The branch, master has been updated via fdd282afa3e80712790c5bbac84bf4f88644692a (commit) via e07e964729571410871318e3682710a0692e176e (commit) via 1cbc58d3be87852052901d4a34ad92c9f584d956 (commit) via 7ecaced8869541afd8a17c525e9b8387a8b20749 (commit) via e3569df15b28896f4f79733df28498da2c021efe (commit) from ca23469a906bab690162184e8d3949897f7b5a67 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit fdd282afa3e80712790c5bbac84bf4f88644692a Author: Volker Lendecke <v...@samba.org> Date: Sun Feb 8 14:24:22 2009 +0100 Remove an unused extern reference commit e07e964729571410871318e3682710a0692e176e Author: Volker Lendecke <v...@samba.org> Date: Sun Feb 8 14:20:17 2009 +0100 Convert api_NetUserGetGroups to use samr instead of pdb commit 1cbc58d3be87852052901d4a34ad92c9f584d956 Author: Volker Lendecke <v...@samba.org> Date: Thu Feb 5 15:53:04 2009 +0100 Fix some nonempty blank lines commit 7ecaced8869541afd8a17c525e9b8387a8b20749 Author: Volker Lendecke <v...@samba.org> Date: Sun Feb 1 20:47:59 2009 +0100 Do not use strlen if not necessary... :-) commit e3569df15b28896f4f79733df28498da2c021efe Author: Volker Lendecke <v...@samba.org> Date: Sun Feb 1 17:17:37 2009 +0100 If we receive a DOS error code, nt_errstr should display it ----------------------------------------------------------------------- Summary of changes: source3/Makefile.in | 4 +- source3/auth/auth_sam.c | 18 +++--- source3/libsmb/cliconnect.c | 6 +-- source3/libsmb/nterr.c | 5 ++ source3/smbd/chgpasswd.c | 2 - source3/smbd/lanman.c | 118 +++++++++++++++++++++++++------------------ 6 files changed, 86 insertions(+), 67 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index 6e453c9..03463e9 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -423,7 +423,7 @@ LIBNBT_OBJ = ../libcli/nbt/nbtname.o \ LIBNMB_OBJ = libsmb/unexpected.o libsmb/namecache.o libsmb/nmblib.o \ libsmb/namequery.o libsmb/conncache.o libads/dns.o -NTERR_OBJ = libsmb/nterr.o +NTERR_OBJ = libsmb/nterr.o libsmb/smberr.o DOSERR_OBJ = ../libcli/util/doserr.o ERRORMAP_OBJ = libsmb/errormap.o DCE_RPC_ERR_OBJ = ../librpc/rpc/dcerpc_error.o @@ -451,7 +451,7 @@ LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \ libsmb/clireadwrite.o libsmb/clilist.o libsmb/cliprint.o \ libsmb/clitrans.o libsmb/clisecdesc.o libsmb/clidgram.o \ libsmb/clistr.o libsmb/cliquota.o libsmb/clifsinfo.o libsmb/clidfs.o \ - libsmb/smberr.o libsmb/credentials.o libsmb/pwd_cache.o \ + libsmb/credentials.o libsmb/pwd_cache.o \ libsmb/clioplock.o libsmb/clirap2.o \ libsmb/smb_seal.o libsmb/async_smb.o \ $(LIBSAMBA_OBJ) \ diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 7fe76fb..f5d61e9 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -5,17 +5,17 @@ Copyright (C) Luke Kenneth Casson Leighton 1996-2000 Copyright (C) Andrew Bartlett 2001-2003 Copyright (C) Gerald Carter 2003 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -69,7 +69,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, servers local time, as logon hours are just specified as a weekly bitmask. ****************************************************************************/ - + static bool logon_hours_ok(struct samu *sampass) { /* In logon hours first bit is Sunday from 12AM to 1AM */ @@ -107,7 +107,7 @@ static bool logon_hours_ok(struct samu *sampass) asct = "INVALID TIME"; } } - + DEBUG(1, ("logon_hours_ok: Account for user %s not allowed to " "logon at this time (%s).\n", pdb_get_username(sampass), asct )); @@ -133,7 +133,7 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx, uint32 acct_ctrl = pdb_get_acct_ctrl(sampass); char *workstation_list; time_t kickoff_time; - + DEBUG(4,("sam_account_ok: Checking SMB password for user %s\n",pdb_get_username(sampass))); /* Quit if the account was disabled. */ @@ -154,7 +154,7 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx, } /* Test account expire time */ - + kickoff_time = pdb_get_kickoff_time(sampass); if (kickoff_time != 0 && time(NULL) > kickoff_time) { DEBUG(1,("sam_account_ok: Account for user '%s' has expired.\n", pdb_get_username(sampass))); @@ -406,7 +406,7 @@ static NTSTATUS check_samstrict_security(const struct auth_context *auth_context is_my_domain = strequal(user_info->domain, lp_workgroup()); /* check whether or not we service this domain/workgroup name */ - + switch ( lp_server_role() ) { case ROLE_STANDALONE: case ROLE_DOMAIN_MEMBER: @@ -426,7 +426,7 @@ static NTSTATUS check_samstrict_security(const struct auth_context *auth_context default: /* name is ok */ break; } - + return check_sam_security(auth_context, my_private_data, mem_ctx, user_info, server_info); } diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index a39e035..dabfc39 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -188,10 +188,8 @@ struct async_req *cli_session_setup_guest_send(TALLOC_CTX *mem_ctx, NULL); bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "", 1, /* workgroup */ NULL); - bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "Unix", - strlen("Unix")+1, NULL); - bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "Samba", - strlen("Samba")+1, NULL); + bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "Unix", 5, NULL); + bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "Samba", 6, NULL); if (bytes == NULL) { return NULL; diff --git a/source3/libsmb/nterr.c b/source3/libsmb/nterr.c index 465d88a..52e81ac 100644 --- a/source3/libsmb/nterr.c +++ b/source3/libsmb/nterr.c @@ -659,6 +659,11 @@ const char *nt_errstr(NTSTATUS nt_code) } #endif + if (NT_STATUS_IS_DOS(nt_code)) { + return smb_dos_err_name(NT_STATUS_DOS_CLASS(nt_code), + NT_STATUS_DOS_CODE(nt_code)); + } + while (nt_errs[idx].nt_errstr != NULL) { if (NT_STATUS_EQUAL(nt_errs[idx].nt_errcode, nt_code)) { return nt_errs[idx].nt_errstr; diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c index 78bace7..ccab71c 100644 --- a/source3/smbd/chgpasswd.c +++ b/source3/smbd/chgpasswd.c @@ -47,8 +47,6 @@ #include "includes.h" -extern struct passdb_ops pdb_ops; - static NTSTATUS check_oem_password(const char *user, uchar password_encrypted_with_lm_hash[516], const uchar old_lm_hash_encrypted[16], diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index f4df58d..6f8f8ed 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -2194,17 +2194,17 @@ static bool api_NetUserGetGroups(connection_struct *conn,uint16 vuid, int uLevel = get_safe_SVAL(param,tpscnt,p,0,-1); const char *level_string; int count=0; - struct samu *sampw = NULL; bool ret = False; - DOM_SID *sids; - gid_t *gids; - size_t num_groups; - size_t i; - NTSTATUS result; - DOM_SID user_sid; - enum lsa_SidType type; + uint32_t i; char *endp = NULL; - TALLOC_CTX *mem_ctx; + + struct rpc_pipe_client *samr_pipe; + struct policy_handle samr_handle, domain_handle, user_handle; + struct lsa_String name; + struct lsa_Strings names; + struct samr_Ids type, rid; + struct samr_RidWithAttributeArray *rids; + NTSTATUS status; if (!str1 || !str2 || !UserName || !p) { return False; @@ -2244,59 +2244,75 @@ static bool api_NetUserGetGroups(connection_struct *conn,uint16 vuid, p = *rdata; endp = *rdata + *rdata_len; - mem_ctx = talloc_new(NULL); - if (mem_ctx == NULL) { - DEBUG(0, ("talloc_new failed\n")); - return False; + status = rpc_pipe_open_internal( + talloc_tos(), &ndr_table_samr.syntax_id, rpc_samr_dispatch, + conn->server_info, &samr_pipe); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("api_RNetUserEnum: Could not connect to samr: %s\n", + nt_errstr(status))); + return false; } - if ( !(sampw = samu_new(mem_ctx)) ) { - DEBUG(0, ("samu_new() failed!\n")); - TALLOC_FREE(mem_ctx); - return False; + status = rpccli_samr_Connect2(samr_pipe, talloc_tos(), global_myname(), + SAMR_ACCESS_OPEN_DOMAIN, &samr_handle); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("api_RNetUserEnum: samr_Connect2 failed: %s\n", + nt_errstr(status))); + return false; } - /* Lookup the user information; This should only be one of - our accounts (not remote domains) */ + status = rpccli_samr_OpenDomain(samr_pipe, talloc_tos(), &samr_handle, + SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, + get_global_sam_sid(), &domain_handle); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("api_RNetUserEnum: samr_OpenDomain failed: %s\n", + nt_errstr(status))); + goto close_sam; + } - become_root(); /* ROOT BLOCK */ + name.string = UserName; - if (!lookup_name(mem_ctx, UserName, LOOKUP_NAME_ALL, - NULL, NULL, &user_sid, &type)) { - DEBUG(10, ("lookup_name(%s) failed\n", UserName)); - goto done; + status = rpccli_samr_LookupNames(samr_pipe, talloc_tos(), + &domain_handle, 1, &name, + &rid, &type); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("api_RNetUserEnum: samr_LookupNames failed: %s\n", + nt_errstr(status))); + goto close_domain; } - if (type != SID_NAME_USER) { + if (type.ids[0] != SID_NAME_USER) { DEBUG(10, ("%s is a %s, not a user\n", UserName, - sid_type_lookup(type))); - goto done; + sid_type_lookup(type.ids[0]))); + goto close_domain; } - if ( !pdb_getsampwsid(sampw, &user_sid) ) { - DEBUG(10, ("pdb_getsampwsid(%s) failed for user %s\n", - sid_string_dbg(&user_sid), UserName)); - goto done; + status = rpccli_samr_OpenUser(samr_pipe, talloc_tos(), + &domain_handle, + SAMR_USER_ACCESS_GET_GROUPS, + rid.ids[0], &user_handle); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("api_RNetUserEnum: samr_LookupNames failed: %s\n", + nt_errstr(status))); + goto close_domain; } - gids = NULL; - sids = NULL; - num_groups = 0; - - result = pdb_enum_group_memberships(mem_ctx, sampw, - &sids, &gids, &num_groups); - - if (!NT_STATUS_IS_OK(result)) { - DEBUG(10, ("pdb_enum_group_memberships failed for %s\n", - UserName)); - goto done; + status = rpccli_samr_GetGroupsForUser(samr_pipe, talloc_tos(), + &user_handle, &rids); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("api_RNetUserEnum: samr_LookupNames failed: %s\n", + nt_errstr(status))); + goto close_user; } - for (i=0; i<num_groups; i++) { - const char *grp_name; + for (i=0; i<rids->count; i++) { - if ( lookup_sid(mem_ctx, &sids[i], NULL, &grp_name, NULL) ) { - strlcpy(p, grp_name, PTR_DIFF(endp,p)); + status = rpccli_samr_LookupRids(samr_pipe, talloc_tos(), + &domain_handle, + 1, &rids->rids[i].rid, + &names, &type); + if (NT_STATUS_IS_OK(status) && (names.count == 1)) { + strlcpy(p, names.names[0].string, PTR_DIFF(endp,p)); p += 21; count++; } @@ -2309,10 +2325,12 @@ static bool api_NetUserGetGroups(connection_struct *conn,uint16 vuid, ret = True; -done: - unbecome_root(); /* END ROOT BLOCK */ - - TALLOC_FREE(mem_ctx); + close_user: + rpccli_samr_Close(samr_pipe, talloc_tos(), &user_handle); + close_domain: + rpccli_samr_Close(samr_pipe, talloc_tos(), &domain_handle); + close_sam: + rpccli_samr_Close(samr_pipe, talloc_tos(), &samr_handle); return ret; } -- Samba Shared Repository