e->pid, MSG_SMB_CLOSE_FILE, + (uint8 *)msg, + MSG_SMB_SHARE_MODE_ENTRY_SIZE)); +} + /******************************************************************** + Close a file given a 32-bit file id. ********************************************************************/ WERROR _srvsvc_NetFileClose(pipes_struct *p, struct srvsvc_NetFileClose *r) { - return WERR_ACCESS_DENIED; -} + struct current_user user; + SE_PRIV se_diskop = SE_DISK_OPERATOR; + bool is_disk_op; + + DEBUG(5,("_srvsvc_NetFileClose: %d\n", __LINE__)); + + get_current_user(&user,p); + is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop ); + + if (user.ut.uid != sec_initial_uid() && !is_disk_op) { + return WERR_ACCESS_DENIED; + } + + /* enum_file_close_fn sends the close message to + * the relevent smbd process. */ + + r->out.result = WERR_BADFILE; + share_mode_forall( enum_file_close_fn, (void *)r); + return r->out.result; +} /******************************************************************** ********************************************************************/ diff --git a/source3/smbd/close.c b/source3/smbd/close.c index df188bafe1..818b4c70a8 100644 --- a/source3/smbd/close.c +++ b/source3/smbd/close.c @@ -736,3 +736,37 @@ NTSTATUS close_file(files_struct *fsp, enum file_close_type close_type) return status; } + +/**************************************************************************** + Deal with an (authorized) message to close a file given the share mode + entry. +****************************************************************************/ + +void msg_close_file(struct messaging_context *msg_ctx, + void *private_data, + uint32_t msg_type, + struct server_id server_id, + DATA_BLOB *data) +{ + files_struct *fsp = NULL; + struct share_mode_entry e; + + message_to_share_mode_entry(&e, (char *)data->data); + + if(DEBUGLVL(10)) { + char *sm_str = share_mode_str(NULL, 0, &e); + if (!sm_str) { + smb_panic("talloc failed"); + } + DEBUG(10,("msg_close_file: got request to close share mode " + "entry %s\n", sm_str)); + TALLOC_FREE(sm_str); + } + + fsp = file_find_dif(e.id, e.share_file_id); + if (!fsp) { + DEBUG(10,("msg_close_file: failed to find file.\n")); + return; + } + close_file(fsp, NORMAL_CLOSE); +} diff --git a/source3/smbd/oplock.c b/source3/smbd/oplock.c index c3409547fe..23411294df 100644 --- a/source3/smbd/oplock.c +++ b/source3/smbd/oplock.c @@ -824,7 +824,7 @@ void release_level_2_oplocks_on_change(files_struct *fsp) Linearize a share mode entry struct to an internal oplock break message. ****************************************************************************/ -void share_mode_entry_to_message(char *msg, struct share_mode_entry *e) +void share_mode_entry_to_message(char *msg, const struct share_mode_entry *e) { SIVAL(msg,0,(uint32)e->pid.pid); SSVAL(msg,4,e->op_mid); diff --git a/source3/smbd/oplock_linux.c b/source3/smbd/oplock_linux.c index fa7cb42bc6..08df228f8f 100644 --- a/source3/smbd/oplock_linux.c +++ b/source3/smbd/oplock_linux.c @@ -22,22 +22,6 @@ #if HAVE_KERNEL_OPLOCKS_LINUX -/* these can be removed when they are in glibc headers */ -struct cap_user_header { - uint32 version; - int pid; -} header; -struct cap_user_data { - uint32 effective; - uint32 permitted; - uint32 inheritable; -} data; - -extern int capget(struct cap_user_header * hdrp, - struct cap_user_data * datap); -extern int capset(struct cap_user_header * hdrp, - const struct cap_user_data * datap); - static SIG_ATOMIC_T signals_received; #define FD_PENDING_SIZE 100 static SIG_ATOMIC_T fd_pending_array[FD_PENDING_SIZE]; @@ -75,40 +59,12 @@ static void signal_handler(int sig, siginfo_t *info, void *unused) sys_select_signal(RT_SIGNAL_LEASE); } -/**************************************************************************** - Try to gain a linux capability. -****************************************************************************/ - -static void set_capability(unsigned capability) -{ -#ifndef _LINUX_CAPABILITY_VERSION -#define _LINUX_CAPABILITY_VERSION 0x19980330 -#endif - header.version = _LINUX_CAPABILITY_VERSION; - header.pid = 0; - - if (capget(&header, &data) == -1) { - DEBUG(3,("Unable to get kernel capabilities (%s)\n", - strerror(errno))); - return; - } - - if (0 == (data.effective & (1<<capability))) { - data.effective |= (1<<capability); - - if (capset(&header, &data) == -1) { - DEBUG(3,("Unable to set %d capability (%s)\n", - capability, strerror(errno))); - } - } -} - /* * public function to get linux lease capability. Needed by some VFS modules (eg. gpfs.c) */ void linux_set_lease_capability(void) { - set_capability(CAP_LEASE); + set_effective_capability(LEASE_CAPABILITY); } /* @@ -136,7 +92,7 @@ int linux_setlease(int fd, int leasetype) ret = fcntl(fd, F_SETLEASE, leasetype); if (ret == -1 && errno == EACCES) { - set_capability(CAP_LEASE); + set_effective_capability(LEASE_CAPABILITY); ret = fcntl(fd, F_SETLEASE, leasetype); } diff --git a/source3/smbd/process.c b/source3/smbd/process.c index c8ad19dd15..71e38634b7 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -120,9 +120,7 @@ static bool valid_packet_size(size_t len) if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) { DEBUG(0,("Invalid packet length! (%lu bytes).\n", (unsigned long)len)); - if (len > BUFFER_SIZE + (SAFETY_MARGIN/2)) { - return false; - } + return false; } return true; } diff --git a/source3/smbd/server.c b/source3/smbd/server.c index cf02589864..035469cd62 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -1392,6 +1392,8 @@ extern void build_options(bool screen); MSG_SMB_FORCE_TDIS, msg_force_tdis); messaging_register(smbd_messaging_context(), NULL, MSG_SMB_RELEASE_IP, msg_release_ip); + messaging_register(smbd_messaging_context(), NULL, + MSG_SMB_CLOSE_FILE, msg_close_file); if ((lp_keepalive() != 0) && !(event_add_idle(smbd_event_context(), NULL, diff --git a/source3/utils/net_rap.c b/source3/utils/net_rap.c index f50b579ac2..449bec6744 100644 --- a/source3/utils/net_rap.c +++ b/source3/utils/net_rap.c @@ -221,6 +221,7 @@ static int rap_share_add(struct net_context *c, int argc, const char **argv) p = strchr(sharename, '='); if (p == NULL) { d_printf("Server path not specified\n"); + SAFE_FREE(sharename); return net_rap_share_usage(c, argc, argv); } *p = 0; @@ -237,6 +238,7 @@ static int rap_share_add(struct net_context *c, int argc, const char **argv) ret = cli_NetShareAdd(cli, &sinfo); cli_shutdown(cli); + SAFE_FREE(sharename); return ret; } diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 3779611d01..d6a3e486fb 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -3732,6 +3732,10 @@ static NTSTATUS rpc_share_migrate_files_internals(struct net_context *c, char *dst = NULL; dst = SMB_STRDUP(c->opt_destination?c->opt_destination:"127.0.0.1"); + if (dst == NULL) { + nt_status = NT_STATUS_NO_MEMORY; + goto done; + } result = get_share_info(c, pipe_hnd, mem_ctx, level, argc, argv, &ctr_src); @@ -3817,6 +3821,7 @@ done: if (got_dst_share) cli_shutdown(cp_clistate.cli_share_dst); + SAFE_FREE(dst); return nt_status; } diff --git a/source3/utils/smbfilter.c b/source3/utils/smbfilter.c index e128e1ce34..d274e09299 100644 --- a/source3/utils/smbfilter.c +++ b/source3/utils/smbfilter.c @@ -171,7 +171,8 @@ static void filter_child(int c, struct sockaddr_storage *dest_ss) if (c != -1 && FD_ISSET(c, &fds)) { size_t len; if (!NT_STATUS_IS_OK(receive_smb_raw( - c, packet, 0, 0, &len))) { + c, packet, sizeof(packet), + 0, 0, &len))) { d_printf("client closed connection\n"); exit(0); } @@ -184,7 +185,8 @@ static void filter_child(int c, struct sockaddr_storage *dest_ss) if (s != -1 && FD_ISSET(s, &fds)) { size_t len; if (!NT_STATUS_IS_OK(receive_smb_raw( - s, packet, 0, 0, &len))) { + s, packet, sizeof(packet), + 0, 0, &len))) { d_printf("server closed connection\n"); exit(0); } diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c index d46580155c..ae042563ed 100644 --- a/source3/winbindd/winbindd_dual.c +++ b/source3/winbindd/winbindd_dual.c @@ -1087,15 +1087,6 @@ static bool fork_domain_child(struct winbindd_child *child) child); } - /* Special case for Winbindd on a Samba DC, - * We want to make sure the child can connect to smbd - * but not the main daemon */ - - if (child->domain && child->domain->internal && IS_DC) { - child->domain->methods = &cache_methods; - child->domain->online = False; - } - while (1) { int ret; diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index ec97b49428..9008cf8122 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -82,6 +82,9 @@ static bool is_internal_domain(const DOM_SID *sid) if (sid == NULL) return False; + if ( IS_DC ) + return sid_check_is_builtin(sid); + return (sid_check_is_domain(sid) || sid_check_is_builtin(sid)); } @@ -90,6 +93,9 @@ static bool is_in_internal_domain(const DOM_SID *sid) if (sid == NULL) return False; + if ( IS_DC ) + return sid_check_is_in_builtin(sid); + return (sid_check_is_in_our_domain(sid) || sid_check_is_in_builtin(sid)); } |