chgpasswd.c: Fixed typo in debug message.
includes.h: Fix include for aix.
kanji.c: Added cap_to_sj as inverse of sj_to_cap.
loadparm.c:
local.h:
password.c: Added code for "networkstation user login" parameter.
- patch from Rob Nielsen <ran@adc.com>.
printing.c: Added further aix printing fixes.
reply.c: Changed access time fetch to a function.
trans2.c: Changed access time fetch to a function.
time.c: Changed access time fetch to a function.
server.c: Made NT redirector workaround final.
util.c: Added debug for write_socket failing.
Jeremy.
#include <sys/vfs.h>
#include <sys/id.h>
#include <sys/priv.h>
+/* According to AIX 4.1 man pages, inet_ntoa needs the following headers */
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
#include <netinet/tcp.h>
#include <locale.h>
-#include <arpa/inet.h> /* needed for inet_ntoa proto */
#define SYSV
#define USE_WAITPID
#define USE_SIGBLOCK
refer to the special "printers" service */
#define PRINTERS_NAME "printers"
-/* this affects server level security. With this set (recommended)
- samba will do a full NetWkstaUserLogon to confirm that the client
- really should have login rights. This can cause problems with
- machines in trust relationships in which case you can disable it
- here, but be warned, we have heard that some NT machines will then
- allow anyone in with any password! Make sure you test it. */
-#ifndef USE_NETWKSTAUSERLOGON
-#define USE_NETWKSTAUSERLOGON 1
-#endif
-
/* define what facility to use for syslog */
#ifndef SYSLOG_FACILITY
#define SYSLOG_FACILITY LOG_DAEMON
MAX_CONNECTIONS services, but any number of machines may connect at
one time. */
#define MAX_CONNECTIONS 127
-#define MAX_OPEN_FILES 100
+#define MAX_OPEN_FILES 10
/* Default size of shared memory used for share mode locking */
#ifndef SHMEM_SIZE
BOOL lp_nis_home_map(void);
BOOL lp_time_server(void);
BOOL lp_bind_interfaces_only(void);
+BOOL lp_net_wksta_user_logon(void);
int lp_os_level(void);
int lp_max_ttl(void);
int lp_max_wins_ttl(void);
time_t make_unix_date3(void *date_ptr);
char *timestring(void );
time_t get_create_time(struct stat *st);
+time_t get_access_time(struct stat *st);
/*The following definitions come from trans2.c */
}
/*******************************************************************
- kanji/kana -> ":xx"
+ CAP <-> SJIS
+********************************************************************/
+/* ":xx" CAP -> a byte */
+static char *cap_to_sj(char *from, BOOL overwrite)
+{
+ char *sp, *dp;
+
+ sp = (char *) from;
+ dp = cvtbuf;
+ while (*sp) {
+ /*
+ * The only change between this and hex_to_sj is here. sj_to_cap only
+ * translates characters greater or equal to 0x80 - make sure that here
+ * we only do the reverse (that's why the strchr is used rather than
+ * isxdigit. Based on fix from ado@elsie.nci.nih.gov (Arthur David Olson).
+ */
+ if (*sp == hex_tag && (strchr ("89abcdefABCDEF", sp[1]) != NULL) && isxdigit (sp[2])) {
+ *dp++ = (hex2bin (sp[1])<<4) | (hex2bin (sp[2]));
+ sp += 3;
+ } else
+ *dp++ = *sp++;
+ }
+ *dp = '\0';
+ if (overwrite) {
+ strcpy ((char *) from, (char *) cvtbuf);
+ return (char *) from;
+ } else {
+ return cvtbuf;
+ }
+}
+
+/*******************************************************************
+ kanji/kana -> ":xx" - CAP format.
********************************************************************/
static char *sj_to_cap(char *from, BOOL overwrite)
{
case CAP_CODE:
_dos_to_unix = sj_to_cap;
- _unix_to_dos = hex_to_sj;
+ _unix_to_dos = cap_to_sj;
break;
}
return codes;
*/
return ret;
}
+
+/****************************************************************************
+ return the 'access time' under UNIX from a stat structure.
+ This function exists to allow modifications to be done depending
+ on what we want to return. Just return the normal atime (for now).
+****************************************************************************/
+
+time_t get_access_time(struct stat *st)
+{
+ return st->st_atime;
+}
ret = write_data(fd,buf,len);
DEBUG(6,("write_socket(%d,%d) wrote %d\n",fd,len,ret));
+ if(ret <= 0)
+ DEBUG(0,("write_socket: Error writing %d bytes to socket %d: ERRNO = %s\n",
+ len, fd, strerror(errno) ));
+
return(ret);
}
BOOL bNISHomeMap;
BOOL bTimeServer;
BOOL bBindInterfacesOnly;
+ BOOL bNetWkstaUserLogon;
} global;
static global Globals;
{"strip dot", P_BOOL, P_GLOBAL, &Globals.bStripDot, NULL, NULL},
{"interfaces", P_STRING, P_GLOBAL, &Globals.szInterfaces, NULL, NULL},
{"bind interfaces only", P_BOOL,P_GLOBAL, &Globals.bBindInterfacesOnly,NULL, NULL},
+ {"networkstation user login", P_BOOL,P_GLOBAL, &Globals.bNetWkstaUserLogon,NULL, NULL},
{"password server", P_STRING, P_GLOBAL, &Globals.szPasswordServer, NULL, NULL},
{"socket options", P_GSTRING, P_GLOBAL, user_socket_options, NULL, NULL},
{"netbios name", P_UGSTRING,P_GLOBAL, myname, NULL, NULL},
Globals.client_code_page = DEFAULT_CLIENT_CODE_PAGE;
Globals.bTimeServer = False;
Globals.bBindInterfacesOnly = False;
+ Globals.bNetWkstaUserLogon = True;
/* these parameters are set to defaults that are more appropriate
for the increasing samba install base:
FN_GLOBAL_BOOL(lp_nis_home_map,&Globals.bNISHomeMap)
FN_GLOBAL_BOOL(lp_time_server,&Globals.bTimeServer)
FN_GLOBAL_BOOL(lp_bind_interfaces_only,&Globals.bBindInterfacesOnly)
+FN_GLOBAL_BOOL(lp_net_wksta_user_logon,&Globals.bNetWkstaUserLogon)
FN_GLOBAL_INTEGER(lp_os_level,&Globals.os_level)
FN_GLOBAL_INTEGER(lp_max_ttl,&Globals.max_ttl)
/* we must get 6 tokens */
if (count < 10)
{
- if ((count == 7) && (strcmp(tok[0],"QUEUED") == 0))
+ if ((count == 7) && ((strcmp(tok[0],"QUEUED") == 0) || (strcmp(tok[0],"HELD") == 0)))
{
/* the 2nd and 5th columns must be integer */
if (!isdigit(*tok[1]) || !isdigit(*tok[4])) return(False);
buf->job = atoi(tok[1]);
- buf->status = LPQ_QUEUED;
+ buf->status = strequal(tok[0],"HELD")?LPQ_PAUSED:LPQ_QUEUED;
buf->priority = 0;
buf->time = time(NULL);
StrnCpy(buf->user,tok[3],sizeof(buf->user)-1);
/* Check that the two old passwords match. */
if(memcmp(smbpw->smb_passwd, unenc_old_pw, 16))
{
- DEBUG(0,("check_lanman_password: old password doens't match.\n"));
+ DEBUG(0,("check_lanman_password: old password doesn't match.\n"));
return False;
}
* Assumes local passwd file is kept in sync w/ DCE RGY!
*/
- if (!strcmp((char *)crypt(password,this_salt),this_crypted) ||
- dcelogin_atmost_once)
- return(False);
+ /* Fix for original (broken) code from Brett Wooldridge <brettw@austin.ibm.com> */
+ if (dce_login_atmost_once)
+ return (False);
+ /* This can be ifdefed as the DCE check below is stricter... */
+#ifndef NO_CRYPT
+ if ( strcmp((char *)crypt(password,this_salt),this_crypted) )
+ return (False);
+#endif
if (sec_login_setup_identity(
(unsigned char *)this_user,
return False;
}
+ /*
+ * This patch from Rob Nielsen <ran@adc.com> makes doing
+ * the NetWksaUserLogon a dynamic, rather than compile-time
+ * parameter, defaulting to on. This is somewhat dangerous
+ * as it allows people to turn off this neccessary check,
+ * but so many people have had problems with this that I
+ * think it is a neccessary change. JRA.
+ */
+
+ if (lp_net_wksta_user_logon()) {
+ DEBUG(3,("trying NetWkstaUserLogon with password server %s\n", cli.desthost));
+ if (!cli_NetWkstaUserLogon(&cli,user,local_machine)) {
+ DEBUG(1,("password server %s failed NetWkstaUserLogon\n", cli.desthost));
+ cli_tdis(&cli);
+ return False;
+ }
-#if USE_NETWKSTAUSERLOGON
- if (!cli_NetWkstaUserLogon(&cli,user,local_machine)) {
- DEBUG(1,("password server %s failed NetWkstaUserLogon\n", cli.desthost));
- cli_tdis(&cli);
- return False;
- }
-
- if (cli.privilages == 0) {
- DEBUG(1,("password server %s gave guest privilages\n", cli.desthost));
- cli_tdis(&cli);
- return False;
- }
+ if (cli.privilages == 0) {
+ DEBUG(1,("password server %s gave guest privilages\n", cli.desthost));
+ cli_tdis(&cli);
+ return False;
+ }
- if (!strequal(cli.eff_name, user)) {
- DEBUG(1,("password server %s gave different username %s\n",
- cli.desthost,
- cli.eff_name));
- cli_tdis(&cli);
- return False;
+ if (!strequal(cli.eff_name, user)) {
+ DEBUG(1,("password server %s gave different username %s\n",
+ cli.desthost,
+ cli.eff_name));
+ cli_tdis(&cli);
+ return False;
+ }
}
-#endif
+ else {
+ DEBUG(3,("skipping NetWkstaUserLogon with password server %s\n", cli.desthost));
+ }
DEBUG(3,("password server %s accepted the password\n", cli.desthost));
date to be last modify date as UNIX doesn't save
this */
put_dos_date2(outbuf,smb_vwv0,get_create_time(&sbuf));
- put_dos_date2(outbuf,smb_vwv2,sbuf.st_atime);
+ put_dos_date2(outbuf,smb_vwv2,get_access_time(&sbuf));
put_dos_date2(outbuf,smb_vwv4,sbuf.st_mtime);
if (mode & aDIR)
{
{
DEBUG(0,("check_file_sharing: NT redirector workaround - rename attempted on \
batch oplocked file %s, dev = %x, inode = %x\n", fname, dev, inode));
-#if 0
/*
* This next line is a test that allows the deny-mode
- * processing to be skipped. JRA.
+ * processing to be skipped. This seems to be needed as
+ * NT insists on the rename succeeding (in Office 9x no less !).
+ * This should be removed as soon as (a) MS fix the redirector
+ * bug or (b) NT SMB support in Samba makes NT not issue the
+ * call (as is my fervent hope). JRA.
*/
continue;
-#endif
}
else
{
size = sbuf.st_size;
mdate = sbuf.st_mtime;
- adate = sbuf.st_atime;
+ adate = get_access_time(&sbuf);
cdate = get_create_time(&sbuf);
if(mode & aDIR)
size = 0;
case SMB_INFO_QUERY_EA_SIZE:
data_size = (info_level==1?22:26);
put_dos_date2(pdata,l1_fdateCreation,get_create_time(&sbuf));
- put_dos_date2(pdata,l1_fdateLastAccess,sbuf.st_atime); /* access time */
+ put_dos_date2(pdata,l1_fdateLastAccess,get_access_time(&sbuf));
put_dos_date2(pdata,l1_fdateLastWrite,sbuf.st_mtime); /* write time */
SIVAL(pdata,l1_cbFile,size);
SIVAL(pdata,l1_cbFileAlloc,ROUNDUP(size,1024));
case SMB_INFO_QUERY_EAS_FROM_LIST:
data_size = 24;
put_dos_date2(pdata,0,get_create_time(&sbuf));
- put_dos_date2(pdata,4,sbuf.st_atime);
+ put_dos_date2(pdata,4,get_access_time(&sbuf));
put_dos_date2(pdata,8,sbuf.st_mtime);
SIVAL(pdata,12,size);
SIVAL(pdata,16,ROUNDUP(size,1024));
case SMB_QUERY_FILE_BASIC_INFO:
data_size = 36; /* w95 returns 40 bytes not 36 - why ?. */
put_long_date(pdata,get_create_time(&sbuf));
- put_long_date(pdata+8,sbuf.st_atime); /* access time */
+ put_long_date(pdata+8,get_access_time(&sbuf));
put_long_date(pdata+16,sbuf.st_mtime); /* write time */
put_long_date(pdata+24,sbuf.st_mtime); /* change time */
SIVAL(pdata,32,mode);
{
time_t create_time = get_create_time(&sbuf);
DEBUG(5,("create: %s ", ctime(&create_time)));
+ create_time = get_access_time(&sbuf);
+ DEBUG(5,("access: %s ", ctime(&create_time)));
}
- DEBUG(5,("access: %s ", ctime(&sbuf.st_atime)));
DEBUG(5,("write: %s ", ctime(&sbuf.st_mtime)));
DEBUG(5,("change: %s ", ctime(&sbuf.st_mtime)));
DEBUG(5,("mode: %x\n", mode));
case SMB_QUERY_FILE_ALL_INFO:
put_long_date(pdata,get_create_time(&sbuf));
- put_long_date(pdata+8,sbuf.st_atime); /* access time */
+ put_long_date(pdata+8,get_access_time(&sbuf));
put_long_date(pdata+16,sbuf.st_mtime); /* write time */
put_long_date(pdata+24,sbuf.st_mtime); /* change time */
SIVAL(pdata,32,mode);
git.samba.org / samba.git / commitdiff