install -m 755 source/bin/libsmbclient.so $RPM_BUILD_ROOT%{_libdir}/libsmbclient.so
install -m 755 source/bin/libsmbclient.a $RPM_BUILD_ROOT%{_libdir}/libsmbclient.a
install -m 644 source/include/libsmbclient.h $RPM_BUILD_ROOT%{_includedir}
+rm -f $RPM_BUILD_ROOT%{_libdir}/samba/libsmbclient.*
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d
install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d/swat
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
-SAMBA_VERSION_RC_RELEASE=2
+SAMBA_VERSION_RC_RELEASE=
########################################################
# To mark SVN snapshots this should be set to 'yes' #
lm_pw, nt_pw, user_sess_key, lm_sess_key);
}
+/****************************************************************************
+ Check if a user is allowed to logon at this time. Note this is the
+ servers local time, as logon hours are just specified as a weekly
+ bitmask.
+****************************************************************************/
+
+static BOOL logon_hours_ok(SAM_ACCOUNT *sampass)
+{
+ /* In logon hours first bit is Sunday from 12AM to 1AM */
+ extern struct timeval smb_last_time;
+ const uint8 *hours;
+ struct tm *utctime;
+ uint8 bitmask, bitpos;
+
+ hours = pdb_get_hours(sampass);
+ if (!hours) {
+ DEBUG(5,("logon_hours_ok: No hours restrictions for user %s\n",pdb_get_username(sampass)));
+ return True;
+ }
+
+ utctime = localtime(&smb_last_time.tv_sec);
+
+ /* find the corresponding byte and bit */
+ bitpos = (utctime->tm_wday * 24 + utctime->tm_hour) % 168;
+ bitmask = 1 << (bitpos % 8);
+
+ if (! (hours[bitpos/8] & bitmask)) {
+ DEBUG(1,("logon_hours_ok: Account for user %s not allowed to logon at this time (%s).\n",
+ pdb_get_username(sampass), asctime(utctime) ));
+ return False;
+ }
+
+ DEBUG(5,("logon_hours_ok: user %s allowed to logon at this time (%s)\n",
+ pdb_get_username(sampass), asctime(utctime) ));
+
+ return True;
+}
/****************************************************************************
Do a specific test for a SAM_ACCOUNT being vaild for this connection
return NT_STATUS_ACCOUNT_LOCKED_OUT;
}
+ /* Quit if the account is not allowed to logon at this time. */
+ if (! logon_hours_ok(sampass)) {
+ return NT_STATUS_INVALID_LOGON_HOURS;
+ }
+
/* Test account expire time */
kickoff_time = pdb_get_kickoff_time(sampass);
krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes);
void free_kerberos_etypes(krb5_context context, krb5_enctype *enctypes);
BOOL get_krb5_smb_session_key(krb5_context context, krb5_auth_context auth_context, DATA_BLOB *session_key, BOOL remote);
+krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry);
#endif /* HAVE_KRB5 */
*/
#include "includes.h"
+/* We can parameterize this if someone complains.... JRA. */
+
+char lp_failed_convert_char(void)
+{
+ return '_';
+}
+
/**
* @file
*
return destlen - o_len;
if (from == CH_UCS2 && to != CH_UCS2) {
- /* Can't convert from ucs2 to multibyte. Just truncate this char to ascii. */
+ /* Can't convert from ucs2 to multibyte. Replace with the default fail char. */
if (i_len < 2)
return destlen - o_len;
if (i_len >= 2) {
- *outbuf = inbuf[0];
+ *outbuf = lp_failed_convert_char();
outbuf++;
o_len--;
goto again;
} else if (from != CH_UCS2 && to == CH_UCS2) {
- /* Can't convert to ucs2 - just widen by adding zero. */
+ /* Can't convert to ucs2 - just widen by adding the default fail char then zero. */
if (o_len < 2)
return destlen - o_len;
- outbuf[0] = inbuf[0];
+ outbuf[0] = lp_failed_convert_char();
outbuf[1] = '\0';
inbuf++;
goto again;
} else if (from != CH_UCS2 && to != CH_UCS2) {
- /* Failed multibyte to multibyte. Just copy 1 char and
+ /* Failed multibyte to multibyte. Just copy the default fail char and
try again. */
- outbuf[0] = inbuf[0];
+ outbuf[0] = lp_failed_convert_char();
inbuf++;
i_len--;
goto out;
if (from == CH_UCS2 && to != CH_UCS2) {
- /* Can't convert from ucs2 to multibyte. Just truncate this char to ascii. */
+ /* Can't convert from ucs2 to multibyte. Just use the default fail char. */
if (i_len < 2)
goto out;
if (i_len >= 2) {
- *outbuf = inbuf[0];
+ *outbuf = lp_failed_convert_char();
outbuf++;
o_len--;
goto again;
} else if (from != CH_UCS2 && to == CH_UCS2) {
- /* Can't convert to ucs2 - just widen by adding zero. */
+ /* Can't convert to ucs2 - just widen by adding the default fail char then zero. */
if (o_len < 2)
goto out;
- outbuf[0] = inbuf[0];
+ outbuf[0] = lp_failed_convert_char();
outbuf[1] = '\0';
inbuf++;
goto again;
} else if (from != CH_UCS2 && to != CH_UCS2) {
- /* Failed multibyte to multibyte. Just copy 1 char and
+ /* Failed multibyte to multibyte. Just copy the default fail char and
try again. */
- outbuf[0] = inbuf[0];
+ outbuf[0] = lp_failed_convert_char();
inbuf++;
i_len--;
#ifdef HAVE_KRB5
+#if !defined(HAVE_KRB5_PRINC_COMPONENT)
+const krb5_data *krb5_princ_component(krb5_context, krb5_principal, int );
+#endif
+
/**********************************************************************************
Try to verify a ticket using the system keytab... the system keytab has kvno -1 entries, so
it's more like what microsoft does... see comment in utils/net_ads.c in the
return (_lp_use_sendfile(snum) && (get_remote_arch() != RA_WIN95) && !srv_is_signing_active());
}
+/*******************************************************************
+ Turn off sendfile if we find the underlying OS doesn't support it.
+********************************************************************/
+
+void set_use_sendfile(int snum, BOOL val)
+{
+ if (LP_SNUM_OK(snum))
+ ServicePtrs[snum]->bUseSendfile = val;
+ else
+ sDefault.bUseSendfile = val;
+}
+
/*******************************************************************
Turn off storing DOS attributes if this share doesn't support it.
********************************************************************/
uint8 *pwhist = NULL;
int i;
- if ((pwhist = malloc(NT_HASH_LEN * pwHistLen)) == NULL){
+ if ((pwhist = malloc(pwHistLen * PW_HISTORY_ENTRY_LEN)) == NULL){
DEBUG(0, ("init_sam_from_ldap: malloc failed!\n"));
return False;
}
- memset(pwhist, '\0', NT_HASH_LEN * pwHistLen);
+ memset(pwhist, '\0', pwHistLen * PW_HISTORY_ENTRY_LEN);
if (!smbldap_get_single_pstring (ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_HISTORY), temp)) {
/* leave as default - zeros */
} else {
+ BOOL hex_failed = False;
for (i = 0; i < pwHistLen; i++){
- if (!pdb_gethexpwd(&temp[i*32], smbntpwd)) {
+ /* Get the 16 byte salt. */
+ if (!pdb_gethexpwd(&temp[i*64], &pwhist[i*PW_HISTORY_ENTRY_LEN])) {
+ hex_failed = True;
break;
}
- memset(&temp[i*32], '\0', 32);
- memcpy(&pwhist[i*NT_HASH_LEN], smbntpwd, NT_HASH_LEN);
- ZERO_STRUCT(smbntpwd);
+ /* Get the 16 byte MD5 hash of salt+passwd. */
+ if (!pdb_gethexpwd(&temp[(i*64)+32],
+ &pwhist[(i*PW_HISTORY_ENTRY_LEN)+PW_HISTORY_SALT_LEN])) {
+ hex_failed = True;
+ break;
+ }
+ }
+ if (hex_failed) {
+ DEBUG(0,("init_sam_from_ldap: Failed to get password history for user %s\n",
+ username));
+ memset(pwhist, '\0', pwHistLen * PW_HISTORY_ENTRY_LEN);
}
}
if (!pdb_set_pw_history(sampass, pwhist, pwHistLen, PDB_SET)){
account_policy_get(AP_PASSWORD_HISTORY, &pwHistLen);
if (pwHistLen == 0) {
/* Remove any password history from the LDAP store. */
- pstrcpy(temp, "00000000000000000000000000000000");
+ memset(temp, '0', 64); /* NOTE !!!! '0' *NOT '\0' */
+ temp[64] = '\0';
} else {
int i, currHistLen = 0;
const uint8 *pwhist = pdb_get_pw_history(sampass, &currHistLen);
if (pwhist != NULL) {
- /* We can only store (sizeof(pstring)-1)/32 password history entries. */
- pwHistLen = MIN(pwHistLen, ((sizeof(temp)-1)/32));
+ /* We can only store (sizeof(pstring)-1)/64 password history entries. */
+ pwHistLen = MIN(pwHistLen, ((sizeof(temp)-1)/64));
for (i=0; i< pwHistLen && i < currHistLen; i++) {
- pdb_sethexpwd (&temp[i*32], &pwhist[i*NT_HASH_LEN], 0);
+ /* Store the salt. */
+ pdb_sethexpwd(&temp[i*64], &pwhist[i*PW_HISTORY_ENTRY_LEN], 0);
+ /* Followed by the md5 hash of salt + md4 hash */
+ pdb_sethexpwd(&temp[(i*64)+32],
+ &pwhist[(i*PW_HISTORY_ENTRY_LEN)+PW_HISTORY_SALT_LEN], 0);
DEBUG(100, ("temp=%s\n", temp));
}
}
werror = cli_spoolss_getprinterdriver(
hnd->cli, hnd->mem_ctx, 0, &needed, &hnd->pol, level,
- version, arch, &ctr);
+ arch, version, &ctr);
if (W_ERROR_V(werror) == ERRinsufficientbuffer)
werror = cli_spoolss_getprinterdriver(
hnd->cli, hnd->mem_ctx, needed, NULL, &hnd->pol,
- level, version, arch, &ctr);
+ level, arch, version, &ctr);
if (!W_ERROR_IS_OK(werror)) {
PyErr_SetObject(spoolss_werror, py_werror_tuple(werror));
}
if (num_aces) {
- if((psa = make_sec_acl( main_loop_talloc_get(), ACL_REVISION, num_aces, nt_ace_list)) == NULL) {
+ if((psa = make_sec_acl( main_loop_talloc_get(), NT4_ACL_REVISION, num_aces, nt_ace_list)) == NULL) {
DEBUG(0,("get_nt_acl: Unable to malloc space for acl.\n"));
goto done;
}
* Special hack for broken Linux with no 64 bit clean sendfile. If we
* return ENOSYS then pretend we just got a normal read.
*/
- if (errno == ENOSYS)
+ if (errno == ENOSYS) {
+ set_use_sendfile(SNUM(conn), False);
goto normal_read;
+ }
DEBUG(0,("send_file_readbraw: sendfile failed for file %s (%s). Terminating\n",
fsp->fsp_name, strerror(errno) ));
* Special hack for broken Linux with no 64 bit clean sendfile. If we
* return ENOSYS then pretend we just got a normal read.
*/
- if (errno == ENOSYS)
+ if (errno == ENOSYS) {
+ set_use_sendfile(SNUM(conn), False);
goto normal_read;
+ }
DEBUG(0,("send_file_readX: sendfile failed for file %s (%s). Terminating\n",
fsp->fsp_name, strerror(errno) ));
git.samba.org / samba.git / commitdiff