diff options
| author | Alexander Bokovoy <ab@samba.org> | 2009-08-08 08:07:24 +0300 |
|---|---|---|
| committer | Alexander Bokovoy <ab@samba.org> | 2009-08-08 08:07:24 +0300 |
| commit | 8eac1896299d820fec0fd92b2b8b6a058ae39642 (patch) | |
| tree | f97b0a2c21eb4f91aa51cb2af4381287c3525727 /source4 | |
| parent | 217e3086c74eb0b46fab512b5887d9a5a5b7ee9a (diff) | |
| parent | d296c774c5981baa863c697782dba1b6280d632e (diff) | |
| download | samba-8eac1896299d820fec0fd92b2b8b6a058ae39642.tar.gz samba-8eac1896299d820fec0fd92b2b8b6a058ae39642.tar.bz2 samba-8eac1896299d820fec0fd92b2b8b6a058ae39642.zip | |
Merge branch 'master' of ssh://git.samba.org/data/git/samba
Diffstat (limited to 'source4')
70 files changed, 529 insertions, 283 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 544249cbe3..037d5c9e67 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -244,10 +244,6 @@ static int samldb_search_template(struct samldb_ctx *ac) return LDB_ERR_OPERATIONS_ERROR; } - if (!talloc_reference(templates_ldb, ev)) { - return LDB_ERR_OPERATIONS_ERROR; - } - ret = ldb_set_opaque(ldb, "templates_ldb", templates_ldb); if (ret != LDB_SUCCESS) { diff --git a/source4/dsdb/schema/schema_set.c b/source4/dsdb/schema/schema_set.c index 5ded04e9da..5d78d0a0c6 100644 --- a/source4/dsdb/schema/schema_set.c +++ b/source4/dsdb/schema/schema_set.c @@ -437,7 +437,8 @@ void dsdb_make_schema_global(struct ldb_context *ldb) } /* we want the schema to be around permanently */ - talloc_reference(talloc_autofree_context(), schema); + talloc_reparent(talloc_parent(schema), talloc_autofree_context(), schema); + global_schema = schema; dsdb_set_global_schema(ldb); diff --git a/source4/heimdal/kuser/kinit.c b/source4/heimdal/kuser/kinit.c index 350988dbac..4208fa83e0 100644 --- a/source4/heimdal/kuser/kinit.c +++ b/source4/heimdal/kuser/kinit.c @@ -768,10 +768,8 @@ main (int argc, char **argv) setprogname (argv[0]); setlocale (LC_ALL, ""); -#if defined(HEIMDAL_LOCALEDIR) bindtextdomain ("heimdal_kuser", HEIMDAL_LOCALEDIR); textdomain("heimdal_kuser"); -#endif ret = krb5_init_context (&context); if (ret == KRB5_CONFIG_BADFORMAT) diff --git a/source4/heimdal/kuser/kuser_locl.h b/source4/heimdal/kuser/kuser_locl.h index eafffe9bff..1bf682b1d0 100644 --- a/source4/heimdal/kuser/kuser_locl.h +++ b/source4/heimdal/kuser/kuser_locl.h @@ -88,7 +88,7 @@ #include <locale.h> #endif -#ifdef HAVE_LIBINTL_H +#ifdef LIBINTL #include <libintl.h> #define N_(x,y) gettext(x) #define NP_(x,y) (x) diff --git a/source4/heimdal/lib/gssapi/krb5/cfx.c b/source4/heimdal/lib/gssapi/krb5/cfx.c index 35e5a9e45a..7cc7ee1e74 100755 --- a/source4/heimdal/lib/gssapi/krb5/cfx.c +++ b/source4/heimdal/lib/gssapi/krb5/cfx.c @@ -41,10 +41,10 @@ #define CFXAcceptorSubkey (1 << 2) krb5_error_code -_gsskrb5cfx_wrap_length_cfx(const gsskrb5_ctx context_handle, - krb5_context context, +_gsskrb5cfx_wrap_length_cfx(krb5_context context, krb5_crypto crypto, int conf_req_flag, + int dce_style, size_t input_length, size_t *output_length, size_t *cksumsize, @@ -71,7 +71,7 @@ _gsskrb5cfx_wrap_length_cfx(const gsskrb5_ctx context_handle, /* Header is concatenated with data before encryption */ input_length += sizeof(gss_cfx_wrap_token_desc); - if (IS_DCE_STYLE(context_handle)) { + if (dce_style) { ret = krb5_crypto_getblocksize(context, crypto, &padsize); } else { ret = krb5_crypto_getpadsize(context, crypto, &padsize); @@ -972,8 +972,9 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, int32_t seq_number; u_char *p; - ret = _gsskrb5cfx_wrap_length_cfx(ctx, context, + ret = _gsskrb5cfx_wrap_length_cfx(context, ctx->crypto, conf_req_flag, + IS_DCE_STYLE(ctx), input_message_buffer->length, &wrapped_len, &cksumsize, &padlength); if (ret != 0) { diff --git a/source4/heimdal/lib/hcrypto/aes.c b/source4/heimdal/lib/hcrypto/aes.c index bc9c9ca074..b3049c165a 100644 --- a/source4/heimdal/lib/hcrypto/aes.c +++ b/source4/heimdal/lib/hcrypto/aes.c @@ -31,11 +31,8 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id$"); -#endif #ifdef KRB5 #include <krb5-types.h> diff --git a/source4/heimdal/lib/hcrypto/bn.c b/source4/heimdal/lib/hcrypto/bn.c index 179595ae5c..545d9529d3 100644 --- a/source4/heimdal/lib/hcrypto/bn.c +++ b/source4/heimdal/lib/hcrypto/bn.c @@ -31,11 +31,8 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include <config.h> -#endif -RCSID("$Id$"); #include <stdio.h> #include <stdlib.h> diff --git a/source4/heimdal/lib/hcrypto/des.c b/source4/heimdal/lib/hcrypto/des.c index 5e258dfbcc..7dc4823b59 100644 --- a/source4/heimdal/lib/hcrypto/des.c +++ b/source4/heimdal/lib/hcrypto/des.c @@ -82,10 +82,7 @@ * thanks to his work. Thank you Richard. */ -#ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id$"); -#endif #define HC_DEPRECATED diff --git a/source4/heimdal/lib/hcrypto/dh-imath.c b/source4/heimdal/lib/hcrypto/dh-imath.c index 4725281d19..822d5a328b 100644 --- a/source4/heimdal/lib/hcrypto/dh-imath.c +++ b/source4/heimdal/lib/hcrypto/dh-imath.c @@ -43,8 +43,6 @@ #include "imath/imath.h" -RCSID("$Id$"); - static void BN2mpz(mpz_t *s, const BIGNUM *bn) { diff --git a/source4/heimdal/lib/hcrypto/dh.c b/source4/heimdal/lib/hcrypto/dh.c index b0299395a2..d42ac34fd2 100644 --- a/source4/heimdal/lib/hcrypto/dh.c +++ b/source4/heimdal/lib/hcrypto/dh.c @@ -35,8 +35,6 @@ #include <config.h> #endif -RCSID("$Id$"); - #include <stdio.h> #include <stdlib.h> #include <dh.h> diff --git a/source4/heimdal/lib/hcrypto/dsa.c b/source4/heimdal/lib/hcrypto/dsa.c index 6606a5e7c1..a5bdbabad1 100644 --- a/source4/heimdal/lib/hcrypto/dsa.c +++ b/source4/heimdal/lib/hcrypto/dsa.c @@ -31,11 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include <config.h> -#endif - -RCSID("$Id$"); #include <stdio.h> #include <stdlib.h> diff --git a/source4/heimdal/lib/hcrypto/engine.c b/source4/heimdal/lib/hcrypto/engine.c index 61d5f93825..8066d59cf8 100644 --- a/source4/heimdal/lib/hcrypto/engine.c +++ b/source4/heimdal/lib/hcrypto/engine.c @@ -31,11 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include <config.h> -#endif - -RCSID("$Id$"); #include <stdio.h> #include <stdlib.h> diff --git a/source4/heimdal/lib/hcrypto/evp-hcrypto.c b/source4/heimdal/lib/hcrypto/evp-hcrypto.c index 6897385619..d176e2edfa 100644 --- a/source4/heimdal/lib/hcrypto/evp-hcrypto.c +++ b/source4/heimdal/lib/hcrypto/evp-hcrypto.c @@ -31,11 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include <config.h> -#endif - -RCSID("$Id$"); #define HC_DEPRECATED diff --git a/source4/heimdal/lib/hcrypto/md2.c b/source4/heimdal/lib/hcrypto/md2.c index e82169c705..26254acee5 100644 --- a/source4/heimdal/lib/hcrypto/md2.c +++ b/source4/heimdal/lib/hcrypto/md2.c @@ -31,12 +31,8 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id$"); -#endif - #include "hash.h" #include "md2.h" diff --git a/source4/heimdal/lib/hcrypto/md4.c b/source4/heimdal/lib/hcrypto/md4.c index 56e2ac97c6..435e662a42 100644 --- a/source4/heimdal/lib/hcrypto/md4.c +++ b/source4/heimdal/lib/hcrypto/md4.c @@ -31,12 +31,8 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id$"); -#endif - #include "hash.h" #include "md4.h" diff --git a/source4/heimdal/lib/hcrypto/md5.c b/source4/heimdal/lib/hcrypto/md5.c index ffc7bb9ec6..f99078737b 100644 --- a/source4/heimdal/lib/hcrypto/md5.c +++ b/source4/heimdal/lib/hcrypto/md5.c @@ -31,12 +31,8 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id$"); -#endif - #include "hash.h" #include "md5.h" diff --git a/source4/heimdal/lib/hcrypto/pkcs12.c b/source4/heimdal/lib/hcrypto/pkcs12.c index 11afa0b68f..92a40fa69a 100644 --- a/source4/heimdal/lib/hcrypto/pkcs12.c +++ b/source4/heimdal/lib/hcrypto/pkcs12.c @@ -31,11 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include <config.h> -#endif - -RCSID("$Id$"); #include <stdio.h> #include <stdlib.h> diff --git a/source4/heimdal/lib/hcrypto/pkcs5.c b/source4/heimdal/lib/hcrypto/pkcs5.c index 6537561e51..18045e236f 100644 --- a/source4/heimdal/lib/hcrypto/pkcs5.c +++ b/source4/heimdal/lib/hcrypto/pkcs5.c @@ -31,11 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include <config.h> -#endif - -RCSID("$Id$"); #ifdef KRB5 #include <krb5-types.h> diff --git a/source4/heimdal/lib/hcrypto/rand-egd.c b/source4/heimdal/lib/hcrypto/rand-egd.c index 168c15114a..00d3286f24 100644 --- a/source4/heimdal/lib/hcrypto/rand-egd.c +++ b/source4/heimdal/lib/hcrypto/rand-egd.c @@ -31,11 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include <config.h> -#endif - -RCSID("$Id$"); #include <sys/types.h> #ifdef HAVE_SYS_UN_H diff --git a/source4/heimdal/lib/hcrypto/rand-fortuna.c b/source4/heimdal/lib/hcrypto/rand-fortuna.c index ebb4e6e180..c39c713901 100644 --- a/source4/heimdal/lib/hcrypto/rand-fortuna.c +++ b/source4/heimdal/lib/hcrypto/rand-fortuna.c @@ -29,11 +29,7 @@ * $PostgreSQL: pgsql/contrib/pgcrypto/fortuna.c,v 1.8 2006/10/04 00:29:46 momjian Exp $ */ -#ifdef HAVE_CONFIG_H #include <config.h> -#endif - -RCSID("$Id$"); #include <stdio.h> #include <stdlib.h> diff --git a/source4/heimdal/lib/hcrypto/rand-timer.c b/source4/heimdal/lib/hcrypto/rand-timer.c index 86ff22c300..994c3210e9 100644 --- a/source4/heimdal/lib/hcrypto/rand-timer.c +++ b/source4/heimdal/lib/hcrypto/rand-timer.c @@ -31,11 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include <config.h> -#endif - -RCSID("$Id$"); #include <stdio.h> #include <stdlib.h> diff --git a/source4/heimdal/lib/hcrypto/rand-unix.c b/source4/heimdal/lib/hcrypto/rand-unix.c index 07d81eb620..2bfa265fa4 100644 --- a/source4/heimdal/lib/hcrypto/rand-unix.c +++ b/source4/heimdal/lib/hcrypto/rand-unix.c @@ -31,11 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include <config.h> -#endif - -RCSID("$Id$"); #include <stdio.h> #include <stdlib.h> diff --git a/source4/heimdal/lib/hcrypto/rand.c b/source4/heimdal/lib/hcrypto/rand.c index a61c9cdfb2..3cd65989c6 100644 --- a/source4/heimdal/lib/hcrypto/rand.c +++ b/source4/heimdal/lib/hcrypto/rand.c @@ -31,11 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include <config.h> -#endif - -RCSID("$Id$"); #include <stdio.h> #include <stdlib.h> diff --git a/source4/heimdal/lib/hcrypto/rc2.c b/source4/heimdal/lib/hcrypto/rc2.c index 917914968c..dcfe42d02d 100644 --- a/source4/heimdal/lib/hcrypto/rc2.c +++ b/source4/heimdal/lib/hcrypto/rc2.c @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id$"); -#endif #include "rc2.h" #include <stdio.h> diff --git a/source4/heimdal/lib/hcrypto/rc4.c b/source4/heimdal/lib/hcrypto/rc4.c index 9e696f78a2..81cf093e4d 100644 --- a/source4/heimdal/lib/hcrypto/rc4.c +++ b/source4/heimdal/lib/hcrypto/rc4.c @@ -33,12 +33,8 @@ /* implemented from description in draft-kaukonen-cipher-arcfour-03.txt */ -#ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id$"); -#endif - #include <rc4.h> #define SWAP(k,x,y) \ diff --git a/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c b/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c index 57f13177df..3dd2555812 100644 --- a/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c +++ b/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c @@ -28,11 +28,8 @@ /* "$NetBSD: rijndael-alg-fst.c,v 1.5 2001/11/13 01:40:10 lukem Exp $" */ -#ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id$"); -#endif #ifdef KRB5 #include <krb5-types.h> diff --git a/source4/heimdal/lib/hcrypto/rnd_keys.c b/source4/heimdal/lib/hcrypto/rnd_keys.c index 94370513e2..9baf00212c 100644 --- a/source4/heimdal/lib/hcrypto/rnd_keys.c +++ b/source4/heimdal/lib/hcrypto/rnd_keys.c @@ -31,11 +31,8 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id$"); -#endif #define HC_DEPRECATED diff --git a/source4/heimdal/lib/hcrypto/rsa-imath.c b/source4/heimdal/lib/hcrypto/rsa-imath.c index 5240279761..2641dc1bc4 100644 --- a/source4/heimdal/lib/hcrypto/rsa-imath.c +++ b/source4/heimdal/lib/hcrypto/rsa-imath.c @@ -31,11 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include <config.h> -#endif - -RCSID("$Id$"); #include <stdio.h> #include <stdlib.h> diff --git a/source4/heimdal/lib/hcrypto/rsa.c b/source4/heimdal/lib/hcrypto/rsa.c index f3095e7d3d..9b9ecea674 100644 --- a/source4/heimdal/lib/hcrypto/rsa.c +++ b/source4/heimdal/lib/hcrypto/rsa.c @@ -31,11 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include <config.h> -#endif - -RCSID("$Id$"); #include <stdio.h> #include <stdlib.h> diff --git a/source4/heimdal/lib/hcrypto/sha.c b/source4/heimdal/lib/hcrypto/sha.c index fd48672784..062f70509c 100644 --- a/source4/heimdal/lib/hcrypto/sha.c +++ b/source4/heimdal/lib/hcrypto/sha.c @@ -31,12 +31,8 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id$"); -#endif - #include "hash.h" #include "sha.h" diff --git a/source4/heimdal/lib/hcrypto/sha256.c b/source4/heimdal/lib/hcrypto/sha256.c index 922fb055af..baa87d15ff 100644 --- a/source4/heimdal/lib/hcrypto/sha256.c +++ b/source4/heimdal/lib/hcrypto/sha256.c @@ -31,12 +31,8 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id$"); -#endif - #include "hash.h" #include "sha.h" diff --git a/source4/heimdal/lib/hcrypto/ui.c b/source4/heimdal/lib/hcrypto/ui.c index 91abf76371..ca8c8442b5 100644 --- a/source4/heimdal/lib/hcrypto/ui.c +++ b/source4/heimdal/lib/hcrypto/ui.c @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id$"); -#endif #include <stdio.h> #include <stdlib.h> diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c index fe94135030..9ece38e145 100644 --- a/source4/heimdal/lib/krb5/context.c +++ b/source4/heimdal/lib/krb5/context.c @@ -291,9 +291,7 @@ krb5_init_context(krb5_context *context) *context = NULL; /* should have a run_once */ -#if defined(HEIMDAL_LOCALEDIR) bindtextdomain(HEIMDAL_TEXTDOMAIN, HEIMDAL_LOCALEDIR); -#endif p = calloc(1, sizeof(*p)); if(!p) @@ -837,31 +835,21 @@ krb5_init_ets(krb5_context context) { if(context->et_list == NULL){ krb5_add_et_list(context, initialize_krb5_error_table_r); -#if defined(HEIMDAL_LOCALEDIR) bindtextdomain(COM_ERR_BINDDOMAIN_krb5, HEIMDAL_LOCALEDIR); -#endif krb5_add_et_list(context, initialize_asn1_error_table_r); -#if defined(HEIMDAL_LOCALEDIR) bindtextdomain(COM_ERR_BINDDOMAIN_asn1, HEIMDAL_LOCALEDIR); -#endif krb5_add_et_list(context, initialize_heim_error_table_r); -#if defined(HEIMDAL_LOCALEDIR) bindtextdomain(COM_ERR_BINDDOMAIN_heim, HEIMDAL_LOCALEDIR); -#endif krb5_add_et_list(context, initialize_k524_error_table_r); -#if defined(HEIMDAL_LOCALEDIR) bindtextdomain(COM_ERR_BINDDOMAIN_k524, HEIMDAL_LOCALEDIR); -#endif #ifdef PKINIT krb5_add_et_list(context, initialize_hx_error_table_r); -#if defined(HEIMDAL_LOCALEDIR) bindtextdomain(COM_ERR_BINDDOMAIN_hx, HEIMDAL_LOCALEDIR); #endif -#endif } } diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h index 2d8bc07de3..b56219cced 100644 --- a/source4/heimdal/lib/krb5/krb5_locl.h +++ b/source4/heimdal/lib/krb5/krb5_locl.h @@ -116,7 +116,7 @@ struct sockaddr_dl; #define HEIMDAL_TEXTDOMAIN "heimdal_krb5" -#ifdef HAVE_LIBINTL_H +#ifdef LIBINTL #include <libintl.h> #define N_(x,y) dgettext(HEIMDAL_TEXTDOMAIN, x) #else diff --git a/source4/heimdal/lib/roken/vis.hin b/source4/heimdal/lib/roken/vis.hin index 737b2eb8f6..a1481b789e 100644 --- a/source4/heimdal/lib/roken/vis.hin +++ b/source4/heimdal/lib/roken/vis.hin @@ -104,21 +104,45 @@ int ROKEN_LIB_FUNCTION rk_unvis(char *, int, int *, int); ROKEN_CPP_END +#ifndef HAVE_VIS #undef vis #define vis(a,b,c,d) rk_vis(a,b,c,d) +#endif + +#ifndef HAVE_SVIS #undef svis #define svis(a,b,c,d,e) rk_svis(a,b,c,d,e) +#endif + +#ifndef HAVE_STRVIS #undef strvis #define strvis(a,b,c) rk_strvis(a,b,c) +#endif + +#ifndef HAVE_STRSVIS #undef strsvis #define strsvis(a,b,c,d) rk_strsvis(a,b,c,d) +#endif + +#ifndef HAVE_STRVISX #undef strvisx #define strvisx(a,b,c,d) rk_strvisx(a,b,c,d) +#endif + +#ifndef HAVE_STRSVISX #undef strsvisx #define strsvisx(a,b,c,d,e) rk_strsvisx(a,b,c,d,e) +#endif + +#ifndef HAVE_STRUNVIS #undef strunvis #define strunvis(a,b) rk_strunvis(a,b) +#endif + + +#ifndef HAVE_UNVIS #undef unvis #define unvis(a,b,c,d) rk_unvis(a,b,c,d) +#endif #endif /* !_VIS_H_ */ diff --git a/source4/heimdal_build/roken.h b/source4/heimdal_build/roken.h index 87060cff17..ea9103e15d 100644 --- a/source4/heimdal_build/roken.h +++ b/source4/heimdal_build/roken.h @@ -10,6 +10,7 @@ /* HDB module dir - set to Samba LIBDIR/hdb ? */ #define HDBDIR "/usr/heimdal/lib" #define LIBDIR "/usr/heimdal/lib" +#define HEIMDAL_LOCALEDIR "/usr/heimdal/locale" /* Maximum values on all known systems */ #define MaxHostNameLen (64+4) diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 72431e9669..b119620339 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -51,6 +51,7 @@ void ldapsrv_terminate_connection(struct ldapsrv_connection *conn, { packet_recv_disable(conn->packet); TALLOC_FREE(conn->packet); + TALLOC_FREE(conn->sockets.tls); stream_terminate_connection(conn->connection, reason); } diff --git a/source4/lib/ldb/common/attrib_handlers.c b/source4/lib/ldb/common/attrib_handlers.c index 9cb9ff886c..3ea9857d52 100644 --- a/source4/lib/ldb/common/attrib_handlers.c +++ b/source4/lib/ldb/common/attrib_handlers.c @@ -187,13 +187,13 @@ int ldb_comparison_fold(struct ldb_context *ldb, void *mem_ctx, { const char *s1=(const char *)v1->data, *s2=(const char *)v2->data; size_t n1 = v1->length, n2 = v2->length; - const char *u1, *u2; char *b1, *b2; + const char *u1, *u2; int ret; - while (*s1 == ' ' && n1) { s1++; n1--; }; - while (*s2 == ' ' && n2) { s2++; n2--; }; - /* TODO: make utf8 safe, possibly with helper function from application */ - while (*s1 && *s2 && n1 && n2) { + while (n1 && *s1 == ' ') { s1++; n1--; }; + while (n2 && *s2 == ' ') { s2++; n2--; }; + + while (n1 && n2 && *s1 && *s2) { /* the first 127 (0x7F) chars are ascii and utf8 guarantes they * never appear in multibyte sequences */ if (((unsigned char)s1[0]) & 0x80) goto utf8str; @@ -201,40 +201,58 @@ int ldb_comparison_fold(struct ldb_context *ldb, void *mem_ctx, if (toupper((unsigned char)*s1) != toupper((unsigned char)*s2)) break; if (*s1 == ' ') { - while (s1[0] == s1[1] && n1) { s1++; n1--; } - while (s2[0] == s2[1] && n2) { s2++; n2--; } + while (n1 && s1[0] == s1[1]) { s1++; n1--; } + while (n2 && s2[0] == s2[1]) { s2++; n2--; } } s1++; s2++; n1--; n2--; } - if (! (*s1 && *s2)) { - /* check for trailing spaces only if one of the pointers - * has reached the end of the strings otherwise we - * can mistakenly match. - * ex. "domain users" <-> "domainUpdates" - */ - while (*s1 == ' ') { s1++; n1--; } - while (*s2 == ' ') { s2++; n2--; } + + /* check for trailing spaces only if the other pointers has + * reached the end of the strings otherwise we can + * mistakenly match. ex. "domain users" <-> + * "domainUpdates" + */ + if (n1 && *s1 == ' ' && (!n2 || !*s2)) { + while (n1 && *s1 == ' ') { s1++; n1--; } + } + if (n2 && *s2 == ' ' && (!n1 || !*s1)) { + while (n2 && *s2 == ' ') { s2++; n2--; } + } + if (n1 == 0 && n2 != 0) { + return -(int)toupper(*s2); + } + if (n2 == 0 && n1 != 0) { + return (int)toupper(*s1); } - return (int)(toupper(*s1)) - (int)(toupper(*s2)); + if (n2 == 0 && n2 == 0) { + return 0; + } + return (int)toupper(*s1) - (int)toupper(*s2); utf8str: /* no need to recheck from the start, just from the first utf8 char found */ b1 = ldb_casefold(ldb, mem_ctx, s1, n1); b2 = ldb_casefold(ldb, mem_ctx, s2, n2); - if (b1 && b2) { - /* Both strings converted correctly */ - - u1 = b1; - u2 = b2; - } else { - /* One of the strings was not UTF8, so we have no options but to do a binary compare */ - - u1 = s1; - u2 = s2; + if (!b1 || !b2) { + /* One of the strings was not UTF8, so we have no + * options but to do a binary compare */ + talloc_free(b1); + talloc_free(b2); + if (memcmp(s1, s2, MIN(n1, n2)) == 0) { + if (n1 == n2) return 0; + if (n1 > n2) { + return (int)toupper(s1[n2]); + } else { + return -(int)toupper(s2[n1]); + } + } } + u1 = b1; + u2 = b2; + while (*u1 & *u2) { if (*u1 != *u2) break; diff --git a/source4/lib/ldb/modules/rdn_name.c b/source4/lib/ldb/modules/rdn_name.c index e9f873f073..8b54f52b5e 100644 --- a/source4/lib/ldb/modules/rdn_name.c +++ b/source4/lib/ldb/modules/rdn_name.c @@ -1,8 +1,8 @@ /* ldb database library - Copyright (C) Andrew Bartlet 2005 - Copyright (C) Simo Sorce 2006-2008 + Copyright (C) Andrew Bartlett 2005 + Copyright (C) Simo Sorce 2006-2008 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -23,13 +23,13 @@ */ /* - * Name: rdb_name + * Name: rdn_name * * Component: ldb rdn name module * * Description: keep a consistent name attribute on objects manpulations * - * Author: Andrew Bartlet + * Author: Andrew Bartlett * * Modifications: * - made the module async @@ -156,9 +156,15 @@ static int rdn_name_add(struct ldb_module *module, struct ldb_request *req) } } if (i == attribute->num_values) { - ldb_debug_set(ldb, LDB_DEBUG_FATAL, - "RDN mismatch on %s: %s (%s)", - ldb_dn_get_linearized(msg->dn), rdn_name, rdn_val.data); + char *rdn_errstring = talloc_asprintf(ac, "RDN mismatch on %s: %s (%.*s) should match one of:", + ldb_dn_get_linearized(msg->dn), rdn_name, + (int)rdn_val.length, (const char *)rdn_val.data); + for (i = 0; i < attribute->num_values; i++) { + rdn_errstring = talloc_asprintf_append(rdn_errstring, " (%.*s)", + (int)attribute->values[i].length, + (const char *)attribute->values[i].data); + } + ldb_debug_set(ldb, LDB_DEBUG_FATAL, "%s", rdn_errstring); talloc_free(ac); /* Match AD's error here */ return LDB_ERR_INVALID_DN_SYNTAX; diff --git a/source4/lib/messaging/messaging.c b/source4/lib/messaging/messaging.c index cfceeffac7..277688e8b6 100644 --- a/source4/lib/messaging/messaging.c +++ b/source4/lib/messaging/messaging.c @@ -596,7 +596,7 @@ struct messaging_context *messaging_init(TALLOC_CTX *mem_ctx, /* it needs to be non blocking for sends */ set_blocking(socket_get_fd(msg->sock), false); - msg->event.ev = talloc_reference(msg, ev); + msg->event.ev = ev; msg->event.fde = event_add_fd(ev, msg, socket_get_fd(msg->sock), EVENT_FD_READ, messaging_handler, msg); diff --git a/source4/libcli/composite/composite.c b/source4/libcli/composite/composite.c index ab32175d00..7262ebce54 100644 --- a/source4/libcli/composite/composite.c +++ b/source4/libcli/composite/composite.c @@ -42,11 +42,7 @@ _PUBLIC_ struct composite_context *composite_create(TALLOC_CTX *mem_ctx, c = talloc_zero(mem_ctx, struct composite_context); if (!c) return NULL; c->state = COMPOSITE_STATE_IN_PROGRESS; - c->event_ctx = talloc_reference(c, ev); - if (!c->event_ctx) { - talloc_free(c); - return NULL; - } + c->event_ctx = ev; return c; } diff --git a/source4/libcli/dgram/dgramsocket.c b/source4/libcli/dgram/dgramsocket.c index 751706d2c5..365960edb6 100644 --- a/source4/libcli/dgram/dgramsocket.c +++ b/source4/libcli/dgram/dgramsocket.c @@ -166,7 +166,7 @@ struct nbt_dgram_socket *nbt_dgram_socket_init(TALLOC_CTX *mem_ctx, dgmsock = talloc(mem_ctx, struct nbt_dgram_socket); if (dgmsock == NULL) goto failed; - dgmsock->event_ctx = talloc_reference(dgmsock, event_ctx); + dgmsock->event_ctx = event_ctx; if (dgmsock->event_ctx == NULL) goto failed; status = socket_create("ip", SOCKET_TYPE_DGRAM, &dgmsock->sock, 0); diff --git a/source4/libcli/raw/clisocket.c b/source4/libcli/raw/clisocket.c index b9e83218dd..02da4917e3 100644 --- a/source4/libcli/raw/clisocket.c +++ b/source4/libcli/raw/clisocket.c @@ -61,7 +61,7 @@ struct composite_context *smbcli_sock_connect_send(TALLOC_CTX *mem_ctx, if (result == NULL) goto failed; result->state = COMPOSITE_STATE_IN_PROGRESS; - result->event_ctx = talloc_reference(result, event_ctx); + result->event_ctx = event_ctx; if (result->event_ctx == NULL) goto failed; state = talloc(result, struct sock_connect_state); @@ -118,8 +118,7 @@ static void smbcli_sock_connect_recv_conn(struct composite_context *ctx) state->result->port = port; state->result->hostname = talloc_steal(sock, state->host_name); - state->result->event.ctx = - talloc_reference(state->result, state->ctx->event_ctx); + state->result->event.ctx = state->ctx->event_ctx; if (composite_nomem(state->result->event.ctx, state->ctx)) return; composite_done(state->ctx); diff --git a/source4/libcli/raw/interfaces.h b/source4/libcli/raw/interfaces.h index 478b6585d4..75b7175ac3 100644 --- a/source4/libcli/raw/interfaces.h +++ b/source4/libcli/raw/interfaces.h @@ -22,7 +22,8 @@ #ifndef __LIBCLI_RAW_INTERFACES_H__ #define __LIBCLI_RAW_INTERFACES_H__ -#include "smb.h" +#include "libcli/raw/smb.h" +#include "libcli/smb2/smb2_constants.h" #include "librpc/gen_ndr/misc.h" /* for struct GUID */ /* this structure is just a wrapper for a string, the only reason we @@ -2447,22 +2448,6 @@ union smb_search_first { } out; } t2ffirst; -/* - SMB2 uses different level numbers for the same old SMB trans2 search levels -*/ -#define SMB2_FIND_DIRECTORY_INFO 0x01 -#define SMB2_FIND_FULL_DIRECTORY_INFO 0x02 -#define SMB2_FIND_BOTH_DIRECTORY_INFO 0x03 -#define SMB2_FIND_NAME_INFO 0x0C -#define SMB2_FIND_ID_BOTH_DIRECTORY_INFO 0x25 -#define SMB2_FIND_ID_FULL_DIRECTORY_INFO 0x26 - -/* flags for SMB2 find */ -#define SMB2_CONTINUE_FLAG_RESTART 0x01 -#define SMB2_CONTINUE_FLAG_SINGLE 0x02 -#define SMB2_CONTINUE_FLAG_INDEX 0x04 -#define SMB2_CONTINUE_FLAG_REOPEN 0x10 - /* SMB2 Find */ struct smb2_find { enum smb_search_level level; diff --git a/source4/libcli/raw/raweas.c b/source4/libcli/raw/raweas.c index 09fd4aa412..ae3d4ce50a 100644 --- a/source4/libcli/raw/raweas.c +++ b/source4/libcli/raw/raweas.c @@ -18,7 +18,6 @@ */ #include "includes.h" -#include "smb.h" #include "libcli/raw/libcliraw.h" #include "libcli/raw/raw_proto.h" diff --git a/source4/libcli/raw/rawfile.c b/source4/libcli/raw/rawfile.c index 6fac7b8605..35d6b75c4d 100644 --- a/source4/libcli/raw/rawfile.c +++ b/source4/libcli/raw/rawfile.c @@ -20,7 +20,6 @@ */ #include "includes.h" -#include "smb.h" #include "libcli/raw/libcliraw.h" #include "libcli/raw/raw_proto.h" #include "librpc/gen_ndr/ndr_security.h" diff --git a/source4/libcli/raw/rawlpq.c b/source4/libcli/raw/rawlpq.c index eddb3e0843..5c44772e03 100644 --- a/source4/libcli/raw/rawlpq.c +++ b/source4/libcli/raw/rawlpq.c @@ -18,7 +18,6 @@ */ #include "includes.h" -#include "smb.h" #include "libcli/raw/libcliraw.h" #include "libcli/raw/raw_proto.h" diff --git a/source4/libcli/raw/smb_signing.c b/source4/libcli/raw/smb_signing.c index 9f94039078..84e0ad62a4 100644 --- a/source4/libcli/raw/smb_signing.c +++ b/source4/libcli/raw/smb_signing.c @@ -20,7 +20,6 @@ */ #include "includes.h" -#include "smb.h" #include "libcli/raw/libcliraw.h" #include "libcli/raw/raw_proto.h" #include "../lib/crypto/crypto.h" diff --git a/source4/libcli/smb2/smb2_calls.h b/source4/libcli/smb2/smb2_calls.h index b89770fbe6..bea0573c26 100644 --- a/source4/libcli/smb2/smb2_calls.h +++ b/source4/libcli/smb2/smb2_calls.h @@ -52,18 +52,6 @@ struct smb2_negprot { } out; }; -/* getinfo classes */ -#define SMB2_GETINFO_FILE 0x01 -#define SMB2_GETINFO_FS 0x02 -#define SMB2_GETINFO_SECURITY 0x03 -#define SMB2_GETINFO_QUOTA 0x04 - -#define SMB2_GETINFO_ADD_OWNER_SECURITY 0x01 -#define SMB2_GETINFO_ADD_GROUP_SECURITY 0x02 -#define SMB2_GETINFO_ADD_DACL_SECURITY 0x04 -#define SMB2_GETINFO_ADD_SACL_SECURITY 0x08 -#define SMB2_GETINFO_ADD_LABEL_SECURITY 0x10 - /* NOTE! the getinfo fs and file levels exactly match up with the 'passthru' SMB levels, which are levels >= 1000. The SMB2 client lib uses the names from the libcli/raw/ library */ diff --git a/source4/libcli/smb2/smb2_constants.h b/source4/libcli/smb2/smb2_constants.h index f1681a3076..3047809b74 100644 --- a/source4/libcli/smb2/smb2_constants.h +++ b/source4/libcli/smb2/smb2_constants.h @@ -150,4 +150,26 @@ #define SMB2_CREATE_OPTIONS_NOT_SUPPORTED_MASK (NTCREATEX_OPTIONS_TREE_CONNECTION | \ NTCREATEX_OPTIONS_OPFILTER) +/* + SMB2 uses different level numbers for the same old SMB trans2 search levels +*/ +#define SMB2_FIND_DIRECTORY_INFO 0x01 +#define SMB2_FIND_FULL_DIRECTORY_INFO 0x02 +#define SMB2_FIND_BOTH_DIRECTORY_INFO 0x03 +#define SMB2_FIND_NAME_INFO 0x0C +#define SMB2_FIND_ID_BOTH_DIRECTORY_INFO 0x25 +#define SMB2_FIND_ID_FULL_DIRECTORY_INFO 0x26 + +/* flags for SMB2 find */ +#define SMB2_CONTINUE_FLAG_RESTART 0x01 +#define SMB2_CONTINUE_FLAG_SINGLE 0x02 +#define SMB2_CONTINUE_FLAG_INDEX 0x04 +#define SMB2_CONTINUE_FLAG_REOPEN 0x10 + +/* getinfo classes */ +#define SMB2_GETINFO_FILE 0x01 +#define SMB2_GETINFO_FS 0x02 +#define SMB2_GETINFO_SECURITY 0x03 +#define SMB2_GETINFO_QUOTA 0x04 + #endif diff --git a/source4/libcli/smb2/util.c b/source4/libcli/smb2/util.c index a360d8fbdf..8602c91a9f 100644 --- a/source4/libcli/smb2/util.c +++ b/source4/libcli/smb2/util.c @@ -113,6 +113,7 @@ int smb2_deltree(struct smb2_tree *tree, const char *dname) TALLOC_CTX *tmp_ctx = talloc_new(tree); struct smb2_find f; struct smb2_create create_parm; + bool did_delete; /* it might be a file */ status = smb2_util_unlink(tree, dname); @@ -154,45 +155,50 @@ int smb2_deltree(struct smb2_tree *tree, const char *dname) } - ZERO_STRUCT(f); - f.in.file.handle = create_parm.out.file.handle; - f.in.max_response_size = 0x10000; - f.in.level = SMB2_FIND_NAME_INFO; - f.in.pattern = "*"; - - status = smb2_find_level(tree, tmp_ctx, &f, &count, &list); - if (NT_STATUS_IS_ERR(status)) { - DEBUG(2,("Failed to list %s - %s\n", - dname, nt_errstr(status))); - smb2_util_close(tree, create_parm.out.file.handle); - talloc_free(tmp_ctx); - return -1; - } - - for (i=0;i<count;i++) { - char *name; - if (strcmp(".", list[i].name_info.name.s) == 0 || - strcmp("..", list[i].name_info.name.s) == 0) { - continue; + do { + did_delete = false; + + ZERO_STRUCT(f); + f.in.file.handle = create_parm.out.file.handle; + f.in.max_response_size = 0x10000; + f.in.level = SMB2_FIND_NAME_INFO; + f.in.pattern = "*"; + + status = smb2_find_level(tree, tmp_ctx, &f, &count, &list); + if (NT_STATUS_IS_ERR(status)) { + DEBUG(2,("Failed to list %s - %s\n", + dname, nt_errstr(status))); + smb2_util_close(tree, create_parm.out.file.handle); + talloc_free(tmp_ctx); + return -1; } - name = talloc_asprintf(tmp_ctx, "%s\\%s", dname, list[i].name_info.name.s); - status = smb2_util_unlink(tree, name); - if (NT_STATUS_EQUAL(status, NT_STATUS_CANNOT_DELETE)) { - /* it could be read-only */ - status = smb2_util_setatr(tree, name, FILE_ATTRIBUTE_NORMAL); + + for (i=0;i<count;i++) { + char *name; + if (strcmp(".", list[i].name_info.name.s) == 0 || + strcmp("..", list[i].name_info.name.s) == 0) { + continue; + } + name = talloc_asprintf(tmp_ctx, "%s\\%s", dname, list[i].name_info.name.s); status = smb2_util_unlink(tree, name); + if (NT_STATUS_EQUAL(status, NT_STATUS_CANNOT_DELETE)) { + /* it could be read-only */ + status = smb2_util_setatr(tree, name, FILE_ATTRIBUTE_NORMAL); + status = smb2_util_unlink(tree, name); + } + + if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) { + int ret; + ret = smb2_deltree(tree, name); + if (ret > 0) total_deleted += ret; + } + talloc_free(name); + if (NT_STATUS_IS_OK(status)) { + total_deleted++; + did_delete = true; + } } - - if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) { - int ret; - ret = smb2_deltree(tree, name); - if (ret > 0) total_deleted += ret; - } - talloc_free(name); - if (NT_STATUS_IS_OK(status)) { - total_deleted++; - } - } + } while (did_delete); smb2_util_close(tree, create_parm.out.file.handle); diff --git a/source4/libcli/smb_composite/connect.c b/source4/libcli/smb_composite/connect.c index a5d05b7af1..9a19771bc0 100644 --- a/source4/libcli/smb_composite/connect.c +++ b/source4/libcli/smb_composite/connect.c @@ -466,7 +466,7 @@ struct composite_context *smb_composite_connect_send(struct smb_composite_connec c = talloc_zero(mem_ctx, struct composite_context); if (c == NULL) goto failed; - c->event_ctx = talloc_reference(c, event_ctx); + c->event_ctx = event_ctx; if (c->event_ctx == NULL) goto failed; state = talloc_zero(c, struct connect_state); diff --git a/source4/libcli/wrepl/winsrepl.c b/source4/libcli/wrepl/winsrepl.c index 48a6abba9d..849511b606 100644 --- a/source4/libcli/wrepl/winsrepl.c +++ b/source4/libcli/wrepl/winsrepl.c @@ -171,7 +171,7 @@ struct wrepl_socket *wrepl_socket_init(TALLOC_CTX *mem_ctx, wrepl_socket = talloc_zero(mem_ctx, struct wrepl_socket); if (!wrepl_socket) return NULL; - wrepl_socket->event.ctx = talloc_reference(wrepl_socket, event_ctx); + wrepl_socket->event.ctx = event_ctx; if (!wrepl_socket->event.ctx) goto failed; wrepl_socket->iconv_convenience = iconv_convenience; @@ -205,7 +205,7 @@ struct wrepl_socket *wrepl_socket_merge(TALLOC_CTX *mem_ctx, wrepl_socket = talloc_zero(mem_ctx, struct wrepl_socket); if (wrepl_socket == NULL) goto failed; - wrepl_socket->event.ctx = talloc_reference(wrepl_socket, event_ctx); + wrepl_socket->event.ctx = event_ctx; if (wrepl_socket->event.ctx == NULL) goto failed; wrepl_socket->sock = sock; diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index 0ae56a470e..cc1331984d 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -67,7 +67,7 @@ static struct dcerpc_connection *dcerpc_connection_init(TALLOC_CTX *mem_ctx, c->iconv_convenience = talloc_reference(c, ic); - c->event_ctx = talloc_reference(c, ev); + c->event_ctx = ev; if (c->event_ctx == NULL) { talloc_free(c); diff --git a/source4/nbt_server/wins/winswack.c b/source4/nbt_server/wins/winswack.c index c53fa1d069..a58362830a 100644 --- a/source4/nbt_server/wins/winswack.c +++ b/source4/nbt_server/wins/winswack.c @@ -94,7 +94,7 @@ struct composite_context *wins_challenge_send(TALLOC_CTX *mem_ctx, struct wins_c result = talloc_zero(mem_ctx, struct composite_context); if (result == NULL) return NULL; result->state = COMPOSITE_STATE_IN_PROGRESS; - result->event_ctx = talloc_reference(result, io->in.event_ctx); + result->event_ctx = io->in.event_ctx; state = talloc_zero(result, struct wins_challenge_state); if (state == NULL) goto failed; @@ -204,7 +204,7 @@ static struct composite_context *wins_release_demand_send(TALLOC_CTX *mem_ctx, s result = talloc_zero(mem_ctx, struct composite_context); if (result == NULL) return NULL; result->state = COMPOSITE_STATE_IN_PROGRESS; - result->event_ctx = talloc_reference(result, io->in.event_ctx); + result->event_ctx = io->in.event_ctx; state = talloc_zero(result, struct wins_release_demand_state); if (state == NULL) goto failed; diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 203b6b11c0..ad7ac5a749 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -449,6 +449,35 @@ static bool pvfs_read_only(struct pvfs_state *pvfs, uint32_t access_mask) } /* + see if we are a member of the appropriate unix group + */ +static bool pvfs_group_member(struct pvfs_state *pvfs, gid_t gid) +{ + int i, ngroups; + gid_t *groups; + if (getegid() == gid) { + return true; + } + ngroups = getgroups(0, NULL); + if (ngroups == 0) { + return false; + } + groups = talloc_array(pvfs, gid_t, ngroups); + if (groups == NULL) { + return false; + } + if (getgroups(ngroups, groups) != ngroups) { + talloc_free(groups); + return false; + } + for (i=0; i<ngroups; i++) { + if (groups[i] == gid) break; + } + talloc_free(groups); + return i < ngroups; +} + +/* default access check function based on unix permissions doing this saves on building a full security descriptor for the common case of access check on files with no @@ -473,6 +502,12 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs, max_bits |= SEC_STD_ALL; } + if ((name->st.st_mode & S_IWOTH) || + ((name->st.st_mode & S_IWGRP) && + pvfs_group_member(pvfs, name->st.st_gid))) { + max_bits |= SEC_STD_ALL; + } + if (uwrap_enabled()) { /* when running with the uid wrapper, files will be created owned by the ruid, but we may have a different simulated @@ -491,6 +526,8 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs, } if (*access_mask & ~max_bits) { + DEBUG(0,(__location__ " denied access to '%s' - wanted 0x%08x but got 0x%08x (missing 0x%08x)\n", + name->full_name, *access_mask, max_bits, *access_mask & ~max_bits)); return NT_STATUS_ACCESS_DENIED; } diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c index 12f50fcc97..46e39a00dd 100644 --- a/source4/ntvfs/posix/pvfs_open.c +++ b/source4/ntvfs/posix/pvfs_open.c @@ -534,7 +534,7 @@ static int pvfs_handle_destructor(struct pvfs_file_handle *h) if (!timeval_is_zero(&tv[0]) || !timeval_is_zero(&tv[1])) { if (utimes(h->name->full_name, tv) == -1) { - DEBUG(0,("pvfs_handle_destructor: utimes() failed '%s' - %s\n", + DEBUG(3,("pvfs_handle_destructor: utimes() failed '%s' - %s\n", h->name->full_name, strerror(errno))); } } @@ -1516,6 +1516,8 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs, if (fd == -1) { status = pvfs_map_errno(f->pvfs, errno); + DEBUG(0,(__location__ " mapped errno %s for %s (was %d)\n", + nt_errstr(status), f->handle->name->full_name, errno)); /* * STATUS_MORE_ENTRIES is EAGAIN or EWOULDBLOCK */ @@ -1581,10 +1583,12 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs, if (f->handle->name->stream_id == 0 && (io->generic.in.open_disposition == NTCREATEX_DISP_OVERWRITE || io->generic.in.open_disposition == NTCREATEX_DISP_OVERWRITE_IF)) { - /* for overwrite we need to replace file permissions */ + /* for overwrite we may need to replace file permissions */ uint32_t attrib = io->ntcreatex.in.file_attr | FILE_ATTRIBUTE_ARCHIVE; mode_t mode = pvfs_fileperms(pvfs, attrib); - if (fchmod(fd, mode) == -1) { + if (f->handle->name->st.st_mode != mode && + f->handle->name->dos.attrib != attrib && + fchmod(fd, mode) == -1) { talloc_free(lck); return pvfs_map_errno(pvfs, errno); } diff --git a/source4/ntvfs/posix/pvfs_util.c b/source4/ntvfs/posix/pvfs_util.c index 81ff20a608..b1b0a64789 100644 --- a/source4/ntvfs/posix/pvfs_util.c +++ b/source4/ntvfs/posix/pvfs_util.c @@ -39,7 +39,10 @@ bool pvfs_has_wildcard(const char *str) */ NTSTATUS pvfs_map_errno(struct pvfs_state *pvfs, int unix_errno) { - return map_nt_error_from_unix(unix_errno); + NTSTATUS status; + status = map_nt_error_from_unix(unix_errno); + DEBUG(10,(__location__ " mapped unix errno %d -> %s\n", unix_errno, nt_errstr(status))); + return status; } diff --git a/source4/script/installmisc.sh b/source4/script/installmisc.sh index 257fae8dee..f8fddadfa4 100755 --- a/source4/script/installmisc.sh +++ b/source4/script/installmisc.sh @@ -10,7 +10,7 @@ echo "Installing setup templates" mkdir -p $SETUPDIR || exit 1 mkdir -p $SETUPDIR/ad-schema || exit 1 cp setup/ad-schema/*.txt $SETUPDIR/ad-schema || exit 1 -for p in enableaccount newuser provision provision-backend setexpiry setpassword +for p in enableaccount newuser provision provision-backend setexpiry setpassword pwsettings do chmod a+x setup/$p cp setup/$p $SETUPDIR || exit 1 diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py index 6cb2469846..631f31c6aa 100644 --- a/source4/scripting/python/samba/samdb.py +++ b/source4/scripting/python/samba/samdb.py @@ -81,8 +81,7 @@ description: %s """ res = self.search(user_dn, ldb.SCOPE_BASE, None, ["userAccountControl"]) assert len(res) == 1 - userAccountControl = res[0]["userAccountControl"][0] - userAccountControl = int(userAccountControl) + userAccountControl = int(res[0]["userAccountControl"][0]) if (userAccountControl & 0x2): userAccountControl = userAccountControl & ~0x2 # remove disabled bit if (userAccountControl & 0x20): diff --git a/source4/setup/enableaccount b/source4/setup/enableaccount index b270da0097..1b7341946f 100755 --- a/source4/setup/enableaccount +++ b/source4/setup/enableaccount @@ -56,7 +56,6 @@ else: samdb = SamDB(url=url, session_info=system_session(), credentials=creds, lp=lp) -domain_dn = opts.base if opts.base is None: res = samdb.search("", scope=ldb.SCOPE_BASE, expression="(defaultNamingContext=*)", diff --git a/source4/setup/pwsettings b/source4/setup/pwsettings new file mode 100755 index 0000000000..8a4489b287 --- /dev/null +++ b/source4/setup/pwsettings @@ -0,0 +1,202 @@ +#!/usr/bin/python +# +# Sets password settings (Password complexity, history length, +# minimum password length, the minimum and maximum password age) on a +# Samba4 server +# +# Copyright Jelmer Vernooij 2008 +# Copyright Matthias Dieter Wallnoefer 2009 +# Released under the GNU GPL version 3 or later +# +import os, sys + +sys.path.insert(0, os.path.join(os.path.dirname(sys.argv[0]), "../bin/python")) + +import samba.getopt as options +import optparse +import pwd +import ldb + +from samba.auth import system_session +from samba.samdb import SamDB +from samba.dcerpc.samr import DOMAIN_PASSWORD_COMPLEX + +parser = optparse.OptionParser("pwsettings (show | set <options>)") +sambaopts = options.SambaOptions(parser) +parser.add_option_group(sambaopts) +parser.add_option_group(options.VersionOptions(parser)) +credopts = options.CredentialsOptions(parser) +parser.add_option_group(credopts) +parser.add_option("-H", help="LDB URL for database or target server", type=str) +parser.add_option("--complexity", + help="The password complexity (on | off). Default is 'on'", type=str) +parser.add_option("--history-length", + help="The password history length (<integer> | default)", type=str) +parser.add_option("--min-pwd-length", + help="The minimum password length (<integer> | default)", type=str) +parser.add_option("--min-pwd-age", + help="The minimum password age (<integer in days> | default)", type=str) +parser.add_option("--max-pwd-age", + help="The maximum password age (<integer in days> | default)", type=str) + +opts, args = parser.parse_args() + +# +# print a message if quiet is not set +# +def message(text): + if not opts.quiet: + print text + +if len(args) == 0: + parser.print_usage() + sys.exit(1) + +lp = sambaopts.get_loadparm() + +creds = credopts.get_credentials(lp) + +if opts.H is not None: + url = opts.H +else: + url = lp.get("sam database") + +samdb = SamDB(url=url, session_info=system_session(), + credentials=creds, lp=lp) + +res = samdb.search("", scope=ldb.SCOPE_BASE, + expression="(defaultNamingContext=*)", + attrs=["defaultNamingContext"]) +assert(len(res) == 1 and res[0]["defaultNamingContext"] is not None) +domain_dn = res[0]["defaultNamingContext"][0] + +res = samdb.search(domain_dn, scope=ldb.SCOPE_BASE, attrs=["pwdProperties", + "pwdHistoryLength", "minPwdLength", "minPwdAge", "maxPwdAge"]) +assert(len(res) == 1) +try: + pwd_props = int(res[0]["pwdProperties"][0]) + pwd_hist_len = int(res[0]["pwdHistoryLength"][0]) + min_pwd_len = int(res[0]["minPwdLength"][0]) + min_pwd_age = int(res[0]["minPwdAge"][0]) + max_pwd_age = int(res[0]["maxPwdAge"][0]) +except: + if args[0] == "show": + print "ERROR: Password informations missing in your AD domain object!" + print "So no settings can be displayed!" + sys.exit(1) + else: + if pwd_props is None: + pwd_props = 0 + print "WARNING: Assuming previous password properties 0 (used for password complexity setting)" + +if args[0] == "show": + print "Password informations for domain '" + domain_dn + "'" + print "" + if pwd_props & DOMAIN_PASSWORD_COMPLEX != 0: + print "Password complexity: on" + else: + print "Password complexity: off" + print "Password history length: " + str(pwd_hist_len) + print "Minimum password length: " + str(min_pwd_len) + print "Minimum password age: " + str(min_pwd_age) + print "Maximum password age: " + str(max_pwd_age) + +elif args[0] == "set": + if opts.complexity is not None: + if opts.complexity == "on": + pwd_props = pwd_props | DOMAIN_PASSWORD_COMPLEX + + m = ldb.Message() + m.dn = ldb.Dn(samdb, domain_dn) + m["pwdProperties"] = ldb.MessageElement([], + ldb.CHANGETYPE_DELETE, "pwdProperties") + samdb.modify(m) + m["pwdProperties"] = ldb.MessageElement(str(pwd_props), + ldb.CHANGETYPE_ADD, "pwdProperties") + samdb.modify(m) + print "Password complexity activated!" + elif opts.complexity == "off": + pwd_props = pwd_props & (~DOMAIN_PASSWORD_COMPLEX) + + m = ldb.Message() + m.dn = ldb.Dn(samdb, domain_dn) + m["pwdProperties"] = ldb.MessageElement([], + ldb.CHANGETYPE_DELETE, "pwdProperties") + samdb.modify(m) + m["pwdProperties"] = ldb.MessageElement(str(pwd_props), + ldb.CHANGETYPE_ADD, "pwdProperties") + samdb.modify(m) + print "Password complexity deactivated!" + else: + print "ERROR: Wrong argument '" + opts.complexity + "'!" + sys.exit(1) + + if opts.history_length is not None: + if opts.history_length == "default": + pwd_hist_len = 24 + else: + pwd_hist_len = int(opts.history_length) + + m = ldb.Message() + m.dn = ldb.Dn(samdb, domain_dn) + m["pwdHistoryLength"] = ldb.MessageElement([], + ldb.CHANGETYPE_DELETE, "pwdHistoryLength") + samdb.modify(m) + m["pwdHistoryLength"] = ldb.MessageElement(str(pwd_hist_len), + ldb.CHANGETYPE_ADD, "pwdHistoryLength") + samdb.modify(m) + print "Password history length changed!" + + if opts.min_pwd_length is not None: + if opts.min_pwd_length == "default": + min_pwd_len = 7 + else: + min_pwd_len = int(opts.min_pwd_length) + + m = ldb.Message() + m.dn = ldb.Dn(samdb, domain_dn) + m["minPwdLength"] = ldb.MessageElement([], + ldb.CHANGETYPE_DELETE, "minPwdLength") + samdb.modify(m) + m["minPwdLength"] = ldb.MessageElement(str(min_pwd_len), + ldb.CHANGETYPE_ADD, "minPwdLength") + samdb.modify(m) + print "Minimum password length changed!" + + if opts.min_pwd_age is not None: + if opts.min_pwd_age == "default": + min_pwd_age = 0 + else: + min_pwd_age = int(opts.min_pwd_age) + + m = ldb.Message() + m.dn = ldb.Dn(samdb, domain_dn) + m["minPwdAge"] = ldb.MessageElement([], + ldb.CHANGETYPE_DELETE, "minPwdAge") + samdb.modify(m) + m["minPwdAge"] = ldb.MessageElement(str(min_pwd_age), + ldb.CHANGETYPE_ADD, "minPwdAge") + samdb.modify(m) + print "Minimum password age changed!" + + if opts.max_pwd_age is not None: + if opts.max_pwd_age == "default": + max_pwd_age = -37108517437440 + else: + max_pwd_age = int(opts.max_pwd_age) + + m = ldb.Message() + m.dn = ldb.Dn(samdb, domain_dn) + m["maxPwdAge"] = ldb.MessageElement([], + ldb.CHANGETYPE_DELETE, "maxPwdAge") + samdb.modify(m) + m["maxPwdAge"] = ldb.MessageElement(str(max_pwd_age), + ldb.CHANGETYPE_ADD, "maxPwdAge") + samdb.modify(m) + print "Maximum password age changed!" + + print "All changes applied successfully!" + +else: + print "ERROR: Wrong argument '" + args[0] + "'!" + sys.exit(1) diff --git a/source4/setup/secrets_sasl_ldap.ldif b/source4/setup/secrets_sasl_ldap.ldif index 81ccfee209..cccbedb926 100644 --- a/source4/setup/secrets_sasl_ldap.ldif +++ b/source4/setup/secrets_sasl_ldap.ldif @@ -5,5 +5,3 @@ cn: SAMDB Credentials secret:: ${LDAPADMINPASS_B64} samAccountName: ${LDAPADMINUSER} realm: ${LDAPADMINREALM} - - diff --git a/source4/smb_server/smb/receive.c b/source4/smb_server/smb/receive.c index 03631f8f0b..9a039095e6 100644 --- a/source4/smb_server/smb/receive.c +++ b/source4/smb_server/smb/receive.c @@ -407,19 +407,14 @@ NTSTATUS smbsrv_recv_smb_request(void *private_data, DATA_BLOB blob) req->in.data = req->in.vwv + VWV(req->in.wct) + 2; req->in.data_size = SVAL(req->in.vwv, VWV(req->in.wct)); - /* the bcc length is only 16 bits, but some packets - (such as SMBwriteX) can be much larger than 64k. We - detect this by looking for a large non-chained NBT - packet (at least 64k bigger than what is - specified). If it is detected then the NBT size is - used instead of the bcc size */ - if (req->in.data_size + 0x10000 <= - req->in.size - PTR_DIFF(req->in.data, req->in.buffer) && - ( message_flags(command) & LARGE_REQUEST) && - ( !(message_flags(command) & AND_X) || - (req->in.wct < 1 || SVAL(req->in.vwv, VWV(0)) == SMB_CHAIN_NONE) ) - ) { - /* its an oversized packet! fun for all the family */ + /* special handling for oversize calls. Windows seems + to take the maximum of the BCC value and the + computed buffer size. This handles oversized writeX + calls, and possibly oversized SMBtrans calls */ + if ((message_flags(command) & LARGE_REQUEST) && + ( !(message_flags(command) & AND_X) || + (req->in.wct < 1 || SVAL(req->in.vwv, VWV(0)) == SMB_CHAIN_NONE)) && + req->in.data_size < req->in.size - PTR_DIFF(req->in.data,req->in.buffer)) { req->in.data_size = req->in.size - PTR_DIFF(req->in.data,req->in.buffer); } } diff --git a/source4/smb_server/smb/reply.c b/source4/smb_server/smb/reply.c index 0433d3582f..104caca446 100644 --- a/source4/smb_server/smb/reply.c +++ b/source4/smb_server/smb/reply.c @@ -1063,7 +1063,7 @@ void smbsrv_reply_write_and_X(struct smbsrv_request *req) /* make sure the data is in bounds */ if (req_data_oob(&req->in.bufinfo, io->writex.in.data, io->writex.in.count)) { - smbsrv_send_error(req, NT_STATUS_FOOBAR); + smbsrv_send_error(req, NT_STATUS_DOS(ERRSRV, ERRerror)); return; } diff --git a/source4/smbd/process_standard.c b/source4/smbd/process_standard.c index 137e0a7ce0..730e185e5a 100644 --- a/source4/smbd/process_standard.c +++ b/source4/smbd/process_standard.c @@ -44,15 +44,31 @@ static int none_setproctitle(const char *fmt, ...) } #endif +/* we hold a pipe open in the parent, and the any child + processes wait for EOF on that pipe. This ensures that + children die when the parent dies */ +static int child_pipe[2]; + /* called when the process model is selected */ static void standard_model_init(struct tevent_context *ev) { + pipe(child_pipe); signal(SIGCHLD, SIG_IGN); } /* + handle EOF on the child pipe +*/ +static void standard_pipe_handler(struct tevent_context *event_ctx, struct tevent_fd *fde, + uint16_t flags, void *private_data) +{ + DEBUG(10,("Child %d exiting\n", (int)getpid())); + exit(0); +} + +/* called when a listening socket becomes readable. */ static void standard_accept_connection(struct tevent_context *ev, @@ -114,6 +130,10 @@ static void standard_accept_connection(struct tevent_context *ev, DEBUG(0,("standard_accept_connection: tdb_reopen_all failed.\n")); } + tevent_add_fd(ev2, ev2, child_pipe[0], TEVENT_FD_READ, + standard_pipe_handler, NULL); + close(child_pipe[1]); + /* Ensure that the forked children do not expose identical random streams */ set_need_random_reseed(); @@ -177,6 +197,10 @@ static void standard_new_task(struct tevent_context *ev, DEBUG(0,("standard_accept_connection: tdb_reopen_all failed.\n")); } + tevent_add_fd(ev2, ev2, child_pipe[0], TEVENT_FD_READ, + standard_pipe_handler, NULL); + close(child_pipe[1]); + /* Ensure that the forked children do not expose identical random streams */ set_need_random_reseed(); diff --git a/source4/smbd/server.c b/source4/smbd/server.c index 635e84fafe..bb2571e819 100644 --- a/source4/smbd/server.c +++ b/source4/smbd/server.c @@ -38,6 +38,8 @@ #include "param/secrets.h" #include "smbd/pidfile.h" #include "param/param.h" +#include "dsdb/samdb/samdb.h" +#include "auth/session.h" /* recursively delete a directory tree @@ -112,6 +114,7 @@ static void sig_term(int sig) kill(-getpgrp(), SIGTERM); } #endif + DEBUG(0,("Exiting pid %d on SIGTERM\n", (int)getpid())); exit(0); } @@ -157,6 +160,7 @@ static void server_stdin_handler(struct tevent_context *event_ctx, struct tevent DEBUG(0,("%s: EOF on stdin - terminating\n", binary_name)); #if HAVE_GETPGRP if (getpgrp() == getpid()) { + DEBUG(0,("Sending SIGTERM from pid %d\n", (int)getpid())); kill(-getpgrp(), SIGTERM); } #endif @@ -177,6 +181,18 @@ _NORETURN_ static void max_runtime_handler(struct tevent_context *ev, } /* + pre-open the sam ldb to ensure the schema has been loaded. This + saves a lot of time in child processes + */ +static void prime_samdb_schema(struct tevent_context *event_ctx) +{ + TALLOC_CTX *samdb_context; + samdb_context = talloc_new(event_ctx); + samdb_connect(samdb_context, event_ctx, cmdline_lp_ctx, system_session(samdb_context, cmdline_lp_ctx)); + talloc_free(samdb_context); +} + +/* main server. */ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[]) @@ -344,6 +360,8 @@ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[ discard_const(binary_name)); } + prime_samdb_schema(event_ctx); + DEBUG(0,("%s: using '%s' process model\n", binary_name, model)); status = server_service_startup(event_ctx, cmdline_lp_ctx, model, lp_server_services(cmdline_lp_ctx)); diff --git a/source4/torture/ldap/basic.c b/source4/torture/ldap/basic.c index 3ed0b481ea..c2a26f81b8 100644 --- a/source4/torture/ldap/basic.c +++ b/source4/torture/ldap/basic.c @@ -217,7 +217,7 @@ static bool test_error_codes(struct torture_context *tctx, WERROR err; NTSTATUS status; - printf("Testing error codes\n"); + printf("Testing error codes - to make this test pass against SAMBA 4 you have to specify the target!\n"); if (!basedn) { return false; @@ -257,7 +257,7 @@ static bool test_error_codes(struct torture_context *tctx, err = ad_error(rep->r.AddResponse.errormessage, &endptr); err_code_str = win_errstr(err); printf(" - Errorcode: %s; Reason: %s\n", err_code_str, endptr); - if (torture_setting_bool(tctx, "samba4", false)) { + if (!torture_setting_bool(tctx, "samba4", false)) { if ((!W_ERROR_EQUAL(err, WERR_DS_REFERRAL)) || (rep->r.AddResponse.resultcode != 10)) { return false; @@ -269,18 +269,6 @@ static bool test_error_codes(struct torture_context *tctx, } } - printf(" Try a wrong removal\n"); - - msg->type = LDAP_TAG_DelRequest; - msg->r.DelRequest.dn = ""; - - req = ldap_request_send(conn, msg); - if (!req) { - return false; - } - - status = ldap_result_one(req, &rep, LDAP_TAG_DelResponse); - printf(" Try a wrong modification\n"); msg->type = LDAP_TAG_ModifyRequest; @@ -310,7 +298,7 @@ static bool test_error_codes(struct torture_context *tctx, err = ad_error(rep->r.ModifyResponse.errormessage, &endptr); err_code_str = win_errstr(err); printf(" - Errorcode: %s; Reason: %s\n", err_code_str, endptr); - if (torture_setting_bool(tctx, "samba4", false)) { + if (!torture_setting_bool(tctx, "samba4", false)) { if ((!W_ERROR_EQUAL(err, WERR_INVALID_PARAM)) || (rep->r.ModifyResponse.resultcode != 53)) { return false; @@ -349,7 +337,7 @@ static bool test_error_codes(struct torture_context *tctx, err = ad_error(rep->r.DelResponse.errormessage, &endptr); err_code_str = win_errstr(err); printf(" - Errorcode: %s; Reason: %s\n", err_code_str, endptr); - if (torture_setting_bool(tctx, "samba4", false)) { + if (!torture_setting_bool(tctx, "samba4", false)) { if ((!W_ERROR_EQUAL(err, WERR_DS_OBJ_NOT_FOUND)) || (rep->r.DelResponse.resultcode != 32)) { return false; diff --git a/source4/torture/raw/rename.c b/source4/torture/raw/rename.c index e91c3b2319..15fed0e3d8 100644 --- a/source4/torture/raw/rename.c +++ b/source4/torture/raw/rename.c @@ -529,6 +529,7 @@ static bool test_dir_rename(struct torture_context *tctx, struct smbcli_state *c const char *dname1 = BASEDIR "\\dir_for_rename"; const char *dname2 = BASEDIR "\\renamed_dir"; const char *fname = BASEDIR "\\dir_for_rename\\file.txt"; + const char *sname = BASEDIR "\\dir_for_rename:a stream:$DATA"; bool ret = true; int fnum = -1; @@ -593,6 +594,55 @@ static bool test_dir_rename(struct torture_context *tctx, struct smbcli_state *c status = smb_raw_rename(cli->tree, &ren_io); CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); + /* Close the file and try the rename. */ + smbcli_close(cli->tree, fnum); + + status = smb_raw_rename(cli->tree, &ren_io); + CHECK_STATUS(status, NT_STATUS_OK); + + /* + * Now try just holding a second handle on the directory and holding + * it open across a rename. This should be allowed. + */ + io.ntcreatex.in.fname = dname2; + io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF; + + io.ntcreatex.in.access_mask = SEC_STD_READ_CONTROL | + SEC_FILE_READ_ATTRIBUTE | SEC_FILE_READ_EA | SEC_FILE_READ_DATA; + + status = smb_raw_open(cli->tree, tctx, &io); + CHECK_STATUS(status, NT_STATUS_OK); + fnum = io.ntcreatex.out.file.fnum; + + ren_io.generic.level = RAW_RENAME_RENAME; + ren_io.rename.in.pattern1 = dname2; + ren_io.rename.in.pattern2 = dname1; + ren_io.rename.in.attrib = 0; + + status = smb_raw_rename(cli->tree, &ren_io); + CHECK_STATUS(status, NT_STATUS_OK); + + /* close our handle to the directory. */ + smbcli_close(cli->tree, fnum); + + /* + * Now try opening a stream on the directory and holding it open + * across a rename. This should be allowed. + */ + io.ntcreatex.in.fname = sname; + + status = smb_raw_open(cli->tree, tctx, &io); + CHECK_STATUS(status, NT_STATUS_OK); + fnum = io.ntcreatex.out.file.fnum; + + ren_io.generic.level = RAW_RENAME_RENAME; + ren_io.rename.in.pattern1 = dname1; + ren_io.rename.in.pattern2 = dname2; + ren_io.rename.in.attrib = 0; + + status = smb_raw_rename(cli->tree, &ren_io); + CHECK_STATUS(status, NT_STATUS_OK); + done: if (fnum != -1) { diff --git a/source4/winbind/wb_init_domain.c b/source4/winbind/wb_init_domain.c index 676746681f..1f560c17ce 100644 --- a/source4/winbind/wb_init_domain.c +++ b/source4/winbind/wb_init_domain.c @@ -211,7 +211,7 @@ static void init_domain_recv_netlogonpipe(struct composite_context *ctx) if (!composite_is_ok(state->ctx)) { return; } - talloc_steal(state->domain->netlogon_pipe, state->domain->netlogon_binding); + talloc_reparent(state, state->domain->netlogon_pipe, state->domain->netlogon_binding); state->domain->lsa_binding = init_domain_binding(state, &ndr_table_lsarpc); @@ -286,7 +286,7 @@ static void init_domain_recv_lsa_pipe(struct composite_context *ctx) if (!composite_is_ok(state->ctx)) return; talloc_steal(state->domain->libnet_ctx, state->domain->libnet_ctx->lsa.pipe); - talloc_steal(state->domain->libnet_ctx->lsa.pipe, state->domain->lsa_binding); + talloc_reparent(state, state->domain->libnet_ctx->lsa.pipe, state->domain->lsa_binding); state->domain->libnet_ctx->lsa.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; state->domain->libnet_ctx->lsa.name = state->domain->info->name; @@ -399,7 +399,7 @@ static void init_domain_recv_samr(struct composite_context *ctx) &state->domain->libnet_ctx->samr.handle); if (!composite_is_ok(state->ctx)) return; - talloc_steal(state->domain->libnet_ctx->samr.pipe, state->domain->samr_binding); + talloc_reparent(state, state->domain->libnet_ctx->samr.pipe, state->domain->samr_binding); state->domain->libnet_ctx->samr.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; state->domain->libnet_ctx->samr.name = state->domain->info->name; state->domain->libnet_ctx->samr.sid = dom_sid_dup( |