From bce6d410130982af6ca58dc9a0d297b5f80e6c6c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 14 May 1998 03:20:42 +0000 Subject: namequery.c: Fixed SGI IRIX 5.x compiler problem. server.c: Added MACHINE.SID file generation - use lp_domain_sid() be default. smbpass.c: Exposed do_file_lock() as I now use it in server.c Jeremy. (This used to be commit 5bf17840ac7d65d08dd3fdfe8b789010488f6808) --- source3/include/proto.h | 1 + source3/libsmb/namequery.c | 4 +- source3/passdb/smbpass.c | 8 +- source3/smbd/server.c | 193 ++++++++++++++++++++++++++++++++++++++++++++- 4 files changed, 199 insertions(+), 7 deletions(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index 7f7322122e..70e10f1479 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1815,6 +1815,7 @@ char *smb_errstr(char *inbuf); /*The following definitions come from smbpass.c */ +BOOL do_file_lock(int fd, int waitsecs, int type); void *startsmbpwent(BOOL update); void endsmbpwent(void *vp); struct sam_passwd *getsmb21pwent(void *vp); diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c index 7f3d012c30..a578ad8947 100644 --- a/source3/libsmb/namequery.c +++ b/source3/libsmb/namequery.c @@ -552,7 +552,9 @@ BOOL resolve_name(char *name, struct in_addr *return_ip) * the first successful match. */ for( i = 0; i < num_interfaces; i++) { - struct in_addr sendto_ip = *iface_bcast(*iface_n_ip(i)); + struct in_addr sendto_ip; + /* Done this way to fix compiler error on IRIX 5.x */ + sendto_ip = *iface_bcast(*iface_n_ip(i)); iplist = name_query(sock, name, 0x20, True, False, sendto_ip, &count, NULL); if(iplist != NULL) { *return_ip = iplist[0]; diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c index a817933188..3b93b28a1e 100644 --- a/source3/passdb/smbpass.c +++ b/source3/passdb/smbpass.c @@ -40,7 +40,7 @@ static void gotalarm_sig(void) seconds. ****************************************************************/ -static BOOL do_pw_lock(int fd, int waitsecs, int type) +BOOL do_file_lock(int fd, int waitsecs, int type) { struct flock lock; int ret; @@ -60,7 +60,7 @@ static BOOL do_pw_lock(int fd, int waitsecs, int type) signal(SIGALRM, SIGNAL_CAST SIG_DFL); if (gotalarm) { - DEBUG(0, ("do_pw_lock: failed to %s SMB passwd file.\n", + DEBUG(0, ("do_file_lock: failed to %s file.\n", type == F_UNLCK ? "unlock" : "lock")); return False; } @@ -82,7 +82,7 @@ static BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth) (*plock_depth)++; if(pw_file_lock_depth == 0) { - if (!do_pw_lock(fd, secs, type)) { + if (!do_file_lock(fd, secs, type)) { DEBUG(10,("pw_file_lock: locking file failed, error = %s.\n", strerror(errno))); return False; @@ -101,7 +101,7 @@ static BOOL pw_file_unlock(int fd, int *plock_depth) BOOL ret=True; if(*plock_depth == 1) - ret = do_pw_lock(fd, 5, F_UNLCK); + ret = do_file_lock(fd, 5, F_UNLCK); (*plock_depth)--; diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 540f9f799f..f277bea421 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -59,6 +59,12 @@ extern pstring user_socket_options; extern int dcelogin_atmost_once; #endif /* DFS_AUTH */ +/* + * This is set on startup - it defines the SID for this + * machine. +*/ +DOM_SID global_machine_sid; + connection_struct Connections[MAX_CONNECTIONS]; files_struct Files[MAX_OPEN_FILES]; @@ -135,6 +141,185 @@ void killkids(void) if(am_parent) kill(0,SIGTERM); } +/**************************************************************************** + Read the machine SID from a file. +****************************************************************************/ + +static BOOL read_sid_from_file(int fd, char *sid_file) +{ + fstring fline; + + if(read(fd, &fline, sizeof(fline) -1 ) < 0) { + DEBUG(0,("read_sid_from_file: unable to read file %s. Error was %s\n", + sid_file, strerror(errno) )); + return False; + } + + /* + * Convert to the machine SID. + */ + + fline[sizeof(fline)-1] = '\0'; + if(!string_to_sid( &global_machine_sid, fline)) { + DEBUG(0,("read_sid_from_file: unable to generate machine SID.\n")); + return False; + } + + return True; +} + +/**************************************************************************** + Generate the global machine sid. Look for the MACHINE.SID file first, if + not found then look in smb.conf and use it to create the MACHINE.SID file. +****************************************************************************/ + +static BOOL generate_machine_sid(void) +{ + int fd; + char *p; + pstring sid_file; + fstring sid_string; + struct stat st; + uchar raw_sid_data[12]; + + pstrcpy(sid_file, lp_smb_passwd_file()); + p = strrchr(sid_file, '/'); + if(p != NULL) + *++p = '\0'; + + pstrcat(sid_file, "MACHINE.SID"); + + if((fd = open( sid_file, O_RDWR | O_CREAT, 0644)) < 0 ) { + DEBUG(0,("generate_machine_sid: unable to open or create file %s. Error was %s\n", + sid_file, strerror(errno) )); + return False; + } + + /* + * Check if the file contains data. + */ + + if(fstat( fd, &st) < 0) { + DEBUG(0,("generate_machine_sid: unable to stat file %s. Error was %s\n", + sid_file, strerror(errno) )); + close(fd); + return False; + } + + if(st.st_size > 0) { + /* + * We have a valid SID - read it. + */ + if(!read_sid_from_file( fd, sid_file)) { + DEBUG(0,("generate_machine_sid: unable to read file %s. Error was %s\n", + sid_file, strerror(errno) )); + close(fd); + return False; + } + close(fd); + return True; + } + + /* + * The file contains no data - we may need to generate our + * own sid. Try the lp_domain_sid() first. + */ + + if(*lp_domain_sid()) + fstrcpy( sid_string, lp_domain_sid()); + else { + /* + * Generate the new sid data & turn it into a string. + */ + int i; + generate_random_buffer( raw_sid_data, 12, True); + + fstrcpy( sid_string, "S-1-5-21"); + for( i = 0; i < 3; i++) { + fstring tmp_string; + slprintf( tmp_string, sizeof(tmp_string) - 1, "-%u", IVAL(raw_sid_data, i*4)); + fstrcat( sid_string, tmp_string); + } + } + + fstrcat(sid_string, "\n"); + + /* + * Ensure our new SID is valid. + */ + + if(!string_to_sid( &global_machine_sid, sid_string)) { + DEBUG(0,("generate_machine_sid: unable to generate machine SID.\n")); + return False; + } + + /* + * Do an exclusive blocking lock on the file. + */ + + if(!do_file_lock( fd, 60, F_WRLCK)) { + DEBUG(0,("generate_machine_sid: unable to lock file %s. Error was %s\n", + sid_file, strerror(errno) )); + close(fd); + return False; + } + + /* + * At this point we have a blocking lock on the SID + * file - check if in the meantime someone else wrote + * SID data into the file. If so - they were here first, + * use their data. + */ + + if(fstat( fd, &st) < 0) { + DEBUG(0,("generate_machine_sid: unable to stat file %s. Error was %s\n", + sid_file, strerror(errno) )); + close(fd); + return False; + } + + if(st.st_size > 0) { + /* + * We have a valid SID - read it. + */ + if(!read_sid_from_file( fd, sid_file)) { + DEBUG(0,("generate_machine_sid: unable to read file %s. Error was %s\n", + sid_file, strerror(errno) )); + close(fd); + return False; + } + close(fd); + return True; + } + + /* + * The file is still empty and we have an exlusive lock on it. + * Write out out SID data into the file. + */ + + if(fchmod(fd, 0644) < 0) { + DEBUG(0,("generate_machine_sid: unable to set correct permissions on file %s. \ +Error was %s\n", sid_file, strerror(errno) )); + close(fd); + return False; + } + + if(write( fd, sid_string, strlen(sid_string)) != strlen(sid_string)) { + DEBUG(0,("generate_machine_sid: unable to write file %s. Error was %s\n", + sid_file, strerror(errno) )); + close(fd); + return False; + } + + /* + * Unlock & exit. + */ + + do_file_lock( fd, 60, F_UNLCK); + close(fd); + return True; +} + /**************************************************************************** change a dos mode to a unix mode base permission for files: @@ -5187,6 +5372,12 @@ static void usage(char *pname) pstrcpy(global_myworkgroup, lp_workgroup()); + if(!generate_machine_sid()) + { + DEBUG(0,("ERROR: Samba cannot get a machine SID.\n")); + exit(1); + } + #ifndef NO_SIGNAL_TEST signal(SIGHUP,SIGNAL_CAST sig_hup); #endif @@ -5256,5 +5447,3 @@ static void usage(char *pname) exit_server("normal exit"); return(0); } - - -- cgit