summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/includes.h5
-rw-r--r--source3/include/local.h12
-rw-r--r--source3/include/proto.h2
-rw-r--r--source3/lib/kanji.c36
-rw-r--r--source3/lib/time.c11
-rw-r--r--source3/lib/util.c4
-rw-r--r--source3/param/loadparm.c4
-rw-r--r--source3/printing/printing.c4
-rw-r--r--source3/smbd/chgpasswd.c2
-rw-r--r--source3/smbd/password.c61
-rw-r--r--source3/smbd/reply.c2
-rw-r--r--source3/smbd/server.c8
-rw-r--r--source3/smbd/trans2.c13
13 files changed, 115 insertions, 49 deletions
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 218ce19955..f9c29fd41d 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -552,9 +552,12 @@ char *mktemp(char *); /* No standard include */
#include <sys/vfs.h>
#include <sys/id.h>
#include <sys/priv.h>
+/* According to AIX 4.1 man pages, inet_ntoa needs the following headers */
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
#include <netinet/tcp.h>
#include <locale.h>
-#include <arpa/inet.h> /* needed for inet_ntoa proto */
#define SYSV
#define USE_WAITPID
#define USE_SIGBLOCK
diff --git a/source3/include/local.h b/source3/include/local.h
index 0e2a927d2e..b2a8f5ec57 100644
--- a/source3/include/local.h
+++ b/source3/include/local.h
@@ -17,16 +17,6 @@
refer to the special "printers" service */
#define PRINTERS_NAME "printers"
-/* this affects server level security. With this set (recommended)
- samba will do a full NetWkstaUserLogon to confirm that the client
- really should have login rights. This can cause problems with
- machines in trust relationships in which case you can disable it
- here, but be warned, we have heard that some NT machines will then
- allow anyone in with any password! Make sure you test it. */
-#ifndef USE_NETWKSTAUSERLOGON
-#define USE_NETWKSTAUSERLOGON 1
-#endif
-
/* define what facility to use for syslog */
#ifndef SYSLOG_FACILITY
#define SYSLOG_FACILITY LOG_DAEMON
@@ -37,7 +27,7 @@
MAX_CONNECTIONS services, but any number of machines may connect at
one time. */
#define MAX_CONNECTIONS 127
-#define MAX_OPEN_FILES 100
+#define MAX_OPEN_FILES 10
/* Default size of shared memory used for share mode locking */
#ifndef SHMEM_SIZE
diff --git a/source3/include/proto.h b/source3/include/proto.h
index fd31db7e62..7f6321c869 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -279,6 +279,7 @@ BOOL lp_unix_realname(void);
BOOL lp_nis_home_map(void);
BOOL lp_time_server(void);
BOOL lp_bind_interfaces_only(void);
+BOOL lp_net_wksta_user_logon(void);
int lp_os_level(void);
int lp_max_ttl(void);
int lp_max_wins_ttl(void);
@@ -1340,6 +1341,7 @@ time_t make_unix_date2(void *date_ptr);
time_t make_unix_date3(void *date_ptr);
char *timestring(void );
time_t get_create_time(struct stat *st);
+time_t get_access_time(struct stat *st);
/*The following definitions come from trans2.c */
diff --git a/source3/lib/kanji.c b/source3/lib/kanji.c
index 2027a344c2..d63798914e 100644
--- a/source3/lib/kanji.c
+++ b/source3/lib/kanji.c
@@ -693,7 +693,39 @@ static char *sj_to_hex(char *from, BOOL overwrite)
}
/*******************************************************************
- kanji/kana -> ":xx"
+ CAP <-> SJIS
+********************************************************************/
+/* ":xx" CAP -> a byte */
+static char *cap_to_sj(char *from, BOOL overwrite)
+{
+ char *sp, *dp;
+
+ sp = (char *) from;
+ dp = cvtbuf;
+ while (*sp) {
+ /*
+ * The only change between this and hex_to_sj is here. sj_to_cap only
+ * translates characters greater or equal to 0x80 - make sure that here
+ * we only do the reverse (that's why the strchr is used rather than
+ * isxdigit. Based on fix from ado@elsie.nci.nih.gov (Arthur David Olson).
+ */
+ if (*sp == hex_tag && (strchr ("89abcdefABCDEF", sp[1]) != NULL) && isxdigit (sp[2])) {
+ *dp++ = (hex2bin (sp[1])<<4) | (hex2bin (sp[2]));
+ sp += 3;
+ } else
+ *dp++ = *sp++;
+ }
+ *dp = '\0';
+ if (overwrite) {
+ strcpy ((char *) from, (char *) cvtbuf);
+ return (char *) from;
+ } else {
+ return cvtbuf;
+ }
+}
+
+/*******************************************************************
+ kanji/kana -> ":xx" - CAP format.
********************************************************************/
static char *sj_to_cap(char *from, BOOL overwrite)
{
@@ -778,7 +810,7 @@ static int setup_string_function(int codes)
case CAP_CODE:
_dos_to_unix = sj_to_cap;
- _unix_to_dos = hex_to_sj;
+ _unix_to_dos = cap_to_sj;
break;
}
return codes;
diff --git a/source3/lib/time.c b/source3/lib/time.c
index f60af60c7a..62a7016994 100644
--- a/source3/lib/time.c
+++ b/source3/lib/time.c
@@ -499,3 +499,14 @@ time_t get_create_time(struct stat *st)
*/
return ret;
}
+
+/****************************************************************************
+ return the 'access time' under UNIX from a stat structure.
+ This function exists to allow modifications to be done depending
+ on what we want to return. Just return the normal atime (for now).
+****************************************************************************/
+
+time_t get_access_time(struct stat *st)
+{
+ return st->st_atime;
+}
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 1b9ed00c31..1d65269f95 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -1990,6 +1990,10 @@ int write_socket(int fd,char *buf,int len)
ret = write_data(fd,buf,len);
DEBUG(6,("write_socket(%d,%d) wrote %d\n",fd,len,ret));
+ if(ret <= 0)
+ DEBUG(0,("write_socket: Error writing %d bytes to socket %d: ERRNO = %s\n",
+ len, fd, strerror(errno) ));
+
return(ret);
}
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index d2db90fd67..0e55bc4ac1 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -188,6 +188,7 @@ typedef struct
BOOL bNISHomeMap;
BOOL bTimeServer;
BOOL bBindInterfacesOnly;
+ BOOL bNetWkstaUserLogon;
} global;
static global Globals;
@@ -444,6 +445,7 @@ static struct parm_struct
{"strip dot", P_BOOL, P_GLOBAL, &Globals.bStripDot, NULL, NULL},
{"interfaces", P_STRING, P_GLOBAL, &Globals.szInterfaces, NULL, NULL},
{"bind interfaces only", P_BOOL,P_GLOBAL, &Globals.bBindInterfacesOnly,NULL, NULL},
+ {"networkstation user login", P_BOOL,P_GLOBAL, &Globals.bNetWkstaUserLogon,NULL, NULL},
{"password server", P_STRING, P_GLOBAL, &Globals.szPasswordServer, NULL, NULL},
{"socket options", P_GSTRING, P_GLOBAL, user_socket_options, NULL, NULL},
{"netbios name", P_UGSTRING,P_GLOBAL, myname, NULL, NULL},
@@ -720,6 +722,7 @@ static void init_globals(void)
Globals.client_code_page = DEFAULT_CLIENT_CODE_PAGE;
Globals.bTimeServer = False;
Globals.bBindInterfacesOnly = False;
+ Globals.bNetWkstaUserLogon = True;
/* these parameters are set to defaults that are more appropriate
for the increasing samba install base:
@@ -935,6 +938,7 @@ FN_GLOBAL_BOOL(lp_unix_realname,&Globals.bUnixRealname)
FN_GLOBAL_BOOL(lp_nis_home_map,&Globals.bNISHomeMap)
FN_GLOBAL_BOOL(lp_time_server,&Globals.bTimeServer)
FN_GLOBAL_BOOL(lp_bind_interfaces_only,&Globals.bBindInterfacesOnly)
+FN_GLOBAL_BOOL(lp_net_wksta_user_logon,&Globals.bNetWkstaUserLogon)
FN_GLOBAL_INTEGER(lp_os_level,&Globals.os_level)
FN_GLOBAL_INTEGER(lp_max_ttl,&Globals.max_ttl)
diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index 71b89022e6..bf49a37203 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -486,7 +486,7 @@ static BOOL parse_lpq_aix(char *line,print_queue_struct *buf,BOOL first)
/* we must get 6 tokens */
if (count < 10)
{
- if ((count == 7) && (strcmp(tok[0],"QUEUED") == 0))
+ if ((count == 7) && ((strcmp(tok[0],"QUEUED") == 0) || (strcmp(tok[0],"HELD") == 0)))
{
/* the 2nd and 5th columns must be integer */
if (!isdigit(*tok[1]) || !isdigit(*tok[4])) return(False);
@@ -508,7 +508,7 @@ static BOOL parse_lpq_aix(char *line,print_queue_struct *buf,BOOL first)
buf->job = atoi(tok[1]);
- buf->status = LPQ_QUEUED;
+ buf->status = strequal(tok[0],"HELD")?LPQ_PAUSED:LPQ_QUEUED;
buf->priority = 0;
buf->time = time(NULL);
StrnCpy(buf->user,tok[3],sizeof(buf->user)-1);
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index 80c7a43750..fb795e973e 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -437,7 +437,7 @@ BOOL check_lanman_password(char *user, unsigned char *pass1,
/* Check that the two old passwords match. */
if(memcmp(smbpw->smb_passwd, unenc_old_pw, 16))
{
- DEBUG(0,("check_lanman_password: old password doens't match.\n"));
+ DEBUG(0,("check_lanman_password: old password doesn't match.\n"));
return False;
}
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 0f8705d4be..607d01d2cf 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -514,9 +514,14 @@ static BOOL dfs_auth(char *this_user,char *password)
* Assumes local passwd file is kept in sync w/ DCE RGY!
*/
- if (!strcmp((char *)crypt(password,this_salt),this_crypted) ||
- dcelogin_atmost_once)
- return(False);
+ /* Fix for original (broken) code from Brett Wooldridge <brettw@austin.ibm.com> */
+ if (dce_login_atmost_once)
+ return (False);
+ /* This can be ifdefed as the DCE check below is stricter... */
+#ifndef NO_CRYPT
+ if ( strcmp((char *)crypt(password,this_salt),this_crypted) )
+ return (False);
+#endif
if (sec_login_setup_identity(
(unsigned char *)this_user,
@@ -1597,28 +1602,40 @@ BOOL server_validate(char *user, char *domain,
return False;
}
+ /*
+ * This patch from Rob Nielsen <ran@adc.com> makes doing
+ * the NetWksaUserLogon a dynamic, rather than compile-time
+ * parameter, defaulting to on. This is somewhat dangerous
+ * as it allows people to turn off this neccessary check,
+ * but so many people have had problems with this that I
+ * think it is a neccessary change. JRA.
+ */
+
+ if (lp_net_wksta_user_logon()) {
+ DEBUG(3,("trying NetWkstaUserLogon with password server %s\n", cli.desthost));
+ if (!cli_NetWkstaUserLogon(&cli,user,local_machine)) {
+ DEBUG(1,("password server %s failed NetWkstaUserLogon\n", cli.desthost));
+ cli_tdis(&cli);
+ return False;
+ }
-#if USE_NETWKSTAUSERLOGON
- if (!cli_NetWkstaUserLogon(&cli,user,local_machine)) {
- DEBUG(1,("password server %s failed NetWkstaUserLogon\n", cli.desthost));
- cli_tdis(&cli);
- return False;
- }
-
- if (cli.privilages == 0) {
- DEBUG(1,("password server %s gave guest privilages\n", cli.desthost));
- cli_tdis(&cli);
- return False;
- }
+ if (cli.privilages == 0) {
+ DEBUG(1,("password server %s gave guest privilages\n", cli.desthost));
+ cli_tdis(&cli);
+ return False;
+ }
- if (!strequal(cli.eff_name, user)) {
- DEBUG(1,("password server %s gave different username %s\n",
- cli.desthost,
- cli.eff_name));
- cli_tdis(&cli);
- return False;
+ if (!strequal(cli.eff_name, user)) {
+ DEBUG(1,("password server %s gave different username %s\n",
+ cli.desthost,
+ cli.eff_name));
+ cli_tdis(&cli);
+ return False;
+ }
}
-#endif
+ else {
+ DEBUG(3,("skipping NetWkstaUserLogon with password server %s\n", cli.desthost));
+ }
DEBUG(3,("password server %s accepted the password\n", cli.desthost));
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 4703dea475..db494d07db 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -3917,7 +3917,7 @@ int reply_getattrE(char *inbuf,char *outbuf)
date to be last modify date as UNIX doesn't save
this */
put_dos_date2(outbuf,smb_vwv0,get_create_time(&sbuf));
- put_dos_date2(outbuf,smb_vwv2,sbuf.st_atime);
+ put_dos_date2(outbuf,smb_vwv2,get_access_time(&sbuf));
put_dos_date2(outbuf,smb_vwv4,sbuf.st_mtime);
if (mode & aDIR)
{
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 3a12513454..94360a4c37 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -1637,13 +1637,15 @@ BOOL check_file_sharing(int cnum,char *fname, BOOL rename_op)
{
DEBUG(0,("check_file_sharing: NT redirector workaround - rename attempted on \
batch oplocked file %s, dev = %x, inode = %x\n", fname, dev, inode));
-#if 0
/*
* This next line is a test that allows the deny-mode
- * processing to be skipped. JRA.
+ * processing to be skipped. This seems to be needed as
+ * NT insists on the rename succeeding (in Office 9x no less !).
+ * This should be removed as soon as (a) MS fix the redirector
+ * bug or (b) NT SMB support in Samba makes NT not issue the
+ * call (as is my fervent hope). JRA.
*/
continue;
-#endif
}
else
{
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index a9e15f65c4..825dd0a25e 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -375,7 +375,7 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l
size = sbuf.st_size;
mdate = sbuf.st_mtime;
- adate = sbuf.st_atime;
+ adate = get_access_time(&sbuf);
cdate = get_create_time(&sbuf);
if(mode & aDIR)
size = 0;
@@ -1129,7 +1129,7 @@ static int call_trans2qfilepathinfo(char *inbuf, char *outbuf, int length,
case SMB_INFO_QUERY_EA_SIZE:
data_size = (info_level==1?22:26);
put_dos_date2(pdata,l1_fdateCreation,get_create_time(&sbuf));
- put_dos_date2(pdata,l1_fdateLastAccess,sbuf.st_atime); /* access time */
+ put_dos_date2(pdata,l1_fdateLastAccess,get_access_time(&sbuf));
put_dos_date2(pdata,l1_fdateLastWrite,sbuf.st_mtime); /* write time */
SIVAL(pdata,l1_cbFile,size);
SIVAL(pdata,l1_cbFileAlloc,ROUNDUP(size,1024));
@@ -1140,7 +1140,7 @@ static int call_trans2qfilepathinfo(char *inbuf, char *outbuf, int length,
case SMB_INFO_QUERY_EAS_FROM_LIST:
data_size = 24;
put_dos_date2(pdata,0,get_create_time(&sbuf));
- put_dos_date2(pdata,4,sbuf.st_atime);
+ put_dos_date2(pdata,4,get_access_time(&sbuf));
put_dos_date2(pdata,8,sbuf.st_mtime);
SIVAL(pdata,12,size);
SIVAL(pdata,16,ROUNDUP(size,1024));
@@ -1158,7 +1158,7 @@ static int call_trans2qfilepathinfo(char *inbuf, char *outbuf, int length,
case SMB_QUERY_FILE_BASIC_INFO:
data_size = 36; /* w95 returns 40 bytes not 36 - why ?. */
put_long_date(pdata,get_create_time(&sbuf));
- put_long_date(pdata+8,sbuf.st_atime); /* access time */
+ put_long_date(pdata+8,get_access_time(&sbuf));
put_long_date(pdata+16,sbuf.st_mtime); /* write time */
put_long_date(pdata+24,sbuf.st_mtime); /* change time */
SIVAL(pdata,32,mode);
@@ -1167,8 +1167,9 @@ static int call_trans2qfilepathinfo(char *inbuf, char *outbuf, int length,
{
time_t create_time = get_create_time(&sbuf);
DEBUG(5,("create: %s ", ctime(&create_time)));
+ create_time = get_access_time(&sbuf);
+ DEBUG(5,("access: %s ", ctime(&create_time)));
}
- DEBUG(5,("access: %s ", ctime(&sbuf.st_atime)));
DEBUG(5,("write: %s ", ctime(&sbuf.st_mtime)));
DEBUG(5,("change: %s ", ctime(&sbuf.st_mtime)));
DEBUG(5,("mode: %x\n", mode));
@@ -1222,7 +1223,7 @@ static int call_trans2qfilepathinfo(char *inbuf, char *outbuf, int length,
case SMB_QUERY_FILE_ALL_INFO:
put_long_date(pdata,get_create_time(&sbuf));
- put_long_date(pdata+8,sbuf.st_atime); /* access time */
+ put_long_date(pdata+8,get_access_time(&sbuf));
put_long_date(pdata+16,sbuf.st_mtime); /* write time */
put_long_date(pdata+24,sbuf.st_mtime); /* change time */
SIVAL(pdata,32,mode);