[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6a1201a dlz_bind9: create session info from PAC using auth context from 909056a s3-cli: fix bug 563, >8GB tar on BE machines http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6a1201a67b36bc1bb3214ee911b130c4affb8dec Author: Amitay Isaacs Date: Tue Jan 3 15:39:20 2012 +1100 dlz_bind9: create session info from PAC using auth context This fixes the creation of session info from PAC, after changes in gensec code. Autobuild-User: Amitay Isaacs Autobuild-Date: Wed Jan 4 01:59:09 CET 2012 on sn-devel-104 --- Summary of changes: source4/dns_server/dlz_bind9.c | 66 +++ 1 files changed, 59 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c index 97eaac8..549ae0d 100644 --- a/source4/dns_server/dlz_bind9.c +++ b/source4/dns_server/dlz_bind9.c @@ -54,6 +54,7 @@ struct dlz_bind9_data { /* Used for dynamic update */ struct smb_krb5_context *smb_krb5_ctx; + struct auth4_context *auth_context; struct auth_session_info *session_info; char *update_name; @@ -463,6 +464,50 @@ static isc_result_t parse_options(struct dlz_bind9_data *state, /* + * Create session info from PAC + * This is called as auth_context->generate_session_info_pac() + */ +static NTSTATUS b9_generate_session_info_pac(struct auth4_context *auth_context, +TALLOC_CTX *mem_ctx, +struct smb_krb5_context *smb_krb5_context, +DATA_BLOB *pac_blob, +const char *principal_name, +const struct tsocket_address *remote_addr, +uint32_t session_info_flags, +struct auth_session_info **session_info) +{ + NTSTATUS status; + struct auth_user_info_dc *user_info_dc; + TALLOC_CTX *tmp_ctx; + + tmp_ctx = talloc_new(mem_ctx); + NT_STATUS_HAVE_NO_MEMORY(tmp_ctx); + + status = kerberos_pac_blob_to_user_info_dc(tmp_ctx, + *pac_blob, + smb_krb5_context->krb5_context, + &user_info_dc, + NULL, + NULL); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(tmp_ctx); + return status; + } + + session_info_flags |= AUTH_SESSION_INFO_SIMPLE_PRIVILEGES; + status = auth_generate_session_info(mem_ctx, NULL, NULL, user_info_dc, + session_info_flags, session_info); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(tmp_ctx); + return status; + } + + talloc_free(tmp_ctx); + return status; +} + + +/* called to initialise the driver */ _PUBLIC_ isc_result_t dlz_create(const char *dlzname, @@ -473,7 +518,6 @@ _PUBLIC_ isc_result_t dlz_create(const char *dlzname, const char *helper_name; va_list ap; isc_result_t result; - TALLOC_CTX *tmp_ctx; struct ldb_dn *dn; NTSTATUS nt_status; @@ -482,8 +526,6 @@ _PUBLIC_ isc_result_t dlz_create(const char *dlzname, return ISC_R_NOMEMORY; } - tmp_ctx = talloc_new(state); - /* fill in the helper functions */ va_start(ap, dbdata); while ((helper_name = va_arg(ap, const char *)) != NULL) { @@ -527,8 +569,14 @@ _PUBLIC_ isc_result_t dlz_create(const char *dlzname, nt_status = gensec_init(); if (!NT_STATUS_IS_OK(nt_status)) { - talloc_free(tmp_ctx); - return false; + result = ISC_R_NOMEMORY; + goto failed; + } + + state->auth_context = talloc_zero(state, struct auth4_context); + if (state->auth_context == NULL) { + result = ISC_R_NOMEMORY; + goto failed; } if (state->options.url == NULL) { @@ -559,9 +607,13 @@ _PUBLIC_ isc_result_t dlz_create(const char *dlzname, state->log(ISC_LOG_INFO, "samba_dlz: started for DN %s", ldb_dn_get_linearized(dn)); + state->auth_context->event_ctx = state->ev_ctx; + state->auth_context->lp_ctx = state->lp; + state->auth_context->sam_ctx = state->samdb; + state->auth_context->generate_session_info_pac = b9_generate_session_info_pac; + *dbdata = state; - talloc_free(tmp_ctx); retur
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 909056a s3-cli: fix bug 563, >8GB tar on BE machines from cd3a935 s3: Fix a cut&paste error http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 909056a2daacd961b40158b86bc117650a897054 Author: Masafumi Nakayama Date: Wed Nov 2 10:35:19 2011 +0100 s3-cli: fix bug 563, >8GB tar on BE machines Borrows on existing patches proposed by Craig Barratt and Brad Ellis. Signed-off-by: David Disseldorp Autobuild-User: David Disseldorp Autobuild-Date: Tue Jan 3 18:31:28 CET 2012 on sn-devel-104 --- Summary of changes: source3/client/clitar.c | 22 +- 1 files changed, 17 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/client/clitar.c b/source3/client/clitar.c index 5943926..bf18e54 100644 --- a/source3/client/clitar.c +++ b/source3/client/clitar.c @@ -188,8 +188,10 @@ static void writetarheader(int f, const char *aname, uint64_t size, time_t mtime memset(hb.dbuf.size, 0, 4); hb.dbuf.size[0]=128; - for (i = 8, jp=(char*)&size; i; i--) - hb.dbuf.size[i+3] = *(jp++); + for (i = 8; i; i--) { + hb.dbuf.size[i+3] = size & 0xff; + size >>= 8; + } } oct_it((uint64_t) mtime, 13, hb.dbuf.mtime); memcpy(hb.dbuf.chksum, "", sizeof(hb.dbuf.chksum)); @@ -291,7 +293,17 @@ of link other than a GNUtar Longlink - ignoring\n")); finfo->mtime_ts = finfo->ctime_ts = convert_time_t_to_timespec((time_t)strtol(hb->dbuf.mtime, NULL, 8)); finfo->atime_ts = convert_time_t_to_timespec(time(NULL)); - finfo->size = unoct(hb->dbuf.size, sizeof(hb->dbuf.size)); + if ((hb->dbuf.size[0] & 0xff) == 0x80) { + /* This is a non-POSIX compatible extention to extract files + greater than 8GB. */ + finfo->size = 0; + for (i = 0; i < 8; i++) { + finfo->size <<= 8; + finfo->size |= hb->dbuf.size[i+4] & 0xff; + } + } else { + finfo->size = unoct(hb->dbuf.size, sizeof(hb->dbuf.size)); + } return True; } @@ -1005,8 +1017,8 @@ static int skip_file(int skipsize) static int get_file(file_info2 finfo) { uint16_t fnum = (uint16_t) -1; - int pos = 0, dsize = 0, bpos = 0; - uint64_t rsize = 0; + int dsize = 0, bpos = 0; + uint64_t rsize = 0, pos = 0; NTSTATUS status; DEBUG(5, ("get_file: file: %s, size %.0f\n", finfo.name, (double)finfo.size)); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via cd3a935 s3: Fix a cut&paste error via 0923e7f s3: Fix a typo from bed281d s3: Remove the unused "file_existed" parameter from smbd_calculate_access_mask http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit cd3a935d0e170cf82ac16ee99affab4950fe0b72 Author: Volker Lendecke Date: Tue Jan 3 15:20:09 2012 +0100 s3: Fix a cut&paste error Autobuild-User: Volker Lendecke Autobuild-Date: Tue Jan 3 16:57:44 CET 2012 on sn-devel-104 commit 0923e7fa39f18a9717230d82c4f3488391e7e961 Author: Volker Lendecke Date: Tue Jan 3 15:13:48 2012 +0100 s3: Fix a typo --- Summary of changes: source3/torture/torture.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 9e16bac..619f92d 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -3778,7 +3778,7 @@ static bool run_oplock4(int dummy) ev = tevent_context_init(talloc_tos()); if (ev == NULL) { - printf("tevent_req_create failed\n"); + printf("tevent_context_init failed\n"); return false; } @@ -3802,7 +3802,7 @@ static bool run_oplock4(int dummy) open_req = cli_openx_send( talloc_tos(), ev, cli2, fname_ln, O_RDWR, DENY_NONE); - if (oplock_req == NULL) { + if (open_req == NULL) { printf("cli_openx_send failed\n"); return false; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via bed281d s3: Remove the unused "file_existed" parameter from smbd_calculate_access_mask via c01f02a s3: Avoid "file_existed" in smbd_calculate_maximum_allowed_access via 49a5202 s3: Remove some else{} branches in smbd_calculate_maximum_allowed_access via 8cadd19 s3: Directly use *p_access_mask in smbd_calculate_maximum_allowed_access via a5a4b58 s3: Factor out smbd_calculate_maximum_allowed_access from f66ef5c upgradeprovision: do not hold references to messageElements http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit bed281dad774cfe3c828552740de70072b4901b5 Author: Volker Lendecke Date: Fri Dec 16 18:56:40 2011 +0100 s3: Remove the unused "file_existed" parameter from smbd_calculate_access_mask Autobuild-User: Volker Lendecke Autobuild-Date: Tue Jan 3 15:16:50 CET 2012 on sn-devel-104 commit c01f02a4b97de453a0db7feb3c2d323f05fac7f6 Author: Volker Lendecke Date: Fri Dec 16 18:51:19 2011 +0100 s3: Avoid "file_existed" in smbd_calculate_maximum_allowed_access We access the file by name anyway, so we can just try to access it. The file system will for sure tell us if the file does not exist. commit 49a520217ceb04cbd4278a3bce7cb1f8dd04b018 Author: Volker Lendecke Date: Fri Dec 16 18:47:03 2011 +0100 s3: Remove some else{} branches in smbd_calculate_maximum_allowed_access commit 8cadd19a91cc4cded493b9ba5dec821f93dcfb54 Author: Volker Lendecke Date: Fri Dec 16 18:45:14 2011 +0100 s3: Directly use *p_access_mask in smbd_calculate_maximum_allowed_access commit a5a4b581b7b428621da5477994f0413443fa6bcb Author: Volker Lendecke Date: Fri Dec 16 18:42:30 2011 +0100 s3: Factor out smbd_calculate_maximum_allowed_access --- Summary of changes: source3/smbd/fake_file.c |1 - source3/smbd/globals.h |1 - source3/smbd/open.c| 105 ++-- source3/smbd/smb2_create.c |5 -- 4 files changed, 62 insertions(+), 50 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/fake_file.c b/source3/smbd/fake_file.c index 2b31ba5..95f6f93 100644 --- a/source3/smbd/fake_file.c +++ b/source3/smbd/fake_file.c @@ -130,7 +130,6 @@ NTSTATUS open_fake_file(struct smb_request *req, connection_struct *conn, NTSTATUS status; status = smbd_calculate_access_mask(conn, smb_fname, - false, /* fake files do not exist */ access_mask, &access_mask); if (!NT_STATUS_IS_OK(status)) { DEBUG(10, ("open_fake_file: smbd_calculate_access_mask " diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index 02527e7..631298b 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -214,7 +214,6 @@ bool smbd_dirptr_lanman2_entry(TALLOC_CTX *ctx, NTSTATUS smbd_calculate_access_mask(connection_struct *conn, const struct smb_filename *smb_fname, - bool file_existed, uint32_t access_mask, uint32_t *access_mask_out); diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 587093a..dbc4dba 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -1476,9 +1476,64 @@ static void schedule_defer_open(struct share_mode_lock *lck, Work out what access_mask to use from what the client sent us. / +static NTSTATUS smbd_calculate_maximum_allowed_access( + connection_struct *conn, + const struct smb_filename *smb_fname, + uint32_t *p_access_mask) +{ + struct security_descriptor *sd; + uint32_t access_granted; + NTSTATUS status; + + if (get_current_uid(conn) == (uid_t)0) { + *p_access_mask |= FILE_GENERIC_ALL; + return NT_STATUS_OK; + } + + status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name, + (SECINFO_OWNER | +SECINFO_GROUP | +SECINFO_DACL),&sd); + + if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { + /* +* File did not exist +*/ + *p_access_mask = FILE_GENERIC_ALL; + return NT_STATUS_OK; + } + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10,("smbd_calculate_access_mask: " + "Could not get acl on file %s: %s\n", + smb_fname_str_dbg(smb_fname), + nt_errstr(status))); + return NT_STATUS_ACCESS_DENIED; + } + + /*