From d9804ae3cc2c435f9983ca47f6f1b6b96e5c03ca Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 15 Apr 2009 15:40:00 -0700 Subject: Fix bug #6089 - Winbind samr_OpenDomain not possible with Samba 3.2.6+ What a difference a name makes... :-). Just because something is missnamed SAMR_ACCESS_OPEN_DOMAIN, when it should actually be SAMR_ACCESS_LOOKUP_DOMAIN, don't automatically use it for a security check in _samr_OpenDomain(). Jeremy. --- source3/utils/net_rpc.c | 2 +- source3/utils/net_rpc_join.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils') diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 21881ba6a9..ed7b2f043e 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -6102,7 +6102,7 @@ static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv) /* SamrConnect2 */ nt_status = rpccli_samr_Connect2(pipe_hnd, mem_ctx, pipe_hnd->desthost, - SAMR_ACCESS_OPEN_DOMAIN, + SAMR_ACCESS_LOOKUP_DOMAIN, &connect_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n", diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index 7f3515ce75..1fec140124 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -244,7 +244,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv) CHECK_RPC_ERR(rpccli_samr_Connect2(pipe_hnd, mem_ctx, pipe_hnd->desthost, SAMR_ACCESS_ENUM_DOMAINS - | SAMR_ACCESS_OPEN_DOMAIN, + | SAMR_ACCESS_LOOKUP_DOMAIN, &sam_pol), "could not connect to SAM database"); -- cgit From 448b434a862da0ca621c3b695dc800e9ec5e8fcf Mon Sep 17 00:00:00 2001 From: Martin Schwenke Date: Thu, 16 Apr 2009 10:25:29 +1000 Subject: In net_conf_import, start a transaction when importing a single share. Commit d69c3db9d44ad5d9fd1f5d7a9499f3bd79ecfb47 caused the transaction start to be conditional but the commit is still unconditional, so an error occurs when importing a single share. An alternate fix would be to return the transaction start to be unconditional but then it would occur before other error checking. Signed-off-by: Martin Schwenke Signed-off-by: Michael Adam --- source3/utils/net_conf.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source3/utils') diff --git a/source3/utils/net_conf.c b/source3/utils/net_conf.c index 3fa547baf4..663c5925c7 100644 --- a/source3/utils/net_conf.c +++ b/source3/utils/net_conf.c @@ -340,6 +340,14 @@ static int net_conf_import(struct net_context *c, struct smbconf_ctx *conf_ctx, if (!W_ERROR_IS_OK(werr)) { goto cancel; } + + werr = smbconf_transaction_start(conf_ctx); + if (!W_ERROR_IS_OK(werr)) { + d_printf("error starting transaction: %s\n", + win_errstr(werr)); + goto done; + } + werr = import_process_service(c, conf_ctx, service); if (!W_ERROR_IS_OK(werr)) { goto cancel; -- cgit From 75ccf934ac09e5af68cfd5afdd75a1b32ca24287 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Thu, 16 Apr 2009 17:14:29 +0200 Subject: Don't look up local user for remote changes, even when root. --- source3/utils/smbpasswd.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'source3/utils') diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c index 4cd0d55f56..8cca93f5de 100644 --- a/source3/utils/smbpasswd.c +++ b/source3/utils/smbpasswd.c @@ -430,14 +430,18 @@ static int process_root(int local_flags) } if((local_flags & LOCAL_SET_PASSWORD) && (new_passwd == NULL)) { - struct passwd *passwd = getpwnam_alloc(NULL, user_name); + struct passwd *passwd; - if (!passwd) { - fprintf(stderr, "Cannot locate Unix account for " - "'%s'!\n", user_name); - exit(1); + if (remote_machine == NULL) { + passwd = getpwnam_alloc(NULL, user_name); + + if (!passwd) { + fprintf(stderr, "Cannot locate Unix account for " + "'%s'!\n", user_name); + exit(1); + } + TALLOC_FREE(passwd); } - TALLOC_FREE(passwd); new_passwd = prompt_for_new_password(stdin_passwd_get); -- cgit From c0dfe0cf80ee50f395912b7d6aec0d87febd34c0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 26 Mar 2009 20:29:24 +0100 Subject: s3:net_rpc: don't shutdown a cli_state passed from the caller This fixes a crash bug if we timeout in net rpc trustdom list. metze --- source3/utils/net_rpc.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) (limited to 'source3/utils') diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index ed7b2f043e..0b662819ae 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -120,6 +120,7 @@ int run_rpc_command(struct net_context *c, NTSTATUS nt_status; DOM_SID *domain_sid; const char *domain_name; + int ret = -1; /* make use of cli_state handed over as an argument, if possible */ if (!cli_arg) { @@ -141,15 +142,13 @@ int run_rpc_command(struct net_context *c, if (!(mem_ctx = talloc_init("run_rpc_command"))) { DEBUG(0, ("talloc_init() failed\n")); - cli_shutdown(cli); - return -1; + goto fail; } nt_status = net_get_remote_domain_sid(cli, mem_ctx, &domain_sid, &domain_name); if (!NT_STATUS_IS_OK(nt_status)) { - cli_shutdown(cli); - return -1; + goto fail; } if (!(conn_flags & NET_FLAGS_NO_PIPE)) { @@ -164,8 +163,7 @@ int run_rpc_command(struct net_context *c, if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Could not initialise schannel netlogon pipe. Error was %s\n", nt_errstr(nt_status) )); - cli_shutdown(cli); - return -1; + goto fail; } } else { if (conn_flags & NET_FLAGS_SEAL) { @@ -183,8 +181,7 @@ int run_rpc_command(struct net_context *c, DEBUG(0, ("Could not initialise pipe %s. Error was %s\n", get_pipe_name_from_iface(interface), nt_errstr(nt_status) )); - cli_shutdown(cli); - return -1; + goto fail; } } } @@ -194,6 +191,7 @@ int run_rpc_command(struct net_context *c, if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(1, ("rpc command function failed! (%s)\n", nt_errstr(nt_status))); } else { + ret = 0; DEBUG(5, ("rpc command function succedded\n")); } @@ -203,13 +201,14 @@ int run_rpc_command(struct net_context *c, } } +fail: /* close the connection only if it was opened here */ if (!cli_arg) { cli_shutdown(cli); } talloc_destroy(mem_ctx); - return (!NT_STATUS_IS_OK(nt_status)); + return ret; } /** -- cgit From 257809558bfab3e45703cf8be76357596392a3ea Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 26 Mar 2009 20:32:55 +0100 Subject: s3:net: add --request-timeout option metze --- source3/utils/net.c | 1 + source3/utils/net.h | 1 + source3/utils/net_util.c | 2 ++ 3 files changed, 4 insertions(+) (limited to 'source3/utils') diff --git a/source3/utils/net.c b/source3/utils/net.c index 7823a98219..bd5107af53 100644 --- a/source3/utils/net.c +++ b/source3/utils/net.c @@ -651,6 +651,7 @@ static struct functable net_func[] = { {"force", 'f', POPT_ARG_NONE, &c->opt_force}, {"stdin", 'i', POPT_ARG_NONE, &c->opt_stdin}, {"timeout", 't', POPT_ARG_INT, &c->opt_timeout}, + {"request-timeout",0,POPT_ARG_INT, &c->opt_request_timeout}, {"machine-pass",'P', POPT_ARG_NONE, &c->opt_machine_pass}, {"kerberos", 'k', POPT_ARG_NONE, &c->opt_kerberos}, {"myworkgroup", 'W', POPT_ARG_STRING, &c->opt_workgroup}, diff --git a/source3/utils/net.h b/source3/utils/net.h index 2d72756def..d88f962d41 100644 --- a/source3/utils/net.h +++ b/source3/utils/net.h @@ -43,6 +43,7 @@ struct net_context { const char *opt_container; int opt_flags; int opt_timeout; + int opt_request_timeout; const char *opt_target_workgroup; int opt_machine_pass; int opt_localgroup; diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index c6b6ee9e80..2915ffb809 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -521,6 +521,8 @@ NTSTATUS net_make_ipc_connection_ex(struct net_context *c ,const char *domain, d_fprintf(stderr, "Connection failed: %s\n", nt_errstr(nt_status)); cli = NULL; + } else if (c->opt_request_timeout) { + cli_set_timeout(cli, c->opt_request_timeout * 1000); } done: -- cgit