svn commit: samba r25493 - in branches: SAMBA_3_2/source/nsswitch SAMBA_3_2_0/source/nsswitch
Author: jmcd Date: 2007-10-03 20:56:29 + (Wed, 03 Oct 2007) New Revision: 25493 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=25493 Log: Fix typo in Jeremy's thread-safe winbind patch: lock->unlock (would have tried to lock a mutex at the end of a function). Cut-n-paste error. Modified: branches/SAMBA_3_2/source/nsswitch/winbind_nss_linux.c branches/SAMBA_3_2_0/source/nsswitch/winbind_nss_linux.c Changeset: Modified: branches/SAMBA_3_2/source/nsswitch/winbind_nss_linux.c === --- branches/SAMBA_3_2/source/nsswitch/winbind_nss_linux.c 2007-10-03 20:43:55 UTC (rev 25492) +++ branches/SAMBA_3_2/source/nsswitch/winbind_nss_linux.c 2007-10-03 20:56:29 UTC (rev 25493) @@ -1347,7 +1347,7 @@ failed: #if HAVE_PTHREAD - pthread_mutex_lock(&winbind_nss_mutex); + pthread_mutex_unlock(&winbind_nss_mutex); #endif return ret; Modified: branches/SAMBA_3_2_0/source/nsswitch/winbind_nss_linux.c === --- branches/SAMBA_3_2_0/source/nsswitch/winbind_nss_linux.c2007-10-03 20:43:55 UTC (rev 25492) +++ branches/SAMBA_3_2_0/source/nsswitch/winbind_nss_linux.c2007-10-03 20:56:29 UTC (rev 25493) @@ -1347,7 +1347,7 @@ failed: #if HAVE_PTHREAD - pthread_mutex_lock(&winbind_nss_mutex); + pthread_mutex_unlock(&winbind_nss_mutex); #endif return ret;
svn commit: samba r23643 - in branches/SAMBA_4_0/source: librpc/idl torture/rpc
Author: jmcd Date: 2007-06-28 18:08:04 + (Thu, 28 Jun 2007) New Revision: 23643 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=23643 Log: Fix the build farm tests. We were incorrectly passing the RPC-SAMBA3-GETUSERNAME tests before the previous password expiration fixes, because if you create a user and only set the password administratrively, the "last set time" should not get updated. Needed to add some more of the fields_present flags to do this. Modified: branches/SAMBA_4_0/source/librpc/idl/samr.idl branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/samr.idl === --- branches/SAMBA_4_0/source/librpc/idl/samr.idl 2007-06-28 18:05:35 UTC (rev 23642) +++ branches/SAMBA_4_0/source/librpc/idl/samr.idl 2007-06-28 18:08:04 UTC (rev 23643) @@ -684,23 +684,36 @@ /* this defines the bits used for fields_present in info21 */ typedef [bitmap32bit] bitmap { - SAMR_FIELD_ACCOUNT_NAME = 0x0001, - SAMR_FIELD_FULL_NAME = 0x0002, - SAMR_FIELD_PRIMARY_GID= 0x0008, - SAMR_FIELD_DESCRIPTION= 0x0010, - SAMR_FIELD_COMMENT= 0x0020, - SAMR_FIELD_HOME_DIRECTORY = 0x0040, - SAMR_FIELD_HOME_DRIVE = 0x0080, - SAMR_FIELD_LOGON_SCRIPT = 0x0100, - SAMR_FIELD_PROFILE_PATH = 0x0200, - SAMR_FIELD_WORKSTATIONS = 0x0400, - SAMR_FIELD_LOGON_HOURS= 0x2000, - SAMR_FIELD_ACCT_FLAGS = 0x0010, - SAMR_FIELD_PARAMETERS = 0x0020, - SAMR_FIELD_COUNTRY_CODE = 0x0040, - SAMR_FIELD_CODE_PAGE = 0x0080, - SAMR_FIELD_PASSWORD = 0x0100, /* either of these */ - SAMR_FIELD_PASSWORD2 = 0x0200 /* two bits seems to work */ + SAMR_FIELD_ACCOUNT_NAME = 0x0001, + SAMR_FIELD_FULL_NAME= 0x0002, + SAMR_FIELD_RID = 0x0004, + SAMR_FIELD_PRIMARY_GID = 0x0008, + SAMR_FIELD_DESCRIPTION = 0x0010, + SAMR_FIELD_COMMENT = 0x0020, + SAMR_FIELD_HOME_DIRECTORY = 0x0040, + SAMR_FIELD_HOME_DRIVE = 0x0080, + SAMR_FIELD_LOGON_SCRIPT = 0x0100, + SAMR_FIELD_PROFILE_PATH = 0x0200, + SAMR_FIELD_WORKSTATIONS = 0x0400, + SAMR_FIELD_LAST_LOGON = 0x0800, + SAMR_FIELD_LAST_LOGOFF = 0x1000, + SAMR_FIELD_LOGON_HOURS = 0x2000, + SAMR_FIELD_BAD_PWD_COUNT= 0x4000, + SAMR_FIELD_NUM_LOGONS = 0x8000, + SAMR_FIELD_ALLOW_PWD_CHANGE = 0x0001, + SAMR_FIELD_FORCE_PWD_CHANGE = 0x0002, + SAMR_FIELD_LAST_PWD_CHANGE = 0x0004, + SAMR_FIELD_ACCT_EXPIRY = 0x0008, + SAMR_FIELD_ACCT_FLAGS = 0x0010, + SAMR_FIELD_PARAMETERS = 0x0020, + SAMR_FIELD_COUNTRY_CODE = 0x0040, + SAMR_FIELD_CODE_PAGE= 0x0080, + SAMR_FIELD_PASSWORD = 0x0100, /* either of these */ + SAMR_FIELD_PASSWORD2= 0x0200, /* two bits seems to work */ + SAMR_FIELD_PRIVATE_DATA = 0x0400, + SAMR_FIELD_EXPIRED_FLAG = 0x0800, + SAMR_FIELD_SEC_DESC = 0x1000, + SAMR_FIELD_OWF_PWD = 0x2000 } samr_FieldsPresent; typedef struct { Modified: branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c === --- branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c 2007-06-28 18:05:35 UTC (rev 23642) +++ branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c 2007-06-28 18:08:04 UTC (rev 23643) @@ -536,24 +536,29 @@ union samr_UserInfo u_info; DATA_BLOB session_key; - encode_pw_buffer(u_info.info24.password.data, password, + + ZERO_STRUCT(u_info); + encode_pw_buffer(u_info.info23.password.data, password, STR_UNICODE); - u_info.info24.pw_len = strlen_m(password)*2; status = dcerpc_fetch_session_key(samr_pipe, &session_key); if (!NT_STATUS_IS_OK(status)) { d_printf("dcerpc_fetch_session_key failed\n"); goto done; } - arcfour_crypt_blob(u_info.info24.password.data, 516, +
svn commit: samba r23616 - in branches: SAMBA_3_0/source/include SAMBA_3_0/source/rpc_parse SAMBA_3_0/source/rpc_server SAMBA_3_0_25/source/include SAMBA_3_0_25/source/rpc_parse SAMBA_3_0_25/source/rp
Author: jmcd Date: 2007-06-26 20:09:41 + (Tue, 26 Jun 2007) New Revision: 23616 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=23616 Log: Fix bugzilla #4719: must change password is not set from usrmgr.exe. This was only affecting the newer versions of usrmgr.exe, because they use a user_info_25 struct. The password is getting set separately inside that code, so the password last set time was getting set from the password change logic. We also were not parsing a number of fields (like logon hours) from the user_info_25. That should also be fixed. Modified: branches/SAMBA_3_0/source/include/rpc_samr.h branches/SAMBA_3_0/source/rpc_parse/parse_samr.c branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c branches/SAMBA_3_0/source/rpc_server/srv_samr_util.c branches/SAMBA_3_0_25/source/include/rpc_samr.h branches/SAMBA_3_0_25/source/rpc_parse/parse_samr.c branches/SAMBA_3_0_25/source/rpc_server/srv_samr_nt.c branches/SAMBA_3_0_25/source/rpc_server/srv_samr_util.c branches/SAMBA_3_0_26/source/include/rpc_samr.h branches/SAMBA_3_0_26/source/rpc_parse/parse_samr.c branches/SAMBA_3_0_26/source/rpc_server/srv_samr_nt.c branches/SAMBA_3_0_26/source/rpc_server/srv_samr_util.c Changeset: Sorry, the patch is too large (505 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=23616
svn commit: samba r23231 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: jmcd Date: 2007-05-29 21:50:17 + (Tue, 29 May 2007) New Revision: 23231 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=23231 Log: Fix make test on build farm for 64-bit hosts. There's no reason this should be any different for 64-bit hosts, but we probably are lucking out on other fields here as well. The "fields_present" field shouldn't just be copied from usrmgr traces, because it indicates which fields should be set, and in this case, we were setting the kickoff time (NOT the expired time) to some random date. Modified: branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c === --- branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c 2007-05-29 20:12:48 UTC (rev 23230) +++ branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c 2007-05-29 21:50:17 UTC (rev 23231) @@ -582,6 +582,7 @@ qui.out.info->info21.force_password_change = 0; qui.out.info->info21.account_name.string = NULL; qui.out.info->info21.rid = 0; + qui.out.info->info21.acct_expiry = 0; qui.out.info->info21.fields_present = 0x81827fa; /* copy usrmgr.exe */ u_info.info21 = qui.out.info->info21;
svn commit: samba r23041 - in branches: SAMBA_3_0/source/lib SAMBA_3_0_25/source/lib SAMBA_3_0_26/source/lib
Author: jmcd Date: 2007-05-21 16:01:22 + (Mon, 21 May 2007) New Revision: 23041 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=23041 Log: Remainder of fix for 4630: fix special case of unix_to_nt_time() for TIME_T_MAX, and also display of it in http_timestring() Modified: branches/SAMBA_3_0/source/lib/time.c branches/SAMBA_3_0_25/source/lib/time.c branches/SAMBA_3_0_26/source/lib/time.c Changeset: Modified: branches/SAMBA_3_0/source/lib/time.c === --- branches/SAMBA_3_0/source/lib/time.c2007-05-21 15:58:27 UTC (rev 23040) +++ branches/SAMBA_3_0/source/lib/time.c2007-05-21 16:01:22 UTC (rev 23041) @@ -95,7 +95,13 @@ if (t == (time_t)-1) { *nt = (NTTIME)-1LL; return; - } + } + + if (t == TIME_T_MAX) { + *nt = 0x7fffLL; + return; + } + if (t == 0) { *nt = 0; return; @@ -301,7 +307,9 @@ static fstring buf; struct tm *tm = localtime(&t); - if (!tm) { + if (t == TIME_T_MAX) { + slprintf(buf,sizeof(buf)-1,"never"); + } else if (!tm) { slprintf(buf,sizeof(buf)-1,"%ld seconds since the Epoch",(long)t); } else { #ifndef HAVE_STRFTIME Modified: branches/SAMBA_3_0_25/source/lib/time.c === --- branches/SAMBA_3_0_25/source/lib/time.c 2007-05-21 15:58:27 UTC (rev 23040) +++ branches/SAMBA_3_0_25/source/lib/time.c 2007-05-21 16:01:22 UTC (rev 23041) @@ -95,7 +95,13 @@ if (t == (time_t)-1) { *nt = (NTTIME)-1LL; return; - } + } + + if (t == TIME_T_MAX) { + *nt = 0x7fffLL; + return; + } + if (t == 0) { *nt = 0; return; @@ -301,7 +307,9 @@ static fstring buf; struct tm *tm = localtime(&t); - if (!tm) { + if (t == TIME_T_MAX) { + slprintf(buf,sizeof(buf)-1,"never"); + } else if (!tm) { slprintf(buf,sizeof(buf)-1,"%ld seconds since the Epoch",(long)t); } else { #ifndef HAVE_STRFTIME Modified: branches/SAMBA_3_0_26/source/lib/time.c === --- branches/SAMBA_3_0_26/source/lib/time.c 2007-05-21 15:58:27 UTC (rev 23040) +++ branches/SAMBA_3_0_26/source/lib/time.c 2007-05-21 16:01:22 UTC (rev 23041) @@ -95,7 +95,13 @@ if (t == (time_t)-1) { *nt = (NTTIME)-1LL; return; - } + } + + if (t == TIME_T_MAX) { + *nt = 0x7fffLL; + return; + } + if (t == 0) { *nt = 0; return; @@ -301,7 +307,9 @@ static fstring buf; struct tm *tm = localtime(&t); - if (!tm) { + if (t == TIME_T_MAX) { + slprintf(buf,sizeof(buf)-1,"never"); + } else if (!tm) { slprintf(buf,sizeof(buf)-1,"%ld seconds since the Epoch",(long)t); } else { #ifndef HAVE_STRFTIME
svn commit: samba r22504 - in branches: SAMBA_3_0/source/rpc_server SAMBA_3_0_25/source/rpc_server
Author: jmcd Date: 2007-04-24 15:56:02 + (Tue, 24 Apr 2007) New Revision: 22504 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=22504 Log: Fix bug Jerry found during his tutorial. Sorry :-( Allows authorized users (e.g. BUILTIN\Administrators members) to set attributes on an account, particularly "user cannot change password". add become_root() around updating attributes, after checking that access has been granted. Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c branches/SAMBA_3_0_25/source/rpc_server/srv_samr_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2007-04-24 13:55:04 UTC (rev 22503) +++ branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2007-04-24 15:56:02 UTC (rev 22504) @@ -724,7 +724,12 @@ return NT_STATUS_ACCESS_DENIED; } - status = pdb_update_sam_account(sampass); + status = access_check_samr_function(acc_granted, SA_RIGHT_USER_SET_ATTRIBUTES, "_samr_set_sec_obj"); + if NT_STATUS_IS_OK(status) { + become_root(); + status = pdb_update_sam_account(sampass); + unbecome_root(); + } TALLOC_FREE(sampass); Modified: branches/SAMBA_3_0_25/source/rpc_server/srv_samr_nt.c === --- branches/SAMBA_3_0_25/source/rpc_server/srv_samr_nt.c 2007-04-24 13:55:04 UTC (rev 22503) +++ branches/SAMBA_3_0_25/source/rpc_server/srv_samr_nt.c 2007-04-24 15:56:02 UTC (rev 22504) @@ -739,7 +739,12 @@ return NT_STATUS_ACCESS_DENIED; } - status = pdb_update_sam_account(sampass); + status = access_check_samr_function(acc_granted, SA_RIGHT_USER_SET_ATTRIBUTES, "_samr_set_sec_obj"); + if NT_STATUS_IS_OK(status) { + become_root(); + status = pdb_update_sam_account(sampass); + unbecome_root(); + } TALLOC_FREE(sampass);
svn commit: samba r22148 - in branches: SAMBA_3_0/source/modules SAMBA_3_0_25/source/modules
Author: jmcd Date: 2007-04-10 15:41:22 + (Tue, 10 Apr 2007) New Revision: 22148 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=22148 Log: Fix gpfs module on posix-acl test. Adds gpfsacl_sys_set_fd (calls _file). Thanks to Gomati Mohanan. Modified: branches/SAMBA_3_0/source/modules/vfs_gpfs.c branches/SAMBA_3_0_25/source/modules/vfs_gpfs.c Changeset: Modified: branches/SAMBA_3_0/source/modules/vfs_gpfs.c === --- branches/SAMBA_3_0/source/modules/vfs_gpfs.c2007-04-10 07:36:58 UTC (rev 22147) +++ branches/SAMBA_3_0/source/modules/vfs_gpfs.c2007-04-10 15:41:22 UTC (rev 22148) @@ -597,8 +597,7 @@ files_struct *fsp, int fd, SMB_ACL_T theacl) { - errno = ENOTSUP; - return -1; + return gpfsacl_sys_acl_set_file(handle, fsp->fsp_name, SMB_ACL_TYPE_ACCESS, theacl); } int gpfsacl_sys_acl_delete_def_file(vfs_handle_struct *handle, Modified: branches/SAMBA_3_0_25/source/modules/vfs_gpfs.c === --- branches/SAMBA_3_0_25/source/modules/vfs_gpfs.c 2007-04-10 07:36:58 UTC (rev 22147) +++ branches/SAMBA_3_0_25/source/modules/vfs_gpfs.c 2007-04-10 15:41:22 UTC (rev 22148) @@ -597,8 +597,7 @@ files_struct *fsp, int fd, SMB_ACL_T theacl) { - errno = ENOTSUP; - return -1; + return gpfsacl_sys_acl_set_file(handle, fsp->fsp_name, SMB_ACL_TYPE_ACCESS, theacl); } int gpfsacl_sys_acl_delete_def_file(vfs_handle_struct *handle,
svn commit: samba r21924 - in branches/SAMBA_3_0_25: .
Author: jmcd Date: 2007-03-22 01:13:25 + (Thu, 22 Mar 2007) New Revision: 21924 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21924 Log: NFSv3->NFSv4 for new ACL functionality Modified: branches/SAMBA_3_0_25/WHATSNEW.txt Changeset: Modified: branches/SAMBA_3_0_25/WHATSNEW.txt === --- branches/SAMBA_3_0_25/WHATSNEW.txt 2007-03-22 00:08:22 UTC (rev 21923) +++ branches/SAMBA_3_0_25/WHATSNEW.txt 2007-03-22 01:13:25 UTC (rev 21924) @@ -66,7 +66,7 @@ Samba's POSIX ACL support has been moved inside of the VFS layer which means it is now possible to support multiple ACL implementations -on the same server including NFSv3 and GPFS ACLs. +on the same server including NFSv4 and GPFS ACLs. ## @@ -284,7 +284,7 @@ Samba's POSIX ACL support has been moved inside of the VFS layer which means it is now possible to support multiple ACL implementations -on the same server including NFSv3 and GPFS ACLs. +on the same server including NFSv4 and GPFS ACLs. ##
svn commit: samba-docs r1066 - in trunk/manpages-3: .
Author: jmcd Date: 2007-03-20 13:05:44 + (Tue, 20 Mar 2007) New Revision: 1066 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1066 Log: Add nfs4:chown option, and a few formatting changes. Modified: trunk/manpages-3/vfs_gpfs.8.xml Changeset: Modified: trunk/manpages-3/vfs_gpfs.8.xml === --- trunk/manpages-3/vfs_gpfs.8.xml 2007-03-19 21:32:53 UTC (rev 1065) +++ trunk/manpages-3/vfs_gpfs.8.xml 2007-03-20 13:05:44 UTC (rev 1066) @@ -75,8 +75,10 @@ + nfs4:acedup = [dontcare|reject|ignore|merge] + This parameter configures how Samba handles duplicate ACEs encountered in GPFS ACLs. GPFS allows/creates duplicate ACE for different bits for same ID. @@ -89,8 +91,27 @@ ignore - don't include the second matching ACE merge - bitwise OR the 2 ace.flag fields and 2 ace.mask fields of the 2 duplicate ACEs into 1 ACE + + + + nfs4:chown = [yes|no] + + This parameter allows enabling or disabling the chown supported + by the underlying filesystem. This parameter should be enabled with + care as it might leave your system insecure. + Some filesystems allow chown as a) giving b) stealing. It is the latter + that is considered a risk. + + Following is the behaviour of Samba for different values : + + yes - Enable chown if as supported by the under filesystem + no (default) - Disable chown + + + +
svn commit: samba-docs r1064 - in trunk/manpages-3: .
Author: jmcd Date: 2007-03-19 18:38:51 + (Mon, 19 Mar 2007) New Revision: 1064 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1064 Log: A few updates to the gpfs manpage. Clarify some language, list setlease as feature, add "vfs objects = gpfs" to example. Modified: trunk/manpages-3/vfs_gpfs.8.xml Changeset: Modified: trunk/manpages-3/vfs_gpfs.8.xml === --- trunk/manpages-3/vfs_gpfs.8.xml 2007-03-19 18:29:04 UTC (rev 1063) +++ trunk/manpages-3/vfs_gpfs.8.xml 2007-03-19 18:38:51 UTC (rev 1064) @@ -28,14 +28,14 @@ The gpfs VFS module is the home for all gpfs extensions that Samba requires for proper integration - with GPFS. For this it utilizes the gpl-ed library interfaces provided by - GPFS team. + with GPFS. It uses the GPL library interfaces provided by GPFS. Currently the gpfs vfs module provides extensions in following areas : - NFSv4 ACL Interfaces with configurable options for gpfs + NFSv4 ACL Interfaces with configurable options for GPFS Kernel oplock support on GPFS + Lease support on GPFS @@ -60,13 +60,13 @@ nfs4:mode = [ simple | special ] - Enable/Disable substitution of special ids on GPFS. This parameter + Enable/Disable substitution of special IDs on GPFS. This parameter should not affect the windows users in anyway. It only ensures that Samba - sets the special ids - OWNER@ and GROUP@ ( mappings to simple uids ) + sets the special IDs - OWNER@ and GROUP@ ( mappings to simple uids ) that are relevant to GPFS. - The following MODE are understood by the module: + The following MODEs are understood by the module: simple(default) - do not use special IDs in GPFS ACEs special - use special IDs in GPFS ACEs. @@ -87,7 +87,7 @@ dontcare (default) - copy the ACEs as they come reject - stop operation and exit with error on ACL set op ignore - don't include the second matching ACE - merge - OR 2 ace.flag fields and 2 ace.mask fields of the 2 duplicate ACEs into 1 ACE + merge - bitwise OR the 2 ace.flag fields and 2 ace.mask fields of the 2 duplicate ACEs into 1 ACE @@ -101,6 +101,7 @@ + gpfs /test/gpfs_mount special merge
svn commit: samba-docs r1063 - in trunk/manpages-3: .
Author: jmcd Date: 2007-03-19 18:29:04 + (Mon, 19 Mar 2007) New Revision: 1063 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1063 Log: Add manpage for gpfs module. Thanks to Chetan Shringarpure <[EMAIL PROTECTED]> Added: trunk/manpages-3/vfs_gpfs.8.xml Changeset: Added: trunk/manpages-3/vfs_gpfs.8.xml === --- trunk/manpages-3/vfs_gpfs.8.xml 2007-03-18 18:21:43 UTC (rev 1062) +++ trunk/manpages-3/vfs_gpfs.8.xml 2007-03-19 18:29:04 UTC (rev 1063) @@ -0,0 +1,139 @@ + +http://www.samba.org/samba/DTD/samba-doc";> + + + + vfs_gpfs + 8 + + + + + vfs_gpfs + gpfs specific samba extensions like acls and prealloc + + + + + vfs objects = gpfs + + + + + DESCRIPTION + + This VFS module is part of the + samba + 7 suite. + + The gpfs VFS module is the home + for all gpfs extensions that Samba requires for proper integration + with GPFS. For this it utilizes the gpl-ed library interfaces provided by + GPFS team. + + + Currently the gpfs vfs module provides extensions in following areas : + + NFSv4 ACL Interfaces with configurable options for gpfs + Kernel oplock support on GPFS + + + + NOTE:This module follows the posix-acl behaviour + and hence allows permission stealing via chown. Samba might allow at a later + point in time, to restrict the chown via this module as such restrictions + are the responsibility of the underlying filesystem than of Samba. + + + This module is stackable. + + + + + + OPTIONS + + + + + + nfs4:mode = [ simple | special ] + + + Enable/Disable substitution of special ids on GPFS. This parameter + should not affect the windows users in anyway. It only ensures that Samba + sets the special ids - OWNER@ and GROUP@ ( mappings to simple uids ) + that are relevant to GPFS. + + + The following MODE are understood by the module: + + simple(default) - do not use special IDs in GPFS ACEs + special - use special IDs in GPFS ACEs. + + + + + + + nfs4:acedup = [dontcare|reject|ignore|merge] + + This parameter configures how Samba handles duplicate ACEs encountered in GPFS ACLs. + GPFS allows/creates duplicate ACE for different bits for same ID. + + + Following is the behaviour of Samba for different values : + + dontcare (default) - copy the ACEs as they come + reject - stop operation and exit with error on ACL set op + ignore - don't include the second matching ACE + merge - OR 2 ace.flag fields and 2 ace.mask fields of the 2 duplicate ACEs into 1 ACE + + + + + + + + EXAMPLES + + A GPFS mount can be exported via Samba as follows : + + + + /test/gpfs_mount + special + merge + + + + + CAVEATS + The gpfs gpl libraries are required by gpfs VFS + module during both compilation and runtime. + Also this VFS module is tested to work on SLES 9/10 and RHEL 4.4 + + + + + VERSION + This man page is correct for version 3.0.25 of the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The GPFS VFS module was created with contributions from + Volker Lendecke and the developers at IBM. + + +This manpage was created by the IBM FSCC team + + +
svn commit: samba r21637 - in branches: SAMBA_3_0/source/lib SAMBA_3_0_25/source/lib
Author: jmcd Date: 2007-03-01 20:52:14 + (Thu, 01 Mar 2007) New Revision: 21637 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21637 Log: Get "password never expires" account policy working. 0x8000LL is "infinity" to NT and should not be converted numerically to time_t. Modified: branches/SAMBA_3_0/source/lib/time.c branches/SAMBA_3_0_25/source/lib/time.c Changeset: Modified: branches/SAMBA_3_0/source/lib/time.c === --- branches/SAMBA_3_0/source/lib/time.c2007-03-01 19:22:31 UTC (rev 21636) +++ branches/SAMBA_3_0/source/lib/time.c2007-03-01 20:52:14 UTC (rev 21637) @@ -36,6 +36,8 @@ #define TIME_T_MAX (~ (time_t) 0 - TIME_T_MIN) #endif +#define NTTIME_INFINITY (NTTIME)0x8000LL + /** External access to time_t_min and time_t_max. **/ @@ -1180,6 +1182,10 @@ return (time_t)-1; } + if (*nt == NTTIME_INFINITY) { + return (time_t)-1; + } + /* reverse the time */ /* it's a negative value, turn it to positive */ d=~*nt; @@ -1248,7 +1254,7 @@ if (t == (time_t)-1) { /* that's what NT uses for infinite */ - *nt = 0x8000LL; + *nt = NTTIME_INFINITY; return; } @@ -1306,7 +1312,7 @@ if (nttime==0) return "Now"; - if (nttime==0x8000LL) + if (nttime==NTTIME_INFINITY) return "Never"; high = 65536; @@ -1335,7 +1341,7 @@ return False; } - if (*nt == 0x8000LL) { + if (*nt == NTTIME_INFINITY) { return False; } Modified: branches/SAMBA_3_0_25/source/lib/time.c === --- branches/SAMBA_3_0_25/source/lib/time.c 2007-03-01 19:22:31 UTC (rev 21636) +++ branches/SAMBA_3_0_25/source/lib/time.c 2007-03-01 20:52:14 UTC (rev 21637) @@ -36,6 +36,8 @@ #define TIME_T_MAX (~ (time_t) 0 - TIME_T_MIN) #endif +#define NTTIME_INFINITY (NTTIME)0x8000LL + /** External access to time_t_min and time_t_max. **/ @@ -1180,6 +1182,10 @@ return (time_t)-1; } + if (*nt == NTTIME_INFINITY) { + return (time_t)-1; + } + /* reverse the time */ /* it's a negative value, turn it to positive */ d=~*nt; @@ -1248,7 +1254,7 @@ if (t == (time_t)-1) { /* that's what NT uses for infinite */ - *nt = 0x8000LL; + *nt = NTTIME_INFINITY; return; } @@ -1306,7 +1312,7 @@ if (nttime==0) return "Now"; - if (nttime==0x8000LL) + if (nttime==NTTIME_INFINITY) return "Never"; high = 65536; @@ -1335,7 +1341,7 @@ return False; } - if (*nt == 0x8000LL) { + if (*nt == NTTIME_INFINITY) { return False; }
svn commit: samba r21339 - in branches: SAMBA_3_0/source/modules SAMBA_3_0_25/source/modules
Author: jmcd Date: 2007-02-14 14:25:56 + (Wed, 14 Feb 2007) New Revision: 21339 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21339 Log: Fix the non-linux build. This is more evidence that this needs to be moved up one layer. Modified: branches/SAMBA_3_0/source/modules/vfs_default.c branches/SAMBA_3_0_25/source/modules/vfs_default.c Changeset: Modified: branches/SAMBA_3_0/source/modules/vfs_default.c === --- branches/SAMBA_3_0/source/modules/vfs_default.c 2007-02-14 14:23:59 UTC (rev 21338) +++ branches/SAMBA_3_0/source/modules/vfs_default.c 2007-02-14 14:25:56 UTC (rev 21339) @@ -790,12 +790,14 @@ START_PROFILE(syscall_linux_setlease); +#ifdef LINUX /* first set the signal handler */ if(linux_set_lease_sighandler(fd) == -1) return -1; result = linux_setlease(fd, leasetype); +#endif END_PROFILE(syscall_linux_setlease); return result; } Modified: branches/SAMBA_3_0_25/source/modules/vfs_default.c === --- branches/SAMBA_3_0_25/source/modules/vfs_default.c 2007-02-14 14:23:59 UTC (rev 21338) +++ branches/SAMBA_3_0_25/source/modules/vfs_default.c 2007-02-14 14:25:56 UTC (rev 21339) @@ -790,12 +790,14 @@ START_PROFILE(syscall_linux_setlease); +#ifdef LINUX /* first set the signal handler */ if(linux_set_lease_sighandler(fd) == -1) return -1; result = linux_setlease(fd, leasetype); +#endif END_PROFILE(syscall_linux_setlease); return result; }
svn commit: samba r21324 - in branches: SAMBA_3_0/source/include SAMBA_3_0/source/modules SAMBA_3_0/source/profile SAMBA_3_0/source/smbd SAMBA_3_0_25/source/include SAMBA_3_0_25/source/modules SAMBA_3
Author: jmcd Date: 2007-02-14 02:37:14 + (Wed, 14 Feb 2007) New Revision: 21324 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21324 Log: Add linux setlease to the vfs layer. Next round, as Volker points out, it should be abstracted a little higher up so other os'es can have an entry, but it will take a bit more work. Thanks to Chetan Shringarpure and Mathias Dietz. I didn't increment the vfs number again because the kernel change notify stuff hasn't been released yet anyway. Modified: branches/SAMBA_3_0/source/include/smbprofile.h branches/SAMBA_3_0/source/include/vfs.h branches/SAMBA_3_0/source/include/vfs_macros.h branches/SAMBA_3_0/source/modules/vfs_default.c branches/SAMBA_3_0/source/modules/vfs_full_audit.c branches/SAMBA_3_0/source/modules/vfs_gpfs.c branches/SAMBA_3_0/source/profile/profile.c branches/SAMBA_3_0/source/smbd/oplock_linux.c branches/SAMBA_3_0_25/source/include/smbprofile.h branches/SAMBA_3_0_25/source/include/vfs.h branches/SAMBA_3_0_25/source/include/vfs_macros.h branches/SAMBA_3_0_25/source/modules/vfs_default.c branches/SAMBA_3_0_25/source/modules/vfs_full_audit.c branches/SAMBA_3_0_25/source/modules/vfs_gpfs.c branches/SAMBA_3_0_25/source/profile/profile.c branches/SAMBA_3_0_25/source/smbd/oplock_linux.c Changeset: Sorry, the patch is too large (609 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21324
svn commit: samba r21004 - in branches: SAMBA_3_0/source/modules SAMBA_3_0_24/source/modules
Author: jmcd Date: 2007-01-24 15:29:58 + (Wed, 24 Jan 2007) New Revision: 21004 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21004 Log: Patch from Mathias Dietz <[EMAIL PROTECTED]> to fix multi-node sharemodes in gpfs. Modified: branches/SAMBA_3_0/source/modules/gpfs.c branches/SAMBA_3_0_24/source/modules/gpfs.c Changeset: Modified: branches/SAMBA_3_0/source/modules/gpfs.c === --- branches/SAMBA_3_0/source/modules/gpfs.c2007-01-24 14:59:01 UTC (rev 21003) +++ branches/SAMBA_3_0/source/modules/gpfs.c2007-01-24 15:29:58 UTC (rev 21004) @@ -57,7 +57,7 @@ DEBUG(10, ("special case am=no_access:%x\n",access_mask)); } else { - deny |= (share_access & (FILE_SHARE_WRITE|FILE_SHARE_DELETE)) ? + deny |= (share_access & FILE_SHARE_WRITE) ? 0 : GPFS_DENY_WRITE; deny |= (share_access & (FILE_SHARE_READ)) ? 0 : GPFS_DENY_READ; Modified: branches/SAMBA_3_0_24/source/modules/gpfs.c === --- branches/SAMBA_3_0_24/source/modules/gpfs.c 2007-01-24 14:59:01 UTC (rev 21003) +++ branches/SAMBA_3_0_24/source/modules/gpfs.c 2007-01-24 15:29:58 UTC (rev 21004) @@ -57,7 +57,7 @@ DEBUG(10, ("special case am=no_access:%x\n",access_mask)); } else { - deny |= (share_access & (FILE_SHARE_WRITE|FILE_SHARE_DELETE)) ? + deny |= (share_access & FILE_SHARE_WRITE) ? 0 : GPFS_DENY_WRITE; deny |= (share_access & (FILE_SHARE_READ)) ? 0 : GPFS_DENY_READ;
svn commit: samba r20717 - in branches: SAMBA_3_0/source/modules SAMBA_3_0_24/source/modules
Author: jmcd Date: 2007-01-12 21:56:25 + (Fri, 12 Jan 2007) New Revision: 20717 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=20717 Log: Merge sharemode patch from Mathias Dietz <[EMAIL PROTECTED]>. The patch fixes the behaviour of GPFS sharemodes when the access mask is no_access. Modified: branches/SAMBA_3_0/source/modules/gpfs.c branches/SAMBA_3_0_24/source/modules/gpfs.c Changeset: Modified: branches/SAMBA_3_0/source/modules/gpfs.c === --- branches/SAMBA_3_0/source/modules/gpfs.c2007-01-12 17:58:38 UTC (rev 20716) +++ branches/SAMBA_3_0/source/modules/gpfs.c2007-01-12 21:56:25 UTC (rev 20717) @@ -52,11 +52,16 @@ DELETE_ACCESS)) ? GPFS_SHARE_WRITE : 0; allow |= (access_mask & (FILE_READ_DATA|FILE_EXECUTE)) ? GPFS_SHARE_READ : 0; - deny |= (share_access & (FILE_SHARE_WRITE|FILE_SHARE_DELETE)) ? - 0 : GPFS_DENY_WRITE; - deny |= (share_access & (FILE_SHARE_READ)) ? - 0 : GPFS_DENY_READ; + if (allow == GPFS_SHARE_NONE) { + DEBUG(10, ("special case am=no_access:%x\n",access_mask)); + } + else { + deny |= (share_access & (FILE_SHARE_WRITE|FILE_SHARE_DELETE)) ? + 0 : GPFS_DENY_WRITE; + deny |= (share_access & (FILE_SHARE_READ)) ? + 0 : GPFS_DENY_READ; + } DEBUG(10, ("am=%x, allow=%d, sa=%x, deny=%d\n", access_mask, allow, share_access, deny)); Modified: branches/SAMBA_3_0_24/source/modules/gpfs.c === --- branches/SAMBA_3_0_24/source/modules/gpfs.c 2007-01-12 17:58:38 UTC (rev 20716) +++ branches/SAMBA_3_0_24/source/modules/gpfs.c 2007-01-12 21:56:25 UTC (rev 20717) @@ -52,11 +52,16 @@ DELETE_ACCESS)) ? GPFS_SHARE_WRITE : 0; allow |= (access_mask & (FILE_READ_DATA|FILE_EXECUTE)) ? GPFS_SHARE_READ : 0; - deny |= (share_access & (FILE_SHARE_WRITE|FILE_SHARE_DELETE)) ? - 0 : GPFS_DENY_WRITE; - deny |= (share_access & (FILE_SHARE_READ)) ? - 0 : GPFS_DENY_READ; + if (allow == GPFS_SHARE_NONE) { + DEBUG(10, ("special case am=no_access:%x\n",access_mask)); + } + else { + deny |= (share_access & (FILE_SHARE_WRITE|FILE_SHARE_DELETE)) ? + 0 : GPFS_DENY_WRITE; + deny |= (share_access & (FILE_SHARE_READ)) ? + 0 : GPFS_DENY_READ; + } DEBUG(10, ("am=%x, allow=%d, sa=%x, deny=%d\n", access_mask, allow, share_access, deny));
svn commit: samba r20136 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_24/source/nsswitch
Author: jmcd Date: 2006-12-12 22:05:48 + (Tue, 12 Dec 2006) New Revision: 20136 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=20136 Log: Fix #4290. Properly compute time to password expiration in message from pam_winbind. Thanks to Andrew Benham <[EMAIL PROTECTED]> Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c branches/SAMBA_3_0_24/source/nsswitch/pam_winbind.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c === --- branches/SAMBA_3_0/source/nsswitch/pam_winbind.c2006-12-12 21:47:56 UTC (rev 20135) +++ branches/SAMBA_3_0/source/nsswitch/pam_winbind.c2006-12-12 22:05:48 UTC (rev 20136) @@ -536,7 +536,8 @@ (response.data.auth.policy.expire) && (response.data.auth.info3.pass_last_set_time + response.data.auth.policy.expire > time(NULL) ) ) { - int days = response.data.auth.policy.expire / SECONDS_PER_DAY; + int days = (response.data.auth.info3.pass_last_set_time + response.data.auth.policy.expire - + time(NULL))/ SECONDS_PER_DAY; if (days <= DAYS_TO_WARN_BEFORE_PWD_EXPIRES) { _make_remark_format(pamh, PAM_TEXT_INFO, "Your password will expire in %d days", days); } Modified: branches/SAMBA_3_0_24/source/nsswitch/pam_winbind.c === --- branches/SAMBA_3_0_24/source/nsswitch/pam_winbind.c 2006-12-12 21:47:56 UTC (rev 20135) +++ branches/SAMBA_3_0_24/source/nsswitch/pam_winbind.c 2006-12-12 22:05:48 UTC (rev 20136) @@ -536,7 +536,8 @@ (response.data.auth.policy.expire) && (response.data.auth.info3.pass_last_set_time + response.data.auth.policy.expire > time(NULL) ) ) { - int days = response.data.auth.policy.expire / SECONDS_PER_DAY; + int days = (response.data.auth.info3.pass_last_set_time + response.data.auth.policy.expire - + time(NULL))/ SECONDS_PER_DAY; if (days <= DAYS_TO_WARN_BEFORE_PWD_EXPIRES) { _make_remark_format(pamh, PAM_TEXT_INFO, "Your password will expire in %d days", days); }
svn commit: samba-docs r1004 - in trunk/Samba3-HOWTO: .
Author: jmcd Date: 2006-12-12 19:21:31 + (Tue, 12 Dec 2006) New Revision: 1004 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1004 Log: Also update the HOWTO with the createcomputer information for net ads join Modified: trunk/Samba3-HOWTO/TOSHARG-DomainMember.xml Changeset: Modified: trunk/Samba3-HOWTO/TOSHARG-DomainMember.xml === --- trunk/Samba3-HOWTO/TOSHARG-DomainMember.xml 2006-12-12 16:52:26 UTC (rev 1003) +++ trunk/Samba3-HOWTO/TOSHARG-DomainMember.xml 2006-12-12 19:21:31 UTC (rev 1004) @@ -1112,7 +1112,7 @@ this to be done using the following syntax: &rootprompt; kinit [EMAIL PROTECTED] -&rootprompt; net ads join "organizational_unit" +&rootprompt; net ads join createcomputer="organizational_unit" Your ADS manager will be able to advise what should be specified for the "organizational_unit" parameter. @@ -1123,13 +1123,15 @@ container ADS For example, you may want to create the machine trust account in a container called Servers -under the organizational directory Computers\BusinessUnit\Department, like this: +under the organizational directory Computers/BusinessUnit/Department, like this: -&rootprompt; net ads join "Computers\BusinessUnit\Department\Servers" +&rootprompt; net ads join "Computers/BusinessUnit/Department/Servers" This command will place the Samba server machine trust account in the container -Computers\BusinessUnit\Department\Servers. The container should exist in the ADS directory -before executing this command. +Computers/BusinessUnit/Department/Servers. The container should exist in the ADS directory +before executing this command. Please note that forward slashes must be used, because backslashes are both +valid characters in an OU name and used as escapes for other characters. If you need a backslash in an OU +name, it may need to be quadrupled to pass through the shell escape and ldap escape.
svn commit: samba-docs r1003 - in trunk/manpages-3: .
Author: jmcd Date: 2006-12-12 16:52:26 + (Tue, 12 Dec 2006) New Revision: 1003 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1003 Log: Add ads-only options for net ads join Modified: trunk/manpages-3/net.8.xml Changeset: Modified: trunk/manpages-3/net.8.xml === --- trunk/manpages-3/net.8.xml 2006-12-01 13:53:26 UTC (rev 1002) +++ trunk/manpages-3/net.8.xml 2006-12-12 16:52:26 UTC (rev 1003) @@ -181,7 +181,7 @@ -[RPC|ADS] JOIN [TYPE] [-U username[%password]] [options] +[RPC|ADS] JOIN [TYPE] [-U username[%password]] [createupn=UPN] [createcomputer=OU] [options] Join a domain. If the account already exists on the server, and @@ -194,6 +194,19 @@ [TYPE] may be PDC, BDC or MEMBER to specify the type of server joining the domain. + + +[UPN] (ADS only) set the principalname attribute during the join. The default +format is host/[EMAIL PROTECTED] + + + +[OU] (ADS only) Precreate the computer account in a specific OU. The +OU string reads from top to bottom without RDNs, and is delimited by +a '/'. Please note that '\' is used for escape by both the shell +and ldap, so it may need to be doubled or quadrupled to pass through, +and it is not used as a delimiter. +
svn commit: samba r20119 - in branches: SAMBA_3_0/source/utils SAMBA_3_0_24/source/utils
Author: jmcd Date: 2006-12-12 16:40:57 + (Tue, 12 Dec 2006) New Revision: 20119 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=20119 Log: Update help info indicating how to use separators (forward slash only) and properly use backslashes in "net ads join computername=" Modified: branches/SAMBA_3_0/source/utils/net_ads.c branches/SAMBA_3_0_24/source/utils/net_ads.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_ads.c === --- branches/SAMBA_3_0/source/utils/net_ads.c 2006-12-12 15:16:26 UTC (rev 20118) +++ branches/SAMBA_3_0/source/utils/net_ads.c 2006-12-12 16:40:57 UTC (rev 20119) @@ -1322,6 +1322,8 @@ d_printf(" createcomputer=OU Precreate the computer account in a specific OU.\n"); d_printf(" The OU string read from top to bottom without RDNs and delimited by a '/'.\n"); d_printf(" E.g. \"createcomputer=Computers/Servers/Unix\"\n"); + d_printf(" NB: A backslash '\\' is used as escape at multiple levels and may\n"); + d_printf(" need to be doubled or even quadrupled. It is not used as a separator"); return -1; } Modified: branches/SAMBA_3_0_24/source/utils/net_ads.c === --- branches/SAMBA_3_0_24/source/utils/net_ads.c2006-12-12 15:16:26 UTC (rev 20118) +++ branches/SAMBA_3_0_24/source/utils/net_ads.c2006-12-12 16:40:57 UTC (rev 20119) @@ -1322,6 +1322,8 @@ d_printf(" createcomputer=OU Precreate the computer account in a specific OU.\n"); d_printf(" The OU string read from top to bottom without RDNs and delimited by a '/'.\n"); d_printf(" E.g. \"createcomputer=Computers/Servers/Unix\"\n"); + d_printf(" NB: A backslash '\\' is used as escape at multiple levels and may\n"); + d_printf(" need to be doubled or even quadrupled. It is not used as a separator"); return -1; }
svn commit: samba r20089 - in branches: SAMBA_3_0/source SAMBA_3_0/source/modules SAMBA_3_0_24/source SAMBA_3_0_24/source/modules
Author: jmcd Date: 2006-12-08 18:56:01 + (Fri, 08 Dec 2006) New Revision: 20089 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=20089 Log: Put gpfs acl function into vfs_gpfs module. Thanks to Gomati Mohanan <[EMAIL PROTECTED]>. Also fix fields for sec_desc differences between 3.0 and 3.0.24 in nfs4_acls.c. Added: branches/SAMBA_3_0/source/modules/README-gpfs-acl.txt branches/SAMBA_3_0_24/source/modules/README-gpfs-acl.txt Modified: branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/modules/vfs_gpfs.c branches/SAMBA_3_0_24/source/Makefile.in branches/SAMBA_3_0_24/source/modules/nfs4_acls.c branches/SAMBA_3_0_24/source/modules/vfs_gpfs.c Changeset: Sorry, the patch is too large (1457 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=20089
svn commit: samba r19749 - in branches/SAMBA_3_0_24/source: . include lib modules smbd
Author: jmcd Date: 2006-11-16 18:44:26 + (Thu, 16 Nov 2006) New Revision: 19749 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19749 Log: Merge acl vfs changes, including nfs4 acl support, from SAMBA_3_0 Added: branches/SAMBA_3_0_24/source/modules/README.nfs4acls.txt branches/SAMBA_3_0_24/source/modules/nfs4_acls.c branches/SAMBA_3_0_24/source/modules/nfs4_acls.h branches/SAMBA_3_0_24/source/modules/vfs_aixacl.c branches/SAMBA_3_0_24/source/modules/vfs_aixacl2.c branches/SAMBA_3_0_24/source/modules/vfs_aixacl_util.c branches/SAMBA_3_0_24/source/modules/vfs_hpuxacl.c branches/SAMBA_3_0_24/source/modules/vfs_irixacl.c branches/SAMBA_3_0_24/source/modules/vfs_posixacl.c branches/SAMBA_3_0_24/source/modules/vfs_solarisacl.c branches/SAMBA_3_0_24/source/modules/vfs_tru64acl.c Modified: branches/SAMBA_3_0_24/source/Makefile.in branches/SAMBA_3_0_24/source/configure.in branches/SAMBA_3_0_24/source/include/smb_acls.h branches/SAMBA_3_0_24/source/lib/sysacls.c branches/SAMBA_3_0_24/source/modules/vfs_afsacl.c branches/SAMBA_3_0_24/source/smbd/posix_acls.c branches/SAMBA_3_0_24/source/smbd/vfs-wrap.c Changeset: Sorry, the patch is too large (7779 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19749
svn commit: samba r19658 - in branches/SAMBA_3_0_24/source/modules: .
Author: jmcd Date: 2006-11-10 23:30:07 + (Fri, 10 Nov 2006) New Revision: 19658 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19658 Log: Forgot to add these for the gpfs code Added: branches/SAMBA_3_0_24/source/modules/gpfs.c branches/SAMBA_3_0_24/source/modules/vfs_gpfs.c Changeset: Added: branches/SAMBA_3_0_24/source/modules/gpfs.c === --- branches/SAMBA_3_0_24/source/modules/gpfs.c 2006-11-10 15:56:20 UTC (rev 19657) +++ branches/SAMBA_3_0_24/source/modules/gpfs.c 2006-11-10 23:30:07 UTC (rev 19658) @@ -0,0 +1,231 @@ +/* + * Unix SMB/CIFS implementation. + * Provide a connection to GPFS specific features + * Copyright (C) Volker Lendecke 2005 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +#ifdef HAVE_GPFS + +#include "gpfs_gpl.h" + +static void *libgpfs_handle = NULL; + +static int (*gpfs_set_share_fn)(int fd, unsigned int allow, unsigned int deny); +static int (*gpfs_set_lease_fn)(int fd, unsigned int leaseType); +static int (*gpfs_getacl_fn)(char *pathname, int flags, void *acl); +static int (*gpfs_putacl_fn)(char *pathname, int flags, void *acl); + + +BOOL set_gpfs_sharemode(files_struct *fsp, uint32 access_mask, + uint32 share_access) +{ + unsigned int allow = GPFS_SHARE_NONE; + unsigned int deny = GPFS_DENY_NONE; + int result; + + if (gpfs_set_share_fn == NULL) { + return False; + } + + if ((fsp == NULL) || (fsp->fh == NULL) || (fsp->fh->fd < 0)) { + /* No real file, don't disturb */ + return True; + } + + allow |= (access_mask & (FILE_WRITE_DATA|FILE_APPEND_DATA| +DELETE_ACCESS)) ? GPFS_SHARE_WRITE : 0; + allow |= (access_mask & (FILE_READ_DATA|FILE_EXECUTE)) ? + GPFS_SHARE_READ : 0; + deny |= (share_access & (FILE_SHARE_WRITE|FILE_SHARE_DELETE)) ? + 0 : GPFS_DENY_WRITE; + deny |= (share_access & (FILE_SHARE_READ)) ? + 0 : GPFS_DENY_READ; + + DEBUG(10, ("am=%x, allow=%d, sa=%x, deny=%d\n", + access_mask, allow, share_access, deny)); + + result = gpfs_set_share_fn(fsp->fh->fd, allow, deny); + if (result != 0) { + if (errno == ENOSYS) { + DEBUG(5, ("VFS module vfs_gpfs loaded, but no gpfs " + "support has been compiled into Samba. Allowing access\n")); + return True; + } else { + DEBUG(10, ("gpfs_set_share failed: %s\n", + strerror(errno))); + } + } + + return (result == 0); +} + +int set_gpfs_lease(int fd, int leasetype) +{ + int gpfs_type = GPFS_LEASE_NONE; + + if (gpfs_set_lease_fn == NULL) { + errno = EINVAL; + return -1; + } + + if (leasetype == F_RDLCK) { + gpfs_type = GPFS_LEASE_READ; + } + if (leasetype == F_WRLCK) { + gpfs_type = GPFS_LEASE_WRITE; + } + return gpfs_set_lease_fn(fd, gpfs_type); +} + +int smbd_gpfs_getacl(char *pathname, int flags, void *acl) +{ + if (gpfs_getacl_fn == NULL) { + errno = ENOSYS; + return -1; + } + + return gpfs_getacl_fn(pathname, flags, acl); +} + +int smbd_gpfs_putacl(char *pathname, int flags, void *acl) +{ + if (gpfs_putacl_fn == NULL) { + errno = ENOSYS; + return -1; + } + + return gpfs_putacl_fn(pathname, flags, acl); +} + +void init_gpfs(void) +{ + if (libgpfs_handle != NULL) { + return; + } + + libgpfs_handle = sys_dlopen("libgpfs_gpl.so", RTLD_LAZY); + + if (libgpfs_handle == NULL) { + DEBUG(10, ("sys_dlopen for libgpfs_gpl failed: %s\n", + strerror(errno))); + return; + } + + DEBUG(10, ("libgpfs_gpl.so loaded\n")); + + gpfs_set_share_fn = sys_dlsym(libgpfs_
svn commit: samba r19655 - in branches: SAMBA_3_0/source/include SAMBA_3_0_24/source/include
Author: jmcd Date: 2006-11-10 15:43:29 + (Fri, 10 Nov 2006) New Revision: 19655 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19655 Log: Jeremy, please review: I updated the vfs version in 3.0.24 from 16 to 17, beacuse 16 was the latest released code, but on SAMBA_3_0, I reverted my earlier change back from 19 to 18, because we've not had any released code with 18. This is related to the kernel_flock call addition. Modified: branches/SAMBA_3_0/source/include/vfs.h branches/SAMBA_3_0_24/source/include/vfs.h Changeset: Modified: branches/SAMBA_3_0/source/include/vfs.h === --- branches/SAMBA_3_0/source/include/vfs.h 2006-11-10 15:40:48 UTC (rev 19654) +++ branches/SAMBA_3_0/source/include/vfs.h 2006-11-10 15:43:29 UTC (rev 19655) @@ -63,9 +63,9 @@ /* Changed to version 15 as we added the statvfs call. JRA */ /* Changed to version 16 as we added the getlock call. JRA */ /* Changed to version 17 as we removed redundant connection_struct parameters. --jpeach */ -/* Changed to version 18 to add fsp parameter to the open call -- jpeach */ -/* Changed to version 19 to add kernel_flock call - jmcd */ -#define SMB_VFS_INTERFACE_VERSION 19 +/* Changed to version 18 to add fsp parameter to the open call -- jpeach + Also include kernel_flock call - jmcd */ +#define SMB_VFS_INTERFACE_VERSION 18 /* to bug old modules which are trying to compile with the old functions */ Modified: branches/SAMBA_3_0_24/source/include/vfs.h === --- branches/SAMBA_3_0_24/source/include/vfs.h 2006-11-10 15:40:48 UTC (rev 19654) +++ branches/SAMBA_3_0_24/source/include/vfs.h 2006-11-10 15:43:29 UTC (rev 19655) @@ -62,7 +62,8 @@ /* Changed to version 14 as we had to change DIR to SMB_STRUCT_DIR. JRA */ /* Changed to version 15 as we added the statvfs call. JRA */ /* Changed to version 16 as we added the getlock call. JRA */ -#define SMB_VFS_INTERFACE_VERSION 16 +/* Changed to version 17 to add kernel_flock call. Note in 3.0 dev branch it's different - jmcd */ +#define SMB_VFS_INTERFACE_VERSION 17 /* to bug old modules which are trying to compile with the old functions */
svn commit: samba r19654 - in branches/SAMBA_3_0_24/source: . include lib smbd
Author: jmcd Date: 2006-11-10 15:40:48 + (Fri, 10 Nov 2006) New Revision: 19654 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19654 Log: merge GPFS vfs support from 3.0, including adding kernel_flock vfs op. Modified: branches/SAMBA_3_0_24/source/Makefile.in branches/SAMBA_3_0_24/source/configure.in branches/SAMBA_3_0_24/source/include/smbprofile.h branches/SAMBA_3_0_24/source/include/vfs.h branches/SAMBA_3_0_24/source/include/vfs_macros.h branches/SAMBA_3_0_24/source/lib/system.c branches/SAMBA_3_0_24/source/smbd/open.c branches/SAMBA_3_0_24/source/smbd/vfs-wrap.c branches/SAMBA_3_0_24/source/smbd/vfs.c Changeset: Modified: branches/SAMBA_3_0_24/source/Makefile.in === --- branches/SAMBA_3_0_24/source/Makefile.in2006-11-10 15:28:44 UTC (rev 19653) +++ branches/SAMBA_3_0_24/source/Makefile.in2006-11-10 15:40:48 UTC (rev 19654) @@ -374,6 +374,7 @@ VFS_SHADOW_COPY_OBJ = modules/vfs_shadow_copy.o VFS_AFSACL_OBJ = modules/vfs_afsacl.o VFS_CATIA_OBJ = modules/vfs_catia.o +VFS_GPFS_OBJ = modules/vfs_gpfs.o modules/gpfs.o PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o @@ -1373,6 +1374,10 @@ @$(SHLD) $(LDSHFLAGS) -o $@ $(VFS_CATIA_OBJ:[EMAIL PROTECTED]@) \ @[EMAIL PROTECTED] [EMAIL PROTECTED] +bin/[EMAIL PROTECTED]@: $(VFS_GPFS_OBJ) + @echo "Building plugin $@" + @$(SHLD) $(LDSHFLAGS) -o $@ $(VFS_GPFS_OBJ) \ + @[EMAIL PROTECTED] [EMAIL PROTECTED] bin/[EMAIL PROTECTED]@: $(WBINFO_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ Modified: branches/SAMBA_3_0_24/source/configure.in === --- branches/SAMBA_3_0_24/source/configure.in 2006-11-10 15:28:44 UTC (rev 19653) +++ branches/SAMBA_3_0_24/source/configure.in 2006-11-10 15:40:48 UTC (rev 19654) @@ -1286,6 +1286,20 @@ AC_CHECK_FUNCS(backtrace_symbols) AC_CHECK_LIB(exc, trace_back_stack) +echo -n "checking for GPFS GPL libs... " +save_LIBS="$LIBS" +LIBS="$LIBS -lgpfs_gpl" +AC_TRY_LINK([#include ], + [gpfs_set_share(0,GPFS_SHARE_READ,GPFS_DENY_NONE)], + samba_cv_HAVE_GPFS=yes, + samba_cv_HAVE_GPFS=no) +echo $samba_cv_HAVE_GPFS +if test x"$samba_cv_HAVE_GPFS" = x"yes"; then +AC_DEFINE(HAVE_GPFS,1,[Whether GPFS GPL libs are available]) +default_shared_modules="$default_shared_modules vfs_gpfs" +fi +LIBS="$save_LIBS" + # Note that all the libunwind symbols in the API are defined to internal # platform-specific version, so we must include libunwind.h before checking # any of them. @@ -5598,6 +5612,7 @@ SMB_MODULE(vfs_shadow_copy, \$(VFS_SHADOW_COPY_OBJ), "bin/shadow_copy.$SHLIBEXT", VFS) SMB_MODULE(vfs_afsacl, \$(VFS_AFSACL_OBJ), "bin/afsacl.$SHLIBEXT", VFS) SMB_MODULE(vfs_catia, \$(VFS_CATIA_OBJ), "bin/catia.$SHLIBEXT", VFS) +SMB_MODULE(vfs_gpfs, \$(VFS_GPFS_OBJ), "bin/gpfs.$SHLIBEXT", VFS) SMB_SUBSYSTEM(VFS,smbd/vfs.o) AC_DEFINE_UNQUOTED(STRING_STATIC_MODULES, "$string_static_modules", [String list of builtin modules]) Modified: branches/SAMBA_3_0_24/source/include/smbprofile.h === --- branches/SAMBA_3_0_24/source/include/smbprofile.h 2006-11-10 15:28:44 UTC (rev 19653) +++ branches/SAMBA_3_0_24/source/include/smbprofile.h 2006-11-10 15:40:48 UTC (rev 19654) @@ -101,6 +101,8 @@ unsigned syscall_ftruncate_count; unsigned syscall_ftruncate_time; unsigned syscall_fcntl_lock_count; + unsigned syscall_kernel_flock_count; + unsigned syscall_kernel_flock_time; unsigned syscall_fcntl_lock_time; unsigned syscall_fcntl_getlock_count; unsigned syscall_fcntl_getlock_time; Modified: branches/SAMBA_3_0_24/source/include/vfs.h === --- branches/SAMBA_3_0_24/source/include/vfs.h 2006-11-10 15:28:44 UTC (rev 19653) +++ branches/SAMBA_3_0_24/source/include/vfs.h 2006-11-10 15:40:48 UTC (rev 19654) @@ -142,6 +142,7 @@ SMB_VFS_OP_UTIME, SMB_VFS_OP_FTRUNCATE, SMB_VFS_OP_LOCK, + SMB_VFS_OP_KERNEL_FLOCK, SMB_VFS_OP_GETLOCK, SMB_VFS_OP_SYMLINK, SMB_VFS_OP_READLINK, @@ -264,6 +265,7 @@ int (*utime)(struct vfs_handle_struct *handle, struct connection_struct *conn, const char *path, struct utimbuf *times); int (*ftruncate)(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, SMB_OFF_T offset); BOOL (*lock)(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, int op, SMB_OFF_T offset, SMB_OFF_T count, int type); + int (*kernel_flock)(struct vfs_handle_struct *handle, struct files_st
svn commit: samba r19653 - in branches/SAMBA_3_0_24/source/libsmb: .
Author: jmcd Date: 2006-11-10 15:28:44 + (Fri, 10 Nov 2006) New Revision: 19653 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19653 Log: Fix the non-krb build, a la 3.0.23 Modified: branches/SAMBA_3_0_24/source/libsmb/cliconnect.c Changeset: Modified: branches/SAMBA_3_0_24/source/libsmb/cliconnect.c === --- branches/SAMBA_3_0_24/source/libsmb/cliconnect.c2006-11-10 13:46:19 UTC (rev 19652) +++ branches/SAMBA_3_0_24/source/libsmb/cliconnect.c2006-11-10 15:28:44 UTC (rev 19653) @@ -715,9 +715,7 @@ char *principal; char *OIDs[ASN1_MAX_OIDS]; int i; -#ifdef HAVE_KRB5 BOOL got_kerberos_mechanism = False; -#endif DATA_BLOB blob; DEBUG(3,("Doing spnego session setup (blob length=%lu)\n", (unsigned long)cli->secblob.length));
svn commit: samba r19648 - in branches/SAMBA_3_0/source/include: .
Author: jmcd Date: 2006-11-09 21:40:40 + (Thu, 09 Nov 2006) New Revision: 19648 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19648 Log: whoops, forgot to increment the vfs version number with the added flock call. Modified: branches/SAMBA_3_0/source/include/vfs.h Changeset: Modified: branches/SAMBA_3_0/source/include/vfs.h === --- branches/SAMBA_3_0/source/include/vfs.h 2006-11-09 20:29:31 UTC (rev 19647) +++ branches/SAMBA_3_0/source/include/vfs.h 2006-11-09 21:40:40 UTC (rev 19648) @@ -64,7 +64,8 @@ /* Changed to version 16 as we added the getlock call. JRA */ /* Changed to version 17 as we removed redundant connection_struct parameters. --jpeach */ /* Changed to version 18 to add fsp parameter to the open call -- jpeach */ -#define SMB_VFS_INTERFACE_VERSION 18 +/* Changed to version 19 to add kernel_flock call - jmcd */ +#define SMB_VFS_INTERFACE_VERSION 19 /* to bug old modules which are trying to compile with the old functions */
svn commit: samba r19647 - in branches/SAMBA_3_0/source: . include lib modules profile smbd
Author: jmcd Date: 2006-11-09 20:29:31 + (Thu, 09 Nov 2006) New Revision: 19647 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19647 Log: Add some GPFS support in a vfs mod. Also adds the kernel flock op to the vfs layer, since gpfs supports it. Thanks to Volker, Christian, Mathias, Chetan, and Peter. Added: branches/SAMBA_3_0/source/modules/gpfs.c branches/SAMBA_3_0/source/modules/vfs_gpfs.c Modified: branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/configure.in branches/SAMBA_3_0/source/include/smbprofile.h branches/SAMBA_3_0/source/include/vfs.h branches/SAMBA_3_0/source/include/vfs_macros.h branches/SAMBA_3_0/source/lib/system.c branches/SAMBA_3_0/source/modules/vfs_default.c branches/SAMBA_3_0/source/profile/profile.c branches/SAMBA_3_0/source/smbd/open.c Changeset: Sorry, the patch is too large (590 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19647
svn commit: samba r19158 - in branches: SAMBA_3_0/source/utils SAMBA_3_0_23/source/utils
Author: jmcd Date: 2006-10-06 20:09:10 + (Fri, 06 Oct 2006) New Revision: 19158 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19158 Log: Remove root and nobody users from ldif, from Bj?\195?\182rn Jacke Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c branches/SAMBA_3_0_23/source/utils/net_rpc_samsync.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c === --- branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2006-10-06 19:49:16 UTC (rev 19157) +++ branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2006-10-06 20:09:10 UTC (rev 19158) @@ -29,7 +29,7 @@ /* uid's and gid's for writing deltas to ldif */ static uint32 ldif_gid = 999; static uint32 ldif_uid = 999; -/* Kkeep track of ldap initialization */ +/* Keep track of ldap initialization */ static int init_ldap = 1; static void display_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *g) @@ -1104,37 +1104,6 @@ fflush(add_fd); } - /* Write the root entity */ - fprintf(add_fd, "# root, %s, %s\n", user_attr, suffix); - fprintf(add_fd, "dn: uid=root,ou=%s,%s\n", user_attr, suffix); - fprintf(add_fd, "cn: root\n"); - fprintf(add_fd, "sn: root\n"); - fprintf(add_fd, "objectClass: inetOrgPerson\n"); - fprintf(add_fd, "objectClass: sambaSAMAccount\n"); - fprintf(add_fd, "objectClass: posixAccount\n"); - fprintf(add_fd, "objectClass: shadowAccount\n"); - fprintf(add_fd, "gidNumber: 0\n"); - fprintf(add_fd, "uid: root\n"); - fprintf(add_fd, "uidNumber: 0\n"); - fprintf(add_fd, "homeDirectory: /home/root\n"); - fprintf(add_fd, "sambaPwdLastSet: 0\n"); - fprintf(add_fd, "sambaLogonTime: 0\n"); - fprintf(add_fd, "sambaLogoffTime: 2147483647\n"); - fprintf(add_fd, "sambaKickoffTime: 2147483647\n"); - fprintf(add_fd, "sambaPwdCanChange: 0\n"); - fprintf(add_fd, "sambaPwdMustChange: 2147483647\n"); - fprintf(add_fd, "sambaHomePath: PDC-SRV\\root\n"); - fprintf(add_fd, "sambaHomeDrive: H:\n"); - fprintf(add_fd, "sambaProfilePath: PDC-SRV\\profiles\\root\n"); - fprintf(add_fd, "sambaprimaryGroupSID: %s-512\n", sid); - fprintf(add_fd, "sambaLMPassword: XXX\n"); - fprintf(add_fd, "sambaNTPassword: XXX\n"); - fprintf(add_fd, "sambaAcctFlags: [U\n"); - fprintf(add_fd, "sambaSID: %s-500\n", sid); - fprintf(add_fd, "loginShell: /bin/false\n"); - fprintf(add_fd, "\n"); - fflush(add_fd); - /* Write the domain entity */ fprintf(add_fd, "# %s, %s\n", lp_workgroup(), suffix); fprintf(add_fd, "dn: sambaDomainName=%s,%s\n", lp_workgroup(), @@ -1148,37 +1117,6 @@ fprintf(add_fd, "\n"); fflush(add_fd); - /* Write user nobody entity */ - fprintf(add_fd, "# nobody, %s, %s\n", user_attr, suffix); - fprintf(add_fd, "dn: uid=nobody,ou=%s,%s\n", user_attr, suffix); - fprintf(add_fd, "cn: nobody\n"); - fprintf(add_fd, "sn: nobody\n"); - fprintf(add_fd, "objectClass: inetOrgPerson\n"); - fprintf(add_fd, "objectClass: sambaSAMAccount\n"); - fprintf(add_fd, "objectClass: posixAccount\n"); - fprintf(add_fd, "objectClass: shadowAccount\n"); - fprintf(add_fd, "gidNumber: 514\n"); - fprintf(add_fd, "uid: nobody\n"); - fprintf(add_fd, "uidNumber: 999\n"); - fprintf(add_fd, "homeDirectory: /nobodyshomedir\n"); - fprintf(add_fd, "sambaPwdLastSet: 0\n"); - fprintf(add_fd, "sambaLogonTime: 0\n"); - fprintf(add_fd, "sambaLogoffTime: 2147483647\n"); - fprintf(add_fd, "sambaKickoffTime: 2147483647\n"); - fprintf(add_fd, "sambaPwdCanChange: 0\n"); - fprintf(add_fd, "sambaPwdMustChange: 2147483647\n"); - fprintf(add_fd, "sambaHomePath: PDC-SMD3\\homes\\nobody\n"); - fprintf(add_fd, "sambaHomeDrive: H:\n"); - fprintf(add_fd, "sambaProfilePath: PDC-SMB3\\profiles\\nobody\n"); - fprintf(add_fd, "sambaprimaryGroupSID: %s-514\n", sid); - fprintf(add_fd, "sambaLMPassword: NOPASSWORDX\n"); - fprintf(add_fd, "sambaNTPassword: NOPASSWORDX\n"); - fprintf(add_fd, "sambaAcctFlags: [NU\n"); - fprintf(add_fd, "sambaSID: %s-2998\n", sid); -
svn commit: samba r19058 - in branches/SAMBA_3_0/source: auth passdb rpc_server smbd
Author: jmcd Date: 2006-10-03 17:14:18 + (Tue, 03 Oct 2006) New Revision: 19058 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19058 Log: Implement "user cannot change password", and complete "user must change password at next logon" code. The "password last set time" of zero now means "user must change password", because that's how windows seems to use it. The "can change" and "must change" times are now calculated based on the "last set" time and policies. We use the "can change" field now to indicate that a user cannot change a password by putting MAX_TIME_T in it (so long as "last set" time isn't zero). Based on this, we set the password-can-change bit in the faked secdesc. Modified: branches/SAMBA_3_0/source/auth/auth_sam.c branches/SAMBA_3_0/source/passdb/passdb.c branches/SAMBA_3_0/source/passdb/pdb_get_set.c branches/SAMBA_3_0/source/passdb/pdb_interface.c branches/SAMBA_3_0/source/passdb/pdb_ldap.c branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c branches/SAMBA_3_0/source/smbd/chgpasswd.c Changeset: Modified: branches/SAMBA_3_0/source/auth/auth_sam.c === --- branches/SAMBA_3_0/source/auth/auth_sam.c 2006-10-03 16:48:02 UTC (rev 19057) +++ branches/SAMBA_3_0/source/auth/auth_sam.c 2006-10-03 17:14:18 UTC (rev 19058) @@ -168,7 +168,7 @@ time_t last_set_time = pdb_get_pass_last_set_time(sampass); /* check for immediate expiry "must change at next logon" */ - if (must_change_time == 0 && last_set_time != 0) { + if (last_set_time == 0) { DEBUG(1,("sam_account_ok: Account for user '%s' password must change!.\n", pdb_get_username(sampass))); return NT_STATUS_PASSWORD_MUST_CHANGE; } Modified: branches/SAMBA_3_0/source/passdb/passdb.c === --- branches/SAMBA_3_0/source/passdb/passdb.c 2006-10-03 16:48:02 UTC (rev 19057) +++ branches/SAMBA_3_0/source/passdb/passdb.c 2006-10-03 17:14:18 UTC (rev 19058) @@ -1106,7 +1106,7 @@ logoff_time = (uint32)pdb_get_logoff_time(sampass); kickoff_time = (uint32)pdb_get_kickoff_time(sampass); bad_password_time = (uint32)pdb_get_bad_password_time(sampass); - pass_can_change_time = (uint32)pdb_get_pass_can_change_time(sampass); + pass_can_change_time = (uint32)pdb_get_pass_can_change_time_noncalc(sampass); pass_must_change_time = (uint32)pdb_get_pass_must_change_time(sampass); pass_last_set_time = (uint32)pdb_get_pass_last_set_time(sampass); Modified: branches/SAMBA_3_0/source/passdb/pdb_get_set.c === --- branches/SAMBA_3_0/source/passdb/pdb_get_set.c 2006-10-03 16:48:02 UTC (rev 19057) +++ branches/SAMBA_3_0/source/passdb/pdb_get_set.c 2006-10-03 17:14:18 UTC (rev 19058) @@ -74,15 +74,34 @@ { uint32 allow; + /* if the last set time is zero, it means the user cannot + change their password, and this time must be zero. jmcd + */ if (sampass->pass_last_set_time == 0) return (time_t) 0; + /* if the time is max, and the field has been changed, + we're trying to update this real value from the sampass + to indicate that the user cannot change their password. jmcd + */ + if (sampass->pass_can_change_time == get_time_t_max() && + pdb_get_init_flags(sampass, PDB_CANCHANGETIME) == PDB_CHANGED) + return sampass->pass_can_change_time; + if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &allow)) allow = 0; + /* in normal cases, just calculate it from policy */ return sampass->pass_last_set_time + allow; } +/* we need this for loading from the backend, so that we don't overwrite + non-changed max times, otherwise the pass_can_change checking won't work */ +time_t pdb_get_pass_can_change_time_noncalc(const struct samu *sampass) +{ + return sampass->pass_can_change_time; +} + time_t pdb_get_pass_must_change_time(const struct samu *sampass) { uint32 expire; @@ -100,6 +119,14 @@ return sampass->pass_last_set_time + expire; } +BOOL pdb_get_pass_can_change(const struct samu *sampass) +{ + if (sampass->pass_can_change_time == get_time_t_max() && + sampass->pass_last_set_time != 0) + return False; + return True; +} + uint16 pdb_get_logon_divs(const struct samu *sampass) { return sampass->logon_divs; @@ -944,43
svn commit: samba r19057 - in branches/SAMBA_3_0_23/source: passdb rpc_parse rpc_server utils
Author: jmcd Date: 2006-10-03 16:48:02 + (Tue, 03 Oct 2006) New Revision: 19057 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19057 Log: backout 18726, 18748, 18754, 18758 from 3.0.23 until further testing in SAMBA_3_0. password times go back to previous functionality, for now. Modified: branches/SAMBA_3_0_23/source/passdb/pdb_get_set.c branches/SAMBA_3_0_23/source/rpc_parse/parse_samr.c branches/SAMBA_3_0_23/source/rpc_server/srv_samr_util.c branches/SAMBA_3_0_23/source/utils/net_sam.c branches/SAMBA_3_0_23/source/utils/pdbedit.c Changeset: Modified: branches/SAMBA_3_0_23/source/passdb/pdb_get_set.c === --- branches/SAMBA_3_0_23/source/passdb/pdb_get_set.c 2006-10-03 12:21:02 UTC (rev 19056) +++ branches/SAMBA_3_0_23/source/passdb/pdb_get_set.c 2006-10-03 16:48:02 UTC (rev 19057) @@ -72,32 +72,12 @@ time_t pdb_get_pass_can_change_time(const struct samu *sampass) { - uint32 allow; - - if (sampass->pass_last_set_time == 0) - return (time_t) 0; - - if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &allow)) - allow = 0; - - return sampass->pass_last_set_time + allow; + return sampass->pass_can_change_time; } time_t pdb_get_pass_must_change_time(const struct samu *sampass) { - uint32 expire; - - if (sampass->pass_last_set_time == 0) - return (time_t) 0; - - if (sampass->acct_ctrl & ACB_PWNOEXP) - return get_time_t_max(); - - if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire) - || expire == (uint32)-1 || expire == 0) - return get_time_t_max(); - - return sampass->pass_last_set_time + expire; + return sampass->pass_must_change_time; } uint16 pdb_get_logon_divs(const struct samu *sampass) Modified: branches/SAMBA_3_0_23/source/rpc_parse/parse_samr.c === --- branches/SAMBA_3_0_23/source/rpc_parse/parse_samr.c 2006-10-03 12:21:02 UTC (rev 19056) +++ branches/SAMBA_3_0_23/source/rpc_parse/parse_samr.c 2006-10-03 16:48:02 UTC (rev 19057) @@ -6208,7 +6208,6 @@ pass_last_set_time, pass_can_change_time, pass_must_change_time; - time_t must_change_time; const char* user_name = pdb_get_username(pw); const char* full_name = pdb_get_fullname(pw); const char* home_dir = pdb_get_homedir(pw); @@ -6233,16 +6232,12 @@ } /* Create NTTIME structs */ - unix_to_nt_time (&logon_time, pdb_get_logon_time(pw)); - unix_to_nt_time (&logoff_time, pdb_get_logoff_time(pw)); + unix_to_nt_time (&logon_time, pdb_get_logon_time(pw)); + unix_to_nt_time (&logoff_time, pdb_get_logoff_time(pw)); unix_to_nt_time (&kickoff_time, pdb_get_kickoff_time(pw)); - unix_to_nt_time (&pass_last_set_time, pdb_get_pass_last_set_time(pw)); - unix_to_nt_time (&pass_can_change_time,pdb_get_pass_can_change_time(pw)); - must_change_time = pdb_get_pass_must_change_time(pw); - if (must_change_time == get_time_t_max()) - unix_to_nt_time_abs(&pass_must_change_time, must_change_time); - else - unix_to_nt_time(&pass_must_change_time, must_change_time); + unix_to_nt_time (&pass_last_set_time, pdb_get_pass_last_set_time(pw)); + unix_to_nt_time (&pass_can_change_time, pdb_get_pass_can_change_time(pw)); + unix_to_nt_time (&pass_must_change_time,pdb_get_pass_must_change_time(pw)); /* structure assignment */ usr->logon_time= logon_time; Modified: branches/SAMBA_3_0_23/source/rpc_server/srv_samr_util.c === --- branches/SAMBA_3_0_23/source/rpc_server/srv_samr_util.c 2006-10-03 12:21:02 UTC (rev 19056) +++ branches/SAMBA_3_0_23/source/rpc_server/srv_samr_util.c 2006-10-03 16:48:02 UTC (rev 19057) @@ -99,6 +99,14 @@ pdb_set_kickoff_time(to, unix_time , PDB_CHANGED); } + if (from->fields_present & ACCT_ALLOW_PWD_CHANGE) { + unix_time=nt_time_to_unix(&from->pass_can_change_time); + stored_time = pdb_get_pass_can_change_time(to); + DEBUG(10,("INFO_21 PASS_CAN_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); + if (stored_time != unix_time) + pdb_set_pass_can_change_time(to, unix_time, PDB_CHANGED); + } + if (from->fields_present & ACCT_LAST_PWD_CHANGE) { unix_ti
svn commit: samba r18758 - in branches: SAMBA_3_0/source/utils SAMBA_3_0_23/source/utils
Author: jmcd Date: 2006-09-20 23:56:07 + (Wed, 20 Sep 2006) New Revision: 18758 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=18758 Log: Update net sam to use calculated times and force change password properly. Modified: branches/SAMBA_3_0/source/utils/net_sam.c branches/SAMBA_3_0_23/source/utils/net_sam.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_sam.c === --- branches/SAMBA_3_0/source/utils/net_sam.c 2006-09-20 23:52:58 UTC (rev 18757) +++ branches/SAMBA_3_0/source/utils/net_sam.c 2006-09-20 23:56:07 UTC (rev 18758) @@ -206,23 +206,20 @@ } /* - * Set a user's time field + * Set pass last change time, based on force pass change now */ -static int net_sam_set_time(int argc, const char **argv, const char *field, - BOOL (*fn)(struct samu *, time_t, - enum pdb_value_state)) +static int net_sam_set_pwdmustchangenow(int argc, const char **argv) { struct samu *sam_acct = NULL; DOM_SID sid; enum lsa_SidType type; const char *dom, *name; NTSTATUS status; - time_t new_time; - if (argc != 2) { - d_fprintf(stderr, "usage: net sam set %s " - "[now|-MM-DD HH:MM]\n", field); + if ((argc != 2) || (!strequal(argv[1], "yes") && + !strequal(argv[1], "no"))) { + d_fprintf(stderr, "usage: net sam set pwdmustchangenow [yes|no]\n"); return -1; } @@ -238,22 +235,6 @@ return -1; } - if (strequal(argv[1], "now")) { - new_time = time(NULL); - } else { - struct tm tm; - char *end; - ZERO_STRUCT(tm); - end = strptime(argv[1], "%Y-%m-%d %H:%M", &tm); - new_time = mktime(&tm); - if ((end == NULL) || (*end != '\0') || (new_time == -1)) { - d_fprintf(stderr, "Could not parse time string %s\n", - argv[1]); - return -1; - } - } - - if ( !(sam_acct = samu_new( NULL )) ) { d_fprintf(stderr, "Internal error\n"); return -1; @@ -264,9 +245,10 @@ return -1; } - if (!fn(sam_acct, new_time, PDB_CHANGED)) { - d_fprintf(stderr, "Internal error\n"); - return -1; + if (strequal(argv[1], "yes")) { + pdb_set_pass_last_set_time(sam_acct, 0, PDB_CHANGED); + } else { + pdb_set_pass_last_set_time(sam_acct, time(NULL), PDB_CHANGED); } status = pdb_update_sam_account(sam_acct); @@ -278,22 +260,12 @@ TALLOC_FREE(sam_acct); - d_printf("Updated %s for %s\\%s to %s\n", field, dom, name, argv[1]); + d_fprintf(stderr, "Updated 'user must change password at next logon' for %s\\%s to %s\n", dom, + name, argv[1]); return 0; } -static int net_sam_set_pwdmustchange(int argc, const char **argv) -{ - return net_sam_set_time(argc, argv, "pwdmustchange", - pdb_set_pass_must_change_time); -} -static int net_sam_set_pwdcanchange(int argc, const char **argv) -{ - return net_sam_set_time(argc, argv, "pwdcanchange", - pdb_set_pass_can_change_time); -} - /* * Set a user's or a group's comment */ @@ -376,10 +348,8 @@ "Disable/Enable a user's lockout flag" }, { "pwnoexp", net_sam_set_pwnoexp, "Disable/Enable whether a user's pw does not expire" }, - { "pwdmustchange", net_sam_set_pwdmustchange, - "Set a users password must change time" }, - { "pwdcanchange", net_sam_set_pwdcanchange, - "Set a users password can change time" }, + { "pwdmustchangenow", net_sam_set_pwdmustchangenow, + "Force users password must change at next logon" }, {NULL, NULL} }; Modified: branches/SAMBA_3_0_23/source/utils/net_sam.c === --- branches/SAMBA_3_0_23/source/utils/net_sam.c2006-09-20 23:52:58 UTC (rev 18757) +++ branches/SAMBA_3_0_23/source/utils/net_sam.c2006-09-20 23:56:07 UTC (rev 18758) @@ -206,23 +206,20 @@ } /* - * Set a user's time field + * Set pass last change time, based on force pass change now */ -static int net_sam_set_time(int argc, const char
svn commit: samba r18754 - in branches: SAMBA_3_0/source/rpc_server SAMBA_3_0_23/source/rpc_server
Author: jmcd Date: 2006-09-20 23:43:56 + (Wed, 20 Sep 2006) New Revision: 18754 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=18754 Log: Get rid of some more invalid time sets Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_util.c branches/SAMBA_3_0_23/source/rpc_server/srv_samr_util.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_util.c === --- branches/SAMBA_3_0/source/rpc_server/srv_samr_util.c2006-09-20 23:42:58 UTC (rev 18753) +++ branches/SAMBA_3_0/source/rpc_server/srv_samr_util.c2006-09-20 23:43:56 UTC (rev 18754) @@ -99,14 +99,6 @@ pdb_set_kickoff_time(to, unix_time , PDB_CHANGED); } - if (from->fields_present & ACCT_ALLOW_PWD_CHANGE) { - unix_time=nt_time_to_unix(from->pass_can_change_time); - stored_time = pdb_get_pass_can_change_time(to); - DEBUG(10,("INFO_21 PASS_CAN_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); - if (stored_time != unix_time) - pdb_set_pass_can_change_time(to, unix_time, PDB_CHANGED); - } - if (from->fields_present & ACCT_LAST_PWD_CHANGE) { unix_time=nt_time_to_unix(from->pass_last_set_time); stored_time = pdb_get_pass_last_set_time(to); @@ -115,14 +107,6 @@ pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED); } - if (from->fields_present & ACCT_FORCE_PWD_CHANGE) { - unix_time=nt_time_to_unix(from->pass_must_change_time); - stored_time=pdb_get_pass_must_change_time(to); - DEBUG(10,("INFO_21 PASS_MUST_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); - if (stored_time != unix_time) - pdb_set_pass_must_change_time(to, unix_time, PDB_CHANGED); - } - if ((from->fields_present & ACCT_USERNAME) && (from->hdr_user_name.buffer)) { old_string = pdb_get_username(to); @@ -337,14 +321,6 @@ pdb_set_kickoff_time(to, unix_time , PDB_CHANGED); } - if (from->fields_present & ACCT_ALLOW_PWD_CHANGE) { - unix_time=nt_time_to_unix(from->pass_can_change_time); - stored_time = pdb_get_pass_can_change_time(to); - DEBUG(10,("INFO_23 PASS_CAN_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); - if (stored_time != unix_time) - pdb_set_pass_can_change_time(to, unix_time, PDB_CHANGED); - } - if (from->fields_present & ACCT_LAST_PWD_CHANGE) { unix_time=nt_time_to_unix(from->pass_last_set_time); stored_time = pdb_get_pass_last_set_time(to); @@ -353,14 +329,6 @@ pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED); } - if (from->fields_present & ACCT_FORCE_PWD_CHANGE) { - unix_time=nt_time_to_unix(from->pass_must_change_time); - stored_time=pdb_get_pass_must_change_time(to); - DEBUG(10,("INFO_23 PASS_MUST_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); - if (stored_time != unix_time) - pdb_set_pass_must_change_time(to, unix_time, PDB_CHANGED); - } - /* Backend should check this for sanity */ if ((from->fields_present & ACCT_USERNAME) && (from->hdr_user_name.buffer)) { @@ -565,14 +533,6 @@ pdb_set_kickoff_time(to, unix_time , PDB_CHANGED); } - if (from->fields_present & ACCT_ALLOW_PWD_CHANGE) { - unix_time=nt_time_to_unix(from->pass_can_change_time); - stored_time = pdb_get_pass_can_change_time(to); - DEBUG(10,("INFO_25 PASS_CAN_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); - if (stored_time != unix_time) - pdb_set_pass_can_change_time(to, unix_time, PDB_CHANGED); - } - if (from->fields_present & ACCT_LAST_PWD_CHANGE) { unix_time=nt_time_to_unix(from->pass_last_set_time); stored_time = pdb_get_pass_last_set_time(to); @@ -581,14 +541,6 @@ pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED); } - if (from->fields_present & ACCT_FORCE_PWD_CHANGE) { - unix_time=nt_time_to_unix(from->pass_must_change_time); - stored_time=pdb_get_pass_must_change_time(to); - DEBUG(10,("INFO_25 PAS
svn commit: samba r18748 - in branches: SAMBA_3_0/source/utils SAMBA_3_0_23/source/utils
Author: jmcd Date: 2006-09-20 22:55:44 + (Wed, 20 Sep 2006) New Revision: 18748 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=18748 Log: Eliminate set of computed time values Modified: branches/SAMBA_3_0/source/utils/pdbedit.c branches/SAMBA_3_0_23/source/utils/pdbedit.c Changeset: Modified: branches/SAMBA_3_0/source/utils/pdbedit.c === --- branches/SAMBA_3_0/source/utils/pdbedit.c 2006-09-20 22:49:02 UTC (rev 18747) +++ branches/SAMBA_3_0/source/utils/pdbedit.c 2006-09-20 22:55:44 UTC (rev 18748) @@ -407,8 +407,7 @@ const char *drive, const char *script, const char *profile, const char *account_control, const char *user_sid, const char *user_domain, - const BOOL badpw, const BOOL hours, - time_t pwd_can_change, time_t pwd_must_change) + const BOOL badpw, const BOOL hours) { BOOL updated_autolock = False, updated_badpw = False; struct samu *sam_pwent=NULL; @@ -435,14 +434,6 @@ pdb_set_hours(sam_pwent, hours_array, PDB_CHANGED); } - if (pwd_can_change != -1) { - pdb_set_pass_can_change_time(sam_pwent, pwd_can_change, PDB_CHANGED); - } - - if (pwd_must_change != -1) { - pdb_set_pass_must_change_time(sam_pwent, pwd_must_change, PDB_CHANGED); - } - if (!pdb_update_autolock_flag(sam_pwent, &updated_autolock)) { DEBUG(2,("pdb_update_autolock_flag failed.\n")); } @@ -766,8 +757,6 @@ BOOL account_policy_value_set = False; static BOOL badpw_reset = False; static BOOL hours_reset = False; - static char *pwd_can_change_time = NULL; - static char *pwd_must_change_time = NULL; static char *pwd_time_format = NULL; static BOOL pw_from_stdin = False; struct pdb_methods *bin, *bout, *bdef; @@ -802,8 +791,6 @@ {"force-initialized-passwords", 0, POPT_ARG_NONE, &force_initialised_password, 0, "Force initialization of corrupt password strings in a passdb backend", NULL}, {"bad-password-count-reset", 'z', POPT_ARG_NONE, &badpw_reset, 0, "reset bad password count", NULL}, {"logon-hours-reset", 'Z', POPT_ARG_NONE, &hours_reset, 0, "reset logon hours", NULL}, - {"pwd-can-change-time", 0, POPT_ARG_STRING, &pwd_can_change_time, 0, "Set password can change time (unix time in seconds since 1970 if time format not provided)", NULL }, - {"pwd-must-change-time", 0, POPT_ARG_STRING, &pwd_must_change_time, 0, "Set password must change time (unix time in seconds since 1970 if time format not provided)", NULL }, {"time-format", 0, POPT_ARG_STRING, &pwd_time_format, 0, "The time format for time parameters", NULL }, {"password-from-stdin", 't', POPT_ARG_NONE, &pw_from_stdin, 0, "get password from standard in", NULL}, POPT_COMMON_SAMBA @@ -866,9 +853,7 @@ (backend_in ? BIT_IMPORT : 0) + (backend_out ? BIT_EXPORT : 0) + (badpw_reset ? BIT_BADPWRESET : 0) + - (hours_reset ? BIT_LOGONHOURS : 0) + - (pwd_can_change_time ? BIT_CAN_CHANGE: 0) + - (pwd_must_change_time ? BIT_MUST_CHANGE: 0); + (hours_reset ? BIT_LOGONHOURS : 0); if (setparms & BIT_BACKEND) { if (!NT_STATUS_IS_OK(make_pdb_method_name( &bdef, backend ))) { @@ -1040,67 +1025,9 @@ /* account modification operations */ if (!(checkparms & ~(BIT_MODIFY + BIT_USER))) { - time_t pwd_can_change = -1; - time_t pwd_must_change = -1; - const char *errstr; - - if (pwd_can_change_time) { - errstr = "can"; - if (pwd_time_format) { - struct tm tm; - char *ret; - - memset(&tm, 0, sizeof(struct tm)); - ret = strptime(pwd_can_change_time, pwd_time_format, &tm); - if (ret == NULL || *ret != '\0') { - goto error; - } - - pwd_can_change = mktime(&tm); - -
svn commit: samba r18726 - in branches/SAMBA_3_0_23/source: passdb rpc_parse rpc_server
Author: jmcd Date: 2006-09-20 17:58:16 + (Wed, 20 Sep 2006) New Revision: 18726 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=18726 Log: Password time stuff from SAMBA_3_0. I'll keep them in sync next time. Modified: branches/SAMBA_3_0_23/source/passdb/pdb_get_set.c branches/SAMBA_3_0_23/source/rpc_parse/parse_samr.c branches/SAMBA_3_0_23/source/rpc_server/srv_samr_util.c Changeset: Modified: branches/SAMBA_3_0_23/source/passdb/pdb_get_set.c === --- branches/SAMBA_3_0_23/source/passdb/pdb_get_set.c 2006-09-20 17:56:50 UTC (rev 18725) +++ branches/SAMBA_3_0_23/source/passdb/pdb_get_set.c 2006-09-20 17:58:16 UTC (rev 18726) @@ -72,12 +72,32 @@ time_t pdb_get_pass_can_change_time(const struct samu *sampass) { - return sampass->pass_can_change_time; + uint32 allow; + + if (sampass->pass_last_set_time == 0) + return (time_t) 0; + + if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &allow)) + allow = 0; + + return sampass->pass_last_set_time + allow; } time_t pdb_get_pass_must_change_time(const struct samu *sampass) { - return sampass->pass_must_change_time; + uint32 expire; + + if (sampass->pass_last_set_time == 0) + return (time_t) 0; + + if (sampass->acct_ctrl & ACB_PWNOEXP) + return get_time_t_max(); + + if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire) + || expire == (uint32)-1 || expire == 0) + return get_time_t_max(); + + return sampass->pass_last_set_time + expire; } uint16 pdb_get_logon_divs(const struct samu *sampass) Modified: branches/SAMBA_3_0_23/source/rpc_parse/parse_samr.c === --- branches/SAMBA_3_0_23/source/rpc_parse/parse_samr.c 2006-09-20 17:56:50 UTC (rev 18725) +++ branches/SAMBA_3_0_23/source/rpc_parse/parse_samr.c 2006-09-20 17:58:16 UTC (rev 18726) @@ -6208,6 +6208,7 @@ pass_last_set_time, pass_can_change_time, pass_must_change_time; + time_t must_change_time; const char* user_name = pdb_get_username(pw); const char* full_name = pdb_get_fullname(pw); const char* home_dir = pdb_get_homedir(pw); @@ -6232,12 +6233,16 @@ } /* Create NTTIME structs */ - unix_to_nt_time (&logon_time, pdb_get_logon_time(pw)); - unix_to_nt_time (&logoff_time, pdb_get_logoff_time(pw)); + unix_to_nt_time (&logon_time, pdb_get_logon_time(pw)); + unix_to_nt_time (&logoff_time, pdb_get_logoff_time(pw)); unix_to_nt_time (&kickoff_time, pdb_get_kickoff_time(pw)); - unix_to_nt_time (&pass_last_set_time, pdb_get_pass_last_set_time(pw)); - unix_to_nt_time (&pass_can_change_time, pdb_get_pass_can_change_time(pw)); - unix_to_nt_time (&pass_must_change_time,pdb_get_pass_must_change_time(pw)); + unix_to_nt_time (&pass_last_set_time, pdb_get_pass_last_set_time(pw)); + unix_to_nt_time (&pass_can_change_time,pdb_get_pass_can_change_time(pw)); + must_change_time = pdb_get_pass_must_change_time(pw); + if (must_change_time == get_time_t_max()) + unix_to_nt_time_abs(&pass_must_change_time, must_change_time); + else + unix_to_nt_time(&pass_must_change_time, must_change_time); /* structure assignment */ usr->logon_time= logon_time; Modified: branches/SAMBA_3_0_23/source/rpc_server/srv_samr_util.c === --- branches/SAMBA_3_0_23/source/rpc_server/srv_samr_util.c 2006-09-20 17:56:50 UTC (rev 18725) +++ branches/SAMBA_3_0_23/source/rpc_server/srv_samr_util.c 2006-09-20 17:58:16 UTC (rev 18726) @@ -284,26 +284,16 @@ } } - DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange)); - if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) { - pdb_set_pass_must_change_time(to,0, PDB_CHANGED); - } else { - uint32 expire; - time_t new_time; - if (pdb_get_pass_must_change_time(to) == 0) { - if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire) - || expire == (uint32)-1) { - new_time = get_time_t_max(); - } else { - time_t old_time = pdb_get_pass_last_set_time(to); - new_time = old_time + expire; -
svn commit: samba r18724 - in branches/SAMBA_3_0/source/rpc_server: .
Author: jmcd Date: 2006-09-20 17:37:20 + (Wed, 20 Sep 2006) New Revision: 18724 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=18724 Log: Fixup time(0) -> time(NULL) Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_util.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_util.c === --- branches/SAMBA_3_0/source/rpc_server/srv_samr_util.c2006-09-20 17:29:34 UTC (rev 18723) +++ branches/SAMBA_3_0/source/rpc_server/srv_samr_util.c2006-09-20 17:37:20 UTC (rev 18724) @@ -292,7 +292,7 @@ if (from->passmustchange == PASS_MUST_CHANGE_AT_NEXT_LOGON) { pdb_set_pass_last_set_time(to, 0, PDB_CHANGED); } else { - pdb_set_pass_last_set_time(to, time(0), PDB_CHANGED); + pdb_set_pass_last_set_time(to, time(NULL),PDB_CHANGED); } } @@ -521,7 +521,7 @@ if (from->passmustchange == PASS_MUST_CHANGE_AT_NEXT_LOGON) { pdb_set_pass_last_set_time(to, 0, PDB_CHANGED); } else { - pdb_set_pass_last_set_time(to, time(0), PDB_CHANGED); + pdb_set_pass_last_set_time(to, time(NULL),PDB_CHANGED); } }
svn commit: samba r18722 - in branches/SAMBA_3_0/source: passdb rpc_parse rpc_server
Author: jmcd Date: 2006-09-20 17:25:46 + (Wed, 20 Sep 2006) New Revision: 18722 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=18722 Log: Fix up password change times. The can change and must change times are calculated based on the last change time, policies, and acb flags. Next step will be to not bother storing them. Right now I'm just trying to get them reported correctly. Modified: branches/SAMBA_3_0/source/passdb/pdb_get_set.c branches/SAMBA_3_0/source/rpc_parse/parse_samr.c branches/SAMBA_3_0/source/rpc_server/srv_samr_util.c Changeset: Modified: branches/SAMBA_3_0/source/passdb/pdb_get_set.c === --- branches/SAMBA_3_0/source/passdb/pdb_get_set.c 2006-09-20 17:19:05 UTC (rev 18721) +++ branches/SAMBA_3_0/source/passdb/pdb_get_set.c 2006-09-20 17:25:46 UTC (rev 18722) @@ -72,12 +72,32 @@ time_t pdb_get_pass_can_change_time(const struct samu *sampass) { - return sampass->pass_can_change_time; + uint32 allow; + + if (sampass->pass_last_set_time == 0) + return (time_t) 0; + + if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &allow)) + allow = 0; + + return sampass->pass_last_set_time + allow; } time_t pdb_get_pass_must_change_time(const struct samu *sampass) { - return sampass->pass_must_change_time; + uint32 expire; + + if (sampass->pass_last_set_time == 0) + return (time_t) 0; + + if (sampass->acct_ctrl & ACB_PWNOEXP) + return get_time_t_max(); + + if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire) + || expire == (uint32)-1 || expire == 0) + return get_time_t_max(); + + return sampass->pass_last_set_time + expire; } uint16 pdb_get_logon_divs(const struct samu *sampass) Modified: branches/SAMBA_3_0/source/rpc_parse/parse_samr.c === --- branches/SAMBA_3_0/source/rpc_parse/parse_samr.c2006-09-20 17:19:05 UTC (rev 18721) +++ branches/SAMBA_3_0/source/rpc_parse/parse_samr.c2006-09-20 17:25:46 UTC (rev 18722) @@ -6270,6 +6270,7 @@ pass_last_set_time, pass_can_change_time, pass_must_change_time; + time_t must_change_time; const char* user_name = pdb_get_username(pw); const char* full_name = pdb_get_fullname(pw); const char* home_dir = pdb_get_homedir(pw); @@ -6294,12 +6295,16 @@ } /* Create NTTIME structs */ - unix_to_nt_time (&logon_time, pdb_get_logon_time(pw)); - unix_to_nt_time (&logoff_time, pdb_get_logoff_time(pw)); + unix_to_nt_time (&logon_time, pdb_get_logon_time(pw)); + unix_to_nt_time (&logoff_time, pdb_get_logoff_time(pw)); unix_to_nt_time (&kickoff_time, pdb_get_kickoff_time(pw)); - unix_to_nt_time (&pass_last_set_time, pdb_get_pass_last_set_time(pw)); - unix_to_nt_time (&pass_can_change_time, pdb_get_pass_can_change_time(pw)); - unix_to_nt_time (&pass_must_change_time,pdb_get_pass_must_change_time(pw)); + unix_to_nt_time (&pass_last_set_time, pdb_get_pass_last_set_time(pw)); + unix_to_nt_time (&pass_can_change_time,pdb_get_pass_can_change_time(pw)); + must_change_time = pdb_get_pass_must_change_time(pw); + if (must_change_time == get_time_t_max()) + unix_to_nt_time_abs(&pass_must_change_time, must_change_time); + else + unix_to_nt_time(&pass_must_change_time, must_change_time); /* structure assignment */ usr->logon_time= logon_time; Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_util.c === --- branches/SAMBA_3_0/source/rpc_server/srv_samr_util.c2006-09-20 17:19:05 UTC (rev 18721) +++ branches/SAMBA_3_0/source/rpc_server/srv_samr_util.c2006-09-20 17:25:46 UTC (rev 18722) @@ -283,26 +283,16 @@ } } - DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange)); - if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) { - pdb_set_pass_must_change_time(to,0, PDB_CHANGED); - } else { - uint32 expire; - time_t new_time; - if (pdb_get_pass_must_change_time(to) == 0) { - if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire) - || expire == (uint32)-1) { - new_time = get_time_t_max(); - } else { - time_t old_time = pdb_get_pas
svn commit: samba r18702 - in branches/SAMBA_3_0/source/rpcclient: .
Author: jmcd Date: 2006-09-20 00:02:51 + (Wed, 20 Sep 2006) New Revision: 18702 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=18702 Log: re-enable non-decimal specification of rid Modified: branches/SAMBA_3_0/source/rpcclient/cmd_samr.c Changeset: Modified: branches/SAMBA_3_0/source/rpcclient/cmd_samr.c === --- branches/SAMBA_3_0/source/rpcclient/cmd_samr.c 2006-09-19 23:45:43 UTC (rev 18701) +++ branches/SAMBA_3_0/source/rpcclient/cmd_samr.c 2006-09-20 00:02:51 UTC (rev 18702) @@ -342,14 +342,14 @@ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS; SAM_USERINFO_CTR *user_ctr; fstring server; - uint32 user_rid; + uint32 user_rid = 0; if ((argc < 2) || (argc > 4)) { printf("Usage: %s rid [info level] [access mask] \n", argv[0]); return NT_STATUS_OK; } - user_rid = strtoul(argv[1], NULL, 10); + sscanf(argv[1], "%i", &user_rid); if (argc > 2) sscanf(argv[2], "%i", &info_level);
svn commit: samba r18660 - in branches/SAMBA_3_0/source/nmbd: .
Author: jmcd Date: 2006-09-19 00:39:21 + (Tue, 19 Sep 2006) New Revision: 18660 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=18660 Log: Fix build, one uuid->GUID was missed. Modified: branches/SAMBA_3_0/source/nmbd/nmbd_processlogon.c Changeset: Modified: branches/SAMBA_3_0/source/nmbd/nmbd_processlogon.c === --- branches/SAMBA_3_0/source/nmbd/nmbd_processlogon.c 2006-09-19 00:29:41 UTC (rev 18659) +++ branches/SAMBA_3_0/source/nmbd/nmbd_processlogon.c 2006-09-19 00:39:21 UTC (rev 18660) @@ -382,7 +382,7 @@ } #ifdef HAVE_ADS else { - struct uuid domain_guid; + struct GUID domain_guid; UUID_FLAT flat_guid; pstring domain; pstring hostname;
svn commit: samba r18263 - in branches/tmp/vl-messaging/source: include lib
Author: jmcd Date: 2006-09-08 13:00:48 + (Fri, 08 Sep 2006) New Revision: 18263 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=18263 Log: >From Aleksey Fedoseev: Add database traverse for lockd-based locking, allowing locks to be seen in smbstatus. Modified: branches/tmp/vl-messaging/source/include/messages.h branches/tmp/vl-messaging/source/lib/dbwrap_msg.c branches/tmp/vl-messaging/source/lib/messages.c Changeset: Modified: branches/tmp/vl-messaging/source/include/messages.h === --- branches/tmp/vl-messaging/source/include/messages.h 2006-09-08 12:48:51 UTC (rev 18262) +++ branches/tmp/vl-messaging/source/include/messages.h 2006-09-08 13:00:48 UTC (rev 18263) @@ -88,6 +88,7 @@ #define MSG_DB_STORE5005 #define MSG_DB_DELETE 5006 #define MSG_DB_REINIT 5007 +#define MSG_DB_TRAVERSE5008 /* Flags to classify messages - used in message_send_all() */ /* Sender will filter by flag. */ Modified: branches/tmp/vl-messaging/source/lib/dbwrap_msg.c === --- branches/tmp/vl-messaging/source/lib/dbwrap_msg.c 2006-09-08 12:48:51 UTC (rev 18262) +++ branches/tmp/vl-messaging/source/lib/dbwrap_msg.c 2006-09-08 13:00:48 UTC (rev 18263) @@ -445,13 +445,59 @@ return 0; } +static void handle_traverse_return(int msg_type, struct process_id pid, + void *buf, size_t len); + static int db_msg_traverse(struct db_context *db, int (*fn)(TDB_DATA key, TDB_DATA value, void *private_data), void *private_data) { - /* TODO... but traverse will be VERY expensive */ - return -1; + struct db_msg_ctx *ctx = talloc_get_type_abort(db->private_data, + struct db_msg_ctx); + TDB_DATA null_data; + TDB_DATA buf; + static BOOL traverse_msg_reg = False; + int count = 0; + + null_data.dsize = 0; + null_data.dptr = NULL; + buf = msg_pack_data(ctx, ctx->db_index, null_data); + + if(buf.dptr == NULL) { + return -1; + } + + if(!traverse_msg_reg) { + message_register(MSG_DB_TRAVERSE, handle_traverse_return); + traverse_msg_reg = True; + } + + message_send_pid(ctx->lockd, MSG_DB_TRAVERSE, +buf.dptr, buf.dsize, False); + + TALLOC_FREE(buf.dptr); + + SMB_ASSERT(ctx->record == NULL); + + wait_for_return(ctx); + + while(ctx->record != NULL) { + count++; + + if(fn && fn(ctx->record->key, ctx->record->value, private_data)) { + /* break the traversal */ + TALLOC_FREE(ctx->record); + message_deregister(MSG_DB_TRAVERSE); + traverse_msg_reg = False; + break; + } + + TALLOC_FREE(ctx->record); + wait_for_return(ctx); + } + + return count; } static BOOL db_msg_reinit(struct db_context *db) @@ -584,6 +630,70 @@ ctx->record = result; } +static void handle_traverse_return(int msg_type, struct process_id pid, + void *buf, size_t len) +{ + struct db_record *result; + struct db_msg_ctx *ctx = ctx_list; + uint8_t idx; + TDB_DATA key, value; + + DEBUG(10, ("msg_traverse received with len %d\n", len)); + + if(!msg_unpack_double_data((const char *)buf, len, NULL, &idx, &key, &value)) { + DEBUG(2, ("Unpacking error\n")); + return ; + } + + while(ctx) { + if(ctx->db_index == idx) break; + ctx = ctx->next; + } + + if(ctx == NULL) { + DEBUG(2, ("Bad database index %d\n", idx)); + return ; + } + + ctx->received = True; + ctx->record = NULL; + + if(key.dsize > 0) { + result = TALLOC_ZERO_P(ctx, struct db_record); + if (result == NULL) { + DEBUG(0, ("talloc failed\n")); + return ; + } + + result->key.dsize = key.dsize; + result->key.dptr = (char *)talloc_memdup( + result, key.dptr, key.dsize); + + TALLOC_FREE(key.dptr); + + if (result->key.dptr == NULL) { + DEBUG(0, ("talloc failed\n")); + TALLOC_FREE(result); + TALLOC_FREE(value.dp
svn commit: samba r18180 - in branches/tmp/vl-messaging/source: include lib torture
Author: jmcd Date: 2006-09-06 14:50:52 + (Wed, 06 Sep 2006) New Revision: 18180 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=18180 Log: >From Aleksey Fedoseev, The patch consists of several modifications: 1) added preallocation of incoming stream buffer (minus 1 malloc/free per incoming message) 2) corrected program exit (cleaning up communication buffer / closing dispatcher's sockets) 3) added message size test Modified: branches/tmp/vl-messaging/source/include/messages.h branches/tmp/vl-messaging/source/lib/messages_socket.c branches/tmp/vl-messaging/source/lib/messages_stream.c branches/tmp/vl-messaging/source/torture/msgtest.c Changeset: Modified: branches/tmp/vl-messaging/source/include/messages.h === --- branches/tmp/vl-messaging/source/include/messages.h 2006-09-06 14:29:57 UTC (rev 18179) +++ branches/tmp/vl-messaging/source/include/messages.h 2006-09-06 14:50:52 UTC (rev 18180) @@ -125,6 +125,7 @@ struct message_list *prev, *next; struct message_rec *msg; size_t processed; /* number of read/written bytes */ + size_t allocated; /* number of allocated bytes */ }; #endif Modified: branches/tmp/vl-messaging/source/lib/messages_socket.c === --- branches/tmp/vl-messaging/source/lib/messages_socket.c 2006-09-06 14:29:57 UTC (rev 18179) +++ branches/tmp/vl-messaging/source/lib/messages_socket.c 2006-09-06 14:50:52 UTC (rev 18180) @@ -101,9 +101,7 @@ cleanup_messages(wait_send); if (socket_fd >= 0) { - if (mtype == MESSAGING_TYPE_STREAM) { - shutdown_stream_sockets(); - } + shutdown_stream_sockets(); close(socket_fd); socket_fd = -1; } Modified: branches/tmp/vl-messaging/source/lib/messages_stream.c === --- branches/tmp/vl-messaging/source/lib/messages_stream.c 2006-09-06 14:29:57 UTC (rev 18179) +++ branches/tmp/vl-messaging/source/lib/messages_stream.c 2006-09-06 14:50:52 UTC (rev 18180) @@ -70,7 +70,7 @@ }; static struct messaging_client *clients_cache = NULL; -static struct message_list *tcp_incoming = NULL; +static struct message_list *disp_incoming = NULL; static int dispatcher_pipe = -1; /* approximate maximum number of connected clients in the list */ @@ -80,6 +80,8 @@ #define MESSAGING_DISPATCHER_SOCKET"dispatcher" #define MESSAGING_DISPATCHER_LOCKFILE "dispatcher.pid" +#define INITIAL_CONTAINER_SIZE 64 + static const char *dispatch_path(void) { static char *name = NULL; @@ -97,6 +99,56 @@ } / + Allocate/reallocate message container +/ + +struct message_list *allocate_container(TALLOC_CTX *mem_ctx, + struct message_list *cnt, + size_t needsize) +{ + uint8_t *buffer; + size_t size = INITIAL_CONTAINER_SIZE; + + while(size < needsize) size *= 2; + + if(cnt == NULL) { + cnt = TALLOC_ZERO_P(mem_ctx, struct message_list); + if(cnt == NULL) { + DEBUG(0, ("talloc failed\n")); + return NULL; + } + buffer = TALLOC_ARRAY(cnt, uint8_t, size); + if(buffer == NULL) { + DEBUG(0, ("talloc failed\n")); + TALLOC_FREE(cnt); + return NULL; + } + } else { + + SMB_ASSERT(size > cnt->allocated); + + buffer = TALLOC_REALLOC_ARRAY(cnt, cnt->msg, uint8_t, size); + if(buffer == NULL) { + DEBUG(0, ("realloc failed\n")); + TALLOC_FREE(cnt->msg); + /* try to allocate with talloc */ + buffer = TALLOC_ARRAY(cnt, uint8_t, size); + if(buffer == NULL) { + DEBUG(0, ("talloc failed\n")); + TALLOC_FREE(cnt); + return NULL; + } + } + } + + cnt->msg = (struct message_rec*)buffer; + cnt->processed = (size_t)-1; + cnt->allocated = size; + + return cnt; +} + +/ Client's queue helper functions / @@ -145,7 +197,8 @@ for (client =
svn commit: samba r17179 - in branches/SAMBA_3_0/source: . include lib modules smbd
Author: jmcd Date: 2006-07-21 15:51:34 + (Fri, 21 Jul 2006) New Revision: 17179 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17179 Log: Merge the vl-posixacls tmp branch into mainline. It modularizes our interface into the special posix API used on the system. Without this patch the specific API flavor is determined at compile time, something which severely limits usability on systems with more than one file system. Our first targets are AIX with its JFS and JFS2 APIs, at a later stage also GPFS. But it's certainly not limited to IBM stuff, this abstraction is also necessary for anything that copes with NFSv4 ACLs. For this we will check in handling very soon. Major contributions can be found in the copyright notices as well as the checkin log of the vl-posixacls branch. The final merge to 3_0 post-3.0.23 was done by Peter Somogyi <[EMAIL PROTECTED]> Added: branches/SAMBA_3_0/source/modules/vfs_aixacl.c branches/SAMBA_3_0/source/modules/vfs_aixacl_util.c branches/SAMBA_3_0/source/modules/vfs_hpuxacl.c branches/SAMBA_3_0/source/modules/vfs_irixacl.c branches/SAMBA_3_0/source/modules/vfs_posixacl.c branches/SAMBA_3_0/source/modules/vfs_solarisacl.c branches/SAMBA_3_0/source/modules/vfs_tru64acl.c Modified: branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/configure.in branches/SAMBA_3_0/source/include/smb_acls.h branches/SAMBA_3_0/source/lib/sysacls.c branches/SAMBA_3_0/source/modules/vfs_default.c branches/SAMBA_3_0/source/smbd/posix_acls.c Changeset: Sorry, the patch is too large (6110 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17179
svn commit: samba r17154 - in branches/tmp/vl-messaging/source/lib: .
Author: jmcd Date: 2006-07-20 09:37:44 + (Thu, 20 Jul 2006) New Revision: 17154 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17154 Log: >From Aleksey Fedoseev: - add some more debug - correct the unpacking functions - one shared database can be used now by multiple processes - refactor & clean database messages processing as a result: now smbd with locking via lockd passes tests on a single node server. Modified: branches/tmp/vl-messaging/source/lib/dbwrap_msg.c Changeset: Sorry, the patch is too large (885 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17154
svn commit: samba r17137 - in branches/tmp/vl-messaging/source: include lib locking printing smbd
Author: jmcd Date: 2006-07-19 15:59:52 + (Wed, 19 Jul 2006) New Revision: 17137 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17137 Log: reinitialize messaging code after a fork. from Alexksey Fedoseev. Modified: branches/tmp/vl-messaging/source/include/dbwrap.h branches/tmp/vl-messaging/source/include/messages.h branches/tmp/vl-messaging/source/lib/dbwrap_file.c branches/tmp/vl-messaging/source/lib/dbwrap_msg.c branches/tmp/vl-messaging/source/lib/dbwrap_tdb.c branches/tmp/vl-messaging/source/locking/brlock.c branches/tmp/vl-messaging/source/locking/locking.c branches/tmp/vl-messaging/source/printing/printing.c branches/tmp/vl-messaging/source/smbd/server.c Changeset: Modified: branches/tmp/vl-messaging/source/include/dbwrap.h === --- branches/tmp/vl-messaging/source/include/dbwrap.h 2006-07-19 15:05:06 UTC (rev 17136) +++ branches/tmp/vl-messaging/source/include/dbwrap.h 2006-07-19 15:59:52 UTC (rev 17137) @@ -36,6 +36,7 @@ int (*f)(TDB_DATA key, TDB_DATA data, void *private_data), void *private_data); + BOOL (*reinit)(struct db_context *db); void *private_data; }; Modified: branches/tmp/vl-messaging/source/include/messages.h === --- branches/tmp/vl-messaging/source/include/messages.h 2006-07-19 15:05:06 UTC (rev 17136) +++ branches/tmp/vl-messaging/source/include/messages.h 2006-07-19 15:59:52 UTC (rev 17137) @@ -87,6 +87,7 @@ #define MSG_DB_UNLOCK 5004 #define MSG_DB_STORE5005 #define MSG_DB_DELETE 5006 +#define MSG_DB_REINIT 5007 /* Flags to classify messages - used in message_send_all() */ /* Sender will filter by flag. */ Modified: branches/tmp/vl-messaging/source/lib/dbwrap_file.c === --- branches/tmp/vl-messaging/source/lib/dbwrap_file.c 2006-07-19 15:05:06 UTC (rev 17136) +++ branches/tmp/vl-messaging/source/lib/dbwrap_file.c 2006-07-19 15:59:52 UTC (rev 17137) @@ -352,6 +352,12 @@ return count; } +static BOOL db_file_reinit(struct db_context *db) +{ +/* Don't need any reinitialization */ +return True; +} + struct db_context *db_open_file(TALLOC_CTX *mem_ctx, const char *name, int hash_size, int tdb_flags, int open_flags, mode_t mode) @@ -373,6 +379,7 @@ result->private_data = ctx; result->fetch_locked = db_file_fetch_locked; result->traverse = db_file_traverse; + result->reinit = db_file_reinit; ctx->locked_record = NULL; if (!(ctx->dirname = talloc_strdup(ctx, name))) { Modified: branches/tmp/vl-messaging/source/lib/dbwrap_msg.c === --- branches/tmp/vl-messaging/source/lib/dbwrap_msg.c 2006-07-19 15:05:06 UTC (rev 17136) +++ branches/tmp/vl-messaging/source/lib/dbwrap_msg.c 2006-07-19 15:59:52 UTC (rev 17137) @@ -392,6 +392,26 @@ return -1; } +static BOOL db_msg_reinit(struct db_context *db) +{ + struct db_msg_ctx *ctx = talloc_get_type_abort(db->private_data, + struct db_msg_ctx); + + TDB_DATA null_data; + TDB_DATA buf; + + null_data.dsize = 0; + null_data.dptr = NULL; + buf = msg_pack_data(ctx, ctx->db_index, null_data); + + if(buf.dptr != NULL) { + message_send_pid(ctx->lockd, MSG_DB_REINIT, +buf.dptr, buf.dsize, False); + } + + return True; +} + static int db_msg_ctx_destr(void *p) { struct db_msg_ctx *ctx = talloc_get_type_abort(p, struct db_msg_ctx); @@ -545,6 +565,7 @@ talloc_set_destructor(db_msg, db_msg_ctx_destr); result->fetch_locked = db_msg_fetch_locked; result->traverse = db_msg_traverse; + result->reinit = db_msg_reinit; return result; Modified: branches/tmp/vl-messaging/source/lib/dbwrap_tdb.c === --- branches/tmp/vl-messaging/source/lib/dbwrap_tdb.c 2006-07-19 15:05:06 UTC (rev 17136) +++ branches/tmp/vl-messaging/source/lib/dbwrap_tdb.c 2006-07-19 15:59:52 UTC (rev 17137) @@ -154,6 +154,12 @@ return tdb_traverse(db_ctx->tdb, db_tdb_traverse_func, &ctx); } +static BOOL db_tdb_reinit(struct db_context *db) +{ +/* We don't need a reinitialization due to tdb_reopen_all */ +return True; +} + static int db_tdb_ctx_destr(void *p) { struct db_tdb_ctx *ctx = @@ -196,6 +202,7 @@ talloc_set_destructor(db_tdb, db_tdb_ctx_destr); result-
svn commit: samba r17120 - in branches/tmp/vl-messaging/source/lib: .
Author: jmcd Date: 2006-07-18 17:10:33 + (Tue, 18 Jul 2006) New Revision: 17120 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17120 Log: >From Aleksey Fedoseev: Correcting two bugs: - check "is process the lock daemon" (procid_is_me compares pids, when locking daemon has process_id structure with pid == -2); - deregistering message handlers for the locking daemon implementation Hop...hop...hop... Modified: branches/tmp/vl-messaging/source/lib/messages_socket.c branches/tmp/vl-messaging/source/lib/messages_stream.c Changeset: Modified: branches/tmp/vl-messaging/source/lib/messages_socket.c === --- branches/tmp/vl-messaging/source/lib/messages_socket.c 2006-07-18 15:12:49 UTC (rev 17119) +++ branches/tmp/vl-messaging/source/lib/messages_socket.c 2006-07-18 17:10:33 UTC (rev 17120) @@ -108,7 +108,9 @@ socket_fd = -1; } - if(mtype != MESSAGING_TYPE_DISPATCHER) { + if(mtype == MESSAGING_TYPE_DISPATCHER) { + deregister_dispatcher_messages(); + } else { if (procid_is_me(&socket_pid)) { char *path = NULL; asprintf(&path, "%s/%s", lock_path("messaging"), Modified: branches/tmp/vl-messaging/source/lib/messages_stream.c === --- branches/tmp/vl-messaging/source/lib/messages_stream.c 2006-07-18 15:12:49 UTC (rev 17119) +++ branches/tmp/vl-messaging/source/lib/messages_stream.c 2006-07-18 17:10:33 UTC (rev 17120) @@ -1006,7 +1006,8 @@ #ifdef WITH_CLUSTERWIDE_MESSAGING lockd_pid.ip = *interpret_addr2(lp_locking_address()); - is_lockd = procid_is_me(&lockd_pid); + /* TODO: improve next line */ + is_lockd = (strcmp(lp_locking_address(), lp_messaging_address()) == 0); #else is_lockd = True; #endif /* WITH_CLUSTERWIDE_MESSAGING */ @@ -1067,6 +1068,18 @@ } / + Deregister locking messages +/ + +void deregister_dispatcher_messages(void) +{ + if((enum locking_type)lp_locking_type() == LOCKING_TYPE_MESSAGES) { + message_deregister(MSG_DB_INIT); + message_deregister(MSG_DB_FETCHLOCK); + } +} + +/ Fork the messaging daemon /
svn commit: samba r16564 - in branches/tmp/vl-messaging/source/lib: .
Author: jmcd Date: 2006-06-27 15:14:56 + (Tue, 27 Jun 2006) New Revision: 16564 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16564 Log: Whoops, forgot to add these two files. Added: branches/tmp/vl-messaging/source/lib/dbwrap.c branches/tmp/vl-messaging/source/lib/dbwrap_msg.c Changeset: Added: branches/tmp/vl-messaging/source/lib/dbwrap.c === --- branches/tmp/vl-messaging/source/lib/dbwrap.c 2006-06-27 14:34:31 UTC (rev 16563) +++ branches/tmp/vl-messaging/source/lib/dbwrap.c 2006-06-27 15:14:56 UTC (rev 16564) @@ -0,0 +1,43 @@ +/* + Unix SMB/CIFS implementation. + Database interface wrapper + Copyright (C) Jim McDonough <[EMAIL PROTECTED]> 2006 + + Major code contributions from Aleksey Fedoseev ([EMAIL PROTECTED]) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +struct db_context *db_open(TALLOC_CTX *mem_ctx, const char *name, + int hash_size, int tdb_flags, + int open_flags, mode_t mode) +{ + switch((enum locking_type)lp_locking_type()) { + case LOCKING_TYPE_TDB: + return db_open_tdb(mem_ctx, name, hash_size, tdb_flags, + open_flags, mode); + case LOCKING_TYPE_FILES: + return db_open_file(mem_ctx, name, hash_size, tdb_flags, + open_flags, mode); + case LOCKING_TYPE_MESSAGES: + return db_open_msg(mem_ctx, name, hash_size, tdb_flags, + open_flags, mode); + default: + DEBUG(0,("Bad locking type %d\n", lp_locking_type())); + return NULL; + } +} Added: branches/tmp/vl-messaging/source/lib/dbwrap_msg.c === --- branches/tmp/vl-messaging/source/lib/dbwrap_msg.c 2006-06-27 14:34:31 UTC (rev 16563) +++ branches/tmp/vl-messaging/source/lib/dbwrap_msg.c 2006-06-27 15:14:56 UTC (rev 16564) @@ -0,0 +1,30 @@ +/* + Unix SMB/CIFS implementation. + Database interface using messages + Copyright (C) Jim McDonough <[EMAIL PROTECTED]> 2006 + + Major code contributions from Aleksey Fedoseev ([EMAIL PROTECTED]) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +struct db_context *db_open_msg(TALLOC_CTX *mem_ctx, const char *name, + int hash_size, int tdb_flags, + int open_flags, mode_t mode) +{ + return NULL; +}
svn commit: samba r16562 - in branches/tmp/vl-messaging/source: . include lib locking param
Author: jmcd Date: 2006-06-27 14:24:25 + (Tue, 27 Jun 2006) New Revision: 16562 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16562 Log: Aleksey's changes to put in dbwrapper to later enable messaging. Modified: branches/tmp/vl-messaging/source/Makefile.in branches/tmp/vl-messaging/source/include/smb.h branches/tmp/vl-messaging/source/lib/dbwrap_file.c branches/tmp/vl-messaging/source/lib/dbwrap_tdb.c branches/tmp/vl-messaging/source/locking/brlock.c branches/tmp/vl-messaging/source/locking/locking.c branches/tmp/vl-messaging/source/param/loadparm.c Changeset: Modified: branches/tmp/vl-messaging/source/Makefile.in === --- branches/tmp/vl-messaging/source/Makefile.in2006-06-27 11:07:55 UTC (rev 16561) +++ branches/tmp/vl-messaging/source/Makefile.in2006-06-27 14:24:25 UTC (rev 16562) @@ -182,7 +182,7 @@ tdb/lock.o tdb/open.o tdb/transaction.o tdb/traverse.o TDB_OBJ = $(TDBBASE_OBJ) tdb/tdbutil.o tdb/tdbback.o \ - lib/dbwrap_tdb.o lib/dbwrap_file.o + lib/dbwrap.o lib/dbwrap_tdb.o lib/dbwrap_file.o lib/dbwrap_msg.o SMBLDAP_OBJ = @SMBLDAP@ @SMBLDAPUTIL@ Modified: branches/tmp/vl-messaging/source/include/smb.h === --- branches/tmp/vl-messaging/source/include/smb.h 2006-06-27 11:07:55 UTC (rev 16561) +++ branches/tmp/vl-messaging/source/include/smb.h 2006-06-27 14:24:25 UTC (rev 16562) @@ -713,6 +713,7 @@ BOOL initial_delete_on_close; BOOL fresh; BOOL modified; + struct db_record *record; }; /* @@ -862,6 +863,7 @@ BOOL modified; struct lock_key key; void *lock_data; + struct db_record *record; }; #define BRLOCK_FN_CAST() \ @@ -1512,6 +1514,9 @@ enum messaging_type {MESSAGING_TYPE_TDB, MESSAGING_TYPE_DGRAM, MESSAGING_TYPE_STREAM, MESSAGING_TYPE_DISPATCHER}; +/* locking types */ +enum locking_type {LOCKING_TYPE_TDB, LOCKING_TYPE_FILES, LOCKING_TYPE_MESSAGES}; + /* * Global value meaing that the smb_uid field should be * ingored (in share level security and protocol level == CORE) Modified: branches/tmp/vl-messaging/source/lib/dbwrap_file.c === --- branches/tmp/vl-messaging/source/lib/dbwrap_file.c 2006-06-27 11:07:55 UTC (rev 16561) +++ branches/tmp/vl-messaging/source/lib/dbwrap_file.c 2006-06-27 14:24:25 UTC (rev 16562) @@ -123,7 +123,10 @@ return NULL; } + become_root(); file->fd = open(file->path, O_RDWR|O_CREAT, 0644); + unbecome_root(); + if (file->fd < 0) { DEBUG(3, ("Could not open/create %s: %s\n", file->path, strerror(errno))); @@ -221,11 +224,14 @@ talloc_get_type_abort(rec->private_data, struct db_locked_file); + become_root(); if (unlink(file->path) != 0) { + unbecome_root(); DEBUG(3, ("unlink(%s) failed: %s\n", file->path, strerror(errno))); return -1; } + unbecome_root(); return 0; } Modified: branches/tmp/vl-messaging/source/lib/dbwrap_tdb.c === --- branches/tmp/vl-messaging/source/lib/dbwrap_tdb.c 2006-06-27 11:07:55 UTC (rev 16561) +++ branches/tmp/vl-messaging/source/lib/dbwrap_tdb.c 2006-06-27 14:24:25 UTC (rev 16562) @@ -165,7 +165,7 @@ return 0; } -struct db_context *db_open(TALLOC_CTX *mem_ctx, const char *name, +struct db_context *db_open_tdb(TALLOC_CTX *mem_ctx, const char *name, int hash_size, int tdb_flags, int open_flags, mode_t mode) { Modified: branches/tmp/vl-messaging/source/locking/brlock.c === --- branches/tmp/vl-messaging/source/locking/brlock.c 2006-06-27 11:07:55 UTC (rev 16561) +++ branches/tmp/vl-messaging/source/locking/brlock.c 2006-06-27 14:24:25 UTC (rev 16562) @@ -57,7 +57,7 @@ /* The open brlock.tdb database. */ -static TDB_CONTEXT *tdb; +static struct db_context *brlock_db; / Debug info at level 10 for lock struct. @@ -267,14 +267,14 @@ void brl_init(int read_only) { - if (tdb) { + if (brlock_db) { return; } - tdb = tdb_open_log(lock_path("brlock.tdb"), - lp_open_files_db_hash_size(), - TDB_DEFAULT|(read_only?0x0:TDB_CLEAR_IF_FIRST), - read_only?O_RDONLY:(O_RDWR|O_CREAT), 0644 ); -
svn commit: samba r16081 - in branches/tmp/vl-messaging/source: . include lib nmbd nsswitch param printing
Author: jmcd Date: 2006-06-07 14:45:07 + (Wed, 07 Jun 2006) New Revision: 16081 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16081 Log: Work from Aleksey Fedoseev to add separate messaging types Added: branches/tmp/vl-messaging/source/lib/messages_dgram.c branches/tmp/vl-messaging/source/lib/messages_socket.c branches/tmp/vl-messaging/source/lib/messages_stream.c branches/tmp/vl-messaging/source/lib/messages_tdb.c Modified: branches/tmp/vl-messaging/source/Makefile.in branches/tmp/vl-messaging/source/configure.in branches/tmp/vl-messaging/source/include/messages.h branches/tmp/vl-messaging/source/include/smb.h branches/tmp/vl-messaging/source/lib/messages.c branches/tmp/vl-messaging/source/lib/util.c branches/tmp/vl-messaging/source/lib/util_sock.c branches/tmp/vl-messaging/source/nmbd/nmbd.c branches/tmp/vl-messaging/source/nmbd/nmbd_packets.c branches/tmp/vl-messaging/source/nsswitch/winbindd.c branches/tmp/vl-messaging/source/nsswitch/winbindd_dual.c branches/tmp/vl-messaging/source/param/loadparm.c branches/tmp/vl-messaging/source/printing/printing.c Changeset: Sorry, the patch is too large (2529 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16081
svn commit: samba r16047 - branches/SAMBA_3_0/source/lib trunk/source/lib
Author: jmcd Date: 2006-06-05 16:59:10 + (Mon, 05 Jun 2006) New Revision: 16047 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16047 Log: Remove unnecessary line, as this value is set in either branch of the 'if' below. Spotted by Aleksey Fedoseev. Modified: branches/SAMBA_3_0/source/lib/time.c trunk/source/lib/time.c Changeset: Modified: branches/SAMBA_3_0/source/lib/time.c === --- branches/SAMBA_3_0/source/lib/time.c2006-06-05 13:00:24 UTC (rev 16046) +++ branches/SAMBA_3_0/source/lib/time.c2006-06-05 16:59:10 UTC (rev 16047) @@ -153,7 +153,6 @@ GetTimeOfDay(&time_now_hires); ret_time->tv_sec = time_now_hires.tv_sec - start_time_hires.tv_sec; - ret_time->tv_usec = time_now_hires.tv_usec - start_time_hires.tv_usec; if (time_now_hires.tv_usec < start_time_hires.tv_usec) { ret_time->tv_sec -= 1; ret_time->tv_usec = 100 + (time_now_hires.tv_usec - start_time_hires.tv_usec); Modified: trunk/source/lib/time.c === --- trunk/source/lib/time.c 2006-06-05 13:00:24 UTC (rev 16046) +++ trunk/source/lib/time.c 2006-06-05 16:59:10 UTC (rev 16047) @@ -153,7 +153,6 @@ GetTimeOfDay(&time_now_hires); ret_time->tv_sec = time_now_hires.tv_sec - start_time_hires.tv_sec; - ret_time->tv_usec = time_now_hires.tv_usec - start_time_hires.tv_usec; if (time_now_hires.tv_usec < start_time_hires.tv_usec) { ret_time->tv_sec -= 1; ret_time->tv_usec = 100 + (time_now_hires.tv_usec - start_time_hires.tv_usec);
svn commit: samba r15883 - in branches/SAMBA_4_0/source/kdc: .
Author: jmcd Date: 2006-05-25 15:12:23 + (Thu, 25 May 2006) New Revision: 15883 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15883 Log: Make sure timegm() prototype is available (on systems where we've had to replace it) Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c Changeset: Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c === --- branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2006-05-25 13:23:24 UTC (rev 15882) +++ branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2006-05-25 15:12:23 UTC (rev 15883) @@ -33,6 +33,7 @@ */ #include "includes.h" +#include "system/time.h" #include "kdc.h" #include "ads.h" #include "hdb.h"
svn commit: samba r15874 - in trunk/source/script/tests: .
Author: jmcd Date: 2006-05-24 20:20:28 + (Wed, 24 May 2006) New Revision: 15874 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15874 Log: merge make test fixes for aix/ksh Modified: trunk/source/script/tests/test_functions.sh Changeset: Modified: trunk/source/script/tests/test_functions.sh === --- trunk/source/script/tests/test_functions.sh 2006-05-24 20:06:06 UTC (rev 15873) +++ trunk/source/script/tests/test_functions.sh 2006-05-24 20:20:28 UTC (rev 15874) @@ -19,8 +19,8 @@ samba3_check_or_start() { if [ -n "$SERVER_TEST_FIFO" ];then - trap samba3_stop_sig_kill SIGINT SIGQUIT - trap samba3_stop_sig_kill SIGTERM + trap samba3_stop_sig_kill INT QUIT + trap samba3_stop_sig_kill TERM if [ -p "$SERVER_TEST_FIFO" ];then return 0; @@ -40,7 +40,7 @@ rm -f $NMBD_TEST_LOG echo -n "STARTING NMBD..." (( - if [ -z "$NMBD_MAXTIME" ]; then + if ! test -n "$NMBD_MAXTIME"; then NMBD_MAXTIME=2700 fi timelimit $NMBD_MAXTIME $NMBD_VALGRIND $SRCDIR/bin/nmbd -F -S --no-process-group -d0 -s $SERVERCONFFILE > $NMBD_TEST_LOG 2>&1 & @@ -69,7 +69,7 @@ rm -f $SMBD_TEST_LOG echo -n "STARTING SMBD..." (( - if [ -z "$SMBD_MAXTIME" ]; then + if ! test -n "$SMBD_MAXTIME"; then SMBD_MAXTIME=2700 fi timelimit $SMBD_MAXTIME $SMBD_VALGRIND $SRCDIR/bin/smbd -F -S --no-process-group -d0 -s $SERVERCONFFILE > $SMBD_TEST_LOG 2>&1 &
svn commit: samba r15873 - in branches/SAMBA_3_0/source/script/tests: .
Author: jmcd Date: 2006-05-24 20:06:06 + (Wed, 24 May 2006) New Revision: 15873 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15873 Log: Use short signal names to placate ksh trap. bash seems to accept either and even uses them on the manpage. this should now enable make test on AIX. Modified: branches/SAMBA_3_0/source/script/tests/test_functions.sh Changeset: Modified: branches/SAMBA_3_0/source/script/tests/test_functions.sh === --- branches/SAMBA_3_0/source/script/tests/test_functions.sh2006-05-24 19:07:21 UTC (rev 15872) +++ branches/SAMBA_3_0/source/script/tests/test_functions.sh2006-05-24 20:06:06 UTC (rev 15873) @@ -19,8 +19,8 @@ samba3_check_or_start() { if [ -n "$SERVER_TEST_FIFO" ];then - trap samba3_stop_sig_kill SIGINT SIGQUIT - trap samba3_stop_sig_kill SIGTERM + trap samba3_stop_sig_kill INT QUIT + trap samba3_stop_sig_kill TERM if [ -p "$SERVER_TEST_FIFO" ];then return 0;
svn commit: samba r15872 - in branches/SAMBA_3_0/source/script/tests: .
Author: jmcd Date: 2006-05-24 19:07:21 + (Wed, 24 May 2006) New Revision: 15872 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15872 Log: Take one step toward getting this working on AIX. the [-z ] stuff doesn't work there. Modified: branches/SAMBA_3_0/source/script/tests/test_functions.sh Changeset: Modified: branches/SAMBA_3_0/source/script/tests/test_functions.sh === --- branches/SAMBA_3_0/source/script/tests/test_functions.sh2006-05-24 18:23:57 UTC (rev 15871) +++ branches/SAMBA_3_0/source/script/tests/test_functions.sh2006-05-24 19:07:21 UTC (rev 15872) @@ -40,7 +40,7 @@ rm -f $NMBD_TEST_LOG echo -n "STARTING NMBD..." (( - if [ -z "$NMBD_MAXTIME" ]; then + if ! test -n "$NMBD_MAXTIME"; then NMBD_MAXTIME=2700 fi timelimit $NMBD_MAXTIME $NMBD_VALGRIND $SRCDIR/bin/nmbd -F -S --no-process-group -d0 -s $SERVERCONFFILE > $NMBD_TEST_LOG 2>&1 & @@ -69,7 +69,7 @@ rm -f $SMBD_TEST_LOG echo -n "STARTING SMBD..." (( - if [ -z "$SMBD_MAXTIME" ]; then + if ! test -n "$SMBD_MAXTIME"; then SMBD_MAXTIME=2700 fi timelimit $SMBD_MAXTIME $SMBD_VALGRIND $SRCDIR/bin/smbd -F -S --no-process-group -d0 -s $SERVERCONFFILE > $SMBD_TEST_LOG 2>&1 &
svn commit: samba r15869 - in branches/SAMBA_4_0/source/lib/charset: .
Author: jmcd Date: 2006-05-24 17:47:40 + (Wed, 24 May 2006) New Revision: 15869 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15869 Log: Fix loop var to search paths for iconv Modified: branches/SAMBA_4_0/source/lib/charset/config.m4 Changeset: Modified: branches/SAMBA_4_0/source/lib/charset/config.m4 === --- branches/SAMBA_4_0/source/lib/charset/config.m4 2006-05-24 17:21:37 UTC (rev 15868) +++ branches/SAMBA_4_0/source/lib/charset/config.m4 2006-05-24 17:47:40 UTC (rev 15869) @@ -69,7 +69,7 @@ break fi - SMB_CHECK_ICONV_DIR($withval, [ + SMB_CHECK_ICONV_DIR($i, [ ICONV_FOUND=yes; ICONV_CPPFLAGS="$CPPFLAGS" ICONV_LIBS="$LIBS"
svn commit: samba r15719 - in branches/SAMBA_4_0/source/lib/replace: .
Author: jmcd Date: 2006-05-19 18:37:35 + (Fri, 19 May 2006) New Revision: 15719 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15719 Log: Fix build on systems (AIX) that don't have vsyslog or strcasestr, with --enable-developer on. syslog() and toupper() required more includes. Someone more familiar with samba4 builds should verify this, please. Modified: branches/SAMBA_4_0/source/lib/replace/replace.c Changeset: Modified: branches/SAMBA_4_0/source/lib/replace/replace.c === --- branches/SAMBA_4_0/source/lib/replace/replace.c 2006-05-19 15:10:39 UTC (rev 15718) +++ branches/SAMBA_4_0/source/lib/replace/replace.c 2006-05-19 18:37:35 UTC (rev 15719) @@ -19,10 +19,12 @@ */ #include "includes.h" +#include "system/locale.h" #include "system/wait.h" #include "system/time.h" #include "system/network.h" #include "system/filesys.h" +#include "system/syslog.h" void replace_dummy(void); void replace_dummy(void) {}
svn commit: samba r15662 - in branches/tmp/vl-posixacls/source: . modules
Author: jmcd Date: 2006-05-17 16:14:33 + (Wed, 17 May 2006) New Revision: 15662 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15662 Log: restore aix acl functionality. Work done by Gomati Mohanan and Peter Somogyi. Added: branches/tmp/vl-posixacls/source/modules/vfs_aixacl_util.c Modified: branches/tmp/vl-posixacls/source/Makefile.in branches/tmp/vl-posixacls/source/modules/vfs_aixacl.c Changeset: Sorry, the patch is too large (795 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15662
svn commit: samba r15630 - branches/SAMBA_3_0/source branches/SAMBA_3_0/source/utils trunk/source trunk/source/utils
Author: jmcd Date: 2006-05-16 01:21:16 + (Tue, 16 May 2006) New Revision: 15630 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15630 Log: adapt smbclient fix to smbtree to enable long share names Modified: branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/utils/smbtree.c trunk/source/Makefile.in trunk/source/utils/smbtree.c Changeset: Modified: branches/SAMBA_3_0/source/Makefile.in === --- branches/SAMBA_3_0/source/Makefile.in 2006-05-16 00:37:13 UTC (rev 15629) +++ branches/SAMBA_3_0/source/Makefile.in 2006-05-16 01:21:16 UTC (rev 15630) @@ -477,7 +477,10 @@ SMBTREE_OBJ = utils/smbtree.o $(PARAM_OBJ) \ $(PROFILE_OBJ) $(LIB_NONSMBD_OBJ) $(LIBSMB_OBJ) \ -$(KRBCLIENT_OBJ) $(POPT_LIB_OBJ) $(SECRETS_OBJ) +$(KRBCLIENT_OBJ) $(POPT_LIB_OBJ) $(SECRETS_OBJ) \ + rpc_client/cli_srvsvc.o rpc_parse/parse_srv.o \ + rpc_client/cli_pipe.o rpc_parse/parse_rpc.o \ + rpc_client/cli_netlogon.o rpc_parse/parse_net.o TESTPARM_OBJ = utils/testparm.o \ $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \ Modified: branches/SAMBA_3_0/source/utils/smbtree.c === --- branches/SAMBA_3_0/source/utils/smbtree.c 2006-05-16 00:37:13 UTC (rev 15629) +++ branches/SAMBA_3_0/source/utils/smbtree.c 2006-05-16 01:21:16 UTC (rev 15630) @@ -127,6 +127,60 @@ return True; } +static BOOL get_rpc_shares(struct cli_state *cli, + void (*fn)(const char *, uint32, const char *, void *), + void *state) +{ + NTSTATUS status; + struct rpc_pipe_client *pipe_hnd; + TALLOC_CTX *mem_ctx; + ENUM_HND enum_hnd; + WERROR werr; + SRV_SHARE_INFO_CTR ctr; + int i; + + mem_ctx = talloc_new(NULL); + if (mem_ctx == NULL) { + DEBUG(0, ("talloc_new failed\n")); + return False; + } + + init_enum_hnd(&enum_hnd, 0); + + pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SRVSVC, &status); + + if (pipe_hnd == NULL) { + DEBUG(10, ("Could not connect to srvsvc pipe: %s\n", + nt_errstr(status))); + TALLOC_FREE(mem_ctx); + return False; + } + + werr = rpccli_srvsvc_net_share_enum(pipe_hnd, mem_ctx, 1, &ctr, + 0x, &enum_hnd); + + if (!W_ERROR_IS_OK(werr)) { + TALLOC_FREE(mem_ctx); + cli_rpc_pipe_close(pipe_hnd); + return False; + } + + for (i=0; iinfo_1_str.uni_netname); + comment = rpcstr_pull_unistr2_talloc( + mem_ctx, &info->info_1_str.uni_remark); + fn(name, info->info_1.type, comment, state); + } + + TALLOC_FREE(mem_ctx); + cli_rpc_pipe_close(pipe_hnd); + return True; +} + + static BOOL get_shares(char *server_name, struct user_auth_info *user_info) { struct cli_state *cli; @@ -134,6 +188,9 @@ if (!(cli = get_ipc_connect(server_name, NULL, user_info))) return False; + if (get_rpc_shares(cli, add_name, &shares)) + return True; + if (!cli_RNetShareEnum(cli, add_name, &shares)) return False; Modified: trunk/source/Makefile.in === --- trunk/source/Makefile.in2006-05-16 00:37:13 UTC (rev 15629) +++ trunk/source/Makefile.in2006-05-16 01:21:16 UTC (rev 15630) @@ -490,7 +490,10 @@ SMBTREE_OBJ = utils/smbtree.o $(PARAM_OBJ) \ $(PROFILE_OBJ) $(LIB_NONSMBD_OBJ) $(LIBSMB_OBJ) \ -$(KRBCLIENT_OBJ) $(POPT_LIB_OBJ) $(SECRETS_OBJ) +$(KRBCLIENT_OBJ) $(POPT_LIB_OBJ) $(SECRETS_OBJ) \ + rpc_client/cli_srvsvc.o rpc_parse/parse_srv.o \ + rpc_client/cli_pipe.o rpc_parse/parse_rpc.o \ + rpc_client/cli_netlogon.o rpc_parse/parse_net.o TESTPARM_OBJ = utils/testparm.o \ $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \ Modified: trunk/source/utils/smbtree.c === --- trunk/source/utils/smbtree.c2006-05-16 00:37:13 UTC (rev 15629) +++ trunk/source/utils/smbtree.c2006-05-16 01:21:16 UTC (rev 15630) @@ -127,6 +127,60 @@ return True; } +static BOOL get_rpc_shares(struct cli_state *cli, + void (*fn)(const char *, uint32, const char *, void *), + void *state) +{ + NTSTATUS status; + struct rpc_pipe_client *pipe_hnd; + TALLOC_CTX *mem_ctx; + ENUM_HND enum_hnd; + WERROR werr; + SRV_SHARE_IN
svn commit: samba r15281 - in branches/SAMBA_4_0/source/librpc/idl: .
Author: jmcd Date: 2006-04-26 14:42:47 + (Wed, 26 Apr 2006) New Revision: 15281 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15281 Log: A few updates for consistency's sake Modified: branches/SAMBA_4_0/source/librpc/idl/wkssvc.idl Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/wkssvc.idl === --- branches/SAMBA_4_0/source/librpc/idl/wkssvc.idl 2006-04-26 14:20:46 UTC (rev 15280) +++ branches/SAMBA_4_0/source/librpc/idl/wkssvc.idl 2006-04-26 14:42:47 UTC (rev 15281) @@ -292,7 +292,7 @@ WERROR WKSSVC_NETRGETJOINABLEOUS (); typedef struct { - uint8 blob[524]; + uint8 data[524]; } wkssvc_PasswordBuffer; typedef [bitmap32bit] bitmap { @@ -329,7 +329,7 @@ [in] [string,charset(UTF16),ref] uint16 *domain_name, [in] [string,charset(UTF16)] uint16 *account_name, [in] [string,charset(UTF16)] uint16 *admin_account, - [in] wkssvc_PasswordBuffer *type_30, + [in] wkssvc_PasswordBuffer *encrypted_password, [in] wkssvc_joinflags join_flags ); @@ -338,7 +338,7 @@ WERROR wkssvc_NetrUnjoinDomain2 ( [in] [unique] [string,charset(UTF16)] uint16 *server_name, [in] [unique] [string,charset(UTF16)] uint16 *account, - [in] [unique] wkssvc_PasswordBuffer *Encrypted_password, + [in] [unique] wkssvc_PasswordBuffer *encrypted_password, [in] wkssvc_joinflags unjoin_flags );
svn commit: samba r14931 - branches/SAMBA_3_0/source/libads trunk/source/libads
Author: jmcd Date: 2006-04-06 01:46:01 + (Thu, 06 Apr 2006) New Revision: 14931 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14931 Log: Fix #1374: can't join an OU with name that contains '#' I had to eliminate "\" as an OU path separator, because it is the escape char in LDAP. We still accept "/", but using the escape char is just not a good choice. Modified: branches/SAMBA_3_0/source/libads/ldap.c trunk/source/libads/ldap.c Changeset: Modified: branches/SAMBA_3_0/source/libads/ldap.c === --- branches/SAMBA_3_0/source/libads/ldap.c 2006-04-05 23:54:12 UTC (rev 14930) +++ branches/SAMBA_3_0/source/libads/ldap.c 2006-04-06 01:46:01 UTC (rev 14931) @@ -1083,7 +1083,8 @@ /** * Build an org unit string * if org unit is Computers or blank then assume a container, otherwise - * assume a \ separated list of organisational units + * assume a / separated list of organisational units. + * jmcd: '\' is now used for escapes so certain chars can be in the ou (e.g. #) * @param ads connection to ads server * @param org_unit Organizational unit * @return org unit string - caller must free @@ -1104,7 +1105,10 @@ return SMB_STRDUP("cn=Computers"); } - return ads_build_path(org_unit, "\\/", "ou=", 1); + /* jmcd: removed "\\" from the separation chars, because it is + needed as an escape for chars like '#' which are valid in an + OU name */ + return ads_build_path(org_unit, "/", "ou=", 1); } /** Modified: trunk/source/libads/ldap.c === --- trunk/source/libads/ldap.c 2006-04-05 23:54:12 UTC (rev 14930) +++ trunk/source/libads/ldap.c 2006-04-06 01:46:01 UTC (rev 14931) @@ -1083,7 +1083,8 @@ /** * Build an org unit string * if org unit is Computers or blank then assume a container, otherwise - * assume a \ separated list of organisational units + * assume a / separated list of organisational units. + * jmcd: '\' is now used for escapes so certain chars can be in the ou (e.g. #) * @param ads connection to ads server * @param org_unit Organizational unit * @return org unit string - caller must free @@ -1104,7 +1105,10 @@ return SMB_STRDUP("cn=Computers"); } - return ads_build_path(org_unit, "\\/", "ou=", 1); + /* jmcd: removed "\\" from the separation chars, because it is + needed as an escape for chars like '#' which are valid in an + OU name */ + return ads_build_path(org_unit, "/", "ou=", 1); } /**
svn commit: samba r14683 - branches/SAMBA_3_0/source/utils trunk/source/utils
Author: jmcd Date: 2006-03-23 18:35:15 + (Thu, 23 Mar 2006) New Revision: 14683 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14683 Log: Get rid of hardcoded output file. With no arg, print to stdout, otherwise append to output file specified. Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c trunk/source/utils/net_rpc_samsync.c Changeset: Sorry, the patch is too large (501 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14683
svn commit: samba r14681 - branches/SAMBA_3_0/source/utils trunk/source/utils
Author: jmcd Date: 2006-03-23 16:39:37 + (Thu, 23 Mar 2006) New Revision: 14681 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14681 Log: Get rid of hardcoded /tmp/add.ldif and /tmp/mod.ldif files. Is there a different directory the temp files should be in, or is /tmp ok? Still have to get rid of the output file hardcoding, but that is to come, because I need to cleanup stdout. Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c trunk/source/utils/net_rpc_samsync.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c === --- branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2006-03-23 15:03:52 UTC (rev 14680) +++ branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2006-03-23 16:39:37 UTC (rev 14681) @@ -1719,7 +1719,9 @@ { char *suffix; const char *builtin_sid = "S-1-5-32"; - char *ldif_file; + char *ldif_file, *add_ldif, *mod_ldif; + const char *add_template = "/tmp/add.ldif.XX"; + const char *mod_template = "/tmp/mod.ldif.XX"; fstring sid, domainname; uint32 sync_context = 0; NTSTATUS ret = NT_STATUS_OK, result; @@ -1728,7 +1730,6 @@ SAM_DELTA_HDR *hdr_deltas; SAM_DELTA_CTR *deltas; uint32 num_deltas; - const char *add_ldif = "/tmp/add.ldif", *mod_ldif = "/tmp/mod.ldif"; FILE *add_fd = NULL, *mod_fd = NULL, *ldif_fd = NULL; char sys_cmd[1024]; int num_alloced = 0, g_index = 0, a_index = 0, sys_cmd_result; @@ -1751,18 +1752,20 @@ else ldif_file = talloc_strdup(mem_ctx, "/tmp/tmp.ldif"); - if (ldif_file == NULL) { + add_ldif = talloc_strdup(mem_ctx, add_template); + mod_ldif = talloc_strdup(mem_ctx, mod_template); + if (!ldif_file || !add_ldif || !mod_ldif) { ret = NT_STATUS_NO_MEMORY; goto done; } /* Open the add and mod ldif files */ - if (!(add_fd = fopen(add_ldif, "a"))) { + if (!(add_fd = fdopen(smb_mkstemp(add_ldif),"w"))) { DEBUG(1, ("Could not open %s\n", add_ldif)); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - if (!(mod_fd = fopen(mod_ldif, "a"))) { + if (!(mod_fd = fdopen(smb_mkstemp(mod_ldif),"w"))) { DEBUG(1, ("Could not open %s\n", mod_ldif)); ret = NT_STATUS_UNSUCCESSFUL; goto done; @@ -1993,20 +1996,22 @@ goto done; } - /* Delete the temporary ldif files */ - if (unlink(add_ldif)) - d_fprintf(stderr, "unlink(%s) failed, error was (%s)\n", - add_ldif, strerror(errno)); - if (unlink(mod_ldif)) - d_fprintf(stderr, "unlink(%s) failed, error was (%s)\n", - mod_ldif, strerror(errno)); - done: - /* Close the ldif files */ + /* Close and delete the ldif files */ if (add_fd) fclose(add_fd); + if (strcmp(add_ldif, add_template) && (unlink(add_ldif))) { + DEBUG(1,("unlink(%s) failed, error was (%s)\n", +add_ldif, strerror(errno))); + } + if (mod_fd) fclose(mod_fd); + if (strcmp(mod_ldif, mod_template) && (unlink(mod_ldif))) { + DEBUG(1,("unlink(%s) failed, error was (%s)\n", +mod_ldif, strerror(errno))); + } + if (ldif_fd) fclose(ldif_fd); Modified: trunk/source/utils/net_rpc_samsync.c === --- trunk/source/utils/net_rpc_samsync.c2006-03-23 15:03:52 UTC (rev 14680) +++ trunk/source/utils/net_rpc_samsync.c2006-03-23 16:39:37 UTC (rev 14681) @@ -1719,7 +1719,9 @@ { char *suffix; const char *builtin_sid = "S-1-5-32"; - char *ldif_file; + char *ldif_file, *add_ldif, *mod_ldif; + const char *add_template = "/tmp/add.ldif.XX"; + const char *mod_template = "/tmp/mod.ldif.XX"; fstring sid, domainname; uint32 sync_context = 0; NTSTATUS ret = NT_STATUS_OK, result; @@ -1728,7 +1730,6 @@ SAM_DELTA_HDR *hdr_deltas; SAM_DELTA_CTR *deltas; uint32 num_deltas; - const char *add_ldif = "/tmp/add.ldif", *mod_ldif = "/tmp/mod.ldif"; FILE *add_fd = NULL, *mod_fd = NULL, *ldif_fd = NULL; char sys_cmd[1024]; int num_alloced = 0, g_index = 0, a_index = 0, sys_cmd_result; @@ -1751,18 +1752,20 @@ else ldif_file = talloc_strdup(mem_ctx, "/tmp/
svn commit: samba r14408 - branches/SAMBA_3_0/source/libmsrpc trunk/source/libmsrpc
Author: jmcd Date: 2006-03-15 02:31:11 + (Wed, 15 Mar 2006) New Revision: 14408 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14408 Log: More on fix for coverity #36. The previous fix would cause us to marshall a buffer based on an unknown size. Zero out the sec_desc buffer to prevent this. This is still not getting proper results for a registry security descriptor (everything gets ACCESS DENIED), but at least we aren't blowing out memory now... Modified: branches/SAMBA_3_0/source/libmsrpc/cac_winreg.c trunk/source/libmsrpc/cac_winreg.c Changeset: Modified: branches/SAMBA_3_0/source/libmsrpc/cac_winreg.c === --- branches/SAMBA_3_0/source/libmsrpc/cac_winreg.c 2006-03-15 02:16:19 UTC (rev 14407) +++ branches/SAMBA_3_0/source/libmsrpc/cac_winreg.c 2006-03-15 02:31:11 UTC (rev 14408) @@ -831,6 +831,8 @@ uint32 buf_size; SEC_DESC_BUF buf; + ZERO_STRUCT(buf); + if(!hnd) return CAC_FAILURE; Modified: trunk/source/libmsrpc/cac_winreg.c === --- trunk/source/libmsrpc/cac_winreg.c 2006-03-15 02:16:19 UTC (rev 14407) +++ trunk/source/libmsrpc/cac_winreg.c 2006-03-15 02:31:11 UTC (rev 14408) @@ -831,6 +831,8 @@ uint32 buf_size; SEC_DESC_BUF buf; + ZERO_STRUCT(buf); + if(!hnd) return CAC_FAILURE;
svn commit: samba r14320 - in trunk/source/passdb: .
Author: jmcd Date: 2006-03-13 15:04:17 + (Mon, 13 Mar 2006) New Revision: 14320 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14320 Log: Fix coverity #222: free storage before returning in error case. This error doesn't occur in 3.0. Modified: trunk/source/passdb/pdb_ldap.c Changeset: Modified: trunk/source/passdb/pdb_ldap.c === --- trunk/source/passdb/pdb_ldap.c 2006-03-13 15:03:51 UTC (rev 14319) +++ trunk/source/passdb/pdb_ldap.c 2006-03-13 15:04:17 UTC (rev 14320) @@ -335,12 +335,12 @@ filter = talloc_asprintf(mem_ctx, "(&(uid=%s)(%s))", escape_user, get_objclass_filter_static(ldap_state->schema_ver)); + SAFE_FREE(escape_user); + if (filter == NULL) { return LDAP_NO_MEMORY; } - SAFE_FREE(escape_user); - return smbldap_search_suffix(ldap_state->smbldap_state, filter, attr, result); }
svn commit: samba r14280 - branches/SAMBA_3_0/source/lib trunk/source/lib
Author: jmcd Date: 2006-03-13 01:49:01 + (Mon, 13 Mar 2006) New Revision: 14280 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14280 Log: Fix Coverity #129 and 130: check before dereferencing a pointer. This was especially silly as we checked immediately _after_ dereferencing it :-/ Modified: branches/SAMBA_3_0/source/lib/secdesc.c trunk/source/lib/secdesc.c Changeset: Modified: branches/SAMBA_3_0/source/lib/secdesc.c === --- branches/SAMBA_3_0/source/lib/secdesc.c 2006-03-13 01:42:40 UTC (rev 14279) +++ branches/SAMBA_3_0/source/lib/secdesc.c 2006-03-13 01:49:01 UTC (rev 14280) @@ -336,11 +336,11 @@ SEC_ACE *ace = 0; NTSTATUS status; - *sd_size = 0; - if (!ctx || !psd || !sid || !sd_size) return NT_STATUS_INVALID_PARAMETER; + *sd_size = 0; + status = sec_ace_add_sid(ctx, &ace, psd[0]->dacl->ace, &psd[0]->dacl->num_aces, sid, mask); if (!NT_STATUS_IS_OK(status)) @@ -388,11 +388,11 @@ SEC_ACE *ace = 0; NTSTATUS status; - *sd_size = 0; - if (!ctx || !psd[0] || !sid || !sd_size) return NT_STATUS_INVALID_PARAMETER; + *sd_size = 0; + status = sec_ace_del_sid(ctx, &ace, psd[0]->dacl->ace, &psd[0]->dacl->num_aces, sid); if (!NT_STATUS_IS_OK(status)) Modified: trunk/source/lib/secdesc.c === --- trunk/source/lib/secdesc.c 2006-03-13 01:42:40 UTC (rev 14279) +++ trunk/source/lib/secdesc.c 2006-03-13 01:49:01 UTC (rev 14280) @@ -336,11 +336,11 @@ SEC_ACE *ace = 0; NTSTATUS status; - *sd_size = 0; - if (!ctx || !psd || !sid || !sd_size) return NT_STATUS_INVALID_PARAMETER; + *sd_size = 0; + status = sec_ace_add_sid(ctx, &ace, psd[0]->dacl->ace, &psd[0]->dacl->num_aces, sid, mask); if (!NT_STATUS_IS_OK(status)) @@ -388,11 +388,11 @@ SEC_ACE *ace = 0; NTSTATUS status; - *sd_size = 0; - if (!ctx || !psd[0] || !sid || !sd_size) return NT_STATUS_INVALID_PARAMETER; + *sd_size = 0; + status = sec_ace_del_sid(ctx, &ace, psd[0]->dacl->ace, &psd[0]->dacl->num_aces, sid); if (!NT_STATUS_IS_OK(status))
svn commit: samba r14279 - branches/SAMBA_3_0/source/libsmb trunk/source/libsmb
Author: jmcd Date: 2006-03-13 01:42:40 + (Mon, 13 Mar 2006) New Revision: 14279 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14279 Log: Fix coverity #86, 87, 88, 89: Free grp_sid and owner_sid before returning. Also, only allow one group or owner. Modified: branches/SAMBA_3_0/source/libsmb/libsmbclient.c trunk/source/libsmb/libsmbclient.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/libsmbclient.c === --- branches/SAMBA_3_0/source/libsmb/libsmbclient.c 2006-03-13 01:32:30 UTC (rev 14278) +++ branches/SAMBA_3_0/source/libsmb/libsmbclient.c 2006-03-13 01:42:40 UTC (rev 14279) @@ -3922,7 +3922,7 @@ { const char *p = str; fstring tok; - SEC_DESC *ret; + SEC_DESC *ret = NULL; size_t sd_size; DOM_SID *grp_sid=NULL; DOM_SID *owner_sid=NULL; @@ -3937,49 +3937,65 @@ } if (StrnCaseCmp(tok,"OWNER:", 6) == 0) { + if (owner_sid) { + DEBUG(5, ("OWNER specified more than once!\n")); + goto done; + } owner_sid = SMB_CALLOC_ARRAY(DOM_SID, 1); if (!owner_sid || !convert_string_to_sid(ipc_cli, pol, numeric, owner_sid, tok+6)) { DEBUG(5, ("Failed to parse owner sid\n")); - return NULL; + goto done; } continue; } if (StrnCaseCmp(tok,"OWNER+:", 7) == 0) { + if (owner_sid) { + DEBUG(5, ("OWNER specified more than once!\n")); + goto done; + } owner_sid = SMB_CALLOC_ARRAY(DOM_SID, 1); if (!owner_sid || !convert_string_to_sid(ipc_cli, pol, False, owner_sid, tok+7)) { DEBUG(5, ("Failed to parse owner sid\n")); - return NULL; + goto done; } continue; } if (StrnCaseCmp(tok,"GROUP:", 6) == 0) { + if (grp_sid) { + DEBUG(5, ("GROUP specified more than once!\n")); + goto done; + } grp_sid = SMB_CALLOC_ARRAY(DOM_SID, 1); if (!grp_sid || !convert_string_to_sid(ipc_cli, pol, numeric, grp_sid, tok+6)) { DEBUG(5, ("Failed to parse group sid\n")); - return NULL; + goto done; } continue; } if (StrnCaseCmp(tok,"GROUP+:", 7) == 0) { + if (grp_sid) { + DEBUG(5, ("GROUP specified more than once!\n")); + goto done; + } grp_sid = SMB_CALLOC_ARRAY(DOM_SID, 1); if (!grp_sid || !convert_string_to_sid(ipc_cli, pol, False, grp_sid, tok+6)) { DEBUG(5, ("Failed to parse group sid\n")); - return NULL; + goto done; } continue; } @@ -3988,11 +4004,11 @@ SEC_ACE ace; if (!parse_ace(ipc_cli, pol, &ace, numeric, tok+4)) { DEBUG(5, ("Failed to parse ACL %s\n", tok)); - return NULL; + goto done; } if(!add_ace(&dacl, &ace, ctx)) { DEBUG(5, ("Failed to add ACL %s\n", tok)); - return NULL; + goto done; } continue; } @@ -4001,22 +4017,23 @@ SE
svn commit: samba r14278 - branches/SAMBA_3_0/source/utils trunk/source/utils
Author: jmcd Date: 2006-03-13 01:32:30 + (Mon, 13 Mar 2006) New Revision: 14278 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14278 Log: Remainder of fix for Coverity #79,80,81: only allow GROUP or OWNER to be specified once in an ACL, so it can be allocated a second time, overwriting the first Modified: branches/SAMBA_3_0/source/utils/smbcacls.c trunk/source/utils/smbcacls.c Changeset: Modified: branches/SAMBA_3_0/source/utils/smbcacls.c === --- branches/SAMBA_3_0/source/utils/smbcacls.c 2006-03-13 01:32:30 UTC (rev 14277) +++ branches/SAMBA_3_0/source/utils/smbcacls.c 2006-03-13 01:32:30 UTC (rev 14278) @@ -392,6 +392,10 @@ } if (strncmp(tok,"OWNER:", 6) == 0) { + if (owner_sid) { + printf("Only specify owner once\n"); + goto done; + } owner_sid = SMB_CALLOC_ARRAY(DOM_SID, 1); if (!owner_sid || !StringToSid(owner_sid, tok+6)) { @@ -402,6 +406,10 @@ } if (strncmp(tok,"GROUP:", 6) == 0) { + if (grp_sid) { + printf("Only specify group once\n"); + goto done; + } grp_sid = SMB_CALLOC_ARRAY(DOM_SID, 1); if (!grp_sid || !StringToSid(grp_sid, tok+6)) { Modified: trunk/source/utils/smbcacls.c === --- trunk/source/utils/smbcacls.c 2006-03-13 01:32:30 UTC (rev 14277) +++ trunk/source/utils/smbcacls.c 2006-03-13 01:32:30 UTC (rev 14278) @@ -392,6 +392,10 @@ } if (strncmp(tok,"OWNER:", 6) == 0) { + if (owner_sid) { + printf("Only specify owner once\n"); + goto done; + } owner_sid = SMB_CALLOC_ARRAY(DOM_SID, 1); if (!owner_sid || !StringToSid(owner_sid, tok+6)) { @@ -402,6 +406,10 @@ } if (strncmp(tok,"GROUP:", 6) == 0) { + if (grp_sid) { + printf("Only specify group once\n"); + goto done; + } grp_sid = SMB_CALLOC_ARRAY(DOM_SID, 1); if (!grp_sid || !StringToSid(grp_sid, tok+6)) {
svn commit: samba r14272 - branches/SAMBA_3_0/source/utils trunk/source/utils
Author: jmcd Date: 2006-03-13 00:35:33 + (Mon, 13 Mar 2006) New Revision: 14272 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14272 Log: Fix Coverity # 81: free alloc'ed storage before returning Modified: branches/SAMBA_3_0/source/utils/smbcacls.c trunk/source/utils/smbcacls.c Changeset: Modified: branches/SAMBA_3_0/source/utils/smbcacls.c === --- branches/SAMBA_3_0/source/utils/smbcacls.c 2006-03-13 00:30:23 UTC (rev 14271) +++ branches/SAMBA_3_0/source/utils/smbcacls.c 2006-03-13 00:35:33 UTC (rev 14272) @@ -378,7 +378,7 @@ { const char *p = str; fstring tok; - SEC_DESC *ret; + SEC_DESC *ret = NULL; size_t sd_size; DOM_SID *grp_sid=NULL, *owner_sid=NULL; SEC_ACL *dacl=NULL; @@ -396,7 +396,7 @@ if (!owner_sid || !StringToSid(owner_sid, tok+6)) { printf("Failed to parse owner sid\n"); - return NULL; + goto done; } continue; } @@ -406,7 +406,7 @@ if (!grp_sid || !StringToSid(grp_sid, tok+6)) { printf("Failed to parse group sid\n"); - return NULL; + goto done; } continue; } @@ -414,22 +414,23 @@ if (strncmp(tok,"ACL:", 4) == 0) { SEC_ACE ace; if (!parse_ace(&ace, tok+4)) { - return NULL; + goto done; } if(!add_ace(&dacl, &ace)) { printf("Failed to add ACL %s\n", tok); - return NULL; + goto done; } continue; } printf("Failed to parse token '%s' in security descriptor,\n", tok); - return NULL; + goto done; } ret = make_sec_desc(ctx,revision, SEC_DESC_SELF_RELATIVE, owner_sid, grp_sid, NULL, dacl, &sd_size); + done: SAFE_FREE(grp_sid); SAFE_FREE(owner_sid); Modified: trunk/source/utils/smbcacls.c === --- trunk/source/utils/smbcacls.c 2006-03-13 00:30:23 UTC (rev 14271) +++ trunk/source/utils/smbcacls.c 2006-03-13 00:35:33 UTC (rev 14272) @@ -378,7 +378,7 @@ { const char *p = str; fstring tok; - SEC_DESC *ret; + SEC_DESC *ret = NULL; size_t sd_size; DOM_SID *grp_sid=NULL, *owner_sid=NULL; SEC_ACL *dacl=NULL; @@ -396,7 +396,7 @@ if (!owner_sid || !StringToSid(owner_sid, tok+6)) { printf("Failed to parse owner sid\n"); - return NULL; + goto done; } continue; } @@ -406,7 +406,7 @@ if (!grp_sid || !StringToSid(grp_sid, tok+6)) { printf("Failed to parse group sid\n"); - return NULL; + goto done; } continue; } @@ -414,22 +414,23 @@ if (strncmp(tok,"ACL:", 4) == 0) { SEC_ACE ace; if (!parse_ace(&ace, tok+4)) { - return NULL; + goto done; } if(!add_ace(&dacl, &ace)) { printf("Failed to add ACL %s\n", tok); - return NULL; + goto done; } continue; } printf("Failed to parse token '%s' in security descriptor,\n", tok); - return NULL; + goto done; } ret = make_sec_desc(ctx,revision, SEC_DESC_SELF_RELATIVE, owner_sid, grp_sid, NULL, dacl, &sd_size); + done: SAFE_FREE(grp_sid); SAFE_FREE(owner_sid);
svn commit: samba r14252 - branches/SAMBA_3_0/source/libads trunk/source/libads
Author: jmcd Date: 2006-03-12 19:56:10 + (Sun, 12 Mar 2006) New Revision: 14252 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14252 Log: Fix Coverity #72: free alloc'ed storage before return. Also found one more that coverity didn't find from asprintf. Modified: branches/SAMBA_3_0/source/libads/ldap.c trunk/source/libads/ldap.c Changeset: Modified: branches/SAMBA_3_0/source/libads/ldap.c === --- branches/SAMBA_3_0/source/libads/ldap.c 2006-03-12 19:16:57 UTC (rev 14251) +++ branches/SAMBA_3_0/source/libads/ldap.c 2006-03-12 19:56:10 UTC (rev 14252) @@ -1914,7 +1914,10 @@ * we have to bail out before prs_init */ ps_wire.is_dynamic = False; - if (!ads) return ADS_ERROR(LDAP_SERVER_DOWN); + if (!ads) { + SAFE_FREE(escaped_hostname); + return ADS_ERROR(LDAP_SERVER_DOWN); + } ret = ADS_ERROR(LDAP_SUCCESS); @@ -1932,6 +1935,8 @@ ret = ads_search(ads, (void *) &res, expr, attrs); + SAFE_FREE(expr); + if (!ADS_ERR_OK(ret)) return ret; if ( !(msg = ads_first_entry(ads, res) )) { Modified: trunk/source/libads/ldap.c === --- trunk/source/libads/ldap.c 2006-03-12 19:16:57 UTC (rev 14251) +++ trunk/source/libads/ldap.c 2006-03-12 19:56:10 UTC (rev 14252) @@ -1914,7 +1914,10 @@ * we have to bail out before prs_init */ ps_wire.is_dynamic = False; - if (!ads) return ADS_ERROR(LDAP_SERVER_DOWN); + if (!ads) { + SAFE_FREE(escaped_hostname); + return ADS_ERROR(LDAP_SERVER_DOWN); + } ret = ADS_ERROR(LDAP_SUCCESS); @@ -1932,6 +1935,8 @@ ret = ads_search(ads, (void *) &res, expr, attrs); + SAFE_FREE(expr); + if (!ADS_ERR_OK(ret)) return ret; if ( !(msg = ads_first_entry(ads, res) )) {
svn commit: samba r14156 - branches/SAMBA_3_0/source/utils trunk/source/utils
Author: jmcd Date: 2006-03-10 14:28:51 + (Fri, 10 Mar 2006) New Revision: 14156 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14156 Log: Fix coverity #114: free storage alloc'ed by sstring_sub() Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c trunk/source/utils/net_rpc_samsync.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c === --- branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2006-03-10 14:20:09 UTC (rev 14155) +++ branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2006-03-10 14:28:51 UTC (rev 14156) @@ -1455,7 +1455,7 @@ fstring hex_nt_passwd, hex_lm_passwd; fstring description, fullname, sambaSID; uchar lm_passwd[16], nt_passwd[16]; - char *flags; + char *flags, *user_rdn; const char* nopasswd = ""; static uchar zero_buf[16]; uint32 rid = 0, group_rid = 0, gidNumber = 0; @@ -1551,10 +1551,11 @@ NEW_PW_FORMAT_SPACE_PADDED_LEN); /* Add the user to the temporary add ldif file */ - fprintf(add_fd, "# %s, %s, %s\n", username, - sstring_sub(lp_ldap_user_suffix(), '=', ','), suffix); - fprintf(add_fd, "dn: uid=%s,ou=%s,%s\n", username, - sstring_sub(lp_ldap_user_suffix(), '=', ','), suffix); + /* this isn't quite right...we can't assume there's just OU=. jmcd */ + user_rdn = sstring_sub(lp_ldap_user_suffix(), '=', ','); + fprintf(add_fd, "# %s, %s, %s\n", username, user_rdn, suffix); + fprintf(add_fd, "dn: uid=%s,ou=%s,%s\n", username, user_rdn, suffix); + SAFE_FREE(user_rdn); fprintf(add_fd, "ObjectClass: top\n"); fprintf(add_fd, "objectClass: inetOrgPerson\n"); fprintf(add_fd, "objectClass: posixAccount\n"); Modified: trunk/source/utils/net_rpc_samsync.c === --- trunk/source/utils/net_rpc_samsync.c2006-03-10 14:20:09 UTC (rev 14155) +++ trunk/source/utils/net_rpc_samsync.c2006-03-10 14:28:51 UTC (rev 14156) @@ -1455,7 +1455,7 @@ fstring hex_nt_passwd, hex_lm_passwd; fstring description, fullname, sambaSID; uchar lm_passwd[16], nt_passwd[16]; - char *flags; + char *flags, *user_rdn; const char* nopasswd = ""; static uchar zero_buf[16]; uint32 rid = 0, group_rid = 0, gidNumber = 0; @@ -1551,10 +1551,11 @@ NEW_PW_FORMAT_SPACE_PADDED_LEN); /* Add the user to the temporary add ldif file */ - fprintf(add_fd, "# %s, %s, %s\n", username, - sstring_sub(lp_ldap_user_suffix(), '=', ','), suffix); - fprintf(add_fd, "dn: uid=%s,ou=%s,%s\n", username, - sstring_sub(lp_ldap_user_suffix(), '=', ','), suffix); + /* this isn't quite right...we can't assume there's just OU=. jmcd */ + user_rdn = sstring_sub(lp_ldap_user_suffix(), '=', ','); + fprintf(add_fd, "# %s, %s, %s\n", username, user_rdn, suffix); + fprintf(add_fd, "dn: uid=%s,ou=%s,%s\n", username, user_rdn, suffix); + SAFE_FREE(user_rdn); fprintf(add_fd, "ObjectClass: top\n"); fprintf(add_fd, "objectClass: inetOrgPerson\n"); fprintf(add_fd, "objectClass: posixAccount\n");
svn commit: samba r14155 - branches/SAMBA_3_0/source/utils trunk/source/utils
Author: jmcd Date: 2006-03-10 14:20:09 + (Fri, 10 Mar 2006) New Revision: 14155 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14155 Log: Fix coverity #115: free storage alloc'ed by sstring_sub() Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c trunk/source/utils/net_rpc_samsync.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c === --- branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2006-03-10 14:18:10 UTC (rev 14154) +++ branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2006-03-10 14:20:09 UTC (rev 14155) @@ -1636,6 +1636,7 @@ strcmp(aliasname, "Print Operators") == 0 || strcmp(aliasname, "Backup Operators") == 0 || strcmp(aliasname, "Replicator") == 0) { + SAFE_FREE(group_attr); return NT_STATUS_OK; } else { /* Increment the gid for the new group */ @@ -1663,6 +1664,7 @@ fprintf(add_fd, "\n"); fflush(add_fd); + SAFE_FREE(group_attr); /* Return */ return NT_STATUS_OK; } Modified: trunk/source/utils/net_rpc_samsync.c === --- trunk/source/utils/net_rpc_samsync.c2006-03-10 14:18:10 UTC (rev 14154) +++ trunk/source/utils/net_rpc_samsync.c2006-03-10 14:20:09 UTC (rev 14155) @@ -1636,6 +1636,7 @@ strcmp(aliasname, "Print Operators") == 0 || strcmp(aliasname, "Backup Operators") == 0 || strcmp(aliasname, "Replicator") == 0) { + SAFE_FREE(group_attr); return NT_STATUS_OK; } else { /* Increment the gid for the new group */ @@ -1663,6 +1664,7 @@ fprintf(add_fd, "\n"); fflush(add_fd); + SAFE_FREE(group_attr); /* Return */ return NT_STATUS_OK; }
svn commit: samba r14153 - branches/SAMBA_3_0/source/utils trunk/source/utils
Author: jmcd Date: 2006-03-10 14:17:44 + (Fri, 10 Mar 2006) New Revision: 14153 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14153 Log: Fix coverity #116: free storage alloc'ed by sstring_sub() Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c trunk/source/utils/net_rpc_samsync.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c === --- branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2006-03-10 14:14:23 UTC (rev 14152) +++ branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2006-03-10 14:17:44 UTC (rev 14153) @@ -1412,6 +1412,7 @@ strcmp(groupname, "Print Operators") == 0 || strcmp(groupname, "Backup Operators") == 0 || strcmp(groupname, "Replicators") == 0) { + SAFE_FREE(group_attr); return NT_STATUS_OK; } else { /* Increment the gid for the new group */ @@ -1441,6 +1442,7 @@ fprintf(add_fd, "\n"); fflush(add_fd); + SAFE_FREE(group_attr); /* Return */ return NT_STATUS_OK; } Modified: trunk/source/utils/net_rpc_samsync.c === --- trunk/source/utils/net_rpc_samsync.c2006-03-10 14:14:23 UTC (rev 14152) +++ trunk/source/utils/net_rpc_samsync.c2006-03-10 14:17:44 UTC (rev 14153) @@ -1412,6 +1412,7 @@ strcmp(groupname, "Print Operators") == 0 || strcmp(groupname, "Backup Operators") == 0 || strcmp(groupname, "Replicators") == 0) { + SAFE_FREE(group_attr); return NT_STATUS_OK; } else { /* Increment the gid for the new group */ @@ -1441,6 +1442,7 @@ fprintf(add_fd, "\n"); fflush(add_fd); + SAFE_FREE(group_attr); /* Return */ return NT_STATUS_OK; }
svn commit: samba r14152 - branches/SAMBA_3_0/source/utils trunk/source/utils
Author: jmcd Date: 2006-03-10 14:14:23 + (Fri, 10 Mar 2006) New Revision: 14152 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14152 Log: Fix coverity #117: free storage alloc'ed by sstring_sub Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c trunk/source/utils/net_rpc_samsync.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c === --- branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2006-03-10 14:13:04 UTC (rev 14151) +++ branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2006-03-10 14:14:23 UTC (rev 14152) @@ -1384,6 +1384,7 @@ group_attr, suffix); accountmap[7].rid = 551; pstr_sprintf(accountmap[7].cn, "%s", "Replicators"); + SAFE_FREE(group_attr); return NT_STATUS_OK; } Modified: trunk/source/utils/net_rpc_samsync.c === --- trunk/source/utils/net_rpc_samsync.c2006-03-10 14:13:04 UTC (rev 14151) +++ trunk/source/utils/net_rpc_samsync.c2006-03-10 14:14:23 UTC (rev 14152) @@ -1384,6 +1384,7 @@ group_attr, suffix); accountmap[7].rid = 551; pstr_sprintf(accountmap[7].cn, "%s", "Replicators"); + SAFE_FREE(group_attr); return NT_STATUS_OK; }
svn commit: samba r14150 - branches/SAMBA_3_0/source/utils trunk/source/utils
Author: jmcd Date: 2006-03-10 14:09:34 + (Fri, 10 Mar 2006) New Revision: 14150 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14150 Log: Fix coverity #118: not freeing alloc'ed storage returned from sstring_sub(). Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c trunk/source/utils/net_rpc_samsync.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c === --- branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2006-03-10 13:38:17 UTC (rev 14149) +++ branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2006-03-10 14:09:34 UTC (rev 14150) @@ -1309,7 +1309,9 @@ fflush(add_fd); /* Deallocate memory, and return */ - if (suffix_attr != NULL) SAFE_FREE(suffix_attr); + SAFE_FREE(suffix_attr); + SAFE_FREE(user_attr); + SAFE_FREE(group_attr); return NT_STATUS_OK; } Modified: trunk/source/utils/net_rpc_samsync.c === --- trunk/source/utils/net_rpc_samsync.c2006-03-10 13:38:17 UTC (rev 14149) +++ trunk/source/utils/net_rpc_samsync.c2006-03-10 14:09:34 UTC (rev 14150) @@ -1309,7 +1309,9 @@ fflush(add_fd); /* Deallocate memory, and return */ - if (suffix_attr != NULL) SAFE_FREE(suffix_attr); + SAFE_FREE(suffix_attr); + SAFE_FREE(user_attr); + SAFE_FREE(group_attr); return NT_STATUS_OK; }
svn commit: samba r14147 - branches/SAMBA_3_0/source/utils trunk/source/utils
Author: jmcd Date: 2006-03-10 13:33:02 + (Fri, 10 Mar 2006) New Revision: 14147 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14147 Log: Fix coverity #119. alloc'ed memory returned not saved, so not freed. Need to go back and correct the assumption that an "ldap xxx suffix" parm must have an OU. Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c trunk/source/utils/net_rpc_samsync.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c === --- branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2006-03-10 13:14:01 UTC (rev 14146) +++ branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2006-03-10 13:33:02 UTC (rev 14147) @@ -1076,11 +1076,15 @@ if (machine_suffix && *machine_suffix && strcmp(machine_suffix, user_suffix) && strcmp(machine_suffix, suffix)) { - fprintf(add_fd, "# %s\n", lp_ldap_machine_suffix()); - fprintf(add_fd, "dn: %s\n", lp_ldap_machine_suffix()); + char *machine_ou = NULL; + fprintf(add_fd, "# %s\n", machine_suffix); + fprintf(add_fd, "dn: %s\n", machine_suffix); fprintf(add_fd, "objectClass: organizationalUnit\n"); - fprintf(add_fd, "ou: %s\n", - sstring_sub(lp_ldap_machine_suffix(), '=', ',')); + /* this isn't totally correct as it assumes that + there _must_ be an ou. just fixing memleak now. jmcd */ + machine_ou = sstring_sub(lp_ldap_machine_suffix(), '=', ','); + fprintf(add_fd, "ou: %s\n", machine_ou); + SAFE_FREE(machine_ou); fprintf(add_fd, "\n"); fflush(add_fd); } Modified: trunk/source/utils/net_rpc_samsync.c === --- trunk/source/utils/net_rpc_samsync.c2006-03-10 13:14:01 UTC (rev 14146) +++ trunk/source/utils/net_rpc_samsync.c2006-03-10 13:33:02 UTC (rev 14147) @@ -1076,11 +1076,15 @@ if (machine_suffix && *machine_suffix && strcmp(machine_suffix, user_suffix) && strcmp(machine_suffix, suffix)) { - fprintf(add_fd, "# %s\n", lp_ldap_machine_suffix()); - fprintf(add_fd, "dn: %s\n", lp_ldap_machine_suffix()); + char *machine_ou = NULL; + fprintf(add_fd, "# %s\n", machine_suffix); + fprintf(add_fd, "dn: %s\n", machine_suffix); fprintf(add_fd, "objectClass: organizationalUnit\n"); - fprintf(add_fd, "ou: %s\n", - sstring_sub(lp_ldap_machine_suffix(), '=', ',')); + /* this isn't totally correct as it assumes that + there _must_ be an ou. just fixing memleak now. jmcd */ + machine_ou = sstring_sub(lp_ldap_machine_suffix(), '=', ','); + fprintf(add_fd, "ou: %s\n", machine_ou); + SAFE_FREE(machine_ou); fprintf(add_fd, "\n"); fflush(add_fd); }
svn commit: samba r14135 - branches/SAMBA_3_0/source/utils trunk/source/utils
Author: jmcd Date: 2006-03-10 09:41:08 + (Fri, 10 Mar 2006) New Revision: 14135 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14135 Log: Fix for Coverity #123: resource leak. Also rework much of the code to make it cleaner. There's still more to do on this... Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c trunk/source/utils/net_rpc_samsync.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c === --- branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2006-03-10 09:07:03 UTC (rev 14134) +++ branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2006-03-10 09:41:08 UTC (rev 14135) @@ -1710,14 +1710,14 @@ char *ldif_file; fstring sid, domainname; uint32 sync_context = 0; - NTSTATUS result; + NTSTATUS ret = NT_STATUS_OK, result; int k; TALLOC_CTX *mem_ctx; SAM_DELTA_HDR *hdr_deltas; SAM_DELTA_CTR *deltas; uint32 num_deltas; const char *add_ldif = "/tmp/add.ldif", *mod_ldif = "/tmp/mod.ldif"; - FILE *add_fd, *mod_fd, *ldif_fd; + FILE *add_fd = NULL, *mod_fd = NULL, *ldif_fd = NULL; char sys_cmd[1024]; int num_alloced = 0, g_index = 0, a_index = 0, sys_cmd_result; @@ -1739,22 +1739,29 @@ else ldif_file = talloc_strdup(mem_ctx, "/tmp/tmp.ldif"); - if (ldif_file == NULL) - return NT_STATUS_NO_MEMORY; + if (ldif_file == NULL) { + ret = NT_STATUS_NO_MEMORY; + goto done; + } /* Open the add and mod ldif files */ - add_fd = fopen(add_ldif, "a"); - mod_fd = fopen(mod_ldif, "a"); - if (add_fd == NULL || mod_fd == NULL) { + if (!(add_fd = fopen(add_ldif, "a"))) { DEBUG(1, ("Could not open %s\n", add_ldif)); - return NT_STATUS_UNSUCCESSFUL; + ret = NT_STATUS_UNSUCCESSFUL; + goto done; + } + if (!(mod_fd = fopen(mod_ldif, "a"))) { + DEBUG(1, ("Could not open %s\n", mod_ldif)); + ret = NT_STATUS_UNSUCCESSFUL; + goto done; } /* Open the user's ldif file */ ldif_fd = fopen(ldif_file, "a"); if (ldif_fd == NULL) { DEBUG(1, ("Could not open %s\n", ldif_file)); - return NT_STATUS_UNSUCCESSFUL; + ret = NT_STATUS_UNSUCCESSFUL; + goto done; } /* Get the sid */ @@ -1779,7 +1786,8 @@ accountmap = SMB_MALLOC_ARRAY(ACCOUNTMAP, 8); if (groupmap == NULL || accountmap == NULL) { DEBUG(1,("GROUPMAP malloc failed\n")); - return NT_STATUS_NO_MEMORY; + ret = NT_STATUS_NO_MEMORY; + goto done; } /* Initialize the arrays */ @@ -1821,7 +1829,8 @@ &deltas); if (!NT_STATUS_IS_OK(result) && !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { - return NT_STATUS_OK; + ret = NT_STATUS_OK; + goto done; /* is this correct? jmcd */ } /* Re-allocate memory for groupmap and accountmap arrays */ @@ -1831,9 +1840,8 @@ num_deltas+num_alloced); if (groupmap == NULL || accountmap == NULL) { DEBUG(1,("GROUPMAP malloc failed\n")); - SAFE_FREE(groupmap); - SAFE_FREE(accountmap); - return NT_STATUS_NO_MEMORY; + ret = NT_STATUS_NO_MEMORY; + goto done; } /* Initialize the new records */ @@ -1925,7 +1933,9 @@ /* Close the ldif files */ fclose(add_fd); + add_fd = NULL; fclose(mod_fd); + mod_fd = NULL; /* Write ldif data to the user's file */ if (db_type == SAM_DATABASE_DOMAIN) { @@ -1946,7 +1956,8 @@ if (sys_cmd_result) { d_fprintf(stderr, "%s failed. Error was (%s)\n", sys_cmd, strerror(errno)); - return NT_STATUS_UNSUCCESSFUL; + ret = NT_STATUS_UNSUCCESSFUL; + goto done; } if (db_type == SAM_DATABASE_DOMAIN) { fprintf(ldif_fd, @@ -1966,20 +1977,26 @@ if (sys_cmd_result) { d_fprintf(stderr, "%s failed. Error was (%s)\n", sys_cmd, strerror(errno)); - return NT_STATUS_UNSUCCESSFUL; +
svn commit: samba r14085 - branches/SAMBA_3_0/source/utils trunk/source/utils
Author: jmcd Date: 2006-03-09 18:03:54 + (Thu, 09 Mar 2006) New Revision: 14085 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14085 Log: Fix coverity bg #152, uninit'ed var. Modified: branches/SAMBA_3_0/source/utils/net_rpc_join.c trunk/source/utils/net_rpc_join.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_rpc_join.c === --- branches/SAMBA_3_0/source/utils/net_rpc_join.c 2006-03-09 18:01:48 UTC (rev 14084) +++ branches/SAMBA_3_0/source/utils/net_rpc_join.c 2006-03-09 18:03:54 UTC (rev 14085) @@ -137,7 +137,7 @@ NTSTATUS result; int retval = 1; - char *domain; + char *domain = NULL; uint32 num_rids, *name_types, *user_rids; uint32 flags = 0x3e8; char *acct_name; Modified: trunk/source/utils/net_rpc_join.c === --- trunk/source/utils/net_rpc_join.c 2006-03-09 18:01:48 UTC (rev 14084) +++ trunk/source/utils/net_rpc_join.c 2006-03-09 18:03:54 UTC (rev 14085) @@ -137,7 +137,7 @@ NTSTATUS result; int retval = 1; - char *domain; + char *domain = NULL; uint32 num_rids, *name_types, *user_rids; uint32 flags = 0x3e8; char *acct_name;
svn commit: samba r14053 - branches/SAMBA_3_0/source/utils trunk/source/utils
Author: jmcd Date: 2006-03-08 21:29:49 + (Wed, 08 Mar 2006) New Revision: 14053 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14053 Log: Implement Simo's suggestion: don't use /dev/null for a 'bad' path for users/workstations Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c trunk/source/utils/net_rpc_samsync.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c === --- branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2006-03-08 21:20:43 UTC (rev 14052) +++ branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2006-03-08 21:29:49 UTC (rev 14053) @@ -1158,7 +1158,7 @@ fprintf(add_fd, "gidNumber: 514\n"); fprintf(add_fd, "uid: nobody\n"); fprintf(add_fd, "uidNumber: 999\n"); - fprintf(add_fd, "homeDirectory: /dev/null\n"); + fprintf(add_fd, "homeDirectory: /nobodyshomedir\n"); fprintf(add_fd, "sambaPwdLastSet: 0\n"); fprintf(add_fd, "sambaLogonTime: 0\n"); fprintf(add_fd, "sambaLogoffTime: 2147483647\n"); @@ -1472,7 +1472,7 @@ if (!*homedir) { pstr_sprintf(homedir, "/home/%s", username); } else { - pstr_sprintf(homedir, "/dev/null"); + pstr_sprintf(homedir, "/nobodyshomedir"); } } Modified: trunk/source/utils/net_rpc_samsync.c === --- trunk/source/utils/net_rpc_samsync.c2006-03-08 21:20:43 UTC (rev 14052) +++ trunk/source/utils/net_rpc_samsync.c2006-03-08 21:29:49 UTC (rev 14053) @@ -1158,7 +1158,7 @@ fprintf(add_fd, "gidNumber: 514\n"); fprintf(add_fd, "uid: nobody\n"); fprintf(add_fd, "uidNumber: 999\n"); - fprintf(add_fd, "homeDirectory: /dev/null\n"); + fprintf(add_fd, "homeDirectory: /nobodyshomedir\n"); fprintf(add_fd, "sambaPwdLastSet: 0\n"); fprintf(add_fd, "sambaLogonTime: 0\n"); fprintf(add_fd, "sambaLogoffTime: 2147483647\n"); @@ -1472,7 +1472,7 @@ if (!*homedir) { pstr_sprintf(homedir, "/home/%s", username); } else { - pstr_sprintf(homedir, "/dev/null"); + pstr_sprintf(homedir, "/nobodyshomedir"); } }
svn commit: samba r13968 - branches/SAMBA_3_0/source/utils trunk/source/utils
Author: jmcd Date: 2006-03-07 17:49:26 + (Tue, 07 Mar 2006) New Revision: 13968 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13968 Log: fix typo, caught by Guenther Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c trunk/source/utils/net_rpc_samsync.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c === --- branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2006-03-07 17:15:18 UTC (rev 13967) +++ branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2006-03-07 17:49:26 UTC (rev 13968) @@ -1464,7 +1464,7 @@ if (!*homedir) { pstr_sprintf(homedir, "/home/%s", username); } else { - pstr_sprintf(homedir, "dev/null"); + pstr_sprintf(homedir, "/dev/null"); } } Modified: trunk/source/utils/net_rpc_samsync.c === --- trunk/source/utils/net_rpc_samsync.c2006-03-07 17:15:18 UTC (rev 13967) +++ trunk/source/utils/net_rpc_samsync.c2006-03-07 17:49:26 UTC (rev 13968) @@ -1464,7 +1464,7 @@ if (!*homedir) { pstr_sprintf(homedir, "/home/%s", username); } else { - pstr_sprintf(homedir, "dev/null"); + pstr_sprintf(homedir, "/dev/null"); } }
svn commit: samba r13957 - branches/SAMBA_3_0/source/utils trunk/source/utils
Author: jmcd Date: 2006-03-07 16:29:25 + (Tue, 07 Mar 2006) New Revision: 13957 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13957 Log: Based on patch from Richard Renard <[EMAIL PROTECTED]>: Fix machine accounts (should not have valid shells) and users with no home directory (were getting previous user's directory). Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c trunk/source/utils/net_rpc_samsync.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c === --- branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2006-03-07 16:28:39 UTC (rev 13956) +++ branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2006-03-07 16:29:25 UTC (rev 13957) @@ -494,7 +494,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) { - NTSTATUS nt_ret; + NTSTATUS nt_ret = NT_STATUS_UNSUCCESSFUL; fstring account; pstring add_script; struct samu *sam_account=NULL; @@ -1434,12 +1434,11 @@ ACCOUNTMAP *accountmap, FILE *add_fd, fstring sid, char *suffix, int alloced) { - fstring username, homedir, logonscript, homedrive, homepath; + fstring username, logonscript, homedrive, homepath = "", homedir = ""; fstring hex_nt_passwd, hex_lm_passwd; fstring description, fullname, sambaSID; uchar lm_passwd[16], nt_passwd[16]; char *flags; - const char *blank = "", *shell = "/bin/bash"; const char* nopasswd = ""; static uchar zero_buf[16]; uint32 rid = 0, group_rid = 0, gidNumber = 0; @@ -1459,12 +1458,14 @@ pstr_sprintf(accountmap->cn, "%s", username); /* Get the home directory */ - unistr2_to_ascii(homedir, &(delta->account_info.uni_home_dir), -sizeof(homedir)-1); - if (strcmp(homedir, blank) == 0) { - pstr_sprintf(homedir, "/home/%s", username); - } else { - strncpy(homepath, homedir, sizeof(homepath)); + if (delta->account_info.acb_info & ACB_NORMAL) { + unistr2_to_ascii(homedir, &(delta->account_info.uni_home_dir), +sizeof(homedir)-1); + if (!*homedir) { + pstr_sprintf(homedir, "/home/%s", username); + } else { + pstr_sprintf(homedir, "dev/null"); + } } /* Get the logon script */ @@ -1478,7 +1479,7 @@ /* Get the description */ unistr2_to_ascii(description, &(delta->account_info.uni_acct_desc), sizeof(description)-1); - if (strcmp(description, blank) == 0) { + if (!*description) { pstr_sprintf(description, "System User"); } @@ -1548,18 +1549,20 @@ fprintf(add_fd, "uidNumber: %d\n", ldif_uid); fprintf(add_fd, "gidNumber: %d\n", gidNumber); fprintf(add_fd, "homeDirectory: %s\n", homedir); - if (strcmp(homepath, blank) != 0) + if (*homepath) fprintf(add_fd, "SambaHomePath: %s\n", homepath); -if (strcmp(homedrive, blank) != 0) +if (*homedrive) fprintf(add_fd, "SambaHomeDrive: %s\n", homedrive); -if (strcmp(logonscript, blank) != 0) +if (*logonscript) fprintf(add_fd, "SambaLogonScript: %s\n", logonscript); - fprintf(add_fd, "loginShell: %s\n", shell); + fprintf(add_fd, "loginShell: %s\n", + ((delta->account_info.acb_info & ACB_NORMAL) ? +"/bin/bash" : "/bin/false")); fprintf(add_fd, "gecos: System User\n"); fprintf(add_fd, "description: %s\n", description); fprintf(add_fd, "sambaSID: %s-%d\n", sid, rid); fprintf(add_fd, "sambaPrimaryGroupSID: %s\n", sambaSID); - if(strcmp(fullname, blank) != 0) + if(*fullname) fprintf(add_fd, "displayName: %s\n", fullname); if (strcmp(nopasswd, hex_lm_passwd) != 0) fprintf(add_fd, "sambaLMPassword: %s\n", hex_lm_passwd); Modified: trunk/source/utils/net_rpc_samsync.c === --- trunk/source/utils/net_rpc_samsync.c2006-03-07 16:28:39 UTC (rev 13956) +++ trunk/source/utils/net_rpc_samsync.c2006-03-07 16:29:25 UTC (rev 13957) @@ -494,7 +494,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) { - NTSTATUS nt_ret; + NTSTATUS nt_ret = NT_STATUS_UNSUCCESSFUL;
svn commit: samba r13949 - in trunk/source/lib: .
Author: jmcd Date: 2006-03-07 15:35:52 + (Tue, 07 Mar 2006) New Revision: 13949 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13949 Log: Fix build. Remove rpcclient include. Modified: trunk/source/lib/display_sec.c Changeset: Modified: trunk/source/lib/display_sec.c === --- trunk/source/lib/display_sec.c 2006-03-07 15:32:18 UTC (rev 13948) +++ trunk/source/lib/display_sec.c 2006-03-07 15:35:52 UTC (rev 13949) @@ -20,7 +20,6 @@ */ #include "includes.h" -#include "rpcclient.h" / convert a security permissions into a string
svn commit: samba r13948 - in branches/SAMBA_3_0/source/lib: .
Author: jmcd Date: 2006-03-07 15:32:18 + (Tue, 07 Mar 2006) New Revision: 13948 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13948 Log: Fix the build. Remove rpcclient.h include. Modified: branches/SAMBA_3_0/source/lib/display_sec.c Changeset: Modified: branches/SAMBA_3_0/source/lib/display_sec.c === --- branches/SAMBA_3_0/source/lib/display_sec.c 2006-03-07 15:27:35 UTC (rev 13947) +++ branches/SAMBA_3_0/source/lib/display_sec.c 2006-03-07 15:32:18 UTC (rev 13948) @@ -20,7 +20,6 @@ */ #include "includes.h" -#include "rpcclient.h" / convert a security permissions into a string
svn commit: samba r13188 - in trunk/examples/LDAP: .
Author: jmcd Date: 2006-01-27 15:31:02 + (Fri, 27 Jan 2006) New Revision: 13188 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13188 Log: Merge from 3.0 - samba schema updates for ITDS from [EMAIL PROTECTED] Modified: trunk/examples/LDAP/samba.schema.at.IBM-DS trunk/examples/LDAP/samba.schema.oc.IBM-DS Changeset: Modified: trunk/examples/LDAP/samba.schema.at.IBM-DS === --- trunk/examples/LDAP/samba.schema.at.IBM-DS 2006-01-27 15:14:55 UTC (rev 13187) +++ trunk/examples/LDAP/samba.schema.at.IBM-DS 2006-01-27 15:31:02 UTC (rev 13188) @@ -76,3 +76,24 @@ attributetypes=( 1.3.6.1.4.1.7165.2.1.56 NAME 'sambaAccountPolicyName' DESC 'Account Policy Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) attributetypes=( 1.3.6.1.4.1.7165.2.1.57 NAME 'sambaAccountPolicyValue' DESC 'Account Policy Value' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' DESC 'Minimal password length (default: 5)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength' DESC 'Length of Password History Entries (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' DESC 'Force Users to logon for password change (default: 0 => off, 2 => on)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' DESC 'Maximum password age, in seconds (default: -1 => never expire passwords)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' DESC 'Minimum password age, in seconds (default: 0 => allow immediate password change)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration' DESC 'Lockout duration in minutes (default: 30, -1 => forever)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindow' DESC 'Reset time after lockout in minutes (default: 30)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold' DESC 'Lockout users after bad logon attempts (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' DESC 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange' DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + Modified: trunk/examples/LDAP/samba.schema.oc.IBM-DS === --- trunk/examples/LDAP/samba.schema.oc.IBM-DS 2006-01-27 15:14:55 UTC (rev 13187) +++ trunk/examples/LDAP/samba.schema.oc.IBM-DS 2006-01-27 15:31:02 UTC (rev 13188) @@ -4,7 +4,7 @@ objectclasses=( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY DESC 'Samba Group Mapping' MUST ( gidNumber $ sambaSID $ sambaGroupType ) MAY ( displayName $ description $ sambaSIDList )) -objectclasses=( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL DESC 'Samba Domain Information' MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBase ) ) +objectclasses=( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL DESC 'Samba Domain Information' MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBase $ sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $ sambaMaxPwdAge $ sambaMinPwdAge $ sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $ sambaForceLogoff $ sambaRefuseMachinePwdChange ) ) objectclasses=( 1.3.6.1.4.1.7165.1.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY DESC 'Pool for allocating UNIX uids/gids' MUST ( uidNumber $ gidNumber ) )
svn commit: samba r13187 - in branches/SAMBA_3_0/examples/LDAP: .
Author: jmcd Date: 2006-01-27 15:14:55 + (Fri, 27 Jan 2006) New Revision: 13187 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13187 Log: IBM Tivoli Directory Server schema updates from John Janosik <[EMAIL PROTECTED]> Modified: branches/SAMBA_3_0/examples/LDAP/samba.schema.at.IBM-DS branches/SAMBA_3_0/examples/LDAP/samba.schema.oc.IBM-DS Changeset: Modified: branches/SAMBA_3_0/examples/LDAP/samba.schema.at.IBM-DS === --- branches/SAMBA_3_0/examples/LDAP/samba.schema.at.IBM-DS 2006-01-27 13:29:47 UTC (rev 13186) +++ branches/SAMBA_3_0/examples/LDAP/samba.schema.at.IBM-DS 2006-01-27 15:14:55 UTC (rev 13187) @@ -76,3 +76,24 @@ attributetypes=( 1.3.6.1.4.1.7165.2.1.56 NAME 'sambaAccountPolicyName' DESC 'Account Policy Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) attributetypes=( 1.3.6.1.4.1.7165.2.1.57 NAME 'sambaAccountPolicyValue' DESC 'Account Policy Value' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' DESC 'Minimal password length (default: 5)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength' DESC 'Length of Password History Entries (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' DESC 'Force Users to logon for password change (default: 0 => off, 2 => on)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' DESC 'Maximum password age, in seconds (default: -1 => never expire passwords)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' DESC 'Minimum password age, in seconds (default: 0 => allow immediate password change)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration' DESC 'Lockout duration in minutes (default: 30, -1 => forever)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindow' DESC 'Reset time after lockout in minutes (default: 30)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold' DESC 'Lockout users after bad logon attempts (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' DESC 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange' DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + Modified: branches/SAMBA_3_0/examples/LDAP/samba.schema.oc.IBM-DS === --- branches/SAMBA_3_0/examples/LDAP/samba.schema.oc.IBM-DS 2006-01-27 13:29:47 UTC (rev 13186) +++ branches/SAMBA_3_0/examples/LDAP/samba.schema.oc.IBM-DS 2006-01-27 15:14:55 UTC (rev 13187) @@ -4,7 +4,7 @@ objectclasses=( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY DESC 'Samba Group Mapping' MUST ( gidNumber $ sambaSID $ sambaGroupType ) MAY ( displayName $ description $ sambaSIDList )) -objectclasses=( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL DESC 'Samba Domain Information' MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBase ) ) +objectclasses=( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL DESC 'Samba Domain Information' MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBase $ sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $ sambaMaxPwdAge $ sambaMinPwdAge $ sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $ sambaForceLogoff $ sambaRefuseMachinePwdChange ) ) objectclasses=( 1.3.6.1.4.1.7165.1.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY DESC 'Pool for allocating UNIX uids/gids' MUST ( uidNumber $ gidNumber ) )
svn commit: samba r11886 - branches/SAMBA_3_0/source/auth trunk/source/auth
Author: jmcd Date: 2005-11-23 22:08:57 + (Wed, 23 Nov 2005) New Revision: 11886 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11886 Log: Fix 3187: logon hours restrictions were off corresponding to our offset from GMT. Use gmtime() instead of localtime() in the calc, but still use localtime() in displaying it. Modified: branches/SAMBA_3_0/source/auth/auth_sam.c trunk/source/auth/auth_sam.c Changeset: Modified: branches/SAMBA_3_0/source/auth/auth_sam.c === --- branches/SAMBA_3_0/source/auth/auth_sam.c 2005-11-23 18:49:30 UTC (rev 11885) +++ branches/SAMBA_3_0/source/auth/auth_sam.c 2005-11-23 22:08:57 UTC (rev 11886) @@ -88,7 +88,7 @@ } lasttime = (time_t)smb_last_time.tv_sec; - utctime = localtime(&lasttime); + utctime = gmtime(&lasttime); /* find the corresponding byte and bit */ bitpos = (utctime->tm_wday * 24 + utctime->tm_hour) % 168; @@ -96,7 +96,8 @@ if (! (hours[bitpos/8] & bitmask)) { DEBUG(1,("logon_hours_ok: Account for user %s not allowed to logon at this time (%s).\n", - pdb_get_username(sampass), asctime(utctime) )); + pdb_get_username(sampass), + asctime(localtime(&lasttime)) )); return False; } Modified: trunk/source/auth/auth_sam.c === --- trunk/source/auth/auth_sam.c2005-11-23 18:49:30 UTC (rev 11885) +++ trunk/source/auth/auth_sam.c2005-11-23 22:08:57 UTC (rev 11886) @@ -88,7 +88,7 @@ } lasttime = (time_t)smb_last_time.tv_sec; - utctime = localtime(&lasttime); + utctime = gmtime(&lasttime); /* find the corresponding byte and bit */ bitpos = (utctime->tm_wday * 24 + utctime->tm_hour) % 168; @@ -96,7 +96,8 @@ if (! (hours[bitpos/8] & bitmask)) { DEBUG(1,("logon_hours_ok: Account for user %s not allowed to logon at this time (%s).\n", - pdb_get_username(sampass), asctime(utctime) )); + pdb_get_username(sampass), + asctime(localtime(&lasttime)) )); return False; }
svn commit: samba r11236 - branches/SAMBA_3_0/source/passdb branches/SAMBA_3_0/source/rpc_server trunk/source/passdb trunk/source/rpc_server
Author: jmcd Date: 2005-10-20 20:40:47 + (Thu, 20 Oct 2005) New Revision: 11236 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11236 Log: Implement user rename for smbpasswd and ldap backends. Some cleanup on tdb as well to make naming consistent. Modified: branches/SAMBA_3_0/source/passdb/pdb_ldap.c branches/SAMBA_3_0/source/passdb/pdb_smbpasswd.c branches/SAMBA_3_0/source/passdb/pdb_tdb.c branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c trunk/source/passdb/pdb_ldap.c trunk/source/passdb/pdb_smbpasswd.c trunk/source/passdb/pdb_tdb.c trunk/source/rpc_server/srv_samr_nt.c Changeset: Sorry, the patch is too large (449 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11236
svn commit: samba r11230 - branches/SAMBA_3_0/source/lib trunk/source/lib
Author: jmcd Date: 2005-10-20 16:07:36 + (Thu, 20 Oct 2005) New Revision: 11230 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11230 Log: Remove the '//' i was using to test something...oops Modified: branches/SAMBA_3_0/source/lib/util_sid.c trunk/source/lib/util_sid.c Changeset: Modified: branches/SAMBA_3_0/source/lib/util_sid.c === --- branches/SAMBA_3_0/source/lib/util_sid.c2005-10-20 16:05:12 UTC (rev 11229) +++ branches/SAMBA_3_0/source/lib/util_sid.c2005-10-20 16:07:36 UTC (rev 11230) @@ -267,7 +267,7 @@ return False; } -// ZERO_STRUCTP(sidout); + ZERO_STRUCTP(sidout); /* Get the revision number. */ p = sidstr + 2; Modified: trunk/source/lib/util_sid.c === --- trunk/source/lib/util_sid.c 2005-10-20 16:05:12 UTC (rev 11229) +++ trunk/source/lib/util_sid.c 2005-10-20 16:07:36 UTC (rev 11230) @@ -267,7 +267,7 @@ return False; } -// ZERO_STRUCTP(sidout); + ZERO_STRUCTP(sidout); /* Get the revision number. */ p = sidstr + 2;
svn commit: samba r11229 - branches/SAMBA_3_0/source/lib trunk/source/lib
Author: jmcd Date: 2005-10-20 16:05:12 + (Thu, 20 Oct 2005) New Revision: 11229 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11229 Log: an even bigger speedup spotted by Volker. string_to_sid() is now taking 1/5th the time it used to. Replace strcasecmp with invididual char checks for "S-" sid prefix. Modified: branches/SAMBA_3_0/source/lib/util_sid.c trunk/source/lib/util_sid.c Changeset: Modified: branches/SAMBA_3_0/source/lib/util_sid.c === --- branches/SAMBA_3_0/source/lib/util_sid.c2005-10-20 15:09:41 UTC (rev 11228) +++ branches/SAMBA_3_0/source/lib/util_sid.c2005-10-20 16:05:12 UTC (rev 11229) @@ -262,12 +262,12 @@ /* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */ uint32 conv; - if (StrnCaseCmp( sidstr, "S-", 2)) { + if ((sidstr[0] != 'S' && sidstr[0] != 's') || sidstr[1] != '-') { DEBUG(0,("string_to_sid: Sid %s does not start with 'S-'.\n", sidstr)); return False; } - ZERO_STRUCTP(sidout); +// ZERO_STRUCTP(sidout); /* Get the revision number. */ p = sidstr + 2; Modified: trunk/source/lib/util_sid.c === --- trunk/source/lib/util_sid.c 2005-10-20 15:09:41 UTC (rev 11228) +++ trunk/source/lib/util_sid.c 2005-10-20 16:05:12 UTC (rev 11229) @@ -262,12 +262,12 @@ /* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */ uint32 conv; - if (StrnCaseCmp( sidstr, "S-", 2)) { + if ((sidstr[0] != 'S' && sidstr[0] != 's') || sidstr[1] != '-') { DEBUG(0,("string_to_sid: Sid %s does not start with 'S-'.\n", sidstr)); return False; } - ZERO_STRUCTP(sidout); +// ZERO_STRUCTP(sidout); /* Get the revision number. */ p = sidstr + 2;
svn commit: samba r11228 - branches/SAMBA_3_0/source/lib trunk/source/lib
Author: jmcd Date: 2005-10-20 15:09:41 + (Thu, 20 Oct 2005) New Revision: 11228 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11228 Log: Speed up string_to_sid by removing next_token calls, thus eliminating the need for allocating memory to duplicate the string. Modified: branches/SAMBA_3_0/source/lib/util_sid.c trunk/source/lib/util_sid.c Changeset: Modified: branches/SAMBA_3_0/source/lib/util_sid.c === --- branches/SAMBA_3_0/source/lib/util_sid.c2005-10-20 14:29:24 UTC (rev 11227) +++ branches/SAMBA_3_0/source/lib/util_sid.c2005-10-20 15:09:41 UTC (rev 11228) @@ -6,6 +6,7 @@ Copyright (C) Jeremy Allison1999 Copyright (C) Stefan (metze) Metzmacher 2002 Copyright (C) Simo Sorce2002 + Copyright (C) Jim McDonough <[EMAIL PROTECTED]> 2005 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -256,63 +257,55 @@ BOOL string_to_sid(DOM_SID *sidout, const char *sidstr) { - pstring tok; - char *q; const char *p; + char *q; /* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */ - uint32 ia; + uint32 conv; if (StrnCaseCmp( sidstr, "S-", 2)) { DEBUG(0,("string_to_sid: Sid %s does not start with 'S-'.\n", sidstr)); return False; } - memset((char *)sidout, '\0', sizeof(DOM_SID)); + ZERO_STRUCTP(sidout); - p = q = SMB_STRDUP(sidstr + 2); - if (p == NULL) { - DEBUG(0, ("string_to_sid: out of memory!\n")); - return False; - } - - if (!next_token(&p, tok, "-", sizeof(tok))) { + /* Get the revision number. */ + p = sidstr + 2; + conv = (uint32) strtoul(p, &q, 10); + if (!q || (*q != '-')) { DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr)); - SAFE_FREE(q); return False; } + sidout->sid_rev_num = (uint8) conv; + q++; - /* Get the revision number. */ - sidout->sid_rev_num = (uint8)strtoul(tok, NULL, 10); - - if (!next_token(&p, tok, "-", sizeof(tok))) { + /* get identauth */ + conv = (uint32) strtoul(q, &q, 10); + if (!q || (*q != '-')) { DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr)); - SAFE_FREE(q); return False; } - /* identauth in decimal should be < 2^32 */ - ia = (uint32)strtoul(tok, NULL, 10); - - /* NOTE - the ia value is in big-endian format. */ + /* NOTE - the conv value is in big-endian format. */ sidout->id_auth[0] = 0; sidout->id_auth[1] = 0; - sidout->id_auth[2] = (ia & 0xff00) >> 24; - sidout->id_auth[3] = (ia & 0x00ff) >> 16; - sidout->id_auth[4] = (ia & 0xff00) >> 8; - sidout->id_auth[5] = (ia & 0x00ff); + sidout->id_auth[2] = (conv & 0xff00) >> 24; + sidout->id_auth[3] = (conv & 0x00ff) >> 16; + sidout->id_auth[4] = (conv & 0xff00) >> 8; + sidout->id_auth[5] = (conv & 0x00ff); + q++; sidout->num_auths = 0; - while(next_token(&p, tok, "-", sizeof(tok)) && - sidout->num_auths < MAXSUBAUTHS) { - /* -* NOTE - the subauths are in native machine-endian format. They -* are converted to little-endian when linearized onto the wire. -*/ - sid_append_rid(sidout, (uint32)strtoul(tok, NULL, 10)); + for(conv = (uint32) strtoul(q, &q, 10); + q && (*q =='-' || *q =='\0') && (sidout->num_auths < MAXSUBAUTHS); + conv = (uint32) strtoul(q, &q, 10)) { + sid_append_rid(sidout, conv); + if (*q == '\0') + break; + q++; } - - SAFE_FREE(q); + return True; } Modified: trunk/source/lib/util_sid.c === --- trunk/source/lib/util_sid.c 2005-10-20 14:29:24 UTC (rev 11227) +++ trunk/source/lib/util_sid.c 2005-10-20 15:09:41 UTC (rev 11228) @@ -6,6 +6,7 @@ Copyright (C) Jeremy Allison1999 Copyright (C) Stefan (metze) Metzmacher 2002 Copyright (C) Simo Sorce2002 + Copyright (C) Jim McDonough <[EMAIL PROTECTED]> 2005
svn commit: samba r10911 - branches/SAMBA_3_0/source/include branches/SAMBA_3_0/source/param branches/SAMBA_3_0/source/passdb branches/SAMBA_3_0/source/rpc_server trunk/source/include trunk/source/par
Author: jmcd Date: 2005-10-11 20:14:04 + (Tue, 11 Oct 2005) New Revision: 10911 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10911 Log: part of #2861: add rename support for usrmgr.exe when using tdbsam This gets it working before replacing tdb with the samba4 version. Modified: branches/SAMBA_3_0/source/include/passdb.h branches/SAMBA_3_0/source/param/loadparm.c branches/SAMBA_3_0/source/passdb/pdb_interface.c branches/SAMBA_3_0/source/passdb/pdb_tdb.c branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c trunk/source/include/passdb.h trunk/source/param/loadparm.c trunk/source/passdb/pdb_interface.c trunk/source/passdb/pdb_tdb.c trunk/source/rpc_server/srv_samr_nt.c Changeset: Sorry, the patch is too large (1081 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10911
svn commit: samba r10910 - in trunk/source: include libsmb utils
Author: jmcd Date: 2005-10-11 18:53:13 + (Tue, 11 Oct 2005) New Revision: 10910 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10910 Log: Give better shutdown messages Modified: trunk/source/include/doserr.h trunk/source/libsmb/doserr.c trunk/source/utils/net_rpc.c Changeset: Modified: trunk/source/include/doserr.h === --- trunk/source/include/doserr.h 2005-10-11 18:42:25 UTC (rev 10909) +++ trunk/source/include/doserr.h 2005-10-11 18:53:13 UTC (rev 10910) @@ -196,6 +196,7 @@ #define WERR_REG_FILE_INVALID W_ERROR(1017) #define WERR_NO_SUCH_SERVICE W_ERROR(1060) #define WERR_INVALID_SERVICE_CONTROL W_ERROR(1052) +#define WERR_MACHINE_LOCKED W_ERROR(1271) #define WERR_INVALID_SECURITY_DESCRIPTOR W_ERROR(1338) #define WERR_EVENTLOG_FILE_CORRUPT W_ERROR(1500) #define WERR_SERVER_UNAVAILABLE W_ERROR(1722) Modified: trunk/source/libsmb/doserr.c === --- trunk/source/libsmb/doserr.c2005-10-11 18:42:25 UTC (rev 10909) +++ trunk/source/libsmb/doserr.c2005-10-11 18:53:13 UTC (rev 10910) @@ -66,6 +66,7 @@ { "WERR_DFS_NO_SUCH_SERVER", WERR_DFS_NO_SUCH_SERVER }, { "WERR_DFS_INTERNAL_ERROR", WERR_DFS_INTERNAL_ERROR }, { "WERR_DFS_CANT_CREATE_JUNCT", WERR_DFS_CANT_CREATE_JUNCT }, + { "WERR_MACHINE_LOCKED", WERR_MACHINE_LOCKED }, { "WERR_INVALID_SECURITY_DESCRIPTOR", WERR_INVALID_SECURITY_DESCRIPTOR }, { "WERR_INVALID_OWNER", WERR_INVALID_OWNER }, { "WERR_SERVER_UNAVAILABLE", WERR_SERVER_UNAVAILABLE }, Modified: trunk/source/utils/net_rpc.c === --- trunk/source/utils/net_rpc.c2005-10-11 18:42:25 UTC (rev 10909) +++ trunk/source/utils/net_rpc.c2005-10-11 18:53:13 UTC (rev 10910) @@ -4610,9 +4610,9 @@ if (NT_STATUS_IS_OK(result)) { d_printf("\nShutdown of remote machine succeeded\n"); DEBUG(5,("Shutdown of remote machine succeeded\n")); - } else - DEBUG(0,("Shutdown of remote machine failed!\n")); - + } else { + DEBUG(1,("Shutdown of remote machine failed!\n")); + } return result; } @@ -4640,7 +4640,7 @@ int argc, const char **argv) { - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + WERROR result; const char *msg = "This machine will be shutdown shortly"; uint32 timeout = 20; #if 0 @@ -4676,16 +4676,19 @@ } /* create an entry */ - result = werror_to_ntstatus(rpccli_reg_shutdown(pipe_hnd, mem_ctx, msg, timeout, opt_reboot, opt_force)); + result = rpccli_reg_shutdown(pipe_hnd, mem_ctx, msg, timeout, opt_reboot, opt_force); - if (NT_STATUS_IS_OK(result)) { + if (W_ERROR_IS_OK(result)) { d_printf("\nShutdown of remote machine succeeded\n"); - DEBUG(5,("Shutdown of remote machine succeeded\n")); + } else { + d_printf("\nShutdown of remote machine failed\n"); + if (W_ERROR_EQUAL(result,WERR_MACHINE_LOCKED)) + d_printf("\nMachine locked, use -f switch to force\n"); + else + d_printf("\nresult was: %s\n", dos_errstr(result)); } - else - DEBUG(0,("Shutdown of remote machine failed!\n")); - return result; + return werror_to_ntstatus(result); } /** @@ -4703,13 +4706,14 @@ int rc = run_rpc_command(NULL, PI_SHUTDOWN, 0, rpc_init_shutdown_internals, argc, argv); - if (rc == 0) - return rc; - DEBUG(1, ("initshutdown pipe didn't work, trying winreg pipe\n")); + if (rc) { + DEBUG(1, ("initshutdown pipe failed, trying winreg pipe\n")); + rc = run_rpc_command(NULL, PI_WINREG, 0, +rpc_reg_shutdown_internals, argc, argv); + } - return run_rpc_command(NULL, PI_WINREG, 0, rpc_reg_shutdown_internals, - argc, argv); + return rc; } /***
svn commit: samba r10909 - in branches/SAMBA_3_0/source: include libsmb utils
Author: jmcd Date: 2005-10-11 18:42:25 + (Tue, 11 Oct 2005) New Revision: 10909 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10909 Log: Give better shutdown messages Modified: branches/SAMBA_3_0/source/include/doserr.h branches/SAMBA_3_0/source/libsmb/doserr.c branches/SAMBA_3_0/source/utils/net_rpc.c Changeset: Modified: branches/SAMBA_3_0/source/include/doserr.h === --- branches/SAMBA_3_0/source/include/doserr.h 2005-10-11 17:36:29 UTC (rev 10908) +++ branches/SAMBA_3_0/source/include/doserr.h 2005-10-11 18:42:25 UTC (rev 10909) @@ -196,6 +196,7 @@ #define WERR_REG_FILE_INVALID W_ERROR(1017) #define WERR_NO_SUCH_SERVICE W_ERROR(1060) #define WERR_INVALID_SERVICE_CONTROL W_ERROR(1052) +#define WERR_MACHINE_LOCKED W_ERROR(1271) #define WERR_INVALID_SECURITY_DESCRIPTOR W_ERROR(1338) #define WERR_SERVER_UNAVAILABLE W_ERROR(1722) #define WERR_INVALID_FORM_NAME W_ERROR(1902) Modified: branches/SAMBA_3_0/source/libsmb/doserr.c === --- branches/SAMBA_3_0/source/libsmb/doserr.c 2005-10-11 17:36:29 UTC (rev 10908) +++ branches/SAMBA_3_0/source/libsmb/doserr.c 2005-10-11 18:42:25 UTC (rev 10909) @@ -66,6 +66,7 @@ { "WERR_DFS_NO_SUCH_SERVER", WERR_DFS_NO_SUCH_SERVER }, { "WERR_DFS_INTERNAL_ERROR", WERR_DFS_INTERNAL_ERROR }, { "WERR_DFS_CANT_CREATE_JUNCT", WERR_DFS_CANT_CREATE_JUNCT }, + { "WERR_MACHINE_LOCKED", WERR_MACHINE_LOCKED }, { "WERR_INVALID_SECURITY_DESCRIPTOR", WERR_INVALID_SECURITY_DESCRIPTOR }, { "WERR_INVALID_OWNER", WERR_INVALID_OWNER }, { "WERR_SERVER_UNAVAILABLE", WERR_SERVER_UNAVAILABLE }, Modified: branches/SAMBA_3_0/source/utils/net_rpc.c === --- branches/SAMBA_3_0/source/utils/net_rpc.c 2005-10-11 17:36:29 UTC (rev 10908) +++ branches/SAMBA_3_0/source/utils/net_rpc.c 2005-10-11 18:42:25 UTC (rev 10909) @@ -4610,9 +4610,9 @@ if (NT_STATUS_IS_OK(result)) { d_printf("\nShutdown of remote machine succeeded\n"); DEBUG(5,("Shutdown of remote machine succeeded\n")); - } else - DEBUG(0,("Shutdown of remote machine failed!\n")); - + } else { + DEBUG(1,("Shutdown of remote machine failed!\n")); + } return result; } @@ -4640,7 +4640,7 @@ int argc, const char **argv) { - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + WERROR result; const char *msg = "This machine will be shutdown shortly"; uint32 timeout = 20; #if 0 @@ -4676,16 +4676,19 @@ } /* create an entry */ - result = werror_to_ntstatus(rpccli_reg_shutdown(pipe_hnd, mem_ctx, msg, timeout, opt_reboot, opt_force)); + result = rpccli_reg_shutdown(pipe_hnd, mem_ctx, msg, timeout, opt_reboot, opt_force); - if (NT_STATUS_IS_OK(result)) { + if (W_ERROR_IS_OK(result)) { d_printf("\nShutdown of remote machine succeeded\n"); - DEBUG(5,("Shutdown of remote machine succeeded\n")); + } else { + d_printf("\nShutdown of remote machine failed\n"); + if (W_ERROR_EQUAL(result,WERR_MACHINE_LOCKED)) + d_printf("\nMachine locked, use -f switch to force\n"); + else + d_printf("\nresult was: %s\n", dos_errstr(result)); } - else - DEBUG(0,("Shutdown of remote machine failed!\n")); - return result; + return werror_to_ntstatus(result); } /** @@ -4703,13 +4706,14 @@ int rc = run_rpc_command(NULL, PI_SHUTDOWN, 0, rpc_init_shutdown_internals, argc, argv); - if (rc == 0) - return rc; - DEBUG(1, ("initshutdown pipe didn't work, trying winreg pipe\n")); + if (rc) { + DEBUG(1, ("initshutdown pipe failed, trying winreg pipe\n")); + rc = run_rpc_command(NULL, PI_WINREG, 0, +rpc_reg_shutdown_internals, argc, argv); + } - return run_rpc_command(NULL, PI_WINREG, 0, rpc_reg_shutdown_internals, - argc, argv); + return rc; } /***
svn commit: samba r10248 - in trunk/source/utils: .
Author: jmcd Date: 2005-09-15 20:41:25 + (Thu, 15 Sep 2005) New Revision: 10248 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10248 Log: Fix help text for net rpc shutdown Modified: trunk/source/utils/net_rpc.c Changeset: Modified: trunk/source/utils/net_rpc.c === --- trunk/source/utils/net_rpc.c2005-09-15 20:39:57 UTC (rev 10247) +++ trunk/source/utils/net_rpc.c2005-09-15 20:41:25 UTC (rev 10248) @@ -6121,7 +6121,7 @@ d_printf("\t-r or --reboot\trequest remote server reboot on shutdown\n"); d_printf("\t-f or --force\trequest the remote server force its shutdown\n"); d_printf("\t-t or --timeout=\tnumber of seconds before shutdown\n"); - d_printf("\t-c or --comment=\ttext message to display on impending shutdown\n"); + d_printf("\t-C or --comment=\ttext message to display on impending shutdown\n"); return -1; }
svn commit: samba r10247 - in branches/SAMBA_3_0/source/utils: .
Author: jmcd Date: 2005-09-15 20:39:57 + (Thu, 15 Sep 2005) New Revision: 10247 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10247 Log: Fix help text for net rpc shutdown. Modified: branches/SAMBA_3_0/source/utils/net_rpc.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_rpc.c === --- branches/SAMBA_3_0/source/utils/net_rpc.c 2005-09-15 20:03:35 UTC (rev 10246) +++ branches/SAMBA_3_0/source/utils/net_rpc.c 2005-09-15 20:39:57 UTC (rev 10247) @@ -4469,7 +4469,10 @@ if (opt_comment) { msg = opt_comment; + } else { + msg = ""; } + if (opt_timeout) { timeout = opt_timeout; } @@ -5965,7 +5968,7 @@ d_printf("\t-r or --reboot\trequest remote server reboot on shutdown\n"); d_printf("\t-f or --force\trequest the remote server force its shutdown\n"); d_printf("\t-t or --timeout=\tnumber of seconds before shutdown\n"); - d_printf("\t-c or --comment=\ttext message to display on impending shutdown\n"); + d_printf("\t-C or --comment=\ttext message to display on impending shutdown\n"); return -1; }
svn commit: samba-web r794 - in trunk/patches: .
Author: jmcd Date: 2005-08-29 21:20:56 + (Mon, 29 Aug 2005) New Revision: 794 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=794 Log: Fix typos. Modified: trunk/patches/index.html Changeset: Modified: trunk/patches/index.html === --- trunk/patches/index.html2005-08-29 21:06:08 UTC (rev 793) +++ trunk/patches/index.html2005-08-29 21:20:56 UTC (rev 794) @@ -49,9 +49,9 @@ group_enum_v3 (ldap) -Fixes a regression in which groups in the mapping table where displayed by the -Unix group name and no the display name (e.g. ntadmin rather that 'Domain Admins'). -Only neede for installations using the ldapsam passdb backend. +Fixes a regression in which groups in the mapping table were displayed by the +Unix group name and not the display name (e.g. ntadmin rather that 'Domain Admins'). +Only needed for installations using the ldapsam passdb backend. AIX 5 & Win98 endless directory loop
svn commit: samba r9262 - in trunk/source/rpc_server: .
Author: jmcd Date: 2005-08-12 15:28:21 + (Fri, 12 Aug 2005) New Revision: 9262 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9262 Log: Fix #2976: windows member servers wouldn't alloc connections from users defined locally because if we didn't find them as a DC we were marking the response as authoritative. Now if it's not a domain we know, we mark the response non-authoritative. Fix from [EMAIL PROTECTED] Modified: trunk/source/rpc_server/srv_netlog_nt.c Changeset: Modified: trunk/source/rpc_server/srv_netlog_nt.c === --- trunk/source/rpc_server/srv_netlog_nt.c 2005-08-12 15:28:19 UTC (rev 9261) +++ trunk/source/rpc_server/srv_netlog_nt.c 2005-08-12 15:28:21 UTC (rev 9262) @@ -716,6 +716,15 @@ /* Check account and password */ if (!NT_STATUS_IS_OK(status)) { + /* If we don't know what this domain is, we need to + indicate that we are not authoritative. This + allows the client to decide if it needs to try + a local user. Fix by [EMAIL PROTECTED], #2976 */ +if ( NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER) +&& !strequal(nt_domain, get_global_sam_name()) +&& !is_trusted_domain(nt_domain) ) + r_u->auth_resp = 0; /* We are not authoritative */ + free_server_info(&server_info); return status; }
svn commit: samba r9261 - in branches/SAMBA_3_0/source/rpc_server: .
Author: jmcd Date: 2005-08-12 15:28:19 + (Fri, 12 Aug 2005) New Revision: 9261 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9261 Log: Fix #2976: windows member servers wouldn't alloc connections from users defined locally because if we didn't find them as a DC we were marking the response as authoritative. Now if it's not a domain we know, we mark the response non-authoritative. Fix from [EMAIL PROTECTED] Modified: branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c2005-08-12 09:51:40 UTC (rev 9260) +++ branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c2005-08-12 15:28:19 UTC (rev 9261) @@ -716,6 +716,15 @@ /* Check account and password */ if (!NT_STATUS_IS_OK(status)) { + /* If we don't know what this domain is, we need to + indicate that we are not authoritative. This + allows the client to decide if it needs to try + a local user. Fix by [EMAIL PROTECTED], #2976 */ +if ( NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER) +&& !strequal(nt_domain, get_global_sam_name()) +&& !is_trusted_domain(nt_domain) ) + r_u->auth_resp = 0; /* We are not authoritative */ + free_server_info(&server_info); return status; }
svn commit: samba r9243 - in trunk/source/rpc_server: .
Author: jmcd Date: 2005-08-11 19:46:19 + (Thu, 11 Aug 2005) New Revision: 9243 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9243 Log: Fix my fix for #2953. I'd moved too much code until after we verify the user, causing netlogon to return an invalid response for failed interactive logons. Modified: trunk/source/rpc_server/srv_netlog_nt.c Changeset: Modified: trunk/source/rpc_server/srv_netlog_nt.c === --- trunk/source/rpc_server/srv_netlog_nt.c 2005-08-11 19:45:53 UTC (rev 9242) +++ trunk/source/rpc_server/srv_netlog_nt.c 2005-08-11 19:46:19 UTC (rev 9243) @@ -606,6 +606,9 @@ if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->sam_id.client.cred, &srv_cred))) return NT_STATUS_INVALID_HANDLE; + r_u->buffer_creds = 1; /* yes, we have valid server credentials */ + memcpy(&r_u->srv_creds, &srv_cred, sizeof(r_u->srv_creds)); + /* find the username */ switch (q_u->sam_id.logon_level) { @@ -723,9 +726,6 @@ reseed_client_creds(&p->dc.clnt_cred, &q_u->sam_id.client.cred); memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred)); - r_u->buffer_creds = 1; /* yes, we have valid server credentials */ - memcpy(&r_u->srv_creds, &srv_cred, sizeof(r_u->srv_creds)); - if (server_info->guest) { /* We don't like guest domain logons... */ DEBUG(5,("_net_sam_logon: Attempted domain logon as GUEST denied.\n"));
svn commit: samba r9242 - in branches/SAMBA_3_0/source/rpc_server: .
Author: jmcd Date: 2005-08-11 19:45:53 + (Thu, 11 Aug 2005) New Revision: 9242 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9242 Log: Fix my fix for #2953. I'd moved too much code until after we verify the user, causing netlogon to return an invalid response for failed interactive logons. Modified: branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c2005-08-11 18:23:01 UTC (rev 9241) +++ branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c2005-08-11 19:45:53 UTC (rev 9242) @@ -606,6 +606,9 @@ if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->sam_id.client.cred, &srv_cred))) return NT_STATUS_INVALID_HANDLE; + r_u->buffer_creds = 1; /* yes, we have valid server credentials */ + memcpy(&r_u->srv_creds, &srv_cred, sizeof(r_u->srv_creds)); + /* find the username */ switch (q_u->sam_id.logon_level) { @@ -723,9 +726,6 @@ reseed_client_creds(&p->dc.clnt_cred, &q_u->sam_id.client.cred); memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred)); - r_u->buffer_creds = 1; /* yes, we have valid server credentials */ - memcpy(&r_u->srv_creds, &srv_cred, sizeof(r_u->srv_creds)); - if (server_info->guest) { /* We don't like guest domain logons... */ DEBUG(5,("_net_sam_logon: Attempted domain logon as GUEST denied.\n"));
svn commit: samba r9113 - in trunk/source: libsmb rpc_server
Author: jmcd Date: 2005-08-05 12:33:03 + (Fri, 05 Aug 2005) New Revision: 9113 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9113 Log: Fix #2953 - credentials chain on DC gets out of sync with client when NT_STATUS_NO_USER returned. We were moving to the next step in the chain when the client wasn't. Only update when the user logs on. Modified: trunk/source/libsmb/credentials.c trunk/source/rpc_server/srv_netlog_nt.c Changeset: Modified: trunk/source/libsmb/credentials.c === --- trunk/source/libsmb/credentials.c 2005-08-05 12:33:00 UTC (rev 9112) +++ trunk/source/libsmb/credentials.c 2005-08-05 12:33:03 UTC (rev 9113) @@ -208,8 +208,36 @@ DEBUG(5,("deal_with_creds: clnt_cred=%s\n", credstr(sto_clnt_cred->challenge.data))); - /* store new seed in client credentials */ - SIVAL(sto_clnt_cred->challenge.data, 0, new_cred); + /* Bug #2953 - don't store new seed in client credentials + here, because we need to make sure we're moving forward first +*/ return True; } + +/* + stores new seed in client credentials + jmcd - Bug #2953 - moved this functionality out of deal_with_creds, because we're + not supposed to move to the next step in the chain if a nonexistent user tries to logon +*/ +void reseed_client_creds(DOM_CRED *sto_clnt_cred, DOM_CRED *rcv_clnt_cred) +{ + UTIME new_clnt_time; + uint32 new_cred; + + /* increment client time by one second */ + new_clnt_time.time = rcv_clnt_cred->timestamp.time + 1; + + /* first 4 bytes of the new seed is old client 4 bytes + clnt time + 1 */ + new_cred = IVAL(sto_clnt_cred->challenge.data, 0); + new_cred += new_clnt_time.time; + + DEBUG(5,("reseed_client_creds: new_cred[0]=%x\n", new_cred)); + DEBUG(5,("reseed_client_creds: new_clnt_time=%x\n", +new_clnt_time.time)); + DEBUG(5,("reseed_client_creds: clnt_cred=%s\n", +credstr(sto_clnt_cred->challenge.data))); + + /* store new seed in client credentials */ + SIVAL(sto_clnt_cred->challenge.data, 0, new_cred); +} Modified: trunk/source/rpc_server/srv_netlog_nt.c === --- trunk/source/rpc_server/srv_netlog_nt.c 2005-08-05 12:33:00 UTC (rev 9112) +++ trunk/source/rpc_server/srv_netlog_nt.c 2005-08-05 12:33:03 UTC (rev 9113) @@ -449,6 +449,7 @@ if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->clnt_id.cred, &srv_cred))) return NT_STATUS_INVALID_HANDLE; + reseed_client_creds(&p->dc.clnt_cred, &q_u->clnt_id.cred); memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred)); DEBUG(5,("_net_srv_pwset: %d\n", __LINE__)); @@ -545,6 +546,8 @@ &q_u->sam_id.client.cred, &srv_cred))) return NT_STATUS_INVALID_HANDLE; + /* what happens if we get a logoff for an unknown user? */ + reseed_client_creds(&p->dc.clnt_cred, &q_u->sam_id.client.cred); memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred)); /* maybe we want to say 'no', reject the client's credentials */ @@ -603,11 +606,6 @@ if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->sam_id.client.cred, &srv_cred))) return NT_STATUS_INVALID_HANDLE; - memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred)); - - r_u->buffer_creds = 1; /* yes, we have valid server credentials */ - memcpy(&r_u->srv_creds, &srv_cred, sizeof(r_u->srv_creds)); - /* find the username */ switch (q_u->sam_id.logon_level) { @@ -719,6 +717,15 @@ return status; } + /* moved from right after deal_with_creds above, since we weren't + supposed to update unless logon was successful */ + + reseed_client_creds(&p->dc.clnt_cred, &q_u->sam_id.client.cred); + memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred)); + + r_u->buffer_creds = 1; /* yes, we have valid server credentials */ + memcpy(&r_u->srv_creds, &srv_cred, sizeof(r_u->srv_creds)); + if (server_info->guest) { /* We don't like guest domain logons... */ DEBUG(5,("_net_sam_logon: Attempted domain logon as GUEST denied.\n"));
svn commit: samba r9112 - in branches/SAMBA_3_0/source: libsmb rpc_server
Author: jmcd Date: 2005-08-05 12:33:00 + (Fri, 05 Aug 2005) New Revision: 9112 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9112 Log: Fix #2953 - credentials chain on DC gets out of sync with client when NT_STATUS_NO_USER returned. We were moving to the next step in the chain when the client wasn't. Only update when the user logs on. Modified: branches/SAMBA_3_0/source/libsmb/credentials.c branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/credentials.c === --- branches/SAMBA_3_0/source/libsmb/credentials.c 2005-08-05 11:56:02 UTC (rev 9111) +++ branches/SAMBA_3_0/source/libsmb/credentials.c 2005-08-05 12:33:00 UTC (rev 9112) @@ -208,8 +208,36 @@ DEBUG(5,("deal_with_creds: clnt_cred=%s\n", credstr(sto_clnt_cred->challenge.data))); - /* store new seed in client credentials */ - SIVAL(sto_clnt_cred->challenge.data, 0, new_cred); + /* Bug #2953 - don't store new seed in client credentials + here, because we need to make sure we're moving forward first +*/ return True; } + +/* + stores new seed in client credentials + jmcd - Bug #2953 - moved this functionality out of deal_with_creds, because we're + not supposed to move to the next step in the chain if a nonexistent user tries to logon +*/ +void reseed_client_creds(DOM_CRED *sto_clnt_cred, DOM_CRED *rcv_clnt_cred) +{ + UTIME new_clnt_time; + uint32 new_cred; + + /* increment client time by one second */ + new_clnt_time.time = rcv_clnt_cred->timestamp.time + 1; + + /* first 4 bytes of the new seed is old client 4 bytes + clnt time + 1 */ + new_cred = IVAL(sto_clnt_cred->challenge.data, 0); + new_cred += new_clnt_time.time; + + DEBUG(5,("reseed_client_creds: new_cred[0]=%x\n", new_cred)); + DEBUG(5,("reseed_client_creds: new_clnt_time=%x\n", +new_clnt_time.time)); + DEBUG(5,("reseed_client_creds: clnt_cred=%s\n", +credstr(sto_clnt_cred->challenge.data))); + + /* store new seed in client credentials */ + SIVAL(sto_clnt_cred->challenge.data, 0, new_cred); +} Modified: branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c2005-08-05 11:56:02 UTC (rev 9111) +++ branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c2005-08-05 12:33:00 UTC (rev 9112) @@ -449,6 +449,7 @@ if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->clnt_id.cred, &srv_cred))) return NT_STATUS_INVALID_HANDLE; + reseed_client_creds(&p->dc.clnt_cred, &q_u->clnt_id.cred); memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred)); DEBUG(5,("_net_srv_pwset: %d\n", __LINE__)); @@ -545,6 +546,8 @@ &q_u->sam_id.client.cred, &srv_cred))) return NT_STATUS_INVALID_HANDLE; + /* what happens if we get a logoff for an unknown user? */ + reseed_client_creds(&p->dc.clnt_cred, &q_u->sam_id.client.cred); memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred)); /* maybe we want to say 'no', reject the client's credentials */ @@ -603,11 +606,6 @@ if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->sam_id.client.cred, &srv_cred))) return NT_STATUS_INVALID_HANDLE; - memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred)); - - r_u->buffer_creds = 1; /* yes, we have valid server credentials */ - memcpy(&r_u->srv_creds, &srv_cred, sizeof(r_u->srv_creds)); - /* find the username */ switch (q_u->sam_id.logon_level) { @@ -719,6 +717,15 @@ return status; } + /* moved from right after deal_with_creds above, since we weren't + supposed to update unless logon was successful */ + + reseed_client_creds(&p->dc.clnt_cred, &q_u->sam_id.client.cred); + memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred)); + + r_u->buffer_creds = 1; /* yes, we have valid server credentials */ + memcpy(&r_u->srv_creds, &srv_cred, sizeof(r_u->srv_creds)); + if (server_info->guest) { /* We don't like guest domain logons... */ DEBUG(5,("_net_sam_logon: Attempted domain logon as GUEST denied.\n"));