Makefile: Added krb5 option from Nathan Neulinger <nneul@umr.edu>

includes.h:	Added krb5 option from Nathan Neulinger  <nneul@umr.edu>, added SGI5 fix.
password.c: Added krb5 option from Nathan Neulinger  <nneul@umr.edu>
quotas.c: Added inode quote fix.
reply.c: removed redundent code.
server.c: Changed error debug to 0, removed redundent check.
util.c: Added close_low_fd() to become_daemon - fix for rsh from Johnathan Knight.
Jeremy (jallison@whistle.com)

diff --git a/source/include/includes.h b/source/include/includes.h
index a5adb350775a021e2b1589d5e1724872455c338a..7dcff542865dea61339a436befdedf826eafca3b 100644 (file)
--- a/source/include/includes.h
+++ b/source/include/includes.h
@@ -348,6 +348,8 @@ char *getwd(char *);
 #ifdef SGI5
 #include <arpa/inet.h>
 #include <netinet/tcp.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
 #include <sys/statvfs.h>
 #include <string.h>
 #include <signal.h>
@@ -1059,6 +1061,10 @@ struct spwd { /* fake shadow password structure */
 #include <dce/sec_login.h>
 #endif
 
+#ifdef KRB5_AUTH
+#include <krb5.h>
+#endif
+
 #ifdef NO_UTIMBUF
 struct utimbuf {
   time_t actime;

diff --git a/source/lib/util.c b/source/lib/util.c
index 9d6229dbf96d373f9f1fb2229e6ef037b4e9c25b..0d7c32be89287a8995ab1357a14285be3f455dbe 100644 (file)
--- a/source/lib/util.c
+++ b/source/lib/util.c
@@ -2527,7 +2527,7 @@ void become_daemon(void)
   /* detach from the terminal */
 #ifdef USE_SETSID
   setsid();
-#else
+#else /* USE_SETSID */
 #ifdef TIOCNOTTY
   {
     int i = open("/dev/tty", O_RDWR);
@@ -2537,9 +2537,11 @@ void become_daemon(void)
        close(i);
       }
   }
-#endif
-#endif
-#endif
+#endif /* TIOCNOTTY */
+#endif /* USE_SETSID */
+  /* Close fd's 0,1,2. Needed if started by rsh */
+  close_low_fds();
+#endif /* NO_FORK_DEBUG */
 }
 
 

diff --git a/source/smbd/password.c b/source/smbd/password.c
index 2ba09f5ad99c0a523a8b7ec12cffe06ad7950c17..e00028d87e156638956a86add691fb14e8e9fd34 100644 (file)
--- a/source/smbd/password.c
+++ b/source/smbd/password.c
@@ -585,6 +585,86 @@ void dfs_unlogin(void)
 
 #endif
 
+#ifdef KRB5_AUTH
+/*******************************************************************
+check on Kerberos authentication
+********************************************************************/
+static BOOL krb5_auth(char *this_user,char *password)
+{
+       krb5_data tgtname = {
+               0,
+               KRB5_TGS_NAME_SIZE,
+               KRB5_TGS_NAME
+       };
+       krb5_context kcontext;
+       krb5_principal kprinc;
+       krb5_principal server;
+       krb5_creds kcreds;
+       int options = 0;
+       krb5_address **addrs = (krb5_address **)0;
+       krb5_preauthtype *preauth = NULL;
+       krb5_keytab keytab = NULL;
+       krb5_timestamp now;
+       krb5_ccache ccache = NULL;
+       int retval;
+       char *name;
+
+       if ( retval=krb5_init_context(&kcontext))
+       {
+               return(False);
+       }
+
+       if ( retval = krb5_timeofday(kcontext, &now) )
+       {
+               return(False);
+       }
+
+       if ( retval = krb5_cc_default(kcontext, &ccache) )
+       {
+               return(False);
+       }
+       
+       if ( retval = krb5_parse_name(kcontext, this_user, &kprinc) )
+       {
+               return(False);
+       }
+
+       memset((char *)&kcreds, 0, sizeof(kcreds));
+
+       kcreds.client = kprinc;
+       
+       if ((retval = krb5_build_principal_ext(kcontext, &server,
+               krb5_princ_realm(kcontext, kprinc)->length,
+               krb5_princ_realm(kcontext, kprinc)->data,
+               tgtname.length,
+               tgtname.data,
+               krb5_princ_realm(kcontext, kprinc)->length,
+               krb5_princ_realm(kcontext, kprinc)->data,
+               0)))
+       {
+               return(False);
+       }
+
+       kcreds.server = server;
+
+       retval = krb5_get_in_tkt_with_password(kcontext,
+               options,
+               addrs,
+               NULL,
+               preauth,
+               password,
+               0,
+               &kcreds,
+               0);
+
+       if ( retval )
+       {
+               return(False);
+       }
+
+       return(True);
+}
+#endif /* KRB5_AUTH */
 
 #ifdef LINUX_BIGCRYPT
 /****************************************************************************
@@ -687,6 +767,10 @@ Hence we make a direct return to avoid a second chance!!!
   if (dfs_auth(this_user,password)) return(True);
 #endif 
 
+#ifdef KRB5_AUTH
+  if (krb5_auth(this_user,password)) return(True);
+#endif
+
 #ifdef PWDAUTH
   if (pwdauth(this_user,password) == 0)
     return(True);
@@ -1318,7 +1402,8 @@ static BOOL check_user_equiv(char *user, char *remote, char *equiv_file)
        }
        file_host = strtok(bp, " \t\n");
        file_user = strtok(NULL, " \t\n");
-       DEBUG(7, ("check_user_equiv %s %s\n", file_host, file_user));
+       DEBUG(7, ("check_user_equiv %s %s\n", file_host ? file_host : "(null)", 
+                 file_user ? file_user : "(null)" ));
        if (file_host && *file_host) 
        {
          BOOL host_ok = False;

diff --git a/source/smbd/quotas.c b/source/smbd/quotas.c
index 262eea31004931699749c9d0a9472bb92a8e8b49..8cbe46d9e12c27996ad73e7bbd4d9c302383eade 100644 (file)
--- a/source/smbd/quotas.c
+++ b/source/smbd/quotas.c
@@ -437,7 +437,7 @@ BOOL disk_quotas(char *path, int *bsize, int *dfree, int *dsize)
   /* Use softlimit to determine disk space, except when it has been exceeded */
   if ((D.dqb_curblocks>D.dqb_bsoftlimit)
 #if !defined(__FreeBSD__)
-||(D.dqb_curfiles>D.dqb_fsoftlimit)
+||((D.dqb_curfiles>D.dqb_fsoftlimit) && (D.dqb_fsoftlimit != 0))
 #endif
     ) {
       *dfree = 0;

diff --git a/source/smbd/reply.c b/source/smbd/reply.c
index 8f650cb994e612a85b20d749abf4a413c2e37bd6..315c7fbb51d00adbb5ded70622a39911ba717335 100644 (file)
--- a/source/smbd/reply.c
+++ b/source/smbd/reply.c
@@ -1026,7 +1026,6 @@ int reply_open_and_X(char *inbuf,char *outbuf,int length,int bufsize)
   pstring fname;
   int cnum = SVAL(inbuf,smb_tid);
   int fnum = -1;
-  int openmode = 0;
   int smb_mode = SVAL(inbuf,smb_vwv3);
   int smb_attr = SVAL(inbuf,smb_vwv5);
   BOOL oplock_request = BITSETW(inbuf+smb_vwv2,1);
@@ -1050,12 +1049,6 @@ int reply_open_and_X(char *inbuf,char *outbuf,int length,int bufsize)
   strcpy(fname,smb_buf(inbuf));
   unix_convert(fname,cnum,0);
     
-  /* now add create and trunc bits */
-  if (smb_ofun & 0x10)
-    openmode |= O_CREAT;
-  if ((smb_ofun & 0x3) == 2)
-    openmode |= O_TRUNC;
-  
   fnum = find_free_file();
   if (fnum < 0)
     return(ERROR(ERRSRV,ERRnofids));

diff --git a/source/smbd/server.c b/source/smbd/server.c
index 41f23ed02f16adb3d6e5a94bee7f150d0d03e7f1..296962421560b0bffbeffb6dc1962cd7bcf8b066 100644 (file)
--- a/source/smbd/server.c
+++ b/source/smbd/server.c
@@ -1577,9 +1577,9 @@ void open_file_shared(int fnum,int cnum,char *fname,int share_mode,int ofun,
       int old_open_mode = old_shares[i].share_mode &0xF;
       int old_deny_mode = (old_shares[i].share_mode >>4)&7;
 
-      if (deny_mode > 4 || old_deny_mode > 4 || old_open_mode > 2) 
+      if (old_deny_mode > 4 || old_open_mode > 2) 
       {
-       DEBUG(2,("Invalid share mode (%d,%d,%d) on file %s\n",
+       DEBUG(0,("Invalid share mode found (%d,%d,%d) on file %s\n",
                 deny_mode,old_deny_mode,old_open_mode,fname));
         free((char *)old_shares);
         if(share_locked)