diff options
-rw-r--r-- | source3/include/includes.h | 5 | ||||
-rw-r--r-- | source3/include/local.h | 12 | ||||
-rw-r--r-- | source3/include/proto.h | 2 | ||||
-rw-r--r-- | source3/lib/kanji.c | 36 | ||||
-rw-r--r-- | source3/lib/time.c | 11 | ||||
-rw-r--r-- | source3/lib/util.c | 4 | ||||
-rw-r--r-- | source3/param/loadparm.c | 4 | ||||
-rw-r--r-- | source3/printing/printing.c | 4 | ||||
-rw-r--r-- | source3/smbd/chgpasswd.c | 2 | ||||
-rw-r--r-- | source3/smbd/password.c | 61 | ||||
-rw-r--r-- | source3/smbd/reply.c | 2 | ||||
-rw-r--r-- | source3/smbd/server.c | 8 | ||||
-rw-r--r-- | source3/smbd/trans2.c | 13 |
13 files changed, 115 insertions, 49 deletions
diff --git a/source3/include/includes.h b/source3/include/includes.h index 218ce19955..f9c29fd41d 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -552,9 +552,12 @@ char *mktemp(char *); /* No standard include */ #include <sys/vfs.h> #include <sys/id.h> #include <sys/priv.h> +/* According to AIX 4.1 man pages, inet_ntoa needs the following headers */ +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> #include <netinet/tcp.h> #include <locale.h> -#include <arpa/inet.h> /* needed for inet_ntoa proto */ #define SYSV #define USE_WAITPID #define USE_SIGBLOCK diff --git a/source3/include/local.h b/source3/include/local.h index 0e2a927d2e..b2a8f5ec57 100644 --- a/source3/include/local.h +++ b/source3/include/local.h @@ -17,16 +17,6 @@ refer to the special "printers" service */ #define PRINTERS_NAME "printers" -/* this affects server level security. With this set (recommended) - samba will do a full NetWkstaUserLogon to confirm that the client - really should have login rights. This can cause problems with - machines in trust relationships in which case you can disable it - here, but be warned, we have heard that some NT machines will then - allow anyone in with any password! Make sure you test it. */ -#ifndef USE_NETWKSTAUSERLOGON -#define USE_NETWKSTAUSERLOGON 1 -#endif - /* define what facility to use for syslog */ #ifndef SYSLOG_FACILITY #define SYSLOG_FACILITY LOG_DAEMON @@ -37,7 +27,7 @@ MAX_CONNECTIONS services, but any number of machines may connect at one time. */ #define MAX_CONNECTIONS 127 -#define MAX_OPEN_FILES 100 +#define MAX_OPEN_FILES 10 /* Default size of shared memory used for share mode locking */ #ifndef SHMEM_SIZE diff --git a/source3/include/proto.h b/source3/include/proto.h index fd31db7e62..7f6321c869 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -279,6 +279,7 @@ BOOL lp_unix_realname(void); BOOL lp_nis_home_map(void); BOOL lp_time_server(void); BOOL lp_bind_interfaces_only(void); +BOOL lp_net_wksta_user_logon(void); int lp_os_level(void); int lp_max_ttl(void); int lp_max_wins_ttl(void); @@ -1340,6 +1341,7 @@ time_t make_unix_date2(void *date_ptr); time_t make_unix_date3(void *date_ptr); char *timestring(void ); time_t get_create_time(struct stat *st); +time_t get_access_time(struct stat *st); /*The following definitions come from trans2.c */ diff --git a/source3/lib/kanji.c b/source3/lib/kanji.c index 2027a344c2..d63798914e 100644 --- a/source3/lib/kanji.c +++ b/source3/lib/kanji.c @@ -693,7 +693,39 @@ static char *sj_to_hex(char *from, BOOL overwrite) } /******************************************************************* - kanji/kana -> ":xx" + CAP <-> SJIS +********************************************************************/ +/* ":xx" CAP -> a byte */ +static char *cap_to_sj(char *from, BOOL overwrite) +{ + char *sp, *dp; + + sp = (char *) from; + dp = cvtbuf; + while (*sp) { + /* + * The only change between this and hex_to_sj is here. sj_to_cap only + * translates characters greater or equal to 0x80 - make sure that here + * we only do the reverse (that's why the strchr is used rather than + * isxdigit. Based on fix from ado@elsie.nci.nih.gov (Arthur David Olson). + */ + if (*sp == hex_tag && (strchr ("89abcdefABCDEF", sp[1]) != NULL) && isxdigit (sp[2])) { + *dp++ = (hex2bin (sp[1])<<4) | (hex2bin (sp[2])); + sp += 3; + } else + *dp++ = *sp++; + } + *dp = '\0'; + if (overwrite) { + strcpy ((char *) from, (char *) cvtbuf); + return (char *) from; + } else { + return cvtbuf; + } +} + +/******************************************************************* + kanji/kana -> ":xx" - CAP format. ********************************************************************/ static char *sj_to_cap(char *from, BOOL overwrite) { @@ -778,7 +810,7 @@ static int setup_string_function(int codes) case CAP_CODE: _dos_to_unix = sj_to_cap; - _unix_to_dos = hex_to_sj; + _unix_to_dos = cap_to_sj; break; } return codes; diff --git a/source3/lib/time.c b/source3/lib/time.c index f60af60c7a..62a7016994 100644 --- a/source3/lib/time.c +++ b/source3/lib/time.c @@ -499,3 +499,14 @@ time_t get_create_time(struct stat *st) */ return ret; } + +/**************************************************************************** + return the 'access time' under UNIX from a stat structure. + This function exists to allow modifications to be done depending + on what we want to return. Just return the normal atime (for now). +****************************************************************************/ + +time_t get_access_time(struct stat *st) +{ + return st->st_atime; +} diff --git a/source3/lib/util.c b/source3/lib/util.c index 1b9ed00c31..1d65269f95 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -1990,6 +1990,10 @@ int write_socket(int fd,char *buf,int len) ret = write_data(fd,buf,len); DEBUG(6,("write_socket(%d,%d) wrote %d\n",fd,len,ret)); + if(ret <= 0) + DEBUG(0,("write_socket: Error writing %d bytes to socket %d: ERRNO = %s\n", + len, fd, strerror(errno) )); + return(ret); } diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index d2db90fd67..0e55bc4ac1 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -188,6 +188,7 @@ typedef struct BOOL bNISHomeMap; BOOL bTimeServer; BOOL bBindInterfacesOnly; + BOOL bNetWkstaUserLogon; } global; static global Globals; @@ -444,6 +445,7 @@ static struct parm_struct {"strip dot", P_BOOL, P_GLOBAL, &Globals.bStripDot, NULL, NULL}, {"interfaces", P_STRING, P_GLOBAL, &Globals.szInterfaces, NULL, NULL}, {"bind interfaces only", P_BOOL,P_GLOBAL, &Globals.bBindInterfacesOnly,NULL, NULL}, + {"networkstation user login", P_BOOL,P_GLOBAL, &Globals.bNetWkstaUserLogon,NULL, NULL}, {"password server", P_STRING, P_GLOBAL, &Globals.szPasswordServer, NULL, NULL}, {"socket options", P_GSTRING, P_GLOBAL, user_socket_options, NULL, NULL}, {"netbios name", P_UGSTRING,P_GLOBAL, myname, NULL, NULL}, @@ -720,6 +722,7 @@ static void init_globals(void) Globals.client_code_page = DEFAULT_CLIENT_CODE_PAGE; Globals.bTimeServer = False; Globals.bBindInterfacesOnly = False; + Globals.bNetWkstaUserLogon = True; /* these parameters are set to defaults that are more appropriate for the increasing samba install base: @@ -935,6 +938,7 @@ FN_GLOBAL_BOOL(lp_unix_realname,&Globals.bUnixRealname) FN_GLOBAL_BOOL(lp_nis_home_map,&Globals.bNISHomeMap) FN_GLOBAL_BOOL(lp_time_server,&Globals.bTimeServer) FN_GLOBAL_BOOL(lp_bind_interfaces_only,&Globals.bBindInterfacesOnly) +FN_GLOBAL_BOOL(lp_net_wksta_user_logon,&Globals.bNetWkstaUserLogon) FN_GLOBAL_INTEGER(lp_os_level,&Globals.os_level) FN_GLOBAL_INTEGER(lp_max_ttl,&Globals.max_ttl) diff --git a/source3/printing/printing.c b/source3/printing/printing.c index 71b89022e6..bf49a37203 100644 --- a/source3/printing/printing.c +++ b/source3/printing/printing.c @@ -486,7 +486,7 @@ static BOOL parse_lpq_aix(char *line,print_queue_struct *buf,BOOL first) /* we must get 6 tokens */ if (count < 10) { - if ((count == 7) && (strcmp(tok[0],"QUEUED") == 0)) + if ((count == 7) && ((strcmp(tok[0],"QUEUED") == 0) || (strcmp(tok[0],"HELD") == 0))) { /* the 2nd and 5th columns must be integer */ if (!isdigit(*tok[1]) || !isdigit(*tok[4])) return(False); @@ -508,7 +508,7 @@ static BOOL parse_lpq_aix(char *line,print_queue_struct *buf,BOOL first) buf->job = atoi(tok[1]); - buf->status = LPQ_QUEUED; + buf->status = strequal(tok[0],"HELD")?LPQ_PAUSED:LPQ_QUEUED; buf->priority = 0; buf->time = time(NULL); StrnCpy(buf->user,tok[3],sizeof(buf->user)-1); diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c index 80c7a43750..fb795e973e 100644 --- a/source3/smbd/chgpasswd.c +++ b/source3/smbd/chgpasswd.c @@ -437,7 +437,7 @@ BOOL check_lanman_password(char *user, unsigned char *pass1, /* Check that the two old passwords match. */ if(memcmp(smbpw->smb_passwd, unenc_old_pw, 16)) { - DEBUG(0,("check_lanman_password: old password doens't match.\n")); + DEBUG(0,("check_lanman_password: old password doesn't match.\n")); return False; } diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 0f8705d4be..607d01d2cf 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -514,9 +514,14 @@ static BOOL dfs_auth(char *this_user,char *password) * Assumes local passwd file is kept in sync w/ DCE RGY! */ - if (!strcmp((char *)crypt(password,this_salt),this_crypted) || - dcelogin_atmost_once) - return(False); + /* Fix for original (broken) code from Brett Wooldridge <brettw@austin.ibm.com> */ + if (dce_login_atmost_once) + return (False); + /* This can be ifdefed as the DCE check below is stricter... */ +#ifndef NO_CRYPT + if ( strcmp((char *)crypt(password,this_salt),this_crypted) ) + return (False); +#endif if (sec_login_setup_identity( (unsigned char *)this_user, @@ -1597,28 +1602,40 @@ BOOL server_validate(char *user, char *domain, return False; } + /* + * This patch from Rob Nielsen <ran@adc.com> makes doing + * the NetWksaUserLogon a dynamic, rather than compile-time + * parameter, defaulting to on. This is somewhat dangerous + * as it allows people to turn off this neccessary check, + * but so many people have had problems with this that I + * think it is a neccessary change. JRA. + */ + + if (lp_net_wksta_user_logon()) { + DEBUG(3,("trying NetWkstaUserLogon with password server %s\n", cli.desthost)); + if (!cli_NetWkstaUserLogon(&cli,user,local_machine)) { + DEBUG(1,("password server %s failed NetWkstaUserLogon\n", cli.desthost)); + cli_tdis(&cli); + return False; + } -#if USE_NETWKSTAUSERLOGON - if (!cli_NetWkstaUserLogon(&cli,user,local_machine)) { - DEBUG(1,("password server %s failed NetWkstaUserLogon\n", cli.desthost)); - cli_tdis(&cli); - return False; - } - - if (cli.privilages == 0) { - DEBUG(1,("password server %s gave guest privilages\n", cli.desthost)); - cli_tdis(&cli); - return False; - } + if (cli.privilages == 0) { + DEBUG(1,("password server %s gave guest privilages\n", cli.desthost)); + cli_tdis(&cli); + return False; + } - if (!strequal(cli.eff_name, user)) { - DEBUG(1,("password server %s gave different username %s\n", - cli.desthost, - cli.eff_name)); - cli_tdis(&cli); - return False; + if (!strequal(cli.eff_name, user)) { + DEBUG(1,("password server %s gave different username %s\n", + cli.desthost, + cli.eff_name)); + cli_tdis(&cli); + return False; + } } -#endif + else { + DEBUG(3,("skipping NetWkstaUserLogon with password server %s\n", cli.desthost)); + } DEBUG(3,("password server %s accepted the password\n", cli.desthost)); diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 4703dea475..db494d07db 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -3917,7 +3917,7 @@ int reply_getattrE(char *inbuf,char *outbuf) date to be last modify date as UNIX doesn't save this */ put_dos_date2(outbuf,smb_vwv0,get_create_time(&sbuf)); - put_dos_date2(outbuf,smb_vwv2,sbuf.st_atime); + put_dos_date2(outbuf,smb_vwv2,get_access_time(&sbuf)); put_dos_date2(outbuf,smb_vwv4,sbuf.st_mtime); if (mode & aDIR) { diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 3a12513454..94360a4c37 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -1637,13 +1637,15 @@ BOOL check_file_sharing(int cnum,char *fname, BOOL rename_op) { DEBUG(0,("check_file_sharing: NT redirector workaround - rename attempted on \ batch oplocked file %s, dev = %x, inode = %x\n", fname, dev, inode)); -#if 0 /* * This next line is a test that allows the deny-mode - * processing to be skipped. JRA. + * processing to be skipped. This seems to be needed as + * NT insists on the rename succeeding (in Office 9x no less !). + * This should be removed as soon as (a) MS fix the redirector + * bug or (b) NT SMB support in Samba makes NT not issue the + * call (as is my fervent hope). JRA. */ continue; -#endif } else { diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index a9e15f65c4..825dd0a25e 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -375,7 +375,7 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l size = sbuf.st_size; mdate = sbuf.st_mtime; - adate = sbuf.st_atime; + adate = get_access_time(&sbuf); cdate = get_create_time(&sbuf); if(mode & aDIR) size = 0; @@ -1129,7 +1129,7 @@ static int call_trans2qfilepathinfo(char *inbuf, char *outbuf, int length, case SMB_INFO_QUERY_EA_SIZE: data_size = (info_level==1?22:26); put_dos_date2(pdata,l1_fdateCreation,get_create_time(&sbuf)); - put_dos_date2(pdata,l1_fdateLastAccess,sbuf.st_atime); /* access time */ + put_dos_date2(pdata,l1_fdateLastAccess,get_access_time(&sbuf)); put_dos_date2(pdata,l1_fdateLastWrite,sbuf.st_mtime); /* write time */ SIVAL(pdata,l1_cbFile,size); SIVAL(pdata,l1_cbFileAlloc,ROUNDUP(size,1024)); @@ -1140,7 +1140,7 @@ static int call_trans2qfilepathinfo(char *inbuf, char *outbuf, int length, case SMB_INFO_QUERY_EAS_FROM_LIST: data_size = 24; put_dos_date2(pdata,0,get_create_time(&sbuf)); - put_dos_date2(pdata,4,sbuf.st_atime); + put_dos_date2(pdata,4,get_access_time(&sbuf)); put_dos_date2(pdata,8,sbuf.st_mtime); SIVAL(pdata,12,size); SIVAL(pdata,16,ROUNDUP(size,1024)); @@ -1158,7 +1158,7 @@ static int call_trans2qfilepathinfo(char *inbuf, char *outbuf, int length, case SMB_QUERY_FILE_BASIC_INFO: data_size = 36; /* w95 returns 40 bytes not 36 - why ?. */ put_long_date(pdata,get_create_time(&sbuf)); - put_long_date(pdata+8,sbuf.st_atime); /* access time */ + put_long_date(pdata+8,get_access_time(&sbuf)); put_long_date(pdata+16,sbuf.st_mtime); /* write time */ put_long_date(pdata+24,sbuf.st_mtime); /* change time */ SIVAL(pdata,32,mode); @@ -1167,8 +1167,9 @@ static int call_trans2qfilepathinfo(char *inbuf, char *outbuf, int length, { time_t create_time = get_create_time(&sbuf); DEBUG(5,("create: %s ", ctime(&create_time))); + create_time = get_access_time(&sbuf); + DEBUG(5,("access: %s ", ctime(&create_time))); } - DEBUG(5,("access: %s ", ctime(&sbuf.st_atime))); DEBUG(5,("write: %s ", ctime(&sbuf.st_mtime))); DEBUG(5,("change: %s ", ctime(&sbuf.st_mtime))); DEBUG(5,("mode: %x\n", mode)); @@ -1222,7 +1223,7 @@ static int call_trans2qfilepathinfo(char *inbuf, char *outbuf, int length, case SMB_QUERY_FILE_ALL_INFO: put_long_date(pdata,get_create_time(&sbuf)); - put_long_date(pdata+8,sbuf.st_atime); /* access time */ + put_long_date(pdata+8,get_access_time(&sbuf)); put_long_date(pdata+16,sbuf.st_mtime); /* write time */ put_long_date(pdata+24,sbuf.st_mtime); /* change time */ SIVAL(pdata,32,mode); |