diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/include/includes.h | 6 | ||||
-rw-r--r-- | source3/lib/util.c | 10 | ||||
-rw-r--r-- | source3/smbd/password.c | 87 | ||||
-rw-r--r-- | source3/smbd/quotas.c | 2 | ||||
-rw-r--r-- | source3/smbd/reply.c | 7 | ||||
-rw-r--r-- | source3/smbd/server.c | 4 |
6 files changed, 101 insertions, 15 deletions
diff --git a/source3/include/includes.h b/source3/include/includes.h index a5adb35077..7dcff54286 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -348,6 +348,8 @@ char *getwd(char *); #ifdef SGI5 #include <arpa/inet.h> #include <netinet/tcp.h> +#include <netinet/in_systm.h> +#include <netinet/ip.h> #include <sys/statvfs.h> #include <string.h> #include <signal.h> @@ -1059,6 +1061,10 @@ struct spwd { /* fake shadow password structure */ #include <dce/sec_login.h> #endif +#ifdef KRB5_AUTH +#include <krb5.h> +#endif + #ifdef NO_UTIMBUF struct utimbuf { time_t actime; diff --git a/source3/lib/util.c b/source3/lib/util.c index 9d6229dbf9..0d7c32be89 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -2527,7 +2527,7 @@ void become_daemon(void) /* detach from the terminal */ #ifdef USE_SETSID setsid(); -#else +#else /* USE_SETSID */ #ifdef TIOCNOTTY { int i = open("/dev/tty", O_RDWR); @@ -2537,9 +2537,11 @@ void become_daemon(void) close(i); } } -#endif -#endif -#endif +#endif /* TIOCNOTTY */ +#endif /* USE_SETSID */ + /* Close fd's 0,1,2. Needed if started by rsh */ + close_low_fds(); +#endif /* NO_FORK_DEBUG */ } diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 2ba09f5ad9..e00028d87e 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -585,6 +585,86 @@ void dfs_unlogin(void) #endif +#ifdef KRB5_AUTH +/******************************************************************* +check on Kerberos authentication +********************************************************************/ +static BOOL krb5_auth(char *this_user,char *password) +{ + krb5_data tgtname = { + 0, + KRB5_TGS_NAME_SIZE, + KRB5_TGS_NAME + }; + krb5_context kcontext; + krb5_principal kprinc; + krb5_principal server; + krb5_creds kcreds; + int options = 0; + krb5_address **addrs = (krb5_address **)0; + krb5_preauthtype *preauth = NULL; + krb5_keytab keytab = NULL; + krb5_timestamp now; + krb5_ccache ccache = NULL; + int retval; + char *name; + + if ( retval=krb5_init_context(&kcontext)) + { + return(False); + } + + if ( retval = krb5_timeofday(kcontext, &now) ) + { + return(False); + } + + if ( retval = krb5_cc_default(kcontext, &ccache) ) + { + return(False); + } + + if ( retval = krb5_parse_name(kcontext, this_user, &kprinc) ) + { + return(False); + } + + memset((char *)&kcreds, 0, sizeof(kcreds)); + + kcreds.client = kprinc; + + if ((retval = krb5_build_principal_ext(kcontext, &server, + krb5_princ_realm(kcontext, kprinc)->length, + krb5_princ_realm(kcontext, kprinc)->data, + tgtname.length, + tgtname.data, + krb5_princ_realm(kcontext, kprinc)->length, + krb5_princ_realm(kcontext, kprinc)->data, + 0))) + { + return(False); + } + + kcreds.server = server; + + retval = krb5_get_in_tkt_with_password(kcontext, + options, + addrs, + NULL, + preauth, + password, + 0, + &kcreds, + 0); + + if ( retval ) + { + return(False); + } + + return(True); +} +#endif /* KRB5_AUTH */ #ifdef LINUX_BIGCRYPT /**************************************************************************** @@ -687,6 +767,10 @@ Hence we make a direct return to avoid a second chance!!! if (dfs_auth(this_user,password)) return(True); #endif +#ifdef KRB5_AUTH + if (krb5_auth(this_user,password)) return(True); +#endif + #ifdef PWDAUTH if (pwdauth(this_user,password) == 0) return(True); @@ -1318,7 +1402,8 @@ static BOOL check_user_equiv(char *user, char *remote, char *equiv_file) } file_host = strtok(bp, " \t\n"); file_user = strtok(NULL, " \t\n"); - DEBUG(7, ("check_user_equiv %s %s\n", file_host, file_user)); + DEBUG(7, ("check_user_equiv %s %s\n", file_host ? file_host : "(null)", + file_user ? file_user : "(null)" )); if (file_host && *file_host) { BOOL host_ok = False; diff --git a/source3/smbd/quotas.c b/source3/smbd/quotas.c index 262eea3100..8cbe46d9e1 100644 --- a/source3/smbd/quotas.c +++ b/source3/smbd/quotas.c @@ -437,7 +437,7 @@ BOOL disk_quotas(char *path, int *bsize, int *dfree, int *dsize) /* Use softlimit to determine disk space, except when it has been exceeded */ if ((D.dqb_curblocks>D.dqb_bsoftlimit) #if !defined(__FreeBSD__) -||(D.dqb_curfiles>D.dqb_fsoftlimit) +||((D.dqb_curfiles>D.dqb_fsoftlimit) && (D.dqb_fsoftlimit != 0)) #endif ) { *dfree = 0; diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 8f650cb994..315c7fbb51 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -1026,7 +1026,6 @@ int reply_open_and_X(char *inbuf,char *outbuf,int length,int bufsize) pstring fname; int cnum = SVAL(inbuf,smb_tid); int fnum = -1; - int openmode = 0; int smb_mode = SVAL(inbuf,smb_vwv3); int smb_attr = SVAL(inbuf,smb_vwv5); BOOL oplock_request = BITSETW(inbuf+smb_vwv2,1); @@ -1050,12 +1049,6 @@ int reply_open_and_X(char *inbuf,char *outbuf,int length,int bufsize) strcpy(fname,smb_buf(inbuf)); unix_convert(fname,cnum,0); - /* now add create and trunc bits */ - if (smb_ofun & 0x10) - openmode |= O_CREAT; - if ((smb_ofun & 0x3) == 2) - openmode |= O_TRUNC; - fnum = find_free_file(); if (fnum < 0) return(ERROR(ERRSRV,ERRnofids)); diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 41f23ed02f..2969624215 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -1577,9 +1577,9 @@ void open_file_shared(int fnum,int cnum,char *fname,int share_mode,int ofun, int old_open_mode = old_shares[i].share_mode &0xF; int old_deny_mode = (old_shares[i].share_mode >>4)&7; - if (deny_mode > 4 || old_deny_mode > 4 || old_open_mode > 2) + if (old_deny_mode > 4 || old_open_mode > 2) { - DEBUG(2,("Invalid share mode (%d,%d,%d) on file %s\n", + DEBUG(0,("Invalid share mode found (%d,%d,%d) on file %s\n", deny_mode,old_deny_mode,old_open_mode,fname)); free((char *)old_shares); if(share_locked) |