From a0f1567ae4389fc4fd35a4d7b29c755f474c9445 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 26 May 2003 23:57:20 +0000 Subject: Added file from SAMBA_3_0 branch. (This used to be commit c2e5b3745294100a726c329617815f604904963f) --- source3/modules/.cvsignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 source3/modules/.cvsignore (limited to 'source3') diff --git a/source3/modules/.cvsignore b/source3/modules/.cvsignore new file mode 100644 index 0000000000..6d609cec52 --- /dev/null +++ b/source3/modules/.cvsignore @@ -0,0 +1 @@ +*.po -- cgit From 2e83e50da0cc2b39d7d7b5dd2e36b78fa838a583 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 27 May 2003 00:00:49 +0000 Subject: Merge from SAMBA_3_0: initialise return value in run_tcon_devtype_test() (This used to be commit ce0d4f8eaa2fed1713eae83b6d508e407b521e6d) --- source3/torture/torture.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 840b6ad294..07d7f1547e 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -1121,7 +1121,7 @@ static BOOL run_tcon_devtype_test(int dummy) BOOL retry; int flags = 0; NTSTATUS status; - BOOL ret; + BOOL ret = True; status = cli_full_connection(&cli1, myname, host, NULL, port_to_use, -- cgit From ddba65fd629d6861d8b3c2919421ca129f041542 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 27 May 2003 00:04:18 +0000 Subject: Merge: ignore autogenerated file. (This used to be commit 421940d4e9e173febe3cef22695fb66aa7f43b84) --- source3/script/.cvsignore | 1 + 1 file changed, 1 insertion(+) (limited to 'source3') diff --git a/source3/script/.cvsignore b/source3/script/.cvsignore index 7a8114ecd7..5efd0d33db 100644 --- a/source3/script/.cvsignore +++ b/source3/script/.cvsignore @@ -1 +1,2 @@ findsmb +mkproto.sh -- cgit From 77a9f8ab4d4fcea0e21433f63c01b2ede4a08385 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 27 May 2003 00:06:19 +0000 Subject: Comment syncup. (This used to be commit 877fc6370e528da81dfd793f04c72bfdec82231e) --- source3/include/ads.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/include/ads.h b/source3/include/ads.h index 07bf6e4b3b..7f7568d8b0 100644 --- a/source3/include/ads.h +++ b/source3/include/ads.h @@ -38,7 +38,7 @@ typedef struct { } config; } ADS_STRUCT; -/* there are 4 possible types of errors the ads subsystem can produce */ +/* there are 5 possible types of errors the ads subsystem can produce */ enum ads_error_type {ADS_ERROR_KRB5, ADS_ERROR_GSS, ADS_ERROR_LDAP, ADS_ERROR_SYSTEM, ADS_ERROR_NT}; -- cgit From b863577db26a826533b8512ae7092725474099e7 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 27 May 2003 00:07:09 +0000 Subject: Whitespace syncup. (This used to be commit 39e1b6338f14a8403b6d612000d6976be9630bac) --- source3/include/module.h | 1 - 1 file changed, 1 deletion(-) (limited to 'source3') diff --git a/source3/include/module.h b/source3/include/module.h index 659833c91a..759ea5bb38 100644 --- a/source3/include/module.h +++ b/source3/include/module.h @@ -24,7 +24,6 @@ /* Module support */ typedef NTSTATUS (init_module_function) (void); - #define SMB_IDLE_EVENT_DEFAULT_INTERVAL 180 #define SMB_IDLE_EVENT_MIN_INTERVAL 30 -- cgit From fc8d985d290eb51c70424ae1865aeea341b488de Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 27 May 2003 00:07:45 +0000 Subject: Merge: add DFS error constant. (This used to be commit c9dfc35e95719af8b7c9511668d0d4053b73f9a0) --- source3/include/nterr.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source3') diff --git a/source3/include/nterr.h b/source3/include/nterr.h index dcc26d9884..19c70cffcc 100644 --- a/source3/include/nterr.h +++ b/source3/include/nterr.h @@ -558,6 +558,7 @@ #define NT_STATUS_TOO_MANY_LINKS NT_STATUS(0xC0000000 | 0x0265) #define NT_STATUS_QUOTA_LIST_INCONSISTENT NT_STATUS(0xC0000000 | 0x0266) #define NT_STATUS_FILE_IS_OFFLINE NT_STATUS(0xC0000000 | 0x0267) +#define NT_STATUS_NOT_A_REPARSE_POINT NT_STATUS(0xC0000000 | 0x0275) #define NT_STATUS_NO_SUCH_JOB NT_STATUS(0xC0000000 | 0xEDE) /* scheduler */ #endif /* _NTERR_H */ -- cgit From df90a0b3b681a54897040a38fab6c7b498d2860e Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 27 May 2003 00:09:34 +0000 Subject: Jelmer was really excited about copyrights this year. (This used to be commit 30a1b517fca6554c3beb5cc33fa0299d1376a542) --- source3/lib/iconv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/lib/iconv.c b/source3/lib/iconv.c index d9160f0d01..c09bff5fd7 100644 --- a/source3/lib/iconv.c +++ b/source3/lib/iconv.c @@ -2,7 +2,7 @@ Unix SMB/CIFS implementation. minimal iconv implementation Copyright (C) Andrew Tridgell 2001 - Copyright (C) Jelmer Vernooij 2002,2003,2003,2003,2003 + Copyright (C) Jelmer Vernooij 2002,2003 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by -- cgit From 2b6e3ec27a23b8e5d523c2797c9e0b7b363b938d Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 27 May 2003 00:14:15 +0000 Subject: Sync up sid types enum. (This used to be commit 2ff89e1ee830ee2496861396ff69a232b0605b2f) --- source3/include/smb.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/include/smb.h b/source3/include/smb.h index 04b7d72395..0889abf038 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -243,6 +243,7 @@ typedef struct nttime_info /* SID Types */ enum SID_NAME_USE { + SID_NAME_USE_NONE = 0, SID_NAME_USER = 1, /* user */ SID_NAME_DOM_GRP, /* domain group */ SID_NAME_DOMAIN, /* domain sid */ @@ -251,7 +252,7 @@ enum SID_NAME_USE SID_NAME_DELETED, /* deleted account: needed for c2 rating */ SID_NAME_INVALID, /* invalid account */ SID_NAME_UNKNOWN, /* unknown sid type */ - SID_NAME_COMPUTER, /* sid for a computer */ + SID_NAME_COMPUTER /* sid for a computer */ }; /** -- cgit From 8bf60dc801b32f7c3ca3cf6572abdaa4bea5bf39 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 27 May 2003 00:16:43 +0000 Subject: Merge from 3.0: Fix set_local_machine_name() for both *SMBSERVER and *SMBSERV as per comments in loadparm.c (This used to be commit a6cb33c5bf0e26d8092c06a2cc01a6678109fb68) --- source3/lib/substitute.c | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'source3') diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c index ef68bce985..7ba8648156 100644 --- a/source3/lib/substitute.c +++ b/source3/lib/substitute.c @@ -40,6 +40,17 @@ void set_local_machine_name(const char* local_name, BOOL perm) static BOOL already_perm = False; fstring tmp_local_machine; + /* + * Windows NT/2k uses "*SMBSERVER" and XP uses "*SMBSERV" + * arrggg!!! + */ + + if (strcasecmp(local_name, "*SMBSERVER")==0) + return; + + if (strcasecmp(local_name, "*SMBSERV")==0) + return; + if (already_perm) return; -- cgit From b365e172bbbc580de15d970e09f3712439427281 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 27 May 2003 00:18:50 +0000 Subject: Added string error for NT_STATUS_NOT_A_REPARSE_POINT error. (This used to be commit cb4188941e93f8026a94a7378a51b0ec73ffcb8f) --- source3/libsmb/nterr.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3') diff --git a/source3/libsmb/nterr.c b/source3/libsmb/nterr.c index e6047847ae..166229ec6c 100644 --- a/source3/libsmb/nterr.c +++ b/source3/libsmb/nterr.c @@ -533,6 +533,7 @@ static nt_err_code_struct nt_errs[] = { "NT_STATUS_TOO_MANY_LINKS", NT_STATUS_TOO_MANY_LINKS }, { "NT_STATUS_QUOTA_LIST_INCONSISTENT", NT_STATUS_QUOTA_LIST_INCONSISTENT }, { "NT_STATUS_FILE_IS_OFFLINE", NT_STATUS_FILE_IS_OFFLINE }, + { "NT_STATUS_NOT_A_REPARSE_POINT", NT_STATUS_NOT_A_REPARSE_POINT }, { "NT_STATUS_NO_MORE_ENTRIES", NT_STATUS_NO_MORE_ENTRIES }, { "STATUS_MORE_ENTRIES", STATUS_MORE_ENTRIES }, { "STATUS_SOME_UNMAPPED", STATUS_SOME_UNMAPPED }, -- cgit From d89f4a1baef3991ed8877e4765af0b46e79b04e7 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 27 May 2003 00:20:41 +0000 Subject: Merge from 3.0: quieten debug message for trust acct password change. (This used to be commit ab60980461f31ce3dcb582f195b3754807dd9174) --- source3/libsmb/trusts_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c index d5a02bb625..6244c844f2 100644 --- a/source3/libsmb/trusts_util.c +++ b/source3/libsmb/trusts_util.c @@ -40,7 +40,7 @@ static NTSTATUS just_change_the_password(struct cli_state *cli, TALLOC_CTX *mem_ result = cli_nt_setup_creds(cli, sec_channel_type, orig_trust_passwd_hash, &neg_flags, 2); if (!NT_STATUS_IS_OK(result)) { - DEBUG(1,("just_change_the_password: unable to setup creds (%s)!\n", + DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n", nt_errstr(result))); return result; } -- cgit From 5612da76e0892a254e975d0846764c7c6078e920 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 27 May 2003 00:22:29 +0000 Subject: Merge from 3.0: remove bogus static initialisers. (This used to be commit 79a654bbe5952a704dcad6b65aa66288a54e02e4) --- source3/nmbd/nmbd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3') diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c index eec447688f..ad5ab4d734 100644 --- a/source3/nmbd/nmbd.c +++ b/source3/nmbd/nmbd.c @@ -30,13 +30,13 @@ int global_nmb_port = -1; extern BOOL global_in_nmbd; /* are we running as a daemon ? */ -static BOOL is_daemon = False; +static BOOL is_daemon; /* fork or run in foreground ? */ static BOOL Fork = True; /* log to standard output ? */ -static BOOL log_stdout = False; +static BOOL log_stdout; /* have we found LanMan clients yet? */ BOOL found_lm_clients = False; -- cgit From 0e9422f139e21af2025dbe33883fdd0ed517df4d Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 27 May 2003 00:29:00 +0000 Subject: Merge the remaining bits of fix for bug #60. (This used to be commit 7c3da9b4db94add8c3cf93d8f8d1ae0e907b5b99) --- source3/nsswitch/winbindd.c | 107 ++++++++++++++++++++------------------------ 1 file changed, 48 insertions(+), 59 deletions(-) (limited to 'source3') diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index da2540f5d9..033ff18900 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -730,61 +730,6 @@ static void process_loop(void) } -/* - these are split out from the main winbindd for use by the background daemon - */ -BOOL winbind_setup_common(void) -{ - load_interfaces(); - - if (!secrets_init()) { - - DEBUG(0,("Could not initialize domain trust account secrets. Giving up\n")); - return False; - } - - namecache_enable(); /* Enable netbios namecache */ - - /* Check winbindd parameters are valid */ - - ZERO_STRUCT(server_state); - - if (!winbindd_param_init()) - return False; - - /* Winbind daemon initialisation */ - - if (!idmap_init()) - return False; - - if (!idmap_init_wellknown_sids()) - return False; - - /* Unblock all signals we are interested in as they may have been - blocked by the parent process. */ - - BlockSignals(False, SIGINT); - BlockSignals(False, SIGQUIT); - BlockSignals(False, SIGTERM); - BlockSignals(False, SIGUSR1); - BlockSignals(False, SIGUSR2); - BlockSignals(False, SIGHUP); - - /* Setup signal handlers */ - - CatchSignal(SIGINT, termination_handler); /* Exit on these sigs */ - CatchSignal(SIGQUIT, termination_handler); - CatchSignal(SIGTERM, termination_handler); - - CatchSignal(SIGPIPE, SIG_IGN); /* Ignore sigpipe */ - - CatchSignal(SIGUSR2, sigusr2_handler); /* Debugging sigs */ - CatchSignal(SIGHUP, sighup_handler); - - return True; -} - - /* Main function */ struct winbindd_state server_state; /* Server state information */ @@ -868,6 +813,54 @@ int main(int argc, char **argv) if (!init_names()) exit(1); + load_interfaces(); + + if (!secrets_init()) { + + DEBUG(0,("Could not initialize domain trust account secrets. Giving up\n")); + return False; + } + + /* Enable netbios namecache */ + + namecache_enable(); + + /* Check winbindd parameters are valid */ + + ZERO_STRUCT(server_state); + + if (!winbindd_param_init()) + return 1; + + /* Winbind daemon initialisation */ + + if (!idmap_init()) + return 1; + + if (!idmap_init_wellknown_sids()) + exit(1); + + /* Unblock all signals we are interested in as they may have been + blocked by the parent process. */ + + BlockSignals(False, SIGINT); + BlockSignals(False, SIGQUIT); + BlockSignals(False, SIGTERM); + BlockSignals(False, SIGUSR1); + BlockSignals(False, SIGUSR2); + BlockSignals(False, SIGHUP); + + /* Setup signal handlers */ + + CatchSignal(SIGINT, termination_handler); /* Exit on these sigs */ + CatchSignal(SIGQUIT, termination_handler); + CatchSignal(SIGTERM, termination_handler); + + CatchSignal(SIGPIPE, SIG_IGN); /* Ignore sigpipe */ + + CatchSignal(SIGUSR2, sigusr2_handler); /* Debugging sigs */ + CatchSignal(SIGHUP, sighup_handler); + if (!interactive) become_daemon(Fork); @@ -882,10 +875,6 @@ int main(int argc, char **argv) setpgid( (pid_t)0, (pid_t)0); #endif - if (!winbind_setup_common()) { - return 1; - } - if (opt_dual_daemon) { do_dual_daemon(); } -- cgit From 0842573b513c7b1788fe0f83f06256515227a1f9 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 27 May 2003 00:30:29 +0000 Subject: Merge of secchan fix from 3.0 that was eaten by CVS yesterday. I think it was becuase I ran out of disk quota. (This used to be commit 10cbec05a7bfe2fab54940329c5b348d5e524f29) --- source3/rpc_parse/parse_net.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c index 259ca7fdc1..1a14915c9f 100644 --- a/source3/rpc_parse/parse_net.c +++ b/source3/rpc_parse/parse_net.c @@ -2129,7 +2129,7 @@ static BOOL net_io_sam_account_info(const char *desc, uint8 sess_key[16], if (!prs_uint32("pwd_len", ps, depth, &len)) return False; old_offset = prs_offset(ps); - if (len == 0x44) + if (len > 0) { if (ps->io) { -- cgit From 19d75b2df77b1db11805278b3845a0923177c355 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 27 May 2003 01:15:31 +0000 Subject: This should be the correct fix for merge of bug #60 from 3.0. (This used to be commit aaf06908b290af8184731833a3c9b0837b4fc499) --- source3/nsswitch/winbindd_dual.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'source3') diff --git a/source3/nsswitch/winbindd_dual.c b/source3/nsswitch/winbindd_dual.c index 3597171005..167630b0e1 100644 --- a/source3/nsswitch/winbindd_dual.c +++ b/source3/nsswitch/winbindd_dual.c @@ -166,9 +166,6 @@ void do_dual_daemon(void) _exit(0); } - if (!winbind_setup_common()) - _exit(0); - dual_daemon_pipe = -1; opt_dual_daemon = False; -- cgit From aa24267f1c7dafbcddd659a7976bcc66d64024f6 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 27 May 2003 06:54:35 +0000 Subject: Fix shadow parameter warning in free_empty_sys_acl() (This used to be commit 7345bca285a4fed294a6120a399fa2fa3d88a440) --- source3/smbd/posix_acls.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3') diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 86efd8fb96..e2cc3af281 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -2097,17 +2097,17 @@ static struct canon_ace *canon_ace_entry_for(struct canon_ace *list, SMB_ACL_TAG ****************************************************************************/ -SMB_ACL_T free_empty_sys_acl(connection_struct *conn, SMB_ACL_T acl) +SMB_ACL_T free_empty_sys_acl(connection_struct *conn, SMB_ACL_T the_acl) { SMB_ACL_ENTRY_T entry; - if (!acl) + if (!the_acl) return NULL; - if (conn->vfs_ops.sys_acl_get_entry(conn, acl, SMB_ACL_FIRST_ENTRY, &entry) != 1) { - conn->vfs_ops.sys_acl_free_acl(conn, acl); + if (conn->vfs_ops.sys_acl_get_entry(conn, the_acl, SMB_ACL_FIRST_ENTRY, &entry) != 1) { + conn->vfs_ops.sys_acl_free_acl(conn, the_acl); return NULL; } - return acl; + return the_acl; } /**************************************************************************** -- cgit From bdef2e8eb889d059d855a647eb8fb6648438ba1f Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 27 May 2003 07:26:55 +0000 Subject: Fix unused variable warning. (This used to be commit 0a80db5bde14e19d79411d832d51430d1b1c3454) --- source3/lib/util.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/lib/util.c b/source3/lib/util.c index e58f5274df..e1ddd57883 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -1415,7 +1415,6 @@ void smb_panic(const char *why) { char *cmd; int result; - size_t i; #ifdef HAVE_BACKTRACE_SYMBOLS void *backtrace_stack[BACKTRACE_STACK_SIZE]; size_t backtrace_size; @@ -1457,6 +1456,8 @@ void smb_panic(const char *why) DEBUG(0, ("BACKTRACE: %d stack frames:\n", backtrace_size)); if (backtrace_strings) { + int i; + for (i = 0; i < backtrace_size; i++) DEBUGADD(0, (" #%u %s\n", i, backtrace_strings[i])); -- cgit From 793ea7a428bdada47b70a8fae9f80bd92b96d56f Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 27 May 2003 07:28:42 +0000 Subject: Squash another compiler warning. (This used to be commit 8bfcbd53848e34b90099f5167b570165c3f6bf62) --- source3/printing/nt_printing.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3') diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index a486fb9c00..2b4b7dab6b 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -2469,9 +2469,9 @@ static void map_dword_into_ctr(REGVAL_CTR *ctr, const char *val_name, } static void map_bool_into_ctr(REGVAL_CTR *ctr, const char *val_name, - BOOL bool) + BOOL b) { - uint8 bin_bool = (bool ? 1 : 0); + uint8 bin_bool = (b ? 1 : 0); regval_ctr_delvalue(ctr, val_name); regval_ctr_addvalue(ctr, val_name, REG_BINARY, (char *) &bin_bool, sizeof(bin_bool)); -- cgit From 8056503e4c6de038a141d3faad9b765cb00e0e3a Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 27 May 2003 16:31:46 +0000 Subject: volker's add_signature() fix; must pass the beginning on the outbuf to get the flags field (This used to be commit 81cccd25b84871d282815dfa378bd687c5c29cc1) --- source3/smbd/sesssetup.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3') diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 44131b1752..64984d4809 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -57,9 +57,9 @@ static NTSTATUS do_map_to_guest(NTSTATUS status, auth_serversupplied_info **serv /**************************************************************************** Add the standard 'Samba' signature to the end of the session setup. ****************************************************************************/ -static int add_signature(char *outbuf) +static int add_signature(char *outbuf, char *p) { - char *p = outbuf; + char *start = p; fstring lanman; snprintf( lanman, sizeof(lanman), "Samba %s", VERSION ); @@ -68,7 +68,7 @@ static int add_signature(char *outbuf) p += srvstr_push(outbuf, p, lanman, -1, STR_TERMINATE); p += srvstr_push(outbuf, p, lp_workgroup(), -1, STR_TERMINATE); - return PTR_DIFF(p, outbuf); + return PTR_DIFF(p, start); } /**************************************************************************** @@ -91,7 +91,7 @@ static BOOL reply_sesssetup_blob(connection_struct *conn, char *outbuf, memcpy(p, blob.data, blob.length); p += blob.length; - p += add_signature( p ); + p += add_signature( outbuf, p ); set_message_end(outbuf,p); @@ -732,7 +732,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, set_message(outbuf,3,0,True); if (Protocol >= PROTOCOL_NT1) { char *p = smb_buf( outbuf ); - p += add_signature( p ); + p += add_signature( outbuf, p ); set_message_end( outbuf, p ); /* perhaps grab OS version here?? */ } -- cgit From d84a2ead1577ae5e659342e447d680d6485f8121 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 27 May 2003 16:47:04 +0000 Subject: volker's fix for crash when my_private_data == NULL (This used to be commit 63bb1e21ebac68f904c01fb58ac7c06a9bcb8ab0) --- source3/auth/auth_winbind.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'source3') diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c index 79395a99c9..b8276b0866 100644 --- a/source3/auth/auth_winbind.c +++ b/source3/auth/auth_winbind.c @@ -103,9 +103,15 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context, result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response); - if (result == NSS_STATUS_UNAVAIL) { + if ( result == NSS_STATUS_UNAVAIL ) { struct auth_methods *auth_method = my_private_data; - return auth_method->auth(auth_context, auth_method->private_data, mem_ctx, user_info, server_info); + + if ( auth_method ) + return auth_method->auth(auth_context, auth_method->private_data, + mem_ctx, user_info, server_info); + else + /* log an error since this should not happen */ + DEBUG(0,("check_winbind_security: ERROR! my_private_data == NULL!\n")); } nt_status = NT_STATUS(response.data.auth.nt_status); -- cgit From d9e59358f73382fb1c53820c656d9bc86112ed1e Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 27 May 2003 16:56:16 +0000 Subject: fix bug 118; replace hard coded 'next[User|Group]Rid' attribute names (This used to be commit dc18ffcc5a215975a90232374a84ffbe6b6903ea) --- source3/passdb/pdb_ldap.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'source3') diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index ef88c09efa..5f5d75c6f5 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -1701,18 +1701,20 @@ static NTSTATUS ldapsam_next_rid(struct ldapsam_privates *ldap_state, uint32 *ri switch (rid_type) { case USER_RID_TYPE: - if (!get_single_attribute(ldap_state->ldap_struct, - entry, "nextUserRid", - old_rid_string)) { + if (!get_single_attribute(ldap_state->ldap_struct, entry, + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_GROUPRID), + old_rid_string)) + { ldap_memfree(dn); ldap_msgfree(result); return ret; } break; case GROUP_RID_TYPE: - if (!get_single_attribute(ldap_state->ldap_struct, - entry, "nextGroupRid", - old_rid_string)) { + if (!get_single_attribute(ldap_state->ldap_struct, entry, + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_GROUPRID), + old_rid_string)) + { ldap_memfree(dn); ldap_msgfree(result); return ret; -- cgit From befa2a42192a09da912ce7bbfea727c25b27e124 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 27 May 2003 21:55:39 +0000 Subject: Correct (?) handling for VC = 0. Trying to fix XP logoff leaving resources around. Jeremy. (This used to be commit 870e111facb4abb01dd1d92739346d764eff056c) --- source3/smbd/sesssetup.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 64984d4809..15d816bd6d 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -493,6 +493,16 @@ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf, return ERROR_NT(NT_STATUS_LOGON_FAILURE); } +/**************************************************************************** + On new VC == 0, shutdown *all* old connections and users. +****************************************************************************/ + +static void setup_new_vc_session(void) +{ + DEBUG(2,("setup_new_vc_session: New VC == 0, closing all old resources.\n")); + conn_close_all(); + invalidate_all_vuids(); +} /**************************************************************************** reply to a session setup command @@ -541,6 +551,9 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, return ERROR_NT(NT_STATUS_UNSUCCESSFUL); } + if (SVAL(inbuf,smb_vwv4) == 0) { + setup_new_vc_session(); + } return reply_sesssetup_and_X_spnego(conn, inbuf, outbuf, length, bufsize); } @@ -562,7 +575,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, srvstr_pull_buf(inbuf, user, smb_buf(inbuf)+passlen1, sizeof(user), STR_TERMINATE); *domain = 0; - + } else { uint16 passlen1 = SVAL(inbuf,smb_vwv7); uint16 passlen2 = SVAL(inbuf,smb_vwv8); @@ -641,6 +654,10 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, } + if (SVAL(inbuf,smb_vwv4) == 0) { + setup_new_vc_session(); + } + DEBUG(3,("sesssetupX:name=[%s]\\[%s]@[%s]\n", domain, user, get_remote_machine_name())); if (*user) { -- cgit From 174fbc9764f8bad8b78579135877c9dfaafa7df9 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 27 May 2003 22:36:24 +0000 Subject: cut-n-paste error (This used to be commit 1f02ca540dff5366a1ad2e8a98b626635a8e9018) --- source3/passdb/pdb_ldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 5f5d75c6f5..29fa9eada6 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -1702,7 +1702,7 @@ static NTSTATUS ldapsam_next_rid(struct ldapsam_privates *ldap_state, uint32 *ri switch (rid_type) { case USER_RID_TYPE: if (!get_single_attribute(ldap_state->ldap_struct, entry, - get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_GROUPRID), + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_USERRID), old_rid_string)) { ldap_memfree(dn); -- cgit From 4c6b3131bc79322f5b4461770ed664aef5d2f6f3 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 28 May 2003 00:45:44 +0000 Subject: Merge of uint32/uid_t mismatch from 3.0 (This used to be commit a9f0e69dbefdaf8daee3943782817bcc536d2fb3) --- source3/passdb/pdb_smbpasswd.c | 4 ++-- source3/passdb/pdb_tdb.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'source3') diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index c9e66a4715..c392846d93 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -64,8 +64,8 @@ struct smbpasswd_privates BOOL permit_non_unix_accounts; - uint32 low_nua_userid; - uint32 high_nua_userid; + uid_t low_nua_userid; + uid_t high_nua_userid; }; diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index 93fa4e1886..7f8c2a26f7 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -916,7 +916,7 @@ NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con { NTSTATUS nt_status; struct tdbsam_privates *tdb_state; - uint32 low_nua_uid, high_nua_uid; + uid_t low_nua_uid, high_nua_uid; if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) { return nt_status; -- cgit From c593b15e762f82eb218fa5ff0b6f935995e1c82f Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 28 May 2003 00:52:24 +0000 Subject: Merge from 3.0: >Restore a number of fixes that idra removed when he merged his >idmap-and-the-rest from HEAD. > >These are correctness fixes that were already in 3.0, and a memory leak fix. > >The pdb_ldap changes are held back at jerry's request (he is also playing >with pdb_ldap ATM). > >Andrew Bartlett (This used to be commit d2bc89b860a19ccdda7189b8db0a740f224046f2) --- source3/smbd/password.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3') diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 81849b709a..283eed73ef 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -68,6 +68,7 @@ void invalidate_vuid(uint16 vuid) SAFE_FREE(vuser->logon_script); session_yield(vuser); + SAFE_FREE(vuser->session_keystr); free_server_info(&vuser->server_info); -- cgit From 5c385ce833a12eef4a9f763903a44c1dee1e7d76 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 28 May 2003 00:56:51 +0000 Subject: Merge of pull_ascii() and pull_ucs2() termination fixes from 3.0 (This used to be commit bd97a76388b3f16d287c25579f02afe072cdec25) --- source3/lib/charcnv.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3') diff --git a/source3/lib/charcnv.c b/source3/lib/charcnv.c index c3360bbb65..eb427cc0fc 100644 --- a/source3/lib/charcnv.c +++ b/source3/lib/charcnv.c @@ -420,6 +420,8 @@ size_t pull_ascii(char *dest, const void *src, size_t dest_len, size_t src_len, if (dest_len) dest[MIN(ret, dest_len-1)] = 0; + else + dest[0] = 0; return src_len; } @@ -629,6 +631,8 @@ size_t pull_ucs2(const void *base_ptr, char *dest, const void *src, size_t dest_ ret = convert_string(CH_UCS2, CH_UNIX, src, src_len, dest, dest_len); if (dest_len) dest[MIN(ret, dest_len-1)] = 0; + else + dest[0] = 0; return src_len; } -- cgit From 044b9af17ed83490e645c6b7e41862326fd701e9 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 28 May 2003 00:58:37 +0000 Subject: Merge of formatting fixups from 3.0 (This used to be commit 43e01fb2306f35931256dfda6803bd887f28059f) --- source3/lib/module.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'source3') diff --git a/source3/lib/module.c b/source3/lib/module.c index 221538fbec..811efae311 100644 --- a/source3/lib/module.c +++ b/source3/lib/module.c @@ -81,7 +81,12 @@ NTSTATUS smb_probe_module(const char *subsystem, const char *module) pstring full_path; /* Check for absolute path */ - if(module[0] == '/')return smb_load_module(module); + + /* if we make any 'samba multibyte string' + calls here, we break + for loading string modules */ + if (module[0] == '/') + return smb_load_module(module); pstrcpy(full_path, lib_path(subsystem)); pstrcat(full_path, "/"); @@ -98,19 +103,19 @@ NTSTATUS smb_probe_module(const char *subsystem, const char *module) NTSTATUS smb_load_module(const char *module_name) { - DEBUG(0,("This samba executable has not been built with plugin support")); + DEBUG(0,("This samba executable has not been built with plugin support\n")); return NT_STATUS_NOT_SUPPORTED; } int smb_load_modules(const char **modules) { - DEBUG(0,("This samba executable has not been built with plugin support")); + DEBUG(0,("This samba executable has not been built with plugin support\n")); return -1; } NTSTATUS smb_probe_module(const char *subsystem, const char *module) { - DEBUG(0,("This samba executable has not been built with plugin support, not probing")); + DEBUG(0,("This samba executable has not been built with plugin support, not probing\n")); return NT_STATUS_NOT_SUPPORTED; } -- cgit From fd448442d90e062196d8bb48c01c5ea9ea9263b2 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 28 May 2003 00:59:35 +0000 Subject: Merge of rpcstr_pull() termination fixes from 3.0 (This used to be commit d41705dec6bed752acfe3210c73a949101dc23f6) --- source3/lib/util_unistr.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/lib/util_unistr.c b/source3/lib/util_unistr.c index 08bb03986f..5df0828295 100644 --- a/source3/lib/util_unistr.c +++ b/source3/lib/util_unistr.c @@ -229,7 +229,10 @@ char *skip_unibuf(char *src, size_t len) */ int rpcstr_pull(char* dest, void *src, int dest_len, int src_len, int flags) { - if (!src) return 0; + if (!src) { + dest[0] = 0; + return 0; + } if(dest_len==-1) dest_len=MAXUNI-3; return pull_ucs2(NULL, dest, src, dest_len, src_len, flags|STR_UNICODE|STR_NOALIGN); } -- cgit From 8202e68e36c600bce8ec2e6ce700acc8f01f3164 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 28 May 2003 01:00:07 +0000 Subject: Whitespace syncup. (This used to be commit 25caa7c6279aca249e3554b61bbc3175b66883d3) --- source3/nsswitch/winbindd.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3') diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index 033ff18900..c7e45e5429 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -729,7 +729,6 @@ static void process_loop(void) } } - /* Main function */ struct winbindd_state server_state; /* Server state information */ -- cgit From 7c9e4739d4825fc9d9f7c0b9b3e70172d18a5b1d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 28 May 2003 01:00:56 +0000 Subject: It seems only NT4 does the VC == 0 session drop code. Jeremy. (This used to be commit a1fee6594ec90a80478deee48a40d908aecb2e73) --- source3/smbd/sesssetup.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 15d816bd6d..2631961739 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -495,13 +495,17 @@ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf, /**************************************************************************** On new VC == 0, shutdown *all* old connections and users. + It seems that only NT4.x does this. At W2K and above (XP etc.). + a new session setup with VC==0 is ignored. ****************************************************************************/ static void setup_new_vc_session(void) { - DEBUG(2,("setup_new_vc_session: New VC == 0, closing all old resources.\n")); + DEBUG(2,("setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.\n")); +#if 0 conn_close_all(); invalidate_all_vuids(); +#endif } /**************************************************************************** -- cgit From d1f294b3c4dccd3cd02189d1d6bc7563d4df4ff6 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 28 May 2003 01:03:12 +0000 Subject: Merge of cut and paste fix from 3.0 (This used to be commit 34a0c7313a12d581e9aaf08322b105216cc94478) --- source3/passdb/pdb_ldap.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3') diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 29fa9eada6..fb63e81d28 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -202,7 +202,7 @@ static ATTRIB_MAP_ENTRY attrib_map_v30[] = { { LDAP_ATTR_KICKOFF_TIME, "sambaKickoffTime" }, { LDAP_ATTR_CN, "cn" }, { LDAP_ATTR_DISPLAY_NAME, "displayName" }, - { LDAP_ATTR_HOME_DRIVE, "sambaHoneDrive" }, + { LDAP_ATTR_HOME_DRIVE, "sambaHomeDrive" }, { LDAP_ATTR_HOME_PATH, "sambaHomePath" }, { LDAP_ATTR_LOGON_SCRIPT, "sambaLogonScript" }, { LDAP_ATTR_PROFILE_PATH, "sambaProfilePath" }, @@ -1957,7 +1957,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, pdb_set_domain(sampass, domain, PDB_DEFAULT); pdb_set_nt_username(sampass, nt_username, PDB_SET); - + /* deal with different attributes between the schema first */ if ( ldap_state->schema_ver == SCHEMAVER_SAMBASAMACCOUNT ) @@ -1968,7 +1968,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, pdb_set_user_sid_from_string(sampass, temp, PDB_SET); } - if (!get_single_attribute(ldap_state->ldap_struct, entry, + if (get_single_attribute(ldap_state->ldap_struct, entry, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PRIMARY_GROUP_SID), temp)) { pdb_set_group_sid_from_string(sampass, temp, PDB_SET); -- cgit From c52637029d5c1fc66ce130c72bad33f542ce5b70 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 28 May 2003 01:05:28 +0000 Subject: Merge of non-static initialisation fixes from 3.0 (This used to be commit 7f32b3f016ecc824ddcdaeb840d5d36224aa8141) --- source3/client/client.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/client/client.c b/source3/client/client.c index b498b5b4a8..690cc99f7f 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -2261,8 +2261,14 @@ static char **remote_completion(const char *text, int len) { pstring dirmask; int i; - completion_remote_t info = { "", NULL, 1, len, text, len }; + completion_remote_t info = { "", NULL, 1, 0, NULL, 0 }; + /* can't have non-static intialisation on Sun CC, so do it + at run time here */ + info.samelen = len; + info.text = text; + info.len = len; + if (len >= PATH_MAX) return(NULL); -- cgit From dbcd318cf54ed860f11c9b1f6bda41f187fae155 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 28 May 2003 04:22:11 +0000 Subject: Spelling. (This used to be commit e063c95bd5609e6aeade2d88e5cd9286d033971c) --- source3/auth/auth_sam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index dc5f86bae3..a7e49a270f 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -224,7 +224,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, } } else { DEBUG(2,("sam_password_ok: NTLMv1 passwords NOT PERMITTED for user %s\n",pdb_get_username(sampass))); - /* no return, because we might pick up LMv2 in the LM feild */ + /* no return, because we might pick up LMv2 in the LM field */ } } -- cgit From f9807d148912957a244029feedfde941cb3339e3 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 28 May 2003 04:33:29 +0000 Subject: Merge of NTLMSSP name type fix from 3.0 (This used to be commit 587bd1b83d13ab83aca28bd543755c5862ed8e75) --- source3/include/ntlmssp.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3') diff --git a/source3/include/ntlmssp.h b/source3/include/ntlmssp.h index f0278ffece..cfbbb00381 100644 --- a/source3/include/ntlmssp.h +++ b/source3/include/ntlmssp.h @@ -62,8 +62,8 @@ enum NTLM_MESSAGE_TYPE #define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000 #define NTLMSSP_NEGOTIATE_080000000 0x80000000 -#define NTLMSSP_NAME_TYPE_DOMAIN 0x01 -#define NTLMSSP_NAME_TYPE_SERVER 0x02 +#define NTLMSSP_NAME_TYPE_SERVER 0x01 +#define NTLMSSP_NAME_TYPE_DOMAIN 0x02 #define NTLMSSP_NAME_TYPE_DOMAIN_DNS 0x03 #define NTLMSSP_NAME_TYPE_SERVER_DNS 0x04 -- cgit From ba06fdbf669dfa8b115b1a0fbe2bf3b7ed5f558c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 28 May 2003 20:26:46 +0000 Subject: Fix bug brought up by Ken Cross that empty ACE's cause existing ACE's to be applied to new ACE set calls. This is incorrect. Don't think this has a bugzilla id. Jeremy. (This used to be commit 6a4502b03b95703dead4775874ff9ac08ed1a489) --- source3/smbd/posix_acls.c | 65 ++++++++++------------------------------------- 1 file changed, 14 insertions(+), 51 deletions(-) (limited to 'source3') diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index e2cc3af281..a362db7d56 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -605,14 +605,6 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace, BOOL got_other = False; canon_ace *pace_other = NULL; canon_ace *pace_group = NULL; - connection_struct *conn = fsp->conn; - SMB_ACL_T current_posix_acl = NULL; - mode_t current_user_perms = 0; - mode_t current_grp_perms = 0; - mode_t current_other_perms = 0; - BOOL got_current_user = False; - BOOL got_current_grp = False; - BOOL got_current_other = False; for (pace = *pp_ace; pace; pace = pace->next) { if (pace->type == SMB_ACL_USER_OBJ) { @@ -715,18 +707,13 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace, pace->attr = ALLOW_ACE; if (setting_acl) { - if (got_current_user) { - pace->perms = current_user_perms; - } else { - /* If we only got an "everyone" perm, just use that. */ - if (!got_grp && got_other) - pace->perms = pace_other->perms; - else if (got_grp && uid_entry_in_group(pace, pace_group)) - pace->perms = pace_group->perms; - else - pace->perms = 0; - - } + /* If we only got an "everyone" perm, just use that. */ + if (!got_grp && got_other) + pace->perms = pace_other->perms; + else if (got_grp && uid_entry_in_group(pace, pace_group)) + pace->perms = pace_group->perms; + else + pace->perms = 0; apply_default_perms(fsp, pace, S_IRUSR); } else { @@ -749,15 +736,11 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace, pace->trustee = *pfile_grp_sid; pace->attr = ALLOW_ACE; if (setting_acl) { - if (got_current_grp) { - pace->perms = current_grp_perms; - } else { - /* If we only got an "everyone" perm, just use that. */ - if (got_other) - pace->perms = pace_other->perms; - else - pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRGRP, S_IWGRP, S_IXGRP); - } + /* If we only got an "everyone" perm, just use that. */ + if (got_other) + pace->perms = pace_other->perms; + else + pace->perms = 0; apply_default_perms(fsp, pace, S_IRGRP); } else { pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRGRP, S_IWGRP, S_IXGRP); @@ -779,10 +762,7 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace, pace->trustee = global_sid_World; pace->attr = ALLOW_ACE; if (setting_acl) { - if (got_current_other) - pace->perms = current_other_perms; - else - pace->perms = 0; + pace->perms = 0; apply_default_perms(fsp, pace, S_IROTH); } else pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IROTH, S_IWOTH, S_IXOTH); @@ -2351,7 +2331,7 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc) int nt_acl_type; int i; - if (nt4_compatible_acls()) { + if (nt4_compatible_acls() && dir_ace) { /* * NT 4 chokes if an ACL contains an INHERIT_ONLY entry * but no non-INHERIT_ONLY entry for one SID. So we only @@ -2364,9 +2344,6 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc) * case will still fail under NT 4. */ - if (!dir_ace) - goto simplify_file_ace_only; - ace = canon_ace_entry_for(dir_ace, SMB_ACL_OTHER, NULL); if (ace && !ace->perms) { DLIST_REMOVE(dir_ace, ace); @@ -2413,20 +2390,6 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc) DLIST_REMOVE(dir_ace, ace); SAFE_FREE(ace); } - - simplify_file_ace_only: - - ace = canon_ace_entry_for(file_ace, SMB_ACL_OTHER, NULL); - if (ace && !ace->perms) { - DLIST_REMOVE(file_ace, ace); - SAFE_FREE(ace); - } - - ace = canon_ace_entry_for(file_ace, SMB_ACL_GROUP_OBJ, NULL); - if (ace && !ace->perms) { - DLIST_REMOVE(file_ace, ace); - SAFE_FREE(ace); - } } num_acls = count_canon_ace_list(file_ace); -- cgit From d75a4281c5a96a1e29b34b3a2f10bdb089221b77 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 29 May 2003 14:46:30 +0000 Subject: Fix the events API. Patch by metze with some minor modifications. (This used to be commit df24c4e839b3de0dc23400463d7489a991f61f49) --- source3/include/module.h | 20 +++--- source3/lib/module.c | 154 +++++++++++++++++++++++++++++++---------------- 2 files changed, 110 insertions(+), 64 deletions(-) (limited to 'source3') diff --git a/source3/include/module.h b/source3/include/module.h index 759ea5bb38..c41310c7f7 100644 --- a/source3/include/module.h +++ b/source3/include/module.h @@ -24,21 +24,15 @@ /* Module support */ typedef NTSTATUS (init_module_function) (void); + +typedef int smb_event_id_t; +#define SMB_EVENT_ID_INVALID (-1) + #define SMB_IDLE_EVENT_DEFAULT_INTERVAL 180 #define SMB_IDLE_EVENT_MIN_INTERVAL 30 -typedef struct smb_idle_event_struct { - struct smb_idle_event_struct *prev,*next; - time_t interval; - time_t last_run; - void *data; - void (*fn)(struct smb_idle_event_struct **event, time_t now); -} smb_idle_event_struct; - -typedef struct smb_exit_event_struct { - struct smb_exit_event_struct *prev,*next; - void *data; - void (*fn)(struct smb_exit_event_struct **event); -} smb_exit_event_struct; +typedef void (smb_idle_event_fn)(void **data,time_t *interval,time_t now); + +typedef void (smb_exit_event_fn)(void **data); #endif /* _MODULE_H */ diff --git a/source3/lib/module.c b/source3/lib/module.c index 811efae311..4437d085f9 100644 --- a/source3/lib/module.c +++ b/source3/lib/module.c @@ -159,51 +159,76 @@ void module_path_get_name(const char *path, pstring name) * the registered funtions are run periodically * and maybe shutdown idle connections (e.g. to an LDAP server) ***************************************************************************/ -static smb_idle_event_struct *smb_idle_event_list = NULL; -NTSTATUS smb_register_idle_event(smb_idle_event_struct *idle_event) +static smb_event_id_t smb_idle_event_id = 1; + +struct smb_idle_list_ent { + struct smb_idle_list_ent *prev,*next; + smb_event_id_t id; + smb_idle_event_fn *fn; + void *data; + time_t interval; + time_t lastrun; +}; + +static struct smb_idle_list_ent *smb_idle_event_list = NULL; + +smb_event_id_t smb_register_idle_event(smb_idle_event_fn *fn, void *data, time_t interval) { - if (!idle_event) { - return NT_STATUS_INVALID_PARAMETER; + struct smb_idle_list_ent *event; + + if (!fn) { + return SMB_EVENT_ID_INVALID; } - idle_event->last_run = 0; + event = (struct smb_idle_list_ent *)malloc(sizeof(struct smb_idle_list_ent)); + if (!event) { + DEBUG(0,("malloc() failed!\n")); + return SMB_EVENT_ID_INVALID; + } + event->fn = fn; + event->data = data; + event->interval = interval; + event->lastrun = 0; + event->id = smb_idle_event_id++; - DLIST_ADD(smb_idle_event_list,idle_event); + DLIST_ADD(smb_idle_event_list,event); - return NT_STATUS_OK; + return event->id; } -NTSTATUS smb_unregister_idle_event(smb_idle_event_struct *idle_event) +BOOL smb_unregister_idle_event(smb_event_id_t id) { - if (!idle_event) { - return NT_STATUS_INVALID_PARAMETER; + struct smb_idle_list_ent *event = smb_idle_event_list; + + while(event) { + if (event->id == id) { + DLIST_REMOVE(smb_idle_event_list,event); + SAFE_FREE(event); + return True; + } + event = event->next; } - - DLIST_REMOVE(smb_idle_event_list,idle_event); - - return NT_STATUS_OK; + + return False; } void smb_run_idle_events(time_t now) { - smb_idle_event_struct *tmp_event = smb_idle_event_list; + struct smb_idle_list_ent *event = smb_idle_event_list; - while (tmp_event) { + while (event) { time_t interval; - if (tmp_event->fn) { - if (tmp_event->interval >= SMB_IDLE_EVENT_MIN_INTERVAL) { - interval = tmp_event->interval; - } else { - interval = SMB_IDLE_EVENT_DEFAULT_INTERVAL; - } - if (now >(tmp_event->last_run+interval)) { - tmp_event->fn(&tmp_event,now); - tmp_event->last_run = now; - } + if (event->interval >= SMB_IDLE_EVENT_MIN_INTERVAL) { + interval = event->interval; + } else { + interval = SMB_IDLE_EVENT_MIN_INTERVAL; } - - tmp_event = tmp_event->next; + if (now >(event->lastrun+interval)) { + event->fn(&event->data,&event->interval,now); + event->lastrun = now; + } + event = event->next; } return; @@ -212,46 +237,73 @@ void smb_run_idle_events(time_t now) /*************************************************************************** * This Function registers a exit event * - * the registered funtions are run on exit() + * the registered functions are run on exit() * and maybe shutdown idle connections (e.g. to an LDAP server) ***************************************************************************/ -static smb_exit_event_struct *smb_exit_event_list = NULL; -NTSTATUS smb_register_exit_event(smb_exit_event_struct *exit_event) + +struct smb_exit_list_ent { + struct smb_exit_list_ent *prev,*next; + smb_event_id_t id; + smb_exit_event_fn *fn; + void *data; +}; + +static struct smb_exit_list_ent *smb_exit_event_list = NULL; + +smb_event_id_t smb_register_exit_event(smb_exit_event_fn *fn, void *data) { - if (!exit_event) { - return NT_STATUS_INVALID_PARAMETER; + struct smb_exit_list_ent *event; + static smb_event_id_t smb_exit_event_id = 1; + + if (!fn) { + return SMB_EVENT_ID_INVALID; } - DLIST_ADD(smb_exit_event_list,exit_event); + event = (struct smb_exit_list_ent *)malloc(sizeof(struct smb_exit_list_ent)); + if (!event) { + DEBUG(0,("malloc() failed!\n")); + return SMB_EVENT_ID_INVALID; + } + event->fn = fn; + event->data = data; + event->id = smb_exit_event_id++; - return NT_STATUS_OK; + DLIST_ADD(smb_exit_event_list,event); + + return event->id; } -NTSTATUS smb_unregister_exit_event(smb_exit_event_struct *exit_event) +BOOL smb_unregister_exit_event(smb_event_id_t id) { - if (!exit_event) { - return NT_STATUS_INVALID_PARAMETER; + struct smb_exit_list_ent *event = smb_exit_event_list; + + while(event) { + if (event->id == id) { + DLIST_REMOVE(smb_exit_event_list,event); + SAFE_FREE(event); + return True; + } + event = event->next; } - - DLIST_REMOVE(smb_exit_event_list,exit_event); - - return NT_STATUS_OK; + + return False; } void smb_run_exit_events(void) { - smb_exit_event_struct *tmp_event = smb_exit_event_list; - - while (tmp_event) { - if (tmp_event->fn) { - tmp_event->fn(&tmp_event); - } - tmp_event = tmp_event->next; + struct smb_exit_list_ent *event = smb_exit_event_list; + struct smb_exit_list_ent *tmp = NULL; + + while (event) { + event->fn(&event->data); + tmp = event; + event = event->next; + /* exit event should only run one time :-)*/ + SAFE_FREE(tmp); } - /* run exit_events only once */ + /* the list is empty now...*/ smb_exit_event_list = NULL; return; } - -- cgit From 62e1bafe1c5a85eab4f80b6343e7c80dfa80fbf4 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 29 May 2003 15:39:53 +0000 Subject: Don't crash when doing command name completion. Fixes debian bug #194776 (This used to be commit 45b0a63aba1c974e5e38f8f95bc158bc30a05a3b) --- source3/client/client.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/client/client.c b/source3/client/client.c index 690cc99f7f..918b435b2d 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -2328,9 +2328,11 @@ static char **completion_fn(const char *text, int start, int end) if (sp == NULL) return NULL; - for (i = 0; commands[i].name; i++) + for (i = 0; commands[i].description; i++) { if ((strncmp(commands[i].name, text, sp - buf) == 0) && (commands[i].name[sp - buf] == 0)) break; + } + if (commands[i].name == NULL) return NULL; -- cgit From f6b7bb44a61583a4743767d7ea5e3de5127e0176 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 29 May 2003 22:01:38 +0000 Subject: Setting account policy values is done using -C, not -V. Fixes bug #120 (This used to be commit fd16d4797881372fe0dc7b87a23c58efdef84fbd) --- source3/utils/pdbedit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c index 9a45049bc5..d540bf42de 100644 --- a/source3/utils/pdbedit.c +++ b/source3/utils/pdbedit.c @@ -590,7 +590,7 @@ int main (int argc, char **argv) while((opt = poptGetNextOpt(pc)) != -1) { switch (opt) { - case 'V': + case 'C': account_policy_value_set = True; break; } -- cgit From 371e80b4a408ba8ef9563b0b6a7266224f73a2d1 Mon Sep 17 00:00:00 2001 From: Richard Sharpe Date: Mon, 2 Jun 2003 04:48:56 +0000 Subject: Some fixes for editreg.c, although I see that head seems broken ... (This used to be commit b049c2f66f2bc7d8beb52c9a88c48b297738336b) --- source3/utils/editreg.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3') diff --git a/source3/utils/editreg.c b/source3/utils/editreg.c index 92a39c39e2..27e3f7398c 100644 --- a/source3/utils/editreg.c +++ b/source3/utils/editreg.c @@ -1173,7 +1173,7 @@ VAL_KEY *nt_delete_reg_value(REG_KEY *key, char *name) * Convert a string of the form S-1-5-x[-y-z-r] to a SID */ static -int string_to_sid(DOM_SID **sid, const char *sid_str) +int sid_string_to_sid(DOM_SID **sid, const char *sid_str) { int i = 0, auth; const char *lstr; @@ -1226,7 +1226,7 @@ ACE *nt_create_ace(int type, int flags, unsigned int perms, const char *sid) ace->type = type; ace->flags = flags; ace->perms = perms; - if (!string_to_sid(&ace->trustee, sid)) + if (!sid_string_to_sid(&ace->trustee, sid)) goto error; return ace; @@ -1287,8 +1287,8 @@ SEC_DESC *nt_create_def_sec_desc(REGF *regf) tmp->rev = 1; tmp->type = 0x8004; - if (!string_to_sid(&tmp->owner, "S-1-5-32-544")) goto error; - if (!string_to_sid(&tmp->group, "S-1-5-18")) goto error; + if (!sid_string_to_sid(&tmp->owner, "S-1-5-32-544")) goto error; + if (!sid_string_to_sid(&tmp->group, "S-1-5-18")) goto error; tmp->sacl = NULL; tmp->dacl = nt_create_default_acl(regf); @@ -3987,7 +3987,7 @@ int main(int argc, char *argv[]) case 'O': def_owner_sid_str = strdup(optarg); regf_opt += 2; - if (!string_to_sid(&lsid, def_owner_sid_str)) { + if (!sid_string_to_sid(&lsid, def_owner_sid_str)) { fprintf(stderr, "Default Owner SID: %s is incorrectly formatted\n", def_owner_sid_str); free(&def_owner_sid_str[0]); -- cgit From 989c2a374e58a05f680db67523c7adf38c3d0246 Mon Sep 17 00:00:00 2001 From: Richard Sharpe Date: Mon, 2 Jun 2003 06:12:54 +0000 Subject: More changes to editreg to make it less tetchy. (This used to be commit 30e1431e937325da414493bf0a6d4281b9c1501f) --- source3/utils/editreg.c | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) (limited to 'source3') diff --git a/source3/utils/editreg.c b/source3/utils/editreg.c index 27e3f7398c..54148fdcf8 100644 --- a/source3/utils/editreg.c +++ b/source3/utils/editreg.c @@ -412,16 +412,16 @@ typedef struct val_list_s { #define MAXSUBAUTHS 15 #endif -typedef struct dom_sid_s { +typedef struct sid_s { unsigned char ver, auths; unsigned char auth[6]; unsigned int sub_auths[MAXSUBAUTHS]; -} DOM_SID; +} sid_t; typedef struct ace_struct_s { unsigned char type, flags; unsigned int perms; /* Perhaps a better def is in order */ - DOM_SID *trustee; + sid_t *trustee; } ACE; typedef struct acl_struct_s { @@ -432,7 +432,7 @@ typedef struct acl_struct_s { typedef struct sec_desc_s { unsigned int rev, type; - DOM_SID *owner, *group; + sid_t *owner, *group; ACL *sacl, *dacl; } SEC_DESC; @@ -537,7 +537,7 @@ typedef struct ace_struct { unsigned char flags; unsigned short length; unsigned int perms; - DOM_SID trustee; + sid_t trustee; } REG_ACE; typedef struct acl_struct { @@ -904,7 +904,7 @@ int nt_delete_key_by_name(REGF *regf, char *name) } static -int nt_delete_sid(DOM_SID *sid) +int nt_delete_sid(sid_t *sid) { if (sid) free(sid); @@ -1173,15 +1173,15 @@ VAL_KEY *nt_delete_reg_value(REG_KEY *key, char *name) * Convert a string of the form S-1-5-x[-y-z-r] to a SID */ static -int sid_string_to_sid(DOM_SID **sid, const char *sid_str) +int sid_string_to_sid(sid_t **sid, const char *sid_str) { int i = 0, auth; const char *lstr; - *sid = (DOM_SID *)malloc(sizeof(DOM_SID)); + *sid = (sid_t *)malloc(sizeof(sid_t)); if (!*sid) return 0; - bzero(*sid, sizeof(DOM_SID)); + bzero(*sid, sizeof(sid_t)); if (strncmp(sid_str, "S-1-5", 5)) { fprintf(stderr, "Does not conform to S-1-5...: %s\n", sid_str); @@ -1829,9 +1829,9 @@ KEY_SEC_DESC *lookup_create_sec_key(REGF *regf, SK_MAP *sk_map, int sk_off) * We could allocate the SID to be only the size needed, but I am too lazy. */ static -DOM_SID *dup_sid(DOM_SID *sid) +sid_t *dup_sid(sid_t *sid) { - DOM_SID *tmp = (DOM_SID *)malloc(sizeof(DOM_SID)); + sid_t *tmp = (sid_t *)malloc(sizeof(sid_t)); int i; if (!tmp) return NULL; @@ -1916,12 +1916,12 @@ SEC_DESC *process_sec_desc(REGF *regf, REG_SEC_DESC *sec_desc) IVAL(&sec_desc->group_off)); if (verbose) fprintf(stdout, "SEC_DESC DACL Off: %0X\n", IVAL(&sec_desc->dacl_off)); - tmp->owner = dup_sid((DOM_SID *)((char *)sec_desc + IVAL(&sec_desc->owner_off))); + tmp->owner = dup_sid((sid_t *)((char *)sec_desc + IVAL(&sec_desc->owner_off))); if (!tmp->owner) { free(tmp); return NULL; } - tmp->group = dup_sid((DOM_SID *)((char *)sec_desc + IVAL(&sec_desc->group_off))); + tmp->group = dup_sid((sid_t *)((char *)sec_desc + IVAL(&sec_desc->group_off))); if (!tmp->group) { free(tmp); return NULL; @@ -2618,7 +2618,7 @@ void *nt_alloc_regf_space(REGF *regf, int size, unsigned int *off) * Compute the size of a SID stored ... */ static -unsigned int sid_size(DOM_SID *sid) +unsigned int sid_size(sid_t *sid) { unsigned int size; @@ -2686,7 +2686,7 @@ unsigned int sec_desc_size(SEC_DESC *sd) * Store a SID at the location provided */ static -int nt_store_SID(REGF *regf, DOM_SID *sid, unsigned char *locn) +int nt_store_SID(REGF *regf, sid_t *sid, unsigned char *locn) { int i; unsigned char *p = locn; @@ -3864,7 +3864,7 @@ void print_perms(int perms) } static -void print_sid(DOM_SID *sid) +void print_sid(sid_t *sid) { int i, comps = sid->auths; fprintf(stdout, "S-%u-%u", sid->ver, sid->auth[5]); @@ -3955,7 +3955,7 @@ int main(int argc, char *argv[]) char *cmd_file_name = NULL; char *out_file_name = NULL; CMD_FILE *cmd_file = NULL; - DOM_SID *lsid; + sid_t *lsid; if (argc < 2) { usage(); -- cgit From e1e363e4e90237c638e5adea3bb3493a35a61268 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 3 Jun 2003 16:19:31 +0000 Subject: * set winbind cache time to 5 minutes * quit obsessing over the sequence number so much * share the updated sequence number between parent and child winbindd processes in dual mode (This used to be commit 6fb5bdb30e2b1341ba600ce0dfd397394f7a831c) --- source3/nsswitch/winbindd_cache.c | 96 +++++++++++++++++++++++++++++++++---- source3/nsswitch/winbindd_group.c | 7 +-- source3/nsswitch/winbindd_util.c | 10 ++-- source3/param/loadparm.c | 2 +- source3/rpc_parse/parse_lsa.c | 2 +- source3/rpc_server/srv_spoolss_nt.c | 1 + 6 files changed, 98 insertions(+), 20 deletions(-) (limited to 'source3') diff --git a/source3/nsswitch/winbindd_cache.c b/source3/nsswitch/winbindd_cache.c index 27e168b6f9..f3dc1263b9 100644 --- a/source3/nsswitch/winbindd_cache.c +++ b/source3/nsswitch/winbindd_cache.c @@ -221,15 +221,77 @@ static BOOL wcache_server_down(struct winbindd_domain *domain) return (domain->sequence_number == DOM_SEQUENCE_NONE); } +static NTSTATUS fetch_cache_seqnum( struct winbindd_domain *domain, time_t now ) +{ + TDB_DATA data; + fstring key; + uint32 time_diff; + + if (!wcache->tdb) + return NT_STATUS_UNSUCCESSFUL; + + snprintf( key, sizeof(key), "SEQNUM/%s", domain->name ); + + data = tdb_fetch_by_string( wcache->tdb, key ); + if ( !data.dptr || data.dsize!=8 ) + return NT_STATUS_UNSUCCESSFUL; + + domain->sequence_number = IVAL(data.dptr, 0); + domain->last_seq_check = IVAL(data.dptr, 4); + + /* have we expired? */ + + time_diff = now - domain->last_seq_check; + if ( time_diff > lp_winbind_cache_time() ) + return NT_STATUS_UNSUCCESSFUL; + + DEBUG(10,("fetch_cache_seqnum: success [%s][%u @ %u]\n", + domain->name, domain->sequence_number, + (uint32)domain->last_seq_check)); + + return NT_STATUS_OK; +} + +static NTSTATUS store_cache_seqnum( struct winbindd_domain *domain ) +{ + TDB_DATA data, key; + fstring key_str; + char buf[8]; + + if (!wcache->tdb) + return NT_STATUS_UNSUCCESSFUL; + + snprintf( key_str, sizeof(key_str), "SEQNUM/%s", domain->name ); + key.dptr = key_str; + key.dsize = strlen(key_str)+1; + + SIVAL(buf, 0, domain->sequence_number); + SIVAL(buf, 4, domain->last_seq_check); + data.dptr = buf; + data.dsize = 8; + + if ( tdb_store( wcache->tdb, key, data, TDB_REPLACE) == -1 ) + return NT_STATUS_UNSUCCESSFUL; + + DEBUG(10,("store_cache_seqnum: success [%s][%u @ %u]\n", + domain->name, domain->sequence_number, + (uint32)domain->last_seq_check)); + + return NT_STATUS_OK; +} + + /* refresh the domain sequence number. If force is True then always refresh it, no matter how recently we fetched it */ + static void refresh_sequence_number(struct winbindd_domain *domain, BOOL force) { NTSTATUS status; unsigned time_diff; + time_t t = time(NULL); unsigned cache_time = lp_winbind_cache_time(); /* trying to reconnect is expensive, don't do it too often */ @@ -237,20 +299,36 @@ static void refresh_sequence_number(struct winbindd_domain *domain, BOOL force) cache_time *= 8; } - time_diff = time(NULL) - domain->last_seq_check; + time_diff = t - domain->last_seq_check; /* see if we have to refetch the domain sequence number */ if (!force && (time_diff < cache_time)) { return; } + + /* try to get the sequence number from the tdb cache first */ + /* this will update the timestamp as well */ + + status = fetch_cache_seqnum( domain, t ); + if ( NT_STATUS_IS_OK(status) ) + goto done; status = wcache->backend->sequence_number(domain, &domain->sequence_number); if (!NT_STATUS_IS_OK(status)) { domain->sequence_number = DOM_SEQUENCE_NONE; } - + domain->last_seq_check = time(NULL); + + /* save the new sequence number ni the cache */ + store_cache_seqnum( domain ); + +done: + DEBUG(10, ("refresh_sequence_number: seq number is now %d\n", + domain->sequence_number)); + + return; } /* @@ -540,7 +618,7 @@ do_query: status = cache->backend->query_user_list(domain, mem_ctx, num_entries, info); /* and save it */ - refresh_sequence_number(domain, True); + refresh_sequence_number(domain, False); centry = centry_start(domain, status); if (!centry) goto skip_save; centry_put_uint32(centry, *num_entries); @@ -613,7 +691,7 @@ do_query: status = cache->backend->enum_dom_groups(domain, mem_ctx, num_entries, info); /* and save it */ - refresh_sequence_number(domain, True); + refresh_sequence_number(domain, False); centry = centry_start(domain, status); if (!centry) goto skip_save; centry_put_uint32(centry, *num_entries); @@ -684,7 +762,7 @@ do_query: status = cache->backend->enum_local_groups(domain, mem_ctx, num_entries, info); /* and save it */ - refresh_sequence_number(domain, True); + refresh_sequence_number(domain, False); centry = centry_start(domain, status); if (!centry) goto skip_save; centry_put_uint32(centry, *num_entries); @@ -782,7 +860,7 @@ do_query: status = cache->backend->sid_to_name(domain, mem_ctx, sid, name, type); /* and save it */ - refresh_sequence_number(domain, True); + refresh_sequence_number(domain, False); wcache_save_sid_to_name(domain, status, sid, *name, *type); wcache_save_name_to_sid(domain, status, *name, sid, *type); @@ -824,7 +902,7 @@ do_query: status = cache->backend->query_user(domain, mem_ctx, user_sid, info); /* and save it */ - refresh_sequence_number(domain, True); + refresh_sequence_number(domain, False); wcache_save_user(domain, status, info); return status; @@ -873,7 +951,7 @@ do_query: status = cache->backend->lookup_usergroups(domain, mem_ctx, user_sid, num_groups, user_gids); /* and save it */ - refresh_sequence_number(domain, True); + refresh_sequence_number(domain, False); centry = centry_start(domain, status); if (!centry) goto skip_save; centry_put_uint32(centry, *num_groups); @@ -942,7 +1020,7 @@ do_query: sid_mem, names, name_types); /* and save it */ - refresh_sequence_number(domain, True); + refresh_sequence_number(domain, False); centry = centry_start(domain, status); if (!centry) goto skip_save; centry_put_uint32(centry, *num_names); diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index 14ebb78466..94b6326b90 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -450,10 +450,11 @@ static BOOL get_sam_group_entries(struct getent_state *ent) ent->num_sam_entries = num_entries; - /* get the domain local groups if we are a member of - a native win2k domain */ + /* get the domain local groups if we are a member of a native win2k domain */ - if ( domain->native_mode && domain->methods->enum_local_groups ) + if ( domain->native_mode + && domain->methods->enum_local_groups + && strequal(lp_workgroup(), domain->name) ) { DEBUG(4,("get_sam_group_entries: Native Mode 2k domain; enumerating local groups as well\n")); diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index ac0b317b42..84f5d19568 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -124,13 +124,11 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const sid_copy(&domain->sid, sid); } - /* see if this is a native mode win2k domain, but only for our own domain */ + /* see if this is a native mode win2k domain */ - if ( strequal( lp_workgroup(), domain_name) ) { - domain->native_mode = cm_check_for_native_mode_win2k( domain_name ); - DEBUG(3,("add_trusted_domain: %s is a %s mode domain\n", domain_name, - domain->native_mode ? "native" : "mixed" )); - } + domain->native_mode = cm_check_for_native_mode_win2k( domain_name ); + DEBUG(3,("add_trusted_domain: %s is a %s mode domain\n", domain_name, + domain->native_mode ? "native" : "mixed (or NT4)" )); /* Link to domain list */ DLIST_ADD(_domain_list, domain); diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 51a1b028a4..3925a569ca 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -1459,7 +1459,7 @@ static void init_globals(void) string_set(&Globals.szWinbindSeparator, "\\"); string_set(&Globals.szAclCompat, ""); - Globals.winbind_cache_time = 15; + Globals.winbind_cache_time = 600; /* 5 minutes */ Globals.bWinbindEnumUsers = True; Globals.bWinbindEnumGroups = True; Globals.bWinbindUseDefaultDomain = False; diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c index fc9999dc4d..7ff2aa7d01 100644 --- a/source3/rpc_parse/parse_lsa.c +++ b/source3/rpc_parse/parse_lsa.c @@ -922,7 +922,7 @@ void init_q_lookup_sids(TALLOC_CTX *mem_ctx, LSA_Q_LOOKUP_SIDS *q_l, POLICY_HND *hnd, int num_sids, DOM_SID *sids, uint16 level) { - DEBUG(5, ("init_r_enum_trust_dom\n")); + DEBUG(5, ("init_q_lookup_sids\n")); ZERO_STRUCTP(q_l); diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 51cfacf86a..24459a26f0 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -1778,6 +1778,7 @@ Can't find printer handle we created for printer %s\n", name )); if ( (printer_default->access_required == PRINTER_ACCESS_ADMINISTER) && (RA_WIN2K == get_remote_arch()) ) { + DEBUG(10,("_spoolss_open_printer_ex: Enabling LAN/WAN hack for Win2k clients.\n")); usleep( 500000 ); } -- cgit From 9a4b030e2cca0d12281444b284c17cc534357e4b Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 3 Jun 2003 18:19:59 +0000 Subject: initial version of idmap_ldap.c; lots of updates to come (This used to be commit 69c84ad06b759da2246b3c00155a43e90f45a7f6) --- source3/sam/idmap_ldap.c | 838 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 838 insertions(+) create mode 100644 source3/sam/idmap_ldap.c (limited to 'source3') diff --git a/source3/sam/idmap_ldap.c b/source3/sam/idmap_ldap.c new file mode 100644 index 0000000000..33cf5fb030 --- /dev/null +++ b/source3/sam/idmap_ldap.c @@ -0,0 +1,838 @@ +/* + Unix SMB/CIFS implementation. + + idmap LDAP backend + + Copyright (C) Tim Potter 2000 + Copyright (C) Anthony Liguori 2003 + Copyright (C) Simo Sorce 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_IDMAP + + +#include +#include + +struct ldap_idmap_state { + LDAP *ldap_struct; + time_t last_ping; + const char *uri; + char *bind_dn; + char *bind_secret; + unsigned int num_failures; + struct ldap_idmap_state *prev, *next; +}; + +#define LDAP_IDMAP_DONT_PING_TIME 10 /* ping only all 10 seconds */ +#define LDAP_MAX_ALLOC_ID 128 /* number tries while allocating + new id */ + +static struct ldap_idmap_state ldap_state; + +static int ldap_idmap_connect_system(struct ldap_idmap_state *state); +static NTSTATUS ldap_set_mapping(const DOM_SID *sid, unid_t id, int id_type); +static NTSTATUS ldap_idmap_close(void); + + +/******************************************************************* + find the ldap password +******************************************************************/ +static BOOL fetch_ldapsam_pw(char **dn, char** pw) +{ + char *key = NULL; + size_t size; + + *dn = smb_xstrdup(lp_ldap_admin_dn()); + + if (asprintf(&key, "%s/%s", SECRETS_LDAP_BIND_PW, *dn) < 0) { + SAFE_FREE(*dn); + DEBUG(0, ("fetch_ldapsam_pw: asprintf failed!\n")); + } + + *pw=secrets_fetch(key, &size); + SAFE_FREE(key); + + if (!size) { + /* Upgrade 2.2 style entry */ + char *p; + char* old_style_key = strdup(*dn); + char *data; + fstring old_style_pw; + + if (!old_style_key) { + DEBUG(0, ("fetch_ldapsam_pw: strdup failed!\n")); + return False; + } + + for (p=old_style_key; *p; p++) + if (*p == ',') *p = '/'; + + data=secrets_fetch(old_style_key, &size); + if (!size && size < sizeof(old_style_pw)) { + DEBUG(0,("fetch_ldap_pw: neither ldap secret retrieved!\n")); + SAFE_FREE(old_style_key); + SAFE_FREE(*dn); + return False; + } + + strncpy(old_style_pw, data, size); + old_style_pw[size] = 0; + + SAFE_FREE(data); + + if (!secrets_store_ldap_pw(*dn, old_style_pw)) { + DEBUG(0,("fetch_ldap_pw: ldap secret could not be upgraded!\n")); + SAFE_FREE(old_style_key); + SAFE_FREE(*dn); + return False; + } + if (!secrets_delete(old_style_key)) { + DEBUG(0,("fetch_ldap_pw: old ldap secret could not be deleted!\n")); + } + + SAFE_FREE(old_style_key); + + *pw = smb_xstrdup(old_style_pw); + } + + return True; +} + +/******************************************************************* + open a connection to the ldap server. +******************************************************************/ +static int ldap_idmap_open_connection(struct ldap_idmap_state *state) +{ + int rc = LDAP_SUCCESS; + int version; + BOOL ldap_v3 = False; + +#ifdef HAVE_LDAP_INITIALIZE + DEBUG(10, ("ldap_idmap_open_connection: %s\n", state->uri)); + + if ((rc = ldap_initialize(&state->ldap_struct, state->uri)) + != LDAP_SUCCESS) { + DEBUG(0, ("ldap_initialize: %s\n", ldap_err2string(rc))); + return rc; + } +#else + /* Parse the string manually */ + { + int port = 0; + fstring protocol; + fstring host; + const char *p = state->uri; + SMB_ASSERT(sizeof(protocol)>10 && sizeof(host)>254); + + /* skip leading "URL:" (if any) */ + if ( strncasecmp( p, "URL:", 4 ) == 0 ) { + p += 4; + } + + sscanf(p, "%10[^:]://%254s[^:]:%d", protocol, host, &port); + + if (port == 0) { + if (strequal(protocol, "ldap")) { + port = LDAP_PORT; + } else if (strequal(protocol, "ldaps")) { + port = LDAPS_PORT; + } else { + DEBUG(0, ("unrecognised protocol (%s)!\n", + protocol)); + } + } + + if ((state->ldap_struct = ldap_init(host, port)) == NULL) { + DEBUG(0, ("ldap_init failed !\n")); + return LDAP_OPERATIONS_ERROR; + } + + if (strequal(protocol, "ldaps")) { +#ifdef LDAP_OPT_X_TLS + int tls = LDAP_OPT_X_TLS_HARD; + if (ldap_set_option (state->ldap_struct, + LDAP_OPT_X_TLS, &tls) != + LDAP_SUCCESS) + { + DEBUG(0, ("Failed to setup a TLS session\n")); + } + + DEBUG(3,("LDAPS option set...!\n")); +#else + DEBUG(0,("ldap_idmap_open_connection: Secure " + "connection not supported by LDAP client " + "libraries!\n")); + return LDAP_OPERATIONS_ERROR; +#endif + } + } +#endif + + if (ldap_get_option(state->ldap_struct, LDAP_OPT_PROTOCOL_VERSION, + &version) == LDAP_OPT_SUCCESS) { + if (version != LDAP_VERSION3) { + version = LDAP_VERSION3; + if (ldap_set_option(state->ldap_struct, + LDAP_OPT_PROTOCOL_VERSION, + &version) == LDAP_OPT_SUCCESS) { + ldap_v3 = True; + } + } else { + ldap_v3 = True; + } + } + + if (lp_ldap_ssl() == LDAP_SSL_START_TLS) { +#ifdef LDAP_OPT_X_TLS + if (ldap_v3) { + if ((rc = ldap_start_tls_s(state->ldap_struct, NULL, + NULL)) != LDAP_SUCCESS) { + DEBUG(0,("Failed to issue the StartTLS " + "instruction: %s\n", + ldap_err2string(rc))); + return rc; + } + DEBUG (3, ("StartTLS issued: using a TLS " + "connection\n")); + } else { + + DEBUG(0, ("Need LDAPv3 for Start TLS\n")); + return LDAP_OPERATIONS_ERROR; + } +#else + DEBUG(0,("ldap_idmap_open_connection: StartTLS not supported by " + "LDAP client libraries!\n")); + return LDAP_OPERATIONS_ERROR; +#endif + } + + DEBUG(2, ("ldap_idmap_open_connection: connection opened\n")); + return rc; +} + +/********************************************************************** +Connect to LDAP server +*********************************************************************/ +static int ldap_idmap_open(struct ldap_idmap_state *state) +{ + int rc; + SMB_ASSERT(state); + +#ifndef NO_LDAP_SECURITY + if (geteuid() != 0) { + DEBUG(0, + ("ldap_idmap_open: cannot access LDAP when not root\n")); + return LDAP_INSUFFICIENT_ACCESS; + } +#endif + + if ((state->ldap_struct != NULL) && + ((state->last_ping + LDAP_IDMAP_DONT_PING_TIME)ldap_struct, LDAP_OPT_DESC, &sd)&& + getpeername(sd, (struct sockaddr *) &addr, &len) < 0) { + /* the other end has died. reopen. */ + ldap_unbind_ext(state->ldap_struct, NULL, NULL); + state->ldap_struct = NULL; + state->last_ping = (time_t)0; + } else { + state->last_ping = time(NULL); + } + } + + if (state->ldap_struct != NULL) { + DEBUG(5,("ldap_idmap_open: already connected to the LDAP " + "server\n")); + return LDAP_SUCCESS; + } + + if ((rc = ldap_idmap_open_connection(state))) { + return rc; + } + + if ((rc = ldap_idmap_connect_system(state))) { + ldap_unbind_ext(state->ldap_struct, NULL, NULL); + state->ldap_struct = NULL; + return rc; + } + + + state->last_ping = time(NULL); + DEBUG(4,("The LDAP server is succesful connected\n")); + + return LDAP_SUCCESS; +} + +static int ldap_idmap_retry_open(struct ldap_idmap_state *state, int *attempts) +{ + int rc; + + SMB_ASSERT(state && attempts); + + if (*attempts != 0) { + unsigned int sleep_time; + uint8 rand_byte = 128; /* a reasonable place to start */ + + generate_random_buffer(&rand_byte, 1, False); + + sleep_time = (((*attempts)*(*attempts))/2)*rand_byte*2; + /* we retry after (0.5, 1, 2, 3, 4.5, 6) seconds + on average. + */ + DEBUG(3, ("Sleeping for %u milliseconds before reconnecting\n", + sleep_time)); + msleep(sleep_time); + } + (*attempts)++; + + if ((rc = ldap_idmap_open(state))) { + DEBUG(1,("Connection to LDAP Server failed for the %d try!\n", + *attempts)); + return rc; + } + + return LDAP_SUCCESS; +} + +/******************************************************************* + a rebind function for authenticated referrals + This version takes a void* that we can shove useful stuff in :-) +******************************************************************/ +#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) +#else +static int rebindproc_with_state (LDAP * ld, char **whop, char **credp, + int *methodp, int freeit, void *arg) +{ + struct ldap_idmap_state *state = arg; + + /** @TODO Should we be doing something to check what servers we rebind + to? Could we get a referral to a machine that we don't want to + give our username and password to? */ + + if (freeit) { + SAFE_FREE(*whop); + memset(*credp, '\0', strlen(*credp)); + SAFE_FREE(*credp); + } else { + DEBUG(5,("rebind_proc_with_state: Rebinding as \"%s\"\n", + state->bind_dn)); + + *whop = strdup(state->bind_dn); + if (!*whop) { + return LDAP_NO_MEMORY; + } + *credp = strdup(state->bind_secret); + if (!*credp) { + SAFE_FREE(*whop); + return LDAP_NO_MEMORY; + } + *methodp = LDAP_AUTH_SIMPLE; + } + return 0; +} +#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ + +/******************************************************************* + a rebind function for authenticated referrals + This version takes a void* that we can shove useful stuff in :-) + and actually does the connection. +******************************************************************/ +#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) +static int rebindproc_connect_with_state (LDAP *ldap_struct, + LDAP_CONST char *url, + ber_tag_t request, + ber_int_t msgid, void *arg) +{ + struct ldap_idmap_state *state = arg; + int rc; + DEBUG(5,("rebindproc_connect_with_state: Rebinding as \"%s\"\n", + state->bind_dn)); + + /** @TODO Should we be doing something to check what servers we rebind + to? Could we get a referral to a machine that we don't want to + give our username and password to? */ + + rc = ldap_simple_bind_s(ldap_struct, state->bind_dn, + state->bind_secret); + + return rc; +} +#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ + +/******************************************************************* + Add a rebind function for authenticated referrals +******************************************************************/ +#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) +#else +# if LDAP_SET_REBIND_PROC_ARGS == 2 +static int rebindproc (LDAP *ldap_struct, char **whop, char **credp, + int *method, int freeit ) +{ + return rebindproc_with_state(ldap_struct, whop, credp, + method, freeit, &ldap_state); + +} +# endif /*LDAP_SET_REBIND_PROC_ARGS == 2*/ +#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ + +/******************************************************************* + a rebind function for authenticated referrals + this also does the connection, but no void*. +******************************************************************/ +#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) +# if LDAP_SET_REBIND_PROC_ARGS == 2 +static int rebindproc_connect (LDAP * ld, LDAP_CONST char *url, int request, + ber_int_t msgid) +{ + return rebindproc_connect_with_state(ld, url, (ber_tag_t)request, + msgid, &ldap_state); +} +# endif /*LDAP_SET_REBIND_PROC_ARGS == 2*/ +#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ + +/******************************************************************* + connect to the ldap server under system privilege. +******************************************************************/ +static int ldap_idmap_connect_system(struct ldap_idmap_state *state) +{ + int rc; + char *ldap_dn; + char *ldap_secret; + + /* get the password */ + if (!fetch_ldapsam_pw(&ldap_dn, &ldap_secret)) + { + DEBUG(0, ("ldap_idmap_connect_system: Failed to retrieve " + "password from secrets.tdb\n")); + return LDAP_INVALID_CREDENTIALS; + } + + state->bind_dn = ldap_dn; + state->bind_secret = ldap_secret; + + /* removed the sasl_bind_s "EXTERNAL" stuff, as my testsuite + (OpenLDAP) doesnt' seem to support it */ + + DEBUG(10,("ldap_idmap_connect_system: Binding to ldap server %s as " + "\"%s\"\n", state->uri, ldap_dn)); + +#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) +# if LDAP_SET_REBIND_PROC_ARGS == 2 + ldap_set_rebind_proc(state->ldap_struct, &rebindproc_connect); +# endif +# if LDAP_SET_REBIND_PROC_ARGS == 3 + ldap_set_rebind_proc(state->ldap_struct, + &rebindproc_connect_with_state, (void *)state); +# endif +#else /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ +# if LDAP_SET_REBIND_PROC_ARGS == 2 + ldap_set_rebind_proc(state->ldap_struct, &rebindproc); +# endif +# if LDAP_SET_REBIND_PROC_ARGS == 3 + ldap_set_rebind_proc(state->ldap_struct, &rebindproc_with_state, + (void *)state); +# endif +#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ + + rc = ldap_simple_bind_s(state->ldap_struct, ldap_dn, ldap_secret); + + if (rc != LDAP_SUCCESS) { + char *ld_error = NULL; + ldap_get_option(state->ldap_struct, LDAP_OPT_ERROR_STRING, + &ld_error); + DEBUG(state->num_failures ? 2 : 0, + ("failed to bind to server with dn= %s Error: " + "%s\n\t%s\n", + ldap_dn ? ld_error : "(unknown)", + ldap_err2string(rc), ld_error)); + SAFE_FREE(ld_error); + state->num_failures++; + return rc; + } + + state->num_failures = 0; + + DEBUG(3, ("ldap_idmap_connect_system: succesful connection to the " + "LDAP server\n")); + return rc; +} + +static int ldap_idmap_search(struct ldap_idmap_state *state, + const char *base, int scope, const char *filter, + const char *attrs[], int attrsonly, + LDAPMessage **res) +{ + int rc = LDAP_SERVER_DOWN; + int attempts = 0; + char *utf8_filter; + + SMB_ASSERT(state); + + if (push_utf8_allocate(&utf8_filter, filter) == (size_t)-1) { + return LDAP_NO_MEMORY; + } + + while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) { + if ((rc = ldap_idmap_retry_open(state, &attempts)) != + LDAP_SUCCESS) continue; + + rc = ldap_search_s(state->ldap_struct, base, scope, + utf8_filter, (char**)attrs, attrsonly, res); + } + + if (rc == LDAP_SERVER_DOWN) { + DEBUG(0,("ldap_idmap_search: LDAP server is down!\n")); + ldap_idmap_close(); + } + + SAFE_FREE(utf8_filter); + return rc; +} + +/******************************************************************* +search an attribute and return the first value found. +******************************************************************/ +static BOOL ldap_idmap_attribute (struct ldap_idmap_state *state, + LDAPMessage * entry, + const char *attribute, pstring value) +{ + char **values; + value[0] = '\0'; + + if ((values = ldap_get_values (state->ldap_struct, entry, attribute)) + == NULL) { + DEBUG(10,("get_single_attribute: [%s] = []\n", + attribute)); + return False; + } + if (convert_string(CH_UTF8, CH_UNIX, + values[0], -1, + value, sizeof(pstring)) == (size_t)-1) + { + DEBUG(1, ("ldap_idmap_attribute: string conversion of [%s] = " + "[%s] failed!\n", attribute, values[0])); + ldap_value_free(values); + return False; + } + ldap_value_free(values); + + return True; +} + +static const char *attrs[] = {"objectClass", "uidNumber", "gidNumber", + "ntSid", NULL}; +static const char *pool_attr[] = {"uidNumber", "gidNumber", NULL}; + +static NTSTATUS ldap_allocate_id(unid_t *id, int id_type) +{ + NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + int rc = LDAP_SERVER_DOWN; + int count = 0; + LDAPMessage *result = 0; + LDAPMessage *entry = 0; + pstring id_str, new_id_str; + LDAPMod mod[2]; + LDAPMod *mods[3]; + const char *type = (id_type & ID_USERID) ? "uidNumber" : "gidNumber"; + char *val[4]; + char *dn; + + rc = ldap_idmap_search(&ldap_state, lp_ldap_suffix(), + LDAP_SCOPE_SUBTREE, "(objectClass=unixIdPool)", + pool_attr, 0, &result); + if (rc != LDAP_SUCCESS) { + DEBUG(0,("ldap_allocate_id: unixIdPool object not found\n")); + goto out; + } + + count = ldap_count_entries(ldap_state.ldap_struct, result); + if (count != 1) { + DEBUG(0,("ldap_allocate_id: single unixIdPool not found\n")); + goto out; + } + + dn = ldap_get_dn(ldap_state.ldap_struct, result); + entry = ldap_first_entry(ldap_state.ldap_struct, result); + + if (!ldap_idmap_attribute(&ldap_state, entry, type, id_str)) { + DEBUG(0,("ldap_allocate_id: %s attribute not found\n", + type)); + goto out; + } + if (id_type & ID_USERID) { + id->uid = strtoul(id_str, NULL, 10); + } else { + id->gid = strtoul(id_str, NULL, 10); + } + + mod[0].mod_op = LDAP_MOD_DELETE; + mod[0].mod_type = strdup(type); + val[0] = id_str; val[1] = NULL; + mod[0].mod_values = val; + + pstr_sprintf(new_id_str, "%ud", + ((id_type & ID_USERID) ? id->uid : id->gid) + 1); + mod[1].mod_op = LDAP_MOD_ADD; + mod[1].mod_type = strdup(type); + val[3] = new_id_str; val[4] = NULL; + mod[1].mod_values = val + 2; + + mods[0] = mod; mods[1] = mod + 1; mods[2] = NULL; + rc = ldap_modify_s(ldap_state.ldap_struct, dn, mods); + ldap_memfree(dn); + + if (rc == LDAP_SUCCESS) ret = NT_STATUS_OK; +out: + return ret; +} + +/* Get a sid from an id */ +static NTSTATUS ldap_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type) +{ + LDAPMessage *result = 0; + LDAPMessage *entry = 0; + pstring sid_str; + pstring filter; + char type = (id_type & ID_USERID) ? 'u' : 'g'; + int rc; + int count; + NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + + pstr_sprintf(filter, "(&(%cidNumber=%ud)(objectClass=sambaAccount))", + type, ((id_type & ID_USERID) ? id.uid : id.gid)); + rc = ldap_idmap_search(&ldap_state, lp_ldap_suffix(), + LDAP_SCOPE_SUBTREE, filter, attrs, 0, + &result); + if (rc != LDAP_SUCCESS) { + goto out; + } + + count = ldap_count_entries(ldap_state.ldap_struct, result); + if (count == 0) { + pstr_sprintf(filter, + "(&(objectClass=idmapEntry)(%cidNumber=%ud))", + type, ((id_type & ID_USERID) ? id.uid : id.gid)); + rc = ldap_idmap_search(&ldap_state, lp_ldap_suffix(), + LDAP_SCOPE_SUBTREE, filter, + attrs, 0, &result); + if (rc != LDAP_SUCCESS) { + goto out; + } + count = ldap_count_entries(ldap_state.ldap_struct, result); + } + + if (count != 1) { + DEBUG(0,("ldap_get_sid_from_id: mapping not found for " + "%cid: %ud\n", (id_type&ID_USERID)?'u':'g', + ((id_type & ID_USERID) ? id.uid : id.gid))); + goto out; + } + + entry = ldap_first_entry(ldap_state.ldap_struct, result); + + if (!ldap_idmap_attribute(&ldap_state, entry, "ntSid", sid_str)) { + goto out; + } + + if (!string_to_sid(sid, sid_str)) { + goto out; + } + + ret = NT_STATUS_OK; +out: + return ret; +} + +/* Get an id from a sid */ +static NTSTATUS ldap_get_id_from_sid(unid_t *id, int *id_type, + const DOM_SID *sid) +{ + LDAPMessage *result = 0; + LDAPMessage *entry = 0; + pstring sid_str; + pstring filter; + pstring id_str; + const char *type = (*id_type & ID_USERID) ? "uidNumber" : "gidNumber"; + const char *class = + (*id_type & ID_USERID) ? "sambaAccount" : "sambaGroupMapping"; + int rc; + int count; + NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + + sid_to_string(sid_str, sid); + pstr_sprintf(filter, "(&(objectClass=%s)(ntSid=%s)", class, sid_str); + rc = ldap_idmap_search(&ldap_state, lp_ldap_suffix(), + LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result); + if (rc != LDAP_SUCCESS) { + goto out; + } + count = ldap_count_entries(ldap_state.ldap_struct, result); + if (count == 0) { + pstr_sprintf(filter, + "(&(objectClass=idmapEntry)(ntSid=%s))", sid_str); + + rc = ldap_idmap_search(&ldap_state, lp_ldap_suffix(), + LDAP_SCOPE_SUBTREE, filter, + attrs, 0, &result); + if (rc != LDAP_SUCCESS) { + goto out; + } + count = ldap_count_entries(ldap_state.ldap_struct, result); + } + + /* our search filters may 2 objects in the case that a user and group + rid are the same */ + if (count != 1 && count != 2) { + DEBUG(0, + ("ldap_get_id_from_sid: incorrect number of objects\n")); + goto out; + } + + entry = ldap_first_entry(ldap_state.ldap_struct, result); + if (!ldap_idmap_attribute(&ldap_state, entry, type, id_str)) { + entry = ldap_next_entry(ldap_state.ldap_struct, entry); + + if (!ldap_idmap_attribute(&ldap_state, entry, type, id_str)) { + int i; + + for (i = 0; i < LDAP_MAX_ALLOC_ID; i++) { + ret = ldap_allocate_id(id, *id_type); + if (NT_STATUS_IS_OK(ret)) { + break; + } + } + if (NT_STATUS_IS_OK(ret)) { + ret = ldap_set_mapping(sid, *id, *id_type); + } else { + DEBUG(0,("ldap_allocate_id: cannot acquire id" + " lock\n")); + } + } else { + if ((*id_type & ID_USERID)) { + id->uid = strtoul(id_str, NULL, 10); + } else { + id->gid = strtoul(id_str, NULL, 10); + } + ret = NT_STATUS_OK; + } + } else { + if ((*id_type & ID_USERID)) { + id->uid = strtoul(id_str, NULL, 10); + } else { + id->gid = strtoul(id_str, NULL, 10); + } + ret = NT_STATUS_OK; + } +out: + return ret; +} + +/* This function cannot be called to modify a mapping, only set a new one */ +static NTSTATUS ldap_set_mapping(const DOM_SID *sid, unid_t id, int id_type) +{ + pstring dn, sid_str, id_str; + const char *type = (id_type & ID_USERID) ? "uidNumber" : "gidNumber"; + LDAPMod *mods[3]; + LDAPMod mod[2]; + char *val[4]; + int rc; + int attempts = 0; + + pstr_sprintf(id_str, "%ud", ((id_type & ID_USERID) ? id.uid : id.gid)); + sid_to_string(sid_str, sid); + pstr_sprintf(dn, "%s=%ud,%s", type, ((id_type & ID_USERID) ? id.uid : id.gid), lp_ldap_suffix()); + mod[0].mod_op = LDAP_MOD_REPLACE; + mod[0].mod_type = strdup(type); + val[0] = id_str; val[1] = NULL; + mod[0].mod_values = val; + + mod[1].mod_op = LDAP_MOD_REPLACE; + mod[1].mod_type = strdup("ntSid"); + val[2] = sid_str; val[3] = NULL; + mod[1].mod_values = val + 2; + + mods[0] = mod; mods[1] = mod + 1; mods[2] = NULL; + + do { + if ((rc = ldap_idmap_retry_open(&ldap_state, &attempts)) != + LDAP_SUCCESS) continue; + + rc = ldap_modify_s(ldap_state.ldap_struct, dn, mods); + } while ((rc == LDAP_SERVER_DOWN) && (attempts <= 8)); + + if (rc != LDAP_SUCCESS) { + return NT_STATUS_UNSUCCESSFUL; + } + + return NT_STATUS_OK; +} + +/***************************************************************************** + Initialise idmap database. +*****************************************************************************/ +static NTSTATUS ldap_idmap_init(void) +{ + /* We wait for the first search request before we try to connect to + the LDAP server. We may want to connect upon initialization though + -- aliguori */ + return NT_STATUS_OK; +} + +/* End the LDAP session */ +static NTSTATUS ldap_idmap_close(void) +{ + if (ldap_state.ldap_struct != NULL) { + ldap_unbind_ext(ldap_state.ldap_struct, NULL, NULL); + ldap_state.ldap_struct = NULL; + } + + DEBUG(5,("The connection to the LDAP server was closed\n")); + /* maybe free the results here --metze */ + + return NT_STATUS_OK; +} + + +/* This function doesn't make as much sense in an LDAP world since the calling + node doesn't really control the ID ranges */ +static void ldap_idmap_status(void) +{ + DEBUG(0, ("LDAP IDMAP Status not available\n")); +} + +static struct idmap_methods ldap_methods = { + ldap_idmap_init, + ldap_get_sid_from_id, + ldap_get_id_from_sid, + ldap_set_mapping, + ldap_idmap_close, + ldap_idmap_status + +}; + +NTSTATUS idmap_ldap_init(void) +{ + DEBUG(0,("idmap_reg_ldap: no LDAP support\n")); + return smb_register_idmap(SMB_IDMAP_INTERFACE_VERSION, "ldap", &ldap_methods); +} -- cgit