From 8b904f4ecc7b6bd6558d40fda4184112bbb10366 Mon Sep 17 00:00:00 2001
From: Samba Release Account <samba-bugs@samba.org>
Date: Thu, 17 Jul 1997 20:11:58 +0000
Subject: Makefile: Added krb5 option from Nathan Neulinger  <nneul@umr.edu>
 includes.h:	Added krb5 option from Nathan Neulinger  <nneul@umr.edu>,
 added SGI5 fix. password.c: Added krb5 option from Nathan Neulinger 
 <nneul@umr.edu> quotas.c: Added inode quote fix. reply.c: removed redundent
 code. server.c: Changed error debug to 0, removed redundent check. util.c:
 Added close_low_fd() to become_daemon - fix for rsh from Johnathan Knight.
 Jeremy (jallison@whistle.com) (This used to be commit
 256afb764828b0a6dad5529d62501bc9ea2807ee)

---
 source3/include/includes.h |  6 ++++
 source3/lib/util.c         | 10 +++---
 source3/smbd/password.c    | 87 +++++++++++++++++++++++++++++++++++++++++++++-
 source3/smbd/quotas.c      |  2 +-
 source3/smbd/reply.c       |  7 ----
 source3/smbd/server.c      |  4 +--
 6 files changed, 101 insertions(+), 15 deletions(-)

diff --git a/source3/include/includes.h b/source3/include/includes.h
index a5adb35077..7dcff54286 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -348,6 +348,8 @@ char *getwd(char *);
 #ifdef SGI5
 #include <arpa/inet.h>
 #include <netinet/tcp.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
 #include <sys/statvfs.h>
 #include <string.h>
 #include <signal.h>
@@ -1059,6 +1061,10 @@ struct spwd { /* fake shadow password structure */
 #include <dce/sec_login.h>
 #endif
 
+#ifdef KRB5_AUTH
+#include <krb5.h>
+#endif
+
 #ifdef NO_UTIMBUF
 struct utimbuf {
   time_t actime;
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 9d6229dbf9..0d7c32be89 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -2527,7 +2527,7 @@ void become_daemon(void)
   /* detach from the terminal */
 #ifdef USE_SETSID
   setsid();
-#else
+#else /* USE_SETSID */
 #ifdef TIOCNOTTY
   {
     int i = open("/dev/tty", O_RDWR);
@@ -2537,9 +2537,11 @@ void become_daemon(void)
 	close(i);
       }
   }
-#endif
-#endif
-#endif
+#endif /* TIOCNOTTY */
+#endif /* USE_SETSID */
+  /* Close fd's 0,1,2. Needed if started by rsh */
+  close_low_fds();
+#endif /* NO_FORK_DEBUG */
 }
 
 
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 2ba09f5ad9..e00028d87e 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -585,6 +585,86 @@ void dfs_unlogin(void)
 
 #endif
 
+#ifdef KRB5_AUTH
+/*******************************************************************
+check on Kerberos authentication
+********************************************************************/
+static BOOL krb5_auth(char *this_user,char *password)
+{
+	krb5_data tgtname = {
+		0,
+		KRB5_TGS_NAME_SIZE,
+	 	KRB5_TGS_NAME
+ 	};
+	krb5_context kcontext;
+	krb5_principal kprinc;
+	krb5_principal server;
+	krb5_creds kcreds;
+	int options = 0;
+	krb5_address **addrs = (krb5_address **)0;
+	krb5_preauthtype *preauth = NULL;
+	krb5_keytab keytab = NULL;
+	krb5_timestamp now;
+	krb5_ccache ccache = NULL;
+	int retval;
+	char *name;
+
+	if ( retval=krb5_init_context(&kcontext))
+	{
+		return(False);
+	}
+
+	if ( retval = krb5_timeofday(kcontext, &now) )
+	{
+		return(False);
+	}
+
+	if ( retval = krb5_cc_default(kcontext, &ccache) )
+	{
+		return(False);
+	}
+	
+	if ( retval = krb5_parse_name(kcontext, this_user, &kprinc) )
+	{
+		return(False);
+	}
+
+	memset((char *)&kcreds, 0, sizeof(kcreds));
+
+	kcreds.client = kprinc;
+	
+	if ((retval = krb5_build_principal_ext(kcontext, &server,
+		krb5_princ_realm(kcontext, kprinc)->length,
+		krb5_princ_realm(kcontext, kprinc)->data,
+		tgtname.length,
+		tgtname.data,
+		krb5_princ_realm(kcontext, kprinc)->length,
+		krb5_princ_realm(kcontext, kprinc)->data,
+		0)))
+	{
+ 		return(False);
+	}
+
+	kcreds.server = server;
+
+	retval = krb5_get_in_tkt_with_password(kcontext,
+		options,
+		addrs,
+		NULL,
+		preauth,
+		password,
+		0,
+		&kcreds,
+		0);
+
+	if ( retval )
+	{
+		return(False);
+	}
+
+	return(True);
+}
+#endif /* KRB5_AUTH */
 
 #ifdef LINUX_BIGCRYPT
 /****************************************************************************
@@ -687,6 +767,10 @@ Hence we make a direct return to avoid a second chance!!!
   if (dfs_auth(this_user,password)) return(True);
 #endif 
 
+#ifdef KRB5_AUTH
+  if (krb5_auth(this_user,password)) return(True);
+#endif
+
 #ifdef PWDAUTH
   if (pwdauth(this_user,password) == 0)
     return(True);
@@ -1318,7 +1402,8 @@ static BOOL check_user_equiv(char *user, char *remote, char *equiv_file)
 	}
 	file_host = strtok(bp, " \t\n");
 	file_user = strtok(NULL, " \t\n");
-	DEBUG(7, ("check_user_equiv %s %s\n", file_host, file_user));
+	DEBUG(7, ("check_user_equiv %s %s\n", file_host ? file_host : "(null)", 
+                 file_user ? file_user : "(null)" ));
 	if (file_host && *file_host) 
 	{
 	  BOOL host_ok = False;
diff --git a/source3/smbd/quotas.c b/source3/smbd/quotas.c
index 262eea3100..8cbe46d9e1 100644
--- a/source3/smbd/quotas.c
+++ b/source3/smbd/quotas.c
@@ -437,7 +437,7 @@ BOOL disk_quotas(char *path, int *bsize, int *dfree, int *dsize)
   /* Use softlimit to determine disk space, except when it has been exceeded */
   if ((D.dqb_curblocks>D.dqb_bsoftlimit)
 #if !defined(__FreeBSD__)
-||(D.dqb_curfiles>D.dqb_fsoftlimit)
+||((D.dqb_curfiles>D.dqb_fsoftlimit) && (D.dqb_fsoftlimit != 0))
 #endif
     ) {
       *dfree = 0;
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 8f650cb994..315c7fbb51 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -1026,7 +1026,6 @@ int reply_open_and_X(char *inbuf,char *outbuf,int length,int bufsize)
   pstring fname;
   int cnum = SVAL(inbuf,smb_tid);
   int fnum = -1;
-  int openmode = 0;
   int smb_mode = SVAL(inbuf,smb_vwv3);
   int smb_attr = SVAL(inbuf,smb_vwv5);
   BOOL oplock_request = BITSETW(inbuf+smb_vwv2,1);
@@ -1050,12 +1049,6 @@ int reply_open_and_X(char *inbuf,char *outbuf,int length,int bufsize)
   strcpy(fname,smb_buf(inbuf));
   unix_convert(fname,cnum,0);
     
-  /* now add create and trunc bits */
-  if (smb_ofun & 0x10)
-    openmode |= O_CREAT;
-  if ((smb_ofun & 0x3) == 2)
-    openmode |= O_TRUNC;
-  
   fnum = find_free_file();
   if (fnum < 0)
     return(ERROR(ERRSRV,ERRnofids));
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 41f23ed02f..2969624215 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -1577,9 +1577,9 @@ void open_file_shared(int fnum,int cnum,char *fname,int share_mode,int ofun,
       int old_open_mode = old_shares[i].share_mode &0xF;
       int old_deny_mode = (old_shares[i].share_mode >>4)&7;
 
-      if (deny_mode > 4 || old_deny_mode > 4 || old_open_mode > 2) 
+      if (old_deny_mode > 4 || old_open_mode > 2) 
       {
-	DEBUG(2,("Invalid share mode (%d,%d,%d) on file %s\n",
+	DEBUG(0,("Invalid share mode found (%d,%d,%d) on file %s\n",
 		 deny_mode,old_deny_mode,old_open_mode,fname));
         free((char *)old_shares);
         if(share_locked)
-- 
cgit