From e90b65284812aaa5ff9e9935ce9bbad7791cbbcd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 15 Jul 2002 10:35:28 +0000 Subject: [PATCH] updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce) --- docs/docbook/manpages/nmbd.8.sgml | 85 +- docs/docbook/manpages/pdbedit.8.sgml | 26 +- docs/docbook/manpages/rpcclient.1.sgml | 18 + docs/docbook/manpages/smb.conf.5.sgml | 786 ++--- docs/docbook/manpages/smbclient.1.sgml | 89 +- docs/docbook/manpages/smbcontrol.1.sgml | 21 +- docs/docbook/manpages/smbd.8.sgml | 4 +- docs/docbook/manpages/smbmount.8.sgml | 2 +- docs/docbook/manpages/smbsh.1.sgml | 130 + docs/docbook/manpages/wbinfo.1.sgml | 45 +- docs/docbook/manpages/winbindd.8.sgml | 15 + .../projdoc/Integrating-with-Windows.sgml | 20 +- docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml | 7 +- docs/docbook/projdoc/UNIX_INSTALL.sgml | 22 +- docs/docbook/projdoc/winbind.sgml | 8 + docs/faq/Samba-Server-FAQ.sgml | 4 +- docs/faq/sambafaq.sgml | 4 +- docs/htmldocs/Samba-HOWTO-Collection.html | 98 +- docs/htmldocs/nmbd.8.html | 85 +- docs/htmldocs/pdbedit.8.html | 39 +- docs/htmldocs/smb.conf.5.html | 489 ++- docs/htmldocs/smbclient.1.html | 105 +- docs/htmldocs/smbcontrol.1.html | 36 +- docs/htmldocs/smbd.8.html | 27 +- docs/htmldocs/smbmount.8.html | 2 +- docs/htmldocs/smbsh.1.html | 229 +- docs/htmldocs/wbinfo.1.html | 78 +- docs/htmldocs/winbindd.8.html | 47 +- docs/manpages/nmbd.8 | 71 +- docs/manpages/pdbedit.8 | 22 +- docs/manpages/smb.conf.5 | 224 +- docs/manpages/smbclient.1 | 57 +- docs/manpages/smbcontrol.1 | 23 +- docs/manpages/smbd.8 | 6 +- docs/manpages/smbmount.8 | 4 +- docs/manpages/smbsh.1 | 102 +- docs/manpages/wbinfo.1 | 30 +- docs/manpages/winbindd.8 | 14 +- docs/textdocs/BROWSING.txt | 17 +- docs/textdocs/HINTS.txt | 3 + docs/textdocs/Printing.txt | 2 +- docs/textdocs/Tracing.txt | 2 +- docs/textdocs/UNIX_SECURITY.txt | 2 +- examples/README | 4 +- examples/VFS/Makefile | 3 +- examples/VFS/block/Makefile | 2 +- examples/VFS/recycle.c | 20 +- examples/pdb/README | 42 + examples/pdb/pdb_test.c | 60 +- examples/smb.conf.default | 12 +- packaging/Caldera/OpenLinux/findsmb | 4 +- packaging/Caldera/OpenLinux/samba3.spec.tmpl | 15 + packaging/Caldera/OpenServer/findsmb | 4 +- packaging/Caldera/UnixWare/findsmb | 4 +- packaging/Mandrake/findsmb | 4 +- packaging/PHT/TurboLinux/findsmb | 4 +- packaging/RedHat/findsmb | 8 +- packaging/RedHat/samba.pamd | 4 +- packaging/RedHat/samba2.spec.tmpl | 212 +- packaging/RedHat/smb.init | 15 +- packaging/SGI/findsmb | 4 +- packaging/Solaris/i.swat | 2 +- source3/.cvsignore | 10 +- source3/CodingSuggestions | 5 + source3/Makefile.in | 291 +- source3/acconfig.h | 8 +- source3/aclocal.m4 | 829 +----- source3/auth/auth.c | 82 +- source3/auth/auth_builtin.c | 118 +- source3/auth/auth_compat.c | 3 + source3/auth/auth_domain.c | 118 +- source3/auth/auth_rhosts.c | 15 +- source3/auth/auth_sam.c | 19 +- source3/auth/auth_server.c | 57 +- source3/auth/auth_unix.c | 15 +- source3/auth/auth_util.c | 218 +- source3/auth/auth_winbind.c | 10 +- source3/auth/pampass.c | 13 +- source3/auth/pass_check.c | 65 +- source3/client/.cvsignore | 1 + source3/client/client.c | 58 +- source3/client/clitar.c | 25 +- source3/client/smbmnt.c | 4 +- source3/client/smbspool.c | 68 +- source3/configure | 2448 ++++++++------- source3/configure.in | 461 +-- source3/dynconfig.c | 1 + source3/groupdb/mapping.c | 12 +- source3/include/ads.h | 1 + source3/include/auth.h | 9 +- source3/include/byteorder.h | 23 +- source3/include/client.h | 16 +- source3/include/config.h.in | 16 +- source3/include/debug.h | 43 +- source3/include/doserr.h | 2 + source3/include/dynconfig.h | 1 + source3/include/includes.h | 33 +- source3/include/libsmbclient.h | 248 +- source3/include/local.h | 2 +- source3/include/mangle.h | 7 +- source3/include/md5.h | 1 - source3/include/messages.h | 7 +- source3/include/msdfs.h | 44 +- source3/include/nameserv.h | 8 + source3/include/nt_printing.h | 22 +- source3/include/ntdomain.h | 1 - source3/include/nterr.h | 2 +- source3/include/passdb.h | 46 +- source3/include/printing.h | 2 +- source3/include/rpc_dce.h | 21 +- source3/include/rpc_lsa.h | 17 +- source3/include/rpc_reg.h | 45 +- source3/include/rpc_samr.h | 204 +- source3/include/rpc_spoolss.h | 129 +- source3/include/rpc_srvsvc.h | 90 +- source3/include/secrets.h | 24 +- source3/include/smb.h | 102 +- source3/include/smb_macros.h | 5 +- source3/include/trans2.h | 12 +- source3/lib/access.c | 20 +- source3/lib/charcnv.c | 36 +- source3/lib/debug.c | 363 ++- source3/lib/dprintf.c | 5 +- source3/lib/error.c | 4 +- source3/lib/genrand.c | 4 +- source3/lib/interface.c | 46 +- source3/lib/interfaces.c | 14 +- source3/lib/md5.c | 4 +- source3/lib/messages.c | 24 +- source3/lib/pam_errors.c | 1 + source3/lib/pidfile.c | 9 +- source3/lib/replace.c | 14 + source3/lib/select.c | 28 +- source3/lib/signal.c | 8 +- source3/lib/snprintf.c | 78 +- source3/lib/substitute.c | 430 ++- source3/lib/sysacls.c | 16 +- source3/lib/system.c | 216 +- source3/lib/talloc.c | 31 +- source3/lib/time.c | 7 +- source3/lib/username.c | 82 +- source3/lib/util.c | 318 +- source3/lib/util_file.c | 9 +- source3/lib/util_getent.c | 30 +- source3/lib/util_pw.c | 48 +- source3/lib/util_seaccess.c | 2 - source3/lib/util_sec.c | 36 + source3/lib/util_sid.c | 344 +-- source3/lib/util_sock.c | 470 +-- source3/lib/util_str.c | 332 ++- source3/lib/util_unistr.c | 41 + source3/lib/wins_srv.c | 647 ++-- source3/lib/xfile.c | 14 +- source3/libads/ads_struct.c | 28 +- source3/libads/disp_sec.c | 20 +- source3/libads/kerberos.c | 155 +- source3/libads/ldap.c | 679 +++-- source3/libads/ldap_printer.c | 73 +- source3/libads/ldap_user.c | 52 +- source3/libads/sasl.c | 3 +- source3/libsmb/cli_dfs.c | 8 - source3/libsmb/cli_lsarpc.c | 52 +- source3/libsmb/cli_netlogon.c | 21 +- source3/libsmb/cli_reg.c | 9 - source3/libsmb/cli_samr.c | 132 +- source3/libsmb/cli_spoolss.c | 645 +++- source3/libsmb/cli_srvsvc.c | 381 ++- source3/libsmb/cli_wkssvc.c | 18 - source3/libsmb/cliconnect.c | 528 ++-- source3/libsmb/clientgen.c | 61 +- source3/libsmb/clifile.c | 2 +- source3/libsmb/clilist.c | 10 +- source3/libsmb/clirap.c | 14 +- source3/libsmb/clirap2.c | 10 +- source3/libsmb/clireadwrite.c | 64 +- source3/libsmb/clispnego.c | 43 +- source3/libsmb/errormap.c | 1 + source3/libsmb/libsmbclient.c | 1691 ++++++----- source3/libsmb/namequery.c | 662 ++--- source3/libsmb/nmblib.c | 4 +- source3/libsmb/nterr.c | 1 + source3/libsmb/pwd_cache.c | 137 +- source3/libsmb/smbencrypt.c | 131 +- source3/libsmb/trust_passwd.c | 10 +- source3/libsmb/unexpected.c | 2 +- source3/locking/brlock.c | 23 +- source3/locking/locking.c | 7 +- source3/msdfs/msdfs.c | 618 ++-- source3/nmbd/nmbd.c | 19 +- source3/nmbd/nmbd_incomingrequests.c | 316 +- source3/nmbd/nmbd_mynames.c | 93 +- source3/nmbd/nmbd_namelistdb.c | 2 +- source3/nmbd/nmbd_namequery.c | 2 +- source3/nmbd/nmbd_nameregister.c | 789 ++--- source3/nmbd/nmbd_namerelease.c | 361 ++- source3/nmbd/nmbd_packets.c | 334 ++- source3/nmbd/nmbd_responserecordsdb.c | 12 +- source3/nmbd/nmbd_subnetdb.c | 71 +- source3/nmbd/nmbd_winsserver.c | 12 +- source3/nsswitch/.cvsignore | 1 + source3/nsswitch/hp_nss_common.h | 4 + source3/nsswitch/nss.h | 2 +- source3/nsswitch/pam_winbind.c | 9 + source3/nsswitch/wb_client.c | 5 + source3/nsswitch/wb_common.c | 6 +- source3/nsswitch/wbinfo.c | 35 +- source3/nsswitch/winbind_nss.c | 26 +- source3/nsswitch/winbind_nss_config.h | 6 +- source3/nsswitch/winbindd.c | 145 +- source3/nsswitch/winbindd.h | 3 + source3/nsswitch/winbindd_ads.c | 183 +- source3/nsswitch/winbindd_cache.c | 55 +- source3/nsswitch/winbindd_cm.c | 6 +- source3/nsswitch/winbindd_group.c | 42 +- source3/nsswitch/winbindd_idmap.c | 28 +- source3/nsswitch/winbindd_misc.c | 13 +- source3/nsswitch/winbindd_nss.h | 3 + source3/nsswitch/winbindd_pam.c | 3 + source3/nsswitch/winbindd_proto.h | 11 +- source3/nsswitch/winbindd_rpc.c | 34 +- source3/nsswitch/winbindd_sid.c | 4 +- source3/nsswitch/winbindd_user.c | 3 + source3/nsswitch/winbindd_util.c | 7 +- source3/nsswitch/winbindd_wins.c | 28 +- source3/nsswitch/wins.c | 51 +- source3/pam_smbpass/general.h | 7 + source3/pam_smbpass/pam_smb_acct.c | 4 +- source3/pam_smbpass/pam_smb_auth.c | 5 +- source3/pam_smbpass/pam_smb_passwd.c | 8 +- source3/pam_smbpass/support.c | 222 +- source3/param/loadparm.c | 629 ++-- source3/passdb/machine_sid.c | 53 +- source3/passdb/passdb.c | 513 ++-- source3/passdb/passgrp.c | 3 + source3/passdb/pdb_get_set.c | 168 +- source3/passdb/pdb_interface.c | 335 ++- source3/passdb/pdb_ldap.c | 279 +- source3/passdb/pdb_nisplus.c | 22 +- source3/passdb/pdb_plugin.c | 21 +- source3/passdb/pdb_smbpasswd.c | 272 +- source3/passdb/pdb_tdb.c | 226 +- source3/passdb/secrets.c | 192 +- source3/printing/lpq_parse.c | 18 +- source3/printing/nt_printing.c | 537 +++- source3/printing/pcap.c | 16 +- source3/printing/print_cups.c | 2 +- source3/printing/print_generic.c | 8 +- source3/printing/printing.c | 1037 ++++--- source3/rpc_client/cli_pipe.c | 3 + source3/rpc_client/cli_reg.c | 3 + source3/rpc_client/cli_samr.c | 3 + source3/rpc_client/cli_spoolss.c | 3 + source3/rpc_client/cli_srvsvc.c | 30 +- source3/rpc_client/cli_wkssvc.c | 3 + source3/rpc_client/msrpc_spoolss.c | 3 + source3/rpc_parse/parse_dfs.c | 3 + source3/rpc_parse/parse_lsa.c | 78 +- source3/rpc_parse/parse_misc.c | 53 +- source3/rpc_parse/parse_net.c | 14 +- source3/rpc_parse/parse_prs.c | 37 +- source3/rpc_parse/parse_reg.c | 80 +- source3/rpc_parse/parse_rpc.c | 3 + source3/rpc_parse/parse_samr.c | 188 +- source3/rpc_parse/parse_sec.c | 109 +- source3/rpc_parse/parse_spoolss.c | 744 ++++- source3/rpc_parse/parse_srv.c | 272 +- source3/rpc_parse/parse_wks.c | 3 + source3/rpc_server/srv_dfs.c | 3 + source3/rpc_server/srv_dfs_nt.c | 33 +- source3/rpc_server/srv_lsa.c | 5 + source3/rpc_server/srv_lsa_hnd.c | 48 + source3/rpc_server/srv_lsa_nt.c | 58 +- source3/rpc_server/srv_netlog.c | 3 + source3/rpc_server/srv_netlog_nt.c | 53 +- source3/rpc_server/srv_pipe.c | 7 +- source3/rpc_server/srv_pipe_hnd.c | 50 +- source3/rpc_server/srv_reg.c | 138 +- source3/rpc_server/srv_reg_nt.c | 661 ++++- source3/rpc_server/srv_samr.c | 35 + source3/rpc_server/srv_samr_nt.c | 1339 ++++++--- source3/rpc_server/srv_spoolss.c | 125 +- source3/rpc_server/srv_spoolss_nt.c | 1384 ++++++--- source3/rpc_server/srv_srvsvc.c | 39 +- source3/rpc_server/srv_srvsvc_nt.c | 143 +- source3/rpc_server/srv_util.c | 18 +- source3/rpc_server/srv_wkssvc.c | 5 +- source3/rpc_server/srv_wkssvc_nt.c | 3 + source3/rpcclient/cmd_lsarpc.c | 65 +- source3/rpcclient/cmd_netlogon.c | 9 +- source3/rpcclient/cmd_samr.c | 429 ++- source3/rpcclient/cmd_spoolss.c | 10 +- source3/rpcclient/cmd_srvsvc.c | 131 +- source3/rpcclient/rpcclient.c | 86 +- source3/rpcclient/samsync.c | 59 +- source3/script/.cvsignore | 1 + source3/script/mkproto.awk | 10 + source3/smbd/build_options.c | 28 +- source3/smbd/change_trust_pw.c | 10 +- source3/smbd/chgpasswd.c | 4 + source3/smbd/conn.c | 2 +- source3/smbd/dir.c | 156 +- source3/smbd/fileio.c | 779 ++--- source3/smbd/filename.c | 760 +++-- source3/smbd/groupname.c | 5 +- source3/smbd/ipc.c | 2 +- source3/smbd/lanman.c | 424 +-- source3/smbd/mangle.c | 21 +- source3/smbd/mangle_hash.c | 534 ++-- source3/smbd/mangle_hash2.c | 110 +- source3/smbd/mangle_map.c | 4 +- source3/smbd/message.c | 10 +- source3/smbd/negprot.c | 380 ++- source3/smbd/notify_kernel.c | 109 +- source3/smbd/nttrans.c | 568 ++-- source3/smbd/open.c | 18 +- source3/smbd/oplock.c | 79 +- source3/smbd/oplock_irix.c | 30 +- source3/smbd/oplock_linux.c | 57 +- source3/smbd/password.c | 182 +- source3/smbd/pipes.c | 2 +- source3/smbd/posix_acls.c | 180 +- source3/smbd/process.c | 65 +- source3/smbd/reply.c | 93 +- source3/smbd/sec_ctx.c | 39 +- source3/smbd/server.c | 23 +- source3/smbd/service.c | 393 ++- source3/smbd/session.c | 52 +- source3/smbd/sesssetup.c | 88 +- source3/smbd/srvstr.c | 9 + source3/smbd/trans2.c | 2625 ++++++++++------- source3/smbd/uid.c | 15 +- source3/smbd/vfs-wrap.c | 4 +- source3/smbd/vfs.c | 8 +- source3/tdb/.cvsignore | 1 + source3/tdb/tdb.c | 26 +- source3/tdb/tdb.h | 1 + source3/tdb/tdbbackup.c | 18 +- source3/tdb/tdbtool.c | 6 +- source3/tdb/tdbutil.c | 111 +- source3/torture/mangle_test.c | 5 +- source3/torture/nbio.c | 10 + source3/torture/nsstest.c | 4 +- source3/torture/torture.c | 29 + source3/utils/net.c | 70 +- source3/utils/net.h | 5 + source3/utils/net_ads.c | 269 +- source3/utils/net_help.c | 71 +- source3/utils/net_lookup.c | 173 +- source3/utils/net_rap.c | 53 +- source3/utils/net_rpc.c | 671 ++++- source3/utils/net_rpc_join.c | 10 +- source3/utils/net_time.c | 6 +- source3/utils/nmblookup.c | 34 +- source3/utils/pdbedit.c | 538 ++-- source3/utils/smbcacls.c | 126 +- source3/utils/smbcontrol.c | 157 +- source3/utils/smbgroupedit.c | 18 +- source3/utils/smbpasswd.c | 105 +- source3/utils/smbtree.c | 85 +- source3/utils/status.c | 18 +- source3/utils/testparm.c | 277 +- source3/web/.cvsignore | 1 + source3/web/cgi.c | 2 +- source3/web/diagnose.c | 6 +- source3/web/neg_lang.c | 1 + source3/web/startstop.c | 2 +- source3/web/statuspage.c | 1 + source3/web/swat.c | 3 +- source3/wrepld/parser.c | 243 +- source3/wrepld/partners.c | 20 +- source3/wrepld/process.c | 119 +- source3/wrepld/server.c | 45 +- testsuite/build_farm/basicsmb.fns | 2 +- .../build_farm/basicsmb.smb.conf.template | 2 +- 374 files changed, 27323 insertions(+), 17458 deletions(-) diff --git a/docs/docbook/manpages/nmbd.8.sgml b/docs/docbook/manpages/nmbd.8.sgml index 46f36834df4..d5c89064e74 100644 --- a/docs/docbook/manpages/nmbd.8.sgml +++ b/docs/docbook/manpages/nmbd.8.sgml @@ -177,13 +177,14 @@ The -l parameter specifies a directory into which the "log.nmbd" log file will be created for operational data from the running - nmbd server. - - The default log directory is compiled into Samba + nmbd server. The default log directory is compiled into Samba as part of the build process. Common defaults are /usr/local/samba/var/log.nmb, /usr/samba/var/log.nmb or - /var/log/log.nmb. + /var/log/log.nmb. Beware: + If the directory specified does not exist, nmbd + will log to the default debug log location defined at compile time. + @@ -198,25 +199,25 @@ smb.conf. - + -p <UDP port number> UDP port number is a positive integer value. - This option changes the default UDP port number (normally 137) - that nmbd responds to name queries on. Don't - use this option unless you are an expert, in which case you + This option changes the default UDP port number (normally 137) + that nmbd responds to name queries on. Don't + use this option unless you are an expert, in which case you won't need help! - + -s <configuration file> - The default configuration file name + The default configuration file name is set at build time, typically as /usr/local/samba/lib/smb.conf, but this may be changed when Samba is autoconfigured. - The file specified contains the configuration details - required by the server. See + The file specified contains the configuration details + required by the server. See smb.conf(5) for more information. @@ -229,55 +230,55 @@ /etc/inetd.conf - If the server is to be run by the - inetd meta-daemon, this file - must contain suitable startup information for the + If the server is to be run by the + inetd meta-daemon, this file + must contain suitable startup information for the meta-daemon. See the UNIX_INSTALL.html document for details. - + /etc/rc - or whatever initialization script your + or whatever initialization script your system uses). - If running the server as a daemon at startup, - this file will need to contain an appropriate startup + If running the server as a daemon at startup, + this file will need to contain an appropriate startup sequence for the server. See the UNIX_INSTALL.html document for details. - + /etc/services - If running the server via the - meta-daemon inetd, this file - must contain a mapping of service name (e.g., netbios-ssn) - to service port (e.g., 139) and protocol type (e.g., tcp). + If running the server via the + meta-daemon inetd, this file + must contain a mapping of service name (e.g., netbios-ssn) + to service port (e.g., 139) and protocol type (e.g., tcp). See the UNIX_INSTALL.html document for details. - + /usr/local/samba/lib/smb.conf - This is the default location of the + This is the default location of the smb.conf - server configuration file. Other common places that systems - install this file are /usr/samba/lib/smb.conf + server configuration file. Other common places that systems + install this file are /usr/samba/lib/smb.conf and /etc/smb.conf. - - When run as a WINS server (see the + + When run as a WINS server (see the wins support parameter in the smb.conf(5) man page), nmbd - will store the WINS database in the file wins.dat - in the var/locks directory configured under + will store the WINS database in the file wins.dat + in the var/locks directory configured under wherever Samba was configured to install itself. If nmbd is acting as a - browse master (see the (see the local master parameter in the smb.conf(5) man page, nmbd @@ -292,20 +293,20 @@ SIGNALS - To shut down an nmbd process it is recommended - that SIGKILL (-9) NOT be used, except as a last - resort, as this may leave the name database in an inconsistent state. - The correct way to terminate nmbd is to send it + To shut down an nmbd process it is recommended + that SIGKILL (-9) NOT be used, except as a last + resort, as this may leave the name database in an inconsistent state. + The correct way to terminate nmbd is to send it a SIGTERM (-15) signal and wait for it to die on its own. - nmbd will accept SIGHUP, which will cause + nmbd will accept SIGHUP, which will cause it to dump out its namelists into the file namelist.debug - in the /usr/local/samba/var/locks - directory (or the var/locks directory configured - under wherever Samba was configured to install itself). This will also + in the /usr/local/samba/var/locks + directory (or the var/locks directory configured + under wherever Samba was configured to install itself). This will also cause nmbd to dump out its server database in the log.nmb file. - + The debug log level of nmbd may be raised or lowered using smbcontrol(1) (SIGUSR[1|2] signals are no longer used in Samba 2.2). This is diff --git a/docs/docbook/manpages/pdbedit.8.sgml b/docs/docbook/manpages/pdbedit.8.sgml index eeb1fb0d2c6..3f6023d16fa 100644 --- a/docs/docbook/manpages/pdbedit.8.sgml +++ b/docs/docbook/manpages/pdbedit.8.sgml @@ -27,7 +27,9 @@ -a -m -x - -i file + -i passdb-backend + -e passdb-backend + -D debuglevel @@ -233,18 +235,26 @@ - -i file - This command is used to import a smbpasswd - file into the database. + -i passdb-backend + Use a different passdb backend to retrieve users than the one specified in smb.conf. - This option will ease migration from the plain smbpasswd - file database to more powerful backend databases like tdb and - ldap. + This option will ease migration from one passdb backend to another. + - Example: pdbedit -i /etc/smbpasswd.old + Example: pdbedit -i smbpasswd:/etc/smbpasswd.old -e tdbsam:/etc/samba/passwd.tdb + + + -e passdb-backend + Export all currently available users to the specified password database backend. + + This option will ease migration from one passdb backend to another and will ease backupping + + Example: pdbedit -e smbpasswd:/root/samba-users.backup + + diff --git a/docs/docbook/manpages/rpcclient.1.sgml b/docs/docbook/manpages/rpcclient.1.sgml index 9205439b013..f1ba474cfba 100644 --- a/docs/docbook/manpages/rpcclient.1.sgml +++ b/docs/docbook/manpages/rpcclient.1.sgml @@ -26,6 +26,7 @@ -U username[%password] -W workgroup -N + -I destinationIP server @@ -104,6 +105,23 @@ + + -I IP-address + IP address is the address of the server to connect to. + It should be specified in standard "a.b.c.d" notation. + + Normally the client would attempt to locate a named + SMB/CIFS server by looking it up via the NetBIOS name resolution + mechanism described above in the name resolve order + parameter above. Using this parameter will force the client + to assume that the server is on the machine with the specified IP + address and the NetBIOS name component of the resource being + connected to will be ignored. + + There is no default for this parameter. If not supplied, + it will be determined automatically by the client as described + above. + diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml index 3cea2d51bc1..641e36f57ac 100644 --- a/docs/docbook/manpages/smb.conf.5.sgml +++ b/docs/docbook/manpages/smb.conf.5.sgml @@ -41,7 +41,7 @@ Section and parameter names are not case sensitive. Only the first equals sign in a parameter is significant. - Whitespace before or after the first equals sign is discarded. + Whitespace before or after the first equals sign is discarded. Leading, trailing and internal whitespace in section and parameter names is irrelevant. Leading and trailing whitespace in a parameter value is discarded. Internal whitespace within a parameter value @@ -84,7 +84,7 @@ printable services (used by the client to access print services on the host running the server). - Sections may be designated guest services, + Sections may be designated guest services, in which case no password is required to access them. A specified UNIX guest account is used to define access privileges in this case. @@ -213,7 +213,7 @@ the [homes] section will hide the [homes] share but make any auto home directories visible. - + The [printers] section @@ -433,7 +433,7 @@ %d - The process id of the current server + The process id of the current server process. @@ -519,7 +519,7 @@ short preserve case = yes/no - controls if new files which conform to 8.3 syntax, + controls if new files which conform to 8.3 syntax, that is all in upper case and of suitable length, are created upper case, or if they are forced to be the "default" case. This option can be use with "preserve case = yes" @@ -542,8 +542,10 @@ steps fail, then the connection request is rejected. However, if one of the steps succeeds, then the following steps are not checked. - If the service is marked "guest only = yes" then - steps 1 to 5 are skipped. + If the service is marked "guest only = yes" and the + server is running with share-level security ("security = share") + then steps 1 to 5 are skipped. + If the client has passed a username/password @@ -596,6 +598,7 @@ add share command add user script add machine script + algorithmic rid base allow trusted domains announce as announce version @@ -641,10 +644,10 @@ ldap admin dn ldap filter - ldap port - ldap server ldap ssl ldap suffix + ldap suffix + ldap suffix lm announce lm interval @@ -652,6 +655,9 @@ local master lock dir lock directory + lock spin count + lock spin time + pid directory log file log level logon drive @@ -683,6 +689,7 @@ nis homedir non unix account range nt pipe support + nt status support null passwords obey pam restrictions oplock break wait time @@ -722,24 +729,6 @@ socket options source environment - ssl - ssl CA certDir - ssl CA certFile - ssl ciphers - ssl client cert - ssl client key - ssl compatibility - ssl egd socket - ssl entropy bytes - ssl entropy file - ssl hosts - ssl hosts resign - ssl require clientcert - ssl require servercert - ssl server cert - ssl server key - ssl version - stat cache stat cache size strip dot @@ -796,6 +785,8 @@ copy create mask create mode + csc policy + default case default devmode delete readonly @@ -829,6 +820,7 @@ hosts allow hosts deny include + inherit acls inherit permissions invalid users level2 oplocks @@ -881,6 +873,7 @@ root preexec close security mask set directory + share modes short preserve case status strict allocate @@ -1136,8 +1129,29 @@ hosts allow. + + algorithmic rid base (G) + This determines how Samba will use its + algorithmic mapping from uids/gid to the RIDs needed to construct + NT Security Identifiers. + + Setting this option to a larger value could be useful to sites + transitioning from WinNT and Win2k, as existing user and + group rids would otherwise clash with sytem users etc. + + All UIDs and GIDs must be able to be resolved into SIDs for + the correct operation of ACLs on the server. As such the algorithmic + mapping can't be 'turned off', but pushing it 'out of the way' should + resolve the issues. Users and groups can then be assigned 'low' RIDs + in arbitary-rid supporting backends. + Default: algorithmic rid base = 1000 + + Example: algorithmic rid base = 100000 + + + allow trusted domains (G) This option only takes effect when the + + csc policy (S) + This stands for client-side caching + policy, and specifies how clients capable of offline + caching will cache the files in the share. The valid values + are: manual, documents, programs, disable. + + These values correspond to those used on Windows + servers. + + For example, shares containing roaming profiles can have + offline caching disabled using csc policy = disable + . + + Default: csc policy = manual + Example: csc policy = programs + + deadtime (G) @@ -1871,47 +1903,16 @@ delete user script (G) This is the full pathname to a script that will - be run AS ROOT by - smbd(8) under special circumstances - described below. + be run by smbd(8) + when managing user's with remote RPC (NT) tools. + - Normally, a Samba server requires that UNIX users are - created for all users accessing files on this server. For sites - that use Windows NT account databases as their primary user database - creating these users and keeping the user list in sync with the - Windows NT PDC is an onerous task. This option allows - smbd to delete the required UNIX users ON - DEMAND when a user accesses the Samba server and the - Windows NT user no longer exists. - - In order to use this option, smbd must be - set to security = domain or security = - user and delete user script - must be set to a full pathname for a script - that will delete a UNIX user given one argument of %u, - which expands into the UNIX user name to delete. + This script is called when a remote client removes a user + from the server, normally using 'User Manager for Domains' or + rpcclient. - When the Windows user attempts to access the Samba server, - at login (session setup in the SMB protocol) - time, smbd contacts the - password server and attempts to authenticate - the given user with the given password. If the authentication fails - with the specific Domain error code meaning that the user no longer - exists then smbd attempts to find a UNIX user in - the UNIX password database that matches the Windows user account. If - this lookup succeeds, and delete user script is - set then smbd will all the specified script - AS ROOT, expanding any %u - argument to be the user name to delete. - - This script should delete the given UNIX username. In this way, - UNIX users are dynamically deleted to match existing Windows NT - accounts. - - See also security = domain, - password server - , add user script - . + This script should delete the given UNIX username. + Default: delete user script = <empty string> @@ -3049,6 +3050,24 @@ + + inherit acls (S) + This parameter can be used to ensure + that if default acls exist on parent directories, + they are always honored when creating a subdirectory. + The default behavior is to use the mode specified + when creating the directory. Enabling this option + sets the mode to 0777, thus guaranteeing that + default directory acls are propagated. + + + Default: inherit acls = no + + + + + + inherit permissions (S) The permissions on new files and directories @@ -3262,12 +3281,6 @@ ldap admin dn (G) - This parameter is only available if Samba has been - configure to include the --with-ldapsam option - at compile time. This option should be considered experimental and - under active development. - - The ldap admin dn defines the Distinguished Name (DN) name used by Samba to contact the ldap @@ -3288,12 +3301,6 @@ ldap filter (G) - This parameter is only available if Samba has been - configure to include the --with-ldapsam option - at compile time. This option should be considered experimental and - under active development. - - This parameter specifies the RFC 2254 compliant LDAP search filter. The default is to match the login name with the uid @@ -3307,69 +3314,15 @@ - - - - ldap port (G) - This parameter is only available if Samba has been - configure to include the --with-ldapsam option - at compile time. This option should be considered experimental and - under active development. - - - - This option is used to control the tcp port number used to contact - the ldap server. - The default is to use the stand LDAPS port 636. - - - See Also: ldap ssl - - - Default : ldap port = 636 - - - - - - - - ldap server (G) - This parameter is only available if Samba has been - configure to include the --with-ldapsam option - at compile time. This option should be considered experimental and - under active development. - - - - This parameter should contains the FQDN of the ldap directory - server which should be queried to locate user account information. - - - - - Default : ldap server = localhost - - - - - - ldap ssl (G) - This parameter is only available if Samba has been - configure to include the --with-ldapsam option - at compile time. This option should be considered experimental and - under active development. - - This option is used to define whether or not Samba should use SSL when connecting to the ldap server. This is NOT related to - Samba SSL support which is enabled by specifying the + Samba's previous SSL support which was enabled by specifying the --with-ssl option to the configure - script (see ssl). + script. @@ -3391,10 +3344,30 @@ ldap suffix (G) - This parameter is only available if Samba has been - configure to include the --with-ldapsam option - at compile time. This option should be considered experimental and - under active development. + + Default : none + + + + + + + ldap user suffix (G) + It specifies where users are added to the tree. + + + + + Default : none + + + + + + + ldap machine suffix (G) + It specifies where machines should be + added to the ldap tree. @@ -3556,6 +3529,39 @@ + + lock spin count (G) + This parameter controls the number of times + that smbd should attempt to gain a byte range lock on the + behalf of a client request. Experiments have shown that + Windows 2k servers do not reply with a failure if the lock + could not be immediately granted, but try a few more times + in case the lock could later be aquired. This behavior + is used to support PC database formats such as MS Access + and FoxPro. + + + Default: lock spin count = 2 + + + + + + + + lock spin time (G) + The time in microseconds that smbd should + pause before attempting to gain a failed lock. See + lock spin + count for more details. + + + Default: lock spin time = 10 + + + + + locking (S) This controls whether or not locking will be @@ -3845,8 +3851,8 @@ takes a printer name as its only parameter and outputs printer status information. - Currently eight styles of printer status information - are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX and SOFTQ. + Currently nine styles of printer status information + are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX, CUPS, and SOFTQ. This covers most UNIX systems. You control which type is expected using the printing = option. @@ -3862,7 +3868,10 @@ Note that it is good practice to include the absolute path in the lpq command as the $PATH - may not be available to the server. + may not be available to the server. When compiled with + the CUPS libraries, no lpq command is + needed because smbd will make a library call to obtain the + print queue listing. See also the printing parameter. @@ -4838,6 +4847,23 @@ + + nt status support (G) + This boolean parameter controls whether smbd(8) will negotiate NT specific status + support with Windows NT/2k/XP clients. This is a developer + debugging option and should be left alone. + If this option is set to no then Samba offers + exactly the same DOS error codes that versions prior to Samba 2.2.3 + reported. + + You should not need to ever disable this parameter. + + Default: nt status support = yes + + + + null passwords (G) Allow or disallow client access to accounts @@ -5064,10 +5090,10 @@ passdb backend (G) - This option allows the administrator to chose what - backend in which to store passwords. This allows (for example) both - smbpasswd and tdbsam to be used without a recompile. Only one can - be used at a time however, and experimental backends must still be selected + This option allows the administrator to chose which backends to retrieve and store passwords with. This allows (for example) both + smbpasswd and tdbsam to be used without a recompile. + Multiple backends can be specified, seperated by spaces. The backends will be searched in the order they are specified. New users are always added to the first backend specified. + Experimental backends must still be selected (eg --with-tdbsam) at configure time. @@ -5115,14 +5141,27 @@ Any characters after the (optional) second : are passed to the plugin for its own processing - + + unixsam - Allows samba to map all (other) available unix users + + This backend uses the standard unix database for retrieving users. Users included + in this pdb are NOT listed in samba user listings and users included in this pdb won't be + able to login. The use of this backend is to always be able to display the owner of a file + on the samba server - even when the user doesn't have a 'real' samba account in one of the + other passdb backends. + + + This backend should always be the last backend listed, since it contains all users in + the unix passdb and might 'override' mappings if specified earlier. It's meant to only return + accounts for users that aren't covered by the previous backends. + - Default: passdb backend = smbpasswd - Example: passdb backend = tdbsam:/etc/samba/private/passdb.tdb - Example: passdb backend = ldapsam_nua:ldaps://ldap.example.com - Example: passdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args + Default: passdb backend = smbpasswd unixsam + Example: passdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd unixsam + Example: passdb backend = ldapsam_nua:ldaps://ldap.example.com unixsam + Example: passdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb @@ -5417,6 +5456,18 @@ + + pid directory (G) + This option specifies the directory where pid + files will be placed. + + Default: pid directory = ${prefix}/var/locks + Example: pid directory = /var/run/ + + + + + posix locking (S) The smbd(8) @@ -5596,14 +5647,23 @@ manually remove old spool files. The print command is simply a text string. It will be used - verbatim, with two exceptions: All occurrences of %s - and %f will be replaced by the - appropriate spool file name, and all occurrences of %p - will be replaced by the appropriate printer name. The - spool file name is generated automatically by the server. The - %J macro can be used to access the job + verbatim after macro substitutions have been made: + + s, %p - the path to the spool + file name + + %p - the appropriate printer + name + + %J - the job name as transmitted by the client. + %c - The number of printed pages + of the spooled job (if known). + + %z - the size of the spooled + print job (in bytes) + The print command MUST contain at least one occurrence of %s or %f - the %p is optional. At the time @@ -5647,6 +5707,17 @@ For printing = SOFTQ : print command = lp -d%p -s %s; rm %s + For printing = CUPS : If SAMBA is compiled against + libcups, then printcap = cups + uses the CUPS API to + submit jobs, etc. Otherwise it maps to the System V + commands with the -oraw option for printing, i.e. it + uses lp -c -d%p -oraw; rm %s. + With printing = cups, + and if SAMBA is compiled against libcups, any manually + set print command will be ignored. + + Example: print command = /usr/local/samba/bin/myprintscript %p %s @@ -5700,6 +5771,14 @@ linkend="PRINTERSSECT">[printers] section above for reasons why you might want to do this. + To use the CUPS printing interface set printcap name = cups + . This should be supplemented by an addtional setting + printing = cups in the [global] + section. printcap name = cups will use the + "dummy" printcap created by CUPS, as specified in your CUPS + configuration file. + + On System V systems that use lpstat to list available printers you can use printcap name = lpstat to automatically obtain lists of available printers. This @@ -6622,6 +6701,33 @@ + + share modes (S) + This enables or disables the honoring of + the share modes during a file open. These + modes are used by clients to gain exclusive read or write access + to a file. + + These open modes are not directly supported by UNIX, so + they are simulated using shared memory, or lock files if your + UNIX doesn't support shared memory (almost all do). + + The share modes that are enabled by this option are + DENY_DOS, DENY_ALL, + DENY_READ, DENY_WRITE, + DENY_NONE and DENY_FCB. + + + This option gives full share compatibility and enabled + by default. + + You should NEVER turn this parameter + off as many Windows applications will break if you do so. + + Default: share modes = yes + + + @@ -6855,348 +6961,6 @@ - - - ssl (G) - This variable is part of SSL-enabled Samba. This - is only available if the SSL libraries have been compiled on your - system and the configure option --with-ssl was - given at configure time. - - This variable enables or disables the entire SSL mode. If - it is set to no, the SSL-enabled Samba behaves - exactly like the non-SSL Samba. If set to yes, - it depends on the variables - ssl hosts and - ssl hosts resign whether an SSL - connection will be required. - - Default: ssl = no - - - - - - - ssl CA certDir (G) - This variable is part of SSL-enabled Samba. This - is only available if the SSL libraries have been compiled on your - system and the configure option --with-ssl was - given at configure time. - - This variable defines where to look up the Certification - Authorities. The given directory should contain one file for - each CA that Samba will trust. The file name must be the hash - value over the "Distinguished Name" of the CA. How this directory - is set up is explained later in this document. All files within the - directory that don't fit into this naming scheme are ignored. You - don't need this variable if you don't verify client certificates. - - Default: ssl CA certDir = /usr/local/ssl/certs - - - - - - - - ssl CA certFile (G) - This variable is part of SSL-enabled Samba. This - is only available if the SSL libraries have been compiled on your - system and the configure option --with-ssl was - given at configure time. - - This variable is a second way to define the trusted CAs. - The certificates of the trusted CAs are collected in one big - file and this variable points to the file. You will probably - only use one of the two ways to define your CAs. The first choice is - preferable if you have many CAs or want to be flexible, the second - is preferable if you only have one CA and want to keep things - simple (you won't need to create the hashed file names). You - don't need this variable if you don't verify client certificates. - - Default: ssl CA certFile = /usr/local/ssl/certs/trustedCAs.pem - - - - - - - - ssl ciphers (G) - This variable is part of SSL-enabled Samba. This - is only available if the SSL libraries have been compiled on your - system and the configure option --with-ssl was - given at configure time. - - This variable defines the ciphers that should be offered - during SSL negotiation. You should not set this variable unless - you know what you are doing. - - - - - - ssl client cert (G) - This variable is part of SSL-enabled Samba. This - is only available if the SSL libraries have been compiled on your - system and the configure option --with-ssl was - given at configure time. - - The certificate in this file is used by - smbclient(1) if it exists. It's needed - if the server requires a client certificate. - - Default: ssl client cert = /usr/local/ssl/certs/smbclient.pem - - - - - - - - ssl client key (G) - This variable is part of SSL-enabled Samba. This - is only available if the SSL libraries have been compiled on your - system and the configure option --with-ssl was - given at configure time. - - This is the private key for - smbclient(1). It's only needed if the - client should have a certificate. - - Default: ssl client key = /usr/local/ssl/private/smbclient.pem - - - - - - - - ssl compatibility (G) - This variable is part of SSL-enabled Samba. This - is only available if the SSL libraries have been compiled on your - system and the configure option --with-ssl was - given at configure time. - - This variable defines whether OpenSSL should be configured - for bug compatibility with other SSL implementations. This is - probably not desirable because currently no clients with SSL - implementations other than OpenSSL exist. - - Default: ssl compatibility = no - - - - - - ssl egd socket (G) - This variable is part of SSL-enabled Samba. This - is only available if the SSL libraries have been compiled on your - system and the configure option --with-ssl was - given at configure time. - - - This option is used to define the location of the communiation socket of - an EGD or PRNGD daemon, from which entropy can be retrieved. This option - can be used instead of or together with the ssl entropy file - directive. 255 bytes of entropy will be retrieved from the daemon. - - - Default: none - - - - - - ssl entropy bytes (G) - This variable is part of SSL-enabled Samba. This - is only available if the SSL libraries have been compiled on your - system and the configure option --with-ssl was - given at configure time. - - - This parameter is used to define the number of bytes which should - be read from the ssl entropy - file If a -1 is specified, the entire file will - be read. - - - Default: ssl entropy bytes = 255 - - - - - - - ssl entropy file (G) - This variable is part of SSL-enabled Samba. This - is only available if the SSL libraries have been compiled on your - system and the configure option --with-ssl was - given at configure time. - - - This parameter is used to specify a file from which processes will - read "random bytes" on startup. In order to seed the internal pseudo - random number generator, entropy must be provided. On system with a - /dev/urandom device file, the processes - will retrieve its entropy from the kernel. On systems without kernel - entropy support, a file can be supplied that will be read on startup - and that will be used to seed the PRNG. - - - Default: none - - - - - - - ssl hosts (G) - See - ssl hosts resign. - - - - - - ssl hosts resign (G) - This variable is part of SSL-enabled Samba. This - is only available if the SSL libraries have been compiled on your - system and the configure option --with-ssl was - given at configure time. - - These two variables define whether Samba will go - into SSL mode or not. If none of them is defined, Samba will - allow only SSL connections. If the - ssl hosts variable lists - hosts (by IP-address, IP-address range, net group or name), - only these hosts will be forced into SSL mode. If the - ssl hosts resign variable lists hosts, only these - hosts will NOT be forced into SSL mode. The syntax for these two - variables is the same as for the - hosts allow and - hosts deny pair of variables, only - that the subject of the decision is different: It's not the access - right but whether SSL is used or not. - - The example below requires SSL connections from all hosts - outside the local net (which is 192.168.*.*). - - Default: ssl hosts = <empty string> - ssl hosts resign = <empty string> - - Example: ssl hosts resign = 192.168. - - - - - - - ssl require clientcert (G) - This variable is part of SSL-enabled Samba. This - is only available if the SSL libraries have been compiled on your - system and the configure option --with-ssl was - given at configure time. - - If this variable is set to yes, the - server will not tolerate connections from clients that don't - have a valid certificate. The directory/file given in ssl CA certDir - and ssl CA certFile - will be used to look up the CAs that issued - the client's certificate. If the certificate can't be verified - positively, the connection will be terminated. If this variable - is set to no, clients don't need certificates. - Contrary to web applications you really should - require client certificates. In the web environment the client's - data is sensitive (credit card numbers) and the server must prove - to be trustworthy. In a file server environment the server's data - will be sensitive and the clients must prove to be trustworthy. - - Default: ssl require clientcert = no - - - - - - - ssl require servercert (G) - This variable is part of SSL-enabled Samba. This - is only available if the SSL libraries have been compiled on your - system and the configure option --with-ssl was - given at configure time. - - If this variable is set to yes, the - smbclient(1) - will request a certificate from the server. Same as - ssl require - clientcert for the server. - - Default: ssl require servercert = no - - - - - - ssl server cert (G) - This variable is part of SSL-enabled Samba. This - is only available if the SSL libraries have been compiled on your - system and the configure option --with-ssl was - given at configure time. - - This is the file containing the server's certificate. - The server must have a certificate. The - file may also contain the server's private key. See later for - how certificates and private keys are created. - - Default: ssl server cert = <empty string> - - - - - - - ssl server key (G) - This variable is part of SSL-enabled Samba. This - is only available if the SSL libraries have been compiled on your - system and the configure option --with-ssl was - given at configure time. - - This file contains the private key of the server. If - this variable is not defined, the key is looked up in the - certificate file (it may be appended to the certificate). - The server must have a private key - and the certificate must - match this private key. - - Default: ssl server key = <empty string> - - - - - - - ssl version (G) - This variable is part of SSL-enabled Samba. This - is only available if the SSL libraries have been compiled on your - system and the configure option --with-ssl was - given at configure time. - - This enumeration variable defines the versions of the - SSL protocol that will be used. ssl2or3 allows - dynamic negotiation of SSL v2 or v3, ssl2 results - in SSL v2, ssl3 results in SSL v3 and - tls1 results in TLS v1. TLS (Transport Layer - Security) is the new standard for SSL. - - Default: ssl version = "ssl2or3" - - - - - stat cache (G) This parameter determines if unix extensions(G) This boolean parameter controls whether Samba - implments the CIFS UNIX extensions, as defined by HP. These - extensions enable CIFS to server UNIX clients to UNIX servers - better, and allow such things as symbolic links, hard links etc. + implments the CIFS UNIX extensions, as defined by HP. + These extensions enable Samba to better serve UNIX CIFS clients + by supporting features such as symbolic links, hard links, etc... These extensions require a similarly enabled client, and are of no current use to Windows clients. @@ -7999,7 +7763,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ - winbind cache time + winbind cache time (G) This parameter specifies the number of seconds the winbindd(8) daemon will cache user and group information before querying a Windows NT server @@ -8011,8 +7775,8 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ - winbind enum - users On large installations using + winbind enum users (G) + On large installations using winbindd(8) it may be necessary to suppress the enumeration of users through the setpwent(), @@ -8033,8 +7797,8 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ - winbind enum - groups On large installations using + winbind enum groups (G) + On large installations using winbindd(8) it may be necessary to suppress the enumeration of groups through the setgrent(), @@ -8054,7 +7818,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ - winbind gid + winbind gid (G) The winbind gid parameter specifies the range of group ids that are allocated by the winbindd(8) daemon. This range of group ids should have no @@ -8070,7 +7834,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ - winbind separator + winbind separator (G) This parameter allows an admin to define the character used when listing a username of the form of DOMAIN \user. This parameter @@ -8082,8 +7846,8 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ with group membership at least on glibc systems, as the character + is used as a special character for NIS in /etc/group. - Example: winbind separator = \\ - Example: winbind separator = / + Default: winbind separator = '\' + Example: winbind separator = + @@ -8091,7 +7855,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ - winbind uid + winbind uid (G) The winbind gid parameter specifies the range of group ids that are allocated by the winbindd(8) daemon. This range of ids should have no diff --git a/docs/docbook/manpages/smbclient.1.sgml b/docs/docbook/manpages/smbclient.1.sgml index 4f36de15767..31031dafc46 100644 --- a/docs/docbook/manpages/smbclient.1.sgml +++ b/docs/docbook/manpages/smbclient.1.sgml @@ -434,9 +434,9 @@ domain = <value> -W WORKGROUP - Override the default workgroup specified in the - workgroup parameter of the smb.conf file - for this connection. This may be needed to connect to some + Override the default workgroup (domain) specified + in the workgroup parameter of the smb.conf + file for this connection. This may be needed to connect to some servers. @@ -634,6 +634,44 @@ domain = <value> + + altname file + The client will request that the server return + the "alternate" name (the 8.3 name) for a file or directory. + + + + + + cancel jobid0 [jobid1] ... [jobidN] + The client will request that the server cancel + the printjobs identified by the given numeric print job ids. + + + + + + + chmod file mode in octal + This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + change the UNIX permissions to the given octal mode, in standard UNIX format. + + + + + + + chown file uid gid + This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + change the UNIX user and group ownership to the given decimal values. Note there is + currently no way to remotely look up the UNIX uid and gid values for a given name. + This may be addressed in future versions of the CIFS UNIX extensions. + + + + cd [directory name] @@ -700,6 +738,17 @@ domain = <value> + + link source destination + This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + create a hard link between the source and destination files. The source file + must not exist. + + + + + lowercase Toggle lowercasing of filenames for the get and @@ -877,6 +926,30 @@ domain = <value> + + setmode <filename> <perm=[+|\-]rsha> + A version of the DOS attrib command to set + file permissions. For example: + + setmode myfile +r + + would make myfile read only. + + + + + + symlink source destination + This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + create a symbolic hard link between the source and destination files. The source file + must not exist. Note that the server will not create a link to any path that lies + outside the currently connected share. This is enforced by the Samba server. + + + + + tar <c|x>[IXbgNa] Performs a tar operation - see the -T @@ -907,16 +980,6 @@ domain = <value> - - setmode <filename> <perm=[+|\-]rsha> - A version of the DOS attrib command to set - file permissions. For example: - - setmode myfile +r - - would make myfile read only. - - diff --git a/docs/docbook/manpages/smbcontrol.1.sgml b/docs/docbook/manpages/smbcontrol.1.sgml index 05e05f4a6ab..517e2ca41f4 100644 --- a/docs/docbook/manpages/smbcontrol.1.sgml +++ b/docs/docbook/manpages/smbcontrol.1.sgml @@ -9,7 +9,7 @@ smbcontrol - send messages to smbd or nmbd processes + send messages to smbd, nmbd or winbindd processes @@ -33,9 +33,10 @@ Samba suite. smbcontrol is a very small program, which - sends messages to an smbd(8) or - an nmbd(8) daemon running on the - system. + sends messages to an smbd(8), + an nmbd(8) + or a winbindd(8) + daemon running on the system. @@ -81,8 +82,9 @@ message to smbd which will then close the client connections to the named share. Note that this doesn't affect client connections to any other shares. This message-type takes an argument of the - share name for which client connections will be close, or the + share name for which client connections will be closed, or the "*" character which will close all currently open shares. + This may be useful if you made changes to the access controls on the share. This message can only be sent to smbd. The debug message-type allows @@ -105,7 +107,7 @@ collection, "off" to turn off profile stats collection, "count" to enable only collection of count stats (time stats are disabled), and "flush" to zero the current profile stats. This can - be sent to any of the destinations. + be sent to any smbd or nmbd destinations. The debuglevel message-type sends a "request debug level" message. The current debug level setting @@ -115,18 +117,13 @@ The profilelevel message-type sends a "request profile level" message. The current profile level setting is returned by a "profilelevel" message. This can be sent - to any of the destinations. + to any smbd or nmbd destinations. The printer-notify message-type sends a message to smbd which in turn sends a printer notify message to any Windows NT clients connected to a printer. This message-type takes an argument of the printer name to send notify messages to. This message can only be sent to smbd. - - The close-share message-type sends a - message to smbd which forces smbd to close the share that was - specified as an argument. This may be useful if you made changes - to the access controls on the share. diff --git a/docs/docbook/manpages/smbd.8.sgml b/docs/docbook/manpages/smbd.8.sgml index 824ae20241c..509007c4bc8 100644 --- a/docs/docbook/manpages/smbd.8.sgml +++ b/docs/docbook/manpages/smbd.8.sgml @@ -176,7 +176,9 @@ its size may be controlled by the max log size option in the - smb.conf(5) file. + smb.conf(5) file. Beware: + If the directory specified does not exist, smbd + will log to the default debug log location defined at compile time. The default log directory is specified at diff --git a/docs/docbook/manpages/smbmount.8.sgml b/docs/docbook/manpages/smbmount.8.sgml index b4a77e51c9f..ec4dbbaff1f 100644 --- a/docs/docbook/manpages/smbmount.8.sgml +++ b/docs/docbook/manpages/smbmount.8.sgml @@ -14,7 +14,7 @@ - smbumount + smbmount service mount-point -o options diff --git a/docs/docbook/manpages/smbsh.1.sgml b/docs/docbook/manpages/smbsh.1.sgml index 46adac6b79d..82efb334ba7 100644 --- a/docs/docbook/manpages/smbsh.1.sgml +++ b/docs/docbook/manpages/smbsh.1.sgml @@ -16,6 +16,13 @@ smbsh + -W workgroup + -U username + -P prefix + -R <name resolve order> + -d <debug level> + -l logfile + -L libdir @@ -30,6 +37,129 @@ egrep, and rcp. You must use a shell that is dynamically linked in order for smbsh to work correctly. + + + + OPTIONS + + + + -W WORKGROUP + Override the default workgroup specified in the + workgroup parameter of the smb.conf file + for this session. This may be needed to connect to some + servers. + + + + -U username[%pass] + Sets the SMB username or username and password. + If this option is not specified, the user will be prompted for + both the username and the password. If %pass is not specified, + the user will be prompted for the password. + + + + + -P prefixThis option allows + the user to set the directory prefix for SMB access. The + default value if this option is not specified is + smb. + + + + + -R <name resolve order> + This option is used to determine what naming + services and in what order to resolve + host names to IP addresses. The option takes a space-separated + string of different name resolution options. + + The options are :"lmhosts", "host", "wins" and "bcast". + They cause names to be resolved as follows : + + + lmhosts : + Lookup an IP address in the Samba lmhosts file. If the + line in lmhosts has no name type attached to the + NetBIOS name + (see the lmhosts(5) + for details) then any name type matches for lookup. + + + host : + Do a standard host name to IP address resolution, using + the system /etc/hosts, NIS, or DNS + lookups. This method of name resolution is operating + system dependent, for instance on IRIX or Solaris this + may be controlled by the /etc/nsswitch.conf + file). Note that this method is only used + if the NetBIOS name type being queried is the 0x20 + (server) name type, otherwise it is ignored. + + + wins : + Query a name with the IP address listed in the + wins server parameter. If no + WINS server has been specified this method will be + ignored. + + + bcast : + Do a broadcast on each of the known local interfaces + listed in the interfaces + parameter. This is the least reliable of the name + resolution methods as it depends on the target host + being on a locally connected subnet. + + + + If this parameter is not set then the name resolve order + defined in the smb.conf file parameter + (name resolve order) will be used. + + The default order is lmhosts, host, wins, bcast. Without + this parameter or any entry in the name resolve order + parameter of the smb.conf + file, the name resolution methods will be attempted in this + order. + + + + -d <debug level> + debug level is an integer from 0 to 10. + + The default value if this parameter is not specified + is zero. + + The higher this value, the more detail will be logged + about the activities of nmblookup. At level + 0, only critical errors and serious warnings will be logged. + + + + + -l logfilename + If specified causes all debug messages to be + written to the file specified by logfilename + . If not specified then all messages will be + written tostderr. + + + + + -L libdir + This parameter specifies the location of the + shared libraries used by smbsh. The default + value is specified at compile time. + + + + + + + + EXAMPLES To use the smbsh command, execute smbsh from the prompt and enter the username and password diff --git a/docs/docbook/manpages/wbinfo.1.sgml b/docs/docbook/manpages/wbinfo.1.sgml index 7f2c4624a9a..f1461b07b9c 100644 --- a/docs/docbook/manpages/wbinfo.1.sgml +++ b/docs/docbook/manpages/wbinfo.1.sgml @@ -17,6 +17,8 @@ wbinfo -u -g + -h name + -i ip -n name -s sid -U uid @@ -25,8 +27,9 @@ -Y sid -t -m + -r user -a user%password - -p + -A user%password @@ -70,6 +73,26 @@ + + -h name + The -h option + queries winbindd(8) to query the WINS + server for the IP address associated with the NetBIOS name + specified by the name parameter. + + + + + + -i ip + The -i option + queries winbindd(8) to send a node status + request to get the NetBIOS name associated with the IP address + specified by the ip parameter. + + + + -n name The -n option @@ -143,6 +166,16 @@ + + + -r username + Try to obtain the list of UNIX group ids + to which the user belongs. This only works for users + defined on a Domain Controller. + + + + -a username%password Attempt to authenticate a user via winbindd. @@ -150,10 +183,14 @@ + - -p - Attempt a simple 'ping' check that the winbindd - is indeed alive. + -A username%password + Store username and password used by winbindd + during session setup to a domain controller. This enables + winbindd to operate in a Windows 2000 domain with Restrict + Anonymous turned on (a.k.a. Permissions compatiable with + Windows 2000 servers only). diff --git a/docs/docbook/manpages/winbindd.8.sgml b/docs/docbook/manpages/winbindd.8.sgml index bd1dafa07e8..0325f9bfe14 100644 --- a/docs/docbook/manpages/winbindd.8.sgml +++ b/docs/docbook/manpages/winbindd.8.sgml @@ -56,6 +56,15 @@ the winbindd service: + + hosts + User information traditionally stored in + the hosts(5) file and used by + gethostbyname(3) functions. Names are + resolved through the WINS server or by broadcast. + + + passwd User information traditionally stored in @@ -81,6 +90,12 @@ passwd: files winbind group: files winbind + + The following simple configuration in the + /etc/nsswitch.conf file can be used to initially + resolve hostnames from /etc/hosts and then from the + WINS server. + diff --git a/docs/docbook/projdoc/Integrating-with-Windows.sgml b/docs/docbook/projdoc/Integrating-with-Windows.sgml index 0b6abaf80f6..701e48678c3 100644 --- a/docs/docbook/projdoc/Integrating-with-Windows.sgml +++ b/docs/docbook/projdoc/Integrating-with-Windows.sgml @@ -132,7 +132,7 @@ by the TCP/IP configuration control files. The file When the IP address of the destination interface has been -determined a protocol called ARP/RARP isused to identify +determined a protocol called ARP/RARP is used to identify the MAC address of the target interface. ARP stands for Address Resolution Protocol, and is a broadcast oriented method that uses UDP (User Datagram Protocol) to send a request to all @@ -335,7 +335,7 @@ architecture of the MS Windows network. The term "workgroup" indicates that the primary nature of the network environment is that of a peer-to-peer design. In a WORKGROUP all machines are responsible for their own security, and generally such security is limited to use of -just a password (known as SHARE MORE security). In most situations +just a password (known as SHARE MODE security). In most situations with peer-to-peer networking the users who control their own machines will simply opt to have no security at all. It is possible to have USER MODE security in a WORKGROUP environment, thus requiring use @@ -366,8 +366,8 @@ limited to this area. All MS Windows machines employ an in memory buffer in which is -stored the NetBIOS names and their IP addresses for all external -machines that that the local machine has communicated with over the +stored the NetBIOS names and IP addresses for all external +machines that that machine has communicated with over the past 10-15 minutes. It is more efficient to obtain an IP address for a machine from the local cache than it is to go through all the configured name resolution mechanisms. @@ -377,7 +377,7 @@ configured name resolution mechanisms. If a machine whose name is in the local name cache has been shut down before the name had been expired and flushed from the cache, then an attempt to exchange a message with that machine will be subject -to time-out delays. ie: It's name is in the cache, so a name resolution +to time-out delays. i.e.: Its name is in the cache, so a name resolution lookup will succeed, but the machine can not respond. This can be frustrating for users - but it is a characteristic of the protocol. @@ -563,7 +563,7 @@ dependable browsing using Samba As stated above, MS Windows machines register their NetBIOS names -(ie: the machine name for each service type in operation) on start +(i.e.: the machine name for each service type in operation) on start up. Also, as stated above, the exact method by which this name registration takes place is determined by whether or not the MS Windows client/server has been given a WINS server address, whether or not LMHOSTS lookup @@ -594,7 +594,7 @@ Instead, the domain master browser serves the role of contacting each local master browser (found by asking WINS or from LMHOSTS) and exchanging browse list contents. This way every master browser will eventually obtain a complete list of all machines that are on the network. Every 11-15 minutes an election -is held to determine which machine will be the master browser. By nature of +is held to determine which machine will be the master browser. By the nature of the election criteria used, the machine with the highest uptime, or the most senior protocol version, or other criteria, will win the election as domain master browser. @@ -679,8 +679,8 @@ these versions no longer support plain text passwords by default. MS Windows clients have a habit of dropping network mappings that have been idle for 10 minutes or longer. When the user attempts to -use the mapped drive connection that has been dropped the SMB protocol -has a mechanism by which the connection can be re-established using +use the mapped drive connection that has been dropped, the client +re-establishes the connection using a cached copy of the password. @@ -835,7 +835,7 @@ this HOWTO collection. This mode of authentication demands that there be on the -Unix/Linux system both a Unix style account as well as and +Unix/Linux system both a Unix style account as well as an smbpasswd entry for the user. The Unix system account can be locked if required as only the encrypted password will be used for SMB client authentication. diff --git a/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml b/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml index 21d2c55ec7a..c6c04ccab83 100644 --- a/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml +++ b/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml @@ -13,8 +13,8 @@
olem@IDEALX.org
- - + + (13 Jan 2002) @@ -98,7 +98,7 @@ Identified (RID). As a result of these defeciencies, a more robust means of storing user attributes used by smbd was developed. The API which defines access to user accounts is commonly referred to as the samdb interface (previously this was called the passdb -API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support +API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support for a samdb backend (e.g. --with-ldapsam or --with-tdbsam) requires compile time support. @@ -515,7 +515,6 @@ something other than the default (e.g. \\MOBY\becky). - Example LDIF Entries for a sambaAccount diff --git a/docs/docbook/projdoc/UNIX_INSTALL.sgml b/docs/docbook/projdoc/UNIX_INSTALL.sgml index 90d48435770..aab193c4519 100644 --- a/docs/docbook/projdoc/UNIX_INSTALL.sgml +++ b/docs/docbook/projdoc/UNIX_INSTALL.sgml @@ -231,7 +231,7 @@ $ smbclient -L yourhostname - Your should get back a list of shares available on + You should get back a list of shares available on your server. If you don't then something is incorrectly setup. Note that this method can also be used to see what shares are available on other LanManager clients (such as WfWg). @@ -316,8 +316,8 @@ By default Samba uses a blank scope ID. This means all your windows boxes must also have a blank scope ID. If you really want to use a non-blank scope ID then you will - need to use the -i <scope> option to nmbd, smbd, and - smbclient. All your PCs will need to have the same setting for + need to use the 'netbios scope' smb.conf option. + All your PCs will need to have the same setting for this to work. I do not recommend scope IDs. @@ -421,12 +421,6 @@ its open. A client may ask for DENY_NONE, DENY_READ, DENY_WRITE or DENY_ALL. There are also special compatibility modes called DENY_FCB and DENY_DOS. - - You can disable share modes using "share modes = no". - This may be useful on a heavily loaded server as the share - modes code is very slow. See also the FAST_SHARE_MODES - option in the Makefile for a way to do full share modes - very fast using shared memory (if your OS supports it). @@ -437,15 +431,5 @@ See the smb.conf man page for details. - - Other Character Sets - - If you have problems using filenames with accented - characters in them (like the German, French or Scandinavian - character sets) then I recommend you look at the "valid chars" - option in smb.conf and also take a look at the validchars - package in the examples directory. - - diff --git a/docs/docbook/projdoc/winbind.sgml b/docs/docbook/projdoc/winbind.sgml index fc8d8d52a12..62e065914b4 100644 --- a/docs/docbook/projdoc/winbind.sgml +++ b/docs/docbook/projdoc/winbind.sgml @@ -324,6 +324,14 @@ to control access and authenticate users on your Linux box using the winbind services which come with SAMBA 2.2.2. + +There is also some Solaris specific information in +docs/textdocs/Solaris-Winbind-HOWTO.txt. +Future revisions of this document will incorporate that +information. + + + Introduction diff --git a/docs/faq/Samba-Server-FAQ.sgml b/docs/faq/Samba-Server-FAQ.sgml index da6b50f99e2..eddad19e253 100644 --- a/docs/faq/Samba-Server-FAQ.sgml +++ b/docs/faq/Samba-Server-FAQ.sgml @@ -296,7 +296,7 @@ to somewhere on your network to see if TCP/IP is functioning OK. If it is, the problem is most likely name resolution. If your client has a facility to do so, hardcode a mapping between the -hosts IP and the name you want to use. For example, with Man Manager +hosts IP and the name you want to use. For example, with Lan Manager or Windows for Workgroups you would put a suitable entry in the file LMHOSTS. If this works, the problem is in the communication between your client and the netbios name server. If it does not work, then @@ -319,7 +319,7 @@ the name you gave. The first step is to check the exact name of the service you are trying to connect to (consult your system administrator). Assuming it -exists and you specified it correctly (read your client's doco on how +exists and you specified it correctly (read your client's docs on how to specify a service name correctly), read on: diff --git a/docs/faq/sambafaq.sgml b/docs/faq/sambafaq.sgml index 333ac55f673..17ed7059fd2 100644 --- a/docs/faq/sambafaq.sgml +++ b/docs/faq/sambafaq.sgml @@ -371,7 +371,7 @@ to somewhere on your network to see if TCP/IP is functioning OK. If it is, the problem is most likely name resolution. If your client has a facility to do so, hardcode a mapping between the -hosts IP and the name you want to use. For example, with Man Manager +hosts IP and the name you want to use. For example, with Lan Manager or Windows for Workgroups you would put a suitable entry in the file LMHOSTS. If this works, the problem is in the communication between your client and the netbios name server. If it does not work, then @@ -394,7 +394,7 @@ the name you gave. The first step is to check the exact name of the service you are trying to connect to (consult your system administrator). Assuming it -exists and you specified it correctly (read your client's doco on how +exists and you specified it correctly (read your client's docs on how to specify a service name correctly), read on: diff --git a/docs/htmldocs/Samba-HOWTO-Collection.html b/docs/htmldocs/Samba-HOWTO-Collection.html index 5b44d17968d..5175bd4c8dd 100644 --- a/docs/htmldocs/Samba-HOWTO-Collection.html +++ b/docs/htmldocs/Samba-HOWTO-Collection.html @@ -878,29 +878,29 @@ HREF="#AEN2015" >
11.5.1. Introduction
11.5.2. Requirements
11.5.3. Testing Things Out
11.5.3.1. Configure and compile SAMBA
11.5.3.2. Configure nsswitch.conf
11.5.3.3. Configure smb.conf
11.5.3.4. Join the SAMBA server to the PDC domain
11.5.3.5. Start up the winbindd daemon and test it!
11.5.3.6. Fix the /etc/rc.d/init.d/smb
11.5.3.7. Configure Winbind and PAM
11.6. Limitations
11.7. Conclusion
12.1. FAQs
12.1.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?
12.1.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?
12.1.3. Are there any other issues when OS/2 (any version) is used as a client?
12.1.4. How do I get printer driver download working for OS/2 clients?
13.1. Introduction
13.2. CVS Access to samba.org
13.2.1. Access via CVSweb
13.2.2. Access via cvs
Index
As a result of these defeciencies, a more robust means of storing user attributes used by smbd was developed. The API which defines access to user accounts is commonly referred to as the samdb interface (previously this was called the passdb -API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support +API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support for a samdb backend (e.g. This HOWTO describes how to get winbind services up and running to control access and authenticate users on your Linux box using the winbind services which come with SAMBA 2.2.2.

There is also some Solaris specific information in +docs/textdocs/Solaris-Winbind-HOWTO.txt. +Future revisions of this document will incorporate that +information.

11.5.1. Introduction

11.5.2. Requirements

11.5.3. Testing Things Out

11.5.3.1. Configure and compile SAMBA

11.5.3.2. Configure nsswitch.conf

11.5.3.3. Configure smb.conf

11.5.3.4. Join the SAMBA server to the PDC domain

11.5.3.5. Start up the winbindd daemon and test it!

11.5.3.6. Fix the /etc/rc.d/init.d/smb

11.5.3.7. Configure Winbind and PAM

11.6. Limitations

11.7. Conclusion

12.1. FAQs

12.1.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?

12.1.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?

12.1.3. Are there any other issues when OS/2 (any version) is used as a client?

12.1.4. How do I get printer driver download working for OS/2 clients?

13.1. Introduction

13.2. CVS Access to samba.org

13.2.1. Access via CVSweb

13.2.2. Access via cvs

Index

nmbd server.

The default log directory is compiled into Samba +> server. The default log directory is compiled into Samba as part of the build process. Common defaults are /usr/local/samba/var/log.nmb/var/log/log.nmb.

. Beware: + If the directory specified does not exist, nmbd + will log to the default debug log location defined at compile time. +

-n <primary NetBIOS name>

UDP port number is a positive integer value. - This option changes the default UDP port number (normally 137) + This option changes the default UDP port number (normally 137) that nmbd responds to name queries on. Don't - use this option unless you are an expert, in which case you +> responds to name queries on. Don't + use this option unless you are an expert, in which case you won't need help!

-s <configuration file>

The default configuration file name +>The default configuration file name is set at build time, typically as /usr/local/samba/lib/smb.conf, but this may be changed when Samba is autoconfigured.

The file specified contains the configuration details +>The file specified contains the configuration details required by the server. See - smb.conf(5)

FILES

If the server is to be run by the +>If the server is to be run by the inetd meta-daemon, this file - must contain suitable startup information for the +> meta-daemon, this file + must contain suitable startup information for the meta-daemon. See the

or whatever initialization script your +>or whatever initialization script your system uses).

If running the server as a daemon at startup, - this file will need to contain an appropriate startup +>If running the server as a daemon at startup, + this file will need to contain an appropriate startup sequence for the server. See the

If running the server via the +>If running the server via the meta-daemon inetd, this file - must contain a mapping of service name (e.g., netbios-ssn) - to service port (e.g., 139) and protocol type (e.g., tcp). +>, this file + must contain a mapping of service name (e.g., netbios-ssn) + to service port (e.g., 139) and protocol type (e.g., tcp). See the

This is the default location of the +>This is the default location of the smb.conf - server configuration file. Other common places that systems + server configuration file. Other common places that systems install this file are /usr/samba/lib/smb.conf +> and /etc/smb.conf.

When run as a WINS server (see the +>When run as a WINS server (see the wins.dat +> in the var/locks directory configured under +> directory configured under wherever Samba was configured to install itself.

If

SIGNALS

To shut down an nmbd process it is recommended +> process it is recommended that SIGKILL (-9) NOT be used, except as a last - resort, as this may leave the name database in an inconsistent state. +> be used, except as a last + resort, as this may leave the name database in an inconsistent state. The correct way to terminate nmbd is to send it +> is to send it a SIGTERM (-15) signal and wait for it to die on its own.

nmbd will accept SIGHUP, which will cause +> will accept SIGHUP, which will cause it to dump out its namelists into the file namelist.debug @@ -562,12 +567,12 @@ CLASS="FILENAME" > in the /usr/local/samba/var/locks +> directory (or the var/locks directory configured - under wherever Samba was configured to install itself). This will also +> directory configured + under wherever Samba was configured to install itself). This will also cause nmbd

VERSION

SEE ALSO

AUTHOR

pdbedit [-l] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-d drive] [-s script] [-p profile] [-a] [-m] [-x] [-i file]

[-l] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-d drive] [-s script] [-p profile] [-a] [-m] [-x] [-i passdb-backend] [-e passdb-backend] [-D debuglevel]

DESCRIPTION

OPTIONS

-i file
-i passdb-backend

This command is used to import a smbpasswd - file into the database.

Use a different passdb backend to retrieve users than the one specified in smb.conf.

This option will ease migration from the plain smbpasswd - file database to more powerful backend databases like tdb and - ldap.

This option will ease migration from one passdb backend to another. +

Example: pdbedit -i /etc/smbpasswd.oldpdbedit -i smbpasswd:/etc/smbpasswd.old -e tdbsam:/etc/samba/passwd.tdb

-e passdb-backend

Export all currently available users to the specified password database backend.

This option will ease migration from one passdb backend to another and will ease backupping

Example: pdbedit -e smbpasswd:/root/samba-users.backup

NOTES

VERSION

SEE ALSO

AUTHOR

Section and parameter names are not case sensitive.

Only the first equals sign in a parameter is significant. - Whitespace before or after the first equals sign is discarded. + Whitespace before or after the first equals sign is discarded. Leading, trailing and internal whitespace in section and parameter names is irrelevant. Leading and trailing whitespace in a parameter value is discarded. Internal whitespace within a parameter value @@ -140,7 +140,7 @@ NAME="AEN28" >

Sections may be designated guest services, +> services, in which case no password is required to access them. A specified UNIX guest account%d

The process id of the current server +>The process id of the current server process.

short preserve case = yes/no

controls if new files which conform to 8.3 syntax, +>controls if new files which conform to 8.3 syntax, that is all in upper case and of suitable length, are created upper case, or if they are forced to be the "default" case. This option can be use with "preserve case = yes" @@ -785,8 +785,9 @@ NAME="AEN236" steps fail, then the connection request is rejected. However, if one of the steps succeeds, then the following steps are not checked.

If the service is marked "guest only = yes" then - steps 1 to 5 are skipped.

If the service is marked "guest only = yes" and the + server is running with share-level security ("security = share") + then steps 1 to 5 are skipped.

  1. algorithmic rid base

  3. lock spin count

  4. lock spin time

  5. pid directory

  7. nt status support

  8. COMPLETE LIST OF SERVICE PARAMETERS

  9. csc policy

  11. inherit acls

  13. share modes

  14. EXPLANATION OF EACH PARAMETER

algorithmic rid base (G)

This determines how Samba will use its + algorithmic mapping from uids/gid to the RIDs needed to construct + NT Security Identifiers.

Setting this option to a larger value could be useful to sites + transitioning from WinNT and Win2k, as existing user and + group rids would otherwise clash with sytem users etc. +

All UIDs and GIDs must be able to be resolved into SIDs for + the correct operation of ACLs on the server. As such the algorithmic + mapping can't be 'turned off', but pushing it 'out of the way' should + resolve the issues. Users and groups can then be assigned 'low' RIDs + in arbitary-rid supporting backends.

Default: algorithmic rid base = 1000

Example: algorithmic rid base = 100000

allow trusted domains (G)
csc policy (S)

This stands for client-side caching + policy, and specifies how clients capable of offline + caching will cache the files in the share. The valid values + are: manual, documents, programs, disable.

These values correspond to those used on Windows + servers.

For example, shares containing roaming profiles can have + offline caching disabled using csc policy = disable + .

Default: csc policy = manual

Example: csc policy = programs

deadtime (G)
inherit acls (S)

This parameter can be used to ensure + that if default acls exist on parent directories, + they are always honored when creating a subdirectory. + The default behavior is to use the mode specified + when creating the directory. Enabling this option + sets the mode to 0777, thus guaranteeing that + default directory acls are propagated. +

Default: inherit acls = no +

inherit permissions (S)
lock spin count (G)

This parameter controls the number of times + that smbd should attempt to gain a byte range lock on the + behalf of a client request. Experiments have shown that + Windows 2k servers do not reply with a failure if the lock + could not be immediately granted, but try a few more times + in case the lock could later be aquired. This behavior + is used to support PC database formats such as MS Access + and FoxPro. +

Default: lock spin count = 2 +

lock spin time (G)

The time in microseconds that smbd should + pause before attempting to gain a failed lock. See + lock spin + count for more details. +

Default: lock spin time = 10 +

locking (S)

Currently eight styles of printer status information - are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX and SOFTQ. +>Currently nine styles of printer status information + are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX, CUPS, and SOFTQ. This covers most UNIX systems. You control which type is expected using the $PATH may not be available to the server.

may not be available to the server. When compiled with + the CUPS libraries, no lpq command is + needed because smbd will make a library call to obtain the + print queue listing.

See also the

nt status support (G)

This boolean parameter controls whether smbd(8) will negotiate NT specific status + support with Windows NT/2k/XP clients. This is a developer + debugging option and should be left alone. + If this option is set to no then Samba offers + exactly the same DOS error codes that versions prior to Samba 2.2.3 + reported.

You should not need to ever disable this parameter.

Default: nt status support = yes

null passwords (G)
passdb backend (G)

This option allows the administrator to chose what - backend in which to store passwords. This allows (for example) both - smbpasswd and tdbsam to be used without a recompile. Only one can - be used at a time however, and experimental backends must still be selected +>This option allows the administrator to chose which backends to retrieve and store passwords with. This allows (for example) both + smbpasswd and tdbsam to be used without a recompile. + Multiple backends can be specified, seperated by spaces. The backends will be searched in the order they are specified. New users are always added to the first backend specified. + Experimental backends must still be selected (eg --with-tdbsam) at configure time.

Example: passdb backend = tdbsam:/etc/samba/private/passdb.tdbpassdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd

Example:

Example: passdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_argspassdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb

pid directory (G)

This option specifies the directory where pid + files will be placed.

Default: pid directory = ${prefix}/var/locks

Example: pid directory = /var/run/ +

posix locking (S)

The print command is simply a text string. It will be used - verbatim, with two exceptions: All occurrences of %s - and %f will be replaced by the - appropriate spool file name, and all occurrences of %p - will be replaced by the appropriate printer name. The - spool file name is generated automatically by the server. The - %J macro can be used to access the job + verbatim after macro substitutions have been made:

s, %p - the path to the spool + file name

%p - the appropriate printer + name

%J - the job name as transmitted by the client.

%c - The number of printed pages + of the spooled job (if known).

%z - the size of the spooled + print job (in bytes)

The print command MUST contain at least @@ -13923,6 +14204,25 @@ CLASS="COMMAND" >print command = lp -d%p -s %s; rm %s

For printing = CUPS : If SAMBA is compiled against + libcups, then printcap = cups + uses the CUPS API to + submit jobs, etc. Otherwise it maps to the System V + commands with the -oraw option for printing, i.e. it + uses lp -c -d%p -oraw; rm %s. + With printing = cups, + and if SAMBA is compiled against libcups, any manually + set print command will be ignored.

Example: print command = /usr/local/samba/bin/myprintscript @@ -14013,6 +14313,23 @@ HREF="#AEN79" > section above for reasons why you might want to do this.

To use the CUPS printing interface set printcap name = cups + . This should be supplemented by an addtional setting + printing = cups in the [global] + section. printcap name = cups will use the + "dummy" printcap created by CUPS, as specified in your CUPS + configuration file. +

On System V systems that use lpstat

share modes (S)

This enables or disables the honoring of + the share modes during a file open. These + modes are used by clients to gain exclusive read or write access + to a file.

These open modes are not directly supported by UNIX, so + they are simulated using shared memory, or lock files if your + UNIX doesn't support shared memory (almost all do).

The share modes that are enabled by this option are + DENY_DOS, DENY_ALL, + DENY_READ, DENY_WRITE, + DENY_NONE and DENY_FCB. +

This option gives full share compatibility and enabled + by default.

You should NEVER turn this parameter + off as many Windows applications will break if you do so.

Default: share modes = yes

short preserve case (S)
winbind cache timewinbind cache time (G)

This parameter specifies the number of seconds the @@ -18279,8 +18654,7 @@ CLASS="COMMAND" >winbind enum - userswinbind enum users (G)

On large installations using @@ -18331,8 +18705,7 @@ CLASS="COMMAND" >winbind enum - groupswinbind enum groups (G)

On large installations using @@ -18382,7 +18755,7 @@ CLASS="COMMAND" >winbind gidwinbind gid (G)

The winbind gid parameter specifies the range of group @@ -18409,7 +18782,7 @@ CLASS="COMMAND" >winbind separatorwinbind separator (G)

This parameter allows an admin to define the character @@ -18439,21 +18812,21 @@ CLASS="FILENAME" with group membership at least on glibc systems, as the character + is used as a special character for NIS in /etc/group.

Example: Default: winbind separator = \\winbind separator = '\'

Example: winbind separator = /winbind separator = +

winbind uid
winbind uid (G)

The winbind gid parameter specifies the range of group @@ -18873,7 +19246,7 @@ CLASS="COMMAND" >

WARNINGS

VERSION

SEE ALSO

AUTHOR

-W WORKGROUP

Override the default workgroup specified in the - workgroup parameter of the Override the default workgroup (domain) specified + in the workgroup parameter of the smb.conf file - for this connection. This may be needed to connect to some +> + file for this connection. This may be needed to connect to some servers.

altname file

The client will request that the server return + the "alternate" name (the 8.3 name) for a file or directory. +

cancel jobid0 [jobid1] ... [jobidN]

The client will request that the server cancel + the printjobs identified by the given numeric print job ids. +

chmod file mode in octal

This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + change the UNIX permissions to the given octal mode, in standard UNIX format. +

chown file uid gid

This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + change the UNIX user and group ownership to the given decimal values. Note there is + currently no way to remotely look up the UNIX uid and gid values for a given name. + This may be addressed in future versions of the CIFS UNIX extensions. +

cd [directory name]

link source destination

This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + create a hard link between the source and destination files. The source file + must not exist. +

lowercase

setmode <filename> <perm=[+|\-]rsha>

A version of the DOS attrib command to set + file permissions. For example:

setmode myfile +r

would make myfile read only.

symlink source destination

This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + create a symbolic hard link between the source and destination files. The source file + must not exist. Note that the server will not create a link to any path that lies + outside the currently connected share. This is enforced by the Samba server. +

tar <c|x>[IXbgNa]

setmode <filename> <perm=[+|\-]rsha>

A version of the DOS attrib command to set - file permissions. For example:

setmode myfile +r

would make myfile read only.

NOTES

ENVIRONMENT VARIABLES

INSTALLATION

DIAGNOSTICS

VERSION

AUTHOR

Name

smbcontrol -- send messages to smbd or nmbd processes
smbcontrol -- send messages to smbd, nmbd or winbindd processes
smbd(8) or +>, an nmbd(8) daemon running on the - system.

+ or a winbindd(8) + daemon running on the system.

OPTIONS

smbd

The message-type sends a "request profile level" message. The current profile level setting is returned by a "profilelevel" message. This can be sent - to any of the destinations.

The smbd.

The close-share message-type sends a - message to smbd which forces smbd to close the share that was - specified as an argument. This may be useful if you made changes - to the access controls on the share.

parameters

VERSION

SEE ALSO

AUTHOR

smb.conf(5) file. +> file. Beware: + If the directory specified does not exist, smbd + will log to the default debug log location defined at compile time.

The default log directory is specified at @@ -354,7 +361,7 @@ CLASS="FILENAME" >

FILES

LIMITATIONS

ENVIRONMENT VARIABLES

PAM INTERACTION

VERSION

DIAGNOSTICS

SIGNALS

SEE ALSO

AUTHOR

smbumountsmbmount {service} {mount-point} [-o options]

smbsh

[-W workgroup] [-U username] [-P prefix] [-R <name resolve order>] [-d <debug level>] [-l logfile] [-L libdir]

DESCRIPTION

smbsh to work correctly.

OPTIONS

-W WORKGROUP

Override the default workgroup specified in the + workgroup parameter of the smb.conf file + for this session. This may be needed to connect to some + servers.

-U username[%pass]

Sets the SMB username or username and password. + If this option is not specified, the user will be prompted for + both the username and the password. If %pass is not specified, + the user will be prompted for the password. +

-P prefix

This option allows + the user to set the directory prefix for SMB access. The + default value if this option is not specified is + smb. +

-R <name resolve order>

This option is used to determine what naming + services and in what order to resolve + host names to IP addresses. The option takes a space-separated + string of different name resolution options.

The options are :"lmhosts", "host", "wins" and "bcast". + They cause names to be resolved as follows :

  • lmhosts : + Lookup an IP address in the Samba lmhosts file. If the + line in lmhosts has no name type attached to the + NetBIOS name + (see the lmhosts(5) + for details) then any name type matches for lookup. +

  • host : + Do a standard host name to IP address resolution, using + the system /etc/hosts, NIS, or DNS + lookups. This method of name resolution is operating + system dependent, for instance on IRIX or Solaris this + may be controlled by the /etc/nsswitch.conf + file). Note that this method is only used + if the NetBIOS name type being queried is the 0x20 + (server) name type, otherwise it is ignored. +

  • wins : + Query a name with the IP address listed in the + wins server parameter. If no + WINS server has been specified this method will be + ignored. +

  • bcast : + Do a broadcast on each of the known local interfaces + listed in the interfaces + parameter. This is the least reliable of the name + resolution methods as it depends on the target host + being on a locally connected subnet. +

If this parameter is not set then the name resolve order + defined in the smb.conf file parameter + (name resolve order) will be used.

The default order is lmhosts, host, wins, bcast. Without + this parameter or any entry in the name resolve order + parameter of the smb.conf + file, the name resolution methods will be attempted in this + order.

-d <debug level>

debug level is an integer from 0 to 10.

The default value if this parameter is not specified + is zero.

The higher this value, the more detail will be logged + about the activities of nmblookup. At level + 0, only critical errors and serious warnings will be logged. +

-l logfilename

If specified causes all debug messages to be + written to the file specified by logfilename + . If not specified then all messages will be + written tostderr. +

-L libdir

This parameter specifies the location of the + shared libraries used by smbsh. The default + value is specified at compile time. +

EXAMPLES

To use the

VERSION

BUGS

SEE ALSO

AUTHOR

wbinfo [-u] [-g] [-n name] [-s sid] [-U uid] [-G gid] [-S sid] [-Y sid] [-t] [-m] [-a user%password] [-p]

[-u] [-g] [-h name] [-i ip] [-n name] [-s sid] [-U uid] [-G gid] [-S sid] [-Y sid] [-t] [-m] [-r user] [-a user%password] [-A user%password]

DESCRIPTION

OPTIONS

.

-h name

The -h option + queries winbindd(8) to query the WINS + server for the IP address associated with the NetBIOS name + specified by the name parameter. +

-i ip

The -i option + queries winbindd(8) to send a node status + request to get the NetBIOS name associated with the IP address + specified by the ip parameter. +

-n name

-r username

Try to obtain the list of UNIX group ids + to which the user belongs. This only works for users + defined on a Domain Controller. +

-a username%password

-p
-A username%password

Attempt a simple 'ping' check that the winbindd - is indeed alive. +>Store username and password used by winbindd + during session setup to a domain controller. This enables + winbindd to operate in a Windows 2000 domain with Restrict + Anonymous turned on (a.k.a. Permissions compatiable with + Windows 2000 servers only).

EXIT STATUS

VERSION

SEE ALSO

AUTHOR

hosts

User information traditionally stored in + the hosts(5) file and used by + gethostbyname(3) functions. Names are + resolved through the WINS server or by broadcast. +

passwd

The following simple configuration in the + /etc/nsswitch.conf file can be used to initially + resolve hostnames from /etc/hosts and then from the + WINS server.

OPTIONS

NAME AND ID RESOLUTION

CONFIGURATION

EXAMPLE SETUP

NOTES

SIGNALS

FILES

VERSION

SEE ALSO

AUTHOR

.\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "NMBD" "8" "28 January 2002" "" "" +.TH "NMBD" "8" "08 May 2002" "" "" .SH NAME nmbd \- NetBIOS name server to provide NetBIOS over IP naming services to clients .SH SYNOPSIS @@ -126,11 +126,11 @@ parameter in the \fI smb.conf\fRfile. The -l parameter specifies a directory into which the "log.nmbd" log file will be created for operational data from the running -\fBnmbd\fR server. - -The default log directory is compiled into Samba +\fBnmbd\fR server. The default log directory is compiled into Samba as part of the build process. Common defaults are \fI /usr/local/samba/var/log.nmb\fR, \fI /usr/samba/var/log.nmb\fR or -\fI/var/log/log.nmb\fR. +\fI/var/log/log.nmb\fR. \fBBeware:\fR +If the directory specified does not exist, \fBnmbd\fR +will log to the default debug log location defined at compile time. .TP \fB-n \fR This option allows you to override @@ -142,58 +142,57 @@ line setting will take precedence over settings in .TP \fB-p \fR UDP port number is a positive integer value. -This option changes the default UDP port number (normally 137) -that \fBnmbd\fR responds to name queries on. Don't -use this option unless you are an expert, in which case you +This option changes the default UDP port number (normally 137) +that \fBnmbd\fR responds to name queries on. Don't +use this option unless you are an expert, in which case you won't need help! .TP \fB-s \fR -The default configuration file name +The default configuration file name is set at build time, typically as \fI /usr/local/samba/lib/smb.conf\fR, but this may be changed when Samba is autoconfigured. -The file specified contains the configuration details -required by the server. See -\fIsmb.conf(5)\fRfor more information. +The file specified contains the configuration details +required by the server. See \fIsmb.conf(5)\fRfor more information. .SH "FILES" .TP \fB\fI/etc/inetd.conf\fB\fR -If the server is to be run by the -\fBinetd\fR meta-daemon, this file -must contain suitable startup information for the +If the server is to be run by the +\fBinetd\fR meta-daemon, this file +must contain suitable startup information for the meta-daemon. See the UNIX_INSTALL.htmldocument for details. .TP \fB\fI/etc/rc\fB\fR -or whatever initialization script your +or whatever initialization script your system uses). -If running the server as a daemon at startup, -this file will need to contain an appropriate startup +If running the server as a daemon at startup, +this file will need to contain an appropriate startup sequence for the server. See the UNIX_INSTALL.htmldocument for details. .TP \fB\fI/etc/services\fB\fR -If running the server via the -meta-daemon \fBinetd\fR, this file -must contain a mapping of service name (e.g., netbios-ssn) -to service port (e.g., 139) and protocol type (e.g., tcp). +If running the server via the +meta-daemon \fBinetd\fR, this file +must contain a mapping of service name (e.g., netbios-ssn) +to service port (e.g., 139) and protocol type (e.g., tcp). See the UNIX_INSTALL.html document for details. .TP \fB\fI/usr/local/samba/lib/smb.conf\fB\fR -This is the default location of the +This is the default location of the \fIsmb.conf\fR -server configuration file. Other common places that systems -install this file are \fI/usr/samba/lib/smb.conf\fR +server configuration file. Other common places that systems +install this file are \fI/usr/samba/lib/smb.conf\fR and \fI/etc/smb.conf\fR. -When run as a WINS server (see the +When run as a WINS server (see the wins support parameter in the \fIsmb.conf(5)\fR man page), \fBnmbd\fR -will store the WINS database in the file \fIwins.dat\fR -in the \fIvar/locks\fR directory configured under +will store the WINS database in the file \fIwins.dat\fR +in the \fIvar/locks\fR directory configured under wherever Samba was configured to install itself. If \fBnmbd\fR is acting as a \fB browse master\fR (see the local master @@ -204,17 +203,17 @@ will store the browsing database in the file \fIbrowse.dat configured under wherever Samba was configured to install itself. .SH "SIGNALS" .PP -To shut down an \fBnmbd\fR process it is recommended -that SIGKILL (-9) \fBNOT\fR be used, except as a last -resort, as this may leave the name database in an inconsistent state. -The correct way to terminate \fBnmbd\fR is to send it +To shut down an \fBnmbd\fR process it is recommended +that SIGKILL (-9) \fBNOT\fR be used, except as a last +resort, as this may leave the name database in an inconsistent state. +The correct way to terminate \fBnmbd\fR is to send it a SIGTERM (-15) signal and wait for it to die on its own. .PP -\fBnmbd\fR will accept SIGHUP, which will cause +\fBnmbd\fR will accept SIGHUP, which will cause it to dump out its namelists into the file \fInamelist.debug -\fRin the \fI/usr/local/samba/var/locks\fR -directory (or the \fIvar/locks\fR directory configured -under wherever Samba was configured to install itself). This will also +\fRin the \fI/usr/local/samba/var/locks\fR +directory (or the \fIvar/locks\fR directory configured +under wherever Samba was configured to install itself). This will also cause \fBnmbd\fR to dump out its server database in the \fIlog.nmb\fR file. .PP diff --git a/docs/manpages/pdbedit.8 b/docs/manpages/pdbedit.8 index 7a8661c30bd..e2f5531d5d4 100644 --- a/docs/manpages/pdbedit.8 +++ b/docs/manpages/pdbedit.8 @@ -3,12 +3,12 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "PDBEDIT" "8" "28 January 2002" "" "" +.TH "PDBEDIT" "8" "24 April 2002" "" "" .SH NAME pdbedit \- manage the SAM database .SH SYNOPSIS .sp -\fBpdbedit\fR [ \fB-l\fR ] [ \fB-v\fR ] [ \fB-w\fR ] [ \fB-u username\fR ] [ \fB-f fullname\fR ] [ \fB-h homedir\fR ] [ \fB-d drive\fR ] [ \fB-s script\fR ] [ \fB-p profile\fR ] [ \fB-a\fR ] [ \fB-m\fR ] [ \fB-x\fR ] [ \fB-i file\fR ] +\fBpdbedit\fR [ \fB-l\fR ] [ \fB-v\fR ] [ \fB-w\fR ] [ \fB-u username\fR ] [ \fB-f fullname\fR ] [ \fB-h homedir\fR ] [ \fB-d drive\fR ] [ \fB-s script\fR ] [ \fB-p profile\fR ] [ \fB-a\fR ] [ \fB-m\fR ] [ \fB-x\fR ] [ \fB-i passdb-backend\fR ] [ \fB-e passdb-backend\fR ] [ \fB-D debuglevel\fR ] .SH "DESCRIPTION" .PP This tool is part of the Sambasuite. @@ -160,15 +160,19 @@ from the database. It need the username be specified with the Example: \fBpdbedit -x -u bob\fR .TP -\fB-i file\fR -This command is used to import a smbpasswd -file into the database. +\fB-i passdb-backend\fR +Use a different passdb backend to retrieve users than the one specified in smb.conf. -This option will ease migration from the plain smbpasswd -file database to more powerful backend databases like tdb and -ldap. +This option will ease migration from one passdb backend to another. -Example: \fBpdbedit -i /etc/smbpasswd.old\fR +Example: \fBpdbedit -i smbpasswd:/etc/smbpasswd.old -e tdbsam:/etc/samba/passwd.tdb\fR +.TP +\fB-e passdb-backend\fR +Export all currently available users to the specified password database backend. + +This option will ease migration from one passdb backend to another and will ease backupping + +Example: \fBpdbedit -e smbpasswd:/root/samba-users.backup\fR .SH "NOTES" .PP This command may be used only by root. diff --git a/docs/manpages/smb.conf.5 b/docs/manpages/smb.conf.5 index d19f9ef6f9e..692530334be 100644 --- a/docs/manpages/smb.conf.5 +++ b/docs/manpages/smb.conf.5 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMB.CONF" "5" "16 April 2002" "" "" +.TH "SMB.CONF" "5" "08 May 2002" "" "" .SH NAME smb.conf \- The configuration file for the Samba suite .SH "SYNOPSIS" @@ -30,7 +30,7 @@ line represents either a comment, a section name or a parameter. Section and parameter names are not case sensitive. .PP Only the first equals sign in a parameter is significant. -Whitespace before or after the first equals sign is discarded. +Whitespace before or after the first equals sign is discarded. Leading, trailing and internal whitespace in section and parameter names is irrelevant. Leading and trailing whitespace in a parameter value is discarded. Internal whitespace within a parameter value @@ -70,7 +70,7 @@ client as an extension of their native file systems) or printable services (used by the client to access print services on the host running the server). .PP -Sections may be designated \fBguest\fR services, +Sections may be designated \fBguest\fR services, in which case no password is required to access them. A specified UNIX \fBguest account\fR is used to define access privileges in this case. @@ -384,7 +384,7 @@ protocol negotiation. It can be one of CORE, COREPLUS, LANMAN1, LANMAN2 or NT1. .TP \fB%d\fR -The process id of the current server +The process id of the current server process. .TP \fB%a\fR @@ -445,7 +445,7 @@ case that the client passes, or if they are forced to be the "default" case. Default \fByes\fR. .TP \fBshort preserve case = yes/no\fR -controls if new files which conform to 8.3 syntax, +controls if new files which conform to 8.3 syntax, that is all in upper case and of suitable length, are created upper case, or if they are forced to be the "default" case. This option can be use with "preserve case = yes" @@ -463,8 +463,9 @@ if it will allow a connection to a specified service. If all the steps fail, then the connection request is rejected. However, if one of the steps succeeds, then the following steps are not checked. .PP -If the service is marked "guest only = yes" then -steps 1 to 5 are skipped. +If the service is marked "guest only = yes" and the +server is running with share-level security ("security = share") +then steps 1 to 5 are skipped. .IP 1. If the client has passed a username/password pair and that username/password pair is validated by the UNIX @@ -521,6 +522,9 @@ each parameter for details. Note that some are synonyms. \fIadd machine script\fR .TP 0.2i \(bu +\fIalgorithmic rid base\fR +.TP 0.2i +\(bu \fIallow trusted domains\fR .TP 0.2i \(bu @@ -683,6 +687,15 @@ each parameter for details. Note that some are synonyms. \fIlock directory\fR .TP 0.2i \(bu +\fIlock spin count\fR +.TP 0.2i +\(bu +\fIlock spin time\fR +.TP 0.2i +\(bu +\fIpid directory\fR +.TP 0.2i +\(bu \fIlog file\fR .TP 0.2i \(bu @@ -776,6 +789,9 @@ each parameter for details. Note that some are synonyms. \fInt pipe support\fR .TP 0.2i \(bu +\fInt status support\fR +.TP 0.2i +\(bu \fInull passwords\fR .TP 0.2i \(bu @@ -1080,6 +1096,9 @@ each parameter for details. Note that some are synonyms. \fIcreate mode\fR .TP 0.2i \(bu +\fIcsc policy\fR +.TP 0.2i +\(bu \fIdefault case\fR .TP 0.2i \(bu @@ -1179,6 +1198,9 @@ each parameter for details. Note that some are synonyms. \fIinclude\fR .TP 0.2i \(bu +\fIinherit acls\fR +.TP 0.2i +\(bu \fIinherit permissions\fR .TP 0.2i \(bu @@ -1335,6 +1357,9 @@ each parameter for details. Note that some are synonyms. \fIset directory\fR .TP 0.2i \(bu +\fIshare modes\fR +.TP 0.2i +\(bu \fIshort preserve case\fR .TP 0.2i \(bu @@ -1597,6 +1622,25 @@ Example: \fBadmin users = jason\fR \fBallow hosts (S)\fR Synonym for \fIhosts allow\fR. .TP +\fBalgorithmic rid base (G)\fR +This determines how Samba will use its +algorithmic mapping from uids/gid to the RIDs needed to construct +NT Security Identifiers. + +Setting this option to a larger value could be useful to sites +transitioning from WinNT and Win2k, as existing user and +group rids would otherwise clash with sytem users etc. + +All UIDs and GIDs must be able to be resolved into SIDs for +the correct operation of ACLs on the server. As such the algorithmic +mapping can't be 'turned off', but pushing it 'out of the way' should +resolve the issues. Users and groups can then be assigned 'low' RIDs +in arbitary-rid supporting backends. + +Default: \fBalgorithmic rid base = 1000\fR + +Example: \fBalgorithmic rid base = 100000\fR +.TP \fBallow trusted domains (G)\fR This option only takes effect when the \fIsecurity\fR option is set to server or domain. @@ -1913,6 +1957,23 @@ Example: \fBcreate mask = 0775\fR \fBcreate mode (S)\fR This is a synonym for \fI create mask\fR. .TP +\fBcsc policy (S)\fR +This stands for \fBclient-side caching +policy\fR, and specifies how clients capable of offline +caching will cache the files in the share. The valid values +are: manual, documents, programs, disable. + +These values correspond to those used on Windows +servers. + +For example, shares containing roaming profiles can have +offline caching disabled using \fBcsc policy = disable +\fR\&. + +Default: \fBcsc policy = manual\fR + +Example: \fBcsc policy = programs\fR +.TP \fBdeadtime (G)\fR The value of the parameter (a decimal integer) represents the number of minutes of inactivity before a connection @@ -3054,6 +3115,17 @@ Default: \fBno file included\fR Example: \fBinclude = /usr/local/samba/lib/admin_smb.conf \fR.TP +\fBinherit acls (S)\fR +This parameter can be used to ensure +that if default acls exist on parent directories, +they are always honored when creating a subdirectory. +The default behavior is to use the mode specified +when creating the directory. Enabling this option +sets the mode to 0777, thus guaranteeing that +default directory acls are propagated. + +Default: \fBinherit acls = no\fR +.TP \fBinherit permissions (S)\fR The permissions on new files and directories are normally governed by \fI create mask\fR, \fIdirectory mask\fR, \fIforce create mode\fR @@ -3421,6 +3493,26 @@ Default: \fBlock directory = ${prefix}/var/locks\fR Example: \fBlock directory = /var/run/samba/locks\fR .TP +\fBlock spin count (G)\fR +This parameter controls the number of times +that smbd should attempt to gain a byte range lock on the +behalf of a client request. Experiments have shown that +Windows 2k servers do not reply with a failure if the lock +could not be immediately granted, but try a few more times +in case the lock could later be aquired. This behavior +is used to support PC database formats such as MS Access +and FoxPro. + +Default: \fBlock spin count = 2\fR +.TP +\fBlock spin time (G)\fR +The time in microseconds that smbd should +pause before attempting to gain a failed lock. See +\fIlock spin +count\fR for more details. + +Default: \fBlock spin time = 10\fR +.TP \fBlocking (S)\fR This controls whether or not locking will be performed by the server in response to lock requests from the @@ -3664,8 +3756,8 @@ This command should be a program or script which takes a printer name as its only parameter and outputs printer status information. -Currently eight styles of printer status information -are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX and SOFTQ. +Currently nine styles of printer status information +are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX, CUPS, and SOFTQ. This covers most UNIX systems. You control which type is expected using the \fIprinting =\fR option. @@ -3681,7 +3773,10 @@ command. Note that it is good practice to include the absolute path in the \fIlpq command\fR as the \fB$PATH -\fRmay not be available to the server. +\fRmay not be available to the server. When compiled with +the CUPS libraries, no \fIlpq command\fR is +needed because smbd will make a library call to obtain the +print queue listing. See also the \fIprinting \fRparameter. @@ -4469,6 +4564,18 @@ alone. Default: \fBnt pipe support = yes\fR .TP +\fBnt status support (G)\fR +This boolean parameter controls whether smbd(8)will negotiate NT specific status +support with Windows NT/2k/XP clients. This is a developer +debugging option and should be left alone. +If this option is set to no then Samba offers +exactly the same DOS error codes that versions prior to Samba 2.2.3 +reported. + +You should not need to ever disable this parameter. + +Default: \fBnt status support = yes\fR +.TP \fBnull passwords (G)\fR Allow or disallow client access to accounts that have null passwords. @@ -4629,10 +4736,10 @@ Default: \fBpanic action = \fR Example: \fBpanic action = "/bin/sleep 90000"\fR .TP \fBpassdb backend (G)\fR -This option allows the administrator to chose what -backend in which to store passwords. This allows (for example) both -smbpasswd and tdbsam to be used without a recompile. Only one can -be used at a time however, and experimental backends must still be selected +This option allows the administrator to chose which backends to retrieve and store passwords with. This allows (for example) both +smbpasswd and tdbsam to be used without a recompile. +Multiple backends can be specified, seperated by spaces. The backends will be searched in the order they are specified. New users are always added to the first backend specified. +Experimental backends must still be selected (eg --with-tdbsam) at configure time. This paramater is in two parts, the backend's name, and a 'location' @@ -4688,11 +4795,11 @@ for its own processing Default: \fBpassdb backend = smbpasswd\fR -Example: \fBpassdb backend = tdbsam:/etc/samba/private/passdb.tdb\fR +Example: \fBpassdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd\fR Example: \fBpassdb backend = ldapsam_nua:ldaps://ldap.example.com\fR -Example: \fBpassdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args\fR +Example: \fBpassdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb\fR .TP \fBpasswd chat (G)\fR This string controls the \fB"chat"\fR @@ -4948,6 +5055,14 @@ Default: \fBnone\fR Example: \fBpath = /home/fred\fR .TP +\fBpid directory (G)\fR +This option specifies the directory where pid +files will be placed. + +Default: \fBpid directory = ${prefix}/var/locks\fR + +Example: \fBpid directory = /var/run/\fR +.TP \fBposix locking (S)\fR The \fBsmbd(8)\fR daemon maintains an database of file locks obtained by SMB clients. @@ -5077,14 +5192,23 @@ spool file when it has been processed, otherwise you will need to manually remove old spool files. The print command is simply a text string. It will be used -verbatim, with two exceptions: All occurrences of \fI%s -\fRand \fI%f\fR will be replaced by the -appropriate spool file name, and all occurrences of \fI%p -\fRwill be replaced by the appropriate printer name. The -spool file name is generated automatically by the server. The -\fI%J\fR macro can be used to access the job +verbatim after macro substitutions have been made: + +s, %p - the path to the spool +file name + +%p - the appropriate printer +name + +%J - the job name as transmitted by the client. +%c - The number of printed pages +of the spooled job (if known). + +%z - the size of the spooled +print job (in bytes) + The print command \fBMUST\fR contain at least one occurrence of \fI%s\fR or \fI%f \fR- the \fI%p\fR is optional. At the time @@ -5129,6 +5253,16 @@ For \fBprinting = SOFTQ :\fR \fBprint command = lp -d%p -s %s; rm %s\fR +For printing = CUPS : If SAMBA is compiled against +libcups, then printcap = cups +uses the CUPS API to +submit jobs, etc. Otherwise it maps to the System V +commands with the -oraw option for printing, i.e. it +uses \fBlp -c -d%p -oraw; rm %s\fR. +With \fBprinting = cups\fR, +and if SAMBA is compiled against libcups, any manually +set print command will be ignored. + Example: \fBprint command = /usr/local/samba/bin/myprintscript %p %s\fR .TP @@ -5156,6 +5290,13 @@ This parameter may be used to override the compiled-in default printcap name used by the server (usually \fI /etc/printcap\fR). See the discussion of the [printers] section above for reasons why you might want to do this. +To use the CUPS printing interface set \fBprintcap name = cups +\fR\&. This should be supplemented by an addtional setting +printing = cups in the [global] +section. \fBprintcap name = cups\fR will use the +"dummy" printcap created by CUPS, as specified in your CUPS +configuration file. + On System V systems that use \fBlpstat\fR to list available printers you can use \fBprintcap name = lpstat \fRto automatically obtain lists of available printers. This @@ -5886,6 +6027,29 @@ for details. Default: \fBset directory = no\fR .TP +\fBshare modes (S)\fR +This enables or disables the honoring of +the \fIshare modes\fR during a file open. These +modes are used by clients to gain exclusive read or write access +to a file. + +These open modes are not directly supported by UNIX, so +they are simulated using shared memory, or lock files if your +UNIX doesn't support shared memory (almost all do). + +The share modes that are enabled by this option are +DENY_DOS, DENY_ALL, +DENY_READ, DENY_WRITE, +DENY_NONE and DENY_FCB. + +This option gives full share compatibility and enabled +by default. + +You should \fBNEVER\fR turn this parameter +off as many Windows applications will break if you do so. + +Default: \fBshare modes = yes\fR +.TP \fBshort preserve case (S)\fR This boolean parameter controls if new files which conform to 8.3 syntax, that is all in upper case and of @@ -6956,7 +7120,7 @@ that Samba has to do in order to perform the link checks. Default: \fBwide links = yes\fR .TP -\fBwinbind cache time\fR +\fBwinbind cache time (G)\fR This parameter specifies the number of seconds the winbindd(8)daemon will cache user and group information before querying a Windows NT server @@ -6964,7 +7128,7 @@ again. Default: \fBwinbind cache type = 15\fR .TP -\fBwinbind enum users\fR +\fBwinbind enum users (G)\fR On large installations using winbindd(8)it may be necessary to suppress the enumeration of users through the @@ -6983,7 +7147,7 @@ usernames. Default: \fBwinbind enum users = yes \fR .TP -\fBwinbind enum groups\fR +\fBwinbind enum groups (G)\fR On large installations using winbindd(8)it may be necessary to suppress the enumeration of groups through the @@ -6999,7 +7163,7 @@ enumeration may cause some programs to behave oddly. Default: \fBwinbind enum groups = yes \fR .TP -\fBwinbind gid\fR +\fBwinbind gid (G)\fR The winbind gid parameter specifies the range of group ids that are allocated by the winbindd(8)daemon. This range of group ids should have no existing local or NIS groups within it as strange conflicts can @@ -7009,7 +7173,7 @@ Default: \fBwinbind gid = \fR Example: \fBwinbind gid = 10000-20000\fR .TP -\fBwinbind separator\fR +\fBwinbind separator (G)\fR This parameter allows an admin to define the character used when listing a username of the form of \fIDOMAIN \fR\\\fIuser\fR. This parameter @@ -7020,11 +7184,11 @@ Please note that setting this parameter to + causes problems with group membership at least on glibc systems, as the character + is used as a special character for NIS in /etc/group. -Example: \fBwinbind separator = \\\\\fR +Default: \fBwinbind separator = '\\'\fR -Example: \fBwinbind separator = /\fR +Example: \fBwinbind separator = +\fR .TP -\fBwinbind uid\fR +\fBwinbind uid (G)\fR The winbind gid parameter specifies the range of group ids that are allocated by the winbindd(8)daemon. This range of ids should have no existing local or NIS users within it as strange conflicts can diff --git a/docs/manpages/smbclient.1 b/docs/manpages/smbclient.1 index 8b969ce4d1a..641f2d4a9f1 100644 --- a/docs/manpages/smbclient.1 +++ b/docs/manpages/smbclient.1 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBCLIENT" "1" "28 January 2002" "" "" +.TH "SMBCLIENT" "1" "08 May 2002" "" "" .SH NAME smbclient \- ftp-like client to access SMB/CIFS resources on servers .SH SYNOPSIS @@ -327,9 +327,9 @@ is 65520 bytes. Setting this value smaller (to 1200 bytes) has been observed to speed up file transfers to and from a Win9x server. .TP \fB-W WORKGROUP\fR -Override the default workgroup specified in the -workgroup parameter of the \fIsmb.conf\fR file -for this connection. This may be needed to connect to some +Override the default workgroup (domain) specified +in the workgroup parameter of the \fIsmb.conf\fR +file for this connection. This may be needed to connect to some servers. .TP \fB-T tar options\fR @@ -513,6 +513,26 @@ If \fIshell command\fR is specified, the ! command will execute a shell locally and run the specified shell command. If no command is specified, a local shell will be run. .TP +\fBaltname file\fR +The client will request that the server return +the "alternate" name (the 8.3 name) for a file or directory. +.TP +\fBcancel jobid0 [jobid1] ... [jobidN]\fR +The client will request that the server cancel +the printjobs identified by the given numeric print job ids. +.TP +\fBchmod file mode in octal\fR +This command depends on the server supporting the CIFS +UNIX extensions and will fail if the server does not. The client requests that the server +change the UNIX permissions to the given octal mode, in standard UNIX format. +.TP +\fBchown file uid gid\fR +This command depends on the server supporting the CIFS +UNIX extensions and will fail if the server does not. The client requests that the server +change the UNIX user and group ownership to the given decimal values. Note there is +currently no way to remotely look up the UNIX uid and gid values for a given name. +This may be addressed in future versions of the CIFS UNIX extensions. +.TP \fBcd [directory name]\fR If "directory name" is specified, the current working directory on the server will be changed to the directory @@ -555,6 +575,12 @@ reason the specified directory is inaccessible. If no directory name is specified, the name of the current working directory on the local machine will be reported. .TP +\fBlink source destination\fR +This command depends on the server supporting the CIFS +UNIX extensions and will fail if the server does not. The client requests that the server +create a hard link between the source and destination files. The source file +must not exist. +.TP \fBlowercase\fR Toggle lowercasing of filenames for the get and mget commands. @@ -674,6 +700,21 @@ working directory on the server. Remove the specified directory (user access privileges permitting) from the server. .TP +\fBsetmode \fR +A version of the DOS attrib command to set +file permissions. For example: + +\fBsetmode myfile +r \fR + +would make myfile read only. +.TP +\fBsymlink source destination\fR +This command depends on the server supporting the CIFS +UNIX extensions and will fail if the server does not. The client requests that the server +create a symbolic hard link between the source and destination files. The source file +must not exist. Note that the server will not create a link to any path that lies +outside the currently connected share. This is enforced by the Samba server. +.TP \fBtar [IXbgNa]\fR Performs a tar operation - see the \fI-T \fRcommand line option above. Behavior may be affected @@ -693,14 +734,6 @@ archive bit setting (this is the default mode). In incremental mode, tar will only back up files with the archive bit set. In reset mode, tar will reset the archive bit on all files it backs up (implies read/write share). -.TP -\fBsetmode \fR -A version of the DOS attrib command to set -file permissions. For example: - -\fBsetmode myfile +r \fR - -would make myfile read only. .SH "NOTES" .PP Some servers are fussy about the case of supplied usernames, diff --git a/docs/manpages/smbcontrol.1 b/docs/manpages/smbcontrol.1 index f341b563e15..f3e6c843b59 100644 --- a/docs/manpages/smbcontrol.1 +++ b/docs/manpages/smbcontrol.1 @@ -3,9 +3,9 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBCONTROL" "1" "28 January 2002" "" "" +.TH "SMBCONTROL" "1" "08 May 2002" "" "" .SH NAME -smbcontrol \- send messages to smbd or nmbd processes +smbcontrol \- send messages to smbd, nmbd or winbindd processes .SH SYNOPSIS .sp \fBsmbcontrol\fR [ \fB-i\fR ] @@ -16,9 +16,10 @@ smbcontrol \- send messages to smbd or nmbd processes This tool is part of the Sambasuite. .PP \fBsmbcontrol\fR is a very small program, which -sends messages to an smbd(8)or -an nmbd(8)daemon running on the -system. +sends messages to an smbd(8), +an nmbd(8) +or a winbindd(8) +daemon running on the system. .SH "OPTIONS" .TP \fB-i\fR @@ -52,8 +53,9 @@ The close-share message-type sends a message to smbd which will then close the client connections to the named share. Note that this doesn't affect client connections to any other shares. This message-type takes an argument of the -share name for which client connections will be close, or the +share name for which client connections will be closed, or the "*" character which will close all currently open shares. +This may be useful if you made changes to the access controls on the share. This message can only be sent to smbd. The debug message-type allows @@ -76,7 +78,7 @@ parameter. The parameter can be "on" to turn on profile stats collection, "off" to turn off profile stats collection, "count" to enable only collection of count stats (time stats are disabled), and "flush" to zero the current profile stats. This can -be sent to any of the destinations. +be sent to any smbd or nmbd destinations. The debuglevel message-type sends a "request debug level" message. The current debug level setting @@ -86,18 +88,13 @@ sent to any of the destinations. The profilelevel message-type sends a "request profile level" message. The current profile level setting is returned by a "profilelevel" message. This can be sent -to any of the destinations. +to any smbd or nmbd destinations. The printer-notify message-type sends a message to smbd which in turn sends a printer notify message to any Windows NT clients connected to a printer. This message-type takes an argument of the printer name to send notify messages to. This message can only be sent to smbd. - -The close-share message-type sends a -message to smbd which forces smbd to close the share that was -specified as an argument. This may be useful if you made changes -to the access controls on the share. .TP \fBparameters\fR any parameters required for the message-type diff --git a/docs/manpages/smbd.8 b/docs/manpages/smbd.8 index f534a59bf3b..83483c88350 100644 --- a/docs/manpages/smbd.8 +++ b/docs/manpages/smbd.8 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBD" "8" "28 January 2002" "" "" +.TH "SMBD" "8" "08 May 2002" "" "" .SH NAME smbd \- server to provide SMB/CIFS services to clients .SH SYNOPSIS @@ -124,7 +124,9 @@ file will be created for informational and debug messages from the running server. The log file generated is never removed by the server although its size may be controlled by the max log size -option in the \fI smb.conf(5)\fRfile. +option in the \fI smb.conf(5)\fRfile. \fBBeware:\fR +If the directory specified does not exist, \fBsmbd\fR +will log to the default debug log location defined at compile time. The default log directory is specified at compile time. diff --git a/docs/manpages/smbmount.8 b/docs/manpages/smbmount.8 index 1cef431e47b..0d4a7fc8708 100644 --- a/docs/manpages/smbmount.8 +++ b/docs/manpages/smbmount.8 @@ -3,12 +3,12 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBMOUNT" "8" "28 January 2002" "" "" +.TH "SMBMOUNT" "8" "08 May 2002" "" "" .SH NAME smbmount \- mount an smbfs filesystem .SH SYNOPSIS .sp -\fBsmbumount\fR \fBservice\fR \fBmount-point\fR [ \fB-o options\fR ] +\fBsmbmount\fR \fBservice\fR \fBmount-point\fR [ \fB-o options\fR ] .SH "DESCRIPTION" .PP \fBsmbmount\fR mounts a Linux SMB filesystem. It diff --git a/docs/manpages/smbsh.1 b/docs/manpages/smbsh.1 index 130df3582b0..774607c3a29 100644 --- a/docs/manpages/smbsh.1 +++ b/docs/manpages/smbsh.1 @@ -3,12 +3,12 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBSH" "1" "28 January 2002" "" "" +.TH "SMBSH" "1" "08 May 2002" "" "" .SH NAME smbsh \- Allows access to Windows NT filesystem using UNIX commands .SH SYNOPSIS .sp -\fBsmbsh\fR +\fBsmbsh\fR [ \fB-W workgroup\fR ] [ \fB-U username\fR ] [ \fB-P prefix\fR ] [ \fB-R \fR ] [ \fB-d \fR ] [ \fB-l logfile\fR ] [ \fB-L libdir\fR ] .SH "DESCRIPTION" .PP This tool is part of the Sambasuite. @@ -17,6 +17,104 @@ This tool is part of the Sambasuite. using UNIX commands such as \fBls\fR, \fB egrep\fR, and \fBrcp\fR. You must use a shell that is dynamically linked in order for \fBsmbsh\fR to work correctly. +.SH "OPTIONS" +.TP +\fB-W WORKGROUP\fR +Override the default workgroup specified in the +workgroup parameter of the \fIsmb.conf\fR file +for this session. This may be needed to connect to some +servers. +.TP +\fB-U username[%pass]\fR +Sets the SMB username or username and password. +If this option is not specified, the user will be prompted for +both the username and the password. If %pass is not specified, +the user will be prompted for the password. +.TP +\fB-P prefix\fR +This option allows +the user to set the directory prefix for SMB access. The +default value if this option is not specified is +\fBsmb\fR. +.TP +\fB-R \fR +This option is used to determine what naming +services and in what order to resolve +host names to IP addresses. The option takes a space-separated +string of different name resolution options. + +The options are :"lmhosts", "host", "wins" and "bcast". +They cause names to be resolved as follows : +.RS +.TP 0.2i +\(bu +lmhosts : +Lookup an IP address in the Samba lmhosts file. If the +line in lmhosts has no name type attached to the +NetBIOS name +(see the lmhosts(5) +for details) then any name type matches for lookup. +.TP 0.2i +\(bu +host : +Do a standard host name to IP address resolution, using +the system \fI/etc/hosts\fR, NIS, or DNS +lookups. This method of name resolution is operating +system dependent, for instance on IRIX or Solaris this +may be controlled by the \fI/etc/nsswitch.conf +\fRfile). Note that this method is only used +if the NetBIOS name type being queried is the 0x20 +(server) name type, otherwise it is ignored. +.TP 0.2i +\(bu +wins : +Query a name with the IP address listed in the +\fIwins server\fR parameter. If no +WINS server has been specified this method will be +ignored. +.TP 0.2i +\(bu +bcast : +Do a broadcast on each of the known local interfaces +listed in the \fIinterfaces\fR +parameter. This is the least reliable of the name +resolution methods as it depends on the target host +being on a locally connected subnet. +.RE +.PP +If this parameter is not set then the name resolve order +defined in the \fIsmb.conf\fR file parameter +(name resolve order) will be used. +.PP +.PP +The default order is lmhosts, host, wins, bcast. Without +this parameter or any entry in the \fIname resolve order +\fRparameter of the \fIsmb.conf\fR +file, the name resolution methods will be attempted in this +order. +.PP +.TP +\fB-d \fR +debug level is an integer from 0 to 10. + +The default value if this parameter is not specified +is zero. + +The higher this value, the more detail will be logged +about the activities of \fBnmblookup\fR. At level +0, only critical errors and serious warnings will be logged. +.TP +\fB-l logfilename\fR +If specified causes all debug messages to be +written to the file specified by \fIlogfilename +\fR\&. If not specified then all messages will be +written to\fIstderr\fR. +.TP +\fB-L libdir\fR +This parameter specifies the location of the +shared libraries used by \fBsmbsh\fR. The default +value is specified at compile time. +.SH "EXAMPLES" .PP To use the \fBsmbsh\fR command, execute \fB smbsh\fR from the prompt and enter the username and password that authenticates you to the machine running the Windows NT diff --git a/docs/manpages/wbinfo.1 b/docs/manpages/wbinfo.1 index 9537af287b8..57aaf98b626 100644 --- a/docs/manpages/wbinfo.1 +++ b/docs/manpages/wbinfo.1 @@ -3,12 +3,12 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "WBINFO" "1" "28 January 2002" "" "" +.TH "WBINFO" "1" "08 May 2002" "" "" .SH NAME wbinfo \- Query information from winbind daemon .SH SYNOPSIS .sp -\fBwbinfo\fR [ \fB-u\fR ] [ \fB-g\fR ] [ \fB-n name\fR ] [ \fB-s sid\fR ] [ \fB-U uid\fR ] [ \fB-G gid\fR ] [ \fB-S sid\fR ] [ \fB-Y sid\fR ] [ \fB-t\fR ] [ \fB-m\fR ] [ \fB-a user%password\fR ] [ \fB-p\fR ] +\fBwbinfo\fR [ \fB-u\fR ] [ \fB-g\fR ] [ \fB-h name\fR ] [ \fB-i ip\fR ] [ \fB-n name\fR ] [ \fB-s sid\fR ] [ \fB-U uid\fR ] [ \fB-G gid\fR ] [ \fB-S sid\fR ] [ \fB-Y sid\fR ] [ \fB-t\fR ] [ \fB-m\fR ] [ \fB-r user\fR ] [ \fB-a user%password\fR ] [ \fB-A user%password\fR ] .SH "DESCRIPTION" .PP This tool is part of the Sambasuite. @@ -37,6 +37,18 @@ will also be listed. Note that this operation does not assign group ids to any groups that have not already been seen by \fBwinbindd(8)\fR. .TP +\fB-h name\fR +The \fI-h\fR option +queries \fBwinbindd(8)\fR to query the WINS +server for the IP address associated with the NetBIOS name +specified by the \fIname\fR parameter. +.TP +\fB-i ip\fR +The \fI-i\fR option +queries \fBwinbindd(8)\fR to send a node status +request to get the NetBIOS name associated with the IP address +specified by the \fIip\fR parameter. +.TP \fB-n name\fR The \fI-n\fR option queries \fBwinbindd(8)\fR for the SID @@ -83,13 +95,21 @@ Windows NT server \fBwinbindd(8)\fR contacts when resolving names. This list does not include the Windows NT domain the server is a Primary Domain Controller for. .TP +\fB-r username\fR +Try to obtain the list of UNIX group ids +to which the user belongs. This only works for users +defined on a Domain Controller. +.TP \fB-a username%password\fR Attempt to authenticate a user via winbindd. This checks both authenticaion methods and reports its results. .TP -\fB-p\fR -Attempt a simple 'ping' check that the winbindd -is indeed alive. +\fB-A username%password\fR +Store username and password used by winbindd +during session setup to a domain controller. This enables +winbindd to operate in a Windows 2000 domain with Restrict +Anonymous turned on (a.k.a. Permissions compatiable with +Windows 2000 servers only). .SH "EXIT STATUS" .PP The wbinfo program returns 0 if the operation diff --git a/docs/manpages/winbindd.8 b/docs/manpages/winbindd.8 index cca62f25e4e..ca0c87bd08c 100644 --- a/docs/manpages/winbindd.8 +++ b/docs/manpages/winbindd.8 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "WINBINDD" "8" "28 January 2002" "" "" +.TH "WINBINDD" "8" "08 May 2002" "" "" .SH NAME winbindd \- Name Service Switch daemon for resolving names from NT servers .SH SYNOPSIS @@ -38,6 +38,12 @@ installed, this should always suceed. The following nsswitch databases are implemented by the winbindd service: .TP +\fBhosts\fR +User information traditionally stored in +the \fIhosts(5)\fR file and used by +\fBgethostbyname(3)\fR functions. Names are +resolved through the WINS server or by broadcast. +.TP \fBpasswd\fR User information traditionally stored in the \fIpasswd(5)\fR file and used by @@ -63,6 +69,12 @@ group: files winbind .sp .fi .PP +.PP +The following simple configuration in the +\fI/etc/nsswitch.conf\fR file can be used to initially +resolve hostnames from \fI/etc/hosts\fR and then from the +WINS server. +.PP .SH "OPTIONS" .TP \fB-d debuglevel\fR diff --git a/docs/textdocs/BROWSING.txt b/docs/textdocs/BROWSING.txt index ad12d4c7220..2ca41e5624e 100644 --- a/docs/textdocs/BROWSING.txt +++ b/docs/textdocs/BROWSING.txt @@ -7,10 +7,14 @@ Summary: This describes how to configure Samba for improved browsing. OVERVIEW: ========= + SMB networking provides a mechanism by which clients can access a list -of machines that are available within the network. This list is called -the browse list and is heavily used by all SMB clients. Configuration -of SMB browsing has been problematic for some Samba users, hence this +of machines in a network, a so-called "browse list". This list +contains machines that are ready to offer file and/or print services +to other machines within the network. Thus it does not include +machines which aren't currently able to do server tasks. The browse +list is heavily used by all SMB clients. Configuration of SMB +browsing has been problematic for some Samba users, hence this document. Browsing will NOT work if name resolution from NetBIOS names to IP @@ -59,9 +63,10 @@ browsing on another subnet. It is recommended that this option is only used for 'unusual' purposes: announcements over the internet, for example. See "remote announce" in the smb.conf man page. -If something doesn't work then hopefully the log.nmb file will -help you track down the problem. Try a debug level of 2 or 3 for -finding problems. +If something doesn't work then hopefully the log.nmb file will help +you track down the problem. Try a debug level of 2 or 3 for finding +problems. Also note that the current browse list usually gets stored +in text form in a file called browse.dat. Note that if it doesn't work for you, then you should still be able to type the server name as \\SERVER in filemanager then hit enter and diff --git a/docs/textdocs/HINTS.txt b/docs/textdocs/HINTS.txt index 75114557fe8..877640108ce 100644 --- a/docs/textdocs/HINTS.txt +++ b/docs/textdocs/HINTS.txt @@ -49,6 +49,9 @@ windows. Just drag your file onto the icon and it converts the file. Get it from ftp://samba.org/pub/samba/contributed/fixcrlf.zip +The utilities unix2dos and dos2unix(in the mtools package) should do +the job under unix. + ---------------------- HINT: Use the "username map" option diff --git a/docs/textdocs/Printing.txt b/docs/textdocs/Printing.txt index b47120eaba9..2c50e5f4fe6 100644 --- a/docs/textdocs/Printing.txt +++ b/docs/textdocs/Printing.txt @@ -3,7 +3,7 @@ Revised by: Patrick Powell Date: August 11, 2000 Status: Current -Subject: Dubugging Printing Problems +Subject: Debugging Printing Problems ============================================================================= This is a short description of how to debug printing problems with diff --git a/docs/textdocs/Tracing.txt b/docs/textdocs/Tracing.txt index fd65045abdb..6cc1d69258d 100644 --- a/docs/textdocs/Tracing.txt +++ b/docs/textdocs/Tracing.txt @@ -70,7 +70,7 @@ Once you are attached you then can do whatever it is on the client that is causing problems and you will capture all the system calls that smbd makes. -So how do you interpret the results? Generally I search thorugh the +So how do you interpret the results? Generally I search through the output for strings that I know will appear when the problem happens. For example, if I am having touble with permissions on a file I would search for that files name in the strace output and look at diff --git a/docs/textdocs/UNIX_SECURITY.txt b/docs/textdocs/UNIX_SECURITY.txt index d6a0a01acc5..38705f018ac 100644 --- a/docs/textdocs/UNIX_SECURITY.txt +++ b/docs/textdocs/UNIX_SECURITY.txt @@ -32,7 +32,7 @@ directory and do an ls, the UNIX security solution is to change the UNIX file permissions on the users home directories such that the cd and ls would be denied. -Samba tries very had not to second guess the UNIX administrators +Samba tries very hard not to second guess the UNIX administrators security policies, and trusts the UNIX admin to set the policies and permissions he or she desires. diff --git a/examples/README b/examples/README index ba47cf912f7..22226067140 100644 --- a/examples/README +++ b/examples/README @@ -1,4 +1,4 @@ -Copyright(C) Samba-Team 1993-1997 +Copyright(C) Samba-Team 1993-2001 This directory contains example config files and related material for Samba. @@ -6,6 +6,6 @@ Samba. At a minimum please refer to the smb.conf.default file for current information regarding global and share parameter settings. -Send additions to: samba-bugs@samba.org +Send additions to: samba@samba.org diff --git a/examples/VFS/Makefile b/examples/VFS/Makefile index 716e48da88d..f93cd0cb2df 100644 --- a/examples/VFS/Makefile +++ b/examples/VFS/Makefile @@ -10,10 +10,11 @@ LIBTOOL = libtool SAMBA_SRC = ../../source SAMBA_INCL = ../../source/include +POPT_INCL = ../../source/popt UBIQX_SRC = ../../source/ubiqx SMBWR_SRC = ../../source/smbwrapper KRB5_SRC = /usr/kerberos/include -CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -I$(KRB5_SRC) -Wall -g +CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(POPT_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -I$(KRB5_SRC) -Wall -g VFS_OBJS = audit.so skel.so recycle.so # Default target diff --git a/examples/VFS/block/Makefile b/examples/VFS/block/Makefile index dcc7c077936..44b08681d6d 100644 --- a/examples/VFS/block/Makefile +++ b/examples/VFS/block/Makefile @@ -8,7 +8,7 @@ CC = gcc LIBTOOL = libtool -SAMBA_SRC = /usr/local/src/samba/samba-2.2.0-ron/source +SAMBA_SRC = ../../../source SAMBA_INCL = ${SAMBA_SRC}/include UBIQX_SRC = ${SAMBA_SRC}/ubiqx SMBWR_SRC = ${SAMBA_SRC}/smbwrapper diff --git a/examples/VFS/recycle.c b/examples/VFS/recycle.c index 74d3657895a..6a1c98ce54e 100644 --- a/examples/VFS/recycle.c +++ b/examples/VFS/recycle.c @@ -238,15 +238,18 @@ static int recycle_unlink(connection_struct *conn, const char *inname) return default_vfs_ops.unlink(conn,fname); } - base = strrchr(fname, '/') + 1; - if(base == (char*)1) - ext = strrchr(fname, '.'); - else - ext = strrchr(base, '.'); - + base = strrchr(fname, '/'); pstrcpy(bin, recycle_bin); pstrcat(bin, "/"); - pstrcat(bin, base); + + if(base == NULL) { + ext = strrchr(fname, '.'); + pstrcat(bin, fname); + } else { + ext = strrchr(base, '.'); + pstrcat(bin, base+1); + } + DEBUG(3, ("recycle bin: base %s, ext %s, fname %s, bin %s\n", base, ext, fname, bin)); if(strcmp(fname,bin) == 0) { DEBUG(3, ("recycle bin: file %s exists, purging...\n", fname)); @@ -254,6 +257,9 @@ static int recycle_unlink(connection_struct *conn, const char *inname) } len = strlen(bin); + if ( ext != NULL) + len = len - strlen(ext); + addlen = sizeof(pstring)-len-1; while(recycle_file_exist(conn,bin)) { slprintf(bin+len, addlen, " (Copy #%d)", i++); diff --git a/examples/pdb/README b/examples/pdb/README index ccc39248aac..a2126047925 100644 --- a/examples/pdb/README +++ b/examples/pdb/README @@ -1,5 +1,41 @@ README for Samba Password Database (PDB) examples ==================================================== +21-6-2002 Stefan (metze) Metzmacher + +I have added an interface versioning. + +Every module MUST have a pdb_version() function. + +this is defined in include/passdb.h: +#define PDB_MODULE_VERSIONING_MAGIC \ +int pdb_version(void)\ +{\ + return PASSDB_INTERFACE_VERSION;\ +} + +You MUST add this line inside a module: +PDB_MODULE_VERSIONING_MAGIC + +21-6-2002 Stefan (metze) Metzmacher + +The pdb_interface was changed: + +this function are deleted: +static BOOL testsam_getsampwrid (struct pdb_methods *methods, SAM_ACCOUNT *user, uint32 rid) + +this function are added: +static BOOL testsam_getsampwsid (struct pdb_methods *methods, SAM_ACCOUNT *user, DOM_SID sid) + +In the SAM_ACCOUNT struct: + +this fields are deleted: +uint32 user_rid; +uint32 group_rid; + +this fields are added: +DOM_SID user_sid; +DOM_SID group_sid; + 15-2-2002 Jelmer Vernooij The pdb_test.c file in this directory contains a very basic example of @@ -7,3 +43,9 @@ a pdb plugin. It just prints the name of the function that is executed using DEBUG. Maybe it's nice to include some of the arguments to the function in the future too.. +To debug passdb backends, try to run gdb on the 'pdbedit' executable. That's really much easier than restarting smbd constantly and attaching with your debugger. + +New passdb plugins should go into the samba lib directory, (/usr/lib/samba/ for +most distributions) and should be prefixed with 'pdb_'. An example would be: +/usr/lib/samba/pdb_test.so + diff --git a/examples/pdb/pdb_test.c b/examples/pdb/pdb_test.c index 4b4189e9d57..d2722d2e036 100644 --- a/examples/pdb/pdb_test.c +++ b/examples/pdb/pdb_test.c @@ -17,11 +17,24 @@ * Mass Ave, Cambridge, MA 02139, USA. */ + #include "includes.h" -static BOOL testsam_setsampwent(struct pdb_context *context, BOOL update) +static int testsam_debug_level = DBGC_ALL; + +#undef DBGC_CLASS +#define DBGC_CLASS testsam_debug_level + +/* define the version of the passdb interface */ +PDB_MODULE_VERSIONING_MAGIC + +/*************************************************************** + Start enumeration of the passwd list. +****************************************************************/ + +static BOOL testsam_setsampwent(struct pdb_methods *methods, BOOL update) { - DEBUG(0, ("testsam_setsampwent called\n")); + DEBUG(10, ("testsam_setsampwent called\n")); return True; } @@ -29,18 +42,18 @@ static BOOL testsam_setsampwent(struct pdb_context *context, BOOL update) End enumeration of the passwd list. ****************************************************************/ -static void testsam_endsampwent(struct pdb_context *context) +static void testsam_endsampwent(struct pdb_methods *methods) { - DEBUG(0, ("testsam_endsampwent called\n")); + DEBUG(10, ("testsam_endsampwent called\n")); } /***************************************************************** Get one SAM_ACCOUNT from the list (next in line) *****************************************************************/ -static BOOL testsam_getsampwent(struct pdb_context *context, SAM_ACCOUNT *user) +static BOOL testsam_getsampwent(struct pdb_methods *methods, SAM_ACCOUNT *user) { - DEBUG(0, ("testsam_getsampwent called\n")); + DEBUG(10, ("testsam_getsampwent called\n")); return False; } @@ -48,19 +61,19 @@ static BOOL testsam_getsampwent(struct pdb_context *context, SAM_ACCOUNT *user) Lookup a name in the SAM database ******************************************************************/ -static BOOL testsam_getsampwnam (struct pdb_context *context, SAM_ACCOUNT *user, const char *sname) +static BOOL testsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *user, const char *sname) { - DEBUG(0, ("testsam_getsampwnam called\n")); + DEBUG(10, ("testsam_getsampwnam called\n")); return False; } /*************************************************************************** - Search by rid + Search by sid **************************************************************************/ -static BOOL testsam_getsampwrid (struct pdb_context *context, SAM_ACCOUNT *user, uint32 rid) +static BOOL testsam_getsampwsid (struct pdb_methods *methods, SAM_ACCOUNT *user, DOM_SID sid) { - DEBUG(0, ("testsam_getsampwrid called\n")); + DEBUG(10, ("testsam_getsampwsid called\n")); return False; } @@ -68,9 +81,9 @@ static BOOL testsam_getsampwrid (struct pdb_context *context, SAM_ACCOUNT *user, Delete a SAM_ACCOUNT ****************************************************************************/ -static BOOL testsam_delete_sam_account(struct pdb_context *context, const SAM_ACCOUNT *sam_pass) +static BOOL testsam_delete_sam_account(struct pdb_methods *methods, const SAM_ACCOUNT *sam_pass) { - DEBUG(0, ("testsam_delete_sam_account called\n")); + DEBUG(10, ("testsam_delete_sam_account called\n")); return False; } @@ -78,9 +91,9 @@ static BOOL testsam_delete_sam_account(struct pdb_context *context, const SAM_AC Modifies an existing SAM_ACCOUNT ****************************************************************************/ -static BOOL testsam_update_sam_account (struct pdb_context *context, const SAM_ACCOUNT *newpwd) +static BOOL testsam_update_sam_account (struct pdb_methods *methods, const SAM_ACCOUNT *newpwd) { - DEBUG(0, ("testsam_update_sam_account called\n")); + DEBUG(10, ("testsam_update_sam_account called\n")); return False; } @@ -88,9 +101,9 @@ static BOOL testsam_update_sam_account (struct pdb_context *context, const SAM_A Adds an existing SAM_ACCOUNT ****************************************************************************/ -static BOOL testsam_add_sam_account (struct pdb_context *context, const SAM_ACCOUNT *newpwd) +static BOOL testsam_add_sam_account (struct pdb_methods *methods, const SAM_ACCOUNT *newpwd) { - DEBUG(0, ("testsam_add_sam_account called\n")); + DEBUG(10, ("testsam_add_sam_account called\n")); return False; } @@ -104,18 +117,27 @@ NTSTATUS pdb_init(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char (*pdb_method)->name = "testsam"; + /* Functions your pdb module doesn't provide should be set + * to NULL */ + (*pdb_method)->setsampwent = testsam_setsampwent; (*pdb_method)->endsampwent = testsam_endsampwent; (*pdb_method)->getsampwent = testsam_getsampwent; (*pdb_method)->getsampwnam = testsam_getsampwnam; - (*pdb_method)->getsampwrid = testsam_getsampwrid; + (*pdb_method)->getsampwsid = testsam_getsampwsid; (*pdb_method)->add_sam_account = testsam_add_sam_account; (*pdb_method)->update_sam_account = testsam_update_sam_account; (*pdb_method)->delete_sam_account = testsam_delete_sam_account; + + testsam_debug_level = debug_add_class("testsam"); + if (testsam_debug_level == -1) { + testsam_debug_level = DBGC_ALL; + DEBUG(0, ("testsam: Couldn't register custom debugging class!\n")); + } else DEBUG(0, ("testsam: Debug class number of 'testsam': %d\n", testsam_debug_level)); DEBUG(0, ("Initializing testsam\n")); if (location) - DEBUG(0, ("Location: %s\n", location)); + DEBUG(10, ("Location: %s\n", location)); return NT_STATUS_OK; } diff --git a/examples/smb.conf.default b/examples/smb.conf.default index f0c86cc6eed..417417d256f 100644 --- a/examples/smb.conf.default +++ b/examples/smb.conf.default @@ -58,9 +58,17 @@ # Security mode. Most people will want user level security. See # security_level.txt for details. security = user + # Use password server option only with security = server +# The argument list may include: +# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] +# or to auto-locate the domain controller/s +# password server = * ; password server = +# Note: Do NOT use the now deprecated option of "domain controller" +# This option is no longer implemented. + # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents @@ -102,10 +110,6 @@ # and gives it a slightly higher chance of winning the election ; preferred master = yes -# Use only if you have an NT server on your network that has been -# configured at install time to be a primary domain controller. -; domain controller = - # Enable this if you want Samba to be a domain logon server for # Windows95 workstations. ; domain logons = yes diff --git a/packaging/Caldera/OpenLinux/findsmb b/packaging/Caldera/OpenLinux/findsmb index 986c2481779..f70d18dcbdc 100755 --- a/packaging/Caldera/OpenLinux/findsmb +++ b/packaging/Caldera/OpenLinux/findsmb @@ -73,7 +73,7 @@ foreach $ip (@ipaddrs) # loop through each IP address found $name = "unknown nis name"; } } else { - /(\S+)/; + /(.{1,15})\s+<00>\s+/; $name = $1; } @@ -103,7 +103,7 @@ foreach $ip (@ipaddrs) # loop through each IP address found @name = grep(/<00> - /,@nmblookup); $_ = @name[0]; if ($_) { - /(\S+)/; + /(.{1,15})\s+<00>\s+/; $_ = "[$1]"; } else { $_ = "Unknown Workgroup"; diff --git a/packaging/Caldera/OpenLinux/samba3.spec.tmpl b/packaging/Caldera/OpenLinux/samba3.spec.tmpl index d48d860e0be..23ebcd879ec 100644 --- a/packaging/Caldera/OpenLinux/samba3.spec.tmpl +++ b/packaging/Caldera/OpenLinux/samba3.spec.tmpl @@ -254,6 +254,15 @@ CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="-s" ./configure \ make all nsswitch/libnss_wins.so nsswitch/libnss_winbind.so torture nsswitch/pam_winbind.so everything (cd tdb; make tdbdump tdbtest tdbtorture tdbtool) +cd ../examples/VFS +CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="-s" ./configure \ + --prefix='$(DESTDIR)/usr' \ + --localstatedir='$(DESTDIR)/var' \ + --libdir='$(DESTDIR)%{EtcSamba}' \ + --sbindir='$(DESTDIR)/usr/sbin' +make +cd block +make %Install %{mkDESTDIR} @@ -264,6 +273,7 @@ mkdir -p $DESTDIR%{EtcSamba}/codepages/src mkdir -p $DESTDIR/etc/skel/Samba mkdir -p $DESTDIR/home/samba mkdir -p $DESTDIR/lib/security +mkdir -p $DESTDIR/lib/samba mkdir -p $DESTDIR/%{LSBservedir}/{netlogon,profiles,Public} mkdir -p $DESTDIR%{NKinetdir} mkdir -p $DESTDIR/{sbin,bin,usr/{sbin,bin}} @@ -294,6 +304,11 @@ for i in tdbdump tdbtest tdbtorture tdbtool do install -m 755 source/tdb/$i $DESTDIR/usr/sbin done +# Add VFS Modules +for i in audit.so recycle.so block/block.so +do + install -m755 $i $DESTDIR/lib/samba +done #mv $DESTDIR/usr/bin/{make,add,conv}* $DESTDIR/usr/sbin diff --git a/packaging/Caldera/OpenServer/findsmb b/packaging/Caldera/OpenServer/findsmb index bb91c784b89..c87fdb5190a 100755 --- a/packaging/Caldera/OpenServer/findsmb +++ b/packaging/Caldera/OpenServer/findsmb @@ -73,7 +73,7 @@ foreach $ip (@ipaddrs) # loop through each IP address found $name = "unknown nis name"; } } else { - /(\S+)/; + /(.{1,15})\s+<00>\s+/; $name = $1; } @@ -103,7 +103,7 @@ foreach $ip (@ipaddrs) # loop through each IP address found @name = grep(/<00> - /,@nmblookup); $_ = @name[0]; if ($_) { - /(\S+)/; + /(.{1,15})\s+<00>\s+/; $_ = "[$1]"; } else { $_ = "Unknown Workgroup"; diff --git a/packaging/Caldera/UnixWare/findsmb b/packaging/Caldera/UnixWare/findsmb index bb91c784b89..c87fdb5190a 100755 --- a/packaging/Caldera/UnixWare/findsmb +++ b/packaging/Caldera/UnixWare/findsmb @@ -73,7 +73,7 @@ foreach $ip (@ipaddrs) # loop through each IP address found $name = "unknown nis name"; } } else { - /(\S+)/; + /(.{1,15})\s+<00>\s+/; $name = $1; } @@ -103,7 +103,7 @@ foreach $ip (@ipaddrs) # loop through each IP address found @name = grep(/<00> - /,@nmblookup); $_ = @name[0]; if ($_) { - /(\S+)/; + /(.{1,15})\s+<00>\s+/; $_ = "[$1]"; } else { $_ = "Unknown Workgroup"; diff --git a/packaging/Mandrake/findsmb b/packaging/Mandrake/findsmb index 986c2481779..f70d18dcbdc 100755 --- a/packaging/Mandrake/findsmb +++ b/packaging/Mandrake/findsmb @@ -73,7 +73,7 @@ foreach $ip (@ipaddrs) # loop through each IP address found $name = "unknown nis name"; } } else { - /(\S+)/; + /(.{1,15})\s+<00>\s+/; $name = $1; } @@ -103,7 +103,7 @@ foreach $ip (@ipaddrs) # loop through each IP address found @name = grep(/<00> - /,@nmblookup); $_ = @name[0]; if ($_) { - /(\S+)/; + /(.{1,15})\s+<00>\s+/; $_ = "[$1]"; } else { $_ = "Unknown Workgroup"; diff --git a/packaging/PHT/TurboLinux/findsmb b/packaging/PHT/TurboLinux/findsmb index 986c2481779..f70d18dcbdc 100755 --- a/packaging/PHT/TurboLinux/findsmb +++ b/packaging/PHT/TurboLinux/findsmb @@ -73,7 +73,7 @@ foreach $ip (@ipaddrs) # loop through each IP address found $name = "unknown nis name"; } } else { - /(\S+)/; + /(.{1,15})\s+<00>\s+/; $name = $1; } @@ -103,7 +103,7 @@ foreach $ip (@ipaddrs) # loop through each IP address found @name = grep(/<00> - /,@nmblookup); $_ = @name[0]; if ($_) { - /(\S+)/; + /(.{1,15})\s+<00>\s+/; $_ = "[$1]"; } else { $_ = "Unknown Workgroup"; diff --git a/packaging/RedHat/findsmb b/packaging/RedHat/findsmb index 986c2481779..04bc6080508 100755 --- a/packaging/RedHat/findsmb +++ b/packaging/RedHat/findsmb @@ -73,7 +73,10 @@ foreach $ip (@ipaddrs) # loop through each IP address found $name = "unknown nis name"; } } else { - /(\S+)/; +# The Netbios name can contain lot of characters also '<' '>' +# and spaces. The follwing cure inside name space but not +# names starting or ending with spaces + /(.{1,15})\s+<00>\s+/; $name = $1; } @@ -103,7 +106,8 @@ foreach $ip (@ipaddrs) # loop through each IP address found @name = grep(/<00> - /,@nmblookup); $_ = @name[0]; if ($_) { - /(\S+)/; +# Same as before for space and characters + /(.{1,15})\s+<00>\s+/; $_ = "[$1]"; } else { $_ = "Unknown Workgroup"; diff --git a/packaging/RedHat/samba.pamd b/packaging/RedHat/samba.pamd index 1b4a93fb19e..bf7a5b392ca 100644 --- a/packaging/RedHat/samba.pamd +++ b/packaging/RedHat/samba.pamd @@ -1,4 +1,4 @@ -auth required /lib/security/pam_pwdb.so nullok shadow +auth required /lib/security/pam_pwdb.so nullok account required /lib/security/pam_pwdb.so session required /lib/security/pam_pwdb.so -password required /lib/security/pam_pwdb.so +password required /lib/security/pam_pwdb.so # shadow md5 nullok audit diff --git a/packaging/RedHat/samba2.spec.tmpl b/packaging/RedHat/samba2.spec.tmpl index c99b9123825..0766653c234 100644 --- a/packaging/RedHat/samba2.spec.tmpl +++ b/packaging/RedHat/samba2.spec.tmpl @@ -8,6 +8,7 @@ Source: ftp://samba.org/pub/samba/samba-%{version}.tar.gz Packager: John H Terpstra [Samba-Team] Requires: pam >= 0.72 kernel >= 2.2.1 glibc >= 2.1.2 Prereq: chkconfig fileutils +Provides: samba = %{version}, samba-common = %{version}, samba-client = %{version}, samba-swat = %{version} BuildRoot: /var/tmp/samba Prefix: /usr @@ -43,9 +44,16 @@ for Shadow passwords and quotas. Do NOT recompile with the SHADOW_PWD option enabled %changelog +* Mon May 6 2002 Gerald Carter + - moved findsmb to a standard component in samba's + "make install". Removed from specfile. + +* Sun Oct 14 2001 Andrew Bartlett + - Set SBINDIR for codepage/manpage install, cope with + broken Makefile + * Mon Aug 1 2001 Tim Potter - Install winbind daemon, client programs, nss and pam libraries - - Removed codepage stuff so spec file works with current HEAD branch * Sat Mar 31 2001 Andrew Bartlett - Changed prefix/share/man for _mandir/share/man @@ -158,11 +166,11 @@ CFLAGS="$RPM_OPT_FLAGS $EXTRA" ./configure \ --with-privatedir=/etc/samba \ --with-fhs \ --with-quotas \ + --with-msdfs \ --with-smbmount \ --with-pam \ --with-syslog \ --with-utmp \ - --with-netatalk \ --with-sambabook=%{prefix}/share/swat/using_samba \ --with-swatdir=%{prefix}/share/swat make -j${NUMCPU} proto @@ -182,8 +190,8 @@ mkdir -p $RPM_BUILD_ROOT%{prefix}/{bin,sbin} mkdir -p $RPM_BUILD_ROOT%{prefix}/share/swat/{images,help,include,using_samba} mkdir -p $RPM_BUILD_ROOT%{prefix}/share/swat/using_samba/{figs,gifs} mkdir -p $RPM_BUILD_ROOTMANDIR_MACRO -mkdir -p $RPM_BUILD_ROOT/var/lock/samba -mkdir -p $RPM_BUILD_ROOT/var/log/samba +mkdir -p $RPM_BUILD_ROOT/var/cache/samba +mkdir -p $RPM_BUILD_ROOT/var/{log,run}/samba mkdir -p $RPM_BUILD_ROOT/var/spool/samba mkdir -p $RPM_BUILD_ROOT/lib/security @@ -211,19 +219,21 @@ ln -sf %{prefix}/sbin/smbmount $RPM_BUILD_ROOT/sbin/mount.smb # This allows us to get away without duplicating code that # sombody else can maintain for us. cd source -make LIBDIR=$RPM_BUILD_ROOT/etc/samba \ +make BASEDIR=$RPM_BUILD_ROOT/usr \ + LIBDIR=$RPM_BUILD_ROOT/etc/samba \ + SBINDIR=$RPM_BUILD_ROOT%{prefix}/sbin \ BINDIR=$RPM_BUILD_ROOT%{prefix}/bin \ MANDIR=$RPM_BUILD_ROOTMANDIR_MACRO \ SWATDIR=$RPM_BUILD_ROOT/usr/share/swat \ SAMBABOOK=$RPM_BUILD_ROOT/usr/share/swat/using_samba \ - installman installswat + installman installcp installswat cd .. # Install the nsswitch library extension file install -m755 source/nsswitch/libnss_wins.so $RPM_BUILD_ROOT/lib # Make link for wins resolver -( cd $RPM_BUILD_ROOT/lib; ln -s libnss_wins.so libnss_wins.so.2; ) +( cd $RPM_BUILD_ROOT/lib; ln -sf libnss_wins.so libnss_wins.so.2; ) # Install winbind shared libraries install -m755 source/nsswitch/libnss_winbind.so $RPM_BUILD_ROOT/lib @@ -246,7 +256,6 @@ done # Install the miscellany install -m644 swat/README $RPM_BUILD_ROOT%{prefix}/share/swat install -m755 packaging/RedHat/smbprint $RPM_BUILD_ROOT%{prefix}/bin -install -m755 packaging/RedHat/findsmb $RPM_BUILD_ROOT%{prefix}/bin install -m755 packaging/RedHat/smb.init $RPM_BUILD_ROOT/etc/rc.d/init.d/smb install -m755 packaging/RedHat/smb.init $RPM_BUILD_ROOT%{prefix}/sbin/samba install -m644 packaging/RedHat/samba.log $RPM_BUILD_ROOT/etc/logrotate.d/samba @@ -265,35 +274,74 @@ rm -rf $RPM_BUILD_ROOT /sbin/chkconfig smb off echo "Looking for old /etc/smb.conf..." -if [ -f /etc/smb.conf ]; then +if [ -f /etc/smb.conf -a ! -f /etc/samba/smb.conf ]; then echo "Moving old /etc/smb.conf to /etc/samba/smb.conf" mv /etc/smb.conf /etc/samba/smb.conf fi echo "Looking for old /etc/smbusers..." -if [ -f /etc/smbusers ]; then +if [ -f /etc/smbusers -a ! -f /etc/samba/smbusers ]; then echo "Moving old /etc/smbusers to /etc/samba/smbusers" mv /etc/smbusers /etc/samba/smbusers fi echo "Looking for old /etc/lmhosts..." -if [ -f /etc/lmhosts ]; then +if [ -f /etc/lmhosts -a ! -f /etc/samba/lmhosts ]; then echo "Moving old /etc/lmhosts to /etc/samba/lmhosts" mv /etc/lmhosts /etc/samba/lmhosts fi echo "Looking for old /etc/MACHINE.SID..." -if [ -f /etc/MACHINE.SID ]; then +if [ -f /etc/MACHINE.SID -a ! -f /etc/samba/MACHINE.SID ]; then echo "Moving old /etc/MACHINE.SID to /etc/samba/MACHINE.SID" mv /etc/MACHINE.SID /etc/samba/MACHINE.SID fi echo "Looking for old /etc/smbpasswd..." -if [ -f /etc/smbpasswd ]; then +if [ -f /etc/smbpasswd -a ! -f /etc/samba/smbpasswd ]; then echo "Moving old /etc/smbpasswd to /etc/samba/smbpasswd" mv /etc/smbpasswd /etc/samba/smbpasswd fi +# +# For 2.2.1 we move the tdb files from /var/lock/samba to /var/cache/samba +# to preserve across reboots. +# +echo "Moving tdb files in /var/lock/samba/*.tdb to /var/cache/samba/*.tdb" +for i in /var/lock/samba/*.tdb +do +if [ -f $i ]; then + newname=`echo $i | sed -e's|var\/lock\/samba|var\/cache\/samba|'` + echo "Moving $i to $newname" + mv $i $newname +fi +done + +# Remove the transient tdb files. +if [ -e /var/cache/samba/brlock.tdb ]; then + rm -f /var/cache/samba/brlock.tdb +fi + +if [ -e /var/cache/samba/unexpected.tdb ]; then + rm -f /var/cache/samba/unexpected.tdb +fi + +if [ -e /var/cache/samba/connections.tdb ]; then + rm -f /var/cache/samba/connections.tdb +fi + +if [ -e /var/cache/samba/locking.tdb ]; then + rm -f /var/cache/samba/locking.tdb +fi + +if [ -e /var/cache/samba/messages.tdb ]; then + rm -f /var/cache/samba/messages.tdb +fi + +if [ -d /var/lock/samba ]; then + rm -rf /var/lock/samba +fi + # Add swat entry to /etc/services if not already there. if !( grep ^[:space:]*swat /etc/services > /dev/null ) then echo 'swat 901/tcp # Add swat service used via inetd' >> /etc/services @@ -309,7 +357,7 @@ fi # Add swat entry to xinetd.d if needed. if [ -d $RPM_BUILD_ROOT/etc/xinetd.d -a ! -f /etc/xinetd.d/swat ]; then - mv /etc/samba/samba.xinetd /etc/xinetd.d/swat + mv /etc/samba/samba.xinetd /etc/xinetd.d/swat else rm -f /etc/samba/samba.xinetd fi @@ -325,39 +373,41 @@ fi # Create winbind nss client symlink -ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 +if [ -e /lib/libnss_winbind.so ]; then + ln -sf /lib/libnss_winbind.so /lib/libnss_winbind.so.2 +fi %preun if [ $1 = 0 ] ; then - /sbin/chkconfig --del smb + /sbin/chkconfig --del smb - # We want to remove the browse.dat and wins.dat files so they can not interfer with a new version of samba! - if [ -e /var/lock/samba/browse.dat ]; then - rm -f /var/lock/samba/browse.dat - fi - if [ -e /var/lock/samba/wins.dat ]; then - rm -f /var/lock/samba/wins.dat - fi + # We want to remove the browse.dat and wins.dat files so they can not interfer with a new version of samba! + if [ -e /var/cache/samba/browse.dat ]; then + rm -f /var/cache/samba/browse.dat + fi + if [ -e /var/cache/samba/wins.dat ]; then + rm -f /var/cache/samba/wins.dat + fi # Remove the transient tdb files. - if [ -e /var/lock/samba/brlock.tdb ]; then - rm -f /var/lock/samba/brlock.tdb + if [ -e /var/cache/samba/brlock.tdb ]; then + rm -f /var/cache/samba/brlock.tdb fi - if [ -e /var/lock/samba/unexpected.tdb ]; then - rm -f /var/lock/samba/unexpected.tdb + if [ -e /var/cache/samba/unexpected.tdb ]; then + rm -f /var/cache/samba/unexpected.tdb fi - if [ -e /var/lock/samba/connections.tdb ]; then - rm -f /var/lock/samba/connections.tdb + if [ -e /var/cache/samba/connections.tdb ]; then + rm -f /var/cache/samba/connections.tdb fi - if [ -e /var/lock/samba/locking.tdb ]; then - rm -f /var/lock/samba/locking.tdb + if [ -e /var/cache/samba/locking.tdb ]; then + rm -f /var/cache/samba/locking.tdb fi - if [ -e /var/lock/samba/messages.tdb ]; then - rm -f /var/lock/samba/messages.tdb + if [ -e /var/cache/samba/messages.tdb ]; then + rm -f /var/cache/samba/messages.tdb fi # Remove winbind nss client symlink @@ -376,6 +426,9 @@ if [ $1 = 0 ] ; then if [ -e /var/log/samba ]; then rm -rf /var/log/samba fi + if [ -e /var/cache/samba ]; then + rm -rf /var/cache/samba + fi # Remove swat entries from /etc/inetd.conf and /etc/services cd /etc @@ -403,56 +456,61 @@ if [ $0 != 0 ]; then fi %files +%defattr(-,root,root) %doc README COPYING Manifest Read-Manifest-Now %doc WHATSNEW.txt Roadmap %doc docs %doc swat/README %doc examples -%attr(-,root,root) %{prefix}/sbin/smbd -%attr(-,root,root) %{prefix}/sbin/nmbd -%attr(-,root,root) %{prefix}/sbin/swat -%attr(-,root,root) %{prefix}/sbin/smbmnt -%attr(-,root,root) %{prefix}/sbin/smbmount -%attr(-,root,root) %{prefix}/sbin/smbumount -%attr(-,root,root) %{prefix}/sbin/winbindd -%attr(-,root,root) /sbin/mount.smbfs -%attr(-,root,root) /sbin/mount.smb -%attr(-,root,root) %{prefix}/bin/mksmbpasswd.sh -%attr(-,root,root) %{prefix}/bin/smbclient -%attr(-,root,root) %{prefix}/bin/smbspool -%attr(-,root,root) %{prefix}/bin/rpcclient -%attr(-,root,root) %{prefix}/bin/testparm -%attr(-,root,root) %{prefix}/bin/testprns -%attr(-,root,root) %{prefix}/bin/findsmb -%attr(-,root,root) %{prefix}/bin/smbstatus -%attr(-,root,root) %{prefix}/bin/nmblookup -%attr(-,root,root) %{prefix}/bin/make_printerdef -%attr(-,root,root) %{prefix}/bin/smbpasswd -%attr(-,root,root) %{prefix}/bin/smbtar -%attr(-,root,root) %{prefix}/bin/smbprint -%attr(-,root,root) %{prefix}/bin/smbcontrol -%attr(-,root,root) %{prefix}/bin/smbcacls -%attr(-,root,root) %{prefix}/bin/wbinfo +%{prefix}/sbin/smbd +%{prefix}/sbin/nmbd +%{prefix}/sbin/swat +%{prefix}/sbin/smbmnt +%{prefix}/sbin/smbmount +%{prefix}/sbin/smbumount +%{prefix}/sbin/winbindd +/sbin/mount.smbfs +/sbin/mount.smb +%{prefix}/bin/mksmbpasswd.sh +%{prefix}/bin/smbclient +%{prefix}/bin/smbspool +%{prefix}/bin/rpcclient +%{prefix}/bin/testparm +%{prefix}/bin/testprns +%{prefix}/bin/findsmb +%{prefix}/bin/smbstatus +%{prefix}/bin/nmblookup +%{prefix}/bin/make_smbcodepage +%{prefix}/bin/make_unicodemap +%{prefix}/bin/make_printerdef +%{prefix}/bin/smbpasswd +%{prefix}/bin/smbtar +%{prefix}/bin/smbprint +%{prefix}/bin/smbcontrol +%{prefix}/bin/smbcacls +%{prefix}/bin/wbinfo %attr(755,root,root) /lib/libnss_wins.s* -%attr(-,root,root) %{prefix}/share/swat/help/* -%attr(-,root,root) %{prefix}/share/swat/images/* -%attr(-,root,root) %{prefix}/share/swat/include/header.html -%attr(-,root,root) %{prefix}/share/swat/include/footer.html -%attr(-,root,root) %{prefix}/share/swat/using_samba/* -%attr(-,root,root) %config(noreplace) /etc/samba/lmhosts -%attr(-,root,root) %config(noreplace) /etc/samba/smb.conf -%attr(-,root,root) %config(noreplace) /etc/samba/smbusers -%attr(-,root,root) /etc/samba/samba.stack -%attr(-,root,root) /etc/samba/samba.xinetd -%attr(-,root,root) /etc/rc.d/init.d/smb -%attr(-,root,root) /etc/logrotate.d/samba -%attr(-,root,root) %config(noreplace) /etc/pam.d/samba -%attr(-,root,root) MANDIR_MACRO/man1/* -%attr(-,root,root) MANDIR_MACRO/man5/* -%attr(-,root,root) MANDIR_MACRO/man7/* -%attr(-,root,root) MANDIR_MACRO/man8/* -%attr(755,root,root) %dir /var/lock/samba -%attr(-,root,root) %dir /var/log/samba +%{prefix}/share/swat/help/* +%{prefix}/share/swat/images/* +%{prefix}/share/swat/include/header.html +%{prefix}/share/swat/include/footer.html +%{prefix}/share/swat/using_samba/* +%config(noreplace) /etc/samba/lmhosts +%config(noreplace) /etc/samba/smb.conf +%config(noreplace) /etc/samba/smbusers +/etc/samba/samba.stack +/etc/samba/samba.xinetd +/etc/rc.d/init.d/smb +/etc/logrotate.d/samba +%config(noreplace) /etc/pam.d/samba +MANDIR_MACRO/man1/* +MANDIR_MACRO/man5/* +MANDIR_MACRO/man7/* +MANDIR_MACRO/man8/* +%dir /etc/codepages/* +%attr(755,root,root) %dir /var/cache/samba +%dir /var/log/samba +%dir /var/run/samba %attr(1777,root,root) %dir /var/spool/samba %attr(-,root,root) /lib/libnss_winbind.so %attr(-,root,root) /lib/security/pam_winbind.so diff --git a/packaging/RedHat/smb.init b/packaging/RedHat/smb.init index 260439281a3..5419b2b9c6e 100755 --- a/packaging/RedHat/smb.init +++ b/packaging/RedHat/smb.init @@ -13,8 +13,10 @@ # Check that networking is up. [ ${NETWORKING} = "no" ] && exit 0 +CONFIG=/etc/samba/smb.conf + # Check that smb.conf exists. -[ -f /etc/samba/smb.conf ] || exit 0 +[ -f $CONFIG ] || exit 0 # See how we were called. case "$1" in @@ -22,19 +24,26 @@ case "$1" in echo -n "Starting SMB services: " daemon smbd -D daemon nmbd -D + if [ "`grep -i 'winbind uid' /etc/samba/smb.conf | egrep -v [\#\;]`" ]; then + daemon winbindd + fi echo touch /var/lock/subsys/smb ;; stop) echo -n "Shutting down SMB services: " - killproc smbd - killproc nmbd + killproc smbd -TERM + killproc nmbd -TERM + if [ "`ps -ef | grep winbind | grep -v grep`" ]; then + killproc winbindd + fi rm -f /var/lock/subsys/smb echo "" ;; status) status smbd status nmbd + status winbindd ;; restart) echo -n "Restarting SMB services: " diff --git a/packaging/SGI/findsmb b/packaging/SGI/findsmb index a48ec592e80..336ff07c16f 100755 --- a/packaging/SGI/findsmb +++ b/packaging/SGI/findsmb @@ -73,7 +73,7 @@ foreach $ip (@ipaddrs) # loop through each IP address found $name = "unknown nis name"; } } else { - /(\S+)/; + /(.{1,15})\s+<00>\s+/; $name = $1; } @@ -103,7 +103,7 @@ foreach $ip (@ipaddrs) # loop through each IP address found @name = grep(/<00> - /,@nmblookup); $_ = @name[0]; if ($_) { - /(\S+)/; + /(.{1,15})\s+<00>\s+/; $_ = "[$1]"; } else { $_ = "Unknown Workgroup"; diff --git a/packaging/Solaris/i.swat b/packaging/Solaris/i.swat index 047f0e17200..d07d2798d85 100644 --- a/packaging/Solaris/i.swat +++ b/packaging/Solaris/i.swat @@ -33,7 +33,7 @@ EOF if [ ! -z "$PKG_INSTALL_ROOT" ] then - CAT < +# Copyright Andrew Barteltt 2002 ########################################################################### prefix=@prefix@ @@ -67,9 +68,15 @@ SWATDIR = @swatdir@ # the directory where lock files go LOCKDIR = @lockdir@ +# the directorty where pid files go +PIDDIR = @piddir@ # man pages language(s) man_langs = "@manlangs@" +LIBSMBCLIENT_MAJOR=0 +LIBSMBCLIENT_MINOR=1 + + FLAGS1 = $(CFLAGS) @FLAGS1@ -Iinclude -I$(srcdir)/include -I$(srcdir)/ubiqx -I$(srcdir)/smbwrapper -I. $(CPPFLAGS) -I$(srcdir) FLAGS2 = FLAGS3 = @@ -82,7 +89,7 @@ PASSWD_FLAGS = -DSMB_PASSWD_FILE=\"$(SMB_PASSWD_FILE)\" -DPRIVATE_DIR=\"$(PRIVAT PATH_FLAGS1 = -DCONFIGFILE=\"$(CONFIGFILE)\" -DSBINDIR=\"$(SBINDIR)\" PATH_FLAGS2 = $(PATH_FLAGS1) -DBINDIR=\"$(BINDIR)\" -DDRIVERFILE=\"$(DRIVERFILE)\" PATH_FLAGS3 = $(PATH_FLAGS2) -DLMHOSTSFILE=\"$(LMHOSTSFILE)\" -PATH_FLAGS4 = $(PATH_FLAGS3) -DSWATDIR=\"$(SWATDIR)\" -DLOCKDIR=\"$(LOCKDIR)\" +PATH_FLAGS4 = $(PATH_FLAGS3) -DSWATDIR=\"$(SWATDIR)\" -DLOCKDIR=\"$(LOCKDIR)\" -DPIDDIR=\"$(PIDDIR)\" PATH_FLAGS5 = $(PATH_FLAGS4) -DLIBDIR=\"$(LIBDIR)\" -DLOGFILEBASE=\"$(LOGFILEBASE)\" PATH_FLAGS = $(PATH_FLAGS5) $(PASSWD_FLAGS) @@ -93,16 +100,17 @@ WINBIND_LPROGS = @WINBIND_LTARGETS@ SPROGS = bin/smbd bin/nmbd bin/swat bin/wrepld @WINBIND_STARGETS@ PROGS1 = bin/smbclient bin/net bin/smbspool bin/testparm bin/testprns bin/smbstatus bin/smbcontrol bin/smbtree bin/tdbbackup @RUNPROG@ @WINBIND_TARGETS@ -PROGS2 = bin/smbpasswd bin/rpcclient bin/smbcacls @WRAP@ @WRAP32@ @PAM_MOD@ +PROGS2 = bin/smbpasswd bin/rpcclient bin/smbcacls @WRAPPROG@ @WRAP@ @WRAP32@ @PAM_MOD@ MPROGS = @MPROGS@ LPROGS = $(WINBIND_PAM_PROGS) $(WINBIND_LPROGS) PROGS = $(PROGS1) $(PROGS2) $(MPROGS) bin/nmblookup bin/pdbedit bin/smbgroupedit TORTURE_PROGS = bin/smbtorture bin/msgtest bin/masktest bin/locktest \ bin/locktest2 bin/nsstest -SHLIBS = libsmbclient +SHLIBS = @LIBSMBCLIENT@ -SCRIPTS = $(srcdir)/script/smbtar $(srcdir)/script/addtosmbpass $(srcdir)/script/convert_smbpasswd +SCRIPTS = $(srcdir)/script/smbtar $(srcdir)/script/addtosmbpass $(srcdir)/script/convert_smbpasswd \ + $(srcdir)/script/findsmb QUOTAOBJS=@QUOTAOBJS@ @@ -122,11 +130,11 @@ LIB_OBJ = lib/charcnv.o lib/debug.o lib/fault.o \ lib/bitmap.o lib/crc32.o lib/snprintf.o lib/dprintf.o \ lib/xfile.o lib/wins_srv.o \ lib/util_str.o lib/util_sid.o \ - lib/util_unistr.o lib/util_file.o \ - lib/util.o lib/util_sock.o lib/util_sec.o smbd/ssl.o \ + lib/util_unistr.o lib/util_file.o lib/data_blob.o \ + lib/util.o lib/util_sock.o lib/util_sec.o \ lib/talloc.o lib/hash.o lib/substitute.o lib/fsusage.o \ lib/ms_fnmatch.o lib/select.o lib/error.o lib/messages.o \ - lib/tallocmsg.o lib/dmallocmsg.o \ + lib/server_mutex.o lib/tallocmsg.o lib/dmallocmsg.o \ lib/md5.o lib/hmacmd5.o lib/iconv.o lib/smbpasswd.o \ nsswitch/wb_client.o nsswitch/wb_common.o \ lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \ @@ -141,8 +149,12 @@ PARAM_OBJ = param/loadparm.o param/params.o dynconfig.o LIBADS_OBJ = libads/ldap.o libads/ldap_printer.o libads/sasl.o \ libads/krb5_setpw.o libads/kerberos.o libads/ldap_user.o \ - libads/ads_struct.o libads/ads_status.o passdb/secrets.o \ - libads/util.o libads/disp_sec.o + libads/ads_struct.o libads/ads_status.o \ + libads/disp_sec.o + +LIBADS_SERVER_OBJ = libads/util.o libads/kerberos_verify.o + +SECRETS_OBJ = passdb/secrets.o LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \ libsmb/clikrb5.o libsmb/clispnego.o libsmb/asn1.o \ @@ -154,19 +166,22 @@ LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \ libsmb/smberr.o libsmb/credentials.o libsmb/pwd_cache.o \ libsmb/clioplock.o libsmb/errormap.o libsmb/clirap2.o \ libsmb/passchange.o libsmb/unexpected.o libsmb/doserr.o \ - $(RPC_PARSE_OBJ1) $(LIBADS_OBJ) + $(RPC_PARSE_OBJ1) -LIBMSRPC_OBJ = libsmb/cli_lsarpc.o libsmb/cli_samr.o libsmb/cli_spoolss.o \ +LIBMSRPC_OBJ = libsmb/cli_lsarpc.o libsmb/cli_samr.o \ libsmb/cli_netlogon.o libsmb/cli_srvsvc.o libsmb/cli_wkssvc.o \ - libsmb/cli_dfs.o libsmb/cli_reg.o libsmb/trust_passwd.o\ - rpc_client/cli_pipe.o libsmb/cli_pipe_util.o + libsmb/cli_dfs.o libsmb/cli_reg.o \ + rpc_client/cli_pipe.o libsmb/cli_spoolss.o libsmb/cli_spoolss_notify.o + +LIBMSRPC_SERVER_OBJ = libsmb/trust_passwd.o LIBMSRPC_PICOBJ = $(LIBMSRPC_OBJ:.o=.po) RPC_SERVER_OBJ = rpc_server/srv_lsa.o rpc_server/srv_lsa_nt.o \ rpc_server/srv_lsa_hnd.o rpc_server/srv_netlog.o rpc_server/srv_netlog_nt.o \ rpc_server/srv_pipe_hnd.o rpc_server/srv_reg.o rpc_server/srv_reg_nt.o \ - rpc_server/srv_samr.o rpc_server/srv_samr_nt.o rpc_server/srv_srvsvc.o rpc_server/srv_srvsvc_nt.o \ + rpc_server/srv_samr.o rpc_server/srv_samr_nt.o rpc_server/srv_samr_util.o \ + rpc_server/srv_srvsvc.o rpc_server/srv_srvsvc_nt.o \ rpc_server/srv_util.o rpc_server/srv_wkssvc.o rpc_server/srv_wkssvc_nt.o \ rpc_server/srv_pipe.o rpc_server/srv_dfs.o rpc_server/srv_dfs_nt.o \ rpc_server/srv_spoolss.o rpc_server/srv_spoolss_nt.o @@ -183,16 +198,17 @@ RPC_PARSE_OBJ = rpc_parse/parse_lsa.o rpc_parse/parse_net.o \ rpc_parse/parse_spoolss.o rpc_parse/parse_dfs.o -RPC_CLIENT_OBJ = rpc_client/cli_netlogon.o rpc_client/cli_pipe.o \ - rpc_client/cli_login.o \ - rpc_client/cli_spoolss_notify.o +RPC_CLIENT_OBJ = rpc_client/cli_pipe.o LOCKING_OBJ = locking/locking.o locking/brlock.o locking/posix.o -PASSDB_OBJ = passdb/passdb.o passdb/pdb_interface.o passdb/pdb_get_set.o \ +PASSDB_GET_SET_OBJ = passdb/pdb_get_set.o + +PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \ passdb/machine_sid.o passdb/pdb_smbpasswd.o \ passdb/pdb_tdb.o passdb/pdb_ldap.o passdb/pdb_plugin.o \ - passdb/pdb_nisplus.o + passdb/pdb_nisplus.o passdb/pdb_unix.o passdb/util_sam_sid.o \ + passdb/pdb_compat.o GROUPDB_OBJ = groupdb/mapping.o @@ -228,7 +244,6 @@ SMBD_OBJ1 = smbd/server.o smbd/files.o smbd/chgpasswd.o smbd/connection.o \ printing/printfsp.o lib/util_seaccess.o smbd/srvstr.o \ smbd/build_options.o \ smbd/change_trust_pw.o \ - rpc_client/cli_spoolss_notify.o \ $(MANGLE_OBJ) @@ -236,15 +251,17 @@ PRINTING_OBJ = printing/pcap.o printing/print_svid.o \ printing/print_cups.o printing/print_generic.o \ printing/lpq_parse.o printing/load.o -PRINTBACKEND_OBJ = printing/printing.o printing/nt_printing.o +PRINTBACKEND_OBJ = printing/printing.o printing/nt_printing.o printing/notify.o MSDFS_OBJ = msdfs/msdfs.o SMBD_OBJ = $(SMBD_OBJ1) $(MSDFS_OBJ) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \ - $(RPC_SERVER_OBJ) $(RPC_PARSE_OBJ) \ + $(RPC_SERVER_OBJ) $(RPC_PARSE_OBJ) $(SECRETS_OBJ) \ $(LOCKING_OBJ) $(PASSDB_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) \ $(LIB_OBJ) $(PRINTBACKEND_OBJ) $(QUOTAOBJS) $(OPLOCK_OBJ) \ - $(NOTIFY_OBJ) $(GROUPDB_OBJ) $(AUTH_OBJ) $(LIBMSRPC_OBJ) + $(NOTIFY_OBJ) $(GROUPDB_OBJ) $(AUTH_OBJ) \ + $(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) \ + $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \ @@ -269,11 +286,12 @@ WREPL_OBJ1 = wrepld/server.o wrepld/process.o wrepld/parser.o wrepld/socket.o \ WREPL_OBJ = $(WREPL_OBJ1) $(PARAM_OBJ) $(UBIQX_OBJ) \ $(PROFILE_OBJ) $(LIB_OBJ) -SWAT_OBJ = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \ - web/swat.o web/neg_lang.o $(PRINTING_OBJ) $(LIBSMB_OBJ) $(LOCKING_OBJ) \ - $(PARAM_OBJ) $(PASSDB_OBJ) \ - $(UBIQX_OBJ) $(LIB_OBJ) $(GROUPDB_OBJ) $(PLAINTEXT_AUTH_OBJ) \ - smbwrapper/shared.o +SWAT_OBJ1 = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \ + web/swat.o web/neg_lang.o + +SWAT_OBJ = $(SWAT_OBJ1) $(PRINTING_OBJ) $(LIBSMB_OBJ) $(LOCKING_OBJ) \ + $(PARAM_OBJ) $(PASSDB_OBJ) $(SECRETS_OBJ) \ + $(UBIQX_OBJ) $(LIB_OBJ) $(GROUPDB_OBJ) $(PLAINTEXT_AUTH_OBJ) SMBSH_OBJ = smbwrapper/smbsh.o smbwrapper/shared.o \ $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) @@ -285,10 +303,10 @@ STATUS_OBJ = utils/status.o $(LOCKING_OBJ) $(PARAM_OBJ) \ $(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) SMBCONTROL_OBJ = utils/smbcontrol.o $(LOCKING_OBJ) $(PARAM_OBJ) \ - $(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) + $(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) printing/notify.o SMBTREE_OBJ = utils/smbtree.o $(LOCKING_OBJ) $(PARAM_OBJ) \ - $(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) $(LIBSMB_OBJ) + $(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) $(LIBSMB_OBJ) TESTPARM_OBJ = utils/testparm.o \ $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) @@ -296,75 +314,85 @@ TESTPARM_OBJ = utils/testparm.o \ TESTPRNS_OBJ = utils/testprns.o $(PARAM_OBJ) $(PRINTING_OBJ) $(UBIQX_OBJ) \ $(LIB_OBJ) -SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) \ +SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) $(SECRETS_OBJ) \ $(LIBSMB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ)\ $(UBIQX_OBJ) $(LIB_OBJ) PDBEDIT_OBJ = utils/pdbedit.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(PASSDB_OBJ) \ - $(UBIQX_OBJ) $(LIB_OBJ) $(GROUPDB_OBJ) + $(UBIQX_OBJ) $(LIB_OBJ) $(GROUPDB_OBJ) $(SECRETS_OBJ) SMBGROUPEDIT_OBJ = utils/smbgroupedit.o $(GROUPDB_OBJ) $(PARAM_OBJ) \ - $(LIBSMB_OBJ) $(PASSDB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) + $(LIBSMB_OBJ) $(PASSDB_OBJ) $(SECRETS_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) RPCCLIENT_OBJ1 = rpcclient/rpcclient.o rpcclient/cmd_lsarpc.o \ rpcclient/cmd_samr.o rpcclient/cmd_spoolss.o \ rpcclient/cmd_netlogon.o rpcclient/cmd_srvsvc.o \ rpcclient/cmd_dfs.o rpcclient/cmd_reg.o \ - rpc_client/cli_login.o rpc_client/cli_netlogon.o \ rpcclient/display_sec.o RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \ $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \ $(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(LIBMSRPC_OBJ) \ - $(READLINE_OBJ) $(GROUPDB_OBJ) + $(READLINE_OBJ) $(GROUPDB_OBJ) \ + $(LIBADS_OBJ) $(SECRETS_OBJ) SAMSYNC_OBJ1 = rpcclient/samsync.o rpcclient/display_sec.o SAMSYNC_OBJ = $(SAMSYNC_OBJ1) \ $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \ $(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(LIBMSRPC_OBJ) \ - $(GROUPDB_OBJ) + $(GROUPDB_OBJ) $(SECRETS_OBJ) PAM_WINBIND_OBJ = nsswitch/pam_winbind.po nsswitch/wb_common.po lib/snprintf.po -SMBW_OBJ = smbwrapper/smbw.o \ +SMBW_OBJ1 = smbwrapper/smbw.o \ smbwrapper/smbw_dir.o smbwrapper/smbw_stat.o \ smbwrapper/realcalls.o smbwrapper/shared.o \ - smbwrapper/smbw_cache.o \ - $(LIBSMB_OBJ) $(PARAM_OBJ) \ + smbwrapper/smbw_cache.o + +SMBW_OBJ = $(SMBW_OBJ1) $(LIBSMB_OBJ) $(PARAM_OBJ) \ $(UBIQX_OBJ) $(LIB_OBJ) -SMBWRAPPER_OBJ = $(SMBW_OBJ) smbwrapper/wrapped.o +SMBWRAPPER_OBJ1 = smbwrapper/wrapped.o -LIBSMBCLIENT_OBJ = libsmb/libsmbclient.o $(LIB_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) +SMBWRAPPER_OBJ = $(SMBW_OBJ) $(SMBWRAPPER_OBJ1) -CLIENT_OBJ = client/client.o client/clitar.o \ - $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \ - $(READLINE_OBJ) +LIBSMBCLIENT_OBJ = libsmb/libsmbclient.o libsmb/libsmb_compat.o \ + libsmb/libsmb_cache.o $(LIB_OBJ) \ + $(LIBSMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) -NET_OBJ = utils/net.o utils/net_ads.o utils/net_help.o \ - utils/net_rap.o utils/net_rpc.o \ - utils/net_rpc_join.o utils/net_time.o utils/net_lookup.o \ - $(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_OBJ) \ - $(GROUPDB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) +CLIENT_OBJ1 = client/client.o client/clitar.o +CLIENT_OBJ = $(CLIENT_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \ + $(READLINE_OBJ) -CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) +NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_help.o \ + utils/net_rap.o utils/net_rpc.o \ + utils/net_rpc_join.o utils/net_time.o utils/net_lookup.o + +NET_OBJ = $(NET_OBJ1) $(SECRETS_OBJ) $(LIBSMB_OBJ) \ + $(RPC_PARSE_OBJ) $(PASSDB_GET_SET_OBJ) \ + $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \ + $(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) \ + $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) + +CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) MOUNT_OBJ = client/smbmount.o \ - $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) + $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) -MNT_OBJ = client/smbmnt.o \ - $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) +MNT_OBJ = client/smbmnt.o UMOUNT_OBJ = client/smbumount.o \ - $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) + $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) NMBLOOKUP_OBJ = utils/nmblookup.o $(PARAM_OBJ) $(UBIQX_OBJ) \ $(LIBSMB_OBJ) $(LIB_OBJ) -SMBTORTURE_OBJ = torture/torture.o torture/nbio.o torture/scanner.o torture/utable.o \ - torture/denytest.o torture/mangle_test.o \ +SMBTORTURE_OBJ1 = torture/torture.o torture/nbio.o torture/scanner.o torture/utable.o \ + torture/denytest.o torture/mangle_test.o + +SMBTORTURE_OBJ = $(SMBTORTURE_OBJ1) \ $(LIBSMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) MASKTEST_OBJ = torture/masktest.o $(LIBSMB_OBJ) $(PARAM_OBJ) \ @@ -383,8 +411,8 @@ LOCKTEST2_OBJ = torture/locktest2.o $(LOCKING_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) \ $(UBIQX_OBJ) $(LIB_OBJ) SMBCACLS_OBJ = utils/smbcacls.o $(LOCKING_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) \ - $(UBIQX_OBJ) $(LIB_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_OBJ) \ - $(LIBMSRPC_OBJ) $(GROUPDB_OBJ) + $(UBIQX_OBJ) $(LIB_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_GET_SET_OBJ) \ + $(LIBMSRPC_OBJ) TALLOCTORT_OBJ = lib/talloctort.o $(LIB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) @@ -396,18 +424,25 @@ RPCTORTURE_OBJ = torture/rpctorture.o \ rpcclient/cmd_srvsvc.o \ rpcclient/cmd_netlogon.o \ $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \ - $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_OBJ) + $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_GET_SET_OBJ) DEBUG2HTML_OBJ = utils/debug2html.o ubiqx/debugparse.o SMBFILTER_OBJ = utils/smbfilter.o $(LIBSMB_OBJ) $(PARAM_OBJ) \ $(UBIQX_OBJ) $(LIB_OBJ) -PROTO_OBJ = $(SMBD_OBJ) $(NMBD_OBJ) $(SWAT_OBJ) $(CLIENT_OBJ) \ - $(SMBWRAPPER_OBJ) $(SMBTORTURE_OBJ) $(RPCCLIENT_OBJ1) \ - $(LIBMSRPC_OBJ) $(RPC_CLIENT_OBJ) $(AUTH_OBJ) $(NET_OBJ) +PROTO_OBJ = $(SMBD_OBJ1) $(NMBD_OBJ1) $(SWAT_OBJ1) $(LIB_OBJ) $(LIBSMB_OBJ) \ + $(SMBWRAPPER_OBJ1) $(SMBTORTURE_OBJ1) $(RPCCLIENT_OBJ1) \ + $(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) $(RPC_CLIENT_OBJ) \ + $(RPC_SERVER_OBJ) $(RPC_PARSE_OBJ) \ + $(AUTH_OBJ) $(PARAM_OBJ) $(LOCKING_OBJ) $(SECRETS_OBJ) \ + $(PRINTING_OBJ) $(PRINTBACKEND_OBJ) $(OPLOCK_OBJ) $(NOTIFY_OBJ) \ + $(QUOTAOBJS) $(PASSDB_OBJ) $(GROUPDB_OBJ) $(MSDFS_OBJ) \ + $(READLINE_OBJ) $(PROFILE_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) + +NSS_OBJ_0 = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) $(LIBSMB_OBJ) \ + $(LIB_OBJ) $(NSSWINS_OBJ) -NSS_OBJ_0 = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) $(LIBSMB_OBJ) $(LIB_OBJ) $(NSSWINS_OBJ) NSS_OBJ = $(NSS_OBJ_0:.o=.po) PICOBJS = $(SMBWRAPPER_OBJ:.o=.po) @@ -442,16 +477,17 @@ WINBINDD_OBJ1 = \ nsswitch/winbindd_cm.o \ nsswitch/winbindd_wins.o \ nsswitch/winbindd_rpc.o \ - nsswitch/winbindd_ads.o + nsswitch/winbindd_ads.o \ + nsswitch/winbindd_dual.o WINBINDD_OBJ = \ - $(WINBINDD_OBJ1) $(NOPROTO_OBJ) $(PASSDB_OBJ) \ + $(WINBINDD_OBJ1) $(PASSDB_GET_SET_OBJ) \ $(LIBNMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \ $(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \ - $(GROUPDB_OBJ) $(PROFILE_OBJ) $(UNIGRP_OBJ) + $(PROFILE_OBJ) $(UNIGRP_OBJ) \ + $(SECRETS_OBJ) $(LIBADS_OBJ) -WBINFO_OBJ = nsswitch/wbinfo.o libsmb/smbencrypt.o libsmb/smbdes.o \ - passdb/secrets.o +WBINFO_OBJ = nsswitch/wbinfo.o libsmb/smbencrypt.o libsmb/smbdes.o WINBIND_NSS_OBJ = nsswitch/winbind_nss.o nsswitch/wb_common.o @WINBIND_NSS_EXTRA_OBJS@ @@ -465,11 +501,11 @@ TDBBACKUP_OBJ = tdb/tdbbackup.o $(TDBBASE_OBJ) ###################################################################### # now the rules... ###################################################################### -all : SHOWFLAGS include/proto.h include/wrepld_proto.h include/build_env.h $(SPROGS) $(PROGS) $(WINBIND_PROGS) $(WINBIND_SPROGS) $(LPROGS) $(SHLIBS) +all : SHOWFLAGS proto_exists $(SPROGS) $(PROGS) $(WINBIND_PROGS) $(WINBIND_SPROGS) $(LPROGS) $(SHLIBS) pam_smbpass : SHOWFLAGS bin/pam_smbpass.@SHLIBEXT@ -smbwrapper : SHOWFLAGS bin/smbsh bin/smbwrapper.@SHLIBEXT@ @WRAP32@ +smbwrapper : SHOWFLAGS @WRAPPROG@ @WRAP@ @WRAP32@ torture : SHOWFLAGS $(TORTURE_PROGS) @@ -616,7 +652,7 @@ bin/smbumount: $(UMOUNT_OBJ) bin/.dummy bin/testparm: $(TESTPARM_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(TESTPARM_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(TESTPARM_OBJ) $(LDFLAGS) $(LIBS) @BUILD_POPT@ bin/testprns: $(TESTPRNS_OBJ) bin/.dummy @echo Linking $@ @@ -640,7 +676,7 @@ bin/smbpasswd: $(SMBPASSWD_OBJ) bin/.dummy bin/pdbedit: $(PDBEDIT_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @BUILD_POPT@ bin/smbgroupedit: $(SMBGROUPEDIT_OBJ) bin/.dummy @echo Linking $@ @@ -702,17 +738,24 @@ bin/smbw_sample: $(SMBW_OBJ) utils/smbw_sample.o bin/.dummy @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(SMBW_OBJ) utils/smbw_sample.o $(LDFLAGS) $(LIBS) -bin/smbwrapper.@SHLIBEXT@: $(PICOBJS) +bin/smbsh: $(SMBSH_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(SMBSH_OBJ) $(LDFLAGS) $(LIBS) + +bin/smbwrapper.@SHLIBEXT@: $(PICOBJS) bin/.dummy @echo Linking shared library $@ - @$(SHLD) $(LDSHFLAGS) -o $@ $(PICOBJS) $(LIBS) + @$(SHLD) $(LDSHFLAGS) -o $@ $(PICOBJS) $(LIBS) \ + @SONAMEFLAG@`basename $@` bin/smbwrapper.32.@SHLIBEXT@: $(PICOBJS32) @echo Linking shared library $@ - @$(SHLD) -32 $(LDSHFLAGS) -o $@ $(PICOBJS32) $(LIBS) + @$(SHLD) -32 $(LDSHFLAGS) -o $@ $(PICOBJS32) $(LIBS) \ + @SONAMEFLAG@`basename $@` bin/libsmbclient.@SHLIBEXT@: $(LIBSMBCLIENT_PICOBJS) echo Linking libsmbclient shared library $@ - $(SHLD) $(LDSHFLAGS) -o $@ $(LIBSMBCLIENT_PICOBJS) $(LIBS) + $(SHLD) $(LDSHFLAGS) -o $@ $(LIBSMBCLIENT_PICOBJS) $(LIBS) \ + @SONAMEFLAG@`basename $@`.$(LIBSMBCLIENT_MAJOR) bin/libsmbclient.a: $(LIBSMBCLIENT_PICOBJS) @echo Linking libsmbclient non-shared library $@ @@ -720,35 +763,40 @@ bin/libsmbclient.a: $(LIBSMBCLIENT_PICOBJS) libsmbclient: bin/libsmbclient.a bin/libsmbclient.@SHLIBEXT@ -bin/smbsh: $(SMBSH_OBJ) bin/.dummy - @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBSH_OBJ) $(LDFLAGS) $(LIBS) nsswitch/libnss_wins.so: $(NSS_OBJ) @echo "Linking $@" - @$(SHLD) $(LDSHFLAGS) -o $@ $(NSS_OBJ) -lc + @$(SHLD) $(LDSHFLAGS) -o $@ $(NSS_OBJ) -lc \ + @SONAMEFLAG@`basename $@` bin/winbindd: $(WINBINDD_OBJ) bin/.dummy @echo Linking $@ @$(LINK) -o $@ $(WINBINDD_OBJ) $(DYNEXP) $(LIBS) +nsswitch/libns_winbind.so: $(WINBIND_NSS_PICOBJS) + @echo "Linking $@" + @$(SHLD) @LDSHFLAGS@ -o $@ $(WINBIND_NSS_PICOBJS) @WINBIND_NSS_EXTRA_LIBS@ \ + @SONAMEFLAG@`basename $@` + nsswitch/libnss_winbind.so: $(WINBIND_NSS_PICOBJS) @echo "Linking $@" - @$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_NSS_PICOBJS) @WINBIND_NSS_EXTRA_LIBS@ + @$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_NSS_PICOBJS) @WINBIND_NSS_EXTRA_LIBS@ \ + @SONAMEFLAG@`basename $@` nsswitch/pam_winbind.so: $(PAM_WINBIND_OBJ) bin/.dummy @echo Linking $@ - @$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_WINBIND_OBJ) + @$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_WINBIND_OBJ) \ + @SONAMEFLAG@`basename $@` -bin/wbinfo: $(WBINFO_OBJ) $(PARAM_OBJ) $(LIB_OBJ) $(NOPROTO_OBJ) \ - $(UBIQX_OBJ) @BUILD_POPT@ bin/.dummy +bin/wbinfo: $(WBINFO_OBJ) $(PARAM_OBJ) $(LIB_OBJ) \ + $(UBIQX_OBJ) $(SECRETS_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(LINK) -o $@ $(WBINFO_OBJ) $(PARAM_OBJ) $(LIB_OBJ) $(NOPROTO_OBJ) \ - $(UBIQX_OBJ) $(LIBS) @BUILD_POPT@ + @$(LINK) -o $@ $(WBINFO_OBJ) $(PARAM_OBJ) $(LIB_OBJ) \ + $(UBIQX_OBJ) $(SECRETS_OBJ) $(LIBS) @BUILD_POPT@ bin/pam_smbpass.@SHLIBEXT@: $(PAM_SMBPASS_PICOOBJ) @echo "Linking shared library $@" - $(SHLD) $(LDSHFLAGS) -symbolic -o $@ $(PAM_SMBPASS_PICOOBJ) -lpam $(DYNEXP) $(LIBS) -lc + $(SHLD) $(LDSHFLAGS) -o $@ $(PAM_SMBPASS_PICOOBJ) -lpam $(DYNEXP) $(LIBS) -lc bin/libmsrpc.a: $(LIBMSRPC_PICOBJ) -$(AR) -rc $@ $(LIBMSRPC_PICOBJ) @@ -826,38 +874,73 @@ clean: delheaders -rm -f core */*~ *~ */*.o */*.po */*.po32 */*.@SHLIBEXT@ \ $(TOPFILES) $(PROGS) $(SPROGS) .headers.stamp -winbindd_proto: - @cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \ - -h _WINBINDD_PROTO_H_ nsswitch/winbindd_proto.h \ - $(WINBINDD_OBJ1) +# Making this target will just make sure that the prototype files +# exist, not necessarily that they are up to date. Since they're +# removed by "make clean" this will always be run when you do anything +# afterwards. +proto_exists: include/proto.h include/wrepld_proto.h include/build_env.h \ + nsswitch/winbindd_proto.h web/swat_proto.h \ + client/client_proto.h utils/net_proto.h delheaders: - @/bin/rm -f $(srcdir)/include/proto.h $(srcdir)/include/build_env.h - @/bin/rm -f include/proto.h include/build_env.h - -# we want our generated headers to be rebuilt if they don't exist, but not rebuilt every time -.headers.stamp: - @[ -f $@ ] || touch $@ + @echo Removing prototype headers + @/bin/rm -f $(srcdir)/include/proto.h $(srcdir)/include/build_env.h + @/bin/rm -f $(srcdir)/include/wrepld_proto.h $(srcdir)/nsswitch/winbindd_proto.h + @/bin/rm -f $(srcdir)/web/swat_proto.h + @/bin/rm -f $(srcdir)/client/client_proto.h $(srcdir)/utils/net_proto.h -$(PROTO_OBJ) : .headers.stamp + @/bin/rm -f include/proto.h include/build_env.h include/wrepld_proto.h \ + nsswitch/winbindd_proto.h web/swat_proto.h \ + client/client_proto.h utils/net_proto.h include/proto.h: - @echo rebuilding include/proto.h - @cd $(srcdir) && $(AWK) -f script/mkproto.awk `echo $(PROTO_OBJ) | tr ' ' '\n' | sed -e 's/\.o/\.c/g' | sort -u | egrep -v 'ubiqx/|wrapped'` > $(builddir)/include/proto.h + @echo Building include/proto.h + @cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \ + -h _PROTO_H_ $(builddir)/include/proto.h \ + $(PROTO_OBJ) include/build_env.h: - @echo rebuilding include/build_env.h + @echo Building include/build_env.h @cd $(srcdir) && $(SHELL) script/build_env.sh $(srcdir) $(builddir) $(CC) > $(builddir)/include/build_env.h include/wrepld_proto.h: - @echo rebuilding include/wrepld_proto.h + @echo Building include/wrepld_proto.h @cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \ -h _WREPLD_PROTO_H_ $(builddir)/include/wrepld_proto.h \ $(WREPL_OBJ1) -headers: delheaders include/proto.h include/build_env.h include/wrepld_proto.h .headers.stamp +nsswitch/winbindd_proto.h: + @cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \ + -h _WINBINDD_PROTO_H_ nsswitch/winbindd_proto.h \ + $(WINBINDD_OBJ1) + +web/swat_proto.h: + @cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \ + -h _SWAT_PROTO_H_ web/swat_proto.h \ + $(SWAT_OBJ1) + +client/client_proto.h: + @cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \ + -h _CLIENT_PROTO_H_ client/client_proto.h \ + $(CLIENT_OBJ1) + +utils/net_proto.h: + @cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \ + -h _CLIENT_PROTO_H_ utils/net_proto.h \ + $(NET_OBJ1) + +# "make headers" or "make proto" calls a subshell because we need to +# make sure these commands are executed in sequence even for a +# parallel make. +headers: + $(MAKE) delheaders include/proto.h include/build_env.h \ + include/wrepld_proto.h nsswitch/winbindd_proto.h \ + web/swat_proto.h client/client_proto.h \ + utils/net_proto.h + +proto: headers -proto: headers winbindd_proto +.PHONY: headers proto etags: etags `find $(srcdir) -name "*.[ch]" | grep -v /CVS/` diff --git a/source3/acconfig.h b/source3/acconfig.h index eb49d436972..3962b185548 100644 --- a/source3/acconfig.h +++ b/source3/acconfig.h @@ -58,8 +58,6 @@ #undef HAVE_SET_AUTH_PARAMETERS #undef WITH_SYSLOG #undef WITH_PROFILE -#undef WITH_SSL -#undef SSL_DIR #undef WITH_PAM #undef WITH_NISPLUS_HOME #undef WITH_AUTOMOUNT @@ -71,6 +69,7 @@ #undef REPLACE_INET_NTOA #undef HAVE_FILE_MACRO #undef HAVE_FUNCTION_MACRO +#undef HAVE_VA_COPY #undef HAVE_SETRESUID_DECL #undef HAVE_SETRESUID #undef WITH_NETATALK @@ -124,7 +123,10 @@ #undef USE_SETRESUID #undef USE_SETREUID #undef USE_SETUIDX -#undef HAVE_LIBDL +#undef HAVE_DLOPEN +#undef HAVE_DLCLOSE +#undef HAVE_DLSYM +#undef HAVE_DLERROR #undef SYSCONF_SC_NGROUPS_MAX #undef HAVE_UT_UT_NAME #undef HAVE_UT_UT_USER diff --git a/source3/aclocal.m4 b/source3/aclocal.m4 index caf5ab461b9..4ae5336a4bf 100644 --- a/source3/aclocal.m4 +++ b/source3/aclocal.m4 @@ -93,723 +93,7 @@ define(AC_ADD_INCLUDE, EOF ]) -## libtool.m4 - Configure libtool for the target system. -*-Shell-script-*- -## Copyright (C) 1996-1999 Free Software Foundation, Inc. -## Originally by Gordon Matzigkeit , 1996 -## -## This program is free software; you can redistribute it and/or modify -## it under the terms of the GNU General Public License as published by -## the Free Software Foundation; either version 2 of the License, or -## (at your option) any later version. -## -## This program is distributed in the hope that it will be useful, but -## WITHOUT ANY WARRANTY; without even the implied warranty of -## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -## General Public License for more details. -## -## You should have received a copy of the GNU General Public License -## along with this program; if not, write to the Free Software -## Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -## -## As a special exception to the GNU General Public License, if you -## distribute this file as part of a program that contains a -## configuration script generated by Autoconf, you may include it under -## the same distribution terms that you use for the rest of that program. - -# serial 40 AC_PROG_LIBTOOL -AC_DEFUN(AC_PROG_LIBTOOL, -[AC_REQUIRE([AC_LIBTOOL_SETUP])dnl - -# Save cache, so that ltconfig can load it -AC_CACHE_SAVE - -# Actually configure libtool. ac_aux_dir is where install-sh is found. -CC="$CC" CFLAGS="$CFLAGS" CPPFLAGS="$CPPFLAGS" \ -LD="$LD" LDFLAGS="$LDFLAGS" LIBS="$LIBS" \ -LN_S="$LN_S" NM="$NM" RANLIB="$RANLIB" \ -DLLTOOL="$DLLTOOL" AS="$AS" OBJDUMP="$OBJDUMP" \ -${CONFIG_SHELL-/bin/sh} $ac_aux_dir/ltconfig --no-reexec \ -$libtool_flags --no-verify $ac_aux_dir/ltmain.sh $lt_target \ -|| AC_MSG_ERROR([libtool configure failed]) - -# Reload cache, that may have been modified by ltconfig -AC_CACHE_LOAD - -# This can be used to rebuild libtool when needed -LIBTOOL_DEPS="$ac_aux_dir/ltconfig $ac_aux_dir/ltmain.sh" - -# Always use our own libtool. -LIBTOOL='$(SHELL) $(top_builddir)/libtool' -AC_SUBST(LIBTOOL)dnl - -# Redirect the config.log output again, so that the ltconfig log is not -# clobbered by the next message. -exec 5>>./config.log -]) - -# Macro to add for using GNU gettext. -# Ulrich Drepper , 1995. -# -# This file can be copied and used freely without restrictions. It can -# be used in projects which are not available under the GNU Public License -# but which still want to provide support for the GNU gettext functionality. -# Please note that the actual code is *not* freely available. - -# serial 5 - -AC_DEFUN(AM_WITH_NLS, - [AC_MSG_CHECKING([whether NLS is requested]) - dnl Default is enabled NLS - AC_ARG_ENABLE(nls, - [ --disable-nls do not use Native Language Support], - USE_NLS=$enableval, USE_NLS=yes) - AC_MSG_RESULT($USE_NLS) - AC_SUBST(USE_NLS) - - USE_INCLUDED_LIBINTL=no - - dnl If we use NLS figure out what method - if test "$USE_NLS" = "yes"; then - AC_DEFINE(ENABLE_NLS) -# AC_MSG_CHECKING([whether included gettext is requested]) -# AC_ARG_WITH(included-gettext, -# [ --with-included-gettext use the GNU gettext library included here], -# nls_cv_force_use_gnu_gettext=$withval, -# nls_cv_force_use_gnu_gettext=no) -# AC_MSG_RESULT($nls_cv_force_use_gnu_gettext) - - dnl ad-hoc fix to prevent configure from detecting - dnl gettext on the system. use included-gettext as default.(rkawa) - nls_cv_force_use_gnu_gettext="yes" - - nls_cv_use_gnu_gettext="$nls_cv_force_use_gnu_gettext" - if test "$nls_cv_force_use_gnu_gettext" != "yes"; then - dnl User does not insist on using GNU NLS library. Figure out what - dnl to use. If gettext or catgets are available (in this order) we - dnl use this. Else we have to fall back to GNU NLS library. - dnl catgets is only used if permitted by option --with-catgets. - nls_cv_header_intl= - nls_cv_header_libgt= - CATOBJEXT=NONE - - AC_CHECK_HEADER(libintl.h, - [AC_CACHE_CHECK([for gettext in libc], gt_cv_func_gettext_libc, - [AC_TRY_LINK([#include ], [return (int) gettext ("")], - gt_cv_func_gettext_libc=yes, gt_cv_func_gettext_libc=no)]) - - if test "$gt_cv_func_gettext_libc" != "yes"; then - AC_CHECK_LIB(intl, bindtextdomain, - [AC_CACHE_CHECK([for gettext in libintl], - gt_cv_func_gettext_libintl, - [AC_CHECK_LIB(intl, gettext, - gt_cv_func_gettext_libintl=yes, - gt_cv_func_gettext_libintl=no)], - gt_cv_func_gettext_libintl=no)]) - fi - - if test "$gt_cv_func_gettext_libc" = "yes" \ - || test "$gt_cv_func_gettext_libintl" = "yes"; then - AC_DEFINE(HAVE_GETTEXT) - AM_PATH_PROG_WITH_TEST(MSGFMT, msgfmt, - [test -z "`$ac_dir/$ac_word -h 2>&1 | grep 'dv '`"], no)dnl - if test "$MSGFMT" != "no"; then - AC_CHECK_FUNCS(dcgettext) - AC_PATH_PROG(GMSGFMT, gmsgfmt, $MSGFMT) - AM_PATH_PROG_WITH_TEST(XGETTEXT, xgettext, - [test -z "`$ac_dir/$ac_word -h 2>&1 | grep '(HELP)'`"], :) - AC_TRY_LINK(, [extern int _nl_msg_cat_cntr; - return _nl_msg_cat_cntr], - [CATOBJEXT=.gmo - DATADIRNAME=share], - [CATOBJEXT=.mo - DATADIRNAME=lib]) - INSTOBJEXT=.mo - fi - fi - ]) - - if test "$CATOBJEXT" = "NONE"; then -# AC_MSG_CHECKING([whether catgets can be used]) -# AC_ARG_WITH(catgets, -# [ --with-catgets use catgets functions if available], -# nls_cv_use_catgets=$withval, nls_cv_use_catgets=no) -# AC_MSG_RESULT($nls_cv_use_catgets) - - dnl ad-hoc fix to prevent configure to detect catgets library. - dnl (rkawa) - nls_cv_use_catgets="no" - - if test "$nls_cv_use_catgets" = "yes"; then - dnl No gettext in C library. Try catgets next. - AC_CHECK_LIB(i, main) - AC_CHECK_FUNC(catgets, - [AC_DEFINE(HAVE_CATGETS) - INTLOBJS="\$(CATOBJS)" - AC_PATH_PROG(GENCAT, gencat, no)dnl - if test "$GENCAT" != "no"; then - AC_PATH_PROG(GMSGFMT, gmsgfmt, no) - if test "$GMSGFMT" = "no"; then - AM_PATH_PROG_WITH_TEST(GMSGFMT, msgfmt, - [test -z "`$ac_dir/$ac_word -h 2>&1 | grep 'dv '`"], no) - fi - AM_PATH_PROG_WITH_TEST(XGETTEXT, xgettext, - [test -z "`$ac_dir/$ac_word -h 2>&1 | grep '(HELP)'`"], :) - USE_INCLUDED_LIBINTL=yes - CATOBJEXT=.cat - INSTOBJEXT=.cat - DATADIRNAME=lib - INTLDEPS='$(top_builddir)/intl/libintl.a' - INTLLIBS=$INTLDEPS - LIBS=`echo $LIBS | sed -e 's/-lintl//'` - nls_cv_header_intl=intl/libintl.h - nls_cv_header_libgt=intl/libgettext.h - fi]) - fi - fi - - if test "$CATOBJEXT" = "NONE"; then - dnl Neither gettext nor catgets in included in the C library. - dnl Fall back on GNU gettext library. - nls_cv_use_gnu_gettext=yes - fi - fi - - if test "$nls_cv_use_gnu_gettext" = "yes"; then - dnl Mark actions used to generate GNU NLS library. - INTLOBJS="\$(GETTOBJS)" - AM_PATH_PROG_WITH_TEST(MSGFMT, msgfmt, - [test -z "`$ac_dir/$ac_word -h 2>&1 | grep 'dv '`"], msgfmt) - AC_PATH_PROG(GMSGFMT, gmsgfmt, $MSGFMT) - AM_PATH_PROG_WITH_TEST(XGETTEXT, xgettext, - [test -z "`$ac_dir/$ac_word -h 2>&1 | grep '(HELP)'`"], :) - AC_SUBST(MSGFMT) - USE_INCLUDED_LIBINTL=yes - CATOBJEXT=.gmo - INSTOBJEXT=.mo - DATADIRNAME=share - INTLDEPS='$(top_builddir)/intl/libintl.a' - INTLLIBS=$INTLDEPS - LIBS=`echo $LIBS | sed -e 's/-lintl//'` - nls_cv_header_intl=intl/libintl.h - nls_cv_header_libgt=intl/libgettext.h - fi - - dnl Test whether we really found GNU xgettext. - if test "$XGETTEXT" != ":"; then - dnl If it is no GNU xgettext we define it as : so that the - dnl Makefiles still can work. - if $XGETTEXT --omit-header /dev/null 2> /dev/null; then - : ; - else - AC_MSG_RESULT( - [found xgettext program is not GNU xgettext; ignore it]) - XGETTEXT=":" - fi - fi - - # We need to process the po/ directory. - POSUB=po - else - DATADIRNAME=share - nls_cv_header_intl=intl/libintl.h - nls_cv_header_libgt=intl/libgettext.h - fi - - dnl the next line has been modified by rkawa to avoid - dnl misconfiguration of intl/libintl.h symlink. - rm -f intl/libintl.h - - AC_LINK_FILES($nls_cv_header_libgt, $nls_cv_header_intl) - AC_OUTPUT_COMMANDS( - [case "$CONFIG_FILES" in *po/Makefile.in*) - sed -e "/POTFILES =/r po/POTFILES" po/Makefile.in > po/Makefile - esac]) - - - # If this is used in GNU gettext we have to set USE_NLS to `yes' - # because some of the sources are only built for this goal. - if test "$PACKAGE" = gettext; then - USE_NLS=yes - USE_INCLUDED_LIBINTL=yes - fi - - dnl These rules are solely for the distribution goal. While doing this - dnl we only have to keep exactly one list of the available catalogs - dnl in configure.in. - for lang in $ALL_LINGUAS; do - GMOFILES="$GMOFILES $lang.gmo" - POFILES="$POFILES $lang.po" - done - - dnl Make all variables we use known to autoconf. - AC_SUBST(USE_INCLUDED_LIBINTL) - AC_SUBST(CATALOGS) - AC_SUBST(CATOBJEXT) - AC_SUBST(DATADIRNAME) - AC_SUBST(GMOFILES) - AC_SUBST(INSTOBJEXT) - AC_SUBST(INTLDEPS) - AC_SUBST(INTLLIBS) - AC_SUBST(INTLOBJS) - AC_SUBST(POFILES) - AC_SUBST(POSUB) - ]) - -AC_DEFUN(AM_GNU_GETTEXT, - [AC_REQUIRE([AC_PROG_MAKE_SET])dnl - AC_REQUIRE([AC_PROG_CC])dnl - AC_REQUIRE([AC_PROG_RANLIB])dnl - AC_REQUIRE([AC_ISC_POSIX])dnl - AC_REQUIRE([AC_HEADER_STDC])dnl - AC_REQUIRE([AC_C_CONST])dnl - AC_REQUIRE([AC_C_INLINE])dnl - AC_REQUIRE([AC_TYPE_OFF_T])dnl - AC_REQUIRE([AC_TYPE_SIZE_T])dnl - AC_REQUIRE([AC_FUNC_ALLOCA])dnl - AC_REQUIRE([AC_FUNC_MMAP])dnl - - AC_CHECK_HEADERS([argz.h limits.h locale.h nl_types.h malloc.h string.h \ -unistd.h sys/param.h]) - AC_CHECK_FUNCS([getcwd munmap putenv setenv setlocale strchr strcasecmp \ -strdup __argz_count __argz_stringify __argz_next]) - - if test "${ac_cv_func_stpcpy+set}" != "set"; then - AC_CHECK_FUNCS(stpcpy) - fi - if test "${ac_cv_func_stpcpy}" = "yes"; then - AC_DEFINE(HAVE_STPCPY) - fi - - AM_LC_MESSAGES - AM_WITH_NLS - - - if test "x$CATOBJEXT" != "x"; then - if test "x$ALL_LINGUAS" = "x"; then - LINGUAS= - else - AC_MSG_CHECKING(for catalogs to be installed) - NEW_LINGUAS= - for lang in ${LINGUAS=$ALL_LINGUAS}; do - case "$ALL_LINGUAS" in - *$lang*) NEW_LINGUAS="$NEW_LINGUAS $lang" ;; - esac - done - LINGUAS=$NEW_LINGUAS - AC_MSG_RESULT($LINGUAS) - fi - - dnl Construct list of names of catalog files to be constructed. - if test -n "$LINGUAS"; then - for lang in $LINGUAS; do CATALOGS="$CATALOGS $lang$CATOBJEXT"; done - fi - fi - - dnl The reference to in the installed file - dnl must be resolved because we cannot expect the users of this - dnl to define HAVE_LOCALE_H. - if test $ac_cv_header_locale_h = yes; then - INCLUDE_LOCALE_H="#include " - else - INCLUDE_LOCALE_H="\ -/* The system does not provide the header . Take care yourself. */" - fi - AC_SUBST(INCLUDE_LOCALE_H) - dnl Determine which catalog format we have (if any is needed) - dnl For now we know about two different formats: - dnl Linux libc-5 and the normal X/Open format - test -d intl || mkdir intl - if test "$CATOBJEXT" = ".cat"; then - AC_CHECK_HEADER(linux/version.h, msgformat=linux, msgformat=xopen) - - dnl Transform the SED scripts while copying because some dumb SEDs - dnl cannot handle comments. - sed -e '/^#/d' $srcdir/intl/$msgformat-msg.sed > intl/po2msg.sed - - dnl To avoid XPG incompatible SED to be used, .msg files of - dnl x/open format are included to the archive, rather than - dnl compiled in the installation. If the system uses linux libc5 - dnl format, then x/open files are removed and the sed script - dnl creates the files of the correct format. (rkawa) - if test "$msgformat" = "linux"; then - rm -f $srcdir/po/*.msg - fi - fi - dnl po2tbl.sed is always needed. - sed -e '/^#.*[^\\]$/d' -e '/^#$/d' \ - $srcdir/intl/po2tbl.sed.in > intl/po2tbl.sed - - dnl In the intl/Makefile.in we have a special dependency which makes - dnl only sense for gettext. We comment this out for non-gettext - dnl packages. - if test "$PACKAGE" = "gettext"; then - GT_NO="#NO#" - GT_YES= - else - GT_NO= - GT_YES="#YES#" - fi - AC_SUBST(GT_NO) - AC_SUBST(GT_YES) - - dnl If the AC_CONFIG_AUX_DIR macro for autoconf is used we possibly - dnl find the mkinstalldirs script in another subdir but ($top_srcdir). - dnl Try to locate is. - MKINSTALLDIRS= - if test -n "$ac_aux_dir"; then - MKINSTALLDIRS="$ac_aux_dir/mkinstalldirs" - fi - if test -z "$MKINSTALLDIRS"; then - MKINSTALLDIRS="\$(top_srcdir)/mkinstalldirs" - fi - AC_SUBST(MKINSTALLDIRS) - - dnl *** For now the libtool support in intl/Makefile is not for real. - l= - AC_SUBST(l) - - dnl Generate list of files to be processed by xgettext which will - dnl be included in po/Makefile. - test -d po || mkdir po - if test "x$srcdir" != "x."; then - if test "x`echo $srcdir | sed 's@/.*@@'`" = "x"; then - posrcprefix="$srcdir/" - else - posrcprefix="../$srcdir/" - fi - else - posrcprefix="../" - fi - rm -f po/POTFILES - sed -e "/^#/d" -e "/^\$/d" -e "s,.*, $posrcprefix& \\\\," -e "\$s/\(.*\) \\\\/\1/" \ - < $srcdir/po/POTFILES.in > po/POTFILES - ]) - -# Check whether LC_MESSAGES is available in . -# Ulrich Drepper , 1995. -# -# This file can be copied and used freely without restrictions. It can -# be used in projects which are not available under the GNU Public License -# but which still want to provide support for the GNU gettext functionality. -# Please note that the actual code is *not* freely available. - -# serial 1 - -AC_DEFUN(AM_LC_MESSAGES, - [if test $ac_cv_header_locale_h = yes; then - AC_CACHE_CHECK([for LC_MESSAGES], am_cv_val_LC_MESSAGES, - [AC_TRY_LINK([#include ], [return LC_MESSAGES], - am_cv_val_LC_MESSAGES=yes, am_cv_val_LC_MESSAGES=no)]) - if test $am_cv_val_LC_MESSAGES = yes; then - AC_DEFINE(HAVE_LC_MESSAGES) - fi - fi]) - -# Search path for a program which passes the given test. -# Ulrich Drepper , 1996. -# -# This file can be copied and used freely without restrictions. It can -# be used in projects which are not available under the GNU Public License -# but which still want to provide support for the GNU gettext functionality. -# Please note that the actual code is *not* freely available. - -# serial 1 - -dnl AM_PATH_PROG_WITH_TEST(VARIABLE, PROG-TO-CHECK-FOR, -dnl TEST-PERFORMED-ON-FOUND_PROGRAM [, VALUE-IF-NOT-FOUND [, PATH]]) -AC_DEFUN(AM_PATH_PROG_WITH_TEST, -[# Extract the first word of "$2", so it can be a program name with args. -set dummy $2; ac_word=[$]2 -AC_MSG_CHECKING([for $ac_word]) -AC_CACHE_VAL(ac_cv_path_$1, -[case "[$]$1" in - /*) - ac_cv_path_$1="[$]$1" # Let the user override the test with a path. - ;; - *) - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" - for ac_dir in ifelse([$5], , $PATH, [$5]); do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - if [$3]; then - ac_cv_path_$1="$ac_dir/$ac_word" - break - fi - fi - done - IFS="$ac_save_ifs" -dnl If no 4th arg is given, leave the cache variable unset, -dnl so AC_PATH_PROGS will keep looking. -ifelse([$4], , , [ test -z "[$]ac_cv_path_$1" && ac_cv_path_$1="$4" -])dnl - ;; -esac])dnl -$1="$ac_cv_path_$1" -if test -n "[$]$1"; then - AC_MSG_RESULT([$]$1) -else - AC_MSG_RESULT(no) -fi -AC_SUBST($1)dnl -]) - - -AC_DEFUN(AC_LIBTOOL_SETUP, -[AC_PREREQ(2.13)dnl -AC_REQUIRE([AC_ENABLE_SHARED])dnl -AC_REQUIRE([AC_ENABLE_STATIC])dnl -AC_REQUIRE([AC_ENABLE_FAST_INSTALL])dnl -AC_REQUIRE([AC_CANONICAL_HOST])dnl -AC_REQUIRE([AC_CANONICAL_BUILD])dnl -AC_REQUIRE([AC_PROG_RANLIB])dnl -AC_REQUIRE([AC_PROG_CC])dnl -AC_REQUIRE([AC_PROG_LD])dnl -AC_REQUIRE([AC_PROG_NM])dnl -AC_REQUIRE([AC_PROG_LN_S])dnl -dnl - -case "$target" in -NONE) lt_target="$host" ;; -*) lt_target="$target" ;; -esac - -# Check for any special flags to pass to ltconfig. -libtool_flags="--cache-file=$cache_file" -test "$enable_shared" = no && libtool_flags="$libtool_flags --disable-shared" -test "$enable_static" = no && libtool_flags="$libtool_flags --disable-static" -test "$enable_fast_install" = no && libtool_flags="$libtool_flags --disable-fast-install" -test "$ac_cv_prog_gcc" = yes && libtool_flags="$libtool_flags --with-gcc" -test "$ac_cv_prog_gnu_ld" = yes && libtool_flags="$libtool_flags --with-gnu-ld" -ifdef([AC_PROVIDE_AC_LIBTOOL_DLOPEN], -[libtool_flags="$libtool_flags --enable-dlopen"]) -ifdef([AC_PROVIDE_AC_LIBTOOL_WIN32_DLL], -[libtool_flags="$libtool_flags --enable-win32-dll"]) -AC_ARG_ENABLE(libtool-lock, - [ --disable-libtool-lock avoid locking (might break parallel builds)]) -test "x$enable_libtool_lock" = xno && libtool_flags="$libtool_flags --disable-lock" -test x"$silent" = xyes && libtool_flags="$libtool_flags --silent" - -# Some flags need to be propagated to the compiler or linker for good -# libtool support. -case "$lt_target" in -*-*-irix6*) - # Find out which ABI we are using. - echo '[#]line __oline__ "configure"' > conftest.$ac_ext - if AC_TRY_EVAL(ac_compile); then - case "`/usr/bin/file conftest.o`" in - *32-bit*) - LD="${LD-ld} -32" - ;; - *N32*) - LD="${LD-ld} -n32" - ;; - *64-bit*) - LD="${LD-ld} -64" - ;; - esac - fi - rm -rf conftest* - ;; - -*-*-sco3.2v5*) - # On SCO OpenServer 5, we need -belf to get full-featured binaries. - SAVE_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -belf" - AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf, - [AC_TRY_LINK([],[],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no])]) - if test x"$lt_cv_cc_needs_belf" != x"yes"; then - # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf - CFLAGS="$SAVE_CFLAGS" - fi - ;; - -ifdef([AC_PROVIDE_AC_LIBTOOL_WIN32_DLL], -[*-*-cygwin* | *-*-mingw*) - AC_CHECK_TOOL(DLLTOOL, dlltool, false) - AC_CHECK_TOOL(AS, as, false) - AC_CHECK_TOOL(OBJDUMP, objdump, false) - ;; -]) -esac -]) - -# AC_LIBTOOL_DLOPEN - enable checks for dlopen support -AC_DEFUN(AC_LIBTOOL_DLOPEN, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])]) - -# AC_LIBTOOL_WIN32_DLL - declare package support for building win32 dll's -AC_DEFUN(AC_LIBTOOL_WIN32_DLL, [AC_BEFORE([$0], [AC_LIBTOOL_SETUP])]) - -# AC_ENABLE_SHARED - implement the --enable-shared flag -# Usage: AC_ENABLE_SHARED[(DEFAULT)] -# Where DEFAULT is either `yes' or `no'. If omitted, it defaults to -# `yes'. -AC_DEFUN(AC_ENABLE_SHARED, [dnl -define([AC_ENABLE_SHARED_DEFAULT], ifelse($1, no, no, yes))dnl -AC_ARG_ENABLE(shared, -changequote(<<, >>)dnl -<< --enable-shared[=PKGS] build shared libraries [default=>>AC_ENABLE_SHARED_DEFAULT], -changequote([, ])dnl -[p=${PACKAGE-default} -case "$enableval" in -yes) enable_shared=yes ;; -no) enable_shared=no ;; -*) - enable_shared=no - # Look at the argument we got. We use all the common list separators. - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:," - for pkg in $enableval; do - if test "X$pkg" = "X$p"; then - enable_shared=yes - fi - done - IFS="$ac_save_ifs" - ;; -esac], -enable_shared=AC_ENABLE_SHARED_DEFAULT)dnl -]) - -# AC_DISABLE_SHARED - set the default shared flag to --disable-shared -AC_DEFUN(AC_DISABLE_SHARED, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl -AC_ENABLE_SHARED(no)]) - -# AC_ENABLE_STATIC - implement the --enable-static flag -# Usage: AC_ENABLE_STATIC[(DEFAULT)] -# Where DEFAULT is either `yes' or `no'. If omitted, it defaults to -# `yes'. -AC_DEFUN(AC_ENABLE_STATIC, [dnl -define([AC_ENABLE_STATIC_DEFAULT], ifelse($1, no, no, yes))dnl -AC_ARG_ENABLE(static, -changequote(<<, >>)dnl -<< --enable-static[=PKGS] build static libraries [default=>>AC_ENABLE_STATIC_DEFAULT], -changequote([, ])dnl -[p=${PACKAGE-default} -case "$enableval" in -yes) enable_static=yes ;; -no) enable_static=no ;; -*) - enable_static=no - # Look at the argument we got. We use all the common list separators. - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:," - for pkg in $enableval; do - if test "X$pkg" = "X$p"; then - enable_static=yes - fi - done - IFS="$ac_save_ifs" - ;; -esac], -enable_static=AC_ENABLE_STATIC_DEFAULT)dnl -]) - -# AC_DISABLE_STATIC - set the default static flag to --disable-static -AC_DEFUN(AC_DISABLE_STATIC, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl -AC_ENABLE_STATIC(no)]) - - -# AC_ENABLE_FAST_INSTALL - implement the --enable-fast-install flag -# Usage: AC_ENABLE_FAST_INSTALL[(DEFAULT)] -# Where DEFAULT is either `yes' or `no'. If omitted, it defaults to -# `yes'. -AC_DEFUN(AC_ENABLE_FAST_INSTALL, [dnl -define([AC_ENABLE_FAST_INSTALL_DEFAULT], ifelse($1, no, no, yes))dnl -AC_ARG_ENABLE(fast-install, -changequote(<<, >>)dnl -<< --enable-fast-install[=PKGS] optimize for fast installation [default=>>AC_ENABLE_FAST_INSTALL_DEFAULT], -changequote([, ])dnl -[p=${PACKAGE-default} -case "$enableval" in -yes) enable_fast_install=yes ;; -no) enable_fast_install=no ;; -*) - enable_fast_install=no - # Look at the argument we got. We use all the common list separators. - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:," - for pkg in $enableval; do - if test "X$pkg" = "X$p"; then - enable_fast_install=yes - fi - done - IFS="$ac_save_ifs" - ;; -esac], -enable_fast_install=AC_ENABLE_FAST_INSTALL_DEFAULT)dnl -]) - -# AC_ENABLE_FAST_INSTALL - set the default to --disable-fast-install -AC_DEFUN(AC_DISABLE_FAST_INSTALL, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl -AC_ENABLE_FAST_INSTALL(no)]) - -# AC_PROG_LD - find the path to the GNU or non-GNU linker -AC_DEFUN(AC_PROG_LD, -[AC_ARG_WITH(gnu-ld, -[ --with-gnu-ld assume the C compiler uses GNU ld [default=no]], -test "$withval" = no || with_gnu_ld=yes, with_gnu_ld=no) -AC_REQUIRE([AC_PROG_CC])dnl -AC_REQUIRE([AC_CANONICAL_HOST])dnl -AC_REQUIRE([AC_CANONICAL_BUILD])dnl -ac_prog=ld -if test "$ac_cv_prog_gcc" = yes; then - # Check if gcc -print-prog-name=ld gives a path. - AC_MSG_CHECKING([for ld used by GCC]) - ac_prog=`($CC -print-prog-name=ld) 2>&5` - case "$ac_prog" in - # Accept absolute paths. -changequote(,)dnl - [\\/]* | [A-Za-z]:[\\/]*) - re_direlt='/[^/][^/]*/\.\./' -changequote([,])dnl - # Canonicalize the path of ld - ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'` - while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do - ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"` - done - test -z "$LD" && LD="$ac_prog" - ;; - "") - # If it fails, then pretend we aren't using GCC. - ac_prog=ld - ;; - *) - # If it is relative, then search for the first ld in PATH. - with_gnu_ld=unknown - ;; - esac -elif test "$with_gnu_ld" = yes; then - AC_MSG_CHECKING([for GNU ld]) -else - AC_MSG_CHECKING([for non-GNU ld]) -fi -AC_CACHE_VAL(ac_cv_path_LD, -[if test -z "$LD"; then - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}" - for ac_dir in $PATH; do - test -z "$ac_dir" && ac_dir=. - if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then - ac_cv_path_LD="$ac_dir/$ac_prog" - # Check to see if the program is GNU ld. I'd rather use --version, - # but apparently some GNU ld's only accept -v. - # Break only if it was the GNU/non-GNU ld that we prefer. - if "$ac_cv_path_LD" -v 2>&1 < /dev/null | egrep '(GNU|with BFD)' > /dev/null; then - test "$with_gnu_ld" != no && break - else - test "$with_gnu_ld" != yes && break - fi - fi - done - IFS="$ac_save_ifs" -else - ac_cv_path_LD="$LD" # Let the user override the test with a path. -fi]) -LD="$ac_cv_path_LD" -if test -n "$LD"; then - AC_MSG_RESULT($LD) -else - AC_MSG_RESULT(no) -fi -test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH]) -AC_PROG_LD_GNU -]) - +dnl Copied from libtool.m4 AC_DEFUN(AC_PROG_LD_GNU, [AC_CACHE_CHECK([if the linker ($LD) is GNU ld], ac_cv_prog_gnu_ld, [# I'd rather use --version here, but apparently some GNU ld's only accept -v. @@ -819,114 +103,3 @@ else ac_cv_prog_gnu_ld=no fi]) ]) - -# AC_PROG_NM - find the path to a BSD-compatible name lister -AC_DEFUN(AC_PROG_NM, -[AC_MSG_CHECKING([for BSD-compatible nm]) -AC_CACHE_VAL(ac_cv_path_NM, -[if test -n "$NM"; then - # Let the user override the test. - ac_cv_path_NM="$NM" -else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}" - for ac_dir in $PATH /usr/ccs/bin /usr/ucb /bin; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/nm || test -f $ac_dir/nm$ac_exeext ; then - # Check to see if the nm accepts a BSD-compat flag. - # Adding the `sed 1q' prevents false positives on HP-UX, which says: - # nm: unknown option "B" ignored - if ($ac_dir/nm -B /dev/null 2>&1 | sed '1q'; exit 0) | egrep /dev/null >/dev/null; then - ac_cv_path_NM="$ac_dir/nm -B" - break - elif ($ac_dir/nm -p /dev/null 2>&1 | sed '1q'; exit 0) | egrep /dev/null >/dev/null; then - ac_cv_path_NM="$ac_dir/nm -p" - break - else - ac_cv_path_NM=${ac_cv_path_NM="$ac_dir/nm"} # keep the first match, but - continue # so that we can try to find one that supports BSD flags - fi - fi - done - IFS="$ac_save_ifs" - test -z "$ac_cv_path_NM" && ac_cv_path_NM=nm -fi]) -NM="$ac_cv_path_NM" -AC_MSG_RESULT([$NM]) -]) - -# AC_CHECK_LIBM - check for math library -AC_DEFUN(AC_CHECK_LIBM, -[AC_REQUIRE([AC_CANONICAL_HOST])dnl -LIBM= -case "$lt_target" in -*-*-beos* | *-*-cygwin*) - # These system don't have libm - ;; -*-ncr-sysv4.3*) - AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw") - AC_CHECK_LIB(m, main, LIBM="$LIBM -lm") - ;; -*) - AC_CHECK_LIB(m, main, LIBM="-lm") - ;; -esac -]) - -# AC_LIBLTDL_CONVENIENCE[(dir)] - sets LIBLTDL to the link flags for -# the libltdl convenience library, adds --enable-ltdl-convenience to -# the configure arguments. Note that LIBLTDL is not AC_SUBSTed, nor -# is AC_CONFIG_SUBDIRS called. If DIR is not provided, it is assumed -# to be `${top_builddir}/libltdl'. Make sure you start DIR with -# '${top_builddir}/' (note the single quotes!) if your package is not -# flat, and, if you're not using automake, define top_builddir as -# appropriate in the Makefiles. -AC_DEFUN(AC_LIBLTDL_CONVENIENCE, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl - case "$enable_ltdl_convenience" in - no) AC_MSG_ERROR([this package needs a convenience libltdl]) ;; - "") enable_ltdl_convenience=yes - ac_configure_args="$ac_configure_args --enable-ltdl-convenience" ;; - esac - LIBLTDL=ifelse($#,1,$1,['${top_builddir}/libltdl'])/libltdlc.la - INCLTDL=ifelse($#,1,-I$1,['-I${top_builddir}/libltdl']) -]) - -# AC_LIBLTDL_INSTALLABLE[(dir)] - sets LIBLTDL to the link flags for -# the libltdl installable library, and adds --enable-ltdl-install to -# the configure arguments. Note that LIBLTDL is not AC_SUBSTed, nor -# is AC_CONFIG_SUBDIRS called. If DIR is not provided, it is assumed -# to be `${top_builddir}/libltdl'. Make sure you start DIR with -# '${top_builddir}/' (note the single quotes!) if your package is not -# flat, and, if you're not using automake, define top_builddir as -# appropriate in the Makefiles. -# In the future, this macro may have to be called after AC_PROG_LIBTOOL. -AC_DEFUN(AC_LIBLTDL_INSTALLABLE, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl - AC_CHECK_LIB(ltdl, main, - [test x"$enable_ltdl_install" != xyes && enable_ltdl_install=no], - [if test x"$enable_ltdl_install" = xno; then - AC_MSG_WARN([libltdl not installed, but installation disabled]) - else - enable_ltdl_install=yes - fi - ]) - if test x"$enable_ltdl_install" = x"yes"; then - ac_configure_args="$ac_configure_args --enable-ltdl-install" - LIBLTDL=ifelse($#,1,$1,['${top_builddir}/libltdl'])/libltdl.la - INCLTDL=ifelse($#,1,-I$1,['-I${top_builddir}/libltdl']) - else - ac_configure_args="$ac_configure_args --enable-ltdl-install=no" - LIBLTDL="-lltdl" - INCLTDL= - fi -]) - -dnl old names -AC_DEFUN(AM_PROG_LIBTOOL, [indir([AC_PROG_LIBTOOL])])dnl -AC_DEFUN(AM_ENABLE_SHARED, [indir([AC_ENABLE_SHARED], $@)])dnl -AC_DEFUN(AM_ENABLE_STATIC, [indir([AC_ENABLE_STATIC], $@)])dnl -AC_DEFUN(AM_DISABLE_SHARED, [indir([AC_DISABLE_SHARED], $@)])dnl -AC_DEFUN(AM_DISABLE_STATIC, [indir([AC_DISABLE_STATIC], $@)])dnl -AC_DEFUN(AM_PROG_LD, [indir([AC_PROG_LD])])dnl -AC_DEFUN(AM_PROG_NM, [indir([AC_PROG_NM])])dnl - -dnl This is just to silence aclocal about the macro not being used -ifelse([AC_DISABLE_FAST_INSTALL])dnl diff --git a/source3/auth/auth.c b/source3/auth/auth.c index c7b9fcc1d8b..4f7a5c24a00 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -20,9 +20,12 @@ #include "includes.h" -/** List of various built-in authenticaion modules */ +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_AUTH -const struct auth_init_function builtin_auth_init_functions[] = { +/** List of various built-in authentication modules */ + +const struct auth_init_function_entry builtin_auth_init_functions[] = { { "guest", auth_init_guest }, { "rhosts", auth_init_rhosts }, { "hostsequiv", auth_init_hostsequiv }, @@ -35,12 +38,14 @@ const struct auth_init_function builtin_auth_init_functions[] = { { "winbind", auth_init_winbind }, #ifdef DEVELOPER { "name_to_ntstatus", auth_init_name_to_ntstatus }, + { "fixed_challenge", auth_init_fixed_challenge }, #endif + { "plugin", auth_init_plugin }, { NULL, NULL} }; /**************************************************************************** - Try to get a challenge out of the various authenticaion modules. + Try to get a challenge out of the various authentication modules. Returns a const char of length 8 bytes. ****************************************************************************/ @@ -65,7 +70,7 @@ static const uint8 *get_ntlm_challenge(struct auth_context *auth_context) DEBUG(5, ("auth_get_challenge: getting challenge from module %s\n", auth_method->name)); if (challenge_set_by != NULL) { - DEBUG(1, ("auth_get_challenge: CONFIGURATION ERROR: authenticaion method %s has already specified a challenge. Challenge by %s ignored.\n", + DEBUG(1, ("auth_get_challenge: CONFIGURATION ERROR: authentication method %s has already specified a challenge. Challenge by %s ignored.\n", challenge_set_by, auth_method->name)); continue; } @@ -77,7 +82,7 @@ static const uint8 *get_ntlm_challenge(struct auth_context *auth_context) challenge = auth_method->get_chal(auth_context, &auth_method->private_data, mem_ctx); if (!challenge.length) { - DEBUG(3, ("auth_get_challenge: getting challenge from authenticaion method %s FAILED.\n", + DEBUG(3, ("auth_get_challenge: getting challenge from authentication method %s FAILED.\n", auth_method->name)); } else { DEBUG(5, ("auth_get_challenge: sucessfully got challenge from module %s\n", auth_method->name)); @@ -161,7 +166,7 @@ static BOOL check_domain_match(const char *user, const char *domain) * filled in, either at creation or by calling the challenge geneation * function auth_get_challenge(). * - * @param server_info If successful, contains information about the authenticaion, + * @param server_info If successful, contains information about the authentication, * including a SAM_ACCOUNT struct describing the user. * * @return An NTSTATUS with NT_STATUS_OK or an appropriate error. @@ -254,7 +259,7 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, if (NT_STATUS_IS_OK(nt_status)) { DEBUG((*server_info)->guest ? 5 : 2, - ("check_password: %sauthenticaion for user [%s] -> [%s] -> [%s] suceeded\n", + ("check_password: %sauthentication for user [%s] -> [%s] -> [%s] suceeded\n", (*server_info)->guest ? "guest " : "", user_info->smb_name.str, user_info->internal_username.str, @@ -263,7 +268,7 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, } if (!NT_STATUS_IS_OK(nt_status)) { - DEBUG(2, ("check_password: Authenticaion for user [%s] -> [%s] FAILED with error %s\n", + DEBUG(2, ("check_password: Authentication for user [%s] -> [%s] FAILED with error %s\n", user_info->smb_name.str, user_info->internal_username.str, nt_errstr(nt_status))); ZERO_STRUCTP(server_info); @@ -337,14 +342,31 @@ static NTSTATUS make_auth_context_text_list(struct auth_context **auth_context, { if (strequal(builtin_auth_init_functions[i].name, *text_list)) { + + char *module_name = smb_xstrdup(*text_list); + char *module_params = NULL; + char *p; + + p = strchr(module_name, ':'); + + if (p) { + *p = 0; + + module_params = p+1; + + trim_string(module_params, " ", " "); + } + + trim_string(module_name, " ", " "); + DEBUG(5,("Found auth method %s (at pos %d)\n", *text_list, i)); - if (builtin_auth_init_functions[i].init(*auth_context, &t)) { + if (NT_STATUS_IS_OK(builtin_auth_init_functions[i].init(*auth_context, module_params, &t))) { DEBUG(5,("auth method %s has a valid init\n", *text_list)); - t->name = builtin_auth_init_functions[i].name; DLIST_ADD_END(list, t, tmp); } else { DEBUG(0,("auth method %s did not correctly init\n", *text_list)); } + SAFE_FREE(module_name); break; } } @@ -364,7 +386,7 @@ NTSTATUS make_auth_context_subsystem(struct auth_context **auth_context) char **auth_method_list = NULL; NTSTATUS nt_status; - if (lp_auth_methods() && !lp_list_copy(&auth_method_list, lp_auth_methods())) { + if (lp_auth_methods() && !str_list_copy(&auth_method_list, lp_auth_methods())) { return NT_STATUS_NO_MEMORY; } @@ -373,33 +395,33 @@ NTSTATUS make_auth_context_subsystem(struct auth_context **auth_context) { case SEC_DOMAIN: DEBUG(5,("Making default auth method list for security=domain\n")); - auth_method_list = lp_list_make("guest samstrict ntdomain"); + auth_method_list = str_list_make("guest sam ntdomain"); break; case SEC_SERVER: DEBUG(5,("Making default auth method list for security=server\n")); - auth_method_list = lp_list_make("guest samstrict smbserver"); + auth_method_list = str_list_make("guest sam smbserver"); break; case SEC_USER: if (lp_encrypted_passwords()) { DEBUG(5,("Making default auth method list for security=user, encrypt passwords = yes\n")); - auth_method_list = lp_list_make("guest sam"); + auth_method_list = str_list_make("guest sam"); } else { DEBUG(5,("Making default auth method list for security=user, encrypt passwords = no\n")); - auth_method_list = lp_list_make("guest unix"); + auth_method_list = str_list_make("guest unix"); } break; case SEC_SHARE: if (lp_encrypted_passwords()) { DEBUG(5,("Making default auth method list for security=share, encrypt passwords = yes\n")); - auth_method_list = lp_list_make("guest sam"); + auth_method_list = str_list_make("guest sam"); } else { DEBUG(5,("Making default auth method list for security=share, encrypt passwords = no\n")); - auth_method_list = lp_list_make("guest unix"); + auth_method_list = str_list_make("guest unix"); } break; case SEC_ADS: DEBUG(5,("Making default auth method list for security=ADS\n")); - auth_method_list = lp_list_make("guest samstrict ads ntdomain"); + auth_method_list = str_list_make("guest sam ads ntdomain"); break; default: DEBUG(5,("Unknown auth method!\n")); @@ -410,31 +432,11 @@ NTSTATUS make_auth_context_subsystem(struct auth_context **auth_context) } if (!NT_STATUS_IS_OK(nt_status = make_auth_context_text_list(auth_context, auth_method_list))) { - lp_list_free(&auth_method_list); + str_list_free(&auth_method_list); return nt_status; } - lp_list_free(&auth_method_list); - return nt_status; -} - -/*************************************************************************** - Make a auth_info struct with a random challenge -***************************************************************************/ - -NTSTATUS make_auth_context_random(struct auth_context **auth_context) -{ - uchar chal[8]; - NTSTATUS nt_status; - if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(auth_context))) { - return nt_status; - } - - generate_random_buffer(chal, sizeof(chal), False); - (*auth_context)->challenge = data_blob(chal, sizeof(chal)); - - (*auth_context)->challenge_set_by = "random"; - + str_list_free(&auth_method_list); return nt_status; } diff --git a/source3/auth/auth_builtin.c b/source3/auth/auth_builtin.c index 6e999b0d14f..5ce7075ab9f 100644 --- a/source3/auth/auth_builtin.c +++ b/source3/auth/auth_builtin.c @@ -1,7 +1,8 @@ /* Unix SMB/CIFS implementation. Generic authenticaion types - Copyright (C) Andrew Bartlett 2001 + Copyright (C) Andrew Bartlett 2001-2002 + Copyright (C) Jelmer Vernooij 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -20,11 +21,14 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_AUTH + /** * Return a guest logon for guest users (username = "") * * Typically used as the first module in the auth chain, this allows - * guest logons to be delt with in one place. Non-gust logons 'fail' + * guest logons to be dealt with in one place. Non-guest logons 'fail' * and pass onto the next module. **/ @@ -49,14 +53,15 @@ static NTSTATUS check_guest_security(const struct auth_context *auth_context, } /* Guest modules initialisation */ -BOOL auth_init_guest(struct auth_context *auth_context, auth_methods **auth_method) +NTSTATUS auth_init_guest(struct auth_context *auth_context, const char *options, auth_methods **auth_method) { if (!make_auth_methods(auth_context, auth_method)) { - return False; + return NT_STATUS_NO_MEMORY; } (*auth_method)->auth = check_guest_security; - return True; + (*auth_method)->name = "guest"; + return NT_STATUS_OK; } /** @@ -99,13 +104,110 @@ static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_ } /** Module initailisation function */ -BOOL auth_init_name_to_ntstatus(struct auth_context *auth_context, auth_methods **auth_method) +NTSTATUS auth_init_name_to_ntstatus(struct auth_context *auth_context, const char *param, auth_methods **auth_method) { if (!make_auth_methods(auth_context, auth_method)) { - return False; + return NT_STATUS_NO_MEMORY; } (*auth_method)->auth = check_name_to_ntstatus_security; - return True; + (*auth_method)->name = "name_to_ntstatus"; + return NT_STATUS_OK; +} + +/** + * Return a 'fixed' challenge instead of a varaible one. + * + * The idea of this function is to make packet snifs consistant + * with a fixed challenge, so as to aid debugging. + * + * This module is of no value to end-users. + * + * This module does not actually authenticate the user, but + * just pretenteds to need a specified challenge. + * This module removes *all* security from the challenge-response system + * + * @return NT_STATUS_UNSUCCESSFUL + **/ + +static NTSTATUS check_fixed_challenge_security(const struct auth_context *auth_context, + void *my_private_data, + TALLOC_CTX *mem_ctx, + const auth_usersupplied_info *user_info, + auth_serversupplied_info **server_info) +{ + return NT_STATUS_UNSUCCESSFUL; +} + +/**************************************************************************** + Get the challenge out of a password server. +****************************************************************************/ + +static DATA_BLOB auth_get_fixed_challenge(const struct auth_context *auth_context, + void **my_private_data, + TALLOC_CTX *mem_ctx) +{ + const char *challenge = "I am a teapot"; + return data_blob(challenge, 8); +} + + +/** Module initailisation function */ +NTSTATUS auth_init_fixed_challenge(struct auth_context *auth_context, const char *param, auth_methods **auth_method) +{ + if (!make_auth_methods(auth_context, auth_method)) { + return NT_STATUS_NO_MEMORY; + } + + (*auth_method)->auth = check_fixed_challenge_security; + (*auth_method)->get_chal = auth_get_fixed_challenge; + (*auth_method)->name = "fixed_challenge"; + return NT_STATUS_OK; +} + +/** + * Outsorce an auth module to an external loadable .so + * + * Only works on systems with dlopen() etc. + **/ + +/* Plugin modules initialisation */ +NTSTATUS auth_init_plugin(struct auth_context *auth_context, const char *param, auth_methods **auth_method) +{ + void * dl_handle; + char *plugin_param, *plugin_name, *p; + auth_init_function plugin_init; + + if (param == NULL) { + DEBUG(0, ("The plugin module needs an argument!\n")); + return NT_STATUS_UNSUCCESSFUL; + } + + plugin_name = smb_xstrdup(param); + p = strchr(plugin_name, ':'); + if (p) { + *p = 0; + plugin_param = p+1; + trim_string(plugin_param, " ", " "); + } else plugin_param = NULL; + + trim_string(plugin_name, " ", " "); + + DEBUG(5, ("Trying to load auth plugin %s\n", plugin_name)); + dl_handle = sys_dlopen(plugin_name, RTLD_NOW | RTLD_GLOBAL ); + if (!dl_handle) { + DEBUG(0, ("Failed to load auth plugin %s using sys_dlopen (%s)\n", plugin_name, sys_dlerror())); + return NT_STATUS_UNSUCCESSFUL; + } + + plugin_init = sys_dlsym(dl_handle, "auth_init"); + if (!plugin_init){ + DEBUG(0, ("Failed to find function 'pdb_init' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror())); + return NT_STATUS_UNSUCCESSFUL; + } + + DEBUG(5, ("Starting sam plugin %s with paramater %s\n", plugin_name, plugin_param?plugin_param:"(null)")); + return plugin_init(auth_context, plugin_param, auth_method); } + diff --git a/source3/auth/auth_compat.c b/source3/auth/auth_compat.c index 857cf2b7d9f..a70f1e98b72 100644 --- a/source3/auth/auth_compat.c +++ b/source3/auth/auth_compat.c @@ -20,6 +20,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_AUTH + /**************************************************************************** COMPATIBILITY INTERFACES: ***************************************************************************/ diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index af353ef812c..3352c5f9c89 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -21,6 +21,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_AUTH + BOOL global_machine_password_needs_changing = False; extern pstring global_myname; @@ -66,7 +69,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli, fstrcpy(remote_machine, server); } - standard_sub_basic(current_user_info.smb_name, remote_machine); + standard_sub_basic(current_user_info.smb_name, remote_machine, sizeof(remote_machine)); strupper(remote_machine); if(!resolve_name( remote_machine, &dest_ip, 0x20)) { @@ -84,21 +87,25 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli, logonserver. We can avoid a 30-second timeout if the DC is down if the SAMLOGON request fails as it is only over UDP. */ - /* we use a mutex to prevent two connections at once - when a NT PDC gets - two connections where one hasn't completed a negprot yet it will send a - TCP reset to the first connection (tridge) */ - if (!message_named_mutex(server, 20)) { - DEBUG(1,("connect_to_domain_password_server: domain mutex failed for %s\n", server)); + /* we use a mutex to prevent two connections at once - when a + Win2k PDC get two connections where one hasn't completed a + session setup yet it will send a TCP reset to the first + connection (tridge) */ + + /* + * With NT4.x DC's *all* authentication must be serialized to avoid + * ACCESS_DENIED errors if 2 auths are done from the same machine. JRA. + */ + + if (!grab_server_mutex(server)) return NT_STATUS_UNSUCCESSFUL; - } /* Attempt connection */ result = cli_full_connection(cli, global_myname, server, &dest_ip, 0, "IPC$", "IPC", "", "", "", 0); - message_named_mutex_release(server); - if (!NT_STATUS_IS_OK(result)) { + release_server_mutex(); return result; } @@ -121,12 +128,14 @@ machine %s. Error was : %s.\n", remote_machine, cli_errstr(*cli))); cli_nt_session_close(*cli); cli_ulogoff(*cli); cli_shutdown(*cli); + release_server_mutex(); return NT_STATUS_UNSUCCESSFUL; } snprintf((*cli)->mach_acct, sizeof((*cli)->mach_acct) - 1, "%s$", setup_creds_as); if (!(*cli)->mach_acct) { + release_server_mutex(); return NT_STATUS_NO_MEMORY; } @@ -138,9 +147,12 @@ machine %s. Error was : %s.\n", remote_machine, cli_errstr(*cli))); cli_nt_session_close(*cli); cli_ulogoff(*cli); cli_shutdown(*cli); + release_server_mutex(); return result; } + /* We exit here with the mutex *locked*. JRA */ + return NT_STATUS_OK; } @@ -270,14 +282,13 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, auth_serversupplied_info **server_info, char *server, char *setup_creds_as, uint16 sec_chan, - unsigned char *trust_passwd, + unsigned char trust_passwd[16], time_t last_change_time) { fstring remote_machine; NET_USER_INFO_3 info3; struct cli_state *cli = NULL; NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - struct passwd *pass; /* * At this point, smb_apasswd points to the lanman response to @@ -321,63 +332,15 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, user_info->domain.str, cli->srv_name_slash, nt_errstr(nt_status))); } else { - char *dom_user; - - /* Check DOMAIN\username first to catch winbind users, then - just the username for local users. */ - - dom_user = talloc_asprintf(mem_ctx, "%s%s%s", user_info->domain.str, - lp_winbind_separator(), - user_info->internal_username.str); - - if (!dom_user) { - DEBUG(0, ("talloc_asprintf failed!\n")); - nt_status = NT_STATUS_NO_MEMORY; - } else { - - if (!(pass = Get_Pwnam(dom_user))) - pass = Get_Pwnam(user_info->internal_username.str); - - if (pass) { - make_server_info_pw(server_info, pass); - if (!server_info) { - nt_status = NT_STATUS_NO_MEMORY; - } - } else { - nt_status = NT_STATUS_NO_SUCH_USER; - } - } - } + nt_status = make_server_info_info3(mem_ctx, user_info->internal_username.str, + user_info->smb_name.str, domain, server_info, &info3); +#if 0 + /* The stuff doesn't work right yet */ + SMB_ASSERT(sizeof((*server_info)->session_key) == sizeof(info3.user_sess_key)); + memcpy((*server_info)->session_key, info3.user_sess_key, sizeof((*server_info)->session_key)/* 16 */); + SamOEMhash((*server_info)->session_key, trust_passwd, sizeof((*server_info)->session_key)); +#endif - /* Store the user group information in the server_info returned to the caller. */ - - if (NT_STATUS_IS_OK(nt_status) && (info3.num_groups2 != 0)) { - int i; - NT_USER_TOKEN *ptok; - auth_serversupplied_info *pserver_info = *server_info; - - if ((pserver_info->ptok = malloc( sizeof(NT_USER_TOKEN) ) ) == NULL) { - DEBUG(0, ("domain_client_validate: out of memory allocating rid group membership\n")); - nt_status = NT_STATUS_NO_MEMORY; - free_server_info(server_info); - goto done; - } - - ptok = pserver_info->ptok; - ptok->num_sids = (size_t)info3.num_groups2; - - if ((ptok->user_sids = (DOM_SID *)malloc( sizeof(DOM_SID) * ptok->num_sids )) == NULL) { - DEBUG(0, ("domain_client_validate: Out of memory allocating group SIDS\n")); - nt_status = NT_STATUS_NO_MEMORY; - free_server_info(server_info); - goto done; - } - - for (i = 0; i < ptok->num_sids; i++) { - sid_copy(&ptok->user_sids[i], &info3.dom_sid.sid); - sid_append_rid(&ptok->user_sids[i], info3.gids[i].g_rid); - } - uni_group_cache_store_netlogon(mem_ctx, &info3); } @@ -397,8 +360,6 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, } #endif /* 0 */ - done: - /* Note - once the cli stream is shutdown the mem_ctx used to allocate the other_sids and gids structures has been deleted - so these pointers are no longer valid..... */ @@ -406,6 +367,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, cli_nt_session_close(cli); cli_ulogoff(cli); cli_shutdown(cli); + release_server_mutex(); return nt_status; } @@ -448,7 +410,7 @@ static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context, if (!secrets_fetch_trust_account_password(domain, trust_passwd, &last_change_time)) { - DEBUG(0, ("check_ntdomain_security: could not fetch trust account password for domain %s\n", lp_workgroup())); + DEBUG(0, ("check_ntdomain_security: could not fetch trust account password for domain '%s'\n", domain)); return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; } @@ -473,14 +435,15 @@ static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context, } /* module initialisation */ -BOOL auth_init_ntdomain(struct auth_context *auth_context, auth_methods **auth_method) +NTSTATUS auth_init_ntdomain(struct auth_context *auth_context, const char* param, auth_methods **auth_method) { if (!make_auth_methods(auth_context, auth_method)) { - return False; + return NT_STATUS_NO_MEMORY; } + (*auth_method)->name = "ntdomain"; (*auth_method)->auth = check_ntdomain_security; - return True; + return NT_STATUS_OK; } @@ -527,7 +490,7 @@ static NTSTATUS check_trustdomain_security(const struct auth_context *auth_conte } /* - * Get the machine account password for the trusted domain + * Get the trusted account password for the trusted domain * No need to become_root() as secrets_init() is done at startup. */ @@ -560,12 +523,13 @@ static NTSTATUS check_trustdomain_security(const struct auth_context *auth_conte } /* module initialisation */ -BOOL auth_init_trustdomain(struct auth_context *auth_context, auth_methods **auth_method) +NTSTATUS auth_init_trustdomain(struct auth_context *auth_context, const char* param, auth_methods **auth_method) { if (!make_auth_methods(auth_context, auth_method)) { - return False; + return NT_STATUS_NO_MEMORY; } + (*auth_method)->name = "trustdomain"; (*auth_method)->auth = check_trustdomain_security; - return True; + return NT_STATUS_OK; } diff --git a/source3/auth/auth_rhosts.c b/source3/auth/auth_rhosts.c index 9586d1d65ec..4ed0e6bbc43 100644 --- a/source3/auth/auth_rhosts.c +++ b/source3/auth/auth_rhosts.c @@ -20,6 +20,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_AUTH + /**************************************************************************** Read the a hosts.equiv or .rhosts file and check if it allows this user from this machine. @@ -176,14 +179,14 @@ static NTSTATUS check_hostsequiv_security(const struct auth_context *auth_contex } /* module initialisation */ -BOOL auth_init_hostsequiv(struct auth_context *auth_context, auth_methods **auth_method) +NTSTATUS auth_init_hostsequiv(struct auth_context *auth_context, const char* param, auth_methods **auth_method) { if (!make_auth_methods(auth_context, auth_method)) { - return False; + return NT_STATUS_NO_MEMORY; } (*auth_method)->auth = check_hostsequiv_security; - return True; + return NT_STATUS_OK; } @@ -220,12 +223,12 @@ static NTSTATUS check_rhosts_security(const struct auth_context *auth_context, } /* module initialisation */ -BOOL auth_init_rhosts(struct auth_context *auth_context, auth_methods **auth_method) +NTSTATUS auth_init_rhosts(struct auth_context *auth_context, const char *param, auth_methods **auth_method) { if (!make_auth_methods(auth_context, auth_method)) { - return False; + return NT_STATUS_NO_MEMORY; } (*auth_method)->auth = check_rhosts_security; - return True; + return NT_STATUS_OK; } diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 6753951c898..76579150ce9 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -22,6 +22,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_AUTH + /**************************************************************************** core of smb password checking routine. ****************************************************************************/ @@ -401,14 +404,15 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, } /* module initialisation */ -BOOL auth_init_sam(struct auth_context *auth_context, auth_methods **auth_method) +NTSTATUS auth_init_sam(struct auth_context *auth_context, const char *param, auth_methods **auth_method) { if (!make_auth_methods(auth_context, auth_method)) { - return False; + return NT_STATUS_NO_MEMORY; } - (*auth_method)->auth = check_sam_security; - return True; + (*auth_method)->auth = check_sam_security; + (*auth_method)->name = "sam"; + return NT_STATUS_OK; } @@ -439,14 +443,15 @@ static NTSTATUS check_samstrict_security(const struct auth_context *auth_context } /* module initialisation */ -BOOL auth_init_samstrict(struct auth_context *auth_context, auth_methods **auth_method) +NTSTATUS auth_init_samstrict(struct auth_context *auth_context, const char *param, auth_methods **auth_method) { if (!make_auth_methods(auth_context, auth_method)) { - return False; + return NT_STATUS_NO_MEMORY; } (*auth_method)->auth = check_samstrict_security; - return True; + (*auth_method)->name = "samstrict"; + return NT_STATUS_OK; } diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 5190d45c203..23faedc0bac 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -21,6 +21,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_AUTH + extern pstring global_myname; extern userdom_struct current_user_info; @@ -46,7 +49,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) p = pserver; while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) { - standard_sub_basic(current_user_info.smb_name, desthost); + standard_sub_basic(current_user_info.smb_name, desthost, sizeof(desthost)); strupper(desthost); if(!resolve_name( desthost, &dest_ip, 0x20)) { @@ -59,6 +62,15 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) continue; } + /* we use a mutex to prevent two connections at once - when a + Win2k PDC get two connections where one hasn't completed a + session setup yet it will send a TCP reset to the first + connection (tridge) */ + + if (!grab_server_mutex(desthost)) { + return NULL; + } + if (cli_connect(cli, desthost, &dest_ip)) { DEBUG(3,("connected to password server %s\n",desthost)); connected_ok = True; @@ -67,13 +79,19 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) } if (!connected_ok) { + release_server_mutex(); DEBUG(0,("password server not available\n")); cli_shutdown(cli); return NULL; } - - if (!attempt_netbios_session_request(cli, global_myname, desthost, &dest_ip)) + + if (!attempt_netbios_session_request(cli, global_myname, + desthost, &dest_ip)) { + release_server_mutex(); + DEBUG(1,("password server fails session request\n")); + cli_shutdown(cli); return NULL; + } if (strequal(desthost,myhostname())) { exit_server("Password server loop!"); @@ -83,19 +101,37 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) if (!cli_negprot(cli)) { DEBUG(1,("%s rejected the negprot\n",desthost)); + release_server_mutex(); cli_shutdown(cli); return NULL; } if (cli->protocol < PROTOCOL_LANMAN2 || - !(cli->sec_mode & 1)) { + !(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) { DEBUG(1,("%s isn't in user level security mode\n",desthost)); + release_server_mutex(); cli_shutdown(cli); return NULL; } - DEBUG(3,("password server OK\n")); + /* Get the first session setup done quickly, to avoid silly + Win2k bugs. (The next connection to the server will kill + this one... + */ + if (!cli_session_setup(cli, "", "", 0, "", 0, + "")) { + DEBUG(0,("%s rejected the initial session setup (%s)\n", + desthost, cli_errstr(cli))); + release_server_mutex(); + cli_shutdown(cli); + return NULL; + } + + release_server_mutex(); + + DEBUG(3,("password server OK\n")); + return cli; } @@ -142,7 +178,7 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte if (cli) { DEBUG(3,("using password server validation\n")); - if ((cli->sec_mode & 2) == 0) { + if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) { /* We can't work with unencrypted password servers unless 'encrypt passwords = no' */ DEBUG(5,("make_auth_info_server: Server is unencrypted, no challenge available..\n")); @@ -213,7 +249,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context return NT_STATUS_LOGON_FAILURE; } - if ((cli->sec_mode & 2) == 0) { + if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) { if (user_info->encrypted) { DEBUG(1,("password server %s is plaintext, but we are encrypted. This just can't work :-(\n", cli->desthost)); return NT_STATUS_LOGON_FAILURE; @@ -354,14 +390,15 @@ use this machine as the password server.\n")); return(nt_status); } -BOOL auth_init_smbserver(struct auth_context *auth_context, auth_methods **auth_method) +NTSTATUS auth_init_smbserver(struct auth_context *auth_context, const char* param, auth_methods **auth_method) { if (!make_auth_methods(auth_context, auth_method)) { - return False; + return NT_STATUS_NO_MEMORY; } + (*auth_method)->name = "smbserver"; (*auth_method)->auth = check_smbserver_security; (*auth_method)->get_chal = auth_get_challenge_server; (*auth_method)->send_keepalive = send_server_keepalive; (*auth_method)->free_private_data = free_server_private_data; - return True; + return NT_STATUS_OK; } diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c index 05646f554e2..6f4b3f8b15b 100644 --- a/source3/auth/auth_unix.c +++ b/source3/auth/auth_unix.c @@ -20,12 +20,15 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_AUTH + /** * update the encrypted smbpasswd file from the plaintext username and password * * this ugly hack needs to die, but not quite yet, I think people still use it... **/ -static BOOL update_smbpassword_file(char *user, char *password) +static BOOL update_smbpassword_file(const char *user, const char *password) { SAM_ACCOUNT *sampass = NULL; BOOL ret; @@ -67,8 +70,6 @@ static BOOL update_smbpassword_file(char *user, char *password) DEBUG(3,("pdb_update_sam_account returned %d\n",ret)); } - memset(password, '\0', strlen(password)); - pdb_free_sam(&sampass); return ret; } @@ -118,12 +119,14 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context, } /* module initialisation */ -BOOL auth_init_unix(struct auth_context *auth_context, auth_methods **auth_method) +NTSTATUS auth_init_unix(struct auth_context *auth_context, const char* param, auth_methods **auth_method) { if (!make_auth_methods(auth_context, auth_method)) { - return False; + return NT_STATUS_NO_MEMORY; } + (*auth_method)->name = "unix"; (*auth_method)->auth = check_unix_security; - return True; + return NT_STATUS_OK; } + diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index d80c927c19e..3ade220c0f0 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -22,6 +22,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_AUTH + extern fstring remote_machine; extern pstring global_myname; @@ -45,24 +48,6 @@ static int smb_create_user(const char *unix_user, const char *homedir) return ret; } -/**************************************************************************** - Delete a UNIX user on demand. -****************************************************************************/ - -int smb_delete_user(const char *unix_user) -{ - pstring del_script; - int ret; - - pstrcpy(del_script, lp_deluser_script()); - if (! *del_script) - return -1; - all_string_sub(del_script, "%u", unix_user, sizeof(pstring)); - ret = smbrun(del_script,NULL); - DEBUG(3,("smb_delete_user: Running the command `%s' gave %d\n",del_script,ret)); - return ret; -} - /**************************************************************************** Add and Delete UNIX users on demand, based on NTSTATUS codes. ****************************************************************************/ @@ -85,16 +70,6 @@ void smb_user_control(const auth_usersupplied_info *user_info, auth_serversuppli smb_create_user(user_info->internal_username.str, NULL); } } - } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) { - /* - * User failed to validate ok against Domain controller. - * If the failure was "user doesn't exist" and admin - * wants us to try and delete that UNIX user on the fly, - * do so. - */ - if (lp_deluser_script()) { - smb_delete_user(user_info->internal_username.str); - } } } @@ -165,7 +140,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info, return False; } - DEBUG(5,("makeing blobs for %s's user_info struct\n", internal_username)); + DEBUG(5,("making blobs for %s's user_info struct\n", internal_username)); (*user_info)->lm_resp = data_blob(lm_pwd.data, lm_pwd.length); (*user_info)->nt_resp = data_blob(nt_pwd.data, nt_pwd.length); @@ -485,7 +460,7 @@ BOOL make_user_info_guest(auth_usersupplied_info **user_info) Make a user_info struct ***************************************************************************/ -BOOL make_server_info(auth_serversupplied_info **server_info) +static BOOL make_server_info(auth_serversupplied_info **server_info) { *server_info = malloc(sizeof(**server_info)); if (!*server_info) { @@ -590,6 +565,183 @@ BOOL make_server_info_guest(auth_serversupplied_info **server_info) return False; } +/*************************************************************************** + Make a server_info struct from the info3 returned by a domain logon +***************************************************************************/ + +NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, + const char *internal_username, + const char *sent_nt_username, + const char *domain, + auth_serversupplied_info **server_info, + NET_USER_INFO_3 *info3) +{ + NTSTATUS nt_status = NT_STATUS_OK; + + const char *nt_domain; + const char *nt_username; + + SAM_ACCOUNT *sam_account = NULL; + DOM_SID user_sid; + DOM_SID group_sid; + + struct passwd *passwd; + + uid_t uid; + gid_t gid; + + /* + Here is where we should check the list of + trusted domains, and verify that the SID + matches. + */ + + sid_copy(&user_sid, &info3->dom_sid.sid); + if (!sid_append_rid(&user_sid, info3->user_rid)) { + return NT_STATUS_INVALID_PARAMETER; + } + + sid_copy(&group_sid, &info3->dom_sid.sid); + if (!sid_append_rid(&group_sid, info3->group_rid)) { + return NT_STATUS_INVALID_PARAMETER; + } + + if (!(nt_username = unistr2_tdup(mem_ctx, &(info3->uni_user_name)))) { + /* If the server didn't give us one, just use the one we sent them */ + nt_username = sent_nt_username; + } + + if (!(nt_domain = unistr2_tdup(mem_ctx, &(info3->uni_logon_dom)))) { + /* If the server didn't give us one, just use the one we sent them */ + domain = domain; + } + + if (winbind_sid_to_uid(&uid, &user_sid) + && winbind_sid_to_gid(&gid, &group_sid) + && ((passwd = getpwuid_alloc(uid)))) { + nt_status = pdb_init_sam_pw(&sam_account, passwd); + passwd_free(&passwd); + } else { + char *dom_user; + dom_user = talloc_asprintf(mem_ctx, "%s%s%s", + nt_domain, + lp_winbind_separator(), + internal_username); + + if (!dom_user) { + DEBUG(0, ("talloc_asprintf failed!\n")); + return NT_STATUS_NO_MEMORY; + } else { + + if (!(passwd = Get_Pwnam(dom_user)) + /* Only lookup local for the local + domain, we don't want this for + trusted domains */ + && strequal(nt_domain, lp_workgroup())) { + passwd = Get_Pwnam(internal_username); + } + + if (!passwd) { + return NT_STATUS_NO_SUCH_USER; + } else { + nt_status = pdb_init_sam_pw(&sam_account, passwd); + } + } + } + + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(0, ("make_server_info_info3: pdb_init_sam failed!\n")); + return nt_status; + } + + if (!pdb_set_user_sid(sam_account, &user_sid)) { + pdb_free_sam(&sam_account); + return NT_STATUS_UNSUCCESSFUL; + } + + if (!pdb_set_group_sid(sam_account, &group_sid)) { + pdb_free_sam(&sam_account); + return NT_STATUS_UNSUCCESSFUL; + } + + if (!pdb_set_nt_username(sam_account, nt_username)) { + pdb_free_sam(&sam_account); + return NT_STATUS_NO_MEMORY; + } + + if (!pdb_set_domain(sam_account, nt_domain)) { + pdb_free_sam(&sam_account); + return NT_STATUS_NO_MEMORY; + } + + if (!pdb_set_fullname(sam_account, pdb_unistr2_convert(&(info3->uni_full_name)))) { + pdb_free_sam(&sam_account); + return NT_STATUS_NO_MEMORY; + } + + if (!pdb_set_logon_script(sam_account, pdb_unistr2_convert(&(info3->uni_logon_script)), True)) { + pdb_free_sam(&sam_account); + return NT_STATUS_NO_MEMORY; + } + + if (!pdb_set_profile_path(sam_account, pdb_unistr2_convert(&(info3->uni_profile_path)), True)) { + pdb_free_sam(&sam_account); + return NT_STATUS_NO_MEMORY; + } + + if (!pdb_set_homedir(sam_account, pdb_unistr2_convert(&(info3->uni_home_dir)), True)) { + pdb_free_sam(&sam_account); + return NT_STATUS_NO_MEMORY; + } + + if (!pdb_set_dir_drive(sam_account, pdb_unistr2_convert(&(info3->uni_dir_drive)), True)) { + pdb_free_sam(&sam_account); + return NT_STATUS_NO_MEMORY; + } + + if (!make_server_info_sam(server_info, sam_account)) { + DEBUG(0, ("make_server_info_info3: make_server_info_sam failed!\n")); + pdb_free_sam(&sam_account); + return NT_STATUS_NO_MEMORY; + } + + /* Store the user group information in the server_info + returned to the caller. */ + + if (info3->num_groups2 != 0) { + int i; + NT_USER_TOKEN *ptok; + auth_serversupplied_info *pserver_info = *server_info; + + if ((pserver_info->ptok = malloc( sizeof(NT_USER_TOKEN) ) ) == NULL) { + DEBUG(0, ("domain_client_validate: out of memory allocating rid group membership\n")); + nt_status = NT_STATUS_NO_MEMORY; + free_server_info(server_info); + return nt_status; + } + + ptok = pserver_info->ptok; + ptok->num_sids = (size_t)info3->num_groups2; + + if ((ptok->user_sids = (DOM_SID *)malloc( sizeof(DOM_SID) * ptok->num_sids )) == NULL) { + DEBUG(0, ("domain_client_validate: Out of memory allocating group SIDS\n")); + nt_status = NT_STATUS_NO_MEMORY; + free_server_info(server_info); + return nt_status; + } + + for (i = 0; i < ptok->num_sids; i++) { + sid_copy(&ptok->user_sids[i], &(info3->dom_sid.sid)); + if (!sid_append_rid(&ptok->user_sids[i], info3->gids[i].g_rid)) { + nt_status = NT_STATUS_INVALID_PARAMETER; + free_server_info(server_info); + return nt_status; + } + } + } + return NT_STATUS_OK; +} + /*************************************************************************** Make an auth_methods struct ***************************************************************************/ @@ -621,9 +773,9 @@ BOOL make_auth_methods(struct auth_context *auth_context, auth_methods **auth_me void delete_nt_token(NT_USER_TOKEN **pptoken) { if (*pptoken) { - NT_USER_TOKEN *ptoken = *pptoken; - SAFE_FREE( ptoken->user_sids ); - ZERO_STRUCTP(ptoken); + NT_USER_TOKEN *ptoken = *pptoken; + SAFE_FREE( ptoken->user_sids ); + ZERO_STRUCTP(ptoken); } SAFE_FREE(*pptoken); } diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c index bc19b36b541..671e198bf59 100644 --- a/source3/auth/auth_winbind.c +++ b/source3/auth/auth_winbind.c @@ -23,6 +23,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_AUTH + /* Prototypes from common.h */ NSS_STATUS winbindd_request(int req_type, @@ -100,12 +103,13 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context, } /* module initialisation */ -BOOL auth_init_winbind(struct auth_context *auth_context, auth_methods **auth_method) +NTSTATUS auth_init_winbind(struct auth_context *auth_context, const char *param, auth_methods **auth_method) { if (!make_auth_methods(auth_context, auth_method)) { - return False; + return NT_STATUS_NO_MEMORY; } + (*auth_method)->name = "winbind"; (*auth_method)->auth = check_winbind_security; - return True; + return NT_STATUS_OK; } diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c index 1428e929f16..1a3e55dd44f 100644 --- a/source3/auth/pampass.c +++ b/source3/auth/pampass.c @@ -29,6 +29,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_AUTH + #ifdef WITH_PAM /******************************************************************* @@ -183,7 +186,7 @@ static void special_char_sub(char *buf) static void pwd_sub(char *buf, const char *username, const char *oldpass, const char *newpass) { - pstring_sub(buf, "%u", username); + fstring_sub(buf, "%u", username); all_string_sub(buf, "%o", oldpass, sizeof(fstring)); all_string_sub(buf, "%n", newpass, sizeof(fstring)); } @@ -494,7 +497,7 @@ static BOOL smb_pam_start(pam_handle_t **pamh, const char *user, const char *rho /* * PAM Authentication Handler */ -static NTSTATUS smb_pam_auth(pam_handle_t *pamh, char *user) +static NTSTATUS smb_pam_auth(pam_handle_t *pamh, const char *user) { int pam_error; NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; @@ -579,7 +582,7 @@ static NTSTATUS smb_pam_account(pam_handle_t *pamh, const char * user) * PAM Credential Setting */ -static NTSTATUS smb_pam_setcred(pam_handle_t *pamh, char * user) +static NTSTATUS smb_pam_setcred(pam_handle_t *pamh, const char * user) { int pam_error; NTSTATUS nt_status = NT_STATUS_NO_TOKEN; @@ -619,7 +622,7 @@ static NTSTATUS smb_pam_setcred(pam_handle_t *pamh, char * user) /* * PAM Internal Session Handler */ -static BOOL smb_internal_pam_session(pam_handle_t *pamh, char *user, char *tty, BOOL flag) +static BOOL smb_internal_pam_session(pam_handle_t *pamh, const char *user, const char *tty, BOOL flag) { int pam_error; @@ -785,7 +788,7 @@ NTSTATUS smb_pam_accountcheck(const char * user) * PAM Password Validation Suite */ -NTSTATUS smb_pam_passcheck(char * user, char * password) +NTSTATUS smb_pam_passcheck(const char * user, const char * password) { pam_handle_t *pamh = NULL; NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; diff --git a/source3/auth/pass_check.c b/source3/auth/pass_check.c index 47c9664a74c..63918796efb 100644 --- a/source3/auth/pass_check.c +++ b/source3/auth/pass_check.c @@ -23,6 +23,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_AUTH + /* these are kept here to keep the string_combinations function simple */ static fstring this_user; #if !defined(WITH_PAM) @@ -433,7 +436,7 @@ try all combinations with N uppercase letters. offset is the first char to try and change (start with 0) it assumes the string starts lowercased ****************************************************************************/ -static NTSTATUS string_combinations2(char *s, int offset, NTSTATUS (*fn) (char *), +static NTSTATUS string_combinations2(char *s, int offset, NTSTATUS (*fn) (const char *), int N) { int len = strlen(s); @@ -467,7 +470,7 @@ try all combinations with up to N uppercase letters. offset is the first char to try and change (start with 0) it assumes the string starts lowercased ****************************************************************************/ -static NTSTATUS string_combinations(char *s, NTSTATUS (*fn) (char *), int N) +static NTSTATUS string_combinations(char *s, NTSTATUS (*fn) (const char *), int N) { int n; NTSTATUS nt_status; @@ -481,7 +484,7 @@ static NTSTATUS string_combinations(char *s, NTSTATUS (*fn) (char *), int N) /**************************************************************************** core of password checking routine ****************************************************************************/ -static NTSTATUS password_check(char *password) +static NTSTATUS password_check(const char *password) { #ifdef WITH_PAM return smb_pam_passcheck(this_user, password); @@ -588,16 +591,13 @@ match is found and is used to update the encrypted password file return NT_STATUS_OK on correct match, appropriate error otherwise ****************************************************************************/ -NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password, - int pwlen, BOOL (*fn) (char *, char *), BOOL run_cracker) +NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *password, + int pwlen, BOOL (*fn) (const char *, const char *), BOOL run_cracker) { - struct passwd *pass; pstring pass2; int level = lp_passwordlevel(); NTSTATUS nt_status; - if (password) - password[pwlen] = 0; #if DEBUG_PASSWORD DEBUG(100, ("checking user=[%s] pass=[%s]\n", user, password)); @@ -624,12 +624,16 @@ NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password, DEBUG(4, ("pass_check: Checking password for user %s (l=%d)\n", user, pwlen)); - if (!input_pass) { + if (!pass) { DEBUG(3, ("Couldn't find user %s\n", user)); return NT_STATUS_NO_SUCH_USER; } - pass = make_modifyable_passwd(input_pass); + + /* Copy into global for the convenience of looping code */ + /* Also the place to keep the 'password' no matter what + crazy struct it started in... */ + fstrcpy(this_crypted, pass->pw_passwd); #ifdef HAVE_GETSPNAM { @@ -642,7 +646,7 @@ NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password, spass = getspnam(pass->pw_name); if (spass && spass->sp_pwdp) - pstrcpy(pass->pw_passwd, spass->sp_pwdp); + fstrcpy(this_crypted, spass->sp_pwdp); } #elif defined(IA_UINFO) { @@ -660,7 +664,7 @@ NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password, { struct pr_passwd *pr_pw = getprpwnam(pass->pw_name); if (pr_pw && pr_pw->ufld.fd_encrypt) - pstrcpy(pass->pw_passwd, pr_pw->ufld.fd_encrypt); + fstrcpy(this_crypted, pr_pw->ufld.fd_encrypt); } #endif @@ -669,7 +673,7 @@ NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password, struct passwd_adjunct *pwret; pwret = getpwanam(s); if (pwret && pwret->pwa_passwd) - pstrcpy(pass->pw_passwd,pwret->pwa_passwd); + fstrcpy(this_crypted, pwret->pwa_passwd); } #endif @@ -680,8 +684,8 @@ NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password, user)); mypasswd = getprpwnam(user); if (mypasswd) { - fstrcpy(pass->pw_name, mypasswd->ufld.fd_name); - fstrcpy(pass->pw_passwd, mypasswd->ufld.fd_encrypt); + fstrcpy(this_user, mypasswd->ufld.fd_name); + fstrcpy(this_crypted, mypasswd->ufld.fd_encrypt); } else { DEBUG(5, ("OSF1_ENH_SEC: No entry for user %s in protected database !\n", @@ -694,7 +698,7 @@ NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password, { AUTHORIZATION *ap = getauthuid(pass->pw_uid); if (ap) { - fstrcpy(pass->pw_passwd, ap->a_password); + fstrcpy(this_crypted, ap->a_password); endauthent(); } } @@ -709,27 +713,20 @@ NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password, this_salt[2] = 0; #endif - /* Copy into global for the convenience of looping code */ - fstrcpy(this_crypted, pass->pw_passwd); - if (!*this_crypted) { if (!lp_null_passwords()) { DEBUG(2, ("Disallowing %s with null password\n", this_user)); - passwd_free(&pass); return NT_STATUS_LOGON_FAILURE; } if (!*password) { DEBUG(3, ("Allowing access to %s with null password\n", this_user)); - passwd_free(&pass); return NT_STATUS_OK; } } - passwd_free(&pass); - #endif /* defined(WITH_PAM) */ /* try it as it came to us */ @@ -752,42 +749,36 @@ NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password, * need to proceed as we know it hasn't been case modified by the * client */ if (strhasupper(password) && strhaslower(password)) { - passwd_free(&pass); return nt_status; } /* make a copy of it */ - StrnCpy(pass2, password, sizeof(pstring) - 1); + pstrcpy(pass2, password); /* try all lowercase if it's currently all uppercase */ - if (strhasupper(password)) { - strlower(password); - if NT_STATUS_IS_OK(nt_status = password_check(password)) { + if (strhasupper(pass2)) { + strlower(pass2); + if NT_STATUS_IS_OK(nt_status = password_check(pass2)) { if (fn) - fn(user, password); + fn(user, pass2); return (nt_status); } } /* give up? */ if (level < 1) { - /* restore it */ - fstrcpy(password, pass2); return NT_STATUS_WRONG_PASSWORD; } /* last chance - all combinations of up to level chars upper! */ - strlower(password); + strlower(pass2); - if NT_STATUS_IS_OK(nt_status = string_combinations(password, password_check, level)) { + if (NT_STATUS_IS_OK(nt_status = string_combinations(pass2, password_check, level))) { if (fn) - fn(user, password); + fn(user, pass2); return nt_status; } - /* restore it */ - fstrcpy(password, pass2); - return NT_STATUS_WRONG_PASSWORD; } diff --git a/source3/client/.cvsignore b/source3/client/.cvsignore index e69de29bb2d..49a52f7616d 100644 --- a/source3/client/.cvsignore +++ b/source3/client/.cvsignore @@ -0,0 +1 @@ +client_proto.h \ No newline at end of file diff --git a/source3/client/client.c b/source3/client/client.c index 1daba28b98e..a421f36d809 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -22,7 +22,7 @@ #define NO_SYSLOG #include "includes.h" - +#include "../client/client_proto.h" #ifndef REGISTER #define REGISTER 0 #endif @@ -34,7 +34,7 @@ extern BOOL in_client; extern BOOL AllowDebugChange; static int port = 0; pstring cur_dir = "\\"; -pstring cd_path = ""; +static pstring cd_path = ""; static pstring service; static pstring desthost; extern pstring global_myname; @@ -61,9 +61,9 @@ static int cmd_help(void); #define FID_UNUSED (0xFFFF) time_t newer_than = 0; -int archive_level = 0; +static int archive_level = 0; -BOOL translation = False; +static BOOL translation = False; static BOOL have_ip; @@ -74,36 +74,39 @@ extern BOOL tar_reset; /* clitar bits end */ -mode_t myumask = 0755; +static mode_t myumask = 0755; -BOOL prompt = True; +static BOOL prompt = True; -int printmode = 1; +static int printmode = 1; static BOOL recurse = False; BOOL lowercase = False; -struct in_addr dest_ip; +static struct in_addr dest_ip; #define SEPARATORS " \t\n\r" -BOOL abort_mget = True; +static BOOL abort_mget = True; -pstring fileselection = ""; +static pstring fileselection = ""; extern file_info def_finfo; /* timing globals */ int get_total_size = 0; int get_total_time_ms = 0; -int put_total_size = 0; -int put_total_time_ms = 0; +static int put_total_size = 0; +static int put_total_time_ms = 0; /* totals globals */ static double dir_total; #define USENMB +/* some forward declarations */ +static struct cli_state *do_connect(const char *server, const char *share); + /**************************************************************************** write to a local file with CR/LF->LF translation if appropriate. return the number taken from the buffer. This may not equal the number written. @@ -1120,7 +1123,10 @@ static int do_put(char *rname,char *lname) } - x_fclose(f); + if (f != x_stdin) { + x_fclose(f); + } + SAFE_FREE(buf); { @@ -1958,7 +1964,7 @@ static BOOL list_servers(char *wk_grp) * field is NULL, and NULL in that field is used in process_tok() * (below) to indicate the end of the list. crh */ -struct +static struct { char *name; int (*fn)(void); @@ -2080,6 +2086,14 @@ static int process_command_string(char *cmd) char *ptr; int rc = 0; + /* establish the connection if not already */ + + if (!cli) { + cli = do_connect(desthost, service); + if (!cli) + return 0; + } + while (cmd[0] != '\0') { char *p; fstring tok; @@ -2230,7 +2244,7 @@ static void process_stdin(void) /***************************************************** return a connection to a server *******************************************************/ -struct cli_state *do_connect(const char *server, const char *share) +static struct cli_state *do_connect(const char *server, const char *share) { struct cli_state *c; struct nmb_name called, calling; @@ -2484,9 +2498,13 @@ handle a tar operation static int do_tar_op(char *base_directory) { int ret; - cli = do_connect(desthost, service); - if (!cli) - return 1; + + /* do we already have a connection? */ + if (!cli) { + cli = do_connect(desthost, service); + if (!cli) + return 1; + } recurse=True; @@ -2623,10 +2641,6 @@ static void remember_query_host(const char *arg, } DEBUGLEVEL = old_debug; -#ifdef WITH_SSL - sslutil_init(0); -#endif - pstrcpy(workgroup,lp_workgroup()); load_interfaces(); diff --git a/source3/client/clitar.c b/source3/client/clitar.c index 9fa3750b0c2..43b0ef44bc7 100644 --- a/source3/client/clitar.c +++ b/source3/client/clitar.c @@ -37,6 +37,7 @@ #include "includes.h" #include "clitar.h" +#include "../client/client_proto.h" static int clipfind(char **aret, int ret, char *tok); @@ -65,8 +66,6 @@ typedef struct } stack; -stack dir_stack = {NULL, 0}; /* Want an empty stack */ - #define SEPARATORS " \t\n\r" extern struct cli_state *cli; @@ -85,25 +84,25 @@ static char *tarbuf, *buffer_p; static int tp, ntarf, tbufsiz; static double ttarf; /* Incremental mode */ -BOOL tar_inc=False; +static BOOL tar_inc=False; /* Reset archive bit */ -BOOL tar_reset=False; +static BOOL tar_reset=False; /* Include / exclude mode (true=include, false=exclude) */ -BOOL tar_excl=True; +static BOOL tar_excl=True; /* use regular expressions for search on file names */ -BOOL tar_re_search=False; +static BOOL tar_re_search=False; #ifdef HAVE_REGEX_H regex_t *preg; #endif /* Do not dump anything, just calculate sizes */ -BOOL dry_run=False; +static BOOL dry_run=False; /* Dump files with System attribute */ -BOOL tar_system=True; +static BOOL tar_system=True; /* Dump files with Hidden attribute */ -BOOL tar_hidden=True; +static BOOL tar_hidden=True; /* Be noisy - make a catalogue */ -BOOL tar_noisy=True; -BOOL tar_real_noisy=False; /* Don't want to be really noisy by default */ +static BOOL tar_noisy=True; +static BOOL tar_real_noisy=False; /* Don't want to be really noisy by default */ char tar_type='\0'; static char **cliplist=NULL; @@ -119,8 +118,8 @@ extern pstring cur_dir; extern int get_total_time_ms; extern int get_total_size; -int blocksize=20; -int tarhandle; +static int blocksize=20; +static int tarhandle; static void writetarheader(int f, char *aname, int size, time_t mtime, char *amode, unsigned char ftype); diff --git a/source3/client/smbmnt.c b/source3/client/smbmnt.c index 36248987b1e..ba2b1e9435d 100644 --- a/source3/client/smbmnt.c +++ b/source3/client/smbmnt.c @@ -111,13 +111,13 @@ fullpath(const char *p) OK then we change into that directory - this prevents race conditions */ static int mount_ok(char *mount_point) { - SMB_STRUCT_STAT st; + struct stat st; if (chdir(mount_point) != 0) { return -1; } - if (sys_stat(".", &st) != 0) { + if (stat(".", &st) != 0) { return -1; } diff --git a/source3/client/smbspool.c b/source3/client/smbspool.c index 2a2d5cbaf59..b78d9d22a80 100644 --- a/source3/client/smbspool.c +++ b/source3/client/smbspool.c @@ -3,6 +3,7 @@ SMB backend for the Common UNIX Printing System ("CUPS") Copyright 1999 by Easy Software Products Copyright Andrew Tridgell 1994-1998 + Copyright Andrew Bartlett 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -271,72 +272,25 @@ smb_connect(char *workgroup, /* I - Workgroup */ char *password) /* I - Password */ { struct cli_state *c; /* New connection */ - struct nmb_name called, /* NMB name of server */ - calling; /* NMB name of client */ - struct in_addr ip; /* IP address of server */ pstring myname; /* Client name */ - + NTSTATUS nt_status; /* * Get the names and addresses of the client and server... */ get_myname(myname); - - zero_ip(&ip); - - make_nmb_name(&calling, myname, 0x0); - make_nmb_name(&called, server, 0x20); - - /* - * Open a new connection to the SMB server... - */ - - if ((c = cli_initialise(NULL)) == NULL) - { - fputs("ERROR: cli_initialize() failed...\n", stderr); - return (NULL); - } - - if (!cli_connect(c, server, &ip)) - { - fputs("ERROR: cli_connect() failed...\n", stderr); - return (NULL); + + nt_status = cli_full_connection(&c, myname, server, NULL, 0, share, "?????", + username, lp_workgroup(), password, 0); + + if (NT_STATUS_IS_OK(nt_status)) { + return c; + } else { + fprintf(stderr, "ERROR: Connection failed with error %s\n", nt_errstr(nt_status)); + return NULL; } - if (!cli_session_request(c, &calling, &called)) - { - fputs("ERROR: cli_session_request() failed...\n", stderr); - return (NULL); - } - - if (!cli_negprot(c)) - { - fputs("ERROR: SMB protocol negotiation failed\n", stderr); - cli_shutdown(c); - return (NULL); - } - - /* - * Do password stuff... - */ - - if (!cli_session_setup(c, username, - password, strlen(password), - password, strlen(password), - workgroup)) - { - fprintf(stderr, "ERROR: SMB session setup failed: %s\n", cli_errstr(c)); - return (NULL); - } - - if (!cli_send_tconX(c, share, "?????", - password, strlen(password)+1)) - { - fprintf(stderr, "ERROR: SMB tree connect failed: %s\n", cli_errstr(c)); - cli_shutdown(c); - return (NULL); - } /* * Return the new connection... diff --git a/source3/configure b/source3/configure index f088d6cb79d..be0e78133a7 100755 --- a/source3/configure +++ b/source3/configure @@ -13,13 +13,29 @@ ac_default_prefix=/usr/local # Any additions from configure.in: ac_default_prefix=/usr/local/samba ac_help="$ac_help - --enable-debug turn on debugging [default=no]" + --with-fhs Use FHS-compliant paths (default=no)" ac_help="$ac_help - --enable-developer turn on developer warnings and debugging [default=no]" + --with-privatedir=DIR Where to put smbpasswd ($ac_default_prefix/private)" +ac_help="$ac_help + --with-lockdir=DIR Where to put lock files ($ac_default_prefix/var/locks)" +ac_help="$ac_help + --with-piddir=DIR Where to put pid files ($ac_default_prefix/var/locks)" +ac_help="$ac_help + --with-swatdir=DIR Where to put SWAT files ($ac_default_prefix/swat)" +ac_help="$ac_help + --with-configdir=DIR Where to put configuration files (\$libdir)" +ac_help="$ac_help + --with-logfilebase=DIR Where to put log files (\$(VARDIR))" +ac_help="$ac_help + --enable-debug Turn on compiler debugging information (default=no)" +ac_help="$ac_help + --enable-developer Turn on developer warnings and debugging (default=no)" ac_help="$ac_help - --enable-krb5developer turn on developer warnings and debugging, except -Wstrict-prototypes [default=no]" + --enable-krb5developer Turn on developer warnings and debugging, except -Wstrict-prototypes (default=no)" ac_help="$ac_help - --enable-dmalloc enable heap debugging [default=no]" + --enable-dmalloc Enable heap debugging [default=no]" +ac_help="$ac_help + --enable-cups Turn on CUPS support (default=auto)" ac_help="$ac_help --with-readline[=DIR] Look for readline include/libs in DIR (default=auto) " ac_help="$ac_help @@ -42,16 +58,10 @@ ac_help="$ac_help --with-pam_smbpass Build a PAM module to allow other applications to use our smbpasswd file (default=no)" ac_help="$ac_help --with-tdbsam Include experimental TDB SAM support (default=no)" -ac_help="$ac_help - --with-ldapsam Include experimental LDAP SAM support (default=no)" ac_help="$ac_help --with-nisplussam Include NISPLUS SAM support (default=no)" ac_help="$ac_help --with-nisplus-home Include NISPLUS_HOME support (default=no)" -ac_help="$ac_help - --with-ssl Include SSL support (default=no) - --with-sslinc=DIR Where the SSL includes are (defaults to /usr/local/ssl/include) - --with-ssllib=DIR Where the SSL libraries are (defaults to /usr/local/ssl/lib)" ac_help="$ac_help --with-syslog Include experimental SYSLOG support (default=no)" ac_help="$ac_help @@ -60,14 +70,10 @@ ac_help="$ac_help --with-quotas Include experimental disk-quota support (default=no)" ac_help="$ac_help --with-utmp Include experimental utmp accounting (default=no)" -ac_help="$ac_help - --with-privatedir=DIR Where to put smbpasswd ($ac_default_prefix/private)" -ac_help="$ac_help - --with-lockdir=DIR Where to put lock files ($ac_default_prefix/var/locks)" -ac_help="$ac_help - --with-swatdir=DIR Where to put SWAT files ($ac_default_prefix/swat)" ac_help="$ac_help --with-manpages-langs={en,ja,pl} Choose man pages' language(s). (en)" +ac_help="$ac_help + --with-libsmbclient Build the libsmbclient shared library (default=yes)" ac_help="$ac_help --with-spinlocks Use spin locks instead of fcntl locks (default=no) " ac_help="$ac_help @@ -587,16 +593,145 @@ fi -# we want to be compatible with older versions of Samba +################################################# +# Directory handling stuff to support both the +# legacy SAMBA directories and FHS compliant +# ones... +# Check whether --with-fhs or --without-fhs was given. +if test "${with_fhs+set}" = set; then + withval="$with_fhs" + configdir="${sysconfdir}/samba" + lockdir="\${VARDIR}/cache/samba" + piddir="\$(VARDIR)/run/samba" + logfilebase="\${VARDIR}/log/samba" + privatedir="\${CONFIGDIR}/private" + swatdir="\${DATADIR}/samba/swat" +else + configdir="\$(LIBDIR)" + logfilebase="\$(VARDIR)" + lockdir="\${VARDIR}/locks" + piddir="\$(VARDIR)/locks" + privatedir="\${prefix}/private" + swatdir="\${prefix}/swat" +fi +################################################# +# set private directory location +# Check whether --with-privatedir or --without-privatedir was given. +if test "${with_privatedir+set}" = set; then + withval="$with_privatedir" + case "$withval" in + yes|no) + # + # Just in case anybody calls it without argument + # + echo "configure: warning: --with-privatedir called without argument - will use default" 1>&2 + ;; + * ) + privatedir="$withval" + ;; + esac +fi +################################################# +# set lock directory location +# Check whether --with-lockdir or --without-lockdir was given. +if test "${with_lockdir+set}" = set; then + withval="$with_lockdir" + case "$withval" in + yes|no) + # + # Just in case anybody calls it without argument + # + echo "configure: warning: --with-lockdir called without argument - will use default" 1>&2 + ;; + * ) + lockdir="$withval" + ;; + esac +fi +################################################# +# set pid directory location +# Check whether --with-piddir or --without-piddir was given. +if test "${with_piddir+set}" = set; then + withval="$with_piddir" + case "$withval" in + yes|no) + # + # Just in case anybody calls it without argument + # + echo "configure: warning: --with-piddir called without argument - will use default" 1>&2 + ;; + * ) + piddir="$withval" + ;; + esac +fi + + +################################################# +# set SWAT directory location +# Check whether --with-swatdir or --without-swatdir was given. +if test "${with_swatdir+set}" = set; then + withval="$with_swatdir" + case "$withval" in + yes|no) + # + # Just in case anybody does it + # + echo "configure: warning: --with-swatdir called without argument - will use default" 1>&2 + ;; + * ) + swatdir="$withval" + ;; + esac +fi + + +################################################# +# set configuration directory location +# Check whether --with-configdir or --without-configdir was given. +if test "${with_configdir+set}" = set; then + withval="$with_configdir" + case "$withval" in + yes|no) + # + # Just in case anybody does it + # + echo "configure: warning: --with-configdir called without argument - will use default" 1>&2 + ;; + * ) + configdir="$withval" + ;; + esac +fi + + +################################################# +# set log directory location +# Check whether --with-logfilebase or --without-logfilebase was given. +if test "${with_logfilebase+set}" = set; then + withval="$with_logfilebase" + case "$withval" in + yes|no) + # + # Just in case anybody does it + # + echo "configure: warning: --with-logfilebase called without argument - will use default" 1>&2 + ;; + * ) + logfilebase="$withval" + ;; + esac +fi + @@ -605,7 +740,27 @@ fi -# compile with optimisation and without debugging by default + + + + + + + + + + + + + + + + + + + + +# compile with optimization and without debugging by default CFLAGS="-O ${CFLAGS}" # Check whether --enable-debug or --disable-debug was given. @@ -658,7 +813,7 @@ fi # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:662: checking for $ac_word" >&5 +echo "configure:817: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -688,7 +843,7 @@ if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:692: checking for $ac_word" >&5 +echo "configure:847: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -739,7 +894,7 @@ fi # Extract the first word of "cl", so it can be a program name with args. set dummy cl; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:743: checking for $ac_word" >&5 +echo "configure:898: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -771,7 +926,7 @@ fi fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 -echo "configure:775: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 +echo "configure:930: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 ac_ext=c # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. @@ -782,12 +937,12 @@ cross_compiling=$ac_cv_prog_cc_cross cat > conftest.$ac_ext << EOF -#line 786 "configure" +#line 941 "configure" #include "confdefs.h" main(){return(0);} EOF -if { (eval echo configure:791: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:946: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ac_cv_prog_cc_works=yes # If we can't run a trivial program, we are probably using a cross compiler. if (./conftest; exit) 2>/dev/null; then @@ -813,12 +968,12 @@ if test $ac_cv_prog_cc_works = no; then { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 -echo "configure:817: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 +echo "configure:972: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 cross_compiling=$ac_cv_prog_cc_cross echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 -echo "configure:822: checking whether we are using GNU C" >&5 +echo "configure:977: checking whether we are using GNU C" >&5 if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -827,7 +982,7 @@ else yes; #endif EOF -if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:831: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then +if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:986: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then ac_cv_prog_gcc=yes else ac_cv_prog_gcc=no @@ -846,7 +1001,7 @@ ac_test_CFLAGS="${CFLAGS+set}" ac_save_CFLAGS="$CFLAGS" CFLAGS= echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 -echo "configure:850: checking whether ${CC-cc} accepts -g" >&5 +echo "configure:1005: checking whether ${CC-cc} accepts -g" >&5 if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -908,7 +1063,7 @@ ac_configure=$ac_aux_dir/configure # This should be Cygnus configure. # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # ./install, which can be erroneously created by make from ./install.sh. echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6 -echo "configure:912: checking for a BSD compatible install" >&5 +echo "configure:1067: checking for a BSD compatible install" >&5 if test -z "$INSTALL"; then if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -960,12 +1115,12 @@ test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL_PROGRAM}' test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' -for ac_prog in mawk gawk nawk awk +for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:969: checking for $ac_word" >&5 +echo "configure:1124: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_AWK'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -995,8 +1150,25 @@ test -n "$AWK" && break done +LD=ld +echo $ac_n "checking if the linker ($LD) is GNU ld""... $ac_c" 1>&6 +echo "configure:1156: checking if the linker ($LD) is GNU ld" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_gnu_ld'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + # I'd rather use --version here, but apparently some GNU ld's only accept -v. +if $LD -v 2>&1 &5; then + ac_cv_prog_gnu_ld=yes +else + ac_cv_prog_gnu_ld=no +fi +fi + +echo "$ac_t""$ac_cv_prog_gnu_ld" 1>&6 + + echo $ac_n "checking for POSIXized ISC""... $ac_c" 1>&6 -echo "configure:1000: checking for POSIXized ISC" >&5 +echo "configure:1172: checking for POSIXized ISC" >&5 if test -d /etc/conf/kconfig.d && grep _POSIX_VERSION /usr/include/sys/unistd.h >/dev/null 2>&1 then @@ -1019,10 +1191,10 @@ fi if test "x$CC" != xcc; then echo $ac_n "checking whether $CC and cc understand -c and -o together""... $ac_c" 1>&6 -echo "configure:1023: checking whether $CC and cc understand -c and -o together" >&5 +echo "configure:1195: checking whether $CC and cc understand -c and -o together" >&5 else echo $ac_n "checking whether cc understands -c and -o together""... $ac_c" 1>&6 -echo "configure:1026: checking whether cc understands -c and -o together" >&5 +echo "configure:1198: checking whether cc understands -c and -o together" >&5 fi set dummy $CC; ac_cc="`echo $2 | sed -e 's/[^a-zA-Z0-9_]/_/g' -e 's/^[0-9]/_/'`" @@ -1034,16 +1206,16 @@ else # We do the test twice because some compilers refuse to overwrite an # existing .o file with -o, though they will create one. ac_try='${CC-cc} -c conftest.c -o conftest.o 1>&5' -if { (eval echo configure:1038: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } && - test -f conftest.o && { (eval echo configure:1039: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; +if { (eval echo configure:1210: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } && + test -f conftest.o && { (eval echo configure:1211: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; then eval ac_cv_prog_cc_${ac_cc}_c_o=yes if test "x$CC" != xcc; then # Test first that cc exists at all. - if { ac_try='cc -c conftest.c 1>&5'; { (eval echo configure:1044: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; }; then + if { ac_try='cc -c conftest.c 1>&5'; { (eval echo configure:1216: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; }; then ac_try='cc -c conftest.c -o conftest.o 1>&5' - if { (eval echo configure:1046: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } && - test -f conftest.o && { (eval echo configure:1047: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; + if { (eval echo configure:1218: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } && + test -f conftest.o && { (eval echo configure:1219: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; then # cc works too. : @@ -1077,20 +1249,20 @@ fi echo $ac_n "checking that the C compiler understands volatile""... $ac_c" 1>&6 -echo "configure:1081: checking that the C compiler understands volatile" >&5 +echo "configure:1253: checking that the C compiler understands volatile" >&5 if eval "test \"`echo '$''{'samba_cv_volatile'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { volatile int i = 0 ; return 0; } EOF -if { (eval echo configure:1094: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:1266: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_volatile=yes else @@ -1139,7 +1311,7 @@ else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; } fi echo $ac_n "checking host system type""... $ac_c" 1>&6 -echo "configure:1143: checking host system type" >&5 +echo "configure:1315: checking host system type" >&5 host_alias=$host case "$host_alias" in @@ -1160,7 +1332,7 @@ host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` echo "$ac_t""$host" 1>&6 echo $ac_n "checking target system type""... $ac_c" 1>&6 -echo "configure:1164: checking target system type" >&5 +echo "configure:1336: checking target system type" >&5 target_alias=$target case "$target_alias" in @@ -1178,7 +1350,7 @@ target_os=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` echo "$ac_t""$target" 1>&6 echo $ac_n "checking build system type""... $ac_c" 1>&6 -echo "configure:1182: checking build system type" >&5 +echo "configure:1354: checking build system type" >&5 build_alias=$build case "$build_alias" in @@ -1212,7 +1384,7 @@ esac echo $ac_n "checking config.cache system type""... $ac_c" 1>&6 -echo "configure:1216: checking config.cache system type" >&5 +echo "configure:1388: checking config.cache system type" >&5 if { test x"${ac_cv_host_system_type+set}" = x"set" && test x"$ac_cv_host_system_type" != x"$host"; } || { test x"${ac_cv_build_system_type+set}" = x"set" && @@ -1240,7 +1412,7 @@ case "$host_os" in *hpux*) echo $ac_n "checking whether ${CC-cc} accepts -Ae""... $ac_c" 1>&6 -echo "configure:1244: checking whether ${CC-cc} accepts -Ae" >&5 +echo "configure:1416: checking whether ${CC-cc} accepts -Ae" >&5 if eval "test \"`echo '$''{'ac_cv_prog_cc_Ae'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1382,7 +1554,6 @@ EOF ;; esac else - DYNEXP="-dc -dp" CPPFLAGS="$CPPFLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" cat >> confdefs.h <<\EOF #define _LARGEFILE64_SOURCE 1 @@ -1402,14 +1573,14 @@ EOF *sysv4*) if test $host = mips-sni-sysv4 ; then echo $ac_n "checking for LFS support""... $ac_c" 1>&6 -echo "configure:1406: checking for LFS support" >&5 +echo "configure:1577: checking for LFS support" >&5 old_CPPFLAGS="$CPPFLAGS" CPPFLAGS="-D_LARGEFILE64_SOURCE $CPPFLAGS" if test "$cross_compiling" = yes; then SINIX_LFS_SUPPORT=cross else cat > conftest.$ac_ext < @@ -1421,7 +1592,7 @@ exit(1); #endif } EOF -if { (eval echo configure:1425: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:1596: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then SINIX_LFS_SUPPORT=yes else @@ -1452,14 +1623,14 @@ EOF # *linux*) echo $ac_n "checking for LFS support""... $ac_c" 1>&6 -echo "configure:1456: checking for LFS support" >&5 +echo "configure:1627: checking for LFS support" >&5 old_CPPFLAGS="$CPPFLAGS" CPPFLAGS="-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE $CPPFLAGS" if test "$cross_compiling" = yes; then LINUX_LFS_SUPPORT=cross else cat > conftest.$ac_ext < @@ -1497,7 +1668,7 @@ main() { } EOF -if { (eval echo configure:1501: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:1672: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then LINUX_LFS_SUPPORT=yes else @@ -1530,14 +1701,14 @@ EOF *hurd*) echo $ac_n "checking for LFS support""... $ac_c" 1>&6 -echo "configure:1534: checking for LFS support" >&5 +echo "configure:1705: checking for LFS support" >&5 old_CPPFLAGS="$CPPFLAGS" CPPFLAGS="-D_LARGEFILE64_SOURCE -D_GNU_SOURCE $CPPFLAGS" if test "$cross_compiling" = yes; then GLIBC_LFS_SUPPORT=cross else cat > conftest.$ac_ext < @@ -1549,7 +1720,7 @@ exit(1); #endif } EOF -if { (eval echo configure:1553: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:1724: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then GLIBC_LFS_SUPPORT=yes else @@ -1579,21 +1750,21 @@ EOF esac echo $ac_n "checking for inline""... $ac_c" 1>&6 -echo "configure:1583: checking for inline" >&5 +echo "configure:1754: checking for inline" >&5 if eval "test \"`echo '$''{'ac_cv_c_inline'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_cv_c_inline=no for ac_kw in inline __inline__ __inline; do cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:1768: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_c_inline=$ac_kw; break else @@ -1619,7 +1790,7 @@ EOF esac echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 -echo "configure:1623: checking how to run the C preprocessor" >&5 +echo "configure:1794: checking how to run the C preprocessor" >&5 # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= @@ -1634,13 +1805,13 @@ else # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1644: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1815: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -1651,13 +1822,13 @@ else rm -rf conftest* CPP="${CC-cc} -E -traditional-cpp" cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1661: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1832: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -1668,13 +1839,13 @@ else rm -rf conftest* CPP="${CC-cc} -nologo -E" cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1678: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1849: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -1699,12 +1870,12 @@ fi echo "$ac_t""$CPP" 1>&6 echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 -echo "configure:1703: checking for ANSI C header files" >&5 +echo "configure:1874: checking for ANSI C header files" >&5 if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -1712,7 +1883,7 @@ else #include EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1716: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1887: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -1729,7 +1900,7 @@ rm -f conftest* if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat > conftest.$ac_ext < EOF @@ -1747,7 +1918,7 @@ fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat > conftest.$ac_ext < EOF @@ -1768,7 +1939,7 @@ if test "$cross_compiling" = yes; then : else cat > conftest.$ac_ext < #define ISLOWER(c) ('a' <= (c) && (c) <= 'z') @@ -1779,7 +1950,7 @@ if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2); exit (0); } EOF -if { (eval echo configure:1783: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:1954: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then : else @@ -1807,12 +1978,12 @@ for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr that defines DIR""... $ac_c" 1>&6 -echo "configure:1811: checking for $ac_hdr that defines DIR" >&5 +echo "configure:1982: checking for $ac_hdr that defines DIR" >&5 if eval "test \"`echo '$''{'ac_cv_header_dirent_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include <$ac_hdr> @@ -1820,7 +1991,7 @@ int main() { DIR *dirp = 0; ; return 0; } EOF -if { (eval echo configure:1824: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:1995: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* eval "ac_cv_header_dirent_$ac_safe=yes" else @@ -1845,7 +2016,7 @@ done # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. if test $ac_header_dirent = dirent.h; then echo $ac_n "checking for opendir in -ldir""... $ac_c" 1>&6 -echo "configure:1849: checking for opendir in -ldir" >&5 +echo "configure:2020: checking for opendir in -ldir" >&5 ac_lib_var=`echo dir'_'opendir | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1853,7 +2024,7 @@ else ac_save_LIBS="$LIBS" LIBS="-ldir $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:2039: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1886,7 +2057,7 @@ fi else echo $ac_n "checking for opendir in -lx""... $ac_c" 1>&6 -echo "configure:1890: checking for opendir in -lx" >&5 +echo "configure:2061: checking for opendir in -lx" >&5 ac_lib_var=`echo x'_'opendir | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1894,7 +2065,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lx $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:2080: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1928,12 +2099,12 @@ fi fi echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6 -echo "configure:1932: checking whether time.h and sys/time.h may both be included" >&5 +echo "configure:2103: checking whether time.h and sys/time.h may both be included" >&5 if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -1942,7 +2113,7 @@ int main() { struct tm *tp; ; return 0; } EOF -if { (eval echo configure:1946: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:2117: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_header_time=yes else @@ -1963,12 +2134,12 @@ EOF fi echo $ac_n "checking for sys/wait.h that is POSIX.1 compatible""... $ac_c" 1>&6 -echo "configure:1967: checking for sys/wait.h that is POSIX.1 compatible" >&5 +echo "configure:2138: checking for sys/wait.h that is POSIX.1 compatible" >&5 if eval "test \"`echo '$''{'ac_cv_header_sys_wait_h'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -1984,7 +2155,7 @@ wait (&s); s = WIFEXITED (s) ? WEXITSTATUS (s) : 1; ; return 0; } EOF -if { (eval echo configure:1988: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:2159: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_header_sys_wait_h=yes else @@ -2008,17 +2179,17 @@ for ac_hdr in arpa/inet.h sys/fcntl.h sys/select.h fcntl.h sys/time.h sys/unistd do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2012: checking for $ac_hdr" >&5 +echo "configure:2183: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2022: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2193: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -2048,17 +2219,17 @@ for ac_hdr in unistd.h utime.h grp.h sys/id.h limits.h memory.h net/if.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2052: checking for $ac_hdr" >&5 +echo "configure:2223: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2062: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2233: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -2088,17 +2259,17 @@ for ac_hdr in compat.h rpc/rpc.h rpcsvc/nis.h rpcsvc/yp_prot.h rpcsvc/ypclnt.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2092: checking for $ac_hdr" >&5 +echo "configure:2263: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2102: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2273: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -2128,17 +2299,17 @@ for ac_hdr in sys/param.h ctype.h sys/wait.h sys/resource.h sys/ioctl.h sys/ipc. do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2132: checking for $ac_hdr" >&5 +echo "configure:2303: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2142: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2313: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -2168,17 +2339,17 @@ for ac_hdr in sys/mman.h sys/filio.h sys/priv.h sys/shm.h string.h strings.h std do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2172: checking for $ac_hdr" >&5 +echo "configure:2343: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2182: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2353: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -2208,17 +2379,17 @@ for ac_hdr in sys/mount.h sys/vfs.h sys/fs/s5param.h sys/filsys.h termios.h term do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2212: checking for $ac_hdr" >&5 +echo "configure:2383: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2222: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2393: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -2248,17 +2419,17 @@ for ac_hdr in sys/termio.h sys/statfs.h sys/dustat.h sys/statvfs.h stdarg.h sys/ do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2252: checking for $ac_hdr" >&5 +echo "configure:2423: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2262: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2433: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -2284,21 +2455,21 @@ else fi done -for ac_hdr in security/pam_modules.h security/_pam_macros.h ldap.h lber.h +for ac_hdr in security/pam_modules.h security/_pam_macros.h ldap.h lber.h dlfcn.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2292: checking for $ac_hdr" >&5 +echo "configure:2463: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2302: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2473: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -2332,14 +2503,14 @@ done case "$host_os" in *hpux*) cat > conftest.$ac_ext < int main() { struct spwd testme ; return 0; } EOF -if { (eval echo configure:2343: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:2514: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_header_shadow_h=yes else @@ -2361,17 +2532,17 @@ for ac_hdr in shadow.h netinet/ip.h netinet/tcp.h netinet/in_systm.h netinet/in_ do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2365: checking for $ac_hdr" >&5 +echo "configure:2536: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2375: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2546: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -2401,17 +2572,17 @@ for ac_hdr in nss.h nss_common.h ns_api.h sys/security.h security/pam_appl.h sec do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2405: checking for $ac_hdr" >&5 +echo "configure:2576: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2415: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2586: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -2441,17 +2612,17 @@ for ac_hdr in stropts.h poll.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2445: checking for $ac_hdr" >&5 +echo "configure:2616: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2455: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2626: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -2481,17 +2652,17 @@ for ac_hdr in sys/capability.h syscall.h sys/syscall.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2485: checking for $ac_hdr" >&5 +echo "configure:2656: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2495: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2666: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -2521,17 +2692,17 @@ for ac_hdr in sys/acl.h sys/cdefs.h glob.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2525: checking for $ac_hdr" >&5 +echo "configure:2696: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2535: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2706: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -2563,17 +2734,17 @@ for ac_hdr in utmp.h utmpx.h lastlog.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2567: checking for $ac_hdr" >&5 +echo "configure:2738: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2577: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2748: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -2605,17 +2776,17 @@ for ac_hdr in sys/fs/vx_quota.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2609: checking for $ac_hdr" >&5 +echo "configure:2780: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2619: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2790: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -2647,17 +2818,17 @@ for ac_hdr in linux/xqm.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2651: checking for $ac_hdr" >&5 +echo "configure:2822: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2661: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2832: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -2685,7 +2856,7 @@ done echo $ac_n "checking size of int""... $ac_c" 1>&6 -echo "configure:2689: checking size of int" >&5 +echo "configure:2860: checking size of int" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_int'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2693,19 +2864,18 @@ else ac_cv_sizeof_int=cross else cat > conftest.$ac_ext < -#include -main() +int main() { FILE *f=fopen("conftestval", "w"); - if (!f) exit(1); + if (!f) return(1); fprintf(f, "%d\n", sizeof(int)); - exit(0); + return(0); } EOF -if { (eval echo configure:2709: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:2879: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_int=`cat conftestval` else @@ -2725,7 +2895,7 @@ EOF echo $ac_n "checking size of long""... $ac_c" 1>&6 -echo "configure:2729: checking size of long" >&5 +echo "configure:2899: checking size of long" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_long'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2733,19 +2903,18 @@ else ac_cv_sizeof_long=cross else cat > conftest.$ac_ext < -#include -main() +int main() { FILE *f=fopen("conftestval", "w"); - if (!f) exit(1); + if (!f) return(1); fprintf(f, "%d\n", sizeof(long)); - exit(0); + return(0); } EOF -if { (eval echo configure:2749: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:2918: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_long=`cat conftestval` else @@ -2765,7 +2934,7 @@ EOF echo $ac_n "checking size of short""... $ac_c" 1>&6 -echo "configure:2769: checking size of short" >&5 +echo "configure:2938: checking size of short" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_short'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2773,19 +2942,18 @@ else ac_cv_sizeof_short=cross else cat > conftest.$ac_ext < -#include -main() +int main() { FILE *f=fopen("conftestval", "w"); - if (!f) exit(1); + if (!f) return(1); fprintf(f, "%d\n", sizeof(short)); - exit(0); + return(0); } EOF -if { (eval echo configure:2789: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:2957: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_short=`cat conftestval` else @@ -2806,12 +2974,12 @@ EOF echo $ac_n "checking for working const""... $ac_c" 1>&6 -echo "configure:2810: checking for working const" >&5 +echo "configure:2978: checking for working const" >&5 if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3032: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_c_const=yes else @@ -2881,21 +3049,21 @@ EOF fi echo $ac_n "checking for inline""... $ac_c" 1>&6 -echo "configure:2885: checking for inline" >&5 +echo "configure:3053: checking for inline" >&5 if eval "test \"`echo '$''{'ac_cv_c_inline'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_cv_c_inline=no for ac_kw in inline __inline__ __inline; do cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3067: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_c_inline=$ac_kw; break else @@ -2921,14 +3089,14 @@ EOF esac echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6 -echo "configure:2925: checking whether byte ordering is bigendian" >&5 +echo "configure:3093: checking whether byte ordering is bigendian" >&5 if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_cv_c_bigendian=unknown # See if sys/param.h defines the BYTE_ORDER macro. cat > conftest.$ac_ext < #include @@ -2939,11 +3107,11 @@ int main() { #endif ; return 0; } EOF -if { (eval echo configure:2943: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3111: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* # It does; now see whether it defined to BIG_ENDIAN or not. cat > conftest.$ac_ext < #include @@ -2954,7 +3122,7 @@ int main() { #endif ; return 0; } EOF -if { (eval echo configure:2958: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3126: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_c_bigendian=yes else @@ -2974,7 +3142,7 @@ if test "$cross_compiling" = yes; then { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3159: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_c_bigendian=no else @@ -3011,14 +3179,14 @@ EOF fi echo $ac_n "checking whether char is unsigned""... $ac_c" 1>&6 -echo "configure:3015: checking whether char is unsigned" >&5 +echo "configure:3183: checking whether char is unsigned" >&5 if eval "test \"`echo '$''{'ac_cv_c_char_unsigned'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test "$GCC" = yes; then # GCC predefines this symbol on systems where it applies. cat > conftest.$ac_ext <&2; exit 1; } else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3222: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_c_char_unsigned=yes else @@ -3075,12 +3243,12 @@ fi echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6 -echo "configure:3079: checking return type of signal handlers" >&5 +echo "configure:3247: checking return type of signal handlers" >&5 if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -3097,7 +3265,7 @@ int main() { int i; ; return 0; } EOF -if { (eval echo configure:3101: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3269: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_type_signal=void else @@ -3116,12 +3284,12 @@ EOF echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6 -echo "configure:3120: checking for uid_t in sys/types.h" >&5 +echo "configure:3288: checking for uid_t in sys/types.h" >&5 if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF @@ -3150,12 +3318,12 @@ EOF fi echo $ac_n "checking for mode_t""... $ac_c" 1>&6 -echo "configure:3154: checking for mode_t" >&5 +echo "configure:3322: checking for mode_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_mode_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -3183,12 +3351,12 @@ EOF fi echo $ac_n "checking for off_t""... $ac_c" 1>&6 -echo "configure:3187: checking for off_t" >&5 +echo "configure:3355: checking for off_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -3216,12 +3384,12 @@ EOF fi echo $ac_n "checking for size_t""... $ac_c" 1>&6 -echo "configure:3220: checking for size_t" >&5 +echo "configure:3388: checking for size_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -3249,12 +3417,12 @@ EOF fi echo $ac_n "checking for pid_t""... $ac_c" 1>&6 -echo "configure:3253: checking for pid_t" >&5 +echo "configure:3421: checking for pid_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_pid_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -3282,12 +3450,12 @@ EOF fi echo $ac_n "checking for st_rdev in struct stat""... $ac_c" 1>&6 -echo "configure:3286: checking for st_rdev in struct stat" >&5 +echo "configure:3454: checking for st_rdev in struct stat" >&5 if eval "test \"`echo '$''{'ac_cv_struct_st_rdev'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -3295,7 +3463,7 @@ int main() { struct stat s; s.st_rdev; ; return 0; } EOF -if { (eval echo configure:3299: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3467: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_struct_st_rdev=yes else @@ -3316,12 +3484,12 @@ EOF fi echo $ac_n "checking for d_off in dirent""... $ac_c" 1>&6 -echo "configure:3320: checking for d_off in dirent" >&5 +echo "configure:3488: checking for d_off in dirent" >&5 if eval "test \"`echo '$''{'ac_cv_dirent_d_off'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < @@ -3331,7 +3499,7 @@ int main() { struct dirent d; d.d_off; ; return 0; } EOF -if { (eval echo configure:3335: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3503: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_dirent_d_off=yes else @@ -3352,12 +3520,12 @@ EOF fi echo $ac_n "checking for ino_t""... $ac_c" 1>&6 -echo "configure:3356: checking for ino_t" >&5 +echo "configure:3524: checking for ino_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_ino_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -3385,12 +3553,12 @@ EOF fi echo $ac_n "checking for loff_t""... $ac_c" 1>&6 -echo "configure:3389: checking for loff_t" >&5 +echo "configure:3557: checking for loff_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_loff_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -3418,12 +3586,12 @@ EOF fi echo $ac_n "checking for offset_t""... $ac_c" 1>&6 -echo "configure:3422: checking for offset_t" >&5 +echo "configure:3590: checking for offset_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_offset_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -3451,12 +3619,12 @@ EOF fi echo $ac_n "checking for ssize_t""... $ac_c" 1>&6 -echo "configure:3455: checking for ssize_t" >&5 +echo "configure:3623: checking for ssize_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_ssize_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -3484,12 +3652,12 @@ EOF fi echo $ac_n "checking for wchar_t""... $ac_c" 1>&6 -echo "configure:3488: checking for wchar_t" >&5 +echo "configure:3656: checking for wchar_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_wchar_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -3520,90 +3688,111 @@ fi ############################################ # for cups support we need libcups, and a handful of header files -echo $ac_n "checking for httpConnect in -lcups""... $ac_c" 1>&6 -echo "configure:3525: checking for httpConnect in -lcups" >&5 -ac_lib_var=`echo cups'_'httpConnect | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - ac_save_LIBS="$LIBS" -LIBS="-lcups $LIBS" -cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - +# Check whether --enable-cups or --disable-cups was given. +if test "${enable_cups+set}" = set; then + enableval="$enable_cups" + : fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_lib=HAVE_LIB`echo cups | sed -e 's/[^a-zA-Z0-9_]/_/g' \ - -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` - cat >> confdefs.h <&6 +echo "configure:3703: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_path_CUPS_CONFIG'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + case "$CUPS_CONFIG" in + /*) + ac_cv_path_CUPS_CONFIG="$CUPS_CONFIG" # Let the user override the test with a path. + ;; + ?:/*) + ac_cv_path_CUPS_CONFIG="$CUPS_CONFIG" # Let the user override the test with a dos path. + ;; + *) + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_path_CUPS_CONFIG="$ac_dir/$ac_word" + break + fi + done + IFS="$ac_save_ifs" + ;; +esac +fi +CUPS_CONFIG="$ac_cv_path_CUPS_CONFIG" +if test -n "$CUPS_CONFIG"; then + echo "$ac_t""$CUPS_CONFIG" 1>&6 else echo "$ac_t""no" 1>&6 fi -# I wonder if there is a nicer way of doing this? + if test "x$CUPS_CONFIG" != x; then + cat >> confdefs.h <<\EOF +#define HAVE_CUPS 1 +EOF -if test x"$ac_cv_lib_cups_httpConnect" = x"yes"; then - for ac_hdr in cups/cups.h cups/language.h + CFLAGS="$CFLAGS `$CUPS_CONFIG --cflags`" + LDFLAGS="$LDFLAGS `$CUPS_CONFIG --ldflags`" + LIBS="$LIBS `$CUPS_CONFIG --libs`" + fi +fi + +############################################ +# we need dlopen/dlclose/dlsym/dlerror for PAM, the password database plugins and the new VFS code +for ac_func in dlopen do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:3579: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:3752: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +#include +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:3589: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -if test -z "$ac_err"; then +if { (eval echo configure:3780: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" + eval "ac_cv_func_$ac_func=yes" else - echo "$ac_err" >&5 echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" + eval "ac_cv_func_$ac_func=no" fi rm -f conftest* fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` cat >> confdefs.h <> confdefs.h <<\EOF -#define HAVE_CUPS 1 -EOF - - fi - fi -fi - -############################################ -# we need libdl for PAM, the password database plugins and the new VFS code -echo $ac_n "checking for dlopen in -ldl""... $ac_c" 1>&6 -echo "configure:3628: checking for dlopen in -ldl" >&5 +if test x"$ac_cv_func_dlopen" = x"no"; then + echo $ac_n "checking for dlopen in -ldl""... $ac_c" 1>&6 +echo "configure:3806: checking for dlopen in -ldl" >&5 ac_lib_var=`echo dl'_'dlopen | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -3632,7 +3810,7 @@ else ac_save_LIBS="$LIBS" LIBS="-ldl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:3825: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3660,24 +3838,26 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then echo "$ac_t""yes" 1>&6 LIBS="$LIBS -ldl"; cat >> confdefs.h <<\EOF -#define HAVE_LIBDL 1 +#define HAVE_DLOPEN 1 EOF else echo "$ac_t""no" 1>&6 fi +fi +# dlopen/dlclose/dlsym/dlerror will be checked again later and defines will be set then ############################################ # check if the compiler can do immediate structures echo $ac_n "checking for immediate structures""... $ac_c" 1>&6 -echo "configure:3675: checking for immediate structures" >&5 +echo "configure:3855: checking for immediate structures" >&5 if eval "test \"`echo '$''{'samba_cv_immediate_structures'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < @@ -3695,7 +3875,7 @@ int main() { ; return 0; } EOF -if { (eval echo configure:3699: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3879: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_immediate_structures=yes else @@ -3718,13 +3898,13 @@ fi ############################################ # check for unix domain sockets echo $ac_n "checking for unix domain sockets""... $ac_c" 1>&6 -echo "configure:3722: checking for unix domain sockets" >&5 +echo "configure:3902: checking for unix domain sockets" >&5 if eval "test \"`echo '$''{'samba_cv_unixsocket'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < @@ -3739,7 +3919,7 @@ int main() { ; return 0; } EOF -if { (eval echo configure:3743: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3923: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_unixsocket=yes else @@ -3761,13 +3941,13 @@ fi echo $ac_n "checking for socklen_t type""... $ac_c" 1>&6 -echo "configure:3765: checking for socklen_t type" >&5 +echo "configure:3945: checking for socklen_t type" >&5 if eval "test \"`echo '$''{'samba_cv_socklen_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < @@ -3780,7 +3960,7 @@ int main() { socklen_t i = 0 ; return 0; } EOF -if { (eval echo configure:3784: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3964: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_socklen_t=yes else @@ -3801,13 +3981,13 @@ EOF fi echo $ac_n "checking for sig_atomic_t type""... $ac_c" 1>&6 -echo "configure:3805: checking for sig_atomic_t type" >&5 +echo "configure:3985: checking for sig_atomic_t type" >&5 if eval "test \"`echo '$''{'samba_cv_sig_atomic_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < @@ -3820,7 +4000,7 @@ int main() { sig_atomic_t i = 0 ; return 0; } EOF -if { (eval echo configure:3824: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:4004: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_sig_atomic_t=yes else @@ -3843,20 +4023,20 @@ fi # stupid headers have the functions but no declaration. grrrr. echo $ac_n "checking for errno declaration""... $ac_c" 1>&6 -echo "configure:3847: checking for errno declaration" >&5 +echo "configure:4027: checking for errno declaration" >&5 if eval "test \"`echo '$''{'ac_cv_have_errno_decl'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { int i = (int)errno ; return 0; } EOF -if { (eval echo configure:3860: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:4040: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_have_errno_decl=yes else @@ -3878,20 +4058,20 @@ EOF echo $ac_n "checking for setresuid declaration""... $ac_c" 1>&6 -echo "configure:3882: checking for setresuid declaration" >&5 +echo "configure:4062: checking for setresuid declaration" >&5 if eval "test \"`echo '$''{'ac_cv_have_setresuid_decl'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { int i = (int)setresuid ; return 0; } EOF -if { (eval echo configure:3895: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:4075: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_have_setresuid_decl=yes else @@ -3913,20 +4093,20 @@ EOF echo $ac_n "checking for setresgid declaration""... $ac_c" 1>&6 -echo "configure:3917: checking for setresgid declaration" >&5 +echo "configure:4097: checking for setresgid declaration" >&5 if eval "test \"`echo '$''{'ac_cv_have_setresgid_decl'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { int i = (int)setresgid ; return 0; } EOF -if { (eval echo configure:3930: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:4110: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_have_setresgid_decl=yes else @@ -3948,20 +4128,20 @@ EOF echo $ac_n "checking for asprintf declaration""... $ac_c" 1>&6 -echo "configure:3952: checking for asprintf declaration" >&5 +echo "configure:4132: checking for asprintf declaration" >&5 if eval "test \"`echo '$''{'ac_cv_have_asprintf_decl'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { int i = (int)asprintf ; return 0; } EOF -if { (eval echo configure:3965: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:4145: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_have_asprintf_decl=yes else @@ -3983,20 +4163,20 @@ EOF echo $ac_n "checking for vasprintf declaration""... $ac_c" 1>&6 -echo "configure:3987: checking for vasprintf declaration" >&5 +echo "configure:4167: checking for vasprintf declaration" >&5 if eval "test \"`echo '$''{'ac_cv_have_vasprintf_decl'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { int i = (int)vasprintf ; return 0; } EOF -if { (eval echo configure:4000: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:4180: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_have_vasprintf_decl=yes else @@ -4018,20 +4198,20 @@ EOF echo $ac_n "checking for vsnprintf declaration""... $ac_c" 1>&6 -echo "configure:4022: checking for vsnprintf declaration" >&5 +echo "configure:4202: checking for vsnprintf declaration" >&5 if eval "test \"`echo '$''{'ac_cv_have_vsnprintf_decl'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { int i = (int)vsnprintf ; return 0; } EOF -if { (eval echo configure:4035: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:4215: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_have_vsnprintf_decl=yes else @@ -4053,20 +4233,20 @@ EOF echo $ac_n "checking for snprintf declaration""... $ac_c" 1>&6 -echo "configure:4057: checking for snprintf declaration" >&5 +echo "configure:4237: checking for snprintf declaration" >&5 if eval "test \"`echo '$''{'ac_cv_have_snprintf_decl'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { int i = (int)snprintf ; return 0; } EOF -if { (eval echo configure:4070: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:4250: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_have_snprintf_decl=yes else @@ -4090,7 +4270,7 @@ EOF # and glibc has setresuid under linux but the function does # nothing until kernel 2.1.44! very dumb. echo $ac_n "checking for real setresuid""... $ac_c" 1>&6 -echo "configure:4094: checking for real setresuid" >&5 +echo "configure:4274: checking for real setresuid" >&5 if eval "test \"`echo '$''{'samba_cv_have_setresuid'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4099,12 +4279,12 @@ else samba_cv_have_setresuid=cross else cat > conftest.$ac_ext < main() { setresuid(1,1,1); setresuid(2,2,2); exit(errno==EPERM?0:1);} EOF -if { (eval echo configure:4108: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:4288: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_have_setresuid=yes else @@ -4129,7 +4309,7 @@ fi # Do the same check for setresguid... # echo $ac_n "checking for real setresgid""... $ac_c" 1>&6 -echo "configure:4133: checking for real setresgid" >&5 +echo "configure:4313: checking for real setresgid" >&5 if eval "test \"`echo '$''{'samba_cv_have_setresgid'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4138,13 +4318,13 @@ else samba_cv_have_setresgid=cross else cat > conftest.$ac_ext < #include main() { errno = 0; setresgid(1,1,1); exit(errno != 0 ? (errno==EPERM ? 0 : 1) : 0);} EOF -if { (eval echo configure:4148: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:4328: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_have_setresgid=yes else @@ -4167,7 +4347,7 @@ EOF fi echo $ac_n "checking for 8-bit clean memcmp""... $ac_c" 1>&6 -echo "configure:4171: checking for 8-bit clean memcmp" >&5 +echo "configure:4351: checking for 8-bit clean memcmp" >&5 if eval "test \"`echo '$''{'ac_cv_func_memcmp_clean'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4175,7 +4355,7 @@ else ac_cv_func_memcmp_clean=no else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:4369: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_func_memcmp_clean=yes else @@ -4208,12 +4388,12 @@ test $ac_cv_func_memcmp_clean = no && LIBOBJS="$LIBOBJS memcmp.${ac_objext}" for ac_func in crypt do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4212: checking for $ac_func" >&5 +echo "configure:4392: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:4420: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -4262,7 +4442,7 @@ done if test x"$ac_cv_func_crypt" = x"no"; then echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 -echo "configure:4266: checking for crypt in -lcrypt" >&5 +echo "configure:4446: checking for crypt in -lcrypt" >&5 ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -4270,7 +4450,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lcrypt $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:4465: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -4314,7 +4494,7 @@ test "${with_readline+set}" != "set" && with_readline=yes # test for where we get readline() from echo $ac_n "checking whether to use readline""... $ac_c" 1>&6 -echo "configure:4318: checking whether to use readline" >&5 +echo "configure:4498: checking whether to use readline" >&5 # Check whether --with-readline or --without-readline was given. if test "${with_readline+set}" = set; then withval="$with_readline" @@ -4326,17 +4506,17 @@ if test "${with_readline+set}" = set; then do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:4330: checking for $ac_hdr" >&5 +echo "configure:4510: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4340: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:4520: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -4366,17 +4546,17 @@ done do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:4370: checking for $ac_hdr" >&5 +echo "configure:4550: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4380: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:4560: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -4407,17 +4587,17 @@ done do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:4411: checking for $ac_hdr" >&5 +echo "configure:4591: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4421: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:4601: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -4440,7 +4620,7 @@ EOF for termlib in ncurses curses termcap terminfo termlib; do echo $ac_n "checking for tgetent in -l${termlib}""... $ac_c" 1>&6 -echo "configure:4444: checking for tgetent in -l${termlib}" >&5 +echo "configure:4624: checking for tgetent in -l${termlib}" >&5 ac_lib_var=`echo ${termlib}'_'tgetent | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -4448,7 +4628,7 @@ else ac_save_LIBS="$LIBS" LIBS="-l${termlib} $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:4643: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -4481,7 +4661,7 @@ fi done echo $ac_n "checking for rl_callback_handler_install in -lreadline""... $ac_c" 1>&6 -echo "configure:4485: checking for rl_callback_handler_install in -lreadline" >&5 +echo "configure:4665: checking for rl_callback_handler_install in -lreadline" >&5 ac_lib_var=`echo readline'_'rl_callback_handler_install | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -4489,7 +4669,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lreadline $TERMLIBS $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:4684: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -4551,17 +4731,17 @@ done do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:4555: checking for $ac_hdr" >&5 +echo "configure:4735: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4565: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:4745: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -4591,17 +4771,17 @@ done do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:4595: checking for $ac_hdr" >&5 +echo "configure:4775: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4605: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:4785: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -4632,17 +4812,17 @@ done do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:4636: checking for $ac_hdr" >&5 +echo "configure:4816: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4646: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:4826: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -4665,7 +4845,7 @@ EOF for termlib in ncurses curses termcap terminfo termlib; do echo $ac_n "checking for tgetent in -l${termlib}""... $ac_c" 1>&6 -echo "configure:4669: checking for tgetent in -l${termlib}" >&5 +echo "configure:4849: checking for tgetent in -l${termlib}" >&5 ac_lib_var=`echo ${termlib}'_'tgetent | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -4673,7 +4853,7 @@ else ac_save_LIBS="$LIBS" LIBS="-l${termlib} $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:4868: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -4706,7 +4886,7 @@ fi done echo $ac_n "checking for rl_callback_handler_install in -lreadline""... $ac_c" 1>&6 -echo "configure:4710: checking for rl_callback_handler_install in -lreadline" >&5 +echo "configure:4890: checking for rl_callback_handler_install in -lreadline" >&5 ac_lib_var=`echo readline'_'rl_callback_handler_install | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -4714,7 +4894,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lreadline $TERMLIBS $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:4909: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -4775,7 +4955,7 @@ fi # code will generate warnings on one of them unless we have a few # special cases. echo $ac_n "checking for rl_completion_matches in -lreadline""... $ac_c" 1>&6 -echo "configure:4779: checking for rl_completion_matches in -lreadline" >&5 +echo "configure:4959: checking for rl_completion_matches in -lreadline" >&5 ac_lib_var=`echo readline'_'rl_completion_matches | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -4783,7 +4963,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lreadline $TERMLIBS $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:4978: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -4827,12 +5007,12 @@ fi for ac_func in connect do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4831: checking for $ac_func" >&5 +echo "configure:5011: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5039: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -4883,7 +5063,7 @@ if test x"$ac_cv_func_connect" = x"no"; then case "$LIBS" in *-lnsl*) ;; *) echo $ac_n "checking for printf in -lnsl_s""... $ac_c" 1>&6 -echo "configure:4887: checking for printf in -lnsl_s" >&5 +echo "configure:5067: checking for printf in -lnsl_s" >&5 ac_lib_var=`echo nsl_s'_'printf | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -4891,7 +5071,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lnsl_s $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5086: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -4933,7 +5113,7 @@ fi case "$LIBS" in *-lnsl*) ;; *) echo $ac_n "checking for printf in -lnsl""... $ac_c" 1>&6 -echo "configure:4937: checking for printf in -lnsl" >&5 +echo "configure:5117: checking for printf in -lnsl" >&5 ac_lib_var=`echo nsl'_'printf | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -4941,7 +5121,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lnsl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5136: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -4983,7 +5163,7 @@ fi case "$LIBS" in *-lsocket*) ;; *) echo $ac_n "checking for connect in -lsocket""... $ac_c" 1>&6 -echo "configure:4987: checking for connect in -lsocket" >&5 +echo "configure:5167: checking for connect in -lsocket" >&5 ac_lib_var=`echo socket'_'connect | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -4991,7 +5171,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsocket $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5186: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5033,7 +5213,7 @@ fi case "$LIBS" in *-linet*) ;; *) echo $ac_n "checking for connect in -linet""... $ac_c" 1>&6 -echo "configure:5037: checking for connect in -linet" >&5 +echo "configure:5217: checking for connect in -linet" >&5 ac_lib_var=`echo inet'_'connect | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5041,7 +5221,7 @@ else ac_save_LIBS="$LIBS" LIBS="-linet $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5236: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5096,12 +5276,12 @@ fi for ac_func in yp_get_default_domain do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5100: checking for $ac_func" >&5 +echo "configure:5280: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5308: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5150,7 +5330,7 @@ done if test x"$ac_cv_func_yp_get_default_domain" = x"no"; then echo $ac_n "checking for yp_get_default_domain in -lnsl""... $ac_c" 1>&6 -echo "configure:5154: checking for yp_get_default_domain in -lnsl" >&5 +echo "configure:5334: checking for yp_get_default_domain in -lnsl" >&5 ac_lib_var=`echo nsl'_'yp_get_default_domain | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5158,7 +5338,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lnsl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5353: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5199,12 +5379,12 @@ fi for ac_func in execl do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5203: checking for $ac_func" >&5 +echo "configure:5383: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5411: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5257,15 +5437,15 @@ else RUNPROG="" fi -for ac_func in dlopen dlclose dlsym dlerror waitpid getcwd strdup strndup strtoul strerror chown fchown chmod fchmod chroot link mknod mknod64 +for ac_func in dlopen dlclose dlsym dlerror waitpid getcwd strdup strndup strnlen strtoul strerror chown fchown chmod fchmod chroot link mknod mknod64 do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5264: checking for $ac_func" >&5 +echo "configure:5444: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5472: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5315,12 +5495,12 @@ done for ac_func in fstat strchr utime utimes getrlimit fsync bzero memset strlcpy strlcat setpgid do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5319: checking for $ac_func" >&5 +echo "configure:5499: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5527: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5370,12 +5550,12 @@ done for ac_func in memmove vsnprintf snprintf asprintf vasprintf setsid glob strpbrk pipe crypt16 getauthuid do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5374: checking for $ac_func" >&5 +echo "configure:5554: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5582: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5425,12 +5605,12 @@ done for ac_func in strftime sigprocmask sigblock sigaction sigset innetgr setnetgrent getnetgrent endnetgrent do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5429: checking for $ac_func" >&5 +echo "configure:5609: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5637: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5480,12 +5660,12 @@ done for ac_func in initgroups select poll rdchk getgrnam getgrent pathconf realpath do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5484: checking for $ac_func" >&5 +echo "configure:5664: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5692: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5535,12 +5715,12 @@ done for ac_func in setpriv setgidx setuidx setgroups sysconf mktime rename ftruncate stat64 fstat64 do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5539: checking for $ac_func" >&5 +echo "configure:5719: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5747: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5590,12 +5770,12 @@ done for ac_func in lstat64 fopen64 atexit grantpt dup2 lseek64 ftruncate64 readdir64 do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5594: checking for $ac_func" >&5 +echo "configure:5774: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5802: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5645,12 +5825,12 @@ done for ac_func in fseek64 fseeko64 ftell64 ftello64 setluid getpwanam setlinebuf do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5649: checking for $ac_func" >&5 +echo "configure:5829: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5857: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5700,12 +5880,12 @@ done for ac_func in srandom random srand rand setenv usleep strcasecmp fcvt fcvtl symlink readlink do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5704: checking for $ac_func" >&5 +echo "configure:5884: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5912: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5755,12 +5935,12 @@ done for ac_func in syslog vsyslog do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5759: checking for $ac_func" >&5 +echo "configure:5939: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5967: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5811,12 +5991,12 @@ done for ac_func in setbuffer do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5815: checking for $ac_func" >&5 +echo "configure:5995: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6023: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5868,12 +6048,12 @@ done for ac_func in syscall do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5872: checking for $ac_func" >&5 +echo "configure:6052: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6080: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5924,12 +6104,12 @@ done for ac_func in _dup _dup2 _opendir _readdir _seekdir _telldir _closedir do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5928: checking for $ac_func" >&5 +echo "configure:6108: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6136: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5979,12 +6159,12 @@ done for ac_func in __dup __dup2 __opendir __readdir __seekdir __telldir __closedir do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5983: checking for $ac_func" >&5 +echo "configure:6163: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6191: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -6034,12 +6214,12 @@ done for ac_func in __getcwd _getcwd do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6038: checking for $ac_func" >&5 +echo "configure:6218: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6246: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -6089,12 +6269,12 @@ done for ac_func in __xstat __fxstat __lxstat do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6093: checking for $ac_func" >&5 +echo "configure:6273: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6301: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -6144,12 +6324,12 @@ done for ac_func in _stat _lstat _fstat __stat __lstat __fstat do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6148: checking for $ac_func" >&5 +echo "configure:6328: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6356: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -6199,12 +6379,12 @@ done for ac_func in _acl __acl _facl __facl _open __open _chdir __chdir do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6203: checking for $ac_func" >&5 +echo "configure:6383: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6411: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -6254,12 +6434,12 @@ done for ac_func in _close __close _fchdir __fchdir _fcntl __fcntl do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6258: checking for $ac_func" >&5 +echo "configure:6438: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6466: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -6309,12 +6489,12 @@ done for ac_func in getdents _getdents __getdents _lseek __lseek _read __read do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6313: checking for $ac_func" >&5 +echo "configure:6493: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6521: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -6364,12 +6544,12 @@ done for ac_func in _write __write _fork __fork do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6368: checking for $ac_func" >&5 +echo "configure:6548: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6576: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -6419,12 +6599,12 @@ done for ac_func in _stat64 __stat64 _fstat64 __fstat64 _lstat64 __lstat64 do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6423: checking for $ac_func" >&5 +echo "configure:6603: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6631: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -6474,12 +6654,12 @@ done for ac_func in __sys_llseek llseek _llseek __llseek readdir64 _readdir64 __readdir64 do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6478: checking for $ac_func" >&5 +echo "configure:6658: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6686: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -6529,12 +6709,12 @@ done for ac_func in pread _pread __pread pread64 _pread64 __pread64 do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6533: checking for $ac_func" >&5 +echo "configure:6713: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6741: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -6584,12 +6764,12 @@ done for ac_func in pwrite _pwrite __pwrite pwrite64 _pwrite64 __pwrite64 do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6588: checking for $ac_func" >&5 +echo "configure:6768: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6796: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -6639,12 +6819,12 @@ done for ac_func in open64 _open64 __open64 creat64 do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6643: checking for $ac_func" >&5 +echo "configure:6823: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6851: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -6698,9 +6878,9 @@ done if test x$ac_cv_func_stat64 = xno ; then echo $ac_n "checking for stat64 in ""... $ac_c" 1>&6 -echo "configure:6702: checking for stat64 in " >&5 +echo "configure:6882: checking for stat64 in " >&5 cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6896: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* ac_cv_func_stat64=yes else @@ -6731,9 +6911,9 @@ fi if test x$ac_cv_func_lstat64 = xno ; then echo $ac_n "checking for lstat64 in ""... $ac_c" 1>&6 -echo "configure:6735: checking for lstat64 in " >&5 +echo "configure:6915: checking for lstat64 in " >&5 cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6929: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* ac_cv_func_lstat64=yes else @@ -6764,9 +6944,9 @@ fi if test x$ac_cv_func_fstat64 = xno ; then echo $ac_n "checking for fstat64 in ""... $ac_c" 1>&6 -echo "configure:6768: checking for fstat64 in " >&5 +echo "configure:6948: checking for fstat64 in " >&5 cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6962: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* ac_cv_func_fstat64=yes else @@ -6798,7 +6978,7 @@ fi ##################################### # we might need the resolv library on some systems echo $ac_n "checking for dn_expand in -lresolv""... $ac_c" 1>&6 -echo "configure:6802: checking for dn_expand in -lresolv" >&5 +echo "configure:6982: checking for dn_expand in -lresolv" >&5 ac_lib_var=`echo resolv'_'dn_expand | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -6806,7 +6986,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lresolv $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7001: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6855,12 +7035,12 @@ case "$LIBS" in *-lsecurity*) for ac_func in putprpwnam do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6859: checking for $ac_func" >&5 +echo "configure:7039: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7067: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -6908,7 +7088,7 @@ fi done ;; *) echo $ac_n "checking for putprpwnam in -lsecurity""... $ac_c" 1>&6 -echo "configure:6912: checking for putprpwnam in -lsecurity" >&5 +echo "configure:7092: checking for putprpwnam in -lsecurity" >&5 ac_lib_var=`echo security'_'putprpwnam | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -6916,7 +7096,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsecurity $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7111: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6957,12 +7137,12 @@ fi for ac_func in putprpwnam do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6961: checking for $ac_func" >&5 +echo "configure:7141: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7169: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -7016,12 +7196,12 @@ case "$LIBS" in *-lsec*) for ac_func in putprpwnam do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:7020: checking for $ac_func" >&5 +echo "configure:7200: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7228: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -7069,7 +7249,7 @@ fi done ;; *) echo $ac_n "checking for putprpwnam in -lsec""... $ac_c" 1>&6 -echo "configure:7073: checking for putprpwnam in -lsec" >&5 +echo "configure:7253: checking for putprpwnam in -lsec" >&5 ac_lib_var=`echo sec'_'putprpwnam | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -7077,7 +7257,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7272: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7118,12 +7298,12 @@ fi for ac_func in putprpwnam do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:7122: checking for $ac_func" >&5 +echo "configure:7302: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7330: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -7178,12 +7358,12 @@ case "$LIBS" in *-lsecurity*) for ac_func in set_auth_parameters do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:7182: checking for $ac_func" >&5 +echo "configure:7362: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7390: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -7231,7 +7411,7 @@ fi done ;; *) echo $ac_n "checking for set_auth_parameters in -lsecurity""... $ac_c" 1>&6 -echo "configure:7235: checking for set_auth_parameters in -lsecurity" >&5 +echo "configure:7415: checking for set_auth_parameters in -lsecurity" >&5 ac_lib_var=`echo security'_'set_auth_parameters | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -7239,7 +7419,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsecurity $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7434: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7280,12 +7460,12 @@ fi for ac_func in set_auth_parameters do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:7284: checking for $ac_func" >&5 +echo "configure:7464: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7492: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -7339,12 +7519,12 @@ case "$LIBS" in *-lsec*) for ac_func in set_auth_parameters do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:7343: checking for $ac_func" >&5 +echo "configure:7523: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7551: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -7392,7 +7572,7 @@ fi done ;; *) echo $ac_n "checking for set_auth_parameters in -lsec""... $ac_c" 1>&6 -echo "configure:7396: checking for set_auth_parameters in -lsec" >&5 +echo "configure:7576: checking for set_auth_parameters in -lsec" >&5 ac_lib_var=`echo sec'_'set_auth_parameters | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -7400,7 +7580,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7595: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7441,12 +7621,12 @@ fi for ac_func in set_auth_parameters do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:7445: checking for $ac_func" >&5 +echo "configure:7625: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7653: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -7502,12 +7682,12 @@ case "$LIBS" in *-lgen*) for ac_func in getspnam do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:7506: checking for $ac_func" >&5 +echo "configure:7686: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7714: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -7555,7 +7735,7 @@ fi done ;; *) echo $ac_n "checking for getspnam in -lgen""... $ac_c" 1>&6 -echo "configure:7559: checking for getspnam in -lgen" >&5 +echo "configure:7739: checking for getspnam in -lgen" >&5 ac_lib_var=`echo gen'_'getspnam | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -7563,7 +7743,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lgen $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7758: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7604,12 +7784,12 @@ fi for ac_func in getspnam do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:7608: checking for $ac_func" >&5 +echo "configure:7788: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7816: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -7664,12 +7844,12 @@ case "$LIBS" in *-lsecurity*) for ac_func in getspnam do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:7668: checking for $ac_func" >&5 +echo "configure:7848: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7876: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -7717,7 +7897,7 @@ fi done ;; *) echo $ac_n "checking for getspnam in -lsecurity""... $ac_c" 1>&6 -echo "configure:7721: checking for getspnam in -lsecurity" >&5 +echo "configure:7901: checking for getspnam in -lsecurity" >&5 ac_lib_var=`echo security'_'getspnam | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -7725,7 +7905,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsecurity $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7920: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7766,12 +7946,12 @@ fi for ac_func in getspnam do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:7770: checking for $ac_func" >&5 +echo "configure:7950: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7978: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -7825,12 +8005,12 @@ case "$LIBS" in *-lsec*) for ac_func in getspnam do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:7829: checking for $ac_func" >&5 +echo "configure:8009: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:8037: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -7878,7 +8058,7 @@ fi done ;; *) echo $ac_n "checking for getspnam in -lsec""... $ac_c" 1>&6 -echo "configure:7882: checking for getspnam in -lsec" >&5 +echo "configure:8062: checking for getspnam in -lsec" >&5 ac_lib_var=`echo sec'_'getspnam | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -7886,7 +8066,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:8081: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7927,12 +8107,12 @@ fi for ac_func in getspnam do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:7931: checking for $ac_func" >&5 +echo "configure:8111: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:8139: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -7987,12 +8167,12 @@ case "$LIBS" in *-lsecurity*) for ac_func in bigcrypt do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:7991: checking for $ac_func" >&5 +echo "configure:8171: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:8199: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -8040,7 +8220,7 @@ fi done ;; *) echo $ac_n "checking for bigcrypt in -lsecurity""... $ac_c" 1>&6 -echo "configure:8044: checking for bigcrypt in -lsecurity" >&5 +echo "configure:8224: checking for bigcrypt in -lsecurity" >&5 ac_lib_var=`echo security'_'bigcrypt | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -8048,7 +8228,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsecurity $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:8243: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -8089,12 +8269,12 @@ fi for ac_func in bigcrypt do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:8093: checking for $ac_func" >&5 +echo "configure:8273: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:8301: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -8148,12 +8328,12 @@ case "$LIBS" in *-lsec*) for ac_func in bigcrypt do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:8152: checking for $ac_func" >&5 +echo "configure:8332: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:8360: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -8201,7 +8381,7 @@ fi done ;; *) echo $ac_n "checking for bigcrypt in -lsec""... $ac_c" 1>&6 -echo "configure:8205: checking for bigcrypt in -lsec" >&5 +echo "configure:8385: checking for bigcrypt in -lsec" >&5 ac_lib_var=`echo sec'_'bigcrypt | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -8209,7 +8389,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:8404: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -8250,12 +8430,12 @@ fi for ac_func in bigcrypt do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:8254: checking for $ac_func" >&5 +echo "configure:8434: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:8462: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -8310,12 +8490,12 @@ case "$LIBS" in *-lsecurity*) for ac_func in getprpwnam do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:8314: checking for $ac_func" >&5 +echo "configure:8494: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:8522: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -8363,7 +8543,7 @@ fi done ;; *) echo $ac_n "checking for getprpwnam in -lsecurity""... $ac_c" 1>&6 -echo "configure:8367: checking for getprpwnam in -lsecurity" >&5 +echo "configure:8547: checking for getprpwnam in -lsecurity" >&5 ac_lib_var=`echo security'_'getprpwnam | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -8371,7 +8551,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsecurity $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:8566: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -8412,12 +8592,12 @@ fi for ac_func in getprpwnam do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:8416: checking for $ac_func" >&5 +echo "configure:8596: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:8624: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -8471,12 +8651,12 @@ case "$LIBS" in *-lsec*) for ac_func in getprpwnam do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:8475: checking for $ac_func" >&5 +echo "configure:8655: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:8683: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -8524,7 +8704,7 @@ fi done ;; *) echo $ac_n "checking for getprpwnam in -lsec""... $ac_c" 1>&6 -echo "configure:8528: checking for getprpwnam in -lsec" >&5 +echo "configure:8708: checking for getprpwnam in -lsec" >&5 ac_lib_var=`echo sec'_'getprpwnam | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -8532,7 +8712,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:8727: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -8573,12 +8753,12 @@ fi for ac_func in getprpwnam do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:8577: checking for $ac_func" >&5 +echo "configure:8757: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:8785: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -8636,6 +8816,7 @@ done # these are the defaults, good for lots of systems HOST_OS="$host_os" LDSHFLAGS="-shared" +SONAMEFLAG="#" SHLD="\${CC}" PICFLAG="" PICSUFFIX="po" @@ -8644,7 +8825,7 @@ SHLIBEXT="so" # Assume non-shared by default and override below BLDSHARED="false" echo $ac_n "checking ability to build shared libraries""... $ac_c" 1>&6 -echo "configure:8648: checking ability to build shared libraries" >&5 +echo "configure:8829: checking ability to build shared libraries" >&5 # and these are for particular systems case "$host_os" in @@ -8656,22 +8837,29 @@ EOF LDSHFLAGS="-shared" DYNEXP="-Wl,--export-dynamic" PICFLAG="-fPIC" + SONAMEFLAG="-Wl,-soname=" cat >> confdefs.h <<\EOF #define STAT_ST_BLOCKSIZE 512 EOF ;; - *solaris*) - cat >> confdefs.h <<\EOF + *solaris*) cat >> confdefs.h <<\EOF #define SUNOS5 1 EOF BLDSHARED="true" - LDSHFLAGS="-h \$@ -G" - if test "${ac_cv_prog_CC}" = "gcc"; then + LDSHFLAGS="-G" + SONAMEFLAG="-h " + if test "${GCC}" = "yes"; then PICFLAG="-fPIC" + if test "${ac_cv_prog_gnu_ld}" = "yes"; then + DYNEXP="-Wl,-E" + fi else PICFLAG="-KPIC" + ## ${CFLAGS} added for building 64-bit shared + ## libs using Sun's Compiler + LDSHFLAGS="-G \${CFLAGS}" POBAD_CC="" PICSUFFIX="po.o" fi @@ -8685,11 +8873,14 @@ EOF EOF BLDSHARED="true" - LDSHFLAGS="-Wl,-h,\$@ -G" + LDSHFLAGS="-G" + SONAMEFLAG="-Wl,-h," PICFLAG="-KPIC" # Is this correct for SunOS ;; *bsd*) BLDSHARED="true" - LDSHFLAGS="-Wl,-soname,\$@ -shared" + LDSHFLAGS="-shared" + DYNEXP="-Wl,-Bdynamic" + SONAMEFLAG="-Wl,-soname," PICFLAG="-fPIC" cat >> confdefs.h <<\EOF #define STAT_ST_BLOCKSIZE 512 @@ -8709,9 +8900,10 @@ EOF esac ATTEMPT_WRAP32_BUILD=yes BLDSHARED="true" - LDSHFLAGS="-soname \$@ -shared" + LDSHFLAGS="-set_version sgi1.0 -shared" + SONAMEFLAG="-soname " SHLD="\${LD}" - if test "${ac_cv_prog_CC}" = "gcc"; then + if test "${GCC}" = "yes"; then PICFLAG="-fPIC" else PICFLAG="-KPIC" @@ -8727,7 +8919,15 @@ EOF BLDSHARED="true" LDSHFLAGS="-Wl,-bexpall,-bM:SRE,-bnoentry" + DYNEXP="-Wl,-brtl,-bexpall" + if test "${GCC}" = "yes"; then + PICFLAG="-O2" + else PICFLAG="-O2 -qmaxmem=6000" + ## for funky AIX compiler using strncpy() + CFLAGS="$CFLAGS -D_LINUX_SOURCE_COMPAT" + fi + cat >> confdefs.h <<\EOF #define STAT_ST_BLOCKSIZE DEV_BSIZE EOF @@ -8740,9 +8940,10 @@ EOF SHLIBEXT="sl" # Use special PIC flags for the native HP-UX compiler. if test $ac_cv_prog_cc_Ae = yes; then - SHLD="/usr/bin/ld" BLDSHARED="true" - LDSHFLAGS="-B symbolic -b -z +h \$@" + SHLD="/usr/bin/ld" + LDSHFLAGS="-B symbolic -b -z" + SONAMEFLAG="+h " PICFLAG="+z" fi DYNEXP="-Wl,-E" @@ -8760,21 +8961,21 @@ EOF EOF BLDSHARED="true" - LDSHFLAGS="-Wl,-soname,\$@ -shared" + LDSHFLAGS="-shared" + SONAMEFLAG="-Wl,-soname," PICFLAG="-fPIC" ;; - *sco*) - cat >> confdefs.h <<\EOF + *sco*) cat >> confdefs.h <<\EOF #define SCO 1 EOF - - ;; +;; *unixware*) cat >> confdefs.h <<\EOF #define UNIXWARE 1 EOF BLDSHARED="true" - LDSHFLAGS="-Wl,-soname,\$@ -shared" + LDSHFLAGS="-shared" + SONAMEFLAG="-Wl,-soname," PICFLAG="-KPIC" ;; *next2*) cat >> confdefs.h <<\EOF @@ -8784,7 +8985,7 @@ EOF *dgux*) # Extract the first word of "groff", so it can be a program name with args. set dummy groff; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:8788: checking for $ac_word" >&5 +echo "configure:8989: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_ROFF'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -8812,8 +9013,7 @@ fi ;; *sysv4*) case "$host" in - *-univel-*) - if test "$GCC" != yes ; then + *-univel-*) if test "$GCC" != yes ; then cat >> confdefs.h <<\EOF #define HAVE_MEMSET 1 EOF @@ -8822,12 +9022,10 @@ EOF LDSHFLAGS="-G" DYNEXP="-Bexport" ;; - *mips-sni-sysv4*) - cat >> confdefs.h <<\EOF + *mips-sni-sysv4*) cat >> confdefs.h <<\EOF #define RELIANTUNIX 1 EOF - - ;; +;; esac ;; @@ -8844,17 +9042,17 @@ esac echo "$ac_t""$BLDSHARED" 1>&6 echo $ac_n "checking linker flags for shared libraries""... $ac_c" 1>&6 -echo "configure:8848: checking linker flags for shared libraries" >&5 +echo "configure:9046: checking linker flags for shared libraries" >&5 echo "$ac_t""$LDSHFLAGS" 1>&6 echo $ac_n "checking compiler flags for position-independent code""... $ac_c" 1>&6 -echo "configure:8851: checking compiler flags for position-independent code" >&5 +echo "configure:9049: checking compiler flags for position-independent code" >&5 echo "$ac_t""$PICFLAGS" 1>&6 ####################################################### # test whether building a shared library actually works if test $BLDSHARED = true; then echo $ac_n "checking whether building shared libraries actually works""... $ac_c" 1>&6 -echo "configure:8858: checking whether building shared libraries actually works" >&5 +echo "configure:9056: checking whether building shared libraries actually works" >&5 if eval "test \"`echo '$''{'ac_cv_shlib_works'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -8885,7 +9083,7 @@ fi ################ echo $ac_n "checking for long long""... $ac_c" 1>&6 -echo "configure:8889: checking for long long" >&5 +echo "configure:9087: checking for long long" >&5 if eval "test \"`echo '$''{'samba_cv_have_longlong'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -8894,12 +9092,12 @@ if test "$cross_compiling" = yes; then samba_cv_have_longlong=cross else cat > conftest.$ac_ext < main() { long long x = 1000000; x *= x; exit(((x/1000000) == 1000000)? 0: 1); } EOF -if { (eval echo configure:8903: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:9101: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_have_longlong=yes else @@ -8926,20 +9124,20 @@ fi # AIX needs this. echo $ac_n "checking for LL suffix on long long integers""... $ac_c" 1>&6 -echo "configure:8930: checking for LL suffix on long long integers" >&5 +echo "configure:9128: checking for LL suffix on long long integers" >&5 if eval "test \"`echo '$''{'samba_cv_compiler_supports_ll'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { long long i = 0x8000000000LL ; return 0; } EOF -if { (eval echo configure:8943: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:9141: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_compiler_supports_ll=yes else @@ -8961,7 +9159,7 @@ fi echo $ac_n "checking for 64 bit off_t""... $ac_c" 1>&6 -echo "configure:8965: checking for 64 bit off_t" >&5 +echo "configure:9163: checking for 64 bit off_t" >&5 if eval "test \"`echo '$''{'samba_cv_SIZEOF_OFF_T'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -8970,13 +9168,13 @@ if test "$cross_compiling" = yes; then samba_cv_SIZEOF_OFF_T=cross else cat > conftest.$ac_ext < #include main() { exit((sizeof(off_t) == 8) ? 0 : 1); } EOF -if { (eval echo configure:8980: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:9178: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_SIZEOF_OFF_T=yes else @@ -8999,7 +9197,7 @@ EOF fi echo $ac_n "checking for off64_t""... $ac_c" 1>&6 -echo "configure:9003: checking for off64_t" >&5 +echo "configure:9201: checking for off64_t" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_OFF64_T'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -9008,7 +9206,7 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_OFF64_T=cross else cat > conftest.$ac_ext < main() { struct stat64 st; off64_t s; if (sizeof(off_t) == sizeof(off64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); } EOF -if { (eval echo configure:9022: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:9220: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_OFF64_T=yes else @@ -9041,7 +9239,7 @@ EOF fi echo $ac_n "checking for 64 bit ino_t""... $ac_c" 1>&6 -echo "configure:9045: checking for 64 bit ino_t" >&5 +echo "configure:9243: checking for 64 bit ino_t" >&5 if eval "test \"`echo '$''{'samba_cv_SIZEOF_INO_T'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -9050,13 +9248,13 @@ if test "$cross_compiling" = yes; then samba_cv_SIZEOF_INO_T=cross else cat > conftest.$ac_ext < #include main() { exit((sizeof(ino_t) == 8) ? 0 : 1); } EOF -if { (eval echo configure:9060: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:9258: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_SIZEOF_INO_T=yes else @@ -9079,7 +9277,7 @@ EOF fi echo $ac_n "checking for ino64_t""... $ac_c" 1>&6 -echo "configure:9083: checking for ino64_t" >&5 +echo "configure:9281: checking for ino64_t" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_INO64_T'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -9088,7 +9286,7 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_INO64_T=cross else cat > conftest.$ac_ext < main() { struct stat64 st; ino64_t s; if (sizeof(ino_t) == sizeof(ino64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); } EOF -if { (eval echo configure:9102: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:9300: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_INO64_T=yes else @@ -9121,7 +9319,7 @@ EOF fi echo $ac_n "checking for dev64_t""... $ac_c" 1>&6 -echo "configure:9125: checking for dev64_t" >&5 +echo "configure:9323: checking for dev64_t" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_DEV64_T'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -9130,7 +9328,7 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_DEV64_T=cross else cat > conftest.$ac_ext < main() { struct stat64 st; dev64_t s; if (sizeof(dev_t) == sizeof(dev64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); } EOF -if { (eval echo configure:9144: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:9342: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_DEV64_T=yes else @@ -9163,13 +9361,13 @@ EOF fi echo $ac_n "checking for struct dirent64""... $ac_c" 1>&6 -echo "configure:9167: checking for struct dirent64" >&5 +echo "configure:9365: checking for struct dirent64" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_STRUCT_DIRENT64'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:9383: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_STRUCT_DIRENT64=yes else @@ -9194,7 +9392,7 @@ rm -f conftest* fi echo "$ac_t""$samba_cv_HAVE_STRUCT_DIRENT64" 1>&6 -if test x"$samba_cv_HAVE_STRUCT_DIRENT64" = x"yes"; then +if test x"$samba_cv_HAVE_STRUCT_DIRENT64" = x"yes" && test x"$ac_cv_func_readdir64" = x"yes"; then cat >> confdefs.h <<\EOF #define HAVE_STRUCT_DIRENT64 1 EOF @@ -9202,7 +9400,7 @@ EOF fi echo $ac_n "checking for major macro""... $ac_c" 1>&6 -echo "configure:9206: checking for major macro" >&5 +echo "configure:9404: checking for major macro" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_DEVICE_MAJOR_FN'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -9211,7 +9409,7 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_DEVICE_MAJOR_FN=cross else cat > conftest.$ac_ext < main() { dev_t dev; int i = major(dev); return 0; } EOF -if { (eval echo configure:9224: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:9422: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_DEVICE_MAJOR_FN=yes else @@ -9243,7 +9441,7 @@ EOF fi echo $ac_n "checking for minor macro""... $ac_c" 1>&6 -echo "configure:9247: checking for minor macro" >&5 +echo "configure:9445: checking for minor macro" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_DEVICE_MINOR_FN'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -9252,7 +9450,7 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_DEVICE_MINOR_FN=cross else cat > conftest.$ac_ext < main() { dev_t dev; int i = minor(dev); return 0; } EOF -if { (eval echo configure:9265: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:9463: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_DEVICE_MINOR_FN=yes else @@ -9284,7 +9482,7 @@ EOF fi echo $ac_n "checking for unsigned char""... $ac_c" 1>&6 -echo "configure:9288: checking for unsigned char" >&5 +echo "configure:9486: checking for unsigned char" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_UNSIGNED_CHAR'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -9293,12 +9491,12 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_UNSIGNED_CHAR=cross else cat > conftest.$ac_ext < main() { char c; c=250; exit((c > 0)?0:1); } EOF -if { (eval echo configure:9302: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:9500: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_UNSIGNED_CHAR=yes else @@ -9321,13 +9519,13 @@ EOF fi echo $ac_n "checking for sin_len in sock""... $ac_c" 1>&6 -echo "configure:9325: checking for sin_len in sock" >&5 +echo "configure:9523: checking for sin_len in sock" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_SOCK_SIN_LEN'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -9336,7 +9534,7 @@ int main() { struct sockaddr_in sock; sock.sin_len = sizeof(sock); ; return 0; } EOF -if { (eval echo configure:9340: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:9538: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_SOCK_SIN_LEN=yes else @@ -9357,13 +9555,13 @@ EOF fi echo $ac_n "checking whether seekdir returns void""... $ac_c" 1>&6 -echo "configure:9361: checking whether seekdir returns void" >&5 +echo "configure:9559: checking whether seekdir returns void" >&5 if eval "test \"`echo '$''{'samba_cv_SEEKDIR_RETURNS_VOID'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -9372,7 +9570,7 @@ int main() { return 0; ; return 0; } EOF -if { (eval echo configure:9376: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:9574: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_SEEKDIR_RETURNS_VOID=yes else @@ -9393,20 +9591,20 @@ EOF fi echo $ac_n "checking for __FILE__ macro""... $ac_c" 1>&6 -echo "configure:9397: checking for __FILE__ macro" >&5 +echo "configure:9595: checking for __FILE__ macro" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_FILE_MACRO'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { printf("%s\n", __FILE__); ; return 0; } EOF -if { (eval echo configure:9410: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:9608: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_FILE_MACRO=yes else @@ -9427,20 +9625,20 @@ EOF fi echo $ac_n "checking for __FUNCTION__ macro""... $ac_c" 1>&6 -echo "configure:9431: checking for __FUNCTION__ macro" >&5 +echo "configure:9629: checking for __FUNCTION__ macro" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_FUNCTION_MACRO'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { printf("%s\n", __FUNCTION__); ; return 0; } EOF -if { (eval echo configure:9444: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:9642: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_FUNCTION_MACRO=yes else @@ -9461,7 +9659,7 @@ EOF fi echo $ac_n "checking if gettimeofday takes tz argument""... $ac_c" 1>&6 -echo "configure:9465: checking if gettimeofday takes tz argument" >&5 +echo "configure:9663: checking if gettimeofday takes tz argument" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_GETTIMEOFDAY_TZ'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -9470,14 +9668,14 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_GETTIMEOFDAY_TZ=cross else cat > conftest.$ac_ext < #include main() { struct timeval tv; exit(gettimeofday(&tv, NULL));} EOF -if { (eval echo configure:9481: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:9679: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_GETTIMEOFDAY_TZ=yes else @@ -9491,16 +9689,51 @@ fi fi -echo "$ac_t""$samba_cv_HAVE_GETTIMEOFDAY_TZ" 1>&6 -if test x"$samba_cv_HAVE_GETTIMEOFDAY_TZ" = x"yes"; then +echo "$ac_t""$samba_cv_HAVE_GETTIMEOFDAY_TZ" 1>&6 +if test x"$samba_cv_HAVE_GETTIMEOFDAY_TZ" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_GETTIMEOFDAY_TZ 1 +EOF + +fi + +echo $ac_n "checking for __va_copy""... $ac_c" 1>&6 +echo "configure:9702: checking for __va_copy" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_VA_COPY'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +va_list ap1,ap2; +int main() { +__va_copy(ap1,ap2); +; return 0; } +EOF +if { (eval echo configure:9716: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + samba_cv_HAVE_VA_COPY=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_VA_COPY=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_HAVE_VA_COPY" 1>&6 +if test x"$samba_cv_HAVE_VA_COPY" = x"yes"; then cat >> confdefs.h <<\EOF -#define HAVE_GETTIMEOFDAY_TZ 1 +#define HAVE_VA_COPY 1 EOF fi echo $ac_n "checking for C99 vsnprintf""... $ac_c" 1>&6 -echo "configure:9504: checking for C99 vsnprintf" >&5 +echo "configure:9737: checking for C99 vsnprintf" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_C99_VSNPRINTF'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -9509,7 +9742,7 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_C99_VSNPRINTF=cross else cat > conftest.$ac_ext < @@ -9536,7 +9769,7 @@ void foo(const char *format, ...) { main() { foo("hello"); } EOF -if { (eval echo configure:9540: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:9773: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_C99_VSNPRINTF=yes else @@ -9559,7 +9792,7 @@ EOF fi echo $ac_n "checking for broken readdir""... $ac_c" 1>&6 -echo "configure:9563: checking for broken readdir" >&5 +echo "configure:9796: checking for broken readdir" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_BROKEN_READDIR'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -9568,7 +9801,7 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_BROKEN_READDIR=cross else cat > conftest.$ac_ext < #include @@ -9576,7 +9809,7 @@ main() { struct dirent *di; DIR *d = opendir("."); di = readdir(d); if (di && di->d_name[-2] == '.' && di->d_name[-1] == 0 && di->d_name[0] == 0) exit(0); exit(1);} EOF -if { (eval echo configure:9580: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:9813: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_BROKEN_READDIR=yes else @@ -9599,13 +9832,13 @@ EOF fi echo $ac_n "checking for utimbuf""... $ac_c" 1>&6 -echo "configure:9603: checking for utimbuf" >&5 +echo "configure:9836: checking for utimbuf" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_UTIMBUF'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -9613,7 +9846,7 @@ int main() { struct utimbuf tbuf; tbuf.actime = 0; tbuf.modtime = 1; exit(utime("foo.c",&tbuf)); ; return 0; } EOF -if { (eval echo configure:9617: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:9850: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_UTIMBUF=yes else @@ -9637,12 +9870,12 @@ fi for ac_func in pututline pututxline updwtmp updwtmpx getutmpx do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:9641: checking for $ac_func" >&5 +echo "configure:9874: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:9902: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -9691,13 +9924,13 @@ done echo $ac_n "checking for ut_name in utmp""... $ac_c" 1>&6 -echo "configure:9695: checking for ut_name in utmp" >&5 +echo "configure:9928: checking for ut_name in utmp" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_NAME'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -9705,7 +9938,7 @@ int main() { struct utmp ut; ut.ut_name[0] = 'a'; ; return 0; } EOF -if { (eval echo configure:9709: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:9942: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_UT_UT_NAME=yes else @@ -9726,13 +9959,13 @@ EOF fi echo $ac_n "checking for ut_user in utmp""... $ac_c" 1>&6 -echo "configure:9730: checking for ut_user in utmp" >&5 +echo "configure:9963: checking for ut_user in utmp" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_USER'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -9740,7 +9973,7 @@ int main() { struct utmp ut; ut.ut_user[0] = 'a'; ; return 0; } EOF -if { (eval echo configure:9744: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:9977: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_UT_UT_USER=yes else @@ -9761,13 +9994,13 @@ EOF fi echo $ac_n "checking for ut_id in utmp""... $ac_c" 1>&6 -echo "configure:9765: checking for ut_id in utmp" >&5 +echo "configure:9998: checking for ut_id in utmp" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_ID'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -9775,7 +10008,7 @@ int main() { struct utmp ut; ut.ut_id[0] = 'a'; ; return 0; } EOF -if { (eval echo configure:9779: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:10012: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_UT_UT_ID=yes else @@ -9796,13 +10029,13 @@ EOF fi echo $ac_n "checking for ut_host in utmp""... $ac_c" 1>&6 -echo "configure:9800: checking for ut_host in utmp" >&5 +echo "configure:10033: checking for ut_host in utmp" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_HOST'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -9810,7 +10043,7 @@ int main() { struct utmp ut; ut.ut_host[0] = 'a'; ; return 0; } EOF -if { (eval echo configure:9814: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:10047: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_UT_UT_HOST=yes else @@ -9831,13 +10064,13 @@ EOF fi echo $ac_n "checking for ut_time in utmp""... $ac_c" 1>&6 -echo "configure:9835: checking for ut_time in utmp" >&5 +echo "configure:10068: checking for ut_time in utmp" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_TIME'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -9845,7 +10078,7 @@ int main() { struct utmp ut; time_t t; ut.ut_time = t; ; return 0; } EOF -if { (eval echo configure:9849: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:10082: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_UT_UT_TIME=yes else @@ -9866,13 +10099,13 @@ EOF fi echo $ac_n "checking for ut_tv in utmp""... $ac_c" 1>&6 -echo "configure:9870: checking for ut_tv in utmp" >&5 +echo "configure:10103: checking for ut_tv in utmp" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_TV'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -9880,7 +10113,7 @@ int main() { struct utmp ut; struct timeval tv; ut.ut_tv = tv; ; return 0; } EOF -if { (eval echo configure:9884: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:10117: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_UT_UT_TV=yes else @@ -9901,13 +10134,13 @@ EOF fi echo $ac_n "checking for ut_type in utmp""... $ac_c" 1>&6 -echo "configure:9905: checking for ut_type in utmp" >&5 +echo "configure:10138: checking for ut_type in utmp" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_TYPE'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -9915,7 +10148,7 @@ int main() { struct utmp ut; ut.ut_type = 0; ; return 0; } EOF -if { (eval echo configure:9919: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:10152: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_UT_UT_TYPE=yes else @@ -9936,13 +10169,13 @@ EOF fi echo $ac_n "checking for ut_pid in utmp""... $ac_c" 1>&6 -echo "configure:9940: checking for ut_pid in utmp" >&5 +echo "configure:10173: checking for ut_pid in utmp" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_PID'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -9950,7 +10183,7 @@ int main() { struct utmp ut; ut.ut_pid = 0; ; return 0; } EOF -if { (eval echo configure:9954: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:10187: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_UT_UT_PID=yes else @@ -9971,13 +10204,13 @@ EOF fi echo $ac_n "checking for ut_exit in utmp""... $ac_c" 1>&6 -echo "configure:9975: checking for ut_exit in utmp" >&5 +echo "configure:10208: checking for ut_exit in utmp" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_EXIT'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -9985,7 +10218,7 @@ int main() { struct utmp ut; ut.ut_exit.e_exit = 0; ; return 0; } EOF -if { (eval echo configure:9989: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:10222: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_UT_UT_EXIT=yes else @@ -10006,13 +10239,13 @@ EOF fi echo $ac_n "checking for ut_addr in utmp""... $ac_c" 1>&6 -echo "configure:10010: checking for ut_addr in utmp" >&5 +echo "configure:10243: checking for ut_addr in utmp" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_ADDR'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -10020,7 +10253,7 @@ int main() { struct utmp ut; ut.ut_addr = 0; ; return 0; } EOF -if { (eval echo configure:10024: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:10257: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_UT_UT_ADDR=yes else @@ -10042,13 +10275,13 @@ fi if test x$ac_cv_func_pututline = xyes ; then echo $ac_n "checking whether pututline returns pointer""... $ac_c" 1>&6 -echo "configure:10046: checking whether pututline returns pointer" >&5 +echo "configure:10279: checking whether pututline returns pointer" >&5 if eval "test \"`echo '$''{'samba_cv_PUTUTLINE_RETURNS_UTMP'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -10056,7 +10289,7 @@ int main() { struct utmp utarg; struct utmp *utreturn; utreturn = pututline(&utarg); ; return 0; } EOF -if { (eval echo configure:10060: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:10293: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_PUTUTLINE_RETURNS_UTMP=yes else @@ -10078,13 +10311,13 @@ EOF fi echo $ac_n "checking for ut_syslen in utmpx""... $ac_c" 1>&6 -echo "configure:10082: checking for ut_syslen in utmpx" >&5 +echo "configure:10315: checking for ut_syslen in utmpx" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_UX_UT_SYSLEN'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -10092,7 +10325,7 @@ int main() { struct utmpx ux; ux.ut_syslen = 0; ; return 0; } EOF -if { (eval echo configure:10096: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:10329: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_UX_UT_SYSLEN=yes else @@ -10116,7 +10349,7 @@ fi ################################################# # check for libiconv support echo $ac_n "checking whether to use libiconv""... $ac_c" 1>&6 -echo "configure:10120: checking whether to use libiconv" >&5 +echo "configure:10353: checking whether to use libiconv" >&5 # Check whether --with-libiconv or --without-libiconv was given. if test "${with_libiconv+set}" = set; then withval="$with_libiconv" @@ -10129,7 +10362,7 @@ if test "${with_libiconv+set}" = set; then CFLAGS="$CFLAGS -I$withval/include" LDFLAGS="$LDFLAGS -L$withval/lib" echo $ac_n "checking for iconv_open in -liconv""... $ac_c" 1>&6 -echo "configure:10133: checking for iconv_open in -liconv" >&5 +echo "configure:10366: checking for iconv_open in -liconv" >&5 ac_lib_var=`echo iconv'_'iconv_open | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -10137,7 +10370,7 @@ else ac_save_LIBS="$LIBS" LIBS="-liconv $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:10385: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -10191,7 +10424,7 @@ fi ############ # check for iconv in libc echo $ac_n "checking for working iconv""... $ac_c" 1>&6 -echo "configure:10195: checking for working iconv" >&5 +echo "configure:10428: checking for working iconv" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_NATIVE_ICONV'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -10200,7 +10433,7 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_NATIVE_ICONV=cross else cat > conftest.$ac_ext < @@ -10211,7 +10444,7 @@ main() { } EOF -if { (eval echo configure:10215: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:10448: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_NATIVE_ICONV=yes else @@ -10235,7 +10468,7 @@ fi echo $ac_n "checking for Linux kernel oplocks""... $ac_c" 1>&6 -echo "configure:10239: checking for Linux kernel oplocks" >&5 +echo "configure:10472: checking for Linux kernel oplocks" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_KERNEL_OPLOCKS_LINUX'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -10244,7 +10477,7 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=cross else cat > conftest.$ac_ext < @@ -10258,7 +10491,7 @@ main() { } EOF -if { (eval echo configure:10262: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:10495: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=yes else @@ -10281,7 +10514,7 @@ EOF fi echo $ac_n "checking for kernel change notify support""... $ac_c" 1>&6 -echo "configure:10285: checking for kernel change notify support" >&5 +echo "configure:10518: checking for kernel change notify support" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_KERNEL_CHANGE_NOTIFY'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -10290,7 +10523,7 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_KERNEL_CHANGE_NOTIFY=cross else cat > conftest.$ac_ext < @@ -10304,7 +10537,7 @@ main() { } EOF -if { (eval echo configure:10308: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:10541: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_KERNEL_CHANGE_NOTIFY=yes else @@ -10327,7 +10560,7 @@ EOF fi echo $ac_n "checking for kernel share modes""... $ac_c" 1>&6 -echo "configure:10331: checking for kernel share modes" >&5 +echo "configure:10564: checking for kernel share modes" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_KERNEL_SHARE_MODES'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -10336,7 +10569,7 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_KERNEL_SHARE_MODES=cross else cat > conftest.$ac_ext < @@ -10352,7 +10585,7 @@ main() { } EOF -if { (eval echo configure:10356: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:10589: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_KERNEL_SHARE_MODES=yes else @@ -10378,13 +10611,13 @@ fi echo $ac_n "checking for IRIX kernel oplock type definitions""... $ac_c" 1>&6 -echo "configure:10382: checking for IRIX kernel oplock type definitions" >&5 +echo "configure:10615: checking for IRIX kernel oplock type definitions" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_KERNEL_OPLOCKS_IRIX'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -10392,7 +10625,7 @@ int main() { oplock_stat_t t; t.os_state = OP_REVOKE; t.os_dev = 1; t.os_ino = 1; ; return 0; } EOF -if { (eval echo configure:10396: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:10629: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_KERNEL_OPLOCKS_IRIX=yes else @@ -10413,7 +10646,7 @@ EOF fi echo $ac_n "checking for irix specific capabilities""... $ac_c" 1>&6 -echo "configure:10417: checking for irix specific capabilities" >&5 +echo "configure:10650: checking for irix specific capabilities" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -10422,7 +10655,7 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES=cross else cat > conftest.$ac_ext < #include @@ -10437,7 +10670,7 @@ main() { } EOF -if { (eval echo configure:10441: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:10674: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES=yes else @@ -10465,13 +10698,13 @@ fi # echo $ac_n "checking for int16 typedef included by rpc/rpc.h""... $ac_c" 1>&6 -echo "configure:10469: checking for int16 typedef included by rpc/rpc.h" >&5 +echo "configure:10702: checking for int16 typedef included by rpc/rpc.h" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_INT16_FROM_RPC_RPC_H'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if defined(HAVE_RPC_RPC_H) @@ -10481,7 +10714,7 @@ int main() { int16 testvar; ; return 0; } EOF -if { (eval echo configure:10485: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:10718: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_INT16_FROM_RPC_RPC_H=yes else @@ -10502,13 +10735,13 @@ EOF fi echo $ac_n "checking for uint16 typedef included by rpc/rpc.h""... $ac_c" 1>&6 -echo "configure:10506: checking for uint16 typedef included by rpc/rpc.h" >&5 +echo "configure:10739: checking for uint16 typedef included by rpc/rpc.h" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_UINT16_FROM_RPC_RPC_H'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if defined(HAVE_RPC_RPC_H) @@ -10518,7 +10751,7 @@ int main() { uint16 testvar; ; return 0; } EOF -if { (eval echo configure:10522: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:10755: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_UINT16_FROM_RPC_RPC_H=yes else @@ -10539,13 +10772,13 @@ EOF fi echo $ac_n "checking for int32 typedef included by rpc/rpc.h""... $ac_c" 1>&6 -echo "configure:10543: checking for int32 typedef included by rpc/rpc.h" >&5 +echo "configure:10776: checking for int32 typedef included by rpc/rpc.h" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_INT32_FROM_RPC_RPC_H'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if defined(HAVE_RPC_RPC_H) @@ -10555,7 +10788,7 @@ int main() { int32 testvar; ; return 0; } EOF -if { (eval echo configure:10559: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:10792: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_INT32_FROM_RPC_RPC_H=yes else @@ -10576,13 +10809,13 @@ EOF fi echo $ac_n "checking for uint32 typedef included by rpc/rpc.h""... $ac_c" 1>&6 -echo "configure:10580: checking for uint32 typedef included by rpc/rpc.h" >&5 +echo "configure:10813: checking for uint32 typedef included by rpc/rpc.h" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_UINT32_FROM_RPC_RPC_H'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if defined(HAVE_RPC_RPC_H) @@ -10592,7 +10825,7 @@ int main() { uint32 testvar; ; return 0; } EOF -if { (eval echo configure:10596: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:10829: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_UINT32_FROM_RPC_RPC_H=yes else @@ -10614,13 +10847,13 @@ fi echo $ac_n "checking for conflicting AUTH_ERROR define in rpc/rpc.h""... $ac_c" 1>&6 -echo "configure:10618: checking for conflicting AUTH_ERROR define in rpc/rpc.h" >&5 +echo "configure:10851: checking for conflicting AUTH_ERROR define in rpc/rpc.h" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_RPC_AUTH_ERROR_CONFLICT'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #ifdef HAVE_SYS_SECURITY_H @@ -10634,7 +10867,7 @@ int main() { int testvar; ; return 0; } EOF -if { (eval echo configure:10638: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:10871: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_RPC_AUTH_ERROR_CONFLICT=no else @@ -10655,16 +10888,16 @@ EOF fi echo $ac_n "checking for test routines""... $ac_c" 1>&6 -echo "configure:10659: checking for test routines" >&5 +echo "configure:10892: checking for test routines" >&5 if test "$cross_compiling" = yes; then echo "configure: warning: cannot run when cross-compiling" 1>&2 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:10901: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then echo "$ac_t""yes" 1>&6 else @@ -10678,7 +10911,7 @@ fi echo $ac_n "checking for ftruncate extend""... $ac_c" 1>&6 -echo "configure:10682: checking for ftruncate extend" >&5 +echo "configure:10915: checking for ftruncate extend" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_FTRUNCATE_EXTEND'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -10687,11 +10920,11 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_FTRUNCATE_EXTEND=cross else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:10928: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_FTRUNCATE_EXTEND=yes else @@ -10714,7 +10947,7 @@ EOF fi echo $ac_n "checking for AF_LOCAL socket support""... $ac_c" 1>&6 -echo "configure:10718: checking for AF_LOCAL socket support" >&5 +echo "configure:10951: checking for AF_LOCAL socket support" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_WORKING_AF_LOCAL'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -10723,11 +10956,11 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_WORKING_AF_LOCAL=cross else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:10964: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_WORKING_AF_LOCAL=yes else @@ -10751,7 +10984,7 @@ EOF fi echo $ac_n "checking for broken getgroups""... $ac_c" 1>&6 -echo "configure:10755: checking for broken getgroups" >&5 +echo "configure:10988: checking for broken getgroups" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_BROKEN_GETGROUPS'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -10760,11 +10993,11 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_BROKEN_GETGROUPS=cross else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:11001: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_BROKEN_GETGROUPS=yes else @@ -10787,15 +11020,15 @@ EOF fi echo $ac_n "checking whether getpass should be replaced""... $ac_c" 1>&6 -echo "configure:10791: checking whether getpass should be replaced" >&5 +echo "configure:11024: checking whether getpass should be replaced" >&5 if eval "test \"`echo '$''{'samba_cv_REPLACE_GETPASS'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else SAVE_CPPFLAGS="$CPPFLAGS" -CPPFLAGS="$CPPFLAGS -I${srcdir-.}/ -I${srcdir-.}/include -I${srcdir-.}/ubiqx -I${srcdir-.}/smbwrapper" +CPPFLAGS="$CPPFLAGS -I${srcdir-.}/ -I${srcdir-.}/include -I${srcdir-.}/ubiqx -I${srcdir-.}/popt -I${srcdir-.}/smbwrapper" cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:11045: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_REPLACE_GETPASS=yes else @@ -10831,7 +11064,7 @@ EOF fi echo $ac_n "checking for broken inet_ntoa""... $ac_c" 1>&6 -echo "configure:10835: checking for broken inet_ntoa" >&5 +echo "configure:11068: checking for broken inet_ntoa" >&5 if eval "test \"`echo '$''{'samba_cv_REPLACE_INET_NTOA'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -10840,7 +11073,7 @@ if test "$cross_compiling" = yes; then samba_cv_REPLACE_INET_NTOA=cross else cat > conftest.$ac_ext < @@ -10854,7 +11087,7 @@ if (strcmp(inet_ntoa(ip),"18.52.86.120") && strcmp(inet_ntoa(ip),"120.86.52.18")) { exit(0); } exit(1);} EOF -if { (eval echo configure:10858: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:11091: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_REPLACE_INET_NTOA=yes else @@ -10877,7 +11110,7 @@ EOF fi echo $ac_n "checking for secure mkstemp""... $ac_c" 1>&6 -echo "configure:10881: checking for secure mkstemp" >&5 +echo "configure:11114: checking for secure mkstemp" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_SECURE_MKSTEMP'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -10886,7 +11119,7 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_SECURE_MKSTEMP=cross else cat > conftest.$ac_ext < #include @@ -10903,7 +11136,7 @@ main() { exit(0); } EOF -if { (eval echo configure:10907: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:11140: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_SECURE_MKSTEMP=yes else @@ -10926,7 +11159,7 @@ EOF fi echo $ac_n "checking for sysconf(_SC_NGROUPS_MAX)""... $ac_c" 1>&6 -echo "configure:10930: checking for sysconf(_SC_NGROUPS_MAX)" >&5 +echo "configure:11163: checking for sysconf(_SC_NGROUPS_MAX)" >&5 if eval "test \"`echo '$''{'samba_cv_SYSCONF_SC_NGROUPS_MAX'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -10935,12 +11168,12 @@ if test "$cross_compiling" = yes; then samba_cv_SYSCONF_SC_NGROUPS_MAX=cross else cat > conftest.$ac_ext < main() { exit(sysconf(_SC_NGROUPS_MAX) == -1 ? 1 : 0); } EOF -if { (eval echo configure:10944: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:11177: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_SYSCONF_SC_NGROUPS_MAX=yes else @@ -10963,7 +11196,7 @@ EOF fi echo $ac_n "checking for root""... $ac_c" 1>&6 -echo "configure:10967: checking for root" >&5 +echo "configure:11200: checking for root" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_ROOT'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -10972,11 +11205,11 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_ROOT=cross else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:11213: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_ROOT=yes else @@ -11004,7 +11237,7 @@ fi # look for a method of finding the list of network interfaces iface=no; echo $ac_n "checking for iface AIX""... $ac_c" 1>&6 -echo "configure:11008: checking for iface AIX" >&5 +echo "configure:11241: checking for iface AIX" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_IFACE_AIX'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -11013,7 +11246,7 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_IFACE_AIX=cross else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:11258: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_IFACE_AIX=yes else @@ -11045,7 +11278,7 @@ fi if test $iface = no; then echo $ac_n "checking for iface ifconf""... $ac_c" 1>&6 -echo "configure:11049: checking for iface ifconf" >&5 +echo "configure:11282: checking for iface ifconf" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_IFACE_IFCONF'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -11054,7 +11287,7 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_IFACE_IFCONF=cross else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:11299: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_IFACE_IFCONF=yes else @@ -11087,7 +11320,7 @@ fi if test $iface = no; then echo $ac_n "checking for iface ifreq""... $ac_c" 1>&6 -echo "configure:11091: checking for iface ifreq" >&5 +echo "configure:11324: checking for iface ifreq" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_IFACE_IFREQ'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -11096,7 +11329,7 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_IFACE_IFREQ=cross else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:11341: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_IFACE_IFREQ=yes else @@ -11133,7 +11366,7 @@ fi seteuid=no; if test $seteuid = no; then echo $ac_n "checking for setresuid""... $ac_c" 1>&6 -echo "configure:11137: checking for setresuid" >&5 +echo "configure:11370: checking for setresuid" >&5 if eval "test \"`echo '$''{'samba_cv_USE_SETRESUID'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -11142,7 +11375,7 @@ if test "$cross_compiling" = yes; then samba_cv_USE_SETRESUID=cross else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:11387: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_USE_SETRESUID=yes else @@ -11176,7 +11409,7 @@ fi if test $seteuid = no; then echo $ac_n "checking for setreuid""... $ac_c" 1>&6 -echo "configure:11180: checking for setreuid" >&5 +echo "configure:11413: checking for setreuid" >&5 if eval "test \"`echo '$''{'samba_cv_USE_SETREUID'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -11185,7 +11418,7 @@ if test "$cross_compiling" = yes; then samba_cv_USE_SETREUID=cross else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:11430: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_USE_SETREUID=yes else @@ -11218,7 +11451,7 @@ fi if test $seteuid = no; then echo $ac_n "checking for seteuid""... $ac_c" 1>&6 -echo "configure:11222: checking for seteuid" >&5 +echo "configure:11455: checking for seteuid" >&5 if eval "test \"`echo '$''{'samba_cv_USE_SETEUID'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -11227,7 +11460,7 @@ if test "$cross_compiling" = yes; then samba_cv_USE_SETEUID=cross else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:11472: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_USE_SETEUID=yes else @@ -11260,7 +11493,7 @@ fi if test $seteuid = no; then echo $ac_n "checking for setuidx""... $ac_c" 1>&6 -echo "configure:11264: checking for setuidx" >&5 +echo "configure:11497: checking for setuidx" >&5 if eval "test \"`echo '$''{'samba_cv_USE_SETUIDX'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -11269,7 +11502,7 @@ if test "$cross_compiling" = yes; then samba_cv_USE_SETUIDX=cross else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:11514: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_USE_SETUIDX=yes else @@ -11302,7 +11535,7 @@ fi echo $ac_n "checking for working mmap""... $ac_c" 1>&6 -echo "configure:11306: checking for working mmap" >&5 +echo "configure:11539: checking for working mmap" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_MMAP'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -11311,11 +11544,11 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_MMAP=cross else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:11552: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_MMAP=yes else @@ -11338,7 +11571,7 @@ EOF fi echo $ac_n "checking for ftruncate needs root""... $ac_c" 1>&6 -echo "configure:11342: checking for ftruncate needs root" >&5 +echo "configure:11575: checking for ftruncate needs root" >&5 if eval "test \"`echo '$''{'samba_cv_FTRUNCATE_NEEDS_ROOT'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -11347,11 +11580,11 @@ if test "$cross_compiling" = yes; then samba_cv_FTRUNCATE_NEEDS_ROOT=cross else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:11588: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_FTRUNCATE_NEEDS_ROOT=yes else @@ -11374,7 +11607,7 @@ EOF fi echo $ac_n "checking for fcntl locking""... $ac_c" 1>&6 -echo "configure:11378: checking for fcntl locking" >&5 +echo "configure:11611: checking for fcntl locking" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_FCNTL_LOCK'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -11383,11 +11616,11 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_FCNTL_LOCK=cross else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:11624: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_FCNTL_LOCK=yes else @@ -11410,7 +11643,7 @@ EOF fi echo $ac_n "checking for broken (glibc2.1/x86) 64 bit fcntl locking""... $ac_c" 1>&6 -echo "configure:11414: checking for broken (glibc2.1/x86) 64 bit fcntl locking" >&5 +echo "configure:11647: checking for broken (glibc2.1/x86) 64 bit fcntl locking" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_BROKEN_FCNTL64_LOCKS'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -11419,11 +11652,11 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_BROKEN_FCNTL64_LOCKS=cross else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:11660: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_BROKEN_FCNTL64_LOCKS=yes else @@ -11448,7 +11681,7 @@ else echo $ac_n "checking for 64 bit fcntl locking""... $ac_c" 1>&6 -echo "configure:11452: checking for 64 bit fcntl locking" >&5 +echo "configure:11685: checking for 64 bit fcntl locking" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_STRUCT_FLOCK64'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -11457,7 +11690,7 @@ else samba_cv_HAVE_STRUCT_FLOCK64=cross else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:11718: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_STRUCT_FLOCK64=yes else @@ -11506,13 +11739,13 @@ EOF fi echo $ac_n "checking for st_blocks in struct stat""... $ac_c" 1>&6 -echo "configure:11510: checking for st_blocks in struct stat" >&5 +echo "configure:11743: checking for st_blocks in struct stat" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_STAT_ST_BLOCKS'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -11521,7 +11754,7 @@ int main() { struct stat st; st.st_blocks = 0; ; return 0; } EOF -if { (eval echo configure:11525: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:11758: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_STAT_ST_BLOCKS=yes else @@ -11544,13 +11777,13 @@ fi case "$host_os" in *linux*) echo $ac_n "checking for broken RedHat 7.2 system header files""... $ac_c" 1>&6 -echo "configure:11548: checking for broken RedHat 7.2 system header files" >&5 +echo "configure:11781: checking for broken RedHat 7.2 system header files" >&5 if eval "test \"`echo '$''{'samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:11801: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS=no else @@ -11587,13 +11820,13 @@ fi esac echo $ac_n "checking for broken nisplus include files""... $ac_c" 1>&6 -echo "configure:11591: checking for broken nisplus include files" >&5 +echo "configure:11824: checking for broken nisplus include files" >&5 if eval "test \"`echo '$''{'samba_cv_BROKEN_NISPLUS_INCLUDE_FILES'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if defined(HAVE_RPCSVC_NIS_H) @@ -11603,7 +11836,7 @@ int main() { int i; ; return 0; } EOF -if { (eval echo configure:11607: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:11840: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_BROKEN_NISPLUS_INCLUDE_FILES=no else @@ -11627,7 +11860,7 @@ fi ################################################# # check for smbwrapper support echo $ac_n "checking whether to use smbwrapper""... $ac_c" 1>&6 -echo "configure:11631: checking whether to use smbwrapper" >&5 +echo "configure:11864: checking whether to use smbwrapper" >&5 # Check whether --with-smbwrapper or --without-smbwrapper was given. if test "${with_smbwrapper+set}" = set; then withval="$with_smbwrapper" @@ -11638,7 +11871,8 @@ if test "${with_smbwrapper+set}" = set; then #define WITH_SMBWRAPPER 1 EOF - WRAP="bin/smbsh bin/smbwrapper.$SHLIBEXT" + WRAPPROG="bin/smbsh" + WRAP="bin/smbwrapper.$SHLIBEXT" if test x$ATTEMPT_WRAP32_BUILD = x; then WRAP32="" @@ -11650,10 +11884,12 @@ EOF if test x$PICFLAG = x; then echo No support for PIC code - disabling smbwrapper and smbsh + WRAPPROG="" WRAP="" WRAP32="" elif test x$ac_cv_func_syscall = xno; then echo "$ac_t""No syscall() -- disabling smbwrapper and smbsh" 1>&6 + WRAPPROG="" WRAP="" WRAP32="" fi @@ -11671,7 +11907,7 @@ fi ################################################# # check for AFS clear-text auth support echo $ac_n "checking whether to use AFS clear-text auth""... $ac_c" 1>&6 -echo "configure:11675: checking whether to use AFS clear-text auth" >&5 +echo "configure:11911: checking whether to use AFS clear-text auth" >&5 # Check whether --with-afs or --without-afs was given. if test "${with_afs+set}" = set; then withval="$with_afs" @@ -11697,7 +11933,7 @@ fi ################################################# # check for the DFS clear-text auth system echo $ac_n "checking whether to use DFS clear-text auth""... $ac_c" 1>&6 -echo "configure:11701: checking whether to use DFS clear-text auth" >&5 +echo "configure:11937: checking whether to use DFS clear-text auth" >&5 # Check whether --with-dfs or --without-dfs was given. if test "${with_dfs+set}" = set; then withval="$with_dfs" @@ -11723,7 +11959,7 @@ fi ################################################# # see if this box has the RedHat location for kerberos echo $ac_n "checking for /usr/kerberos""... $ac_c" 1>&6 -echo "configure:11727: checking for /usr/kerberos" >&5 +echo "configure:11963: checking for /usr/kerberos" >&5 if test -d /usr/kerberos; then LDFLAGS="$LDFLAGS -L/usr/kerberos/lib" CFLAGS="$CFLAGS -I/usr/kerberos/include" @@ -11736,7 +11972,7 @@ fi ################################################# # check for location of Kerberos 5 install echo $ac_n "checking for kerberos 5 install path""... $ac_c" 1>&6 -echo "configure:11740: checking for kerberos 5 install path" >&5 +echo "configure:11976: checking for kerberos 5 install path" >&5 # Check whether --with-krb5 or --without-krb5 was given. if test "${with_krb5+set}" = set; then withval="$with_krb5" @@ -11765,17 +12001,17 @@ for ac_hdr in krb5.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:11769: checking for $ac_hdr" >&5 +echo "configure:12005: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:11779: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:12015: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -11808,17 +12044,17 @@ for ac_hdr in gssapi/gssapi_generic.h gssapi/gssapi.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:11812: checking for $ac_hdr" >&5 +echo "configure:12048: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:11822: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:12058: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -11848,7 +12084,7 @@ done ################################################################## # we might need the k5crypto and com_err libraries on some systems echo $ac_n "checking for _et_list in -lcom_err""... $ac_c" 1>&6 -echo "configure:11852: checking for _et_list in -lcom_err" >&5 +echo "configure:12088: checking for _et_list in -lcom_err" >&5 ac_lib_var=`echo com_err'_'_et_list | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -11856,7 +12092,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lcom_err $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:12107: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -11888,7 +12124,7 @@ else fi echo $ac_n "checking for krb5_encrypt_data in -lk5crypto""... $ac_c" 1>&6 -echo "configure:11892: checking for krb5_encrypt_data in -lk5crypto" >&5 +echo "configure:12128: checking for krb5_encrypt_data in -lk5crypto" >&5 ac_lib_var=`echo k5crypto'_'krb5_encrypt_data | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -11896,7 +12132,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lk5crypto $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:12147: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -11932,7 +12168,7 @@ fi # now see if we can find the krb5 libs in standard paths # or as specified above echo $ac_n "checking for krb5_mk_req_extended in -lkrb5""... $ac_c" 1>&6 -echo "configure:11936: checking for krb5_mk_req_extended in -lkrb5" >&5 +echo "configure:12172: checking for krb5_mk_req_extended in -lkrb5" >&5 ac_lib_var=`echo krb5'_'krb5_mk_req_extended | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -11940,7 +12176,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lkrb5 $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:12191: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -11979,7 +12215,7 @@ fi ######################################################## # now see if we can find the gssapi libs in standard paths echo $ac_n "checking for gss_display_status in -lgssapi_krb5""... $ac_c" 1>&6 -echo "configure:11983: checking for gss_display_status in -lgssapi_krb5" >&5 +echo "configure:12219: checking for gss_display_status in -lgssapi_krb5" >&5 ac_lib_var=`echo gssapi_krb5'_'gss_display_status | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -11987,7 +12223,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lgssapi_krb5 $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:12238: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -12027,7 +12263,7 @@ fi # we might need the lber lib on some systems. To avoid link errors # this test must be before the libldap test echo $ac_n "checking for ber_scanf in -llber""... $ac_c" 1>&6 -echo "configure:12031: checking for ber_scanf in -llber" >&5 +echo "configure:12267: checking for ber_scanf in -llber" >&5 ac_lib_var=`echo lber'_'ber_scanf | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -12035,7 +12271,7 @@ else ac_save_LIBS="$LIBS" LIBS="-llber $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:12286: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -12071,7 +12307,7 @@ fi # now see if we can find the ldap libs in standard paths if test x$have_ldap != xyes; then echo $ac_n "checking for ldap_domain2hostlist in -lldap""... $ac_c" 1>&6 -echo "configure:12075: checking for ldap_domain2hostlist in -lldap" >&5 +echo "configure:12311: checking for ldap_domain2hostlist in -lldap" >&5 ac_lib_var=`echo ldap'_'ldap_domain2hostlist | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -12079,7 +12315,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lldap $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:12330: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -12114,12 +12350,104 @@ else echo "$ac_t""no" 1>&6 fi + + ######################################################## + # If we have LDAP, does it's rebind procedure take 2 or 3 arguments? + # Check found in pam_ldap 145. + for ac_func in ldap_set_rebind_proc +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:12361: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:12389: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + + echo $ac_n "checking whether ldap_set_rebind_proc takes 3 arguments""... $ac_c" 1>&6 +echo "configure:12414: checking whether ldap_set_rebind_proc takes 3 arguments" >&5 +if eval "test \"`echo '$''{'pam_ldap_cv_ldap_set_rebind_proc'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + cat > conftest.$ac_ext < + #include +int main() { +ldap_set_rebind_proc(0, 0, 0); +; return 0; } +EOF +if { (eval echo configure:12429: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + pam_ldap_cv_ldap_set_rebind_proc=3 +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + pam_ldap_cv_ldap_set_rebind_proc=2 +fi +rm -f conftest* +fi + +echo "$ac_t""$pam_ldap_cv_ldap_set_rebind_proc" 1>&6 + cat >> confdefs.h <&6 -echo "configure:12123: checking whether to use AUTOMOUNT" >&5 +echo "configure:12451: checking whether to use AUTOMOUNT" >&5 # Check whether --with-automount or --without-automount was given. if test "${with_automount+set}" = set; then withval="$with_automount" @@ -12144,7 +12472,7 @@ fi ################################################# # check for smbmount support echo $ac_n "checking whether to use SMBMOUNT""... $ac_c" 1>&6 -echo "configure:12148: checking whether to use SMBMOUNT" >&5 +echo "configure:12476: checking whether to use SMBMOUNT" >&5 # Check whether --with-smbmount or --without-smbmount was given. if test "${with_smbmount+set}" = set; then withval="$with_smbmount" @@ -12181,7 +12509,7 @@ fi # check for a PAM clear-text auth, accounts, password and session support with_pam_for_crypt=no echo $ac_n "checking whether to use PAM""... $ac_c" 1>&6 -echo "configure:12185: checking whether to use PAM" >&5 +echo "configure:12513: checking whether to use PAM" >&5 # Check whether --with-pam or --without-pam was given. if test "${with_pam+set}" = set; then withval="$with_pam" @@ -12207,7 +12535,7 @@ fi # we can't build a pam module if we don't have pam. echo $ac_n "checking for pam_get_data in -lpam""... $ac_c" 1>&6 -echo "configure:12211: checking for pam_get_data in -lpam" >&5 +echo "configure:12539: checking for pam_get_data in -lpam" >&5 ac_lib_var=`echo pam'_'pam_get_data | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -12215,7 +12543,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lpam $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:12558: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -12253,7 +12581,7 @@ fi ################################################# # check for pam_smbpass support echo $ac_n "checking whether to use pam_smbpass""... $ac_c" 1>&6 -echo "configure:12257: checking whether to use pam_smbpass" >&5 +echo "configure:12585: checking whether to use pam_smbpass" >&5 # Check whether --with-pam_smbpass or --without-pam_smbpass was given. if test "${with_pam_smbpass+set}" = set; then withval="$with_pam_smbpass" @@ -12291,12 +12619,12 @@ if test $with_pam_for_crypt = no; then for ac_func in crypt do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:12295: checking for $ac_func" >&5 +echo "configure:12623: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:12651: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -12345,7 +12673,7 @@ done if test x"$ac_cv_func_crypt" = x"no"; then echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 -echo "configure:12349: checking for crypt in -lcrypt" >&5 +echo "configure:12677: checking for crypt in -lcrypt" >&5 ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -12353,7 +12681,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lcrypt $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:12696: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -12399,7 +12727,7 @@ fi ## if test $with_pam_for_crypt = no; then echo $ac_n "checking for a crypt that needs truncated salt""... $ac_c" 1>&6 -echo "configure:12403: checking for a crypt that needs truncated salt" >&5 +echo "configure:12731: checking for a crypt that needs truncated salt" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_TRUNCATED_SALT'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -12408,11 +12736,11 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_TRUNCATED_SALT=cross else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:12744: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_TRUNCATED_SALT=no else @@ -12446,7 +12774,7 @@ fi ################################################# # check for a TDB password database echo $ac_n "checking whether to use TDB SAM database""... $ac_c" 1>&6 -echo "configure:12450: checking whether to use TDB SAM database" >&5 +echo "configure:12778: checking whether to use TDB SAM database" >&5 # Check whether --with-tdbsam or --without-tdbsam was given. if test "${with_tdbsam+set}" = set; then withval="$with_tdbsam" @@ -12468,36 +12796,10 @@ else fi -################################################# -# check for a LDAP password database -echo $ac_n "checking whether to use LDAP SAM database""... $ac_c" 1>&6 -echo "configure:12475: checking whether to use LDAP SAM database" >&5 -# Check whether --with-ldapsam or --without-ldapsam was given. -if test "${with_ldapsam+set}" = set; then - withval="$with_ldapsam" - case "$withval" in - yes) - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF -#define WITH_LDAP_SAM 1 -EOF - - LIBS="-lldap -llber $LIBS" - ;; - *) - echo "$ac_t""no" 1>&6 - ;; - esac -else - echo "$ac_t""no" 1>&6 - -fi - - ################################################# # check for a NISPLUS password database echo $ac_n "checking whether to use NISPLUS SAM database""... $ac_c" 1>&6 -echo "configure:12501: checking whether to use NISPLUS SAM database" >&5 +echo "configure:12803: checking whether to use NISPLUS SAM database" >&5 # Check whether --with-nisplussam or --without-nisplussam was given. if test "${with_nisplussam+set}" = set; then withval="$with_nisplussam" @@ -12528,7 +12830,7 @@ fi ################################################# # check for a NISPLUS_HOME support echo $ac_n "checking whether to use NISPLUS_HOME""... $ac_c" 1>&6 -echo "configure:12532: checking whether to use NISPLUS_HOME" >&5 +echo "configure:12834: checking whether to use NISPLUS_HOME" >&5 # Check whether --with-nisplus-home or --without-nisplus-home was given. if test "${with_nisplus_home+set}" = set; then withval="$with_nisplus_home" @@ -12550,84 +12852,10 @@ else fi -################################################# -# check for the secure socket layer -echo $ac_n "checking whether to use SSL""... $ac_c" 1>&6 -echo "configure:12557: checking whether to use SSL" >&5 -# Check whether --with-ssl or --without-ssl was given. -if test "${with_ssl+set}" = set; then - withval="$with_ssl" - case "$withval" in - yes) - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF -#define WITH_SSL 1 -EOF - - withval="/usr/local/ssl" # default - - if test "${with_sslinc+set}" = set; then - - withval="$with_sslinc" - case "$withval" in - yes|no) - echo "configure: warning: --with-sslinc called without argument - will use default" 1>&w - CFLAGS="-I/usr/local/ssl/include $CFLAGS" - ;; - * ) - CFLAGS="-I${withval} $CFLAGS" - ;; - esac - - else - - CFLAGS="-I/usr/local/ssl/include $CFLAGS" - - fi - - if test "${with_ssllib+set}" = set; then - - withval="$with_ssllib" - case "$withval" in - yes|no) - echo "configure: warning: --with-ssllib called without argument - will use default" 1>&w - LDFLAGS="-L/usr/local/ssl/lib $LDFLAGS" - ;; - * ) - LDFLAGS="-L${withval}/lib $LDFLAGS" - ;; - esac - - else - - LDFLAGS="-L/usr/local/ssl/lib $LDFLAGS" - - fi - - LIBS="-lssl -lcrypto $LIBS" - -# if test ! -d ${withval}; then -# echo "configure: error: called with --with-ssl, but ssl base directory ${withval} does not exist or is not a directory. Aborting config" 1>&2 -# exit 1 -# fi - - CFLAGS="-DHAVE_CRYPT_DECL $CFLAGS" # Damn, SSLeay defines its own - - ;; - *) - echo "$ac_t""no" 1>&6 - ;; - esac -else - echo "$ac_t""no" 1>&6 - -fi - - ################################################# # check for syslog logging echo $ac_n "checking whether to use syslog logging""... $ac_c" 1>&6 -echo "configure:12631: checking whether to use syslog logging" >&5 +echo "configure:12859: checking whether to use syslog logging" >&5 # Check whether --with-syslog or --without-syslog was given. if test "${with_syslog+set}" = set; then withval="$with_syslog" @@ -12652,7 +12880,7 @@ fi ################################################# # check for a shared memory profiling support echo $ac_n "checking whether to use profiling""... $ac_c" 1>&6 -echo "configure:12656: checking whether to use profiling" >&5 +echo "configure:12884: checking whether to use profiling" >&5 # Check whether --with-profiling-data or --without-profiling-data was given. if test "${with_profiling_data+set}" = set; then withval="$with_profiling_data" @@ -12680,7 +12908,7 @@ fi QUOTAOBJS=smbd/noquotas.o echo $ac_n "checking whether to support disk-quotas""... $ac_c" 1>&6 -echo "configure:12684: checking whether to support disk-quotas" >&5 +echo "configure:12912: checking whether to support disk-quotas" >&5 # Check whether --with-quotas or --without-quotas was given. if test "${with_quotas+set}" = set; then withval="$with_quotas" @@ -12691,13 +12919,13 @@ if test "${with_quotas+set}" = set; then *linux*) # Check for kernel 2.4.x quota braindamage... echo $ac_n "checking for linux 2.4.x quota braindamage..""... $ac_c" 1>&6 -echo "configure:12695: checking for linux 2.4.x quota braindamage.." >&5 +echo "configure:12923: checking for linux 2.4.x quota braindamage.." >&5 if eval "test \"`echo '$''{'samba_cv_linux_2_4_quota_braindamage'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -12709,7 +12937,7 @@ int main() { struct mem_dqblk D; ; return 0; } EOF -if { (eval echo configure:12713: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:12941: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_linux_2_4_quota_braindamage=yes else @@ -12758,7 +12986,7 @@ fi # check for experimental utmp accounting echo $ac_n "checking whether to support utmp accounting""... $ac_c" 1>&6 -echo "configure:12762: checking whether to support utmp accounting" >&5 +echo "configure:12990: checking whether to support utmp accounting" >&5 # Check whether --with-utmp or --without-utmp was given. if test "${with_utmp+set}" = set; then withval="$with_utmp" @@ -12780,85 +13008,10 @@ else fi -################################################# -# set private directory location -# Check whether --with-privatedir or --without-privatedir was given. -if test "${with_privatedir+set}" = set; then - withval="$with_privatedir" - case "$withval" in - yes|no) - # - # Just in case anybody calls it without argument - # - echo "configure: warning: --with-privatedir called without argument - will use default" 1>&2 - privatedir='${prefix}/private' - ;; - * ) - privatedir="$withval" - ;; - esac - -else - privatedir='${prefix}/private' - - -fi - - -################################################# -# set lock directory location -# Check whether --with-lockdir or --without-lockdir was given. -if test "${with_lockdir+set}" = set; then - withval="$with_lockdir" - case "$withval" in - yes|no) - # - # Just in case anybody calls it without argument - # - echo "configure: warning: --with-lockdir called without argument - will use default" 1>&2 - lockdir='$(VARDIR)/locks' - ;; - * ) - lockdir="$withval" - ;; - esac - -else - lockdir='$(VARDIR)/locks' - - -fi - - -################################################# -# set SWAT directory location -# Check whether --with-swatdir or --without-swatdir was given. -if test "${with_swatdir+set}" = set; then - withval="$with_swatdir" - case "$withval" in - yes|no) - # - # Just in case anybody does it - # - echo "configure: warning: --with-swatdir called without argument - will use default" 1>&2 - swatdir='${prefix}/swat' - ;; - * ) - swatdir="$withval" - ;; - esac - -else - swatdir='${prefix}/swat' - - -fi - - ################################################# # choose native language(s) of man pages echo $ac_n "checking chosen man pages' language(s)""... $ac_c" 1>&6 -echo "configure:12862: checking chosen man pages' language(s)" >&5 +echo "configure:13015: checking chosen man pages' language(s)" >&5 # Check whether --with-manpages-langs or --without-manpages-langs was given. if test "${with_manpages_langs+set}" = set; then withval="$with_manpages_langs" @@ -12883,17 +13036,48 @@ else fi +################################################# +# should we build libsmbclient? + +LIBSMBCLIENT_SHARED= +LIBSMBCLIENT= +echo $ac_n "checking whether to build the libsmbclient shared library""... $ac_c" 1>&6 +echo "configure:13046: checking whether to build the libsmbclient shared library" >&5 +# Check whether --with-libsmbclient or --without-libsmbclient was given. +if test "${with_libsmbclient+set}" = set; then + withval="$with_libsmbclient" + case "$withval" in + no) + echo "$ac_t""no" 1>&6 + ;; + *) + if test $BLDSHARED = true; then + LIBSMBCLIENT_SHARED=bin/libsmbclient.$SHLIBEXT + LIBSMBCLIENT=libsmbclient + echo "$ac_t""yes" 1>&6 + else + echo "$ac_t""no shared library support" 1>&6 + fi + ;; + esac +else + echo "$ac_t""yes" 1>&6 + +fi + + + ################################################# # these tests are taken from the GNU fileutils package echo "checking how to get filesystem space usage" 1>&6 -echo "configure:12890: checking how to get filesystem space usage" >&5 +echo "configure:13074: checking how to get filesystem space usage" >&5 space=no # Test for statvfs64. if test $space = no; then # SVR4 echo $ac_n "checking statvfs64 function (SVR4)""... $ac_c" 1>&6 -echo "configure:12897: checking statvfs64 function (SVR4)" >&5 +echo "configure:13081: checking statvfs64 function (SVR4)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statvfs64'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -12901,7 +13085,7 @@ else fu_cv_sys_stat_statvfs64=cross else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:13103: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_statvfs64=yes else @@ -12948,12 +13132,12 @@ fi if test $space = no; then # SVR4 echo $ac_n "checking statvfs function (SVR4)""... $ac_c" 1>&6 -echo "configure:12952: checking statvfs function (SVR4)" >&5 +echo "configure:13136: checking statvfs function (SVR4)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statvfs'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -12961,7 +13145,7 @@ int main() { struct statvfs fsd; statvfs (0, &fsd); ; return 0; } EOF -if { (eval echo configure:12965: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:13149: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* fu_cv_sys_stat_statvfs=yes else @@ -12986,7 +13170,7 @@ fi if test $space = no; then # DEC Alpha running OSF/1 echo $ac_n "checking for 3-argument statfs function (DEC OSF/1)""... $ac_c" 1>&6 -echo "configure:12990: checking for 3-argument statfs function (DEC OSF/1)" >&5 +echo "configure:13174: checking for 3-argument statfs function (DEC OSF/1)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs3_osf1'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -12994,7 +13178,7 @@ else fu_cv_sys_stat_statfs3_osf1=no else cat > conftest.$ac_ext < @@ -13007,7 +13191,7 @@ else exit (statfs (".", &fsd, sizeof (struct statfs))); } EOF -if { (eval echo configure:13011: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:13195: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_statfs3_osf1=yes else @@ -13034,7 +13218,7 @@ fi if test $space = no; then # AIX echo $ac_n "checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)""... $ac_c" 1>&6 -echo "configure:13038: checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)" >&5 +echo "configure:13222: checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs2_bsize'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -13042,7 +13226,7 @@ else fu_cv_sys_stat_statfs2_bsize=no else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:13249: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_statfs2_bsize=yes else @@ -13088,7 +13272,7 @@ fi if test $space = no; then # SVR3 echo $ac_n "checking for four-argument statfs (AIX-3.2.5, SVR3)""... $ac_c" 1>&6 -echo "configure:13092: checking for four-argument statfs (AIX-3.2.5, SVR3)" >&5 +echo "configure:13276: checking for four-argument statfs (AIX-3.2.5, SVR3)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs4'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -13096,7 +13280,7 @@ else fu_cv_sys_stat_statfs4=no else cat > conftest.$ac_ext < #include @@ -13106,7 +13290,7 @@ else exit (statfs (".", &fsd, sizeof fsd, 0)); } EOF -if { (eval echo configure:13110: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:13294: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_statfs4=yes else @@ -13133,7 +13317,7 @@ fi if test $space = no; then # 4.4BSD and NetBSD echo $ac_n "checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)""... $ac_c" 1>&6 -echo "configure:13137: checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)" >&5 +echo "configure:13321: checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs2_fsize'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -13141,7 +13325,7 @@ else fu_cv_sys_stat_statfs2_fsize=no else cat > conftest.$ac_ext < #ifdef HAVE_SYS_PARAM_H @@ -13157,7 +13341,7 @@ else exit (statfs (".", &fsd)); } EOF -if { (eval echo configure:13161: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:13345: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_statfs2_fsize=yes else @@ -13184,7 +13368,7 @@ fi if test $space = no; then # Ultrix echo $ac_n "checking for two-argument statfs with struct fs_data (Ultrix)""... $ac_c" 1>&6 -echo "configure:13188: checking for two-argument statfs with struct fs_data (Ultrix)" >&5 +echo "configure:13372: checking for two-argument statfs with struct fs_data (Ultrix)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_fs_data'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -13192,7 +13376,7 @@ else fu_cv_sys_stat_fs_data=no else cat > conftest.$ac_ext < #ifdef HAVE_SYS_PARAM_H @@ -13212,7 +13396,7 @@ else exit (statfs (".", &fsd) != 1); } EOF -if { (eval echo configure:13216: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:13400: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_fs_data=yes else @@ -13245,9 +13429,9 @@ fi # file support. # echo $ac_n "checking if large file support can be enabled""... $ac_c" 1>&6 -echo "configure:13249: checking if large file support can be enabled" >&5 +echo "configure:13433: checking if large file support can be enabled" >&5 cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:13448: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_EXPLICIT_LARGEFILE_SUPPORT=yes else @@ -13325,7 +13509,7 @@ fi # check for ACL support echo $ac_n "checking whether to support ACLs""... $ac_c" 1>&6 -echo "configure:13329: checking whether to support ACLs" >&5 +echo "configure:13513: checking whether to support ACLs" >&5 # Check whether --with-acl-support or --without-acl-support was given. if test "${with_acl_support+set}" = set; then withval="$with_acl_support" @@ -13378,7 +13562,7 @@ EOF ;; *) echo $ac_n "checking for acl_get_file in -lacl""... $ac_c" 1>&6 -echo "configure:13382: checking for acl_get_file in -lacl" >&5 +echo "configure:13566: checking for acl_get_file in -lacl" >&5 ac_lib_var=`echo acl'_'acl_get_file | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -13386,7 +13570,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lacl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:13585: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -13425,13 +13609,13 @@ else fi echo $ac_n "checking for ACL support""... $ac_c" 1>&6 -echo "configure:13429: checking for ACL support" >&5 +echo "configure:13613: checking for ACL support" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_POSIX_ACLS'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -13439,7 +13623,7 @@ int main() { acl_t acl; int entry_id; acl_entry_t *entry_p; return acl_get_entry( acl, entry_id, entry_p); ; return 0; } EOF -if { (eval echo configure:13443: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:13627: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* samba_cv_HAVE_POSIX_ACLS=yes else @@ -13459,13 +13643,13 @@ echo "$ac_t""$samba_cv_HAVE_POSIX_ACLS" 1>&6 EOF echo $ac_n "checking for acl_get_perm_np""... $ac_c" 1>&6 -echo "configure:13463: checking for acl_get_perm_np" >&5 +echo "configure:13647: checking for acl_get_perm_np" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_ACL_GET_PERM_NP'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -13473,7 +13657,7 @@ int main() { acl_permset_t permset_d; acl_perm_t perm; return acl_get_perm_np( permset_d, perm); ; return 0; } EOF -if { (eval echo configure:13477: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:13661: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* samba_cv_HAVE_ACL_GET_PERM_NP=yes else @@ -13520,7 +13704,7 @@ fi # (WINBIND_STARGETS) and shared libraries (WINBIND_LTARGETS). echo $ac_n "checking whether to build winbind""... $ac_c" 1>&6 -echo "configure:13524: checking whether to build winbind" >&5 +echo "configure:13708: checking whether to build winbind" >&5 # Initially, the value of $host_os decides whether winbind is supported @@ -13592,6 +13776,59 @@ else echo "$ac_t""no$winbind_no_reason" 1>&6 fi + +# Check for FreeBSD problem with getgroups +# It returns EGID too many times in the list of groups +# and causes a security problem +echo $ac_n "checking whether or not getgroups returns EGID too many times""... $ac_c" 1>&6 +echo "configure:13785: checking whether or not getgroups returns EGID too many times" >&5 +if eval "test \"`echo '$''{'samba_cv_have_getgroups_too_many_egids'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + samba_cv_have_getgroups_too_many_egids=cross +else + cat > conftest.$ac_ext < +#include + +int main(int argc, char *argv[]) +{ + gid_t groups[10]; + int n = 10; + + n = getgroups(n, &groups); + /* Could actually pass back the number of EGIDs there ... */ + exit((n > 1 && groups[0] == getegid() && groups[1] == getegid()) ? 1 : 0); +} +EOF +if { (eval echo configure:13809: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_have_getgroups_too_many_egids=no +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_have_getgroups_too_many_egids=yes +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_have_getgroups_too_many_egids" 1>&6 +if test x"$samba_cv_have_getgroups_too_many_egids" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_GETGROUPS_TOO_MANY_EGIDS 1 +EOF + +fi + + + # Substitution time! @@ -13611,20 +13848,20 @@ fi # [#include ]) echo $ac_n "checking whether struct passwd has pw_comment""... $ac_c" 1>&6 -echo "configure:13615: checking whether struct passwd has pw_comment" >&5 +echo "configure:13852: checking whether struct passwd has pw_comment" >&5 if eval "test \"`echo '$''{'samba_cv_passwd_pw_comment'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { struct passwd p; p.pw_comment; ; return 0; } EOF -if { (eval echo configure:13628: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:13865: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_passwd_pw_comment=yes else @@ -13649,20 +13886,20 @@ fi # [#include ]) echo $ac_n "checking whether struct passwd has pw_age""... $ac_c" 1>&6 -echo "configure:13653: checking whether struct passwd has pw_age" >&5 +echo "configure:13890: checking whether struct passwd has pw_age" >&5 if eval "test \"`echo '$''{'samba_cv_passwd_pw_age'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { struct passwd p; p.pw_age; ; return 0; } EOF -if { (eval echo configure:13666: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:13903: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_passwd_pw_age=yes else @@ -13701,7 +13938,7 @@ fi if test x"$INCLUDED_POPT" != x"yes"; then echo $ac_n "checking for poptGetContext in -lpopt""... $ac_c" 1>&6 -echo "configure:13705: checking for poptGetContext in -lpopt" >&5 +echo "configure:13942: checking for poptGetContext in -lpopt" >&5 ac_lib_var=`echo popt'_'poptGetContext | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -13709,7 +13946,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lpopt $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:13961: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -13744,7 +13981,7 @@ fi fi echo $ac_n "checking whether to use included popt""... $ac_c" 1>&6 -echo "configure:13748: checking whether to use included popt" >&5 +echo "configure:13985: checking whether to use included popt" >&5 if test x"$INCLUDED_POPT" = x"yes"; then echo "$ac_t""$srcdir/popt" 1>&6 BUILD_POPT='$(POPT_OBJS)' @@ -13767,16 +14004,16 @@ fi # final configure stuff echo $ac_n "checking configure summary""... $ac_c" 1>&6 -echo "configure:13771: checking configure summary" >&5 +echo "configure:14008: checking configure summary" >&5 if test "$cross_compiling" = yes; then echo "configure: warning: cannot run when cross-compiling" 1>&2 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:14017: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then echo "$ac_t""yes" 1>&6 else @@ -13893,7 +14130,7 @@ done ac_given_srcdir=$srcdir ac_given_INSTALL="$INSTALL" -trap 'rm -fr `echo "include/stamp-h Makefile include/config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 +trap 'rm -fr `echo "include/stamp-h Makefile script/findsmb include/config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 EOF cat >> $CONFIG_STATUS <> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then diff --git a/source3/configure.in b/source3/configure.in index 98065944490..915c91e5850 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -2,44 +2,172 @@ dnl -*- mode: m4-mode -*- dnl Process this file with autoconf to produce a configure script. AC_INIT(include/includes.h) AC_CONFIG_HEADER(include/config.h) -# we want to be compatible with older versions of Samba + +################################################# +# Directory handling stuff to support both the +# legacy SAMBA directories and FHS compliant +# ones... AC_PREFIX_DEFAULT(/usr/local/samba) +AC_ARG_WITH(fhs, +[ --with-fhs Use FHS-compliant paths (default=no)], + configdir="${sysconfdir}/samba" + lockdir="\${VARDIR}/cache/samba" + piddir="\$(VARDIR)/run/samba" + logfilebase="\${VARDIR}/log/samba" + privatedir="\${CONFIGDIR}/private" + swatdir="\${DATADIR}/samba/swat", + configdir="\$(LIBDIR)" + logfilebase="\$(VARDIR)" + lockdir="\${VARDIR}/locks" + piddir="\$(VARDIR)/locks" + privatedir="\${prefix}/private" + swatdir="\${prefix}/swat") + +################################################# +# set private directory location +AC_ARG_WITH(privatedir, +[ --with-privatedir=DIR Where to put smbpasswd ($ac_default_prefix/private)], +[ case "$withval" in + yes|no) + # + # Just in case anybody calls it without argument + # + AC_MSG_WARN([--with-privatedir called without argument - will use default]) + ;; + * ) + privatedir="$withval" + ;; + esac]) + +################################################# +# set lock directory location +AC_ARG_WITH(lockdir, +[ --with-lockdir=DIR Where to put lock files ($ac_default_prefix/var/locks)], +[ case "$withval" in + yes|no) + # + # Just in case anybody calls it without argument + # + AC_MSG_WARN([--with-lockdir called without argument - will use default]) + ;; + * ) + lockdir="$withval" + ;; + esac]) + +################################################# +# set pid directory location +AC_ARG_WITH(piddir, +[ --with-piddir=DIR Where to put pid files ($ac_default_prefix/var/locks)], +[ case "$withval" in + yes|no) + # + # Just in case anybody calls it without argument + # + AC_MSG_WARN([--with-piddir called without argument - will use default]) + ;; + * ) + piddir="$withval" + ;; + esac]) + +################################################# +# set SWAT directory location +AC_ARG_WITH(swatdir, +[ --with-swatdir=DIR Where to put SWAT files ($ac_default_prefix/swat)], +[ case "$withval" in + yes|no) + # + # Just in case anybody does it + # + AC_MSG_WARN([--with-swatdir called without argument - will use default]) + ;; + * ) + swatdir="$withval" + ;; + esac]) + +################################################# +# set configuration directory location +AC_ARG_WITH(configdir, +[ --with-configdir=DIR Where to put configuration files (\$libdir)], +[ case "$withval" in + yes|no) + # + # Just in case anybody does it + # + AC_MSG_WARN([--with-configdir called without argument - will use default]) + ;; + * ) + configdir="$withval" + ;; + esac]) + +################################################# +# set log directory location +AC_ARG_WITH(logfilebase, +[ --with-logfilebase=DIR Where to put log files (\$(VARDIR))], +[ case "$withval" in + yes|no) + # + # Just in case anybody does it + # + AC_MSG_WARN([--with-logfilebase called without argument - will use default]) + ;; + * ) + logfilebase="$withval" + ;; + esac]) + +AC_SUBST(configdir) +AC_SUBST(lockdir) +AC_SUBST(piddir) +AC_SUBST(logfilebase) +AC_SUBST(privatedir) +AC_SUBST(swatdir) +AC_SUBST(bindir) +AC_SUBST(sbindir) + dnl Unique-to-Samba variables we'll be playing with. AC_SUBST(SHELL) AC_SUBST(RUNPROG) AC_SUBST(MPROGS) AC_SUBST(LDSHFLAGS) +AC_SUBST(SONAMEFLAG) AC_SUBST(SHLD) AC_SUBST(HOST_OS) AC_SUBST(PAM_MOD) AC_SUBST(WRAP) AC_SUBST(WRAP32) +AC_SUBST(WRAPPROG) AC_SUBST(PICFLAG) AC_SUBST(PICSUFFIX) AC_SUBST(POBAD_CC) AC_SUBST(SHLIBEXT) AC_SUBST(LIBSMBCLIENT_SHARED) +AC_SUBST(LIBSMBCLIENT) -# compile with optimisation and without debugging by default +# compile with optimization and without debugging by default CFLAGS="-O ${CFLAGS}" -AC_ARG_ENABLE(debug, [ --enable-debug turn on debugging [default=no]], +AC_ARG_ENABLE(debug, +[ --enable-debug Turn on compiler debugging information (default=no)], [if eval "test x$enable_debug = xyes"; then CFLAGS="${CFLAGS} -g" fi]) -AC_ARG_ENABLE(developer, [ --enable-developer turn on developer warnings and debugging [default=no]], +AC_ARG_ENABLE(developer, [ --enable-developer Turn on developer warnings and debugging (default=no)], [if eval "test x$enable_developer = xyes"; then CFLAGS="${CFLAGS} -g -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -DDEBUG_PASSWORD -DDEVELOPER" fi]) -AC_ARG_ENABLE(krb5developer, [ --enable-krb5developer turn on developer warnings and debugging, except -Wstrict-prototypes [default=no]], +AC_ARG_ENABLE(krb5developer, [ --enable-krb5developer Turn on developer warnings and debugging, except -Wstrict-prototypes (default=no)], [if eval "test x$enable_krb5developer = xyes"; then CFLAGS="${CFLAGS} -g -Wall -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -DDEBUG_PASSWORD -DDEVELOPER" fi]) -AC_ARG_ENABLE(dmalloc, [ --enable-dmalloc enable heap debugging [default=no]]) +AC_ARG_ENABLE(dmalloc, [ --enable-dmalloc Enable heap debugging [default=no]]) if test "x$enable_dmalloc" = xyes then @@ -54,6 +182,10 @@ AC_PROG_CC AC_PROG_INSTALL AC_PROG_AWK +dnl Check if we use GNU ld +LD=ld +AC_PROG_LD_GNU + dnl needed before AC_TRY_COMPILE AC_ISC_POSIX @@ -175,7 +307,6 @@ case "$host_os" in ;; esac else - DYNEXP="-dc -dp" CPPFLAGS="$CPPFLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" AC_DEFINE(_LARGEFILE64_SOURCE) AC_DEFINE(_FILE_OFFSET_BITS,64) @@ -299,7 +430,7 @@ AC_CHECK_HEADERS(sys/param.h ctype.h sys/wait.h sys/resource.h sys/ioctl.h sys/i AC_CHECK_HEADERS(sys/mman.h sys/filio.h sys/priv.h sys/shm.h string.h strings.h stdlib.h sys/socket.h) AC_CHECK_HEADERS(sys/mount.h sys/vfs.h sys/fs/s5param.h sys/filsys.h termios.h termio.h) AC_CHECK_HEADERS(sys/termio.h sys/statfs.h sys/dustat.h sys/statvfs.h stdarg.h sys/sockio.h) -AC_CHECK_HEADERS(security/pam_modules.h security/_pam_macros.h ldap.h lber.h) +AC_CHECK_HEADERS(security/pam_modules.h security/_pam_macros.h ldap.h lber.h dlfcn.h) # # HPUX has a bug in that including shadow.h causes a re-definition of MAXINT. @@ -355,23 +486,28 @@ AC_CHECK_TYPE(wchar_t, unsigned short) ############################################ # for cups support we need libcups, and a handful of header files -AC_CHECK_LIB(cups,httpConnect) +AC_ARG_ENABLE(cups, +[ --enable-cups Turn on CUPS support (default=auto)]) -# I wonder if there is a nicer way of doing this? +if test x$enable_cups != xno; then + AC_PATH_PROG(CUPS_CONFIG, cups-config) -if test x"$ac_cv_lib_cups_httpConnect" = x"yes"; then - AC_CHECK_HEADERS(cups/cups.h cups/language.h) - if test x"$ac_cv_header_cups_cups_h" = x"yes"; then - if test x"$ac_cv_header_cups_language_h" = x"yes"; then + if test "x$CUPS_CONFIG" != x; then AC_DEFINE(HAVE_CUPS) - fi + CFLAGS="$CFLAGS `$CUPS_CONFIG --cflags`" + LDFLAGS="$LDFLAGS `$CUPS_CONFIG --ldflags`" + LIBS="$LIBS `$CUPS_CONFIG --libs`" fi fi ############################################ -# we need libdl for PAM, the password database plugins and the new VFS code -AC_CHECK_LIB(dl, dlopen, [LIBS="$LIBS -ldl"; - AC_DEFINE(HAVE_LIBDL)]) +# we need dlopen/dlclose/dlsym/dlerror for PAM, the password database plugins and the new VFS code +AC_CHECK_FUNCS(dlopen) +if test x"$ac_cv_func_dlopen" = x"no"; then + AC_CHECK_LIB(dl, dlopen, [LIBS="$LIBS -ldl"; + AC_DEFINE(HAVE_DLOPEN)]) +fi +# dlopen/dlclose/dlsym/dlerror will be checked again later and defines will be set then ############################################ # check if the compiler can do immediate structures @@ -601,7 +737,7 @@ else RUNPROG="" fi -AC_CHECK_FUNCS(dlopen dlclose dlsym dlerror waitpid getcwd strdup strndup strtoul strerror chown fchown chmod fchmod chroot link mknod mknod64) +AC_CHECK_FUNCS(dlopen dlclose dlsym dlerror waitpid getcwd strdup strndup strnlen strtoul strerror chown fchown chmod fchmod chroot link mknod mknod64) AC_CHECK_FUNCS(fstat strchr utime utimes getrlimit fsync bzero memset strlcpy strlcat setpgid) AC_CHECK_FUNCS(memmove vsnprintf snprintf asprintf vasprintf setsid glob strpbrk pipe crypt16 getauthuid) AC_CHECK_FUNCS(strftime sigprocmask sigblock sigaction sigset innetgr setnetgrent getnetgrent endnetgrent) @@ -713,6 +849,7 @@ AC_LIBTESTFUNC(sec, getprpwnam) # these are the defaults, good for lots of systems HOST_OS="$host_os" LDSHFLAGS="-shared" +SONAMEFLAG="#" SHLD="\${CC}" PICFLAG="" PICSUFFIX="po" @@ -729,16 +866,23 @@ case "$host_os" in LDSHFLAGS="-shared" DYNEXP="-Wl,--export-dynamic" PICFLAG="-fPIC" + SONAMEFLAG="-Wl,-soname=" AC_DEFINE(STAT_ST_BLOCKSIZE,512) ;; - *solaris*) - AC_DEFINE(SUNOS5) + *solaris*) AC_DEFINE(SUNOS5) BLDSHARED="true" - LDSHFLAGS="-h \$@ -G" - if test "${ac_cv_prog_CC}" = "gcc"; then + LDSHFLAGS="-G" + SONAMEFLAG="-h " + if test "${GCC}" = "yes"; then PICFLAG="-fPIC" + if test "${ac_cv_prog_gnu_ld}" = "yes"; then + DYNEXP="-Wl,-E" + fi else PICFLAG="-KPIC" + ## ${CFLAGS} added for building 64-bit shared + ## libs using Sun's Compiler + LDSHFLAGS="-G \${CFLAGS}" POBAD_CC="" PICSUFFIX="po.o" fi @@ -746,11 +890,14 @@ case "$host_os" in ;; *sunos*) AC_DEFINE(SUNOS4) BLDSHARED="true" - LDSHFLAGS="-Wl,-h,\$@ -G" + LDSHFLAGS="-G" + SONAMEFLAG="-Wl,-h," PICFLAG="-KPIC" # Is this correct for SunOS ;; *bsd*) BLDSHARED="true" - LDSHFLAGS="-Wl,-soname,\$@ -shared" + LDSHFLAGS="-shared" + DYNEXP="-Wl,-Bdynamic" + SONAMEFLAG="-Wl,-soname," PICFLAG="-fPIC" AC_DEFINE(STAT_ST_BLOCKSIZE,512) ;; @@ -761,9 +908,10 @@ case "$host_os" in esac ATTEMPT_WRAP32_BUILD=yes BLDSHARED="true" - LDSHFLAGS="-soname \$@ -shared" + LDSHFLAGS="-set_version sgi1.0 -shared" + SONAMEFLAG="-soname " SHLD="\${LD}" - if test "${ac_cv_prog_CC}" = "gcc"; then + if test "${GCC}" = "yes"; then PICFLAG="-fPIC" else PICFLAG="-KPIC" @@ -773,16 +921,25 @@ case "$host_os" in *aix*) AC_DEFINE(AIX) BLDSHARED="true" LDSHFLAGS="-Wl,-bexpall,-bM:SRE,-bnoentry" + DYNEXP="-Wl,-brtl,-bexpall" + if test "${GCC}" = "yes"; then + PICFLAG="-O2" + else PICFLAG="-O2 -qmaxmem=6000" + ## for funky AIX compiler using strncpy() + CFLAGS="$CFLAGS -D_LINUX_SOURCE_COMPAT" + fi + AC_DEFINE(STAT_ST_BLOCKSIZE,DEV_BSIZE) ;; *hpux*) AC_DEFINE(HPUX) SHLIBEXT="sl" # Use special PIC flags for the native HP-UX compiler. if test $ac_cv_prog_cc_Ae = yes; then - SHLD="/usr/bin/ld" BLDSHARED="true" - LDSHFLAGS="-B symbolic -b -z +h \$@" + SHLD="/usr/bin/ld" + LDSHFLAGS="-B symbolic -b -z" + SONAMEFLAG="+h " PICFLAG="+z" fi DYNEXP="-Wl,-E" @@ -791,31 +948,28 @@ case "$host_os" in *qnx*) AC_DEFINE(QNX);; *osf*) AC_DEFINE(OSF1) BLDSHARED="true" - LDSHFLAGS="-Wl,-soname,\$@ -shared" + LDSHFLAGS="-shared" + SONAMEFLAG="-Wl,-soname," PICFLAG="-fPIC" ;; - *sco*) - AC_DEFINE(SCO) - ;; + *sco*) AC_DEFINE(SCO);; *unixware*) AC_DEFINE(UNIXWARE) BLDSHARED="true" - LDSHFLAGS="-Wl,-soname,\$@ -shared" + LDSHFLAGS="-shared" + SONAMEFLAG="-Wl,-soname," PICFLAG="-KPIC" ;; *next2*) AC_DEFINE(NEXT2);; *dgux*) AC_CHECK_PROG( ROFF, groff, [groff -etpsR -Tascii -man]);; *sysv4*) case "$host" in - *-univel-*) - if [ test "$GCC" != yes ]; then + *-univel-*) if [ test "$GCC" != yes ]; then AC_DEFINE(HAVE_MEMSET) fi LDSHFLAGS="-G" DYNEXP="-Bexport" ;; - *mips-sni-sysv4*) - AC_DEFINE(RELIANTUNIX) - ;; + *mips-sni-sysv4*) AC_DEFINE(RELIANTUNIX);; esac ;; @@ -946,7 +1100,7 @@ AC_TRY_COMPILE([ #include ], [struct dirent64 de;], samba_cv_HAVE_STRUCT_DIRENT64=yes,samba_cv_HAVE_STRUCT_DIRENT64=no)]) -if test x"$samba_cv_HAVE_STRUCT_DIRENT64" = x"yes"; then +if test x"$samba_cv_HAVE_STRUCT_DIRENT64" = x"yes" && test x"$ac_cv_func_readdir64" = x"yes"; then AC_DEFINE(HAVE_STRUCT_DIRENT64) fi @@ -1025,6 +1179,14 @@ if test x"$samba_cv_HAVE_GETTIMEOFDAY_TZ" = x"yes"; then AC_DEFINE(HAVE_GETTIMEOFDAY_TZ) fi +AC_CACHE_CHECK([for __va_copy],samba_cv_HAVE_VA_COPY,[ +AC_TRY_LINK([#include +va_list ap1,ap2;], [__va_copy(ap1,ap2);], +samba_cv_HAVE_VA_COPY=yes,samba_cv_HAVE_VA_COPY=no)]) +if test x"$samba_cv_HAVE_VA_COPY" = x"yes"; then + AC_DEFINE(HAVE_VA_COPY) +fi + AC_CACHE_CHECK([for C99 vsnprintf],samba_cv_HAVE_C99_VSNPRINTF,[ AC_TRY_RUN([ #include @@ -1417,7 +1579,7 @@ fi AC_CACHE_CHECK([whether getpass should be replaced],samba_cv_REPLACE_GETPASS,[ SAVE_CPPFLAGS="$CPPFLAGS" -CPPFLAGS="$CPPFLAGS -I${srcdir-.}/ -I${srcdir-.}/include -I${srcdir-.}/ubiqx -I${srcdir-.}/smbwrapper" +CPPFLAGS="$CPPFLAGS -I${srcdir-.}/ -I${srcdir-.}/include -I${srcdir-.}/ubiqx -I${srcdir-.}/popt -I${srcdir-.}/smbwrapper" AC_TRY_COMPILE([ #define REPLACE_GETPASS 1 #define NO_CONFIG_H 1 @@ -1697,7 +1859,8 @@ AC_ARG_WITH(smbwrapper, yes) AC_MSG_RESULT(yes) AC_DEFINE(WITH_SMBWRAPPER) - WRAP="bin/smbsh bin/smbwrapper.$SHLIBEXT" + WRAPPROG="bin/smbsh" + WRAP="bin/smbwrapper.$SHLIBEXT" if test x$ATTEMPT_WRAP32_BUILD = x; then WRAP32="" @@ -1709,10 +1872,12 @@ AC_ARG_WITH(smbwrapper, if test x$PICFLAG = x; then echo No support for PIC code - disabling smbwrapper and smbsh + WRAPPROG="" WRAP="" WRAP32="" elif test x$ac_cv_func_syscall = xno; then AC_MSG_RESULT([No syscall() -- disabling smbwrapper and smbsh]) + WRAPPROG="" WRAP="" WRAP32="" fi @@ -1827,6 +1992,16 @@ AC_CHECK_LIB(lber, ber_scanf, [LIBS="$LIBS -llber"]) if test x$have_ldap != xyes; then AC_CHECK_LIB(ldap, ldap_domain2hostlist, [LIBS="$LIBS -lldap"; AC_DEFINE(HAVE_LDAP)]) + + ######################################################## + # If we have LDAP, does it's rebind procedure take 2 or 3 arguments? + # Check found in pam_ldap 145. + AC_CHECK_FUNCS(ldap_set_rebind_proc) + AC_CACHE_CHECK(whether ldap_set_rebind_proc takes 3 arguments, pam_ldap_cv_ldap_set_rebind_proc, [ + AC_TRY_COMPILE([ + #include + #include ], [ldap_set_rebind_proc(0, 0, 0);], [pam_ldap_cv_ldap_set_rebind_proc=3], [pam_ldap_cv_ldap_set_rebind_proc=2]) ]) + AC_DEFINE_UNQUOTED(LDAP_SET_REBIND_PROC_ARGS, $pam_ldap_cv_ldap_set_rebind_proc) fi ################################################# @@ -1977,24 +2152,6 @@ AC_ARG_WITH(tdbsam, AC_MSG_RESULT(no) ) -################################################# -# check for a LDAP password database -AC_MSG_CHECKING(whether to use LDAP SAM database) -AC_ARG_WITH(ldapsam, -[ --with-ldapsam Include experimental LDAP SAM support (default=no)], -[ case "$withval" in - yes) - AC_MSG_RESULT(yes) - AC_DEFINE(WITH_LDAP_SAM) - LIBS="-lldap -llber $LIBS" - ;; - *) - AC_MSG_RESULT(no) - ;; - esac ], - AC_MSG_RESULT(no) -) - ################################################# # check for a NISPLUS password database AC_MSG_CHECKING(whether to use NISPLUS SAM database) @@ -2035,74 +2192,6 @@ AC_ARG_WITH(nisplus-home, AC_MSG_RESULT(no) ) -################################################# -# check for the secure socket layer -AC_MSG_CHECKING(whether to use SSL) -AC_ARG_WITH(ssl, -[ --with-ssl Include SSL support (default=no) - --with-sslinc=DIR Where the SSL includes are (defaults to /usr/local/ssl/include) - --with-ssllib=DIR Where the SSL libraries are (defaults to /usr/local/ssl/lib)], -[ case "$withval" in - yes) - AC_MSG_RESULT(yes) - AC_DEFINE(WITH_SSL) - withval="/usr/local/ssl" # default - - if test "${with_sslinc+set}" = set; then - - withval="$with_sslinc" - case "$withval" in - yes|no) - echo "configure: warning: --with-sslinc called without argument - will use default" 1>&w - CFLAGS="-I/usr/local/ssl/include $CFLAGS" - ;; - * ) - CFLAGS="-I${withval} $CFLAGS" - ;; - esac - - else - - CFLAGS="-I/usr/local/ssl/include $CFLAGS" - - fi - - if test "${with_ssllib+set}" = set; then - - withval="$with_ssllib" - case "$withval" in - yes|no) - echo "configure: warning: --with-ssllib called without argument - will use default" 1>&w - LDFLAGS="-L/usr/local/ssl/lib $LDFLAGS" - ;; - * ) - LDFLAGS="-L${withval}/lib $LDFLAGS" - ;; - esac - - else - - LDFLAGS="-L/usr/local/ssl/lib $LDFLAGS" - - fi - - LIBS="-lssl -lcrypto $LIBS" - -# if test ! -d ${withval}; then -# echo "configure: error: called with --with-ssl, but ssl base directory ${withval} does not exist or is not a directory. Aborting config" 1>&2 -# exit 1 -# fi - - CFLAGS="-DHAVE_CRYPT_DECL $CFLAGS" # Damn, SSLeay defines its own - - ;; - *) - AC_MSG_RESULT(no) - ;; - esac ], - AC_MSG_RESULT(no) -) - ################################################# # check for syslog logging AC_MSG_CHECKING(whether to use syslog logging) @@ -2197,69 +2286,6 @@ AC_ARG_WITH(utmp, AC_MSG_RESULT(no) ) -################################################# -# set private directory location -AC_ARG_WITH(privatedir, -[ --with-privatedir=DIR Where to put smbpasswd ($ac_default_prefix/private)], -[ case "$withval" in - yes|no) - # - # Just in case anybody calls it without argument - # - AC_MSG_WARN([--with-privatedir called without argument - will use default]) - privatedir='${prefix}/private' - ;; - * ) - privatedir="$withval" - ;; - esac - AC_SUBST(privatedir)], - [privatedir='${prefix}/private' - AC_SUBST(privatedir)] -) - -################################################# -# set lock directory location -AC_ARG_WITH(lockdir, -[ --with-lockdir=DIR Where to put lock files ($ac_default_prefix/var/locks)], -[ case "$withval" in - yes|no) - # - # Just in case anybody calls it without argument - # - AC_MSG_WARN([--with-lockdir called without argument - will use default]) - lockdir='$(VARDIR)/locks' - ;; - * ) - lockdir="$withval" - ;; - esac - AC_SUBST(lockdir)], - [lockdir='$(VARDIR)/locks' - AC_SUBST(lockdir)] -) - -################################################# -# set SWAT directory location -AC_ARG_WITH(swatdir, -[ --with-swatdir=DIR Where to put SWAT files ($ac_default_prefix/swat)], -[ case "$withval" in - yes|no) - # - # Just in case anybody does it - # - AC_MSG_WARN([--with-swatdir called without argument - will use default]) - swatdir='${prefix}/swat' - ;; - * ) - swatdir="$withval" - ;; - esac - AC_SUBST(swatdir)], - [swatdir='${prefix}/swat' - AC_SUBST(swatdir)] -) - ################################################# # choose native language(s) of man pages AC_MSG_CHECKING(chosen man pages' language(s)) @@ -2284,6 +2310,32 @@ AC_ARG_WITH(manpages-langs, AC_SUBST(manlangs)] ) +################################################# +# should we build libsmbclient? + +LIBSMBCLIENT_SHARED= +LIBSMBCLIENT= +AC_MSG_CHECKING(whether to build the libsmbclient shared library) +AC_ARG_WITH(libsmbclient, +[ --with-libsmbclient Build the libsmbclient shared library (default=yes)], +[ case "$withval" in + no) + AC_MSG_RESULT(no) + ;; + *) + if test $BLDSHARED = true; then + LIBSMBCLIENT_SHARED=bin/libsmbclient.$SHLIBEXT + LIBSMBCLIENT=libsmbclient + AC_MSG_RESULT(yes) + else + AC_MSG_RESULT(no shared library support) + fi + ;; + esac ], + AC_MSG_RESULT(yes) +) + + ################################################# # these tests are taken from the GNU fileutils package AC_CHECKING(how to get filesystem space usage) @@ -2656,6 +2708,31 @@ else AC_MSG_RESULT(no$winbind_no_reason) fi + +# Check for FreeBSD problem with getgroups +# It returns EGID too many times in the list of groups +# and causes a security problem +AC_CACHE_CHECK([whether or not getgroups returns EGID too many times], + samba_cv_have_getgroups_too_many_egids,[AC_TRY_RUN([ +#include +#include + +int main(int argc, char *argv[]) +{ + gid_t groups[10]; + int n = 10; + + n = getgroups(n, &groups); + /* Could actually pass back the number of EGIDs there ... */ + exit((n > 1 && groups[0] == getegid() && groups[1] == getegid()) ? 1 : 0); +}], + samba_cv_have_getgroups_too_many_egids=no,samba_cv_have_getgroups_too_many_egids=yes, samba_cv_have_getgroups_too_many_egids=cross)]) +if test x"$samba_cv_have_getgroups_too_many_egids" = x"yes"; then + AC_DEFINE(HAVE_GETGROUPS_TOO_MANY_EGIDS) +fi + + + # Substitution time! AC_SUBST(WINBIND_TARGETS) @@ -2743,7 +2820,7 @@ AC_TRY_RUN([#include "${srcdir-.}/tests/summary.c"], builddir=`pwd` AC_SUBST(builddir) -AC_OUTPUT(include/stamp-h Makefile) +AC_OUTPUT(include/stamp-h Makefile script/findsmb) ################################################# # Print very concise instructions on building/use diff --git a/source3/dynconfig.c b/source3/dynconfig.c index 76b5bce5c98..b1d4f000af4 100644 --- a/source3/dynconfig.c +++ b/source3/dynconfig.c @@ -64,6 +64,7 @@ pstring dyn_LIBDIR = LIBDIR; * Not writable, but used to set a default in the parameter table. **/ const pstring dyn_LOCKDIR = LOCKDIR; +const pstring dyn_PIDDIR = PIDDIR; const pstring dyn_DRIVERFILE = DRIVERFILE; diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 99ccffb4644..70d6317a77a 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -21,8 +21,6 @@ #include "includes.h" -extern DOM_SID global_sam_sid; - static TDB_CONTEXT *tdb; /* used for driver files */ #define DATABASE_VERSION_V1 1 /* native byte format. */ @@ -186,17 +184,17 @@ static BOOL default_group_mapping(void) /* Add the defaults domain groups */ - sid_copy(&sid_admins, &global_sam_sid); + sid_copy(&sid_admins, get_global_sam_sid()); sid_append_rid(&sid_admins, DOMAIN_GROUP_RID_ADMINS); sid_to_string(str_admins, &sid_admins); add_initial_entry(-1, str_admins, SID_NAME_DOM_GRP, "Domain Admins", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - sid_copy(&sid_users, &global_sam_sid); + sid_copy(&sid_users, get_global_sam_sid()); sid_append_rid(&sid_users, DOMAIN_GROUP_RID_USERS); sid_to_string(str_users, &sid_users); add_initial_entry(-1, str_users, SID_NAME_DOM_GRP, "Domain Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - sid_copy(&sid_guests, &global_sam_sid); + sid_copy(&sid_guests, get_global_sam_sid()); sid_append_rid(&sid_guests, DOMAIN_GROUP_RID_GUESTS); sid_to_string(str_guests, &sid_guests); add_initial_entry(-1, str_guests, SID_NAME_DOM_GRP, "Domain Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK); @@ -637,7 +635,7 @@ BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map, BOOL with_priv) PRIVILEGE_SET *set; if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping")); + DEBUG(0,("get_group_map_from_ntname:failed to initialize group mapping")); return(False); } @@ -1070,7 +1068,7 @@ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv) /* interim solution until we have a last RID allocated */ - sid_copy(&map->sid, &global_sam_sid); + sid_copy(&map->sid, get_global_sam_sid()); sid_append_rid(&map->sid, pdb_gid_to_group_rid(gid)); fstrcpy(map->nt_name, grp->gr_name); diff --git a/source3/include/ads.h b/source3/include/ads.h index 8658e72f6ac..b3e18f18b8d 100644 --- a/source3/include/ads.h +++ b/source3/include/ads.h @@ -7,6 +7,7 @@ typedef struct { void *ld; char *realm; + char *workgroup; char *ldap_server; char *ldap_server_name; char *kdc_server; diff --git a/source3/include/auth.h b/source3/include/auth.h index 5c8bc8edfe6..66b317d6433 100644 --- a/source3/include/auth.h +++ b/source3/include/auth.h @@ -141,11 +141,12 @@ typedef struct auth_methods } auth_methods; -struct auth_init_function { +typedef NTSTATUS (*auth_init_function)(struct auth_context *, const char *, struct auth_methods **); + +struct auth_init_function_entry { char *name; /* Function to create a member of the authmethods list */ - BOOL (*init)(struct auth_context *auth_context, struct auth_methods **auth_method); -}; - + auth_init_function init; +}; #endif /* _SMBAUTH_H_ */ diff --git a/source3/include/byteorder.h b/source3/include/byteorder.h index 1abf1854f36..c262dd2d337 100644 --- a/source3/include/byteorder.h +++ b/source3/include/byteorder.h @@ -107,8 +107,7 @@ it also defines lots of intermediate macros, just ignore those :-) #define CVAL(buf,pos) (((const unsigned char *)(buf))[pos]) #define CVAL_NC(buf,pos) (((unsigned char *)(buf))[pos]) /* Non-const version of CVAL */ -#define PVAL(buf,pos) ((const unsigned)CVAL(buf,pos)) -#define PVAL_NC(buf,pos) ((unsigned)CVAL(buf,pos)) /* Non const version of PVAL */ +#define PVAL(buf,pos) (CVAL(buf,pos)) #define SCVAL(buf,pos,val) (CVAL_NC(buf,pos) = (val)) @@ -118,12 +117,12 @@ it also defines lots of intermediate macros, just ignore those :-) #define IVAL(buf,pos) (SVAL(buf,pos)|SVAL(buf,(pos)+2)<<16) #define SSVALX(buf,pos,val) (CVAL_NC(buf,pos)=(unsigned char)((val)&0xFF),CVAL_NC(buf,pos+1)=(unsigned char)((val)>>8)) #define SIVALX(buf,pos,val) (SSVALX(buf,pos,val&0xFFFF),SSVALX(buf,pos+2,val>>16)) -#define SVALS(buf,pos) ((const int16)SVAL(buf,pos)) -#define IVALS(buf,pos) ((const int32)IVAL(buf,pos)) -#define SSVAL(buf,pos,val) SSVALX((buf),(pos),((const uint16)(val))) -#define SIVAL(buf,pos,val) SIVALX((buf),(pos),((const uint32)(val))) -#define SSVALS(buf,pos,val) SSVALX((buf),(pos),((const int16)(val))) -#define SIVALS(buf,pos,val) SIVALX((buf),(pos),((const int32)(val))) +#define SVALS(buf,pos) ((int16)SVAL(buf,pos)) +#define IVALS(buf,pos) ((int32)IVAL(buf,pos)) +#define SSVAL(buf,pos,val) SSVALX((buf),(pos),((uint16)(val))) +#define SIVAL(buf,pos,val) SIVALX((buf),(pos),((uint32)(val))) +#define SSVALS(buf,pos,val) SSVALX((buf),(pos),((int16)(val))) +#define SIVALS(buf,pos,val) SIVALX((buf),(pos),((int32)(val))) #else /* CAREFUL_ALIGNMENT */ @@ -145,10 +144,10 @@ it also defines lots of intermediate macros, just ignore those :-) #define IVALS_NC(buf,pos) (*(int32 *)((char *)(buf) + (pos))) /* Non const version of above. */ /* store single value in an SMB buffer */ -#define SSVAL(buf,pos,val) SVAL_NC(buf,pos)=((const uint16)(val)) -#define SIVAL(buf,pos,val) IVAL_NC(buf,pos)=((const uint32)(val)) -#define SSVALS(buf,pos,val) SVALS_NC(buf,pos)=((const int16)(val)) -#define SIVALS(buf,pos,val) IVALS_NC(buf,pos)=((const int32)(val)) +#define SSVAL(buf,pos,val) SVAL_NC(buf,pos)=((uint16)(val)) +#define SIVAL(buf,pos,val) IVAL_NC(buf,pos)=((uint32)(val)) +#define SSVALS(buf,pos,val) SVALS_NC(buf,pos)=((int16)(val)) +#define SIVALS(buf,pos,val) IVALS_NC(buf,pos)=((int32)(val)) #endif /* CAREFUL_ALIGNMENT */ diff --git a/source3/include/client.h b/source3/include/client.h index 0974cd06664..711ae1fd196 100644 --- a/source3/include/client.h +++ b/source3/include/client.h @@ -57,6 +57,15 @@ struct print_job_info time_t t; }; +typedef struct smb_sign_info { + BOOL use_smb_signing; + BOOL negotiated_smb_signing; + size_t mac_key_len; + uint8 mac_key[44]; + uint32 send_seq_num; + uint32 reply_seq_num; +} smb_sign_info; + struct cli_state { int port; int fd; @@ -69,7 +78,6 @@ struct cli_state { int rap_error; int privileges; - fstring eff_name; fstring desthost; fstring user_name; fstring domain; @@ -109,6 +117,8 @@ struct cli_state { TALLOC_CTX *mem_ctx; + smb_sign_info sign_info; + /* * Only used in NT domain calls. */ @@ -145,4 +155,8 @@ struct cli_state { fstring pipe_name; }; +#define CLI_FULL_CONNECTION_DONT_SPNEGO 0x0001 +#define CLI_FULL_CONNECTION_USE_KERBEROS 0x0002 +#define CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK 0x0004 + #endif /* _CLIENT_H */ diff --git a/source3/include/config.h.in b/source3/include/config.h.in index 8dc7dd6cf88..ac28c0856cf 100644 --- a/source3/include/config.h.in +++ b/source3/include/config.h.in @@ -1,4 +1,4 @@ -/* include/config.h.in. Generated automatically from configure.in by autoheader 2.13. */ +/* include/config.h.in. Generated automatically from configure.in by autoheader. */ /* Define if on AIX 3. System headers sometimes define this. @@ -124,8 +124,6 @@ #undef HAVE_SET_AUTH_PARAMETERS #undef WITH_SYSLOG #undef WITH_PROFILE -#undef WITH_SSL -#undef SSL_DIR #undef WITH_PAM #undef WITH_NISPLUS_HOME #undef WITH_AUTOMOUNT @@ -137,6 +135,7 @@ #undef REPLACE_INET_NTOA #undef HAVE_FILE_MACRO #undef HAVE_FUNCTION_MACRO +#undef HAVE_VA_COPY #undef HAVE_SETRESUID_DECL #undef HAVE_SETRESUID #undef WITH_NETATALK @@ -190,7 +189,10 @@ #undef USE_SETRESUID #undef USE_SETREUID #undef USE_SETUIDX -#undef HAVE_LIBDL +#undef HAVE_DLOPEN +#undef HAVE_DLCLOSE +#undef HAVE_DLSYM +#undef HAVE_DLERROR #undef SYSCONF_SC_NGROUPS_MAX #undef HAVE_UT_UT_NAME #undef HAVE_UT_UT_USER @@ -811,6 +813,9 @@ /* Define if you have the strndup function. */ #undef HAVE_STRNDUP +/* Define if you have the strnlen function. */ +#undef HAVE_STRNLEN + /* Define if you have the strpbrk function. */ #undef HAVE_STRPBRK @@ -877,6 +882,9 @@ /* Define if you have the header file. */ #undef HAVE_DIRENT_H +/* Define if you have the header file. */ +#undef HAVE_DLFCN_H + /* Define if you have the header file. */ #undef HAVE_FCNTL_H diff --git a/source3/include/debug.h b/source3/include/debug.h index 235fbf70c4e..08858274337 100644 --- a/source3/include/debug.h +++ b/source3/include/debug.h @@ -38,8 +38,10 @@ */ int Debug1( char *, ... ) PRINTF_ATTRIBUTE(1,2); BOOL dbgtext( char *, ... ) PRINTF_ATTRIBUTE(1,2); +BOOL dbghdr( int level, char *file, char *func, int line ); extern XFILE *dbf; +extern pstring debugf; /* If we have these macros, we can add additional info to the header. */ #ifdef HAVE_FILE_MACRO @@ -64,7 +66,7 @@ extern XFILE *dbf; * because some references would expand incorrectly. */ #define DEBUGLEVEL *debug_level - +extern int DEBUGLEVEL; /* * Define all new debug classes here. A class is represented by an entry in @@ -77,26 +79,27 @@ extern XFILE *dbf; * at the start of the file (after #include "includes.h") will default to * using index zero, so it will behaive just like it always has. */ +#define DBGC_ALL 0 /* index equivalent to DEBUGLEVEL */ + +#define DBGC_TDB 1 +#define DBGC_PRINTDRIVERS 2 +#define DBGC_LANMAN 3 +#define DBGC_SMB 4 +#define DBGC_RPC_PARSE 5 +#define DBGC_RPC_SRV 6 +#define DBGC_RPC_CLI 7 +#define DBGC_PASSDB 8 +#define DBGC_AUTH 9 +#define DBGC_WINBIND 10 + + +/* So you can define DBGC_CLASS before including debug.h */ +#ifndef DBGC_CLASS #define DBGC_CLASS 0 /* override as shown above */ -#define DBGC_ALL 0 /* index equivalent to DEBUGLEVEL */ - -#define DBGC_TDB 1 -#define DBGC_PRINTDRIVERS 2 -#define DBGC_LANMAN 3 -#define DBGC_SMB 4 -#define DBGC_RPC 5 -#define DBGC_RPC_HDR 6 -#define DBGC_BDC 7 - -#define DBGC_LAST 8 /* MUST be last class value + 1 */ - -extern int DEBUGLEVEL_CLASS[DBGC_LAST]; -extern BOOL DEBUGLEVEL_CLASS_ISSET[DBGC_LAST]; +#endif -struct debuglevel_message { - int debuglevel_class[DBGC_LAST]; - BOOL debuglevel_class_isset[DBGC_LAST]; -}; +extern int *DEBUGLEVEL_CLASS; +extern BOOL *DEBUGLEVEL_CLASS_ISSET; /* Debugging macros * @@ -151,7 +154,7 @@ struct debuglevel_message { #define DEBUGLVL( level ) \ ( ((level) <= MAX_DEBUG_LEVEL) && \ ((DEBUGLEVEL_CLASS[ DBGC_CLASS ] >= (level))|| \ - (!DEBUGLEVEL_CLASS[ DBGC_CLASS ] && \ + (!DEBUGLEVEL_CLASS_ISSET[ DBGC_CLASS ] && \ DEBUGLEVEL_CLASS[ DBGC_ALL ] >= (level)) ) \ && dbghdr( level, FILE_MACRO, FUNCTION_MACRO, (__LINE__) ) ) diff --git a/source3/include/doserr.h b/source3/include/doserr.h index 45898f63758..135d799596c 100644 --- a/source3/include/doserr.h +++ b/source3/include/doserr.h @@ -165,7 +165,9 @@ #define WERR_NO_MORE_ITEMS W_ERROR(259) #define WERR_MORE_DATA W_ERROR(234) #define WERR_INVALID_OWNER W_ERROR(1307) +#define WERR_CAN_NOT_COMPLETE W_ERROR(1003) #define WERR_INVALID_SECURITY_DESCRIPTOR W_ERROR(1338) +#define WERR_SERVER_UNAVAILABLE W_ERROR(1722) #define WERR_UNKNOWN_PRINTER_DRIVER W_ERROR(1797) #define WERR_INVALID_PRINTER_NAME W_ERROR(1801) #define WERR_PRINTER_ALREADY_EXISTS W_ERROR(1802) diff --git a/source3/include/dynconfig.h b/source3/include/dynconfig.h index eaa3a0568d3..f8b3bbb791d 100644 --- a/source3/include/dynconfig.h +++ b/source3/include/dynconfig.h @@ -31,6 +31,7 @@ extern pstring dyn_CONFIGFILE; extern pstring dyn_LOGFILEBASE, dyn_LMHOSTSFILE; extern pstring dyn_LIBDIR; extern const pstring dyn_LOCKDIR; +extern const pstring dyn_PIDDIR; extern const pstring dyn_DRIVERFILE; extern const pstring dyn_SMB_PASSWD_FILE; extern const pstring dyn_PRIVATE_DIR; diff --git a/source3/include/includes.h b/source3/include/includes.h index 5da1c1d9972..435810a1bab 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -434,8 +434,12 @@ /* * Define additional missing types */ -#ifndef HAVE_SIG_ATOMIC_T_TYPE -typedef int sig_atomic_t; +#if defined(HAVE_SIG_ATOMIC_T_TYPE) && defined(AIX) +typedef sig_atomic_t SIG_ATOMIC_T; +#elif defined(HAVE_SIG_ATOMIC_T_TYPE) && !defined(AIX) +typedef sig_atomic_t VOLATILE SIG_ATOMIC_T; +#else +typedef int VOLATILE SIG_ATOMIC_T; #endif #ifndef HAVE_SOCKLEN_T_TYPE @@ -696,6 +700,7 @@ extern int errno; #include "dlinklist.h" #include "../tdb/tdb.h" #include "../tdb/spinlock.h" +#include "../tdb/tdbutil.h" #include "talloc.h" #include "ads.h" #include "interfaces.h" @@ -748,10 +753,6 @@ extern int errno; #include "mangle.h" -#ifndef MAXCODEPAGELINES -#define MAXCODEPAGELINES 256 -#endif - /* * Type for wide character dirent structure. * Only d_name is defined by POSIX. @@ -942,6 +943,14 @@ size_t strlcat(char *d, const char *s, size_t bufsize); int ftruncate(int f,long l); #endif +#ifndef HAVE_STRNDUP +char *strndup(const char *s, size_t n); +#endif + +#ifndef HAVE_STRNLEN +size_t strnlen(const char *s, size_t n); +#endif + #ifndef HAVE_STRTOUL unsigned long strtoul(const char *nptr, char **endptr, int base); #endif @@ -993,9 +1002,9 @@ int vasprintf(char **ptr, const char *format, va_list ap); #define DEFAULT_SOCKET_OPTIONS "" #endif -/* Load header file for libdl stuff */ +/* Load header file for dynamic linking stuff */ -#ifdef HAVE_LIBDL +#ifdef HAVE_DLFCN_H #include #endif @@ -1155,5 +1164,13 @@ int asprintf(char **,const char *, ...) PRINTF_ATTRIBUTE(2,3); #define slprintf snprintf #define vslprintf vsnprintf + +/* we need to use __va_copy() on some platforms */ +#ifdef HAVE_VA_COPY +#define VA_COPY(dest, src) __va_copy(dest, src) +#else +#define VA_COPY(dest, src) (dest) = (src) +#endif + #endif /* _INCLUDES_H */ diff --git a/source3/include/libsmbclient.h b/source3/include/libsmbclient.h index e343b876d33..f2695639969 100644 --- a/source3/include/libsmbclient.h +++ b/source3/include/libsmbclient.h @@ -1,9 +1,11 @@ /*===================================================================== - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. SMB client library API definitions Copyright (C) Andrew Tridgell 1998 Copyright (C) Richard Sharpe 2000 Copyright (C) John Terpsra 2000 + Copyright (C) Tom Jansen (Ninja ISD) 2002 + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -93,30 +95,28 @@ struct smbc_dirent SMBC_DIR=7, SMBC_FILE=8, SMBC_LINK=9,*/ - uint smbc_type; + unsigned int smbc_type; /** Length of this smbc_dirent in bytes */ - uint dirlen; + unsigned int dirlen; /** The length of the comment string in bytes (includes null * terminator) */ - uint commentlen; + unsigned int commentlen; /** Points to the null terminated comment string */ char *comment; /** The length of the name string in bytes (includes null * terminator) */ - uint namelen; + unsigned int namelen; /** Points to the null terminated name string */ char name[1]; }; - #ifndef _CLIENT_H -typedef unsigned short uint16; /**@ingroup structure * Structure that represents a print job. @@ -126,11 +126,11 @@ struct print_job_info { /** numeric ID of the print job */ - uint16 id; + unsigned short id; /** represents print job priority (lower numbers mean higher priority) */ - uint16 priority; + unsigned short priority; /** Size of the print job */ @@ -149,8 +149,7 @@ struct print_job_info */ time_t t; }; -#endif - +#endif /* ifndef _CLIENT_H */ /**@ingroup structure * Authentication callback function type. @@ -196,6 +195,227 @@ typedef void (*smbc_get_auth_data_fn)(const char *srv, */ typedef void (*smbc_get_print_job_info)(struct print_job_info *i); +typedef struct _SMBCSRV { + struct cli_state cli; + dev_t dev; + BOOL no_pathinfo2; + int server_fd; + + struct _SMBCSRV *next, *prev; + +} SMBCSRV; + +/* + * Keep directory entries in a list + */ +struct smbc_dir_list { + struct smbc_dir_list *next; + struct smbc_dirent *dirent; +}; + +/* + * Structure for open file management + */ +typedef struct _SMBCFILE { + int cli_fd; + char *fname; + off_t offset; + SMBCSRV *srv; + BOOL file; + struct smbc_dir_list *dir_list, *dir_end, *dir_next; + int dir_type, dir_error; + + struct _SMBCFILE *next, *prev; +} SMBCFILE; + +/**@ingroup structure + * Structure that contains a client context information + */ +typedef struct _SMBCCTX { + /** debug level + */ + int debug; + + /** netbios name used for making connections + */ + char * netbios_name; + + /** workgroup name used for making connections + */ + char * workgroup; + + /** username used for making connections + */ + char * user; + + /** timeout used for waiting on connections / response data (in milliseconds) + */ + int timeout; + + /** callable functions for files: + * For usage and return values see the smbc_* functions + */ + SMBCFILE * (*open) (struct _SMBCCTX *c, const char *fname, int flags, mode_t mode); + SMBCFILE * (*creat) (struct _SMBCCTX *c, const char *path, mode_t mode); + ssize_t (*read) (struct _SMBCCTX *c, SMBCFILE *file, void *buf, size_t count); + ssize_t (*write) (struct _SMBCCTX *c, SMBCFILE *file, void *buf, size_t count); + int (*unlink) (struct _SMBCCTX *c, const char *fname); + int (*rename) (struct _SMBCCTX *ocontext, const char *oname, + struct _SMBCCTX *ncontext, const char *nname); + off_t (*lseek) (struct _SMBCCTX *c, SMBCFILE * file, off_t offset, int whence); + int (*stat) (struct _SMBCCTX *c, const char *fname, struct stat *st); + int (*fstat) (struct _SMBCCTX *c, SMBCFILE *file, struct stat *st); + int (*close) (struct _SMBCCTX *c, SMBCFILE *file); + + /** callable functions for dirs + */ + SMBCFILE * (*opendir) (struct _SMBCCTX *c, const char *fname); + int (*closedir)(struct _SMBCCTX *c, SMBCFILE *dir); + struct smbc_dirent * (*readdir)(struct _SMBCCTX *c, SMBCFILE *dir); + int (*getdents)(struct _SMBCCTX *c, SMBCFILE *dir, + struct smbc_dirent *dirp, int count); + int (*mkdir) (struct _SMBCCTX *c, const char *fname, mode_t mode); + int (*rmdir) (struct _SMBCCTX *c, const char *fname); + off_t (*telldir) (struct _SMBCCTX *c, SMBCFILE *dir); + int (*lseekdir)(struct _SMBCCTX *c, SMBCFILE *dir, off_t offset); + int (*fstatdir)(struct _SMBCCTX *c, SMBCFILE *dir, struct stat *st); + + /** callable functions for printing + */ + int (*print_file)(struct _SMBCCTX *c_file, const char *fname, + struct _SMBCCTX *c_print, const char *printq); + SMBCFILE * (*open_print_job)(struct _SMBCCTX *c, const char *fname); + int (*list_print_jobs)(struct _SMBCCTX *c, const char *fname, void (*fn)(struct print_job_info *)); + int (*unlink_print_job)(struct _SMBCCTX *c, const char *fname, int id); + + + /** Callbacks + * These callbacks _always_ have to be intialized because they will not be checked + * at dereference for increased speed. + */ + struct _smbc_callbacks { + /** authentication function callback: called upon auth requests + */ + smbc_get_auth_data_fn auth_fn; + + /** check if a server is still good + */ + int (*check_server_fn)(struct _SMBCCTX * c, SMBCSRV *srv); + + /** remove a server if unused + */ + int (*remove_unused_server_fn)(struct _SMBCCTX * c, SMBCSRV *srv); + + /** Cache subsystem + * For an example cache system see samba/source/libsmb/libsmb_cache.c + * Cache subsystem functions follow. + */ + + /** server cache addition + */ + int (*add_cached_srv_fn) (struct _SMBCCTX * c, SMBCSRV *srv, + char * server, char * share, + char * workgroup, char * username); + /** server cache lookup + */ + SMBCSRV * (*get_cached_srv_fn) (struct _SMBCCTX * c, char * server, + char * share, char * workgroup, char * username); + /** server cache removal + */ + int (*remove_cached_srv_fn)(struct _SMBCCTX * c, SMBCSRV *srv); + + /** server cache purging, try to remove all cached servers (disconnect) + */ + int (*purge_cached_fn) (struct _SMBCCTX * c); + + } callbacks; + + + /** Space to store private data of the server cache. + */ + void * server_cache; + + /** INTERNAL functions + * do _NOT_ touch these from your program ! + */ + + /** INTERNAL: is this handle initialized ? + */ + int _initialized; + + /** INTERNAL: dirent pointer location + */ + char _dirent[512]; + + /** INTERNAL: server connection list + */ + SMBCSRV * _servers; + + /** INTERNAL: open file/dir list + */ + SMBCFILE * _files; + +} SMBCCTX; + + +/**@ingroup misc + * Create a new SBMCCTX (a context). + * + * Must be called before the context is passed to smbc_context_init() + * + * @return The given SMBCCTX pointer on success, NULL on error with errno set: + * - ENOMEM Out of memory + * + * @see smbc_free_context(), smbc_init_context() + * + * @note Do not forget to smbc_init_context() the returned SMBCCTX pointer ! + */ +SMBCCTX * smbc_new_context(void); + +/**@ingroup misc + * Delete a SBMCCTX (a context) acquired from smbc_new_context(). + * + * The context will be deleted if possible. + * + * @param context A pointer to a SMBCCTX obtained from smbc_new_context() + * + * @param shutdown_ctx If 1, all connections and files will be closed even if they are busy. + * + * + * @return Returns 0 on succes. Returns 1 on failure with errno set: + * - EBUSY Server connections are still used, Files are open or cache + * could not be purged + * - EBADF context == NULL + * + * @see smbc_new_context() + * + * @note It is advised to clean up all the contexts with shutdown_ctx set to 1 + * just before exit()'ing. When shutdown_ctx is 0, this function can be + * use in periodical cleanup functions for example. + */ +int smbc_free_context(SMBCCTX * context, int shutdown_ctx); + + +/**@ingroup misc + * Initialize a SBMCCTX (a context). + * + * Must be called before using any SMBCCTX API function + * + * @param context A pointer to a SMBCCTX obtained from smbc_new_context() + * + * @return A pointer to the given SMBCCTX on success, NULL on error with errno set: + * - EBADF NULL context given + * - ENOMEM Out of memory + * - ENOENT The smb.conf file would not load + * + * @see smbc_new_context() + * + * @note my_context = smbc_init_context(smbc_new_context()) is perfectly safe, + * but it might leak memory on smbc_context_init() failure. Avoid this. + * You'll have to call smbc_free_context() yourself on failure. + */ + +SMBCCTX * smbc_init_context(SMBCCTX * context); /**@ingroup misc * Initialize the samba client library. @@ -214,8 +434,8 @@ typedef void (*smbc_get_print_job_info)(struct print_job_info *i); * - ENOENT The smb.conf file would not load * */ -int smbc_init(smbc_get_auth_data_fn fn, int debug); +int smbc_init(smbc_get_auth_data_fn fn, int debug); /**@ingroup file * Open a file on an SMB server. @@ -268,8 +488,8 @@ int smbc_init(smbc_get_auth_data_fn fn, int debug); * try again with an empty username and password. This * often gets mapped to the guest account on some machines. */ -int smbc_open(const char *furl, int flags, mode_t mode); +int smbc_open(const char *furl, int flags, mode_t mode); /**@ingroup file * Create a file on an SMB server. @@ -302,8 +522,8 @@ int smbc_open(const char *furl, int flags, mode_t mode); * @see smbc_open() * */ -int smbc_creat(const char *furl, mode_t mode); +int smbc_creat(const char *furl, mode_t mode); /**@ingroup file * Read from a file using an opened file handle. diff --git a/source3/include/local.h b/source3/include/local.h index 1ecd63738ec..24f3fa77246 100644 --- a/source3/include/local.h +++ b/source3/include/local.h @@ -77,7 +77,7 @@ #define MAX_PASS_LEN 200 /* separators for lists */ -#define LIST_SEP " \t,;:\n\r" +#define LIST_SEP " \t,;\n\r" /* wchar separators for lists */ #define LIST_SEP_W wchar_list_sep diff --git a/source3/include/mangle.h b/source3/include/mangle.h index d3218519f88..769278d828b 100644 --- a/source3/include/mangle.h +++ b/source3/include/mangle.h @@ -1,11 +1,14 @@ +#ifndef _MANGLE_H_ +#define _MANGLE_H_ /* header for 8.3 name mangling interface */ struct mangle_fns { BOOL (*is_mangled)(const char *s); - BOOL (*is_8_3)(const char *fname, BOOL check_case); + BOOL (*is_8_3)(const char *fname, BOOL check_case, BOOL allow_wildcards); void (*reset)(void); BOOL (*check_cache)(char *s); - BOOL (*name_map)(char *OutName, BOOL need83, BOOL cache83); + void (*name_map)(char *OutName, BOOL need83, BOOL cache83); }; +#endif /* _MANGLE_H_ */ diff --git a/source3/include/md5.h b/source3/include/md5.h index dc2f2dd207f..6665171e7c5 100644 --- a/source3/include/md5.h +++ b/source3/include/md5.h @@ -15,7 +15,6 @@ void MD5Init(struct MD5Context *context); void MD5Update(struct MD5Context *context, unsigned char const *buf, unsigned len); void MD5Final(unsigned char digest[16], struct MD5Context *context); -void MD5Transform(uint32 buf[4], uint32 const in[16]); /* * This is needed to make RSAREF happy on some MS-DOS compilers. diff --git a/source3/include/messages.h b/source3/include/messages.h index 9868b5de099..79a08a75462 100644 --- a/source3/include/messages.h +++ b/source3/include/messages.h @@ -47,9 +47,10 @@ #define MSG_FORCE_ELECTION 1001 #define MSG_WINS_NEW_ENTRY 1002 -/* rpc messages */ -#define MSG_PRINTER_NOTIFY 2001 -#define MSG_PRINTER_UPDATE 2002 +/* printing messages */ +/* #define MSG_PRINTER_NOTIFY 2001*/ /* Obsolete */ +#define MSG_PRINTER_DRVUPGRADE 2002 +#define MSG_PRINTER_NOTIFY2 2003 /* smbd messages */ #define MSG_SMB_CONF_UPDATED 3001 diff --git a/source3/include/msdfs.h b/source3/include/msdfs.h index ab56ae4af44..32aa7ecef25 100644 --- a/source3/include/msdfs.h +++ b/source3/include/msdfs.h @@ -1,5 +1,6 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 3.0 MSDfs services for Samba Copyright (C) Shirish Kalele 2000 @@ -16,6 +17,7 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ #ifndef _MSDFS_H @@ -52,26 +54,32 @@ struct junction_map struct dfs_path { - pstring hostname; - pstring servicename; - pstring volumename; - pstring restofthepath; + pstring hostname; + pstring servicename; + pstring reqpath; }; -#define RESOLVE_DFSPATH(name, conn, inbuf, outbuf) \ -{ if(((SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES)) && \ - dfs_redirect(name,conn)) \ - return ERROR_NT(NT_STATUS_PATH_NOT_COVERED); } +#define RESOLVE_DFSPATH(name, conn, inbuf, outbuf) \ +{ if ((SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES) && \ + lp_host_msdfs() && lp_msdfs_root(SNUM(conn)) && \ + dfs_redirect(name,conn,False)) \ + return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, \ + ERRSRV, ERRbadpath);; } + +#define RESOLVE_FINDFIRST_DFSPATH(name, conn, inbuf, outbuf) \ +{ if ( (SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES) || \ + ((get_remote_arch() == RA_WIN95) && lp_msdfs_root(SNUM(conn))) ) \ + if (lp_host_msdfs() && dfs_redirect(name,conn,True)) \ + return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, \ + ERRSRV, ERRbadpath);; } -#define RESOLVE_FINDFIRST_DFSPATH(name, conn, inbuf, outbuf) \ -{ if((SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES) || \ - get_remote_arch()==RA_WIN95) \ - if(dfs_findfirst_redirect(directory,conn)) \ - return ERROR_NT(NT_STATUS_PATH_NOT_COVERED); } -#define init_dfsroot(conn, inbuf, outbuf) \ -{ if(lp_msdfs_root(SNUM(conn)) && lp_host_msdfs()) \ - SSVAL(outbuf, smb_vwv2, SMB_SHARE_IN_DFS | SMB_SUPPORT_SEARCH_BITS); \ -} +#define init_dfsroot(conn, inbuf, outbuf) \ +{ if (lp_msdfs_root(SNUM(conn)) && lp_host_msdfs()) { \ + DEBUG(2,("Serving %s as a Dfs root\n", \ + lp_servicename(SNUM(conn)) )); \ + SSVAL(outbuf, smb_vwv2, SMB_SHARE_IN_DFS \ + | SVAL(outbuf, smb_vwv2)); \ +} } #endif /* _MSDFS_H */ diff --git a/source3/include/nameserv.h b/source3/include/nameserv.h index 53a5a3b5d8a..fefa243c3fd 100644 --- a/source3/include/nameserv.h +++ b/source3/include/nameserv.h @@ -458,6 +458,14 @@ struct res_rec { char rdata[MAX_DGRAM_SIZE]; }; +/* Define these so we can pass info back to caller of name_query */ +#define NM_FLAGS_RS 0x80 /* Response. Cheat */ +#define NM_FLAGS_AA 0x40 /* Authoritative */ +#define NM_FLAGS_TC 0x20 /* Truncated */ +#define NM_FLAGS_RD 0x10 /* Recursion Desired */ +#define NM_FLAGS_RA 0x08 /* Recursion Available */ +#define NM_FLAGS_B 0x01 /* Broadcast */ + /* An nmb packet. */ struct nmb_packet { diff --git a/source3/include/nt_printing.h b/source3/include/nt_printing.h index 90ac45412d9..57181c66591 100644 --- a/source3/include/nt_printing.h +++ b/source3/include/nt_printing.h @@ -1,5 +1,6 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 1.9. SMB parameters and setup Copyright (C) Andrew Tridgell 1992-2000, Copyright (C) Jean Francois Micouleau 1998-2000. @@ -331,4 +332,23 @@ typedef struct _form #define VS_VERSION_INFO_SIZE (sizeof(VS_SIGNATURE)+4+VS_MINOR_OFFSET+4) /* not true size! */ #define VS_NE_BUF_SIZE 4096 /* Must be > 2*VS_VERSION_INFO_SIZE */ +/* Notify spoolss clients that something has changed. The + notification data is either stored in two uint32 values or a + variable length array. */ + +#define SPOOLSS_NOTIFY_MSG_UNIX_JOBID 0x0001 /* Job id is unix */ + +struct spoolss_notify_msg { + fstring printer; /* Name of printer notified */ + uint32 type; /* Printer or job notify */ + uint32 field; /* Notify field changed */ + uint32 id; /* Job id */ + uint32 len; /* Length of data, 0 for two uint32 value */ + uint32 flags; + union { + uint32 value[2]; + char *data; + } notify; +}; + #endif /* NT_PRINTING_H_ */ diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h index 57eb4f43311..ffb9c96b725 100644 --- a/source3/include/ntdomain.h +++ b/source3/include/ntdomain.h @@ -374,6 +374,5 @@ struct acct_info #include "rpc_wkssvc.h" #include "rpc_spoolss.h" #include "rpc_dfs.h" -#include "sids.h" #endif /* _NT_DOMAIN_H */ diff --git a/source3/include/nterr.h b/source3/include/nterr.h index a869e197380..dcc26d98848 100644 --- a/source3/include/nterr.h +++ b/source3/include/nterr.h @@ -29,7 +29,7 @@ #define STATUS_BUFFER_OVERFLOW NT_STATUS(0x80000005) #define NT_STATUS_NO_MORE_ENTRIES NT_STATUS(0x8000001a) -#define STATUS_MORE_ENTRIES NT_STATUS(0x0105) +#define STATUS_MORE_ENTRIES NT_STATUS(0x0105) #define STATUS_SOME_UNMAPPED NT_STATUS(0x0107) #define ERROR_INVALID_PARAMETER NT_STATUS(0x0057) #define ERROR_INSUFFICIENT_BUFFER NT_STATUS(0x007a) diff --git a/source3/include/passdb.h b/source3/include/passdb.h index f17b043fb27..a79c8a0289f 100644 --- a/source3/include/passdb.h +++ b/source3/include/passdb.h @@ -27,9 +27,24 @@ Functions to be implemented by the new (v2) passdb API ****************************************************************/ +/* + * This next constant specifies the version number of the PASSDB interface + * this SAMBA will load. Increment this if *ANY* changes are made to the interface. + */ + +#define PASSDB_INTERFACE_VERSION 2 + +/* use this inside a passdb module */ +#define PDB_MODULE_VERSIONING_MAGIC \ +int pdb_version(void)\ +{\ + return PASSDB_INTERFACE_VERSION;\ +} + typedef struct pdb_context { - struct pdb_methods *pdb_selected; + struct pdb_methods *pdb_methods; + struct pdb_methods *pwent_methods; /* These functions are wrappers for the functions listed above. They may do extra things like re-reading a SAM_ACCOUNT on update */ @@ -42,7 +57,7 @@ typedef struct pdb_context BOOL (*pdb_getsampwnam)(struct pdb_context *, SAM_ACCOUNT *sam_acct, const char *username); - BOOL (*pdb_getsampwrid)(struct pdb_context *, SAM_ACCOUNT *sam_acct, uint32 rid); + BOOL (*pdb_getsampwsid)(struct pdb_context *, SAM_ACCOUNT *sam_acct, DOM_SID *sid); BOOL (*pdb_add_sam_account)(struct pdb_context *, SAM_ACCOUNT *sampass); @@ -59,22 +74,27 @@ typedef struct pdb_context typedef struct pdb_methods { const char *name; /* What name got this module */ + struct pdb_context *parent; + + /* Use macros from dlinklist.h on these two */ + struct pdb_methods *next; + struct pdb_methods *prev; - BOOL (*setsampwent)(struct pdb_context *, BOOL update); + BOOL (*setsampwent)(struct pdb_methods *, BOOL update); - void (*endsampwent)(struct pdb_context *); + void (*endsampwent)(struct pdb_methods *); - BOOL (*getsampwent)(struct pdb_context *, SAM_ACCOUNT *user); + BOOL (*getsampwent)(struct pdb_methods *, SAM_ACCOUNT *user); - BOOL (*getsampwnam)(struct pdb_context *, SAM_ACCOUNT *sam_acct, const char *username); + BOOL (*getsampwnam)(struct pdb_methods *, SAM_ACCOUNT *sam_acct, const char *username); - BOOL (*getsampwrid)(struct pdb_context *, SAM_ACCOUNT *sam_acct, uint32 rid); + BOOL (*getsampwsid)(struct pdb_methods *, SAM_ACCOUNT *sam_acct, DOM_SID *Sid); - BOOL (*add_sam_account)(struct pdb_context *, const SAM_ACCOUNT *sampass); + BOOL (*add_sam_account)(struct pdb_methods *, SAM_ACCOUNT *sampass); - BOOL (*update_sam_account)(struct pdb_context *, const SAM_ACCOUNT *sampass); + BOOL (*update_sam_account)(struct pdb_methods *, SAM_ACCOUNT *sampass); - BOOL (*delete_sam_account)(struct pdb_context *, const SAM_ACCOUNT *username); + BOOL (*delete_sam_account)(struct pdb_methods *, SAM_ACCOUNT *username); void *private_data; /* Private data of some kind */ @@ -88,10 +108,8 @@ typedef NTSTATUS (*pdb_init_function)(struct pdb_context *, struct pdb_init_function_entry { char *name; - /* Function to create a member of the authmethods list */ - NTSTATUS (*init)(struct pdb_context *pdb_context, - struct pdb_methods **pdb_method, - const char *location); + /* Function to create a member of the pdb_methods list */ + pdb_init_function init; }; #endif /* _PASSDB_H */ diff --git a/source3/include/printing.h b/source3/include/printing.h index b99f2aeffb9..ecf603b8fcc 100644 --- a/source3/include/printing.h +++ b/source3/include/printing.h @@ -71,6 +71,6 @@ extern struct printif cups_printif; #define MAX_CACHE_VALID_TIME 3600 #define PRINT_SPOOL_PREFIX "smbprn." -#define PRINT_DATABASE_VERSION 4 +#define PRINT_DATABASE_VERSION 5 #endif /* PRINTING_H_ */ diff --git a/source3/include/rpc_dce.h b/source3/include/rpc_dce.h index 01d974d41dd..61316de89ca 100644 --- a/source3/include/rpc_dce.h +++ b/source3/include/rpc_dce.h @@ -59,19 +59,26 @@ enum NTLM_MESSAGE_TYPE #define NTLMSSP_NEGOTIATE_UNICODE 0x00000001 #define NTLMSSP_NEGOTIATE_OEM 0x00000002 #define NTLMSSP_REQUEST_TARGET 0x00000004 -#define NTLMSSP_NEGOTIATE_SIGN 0x00000010 -#define NTLMSSP_NEGOTIATE_SEAL 0x00000020 +#define NTLMSSP_NEGOTIATE_SIGN 0x00000010 /* Message integrity */ +#define NTLMSSP_NEGOTIATE_SEAL 0x00000020 /* Message confidentiality */ +#define NTLMSSP_NEGOTIATE_DATAGRAM_STYLE 0x00000040 #define NTLMSSP_NEGOTIATE_LM_KEY 0x00000080 +#define NTLMSSP_NEGOTIATE_NETWARE 0x00000100 #define NTLMSSP_NEGOTIATE_NTLM 0x00000200 -#define NTLMSSP_NEGOTIATE_00001000 0x00001000 -#define NTLMSSP_NEGOTIATE_00002000 0x00002000 +#define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED 0x00001000 +#define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED 0x00002000 +#define NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 0x00004000 #define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x00008000 +#define NTLMSSP_CHAL_INIT_RESPONSE 0x00010000 +#define NTLMSSP_CHAL_ACCEPT_RESPONSE 0x00020000 +#define NTLMSSP_CHAL_NON_NT_SESSION_KEY 0x00040000 #define NTLMSSP_NEGOTIATE_NTLM2 0x00080000 -#define NTLMSSP_NEGOTIATE_TARGET_INFO 0x00800000 -#define NTLMSSP_NEGOTIATE_128 0x20000000 +#define NTLMSSP_CHAL_TARGET_INFO 0x00800000 +#define NTLMSSP_NEGOTIATE_128 0x20000000 /* 128-bit encryption */ #define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000 +#define NTLMSSP_NEGOTIATE_080000000 0x80000000 -#define SMBD_NTLMSSP_NEG_FLAGS 0x000082b1 +#define SMBD_NTLMSSP_NEG_FLAGS 0x000082b1 /* ALWAYS_SIGN|NEG_NTLM|NEG_LM|NEG_SEAL|NEG_SIGN|NEG_UNICODE */ /* NTLMSSP signature version */ #define NTLMSSP_SIGN_VERSION 0x01 diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h index ccdce6f2636..8e42ac7d2cb 100644 --- a/source3/include/rpc_lsa.h +++ b/source3/include/rpc_lsa.h @@ -25,19 +25,6 @@ #include "rpc_misc.h" -enum SID_NAME_USE -{ - SID_NAME_USE_NONE = 0,/* NOTUSED */ - SID_NAME_USER = 1, /* user */ - SID_NAME_DOM_GRP = 2, /* domain group */ - SID_NAME_DOMAIN = 3, /* domain: don't know what this is */ - SID_NAME_ALIAS = 4, /* local group */ - SID_NAME_WKN_GRP = 5, /* well-known group */ - SID_NAME_DELETED = 6, /* deleted account: needed for c2 rating */ - SID_NAME_INVALID = 7, /* invalid account */ - SID_NAME_UNKNOWN = 8 /* oops. */ -}; - /* Opcodes available on PIPE_LSARPC */ #define LSA_CLOSE 0x00 @@ -278,8 +265,8 @@ typedef struct lsa_r_query_info typedef struct lsa_enum_trust_dom_info { POLICY_HND pol; /* policy handle */ - uint32 enum_context; /* enumeration context handle */ - uint32 preferred_len; /* preferred maximum length */ + uint32 enum_context; /* enumeration context handle */ + uint32 preferred_len; /* preferred maximum length */ } LSA_Q_ENUM_TRUST_DOM; diff --git a/source3/include/rpc_reg.h b/source3/include/rpc_reg.h index a5aa6061207..3f3db0f2ba0 100644 --- a/source3/include/rpc_reg.h +++ b/source3/include/rpc_reg.h @@ -24,34 +24,39 @@ #define _RPC_REG_H -/* winreg pipe defines */ +/* winreg pipe defines + NOT IMPLEMENTED !! #define REG_OPEN_HKCR 0x00 #define _REG_UNK_01 0x01 -#define REG_OPEN_HKLM 0x02 #define _REG_UNK_03 0x03 -#define REG_OPEN_HKU 0x04 -#define REG_CLOSE 0x05 #define REG_CREATE_KEY 0x06 #define REG_DELETE_KEY 0x07 #define REG_DELETE_VALUE 0x08 -#define REG_ENUM_KEY 0x09 #define REG_ENUM_VALUE 0x0a #define REG_FLUSH_KEY 0x0b #define REG_GET_KEY_SEC 0x0c #define _REG_UNK_0D 0x0d #define _REG_UNK_0E 0x0e -#define REG_OPEN_ENTRY 0x0f -#define REG_QUERY_KEY 0x10 -#define REG_INFO 0x11 #define _REG_UNK_12 0x12 #define _REG_UNK_13 0x13 #define _REG_UNK_14 0x14 #define REG_SET_KEY_SEC 0x15 #define REG_CREATE_VALUE 0x16 #define _REG_UNK_17 0x17 +*/ + +/* Implemented */ +#define REG_OPEN_HKLM 0x02 +#define REG_OPEN_HKU 0x04 +#define REG_CLOSE 0x05 +#define REG_ENUM_KEY 0x09 +#define REG_OPEN_ENTRY 0x0f +#define REG_QUERY_KEY 0x10 +#define REG_INFO 0x11 #define REG_SHUTDOWN 0x18 #define REG_ABORT_SHUTDOWN 0x19 -#define REG_UNK_1A 0x1a +#define REG_UNKNOWN_1A 0x1a + #define HKEY_CLASSES_ROOT 0x80000000 #define HKEY_CURRENT_USER 0x80000001 @@ -121,17 +126,17 @@ REG_R_OPEN_HKLM; typedef struct q_reg_open_hku_info { uint32 ptr; - uint16 unknown_0; /* 0xE084 - 16 bit unknown */ - uint16 unknown_1; /* random. changes */ - uint32 level; /* 0x0000 0002 - 32 bit unknown */ + uint16 unknown_0; + uint16 unknown_1; + uint32 access_mask; } REG_Q_OPEN_HKU; /* REG_R_OPEN_HKU */ typedef struct r_reg_open_hku_info { - POLICY_HND pol; /* policy handle */ - NTSTATUS status; /* return status */ + POLICY_HND pol; /* policy handle */ + NTSTATUS status; /* return status */ } REG_R_OPEN_HKU; @@ -355,7 +360,7 @@ typedef struct r_reg_query_key_info uint32 num_subkeys; uint32 max_subkeylen; - uint32 max_subkeysize; /* 0x0000 0000 */ + uint32 reserved; /* 0x0000 0000 - according to MSDN (max_subkeysize?) */ uint32 num_values; uint32 max_valnamelen; uint32 max_valbufsize; @@ -367,20 +372,20 @@ typedef struct r_reg_query_key_info } REG_R_QUERY_KEY; -/* REG_Q_UNK_1A */ +/* REG_Q_UNKNOWN_1A */ typedef struct q_reg_unk_1a_info { POLICY_HND pol; /* policy handle */ -} REG_Q_UNK_1A; +} REG_Q_UNKNOWN_1A; -/* REG_R_UNK_1A */ +/* REG_R_UNKNOWN_1A */ typedef struct r_reg_unk_1a_info { uint32 unknown; /* 0x0500 0000 */ NTSTATUS status; /* return status */ -} REG_R_UNK_1A; +} REG_R_UNKNOWN_1A; /* REG_Q_CLOSE */ @@ -498,7 +503,7 @@ typedef struct q_reg_open_entry_info UNISTR2 uni_name; /* unicode registry string name */ uint32 unknown_0; /* 32 bit unknown - 0x0000 0000 */ - uint32 unknown_1; /* 32 bit unknown - 0x0200 0000 */ + uint32 access_desired; } REG_Q_OPEN_ENTRY; diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h index 191a3695fbf..78d5c244a6f 100644 --- a/source3/include/rpc_samr.h +++ b/source3/include/rpc_samr.h @@ -79,7 +79,7 @@ SamrTestPrivateFunctionsUser #define SAMR_CONNECT_ANON 0x00 #define SAMR_CLOSE_HND 0x01 -#define SAMR_UNKNOWN_2 0x02 /* set sec object? */ +#define SAMR_SET_SEC_OBJECT 0x02 #define SAMR_QUERY_SEC_OBJECT 0x03 #define SAMR_UNKNOWN_4 0x04 /* profile info? */ @@ -145,6 +145,175 @@ SamrTestPrivateFunctionsUser #define SAMR_CONNECT 0x39 #define SAMR_SET_USERINFO 0x3A +/* Access bits to the SAM-object */ + +#define SAMR_ACCESS_UNKNOWN_1 0x00000001 +#define SAMR_ACCESS_SHUTDOWN_SERVER 0x00000002 +#define SAMR_ACCESS_UNKNOWN_4 0x00000004 +#define SAMR_ACCESS_UNKNOWN_8 0x00000008 +#define SAMR_ACCESS_ENUM_DOMAINS 0x00000010 +#define SAMR_ACCESS_OPEN_DOMAIN 0x00000020 + +#define SAMR_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS | \ + SAMR_ACCESS_OPEN_DOMAIN | \ + SAMR_ACCESS_ENUM_DOMAINS | \ + SAMR_ACCESS_UNKNOWN_8 | \ + SAMR_ACCESS_UNKNOWN_4 | \ + SAMR_ACCESS_SHUTDOWN_SERVER | \ + SAMR_ACCESS_UNKNOWN_1 ) + +#define SAMR_READ ( STANDARD_RIGHTS_READ_ACCESS | \ + SAMR_ACCESS_ENUM_DOMAINS ) + +#define SAMR_WRITE ( STANDARD_RIGHTS_WRITE_ACCESS | \ + SAMR_ACCESS_UNKNOWN_8 | \ + SAMR_ACCESS_UNKNOWN_4 | \ + SAMR_ACCESS_SHUTDOWN_SERVER ) + +#define SAMR_EXECUTE ( STANDARD_RIGHTS_EXECUTE_ACCESS | \ + SAMR_ACCESS_OPEN_DOMAIN | \ + SAMR_ACCESS_UNKNOWN_1 ) + +/* Access bits to Domain-objects */ + +#define DOMAIN_ACCESS_LOOKUP_INFO_1 0x000000001 +#define DOMAIN_ACCESS_SET_INFO_1 0x000000002 +#define DOMAIN_ACCESS_LOOKUP_INFO_2 0x000000004 +#define DOMAIN_ACCESS_SET_INFO_2 0x000000008 +#define DOMAIN_ACCESS_CREATE_USER 0x000000010 +#define DOMAIN_ACCESS_CREATE_GROUP 0x000000020 +#define DOMAIN_ACCESS_CREATE_ALIAS 0x000000040 +#define DOMAIN_ACCESS_UNKNOWN_80 0x000000080 +#define DOMAIN_ACCESS_ENUM_ACCOUNTS 0x000000100 +#define DOMAIN_ACCESS_OPEN_ACCOUNT 0x000000200 +#define DOMAIN_ACCESS_SET_INFO_3 0x000000400 + +#define DOMAIN_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS | \ + DOMAIN_ACCESS_SET_INFO_3 | \ + DOMAIN_ACCESS_OPEN_ACCOUNT | \ + DOMAIN_ACCESS_ENUM_ACCOUNTS | \ + DOMAIN_ACCESS_UNKNOWN_80 | \ + DOMAIN_ACCESS_CREATE_ALIAS | \ + DOMAIN_ACCESS_CREATE_GROUP | \ + DOMAIN_ACCESS_CREATE_USER | \ + DOMAIN_ACCESS_SET_INFO_2 | \ + DOMAIN_ACCESS_LOOKUP_INFO_2 | \ + DOMAIN_ACCESS_SET_INFO_1 | \ + DOMAIN_ACCESS_LOOKUP_INFO_1 ) + +#define DOMAIN_READ ( STANDARD_RIGHTS_READ_ACCESS | \ + DOMAIN_ACCESS_UNKNOWN_80 | \ + DOMAIN_ACCESS_LOOKUP_INFO_2 ) + +#define DOMAIN_WRITE ( STANDARD_RIGHTS_WRITE_ACCESS | \ + DOMAIN_ACCESS_SET_INFO_3 | \ + DOMAIN_ACCESS_CREATE_ALIAS | \ + DOMAIN_ACCESS_CREATE_GROUP | \ + DOMAIN_ACCESS_CREATE_USER | \ + DOMAIN_ACCESS_SET_INFO_2 | \ + DOMAIN_ACCESS_SET_INFO_1 ) + +#define DOMAIN_EXECUTE ( STANDARD_RIGHTS_EXECUTE_ACCESS | \ + DOMAIN_ACCESS_OPEN_ACCOUNT | \ + DOMAIN_ACCESS_ENUM_ACCOUNTS | \ + DOMAIN_ACCESS_LOOKUP_INFO_1 ) + +/* Access bits to User-objects */ + +#define USER_ACCESS_GET_NAME_ETC 0x000000001 +#define USER_ACCESS_GET_LOCALE 0x000000002 +#define USER_ACCESS_SET_LOC_COM 0x000000004 +#define USER_ACCESS_GET_LOGONINFO 0x000000008 +#define USER_ACCESS_UNKNOWN_10 0x000000010 +#define USER_ACCESS_SET_ATTRIBUTES 0x000000020 +#define USER_ACCESS_CHANGE_PASSWORD 0x000000040 +#define USER_ACCESS_SET_PASSWORD 0x000000080 +#define USER_ACCESS_GET_GROUPS 0x000000100 +#define USER_ACCESS_UNKNOWN_200 0x000000200 +#define USER_ACCESS_UNKNOWN_400 0x000000400 + +#define USER_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS | \ + USER_ACCESS_UNKNOWN_400 | \ + USER_ACCESS_UNKNOWN_200 | \ + USER_ACCESS_GET_GROUPS | \ + USER_ACCESS_SET_PASSWORD | \ + USER_ACCESS_CHANGE_PASSWORD | \ + USER_ACCESS_SET_ATTRIBUTES | \ + USER_ACCESS_UNKNOWN_10 | \ + USER_ACCESS_GET_LOGONINFO | \ + USER_ACCESS_SET_LOC_COM | \ + USER_ACCESS_GET_LOCALE | \ + USER_ACCESS_GET_NAME_ETC ) + +#define USER_READ ( STANDARD_RIGHTS_READ_ACCESS | \ + USER_ACCESS_UNKNOWN_200 | \ + USER_ACCESS_GET_GROUPS | \ + USER_ACCESS_UNKNOWN_10 | \ + USER_ACCESS_GET_LOGONINFO | \ + USER_ACCESS_GET_LOCALE ) + +#define USER_WRITE ( STANDARD_RIGHTS_WRITE_ACCESS | \ + USER_ACCESS_CHANGE_PASSWORD | \ + USER_ACCESS_SET_LOC_COM ) + +#define USER_EXECUTE ( STANDARD_RIGHTS_EXECUTE_ACCESS | \ + USER_ACCESS_CHANGE_PASSWORD | \ + USER_ACCESS_GET_NAME_ETC ) + +/* Access bits to Group-objects */ + +#define GROUP_ACCESS_LOOKUP_INFO 0x00000001 +#define GROUP_ACCESS_SET_INFO 0x00000002 +#define GROUP_ACCESS_ADD_MEMBER 0x00000004 +#define GROUP_ACCESS_REMOVE_MEMBER 0x00000008 +#define GROUP_ACCESS_GET_MEMBERS 0x00000010 + +#define GROUP_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS | \ + GROUP_ACCESS_GET_MEMBERS | \ + GROUP_ACCESS_REMOVE_MEMBER | \ + GROUP_ACCESS_ADD_MEMBER | \ + GROUP_ACCESS_SET_INFO | \ + GROUP_ACCESS_LOOKUP_INFO ) + +#define GROUP_READ ( STANDARD_RIGHTS_READ_ACCESS | \ + GROUP_ACCESS_GET_MEMBERS ) + +#define GROUP_WRITE ( STANDARD_RIGHTS_WRITE_ACCESS | \ + GROUP_ACCESS_REMOVE_MEMBER | \ + GROUP_ACCESS_ADD_MEMBER | \ + GROUP_ACCESS_SET_INFO ) + +#define GROUP_EXECUTE ( STANDARD_RIGHTS_EXECUTE_ACCESS | \ + GROUP_ACCESS_LOOKUP_INFO ) + +/* Access bits to Alias-objects */ + +#define ALIAS_ACCESS_ADD_MEMBER 0x00000001 +#define ALIAS_ACCESS_REMOVE_MEMBER 0x00000002 +#define ALIAS_ACCESS_GET_MEMBERS 0x00000004 +#define ALIAS_ACCESS_LOOKUP_INFO 0x00000008 +#define ALIAS_ACCESS_SET_INFO 0x00000010 + +#define ALIAS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS | \ + ALIAS_ACCESS_GET_MEMBERS | \ + ALIAS_ACCESS_REMOVE_MEMBER | \ + ALIAS_ACCESS_ADD_MEMBER | \ + ALIAS_ACCESS_SET_INFO | \ + ALIAS_ACCESS_LOOKUP_INFO ) + +#define ALIAS_READ ( STANDARD_RIGHTS_READ_ACCESS | \ + ALIAS_ACCESS_GET_MEMBERS ) + +#define ALIAS_WRITE ( STANDARD_RIGHTS_WRITE_ACCESS | \ + ALIAS_ACCESS_REMOVE_MEMBER | \ + ALIAS_ACCESS_ADD_MEMBER | \ + ALIAS_ACCESS_SET_INFO ) + +#define ALIAS_EXECUTE ( STANDARD_RIGHTS_EXECUTE_ACCESS | \ + ALIAS_ACCESS_LOOKUP_INFO ) + + + typedef struct _DISP_USER_INFO { SAM_ACCOUNT *sam; @@ -451,6 +620,26 @@ typedef struct r_samr_usrdom_pwinfo_info } SAMR_R_GET_USRDOM_PWINFO; +/**************************************************************************** +SAMR_Q_SET_SEC_OBJ - info level 4. +*****************************************************************************/ + +/* SAMR_Q_SET_SEC_OBJ - */ +typedef struct q_samr_set_sec_obj_info +{ + POLICY_HND pol; /* policy handle */ + uint32 sec_info; /* xxxx_SECURITY_INFORMATION 0x0000 0004 */ + SEC_DESC_BUF *buf; + +} SAMR_Q_SET_SEC_OBJ; + +/* SAMR_R_SET_SEC_OBJ - */ +typedef struct r_samr_set_sec_obj_info +{ + NTSTATUS status; /* return status */ + +} SAMR_R_SET_SEC_OBJ; + /**************************************************************************** SAMR_Q_QUERY_SEC_OBJ - info level 4. returns SIDs. @@ -1693,9 +1882,16 @@ typedef struct q_samr_get_dom_pwinfo /* SAMR_R_GET_DOM_PWINFO */ typedef struct r_samr_get_dom_pwinfo { - uint16 unk_0; - uint16 unk_1; - uint16 unk_2; + /* + * Previously this was 3 uint16's. However, after some tests + * it appears that the data len for the signing needs to be 16. + * Not sure how 3 unit16's ever worked since the length always + * turned out to 12. 3 uint32's + NT_STATUS == 16 bytes. Tested + * using NT and 2k. --jerry + */ + uint32 unk_0; + uint32 unk_1; + uint32 unk_2; NTSTATUS status; } SAMR_R_GET_DOM_PWINFO; diff --git a/source3/include/rpc_spoolss.h b/source3/include/rpc_spoolss.h index 0cbbad19f97..7ec9a509bf3 100755 --- a/source3/include/rpc_spoolss.h +++ b/source3/include/rpc_spoolss.h @@ -1,9 +1,11 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 1.9. SMB parameters and setup Copyright (C) Andrew Tridgell 1992-2000, Copyright (C) Luke Kenneth Casson Leighton 1996-2000, Copyright (C) Jean Francois Micouleau 1998-2000. + Copyright (C) Gerald Carter 2001-2002. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -23,9 +25,6 @@ #ifndef _RPC_SPOOLSS_H /* _RPC_SPOOLSS_H */ #define _RPC_SPOOLSS_H -#define INTEGER 1 -#define STRING 2 - /* spoolss pipe: this are the calls which are not implemented ... #define SPOOLSS_GETPRINTERDRIVER 0x0b #define SPOOLSS_READPRINTER 0x16 @@ -51,9 +50,6 @@ #define SPOOLSS_REMOTEFINDFIRSTPRINTERCHANGENOTIFICATION0x3e #define SPOOLSS_SPOOLERINIT 0x3f #define SPOOLSS_RESETPRINTEREX 0x40 -#define SPOOLSS_DELETEPRINTERDATAEX 0x51 -#define SPOOLSS_DELETEPRINTERDRIVEREX 0x54 -#define SPOOLSS_ADDPRINTERDRIVEREX 0x59 */ /* those are implemented */ @@ -109,6 +105,10 @@ #define SPOOLSS_GETPRINTERDATAEX 0x4e #define SPOOLSS_ENUMPRINTERDATAEX 0x4f #define SPOOLSS_ENUMPRINTERKEY 0x50 +#define SPOOLSS_DELETEPRINTERDATAEX 0x51 +#define SPOOLSS_DELETEPRINTERKEY 0x52 +#define SPOOLSS_DELETEPRINTERDRIVEREX 0x54 +#define SPOOLSS_ADDPRINTERDRIVEREX 0x59 #define PRINTER_CONTROL_UNPAUSE 0x00000000 @@ -117,6 +117,7 @@ #define PRINTER_CONTROL_PURGE 0x00000003 #define PRINTER_CONTROL_SET_STATUS 0x00000004 +#define PRINTER_STATUS_OK 0x00000000 #define PRINTER_STATUS_PAUSED 0x00000001 #define PRINTER_STATUS_ERROR 0x00000002 #define PRINTER_STATUS_PENDING_DELETION 0x00000004 @@ -157,17 +158,18 @@ /* JOB status codes. */ -#define JOB_STATUS_PAUSED 0x001 -#define JOB_STATUS_ERROR 0x002 -#define JOB_STATUS_DELETING 0x004 -#define JOB_STATUS_SPOOLING 0x008 -#define JOB_STATUS_PRINTING 0x010 -#define JOB_STATUS_OFFLINE 0x020 -#define JOB_STATUS_PAPEROUT 0x040 -#define JOB_STATUS_PRINTED 0x080 -#define JOB_STATUS_DELETED 0x100 -#define JOB_STATUS_BLOCKED 0x200 -#define JOB_STATUS_USER_INTERVENTION 0x400 +#define JOB_STATUS_QUEUED 0x0000 +#define JOB_STATUS_PAUSED 0x0001 +#define JOB_STATUS_ERROR 0x0002 +#define JOB_STATUS_DELETING 0x0004 +#define JOB_STATUS_SPOOLING 0x0008 +#define JOB_STATUS_PRINTING 0x0010 +#define JOB_STATUS_OFFLINE 0x0020 +#define JOB_STATUS_PAPEROUT 0x0040 +#define JOB_STATUS_PRINTED 0x0080 +#define JOB_STATUS_DELETED 0x0100 +#define JOB_STATUS_BLOCKED 0x0200 +#define JOB_STATUS_USER_INTERVENTION 0x0400 /* ACE masks for the various print permissions */ @@ -194,9 +196,12 @@ #define JOB_WRITE STANDARD_RIGHTS_WRITE_ACCESS|JOB_ACCESS_ADMINISTER #define JOB_EXECUTE STANDARD_RIGHTS_EXECUTE_ACCESS|JOB_ACCESS_ADMINISTER -#define ONE_VALUE 1 -#define TWO_VALUE 2 -#define POINTER 3 +/* Notify field types */ + +#define NOTIFY_ONE_VALUE 1 /* Notify data is stored in value1 */ +#define NOTIFY_TWO_VALUE 2 /* Notify data is stored in value2 */ +#define NOTIFY_POINTER 3 /* Data is a pointer to a buffer */ +#define NOTIFY_STRING 4 /* Data is a pointer to a buffer w/length */ #define PRINTER_NOTIFY_TYPE 0x00 #define JOB_NOTIFY_TYPE 0x01 @@ -395,6 +400,23 @@ PRINTER_MESSAGE_INFO; #define PRINTER_ENUM_ICON7 0x00400000 #define PRINTER_ENUM_ICON8 0x00800000 +/* FLAGS for SPOOLSS_DELETEPRINTERDRIVEREX */ + +#define DPD_DELETE_UNUSED_FILES 0x00000001 +#define DPD_DELETE_SPECIFIC_VERSION 0x00000002 +#define DPD_DELETE_ALL_FILES 0x00000004 + +#define DRIVER_ANY_VERSION 0xffffffff +#define DRIVER_MAX_VERSION 4 + +/* FLAGS for SPOOLSS_ADDPRINTERDRIVEREX */ + +#define APD_STRICT_UPGRADE 0x00000001 +#define APD_STRICT_DOWNGRADE 0x00000002 +#define APD_COPY_ALL_FILES 0x00000004 +#define APD_COPY_NEW_FILES 0x00000008 + + /* this struct is undocumented */ /* thanks to the ddk ... */ typedef struct spool_user_1 @@ -678,6 +700,23 @@ typedef struct spool_r_deleteprinterdriver } SPOOL_R_DELETEPRINTERDRIVER; +typedef struct spool_q_deleteprinterdriverex +{ + uint32 server_ptr; + UNISTR2 server; + UNISTR2 arch; + UNISTR2 driver; + uint32 delete_flags; + uint32 version; +} +SPOOL_Q_DELETEPRINTERDRIVEREX; + +typedef struct spool_r_deleteprinterdriverex +{ + WERROR status; +} +SPOOL_R_DELETEPRINTERDRIVEREX; + typedef struct spool_doc_info_1 { @@ -1199,8 +1238,8 @@ typedef struct job_info_ctr_info { union { - JOB_INFO_1 *job_info_1; - JOB_INFO_2 *job_info_2; + JOB_INFO_1 **job_info_1; + JOB_INFO_2 **job_info_2; void *info; } job; @@ -1646,6 +1685,22 @@ typedef struct spool_r_addprinterdriver } SPOOL_R_ADDPRINTERDRIVER; +typedef struct spool_q_addprinterdriverex +{ + uint32 server_name_ptr; + UNISTR2 server_name; + uint32 level; + SPOOL_PRINTER_DRIVER_INFO_LEVEL info; + uint32 copy_flags; +} +SPOOL_Q_ADDPRINTERDRIVEREX; + +typedef struct spool_r_addprinterdriverex +{ + WERROR status; +} +SPOOL_R_ADDPRINTERDRIVEREX; + typedef struct driver_directory_1 { @@ -2034,6 +2089,21 @@ typedef struct spool_r_setprinterdataex SPOOL_R_SETPRINTERDATAEX; +typedef struct spool_q_deleteprinterdataex +{ + POLICY_HND handle; + UNISTR2 keyname; + UNISTR2 valuename; +} +SPOOL_Q_DELETEPRINTERDATAEX; + +typedef struct spool_r_deleteprinterdataex +{ + WERROR status; +} +SPOOL_R_DELETEPRINTERDATAEX; + + typedef struct spool_q_enumprinterkey { POLICY_HND handle; @@ -2050,6 +2120,19 @@ typedef struct spool_r_enumprinterkey } SPOOL_R_ENUMPRINTERKEY; +typedef struct spool_q_deleteprinterkey +{ + POLICY_HND handle; + UNISTR2 keyname; +} +SPOOL_Q_DELETEPRINTERKEY; + +typedef struct spool_r_deleteprinterkey +{ + WERROR status; +} +SPOOL_R_DELETEPRINTERKEY; + typedef struct printer_enum_values { UNISTR valuename; diff --git a/source3/include/rpc_srvsvc.h b/source3/include/rpc_srvsvc.h index 5ebb41036e8..1753c19783b 100644 --- a/source3/include/rpc_srvsvc.h +++ b/source3/include/rpc_srvsvc.h @@ -23,24 +23,24 @@ #ifndef _RPC_SRVSVC_H /* _RPC_SRVSVC_H */ #define _RPC_SRVSVC_H - /* srvsvc pipe */ -#define SRV_NETCONNENUM 0x08 -#define SRV_NETFILEENUM 0x09 -#define SRV_NETSESSENUM 0x0c -#define SRV_NET_SHARE_ADD 0x0e -#define SRV_NETSHAREENUM_ALL 0x0f -#define SRV_NET_SHARE_GET_INFO 0x10 -#define SRV_NET_SHARE_SET_INFO 0x11 -#define SRV_NET_SHARE_DEL 0x12 -#define SRV_NET_SRV_GET_INFO 0x15 -#define SRV_NET_SRV_SET_INFO 0x16 -#define SRV_NET_DISK_ENUM 0x17 -#define SRV_NET_REMOTE_TOD 0x1c -#define SRV_NET_NAME_VALIDATE 0x21 -#define SRV_NETSHAREENUM 0x24 -#define SRV_NETFILEQUERYSECDESC 0x27 -#define SRV_NETFILESETSECDESC 0x28 +#define SRV_NET_CONN_ENUM 0x08 +#define SRV_NET_FILE_ENUM 0x09 +#define SRV_NET_FILE_CLOSE 0x0b +#define SRV_NET_SESS_ENUM 0x0c +#define SRV_NET_SHARE_ADD 0x0e +#define SRV_NET_SHARE_ENUM_ALL 0x0f +#define SRV_NET_SHARE_GET_INFO 0x10 +#define SRV_NET_SHARE_SET_INFO 0x11 +#define SRV_NET_SHARE_DEL 0x12 +#define SRV_NET_SRV_GET_INFO 0x15 +#define SRV_NET_SRV_SET_INFO 0x16 +#define SRV_NET_DISK_ENUM 0x17 +#define SRV_NET_REMOTE_TOD 0x1c +#define SRV_NET_NAME_VALIDATE 0x21 +#define SRV_NET_SHARE_ENUM 0x24 +#define SRV_NET_FILE_QUERY_SECDESC 0x27 +#define SRV_NET_FILE_SET_SECDESC 0x28 #define MAX_SERVER_DISK_ENTRIES 15 @@ -165,6 +165,9 @@ typedef struct q_net_sess_enum_info uint32 ptr_qual_name; /* pointer (to qualifier name) */ UNISTR2 uni_qual_name; /* qualifier name "\\qualifier" */ + uint32 ptr_user_name; /* pointer (to user name */ + UNISTR2 uni_user_name; /* user name */ + uint32 sess_level; /* session level */ SRV_SESS_INFO_CTR *ctr; @@ -538,6 +541,9 @@ typedef struct q_net_share_add SRV_SHARE_INFO info; + uint32 ptr_err_index; /* pointer to error index */ + uint32 err_index; /* index in info to field in error */ + } SRV_Q_NET_SHARE_ADD; /* SRV_R_NET_SHARE_ADD */ @@ -555,6 +561,7 @@ typedef struct q_net_share_del uint32 ptr_srv_name; UNISTR2 uni_srv_name; UNISTR2 uni_share_name; + uint32 reserved; } SRV_Q_NET_SHARE_DEL; @@ -584,20 +591,11 @@ typedef struct str_file_info3_info } FILE_INFO_3_STR; -/* oops - this is going to take up a *massive* amount of stack. */ -/* the UNISTR2s already have 1024 uint16 chars in them... */ -#define MAX_FILE_ENTRIES 32 - /* SRV_FILE_INFO_3 */ typedef struct srv_file_info_3 { - uint32 num_entries_read; /* EntriesRead */ - uint32 ptr_file_info; /* Buffer */ - - uint32 num_entries_read2; /* EntriesRead */ - - FILE_INFO_3 info_3 [MAX_FILE_ENTRIES]; /* file entry details */ - FILE_INFO_3_STR info_3_str[MAX_FILE_ENTRIES]; /* file entry strings */ + FILE_INFO_3 info_3; /* file entry details */ + FILE_INFO_3_STR info_3_str; /* file entry strings */ } SRV_FILE_INFO_3; @@ -605,12 +603,15 @@ typedef struct srv_file_info_3 typedef struct srv_file_info_3_info { uint32 switch_value; /* switch value */ - uint32 ptr_file_ctr; /* pointer to file info union */ - union - { - SRV_FILE_INFO_3 info3; /* file info with 0 entries */ + uint32 ptr_file_info; /* pointer to file info union */ - } file; + uint32 num_entries; + uint32 ptr_entries; + uint32 num_entries2; + union + { + SRV_FILE_INFO_3 *info3; + } file; } SRV_FILE_INFO_CTR; @@ -624,9 +625,12 @@ typedef struct q_net_file_enum_info uint32 ptr_qual_name; /* pointer (to qualifier name) */ UNISTR2 uni_qual_name; /* qualifier name "\\qualifier" */ + uint32 ptr_user_name; /* pointer (to user name) */ + UNISTR2 uni_user_name; /* user name */ + uint32 file_level; /* file level */ - SRV_FILE_INFO_CTR *ctr; + SRV_FILE_INFO_CTR ctr; uint32 preferred_len; /* preferred maximum length (0xffff ffff) */ ENUM_HND enum_hnd; @@ -639,7 +643,7 @@ typedef struct r_net_file_enum_info { uint32 file_level; /* file level */ - SRV_FILE_INFO_CTR *ctr; + SRV_FILE_INFO_CTR ctr; uint32 total_entries; /* total number of files */ ENUM_HND enum_hnd; @@ -648,6 +652,21 @@ typedef struct r_net_file_enum_info } SRV_R_NET_FILE_ENUM; +/* SRV_Q_NET_FILE_CLOSE */ +typedef struct q_net_file_close +{ + uint32 ptr_srv_name; /* pointer to server name */ + UNISTR2 uni_srv_name; /* server name */ + + uint32 file_id; +} SRV_Q_NET_FILE_CLOSE; + +/* SRV_R_NET_FILE_CLOSE */ +typedef struct r_net_file_close +{ + WERROR status; /* return status */ +} SRV_R_NET_FILE_CLOSE; + /* SRV_INFO_100 */ typedef struct srv_info_100_info { @@ -831,4 +850,5 @@ typedef struct r_net_file_set_secdesc { WERROR status; } SRV_R_NET_FILE_SET_SECDESC; + #endif /* _RPC_SRVSVC_H */ diff --git a/source3/include/secrets.h b/source3/include/secrets.h index 69ab4f6c8dc..8a5a573bcc0 100644 --- a/source3/include/secrets.h +++ b/source3/include/secrets.h @@ -35,6 +35,8 @@ #define SECRETS_DOMAIN_SID "SECRETS/SID" #define SECRETS_SAM_SID "SAM/SID" +#define SECRETS_LDAP_BIND_PW "SECRETS/LDAP_BIND_PW" + /* Authenticated user info is stored in secrets.tdb under these keys */ #define SECRETS_AUTH_USER "SECRETS/AUTH_USER" @@ -48,12 +50,26 @@ struct machine_acct_pass { time_t mod_time; }; -/* structure for storing trusted domain password */ +/* + * storage structure for trusted domain + */ struct trusted_dom_pass { - int pass_len; - fstring pass; + size_t uni_name_len; + smb_ucs2_t uni_name[32]; /* unicode domain name */ + size_t pass_len; + fstring pass; /* trust relationship's password */ time_t mod_time; - DOM_SID domain_sid; /* remote domain's sid */ + DOM_SID domain_sid; /* remote domain's sid */ }; +/* + * trusted domain entry/entries returned by secrets_get_trusted_domains + * (used in _lsa_enum_trust_dom call) + */ +typedef struct trustdom { + smb_ucs2_t *name; + DOM_SID sid; +} TRUSTDOM; + + #endif /* _SECRETS_H */ diff --git a/source3/include/smb.h b/source3/include/smb.h index 8963528e9ae..a67101ff099 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -248,6 +248,20 @@ typedef uint32 WERROR; #define MAXSUBAUTHS 15 /* max sub authorities in a SID */ #endif +/* SID Types */ +enum SID_NAME_USE +{ + SID_NAME_USE_NONE = 0,/* NOTUSED */ + SID_NAME_USER = 1, /* user */ + SID_NAME_DOM_GRP = 2, /* domain group */ + SID_NAME_DOMAIN = 3, /* domain: don't know what this is */ + SID_NAME_ALIAS = 4, /* local group */ + SID_NAME_WKN_GRP = 5, /* well-known group */ + SID_NAME_DELETED = 6, /* deleted account: needed for c2 rating */ + SID_NAME_INVALID = 7, /* invalid account */ + SID_NAME_UNKNOWN = 8 /* oops. */ +}; + /** * @brief Security Identifier * @@ -581,7 +595,7 @@ typedef struct { #define FLAG_SAM_KICKOFFTIME 0x00000100 #define FLAG_SAM_CANCHANGETIME 0x00000200 #define FLAG_SAM_MUSTCHANGETIME 0x00000400 - +#define FLAG_SAM_PLAINTEXT_PW 0x00000800 #define IS_SAM_UNIX_USER(x) \ ((pdb_get_init_flag(x) & FLAG_SAM_UID) \ @@ -595,6 +609,8 @@ typedef struct sam_passwd void (*free_fn)(struct sam_passwd **); + struct pdb_methods *methods; + struct user_data { /* initiailization flags */ uint32 init_flag; @@ -610,6 +626,7 @@ typedef struct sam_passwd char * domain; /* Windows Domain name */ char * nt_username; /* Windows username string */ char * full_name; /* user's full name string */ + char * unix_home_dir; /* UNIX home directory string */ char * home_dir; /* home directory string */ char * dir_drive; /* home directory drive string */ char * logon_script; /* logon script string */ @@ -621,11 +638,12 @@ typedef struct sam_passwd uid_t uid; /* this is a unix uid_t */ gid_t gid; /* this is a unix gid_t */ - uint32 user_rid; /* Primary User ID */ - uint32 group_rid; /* Primary Group ID */ + DOM_SID user_sid; /* Primary User SID */ + DOM_SID group_sid; /* Primary Group SID */ DATA_BLOB lm_pw; /* .data is Null if no password */ DATA_BLOB nt_pw; /* .data is Null if no password */ + DATA_BLOB plaintext_pw; /* .data is Null if not available */ uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */ uint32 unknown_3; /* 0x00ff ffff */ @@ -637,6 +655,7 @@ typedef struct sam_passwd uint32 unknown_5; /* 0x0002 0000 */ uint32 unknown_6; /* 0x0000 04ec */ } private; + /* Lets see if the remaining code can get the hint that you are meant to use the pdb_...() functions. */ @@ -669,6 +688,7 @@ typedef struct sam_passwd #define LOCAL_SET_PASSWORD 0x40 #define LOCAL_SET_LDAP_ADMIN_PW 0x80 #define LOCAL_INTERDOM_ACCOUNT 0x100 +#define LOCAL_AM_ROOT 0x200 /* Act as root */ /* key and data in the connections database - used in smbstatus and smbd */ struct connections_key { @@ -781,7 +801,8 @@ struct bitmap { #define smb_err 11 #define smb_flg 13 #define smb_flg2 14 -#define smb_reb 13 +#define smb_pidhigh 16 +#define smb_ss_field 18 #define smb_tid 28 #define smb_pid 30 #define smb_uid 32 @@ -1056,11 +1077,11 @@ struct bitmap { #define SYNCHRONIZE_ACCESS (1L<<20) /* 0x00100000 */ /* Combinations of standard masks. */ -#define STANDARD_RIGHTS_ALL_ACCESS (DELETE_ACCESS|READ_CONTROL_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS|SYNCHRONIZE_ACCESS) -#define STANDARD_RIGHTS_EXECUTE_ACCESS (READ_CONTROL_ACCESS) -#define STANDARD_RIGHTS_READ_ACCESS (READ_CONTROL_ACCESS) -#define STANDARD_RIGHTS_REQUIRED_ACCESS (DELETE_ACCESS|READ_CONTROL_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS) -#define STANDARD_RIGHTS_WRITE_ACCESS (READ_CONTROL_ACCESS) +#define STANDARD_RIGHTS_ALL_ACCESS (DELETE_ACCESS|READ_CONTROL_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS|SYNCHRONIZE_ACCESS) /* 0x001f0000 */ +#define STANDARD_RIGHTS_EXECUTE_ACCESS (READ_CONTROL_ACCESS) /* 0x00020000 */ +#define STANDARD_RIGHTS_READ_ACCESS (READ_CONTROL_ACCESS) /* 0x00200000 */ +#define STANDARD_RIGHTS_REQUIRED_ACCESS (DELETE_ACCESS|READ_CONTROL_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS) /* 0x000f0000 */ +#define STANDARD_RIGHTS_WRITE_ACCESS (READ_CONTROL_ACCESS) /* 0x00020000 */ #define SYSTEM_SECURITY_ACCESS (1L<<24) /* 0x01000000 */ #define MAXIMUM_ALLOWED_ACCESS (1L<<25) /* 0x02000000 */ @@ -1275,18 +1296,25 @@ char *strdup(char *s); #define BROWSER_ELECTION_VERSION 0x010f #define BROWSER_CONSTANT 0xaa55 +/* Sercurity mode bits. */ +#define NEGOTIATE_SECURITY_USER_LEVEL 0x01 +#define NEGOTIATE_SECURITY_CHALLENGE_RESPONSE 0x02 +#define NEGOTIATE_SECURITY_SIGNATURES_ENABLED 0x04 +#define NEGOTIATE_SECURITY_SIGNATURES_REQUIRED 0x08 + /* NT Flags2 bits - cifs6.txt section 3.1.2 */ -#define FLAGS2_LONG_PATH_COMPONENTS 0x0001 -#define FLAGS2_EXTENDED_ATTRIBUTES 0x0002 -#define FLAGS2_IS_LONG_NAME 0x0040 -#define FLAGS2_EXTENDED_SECURITY 0x0800 -#define FLAGS2_DFS_PATHNAMES 0x1000 -#define FLAGS2_READ_PERMIT_NO_EXECUTE 0x2000 -#define FLAGS2_32_BIT_ERROR_CODES 0x4000 -#define FLAGS2_UNICODE_STRINGS 0x8000 - -#define FLAGS2_WIN2K_SIGNATURE 0xC852 /* Hack alert ! For now... JRA. */ +#define FLAGS2_LONG_PATH_COMPONENTS 0x0001 +#define FLAGS2_EXTENDED_ATTRIBUTES 0x0002 +#define FLAGS2_SMB_SECURITY_SIGNATURES 0x0004 +#define FLAGS2_IS_LONG_NAME 0x0040 +#define FLAGS2_EXTENDED_SECURITY 0x0800 +#define FLAGS2_DFS_PATHNAMES 0x1000 +#define FLAGS2_READ_PERMIT_NO_EXECUTE 0x2000 +#define FLAGS2_32_BIT_ERROR_CODES 0x4000 +#define FLAGS2_UNICODE_STRINGS 0x8000 + +#define FLAGS2_WIN2K_SIGNATURE 0xC852 /* Hack alert ! For now... JRA. */ /* Capabilities. see ftp.microsoft.com/developr/drg/cifs/cifs/cifs4.txt */ @@ -1304,7 +1332,7 @@ char *strdup(char *s); #define CAP_W2K_SMBS 0x2000 #define CAP_LARGE_READX 0x4000 #define CAP_LARGE_WRITEX 0x8000 -#define CAP_UNIX 0x800000 /* Capabilities for UNIX extensions. Created by HP. */ +#define CAP_UNIX 0x800000 /* Capabilities for UNIX extensions. Created by HP. */ #define CAP_EXTENDED_SECURITY 0x80000000 /* protocol types. It assumes that higher protocols include lower protocols @@ -1344,11 +1372,6 @@ enum remote_arch_types {RA_UNKNOWN, RA_WFWG, RA_OS2, RA_WIN95, RA_WINNT, RA_WIN2 /* case handling */ enum case_handling {CASE_LOWER,CASE_UPPER}; -#ifdef WITH_SSL -/* SSL version options */ -enum ssl_version_enum {SMB_SSL_V2,SMB_SSL_V3,SMB_SSL_V23,SMB_SSL_TLS1}; -#endif /* WITH_SSL */ - /* * Global value meaing that the smb_uid field should be * ingored (in share level security and protocol level == CORE) @@ -1357,30 +1380,6 @@ enum ssl_version_enum {SMB_SSL_V2,SMB_SSL_V3,SMB_SSL_V23,SMB_SSL_TLS1}; #define UID_FIELD_INVALID 0 #define VUID_OFFSET 100 /* Amount to bias returned vuid numbers */ -/* Defines needed for multi-codepage support. */ -#define MSDOS_LATIN_1_CODEPAGE 850 -#define KANJI_CODEPAGE 932 -#define HANGUL_CODEPAGE 949 -#define BIG5_CODEPAGE 950 -#define SIMPLIFIED_CHINESE_CODEPAGE 936 - -#ifdef KANJI -/* - * Default client code page - Japanese - */ -#define DEFAULT_CLIENT_CODE_PAGE KANJI_CODEPAGE -#else /* KANJI */ -/* - * Default client code page - 850 - Western European - */ -#define DEFAULT_CLIENT_CODE_PAGE MSDOS_LATIN_1_CODEPAGE -#endif /* KANJI */ - -/* Global val set if multibyte codepage. */ -extern int global_is_multibyte_codepage; - -#define get_character_len(x) (global_is_multibyte_codepage ? skip_multibyte_char((x)) : 0) - /* * Size of buffer to use when moving files across filesystems. */ @@ -1581,6 +1580,8 @@ typedef struct user_struct userdom_struct user; char *homedir; + char *unix_homedir; + char *logon_script; BOOL guest; @@ -1594,6 +1595,9 @@ typedef struct user_struct uint8 session_key[16]; int session_id; /* used by utmp and pam session code */ + + int homes_snum; + } user_struct; diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h index c19be784a18..a2351c705ea 100644 --- a/source3/include/smb_macros.h +++ b/source3/include/smb_macros.h @@ -169,9 +169,12 @@ #define SMB_ROUNDUP_ALLOCATION(s) ((s) ? (SMB_ROUNDUP((SMB_OFF_T)((s)+1), ((SMB_OFF_T)SMB_ROUNDUP_ALLOCATION_SIZE))) : 0 ) /* Extra macros added by Ying Chen at IBM - speed increase by inlining. */ -#define smb_buf(buf) (buf + smb_size + CVAL(buf,smb_wct)*2) +#define smb_buf(buf) (((char *)(buf)) + smb_size + CVAL(buf,smb_wct)*2) #define smb_buflen(buf) (SVAL(buf,smb_vwv0 + (int)CVAL(buf, smb_wct)*2)) +/* the remaining number of bytes in smb buffer 'buf' from pointer 'p'. */ +#define smb_bufrem(buf, p) (smb_buflen(buf)-PTR_DIFF(p, smb_buf(buf))) + /* Note that chain_size must be available as an extern int to this macro. */ #define smb_offset(p,buf) (PTR_DIFF(p,buf+4) + chain_size) diff --git a/source3/include/trans2.h b/source3/include/trans2.h index 3a6fe6e9ee1..fb265fdb1a8 100644 --- a/source3/include/trans2.h +++ b/source3/include/trans2.h @@ -230,6 +230,10 @@ Byte offset Type name description #define SMB_SET_FILE_ALLOCATION_INFO 0x103 #define SMB_SET_FILE_END_OF_FILE_INFO 0x104 +/* Query FS info. */ +#define SMB_INFO_ALLOCATION 1 +#define SMB_INFO_VOLUME 2 + /* * Thursby MAC extensions.... */ @@ -336,6 +340,12 @@ Byte offset Type name description #define SMB_UID_NO_CHANGE 0xFFFFFFFF #define SMB_GID_NO_CHANGE 0xFFFFFFFF +#define SMB_SIZE_NO_CHANGE_LO 0xFFFFFFFF +#define SMB_SIZE_NO_CHANGE_HI 0xFFFFFFFF + +#define SMB_TIME_NO_CHANGE_LO 0xFFFFFFFF +#define SMB_TIME_NO_CHANGE_HI 0xFFFFFFFF + /* Offset Size Name 0 LARGE_INTEGER EndOfFile File size @@ -416,7 +426,7 @@ Offset Size Name 64-bits worth of capability fun :-). */ -#define SMB_CIFS_UNIX_QUERY_INFO 0x200 +#define SMB_QUERY_CIFS_UNIX_INFO 0x200 /* Returns the following. diff --git a/source3/lib/access.c b/source3/lib/access.c index f12ee927990..4e524735e49 100644 --- a/source3/lib/access.c +++ b/source3/lib/access.c @@ -30,7 +30,7 @@ static int masked_match(char *tok, char *slash, char *s) if (strlen(slash + 1) > 2) { mask = interpret_addr(slash + 1); } else { - mask = (uint32)((ALLONES >> atoi(slash + 1)) ^ ALLONES); + mask = (uint32)((ALLONES << atoi(slash + 1)) ^ ALLONES); } if (net == INADDR_NONE || mask == INADDR_NONE) { @@ -188,7 +188,7 @@ static int list_match(char **list,char *item, int (*match_fn)(char *, char *)) /* return true if access should be allowed */ -BOOL allow_access(char **deny_list,char **allow_list, +static BOOL allow_access_internal(char **deny_list,char **allow_list, char *cname,char *caddr) { char *client[2]; @@ -240,6 +240,22 @@ BOOL allow_access(char **deny_list,char **allow_list, return (True); } +/* return true if access should be allowed */ +BOOL allow_access(char **deny_list,char **allow_list, + const char *cname, const char *caddr) +{ + BOOL ret; + + char *nc_cname = smb_xstrdup(cname); + char *nc_caddr = smb_xstrdup(caddr); + + ret = allow_access_internal(deny_list, allow_list, nc_cname, nc_caddr); + + SAFE_FREE(nc_cname); + SAFE_FREE(nc_caddr); + return ret; +} + /* return true if the char* contains ip addrs only. Used to avoid gethostbyaddr() calls */ static BOOL only_ipaddrs_in_list(char** list) diff --git a/source3/lib/charcnv.c b/source3/lib/charcnv.c index cdfca8eb97d..d42dc994b00 100644 --- a/source3/lib/charcnv.c +++ b/source3/lib/charcnv.c @@ -143,7 +143,7 @@ size_t convert_string(charset_t from, charset_t to, switch(errno) { case EINVAL: reason="Incomplete multibyte sequence"; break; case E2BIG: reason="No more room"; - DEBUG(0, ("Required %d, available %d\n", + DEBUG(0, ("convert_string: Required %d, available %d\n", srclen, destlen)); /* we are not sure we need srclen bytes, may be more, may be less. @@ -354,7 +354,15 @@ int pull_ascii(char *dest, const void *src, int dest_len, int src_len, int flags dest_len = sizeof(pstring); } - if (flags & STR_TERMINATE) src_len = strlen(src)+1; + if (flags & STR_TERMINATE) { + if (src_len == -1) { + src_len = strlen(src) + 1; + } else { + int len = strnlen(src, src_len); + if (len < src_len) len++; + src_len = len; + } + } ret = convert_string(CH_DOS, CH_UNIX, src, src_len, dest, dest_len); @@ -525,7 +533,7 @@ copy a string from a ucs2 source to a unix char* destination flags can have: STR_TERMINATE means the string in src is null terminated STR_NOALIGN means don't try to align -if STR_TERMINATE is set then src_len is ignored +if STR_TERMINATE is set then src_len is ignored if it is -1 src_len is the length of the source area in bytes return the number of bytes occupied by the string in src the resulting string in "dest" is always null terminated @@ -543,7 +551,15 @@ int pull_ucs2(const void *base_ptr, char *dest, const void *src, int dest_len, i if (src_len > 0) src_len--; } - if (flags & STR_TERMINATE) src_len = strlen_w(src)*2+2; + if (flags & STR_TERMINATE) { + if (src_len == -1) { + src_len = strlen_w(src)*2 + 2; + } else { + int len = strnlen_w(src, src_len/2); + if (len < src_len/2) len++; + src_len = len*2; + } + } /* ucs2 is always a multiple of 2 bytes */ src_len &= ~1; @@ -609,7 +625,15 @@ int pull_utf8(char *dest, const void *src, int dest_len, int src_len, int flags) dest_len = sizeof(pstring); } - if (flags & STR_TERMINATE) src_len = strlen(src)+1; + if (flags & STR_TERMINATE) { + if (src_len == -1) { + src_len = strlen(src) + 1; + } else { + int len = strnlen(src, src_len); + if (len < src_len) len++; + src_len = len; + } + } ret = convert_string(CH_UTF8, CH_UNIX, src, src_len, dest, dest_len); if (dest_len) dest[MIN(ret, dest_len-1)] = 0; @@ -687,7 +711,7 @@ flags can have: STR_UNICODE means to force as unicode STR_ASCII use ascii even with unicode packet STR_NOALIGN means don't do alignment -if STR_TERMINATE is set then src_len is ignored +if STR_TERMINATE is set then src_len is ignored is it is -1 src_len is the length of the source area in bytes return the number of bytes occupied by the string in src the resulting string in "dest" is always null terminated diff --git a/source3/lib/debug.c b/source3/lib/debug.c index 7960c32b583..f41c3b64976 100644 --- a/source3/lib/debug.c +++ b/source3/lib/debug.c @@ -2,6 +2,8 @@ Unix SMB/CIFS implementation. Samba utility functions Copyright (C) Andrew Tridgell 1992-1998 + Copyright (C) Elrond 2002 + Copyright (C) Simo Sorce 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -81,11 +83,23 @@ XFILE *dbf = NULL; pstring debugf = ""; BOOL append_log = False; +BOOL debug_warn_unknown_class = True; +BOOL debug_auto_add_unknown_class = True; +BOOL AllowDebugChange = True; -int DEBUGLEVEL_CLASS[DBGC_LAST]; -BOOL DEBUGLEVEL_CLASS_ISSET[DBGC_LAST]; -int DEBUGLEVEL = DEBUGLEVEL_CLASS; -BOOL AllowDebugChange = True; +/* + * This is to allow assignment to DEBUGLEVEL before the debug + * system has been initialised. + */ +static int debug_all_class_hack = 1; +static BOOL debug_all_class_isset_hack = True; + +static int debug_num_classes = 0; +int *DEBUGLEVEL_CLASS = &debug_all_class_hack; +BOOL *DEBUGLEVEL_CLASS_ISSET = &debug_all_class_isset_hack; + +/* DEBUGLEVEL is #defined to *debug_level */ +int DEBUGLEVEL = &debug_all_class_hack; /* -------------------------------------------------------------------------- ** @@ -129,46 +143,230 @@ static BOOL log_overflow = False; * white space. There must be one name for each DBGC_, and they * must be in the table in the order of DBGC_.. */ -char *classname_table[] = { +static const char *default_classname_table[] = { "all", /* DBGC_ALL; index refs traditional DEBUGLEVEL */ "tdb", /* DBGC_TDB */ "printdrivers", /* DBGC_PRINTDRIVERS */ "lanman", /* DBGC_LANMAN */ "smb", /* DBGC_SMB */ - "rpc", /* DBGC_RPC */ - "rpc_hdr", /* DBGC_RPC_HDR */ - "bdc", /* DBGC_BDC */ + "rpc_parse", /* DBGC_RPC_PARSE */ + "rpc_srv", /* DBGC_RPC_SRV */ + "rpc_cli", /* DBGC_RPC_CLI */ + "passdb", /* DBGC_PASSDB */ + "auth", /* DBGC_AUTH */ + "winbind", /* DBGC_WINBIND */ + NULL }; +static char **classname_table = NULL; + /* -------------------------------------------------------------------------- ** * Functions... */ + +/**************************************************************************** +utility lists registered debug class names's +****************************************************************************/ + +#define MAX_CLASS_NAME_SIZE 1024 + +static char *debug_list_class_names_and_levels(void) +{ + int i, dim; + char **list; + char *buf = NULL; + char *b; + BOOL err = False; + + if (DEBUGLEVEL_CLASS == &debug_all_class_hack) + return NULL; + + list = calloc(debug_num_classes + 1, sizeof(char *)); + if (!list) + return NULL; + + /* prepare strings */ + for (i = 0, dim = 0; i < debug_num_classes; i++) { + int l = asprintf(&list[i], + "%s:%d ", + classname_table[i], + DEBUGLEVEL_CLASS_ISSET[i]?DEBUGLEVEL_CLASS[i]:DEBUGLEVEL); + if (l < 0 || l > MAX_CLASS_NAME_SIZE) { + err = True; + goto done; + } + dim += l; + } + + /* create single string list */ + b = buf = malloc(dim); + if (!buf) { + err = True; + goto done; + } + for (i = 0; i < debug_num_classes; i++) { + int l = strlen(list[i]); + strncpy(b, list[i], l); + b = b + l; + } + b[-1] = '\0'; + +done: + /* free strings list */ + for (i = 0; i < debug_num_classes; i++) + if (list[i]) free(list[i]); + free(list); + + if (err) { + if (buf) + free(buf); + return NULL; + } else { + return buf; + } +} + /**************************************************************************** utility access to debug class names's ****************************************************************************/ -char* debug_classname_from_index(int ndx) +const char *debug_classname_from_index(int ndx) { - return classname_table[ndx]; + if (ndx < 0 || ndx >= debug_num_classes) + return NULL; + else + return classname_table[ndx]; } /**************************************************************************** -utility to translate names to debug class index's +utility to translate names to debug class index's (internal version) ****************************************************************************/ -int debug_lookup_classname(char* classname) +static int debug_lookup_classname_int(const char* classname) { int i; if (!classname) return -1; - for (i=0; i= 0) + return ndx; + ndx = debug_num_classes; + + new_ptr = DEBUGLEVEL_CLASS; + if (DEBUGLEVEL_CLASS == &debug_all_class_hack) + { + /* Initial loading... */ + new_ptr = NULL; + } + new_ptr = Realloc(new_ptr, + sizeof(int) * (debug_num_classes + 1)); + if (!new_ptr) + return -1; + DEBUGLEVEL_CLASS = new_ptr; + DEBUGLEVEL_CLASS[ndx] = 0; + + /* debug_level is the pointer used for the DEBUGLEVEL-thingy */ + if (ndx==0) + { + /* Transfer the initial level from debug_all_class_hack */ + DEBUGLEVEL_CLASS[ndx] = DEBUGLEVEL; + } + debug_level = DEBUGLEVEL_CLASS; + + new_ptr = DEBUGLEVEL_CLASS_ISSET; + if (new_ptr == &debug_all_class_isset_hack) + { + new_ptr = NULL; + } + new_ptr = Realloc(new_ptr, + sizeof(BOOL) * (debug_num_classes + 1)); + if (!new_ptr) + return -1; + DEBUGLEVEL_CLASS_ISSET = new_ptr; + DEBUGLEVEL_CLASS_ISSET[ndx] = False; + + new_ptr = Realloc(classname_table, + sizeof(char *) * (debug_num_classes + 1)); + if (!new_ptr) + return -1; + classname_table = new_ptr; + + classname_table[ndx] = strdup(classname); + if (! classname_table[ndx]) + return -1; + + debug_num_classes++; + + return ndx; +} + +/**************************************************************************** +utility to translate names to debug class index's (public version) +****************************************************************************/ +int debug_lookup_classname(const char *classname) +{ + int ndx; + + if (!classname || !*classname) return -1; + + ndx = debug_lookup_classname_int(classname); + + if (ndx != -1) + return ndx; + + if (debug_warn_unknown_class) + { + DEBUG(0, ("debug_lookup_classname(%s): Unknown class\n", + classname)); + } + if (debug_auto_add_unknown_class) + { + return debug_add_class(classname); + } + return -1; +} + + +/**************************************************************************** +dump the current registered denug levels +****************************************************************************/ +static void debug_dump_status(int level) +{ + int q; + + DEBUG(level, ("INFO: Current debug levels:\n")); + for (q = 0; q < debug_num_classes; q++) + { + DEBUGADD(level, (" %s: %s/%d\n", + classname_table[q], + (DEBUGLEVEL_CLASS_ISSET[q] + ? "True" : "False"), + DEBUGLEVEL_CLASS[q])); + } +} + /**************************************************************************** parse the debug levels from smbcontrol. Example debug level parameter: printdrivers:7 @@ -179,9 +377,9 @@ BOOL debug_parse_params(char **params, int *debuglevel_class, int i, ndx; char *class_name; char *class_level; - - /* Set the new debug level array to the current DEBUGLEVEL array */ - memcpy(debuglevel_class, DEBUGLEVEL_CLASS, sizeof(DEBUGLEVEL_CLASS)); + + if (!params) + return False; /* Allow DBGC_ALL to be specified w/o requiring its class name e.g."10" * v.s. "all:10", this is the traditional way to set DEBUGLEVEL @@ -195,7 +393,7 @@ BOOL debug_parse_params(char **params, int *debuglevel_class, i = 0; /* DBGC_ALL not specified OR class name was included */ /* Fill in new debug class levels */ - for (; i < DBGC_LAST && params[i]; i++) { + for (; i < debug_num_classes && params[i]; i++) { if ((class_name=strtok(params[i],":")) && (class_level=strtok(NULL, "\0")) && ((ndx = debug_lookup_classname(class_name)) != -1)) { @@ -215,83 +413,102 @@ parse the debug levels from smb.conf. Example debug level string: 3 tdb:5 printdrivers:7 Note: the 1st param has no "name:" preceeding it. ****************************************************************************/ -BOOL debug_parse_levels(char *params_str) +BOOL debug_parse_levels(const char *params_str) { - int i; - char *params[DBGC_LAST]; - int debuglevel_class[DBGC_LAST]; - BOOL debuglevel_class_isset[DBGC_LAST]; + char **params; + + /* Just in case */ + debug_init(); if (AllowDebugChange == False) return True; - ZERO_ARRAY(params); - ZERO_ARRAY(debuglevel_class); - ZERO_ARRAY(debuglevel_class_isset); - - if ((params[0]=strtok(params_str," ,"))) { - for (i=1; idebuglevel_class, sizeof(dm->debuglevel_class)); - memcpy(DEBUGLEVEL_CLASS_ISSET, dm->debuglevel_class_isset, sizeof(dm->debuglevel_class_isset)); + /* Check, it's a proper string! */ + if (params_str[len-1] != '\0') + { + DEBUG(1, ("Invalid debug message from pid %u to pid %u\n", + (unsigned int)src, (unsigned int)getpid())); + return; + } - DEBUG(3,("INFO: Debug class %s level = %d (pid %u from pid %u)\n", - classname_table[DBGC_ALL], - DEBUGLEVEL_CLASS[DBGC_ALL], (unsigned int)sys_getpid(), (unsigned int)src)); + DEBUG(3, ("INFO: Remote set of debug to `%s' (pid %u from pid %u)\n", + params_str, (unsigned int)getpid(), (unsigned int)src)); - for (i=1; i 1 ? True : False); - - return multi; -} - /**************************************************************************** return the Nth interface **************************************************************************/ @@ -331,40 +318,21 @@ struct in_addr *iface_n_bcast(int n) } -/**************************************************************************** -this function provides a simple hash of the configured interfaces. It is -used to detect a change in interfaces to tell us whether to discard -the current wins.dat file. -Note that the result is independent of the order of the interfaces - **************************************************************************/ -unsigned iface_hash(void) -{ - unsigned ret = 0; - struct interface *i; - - for (i=local_interfaces;i;i=i->next) { - unsigned x1 = (unsigned)str_checksum(inet_ntoa(i->ip)); - unsigned x2 = (unsigned)str_checksum(inet_ntoa(i->nmask)); - ret ^= (x1 ^ x2); - } - - return ret; -} - - /* these 3 functions return the ip/bcast/nmask for the interface most appropriate for the given ip address. If they can't find an appropriate interface they return the requested field of the first known interface. */ -struct in_addr *iface_bcast(struct in_addr ip) +struct in_addr *iface_ip(struct in_addr ip) { struct interface *i = iface_find(ip, True); - return(i ? &i->bcast : &local_interfaces->bcast); + return(i ? &i->ip : &local_interfaces->ip); } -struct in_addr *iface_ip(struct in_addr ip) +/* + return True if a IP is directly reachable on one of our interfaces +*/ +BOOL iface_local(struct in_addr ip) { - struct interface *i = iface_find(ip, True); - return(i ? &i->ip : &local_interfaces->ip); + return iface_find(ip, True) ? True : False; } diff --git a/source3/lib/interfaces.c b/source3/lib/interfaces.c index 7b8ef0d0c1b..96f4b4cd94f 100644 --- a/source3/lib/interfaces.c +++ b/source3/lib/interfaces.c @@ -41,10 +41,6 @@ #include #include -#ifndef SIOCGIFCONF -#include -#endif - #ifdef AUTOCONF_TEST struct iface_struct { char name[16]; @@ -56,6 +52,16 @@ struct iface_struct { #include "interfaces.h" #endif +#ifdef HAVE_SYS_TIME_H +#include +#endif + +#ifndef SIOCGIFCONF +#ifdef HAVE_SYS_SOCKIO_H +#include +#endif +#endif + #ifdef HAVE_STDLIB_H #include #endif diff --git a/source3/lib/md5.c b/source3/lib/md5.c index 627725bb252..2121b170479 100644 --- a/source3/lib/md5.c +++ b/source3/lib/md5.c @@ -22,6 +22,8 @@ #include "md5.h" +static void MD5Transform(uint32 buf[4], uint32 const in[16]); + /* * Note: this code is harmless on little-endian machines. */ @@ -161,7 +163,7 @@ void MD5Final(unsigned char digest[16], struct MD5Context *ctx) * reflect the addition of 16 longwords of new data. MD5Update blocks * the data and converts bytes into longwords for this routine. */ -void MD5Transform(uint32 buf[4], uint32 const in[16]) +static void MD5Transform(uint32 buf[4], uint32 const in[16]) { register uint32 a, b, c, d; diff --git a/source3/lib/messages.c b/source3/lib/messages.c index 8602c2f32dc..e6d2de4a58b 100644 --- a/source3/lib/messages.c +++ b/source3/lib/messages.c @@ -79,23 +79,13 @@ static void sig_usr1(void) A useful function for testing the message system. ****************************************************************************/ -void ping_message(int msg_type, pid_t src, void *buf, size_t len) +static void ping_message(int msg_type, pid_t src, void *buf, size_t len) { char *msg = buf ? buf : "none"; DEBUG(1,("INFO: Received PING message from PID %u [%s]\n",(unsigned int)src, msg)); message_send_pid(src, MSG_PONG, buf, len, True); } -/**************************************************************************** - Return current debug level. -****************************************************************************/ - -void debuglevel_message(int msg_type, pid_t src, void *buf, size_t len) -{ - DEBUG(1,("INFO: Received REQ_DEBUGLEVEL message from PID %u\n",(unsigned int)src)); - message_send_pid(src, MSG_DEBUGLEVEL, DEBUGLEVEL_CLASS, sizeof(DEBUGLEVEL_CLASS), True); -} - /**************************************************************************** Initialise the messaging functions. ****************************************************************************/ @@ -116,7 +106,6 @@ BOOL message_init(void) CatchSignal(SIGUSR1, SIGNAL_CAST sig_usr1); message_register(MSG_PING, ping_message); - message_register(MSG_REQ_DEBUGLEVEL, debuglevel_message); return True; } @@ -340,8 +329,8 @@ void message_dispatch(void) } } if (!n_handled) { - DEBUG(5,("message_dispatch: warning: no handlers registed for " - "msg_type %d in pid%d\n", + DEBUG(5,("message_dispatch: warning: no handlers registered for " + "msg_type %d in pid %d\n", msg_type, sys_getpid())); } SAFE_FREE(buf); @@ -464,7 +453,7 @@ BOOL message_send_all(TDB_CONTEXT *conn_tdb, int msg_type, return True; } -static VOLATILE sig_atomic_t gotalarm; +static SIG_ATOMIC_T gotalarm; /*************************************************************** Signal function to tell us we timed out. @@ -486,6 +475,7 @@ BOOL message_named_mutex(char *name, unsigned int timeout) { TDB_DATA key; int ret; + void (*oldsig_handler)(int) = NULL; if (!message_init()) return False; @@ -495,7 +485,7 @@ BOOL message_named_mutex(char *name, unsigned int timeout) if (timeout) { gotalarm = 0; - CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig); + oldsig_handler = CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig); alarm(timeout); } @@ -503,7 +493,7 @@ BOOL message_named_mutex(char *name, unsigned int timeout) if (timeout) { alarm(0); - CatchSignal(SIGALRM, SIGNAL_CAST SIG_IGN); + CatchSignal(SIGALRM, SIGNAL_CAST oldsig_handler); if (gotalarm) return False; } diff --git a/source3/lib/pam_errors.c b/source3/lib/pam_errors.c index f74e4bf1765..e1d02151a62 100644 --- a/source3/lib/pam_errors.c +++ b/source3/lib/pam_errors.c @@ -67,6 +67,7 @@ const static struct { {NT_STATUS_WRONG_PASSWORD, PAM_AUTH_ERR}, {NT_STATUS_LOGON_FAILURE, PAM_AUTH_ERR}, {NT_STATUS_ACCOUNT_EXPIRED, PAM_ACCT_EXPIRED}, + {NT_STATUS_PASSWORD_EXPIRED, PAM_AUTHTOK_EXPIRED}, {NT_STATUS_PASSWORD_MUST_CHANGE, PAM_NEW_AUTHTOK_REQD}, {NT_STATUS_OK, PAM_SUCCESS} }; diff --git a/source3/lib/pidfile.c b/source3/lib/pidfile.c index 28fd959b54e..b98259fe5ef 100644 --- a/source3/lib/pidfile.c +++ b/source3/lib/pidfile.c @@ -35,7 +35,7 @@ pid_t pidfile_pid(char *name) unsigned ret; pstring pidFile; - slprintf(pidFile, sizeof(pidFile)-1, "%s/%s.pid", lp_lockdir(), name); + slprintf(pidFile, sizeof(pidFile)-1, "%s/%s.pid", lp_piddir(), name); fd = sys_open(pidFile, O_NONBLOCK | O_RDONLY, 0644); if (fd == -1) { @@ -68,10 +68,7 @@ pid_t pidfile_pid(char *name) return 0; } -/* Create a pid file in the lock directory. open it and leave it locked. - This must be done after a call to lp_load() as it uses the lp_lockdir() - function to generate the path to the pidfile. */ - +/* create a pid file in the pid directory. open it and leave it locked */ void pidfile_create(char *name) { int fd; @@ -79,7 +76,7 @@ void pidfile_create(char *name) pstring pidFile; pid_t pid; - slprintf(pidFile, sizeof(pidFile)-1, "%s/%s.pid", lp_lockdir(), name); + slprintf(pidFile, sizeof(pidFile)-1, "%s/%s.pid", lp_piddir(), name); pid = pidfile_pid(name); if (pid != 0) { diff --git a/source3/lib/replace.c b/source3/lib/replace.c index dd50ff035e0..2cc7d48adb3 100644 --- a/source3/lib/replace.c +++ b/source3/lib/replace.c @@ -414,3 +414,17 @@ char *rep_inet_ntoa(struct in_addr ip) return setvbuf(stream, (char *)NULL, _IOLBF, 0); } #endif /* HAVE_SETLINEBUF */ + +#ifndef HAVE_VSYSLOG +#ifdef HAVE_SYSLOG + void vsyslog (int facility_priority, char *format, va_list arglist) +{ + char *msg = NULL; + vasprintf(&msg, format, arglist); + if (!msg) + return; + syslog(facility_priority, "%s", msg); + SAFE_FREE(msg); +} +#endif /* HAVE_SYSLOG */ +#endif /* HAVE_VSYSLOG */ diff --git a/source3/lib/select.c b/source3/lib/select.c index 550941ba771..f88ad52de65 100644 --- a/source3/lib/select.c +++ b/source3/lib/select.c @@ -1,5 +1,6 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 3.0 Samba select/poll implementation Copyright (C) Andrew Tridgell 1992-1998 @@ -101,6 +102,12 @@ int sys_select(int maxfd, fd_set *readfds, fd_set *writefds, fd_set *errorfds, s } if (FD_ISSET(select_pipe[0], readfds2)) { + char c; + saved_errno = errno; + if (read(select_pipe[0], &c, 1) == 1) { + pipe_read++; + } + errno = saved_errno; FD_CLR(select_pipe[0], readfds2); ret--; if (ret == 0) { @@ -109,18 +116,6 @@ int sys_select(int maxfd, fd_set *readfds, fd_set *writefds, fd_set *errorfds, s } } - saved_errno = errno; - - while (pipe_written != pipe_read) { - char c; - /* Due to the linux kernel bug in 2.0.x, we - * always increment here even if the read failed... */ - read(select_pipe[0], &c, 1); - pipe_read++; - } - - errno = saved_errno; - return ret; } @@ -133,10 +128,12 @@ int sys_select_intr(int maxfd, fd_set *readfds, fd_set *writefds, fd_set *errorf { int ret; fd_set *readfds2, readfds_buf, *writefds2, writefds_buf, *errorfds2, errorfds_buf; + struct timeval tval2, *ptval; readfds2 = (readfds ? &readfds_buf : NULL); writefds2 = (writefds ? &writefds_buf : NULL); errorfds2 = (errorfds ? &errorfds_buf : NULL); + ptval = (tval ? &tval2 : NULL); do { if (readfds) @@ -145,7 +142,10 @@ int sys_select_intr(int maxfd, fd_set *readfds, fd_set *writefds, fd_set *errorf writefds_buf = *writefds; if (errorfds) errorfds_buf = *errorfds; - ret = sys_select(maxfd, readfds2, writefds2, errorfds2, tval); + if (tval) + tval2 = *tval; + + ret = sys_select(maxfd, readfds2, writefds2, errorfds2, ptval); } while (ret == -1 && errno == EINTR); if (readfds) diff --git a/source3/lib/signal.c b/source3/lib/signal.c index 99f908235c4..dceb3b53bce 100644 --- a/source3/lib/signal.c +++ b/source3/lib/signal.c @@ -96,10 +96,11 @@ void BlockSignals(BOOL block,int signum) 2) The signal should be blocked during handler execution. ********************************************************************/ -void CatchSignal(int signum,void (*handler)(int )) +void (*CatchSignal(int signum,void (*handler)(int )))(int) { #ifdef HAVE_SIGACTION struct sigaction act; + struct sigaction oldact; ZERO_STRUCT(act); @@ -113,10 +114,11 @@ void CatchSignal(int signum,void (*handler)(int )) #endif sigemptyset(&act.sa_mask); sigaddset(&act.sa_mask,signum); - sigaction(signum,&act,NULL); + sigaction(signum,&act,&oldact); + return oldact.sa_handler; #else /* !HAVE_SIGACTION */ /* FIXME: need to handle sigvec and systems with broken signal() */ - signal(signum, handler); + return signal(signum, handler); #endif } diff --git a/source3/lib/snprintf.c b/source3/lib/snprintf.c index 9a9dcdbae1e..cd1e63ce59f 100644 --- a/source3/lib/snprintf.c +++ b/source3/lib/snprintf.c @@ -57,6 +57,12 @@ #ifndef NO_CONFIG_H /* for some tests */ #include "config.h" +#else +#define NULL 0 +#endif + +#ifdef TEST_SNPRINTF /* need math library headers for testing */ +#include #endif #ifdef HAVE_STRING_H @@ -94,8 +100,21 @@ #define LLONG long #endif +/* free memory if the pointer is valid and zero the pointer */ +#ifndef SAFE_FREE +#define SAFE_FREE(x) do { if ((x) != NULL) {free((x)); (x)=NULL;} } while(0) +#endif + +#ifndef VA_COPY +#ifdef HAVE_VA_COPY +#define VA_COPY(dest, src) __va_copy(dest, src) +#else +#define VA_COPY(dest, src) (dest) = (src) +#endif +#endif + static size_t dopr(char *buffer, size_t maxlen, const char *format, - va_list args); + va_list args_in); static void fmtstr(char *buffer, size_t *currlen, size_t maxlen, char *value, int flags, int min, int max); static void fmtint(char *buffer, size_t *currlen, size_t maxlen, @@ -138,7 +157,7 @@ static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c); #define MAX(p,q) (((p) >= (q)) ? (p) : (q)) #endif -static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args) +static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args_in) { char ch; LLONG value; @@ -150,6 +169,9 @@ static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args int flags; int cflags; size_t currlen; + va_list args; + + VA_COPY(args, args_in); state = DP_S_DEFAULT; currlen = flags = cflags = min = 0; @@ -656,9 +678,8 @@ static void fmtfp (char *buffer, size_t *currlen, size_t maxlen, /* Convert integer part */ do { - temp = intpart; - my_modf(intpart*0.1, &intpart); - temp = temp*0.1; + temp = intpart*0.1; + my_modf(temp, &intpart); index = (int) ((temp -intpart +0.05)* 10.0); /* index = (int) (((double)(temp*0.1) -intpart +0.05) *10.0); */ /* printf ("%llf, %f, %x\n", temp, intpart, index); */ @@ -672,9 +693,8 @@ static void fmtfp (char *buffer, size_t *currlen, size_t maxlen, if (fracpart) { do { - temp = fracpart; - my_modf(fracpart*0.1, &fracpart); - temp = temp*0.1; + temp = fracpart*0.1; + my_modf(temp, &fracpart); index = (int) ((temp -fracpart +0.05)* 10.0); /* index = (int) ((((temp/10) -fracpart) +0.05) *10); */ /* printf ("%lf, %lf, %ld\n", temp, fracpart, index); */ @@ -726,14 +746,14 @@ static void fmtfp (char *buffer, size_t *currlen, size_t maxlen, if (max > 0) { dopr_outch (buffer, currlen, maxlen, '.'); + while (zpadlen > 0) { + dopr_outch (buffer, currlen, maxlen, '0'); + --zpadlen; + } + while (fplace > 0) dopr_outch (buffer, currlen, maxlen, fconvert[--fplace]); } - - while (zpadlen > 0) { - dopr_outch (buffer, currlen, maxlen, '0'); - --zpadlen; - } while (padlen < 0) { dopr_outch (buffer, currlen, maxlen, ' '); @@ -784,13 +804,19 @@ static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c) int vasprintf(char **ptr, const char *format, va_list ap) { int ret; + va_list ap2; + + VA_COPY(ap2, ap); - ret = vsnprintf(NULL, 0, format, ap); + ret = vsnprintf(NULL, 0, format, ap2); if (ret <= 0) return ret; (*ptr) = (char *)malloc(ret+1); if (!*ptr) return -1; - ret = vsnprintf(*ptr, ret+1, format, ap); + + VA_COPY(ap2, ap); + + ret = vsnprintf(*ptr, ret+1, format, ap2); return ret; } @@ -812,20 +838,6 @@ static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c) } #endif -#ifndef HAVE_VSYSLOG -#ifdef HAVE_SYSLOG - void vsyslog (int facility_priority, char *format, va_list arglist) -{ - char *msg = NULL; - vasprintf(&msg, format, arglist); - if (!msg) - return; - syslog(facility_priority, "%s", msg); - free(msg); -} -#endif /* HAVE_SYSLOG */ -#endif /* HAVE_VSYSLOG */ - #ifdef TEST_SNPRINTF int sprintf(char *str,const char *fmt,...); @@ -853,7 +865,7 @@ static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c) NULL }; double fp_nums[] = { 6442452944.1234, -1.5, 134.21, 91340.2, 341.1234, 0203.9, 0.96, 0.996, - 0.9996, 1.996, 4.136, 0}; + 0.9996, 1.996, 4.136, 5.030201, 0}; char *int_fmt[] = { "%-1.5d", "%1.5d", @@ -948,8 +960,10 @@ static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c) { double v0 = 0.12345678901234567890123456789012345678901; for (x=0; x<100; x++) { - snprintf(buf1, sizeof(buf1), "%1.1f", v0*pow(10, x)); - sprintf(buf2, "%1.1f", v0*pow(10, x)); + double p = pow(10, x); + double r = v0*p; + snprintf(buf1, sizeof(buf1), "%1.1f", r); + sprintf(buf2, "%1.1f", r); if (strcmp(buf1, buf2)) { printf("we seem to support %d digits\n", x-1); break; diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c index e878ee8cbfd..6d96a1820f1 100644 --- a/source3/lib/substitute.c +++ b/source3/lib/substitute.c @@ -83,6 +83,66 @@ static size_t expand_env_var(char *p, int len) return 0; /* Allow the environment contents to be parsed. */ } +/******************************************************************* + Given a pointer to a %$(NAME) in p and the whole string in str + expand it as an environment variable. + Return a new allocated and expanded string. + Based on code by Branko Cibej + When this is called p points at the '%' character. + May substitute multiple occurrencies of the same env var. +********************************************************************/ + + +static char * realloc_expand_env_var(char *str, char *p) +{ + char *envname; + char *envval; + char *q, *r; + int copylen; + + if (p[0] != '%' || p[1] != '$' || p[2] != '(') + return str; + + /* + * Look for the terminating ')'. + */ + + if ((q = strchr_m(p,')')) == NULL) { + DEBUG(0,("expand_env_var: Unterminated environment variable [%s]\n", p)); + return str; + } + + /* + * Extract the name from within the %$(NAME) string. + */ + + r = p + 3; + copylen = q - r; + envname = (char *)malloc(copylen + 1 + 4); /* reserve space for use later add %$() chars */ + if (envname == NULL) return NULL; + strncpy(envname,r,copylen); + envname[copylen] = '\0'; + + if ((envval = getenv(envname)) == NULL) { + DEBUG(0,("expand_env_var: Environment variable [%s] not set\n", envname)); + SAFE_FREE(envname); + return str; + } + + /* + * Copy the full %$(NAME) into envname so it + * can be replaced. + */ + + copylen = q + 1 - p; + strncpy(envname,p,copylen); + envname[copylen] = '\0'; + r = realloc_string_sub(str, envname, envval); + SAFE_FREE(envname); + if (r == NULL) return NULL; + return r; +} + /******************************************************************* Patch from jkf@soton.ac.uk Added this to implement %p (NIS auto-map version of %H) @@ -160,9 +220,11 @@ static char *automount_server(const char *user_name) /**************************************************************************** Do some standard substitutions in a string. + len is the length in bytes of the space allowed in string str. If zero means + don't allow expansions. ****************************************************************************/ -void standard_sub_basic(const char *smb_name, char *str) +void standard_sub_basic(const char *smb_name, char *str,size_t len) { char *p, *s; fstring pidstr; @@ -171,7 +233,10 @@ void standard_sub_basic(const char *smb_name, char *str) for (s=str; (p=strchr_m(s, '%'));s=p) { fstring tmp_str; - int l = sizeof(pstring) - (int)(p-str); + int l = (int)len - (int)(p-str); + + if (l < 0) + l = 0; switch (*(p+1)) { case 'U' : @@ -192,26 +257,43 @@ void standard_sub_basic(const char *smb_name, char *str) strupper(tmp_str); string_sub(p,"%D", tmp_str,l); break; - case 'I' : string_sub(p,"%I", client_addr(),l); break; + case 'I' : + string_sub(p,"%I", client_addr(),l); + break; case 'L' : - if (*local_machine) { + if (*local_machine) string_sub(p,"%L", local_machine,l); - } else { + else string_sub(p,"%L", global_myname,l); - } break; - case 'M' : string_sub(p,"%M", client_name(),l); break; - case 'R' : string_sub(p,"%R", remote_proto,l); break; - case 'T' : string_sub(p,"%T", timestring(False),l); break; - case 'a' : string_sub(p,"%a", remote_arch,l); break; + case 'M' : + string_sub(p,"%M", client_name(),l); + break; + case 'R' : + string_sub(p,"%R", remote_proto,l); + break; + case 'T' : + string_sub(p,"%T", timestring(False),l); + break; + case 'a' : + string_sub(p,"%a", remote_arch,l); + break; case 'd' : slprintf(pidstr,sizeof(pidstr)-1, "%d",(int)sys_getpid()); string_sub(p,"%d", pidstr,l); break; - case 'h' : string_sub(p,"%h", myhostname(),l); break; - case 'm' : string_sub(p,"%m", remote_machine,l); break; - case 'v' : string_sub(p,"%v", VERSION,l); break; - case '$' : p += expand_env_var(p,l); break; /* Expand environment variables */ + case 'h' : + string_sub(p,"%h", myhostname(),l); + break; + case 'm' : + string_sub(p,"%m", remote_machine,l); + break; + case 'v' : + string_sub(p,"%v", VERSION,l); + break; + case '$' : + p += expand_env_var(p,l); + break; /* Expand environment variables */ case '\0': p++; break; /* don't run off the end of the string */ @@ -222,34 +304,34 @@ void standard_sub_basic(const char *smb_name, char *str) } } -/**************************************************************************** - Do some standard substitutions in a string. -****************************************************************************/ - -void standard_sub_advanced(int snum, const char *user, const char *connectpath, gid_t gid, const char *smb_name, char *str) +static void standard_sub_advanced(int snum, const char *user, + const char *connectpath, gid_t gid, + const char *smb_name, char *str, size_t len) { char *p, *s, *home; for (s=str; (p=strchr_m(s, '%'));s=p) { - int l = sizeof(pstring) - (int)(p-str); - + int l = (int)len - (int)(p-str); + + if (l < 0) + l = 0; + switch (*(p+1)) { - case 'N' : string_sub(p,"%N", automount_server(user),l); break; + case 'N' : + string_sub(p,"%N", automount_server(user),l); + break; case 'H': - if ((home = get_user_home_dir(user))) { + if ((home = get_user_home_dir(user))) string_sub(p,"%H",home, l); - } else { + else p += 2; - } break; case 'P': string_sub(p,"%P", connectpath, l); break; - case 'S': string_sub(p,"%S", lp_servicename(snum), l); break; - case 'g': string_sub(p,"%g", gidtoname(gid), l); break; @@ -276,54 +358,293 @@ void standard_sub_advanced(int snum, const char *user, const char *connectpath, } } - standard_sub_basic(smb_name, str); + standard_sub_basic(smb_name, str, len); } /**************************************************************************** Do some standard substitutions in a string. + This function will return an allocated string that have to be freed. ****************************************************************************/ -void standard_sub_conn(connection_struct *conn, char *str) +char *talloc_sub_basic(TALLOC_CTX *mem_ctx, const char *smb_name, const char *str) { - standard_sub_advanced(SNUM(conn), conn->user, conn->connectpath, conn->gid, current_user_info.smb_name, str); + char *a, *t; + a = alloc_sub_basic(smb_name, str); + if (!a) return NULL; + t = talloc_strdup(mem_ctx, a); + SAFE_FREE(a); + return t; +} + +char *alloc_sub_basic(const char *smb_name, const char *str) +{ + char *b, *p, *s, *t, *r, *a_string; + fstring pidstr; + struct passwd *pass; + + a_string = strdup(str); + if (a_string == NULL) { + DEBUG(0, ("alloc_sub_specified: Out of memory!\n")); + return NULL; + } + + for (b = s = a_string; (p = strchr_m(s, '%')); s = a_string + (p - b)) { + + r = NULL; + b = t = a_string; + + switch (*(p+1)) { + case 'U' : + r = strdup_lower(smb_name); + if (r == NULL) goto error; + t = realloc_string_sub(t, "%U", r); + break; + case 'G' : + r = strdup(smb_name); + if (r == NULL) goto error; + if ((pass = Get_Pwnam(r))!=NULL) { + t = realloc_string_sub(t, "%G", gidtoname(pass->pw_gid)); + } + break; + case 'D' : + r = strdup_upper(current_user_info.domain); + if (r == NULL) goto error; + t = realloc_string_sub(t, "%D", r); + break; + case 'I' : + t = realloc_string_sub(t, "%I", client_addr()); + break; + case 'L' : + if (*local_machine) + t = realloc_string_sub(t, "%L", local_machine); + else + t = realloc_string_sub(t, "%L", global_myname); + break; + case 'M' : + t = realloc_string_sub(t, "%M", client_name()); + break; + case 'R' : + t = realloc_string_sub(t, "%R", remote_proto); + break; + case 'T' : + t = realloc_string_sub(t, "%T", timestring(False)); + break; + case 'a' : + t = realloc_string_sub(t, "%a", remote_arch); + break; + case 'd' : + slprintf(pidstr,sizeof(pidstr)-1, "%d",(int)sys_getpid()); + t = realloc_string_sub(t, "%d", pidstr); + break; + case 'h' : + t = realloc_string_sub(t, "%h", myhostname()); + break; + case 'm' : + t = realloc_string_sub(t, "%m", remote_machine); + break; + case 'v' : + t = realloc_string_sub(t, "%v", VERSION); + break; + case '$' : + t = realloc_expand_env_var(t, p); /* Expand environment variables */ + break; + + default: + break; + } + + p++; + SAFE_FREE(r); + if (t == NULL) goto error; + a_string = t; + } + + return a_string; +error: + SAFE_FREE(a_string); + return NULL; } /**************************************************************************** - Like standard_sub but for a homes share where snum still points to the [homes] - share. No user specific snum created yet so servicename should be the username. + Do some specific substitutions in a string. + This function will return an allocated string that have to be freed. ****************************************************************************/ -void standard_sub_home(int snum, const char *user, char *str) +char *talloc_sub_specified(TALLOC_CTX *mem_ctx, + const char *input_string, + const char *username, + const char *domain, + uid_t uid, + gid_t gid) { - char *p, *s; + char *a, *t; + a = alloc_sub_specified(input_string, username, domain, uid, gid); + if (!a) return NULL; + t = talloc_strdup(mem_ctx, a); + SAFE_FREE(a); + return t; +} - for (s=str; (p=strchr_m(s, '%'));s=p) { - int l = sizeof(pstring) - (int)(p-str); +char *alloc_sub_specified(const char *input_string, + const char *username, + const char *domain, + uid_t uid, + gid_t gid) +{ + char *a_string, *ret_string; + char *b, *p, *s, *t; + + a_string = strdup(input_string); + if (a_string == NULL) { + DEBUG(0, ("alloc_sub_specified: Out of memory!\n")); + return NULL; + } + + for (b = s = a_string; (p = strchr_m(s, '%')); s = a_string + (p - b)) { + + b = t = a_string; + + switch (*(p+1)) { + case 'U' : + t = realloc_string_sub(t, "%U", username); + break; + case 'u' : + t = realloc_string_sub(t, "%u", username); + break; + case 'G' : + if (gid != -1) { + t = realloc_string_sub(t, "%G", gidtoname(gid)); + } else { + t = realloc_string_sub(t, "%G", "NO_GROUP"); + } + break; + case 'g' : + if (gid != -1) { + t = realloc_string_sub(t, "%g", gidtoname(gid)); + } else { + t = realloc_string_sub(t, "%g", "NO_GROUP"); + } + break; + case 'D' : + t = realloc_string_sub(t, "%D", domain); + break; + case 'N' : + t = realloc_string_sub(t, "%N", automount_server(username)); + break; + default: + break; + } + + p++; + if (t == NULL) { + SAFE_FREE(a_string); + return NULL; + } + a_string = t; + } + + ret_string = alloc_sub_basic(username, a_string); + SAFE_FREE(a_string); + return ret_string; +} + +char *talloc_sub_advanced(TALLOC_CTX *mem_ctx, + int snum, + const char *user, + const char *connectpath, + gid_t gid, + const char *smb_name, + char *str) +{ + char *a, *t; + a = alloc_sub_advanced(snum, user, connectpath, gid, smb_name, str); + if (!a) return NULL; + t = talloc_strdup(mem_ctx, a); + SAFE_FREE(a); + return t; +} + +char *alloc_sub_advanced(int snum, const char *user, + const char *connectpath, gid_t gid, + const char *smb_name, char *str) +{ + char *a_string, *ret_string; + char *b, *p, *s, *t, *h; + + a_string = strdup(str); + if (a_string == NULL) { + DEBUG(0, ("alloc_sub_specified: Out of memory!\n")); + return NULL; + } + + for (b = s = a_string; (p = strchr_m(s, '%')); s = a_string + (p - b)) { + + b = t = a_string; switch (*(p+1)) { + case 'N' : + t = realloc_string_sub(t, "%N", automount_server(user)); + break; + case 'H': + if ((h = get_user_home_dir(user))) + t = realloc_string_sub(t, "%H", h); + break; + case 'P': + t = realloc_string_sub(t, "%P", connectpath); + break; case 'S': - string_sub(p,"%S", user, l); + t = realloc_string_sub(t, "%S", lp_servicename(snum)); + break; + case 'g': + t = realloc_string_sub(t, "%g", gidtoname(gid)); + break; + case 'u': + t = realloc_string_sub(t, "%u", user); break; + + /* Patch from jkf@soton.ac.uk Left the %N (NIS + * server name) in standard_sub_basic as it is + * a feature for logon servers, hence uses the + * username. The %p (NIS server path) code is + * here as it is used instead of the default + * "path =" string in [homes] and so needs the + * service name, not the username. */ case 'p': - string_sub(p,"%p", automount_path(user), l); + t = realloc_string_sub(t, "%p", automount_path(lp_servicename(snum))); break; - case '\0': - p++; - break; /* don't run off the end of the string */ - default: p+=2; + default: break; } + + p++; + if (t == NULL) { + SAFE_FREE(a_string); + return NULL; + } + a_string = t; } - standard_sub_advanced(snum, user, "", -1, current_user_info.smb_name, str); + ret_string = alloc_sub_basic(smb_name, a_string); + SAFE_FREE(a_string); + return ret_string; +} + +/**************************************************************************** + Do some standard substitutions in a string. +****************************************************************************/ + +void standard_sub_conn(connection_struct *conn, char *str, size_t len) +{ + standard_sub_advanced(SNUM(conn), conn->user, conn->connectpath, + conn->gid, current_user_info.smb_name, str, len); } /**************************************************************************** Like standard_sub but by snum. ****************************************************************************/ -void standard_sub_snum(int snum, char *str) +void standard_sub_snum(int snum, char *str, size_t len) { extern struct current_user current_user; static uid_t cached_uid = -1; @@ -336,23 +657,6 @@ void standard_sub_snum(int snum, char *str) cached_uid = current_user.uid; } - standard_sub_advanced(snum, cached_user, "", -1, current_user_info.smb_name, str); -} - -/******************************************************************* - Substitute strings with useful parameters. -********************************************************************/ - -void standard_sub_vuser(char *str, user_struct *vuser) -{ - standard_sub_advanced(-1, vuser->user.unix_name, "", -1, current_user_info.smb_name, str); -} - -/******************************************************************* - Substitute strings with useful parameters. -********************************************************************/ - -void standard_sub_vsnum(char *str, user_struct *vuser, int snum) -{ - standard_sub_advanced(snum, vuser->user.unix_name, "", -1, current_user_info.smb_name, str); + standard_sub_advanced(snum, cached_user, "", -1, + current_user_info.smb_name, str, len); } diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 22245992f53..00d06e4a5ae 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -644,13 +644,7 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) break; case SMB_ACL_USER: - if ((pw = sys_getpwuid(ap->a_id)) == NULL) { - slprintf(idbuf, sizeof(idbuf)-1, "%ld", - (long)ap->a_id); - id = idbuf; - } else { - id = pw->pw_name; - } + id = uidtoname(ap->a_id); case SMB_ACL_USER_OBJ: tag = "user"; break; @@ -1281,13 +1275,7 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) break; case SMB_ACL_USER: - if ((pw = sys_getpwuid(ap->a_id)) == NULL) { - slprintf(idbuf, sizeof(idbuf)-1, "%ld", - (long)ap->a_id); - id = idbuf; - } else { - id = pw->pw_name; - } + id = uidtoname(ap->a_id); case SMB_ACL_USER_OBJ: tag = "user"; break; diff --git a/source3/lib/system.c b/source3/lib/system.c index 8c7eec939ea..8b2ba800f53 100644 --- a/source3/lib/system.c +++ b/source3/lib/system.c @@ -72,6 +72,104 @@ int sys_usleep(long usecs) #endif /* HAVE_USLEEP */ } +/******************************************************************* +A read wrapper that will deal with EINTR. +********************************************************************/ + +ssize_t sys_read(int fd, void *buf, size_t count) +{ + ssize_t ret; + + do { + ret = read(fd, buf, count); + } while (ret == -1 && errno == EINTR); + return ret; +} + +/******************************************************************* +A write wrapper that will deal with EINTR. +********************************************************************/ + +ssize_t sys_write(int fd, const void *buf, size_t count) +{ + ssize_t ret; + + do { + ret = write(fd, buf, count); + } while (ret == -1 && errno == EINTR); + return ret; +} + +/******************************************************************* +A send wrapper that will deal with EINTR. +********************************************************************/ + +ssize_t sys_send(int s, const void *msg, size_t len, int flags) +{ + ssize_t ret; + + do { + ret = send(s, msg, len, flags); + } while (ret == -1 && errno == EINTR); + return ret; +} + +/******************************************************************* +A sendto wrapper that will deal with EINTR. +********************************************************************/ + +ssize_t sys_sendto(int s, const void *msg, size_t len, int flags, const struct sockaddr *to, socklen_t tolen) +{ + ssize_t ret; + + do { + ret = sendto(s, msg, len, flags, to, tolen); + } while (ret == -1 && errno == EINTR); + return ret; +} + +/******************************************************************* +A recvfrom wrapper that will deal with EINTR. +********************************************************************/ + +ssize_t sys_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlen) +{ + ssize_t ret; + + do { + ret = recvfrom(s, buf, len, flags, from, fromlen); + } while (ret == -1 && errno == EINTR); + return ret; +} + +/******************************************************************* +A fcntl wrapper that will deal with EINTR. +********************************************************************/ + +int sys_fcntl_ptr(int fd, int cmd, void *arg) +{ + int ret; + + do { + ret = fcntl(fd, cmd, arg); + } while (ret == -1 && errno == EINTR); + return ret; +} + +/******************************************************************* +A fcntl wrapper that will deal with EINTR. +********************************************************************/ + +int sys_fcntl_long(int fd, int cmd, long arg) +{ + int ret; + + do { + ret = fcntl(fd, cmd, arg); + } while (ret == -1 && errno == EINTR); + return ret; +} + /******************************************************************* A stat() wrapper that will deal with 64 bit filesizes. ********************************************************************/ @@ -646,131 +744,47 @@ int sys_setgroups(int setlen, gid_t *gidset) #endif /* HAVE_SETGROUPS */ -/* - * We only wrap pw_name and pw_passwd for now as these - * are the only potentially modified fields. - */ - -/************************************************************************** - Helper function for getpwnam/getpwuid wrappers. -****************************************************************************/ - -struct saved_pw { - fstring pw_name; - fstring pw_passwd; - fstring pw_gecos; - pstring pw_dir; - pstring pw_shell; - struct passwd pass; -}; - -static struct saved_pw pw_mod; /* This is the structure returned - can be modified. */ -static struct saved_pw pw_cache; /* This is the structure saved - used to check cache. */ - -static int num_lookups; /* Counter so we don't always use cache. */ -#ifndef PW_RET_CACHE_MAX_LOOKUPS -#define PW_RET_CACHE_MAX_LOOKUPS 100 -#endif - -static void copy_pwent(struct saved_pw *dst, struct passwd *pass) -{ - memcpy((char *)&dst->pass, pass, sizeof(struct passwd)); - - fstrcpy(dst->pw_name, pass->pw_name); - dst->pass.pw_name = dst->pw_name; - - fstrcpy(dst->pw_passwd, pass->pw_passwd); - dst->pass.pw_passwd = dst->pw_passwd; - - fstrcpy(dst->pw_gecos, pass->pw_gecos); - dst->pass.pw_gecos = dst->pw_gecos; - - pstrcpy(dst->pw_dir, pass->pw_dir); - dst->pass.pw_dir = dst->pw_dir; - - pstrcpy(dst->pw_shell, pass->pw_shell); - dst->pass.pw_shell = dst->pw_shell; -} - -static struct passwd *setup_pwret(struct passwd *pass) -{ - if (pass == NULL) { - /* Clear the caches. */ - memset(&pw_cache, '\0', sizeof(struct saved_pw)); - memset(&pw_mod, '\0', sizeof(struct saved_pw)); - num_lookups = 0; - return NULL; - } - - copy_pwent( &pw_mod, pass); - - if (pass != &pw_cache.pass) { - - /* If it's a cache miss we must also refill the cache. */ - - copy_pwent( &pw_cache, pass); - num_lookups = 1; - - } else { - - /* Cache hit. */ - - num_lookups++; - num_lookups = (num_lookups % PW_RET_CACHE_MAX_LOOKUPS); - } - - return &pw_mod.pass; -} - /************************************************************************** Wrappers for setpwent(), getpwent() and endpwent() ****************************************************************************/ void sys_setpwent(void) { - setup_pwret(NULL); /* Clear cache. */ setpwent(); } struct passwd *sys_getpwent(void) { - return setup_pwret(getpwent()); + return getpwent(); } void sys_endpwent(void) { - setup_pwret(NULL); /* Clear cache. */ endpwent(); } /************************************************************************** - Wrapper for getpwnam(). Always returns a static that can be modified. + Wrappers for getpwnam(), getpwuid(), getgrnam(), getgrgid() ****************************************************************************/ struct passwd *sys_getpwnam(const char *name) { - if (!name || !name[0]) - return NULL; - - /* check for a cache hit first */ - if (num_lookups && pw_cache.pass.pw_name && !strcmp(name, pw_cache.pass.pw_name)) { - return setup_pwret(&pw_cache.pass); - } + return getpwnam(name); +} - return setup_pwret(getpwnam(name)); +struct passwd *sys_getpwuid(uid_t uid) +{ + return getpwuid(uid); } -/************************************************************************** - Wrapper for getpwuid(). Always returns a static that can be modified. -****************************************************************************/ +struct group *sys_getgrnam(const char *name) +{ + return getgrnam(name); +} -struct passwd *sys_getpwuid(uid_t uid) +struct group *sys_getgrgid(gid_t gid) { - if (num_lookups && pw_cache.pass.pw_name && (uid == pw_cache.pass.pw_uid)) { - return setup_pwret(&pw_cache.pass); - } - - return setup_pwret(getpwuid(uid)); + return getgrgid(gid); } #if 0 /* NOT CURRENTLY USED - JRA */ @@ -1171,7 +1185,7 @@ int sys_pclose(int fd) void *sys_dlopen(const char *name, int flags) { -#if defined(HAVE_LIBDL) || defined(HAVE_DLOPEN) +#if defined(HAVE_DLOPEN) return dlopen(name, flags); #else return NULL; @@ -1180,7 +1194,7 @@ void *sys_dlopen(const char *name, int flags) void *sys_dlsym(void *handle, char *symbol) { -#if defined(HAVE_LIBDL) || defined(HAVE_DLSYM) +#if defined(HAVE_DLSYM) return dlsym(handle, symbol); #else return NULL; @@ -1189,7 +1203,7 @@ void *sys_dlsym(void *handle, char *symbol) int sys_dlclose (void *handle) { -#if defined(HAVE_LIBDL) || defined(HAVE_DLCLOSE) +#if defined(HAVE_DLCLOSE) return dlclose(handle); #else return 0; @@ -1198,7 +1212,7 @@ int sys_dlclose (void *handle) const char *sys_dlerror(void) { -#if defined(HAVE_LIBDL) || defined(HAVE_DLERROR) +#if defined(HAVE_DLERROR) return dlerror(); #else return NULL; diff --git a/source3/lib/talloc.c b/source3/lib/talloc.c index 6ac784a9297..0f293e17259 100644 --- a/source3/lib/talloc.c +++ b/source3/lib/talloc.c @@ -82,7 +82,7 @@ struct talloc_ctx { * @todo We should turn the global list off when using Insure++, * otherwise all the memory will be seen as still reachable. **/ -TALLOC_CTX *list_head = NULL; +static TALLOC_CTX *list_head = NULL; /** @@ -287,6 +287,15 @@ char *talloc_strdup(TALLOC_CTX *t, const char *p) return NULL; } +/** strdup_w with a talloc */ +smb_ucs2_t *talloc_strdup_w(TALLOC_CTX *t, const smb_ucs2_t *p) +{ + if (p) + return talloc_memdup(t, p, (strlen_w(p) + 1) * sizeof(smb_ucs2_t)); + else + return NULL; +} + /** * Perform string formatting, and return a pointer to newly allocated * memory holding the result, inside a memory pool. @@ -307,12 +316,17 @@ char *talloc_strdup(TALLOC_CTX *t, const char *p) { int len; char *ret; + va_list ap2; - len = vsnprintf(NULL, 0, fmt, ap); + VA_COPY(ap2, ap); + + len = vsnprintf(NULL, 0, fmt, ap2); ret = talloc(t, len+1); - if (ret) - vsnprintf(ret, len+1, fmt, ap); + if (ret) { + VA_COPY(ap2, ap); + vsnprintf(ret, len+1, fmt, ap2); + } return ret; } @@ -345,14 +359,19 @@ char *talloc_strdup(TALLOC_CTX *t, const char *p) const char *fmt, va_list ap) { int len, s_len; + va_list ap2; + + VA_COPY(ap2, ap); s_len = strlen(s); - len = vsnprintf(NULL, 0, fmt, ap); + len = vsnprintf(NULL, 0, fmt, ap2); s = talloc_realloc(t, s, s_len + len+1); if (!s) return NULL; - vsnprintf(s+s_len, len+1, fmt, ap); + VA_COPY(ap2, ap); + + vsnprintf(s+s_len, len+1, fmt, ap2); return s; } diff --git a/source3/lib/time.c b/source3/lib/time.c index 5fc43612dd5..9d87414aea0 100644 --- a/source3/lib/time.c +++ b/source3/lib/time.c @@ -44,11 +44,6 @@ int extra_time_offset = 0; External access to time_t_min and time_t_max. ********************************************************************/ -time_t get_time_t_min(void) -{ - return TIME_T_MIN; -} - time_t get_time_t_max(void) { return TIME_T_MAX; @@ -413,7 +408,7 @@ void unix_to_nt_time(NTTIME *nt, time_t t) } /* this converts GMT to kludge-GMT */ - t -= LocTimeDiff(t) - get_serverzone(); + t -= TimeDiff(t) - get_serverzone(); d = (double)(t); d += TIME_FIXUP_CONSTANT; diff --git a/source3/lib/username.c b/source3/lib/username.c index da603949bc8..4813c8fd194 100644 --- a/source3/lib/username.c +++ b/source3/lib/username.c @@ -30,7 +30,7 @@ static struct passwd *uname_string_combinations2(char *s, int offset, struct pas *local* people, there's nothing for you here...). *****************************************************************/ -BOOL name_is_local(const char *name) +static BOOL name_is_local(const char *name) { return !(strchr_m(name, *lp_winbind_separator())); } @@ -55,9 +55,10 @@ BOOL split_domain_and_name(const char *name, char *domain, char* username) } else if (lp_winbind_use_default_domain()) { fstrcpy(username, name); fstrcpy(domain, lp_workgroup()); - } else + } else { return False; - + } + DEBUG(10,("split_domain_and_name: all is fine, domain is |%s| and name is |%s|\n", domain, username)); return True; } @@ -81,40 +82,6 @@ char *get_user_home_dir(const char *user) return(pass->pw_dir); } -/**************************************************************************** - Get a users service home directory. -****************************************************************************/ - -char *get_user_service_home_dir(const char *user) -{ - static struct passwd *pass; - int snum; - - /* Ensure the user exists. */ - - pass = Get_Pwnam(user); - - if (!pass) - return(NULL); - - /* If a path is specified in [homes] then use it instead of the - user's home directory from struct passwd. */ - - if ((snum = lp_servicenumber(HOMES_NAME)) != -1) { - static pstring home_dir; - - pstrcpy(home_dir, lp_pathname(snum)); - standard_sub_home(snum, user, home_dir); - - if (home_dir[0]) - return home_dir; - } - - /* Return home directory from struct passwd. */ - - return(pass->pw_dir); -} - /******************************************************************* Map a username from a dos name to a unix name by looking in the username map. Note that this modifies the name in place. @@ -196,7 +163,7 @@ BOOL map_username(char *user) } } - dosuserlist = lp_list_make(dosname); + dosuserlist = str_list_make(dosname); if (!dosuserlist) { DEBUG(0,("Unable to build user list\n")); return False; @@ -209,13 +176,13 @@ BOOL map_username(char *user) sscanf(unixname,"%s",user); fstrcpy(last_to,user); if(return_if_mapped) { - lp_list_free (&dosuserlist); + str_list_free (&dosuserlist); x_fclose(f); return True; } } - lp_list_free (&dosuserlist); + str_list_free (&dosuserlist); } x_fclose(f); @@ -238,6 +205,8 @@ BOOL map_username(char *user) * - using lp_usernamelevel() for permutations. ****************************************************************************/ +static struct passwd *Get_Pwnam_ret = NULL; + static struct passwd *Get_Pwnam_internals(const char *user, char *user2) { struct passwd *ret = NULL; @@ -252,14 +221,14 @@ static struct passwd *Get_Pwnam_internals(const char *user, char *user2) common case on UNIX systems */ strlower(user2); DEBUG(5,("Trying _Get_Pwnam(), username as lowercase is %s\n",user2)); - ret = sys_getpwnam(user2); + ret = getpwnam_alloc(user2); if(ret) goto done; /* Try as given, if username wasn't originally lowercase */ if(strcmp(user, user2) != 0) { DEBUG(5,("Trying _Get_Pwnam(), username as given is %s\n", user)); - ret = sys_getpwnam(user); + ret = getpwnam_alloc(user); if(ret) goto done; } @@ -268,7 +237,7 @@ static struct passwd *Get_Pwnam_internals(const char *user, char *user2) strupper(user2); if(strcmp(user, user2) != 0) { DEBUG(5,("Trying _Get_Pwnam(), username as uppercase is %s\n", user2)); - ret = sys_getpwnam(user2); + ret = getpwnam_alloc(user2); if(ret) goto done; } @@ -276,10 +245,31 @@ static struct passwd *Get_Pwnam_internals(const char *user, char *user2) /* Try all combinations up to usernamelevel */ strlower(user2); DEBUG(5,("Checking combinations of %d uppercase letters in %s\n", lp_usernamelevel(), user2)); - ret = uname_string_combinations(user2, sys_getpwnam, lp_usernamelevel()); + ret = uname_string_combinations(user2, getpwnam_alloc, lp_usernamelevel()); done: DEBUG(5,("Get_Pwnam_internals %s find user [%s]!\n",ret ? "did":"didn't", user)); + + /* This call used to just return the 'passwd' static buffer. + This could then have accidental reuse implications, so + we now malloc a copy, and free it in the next use. + + This should cause the (ab)user to segfault if it + uses an old struct. + + This is better than useing the wrong data in security + critical operations. + + The real fix is to make the callers free the returned + malloc'ed data. + */ + + if (Get_Pwnam_ret) { + passwd_free(&Get_Pwnam_ret); + } + + Get_Pwnam_ret = ret; + return ret; } @@ -288,7 +278,7 @@ done: NOTE: This can potentially modify 'user'! ****************************************************************************/ -struct passwd *Get_Pwnam_Modify(char *user) +struct passwd *Get_Pwnam_Modify(fstring user) { fstring user2; struct passwd *ret; @@ -320,8 +310,6 @@ struct passwd *Get_Pwnam(const char *user) ret = Get_Pwnam_internals(user, user2); - DEBUG(5,("Get_Pwnam %s find user [%s]!\n",ret ? "did":"didn't", user)); - return ret; } diff --git a/source3/lib/util.c b/source3/lib/util.c index 7e2ad496395..be108aa4056 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -52,13 +52,6 @@ #endif /* WITH_NISPLUS_HOME */ #endif /* HAVE_NETGROUP && WITH_AUTOMOUNT */ -#ifdef WITH_SSL -#include -#undef Realloc /* SSLeay defines this and samba has a function of this name */ -extern SSL *ssl; -extern int sslFd; -#endif /* WITH_SSL */ - int Protocol = PROTOCOL_COREPLUS; /* a default finfo structure to ensure all fields are sensible */ @@ -91,9 +84,10 @@ char **my_netbios_names; /**************************************************************************** - find a suitable temporary directory. The result should be copied immediately + Find a suitable temporary directory. The result should be copied immediately as it may be overwritten by a subsequent call. - ****************************************************************************/ +****************************************************************************/ + char *tmpdir(void) { char *p; @@ -124,7 +118,7 @@ BOOL in_group(gid_t group, gid_t current_gid, int ngroups, gid_t *groups) Like atoi but gets the value up to the separator character. ****************************************************************************/ -char *Atoic(char *p, int *n, char *c) +static char *Atoic(char *p, int *n, char *c) { if (!isdigit((int)*p)) { DEBUG(5, ("Atoic: malformed number\n")); @@ -190,7 +184,7 @@ BOOL file_exist(const char *fname,SMB_STRUCT_STAT *sbuf) if (sys_stat(fname,sbuf) != 0) return(False); - return(S_ISREG(sbuf->st_mode)); + return((S_ISREG(sbuf->st_mode)) || (S_ISFIFO(sbuf->st_mode))); } /******************************************************************* @@ -552,13 +546,13 @@ int set_blocking(int fd, BOOL set) #endif #endif - if((val = fcntl(fd, F_GETFL, 0)) == -1) + if((val = sys_fcntl_long(fd, F_GETFL, 0)) == -1) return -1; if(set) /* Turn blocking on - ie. clear nonblock flag */ val &= ~FLAG_TO_SET; else val |= FLAG_TO_SET; - return fcntl( fd, F_SETFL, val); + return sys_fcntl_long( fd, F_SETFL, val); #undef FLAG_TO_SET } @@ -620,7 +614,7 @@ ssize_t transfer_file_internal(int infd, int outfd, size_t n, ssize_t (*read_fn) SMB_OFF_T transfer_file(int infd,int outfd,SMB_OFF_T n) { - return (SMB_OFF_T)transfer_file_internal(infd, outfd, (size_t)n, read, write); + return (SMB_OFF_T)transfer_file_internal(infd, outfd, (size_t)n, sys_read, sys_write); } /******************************************************************* @@ -689,7 +683,7 @@ void become_daemon(void) /**************************************************************************** -put up a yes/no prompt + Put up a yes/no prompt ****************************************************************************/ BOOL yesno(char *p) { @@ -862,7 +856,7 @@ struct in_addr *interpret_addr2(const char *str) } /******************************************************************* - check if an IP is the 0.0.0.0 + Check if an IP is the 0.0.0.0 ******************************************************************/ BOOL is_zero_ip(struct in_addr ip) { @@ -871,7 +865,9 @@ BOOL is_zero_ip(struct in_addr ip) return(a == 0); } -/* Set an IP to 0.0.0.0 */ +/******************************************************************* + Set an IP to 0.0.0.0 + ******************************************************************/ void zero_ip(struct in_addr *ip) { @@ -1056,15 +1052,19 @@ BOOL process_exists(pid_t pid) Convert a uid into a user name. ********************************************************************/ -char *uidtoname(uid_t uid) +const char *uidtoname(uid_t uid) { static fstring name; struct passwd *pass; - pass = sys_getpwuid(uid); - if (pass) return(pass->pw_name); - slprintf(name, sizeof(name) - 1, "%d",(int)uid); - return(name); + pass = getpwuid_alloc(uid); + if (pass) { + fstrcpy(name, pass->pw_name); + passwd_free(&pass); + } else { + slprintf(name, sizeof(name) - 1, "%ld",(long int)uid); + } + return name; } @@ -1078,13 +1078,14 @@ char *gidtoname(gid_t gid) struct group *grp; grp = getgrgid(gid); - if (grp) return(grp->gr_name); + if (grp) + return(grp->gr_name); slprintf(name,sizeof(name) - 1, "%d",(int)gid); return(name); } /******************************************************************* - Convert a user name into a uid. If winbindd is present uses this. + Convert a user name into a uid. ********************************************************************/ uid_t nametouid(char *name) @@ -1093,21 +1094,22 @@ uid_t nametouid(char *name) char *p; uid_t u; - u = (uid_t)strtol(name, &p, 0); - if ((p != name) && (*p == '\0')) - return u; - pass = getpwnam_alloc(name); if (pass) { - return(pass->pw_uid); + u = pass->pw_uid; passwd_free(&pass); + return u; } + + u = (uid_t)strtol(name, &p, 0); + if ((p != name) && (*p == '\0')) + return u; + return (uid_t)-1; } /******************************************************************* - Convert a name to a gid_t if possible. Return -1 if not a group. If winbindd - is present does a shortcut lookup... + Convert a name to a gid_t if possible. Return -1 if not a group. ********************************************************************/ gid_t nametogid(const char *name) @@ -1120,7 +1122,7 @@ gid_t nametogid(const char *name) if ((p != name) && (*p == '\0')) return g; - grp = getgrnam(name); + grp = sys_getgrnam(name); if (grp) return(grp->gr_gid); return (gid_t)-1; @@ -1353,11 +1355,9 @@ BOOL fcntl_lock(int fd, int op, SMB_OFF_T offset, SMB_OFF_T count, int type) lock.l_len = count; lock.l_pid = 0; - errno = 0; - - ret = fcntl(fd,op,&lock); + ret = sys_fcntl_ptr(fd,op,&lock); - if (errno != 0) + if (ret == -1 && errno != 0) DEBUG(3,("fcntl_lock: fcntl lock gave errno %d (%s)\n",errno,strerror(errno))); /* a lock query */ @@ -1391,20 +1391,39 @@ BOOL fcntl_lock(int fd, int op, SMB_OFF_T offset, SMB_OFF_T count, int type) } /******************************************************************* -is the name specified one of my netbios names -returns true is it is equal, false otherwise + Is the name specified one of my netbios names. + Returns true if it is equal, false otherwise. ********************************************************************/ + BOOL is_myname(char *s) { - int n; - BOOL ret = False; + int n; + BOOL ret = False; - for (n=0; my_netbios_names[n]; n++) { - if (strequal(my_netbios_names[n], s)) - ret=True; - } - DEBUG(8, ("is_myname(\"%s\") returns %d\n", s, ret)); - return(ret); + for (n=0; my_netbios_names[n]; n++) { + if (strequal(my_netbios_names[n], s)) + ret=True; + } + DEBUG(8, ("is_myname(\"%s\") returns %d\n", s, ret)); + return(ret); +} + +/******************************************************************** + Return only the first IP address of our configured interfaces + as a string + *******************************************************************/ + +const char* get_my_primary_ip (void) +{ + static fstring ip_string; + int n; + struct iface_struct nics[MAX_INTERFACES]; + + if ((n=get_interfaces(nics, MAX_INTERFACES)) <= 0) + return NULL; + + fstrcpy(ip_string, inet_ntoa(nics[0].ip)); + return ip_string; } BOOL is_myname_or_ipaddr(char *s) @@ -1416,8 +1435,7 @@ BOOL is_myname_or_ipaddr(char *s) return True; /* maybe its an IP address? */ - if (is_ipaddress(s)) - { + if (is_ipaddress(s)) { struct iface_struct nics[MAX_INTERFACES]; int i, n; uint32 ip; @@ -1435,59 +1453,56 @@ BOOL is_myname_or_ipaddr(char *s) /* check for an alias */ ptr = lp_netbios_aliases(); - for ( ; *ptr; ptr++ ) - { + for ( ; *ptr; ptr++ ) { if (StrCaseCmp(s, *ptr) == 0) return True; } - /* no match */ return False; - } - /******************************************************************* -set the horrid remote_arch string based on an enum. + Set the horrid remote_arch string based on an enum. ********************************************************************/ + void set_remote_arch(enum remote_arch_types type) { - extern fstring remote_arch; - ra_type = type; - switch( type ) - { - case RA_WFWG: - fstrcpy(remote_arch, "WfWg"); - return; - case RA_OS2: - fstrcpy(remote_arch, "OS2"); - return; - case RA_WIN95: - fstrcpy(remote_arch, "Win95"); - return; - case RA_WINNT: - fstrcpy(remote_arch, "WinNT"); - return; - case RA_WIN2K: - fstrcpy(remote_arch, "Win2K"); - return; - case RA_SAMBA: - fstrcpy(remote_arch,"Samba"); - return; - default: - ra_type = RA_UNKNOWN; - fstrcpy(remote_arch, "UNKNOWN"); - break; - } + extern fstring remote_arch; + ra_type = type; + switch( type ) { + case RA_WFWG: + fstrcpy(remote_arch, "WfWg"); + return; + case RA_OS2: + fstrcpy(remote_arch, "OS2"); + return; + case RA_WIN95: + fstrcpy(remote_arch, "Win95"); + return; + case RA_WINNT: + fstrcpy(remote_arch, "WinNT"); + return; + case RA_WIN2K: + fstrcpy(remote_arch, "Win2K"); + return; + case RA_SAMBA: + fstrcpy(remote_arch,"Samba"); + return; + default: + ra_type = RA_UNKNOWN; + fstrcpy(remote_arch, "UNKNOWN"); + break; + } } /******************************************************************* Get the remote_arch type. ********************************************************************/ + enum remote_arch_types get_remote_arch(void) { - return ra_type; + return ra_type; } @@ -1495,42 +1510,35 @@ void out_ascii(FILE *f, unsigned char *buf,int len) { int i; for (i=0;i(per_line/2)) fprintf(f, " "); - while (n--) - { + while (n--) { fprintf(f, " "); } n = MIN(per_line/2,i%per_line); @@ -1769,10 +1777,10 @@ int smb_mkstemp(char *template) #endif } - -/** +/***************************************************************** malloc that aborts with smb_panic on fail or zero size. -**/ + *****************************************************************/ + void *smb_xmalloc(size_t size) { void *p; @@ -1811,7 +1819,11 @@ char *smb_xstrdup(const char *s) int smb_xvasprintf(char **ptr, const char *format, va_list ap) { int n; - n = vasprintf(ptr, format, ap); + va_list ap2; + + VA_COPY(ap2, ap); + + n = vasprintf(ptr, format, ap2); if (n == -1 || ! *ptr) { smb_panic("smb_xvasprintf: out of memory"); } @@ -1847,7 +1859,7 @@ char *myhostname(void) /***************************************************************** a useful function for returning a path in the Samba lock directory *****************************************************************/ -char *lock_path(char *name) +char *lock_path(const char *name) { static pstring fname; @@ -1864,6 +1876,26 @@ char *lock_path(char *name) return fname; } +/***************************************************************** +a useful function for returning a path in the Samba pid directory + *****************************************************************/ +char *pid_path(const char *name) +{ + static pstring fname; + + pstrcpy(fname,lp_piddir()); + trim_string(fname,"","/"); + + if (!directory_exist(fname,NULL)) { + mkdir(fname,0755); + } + + pstrcat(fname,"/"); + pstrcat(fname,name); + + return fname; +} + /** * @brief Returns an absolute path to a file in the Samba lib directory. @@ -1872,7 +1904,7 @@ char *lock_path(char *name) * * @retval Pointer to a static #pstring containing the full path. **/ -char *lib_path(char *name) +char *lib_path(const char *name) { static pstring fname; snprintf(fname, sizeof(fname), "%s/%s", dyn_LIBDIR, name); @@ -2092,92 +2124,6 @@ BOOL unix_wild_match(char *pattern, char *string) return unix_do_match(p2, s2) == 0; } -/******************************************************************* - free() a data blob -*******************************************************************/ -static void free_data_blob(DATA_BLOB *d) -{ - if ((d) && (d->free)) { - SAFE_FREE(d->data); - } -} - -/******************************************************************* - construct a data blob, must be freed with data_blob_free() - you can pass NULL for p and get a blank data blob -*******************************************************************/ -DATA_BLOB data_blob(const void *p, size_t length) -{ - DATA_BLOB ret; - - if (!length) { - ZERO_STRUCT(ret); - return ret; - } - - if (p) { - ret.data = smb_xmemdup(p, length); - } else { - ret.data = smb_xmalloc(length); - } - ret.length = length; - ret.free = free_data_blob; - return ret; -} - -/******************************************************************* - construct a data blob, using supplied TALLOC_CTX -*******************************************************************/ -DATA_BLOB data_blob_talloc(TALLOC_CTX *mem_ctx, const void *p, size_t length) -{ - DATA_BLOB ret; - - if (!p || !length) { - ZERO_STRUCT(ret); - return ret; - } - - ret.data = talloc_memdup(mem_ctx, p, length); - if (ret.data == NULL) - smb_panic("data_blob_talloc: talloc_memdup failed.\n"); - - ret.length = length; - ret.free = NULL; - return ret; -} - -/******************************************************************* -free a data blob -*******************************************************************/ -void data_blob_free(DATA_BLOB *d) -{ - if (d) { - if (d->free) { - (d->free)(d); - } - ZERO_STRUCTP(d); - } -} - -/******************************************************************* -clear a DATA_BLOB's contents -*******************************************************************/ -void data_blob_clear(DATA_BLOB *d) -{ - if (d->data) { - memset(d->data, 0, d->length); - } -} - -/******************************************************************* -free a data blob and clear its contents -*******************************************************************/ -void data_blob_clear_free(DATA_BLOB *d) -{ - data_blob_clear(d); - data_blob_free(d); -} - #ifdef __INSURE__ /******************************************************************* diff --git a/source3/lib/util_file.c b/source3/lib/util_file.c index e80267f84b5..611e0e40be9 100644 --- a/source3/lib/util_file.c +++ b/source3/lib/util_file.c @@ -40,9 +40,10 @@ BOOL do_file_lock(int fd, int waitsecs, int type) { SMB_STRUCT_FLOCK lock; int ret; + void (*oldsig_handler)(int); gotalarm = 0; - CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig); + oldsig_handler = CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig); lock.l_type = type; lock.l_whence = SEEK_SET; @@ -51,9 +52,10 @@ BOOL do_file_lock(int fd, int waitsecs, int type) lock.l_pid = 0; alarm(waitsecs); + /* Note we must *NOT* use sys_fcntl here ! JRA */ ret = fcntl(fd, SMB_F_SETLKW, &lock); alarm(0); - CatchSignal(SIGALRM, SIGNAL_CAST SIG_IGN); + CatchSignal(SIGALRM, SIGNAL_CAST oldsig_handler); if (gotalarm) { DEBUG(0, ("do_file_lock: failed to %s file.\n", @@ -448,7 +450,8 @@ void *map_file(char *fname, size_t size) #endif if (!p) { p = file_load(fname, &s2); - if (!p || s2 != size) { + if (!p) return NULL; + if (s2 != size) { DEBUG(1,("incorrect size for %s - got %d expected %d\n", fname, s2, size)); if (p) free(p); diff --git a/source3/lib/util_getent.c b/source3/lib/util_getent.c index 02e4b932ded..2e76121aae1 100644 --- a/source3/lib/util_getent.c +++ b/source3/lib/util_getent.c @@ -277,20 +277,24 @@ struct sys_userlist *get_users_in_group(const char *gname) DOM_SID sid; enum SID_NAME_USE name_type; - (void) split_domain_and_name(gname, domain, groupname); - - /* - * If we're doing this via winbindd, don't do the - * entire group list enumeration as we know this is - * pointless (and slow). - */ - - if (winbind_lookup_name(domain, groupname, &sid, &name_type) && name_type == SID_NAME_DOM_GRP) { - if ((gptr = (struct group *)getgrnam(gname)) == NULL) - return NULL; - return add_members_to_userlist(list_head, gptr); + /* No point using winbind if we can't split it in the + first place */ + if (split_domain_and_name(gname, domain, groupname)) { + + /* + * If we're doing this via winbindd, don't do the + * entire group list enumeration as we know this is + * pointless (and slow). + */ + + if (winbind_lookup_name(domain, groupname, &sid, &name_type) + && name_type == SID_NAME_DOM_GRP) { + if ((gptr = (struct group *)getgrnam(gname)) == NULL) + return NULL; + return add_members_to_userlist(list_head, gptr); + } } - + setgrent(); while((gptr = getgrent()) != NULL) { if (strequal(gname, gptr->gr_name)) { diff --git a/source3/lib/util_pw.c b/source3/lib/util_pw.c index 259649a064e..9d075a05e88 100644 --- a/source3/lib/util_pw.c +++ b/source3/lib/util_pw.c @@ -22,50 +22,6 @@ #include "includes.h" -struct passwd *make_modifyable_passwd(const struct passwd *from) -{ - struct passwd *ret = smb_xmalloc(sizeof(*ret)); -/* This is the assumed shape of the members by certain parts of the code... - fstring pw_name; - fstring pw_passwd; - fstring pw_gecos; - pstring pw_dir; - pstring pw_shell; -*/ - char *pw_name = smb_xmalloc(sizeof(fstring)); - char *pw_passwd = smb_xmalloc(sizeof(fstring)); - char *pw_gecos = smb_xmalloc(sizeof(fstring)); - char *pw_dir = smb_xmalloc(sizeof(pstring)); - char *pw_shell = smb_xmalloc(sizeof(pstring)); - - ZERO_STRUCTP(ret); - - /* - * Now point the struct's members as the - * newly allocated buffers: - */ - - ret->pw_name = pw_name; - fstrcpy(ret->pw_name, from->pw_name); - - ret->pw_passwd = pw_passwd; - fstrcpy(ret->pw_passwd, from->pw_passwd); - - ret->pw_uid = from->pw_uid; - ret->pw_gid = from->pw_gid; - - ret->pw_gecos = pw_gecos; - fstrcpy(ret->pw_gecos, from->pw_gecos); - - ret->pw_dir = pw_dir; - pstrcpy(ret->pw_dir, from->pw_dir); - - ret->pw_shell = pw_shell; - pstrcpy(ret->pw_shell, from->pw_shell); - - return ret; -} - static struct passwd *alloc_copy_passwd(const struct passwd *from) { struct passwd *ret = smb_xmalloc(sizeof(struct passwd)); @@ -100,7 +56,7 @@ struct passwd *getpwnam_alloc(const char *name) { struct passwd *temp; - temp = getpwnam(name); + temp = sys_getpwnam(name); if (!temp) { #if 0 @@ -118,7 +74,7 @@ struct passwd *getpwuid_alloc(uid_t uid) { struct passwd *temp; - temp = getpwuid(uid); + temp = sys_getpwuid(uid); if (!temp) { #if 0 diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 8ed266acedd..9fdf03adfc8 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -20,8 +20,6 @@ */ #include "includes.h" -#include "nterr.h" -#include "sids.h" /********************************************************************************** Check if this ACE has a SID in common with the token. diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c index d59b1b04716..132748ce138 100644 --- a/source3/lib/util_sec.c +++ b/source3/lib/util_sec.c @@ -227,6 +227,7 @@ void set_effective_gid(gid_t gid) } static uid_t saved_euid, saved_ruid; +static gid_t saved_egid, saved_rgid; /**************************************************************************** save the real and effective uid for later restoration. Used by the quotas @@ -264,6 +265,41 @@ void restore_re_uid(void) assert_uid(saved_ruid, saved_euid); } + +/**************************************************************************** + save the real and effective gid for later restoration. Used by the + getgroups code +****************************************************************************/ +void save_re_gid(void) +{ + saved_rgid = getgid(); + saved_egid = getegid(); +} + +/**************************************************************************** + and restore them! +****************************************************************************/ +void restore_re_gid(void) +{ +#if USE_SETRESUID + setresgid(saved_rgid, saved_egid, -1); +#elif USE_SETREUID + setregid(saved_rgid, -1); + setregid(-1,saved_egid); +#elif USE_SETUIDX + setgidx(ID_REAL, saved_rgid); + setgidx(ID_EFFECTIVE, saved_egid); +#else + set_effective_gid(saved_egid); + if (getgid() != saved_rgid) + setgid(saved_rgid); + set_effective_gid(saved_egid); +#endif + + assert_gid(saved_rgid, saved_egid); +} + + /**************************************************************************** set the real AND effective uid to the current effective uid in a way that allows root to be regained. diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c index cd7b64bb70b..5dd1d75c701 100644 --- a/source3/lib/util_sid.c +++ b/source3/lib/util_sid.c @@ -1,10 +1,11 @@ /* Unix SMB/CIFS implementation. Samba utility functions - Copyright (C) Andrew Tridgell 1992-1998 - Copyright (C) Luke Kenneth Caseson Leighton 1998-1999 - Copyright (C) Jeremy Allison 1999 - + Copyright (C) Andrew Tridgell 1992-1998 + Copyright (C) Luke Kenneth Caseson Leighton 1998-1999 + Copyright (C) Jeremy Allison 1999 + Copyright (C) Stefan (metze) Metzmacher 2002 + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or @@ -22,10 +23,6 @@ #include "includes.h" -/* NOTE! the global_sam_sid is the SID of our local SAM. This is only - equal to the domain SID when we are a DC, otherwise its our - workstation SID */ -DOM_SID global_sam_sid; extern pstring global_myname; extern fstring global_myworkgroup; @@ -37,66 +34,15 @@ DOM_SID global_sid_Builtin; /* Local well-known domain */ DOM_SID global_sid_World_Domain; /* Everyone domain */ DOM_SID global_sid_World; /* Everyone */ DOM_SID global_sid_Creator_Owner_Domain; /* Creator Owner domain */ -DOM_SID global_sid_Creator_Owner; /* Creator Owner */ -DOM_SID global_sid_Creator_Group; /* Creator Group */ DOM_SID global_sid_NT_Authority; /* NT Authority */ DOM_SID global_sid_NULL; /* NULL sid */ DOM_SID global_sid_Builtin_Guests; /* Builtin guest users */ DOM_SID global_sid_Authenticated_Users; /* All authenticated rids */ DOM_SID global_sid_Network; /* Network rids */ -DOM_SID global_sid_Anonymous; /* Anonymous login */ - -const DOM_SID *global_sid_everyone = &global_sid_World; -typedef struct _known_sid_users { - uint32 rid; - enum SID_NAME_USE sid_name_use; - char *known_user_name; -} known_sid_users; - -/* static known_sid_users no_users[] = {{0, 0, NULL}}; */ - -static known_sid_users everyone_users[] = { - { 0, SID_NAME_WKN_GRP, "Everyone" }, - {0, (enum SID_NAME_USE)0, NULL}}; - -static known_sid_users creator_owner_users[] = { - { 0, SID_NAME_ALIAS, "Creator Owner" }, - {0, (enum SID_NAME_USE)0, NULL}}; - -static known_sid_users nt_authority_users[] = { - { 1, SID_NAME_ALIAS, "Dialup" }, - { 2, SID_NAME_ALIAS, "Network"}, - { 3, SID_NAME_ALIAS, "Batch"}, - { 4, SID_NAME_ALIAS, "Interactive"}, - { 6, SID_NAME_ALIAS, "Service"}, - { 7, SID_NAME_ALIAS, "AnonymousLogon"}, - { 8, SID_NAME_ALIAS, "Proxy"}, - { 9, SID_NAME_ALIAS, "ServerLogon"}, - { 11, SID_NAME_ALIAS, "Authenticated Users"}, - { 18, SID_NAME_ALIAS, "SYSTEM"}, - { 0, (enum SID_NAME_USE)0, NULL}}; - -static known_sid_users builtin_groups[] = { - { BUILTIN_ALIAS_RID_ADMINS, SID_NAME_ALIAS, "Administrators" }, - { BUILTIN_ALIAS_RID_USERS, SID_NAME_ALIAS, "Users" }, - { BUILTIN_ALIAS_RID_GUESTS, SID_NAME_ALIAS, "Guests" }, - { BUILTIN_ALIAS_RID_ACCOUNT_OPS, SID_NAME_ALIAS, "Account Operators" }, - { BUILTIN_ALIAS_RID_SYSTEM_OPS, SID_NAME_ALIAS, "Server Operators" }, - { BUILTIN_ALIAS_RID_PRINT_OPS, SID_NAME_ALIAS, "Print Operators" }, - { BUILTIN_ALIAS_RID_BACKUP_OPS, SID_NAME_ALIAS, "Backup Operators" }, - { 0, (enum SID_NAME_USE)0, NULL}}; - -#define MAX_SID_NAMES 7 - -static struct sid_name_map_info -{ - DOM_SID *sid; - char *name; - known_sid_users *known_users; -} sid_name_map[MAX_SID_NAMES]; - -static BOOL sid_name_map_initialized = False; +static DOM_SID global_sid_Creator_Owner; /* Creator Owner */ +static DOM_SID global_sid_Creator_Group; /* Creator Group */ +static DOM_SID global_sid_Anonymous; /* Anonymous login */ /* * An NT compatible anonymous token. @@ -109,65 +55,43 @@ NT_USER_TOKEN anonymous_token = { anon_sid_array }; -/************************************************************************** - quick init function - *************************************************************************/ -static void init_sid_name_map (void) +/**************************************************************************** + Lookup string names for SID types. +****************************************************************************/ + +const static struct { + enum SID_NAME_USE sid_type; + char *string; +} sid_name_type[] = { + {SID_NAME_USER, "user"}, + {SID_NAME_DOM_GRP, "domain group"}, + {SID_NAME_DOMAIN, "domain"}, + {SID_NAME_ALIAS, "local group"}, + {SID_NAME_WKN_GRP, "well-known group"}, + {SID_NAME_DELETED, "deleted account"}, + {SID_NAME_INVALID, "invalid account"}, + {SID_NAME_UNKNOWN, "UNKNOWN"}, + + {SID_NAME_USE_NONE, NULL} +}; + +const char *sid_type_lookup(uint32 sid_type) { int i = 0; - - if (sid_name_map_initialized) return; - - if ((lp_security() == SEC_USER) && lp_domain_logons()) { - sid_name_map[i].sid = &global_sam_sid; - sid_name_map[i].name = global_myworkgroup; - sid_name_map[i].known_users = NULL; - i++; - sid_name_map[i].sid = &global_sam_sid; - sid_name_map[i].name = global_myname; - sid_name_map[i].known_users = NULL; - i++; - } - else { - sid_name_map[i].sid = &global_sam_sid; - sid_name_map[i].name = global_myname; - sid_name_map[i].known_users = NULL; + /* Look through list */ + while(sid_name_type[i].sid_type != 0) { + if (sid_name_type[i].sid_type == sid_type) + return sid_name_type[i].string; i++; } - sid_name_map[i].sid = &global_sid_Builtin; - sid_name_map[i].name = "BUILTIN"; - sid_name_map[i].known_users = &builtin_groups[0]; - i++; + /* Default return */ + return "SID *TYPE* is INVALID"; - sid_name_map[i].sid = &global_sid_World_Domain; - sid_name_map[i].name = ""; - sid_name_map[i].known_users = &everyone_users[0]; - i++; - - sid_name_map[i].sid = &global_sid_Creator_Owner_Domain; - sid_name_map[i].name = ""; - sid_name_map[i].known_users = &creator_owner_users[0]; - i++; - - sid_name_map[i].sid = &global_sid_NT_Authority; - sid_name_map[i].name = "NT Authority"; - sid_name_map[i].known_users = &nt_authority_users[0]; - i++; - - - /* end of array */ - sid_name_map[i].sid = NULL; - sid_name_map[i].name = NULL; - sid_name_map[i].known_users = NULL; - - sid_name_map_initialized = True; - - return; - } + /**************************************************************************** Creates some useful well known sids ****************************************************************************/ @@ -193,115 +117,6 @@ void generate_wellknown_sids(void) sid_copy( &anonymous_token.user_sids[2], &global_sid_Anonymous); } -/************************************************************************** - Turns a domain SID into a name, returned in the nt_domain argument. -***************************************************************************/ - -BOOL map_domain_sid_to_name(DOM_SID *sid, char *nt_domain) -{ - fstring sid_str; - int i = 0; - - sid_to_string(sid_str, sid); - - if (!sid_name_map_initialized) - init_sid_name_map(); - - DEBUG(5,("map_domain_sid_to_name: %s\n", sid_str)); - - if (nt_domain == NULL) - return False; - - while (sid_name_map[i].sid != NULL) { - sid_to_string(sid_str, sid_name_map[i].sid); - DEBUG(5,("map_domain_sid_to_name: compare: %s\n", sid_str)); - if (sid_equal(sid_name_map[i].sid, sid)) { - fstrcpy(nt_domain, sid_name_map[i].name); - DEBUG(5,("map_domain_sid_to_name: found '%s'\n", nt_domain)); - return True; - } - i++; - } - - DEBUG(5,("map_domain_sid_to_name: mapping for %s not found\n", sid_str)); - - return False; -} - -/************************************************************************** - Looks up a known username from one of the known domains. -***************************************************************************/ - -BOOL lookup_known_rid(DOM_SID *sid, uint32 rid, char *name, enum SID_NAME_USE *psid_name_use) -{ - int i = 0; - struct sid_name_map_info *psnm; - - if (!sid_name_map_initialized) - init_sid_name_map(); - - for(i = 0; sid_name_map[i].sid != NULL; i++) { - psnm = &sid_name_map[i]; - if(sid_equal(psnm->sid, sid)) { - int j; - for(j = 0; psnm->known_users && psnm->known_users[j].known_user_name != NULL; j++) { - if(rid == psnm->known_users[j].rid) { - DEBUG(5,("lookup_builtin_rid: rid = %u, domain = '%s', user = '%s'\n", - (unsigned int)rid, psnm->name, psnm->known_users[j].known_user_name )); - fstrcpy( name, psnm->known_users[j].known_user_name); - *psid_name_use = psnm->known_users[j].sid_name_use; - return True; - } - } - } - } - - return False; -} - -/************************************************************************** - Turns a domain name into a SID. - *** side-effect: if the domain name is NULL, it is set to our domain *** -***************************************************************************/ - -BOOL map_domain_name_to_sid(DOM_SID *sid, char *nt_domain) -{ - int i = 0; - - if (nt_domain == NULL) { - DEBUG(5,("map_domain_name_to_sid: mapping NULL domain to our SID.\n")); - sid_copy(sid, &global_sam_sid); - return True; - } - - if (nt_domain[0] == 0) { - fstrcpy(nt_domain, global_myname); - DEBUG(5,("map_domain_name_to_sid: overriding blank name to %s\n", nt_domain)); - sid_copy(sid, &global_sam_sid); - return True; - } - - DEBUG(5,("map_domain_name_to_sid: %s\n", nt_domain)); - - if (!sid_name_map_initialized) - init_sid_name_map(); - - while (sid_name_map[i].name != NULL) { - DEBUG(5,("map_domain_name_to_sid: compare: %s\n", sid_name_map[i].name)); - if (strequal(sid_name_map[i].name, nt_domain)) { - fstring sid_str; - sid_copy(sid, sid_name_map[i].sid); - sid_to_string(sid_str, sid_name_map[i].sid); - DEBUG(5,("map_domain_name_to_sid: found %s\n", sid_str)); - return True; - } - i++; - } - - DEBUG(0,("map_domain_name_to_sid: mapping to %s not found.\n", nt_domain)); - return False; -} - /************************************************************************** Splits a name of format \DOMAIN\name or name into its two components. Sets the DOMAIN name to global_myname if it has not been specified. @@ -340,15 +155,22 @@ void split_domain_name(const char *fullname, char *domain, char *name) Convert a SID to an ascii string. *****************************************************************/ -char *sid_to_string(fstring sidstr_out, DOM_SID *sid) +char *sid_to_string(fstring sidstr_out, const DOM_SID *sid) { char subauth[16]; int i; + uint32 ia; + + if (!sid) { + fstrcpy(sidstr_out, "(NULL SID)"); + return sidstr_out; + } + /* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */ - uint32 ia = (sid->id_auth[5]) + - (sid->id_auth[4] << 8 ) + - (sid->id_auth[3] << 16) + - (sid->id_auth[2] << 24); + ia = (sid->id_auth[5]) + + (sid->id_auth[4] << 8 ) + + (sid->id_auth[3] << 16) + + (sid->id_auth[2] << 24); slprintf(sidstr_out, sizeof(fstring) - 1, "S-%u-%lu", (unsigned int)sid->sid_rev_num, (unsigned long)ia); @@ -363,7 +185,7 @@ char *sid_to_string(fstring sidstr_out, DOM_SID *sid) /* useful function for debug lines */ -const char *sid_string_static(DOM_SID *sid) +const char *sid_string_static(const DOM_SID *sid) { static fstring sid_str; sid_to_string(sid_str, sid); @@ -466,8 +288,11 @@ BOOL sid_split_rid(DOM_SID *sid, uint32 *rid) Return the last rid from the end of a sid *****************************************************************/ -BOOL sid_peek_rid(DOM_SID *sid, uint32 *rid) +BOOL sid_peek_rid(const DOM_SID *sid, uint32 *rid) { + if (!sid || !rid) + return False; + if (sid->num_auths > 0) { *rid = sid->sub_auths[sid->num_auths - 1]; return True; @@ -475,6 +300,25 @@ BOOL sid_peek_rid(DOM_SID *sid, uint32 *rid) return False; } +/***************************************************************** + Return the last rid from the end of a sid + and check the sid against the exp_dom_sid +*****************************************************************/ + +BOOL sid_peek_check_rid(const DOM_SID *exp_dom_sid, const DOM_SID *sid, uint32 *rid) +{ + if (!exp_dom_sid || !sid || !rid) + return False; + + + if (sid_compare_domain(exp_dom_sid, sid)!=0){ + *rid=(-1); + return False; + } + + return sid_peek_rid(sid, rid); +} + /***************************************************************** Copies a sid *****************************************************************/ @@ -483,7 +327,7 @@ void sid_copy(DOM_SID *dst, const DOM_SID *src) { int i; - memset((char *)dst, '\0', sizeof(DOM_SID)); + ZERO_STRUCTP(dst); dst->sid_rev_num = src->sid_rev_num; dst->num_auths = src->num_auths; @@ -494,24 +338,6 @@ void sid_copy(DOM_SID *dst, const DOM_SID *src) dst->sub_auths[i] = src->sub_auths[i]; } -/***************************************************************** - Duplicates a sid - mallocs the target. -*****************************************************************/ - -DOM_SID *sid_dup(DOM_SID *src) -{ - DOM_SID *dst; - - if(!src) - return NULL; - - if((dst = malloc(sizeof(DOM_SID))) != NULL) { - memset(dst, '\0', sizeof(DOM_SID)); - sid_copy( dst, src); - } - - return dst; -} /***************************************************************** Write a sid out into on-the-wire format. @@ -553,7 +379,7 @@ BOOL sid_parse(char *inbuf, size_t len, DOM_SID *sid) /***************************************************************** Compare the auth portion of two sids. *****************************************************************/ -int sid_compare_auth(const DOM_SID *sid1, const DOM_SID *sid2) +static int sid_compare_auth(const DOM_SID *sid1, const DOM_SID *sid2) { int i; @@ -619,14 +445,6 @@ BOOL sid_equal(const DOM_SID *sid1, const DOM_SID *sid2) } -/***************************************************************** - Check if the SID is our domain SID (S-1-5-21-x-y-z). -*****************************************************************/ -BOOL sid_check_is_domain(const DOM_SID *sid) -{ - return sid_equal(sid, &global_sam_sid); -} - /***************************************************************** Check if the SID is the builtin SID (S-1-5-32). @@ -637,20 +455,6 @@ BOOL sid_check_is_builtin(const DOM_SID *sid) } -/***************************************************************** - Check if the SID is our domain SID (S-1-5-21-x-y-z). -*****************************************************************/ -BOOL sid_check_is_in_our_domain(const DOM_SID *sid) -{ - DOM_SID dom_sid; - uint32 rid; - - sid_copy(&dom_sid, sid); - sid_split_rid(&dom_sid, &rid); - - return sid_equal(&dom_sid, &global_sam_sid); -} - /***************************************************************** Check if the SID is our domain SID (S-1-5-21-x-y-z). *****************************************************************/ diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index af3182264d5..4f1f2a1470a 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -21,13 +21,6 @@ #include "includes.h" -#ifdef WITH_SSL -#include -#undef Realloc /* SSLeay defines this and samba has a function of this name */ -extern SSL *ssl; -extern int sslFd; -#endif /* WITH_SSL */ - /* the last IP received from */ struct in_addr lastip; @@ -42,23 +35,22 @@ int smb_read_error = 0; BOOL is_a_socket(int fd) { - int v,l; - l = sizeof(int); - return(getsockopt(fd, SOL_SOCKET, SO_TYPE, (char *)&v, &l) == 0); + int v,l; + l = sizeof(int); + return(getsockopt(fd, SOL_SOCKET, SO_TYPE, (char *)&v, &l) == 0); } enum SOCK_OPT_TYPES {OPT_BOOL,OPT_INT,OPT_ON}; -typedef struct smb_socket_option -{ - char *name; - int level; - int option; - int value; - int opttype; +typedef struct smb_socket_option { + char *name; + int level; + int option; + int value; + int opttype; } smb_socket_option; -smb_socket_option socket_options[] = { +static const smb_socket_option socket_options[] = { {"SO_KEEPALIVE", SOL_SOCKET, SO_KEEPALIVE, 0, OPT_BOOL}, {"SO_REUSEADDR", SOL_SOCKET, SO_REUSEADDR, 0, OPT_BOOL}, {"SO_BROADCAST", SOL_SOCKET, SO_BROADCAST, 0, OPT_BOOL}, @@ -97,10 +89,11 @@ smb_socket_option socket_options[] = { /**************************************************************************** Print socket options. ****************************************************************************/ + static void print_socket_options(int s) { int value, vlen = 4; - smb_socket_option *p = &socket_options[0]; + const smb_socket_option *p = &socket_options[0]; for (; p->name != NULL; p++) { if (getsockopt(s, p->level, p->option, (void *)&value, &vlen) == -1) { @@ -178,7 +171,7 @@ ssize_t read_udp_socket(int fd,char *buf,size_t len) memset((char *)&sock,'\0',socklen); memset((char *)&lastip,'\0',sizeof(lastip)); - ret = (ssize_t)recvfrom(fd,buf,len,0,(struct sockaddr *)&sock,&socklen); + ret = (ssize_t)sys_recvfrom(fd,buf,len,0,(struct sockaddr *)&sock,&socklen); if (ret <= 0) { DEBUG(2,("read socket failed. ERRNO=%s\n",strerror(errno))); return(0); @@ -196,7 +189,7 @@ ssize_t read_udp_socket(int fd,char *buf,size_t len) /******************************************************************* checks if read data is outstanding. ********************************************************************/ -int read_data_outstanding(int fd, unsigned int time_out) +static int read_data_outstanding(int fd, unsigned int time_out) { int selrtn; fd_set fds; @@ -243,15 +236,7 @@ static ssize_t read_socket_with_timeout(int fd,char *buf,size_t mincnt,size_t ma if (mincnt == 0) mincnt = maxcnt; while (nread < mincnt) { -#ifdef WITH_SSL - if (fd == sslFd) { - readret = SSL_read(ssl, buf + nread, maxcnt - nread); - } else { - readret = read(fd, buf + nread, maxcnt - nread); - } -#else /* WITH_SSL */ - readret = read(fd, buf + nread, maxcnt - nread); -#endif /* WITH_SSL */ + readret = sys_read(fd, buf + nread, maxcnt - nread); if (readret == 0) { DEBUG(5,("read_socket_with_timeout: blocking read. EOF from client.\n")); @@ -300,15 +285,7 @@ static ssize_t read_socket_with_timeout(int fd,char *buf,size_t mincnt,size_t ma return -1; } -#ifdef WITH_SSL - if (fd == sslFd) { - readret = SSL_read(ssl, buf + nread, maxcnt - nread); - }else{ - readret = read(fd, buf + nread, maxcnt - nread); - } -#else /* WITH_SSL */ - readret = read(fd, buf+nread, maxcnt-nread); -#endif /* WITH_SSL */ + readret = sys_read(fd, buf+nread, maxcnt-nread); if (readret == 0) { /* we got EOF on the file descriptor */ @@ -353,15 +330,7 @@ ssize_t read_with_timeout(int fd, char *buf, size_t mincnt, size_t maxcnt, if (mincnt == 0) mincnt = maxcnt; while (nread < mincnt) { -#ifdef WITH_SSL - if(fd == sslFd){ - readret = SSL_read(ssl, buf + nread, maxcnt - nread); - }else{ - readret = read(fd, buf + nread, maxcnt - nread); - } -#else /* WITH_SSL */ - readret = read(fd, buf + nread, maxcnt - nread); -#endif /* WITH_SSL */ + readret = sys_read(fd, buf + nread, maxcnt - nread); if (readret <= 0) return readret; @@ -383,15 +352,7 @@ ssize_t read_with_timeout(int fd, char *buf, size_t mincnt, size_t maxcnt, if(selrtn <= 0) return selrtn; -#ifdef WITH_SSL - if(fd == sslFd){ - readret = SSL_read(ssl, buf + nread, maxcnt - nread); - }else{ - readret = read(fd, buf + nread, maxcnt - nread); - } -#else /* WITH_SSL */ - readret = read(fd, buf+nread, maxcnt-nread); -#endif /* WITH_SSL */ + readret = sys_read(fd, buf+nread, maxcnt-nread); if (readret <= 0) return readret; @@ -403,58 +364,34 @@ ssize_t read_with_timeout(int fd, char *buf, size_t mincnt, size_t maxcnt, return((ssize_t)nread); } -/**************************************************************************** -send a keepalive packet (rfc1002) -****************************************************************************/ - -BOOL send_keepalive(int client) -{ - unsigned char buf[4]; - - buf[0] = SMBkeepalive; - buf[1] = buf[2] = buf[3] = 0; - - return(write_socket_data(client,(char *)buf,4) == 4); -} - /**************************************************************************** read data from the client, reading exactly N bytes. ****************************************************************************/ ssize_t read_data(int fd,char *buffer,size_t N) { - ssize_t ret; - size_t total=0; + ssize_t ret; + size_t total=0; - smb_read_error = 0; - - while (total < N) - { -#ifdef WITH_SSL - if(fd == sslFd){ - ret = SSL_read(ssl, buffer + total, N - total); - }else{ - ret = read(fd,buffer + total,N - total); - } -#else /* WITH_SSL */ - ret = read(fd,buffer + total,N - total); -#endif /* WITH_SSL */ - - if (ret == 0) - { - DEBUG(10,("read_data: read of %d returned 0. Error = %s\n", (int)(N - total), strerror(errno) )); - smb_read_error = READ_EOF; - return 0; - } - if (ret == -1) - { - DEBUG(0,("read_data: read failure for %d. Error = %s\n", (int)(N - total), strerror(errno) )); - smb_read_error = READ_ERROR; - return -1; - } - total += ret; - } - return (ssize_t)total; + smb_read_error = 0; + + while (total < N) { + ret = sys_read(fd,buffer + total,N - total); + + if (ret == 0) { + DEBUG(10,("read_data: read of %d returned 0. Error = %s\n", (int)(N - total), strerror(errno) )); + smb_read_error = READ_EOF; + return 0; + } + + if (ret == -1) { + DEBUG(0,("read_data: read failure for %d. Error = %s\n", (int)(N - total), strerror(errno) )); + smb_read_error = READ_ERROR; + return -1; + } + total += ret; + } + return (ssize_t)total; } /**************************************************************************** @@ -463,38 +400,28 @@ ssize_t read_data(int fd,char *buffer,size_t N) static ssize_t read_socket_data(int fd,char *buffer,size_t N) { - ssize_t ret; - size_t total=0; + ssize_t ret; + size_t total=0; - smb_read_error = 0; - - while (total < N) - { -#ifdef WITH_SSL - if(fd == sslFd){ - ret = SSL_read(ssl, buffer + total, N - total); - }else{ - ret = read(fd,buffer + total,N - total); - } -#else /* WITH_SSL */ - ret = read(fd,buffer + total,N - total); -#endif /* WITH_SSL */ - - if (ret == 0) - { - DEBUG(10,("read_socket_data: recv of %d returned 0. Error = %s\n", (int)(N - total), strerror(errno) )); - smb_read_error = READ_EOF; - return 0; - } - if (ret == -1) - { - DEBUG(0,("read_socket_data: recv failure for %d. Error = %s\n", (int)(N - total), strerror(errno) )); - smb_read_error = READ_ERROR; - return -1; - } - total += ret; - } - return (ssize_t)total; + smb_read_error = 0; + + while (total < N) { + ret = sys_read(fd,buffer + total,N - total); + + if (ret == 0) { + DEBUG(10,("read_socket_data: recv of %d returned 0. Error = %s\n", (int)(N - total), strerror(errno) )); + smb_read_error = READ_EOF; + return 0; + } + + if (ret == -1) { + DEBUG(0,("read_socket_data: recv failure for %d. Error = %s\n", (int)(N - total), strerror(errno) )); + smb_read_error = READ_ERROR; + return -1; + } + total += ret; + } + return (ssize_t)total; } /**************************************************************************** @@ -503,62 +430,46 @@ static ssize_t read_socket_data(int fd,char *buffer,size_t N) ssize_t write_data(int fd,char *buffer,size_t N) { - size_t total=0; - ssize_t ret; - - while (total < N) - { -#ifdef WITH_SSL - if(fd == sslFd){ - ret = SSL_write(ssl,buffer + total,N - total); - }else{ - ret = write(fd,buffer + total,N - total); - } -#else /* WITH_SSL */ - ret = write(fd,buffer + total,N - total); -#endif /* WITH_SSL */ - - if (ret == -1) { - DEBUG(0,("write_data: write failure. Error = %s\n", strerror(errno) )); - return -1; - } - if (ret == 0) return total; + size_t total=0; + ssize_t ret; - total += ret; - } - return (ssize_t)total; + while (total < N) { + ret = sys_write(fd,buffer + total,N - total); + + if (ret == -1) { + DEBUG(0,("write_data: write failure. Error = %s\n", strerror(errno) )); + return -1; + } + if (ret == 0) + return total; + + total += ret; + } + return (ssize_t)total; } /**************************************************************************** Write data to a socket - use send rather than write. ****************************************************************************/ -ssize_t write_socket_data(int fd,char *buffer,size_t N) +static ssize_t write_socket_data(int fd,char *buffer,size_t N) { - size_t total=0; - ssize_t ret; - - while (total < N) - { -#ifdef WITH_SSL - if(fd == sslFd){ - ret = SSL_write(ssl,buffer + total,N - total); - }else{ - ret = send(fd,buffer + total,N - total, 0); - } -#else /* WITH_SSL */ - ret = send(fd,buffer + total,N - total,0); -#endif /* WITH_SSL */ - - if (ret == -1) { - DEBUG(0,("write_socket_data: write failure. Error = %s\n", strerror(errno) )); - return -1; - } - if (ret == 0) return total; + size_t total=0; + ssize_t ret; - total += ret; - } - return (ssize_t)total; + while (total < N) { + ret = sys_send(fd,buffer + total,N - total,0); + + if (ret == -1) { + DEBUG(0,("write_socket_data: write failure. Error = %s\n", strerror(errno) )); + return -1; + } + if (ret == 0) + return total; + + total += ret; + } + return (ssize_t)total; } /**************************************************************************** @@ -567,19 +478,34 @@ write to a socket ssize_t write_socket(int fd,char *buf,size_t len) { - ssize_t ret=0; + ssize_t ret=0; - DEBUG(6,("write_socket(%d,%d)\n",fd,(int)len)); - ret = write_socket_data(fd,buf,len); + DEBUG(6,("write_socket(%d,%d)\n",fd,(int)len)); + ret = write_socket_data(fd,buf,len); - DEBUG(6,("write_socket(%d,%d) wrote %d\n",fd,(int)len,(int)ret)); - if(ret <= 0) - DEBUG(0,("write_socket: Error writing %d bytes to socket %d: ERRNO = %s\n", - (int)len, fd, strerror(errno) )); + DEBUG(6,("write_socket(%d,%d) wrote %d\n",fd,(int)len,(int)ret)); + if(ret <= 0) + DEBUG(0,("write_socket: Error writing %d bytes to socket %d: ERRNO = %s\n", + (int)len, fd, strerror(errno) )); + + return(ret); +} + +/**************************************************************************** +send a keepalive packet (rfc1002) +****************************************************************************/ - return(ret); +BOOL send_keepalive(int client) +{ + unsigned char buf[4]; + + buf[0] = SMBkeepalive; + buf[1] = buf[2] = buf[3] = 0; + + return(write_socket_data(client,(char *)buf,4) == 4); } + /**************************************************************************** read 4 bytes of a smb packet and return the smb length of the packet store the result in the buffer @@ -590,30 +516,29 @@ timeout is in milliseconds. static ssize_t read_smb_length_return_keepalive(int fd,char *inbuf,unsigned int timeout) { - ssize_t len=0; - int msg_type; - BOOL ok = False; + ssize_t len=0; + int msg_type; + BOOL ok = False; - while (!ok) - { - if (timeout > 0) - ok = (read_socket_with_timeout(fd,inbuf,4,4,timeout) == 4); - else - ok = (read_socket_data(fd,inbuf,4) == 4); + while (!ok) { + if (timeout > 0) + ok = (read_socket_with_timeout(fd,inbuf,4,4,timeout) == 4); + else + ok = (read_socket_data(fd,inbuf,4) == 4); - if (!ok) - return(-1); + if (!ok) + return(-1); - len = smb_len(inbuf); - msg_type = CVAL(inbuf,0); + len = smb_len(inbuf); + msg_type = CVAL(inbuf,0); - if (msg_type == SMBkeepalive) - DEBUG(5,("Got keepalive packet\n")); - } + if (msg_type == SMBkeepalive) + DEBUG(5,("Got keepalive packet\n")); + } - DEBUG(10,("got smb length of %d\n",len)); + DEBUG(10,("got smb length of %d\n",len)); - return(len); + return(len); } /**************************************************************************** @@ -625,23 +550,22 @@ timeout is in milliseconds. ssize_t read_smb_length(int fd,char *inbuf,unsigned int timeout) { - ssize_t len; + ssize_t len; - for(;;) - { - len = read_smb_length_return_keepalive(fd, inbuf, timeout); + for(;;) { + len = read_smb_length_return_keepalive(fd, inbuf, timeout); - if(len < 0) - return len; + if(len < 0) + return len; - /* Ignore session keepalives. */ - if(CVAL(inbuf,0) != SMBkeepalive) - break; - } + /* Ignore session keepalives. */ + if(CVAL(inbuf,0) != SMBkeepalive) + break; + } - DEBUG(10,("read_smb_length: got smb length of %d\n",len)); + DEBUG(10,("read_smb_length: got smb length of %d\n",len)); - return len; + return len; } /**************************************************************************** @@ -708,40 +632,6 @@ BOOL receive_smb(int fd,char *buffer, unsigned int timeout) return(True); } -/**************************************************************************** - read an smb from a fd ignoring all keepalive packets. Note that the buffer - *MUST* be of size BUFFER_SIZE+SAFETY_MARGIN. - The timeout is in milliseconds - - This is exactly the same as receive_smb except that it never returns - a session keepalive packet (just as receive_smb used to do). - receive_smb was changed to return keepalives as the oplock processing means this call - should never go into a blocking read. -****************************************************************************/ - -BOOL client_receive_smb(int fd,char *buffer, unsigned int timeout) -{ - BOOL ret; - - for(;;) - { - ret = receive_smb(fd, buffer, timeout); - - if (!ret) - { - DEBUG(10,("client_receive_smb failed\n")); - show_msg(buffer); - return ret; - } - - /* Ignore session keepalive packets. */ - if(CVAL(buffer,0) != SMBkeepalive) - break; - } - show_msg(buffer); - return ret; -} - /**************************************************************************** send an smb to a fd ****************************************************************************/ @@ -766,45 +656,6 @@ BOOL send_smb(int fd,char *buffer) return True; } -/**************************************************************************** -send a single packet to a port on another machine -****************************************************************************/ - -BOOL send_one_packet(char *buf,int len,struct in_addr ip,int port,int type) -{ - BOOL ret; - int out_fd; - struct sockaddr_in sock_out; - - /* create a socket to write to */ - out_fd = socket(AF_INET, type, 0); - if (out_fd == -1) - { - DEBUG(0,("socket failed")); - return False; - } - - /* set the address and port */ - memset((char *)&sock_out,'\0',sizeof(sock_out)); - putip((char *)&sock_out.sin_addr,(char *)&ip); - sock_out.sin_port = htons( port ); - sock_out.sin_family = AF_INET; - - if (DEBUGLEVEL > 0) - DEBUG(3,("sending a packet of len %d to (%s) on port %d of type %s\n", - len,inet_ntoa(ip),port,type==SOCK_DGRAM?"DGRAM":"STREAM")); - - /* send it */ - ret = (sendto(out_fd,buf,len,0,(struct sockaddr *)&sock_out,sizeof(sock_out)) >= 0); - - if (!ret) - DEBUG(0,("Packet send to %s(%d) failed ERRNO=%s\n", - inet_ntoa(ip),port,strerror(errno))); - - close(out_fd); - return(ret); -} - /**************************************************************************** Open a socket of the specified type, port, and address for incoming data. ****************************************************************************/ @@ -866,7 +717,7 @@ int open_socket_in( int type, int port, int dlevel, uint32 socket_addr, BOOL reb return( -1 ); } - DEBUG( 3, ( "bind succeeded on port %d\n", port ) ); + DEBUG( 10, ( "bind succeeded on port %d\n", port ) ); return( res ); } @@ -1113,37 +964,6 @@ char *get_socket_addr(int fd) return addr_buf; } -/******************************************************************* - opens and connects to a unix pipe socket - ******************************************************************/ -int open_pipe_sock(char *path) -{ - int sock; - struct sockaddr_un sa; - - sock = socket(AF_UNIX, SOCK_STREAM, 0); - - if (sock < 0) - { - DEBUG(0, ("unix socket open failed\n")); - return sock; - } - - ZERO_STRUCT(sa); - sa.sun_family = AF_UNIX; - safe_strcpy(sa.sun_path, path, sizeof(sa.sun_path)-1); - - DEBUG(10, ("socket open succeeded. file name: %s\n", sa.sun_path)); - - if (connect(sock, (struct sockaddr*) &sa, sizeof(sa)) < 0) - { - DEBUG(0,("socket connect to %s failed\n", sa.sun_path)); - close(sock); - return -1; - } - - return sock; -} /******************************************************************* Create protected unix domain socket. @@ -1153,8 +973,8 @@ int open_pipe_sock(char *path) permissions, instead. ******************************************************************/ int create_pipe_sock(const char *socket_dir, - const char *socket_name, - mode_t dir_perms) + const char *socket_name, + mode_t dir_perms) { struct sockaddr_un sunaddr; struct stat st; diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c index 6fdca658cd5..88a72f15360 100644 --- a/source3/lib/util_str.c +++ b/source3/lib/util_str.c @@ -650,23 +650,27 @@ This routine looks for pattern in s and replaces it with insert. It may do multiple replacements. any of " ; ' $ or ` in the insert string are replaced with _ -if len==0 then no length check is performed +if len==0 then the string cannot be extended. This is different from the old +use of len==0 which was for no length checks to be done. ****************************************************************************/ -void string_sub(char *s,const char *pattern,const char *insert, size_t len) + +void string_sub(char *s,const char *pattern, const char *insert, size_t len) { char *p; ssize_t ls,lp,li, i; - if (!insert || !pattern || !s) return; + if (!insert || !pattern || !*pattern || !s) + return; ls = (ssize_t)strlen(s); lp = (ssize_t)strlen(pattern); li = (ssize_t)strlen(insert); - if (!*pattern) return; - + if (len == 0) + len = ls; + while (lp <= ls && (p = strstr(s,pattern))) { - if (len && (ls + (li-lp) >= len)) { + if (ls + (li-lp) >= len) { DEBUG(0,("ERROR: string overflow by %d in string_sub(%.50s, %d)\n", (int)(ls + (li-lp) - len), pattern, (int)len)); @@ -706,26 +710,98 @@ void pstring_sub(char *s,const char *pattern,const char *insert) string_sub(s, pattern, insert, sizeof(pstring)); } +/* similar to string_sub, but it will accept only allocated strings + * and may realloc them so pay attention at what you pass on no + * pointers inside strings, no pstrings or const must be passed + * as string. + */ + +char *realloc_string_sub(char *string, const char *pattern, const char *insert) +{ + char *p, *in; + char *s; + ssize_t ls,lp,li,ld, i; + + if (!insert || !pattern || !*pattern || !string || !*string) + return NULL; + + s = string; + + in = strdup(insert); + if (!in) { + DEBUG(0, ("realloc_string_sub: out of memory!\n")); + return NULL; + } + ls = (ssize_t)strlen(s); + lp = (ssize_t)strlen(pattern); + li = (ssize_t)strlen(insert); + ld = li - lp; + for (i=0;i 0) { + char *t = Realloc(string, ls + ld + 1); + if (!t) { + DEBUG(0, ("realloc_string_sub: out of memory!\n")); + SAFE_FREE(in); + return NULL; + } + string = t; + p = t + (p - s); + } + if (li != lp) { + memmove(p+li,p+lp,strlen(p+lp)+1); + } + memcpy(p, in, li); + s = p + li; + ls += ld; + } + SAFE_FREE(in); + return string; +} + /**************************************************************************** similar to string_sub() but allows for any character to be substituted. Use with caution! -if len==0 then no length check is performed +if len==0 then the string cannot be extended. This is different from the old +use of len==0 which was for no length checks to be done. ****************************************************************************/ + void all_string_sub(char *s,const char *pattern,const char *insert, size_t len) { char *p; ssize_t ls,lp,li; - if (!insert || !pattern || !s) return; + if (!insert || !pattern || !s) + return; ls = (ssize_t)strlen(s); lp = (ssize_t)strlen(pattern); li = (ssize_t)strlen(insert); - if (!*pattern) return; + if (!*pattern) + return; + + if (len == 0) + len = ls; while (lp <= ls && (p = strstr(s,pattern))) { - if (len && (ls + (li-lp) >= len)) { + if (ls + (li-lp) >= len) { DEBUG(0,("ERROR: string overflow by %d in all_string_sub(%.50s, %d)\n", (int)(ls + (li-lp) - len), pattern, (int)len)); @@ -743,10 +819,8 @@ void all_string_sub(char *s,const char *pattern,const char *insert, size_t len) /**************************************************************************** similar to all_string_sub but for unicode strings. return a new allocate unicode string. -len is the number of bytes, not chars similar to string_sub() but allows for any character to be substituted. Use with caution! - if len==0 then no length check is performed ****************************************************************************/ smb_ucs2_t *all_string_sub_w(const smb_ucs2_t *s, const smb_ucs2_t *pattern, @@ -915,6 +989,20 @@ void strlower_m(char *s) unix_strlower(s,strlen(s)+1,s,strlen(s)+1); } +/******************************************************************* + duplicate convert a string to lower case +********************************************************************/ +char *strdup_lower(const char *s) +{ + char *t = strdup(s); + if (t == NULL) { + DEBUG(0, ("strdup_lower: Out of memory!\n")); + return NULL; + } + strlower_m(t); + return t; +} + /******************************************************************* convert a string to upper case ********************************************************************/ @@ -935,6 +1023,20 @@ void strupper_m(char *s) unix_strupper(s,strlen(s)+1,s,strlen(s)+1); } +/******************************************************************* + convert a string to upper case +********************************************************************/ +char *strdup_upper(const char *s) +{ + char *t = strdup(s); + if (t == NULL) { + DEBUG(0, ("strdup_upper: Out of memory!\n")); + return NULL; + } + strupper_m(t); + return t; +} + /* return a RFC2254 binary string representation of a buffer used in LDAP filters @@ -991,13 +1093,207 @@ some platforms don't have strndup char *strndup(const char *s, size_t n) { char *ret; - int i; - for (i=0;s[i] && ibuffer) { + dst->buffer = (uint16*) talloc(ctx, sizeof(uint16) * (len + 1)); + if (!dst->buffer) return NULL; + } + + /* set UNISTR2 parameters */ + dst->uni_max_len = len + 1; + dst->undoc = 0; + dst->uni_str_len = len; + + /* copy the actual unicode string */ + strncpy_w(dst->buffer, src, dst->uni_max_len); + + return dst; +}; + diff --git a/source3/lib/wins_srv.c b/source3/lib/wins_srv.c index 0181ee0956b..adf405ae7e2 100644 --- a/source3/lib/wins_srv.c +++ b/source3/lib/wins_srv.c @@ -1,7 +1,7 @@ /* Unix SMB/CIFS implementation. - Samba utility functions - Copyright (C) Andrew Tridgell 1992-1998 + Samba wins server helper functions + Copyright (C) Andrew Tridgell 1992-2002 Copyright (C) Christopher R. Hertel 2000 This program is free software; you can redistribute it and/or modify @@ -21,319 +21,330 @@ #include "includes.h" -/* -------------------------------------------------------------------------- ** - * Discussion... - * - * This module implements WINS failover. - * - * Microsoft's WINS servers provide a feature called WINS replication, - * which synchronises the WINS name databases between two or more servers. - * This means that the two servers can be used interchangably (more or - * less). WINS replication is particularly useful if you are trying to - * synchronise the WINS namespace between servers in remote locations, or - * if your WINS servers tend to crash a lot. - * - * WINS failover allows the client to 'switch' to a different WINS server - * if the current WINS server mysteriously disappears. On Windows - * systems, this is typically represented as 'primary' and 'secondary' - * WINS servers. - * - * Failover only works if the WINS servers are synced. If they are not, - * then - * a) if the primary WINS server never fails the client will never 'see' - * the secondary (or tertiary or...) WINS server name space. - * b) if the primary *does* fail, the client will be entering an - * unfamiliar namespace. The client itself will not be registered in - * that namespace and any names which match names in the previous - * space will likely resolve to different host IP addresses. - * - * One key thing to remember regarding WINS failover is that Samba does - * not (yet) implement WINS replication. For those interested, sniff port - * 42 (TCP? UDP? ...dunno off hand) and see what two MS WINS servers do. - * - * At this stage, only failover is implemented. The next thing is to add - * support for multi-WINS server registration and query (multi-membership). - * - * Multi-membership is a little wierd. The idea is that the client can - * register itself with multiple non-replicated WINS servers, and query - * all of those servers (in a prescribed sequence) to resolve a name. - * - * The implications of multi-membership are not quite clear. Worth - * trying, I suppose. Changes will be needed in the name query and - * registration code to accomodate this feature. Also, there will need to - * be some sort of syntax extension for the 'wins server' parameter in - * smb.conf. I'm thinking that a colon could be used as a separator. - * - * Of course, for each WINS namespace there might be multiple, synced WINS - * servers. The change to this module would likely be the addition of a - * linked list of linked lists. - * - * crh@samba.org - */ - -/* -------------------------------------------------------------------------- ** - * Defines... - * - * NECROMANCYCLE - The dead server retry period, in seconds. When a WINS - * server is declared dead, wait this many seconds before - * attempting to communicate with it. - */ - -#define NECROMANCYCLE 600 /* 600 seconds == 10 minutes. */ - -/* -------------------------------------------------------------------------- ** - * Typedefs... - */ - -typedef struct - { - ubi_slNode node; /* Linked list node structure. */ - time_t mourning; /* If > current time then server is dead, Jim. */ - char *server; /* DNS name or IP of NBNS server to query. */ - struct in_addr ip_addr; /* Cache translated IP. */ - } list_entry; - -/* -------------------------------------------------------------------------- ** - * Private, static variables. - */ - -static ubi_slNewList( wins_srv_list ); - -/* -------------------------------------------------------------------------- ** - * Functions... - */ - - -BOOL wins_srv_load_list( char *src ) - /* ------------------------------------------------------------------------ ** - * Create or recreate the linked list of failover WINS servers. - * - * Input: src - String of DNS names and/or IP addresses delimited by the - * characters listed in LIST_SEP (see include/local.h). - * - * Output: True if at least one name or IP could be parsed out of the - * list, else False. - * - * Notes: There is no syntax checking done on the names or IPs. We do - * check to see if the field is an IP, in which case we copy it - * to the ip_addr field of the entry. Don't bother to to a host - * name lookup on all names now. They're done as needed in - * wins_srv_ip(). - * ------------------------------------------------------------------------ ** - */ - { - list_entry *entry; - char *p = src; - pstring wins_id_bufr; - unsigned long count; - - /* Empty the list. */ - while( NULL != (entry =(list_entry *)ubi_slRemHead( wins_srv_list )) ) - { - SAFE_FREE( entry->server ); - SAFE_FREE( entry ); - } - (void)ubi_slInitList( wins_srv_list ); /* shouldn't be needed */ - - /* Parse out the DNS names or IP addresses of the WINS servers. */ - DEBUG( 4, ("wins_srv_load_list(): Building WINS server list:\n") ); - while( next_token( &p, wins_id_bufr, LIST_SEP, sizeof( wins_id_bufr ) ) ) - { - entry = (list_entry *)malloc( sizeof( list_entry ) ); - if( NULL == entry ) - { - DEBUG( 0, ("wins_srv_load_list(): malloc(list_entry) failed.\n") ); - } - else - { - entry->mourning = 0; - /* Create a copy of the server name and store it in the list. */ - if( NULL == (entry->server = strdup( wins_id_bufr )) ) - { - SAFE_FREE( entry ); - DEBUG( 0, - ("wins_srv_load_list(): strdup(\"%s\") failed.\n", wins_id_bufr) ); - } - else - { - /* Add server to list. - * If the server name was actually an IP address we will store that - * too. It it was a DNS name, we will wait until we need to use - * the WINS server before doing the DNS lookup. Since this may be - * a list, and since we will reload the list whenever smb.conf is - * reloaded, there's no point in trying to look up names until we - * need them. ...of course, once we do the lookup we will cache - * the result. See wins_srv_ip(). - */ - if( is_ipaddress( wins_id_bufr ) ) - entry->ip_addr = *interpret_addr2( wins_id_bufr ); - else - entry->ip_addr = *interpret_addr2( "0.0.0.0" ); - (void)ubi_slAddTail( wins_srv_list, entry ); - DEBUGADD( 4, ("%s,\n", wins_id_bufr) ); - } - } - } - - count = ubi_slCount( wins_srv_list ); - DEBUGADD( 4, - ( "%d WINS server%s listed.\n", (int)count, (1==count)?"":"s" ) ); - - return( (count > 0) ? True : False ); - } /* wins_srv_load_list */ - - -struct in_addr wins_srv_ip( void ) - /* ------------------------------------------------------------------------ ** - * Return the IP address of an NBNS (WINS) server thought to be active. - * - * Input: none. - * - * Output: An IP address in struct in_addr form. - * - * Notes: This function will return the IP address of the first available - * NBNS (WINS) server. The order of the list is determined in - * smb.conf. If all of the WINS servers have been marked 'dead' - * then the zero IP (0.0.0.0) is returned. The zero IP is not a - * valid Unicast address on any system. - * - * ------------------------------------------------------------------------ ** - */ - { - time_t now = time(NULL); - list_entry *entry = (list_entry *)ubi_slFirst( wins_srv_list ); - - while( NULL != entry ) - { - if( now >= entry->mourning ) /* Found a live one. */ - { - /* If we don't have the IP, look it up. */ - if( is_zero_ip( entry->ip_addr ) ) - entry->ip_addr = *interpret_addr2( entry->server ); - - /* If we still don't have the IP then kill it, else return it. */ - if( is_zero_ip( entry->ip_addr ) ) - entry->mourning = now + NECROMANCYCLE; - else - return( entry->ip_addr ); - } - entry = (list_entry *)ubi_slNext( entry ); - } - - /* If there are no live entries, return the zero IP. */ - return( *interpret_addr2( "0.0.0.0" ) ); - } /* wins_srv_ip */ - - -char *wins_srv_name( void ) - /* ------------------------------------------------------------------------ ** - * Return the name of first live WINS server in the list. - * - * Input: none. - * - * Output: A pointer to a string containing either the DNS name or IP - * address of the WINS server as given in the WINS SERVER - * parameter in smb.conf, or NULL if no (live) WINS servers are - * in the list. - * - * Notes: This function will return the name of the first available - * NBNS (WINS) server. The order of the list is determined in - * smb.conf. If all of the WINS servers have been marked 'dead' - * then NULL is returned. - * - * - This function does not verify that the name can be mapped to - * an IP address, or that the WINS server is running. - * - * ------------------------------------------------------------------------ ** - */ - { - time_t now = time(NULL); - list_entry *entry = (list_entry *)ubi_slFirst( wins_srv_list ); - - while( NULL != entry ) - { - if( now >= entry->mourning ) - return( entry->server ); /* Found a live one. */ - entry = (list_entry *)ubi_slNext( entry ); - } - - /* If there are no live entries, return NULL. */ - return( NULL ); - } /* wins_srv_name */ - - -void wins_srv_died( struct in_addr boothill_ip ) - /* ------------------------------------------------------------------------ ** - * Called to indicate that a specific WINS server has died. - * - * Input: boothill_ip - IP address of an NBNS (WINS) server that has - * failed. - * - * Notes: This function marks the record 'dead' for NECROMANCYCLE - * seconds. - * - * ------------------------------------------------------------------------ ** - */ - { - list_entry *entry; - - if( is_zero_ip( boothill_ip ) ) - { - DEBUG( 4, ("wins_srv_died(): Invalid request to mark zero IP down.\n") ); - return; - } - - entry = (list_entry *)ubi_slFirst( wins_srv_list ); - while( NULL != entry ) - { - /* Match based on IP. */ - if( ip_equal( boothill_ip, entry->ip_addr ) ) - { - entry->mourning = time(NULL) + NECROMANCYCLE; - entry->ip_addr.s_addr = 0; /* Force a re-lookup at re-birth. */ - DEBUG( 2, ( "wins_srv_died(): WINS server %s appears to be down.\n", - entry->server ) ); - return; - } - entry = (list_entry *)ubi_slNext( entry ); - } - - if( DEBUGLVL( 1 ) ) - { - dbgtext( "wins_srv_died(): Could not mark WINS server %s down.\n", - inet_ntoa( boothill_ip ) ); - dbgtext( "Address not found in server list.\n" ); - } - } /* wins_srv_died */ - - -unsigned long wins_srv_count( void ) - /* ------------------------------------------------------------------------ ** - * Return the total number of entries in the list, dead or alive. - * ------------------------------------------------------------------------ ** - */ - { - unsigned long count = ubi_slCount( wins_srv_list ); - - if( DEBUGLVL( 8 ) ) - { - list_entry *entry = (list_entry *)ubi_slFirst( wins_srv_list ); - time_t now = time(NULL); - - dbgtext( "wins_srv_count: WINS status: %ld servers.\n", count ); - while( NULL != entry ) - { - dbgtext( " %s <%s>: ", entry->server, inet_ntoa( entry->ip_addr ) ); - if( now >= entry->mourning ) - dbgtext( "alive\n" ); - else - dbgtext( "dead for %d more seconds\n", (int)(entry->mourning - now) ); - - entry = (list_entry *)ubi_slNext( entry ); - } - } - - return( count ); - } /* wins_srv_count */ - -/* ========================================================================== */ +/* + this is pretty much a complete rewrite of the earlier code. The main + aim of the rewrite is to add support for having multiple wins server + lists, so Samba can register with multiple groups of wins servers + and each group has a failover list of wins servers. + + Central to the way it all works is the idea of a wins server + 'tag'. A wins tag is a label for a group of wins servers. For + example if you use + + wins server = fred:192.168.2.10 mary:192.168.3.199 fred:192.168.2.61 + + then you would have two groups of wins servers, one tagged with the + name 'fred' and the other with the name 'mary'. I would usually + recommend using interface names instead of 'fred' and 'mary' but + they can be any alpha string. + + Now, how does it all work. Well, nmbd needs to register each of its + IPs with each of its names once with each group of wins servers. So + it tries registering with the first one mentioned in the list, then + if that fails it marks that WINS server dead and moves onto the next + one. + + In the client code things are a bit different. As each of the groups + of wins servers is a separate name space we need to try each of the + groups until we either succeed or we run out of wins servers to + try. If we get a negative response from a wins server then that + means the name doesn't exist in that group, so we give up on that + group and move to the next group. If we don't get a response at all + then maybe the wins server is down, in which case we need to + failover to the next one for that group. + + confused yet? (tridge) +*/ + + +/* how long a server is marked dead for */ +#define DEATH_TIME 600 + +/* a list of wins server that are marked dead from the point of view + of a given source address. We keep a separate dead list for each src address + to cope with multiple interfaces that are not routable to each other + */ +static struct wins_dead { + struct in_addr dest_ip; + struct in_addr src_ip; + time_t revival; /* when it will be revived */ + struct wins_dead *next, *prev; +} *dead_servers; + +/* an internal convenience structure for an IP with a short string tag + attached */ +struct tagged_ip { + fstring tag; + struct in_addr ip; +}; + +/* + see if an ip is on the dead list +*/ +BOOL wins_srv_is_dead(struct in_addr wins_ip, struct in_addr src_ip) +{ + struct wins_dead *d; + for (d=dead_servers; d; d=d->next) { + if (ip_equal(wins_ip, d->dest_ip) && ip_equal(src_ip, d->src_ip)) { + /* it might be due for revival */ + if (d->revival <= time(NULL)) { + fstring src_name; + fstrcpy(src_name, inet_ntoa(src_ip)); + DEBUG(4,("Reviving wins server %s for source %s\n", + inet_ntoa(wins_ip), src_name)); + DLIST_REMOVE(dead_servers, d); + free(d); + return False; + } + return True; + } + } + return False; +} + + +/* + mark a wins server as being alive (for the moment) +*/ +void wins_srv_alive(struct in_addr wins_ip, struct in_addr src_ip) +{ + struct wins_dead *d; + for (d=dead_servers; d; d=d->next) { + if (ip_equal(wins_ip, d->dest_ip) && ip_equal(src_ip, d->src_ip)) { + fstring src_name; + fstrcpy(src_name, inet_ntoa(src_ip)); + DEBUG(4,("Reviving wins server %s for source %s\n", + inet_ntoa(wins_ip), src_name)); + DLIST_REMOVE(dead_servers, d); + return; + } + } +} + + +/* + mark a wins server as temporarily dead +*/ +void wins_srv_died(struct in_addr wins_ip, struct in_addr src_ip) +{ + struct wins_dead *d; + fstring src_name; + + if (is_zero_ip(wins_ip) || wins_srv_is_dead(wins_ip, src_ip)) { + return; + } + + d = (struct wins_dead *)malloc(sizeof(*d)); + if (!d) return; + + d->dest_ip = wins_ip; + d->src_ip = src_ip; + d->revival = time(NULL) + DEATH_TIME; + + fstrcpy(src_name, inet_ntoa(src_ip)); + + DEBUG(4,("Marking wins server %s dead for %u seconds from source %s\n", + inet_ntoa(wins_ip), DEATH_TIME, src_name)); + + DLIST_ADD(dead_servers, d); +} + +/* + return the total number of wins servers, dead or not +*/ +unsigned wins_srv_count(void) +{ + char **list; + int count = 0; + + if (lp_wins_support()) { + /* simple - just talk to ourselves */ + return 1; + } + + list = lp_wins_server_list(); + for (count=0; list && list[count]; count++) /* nop */ ; + + return count; +} + +/* + parse an IP string that might be in tagged format + the result is a tagged_ip structure containing the tag + and the ip in in_addr format. If there is no tag then + use the tag '*' +*/ +static void parse_ip(struct tagged_ip *ip, const char *str) +{ + char *s = strchr(str, ':'); + if (!s) { + fstrcpy(ip->tag, "*"); + ip->ip = *interpret_addr2(str); + return; + } + + ip->ip = *interpret_addr2(s+1); + fstrcpy(ip->tag, str); + s = strchr(ip->tag, ':'); + if (s) *s = 0; +} + + + +/* + return the list of wins server tags. A 'tag' is used to distinguish + wins server as either belonging to the same name space or a separate + name space. Usually you would setup your 'wins server' option to + list one or more wins server per interface and use the interface + name as your tag, but you are free to use any tag you like. +*/ +char **wins_srv_tags(void) +{ + char **ret = NULL; + int count=0, i, j; + char **list; + + if (lp_wins_support()) { + /* give the caller something to chew on. This makes + the rest of the logic simpler (ie. less special cases) */ + ret = (char **)malloc(sizeof(char *)*2); + if (!ret) return NULL; + ret[0] = strdup("*"); + ret[1] = NULL; + return ret; + } + + list = lp_wins_server_list(); + if (!list) return NULL; + + /* yes, this is O(n^2) but n is very small */ + for (i=0;list[i];i++) { + struct tagged_ip t_ip; + + parse_ip(&t_ip, list[i]); + + /* see if we already have it */ + for (j=0;jrealm && + if (ads->realm && + strcasecmp(ads->workgroup, lp_workgroup()) == 0 && ldap_domain2hostlist(ads->realm, &list) == LDAP_SUCCESS) { char *p; p = strchr(list, ':'); @@ -90,7 +91,12 @@ static char *find_ldap_server(ADS_STRUCT *ads) } /* get desperate, find the domain controller IP */ - if (resolve_name(lp_workgroup(), &ip, 0x1B)) { + if (resolve_name(ads->workgroup, &ip, 0x1B)) { + return strdup(inet_ntoa(ip)); + } + + /* or a BDC ... */ + if (resolve_name(ads->workgroup, &ip, 0x1C)) { return strdup(inet_ntoa(ip)); } @@ -115,6 +121,7 @@ static char *find_ldap_server(ADS_STRUCT *ads) initialise a ADS_STRUCT, ready for some ads_ ops */ ADS_STRUCT *ads_init(const char *realm, + const char *workgroup, const char *ldap_server, const char *bind_path, const char *password) @@ -124,7 +131,12 @@ ADS_STRUCT *ads_init(const char *realm, ads = (ADS_STRUCT *)smb_xmalloc(sizeof(*ads)); ZERO_STRUCTP(ads); + if (!workgroup) { + workgroup = lp_workgroup(); + } + ads->realm = realm? strdup(realm) : NULL; + ads->workgroup = strdup(workgroup); ads->ldap_server = ldap_server? strdup(ldap_server) : NULL; ads->bind_path = bind_path? strdup(bind_path) : NULL; ads->ldap_port = LDAP_PORT; @@ -140,8 +152,10 @@ ADS_STRUCT *ads_init(const char *realm, ads->bind_path = ads_build_dn(ads->realm); } if (!ads->ldap_server) { - ads->ldap_server = strdup(lp_ads_server()); - if (!ads->ldap_server[0]) { + if (strcasecmp(ads->workgroup, lp_workgroup()) == 0) { + ads->ldap_server = strdup(lp_ads_server()); + } + if (!ads->ldap_server || !ads->ldap_server[0]) { ads->ldap_server = find_ldap_server(ads); } } @@ -153,6 +167,12 @@ ADS_STRUCT *ads_init(const char *realm, return ads; } +/* a simpler ads_init() interface using all defaults */ +ADS_STRUCT *ads_init_simple(void) +{ + return ads_init(NULL, NULL, NULL, NULL, NULL); +} + /* free the memory used by the ADS structure initialized with 'ads_init(...)' */ diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c index ab8ceecb0ce..a930fd6fe09 100644 --- a/source3/libads/disp_sec.c +++ b/source3/libads/disp_sec.c @@ -52,7 +52,7 @@ static struct perm_mask_str { }; /* convert a security permissions into a string */ -void ads_disp_perms(uint32 type) +static void ads_disp_perms(uint32 type) { int i = 0; int j = 0; @@ -82,20 +82,8 @@ void ads_disp_perms(uint32 type) puts(""); } -/* Check if ACE has OBJECT type */ -BOOL ads_ace_object(uint8 type) -{ - if (type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT || - type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT || - type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT || - type == SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT) { - return True; - } - return False; -} - /* display ACE */ -void ads_disp_ace(SEC_ACE *sec_ace) +static void ads_disp_ace(SEC_ACE *sec_ace) { char *access_type = "UNKNOWN"; @@ -123,7 +111,7 @@ void ads_disp_ace(SEC_ACE *sec_ace) } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) { access_type = "ALLOWED OBJECT"; } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT) { - access_type = "DEINED OBJECT"; + access_type = "DENIED OBJECT"; } else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT) { access_type = "AUDIT OBJECT"; } @@ -135,7 +123,7 @@ void ads_disp_ace(SEC_ACE *sec_ace) } /* display ACL */ -void ads_disp_acl(SEC_ACL *sec_acl, char *type) +static void ads_disp_acl(SEC_ACL *sec_acl, char *type) { if (!sec_acl) printf("------- (%s) ACL not present\n", type); diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 194a71275ea..1ba5d978e8c 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -24,6 +24,28 @@ #ifdef HAVE_KRB5 +/* + we use a prompter to avoid a crash bug in the kerberos libs when + dealing with empty passwords + this prompter is just a string copy ... +*/ +static krb5_error_code +kerb_prompter(krb5_context ctx, void *data, + const char *name, + const char *banner, + int num_prompts, + krb5_prompt prompts[]) +{ + if (num_prompts == 0) return 0; + + memset(prompts[0].reply->data, 0, prompts[0].reply->length); + if (prompts[0].reply->length > 0) { + strncpy(prompts[0].reply->data, data, prompts[0].reply->length-1); + prompts[0].reply->length = strlen(prompts[0].reply->data); + } + return 0; +} + /* simulate a kinit, putting the tgt in the default cache location remus@snapserver.com @@ -36,11 +58,6 @@ int kerberos_kinit_password(const char *principal, const char *password) krb5_principal me; krb5_creds my_creds; - if (! *password) { - /* kerberos dies on an empty password! */ - return KRB5_PARSE_MALFORMED; - } - if ((code = krb5_init_context(&ctx))) return code; @@ -54,8 +71,9 @@ int kerberos_kinit_password(const char *principal, const char *password) return code; } - if ((code = krb5_get_init_creds_password(ctx, &my_creds, me, (char*)password, NULL, - NULL, 0, NULL, NULL))) { + if ((code = krb5_get_init_creds_password(ctx, &my_creds, me, NULL, + kerb_prompter, + password, 0, NULL, NULL))) { krb5_free_principal(ctx, me); krb5_free_context(ctx); return code; @@ -111,128 +129,5 @@ int ads_kinit_password(ADS_STRUCT *ads) return ret; } -/* - verify an incoming ticket and parse out the principal name and - authorization_data if available -*/ -NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket, - char **principal, DATA_BLOB *auth_data) -{ - krb5_context context; - krb5_auth_context auth_context = NULL; - krb5_keytab keytab = NULL; - krb5_data packet; - krb5_ticket *tkt = NULL; - krb5_data salt; - krb5_encrypt_block eblock; - int ret; - krb5_keyblock * key; - krb5_principal host_princ; - char *host_princ_s; - extern pstring global_myname; - fstring myname; - char *password_s; - krb5_data password; - - if (!secrets_init()) { - DEBUG(1,("secrets_init failed\n")); - return NT_STATUS_LOGON_FAILURE; - } - - password_s = secrets_fetch_machine_password(); - if (!password_s) { - DEBUG(1,("failed to fetch machine password\n")); - return NT_STATUS_LOGON_FAILURE; - } - - password.data = password_s; - password.length = strlen(password_s); - - ret = krb5_init_context(&context); - if (ret) { - DEBUG(1,("krb5_init_context failed (%s)\n", error_message(ret))); - return NT_STATUS_LOGON_FAILURE; - } - - ret = krb5_set_default_realm(context, ads->realm); - if (ret) { - DEBUG(1,("krb5_set_default_realm failed (%s)\n", error_message(ret))); - ads_destroy(&ads); - return NT_STATUS_LOGON_FAILURE; - } - - /* this whole process is far more complex than I would - like. We have to go through all this to allow us to store - the secret internally, instead of using /etc/krb5.keytab */ - ret = krb5_auth_con_init(context, &auth_context); - if (ret) { - DEBUG(1,("krb5_auth_con_init failed (%s)\n", error_message(ret))); - return NT_STATUS_LOGON_FAILURE; - } - - fstrcpy(myname, global_myname); - strlower(myname); - asprintf(&host_princ_s, "HOST/%s@%s", myname, lp_realm()); - ret = krb5_parse_name(context, host_princ_s, &host_princ); - if (ret) { - DEBUG(1,("krb5_parse_name(%s) failed (%s)\n", host_princ_s, error_message(ret))); - return NT_STATUS_LOGON_FAILURE; - } - - ret = krb5_principal2salt(context, host_princ, &salt); - if (ret) { - DEBUG(1,("krb5_principal2salt failed (%s)\n", error_message(ret))); - return NT_STATUS_LOGON_FAILURE; - } - - if (!(key = (krb5_keyblock *)malloc(sizeof(*key)))) { - return NT_STATUS_NO_MEMORY; - } - - krb5_use_enctype(context, &eblock, ENCTYPE_DES_CBC_MD5); - - ret = krb5_string_to_key(context, &eblock, key, &password, &salt); - if (ret) { - DEBUG(1,("krb5_string_to_key failed (%s)\n", error_message(ret))); - return NT_STATUS_LOGON_FAILURE; - } - - krb5_auth_con_setuseruserkey(context, auth_context, key); - - packet.length = ticket->length; - packet.data = (krb5_pointer)ticket->data; - -#if 0 - file_save("/tmp/ticket.dat", ticket->data, ticket->length); -#endif - - if ((ret = krb5_rd_req(context, &auth_context, &packet, - NULL, keytab, NULL, &tkt))) { - DEBUG(3,("krb5_rd_req with auth failed (%s)\n", - error_message(ret))); - return NT_STATUS_LOGON_FAILURE; - } - - if (tkt->enc_part2) { - *auth_data = data_blob(tkt->enc_part2->authorization_data[0]->contents, - tkt->enc_part2->authorization_data[0]->length); - } - -#if 0 - if (tkt->enc_part2) { - file_save("/tmp/authdata.dat", - tkt->enc_part2->authorization_data[0]->contents, - tkt->enc_part2->authorization_data[0]->length); - } -#endif - - if ((ret = krb5_unparse_name(context, tkt->enc_part2->client, principal))) { - DEBUG(3,("krb5_unparse_name failed (%s)\n", - error_message(ret))); - return NT_STATUS_LOGON_FAILURE; - } - - return NT_STATUS_OK; -} #endif diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index e2e351bd4b3..9d15c4e33cc 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -30,6 +30,11 @@ * * The routines contained here should do the necessary ldap calls for * ads setups. + * + * Important note: attribute names passed into ads_ routines must + * already be in UTF-8 format. We do not convert them because in almost + * all cases, they are just ascii (which is represented with the same + * codepoints in UTF-8). This may have to change at some point **/ /** @@ -45,10 +50,38 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads) ads->last_attempt = time(NULL); - ads->ld = ldap_open(ads->ldap_server, ads->ldap_port); + ads->ld = NULL; + + if (ads->ldap_server) { + ads->ld = ldap_open(ads->ldap_server, ads->ldap_port); + } + + /* if that failed then try each of the BDC's in turn */ + if (!ads->ld) { + struct in_addr *ip_list; + int count; + + if (get_dc_list(False, ads->workgroup, &ip_list, &count)) { + int i; + for (i=0;ild = ldap_open(inet_ntoa(ip_list[i]), + ads->ldap_port); + if (ads->ld) break; + } + if (ads->ld) { + SAFE_FREE(ads->ldap_server); + ads->ldap_server = strdup(inet_ntoa(ip_list[i])); + } + free(ip_list); + } + } + if (!ads->ld) { return ADS_ERROR_SYSTEM(errno); } + + DEBUG(3,("Connected to LDAP server %s\n", ads->ldap_server)); + status = ads_server_info(ads); if (!ADS_ERR_OK(status)) { DEBUG(1,("Failed to get ldap server info\n")); @@ -76,6 +109,81 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads) return ads_sasl_bind(ads); } +/* + Duplicate a struct berval into talloc'ed memory + */ +static struct berval *dup_berval(TALLOC_CTX *ctx, const struct berval *in_val) +{ + struct berval *value; + + if (!in_val) return NULL; + + value = talloc_zero(ctx, sizeof(struct berval)); + if (in_val->bv_len == 0) return value; + + value->bv_len = in_val->bv_len; + value->bv_val = talloc_memdup(ctx, in_val->bv_val, in_val->bv_len); + return value; +} + +/* + Make a values list out of an array of (struct berval *) + */ +static struct berval **ads_dup_values(TALLOC_CTX *ctx, + const struct berval **in_vals) +{ + struct berval **values; + int i; + + if (!in_vals) return NULL; + for (i=0; in_vals[i]; i++); /* count values */ + values = (struct berval **) talloc_zero(ctx, + (i+1)*sizeof(struct berval *)); + if (!values) return NULL; + + for (i=0; in_vals[i]; i++) { + values[i] = dup_berval(ctx, in_vals[i]); + } + return values; +} + +/* + UTF8-encode a values list out of an array of (char *) + */ +static char **ads_push_strvals(TALLOC_CTX *ctx, const char **in_vals) +{ + char **values; + int i; + + if (!in_vals) return NULL; + for (i=0; in_vals[i]; i++); /* count values */ + values = (char ** ) talloc_zero(ctx, (i+1)*sizeof(char *)); + if (!values) return NULL; + + for (i=0; in_vals[i]; i++) { + push_utf8_talloc(ctx, (void **) &values[i], in_vals[i]); + } + return values; +} + +/* + Pull a (char *) array out of a UTF8-encoded values list + */ +static char **ads_pull_strvals(TALLOC_CTX *ctx, const char **in_vals) +{ + char **values; + int i; + + if (!in_vals) return NULL; + for (i=0; in_vals[i]; i++); /* count values */ + values = (char **) talloc_zero(ctx, (i+1)*sizeof(char *)); + if (!values) return NULL; + + for (i=0; in_vals[i]; i++) { + pull_utf8_talloc(ctx, (void **) &values[i], in_vals[i]); + } + return values; +} /** * Do a search with paged results. cookie must be null on the first @@ -84,8 +192,8 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads) * @param ads connection to ads server * @param bind_path Base dn for the search * @param scope Scope of search (LDAP_BASE | LDAP_ONE | LDAP_SUBTREE) - * @param exp Search expression - * @param attrs Attributes to retrieve + * @param exp Search expression - specified in local charset + * @param attrs Attributes to retrieve - specified in utf8 or ascii * @param res ** which will contain results - free res* with ads_msgfree() * @param count Number of entries retrieved on this page * @param cookie The paged results cookie to be returned on subsequent calls @@ -96,25 +204,46 @@ ADS_STATUS ads_do_paged_search(ADS_STRUCT *ads, const char *bind_path, const char **attrs, void **res, int *count, void **cookie) { - int rc; - int version; - LDAPControl PagedResults; - LDAPControl NoReferrals; + int rc, i, version; + char *utf8_exp, *utf8_path, **search_attrs; + LDAPControl PagedResults, NoReferrals, *controls[3], **rcontrols; BerElement *cookie_be = NULL; struct berval *cookie_bv= NULL; - LDAPControl *controls[3]; - LDAPControl **rcontrols; - int i; + TALLOC_CTX *ctx; *res = NULL; - ldap_get_option(ads->ld, LDAP_OPT_PROTOCOL_VERSION, &version); + if (!(ctx = talloc_init())) + return ADS_ERROR(LDAP_NO_MEMORY); - /* Paged results only available on ldap v3 or later, so check - version first before using, since at connect time we're - only v2. Not sure exactly why... */ - if (version < LDAP_VERSION3) - return ADS_ERROR(LDAP_NOT_SUPPORTED); + /* 0 means the conversion worked but the result was empty + so we only fail if it's negative. In any case, it always + at least nulls out the dest */ + if ((push_utf8_talloc(ctx, (void **) &utf8_exp, exp) < 0) || + (push_utf8_talloc(ctx, (void **) &utf8_path, bind_path) < 0)) { + rc = LDAP_NO_MEMORY; + goto done; + } + + if (!attrs || !(*attrs)) + search_attrs = NULL; + else { + /* This would be the utf8-encoded version...*/ + /* if (!(search_attrs = ads_push_strvals(ctx, attrs))) */ + if (!(str_list_copy(&search_attrs, (char **) attrs))) + { + rc = LDAP_NO_MEMORY; + goto done; + } + } + + + /* Paged results only available on ldap v3 or later */ + ldap_get_option(ads->ld, LDAP_OPT_PROTOCOL_VERSION, &version); + if (version < LDAP_VERSION3) { + rc = LDAP_NOT_SUPPORTED; + goto done; + } cookie_be = ber_alloc_t(LBER_USE_DER); if (cookie && *cookie) { @@ -143,33 +272,32 @@ ADS_STATUS ads_do_paged_search(ADS_STRUCT *ads, const char *bind_path, *res = NULL; /* we need to disable referrals as the openldap libs don't - seem to handle them correctly. They result in the result - record containing the server control being removed from the - result list (tridge) + handle them and paged results at the same time. Using them + together results in the result record containing the server + page control being removed from the result list (tridge/jmcd) leaving this in despite the control that says don't generate referrals, in case the server doesn't support it (jmcd) */ ldap_set_option(ads->ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); - rc = ldap_search_ext_s(ads->ld, bind_path, scope, exp, - (char **) attrs, 0, controls, NULL, - NULL, LDAP_NO_LIMIT, - (LDAPMessage **)res); + rc = ldap_search_ext_s(ads->ld, utf8_path, scope, utf8_exp, + search_attrs, 0, controls, + NULL, NULL, LDAP_NO_LIMIT, (LDAPMessage **)res); ber_free(cookie_be, 1); ber_bvfree(cookie_bv); if (rc) { DEBUG(3,("ldap_search_ext_s(%s) -> %s\n", exp, ldap_err2string(rc))); - return ADS_ERROR(rc); + goto done; } rc = ldap_parse_result(ads->ld, *res, NULL, NULL, NULL, NULL, &rcontrols, 0); if (!rcontrols) { - return ADS_ERROR(rc); + goto done; } for (i=0; rcontrols[i]; i++) { @@ -189,7 +317,12 @@ ADS_STATUS ads_do_paged_search(ADS_STRUCT *ads, const char *bind_path, } } ldap_controls_free(rcontrols); - + +done: + talloc_destroy(ctx); + /* if/when we decide to utf8-encode attrs, take out this next line */ + str_list_free(&search_attrs); + return ADS_ERROR(rc); } @@ -234,7 +367,6 @@ ADS_STATUS ads_do_search_all(ADS_STRUCT *ads, const char *bind_path, next = ads_next_entry(ads, msg); ldap_add_result_entry((LDAPMessage **)res, msg); } - /* note that we do not free res2, as the memory is now part of the main returned list */ } @@ -248,15 +380,15 @@ ADS_STATUS ads_do_search_all(ADS_STRUCT *ads, const char *bind_path, * @param ads connection to ads server * @param bind_path Base dn for the search * @param scope Scope of search (LDAP_BASE | LDAP_ONE | LDAP_SUBTREE) - * @param exp Search expression - * @param attrs Attributes to retrieve + * @param exp Search expression - specified in local charset + * @param attrs Attributes to retrieve - specified in UTF-8 or ascii * @param fn Function which takes attr name, values list, and data_area * @param data_area Pointer which is passed to function on each call * @return status of search **/ ADS_STATUS ads_do_search_all_fn(ADS_STRUCT *ads, const char *bind_path, int scope, const char *exp, const char **attrs, - void(*fn)(char *, void **, void *), + BOOL(*fn)(char *, void **, void *), void *data_area) { void *cookie = NULL; @@ -301,14 +433,42 @@ ADS_STATUS ads_do_search(ADS_STRUCT *ads, const char *bind_path, int scope, { struct timeval timeout; int rc; + char *utf8_exp, *utf8_path, **search_attrs = NULL; + TALLOC_CTX *ctx; + + if (!(ctx = talloc_init())) + return ADS_ERROR(LDAP_NO_MEMORY); + + /* 0 means the conversion worked but the result was empty + so we only fail if it's negative. In any case, it always + at least nulls out the dest */ + if ((push_utf8_talloc(ctx, (void **) &utf8_exp, exp) < 0) || + (push_utf8_talloc(ctx, (void **) &utf8_path, bind_path) < 0)) { + rc = LDAP_NO_MEMORY; + goto done; + } + + if (!attrs || !(*attrs)) + search_attrs = NULL; + else { + /* This would be the utf8-encoded version...*/ + /* if (!(search_attrs = ads_push_strvals(ctx, attrs))) */ + if (!(str_list_copy(&search_attrs, (char **) attrs))) + { + rc = LDAP_NO_MEMORY; + goto done; + } + } timeout.tv_sec = ADS_SEARCH_TIMEOUT; timeout.tv_usec = 0; *res = NULL; - rc = ldap_search_ext_s(ads->ld, - bind_path, scope, - exp, (char **) attrs, 0, NULL, NULL, + /* see the note in ads_do_paged_search - we *must* disable referrals */ + ldap_set_option(ads->ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); + + rc = ldap_search_ext_s(ads->ld, utf8_path, scope, utf8_exp, + search_attrs, 0, NULL, NULL, &timeout, LDAP_NO_LIMIT, (LDAPMessage **)res); if (rc == LDAP_SIZELIMIT_EXCEEDED) { @@ -316,6 +476,10 @@ ADS_STATUS ads_do_search(ADS_STRUCT *ads, const char *bind_path, int scope, rc = 0; } + done: + talloc_destroy(ctx); + /* if/when we decide to utf8-encode attrs, take out this next line */ + str_list_free(&search_attrs); return ADS_ERROR(rc); } /** @@ -367,8 +531,7 @@ void ads_msgfree(ADS_STRUCT *ads, void *msg) **/ void ads_memfree(ADS_STRUCT *ads, void *mem) { - if (!mem) return; - ldap_memfree(mem); + SAFE_FREE(mem); } /** @@ -379,7 +542,12 @@ void ads_memfree(ADS_STRUCT *ads, void *mem) **/ char *ads_get_dn(ADS_STRUCT *ads, void *res) { - return ldap_get_dn(ads->ld, res); + char *utf8_dn, *unix_dn; + + utf8_dn = ldap_get_dn(ads->ld, res); + pull_utf8_allocate((void **) &unix_dn, utf8_dn); + ldap_memfree(utf8_dn); + return unix_dn; } /** @@ -403,25 +571,6 @@ ADS_STATUS ads_find_machine_acct(ADS_STRUCT *ads, void **res, const char *host) return status; } -/* - duplicate an already-assembled list of values so that it can be - freed as part of the standard msgfree call -*/ -static char **ads_dup_values(TALLOC_CTX *ctx, char **values) -{ - char **newvals; - int i; -#define ADS_MAX_NUM_VALUES 32 - - for (i=0; values[i] && imod_type = name; + modlist[curmod]->mod_type = talloc_strdup(ctx, name); if (mod_op & LDAP_MOD_BVALUES) modlist[curmod]->mod_bvalues = (struct berval **) values; else - modlist[curmod]->mod_values = values; + modlist[curmod]->mod_values = (char **) values; modlist[curmod]->mod_op = mod_op; return ADS_ERROR(LDAP_SUCCESS); } /** - * Add an already-constructed list of values to a mod list for an ADD + * Add a single string value to a mod list * @param ctx An initialized TALLOC_CTX * @param mods An initialized ADS_MODLIST * @param name The attribute name to add - * @param values Constructed values list to add + * @param val The value to add - NULL means DELETE * @return ADS STATUS indicating success of add **/ -ADS_STATUS ads_mod_add_list(TALLOC_CTX *ctx, ADS_MODLIST *mods, - char *name, char **values) -{ - char **newvals = ads_dup_values(ctx, values); - if (newvals) - return ads_modlist_add(ctx, mods, LDAP_MOD_ADD, name, newvals); - else - return ADS_ERROR(LDAP_NO_MEMORY); -} - -/** - * Add an already-constructed list of values to a mod list for a REPLACE - * @param ctx An initialized TALLOC_CTX - * @param mods An initialized ADS_MODLIST - * @param name The attribute name to add - * @param values Constructed values list to add - * @return ADS STATUS indicating success of add - **/ -ADS_STATUS ads_mod_repl_list(TALLOC_CTX *ctx, ADS_MODLIST *mods, - char *name, char **values) +ADS_STATUS ads_mod_str(TALLOC_CTX *ctx, ADS_MODLIST *mods, + const char *name, const char *val) { - char **newvals; - if (values && *values) { - if (!(newvals = ads_dup_values(ctx, values))) - return ADS_ERROR(LDAP_NO_MEMORY); - else - return ads_modlist_add(ctx, mods, LDAP_MOD_REPLACE, - name, newvals); - } - else + const char *values[2] = {val, NULL}; + if (!val) return ads_modlist_add(ctx, mods, LDAP_MOD_DELETE, name, NULL); + return ads_modlist_add(ctx, mods, LDAP_MOD_REPLACE, name, + (const void **) values); } /** - * Add any number of string values to a mod list - for ADD or REPLACE - * @param ctx An initialized TALLOC_CTX - * @param mods An initialized ADS_MODLIST - * @param mod_op Operation to perform (LDAP_MOD_ADD | LDAP_MOD_REPLACE) - * @param name The attribute name to add - * @param ... Any number of values, in (char *) form - * @return ADS STATUS indicating success of add - **/ -ADS_STATUS ads_mod_add_var(TALLOC_CTX *ctx, ADS_MODLIST *mods, - int mod_op, const char *name, ...) -{ - va_list ap; - int num_vals, i, do_op; - char *value, **values; - - /* count the number of values */ - va_start(ap, name); - for (num_vals=0; va_arg(ap, char *); num_vals++); - va_end(ap); - - if (num_vals) { - if (!(values = talloc_zero(ctx, sizeof(char *)*(num_vals+1)))) - return ADS_ERROR(LDAP_NO_MEMORY); - va_start(ap, name); - for (i=0; (value = (char *) va_arg(ap, char *)) && - i < num_vals; i++) - values[i] = value; - va_end(ap); - values[i] = NULL; - do_op = mod_op; - } else { - do_op = LDAP_MOD_DELETE; - values = NULL; - } - return ads_modlist_add(ctx, mods, do_op, name, values); -} - -/** - * Add any number of ber values to a mod list - for ADD or REPLACE + * Add an array of string values to a mod list * @param ctx An initialized TALLOC_CTX * @param mods An initialized ADS_MODLIST - * @param mod_op Operation to perform (LDAP_MOD_ADD | LDAP_MOD_REPLACE) * @param name The attribute name to add - * @param ... Any number of values, in (struct berval *) form + * @param vals The array of string values to add - NULL means DELETE * @return ADS STATUS indicating success of add **/ -ADS_STATUS ads_mod_add_ber(TALLOC_CTX *ctx, ADS_MODLIST *mods, - int mod_op, const char *name, ...) +ADS_STATUS ads_mod_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods, + const char *name, const char **vals) { - va_list ap; - int num_vals, i, do_op; - char *value, **values; - - /* count the number of values */ - va_start(ap, name); - for (num_vals=0; va_arg(ap, struct berval *); num_vals++); - va_end(ap); - - if (num_vals) { - if (!(values = talloc_zero(ctx, sizeof(struct berval) * - (num_vals + 1)))) - return ADS_ERROR(LDAP_NO_MEMORY); - va_start(ap, name); - for (i=0; (value = (char *) va_arg(ap, char *)) && - i < num_vals; i++) - values[i] = value; - va_end(ap); - values[i] = NULL; - do_op = mod_op; - } else { - do_op = LDAP_MOD_DELETE; - values = NULL; - } - do_op |= LDAP_MOD_BVALUES; - return ads_modlist_add(ctx, mods, do_op, name, values); -} - -/** - * Add a single string value to a mod list - for REPLACE - * @param ctx An initialized TALLOC_CTX - * @param mods An initialized ADS_MODLIST - * @param name The attribute name to replace - * @param val The value to add - * @return ADS STATUS indicating success of add - **/ -ADS_STATUS ads_mod_repl(TALLOC_CTX *ctx, ADS_MODLIST *mods, - char *name, char *val) -{ - if (val) - return ads_mod_add_var(ctx, mods, LDAP_MOD_REPLACE, - name, val, NULL); - else - return ads_mod_add_var(ctx, mods, LDAP_MOD_DELETE, name, NULL); -} - -/** - * Add a single string value to a mod list - for ADD - * @param ctx An initialized TALLOC_CTX - * @param mods An initialized ADS_MODLIST - * @param name The attribute name to add - * @param val The value to add - * @return ADS STATUS indicating success of add - **/ -ADS_STATUS ads_mod_add(TALLOC_CTX *ctx, ADS_MODLIST *mods, - const char *name, const char *val) -{ - return ads_mod_add_var(ctx, mods, LDAP_MOD_ADD, name, val, NULL); + if (!vals) + return ads_modlist_add(ctx, mods, LDAP_MOD_DELETE, name, NULL); + return ads_modlist_add(ctx, mods, LDAP_MOD_REPLACE, + name, (const void **) vals); } /** - * Add a single berval value to a mod list - for ADD + * Add a single ber-encoded value to a mod list * @param ctx An initialized TALLOC_CTX * @param mods An initialized ADS_MODLIST * @param name The attribute name to add - * @param size The size of of the value - * @param val The value to add - * @return ADS STATUS indicating success of add - **/ -ADS_STATUS ads_mod_add_len(TALLOC_CTX *ctx, ADS_MODLIST *mods, - char *name, size_t size, char *val) -{ - struct berval *bval = NULL; - - if (!(bval = talloc_zero(ctx, sizeof(struct berval *)))) - return ADS_ERROR(LDAP_NO_MEMORY); - if (!(bval->bv_val = talloc_zero(ctx, sizeof(char *)))) - return ADS_ERROR(LDAP_NO_MEMORY); - - bval->bv_val = val; - bval->bv_len = size; - return ads_mod_add_ber(ctx, mods, LDAP_MOD_ADD, name, bval, NULL); -} - -/** - * Add a single berval value to a mod list - for REPLACE - * @param ctx An initialized TALLOC_CTX - * @param mods An initialized ADS_MODLIST - * @param name The attribute name to replace - * @param size The size of of the value - * @param val The value to add + * @param val The value to add - NULL means DELETE * @return ADS STATUS indicating success of add **/ -ADS_STATUS ads_mod_repl_len(TALLOC_CTX *ctx, ADS_MODLIST *mods, - const char *name, size_t size, char *val) +static ADS_STATUS ads_mod_ber(TALLOC_CTX *ctx, ADS_MODLIST *mods, + const char *name, const struct berval *val) { - struct berval *bval = NULL; - - if (!(bval = talloc_zero(ctx, sizeof(struct berval *)))) - return ADS_ERROR(LDAP_NO_MEMORY); - + const struct berval *values[2] = {val, NULL}; if (!val) - return ads_mod_add_ber(ctx, mods, LDAP_MOD_DELETE, name, NULL); - else { - if (!(bval->bv_val = talloc_zero(ctx, sizeof(char *)))) - return ADS_ERROR(LDAP_NO_MEMORY); - bval->bv_val = val; - bval->bv_len = size; - return ads_mod_add_ber(ctx, mods, LDAP_MOD_REPLACE, name, - bval, NULL); - } + return ads_modlist_add(ctx, mods, LDAP_MOD_DELETE, name, NULL); + return ads_modlist_add(ctx, mods, LDAP_MOD_REPLACE|LDAP_MOD_BVALUES, + name, (const void **) values); } /** @@ -688,6 +701,7 @@ ADS_STATUS ads_mod_repl_len(TALLOC_CTX *ctx, ADS_MODLIST *mods, ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods) { int ret,i; + char *utf8_dn = NULL; /* this control is needed to modify that contains a currently non-existent attribute (but allowable for the object) to run @@ -701,12 +715,15 @@ ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods) controls[0] = &PermitModify; controls[1] = NULL; + push_utf8_allocate((void **) &utf8_dn, mod_dn); + /* find the end of the list, marked by NULL or -1 */ for(i=0;(mods[i]!=0)&&(mods[i]!=(LDAPMod *) -1);i++); /* make sure the end of the list is NULL */ mods[i] = NULL; - ret = ldap_modify_ext_s(ads->ld, mod_dn, (LDAPMod **) mods, - controls, NULL); + ret = ldap_modify_ext_s(ads->ld, utf8_dn ? utf8_dn : mod_dn, + (LDAPMod **) mods, controls, NULL); + SAFE_FREE(utf8_dn); return ADS_ERROR(ret); } @@ -719,14 +736,19 @@ ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods) **/ ADS_STATUS ads_gen_add(ADS_STRUCT *ads, const char *new_dn, ADS_MODLIST mods) { - int i; + int ret, i; + char *utf8_dn = NULL; + push_utf8_allocate((void **) &utf8_dn, new_dn); + /* find the end of the list, marked by NULL or -1 */ for(i=0;(mods[i]!=0)&&(mods[i]!=(LDAPMod *) -1);i++); /* make sure the end of the list is NULL */ mods[i] = NULL; - return ADS_ERROR(ldap_add_s(ads->ld, new_dn, mods)); + ret = ldap_add_s(ads->ld, utf8_dn ? utf8_dn : new_dn, mods); + SAFE_FREE(utf8_dn); + return ADS_ERROR(ret); } /** @@ -737,7 +759,11 @@ ADS_STATUS ads_gen_add(ADS_STRUCT *ads, const char *new_dn, ADS_MODLIST mods) **/ ADS_STATUS ads_del_dn(ADS_STRUCT *ads, char *del_dn) { - return ADS_ERROR(ldap_delete(ads->ld, del_dn)); + int ret; + char *utf8_dn = NULL; + push_utf8_allocate((void **) &utf8_dn, del_dn); + ret = ldap_delete(ads->ld, utf8_dn ? utf8_dn : del_dn); + return ADS_ERROR(ret); } /** @@ -769,6 +795,8 @@ static ADS_STATUS ads_add_machine_acct(ADS_STRUCT *ads, const char *hostname, char *ou_str; TALLOC_CTX *ctx; ADS_MODLIST mods; + const char *objectClass[] = {"top", "person", "organizationalPerson", + "user", "computer", NULL}; if (!(ctx = talloc_init_named("machine_account"))) return ADS_ERROR(LDAP_NO_MEMORY); @@ -796,17 +824,15 @@ static ADS_STATUS ads_add_machine_acct(ADS_STRUCT *ads, const char *hostname, if (!(mods = ads_init_mods(ctx))) goto done; - ads_mod_add(ctx, &mods, "cn", hostname); - ads_mod_add(ctx, &mods, "sAMAccountName", samAccountName); - ads_mod_add_var(ctx, &mods, LDAP_MOD_ADD, "objectClass", - "top", "person", "organizationalPerson", - "user", "computer", NULL); - ads_mod_add(ctx, &mods, "userPrincipalName", host_upn); - ads_mod_add(ctx, &mods, "servicePrincipalName", host_spn); - ads_mod_add(ctx, &mods, "dNSHostName", hostname); - ads_mod_add(ctx, &mods, "userAccountControl", controlstr); - ads_mod_add(ctx, &mods, "operatingSystem", "Samba"); - ads_mod_add(ctx, &mods, "operatingSystemVersion", VERSION); + ads_mod_str(ctx, &mods, "cn", hostname); + ads_mod_str(ctx, &mods, "sAMAccountName", samAccountName); + ads_mod_strlist(ctx, &mods, "objectClass", objectClass); + ads_mod_str(ctx, &mods, "userPrincipalName", host_upn); + ads_mod_str(ctx, &mods, "servicePrincipalName", host_spn); + ads_mod_str(ctx, &mods, "dNSHostName", hostname); + ads_mod_str(ctx, &mods, "userAccountControl", controlstr); + ads_mod_str(ctx, &mods, "operatingSystem", "Samba"); + ads_mod_str(ctx, &mods, "operatingSystemVersion", VERSION); ads_gen_add(ads, new_dn, mods); ret = ads_set_machine_sd(ads, hostname, new_dn); @@ -877,11 +903,11 @@ static void dump_sd(const char *filed, struct berval **values) /* dump a string result from ldap */ -static void dump_string(const char *field, struct berval **values) +static void dump_string(const char *field, char **values) { int i; for (i=0; values[i]; i++) { - printf("%s: %s\n", field, values[i]->bv_val); + printf("%s: %s\n", field, values[i]); } } @@ -890,33 +916,39 @@ static void dump_string(const char *field, struct berval **values) used for debugging */ -static void ads_dump_field(char *field, void **values, void *data_area) +static BOOL ads_dump_field(char *field, void **values, void *data_area) { struct { char *name; + BOOL string; void (*handler)(const char *, struct berval **); } handlers[] = { - {"objectGUID", dump_binary}, - {"nTSecurityDescriptor", dump_sd}, - {"objectSid", dump_sid}, - {NULL, NULL} + {"objectGUID", False, dump_binary}, + {"nTSecurityDescriptor", False, dump_sd}, + {"objectSid", False, dump_sid}, + {NULL, True, NULL} }; int i; if (!field) { /* must be end of an entry */ printf("\n"); - return; + return False; } for (i=0; handlers[i].name; i++) { if (StrCaseCmp(handlers[i].name, field) == 0) { + if (!values) /* first time, indicate string or not */ + return handlers[i].string; handlers[i].handler(field, (struct berval **) values); break; } } if (!handlers[i].name) { - dump_string(field, (struct berval **) values); + if (!values) /* first time, indicate string conversion */ + return True; + dump_string(field, (char **)values); } + return False; } /** @@ -943,62 +975,57 @@ void ads_dump(ADS_STRUCT *ads, void *res) * @param data_area user-defined area to pass to function **/ void ads_process_results(ADS_STRUCT *ads, void *res, - void(*fn)(char *, void **, void *), + BOOL(*fn)(char *, void **, void *), void *data_area) { void *msg; + TALLOC_CTX *ctx; + + if (!(ctx = talloc_init())) + return; for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) { - char *field; + char *utf8_field; BerElement *b; - for (field = ldap_first_attribute(ads->ld, (LDAPMessage *)msg, &b); - field; - field = ldap_next_attribute(ads->ld, (LDAPMessage *)msg, b)) { - struct berval **values; - - values = ldap_get_values_len(ads->ld, (LDAPMessage *)msg, field); - fn(field, (void **) values, data_area); - - ldap_value_free_len(values); - ldap_memfree(field); + for (utf8_field=ldap_first_attribute(ads->ld, + (LDAPMessage *)msg,&b); + utf8_field; + utf8_field=ldap_next_attribute(ads->ld, + (LDAPMessage *)msg,b)) { + struct berval **ber_vals; + char **str_vals, **utf8_vals; + char *field; + BOOL string; + + pull_utf8_talloc(ctx, (void **) &field, utf8_field); + string = fn(field, NULL, data_area); + + if (string) { + utf8_vals = ldap_get_values(ads->ld, + (LDAPMessage *)msg, field); + str_vals = ads_pull_strvals(ctx, + (const char **) utf8_vals); + fn(field, (void **) str_vals, data_area); + ldap_value_free(utf8_vals); + } else { + ber_vals = ldap_get_values_len(ads->ld, + (LDAPMessage *)msg, field); + fn(field, (void **) ber_vals, data_area); + + ldap_value_free_len(ber_vals); + } + ldap_memfree(utf8_field); } ber_free(b, 0); + talloc_destroy_pool(ctx); fn(NULL, NULL, data_area); /* completed an entry */ } + talloc_destroy(ctx); } -/** - * Walk through an entry, calling a function for each attribute found. - * The function receives a field name, a berval * array of values, - * and a data area passed through from the start. - * @param ads connection to ads server - * @param res Results to process - * @param fn Function for processing each result - * @param data_area user-defined area to pass to function - **/ -void ads_process_entry(ADS_STRUCT *ads, void *msg, - void(*fn)(ADS_STRUCT *, char *, void **, void *), - void *data_area) -{ - char *field; - BerElement *b; - - for (field = ldap_first_attribute(ads->ld, (LDAPMessage *)msg, &b); - field; - field = ldap_next_attribute(ads->ld, (LDAPMessage *)msg, b)) { - struct berval **values; - - values = ldap_get_values_len(ads->ld, (LDAPMessage *)msg, field); - fn(ads, field, (void **) values, data_area); - - ldap_value_free_len(values); - ldap_memfree(field); - } - ber_free(b, 0); -} /** * count how many replies are in a LDAPMessage * @param ads connection to ads server @@ -1110,6 +1137,7 @@ ADS_STATUS ads_set_machine_sd(ADS_STRUCT *ads, const char *hostname, char *dn) char *exp = 0; size_t sd_size = 0; struct berval **bvals = 0; + struct berval bval = {0, NULL}; prs_struct ps; prs_struct ps_wire; @@ -1164,7 +1192,9 @@ ADS_STATUS ads_set_machine_sd(ADS_STRUCT *ads, const char *hostname, char *dn) #endif if (!(mods = ads_init_mods(ctx))) return ADS_ERROR(LDAP_NO_MEMORY); - ads_mod_repl_len(ctx, &mods, attrs[0], sd_size, ps_wire.data_p); + bval.bv_len = sd_size; + bval.bv_val = prs_data_p(&ps_wire); + ads_mod_ber(ctx, &mods, attrs[0], &bval); ret = ads_gen_mod(ads, dn, mods); prs_mem_free(&ps); @@ -1201,7 +1231,11 @@ ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads, strlower(host); - asprintf(&principal, "%s@%s", host, ads->realm); + /* + we need to use the '$' form of the name here, as otherwise the + server might end up setting the password for a user instead + */ + asprintf(&principal, "%s$@%s", host, ads->realm); status = krb5_set_password(ads->kdc_server, principal, password); @@ -1246,17 +1280,58 @@ char *ads_pull_string(ADS_STRUCT *ads, { char **values; char *ret = NULL; + char *ux_string; + int rc; values = ldap_get_values(ads->ld, msg, field); if (!values) return NULL; if (values[0]) { - ret = talloc_strdup(mem_ctx, values[0]); + rc = pull_utf8_talloc(mem_ctx, (void **)&ux_string, + values[0]); + if (rc != -1) + ret = ux_string; + } ldap_value_free(values); return ret; } +/** + * pull an array of strings from a ADS result + * @param ads connection to ads server + * @param mem_ctx TALLOC_CTX to use for allocating result string + * @param msg Results of search + * @param field Attribute to retrieve + * @return Result strings in talloc context + **/ +char **ads_pull_strings(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, void *msg, const char *field) +{ + char **values; + char **ret = NULL; + int i, n; + + values = ldap_get_values(ads->ld, msg, field); + if (!values) return NULL; + + for (i=0;values[i];i++) /* noop */ ; + n = i; + + ret = talloc(mem_ctx, sizeof(char *) * (n+1)); + + for (i=0;ild, *res); + srv_cn = ldap_explode_dn(srv_dn, 1); ads_msgfree(ads, *res); - asprintf(&exp, "(printerName=%s)", printer); - status = ads_do_search(ads, srv_dn, LDAP_SCOPE_SUBTREE, - exp, attrs, res); + asprintf(&exp, "(cn=%s-%s)", srv_cn[0], printer); + status = ads_search(ads, res, exp, attrs); + ldap_memfree(srv_dn); + ldap_value_free(srv_cn); free(exp); return status; } @@ -68,33 +70,33 @@ ADS_STATUS ads_mod_printer_entry(ADS_STRUCT *ads, char *prt_dn, mods = ads_init_mods(ctx); /* add the attributes to the list - required ones first */ - ads_mod_repl(ctx, &mods, "printerName", prt->printerName); - ads_mod_repl(ctx, &mods, "serverName", prt->serverName); - ads_mod_repl(ctx, &mods, "shortServerName", prt->shortServerName); - ads_mod_repl(ctx, &mods, "uNCName", prt->uNCName); - ads_mod_repl(ctx, &mods, "versionNumber", prt->versionNumber); + ads_mod_str(ctx, &mods, "printerName", prt->printerName); + ads_mod_str(ctx, &mods, "serverName", prt->serverName); + ads_mod_str(ctx, &mods, "shortServerName", prt->shortServerName); + ads_mod_str(ctx, &mods, "uNCName", prt->uNCName); + ads_mod_str(ctx, &mods, "versionNumber", prt->versionNumber); /* now the optional ones */ - ads_mod_repl_list(ctx, &mods, "description", prt->description); - ads_mod_repl(ctx, &mods, "assetNumber",prt->assetNumber); - ads_mod_repl(ctx, &mods, "bytesPerMinute",prt->bytesPerMinute); - ads_mod_repl(ctx, &mods, "defaultPriority",prt->defaultPriority); - ads_mod_repl(ctx, &mods, "driverName", prt->driverName); - ads_mod_repl(ctx, &mods, "driverVersion",prt->driverVersion); - ads_mod_repl(ctx, &mods, "location", prt->location); - ads_mod_repl(ctx, &mods, "operatingSystem",prt->operatingSystem); - ads_mod_repl(ctx, &mods, "operatingSystemHotfix", + ads_mod_strlist(ctx, &mods, "description", prt->description); + ads_mod_str(ctx, &mods, "assetNumber",prt->assetNumber); + ads_mod_str(ctx, &mods, "bytesPerMinute",prt->bytesPerMinute); + ads_mod_str(ctx, &mods, "defaultPriority",prt->defaultPriority); + ads_mod_str(ctx, &mods, "driverName", prt->driverName); + ads_mod_str(ctx, &mods, "driverVersion",prt->driverVersion); + ads_mod_str(ctx, &mods, "location", prt->location); + ads_mod_str(ctx, &mods, "operatingSystem",prt->operatingSystem); + ads_mod_str(ctx, &mods, "operatingSystemHotfix", prt->operatingSystemHotfix); - ads_mod_repl(ctx, &mods, "operatingSystemServicePack", + ads_mod_str(ctx, &mods, "operatingSystemServicePack", prt->operatingSystemServicePack); - ads_mod_repl(ctx, &mods, "operatingSystemVersion", + ads_mod_str(ctx, &mods, "operatingSystemVersion", prt->operatingSystemVersion); - ads_mod_repl(ctx, &mods, "physicalLocationObject", + ads_mod_str(ctx, &mods, "physicalLocationObject", prt->physicalLocationObject); - ads_mod_repl_list(ctx, &mods, "portName", prt->portName); - ads_mod_repl(ctx, &mods, "printStartTime", prt->printStartTime); - ads_mod_repl(ctx, &mods, "printEndTime", prt->printEndTime); - ads_mod_repl_list(ctx, &mods, "printBinNames", prt->printBinNames); + ads_mod_strlist(ctx, &mods, "portName", prt->portName); + ads_mod_str(ctx, &mods, "printStartTime", prt->printStartTime); + ads_mod_str(ctx, &mods, "printEndTime", prt->printEndTime); + ads_mod_strlist(ctx, &mods, "printBinNames", prt->printBinNames); /*... and many others */ /* do the ldap modify */ @@ -124,12 +126,12 @@ static ADS_STATUS ads_add_printer_entry(ADS_STRUCT *ads, char *prt_dn, return ADS_ERROR(LDAP_NO_MEMORY); /* These are the fields a printQueue must contain */ - ads_mod_add(ctx, &mods, "uNCName", prt->uNCName); - ads_mod_add(ctx, &mods, "versionNumber", prt->versionNumber); - ads_mod_add(ctx, &mods, "serverName", prt->serverName); - ads_mod_add(ctx, &mods, "shortServerName", prt->shortServerName); - ads_mod_add(ctx, &mods, "printerName", prt->printerName); - ads_mod_add(ctx, &mods, "objectClass", "printQueue"); + ads_mod_str(ctx, &mods, "uNCName", prt->uNCName); + ads_mod_str(ctx, &mods, "versionNumber", prt->versionNumber); + ads_mod_str(ctx, &mods, "serverName", prt->serverName); + ads_mod_str(ctx, &mods, "shortServerName", prt->shortServerName); + ads_mod_str(ctx, &mods, "printerName", prt->printerName); + ads_mod_str(ctx, &mods, "objectClass", "printQueue"); status = ads_gen_add(ads, prt_dn, mods); @@ -157,14 +159,11 @@ ADS_STATUS ads_add_printer(ADS_STRUCT *ads, const ADS_PRINTER_ENTRY *prt) prt->shortServerName)); return status; } - host_dn = ldap_get_dn(ads->ld, res); + host_dn = ads_get_dn(ads, res); ads_msgfree(ads, res); - /* printer dn is cn=server-printer followed by host dn */ - asprintf(&prt_dn, "cn=%s-%s,%s", prt->shortServerName, - prt->printerName, host_dn); - - status = ads_search_dn(ads, &res, prt_dn, attrs); + ads_find_printer_on_server(ads, &res, prt->printerName, + prt->shortServerName); if (ADS_ERR_OK(status) && ads_count_replies(ads, res)) { DEBUG(1, ("ads_add_printer: printer %s already exists\n", diff --git a/source3/libads/ldap_user.c b/source3/libads/ldap_user.c index 13e68eb82e0..b6e3d189c51 100644 --- a/source3/libads/ldap_user.c +++ b/source3/libads/ldap_user.c @@ -43,7 +43,9 @@ ADS_STATUS ads_add_user_acct(ADS_STRUCT *ads, const char *user, TALLOC_CTX *ctx; ADS_MODLIST mods; ADS_STATUS status; - char *upn, *new_dn, *name, *controlstr; + const char *upn, *new_dn, *name, *controlstr; + const char *objectClass[] = {"top", "person", "organizationalPerson", + "user", NULL}; if (fullname && *fullname) name = fullname; else name = user; @@ -63,14 +65,46 @@ ADS_STATUS ads_add_user_acct(ADS_STRUCT *ads, const char *user, if (!(mods = ads_init_mods(ctx))) goto done; - ads_mod_add(ctx, &mods, "cn", name); - ads_mod_add_var(ctx, &mods, LDAP_MOD_ADD, "objectClass", "top", - "person", "organizationalPerson", "user", NULL); - ads_mod_add(ctx, &mods, "userPrincipalName", upn); - ads_mod_add(ctx, &mods, "name", name); - ads_mod_add(ctx, &mods, "displayName", name); - ads_mod_add(ctx, &mods, "sAMAccountName", user); - ads_mod_add(ctx, &mods, "userAccountControl", controlstr); + ads_mod_str(ctx, &mods, "cn", name); + ads_mod_strlist(ctx, &mods, "objectClass", objectClass); + ads_mod_str(ctx, &mods, "userPrincipalName", upn); + ads_mod_str(ctx, &mods, "name", name); + ads_mod_str(ctx, &mods, "displayName", name); + ads_mod_str(ctx, &mods, "sAMAccountName", user); + ads_mod_str(ctx, &mods, "userAccountControl", controlstr); + status = ads_gen_add(ads, new_dn, mods); + + done: + talloc_destroy(ctx); + return status; +} + +ADS_STATUS ads_add_group_acct(ADS_STRUCT *ads, const char *group, + const char *comment) +{ + TALLOC_CTX *ctx; + ADS_MODLIST mods; + ADS_STATUS status; + char *new_dn; + const char *objectClass[] = {"top", "group", NULL}; + + if (!(ctx = talloc_init_named("ads_add_group_acct"))) + return ADS_ERROR(LDAP_NO_MEMORY); + + status = ADS_ERROR(LDAP_NO_MEMORY); + + if (!(new_dn = talloc_asprintf(ctx, "cn=%s,cn=Users,%s", group, + ads->bind_path))) + goto done; + if (!(mods = ads_init_mods(ctx))) + goto done; + + ads_mod_str(ctx, &mods, "cn", group); + ads_mod_strlist(ctx, &mods, "objectClass",objectClass); + ads_mod_str(ctx, &mods, "name", group); + if (comment) + ads_mod_str(ctx, &mods, "description", comment); + ads_mod_str(ctx, &mods, "sAMAccountName", group); status = ads_gen_add(ads, new_dn, mods); done: diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index eb29c71fce2..1b55453cac9 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -171,8 +171,7 @@ ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads) *p++ = max_msg_size>>16; *p++ = max_msg_size>>8; *p++ = max_msg_size; - snprintf(p, strlen(ads->bind_path)+1, "dn:%s", ads->bind_path); - p += strlen(ads->bind_path); + snprintf(p, strlen(ads->bind_path)+4, "dn:%s", ads->bind_path); output_token.length = strlen(ads->bind_path) + 8; diff --git a/source3/libsmb/cli_dfs.c b/source3/libsmb/cli_dfs.c index 312275926c7..7fc27b9c3b2 100644 --- a/source3/libsmb/cli_dfs.c +++ b/source3/libsmb/cli_dfs.c @@ -20,14 +20,6 @@ #include "includes.h" -/* Opens a SMB connection to the netdfs pipe */ - -struct cli_state *cli_dfs_initialise(struct cli_state *cli, char *system_name, - struct ntuser_creds *creds) -{ - return cli_pipe_initialise(cli, system_name, PIPE_NETDFS, creds); -} - /* Query DFS support */ NTSTATUS cli_dfs_exist(struct cli_state *cli, TALLOC_CTX *mem_ctx, diff --git a/source3/libsmb/cli_lsarpc.c b/source3/libsmb/cli_lsarpc.c index 23cedf1f085..7dfee46faef 100644 --- a/source3/libsmb/cli_lsarpc.c +++ b/source3/libsmb/cli_lsarpc.c @@ -5,7 +5,8 @@ Copyright (C) Andrew Tridgell 1992-1997,2000, Copyright (C) Luke Kenneth Casson Leighton 1996-1997,2000, Copyright (C) Paul Ashton 1997,2000, - Copyright (C) Elrond 2000. + Copyright (C) Elrond 2000, + Copyright (C) Rafal Szczesniak 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -37,19 +38,6 @@ * security authority", which is half of a password database. **/ -/** Opens a SMB connection and connects to the LSARPC pipe. - * - * @param cli Uninitialised client handle. - * @param system_name NETBIOS name of the machine to connect to. - * @param creds User credentials to connect as. - * @returns Initialised client handle. - */ -struct cli_state *cli_lsa_initialise(struct cli_state *cli, char *system_name, - struct ntuser_creds *creds) -{ - return cli_pipe_initialise(cli, system_name, PIPE_LSARPC, creds); -} - /** Open a LSA policy handle * * @param cli Handle on an initialised SMB connection */ @@ -275,7 +263,7 @@ NTSTATUS cli_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != NT_STATUS_V(STATUS_SOME_UNMAPPED)) { - + /* An actual error occured */ goto done; @@ -389,8 +377,8 @@ NTSTATUS cli_lsa_lookup_names(struct cli_state *cli, TALLOC_CTX *mem_ctx, result = r.status; - if (!NT_STATUS_IS_OK(result) && - NT_STATUS_V(result) != NT_STATUS_V(STATUS_SOME_UNMAPPED)) { + if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != + NT_STATUS_V(STATUS_SOME_UNMAPPED)) { /* An actual error occured */ @@ -537,12 +525,25 @@ NTSTATUS cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } -/** Enumerate list of trusted domains */ +/** + * Enumerate list of trusted domains + * + * @param cli client state (cli_state) structure of the connection + * @param mem_ctx memory context + * @param pol opened lsa policy handle + * @param enum_ctx enumeration context ie. index of first returned domain entry + * @param pref_num_domains preferred max number of entries returned in one response + * @param num_domains total number of trusted domains returned by response + * @param domain_names returned trusted domain names + * @param domain_sids returned trusted domain sids + * + * @return nt status code of response + **/ NTSTATUS cli_lsa_enum_trust_dom(struct cli_state *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint32 *enum_ctx, - uint32 *num_domains, char ***domain_names, - DOM_SID **domain_sids) + uint32 *pref_num_domains, uint32 *num_domains, + char ***domain_names, DOM_SID **domain_sids) { prs_struct qbuf, rbuf; LSA_Q_ENUM_TRUST_DOM q; @@ -560,7 +561,7 @@ NTSTATUS cli_lsa_enum_trust_dom(struct cli_state *cli, TALLOC_CTX *mem_ctx, /* Marshall data and send request */ - init_q_enum_trust_dom(&q, pol, *enum_ctx, 0xffffffff); + init_q_enum_trust_dom(&q, pol, *enum_ctx, *pref_num_domains); if (!lsa_io_q_enum_trust_dom("", &q, &qbuf, 0) || !rpc_api_pipe_req(cli, LSA_ENUMTRUSTDOM, &qbuf, &rbuf)) { @@ -577,16 +578,15 @@ NTSTATUS cli_lsa_enum_trust_dom(struct cli_state *cli, TALLOC_CTX *mem_ctx, result = r.status; - if (!NT_STATUS_IS_OK(result) && - NT_STATUS_V(result) != NT_STATUS_V(NT_STATUS_NO_MORE_ENTRIES)) { + if (!NT_STATUS_IS_OK(result) && + !NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) && + !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { /* An actual error ocured */ goto done; } - result = NT_STATUS_OK; - /* Return output parameters */ if (r.num_domains) { @@ -1122,7 +1122,7 @@ Error was : %s.\n", remote_machine, cli_errstr(&cli) )); goto done; } - if (!(cli.sec_mode & 1)) { + if (!(cli.sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) { DEBUG(0,("fetch_domain_sid: machine %s isn't in user level security mode\n", remote_machine)); goto done; diff --git a/source3/libsmb/cli_netlogon.c b/source3/libsmb/cli_netlogon.c index 125590b6d3f..d32e0e77e48 100644 --- a/source3/libsmb/cli_netlogon.c +++ b/source3/libsmb/cli_netlogon.c @@ -25,15 +25,6 @@ #include "includes.h" -/* Opens a SMB connection to the netlogon pipe */ - -struct cli_state *cli_netlogon_initialise(struct cli_state *cli, - char *system_name, - struct ntuser_creds *creds) -{ - return cli_pipe_initialise(cli, system_name, PIPE_NETLOGON, creds); -} - /* LSA Request Challenge. Sends our challenge to server, then gets server response. These are used to generate the credentials. */ @@ -51,8 +42,8 @@ NTSTATUS new_cli_net_req_chal(struct cli_state *cli, DOM_CHAL *clnt_chal, /* create and send a MSRPC command with api NET_REQCHAL */ - DEBUG(4,("cli_net_req_chal: LSA Request Challenge from %s to %s: %s\n", - cli->desthost, global_myname, credstr(clnt_chal->data))); + DEBUG(4,("new_cli_net_req_chal: LSA Request Challenge from %s to %s: %s\n", + global_myname, cli->desthost, credstr(clnt_chal->data))); /* store the parameters */ init_q_req_chal(&q, cli->srv_name_slash, global_myname, clnt_chal); @@ -108,7 +99,7 @@ NTSTATUS new_cli_net_auth2(struct cli_state *cli, /* create and send a MSRPC command with api NET_AUTH2 */ - DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n", + DEBUG(4,("new_cli_net_auth2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n", cli->srv_name_slash, cli->mach_acct, sec_chan, global_myname, credstr(cli->clnt_cred.challenge.data), neg_flags)); @@ -147,7 +138,7 @@ NTSTATUS new_cli_net_auth2(struct cli_state *cli, /* * Server replied with bad credential. Fail. */ - DEBUG(0,("cli_net_auth2: server %s replied with bad credential (bad machine \ + DEBUG(0,("new_cli_net_auth2: server %s replied with bad credential (bad machine \ password ?).\n", cli->desthost )); result = NT_STATUS_ACCESS_DENIED; goto done; @@ -180,7 +171,7 @@ NTSTATUS new_cli_nt_setup_creds(struct cli_state *cli, result = new_cli_net_req_chal(cli, &clnt_chal, &srv_chal); if (!NT_STATUS_IS_OK(result)) { - DEBUG(0,("cli_nt_setup_creds: request challenge failed\n")); + DEBUG(0,("new_cli_nt_setup_creds: request challenge failed\n")); return result; } @@ -206,7 +197,7 @@ NTSTATUS new_cli_nt_setup_creds(struct cli_state *cli, result = new_cli_net_auth2(cli, sec_chan, 0x000001ff, &srv_chal); if (!NT_STATUS_IS_OK(result)) { - DEBUG(0,("cli_nt_setup_creds: auth2 challenge failed %s\n", + DEBUG(1,("cli_nt_setup_creds: auth2 challenge failed %s\n", nt_errstr(result))); } diff --git a/source3/libsmb/cli_reg.c b/source3/libsmb/cli_reg.c index c09ccabb29f..aaf18882f76 100644 --- a/source3/libsmb/cli_reg.c +++ b/source3/libsmb/cli_reg.c @@ -25,15 +25,6 @@ #include "includes.h" -/* Opens a SMB connection to the WINREG pipe */ - -struct cli_state *cli_winreg_initialise(struct cli_state *cli, - char *system_name, - struct ntuser_creds *creds) -{ - return cli_pipe_initialise(cli, system_name, PIPE_WINREG, creds); -} - /* Shutdown a server */ NTSTATUS cli_reg_shutdown(struct cli_state * cli, TALLOC_CTX *mem_ctx, diff --git a/source3/libsmb/cli_samr.c b/source3/libsmb/cli_samr.c index 85a7375f992..91577b33256 100644 --- a/source3/libsmb/cli_samr.c +++ b/source3/libsmb/cli_samr.c @@ -24,14 +24,6 @@ #include "includes.h" -/* Opens a SMB connection to the SAMR pipe */ - -struct cli_state *cli_samr_initialise(struct cli_state *cli, char *system_name, - struct ntuser_creds *creds) -{ - return cli_pipe_initialise(cli, system_name, PIPE_SAMR, creds); -} - /* Connect to SAMR database */ NTSTATUS cli_samr_connect(struct cli_state *cli, TALLOC_CTX *mem_ctx, @@ -55,15 +47,13 @@ NTSTATUS cli_samr_connect(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_samr_q_connect(&q, cli->desthost, access_mask); if (!samr_io_q_connect("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_CONNECT, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, SAMR_CONNECT, &qbuf, &rbuf)) goto done; - } /* Unmarshall response */ - if (!samr_io_r_connect("", &r, &rbuf, 0)) { + if (!samr_io_r_connect("", &r, &rbuf, 0)) goto done; - } /* Return output parameters */ @@ -104,15 +94,13 @@ NTSTATUS cli_samr_close(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_samr_q_close_hnd(&q, connect_pol); if (!samr_io_q_close_hnd("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_CLOSE_HND, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, SAMR_CLOSE_HND, &qbuf, &rbuf)) goto done; - } /* Unmarshall response */ - if (!samr_io_r_close_hnd("", &r, &rbuf, 0)) { + if (!samr_io_r_close_hnd("", &r, &rbuf, 0)) goto done; - } /* Return output parameters */ @@ -154,15 +142,13 @@ NTSTATUS cli_samr_open_domain(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_samr_q_open_domain(&q, connect_pol, access_mask, domain_sid); if (!samr_io_q_open_domain("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_OPEN_DOMAIN, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, SAMR_OPEN_DOMAIN, &qbuf, &rbuf)) goto done; - } /* Unmarshall response */ - if (!samr_io_r_open_domain("", &r, &rbuf, 0)) { + if (!samr_io_r_open_domain("", &r, &rbuf, 0)) goto done; - } /* Return output parameters */ @@ -204,15 +190,13 @@ NTSTATUS cli_samr_open_user(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_samr_q_open_user(&q, domain_pol, access_mask, user_rid); if (!samr_io_q_open_user("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_OPEN_USER, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, SAMR_OPEN_USER, &qbuf, &rbuf)) goto done; - } /* Unmarshall response */ - if (!samr_io_r_open_user("", &r, &rbuf, 0)) { + if (!samr_io_r_open_user("", &r, &rbuf, 0)) goto done; - } /* Return output parameters */ @@ -254,15 +238,13 @@ NTSTATUS cli_samr_open_group(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_samr_q_open_group(&q, domain_pol, access_mask, group_rid); if (!samr_io_q_open_group("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_OPEN_GROUP, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, SAMR_OPEN_GROUP, &qbuf, &rbuf)) goto done; - } /* Unmarshall response */ - if (!samr_io_r_open_group("", &r, &rbuf, 0)) { + if (!samr_io_r_open_group("", &r, &rbuf, 0)) goto done; - } /* Return output parameters */ @@ -304,15 +286,13 @@ NTSTATUS cli_samr_query_userinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_samr_q_query_userinfo(&q, user_pol, switch_value); if (!samr_io_q_query_userinfo("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_QUERY_USERINFO, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, SAMR_QUERY_USERINFO, &qbuf, &rbuf)) goto done; - } /* Unmarshall response */ - if (!samr_io_r_query_userinfo("", &r, &rbuf, 0)) { + if (!samr_io_r_query_userinfo("", &r, &rbuf, 0)) goto done; - } /* Return output parameters */ @@ -350,17 +330,15 @@ NTSTATUS cli_samr_query_groupinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_samr_q_query_groupinfo(&q, group_pol, info_level); if (!samr_io_q_query_groupinfo("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_QUERY_GROUPINFO, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, SAMR_QUERY_GROUPINFO, &qbuf, &rbuf)) goto done; - } /* Unmarshall response */ r.ctr = ctr; - if (!samr_io_r_query_groupinfo("", &r, &rbuf, 0)) { + if (!samr_io_r_query_groupinfo("", &r, &rbuf, 0)) goto done; - } /* Return output parameters */ @@ -397,15 +375,13 @@ NTSTATUS cli_samr_query_usergroups(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_samr_q_query_usergroups(&q, user_pol); if (!samr_io_q_query_usergroups("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_QUERY_USERGROUPS, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, SAMR_QUERY_USERGROUPS, &qbuf, &rbuf)) goto done; - } /* Unmarshall response */ - if (!samr_io_r_query_usergroups("", &r, &rbuf, 0)) { + if (!samr_io_r_query_usergroups("", &r, &rbuf, 0)) goto done; - } /* Return output parameters */ @@ -431,7 +407,7 @@ NTSTATUS cli_samr_query_useraliases(struct cli_state *cli, TALLOC_CTX *mem_ctx, SAMR_Q_QUERY_USERALIASES q; SAMR_R_QUERY_USERALIASES r; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - uint ptr=1; + unsigned int ptr=1; ZERO_STRUCT(q); ZERO_STRUCT(r); @@ -446,15 +422,13 @@ NTSTATUS cli_samr_query_useraliases(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_samr_q_query_useraliases(&q, user_pol, num_sids, &ptr, sid); if (!samr_io_q_query_useraliases("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_QUERY_USERALIASES, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, SAMR_QUERY_USERALIASES, &qbuf, &rbuf)) goto done; - } /* Unmarshall response */ - if (!samr_io_r_query_useraliases("", &r, &rbuf, 0)) { + if (!samr_io_r_query_useraliases("", &r, &rbuf, 0)) goto done; - } /* Return output parameters */ @@ -494,15 +468,13 @@ NTSTATUS cli_samr_query_groupmem(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_samr_q_query_groupmem(&q, group_pol); if (!samr_io_q_query_groupmem("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_QUERY_GROUPMEM, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, SAMR_QUERY_GROUPMEM, &qbuf, &rbuf)) goto done; - } /* Unmarshall response */ - if (!samr_io_r_query_groupmem("", &r, &rbuf, 0)) { + if (!samr_io_r_query_groupmem("", &r, &rbuf, 0)) goto done; - } /* Return output parameters */ @@ -545,24 +517,21 @@ NTSTATUS cli_samr_enum_dom_groups(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_samr_q_enum_dom_groups(&q, pol, *start_idx, size); if (!samr_io_q_enum_dom_groups("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_ENUM_DOM_GROUPS, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, SAMR_ENUM_DOM_GROUPS, &qbuf, &rbuf)) goto done; - } /* Unmarshall response */ - if (!samr_io_r_enum_dom_groups("", &r, &rbuf, 0)) { + if (!samr_io_r_enum_dom_groups("", &r, &rbuf, 0)) goto done; - } /* Return output parameters */ result = r.status; if (!NT_STATUS_IS_OK(result) && - NT_STATUS_V(result) != NT_STATUS_V(STATUS_MORE_ENTRIES)) { + NT_STATUS_V(result) != NT_STATUS_V(STATUS_MORE_ENTRIES)) goto done; - } *num_dom_groups = r.num_entries2; @@ -971,7 +940,7 @@ NTSTATUS cli_samr_lookup_rids(struct cli_state *cli, TALLOC_CTX *mem_ctx, NTSTATUS cli_samr_lookup_names(struct cli_state *cli, TALLOC_CTX *mem_ctx, POLICY_HND *domain_pol, uint32 flags, - uint32 num_names, char **names, + uint32 num_names, const char **names, uint32 *num_rids, uint32 **rids, uint32 **rid_types) { @@ -1272,3 +1241,54 @@ NTSTATUS cli_samr_query_sec_obj(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } + +/* Get domain password info */ + +NTSTATUS cli_samr_get_dom_pwinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx, + uint16 *unk_0, uint16 *unk_1, uint16 *unk_2) +{ + prs_struct qbuf, rbuf; + SAMR_Q_GET_DOM_PWINFO q; + SAMR_R_GET_DOM_PWINFO r; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + + init_samr_q_get_dom_pwinfo(&q, cli->desthost); + + if (!samr_io_q_get_dom_pwinfo("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, SAMR_GET_DOM_PWINFO, &qbuf, &rbuf)) + goto done; + + /* Unmarshall response */ + + if (!samr_io_r_get_dom_pwinfo("", &r, &rbuf, 0)) + goto done; + + /* Return output parameters */ + + result = r.status; + + if (NT_STATUS_IS_OK(result)) { + if (unk_0) + *unk_0 = r.unk_0; + if (unk_1) + *unk_1 = r.unk_1; + if (unk_2) + *unk_2 = r.unk_2; + } + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} diff --git a/source3/libsmb/cli_spoolss.c b/source3/libsmb/cli_spoolss.c index 0458b29d545..18e17758d6d 100644 --- a/source3/libsmb/cli_spoolss.c +++ b/source3/libsmb/cli_spoolss.c @@ -31,20 +31,6 @@ * @{ **/ -/** Opens a SMB connection and connects to the SPOOLSS pipe. - * - * @param cli Uninitialised client handle. - * @param system_name NETBIOS name of the machine to connect to. - * @param creds User credentials to connect as. - * @returns Initialised client handle. - */ -struct cli_state *cli_spoolss_initialise(struct cli_state *cli, - char *system_name, - struct ntuser_creds *creds) -{ - return cli_pipe_initialise(cli, system_name, PIPE_SPOOLSS, creds); -} - /********************************************************************** Initialize a new spoolss buff for use by a client rpc **********************************************************************/ @@ -420,8 +406,8 @@ WERROR cli_spoolss_enum_printers(struct cli_state *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(q); ZERO_STRUCT(r); - fstrcpy (server, cli->desthost); - strupper (server); + slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost); + strupper (server); /* Initialise input parameters */ @@ -620,7 +606,7 @@ WERROR cli_spoolss_getprinter(struct cli_state *cli, TALLOC_CTX *mem_ctx, result = r.status; - if (NT_STATUS_IS_OK(result)) { + if (W_ERROR_IS_OK(result)) { switch (level) { case 0: decode_printer_info_0(mem_ctx, r.buffer, 1, &ctr->printers_0); @@ -1492,48 +1478,6 @@ WERROR cli_spoolss_enumforms(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } -/********************************************************************************* - Win32 API - SetPrinterData() - ********************************************************************************/ - -WERROR cli_spoolss_setprinterdata (struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, char* valname, char* value) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_SETPRINTERDATA q; - SPOOL_R_SETPRINTERDATA r; - WERROR result = W_ERROR(ERRgeneral); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise input parameters */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - - /* write the request */ - make_spoolss_q_setprinterdata(&q, mem_ctx, pol, valname, value); - - /* Marshall data and send request */ - if (!spoolss_io_q_setprinterdata ("", &q, &qbuf, 0) || - !rpc_api_pipe_req (cli, SPOOLSS_SETPRINTERDATA, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - if (spoolss_io_r_setprinterdata ("", &r, &rbuf, 0)) - goto done; - - result = r.status; - -done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - static void decode_jobs_1(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer, uint32 num_jobs, JOB_INFO_1 **jobs) { @@ -1612,11 +1556,123 @@ WERROR cli_spoolss_enumjobs(struct cli_state *cli, TALLOC_CTX *mem_ctx, switch(level) { case 1: decode_jobs_1(mem_ctx, r.buffer, r.returned, - &ctr->job.job_info_1); + ctr->job.job_info_1); break; case 2: decode_jobs_2(mem_ctx, r.buffer, r.returned, - &ctr->job.job_info_2); + ctr->job.job_info_2); + break; + default: + DEBUG(3, ("unsupported info level %d", level)); + break; + } + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +/* Set job */ + +WERROR cli_spoolss_setjob(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd, uint32 jobid, uint32 level, + uint32 command) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_SETJOB q; + SPOOL_R_SETJOB r; + WERROR result = W_ERROR(ERRgeneral); + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Initialise input parameters */ + + make_spoolss_q_setjob(&q, hnd, jobid, level, command); + + /* Marshall data and send request */ + + if (!spoolss_io_q_setjob("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, SPOOLSS_SETJOB, &qbuf, &rbuf)) + goto done; + + /* Unmarshall response */ + + if (!spoolss_io_r_setjob("", &r, &rbuf, 0)) + goto done; + + /* Return output parameters */ + + result = r.status; + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +/* Get job */ + +WERROR cli_spoolss_getjob(struct cli_state *cli, TALLOC_CTX *mem_ctx, + uint32 offered, uint32 *needed, + POLICY_HND *hnd, uint32 jobid, uint32 level, + JOB_INFO_CTR *ctr) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_GETJOB q; + SPOOL_R_GETJOB r; + WERROR result = W_ERROR(ERRgeneral); + NEW_BUFFER buffer; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + init_buffer(&buffer, offered, mem_ctx); + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Initialise input parameters */ + + make_spoolss_q_getjob(&q, hnd, jobid, level, &buffer, offered); + + /* Marshall data and send request */ + + if (!spoolss_io_q_getjob("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, SPOOLSS_GETJOB, &qbuf, &rbuf)) + goto done; + + /* Unmarshall response */ + + if (!spoolss_io_r_getjob("", &r, &rbuf, 0)) + goto done; + + /* Return output parameters */ + + result = r.status; + + if (needed) + *needed = r.needed; + + if (!W_ERROR_IS_OK(r.status)) + goto done; + + switch(level) { + case 1: + decode_jobs_1(mem_ctx, r.buffer, 1, ctr->job.job_info_1); + break; + case 2: + decode_jobs_2(mem_ctx, r.buffer, 1, ctr->job.job_info_2); break; default: DEBUG(3, ("unsupported info level %d", level)); @@ -1630,4 +1686,471 @@ WERROR cli_spoolss_enumjobs(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } +/* Startpageprinter. Sent to notify the spooler when a page is about to be + sent to a printer. */ + +WERROR cli_spoolss_startpageprinter(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_STARTPAGEPRINTER q; + SPOOL_R_STARTPAGEPRINTER r; + WERROR result = W_ERROR(ERRgeneral); + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Initialise input parameters */ + + make_spoolss_q_startpageprinter(&q, hnd); + + /* Marshall data and send request */ + + if (!spoolss_io_q_startpageprinter("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, SPOOLSS_STARTPAGEPRINTER, &qbuf, &rbuf)) + goto done; + + /* Unmarshall response */ + + if (!spoolss_io_r_startpageprinter("", &r, &rbuf, 0)) + goto done; + + /* Return output parameters */ + + result = r.status; + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +/* Endpageprinter. Sent to notify the spooler when a page has finished + being sent to a printer. */ + +WERROR cli_spoolss_endpageprinter(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_ENDPAGEPRINTER q; + SPOOL_R_ENDPAGEPRINTER r; + WERROR result = W_ERROR(ERRgeneral); + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Initialise input parameters */ + + make_spoolss_q_endpageprinter(&q, hnd); + + /* Marshall data and send request */ + + if (!spoolss_io_q_endpageprinter("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, SPOOLSS_ENDPAGEPRINTER, &qbuf, &rbuf)) + goto done; + + /* Unmarshall response */ + + if (!spoolss_io_r_endpageprinter("", &r, &rbuf, 0)) + goto done; + + /* Return output parameters */ + + result = r.status; + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +/* Startdocprinter. Sent to notify the spooler that a document is about + to be spooled for printing. */ + +WERROR cli_spoolss_startdocprinter(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd, char *docname, + char *outputfile, char *datatype, + uint32 *jobid) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_STARTDOCPRINTER q; + SPOOL_R_STARTDOCPRINTER r; + WERROR result = W_ERROR(ERRgeneral); + uint32 level = 1; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Initialise input parameters */ + + make_spoolss_q_startdocprinter(&q, hnd, level, docname, outputfile, + datatype); + + /* Marshall data and send request */ + + if (!spoolss_io_q_startdocprinter("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, SPOOLSS_STARTDOCPRINTER, &qbuf, &rbuf)) + goto done; + + /* Unmarshall response */ + + if (!spoolss_io_r_startdocprinter("", &r, &rbuf, 0)) + goto done; + + /* Return output parameters */ + + result = r.status; + + if (W_ERROR_IS_OK(result)) + *jobid = r.jobid; + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +/* Enddocprinter. Sent to notify the spooler that a document has finished + being spooled. */ + +WERROR cli_spoolss_enddocprinter(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_ENDDOCPRINTER q; + SPOOL_R_ENDDOCPRINTER r; + WERROR result = W_ERROR(ERRgeneral); + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Initialise input parameters */ + + make_spoolss_q_enddocprinter(&q, hnd); + + /* Marshall data and send request */ + + if (!spoolss_io_q_enddocprinter("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, SPOOLSS_ENDDOCPRINTER, &qbuf, &rbuf)) + goto done; + + /* Unmarshall response */ + + if (!spoolss_io_r_enddocprinter("", &r, &rbuf, 0)) + goto done; + + /* Return output parameters */ + + result = r.status; + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +/* Get printer data */ + +WERROR cli_spoolss_getprinterdata(struct cli_state *cli, TALLOC_CTX *mem_ctx, + uint32 offered, uint32 *needed, + POLICY_HND *hnd, char *valuename, + uint32 *data_type, char **data, + uint32 *data_size) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_GETPRINTERDATA q; + SPOOL_R_GETPRINTERDATA r; + WERROR result = W_ERROR(ERRgeneral); + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Initialise input parameters */ + + make_spoolss_q_getprinterdata(&q, hnd, valuename, offered); + + /* Marshall data and send request */ + + if (!spoolss_io_q_getprinterdata("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, SPOOLSS_GETPRINTERDATA, &qbuf, &rbuf)) + goto done; + + /* Unmarshall response */ + + if (!spoolss_io_r_getprinterdata("", &r, &rbuf, 0)) + goto done; + + result = r.status; + + if (needed) + *needed = r.needed; + + if (!W_ERROR_IS_OK(r.status)) + goto done; + + /* Return output parameters */ + + if (data_type) + *data_type = r.type; + + if (data) { + *data = (char *)talloc(mem_ctx, r.needed); + memcpy(*data, r.data, r.needed); + } + + if (data_size) + *data_size = r.needed; + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +/* Set printer data */ + +WERROR cli_spoolss_setprinterdata(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd, char *value, + uint32 data_type, char *data, + uint32 data_size) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_SETPRINTERDATA q; + SPOOL_R_SETPRINTERDATA r; + WERROR result = W_ERROR(ERRgeneral); + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Initialise input parameters */ + + make_spoolss_q_setprinterdata(&q, hnd, value, data, data_size); + + /* Marshall data and send request */ + + if (!spoolss_io_q_setprinterdata("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, SPOOLSS_SETPRINTERDATA, &qbuf, &rbuf)) + goto done; + + /* Unmarshall response */ + + if (!spoolss_io_r_setprinterdata("", &r, &rbuf, 0)) + goto done; + + result = r.status; + + if (!W_ERROR_IS_OK(r.status)) + goto done; + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +/* Enum printer data */ + +WERROR cli_spoolss_enumprinterdata(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd, uint32 ndx, + uint32 value_offered, uint32 data_offered, + uint32 *value_needed, uint32 *data_needed, + char **value, uint32 *data_type, char **data, + uint32 *data_size) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_ENUMPRINTERDATA q; + SPOOL_R_ENUMPRINTERDATA r; + WERROR result = W_ERROR(ERRgeneral); + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Initialise input parameters */ + + make_spoolss_q_enumprinterdata(&q, hnd, ndx, value_offered, data_offered); + + /* Marshall data and send request */ + + if (!spoolss_io_q_enumprinterdata("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, SPOOLSS_ENUMPRINTERDATA, &qbuf, &rbuf)) + goto done; + + /* Unmarshall response */ + + if (!spoolss_io_r_enumprinterdata("", &r, &rbuf, 0)) + goto done; + + result = r.status; + + if (!W_ERROR_IS_OK(r.status)) + goto done; + + /* Return data */ + + if (value_needed) + *value_needed = r.realvaluesize; + + if (data_needed) + *data_needed = r.realdatasize; + + if (data_type) + *data_type = r.type; + + if (value) { + fstring the_value; + + rpcstr_pull(the_value, r.value, sizeof(the_value), -1, + STR_TERMINATE); + + *value = talloc_strdup(mem_ctx, the_value); + } + + if (data) + *data = talloc_memdup(mem_ctx, r.data, r.realdatasize); + + if (data_size) + *data_size = r.realdatasize; + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +/* Write data to printer */ + +WERROR cli_spoolss_writeprinter(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd, uint32 data_size, char *data, + uint32 *num_written) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_WRITEPRINTER q; + SPOOL_R_WRITEPRINTER r; + WERROR result = W_ERROR(ERRgeneral); + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Initialise input parameters */ + + make_spoolss_q_writeprinter(&q, hnd, data_size, data); + + /* Marshall data and send request */ + + if (!spoolss_io_q_writeprinter("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, SPOOLSS_WRITEPRINTER, &qbuf, &rbuf)) + goto done; + + /* Unmarshall response */ + + if (!spoolss_io_r_writeprinter("", &r, &rbuf, 0)) + goto done; + + result = r.status; + + if (!W_ERROR_IS_OK(r.status)) + goto done; + + if (num_written) + *num_written = r.buffer_written; + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +/* Delete printer data */ + +WERROR cli_spoolss_deleteprinterdata(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd, char *valuename) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_DELETEPRINTERDATA q; + SPOOL_R_DELETEPRINTERDATA r; + WERROR result = W_ERROR(ERRgeneral); + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Initialise input parameters */ + + make_spoolss_q_deleteprinterdata(&q, hnd, valuename); + + /* Marshall data and send request */ + + if (!spoolss_io_q_deleteprinterdata("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, SPOOLSS_DELETEPRINTERDATA, &qbuf, &rbuf)) + goto done; + + /* Unmarshall response */ + + if (!spoolss_io_r_deleteprinterdata("", &r, &rbuf, 0)) + goto done; + + result = r.status; + + if (!W_ERROR_IS_OK(r.status)) + goto done; + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + /** @} **/ diff --git a/source3/libsmb/cli_srvsvc.c b/source3/libsmb/cli_srvsvc.c index 9d33149540b..2dc12d726ca 100644 --- a/source3/libsmb/cli_srvsvc.c +++ b/source3/libsmb/cli_srvsvc.c @@ -4,6 +4,7 @@ Copyright (C) Andrew Tridgell 1994-2000 Copyright (C) Luke Kenneth Casson Leighton 1996-2000 Copyright (C) Tim Potter 2001 + Copyright (C) Jim McDonough 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -22,15 +23,6 @@ #include "includes.h" -/* Opens a SMB connection to the svrsvc pipe */ - -struct cli_state *cli_svrsvc_initialise(struct cli_state *cli, - char *system_name, - struct ntuser_creds *creds) -{ - return cli_pipe_initialise(cli, system_name, PIPE_SRVSVC, creds); -} - NTSTATUS cli_srvsvc_net_srv_get_info(struct cli_state *cli, TALLOC_CTX *mem_ctx, uint32 switch_value, SRV_INFO_CTR *ctr) @@ -77,3 +69,374 @@ NTSTATUS cli_srvsvc_net_srv_get_info(struct cli_state *cli, return result; } + +WERROR cli_srvsvc_net_share_enum(struct cli_state *cli, TALLOC_CTX *mem_ctx, + uint32 info_level, SRV_SHARE_INFO_CTR *ctr, + int preferred_len, ENUM_HND *hnd) +{ + prs_struct qbuf, rbuf; + SRV_Q_NET_SHARE_ENUM q; + SRV_R_NET_SHARE_ENUM r; + WERROR result = W_ERROR(ERRgeneral); + int i; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Initialise input parameters */ + + init_srv_q_net_share_enum( + &q, cli->srv_name_slash, info_level, preferred_len, hnd); + + /* Marshall data and send request */ + + if (!srv_io_q_net_share_enum("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, SRV_NET_SHARE_ENUM_ALL, &qbuf, &rbuf)) + goto done; + + /* Unmarshall response */ + + if (!srv_io_r_net_share_enum("", &r, &rbuf, 0)) + goto done; + + result = r.status; + + if (!W_ERROR_IS_OK(result)) + goto done; + + /* Oh yuck yuck yuck - we have to copy all the info out of the + SRV_SHARE_INFO_CTR in the SRV_R_NET_SHARE_ENUM as when we do a + prs_mem_free() it will all be invalidated. The various share + info structures suck badly too. This really is gross. */ + + ZERO_STRUCTP(ctr); + + ctr->info_level = info_level; + ctr->num_entries = r.ctr.num_entries; + + switch(info_level) { + case 1: + ctr->share.info1 = (SRV_SHARE_INFO_1 *)talloc( + mem_ctx, sizeof(SRV_SHARE_INFO_1) * ctr->num_entries); + + memset(ctr->share.info1, 0, sizeof(SRV_SHARE_INFO_1)); + + for (i = 0; i < ctr->num_entries; i++) { + SRV_SHARE_INFO_1 *info1 = &ctr->share.info1[i]; + char *s; + + /* Copy pointer crap */ + + memcpy(&info1->info_1, &r.ctr.share.info1[i].info_1, + sizeof(SH_INFO_1)); + + /* Duplicate strings */ + + s = unistr2_tdup(mem_ctx, &r.ctr.share.info1[i].info_1_str.uni_netname); + if (s) + init_unistr2(&info1->info_1_str.uni_netname, s, strlen(s) + 1); + + s = unistr2_tdup(mem_ctx, &r.ctr.share.info1[i].info_1_str.uni_remark); + if (s) + init_unistr2(&info1->info_1_str.uni_remark, s, strlen(s) + 1); + + } + + break; + case 2: + ctr->share.info2 = (SRV_SHARE_INFO_2 *)talloc( + mem_ctx, sizeof(SRV_SHARE_INFO_2) * ctr->num_entries); + + memset(ctr->share.info2, 0, sizeof(SRV_SHARE_INFO_2)); + + for (i = 0; i < ctr->num_entries; i++) { + SRV_SHARE_INFO_2 *info2 = &ctr->share.info2[i]; + char *s; + + /* Copy pointer crap */ + + memcpy(&info2->info_2, &r.ctr.share.info2[i].info_2, + sizeof(SH_INFO_2)); + + /* Duplicate strings */ + + s = unistr2_tdup(mem_ctx, &r.ctr.share.info2[i].info_2_str.uni_netname); + if (s) + init_unistr2(&info2->info_2_str.uni_netname, s, strlen(s) + 1); + + s = unistr2_tdup(mem_ctx, &r.ctr.share.info2[i].info_2_str.uni_remark); + if (s) + init_unistr2(&info2->info_2_str.uni_remark, s, strlen(s) + 1); + + s = unistr2_tdup(mem_ctx, &r.ctr.share.info2[i].info_2_str.uni_path); + if (s) + init_unistr2(&info2->info_2_str.uni_path, s, strlen(s) + 1); + + s = unistr2_tdup(mem_ctx, &r.ctr.share.info2[i].info_2_str.uni_passwd); + if (s) + init_unistr2(&info2->info_2_str.uni_passwd, s, strlen(s) + 1); + } + break; + } + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +WERROR cli_srvsvc_net_share_del(struct cli_state *cli, TALLOC_CTX *mem_ctx, + const char *sharename) +{ + prs_struct qbuf, rbuf; + SRV_Q_NET_SHARE_DEL q; + SRV_R_NET_SHARE_DEL r; + WERROR result = W_ERROR(ERRgeneral); + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Initialise input parameters */ + + init_srv_q_net_share_del(&q, cli->srv_name_slash, sharename); + + /* Marshall data and send request */ + + if (!srv_io_q_net_share_del("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, SRV_NET_SHARE_DEL, &qbuf, &rbuf)) + goto done; + + /* Unmarshall response */ + + if (!srv_io_r_net_share_del("", &r, &rbuf, 0)) + goto done; + + result = r.status; + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +WERROR cli_srvsvc_net_share_add(struct cli_state *cli, TALLOC_CTX *mem_ctx, + char *netname, uint32 type, char *remark, + uint32 perms, uint32 max_uses, uint32 num_uses, + char *path, char *passwd) +{ + prs_struct qbuf, rbuf; + SRV_Q_NET_SHARE_ADD q; + SRV_R_NET_SHARE_ADD r; + WERROR result = W_ERROR(ERRgeneral); + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + init_srv_q_net_share_add(&q,cli->srv_name_slash, netname, type, remark, + perms, max_uses, num_uses, path, passwd); + + /* Marshall data and send request */ + + if (!srv_io_q_net_share_add("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, SRV_NET_SHARE_ADD, &qbuf, &rbuf)) + goto done; + + /* Unmarshall response */ + + if (!srv_io_r_net_share_add("", &r, &rbuf, 0)) + goto done; + + result = r.status; + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +WERROR cli_srvsvc_net_remote_tod(struct cli_state *cli, TALLOC_CTX *mem_ctx, + char *server, TIME_OF_DAY_INFO *tod) +{ + prs_struct qbuf, rbuf; + SRV_Q_NET_REMOTE_TOD q; + SRV_R_NET_REMOTE_TOD r; + WERROR result = W_ERROR(ERRgeneral); + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Initialise input parameters */ + + init_srv_q_net_remote_tod(&q, cli->srv_name_slash); + + /* Marshall data and send request */ + + if (!srv_io_q_net_remote_tod("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, SRV_NET_REMOTE_TOD, &qbuf, &rbuf)) + goto done; + + /* Unmarshall response */ + + r.tod = tod; + + if (!srv_io_r_net_remote_tod("", &r, &rbuf, 0)) + goto done; + + result = r.status; + + if (!W_ERROR_IS_OK(result)) + goto done; + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +WERROR cli_srvsvc_net_file_enum(struct cli_state *cli, TALLOC_CTX *mem_ctx, + uint32 file_level, char *user_name, + SRV_FILE_INFO_CTR *ctr, int preferred_len, + ENUM_HND *hnd) +{ + prs_struct qbuf, rbuf; + SRV_Q_NET_FILE_ENUM q; + SRV_R_NET_FILE_ENUM r; + WERROR result = W_ERROR(ERRgeneral); + int i; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Initialise input parameters */ + + init_srv_q_net_file_enum(&q, cli->srv_name_slash, NULL, user_name, + file_level, ctr, preferred_len, hnd); + + /* Marshall data and send request */ + + if (!srv_io_q_net_file_enum("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, SRV_NET_FILE_ENUM, &qbuf, &rbuf)) + goto done; + + /* Unmarshall response */ + + if (!srv_io_r_net_file_enum("", &r, &rbuf, 0)) + goto done; + + result = r.status; + + if (!W_ERROR_IS_OK(result)) + goto done; + + /* copy the data over to the ctr */ + + ZERO_STRUCTP(ctr); + + ctr->switch_value = file_level; + + ctr->num_entries = ctr->num_entries2 = r.ctr.num_entries; + + switch(file_level) { + case 3: + ctr->file.info3 = (SRV_FILE_INFO_3 *)talloc( + mem_ctx, sizeof(SRV_FILE_INFO_3) * ctr->num_entries); + + memset(ctr->file.info3, 0, + sizeof(SRV_FILE_INFO_3) * ctr->num_entries); + + for (i = 0; i < r.ctr.num_entries; i++) { + SRV_FILE_INFO_3 *info3 = &ctr->file.info3[i]; + char *s; + + /* Copy pointer crap */ + + memcpy(&info3->info_3, &r.ctr.file.info3[i].info_3, + sizeof(FILE_INFO_3)); + + /* Duplicate strings */ + + s = unistr2_tdup(mem_ctx, &r.ctr.file.info3[i].info_3_str.uni_path_name); + if (s) + init_unistr2(&info3->info_3_str.uni_path_name, s, strlen(s) + 1); + + s = unistr2_tdup(mem_ctx, &r.ctr.file.info3[i].info_3_str.uni_user_name); + if (s) + init_unistr2(&info3->info_3_str.uni_user_name, s, strlen(s) + 1); + + } + + break; + } + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +WERROR cli_srvsvc_net_file_close(struct cli_state *cli, TALLOC_CTX *mem_ctx, + uint32 file_id) +{ + prs_struct qbuf, rbuf; + SRV_Q_NET_FILE_CLOSE q; + SRV_R_NET_FILE_CLOSE r; + WERROR result = W_ERROR(ERRgeneral); + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Initialise input parameters */ + + init_srv_q_net_file_close(&q, cli->srv_name_slash, file_id); + + /* Marshall data and send request */ + + if (!srv_io_q_net_file_close("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, SRV_NET_FILE_CLOSE, &qbuf, &rbuf)) + goto done; + + /* Unmarshall response */ + + if (!srv_io_r_net_file_close("", &r, &rbuf, 0)) + goto done; + + result = r.status; + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + return result; +} diff --git a/source3/libsmb/cli_wkssvc.c b/source3/libsmb/cli_wkssvc.c index 2a84e6b6980..756ff61e5b0 100644 --- a/source3/libsmb/cli_wkssvc.c +++ b/source3/libsmb/cli_wkssvc.c @@ -23,24 +23,6 @@ #include "includes.h" -/** - * Opens a SMB connection to the wkssvc pipe - * - * @param cli client structure (not yet initialised) - * @param system_name called rpc server name - * @param creds user credentials - * - * @return client structure with opened pipe - **/ - -struct cli_state *cli_wkssvc_initialise(struct cli_state *cli, - char *system_name, - struct ntuser_creds *creds) -{ - return cli_pipe_initialise(cli, system_name, PIPE_WKSSVC, creds); -} - - /** * WksQueryInfo rpc call (like query for server's capabilities) * diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 4be63b8f2e2..f0b02b97b02 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -2,6 +2,7 @@ Unix SMB/CIFS implementation. client connect/disconnect routines Copyright (C) Andrew Tridgell 1994-1998 + Copyright (C) Andrew Barteltt 2001-2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -24,28 +25,27 @@ static const struct { - int prot; - const char *name; - } -prots[] = - { - {PROTOCOL_CORE,"PC NETWORK PROGRAM 1.0"}, - {PROTOCOL_COREPLUS,"MICROSOFT NETWORKS 1.03"}, - {PROTOCOL_LANMAN1,"MICROSOFT NETWORKS 3.0"}, - {PROTOCOL_LANMAN1,"LANMAN1.0"}, - {PROTOCOL_LANMAN2,"LM1.2X002"}, - {PROTOCOL_LANMAN2,"Samba"}, - {PROTOCOL_NT1,"NT LANMAN 1.0"}, - {PROTOCOL_NT1,"NT LM 0.12"}, - {-1,NULL} - }; - + int prot; + const char *name; +} prots[] = { + {PROTOCOL_CORE,"PC NETWORK PROGRAM 1.0"}, + {PROTOCOL_COREPLUS,"MICROSOFT NETWORKS 1.03"}, + {PROTOCOL_LANMAN1,"MICROSOFT NETWORKS 3.0"}, + {PROTOCOL_LANMAN1,"LANMAN1.0"}, + {PROTOCOL_LANMAN2,"LM1.2X002"}, + {PROTOCOL_LANMAN2,"DOS LANMAN2.1"}, + {PROTOCOL_LANMAN2,"Samba"}, + {PROTOCOL_NT1,"NT LANMAN 1.0"}, + {PROTOCOL_NT1,"NT LM 0.12"}, + {-1,NULL} +}; /**************************************************************************** -do an old lanman2 style session setup + Do an old lanman2 style session setup. ****************************************************************************/ + static BOOL cli_session_setup_lanman2(struct cli_state *cli, char *user, - char *pass, int passlen) + char *pass, int passlen, const char *workgroup) { fstring pword; char *p; @@ -54,17 +54,19 @@ static BOOL cli_session_setup_lanman2(struct cli_state *cli, char *user, return False; } + /* Lanman2 cannot use SMB signing. */ + cli->sign_info.use_smb_signing = False; + /* if in share level security then don't send a password now */ - if (!(cli->sec_mode & 1)) { + if (!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) { passlen = 0; } - if (passlen > 0 && (cli->sec_mode & 2) && passlen != 24) { + if (passlen > 0 && (cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && passlen != 24) { /* Encrypted mode needed, and non encrypted password supplied. */ passlen = 24; - clistr_push(cli, pword, pass, -1, STR_TERMINATE); - SMBencrypt((uchar *)pword,cli->secblob.data,(uchar *)pword); - } else if ((cli->sec_mode & 2) && passlen == 24) { + SMBencrypt(pass,cli->secblob.data,(uchar *)pword); + } else if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && passlen == 24) { /* Encrypted mode needed, and encrypted password supplied. */ memcpy(pword, pass, passlen); } else if (passlen > 0) { @@ -88,7 +90,10 @@ static BOOL cli_session_setup_lanman2(struct cli_state *cli, char *user, p = smb_buf(cli->outbuf); memcpy(p,pword,passlen); p += passlen; - p += clistr_push(cli, p, user, -1, STR_TERMINATE); + p += clistr_push(cli, p, user, -1, STR_TERMINATE|STR_UPPER); + p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE|STR_UPPER); + p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE); + p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE); cli_setup_bcc(cli, p); cli_send_smb(cli); @@ -108,10 +113,10 @@ static BOOL cli_session_setup_lanman2(struct cli_state *cli, char *user, return True; } - /**************************************************************************** -work out suitable capabilities to offer the server + Work out suitable capabilities to offer the server. ****************************************************************************/ + static uint32 cli_session_setup_capabilities(struct cli_state *cli) { uint32 capabilities = CAP_NT_SMBS; @@ -131,10 +136,10 @@ static uint32 cli_session_setup_capabilities(struct cli_state *cli) return capabilities; } - /**************************************************************************** -do a NT1 guest session setup + Do a NT1 guest session setup. ****************************************************************************/ + static BOOL cli_session_setup_guest(struct cli_state *cli) { char *p; @@ -181,10 +186,10 @@ static BOOL cli_session_setup_guest(struct cli_state *cli) return True; } - /**************************************************************************** -do a NT1 plaintext session setup + Do a NT1 plaintext session setup. ****************************************************************************/ + static BOOL cli_session_setup_plaintext(struct cli_state *cli, char *user, char *pass, char *workgroup) { @@ -237,9 +242,15 @@ static BOOL cli_session_setup_plaintext(struct cli_state *cli, char *user, } -/**************************************************************************** -do a NT1 NTLM/LM encrypted session setup -****************************************************************************/ +/** + do a NT1 NTLM/LM encrypted session setup + @param cli client state to create do session setup on + @param user username + @param pass *either* cleartext password (passlen !=24) or LM response. + @param ntpass NT response, implies ntpasslen >=24, implies pass is not clear + @param workgroup The user's domain. +*/ + static BOOL cli_session_setup_nt1(struct cli_state *cli, char *user, char *pass, int passlen, char *ntpass, int ntpasslen, @@ -248,6 +259,7 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, char *user, uint32 capabilities = cli_session_setup_capabilities(cli); fstring pword, ntpword; char *p; + BOOL tried_signing = False; if (passlen > sizeof(pword)-1 || ntpasslen > sizeof(ntpword)-1) { return False; @@ -257,12 +269,12 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, char *user, /* non encrypted password supplied. Ignore ntpass. */ passlen = 24; ntpasslen = 24; - clistr_push(cli, pword, - pass?pass:"", sizeof(pword), STR_TERMINATE|STR_ASCII); - clistr_push(cli, ntpword, - pass?pass:"", sizeof(ntpword), STR_TERMINATE|STR_ASCII); - SMBencrypt((uchar *)pword,cli->secblob.data,(uchar *)pword); - SMBNTencrypt((uchar *)ntpword,cli->secblob.data,(uchar *)ntpword); + SMBencrypt((uchar *)pass,cli->secblob.data,(uchar *)pword); + SMBNTencrypt((uchar *)pass,cli->secblob.data,(uchar *)ntpword); + if (!cli->sign_info.use_smb_signing && cli->sign_info.negotiated_smb_signing) { + cli_calculate_mac_key(cli, (uchar *)pass, (uchar *)ntpword); + tried_signing = True; + } } else { memcpy(pword, pass, passlen); memcpy(ntpword, ntpass, ntpasslen); @@ -298,10 +310,15 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, char *user, show_msg(cli->inbuf); + if (tried_signing && (cli_is_error(cli) || SVAL(cli->inbuf,smb_vwv2) /* guest */)) { + /* We only use it if we have a successful non-guest connect */ + cli->sign_info.use_smb_signing = False; + } + if (cli_is_error(cli)) { return False; } - + /* use the returned vuid from now on */ cli->vuid = SVAL(cli->inbuf,smb_uid); @@ -315,10 +332,10 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, char *user, return True; } - /**************************************************************************** -send a extended security session setup blob, returning a reply blob + Send a extended security session setup blob, returning a reply blob. ****************************************************************************/ + static DATA_BLOB cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob) { uint32 capabilities = cli_session_setup_capabilities(cli); @@ -382,8 +399,9 @@ static DATA_BLOB cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob) #ifdef HAVE_KRB5 /**************************************************************************** -do a spnego/kerberos encrypted session setup + Do a spnego/kerberos encrypted session setup. ****************************************************************************/ + static BOOL cli_session_setup_kerberos(struct cli_state *cli, char *principal, char *workgroup) { DATA_BLOB blob2, negTokenTarg; @@ -411,8 +429,9 @@ static BOOL cli_session_setup_kerberos(struct cli_state *cli, char *principal, c #endif /**************************************************************************** -do a spnego/NTLMSSP encrypted session setup + Do a spnego/NTLMSSP encrypted session setup. ****************************************************************************/ + static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, char *user, char *pass, char *workgroup) { @@ -501,10 +520,10 @@ static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, char *user, return !cli_is_error(cli); } - /**************************************************************************** -do a spnego encrypted session setup + Do a spnego encrypted session setup. ****************************************************************************/ + static BOOL cli_session_setup_spnego(struct cli_state *cli, char *user, char *pass, char *workgroup) { @@ -514,6 +533,9 @@ static BOOL cli_session_setup_spnego(struct cli_state *cli, char *user, int i; BOOL got_kerberos_mechanism = False; + /* spnego security cannot use SMB signing (for now). */ + cli->sign_info.use_smb_signing = False; + DEBUG(2,("Doing spnego session setup (blob length=%d)\n", cli->secblob.length)); /* the server might not even do spnego */ @@ -558,12 +580,12 @@ ntlmssp: return cli_session_setup_ntlmssp(cli, user, pass, workgroup); } - /**************************************************************************** Send a session setup. The username and workgroup is in UNIX character format and must be converted to DOS codepage format before sending. If the password is in plaintext, the same should be done. ****************************************************************************/ + BOOL cli_session_setup(struct cli_state *cli, char *user, char *pass, int passlen, @@ -591,7 +613,7 @@ BOOL cli_session_setup(struct cli_state *cli, /* if its an older server then we have to use the older request format */ if (cli->protocol < PROTOCOL_NT1) { - return cli_session_setup_lanman2(cli, user, pass, passlen); + return cli_session_setup_lanman2(cli, user, pass, passlen, workgroup); } /* if no user is supplied then we have to do an anonymous connection. @@ -603,13 +625,13 @@ BOOL cli_session_setup(struct cli_state *cli, /* if the server is share level then send a plaintext null password at this point. The password is sent in the tree connect */ - if ((cli->sec_mode & 1) == 0) { + if ((cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) == 0) { return cli_session_setup_plaintext(cli, user, "", workgroup); } - /* if the server doesn't support encryption then we have to use plaintext. The - second password is ignored */ - if ((cli->sec_mode & 2) == 0) { + /* if the server doesn't support encryption then we have to use + plaintext. The second password is ignored */ + if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) { return cli_session_setup_plaintext(cli, user, pass, workgroup); } @@ -630,27 +652,28 @@ BOOL cli_session_setup(struct cli_state *cli, BOOL cli_ulogoff(struct cli_state *cli) { - memset(cli->outbuf,'\0',smb_size); - set_message(cli->outbuf,2,0,True); - SCVAL(cli->outbuf,smb_com,SMBulogoffX); - cli_setup_packet(cli); + memset(cli->outbuf,'\0',smb_size); + set_message(cli->outbuf,2,0,True); + SCVAL(cli->outbuf,smb_com,SMBulogoffX); + cli_setup_packet(cli); SSVAL(cli->outbuf,smb_vwv0,0xFF); SSVAL(cli->outbuf,smb_vwv2,0); /* no additional info */ - cli_send_smb(cli); - if (!cli_receive_smb(cli)) - return False; + cli_send_smb(cli); + if (!cli_receive_smb(cli)) + return False; - return !cli_is_error(cli); + return !cli_is_error(cli); } /**************************************************************************** -send a tconX + Send a tconX. ****************************************************************************/ + BOOL cli_send_tconX(struct cli_state *cli, const char *share, const char *dev, const char *pass, int passlen) { - fstring fullshare, pword, dos_pword; + fstring fullshare, pword; char *p; memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); @@ -658,20 +681,19 @@ BOOL cli_send_tconX(struct cli_state *cli, fstrcpy(cli->share, share); /* in user level security don't send a password now */ - if (cli->sec_mode & 1) { + if (cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) { passlen = 1; pass = ""; } - if ((cli->sec_mode & 2) && *pass && passlen != 24) { + if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && *pass && passlen != 24) { /* * Non-encrypted passwords - convert to DOS codepage before encryption. */ passlen = 24; - clistr_push(cli, dos_pword, pass, -1, STR_TERMINATE); - SMBencrypt((uchar *)dos_pword,cli->secblob.data,(uchar *)pword); + SMBencrypt(pass,cli->secblob.data,(uchar *)pword); } else { - if((cli->sec_mode & 3) == 0) { + if((cli->sec_mode & (NEGOTIATE_SECURITY_USER_LEVEL|NEGOTIATE_SECURITY_CHALLENGE_RESPONSE)) == 0) { /* * Non-encrypted passwords - convert to DOS codepage before using. */ @@ -728,10 +750,10 @@ BOOL cli_send_tconX(struct cli_state *cli, return True; } - /**************************************************************************** -send a tree disconnect + Send a tree disconnect. ****************************************************************************/ + BOOL cli_tdis(struct cli_state *cli) { memset(cli->outbuf,'\0',smb_size); @@ -747,15 +769,19 @@ BOOL cli_tdis(struct cli_state *cli) return !cli_is_error(cli); } - /**************************************************************************** -send a negprot command + Send a negprot command. ****************************************************************************/ + void cli_negprot_send(struct cli_state *cli) { char *p; int numprots; + if (cli->protocol < PROTOCOL_NT1) { + cli->use_spnego = False; + } + memset(cli->outbuf,'\0',smb_size); /* setup the protocol strings */ @@ -778,16 +804,25 @@ void cli_negprot_send(struct cli_state *cli) cli_send_smb(cli); } - /**************************************************************************** -send a negprot command + Send a negprot command. ****************************************************************************/ + BOOL cli_negprot(struct cli_state *cli) { char *p; int numprots; int plength; + if (cli->sign_info.use_smb_signing) { + DEBUG(0, ("Cannot send negprot again, particularly after setting up SMB Signing\n")); + return False; + } + + if (cli->protocol < PROTOCOL_NT1) { + cli->use_spnego = False; + } + memset(cli->outbuf,'\0',smb_size); /* setup the protocol strings */ @@ -822,7 +857,7 @@ BOOL cli_negprot(struct cli_state *cli) return(False); } - cli->protocol = prots[SVAL(cli->inbuf,smb_vwv0)].prot; + cli->protocol = prots[SVAL(cli->inbuf,smb_vwv0)].prot; if (cli->protocol >= PROTOCOL_NT1) { /* NT protocol */ @@ -847,7 +882,16 @@ BOOL cli_negprot(struct cli_state *cli) smb_buf(cli->inbuf)+8, sizeof(cli->server_domain), smb_buflen(cli->inbuf)-8, STR_UNICODE|STR_NOALIGN); } + + /* A way to attempt to force SMB signing */ + if (getenv("CLI_FORCE_SMB_SIGNING")) + cli->sign_info.negotiated_smb_signing = True; + + if (cli->sign_info.negotiated_smb_signing && !(cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED)) + cli->sign_info.negotiated_smb_signing = False; + } else if (cli->protocol >= PROTOCOL_LANMAN1) { + cli->use_spnego = False; cli->sec_mode = SVAL(cli->inbuf,smb_vwv1); cli->max_xmit = SVAL(cli->inbuf,smb_vwv2); cli->sesskey = IVAL(cli->inbuf,smb_vwv6); @@ -860,6 +904,7 @@ BOOL cli_negprot(struct cli_state *cli) cli->secblob = data_blob(smb_buf(cli->inbuf),smb_buflen(cli->inbuf)); } else { /* the old core protocol */ + cli->use_spnego = False; cli->sec_mode = 0; cli->serverzone = TimeDiff(time(NULL)); } @@ -874,10 +919,10 @@ BOOL cli_negprot(struct cli_state *cli) return True; } - /**************************************************************************** - send a session request. see rfc1002.txt 4.3 and 4.3.2 + Send a session request. See rfc1002.txt 4.3 and 4.3.2. ****************************************************************************/ + BOOL cli_session_request(struct cli_state *cli, struct nmb_name *calling, struct nmb_name *called) { @@ -888,6 +933,11 @@ BOOL cli_session_request(struct cli_state *cli, /* 445 doesn't have session request */ if (cli->port == 445) return True; + if (cli->sign_info.use_smb_signing) { + DEBUG(0, ("Cannot send session resquest again, particularly after setting up SMB Signing\n")); + return False; + } + /* send a session request (RFC 1002) */ memcpy(&(cli->calling), calling, sizeof(*calling)); memcpy(&(cli->called ), called , sizeof(*called )); @@ -902,7 +952,7 @@ BOOL cli_session_request(struct cli_state *cli, name_mangle(cli->calling.name, p, cli->calling.name_type); len += name_len(p); - /* setup the packet length + /* setup the packet length * Remove four bytes from the length count, since the length * field in the NBT Session Service header counts the number * of bytes which follow. The cli_send_smb() function knows @@ -913,10 +963,6 @@ BOOL cli_session_request(struct cli_state *cli, _smb_setlen(cli->outbuf,len); SCVAL(cli->outbuf,0,0x81); -#ifdef WITH_SSL -retry: -#endif /* WITH_SSL */ - cli_send_smb(cli); DEBUG(5,("Sent session request\n")); @@ -962,15 +1008,6 @@ retry: } } /* C. Hoch 9/14/95 End */ -#ifdef WITH_SSL - if (CVAL(cli->inbuf,0) == 0x83 && CVAL(cli->inbuf,4) == 0x8e){ /* use ssl */ - if (!sslutil_fd_is_ssl(cli->fd)){ - if (sslutil_connect(cli->fd) == 0) - goto retry; - } - } -#endif /* WITH_SSL */ - if (CVAL(cli->inbuf,0) != 0x82) { /* This is the wrong place to put the error... JRA. */ cli->rap_error = CVAL(cli->inbuf,4); @@ -980,8 +1017,9 @@ retry: } /**************************************************************************** -open the client sockets + Open the client sockets. ****************************************************************************/ + BOOL cli_connect(struct cli_state *cli, const char *host, struct in_addr *ip) { extern pstring user_socket_options; @@ -1034,155 +1072,11 @@ BOOL cli_connect(struct cli_state *cli, const char *host, struct in_addr *ip) } /**************************************************************************** -establishes a connection right up to doing tconX, password in cache. + Initialise client credentials for authenticated pipe access. ****************************************************************************/ -BOOL cli_establish_connection(struct cli_state *cli, - char *dest_host, struct in_addr *dest_ip, - struct nmb_name *calling, struct nmb_name *called, - char *service, char *service_type, - BOOL do_shutdown, BOOL do_tcon) -{ - DEBUG(5,("cli_establish_connection: %s connecting to %s (%s) - %s [%s]\n", - nmb_namestr(calling), nmb_namestr(called), inet_ntoa(*dest_ip), - cli->user_name, cli->domain)); - - /* establish connection */ - - if ((!cli->initialised)) - { - return False; - } - - /* cli_establish_connection() can't handle spnego yet. Once we get rid of - pwd_cache and other horrors we can get rid of this */ - cli->use_spnego = False; - - if (cli->fd == -1) - { - if (!cli_connect(cli, dest_host, dest_ip)) - { - DEBUG(1,("cli_establish_connection: failed to connect to %s (%s)\n", - nmb_namestr(called), inet_ntoa(*dest_ip))); - return False; - } - } - - if (!cli_session_request(cli, calling, called)) - { - DEBUG(1,("failed session request\n")); - if (do_shutdown) - cli_shutdown(cli); - return False; - } - - if (!cli_negprot(cli)) - { - DEBUG(1,("failed negprot\n")); - if (do_shutdown) - cli_shutdown(cli); - return False; - } - - if (cli->pwd.cleartext || cli->pwd.null_pwd) - { - fstring passwd; - int pass_len; - - if (cli->pwd.null_pwd) - { - /* attempt null session */ - passwd[0] = 0; - pass_len = 1; - } - else - { - /* attempt clear-text session */ - pwd_get_cleartext(&(cli->pwd), passwd); - pass_len = strlen(passwd); - } - - /* attempt clear-text session */ - if (!cli_session_setup(cli, cli->user_name, - passwd, pass_len, - NULL, 0, - cli->domain)) - { - DEBUG(1,("failed session setup\n")); - if (do_shutdown) - { - cli_shutdown(cli); - } - return False; - } - if (do_tcon) - { - if (!cli_send_tconX(cli, service, service_type, - (char*)passwd, strlen(passwd))) - { - DEBUG(1,("failed tcon_X\n")); - if (do_shutdown) - { - cli_shutdown(cli); - } - return False; - } - } - } - else - { - /* attempt encrypted session */ - unsigned char nt_sess_pwd[24]; - unsigned char lm_sess_pwd[24]; - - /* creates (storing a copy of) and then obtains a 24 byte password OWF */ - pwd_make_lm_nt_owf(&(cli->pwd), cli->secblob.data); - pwd_get_lm_nt_owf(&(cli->pwd), lm_sess_pwd, nt_sess_pwd); - - /* attempt encrypted session */ - if (!cli_session_setup(cli, cli->user_name, - (char*)lm_sess_pwd, sizeof(lm_sess_pwd), - (char*)nt_sess_pwd, sizeof(nt_sess_pwd), - cli->domain)) - { - DEBUG(1,("failed session setup\n")); - if (do_shutdown) - cli_shutdown(cli); - return False; - } - - DEBUG(1,("session setup ok\n")); - - if (*cli->server_domain || *cli->server_os || *cli->server_type) - { - DEBUG(1,("Domain=[%s] OS=[%s] Server=[%s]\n", - cli->server_domain, - cli->server_os, - cli->server_type)); - } - - if (do_tcon) - { - if (!cli_send_tconX(cli, service, service_type, - (char*)nt_sess_pwd, sizeof(nt_sess_pwd))) - { - DEBUG(1,("failed tcon_X\n")); - if (do_shutdown) - cli_shutdown(cli); - return False; - } - } - } - - if (do_shutdown) - cli_shutdown(cli); - - return True; -} - -/* Initialise client credentials for authenticated pipe access */ static void init_creds(struct ntuser_creds *creds, char* username, - char* domain, char* password, int pass_len) + char* domain, char* password) { ZERO_STRUCTP(creds); @@ -1196,15 +1090,26 @@ static void init_creds(struct ntuser_creds *creds, char* username, } } -/**************************************************************************** -establishes a connection right up to doing tconX, password specified. -****************************************************************************/ +/** + establishes a connection right up to doing tconX, password specified. + @param output_cli A fully initialised cli structure, non-null only on success + @param dest_host The netbios name of the remote host + @param dest_ip (optional) The the destination IP, NULL for name based lookup + @param port (optional) The destination port (0 for default) + @param service (optional) The share to make the connection to. Should be 'unqualified' in any way. + @param service_type The 'type' of serivice. + @param user Username, unix string + @param domain User's domain + @param password User's password, unencrypted unix string. +*/ + NTSTATUS cli_full_connection(struct cli_state **output_cli, - const char *my_name, const char *dest_host, + const char *my_name, + const char *dest_host, struct in_addr *dest_ip, int port, char *service, char *service_type, char *user, char *domain, - char *password, int pass_len) + char *password, int flags) { struct ntuser_creds creds; NTSTATUS nt_status; @@ -1212,32 +1117,40 @@ NTSTATUS cli_full_connection(struct cli_state **output_cli, struct nmb_name called; struct cli_state *cli; struct in_addr ip; - - if (!output_cli) + extern pstring global_myname; + + if (!output_cli) { DEBUG(0, ("output_cli is NULL!?!")); + SMB_ASSERT("output_cli for cli_full_connection was NULL.\n"); + } - *output_cli = NULL; + if (!my_name) + my_name = global_myname; - make_nmb_name(&calling, my_name, 0x0); - make_nmb_name(&called , dest_host, 0x20); - -again: - if (!(cli = cli_initialise(NULL))) return NT_STATUS_NO_MEMORY; + make_nmb_name(&calling, my_name, 0x0); + make_nmb_name(&called , dest_host, 0x20); + if (cli_set_port(cli, port) != port) { cli_shutdown(cli); return NT_STATUS_UNSUCCESSFUL; } - ip = *dest_ip; - + if (dest_ip) { + ip = *dest_ip; + } else { + ZERO_STRUCT(ip); + } + +again: + DEBUG(3,("Connecting to host=%s share=%s\n", dest_host, service)); if (!cli_connect(cli, dest_host, &ip)) { - DEBUG(1,("cli_establish_connection: failed to connect to %s (%s)\n", - nmb_namestr(&called), inet_ntoa(*dest_ip))); + DEBUG(1,("cli_full_connection: failed to connect to %s (%s)\n", + nmb_namestr(&called), inet_ntoa(ip))); cli_shutdown(cli); return NT_STATUS_UNSUCCESSFUL; } @@ -1258,6 +1171,12 @@ again: return NT_STATUS_UNSUCCESSFUL; } + if (flags & CLI_FULL_CONNECTION_DONT_SPNEGO) { + cli->use_spnego = False; + } else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS) { + cli->use_kerberos = True; + } + if (!cli_negprot(cli)) { DEBUG(1,("failed negprot\n")); nt_status = NT_STATUS_UNSUCCESSFUL; @@ -1265,29 +1184,36 @@ again: return nt_status; } - if (!cli_session_setup(cli, user, password, pass_len, password, pass_len, + if (!cli_session_setup(cli, user, password, strlen(password)+1, + password, strlen(password)+1, domain)) { - DEBUG(1,("failed session setup\n")); - nt_status = cli_nt_error(cli); - cli_shutdown(cli); - if (NT_STATUS_IS_OK(nt_status)) - nt_status = NT_STATUS_UNSUCCESSFUL; - return nt_status; + if (!(flags & CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK) + || cli_session_setup(cli, "", "", 0, + "", 0, domain)) { + } else { + nt_status = cli_nt_error(cli); + DEBUG(1,("failed session setup with %s\n", nt_errstr(nt_status))); + cli_shutdown(cli); + if (NT_STATUS_IS_OK(nt_status)) + nt_status = NT_STATUS_UNSUCCESSFUL; + return nt_status; + } } if (service) { if (!cli_send_tconX(cli, service, service_type, - (char*)password, pass_len)) { - DEBUG(1,("failed tcon_X\n")); + (char*)password, strlen(password)+1)) { + DEBUG(1,("failed tcon_X with %s\n", nt_errstr(nt_status))); nt_status = cli_nt_error(cli); cli_shutdown(cli); - if (NT_STATUS_IS_OK(nt_status)) + if (NT_STATUS_IS_OK(nt_status)) { nt_status = NT_STATUS_UNSUCCESSFUL; + } return nt_status; } } - init_creds(&creds, user, domain, password, pass_len); + init_creds(&creds, user, domain, password); cli_init_creds(cli, &creds); *output_cli = cli; @@ -1301,55 +1227,53 @@ again: BOOL attempt_netbios_session_request(struct cli_state *cli, char *srchost, char *desthost, struct in_addr *pdest_ip) { - struct nmb_name calling, called; + struct nmb_name calling, called; - make_nmb_name(&calling, srchost, 0x0); + make_nmb_name(&calling, srchost, 0x0); - /* - * If the called name is an IP address - * then use *SMBSERVER immediately. - */ + /* + * If the called name is an IP address + * then use *SMBSERVER immediately. + */ - if(is_ipaddress(desthost)) - make_nmb_name(&called, "*SMBSERVER", 0x20); - else - make_nmb_name(&called, desthost, 0x20); + if(is_ipaddress(desthost)) + make_nmb_name(&called, "*SMBSERVER", 0x20); + else + make_nmb_name(&called, desthost, 0x20); - if (!cli_session_request(cli, &calling, &called)) { - struct nmb_name smbservername; + if (!cli_session_request(cli, &calling, &called)) { + struct nmb_name smbservername; - make_nmb_name(&smbservername , "*SMBSERVER", 0x20); + make_nmb_name(&smbservername , "*SMBSERVER", 0x20); - /* - * If the name wasn't *SMBSERVER then - * try with *SMBSERVER if the first name fails. - */ + /* + * If the name wasn't *SMBSERVER then + * try with *SMBSERVER if the first name fails. + */ - if (nmb_name_equal(&called, &smbservername)) { + if (nmb_name_equal(&called, &smbservername)) { - /* - * The name used was *SMBSERVER, don't bother with another name. - */ + /* + * The name used was *SMBSERVER, don't bother with another name. + */ - DEBUG(0,("attempt_netbios_session_request: %s rejected the session for name *SMBSERVER \ + DEBUG(0,("attempt_netbios_session_request: %s rejected the session for name *SMBSERVER \ with error %s.\n", desthost, cli_errstr(cli) )); - cli_shutdown(cli); - return False; - } + cli_shutdown(cli); + return False; + } - cli_shutdown(cli); + cli_shutdown(cli); - if (!cli_initialise(cli) || - !cli_connect(cli, desthost, pdest_ip) || - !cli_session_request(cli, &calling, &smbservername)) { - DEBUG(0,("attempt_netbios_session_request: %s rejected the session for \ + if (!cli_initialise(cli) || + !cli_connect(cli, desthost, pdest_ip) || + !cli_session_request(cli, &calling, &smbservername)) { + DEBUG(0,("attempt_netbios_session_request: %s rejected the session for \ name *SMBSERVER with error %s\n", desthost, cli_errstr(cli) )); - cli_shutdown(cli); - return False; - } - } + cli_shutdown(cli); + return False; + } + } - return True; + return True; } - - diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index ba7a327344a..c9500ead5d2 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -31,6 +31,41 @@ int cli_set_port(struct cli_state *cli, int port) return port; } +/**************************************************************************** + read an smb from a fd ignoring all keepalive packets. Note that the buffer + *MUST* be of size BUFFER_SIZE+SAFETY_MARGIN. + The timeout is in milliseconds + + This is exactly the same as receive_smb except that it never returns + a session keepalive packet (just as receive_smb used to do). + receive_smb was changed to return keepalives as the oplock processing means this call + should never go into a blocking read. +****************************************************************************/ + +static BOOL client_receive_smb(int fd,char *buffer, unsigned int timeout) +{ + BOOL ret; + + for(;;) + { + ret = receive_smb(fd, buffer, timeout); + + if (!ret) + { + DEBUG(10,("client_receive_smb failed\n")); + show_msg(buffer); + return ret; + } + + /* Ignore session keepalive packets. */ + if(CVAL(buffer,0) != SMBkeepalive) + break; + } + show_msg(buffer); + return ret; +} + + /**************************************************************************** recv an smb ****************************************************************************/ @@ -72,7 +107,7 @@ BOOL cli_receive_smb(struct cli_state *cli) } /**************************************************************************** - send an smb to a fd. + Send an smb to a fd. ****************************************************************************/ BOOL cli_send_smb(struct cli_state *cli) @@ -82,31 +117,33 @@ BOOL cli_send_smb(struct cli_state *cli) ssize_t ret; /* fd == -1 causes segfaults -- Tom (tom@ninja.nl) */ - if (cli->fd == -1) return False; + if (cli->fd == -1) + return False; + + cli_caclulate_sign_mac(cli); len = smb_len(cli->outbuf) + 4; while (nwritten < len) { ret = write_socket(cli->fd,cli->outbuf+nwritten,len - nwritten); if (ret <= 0) { - close(cli->fd); - cli->fd = -1; - DEBUG(0,("Error writing %d bytes to client. %d\n", - (int)len,(int)ret)); + close(cli->fd); + cli->fd = -1; + DEBUG(0,("Error writing %d bytes to client. %d\n", (int)len,(int)ret)); return False; } nwritten += ret; } - return True; } /**************************************************************************** -setup basics in a outgoing packet + Setup basics in a outgoing packet. ****************************************************************************/ + void cli_setup_packet(struct cli_state *cli) { - cli->rap_error = 0; + cli->rap_error = 0; SSVAL(cli->outbuf,smb_pid,cli->pid); SSVAL(cli->outbuf,smb_uid,cli->vuid); SSVAL(cli->outbuf,smb_mid,cli->mid); @@ -123,6 +160,8 @@ void cli_setup_packet(struct cli_state *cli) if (cli->use_spnego) { flags2 |= FLAGS2_EXTENDED_SECURITY; } + if (cli->sign_info.use_smb_signing) + flags2 |= FLAGS2_SMB_SECURITY_SIGNATURES; SSVAL(cli->outbuf,smb_flg2, flags2); } } @@ -247,10 +286,6 @@ void cli_shutdown(struct cli_state *cli) if (cli->mem_ctx) talloc_destroy(cli->mem_ctx); -#ifdef WITH_SSL - if (cli->fd != -1) - sslutil_disconnect(cli->fd); -#endif /* WITH_SSL */ if (cli->fd != -1) close(cli->fd); allocated = cli->allocated; diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c index 05843ac5de1..a47c956a555 100644 --- a/source3/libsmb/clifile.c +++ b/source3/libsmb/clifile.c @@ -76,7 +76,7 @@ static BOOL cli_link_internal(struct cli_state *cli, const char *fname_src, cons uint32 unix_perms_to_wire(mode_t perms) { - uint ret = 0; + unsigned int ret = 0; ret |= ((perms & S_IXOTH) ? UNIX_X_OTH : 0); ret |= ((perms & S_IWOTH) ? UNIX_W_OTH : 0); diff --git a/source3/libsmb/clilist.c b/source3/libsmb/clilist.c index 8b28e05a475..17a759f9e39 100644 --- a/source3/libsmb/clilist.c +++ b/source3/libsmb/clilist.c @@ -54,10 +54,14 @@ static int interpret_long_filename(struct cli_state *cli, len = CVAL(p, 26); p += 27; p += clistr_align_in(cli, p, 0); + /* the len+2 below looks strange but it is + important to cope with the differences + between win2000 and win9x for this call + (tridge) */ p += clistr_pull(cli, finfo->name, p, - sizeof(finfo->name), - len, - STR_TERMINATE); + sizeof(finfo->name), + len+2, + STR_TERMINATE); return PTR_DIFF(p, base); case 2: /* this is what OS/2 uses mostly */ diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c index a2b6c8bb8b4..2064e149543 100644 --- a/source3/libsmb/clirap.c +++ b/source3/libsmb/clirap.c @@ -117,7 +117,8 @@ BOOL cli_NetWkstaUserLogon(struct cli_state *cli,char *user, char *workstation) if (cli->rap_error == 0) { DEBUG(4,("NetWkstaUserLogon success\n")); cli->privileges = SVAL(p, 24); - fstrcpy(cli->eff_name,p+2); + /* The cli->eff_name field used to be set here + but it wasn't used anywhere else. */ } else { DEBUG(1,("NetwkstaUserLogon gave error %d\n", cli->rap_error)); } @@ -283,8 +284,6 @@ BOOL cli_oem_change_password(struct cli_state *cli, const char *user, const char char param[16+sizeof(fstring)]; char data[532]; char *p = param; - fstring upper_case_old_pw; - fstring upper_case_new_pw; unsigned char old_pw_hash[16]; unsigned char new_pw_hash[16]; int data_len; @@ -316,9 +315,7 @@ BOOL cli_oem_change_password(struct cli_state *cli, const char *user, const char * Get the Lanman hash of the old password, we * use this as the key to make_oem_passwd_hash(). */ - memset(upper_case_old_pw, '\0', sizeof(upper_case_old_pw)); - clistr_push(cli, upper_case_old_pw, old_password, -1,STR_TERMINATE|STR_UPPER|STR_ASCII); - E_P16((uchar *)upper_case_old_pw, old_pw_hash); + E_deshash(old_password, old_pw_hash); clistr_push(cli, dos_new_password, new_password, -1, STR_TERMINATE|STR_ASCII); @@ -328,10 +325,7 @@ BOOL cli_oem_change_password(struct cli_state *cli, const char *user, const char /* * Now place the old password hash in the data. */ - memset(upper_case_new_pw, '\0', sizeof(upper_case_new_pw)); - clistr_push(cli, upper_case_new_pw, new_password, -1, STR_TERMINATE|STR_UPPER|STR_ASCII); - - E_P16((uchar *)upper_case_new_pw, new_pw_hash); + E_deshash(new_password, new_pw_hash); E_old_pw_hash( new_pw_hash, old_pw_hash, (uchar *)&data[516]); diff --git a/source3/libsmb/clirap2.c b/source3/libsmb/clirap2.c index 00cd4b15f33..9c3ec212d52 100644 --- a/source3/libsmb/clirap2.c +++ b/source3/libsmb/clirap2.c @@ -1493,7 +1493,7 @@ int cli_NetPrintQEnum(struct cli_state *cli, for (j=0;joutbuf,'\0',smb_size); - memset(cli->inbuf,'\0',smb_size); - - set_message(cli->outbuf,10,0,True); - - SCVAL(cli->outbuf,smb_com,SMBreadbraw); - SSVAL(cli->outbuf,smb_tid,cli->cnum); - cli_setup_packet(cli); - - SSVAL(cli->outbuf,smb_vwv0,fnum); - SIVAL(cli->outbuf,smb_vwv1,offset); - SSVAL(cli->outbuf,smb_vwv2,size); - SSVAL(cli->outbuf,smb_vwv3,size); - SSVAL(cli->outbuf,smb_mid,cli->mid + i); - - return cli_send_smb(cli); -} - /**************************************************************************** Read size bytes at offset offset using SMBreadX. ****************************************************************************/ @@ -152,6 +127,43 @@ ssize_t cli_read(struct cli_state *cli, int fnum, char *buf, off_t offset, size_ return total; } +#if 0 /* relies on client_recieve_smb(), now a static in libsmb/clientgen.c */ + +/* This call is INCOMPATIBLE with SMB signing. If you remove the #if 0 + you must fix ensure you don't attempt to sign the packets - data + *will* be currupted */ + +/**************************************************************************** +Issue a single SMBreadraw and don't wait for a reply. +****************************************************************************/ + +static BOOL cli_issue_readraw(struct cli_state *cli, int fnum, off_t offset, + size_t size, int i) +{ + + if (!cli->sign_info.use_smb_signing) { + DEBUG(0, ("Cannot use readraw and SMB Signing\n")); + return False; + } + + memset(cli->outbuf,'\0',smb_size); + memset(cli->inbuf,'\0',smb_size); + + set_message(cli->outbuf,10,0,True); + + SCVAL(cli->outbuf,smb_com,SMBreadbraw); + SSVAL(cli->outbuf,smb_tid,cli->cnum); + cli_setup_packet(cli); + + SSVAL(cli->outbuf,smb_vwv0,fnum); + SIVAL(cli->outbuf,smb_vwv1,offset); + SSVAL(cli->outbuf,smb_vwv2,size); + SSVAL(cli->outbuf,smb_vwv3,size); + SSVAL(cli->outbuf,smb_mid,cli->mid + i); + + return cli_send_smb(cli); +} + /**************************************************************************** Tester for the readraw call. ****************************************************************************/ @@ -213,7 +225,7 @@ ssize_t cli_readraw(struct cli_state *cli, int fnum, char *buf, off_t offset, si return total; } - +#endif /**************************************************************************** issue a single SMBwrite and don't wait for a reply ****************************************************************************/ diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c index a4fcfa5d9a9..469b946088c 100644 --- a/source3/libsmb/clispnego.c +++ b/source3/libsmb/clispnego.c @@ -549,7 +549,7 @@ BOOL msrpc_gen(DATA_BLOB *blob, format specifiers are: - U = unicode string (input is unix string) + U = unicode string (output is unix string) B = data blob b = data blob in header d = word (4 bytes) @@ -620,3 +620,44 @@ BOOL msrpc_parse(DATA_BLOB *blob, return True; } + +/** + * Print out the NTLMSSP flags for debugging + */ + +void debug_ntlmssp_flags(uint32 neg_flags) +{ + if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) + DEBUG(4, (" NTLMSSP_NEGOTIATE_UNICODE\n")); + if (neg_flags & NTLMSSP_NEGOTIATE_OEM) + DEBUG(4, (" NTLMSSP_NEGOTIATE_OEM\n")); + if (neg_flags & NTLMSSP_REQUEST_TARGET) + DEBUG(4, (" NTLMSSP_REQUEST_TARGET\n")); + if (neg_flags & NTLMSSP_NEGOTIATE_SIGN) + DEBUG(4, (" NTLMSSP_NEGOTIATE_SIGN\n")); + if (neg_flags & NTLMSSP_NEGOTIATE_SIGN) + DEBUG(4, (" NTLMSSP_NEGOTIATE_SEAL\n")); + if (neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) + DEBUG(4, (" NTLMSSP_NEGOTIATE_LM_KEY\n")); + if (neg_flags & NTLMSSP_NEGOTIATE_NETWARE) + DEBUG(4, (" NTLMSSP_NEGOTIATE_NETWARE\n")); + if (neg_flags & NTLMSSP_NEGOTIATE_NTLM) + DEBUG(4, (" NTLMSSP_NEGOTIATE_NTLM\n")); + if (neg_flags & NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED) + DEBUG(4, (" NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED\n")); + if (neg_flags & NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED) + DEBUG(4, (" NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED\n")); + if (neg_flags & NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL) + DEBUG(4, (" NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL\n")); + if (neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN) + DEBUG(4, (" NTLMSSP_NEGOTIATE_ALWAYS_SIGN\n")); + if (neg_flags & NTLMSSP_NEGOTIATE_NTLM2) + DEBUG(4, (" NTLMSSP_NEGOTIATE_NTLM2\n")); + if (neg_flags & NTLMSSP_CHAL_TARGET_INFO) + DEBUG(4, (" NTLMSSP_CHAL_TARGET_INFO\n")); + if (neg_flags & NTLMSSP_NEGOTIATE_128) + DEBUG(4, (" NTLMSSP_NEGOTIATE_128\n")); + if (neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) + DEBUG(4, (" NTLMSSP_NEGOTIATE_KEY_EXCH\n")); +} + diff --git a/source3/libsmb/errormap.c b/source3/libsmb/errormap.c index c30db3ad95f..a35108c3de0 100644 --- a/source3/libsmb/errormap.c +++ b/source3/libsmb/errormap.c @@ -2,6 +2,7 @@ * Unix SMB/CIFS implementation. * error mapping functions * Copyright (C) Andrew Tridgell 2001 + * Copyright (C) Andrew Bartlett 2001 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/source3/libsmb/libsmbclient.c b/source3/libsmb/libsmbclient.c index 237701b9685..0ffc1c1378e 100644 --- a/source3/libsmb/libsmbclient.c +++ b/source3/libsmb/libsmbclient.c @@ -1,9 +1,10 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. SMB client library implementation Copyright (C) Andrew Tridgell 1998 - Copyright (C) Richard Sharpe 2000 + Copyright (C) Richard Sharpe 2000, 2002 Copyright (C) John Terpstra 2000 + Copyright (C) Tom Jansen (Ninja ISD) 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -21,56 +22,36 @@ */ #include "includes.h" + #include "libsmbclient.h" -/* Structure for servers ... Held here so we don't need an include ... - * May be better to put in an include file +/* + * Functions exported by libsmb_cache.c that we need here */ +int smbc_default_cache_functions(SMBCCTX *context); -struct smbc_server { - struct smbc_server *next, *prev; - struct cli_state cli; - dev_t dev; - char *server_name; - char *share_name; - char *workgroup; - char *username; - BOOL no_pathinfo2; -}; - -/* Keep directory entries in a list */ -struct smbc_dir_list { - struct smbc_dir_list *next; - struct smbc_dirent *dirent; -}; - -struct smbc_file { - int cli_fd; - int smbc_fd; - char *fname; - off_t offset; - struct smbc_server *srv; - BOOL file; - struct smbc_dir_list *dir_list, *dir_end, *dir_next; - int dir_type, dir_error; -}; - -int smbc_fstatdir(int fd, struct stat *st); /* Forward decl */ -BOOL smbc_getatr(struct smbc_server *srv, char *path, - uint16 *mode, size_t *size, - time_t *c_time, time_t *a_time, time_t *m_time, - SMB_INO_T *ino); +/* + * check if an element is part of the list. + * FIXME: Does not belong here ! + * Can anyone put this in a macro in dlinklist.h ? + * -- Tom + */ +static int DLIST_CONTAINS(SMBCFILE * list, SMBCFILE *p) { + if (!p || !list) return False; + do { + if (p == list) return True; + list = list->next; + } while (list); + return False; +} extern BOOL in_client; extern pstring global_myname; + +/* + * Is the logging working / configfile read ? + */ static int smbc_initialized = 0; -static smbc_get_auth_data_fn smbc_auth_fn = NULL; -/*static int smbc_debug;*/ -static int smbc_start_fd; -static struct smbc_file **smbc_file_table; -static struct smbc_server *smbc_srvs; -static pstring my_netbios_name; -static pstring smbc_user; /* * Function to parse a path and turn it into components @@ -78,14 +59,14 @@ static pstring smbc_user; * We accept smb://[[[domain;]user[:password@]]server[/share[/path[/file]]]] * * smb:// means show all the workgroups - * smb://name/ means, if name<1D> exists, list servers in workgroup, + * smb://name/ means, if name<1D> or name<1B> exists, list servers in workgroup, * else, if name<20> exists, list all shares for server ... */ static const char *smbc_prefix = "smb:"; static int -smbc_parse_path(const char *fname, char *server, char *share, char *path, +smbc_parse_path(SMBCCTX *context, const char *fname, char *server, char *share, char *path, char *user, char *password) /* FIXME, lengths of strings */ { static pstring s; @@ -121,7 +102,8 @@ smbc_parse_path(const char *fname, char *server, char *share, char *path, if (*p == '/') { - strncpy(server, (char *)lp_workgroup(), 16); /* FIXME: Danger here */ + strncpy(server, context->workgroup, + (strlen(context->workgroup) < 16)?strlen(context->workgroup):16); return 0; } @@ -147,7 +129,7 @@ smbc_parse_path(const char *fname, char *server, char *share, char *path, if (strchr_m(u, ';')) { next_token(&u, domain, ";", sizeof(fstring)); - + } if (strchr_m(u, ':')) { @@ -172,9 +154,9 @@ smbc_parse_path(const char *fname, char *server, char *share, char *path, } if (!next_token(&p, server, "/", sizeof(fstring))) { - + return -1; - + } if (*p == (char)0) return 0; /* That's it ... */ @@ -196,7 +178,7 @@ smbc_parse_path(const char *fname, char *server, char *share, char *path, * Convert an SMB error into a UNIX error ... */ -int smbc_errno(struct cli_state *c) +static int smbc_errno(SMBCCTX *context, struct cli_state *c) { int ret; @@ -216,12 +198,65 @@ int smbc_errno(struct cli_state *c) ret = cli_errno_from_nt(status); DEBUG(3,("smbc errno %s -> %d\n", - nt_errstr(status), ret)); + get_nt_error_msg(status), ret)); } return ret; } +/* + * Check a server_fd. + * returns 0 if the server is in shape. Returns 1 on error + * + * Also useable outside libsmbclient to enable external cache + * to do some checks too. + */ +int smbc_check_server(SMBCCTX * context, SMBCSRV * server) +{ + if ( cli_send_keepalive(&server->cli) == False ) + return 1; + + /* connection is ok */ + return 0; +} + +/* + * Remove a server from the list server_table if it's unused. + * On success, 0 is returned. 1 is returned if the server could not be removed. + * + * Also useable outside libsmbclient + */ +int smbc_remove_unused_server(SMBCCTX * context, SMBCSRV * srv) +{ + SMBCFILE * file; + + /* are we being fooled ? */ + if (!context || !context->_initialized || !srv) return 1; + + + /* Check all open files/directories for a relation with this server */ + for (file = context->_files; file; file=file->next) { + if (file->srv == srv) { + /* Still used */ + DEBUG(3, ("smbc_remove_usused_server: %p still used by %p.\n", + srv, file)); + return 1; + } + } + + DLIST_REMOVE(context->_servers, srv); + + cli_shutdown(&srv->cli); + + DEBUG(3, ("smbc_remove_usused_server: %p removed.\n", srv)); + + context->callbacks.remove_cached_srv_fn(context, srv); + + SAFE_FREE(srv); + + return 0; +} + /* * Connect to a server, possibly on an existing connection * @@ -233,58 +268,70 @@ int smbc_errno(struct cli_state *c) * info we need, unless the username and password were passed in. */ -struct smbc_server *smbc_server(char *server, char *share, - char *workgroup, char *username, - char *password) +SMBCSRV *smbc_server(SMBCCTX *context, + char *server, char *share, + char *workgroup, char *username, + char *password) { - struct smbc_server *srv=NULL; + SMBCSRV *srv=NULL; + int auth_called = 0; struct cli_state c; struct nmb_name called, calling; char *p, *server_n = server; fstring group; pstring ipenv; struct in_addr ip; + int tried_reverse = 0; - zero_ip(&ip); + zero_ip(&ip); ZERO_STRUCT(c); - /* try to use an existing connection */ - for (srv=smbc_srvs;srv;srv=srv->next) { - if (strcmp(server,srv->server_name)==0 && - strcmp(share,srv->share_name)==0 && - strcmp(workgroup,srv->workgroup)==0 && - strcmp(username, srv->username) == 0) - return srv; - } - if (server[0] == 0) { errno = EPERM; return NULL; } - /* - * Pick up the auth info here, once we know we need to connect - * But only if we do not have a username and password ... - */ - - if (!username[0] || !password[0]) - smbc_auth_fn(server, share, workgroup, sizeof(fstring), - username, sizeof(fstring), password, sizeof(fstring)); - - /* - * However, smbc_auth_fn may have picked up info relating to an - * existing connection, so try for an existing connection again ... - */ + check_server_cache: - for (srv=smbc_srvs;srv;srv=srv->next) { - if (strcmp(server,srv->server_name)==0 && - strcmp(share,srv->share_name)==0 && - strcmp(workgroup,srv->workgroup)==0 && - strcmp(username, srv->username) == 0) - return srv; + srv = context->callbacks.get_cached_srv_fn(context, server, share, + workgroup, username); + + if (!auth_called && !srv && (!username[0] || !password[0])) { + context->callbacks.auth_fn(server, share, workgroup, sizeof(fstring), + username, sizeof(fstring), password, sizeof(fstring)); + /* + * However, smbc_auth_fn may have picked up info relating to an + * existing connection, so try for an existing connection again ... + */ + auth_called = 1; + goto check_server_cache; + } + + if (srv) { + if (context->callbacks.check_server_fn(context, srv)) { + /* + * This server is no good anymore + * Try to remove it and check for more possible servers in the cache + */ + if (context->callbacks.remove_unused_server_fn(context, srv)) { + /* + * We could not remove the server completely, remove it from the cache + * so we will not get it again. It will be removed when the last file/dir + * is closed. + */ + context->callbacks.remove_cached_srv_fn(context, srv); + } + + /* + * Maybe there are more cached connections to this server + */ + goto check_server_cache; + } + return srv; + } - make_nmb_name(&calling, my_netbios_name, 0x0); + make_nmb_name(&calling, context->netbios_name, 0x0); make_nmb_name(&called , server, 0x20); DEBUG(4,("smbc_server: server_n=[%s] server=[%s]\n", server_n, server)); @@ -303,21 +350,52 @@ struct smbc_server *smbc_server(char *server, char *share, again: slprintf(ipenv,sizeof(ipenv)-1,"HOST_%s", server_n); - zero_ip(&ip); + zero_ip(&ip); /* have to open a new connection */ - if (!cli_initialise(&c) || !cli_connect(&c, server_n, &ip)) { - if (c.initialised) cli_shutdown(&c); + if (!cli_initialise(&c)) { errno = ENOENT; return NULL; } + c.timeout = context->timeout; + + if (!cli_connect(&c, server_n, &ip)) { + cli_shutdown(&c); + errno = ENOENT; + return NULL; + } + if (!cli_session_request(&c, &calling, &called)) { cli_shutdown(&c); if (strcmp(called.name, "*SMBSERVER")) { make_nmb_name(&called , "*SMBSERVER", 0x20); goto again; } + else { /* Try one more time, but ensure we don't loop */ + + /* Only try this if server is an IP address ... */ + + if (is_ipaddress(server) && !tried_reverse) { + fstring remote_name; + struct in_addr rem_ip; + + if (!inet_aton(server, &rem_ip)) { + DEBUG(4, ("Could not convert IP address %s to struct in_addr\n", server)); + errno = ENOENT; + return NULL; + } + + tried_reverse++; /* Yuck */ + + if (name_status_find("*", 0, 0, rem_ip, remote_name)) { + make_nmb_name(&called, remote_name, 0x20); + goto again; + } + + + } + } errno = ENOENT; return NULL; } @@ -345,50 +423,37 @@ struct smbc_server *smbc_server(char *server, char *share, if (!cli_send_tconX(&c, share, "?????", password, strlen(password)+1)) { - errno = smbc_errno(&c); + errno = smbc_errno(context, &c); cli_shutdown(&c); return NULL; } DEBUG(4,(" tconx ok\n")); - srv = (struct smbc_server *)malloc(sizeof(*srv)); + /* + * Ok, we have got a nice connection + * Let's find a free server_fd + */ + + srv = (SMBCSRV *)malloc(sizeof(*srv)); if (!srv) { errno = ENOMEM; goto failed; } ZERO_STRUCTP(srv); - srv->cli = c; - srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share)); - srv->server_name = strdup(server); - if (!srv->server_name) { - errno = ENOMEM; - goto failed; - } - - srv->share_name = strdup(share); - if (!srv->share_name) { - errno = ENOMEM; + /* now add it to the cache (internal or external) */ + if (context->callbacks.add_cached_srv_fn(context, srv, server, share, workgroup, username)) { + DEBUG(3, (" Failed to add server to cache\n")); goto failed; } - srv->workgroup = strdup(workgroup); - if (!srv->workgroup) { - errno = ENOMEM; - goto failed; - } - - srv->username = strdup(username); - if (!srv->username) { - errno = ENOMEM; - goto failed; - } - - DLIST_ADD(smbc_srvs, srv); + + DEBUG(2, ("Server connect ok: //%s/%s: %p\n", + server, share, srv)); return srv; @@ -396,214 +461,49 @@ struct smbc_server *smbc_server(char *server, char *share, cli_shutdown(&c); if (!srv) return NULL; - SAFE_FREE(srv->server_name); - SAFE_FREE(srv->share_name); - SAFE_FREE(srv->workgroup); - SAFE_FREE(srv->username); SAFE_FREE(srv); return NULL; } -/* - *Remove a server from the list smbc_srvs if it's unused -- Tom (tom@ninja.nl) - * - * We accept a *srv - */ -BOOL smbc_remove_unused_server(struct smbc_server * s) -{ - int p; - - /* are we being fooled ? */ - if (!s) return False; - - /* close all open files/directories on this server */ - for (p = 0; p < SMBC_MAX_FD; p++) { - if (smbc_file_table[p] && - smbc_file_table[p]->srv == s) { - /* Still used .. DARN */ - DEBUG(3, ("smbc_remove_usused_server: %x still used by %s (%d).\n", (int) s, - smbc_file_table[p]->fname, smbc_file_table[p]->smbc_fd)); - return False; - } - } - - cli_shutdown(&s->cli); - - SAFE_FREE(s->username); - SAFE_FREE(s->workgroup); - SAFE_FREE(s->server_name); - SAFE_FREE(s->share_name); - DLIST_REMOVE(smbc_srvs, s); - DEBUG(3, ("smbc_remove_usused_server: %x removed.\n", (int) s)); - SAFE_FREE(s); - return True; -} - -/* - *Initialise the library etc - * - * We accept valid values for debug from 0 to 100, - * and insist that fn must be non-null. - */ - -int smbc_init(smbc_get_auth_data_fn fn, int debug) -{ - pstring conf; - int p, pid; - char *user = NULL, *home = NULL, *pname="libsmbclient"; - - if (!fn || debug < 0 || debug > 100) { - - errno = EINVAL; - return -1; - - } - - if (smbc_initialized) { /* Don't go through this if we have already done it */ - - return 0; - - } - - smbc_initialized = 1; - smbc_auth_fn = fn; - /* smbc_debug = debug; */ - - DEBUGLEVEL = -1; - - setup_logging(pname, False); - - /* Here we would open the smb.conf file if needed ... */ - - home = getenv("HOME"); - - slprintf(conf, sizeof(conf), "%s/.smb/smb.conf", home); - - load_interfaces(); /* Load the list of interfaces ... */ - - in_client = True; /* FIXME, make a param */ - - if (!lp_load(conf, True, False, False)) { - - /* - * Hmmm, what the hell do we do here ... we could not parse the - * config file ... We must return an error ... and keep info around - * about why we failed - */ - - errno = ENOENT; /* FIXME: Figure out the correct error response */ - return -1; - - } - - reopen_logs(); /* Get logging working ... */ - - /* - * FIXME: Is this the best way to get the user info? - */ - - user = getenv("USER"); - /* walk around as "guest" if no username can be found */ - if (!user) user = strdup("guest"); - pstrcpy(smbc_user, user); /* Save for use elsewhere */ - - /* - * We try to get our netbios name from the config. If that fails we fall - * back on constructing our netbios name from our hostname etc - */ - if (global_myname) { - pstrcpy(my_netbios_name, global_myname); - } - else { - /* - * Hmmm, I want to get hostname as well, but I am too lazy for the moment - */ - pid = sys_getpid(); - slprintf(my_netbios_name, 16, "smbc%s%d", user, pid); - } - DEBUG(0,("Using netbios name %s.\n", my_netbios_name)); - - name_register_wins(my_netbios_name, 0); - - /* - * Now initialize the file descriptor array and figure out what the - * max open files is, so we can return FD's that are above the max - * open file, and separated by a guard band - */ - -#if (defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE)) - do { - struct rlimit rlp; - - if (getrlimit(RLIMIT_NOFILE, &rlp)) { - - DEBUG(0, ("smbc_init: getrlimit(1) for RLIMIT_NOFILE failed with error %s\n", strerror(errno))); - - smbc_start_fd = 1000000; - - } - else { - - smbc_start_fd = rlp.rlim_max + 10000; /* Leave a guard space of 10,000 */ - - } - } while ( 0 ); -#else /* !defined(HAVE_GETRLIMIT) || !defined(RLIMIT_NOFILE) */ - - smbc_start_fd = 1000000; - -#endif - - smbc_file_table = malloc(SMBC_MAX_FD * sizeof(struct smbc_file *)); - - for (p = 0; p < SMBC_MAX_FD; p++) - smbc_file_table[p] = NULL; - - if (!smbc_file_table) - return ENOMEM; - - return 0; /* Success */ - -} - /* * Routine to open() a file ... */ -int smbc_open(const char *fname, int flags, mode_t mode) +static SMBCFILE *smbc_open_ctx(SMBCCTX *context, const char *fname, int flags, mode_t mode) { fstring server, share, user, password, workgroup; pstring path; - struct smbc_server *srv = NULL; + SMBCSRV *srv = NULL; + SMBCFILE *file = NULL; int fd; - if (!smbc_initialized) { + if (!context || !context->_initialized) { errno = EINVAL; /* Best I can think of ... */ - return -1; + return NULL; } if (!fname) { errno = EINVAL; - return -1; + return NULL; } - smbc_parse_path(fname, server, share, path, user, password); /* FIXME, check errors */ + smbc_parse_path(context, fname, server, share, path, user, password); /* FIXME, check errors */ - if (user[0] == (char)0) pstrcpy(user, smbc_user); + if (user[0] == (char)0) pstrcpy(user, context->user); - pstrcpy(workgroup, lp_workgroup()); + pstrcpy(workgroup, context->workgroup); - srv = smbc_server(server, share, workgroup, user, password); + srv = smbc_server(context, server, share, workgroup, user, password); if (!srv) { if (errno == EPERM) errno = EACCES; - return -1; /* smbc_server sets errno */ - + return NULL; /* smbc_server sets errno */ + } /* Hmmm, the test for a directory is suspect here ... FIXME */ @@ -614,50 +514,38 @@ int smbc_open(const char *fname, int flags, mode_t mode) } else { + + file = malloc(sizeof(SMBCFILE)); - int slot = 0; - - /* Find a free slot first */ - - while (smbc_file_table[slot]) - slot++; - - if (slot > SMBC_MAX_FD) { - - errno = ENOMEM; /* FIXME, is this best? */ - return -1; - - } - - smbc_file_table[slot] = malloc(sizeof(struct smbc_file)); - - if (!smbc_file_table[slot]) { + if (!file) { errno = ENOMEM; - return -1; + return NULL; } + ZERO_STRUCTP(file); + if ((fd = cli_open(&srv->cli, path, flags, DENY_NONE)) < 0) { /* Handle the error ... */ - SAFE_FREE(smbc_file_table[slot]); - errno = smbc_errno(&srv->cli); - return -1; + SAFE_FREE(file); + errno = smbc_errno(context, &srv->cli); + return NULL; } /* Fill in file struct */ - smbc_file_table[slot]->cli_fd = fd; - smbc_file_table[slot]->smbc_fd = slot + smbc_start_fd; - smbc_file_table[slot]->fname = strdup(fname); - smbc_file_table[slot]->srv = srv; - smbc_file_table[slot]->offset = 0; - smbc_file_table[slot]->file = True; + file->cli_fd = fd; + file->fname = strdup(fname); + file->srv = srv; + file->offset = 0; + file->file = True; - return smbc_file_table[slot]->smbc_fd; + DLIST_ADD(context->_files, file); + return file; } @@ -666,14 +554,15 @@ int smbc_open(const char *fname, int flags, mode_t mode) if (fd == -1) { int eno = 0; - eno = smbc_errno(&srv->cli); - fd = smbc_opendir(fname); - if (fd < 0) errno = eno; - return fd; + eno = smbc_errno(context, &srv->cli); + file = context->opendir(context, fname); + if (!file) errno = eno; + return file; } - return 1; /* Success, with fd ... */ + errno = EINVAL; /* FIXME, correct errno ? */ + return NULL; } @@ -683,38 +572,37 @@ int smbc_open(const char *fname, int flags, mode_t mode) static int creat_bits = O_WRONLY | O_CREAT | O_TRUNC; /* FIXME: Do we need this */ -int smbc_creat(const char *path, mode_t mode) +static SMBCFILE *smbc_creat_ctx(SMBCCTX *context, const char *path, mode_t mode) { - if (!smbc_initialized) { + if (!context || !context->_initialized) { errno = EINVAL; - return -1; + return NULL; } - return smbc_open(path, creat_bits, mode); + return smbc_open_ctx(context, path, creat_bits, mode); } /* * Routine to read() a file ... */ -ssize_t smbc_read(int fd, void *buf, size_t count) +static ssize_t smbc_read_ctx(SMBCCTX *context, SMBCFILE *file, void *buf, size_t count) { - struct smbc_file *fe; int ret; - if (!smbc_initialized) { + if (!context || !context->_initialized) { errno = EINVAL; return -1; } - DEBUG(4, ("smbc_read(%d, %d)\n", fd, (int)count)); + DEBUG(4, ("smbc_read(%p, %d)\n", file, (int)count)); - if (fd < smbc_start_fd || fd >= (smbc_start_fd + SMBC_MAX_FD)) { + if (!file || !DLIST_CONTAINS(context->_files, file)) { errno = EBADF; return -1; @@ -730,25 +618,16 @@ ssize_t smbc_read(int fd, void *buf, size_t count) } - fe = smbc_file_table[fd - smbc_start_fd]; - - if (!fe || !fe->file) { - - errno = EBADF; - return -1; - - } - - ret = cli_read(&fe->srv->cli, fe->cli_fd, buf, fe->offset, count); + ret = cli_read(&file->srv->cli, file->cli_fd, buf, file->offset, count); if (ret < 0) { - errno = smbc_errno(&fe->srv->cli); + errno = smbc_errno(context, &file->srv->cli); return -1; } - fe->offset += ret; + file->offset += ret; DEBUG(4, (" --> %d\n", ret)); @@ -760,19 +639,18 @@ ssize_t smbc_read(int fd, void *buf, size_t count) * Routine to write() a file ... */ -ssize_t smbc_write(int fd, void *buf, size_t count) +static ssize_t smbc_write_ctx(SMBCCTX *context, SMBCFILE *file, void *buf, size_t count) { int ret; - struct smbc_file *fe; - if (!smbc_initialized) { + if (!context || context->_initialized) { errno = EINVAL; return -1; } - if (fd < smbc_start_fd || fd >= (smbc_start_fd + SMBC_MAX_FD)) { + if (!file || !DLIST_CONTAINS(context->_files, file)) { errno = EBADF; return -1; @@ -788,25 +666,16 @@ ssize_t smbc_write(int fd, void *buf, size_t count) } - fe = smbc_file_table[fd - smbc_start_fd]; - - if (!fe || !fe->file) { - - errno = EBADF; - return -1; - - } - - ret = cli_write(&fe->srv->cli, fe->cli_fd, 0, buf, fe->offset, count); + ret = cli_write(&file->srv->cli, file->cli_fd, 0, buf, file->offset, count); if (ret <= 0) { - errno = smbc_errno(&fe->srv->cli); + errno = smbc_errno(context, &file->srv->cli); return -1; } - fe->offset += ret; + file->offset += ret; return ret; /* Success, 0 bytes of data ... */ } @@ -815,75 +684,123 @@ ssize_t smbc_write(int fd, void *buf, size_t count) * Routine to close() a file ... */ -int smbc_close(int fd) +static int smbc_close_ctx(SMBCCTX *context, SMBCFILE *file) { - struct smbc_file *fe; - struct smbc_server *srv; + SMBCSRV *srv; - if (!smbc_initialized) { + if (!context || !context->_initialized) { errno = EINVAL; return -1; } - if (fd < smbc_start_fd || fd >= (smbc_start_fd + SMBC_MAX_FD)) { + if (!file || !DLIST_CONTAINS(context->_files, file)) { errno = EBADF; return -1; } - fe = smbc_file_table[fd - smbc_start_fd]; + /* IS a dir ... */ + if (!file->file) { + + return context->closedir(context, file); - if (!fe) { + } + + if (!cli_close(&file->srv->cli, file->cli_fd)) { + + DEBUG(3, ("cli_close failed on %s. purging server.\n", + file->fname)); + /* Deallocate slot and remove the server + * from the server cache if unused */ + errno = smbc_errno(context, &file->srv->cli); + srv = file->srv; + DLIST_REMOVE(context->_files, file); + SAFE_FREE(file->fname); + SAFE_FREE(file); + context->callbacks.remove_unused_server_fn(context, srv); - errno = EBADF; return -1; } - if (!fe->file) { + if (!file->file) { - return smbc_closedir(fd); + return context->closedir(context, file); } - if (!cli_close(&fe->srv->cli, fe->cli_fd)) { - - DEBUG(3, ("cli_close failed on %s (%d). purging server.\n", - fe->fname, fe->smbc_fd)); + if (!cli_close(&file->srv->cli, file->cli_fd)) { + DEBUG(3, ("cli_close failed on %s. purging server.\n", + file->fname)); /* Deallocate slot and remove the server * from the server cache if unused */ - errno = smbc_errno(&fe->srv->cli); - srv = fe->srv; - SAFE_FREE(fe->fname); - SAFE_FREE(fe); - smbc_file_table[fd - smbc_start_fd] = NULL; - smbc_remove_unused_server(srv); + errno = smbc_errno(context, &file->srv->cli); + srv = file->srv; + DLIST_REMOVE(context->_files, file); + SAFE_FREE(file->fname); + SAFE_FREE(file); + context->callbacks.remove_unused_server_fn(context, srv); return -1; - } - SAFE_FREE(fe->fname); - SAFE_FREE(fe); - smbc_file_table[fd - smbc_start_fd] = NULL; + DLIST_REMOVE(context->_files, file); + SAFE_FREE(file->fname); + SAFE_FREE(file); return 0; } +/* + * Get info from an SMB server on a file. Use a qpathinfo call first + * and if that fails, use getatr, as Win95 sometimes refuses qpathinfo + */ +static BOOL smbc_getatr(SMBCCTX * context, SMBCSRV *srv, char *path, + uint16 *mode, size_t *size, + time_t *c_time, time_t *a_time, time_t *m_time, + SMB_INO_T *ino) +{ + + if (!context || !context->_initialized) { + + errno = EINVAL; + return -1; + + } + + DEBUG(4,("smbc_getatr: sending qpathinfo\n")); + + if (!srv->no_pathinfo2 && + cli_qpathinfo2(&srv->cli, path, c_time, a_time, m_time, NULL, + size, mode, ino)) return True; + + /* if this is NT then don't bother with the getatr */ + if (srv->cli.capabilities & CAP_NT_SMBS) return False; + + if (cli_getatr(&srv->cli, path, mode, size, m_time)) { + a_time = c_time = m_time; + srv->no_pathinfo2 = True; + return True; + } + + return False; + +} + /* * Routine to unlink() a file */ -int smbc_unlink(const char *fname) +static int smbc_unlink_ctx(SMBCCTX *context, const char *fname) { fstring server, share, user, password, workgroup; pstring path; - struct smbc_server *srv = NULL; + SMBCSRV *srv = NULL; - if (!smbc_initialized) { + if (!context || context->_initialized) { errno = EINVAL; /* Best I can think of ... */ return -1; @@ -897,13 +814,13 @@ int smbc_unlink(const char *fname) } - smbc_parse_path(fname, server, share, path, user, password); /* FIXME, check errors */ + smbc_parse_path(context, fname, server, share, path, user, password); /* FIXME, check errors */ - if (user[0] == (char)0) pstrcpy(user, smbc_user); + if (user[0] == (char)0) pstrcpy(user, context->user); - pstrcpy(workgroup, lp_workgroup()); + pstrcpy(workgroup, context->workgroup); - srv = smbc_server(server, share, workgroup, user, password); + srv = smbc_server(context, server, share, workgroup, user, password); if (!srv) { @@ -913,23 +830,23 @@ int smbc_unlink(const char *fname) /* if (strncmp(srv->cli.dev, "LPT", 3) == 0) { - int job = smbc_stat_printjob(srv, path, NULL, NULL); - if (job == -1) { + int job = smbc_stat_printjob(srv, path, NULL, NULL); + if (job == -1) { - return -1; + return -1; - } - if ((err = cli_printjob_del(&srv->cli, job)) != 0) { + } + if ((err = cli_printjob_del(&srv->cli, job)) != 0) { - return -1; + return -1; - } - } else */ + } + } else */ if (!cli_unlink(&srv->cli, path)) { - errno = smbc_errno(&srv->cli); + errno = smbc_errno(context, &srv->cli); if (errno == EACCES) { /* Check if the file is a directory */ @@ -939,12 +856,12 @@ int smbc_unlink(const char *fname) time_t m_time = 0, a_time = 0, c_time = 0; SMB_INO_T ino = 0; - if (!smbc_getatr(srv, path, &mode, &size, + if (!smbc_getatr(context, srv, path, &mode, &size, &c_time, &a_time, &m_time, &ino)) { /* Hmmm, bad error ... What? */ - errno = smbc_errno(&srv->cli); + errno = smbc_errno(context, &srv->cli); return -1; } @@ -970,35 +887,37 @@ int smbc_unlink(const char *fname) * Routine to rename() a file */ -int smbc_rename(const char *oname, const char *nname) +static int smbc_rename_ctx(SMBCCTX *ocontext, const char *oname, + SMBCCTX *ncontext, const char *nname) { fstring server1, share1, server2, share2, user1, user2, password1, password2, workgroup; pstring path1, path2; - struct smbc_server *srv = NULL; + SMBCSRV *srv = NULL; - if (!smbc_initialized) { + if (!ocontext || !ncontext || + !ocontext->_initialized || !ncontext->_initialized) { errno = EINVAL; /* Best I can think of ... */ return -1; } - + if (!oname || !nname) { errno = EINVAL; return -1; } - + DEBUG(4, ("smbc_rename(%s,%s)\n", oname, nname)); - smbc_parse_path(oname, server1, share1, path1, user1, password1); + smbc_parse_path(ocontext, oname, server1, share1, path1, user1, password1); - if (user1[0] == (char)0) pstrcpy(user1, smbc_user); + if (user1[0] == (char)0) pstrcpy(user1, ocontext->user); - smbc_parse_path(nname, server2, share2, path2, user2, password2); + smbc_parse_path(ncontext, nname, server2, share2, path2, user2, password2); - if (user2[0] == (char)0) pstrcpy(user2, smbc_user); + if (user2[0] == (char)0) pstrcpy(user2, ncontext->user); if (strcmp(server1, server2) || strcmp(share1, share2) || strcmp(user1, user2)) { @@ -1010,9 +929,9 @@ int smbc_rename(const char *oname, const char *nname) } - pstrcpy(workgroup, lp_workgroup()); - - srv = smbc_server(server1, share1, workgroup, user1, password1); + pstrcpy(workgroup, ocontext->workgroup); + /* HELP !!! Which workgroup should I use ? Or are they always the same -- Tom */ + srv = smbc_server(ocontext, server1, share1, workgroup, user1, password1); if (!srv) { return -1; @@ -1020,7 +939,7 @@ int smbc_rename(const char *oname, const char *nname) } if (!cli_rename(&srv->cli, path1, path2)) { - int eno = smbc_errno(&srv->cli); + int eno = smbc_errno(ocontext, &srv->cli); if (eno != EEXIST || !cli_unlink(&srv->cli, path2) || @@ -1040,35 +959,25 @@ int smbc_rename(const char *oname, const char *nname) * A routine to lseek() a file */ -off_t smbc_lseek(int fd, off_t offset, int whence) +static off_t smbc_lseek_ctx(SMBCCTX *context, SMBCFILE *file, off_t offset, int whence) { - struct smbc_file *fe; size_t size; - if (!smbc_initialized) { + if (!context || !context->_initialized) { errno = EINVAL; return -1; - - } - - if (fd < smbc_start_fd || fd >= (smbc_start_fd + SMBC_MAX_FD)) { - - errno = EBADF; - return -1; - + } - fe = smbc_file_table[fd - smbc_start_fd]; - - if (!fe) { + if (!file || !DLIST_CONTAINS(context->_files, file)) { errno = EBADF; return -1; } - if (!fe->file) { + if (!file->file) { errno = EINVAL; return -1; /* Can't lseek a dir ... */ @@ -1077,23 +986,23 @@ off_t smbc_lseek(int fd, off_t offset, int whence) switch (whence) { case SEEK_SET: - fe->offset = offset; + file->offset = offset; break; case SEEK_CUR: - fe->offset += offset; + file->offset += offset; break; case SEEK_END: - if (!cli_qfileinfo(&fe->srv->cli, fe->cli_fd, NULL, &size, NULL, NULL, + if (!cli_qfileinfo(&file->srv->cli, file->cli_fd, NULL, &size, NULL, NULL, NULL, NULL, NULL) && - !cli_getattrE(&fe->srv->cli, fe->cli_fd, NULL, &size, NULL, NULL, + !cli_getattrE(&file->srv->cli, file->cli_fd, NULL, &size, NULL, NULL, NULL)) { errno = EINVAL; return -1; } - fe->offset = size + offset; + file->offset = size + offset; break; default: @@ -1102,7 +1011,7 @@ off_t smbc_lseek(int fd, off_t offset, int whence) } - return fe->offset; + return file->offset; } @@ -1111,9 +1020,16 @@ off_t smbc_lseek(int fd, off_t offset, int whence) */ static -ino_t smbc_inode(const char *name) +ino_t smbc_inode(SMBCCTX *context, const char *name) { + if (!context || !context->_initialized) { + + errno = EINVAL; + return -1; + + } + if (!*name) return 2; /* FIXME, why 2 ??? */ return (ino_t)str_checksum(name); @@ -1125,9 +1041,9 @@ ino_t smbc_inode(const char *name) */ static -int smbc_setup_stat(struct stat *st, char *fname, size_t size, int mode) +int smbc_setup_stat(SMBCCTX *context, struct stat *st, char *fname, size_t size, int mode) { - + st->st_mode = 0; if (IS_DOS_DIR(mode)) { @@ -1154,55 +1070,20 @@ int smbc_setup_stat(struct stat *st, char *fname, size_t size, int mode) } if (st->st_ino == 0) { - st->st_ino = smbc_inode(fname); + st->st_ino = smbc_inode(context, fname); } - + return True; /* FIXME: Is this needed ? */ } -/* - * Get info from an SMB server on a file. Use a qpathinfo call first - * and if that fails, use getatr, as Win95 sometimes refuses qpathinfo - */ - -BOOL smbc_getatr(struct smbc_server *srv, char *path, - uint16 *mode, size_t *size, - time_t *c_time, time_t *a_time, time_t *m_time, - SMB_INO_T *ino) -{ - - if (!smbc_initialized) { - - errno = EINVAL; - return -1; - - } - - DEBUG(4,("smbc_getatr: sending qpathinfo\n")); - - if (!srv->no_pathinfo2 && - cli_qpathinfo2(&srv->cli, path, c_time, a_time, m_time, NULL, - size, mode, ino)) return True; - - /* if this is NT then don't bother with the getatr */ - if (srv->cli.capabilities & CAP_NT_SMBS) return False; - - if (cli_getatr(&srv->cli, path, mode, size, m_time)) { - a_time = c_time = m_time; - srv->no_pathinfo2 = True; - return True; - } - return False; -} - /* * Routine to stat a file given a name */ -int smbc_stat(const char *fname, struct stat *st) +static int smbc_stat_ctx(SMBCCTX *context, const char *fname, struct stat *st) { - struct smbc_server *srv; + SMBCSRV *srv; fstring server, share, user, password, workgroup; pstring path; time_t m_time = 0, a_time = 0, c_time = 0; @@ -1210,11 +1091,11 @@ int smbc_stat(const char *fname, struct stat *st) uint16 mode = 0; SMB_INO_T ino = 0; - if (!smbc_initialized) { + if (!context || !context->_initialized) { errno = EINVAL; /* Best I can think of ... */ return -1; - + } if (!fname) { @@ -1226,13 +1107,13 @@ int smbc_stat(const char *fname, struct stat *st) DEBUG(4, ("smbc_stat(%s)\n", fname)); - smbc_parse_path(fname, server, share, path, user, password); /*FIXME, errors*/ + smbc_parse_path(context, fname, server, share, path, user, password); /*FIXME, errors*/ - if (user[0] == (char)0) pstrcpy(user, smbc_user); + if (user[0] == (char)0) pstrcpy(user, context->user); - pstrcpy(workgroup, lp_workgroup()); + pstrcpy(workgroup, context->workgroup); - srv = smbc_server(server, share, workgroup, user, password); + srv = smbc_server(context, server, share, workgroup, user, password); if (!srv) { @@ -1246,9 +1127,9 @@ int smbc_stat(const char *fname, struct stat *st) } else if (strncmp(srv->cli.dev, "LPT", 3) == 0) { - + if (strcmp(path, "\\") == 0) { - + mode = aDIR | aRONLY; } @@ -1261,19 +1142,17 @@ int smbc_stat(const char *fname, struct stat *st) } else { */ - if (!smbc_getatr(srv, path, &mode, &size, + if (!smbc_getatr(context, srv, path, &mode, &size, &c_time, &a_time, &m_time, &ino)) { - errno = smbc_errno(&srv->cli); + errno = smbc_errno(context, &srv->cli); return -1; - + } - /* } */ - st->st_ino = ino; - smbc_setup_stat(st, path, size, mode); + smbc_setup_stat(context, st, path, size, mode); st->st_atime = a_time; st->st_ctime = c_time; @@ -1288,46 +1167,36 @@ int smbc_stat(const char *fname, struct stat *st) * Routine to stat a file given an fd */ -int smbc_fstat(int fd, struct stat *st) +static int smbc_fstat_ctx(SMBCCTX *context, SMBCFILE *file, struct stat *st) { - struct smbc_file *fe; time_t c_time, a_time, m_time; size_t size; uint16 mode; SMB_INO_T ino = 0; - if (!smbc_initialized) { + if (!context || !context->_initialized) { errno = EINVAL; return -1; } - if (fd < smbc_start_fd || fd >= (smbc_start_fd + SMBC_MAX_FD)) { + if (!file || !DLIST_CONTAINS(context->_files, file)) { errno = EBADF; return -1; } - fe = smbc_file_table[fd - smbc_start_fd]; + if (!file->file) { - if (!fe) { - - errno = EBADF; - return -1; - - } - - if (!fe->file) { - - return smbc_fstatdir(fd, st); + return context->fstatdir(context, file, st); } - if (!cli_qfileinfo(&fe->srv->cli, fe->cli_fd, + if (!cli_qfileinfo(&file->srv->cli, file->cli_fd, &mode, &size, &c_time, &a_time, &m_time, NULL, &ino) && - !cli_getattrE(&fe->srv->cli, fe->cli_fd, + !cli_getattrE(&file->srv->cli, file->cli_fd, &mode, &size, &c_time, &a_time, &m_time)) { errno = EINVAL; @@ -1337,12 +1206,12 @@ int smbc_fstat(int fd, struct stat *st) st->st_ino = ino; - smbc_setup_stat(st, fe->fname, size, mode); + smbc_setup_stat(context, st, file->fname, size, mode); st->st_atime = a_time; st->st_ctime = c_time; st->st_mtime = m_time; - st->st_dev = fe->srv->dev; + st->st_dev = file->srv->dev; return 0; @@ -1362,7 +1231,7 @@ int smbc_fstat(int fd, struct stat *st) * smb:///share which should list files on share */ -static void smbc_remove_dir(struct smbc_file *dir) +static void smbc_remove_dir(SMBCFILE *dir) { struct smbc_dir_list *d,*f; @@ -1380,7 +1249,7 @@ static void smbc_remove_dir(struct smbc_file *dir) } -static int add_dirent(struct smbc_file *dir, const char *name, const char *comment, uint32 type) +static int add_dirent(SMBCFILE *dir, const char *name, const char *comment, uint32 type) { struct smbc_dirent *dirent; int size; @@ -1403,6 +1272,11 @@ static int add_dirent(struct smbc_file *dir, const char *name, const char *comme } + ZERO_STRUCTP(dirent); + + ZERO_STRUCTP(dirent); + + if (dir->dir_list == NULL) { dir->dir_list = malloc(sizeof(struct smbc_dir_list)); @@ -1413,6 +1287,7 @@ static int add_dirent(struct smbc_file *dir, const char *name, const char *comme return -1; } + ZERO_STRUCTP(dir->dir_list); dir->dir_end = dir->dir_next = dir->dir_list; @@ -1420,14 +1295,15 @@ static int add_dirent(struct smbc_file *dir, const char *name, const char *comme else { dir->dir_end->next = malloc(sizeof(struct smbc_dir_list)); - - if (!dir->dir_end) { - + + if (!dir->dir_end->next) { + SAFE_FREE(dirent); dir->dir_error = ENOMEM; return -1; } + ZERO_STRUCTP(dir->dir_end->next); dir->dir_end = dir->dir_end->next; @@ -1435,7 +1311,7 @@ static int add_dirent(struct smbc_file *dir, const char *name, const char *comme dir->dir_end->next = NULL; dir->dir_end->dirent = dirent; - + dirent->smbc_type = type; dirent->namelen = (name?strlen(name):0); dirent->commentlen = (comment?strlen(comment):0); @@ -1453,13 +1329,13 @@ static int add_dirent(struct smbc_file *dir, const char *name, const char *comme static void list_fn(const char *name, uint32 type, const char *comment, void *state) { - struct smbc_file *dir = (struct smbc_file *)state; + SMBCFILE *dir = (SMBCFILE *)state; int dirent_type; /* We need to process the type a little ... */ if (dir->dir_type == SMBC_FILE_SHARE) { - + switch (type) { case 0: /* Directory tree */ dirent_type = SMBC_FILE_SHARE; @@ -1481,6 +1357,7 @@ list_fn(const char *name, uint32 type, const char *comment, void *state) dirent_type = SMBC_FILE_SHARE; /* FIXME, error? */ break; } + ZERO_STRUCTP(dir->dir_list); } else dirent_type = dir->dir_type; @@ -1498,113 +1375,103 @@ static void dir_list_fn(file_info *finfo, const char *mask, void *state) { - if (add_dirent((struct smbc_file *)state, finfo->name, "", + if (add_dirent((SMBCFILE *)state, finfo->name, "", (finfo->mode&aDIR?SMBC_DIR:SMBC_FILE)) < 0) { /* Handle an error ... */ + /* FIXME: Add some code ... */ } } -int smbc_opendir(const char *fname) +static SMBCFILE *smbc_opendir_ctx(SMBCCTX *context, const char *fname) { fstring server, share, user, password, workgroup; pstring path; - struct smbc_server *srv = NULL; + SMBCSRV *srv = NULL; + SMBCFILE *dir = NULL; struct in_addr rem_ip; int slot = 0; - if (!smbc_initialized) { + if (!context || !context->_initialized) { errno = EINVAL; - return -1; + return NULL; } if (!fname) { errno = EINVAL; - return -1; + return NULL; } - if (smbc_parse_path(fname, server, share, path, user, password)) { + if (smbc_parse_path(context, fname, server, share, path, user, password)) { errno = EINVAL; - return -1; + return NULL; } - if (user[0] == (char)0) pstrcpy(user, smbc_user); - - pstrcpy(workgroup, lp_workgroup()); - - /* Get a file entry ... */ + if (user[0] == (char)0) pstrcpy(user, context->user); - slot = 0; + pstrcpy(workgroup, context->workgroup); - while (smbc_file_table[slot]) - slot++; + dir = malloc(sizeof(*dir)); - if (slot > SMBC_MAX_FD) { + if (!dir) { errno = ENOMEM; - return -1; /* FIXME, ... move into a func */ - - } - - smbc_file_table[slot] = malloc(sizeof(struct smbc_file)); - - if (!smbc_file_table[slot]) { - - errno = ENOMEM; - return -1; + return NULL; } - smbc_file_table[slot]->cli_fd = 0; - smbc_file_table[slot]->smbc_fd = slot + smbc_start_fd; - smbc_file_table[slot]->fname = strdup(fname); - smbc_file_table[slot]->srv = NULL; - smbc_file_table[slot]->offset = 0; - smbc_file_table[slot]->file = False; - smbc_file_table[slot]->dir_list = - smbc_file_table[slot]->dir_next = - smbc_file_table[slot]->dir_end = NULL; + ZERO_STRUCTP(dir); + + dir->cli_fd = 0; + dir->fname = strdup(fname); + dir->srv = NULL; + dir->offset = 0; + dir->file = False; + dir->dir_list = dir->dir_next = dir->dir_end = NULL; if (server[0] == (char)0) { if (share[0] != (char)0 || path[0] != (char)0) { errno = EINVAL; - if (smbc_file_table[slot]) { - SAFE_FREE(smbc_file_table[slot]->fname); - SAFE_FREE(smbc_file_table[slot]); + if (dir) { + SAFE_FREE(dir->fname); + SAFE_FREE(dir); } - return -1; + return NULL; } /* We have server and share and path empty ... so list the workgroups */ + /* first try to get the LMB for our workgroup, and if that fails, */ + /* try the DMB */ - if (!resolve_name(lp_workgroup(), &rem_ip, 0x1d)) { + if (!(resolve_name(context->workgroup, &rem_ip, 0x1d) || + resolve_name(context->workgroup, &rem_ip, 0x1b))) { errno = EINVAL; /* Something wrong with smb.conf? */ - return -1; + return NULL; } - smbc_file_table[slot]->dir_type = SMBC_WORKGROUP; + dir->dir_type = SMBC_WORKGROUP; /* find the name of the server ... */ if (!name_status_find("*", 0, 0, rem_ip, server)) { - DEBUG(0, ("Could not get the name of local master browser for server %s\n", server)); + DEBUG(0,("Could not get the name of local/domain master browser for server %s\n", server)); errno = EINVAL; - return -1; + return NULL; } @@ -1612,31 +1479,34 @@ int smbc_opendir(const char *fname) * Get a connection to IPC$ on the server if we do not already have one */ - srv = smbc_server(server, "IPC$", workgroup, user, password); + srv = smbc_server(context, server, "IPC$", workgroup, user, password); if (!srv) { - if (smbc_file_table[slot]) { - SAFE_FREE(smbc_file_table[slot]->fname); - SAFE_FREE(smbc_file_table[slot]); + if (dir) { + SAFE_FREE(dir->fname); + SAFE_FREE(dir); } - return -1; + + return NULL; } + ZERO_STRUCTP(dir->dir_end); - smbc_file_table[slot]->srv = srv; + dir->srv = srv; /* Now, list the stuff ... */ if (!cli_NetServerEnum(&srv->cli, workgroup, 0x80000000, list_fn, - (void *)smbc_file_table[slot])) { + (void *)dir)) { - if (smbc_file_table[slot]) { - SAFE_FREE(smbc_file_table[slot]->fname); - SAFE_FREE(smbc_file_table[slot]); + if (dir) { + SAFE_FREE(dir->fname); + SAFE_FREE(dir); } errno = cli_errno(&srv->cli); - return -1; + + return NULL; } } @@ -1647,22 +1517,23 @@ int smbc_opendir(const char *fname) if (path[0] != (char)0) { /* Should not have empty share with path */ errno = EINVAL; - if (smbc_file_table[slot]) { - SAFE_FREE(smbc_file_table[slot]->fname); - SAFE_FREE(smbc_file_table[slot]); + if (dir) { + SAFE_FREE(dir->fname); + SAFE_FREE(dir); } - return -1; + return NULL; } - /* Check to see if <1D> translates, or <20> translates */ + /* Check to see if <1D>, <1B>, or <20> translates */ /* However, we check to see if is an IP address first */ if (!is_ipaddress(server) && /* Not an IP addr so check next */ - resolve_name(server, &rem_ip, 0x1d)) { /* Found LMB */ + (resolve_name(server, &rem_ip, 0x1d) || /* Found LMB */ + resolve_name(server, &rem_ip, 0x1b) )) { /* Found DMB */ pstring buserver; - smbc_file_table[slot]->dir_type = SMBC_SERVER; + dir->dir_type = SMBC_SERVER; /* * Get the backup list ... @@ -1671,9 +1542,9 @@ int smbc_opendir(const char *fname) if (!name_status_find("*", 0, 0, rem_ip, buserver)) { - DEBUG(0, ("Could not get name of local master browser %s\n", server)); + DEBUG(0, ("Could not get name of local/domain master browser for server %s\n", server)); errno = EPERM; /* FIXME, is this correct */ - return -1; + return NULL; } @@ -1681,32 +1552,32 @@ int smbc_opendir(const char *fname) * Get a connection to IPC$ on the server if we do not already have one */ - srv = smbc_server(buserver, "IPC$", workgroup, user, password); + srv = smbc_server(context, buserver, "IPC$", workgroup, user, password); if (!srv) { - if (smbc_file_table[slot]) { - SAFE_FREE(smbc_file_table[slot]->fname); - SAFE_FREE(smbc_file_table[slot]); + if (dir) { + SAFE_FREE(dir->fname); + SAFE_FREE(dir); } - return -1; + return NULL; } - smbc_file_table[slot]->srv = srv; + dir->srv = srv; /* Now, list the servers ... */ if (!cli_NetServerEnum(&srv->cli, server, 0x0000FFFE, list_fn, - (void *)smbc_file_table[slot])) { + (void *)dir)) { - if (smbc_file_table[slot]) { - SAFE_FREE(smbc_file_table[slot]->fname); - SAFE_FREE(smbc_file_table[slot]); + if (dir) { + SAFE_FREE(dir->fname); + SAFE_FREE(dir); } errno = cli_errno(&srv->cli); - return -1; - + return NULL; + } } @@ -1716,33 +1587,33 @@ int smbc_opendir(const char *fname) /* Now, list the shares ... */ - smbc_file_table[slot]->dir_type = SMBC_FILE_SHARE; + dir->dir_type = SMBC_FILE_SHARE; - srv = smbc_server(server, "IPC$", workgroup, user, password); + srv = smbc_server(context, server, "IPC$", workgroup, user, password); if (!srv) { - if (smbc_file_table[slot]) { - SAFE_FREE(smbc_file_table[slot]->fname); - SAFE_FREE(smbc_file_table[slot]); + if (dir) { + SAFE_FREE(dir->fname); + SAFE_FREE(dir); } - return -1; + return NULL; } - smbc_file_table[slot]->srv = srv; + dir->srv = srv; /* Now, list the servers ... */ if (cli_RNetShareEnum(&srv->cli, list_fn, - (void *)smbc_file_table[slot]) < 0) { + (void *)dir) < 0) { errno = cli_errno(&srv->cli); - if (smbc_file_table[slot]) { - SAFE_FREE(smbc_file_table[slot]->fname); - SAFE_FREE(smbc_file_table[slot]); + if (dir) { + SAFE_FREE(dir->fname); + SAFE_FREE(dir); } - return -1; + return NULL; } @@ -1750,11 +1621,11 @@ int smbc_opendir(const char *fname) else { errno = ENODEV; /* Neither the workgroup nor server exists */ - if (smbc_file_table[slot]) { - SAFE_FREE(smbc_file_table[slot]->fname); - SAFE_FREE(smbc_file_table[slot]); + if (dir) { + SAFE_FREE(dir->fname); + SAFE_FREE(dir); } - return -1; + return NULL; } @@ -1765,42 +1636,43 @@ int smbc_opendir(const char *fname) /* Well, we connect to the server and list the directory */ - smbc_file_table[slot]->dir_type = SMBC_FILE_SHARE; + dir->dir_type = SMBC_FILE_SHARE; - srv = smbc_server(server, share, workgroup, user, password); + srv = smbc_server(context, server, share, workgroup, user, password); if (!srv) { - if (smbc_file_table[slot]) { - SAFE_FREE(smbc_file_table[slot]->fname); - SAFE_FREE(smbc_file_table[slot]); + if (dir) { + SAFE_FREE(dir->fname); + SAFE_FREE(dir); } - return -1; + return NULL; } - smbc_file_table[slot]->srv = srv; + dir->srv = srv; /* Now, list the files ... */ pstrcat(path, "\\*"); if (cli_list(&srv->cli, path, aDIR | aSYSTEM | aHIDDEN, dir_list_fn, - (void *)smbc_file_table[slot]) < 0) { + (void *)dir) < 0) { - if (smbc_file_table[slot]) { - SAFE_FREE(smbc_file_table[slot]->fname); - SAFE_FREE(smbc_file_table[slot]); + if (dir) { + SAFE_FREE(dir->fname); + SAFE_FREE(dir); } - errno = smbc_errno(&srv->cli); - return -1; + errno = smbc_errno(context, &srv->cli); + return NULL; } } } - return smbc_file_table[slot]->smbc_fd; + DLIST_ADD(context->_files, dir); + return dir; } @@ -1808,44 +1680,34 @@ int smbc_opendir(const char *fname) * Routine to close a directory */ -int smbc_closedir(int fd) +static int smbc_closedir_ctx(SMBCCTX *context, SMBCFILE *dir) { - struct smbc_file *fe; - if (!smbc_initialized) { + if (!context || !context->_initialized) { errno = EINVAL; return -1; } - if (fd < smbc_start_fd || fd >= (smbc_start_fd + SMBC_MAX_FD)) { + if (!dir || !DLIST_CONTAINS(context->_files, dir)) { errno = EBADF; return -1; - + } - fe = smbc_file_table[fd - smbc_start_fd]; - - if (!fe) { - - errno = EBADF; - return -1; - - } + smbc_remove_dir(dir); /* Clean it up */ - smbc_remove_dir(fe); /* Clean it up */ + DLIST_REMOVE(context->_files, dir); - if (fe) { + if (dir) { - SAFE_FREE(fe->fname); - SAFE_FREE(fe); /* Free the space too */ + SAFE_FREE(dir->fname); + SAFE_FREE(dir); /* Free the space too */ } - smbc_file_table[fd - smbc_start_fd] = NULL; - return 0; } @@ -1854,50 +1716,38 @@ int smbc_closedir(int fd) * Routine to get a directory entry */ -static char smbc_local_dirent[512]; /* Make big enough */ - -struct smbc_dirent *smbc_readdir(unsigned int fd) +struct smbc_dirent *smbc_readdir_ctx(SMBCCTX *context, SMBCFILE *dir) { - struct smbc_file *fe; struct smbc_dirent *dirp, *dirent; /* Check that all is ok first ... */ - if (!smbc_initialized) { + if (!context || !context->_initialized) { errno = EINVAL; return NULL; } - if (fd < smbc_start_fd || fd >= (smbc_start_fd + SMBC_MAX_FD)) { - - errno = EBADF; - return NULL; - - } - - fe = smbc_file_table[fd - smbc_start_fd]; - - if (!fe) { + if (!dir || !DLIST_CONTAINS(context->_files, dir)) { errno = EBADF; return NULL; } - if (fe->file != False) { /* FIXME, should be dir, perhaps */ + if (dir->file != False) { /* FIXME, should be dir, perhaps */ errno = ENOTDIR; return NULL; } - if (!fe->dir_next) + if (!dir->dir_next) return NULL; else { - dirent = fe->dir_next->dirent; + dirent = dir->dir_next->dirent; if (!dirent) { @@ -1908,15 +1758,12 @@ struct smbc_dirent *smbc_readdir(unsigned int fd) /* Hmmm, do I even need to copy it? */ - memcpy(smbc_local_dirent, dirent, dirent->dirlen); /* Copy the dirent */ - - dirp = (struct smbc_dirent *)smbc_local_dirent; - + memcpy(context->_dirent, dirent, dirent->dirlen); /* Copy the dirent */ + dirp = (struct smbc_dirent *)context->_dirent; dirp->comment = (char *)(&dirp->name + dirent->namelen + 1); - - fe->dir_next = fe->dir_next->next; + dir->dir_next = dir->dir_next->next; - return (struct smbc_dirent *)smbc_local_dirent; + return (struct smbc_dirent *)context->_dirent; } } @@ -1925,39 +1772,29 @@ struct smbc_dirent *smbc_readdir(unsigned int fd) * Routine to get directory entries */ -int smbc_getdents(unsigned int fd, struct smbc_dirent *dirp, int count) +static int smbc_getdents_ctx(SMBCCTX *context, SMBCFILE *dir, struct smbc_dirent *dirp, int count) { - struct smbc_file *fe; - struct smbc_dir_list *dir; + struct smbc_dir_list *dirlist; int rem = count, reqd; char *ndir = (char *)dirp; /* Check that all is ok first ... */ - if (!smbc_initialized) { + if (!context || !context->_initialized) { errno = EINVAL; return -1; } - if (fd < smbc_start_fd || fd >= (smbc_start_fd + SMBC_MAX_FD)) { - - errno = EBADF; - return -1; - - } - - fe = smbc_file_table[fd - smbc_start_fd]; - - if (!fe) { + if (!dir || !DLIST_CONTAINS(context->_files, dir)) { errno = EBADF; return -1; - + } - if (fe->file != False) { /* FIXME, should be dir, perhaps */ + if (dir->file != False) { /* FIXME, should be dir, perhaps */ errno = ENOTDIR; return -1; @@ -1970,18 +1807,18 @@ int smbc_getdents(unsigned int fd, struct smbc_dirent *dirp, int count) * send a request to the server to get the info. */ - while ((dir = fe->dir_next)) { + while ((dirlist = dir->dir_next)) { struct smbc_dirent *dirent; - if (!dir->dirent) { + if (!dirlist->dirent) { errno = ENOENT; /* Bad error */ return -1; } - if (rem < (reqd = (sizeof(struct smbc_dirent) + dir->dirent->namelen + - dir->dirent->commentlen + 1))) { + if (rem < (reqd = (sizeof(struct smbc_dirent) + dirlist->dirent->namelen + + dirlist->dirent->commentlen + 1))) { if (rem < count) { /* We managed to copy something */ @@ -1998,7 +1835,7 @@ int smbc_getdents(unsigned int fd, struct smbc_dirent *dirp, int count) } - dirent = dir->dirent; + dirent = dirlist->dirent; memcpy(ndir, dirent, reqd); /* Copy the data in ... */ @@ -2009,7 +1846,7 @@ int smbc_getdents(unsigned int fd, struct smbc_dirent *dirp, int count) rem -= reqd; - fe->dir_next = dir = dir -> next; + dir->dir_next = dirlist = dirlist -> next; } if (rem == count) @@ -2023,13 +1860,13 @@ int smbc_getdents(unsigned int fd, struct smbc_dirent *dirp, int count) * Routine to create a directory ... */ -int smbc_mkdir(const char *fname, mode_t mode) +static int smbc_mkdir_ctx(SMBCCTX *context, const char *fname, mode_t mode) { - struct smbc_server *srv; + SMBCSRV *srv; fstring server, share, user, password, workgroup; pstring path; - if (!smbc_initialized) { + if (!context || !context->_initialized) { errno = EINVAL; return -1; @@ -2045,13 +1882,13 @@ int smbc_mkdir(const char *fname, mode_t mode) DEBUG(4, ("smbc_mkdir(%s)\n", fname)); - smbc_parse_path(fname, server, share, path, user, password); /*FIXME, errors*/ + smbc_parse_path(context, fname, server, share, path, user, password); /*FIXME, errors*/ - if (user[0] == (char)0) pstrcpy(user, smbc_user); + if (user[0] == (char)0) pstrcpy(user, context->user); - pstrcpy(workgroup, lp_workgroup()); + pstrcpy(workgroup, context->workgroup); - srv = smbc_server(server, share, workgroup, user, password); + srv = smbc_server(context, server, share, workgroup, user, password); if (!srv) { @@ -2082,7 +1919,7 @@ int smbc_mkdir(const char *fname, mode_t mode) if (!cli_mkdir(&srv->cli, path)) { - errno = smbc_errno(&srv->cli); + errno = smbc_errno(context, &srv->cli); return -1; } @@ -2109,13 +1946,13 @@ static void rmdir_list_fn(file_info *finfo, const char *mask, void *state) * Routine to remove a directory */ -int smbc_rmdir(const char *fname) +static int smbc_rmdir_ctx(SMBCCTX *context, const char *fname) { - struct smbc_server *srv; + SMBCSRV *srv; fstring server, share, user, password, workgroup; pstring path; - if (!smbc_initialized) { + if (!context || !context->_initialized) { errno = EINVAL; return -1; @@ -2131,13 +1968,13 @@ int smbc_rmdir(const char *fname) DEBUG(4, ("smbc_rmdir(%s)\n", fname)); - smbc_parse_path(fname, server, share, path, user, password); /*FIXME, errors*/ + smbc_parse_path(context, fname, server, share, path, user, password); /*FIXME, errors*/ - if (user[0] == (char)0) pstrcpy(user, smbc_user); + if (user[0] == (char)0) pstrcpy(user, context->user); - pstrcpy(workgroup, lp_workgroup()); + pstrcpy(workgroup, context->workgroup); - srv = smbc_server(server, share, workgroup, user, password); + srv = smbc_server(context, server, share, workgroup, user, password); if (!srv) { @@ -2162,13 +1999,13 @@ int smbc_rmdir(const char *fname) mode = aRONLY; smbc_stat_printjob(srv, path, &size, &m_time); c_time = a_time = m_time; - + } else { */ if (!cli_rmdir(&srv->cli, path)) { - errno = smbc_errno(&srv->cli); + errno = smbc_errno(context, &srv->cli); if (errno == EACCES) { /* Check if the dir empty or not */ @@ -2185,7 +2022,7 @@ int smbc_rmdir(const char *fname) /* Fix errno to ignore latest error ... */ DEBUG(5, ("smbc_rmdir: cli_list returned an error: %d\n", - smbc_errno(&srv->cli))); + smbc_errno(context, &srv->cli))); errno = EACCES; } @@ -2209,41 +2046,31 @@ int smbc_rmdir(const char *fname) * Routine to return the current directory position */ -off_t smbc_telldir(int fd) +static off_t smbc_telldir_ctx(SMBCCTX *context, SMBCFILE *dir) { - struct smbc_file *fe; - if (!smbc_initialized) { + if (!context || !context->_initialized) { errno = EINVAL; return -1; } - if (fd < smbc_start_fd || fd >= (smbc_start_fd + SMBC_MAX_FD)) { - - errno = EBADF; - return -1; - - } - - fe = smbc_file_table[fd - smbc_start_fd]; - - if (!fe) { + if (!dir || !DLIST_CONTAINS(context->_files, dir)) { errno = EBADF; return -1; } - if (fe->file != False) { /* FIXME, should be dir, perhaps */ + if (dir->file != False) { /* FIXME, should be dir, perhaps */ errno = ENOTDIR; return -1; } - return (off_t) fe->dir_next; + return (off_t) dir->dir_next; } @@ -2281,36 +2108,19 @@ struct smbc_dir_list *smbc_check_dir_ent(struct smbc_dir_list *list, * Routine to seek on a directory */ -int smbc_lseekdir(int fd, off_t offset) +static int smbc_lseekdir_ctx(SMBCCTX *context, SMBCFILE *dir, off_t offset) { - struct smbc_file *fe; struct smbc_dirent *dirent = (struct smbc_dirent *)offset; struct smbc_dir_list *list_ent = NULL; - if (!smbc_initialized) { + if (!context || !context->_initialized) { errno = EINVAL; return -1; } - if (fd < smbc_start_fd || fd >= (smbc_start_fd + SMBC_MAX_FD)) { - - errno = EBADF; - return -1; - - } - - fe = smbc_file_table[fd - smbc_start_fd]; - - if (!fe) { - - errno = EBADF; - return -1; - - } - - if (fe->file != False) { /* FIXME, should be dir, perhaps */ + if (dir->file != False) { /* FIXME, should be dir, perhaps */ errno = ENOTDIR; return -1; @@ -2321,7 +2131,7 @@ int smbc_lseekdir(int fd, off_t offset) if (dirent == NULL) { /* Seek to the begining of the list */ - fe->dir_next = fe->dir_list; + dir->dir_next = dir->dir_list; return 0; } @@ -2329,14 +2139,14 @@ int smbc_lseekdir(int fd, off_t offset) /* Now, run down the list and make sure that the entry is OK */ /* This may need to be changed if we change the format of the list */ - if ((list_ent = smbc_check_dir_ent(fe->dir_list, dirent)) == NULL) { + if ((list_ent = smbc_check_dir_ent(dir->dir_list, dirent)) == NULL) { errno = EINVAL; /* Bad entry */ return -1; } - fe->dir_next = list_ent; + dir->dir_next = list_ent; return 0; @@ -2346,10 +2156,10 @@ int smbc_lseekdir(int fd, off_t offset) * Routine to fstat a dir */ -int smbc_fstatdir(int fd, struct stat *st) +static int smbc_fstatdir_ctx(SMBCCTX *context, SMBCFILE *dir, struct stat *st) { - if (!smbc_initialized) { + if (context || !context->_initialized) { errno = EINVAL; return -1; @@ -2362,6 +2172,39 @@ int smbc_fstatdir(int fd, struct stat *st) } +/* + * Open a print file to be written to by other calls + */ + +static SMBCFILE *smbc_open_print_job_ctx(SMBCCTX *context, const char *fname) +{ + fstring server, share, user, password; + pstring path; + + if (!context || context->_initialized) { + + errno = EINVAL; + return NULL; + + } + + if (!fname) { + + errno = EINVAL; + return NULL; + + } + + DEBUG(4, ("smbc_open_print_job_ctx(%s)\n", fname)); + + smbc_parse_path(context, fname, server, share, path, user, password); /*FIXME, errors*/ + + /* What if the path is empty, or the file exists? */ + + return context->open(context, fname, O_WRONLY, 666); + +} + /* * Routine to print a file on a remote server ... * @@ -2369,12 +2212,14 @@ int smbc_fstatdir(int fd, struct stat *st) * copy it to a print file on the share specified by printq. */ -int smbc_print_file(const char *fname, const char *printq) +static int smbc_print_file_ctx(SMBCCTX *c_file, const char *fname, SMBCCTX *c_print, const char *printq) { - int fid1, fid2, bytes, saverr, tot_bytes = 0; + SMBCFILE *fid1, *fid2; + int bytes, saverr, tot_bytes = 0; char buf[4096]; - if (!smbc_initialized) { + if (!c_file || !c_file->_initialized || !c_print || + !c_print->_initialized) { errno = EINVAL; return -1; @@ -2390,33 +2235,33 @@ int smbc_print_file(const char *fname, const char *printq) /* Try to open the file for reading ... */ - if ((fid1 = smbc_open(fname, O_RDONLY, 0666)) < 0) { - + if ((fid1 = c_file->open(c_file, fname, O_RDONLY, 0666)) < 0) { + DEBUG(3, ("Error, fname=%s, errno=%i\n", fname, errno)); return -1; /* smbc_open sets errno */ - + } /* Now, try to open the printer file for writing */ - if ((fid2 = smbc_open_print_job(printq)) < 0) { + if ((fid2 = c_print->open_print_job(c_print, printq)) < 0) { saverr = errno; /* Save errno */ - smbc_close(fid1); + c_file->close(c_file, fid1); errno = saverr; return -1; } - while ((bytes = smbc_read(fid1, buf, sizeof(buf))) > 0) { + while ((bytes = c_file->read(c_file, fid1, buf, sizeof(buf))) > 0) { tot_bytes += bytes; - if ((smbc_write(fid2, buf, bytes)) < 0) { + if ((c_print->write(c_print, fid2, buf, bytes)) < 0) { saverr = errno; - smbc_close(fid1); - smbc_close(fid2); + c_file->close(c_file, fid1); + c_print->close(c_print, fid2); errno = saverr; } @@ -2425,8 +2270,8 @@ int smbc_print_file(const char *fname, const char *printq) saverr = errno; - smbc_close(fid1); /* We have to close these anyway */ - smbc_close(fid2); + c_file->close(c_file, fid1); /* We have to close these anyway */ + c_print->close(c_print, fid2); if (bytes < 0) { @@ -2440,15 +2285,16 @@ int smbc_print_file(const char *fname, const char *printq) } /* - * Open a print file to be written to by other calls + * Routine to list print jobs on a printer share ... */ -int smbc_open_print_job(const char *fname) +static int smbc_list_print_jobs_ctx(SMBCCTX *context, const char *fname, void (*fn)(struct print_job_info *)) { - fstring server, share, user, password; + SMBCSRV *srv; + fstring server, share, user, password, workgroup; pstring path; - if (!smbc_initialized) { + if (!context || !context->_initialized) { errno = EINVAL; return -1; @@ -2456,33 +2302,51 @@ int smbc_open_print_job(const char *fname) } if (!fname) { - + errno = EINVAL; return -1; } - DEBUG(4, ("smbc_open_print_job(%s)\n", fname)); + DEBUG(4, ("smbc_list_print_jobs(%s)\n", fname)); - smbc_parse_path(fname, server, share, path, user, password); /*FIXME, errors*/ + smbc_parse_path(context, fname, server, share, path, user, password); /*FIXME, errors*/ - /* What if the path is empty, or the file exists? */ + if (user[0] == (char)0) pstrcpy(user, context->user); + + pstrcpy(workgroup, context->workgroup); + + srv = smbc_server(context, server, share, workgroup, user, password); + + if (!srv) { - return smbc_open(fname, O_WRONLY, 666); + return -1; /* errno set by smbc_server */ + + } + + if (cli_print_queue(&srv->cli, fn) < 0) { + + errno = smbc_errno(context, &srv->cli); + return -1; + + } + + return 0; } /* - * Routine to list print jobs on a printer share ... + * Delete a print job from a remote printer share */ -int smbc_list_print_jobs(const char *fname, void (*fn)(struct print_job_info *)) +static int smbc_unlink_print_job_ctx(SMBCCTX *context, const char *fname, int id) { - struct smbc_server *srv; + SMBCSRV *srv; fstring server, share, user, password, workgroup; pstring path; + int err; - if (!smbc_initialized) { + if (!context || !context->_initialized) { errno = EINVAL; return -1; @@ -2496,15 +2360,15 @@ int smbc_list_print_jobs(const char *fname, void (*fn)(struct print_job_info *)) } - DEBUG(4, ("smbc_list_print_jobs(%s)\n", fname)); + DEBUG(4, ("smbc_unlink_print_job(%s)\n", fname)); - smbc_parse_path(fname, server, share, path, user, password); /*FIXME, errors*/ + smbc_parse_path(context, fname, server, share, path, user, password); /*FIXME, errors*/ - if (user[0] == (char)0) pstrcpy(user, smbc_user); + if (user[0] == (char)0) pstrcpy(user, context->user); - pstrcpy(workgroup, lp_workgroup()); + pstrcpy(workgroup, context->workgroup); - srv = smbc_server(server, share, workgroup, user, password); + srv = smbc_server(context, server, share, workgroup, user, password); if (!srv) { @@ -2512,9 +2376,12 @@ int smbc_list_print_jobs(const char *fname, void (*fn)(struct print_job_info *)) } - if (cli_print_queue(&srv->cli, fn) < 0) { + if ((err = cli_printjob_del(&srv->cli, id)) != 0) { - errno = smbc_errno(&srv->cli); + if (err < 0) + errno = smbc_errno(context, &srv->cli); + else if (err == ERRnosuchprintjob) + errno = EINVAL; return -1; } @@ -2524,58 +2391,252 @@ int smbc_list_print_jobs(const char *fname, void (*fn)(struct print_job_info *)) } /* - * Delete a print job from a remote printer share + * Get a new empty handle to fill in with your own info */ +SMBCCTX * smbc_new_context(void) +{ + SMBCCTX * context; -int smbc_unlink_print_job(const char *fname, int id) + context = malloc(sizeof(*context)); + if (!context) { + errno = ENOMEM; + return NULL; + } + + ZERO_STRUCTP(context); + + /* ADD REASONABLE DEFAULTS */ + context->debug = 0; + context->timeout = 20000; /* 20 seconds */ + + context->open = smbc_open_ctx; + context->creat = smbc_creat_ctx; + context->read = smbc_read_ctx; + context->write = smbc_write_ctx; + context->close = smbc_close_ctx; + context->unlink = smbc_unlink_ctx; + context->rename = smbc_rename_ctx; + context->lseek = smbc_lseek_ctx; + context->stat = smbc_stat_ctx; + context->fstat = smbc_fstat_ctx; + context->opendir = smbc_opendir_ctx; + context->closedir = smbc_closedir_ctx; + context->readdir = smbc_readdir_ctx; + context->getdents = smbc_getdents_ctx; + context->mkdir = smbc_mkdir_ctx; + context->rmdir = smbc_rmdir_ctx; + context->telldir = smbc_telldir_ctx; + context->lseekdir = smbc_lseekdir_ctx; + context->fstatdir = smbc_fstatdir_ctx; + context->open_print_job = smbc_open_print_job_ctx; + context->print_file = smbc_print_file_ctx; + context->list_print_jobs = smbc_list_print_jobs_ctx; + context->unlink_print_job = smbc_unlink_print_job_ctx; + + context->callbacks.check_server_fn = smbc_check_server; + context->callbacks.remove_unused_server_fn = smbc_remove_unused_server; + + smbc_default_cache_functions(context); + + return context; +} + +/* + * Free a context + * + * Returns 0 on success. Otherwise returns 1, the SMBCCTX is _not_ freed + * and thus you'll be leaking memory if not handled properly. + * + */ +int smbc_free_context(SMBCCTX * context, int shutdown_ctx) { - struct smbc_server *srv; - fstring server, share, user, password, workgroup; - pstring path; - int err; + if (!context) { + errno = EBADF; + return 1; + } + + if (shutdown_ctx) { + SMBCFILE * f; + DEBUG(1,("Performing aggressive shutdown.\n")); + + f = context->_files; + while (f) { + context->close(context, f); + f = f->next; + } + context->_files = NULL; + + /* First try to remove the servers the nice way. */ + if (context->callbacks.purge_cached_fn(context)) { + SMBCSRV * s; + DEBUG(1, ("Could not purge all servers, Nice way shutdown failed.\n")); + s = context->_servers; + while (s) { + cli_shutdown(&s->cli); + context->callbacks.remove_cached_srv_fn(context, s); + SAFE_FREE(s); + s = s->next; + } + context->_servers = NULL; + } + } + else { + /* This is the polite way */ + if (context->callbacks.purge_cached_fn(context)) { + DEBUG(1, ("Could not purge all servers, free_context failed.\n")); + errno = EBUSY; + return 1; + } + if (context->_servers) { + DEBUG(1, ("Active servers in context, free_context failed.\n")); + errno = EBUSY; + return 1; + } + if (context->_files) { + DEBUG(1, ("Active files in context, free_context failed.\n")); + errno = EBUSY; + return 1; + } + } - if (!smbc_initialized) { + /* Things we have to clean up */ + SAFE_FREE(context->workgroup); + SAFE_FREE(context->netbios_name); + SAFE_FREE(context->user); + + DEBUG(3, ("Context %p succesfully freed\n", context)); + SAFE_FREE(context); + return 0; +} - errno = EINVAL; - return -1; +/* + * Initialise the library etc + * + * We accept a struct containing handle information. + * valid values for info->debug from 0 to 100, + * and insist that info->fn must be non-null. + */ +SMBCCTX * smbc_init_context(SMBCCTX * context) +{ + pstring conf; + int pid; + char *user = NULL, *home = NULL; + + if (!context) { + errno = EBADF; + return NULL; } - if (!fname) { + /* Do not initialise the same client twice */ + if (context->_initialized) { + return 0; + } + + if (!context->callbacks.auth_fn || context->debug < 0 || context->debug > 100) { errno = EINVAL; - return -1; + return NULL; } - - DEBUG(4, ("smbc_unlink_print_job(%s)\n", fname)); - - smbc_parse_path(fname, server, share, path, user, password); /*FIXME, errors*/ - if (user[0] == (char)0) pstrcpy(user, smbc_user); + if (!smbc_initialized) { + /* Do some library wide intialisations the first time we get called */ - pstrcpy(workgroup, lp_workgroup()); + /* Do we still need this ? */ + DEBUGLEVEL = 10; + + setup_logging( "libsmbclient", False); - srv = smbc_server(server, share, workgroup, user, password); + /* Here we would open the smb.conf file if needed ... */ + + home = getenv("HOME"); - if (!srv) { + slprintf(conf, sizeof(conf), "%s/.smb/smb.conf", home); + + load_interfaces(); /* Load the list of interfaces ... */ + + in_client = True; /* FIXME, make a param */ - return -1; /* errno set by smbc_server */ + if (!lp_load(conf, True, False, False)) { - } + /* + * Hmmm, what the hell do we do here ... we could not parse the + * config file ... We must return an error ... and keep info around + * about why we failed + */ + + errno = ENOENT; /* FIXME: Figure out the correct error response */ + return NULL; + } - if ((err = cli_printjob_del(&srv->cli, id)) != 0) { + reopen_logs(); /* Get logging working ... */ + + /* + * Block SIGPIPE (from lib/util_sock.c: write()) + * It is not needed and should not stop execution + */ + BlockSignals(True, SIGPIPE); + + /* Done with one-time initialisation */ + smbc_initialized = 1; - if (err < 0) - errno = smbc_errno(&srv->cli); - else if (err == ERRnosuchprintjob) - errno = EINVAL; - return -1; + } + + if (!context->user) { + /* + * FIXME: Is this the best way to get the user info? + */ + user = getenv("USER"); + /* walk around as "guest" if no username can be found */ + if (!user) context->user = strdup("guest"); + else context->user = strdup(user); + } + if (!context->netbios_name) { + /* + * We try to get our netbios name from the config. If that fails we fall + * back on constructing our netbios name from our hostname etc + */ + if (global_myname) { + context->netbios_name = strdup(global_myname); + } + else { + /* + * Hmmm, I want to get hostname as well, but I am too lazy for the moment + */ + pid = sys_getpid(); + context->netbios_name = malloc(17); + if (!context->netbios_name) { + errno = ENOMEM; + return NULL; + } + slprintf(context->netbios_name, 16, "smbc%s%d", context->user, pid); + } + } + DEBUG(0,("Using netbios name %s.\n", context->netbios_name)); + + if (!context->workgroup) { + if (lp_workgroup()) { + context->workgroup = strdup(lp_workgroup()); + } + else { + /* TODO: Think about a decent default workgroup */ + context->workgroup = strdup("samba"); + } } + DEBUG(0,("Using workgroup %s.\n", context->workgroup)); + + /* shortest timeout is 1 second */ + if (context->timeout > 0 && context->timeout < 1000) + context->timeout = 1000; - return 0; + /* + * FIXME: Should we check the function pointers here? + */ + context->_initialized = 1; + + return context; } - diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c index 7928d446525..18564bccf43 100644 --- a/source3/libsmb/namequery.c +++ b/source3/libsmb/namequery.c @@ -191,7 +191,7 @@ BOOL name_status_find(const char *q_name, int q_type, int type, struct in_addr t if (i == count) goto done; - pull_ascii(name, status[i].name, 15, 0, STR_TERMINATE); + pull_ascii(name, status[i].name, 15, -1, STR_TERMINATE); result = True; done: @@ -207,257 +207,233 @@ BOOL name_status_find(const char *q_name, int q_type, int type, struct in_addr t return result; } -/**************************************************************************** - Do a NetBIOS name registation to try to claim a name ... -***************************************************************************/ -BOOL name_register(int fd, const char *name, int name_type, - struct in_addr name_ip, int opcode, - BOOL bcast, - struct in_addr to_ip, int *count) -{ - int retries = 3; - struct timeval tval; - struct packet_struct p; - struct packet_struct *p2; - struct nmb_packet *nmb = &p.packet.nmb; - struct in_addr register_ip; - - DEBUG(4, ("name_register: %s as %s on %s\n", name, inet_ntoa(name_ip), inet_ntoa(to_ip))); - - register_ip.s_addr = name_ip.s_addr; /* Fix this ... */ - - memset((char *)&p, '\0', sizeof(p)); - - *count = 0; - - nmb->header.name_trn_id = generate_trn_id(); - nmb->header.opcode = opcode; - nmb->header.response = False; - nmb->header.nm_flags.bcast = False; - nmb->header.nm_flags.recursion_available = False; - nmb->header.nm_flags.recursion_desired = True; /* ? */ - nmb->header.nm_flags.trunc = False; - nmb->header.nm_flags.authoritative = True; - - nmb->header.qdcount = 1; - nmb->header.ancount = 0; - nmb->header.nscount = 0; - nmb->header.arcount = 1; - - make_nmb_name(&nmb->question.question_name, name, name_type); - - nmb->question.question_type = 0x20; - nmb->question.question_class = 0x1; - - /* Now, create the additional stuff for a registration request */ - - if ((nmb->additional = (struct res_rec *)malloc(sizeof(struct res_rec))) == NULL) { - - DEBUG(0, ("name_register: malloc fail for additional record.\n")); - return False; - } - - memset((char *)nmb->additional, '\0', sizeof(struct res_rec)); - - nmb->additional->rr_name = nmb->question.question_name; - nmb->additional->rr_type = RR_TYPE_NB; - nmb->additional->rr_class = RR_CLASS_IN; - - /* See RFC 1002, sections 5.1.1.1, 5.1.1.2 and 5.1.1.3 */ - if (nmb->header.nm_flags.bcast) - nmb->additional->ttl = PERMANENT_TTL; - else - nmb->additional->ttl = lp_max_ttl(); - - nmb->additional->rdlength = 6; - - nmb->additional->rdata[0] = NB_MFLAG & 0xFF; - - /* Set the address for the name we are registering. */ - putip(&nmb->additional->rdata[2], ®ister_ip); - - p.ip = to_ip; - p.port = NMB_PORT; - p.fd = fd; - p.timestamp = time(NULL); - p.packet_type = NMB_PACKET; - - GetTimeOfDay(&tval); +/* + comparison function used by sort_ip_list +*/ +static int ip_compare(struct in_addr *ip1, struct in_addr *ip2) +{ + int max_bits1=0, max_bits2=0; + int num_interfaces = iface_count(); + int i; - if (!send_packet(&p)) - return False; + for (i=0;is_addr, (uchar *)&ip.s_addr); + bits2 = matching_quad_bits((uchar *)&ip2->s_addr, (uchar *)&ip.s_addr); + max_bits1 = MAX(bits1, max_bits1); + max_bits2 = MAX(bits2, max_bits2); + } + + /* bias towards directly reachable IPs */ + if (iface_local(*ip1)) { + max_bits1 += 32; + } + if (iface_local(*ip2)) { + max_bits2 += 32; + } - retries--; + return max_bits2 - max_bits1; +} - if ((p2 = receive_nmb_packet(fd, 10, nmb->header.name_trn_id))) { - debug_nmb_packet(p2); - SAFE_FREE(p2); /* No memory leaks ... */ - } +/* + sort an IP list so that names that are close to one of our interfaces + are at the top. This prevents the problem where a WINS server returns an IP that + is not reachable from our subnet as the first match +*/ +static void sort_ip_list(struct in_addr *iplist, int count) +{ + if (count <= 1) { + return; + } - return True; + qsort(iplist, count, sizeof(struct in_addr), QSORT_CAST ip_compare); } + /**************************************************************************** Do a netbios name query to find someones IP. Returns an array of IP addresses or NULL if none. *count will be set to the number of addresses returned. + *timed_out is set if we failed by timing out ****************************************************************************/ struct in_addr *name_query(int fd,const char *name,int name_type, BOOL bcast,BOOL recurse, - struct in_addr to_ip, int *count) + struct in_addr to_ip, int *count, int *flags, + BOOL *timed_out) { - BOOL found=False; - int i, retries = 3; - int retry_time = bcast?250:2000; - struct timeval tval; - struct packet_struct p; - struct packet_struct *p2; - struct nmb_packet *nmb = &p.packet.nmb; - struct in_addr *ip_list = NULL; - - memset((char *)&p,'\0',sizeof(p)); - (*count) = 0; - - nmb->header.name_trn_id = generate_trn_id(); - nmb->header.opcode = 0; - nmb->header.response = False; - nmb->header.nm_flags.bcast = bcast; - nmb->header.nm_flags.recursion_available = False; - nmb->header.nm_flags.recursion_desired = recurse; - nmb->header.nm_flags.trunc = False; - nmb->header.nm_flags.authoritative = False; - nmb->header.rcode = 0; - nmb->header.qdcount = 1; - nmb->header.ancount = 0; - nmb->header.nscount = 0; - nmb->header.arcount = 0; - - make_nmb_name(&nmb->question.question_name,name,name_type); - - nmb->question.question_type = 0x20; - nmb->question.question_class = 0x1; - - p.ip = to_ip; - p.port = NMB_PORT; - p.fd = fd; - p.timestamp = time(NULL); - p.packet_type = NMB_PACKET; - - GetTimeOfDay(&tval); - - if (!send_packet(&p)) - return NULL; - - retries--; + BOOL found=False; + int i, retries = 3; + int retry_time = bcast?250:2000; + struct timeval tval; + struct packet_struct p; + struct packet_struct *p2; + struct nmb_packet *nmb = &p.packet.nmb; + struct in_addr *ip_list = NULL; + if (timed_out) { + *timed_out = False; + } + + memset((char *)&p,'\0',sizeof(p)); + (*count) = 0; + (*flags) = 0; + + nmb->header.name_trn_id = generate_trn_id(); + nmb->header.opcode = 0; + nmb->header.response = False; + nmb->header.nm_flags.bcast = bcast; + nmb->header.nm_flags.recursion_available = False; + nmb->header.nm_flags.recursion_desired = recurse; + nmb->header.nm_flags.trunc = False; + nmb->header.nm_flags.authoritative = False; + nmb->header.rcode = 0; + nmb->header.qdcount = 1; + nmb->header.ancount = 0; + nmb->header.nscount = 0; + nmb->header.arcount = 0; + + make_nmb_name(&nmb->question.question_name,name,name_type); + + nmb->question.question_type = 0x20; + nmb->question.question_class = 0x1; + + p.ip = to_ip; + p.port = NMB_PORT; + p.fd = fd; + p.timestamp = time(NULL); + p.packet_type = NMB_PACKET; + + GetTimeOfDay(&tval); + + if (!send_packet(&p)) + return NULL; + + retries--; + while (1) { - struct timeval tval2; - struct in_addr *tmp_ip_list; - - GetTimeOfDay(&tval2); - if (TvalDiff(&tval,&tval2) > retry_time) { - if (!retries) - break; - if (!found && !send_packet(&p)) - return NULL; - GetTimeOfDay(&tval); - retries--; - } - - if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) { - struct nmb_packet *nmb2 = &p2->packet.nmb; - debug_nmb_packet(p2); - - /* If we get a Negative Name Query Response from a WINS - * server, we should report it and give up. - */ - if( 0 == nmb2->header.opcode /* A query response */ - && !(bcast) /* from a WINS server */ - && nmb2->header.rcode /* Error returned */ - ) { - - if( DEBUGLVL( 3 ) ) { - /* Only executed if DEBUGLEVEL >= 3 */ + struct timeval tval2; + struct in_addr *tmp_ip_list; + + GetTimeOfDay(&tval2); + if (TvalDiff(&tval,&tval2) > retry_time) { + if (!retries) + break; + if (!found && !send_packet(&p)) + return NULL; + GetTimeOfDay(&tval); + retries--; + } + + if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) { + struct nmb_packet *nmb2 = &p2->packet.nmb; + debug_nmb_packet(p2); + + /* If we get a Negative Name Query Response from a WINS + * server, we should report it and give up. + */ + if( 0 == nmb2->header.opcode /* A query response */ + && !(bcast) /* from a WINS server */ + && nmb2->header.rcode /* Error returned */ + ) { + + if( DEBUGLVL( 3 ) ) { + /* Only executed if DEBUGLEVEL >= 3 */ dbgtext( "Negative name query response, rcode 0x%02x: ", nmb2->header.rcode ); - switch( nmb2->header.rcode ) { - case 0x01: - dbgtext( "Request was invalidly formatted.\n" ); - break; - case 0x02: - dbgtext( "Problem with NBNS, cannot process name.\n"); - break; - case 0x03: - dbgtext( "The name requested does not exist.\n" ); - break; - case 0x04: - dbgtext( "Unsupported request error.\n" ); - break; - case 0x05: - dbgtext( "Query refused error.\n" ); - break; - default: - dbgtext( "Unrecognized error code.\n" ); - break; - } - } - free_packet(p2); - return( NULL ); - } - - if (nmb2->header.opcode != 0 || - nmb2->header.nm_flags.bcast || - nmb2->header.rcode || - !nmb2->header.ancount) { - /* - * XXXX what do we do with this? Could be a - * redirect, but we'll discard it for the + switch( nmb2->header.rcode ) { + case 0x01: + dbgtext( "Request was invalidly formatted.\n" ); + break; + case 0x02: + dbgtext( "Problem with NBNS, cannot process name.\n"); + break; + case 0x03: + dbgtext( "The name requested does not exist.\n" ); + break; + case 0x04: + dbgtext( "Unsupported request error.\n" ); + break; + case 0x05: + dbgtext( "Query refused error.\n" ); + break; + default: + dbgtext( "Unrecognized error code.\n" ); + break; + } + } + free_packet(p2); + return( NULL ); + } + + if (nmb2->header.opcode != 0 || + nmb2->header.nm_flags.bcast || + nmb2->header.rcode || + !nmb2->header.ancount) { + /* + * XXXX what do we do with this? Could be a + * redirect, but we'll discard it for the * moment. */ - free_packet(p2); - continue; - } - - tmp_ip_list = (struct in_addr *)Realloc( ip_list, sizeof( ip_list[0] ) - * ( (*count) + nmb2->answers->rdlength/6 ) ); - - if (!tmp_ip_list) { - DEBUG(0,("name_query: Realloc failed.\n")); - SAFE_FREE(ip_list); - } - - ip_list = tmp_ip_list; - - if (ip_list) { + free_packet(p2); + continue; + } + + tmp_ip_list = (struct in_addr *)Realloc( ip_list, sizeof( ip_list[0] ) + * ( (*count) + nmb2->answers->rdlength/6 ) ); + + if (!tmp_ip_list) { + DEBUG(0,("name_query: Realloc failed.\n")); + SAFE_FREE(ip_list); + } + + ip_list = tmp_ip_list; + + if (ip_list) { DEBUG(2,("Got a positive name query response from %s ( ", inet_ntoa(p2->ip))); - for (i=0;ianswers->rdlength/6;i++) { - putip((char *)&ip_list[(*count)],&nmb2->answers->rdata[2+i*6]); - DEBUGADD(2,("%s ",inet_ntoa(ip_list[(*count)]))); - (*count)++; - } - DEBUGADD(2,(")\n")); - } + for (i=0;ianswers->rdlength/6;i++) { + putip((char *)&ip_list[(*count)],&nmb2->answers->rdata[2+i*6]); + DEBUGADD(2,("%s ",inet_ntoa(ip_list[(*count)]))); + (*count)++; + } + DEBUGADD(2,(")\n")); + } + + found=True; + retries=0; + /* We add the flags back ... */ + if (nmb2->header.response) + (*flags) |= NM_FLAGS_RS; + if (nmb2->header.nm_flags.authoritative) + (*flags) |= NM_FLAGS_AA; + if (nmb2->header.nm_flags.trunc) + (*flags) |= NM_FLAGS_TC; + if (nmb2->header.nm_flags.recursion_desired) + (*flags) |= NM_FLAGS_RD; + if (nmb2->header.nm_flags.recursion_available) + (*flags) |= NM_FLAGS_RA; + if (nmb2->header.nm_flags.bcast) + (*flags) |= NM_FLAGS_B; + free_packet(p2); + /* + * If we're doing a unicast lookup we only + * expect one reply. Don't wait the full 2 + * seconds if we got one. JRA. + */ + if(!bcast && found) + break; + } + } - found=True; - retries=0; - free_packet(p2); - /* - * If we're doing a unicast lookup we only - * expect one reply. Don't wait the full 2 - * seconds if we got one. JRA. - */ - if(!bcast && found) - break; - } - } + if (timed_out) { + *timed_out = True; + } - /* Reach here if we've timed out waiting for replies.. */ - if( !bcast && !found ) { - /* Timed out wating for WINS server to respond. Mark it dead. */ - wins_srv_died( to_ip ); - } + /* sort the ip list so we choose close servers first if possible */ + sort_ip_list(ip_list, *count); - return ip_list; + return ip_list; } /******************************************************** @@ -569,75 +545,6 @@ void endlmhosts(XFILE *fp) x_fclose(fp); } -BOOL name_register_wins(const char *name, int name_type) -{ - int sock, i, return_count; - int num_interfaces = iface_count(); - struct in_addr sendto_ip; - - /* - * Check if we have any interfaces, prevents a segfault later - */ - - if (num_interfaces <= 0) - return False; /* Should return some indication of the problem */ - - /* - * Do a broadcast register ... - */ - - if (0 == wins_srv_count()) - return False; - - if( DEBUGLVL( 4 ) ) - { - dbgtext( "name_register_wins: Registering my name %s ", name ); - dbgtext( "with WINS server %s.\n", wins_srv_name() ); - } - - sock = open_socket_in( SOCK_DGRAM, 0, 3, - interpret_addr("0.0.0.0"), True ); - - if (sock == -1) return False; - - set_socket_options(sock, "SO_BROADCAST"); /* ????! crh */ - - sendto_ip = wins_srv_ip(); - - if (num_interfaces > 1) { - - for (i = 0; i < num_interfaces; i++) { - - if (!name_register(sock, name, name_type, *iface_n_ip(i), - NMB_NAME_MULTIHOMED_REG_OPCODE, - True, sendto_ip, &return_count)) { - - close(sock); - return False; - - } - - } - - } - else { - - if (!name_register(sock, name, name_type, *iface_n_ip(0), - NMB_NAME_REG_OPCODE, - True, sendto_ip, &return_count)) { - - close(sock); - return False; - - } - - } - - close(sock); - - return True; - -} /******************************************************** Resolve via "bcast" method. @@ -670,10 +577,11 @@ BOOL name_resolve_bcast(const char *name, int name_type, */ for( i = num_interfaces-1; i >= 0; i--) { struct in_addr sendto_ip; + int flags; /* Done this way to fix compiler error on IRIX 5.x */ sendto_ip = *iface_n_bcast(i); *return_ip_list = name_query(sock, name, name_type, True, - True, sendto_ip, return_count); + True, sendto_ip, return_count, &flags, NULL); if(*return_ip_list != NULL) { close(sock); return True; @@ -687,62 +595,88 @@ BOOL name_resolve_bcast(const char *name, int name_type, /******************************************************** Resolve via "wins" method. *********************************************************/ - -static BOOL resolve_wins(const char *name, int name_type, - struct in_addr **return_iplist, int *return_count) +BOOL resolve_wins(const char *name, int name_type, + struct in_addr **return_iplist, int *return_count) { - int sock; - struct in_addr wins_ip; - BOOL wins_ismyip; + int sock, t, i; + char **wins_tags; + struct in_addr src_ip; *return_iplist = NULL; *return_count = 0; - /* - * "wins" means do a unicast lookup to the WINS server. - * Ignore if there is no WINS server specified or if the - * WINS server is one of our interfaces (if we're being - * called from within nmbd - we can't do this call as we - * would then block). - */ - DEBUG(3,("resolve_wins: Attempting wins lookup for name %s<0x%x>\n", name, name_type)); - if (lp_wins_support()) { - /* - * We're providing WINS support. Call ourselves so - * long as we're not nmbd. - */ - extern struct in_addr loopback_ip; - wins_ip = loopback_ip; - wins_ismyip = True; - } else if( wins_srv_count() < 1 ) { + if (wins_srv_count() < 1) { DEBUG(3,("resolve_wins: WINS server resolution selected and no WINS servers listed.\n")); return False; - } else { - wins_ip = wins_srv_ip(); - wins_ismyip = ismyip(wins_ip); } - DEBUG(3, ("resolve_wins: WINS server == <%s>\n", inet_ntoa(wins_ip)) ); - if((wins_ismyip && !global_in_nmbd) || !wins_ismyip) { - sock = open_socket_in( SOCK_DGRAM, 0, 3, - interpret_addr(lp_socket_address()), - True ); - if (sock != -1) { - *return_iplist = name_query( sock, name, - name_type, False, - True, wins_ip, - return_count); - if(*return_iplist != NULL) { - close(sock); - return True; + /* we try a lookup on each of the WINS tags in turn */ + wins_tags = wins_srv_tags(); + + if (!wins_tags) { + /* huh? no tags?? give up in disgust */ + return False; + } + + /* the address we will be sending from */ + src_ip = *interpret_addr2(lp_socket_address()); + + /* in the worst case we will try every wins server with every + tag! */ + for (t=0; wins_tags && wins_tags[t]; t++) { + int srv_count = wins_srv_count_tag(wins_tags[t]); + for (i=0; ipassword , '\0', sizeof(pwd->password )); memset((char *)pwd->smb_lm_pwd, '\0', sizeof(pwd->smb_lm_pwd)); @@ -38,89 +38,21 @@ void pwd_init(struct pwd_info *pwd) } /**************************************************************************** - Returns NULL password flag. -****************************************************************************/ - -BOOL pwd_is_nullpwd(const struct pwd_info *pwd) -{ - return pwd->null_pwd; -} - -/**************************************************************************** - Compares two passwords. hmm, not as trivial as expected. hmm. -****************************************************************************/ - -BOOL pwd_compare(const struct pwd_info *pwd1, const struct pwd_info *pwd2) -{ - if (pwd1->cleartext && pwd2->cleartext) { - if (strequal(pwd1->password, pwd2->password)) - return True; - } - if (pwd1->null_pwd && pwd2->null_pwd) - return True; - - if (!pwd1->null_pwd && !pwd2->null_pwd && - !pwd1->cleartext && !pwd2->cleartext) { -#ifdef DEBUG_PASSWORD - DEBUG(100,("pwd compare: nt#\n")); - dump_data(100, pwd1->smb_nt_pwd, 16); - dump_data(100, pwd2->smb_nt_pwd, 16); -#endif - if (memcmp(pwd1->smb_nt_pwd, pwd2->smb_nt_pwd, 16) == 0) - return True; -#ifdef DEBUG_PASSWORD - DEBUG(100,("pwd compare: lm#\n")); - dump_data(100, pwd1->smb_lm_pwd, 16); - dump_data(100, pwd2->smb_lm_pwd, 16); -#endif - if (memcmp(pwd1->smb_lm_pwd, pwd2->smb_lm_pwd, 16) == 0) - return True; - } - return False; -} - -/**************************************************************************** - Reads a password. + Makes lm and nt hashed passwords. ****************************************************************************/ -void pwd_read(struct pwd_info *pwd, char *passwd_report, BOOL do_encrypt) +static void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr) { - /* grab a password */ - char *user_pass; + pstring dos_passwd; pwd_init(pwd); - user_pass = (char*)getpass(passwd_report); - - /* - * Do not assume that an empty string is a NULL password. - * If you do this will break the session key generation for - * and account with an emtpy password. If you wish to use - * a NULL password, use the -N option to smbclient and rpcclient - * --jerry - */ -#if 0 - if (user_pass == NULL || user_pass[0] == 0) - pwd_set_nullpwd(pwd); - else if (do_encrypt) -#endif - if (do_encrypt) - pwd_make_lm_nt_16(pwd, user_pass); - else - pwd_set_cleartext(pwd, user_pass); -} - -/**************************************************************************** - Stores a cleartext password. -****************************************************************************/ - -void pwd_set_nullpwd(struct pwd_info *pwd) -{ - pwd_init(pwd); + push_ascii_pstring(dos_passwd, clr); + nt_lm_owf_gen(dos_passwd, pwd->smb_nt_pwd, pwd->smb_lm_pwd); + pwd->null_pwd = False; pwd->cleartext = False; - pwd->null_pwd = True; - pwd->crypted = False; + pwd->crypted = False; } /**************************************************************************** @@ -141,7 +73,7 @@ void pwd_set_cleartext(struct pwd_info *pwd, char *clr) Gets a cleartext password. ****************************************************************************/ -void pwd_get_cleartext(struct pwd_info *pwd, char *clr) +void pwd_get_cleartext(struct pwd_info *pwd, fstring clr) { if (pwd->cleartext) fstrcpy(clr, pwd->password); @@ -150,29 +82,6 @@ void pwd_get_cleartext(struct pwd_info *pwd, char *clr) } -/**************************************************************************** - Stores lm and nt hashed passwords. -****************************************************************************/ - -void pwd_set_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) -{ - pwd_init(pwd); - - if (lm_pwd) - memcpy(pwd->smb_lm_pwd, lm_pwd, 16); - else - memset((char *)pwd->smb_lm_pwd, '\0', 16); - - if (nt_pwd) - memcpy(pwd->smb_nt_pwd, nt_pwd, 16); - else - memset((char *)pwd->smb_nt_pwd, '\0', 16); - - pwd->null_pwd = False; - pwd->cleartext = False; - pwd->crypted = False; -} - /**************************************************************************** Gets lm and nt hashed passwords. ****************************************************************************/ @@ -185,24 +94,6 @@ void pwd_get_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) memcpy(nt_pwd, pwd->smb_nt_pwd, 16); } -/**************************************************************************** - Makes lm and nt hashed passwords. -****************************************************************************/ - -void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr) -{ - pstring dos_passwd; - - pwd_init(pwd); - - push_ascii_pstring(dos_passwd, clr); - - nt_lm_owf_gen(dos_passwd, pwd->smb_nt_pwd, pwd->smb_lm_pwd); - pwd->null_pwd = False; - pwd->cleartext = False; - pwd->crypted = False; -} - /**************************************************************************** Makes lm and nt OWF crypts. ****************************************************************************/ @@ -247,3 +138,13 @@ void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar nt_owf[24]) if (nt_owf != NULL) memcpy(nt_owf, pwd->smb_nt_owf, 24); } + + + + + + + + + + diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index 6fa8de418aa..95434d0ae4e 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -26,18 +26,14 @@ /* This implements the X/Open SMB password encryption - It takes a password, a 8 byte "crypt key" and puts 24 bytes of - encrypted password into p24 */ -void SMBencrypt(const uchar *passwd, const uchar *c8, uchar *p24) + It takes a password ('unix' string), a 8 byte "crypt key" + and puts 24 bytes of encrypted password into p24 */ +void SMBencrypt(const char *passwd, const uchar *c8, uchar *p24) { - uchar p14[15], p21[21]; + uchar p21[21]; memset(p21,'\0',21); - memset(p14,'\0',14); - StrnCpy((char *)p14,(const char *)passwd,14); - - strupper((char *)p14); - E_P16(p14, p21); + E_deshash(passwd, p21); SMBOWFencrypt(p21, c8, p24); @@ -49,61 +45,74 @@ void SMBencrypt(const uchar *passwd, const uchar *c8, uchar *p24) #endif } -/* +/** * Creates the MD4 Hash of the users password in NT UNICODE. + * @param passwd password in 'unix' charset. + * @param p16 return password hashed with md4, caller allocated 16 byte buffer */ -void E_md4hash(const uchar *passwd, uchar *p16) +void E_md4hash(const char *passwd, uchar p16[16]) { int len; smb_ucs2_t wpwd[129]; - /* Password cannot be longer than 128 characters */ - len = strlen((const char *)passwd); - if(len > 128) - len = 128; /* Password must be converted to NT unicode - null terminated. */ push_ucs2(NULL, wpwd, (const char *)passwd, 256, STR_UNICODE|STR_NOALIGN|STR_TERMINATE); /* Calculate length in bytes */ len = strlen_w(wpwd) * sizeof(int16); mdfour(p16, (unsigned char *)wpwd, len); + ZERO_STRUCT(wpwd); } -/* Does both the NT and LM owfs of a user's password */ -void nt_lm_owf_gen(const char *pwd, uchar nt_p16[16], uchar p16[16]) +/** + * Creates the MD4 Hash of the users password in NT UNICODE. + * @param passwd password in 'unix' charset. + * @param p16 return password hashed with md4, caller allocated 16 byte buffer + */ + +void E_deshash(const char *passwd, uchar p16[16]) { - char passwd[514]; + uchar dospwd[15]; /* Password must not be > 14 chars long. */ + ZERO_STRUCT(dospwd); + ZERO_STRUCTP(p16); + + /* Password must be converted to DOS charset - null terminated. */ + push_ascii(dospwd, (const char *)passwd, sizeof(dospwd), STR_UPPER|STR_TERMINATE); - memset(passwd,'\0',514); - safe_strcpy( passwd, pwd, sizeof(passwd)-1); + E_P16(dospwd, p16); + + ZERO_STRUCT(dospwd); +} +/** + * Creates the MD4 and DES (LM) Hash of the users password. + * MD4 is of the NT Unicode, DES is of the DOS UPPERCASE password. + * @param passwd password in 'unix' charset. + * @param nt_p16 return password hashed with md4, caller allocated 16 byte buffer + * @param p16 return password hashed with des, caller allocated 16 byte buffer + */ + +/* Does both the NT and LM owfs of a user's password */ +void nt_lm_owf_gen(const char *pwd, uchar nt_p16[16], uchar p16[16]) +{ /* Calculate the MD4 hash (NT compatible) of the password */ memset(nt_p16, '\0', 16); - E_md4hash((uchar *)passwd, nt_p16); + E_md4hash(pwd, nt_p16); #ifdef DEBUG_PASSWORD DEBUG(100,("nt_lm_owf_gen: pwd, nt#\n")); - dump_data(120, passwd, strlen(passwd)); + dump_data(120, pwd, strlen(pwd)); dump_data(100, (char *)nt_p16, 16); #endif - /* Mangle the passwords into Lanman format */ - passwd[14] = '\0'; - strupper(passwd); - - /* Calculate the SMB (lanman) hash functions of the password */ - - memset(p16, '\0', 16); - E_P16((uchar *) passwd, (uchar *)p16); + E_deshash(pwd, (uchar *)p16); #ifdef DEBUG_PASSWORD DEBUG(100,("nt_lm_owf_gen: pwd, lm#\n")); - dump_data(120, passwd, strlen(passwd)); + dump_data(120, pwd, strlen(pwd)); dump_data(100, (char *)p16, 16); #endif - /* clear out local copy of user's password (just being paranoid). */ - memset(passwd, '\0', sizeof(passwd)); } /* Does both the NTLMv2 owfs of a user's password */ @@ -322,22 +331,56 @@ BOOL decode_pw_buffer(char in_buffer[516], char *new_pwrd, #endif return True; +} +/*********************************************************** + SMB signing - setup the MAC key. +************************************************************/ + +void cli_calculate_mac_key(struct cli_state *cli, const unsigned char *ntpasswd, const uchar resp[24]) +{ + /* Get first 16 bytes. */ + E_md4hash(ntpasswd,&cli->sign_info.mac_key[0]); + memcpy(&cli->sign_info.mac_key[16],resp,24); + cli->sign_info.mac_key_len = 40; + cli->sign_info.use_smb_signing = True; + + /* These calls are INCONPATIBLE with SMB signing */ + cli->readbraw_supported = False; + cli->writebraw_supported = False; + + /* Reset the sequence number in case we had a previous (aborted) attempt */ + cli->sign_info.send_seq_num = 0; } -/* Calculate the NT owfs of a user's password */ -void nt_owf_genW(const UNISTR2 *pwd, uchar nt_p16[16]) +/*********************************************************** + SMB signing - calculate a MAC to send. +************************************************************/ + +void cli_caclulate_sign_mac(struct cli_state *cli) { - char buf[512]; - int i; + unsigned char calc_md5_mac[16]; + struct MD5Context md5_ctx; - for (i = 0; i < MIN(pwd->uni_str_len, sizeof(buf) / 2); i++) - { - SIVAL(buf, i * 2, pwd->buffer[i]); + if (!cli->sign_info.use_smb_signing) { + return; } - /* Calculate the MD4 hash (NT compatible) of the password */ - mdfour(nt_p16, (const unsigned char *)buf, pwd->uni_str_len * 2); - /* clear out local copy of user's password (just being paranoid). */ - ZERO_STRUCT(buf); + /* + * Firstly put the sequence number into the first 4 bytes. + * and zero out the next 4 bytes. + */ + SIVAL(cli->outbuf, smb_ss_field, cli->sign_info.send_seq_num); + SIVAL(cli->outbuf, smb_ss_field + 4, 0); + + /* Calculate the 16 byte MAC and place first 8 bytes into the field. */ + MD5Init(&md5_ctx); + MD5Update(&md5_ctx, cli->sign_info.mac_key, cli->sign_info.mac_key_len); + MD5Update(&md5_ctx, cli->outbuf + 4, smb_len(cli->outbuf)); + MD5Final(calc_md5_mac, &md5_ctx); + + memcpy(&cli->outbuf[smb_ss_field], calc_md5_mac, 8); + cli->sign_info.send_seq_num++; + cli->sign_info.reply_seq_num = cli->sign_info.send_seq_num; + cli->sign_info.send_seq_num++; } diff --git a/source3/libsmb/trust_passwd.c b/source3/libsmb/trust_passwd.c index 51ffa1dd95a..3b77f7330eb 100644 --- a/source3/libsmb/trust_passwd.c +++ b/source3/libsmb/trust_passwd.c @@ -39,7 +39,7 @@ static NTSTATUS just_change_the_password(struct cli_state *cli, TALLOC_CTX *mem_ SEC_CHAN_WKSTA : SEC_CHAN_BDC, orig_trust_passwd_hash); if (!NT_STATUS_IS_OK(result)) { - DEBUG(0,("just_change_the_password: unable to setup creds (%s)!\n", + DEBUG(1,("just_change_the_password: unable to setup creds (%s)!\n", nt_errstr(result))); return result; } @@ -71,13 +71,14 @@ NTSTATUS trust_pw_change_and_store_it(struct cli_state *cli, TALLOC_CTX *mem_ctx str = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); new_trust_passwd = talloc_strdup(mem_ctx, str); - E_md4hash((uchar *)new_trust_passwd, new_trust_passwd_hash); + E_md4hash(new_trust_passwd, new_trust_passwd_hash); nt_status = just_change_the_password(cli, mem_ctx, orig_trust_passwd_hash, new_trust_passwd_hash); if (NT_STATUS_IS_OK(nt_status)) { - DEBUG(3,("%s : change_trust_account_password: Changed password.\n", timestring(False))); + DEBUG(3,("%s : trust_pw_change_and_store_it: Changed password.\n", + timestring(False))); /* * Return the result of trying to write the new password * back into the trust account file. @@ -96,7 +97,8 @@ NTSTATUS trust_pw_change_and_store_it(struct cli_state *cli, TALLOC_CTX *mem_ctx already setup the connection to the NETLOGON pipe **********************************************************/ -NTSTATUS trust_pw_find_change_and_store_it(struct cli_state *cli, TALLOC_CTX *mem_ctx, char *domain) +NTSTATUS trust_pw_find_change_and_store_it(struct cli_state *cli, TALLOC_CTX *mem_ctx, + char *domain) { unsigned char old_trust_passwd_hash[16]; char *up_domain; diff --git a/source3/libsmb/unexpected.c b/source3/libsmb/unexpected.c index f74a05f75f2..4fc39144810 100644 --- a/source3/libsmb/unexpected.c +++ b/source3/libsmb/unexpected.c @@ -46,7 +46,7 @@ void unexpected_packet(struct packet_struct *p) int len=0; if (!tdbd) { - tdbd = tdb_open_log(lock_path("unexpected.tdb"), 1, + tdbd = tdb_open_log(lock_path("unexpected.tdb"), 0, TDB_CLEAR_IF_FIRST|TDB_DEFAULT, O_RDWR | O_CREAT, 0644); if (!tdbd) { diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c index e7fa4022f62..8c22f7d7ab2 100644 --- a/source3/locking/brlock.c +++ b/source3/locking/brlock.c @@ -162,6 +162,10 @@ static BOOL brl_conflict_other(struct lock_struct *lck1, struct lock_struct *lck } +#if DONT_DO_THIS + /* doing this traversal could kill solaris machines under high load (tridge) */ + /* delete any dead locks */ + /**************************************************************************** Delete a record if it is for a dead process, if check_self is true, then delete any records belonging to this pid also (there shouldn't be any). @@ -215,6 +219,7 @@ static int delete_fn(TDB_CONTEXT *ttdb, TDB_DATA kbuf, TDB_DATA dbuf, void *stat tdb_chainunlock(tdb, kbuf); return 0; } +#endif /**************************************************************************** Open up the brlock.tdb database. @@ -222,8 +227,6 @@ static int delete_fn(TDB_CONTEXT *ttdb, TDB_DATA kbuf, TDB_DATA dbuf, void *stat void brl_init(int read_only) { - BOOL check_self = False; - if (tdb) return; tdb = tdb_open_log(lock_path("brlock.tdb"), 0, TDB_DEFAULT|(read_only?0x0:TDB_CLEAR_IF_FIRST), @@ -233,9 +236,14 @@ void brl_init(int read_only) return; } +#if DONT_DO_THIS + /* doing this traversal could kill solaris machines under high load (tridge) */ /* delete any dead locks */ - if (!read_only) + if (!read_only) { + BOOL check_self = False; tdb_traverse(tdb, delete_fn, &check_self); + } +#endif } /**************************************************************************** @@ -244,14 +252,17 @@ void brl_init(int read_only) void brl_shutdown(int read_only) { - BOOL check_self = True; - if (!tdb) return; +#if DONT_DO_THIS + /* doing this traversal could kill solaris machines under high load (tridge) */ /* delete any dead locks */ - if (!read_only) + if (!read_only) { + BOOL check_self = True; tdb_traverse(tdb, delete_fn, &check_self); + } +#endif tdb_close(tdb); } diff --git a/source3/locking/locking.c b/source3/locking/locking.c index 87df8052505..d42d041b790 100644 --- a/source3/locking/locking.c +++ b/source3/locking/locking.c @@ -681,6 +681,7 @@ static BOOL mod_share_mode( SMB_DEV_T dev, SMB_INO_T inode, share_mode_entry *en int i; share_mode_entry *shares; BOOL need_store=False; + BOOL ret = True; /* read in the existing share modes */ dbuf = tdb_fetch(tdb, locking_key(dev, inode)); @@ -702,15 +703,15 @@ static BOOL mod_share_mode( SMB_DEV_T dev, SMB_INO_T inode, share_mode_entry *en if (need_store) { if (data->u.num_share_mode_entries == 0) { if (tdb_delete(tdb, locking_key(dev, inode)) == -1) - need_store = False; + ret = False; } else { if (tdb_store(tdb, locking_key(dev, inode), dbuf, TDB_REPLACE) == -1) - need_store = False; + ret = False; } } SAFE_FREE(dbuf.dptr); - return need_store; + return ret; } /******************************************************************* diff --git a/source3/msdfs/msdfs.c b/source3/msdfs/msdfs.c index 5ddf7f84f8b..3e66c1c10ca 100644 --- a/source3/msdfs/msdfs.c +++ b/source3/msdfs/msdfs.c @@ -1,5 +1,6 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 3.0 MSDfs services for Samba Copyright (C) Shirish Kalele 2000 @@ -16,25 +17,16 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ #include "includes.h" -extern pstring global_myname; - -/********************************************************************** - Create a tcon relative path from a dfs_path structure - **********************************************************************/ - -static void create_nondfs_path(char* pathname, struct dfs_path* pdp) -{ - pstrcpy(pathname,pdp->volumename); - pstrcat(pathname,"\\"); - pstrcat(pathname,pdp->restofthepath); -} +extern fstring local_machine; +extern uint32 global_client_caps; /********************************************************************** - Parse the pathname of the form \hostname\service\volume\restofthepath + Parse the pathname of the form \hostname\service\reqpath into the dfs_path structure **********************************************************************/ @@ -53,7 +45,7 @@ static BOOL parse_dfs_path(char* pathname, struct dfs_path* pdp) /* now tokenize */ /* parse out hostname */ - p = strchr_m(temp,'\\'); + p = strchr(temp,'\\'); if(p == NULL) return False; *p = '\0'; @@ -62,29 +54,25 @@ static BOOL parse_dfs_path(char* pathname, struct dfs_path* pdp) /* parse out servicename */ temp = p+1; - p = strchr_m(temp,'\\'); + p = strchr(temp,'\\'); if(p == NULL) { pstrcpy(pdp->servicename,temp); + pdp->reqpath[0] = '\0'; return True; } *p = '\0'; pstrcpy(pdp->servicename,temp); DEBUG(10,("servicename: %s\n",pdp->servicename)); - /* parse out volumename */ - temp = p+1; - p = strchr_m(temp,'\\'); - if(p == NULL) { - pstrcpy(pdp->volumename,temp); - return True; + /* rest is reqpath */ + pstrcpy(pdp->reqpath, p+1); + p = pdp->reqpath; + while (*p) { + if (*p == '\\') *p = '/'; + p++; } - *p = '\0'; - pstrcpy(pdp->volumename,temp); - DEBUG(10,("volumename: %s\n",pdp->volumename)); - /* remaining path .. */ - pstrcpy(pdp->restofthepath,p+1); - DEBUG(10,("rest of the path: %s\n",pdp->restofthepath)); + DEBUG(10,("rest of the path: %s\n",pdp->reqpath)); return True; } @@ -97,74 +85,22 @@ static BOOL create_conn_struct( connection_struct *conn, int snum, char *path) ZERO_STRUCTP(conn); conn->service = snum; conn->connectpath = path; + pstring_sub(conn->connectpath , "%S", lp_servicename(snum)); if (!smbd_vfs_init(conn)) { - DEBUG(0,("create_conn_struct: vfs init failed.\n")); + DEBUG(0,("create_conn_struct: smbd_vfs_init failed.\n")); return False; } return True; } -/********************************************************************** - Forms a valid Unix pathname from the junction - **********************************************************************/ - -static BOOL form_path_from_junction(struct junction_map* jn, char* path, int max_pathlen, - connection_struct *conn) -{ - int snum; - - if(!path || !jn) - return False; - - snum = lp_servicenumber(jn->service_name); - if(snum < 0) - return False; - - safe_strcpy(path, lp_pathname(snum), max_pathlen-1); - safe_strcat(path, "/", max_pathlen-1); - strlower(jn->volume_name); - safe_strcat(path, jn->volume_name, max_pathlen-1); - - if (!create_conn_struct(conn, snum, path)) - return False; - - return True; -} - -/********************************************************************** - Creates a junction structure from the Dfs pathname - **********************************************************************/ - -BOOL create_junction(char* pathname, struct junction_map* jn) -{ - struct dfs_path dp; - - parse_dfs_path(pathname,&dp); - - /* check if path is dfs : check hostname is the first token */ - if(global_myname && (strcasecmp(global_myname,dp.hostname)!=0)) { - DEBUG(4,("create_junction: Invalid hostname %s in dfs path %s\n", dp.hostname, pathname)); - return False; - } - - /* Check for a non-DFS share */ - if(!lp_msdfs_root(lp_servicenumber(dp.servicename))) { - DEBUG(4,("create_junction: %s is not an msdfs root.\n", dp.servicename)); - return False; - } - - pstrcpy(jn->service_name,dp.servicename); - pstrcpy(jn->volume_name,dp.volumename); - return True; -} /********************************************************************** Parse the contents of a symlink to verify if it is an msdfs referral A valid referral is of the form: msdfs:server1\share1,server2\share2 **********************************************************************/ - -static BOOL parse_symlink(char* buf,struct referral** preflist, int* refcount) +static BOOL parse_symlink(char* buf,struct referral** preflist, + int* refcount) { pstring temp; char* prot; @@ -176,11 +112,11 @@ static BOOL parse_symlink(char* buf,struct referral** preflist, int* refcount) prot = strtok(temp,":"); - if(!strequal(prot, "msdfs")) + if (!strequal(prot, "msdfs")) return False; - /* It's an msdfs referral */ - if(!preflist) + /* No referral list requested. Just yes/no. */ + if (!preflist) return True; /* parse out the alternate paths */ @@ -194,10 +130,10 @@ static BOOL parse_symlink(char* buf,struct referral** preflist, int* refcount) DEBUG(0,("parse_symlink: Malloc failed!\n")); return False; } - + for(i=0;ivfs_ops.lstat(conn,path,&st) != 0) { + if (sbufp == NULL) + sbufp = &st; + + if (conn->vfs_ops.lstat(conn, path, sbufp) != 0) { DEBUG(5,("is_msdfs_link: %s does not exist.\n",path)); return False; } - if(S_ISLNK(st.st_mode)) { + if (S_ISLNK(sbufp->st_mode)) { /* open the link and read it */ - referral_len = conn->vfs_ops.readlink(conn, path, referral, sizeof(pstring)); - if(referral_len == -1) + referral_len = conn->vfs_ops.readlink(conn, path, referral, + sizeof(pstring)); + if (referral_len == -1) { DEBUG(0,("is_msdfs_link: Error reading msdfs link %s: %s\n", path, strerror(errno))); + return False; + } referral[referral_len] = '\0'; DEBUG(5,("is_msdfs_link: %s -> %s\n",path,referral)); - if(parse_symlink(referral, NULL, NULL)) + if (parse_symlink(referral, reflistp, refcnt)) return True; } return False; } -/********************************************************************** - Fills in the junction_map struct with the referrals from the - symbolic link - **********************************************************************/ - -BOOL get_referred_path(struct junction_map* junction) -{ - pstring path; - pstring buf; - SMB_STRUCT_STAT st; - connection_struct conns; - connection_struct *conn = &conns; +/***************************************************************** + Used by other functions to decide if a dfs path is remote, +and to get the list of referred locations for that remote path. - if(!form_path_from_junction(junction, path, sizeof(path), conn)) +findfirst_flag: For findfirsts, dfs links themselves are not +redirected, but paths beyond the links are. For normal smb calls, +even dfs links need to be redirected. + +self_referralp: clients expect a dfs referral for the same share when +they request referrals for dfs roots on a server. + +consumedcntp: how much of the dfs path is being redirected. the client +should try the remaining path on the redirected server. +*****************************************************************/ +static BOOL resolve_dfs_path(char* dfspath, struct dfs_path* dp, + connection_struct* conn, + BOOL findfirst_flag, + struct referral** reflistpp, int* refcntp, + BOOL* self_referralp, int* consumedcntp) +{ + fstring localpath; + + char *p; + fstring reqpath; + + if (!dp || !conn) { + DEBUG(1,("resolve_dfs_path: NULL dfs_path* or NULL connection_struct*!\n")); return False; + } - DEBUG(5,("get_referred_path: lstat target: %s\n", path)); - - if(conn->vfs_ops.lstat(conn,path,&st) != 0) { - DEBUG(5,("get_referred_path: %s does not exist.\n",path)); + if (dp->reqpath[0] == '\0') { + if (self_referralp) { + DEBUG(6,("resolve_dfs_path: self-referral. returning False\n")); + *self_referralp = True; + } return False; } - - if(S_ISLNK(st.st_mode)) { - /* open the link and read it to get the dfs referral */ - int linkcnt = 0; - linkcnt = conn->vfs_ops.readlink(conn, path, buf, sizeof(buf)); - buf[linkcnt] = '\0'; - DEBUG(5,("get_referred_path: Referral: %s\n",buf)); - if(parse_symlink(buf, &junction->referral_list, &junction->referral_count)) + + /* check if need to redirect */ + fstrcpy(localpath, conn->connectpath); + fstrcat(localpath, "/"); + fstrcat(localpath, dp->reqpath); + if (is_msdfs_link(conn, localpath, reflistpp, refcntp, NULL)) { + if (findfirst_flag) { + DEBUG(6,("resolve_dfs_path (FindFirst) No redirection " + "for dfs link %s.\n", dfspath)); + return False; + } else { + DEBUG(6,("resolve_dfs_path: %s resolves to a valid Dfs link.\n", + dfspath)); + if (consumedcntp) + *consumedcntp = strlen(dfspath); + return True; + } + } + + /* also redirect if the parent directory is a dfs link */ + fstrcpy(reqpath, dp->reqpath); + p = strrchr(reqpath, '/'); + if (p) { + *p = '\0'; + fstrcpy(localpath, conn->connectpath); + fstrcat(localpath, "/"); + fstrcat(localpath, reqpath); + if (is_msdfs_link(conn, localpath, reflistpp, refcntp, NULL)) { + DEBUG(4, ("resolve_dfs_path: Redirecting %s because parent %s is dfs link\n", dfspath, localpath)); + + /* To find the path consumed, we truncate the original + DFS pathname passed to use to remove the last + component. The length of the resulting string is + the path consumed + */ + if (consumedcntp) { + char *q; + pstring buf; + safe_strcpy(buf, dfspath, sizeof(buf)); + trim_string(buf, NULL, "\\"); + q = strrchr(buf, '\\'); + if (q) + *q = '\0'; + *consumedcntp = strlen(buf); + DEBUG(10, ("resolve_dfs_path: Path consumed: %d\n", *consumedcntp)); + } + return True; + } } + return False; } -/************************************************************** -Decides if given pathname is Dfs and if it should be redirected -Converts pathname to non-dfs format if Dfs redirection not required -**************************************************************/ - -BOOL dfs_redirect(char* pathname, connection_struct* conn) +/***************************************************************** + Decides if a dfs pathname should be redirected or not. + If not, the pathname is converted to a tcon-relative local unix path +*****************************************************************/ +BOOL dfs_redirect(char* pathname, connection_struct* conn, + BOOL findfirst_flag) { struct dfs_path dp; - pstring temp; - fstring path; - - pstrcpy(temp,pathname); - - if(!lp_msdfs_root(SNUM(conn)) ) + + if (!conn || !pathname) return False; - parse_dfs_path(pathname,&dp); + parse_dfs_path(pathname, &dp); - if(global_myname && (strcasecmp(global_myname,dp.hostname)!=0)) + /* if dfs pathname for a non-dfs share, convert to tcon-relative + path and return false */ + if (!lp_msdfs_root(SNUM(conn))) { + fstrcpy(pathname, dp.reqpath); + return False; + } + + if (strcasecmp(dp.servicename, lp_servicename(SNUM(conn)) ) != 0) return False; - /* check if need to redirect */ - fstrcpy(path, conn->connectpath); - fstrcat(path, "/"); - fstrcat(path, dp.volumename); - if(is_msdfs_link(conn, path)) { - DEBUG(4,("dfs_redirect: Redirecting %s\n",temp)); + if (resolve_dfs_path(pathname, &dp, conn, findfirst_flag, + NULL, NULL, NULL, NULL)) { + DEBUG(3,("dfs_redirect: Redirecting %s\n", pathname)); return True; } else { - create_nondfs_path(pathname,&dp); - DEBUG(4,("dfs_redirect: Not redirecting %s. Converted to non-dfs pathname \'%s\'\n", - temp,pathname)); + DEBUG(3,("dfs_redirect: Not redirecting %s.\n", pathname)); + + /* Form non-dfs tcon-relative path */ + fstrcpy(pathname, dp.reqpath); + DEBUG(3,("dfs_redirect: Path converted to non-dfs path %s\n", + pathname)); return False; } + /* never reached */ + return False; } -/* - Special DFS redirect call for findfirst's. - If the findfirst is for the dfs junction, then no redirection, - if it is for the underlying directory contents, redirect. - */ - -BOOL dfs_findfirst_redirect(char* pathname, connection_struct* conn) +/********************************************************************** + Gets valid referrals for a dfs path and fills up the + junction_map structure + **********************************************************************/ +BOOL get_referred_path(char *pathname, struct junction_map* jn, + int* consumedcntp, BOOL* self_referralp) { struct dfs_path dp; - - pstring temp; - pstrcpy(temp,pathname); + struct connection_struct conns; + struct connection_struct* conn = &conns; + pstring conn_path; + int snum; + + BOOL self_referral = False; + + if (!pathname || !jn) + return False; + + if (self_referralp) + *self_referralp = False; + else + self_referralp = &self_referral; + + parse_dfs_path(pathname, &dp); - /* Is the path Dfs-redirectable? */ - if(!dfs_redirect(temp,conn)) { - pstrcpy(pathname,temp); + /* Verify hostname in path */ + if (local_machine && (strcasecmp(local_machine, dp.hostname) != 0)) { + + /* Hostname mismatch, check if one of our IP addresses */ + if (!ismyip(*interpret_addr2(dp.hostname))) { + + DEBUG(3, ("get_referred_path: Invalid hostname %s in path %s\n", + dp.hostname, pathname)); return False; + } } - parse_dfs_path(pathname,&dp); - DEBUG(8,("dfs_findfirst_redirect: path %s is in Dfs. dp.restofthepath=.%s.\n", - pathname,dp.restofthepath)); - if(!(*(dp.restofthepath))) { - create_nondfs_path(pathname,&dp); + pstrcpy(jn->service_name, dp.servicename); + pstrcpy(jn->volume_name, dp.reqpath); + + /* Verify the share is a dfs root */ + snum = lp_servicenumber(jn->service_name); + if(snum < 0) { + if ((snum = find_service(jn->service_name)) < 0) + return False; + } + + pstrcpy(conn_path, lp_pathname(snum)); + if (!create_conn_struct(conn, snum, conn_path)) return False; + + if (!lp_msdfs_root(SNUM(conn))) { + DEBUG(3,("get_referred_path: .%s. in dfs path %s is not a dfs root.\n", + dp.servicename, pathname)); + return False; + } + + /* If not remote & not a self referral, return False */ + if (!resolve_dfs_path(pathname, &dp, conn, False, + &jn->referral_list, &jn->referral_count, + self_referralp, consumedcntp)) { + if (!*self_referralp) { + DEBUG(3,("get_referred_path: No valid referrals for path %s\n", pathname)); + return False; + } + } + + /* if self_referral, fill up the junction map */ + if (*self_referralp) { + struct referral* ref; + jn->referral_count = 1; + if((ref = (struct referral*) malloc(sizeof(struct referral))) + == NULL) { + DEBUG(0,("malloc failed for referral\n")); + return False; + } + + pstrcpy(ref->alternate_path,pathname); + ref->proximity = 0; + ref->ttl = REFERRAL_TTL; + jn->referral_list = ref; + if (consumedcntp) + *consumedcntp = strlen(pathname); } return True; @@ -352,6 +414,7 @@ BOOL dfs_findfirst_redirect(char* pathname, connection_struct* conn) static int setup_ver2_dfs_referral(char* pathname, char** ppdata, struct junction_map* junction, + int consumedcnt, BOOL self_referral) { char* pdata = *ppdata; @@ -366,10 +429,10 @@ static int setup_ver2_dfs_referral(char* pathname, char** ppdata, DEBUG(10,("setting up version2 referral\nRequested path:\n")); - requestedpathlen = rpcstr_push(uni_requestedpath, pathname, -1, - STR_TERMINATE); + requestedpathlen = rpcstr_push(uni_requestedpath, pathname, -1, + STR_TERMINATE); - dump_data(10,(const char *)uni_requestedpath,requestedpathlen); + dump_data(10, (const char *) uni_requestedpath,requestedpathlen); DEBUG(10,("ref count = %u\n",junction->referral_count)); @@ -398,15 +461,15 @@ static int setup_ver2_dfs_referral(char* pathname, char** ppdata, if(pdata == NULL) { DEBUG(0,("malloc failed for Realloc!\n")); return -1; - } - else *ppdata = pdata; + } else + *ppdata = pdata; /* copy in the dfs requested paths.. required for offset calculations */ memcpy(pdata+uni_reqpathoffset1,uni_requestedpath,requestedpathlen); memcpy(pdata+uni_reqpathoffset2,uni_requestedpath,requestedpathlen); /* create the header */ - SSVAL(pdata,0,requestedpathlen-2); /* path consumed */ + SSVAL(pdata,0,consumedcnt * 2); /* path consumed */ SSVAL(pdata,2,junction->referral_count); /* number of referral in this pkt */ if(self_referral) SIVAL(pdata,4,DFSREF_REFERRAL_SERVER | DFSREF_STORAGE_SERVER); @@ -432,8 +495,9 @@ static int setup_ver2_dfs_referral(char* pathname, char** ppdata, SSVAL(pdata,offset+16,uni_reqpathoffset1-offset); SSVAL(pdata,offset+18,uni_reqpathoffset2-offset); /* copy referred path into current offset */ - unilen = rpcstr_push(pdata+uni_curroffset, ref->alternate_path, - -1, STR_UNICODE); + unilen = rpcstr_push(pdata+uni_curroffset, ref->alternate_path, + -1, STR_UNICODE); + SSVAL(pdata,offset+20,uni_curroffset-offset); uni_curroffset += unilen; @@ -441,12 +505,12 @@ static int setup_ver2_dfs_referral(char* pathname, char** ppdata, } /* add in the unexplained 22 (0x16) bytes at the end */ memset(pdata+uni_curroffset,'\0',0x16); - SAFE_FREE(junction->referral_list); return reply_size; } static int setup_ver3_dfs_referral(char* pathname, char** ppdata, struct junction_map* junction, + int consumedcnt, BOOL self_referral) { char* pdata = *ppdata; @@ -461,9 +525,9 @@ static int setup_ver3_dfs_referral(char* pathname, char** ppdata, DEBUG(10,("setting up version3 referral\n")); - reqpathlen = rpcstr_push(uni_reqpath, pathname, -1, STR_TERMINATE); - - dump_data(10,(const char *)uni_reqpath,reqpathlen); + reqpathlen = rpcstr_push(uni_reqpath, pathname, -1, STR_TERMINATE); + + dump_data(10, (char *) uni_reqpath,reqpathlen); uni_reqpathoffset1 = REFERRAL_HEADER_SIZE + VERSION3_REFERRAL_SIZE * junction->referral_count; uni_reqpathoffset2 = uni_reqpathoffset1 + reqpathlen; @@ -478,12 +542,12 @@ static int setup_ver3_dfs_referral(char* pathname, char** ppdata, if(pdata == NULL) { DEBUG(0,("version3 referral setup: malloc failed for Realloc!\n")); return -1; - } - else *ppdata = pdata; - + } else + *ppdata = pdata; + /* create the header */ - SSVAL(pdata,0,reqpathlen-2); /* path consumed */ - SSVAL(pdata,2,junction->referral_count); /* number of referral in this pkt */ + SSVAL(pdata,0,consumedcnt * 2); /* path consumed */ + SSVAL(pdata,2,junction->referral_count); /* number of referral */ if(self_referral) SIVAL(pdata,4,DFSREF_REFERRAL_SERVER | DFSREF_STORAGE_SERVER); else @@ -511,9 +575,8 @@ static int setup_ver3_dfs_referral(char* pathname, char** ppdata, SSVAL(pdata,offset+12,uni_reqpathoffset1-offset); SSVAL(pdata,offset+14,uni_reqpathoffset2-offset); /* copy referred path into current offset */ - - unilen = rpcstr_push(pdata+uni_curroffset, ref->alternate_path, - -1, STR_UNICODE|STR_TERMINATE); + unilen = rpcstr_push(pdata+uni_curroffset,ref->alternate_path, + -1, STR_UNICODE | STR_TERMINATE); SSVAL(pdata,offset+16,uni_curroffset-offset); /* copy 0x10 bytes of 00's in the ServiceSite GUID */ memset(pdata+offset+18,'\0',16); @@ -521,7 +584,6 @@ static int setup_ver3_dfs_referral(char* pathname, char** ppdata, uni_curroffset += unilen; offset += VERSION3_REFERRAL_SIZE; } - SAFE_FREE(junction->referral_list); return reply_size; } @@ -532,43 +594,43 @@ static int setup_ver3_dfs_referral(char* pathname, char** ppdata, int setup_dfs_referral(char* pathname, int max_referral_level, char** ppdata) { struct junction_map junction; - - BOOL self_referral; - + int consumedcnt; + BOOL self_referral = False; + pstring buf; int reply_size = 0; + char *pathnamep = pathname; ZERO_STRUCT(junction); - if(!create_junction(pathname, &junction)) + /* get the junction entry */ + if (!pathnamep) return -1; - /* get the junction entry */ - if(!get_referred_path(&junction)) { - - /* refer the same pathname, create a standard referral struct */ - struct referral* ref; - self_referral = True; - junction.referral_count = 1; - if((ref = (struct referral*) malloc(sizeof(struct referral))) == NULL) { - DEBUG(0,("malloc failed for referral\n")); - return -1; - } - - pstrcpy(ref->alternate_path,pathname); - ref->proximity = 0; - ref->ttl = REFERRAL_TTL; - junction.referral_list = ref; - } else { - self_referral = False; + /* Trim pathname sent by client so it begins with only one backslash. + Two backslashes confuse some dfs clients + */ + while (strlen(pathnamep) > 1 && pathnamep[0] == '\\' + && pathnamep[1] == '\\') + pathnamep++; + + safe_strcpy(buf, pathnamep, sizeof(buf)); + if (!get_referred_path(buf, &junction, &consumedcnt, + &self_referral)) + return -1; + + if (!self_referral) + { + pathnamep[consumedcnt] = '\0'; + if( DEBUGLVL( 3 ) ) { int i=0; - dbgtext("setup_dfs_referral: Path %s to alternate path(s):",pathname); + dbgtext("setup_dfs_referral: Path %s to alternate path(s):",pathnamep); for(i=0;i3) @@ -577,12 +639,16 @@ int setup_dfs_referral(char* pathname, int max_referral_level, char** ppdata) switch(max_referral_level) { case 2: { - reply_size = setup_ver2_dfs_referral(pathname, ppdata, &junction, self_referral); + reply_size = setup_ver2_dfs_referral(pathnamep, ppdata, &junction, + consumedcnt, self_referral); + SAFE_FREE(junction.referral_list); break; } case 3: { - reply_size = setup_ver3_dfs_referral(pathname, ppdata, &junction, self_referral); + reply_size = setup_ver3_dfs_referral(pathnamep, ppdata, &junction, + consumedcnt, self_referral); + SAFE_FREE(junction.referral_list); break; } default: @@ -601,6 +667,67 @@ int setup_dfs_referral(char* pathname, int max_referral_level, char** ppdata) The following functions are called by the NETDFS RPC pipe functions **********************************************************************/ +/********************************************************************** + Creates a junction structure from a Dfs pathname + **********************************************************************/ +BOOL create_junction(char* pathname, struct junction_map* jn) +{ + struct dfs_path dp; + + parse_dfs_path(pathname,&dp); + + /* check if path is dfs : validate first token */ + if (local_machine && (strcasecmp(local_machine,dp.hostname)!=0)) { + + /* Hostname mismatch, check if one of our IP addresses */ + if (!ismyip(*interpret_addr2(dp.hostname))) { + DEBUG(4,("create_junction: Invalid hostname %s in dfs path %s\n", + dp.hostname, pathname)); + return False; + } + } + + /* Check for a non-DFS share */ + if(!lp_msdfs_root(lp_servicenumber(dp.servicename))) { + DEBUG(4,("create_junction: %s is not an msdfs root.\n", + dp.servicename)); + return False; + } + + pstrcpy(jn->service_name,dp.servicename); + pstrcpy(jn->volume_name,dp.reqpath); + return True; +} + +/********************************************************************** + Forms a valid Unix pathname from the junction + **********************************************************************/ + +static BOOL junction_to_local_path(struct junction_map* jn, char* path, + int max_pathlen, connection_struct *conn) +{ + int snum; + pstring conn_path; + + if(!path || !jn) + return False; + + snum = lp_servicenumber(jn->service_name); + if(snum < 0) + return False; + + safe_strcpy(path, lp_pathname(snum), max_pathlen-1); + safe_strcat(path, "/", max_pathlen-1); + strlower(jn->volume_name); + safe_strcat(path, jn->volume_name, max_pathlen-1); + + pstrcpy(conn_path, lp_pathname(snum)); + if (!create_conn_struct(conn, snum, conn_path)) + return False; + + return True; +} + BOOL create_msdfs_link(struct junction_map* jn, BOOL exists) { pstring path; @@ -608,8 +735,9 @@ BOOL create_msdfs_link(struct junction_map* jn, BOOL exists) connection_struct conns; connection_struct *conn = &conns; int i=0; + BOOL insert_comma = False; - if(!form_path_from_junction(jn, path, sizeof(path), conn)) + if(!junction_to_local_path(jn, path, sizeof(path), conn)) return False; /* form the msdfs_link contents */ @@ -618,13 +746,18 @@ BOOL create_msdfs_link(struct junction_map* jn, BOOL exists) char* refpath = jn->referral_list[i].alternate_path; trim_string(refpath, "\\", "\\"); - if(*refpath == '\0') + if(*refpath == '\0') { + if (i == 0) + insert_comma = False; continue; - - if(i>0) + } + if (i > 0 && insert_comma) pstrcat(msdfs_link, ","); - + pstrcat(msdfs_link, refpath); + if (!insert_comma) + insert_comma = True; + } DEBUG(5,("create_msdfs_link: Creating new msdfs link: %s -> %s\n", path, msdfs_link)); @@ -647,7 +780,7 @@ BOOL remove_msdfs_link(struct junction_map* jn) connection_struct conns; connection_struct *conn = &conns; - if(!form_path_from_junction(jn, path, sizeof(path), conn)) + if(!junction_to_local_path(jn, path, sizeof(path), conn)) return False; if(conn->vfs_ops.unlink(conn, path)!=0) @@ -678,44 +811,50 @@ static BOOL form_junctions(int snum, struct junction_map* jn, int* jn_count) if (!create_conn_struct(conn, snum, connect_path)) return False; - /* form a junction for the msdfs root - convention */ - /* - pstrpcy(jn[cnt].service_name, service_name); + { + /* form a junction for the msdfs root - convention + DO NOT REMOVE THIS: NT clients will not work with us + if this is not present + */ + struct referral *ref = NULL; + pstring alt_path; + pstrcpy(jn[cnt].service_name, service_name); jn[cnt].volume_name[0] = '\0'; jn[cnt].referral_count = 1; - - slprintf(alt_path,sizeof(alt_path)-1"\\\\%s\\%s", global_myname, service_name); - jn[cnt].referral_l - */ + + slprintf(alt_path,sizeof(alt_path)-1,"\\\\%s\\%s", + local_machine, service_name); + ref = jn[cnt].referral_list = (struct referral*) malloc(sizeof(struct referral)); + if (jn[cnt].referral_list == NULL) { + DEBUG(0, ("Malloc failed!\n")); + return False; + } + + safe_strcpy(ref->alternate_path, alt_path, sizeof(pstring)); + ref->proximity = 0; + ref->ttl = REFERRAL_TTL; + cnt++; + } dirp = conn->vfs_ops.opendir(conn, connect_path); if(!dirp) return False; while((dname = vfs_readdirname(conn, dirp)) != NULL) { - SMB_STRUCT_STAT st; pstring pathreal; - fstring buf; - int buflen = 0; + pstrcpy(pathreal, connect_path); pstrcat(pathreal, "/"); pstrcat(pathreal, dname); - if(conn->vfs_ops.lstat(conn,pathreal,&st) != 0) { - DEBUG(4,("lstat error for %s: %s\n",pathreal, strerror(errno))); - continue; - } - if(S_ISLNK(st.st_mode)) { - buflen = conn->vfs_ops.readlink(conn, pathreal, buf, sizeof(fstring)); - buf[buflen] = '\0'; - if(parse_symlink(buf, &(jn[cnt].referral_list), &(jn[cnt].referral_count))) { - pstrcpy(jn[cnt].service_name, service_name); - pstrcpy(jn[cnt].volume_name, dname); - cnt++; - } + if (is_msdfs_link(conn, pathreal, &(jn[cnt].referral_list), + &(jn[cnt].referral_count), NULL)) { + pstrcpy(jn[cnt].service_name, service_name); + pstrcpy(jn[cnt].volume_name, dname); + cnt++; } } - + conn->vfs_ops.closedir(conn,dirp); *jn_count = cnt; return True; @@ -735,3 +874,4 @@ int enum_msdfs_links(struct junction_map* jn) } return jn_count; } + diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c index 051991f46de..d30efb550ce 100644 --- a/source3/nmbd/nmbd.c +++ b/source3/nmbd/nmbd.c @@ -53,8 +53,8 @@ static void terminate(void) /* Write out wins.dat file if samba is a WINS server */ wins_write_database(False); - /* Remove all SELF registered names. */ - release_my_names(); + /* Remove all SELF registered names from WINS */ + release_wins_names(); /* Announce all server entries as 0 time-to-live, 0 type. */ announce_my_servers_removed(); @@ -78,7 +78,7 @@ static void nmbd_terminate(int msg_type, pid_t src, void *buf, size_t len) Catch a SIGTERM signal. **************************************************************************** */ -static VOLATILE sig_atomic_t got_sig_term; +static SIG_ATOMIC_T got_sig_term; static void sig_term(int sig) { @@ -90,7 +90,7 @@ static void sig_term(int sig) Catch a SIGHUP signal. **************************************************************************** */ -static VOLATILE sig_atomic_t reload_after_sighup; +static SIG_ATOMIC_T reload_after_sighup; static void sig_hup(int sig) { @@ -293,15 +293,6 @@ static BOOL reload_nmbd_services(BOOL test) reload_nmbd_services( True ); } - /* Do a sanity check for a misconfigured nmbd */ - if( lp_wins_support() && wins_srv_count() ) { - if( DEBUGLVL(0) ) { - dbgtext( "ERROR: 'wins support = true' and 'wins server = '\n" ); - dbgtext( "are conflicting settings. nmbd aborting.\n" ); - } - exit(10); - } - return(ret); } @@ -853,7 +844,7 @@ static void usage(char *pname) #ifndef SYNC_DNS /* Setup the async dns. We do it here so it doesn't have all the other stuff initialised and thus chewing memory and sockets */ - if(lp_we_are_a_wins_server()) { + if(lp_we_are_a_wins_server() && lp_dns_proxy()) { start_async_dns(); } #endif diff --git a/source3/nmbd/nmbd_incomingrequests.c b/source3/nmbd/nmbd_incomingrequests.c index 3f2b9210745..834f237a2c2 100644 --- a/source3/nmbd/nmbd_incomingrequests.c +++ b/source3/nmbd/nmbd_incomingrequests.c @@ -449,175 +449,151 @@ For broadcast name queries: void process_name_query_request(struct subnet_record *subrec, struct packet_struct *p) { - struct nmb_packet *nmb = &p->packet.nmb; - struct nmb_name *question = &nmb->question.question_name; - int name_type = question->name_type; - BOOL bcast = nmb->header.nm_flags.bcast; - int ttl=0; - int rcode = 0; - char *prdata = NULL; - char rdata[6]; - BOOL success = False; - struct name_record *namerec = NULL; - int reply_data_len = 0; - int i; - - DEBUG(3,("process_name_query_request: Name query from %s on subnet %s for name %s\n", - inet_ntoa(p->ip), subrec->subnet_name, nmb_namestr(question))); + struct nmb_packet *nmb = &p->packet.nmb; + struct nmb_name *question = &nmb->question.question_name; + int name_type = question->name_type; + BOOL bcast = nmb->header.nm_flags.bcast; + int ttl=0; + int rcode = 0; + char *prdata = NULL; + char rdata[6]; + BOOL success = False; + struct name_record *namerec = NULL; + int reply_data_len = 0; + int i; + + DEBUG(3,("process_name_query_request: Name query from %s on subnet %s for name %s\n", + inet_ntoa(p->ip), subrec->subnet_name, nmb_namestr(question))); - /* Look up the name in the cache - if the request is a broadcast request that - came from a subnet we don't know about then search all the broadcast subnets - for a match (as we don't know what interface the request came in on). */ - - if(subrec == remote_broadcast_subnet) - namerec = find_name_for_remote_broadcast_subnet( question, FIND_ANY_NAME); - else - namerec = find_name_on_subnet(subrec, question, FIND_ANY_NAME); - - - /* Check if it is a name that expired */ - if( namerec - && ( (namerec->data.death_time != PERMANENT_TTL) - && (namerec->data.death_time < p->timestamp) ) ) - { - DEBUG(5,("process_name_query_request: expired name %s\n", nmb_namestr(&namerec->name))); - namerec = NULL; - } - - if (namerec) - { - - /* - * Always respond to unicast queries. - * Don't respond to broadcast queries unless the query is for - * a name we own, a Primary Domain Controller name, or a WINS_PROXY - * name with type 0 or 0x20. WINS_PROXY names are only ever added - * into the namelist if we were configured as a WINS proxy. - */ - - if( !bcast - || ( bcast - && ( (name_type == 0x1b) - || (namerec->data.source == SELF_NAME) - || (namerec->data.source == PERMANENT_NAME) - || ( (namerec->data.source == WINS_PROXY_NAME) - && ( (name_type == 0) || (name_type == 0x20) ) - ) - ) - ) - ) - { - - /* The requested name is a directed query, or it's SELF or PERMANENT or WINS_PROXY, - or it's a Domain Master type. */ - - /* - * If this is a WINS_PROXY_NAME, then ceck that none of the IP - * addresses we are returning is on the same broadcast subnet - * as the requesting packet. If it is then don't reply as the - * actual machine will be replying also and we don't want two - * replies to a broadcast query. - */ - - if( namerec->data.source == WINS_PROXY_NAME ) - { - for( i = 0; i < namerec->data.num_ips; i++) - { - if(same_net( namerec->data.ip[i], subrec->myip, subrec->mask_ip )) - { - DEBUG(5,("process_name_query_request: name %s is a WINS proxy name and is also \ -on the same subnet (%s) as the requestor. Not replying.\n", - nmb_namestr(&namerec->name), subrec->subnet_name )); - return; - } - } - } - - ttl = (namerec->data.death_time != PERMANENT_TTL) ? - namerec->data.death_time - p->timestamp : lp_max_ttl(); - - /* Copy all known ip addresses into the return data. */ - /* Optimise for the common case of one IP address so - we don't need a malloc. */ - - if( namerec->data.num_ips == 1 ) - prdata = rdata; - else - { - if((prdata = (char *)malloc( namerec->data.num_ips * 6 )) == NULL) - { - DEBUG(0,("process_name_query_request: malloc fail !\n")); - return; - } - } - - for( i = 0; i < namerec->data.num_ips; i++ ) - { - set_nb_flags(&prdata[i*6],namerec->data.nb_flags); - putip((char *)&prdata[2+(i*6)], &namerec->data.ip[i]); - } - - sort_query_replies(prdata, i, p->ip); - - reply_data_len = namerec->data.num_ips * 6; - success = True; - } - } - - /* - * If a machine is broadcasting a name lookup request and we have lp_wins_proxy() - * set we should initiate a WINS query here. On success we add the resolved name - * into our namelist with a type of WINS_PROXY_NAME and then reply to the query. - */ - - if(!success && (namerec == NULL) && we_are_a_wins_client() && lp_wins_proxy() && - bcast && (subrec != remote_broadcast_subnet)) - { - make_wins_proxy_name_query_request( subrec, p, question ); - return; - } - - if (!success && bcast) - { - if(prdata != rdata) - SAFE_FREE(prdata); - return; /* Never reply with a negative response to broadcasts. */ - } - - /* - * Final check. From observation, if a unicast packet is sent - * to a non-WINS server with the recursion desired bit set - * then never send a negative response. - */ - - if(!success && !bcast && nmb->header.nm_flags.recursion_desired) - { - if(prdata != rdata) - SAFE_FREE(prdata); - return; - } - - if (success) - { - rcode = 0; - DEBUG(3,("OK\n")); - } - else - { - rcode = NAM_ERR; - DEBUG(3,("UNKNOWN\n")); - } - - /* See rfc1002.txt 4.2.13. */ - - reply_netbios_packet(p, /* Packet to reply to. */ - rcode, /* Result code. */ - NMB_QUERY, /* nmbd type code. */ - NMB_NAME_QUERY_OPCODE, /* opcode. */ - ttl, /* ttl. */ - prdata, /* data to send. */ - reply_data_len); /* data length. */ - - if(prdata != rdata) - SAFE_FREE(prdata); + /* Look up the name in the cache - if the request is a broadcast request that + came from a subnet we don't know about then search all the broadcast subnets + for a match (as we don't know what interface the request came in on). */ + + if(subrec == remote_broadcast_subnet) + namerec = find_name_for_remote_broadcast_subnet( question, FIND_ANY_NAME); + else + namerec = find_name_on_subnet(subrec, question, FIND_ANY_NAME); + + /* Check if it is a name that expired */ + if (namerec && + ((namerec->data.death_time != PERMANENT_TTL) && + (namerec->data.death_time < p->timestamp))) { + DEBUG(5,("process_name_query_request: expired name %s\n", nmb_namestr(&namerec->name))); + namerec = NULL; + } + + if (namerec) { + /* + * Always respond to unicast queries. + * Don't respond to broadcast queries unless the query is for + * a name we own, a Primary Domain Controller name, or a WINS_PROXY + * name with type 0 or 0x20. WINS_PROXY names are only ever added + * into the namelist if we were configured as a WINS proxy. + */ + + if (!bcast || + (bcast && ((name_type == 0x1b) || + (namerec->data.source == SELF_NAME) || + (namerec->data.source == PERMANENT_NAME) || + ((namerec->data.source == WINS_PROXY_NAME) && + ((name_type == 0) || (name_type == 0x20)))))) { + /* The requested name is a directed query, or it's SELF or PERMANENT or WINS_PROXY, + or it's a Domain Master type. */ + + /* + * If this is a WINS_PROXY_NAME, then ceck that none of the IP + * addresses we are returning is on the same broadcast subnet + * as the requesting packet. If it is then don't reply as the + * actual machine will be replying also and we don't want two + * replies to a broadcast query. + */ + + if (namerec->data.source == WINS_PROXY_NAME) { + for( i = 0; i < namerec->data.num_ips; i++) { + if (same_net(namerec->data.ip[i], subrec->myip, subrec->mask_ip)) { + DEBUG(5,("process_name_query_request: name %s is a WINS proxy name and is also on the same subnet (%s) as the requestor. Not replying.\n", + nmb_namestr(&namerec->name), subrec->subnet_name )); + return; + } + } + } + + ttl = (namerec->data.death_time != PERMANENT_TTL) ? + namerec->data.death_time - p->timestamp : lp_max_ttl(); + + /* Copy all known ip addresses into the return data. */ + /* Optimise for the common case of one IP address so + we don't need a malloc. */ + + if (namerec->data.num_ips == 1) { + prdata = rdata; + } else { + if ((prdata = (char *)malloc( namerec->data.num_ips * 6 )) == NULL) { + DEBUG(0,("process_name_query_request: malloc fail !\n")); + return; + } + } + + for (i = 0; i < namerec->data.num_ips; i++) { + set_nb_flags(&prdata[i*6],namerec->data.nb_flags); + putip((char *)&prdata[2+(i*6)], &namerec->data.ip[i]); + } + + sort_query_replies(prdata, i, p->ip); + + reply_data_len = namerec->data.num_ips * 6; + success = True; + } + } + + /* + * If a machine is broadcasting a name lookup request and we have lp_wins_proxy() + * set we should initiate a WINS query here. On success we add the resolved name + * into our namelist with a type of WINS_PROXY_NAME and then reply to the query. + */ + + if(!success && (namerec == NULL) && we_are_a_wins_client() && lp_wins_proxy() && + bcast && (subrec != remote_broadcast_subnet)) { + make_wins_proxy_name_query_request( subrec, p, question ); + return; + } + + if (!success && bcast) { + if(prdata != rdata) + SAFE_FREE(prdata); + return; /* Never reply with a negative response to broadcasts. */ + } + + /* + * Final check. From observation, if a unicast packet is sent + * to a non-WINS server with the recursion desired bit set + * then never send a negative response. + */ + + if(!success && !bcast && nmb->header.nm_flags.recursion_desired) { + if(prdata != rdata) + SAFE_FREE(prdata); + return; + } + + if (success) { + rcode = 0; + DEBUG(3,("OK\n")); + } else { + rcode = NAM_ERR; + DEBUG(3,("UNKNOWN\n")); + } + + /* See rfc1002.txt 4.2.13. */ + + reply_netbios_packet(p, /* Packet to reply to. */ + rcode, /* Result code. */ + NMB_QUERY, /* nmbd type code. */ + NMB_NAME_QUERY_OPCODE, /* opcode. */ + ttl, /* ttl. */ + prdata, /* data to send. */ + reply_data_len); /* data length. */ + + if(prdata != rdata) + SAFE_FREE(prdata); } diff --git a/source3/nmbd/nmbd_mynames.c b/source3/nmbd/nmbd_mynames.c index aac188db2bf..345245c57d0 100644 --- a/source3/nmbd/nmbd_mynames.c +++ b/source3/nmbd/nmbd_mynames.c @@ -184,67 +184,48 @@ BOOL register_my_workgroup_and_names(void) /**************************************************************************** Remove all the names we registered. **************************************************************************/ - -void release_my_names(void) +void release_wins_names(void) { -#if 0 /*JRR: do WINS server only, otherwise clients ignore us when we come back up*/ - struct subnet_record *subrec; - - for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_INCLUDING_UNICAST(subrec)) -#else - struct subnet_record *subrec = unicast_subnet; -#endif - { - struct name_record *namerec, *nextnamerec; - - for (namerec = (struct name_record *)ubi_trFirst( subrec->namelist ); - namerec; - namerec = nextnamerec) - { - nextnamerec = (struct name_record *)ubi_trNext( namerec ); - if( (namerec->data.source == SELF_NAME) - && !NAME_IS_DEREGISTERING(namerec) ) - release_name( subrec, namerec, standard_success_release, - NULL, NULL); - } - } + struct subnet_record *subrec = unicast_subnet; + struct name_record *namerec, *nextnamerec; + + for (namerec = (struct name_record *)ubi_trFirst( subrec->namelist ); + namerec; + namerec = nextnamerec) { + nextnamerec = (struct name_record *)ubi_trNext( namerec ); + if( (namerec->data.source == SELF_NAME) + && !NAME_IS_DEREGISTERING(namerec) ) + release_name( subrec, namerec, standard_success_release, + NULL, NULL); + } } /******************************************************************* - Refresh our registered names. + Refresh our registered names with WINS ******************************************************************/ - void refresh_my_names(time_t t) { - struct subnet_record *subrec; - - for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_INCLUDING_UNICAST(subrec)) - { - struct name_record *namerec; - - /* B nodes don't send out name refresh requests, see RFC 1001, 15.5.1 */ - if (subrec != unicast_subnet) - continue; - - for( namerec = (struct name_record *)ubi_trFirst( subrec->namelist ); - namerec; - namerec = (struct name_record *)ubi_trNext( namerec ) ) - { - /* Each SELF name has an individual time to be refreshed. */ - if( (namerec->data.source == SELF_NAME) - && (namerec->data.refresh_time < t) - && ( namerec->data.death_time != PERMANENT_TTL) ) - { - /* We cheat here and pretend the refresh is going to be - successful & update the refresh times. This stops - multiple refresh calls being done. We actually - deal with refresh failure in the fail_fn. - */ - if( !is_refresh_already_queued( subrec, namerec) ) - refresh_name( subrec, namerec, NULL, NULL, NULL ); - namerec->data.death_time = t + lp_max_ttl(); - namerec->data.refresh_time = t + MIN(lp_max_ttl(), MAX_REFRESH_TIME); - } - } - } + struct name_record *namerec; + + if (wins_srv_count() < 1) return; + + for (namerec = (struct name_record *)ubi_trFirst(unicast_subnet->namelist); + namerec; + namerec = (struct name_record *)ubi_trNext(namerec)) { + /* Each SELF name has an individual time to be refreshed. */ + if ((namerec->data.source == SELF_NAME) && + (namerec->data.refresh_time < t) && + (namerec->data.death_time != PERMANENT_TTL)) { + /* We cheat here and pretend the refresh is going to be + successful & update the refresh times. This stops + multiple refresh calls being done. We actually + deal with refresh failure in the fail_fn. + */ + if (!is_refresh_already_queued(unicast_subnet, namerec)) { + wins_refresh_name(namerec); + } + namerec->data.death_time = t + lp_max_ttl(); + namerec->data.refresh_time = t + MIN(lp_max_ttl(), MAX_REFRESH_TIME); + } + } } diff --git a/source3/nmbd/nmbd_namelistdb.c b/source3/nmbd/nmbd_namelistdb.c index 68b44d618f5..bca79ef0c80 100644 --- a/source3/nmbd/nmbd_namelistdb.c +++ b/source3/nmbd/nmbd_namelistdb.c @@ -35,7 +35,7 @@ uint16 samba_nb_type = 0; /* samba's NetBIOS name type */ void set_samba_nb_type(void) { if( lp_wins_support() || wins_srv_count() ) - samba_nb_type = NB_MFLAG; /* samba is a 'hybrid' node type. */ + samba_nb_type = NB_HFLAG; /* samba is a 'hybrid' node type. */ else samba_nb_type = NB_BFLAG; /* samba is broadcast-only node type. */ } /* set_samba_nb_type */ diff --git a/source3/nmbd/nmbd_namequery.c b/source3/nmbd/nmbd_namequery.c index aeb9984180d..7a820a71482 100644 --- a/source3/nmbd/nmbd_namequery.c +++ b/source3/nmbd/nmbd_namequery.c @@ -107,7 +107,7 @@ static void query_name_response( struct subnet_record *subrec, dbgtext( "Multiple (%d) responses ", rrec->num_msgs ); dbgtext( "received for a query on subnet %s ", subrec->subnet_name ); dbgtext( "for name %s.\nThis response ", nmb_namestr(question_name) ); - dbgtext( "was from IP %s, reporting", inet_ntoa(p->ip) ); + dbgtext( "was from IP %s, reporting ", inet_ntoa(p->ip) ); dbgtext( "an IP address of %s.\n", inet_ntoa(answer_ip) ); } diff --git a/source3/nmbd/nmbd_nameregister.c b/source3/nmbd/nmbd_nameregister.c index cbc72fe2a97..4ac5473d4ae 100644 --- a/source3/nmbd/nmbd_nameregister.c +++ b/source3/nmbd/nmbd_nameregister.c @@ -25,6 +25,10 @@ extern fstring global_myworkgroup; +/* forward declarations */ +static void wins_next_registration(struct response_record *rrec); + + /**************************************************************************** Deal with a response packet when registering one of our names. ****************************************************************************/ @@ -32,368 +36,489 @@ extern fstring global_myworkgroup; static void register_name_response(struct subnet_record *subrec, struct response_record *rrec, struct packet_struct *p) { - /* - * If we are registering broadcast, then getting a response is an - * error - we do not have the name. If we are registering unicast, - * then we expect to get a response. - */ - - struct nmb_packet *nmb = &p->packet.nmb; - BOOL bcast = nmb->header.nm_flags.bcast; - BOOL success = True; - struct nmb_name *question_name = &rrec->packet->packet.nmb.question.question_name; - struct nmb_name *answer_name = &nmb->answers->rr_name; - int ttl = 0; - uint16 nb_flags = 0; - struct in_addr registered_ip; - - /* Sanity check. Ensure that the answer name in the incoming packet is the - same as the requested name in the outgoing packet. */ - - if(!question_name || !answer_name) - { - DEBUG(0,("register_name_response: malformed response (%s is NULL).\n", - question_name ? "question_name" : "answer_name" )); - return; - } - - if(!nmb_name_equal(question_name, answer_name)) - { - DEBUG(0,("register_name_response: Answer name %s differs from question \ -name %s.\n", nmb_namestr(answer_name), nmb_namestr(question_name))); - return; - } - - if(bcast) - { - /* - * Special hack to cope with old Samba nmbd's. - * Earlier versions of Samba (up to 1.9.16p11) respond - * to a broadcast name registration of WORKGROUP<1b> when - * they should not. Hence, until these versions are gone, - * we should treat such errors as success for this particular - * case only. jallison@whistle.com. - */ - + /* + * If we are registering broadcast, then getting a response is an + * error - we do not have the name. If we are registering unicast, + * then we expect to get a response. + */ + + struct nmb_packet *nmb = &p->packet.nmb; + BOOL bcast = nmb->header.nm_flags.bcast; + BOOL success = True; + struct nmb_name *question_name = &rrec->packet->packet.nmb.question.question_name; + struct nmb_name *answer_name = &nmb->answers->rr_name; + struct nmb_packet *sent_nmb = &rrec->packet->packet.nmb; + int ttl = 0; + uint16 nb_flags = 0; + struct in_addr register_ip; + fstring reg_name; + + putip(®ister_ip,&sent_nmb->additional->rdata[2]); + fstrcpy(reg_name, inet_ntoa(register_ip)); + + if (subrec == unicast_subnet) { + /* we know that this wins server is definately alive - for the moment! */ + wins_srv_alive(rrec->packet->ip, register_ip); + } + + /* Sanity check. Ensure that the answer name in the incoming packet is the + same as the requested name in the outgoing packet. */ + + if(!question_name || !answer_name) { + DEBUG(0,("register_name_response: malformed response (%s is NULL).\n", + question_name ? "question_name" : "answer_name" )); + return; + } + + if(!nmb_name_equal(question_name, answer_name)) { + DEBUG(0,("register_name_response: Answer name %s differs from question name %s.\n", + nmb_namestr(answer_name), nmb_namestr(question_name))); + return; + } + + if(bcast) { + /* + * Special hack to cope with old Samba nmbd's. + * Earlier versions of Samba (up to 1.9.16p11) respond + * to a broadcast name registration of WORKGROUP<1b> when + * they should not. Hence, until these versions are gone, + * we should treat such errors as success for this particular + * case only. jallison@whistle.com. + */ + #if 1 /* OLD_SAMBA_SERVER_HACK */ - if((nmb->header.rcode == ACT_ERR) && strequal(global_myworkgroup, answer_name->name) && - (answer_name->name_type == 0x1b)) - { - /* Pretend we did not get this. */ - rrec->num_msgs--; - - DEBUG(5,("register_name_response: Ignoring broadcast response to \ -registration of name %s due to old Samba server bug.\n", nmb_namestr(answer_name))); - return; - } + if((nmb->header.rcode == ACT_ERR) && strequal(global_myworkgroup, answer_name->name) && + (answer_name->name_type == 0x1b)) { + /* Pretend we did not get this. */ + rrec->num_msgs--; + + DEBUG(5,("register_name_response: Ignoring broadcast response to registration of name %s due to old Samba server bug.\n", + nmb_namestr(answer_name))); + return; + } #endif /* OLD_SAMBA_SERVER_HACK */ - /* Someone else has the name. Log the problem. */ - DEBUG(1,("register_name_response: Failed to register \ -name %s on subnet %s via broadcast. Error code was %d. Reject came from IP %s\n", - nmb_namestr(answer_name), - subrec->subnet_name, nmb->header.rcode, inet_ntoa(p->ip))); - success = False; - } - else - { - /* Unicast - check to see if the response allows us to have the name. */ - if(nmb->header.rcode != 0) - { - /* Error code - we didn't get the name. */ - success = False; - - DEBUG(0,("register_name_response: server at IP %s rejected our \ -name registration of %s with error code %d.\n", inet_ntoa(p->ip), - nmb_namestr(answer_name), nmb->header.rcode)); - - } - else if(nmb->header.opcode == NMB_WACK_OPCODE) - { - /* WINS server is telling us to wait. Pretend we didn't get - the response but don't send out any more register requests. */ - - DEBUG(5,("register_name_response: WACK from WINS server %s in registering \ -name %s on subnet %s.\n", inet_ntoa(p->ip), nmb_namestr(answer_name), subrec->subnet_name)); - - rrec->repeat_count = 0; - /* How long we should wait for. */ - rrec->repeat_time = p->timestamp + nmb->answers->ttl; - rrec->num_msgs--; - return; - } - else - { - success = True; - /* Get the data we need to pass to the success function. */ - nb_flags = get_nb_flags(nmb->answers->rdata); - putip((char*)®istered_ip,&nmb->answers->rdata[2]); - ttl = nmb->answers->ttl; - } - } - - DEBUG(5,("register_name_response: %s in registering name %s on subnet %s.\n", - success ? "success" : "failure", nmb_namestr(answer_name), subrec->subnet_name)); - - if(success) - { - /* Enter the registered name into the subnet name database before calling - the success function. */ - standard_success_register(subrec, rrec->userdata, answer_name, nb_flags, ttl, registered_ip); - if( rrec->success_fn) - (*(register_name_success_function)rrec->success_fn)(subrec, rrec->userdata, answer_name, nb_flags, ttl, registered_ip); - } - else - { - if( rrec->fail_fn) - (*(register_name_fail_function)rrec->fail_fn)(subrec, rrec, question_name); - /* Remove the name. */ - standard_fail_register( subrec, rrec, question_name); - } - - /* Ensure we don't retry. */ - remove_response_record(subrec, rrec); + /* Someone else has the name. Log the problem. */ + DEBUG(1,("register_name_response: Failed to register name %s IP %s on subnet %s via broadcast. Error code was %d. Reject came from IP %s\n", + nmb_namestr(answer_name), + reg_name, + subrec->subnet_name, nmb->header.rcode, inet_ntoa(p->ip))); + success = False; + } else { + /* Unicast - check to see if the response allows us to have the name. */ + if(nmb->header.rcode != 0) { + /* Error code - we didn't get the name. */ + success = False; + + DEBUG(0,("register_name_response: %sserver at IP %s rejected our name registration of %s IP %s with error code %d.\n", + subrec==unicast_subnet?"WINS ":"", + inet_ntoa(p->ip), + nmb_namestr(answer_name), + reg_name, + nmb->header.rcode)); + } else if (nmb->header.opcode == NMB_WACK_OPCODE) { + /* WINS server is telling us to wait. Pretend we didn't get + the response but don't send out any more register requests. */ + + DEBUG(5,("register_name_response: WACK from WINS server %s in registering name %s IP %s\n", + inet_ntoa(p->ip), nmb_namestr(answer_name), reg_name)); + + rrec->repeat_count = 0; + /* How long we should wait for. */ + rrec->repeat_time = p->timestamp + nmb->answers->ttl; + rrec->num_msgs--; + return; + } else { + success = True; + /* Get the data we need to pass to the success function. */ + nb_flags = get_nb_flags(nmb->answers->rdata); + ttl = nmb->answers->ttl; + + /* send off a registration for the next IP, if any */ + wins_next_registration(rrec); + } + } + + DEBUG(5,("register_name_response: %s in registering %sname %s IP %s with %s.\n", + success ? "success" : "failure", + subrec==unicast_subnet?"WINS ":"", + nmb_namestr(answer_name), + reg_name, + inet_ntoa(rrec->packet->ip))); + + if(success) { + /* Enter the registered name into the subnet name database before calling + the success function. */ + standard_success_register(subrec, rrec->userdata, answer_name, nb_flags, ttl, register_ip); + if( rrec->success_fn) + (*(register_name_success_function)rrec->success_fn)(subrec, rrec->userdata, answer_name, nb_flags, ttl, register_ip); + } else { + if( rrec->fail_fn) + (*(register_name_fail_function)rrec->fail_fn)(subrec, rrec, question_name); + /* Remove the name. */ + standard_fail_register( subrec, rrec, question_name); + } + + /* Ensure we don't retry. */ + remove_response_record(subrec, rrec); } + +/**************************************************************************** + Deal with a timeout of a WINS registration request +****************************************************************************/ +static void wins_registration_timeout(struct subnet_record *subrec, + struct response_record *rrec) +{ + struct userdata_struct *userdata = rrec->userdata; + struct nmb_packet *sent_nmb = &rrec->packet->packet.nmb; + struct nmb_name *nmbname = &sent_nmb->question.question_name; + struct in_addr register_ip; + fstring src_addr; + + putip(®ister_ip,&sent_nmb->additional->rdata[2]); + + fstrcpy(src_addr, inet_ntoa(register_ip)); + + DEBUG(2,("wins_registration_timeout: WINS server %s timed out registering IP %s\n", + inet_ntoa(rrec->packet->ip), src_addr)); + + /* mark it temporarily dead for this source address */ + wins_srv_died(rrec->packet->ip, register_ip); + + /* if we have some userdata then use that to work out what + wins server to try next */ + if (userdata) { + const char *tag = (const char *)userdata->data; + + /* try the next wins server in our failover list for + this tag */ + rrec->packet->ip = wins_srv_ip_tag(tag, register_ip); + } + + /* if we have run out of wins servers for this tag then they + must all have timed out. We treat this as *success*, not + failure, and go into our standard name refresh mode. This + copes with all the wins servers being down */ + if (wins_srv_is_dead(rrec->packet->ip, register_ip)) { + uint16 nb_flags = get_nb_flags(sent_nmb->additional->rdata); + int ttl = sent_nmb->additional->ttl; + + standard_success_register(subrec, userdata, nmbname, nb_flags, ttl, register_ip); + if(rrec->success_fn) { + (*(register_name_success_function)rrec->success_fn)(subrec, + rrec->userdata, + nmbname, + nb_flags, + ttl, + register_ip); + } + + /* send off a registration for the next IP, if any */ + wins_next_registration(rrec); + + /* don't need to send this packet any more */ + remove_response_record(subrec, rrec); + return; + } + + /* we will be moving to the next WINS server for this group, + send it immediately */ + rrec->repeat_count = 2; + rrec->repeat_time = time(NULL) + 1; + rrec->in_expiration_processing = False; + + DEBUG(6,("Retrying register of name %s IP %s with WINS server %s\n", + nmb_namestr(nmbname), src_addr, inet_ntoa(rrec->packet->ip))); + + /* notice that we don't remove the response record. This keeps + us trying to register with each of our failover wins servers */ +} + + /**************************************************************************** Deal with a timeout when registering one of our names. ****************************************************************************/ static void register_name_timeout_response(struct subnet_record *subrec, - struct response_record *rrec) + struct response_record *rrec) { - /* - * If we are registering unicast, then NOT getting a response is an - * error - we do not have the name. If we are registering broadcast, - * then we don't expect to get a response. - */ - - struct nmb_packet *sent_nmb = &rrec->packet->packet.nmb; - BOOL bcast = sent_nmb->header.nm_flags.bcast; - BOOL success = False; - struct nmb_name *question_name = &sent_nmb->question.question_name; - uint16 nb_flags = 0; - int ttl = 0; - struct in_addr registered_ip; - - if(bcast) - { - if(rrec->num_msgs == 0) - { - /* Not receiving a message is success for broadcast registration. */ - success = True; - - /* Pull the success values from the original request packet. */ - nb_flags = get_nb_flags(sent_nmb->additional->rdata); - ttl = sent_nmb->additional->ttl; - putip(®istered_ip,&sent_nmb->additional->rdata[2]); - } - } - else - { - /* Unicast - if no responses then it's an error. */ - if(rrec->num_msgs == 0) - { - DEBUG(2,("register_name_timeout_response: WINS server at address %s is not \ -responding.\n", inet_ntoa(rrec->packet->ip))); - - /* Keep trying to contact the WINS server periodically. This allows - us to work correctly if the WINS server is down temporarily when - we come up. */ - - /* Reset the number of attempts to zero and double the interval between - retries. Max out at 5 minutes. */ - rrec->repeat_count = 3; - rrec->repeat_interval *= 2; - if(rrec->repeat_interval > (5 * 60)) - rrec->repeat_interval = (5 * 60); - rrec->repeat_time = time(NULL) + rrec->repeat_interval; - rrec->in_expiration_processing = False; - - DEBUG(5,("register_name_timeout_response: increasing WINS timeout to %d seconds.\n", - (int)rrec->repeat_interval)); - return; /* Don't remove the response record. */ - } - } - - DEBUG(5,("register_name_timeout_response: %s in registering name %s on subnet %s.\n", - success ? "success" : "failure", nmb_namestr(question_name), subrec->subnet_name)); - if(success) - { - /* Enter the registered name into the subnet name database before calling - the success function. */ - standard_success_register(subrec, rrec->userdata, question_name, nb_flags, ttl, registered_ip); - if( rrec->success_fn) - (*(register_name_success_function)rrec->success_fn)(subrec, rrec->userdata, question_name, nb_flags, ttl, registered_ip); - } - else - { - if( rrec->fail_fn) - (*(register_name_fail_function)rrec->fail_fn)(subrec, rrec, question_name); - /* Remove the name. */ - standard_fail_register( subrec, rrec, question_name); - } - - /* Ensure we don't retry. */ - remove_response_record(subrec, rrec); + /* + * If we are registering unicast, then NOT getting a response is an + * error - we do not have the name. If we are registering broadcast, + * then we don't expect to get a response. + */ + + struct nmb_packet *sent_nmb = &rrec->packet->packet.nmb; + BOOL bcast = sent_nmb->header.nm_flags.bcast; + BOOL success = False; + struct nmb_name *question_name = &sent_nmb->question.question_name; + uint16 nb_flags = 0; + int ttl = 0; + struct in_addr registered_ip; + + if (bcast) { + if(rrec->num_msgs == 0) { + /* Not receiving a message is success for broadcast registration. */ + success = True; + + /* Pull the success values from the original request packet. */ + nb_flags = get_nb_flags(sent_nmb->additional->rdata); + ttl = sent_nmb->additional->ttl; + putip(®istered_ip,&sent_nmb->additional->rdata[2]); + } + } else { + /* wins timeouts are special */ + wins_registration_timeout(subrec, rrec); + return; + } + + DEBUG(5,("register_name_timeout_response: %s in registering name %s on subnet %s.\n", + success ? "success" : "failure", nmb_namestr(question_name), subrec->subnet_name)); + if(success) { + /* Enter the registered name into the subnet name database before calling + the success function. */ + standard_success_register(subrec, rrec->userdata, question_name, nb_flags, ttl, registered_ip); + if( rrec->success_fn) + (*(register_name_success_function)rrec->success_fn)(subrec, rrec->userdata, question_name, nb_flags, ttl, registered_ip); + } else { + if( rrec->fail_fn) + (*(register_name_fail_function)rrec->fail_fn)(subrec, rrec, question_name); + /* Remove the name. */ + standard_fail_register( subrec, rrec, question_name); + } + + /* Ensure we don't retry. */ + remove_response_record(subrec, rrec); } + /**************************************************************************** - Try and register one of our names on the unicast subnet - multihomed. +initiate one multi-homed name registration packet +****************************************************************************/ +static void multihomed_register_one(struct nmb_name *nmbname, + uint16 nb_flags, + register_name_success_function success_fn, + register_name_fail_function fail_fn, + struct in_addr ip, + const char *tag) +{ + struct userdata_struct *userdata; + struct in_addr wins_ip = wins_srv_ip_tag(tag, ip); + fstring ip_str; + + userdata = (struct userdata_struct *)malloc(sizeof(*userdata) + strlen(tag) + 1); + if (!userdata) { + DEBUG(0,("Failed to allocate userdata structure!\n")); + return; + } + ZERO_STRUCTP(userdata); + userdata->userdata_len = strlen(tag) + 1; + strlcpy(userdata->data, tag, userdata->userdata_len); + + fstrcpy(ip_str, inet_ntoa(ip)); + + DEBUG(6,("Registering name %s IP %s with WINS server %s using tag '%s'\n", + nmb_namestr(nmbname), ip_str, inet_ntoa(wins_ip), tag)); + + if (queue_register_multihomed_name(unicast_subnet, + register_name_response, + register_name_timeout_response, + success_fn, + fail_fn, + userdata, + nmbname, + nb_flags, + ip, + wins_ip) == NULL) { + DEBUG(0,("multihomed_register_one: Failed to send packet trying to register name %s IP %s\n", + nmb_namestr(nmbname), inet_ntoa(ip))); + } + + free(userdata); +} + + +/**************************************************************************** +we have finished the registration of one IP and need to see if we have +any more IPs left to register with this group of wins server for this name ****************************************************************************/ +static void wins_next_registration(struct response_record *rrec) +{ + struct nmb_packet *sent_nmb = &rrec->packet->packet.nmb; + struct nmb_name *nmbname = &sent_nmb->question.question_name; + uint16 nb_flags = get_nb_flags(sent_nmb->additional->rdata); + struct userdata_struct *userdata = rrec->userdata; + const char *tag; + struct in_addr last_ip; + struct subnet_record *subrec; + + putip(&last_ip,&sent_nmb->additional->rdata[2]); + + if (!userdata) { + /* it wasn't multi-homed */ + return; + } + + tag = (const char *)userdata->data; + + for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) { + if (ip_equal(last_ip, subrec->myip)) { + subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec); + break; + } + } + + if (!subrec) { + /* no more to do! */ + return; + } + + switch (sent_nmb->header.opcode) { + case NMB_NAME_MULTIHOMED_REG_OPCODE: + multihomed_register_one(nmbname, nb_flags, NULL, NULL, subrec->myip, tag); + break; + case NMB_NAME_REFRESH_OPCODE_8: + queue_wins_refresh(nmbname, + register_name_response, + register_name_timeout_response, + nb_flags, subrec->myip, tag); + break; + } +} -static BOOL multihomed_register_name( struct nmb_name *nmbname, uint16 nb_flags, - register_name_success_function success_fn, - register_name_fail_function fail_fn, - struct userdata_struct *userdata) +/**************************************************************************** + Try and register one of our names on the unicast subnet - multihomed. +****************************************************************************/ +static void multihomed_register_name(struct nmb_name *nmbname, uint16 nb_flags, + register_name_success_function success_fn, + register_name_fail_function fail_fn) { - /* - If we are adding a group name, we just send multiple - register name packets to the WINS server (this is an - internet group name. - - If we are adding a unique name, We need first to add - our names to the unicast subnet namelist. This is - because when a WINS server receives a multihomed - registration request, the first thing it does is to - send a name query to the registering machine, to see - if it has put the name in it's local namelist. - We need the name there so the query response code in - nmbd_incomingrequests.c will find it. - - We are adding this name prematurely (we don't really - have it yet), but as this is on the unicast subnet - only we will get away with this (only the WINS server - will ever query names from us on this subnet). - */ - - int num_ips=0; - int i; - struct in_addr *ip_list = NULL; - struct subnet_record *subrec; - - for(subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec) ) - num_ips++; - - if((ip_list = (struct in_addr *)malloc(num_ips * sizeof(struct in_addr)))==NULL) - { - DEBUG(0,("multihomed_register_name: malloc fail !\n")); - return True; - } - - for( subrec = FIRST_SUBNET, i = 0; - subrec; - subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec), i++ ) - ip_list[i] = subrec->myip; - - (void)add_name_to_subnet( unicast_subnet, nmbname->name, nmbname->name_type, - nb_flags, lp_max_ttl(), SELF_NAME, - num_ips, ip_list); - - /* Now try and register the name, num_ips times. On the last time use - the given success and fail functions. */ - - for( i = 0; i < num_ips; i++) - { - if(queue_register_multihomed_name( unicast_subnet, - register_name_response, - register_name_timeout_response, - (i == num_ips - 1) ? success_fn : NULL, - (i == num_ips - 1) ? fail_fn : NULL, - (i == num_ips - 1) ? userdata : NULL, - nmbname, - nb_flags, - ip_list[i]) == NULL) - { - DEBUG(0,("multihomed_register_name: Failed to send packet trying to \ -register name %s IP %s\n", nmb_namestr(nmbname), inet_ntoa(ip_list[i]) )); - - SAFE_FREE(ip_list); - return True; - } - } - - SAFE_FREE(ip_list); - - return False; + /* + If we are adding a group name, we just send multiple + register name packets to the WINS server (this is an + internet group name. + + If we are adding a unique name, We need first to add + our names to the unicast subnet namelist. This is + because when a WINS server receives a multihomed + registration request, the first thing it does is to + send a name query to the registering machine, to see + if it has put the name in it's local namelist. + We need the name there so the query response code in + nmbd_incomingrequests.c will find it. + + We are adding this name prematurely (we don't really + have it yet), but as this is on the unicast subnet + only we will get away with this (only the WINS server + will ever query names from us on this subnet). + */ + int num_ips=0; + int i, t; + struct subnet_record *subrec; + char **wins_tags; + struct in_addr *ip_list; + + for(subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec) ) + num_ips++; + + if((ip_list = (struct in_addr *)malloc(num_ips * sizeof(struct in_addr)))==NULL) { + DEBUG(0,("multihomed_register_name: malloc fail !\n")); + return; + } + + for (subrec = FIRST_SUBNET, i = 0; + subrec; + subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec), i++ ) { + ip_list[i] = subrec->myip; + } + + add_name_to_subnet(unicast_subnet, nmbname->name, nmbname->name_type, + nb_flags, lp_max_ttl(), SELF_NAME, + num_ips, ip_list); + + /* get the list of wins tags - we try to register for each of them */ + wins_tags = wins_srv_tags(); + + /* Now try and register the name for each wins tag. Note that + at this point we only register our first IP with each wins + group. We will register the rest from + wins_next_registration() when we get the reply for this + one. That follows the way W2K does things (tridge) + */ + for (t=0; wins_tags && wins_tags[t]; t++) { + multihomed_register_one(nmbname, nb_flags, + success_fn, fail_fn, + ip_list[0], + wins_tags[t]); + } + + wins_srv_tags_free(wins_tags); + + SAFE_FREE(ip_list); } + /**************************************************************************** Try and register one of our names. ****************************************************************************/ - -BOOL register_name(struct subnet_record *subrec, +void register_name(struct subnet_record *subrec, char *name, int type, uint16 nb_flags, register_name_success_function success_fn, register_name_fail_function fail_fn, struct userdata_struct *userdata) { - struct nmb_name nmbname; - - make_nmb_name(&nmbname, name, type); - - /* Always set the NB_ACTIVE flag on the name we are - registering. Doesn't make sense without it. - */ - - nb_flags |= NB_ACTIVE; - - /* If this is the unicast subnet, and we are a multi-homed - host, then register a multi-homed name. */ - - if( (subrec == unicast_subnet) && we_are_multihomed()) - return multihomed_register_name(&nmbname, nb_flags, - success_fn, fail_fn, - userdata); - - if(queue_register_name( subrec, - register_name_response, - register_name_timeout_response, - success_fn, - fail_fn, - userdata, - &nmbname, - nb_flags) == NULL) - { - DEBUG(0,("register_name: Failed to send packet trying to register name %s\n", - nmb_namestr(&nmbname))); - return True; - } - return False; + struct nmb_name nmbname; + + make_nmb_name(&nmbname, name, type); + + /* Always set the NB_ACTIVE flag on the name we are + registering. Doesn't make sense without it. + */ + + nb_flags |= NB_ACTIVE; + + if (subrec == unicast_subnet) { + /* we now always do multi-homed registration if we are + registering to a WINS server. This copes much + better with complex WINS setups */ + multihomed_register_name(&nmbname, nb_flags, + success_fn, fail_fn); + return; + } + + if (queue_register_name(subrec, + register_name_response, + register_name_timeout_response, + success_fn, + fail_fn, + userdata, + &nmbname, + nb_flags) == NULL) { + DEBUG(0,("register_name: Failed to send packet trying to register name %s\n", + nmb_namestr(&nmbname))); + } } + /**************************************************************************** - Try and refresh one of our names. + Try and refresh one of our names. This is *only* called for WINS refresh ****************************************************************************/ - -BOOL refresh_name(struct subnet_record *subrec, struct name_record *namerec, - refresh_name_success_function success_fn, - refresh_name_fail_function fail_fn, - struct userdata_struct *userdata) +void wins_refresh_name(struct name_record *namerec) { - int i; - - /* - * Go through and refresh the name for all known ip addresses. - * Only call the success/fail function on the last one (it should - * only be done once). - */ - - for( i = 0; i < namerec->data.num_ips; i++) - { - if(queue_refresh_name( subrec, - register_name_response, - register_name_timeout_response, - (i == (namerec->data.num_ips - 1)) ? success_fn : NULL, - (i == (namerec->data.num_ips - 1)) ? fail_fn : NULL, - (i == (namerec->data.num_ips - 1)) ? userdata : NULL, - namerec, - namerec->data.ip[i]) == NULL) - { - DEBUG(0,("refresh_name: Failed to send packet trying to refresh name %s\n", - nmb_namestr(&namerec->name))); - return True; - } - } - return False; + int t; + char **wins_tags; + + /* get the list of wins tags - we try to refresh for each of them */ + wins_tags = wins_srv_tags(); + + for (t=0; wins_tags && wins_tags[t]; t++) { + queue_wins_refresh(&namerec->name, + register_name_response, + register_name_timeout_response, + namerec->data.nb_flags, + namerec->data.ip[0], wins_tags[t]); + } + + wins_srv_tags_free(wins_tags); } diff --git a/source3/nmbd/nmbd_namerelease.c b/source3/nmbd/nmbd_namerelease.c index fd35181f33f..0611ca93234 100644 --- a/source3/nmbd/nmbd_namerelease.c +++ b/source3/nmbd/nmbd_namerelease.c @@ -28,85 +28,72 @@ ****************************************************************************/ static void release_name_response(struct subnet_record *subrec, - struct response_record *rrec, struct packet_struct *p) + struct response_record *rrec, struct packet_struct *p) { - /* - * If we are releasing broadcast, then getting a response is an - * error. If we are releasing unicast, then we expect to get a response. - */ - - struct nmb_packet *nmb = &p->packet.nmb; - BOOL bcast = nmb->header.nm_flags.bcast; - BOOL success = True; - struct nmb_name *question_name = &rrec->packet->packet.nmb.question.question_name; - struct nmb_name *answer_name = &nmb->answers->rr_name; - struct in_addr released_ip; - - /* Sanity check. Ensure that the answer name in the incoming packet is the - same as the requested name in the outgoing packet. */ - - if(!nmb_name_equal(question_name, answer_name)) - { - DEBUG(0,("release_name_response: Answer name %s differs from question \ -name %s.\n", nmb_namestr(answer_name), nmb_namestr(question_name))); - return; - } - - if(bcast) - { - /* Someone sent a response. This shouldn't happen/ */ - DEBUG(1,("release_name_response: A response for releasing name %s was received on a \ -broadcast subnet %s. This should not happen !\n", nmb_namestr(answer_name), subrec->subnet_name)); - return; - } - else - { - /* Unicast - check to see if the response allows us to release the name. */ - if(nmb->header.rcode != 0) - { - /* Error code - we were told not to release the name ! What now ! */ - success = False; - - DEBUG(0,("release_name_response: WINS server at IP %s rejected our \ -name release of name %s with error code %d.\n", inet_ntoa(p->ip), - nmb_namestr(answer_name), nmb->header.rcode)); - - } - else if(nmb->header.opcode == NMB_WACK_OPCODE) - { - /* WINS server is telling us to wait. Pretend we didn't get - the response but don't send out any more release requests. */ - - DEBUG(5,("release_name_response: WACK from WINS server %s in releasing \ -name %s on subnet %s.\n", inet_ntoa(p->ip), nmb_namestr(answer_name), subrec->subnet_name)); - - rrec->repeat_count = 0; - /* How long we should wait for. */ - rrec->repeat_time = p->timestamp + nmb->answers->ttl; - rrec->num_msgs--; - return; - } - } - - DEBUG(5,("release_name_response: %s in releasing name %s on subnet %s.\n", - success ? "success" : "failure", nmb_namestr(answer_name), subrec->subnet_name)); - - if(success) - { - putip((char*)&released_ip ,&nmb->answers->rdata[2]); - - if(rrec->success_fn) - (*(release_name_success_function)rrec->success_fn)(subrec, rrec->userdata, answer_name, released_ip); - standard_success_release( subrec, rrec->userdata, answer_name, released_ip); - } - else - { - /* We have no standard_fail_release - maybe we should add one ? */ - if(rrec->fail_fn) - (*(release_name_fail_function)rrec->fail_fn)(subrec, rrec, answer_name); - } - - remove_response_record(subrec, rrec); + /* + * If we are releasing broadcast, then getting a response is an + * error. If we are releasing unicast, then we expect to get a response. + */ + struct nmb_packet *nmb = &p->packet.nmb; + BOOL bcast = nmb->header.nm_flags.bcast; + BOOL success = True; + struct nmb_name *question_name = &rrec->packet->packet.nmb.question.question_name; + struct nmb_name *answer_name = &nmb->answers->rr_name; + struct in_addr released_ip; + + /* Sanity check. Ensure that the answer name in the incoming packet is the + same as the requested name in the outgoing packet. */ + if (!nmb_name_equal(question_name, answer_name)) { + DEBUG(0,("release_name_response: Answer name %s differs from question name %s.\n", + nmb_namestr(answer_name), nmb_namestr(question_name))); + return; + } + + if (bcast) { + /* Someone sent a response to a bcast release? ignore it. */ + return; + } + + /* Unicast - check to see if the response allows us to release the name. */ + if (nmb->header.rcode != 0) { + /* Error code - we were told not to release the name ! What now ! */ + success = False; + + DEBUG(0,("release_name_response: WINS server at IP %s rejected our \ +name release of name %s with error code %d.\n", + inet_ntoa(p->ip), + nmb_namestr(answer_name), nmb->header.rcode)); + } else if (nmb->header.opcode == NMB_WACK_OPCODE) { + /* WINS server is telling us to wait. Pretend we didn't get + the response but don't send out any more release requests. */ + + DEBUG(5,("release_name_response: WACK from WINS server %s in releasing \ +name %s on subnet %s.\n", + inet_ntoa(p->ip), nmb_namestr(answer_name), subrec->subnet_name)); + + rrec->repeat_count = 0; + /* How long we should wait for. */ + rrec->repeat_time = p->timestamp + nmb->answers->ttl; + rrec->num_msgs--; + return; + } + + DEBUG(5,("release_name_response: %s in releasing name %s on subnet %s.\n", + success ? "success" : "failure", nmb_namestr(answer_name), subrec->subnet_name)); + if (success) { + putip((char*)&released_ip ,&nmb->answers->rdata[2]); + + if(rrec->success_fn) + (*(release_name_success_function)rrec->success_fn)(subrec, rrec->userdata, answer_name, released_ip); + standard_success_release( subrec, rrec->userdata, answer_name, released_ip); + } else { + /* We have no standard_fail_release - maybe we should add one ? */ + if (rrec->fail_fn) { + (*(release_name_fail_function)rrec->fail_fn)(subrec, rrec, answer_name); + } + } + + remove_response_record(subrec, rrec); } /**************************************************************************** @@ -114,120 +101,122 @@ name %s on subnet %s.\n", inet_ntoa(p->ip), nmb_namestr(answer_name), subrec->su ****************************************************************************/ static void release_name_timeout_response(struct subnet_record *subrec, - struct response_record *rrec) + struct response_record *rrec) { - /* - * If we are releasing unicast, then NOT getting a response is an - * error - we could not release the name. If we are releasing broadcast, - * then we don't expect to get a response. - */ - - struct nmb_packet *sent_nmb = &rrec->packet->packet.nmb; - BOOL bcast = sent_nmb->header.nm_flags.bcast; - BOOL success = False; - struct nmb_name *question_name = &sent_nmb->question.question_name; - struct in_addr released_ip; - - if(bcast) - { - if(rrec->num_msgs == 0) - { - /* Not receiving a message is success for broadcast release. */ - success = True; - - /* Get the ip address we were trying to release. */ - putip((char*)&released_ip ,&sent_nmb->additional->rdata[2]); - } - } - else - { - /* Unicast - if no responses then it's an error. */ - if(rrec->num_msgs == 0) - { - DEBUG(2,("release_name_timeout_response: WINS server at address %s is not \ -responding.\n", inet_ntoa(rrec->packet->ip))); - - /* Keep trying to contact the WINS server periodically. This allows - us to work correctly if the WINS server is down temporarily when - we want to delete the name. */ - - /* Reset the number of attempts to zero and double the interval between - retries. Max out at 5 minutes. */ - rrec->repeat_count = 3; - rrec->repeat_interval *= 2; - if(rrec->repeat_interval > (5 * 60)) - rrec->repeat_interval = (5 * 60); - rrec->repeat_time = time(NULL) + rrec->repeat_interval; - - DEBUG(5,("release_name_timeout_response: increasing WINS timeout to %d seconds.\n", - (int)rrec->repeat_interval)); - return; /* Don't remove the response record. */ - } - } - - DEBUG(5,("release_name_timeout_response: %s in releasing name %s on subnet %s.\n", - success ? "success" : "failure", nmb_namestr(question_name), subrec->subnet_name)); - - if(success && rrec->success_fn) - { - if(rrec->success_fn) - (*(release_name_success_function)rrec->success_fn)(subrec, rrec->userdata, question_name, released_ip); - standard_success_release( subrec, rrec->userdata, question_name, released_ip); - } - else - { - /* We have no standard_fail_release - maybe we should add one ? */ - if( rrec->fail_fn) - (*(release_name_fail_function)rrec->fail_fn)(subrec, rrec, question_name); - } - - remove_response_record(subrec, rrec); + /* a release is *always* considered to be successful when it + times out. This doesn't cause problems as if a WINS server + doesn't respond and someone else wants the name then the + normal WACK/name query from the WINS server will cope */ + struct nmb_packet *sent_nmb = &rrec->packet->packet.nmb; + BOOL bcast = sent_nmb->header.nm_flags.bcast; + struct nmb_name *question_name = &sent_nmb->question.question_name; + struct in_addr released_ip; + + /* Get the ip address we were trying to release. */ + putip((char*)&released_ip ,&sent_nmb->additional->rdata[2]); + + if (!bcast) { + /* mark the WINS server temporarily dead */ + wins_srv_died(rrec->packet->ip, released_ip); + } + + DEBUG(5,("release_name_timeout_response: success in releasing name %s on subnet %s.\n", + nmb_namestr(question_name), subrec->subnet_name)); + + if (rrec->success_fn) { + (*(release_name_success_function)rrec->success_fn)(subrec, rrec->userdata, question_name, released_ip); + } + + standard_success_release( subrec, rrec->userdata, question_name, released_ip); + remove_response_record(subrec, rrec); } + +/* + when releasing a name with WINS we need to send the release to each of + the WINS groups +*/ +static void wins_release_name(struct name_record *namerec, + release_name_success_function success_fn, + release_name_fail_function fail_fn, + struct userdata_struct *userdata) +{ + int t, i; + char **wins_tags; + + /* get the list of wins tags - we try to release for each of them */ + wins_tags = wins_srv_tags(); + + for (t=0;wins_tags && wins_tags[t]; t++) { + for (i = 0; i < namerec->data.num_ips; i++) { + struct in_addr wins_ip = wins_srv_ip_tag(wins_tags[t], namerec->data.ip[i]); + + BOOL last_one = ((i==namerec->data.num_ips - 1) && !wins_tags[t+1]); + if (queue_release_name(unicast_subnet, + release_name_response, + release_name_timeout_response, + last_one?success_fn : NULL, + last_one? fail_fn : NULL, + last_one? userdata : NULL, + &namerec->name, + namerec->data.nb_flags, + namerec->data.ip[i], + wins_ip) == NULL) { + DEBUG(0,("release_name: Failed to send packet trying to release name %s IP %s\n", + nmb_namestr(&namerec->name), inet_ntoa(namerec->data.ip[i]) )); + } + } + } + + wins_srv_tags_free(wins_tags); +} + + /**************************************************************************** Try and release one of our names. ****************************************************************************/ -BOOL release_name(struct subnet_record *subrec, struct name_record *namerec, - release_name_success_function success_fn, - release_name_fail_function fail_fn, - struct userdata_struct *userdata) +void release_name(struct subnet_record *subrec, struct name_record *namerec, + release_name_success_function success_fn, + release_name_fail_function fail_fn, + struct userdata_struct *userdata) { - int i; - - /* Ensure it's a SELF name, and in the ACTIVE state. */ - if((namerec->data.source != SELF_NAME) || !NAME_IS_ACTIVE(namerec)) - { - DEBUG(0,("release_name: Cannot release name %s from subnet %s. Source was %d \n", - nmb_namestr(&namerec->name), subrec->subnet_name, namerec->data.source)); - return True; - } - - /* Set the name into the deregistering state. */ - namerec->data.nb_flags |= NB_DEREG; - - /* - * Go through and release the name for all known ip addresses. - * Only call the success/fail function on the last one (it should - * only be done once). - */ - - for( i = 0; i < namerec->data.num_ips; i++) - { - if(queue_release_name( subrec, - release_name_response, - release_name_timeout_response, - (i == (namerec->data.num_ips - 1)) ? success_fn : NULL, - (i == (namerec->data.num_ips - 1)) ? fail_fn : NULL, - (i == (namerec->data.num_ips - 1)) ? userdata : NULL, - &namerec->name, - namerec->data.nb_flags, - namerec->data.ip[i]) == NULL) - { - DEBUG(0,("release_name: Failed to send packet trying to release name %s IP %s\n", - nmb_namestr(&namerec->name), inet_ntoa(namerec->data.ip[i]) )); - return True; - } - } - return False; + int i; + + /* Ensure it's a SELF name, and in the ACTIVE state. */ + if ((namerec->data.source != SELF_NAME) || !NAME_IS_ACTIVE(namerec)) { + DEBUG(0,("release_name: Cannot release name %s from subnet %s. Source was %d \n", + nmb_namestr(&namerec->name), subrec->subnet_name, namerec->data.source)); + return; + } + + /* Set the name into the deregistering state. */ + namerec->data.nb_flags |= NB_DEREG; + + /* wins releases are a bit different */ + if (subrec == unicast_subnet) { + wins_release_name(namerec, success_fn, fail_fn, userdata); + return; + } + + /* + * Go through and release the name for all known ip addresses. + * Only call the success/fail function on the last one (it should + * only be done once). + */ + for (i = 0; i < namerec->data.num_ips; i++) { + if (queue_release_name(subrec, + release_name_response, + release_name_timeout_response, + (i == (namerec->data.num_ips - 1)) ? success_fn : NULL, + (i == (namerec->data.num_ips - 1)) ? fail_fn : NULL, + (i == (namerec->data.num_ips - 1)) ? userdata : NULL, + &namerec->name, + namerec->data.nb_flags, + namerec->data.ip[i], + subrec->bcast_ip) == NULL) { + DEBUG(0,("release_name: Failed to send packet trying to release name %s IP %s\n", + nmb_namestr(&namerec->name), inet_ntoa(namerec->data.ip[i]) )); + } + } } diff --git a/source3/nmbd/nmbd_packets.c b/source3/nmbd/nmbd_packets.c index a11b30b1dc2..a20ebf16fde 100644 --- a/source3/nmbd/nmbd_packets.c +++ b/source3/nmbd/nmbd_packets.c @@ -237,40 +237,44 @@ static BOOL create_and_init_additional_record(struct packet_struct *packet, uint16 nb_flags, struct in_addr *register_ip) { - struct nmb_packet *nmb = &packet->packet.nmb; - - if((nmb->additional = (struct res_rec *)malloc(sizeof(struct res_rec))) == NULL) - { - DEBUG(0,("initiate_name_register_packet: malloc fail for additional record.\n")); - return False; - } - - memset((char *)nmb->additional,'\0',sizeof(struct res_rec)); - - nmb->additional->rr_name = nmb->question.question_name; - nmb->additional->rr_type = RR_TYPE_NB; - nmb->additional->rr_class = RR_CLASS_IN; - - /* See RFC 1002, sections 5.1.1.1, 5.1.1.2 and 5.1.1.3 */ - if (nmb->header.nm_flags.bcast) - nmb->additional->ttl = PERMANENT_TTL; - else - nmb->additional->ttl = lp_max_ttl(); - - nmb->additional->rdlength = 6; - - set_nb_flags(nmb->additional->rdata,nb_flags); - - /* Set the address for the name we are registering. */ - putip(&nmb->additional->rdata[2], register_ip); - - /* Ensure that we send out the file descriptor to give us the - the specific source address we are registering as our - IP source address. */ - - packet->fd = find_subnet_fd_for_address( *register_ip ); - - return True; + struct nmb_packet *nmb = &packet->packet.nmb; + + if((nmb->additional = (struct res_rec *)malloc(sizeof(struct res_rec))) == NULL) { + DEBUG(0,("initiate_name_register_packet: malloc fail for additional record.\n")); + return False; + } + + memset((char *)nmb->additional,'\0',sizeof(struct res_rec)); + + nmb->additional->rr_name = nmb->question.question_name; + nmb->additional->rr_type = RR_TYPE_NB; + nmb->additional->rr_class = RR_CLASS_IN; + + /* See RFC 1002, sections 5.1.1.1, 5.1.1.2 and 5.1.1.3 */ + if (nmb->header.nm_flags.bcast) + nmb->additional->ttl = PERMANENT_TTL; + else + nmb->additional->ttl = lp_max_ttl(); + + nmb->additional->rdlength = 6; + + set_nb_flags(nmb->additional->rdata,nb_flags); + + /* Set the address for the name we are registering. */ + putip(&nmb->additional->rdata[2], register_ip); + + /* + it turns out that Jeremys code was correct, we are supposed + to send registrations from the IP we are registering. The + trick is what to do on timeouts! When we send on a + non-routable IP then the reply will timeout, and we should + treat this as success, not failure. That means we go into + our standard refresh cycle for that name which copes nicely + with disconnected networks. + */ + packet->fd = find_subnet_fd_for_address(*register_ip); + + return True; } /*************************************************************************** @@ -345,28 +349,28 @@ static BOOL initiate_name_register_packet( struct packet_struct *packet, Sends out a multihomed name register. **************************************************************************/ -static BOOL initiate_multihomed_name_register_packet( struct packet_struct *packet, - uint16 nb_flags, struct in_addr *register_ip) +static BOOL initiate_multihomed_name_register_packet(struct packet_struct *packet, + uint16 nb_flags, struct in_addr *register_ip) { - struct nmb_packet *nmb = &packet->packet.nmb; - fstring second_ip_buf; - - fstrcpy(second_ip_buf, inet_ntoa(packet->ip)); + struct nmb_packet *nmb = &packet->packet.nmb; + fstring second_ip_buf; - nmb->header.opcode = NMB_NAME_MULTIHOMED_REG_OPCODE; - nmb->header.arcount = 1; - - nmb->header.nm_flags.recursion_desired = True; + fstrcpy(second_ip_buf, inet_ntoa(packet->ip)); - if(create_and_init_additional_record(packet, nb_flags, register_ip) == False) - return False; + nmb->header.opcode = NMB_NAME_MULTIHOMED_REG_OPCODE; + nmb->header.arcount = 1; - DEBUG(4,("initiate_multihomed_name_register_packet: sending registration \ + nmb->header.nm_flags.recursion_desired = True; + + if(create_and_init_additional_record(packet, nb_flags, register_ip) == False) + return False; + + DEBUG(4,("initiate_multihomed_name_register_packet: sending registration \ for name %s IP %s (bcast=%s) to IP %s\n", - nmb_namestr(&nmb->additional->rr_name), inet_ntoa(*register_ip), - BOOLSTR(nmb->header.nm_flags.bcast), second_ip_buf )); + nmb_namestr(&nmb->additional->rr_name), inet_ntoa(*register_ip), + BOOLSTR(nmb->header.nm_flags.bcast), second_ip_buf )); - return send_netbios_packet( packet ); + return send_netbios_packet( packet ); } /*************************************************************************** @@ -510,65 +514,123 @@ struct response_record *queue_register_name( struct subnet_record *subrec, return rrec; } + /**************************************************************************** - Queue a multihomed register name packet to the broadcast address of a subnet. + Queue a refresh name packet to the broadcast address of a subnet. +****************************************************************************/ +void queue_wins_refresh(struct nmb_name *nmbname, + response_function resp_fn, + timeout_response_function timeout_fn, + uint16 nb_flags, + struct in_addr refresh_ip, + const char *tag) +{ + struct packet_struct *p; + struct response_record *rrec; + struct in_addr wins_ip; + struct userdata_struct *userdata; + fstring ip_str; + + wins_ip = wins_srv_ip_tag(tag, refresh_ip); + + if ((p = create_and_init_netbios_packet(nmbname, False, False, wins_ip)) == NULL) { + return; + } + + if (!initiate_name_refresh_packet(p, nb_flags, &refresh_ip)) { + p->locked = False; + free_packet(p); + return; + } + + fstrcpy(ip_str, inet_ntoa(refresh_ip)); + + DEBUG(6,("Refreshing name %s IP %s with WINS server %s using tag '%s'\n", + nmb_namestr(nmbname), ip_str, inet_ntoa(wins_ip), tag)); + + userdata = (struct userdata_struct *)malloc(sizeof(*userdata) + strlen(tag) + 1); + if (!userdata) { + DEBUG(0,("Failed to allocate userdata structure!\n")); + return; + } + ZERO_STRUCTP(userdata); + userdata->userdata_len = strlen(tag) + 1; + strlcpy(userdata->data, tag, userdata->userdata_len); + + if ((rrec = make_response_record(unicast_subnet, + p, + resp_fn, timeout_fn, + NULL, + NULL, + userdata)) == NULL) { + p->locked = False; + free_packet(p); + return; + } + + free(userdata); + + /* we don't want to repeat refresh packets */ + rrec->repeat_count = 0; +} + + +/**************************************************************************** + Queue a multihomed register name packet to a given WINS server IP ****************************************************************************/ struct response_record *queue_register_multihomed_name( struct subnet_record *subrec, - response_function resp_fn, - timeout_response_function timeout_fn, - register_name_success_function success_fn, - register_name_fail_function fail_fn, - struct userdata_struct *userdata, - struct nmb_name *nmbname, - uint16 nb_flags, - struct in_addr register_ip) + response_function resp_fn, + timeout_response_function timeout_fn, + register_name_success_function success_fn, + register_name_fail_function fail_fn, + struct userdata_struct *userdata, + struct nmb_name *nmbname, + uint16 nb_flags, + struct in_addr register_ip, + struct in_addr wins_ip) { - struct packet_struct *p; - struct response_record *rrec; - BOOL ret; - - /* Sanity check. */ - if(subrec != unicast_subnet) - { - DEBUG(0,("queue_register_multihomed_name: should only be done on \ + struct packet_struct *p; + struct response_record *rrec; + BOOL ret; + + /* Sanity check. */ + if(subrec != unicast_subnet) { + DEBUG(0,("queue_register_multihomed_name: should only be done on \ unicast subnet. subnet is %s\n.", subrec->subnet_name )); - return NULL; - } + return NULL; + } - if(assert_check_subnet(subrec)) - return NULL; + if(assert_check_subnet(subrec)) + return NULL; - if(( p = create_and_init_netbios_packet(nmbname, False, True, - subrec->bcast_ip)) == NULL) - return NULL; - - if (nb_flags & NB_GROUP) - ret = initiate_name_register_packet( p, nb_flags, ®ister_ip); - else - ret = initiate_multihomed_name_register_packet( p, nb_flags, ®ister_ip); - - if(ret == False) - { - p->locked = False; - free_packet(p); - return NULL; - } - - if((rrec = make_response_record(subrec, /* subnet record. */ - p, /* packet we sent. */ - resp_fn, /* function to call on response. */ - timeout_fn, /* function to call on timeout. */ - (success_function)success_fn, /* function to call on operation success. */ - (fail_function)fail_fn, /* function to call on operation fail. */ - userdata)) == NULL) - { - p->locked = False; - free_packet(p); - return NULL; - } + if ((p = create_and_init_netbios_packet(nmbname, False, True, wins_ip)) == NULL) + return NULL; + + if (nb_flags & NB_GROUP) + ret = initiate_name_register_packet( p, nb_flags, ®ister_ip); + else + ret = initiate_multihomed_name_register_packet(p, nb_flags, ®ister_ip); + + if (ret == False) { + p->locked = False; + free_packet(p); + return NULL; + } - return rrec; + if ((rrec = make_response_record(subrec, /* subnet record. */ + p, /* packet we sent. */ + resp_fn, /* function to call on response. */ + timeout_fn, /* function to call on timeout. */ + (success_function)success_fn, /* function to call on operation success. */ + (fail_function)fail_fn, /* function to call on operation fail. */ + userdata)) == NULL) { + p->locked = False; + free_packet(p); + return NULL; + } + + return rrec; } /**************************************************************************** @@ -576,14 +638,15 @@ unicast subnet. subnet is %s\n.", subrec->subnet_name )); ****************************************************************************/ struct response_record *queue_release_name( struct subnet_record *subrec, - response_function resp_fn, - timeout_response_function timeout_fn, - release_name_success_function success_fn, - release_name_fail_function fail_fn, - struct userdata_struct *userdata, - struct nmb_name *nmbname, - uint16 nb_flags, - struct in_addr release_ip) + response_function resp_fn, + timeout_response_function timeout_fn, + release_name_success_function success_fn, + release_name_fail_function fail_fn, + struct userdata_struct *userdata, + struct nmb_name *nmbname, + uint16 nb_flags, + struct in_addr release_ip, + struct in_addr dest_ip) { struct packet_struct *p; struct response_record *rrec; @@ -592,7 +655,7 @@ struct response_record *queue_release_name( struct subnet_record *subrec, return NULL; if ((p = create_and_init_netbios_packet(nmbname, (subrec != unicast_subnet), False, - subrec->bcast_ip)) == NULL) + dest_ip)) == NULL) return NULL; if(initiate_name_release_packet( p, nb_flags, &release_ip) == False) @@ -628,52 +691,6 @@ struct response_record *queue_release_name( struct subnet_record *subrec, return rrec; } -/**************************************************************************** - Queue a refresh name packet to the broadcast address of a subnet. -****************************************************************************/ - -struct response_record *queue_refresh_name( struct subnet_record *subrec, - response_function resp_fn, - timeout_response_function timeout_fn, - refresh_name_success_function success_fn, - refresh_name_fail_function fail_fn, - struct userdata_struct *userdata, - struct name_record *namerec, - struct in_addr refresh_ip) -{ - struct packet_struct *p; - struct response_record *rrec; - - if(assert_check_subnet(subrec)) - return NULL; - - if(( p = create_and_init_netbios_packet(&namerec->name, (subrec != unicast_subnet), False, - subrec->bcast_ip)) == NULL) - return NULL; - - if( !initiate_name_refresh_packet( p, namerec->data.nb_flags, &refresh_ip ) ) - { - p->locked = False; - free_packet(p); - return NULL; - } - - if((rrec = make_response_record(subrec, /* subnet record. */ - p, /* packet we sent. */ - resp_fn, /* function to call on response. */ - timeout_fn, /* function to call on timeout. */ - (success_function)success_fn, /* function to call on operation success. */ - (fail_function)fail_fn, /* function to call on operation fail. */ - userdata)) == NULL) - { - p->locked = False; - free_packet(p); - return NULL; - } - - return rrec; -} - /**************************************************************************** Queue a query name packet to the broadcast address of a subnet. ****************************************************************************/ @@ -1849,8 +1866,9 @@ BOOL listen_for_packets(BOOL run_election) inet_ntoa(packet->ip),packet->port)); free_packet(packet); } else if ((ip_equal(loopback_ip, packet->ip) || - ismyip(packet->ip)) && packet->port == global_nmb_port) { - DEBUG(7,("discarding own packet from %s:%d\n", + ismyip(packet->ip)) && packet->port == global_nmb_port && + packet->packet.nmb.header.nm_flags.bcast) { + DEBUG(7,("discarding own bcast packet from %s:%d\n", inet_ntoa(packet->ip),packet->port)); free_packet(packet); } else { @@ -1876,7 +1894,7 @@ BOOL listen_for_packets(BOOL run_election) free_packet(packet); } else if ((ip_equal(loopback_ip, packet->ip) || ismyip(packet->ip)) && packet->port == DGRAM_PORT) { - DEBUG(7,("discarding own packet from %s:%d\n", + DEBUG(7,("discarding own dgram packet from %s:%d\n", inet_ntoa(packet->ip),packet->port)); free_packet(packet); } else { diff --git a/source3/nmbd/nmbd_responserecordsdb.c b/source3/nmbd/nmbd_responserecordsdb.c index a2da5ddf4ab..7e8c8025aeb 100644 --- a/source3/nmbd/nmbd_responserecordsdb.c +++ b/source3/nmbd/nmbd_responserecordsdb.c @@ -97,12 +97,12 @@ void remove_response_record(struct subnet_record *subrec, **************************************************************************/ struct response_record *make_response_record( struct subnet_record *subrec, - struct packet_struct *p, - response_function resp_fn, - timeout_response_function timeout_fn, - success_function success_fn, - fail_function fail_fn, - struct userdata_struct *userdata) + struct packet_struct *p, + response_function resp_fn, + timeout_response_function timeout_fn, + success_function success_fn, + fail_function fail_fn, + struct userdata_struct *userdata) { struct response_record *rrec; struct nmb_packet *nmb = &p->packet.nmb; diff --git a/source3/nmbd/nmbd_subnetdb.c b/source3/nmbd/nmbd_subnetdb.c index 6c6e7adbb8e..e68fc1589ca 100644 --- a/source3/nmbd/nmbd_subnetdb.c +++ b/source3/nmbd/nmbd_subnetdb.c @@ -233,12 +233,17 @@ BOOL create_subnets(void) struct in_addr unicast_ip, ipzero; extern struct in_addr loopback_ip; - if(num_interfaces == 0) - { - DEBUG(0,("create_subnets: No local interfaces !\n")); - return False; + if(num_interfaces == 0) { + DEBUG(0,("create_subnets: No local interfaces !\n")); + DEBUG(0,("create_subnets: Waiting for an interface to appear ...\n")); + while (iface_count() == 0) { + sleep(5); + load_interfaces(); + } } + num_interfaces = iface_count(); + /* * Create subnets from all the local interfaces and thread them onto * the linked list. @@ -262,45 +267,14 @@ BOOL create_subnets(void) if (!make_normal_subnet(iface)) return False; } - /* - * If we have been configured to use a WINS server, then try and - * get the ip address of it here. If we are the WINS server then - * set the unicast subnet address to be the first of our own real - * addresses. - * - * NOTE: I'm not sure of the implications of WINS server failover - * on this bit of code. Because of failover, the WINS - * server address can change. crh - */ - - if( wins_srv_count() ) - { - struct in_addr real_wins_ip; - real_wins_ip = wins_srv_ip(); - - if (!is_zero_ip(real_wins_ip)) - { - unicast_ip = real_wins_ip; - } - else - { - /* wins_srv_ip() can return a zero IP if all servers are - * either down or incorrectly entered in smb.conf. crh - */ - DEBUG(0,("No 'live' WINS servers found. Check 'wins server' parameter.\n")); - return False; - } - } - else if(lp_we_are_a_wins_server()) - { - /* Pick the first interface ip address as the WINS server ip. */ - unicast_ip = *iface_n_ip(0); - } - else - { - /* We should not be using a WINS server at all. Set the - ip address of the subnet to be zero. */ - zero_ip(&unicast_ip); + if (lp_we_are_a_wins_server()) { + /* Pick the first interface ip address as the WINS server ip. */ + unicast_ip = *iface_n_ip(0); + } else { + /* note that we do not set the wins server IP here. We just + set it at zero and let the wins registration code cope + with getting the IPs right for each packet */ + zero_ip(&unicast_ip); } /* @@ -341,16 +315,13 @@ BOOL create_subnets(void) /******************************************************************* Function to tell us if we can use the unicast subnet. ******************************************************************/ - BOOL we_are_a_wins_client(void) { - static int cache_we_are_a_wins_client = -1; - - if(cache_we_are_a_wins_client == -1) - cache_we_are_a_wins_client = (is_zero_ip(unicast_subnet->myip) ? - False : True); + if (wins_srv_count() > 0) { + return True; + } - return cache_we_are_a_wins_client; + return False; } /******************************************************************* diff --git a/source3/nmbd/nmbd_winsserver.c b/source3/nmbd/nmbd_winsserver.c index 3332e99e9d5..13554a9430b 100644 --- a/source3/nmbd/nmbd_winsserver.c +++ b/source3/nmbd/nmbd_winsserver.c @@ -983,7 +983,7 @@ static void wins_multihomed_register_query_success(struct subnet_record *subrec, if( (namerec == NULL) || (namerec->data.source != REGISTER_NAME) || !WINS_STATE_ACTIVE(namerec) ) { DEBUG(3,("wins_multihomed_register_query_success: name %s is not in the correct state to add \ -a subsequent IP addess.\n", nmb_namestr(question_name) )); +a subsequent IP address.\n", nmb_namestr(question_name) )); send_wins_name_registration_response(RFS_ERR, 0, orig_reg_packet); orig_reg_packet->locked = False; @@ -1100,6 +1100,16 @@ to register name %s from IP %s.", nmb_namestr(question), inet_ntoa(p->ip) )); namerec = find_name_on_subnet(subrec, question, FIND_ANY_NAME); + /* + * if the record exists but NOT in active state, + * consider it dead. + */ + if ((namerec != NULL) && !WINS_STATE_ACTIVE(namerec)) { + DEBUG(5,("wins_process_multihomed_name_registration_request: Name (%s) in WINS was not active - removing it.\n", nmb_namestr(question))); + remove_name_from_namelist(subrec, namerec); + namerec = NULL; + } + /* * Deal with the case where the name found was a dns entry. * Remove it as we now have a NetBIOS client registering the diff --git a/source3/nsswitch/.cvsignore b/source3/nsswitch/.cvsignore index 090b859b372..658d50a680f 100644 --- a/source3/nsswitch/.cvsignore +++ b/source3/nsswitch/.cvsignore @@ -1,3 +1,4 @@ *.po *.po32 diffs +winbindd_proto.h diff --git a/source3/nsswitch/hp_nss_common.h b/source3/nsswitch/hp_nss_common.h index 5f39e9abb05..5bd5374182e 100644 --- a/source3/nsswitch/hp_nss_common.h +++ b/source3/nsswitch/hp_nss_common.h @@ -23,8 +23,12 @@ Boston, MA 02111-1307, USA. */ +#ifdef HAVE_SYNCH_H #include +#endif +#ifdef HAVE_PTHREAD_H #include +#endif typedef enum { NSS_SUCCESS, diff --git a/source3/nsswitch/nss.h b/source3/nsswitch/nss.h index e021b013b50..d83a5e237ed 100644 --- a/source3/nsswitch/nss.h +++ b/source3/nsswitch/nss.h @@ -72,7 +72,7 @@ typedef enum #define NSD_MEM_VOLATILE 1 #define NSD_MEM_DYNAMIC 2 -#elif defined(HPUX) +#elif defined(HPUX) && defined(HAVE_NSSWITCH_H) /* HP-UX 11 */ #include "nsswitch/hp_nss_common.h" diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index b192a347f43..4739cfbf7ad 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -155,6 +155,14 @@ static int winbind_auth_request(const char *user, const char *pass, int ctrl) /* incorrect password */ _pam_log(LOG_WARNING, "user `%s' denied access (incorrect password)", user); return retval; + case PAM_ACCT_EXPIRED: + /* account expired */ + _pam_log(LOG_WARNING, "user `%s' account expired", user); + return retval; + case PAM_AUTHTOK_EXPIRED: + /* password expired */ + _pam_log(LOG_WARNING, "user `%s' password expired", user); + return retval; case PAM_USER_UNKNOWN: /* the user does not exist */ if (ctrl & WINBIND_DEBUG_ARG) @@ -577,6 +585,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, retval = winbind_auth_request(user, pass_old, ctrl); if (retval != PAM_ACCT_EXPIRED + && retval != PAM_AUTHTOK_EXPIRED && retval != PAM_NEW_AUTHTOK_REQD && retval != PAM_SUCCESS) { pass_old = NULL; diff --git a/source3/nsswitch/wb_client.c b/source3/nsswitch/wb_client.c index 53550ca353d..bcb339864ae 100644 --- a/source3/nsswitch/wb_client.c +++ b/source3/nsswitch/wb_client.c @@ -25,6 +25,11 @@ #include "includes.h" #include "nsswitch/nss.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + +extern DOM_SID global_sid_NULL; /* NULL sid */ + NSS_STATUS winbindd_request(int req_type, struct winbindd_request *request, struct winbindd_response *response); diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 6a2143f8f0f..89dd6252412 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -86,7 +86,7 @@ void init_response(struct winbindd_response *response) /* Close established socket */ -void close_sock(void) +static void close_sock(void) { if (winbindd_fd != -1) { close(winbindd_fd); @@ -168,7 +168,7 @@ int winbind_open_pipe_sock(void) return winbindd_fd; } -/* Write data to winbindd socket with timeout */ +/* Write data to winbindd socket */ int write_sock(void *buffer, int count) { @@ -234,7 +234,7 @@ int write_sock(void *buffer, int count) return nwritten; } -/* Read data from winbindd socket with timeout */ +/* Read data from winbindd socket */ static int read_sock(void *buffer, int count) { diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index 3ddd1865c09..d0af10a0e6f 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -25,6 +25,9 @@ #include "winbindd.h" #include "debug.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + /* Prototypes from common.h */ NSS_STATUS winbindd_request(int req_type, @@ -248,25 +251,22 @@ static BOOL wbinfo_show_sequence(void) static BOOL wbinfo_check_secret(void) { struct winbindd_response response; - BOOL result; + NSS_STATUS result; ZERO_STRUCT(response); result = winbindd_request(WINBINDD_CHECK_MACHACC, NULL, &response) == NSS_STATUS_SUCCESS; + + d_printf("checking the trust secret via RPC calls %s\n", + (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); - if (result) { - - if (response.data.num_entries == 0) - d_printf("Secret is good\n"); - else - d_printf("Secret is bad\n0x%08x\n", - response.data.num_entries); - - return True; - } - - return False; + if (result != NSS_STATUS_SUCCESS) + d_printf("error code was %s (0x%x)\n", + response.data.auth.nt_status_string, + response.data.auth.nt_status); + + return result == NSS_STATUS_SUCCESS; } /* Convert uid to sid */ @@ -593,7 +593,7 @@ static BOOL wbinfo_set_auth_user(char *username) /* Store in secrets.tdb */ - if (!secrets_store(SECRETS_AUTH_USER, username, + if (!secrets_store(SECRETS_AUTH_USER, user, strlen(user) + 1) || !secrets_store(SECRETS_AUTH_DOMAIN, domain, strlen(domain) + 1) || @@ -640,16 +640,17 @@ static void usage(void) d_printf("\t-m\t\t\tlist trusted domains\n"); d_printf("\t-r user\t\t\tget user groups\n"); d_printf("\t-a user%%password\tauthenticate user\n"); - d_printf("\t-A user%%password\tstore user and password used by winbindd (root only)\n"); - d_printf("\t-p 'ping' winbindd to see if it is alive\n"); + d_printf("\t-A user%%password\tstore user and password used by winbindd (root only)\n"); + d_printf("\t-p\t\t\t'ping' winbindd to see if it is alive\n"); d_printf("\t--sequence\t\tshow sequence numbers of all domains\n"); + d_printf("\t--set-auth-user DOMAIN\\user%%password\tset password for restrict anonymous\n"); } /* Main program */ enum { OPT_SET_AUTH_USER = 1000, - OPT_SEQUENCE, + OPT_SEQUENCE }; int main(int argc, char **argv) diff --git a/source3/nsswitch/winbind_nss.c b/source3/nsswitch/winbind_nss.c index a396e5551bc..5dc3d32279a 100644 --- a/source3/nsswitch/winbind_nss.c +++ b/source3/nsswitch/winbind_nss.c @@ -238,6 +238,7 @@ winbind_callback(nsd_file_t **rqp, int fd) free_response(&response); return(do_list(1,rq)); case WINBINDD_GETGRENT: + case WINBINDD_GETGRLST: nsd_logprintf(NSD_LOG_MIN, "callback (winbind) - %d GETGRENT responses\n", response.data.num_entries); @@ -1053,13 +1054,15 @@ _nss_winbind_endgrent(void) /* Get next entry from ntdom group database */ -NSS_STATUS -_nss_winbind_getgrent_r(struct group *result, - char *buffer, size_t buflen, int *errnop) +static NSS_STATUS +winbind_getgrent(enum winbindd_cmd cmd, + struct group *result, + char *buffer, size_t buflen, int *errnop) { NSS_STATUS ret; static struct winbindd_request request; static int called_again; + #ifdef DEBUG_NSS fprintf(stderr, "[%5d]: getgrent\n", getpid()); @@ -1083,7 +1086,7 @@ _nss_winbind_getgrent_r(struct group *result, request.data.num_entries = MAX_GETGRENT_USERS; - ret = winbindd_request(WINBINDD_GETGRENT, &request, + ret = winbindd_request(cmd, &request, &getgrent_response); if (ret == NSS_STATUS_SUCCESS) { @@ -1141,6 +1144,21 @@ _nss_winbind_getgrent_r(struct group *result, return ret; } + +NSS_STATUS +_nss_winbind_getgrent_r(struct group *result, + char *buffer, size_t buflen, int *errnop) +{ + return winbind_getgrent(WINBINDD_GETGRENT, result, buffer, buflen, errnop); +} + +NSS_STATUS +_nss_winbind_getgrlst_r(struct group *result, + char *buffer, size_t buflen, int *errnop) +{ + return winbind_getgrent(WINBINDD_GETGRLST, result, buffer, buflen, errnop); +} + /* Return group struct from group name */ NSS_STATUS diff --git a/source3/nsswitch/winbind_nss_config.h b/source3/nsswitch/winbind_nss_config.h index 0de63878be5..b9c738211e1 100644 --- a/source3/nsswitch/winbind_nss_config.h +++ b/source3/nsswitch/winbind_nss_config.h @@ -129,11 +129,15 @@ typedef int BOOL; #endif /* zero a structure */ +#ifndef ZERO_STRUCT #define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x)) +#endif /* zero a structure given a pointer to the structure */ +#ifndef ZERO_STRUCTP #define ZERO_STRUCTP(x) { if ((x) != NULL) memset((char *)(x), 0, sizeof(*(x))); } - +#endif + /* Some systems (SCO) treat UNIX domain sockets as FIFOs */ #ifndef S_IFSOCK diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index 4f647902365..358d9add3a3 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -4,6 +4,7 @@ Winbind daemon for ntdom nss module Copyright (C) by Tim Potter 2000, 2001 + Copyright (C) Andrew Tridgell 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -26,7 +27,8 @@ struct winbindd_cli_state *client_list; static int num_clients; -BOOL opt_nocache; +BOOL opt_nocache = False; +BOOL opt_dual_daemon = False; /* Reload configuration */ @@ -221,6 +223,7 @@ static struct dispatch_table dispatch_table[] = { { WINBINDD_SETGRENT, winbindd_setgrent, "SETGRENT" }, { WINBINDD_ENDGRENT, winbindd_endgrent, "ENDGRENT" }, { WINBINDD_GETGRENT, winbindd_getgrent, "GETGRENT" }, + { WINBINDD_GETGRLST, winbindd_getgrent, "GETGRLST" }, /* PAM auth functions */ @@ -365,9 +368,10 @@ static void remove_client(struct winbindd_cli_state *state) } } + /* Process a complete received packet from a client */ -static void process_packet(struct winbindd_cli_state *state) +void winbind_process_packet(struct winbindd_cli_state *state) { /* Process request */ @@ -379,11 +383,16 @@ static void process_packet(struct winbindd_cli_state *state) state->read_buf_len = 0; state->write_buf_len = sizeof(struct winbindd_response); + + /* we might need to send it to the dual daemon */ + if (opt_dual_daemon) { + dual_send_request(state); + } } /* Read some data from a client connection */ -static void client_read(struct winbindd_cli_state *state) +void winbind_client_read(struct winbindd_cli_state *state) { int n; @@ -529,6 +538,10 @@ static void process_loop(int accept_sock) timeout.tv_sec = WINBINDD_ESTABLISH_LOOP; timeout.tv_usec = 0; + if (opt_dual_daemon) { + maxfd = dual_select_setup(&w_fds, maxfd); + } + /* Set up client readers and writers */ state = client_list; @@ -583,6 +596,10 @@ static void process_loop(int accept_sock) if (selret > 0) { + if (opt_dual_daemon) { + dual_select(&w_fds); + } + if (FD_ISSET(accept_sock, &r_fds)) new_connection(accept_sock); @@ -596,7 +613,7 @@ static void process_loop(int accept_sock) /* Read data */ - client_read(state); + winbind_client_read(state); /* * If we have the start of a @@ -620,7 +637,7 @@ static void process_loop(int accept_sock) if (state->read_buf_len == sizeof(state->request)) { - process_packet(state); + winbind_process_packet(state); } } @@ -656,6 +673,62 @@ static void process_loop(int accept_sock) } } + +/* + these are split out from the main winbindd for use by the background daemon + */ +int winbind_setup_common(void) +{ + load_interfaces(); + + if (!secrets_init()) { + + DEBUG(0,("Could not initialize domain trust account secrets. Giving up\n")); + return 1; + + } + + /* Get list of domains we look up requests for. This includes the + domain which we are a member of as well as any trusted + domains. */ + + init_domain_list(); + + ZERO_STRUCT(server_state); + + /* Winbind daemon initialisation */ + + if (!winbindd_param_init()) + return 1; + + if (!winbindd_idmap_init()) + return 1; + + /* Unblock all signals we are interested in as they may have been + blocked by the parent process. */ + + BlockSignals(False, SIGINT); + BlockSignals(False, SIGQUIT); + BlockSignals(False, SIGTERM); + BlockSignals(False, SIGUSR1); + BlockSignals(False, SIGUSR2); + BlockSignals(False, SIGHUP); + + /* Setup signal handlers */ + + CatchSignal(SIGINT, termination_handler); /* Exit on these sigs */ + CatchSignal(SIGQUIT, termination_handler); + CatchSignal(SIGTERM, termination_handler); + + CatchSignal(SIGPIPE, SIG_IGN); /* Ignore sigpipe */ + + CatchSignal(SIGUSR2, sigusr2_handler); /* Debugging sigs */ + CatchSignal(SIGHUP, sighup_handler); + + return 0; +} + + /* Main function */ struct winbindd_state server_state; /* Server state information */ @@ -665,13 +738,14 @@ static void usage(void) { printf("Usage: winbindd [options]\n"); printf("\t-i interactive mode\n"); + printf("\t-B dual daemon mode\n"); printf("\t-n disable cacheing\n"); printf("\t-d level set debug level\n"); printf("\t-s configfile choose smb.conf location\n"); printf("\t-h show this help message\n"); } -int main(int argc, char **argv) + int main(int argc, char **argv) { extern BOOL AllowDebugChange; extern pstring global_myname; @@ -709,7 +783,7 @@ int main(int argc, char **argv) /* Initialise samba/rpc client stuff */ - while ((opt = getopt(argc, argv, "id:s:nh")) != EOF) { + while ((opt = getopt(argc, argv, "id:s:nhB")) != EOF) { switch (opt) { /* Don't become a daemon */ @@ -717,6 +791,11 @@ int main(int argc, char **argv) interactive = True; break; + /* dual daemon system */ + case 'B': + opt_dual_daemon = True; + break; + /* disable cacheing */ case 'n': opt_nocache = True; @@ -756,8 +835,6 @@ int main(int argc, char **argv) exit(1); } - pidfile_create("winbindd"); - /* Setup names. */ if (!*global_myname) { @@ -771,8 +848,10 @@ int main(int argc, char **argv) fstrcpy(global_myworkgroup, lp_workgroup()); - if (!interactive) + if (!interactive) { become_daemon(); + pidfile_create("winbindd"); + } #if HAVE_SETPGID /* @@ -783,51 +862,13 @@ int main(int argc, char **argv) setpgid( (pid_t)0, (pid_t)0); #endif - load_interfaces(); - - if (!secrets_init()) { - - DEBUG(0,("Could not initialize domain trust account secrets. Giving up\n")); - return 1; - + if (opt_dual_daemon) { + do_dual_daemon(); } - /* Get list of domains we look up requests for. This includes the - domain which we are a member of as well as any trusted - domains. */ - - init_domain_list(); - - ZERO_STRUCT(server_state); - - /* Winbind daemon initialisation */ - - if (!winbindd_param_init()) - return 1; - - if (!winbindd_idmap_init()) + if (winbind_setup_common() != 0) { return 1; - - /* Unblock all signals we are interested in as they may have been - blocked by the parent process. */ - - BlockSignals(False, SIGINT); - BlockSignals(False, SIGQUIT); - BlockSignals(False, SIGTERM); - BlockSignals(False, SIGUSR1); - BlockSignals(False, SIGUSR2); - BlockSignals(False, SIGHUP); - - /* Setup signal handlers */ - - CatchSignal(SIGINT, termination_handler); /* Exit on these sigs */ - CatchSignal(SIGQUIT, termination_handler); - CatchSignal(SIGTERM, termination_handler); - - CatchSignal(SIGPIPE, SIG_IGN); /* Ignore sigpipe */ - - CatchSignal(SIGUSR2, sigusr2_handler); /* Debugging sigs */ - CatchSignal(SIGHUP, sighup_handler); + } /* Initialise messaging system */ diff --git a/source3/nsswitch/winbindd.h b/source3/nsswitch/winbindd.h index 4d35c27c213..11d399be49a 100644 --- a/source3/nsswitch/winbindd.h +++ b/source3/nsswitch/winbindd.h @@ -29,6 +29,9 @@ #include "winbindd_nss.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + /* Client state structure */ struct winbindd_cli_state { diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c index 22bad667c3c..b61348adfe7 100644 --- a/source3/nsswitch/winbindd_ads.c +++ b/source3/nsswitch/winbindd_ads.c @@ -24,6 +24,9 @@ #ifdef HAVE_ADS +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + /* the realm of our primary LDAP server */ static char *primary_realm; @@ -58,7 +61,7 @@ ADS_STATUS ads_do_search_retry(ADS_STRUCT *ads, const char *bind_path, int scope if (*res) ads_msgfree(ads, *res); *res = NULL; - DEBUG(1,("Reopening ads connection to %s after error %s\n", + DEBUG(3,("Reopening ads connection to %s after error %s\n", ads->ldap_server, ads_errstr(status))); if (ads->ld) { ldap_unbind(ads->ld); @@ -119,6 +122,8 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain) if (resolve_name(domain->name, &server_ip, 0x1b)) { sname = inet_ntoa(server_ip); + } else if (resolve_name(domain->name, &server_ip, 0x1c)) { + sname = inet_ntoa(server_ip); } else { if (strcasecmp(domain->name, lp_workgroup()) != 0) { DEBUG(1,("can't find domain controller for %s\n", domain->name)); @@ -127,7 +132,7 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain) sname = NULL; } - ads = ads_init(primary_realm, sname, NULL, NULL); + ads = ads_init(primary_realm, domain->name, NULL, NULL, NULL); if (!ads) { DEBUG(1,("ads_init for domain %s failed\n", domain->name)); return NULL; @@ -138,7 +143,7 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain) ads->password = secrets_fetch_machine_password(); status = ads_connect(ads); - if (!ADS_ERR_OK(status)) { + if (!ADS_ERR_OK(status) || !ads->realm) { extern struct winbindd_methods msrpc_methods; DEBUG(1,("ads_connect for domain %s failed: %s\n", domain->name, ads_errstr(status))); @@ -186,6 +191,24 @@ static enum SID_NAME_USE ads_atype_map(uint32 atype) return SID_NAME_UNKNOWN; } +/* + in order to support usernames longer than 21 characters we need to + use both the sAMAccountName and the userPrincipalName attributes + It seems that not all users have the userPrincipalName attribute set +*/ +static char *pull_username(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, void *msg) +{ + char *ret, *p; + + ret = ads_pull_string(ads, mem_ctx, msg, "userPrincipalName"); + if (ret && (p = strchr(ret, '@'))) { + *p = 0; + return ret; + } + return ads_pull_string(ads, mem_ctx, msg, "sAMAccountName"); +} + + /* Query display info for a realm. This is the basic user list fn */ static NTSTATUS query_user_list(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, @@ -193,7 +216,9 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain, WINBIND_USERINFO **info) { ADS_STRUCT *ads = NULL; - const char *attrs[] = {"sAMAccountName", "name", "objectSid", "primaryGroupID", + const char *attrs[] = {"userPrincipalName", + "sAMAccountName", + "name", "objectSid", "primaryGroupID", "sAMAccountType", NULL}; int i, count; ADS_STATUS rc; @@ -240,7 +265,7 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain, continue; } - name = ads_pull_string(ads, mem_ctx, msg, "sAMAccountName"); + name = pull_username(ads, mem_ctx, msg); gecos = ads_pull_string(ads, mem_ctx, msg, "name"); if (!ads_pull_sid(ads, msg, "objectSid", &sid)) { DEBUG(1,("No sid for %s !?\n", name)); @@ -251,7 +276,7 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain, continue; } - if (!sid_peek_rid(&sid, &rid)) { + if (!sid_peek_check_rid(&domain->sid, &sid, &rid)) { DEBUG(1,("No rid for %s !?\n", name)); continue; } @@ -281,7 +306,8 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, struct acct_info **info) { ADS_STRUCT *ads = NULL; - const char *attrs[] = {"sAMAccountName", "name", "objectSid", + const char *attrs[] = {"userPrincipalName", "sAMAccountName", + "name", "objectSid", "sAMAccountType", NULL}; int i, count; ADS_STATUS rc; @@ -298,13 +324,13 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, rc = ads_search_retry(ads, &res, "(objectCategory=group)", attrs); if (!ADS_ERR_OK(rc)) { - DEBUG(1,("query_user_list ads_search: %s\n", ads_errstr(rc))); + DEBUG(1,("enum_dom_groups ads_search: %s\n", ads_errstr(rc))); goto done; } count = ads_count_replies(ads, res); if (count == 0) { - DEBUG(1,("query_user_list: No users found\n")); + DEBUG(1,("enum_dom_groups: No groups found\n")); goto done; } @@ -326,14 +352,14 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, &account_type) || !(account_type & ATYPE_GROUP)) continue; - name = ads_pull_string(ads, mem_ctx, msg, "sAMAccountName"); + name = pull_username(ads, mem_ctx, msg); gecos = ads_pull_string(ads, mem_ctx, msg, "name"); if (!ads_pull_sid(ads, msg, "objectSid", &sid)) { DEBUG(1,("No sid for %s !?\n", name)); continue; } - if (!sid_peek_rid(&sid, &rid)) { + if (!sid_peek_check_rid(&domain->sid, &sid, &rid)) { DEBUG(1,("No rid for %s !?\n", name)); continue; } @@ -377,7 +403,9 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, ads = ads_cached_connection(domain); if (!ads) goto done; - asprintf(&exp, "(sAMAccountName=%s)", name); + /* accept either the win2000 or the pre-win2000 username */ + asprintf(&exp, "(|(sAMAccountName=%s)(userPrincipalName=%s@%s))", + name, name, ads->realm); rc = ads_search_retry(ads, &res, exp, attrs); free(exp); if (!ADS_ERR_OK(rc)) { @@ -421,7 +449,9 @@ static NTSTATUS sid_to_name(struct winbindd_domain *domain, enum SID_NAME_USE *type) { ADS_STRUCT *ads = NULL; - const char *attrs[] = {"sAMAccountName", "sAMAccountType", NULL}; + const char *attrs[] = {"userPrincipalName", + "sAMAccountName", + "sAMAccountType", NULL}; ADS_STATUS rc; void *msg = NULL; char *exp; @@ -448,7 +478,7 @@ static NTSTATUS sid_to_name(struct winbindd_domain *domain, goto done; } - *name = ads_pull_string(ads, mem_ctx, msg, "sAMAccountName"); + *name = pull_username(ads, mem_ctx, msg); *type = ads_atype_map(atype); status = NT_STATUS_OK; @@ -462,6 +492,50 @@ done: } +/* convert a DN to a name, rid and name type + this might become a major speed bottleneck if groups have + lots of users, in which case we could cache the results +*/ +static BOOL dn_lookup(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, + const char *dn, + char **name, uint32 *name_type, uint32 *rid) +{ + char *exp; + void *res = NULL; + const char *attrs[] = {"userPrincipalName", "sAMAccountName", + "objectSid", "sAMAccountType", NULL}; + ADS_STATUS rc; + uint32 atype; + DOM_SID sid; + + asprintf(&exp, "(distinguishedName=%s)", dn); + rc = ads_search_retry(ads, &res, exp, attrs); + free(exp); + if (!ADS_ERR_OK(rc)) { + goto failed; + } + + (*name) = pull_username(ads, mem_ctx, res); + + if (!ads_pull_uint32(ads, res, "sAMAccountType", &atype)) { + goto failed; + } + (*name_type) = ads_atype_map(atype); + + if (!ads_pull_sid(ads, res, "objectSid", &sid) || + !sid_peek_rid(&sid, rid)) { + goto failed; + } + + if (res) ads_msgfree(ads, res); + return True; + +failed: + if (res) ads_msgfree(ads, res); + return False; +} + + /* convert a sid to a distnguished name */ static NTSTATUS sid_to_distinguished_name(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, @@ -511,7 +585,9 @@ static NTSTATUS query_user(struct winbindd_domain *domain, WINBIND_USERINFO *info) { ADS_STRUCT *ads = NULL; - const char *attrs[] = {"sAMAccountName", "name", "objectSid", + const char *attrs[] = {"userPrincipalName", + "sAMAccountName", + "name", "objectSid", "primaryGroupID", NULL}; ADS_STATUS rc; int count; @@ -544,7 +620,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain, goto done; } - info->acct_name = ads_pull_string(ads, mem_ctx, msg, "sAMAccountName"); + info->acct_name = pull_username(ads, mem_ctx, msg); info->full_name = ads_pull_string(ads, mem_ctx, msg, "name"); if (!ads_pull_sid(ads, msg, "objectSid", &sid)) { DEBUG(1,("No sid for %d !?\n", user_rid)); @@ -555,7 +631,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain, goto done; } - if (!sid_peek_rid(&sid, &info->user_rid)) { + if (!sid_peek_check_rid(&domain->sid,&sid, &info->user_rid)) { DEBUG(1,("No rid for %d !?\n", user_rid)); goto done; } @@ -633,7 +709,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, for (i=1;isid, &sids[i-1], &rid)) continue; (*user_gids)[*num_groups] = rid; (*num_groups)++; } @@ -646,7 +722,9 @@ done: return status; } - +/* + find the members of a group, given a group rid and domain + */ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, uint32 group_rid, uint32 *num_names, @@ -654,13 +732,16 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, uint32 **name_types) { DOM_SID group_sid; - const char *attrs[] = {"sAMAccountName", "objectSid", "sAMAccountType", NULL}; ADS_STATUS rc; int count; - void *res=NULL, *msg=NULL; + void *res=NULL; ADS_STRUCT *ads = NULL; - char *exp, *dn = NULL; + char *exp; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + char *sidstr; + const char *attrs[] = {"member", NULL}; + char **members; + int i, num_members; *num_names = 0; @@ -668,17 +749,14 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, if (!ads) goto done; sid_from_rid(domain, group_rid, &group_sid); - status = sid_to_distinguished_name(domain, mem_ctx, &group_sid, &dn); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(3,("Failed to find distinguishedName for %s\n", sid_string_static(&group_sid))); - return status; - } + sidstr = sid_binstring(&group_sid); - /* search for all users who have that group sid as primary group or as member */ - asprintf(&exp, "(&(objectCategory=user)(|(primaryGroupID=%d)(memberOf=%s)))", - group_rid, dn); + /* search for all members of the group */ + asprintf(&exp, "(objectSid=%s)",sidstr); rc = ads_search_retry(ads, &res, exp, attrs); free(exp); + free(sidstr); + if (!ADS_ERR_OK(rc)) { DEBUG(1,("query_user_list ads_search: %s\n", ads_errstr(rc))); goto done; @@ -690,29 +768,33 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, goto done; } - (*rid_mem) = talloc_zero(mem_ctx, sizeof(uint32) * count); - (*name_types) = talloc_zero(mem_ctx, sizeof(uint32) * count); - (*names) = talloc_zero(mem_ctx, sizeof(char *) * count); + members = ads_pull_strings(ads, mem_ctx, res, "member"); + if (!members) { + /* no members? ok ... */ + status = NT_STATUS_OK; + goto done; + } - for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) { - uint32 atype, rid; - DOM_SID sid; + /* now we need to turn a list of members into rids, names and name types + the problem is that the members are in the form of distinguised names + */ + for (i=0;members[i];i++) /* noop */ ; + num_members = i; - (*names)[*num_names] = ads_pull_string(ads, mem_ctx, msg, "sAMAccountName"); - if (!ads_pull_uint32(ads, msg, "sAMAccountType", &atype)) { - continue; - } - (*name_types)[*num_names] = ads_atype_map(atype); - if (!ads_pull_sid(ads, msg, "objectSid", &sid)) { - DEBUG(1,("No sid for %s !?\n", (*names)[*num_names])); - continue; - } - if (!sid_peek_rid(&sid, &rid)) { - DEBUG(1,("No rid for %s !?\n", (*names)[*num_names])); - continue; + (*rid_mem) = talloc_zero(mem_ctx, sizeof(uint32) * num_members); + (*name_types) = talloc_zero(mem_ctx, sizeof(uint32) * num_members); + (*names) = talloc_zero(mem_ctx, sizeof(char *) * num_members); + + for (i=0;itdb = tdb_open_log(lock_path("winbindd_cache.tdb"), 5000, - TDB_DEFAULT, O_RDWR | O_CREAT | O_TRUNC, 0600); + TDB_CLEAR_IF_FIRST, O_RDWR|O_CREAT, 0600); if (!wcache->tdb) { DEBUG(0,("Failed to open winbindd_cache.tdb!\n")); @@ -205,11 +208,17 @@ static void refresh_sequence_number(struct winbindd_domain *domain, BOOL force) { NTSTATUS status; unsigned time_diff; + unsigned cache_time = lp_winbind_cache_time(); + + /* trying to reconnect is expensive, don't do it too often */ + if (domain->sequence_number == DOM_SEQUENCE_NONE) { + cache_time *= 8; + } time_diff = time(NULL) - domain->last_seq_check; /* see if we have to refetch the domain sequence number */ - if (!force && (time_diff < lp_winbind_cache_time())) { + if (!force && (time_diff < cache_time)) { return; } @@ -289,8 +298,15 @@ static struct cache_entry *wcache_fetch(struct winbind_cache *cache, centry->sequence_number = centry_uint32(centry); if (centry_expired(domain, centry)) { - centry_free(centry); - return NULL; + extern BOOL opt_dual_daemon; + + if (opt_dual_daemon) { + extern BOOL backgroud_process; + backgroud_process = True; + } else { + centry_free(centry); + return NULL; + } } return centry; @@ -410,6 +426,7 @@ static void wcache_save_name_to_sid(struct winbindd_domain *domain, NTSTATUS sta { struct cache_entry *centry; uint32 len; + fstring uname; centry = centry_start(domain, status); if (!centry) return; @@ -418,7 +435,9 @@ static void wcache_save_name_to_sid(struct winbindd_domain *domain, NTSTATUS sta centry_put_uint32(centry, type); sid_linearize(centry->data + centry->ofs, len, sid); centry->ofs += len; - centry_end(centry, "NS/%s/%s", domain->name, name); + fstrcpy(uname, name); + strupper(uname); + centry_end(centry, "NS/%s/%s", domain->name, uname); centry_free(centry); } @@ -448,7 +467,7 @@ static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status, WI centry_put_string(centry, info->full_name); centry_put_uint32(centry, info->user_rid); centry_put_uint32(centry, info->group_rid); - centry_end(centry, "U/%s/%x", domain->name, info->user_rid); + centry_end(centry, "U/%s/%d", domain->name, info->user_rid); centry_free(centry); } @@ -597,10 +616,13 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, struct winbind_cache *cache = get_cache(domain); struct cache_entry *centry = NULL; NTSTATUS status; + fstring uname; if (!cache->tdb) goto do_query; - centry = wcache_fetch(cache, domain, "NS/%s/%s", domain->name, name); + fstrcpy(uname, name); + strupper(uname); + centry = wcache_fetch(cache, domain, "NS/%s/%s", domain->name, uname); if (!centry) goto do_query; *type = centry_uint32(centry); sid_parse(centry->data + centry->ofs, centry->len - centry->ofs, sid); @@ -620,6 +642,9 @@ do_query: /* and save it */ wcache_save_name_to_sid(domain, status, name, sid, *type); + /* We can't save the sid to name mapping as we don't know the + correct case of the name without looking it up */ + return status; } @@ -636,7 +661,8 @@ static NTSTATUS sid_to_name(struct winbindd_domain *domain, NTSTATUS status; uint32 rid = 0; - sid_peek_rid(sid, &rid); + if (!sid_peek_check_rid(&domain->sid, sid, &rid)) + return NT_STATUS_INVALID_PARAMETER; if (!cache->tdb) goto do_query; @@ -661,6 +687,7 @@ do_query: /* and save it */ refresh_sequence_number(domain, True); wcache_save_sid_to_name(domain, status, sid, *name, *type, rid); + wcache_save_name_to_sid(domain, status, *name, sid, *type); return status; } @@ -678,7 +705,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain, if (!cache->tdb) goto do_query; - centry = wcache_fetch(cache, domain, "U/%s/%x", domain->name, user_rid); + centry = wcache_fetch(cache, domain, "U/%s/%d", domain->name, user_rid); if (!centry) goto do_query; info->acct_name = centry_string(centry, mem_ctx); @@ -719,7 +746,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, if (!cache->tdb) goto do_query; - centry = wcache_fetch(cache, domain, "UG/%s/%x", domain->name, user_rid); + centry = wcache_fetch(cache, domain, "UG/%s/%d", domain->name, user_rid); if (!centry) goto do_query; *num_groups = centry_uint32(centry); @@ -754,7 +781,7 @@ do_query: for (i=0; i<(*num_groups); i++) { centry_put_uint32(centry, (*user_gids)[i]); } - centry_end(centry, "UG/%s/%x", domain->name, user_rid); + centry_end(centry, "UG/%s/%d", domain->name, user_rid); centry_free(centry); skip_save: @@ -775,7 +802,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, if (!cache->tdb) goto do_query; - centry = wcache_fetch(cache, domain, "GM/%s/%x", domain->name, group_rid); + centry = wcache_fetch(cache, domain, "GM/%s/%d", domain->name, group_rid); if (!centry) goto do_query; *num_names = centry_uint32(centry); @@ -824,7 +851,7 @@ do_query: centry_put_string(centry, (*names)[i]); centry_put_uint32(centry, (*name_types)[i]); } - centry_end(centry, "GM/%s/%x", domain->name, group_rid); + centry_end(centry, "GM/%s/%d", domain->name, group_rid); centry_free(centry); skip_save: @@ -878,5 +905,3 @@ struct winbindd_methods cache_methods = { trusted_domains, domain_sid }; - - diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c index ce484795f84..3ab97ed408f 100644 --- a/source3/nsswitch/winbindd_cm.c +++ b/source3/nsswitch/winbindd_cm.c @@ -4,6 +4,7 @@ Winbind daemon connection manager Copyright (C) Tim Potter 2001 + Copyright (C) Andrew Bartlett 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -60,6 +61,9 @@ #include "winbindd.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + /* Global list of connections. Initially a DLIST but can become a hash table or whatever later. */ @@ -348,7 +352,7 @@ static NTSTATUS cm_open_connection(const char *domain,const char *pipe_name, result = cli_full_connection(&(new_conn->cli), global_myname, new_conn->controller, &dc_ip, 0, "IPC$", "IPC", ipc_username, ipc_domain, - ipc_password, strlen(ipc_password)); + ipc_password, 0); SAFE_FREE(ipc_username); SAFE_FREE(ipc_domain); diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index 4ef57513bb0..20563ba7bd7 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -23,6 +23,9 @@ #include "winbindd.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + /*************************************************************** Empty static struct for negative caching. ****************************************************************/ @@ -72,7 +75,7 @@ static BOOL fill_grent_mem(struct winbindd_domain *domain, *num_gr_mem = 0; if (group_name_type != SID_NAME_DOM_GRP) { - DEBUG(1, ("rid %d in domain %s isn't a " "domain group\n", + DEBUG(1, ("rid %d in domain %s isn't a domain group\n", group_rid, domain->name)); goto done; } @@ -81,8 +84,8 @@ static BOOL fill_grent_mem(struct winbindd_domain *domain, status = domain->methods->lookup_groupmem(domain, mem_ctx, group_rid, &num_names, &rid_mem, &names, &name_types); if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("could not lookup membership for group rid %d in domain %s\n", - group_rid, domain->name)); + DEBUG(1, ("could not lookup membership for group rid %d in domain %s (error: %s)\n", + group_rid, domain->name, nt_errstr(status))); goto done; } @@ -228,7 +231,8 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) } /* Fill in group structure */ - sid_peek_rid(&group_sid, &group_rid); + if (!sid_peek_check_rid(&domain->sid, &group_sid, &group_rid)) + return WINBINDD_ERROR; if (!winbindd_idmap_get_gid_from_sid(&group_sid, &gid)) { DEBUG(1, ("error converting unix gid to sid\n")); @@ -359,8 +363,10 @@ enum winbindd_result winbindd_setgrent(struct winbindd_cli_state *state) /* Create a state record for this domain */ if ((domain_state = (struct getent_state *) - malloc(sizeof(struct getent_state))) == NULL) + malloc(sizeof(struct getent_state))) == NULL) { + DEBUG(1, ("winbindd_setgrent: malloc failed for domain_state!\n")); return WINBINDD_ERROR; + } ZERO_STRUCTP(domain_state); @@ -407,8 +413,10 @@ static BOOL get_sam_group_entries(struct getent_state *ent) return False; if (!(mem_ctx = talloc_init_named("get_sam_group_entries(%s)", - ent->domain_name))) + ent->domain_name))) { + DEBUG(1, ("get_sam_group_entries: could not create talloc context!\n")); return False; + } /* Free any existing group info */ @@ -431,6 +439,7 @@ static BOOL get_sam_group_entries(struct getent_state *ent) &sam_grp_entries); if (!NT_STATUS_IS_OK(status)) { + DEBUG(3, ("get_sam_group_entries: could not enumerate domain groups! Error: %s", nt_errstr(status))); result = False; goto done; } @@ -571,14 +580,21 @@ enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state) goto done; } - /* Get group membership */ + group_list[group_list_ndx].num_gr_mem = 0; + gr_mem = NULL; + gr_mem_len = 0; - result = fill_grent_mem( - domain, - name_list[ent->sam_entry_index].rid, - SID_NAME_DOM_GRP, - &group_list[group_list_ndx].num_gr_mem, - &gr_mem, &gr_mem_len); + /* Get group membership */ + if (state->request.cmd == WINBINDD_GETGRLST) { + result = True; + } else { + result = fill_grent_mem( + domain, + name_list[ent->sam_entry_index].rid, + SID_NAME_DOM_GRP, + &group_list[group_list_ndx].num_gr_mem, + &gr_mem, &gr_mem_len); + } } if (result) { diff --git a/source3/nsswitch/winbindd_idmap.c b/source3/nsswitch/winbindd_idmap.c index bae61449ee1..6d184fec5fe 100644 --- a/source3/nsswitch/winbindd_idmap.c +++ b/source3/nsswitch/winbindd_idmap.c @@ -22,6 +22,9 @@ #include "winbindd.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + /* High water mark keys */ #define HWM_GROUP "GROUP HWM" @@ -364,6 +367,7 @@ fail: static BOOL idmap_convert(const char *idmap_name) { int32 vers = tdb_fetch_int32(idmap_tdb, "IDMAP_VERSION"); + BOOL bigendianheader = (idmap_tdb->flags & TDB_BIGENDIAN) ? True : False; if (vers == IDMAP_VERSION) return True; @@ -374,28 +378,34 @@ static BOOL idmap_convert(const char *idmap_name) return False; #endif - if (IREV(vers) == IDMAP_VERSION) { - /* Arrggghh ! Bytereversed - make order independent ! */ + if (((vers == -1) && bigendianheader) || (IREV(vers) == IDMAP_VERSION)) { + /* Arrggghh ! Bytereversed or old big-endian - make order independent ! */ + /* + * high and low records were created on a + * big endian machine and will need byte-reversing. + */ + int32 wm; wm = tdb_fetch_int32(idmap_tdb, HWM_USER); - if (wm != -1) + if (wm != -1) { wm = IREV(wm); - else + } else wm = server_state.uid_low; - if (tdb_store_int32(idmap_tdb, HWM_USER, server_state.uid_low) == -1) { + if (tdb_store_int32(idmap_tdb, HWM_USER, wm) == -1) { DEBUG(0, ("idmap_convert: Unable to byteswap user hwm in idmap database\n")); return False; } wm = tdb_fetch_int32(idmap_tdb, HWM_GROUP); - if (wm != -1) + if (wm != -1) { wm = IREV(wm); - else + } else wm = server_state.gid_low; - if (tdb_store_int32(idmap_tdb, HWM_GROUP, server_state.gid_low) == -1) { + + if (tdb_store_int32(idmap_tdb, HWM_GROUP, wm) == -1) { DEBUG(0, ("idmap_convert: Unable to byteswap group hwm in idmap database\n")); return False; } @@ -404,7 +414,7 @@ static BOOL idmap_convert(const char *idmap_name) /* the old format stored as DOMAIN/rid - now we store the SID direct */ tdb_traverse(idmap_tdb, convert_fn, NULL); - if (tdb_store_int32(idmap_tdb, "IDMAP_VERSION", IDMAP_VERSION) == -1) { + if (tdb_store_int32(idmap_tdb, "IDMAP_VERSION", IDMAP_VERSION) == -1) { DEBUG(0, ("idmap_convert: Unable to byteswap group hwm in idmap database\n")); return False; } diff --git a/source3/nsswitch/winbindd_misc.c b/source3/nsswitch/winbindd_misc.c index 5678bdaa5af..45f2d42f980 100644 --- a/source3/nsswitch/winbindd_misc.c +++ b/source3/nsswitch/winbindd_misc.c @@ -23,6 +23,9 @@ #include "winbindd.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + extern pstring global_myname; /************************************************************************ @@ -88,9 +91,15 @@ enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *stat "good" : "bad")); done: - state->response.data.num_entries = NT_STATUS_V(result); + state->response.data.auth.nt_status = NT_STATUS_V(result); + fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result)); + fstrcpy(state->response.data.auth.error_string, nt_errstr(result)); + state->response.data.auth.pam_error = nt_status_to_pam(result); - return WINBINDD_OK; + DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("Checking the trust account password returned %s\n", + state->response.data.auth.nt_status_string)); + + return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; } enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state diff --git a/source3/nsswitch/winbindd_nss.h b/source3/nsswitch/winbindd_nss.h index 023d72306b7..0f0e40a2eca 100644 --- a/source3/nsswitch/winbindd_nss.h +++ b/source3/nsswitch/winbindd_nss.h @@ -99,6 +99,9 @@ enum winbindd_cmd { WINBINDD_WINS_BYIP, WINBINDD_WINS_BYNAME, + /* this is like GETGRENT but gives an empty group list */ + WINBINDD_GETGRLST, + /* Placeholder for end of cmd list */ WINBINDD_NUM_CMDS diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index f7959c2febe..e608f826c91 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -24,6 +24,9 @@ #include "winbindd.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + /* Return a password structure from a username. */ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) diff --git a/source3/nsswitch/winbindd_proto.h b/source3/nsswitch/winbindd_proto.h index f3830cd63c6..ef44fb655e8 100644 --- a/source3/nsswitch/winbindd_proto.h +++ b/source3/nsswitch/winbindd_proto.h @@ -6,7 +6,9 @@ /* The following definitions come from nsswitch/winbindd.c */ -int main(int argc, char **argv); +void winbind_process_packet(struct winbindd_cli_state *state); +void winbind_client_read(struct winbindd_cli_state *state); +int winbind_setup_common(void); /* The following definitions come from nsswitch/winbindd_ads.c */ @@ -39,6 +41,13 @@ NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd, struct cli_state **cli); void winbindd_cm_status(void); +/* The following definitions come from nsswitch/winbindd_dual.c */ + +int dual_select_setup(fd_set *fds, int maxfd); +void dual_select(fd_set *fds); +void dual_send_request(struct winbindd_cli_state *state); +void do_dual_daemon(void); + /* The following definitions come from nsswitch/winbindd_group.c */ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state); diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c index d0d97cae491..2bb0e8c49f4 100644 --- a/source3/nsswitch/winbindd_rpc.c +++ b/source3/nsswitch/winbindd_rpc.c @@ -23,6 +23,9 @@ #include "winbindd.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + /* Query display info for a domain. This returns enough information plus a bit extra to give an overview of domain users for the User Manager application. */ @@ -38,6 +41,8 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain, uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; int i; + DEBUG(3,("rpc: query_user_list\n")); + *num_entries = 0; *info = NULL; @@ -130,6 +135,8 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, *num_entries = 0; *info = NULL; + DEBUG(3,("rpc: enum_dom_groups\n")); + if (!(hnd = cm_get_sam_handle(domain->name))) { return NT_STATUS_UNSUCCESSFUL; } @@ -189,6 +196,8 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, uint32 *types = NULL; const char *full_name; + DEBUG(3,("rpc: name_to_sid name=%s\n", name)); + if (!(mem_ctx = talloc_init_named("name_to_sid[rpc] for [%s]\\[%s]", domain->name, name))) { DEBUG(0, ("talloc_init failed!\n")); return NT_STATUS_NO_MEMORY; @@ -210,7 +219,8 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, status = cli_lsa_lookup_names(hnd->cli, mem_ctx, &hnd->pol, 1, &full_name, &sids, &types); - /* Return rid and type if lookup successful */ + /* Return rid and type if lookup successful */ + if (NT_STATUS_IS_OK(status)) { sid_copy(sid, &sids[0]); *type = types[0]; @@ -235,6 +245,8 @@ static NTSTATUS sid_to_name(struct winbindd_domain *domain, uint32 *types; NTSTATUS status; + DEBUG(3,("rpc: sid_to_name\n")); + if (!(hnd = cm_get_lsa_handle(domain->name))) return NT_STATUS_UNSUCCESSFUL; @@ -267,6 +279,8 @@ static NTSTATUS query_user(struct winbindd_domain *domain, BOOL got_dom_pol = False, got_user_pol = False; SAM_USERINFO_CTR *ctr; + DEBUG(3,("rpc: query_user rid=%u\n", user_rid)); + /* Get sam handle */ if (!(hnd = cm_get_sam_handle(domain->name))) goto done; @@ -295,6 +309,9 @@ static NTSTATUS query_user(struct winbindd_domain *domain, result = cli_samr_query_userinfo(hnd->cli, mem_ctx, &user_pol, 0x15, &ctr); + if (!NT_STATUS_IS_OK(result)) + goto done; + cli_samr_close(hnd->cli, mem_ctx, &user_pol); got_user_pol = False; @@ -329,6 +346,8 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, DOM_GID *user_groups; int i; + DEBUG(3,("rpc: lookup_usergroups rid=%u\n", user_rid)); + *num_groups = 0; /* First try cached universal groups from logon */ @@ -400,6 +419,8 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; BOOL got_dom_pol = False, got_group_pol = False; + DEBUG(3,("rpc: lookup_groupmem rid=%u\n", group_rid)); + *num_names = 0; /* Get sam handle */ @@ -502,6 +523,8 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq) BOOL got_dom_pol = False; uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; + DEBUG(3,("rpc: sequence_number\n")); + *seq = DOM_SEQUENCE_NONE; if (!(mem_ctx = talloc_init_named("sequence_number[rpc]"))) @@ -557,6 +580,9 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, CLI_POLICY_HND *hnd; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 enum_ctx = 0; + uint32 pref_num_domains = 5; + + DEBUG(3,("rpc: trusted_domains\n")); *num_domains = 0; @@ -564,8 +590,8 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, goto done; result = cli_lsa_enum_trust_dom(hnd->cli, mem_ctx, - &hnd->pol, &enum_ctx, num_domains, - names, dom_sids); + &hnd->pol, &enum_ctx, &pref_num_domains, + num_domains, names, dom_sids); done: return result; } @@ -578,6 +604,8 @@ static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid) CLI_POLICY_HND *hnd; fstring level5_dom; + DEBUG(3,("rpc: domain_sid\n")); + if (!(mem_ctx = talloc_init_named("domain_sid[rpc]"))) return NT_STATUS_NO_MEMORY; diff --git a/source3/nsswitch/winbindd_sid.c b/source3/nsswitch/winbindd_sid.c index a41bf759160..372898a08a4 100644 --- a/source3/nsswitch/winbindd_sid.c +++ b/source3/nsswitch/winbindd_sid.c @@ -21,7 +21,9 @@ */ #include "winbindd.h" -#include "sids.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND /* Convert a string */ diff --git a/source3/nsswitch/winbindd_user.c b/source3/nsswitch/winbindd_user.c index d89717ad47c..55593d6ae57 100644 --- a/source3/nsswitch/winbindd_user.c +++ b/source3/nsswitch/winbindd_user.c @@ -23,6 +23,9 @@ #include "winbindd.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + /* Fill a pwent structure with information we have obtained */ static BOOL winbindd_fill_pwent(char *dom_name, char *user_name, diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index 06804b3b43f..d5668a2bb68 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -22,7 +22,9 @@ */ #include "winbindd.h" -#include "sids.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND /** * @file winbindd_util.c @@ -164,9 +166,6 @@ BOOL init_domain_list(void) DEBUG(1,("Added domain %s (%s)\n", domain->name, sid_string_static(&domain->sid))); - - /* this primes the connection */ - cache_methods.domain_sid(domain, &domain->sid); } } diff --git a/source3/nsswitch/winbindd_wins.c b/source3/nsswitch/winbindd_wins.c index af624170eb4..8f9a7414bdc 100644 --- a/source3/nsswitch/winbindd_wins.c +++ b/source3/nsswitch/winbindd_wins.c @@ -23,6 +23,9 @@ #include "winbindd.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + /* Use our own create socket code so we don't recurse.... */ static int wins_lookup_open_socket_in(void) @@ -84,25 +87,18 @@ static struct in_addr *lookup_byname_backend(const char *name, int *count) { int fd; struct in_addr *ret = NULL; - struct in_addr p; - int j; + int j, flags = 0; *count = 0; - fd = wins_lookup_open_socket_in(); - if (fd == -1) - return NULL; - - p = wins_srv_ip(); - if( !is_zero_ip(p) ) { - ret = name_query(fd,name,0x20,False,True, p, count); - goto out; + /* always try with wins first */ + if (resolve_wins(name,0x20,&ret,count)) { + return ret; } - if (lp_wins_support()) { - /* we are our own WINS server */ - ret = name_query(fd,name,0x20,False,True, *interpret_addr2("127.0.0.1"), count); - goto out; + fd = wins_lookup_open_socket_in(); + if (fd == -1) { + return NULL; } /* uggh, we have to broadcast to each interface in turn */ @@ -110,12 +106,10 @@ static struct in_addr *lookup_byname_backend(const char *name, int *count) j >= 0; j--) { struct in_addr *bcast = iface_n_bcast(j); - ret = name_query(fd,name,0x20,True,True,*bcast,count); + ret = name_query(fd,name,0x20,True,True,*bcast,count, &flags, NULL); if (ret) break; } - out: - close(fd); return ret; } diff --git a/source3/nsswitch/wins.c b/source3/nsswitch/wins.c index 2133f817d1a..9bb2d6755cb 100644 --- a/source3/nsswitch/wins.c +++ b/source3/nsswitch/wins.c @@ -80,14 +80,10 @@ static void nss_wins_init(void) DEBUGLEVEL = 0; AllowDebugChange = False; - /* needed for lp_xx() functions */ - charset_initialise(); - TimeInit(); setup_logging("nss_wins",False); lp_load(dyn_CONFIGFILE,True,False,False); load_interfaces(); - codepage_initialise(lp_client_code_page()); } static struct node_status *lookup_byaddr_backend(char *addr, int *count) @@ -115,10 +111,10 @@ static struct node_status *lookup_byaddr_backend(char *addr, int *count) static struct in_addr *lookup_byname_backend(const char *name, int *count) { - int fd; + int fd = -1; struct in_addr *ret = NULL; struct in_addr p; - int j; + int j, flags = 0; if (!initialised) { nss_wins_init(); @@ -126,33 +122,24 @@ static struct in_addr *lookup_byname_backend(const char *name, int *count) *count = 0; - fd = wins_lookup_open_socket_in(); - if (fd == -1) - return NULL; - - p = wins_srv_ip(); - if( !is_zero_ip(p) ) { - ret = name_query(fd,name,0x20,False,True, p, count); - goto out; + /* always try with wins first */ + if (resolve_wins(name,0x20,&ret,count)) { + return ret; } - if (lp_wins_support()) { - /* we are our own WINS server */ - ret = name_query(fd,name,0x20,False,True, *interpret_addr2("127.0.0.1"), count); - goto out; + fd = wins_lookup_open_socket_in(); + if (fd == -1) { + return NULL; } /* uggh, we have to broadcast to each interface in turn */ - for (j=iface_count() - 1; - j >= 0; - j--) { + for (j=iface_count() - 1;j >= 0;j--) { struct in_addr *bcast = iface_n_bcast(j); - ret = name_query(fd,name,0x20,True,True,*bcast,count); + ret = name_query(fd,name,0x20,True,True,*bcast,count, &flags, NULL); if (ret) break; } - out: - +out: close(fd); return ret; } @@ -319,5 +306,19 @@ _nss_wins_gethostbyname_r(const char *name, struct hostent *he, return NSS_STATUS_SUCCESS; } -#endif + +NSS_STATUS +_nss_wins_gethostbyname2_r(const char *name, int af, struct hostent *he, + char *buffer, size_t buflen, int *errnop, + int *h_errnop) +{ + if(af!=AF_INET) { + *h_errnop = NO_DATA; + *errnop = EAFNOSUPPORT; + return NSS_STATUS_UNAVAIL; + } + + return _nss_wins_gethostbyname_r(name,he,buffer,buflen,errnop,h_errnop); +} +#endif diff --git a/source3/pam_smbpass/general.h b/source3/pam_smbpass/general.h index 0291146cbba..4f13d601313 100644 --- a/source3/pam_smbpass/general.h +++ b/source3/pam_smbpass/general.h @@ -121,3 +121,10 @@ struct _pam_failed_auth { char *agent; /* attempt from user with name */ int count; /* number of failures so far */ }; + +/* + * General use functions go here + */ + +/* from support.c */ +int make_remark(pam_handle_t *, unsigned int, int, const char *); diff --git a/source3/pam_smbpass/pam_smb_acct.c b/source3/pam_smbpass/pam_smb_acct.c index 8d91c456bf4..0803ef82a23 100644 --- a/source3/pam_smbpass/pam_smb_acct.c +++ b/source3/pam_smbpass/pam_smb_acct.c @@ -33,6 +33,7 @@ #include "support.h" + /* * pam_sm_acct_mgmt() verifies whether or not the account is disabled. * @@ -45,15 +46,12 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags, int retval; const char *name; - const char *p; SAM_ACCOUNT *sampass = NULL; extern BOOL in_client; /* Samba initialization. */ setup_logging( "pam_smbpass", False ); - charset_initialise(); - codepage_initialise(lp_client_code_page()); in_client = True; ctrl = set_ctrl( flags, argc, argv ); diff --git a/source3/pam_smbpass/pam_smb_auth.c b/source3/pam_smbpass/pam_smb_auth.c index 9952eb94db2..e5cc12e2f6d 100644 --- a/source3/pam_smbpass/pam_smb_auth.c +++ b/source3/pam_smbpass/pam_smb_auth.c @@ -47,6 +47,7 @@ do { \ static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl, const char *name, SAM_ACCOUNT *sampass, BOOL exist); + /* * pam_sm_authenticate() authenticates users against the samba password file. * @@ -67,13 +68,11 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, BOOL found; /* Points to memory managed by the PAM library. Do not free. */ - const char *p = NULL; + char *p = NULL; /* Samba initialization. */ setup_logging("pam_smbpass",False); - charset_initialise(); - codepage_initialise(lp_client_code_page()); in_client = True; ctrl = set_ctrl(flags, argc, argv); diff --git a/source3/pam_smbpass/pam_smb_passwd.c b/source3/pam_smbpass/pam_smb_passwd.c index 338d873d257..0f527552525 100644 --- a/source3/pam_smbpass/pam_smb_passwd.c +++ b/source3/pam_smbpass/pam_smb_passwd.c @@ -35,8 +35,7 @@ int smb_update_db( pam_handle_t *pamh, int ctrl, const char *user, const char *pass_new ) { - char c; - int retval, i; + int retval; pstring err_str; pstring msg_str; @@ -94,12 +93,11 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, SAM_ACCOUNT *sampass = NULL; const char *user; - const char *pass_old, *pass_new; + char *pass_old; + char *pass_new; /* Samba initialization. */ setup_logging( "pam_smbpass", False ); - charset_initialise(); - codepage_initialise(lp_client_code_page()); in_client = True; ctrl = set_ctrl(flags, argc, argv); diff --git a/source3/pam_smbpass/support.c b/source3/pam_smbpass/support.c index 86349f8c164..a55dcb0272d 100644 --- a/source3/pam_smbpass/support.c +++ b/source3/pam_smbpass/support.c @@ -1,132 +1,135 @@ -/* Unix NT password database implementation, version 0.6. - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "includes.h" -#include "general.h" + /* Unix NT password database implementation, version 0.6. + * + * This program is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 675 + * Mass Ave, Cambridge, MA 02139, USA. + */ -#include "support.h" + #include "includes.h" + #include "general.h" + #include "support.h" -#define _pam_overwrite(x) \ -do { \ - register char *__xx__; \ - if ((__xx__=(x))) \ - while (*__xx__) \ - *__xx__++ = '\0'; \ -} while (0) -/* - * Don't just free it, forget it too. - */ + #define _pam_overwrite(x) \ + do { \ + register char *__xx__; \ + if ((__xx__=(x))) \ + while (*__xx__) \ + *__xx__++ = '\0'; \ + } while (0) -#define _pam_drop(X) \ -do { \ - if (X) { \ - free(X); \ - X=NULL; \ - } \ -} while (0) - -#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \ -do { \ - int reply_i; \ - \ - for (reply_i=0; reply_iconv(nargs, (const struct pam_message **) message - ,response, conv->appdata_ptr); + retval = conv->conv(nargs, (const struct pam_message **) message + ,response, conv->appdata_ptr); - if (retval != PAM_SUCCESS && on(SMB_DEBUG, ctrl)) { - _log_err(LOG_DEBUG, "conversation failure [%s]" + if (retval != PAM_SUCCESS && on(SMB_DEBUG, ctrl)) { + _log_err(LOG_DEBUG, "conversation failure [%s]" + ,pam_strerror(pamh, retval)); + } + } else { + _log_err(LOG_ERR, "couldn't obtain coversation function [%s]" ,pam_strerror(pamh, retval)); } - } else { - _log_err(LOG_ERR, "couldn't obtain coversation function [%s]" - ,pam_strerror(pamh, retval)); - } - return retval; /* propagate error status */ -} + return retval; /* propagate error status */ + } -int make_remark( pam_handle_t * pamh, unsigned int ctrl - , int type, const char *text ) -{ - if (off(SMB__QUIET, ctrl)) { - struct pam_message *pmsg[1], msg[1]; - struct pam_response *resp; + int make_remark( pam_handle_t * pamh, unsigned int ctrl + , int type, const char *text ) + { + if (off(SMB__QUIET, ctrl)) { + struct pam_message *pmsg[1], msg[1]; + struct pam_response *resp; - pmsg[0] = &msg[0]; - msg[0].msg = text; - msg[0].msg_style = type; - resp = NULL; + pmsg[0] = &msg[0]; + msg[0].msg = text; + msg[0].msg_style = type; + resp = NULL; - return converse(pamh, ctrl, 1, pmsg, &resp); + return converse(pamh, ctrl, 1, pmsg, &resp); + } + return PAM_SUCCESS; } - return PAM_SUCCESS; -} -/* set the control flags for the SMB module. */ + /* set the control flags for the SMB module. */ int set_ctrl( int flags, int argc, const char **argv ) { int i = 0; - static pstring servicesf = CONFIGFILE; - const char *service_file = servicesf; + const char *service_file = dyn_CONFIGFILE; unsigned int ctrl; ctrl = SMB_DEFAULTS; /* the default selection of options */ @@ -136,6 +139,9 @@ int set_ctrl( int flags, int argc, const char **argv ) /* A good, sane default (matches Samba's behavior). */ set( SMB__NONULL, ctrl ); + /* initialize service file location */ + service_file=servicesf; + if (flags & PAM_SILENT) { set( SMB__QUIET, ctrl ); } @@ -165,6 +171,8 @@ int set_ctrl( int flags, int argc, const char **argv ) _log_err( LOG_ERR, "Error loading service file %s", service_file ); } + secrets_init(); + if (lp_null_passwords()) { set( SMB__NULLOK, ctrl ); } @@ -303,7 +311,7 @@ int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass, uchar hash_pass[16]; uchar lm_pw[16]; uchar nt_pw[16]; - int retval; + int retval = PAM_AUTH_ERR; char *data_name; const char *name; @@ -482,7 +490,7 @@ int _smb_read_password( pam_handle_t * pamh, unsigned int ctrl, { int authtok_flag; int retval; - const char *item = NULL; + char *item = NULL; char *token; struct pam_message msg[3], *pmsg[3]; diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 462464d68f0..6e3ce460cd4 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -6,6 +6,7 @@ Largely re-written by Andrew Tridgell, September 1994 Copyright (C) Simo Sorce 2001 + Copyright (C) Alexander Bokovoy 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -54,7 +55,6 @@ BOOL in_client = False; /* Not in the client by default */ BOOL bLoaded = False; extern userdom_struct current_user_info; -extern int DEBUGLEVEL_CLASS[DBGC_LAST]; extern pstring user_socket_options; extern pstring global_myname; pstring global_scope = ""; @@ -96,6 +96,7 @@ typedef struct char *szDeletePrinterCommand; char *szOs2DriverMap; char *szLockDir; + char *szPidDir; char *szRootdir; char *szDefaultService; char *szDfree; @@ -109,7 +110,7 @@ typedef struct char *szConfigFile; char *szSMBPasswdFile; char *szPrivateDir; - char *szPassdbBackend; + char **szPassdbBackend; char *szPasswordServer; char *szSocketOptions; char *szWorkGroup; @@ -120,7 +121,7 @@ typedef struct char *szLogonPath; char *szLogonDrive; char *szLogonHome; - char *szWINSserver; + char **szWINSservers; char **szInterfaces; char *szRemoteAnnounce; char *szRemoteBrowseSync; @@ -136,7 +137,7 @@ typedef struct char *szAddGroupScript; char *szDelGroupScript; char *szAddUserToGroupScript; - char *szDelUserToGroupScript; + char *szDelUserFromGroupScript; char *szAddMachineScript; char *szShutdownScript; char *szAbortShutdownScript; @@ -151,6 +152,7 @@ typedef struct char *szWinbindUID; char *szWinbindGID; char *szNonUnixAccountRange; + BOOL bAlgorithmicRidBase; char *szTemplateHomedir; char *szTemplateShell; char *szWinbindSeparator; @@ -200,7 +202,6 @@ typedef struct int winbind_cache_time; int iLockSpinCount; int iLockSpinTime; -#ifdef WITH_LDAP_SAM char *szLdapMachineSuffix; char *szLdapUserSuffix; int ldap_port; @@ -208,26 +209,6 @@ typedef struct char *szLdapSuffix; char *szLdapFilter; char *szLdapAdminDn; -#endif /* WITH_LDAP_SAM */ -#ifdef WITH_SSL - int sslVersion; - char **sslHostsRequire; - char **sslHostsResign; - char *sslCaCertDir; - char *sslCaCertFile; - char *sslServerCert; - char *sslServerPrivKey; - char *sslClientCert; - char *sslClientPrivKey; - char *sslCiphers; - char *sslEgdSocket; - char *sslEntropyFile; - int sslEntropyBytes; - BOOL sslEnabled; - BOOL sslReqClientCert; - BOOL sslReqServerCert; - BOOL sslCompatibility; -#endif /* WITH_SSL */ BOOL bMsAddPrinterWizard; BOOL bDNSproxy; BOOL bWINSsupport; @@ -263,7 +244,6 @@ typedef struct BOOL bStatCache; BOOL bKernelOplocks; BOOL bAllowTrustedDomains; - BOOL bRestrictAnonymous; BOOL bLanmanAuth; BOOL bNTLMAuth; BOOL bDebugHiresTimestamp; @@ -275,6 +255,8 @@ typedef struct BOOL bUseMmap; BOOL bHostnameLookups; BOOL bUseSpnego; + BOOL bUnixExtensions; + int restrict_anonymous; } global; @@ -347,6 +329,7 @@ typedef struct int iPrinting; int iOplockContentionLimit; int iCSCPolicy; + int iBlock_size; BOOL bAlternatePerm; BOOL bPreexecClose; BOOL bRootpreexecClose; @@ -464,6 +447,7 @@ static service sDefault = { DEFAULT_PRINTING, /* iPrinting */ 2, /* iOplockContentionLimit */ 0, /* iCSCPolicy */ + 1024, /* iBlock_size */ False, /* bAlternatePerm */ False, /* bPreexecClose */ False, /* bRootpreexecClose */ @@ -537,14 +521,11 @@ static BOOL handle_netbios_name(char *pszParmValue, char **ptr); static BOOL handle_winbind_uid(char *pszParmValue, char **ptr); static BOOL handle_winbind_gid(char *pszParmValue, char **ptr); static BOOL handle_non_unix_account_range(char *pszParmValue, char **ptr); -static BOOL handle_wins_server_list(char *pszParmValue, char **ptr); static BOOL handle_debug_list( char *pszParmValue, char **ptr ); -#if WITH_LDAP_SAM static BOOL handle_ldap_machine_suffix ( char *pszParmValue, char **ptr ); static BOOL handle_ldap_user_suffix ( char *pszParmValue, char **ptr ); static BOOL handle_ldap_suffix ( char *pszParmValue, char **ptr ); -#endif static void set_server_role(void); static void set_default_server_announce_type(void); @@ -587,7 +568,6 @@ static struct enum_list enum_printing[] = { {-1, NULL} }; -#ifdef WITH_LDAP_SAM static struct enum_list enum_ldap_ssl[] = { {LDAP_SSL_ON, "Yes"}, {LDAP_SSL_ON, "yes"}, @@ -601,7 +581,6 @@ static struct enum_list enum_ldap_ssl[] = { {LDAP_SSL_START_TLS, "start_tls"}, {-1, NULL} }; -#endif /* WITH_LDAP_SAM */ /* Types of machine we can announce as. */ #define ANNOUNCE_AS_NT_SERVER 1 @@ -645,7 +624,8 @@ static struct enum_list enum_csc_policy[] = { {CSC_POLICY_MANUAL, "manual"}, {CSC_POLICY_DOCUMENTS, "documents"}, {CSC_POLICY_PROGRAMS, "programs"}, - {CSC_POLICY_DISABLE, "disable"} + {CSC_POLICY_DISABLE, "disable"}, + {-1, NULL} }; /* @@ -676,16 +656,6 @@ static struct enum_list enum_map_to_guest[] = { {-1, NULL} }; -#ifdef WITH_SSL -static struct enum_list enum_ssl_version[] = { - {SMB_SSL_V2, "ssl2"}, - {SMB_SSL_V3, "ssl3"}, - {SMB_SSL_V23, "ssl2or3"}, - {SMB_SSL_TLS1, "tls1"}, - {-1, NULL} -}; -#endif - /* note that we do not initialise the defaults union - it is not allowed in ANSI C */ static struct parm_struct parm_table[] = { {"Base Options", P_SEP, P_SEPARATOR}, @@ -723,8 +693,9 @@ static struct parm_struct parm_table[] = { {"password server", P_STRING, P_GLOBAL, &Globals.szPasswordServer, NULL, NULL, 0}, {"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, 0}, {"private dir", P_STRING, P_GLOBAL, &Globals.szPrivateDir, NULL, NULL, 0}, - {"passdb backend", P_STRING, P_GLOBAL, &Globals.szPassdbBackend, NULL, NULL, 0}, + {"passdb backend", P_LIST, P_GLOBAL, &Globals.szPassdbBackend, NULL, NULL, 0}, {"non unix account range", P_STRING, P_GLOBAL, &Globals.szNonUnixAccountRange, handle_non_unix_account_range, NULL, 0}, + {"algorithmic rid base", P_INTEGER, P_GLOBAL, &Globals.bAlgorithmicRidBase, NULL, NULL, 0}, {"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0}, {"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0}, {"root", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0}, @@ -738,7 +709,7 @@ static struct parm_struct parm_table[] = { {"password level", P_INTEGER, P_GLOBAL, &Globals.pwordlevel, NULL, NULL, 0}, {"username level", P_INTEGER, P_GLOBAL, &Globals.unamelevel, NULL, NULL, 0}, {"unix password sync", P_BOOL, P_GLOBAL, &Globals.bUnixPasswdSync, NULL, NULL, 0}, - {"restrict anonymous", P_BOOL, P_GLOBAL, &Globals.bRestrictAnonymous, NULL, NULL, 0}, + {"restrict anonymous", P_INTEGER, P_GLOBAL, &Globals.restrict_anonymous, NULL, NULL, 0}, {"lanman auth", P_BOOL, P_GLOBAL, &Globals.bLanmanAuth, NULL, NULL, 0}, {"ntlm auth", P_BOOL, P_GLOBAL, &Globals.bNTLMAuth, NULL, NULL, 0}, @@ -785,33 +756,11 @@ static struct parm_struct parm_table[] = { {"hosts deny", P_LIST, P_LOCAL, &sDefault.szHostsdeny, NULL, NULL, FLAG_GLOBAL | FLAG_BASIC | FLAG_SHARE | FLAG_PRINT}, {"deny hosts", P_LIST, P_LOCAL, &sDefault.szHostsdeny, NULL, NULL, 0}, -#ifdef WITH_SSL - {"Secure Socket Layer Options", P_SEP, P_SEPARATOR}, - {"ssl", P_BOOL, P_GLOBAL, &Globals.sslEnabled, NULL, NULL, 0}, - - {"ssl hosts", P_LIST, P_GLOBAL, &Globals.sslHostsRequire, NULL, NULL, 0}, - {"ssl hosts resign", P_LIST, P_GLOBAL, &Globals.sslHostsResign, NULL, NULL, 0}, - {"ssl CA certDir", P_STRING, P_GLOBAL, &Globals.sslCaCertDir, NULL, NULL, 0}, - {"ssl CA certFile", P_STRING, P_GLOBAL, &Globals.sslCaCertFile, NULL, NULL, 0}, - {"ssl server cert", P_STRING, P_GLOBAL, &Globals.sslServerCert, NULL, NULL, 0}, - {"ssl server key", P_STRING, P_GLOBAL, &Globals.sslServerPrivKey, NULL, NULL, 0}, - {"ssl client cert", P_STRING, P_GLOBAL, &Globals.sslClientCert, NULL, NULL, 0}, - {"ssl client key", P_STRING, P_GLOBAL, &Globals.sslClientPrivKey, NULL, NULL, 0}, - {"ssl egd socket", P_STRING, P_GLOBAL, &Globals.sslEgdSocket, NULL, NULL, 0}, - {"ssl entropy file", P_STRING, P_GLOBAL, &Globals.sslEntropyFile, NULL, NULL, 0}, - {"ssl entropy bytes", P_INTEGER, P_GLOBAL, &Globals.sslEntropyBytes, NULL, NULL, 0}, - {"ssl require clientcert", P_BOOL, P_GLOBAL, &Globals.sslReqClientCert, NULL, NULL, 0}, - {"ssl require servercert", P_BOOL, P_GLOBAL, &Globals.sslReqServerCert, NULL, NULL, 0}, - {"ssl ciphers", P_STRING, P_GLOBAL, &Globals.sslCiphers, NULL, NULL, 0}, - {"ssl version", P_ENUM, P_GLOBAL, &Globals.sslVersion, NULL, enum_ssl_version, 0}, - {"ssl compatibility", P_BOOL, P_GLOBAL, &Globals.sslCompatibility, NULL, NULL, 0}, -#endif /* WITH_SSL */ - {"Logging Options", P_SEP, P_SEPARATOR}, {"admin log", P_BOOL, P_GLOBAL, &Globals.bAdminLog, NULL, NULL, 0}, - {"log level", P_INTEGER, P_GLOBAL, &DEBUGLEVEL_CLASS[DBGC_ALL], handle_debug_list, NULL, 0}, - {"debuglevel", P_INTEGER, P_GLOBAL, &DEBUGLEVEL_CLASS[DBGC_ALL], handle_debug_list, NULL, 0}, + {"log level", P_STRING, P_GLOBAL, NULL, handle_debug_list, NULL, 0}, + {"debuglevel", P_STRING, P_GLOBAL, NULL, handle_debug_list, NULL, 0}, {"syslog", P_INTEGER, P_GLOBAL, &Globals.syslog, NULL, NULL, 0}, {"syslog only", P_BOOL, P_GLOBAL, &Globals.bSyslogOnly, NULL, NULL, 0}, {"log file", P_STRING, P_GLOBAL, &Globals.szLogFile, NULL, NULL, 0}, @@ -849,10 +798,12 @@ static struct parm_struct parm_table[] = { {"max wins ttl", P_INTEGER, P_GLOBAL, &Globals.max_wins_ttl, NULL, NULL, 0}, {"min wins ttl", P_INTEGER, P_GLOBAL, &Globals.min_wins_ttl, NULL, NULL, 0}, {"time server", P_BOOL, P_GLOBAL, &Globals.bTimeServer, NULL, NULL, 0}, + {"unix extensions", P_BOOL, P_GLOBAL, &Globals.bUnixExtensions, NULL, NULL, 0}, {"use spnego", P_BOOL, P_GLOBAL, &Globals.bUseSpnego, NULL, NULL, 0}, {"Tuning Options", P_SEP, P_SEPARATOR}, + {"block size", P_INTEGER, P_LOCAL, &sDefault.iBlock_size, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL}, {"change notify timeout", P_INTEGER, P_GLOBAL, &Globals.change_notify_timeout, NULL, NULL, 0}, {"deadtime", P_INTEGER, P_GLOBAL, &Globals.deadtime, NULL, NULL, 0}, {"getwd cache", P_BOOL, P_GLOBAL, &use_getwd_cache, NULL, NULL, 0}, @@ -885,7 +836,7 @@ static struct parm_struct parm_table[] = { {"printcap", P_STRING, P_GLOBAL, &Globals.szPrintcapname, NULL, NULL, 0}, {"printable", P_BOOL, P_LOCAL, &sDefault.bPrint_ok, NULL, NULL, FLAG_PRINT}, {"print ok", P_BOOL, P_LOCAL, &sDefault.bPrint_ok, NULL, NULL, 0}, - {"postscript", P_BOOL, P_LOCAL, &sDefault.bPostscript, NULL, NULL, FLAG_PRINT}, + {"postscript", P_BOOL, P_LOCAL, &sDefault.bPostscript, NULL, NULL, FLAG_PRINT | FLAG_DEPRECATED}, {"printing", P_ENUM, P_LOCAL, &sDefault.iPrinting, NULL, enum_printing, FLAG_PRINT | FLAG_GLOBAL}, {"print command", P_STRING, P_LOCAL, &sDefault.szPrintcommand, NULL, NULL, FLAG_PRINT | FLAG_GLOBAL}, {"disable spoolss", P_BOOL, P_GLOBAL, &Globals.bDisableSpoolss, NULL, NULL, FLAG_PRINT | FLAG_GLOBAL}, @@ -906,9 +857,9 @@ static struct parm_struct parm_table[] = { {"printer", P_STRING, P_LOCAL, &sDefault.szPrintername, NULL, NULL, 0}, {"use client driver", P_BOOL, P_LOCAL, &sDefault.bUseClientDriver, NULL, NULL, FLAG_PRINT}, {"default devmode", P_BOOL, P_LOCAL, &sDefault.bDefaultDevmode, NULL, NULL, FLAG_PRINT}, - {"printer driver", P_STRING, P_LOCAL, &sDefault.szPrinterDriver, NULL, NULL, FLAG_PRINT}, - {"printer driver file", P_STRING, P_LOCAL, &sDefault.szDriverFile, NULL, NULL, FLAG_PRINT}, - {"printer driver location", P_STRING, P_LOCAL, &sDefault.szPrinterDriverLocation, NULL, NULL, FLAG_PRINT | FLAG_GLOBAL}, + {"printer driver", P_STRING, P_LOCAL, &sDefault.szPrinterDriver, NULL, NULL, FLAG_PRINT | FLAG_DEPRECATED}, + {"printer driver file", P_STRING, P_LOCAL, &sDefault.szDriverFile, NULL, NULL, FLAG_PRINT | FLAG_DEPRECATED}, + {"printer driver location", P_STRING, P_LOCAL, &sDefault.szPrinterDriverLocation, NULL, NULL, FLAG_PRINT | FLAG_GLOBAL | FLAG_DEPRECATED}, {"Filename Handling", P_SEP, P_SEPARATOR}, {"strip dot", P_BOOL, P_GLOBAL, &Globals.bStripDot, NULL, NULL, 0}, @@ -946,7 +897,7 @@ static struct parm_struct parm_table[] = { {"add group script", P_STRING, P_GLOBAL, &Globals.szAddGroupScript, NULL, NULL, 0}, {"delete group script", P_STRING, P_GLOBAL, &Globals.szDelGroupScript, NULL, NULL, 0}, {"add user to group script", P_STRING, P_GLOBAL, &Globals.szAddUserToGroupScript, NULL, NULL, 0}, - {"delete user from group script", P_STRING, P_GLOBAL, &Globals.szDelUserToGroupScript, NULL, NULL, 0}, + {"delete user from group script", P_STRING, P_GLOBAL, &Globals.szDelUserFromGroupScript, NULL, NULL, 0}, {"add machine script", P_STRING, P_GLOBAL, &Globals.szAddMachineScript, NULL, NULL, 0}, {"shutdown script", P_STRING, P_GLOBAL, &Globals.szShutdownScript, NULL, NULL, 0}, {"abort shutdown script", P_STRING, P_GLOBAL, &Globals.szAbortShutdownScript, NULL, NULL, 0}, @@ -975,7 +926,7 @@ static struct parm_struct parm_table[] = { {"dns proxy", P_BOOL, P_GLOBAL, &Globals.bDNSproxy, NULL, NULL, 0}, {"wins proxy", P_BOOL, P_GLOBAL, &Globals.bWINSproxy, NULL, NULL, 0}, - {"wins server", P_STRING, P_GLOBAL, &Globals.szWINSserver, handle_wins_server_list, NULL, FLAG_BASIC}, + {"wins server", P_LIST, P_GLOBAL, &Globals.szWINSservers, NULL, NULL, FLAG_BASIC}, {"wins support", P_BOOL, P_GLOBAL, &Globals.bWINSsupport, NULL, NULL, FLAG_BASIC}, {"wins hook", P_STRING, P_GLOBAL, &Globals.szWINSHook, NULL, NULL, 0}, {"wins partners", P_STRING, P_GLOBAL, &Globals.szWINSPartners, NULL, NULL, 0}, @@ -996,9 +947,8 @@ static struct parm_struct parm_table[] = { {"oplock contention limit", P_INTEGER, P_LOCAL, &sDefault.iOplockContentionLimit, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL}, {"posix locking", P_BOOL, P_LOCAL, &sDefault.bPosixLocking, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL}, {"strict locking", P_BOOL, P_LOCAL, &sDefault.bStrictLocking, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL}, - {"share modes", P_BOOL, P_LOCAL, &sDefault.bShareModes, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL}, + {"share modes", P_BOOL, P_LOCAL, &sDefault.bShareModes, NULL, NULL, FLAG_SHARE|FLAG_GLOBAL}, -#ifdef WITH_LDAP_SAM {"Ldap Options", P_SEP, P_SEPARATOR}, {"ldap suffix", P_STRING, P_GLOBAL, &Globals.szLdapSuffix, handle_ldap_suffix, NULL, 0}, @@ -1007,7 +957,6 @@ static struct parm_struct parm_table[] = { {"ldap filter", P_STRING, P_GLOBAL, &Globals.szLdapFilter, NULL, NULL, 0}, {"ldap admin dn", P_STRING, P_GLOBAL, &Globals.szLdapAdminDn, NULL, NULL, 0}, {"ldap ssl", P_ENUM, P_GLOBAL, &Globals.ldap_ssl, NULL, enum_ldap_ssl, 0}, -#endif /* WITH_LDAP_SAM */ {"Miscellaneous Options", P_SEP, P_SEPARATOR}, {"add share command", P_STRING, P_GLOBAL, &Globals.szAddShareCommand, NULL, NULL, 0}, @@ -1019,6 +968,7 @@ static struct parm_struct parm_table[] = { {"auto services", P_STRING, P_GLOBAL, &Globals.szAutoServices, NULL, NULL, 0}, {"lock dir", P_STRING, P_GLOBAL, &Globals.szLockDir, NULL, NULL, 0}, {"lock directory", P_STRING, P_GLOBAL, &Globals.szLockDir, NULL, NULL, 0}, + {"pid directory", P_STRING, P_GLOBAL, &Globals.szPidDir, NULL, NULL, 0}, #ifdef WITH_UTMP {"utmp directory", P_STRING, P_GLOBAL, &Globals.szUtmpDir, NULL, NULL, 0}, {"wtmp directory", P_STRING, P_GLOBAL, &Globals.szWtmpDir, NULL, NULL, 0}, @@ -1241,7 +1191,7 @@ static void init_globals(void) string_set(&Globals.szSMBPasswdFile, dyn_SMB_PASSWD_FILE); string_set(&Globals.szPrivateDir, dyn_PRIVATE_DIR); - string_set(&Globals.szPassdbBackend, "smbpasswd"); + Globals.szPassdbBackend = str_list_make("smbpasswd unixsam"); /* use the new 'hash2' method by default */ string_set(&Globals.szManglingMethod, "hash2"); @@ -1258,6 +1208,7 @@ static void init_globals(void) string_set(&Globals.szWorkGroup, WORKGROUP); string_set(&Globals.szPasswdProgram, ""); string_set(&Globals.szPrintcapname, PRINTCAP_NAME); + string_set(&Globals.szPidDir, dyn_PIDDIR); string_set(&Globals.szLockDir, dyn_LOCKDIR); string_set(&Globals.szSocketAddress, "0.0.0.0"); pstrcpy(s, "Samba "); @@ -1277,6 +1228,8 @@ static void init_globals(void) string_set(&Globals.szNameResolveOrder, "lmhosts wins host bcast"); string_set(&Globals.szPasswordServer, "*"); + Globals.bAlgorithmicRidBase = BASE_RID; + Globals.bLoadPrinters = True; Globals.max_packet = 65535; Globals.mangled_stack = 50; @@ -1339,7 +1292,7 @@ static void init_globals(void) Globals.bNTPipeSupport = True; /* Do NT pipes by default. */ Globals.bNTStatusSupport = True; /* Use NT status by default. */ Globals.bStatCache = True; /* use stat cache by default */ - Globals.bRestrictAnonymous = False; + Globals.restrict_anonymous = 0; Globals.bLanmanAuth = True; /* Do use the LanMan hash if it is available */ Globals.bNTLMAuth = True; /* Do use NTLMv1 if it is available (otherwise NTLMv2) */ Globals.map_to_guest = 0; /* By Default, "Never" */ @@ -1353,12 +1306,12 @@ static void init_globals(void) #else Globals.bUseMmap = True; #endif + Globals.bUnixExtensions = False; /* hostname lookups can be very expensive and are broken on a large number of sites (tridge) */ Globals.bHostnameLookups = False; -#ifdef WITH_LDAP_SAM string_set(&Globals.szLdapSuffix, ""); string_set(&Globals.szLdapMachineSuffix, ""); string_set(&Globals.szLdapUserSuffix, ""); @@ -1366,27 +1319,6 @@ static void init_globals(void) string_set(&Globals.szLdapFilter, "(&(uid=%u)(objectclass=sambaAccount))"); string_set(&Globals.szLdapAdminDn, ""); Globals.ldap_ssl = LDAP_SSL_ON; -#endif /* WITH_LDAP_SAM */ - -#ifdef WITH_SSL - Globals.sslVersion = SMB_SSL_V23; - /* Globals.sslHostsRequire = NULL; - Globals.sslHostsResign = NULL; */ - string_set(&Globals.sslCaCertDir, ""); - string_set(&Globals.sslCaCertFile, ""); - string_set(&Globals.sslServerCert, ""); - string_set(&Globals.sslServerPrivKey, ""); - string_set(&Globals.sslClientCert, ""); - string_set(&Globals.sslClientPrivKey, ""); - string_set(&Globals.sslCiphers, ""); - string_set(&Globals.sslEgdSocket, ""); - string_set(&Globals.sslEntropyFile, ""); - Globals.sslEntropyBytes = 256; - Globals.sslEnabled = False; - Globals.sslReqClientCert = False; - Globals.sslReqServerCert = False; - Globals.sslCompatibility = False; -#endif /* WITH_SSL */ /* these parameters are set to defaults that are more appropriate for the increasing samba install base: @@ -1477,7 +1409,7 @@ static char *lp_string(const char *s) trim_string(ret, "\"", "\""); - standard_sub_basic(current_user_info.smb_name,ret); + standard_sub_basic(current_user_info.smb_name,ret,len+100); return (ret); } @@ -1489,6 +1421,8 @@ static char *lp_string(const char *s) #define FN_GLOBAL_STRING(fn_name,ptr) \ char *fn_name(void) {return(lp_string(*(char **)(ptr) ? *(char **)(ptr) : ""));} +#define FN_GLOBAL_CONST_STRING(fn_name,ptr) \ + const char *fn_name(void) {return(*(const char **)(ptr) ? *(const char **)(ptr) : "");} #define FN_GLOBAL_LIST(fn_name,ptr) \ char **fn_name(void) {return(*(char ***)(ptr));} #define FN_GLOBAL_BOOL(fn_name,ptr) \ @@ -1500,6 +1434,8 @@ static char *lp_string(const char *s) #define FN_LOCAL_STRING(fn_name,val) \ char *fn_name(int i) {return(lp_string((LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val));} +#define FN_LOCAL_CONST_STRING(fn_name,val) \ + const char *fn_name(int i) {return (const char *)((LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);} #define FN_LOCAL_LIST(fn_name,val) \ char **fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);} #define FN_LOCAL_BOOL(fn_name,val) \ @@ -1516,7 +1452,6 @@ FN_GLOBAL_STRING(lp_logfile, &Globals.szLogFile) FN_GLOBAL_STRING(lp_configfile, &Globals.szConfigFile) FN_GLOBAL_STRING(lp_smb_passwd_file, &Globals.szSMBPasswdFile) FN_GLOBAL_STRING(lp_private_dir, &Globals.szPrivateDir) -FN_GLOBAL_STRING(lp_passdb_backend, &Globals.szPassdbBackend) FN_GLOBAL_STRING(lp_serverstring, &Globals.szServerString) FN_GLOBAL_STRING(lp_printcapname, &Globals.szPrintcapname) FN_GLOBAL_STRING(lp_enumports_cmd, &Globals.szEnumPortsCommand) @@ -1524,6 +1459,7 @@ FN_GLOBAL_STRING(lp_addprinter_cmd, &Globals.szAddPrinterCommand) FN_GLOBAL_STRING(lp_deleteprinter_cmd, &Globals.szDeletePrinterCommand) FN_GLOBAL_STRING(lp_os2_driver_map, &Globals.szOs2DriverMap) FN_GLOBAL_STRING(lp_lockdir, &Globals.szLockDir) +FN_GLOBAL_STRING(lp_piddir, &Globals.szPidDir) FN_GLOBAL_STRING(lp_mangling_method, &Globals.szManglingMethod) #ifdef WITH_UTMP FN_GLOBAL_STRING(lp_utmpdir, &Globals.szUtmpDir) @@ -1545,18 +1481,19 @@ FN_GLOBAL_STRING(lp_workgroup, &Globals.szWorkGroup) FN_GLOBAL_STRING(lp_realm, &Globals.szRealm) FN_GLOBAL_STRING(lp_ads_server, &Globals.szADSserver) FN_GLOBAL_STRING(lp_username_map, &Globals.szUsernameMap) -FN_GLOBAL_STRING(lp_logon_script, &Globals.szLogonScript) -FN_GLOBAL_STRING(lp_logon_path, &Globals.szLogonPath) -FN_GLOBAL_STRING(lp_logon_drive, &Globals.szLogonDrive) -FN_GLOBAL_STRING(lp_logon_home, &Globals.szLogonHome) +FN_GLOBAL_CONST_STRING(lp_logon_script, &Globals.szLogonScript) +FN_GLOBAL_CONST_STRING(lp_logon_path, &Globals.szLogonPath) +FN_GLOBAL_CONST_STRING(lp_logon_drive, &Globals.szLogonDrive) +FN_GLOBAL_CONST_STRING(lp_logon_home, &Globals.szLogonHome) FN_GLOBAL_STRING(lp_remote_announce, &Globals.szRemoteAnnounce) FN_GLOBAL_STRING(lp_remote_browse_sync, &Globals.szRemoteBrowseSync) -FN_GLOBAL_STRING(lp_wins_server_list, &Globals.szWINSserver) +FN_GLOBAL_LIST(lp_wins_server_list, &Globals.szWINSservers) FN_GLOBAL_LIST(lp_interfaces, &Globals.szInterfaces) FN_GLOBAL_STRING(lp_socket_address, &Globals.szSocketAddress) FN_GLOBAL_STRING(lp_nis_home_map_name, &Globals.szNISHomeMapName) static FN_GLOBAL_STRING(lp_announce_version, &Globals.szAnnounceVersion) FN_GLOBAL_LIST(lp_netbios_aliases, &Globals.szNetbiosAliases) +FN_GLOBAL_LIST(lp_passdb_backend, &Globals.szPassdbBackend) FN_GLOBAL_STRING(lp_panic_action, &Globals.szPanicAction) FN_GLOBAL_STRING(lp_adduser_script, &Globals.szAddUserScript) FN_GLOBAL_STRING(lp_deluser_script, &Globals.szDelUserScript) @@ -1565,7 +1502,7 @@ FN_GLOBAL_STRING(lp_guestaccount, &Globals.szGuestaccount) FN_GLOBAL_STRING(lp_addgroup_script, &Globals.szAddGroupScript) FN_GLOBAL_STRING(lp_delgroup_script, &Globals.szDelGroupScript) FN_GLOBAL_STRING(lp_addusertogroup_script, &Globals.szAddUserToGroupScript) -FN_GLOBAL_STRING(lp_deluserfromgroup_script, &Globals.szDelUserToGroupScript) +FN_GLOBAL_STRING(lp_deluserfromgroup_script, &Globals.szDelUserFromGroupScript) FN_GLOBAL_STRING(lp_addmachine_script, &Globals.szAddMachineScript) @@ -1580,38 +1517,16 @@ FN_GLOBAL_STRING(lp_winbind_separator, &Globals.szWinbindSeparator) FN_GLOBAL_BOOL(lp_winbind_enum_users, &Globals.bWinbindEnumUsers) FN_GLOBAL_BOOL(lp_winbind_enum_groups, &Globals.bWinbindEnumGroups) FN_GLOBAL_BOOL(lp_winbind_use_default_domain, &Globals.bWinbindUseDefaultDomain) -#ifdef WITH_LDAP_SAM FN_GLOBAL_STRING(lp_ldap_suffix, &Globals.szLdapSuffix) FN_GLOBAL_STRING(lp_ldap_machine_suffix, &Globals.szLdapMachineSuffix) FN_GLOBAL_STRING(lp_ldap_user_suffix, &Globals.szLdapUserSuffix) FN_GLOBAL_STRING(lp_ldap_filter, &Globals.szLdapFilter) FN_GLOBAL_STRING(lp_ldap_admin_dn, &Globals.szLdapAdminDn) FN_GLOBAL_INTEGER(lp_ldap_ssl, &Globals.ldap_ssl) -#endif /* WITH_LDAP_SAM */ FN_GLOBAL_STRING(lp_add_share_cmd, &Globals.szAddShareCommand) FN_GLOBAL_STRING(lp_change_share_cmd, &Globals.szChangeShareCommand) FN_GLOBAL_STRING(lp_delete_share_cmd, &Globals.szDeleteShareCommand) -#ifdef WITH_SSL -FN_GLOBAL_INTEGER(lp_ssl_version, &Globals.sslVersion) -FN_GLOBAL_LIST(lp_ssl_hosts, &Globals.sslHostsRequire) -FN_GLOBAL_LIST(lp_ssl_hosts_resign, &Globals.sslHostsResign) -FN_GLOBAL_STRING(lp_ssl_cacertdir, &Globals.sslCaCertDir) -FN_GLOBAL_STRING(lp_ssl_cacertfile, &Globals.sslCaCertFile) -FN_GLOBAL_STRING(lp_ssl_server_cert, &Globals.sslServerCert) -FN_GLOBAL_STRING(lp_ssl_server_privkey, &Globals.sslServerPrivKey) -FN_GLOBAL_STRING(lp_ssl_client_cert, &Globals.sslClientCert) -FN_GLOBAL_STRING(lp_ssl_client_privkey, &Globals.sslClientPrivKey) -FN_GLOBAL_STRING(lp_ssl_ciphers, &Globals.sslCiphers) -FN_GLOBAL_STRING(lp_ssl_egdsocket, &Globals.sslEgdSocket) -FN_GLOBAL_STRING(lp_ssl_entropyfile, &Globals.sslEntropyFile) -FN_GLOBAL_INTEGER(lp_ssl_entropybytes, &Globals.sslEntropyBytes) -FN_GLOBAL_BOOL(lp_ssl_enabled, &Globals.sslEnabled) -FN_GLOBAL_BOOL(lp_ssl_reqClientCert, &Globals.sslReqClientCert) -FN_GLOBAL_BOOL(lp_ssl_reqServerCert, &Globals.sslReqServerCert) -FN_GLOBAL_BOOL(lp_ssl_compatibility, &Globals.sslCompatibility) -#endif /* WITH_SSL */ - FN_GLOBAL_BOOL(lp_ms_add_printer_wizard, &Globals.bMsAddPrinterWizard) FN_GLOBAL_BOOL(lp_dns_proxy, &Globals.bDNSproxy) FN_GLOBAL_BOOL(lp_wins_support, &Globals.bWINSsupport) @@ -1648,13 +1563,14 @@ FN_GLOBAL_BOOL(lp_nt_pipe_support, &Globals.bNTPipeSupport) FN_GLOBAL_BOOL(lp_nt_status_support, &Globals.bNTStatusSupport) FN_GLOBAL_BOOL(lp_stat_cache, &Globals.bStatCache) FN_GLOBAL_BOOL(lp_allow_trusted_domains, &Globals.bAllowTrustedDomains) -FN_GLOBAL_BOOL(lp_restrict_anonymous, &Globals.bRestrictAnonymous) +FN_GLOBAL_INTEGER(lp_restrict_anonymous, &Globals.restrict_anonymous) FN_GLOBAL_BOOL(lp_lanman_auth, &Globals.bLanmanAuth) FN_GLOBAL_BOOL(lp_ntlm_auth, &Globals.bNTLMAuth) FN_GLOBAL_BOOL(lp_host_msdfs, &Globals.bHostMSDfs) FN_GLOBAL_BOOL(lp_kernel_oplocks, &Globals.bKernelOplocks) FN_GLOBAL_BOOL(lp_enhanced_browsing, &Globals.enhanced_browsing) FN_GLOBAL_BOOL(lp_use_mmap, &Globals.bUseMmap) +FN_GLOBAL_BOOL(lp_unix_extensions, &Globals.bUnixExtensions) FN_GLOBAL_BOOL(lp_use_spnego, &Globals.bUseSpnego) FN_GLOBAL_BOOL(lp_hostname_lookups, &Globals.bHostnameLookups) FN_GLOBAL_INTEGER(lp_os_level, &Globals.os_level) @@ -1696,6 +1612,7 @@ FN_LOCAL_STRING(lp_postexec, szPostExec) FN_LOCAL_STRING(lp_rootpreexec, szRootPreExec) FN_LOCAL_STRING(lp_rootpostexec, szRootPostExec) FN_LOCAL_STRING(lp_servicename, szService) +FN_LOCAL_CONST_STRING(lp_const_servicename, szService) FN_LOCAL_STRING(lp_pathname, szPath) FN_LOCAL_STRING(lp_dontdescend, szDontdescend) FN_LOCAL_STRING(lp_username, szUsername) @@ -1793,9 +1710,53 @@ FN_LOCAL_INTEGER(lp_printing, iPrinting) FN_LOCAL_INTEGER(lp_oplock_contention_limit, iOplockContentionLimit) FN_LOCAL_INTEGER(lp_csc_policy, iCSCPolicy) FN_LOCAL_INTEGER(lp_write_cache_size, iWriteCacheSize) +FN_LOCAL_INTEGER(lp_block_size, iBlock_size) FN_LOCAL_CHAR(lp_magicchar, magic_char) FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time) FN_GLOBAL_BOOL(lp_hide_local_users, &Globals.bHideLocalUsers) +FN_GLOBAL_BOOL(lp_algorithmic_rid_base, &Globals.bAlgorithmicRidBase) + +typedef struct _param_opt_struct param_opt_struct; +struct _param_opt_struct { + char *key; + char *value; + param_opt_struct *prev, *next; +}; + +static param_opt_struct *param_opt = NULL; + +/* Return parametric option from given service. Type is a part of option before ':' */ +/* Parametric option has following syntax: 'Type: option = value' */ +/* Returned value is allocated in 'lp_talloc' context */ +char *lp_parm_string(const char *servicename, const char *type, const char *option) +{ + param_opt_struct *data; + pstring vfskey; + + if (param_opt != NULL) { + ZERO_STRUCT(vfskey); + pstr_sprintf(vfskey, "%s:%s:%s", (servicename==NULL) ? "global" : servicename, + type, option); + data = param_opt; + while (data) { + if (strcmp(data->key, vfskey) == 0) { + return lp_string(data->value); + } + data = data->next; + } + /* Try to fetch the same option but from globals */ + pstr_sprintf(vfskey, "global:%s:%s", type, option); + data = param_opt; + while (data) { + if (strcmp(data->key, vfskey) == 0) { + return lp_string(data->value); + } + data = data->next; + } + + } + return NULL; +} /* local prototypes */ @@ -1848,7 +1809,7 @@ static void free_service(service * pservice) PTR_DIFF(parm_table[i].ptr, &sDefault))); else if (parm_table[i].type == P_LIST && parm_table[i].class == P_LOCAL) - lp_list_free((char ***) + str_list_free((char ***) (((char *)pservice) + PTR_DIFF(parm_table[i].ptr, &sDefault))); } @@ -1925,9 +1886,12 @@ static int add_a_service(const service * pservice, const char *name) add a new home service, with the specified home directory, defaults coming from service ifrom. ***************************************************************************/ -BOOL lp_add_home(const char *pszHomename, int iDefaultService, const char *pszHomedir) +BOOL lp_add_home(const char *pszHomename, int iDefaultService, + const char *user, const char *pszHomedir) { int i; + pstring newHomedir; + SMB_STRUCT_STAT buf; /* if the user's home directory doesn't exist, then don't @@ -1941,21 +1905,29 @@ BOOL lp_add_home(const char *pszHomename, int iDefaultService, const char *pszHo return (False); if (!(*(ServicePtrs[i]->szPath)) - || strequal(ServicePtrs[i]->szPath, lp_pathname(-1))) - string_set(&ServicePtrs[i]->szPath, pszHomedir); + || strequal(ServicePtrs[i]->szPath, lp_pathname(-1))) { + pstrcpy(newHomedir, pszHomedir); + } else { + pstrcpy(newHomedir, lp_pathname(iDefaultService)); + string_sub(newHomedir,"%H", pszHomedir, sizeof(newHomedir)); + } + + string_set(&ServicePtrs[i]->szPath, newHomedir); + if (!(*(ServicePtrs[i]->comment))) { pstring comment; slprintf(comment, sizeof(comment) - 1, - "Home directory of %s", pszHomename); + "Home directory of %s", user); string_set(&ServicePtrs[i]->comment, comment); } ServicePtrs[i]->bAvailable = sDefault.bAvailable; ServicePtrs[i]->bBrowseable = sDefault.bBrowseable; DEBUG(3, - ("adding home directory %s at %s\n", pszHomename, pszHomedir)); - + ("adding home's share [%s] for user %s at %s\n", pszHomename, + user, newHomedir)); + return (True); } @@ -1999,6 +1971,7 @@ static BOOL lp_add_ipc(char *ipc_name, BOOL guest_ok) return (True); } +BOOL (*register_printer_fn)(const char *); /*************************************************************************** add a new printer service, with defaults coming from service iFrom. @@ -2031,6 +2004,10 @@ BOOL lp_add_printer(char *pszPrintername, int iDefaultService) DEBUG(3, ("adding printer service %s\n", pszPrintername)); + update_server_announce_as_printserver(); + if (register_printer_fn && (!(*register_printer_fn)(pszPrintername))) + return False; + return (True); } @@ -2049,7 +2026,12 @@ static int map_parameter(char *pszParmName) if (strwicmp(parm_table[iIndex].label, pszParmName) == 0) return (iIndex); - DEBUG(0, ("Unknown parameter encountered: \"%s\"\n", pszParmName)); + /* Warn only if it isn't parametric option */ + if (strchr(pszParmName, ':') == NULL) + DEBUG(0, ("Unknown parameter encountered: \"%s\"\n", pszParmName)); + /* We do return 'fail' for parametric options as well because they are + stored in different storage + */ return (-1); } @@ -2155,7 +2137,7 @@ static void copy_service(service * pserviceDest, strupper(*(char **)dest_ptr); break; case P_LIST: - lp_list_copy((char ***)dest_ptr, *(char ***)src_ptr); + str_list_copy((char ***)dest_ptr, *(char ***)src_ptr); break; default: break; @@ -2284,7 +2266,7 @@ BOOL lp_file_list_changed(void) time_t mod_time; pstrcpy(n2, f->name); - standard_sub_basic(current_user_info.smb_name, n2); + standard_sub_basic(current_user_info.smb_name, n2,sizeof(n2)); DEBUGADD(6, ("file %s -> %s last mod_time: %s\n", f->name, n2, ctime(&f->modtime))); @@ -2317,7 +2299,7 @@ static BOOL handle_netbios_name(char *pszParmValue, char **ptr) pstrcpy(netbios_name, pszParmValue); - standard_sub_basic(current_user_info.smb_name, netbios_name); + standard_sub_basic(current_user_info.smb_name, netbios_name,sizeof(netbios_name)); strupper(netbios_name); pstrcpy(global_myname, netbios_name); @@ -2399,7 +2381,7 @@ static BOOL handle_source_env(char *pszParmValue, char **ptr) pstrcpy(fname, pszParmValue); - standard_sub_basic(current_user_info.smb_name, fname); + standard_sub_basic(current_user_info.smb_name, fname,sizeof(fname)); string_set(ptr, pszParmValue); @@ -2457,7 +2439,7 @@ static BOOL handle_include(char *pszParmValue, char **ptr) pstring fname; pstrcpy(fname, pszParmValue); - standard_sub_basic(current_user_info.smb_name, fname); + standard_sub_basic(current_user_info.smb_name, fname,sizeof(fname)); add_to_file_list(pszParmValue, fname); @@ -2633,19 +2615,6 @@ static BOOL handle_non_unix_account_range(char *pszParmValue, char **ptr) return True; } -/*************************************************************************** - Handle the WINS SERVER list -***************************************************************************/ -static BOOL handle_wins_server_list( char *pszParmValue, char **ptr ) - { - if( !wins_srv_load_list( pszParmValue ) ) - return( False ); /* Parse failed. */ - - string_set( ptr, pszParmValue ); - return( True ); - } - - /*************************************************************************** Handle the DEBUG level list ***************************************************************************/ @@ -2657,7 +2626,6 @@ static BOOL handle_debug_list( char *pszParmValueIn, char **ptr ) return debug_parse_levels( pszParmValue ); } -#ifdef WITH_LDAP_SAM /*************************************************************************** Handle the ldap machine suffix option ***************************************************************************/ @@ -2740,7 +2708,6 @@ static BOOL handle_ldap_suffix( char *pszParmValue, char **ptr) string_set(ptr, suffix); return True; } -#endif /* WITH_LDAP_SAM */ /*************************************************************************** initialise a copymap @@ -2775,14 +2742,32 @@ then assume we are in the globals ***************************************************************************/ BOOL lp_do_parameter(int snum, char *pszParmName, char *pszParmValue) { - int parmnum, i; + int parmnum, i, slen; void *parm_ptr = NULL; /* where we are going to store the result */ void *def_ptr = NULL; + pstring vfskey; + char *sep; + param_opt_struct *paramo; parmnum = map_parameter(pszParmName); if (parmnum < 0) { + if ((sep=strchr(pszParmName, ':')) != NULL) { + *sep = 0; + ZERO_STRUCT(vfskey); + pstr_sprintf(vfskey, "%s:%s:", + (snum >= 0) ? lp_servicename(snum) : "global", pszParmName); + slen = strlen(vfskey); + safe_strcat(vfskey, sep+1, sizeof(pstring)); + trim_string(vfskey+slen, " ", " "); + paramo = smb_xmalloc(sizeof(param_opt_struct)); + paramo->key = strdup(vfskey); + paramo->value = strdup(pszParmValue); + DLIST_ADD(param_opt, paramo); + *sep = ':'; + return (True); + } DEBUG(0, ("Ignoring unknown parameter \"%s\"\n", pszParmName)); return (True); @@ -2790,7 +2775,7 @@ BOOL lp_do_parameter(int snum, char *pszParmName, char *pszParmValue) if (parm_table[parmnum].flags & FLAG_DEPRECATED) { - DEBUG(1, ("WARNING: The \"%s\"option is deprecated\n", + DEBUG(1, ("WARNING: The \"%s\" option is deprecated\n", pszParmName)); } @@ -2859,7 +2844,7 @@ BOOL lp_do_parameter(int snum, char *pszParmName, char *pszParmValue) break; case P_LIST: - *(char ***)parm_ptr = lp_list_make(pszParmValue); + *(char ***)parm_ptr = str_list_make(pszParmValue); break; case P_STRING: @@ -3006,7 +2991,7 @@ static BOOL equal_parameter(parm_type type, void *ptr1, void *ptr2) return (*((char *)ptr1) == *((char *)ptr2)); case P_LIST: - return lp_list_compare(*(char ***)ptr1, *(char ***)ptr2); + return str_list_compare(*(char ***)ptr1, *(char ***)ptr2); case P_GSTRING: case P_UGSTRING: @@ -3107,7 +3092,7 @@ static BOOL is_default(int i) switch (parm_table[i].type) { case P_LIST: - return lp_list_compare (parm_table[i].def.lvalue, + return str_list_compare (parm_table[i].def.lvalue, *(char ***)parm_table[i].ptr); case P_STRING: case P_USTRING: @@ -3142,6 +3127,9 @@ Display the contents of the global structure. static void dump_globals(FILE *f) { int i; + param_opt_struct *data; + char *s; + fprintf(f, "# Global parameters\n[global]\n"); for (i = 0; parm_table[i].label; i++) @@ -3155,6 +3143,17 @@ static void dump_globals(FILE *f) print_parameter(&parm_table[i], parm_table[i].ptr, f); fprintf(f, "\n"); } + if (param_opt != NULL) { + data = param_opt; + while(data) { + if (((s=strstr(data->key, "global")) == data->key) && + (*(s+strlen("global")) == ':')) { + fprintf(f, "\t%s = %s\n", s+strlen("global")+1, data->value); + } + data = data->next; + } + } + } /*************************************************************************** @@ -3169,13 +3168,15 @@ BOOL lp_is_default(int snum, struct parm_struct *parm) ((char *)&sDefault) + pdiff); } - /*************************************************************************** Display the contents of a single services record. ***************************************************************************/ static void dump_a_service(service * pService, FILE * f) { int i; + param_opt_struct *data; + char *s, *sn; + if (pService != &sDefault) fprintf(f, "\n[%s]\n", pService->szService); @@ -3207,6 +3208,17 @@ static void dump_a_service(service * pService, FILE * f) ((char *)pService) + pdiff, f); fprintf(f, "\n"); } + if (param_opt != NULL) { + data = param_opt; + sn = (pService == &sDefault) ? "global" : pService->szService; + while(data) { + if (((s=strstr(data->key, sn)) == data->key) && + (*(s+strlen(sn)) == ':')) { + fprintf(f, "\t%s = %s\n", s+strlen(sn)+1, data->value); + } + data = data->next; + } + } } @@ -3325,13 +3337,13 @@ static void lp_add_auto_services(char *str) homes = lp_servicenumber(HOMES_NAME); for (p = strtok(s, LIST_SEP); p; p = strtok(NULL, LIST_SEP)) { - char *home = get_user_service_home_dir(p); + char *home = get_user_home_dir(p); if (lp_servicenumber(p) >= 0) continue; if (home && homes >= 0) - lp_add_home(p, homes, home); + lp_add_home(p, homes, p, home); } SAFE_FREE(s); } @@ -3354,6 +3366,13 @@ void lp_add_one_printer(char *name, char *comment) } } +/* Announce ourselves as a print server */ + +void update_server_announce_as_printserver(void) +{ + default_server_announce |= SV_TYPE_PRINTQ_SERVER; +} + /*************************************************************************** Have we loaded a services file yet? ***************************************************************************/ @@ -3407,18 +3426,24 @@ static void lp_save_defaults(void) continue; switch (parm_table[i].type) { case P_LIST: - lp_list_copy(&(parm_table[i].def.lvalue), + str_list_copy(&(parm_table[i].def.lvalue), *(char ***)parm_table[i].ptr); break; case P_STRING: case P_USTRING: - parm_table[i].def.svalue = - strdup(*(char **)parm_table[i].ptr); + if (parm_table[i].ptr) { + parm_table[i].def.svalue = strdup(*(char **)parm_table[i].ptr); + } else { + parm_table[i].def.svalue = NULL; + } break; case P_GSTRING: case P_UGSTRING: - parm_table[i].def.svalue = - strdup((char *)parm_table[i].ptr); + if (parm_table[i].ptr) { + parm_table[i].def.svalue = strdup((char *)parm_table[i].ptr); + } else { + parm_table[i].def.svalue = NULL; + } break; case P_BOOL: case P_BOOLREV: @@ -3452,41 +3477,38 @@ static void set_server_role(void) switch (lp_security()) { case SEC_SHARE: - { - if (lp_domain_logons()) { - DEBUG(0, - ("Server's Role (logon server) conflicts with share-level security\n")); - } + if (lp_domain_logons()) + DEBUG(0, ("Server's Role (logon server) conflicts with share-level security\n")); + DEBUG(10,("set_server_role: ROLE_STANDALONE\n")); break; - } case SEC_SERVER: case SEC_DOMAIN: case SEC_ADS: - { if (lp_domain_logons()) { server_role = ROLE_DOMAIN_BDC; + DEBUG(10,("set_server_role:ROLE_DOMAIN_BDC\n")); break; } server_role = ROLE_DOMAIN_MEMBER; + DEBUG(10,("set_server_role: ROLE_DOMAIN_MEMBER\n")); break; - } case SEC_USER: - { if (lp_domain_logons()) { server_role = ROLE_DOMAIN_PDC; + DEBUG(10,("set_server_role: ROLE_DOMAIN_PDC\n")); break; } + DEBUG(10,("set_server_role: ROLE_STANDALONE\n")); break; - } default: - { - DEBUG(0, - ("Server's Role undefined due to unknown security mode\n")); - } + DEBUG(0, ("Server's Role undefined due to unknown security mode\n")); + DEBUG(10,("set_server_role: ROLE_STANDALONE\n")); + break; } } + /*************************************************************************** Load the services array from the services file. Return True on success, False on failure. @@ -3496,14 +3518,17 @@ BOOL lp_load(const char *pszFname, BOOL global_only, BOOL save_defaults, { pstring n2; BOOL bRetval; + param_opt_struct *data, *pdata; pstrcpy(n2, pszFname); - standard_sub_basic(current_user_info.smb_name, n2); + standard_sub_basic(current_user_info.smb_name, n2,sizeof(n2)); add_to_file_list(pszFname, n2); bRetval = False; + DEBUG(3, ("lp_load: refreshing parmaters\n")); + bInGlobalSection = True; bGlobalOnly = global_only; @@ -3515,6 +3540,18 @@ BOOL lp_load(const char *pszFname, BOOL global_only, BOOL save_defaults, lp_save_defaults(); } + if (param_opt != NULL) { + data = param_opt; + while (data) { + SAFE_FREE(data->key); + SAFE_FREE(data->value); + pdata = data->next; + SAFE_FREE(data); + data = pdata; + } + param_opt = NULL; + } + /* We get sections first, so have to start 'behind' to make up */ iServiceIndex = -1; bRetval = pm_process(n2, do_section, do_parameter); @@ -3540,7 +3577,7 @@ BOOL lp_load(const char *pszFname, BOOL global_only, BOOL save_defaults, /* Now we check bWINSsupport and set szWINSserver to 127.0.0.1 */ /* if bWINSsupport is true and we are in the client */ if (in_client && Globals.bWINSsupport) { - string_set(&Globals.szWINSserver, "127.0.0.1"); + lp_do_parameter(-1, "wins server", "127.0.0.1"); } init_iconv(); @@ -3548,7 +3585,6 @@ BOOL lp_load(const char *pszFname, BOOL global_only, BOOL save_defaults, return (bRetval); } - /*************************************************************************** reset the max number of services ***************************************************************************/ @@ -3620,7 +3656,7 @@ int lp_servicenumber(const char *pszServiceName) * service names */ fstrcpy(serviceName, ServicePtrs[iService]->szService); - standard_sub_basic(current_user_info.smb_name, serviceName); + standard_sub_basic(current_user_info.smb_name, serviceName,sizeof(serviceName)); if (strequal(serviceName, pszServiceName)) break; } @@ -3633,7 +3669,7 @@ int lp_servicenumber(const char *pszServiceName) } /******************************************************************* - A useful volume label function. Returns a string in DOS codepage. + A useful volume label function. ********************************************************************/ char *volume_label(int snum) @@ -3654,7 +3690,6 @@ static void set_default_server_announce_type(void) default_server_announce |= SV_TYPE_WORKSTATION; default_server_announce |= SV_TYPE_SERVER; default_server_announce |= SV_TYPE_SERVER_UNIX; - default_server_announce |= SV_TYPE_PRINTQ_SERVER; switch (lp_announce_as()) { @@ -3846,196 +3881,16 @@ void lp_set_name_resolve_order(char *new_order) Globals.szNameResolveOrder = new_order; } -char *lp_printername(int snum) +const char *lp_printername(int snum) { - char *ret = _lp_printername(snum); + const char *ret = _lp_printername(snum); if (ret == NULL || (ret != NULL && *ret == '\0')) - ret = lp_servicename(snum); + ret = lp_const_servicename(snum); return ret; } -/*********************************************************** - List Parameters manipulation functions -***********************************************************/ - -#define P_LIST_ABS 16 /* P_LIST Allocation Block Size */ - -char **lp_list_make(char *string) -{ - char **list, **rlist; - char *str, *s; - int num, lsize; - pstring tok; - - if (!string || !*string) return NULL; - s = strdup(string); - if (!s) { - DEBUG(0,("lp_list_make: Unable to allocate memory")); - return NULL; - } - - num = lsize = 0; - list = NULL; - - str = s; - while (next_token(&str, tok, LIST_SEP, sizeof(pstring))) - { - if (num == lsize) { - lsize += P_LIST_ABS; - rlist = (char **)Realloc(list, ((sizeof(char **)) * (lsize +1))); - if (!rlist) { - DEBUG(0,("lp_list_make: Unable to allocate memory")); - lp_list_free(&list); - SAFE_FREE(s); - return NULL; - } - else list = rlist; - memset (&list[num], 0, ((sizeof(char**)) * (P_LIST_ABS +1))); - } - - list[num] = strdup(tok); - if (!list[num]) { - DEBUG(0,("lp_list_make: Unable to allocate memory")); - lp_list_free(&list); - SAFE_FREE(s); - return NULL; - } - - num++; - } - - SAFE_FREE(s); - return list; -} - -BOOL lp_list_copy(char ***dest, char **src) -{ - char **list, **rlist; - int num, lsize; - - *dest = NULL; - if (!src) return False; - - num = lsize = 0; - list = NULL; - - while (src[num]) - { - if (num == lsize) { - lsize += P_LIST_ABS; - rlist = (char **)Realloc(list, ((sizeof(char **)) * (lsize +1))); - if (!rlist) { - DEBUG(0,("lp_list_copy: Unable to allocate memory")); - lp_list_free(&list); - return False; - } - else list = rlist; - memset (&list[num], 0, ((sizeof(char **)) * (P_LIST_ABS +1))); - } - - list[num] = strdup(src[num]); - if (!list[num]) { - DEBUG(0,("lp_list_copy: Unable to allocate memory")); - lp_list_free(&list); - return False; - } - - num++; - } - - *dest = list; - return True; -} - -/* return true if all the elemnts of the list matches exactly */ -BOOL lp_list_compare(char **list1, char **list2) -{ - int num; - - if (!list1 || !list2) return (list1 == list2); - - for (num = 0; list1[num]; num++) { - if (!list2[num]) return False; - if (!strcsequal(list1[num], list2[num])) return False; - } - if (list2[num]) return False; /* if list2 has more elements than list1 fail */ - - return True; -} - -void lp_list_free(char ***list) -{ - char **tlist; - - if (!list || !*list) return; - tlist = *list; - for(; *tlist; tlist++) SAFE_FREE(*tlist); - SAFE_FREE(*list); -} - -BOOL lp_list_substitute(char **list, const char *pattern, const char *insert) -{ - char *p, *s, *t; - ssize_t ls, lp, li, ld, i, d; - - if (!list) return False; - if (!pattern) return False; - if (!insert) return False; - - lp = (ssize_t)strlen(pattern); - li = (ssize_t)strlen(insert); - ld = li -lp; - - while (*list) - { - s = *list; - ls = (ssize_t)strlen(s); - - while ((p = strstr(s, pattern))) - { - t = *list; - d = p -t; - if (ld) - { - t = (char *) malloc(ls +ld +1); - if (!t) { - DEBUG(0,("lp_list_substitute: Unable to allocate memory")); - return False; - } - memcpy(t, *list, d); - memcpy(t +d +li, p +lp, ls -d -lp +1); - SAFE_FREE(*list); - *list = t; - ls += ld; - s = t +d +li; - } - - for (i = 0; i < li; i++) { - switch (insert[i]) { - case '`': - case '"': - case '\'': - case ';': - case '$': - case '%': - case '\r': - case '\n': - t[d +i] = '_'; - break; - default: - t[d +i] = insert[i]; - } - } - } - - list++; - } - - return True; -} - /**************************************************************** Compatibility fn. for 2.2.2 code..... *****************************************************************/ @@ -4087,5 +3942,25 @@ void lp_set_logfile(const char *name) const char *get_called_name(void) { extern fstring local_machine; - return (*local_machine) ? local_machine : global_myname; + static fstring called_name; + + if (! *local_machine) + return global_myname; + + /* + * Windows NT/2k uses "*SMBSERVER" and XP uses "*SMBSERV" + * arrggg!!! but we've already rewritten the client's + * netbios name at this point... + */ + + if (*local_machine) { + if (!StrCaseCmp(local_machine, "_SMBSERVER") || !StrCaseCmp(local_machine, "_SMBSERV")) { + fstrcpy(called_name, get_my_primary_ip()); + DEBUG(8,("get_called_name: assuming that client used IP address [%s] as called name.\n", + called_name)); + return called_name; + } + } + + return local_machine; } diff --git a/source3/passdb/machine_sid.c b/source3/passdb/machine_sid.c index 6436a2cd056..e1f7dec2a9b 100644 --- a/source3/passdb/machine_sid.c +++ b/source3/passdb/machine_sid.c @@ -4,6 +4,7 @@ Copyright (C) Jeremy Allison 1996-2002 Copyright (C) Andrew Tridgell 2002 Copyright (C) Gerald (Jerry) Carter 2000 + Copyright (C) Stefan (metze) Metzmacher 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -22,6 +23,13 @@ #include "includes.h" +/* NOTE! the global_sam_sid is the SID of our local SAM. This is only + equal to the domain SID when we are a DC, otherwise its our + workstation SID */ +static DOM_SID *global_sam_sid=NULL; + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_PASSDB /**************************************************************************** Read a SID from a file. This is for compatibility with the old MACHINE.SID @@ -68,13 +76,17 @@ static void generate_random_sid(DOM_SID *sid) Generate the global machine sid. ****************************************************************************/ -BOOL pdb_generate_sam_sid(void) +static BOOL pdb_generate_sam_sid(void) { char *fname = NULL; extern pstring global_myname; extern fstring global_myworkgroup; BOOL is_dc = False; + if(global_sam_sid==NULL) + if(!(global_sam_sid=(DOM_SID *)malloc(sizeof(DOM_SID)))) + return False; + generate_wellknown_sids(); switch (lp_server_role()) { @@ -87,7 +99,7 @@ BOOL pdb_generate_sam_sid(void) break; } - if (secrets_fetch_domain_sid(global_myname, &global_sam_sid)) { + if (secrets_fetch_domain_sid(global_myname, global_sam_sid)) { DOM_SID domain_sid; /* We got our sid. If not a pdc/bdc, we're done. */ @@ -98,19 +110,19 @@ BOOL pdb_generate_sam_sid(void) /* No domain sid and we're a pdc/bdc. Store it */ - if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) { + if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Can't store domain SID as a pdc/bdc.\n")); return False; } return True; } - if (!sid_equal(&domain_sid, &global_sam_sid)) { + if (!sid_equal(&domain_sid, global_sam_sid)) { /* Domain name sid doesn't match global sam sid. Re-store global sam sid as domain sid. */ DEBUG(0,("pdb_generate_sam_sid: Mismatched SIDs as a pdc/bdc.\n")); - if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) { + if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Can't re-store domain SID as a pdc/bdc.\n")); return False; } @@ -124,24 +136,23 @@ BOOL pdb_generate_sam_sid(void) /* check for an old MACHINE.SID file for backwards compatibility */ asprintf(&fname, "%s/MACHINE.SID", lp_private_dir()); - if (read_sid_from_file(fname, &global_sam_sid)) { + if (read_sid_from_file(fname, global_sam_sid)) { /* remember it for future reference and unlink the old MACHINE.SID */ - if (!secrets_store_domain_sid(global_myname, &global_sam_sid)) { + if (!secrets_store_domain_sid(global_myname, global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Failed to store SID from file.\n")); SAFE_FREE(fname); return False; } unlink(fname); if (is_dc) { - if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) { + if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Failed to store domain SID from file.\n")); SAFE_FREE(fname); return False; } } - /* Stored the old sid from MACHINE.SID successfully. - Patch from Stefan "metze" Metzmacher */ + /* Stored the old sid from MACHINE.SID successfully.*/ SAFE_FREE(fname); return True; } @@ -150,14 +161,14 @@ BOOL pdb_generate_sam_sid(void) /* we don't have the SID in secrets.tdb, we will need to generate one and save it */ - generate_random_sid(&global_sam_sid); + generate_random_sid(global_sam_sid); - if (!secrets_store_domain_sid(global_myname, &global_sam_sid)) { + if (!secrets_store_domain_sid(global_myname, global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Failed to store generated machine SID.\n")); return False; } if (is_dc) { - if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) { + if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Failed to store generated domain SID.\n")); return False; } @@ -165,3 +176,19 @@ BOOL pdb_generate_sam_sid(void) return True; } + +/* return our global_sam_sid */ +DOM_SID *get_global_sam_sid(void) +{ + if (global_sam_sid != NULL) + return global_sam_sid; + + /* memory for global_sam_sid is allocated in + pdb_generate_sam_sid() as needed */ + + if (!pdb_generate_sam_sid()) + global_sam_sid=NULL; + + return global_sam_sid; +} + diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 17aefe11590..4e3d558e987 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -23,13 +23,16 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_PASSDB + /* * This is set on startup - it defines the SID for this * machine, and therefore the SAM database for which it is * responsible. */ -extern DOM_SID global_sam_sid; +extern pstring global_myname; /************************************************************ Fill the SAM_ACCOUNT with default values. @@ -90,7 +93,7 @@ static void destroy_pdb_talloc(SAM_ACCOUNT **user) NTSTATUS pdb_init_sam_talloc(TALLOC_CTX *mem_ctx, SAM_ACCOUNT **user) { if (*user != NULL) { - DEBUG(0,("pdb_init_sam: SAM_ACCOUNT was non NULL\n")); + DEBUG(0,("pdb_init_sam_talloc: SAM_ACCOUNT was non NULL\n")); #if 0 smb_panic("non-NULL pointer passed to pdb_init_sam\n"); #endif @@ -105,7 +108,7 @@ NTSTATUS pdb_init_sam_talloc(TALLOC_CTX *mem_ctx, SAM_ACCOUNT **user) *user=(SAM_ACCOUNT *)talloc(mem_ctx, sizeof(SAM_ACCOUNT)); if (*user==NULL) { - DEBUG(0,("pdb_init_sam: error while allocating memory\n")); + DEBUG(0,("pdb_init_sam_talloc: error while allocating memory\n")); return NT_STATUS_NO_MEMORY; } @@ -150,59 +153,115 @@ NTSTATUS pdb_init_sam(SAM_ACCOUNT **user) Initialises a struct sam_passwd with sane values. ************************************************************/ -NTSTATUS pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, const struct passwd *pwd) +NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd) { - pstring str; GROUP_MAP map; - uint32 rid; - NTSTATUS nt_status; if (!pwd) { - new_sam_acct = NULL; return NT_STATUS_UNSUCCESSFUL; } - if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(new_sam_acct))) { - new_sam_acct = NULL; - return nt_status; - } + pdb_fill_default_sam(sam_account); + + pdb_set_username(sam_account, pwd->pw_name); + pdb_set_fullname(sam_account, pwd->pw_gecos); - pdb_set_username(*new_sam_acct, pwd->pw_name); - pdb_set_fullname(*new_sam_acct, pwd->pw_gecos); + pdb_set_unix_homedir(sam_account, pwd->pw_dir); - pdb_set_uid(*new_sam_acct, pwd->pw_uid); - pdb_set_gid(*new_sam_acct, pwd->pw_gid); + pdb_set_domain (sam_account, lp_workgroup()); + + pdb_set_uid(sam_account, pwd->pw_uid); + pdb_set_gid(sam_account, pwd->pw_gid); - /* let the backends set the rid!! - pdb_set_user_rid(*new_sam_acct, pdb_uid_to_user_rid(pwd->pw_uid)); - -- simo */ + /* When we get a proper uid -> SID and SID -> uid allocation + mechinism, we should call it here. + + We can't just set this to 0 or allow it only to be filled + in when added to the backend, becouse the user's SID + may already be in security descriptors etc. + + -- abartlet 11-May-02 + */ + + if (!pdb_set_user_sid_from_rid(sam_account, + fallback_pdb_uid_to_user_rid(pwd->pw_uid))) { + DEBUG(0,("Can't set User SID from RID!\n")); + return NT_STATUS_INVALID_PARAMETER; + } /* call the mapping code here */ if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) { - sid_peek_rid(&map.sid, &rid); + if (!pdb_set_group_sid(sam_account,&map.sid)){ + DEBUG(0,("Can't set Group SID!\n")); + return NT_STATUS_INVALID_PARAMETER; + } } else { - rid=pdb_gid_to_group_rid(pwd->pw_gid); + if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid))) { + DEBUG(0,("Can't set Group SID\n")); + return NT_STATUS_INVALID_PARAMETER; + } } + + /* check if this is a user account or a machine account */ + if (pwd->pw_name[strlen(pwd->pw_name)-1] != '$') + { + pdb_set_profile_path(sam_account, + talloc_sub_specified((sam_account)->mem_ctx, + lp_logon_path(), + pwd->pw_name, global_myname, + pwd->pw_uid, pwd->pw_gid), + False); + + pdb_set_homedir(sam_account, + talloc_sub_specified((sam_account)->mem_ctx, + lp_logon_home(), + pwd->pw_name, global_myname, + pwd->pw_uid, pwd->pw_gid), + False); + + pdb_set_dir_drive(sam_account, + talloc_sub_specified((sam_account)->mem_ctx, + lp_logon_drive(), + pwd->pw_name, global_myname, + pwd->pw_uid, pwd->pw_gid), + False); - pdb_set_group_rid(*new_sam_acct, rid); + pdb_set_logon_script(sam_account, + talloc_sub_specified((sam_account)->mem_ctx, + lp_logon_script(), + pwd->pw_name, global_myname, + pwd->pw_uid, pwd->pw_gid), + False); + } + return NT_STATUS_OK; +} - pstrcpy(str, lp_logon_path()); - standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, pwd->pw_name, str); - pdb_set_profile_path(*new_sam_acct, str, False); - - pstrcpy(str, lp_logon_home()); - standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, pwd->pw_name, str); - pdb_set_homedir(*new_sam_acct, str, False); - - pstrcpy(str, lp_logon_drive()); - standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, pwd->pw_name, str); - pdb_set_dir_drive(*new_sam_acct, str, False); - pstrcpy(str, lp_logon_script()); - standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, pwd->pw_name, str); - pdb_set_logon_script(*new_sam_acct, str, False); - +/************************************************************* + Initialises a struct sam_passwd with sane values. + ************************************************************/ + +NTSTATUS pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, const struct passwd *pwd) +{ + NTSTATUS nt_status; + + if (!pwd) { + new_sam_acct = NULL; + return NT_STATUS_UNSUCCESSFUL; + } + + if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(new_sam_acct))) { + new_sam_acct = NULL; + return nt_status; + } + + if (!NT_STATUS_IS_OK(nt_status = pdb_fill_sam_pw(*new_sam_acct, pwd))) { + pdb_free_sam(new_sam_acct); + new_sam_acct = NULL; + return nt_status; + } + return NT_STATUS_OK; } @@ -210,18 +269,21 @@ NTSTATUS pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, const struct passwd *pwd) /** * Free the contets of the SAM_ACCOUNT, but not the structure. * - * Also wipes the LM and NT hashes from memory. + * Also wipes the LM and NT hashes and plaintext passwrod from + * memory. * * @param user SAM_ACCOUNT to free members of. **/ static void pdb_free_sam_contents(SAM_ACCOUNT *user) { - /* As we start mallocing more strings this is where - we should free them. */ + + /* Kill off sensitive data. Free()ed by the + talloc mechinism */ data_blob_clear_free(&(user->private.lm_pw)); data_blob_clear_free(&(user->private.nt_pw)); + data_blob_clear_free(&(user->private.plaintext_pw)); } @@ -399,46 +461,14 @@ BOOL pdb_gethexpwd(const char *p, unsigned char *pwd) return (True); } -#if 0 /* seem it is not used by anyone */ -/******************************************************************* - Group and User RID username mapping function - ********************************************************************/ - -BOOL pdb_name_to_rid(const char *user_name, uint32 *u_rid, uint32 *g_rid) -{ - GROUP_MAP map; - struct passwd *pw = Get_Pwnam(user_name); - - if (u_rid == NULL || g_rid == NULL || user_name == NULL) - return False; - - if (!pw) { - DEBUG(1,("Username %s is invalid on this system\n", user_name)); - return False; - } - - /* turn the unix UID into a Domain RID. this is what the posix - sub-system does (adds 1000 to the uid) */ - *u_rid = fallback_pdb_uid_to_user_rid(pw->pw_uid); - - /* absolutely no idea what to do about the unix GID to Domain RID mapping */ - /* map it ! */ - if (get_group_map_from_gid(pw->pw_gid, &map, MAPPING_WITHOUT_PRIV)) { - sid_peek_rid(&map.sid, g_rid); - } else - *g_rid = pdb_gid_to_group_rid(pw->pw_gid); - - return True; -} -#endif /* seem it is not used by anyone */ - /******************************************************************* Converts NT user RID to a UNIX uid. ********************************************************************/ -static uid_t fallback_pdb_user_rid_to_uid(uint32 user_rid) +uid_t fallback_pdb_user_rid_to_uid(uint32 user_rid) { - return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER); + int rid_offset = lp_algorithmic_rid_base(); + return (uid_t)(((user_rid & (~USER_RID_TYPE))- rid_offset)/RID_MULTIPLIER); } @@ -446,9 +476,10 @@ static uid_t fallback_pdb_user_rid_to_uid(uint32 user_rid) converts UNIX uid to an NT User RID. ********************************************************************/ -static uint32 fallback_pdb_uid_to_user_rid(uid_t uid) +uint32 fallback_pdb_uid_to_user_rid(uid_t uid) { - return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE); + int rid_offset = lp_algorithmic_rid_base(); + return (((((uint32)uid)*RID_MULTIPLIER) + rid_offset) | USER_RID_TYPE); } /******************************************************************* @@ -457,7 +488,8 @@ static uint32 fallback_pdb_uid_to_user_rid(uid_t uid) gid_t pdb_group_rid_to_gid(uint32 group_rid) { - return (gid_t)(((group_rid & (~GROUP_RID_TYPE))- 1000)/RID_MULTIPLIER); + int rid_offset = lp_algorithmic_rid_base(); + return (gid_t)(((group_rid & (~GROUP_RID_TYPE))- rid_offset)/RID_MULTIPLIER); } /******************************************************************* @@ -470,7 +502,8 @@ gid_t pdb_group_rid_to_gid(uint32 group_rid) uint32 pdb_gid_to_group_rid(gid_t gid) { - return (((((uint32)gid)*RID_MULTIPLIER) + 1000) | GROUP_RID_TYPE); + int rid_offset = lp_algorithmic_rid_base(); + return (((((uint32)gid)*RID_MULTIPLIER) + rid_offset) | GROUP_RID_TYPE); } /******************************************************************* @@ -479,7 +512,10 @@ uint32 pdb_gid_to_group_rid(gid_t gid) static BOOL pdb_rid_is_well_known(uint32 rid) { - return (rid < 1000); + /* Not using rid_offset here, becouse this is the actual + NT fixed value (1000) */ + + return (rid < BASE_RID); } /******************************************************************* @@ -512,14 +548,14 @@ BOOL pdb_rid_is_user(uint32 rid) BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use) { uint32 rid; - BOOL is_user; SAM_ACCOUNT *sam_account = NULL; - uid_t uid; - struct passwd *pass; GROUP_MAP map; - - sid_peek_rid(sid, &rid); + if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)){ + DEBUG(0,("local_sid_to_gid: sid_peek_check_rid return False! SID: %s\n", + sid_string_static(&map.sid))); + return False; + } *psid_name_use = SID_NAME_UNKNOWN; DEBUG(5,("local_lookup_sid: looking up RID %u.\n", (unsigned int)rid)); @@ -557,7 +593,8 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use return False; } - if (pdb_getsampwrid(sam_account, rid)) { + /* This now does the 'generic' mapping in pdb_unix */ + if (pdb_getsampwsid(sam_account, sid)) { fstrcpy(name, pdb_get_username(sam_account)); *psid_name_use = SID_NAME_USER; @@ -565,47 +602,36 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use return True; } - + pdb_free_sam(&sam_account); if (get_group_map_from_sid(*sid, &map, MAPPING_WITHOUT_PRIV)) { if (map.gid!=-1) { DEBUG(5,("local_lookup_sid: mapped group %s to gid %u\n", map.nt_name, (unsigned int)map.gid)); - fstrcpy(name, map.nt_name); - *psid_name_use = map.sid_name_use; - return True; + } else { + DEBUG(5,("local_lookup_sid: mapped group %s to no unix gid. Returning name.\n", map.nt_name)); } - } - - is_user = pdb_rid_is_user(rid); - DEBUG(5, ("assuming RID %u is a %s\n", (unsigned)rid, is_user ? "user" : "group")); + fstrcpy(name, map.nt_name); + *psid_name_use = map.sid_name_use; + return True; + } if (pdb_rid_is_user(rid)) { - uid = fallback_pdb_user_rid_to_uid(rid); - pass = getpwuid_alloc(uid); - - *psid_name_use = SID_NAME_USER; - - DEBUG(5,("local_lookup_sid: looking up uid %u %s\n", (unsigned int)uid, - pass ? "succeeded" : "failed" )); - - if(!pass) { - slprintf(name, sizeof(fstring)-1, "unix_user.%u", (unsigned int)uid); - return True; - } - - fstrcpy(name, pass->pw_name); - - DEBUG(5,("local_lookup_sid: found user %s for rid %u\n", name, - (unsigned int)rid )); - - passwd_free(&pass); - + uid_t uid; + + DEBUG(5, ("assuming RID %u is a user\n", (unsigned)rid)); + + uid = fallback_pdb_user_rid_to_uid(rid); + slprintf(name, sizeof(fstring)-1, "unix_user.%u", (unsigned int)uid); + + return False; /* Indicates that this user was 'not mapped' */ } else { gid_t gid; struct group *gr; + DEBUG(5, ("assuming RID %u is a group\n", (unsigned)rid)); + gid = pdb_group_rid_to_gid(rid); gr = getgrgid(gid); @@ -616,15 +642,15 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use if(!gr) { slprintf(name, sizeof(fstring)-1, "unix_group.%u", (unsigned int)gid); - return False; + return False; /* Indicates that this group was 'not mapped' */ } fstrcpy( name, gr->gr_name); DEBUG(5,("local_lookup_sid: found group %s for rid %u\n", name, (unsigned int)rid )); + return True; } - return True; } /******************************************************************* @@ -634,11 +660,12 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psid_name_use) { extern DOM_SID global_sid_World_Domain; - struct passwd *pass = NULL; DOM_SID local_sid; fstring user; SAM_ACCOUNT *sam_account = NULL; - + struct group *grp; + GROUP_MAP map; + *psid_name_use = SID_NAME_UNKNOWN; /* @@ -648,7 +675,7 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi fstrcpy(user, c_user); - sid_copy(&local_sid, &global_sam_sid); + sid_copy(&local_sid, get_global_sam_sid()); /* * Special case for MACHINE\Everyone. Map to the world_sid. @@ -674,62 +701,54 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi } if (pdb_getsampwnam(sam_account, user)) { - sid_append_rid( &local_sid, pdb_get_user_rid(sam_account)); + sid_copy(psid, pdb_get_user_sid(sam_account)); *psid_name_use = SID_NAME_USER; - sid_copy( psid, &local_sid); pdb_free_sam(&sam_account); return True; } pdb_free_sam(&sam_account); - if ((pass = Get_Pwnam(user))) { - sid_append_rid( &local_sid, fallback_pdb_uid_to_user_rid(pass->pw_uid)); - *psid_name_use = SID_NAME_USER; + /* + * Maybe it was a group ? + */ + /* check if it's a mapped group */ + if (get_group_map_from_ntname(user, &map, MAPPING_WITHOUT_PRIV)) { + if (map.gid!=-1) { + /* yes it's a mapped group to a valid unix group */ + sid_copy(&local_sid, &map.sid); + *psid_name_use = map.sid_name_use; + } + else { + /* it's a correct name but not mapped so it points to nothing*/ + return False; + } } else { - /* - * Maybe it was a group ? + /* it's not a mapped group */ + grp = getgrnam(user); + if(!grp) + return False; + + /* + *check if it's mapped, if it is reply it doesn't exist + * + * that's to prevent this case: + * + * unix group ug is mapped to nt group ng + * someone does a lookup on ug + * we must not reply as it doesn't "exist" anymore + * for NT. For NT only ng exists. + * JFM, 30/11/2001 */ - struct group *grp; - GROUP_MAP map; - /* check if it's a mapped group */ - if (get_group_map_from_ntname(user, &map, MAPPING_WITHOUT_PRIV)) { - if (map.gid!=-1) { - /* yes it's a mapped group to a valid unix group */ - sid_copy(&local_sid, &map.sid); - *psid_name_use = map.sid_name_use; - } - else - /* it's a correct name but not mapped so it points to nothing*/ - return False; - } else { - /* it's not a mapped group */ - grp = getgrnam(user); - if(!grp) - return False; - - /* - *check if it's mapped, if it is reply it doesn't exist - * - * that's to prevent this case: - * - * unix group ug is mapped to nt group ng - * someone does a lookup on ug - * we must not reply as it doesn't "exist" anymore - * for NT. For NT only ng exists. - * JFM, 30/11/2001 - */ - - if(get_group_map_from_gid(grp->gr_gid, &map, MAPPING_WITHOUT_PRIV)){ - return False; - } - - sid_append_rid( &local_sid, pdb_gid_to_group_rid(grp->gr_gid)); - *psid_name_use = SID_NAME_ALIAS; + if (get_group_map_from_gid(grp->gr_gid, &map, MAPPING_WITHOUT_PRIV)){ + return False; } + + sid_append_rid( &local_sid, pdb_gid_to_group_rid(grp->gr_gid)); + *psid_name_use = SID_NAME_ALIAS; } sid_copy( psid, &local_sid); @@ -743,12 +762,11 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid) { - extern DOM_SID global_sam_sid; struct passwd *pass; SAM_ACCOUNT *sam_user = NULL; fstring str; /* sid string buffer */ - sid_copy(psid, &global_sam_sid); + sid_copy(psid, get_global_sam_sid()); if((pass = getpwuid_alloc(uid))) { @@ -758,7 +776,7 @@ DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid) } if (pdb_getsampwnam(sam_user, pass->pw_name)) { - sid_append_rid(psid, pdb_get_user_rid(sam_user)); + sid_copy(psid, pdb_get_user_sid(sam_user)); } else { sid_append_rid(psid, fallback_pdb_uid_to_user_rid(uid)); } @@ -786,8 +804,6 @@ DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid) BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type) { - extern DOM_SID global_sam_sid; - DOM_SID dom_sid; uint32 rid; fstring str; @@ -802,13 +818,13 @@ BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type) * We can only convert to a uid if this is our local * Domain SID (ie. we are the controling authority). */ - if (!sid_equal(&global_sam_sid, &dom_sid)) + if (!sid_equal(get_global_sam_sid(), &dom_sid)) return False; if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user))) return False; - if (pdb_getsampwrid(sam_user, rid)) { + if (pdb_getsampwsid(sam_user, psid)) { *puid = pdb_get_uid(sam_user); if (*puid == -1) { pdb_free_sam(&sam_user); @@ -817,14 +833,9 @@ BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type) DEBUG(10,("local_sid_to_uid: SID %s -> uid (%u) (%s).\n", sid_to_string( str, psid), (unsigned int)*puid, pdb_get_username(sam_user))); } else { - if (pdb_rid_is_user(rid)) { - *puid = fallback_pdb_user_rid_to_uid(rid); - DEBUG(10,("local_sid_to_uid: SID %s -> uid (%u) (non-passdb user).\n", sid_to_string( str, psid), - (unsigned int)*puid)); - } else { - pdb_free_sam(&sam_user); - return False; - } + DEBUG(5,("local_sid_to_uid: SID %s not mapped becouse RID was not found in passdb.\n", sid_to_string( str, psid))); + pdb_free_sam(&sam_user); + return False; } pdb_free_sam(&sam_user); @@ -839,14 +850,13 @@ BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type) DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid) { - extern DOM_SID global_sam_sid; GROUP_MAP map; - sid_copy(psid, &global_sam_sid); + sid_copy(psid, get_global_sam_sid()); if (get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) { sid_copy(psid, &map.sid); - } + } else { sid_append_rid(psid, pdb_gid_to_group_rid(gid)); } @@ -860,11 +870,9 @@ DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid) BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type) { - extern DOM_SID global_sam_sid; DOM_SID dom_sid; uint32 rid; fstring str; - struct group *grp; GROUP_MAP map; *name_type = SID_NAME_UNKNOWN; @@ -879,7 +887,7 @@ BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type) * Or in the Builtin SID too. JFM, 11/30/2001 */ - if (!sid_equal(&global_sam_sid, &dom_sid)) + if (!sid_equal(get_global_sam_sid(), &dom_sid)) return False; if (get_group_map_from_sid(*psid, &map, MAPPING_WITHOUT_PRIV)) { @@ -888,27 +896,26 @@ BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type) if (map.gid==-1) return False; - sid_peek_rid(&map.sid, &rid); + if (!sid_peek_check_rid(get_global_sam_sid(), &map.sid, &rid)){ + DEBUG(0,("local_sid_to_gid: sid_peek_check_rid return False! SID: %s\n", + sid_string_static(&map.sid))); + return False; + } *pgid = map.gid; *name_type = map.sid_name_use; + DEBUG(10,("local_sid_to_gid: mapped SID %s (%s) -> gid (%u).\n", sid_to_string( str, psid), + map.nt_name, (unsigned int)*pgid)); + } else { if (pdb_rid_is_user(rid)) return False; *pgid = pdb_group_rid_to_gid(rid); *name_type = SID_NAME_ALIAS; + DEBUG(10,("local_sid_to_gid: SID %s -> gid (%u).\n", sid_to_string( str, psid), + (unsigned int)*pgid)); } - /* - * Ensure this gid really does exist. - */ - - if(!(grp = getgrgid(*pgid))) - return False; - - DEBUG(10,("local_sid_to_gid: SID %s -> gid (%u) (%s).\n", sid_to_string( str, psid), - (unsigned int)*pgid, grp->gr_name )); - return True; } @@ -917,7 +924,7 @@ BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type) * @return static buffer containing the converted string **/ -static char *pdb_convert(const UNISTR2 *from) +const char *pdb_unistr2_convert(const UNISTR2 *from) { static pstring convert_buffer; *convert_buffer = 0; @@ -929,122 +936,6 @@ static char *pdb_convert(const UNISTR2 *from) return convert_buffer; } -/************************************************************* - Copies a SAM_USER_INFO_23 to a SAM_ACCOUNT - **************************************************************/ - -void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from) -{ - - if (from == NULL || to == NULL) - return; - - pdb_set_logon_time(to,nt_time_to_unix(&from->logon_time), True); - pdb_set_logoff_time(to,nt_time_to_unix(&from->logoff_time), True); - pdb_set_kickoff_time(to, nt_time_to_unix(&from->kickoff_time), True); - pdb_set_pass_can_change_time(to, nt_time_to_unix(&from->pass_can_change_time), True); - pdb_set_pass_must_change_time(to, nt_time_to_unix(&from->pass_must_change_time), True); - - pdb_set_pass_last_set_time(to, nt_time_to_unix(&from->pass_last_set_time)); - - if (from->uni_user_name.buffer) - pdb_set_username(to , pdb_convert(&from->uni_user_name )); - if (from->uni_full_name.buffer) - pdb_set_fullname(to , pdb_convert(&from->uni_full_name )); - if (from->uni_home_dir.buffer) - pdb_set_homedir(to , pdb_convert(&from->uni_home_dir ), True); - if (from->uni_dir_drive.buffer) - pdb_set_dir_drive(to , pdb_convert(&from->uni_dir_drive ), True); - if (from->uni_logon_script.buffer) - pdb_set_logon_script(to , pdb_convert(&from->uni_logon_script), True); - if (from->uni_profile_path.buffer) - pdb_set_profile_path(to , pdb_convert(&from->uni_profile_path), True); - if (from->uni_acct_desc.buffer) - pdb_set_acct_desc(to , pdb_convert(&from->uni_acct_desc )); - if (from->uni_workstations.buffer) - pdb_set_workstations(to , pdb_convert(&from->uni_workstations)); - if (from->uni_unknown_str.buffer) - pdb_set_unknown_str(to , pdb_convert(&from->uni_unknown_str )); - if (from->uni_munged_dial.buffer) - pdb_set_munged_dial(to , pdb_convert(&from->uni_munged_dial )); - - if (from->user_rid) - pdb_set_user_rid(to, from->user_rid); - if (from->group_rid) - pdb_set_group_rid(to, from->group_rid); - - pdb_set_acct_ctrl(to, from->acb_info); - pdb_set_unknown_3(to, from->unknown_3); - - pdb_set_logon_divs(to, from->logon_divs); - pdb_set_hours_len(to, from->logon_hrs.len); - pdb_set_hours(to, from->logon_hrs.hours); - - pdb_set_unknown_5(to, from->unknown_5); - pdb_set_unknown_6(to, from->unknown_6); -} - - -/************************************************************* - Copies a sam passwd. - **************************************************************/ - -void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from) -{ - if (from == NULL || to == NULL) - return; - - pdb_set_logon_time(to,nt_time_to_unix(&from->logon_time), True); - pdb_set_logoff_time(to,nt_time_to_unix(&from->logoff_time), True); - pdb_set_kickoff_time(to, nt_time_to_unix(&from->kickoff_time), True); - pdb_set_pass_can_change_time(to, nt_time_to_unix(&from->pass_can_change_time), True); - pdb_set_pass_must_change_time(to, nt_time_to_unix(&from->pass_must_change_time), True); - - pdb_set_pass_last_set_time(to, nt_time_to_unix(&from->pass_last_set_time)); - - if (from->uni_user_name.buffer) - pdb_set_username(to , pdb_convert(&from->uni_user_name )); - if (from->uni_full_name.buffer) - pdb_set_fullname(to , pdb_convert(&from->uni_full_name )); - if (from->uni_home_dir.buffer) - pdb_set_homedir(to , pdb_convert(&from->uni_home_dir ), True); - if (from->uni_dir_drive.buffer) - pdb_set_dir_drive(to , pdb_convert(&from->uni_dir_drive ), True); - if (from->uni_logon_script.buffer) - pdb_set_logon_script(to , pdb_convert(&from->uni_logon_script), True); - if (from->uni_profile_path.buffer) - pdb_set_profile_path(to , pdb_convert(&from->uni_profile_path), True); - if (from->uni_acct_desc.buffer) - pdb_set_acct_desc(to , pdb_convert(&from->uni_acct_desc )); - if (from->uni_workstations.buffer) - pdb_set_workstations(to , pdb_convert(&from->uni_workstations)); - if (from->uni_unknown_str.buffer) - pdb_set_unknown_str(to , pdb_convert(&from->uni_unknown_str )); - if (from->uni_munged_dial.buffer) - pdb_set_munged_dial(to , pdb_convert(&from->uni_munged_dial )); - - if (from->user_rid) - pdb_set_user_rid(to, from->user_rid); - if (from->group_rid) - pdb_set_group_rid(to, from->group_rid); - - /* FIXME!! Do we need to copy the passwords here as well? - I don't know. Need to figure this out --jerry */ - - /* Passwords dealt with in caller --abartlet */ - - pdb_set_acct_ctrl(to, from->acb_info); - pdb_set_unknown_3(to, from->unknown_3); - - pdb_set_logon_divs(to, from->logon_divs); - pdb_set_hours_len(to, from->logon_hrs.len); - pdb_set_hours(to, from->logon_hrs.hours); - - pdb_set_unknown_5(to, from->unknown_5); - pdb_set_unknown_6(to, from->unknown_6); -} - - /************************************************************* Change a password entry in the local smbpasswd file. diff --git a/source3/passdb/passgrp.c b/source3/passdb/passgrp.c index d7ed9656480..f73591793f5 100644 --- a/source3/passdb/passgrp.c +++ b/source3/passdb/passgrp.c @@ -21,6 +21,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_PASSDB + /* * NOTE. All these functions are abstracted into a structure * that points to the correct function for the selected database. JRA. diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index cf77efd38fe..dff4b40f4de 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -5,6 +5,7 @@ Copyright (C) Luke Kenneth Casson Leighton 1996-1998 Copyright (C) Gerald (Jerry) Carter 2000-2001 Copyright (C) Andrew Bartlett 2001-2002 + Copyright (C) Stefan (metze) Metzmacher 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -23,6 +24,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_PASSDB + /** * @todo Redefine this to NULL, but this changes the API becouse * much of samba assumes that the pdb_get...() funtions @@ -138,22 +142,36 @@ const uint8* pdb_get_lanman_passwd (const SAM_ACCOUNT *sampass) return (NULL); } -uint32 pdb_get_user_rid (const SAM_ACCOUNT *sampass) +/* Return the plaintext password if known. Most of the time + it isn't, so don't assume anything magic about this function. + + Used to pass the plaintext to passdb backends that might + want to store more than just the NTLM hashes. +*/ +const char* pdb_get_plaintext_passwd (const SAM_ACCOUNT *sampass) { - if (sampass) - return (sampass->private.user_rid); + if (sampass) { + return ((char*)sampass->private.plaintext_pw.data); + } else - return (-1); + return (NULL); } - -uint32 pdb_get_group_rid (const SAM_ACCOUNT *sampass) +const DOM_SID *pdb_get_user_sid(const SAM_ACCOUNT *sampass) { - if (sampass) - return (sampass->private.group_rid); + if (sampass) + return &sampass->private.user_sid; else - return (-1); + return (NULL); } +const DOM_SID *pdb_get_group_sid(const SAM_ACCOUNT *sampass) +{ + if (sampass) + return &sampass->private.group_sid; + else + return (NULL); +} + /** * Get flags showing what is initalised in the SAM_ACCOUNT * @param sampass the SAM_ACCOUNT in question @@ -224,6 +242,14 @@ const char* pdb_get_homedir (const SAM_ACCOUNT *sampass) return (NULL); } +const char* pdb_get_unix_homedir (const SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->private.unix_home_dir); + else + return (NULL); +} + const char* pdb_get_dirdrive (const SAM_ACCOUNT *sampass) { if (sampass) @@ -461,27 +487,72 @@ BOOL pdb_set_gid (SAM_ACCOUNT *sampass, const gid_t gid) } -BOOL pdb_set_user_rid (SAM_ACCOUNT *sampass, uint32 rid) +BOOL pdb_set_user_sid (SAM_ACCOUNT *sampass, DOM_SID *u_sid) { - if (!sampass) + if (!sampass || !u_sid) return False; + + sid_copy(&sampass->private.user_sid, u_sid); - DEBUG(10, ("pdb_set_rid: setting user rid %d, was %d\n", - rid, sampass->private.user_rid)); - - sampass->private.user_rid = rid; + DEBUG(10, ("pdb_set_user_sid: setting user sid %s\n", + sid_string_static(&sampass->private.user_sid))); + return True; } -BOOL pdb_set_group_rid (SAM_ACCOUNT *sampass, uint32 grid) +BOOL pdb_set_user_sid_from_string (SAM_ACCOUNT *sampass, fstring u_sid) { - if (!sampass) + DOM_SID new_sid; + if (!sampass || !u_sid) return False; - DEBUG(10, ("pdb_set_group_rid: setting group rid %d, was %d\n", - grid, sampass->private.group_rid)); - - sampass->private.group_rid = grid; + DEBUG(10, ("pdb_set_user_sid_from_string: setting user sid %s\n", + u_sid)); + + if (!string_to_sid(&new_sid, u_sid)) { + DEBUG(1, ("pdb_set_user_sid_from_string: %s isn't a valid SID!\n", u_sid)); + return False; + } + + if (!pdb_set_user_sid(sampass, &new_sid)) { + DEBUG(1, ("pdb_set_user_sid_from_string: could not set sid %s on SAM_ACCOUNT!\n", u_sid)); + return False; + } + + return True; +} + +BOOL pdb_set_group_sid (SAM_ACCOUNT *sampass, DOM_SID *g_sid) +{ + if (!sampass || !g_sid) + return False; + + sid_copy(&sampass->private.group_sid, g_sid); + + DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n", + sid_string_static(&sampass->private.group_sid))); + + return True; +} + +BOOL pdb_set_group_sid_from_string (SAM_ACCOUNT *sampass, fstring g_sid) +{ + DOM_SID new_sid; + if (!sampass || !g_sid) + return False; + + DEBUG(10, ("pdb_set_group_sid_from_string: setting group sid %s\n", + g_sid)); + + if (!string_to_sid(&new_sid, g_sid)) { + DEBUG(1, ("pdb_set_group_sid_from_string: %s isn't a valid SID!\n", g_sid)); + return False; + } + + if (!pdb_set_group_sid(sampass, &new_sid)) { + DEBUG(1, ("pdb_set_group_sid_from_string: could not set sid %s on SAM_ACCOUNT!\n", g_sid)); + return False; + } return True; } @@ -618,7 +689,7 @@ BOOL pdb_set_logon_script(SAM_ACCOUNT *sampass, const char *logon_script, BOOL s } if (store) { - DEBUG(10, ("pdb_set_logon_script: setting logon script sam flag!")); + DEBUG(10, ("pdb_set_logon_script: setting logon script sam flag!\n")); pdb_set_init_flag(sampass, FLAG_SAM_LOGONSCRIPT); } @@ -650,7 +721,7 @@ BOOL pdb_set_profile_path (SAM_ACCOUNT *sampass, const char *profile_path, BOOL } if (store) { - DEBUG(10, ("pdb_set_profile_path: setting profile path sam flag!")); + DEBUG(10, ("pdb_set_profile_path: setting profile path sam flag!\n")); pdb_set_init_flag(sampass, FLAG_SAM_PROFILE); } @@ -682,7 +753,7 @@ BOOL pdb_set_dir_drive (SAM_ACCOUNT *sampass, const char *dir_drive, BOOL store) } if (store) { - DEBUG(10, ("pdb_set_dir_drive: setting dir drive sam flag!")); + DEBUG(10, ("pdb_set_dir_drive: setting dir drive sam flag!\n")); pdb_set_init_flag(sampass, FLAG_SAM_DRIVE); } @@ -714,13 +785,41 @@ BOOL pdb_set_homedir (SAM_ACCOUNT *sampass, const char *home_dir, BOOL store) } if (store) { - DEBUG(10, ("pdb_set_homedir: setting home dir sam flag!")); + DEBUG(10, ("pdb_set_homedir: setting home dir sam flag!\n")); pdb_set_init_flag(sampass, FLAG_SAM_SMBHOME); } return True; } +/********************************************************************* + Set the user's unix home directory. + ********************************************************************/ + +BOOL pdb_set_unix_homedir (SAM_ACCOUNT *sampass, const char *unix_home_dir) +{ + if (!sampass) + return False; + + if (unix_home_dir) { + DEBUG(10, ("pdb_set_unix_homedir: setting home dir %s, was %s\n", unix_home_dir, + (sampass->private.unix_home_dir)?(sampass->private.unix_home_dir):"NULL")); + + sampass->private.unix_home_dir = talloc_strdup(sampass->mem_ctx, + unix_home_dir); + + if (!sampass->private.unix_home_dir) { + DEBUG(0, ("pdb_set_unix_home_dir: talloc_strdup() failed!\n")); + return False; + } + + } else { + sampass->private.unix_home_dir = PDB_NOT_QUITE_NULL; + } + + return True; +} + /********************************************************************* Set the user's account description. ********************************************************************/ @@ -840,7 +939,7 @@ BOOL pdb_set_nt_passwd (SAM_ACCOUNT *sampass, const uint8 *pwd) Set the user's LM hash. ********************************************************************/ -BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, const uint8 *pwd) +BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, const uint8 pwd[16]) { if (!sampass) return False; @@ -852,6 +951,23 @@ BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, const uint8 *pwd) return True; } +/********************************************************************* + Set the user's plaintext password only (base procedure, see helper + below) + ********************************************************************/ + +BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const uint8 *password, size_t len) +{ + if (!sampass) + return False; + + data_blob_clear_free(&sampass->private.plaintext_pw); + + sampass->private.plaintext_pw = data_blob(password, len); + + return True; +} + BOOL pdb_set_unknown_3 (SAM_ACCOUNT *sampass, uint32 unkn) { if (!sampass) diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 435b627da60..3b0f54b2b3a 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -1,18 +1,19 @@ /* Unix SMB/CIFS implementation. Password and authentication handling - Copyright (C) Andrew Bartlett 2002 - + Copyright (C) Andrew Bartlett 2002 + Copyright (C) Jelmer Vernooij 2002 + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. @@ -20,6 +21,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_PASSDB + /** List of various built-in passdb modules */ const struct pdb_init_function_entry builtin_pdb_init_functions[] = { @@ -29,102 +33,199 @@ const struct pdb_init_function_entry builtin_pdb_init_functions[] = { { "tdbsam_nua", pdb_init_tdbsam_nua }, { "ldapsam", pdb_init_ldapsam }, { "ldapsam_nua", pdb_init_ldapsam_nua }, -#if 0 - { "nisplus", pdb_init_nisplus }, - { "unix", pdb_init_unix }, -#endif + { "unixsam", pdb_init_unixsam }, { "plugin", pdb_init_plugin }, { NULL, NULL} }; static BOOL context_setsampwent(struct pdb_context *context, BOOL update) { - if ((!context) || (!context->pdb_selected)) { + if ((!context) || (!context->pdb_methods) || (!context->pdb_methods->setsampwent)) { DEBUG(0, ("invalid pdb_context specified!\n")); return False; } - - return context->pdb_selected->setsampwent(context, update); + + context->pwent_methods = context->pdb_methods; + + if (!context->pwent_methods) { + /* No passdbs at all */ + return True; + } + + while (!(context->pwent_methods->setsampwent(context->pwent_methods, update))) { + context->pwent_methods = context->pwent_methods->next; + if (context->pwent_methods == NULL) + return False; + } + return True; } static void context_endsampwent(struct pdb_context *context) { - if ((!context) || (!context->pdb_selected)) { + if ((!context)){ DEBUG(0, ("invalid pdb_context specified!\n")); return; } - - context->pdb_selected->endsampwent(context); + + if (context->pwent_methods && context->pwent_methods->endsampwent) + context->pwent_methods->endsampwent(context->pwent_methods); + + /* So we won't get strange data when calling getsampwent now */ + context->pwent_methods = NULL; } static BOOL context_getsampwent(struct pdb_context *context, SAM_ACCOUNT *user) { - if ((!context) || (!context->pdb_selected)) { + if ((!context) || (!context->pwent_methods)) { DEBUG(0, ("invalid pdb_context specified!\n")); return False; } + /* Loop until we find something useful */ + while ((!context->pwent_methods->getsampwent) || + context->pwent_methods->getsampwent(context->pwent_methods, user) == False){ + + if (context->pwent_methods->endsampwent) + context->pwent_methods->endsampwent(context->pwent_methods); + + context->pwent_methods = context->pwent_methods->next; + + /* All methods are checked now. There are no more entries */ + if (context->pwent_methods == NULL) + return False; - return context->pdb_selected->getsampwent(context, user); + if (!context->pwent_methods->setsampwent){ + DEBUG(5, ("next backend does not implment setsampwent\n")); + return False; + } + + context->pwent_methods->setsampwent(context->pwent_methods, False); + } + user->methods = context->pwent_methods; + return True; } static BOOL context_getsampwnam(struct pdb_context *context, SAM_ACCOUNT *sam_acct, const char *username) { - if ((!context) || (!context->pdb_selected)) { + struct pdb_methods *curmethods; + if ((!context)) { DEBUG(0, ("invalid pdb_context specified!\n")); return False; } - - return context->pdb_selected->getsampwnam(context, sam_acct, username); + curmethods = context->pdb_methods; + while (curmethods){ + if (curmethods->getsampwnam && curmethods->getsampwnam(curmethods, sam_acct, username) == True){ + sam_acct->methods = curmethods; + return True; + } + curmethods = curmethods->next; + } + + return False; } -static BOOL context_getsampwrid(struct pdb_context *context, SAM_ACCOUNT *sam_acct, uint32 rid) +static BOOL context_getsampwsid(struct pdb_context *context, SAM_ACCOUNT *sam_acct, DOM_SID *sid) { - if ((!context) || (!context->pdb_selected)) { + struct pdb_methods *curmethods; + if ((!context)) { DEBUG(0, ("invalid pdb_context specified!\n")); return False; } - return context->pdb_selected->getsampwrid(context, sam_acct, rid); + curmethods = context->pdb_methods; + + while (curmethods){ + if (curmethods->getsampwsid && curmethods->getsampwsid(curmethods, sam_acct, sid) == True){ + sam_acct->methods = curmethods; + return True; + } + curmethods = curmethods->next; + } + + return False; } static BOOL context_add_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct) { - if ((!context) || (!context->pdb_selected)) { + if ((!context) || (!context->pdb_methods) || (!context->pdb_methods->add_sam_account)) { DEBUG(0, ("invalid pdb_context specified!\n")); return False; } - + /** @todo This is where a 're-read on add' should be done */ - - return context->pdb_selected->add_sam_account(context, sam_acct); + /* We now add a new account to the first database listed. + * Should we? */ + + return context->pdb_methods->add_sam_account(context->pdb_methods, sam_acct); } static BOOL context_update_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct) { - if ((!context) || (!context->pdb_selected)) { + if (!context) { DEBUG(0, ("invalid pdb_context specified!\n")); return False; } - + + if (!sam_acct || !sam_acct->methods){ + DEBUG(0, ("invalid sam_acct specified\n")); + return False; + } + + if (!sam_acct->methods->update_sam_account){ + DEBUG(0, ("invalid sam_acct->methods\n")); + return False; + } + /** @todo This is where a 're-read on update' should be done */ - - return context->pdb_selected->update_sam_account(context, sam_acct); + + return sam_acct->methods->update_sam_account(sam_acct->methods, sam_acct); } static BOOL context_delete_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct) { - if ((!context) || (!context->pdb_selected)) { + struct pdb_methods *pdb_selected; + if (!context) { DEBUG(0, ("invalid pdb_context specified!\n")); return False; } + + if (!sam_acct->methods){ + pdb_selected = context->pdb_methods; + /* There's no passdb backend specified for this account. + * Try to delete it in every passdb available + * Needed to delete accounts in smbpasswd that are not + * in /etc/passwd. + */ + while (pdb_selected){ + if (pdb_selected->delete_sam_account && pdb_selected->delete_sam_account(pdb_selected, sam_acct)){ + return True; + } + pdb_selected = pdb_selected->next; + } + return False; + } + + if (!sam_acct->methods->delete_sam_account){ + DEBUG(0,("invalid sam_acct->methods->delete_sam_account\n")); + return False; + } - return context->pdb_selected->delete_sam_account(context, sam_acct); + return sam_acct->methods->delete_sam_account(sam_acct->methods, sam_acct); } +/****************************************************************** + Free and cleanup a pdb context, any associated data and anything + that the attached modules might have associated. + *******************************************************************/ + static void free_pdb_context(struct pdb_context **context) { - if (((*context)->pdb_selected) && ((*context)->pdb_selected->free_private_data)) { - (*context)->pdb_selected->free_private_data((*context)->pdb_selected->private_data); + struct pdb_methods *pdb_selected = (*context)->pdb_methods; + + while (pdb_selected){ + if (pdb_selected->free_private_data) { + pdb_selected->free_private_data(&(pdb_selected->private_data)); + } + pdb_selected = pdb_selected->next; } talloc_destroy((*context)->mem_ctx); @@ -132,13 +233,57 @@ static void free_pdb_context(struct pdb_context **context) } /****************************************************************** - Make a pdb_context from scratch. -*******************************************************************/ + Make a pdb_methods from scratch + *******************************************************************/ + +static NTSTATUS make_pdb_methods_name(struct pdb_methods **methods, struct pdb_context *context, const char *selected) +{ + char *module_name = smb_xstrdup(selected); + char *module_location = NULL, *p; + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + int i; + + p = strchr(module_name, ':'); + + if (p) { + *p = 0; + module_location = p+1; + trim_string(module_location, " ", " "); + } + + trim_string(module_name, " ", " "); + + DEBUG(5,("Attempting to find an passdb backend to match %s (%s)\n", selected, module_name)); + for (i = 0; builtin_pdb_init_functions[i].name; i++) + { + if (strequal(builtin_pdb_init_functions[i].name, module_name)) + { + DEBUG(5,("Found pdb backend %s (at pos %d)\n", module_name, i)); + nt_status = builtin_pdb_init_functions[i].init(context, methods, module_location); + if (NT_STATUS_IS_OK(nt_status)) { + DEBUG(5,("pdb backend %s has a valid init\n", selected)); + } else { + DEBUG(0,("pdb backend %s did not correctly init (error was %s)\n", selected, nt_errstr(nt_status))); + } + SAFE_FREE(module_name); + return nt_status; + break; /* unreached */ + } + } + + /* No such backend found */ + SAFE_FREE(module_name); + return NT_STATUS_INVALID_PARAMETER; +} + +/****************************************************************** + Make a pdb_context from scratch. + *******************************************************************/ static NTSTATUS make_pdb_context(struct pdb_context **context) { TALLOC_CTX *mem_ctx; - + mem_ctx = talloc_init_named("pdb_context internal allocation context"); if (!mem_ctx) { @@ -160,82 +305,60 @@ static NTSTATUS make_pdb_context(struct pdb_context **context) (*context)->pdb_endsampwent = context_endsampwent; (*context)->pdb_getsampwent = context_getsampwent; (*context)->pdb_getsampwnam = context_getsampwnam; - (*context)->pdb_getsampwrid = context_getsampwrid; + (*context)->pdb_getsampwsid = context_getsampwsid; (*context)->pdb_add_sam_account = context_add_sam_account; (*context)->pdb_update_sam_account = context_update_sam_account; (*context)->pdb_delete_sam_account = context_delete_sam_account; (*context)->free_fn = free_pdb_context; - + return NT_STATUS_OK; } /****************************************************************** - Make a pdb_context, given a text string. -*******************************************************************/ + Make a pdb_context, given an array of strings + *******************************************************************/ -NTSTATUS make_pdb_context_name(struct pdb_context **context, const char *selected) +NTSTATUS make_pdb_context_list(struct pdb_context **context, char **selected) { - /* HINT: Don't store 'selected' becouse its often an lp_ string and - will 'go away' */ + int i = 0; + struct pdb_methods *curmethods, *tmpmethods; NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - int i; - char *module_name = smb_xstrdup(selected); - char *module_location = NULL; - char *p; - p = strchr(module_name, ':'); - - if (p) { - *p = 0; - - module_location = p+1; - - trim_string(module_location, " ", " "); + if (!NT_STATUS_IS_OK(nt_status = make_pdb_context(context))) { + return nt_status; } - trim_string(module_name, " ", " "); - - if (!NT_STATUS_IS_OK(nt_status = make_pdb_context(context))) - goto done; - - DEBUG(5,("Attempting to find an passdb backend to match %s (%s)\n", - selected, module_name)); - - for (i = 0; builtin_pdb_init_functions[i].name; i++) { - if (strequal(builtin_pdb_init_functions[i].name, - module_name)) { - - DEBUG(5,("Found pdb backend %s (at pos %d)\n", - module_name, i)); - - if (NT_STATUS_IS_OK(nt_status = builtin_pdb_init_functions[i].init(*context, &(*context)->pdb_selected, module_location))) { - DEBUG(5,("pdb backend %s has a valid init\n", selected)); - } else { - DEBUG(0,("pdb backend %s did not correctly init (error was %s)\n", selected, nt_errstr(nt_status))); - (*context)->pdb_selected = NULL; - } - break; + while (selected[i]){ + /* Try to initialise pdb */ + DEBUG(5,("Trying to load: %s\n", selected[i])); + if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods_name(&curmethods, *context, selected[i]))) { + DEBUG(1, ("Loading %s failed!\n", selected[i])); + free_pdb_context(context); + return nt_status; } - } - - if (!(*context)->pdb_selected) { - DEBUG(0,("failed to select passdb backed!\n")); - talloc_destroy((*context)->mem_ctx); - *context = NULL; - goto done; + curmethods->parent = *context; + DLIST_ADD_END((*context)->pdb_methods, curmethods, tmpmethods); + i++; } - nt_status = NT_STATUS_OK; + return NT_STATUS_OK; +} - done: - SAFE_FREE(module_name); +/****************************************************************** + Make a pdb_context, given a text string. + *******************************************************************/ - return nt_status; +NTSTATUS make_pdb_context_string(struct pdb_context **context, const char *selected) +{ + NTSTATUS ret; + char **newsel = str_list_make(selected); + ret = make_pdb_context_list(context, newsel); + str_list_free(&newsel); + return ret; } - /****************************************************************** Return an already initialised pdb_context, to facilitate backward compatibility (see functions below). @@ -244,20 +367,20 @@ NTSTATUS make_pdb_context_name(struct pdb_context **context, const char *selecte static struct pdb_context *pdb_get_static_context(BOOL reload) { static struct pdb_context *pdb_context = NULL; - + if ((pdb_context) && (reload)) { pdb_context->free_fn(&pdb_context); - if (!NT_STATUS_IS_OK(make_pdb_context_name(&pdb_context, lp_passdb_backend()))) { + if (!NT_STATUS_IS_OK(make_pdb_context_list(&pdb_context, lp_passdb_backend()))) { return NULL; } } - + if (!pdb_context) { - if (!NT_STATUS_IS_OK(make_pdb_context_name(&pdb_context, lp_passdb_backend()))) { + if (!NT_STATUS_IS_OK(make_pdb_context_list(&pdb_context, lp_passdb_backend()))) { return NULL; } } - + return pdb_context; } @@ -311,7 +434,7 @@ BOOL pdb_getsampwnam(SAM_ACCOUNT *sam_acct, const char *username) return pdb_context->pdb_getsampwnam(pdb_context, sam_acct, username); } -BOOL pdb_getsampwrid(SAM_ACCOUNT *sam_acct, uint32 rid) +BOOL pdb_getsampwsid(SAM_ACCOUNT *sam_acct, DOM_SID *sid) { struct pdb_context *pdb_context = pdb_get_static_context(False); @@ -319,7 +442,7 @@ BOOL pdb_getsampwrid(SAM_ACCOUNT *sam_acct, uint32 rid) return False; } - return pdb_context->pdb_getsampwrid(pdb_context, sam_acct, rid); + return pdb_context->pdb_getsampwsid(pdb_context, sam_acct, sid); } BOOL pdb_add_sam_account(SAM_ACCOUNT *sam_acct) @@ -347,21 +470,21 @@ BOOL pdb_update_sam_account(SAM_ACCOUNT *sam_acct) BOOL pdb_delete_sam_account(SAM_ACCOUNT *sam_acct) { struct pdb_context *pdb_context = pdb_get_static_context(False); - + if (!pdb_context) { return False; } - + return pdb_context->pdb_delete_sam_account(pdb_context, sam_acct); } #endif /* !defined(WITH_NISPLUS_SAM) */ /*************************************************************** - Initialize the static context (at smbd startup etc). + Initialize the static context (at smbd startup etc). - If uninitialised, context will auto-init on first use. -***************************************************************/ + If uninitialised, context will auto-init on first use. + ***************************************************************/ BOOL initialize_password_db(BOOL reload) { @@ -381,11 +504,3 @@ NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods) return NT_STATUS_OK; } - - - - - - - - diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 02bb43b7ffe..24eb7b9dc1f 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -24,7 +24,10 @@ #include "includes.h" -#ifdef WITH_LDAP_SAM +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_PASSDB + +#ifdef HAVE_LDAP /* TODO: * persistent connections: if using NSS LDAP, many connections are made * however, using only one within Samba would be nice @@ -71,56 +74,78 @@ struct ldapsam_privates { static uint32 ldapsam_get_next_available_nua_rid(struct ldapsam_privates *ldap_state); -/******************************************************************* - Converts NT user RID to a UNIX uid. - ********************************************************************/ - -static uid_t pdb_user_rid_to_uid(uint32 user_rid) -{ - return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER); -} - -/******************************************************************* - converts UNIX uid to an NT User RID. - ********************************************************************/ - -static uint32 pdb_uid_to_user_rid(uid_t uid) -{ - return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE); -} - /******************************************************************* find the ldap password ******************************************************************/ -static BOOL fetch_ldapsam_pw(char *dn, char* pw, int len) +static BOOL fetch_ldapsam_pw(char **dn, char** pw) { - fstring key; - char *p; - void *data = NULL; + char *key = NULL; size_t size; - pstrcpy(key, dn); - for (p=key; *p; p++) - if (*p == ',') *p = '/'; + *dn = smb_xstrdup(lp_ldap_admin_dn()); - data=secrets_fetch(key, &size); - if (!size) { - DEBUG(0,("fetch_ldap_pw: no ldap secret retrieved!\n")); - return False; + if (asprintf(&key, "%s/%s", SECRETS_LDAP_BIND_PW, *dn) < 0) { + SAFE_FREE(*dn); + DEBUG(0, ("fetch_ldapsam_pw: asprintf failed!\n")); } - if (size > len-1) - { - DEBUG(0,("fetch_ldap_pw: ldap secret is too long (%d > %d)!\n", size, len-1)); - return False; - } + *pw=secrets_fetch(key, &size); + if (!size) { + /* Upgrade 2.2 style entry */ + char *p; + char* old_style_key = strdup(*dn); + char *data; + fstring old_style_pw; + + if (!old_style_key) { + DEBUG(0, ("fetch_ldapsam_pw: strdup failed!\n")); + return False; + } - memcpy(pw, data, size); - pw[size] = '\0'; + for (p=old_style_key; *p; p++) + if (*p == ',') *p = '/'; + + data=secrets_fetch(old_style_key, &size); + if (!size && size < sizeof(old_style_pw)) { + DEBUG(0,("fetch_ldap_pw: neither ldap secret retrieved!\n")); + SAFE_FREE(old_style_key); + SAFE_FREE(*dn); + return False; + } + + strncpy(old_style_pw, data, size); + old_style_pw[size] = 0; + + SAFE_FREE(data); + + if (!secrets_store_ldap_pw(*dn, old_style_pw)) { + DEBUG(0,("fetch_ldap_pw: ldap secret could not be upgraded!\n")); + SAFE_FREE(old_style_key); + SAFE_FREE(*dn); + return False; + } + if (!secrets_delete(old_style_key)) { + DEBUG(0,("fetch_ldap_pw: old ldap secret could not be deleted!\n")); + } + + SAFE_FREE(old_style_key); + + *pw = smb_xstrdup(old_style_pw); + } return True; } +static const char *attr[] = {"uid", "pwdLastSet", "logonTime", + "logoffTime", "kickoffTime", "cn", + "pwdCanChange", "pwdMustChange", + "displayName", "homeDrive", + "smbHome", "scriptPath", + "profilePath", "description", + "userWorkstations", "rid", + "primaryGroupID", "lmPassword", + "ntPassword", "acctFlags", + "domain", "description", NULL }; /******************************************************************* open a connection to the ldap server. @@ -225,20 +250,57 @@ static BOOL ldapsam_open_connection (struct ldapsam_privates *ldap_state, LDAP * return True; } + +/******************************************************************* + Add a rebind function for authenticated referrals +******************************************************************/ + +static int rebindproc (LDAP *ldap_struct, char **whop, char **credp, + int *method, int freeit ) +{ + int rc; + char *ldap_dn; + char *ldap_secret; + + /** @TODO Should we be doing something to check what servers we rebind to? + Could we get a referral to a machine that we don't want to give our + username and password to? */ + + if (freeit != 0) + { + + if (!fetch_ldapsam_pw(&ldap_dn, &ldap_secret)) + { + DEBUG(0, ("ldap_connect_system: Failed to retrieve password from secrets.tdb\n")); + return LDAP_OPERATIONS_ERROR; /* No idea what to return */ + } + + DEBUG(5,("ldap_connect_system: Rebinding as \"%s\"\n", + ldap_dn)); + + rc = ldap_simple_bind_s(ldap_struct, ldap_dn, ldap_secret); + + SAFE_FREE(ldap_dn); + SAFE_FREE(ldap_secret); + + return rc; + } + return 0; +} + /******************************************************************* connect to the ldap server under system privilege. ******************************************************************/ static BOOL ldapsam_connect_system(struct ldapsam_privates *ldap_state, LDAP * ldap_struct) { int rc; - static BOOL got_pw = False; - static pstring ldap_secret; + char *ldap_dn; + char *ldap_secret; - /* get the password if we don't have it already */ - if (!got_pw && !(got_pw=fetch_ldapsam_pw(lp_ldap_admin_dn(), ldap_secret, sizeof(pstring)))) + /* get the password */ + if (!fetch_ldapsam_pw(&ldap_dn, &ldap_secret)) { - DEBUG(0, ("ldap_connect_system: Failed to retrieve password for %s from secrets.tdb\n", - lp_ldap_admin_dn())); + DEBUG(0, ("ldap_connect_system: Failed to retrieve password from secrets.tdb\n")); return False; } @@ -246,10 +308,16 @@ static BOOL ldapsam_connect_system(struct ldapsam_privates *ldap_state, LDAP * l (OpenLDAP) doesnt' seem to support it */ DEBUG(10,("ldap_connect_system: Binding to ldap server as \"%s\"\n", - lp_ldap_admin_dn())); - - if ((rc = ldap_simple_bind_s(ldap_struct, lp_ldap_admin_dn(), - ldap_secret)) != LDAP_SUCCESS) + ldap_dn)); + + ldap_set_rebind_proc(ldap_struct, (LDAP_REBIND_PROC *)(&rebindproc)); + + rc = ldap_simple_bind_s(ldap_struct, ldap_dn, ldap_secret); + + SAFE_FREE(ldap_dn); + SAFE_FREE(ldap_secret); + + if (rc != LDAP_SUCCESS) { DEBUG(0, ("Bind failed: %s\n", ldap_err2string(rc))); return False; @@ -269,7 +337,7 @@ static int ldapsam_search_one_user (struct ldapsam_privates *ldap_state, LDAP * DEBUG(2, ("ldapsam_search_one_user: searching for:[%s]\n", filter)); - rc = ldap_search_s(ldap_struct, lp_ldap_suffix (), scope, filter, NULL, 0, result); + rc = ldap_search_s(ldap_struct, lp_ldap_suffix (), scope, filter, attr, 0, result); if (rc != LDAP_SUCCESS) { DEBUG(0,("ldapsam_search_one_user: Problem during the LDAP search: %s\n", @@ -347,7 +415,7 @@ static int ldapsam_search_one_user_by_rid (struct ldapsam_privates *ldap_state, if (rc != LDAP_SUCCESS) rc = ldapsam_search_one_user_by_uid(ldap_state, ldap_struct, - pdb_user_rid_to_uid(rid), + fallback_pdb_user_rid_to_uid(rid), result); return rc; @@ -357,7 +425,7 @@ static int ldapsam_search_one_user_by_rid (struct ldapsam_privates *ldap_state, search an attribute and return the first value found. ******************************************************************/ static BOOL get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry, - char *attribute, char *value) + char *attribute, pstring value) { char **values; @@ -521,10 +589,14 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, get_single_attribute(ldap_struct, entry, "rid", temp); user_rid = (uint32)atol(temp); + + pdb_set_user_sid_from_rid(sampass, user_rid); + if (!get_single_attribute(ldap_struct, entry, "primaryGroupID", temp)) { group_rid = 0; } else { group_rid = (uint32)atol(temp); + pdb_set_group_sid_from_rid(sampass, group_rid); } if ((ldap_state->permit_non_unix_accounts) @@ -539,12 +611,14 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, pw = getpwnam_alloc(username); if (pw == NULL) { - DEBUG (2,("init_sam_from_ldap: User [%s] does not ave a uid!\n", username)); + DEBUG (2,("init_sam_from_ldap: User [%s] does not exist via system getpwnam!\n", username)); return False; } uid = pw->pw_uid; gid = pw->pw_gid; + pdb_set_unix_homedir(sampass, pw->pw_dir); + passwd_free(&pw); pdb_set_uid(sampass, uid); @@ -554,10 +628,10 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, GROUP_MAP map; /* call the mapping code here */ if(get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) { - sid_peek_rid(&map.sid, &group_rid); + pdb_set_group_sid(sampass, &map.sid); } else { - group_rid=pdb_gid_to_group_rid(gid); + pdb_set_group_sid_from_rid(sampass, pdb_gid_to_group_rid(gid)); } } } @@ -621,37 +695,41 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, } if (!get_single_attribute(ldap_struct, entry, "homeDrive", dir_drive)) { - pstrcpy(dir_drive, lp_logon_drive()); - standard_sub_advanced(-1, username, "", gid, username, dir_drive); - DEBUG(5,("homeDrive fell back to %s\n",dir_drive)); - pdb_set_dir_drive(sampass, dir_drive, False); + pdb_set_dir_drive(sampass, talloc_sub_specified(sampass->mem_ctx, + lp_logon_drive(), + username, domain, + uid, gid), + False); } else { pdb_set_dir_drive(sampass, dir_drive, True); } if (!get_single_attribute(ldap_struct, entry, "smbHome", homedir)) { - pstrcpy(homedir, lp_logon_home()); - standard_sub_advanced(-1, username, "", gid, username, homedir); - DEBUG(5,("smbHome fell back to %s\n",homedir)); - pdb_set_homedir(sampass, homedir, False); + pdb_set_homedir(sampass, talloc_sub_specified(sampass->mem_ctx, + lp_logon_home(), + username, domain, + uid, gid), + False); } else { pdb_set_homedir(sampass, homedir, True); } if (!get_single_attribute(ldap_struct, entry, "scriptPath", logon_script)) { - pstrcpy(logon_script, lp_logon_script()); - standard_sub_advanced(-1, username, "", gid, username, logon_script); - DEBUG(5,("scriptPath fell back to %s\n",logon_script)); - pdb_set_logon_script(sampass, logon_script, False); + pdb_set_logon_script(sampass, talloc_sub_specified(sampass->mem_ctx, + lp_logon_script(), + username, domain, + uid, gid), + False); } else { pdb_set_logon_script(sampass, logon_script, True); } if (!get_single_attribute(ldap_struct, entry, "profilePath", profile_path)) { - pstrcpy(profile_path, lp_logon_path()); - standard_sub_advanced(-1, username, "", gid, username, profile_path); - DEBUG(5,("profilePath fell back to %s\n",profile_path)); - pdb_set_profile_path(sampass, profile_path, False); + pdb_set_profile_path(sampass, talloc_sub_specified(sampass->mem_ctx, + lp_logon_path(), + username, domain, + uid, gid), + False); } else { pdb_set_profile_path(sampass, profile_path, True); } @@ -706,9 +784,6 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, pdb_set_hours_len(sampass, hours_len); pdb_set_logon_divs(sampass, logon_divs); - pdb_set_user_rid(sampass, user_rid); - pdb_set_group_rid(sampass, group_rid); - pdb_set_username(sampass, username); pdb_set_domain(sampass, domain); @@ -754,7 +829,7 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state, if ( pdb_get_user_rid(sampass) ) { rid = pdb_get_user_rid(sampass); } else if (IS_SAM_SET(sampass, FLAG_SAM_UID)) { - rid = pdb_uid_to_user_rid(pdb_get_uid(sampass)); + rid = fallback_pdb_uid_to_user_rid(pdb_get_uid(sampass)); } else if (ldap_state->permit_non_unix_accounts) { rid = ldapsam_get_next_available_nua_rid(ldap_state); if (rid == 0) { @@ -932,7 +1007,7 @@ static uint32 search_top_nua_rid(struct ldapsam_privates *ldap_state, LDAP *ldap DEBUG(2, ("ldapsam_get_next_available_nua_rid: searching for:[%s]\n", final_filter)); rc = ldap_search_s(ldap_struct, lp_ldap_suffix(), - LDAP_SCOPE_SUBTREE, final_filter, NULL, 0, + LDAP_SCOPE_SUBTREE, final_filter, attr, 0, &result); if (rc != LDAP_SUCCESS) @@ -973,6 +1048,10 @@ static uint32 search_top_nua_rid(struct ldapsam_privates *ldap_state, LDAP *ldap } ldap_msgfree(result); + + if (top_rid < ldap_state->low_nua_rid) + top_rid = ldap_state->low_nua_rid; + return top_rid; } @@ -1006,9 +1085,9 @@ static uint32 ldapsam_get_next_available_nua_rid(struct ldapsam_privates *ldap_s /********************************************************************** Connect to LDAP server for password enumeration *********************************************************************/ -static BOOL ldapsam_setsampwent(struct pdb_context *context, BOOL update) +static BOOL ldapsam_setsampwent(struct pdb_methods *my_methods, BOOL update) { - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)context->pdb_selected->private_data; + struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; int rc; pstring filter; @@ -1026,7 +1105,7 @@ static BOOL ldapsam_setsampwent(struct pdb_context *context, BOOL update) all_string_sub(filter, "%u", "*", sizeof(pstring)); rc = ldap_search_s(ldap_state->ldap_struct, lp_ldap_suffix(), - LDAP_SCOPE_SUBTREE, filter, NULL, 0, + LDAP_SCOPE_SUBTREE, filter, attr, 0, &ldap_state->result); if (rc != LDAP_SUCCESS) @@ -1054,9 +1133,9 @@ static BOOL ldapsam_setsampwent(struct pdb_context *context, BOOL update) /********************************************************************** End enumeration of the LDAP password list *********************************************************************/ -static void ldapsam_endsampwent(struct pdb_context *context) +static void ldapsam_endsampwent(struct pdb_methods *my_methods) { - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)context->pdb_selected->private_data; + struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; if (ldap_state->ldap_struct && ldap_state->result) { ldap_msgfree(ldap_state->result); @@ -1069,9 +1148,9 @@ static void ldapsam_endsampwent(struct pdb_context *context) /********************************************************************** Get the next entry in the LDAP password database *********************************************************************/ -static BOOL ldapsam_getsampwent(struct pdb_context *context, SAM_ACCOUNT * user) +static BOOL ldapsam_getsampwent(struct pdb_methods *my_methods, SAM_ACCOUNT * user) { - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)context->pdb_selected->private_data; + struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; BOOL ret = False; while (!ret) { @@ -1093,9 +1172,9 @@ static BOOL ldapsam_getsampwent(struct pdb_context *context, SAM_ACCOUNT * user) /********************************************************************** Get SAM_ACCOUNT entry from LDAP by username *********************************************************************/ -static BOOL ldapsam_getsampwnam(struct pdb_context *context, SAM_ACCOUNT * user, const char *sname) +static BOOL ldapsam_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const char *sname) { - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)context->pdb_selected->private_data; + struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; LDAP *ldap_struct; LDAPMessage *result; LDAPMessage *entry; @@ -1144,9 +1223,9 @@ static BOOL ldapsam_getsampwnam(struct pdb_context *context, SAM_ACCOUNT * user, /********************************************************************** Get SAM_ACCOUNT entry from LDAP by rid *********************************************************************/ -static BOOL ldapsam_getsampwrid(struct pdb_context *context, SAM_ACCOUNT * user, uint32 rid) +static BOOL ldapsam_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, uint32 rid) { - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)context->pdb_selected->private_data; + struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; LDAP *ldap_struct; LDAPMessage *result; LDAPMessage *entry; @@ -1196,12 +1275,20 @@ static BOOL ldapsam_getsampwrid(struct pdb_context *context, SAM_ACCOUNT * user, } } +static BOOL ldapsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid) +{ + uint32 rid; + if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) + return False; + return ldapsam_getsampwrid(my_methods, user, rid); +} + /********************************************************************** Delete entry from LDAP for username *********************************************************************/ -static BOOL ldapsam_delete_sam_account(struct pdb_context *context, const SAM_ACCOUNT * sam_acct) +static BOOL ldapsam_delete_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT * sam_acct) { - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)context->pdb_selected->private_data; + struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; const char *sname; int rc; char *dn; @@ -1259,9 +1346,9 @@ static BOOL ldapsam_delete_sam_account(struct pdb_context *context, const SAM_AC /********************************************************************** Update SAM_ACCOUNT *********************************************************************/ -static BOOL ldapsam_update_sam_account(struct pdb_context *context, const SAM_ACCOUNT * newpwd) +static BOOL ldapsam_update_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT * newpwd) { - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)context->pdb_selected->private_data; + struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; int rc; char *dn; LDAP *ldap_struct; @@ -1326,9 +1413,9 @@ static BOOL ldapsam_update_sam_account(struct pdb_context *context, const SAM_AC /********************************************************************** Add SAM_ACCOUNT to LDAP *********************************************************************/ -static BOOL ldapsam_add_sam_account(struct pdb_context *context, const SAM_ACCOUNT * newpwd) +static BOOL ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT * newpwd) { - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)context->pdb_selected->private_data; + struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; int rc; pstring filter; LDAP *ldap_struct = NULL; @@ -1463,7 +1550,7 @@ NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, co (*pdb_method)->endsampwent = ldapsam_endsampwent; (*pdb_method)->getsampwent = ldapsam_getsampwent; (*pdb_method)->getsampwnam = ldapsam_getsampwnam; - (*pdb_method)->getsampwrid = ldapsam_getsampwrid; + (*pdb_method)->getsampwsid = ldapsam_getsampwsid; (*pdb_method)->add_sam_account = ldapsam_add_sam_account; (*pdb_method)->update_sam_account = ldapsam_update_sam_account; (*pdb_method)->delete_sam_account = ldapsam_delete_sam_account; @@ -1511,9 +1598,9 @@ NTSTATUS pdb_init_ldapsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method return NT_STATUS_UNSUCCESSFUL; } - ldap_state->low_nua_rid=pdb_uid_to_user_rid(low_nua_uid); + ldap_state->low_nua_rid=fallback_pdb_uid_to_user_rid(low_nua_uid); - ldap_state->high_nua_rid=pdb_uid_to_user_rid(high_nua_uid); + ldap_state->high_nua_rid=fallback_pdb_uid_to_user_rid(high_nua_uid); return NT_STATUS_OK; } @@ -1523,13 +1610,13 @@ NTSTATUS pdb_init_ldapsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) { - DEBUG(0, ("ldapsam not compiled in!\n")); + DEBUG(0, ("ldap not detected at configure time, ldapsam not availalble!\n")); return NT_STATUS_UNSUCCESSFUL; } NTSTATUS pdb_init_ldapsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) { - DEBUG(0, ("ldapsam_nua not compiled in!\n")); + DEBUG(0, ("ldap not dectected at configure time, ldapsam_nua not available!\n")); return NT_STATUS_UNSUCCESSFUL; } diff --git a/source3/passdb/pdb_nisplus.c b/source3/passdb/pdb_nisplus.c index 145e1d4f0c8..9c5b2e1171b 100644 --- a/source3/passdb/pdb_nisplus.c +++ b/source3/passdb/pdb_nisplus.c @@ -56,7 +56,7 @@ struct nisp_enum_info }; static struct nisp_enum_info global_nisp_ent; -static VOLATILE sig_atomic_t gotalarm; +static SIG_ATOMIC_T gotalarm; /*************************************************************** @@ -339,8 +339,8 @@ static BOOL make_sam_from_nisp_object(SAM_ACCOUNT *pw_buf, const nis_object *obj pdb_set_uid(pw_buf, atoi(ENTRY_VAL(obj, NPF_UID))); pdb_set_gid(pw_buf, atoi(ENTRY_VAL(obj, NPF_SMB_GRPID))); - pdb_set_user_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_USER_RID))); - pdb_set_group_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_GROUP_RID))); + pdb_set_user_sid_from_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_USER_RID))); + pdb_set_group_sid_from_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_GROUP_RID))); /* values, must exist for user */ if( !(pdb_get_acct_ctrl(pw_buf) & ACB_WSTRUST) ) { @@ -381,7 +381,7 @@ static BOOL make_sam_from_nisp_object(SAM_ACCOUNT *pw_buf, const nis_object *obj else { /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */ - pdb_set_group_rid (pw_buf, DOMAIN_GROUP_RID_USERS); + pdb_set_group_sid_from_rid (pw_buf, DOMAIN_GROUP_RID_USERS); } /* Check the lanman password column. */ @@ -538,7 +538,8 @@ static BOOL init_nisp_from_sam(nis_object *obj, const SAM_ACCOUNT *sampass, if (rid==0) { if (get_group_map_from_gid(pdb_get_gid(sampass), &map, MAPPING_WITHOUT_PRIV)) { - sid_peek_rid(&map.sid, &rid); + if (!sid_peek_check_rid(get_global_sam_sid(), &map.sid, &rid)) + return False; } else rid=pdb_gid_to_group_rid(pdb_get_gid(sampass)); } @@ -1030,7 +1031,16 @@ BOOL pdb_getsampwnam(SAM_ACCOUNT * user, const char *sname) /************************************************************************* Routine to search the nisplus passwd file for an entry matching the username *************************************************************************/ -BOOL pdb_getsampwrid(SAM_ACCOUNT * user, uint32 rid) + +BOOL pdb_getsampwsid(SAM_ACCOUNT * user, DOM_SID *sid) +{ + uint32 rid; + if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) + return False; + return pdb_getsampwrid(user, rid); +} + +static BOOL pdb_getsampwrid(SAM_ACCOUNT * user, uint32 rid) { nis_result *result; char *nisname; diff --git a/source3/passdb/pdb_plugin.c b/source3/passdb/pdb_plugin.c index 1de61abd5f1..1a246631fe7 100644 --- a/source3/passdb/pdb_plugin.c +++ b/source3/passdb/pdb_plugin.c @@ -21,11 +21,15 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_PASSDB + NTSTATUS pdb_init_plugin(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) { void * dl_handle; char *plugin_location, *plugin_name, *p; pdb_init_function plugin_init; + int (*plugin_version)(void); if (location == NULL) { DEBUG(0, ("The plugin module needs an argument!\n")); @@ -48,8 +52,23 @@ NTSTATUS pdb_init_plugin(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con return NT_STATUS_UNSUCCESSFUL; } + plugin_version = sys_dlsym(dl_handle, "pdb_version"); + if (!plugin_version) { + sys_dlclose(dl_handle); + DEBUG(0, ("Failed to find function 'pdb_version' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror())); + return NT_STATUS_UNSUCCESSFUL; + } + + if (plugin_version()!=PASSDB_INTERFACE_VERSION) { + sys_dlclose(dl_handle); + DEBUG(0, ("Wrong PASSDB_INTERFACE_VERSION! sam plugin has version %d and version %d is needed! Please update!\n", + plugin_version(),PASSDB_INTERFACE_VERSION)); + return NT_STATUS_UNSUCCESSFUL; + } + plugin_init = sys_dlsym(dl_handle, "pdb_init"); - if (!plugin_init){ + if (!plugin_init) { + sys_dlclose(dl_handle); DEBUG(0, ("Failed to find function 'pdb_init' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror())); return NT_STATUS_UNSUCCESSFUL; } diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index 89a4217c3b1..8c7ba364b8a 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -23,6 +23,8 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_PASSDB /* smb_passwd is analogous to sam_passwd used everywhere @@ -69,24 +71,6 @@ struct smbpasswd_privates enum pwf_access_type { PWF_READ, PWF_UPDATE, PWF_CREATE }; -/******************************************************************* - Converts NT user RID to a UNIX uid. - ********************************************************************/ - -static uid_t pdb_user_rid_to_uid(uint32 user_rid) -{ - return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER); -} - -/******************************************************************* - converts UNIX uid to an NT User RID. - ********************************************************************/ - -static uint32 pdb_uid_to_user_rid(uid_t uid) -{ - return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE); -} - /*************************************************************** Lock an fd. Abandon after waitsecs seconds. ****************************************************************/ @@ -117,6 +101,10 @@ static BOOL pw_file_unlock(int fd, int *plock_depth) { BOOL ret=True; + if (fd == 0 || *plock_depth == 0) { + return True; + } + if(*plock_depth == 1) ret = do_file_lock(fd, 5, F_UNLCK); @@ -198,7 +186,7 @@ static FILE *startsmbfilepwent(const char *pfile, enum pwf_access_type type, int DEBUG(10, ("startsmbfilepwent_internal: opening file %s\n", pfile)); if((fp = sys_fopen(pfile, open_mode)) == NULL) { - DEBUG(2, ("startsmbfilepwent_internal: unable to open file %s. Error was %s\n", pfile, strerror(errno) )); + DEBUG(0, ("startsmbfilepwent_internal: unable to open file %s. Error was %s\n", pfile, strerror(errno) )); return NULL; } @@ -280,10 +268,13 @@ Error was %s\n.", pfile, strerror(errno) )); ****************************************************************/ static void endsmbfilepwent(FILE *fp, int *lock_depth) { + if (!fp) { + return; + } - pw_file_unlock(fileno(fp), lock_depth); - fclose(fp); - DEBUG(7, ("endsmbfilepwent_internal: closed password file.\n")); + pw_file_unlock(fileno(fp), lock_depth); + fclose(fp); + DEBUG(7, ("endsmbfilepwent_internal: closed password file.\n")); } /************************************************************************* @@ -375,6 +366,8 @@ static struct smb_passwd *getsmbfilepwent(struct smbpasswd_privates *smbpasswd_s * As 256 is shorter than a pstring we don't need to check * length here - if this ever changes.... */ + SMB_ASSERT(sizeof(pstring) > sizeof(linebuf)); + strncpy(user_name, linebuf, PTR_DIFF(p, linebuf)); user_name[PTR_DIFF(p, linebuf)] = '\0'; @@ -414,15 +407,6 @@ static struct smb_passwd *getsmbfilepwent(struct smbpasswd_privates *smbpasswd_s /* Skip the ':' */ p++; - if (*p == '*' || *p == 'X') { - /* Password deliberately invalid - end here. */ - DEBUG(10, ("getsmbfilepwent: entry invalidated for user %s\n", user_name)); - pw_buf->smb_nt_passwd = NULL; - pw_buf->smb_passwd = NULL; - pw_buf->acct_ctrl |= ACB_DISABLED; - return pw_buf; - } - if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) { DEBUG(0, ("getsmbfilepwent: malformed password entry (passwd too short)\n")); continue; @@ -437,11 +421,16 @@ static struct smb_passwd *getsmbfilepwent(struct smbpasswd_privates *smbpasswd_s pw_buf->smb_passwd = NULL; pw_buf->acct_ctrl |= ACB_PWNOTREQ; } else { - if (!pdb_gethexpwd((char *)p, smbpwd)) { - DEBUG(0, ("getsmbfilepwent: Malformed Lanman password entry (non hex chars)\n")); - continue; - } - pw_buf->smb_passwd = smbpwd; + if (*p == '*' || *p == 'X') { + /* NULL LM password */ + pw_buf->smb_passwd = NULL; + DEBUG(10, ("getsmbfilepwent: LM password for user %s invalidated\n", user_name)); + } else if (pdb_gethexpwd((char *)p, smbpwd)) { + pw_buf->smb_passwd = smbpwd; + } else { + pw_buf->smb_passwd = NULL; + DEBUG(0, ("getsmbfilepwent: Malformed Lanman password entry (non hex chars)\n")); + } } /* @@ -524,7 +513,6 @@ static char *format_new_smbpasswd_entry(const struct smb_passwd *newpwd) int new_entry_length; char *new_entry; char *p; - int i; new_entry_length = strlen(newpwd->smb_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2; @@ -534,38 +522,16 @@ static char *format_new_smbpasswd_entry(const struct smb_passwd *newpwd) } slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->smb_name, (unsigned)newpwd->smb_userid); - p = &new_entry[strlen(new_entry)]; - if(newpwd->smb_passwd != NULL) { - for( i = 0; i < 16; i++) { - slprintf((char *)&p[i*2], new_entry_length - (p - new_entry) - 1, "%02X", newpwd->smb_passwd[i]); - } - } else { - i=0; - if(newpwd->acct_ctrl & ACB_PWNOTREQ) - safe_strcpy((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry)); - else - safe_strcpy((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry)); - } + p = new_entry+strlen(new_entry); - p += 32; + pdb_sethexpwd(p, newpwd->smb_passwd, newpwd->acct_ctrl); - *p++ = ':'; + p+=strlen(p); *p = ':'; p++; - if(newpwd->smb_nt_passwd != NULL) { - for( i = 0; i < 16; i++) { - slprintf((char *)&p[i*2], new_entry_length - 1 - (p - new_entry), "%02X", newpwd->smb_nt_passwd[i]); - } - } else { - if(newpwd->acct_ctrl & ACB_PWNOTREQ) - safe_strcpy((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry)); - else - safe_strcpy((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry)); - } + pdb_sethexpwd(p, newpwd->smb_nt_passwd, newpwd->acct_ctrl); - p += 32; - - *p++ = ':'; + p+=strlen(p); *p = ':'; p++; /* Add the account encoding and the last change time. */ slprintf((char *)p, new_entry_length - 1 - (p - new_entry), "%s:LCT-%08X:\n", @@ -712,7 +678,7 @@ Error was %s. Password file may be corrupt ! Please examine by hand !\n", static BOOL mod_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, const struct smb_passwd* pwd) { /* Static buffers we will return. */ - char * user_name = smbpasswd_state->user_name; + pstring user_name; char linebuf[256]; char readbuf[1024]; @@ -830,6 +796,9 @@ static BOOL mod_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, con * As 256 is shorter than a pstring we don't need to check * length here - if this ever changes.... */ + + SMB_ASSERT(sizeof(user_name) > sizeof(linebuf)); + strncpy(user_name, linebuf, PTR_DIFF(p, linebuf)); user_name[PTR_DIFF(p, linebuf)] = '\0'; if (strequal(user_name, pwd->smb_name)) { @@ -841,6 +810,9 @@ static BOOL mod_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, con if (!found_entry) { pw_file_unlock(lockfd, &(smbpasswd_state->pw_file_lock_depth)); fclose(fp); + + DEBUG(2, ("Cannot update entry for user %s, as they don't exist in the smbpasswd file!\n", + pwd->smb_name)); return False; } @@ -967,30 +939,12 @@ static BOOL mod_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, con /* Entry is correctly formed. */ /* Create the 32 byte representation of the new p16 */ - if(pwd->smb_passwd != NULL) { - for (i = 0; i < 16; i++) { - slprintf(&ascii_p16[i*2], sizeof(fstring) - 1, "%02X", (uchar) pwd->smb_passwd[i]); - } - } else { - if(pwd->acct_ctrl & ACB_PWNOTREQ) - fstrcpy(ascii_p16, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX"); - else - fstrcpy(ascii_p16, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"); - } + pdb_sethexpwd(ascii_p16, pwd->smb_passwd, pwd->acct_ctrl); /* Add on the NT md4 hash */ ascii_p16[32] = ':'; wr_len = 66; - if (pwd->smb_nt_passwd != NULL) { - for (i = 0; i < 16; i++) { - slprintf(&ascii_p16[(i*2)+33], sizeof(fstring) - 1, "%02X", (uchar) pwd->smb_nt_passwd[i]); - } - } else { - if(pwd->acct_ctrl & ACB_PWNOTREQ) - fstrcpy(&ascii_p16[33], "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX"); - else - fstrcpy(&ascii_p16[33], "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"); - } + pdb_sethexpwd(ascii_p16+33, pwd->smb_nt_passwd, pwd->acct_ctrl); ascii_p16[65] = ':'; ascii_p16[66] = '\0'; /* null-terminate the string so that strlen works */ @@ -1184,18 +1138,18 @@ static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampas if (sampass == NULL) return False; - ZERO_STRUCTP(smb_pw); + ZERO_STRUCTP(smb_pw); if (!IS_SAM_UNIX_USER(sampass)) { smb_pw->smb_userid_set = False; - DEBUG(5,("build_sam_pass: storing user without a UNIX uid or gid. \n")); + DEBUG(5,("build_smb_pass: storing user without a UNIX uid or gid. \n")); } else { uint32 rid = pdb_get_user_rid(sampass); smb_pw->smb_userid_set = True; uid = pdb_get_uid(sampass); /* If the user specified a RID, make sure its able to be both stored and retreived */ - if (rid && uid != pdb_user_rid_to_uid(rid)) { + if (rid && uid != fallback_pdb_user_rid_to_uid(rid)) { DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n")); return False; } @@ -1236,7 +1190,8 @@ static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampas /********************************************************************* Create a SAM_ACCOUNT from a smb_passwd struct ********************************************************************/ -static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state, SAM_ACCOUNT *sam_pass, const struct smb_passwd *pw_buf) +static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state, + SAM_ACCOUNT *sam_pass, const struct smb_passwd *pw_buf) { struct passwd *pwfile; @@ -1249,84 +1204,37 @@ static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state, SAM_AC && (pw_buf->smb_userid >= smbpasswd_state->low_nua_userid) && (pw_buf->smb_userid <= smbpasswd_state->high_nua_userid)) { - pdb_set_user_rid(sam_pass, pdb_uid_to_user_rid (pw_buf->smb_userid)); + pdb_set_user_sid_from_rid(sam_pass, fallback_pdb_uid_to_user_rid (pw_buf->smb_userid)); /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. This was down the bottom for machines, but it looks pretty good as a general default for non-unix users. --abartlet 2002-01-08 */ - pdb_set_group_rid (sam_pass, DOMAIN_GROUP_RID_USERS); - + pdb_set_group_sid_from_rid (sam_pass, DOMAIN_GROUP_RID_USERS); + pdb_set_username (sam_pass, pw_buf->smb_name); + pdb_set_domain (sam_pass, lp_workgroup()); } else { - uint32 grid; - GROUP_MAP map; - - /* Verify in system password file... - FIXME!!! This is where we should look up an internal - mapping of allocated uid for machine accounts as well - --jerry */ pwfile = getpwnam_alloc(pw_buf->smb_name); if (pwfile == NULL) { - DEBUG(0,("build_sam_account: smbpasswd database is corrupt! username %s not in unix passwd database!\n", pw_buf->smb_name)); + DEBUG(0,("build_sam_account: smbpasswd database is corrupt! username %s with uid %u is not in unix passwd database!\n", pw_buf->smb_name, pw_buf->smb_userid)); return False; } - pdb_set_uid (sam_pass, pwfile->pw_uid); - pdb_set_gid (sam_pass, pwfile->pw_gid); - - pdb_set_fullname(sam_pass, pwfile->pw_gecos); - - pdb_set_user_rid(sam_pass, pdb_uid_to_user_rid (pwfile->pw_uid)); - - if (get_group_map_from_gid(pwfile->pw_gid, &map, MAPPING_WITHOUT_PRIV)) { - sid_peek_rid(&map.sid, &grid); - } else { - grid=pdb_gid_to_group_rid(pwfile->pw_gid); - } - - pdb_set_group_rid(sam_pass, grid); - - /* check if this is a user account or a machine account */ - if (pw_buf->smb_name[strlen(pw_buf->smb_name)-1] != '$') - { - pstring str; - - pstrcpy(str, lp_logon_path()); - standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, pw_buf->smb_name, str); - pdb_set_profile_path(sam_pass, str, False); - - pstrcpy(str, lp_logon_home()); - standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, pw_buf->smb_name, str); - pdb_set_homedir(sam_pass, str, False); - - pstrcpy(str, lp_logon_drive()); - standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, pw_buf->smb_name, str); - pdb_set_dir_drive(sam_pass, str, False); - - pstrcpy(str, lp_logon_script()); - standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, pw_buf->smb_name, str); - pdb_set_logon_script(sam_pass, str, False); - - } else { - /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */ - /*pdb_set_group_rid (sam_pass, DOMAIN_GROUP_RID_USERS); */ + if (!NT_STATUS_IS_OK(pdb_fill_sam_pw(sam_pass, pwfile))) { + return False; } passwd_free(&pwfile); } - pdb_set_username (sam_pass, pw_buf->smb_name); pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd); pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd); pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl); pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time); pdb_set_pass_can_change_time (sam_pass, pw_buf->pass_last_set_time, True); - pdb_set_domain (sam_pass, lp_workgroup()); - pdb_set_dir_drive (sam_pass, lp_logon_drive(), False); - #if 0 /* JERRY */ /* the smbpasswd format doesn't have a must change time field, so we can't get this right. The best we can do is to set this to @@ -1340,9 +1248,9 @@ static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state, SAM_AC /***************************************************************** Functions to be implemented by the new passdb API ****************************************************************/ -static BOOL smbpasswd_setsampwent (struct pdb_context *context, BOOL update) +static BOOL smbpasswd_setsampwent (struct pdb_methods *my_methods, BOOL update) { - struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data; + struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; smbpasswd_state->pw_file = startsmbfilepwent(smbpasswd_state->smbpasswd_file, update ? PWF_UPDATE : PWF_READ, @@ -1370,17 +1278,17 @@ static BOOL smbpasswd_setsampwent (struct pdb_context *context, BOOL update) return (smbpasswd_state->pw_file != NULL); } -static void smbpasswd_endsampwent (struct pdb_context *context) +static void smbpasswd_endsampwent (struct pdb_methods *my_methods) { - struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data; + struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; endsmbfilepwent(smbpasswd_state->pw_file, &(smbpasswd_state->pw_file_lock_depth)); } /***************************************************************** ****************************************************************/ -static BOOL smbpasswd_getsampwent(struct pdb_context *context, SAM_ACCOUNT *user) +static BOOL smbpasswd_getsampwent(struct pdb_methods *my_methods, SAM_ACCOUNT *user) { - struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data; + struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; struct smb_passwd *pw_buf=NULL; BOOL done = False; DEBUG(5,("pdb_getsampwent\n")); @@ -1419,32 +1327,14 @@ static BOOL smbpasswd_getsampwent(struct pdb_context *context, SAM_ACCOUNT *user call getpwnam() for unix account information until we have found the correct entry ***************************************************************/ -static BOOL smbpasswd_getsampwnam(struct pdb_context *context, SAM_ACCOUNT *sam_acct, const char *username) +static BOOL smbpasswd_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT *sam_acct, const char *username) { - struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data; + struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; struct smb_passwd *smb_pw; void *fp = NULL; - char *domain = NULL; - char *user = NULL; - fstring name; DEBUG(10, ("getsampwnam (smbpasswd): search by name: %s\n", username)); - - /* break the username from the domain if we have - been given a string in the form 'DOMAIN\user' */ - fstrcpy (name, username); - if ((user=strchr_m(name, '\\')) != NULL) { - domain = name; - *user = '\0'; - user++; - } - - /* if a domain was specified and it wasn't ours - then there is no chance of matching */ - if ( domain && !StrCaseCmp(domain, lp_workgroup()) ) - return False; - /* startsmbfilepwent() is used here as we don't want to lookup the UNIX account in the local system password file until we have a match. */ @@ -1455,11 +1345,6 @@ static BOOL smbpasswd_getsampwnam(struct pdb_context *context, SAM_ACCOUNT *sam_ return False; } - /* if we have a domain name, then we should map it to a UNIX - username first */ - if ( domain ) - map_username(user); - while ( ((smb_pw=getsmbfilepwent(smbpasswd_state, fp)) != NULL)&& (!strequal(smb_pw->smb_name, username)) ) /* do nothing....another loop */ ; @@ -1488,10 +1373,9 @@ static BOOL smbpasswd_getsampwnam(struct pdb_context *context, SAM_ACCOUNT *sam_ return True; } - -static BOOL smbpasswd_getsampwrid(struct pdb_context *context, SAM_ACCOUNT *sam_acct,uint32 rid) +static BOOL smbpasswd_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT *sam_acct,uint32 rid) { - struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data; + struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; struct smb_passwd *smb_pw; void *fp = NULL; @@ -1505,7 +1389,7 @@ static BOOL smbpasswd_getsampwrid(struct pdb_context *context, SAM_ACCOUNT *sam_ return False; } - while ( ((smb_pw=getsmbfilepwent(smbpasswd_state, fp)) != NULL) && (pdb_uid_to_user_rid(smb_pw->smb_userid) != rid) ) + while ( ((smb_pw=getsmbfilepwent(smbpasswd_state, fp)) != NULL) && (fallback_pdb_uid_to_user_rid(smb_pw->smb_userid) != rid) ) /* do nothing */ ; endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth)); @@ -1533,9 +1417,17 @@ static BOOL smbpasswd_getsampwrid(struct pdb_context *context, SAM_ACCOUNT *sam_ return True; } -static BOOL smbpasswd_add_sam_account(struct pdb_context *context, const SAM_ACCOUNT *sampass) +static BOOL smbpasswd_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid) { - struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data; + uint32 rid; + if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) + return False; + return smbpasswd_getsampwrid(my_methods, user, rid); +} + +static BOOL smbpasswd_add_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT *sampass) +{ + struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; struct smb_passwd smb_pw; /* convert the SAM_ACCOUNT */ @@ -1551,25 +1443,29 @@ static BOOL smbpasswd_add_sam_account(struct pdb_context *context, const SAM_ACC return True; } -static BOOL smbpasswd_update_sam_account(struct pdb_context *context, const SAM_ACCOUNT *sampass) +static BOOL smbpasswd_update_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT *sampass) { - struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data; + struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; struct smb_passwd smb_pw; /* convert the SAM_ACCOUNT */ - if (!build_smb_pass(&smb_pw, sampass)) + if (!build_smb_pass(&smb_pw, sampass)) { + DEBUG(0, ("smbpasswd_update_sam_account: build_smb_pass failed!\n")); return False; + } /* update the entry */ - if(!mod_smbfilepwd_entry(smbpasswd_state, &smb_pw)) + if(!mod_smbfilepwd_entry(smbpasswd_state, &smb_pw)) { + DEBUG(0, ("smbpasswd_update_sam_account: mod_smbfilepwd_entry failed!\n")); return False; - + } + return True; } -static BOOL smbpasswd_delete_sam_account (struct pdb_context *context, const SAM_ACCOUNT *sampass) +static BOOL smbpasswd_delete_sam_account (struct pdb_methods *my_methods, SAM_ACCOUNT *sampass) { - struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data; + struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; const char *username = pdb_get_username(sampass); @@ -1602,7 +1498,7 @@ NTSTATUS pdb_init_smbpasswd(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, (*pdb_method)->endsampwent = smbpasswd_endsampwent; (*pdb_method)->getsampwent = smbpasswd_getsampwent; (*pdb_method)->getsampwnam = smbpasswd_getsampwnam; - (*pdb_method)->getsampwrid = smbpasswd_getsampwrid; + (*pdb_method)->getsampwsid = smbpasswd_getsampwsid; (*pdb_method)->add_sam_account = smbpasswd_add_sam_account; (*pdb_method)->update_sam_account = smbpasswd_update_sam_account; (*pdb_method)->delete_sam_account = smbpasswd_delete_sam_account; diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index a8edac917e2..62793189696 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -2,7 +2,7 @@ * Unix SMB/CIFS implementation. * SMB parameters and setup * Copyright (C) Andrew Tridgell 1992-1998 - * Copyright (C) Simo Sorce 2000 + * Copyright (C) Simo Sorce 2000-2002 * Copyright (C) Gerald Carter 2000 * Copyright (C) Jeremy Allison 2001 * Copyright (C) Andrew Bartlett 2002 @@ -24,6 +24,19 @@ #include "includes.h" +#if 0 /* when made a module use this */ + +static int tdbsam_debug_level = DBGC_ALL; +#undef DBGC_CLASS +#define DBGC_CLASS tdbsam_debug_level + +#else + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_PASSDB + +#endif + #ifdef WITH_TDB_SAM #define PDB_VERSION "20010830" @@ -41,8 +54,10 @@ struct tdbsam_privates { BOOL permit_non_unix_accounts; -/* uint32 low_nua_rid; - uint32 high_nua_rid; */ + BOOL algorithmic_rids; + + uint32 low_nua_rid; + uint32 high_nua_rid; }; /********************************************************************** @@ -84,12 +99,10 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state, uint8 *hours; static uint8 *lm_pw_ptr, *nt_pw_ptr; uint32 len = 0; - uint32 lmpwlen, ntpwlen, hourslen; + uint32 lm_pw_len, nt_pw_len, hourslen; BOOL ret = True; - BOOL setflag; - pstring sub_buffer; struct passwd *pw; - uid_t uid; + uid_t uid = -1; gid_t gid = -1; /* This is what standard sub advanced expects if no gid is known */ if(sampass == NULL || buf == NULL) { @@ -119,8 +132,8 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state, &munged_dial_len, &munged_dial, &user_rid, &group_rid, - &lmpwlen, &lm_pw_ptr, - &ntpwlen, &nt_pw_ptr, + &lm_pw_len, &lm_pw_ptr, + &nt_pw_len, &nt_pw_ptr, &acct_ctrl, &unknown_3, &logon_divs, @@ -150,6 +163,8 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state, uid = pw->pw_uid; gid = pw->pw_gid; + pdb_set_unix_homedir(sampass, pw->pw_dir); + passwd_free(&pw); pdb_set_uid(sampass, uid); @@ -163,70 +178,76 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state, pdb_set_pass_must_change_time(sampass, pass_must_change_time, True); pdb_set_pass_last_set_time(sampass, pass_last_set_time); - pdb_set_username (sampass, username); + pdb_set_username (sampass, username); pdb_set_domain (sampass, domain); pdb_set_nt_username (sampass, nt_username); pdb_set_fullname (sampass, fullname); - if (homedir) setflag = True; - else { - setflag = False; - pstrcpy(sub_buffer, lp_logon_home()); - /* standard_sub_advanced() assumes pstring is passed!! */ - standard_sub_advanced(-1, username, "", gid, username, sub_buffer); - homedir = strdup(sub_buffer); - if(!homedir) { ret = False; goto done; } - DEBUG(5,("Home directory set back to %s\n", homedir)); + if (homedir) { + pdb_set_homedir(sampass, homedir, True); } - pdb_set_homedir(sampass, homedir, setflag); - - if (dir_drive) setflag = True; else { - setflag = False; - pstrcpy(sub_buffer, lp_logon_drive()); - standard_sub_advanced(-1, username, "", gid, username, sub_buffer); - dir_drive = strdup(sub_buffer); - if(!dir_drive) { ret = False; goto done; } - DEBUG(5,("Drive set back to %s\n", dir_drive)); + pdb_set_homedir(sampass, + talloc_sub_specified(sampass->mem_ctx, + lp_logon_home(), + username, domain, + uid, gid), + False); } - pdb_set_dir_drive(sampass, dir_drive, setflag); - if (logon_script) setflag = True; + if (dir_drive) + pdb_set_dir_drive(sampass, dir_drive, True); else { - setflag = False; - pstrcpy(sub_buffer, lp_logon_script()); - standard_sub_advanced(-1, username, "", gid, username, sub_buffer); - logon_script = strdup(sub_buffer); - if(!logon_script) { ret = False; goto done; } - DEBUG(5,("Logon script set back to %s\n", logon_script)); + pdb_set_dir_drive(sampass, + talloc_sub_specified(sampass->mem_ctx, + lp_logon_drive(), + username, domain, + uid, gid), + False); } - pdb_set_logon_script(sampass, logon_script, setflag); - if (profile_path) setflag = True; + if (logon_script) + pdb_set_logon_script(sampass, logon_script, True); else { - setflag = False; - pstrcpy(sub_buffer, lp_logon_path()); - standard_sub_advanced(-1, username, "", gid, username, sub_buffer); - profile_path = strdup(sub_buffer); - if(!profile_path) { ret = False; goto done; } - DEBUG(5,("Profile path set back to %s\n", profile_path)); + pdb_set_logon_script(sampass, + talloc_sub_specified(sampass->mem_ctx, + lp_logon_script(), + username, domain, + uid, gid), + False); + } + + if (profile_path) { + pdb_set_profile_path(sampass, profile_path, True); + } else { + pdb_set_profile_path(sampass, + talloc_sub_specified(sampass->mem_ctx, + lp_logon_path(), + username, domain, + uid, gid), + False); } - pdb_set_profile_path(sampass, profile_path, setflag); pdb_set_acct_desc (sampass, acct_desc); pdb_set_workstations (sampass, workstations); pdb_set_munged_dial (sampass, munged_dial); - if (!pdb_set_lanman_passwd(sampass, lm_pw_ptr)) { - ret = False; - goto done; + + if (lm_pw_ptr && lm_pw_len == LM_HASH_LEN) { + if (!pdb_set_lanman_passwd(sampass, lm_pw_ptr)) { + ret = False; + goto done; + } } - if (!pdb_set_nt_passwd(sampass, nt_pw_ptr)) { - ret = False; - goto done; + + if (nt_pw_ptr && nt_pw_len == NT_HASH_LEN) { + if (!pdb_set_nt_passwd(sampass, nt_pw_ptr)) { + ret = False; + goto done; + } } - pdb_set_user_rid(sampass, user_rid); - pdb_set_group_rid(sampass, group_rid); + pdb_set_user_sid_from_rid(sampass, user_rid); + pdb_set_group_sid_from_rid(sampass, group_rid); pdb_set_unknown_3(sampass, unknown_3); pdb_set_hours_len(sampass, hours_len); pdb_set_unknown_5(sampass, unknown_5); @@ -462,9 +483,9 @@ static uint32 init_buffer_from_sam (struct tdbsam_privates *tdb_state, Open the TDB passwd database for SAM account enumeration. ****************************************************************/ -static BOOL tdbsam_setsampwent(struct pdb_context *context, BOOL update) +static BOOL tdbsam_setsampwent(struct pdb_methods *my_methods, BOOL update) { - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)context->pdb_selected->private_data; + struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; /* Open tdb passwd */ if (!(tdb_state->passwd_tdb = tdb_open_log(tdb_state->tdbsam_location, 0, TDB_DEFAULT, update?(O_RDWR|O_CREAT):O_RDONLY, 0600))) @@ -490,9 +511,9 @@ static void close_tdb(struct tdbsam_privates *tdb_state) End enumeration of the TDB passwd list. ****************************************************************/ -static void tdbsam_endsampwent(struct pdb_context *context) +static void tdbsam_endsampwent(struct pdb_methods *my_methods) { - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)context->pdb_selected->private_data; + struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; close_tdb(tdb_state); DEBUG(7, ("endtdbpwent: closed sam database.\n")); @@ -502,9 +523,9 @@ static void tdbsam_endsampwent(struct pdb_context *context) Get one SAM_ACCOUNT from the TDB (next in line) *****************************************************************/ -static BOOL tdbsam_getsampwent(struct pdb_context *context, SAM_ACCOUNT *user) +static BOOL tdbsam_getsampwent(struct pdb_methods *my_methods, SAM_ACCOUNT *user) { - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)context->pdb_selected->private_data; + struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; TDB_DATA data; char *prefix = USERPREFIX; int prefixlen = strlen (prefix); @@ -550,9 +571,9 @@ static BOOL tdbsam_getsampwent(struct pdb_context *context, SAM_ACCOUNT *user) Lookup a name in the SAM TDB ******************************************************************/ -static BOOL tdbsam_getsampwnam (struct pdb_context *context, SAM_ACCOUNT *user, const char *sname) +static BOOL tdbsam_getsampwnam (struct pdb_methods *my_methods, SAM_ACCOUNT *user, const char *sname) { - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)context->pdb_selected->private_data; + struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; TDB_CONTEXT *pwd_tdb; TDB_DATA data, key; fstring keystr; @@ -606,9 +627,9 @@ static BOOL tdbsam_getsampwnam (struct pdb_context *context, SAM_ACCOUNT *user, Search by rid **************************************************************************/ -static BOOL tdbsam_getsampwrid (struct pdb_context *context, SAM_ACCOUNT *user, uint32 rid) +static BOOL tdbsam_getsampwrid (struct pdb_methods *my_methods, SAM_ACCOUNT *user, uint32 rid) { - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)context->pdb_selected->private_data; + struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; TDB_CONTEXT *pwd_tdb; TDB_DATA data, key; fstring keystr; @@ -644,16 +665,24 @@ static BOOL tdbsam_getsampwrid (struct pdb_context *context, SAM_ACCOUNT *user, tdb_close (pwd_tdb); - return tdbsam_getsampwnam (context, user, name); + return tdbsam_getsampwnam (my_methods, user, name); +} + +static BOOL tdbsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid) +{ + uint32 rid; + if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) + return False; + return tdbsam_getsampwrid(my_methods, user, rid); } /*************************************************************************** Delete a SAM_ACCOUNT ****************************************************************************/ -static BOOL tdbsam_delete_sam_account(struct pdb_context *context, const SAM_ACCOUNT *sam_pass) +static BOOL tdbsam_delete_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT *sam_pass) { - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)context->pdb_selected->private_data; + struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; TDB_CONTEXT *pwd_tdb; TDB_DATA key; fstring keystr; @@ -707,9 +736,9 @@ static BOOL tdbsam_delete_sam_account(struct pdb_context *context, const SAM_ACC Update the TDB SAM ****************************************************************************/ -static BOOL tdb_update_sam(struct pdb_context *context, const SAM_ACCOUNT* newpwd, int flag) +static BOOL tdb_update_sam(struct pdb_methods *my_methods, SAM_ACCOUNT* newpwd, int flag) { - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)context->pdb_selected->private_data; + struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; TDB_CONTEXT *pwd_tdb = NULL; TDB_DATA key, data; uint8 *buf = NULL; @@ -717,7 +746,7 @@ static BOOL tdb_update_sam(struct pdb_context *context, const SAM_ACCOUNT* newpw fstring name; BOOL ret = True; uint32 user_rid; - int32 tdb_ret; + BOOL tdb_ret; /* invalidate the existing TDB iterator if it is open */ if (tdb_state->passwd_tdb) { @@ -736,13 +765,32 @@ static BOOL tdb_update_sam(struct pdb_context *context, const SAM_ACCOUNT* newpw /* if flag == TDB_INSERT then make up a new RID else throw an error. */ if (!(user_rid = pdb_get_user_rid(newpwd))) { if (flag & TDB_INSERT) { - user_rid = BASE_RID; - tdb_ret = tdb_change_int32_atomic(pwd_tdb, "RID_COUNTER", &user_rid, RID_MULTIPLIER); - if (tdb_ret == -1) { - ret = False; - goto done; + if (IS_SAM_UNIX_USER(newpwd)) { + if (tdb_state->algorithmic_rids) { + user_rid = fallback_pdb_uid_to_user_rid(pdb_get_uid(newpwd)); + } else { + user_rid = BASE_RID; + tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "RID_COUNTER", &user_rid, RID_MULTIPLIER); + if (!tdb_ret) { + ret = False; + goto done; + } + } + pdb_set_user_sid_from_rid(newpwd, user_rid); + } else { + user_rid = tdb_state->low_nua_rid; + tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "NUA_RID_COUNTER", &user_rid, RID_MULTIPLIER); + if (!tdb_ret) { + ret = False; + goto done; + } + if (user_rid > tdb_state->high_nua_rid) { + DEBUG(0, ("tdbsam: no NUA rids available, cannot add user %s!\n", pdb_get_username(newpwd))); + ret = False; + goto done; + } + pdb_set_user_sid_from_rid(newpwd, user_rid); } - pdb_set_user_rid(newpwd, user_rid); } else { DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd))); ret = False; @@ -758,7 +806,7 @@ static BOOL tdb_update_sam(struct pdb_context *context, const SAM_ACCOUNT* newpw goto done; } else { /* This seems like a good default choice for non-unix users */ - pdb_set_group_rid(newpwd, DOMAIN_GROUP_RID_USERS); + pdb_set_group_sid_from_rid(newpwd, DOMAIN_GROUP_RID_USERS); } } else { DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd))); @@ -823,18 +871,18 @@ done: Modifies an existing SAM_ACCOUNT ****************************************************************************/ -static BOOL tdbsam_update_sam_account (struct pdb_context *context, const SAM_ACCOUNT *newpwd) +static BOOL tdbsam_update_sam_account (struct pdb_methods *my_methods, SAM_ACCOUNT *newpwd) { - return (tdb_update_sam(context, newpwd, TDB_MODIFY)); + return (tdb_update_sam(my_methods, newpwd, TDB_MODIFY)); } /*************************************************************************** Adds an existing SAM_ACCOUNT ****************************************************************************/ -static BOOL tdbsam_add_sam_account (struct pdb_context *context, const SAM_ACCOUNT *newpwd) +static BOOL tdbsam_add_sam_account (struct pdb_methods *my_methods, SAM_ACCOUNT *newpwd) { - return (tdb_update_sam(context, newpwd, TDB_INSERT)); + return (tdb_update_sam(my_methods, newpwd, TDB_INSERT)); } static void free_private_data(void **vp) @@ -852,6 +900,14 @@ NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con NTSTATUS nt_status; struct tdbsam_privates *tdb_state; +#if 0 /* when made a module use this */ + tdbsam_debug_level = debug_add_class("tdbsam"); + if(tdbsam_debug_level == -1) { + tdbsam_debug_level = DBGC_ALL; + DEBUG(0, ("tdbsam: Couldn't register custom debugging class!\n")); + } +#endif + if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) { return nt_status; } @@ -862,7 +918,7 @@ NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con (*pdb_method)->endsampwent = tdbsam_endsampwent; (*pdb_method)->getsampwent = tdbsam_getsampwent; (*pdb_method)->getsampwnam = tdbsam_getsampwnam; - (*pdb_method)->getsampwrid = tdbsam_getsampwrid; + (*pdb_method)->getsampwsid = tdbsam_getsampwsid; (*pdb_method)->add_sam_account = tdbsam_add_sam_account; (*pdb_method)->update_sam_account = tdbsam_update_sam_account; (*pdb_method)->delete_sam_account = tdbsam_delete_sam_account; @@ -884,6 +940,8 @@ NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con tdb_state->tdbsam_location = talloc_strdup(pdb_context->mem_ctx, tdbfile); } + tdb_state->algorithmic_rids = True; + (*pdb_method)->private_data = tdb_state; (*pdb_method)->free_private_data = free_private_data; @@ -904,7 +962,7 @@ NTSTATUS pdb_init_tdbsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, (*pdb_method)->name = "tdbsam_nua"; tdb_state = (*pdb_method)->private_data; - + tdb_state->permit_non_unix_accounts = True; if (!lp_non_unix_account_range(&low_nua_uid, &high_nua_uid)) { @@ -912,10 +970,10 @@ NTSTATUS pdb_init_tdbsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, return NT_STATUS_UNSUCCESSFUL; } -/* tdb_state->low_nua_rid=fallback_pdb_uid_to_user_rid(low_nua_uid); + tdb_state->low_nua_rid=fallback_pdb_uid_to_user_rid(low_nua_uid); tdb_state->high_nua_rid=fallback_pdb_uid_to_user_rid(high_nua_uid); -*/ + return NT_STATUS_OK; } diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index b3507a13928..3ecaf52e586 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -1,6 +1,8 @@ /* Unix SMB/CIFS implementation. Copyright (C) Andrew Tridgell 1992-2001 + Copyright (C) Andrew Bartlett 2002 + Copyright (C) Rafal Szczesniak 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -22,6 +24,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_PASSDB + static TDB_CONTEXT *tdb; /* open up the secrets database */ @@ -47,7 +52,7 @@ BOOL secrets_init(void) /* read a entry from the secrets database - the caller must free the result if size is non-null then the size of the entry is put in there */ -void *secrets_fetch(char *key, size_t *size) +void *secrets_fetch(const char *key, size_t *size) { TDB_DATA kbuf, dbuf; secrets_init(); @@ -63,7 +68,7 @@ void *secrets_fetch(char *key, size_t *size) /* store a secrets entry */ -BOOL secrets_store(char *key, void *data, size_t size) +BOOL secrets_store(const char *key, void *data, size_t size) { TDB_DATA kbuf, dbuf; secrets_init(); @@ -79,7 +84,7 @@ BOOL secrets_store(char *key, void *data, size_t size) /* delete a secets database entry */ -BOOL secrets_delete(char *key) +BOOL secrets_delete(const char *key) { TDB_DATA kbuf; secrets_init(); @@ -124,10 +129,14 @@ BOOL secrets_fetch_domain_sid(char *domain, DOM_SID *sid) } -/************************************************************************ -form a key for fetching the machine trust account password -************************************************************************/ -char *trust_keystr(char *domain) +/** + * Form a key for fetching the machine trust account password + * + * @param domain domain name + * + * @return stored password's key + **/ +const char *trust_keystr(const char *domain) { static fstring keystr; @@ -141,11 +150,11 @@ char *trust_keystr(char *domain) /** * Form a key for fetching a trusted domain password * - * @param domain domain name + * @param domain trusted domain name * * @return stored password's key **/ -char *trustdom_keystr(char *domain) +char *trustdom_keystr(const char *domain) { static char* keystr; @@ -194,21 +203,23 @@ BOOL secrets_fetch_trust_account_password(char *domain, uint8 ret_pwd[16], Routine to get account password to trusted domain ************************************************************************/ BOOL secrets_fetch_trusted_domain_password(char *domain, char** pwd, - DOM_SID *sid, time_t *pass_last_set_time) + DOM_SID *sid, time_t *pass_last_set_time) { struct trusted_dom_pass *pass; size_t size; + /* fetching trusted domain password structure */ if (!(pass = secrets_fetch(trustdom_keystr(domain), &size))) { DEBUG(5, ("secrets_fetch failed!\n")); return False; } - + if (size != sizeof(*pass)) { DEBUG(0, ("secrets were of incorrect size!\n")); return False; } - + + /* the trust's password */ if (pwd) { *pwd = strdup(pass->pass); if (!*pwd) { @@ -216,9 +227,12 @@ BOOL secrets_fetch_trusted_domain_password(char *domain, char** pwd, } } + /* last change time */ if (pass_last_set_time) *pass_last_set_time = pass->mod_time; + /* domain sid */ memcpy(&sid, &(pass->domain_sid), sizeof(sid)); + SAFE_FREE(pass); return True; @@ -247,19 +261,30 @@ BOOL secrets_store_trust_account_password(char *domain, uint8 new_pwd[16]) * @return true if succeeded **/ -BOOL secrets_store_trusted_domain_password(char* domain, char* pwd, +BOOL secrets_store_trusted_domain_password(char* domain, smb_ucs2_t *uni_dom_name, + size_t uni_name_len, char* pwd, DOM_SID sid) { struct trusted_dom_pass pass; ZERO_STRUCT(pass); + /* unicode domain name and its length */ + if (!uni_dom_name) + return False; + + strncpy_w(pass.uni_name, uni_dom_name, sizeof(pass.uni_name) - 1); + pass.uni_name_len = uni_name_len; + + /* last change time */ pass.mod_time = time(NULL); + /* password of the trust */ pass.pass_len = strlen(pwd); fstrcpy(pass.pass, pwd); + /* domain sid */ memcpy(&(pass.domain_sid), &sid, sizeof(sid)); - + return secrets_store(trustdom_keystr(domain), (void *)&pass, sizeof(pass)); } @@ -300,7 +325,7 @@ char *secrets_fetch_machine_password(void) Routine to delete the machine trust account password file for a domain. ************************************************************************/ -BOOL trust_password_delete(char *domain) +BOOL trust_password_delete(const char *domain) { return secrets_delete(trust_keystr(domain)); } @@ -308,7 +333,7 @@ BOOL trust_password_delete(char *domain) /************************************************************************ Routine to delete the password for trusted domain ************************************************************************/ -BOOL trusted_domain_password_delete(char *domain) +BOOL trusted_domain_password_delete(const char *domain) { return secrets_delete(trustdom_keystr(domain)); } @@ -345,15 +370,136 @@ void reset_globals_after_fork(void) generate_random_buffer( &dummy, 1, True); } -BOOL secrets_store_ldap_pw(char* dn, char* pw) +BOOL secrets_store_ldap_pw(const char* dn, char* pw) { - fstring key; - char *p; + char *key = NULL; + BOOL ret; - pstrcpy(key, dn); - for (p=key; *p; p++) - if (*p == ',') *p = '/'; + if (asprintf(&key, "%s/%s", SECRETS_LDAP_BIND_PW, dn) < 0) { + DEBUG(0, ("secrets_store_ldap_pw: asprintf failed!\n")); + return False; + } + + ret = secrets_store(key, pw, strlen(pw)+1); + + SAFE_FREE(key); + return ret; +} + + +/** + * The linked list is allocated on the supplied talloc context, caller gets to destory + * when done. + * + * @param ctx Allocation context + * @param enum_ctx Starting index, eg. we can start fetching at third + * or sixth trusted domain entry. Zero is the first index. + * Value it is set to is the enum context for the next enumeration. + * @param num_domains Number of domain entries to fetch at one call + * @param domains Pointer to array of trusted domain structs to be filled up + * + * @return nt status code of rpc response + **/ + +NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int* enum_ctx, int max_num_domains, int *num_domains, TRUSTDOM ***domains) +{ + TDB_LIST_NODE *keys, *k; + TRUSTDOM *dom = NULL; + char *pattern; + int start_idx; + uint32 idx = 0; + size_t size; + struct trusted_dom_pass *pass; + NTSTATUS status; + + secrets_init(); + + *num_domains = 0; + start_idx = *enum_ctx; + + /* generate searching pattern */ + if (!(pattern = talloc_asprintf(ctx, "%s/*", SECRETS_DOMTRUST_ACCT_PASS))) { + DEBUG(0, ("secrets_get_trusted_domains: talloc_asprintf() failed!\n")); + return NT_STATUS_NO_MEMORY; + } + + DEBUG(5, ("secrets_get_trusted_domains: looking for %d domains, starting at index %d\n", + max_num_domains, *enum_ctx)); + + *domains = talloc_zero(ctx, sizeof(**domains)*max_num_domains); + + /* fetching trusted domains' data and collecting them in a list */ + keys = tdb_search_keys(tdb, pattern); + + /* + * if there's no keys returned ie. no trusted domain, + * return "no more entries" code + */ + status = NT_STATUS_NO_MORE_ENTRIES; + + /* searching for keys in sectrets db -- way to go ... */ + for (k = keys; k; k = k->next) { + char *secrets_key; + + /* important: ensure null-termination of the key string */ + secrets_key = strndup(k->node_key.dptr, k->node_key.dsize); + if (!secrets_key) { + DEBUG(0, ("strndup failed!\n")); + return NT_STATUS_NO_MEMORY; + } + + pass = secrets_fetch(secrets_key, &size); + + if (size != sizeof(*pass)) { + DEBUG(2, ("Secrets record %s is invalid!\n", secrets_key)); + SAFE_FREE(pass); + continue; + } + + SAFE_FREE(secrets_key); + + if (idx >= start_idx && idx < start_idx + max_num_domains) { + dom = talloc_zero(ctx, sizeof(*dom)); + if (!dom) { + /* free returned tdb record */ + SAFE_FREE(pass); + + return NT_STATUS_NO_MEMORY; + } + + /* copy domain sid */ + SMB_ASSERT(sizeof(dom->sid) == sizeof(pass->domain_sid)); + memcpy(&(dom->sid), &(pass->domain_sid), sizeof(dom->sid)); + + /* copy unicode domain name */ + dom->name = talloc_strdup_w(ctx, pass->uni_name); + + (*domains)[idx - start_idx] = dom; + + *enum_ctx = idx + 1; + (*num_domains)++; + + /* set proper status code to return */ + if (k->next) { + /* there are yet some entries to enumerate */ + status = STATUS_MORE_ENTRIES; + } else { + /* this is the last entry in the whole enumeration */ + status = NT_STATUS_OK; + } + } + + idx++; + + /* free returned tdb record */ + SAFE_FREE(pass); + } - return secrets_store(key, pw, strlen(pw)); + DEBUG(5, ("secrets_get_trusted_domains: got %d domains\n", *num_domains)); + + /* free the results of searching the keys */ + tdb_search_list_free(keys); + + return status; } diff --git a/source3/printing/lpq_parse.c b/source3/printing/lpq_parse.c index 9d8b1cc2aa3..1307cdb3f8d 100644 --- a/source3/printing/lpq_parse.c +++ b/source3/printing/lpq_parse.c @@ -255,6 +255,8 @@ static BOOL parse_lpq_lprng(char *line,print_queue_struct *buf,BOOL first) if (strequal(tokarr[LPRNG_RANKTOK],"active")) { buf->status = LPQ_PRINTING; + } else if (strequal(tokarr[LPRNG_RANKTOK],"done")) { + buf->status = LPQ_PRINTED; } else if (isdigit((int)*tokarr[LPRNG_RANKTOK])) { buf->status = LPQ_QUEUED; } else { @@ -314,7 +316,7 @@ static BOOL parse_lpq_aix(char *line,print_queue_struct *buf,BOOL first) int count=0; /* handle the case of "(standard input)" as a filename */ - pstring_sub(line,"standard input","STDIN"); + string_sub(line,"standard input","STDIN",0); all_string_sub(line,"(","\"",0); all_string_sub(line,")","\"",0); @@ -431,7 +433,7 @@ static BOOL parse_lpq_hpux(char * line, print_queue_struct *buf, BOOL first) } if (!header_line_ok) return (False); /* incorrect header line */ /* handle the case of "(standard input)" as a filename */ - pstring_sub(line,"standard input","STDIN"); + string_sub(line,"standard input","STDIN",0); all_string_sub(line,"(","\"",0); all_string_sub(line,")","\"",0); @@ -469,7 +471,7 @@ static BOOL parse_lpq_hpux(char * line, print_queue_struct *buf, BOOL first) else if (base_prio) base_prio_reset=False; /* handle the dash in the job id */ - pstring_sub(line,"-"," "); + string_sub(line,"-"," ",0); for (count=0; count<12 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ; @@ -593,14 +595,14 @@ static BOOL parse_lpq_qnx(char *line,print_queue_struct *buf,BOOL first) DEBUG(4,("antes [%s]\n", line)); /* handle the case of "-- standard input --" as a filename */ - pstring_sub(line,"standard input","STDIN"); + string_sub(line,"standard input","STDIN",0); DEBUG(4,("despues [%s]\n", line)); all_string_sub(line,"-- ","\"",0); all_string_sub(line," --","\"",0); DEBUG(4,("despues 1 [%s]\n", line)); - pstring_sub(line,"[job #",""); - pstring_sub(line,"]",""); + string_sub(line,"[job #","",0); + string_sub(line,"]","",0); DEBUG(4,("despues 2 [%s]\n", line)); @@ -656,7 +658,7 @@ static BOOL parse_lpq_plp(char *line,print_queue_struct *buf,BOOL first) int count=0; /* handle the case of "(standard input)" as a filename */ - pstring_sub(line,"stdin","STDIN"); + string_sub(line,"stdin","STDIN",0); all_string_sub(line,"(","\"",0); all_string_sub(line,")","\"",0); @@ -726,7 +728,7 @@ static BOOL parse_lpq_softq(char *line,print_queue_struct *buf,BOOL first) int count=0; /* mung all the ":"s to spaces*/ - pstring_sub(line,":"," "); + string_sub(line,":"," ",0); for (count=0; count<10 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ; diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index 29bc185a6dd..ff08b99eb0f 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -3,6 +3,7 @@ * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-2000, * Copyright (C) Jean François Micouleau 1998-2000. + * Copyright (C) Gerald Carter 2002. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -314,6 +315,11 @@ BOOL nt_printing_init(void) update_c_setprinter(True); + /* + * register callback to handle updating printers as new + * drivers are installed + */ + message_register(MSG_PRINTER_DRVUPGRADE, do_drv_upgrade_printer); return True; } @@ -1059,7 +1065,7 @@ static uint32 get_correct_cversion(fstring architecture, fstring driverpath_in, /* Null password is ok - we are already an authenticated user... */ null_pw = data_blob(NULL, 0); become_root(); - conn = make_connection("print$", null_pw, "A:", user->vuid, &nt_status); + conn = make_connection_with_chdir("print$", null_pw, "A:", user->vuid, &nt_status); unbecome_root(); if (conn == NULL) { @@ -1377,7 +1383,7 @@ BOOL move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, become_root(); null_pw = data_blob(NULL, 0); - conn = make_connection("print$", null_pw, "A:", user->vuid, &nt_status); + conn = make_connection_with_chdir("print$", null_pw, "A:", user->vuid, &nt_status); unbecome_root(); if (conn == NULL) { @@ -1678,13 +1684,13 @@ static uint32 add_a_printer_driver_6(NT_PRINTER_DRIVER_INFO_LEVEL_6 *driver) /**************************************************************************** ****************************************************************************/ -static WERROR get_a_printer_driver_3_default(NT_PRINTER_DRIVER_INFO_LEVEL_3 **info_ptr, fstring in_prt, fstring in_arch) +static WERROR get_a_printer_driver_3_default(NT_PRINTER_DRIVER_INFO_LEVEL_3 **info_ptr, fstring driver, fstring arch) { NT_PRINTER_DRIVER_INFO_LEVEL_3 info; ZERO_STRUCT(info); - fstrcpy(info.name, in_prt); + fstrcpy(info.name, driver); fstrcpy(info.defaultdatatype, "RAW"); fstrcpy(info.driverpath, ""); @@ -1705,7 +1711,7 @@ static WERROR get_a_printer_driver_3_default(NT_PRINTER_DRIVER_INFO_LEVEL_3 **in /**************************************************************************** ****************************************************************************/ -static WERROR get_a_printer_driver_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 **info_ptr, fstring in_prt, fstring in_arch, uint32 version) +static WERROR get_a_printer_driver_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 **info_ptr, fstring drivername, fstring arch, uint32 version) { NT_PRINTER_DRIVER_INFO_LEVEL_3 driver; TDB_DATA kbuf, dbuf; @@ -1716,21 +1722,19 @@ static WERROR get_a_printer_driver_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 **info_ptr, ZERO_STRUCT(driver); - get_short_archi(architecture, in_arch); + get_short_archi(architecture, arch); - DEBUG(8,("get_a_printer_driver_3: [%s%s/%d/%s]\n", DRIVERS_PREFIX, architecture, version, in_prt)); + DEBUG(8,("get_a_printer_driver_3: [%s%s/%d/%s]\n", DRIVERS_PREFIX, architecture, version, drivername)); - slprintf(key, sizeof(key)-1, "%s%s/%d/%s", DRIVERS_PREFIX, architecture, version, in_prt); + slprintf(key, sizeof(key)-1, "%s%s/%d/%s", DRIVERS_PREFIX, architecture, version, drivername); kbuf.dptr = key; kbuf.dsize = strlen(key)+1; dbuf = tdb_fetch(tdb_drivers, kbuf); -#if 0 - if (!dbuf.dptr) return get_a_printer_driver_3_default(info_ptr, in_prt, in_arch); -#else - if (!dbuf.dptr) return WERR_ACCESS_DENIED; -#endif + if (!dbuf.dptr) + return WERR_ACCESS_DENIED; + len += tdb_unpack(dbuf.dptr, dbuf.dsize, "dffffffff", &driver.cversion, driver.name, @@ -1766,7 +1770,7 @@ static WERROR get_a_printer_driver_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 **info_ptr, if (len != dbuf.dsize) { SAFE_FREE(driver.dependentfiles); - return get_a_printer_driver_3_default(info_ptr, in_prt, in_arch); + return get_a_printer_driver_3_default(info_ptr, drivername, arch); } *info_ptr = (NT_PRINTER_DRIVER_INFO_LEVEL_3 *)memdup(&driver, sizeof(driver)); @@ -1856,19 +1860,19 @@ static uint32 dump_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL driver, uint32 else { info3=driver.info_3; - DEBUGADD(106,("version:[%d]\n", info3->cversion)); - DEBUGADD(106,("name:[%s]\n", info3->name)); - DEBUGADD(106,("environment:[%s]\n", info3->environment)); - DEBUGADD(106,("driverpath:[%s]\n", info3->driverpath)); - DEBUGADD(106,("datafile:[%s]\n", info3->datafile)); - DEBUGADD(106,("configfile:[%s]\n", info3->configfile)); - DEBUGADD(106,("helpfile:[%s]\n", info3->helpfile)); - DEBUGADD(106,("monitorname:[%s]\n", info3->monitorname)); - DEBUGADD(106,("defaultdatatype:[%s]\n", info3->defaultdatatype)); + DEBUGADD(20,("version:[%d]\n", info3->cversion)); + DEBUGADD(20,("name:[%s]\n", info3->name)); + DEBUGADD(20,("environment:[%s]\n", info3->environment)); + DEBUGADD(20,("driverpath:[%s]\n", info3->driverpath)); + DEBUGADD(20,("datafile:[%s]\n", info3->datafile)); + DEBUGADD(20,("configfile:[%s]\n", info3->configfile)); + DEBUGADD(20,("helpfile:[%s]\n", info3->helpfile)); + DEBUGADD(20,("monitorname:[%s]\n", info3->monitorname)); + DEBUGADD(20,("defaultdatatype:[%s]\n", info3->defaultdatatype)); for (i=0; info3->dependentfiles && *info3->dependentfiles[i]; i++) { - DEBUGADD(106,("dependentfile:[%s]\n", + DEBUGADD(20,("dependentfile:[%s]\n", info3->dependentfiles[i])); } result=0; @@ -1876,7 +1880,7 @@ static uint32 dump_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL driver, uint32 break; } default: - DEBUGADD(106,("dump_a_printer_driver: Level %u not implemented\n", (unsigned int)level)); + DEBUGADD(20,("dump_a_printer_driver: Level %u not implemented\n", (unsigned int)level)); result=1; break; } @@ -2833,7 +2837,7 @@ WERROR mod_a_printer(NT_PRINTER_INFO_LEVEL printer, uint32 level) Initialize printer devmode & data with previously saved driver init values. ****************************************************************************/ -static uint32 set_driver_init_2(NT_PRINTER_INFO_LEVEL_2 *info_ptr) +static BOOL set_driver_init_2(NT_PRINTER_INFO_LEVEL_2 *info_ptr) { int len = 0; pstring key; @@ -2886,9 +2890,14 @@ static uint32 set_driver_init_2(NT_PRINTER_INFO_LEVEL_2 *info_ptr) * NT/2k does not change out the entire DeviceMode of a printer * when changing the driver. Only the driverextra, private, & * driverversion fields. --jerry (Thu Mar 14 08:58:43 CST 2002) + * + * Later e4xamination revealed that Windows NT/2k does reset the + * the printer's device mode, bit **only** when you change a + * property of the device mode such as the page orientation. + * --jerry */ -#if 0 /* JERRY */ +#if 1 /* JERRY */ /* * Bind the saved DEVMODE to the new the printer. @@ -2940,25 +2949,49 @@ static uint32 set_driver_init_2(NT_PRINTER_INFO_LEVEL_2 *info_ptr) is bound to the new printer. ****************************************************************************/ -uint32 set_driver_init(NT_PRINTER_INFO_LEVEL *printer, uint32 level) +BOOL set_driver_init(NT_PRINTER_INFO_LEVEL *printer, uint32 level) { - uint32 result; + BOOL result = False; switch (level) { case 2: - { result=set_driver_init_2(printer->info_2); break; - } + default: - result=1; + DEBUG(0,("set_driver_init: Programmer's error! Unknown driver_init level [%d]\n", + level)); break; } return result; } +/**************************************************************************** + Delete driver init data stored for a specified driver +****************************************************************************/ + +BOOL del_driver_init(char *drivername) +{ + pstring key; + TDB_DATA kbuf; + + if (!drivername || !*drivername) { + DEBUG(3,("del_driver_init: No drivername specified!\n")); + return False; + } + + slprintf(key, sizeof(key)-1, "%s%s", DRIVER_INIT_PREFIX, drivername); + + kbuf.dptr = key; + kbuf.dsize = strlen(key)+1; + + DEBUG(6,("del_driver_init: Removing driver init data for [%s]\n", drivername)); + + return (tdb_delete(tdb_drivers, kbuf) == 0); +} + /**************************************************************************** Pack up the DEVMODE and specifics for a printer into a 'driver init' entry in the tdb. Note: this is different from the driver entry and the printer @@ -3301,17 +3334,31 @@ uint32 add_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL driver, uint32 level) /**************************************************************************** ****************************************************************************/ WERROR get_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL *driver, uint32 level, - fstring printername, fstring architecture, uint32 version) + fstring drivername, fstring architecture, uint32 version) { WERROR result; switch (level) { case 3: - { - result=get_a_printer_driver_3(&driver->info_3, printername, architecture, version); + /* Sometime we just want any version of the driver */ + + if ( version == DRIVER_ANY_VERSION ) { + /* look for Win2k first and then for NT4 */ + result = get_a_printer_driver_3(&driver->info_3, drivername, + architecture, 3); + + if ( !W_ERROR_IS_OK(result) ) { + result = get_a_printer_driver_3( &driver->info_3, + drivername, architecture, 2 ); + } + } + else { + result = get_a_printer_driver_3(&driver->info_3, drivername, + architecture, version); + } break; - } + default: result=W_ERROR(1); break; @@ -3319,6 +3366,7 @@ WERROR get_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL *driver, uint32 level, if (W_ERROR_IS_OK(result)) dump_a_printer_driver(*driver, level); + return result; } @@ -3377,95 +3425,347 @@ uint32 free_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL driver, uint32 level) Determine whether or not a particular driver is currently assigned to a printer ****************************************************************************/ -BOOL printer_driver_in_use (char *arch, char *driver) + +BOOL printer_driver_in_use ( NT_PRINTER_DRIVER_INFO_LEVEL_3 *i ) { - TDB_DATA kbuf, newkey, dbuf; - NT_PRINTER_INFO_LEVEL_2 info; - int ret; + int snum; + int n_services = lp_numservices(); + NT_PRINTER_INFO_LEVEL *printer = NULL; - if (!tdb_printers) - if (!nt_printing_init()) - return False; + if ( !i ) + return False; - DEBUG(5,("printer_driver_in_use: Beginning search through printers.tdb...\n")); + DEBUG(5,("printer_driver_in_use: Beginning search through ntprinters.tdb...\n")); /* loop through the printers.tdb and check for the drivername */ - for (kbuf = tdb_firstkey(tdb_printers); kbuf.dptr; - newkey = tdb_nextkey(tdb_printers, kbuf), safe_free(kbuf.dptr), kbuf=newkey) + + for (snum=0; snumname, printer->info_2->drivername) ) { + free_a_printer( &printer, 2 ); + return True; + } + + free_a_printer( &printer, 2 ); + } + + DEBUG(5,("printer_driver_in_use: Completed search through ntprinters.tdb...\n")); + + /* report that the driver is not in use by default */ + + return False; +} - ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "dddddddddddfffffPfffff", - &info.attributes, - &info.priority, - &info.default_priority, - &info.starttime, - &info.untiltime, - &info.status, - &info.cjobs, - &info.averageppm, - &info.changeid, - &info.c_setprinter, - &info.setuptime, - info.servername, - info.printername, - info.sharename, - info.portname, - info.drivername, - info.comment, - info.location, - info.sepfile, - info.printprocessor, - info.datatype, - info.parameters); - SAFE_FREE(dbuf.dptr); +/********************************************************************** + Check to see if a ogiven file is in use by *info + *********************************************************************/ + +static BOOL drv_file_in_use( char* file, NT_PRINTER_DRIVER_INFO_LEVEL_3 *info ) +{ + char *s; + + if ( !info ) + return False; + + if ( strequal(file, info->driverpath) ) + return True; - if (ret == -1) { - DEBUG (0,("printer_driver_in_use: tdb_unpack failed for printer %s\n", - info.printername)); - continue; + if ( strequal(file, info->datafile) ) + return True; + + if ( strequal(file, info->configfile) ) + return True; + + if ( strequal(file, info->helpfile) ) + return True; + + s = (char*) info->dependentfiles; + + if ( s ) { + while ( *s ) + { + if ( strequal(file, s) ) + return True; + s += strlen(s) + 1; } + } + + return False; + +} + +/********************************************************************** + Utility function to remove the dependent file pointed to by the + input parameter from the list + *********************************************************************/ + +static void trim_dependent_file( char* s ) +{ + char *p; + + /* set p to the next character string in the list */ + + p = s + strlen( s ) + 1; + + /* check to see that we have another string to copy back */ + + if ( *p == '\0' ) + { + /* loop over s copying characters from p to s */ + while ( *p!='\0' && *(p+1)!='\0' ) + *s++ = *p++; + } + + /* add the two trailing NULL's */ + + *s = '\0'; + *(s+1) = '\0'; +} + +/********************************************************************** + Check if any of the files used by src are also used by drv + *********************************************************************/ + +static BOOL trim_overlap_drv_files( NT_PRINTER_DRIVER_INFO_LEVEL_3 *src, + NT_PRINTER_DRIVER_INFO_LEVEL_3 *drv ) +{ + BOOL in_use = False; + char *s; + + if ( !src || !drv ) + return False; + + /* check each file. Remove it from the src structure if it overlaps */ + + if ( drv_file_in_use(src->driverpath, drv) ) { + in_use = True; + fstrcpy( src->driverpath, "" ); + } + + if ( drv_file_in_use(src->datafile, drv) ) { + in_use = True; + fstrcpy( src->datafile, "" ); + } + + if ( drv_file_in_use(src->configfile, drv) ) { + in_use = True; + fstrcpy( src->configfile, "" ); + } + + s = (char*)src->dependentfiles; + + if ( s ) { + while ( *s ) + { + if ( drv_file_in_use(s, drv) ) { + in_use = True; + trim_dependent_file( s ); + } + else + s += strlen(s) + 1; + } + } + - DEBUG (10,("printer_driver_in_use: Printer - %s (%s)\n", - info.printername, info.drivername)); + return in_use; +} + +/**************************************************************************** + Determine whether or not a particular driver files are currently being + used by any other driver. + + Return value is True if any files were in use by other drivers + and False otherwise. + + Upon return, *info has been modified to only contain the driver files + which are not in use +****************************************************************************/ + +BOOL printer_driver_files_in_use ( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info ) +{ + int i; + int ndrivers; + uint32 version; + fstring *list = NULL; + NT_PRINTER_DRIVER_INFO_LEVEL driver; + + /* loop over all driver versions */ + + DEBUG(5,("printer_driver_files_in_use: Beginning search through ntdrivers.tdb...\n")); + + for ( version=0; versionenvironment, version); + + DEBUGADD(4,("we have:[%d] drivers in environment [%s] and version [%d]\n", + ndrivers, info->environment, version)); + + if (ndrivers == -1) + continue; - if (strcmp(info.drivername, driver) == 0) + /* check each driver for overlap in files */ + + for (i=0; ienvironment, version)) ) + { + SAFE_FREE(list); + return True; + } + + /* check if d2 uses any files from d1 */ + /* only if this is a different driver than the one being deleted */ + + if ( !strequal(info->name, driver.info_3->name) + || (info->cversion != driver.info_3->cversion) ) + { + if ( trim_overlap_drv_files(info, driver.info_3) ) { + free_a_printer_driver(driver, 3); + SAFE_FREE( list ); + return True; + } + } + + free_a_printer_driver(driver, 3); } + + SAFE_FREE(list); } - DEBUG(5,("printer_driver_in_use: Completed search through printers.tdb...\n")); + DEBUG(5,("printer_driver_files_in_use: Completed search through ntdrivers.tdb...\n")); - - /* report that the driver is in use by default */ return False; } +/**************************************************************************** + Actually delete the driver files. Make sure that + printer_driver_files_in_use() return False before calling + this. +****************************************************************************/ + +static BOOL delete_driver_files( NT_PRINTER_DRIVER_INFO_LEVEL_3 *i, struct current_user *user ) +{ + char *s; + connection_struct *conn; + DATA_BLOB null_pw; + NTSTATUS nt_status; + + if ( !i ) + return False; + + DEBUG(6,("delete_driver_files: deleting driver [%s] - version [%d]\n", i->name, i->cversion)); + + /* + * Connect to the print$ share under the same account as the + * user connected to the rpc pipe. Note we must be root to + * do this. + */ + + become_root(); + null_pw = data_blob( NULL, 0 ); + conn = make_connection_with_chdir( "print$", null_pw, "A:", user->vuid, &nt_status ); + unbecome_root(); + + if ( !conn ) { + DEBUG(0,("delete_driver_files: Unable to connect\n")); + return False; + } + + /* Save who we are - we are temporarily becoming the connection user. */ + + if ( !become_user(conn, conn->vuid) ) { + DEBUG(0,("delete_driver_files: Can't become user!\n")); + return False; + } + + /* now delete the files; must strip the '\print$' string from + fron of path */ + + if ( *i->driverpath ) { + if ( (s = strchr( &i->driverpath[1], '\\' )) != NULL ) { + DEBUG(10,("deleting driverfile [%s]\n", s)); + unlink_internals(conn, 0, s); + } + } + + if ( *i->configfile ) { + if ( (s = strchr( &i->configfile[1], '\\' )) != NULL ) { + DEBUG(10,("deleting configfile [%s]\n", s)); + unlink_internals(conn, 0, s); + } + } + + if ( *i->datafile ) { + if ( (s = strchr( &i->datafile[1], '\\' )) != NULL ) { + DEBUG(10,("deleting datafile [%s]\n", s)); + unlink_internals(conn, 0, s); + } + } + + if ( *i->helpfile ) { + if ( (s = strchr( &i->helpfile[1], '\\' )) != NULL ) { + DEBUG(10,("deleting helpfile [%s]\n", s)); + unlink_internals(conn, 0, s); + } + } + + s = (char*)i->dependentfiles; + + while ( s && *s ) { + char *file; + + if ( (file = strchr( s+1, '\\' )) != NULL ) + { + DEBUG(10,("deleting dependent file [%s]\n", file)); + unlink_internals(conn, 0, file ); + file += strlen( file ) + 1; + } + + s = file; + } + + return True; +} + /**************************************************************************** Remove a printer driver from the TDB. This assumes that the the driver was previously looked up. ***************************************************************************/ -WERROR delete_printer_driver (NT_PRINTER_DRIVER_INFO_LEVEL_3 *i) + +static WERROR delete_printer_driver_internal( NT_PRINTER_DRIVER_INFO_LEVEL_3 *i, struct current_user *user, + uint32 version, BOOL delete_files ) { pstring key; fstring arch; TDB_DATA kbuf; + NT_PRINTER_DRIVER_INFO_LEVEL ctr; + /* delete the tdb data first */ get_short_archi(arch, i->environment); slprintf(key, sizeof(key)-1, "%s%s/%d/%s", DRIVERS_PREFIX, - arch, i->cversion, i->name); - DEBUG(5,("delete_printer_driver: key = [%s]\n", key)); + arch, version, i->name); + + DEBUG(5,("delete_printer_driver: key = [%s] delete_files = %s\n", + key, delete_files ? "TRUE" : "FALSE" )); + + ctr.info_3 = i; + dump_a_printer_driver( ctr, 3 ); kbuf.dptr=key; kbuf.dsize=strlen(key)+1; @@ -3474,18 +3774,56 @@ WERROR delete_printer_driver (NT_PRINTER_DRIVER_INFO_LEVEL_3 *i) DEBUG (0,("delete_printer_driver: fail to delete %s!\n", key)); return WERR_ACCESS_DENIED; } - + + /* + * now delete any associated files if delete_files == True + * even if this part failes, we return succes because the + * driver doesn not exist any more + */ + + if ( delete_files ) + delete_driver_files( i, user ); + DEBUG(5,("delete_printer_driver: [%s] driver delete successful.\n", i->name)); - + + return WERR_OK; +} + +/**************************************************************************** + Remove a printer driver from the TDB. This assumes that the the driver was + previously looked up. + ***************************************************************************/ + +WERROR delete_printer_driver( NT_PRINTER_DRIVER_INFO_LEVEL_3 *i, struct current_user *user, + uint32 version, BOOL delete_files ) +{ + int ver; + WERROR err; + + /* see if we should delete all versions of this driver */ + + if ( version == DRIVER_ANY_VERSION ) { + for ( ver=0; versec) + sizeof(SEC_DESC_BUF), ctx, MARSHALL); - if (sec_io_desc_buf("nt_printing_setsec", secdesc_ctr, &ps, 1)) + if (sec_io_desc_buf("nt_printing_getsec", secdesc_ctr, &ps, 1)) tdb_prs_store(tdb_printers, key, &ps); prs_mem_free(&ps); @@ -3890,7 +4227,7 @@ BOOL print_access_check(struct current_user *user, int snum, int access_type) uint32 access_granted; NTSTATUS status; BOOL result; - char *pname; + const char *pname; TALLOC_CTX *mem_ctx = NULL; extern struct current_user current_user; diff --git a/source3/printing/pcap.c b/source3/printing/pcap.c index 920c6f354e2..4bca63fffb1 100644 --- a/source3/printing/pcap.c +++ b/source3/printing/pcap.c @@ -111,7 +111,7 @@ static void ScanQconfig_fn(char *psz,void (*fn)(char *, char *)) iEtat = 0; /* scan qconfig file for searching : */ - for (;(line = fgets_slash(NULL,sizeof(pstring),pfile)); free(line)) + for (;(line = fgets_slash(NULL,sizeof(pstring),pfile)); safe_free(line)) { if (*line == '*' || *line == 0) continue; @@ -181,7 +181,7 @@ static BOOL ScanQconfig(char *psz,char *pszPrintername) if ((pfile = x_fopen(psz, O_RDONLY, 0)) == NULL) { DEBUG(0,( "Unable to open qconfig file %s for read!\n", psz)); - free(pName); + SAFE_FREE(pName); return(False); } slprintf(pName, iLg + 9, "%s:",pszPrintername); @@ -189,7 +189,7 @@ static BOOL ScanQconfig(char *psz,char *pszPrintername) /*DEBUG(3,( " Looking for entry %s\n",pName));*/ iEtat = 0; /* scan qconfig file for searching : */ - for (;(line = fgets_slash(NULL,sizeof(pstring),pfile)); free(line)) + for (;(line = fgets_slash(NULL,sizeof(pstring),pfile)); safe_free(line)) { if (*line == '*' || *line == 0) continue; @@ -209,7 +209,7 @@ static BOOL ScanQconfig(char *psz,char *pszPrintername) /* name is found without stanza device */ /* probably a good printer ??? */ free (line); - free(pName); + SAFE_FREE(pName); fclose(pfile); return(True); } @@ -223,7 +223,7 @@ static BOOL ScanQconfig(char *psz,char *pszPrintername) { /* it's a good virtual printer */ free (line); - free(pName); + SAFE_FREE(pName); fclose(pfile); return(True); } @@ -288,7 +288,7 @@ BOOL pcap_printername_ok(char *pszPrintername, char *pszPrintcapname) return(False); } - for (;(line = fgets_slash(NULL,sizeof(pstring),pfile)); free(line)) + for (;(line = fgets_slash(NULL,sizeof(pstring),pfile)); safe_free(line)) { if (*line == '#' || *line == 0) continue; @@ -307,7 +307,7 @@ BOOL pcap_printername_ok(char *pszPrintername, char *pszPrintcapname) { /* normalise the case */ pstrcpy(pszPrintername,p); - free(line); + SAFE_FREE(line); x_fclose(pfile); return(True); } @@ -369,7 +369,7 @@ void pcap_printer_fn(void (*fn)(char *, char *)) return; } - for (;(line = fgets_slash(NULL,sizeof(pstring),pfile)); free(line)) + for (;(line = fgets_slash(NULL,sizeof(pstring),pfile)); safe_free(line)) { if (*line == '#' || *line == 0) continue; diff --git a/source3/printing/print_cups.c b/source3/printing/print_cups.c index b5315e10b28..51ebb739a33 100644 --- a/source3/printing/print_cups.c +++ b/source3/printing/print_cups.c @@ -824,7 +824,7 @@ cups_queue_get(int snum, print_queue_struct **q, print_status_struct *status) ippDelete(response); httpClose(http); - free (queue); + SAFE_FREE(queue); return (0); } diff --git a/source3/printing/print_generic.c b/source3/printing/print_generic.c index e1517c5dcb8..4d77b827bf6 100644 --- a/source3/printing/print_generic.c +++ b/source3/printing/print_generic.c @@ -55,7 +55,7 @@ static int print_run_command(int snum,char *command, int *outfd, ...) { pstring syscmd; - char *p, *arg; + char *arg; int ret; va_list ap; va_start(ap, outfd); @@ -75,10 +75,8 @@ static int print_run_command(int snum,char *command, int *outfd, ...) } va_end(ap); - p = PRINTERNAME(snum); - - pstring_sub(syscmd, "%p", p); - standard_sub_snum(snum,syscmd); + pstring_sub(syscmd, "%p", PRINTERNAME(snum)); + standard_sub_snum(snum,syscmd,sizeof(syscmd)); ret = smbrun(syscmd,outfd); diff --git a/source3/printing/printing.c b/source3/printing/printing.c index d7ac1f49c77..7bfce43af61 100644 --- a/source3/printing/printing.c +++ b/source3/printing/printing.c @@ -1,7 +1,9 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 3.0 printing backend routines Copyright (C) Andrew Tridgell 1992-2000 + Copyright (C) Jeremy Allison 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -21,7 +23,7 @@ #include "printing.h" /* Current printer interface */ -struct printif *current_printif = &generic_printif; +static struct printif *current_printif = &generic_printif; /* the printing backend revolves around a tdb database that stores the @@ -37,12 +39,175 @@ struct printif *current_printif = &generic_printif; jobids are assigned when a job starts spooling. */ -/* the open printing.tdb database */ -static TDB_CONTEXT *tdb; static pid_t local_pid; +/* Mapping between printer names and queue id's in job id's. */ +struct printer_queueid_map { + struct printer_queueid_map *next, *prev; + char *printername; + uint32 queueid; +}; + +static struct printer_queueid_map *printer_queueid_map_head; +static uint32 last_queueid; + +#define QUEUEID_BITS 12 +#define QUEUEID_MASK ((1<<(QUEUEID_BITS))-1) +#define QUEUEID_TO_JOBID(queueid) (((queueid) & QUEUEID_MASK) << 20 ) + +/**************************************************************************** + Create an association between a printer name and a queueid. Used to encode + the printer queueid in jobid's. + This could be converted to use an internal tdb if searching the list is + too slow. JRA. +****************************************************************************/ + +BOOL create_printer_queueid(const char *printername) +{ + struct printer_queueid_map *p; + + for (p = printer_queueid_map_head; p; p = p->next) { + if (strequal(p->printername, printername)) + return True; + } + + p = (struct printer_queueid_map *)malloc(sizeof(*p)); + if (!p) { + DEBUG(0,("create_printer_queueid: malloc fail !\n")); + return False; + } + ZERO_STRUCTP(p); + p->printername = strdup(printername); + if (!p->printername) { + DEBUG(0,("create_printer_queueid: malloc fail !\n")); + SAFE_FREE(p); + return False; + } + p->queueid = (++last_queueid); + if (p->queueid > QUEUEID_MASK) { + DEBUG(0,("create_printer_queueid: malloc fail !\n")); + SAFE_FREE(p->printername); + SAFE_FREE(p); + return False; + } + DLIST_ADD(printer_queueid_map_head, p); + return True; +} + +void set_register_printer_fn(void) +{ + extern BOOL (*register_printer_fn)(const char *); + register_printer_fn = create_printer_queueid; +} + +/**************************************************************************** + Lookups. +****************************************************************************/ + +static uint32 get_printer_queueid_byname(const char *printername) +{ + struct printer_queueid_map *p; + + for (p = printer_queueid_map_head; p; p = p->next) { + if (strequal(p->printername, printername)) + return p->queueid; + } + return 0; +} + +/**************************************************************************** + Lookups. +****************************************************************************/ + +static const char *get_printer_name_byjobid(uint32 jobid) +{ + struct printer_queueid_map *p; + uint32 queueid = (((jobid)>>20) & QUEUEID_MASK); + + for (p = printer_queueid_map_head; p; p = p->next) { + if (p->queueid == queueid) + return p->printername; + } + return NULL; +} + static int get_queue_status(int, print_status_struct *); +#define MAX_PRINT_DBS_OPEN 1 + +struct tdb_print_db { + struct tdb_print_db *next, *prev; + TDB_CONTEXT *tdb; + fstring printer_name; +}; + +static struct tdb_print_db *print_db_head; + +/**************************************************************************** + Function to find or create the printer specific job tdb given a printername. + Limits the number of tdb's open to MAX_PRINT_DBS_OPEN. +****************************************************************************/ + +static struct tdb_print_db *get_print_db_byname(const char *printername) +{ + struct tdb_print_db *p, *last_entry; + int num_open = 0; + pstring printdb_path; + + for (p = print_db_head, last_entry = print_db_head; p; p = p->next) { + if (p->tdb && strequal(p->printer_name, printername)) { + DLIST_PROMOTE(print_db_head, p); + return p; + } + num_open++; + last_entry = p; + } + /* Not found. */ + if (num_open >= MAX_PRINT_DBS_OPEN) { + /* Recycle the last entry. */ + DLIST_PROMOTE(print_db_head, last_entry); + if (print_db_head->tdb) { + if (tdb_close(print_db_head->tdb)) { + DEBUG(0,("get_print_db: Failed to close tdb for printer %s\n", + print_db_head->printer_name )); + return NULL; + } + } + p = print_db_head; + ZERO_STRUCTP(p); + } else { + /* Create one. */ + p = (struct tdb_print_db *)malloc(sizeof(struct tdb_print_db)); + if (!p) { + DEBUG(0,("get_print_db: malloc fail !\n")); + return NULL; + } + ZERO_STRUCTP(p); + DLIST_ADD(print_db_head, p); + } + + pstrcpy(printdb_path, lock_path(printername)); + pstrcat(printdb_path, ".tdb"); + p->tdb = tdb_open_log(printdb_path, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); + if (!p->tdb) { + DEBUG(0,("get_print_db: Failed to open printer backend database %s.\n", + printdb_path )); + DLIST_REMOVE(print_db_head, p); + SAFE_FREE(p); + return NULL; + } + fstrcpy(p->printer_name, printername); + return p; +} + +static struct tdb_print_db *get_print_db_byjobid( uint32 jobid) +{ + const char *printername = get_printer_name_byjobid(jobid); + if (!printername) + return NULL; + return get_print_db_byname(printername); +} + /**************************************************************************** Initialise the printing backend. Called once at startup. Does not survive a fork @@ -50,24 +215,29 @@ static int get_queue_status(int, print_status_struct *); BOOL print_backend_init(void) { + struct printer_queueid_map *p; char *sversion = "INFO/version"; - if (tdb && local_pid == sys_getpid()) return True; - tdb = tdb_open_log(lock_path("printing.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); - if (!tdb) { - DEBUG(0,("print_backend_init: Failed to open printing backend database %s\n", - lock_path("printing.tdb") )); - return False; - } + if (local_pid == sys_getpid()) + return True; + + unlink(lock_path("printing.tdb")); local_pid = sys_getpid(); /* handle a Samba upgrade */ - tdb_lock_bystring(tdb, sversion); - if (tdb_fetch_int32(tdb, sversion) != PRINT_DATABASE_VERSION) { - tdb_traverse(tdb, tdb_traverse_delete_fn, NULL); - tdb_store_int32(tdb, sversion, PRINT_DATABASE_VERSION); + + for (p = printer_queueid_map_head; p; p = p->next) { + struct tdb_print_db *pdb = get_print_db_byname(p->printername); + + if (!pdb) + continue; + tdb_lock_bystring(pdb->tdb, sversion); + if (tdb_fetch_int32(pdb->tdb, sversion) != PRINT_DATABASE_VERSION) { + tdb_traverse(pdb->tdb, tdb_traverse_delete_fn, NULL); + tdb_store_int32(pdb->tdb, sversion, PRINT_DATABASE_VERSION); + } + tdb_unlock_bystring(pdb->tdb, sversion); } - tdb_unlock_bystring(tdb, sversion); /* select the appropriate printing interface... */ #ifdef HAVE_CUPS @@ -80,11 +250,30 @@ BOOL print_backend_init(void) } /**************************************************************************** -useful function to generate a tdb key + Shut down printing backend. Called once at shutdown to close the tdb. +****************************************************************************/ + +void printing_end(void) +{ + struct tdb_print_db *p; + + for (p = print_db_head; p; ) { + struct tdb_print_db *next_p = p->next; + if (p->tdb) + tdb_close(p->tdb); + DLIST_REMOVE(print_db_head, p); + SAFE_FREE(p); + p = next_p; + } +} + +/**************************************************************************** + Useful function to generate a tdb key. ****************************************************************************/ -static TDB_DATA print_key(int jobid) + +static TDB_DATA print_key(uint32 jobid) { - static int j; + static uint32 j; TDB_DATA ret; j = jobid; @@ -94,58 +283,248 @@ static TDB_DATA print_key(int jobid) } /**************************************************************************** -useful function to find a print job in the database + Useful function to find a print job in the database. ****************************************************************************/ -static struct printjob *print_job_find(int jobid) + +static struct printjob *print_job_find(uint32 jobid) { static struct printjob pjob; TDB_DATA ret; + struct tdb_print_db *pdb = get_print_db_byjobid(jobid); + + if (!pdb) + return NULL; - ret = tdb_fetch(tdb, print_key(jobid)); - if (!ret.dptr || ret.dsize != sizeof(pjob)) return NULL; + ret = tdb_fetch(pdb->tdb, print_key(jobid)); + if (!ret.dptr || ret.dsize != sizeof(pjob)) + return NULL; memcpy(&pjob, ret.dptr, sizeof(pjob)); - free(ret.dptr); + SAFE_FREE(ret.dptr); return &pjob; } +/* Convert a unix jobid to a smb jobid */ + +static uint32 sysjob_to_jobid_value; + +static int unixjob_traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA key, + TDB_DATA data, void *state) +{ + struct printjob *pjob = (struct printjob *)data.dptr; + int *sysjob = (int *)state; + + if (key.dsize != sizeof(uint32)) + return 0; + + if (*sysjob == pjob->sysjob) { + uint32 *jobid = (uint32 *)key.dptr; + + sysjob_to_jobid_value = *jobid; + return 1; + } + + return 0; +} + /**************************************************************************** -store a job structure back to the database + This is a *horribly expensive call as we have to iterate through all the + current printer tdb's. Don't do this often ! JRA. ****************************************************************************/ -static BOOL print_job_store(int jobid, struct printjob *pjob) + +uint32 sysjob_to_jobid(int unix_jobid) +{ + struct printer_queueid_map *p; + sysjob_to_jobid_value = (uint32)-1; + + for (p = printer_queueid_map_head; p; p = p->next) { + struct tdb_print_db *pdb = get_print_db_byname(p->printername); + if (pdb) + tdb_traverse(pdb->tdb, unixjob_traverse_fn, &unix_jobid); + if (sysjob_to_jobid_value != (uint32)-1) + return sysjob_to_jobid_value; + } + return (uint32)-1; +} + +/**************************************************************************** + Send notifications based on what has changed after a pjob_store. +****************************************************************************/ + +static struct { + uint32 lpq_status; + uint32 spoolss_status; +} lpq_to_spoolss_status_map[] = { + { LPQ_QUEUED, JOB_STATUS_QUEUED }, + { LPQ_PAUSED, JOB_STATUS_PAUSED }, + { LPQ_SPOOLING, JOB_STATUS_SPOOLING }, + { LPQ_PRINTING, JOB_STATUS_PRINTING }, + { LPQ_DELETING, JOB_STATUS_DELETING }, + { LPQ_OFFLINE, JOB_STATUS_OFFLINE }, + { LPQ_PAPEROUT, JOB_STATUS_PAPEROUT }, + { LPQ_PRINTED, JOB_STATUS_PRINTED }, + { LPQ_DELETED, JOB_STATUS_DELETED }, + { LPQ_BLOCKED, JOB_STATUS_BLOCKED }, + { LPQ_USER_INTERVENTION, JOB_STATUS_USER_INTERVENTION }, + { -1, 0 } +}; + +/* Convert a lpq status value stored in printing.tdb into the + appropriate win32 API constant. */ + +static uint32 map_to_spoolss_status(uint32 lpq_status) { - TDB_DATA d; + int i = 0; + + while (lpq_to_spoolss_status_map[i].lpq_status != -1) { + if (lpq_to_spoolss_status_map[i].lpq_status == lpq_status) + return lpq_to_spoolss_status_map[i].spoolss_status; + i++; + } + + return 0; +} + +static void pjob_store_notify(uint32 jobid, struct printjob *old_data, + struct printjob *new_data) +{ + BOOL new_job = False; + int snum = print_job_snum(jobid); + + if (snum == -1) + return; + + if (!old_data) + new_job = True; + + /* Notify the job name first */ + + if (new_job || !strequal(old_data->jobname, new_data->jobname)) + notify_job_name(snum, jobid, new_data->jobname); + + /* Job attributes that can't be changed. We only send + notification for these on a new job. */ + + if (new_job) { + notify_job_submitted(snum, jobid, new_data->starttime); + notify_job_username(snum, jobid, new_data->user); + } + + /* Job attributes of a new job or attributes that can be + modified. */ + + if (new_job || old_data->status != new_data->status) + notify_job_status(snum, jobid, map_to_spoolss_status(new_data->status)); + + if (new_job || old_data->size != new_data->size) + notify_job_total_bytes(snum, jobid, new_data->size); + + if (new_job || old_data->page_count != new_data->page_count) + notify_job_total_pages(snum, jobid, new_data->page_count); +} + +/**************************************************************************** + Store a job structure back to the database. +****************************************************************************/ + +static BOOL pjob_store(uint32 jobid, struct printjob *pjob) +{ + TDB_DATA old_data, new_data; BOOL ret; + struct tdb_print_db *pdb = get_print_db_byjobid(jobid); + + if (!pdb) + return False; + + /* Get old data */ + + old_data = tdb_fetch(pdb->tdb, print_key(jobid)); + + /* Store new data */ + + new_data.dptr = (void *)pjob; + new_data.dsize = sizeof(*pjob); + ret = (tdb_store(pdb->tdb, print_key(jobid), new_data, TDB_REPLACE) == 0); + + /* Send notify updates for what has changed */ + + if (ret && (old_data.dsize == 0 || old_data.dsize == sizeof(*pjob))) { + pjob_store_notify( + jobid, (struct printjob *)old_data.dptr, + (struct printjob *)new_data.dptr); + free(old_data.dptr); + } - d.dptr = (void *)pjob; - d.dsize = sizeof(*pjob); - ret = (tdb_store(tdb, print_key(jobid), d, TDB_REPLACE) == 0); return ret; } /**************************************************************************** -parse a file name from the system spooler to generate a jobid + Remove a job structure from the database. +****************************************************************************/ + +static void pjob_delete(uint32 jobid) +{ + int snum; + struct printjob *pjob = print_job_find(jobid); + uint32 job_status = 0; + struct tdb_print_db *pdb = get_print_db_byjobid(jobid); + + if (!pdb) + return; + + if (!pjob) { + DEBUG(5, ("pjob_delete(): we were asked to delete nonexistent job %u\n", + (unsigned int)jobid)); + return; + } + + /* Send a notification that a job has been deleted */ + + job_status = map_to_spoolss_status(pjob->status); + + /* We must cycle through JOB_STATUS_DELETING and + JOB_STATUS_DELETED for the port monitor to delete the job + properly. */ + + snum = print_job_snum(jobid); + job_status |= JOB_STATUS_DELETING; + notify_job_status(snum, jobid, job_status); + + job_status |= JOB_STATUS_DELETED; + notify_job_status(snum, jobid, job_status); + + /* Remove from printing.tdb */ + + tdb_delete(pdb->tdb, print_key(jobid)); +} + +/**************************************************************************** + Parse a file name from the system spooler to generate a jobid. ****************************************************************************/ -static int print_parse_jobid(char *fname) + +static uint32 print_parse_jobid(char *fname) { int jobid; - if (strncmp(fname,PRINT_SPOOL_PREFIX,strlen(PRINT_SPOOL_PREFIX)) != 0) return -1; + if (strncmp(fname,PRINT_SPOOL_PREFIX,strlen(PRINT_SPOOL_PREFIX)) != 0) + return (uint32)-1; fname += strlen(PRINT_SPOOL_PREFIX); jobid = atoi(fname); - if (jobid <= 0) return -1; + if (jobid <= 0) + return (uint32)-1; - return jobid; + return (uint32)jobid; } - /**************************************************************************** -list a unix job in the print database + List a unix job in the print database. ****************************************************************************/ + static void print_unix_job(int snum, print_queue_struct *q) { - int jobid = q->job + UNIX_JOB_START; + uint32 queueid = get_printer_queueid_byname(PRINTERNAME(snum)); + uint32 jobid = (q->job + UNIX_JOB_START) | QUEUEID_TO_JOBID(queueid); struct printjob pj, *old_pj; /* Preserve the timestamp on an existing unix print job */ @@ -165,9 +544,9 @@ static void print_unix_job(int snum, print_queue_struct *q) fstrcpy(pj.filename, ""); fstrcpy(pj.jobname, q->fs_file); fstrcpy(pj.user, q->fs_user); - fstrcpy(pj.queuename, lp_servicename(snum)); + fstrcpy(pj.queuename, lp_const_servicename(snum)); - print_job_store(jobid, &pj); + pjob_store(jobid, &pj); } @@ -176,31 +555,40 @@ struct traverse_struct { int qcount, snum, maxcount, total_jobs; }; -/* utility fn to delete any jobs that are no longer active */ +/**************************************************************************** + Utility fn to delete any jobs that are no longer active. +****************************************************************************/ + static int traverse_fn_delete(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *state) { + uint32 queueid; struct traverse_struct *ts = (struct traverse_struct *)state; struct printjob pjob; - int i, jobid; + uint32 jobid; + int i; - if (data.dsize != sizeof(pjob) || key.dsize != sizeof(int)) return 0; + if (data.dsize != sizeof(pjob) || key.dsize != sizeof(jobid)) + return 0; memcpy(&jobid, key.dptr, sizeof(jobid)); memcpy(&pjob, data.dptr, sizeof(pjob)); if (ts->snum != lp_servicenumber(pjob.queuename)) { - /* this isn't for the queue we are looking at */ - ts->total_jobs++; + /* this isn't for the queue we are looking at - this cannot happen with the split tdb's. JRA */ return 0; } + queueid = get_printer_queueid_byname(pjob.queuename); + if (!pjob.smbjob) { /* remove a unix job if it isn't in the system queue any more */ for (i=0;iqcount;i++) { - if (jobid == ts->queue[i].job + UNIX_JOB_START) break; + uint32 u_jobid = ((ts->queue[i].job + UNIX_JOB_START) | QUEUEID_TO_JOBID(queueid)); + if (jobid == u_jobid) + break; } if (i == ts->qcount) - tdb_delete(tdb, key); + pjob_delete(jobid); else ts->total_jobs++; return 0; @@ -212,15 +600,16 @@ static int traverse_fn_delete(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void exist then kill it. This cleans up after smbd deaths */ if (!process_exists(pjob.pid)) - tdb_delete(tdb, key); + pjob_delete(jobid); else ts->total_jobs++; return 0; } for (i=0;iqcount;i++) { - int qid = print_parse_jobid(ts->queue[i].fs_file); - if (jobid == qid) break; + uint32 curr_jobid = print_parse_jobid(ts->queue[i].fs_file) | QUEUEID_TO_JOBID(queueid); + if (jobid == curr_jobid) + break; } /* The job isn't in the system queue - we have to assume it has @@ -238,7 +627,7 @@ static int traverse_fn_delete(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void submitted less than lp_lpqcachetime() seconds ago. */ if ((cur_t - pjob.starttime) > lp_lpqcachetime()) - tdb_delete(t, key); + pjob_delete(jobid); else ts->total_jobs++; } @@ -249,13 +638,19 @@ static int traverse_fn_delete(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void } /**************************************************************************** -check if the print queue has been updated recently enough + Check if the print queue has been updated recently enough. ****************************************************************************/ + static void print_cache_flush(int snum) { fstring key; - slprintf(key, sizeof(key)-1, "CACHE/%s", lp_servicename(snum)); - tdb_store_int32(tdb, key, -1); + const char *printername = lp_const_servicename(snum); + struct tdb_print_db *pdb = get_print_db_byname(printername); + + if (!pdb) + return; + slprintf(key, sizeof(key)-1, "CACHE/%s", printername); + tdb_store_int32(pdb->tdb, key, -1); } /**************************************************************************** @@ -267,17 +662,20 @@ static pid_t get_updating_pid(fstring printer_name) fstring keystr; TDB_DATA data, key; pid_t updating_pid; + struct tdb_print_db *pdb = get_print_db_byname(printer_name); + if (!pdb) + return (pid_t)-1; slprintf(keystr, sizeof(keystr)-1, "UPDATING/%s", printer_name); key.dptr = keystr; key.dsize = strlen(keystr); - data = tdb_fetch(tdb, key); + data = tdb_fetch(pdb->tdb, key); if (!data.dptr || data.dsize != sizeof(pid_t)) return (pid_t)-1; memcpy(&updating_pid, data.dptr, sizeof(pid_t)); - free(data.dptr); + SAFE_FREE(data.dptr); if (process_exists(updating_pid)) return updating_pid; @@ -287,7 +685,7 @@ static pid_t get_updating_pid(fstring printer_name) /**************************************************************************** Set the fact that we're doing the update, or have finished doing the update - in th tdb. + in the tdb. ****************************************************************************/ static void set_updating_pid(fstring printer_name, BOOL delete) @@ -296,41 +694,31 @@ static void set_updating_pid(fstring printer_name, BOOL delete) TDB_DATA key; TDB_DATA data; pid_t updating_pid = sys_getpid(); + struct tdb_print_db *pdb = get_print_db_byname(printer_name); + + if (!pdb) + return; slprintf(keystr, sizeof(keystr)-1, "UPDATING/%s", printer_name); key.dptr = keystr; key.dsize = strlen(keystr); if (delete) { - tdb_delete(tdb, key); + tdb_delete(pdb->tdb, key); return; } data.dptr = (void *)&updating_pid; data.dsize = sizeof(pid_t); - tdb_store(tdb, key, data, TDB_REPLACE); -} - -/**************************************************************************** - Send a message saying the queue changed. -****************************************************************************/ - -static void send_queue_message(const char *printer_name, uint32 high, uint32 low) -{ - char msg[8 + sizeof(fstring)]; - SIVAL(msg,0,low); - SIVAL(msg,4,high); - fstrcpy(&msg[8], printer_name); - - message_send_all(conn_tdb_ctx(), MSG_PRINTER_NOTIFY, msg, 8 + strlen(printer_name) + 1, False, NULL); + tdb_store(pdb->tdb, key, data, TDB_REPLACE); } /**************************************************************************** -update the internal database from the system print queue for a queue in the background + Update the internal database from the system print queue for a queue. ****************************************************************************/ -static void print_queue_update_background(int snum) +static void print_queue_update(int snum) { int i, qcount; print_queue_struct *queue = NULL; @@ -340,9 +728,13 @@ static void print_queue_update_background(int snum) struct traverse_struct tstruct; fstring keystr, printer_name, cachestr; TDB_DATA data, key; + struct tdb_print_db *pdb; + + fstrcpy(printer_name, lp_const_servicename(snum)); + pdb = get_print_db_byname(printer_name); + if (!pdb) + return; - fstrcpy(printer_name, lp_servicename(snum)); - /* * Check to see if someone else is doing this update. * This is essentially a mutex on the update. @@ -354,7 +746,7 @@ static void print_queue_update_background(int snum) /* Lock the queue for the database update */ slprintf(keystr, sizeof(keystr) - 1, "LOCK/%s", printer_name); - tdb_lock_bystring(tdb, keystr); + tdb_lock_bystring(pdb->tdb, keystr); /* * Ensure that no one else got in here. @@ -366,7 +758,7 @@ static void print_queue_update_background(int snum) /* * Someone else is doing the update, exit. */ - tdb_unlock_bystring(tdb, keystr); + tdb_unlock_bystring(pdb->tdb, keystr); return; } @@ -382,7 +774,7 @@ static void print_queue_update_background(int snum) * the update. */ - tdb_unlock_bystring(tdb, keystr); + tdb_unlock_bystring(pdb->tdb, keystr); /* * Update the cache time FIRST ! Stops others even @@ -391,7 +783,7 @@ static void print_queue_update_background(int snum) */ slprintf(cachestr, sizeof(cachestr)-1, "CACHE/%s", printer_name); - tdb_store_int32(tdb, cachestr, (int)time(NULL)); + tdb_store_int32(pdb->tdb, cachestr, (int)time(NULL)); /* get the current queue using the appropriate interface */ ZERO_STRUCT(status); @@ -412,9 +804,9 @@ static void print_queue_update_background(int snum) fill in any system job numbers as we go */ for (i=0; isysjob = queue[i].job; pjob->status = queue[i].status; - print_job_store(jobid, pjob); + pjob_store(jobid, pjob); } /* now delete any queued entries that don't appear in the @@ -443,23 +835,15 @@ static void print_queue_update_background(int snum) tstruct.snum = snum; tstruct.total_jobs = 0; - tdb_traverse(tdb, traverse_fn_delete, (void *)&tstruct); - - safe_free(tstruct.queue); + tdb_traverse(pdb->tdb, traverse_fn_delete, (void *)&tstruct); - tdb_store_int32(tdb, "INFO/total_jobs", tstruct.total_jobs); + SAFE_FREE(tstruct.queue); - /* - * Get the old print status. We will use this to compare the - * number of jobs. If they have changed we need to send a - * "changed" message to the smbds. - */ + tdb_store_int32(pdb->tdb, "INFO/total_jobs", tstruct.total_jobs); - if( qcount != get_queue_status(snum, &old_status)) { + if( qcount != get_queue_status(snum, &old_status)) DEBUG(10,("print_queue_update: queue status change %d jobs -> %d jobs for printer %s\n", - old_status.qcount, qcount, printer_name )); - send_queue_message(printer_name, 0, PRINTER_CHANGE_JOB); - } + old_status.qcount, qcount, printer_name )); /* store the new queue status structure */ slprintf(keystr, sizeof(keystr)-1, "STATUS/%s", printer_name); @@ -469,7 +853,7 @@ static void print_queue_update_background(int snum) status.qcount = qcount; data.dptr = (void *)&status; data.dsize = sizeof(status); - tdb_store(tdb, key, data, TDB_REPLACE); + tdb_store(pdb->tdb, key, data, TDB_REPLACE); /* * Update the cache time again. We want to do this call @@ -477,149 +861,103 @@ static void print_queue_update_background(int snum) */ slprintf(keystr, sizeof(keystr)-1, "CACHE/%s", printer_name); - tdb_store_int32(tdb, keystr, (int)time(NULL)); + tdb_store_int32(pdb->tdb, keystr, (int32)time(NULL)); /* Delete our pid from the db. */ set_updating_pid(printer_name, True); } /**************************************************************************** -this is the receive function of the background lpq updater + Check if a jobid is valid. It is valid if it exists in the database. ****************************************************************************/ -static void print_queue_receive(int msg_type, pid_t src, void *buf, size_t len) -{ - int snum; - snum=*((int *)buf); - print_queue_update_background(snum); -} - -static pid_t background_lpq_updater_pid; -/**************************************************************************** -main thread of the background lpq updater -****************************************************************************/ -void start_background_queue(void) +BOOL print_job_exists(uint32 jobid) { - DEBUG(3,("start_background_queue: Starting background LPQ thread\n")); - background_lpq_updater_pid = sys_fork(); - - if (background_lpq_updater_pid == -1) { - DEBUG(5,("start_background_queue: background LPQ thread failed to start. %s\n", strerror(errno) )); - exit(1); - } - - if(background_lpq_updater_pid == 0) { - /* Child. */ - DEBUG(5,("start_background_queue: background LPQ thread started\n")); - - claim_connection(NULL,"smbd lpq backend",0,False); - - if (!locking_init(0)) - exit(1); - - if (!print_backend_init()) - exit(1); - - message_register(MSG_PRINTER_UPDATE, print_queue_receive); - - DEBUG(5,("start_background_queue: background LPQ thread waiting for messages\n")); - while (1) { - pause(); - DEBUG(10,("start_background_queue: background LPQ thread got a message\n")); - message_dispatch(); - } - } -} - -/**************************************************************************** -update the internal database from the system print queue for a queue -****************************************************************************/ -static void print_queue_update(int snum) -{ - if (background_lpq_updater_pid > 0) { - message_send_pid(background_lpq_updater_pid, MSG_PRINTER_UPDATE, - &snum, sizeof(snum), False); - } + struct tdb_print_db *pdb = get_print_db_byjobid(jobid); + if (!pdb) + return False; + return tdb_exists(pdb->tdb, print_key(jobid)); } /**************************************************************************** -check if a jobid is valid. It is valid if it exists in the database + Work out which service a jobid is for. + Note that we have to look up by queue name to ensure that it works for + other than the process that started the job. ****************************************************************************/ -BOOL print_job_exists(int jobid) -{ - return tdb_exists(tdb, print_key(jobid)); -} - -/**************************************************************************** -work out which service a jobid is for -note that we have to look up by queue name to ensure that it works for -other than the process that started the job -****************************************************************************/ -int print_job_snum(int jobid) +int print_job_snum(uint32 jobid) { struct printjob *pjob = print_job_find(jobid); - if (!pjob) return -1; + if (!pjob) + return -1; return find_service(pjob->queuename); } /**************************************************************************** -give the fd used for a jobid + Give the fd used for a jobid. ****************************************************************************/ -int print_job_fd(int jobid) + +int print_job_fd(uint32 jobid) { struct printjob *pjob = print_job_find(jobid); - if (!pjob) return -1; + if (!pjob) + return -1; /* don't allow another process to get this info - it is meaningless */ - if (pjob->pid != local_pid) return -1; + if (pjob->pid != local_pid) + return -1; return pjob->fd; } /**************************************************************************** -give the filename used for a jobid -only valid for the process doing the spooling and when the job -has not been spooled + Give the filename used for a jobid. + Only valid for the process doing the spooling and when the job + has not been spooled. ****************************************************************************/ -char *print_job_fname(int jobid) + +char *print_job_fname(uint32 jobid) { struct printjob *pjob = print_job_find(jobid); - if (!pjob || pjob->spooled || pjob->pid != local_pid) return NULL; + if (!pjob || pjob->spooled || pjob->pid != local_pid) + return NULL; return pjob->filename; } - /**************************************************************************** -set the place in the queue for a job + Set the place in the queue for a job. ****************************************************************************/ -BOOL print_job_set_place(int jobid, int place) + +BOOL print_job_set_place(uint32 jobid, int place) { DEBUG(2,("print_job_set_place not implemented yet\n")); return False; } /**************************************************************************** -set the name of a job. Only possible for owner + Set the name of a job. Only possible for owner. ****************************************************************************/ -BOOL print_job_set_name(int jobid, char *name) + +BOOL print_job_set_name(uint32 jobid, char *name) { struct printjob *pjob = print_job_find(jobid); - if (!pjob || pjob->pid != local_pid) return False; + if (!pjob || pjob->pid != local_pid) + return False; fstrcpy(pjob->jobname, name); - return print_job_store(jobid, pjob); + return pjob_store(jobid, pjob); } - /**************************************************************************** -delete a print job - don't update queue + Delete a print job - don't update queue. ****************************************************************************/ -static BOOL print_job_delete1(int jobid) + +static BOOL print_job_delete1(uint32 jobid) { struct printjob *pjob = print_job_find(jobid); int snum, result = 0; - if (!pjob) return False; + if (!pjob) + return False; /* * If already deleting just return. @@ -630,7 +968,7 @@ static BOOL print_job_delete1(int jobid) snum = print_job_snum(jobid); if (snum == -1) { - DEBUG(5,("print_job_delete1: unknown service number for jobid %d\n", jobid)); + DEBUG(5,("print_job_delete1: unknown service number for jobid %u\n", (unsigned int)jobid)); return False; } @@ -638,14 +976,13 @@ static BOOL print_job_delete1(int jobid) has reached the spooler. */ if (pjob->sysjob == -1) { - DEBUG(5, ("attempt to delete job %d not seen by lpr\n", - jobid)); + DEBUG(5, ("attempt to delete job %u not seen by lpr\n", (unsigned int)jobid)); } /* Set the tdb entry to be deleting. */ pjob->status = LPQ_DELETING; - print_job_store(jobid, pjob); + pjob_store(jobid, pjob); if (pjob->spooled && pjob->sysjob != -1) result = (*(current_printif->job_delete))(snum, pjob); @@ -653,22 +990,23 @@ static BOOL print_job_delete1(int jobid) /* Delete the tdb entry if the delete suceeded or the job hasn't been spooled. */ - if (result == 0) { - tdb_delete(tdb, print_key(jobid)); - } + if (result == 0) + pjob_delete(jobid); return (result == 0); } /**************************************************************************** -return true if the current user owns the print job + Return true if the current user owns the print job. ****************************************************************************/ -static BOOL is_owner(struct current_user *user, int jobid) + +static BOOL is_owner(struct current_user *user, uint32 jobid) { struct printjob *pjob = print_job_find(jobid); user_struct *vuser; - if (!pjob || !user) return False; + if (!pjob || !user) + return False; if ((vuser = get_valid_user_struct(user->vuid)) != NULL) { return strequal(pjob->user, vuser->user.smb_name); @@ -678,12 +1016,12 @@ static BOOL is_owner(struct current_user *user, int jobid) } /**************************************************************************** -delete a print job + Delete a print job. ****************************************************************************/ -BOOL print_job_delete(struct current_user *user, int jobid, WERROR *errcode) + +BOOL print_job_delete(struct current_user *user, uint32 jobid, WERROR *errcode) { int snum = print_job_snum(jobid); - char *printer_name; BOOL owner; if (snum == -1) { @@ -703,43 +1041,35 @@ BOOL print_job_delete(struct current_user *user, int jobid, WERROR *errcode) return False; } - if (!print_job_delete1(jobid)) return False; + if (!print_job_delete1(jobid)) + return False; /* force update the database and say the delete failed if the job still exists */ print_queue_update(snum); - /* Send a printer notify message */ - - printer_name = PRINTERNAME(snum); - - send_queue_message(printer_name, 0, PRINTER_CHANGE_JOB); - return !print_job_exists(jobid); } - /**************************************************************************** -pause a job + Pause a job. ****************************************************************************/ -BOOL print_job_pause(struct current_user *user, int jobid, WERROR *errcode) + +BOOL print_job_pause(struct current_user *user, uint32 jobid, WERROR *errcode) { struct printjob *pjob = print_job_find(jobid); int snum, ret = -1; - char *printer_name; - if (!pjob || !user) return False; + if (!pjob || !user) + return False; - if (!pjob->spooled || pjob->sysjob == -1) return False; + if (!pjob->spooled || pjob->sysjob == -1) + return False; snum = print_job_snum(jobid); if (snum == -1) { - DEBUG(5,("print_job_pause: unknown service number for jobid %d\n", jobid)); - return False; - } - if (snum == -1) { - DEBUG(5,("print_job_resume: unknown service number for jobid %d\n", jobid)); + DEBUG(5,("print_job_pause: unknown service number for jobid %u\n", (unsigned int)jobid)); return False; } @@ -763,9 +1093,7 @@ BOOL print_job_pause(struct current_user *user, int jobid, WERROR *errcode) /* Send a printer notify message */ - printer_name = PRINTERNAME(snum); - - send_queue_message(printer_name, 0, PRINTER_CHANGE_JOB); + notify_job_status(snum, jobid, JOB_STATUS_PAUSED); /* how do we tell if this succeeded? */ @@ -773,19 +1101,25 @@ BOOL print_job_pause(struct current_user *user, int jobid, WERROR *errcode) } /**************************************************************************** -resume a job + Resume a job. ****************************************************************************/ -BOOL print_job_resume(struct current_user *user, int jobid, WERROR *errcode) + +BOOL print_job_resume(struct current_user *user, uint32 jobid, WERROR *errcode) { struct printjob *pjob = print_job_find(jobid); - char *printer_name; int snum, ret; - if (!pjob || !user) return False; + if (!pjob || !user) + return False; - if (!pjob->spooled || pjob->sysjob == -1) return False; + if (!pjob->spooled || pjob->sysjob == -1) + return False; snum = print_job_snum(jobid); + if (snum == -1) { + DEBUG(5,("print_job_resume: unknown service number for jobid %u\n", (unsigned int)jobid)); + return False; + } if (!is_owner(user, jobid) && !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) { @@ -806,17 +1140,16 @@ BOOL print_job_resume(struct current_user *user, int jobid, WERROR *errcode) /* Send a printer notify message */ - printer_name = PRINTERNAME(snum); - - send_queue_message(printer_name, 0, PRINTER_CHANGE_JOB); + notify_job_status(snum, jobid, JOB_STATUS_QUEUED); return True; } /**************************************************************************** -write to a print file + Write to a print file. ****************************************************************************/ -int print_job_write(int jobid, const char *buf, int size) + +int print_job_write(uint32 jobid, const char *buf, int size) { int return_code; struct printjob *pjob = print_job_find(jobid); @@ -830,7 +1163,7 @@ int print_job_write(int jobid, const char *buf, int size) return_code = write(pjob->fd, buf, size); if (return_code>0) { pjob->size += size; - print_job_store(jobid, pjob); + pjob_store(jobid, pjob); } return return_code; } @@ -843,9 +1176,14 @@ static BOOL print_cache_expired(int snum) { fstring key; time_t last_qscan_time, time_now = time(NULL); + const char *printername = lp_const_servicename(snum); + struct tdb_print_db *pdb = get_print_db_byname(printername); + + if (!pdb) + return False; - slprintf(key, sizeof(key), "CACHE/%s", lp_servicename(snum)); - last_qscan_time = (time_t)tdb_fetch_int32(tdb, key); + slprintf(key, sizeof(key), "CACHE/%s", printername); + last_qscan_time = (time_t)tdb_fetch_int32(pdb->tdb, key); /* * Invalidate the queue for 3 reasons. @@ -860,7 +1198,7 @@ static BOOL print_cache_expired(int snum) if (last_qscan_time == ((time_t)-1) || (time_now - last_qscan_time) >= lp_lpqcachetime() || last_qscan_time > (time_now + MAX_CACHE_VALID_TIME)) { DEBUG(3, ("print cache expired for queue %s \ -(last_qscan_time = %d, time now = %d, qcachetime = %d)\n", lp_servicename(snum), +(last_qscan_time = %d, time now = %d, qcachetime = %d)\n", printername, (int)last_qscan_time, (int)time_now, (int)lp_lpqcachetime() )); return True; } @@ -870,21 +1208,26 @@ static BOOL print_cache_expired(int snum) /**************************************************************************** Get the queue status - do not update if db is out of date. ****************************************************************************/ + static int get_queue_status(int snum, print_status_struct *status) { fstring keystr; TDB_DATA data, key; + const char *printername = lp_const_servicename(snum); + struct tdb_print_db *pdb = get_print_db_byname(printername); + if (!pdb) + return 0; ZERO_STRUCTP(status); - slprintf(keystr, sizeof(keystr)-1, "STATUS/%s", lp_servicename(snum)); + slprintf(keystr, sizeof(keystr)-1, "STATUS/%s", printername); key.dptr = keystr; key.dsize = strlen(keystr); - data = tdb_fetch(tdb, key); + data = tdb_fetch(pdb->tdb, key); if (data.dptr) { if (data.dsize == sizeof(print_status_struct)) { memcpy(status, data.dptr, sizeof(print_status_struct)); } - free(data.dptr); + SAFE_FREE(data.dptr); } return status->qcount; } @@ -911,44 +1254,61 @@ int print_queue_length(int snum, print_status_struct *pstatus) } /**************************************************************************** - Determine the number of jobs in all queues. + Determine the number of jobs in all queues. This is very expensive. Don't + call ! JRA. ****************************************************************************/ -static int get_total_jobs(int snum) + +static int get_total_jobs(void) { int total_jobs; + struct printer_queueid_map *p; - /* make sure the database is up to date */ - if (print_cache_expired(snum)) print_queue_update(snum); + for (p = printer_queueid_map_head; p; p = p->next) { + int jobs; + struct tdb_print_db *pdb = get_print_db_byname(p->printername); + if (!pdb) + continue; - total_jobs = tdb_fetch_int32(tdb, "INFO/total_jobs"); - if (total_jobs >0) - return total_jobs; - else - return 0; + /* make sure the database is up to date */ + if (print_cache_expired(lp_servicenumber(p->printername))) + print_queue_update(lp_servicenumber(p->printername)); + + jobs = tdb_fetch_int32(pdb->tdb, "INFO/total_jobs"); + if (jobs > 0) + total_jobs += jobs; + } + return total_jobs; } /*************************************************************************** -start spooling a job - return the jobid + Start spooling a job - return the jobid. ***************************************************************************/ -int print_job_start(struct current_user *user, int snum, char *jobname) + +uint32 print_job_start(struct current_user *user, int snum, char *jobname) { - int jobid; + uint32 jobid; char *path; struct printjob pjob; int next_jobid; user_struct *vuser; int njobs = 0; + const char *printername = lp_const_servicename(snum); + struct tdb_print_db *pdb = get_print_db_byname(printername); + uint32 queueid = queueid = get_printer_queueid_byname(printername); errno = 0; + if (!pdb) + return (uint32)-1; + if (!print_access_check(user, snum, PRINTER_ACCESS_USE)) { DEBUG(3, ("print_job_start: job start denied by security descriptor\n")); - return -1; + return (uint32)-1; } if (!print_time_access_check(snum)) { DEBUG(3, ("print_job_start: job start denied by time check\n")); - return -1; + return (uint32)-1; } path = lp_pathname(snum); @@ -960,15 +1320,15 @@ int print_job_start(struct current_user *user, int snum, char *jobname) dspace < 2*(SMB_BIG_UINT)lp_minprintspace(snum)) { DEBUG(3, ("print_job_start: disk space check failed.\n")); errno = ENOSPC; - return -1; + return (uint32)-1; } } /* for autoloaded printers, check that the printcap entry still exists */ - if (lp_autoloaded(snum) && !pcap_printername_ok(lp_servicename(snum), NULL)) { - DEBUG(3, ("print_job_start: printer name %s check failed.\n", lp_servicename(snum) )); + if (lp_autoloaded(snum) && !pcap_printername_ok(lp_const_servicename(snum), NULL)) { + DEBUG(3, ("print_job_start: printer name %s check failed.\n", lp_const_servicename(snum) )); errno = ENOENT; - return -1; + return (uint32)-1; } /* Insure the maximum queue size is not violated */ @@ -976,15 +1336,15 @@ int print_job_start(struct current_user *user, int snum, char *jobname) DEBUG(3, ("print_job_start: number of jobs (%d) larger than max printjobs per queue (%d).\n", njobs, lp_maxprintjobs(snum) )); errno = ENOSPC; - return -1; + return (uint32)-1; } /* Insure the maximum print jobs in the system is not violated */ - if (lp_totalprintjobs() && get_total_jobs(snum) > lp_totalprintjobs()) { + if (lp_totalprintjobs() && get_total_jobs() > lp_totalprintjobs()) { DEBUG(3, ("print_job_start: number of jobs (%d) larger than max printjobs per system (%d).\n", njobs, lp_totalprintjobs() )); errno = ENOSPC; - return -1; + return (uint32)-1; } /* create the database entry */ @@ -1006,31 +1366,38 @@ int print_job_start(struct current_user *user, int snum, char *jobname) fstrcpy(pjob.user, uidtoname(user->uid)); } - fstrcpy(pjob.queuename, lp_servicename(snum)); + fstrcpy(pjob.queuename, lp_const_servicename(snum)); /* lock the database */ - tdb_lock_bystring(tdb, "INFO/nextjob"); + tdb_lock_bystring(pdb->tdb, "INFO/nextjob"); - next_jobid = tdb_fetch_int32(tdb, "INFO/nextjob"); + next_jobid = tdb_fetch_int32(pdb->tdb, "INFO/nextjob"); if (next_jobid == -1) next_jobid = 1; for (jobid = NEXT_JOBID(next_jobid); jobid != next_jobid; jobid = NEXT_JOBID(jobid)) { - if (!print_job_exists(jobid)) + if (!print_job_exists(jobid | QUEUEID_TO_JOBID(queueid))) break; } - if (jobid == next_jobid || !print_job_store(jobid, &pjob)) { - DEBUG(3, ("print_job_start: either jobid (%d)==next_jobid(%d) or print_job_store failed.\n", + if (jobid == next_jobid || !pjob_store(jobid | QUEUEID_TO_JOBID(queueid), &pjob)) { + DEBUG(3, ("print_job_start: either jobid (%d)==next_jobid(%d) or pjob_store failed.\n", jobid, next_jobid )); jobid = -1; goto fail; } - tdb_store_int32(tdb, "INFO/nextjob", jobid); + if (tdb_store_int32(pdb->tdb, "INFO/nextjob", jobid)==-1) { + DEBUG(3, ("print_job_start: failed to store INFO/nextjob.\n")); + jobid = -1; + goto fail; + } + + /* Ensure the queuid is added to the jobid. */ + jobid |= QUEUEID_TO_JOBID(queueid); /* we have a job entry - now create the spool file */ - slprintf(pjob.filename, sizeof(pjob.filename)-1, "%s/%s%.6d.XXXXXX", - path, PRINT_SPOOL_PREFIX, jobid); + slprintf(pjob.filename, sizeof(pjob.filename)-1, "%s/%s%.8u.XXXXXX", + path, PRINT_SPOOL_PREFIX, (unsigned int)jobid); pjob.fd = smb_mkstemp(pjob.filename); if (pjob.fd == -1) { @@ -1046,9 +1413,9 @@ to open spool file %s.\n", pjob.filename)); goto fail; } - print_job_store(jobid, &pjob); + pjob_store(jobid, &pjob); - tdb_unlock_bystring(tdb, "INFO/nextjob"); + tdb_unlock_bystring(pdb->tdb, "INFO/nextjob"); /* * If the printer is marked as postscript output a leading @@ -1064,11 +1431,10 @@ to open spool file %s.\n", pjob.filename)); return jobid; fail: - if (jobid != -1) { - tdb_delete(tdb, print_key(jobid)); - } + if (jobid != -1) + pjob_delete(jobid); - tdb_unlock_bystring(tdb, "INFO/nextjob"); + tdb_unlock_bystring(pdb->tdb, "INFO/nextjob"); DEBUG(3, ("print_job_start: returning fail. Error = %s\n", strerror(errno) )); return -1; @@ -1078,7 +1444,7 @@ to open spool file %s.\n", pjob.filename)); Update the number of pages spooled to jobid ****************************************************************************/ -void print_job_endpage(int jobid) +void print_job_endpage(uint32 jobid) { struct printjob *pjob = print_job_find(jobid); if (!pjob) @@ -1088,7 +1454,7 @@ void print_job_endpage(int jobid) return; pjob->page_count++; - print_job_store(jobid, pjob); + pjob_store(jobid, pjob); } /**************************************************************************** @@ -1097,7 +1463,7 @@ void print_job_endpage(int jobid) error. ****************************************************************************/ -BOOL print_job_end(int jobid, BOOL normal_close) +BOOL print_job_end(uint32 jobid, BOOL normal_close) { struct printjob *pjob = print_job_find(jobid); int snum, ret; @@ -1111,7 +1477,7 @@ BOOL print_job_end(int jobid, BOOL normal_close) snum = print_job_snum(jobid); if (snum == -1) { - DEBUG(5,("print_job_end: unknown service number for jobid %d\n", jobid)); + DEBUG(5,("print_job_end: unknown service number for jobid %u\n", (unsigned int)jobid)); return False; } @@ -1131,7 +1497,7 @@ BOOL print_job_end(int jobid, BOOL normal_close) goto fail; } - /* Technically, this is not quit right. If the printer has a separator + /* Technically, this is not quite right. If the printer has a separator * page turned on, the NT spooler prints the separator page even if the * print job is 0 bytes. 010215 JRR */ if (pjob->size == 0 || pjob->status == LPQ_DELETING) { @@ -1139,7 +1505,7 @@ BOOL print_job_end(int jobid, BOOL normal_close) DEBUG(5,("print_job_end: canceling spool of %s (%s)\n", pjob->filename, pjob->size ? "deleted" : "zero length" )); unlink(pjob->filename); - tdb_delete(tdb, print_key(jobid)); + pjob_delete(jobid); return True; } @@ -1152,7 +1518,7 @@ BOOL print_job_end(int jobid, BOOL normal_close) pjob->spooled = True; pjob->status = LPQ_QUEUED; - print_job_store(jobid, pjob); + pjob_store(jobid, pjob); /* make sure the database is up to date */ if (print_cache_expired(snum)) @@ -1165,18 +1531,23 @@ fail: /* The print job was not succesfully started. Cleanup */ /* Still need to add proper error return propagation! 010122:JRR */ unlink(pjob->filename); - tdb_delete(tdb, print_key(jobid)); + pjob_delete(jobid); return False; } -/* utility fn to enumerate the print queue */ +/**************************************************************************** + Utility fn to enumerate the print queue. +****************************************************************************/ + static int traverse_fn_queue(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *state) { struct traverse_struct *ts = (struct traverse_struct *)state; struct printjob pjob; - int i, jobid; + int i; + uint32 jobid; - if (data.dsize != sizeof(pjob) || key.dsize != sizeof(int)) return 0; + if (data.dsize != sizeof(pjob) || key.dsize != sizeof(int)) + return 0; memcpy(&jobid, key.dptr, sizeof(jobid)); memcpy(&pjob, data.dptr, sizeof(pjob)); @@ -1184,7 +1555,8 @@ static int traverse_fn_queue(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void * if (ts->snum != lp_servicenumber(pjob.queuename)) return 0; - if (ts->qcount >= ts->maxcount) return 0; + if (ts->qcount >= ts->maxcount) + return 0; i = ts->qcount; @@ -1206,18 +1578,22 @@ struct traverse_count_struct { int snum, count; }; -/* utility fn to count the number of entries in the print queue */ +/**************************************************************************** + Utility fn to count the number of entries in the print queue. +****************************************************************************/ + static int traverse_count_fn_queue(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *state) { struct traverse_count_struct *ts = (struct traverse_count_struct *)state; struct printjob pjob; - int jobid; + uint32 jobid; - if (data.dsize != sizeof(pjob) || key.dsize != sizeof(int)) return 0; + if (data.dsize != sizeof(pjob) || key.dsize != sizeof(int)) + return 0; memcpy(&jobid, key.dptr, sizeof(jobid)); memcpy(&pjob, data.dptr, sizeof(pjob)); - /* maybe it isn't for this queue */ + /* maybe it isn't for this queue - this cannot happen with the tdb/printer code. JRA */ if (ts->snum != lp_servicenumber(pjob.queuename)) return 0; @@ -1226,25 +1602,32 @@ static int traverse_count_fn_queue(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, return 0; } -/* Sort print jobs by submittal time */ +/**************************************************************************** + Sort print jobs by submittal time. +****************************************************************************/ static int printjob_comp(print_queue_struct *j1, print_queue_struct *j2) { /* Silly cases */ - if (!j1 && !j2) return 0; - if (!j1) return -1; - if (!j2) return 1; + if (!j1 && !j2) + return 0; + if (!j1) + return -1; + if (!j2) + return 1; /* Sort on job start time */ - if (j1->time == j2->time) return 0; + if (j1->time == j2->time) + return 0; return (j1->time > j2->time) ? 1 : -1; } /**************************************************************************** -get a printer queue listing + Get a printer queue listing. ****************************************************************************/ + int print_queue_status(int snum, print_queue_struct **queue, print_status_struct *status) @@ -1253,26 +1636,32 @@ int print_queue_status(int snum, struct traverse_count_struct tsc; fstring keystr; TDB_DATA data, key; - - /* make sure the database is up to date */ - if (print_cache_expired(snum)) print_queue_update(snum); + const char *printername = lp_const_servicename(snum); + struct tdb_print_db *pdb = get_print_db_byname(printername); *queue = NULL; + if (!pdb) + return 0; + + /* make sure the database is up to date */ + if (print_cache_expired(snum)) + print_queue_update(snum); + /* * Fetch the queue status. We must do this first, as there may * be no jobs in the queue. */ ZERO_STRUCTP(status); - slprintf(keystr, sizeof(keystr)-1, "STATUS/%s", lp_servicename(snum)); + slprintf(keystr, sizeof(keystr)-1, "STATUS/%s", printername); key.dptr = keystr; key.dsize = strlen(keystr); - data = tdb_fetch(tdb, key); + data = tdb_fetch(pdb->tdb, key); if (data.dptr) { if (data.dsize == sizeof(*status)) { memcpy(status, data.dptr, sizeof(*status)); } - free(data.dptr); + SAFE_FREE(data.dptr); } /* @@ -1282,15 +1671,14 @@ int print_queue_status(int snum, tsc.count = 0; tsc.snum = snum; - tdb_traverse(tdb, traverse_count_fn_queue, (void *)&tsc); + tdb_traverse(pdb->tdb, traverse_count_fn_queue, (void *)&tsc); if (tsc.count == 0) return 0; /* Allocate the queue size. */ if ((tstruct.queue = (print_queue_struct *) - malloc(sizeof(print_queue_struct)*tsc.count)) - == NULL) + malloc(sizeof(print_queue_struct)*tsc.count)) == NULL) return 0; /* @@ -1302,7 +1690,7 @@ int print_queue_status(int snum, tstruct.maxcount = tsc.count; tstruct.snum = snum; - tdb_traverse(tdb, traverse_fn_queue, (void *)&tstruct); + tdb_traverse(pdb->tdb, traverse_fn_queue, (void *)&tstruct); /* Sort the queue by submission time otherwise they are displayed in hash order. */ @@ -1314,24 +1702,24 @@ int print_queue_status(int snum, return tstruct.qcount; } - /**************************************************************************** -turn a queue name into a snum + Turn a queue name into a snum. ****************************************************************************/ -int print_queue_snum(char *qname) + +int print_queue_snum(const char *qname) { int snum = lp_servicenumber(qname); - if (snum == -1 || !lp_print_ok(snum)) return -1; + if (snum == -1 || !lp_print_ok(snum)) + return -1; return snum; } - /**************************************************************************** - pause a queue + Pause a queue. ****************************************************************************/ + BOOL print_queue_pause(struct current_user *user, int snum, WERROR *errcode) { - char *printer_name; int ret; if (!print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) { @@ -1351,19 +1739,17 @@ BOOL print_queue_pause(struct current_user *user, int snum, WERROR *errcode) /* Send a printer notify message */ - printer_name = PRINTERNAME(snum); - - send_queue_message(printer_name, 0, PRINTER_CHANGE_JOB); + notify_printer_status(snum, PRINTER_STATUS_PAUSED); return True; } /**************************************************************************** - resume a queue + Resume a queue. ****************************************************************************/ + BOOL print_queue_resume(struct current_user *user, int snum, WERROR *errcode) { - char *printer_name; int ret; if (!print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) { @@ -1379,25 +1765,24 @@ BOOL print_queue_resume(struct current_user *user, int snum, WERROR *errcode) } /* make sure the database is up to date */ - if (print_cache_expired(snum)) print_queue_update(snum); + if (print_cache_expired(snum)) + print_queue_update(snum); /* Send a printer notify message */ - printer_name = PRINTERNAME(snum); - - send_queue_message(printer_name, 0, PRINTER_CHANGE_JOB); + notify_printer_status(snum, PRINTER_STATUS_OK); return True; } /**************************************************************************** - purge a queue - implemented by deleting all jobs that we can delete + Purge a queue - implemented by deleting all jobs that we can delete. ****************************************************************************/ + BOOL print_queue_purge(struct current_user *user, int snum, WERROR *errcode) { print_queue_struct *queue; print_status_struct status; - char *printer_name; int njobs, i; BOOL can_job_admin; @@ -1415,13 +1800,7 @@ BOOL print_queue_purge(struct current_user *user, int snum, WERROR *errcode) } } - safe_free(queue); - - /* Send a printer notify message */ - - printer_name = PRINTERNAME(snum); - - send_queue_message(printer_name, 0, PRINTER_CHANGE_JOB); + SAFE_FREE(queue); return True; } diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index a7049f78df1..eae6be51282 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -23,6 +23,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_CLI + extern struct pipe_id_info pipe_names[]; extern fstring global_myworkgroup; extern pstring global_myname; diff --git a/source3/rpc_client/cli_reg.c b/source3/rpc_client/cli_reg.c index 628cd576a88..07001f13bd7 100644 --- a/source3/rpc_client/cli_reg.c +++ b/source3/rpc_client/cli_reg.c @@ -24,6 +24,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_CLI + /**************************************************************************** do a REG Open Policy ****************************************************************************/ diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c index 6467ae4fa9e..0d4db7f88f9 100644 --- a/source3/rpc_client/cli_samr.c +++ b/source3/rpc_client/cli_samr.c @@ -22,6 +22,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_CLI + /**************************************************************************** do a SAMR query user groups ****************************************************************************/ diff --git a/source3/rpc_client/cli_spoolss.c b/source3/rpc_client/cli_spoolss.c index ca01808f59c..5292569ed43 100644 --- a/source3/rpc_client/cli_spoolss.c +++ b/source3/rpc_client/cli_spoolss.c @@ -25,6 +25,9 @@ #include "rpc_parse.h" #include "nterr.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_CLI + /**************************************************************************** do a SPOOLSS Enum Printer Drivers ****************************************************************************/ diff --git a/source3/rpc_client/cli_srvsvc.c b/source3/rpc_client/cli_srvsvc.c index 024e7117896..06e733893e1 100644 --- a/source3/rpc_client/cli_srvsvc.c +++ b/source3/rpc_client/cli_srvsvc.c @@ -23,6 +23,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_CLI + /**************************************************************************** do a server net conn enum ****************************************************************************/ @@ -43,7 +46,7 @@ BOOL do_srv_net_srv_conn_enum(struct cli_state *cli, prs_init(&data, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL); prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL); - /* create and send a MSRPC command with api SRV_NETCONNENUM */ + /* create and send a MSRPC command with api SRV_NET_CONN_ENUM */ DEBUG(4,("SRV Net Server Connection Enum(%s, %s), level %d, enum:%8x\n", server_name, qual_name, switch_value, get_enum_hnd(hnd))); @@ -67,7 +70,7 @@ BOOL do_srv_net_srv_conn_enum(struct cli_state *cli, } /* send the data on \PIPE\ */ - if(!rpc_api_pipe_req(cli, SRV_NETCONNENUM, &data, &rdata)) { + if(!rpc_api_pipe_req(cli, SRV_NET_CONN_ENUM, &data, &rdata)) { prs_mem_free(&data); prs_mem_free(&rdata); return False; @@ -107,10 +110,11 @@ do a server net sess enum ****************************************************************************/ BOOL do_srv_net_srv_sess_enum(struct cli_state *cli, - char *server_name, char *qual_name, - uint32 switch_value, SRV_SESS_INFO_CTR *ctr, - uint32 preferred_len, - ENUM_HND *hnd) + char *server_name, char *qual_name, + char *user_name, + uint32 switch_value, SRV_SESS_INFO_CTR *ctr, + uint32 preferred_len, + ENUM_HND *hnd) { prs_struct data; prs_struct rdata; @@ -123,7 +127,7 @@ BOOL do_srv_net_srv_sess_enum(struct cli_state *cli, prs_init(&data, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL); prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL); - /* create and send a MSRPC command with api SRV_NETSESSENUM */ + /* create and send a MSRPC command with api SRV_NET_SESS_ENUM */ DEBUG(4,("SRV Net Session Enum (%s), level %d, enum:%8x\n", server_name, switch_value, get_enum_hnd(hnd))); @@ -134,7 +138,7 @@ BOOL do_srv_net_srv_sess_enum(struct cli_state *cli, ctr->sess.info0.ptr_sess_info = 1; /* store the parameters */ - init_srv_q_net_sess_enum(&q_o, server_name, qual_name, + init_srv_q_net_sess_enum(&q_o, server_name, qual_name, user_name, switch_value, ctr, preferred_len, hnd); @@ -147,7 +151,7 @@ BOOL do_srv_net_srv_sess_enum(struct cli_state *cli, } /* send the data on \PIPE\ */ - if (!rpc_api_pipe_req(cli, SRV_NETSESSENUM, &data, &rdata)) { + if (!rpc_api_pipe_req(cli, SRV_NET_SESS_ENUM, &data, &rdata)) { prs_mem_free(&data); prs_mem_free(&rdata); return False; @@ -200,7 +204,7 @@ BOOL do_srv_net_srv_share_enum(struct cli_state *cli, prs_init(&data, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL); prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL); - /* create and send a MSRPC command with api SRV_NETSHAREENUM */ + /* create and send a MSRPC command with api SRV_NET_SHARE_ENUM */ DEBUG(4,("SRV Get Share Info (%s), level %d, enum:%8x\n", server_name, switch_value, get_enum_hnd(hnd))); @@ -217,7 +221,7 @@ BOOL do_srv_net_srv_share_enum(struct cli_state *cli, } /* send the data on \PIPE\ */ - if (!rpc_api_pipe_req(cli, SRV_NETSHAREENUM, &data, &rdata)) { + if (!rpc_api_pipe_req(cli, SRV_NET_SHARE_ENUM, &data, &rdata)) { prs_mem_free(&data); prs_mem_free(&rdata); return False; @@ -271,7 +275,7 @@ BOOL do_srv_net_srv_file_enum(struct cli_state *cli, prs_init(&data, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL); prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL); - /* create and send a MSRPC command with api SRV_NETFILEENUM */ + /* create and send a MSRPC command with api SRV_NET_FILE_ENUM */ DEBUG(4,("SRV Get File Info (%s), level %d, enum:%8x\n", server_name, switch_value, get_enum_hnd(hnd))); @@ -297,7 +301,7 @@ BOOL do_srv_net_srv_file_enum(struct cli_state *cli, } /* send the data on \PIPE\ */ - if (!rpc_api_pipe_req(cli, SRV_NETFILEENUM, &data, &rdata)) { + if (!rpc_api_pipe_req(cli, SRV_NET_FILE_ENUM, &data, &rdata)) { prs_mem_free(&data); prs_mem_free(&rdata); return False; diff --git a/source3/rpc_client/cli_wkssvc.c b/source3/rpc_client/cli_wkssvc.c index 788d60c56e3..90269dfbee9 100644 --- a/source3/rpc_client/cli_wkssvc.c +++ b/source3/rpc_client/cli_wkssvc.c @@ -23,6 +23,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_CLI + /**************************************************************************** do a WKS Open Policy ****************************************************************************/ diff --git a/source3/rpc_client/msrpc_spoolss.c b/source3/rpc_client/msrpc_spoolss.c index 2267190d8e3..56c70730ba7 100644 --- a/source3/rpc_client/msrpc_spoolss.c +++ b/source3/rpc_client/msrpc_spoolss.c @@ -25,6 +25,9 @@ #include "rpc_parse.h" #include "rpcclient.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_CLI + #define DEBUG_TESTING extern FILE* out_hnd; diff --git a/source3/rpc_parse/parse_dfs.c b/source3/rpc_parse/parse_dfs.c index 6c83963d7a6..38633ac0f7e 100644 --- a/source3/rpc_parse/parse_dfs.c +++ b/source3/rpc_parse/parse_dfs.c @@ -25,6 +25,9 @@ #include "nterr.h" #include "rpc_parse.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_PARSE + /******************************************************************* Make a DFS_Q_DFS_QUERY structure *******************************************************************/ diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c index 91b54b9c836..a6aecb79672 100644 --- a/source3/rpc_parse/parse_lsa.c +++ b/source3/rpc_parse/parse_lsa.c @@ -4,6 +4,7 @@ * Copyright (C) Andrew Tridgell 1992-1997, * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, * Copyright (C) Paul Ashton 1997. + * Copyright (C) Andrew Bartlett 2002. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -22,6 +23,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_PARSE + static BOOL lsa_io_trans_names(char *desc, LSA_TRANS_NAME_ENUM *trn, prs_struct *ps, int depth); /******************************************************************* @@ -188,7 +192,7 @@ static BOOL lsa_io_sec_qos(char *desc, LSA_SEC_QOS *qos, prs_struct *ps, Inits an LSA_OBJ_ATTR structure. ********************************************************************/ -void init_lsa_obj_attr(LSA_OBJ_ATTR *attr, uint32 attributes, LSA_SEC_QOS *qos) +static void init_lsa_obj_attr(LSA_OBJ_ATTR *attr, uint32 attributes, LSA_SEC_QOS *qos) { DEBUG(5, ("init_lsa_obj_attr\n")); @@ -523,40 +527,52 @@ BOOL lsa_io_q_enum_trust_dom(char *desc, LSA_Q_ENUM_TRUST_DOM *q_e, Inits an LSA_R_ENUM_TRUST_DOM structure. ********************************************************************/ -void init_r_enum_trust_dom(TALLOC_CTX *ctx, LSA_R_ENUM_TRUST_DOM *r_e, uint32 enum_context, - char *domain_name, DOM_SID *domain_sid, - NTSTATUS status) +void init_r_enum_trust_dom(TALLOC_CTX *ctx, LSA_R_ENUM_TRUST_DOM *r_e, uint32 enum_context, + uint32 req_num_domains, uint32 num_domains, TRUSTDOM **td) { + int i; + DEBUG(5, ("init_r_enum_trust_dom\n")); r_e->enum_context = enum_context; + r_e->num_domains = num_domains; + r_e->ptr_enum_domains = 0; + r_e->num_domains2 = num_domains; - if (NT_STATUS_IS_OK(status)) { - int len_domain_name = strlen(domain_name) + 1; - - r_e->num_domains = 1; - r_e->ptr_enum_domains = 1; - r_e->num_domains2 = 1; - - if (!(r_e->hdr_domain_name = (UNIHDR2 *)talloc(ctx,sizeof(UNIHDR2)))) + if (num_domains != 0) { + + /* + * allocating empty arrays of unicode headers, strings + * and sids of enumerated trusted domains + */ + if (!(r_e->hdr_domain_name = (UNIHDR2 *)talloc(ctx,sizeof(UNIHDR2) * num_domains))) { + r_e->status = NT_STATUS_NO_MEMORY; return; - - if (!(r_e->uni_domain_name = (UNISTR2 *)talloc(ctx,sizeof(UNISTR2)))) + } + + if (!(r_e->uni_domain_name = (UNISTR2 *)talloc(ctx,sizeof(UNISTR2) * num_domains))) { + r_e->status = NT_STATUS_NO_MEMORY; return; + } - if (!(r_e->domain_sid = (DOM_SID2 *)talloc(ctx,sizeof(DOM_SID2)))) + if (!(r_e->domain_sid = (DOM_SID2 *)talloc(ctx,sizeof(DOM_SID2) * num_domains))) { + r_e->status = NT_STATUS_NO_MEMORY; return; + } + + for (i = 0; i < num_domains; i++) { + + /* don't know what actually is this for */ + r_e->ptr_enum_domains = 1; + + init_uni_hdr2(&r_e->hdr_domain_name[i], strlen_w((td[i])->name)); + init_dom_sid2(&r_e->domain_sid[i], &(td[i])->sid); + + init_unistr2_w(ctx, &r_e->uni_domain_name[i], (td[i])->name); + + }; + } - init_uni_hdr2(&r_e->hdr_domain_name[0], len_domain_name); - init_unistr2 (&r_e->uni_domain_name[0], domain_name, - len_domain_name); - init_dom_sid2(&r_e->domain_sid[0], domain_sid); - } else { - r_e->num_domains = 0; - r_e->ptr_enum_domains = 0; - } - - r_e->status = status; } /******************************************************************* @@ -603,7 +619,7 @@ BOOL lsa_io_r_enum_trust_dom(char *desc, LSA_R_ENUM_TRUST_DOM *r_e, for (i = 0; i < num_domains; i++) { if(!smb_io_unistr2 ("", &r_e->uni_domain_name[i], - r_e->hdr_domain_name[i].buffer, + r_e->hdr_domain_name[i].buffer, ps, depth)) return False; if(!smb_io_dom_sid2("", &r_e->domain_sid[i], ps, @@ -713,7 +729,7 @@ static BOOL lsa_io_dom_query_3(char *desc, DOM_QUERY_3 *d_q, prs_struct *ps, int Reads or writes a dom query structure. ********************************************************************/ -BOOL lsa_io_dom_query_5(char *desc, DOM_QUERY_5 *d_q, prs_struct *ps, int depth) +static BOOL lsa_io_dom_query_5(char *desc, DOM_QUERY_5 *d_q, prs_struct *ps, int depth) { return lsa_io_dom_query("", d_q, ps, depth); } @@ -792,7 +808,7 @@ BOOL lsa_io_r_query(char *desc, LSA_R_QUERY_INFO *r_q, prs_struct *ps, Inits a LSA_SID_ENUM structure. ********************************************************************/ -void init_lsa_sid_enum(TALLOC_CTX *mem_ctx, LSA_SID_ENUM *sen, +static void init_lsa_sid_enum(TALLOC_CTX *mem_ctx, LSA_SID_ENUM *sen, int num_entries, DOM_SID *sids) { int i; @@ -1737,7 +1753,7 @@ BOOL lsa_io_q_enum_privsaccount(char *desc, LSA_Q_ENUMPRIVSACCOUNT *r_c, prs_str Reads or writes an LUID structure. ********************************************************************/ -BOOL lsa_io_luid(char *desc, LUID *r_c, prs_struct *ps, int depth) +static BOOL lsa_io_luid(char *desc, LUID *r_c, prs_struct *ps, int depth) { prs_debug(ps, depth, desc, "lsa_io_luid"); depth++; @@ -1758,7 +1774,7 @@ BOOL lsa_io_luid(char *desc, LUID *r_c, prs_struct *ps, int depth) Reads or writes an LUID_ATTR structure. ********************************************************************/ -BOOL lsa_io_luid_attr(char *desc, LUID_ATTR *r_c, prs_struct *ps, int depth) +static BOOL lsa_io_luid_attr(char *desc, LUID_ATTR *r_c, prs_struct *ps, int depth) { prs_debug(ps, depth, desc, "lsa_io_luid_attr"); depth++; @@ -1779,7 +1795,7 @@ BOOL lsa_io_luid_attr(char *desc, LUID_ATTR *r_c, prs_struct *ps, int depth) Reads or writes an PRIVILEGE_SET structure. ********************************************************************/ -BOOL lsa_io_privilege_set(char *desc, PRIVILEGE_SET *r_c, prs_struct *ps, int depth) +static BOOL lsa_io_privilege_set(char *desc, PRIVILEGE_SET *r_c, prs_struct *ps, int depth) { uint32 i; diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c index 73f285e3200..01d76981736 100644 --- a/source3/rpc_parse/parse_misc.c +++ b/source3/rpc_parse/parse_misc.c @@ -22,6 +22,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_PARSE + /**************************************************************************** A temporary TALLOC context for things like unistrs, that is valid for the life of a complete RPC call. @@ -211,9 +214,6 @@ BOOL smb_io_dom_sid(char *desc, DOM_SID *sid, prs_struct *ps, int depth) prs_debug(ps, depth, desc, "smb_io_dom_sid"); depth++; - if(!prs_align(ps)) - return False; - if(!prs_uint8 ("sid_rev_num", ps, depth, &sid->sid_rev_num)) return False; if(!prs_uint8 ("num_auths ", ps, depth, &sid->num_auths)) @@ -551,8 +551,6 @@ BOOL smb_io_unistr(char *desc, UNISTR *uni, prs_struct *ps, int depth) prs_debug(ps, depth, desc, "smb_io_unistr"); depth++; - if(!prs_align(ps)) - return False; if(!prs_unistr("unistr", ps, depth, uni)) return False; @@ -916,6 +914,51 @@ void init_unistr2(UNISTR2 *str, const char *buf, size_t len) rpcstr_push((char *)str->buffer, buf, len, STR_TERMINATE); } +/** + * Inits a UNISTR2 structure. + * @param ctx talloc context to allocate string on + * @param str pointer to string to create + * @param buf UCS2 null-terminated buffer to init from +*/ + +void init_unistr2_w(TALLOC_CTX *ctx, UNISTR2 *str, const smb_ucs2_t *buf) +{ + uint32 len = strlen_w(buf); + uint32 max_len = len; + uint32 alloc_len; + + ZERO_STRUCTP(str); + + /* set up string lengths. */ + str->uni_max_len = len; + str->undoc = 0; + str->uni_str_len = len; + + if (max_len < MAX_UNISTRLEN) + max_len = MAX_UNISTRLEN; + + alloc_len = (max_len + 1) * sizeof(uint16); + + str->buffer = (uint16 *)talloc_zero(ctx, alloc_len); + if ((str->buffer == NULL) && (alloc_len > 0)) + { + smb_panic("init_unistr2_w: malloc fail\n"); + return; + } + + /* + * don't move this test above ! The UNISTR2 must be initialized !!! + * jfm, 7/7/2001. + */ + if (buf==NULL) + return; + + /* Yes, this is a strncpy( foo, bar, strlen(bar)) - but as + long as the buffer above is talloc()ed correctly then this + is the correct thing to do */ + strncpy_w(str->buffer, buf, len + 1); +} + /******************************************************************* Inits a UNISTR2 structure from a UNISTR ********************************************************************/ diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c index afbdf6dc57a..46fdce63ff4 100644 --- a/source3/rpc_parse/parse_net.c +++ b/source3/rpc_parse/parse_net.c @@ -22,6 +22,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_PARSE + /******************************************************************* Reads or writes a structure. ********************************************************************/ @@ -1218,10 +1221,10 @@ void init_net_user_info3(TALLOC_CTX *ctx, NET_USER_INFO_3 *usr, time_t unix_pass_must_change_time, uint16 logon_count, uint16 bad_pw_count, - uint32 num_groups, DOM_GID *gids, + uint32 num_groups, const DOM_GID *gids, uint32 user_flgs, uchar *sess_key, - char *logon_srv, char *logon_dom, - DOM_SID *dom_sid, char *other_sids) + const char *logon_srv, const char *logon_dom, + const DOM_SID *dom_sid, char *other_sids) { /* only cope with one "other" sid, right now. */ /* need to count the number of space-delimited sids */ @@ -1331,14 +1334,15 @@ void init_net_user_info3(TALLOC_CTX *ctx, NET_USER_INFO_3 *usr, Jacobsen at HP. JRA. ********************************************************************/ -static BOOL net_io_user_info3(char *desc, NET_USER_INFO_3 *usr, prs_struct *ps, int depth, uint16 validation_level) +BOOL net_io_user_info3(const char *desc, NET_USER_INFO_3 *usr, prs_struct *ps, + int depth, uint16 validation_level) { int i; if (usr == NULL) return False; - prs_debug(ps, depth, desc, "lsa_io_lsa_user_info"); + prs_debug(ps, depth, desc, "net_io_user_info3"); depth++; if (UNMARSHALLING(ps)) diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c index 6d65d5cc7f4..2ab8c7246e1 100644 --- a/source3/rpc_parse/parse_prs.c +++ b/source3/rpc_parse/parse_prs.c @@ -22,6 +22,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_PARSE + /** * Dump a prs to a file: from the current location through to the end. **/ @@ -73,7 +76,7 @@ void prs_dump_region(char *name, int v, prs_struct *ps, XXXX side-effect of this function is to increase the debug depth XXXX ********************************************************************/ -void prs_debug(prs_struct *ps, int depth, char *desc, char *fn_name) +void prs_debug(prs_struct *ps, int depth, const char *desc, char *fn_name) { DEBUG(5+depth, ("%s%06x %s %s\n", tab_depth(depth), ps->data_offset, fn_name, desc)); } @@ -444,6 +447,38 @@ BOOL prs_align(prs_struct *ps) return True; } +/****************************************************************** + Align on a 2 byte boundary + *****************************************************************/ + +BOOL prs_align_uint16(prs_struct *ps) +{ + BOOL ret; + uint8 old_align = ps->align; + + ps->align = 2; + ret = prs_align(ps); + ps->align = old_align; + + return ret; +} + +/****************************************************************** + Align on a 8 byte boundary + *****************************************************************/ + +BOOL prs_align_uint64(prs_struct *ps) +{ + BOOL ret; + uint8 old_align = ps->align; + + ps->align = 8; + ret = prs_align(ps); + ps->align = old_align; + + return ret; +} + /******************************************************************* Align only if required (for the unistr2 string mainly) ********************************************************************/ diff --git a/source3/rpc_parse/parse_reg.c b/source3/rpc_parse/parse_reg.c index 1b8d1cd5c83..1ebc1532f31 100644 --- a/source3/rpc_parse/parse_reg.c +++ b/source3/rpc_parse/parse_reg.c @@ -24,6 +24,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_PARSE + /******************************************************************* Inits a structure. ********************************************************************/ @@ -126,11 +129,11 @@ BOOL reg_io_q_open_hklm(char *desc, REG_Q_OPEN_HKLM * r_q, prs_struct *ps, if (r_q->ptr != 0) { if (!prs_uint16("unknown_0", ps, depth, &(r_q->unknown_0))) - return False; + return False; if (!prs_uint16("unknown_1", ps, depth, &(r_q->unknown_1))) - return False; + return False; if (!prs_uint32("access_mask", ps, depth, &(r_q->access_mask))) - return False; + return False; } return True; @@ -568,7 +571,7 @@ BOOL reg_io_r_query_key(char *desc, REG_R_QUERY_KEY *r_r, prs_struct *ps, int d return False; if(!prs_uint32("max_subkeylen ", ps, depth, &r_r->max_subkeylen)) return False; - if(!prs_uint32("mak_subkeysize", ps, depth, &r_r->max_subkeysize)) + if(!prs_uint32("reserved ", ps, depth, &r_r->reserved)) return False; if(!prs_uint32("num_values ", ps, depth, &r_r->num_values)) return False; @@ -591,7 +594,7 @@ BOOL reg_io_r_query_key(char *desc, REG_R_QUERY_KEY *r_r, prs_struct *ps, int d Inits a structure. ********************************************************************/ -void init_reg_q_unk_1a(REG_Q_UNK_1A *q_o, POLICY_HND *hnd) +void init_reg_q_unknown_1a(REG_Q_UNKNOWN_1A *q_o, POLICY_HND *hnd) { memcpy(&q_o->pol, hnd, sizeof(q_o->pol)); } @@ -600,12 +603,12 @@ void init_reg_q_unk_1a(REG_Q_UNK_1A *q_o, POLICY_HND *hnd) reads or writes a structure. ********************************************************************/ -BOOL reg_io_q_unk_1a(char *desc, REG_Q_UNK_1A *r_q, prs_struct *ps, int depth) +BOOL reg_io_q_unknown_1a(char *desc, REG_Q_UNKNOWN_1A *r_q, prs_struct *ps, int depth) { if (r_q == NULL) return False; - prs_debug(ps, depth, desc, "reg_io_q_unk_1a"); + prs_debug(ps, depth, desc, "reg_io_q_unknown_1a"); depth++; if(!prs_align(ps)) @@ -621,12 +624,12 @@ BOOL reg_io_q_unk_1a(char *desc, REG_Q_UNK_1A *r_q, prs_struct *ps, int depth) reads or writes a structure. ********************************************************************/ -BOOL reg_io_r_unk_1a(char *desc, REG_R_UNK_1A *r_r, prs_struct *ps, int depth) +BOOL reg_io_r_unknown_1a(char *desc, REG_R_UNKNOWN_1A *r_r, prs_struct *ps, int depth) { if (r_r == NULL) return False; - prs_debug(ps, depth, desc, "reg_io_r_unk_1a"); + prs_debug(ps, depth, desc, "reg_io_r_unknown_1a"); depth++; if(!prs_align(ps)) @@ -645,12 +648,12 @@ BOOL reg_io_r_unk_1a(char *desc, REG_R_UNK_1A *r_r, prs_struct *ps, int depth) ********************************************************************/ void init_reg_q_open_hku(REG_Q_OPEN_HKU *q_o, - uint16 unknown_0, uint32 level) + uint16 unknown_0, uint32 access_mask) { q_o->ptr = 1; q_o->unknown_0 = unknown_0; q_o->unknown_1 = 0x0; /* random - changes */ - q_o->level = level; + q_o->access_mask = access_mask; } /******************************************************************* @@ -671,11 +674,11 @@ BOOL reg_io_q_open_hku(char *desc, REG_Q_OPEN_HKU *r_q, prs_struct *ps, int dep if(!prs_uint32("ptr ", ps, depth, &r_q->ptr)) return False; if (r_q->ptr != 0) { - if(!prs_uint16("unknown_0", ps, depth, &r_q->unknown_0)) + if(!prs_uint16("unknown_0 ", ps, depth, &r_q->unknown_0)) return False; - if(!prs_uint16("unknown_1", ps, depth, &r_q->unknown_1)) + if(!prs_uint16("unknown_1 ", ps, depth, &r_q->unknown_1)) return False; - if(!prs_uint32("level ", ps, depth, &r_q->level)) + if(!prs_uint32("access_mask ", ps, depth, &r_q->access_mask)) return False; } @@ -726,7 +729,7 @@ BOOL reg_io_q_close(char *desc, REG_Q_CLOSE *q_u, prs_struct *ps, int depth) if (q_u == NULL) return False; - prs_debug(ps, depth, desc, "reg_io_q_unknown_1"); + prs_debug(ps, depth, desc, "reg_io_q_close"); depth++; if(!prs_align(ps)) @@ -749,7 +752,7 @@ BOOL reg_io_r_close(char *desc, REG_R_CLOSE *r_u, prs_struct *ps, int depth) if (r_u == NULL) return False; - prs_debug(ps, depth, desc, "reg_io_r_unknown_1"); + prs_debug(ps, depth, desc, "reg_io_r_close"); depth++; if(!prs_align(ps)) @@ -1007,13 +1010,15 @@ BOOL reg_io_q_info(char *desc, REG_Q_INFO *r_q, prs_struct *ps, int depth) if(!prs_uint32("ptr_buflen", ps, depth, &(r_q->ptr_buflen))) return False; - if(!prs_uint32("buflen", ps, depth, &(r_q->buflen))) - return False; - if(!prs_uint32("ptr_buflen2", ps, depth, &(r_q->ptr_buflen2))) - return False; - if(!prs_uint32("buflen2", ps, depth, &(r_q->buflen2))) - return False; + if (r_q->ptr_buflen) { + if(!prs_uint32("buflen", ps, depth, &(r_q->buflen))) + return False; + if(!prs_uint32("ptr_buflen2", ps, depth, &(r_q->ptr_buflen2))) + return False; + if(!prs_uint32("buflen2", ps, depth, &(r_q->buflen2))) + return False; + } return True; } @@ -1348,6 +1353,29 @@ void init_reg_q_enum_key(REG_Q_ENUM_KEY *q_i, POLICY_HND *pol, uint32 key_idx) unix_to_nt_time(&q_i->time, 0); /* current time? */ } +/******************************************************************* +makes a reply structure. +********************************************************************/ + +void init_reg_r_enum_key(REG_R_ENUM_KEY *r_u, char *subkey, uint32 unknown_1, + uint32 unknown_2) +{ + if ( !r_u ) + return; + + r_u->unknown_1 = unknown_1; + r_u->unknown_2 = unknown_2; + r_u->unknown_3 = 0x0; + + r_u->key_name_len = (strlen(subkey)+1) * 2; + if (r_u->key_name_len) + r_u->ptr1 = 0x1; + init_unistr3( &r_u->key_name, subkey ); + + r_u->ptr2 = 0x1; + r_u->ptr3 = 0x1; +} + /******************************************************************* reads or writes a structure. ********************************************************************/ @@ -1463,7 +1491,7 @@ makes a structure. ********************************************************************/ void init_reg_q_open_entry(REG_Q_OPEN_ENTRY *r_q, POLICY_HND *pol, - char *key_name, uint32 unk) + char *key_name, uint32 access_desired) { int len_name = strlen(key_name)+1; @@ -1473,7 +1501,7 @@ void init_reg_q_open_entry(REG_Q_OPEN_ENTRY *r_q, POLICY_HND *pol, init_unistr2(&r_q->uni_name, key_name, len_name); r_q->unknown_0 = 0x00000000; - r_q->unknown_1 = unk; + r_q->access_desired = access_desired; } /******************************************************************* @@ -1501,9 +1529,9 @@ BOOL reg_io_q_open_entry(char *desc, REG_Q_OPEN_ENTRY *r_q, prs_struct *ps, int if(!prs_align(ps)) return False; - if(!prs_uint32("unknown_0", ps, depth, &r_q->unknown_0)) + if(!prs_uint32("unknown_0 ", ps, depth, &r_q->unknown_0)) return False; - if(!prs_uint32("unknown_1", ps, depth, &r_q->unknown_1)) + if(!prs_uint32("asccess_desired ", ps, depth, &r_q->access_desired)) return False; return True; diff --git a/source3/rpc_parse/parse_rpc.c b/source3/rpc_parse/parse_rpc.c index ee15d7cdede..41e0b4cb5f4 100644 --- a/source3/rpc_parse/parse_rpc.c +++ b/source3/rpc_parse/parse_rpc.c @@ -23,6 +23,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_PARSE + /******************************************************************* interface/version dce/rpc pipe identification ********************************************************************/ diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index 4edc0678af9..c16232204cd 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -27,6 +27,9 @@ #include "rpc_parse.h" #include "nterr.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_PARSE + /******************************************************************* inits a SAMR_Q_CLOSE_HND structure. ********************************************************************/ @@ -387,6 +390,36 @@ BOOL samr_io_r_get_usrdom_pwinfo(char *desc, SAMR_R_GET_USRDOM_PWINFO * r_u, return True; } + +/******************************************************************* +reads or writes a structure. +********************************************************************/ + +BOOL samr_io_q_set_sec_obj(char *desc, SAMR_Q_SET_SEC_OBJ * q_u, + prs_struct *ps, int depth) +{ + if (q_u == NULL) + return False; + + prs_debug(ps, depth, desc, "samr_io_q_set_sec_obj"); + depth++; + + if(!prs_align(ps)) + return False; + + if(!smb_io_pol_hnd("pol", &q_u->pol, ps, depth)) + return False; + + if(!prs_uint32("sec_info", ps, depth, &q_u->sec_info)) + return False; + + if(!sec_io_desc_buf("sec_desc", &q_u->buf, ps, depth)) + return False; + + return True; +} + + /******************************************************************* reads or writes a structure. ********************************************************************/ @@ -861,6 +894,28 @@ BOOL samr_io_r_query_dom_info(char *desc, SAMR_R_QUERY_DOMAIN_INFO * r_u, return True; } +/******************************************************************* +reads or writes a SAMR_R_SET_SEC_OBJ structure. +********************************************************************/ + +BOOL samr_io_r_set_sec_obj(char *desc, SAMR_R_SET_SEC_OBJ * r_u, + prs_struct *ps, int depth) +{ + if (r_u == NULL) + return False; + + prs_debug(ps, depth, desc, "samr_io_r_set_sec_obj"); + depth++; + + if(!prs_align(ps)) + return False; + + if(!prs_ntstatus("status", ps, depth, &r_u->status)) + return False; + + return True; +} + /******************************************************************* reads or writes a SAMR_R_QUERY_SEC_OBJ structure. ********************************************************************/ @@ -1437,7 +1492,8 @@ inits a SAM_DISPINFO_1 structure. ********************************************************************/ NTSTATUS init_sam_dispinfo_1(TALLOC_CTX *ctx, SAM_DISPINFO_1 *sam, uint32 num_entries, - uint32 start_idx, DISP_USER_INFO *disp_user_info) + uint32 start_idx, DISP_USER_INFO *disp_user_info, + DOM_SID *domain_sid) { uint32 len_sam_name, len_sam_full, len_sam_desc; uint32 i; @@ -1462,18 +1518,49 @@ NTSTATUS init_sam_dispinfo_1(TALLOC_CTX *ctx, SAM_DISPINFO_1 *sam, uint32 num_en ZERO_STRUCTP(sam->str); for (i = 0; i < num_entries ; i++) { + const char *username; + const char *fullname; + const char *acct_desc; + uint32 user_rid; + const DOM_SID *user_sid; + fstring user_sid_string, domain_sid_string; + DEBUG(11, ("init_sam_dispinfo_1: entry: %d\n",i)); pwd=disp_user_info[i+start_idx].sam; - len_sam_name = strlen(pdb_get_username(pwd)); - len_sam_full = strlen(pdb_get_fullname(pwd)); - len_sam_desc = strlen(pdb_get_acct_desc(pwd)); + username = pdb_get_username(pwd); + fullname = pdb_get_fullname(pwd); + acct_desc = pdb_get_acct_desc(pwd); + + if (!username) + username = ""; + + if (!fullname) + fullname = ""; + + if (!acct_desc) + acct_desc = ""; + + user_sid = pdb_get_user_sid(pwd); + + if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) { + DEBUG(0, ("init_sam_dispinfo_1: User %s has SID %s, which conflicts with " + "the domain sid %s. Failing operation.\n", + username, + sid_to_string(user_sid_string, user_sid), + sid_to_string(domain_sid_string, domain_sid))); + return NT_STATUS_UNSUCCESSFUL; + } + + len_sam_name = strlen(username); + len_sam_full = strlen(fullname); + len_sam_desc = strlen(acct_desc); init_sam_entry1(&sam->sam[i], start_idx + i + 1, len_sam_name, len_sam_full, len_sam_desc, - pdb_get_user_rid(pwd), pdb_get_acct_ctrl(pwd)); - + user_rid, pdb_get_acct_ctrl(pwd)); + ZERO_STRUCTP(&sam->str[i].uni_acct_name); ZERO_STRUCTP(&sam->str[i].uni_full_name); ZERO_STRUCTP(&sam->str[i].uni_acct_desc); @@ -1540,7 +1627,8 @@ inits a SAM_DISPINFO_2 structure. ********************************************************************/ NTSTATUS init_sam_dispinfo_2(TALLOC_CTX *ctx, SAM_DISPINFO_2 *sam, uint32 num_entries, - uint32 start_idx, DISP_USER_INFO *disp_user_info) + uint32 start_idx, DISP_USER_INFO *disp_user_info, + DOM_SID *domain_sid ) { uint32 len_sam_name, len_sam_desc; uint32 i; @@ -1563,20 +1651,39 @@ NTSTATUS init_sam_dispinfo_2(TALLOC_CTX *ctx, SAM_DISPINFO_2 *sam, uint32 num_en ZERO_STRUCTP(sam->str); for (i = 0; i < num_entries; i++) { + uint32 user_rid; + const DOM_SID *user_sid; + const char *username; + const char *acct_desc; + fstring user_sid_string, domain_sid_string; + DEBUG(11, ("init_sam_dispinfo_2: entry: %d\n",i)); pwd=disp_user_info[i+start_idx].sam; - len_sam_name = strlen(pdb_get_username(pwd)); - len_sam_desc = strlen(pdb_get_acct_desc(pwd)); + username = pdb_get_username(pwd); + acct_desc = pdb_get_acct_desc(pwd); + user_sid = pdb_get_user_sid(pwd); + + if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) { + DEBUG(0, ("init_sam_dispinfo_2: User %s has SID %s, which conflicts with " + "the domain sid %s. Failing operation.\n", + username, + sid_to_string(user_sid_string, user_sid), + sid_to_string(domain_sid_string, domain_sid))); + return NT_STATUS_UNSUCCESSFUL; + } + + len_sam_name = strlen(username); + len_sam_desc = strlen(acct_desc); init_sam_entry2(&sam->sam[i], start_idx + i + 1, len_sam_name, len_sam_desc, - pdb_get_user_rid(pwd), pdb_get_acct_ctrl(pwd)); + user_rid, pdb_get_acct_ctrl(pwd)); ZERO_STRUCTP(&sam->str[i].uni_srv_name); ZERO_STRUCTP(&sam->str[i].uni_srv_desc); - init_unistr2(&sam->str[i].uni_srv_name, pdb_get_username(pwd), len_sam_name); + init_unistr2(&sam->str[i].uni_srv_name, username, len_sam_name); init_unistr2(&sam->str[i].uni_srv_desc, pdb_get_acct_desc(pwd), len_sam_desc); } @@ -4535,7 +4642,7 @@ inits a SAMR_Q_LOOKUP_NAMES structure. NTSTATUS init_samr_q_lookup_names(TALLOC_CTX *ctx, SAMR_Q_LOOKUP_NAMES * q_u, POLICY_HND *pol, uint32 flags, - uint32 num_names, char **name) + uint32 num_names, const char **name) { uint32 i; @@ -5824,7 +5931,7 @@ void init_sam_user_info21W(SAM_USER_INFO_21 * usr, *************************************************************************/ -void init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw) +NTSTATUS init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw, DOM_SID *domain_sid) { NTTIME logon_time, logoff_time, kickoff_time, pass_last_set_time, pass_can_change_time, @@ -5845,6 +5952,12 @@ void init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw) const char* workstations = pdb_get_workstations(pw); const char* munged_dial = pdb_get_munged_dial(pw); + uint32 user_rid; + const DOM_SID *user_sid; + + uint32 group_rid; + const DOM_SID *group_sid; + len_user_name = user_name != NULL ? strlen(user_name )+1 : 0; len_full_name = full_name != NULL ? strlen(full_name )+1 : 0; len_home_dir = home_dir != NULL ? strlen(home_dir )+1 : 0; @@ -5887,8 +6000,34 @@ void init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw) ZERO_STRUCT(usr->nt_pwd); ZERO_STRUCT(usr->lm_pwd); - usr->user_rid = pdb_get_user_rid(pw); - usr->group_rid = pdb_get_group_rid(pw); + user_sid = pdb_get_user_sid(pw); + + if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) { + fstring user_sid_string; + fstring domain_sid_string; + DEBUG(0, ("init_sam_user_info_21A: User %s has SID %s, \nwhich conflicts with " + "the domain sid %s. Failing operation.\n", + user_name, + sid_to_string(user_sid_string, user_sid), + sid_to_string(domain_sid_string, domain_sid))); + return NT_STATUS_UNSUCCESSFUL; + } + + group_sid = pdb_get_group_sid(pw); + + if (!sid_peek_check_rid(domain_sid, group_sid, &group_rid)) { + fstring group_sid_string; + fstring domain_sid_string; + DEBUG(0, ("init_sam_user_info_21A: User %s has Primary Group SID %s, \n" + "which conflicts with the domain sid %s. Failing operation.\n", + user_name, + sid_to_string(group_sid_string, group_sid), + sid_to_string(domain_sid_string, domain_sid))); + return NT_STATUS_UNSUCCESSFUL; + } + + usr->user_rid = user_rid; + usr->group_rid = group_rid; usr->acb_info = pdb_get_acct_ctrl(pw); usr->unknown_3 = pdb_get_unknown3(pw); @@ -5917,6 +6056,8 @@ void init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw) memcpy(&usr->logon_hrs.hours, pdb_get_hours(pw), MAX_HOURS_LEN); } else memset(&usr->logon_hrs, 0xff, sizeof(usr->logon_hrs)); + + return NT_STATUS_OK; } /******************************************************************* @@ -6702,17 +6843,16 @@ BOOL samr_io_r_get_dom_pwinfo(char *desc, SAMR_R_GET_DOM_PWINFO * r_u, if(!prs_align(ps)) return False; - if(!prs_uint16("unk_0", ps, depth, &r_u->unk_0)) - return False; - if(!prs_align(ps)) - return False; - if(!prs_uint16("unk_1", ps, depth, &r_u->unk_1)) - return False; - if(!prs_align(ps)) + /* + * We need 16 bytes here according to tests. Don't know + * what they are, but the length is important for the singing + */ + + if(!prs_uint32("unk_0", ps, depth, &r_u->unk_0)) return False; - if(!prs_uint16("unk_2", ps, depth, &r_u->unk_2)) + if(!prs_uint32("unk_1", ps, depth, &r_u->unk_1)) return False; - if(!prs_align(ps)) + if(!prs_uint32("unk_2", ps, depth, &r_u->unk_2)) return False; if(!prs_ntstatus("status", ps, depth, &r_u->status)) diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 4f093b2422c..56eaf4c5b5c 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -1,5 +1,6 @@ /* - * Unix SMB/CIFS implementation. + * Unix SMB/Netbios implementation. + * Version 1.9. * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-1998, * Copyright (C) Jeremy R. Allison 1995-1998 @@ -23,6 +24,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_PARSE + /******************************************************************* Sets up a SEC_ACCESS structure. ********************************************************************/ @@ -43,9 +47,6 @@ BOOL sec_io_access(char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) prs_debug(ps, depth, desc, "sec_io_access"); depth++; - - if(!prs_align(ps)) - return False; if(!prs_uint32("mask", ps, depth, &(t->mask))) return False; @@ -112,9 +113,6 @@ BOOL sec_io_ace(char *desc, SEC_ACE *psa, prs_struct *ps, int depth) prs_debug(ps, depth, desc, "sec_io_ace"); depth++; - - if(!prs_align(ps)) - return False; old_offset = prs_offset(ps); @@ -130,9 +128,6 @@ BOOL sec_io_ace(char *desc, SEC_ACE *psa, prs_struct *ps, int depth) if(!sec_io_access("info ", &psa->info, ps, depth)) return False; - if(!prs_align(ps)) - return False; - /* check whether object access is present */ if (!sec_ace_object(psa->type)) { if (!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth)) @@ -293,6 +288,13 @@ BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) uint32 offset_acl_size; SEC_ACL *psa; + /* + * Note that the size is always a multiple of 4 bytes due to the + * nature of the data structure. Therefore the prs_align() calls + * have been removed as they through us off when doing two-layer + * marshalling such as in the printing code (NEW_BUFFER). --jerry + */ + if (ppsa == NULL) return False; @@ -309,9 +311,6 @@ BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) prs_debug(ps, depth, desc, "sec_io_acl"); depth++; - - if(!prs_align(ps)) - return False; old_offset = prs_offset(ps); @@ -341,9 +340,6 @@ BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) return False; } - if(!prs_align(ps)) - return False; - if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_acl_size, old_offset)) return False; @@ -362,17 +358,19 @@ size_t sec_desc_size(SEC_DESC *psd) offset = SEC_DESC_HEADER_SIZE; + /* don't align */ + if (psd->owner_sid != NULL) - offset += ((sid_size(psd->owner_sid) + 3) & ~3); + offset += sid_size(psd->owner_sid); if (psd->grp_sid != NULL) - offset += ((sid_size(psd->grp_sid) + 3) & ~3); + offset += sid_size(psd->grp_sid); if (psd->sacl != NULL) - offset += ((psd->sacl->size + 3) & ~3); + offset += psd->sacl->size; if (psd->dacl != NULL) - offset += ((psd->dacl->size + 3) & ~3); + offset += psd->dacl->size; return offset; } @@ -640,7 +638,7 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, if (offset == 0) offset = SEC_DESC_HEADER_SIZE; - offset += ((sid_size(dst->owner_sid) + 3) & ~3); + offset += sid_size(dst->owner_sid); } if (dst->grp_sid != NULL) { @@ -648,7 +646,7 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, if (offset == 0) offset = SEC_DESC_HEADER_SIZE; - offset += ((sid_size(dst->grp_sid) + 3) & ~3); + offset += sid_size(dst->grp_sid); } if (dst->sacl != NULL) { @@ -656,7 +654,7 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, offset_acl = SEC_DESC_HEADER_SIZE; dst->off_sacl = offset_acl; - offset_acl += ((dst->sacl->size + 3) & ~3); + offset_acl += dst->sacl->size; offset += dst->sacl->size; offset_sid += dst->sacl->size; } @@ -667,19 +665,20 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, offset_acl = SEC_DESC_HEADER_SIZE; dst->off_dacl = offset_acl; - offset_acl += ((dst->dacl->size + 3) & ~3); + offset_acl += dst->dacl->size; offset += dst->dacl->size; offset_sid += dst->dacl->size; } *sd_size = (size_t)((offset == 0) ? SEC_DESC_HEADER_SIZE : offset); - dst->off_owner_sid = offset_sid; - if (dst->owner_sid != NULL) + dst->off_owner_sid = offset_sid; + + /* sid_size() returns 0 if the sid is NULL so this is ok */ + + if (dst->grp_sid != NULL) dst->off_grp_sid = offset_sid + sid_size(dst->owner_sid); - else - dst->off_grp_sid = offset_sid; return dst; @@ -748,8 +747,15 @@ BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) prs_debug(ps, depth, desc, "sec_io_desc"); depth++; +#if 0 + /* + * if alignment is needed, should be done by the the + * caller. Not here. This caused me problems when marshalling + * printer info into a buffer. --jerry + */ if(!prs_align(ps)) return False; +#endif /* start of security descriptor stored for back-calc offset purposes */ old_offset = prs_offset(ps); @@ -776,72 +782,69 @@ BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) if (psd->off_owner_sid != 0) { + tmp_offset = ps->data_offset; + if(!prs_set_offset(ps, old_offset + psd->off_owner_sid)) + return False; + if (UNMARSHALLING(ps)) { - if(!prs_set_offset(ps, old_offset + psd->off_owner_sid)) - return False; /* reading */ if((psd->owner_sid = (DOM_SID *)prs_alloc_mem(ps,sizeof(*psd->owner_sid))) == NULL) return False; } - tmp_offset = ps->data_offset; - ps->data_offset = psd->off_owner_sid; - if(!smb_io_dom_sid("owner_sid ", psd->owner_sid , ps, depth)) return False; - if(!prs_align(ps)) - return False; - ps->data_offset = tmp_offset; - } + max_offset = MAX(max_offset, prs_offset(ps)); - max_offset = MAX(max_offset, prs_offset(ps)); + if (!prs_set_offset(ps,tmp_offset)) + return False; + } if (psd->off_grp_sid != 0) { + tmp_offset = ps->data_offset; + if(!prs_set_offset(ps, old_offset + psd->off_grp_sid)) + return False; + if (UNMARSHALLING(ps)) { /* reading */ - if(!prs_set_offset(ps, old_offset + psd->off_grp_sid)) - return False; if((psd->grp_sid = (DOM_SID *)prs_alloc_mem(ps,sizeof(*psd->grp_sid))) == NULL) return False; } - tmp_offset = ps->data_offset; - ps->data_offset = psd->off_grp_sid; - if(!smb_io_dom_sid("grp_sid", psd->grp_sid, ps, depth)) return False; - if(!prs_align(ps)) - return False; + + max_offset = MAX(max_offset, prs_offset(ps)); - ps->data_offset = tmp_offset; + if (!prs_set_offset(ps,tmp_offset)) + return False; } - max_offset = MAX(max_offset, prs_offset(ps)); - if ((psd->type & SEC_DESC_SACL_PRESENT) && psd->off_sacl) { + tmp_offset = ps->data_offset; if(!prs_set_offset(ps, old_offset + psd->off_sacl)) return False; if(!sec_io_acl("sacl", &psd->sacl, ps, depth)) return False; - if(!prs_align(ps)) + max_offset = MAX(max_offset, prs_offset(ps)); + if (!prs_set_offset(ps,tmp_offset)) return False; } - max_offset = MAX(max_offset, prs_offset(ps)); if ((psd->type & SEC_DESC_DACL_PRESENT) && psd->off_dacl != 0) { + tmp_offset = ps->data_offset; if(!prs_set_offset(ps, old_offset + psd->off_dacl)) return False; if(!sec_io_acl("dacl", &psd->dacl, ps, depth)) return False; - if(!prs_align(ps)) + max_offset = MAX(max_offset, prs_offset(ps)); + if (!prs_set_offset(ps,tmp_offset)) return False; } - max_offset = MAX(max_offset, prs_offset(ps)); - if(!prs_set_offset(ps, max_offset)) return False; return True; diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c index e9f0ca858a9..b10a5c43771 100644 --- a/source3/rpc_parse/parse_spoolss.c +++ b/source3/rpc_parse/parse_spoolss.c @@ -4,8 +4,8 @@ * Copyright (C) Andrew Tridgell 1992-2000, * Copyright (C) Luke Kenneth Casson Leighton 1996-2000, * Copyright (C) Jean François Micouleau 1998-2000, - * Copyright (C) Gerald Carter 2000-2002 - * Copyright (C) Tim Potter 2001. + * Copyright (C) Gerald Carter 2000-2002, + * Copyright (C) Tim Potter 2001-2002. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -24,6 +24,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_PARSE + /******************************************************************* return the length of a UNISTR string. ********************************************************************/ @@ -45,7 +48,7 @@ static uint32 str_len_uni(UNISTR *source) This should be moved in a more generic lib. ********************************************************************/ -static BOOL spoolss_io_system_time(char *desc, prs_struct *ps, int depth, SYSTEMTIME *systime) +BOOL spoolss_io_system_time(char *desc, prs_struct *ps, int depth, SYSTEMTIME *systime) { if(!prs_uint16("year", ps, depth, &systime->year)) return False; @@ -321,53 +324,64 @@ static BOOL smb_io_notify_info_data(char *desc,SPOOL_NOTIFY_INFO_DATA *data, prs { uint32 useless_ptr=0xADDE0FF0; - uint32 how_many_words; - BOOL isvalue; - uint32 x; - prs_debug(ps, depth, desc, "smb_io_notify_info_data"); depth++; - how_many_words=data->size; - if (how_many_words==POINTER) { - how_many_words=TWO_VALUE; - } - - isvalue=data->enc_type; - if(!prs_align(ps)) return False; if(!prs_uint16("type", ps, depth, &data->type)) return False; if(!prs_uint16("field", ps, depth, &data->field)) return False; - /*prs_align(ps);*/ - if(!prs_uint32("how many words", ps, depth, &how_many_words)) + if(!prs_uint32("how many words", ps, depth, &data->size)) return False; if(!prs_uint32("id", ps, depth, &data->id)) return False; - if(!prs_uint32("how many words", ps, depth, &how_many_words)) + if(!prs_uint32("how many words", ps, depth, &data->size)) return False; + switch (data->enc_type) { + + /* One and two value data has two uint32 values */ - /*prs_align(ps);*/ + case NOTIFY_ONE_VALUE: + case NOTIFY_TWO_VALUE: - if (isvalue==True) { if(!prs_uint32("value[0]", ps, depth, &data->notify_data.value[0])) return False; if(!prs_uint32("value[1]", ps, depth, &data->notify_data.value[1])) return False; - /*prs_align(ps);*/ - } else { - /* it's a string */ - /* length in ascii including \0 */ - x=2*(data->notify_data.data.length+1); - if(!prs_uint32("string length", ps, depth, &x )) + break; + + /* Pointers and strings have a string length and a + pointer. For a string the length is expressed as + the number of uint16 characters plus a trailing + \0\0. */ + + case NOTIFY_POINTER: + + if(!prs_uint32("string length", ps, depth, &data->notify_data.data.length )) return False; if(!prs_uint32("pointer", ps, depth, &useless_ptr)) return False; - /*prs_align(ps);*/ + + break; + + case NOTIFY_STRING: + + if(!prs_uint32("string length", ps, depth, &data->notify_data.data.length)) + return False; + + if(!prs_uint32("pointer", ps, depth, &useless_ptr)) + return False; + + break; + + default: + DEBUG(3, ("invalid enc_type %d for smb_io_notify_info_data\n", + data->enc_type)); + break; } return True; @@ -380,22 +394,79 @@ reads or writes an NOTIFY INFO DATA structure. BOOL smb_io_notify_info_data_strings(char *desc,SPOOL_NOTIFY_INFO_DATA *data, prs_struct *ps, int depth) { - uint32 x; - BOOL isvalue; - prs_debug(ps, depth, desc, "smb_io_notify_info_data_strings"); depth++; if(!prs_align(ps)) return False; - isvalue=data->enc_type; + switch(data->enc_type) { + + /* No data for values */ + + case NOTIFY_ONE_VALUE: + case NOTIFY_TWO_VALUE: + + break; + + /* Strings start with a length in uint16s */ + + case NOTIFY_STRING: + + if (UNMARSHALLING(ps)) { + data->notify_data.data.string = + (uint16 *)prs_alloc_mem(ps, data->notify_data.data.length); + + if (!data->notify_data.data.string) + return False; + } + + if (MARSHALLING(ps)) + data->notify_data.data.length /= 2; + + if(!prs_uint32("string length", ps, depth, &data->notify_data.data.length)) + return False; + + if (!prs_uint16uni(True, "string", ps, depth, data->notify_data.data.string, + data->notify_data.data.length)) + return False; + + if (MARSHALLING(ps)) + data->notify_data.data.length *= 2; + + break; + + case NOTIFY_POINTER: + + if (UNMARSHALLING(ps)) { + data->notify_data.data.string = + (uint16 *)prs_alloc_mem(ps, data->notify_data.data.length); + + if (!data->notify_data.data.string) + return False; + } + + if(!prs_uint8s(True,"buffer",ps,depth,(uint8*)data->notify_data.data.string,data->notify_data.data.length)) + return False; + + break; + + default: + DEBUG(3, ("invalid enc_type %d for smb_io_notify_info_data_strings\n", + data->enc_type)); + break; + } +#if 0 if (isvalue==False) { + /* length of string in unicode include \0 */ x=data->notify_data.data.length+1; + + if (data->field != 16) if(!prs_uint32("string length", ps, depth, &x )) return False; + if (MARSHALLING(ps)) { /* These are already in little endian format. Don't byte swap. */ if (x == 1) { @@ -409,6 +480,10 @@ BOOL smb_io_notify_info_data_strings(char *desc,SPOOL_NOTIFY_INFO_DATA *data, if(!prs_uint8s(True,"string",ps,depth, (uint8 *)&data->notify_data.data.length,x*2)) return False; } else { + + if (data->field == 16) + x /= 2; + if(!prs_uint16uni(True,"string",ps,depth,data->notify_data.data.string,x)) return False; } @@ -424,10 +499,11 @@ BOOL smb_io_notify_info_data_strings(char *desc,SPOOL_NOTIFY_INFO_DATA *data, return False; } } -#if 0 /* JERRY */ - /* Win2k does not seem to put this parse align here */ +#endif +#if 0 /* JERRY */ + /* Win2k does not seem to put this parse align here */ if(!prs_align(ps)) return False; #endif @@ -546,8 +622,40 @@ static BOOL spool_io_user_level(char *desc, SPOOL_USER_CTR *q_u, prs_struct *ps, * on reading allocate memory for the private member ********************************************************************/ +#define DM_NUM_OPTIONAL_FIELDS 8 + BOOL spoolss_io_devmode(char *desc, prs_struct *ps, int depth, DEVICEMODE *devmode) { + uint32 available_space; /* size of the device mode left to parse */ + /* only important on unmarshalling */ + int i = 0; + + struct optional_fields { + fstring name; + uint32* field; + } opt_fields[DM_NUM_OPTIONAL_FIELDS] = { + { "icmmethod", NULL }, + { "icmintent", NULL }, + { "mediatype", NULL }, + { "dithertype", NULL }, + { "reserved1", NULL }, + { "reserved2", NULL }, + { "panningwidth", NULL }, + { "panningheight", NULL } + }; + + /* assign at run time to keep non-gcc vompilers happy */ + + opt_fields[0].field = &devmode->icmmethod; + opt_fields[1].field = &devmode->icmintent; + opt_fields[2].field = &devmode->mediatype; + opt_fields[3].field = &devmode->dithertype; + opt_fields[4].field = &devmode->reserved1; + opt_fields[5].field = &devmode->reserved2; + opt_fields[6].field = &devmode->panningwidth; + opt_fields[7].field = &devmode->panningheight; + + prs_debug(ps, depth, desc, "spoolss_io_devmode"); depth++; @@ -559,8 +667,27 @@ BOOL spoolss_io_devmode(char *desc, prs_struct *ps, int depth, DEVICEMODE *devmo if (!prs_uint16uni(True,"devicename", ps, depth, devmode->devicename.buffer, 32)) return False; + if (!prs_uint16("specversion", ps, depth, &devmode->specversion)) return False; + + /* Sanity Check - look for unknown specversions, but don't fail if we see one. + Let the size determine that */ + + switch (devmode->specversion) { + case 0x0320: + case 0x0400: + case 0x0401: + break; + + default: + DEBUG(0,("spoolss_io_devmode: Unknown specversion in devicemode [0x%x]\n", + devmode->specversion)); + DEBUG(0,("spoolss_io_devmode: please report to samba-technical@samba.org!\n")); + break; + } + + if (!prs_uint16("driverversion", ps, depth, &devmode->driverversion)) return False; if (!prs_uint16("size", ps, depth, &devmode->size)) @@ -616,45 +743,50 @@ BOOL spoolss_io_devmode(char *desc, prs_struct *ps, int depth, DEVICEMODE *devmo return False; if (!prs_uint32("displayfrequency", ps, depth, &devmode->displayfrequency)) return False; + /* + * every device mode I've ever seen on the wire at least has up + * to the displayfrequency field. --jerry (05-09-2002) + */ + + /* add uint32's + uint16's + two UNICODE strings */ + + available_space = devmode->size - (sizeof(uint32)*6 + sizeof(uint16)*18 + sizeof(uint16)*64); + + /* Sanity check - we only have uint32's left tp parse */ + + if ( available_space && ((available_space % sizeof(uint32)) != 0) ) { + DEBUG(0,("spoolss_io_devmode: available_space [%d] no in multiple of 4 bytes (size = %d)!\n", + available_space, devmode->size)); + DEBUG(0,("spoolss_io_devmode: please report to samba-technical@samba.org!\n")); + return False; + } /* * Conditional parsing. Assume that the DeviceMode has been * zero'd by the caller. */ - switch(devmode->specversion) { - /* Used by spooler when issuing OpenPrinter() calls. NT 3.5x? */ - case 0x0320: - break; + while ((available_space > 0) && (i < DM_NUM_OPTIONAL_FIELDS)) + { + DEBUG(10, ("spoolss_io_devmode: [%d] bytes left to parse in devmode\n", available_space)); + if (!prs_uint32(opt_fields[i].name, ps, depth, opt_fields[i].field)) + return False; + available_space -= sizeof(uint32); + i++; + } + + /* Sanity Check - we should no available space at this point unless + MS changes the device mode structure */ - /* See the comments on the DEVMODE in the msdn GDI documentation */ - case 0x0400: - case 0x0401: - if (!prs_uint32("icmmethod", ps, depth, &devmode->icmmethod)) - return False; - if (!prs_uint32("icmintent", ps, depth, &devmode->icmintent)) - return False; - if (!prs_uint32("mediatype", ps, depth, &devmode->mediatype)) - return False; - if (!prs_uint32("dithertype", ps, depth, &devmode->dithertype)) - return False; - if (!prs_uint32("reserved1", ps, depth, &devmode->reserved1)) - return False; - if (!prs_uint32("reserved2", ps, depth, &devmode->reserved2)) + if (available_space) { + DEBUG(0,("spoolss_io_devmode: I've parsed all I know and there is still stuff left|\n")); + DEBUG(0,("spoolss_io_devmode: available_space = [%d], devmode_size = [%d]!\n", + available_space, devmode->size)); + DEBUG(0,("spoolss_io_devmode: please report to samba-technical@samba.org!\n")); return False; - if (!prs_uint32("panningwidth", ps, depth, &devmode->panningwidth)) - return False; - if (!prs_uint32("panningheight", ps, depth, &devmode->panningheight)) - return False; - break; - - /* log an error if we see something else */ - default: - DEBUG(0,("spoolss_io_devmode: Unknown specversion [0x%x]!\n", devmode->specversion)); - DEBUG(0,("spoolss_io_devmode: Please report to samba-technical@samba.org\n")); - break; } + if (devmode->driverextra!=0) { if (UNMARSHALLING(ps)) { devmode->private=(uint8 *)prs_alloc_mem(ps, devmode->driverextra*sizeof(uint8)); @@ -900,6 +1032,7 @@ BOOL make_spoolss_printer_info_2(TALLOC_CTX *mem_ctx, SPOOL_PRINTER_INFO_LEVEL_2 return True; } + /******************************************************************* * read a structure. * called from spoolss_q_open_printer_ex (srv_spoolss.c) @@ -1047,15 +1180,15 @@ BOOL make_spoolss_q_deleteprinterdriver( ********************************************************************/ BOOL make_spoolss_q_getprinterdata(SPOOL_Q_GETPRINTERDATA *q_u, - const POLICY_HND *handle, - UNISTR2 *valuename, uint32 size) + const POLICY_HND *handle, + char *valuename, uint32 size) { if (q_u == NULL) return False; DEBUG(5,("make_spoolss_q_getprinterdata\n")); q_u->handle = *handle; - copy_unistr2(&q_u->valuename, valuename); + init_unistr2(&q_u->valuename, valuename, strlen(valuename) + 1); q_u->size = size; return True; @@ -1130,6 +1263,48 @@ BOOL spoolss_io_r_deleteprinterdata(char *desc, SPOOL_R_DELETEPRINTERDATA *r_u, return True; } +/******************************************************************* + * read a structure. + * called from spoolss_q_deleteprinterdataex (srv_spoolss.c) + ********************************************************************/ + +BOOL spoolss_io_q_deleteprinterdataex(char *desc, SPOOL_Q_DELETEPRINTERDATAEX *q_u, prs_struct *ps, int depth) +{ + if (q_u == NULL) + return False; + + prs_debug(ps, depth, desc, "spoolss_io_q_deleteprinterdataex"); + depth++; + + if (!prs_align(ps)) + return False; + if (!smb_io_pol_hnd("printer handle", &q_u->handle, ps, depth)) + return False; + + if (!smb_io_unistr2("keyname ", &q_u->keyname, True, ps, depth)) + return False; + if (!smb_io_unistr2("valuename", &q_u->valuename, True, ps, depth)) + return False; + + return True; +} + +/******************************************************************* + * write a structure. + * called from spoolss_r_deleteprinterdataex (srv_spoolss.c) + ********************************************************************/ + +BOOL spoolss_io_r_deleteprinterdataex(char *desc, SPOOL_R_DELETEPRINTERDATAEX *r_u, prs_struct *ps, int depth) +{ + prs_debug(ps, depth, desc, "spoolss_io_r_deleteprinterdataex"); + depth++; + + if(!prs_werror("status", ps, depth, &r_u->status)) + return False; + + return True; +} + /******************************************************************* * write a structure. * called from spoolss_r_getprinterdata (srv_spoolss.c) @@ -1150,6 +1325,12 @@ BOOL spoolss_io_r_getprinterdata(char *desc, SPOOL_R_GETPRINTERDATA *r_u, prs_st if (!prs_uint32("size", ps, depth, &r_u->size)) return False; + if (UNMARSHALLING(ps) && r_u->size) { + r_u->data = prs_alloc_mem(ps, r_u->size); + if(r_u->data) + return False; + } + if (!prs_uint8s(False,"data", ps, depth, r_u->data, r_u->size)) return False; @@ -1311,6 +1492,64 @@ BOOL spoolss_io_r_deleteprinterdriver(char *desc, SPOOL_R_DELETEPRINTERDRIVER *r } +/******************************************************************* + * read a structure. + * called from api_spoolss_deleteprinterdriver (srv_spoolss.c) + * called from spoolss_deleteprinterdriver (cli_spoolss.c) + ********************************************************************/ + +BOOL spoolss_io_q_deleteprinterdriverex(char *desc, SPOOL_Q_DELETEPRINTERDRIVEREX *q_u, prs_struct *ps, int depth) +{ + if (q_u == NULL) return False; + + prs_debug(ps, depth, desc, "spoolss_io_q_deleteprinterdriverex"); + depth++; + + if (!prs_align(ps)) + return False; + + if(!prs_uint32("server_ptr", ps, depth, &q_u->server_ptr)) + return False; + if(!smb_io_unistr2("server", &q_u->server, q_u->server_ptr, ps, depth)) + return False; + if(!smb_io_unistr2("arch", &q_u->arch, True, ps, depth)) + return False; + if(!smb_io_unistr2("driver", &q_u->driver, True, ps, depth)) + return False; + + if (!prs_align(ps)) + return False; + + if(!prs_uint32("delete_flags ", ps, depth, &q_u->delete_flags)) + return False; + if(!prs_uint32("version ", ps, depth, &q_u->version)) + return False; + + + return True; +} + + +/******************************************************************* + * write a structure. + ********************************************************************/ +BOOL spoolss_io_r_deleteprinterdriverex(char *desc, SPOOL_R_DELETEPRINTERDRIVEREX *r_u, prs_struct *ps, int depth) +{ + if (r_u == NULL) return False; + + prs_debug(ps, depth, desc, "spoolss_io_r_deleteprinterdriverex"); + depth++; + + if (!prs_align(ps)) + return False; + + if (!prs_werror("status", ps, depth, &r_u->status)) + return False; + + return True; +} + + /******************************************************************* * read a structure. @@ -2072,6 +2311,10 @@ static BOOL smb_io_reldevmode(char *desc, NEW_BUFFER *buffer, int depth, DEVICEM /* read the offset */ if (!prs_uint32("offset", ps, depth, &buffer->string_at_end)) return False; + if (buffer->string_at_end == 0) { + *devmode = NULL; + return True; + } old_offset = prs_offset(ps); if(!prs_set_offset(ps, buffer->string_at_end + buffer->struct_start)) @@ -2222,6 +2465,8 @@ BOOL smb_io_printer_info_1(char *desc, NEW_BUFFER *buffer, PRINTER_INFO_1 *info, BOOL smb_io_printer_info_2(char *desc, NEW_BUFFER *buffer, PRINTER_INFO_2 *info, int depth) { prs_struct *ps=&buffer->prs; + uint32 dm_offset, sd_offset, current_offset; + uint32 dummy_value = 0; prs_debug(ps, depth, desc, "smb_io_printer_info_2"); depth++; @@ -2243,8 +2488,9 @@ BOOL smb_io_printer_info_2(char *desc, NEW_BUFFER *buffer, PRINTER_INFO_2 *info, if (!smb_io_relstr("location", buffer, depth, &info->location)) return False; - /* NT parses the DEVMODE at the end of the struct */ - if (!smb_io_reldevmode("devmode", buffer, depth, &info->devmode)) + /* save current offset and wind forwared by a uint32 */ + dm_offset = prs_offset(ps); + if (!prs_uint32("devmode", ps, depth, &dummy_value)) return False; if (!smb_io_relstr("sepfile", buffer, depth, &info->sepfile)) @@ -2256,9 +2502,31 @@ BOOL smb_io_printer_info_2(char *desc, NEW_BUFFER *buffer, PRINTER_INFO_2 *info, if (!smb_io_relstr("parameters", buffer, depth, &info->parameters)) return False; + /* save current offset for the sec_desc */ + sd_offset = prs_offset(ps); + if (!prs_uint32("sec_desc", ps, depth, &dummy_value)) + return False; + + + /* save current location so we can pick back up here */ + current_offset = prs_offset(ps); + + /* parse the devmode */ + if (!prs_set_offset(ps, dm_offset)) + return False; + if (!smb_io_reldevmode("devmode", buffer, depth, &info->devmode)) + return False; + + /* parse the sec_desc */ + if (!prs_set_offset(ps, sd_offset)) + return False; if (!smb_io_relsecdesc("secdesc", buffer, depth, &info->secdesc)) return False; + /* pick up where we left off */ + if (!prs_set_offset(ps, current_offset)) + return False; + if (!prs_uint32("attributes", ps, depth, &info->attributes)) return False; if (!prs_uint32("priority", ps, depth, &info->priority)) @@ -2276,13 +2544,6 @@ BOOL smb_io_printer_info_2(char *desc, NEW_BUFFER *buffer, PRINTER_INFO_2 *info, if (!prs_uint32("averageppm", ps, depth, &info->averageppm)) return False; -#if 0 /* JFMTEST */ - if (!prs_uint32_post("secdesc_ptr", ps, depth, NULL, sec_offset, info->secdesc ? prs_offset(ps)-buffer->struct_start : 0 )) - return False; - - if (!sec_io_desc("secdesc", &info->secdesc, ps, depth)) - return False; -#endif return True; } @@ -3034,7 +3295,7 @@ uint32 spoolss_size_printer_info_2(PRINTER_INFO_2 *info) uint32 size=0; size += 4; - /* JRA !!!! TESTME - WHAT ABOUT prs_align.... !!! */ + size += sec_desc_size( info->secdesc ); size+=size_of_device_mode( info->devmode ); @@ -3060,6 +3321,16 @@ uint32 spoolss_size_printer_info_2(PRINTER_INFO_2 *info) size+=size_of_uint32( &info->status ); size+=size_of_uint32( &info->cjobs ); size+=size_of_uint32( &info->averageppm ); + + /* + * add any adjustments for alignment. This is + * not optimal since we could be calling this + * function from a loop (e.g. enumprinters), but + * it is easier to maintain the calculation here and + * not place the burden on the caller to remember. --jerry + */ + size += size % 4; + return size; } @@ -3529,7 +3800,7 @@ BOOL spoolss_io_r_getprinterdriver2(char *desc, SPOOL_R_GETPRINTERDRIVER2 *r_u, BOOL make_spoolss_q_enumprinters( SPOOL_Q_ENUMPRINTERS *q_u, uint32 flags, - fstring servername, + char *servername, uint32 level, NEW_BUFFER *buffer, uint32 offered @@ -4767,60 +5038,56 @@ BOOL spool_io_printer_driver_info_level_6(char *desc, SPOOL_PRINTER_DRIVER_INFO_ if(!prs_align(ps)) return False; + /* + * I know this seems weird, but I have no other explanation. + * This is observed behavior on both NT4 and 2K servers. + * --jerry + */ + + if (!prs_align_uint64(ps)) + return False; /* parse the main elements the packet */ - if(!prs_uint32("version", ps, depth, &il->version)) + if(!prs_uint32("cversion ", ps, depth, &il->version)) return False; - - if(!prs_uint32("name_ptr", ps, depth, &il->name_ptr)) - return False; - /* - * If name_ptr is NULL then the next 4 bytes are the name_ptr. A driver - * with a NULL name just isn't a driver For example: "HP LaserJet 4si" - * from W2K CDROM (which uses unidriver). JohnR 010205 - */ - if (!il->name_ptr) { - DEBUG(5,("spool_io_printer_driver_info_level_6: name_ptr is NULL! Get next value\n")); - if(!prs_uint32("name_ptr", ps, depth, &il->name_ptr)) - return False; - } - - if(!prs_uint32("environment_ptr", ps, depth, &il->environment_ptr)) + if(!prs_uint32("name ", ps, depth, &il->name_ptr)) return False; - if(!prs_uint32("driverpath_ptr", ps, depth, &il->driverpath_ptr)) + if(!prs_uint32("environment ", ps, depth, &il->environment_ptr)) return False; - if(!prs_uint32("datafile_ptr", ps, depth, &il->datafile_ptr)) + if(!prs_uint32("driverpath ", ps, depth, &il->driverpath_ptr)) return False; - if(!prs_uint32("configfile_ptr", ps, depth, &il->configfile_ptr)) + if(!prs_uint32("datafile ", ps, depth, &il->datafile_ptr)) return False; - if(!prs_uint32("helpfile_ptr", ps, depth, &il->helpfile_ptr)) + if(!prs_uint32("configfile ", ps, depth, &il->configfile_ptr)) return False; - if(!prs_uint32("monitorname_ptr", ps, depth, &il->monitorname_ptr)) + if(!prs_uint32("helpfile ", ps, depth, &il->helpfile_ptr)) return False; - if(!prs_uint32("defaultdatatype_ptr", ps, depth, &il->defaultdatatype_ptr)) + if(!prs_uint32("monitorname ", ps, depth, &il->monitorname_ptr)) return False; - if(!prs_uint32("dependentfiles_len", ps, depth, &il->dependentfiles_len)) + if(!prs_uint32("defaultdatatype", ps, depth, &il->defaultdatatype_ptr)) return False; - if(!prs_uint32("dependentfiles_ptr", ps, depth, &il->dependentfiles_ptr)) + if(!prs_uint32("dependentfiles ", ps, depth, &il->dependentfiles_len)) return False; - if(!prs_uint32("previousnames_len", ps, depth, &il->previousnames_len)) + if(!prs_uint32("dependentfiles ", ps, depth, &il->dependentfiles_ptr)) return False; - if(!prs_uint32("previousnames_ptr", ps, depth, &il->previousnames_ptr)) + if(!prs_uint32("previousnames ", ps, depth, &il->previousnames_len)) return False; - if(!smb_io_time("driverdate", &il->driverdate, ps, depth)) + if(!prs_uint32("previousnames ", ps, depth, &il->previousnames_ptr)) return False; - if(!prs_uint32("dummy4", ps, depth, &il->dummy4)) + if(!smb_io_time("driverdate ", &il->driverdate, ps, depth)) return False; - if(!prs_uint64("driverversion", ps, depth, &il->driverversion)) + if(!prs_uint32("dummy4 ", ps, depth, &il->dummy4)) return False; - if(!prs_uint32("mfgname_ptr", ps, depth, &il->mfgname_ptr)) + if(!prs_uint64("driverversion ", ps, depth, &il->driverversion)) return False; - if(!prs_uint32("oemurl_ptr", ps, depth, &il->oemurl_ptr)) + if(!prs_uint32("mfgname ", ps, depth, &il->mfgname_ptr)) return False; - if(!prs_uint32("hardwareid_ptr", ps, depth, &il->hardwareid_ptr)) + if(!prs_uint32("oemurl ", ps, depth, &il->oemurl_ptr)) return False; - if(!prs_uint32("provider_ptr", ps, depth, &il->provider_ptr)) + if(!prs_uint32("hardwareid ", ps, depth, &il->hardwareid_ptr)) + return False; + if(!prs_uint32("provider ", ps, depth, &il->provider_ptr)) return False; /* parse the structures in the packet */ @@ -5146,6 +5413,53 @@ BOOL spoolss_io_r_addprinterdriver(char *desc, SPOOL_R_ADDPRINTERDRIVER *q_u, pr return True; } +/******************************************************************* + fill in the prs_struct for a ADDPRINTERDRIVER request PDU + ********************************************************************/ + +BOOL spoolss_io_q_addprinterdriverex(char *desc, SPOOL_Q_ADDPRINTERDRIVEREX *q_u, prs_struct *ps, int depth) +{ + prs_debug(ps, depth, desc, "spoolss_io_q_addprinterdriverex"); + depth++; + + if(!prs_align(ps)) + return False; + + if(!prs_uint32("server_name_ptr", ps, depth, &q_u->server_name_ptr)) + return False; + if(!smb_io_unistr2("server_name", &q_u->server_name, q_u->server_name_ptr, ps, depth)) + return False; + + if(!prs_align(ps)) + return False; + if(!prs_uint32("info_level", ps, depth, &q_u->level)) + return False; + + if(!spool_io_printer_driver_info_level("", &q_u->info, ps, depth)) + return False; + + if(!prs_align(ps)) + return False; + if(!prs_uint32("copy flags", ps, depth, &q_u->copy_flags)) + return False; + + return True; +} + +/******************************************************************* +********************************************************************/ + +BOOL spoolss_io_r_addprinterdriverex(char *desc, SPOOL_R_ADDPRINTERDRIVEREX *q_u, prs_struct *ps, int depth) +{ + prs_debug(ps, depth, desc, "spoolss_io_r_addprinterdriverex"); + depth++; + + if(!prs_werror("status", ps, depth, &q_u->status)) + return False; + + return True; +} + /******************************************************************* ********************************************************************/ @@ -5653,6 +5967,14 @@ BOOL spoolss_io_r_enumprinterdata(char *desc, SPOOL_R_ENUMPRINTERDATA *r_u, prs_ if(!prs_uint32("valuesize", ps, depth, &r_u->valuesize)) return False; + if (UNMARSHALLING(ps) && r_u->valuesize) { + r_u->value = (uint16 *)prs_alloc_mem(ps, r_u->valuesize * 2); + if (!r_u->value) { + DEBUG(0, ("spoolss_io_r_enumprinterdata: out of memory for printerdata value\n")); + return False; + } + } + if(!prs_uint16uni(False, "value", ps, depth, r_u->value, r_u->valuesize )) return False; @@ -5667,6 +5989,15 @@ BOOL spoolss_io_r_enumprinterdata(char *desc, SPOOL_R_ENUMPRINTERDATA *r_u, prs_ if(!prs_uint32("datasize", ps, depth, &r_u->datasize)) return False; + + if (UNMARSHALLING(ps) && r_u->datasize) { + r_u->data = (uint8 *)prs_alloc_mem(ps, r_u->datasize); + if (!r_u->data) { + DEBUG(0, ("spoolss_io_r_enumprinterdata: out of memory for printerdata data\n")); + return False; + } + } + if(!prs_uint8s(False, "data", ps, depth, r_u->data, r_u->datasize)) return False; if(!prs_align(ps)) @@ -5719,19 +6050,15 @@ BOOL make_spoolss_q_enumprinterdata(SPOOL_Q_ENUMPRINTERDATA *q_u, /******************************************************************* ********************************************************************/ -BOOL make_spoolss_q_setprinterdata(SPOOL_Q_SETPRINTERDATA *q_u, TALLOC_CTX *ctx, const POLICY_HND *hnd, - char* value, char* data) +BOOL make_spoolss_q_setprinterdata(SPOOL_Q_SETPRINTERDATA *q_u, const POLICY_HND *hnd, + char* value, char* data, uint32 data_size) { - UNISTR2 tmp; - memcpy(&q_u->handle, hnd, sizeof(q_u->handle)); q_u->type = REG_SZ; init_unistr2(&q_u->value, value, strlen(value)+1); - init_unistr2(&tmp, data, strlen(data)+1); - q_u->max_len = q_u->real_len = tmp.uni_max_len*2; - q_u->data = talloc(ctx, q_u->real_len); - memcpy(q_u->data, tmp.buffer, q_u->real_len); + q_u->max_len = q_u->real_len = data_size; + q_u->data = data; return True; } @@ -6696,6 +7023,44 @@ BOOL spoolss_io_r_enumprinterkey(char *desc, SPOOL_R_ENUMPRINTERKEY *r_u, prs_st return True; } +/******************************************************************* + * read a structure. + ********************************************************************/ + +BOOL spoolss_io_q_deleteprinterkey(char *desc, SPOOL_Q_DELETEPRINTERKEY *q_u, prs_struct *ps, int depth) +{ + prs_debug(ps, depth, desc, "spoolss_io_q_deleteprinterkey"); + depth++; + + if(!prs_align(ps)) + return False; + if(!smb_io_pol_hnd("printer handle", &q_u->handle, ps, depth)) + return False; + + if(!smb_io_unistr2("", &q_u->keyname, True, ps, depth)) + return False; + + return True; +} + +/******************************************************************* + * write a structure. + ********************************************************************/ + +BOOL spoolss_io_r_deleteprinterkey(char *desc, SPOOL_R_DELETEPRINTERKEY *r_u, prs_struct *ps, int depth) +{ + prs_debug(ps, depth, desc, "spoolss_io_r_deleteprinterkey"); + depth++; + + if(!prs_align(ps)) + return False; + + if(!prs_werror("status", ps, depth, &r_u->status)) + return False; + + return True; +} + /******************************************************************* * read a structure. @@ -7016,3 +7381,150 @@ BOOL make_spoolss_q_enumforms(SPOOL_Q_ENUMFORMS *q_u, POLICY_HND *handle, return True; } + +/******************************************************************* + * init a structure. + ********************************************************************/ + +BOOL make_spoolss_q_setjob(SPOOL_Q_SETJOB *q_u, POLICY_HND *handle, + uint32 jobid, uint32 level, uint32 command) +{ + memcpy(&q_u->handle, handle, sizeof(POLICY_HND)); + q_u->jobid = jobid; + q_u->level = level; + + /* Hmm - the SPOOL_Q_SETJOB structure has a JOB_INFO ctr in it but + the server side code has it marked as unused. */ + + q_u->command = command; + + return True; +} + +/******************************************************************* + * init a structure. + ********************************************************************/ + +BOOL make_spoolss_q_getjob(SPOOL_Q_GETJOB *q_u, POLICY_HND *handle, + uint32 jobid, uint32 level, NEW_BUFFER *buffer, + uint32 offered) +{ + memcpy(&q_u->handle, handle, sizeof(POLICY_HND)); + q_u->jobid = jobid; + q_u->level = level; + q_u->buffer = buffer; + q_u->offered = offered; + + return True; +} + +/******************************************************************* + * init a structure. + ********************************************************************/ + +BOOL make_spoolss_q_startpageprinter(SPOOL_Q_STARTPAGEPRINTER *q_u, + POLICY_HND *handle) +{ + memcpy(&q_u->handle, handle, sizeof(POLICY_HND)); + + return True; +} + +/******************************************************************* + * init a structure. + ********************************************************************/ + +BOOL make_spoolss_q_endpageprinter(SPOOL_Q_ENDPAGEPRINTER *q_u, + POLICY_HND *handle) +{ + memcpy(&q_u->handle, handle, sizeof(POLICY_HND)); + + return True; +} + +/******************************************************************* + * init a structure. + ********************************************************************/ + +BOOL make_spoolss_q_startdocprinter(SPOOL_Q_STARTDOCPRINTER *q_u, + POLICY_HND *handle, uint32 level, + char *docname, char *outputfile, + char *datatype) +{ + DOC_INFO_CONTAINER *ctr = &q_u->doc_info_container; + + memcpy(&q_u->handle, handle, sizeof(POLICY_HND)); + + ctr->level = level; + + switch (level) { + case 1: + ctr->docinfo.switch_value = level; + + ctr->docinfo.doc_info_1.p_docname = docname ? 1 : 0; + ctr->docinfo.doc_info_1.p_outputfile = outputfile ? 1 : 0; + ctr->docinfo.doc_info_1.p_datatype = datatype ? 1 : 0; + + if (docname) + init_unistr2(&ctr->docinfo.doc_info_1.docname, docname, + strlen(docname) + 1); + + if (outputfile) + init_unistr2(&ctr->docinfo.doc_info_1.outputfile, outputfile, + strlen(outputfile) + 1); + + if (datatype) + init_unistr2(&ctr->docinfo.doc_info_1.datatype, datatype, + strlen(datatype) + 1); + + break; + case 2: + /* DOC_INFO_2 is only used by Windows 9x and since it + doesn't do printing over RPC we don't have to worry + about it. */ + default: + DEBUG(3, ("unsupported info level %d\n", level)); + return False; + } + + return True; +} + +/******************************************************************* + * init a structure. + ********************************************************************/ + +BOOL make_spoolss_q_enddocprinter(SPOOL_Q_ENDDOCPRINTER *q_u, + POLICY_HND *handle) +{ + memcpy(&q_u->handle, handle, sizeof(POLICY_HND)); + + return True; +} + +/******************************************************************* + * init a structure. + ********************************************************************/ + +BOOL make_spoolss_q_writeprinter(SPOOL_Q_WRITEPRINTER *q_u, + POLICY_HND *handle, uint32 data_size, + char *data) +{ + memcpy(&q_u->handle, handle, sizeof(POLICY_HND)); + q_u->buffer_size = q_u->buffer_size2 = data_size; + q_u->buffer = data; + return True; +} + +/******************************************************************* + * init a structure. + ********************************************************************/ + +BOOL make_spoolss_q_deleteprinterdata(SPOOL_Q_DELETEPRINTERDATA *q_u, + POLICY_HND *handle, char *valuename) +{ + memcpy(&q_u->handle, handle, sizeof(POLICY_HND)); + init_unistr2(&q_u->valuename, valuename, strlen(valuename) + 1); + + return True; +} diff --git a/source3/rpc_parse/parse_srv.c b/source3/rpc_parse/parse_srv.c index 9c9d5f1e9cb..3dc054d2b17 100644 --- a/source3/rpc_parse/parse_srv.c +++ b/source3/rpc_parse/parse_srv.c @@ -5,6 +5,7 @@ * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, * Copyright (C) Paul Ashton 1997. * Copyright (C) Jeremy Allison 1999. + * Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2002 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -23,6 +24,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_PARSE + /******************************************************************* Inits a SH_INFO_1_STR structure ********************************************************************/ @@ -108,10 +112,14 @@ void init_srv_share_info2_str(SH_INFO_2_STR *sh2, { DEBUG(5,("init_srv_share_info2_str\n")); - init_unistr2(&sh2->uni_netname, net_name, strlen(net_name)+1); - init_unistr2(&sh2->uni_remark, remark, strlen(remark)+1); - init_unistr2(&sh2->uni_path, path, strlen(path)+1); - init_unistr2(&sh2->uni_passwd, passwd, strlen(passwd)+1); + if (net_name) + init_unistr2(&sh2->uni_netname, net_name, strlen(net_name)+1); + if (remark) + init_unistr2(&sh2->uni_remark, remark, strlen(remark)+1); + if (path) + init_unistr2(&sh2->uni_path, path, strlen(path)+1); + if (passwd) + init_unistr2(&sh2->uni_passwd, passwd, strlen(passwd)+1); } /******************************************************************* @@ -658,7 +666,9 @@ void init_srv_q_net_share_enum(SRV_Q_NET_SHARE_ENUM *q_n, init_buf_unistr2(&q_n->uni_srv_name, &q_n->ptr_srv_name, srv_name); q_n->ctr.info_level = q_n->ctr.switch_value = info_level; - q_n->ctr.ptr_share_info = 0; + q_n->ctr.ptr_share_info = 1; + q_n->ctr.num_entries = 0; + q_n->ctr.ptr_entries = 0; q_n->preferred_len = preferred_len; memcpy(&q_n->enum_hnd, hnd, sizeof(*hnd)); @@ -952,9 +962,34 @@ BOOL srv_io_q_net_share_add(char *desc, SRV_Q_NET_SHARE_ADD *q_n, prs_struct *ps if(!srv_io_srv_share_info("info ", ps, depth, &q_n->info)) return False; + if(!prs_uint32("ptr_err_index", ps, depth, &q_n->ptr_err_index)) + return False; + if (q_n->ptr_err_index) + if (!prs_uint32("err_index", ps, depth, &q_n->err_index)) + return False; + return True; } +void init_srv_q_net_share_add(SRV_Q_NET_SHARE_ADD *q, char *srvname, + char *netname, uint32 type, char *remark, + uint32 perms, uint32 max_uses, uint32 num_uses, + char *path, char *passwd) +{ + q->ptr_srv_name = 1; + init_unistr2(&q->uni_srv_name, srvname, strlen(srvname) +1); + q->info.switch_value = q->info_level = 2; + + q->info.ptr_share_ctr = 1; + init_srv_share_info2(&q->info.share.info2.info_2, netname, type, + remark, perms, max_uses, num_uses, path, passwd); + init_srv_share_info2_str(&q->info.share.info2.info_2_str, netname, + remark, path, passwd); + q->ptr_err_index = 1; + q->err_index = 0; +} + + /******************************************************************* Reads or writes a structure. ********************************************************************/ @@ -978,6 +1013,14 @@ BOOL srv_io_r_net_share_add(char *desc, SRV_R_NET_SHARE_ADD *q_n, prs_struct *ps return True; } +void init_srv_q_net_share_del(SRV_Q_NET_SHARE_DEL *del, const char *srvname, + const char *sharename) +{ + del->ptr_srv_name = 1; + init_unistr2(&del->uni_srv_name, srvname, strlen(srvname) +1 ); + init_unistr2(&del->uni_share_name, sharename, strlen(sharename) + 1); +} + /******************************************************************* Reads or writes a structure. ********************************************************************/ @@ -1001,6 +1044,11 @@ BOOL srv_io_q_net_share_del(char *desc, SRV_Q_NET_SHARE_DEL *q_n, prs_struct *ps if(!smb_io_unistr2("", &q_n->uni_share_name, True, ps, depth)) return False; + if(!prs_align(ps)) + return False; + if(!prs_uint32("reserved", ps, depth, &q_n->reserved)) + return False; + return True; } @@ -1148,7 +1196,7 @@ void init_srv_sess_info1_str(SESS_INFO_1_STR *ss1, char *name, char *user) DEBUG(5,("init_srv_sess_info1_str\n")); init_unistr2(&ss1->uni_name, name, strlen(name)+1); - init_unistr2(&ss1->uni_user, name, strlen(user)+1); + init_unistr2(&ss1->uni_user, user, strlen(user)+1); } /******************************************************************* @@ -1329,10 +1377,10 @@ static BOOL srv_io_srv_sess_ctr(char *desc, SRV_SESS_INFO_CTR **pp_ctr, prs_stru ********************************************************************/ void init_srv_q_net_sess_enum(SRV_Q_NET_SESS_ENUM *q_n, - char *srv_name, char *qual_name, - uint32 sess_level, SRV_SESS_INFO_CTR *ctr, - uint32 preferred_len, - ENUM_HND *hnd) + char *srv_name, char *qual_name, + char *user_name, uint32 sess_level, + SRV_SESS_INFO_CTR *ctr, uint32 preferred_len, + ENUM_HND *hnd) { q_n->ctr = ctr; @@ -1340,6 +1388,7 @@ void init_srv_q_net_sess_enum(SRV_Q_NET_SESS_ENUM *q_n, init_buf_unistr2(&q_n->uni_srv_name, &q_n->ptr_srv_name, srv_name); init_buf_unistr2(&q_n->uni_qual_name, &q_n->ptr_qual_name, qual_name); + init_buf_unistr2(&q_n->uni_user_name, &q_n->ptr_user_name, user_name); q_n->sess_level = sess_level; q_n->preferred_len = preferred_len; @@ -1375,6 +1424,13 @@ BOOL srv_io_q_net_sess_enum(char *desc, SRV_Q_NET_SESS_ENUM *q_n, prs_struct *ps if(!smb_io_unistr2("", &q_n->uni_qual_name, q_n->ptr_qual_name, ps, depth)) return False; + if(!prs_align(ps)) + return False; + if(!prs_uint32("ptr_user_name", ps, depth, &q_n->ptr_user_name)) + return False; + if(!smb_io_unistr2("", &q_n->uni_user_name, q_n->ptr_user_name, ps, depth)) + return False; + if(!prs_align(ps)) return False; @@ -1879,91 +1935,67 @@ static BOOL srv_io_file_info3(char *desc, FILE_INFO_3 *fl3, prs_struct *ps, int Reads or writes a structure. ********************************************************************/ -static BOOL srv_io_srv_file_info_3(char *desc, SRV_FILE_INFO_3 *fl3, prs_struct *ps, int depth) +static BOOL srv_io_srv_file_ctr(char *desc, SRV_FILE_INFO_CTR *ctr, prs_struct *ps, int depth) { - if (fl3 == NULL) + if (ctr == NULL) return False; - prs_debug(ps, depth, desc, "srv_io_file_3_fl3"); + prs_debug(ps, depth, desc, "srv_io_srv_file_ctr"); depth++; + if (UNMARSHALLING(ps)) { + memset(ctr, '\0', sizeof(SRV_FILE_INFO_CTR)); + } + if(!prs_align(ps)) return False; - if(!prs_uint32("num_entries_read", ps, depth, &fl3->num_entries_read)) + if(!prs_uint32("switch_value", ps, depth, &ctr->switch_value)) return False; - if(!prs_uint32("ptr_file_fl3", ps, depth, &fl3->ptr_file_info)) + if (ctr->switch_value != 3) { + DEBUG(5,("%s File info %d level not supported\n", + tab_depth(depth), ctr->switch_value)); + } + if(!prs_uint32("ptr_file_info", ps, depth, &ctr->ptr_file_info)) + return False; + if(!prs_uint32("num_entries", ps, depth, &ctr->num_entries)) + return False; + if(!prs_uint32("ptr_entries", ps, depth, &ctr->ptr_entries)) + return False; + if (ctr->ptr_entries == 0) + return True; + if(!prs_uint32("num_entries2", ps, depth, + &ctr->num_entries2)) return False; - if (fl3->ptr_file_info != 0) { + switch (ctr->switch_value) { + case 3: { + SRV_FILE_INFO_3 *info3 = ctr->file.info3; + int num_entries = ctr->num_entries; int i; - int num_entries = fl3->num_entries_read; - if (num_entries > MAX_FILE_ENTRIES) { - num_entries = MAX_FILE_ENTRIES; /* report this! */ + if (UNMARSHALLING(ps)) { + if (!(info3 = (SRV_FILE_INFO_3 *)prs_alloc_mem(ps, num_entries * sizeof(SRV_FILE_INFO_3)))) + return False; + ctr->file.info3 = info3; } - if(!prs_uint32("num_entries_read2", ps, depth, &fl3->num_entries_read2)) - return False; - for (i = 0; i < num_entries; i++) { - if(!srv_io_file_info3("", &fl3->info_3[i], ps, depth)) + if(!srv_io_file_info3("", &ctr->file.info3[i].info_3, ps, depth)) return False; } - for (i = 0; i < num_entries; i++) { - if(!srv_io_file_info3_str("", &fl3->info_3_str[i], ps, depth)) + if(!srv_io_file_info3_str("", &ctr->file.info3[i].info_3_str, ps, depth)) return False; } - - if(!prs_align(ps)) - return False; - } - - return True; -} - -/******************************************************************* - Reads or writes a structure. -********************************************************************/ - -static BOOL srv_io_srv_file_ctr(char *desc, SRV_FILE_INFO_CTR **pp_ctr, prs_struct *ps, int depth) -{ - SRV_FILE_INFO_CTR *ctr = *pp_ctr; - - if (UNMARSHALLING(ps)) { - ctr = *pp_ctr = (SRV_FILE_INFO_CTR *)prs_alloc_mem(ps, sizeof(SRV_FILE_INFO_CTR)); - if (ctr == NULL) - return False; + break; } - - if (ctr == NULL) - return False; - - prs_debug(ps, depth, desc, "srv_io_srv_file_ctr"); - depth++; - - if(!prs_align(ps)) - return False; - - if(!prs_uint32("switch_value", ps, depth, &ctr->switch_value)) - return False; - if(!prs_uint32("ptr_file_ctr", ps, depth, &ctr->ptr_file_ctr)) - return False; - - if (ctr->ptr_file_ctr != 0) { - switch (ctr->switch_value) { - case 3: - if(!srv_io_srv_file_info_3("", &ctr->file.info3, ps, depth)) - return False; - break; - default: - DEBUG(5,("%s no file info at switch_value %d\n", - tab_depth(depth), ctr->switch_value)); - break; - } + default: + DEBUG(5,("%s no file info at switch_value %d\n", + tab_depth(depth), ctr->switch_value)); + break; } - + return True; } @@ -1972,20 +2004,22 @@ static BOOL srv_io_srv_file_ctr(char *desc, SRV_FILE_INFO_CTR **pp_ctr, prs_stru ********************************************************************/ void init_srv_q_net_file_enum(SRV_Q_NET_FILE_ENUM *q_n, - char *srv_name, char *qual_name, - uint32 file_level, SRV_FILE_INFO_CTR *ctr, - uint32 preferred_len, - ENUM_HND *hnd) + char *srv_name, char *qual_name, char *user_name, + uint32 file_level, SRV_FILE_INFO_CTR *ctr, + uint32 preferred_len, + ENUM_HND *hnd) { DEBUG(5,("init_q_net_file_enum\n")); - q_n->ctr = ctr; - init_buf_unistr2(&q_n->uni_srv_name, &q_n->ptr_srv_name, srv_name); init_buf_unistr2(&q_n->uni_qual_name, &q_n->ptr_qual_name, qual_name); + init_buf_unistr2(&q_n->uni_user_name, &q_n->ptr_user_name, user_name); - q_n->file_level = file_level; + q_n->file_level = q_n->ctr.switch_value = file_level; q_n->preferred_len = preferred_len; + q_n->ctr.ptr_file_info = 1; + q_n->ctr.num_entries = 0; + q_n->ctr.num_entries2 = 0; memcpy(&q_n->enum_hnd, hnd, sizeof(*hnd)); } @@ -2021,6 +2055,13 @@ BOOL srv_io_q_net_file_enum(char *desc, SRV_Q_NET_FILE_ENUM *q_n, prs_struct *ps if(!prs_align(ps)) return False; + if(!prs_uint32("ptr_user_name", ps, depth, &q_n->ptr_user_name)) + return False; + if(!smb_io_unistr2("", &q_n->uni_user_name, q_n->ptr_user_name, ps, depth)) + return False; + + if(!prs_align(ps)) + return False; if(!prs_uint32("file_level", ps, depth, &q_n->file_level)) return False; @@ -2071,6 +2112,68 @@ BOOL srv_io_r_net_file_enum(char *desc, SRV_R_NET_FILE_ENUM *r_n, prs_struct *ps return True; } +/******************************************************************* + Initialize a net file close request +********************************************************************/ +void init_srv_q_net_file_close(SRV_Q_NET_FILE_CLOSE *q_n, char *server, + uint32 file_id) +{ + q_n->ptr_srv_name = 1; + init_unistr2(&q_n->uni_srv_name, server, strlen(server) + 1); + q_n->file_id = file_id; +} + +/******************************************************************* + Reads or writes a structure. +********************************************************************/ +BOOL srv_io_q_net_file_close(char *desc, SRV_Q_NET_FILE_CLOSE *q_n, + prs_struct *ps, int depth) +{ + if (q_n == NULL) + return False; + + prs_debug(ps, depth, desc, "srv_io_q_net_file_close"); + depth++; + + if(!prs_align(ps)) + return False; + + if(!prs_uint32("ptr_srv_name", ps, depth, &q_n->ptr_srv_name)) + return False; + if(!smb_io_unistr2("", &q_n->uni_srv_name, True, ps, depth)) + return False; + + if(!prs_align(ps)) + return False; + + if(!prs_uint32("file_id", ps, depth, &q_n->file_id)) + return False; + + return True; +} + +/******************************************************************* + Reads or writes a structure. +********************************************************************/ + +BOOL srv_io_r_net_file_close(char *desc, SRV_R_NET_FILE_CLOSE *q_n, + prs_struct *ps, int depth) +{ + if (q_n == NULL) + return False; + + prs_debug(ps, depth, desc, "srv_io_r_net_file_close"); + depth++; + + if(!prs_align(ps)) + return False; + + if(!prs_werror("status", ps, depth, &q_n->status)) + return False; + + return True; +} + /******************************************************************* Inits a SRV_INFO_100 structure. ********************************************************************/ @@ -2907,3 +3010,14 @@ BOOL srv_io_r_net_file_set_secdesc(char *desc, SRV_R_NET_FILE_SET_SECDESC *r_n, return True; } + +/******************************************************************* + Inits a structure +********************************************************************/ + +void init_srv_q_net_remote_tod(SRV_Q_NET_REMOTE_TOD *q_u, char *server) +{ + q_u->ptr_srv_name = 1; + init_unistr2(&q_u->uni_srv_name, server, strlen(server) + 1); +} + diff --git a/source3/rpc_parse/parse_wks.c b/source3/rpc_parse/parse_wks.c index 3846c2e3b61..7b8fd76b7b9 100644 --- a/source3/rpc_parse/parse_wks.c +++ b/source3/rpc_parse/parse_wks.c @@ -22,6 +22,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_PARSE + /******************************************************************* Init ********************************************************************/ diff --git a/source3/rpc_server/srv_dfs.c b/source3/rpc_server/srv_dfs.c index 4351fd088e8..5edc1222a8d 100644 --- a/source3/rpc_server/srv_dfs.c +++ b/source3/rpc_server/srv_dfs.c @@ -28,6 +28,9 @@ #define MAX_MSDFS_JUNCTIONS 256 +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + extern pstring global_myname; /********************************************************************** diff --git a/source3/rpc_server/srv_dfs_nt.c b/source3/rpc_server/srv_dfs_nt.c index 4db6c61a3c2..65e387176d3 100644 --- a/source3/rpc_server/srv_dfs_nt.c +++ b/source3/rpc_server/srv_dfs_nt.c @@ -26,6 +26,9 @@ #include "includes.h" #include "nterr.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + extern pstring global_myname; #define MAX_MSDFS_JUNCTIONS 256 @@ -69,10 +72,7 @@ WERROR _dfs_add(pipes_struct *p, DFS_Q_DFS_ADD* q_u, DFS_R_DFS_ADD *r_u) pstrcat(altpath, "\\"); pstrcat(altpath, sharename); - if(!create_junction(dfspath, &jn)) - return WERR_DFS_NO_SUCH_SERVER; - - if(get_referred_path(&jn)) + if(get_referred_path(dfspath, &jn, NULL, NULL)) { exists = True; jn.referral_count += 1; @@ -137,16 +137,14 @@ WERROR _dfs_remove(pipes_struct *p, DFS_Q_DFS_REMOVE *q_u, pstrcpy(altpath, servername); pstrcat(altpath, "\\"); pstrcat(altpath, sharename); + strlower(altpath); } DEBUG(5,("init_reply_dfs_remove: Request to remove %s -> %s\\%s.\n", dfspath, servername, sharename)); - if(!create_junction(dfspath, &jn)) - return WERR_DFS_NO_SUCH_SERVER; - - if(!get_referred_path(&jn)) - return WERR_DFS_NO_SUCH_VOL; + if(!get_referred_path(dfspath, &jn, NULL, NULL)) + return WERR_DFS_NO_SUCH_VOL; /* if no server-share pair given, remove the msdfs link completely */ if(!q_u->ptr_ServerName && !q_u->ptr_ShareName) @@ -158,14 +156,18 @@ WERROR _dfs_remove(pipes_struct *p, DFS_Q_DFS_REMOVE *q_u, { int i=0; /* compare each referral in the list with the one to remove */ + DEBUG(10,("altpath: .%s. refcnt: %d\n", altpath, jn.referral_count)); for(i=0;ilevel = level; r_u->ptr_ctr = 1; diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c index fcd4be02126..e5a4d3b46d5 100644 --- a/source3/rpc_server/srv_lsa.c +++ b/source3/rpc_server/srv_lsa.c @@ -25,6 +25,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + /*************************************************************************** api_lsa_open_policy2 ***************************************************************************/ @@ -105,8 +108,10 @@ static BOOL api_lsa_enum_trust_dom(pipes_struct *p) if(!lsa_io_q_enum_trust_dom("", &q_u, data, 0)) return False; + /* get required trusted domains information */ r_u.status = _lsa_enum_trust_dom(p, &q_u, &r_u); + /* prepare the response */ if(!lsa_io_r_enum_trust_dom("", &r_u, rdata, 0)) return False; diff --git a/source3/rpc_server/srv_lsa_hnd.c b/source3/rpc_server/srv_lsa_hnd.c index 84c3c5a9598..2d04d723230 100644 --- a/source3/rpc_server/srv_lsa_hnd.c +++ b/source3/rpc_server/srv_lsa_hnd.c @@ -22,6 +22,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + /* This is the max handles across all instances of a pipe name. */ #ifndef MAX_OPEN_POLS #define MAX_OPEN_POLS 1024 @@ -134,6 +137,14 @@ BOOL create_policy_hnd(pipes_struct *p, POLICY_HND *hnd, void (*free_fn)(void *) DLIST_ADD(p->pipe_handles->Policy, pol); p->pipe_handles->count++; + /* + * Ensure we don't idle this connection if a handle is open. + * Increment the number of files open on the first handle create. + */ + + if (p->pipe_handles->count == 1) + p->conn->num_files_open++; + *hnd = pol->pol_hnd; DEBUG(4,("Opened policy hnd[%d] ", (int)p->pipe_handles->count)); @@ -201,6 +212,15 @@ BOOL close_policy_hnd(pipes_struct *p, POLICY_HND *hnd) p->pipe_handles->count--; + /* + * Ensure we can idle this connection if this is the last handle. + * Decrement the number of files open on the last handle delete. + */ + + if (p->pipe_handles->count == 0) + p->conn->num_files_open--; + + DLIST_REMOVE(p->pipe_handles->Policy, pol); ZERO_STRUCTP(pol); @@ -232,3 +252,31 @@ void close_policy_by_pipe(pipes_struct *p) DEBUG(10,("close_policy_by_pipe: deleted handle list for pipe %s\n", p->name )); } } + +/******************************************************************* +Shall we allow access to this rpc? Currently this function +implements the 'restrict anonymous' setting by denying access to +anonymous users if the restrict anonymous level is > 0. Further work +will be checking a security descriptor to determine whether a user +token has enough access to access the pipe. +********************************************************************/ + +BOOL pipe_access_check(pipes_struct *p) +{ + /* Don't let anonymous users access this RPC if restrict + anonymous > 0 */ + + if (lp_restrict_anonymous() > 0) { + user_struct *user = get_valid_user_struct(p->vuid); + + if (!user) { + DEBUG(3, ("invalid vuid %d\n", p->vuid)); + return False; + } + + if (user->guest) + return False; + } + + return True; +} diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 84ab44bc30d..d072061a5f6 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -3,8 +3,9 @@ * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-1997, * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, - * Copyright (C) Paul Ashton 1997. - * Copyright (C) Jeremy Allison 2001. + * Copyright (C) Paul Ashton 1997, + * Copyright (C) Jeremy Allison 2001, + * Copyright (C) Rafal Szczesniak 2002. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -25,7 +26,9 @@ #include "includes.h" -extern DOM_SID global_sam_sid; +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + extern fstring global_myworkgroup; extern pstring global_myname; extern PRIVS privs[]; @@ -164,7 +167,7 @@ static void init_lsa_rid2s(DOM_R_REF *ref, DOM_RID2 *rid2, DEBUG(5, ("init_lsa_rid2s: %s\n", status ? "found" : "not found")); - if (status) { + if (status && name_type != SID_NAME_UNKNOWN) { sid_split_rid(&sid, &rid); dom_idx = init_dom_ref(ref, dom_name, &sid); (*mapped_count)++; @@ -258,6 +261,8 @@ static void init_lsa_trans_names(TALLOC_CTX *ctx, DOM_R_REF *ref, LSA_TRANS_NAME if (!status) { sid_name_use = SID_NAME_UNKNOWN; + } else { + (*mapped_count)++; } /* Store domain sid in ref array */ @@ -271,8 +276,6 @@ static void init_lsa_trans_names(TALLOC_CTX *ctx, DOM_R_REF *ref, LSA_TRANS_NAME DEBUG(10,("init_lsa_trans_names: added user '%s\\%s' to " "referenced list.\n", dom_name, name )); - (*mapped_count)++; - init_lsa_trans_name(&trn->name[total], &trn->uni_name[total], sid_name_use, name, dom_idx); total++; @@ -319,7 +322,7 @@ static NTSTATUS lsa_get_generic_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s init_sec_access(&mask, POLICY_EXECUTE); init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); - sid_copy(&adm_sid, &global_sam_sid); + sid_copy(&adm_sid, get_global_sam_sid()); sid_append_rid(&adm_sid, DOMAIN_GROUP_RID_ADMINS); init_sec_access(&mask, POLICY_ALL_ACCESS); init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); @@ -366,7 +369,7 @@ NTSTATUS _lsa_open_policy2(pipes_struct *p, LSA_Q_OPEN_POL2 *q_u, LSA_R_OPEN_POL return NT_STATUS_NO_MEMORY; ZERO_STRUCTP(info); - info->sid = global_sam_sid; + sid_copy(&info->sid,get_global_sam_sid()); info->access = acc_granted; /* set up the LSA QUERY INFO response */ @@ -404,7 +407,7 @@ NTSTATUS _lsa_open_policy(pipes_struct *p, LSA_Q_OPEN_POL *q_u, LSA_R_OPEN_POL * return NT_STATUS_NO_MEMORY; ZERO_STRUCTP(info); - info->sid = global_sam_sid; + sid_copy(&info->sid,get_global_sam_sid()); info->access = acc_granted; /* set up the LSA QUERY INFO response */ @@ -416,14 +419,22 @@ NTSTATUS _lsa_open_policy(pipes_struct *p, LSA_Q_OPEN_POL *q_u, LSA_R_OPEN_POL * /*************************************************************************** _lsa_enum_trust_dom - this needs fixing to do more than return NULL ! JRA. + ufff, done :) mimir ***************************************************************************/ NTSTATUS _lsa_enum_trust_dom(pipes_struct *p, LSA_Q_ENUM_TRUST_DOM *q_u, LSA_R_ENUM_TRUST_DOM *r_u) { struct lsa_info *info; - uint32 enum_context = 0; - char *dom_name = NULL; - DOM_SID *dom_sid = NULL; + uint32 enum_context = q_u->enum_context; + + /* + * preferred length is set to 5 as a "our" preferred length + * nt sets this parameter to 2 + */ + uint32 max_num_domains = q_u->preferred_len < 5 ? q_u->preferred_len : 10; + TRUSTDOM **trust_doms; + uint32 num_domains; + NTSTATUS nt_status; if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) return NT_STATUS_INVALID_HANDLE; @@ -432,9 +443,18 @@ NTSTATUS _lsa_enum_trust_dom(pipes_struct *p, LSA_Q_ENUM_TRUST_DOM *q_u, LSA_R_E if (!(info->access & POLICY_VIEW_LOCAL_INFORMATION)) return NT_STATUS_ACCESS_DENIED; - /* set up the LSA QUERY INFO response */ - init_r_enum_trust_dom(p->mem_ctx, r_u, enum_context, dom_name, dom_sid, - dom_name != NULL ? NT_STATUS_OK : NT_STATUS_NO_MORE_ENTRIES); + nt_status = secrets_get_trusted_domains(p->mem_ctx, &enum_context, max_num_domains, &num_domains, &trust_doms); + + if (!NT_STATUS_IS_OK(nt_status) && + !NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES) && + !NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_MORE_ENTRIES)) { + return nt_status; + } else { + r_u->status = nt_status; + } + + /* set up the lsa_enum_trust_dom response */ + init_r_enum_trust_dom(p->mem_ctx, r_u, enum_context, max_num_domains, num_domains, trust_doms); return r_u->status; } @@ -484,7 +504,7 @@ NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INF case ROLE_DOMAIN_PDC: case ROLE_DOMAIN_BDC: name = global_myworkgroup; - sid = &global_sam_sid; + sid = get_global_sam_sid(); break; case ROLE_DOMAIN_MEMBER: name = global_myworkgroup; @@ -514,15 +534,15 @@ NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INF case ROLE_DOMAIN_PDC: case ROLE_DOMAIN_BDC: name = global_myworkgroup; - sid = &global_sam_sid; + sid = get_global_sam_sid(); break; case ROLE_DOMAIN_MEMBER: name = global_myname; - sid = &global_sam_sid; + sid = get_global_sam_sid(); break; case ROLE_STANDALONE: name = global_myname; - sid = &global_sam_sid; + sid = get_global_sam_sid(); break; default: return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index dfd270ff7d0..f96a0e2f2da 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -25,6 +25,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + /************************************************************************* api_net_req_chal: *************************************************************************/ diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index bdb064c81df..4ab9c470d08 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -26,8 +26,10 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + extern pstring global_myname; -extern DOM_SID global_sam_sid; /************************************************************************* init_net_r_req_chal: @@ -150,7 +152,7 @@ NTSTATUS _net_trust_dom_list(pipes_struct *p, NET_Q_TRUST_DOM_LIST *q_u, NET_R_T ***********************************************************************************/ static void init_net_r_srv_pwset(NET_R_SRV_PWSET *r_s, - DOM_CRED *srv_cred, NTSTATUS status) + DOM_CRED *srv_cred, NTSTATUS status) { DEBUG(5,("init_net_r_srv_pwset: %d\n", __LINE__)); @@ -378,7 +380,7 @@ NTSTATUS _net_auth_2(pipes_struct *p, NET_Q_AUTH_2 *q_u, NET_R_AUTH_2 *r_u) NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_u) { - NTSTATUS status = NT_STATUS_WRONG_PASSWORD; + NTSTATUS status = NT_STATUS_ACCESS_DENIED; DOM_CRED srv_cred; pstring workstation; SAM_ACCOUNT *sampass=NULL; @@ -395,8 +397,8 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET * DEBUG(5,("_net_srv_pwset: %d\n", __LINE__)); - rpcstr_pull(workstation,q_u->clnt_id.login.uni_acct_name.buffer, - sizeof(workstation),q_u->clnt_id.login.uni_acct_name.uni_str_len*2,0); + rpcstr_pull(workstation,q_u->clnt_id.login.uni_comp_name.buffer, + sizeof(workstation),q_u->clnt_id.login.uni_comp_name.uni_str_len*2,0); DEBUG(3,("Server Password Set by Wksta:[%s] on account [%s]\n", workstation, p->dc.mach_acct)); @@ -656,14 +658,35 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * { DOM_GID *gids = NULL; + const DOM_SID *user_sid = NULL; + const DOM_SID *group_sid = NULL; + DOM_SID domain_sid; + uint32 user_rid, group_rid; + int num_gids = 0; pstring my_name; - pstring my_workgroup; - + fstring user_sid_string; + fstring group_sid_string; + + sampw = server_info->sam_account; + /* set up pointer indicating user/password failed to be found */ usr_info->ptr_user_info = 0; - - pstrcpy(my_workgroup, lp_workgroup()); + + user_sid = pdb_get_user_sid(sampw); + group_sid = pdb_get_group_sid(sampw); + + sid_copy(&domain_sid, user_sid); + sid_split_rid(&domain_sid, &user_rid); + + if (!sid_peek_check_rid(&domain_sid, group_sid, &group_rid)) { + DEBUG(1, ("_net_sam_logon: user %s\\%s has user sid %s\n but group sid %s.\nThe conflicting domain portions are not supported for NETLOGON calls\n", + pdb_get_domain(sampw), pdb_get_username(sampw), + sid_to_string(user_sid_string, user_sid), + sid_to_string(group_sid_string, group_sid))); + return NT_STATUS_UNSUCCESSFUL; + } + pstrcpy(my_name, global_myname); strupper(my_name); @@ -677,12 +700,10 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * gids = NULL; get_domain_user_groups(p->mem_ctx, &num_gids, &gids, server_info->sam_account); - - sampw = server_info->sam_account; init_net_user_info3(p->mem_ctx, usr_info, - pdb_get_user_rid(sampw), - pdb_get_group_rid(sampw), + user_rid, + group_rid, pdb_get_username(sampw), pdb_get_fullname(sampw), @@ -704,8 +725,10 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * 0x20 , /* uint32 user_flgs (?) */ NULL, /* uchar sess_key[16] */ my_name , /* char *logon_srv */ - my_workgroup, /* char *logon_dom */ - &global_sam_sid, /* DOM_SID *dom_sid */ + pdb_get_domain(sampw), + &domain_sid, /* DOM_SID *dom_sid */ + /* Should be users domain sid, not servers - for trusted domains */ + NULL); /* char *other_sids */ } free_server_info(&server_info); diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 70574b4cdd9..b7be415abcd 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -39,6 +39,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + static void NTLMSSPcalc_p( pipes_struct *p, unsigned char *data, int len) { unsigned char *hash = p->ntlmssp_hash; @@ -432,7 +435,7 @@ failed authentication on named pipe %s.\n", domain, user_name, wks, p->name )); /* Set up pipe user group membership. */ initialise_groups(p->pipe_user_name, p->pipe_user.uid, p->pipe_user.gid); - get_current_groups( &p->pipe_user.ngroups, &p->pipe_user.groups); + get_current_groups(p->pipe_user.gid, &p->pipe_user.ngroups, &p->pipe_user.groups); if (server_info->ptok) add_supplementary_nt_login_groups(&p->pipe_user.ngroups, &p->pipe_user.groups, &server_info->ptok); @@ -1148,7 +1151,7 @@ BOOL api_pipe_request(pipes_struct *p) ********************************************************************/ BOOL api_rpcTNP(pipes_struct *p, char *rpc_name, - struct api_struct *api_rpc_cmds) + const struct api_struct *api_rpc_cmds) { int fn_num; fstring name; diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 44dd5fac656..cc6e4b95f9e 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -22,6 +22,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + #define PIPE "\\PIPE\\" #define PIPELEN strlen(PIPE) @@ -32,6 +35,23 @@ static int pipes_open; #define MAX_OPEN_PIPES 2048 #endif +/* + * Sometimes I can't decide if I hate Windows printer driver + * writers more than I hate the Windows spooler service driver + * writers. This gets around a combination of bugs in the spooler + * and the HP 8500 PCL driver that causes a spooler spin. JRA. + * + * bumped up from 20 -> 64 after viewing traffic from WordPerfect + * 2002 running on NT 4.- SP6 + * bumped up from 64 -> 256 after viewing traffic from con2prt + * for lots of printers on a WinNT 4.x SP6 box. + */ + +#ifndef MAX_OPEN_SPOOLSS_PIPES +#define MAX_OPEN_SPOOLSS_PIPES 256 +#endif +static int current_spoolss_pipes_open; + static smb_np_struct *Pipes; static pipes_struct *InternalPipes; static struct bitmap *bmap; @@ -99,6 +119,7 @@ void set_pipe_handle_offset(int max_open_files) /**************************************************************************** Reset pipe chain handle number. ****************************************************************************/ + void reset_chain_p(void) { chain_p = NULL; @@ -155,11 +176,20 @@ smb_np_struct *open_rpc_pipe_p(char *pipe_name, int i; smb_np_struct *p, *p_it; static int next_pipe; + BOOL is_spoolss_pipe = False; DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n", pipe_name, pipes_open)); - + if (strstr(pipe_name, "spoolss")) + is_spoolss_pipe = True; + + if (is_spoolss_pipe && current_spoolss_pipes_open >= MAX_OPEN_SPOOLSS_PIPES) { + DEBUG(10,("open_rpc_pipe_p: spooler bug workaround. Denying open on pipe %s\n", + pipe_name )); + return NULL; + } + /* not repeating pipe numbers makes it easier to track things in log files and prevents client bugs where pipe numbers are reused over connection restarts */ @@ -180,8 +210,7 @@ smb_np_struct *open_rpc_pipe_p(char *pipe_name, p = (smb_np_struct *)malloc(sizeof(*p)); - if (!p) - { + if (!p) { DEBUG(0,("ERROR! no memory for pipes_struct!\n")); return NULL; } @@ -198,13 +227,11 @@ smb_np_struct *open_rpc_pipe_p(char *pipe_name, p->np_state = p->namedpipe_create(pipe_name, conn, vuid); if (p->np_state == NULL) { - DEBUG(0,("open_rpc_pipe_p: make_internal_rpc_pipe_p failed.\n")); SAFE_FREE(p); return NULL; } - DLIST_ADD(Pipes, p); /* @@ -244,7 +271,7 @@ smb_np_struct *open_rpc_pipe_p(char *pipe_name, } /**************************************************************************** - * make an internal namedpipes structure + Make an internal namedpipes structure ****************************************************************************/ static void *make_internal_rpc_pipe_p(char *pipe_name, @@ -298,6 +325,10 @@ static void *make_internal_rpc_pipe_p(char *pipe_name, DLIST_ADD(InternalPipes, p); p->conn = conn; + + /* Ensure the connection isn't idled whilst this pipe is open. */ + p->conn->num_files_open++; + p->vuid = vuid; p->ntlmssp_chal_flags = 0; @@ -313,9 +344,10 @@ static void *make_internal_rpc_pipe_p(char *pipe_name, p->pipe_user.uid = (uid_t)-1; p->pipe_user.gid = (gid_t)-1; - /* Store the session key */ + /* Store the session key and NT_TOKEN */ if (vuser) { memcpy(p->session_key, vuser->session_key, sizeof(p->session_key)); + p->pipe_user.nt_user_token = dup_nt_token(vuser->nt_user_token); } /* @@ -1055,7 +1087,7 @@ BOOL close_rpc_pipe_hnd(smb_np_struct *p) ZERO_STRUCTP(p); SAFE_FREE(p); - + return True; } @@ -1085,6 +1117,8 @@ static BOOL close_internal_rpc_pipe_hnd(void *np_conn) DLIST_REMOVE(InternalPipes, p); + p->conn->num_files_open--; + ZERO_STRUCTP(p); SAFE_FREE(p); diff --git a/source3/rpc_server/srv_reg.c b/source3/rpc_server/srv_reg.c index 569f3fb8b13..a0963258603 100644 --- a/source3/rpc_server/srv_reg.c +++ b/source3/rpc_server/srv_reg.c @@ -1,11 +1,12 @@ -/* +/* * Unix SMB/CIFS implementation. * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-1997, * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, * Copyright (C) Paul Ashton 1997. - * Copyright (C) Marc Jacobsen 2000. - * Copyright (C) Jeremy Allison 2001. + * Copyright (C) Marc Jacobsen 2000. + * Copyright (C) Jeremy Allison 2001. + * Copyright (C) Gerald Carter 2002. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -26,6 +27,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + /******************************************************************* api_reg_close ********************************************************************/ @@ -53,10 +57,10 @@ static BOOL api_reg_close(pipes_struct *p) } /******************************************************************* - api_reg_open + api_reg_open_khlm ********************************************************************/ -static BOOL api_reg_open(pipes_struct *p) +static BOOL api_reg_open_hklm(pipes_struct *p) { REG_Q_OPEN_HKLM q_u; REG_R_OPEN_HKLM r_u; @@ -70,7 +74,7 @@ static BOOL api_reg_open(pipes_struct *p) if(!reg_io_q_open_hklm("", &q_u, data, 0)) return False; - r_u.status = _reg_open(p, &q_u, &r_u); + r_u.status = _reg_open_hklm(p, &q_u, &r_u); if(!reg_io_r_open_hklm("", &r_u, rdata, 0)) return False; @@ -78,6 +82,33 @@ static BOOL api_reg_open(pipes_struct *p) return True; } +/******************************************************************* + api_reg_open_khlm + ********************************************************************/ + +static BOOL api_reg_open_hku(pipes_struct *p) +{ + REG_Q_OPEN_HKU q_u; + REG_R_OPEN_HKU r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the reg open */ + if(!reg_io_q_open_hku("", &q_u, data, 0)) + return False; + + r_u.status = _reg_open_hku(p, &q_u, &r_u); + + if(!reg_io_r_open_hku("", &r_u, rdata, 0)) + return False; + + return True; +} + + /******************************************************************* api_reg_open_entry ********************************************************************/ @@ -184,18 +215,99 @@ static BOOL api_reg_abort_shutdown(pipes_struct *p) } +/******************************************************************* + api_reg_query_key + ********************************************************************/ + +static BOOL api_reg_query_key(pipes_struct *p) +{ + REG_Q_QUERY_KEY q_u; + REG_R_QUERY_KEY r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!reg_io_q_query_key("", &q_u, data, 0)) + return False; + + r_u.status = _reg_query_key(p, &q_u, &r_u); + + if(!reg_io_r_query_key("", &r_u, rdata, 0)) + return False; + + return True; +} + +/******************************************************************* + api_reg_unknown_1a + ********************************************************************/ + +static BOOL api_reg_unknown_1a(pipes_struct *p) +{ + REG_Q_UNKNOWN_1A q_u; + REG_R_UNKNOWN_1A r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!reg_io_q_unknown_1a("", &q_u, data, 0)) + return False; + + r_u.status = _reg_unknown_1a(p, &q_u, &r_u); + + if(!reg_io_r_unknown_1a("", &r_u, rdata, 0)) + return False; + + return True; +} + +/******************************************************************* + api_reg_enum_key + ********************************************************************/ + +static BOOL api_reg_enum_key(pipes_struct *p) +{ + REG_Q_ENUM_KEY q_u; + REG_R_ENUM_KEY r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!reg_io_q_enum_key("", &q_u, data, 0)) + return False; + + r_u.status = _reg_enum_key(p, &q_u, &r_u); + + if(!reg_io_r_enum_key("", &r_u, rdata, 0)) + return False; + + return True; +} + + + /******************************************************************* array of \PIPE\reg operations ********************************************************************/ static struct api_struct api_reg_cmds[] = { - { "REG_CLOSE" , REG_CLOSE , api_reg_close }, - { "REG_OPEN_ENTRY" , REG_OPEN_ENTRY , api_reg_open_entry }, - { "REG_OPEN" , REG_OPEN_HKLM , api_reg_open }, - { "REG_INFO" , REG_INFO , api_reg_info }, - { "REG_SHUTDOWN" , REG_SHUTDOWN , api_reg_shutdown }, - { "REG_ABORT_SHUTDOWN", REG_ABORT_SHUTDOWN, api_reg_abort_shutdown }, - { NULL, 0 , NULL } + { "REG_CLOSE" , REG_CLOSE , api_reg_close }, + { "REG_OPEN_ENTRY" , REG_OPEN_ENTRY , api_reg_open_entry }, + { "REG_OPEN_HKLM" , REG_OPEN_HKLM , api_reg_open_hklm }, + { "REG_OPEN_HKU" , REG_OPEN_HKU , api_reg_open_hku }, + { "REG_ENUM_KEY" , REG_ENUM_KEY , api_reg_enum_key }, + { "REG_QUERY_KEY" , REG_QUERY_KEY , api_reg_query_key }, + { "REG_INFO" , REG_INFO , api_reg_info }, + { "REG_SHUTDOWN" , REG_SHUTDOWN , api_reg_shutdown }, + { "REG_ABORT_SHUTDOWN" , REG_ABORT_SHUTDOWN , api_reg_abort_shutdown }, + { "REG_UNKNOWN_1A" , REG_UNKNOWN_1A , api_reg_unknown_1a }, + { NULL , 0 , NULL } }; /******************************************************************* diff --git a/source3/rpc_server/srv_reg_nt.c b/source3/rpc_server/srv_reg_nt.c index adedd4a8fab..3f07e4aaea1 100644 --- a/source3/rpc_server/srv_reg_nt.c +++ b/source3/rpc_server/srv_reg_nt.c @@ -5,7 +5,8 @@ * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, * Copyright (C) Paul Ashton 1997. * Copyright (C) Hewlett-Packard Company 1999. - * Copyright (C) Jeremy Allison 2001. + * Copyright (C) Jeremy Allison 2001. + * Copyright (C) Gerald Carter 2002. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -26,20 +27,479 @@ #include "includes.h" -struct reg_info { - /* for use by \PIPE\winreg */ +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + +#define KEY_HKLM "HKLM" +#define KEY_HKU "HKU" + +#define OUR_HANDLE(hnd) (((hnd)==NULL)?"NULL":(IVAL((hnd)->data5,4)==(uint32)sys_getpid()?"OURS":"OTHER")), \ +((unsigned int)IVAL((hnd)->data5,4)),((unsigned int)sys_getpid()) + +/* structure to store the registry handles */ + +typedef struct _RegistryKey { + struct _RegistryKey *prev, *next; + fstring name; /* name of registry key */ -}; + POLICY_HND hnd; + +} Registry_Key; + +static Registry_Key *regkeys_list; +static TDB_CONTEXT *tdb_reg; + +/*********************************************************************** + Add subkey strings to the registry tdb under a defined key + fmt is the same format as tdb_pack except this function only supports + fstrings + ***********************************************************************/ + +static BOOL store_reg_keys( TDB_CONTEXT *tdb, char *keyname, char **subkeys, uint32 num_subkeys ) +{ + TDB_DATA kbuf, dbuf; + char *buffer, *tmpbuf; + int i = 0; + uint32 len, buflen; + BOOL ret = True; + + if ( !keyname ) + return False; + + /* allocate some initial memory */ + + buffer = malloc(sizeof(pstring)); + buflen = sizeof(pstring); + len = 0; + + /* store the number of subkeys */ + + len += tdb_pack(buffer+len, buflen-len, "d", num_subkeys); + + /* pack all the strings */ + + for (i=0; i buflen ) { + /* allocate some extra space */ + if ((tmpbuf = Realloc( buffer, len*2 )) == NULL) { + DEBUG(0,("store_reg_keys: Failed to realloc memory of size [%d]\n", len*2)); + ret = False; + goto done; + } + buffer = tmpbuf; + buflen = len*2; + + len = tdb_pack(buffer+len, buflen-len, "f", subkeys[i]); + } + } + + /* finally write out the data */ + + kbuf.dptr = keyname; + kbuf.dsize = strlen(keyname)+1; + dbuf.dptr = buffer; + dbuf.dsize = len; + if ( tdb_store( tdb, kbuf, dbuf, TDB_REPLACE ) == -1) { + ret = False; + goto done; + } + +done: + SAFE_FREE( buffer ); + return ret; +} + +/*********************************************************************** + Retrieve an array of strings containing subkeys. Memory should be + released by the caller. The subkeys are stored in a catenated string + of null terminated character strings + ***********************************************************************/ + +static int fetch_reg_keys( TDB_CONTEXT *tdb, char* key, char **subkeys ) +{ + pstring path; + uint32 num_items; + TDB_DATA dbuf; + char *buf; + uint32 buflen, len; + int i; + char *s; + + + pstrcpy( path, key ); + + /* convert to key format */ + pstring_sub( path, "\\", "/" ); + + dbuf = tdb_fetch_by_string( tdb, path ); + + buf = dbuf.dptr; + buflen = dbuf.dsize; + + if ( !buf ) { + DEBUG(5,("fetch_reg_keys: Failed to fetch any subkeys for [%s]\n", key)); + return 0; + } + + len = tdb_unpack( buf, buflen, "d", &num_items); + if (num_items) { + if ( (*subkeys = (char*)malloc(sizeof(fstring)*num_items)) == NULL ) { + DEBUG(0,("fetch_reg_keys: Failed to malloc memory for subkey array containing [%d] items!\n", + num_items)); + num_items = -1; + goto done; + } + } + + s = *subkeys; + for (i=0; iname, name ); + + DEBUG(7,("open_registry_key: exit\n")); + + return create_policy_hnd( p, hnd, free_reg_info, regkey ); +} + +/******************************************************************* + Function for open a new registry handle and creating a handle + Note that P should be valid & hnd should already have space + *******************************************************************/ + +static BOOL close_registry_key(pipes_struct *p, POLICY_HND *hnd) +{ + Registry_Key *regkey = find_regkey_index_by_hnd(p, hnd); + + if ( !regkey ) { + DEBUG(2,("close_registry_key: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(hnd))); + return False; + } + + close_policy_hnd(p, hnd); + + return True; +} + +/******************************************************************** + retrieve information about the subkeys + *******************************************************************/ + +static BOOL get_subkey_information( Registry_Key *key, uint32 *maxnum, uint32 *maxlen ) +{ + int num_subkeys, i; + uint32 max_len; + char *subkeys = NULL; + uint32 len; + char *s; + + if ( !key ) + return False; + + num_subkeys = fetch_reg_keys( tdb_reg, key->name, &subkeys ); + if ( num_subkeys == -1 ) + return False; + + /* find the longest string */ + + max_len = 0; + s = subkeys; + for ( i=0; ipol); /* close the policy handle */ - if (!close_policy_hnd(p, &q_u->pol)) + if (!close_registry_key(p, &q_u->pol)) return NT_STATUS_OBJECT_NAME_INVALID; return NT_STATUS_OK; @@ -58,9 +518,21 @@ NTSTATUS _reg_close(pipes_struct *p, REG_Q_CLOSE *q_u, REG_R_CLOSE *r_u) reg_reply_open ********************************************************************/ -NTSTATUS _reg_open(pipes_struct *p, REG_Q_OPEN_HKLM *q_u, REG_R_OPEN_HKLM *r_u) +NTSTATUS _reg_open_hklm(pipes_struct *p, REG_Q_OPEN_HKLM *q_u, REG_R_OPEN_HKLM *r_u) +{ + if (!open_registry_key(p, &r_u->pol, KEY_HKLM, 0x0)) + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + + return NT_STATUS_OK; +} + +/******************************************************************* + reg_reply_open + ********************************************************************/ + +NTSTATUS _reg_open_hku(pipes_struct *p, REG_Q_OPEN_HKU *q_u, REG_R_OPEN_HKU *r_u) { - if (!create_policy_hnd(p, &r_u->pol, free_reg_info, NULL)) + if (!open_registry_key(p, &r_u->pol, KEY_HKU, 0x0)) return NT_STATUS_OBJECT_NAME_NOT_FOUND; return NT_STATUS_OK; @@ -74,34 +546,36 @@ NTSTATUS _reg_open_entry(pipes_struct *p, REG_Q_OPEN_ENTRY *q_u, REG_R_OPEN_ENTR { POLICY_HND pol; fstring name; - struct reg_info *info = NULL; + pstring path; + int num_subkeys; + Registry_Key *key = find_regkey_index_by_hnd(p, &q_u->pol); - DEBUG(5,("reg_open_entry: %d\n", __LINE__)); + DEBUG(5,("reg_open_entry: Enter\n")); - if (!find_policy_by_hnd(p, &q_u->pol, NULL)) + if ( !key ) return NT_STATUS_INVALID_HANDLE; rpcstr_pull(name,q_u->uni_name.buffer,sizeof(name),q_u->uni_name.uni_str_len*2,0); - DEBUG(5,("reg_open_entry: %s\n", name)); - - /* lkcl XXXX do a check on the name, here */ - if (!strequal(name, "SYSTEM\\CurrentControlSet\\Control\\ProductOptions") && - !strequal(name, "System\\CurrentControlSet\\services\\Netlogon\\parameters\\")) - return NT_STATUS_ACCESS_DENIED; + /* store the full path in the regkey_list */ + + pstrcpy( path, key->name ); + pstrcat( path, "\\" ); + pstrcat( path, name ); - if ((info = (struct reg_info *)malloc(sizeof(struct reg_info))) == NULL) - return NT_STATUS_NO_MEMORY; + DEBUG(5,("reg_open_entry: %s\n", path)); - ZERO_STRUCTP(info); - fstrcpy(info->name, name); + /* do a check on the name, here */ + + if ( (num_subkeys=fetch_reg_keys_count( tdb_reg, path )) == -1 ) + return NT_STATUS_ACCESS_DENIED; - if (!create_policy_hnd(p, &pol, free_reg_info, (void *)info)) - return NT_STATUS_TOO_MANY_SECRETS; /* ha ha very droll */ + if (!open_registry_key(p, &pol, path, 0x0)) + return NT_STATUS_TOO_MANY_SECRETS; init_reg_r_open_entry(r_u, &pol, NT_STATUS_OK); - DEBUG(5,("reg_open_entry: %d\n", __LINE__)); + DEBUG(5,("reg_open_entry: Exitn")); return r_u->status; } @@ -113,21 +587,23 @@ NTSTATUS _reg_open_entry(pipes_struct *p, REG_Q_OPEN_ENTRY *q_u, REG_R_OPEN_ENTR NTSTATUS _reg_info(pipes_struct *p, REG_Q_INFO *q_u, REG_R_INFO *r_u) { NTSTATUS status = NT_STATUS_OK; - char *key = NULL; - uint32 type=0x1; /* key type: REG_SZ */ - + char *value = NULL; + uint32 type = 0x1; /* key type: REG_SZ */ UNISTR2 *uni_key = NULL; BUFFER2 *buf = NULL; fstring name; + Registry_Key *key = find_regkey_index_by_hnd( p, &q_u->pol ); - DEBUG(5,("_reg_info: %d\n", __LINE__)); + DEBUG(5,("_reg_info: Enter\n")); - if (!find_policy_by_hnd(p, &q_u->pol, NULL)) + if ( !key ) return NT_STATUS_INVALID_HANDLE; + + DEBUG(7,("_reg_info: policy key name = [%s]\n", key->name)); rpcstr_pull(name, q_u->uni_type.buffer, sizeof(name), q_u->uni_type.uni_str_len*2, 0); - DEBUG(5,("reg_info: checking key: %s\n", name)); + DEBUG(5,("reg_info: checking subkey: %s\n", name)); uni_key = (UNISTR2 *)talloc_zero(p->mem_ctx, sizeof(UNISTR2)); buf = (BUFFER2 *)talloc_zero(p->mem_ctx, sizeof(BUFFER2)); @@ -147,33 +623,126 @@ NTSTATUS _reg_info(pipes_struct *p, REG_Q_INFO *q_u, REG_R_INFO *r_u) } switch (lp_server_role()) { - case ROLE_DOMAIN_PDC: - case ROLE_DOMAIN_BDC: - key = "LanmanNT"; - break; - case ROLE_STANDALONE: - key = "ServerNT"; - break; - case ROLE_DOMAIN_MEMBER: - key = "WinNT"; - break; + case ROLE_DOMAIN_PDC: + case ROLE_DOMAIN_BDC: + value = "LanmanNT"; + break; + case ROLE_STANDALONE: + value = "ServerNT"; + break; + case ROLE_DOMAIN_MEMBER: + value = "WinNT"; + break; } /* This makes the server look like a member server to clients */ /* which tells clients that we have our own local user and */ /* group databases and helps with ACL support. */ - init_unistr2(uni_key, key, strlen(key)+1); + init_unistr2(uni_key, value, strlen(value)+1); init_buffer2(buf, (uint8*)uni_key->buffer, uni_key->uni_str_len*2); out: init_reg_r_info(q_u->ptr_buf, r_u, buf, type, status); - DEBUG(5,("reg_open_entry: %d\n", __LINE__)); + DEBUG(5,("reg_open_entry: Exit\n")); + + return status; +} + + +/***************************************************************************** + Implementation of REG_QUERY_KEY + ****************************************************************************/ + +NTSTATUS _reg_query_key(pipes_struct *p, REG_Q_QUERY_KEY *q_u, REG_R_QUERY_KEY *r_u) +{ + NTSTATUS status = NT_STATUS_OK; + Registry_Key *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); + + DEBUG(5,("_reg_query_key: Enter\n")); + + if ( !regkey ) + return NT_STATUS_INVALID_HANDLE; + + if ( !get_subkey_information( regkey, &r_u->num_subkeys, &r_u->max_subkeylen ) ) + return NT_STATUS_ACCESS_DENIED; + + if ( !get_value_information( regkey, &r_u->num_values, &r_u->max_valnamelen, &r_u->max_valbufsize ) ) + return NT_STATUS_ACCESS_DENIED; + + r_u->sec_desc = 0x00000078; /* size for key's sec_desc */ + + /* Win9x set this to 0x0 since it does not keep timestamps. + Doing the same here for simplicity --jerry */ + + ZERO_STRUCT(r_u->mod_time); + + DEBUG(5,("_reg_query_key: Exit\n")); + + return status; +} + + +/***************************************************************************** + Implementation of REG_UNKNOWN_1A + ****************************************************************************/ + +NTSTATUS _reg_unknown_1a(pipes_struct *p, REG_Q_UNKNOWN_1A *q_u, REG_R_UNKNOWN_1A *r_u) +{ + NTSTATUS status = NT_STATUS_OK; + Registry_Key *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); + + DEBUG(5,("_reg_unknown_1a: Enter\n")); + + if ( !regkey ) + return NT_STATUS_INVALID_HANDLE; + + r_u->unknown = 0x00000005; /* seems to be consistent...no idea what it means */ + + DEBUG(5,("_reg_unknown_1a: Exit\n")); + + return status; +} + +/***************************************************************************** + Implementation of REG_ENUM_KEY + ****************************************************************************/ + +NTSTATUS _reg_enum_key(pipes_struct *p, REG_Q_ENUM_KEY *q_u, REG_R_ENUM_KEY *r_u) +{ + NTSTATUS status = NT_STATUS_OK; + Registry_Key *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); + fstring subkey; + + + DEBUG(5,("_reg_enum_key: Enter\n")); + + if ( !regkey ) + return NT_STATUS_INVALID_HANDLE; + + DEBUG(8,("_reg_enum_key: enumerating key [%s]\n", regkey->name)); + + if ( !fetch_reg_keys_specific( tdb_reg, regkey->name, subkey, q_u->key_index ) ) + { + status = werror_to_ntstatus( WERR_NO_MORE_ITEMS ); + goto done; + } + + DEBUG(10,("_reg_enum_key: retrieved subkey named [%s]\n", subkey)); + + /* subkey has the string name now */ + + init_reg_r_enum_key( r_u, subkey, q_u->unknown_1, q_u->unknown_2 ); + + DEBUG(5,("_reg_enum_key: Exit\n")); + +done: return status; } + /******************************************************************* reg_shutdwon ********************************************************************/ @@ -219,6 +788,10 @@ NTSTATUS _reg_shutdown(pipes_struct *p, REG_Q_SHUTDOWN *q_u, REG_R_SHUTDOWN *r_u return status; } +/******************************************************************* + reg_abort_shutdwon + ********************************************************************/ + NTSTATUS _reg_abort_shutdown(pipes_struct *p, REG_Q_ABORT_SHUTDOWN *q_u, REG_R_ABORT_SHUTDOWN *r_u) { NTSTATUS status = NT_STATUS_OK; @@ -234,3 +807,5 @@ NTSTATUS _reg_abort_shutdown(pipes_struct *p, REG_Q_ABORT_SHUTDOWN *q_u, REG_R_A return status; } + + diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index c555305bceb..f002a7d1c92 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -32,6 +32,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + /******************************************************************* api_samr_close_hnd ********************************************************************/ @@ -123,6 +126,37 @@ static BOOL api_samr_get_usrdom_pwinfo(pipes_struct *p) return True; } +/******************************************************************* + api_samr_set_sec_obj + ********************************************************************/ + +static BOOL api_samr_set_sec_obj(pipes_struct *p) +{ + SAMR_Q_SET_SEC_OBJ q_u; + SAMR_R_SET_SEC_OBJ r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!samr_io_q_set_sec_obj("", &q_u, data, 0)) { + DEBUG(0,("api_samr_set_sec_obj: unable to unmarshall SAMR_Q_SET_SEC_OBJ.\n")); + return False; + } + + r_u.status = _samr_set_sec_obj(p, &q_u, &r_u); + + if(!samr_io_r_set_sec_obj("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_set_sec_obj: unable to marshall SAMR_R_SET_SEC_OBJ.\n")); + return False; + } + + + return True; +} + /******************************************************************* api_samr_query_sec_obj ********************************************************************/ @@ -1427,6 +1461,7 @@ static struct api_struct api_samr_cmds [] = {"SAMR_LOOKUP_DOMAIN" , SAMR_LOOKUP_DOMAIN , api_samr_lookup_domain }, {"SAMR_QUERY_SEC_OBJECT" , SAMR_QUERY_SEC_OBJECT , api_samr_query_sec_obj }, + {"SAMR_SET_SEC_OBJECT" , SAMR_SET_SEC_OBJECT , api_samr_set_sec_obj }, {"SAMR_GET_USRDOM_PWINFO" , SAMR_GET_USRDOM_PWINFO, api_samr_get_usrdom_pwinfo}, {"SAMR_UNKNOWN_2E" , SAMR_UNKNOWN_2E , api_samr_unknown_2e }, {"SAMR_SET_DOMAIN_INFO" , SAMR_SET_DOMAIN_INFO , api_samr_set_dom_info }, diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 106d7c19234..88d728d8107 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -29,9 +29,11 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + extern fstring global_myworkgroup; extern pstring global_myname; -extern DOM_SID global_sam_sid; extern DOM_SID global_sid_Builtin; extern rid_name domain_group_rids[]; @@ -52,9 +54,69 @@ struct samr_info { /* for use by the \PIPE\samr policy */ DOM_SID sid; uint32 status; /* some sort of flag. best to record it. comes from opnum 0x39 */ + uint32 acc_granted; DISP_INFO disp_info; + + TALLOC_CTX *mem_ctx; }; +struct generic_mapping sam_generic_mapping = {SAMR_READ, SAMR_WRITE, SAMR_EXECUTE, SAMR_ALL_ACCESS}; +struct generic_mapping dom_generic_mapping = {DOMAIN_READ, DOMAIN_WRITE, DOMAIN_EXECUTE, DOMAIN_ALL_ACCESS}; +struct generic_mapping usr_generic_mapping = {USER_READ, USER_WRITE, USER_EXECUTE, USER_ALL_ACCESS}; +struct generic_mapping grp_generic_mapping = {GROUP_READ, GROUP_WRITE, GROUP_EXECUTE, GROUP_ALL_ACCESS}; +struct generic_mapping ali_generic_mapping = {ALIAS_READ, ALIAS_WRITE, ALIAS_EXECUTE, ALIAS_ALL_ACCESS}; + +static NTSTATUS samr_make_dom_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *d_size); + + +/******************************************************************* + Checks if access to an object should be granted, and returns that + level of access for further checks. +********************************************************************/ + +NTSTATUS access_check_samr_object(SEC_DESC *psd, NT_USER_TOKEN *nt_user_token, uint32 des_access, + uint32 *acc_granted, const char *debug) +{ + NTSTATUS status = NT_STATUS_ACCESS_DENIED; + + if (!se_access_check(psd, nt_user_token, des_access, acc_granted, &status)) { + if (geteuid() == sec_initial_uid()) { + DEBUG(4,("%s: ACCESS should be DENIED (requested: %#010x)\n", + debug, des_access)); + DEBUGADD(4,("but overritten by euid == sec_initial_uid()\n")); + status = NT_STATUS_OK; + } + else { + DEBUG(2,("%s: ACCESS DENIED (requested: %#010x)\n", + debug, des_access)); + } + } + return status; +} + +/******************************************************************* + Checks if access to a function can be granted +********************************************************************/ + +NTSTATUS access_check_samr_function(uint32 acc_granted, uint32 acc_required, const char *debug) +{ + DEBUG(5,("%s: access check ((granted: %#010x; required: %#010x)\n", + debug, acc_granted, acc_required)); + if ((acc_granted & acc_required) != acc_required) { + if (geteuid() == sec_initial_uid()) { + DEBUG(4,("%s: ACCESS should be DENIED (granted: %#010x; required: %#010x)\n", + debug, acc_granted, acc_required)); + DEBUGADD(4,("but overwritten by euid == 0\n")); + return NT_STATUS_OK; + } + DEBUG(2,("%s: ACCESS DENIED (granted: %#010x; required: %#010x)\n", + debug, acc_granted, acc_required)); + return NT_STATUS_ACCESS_DENIED; + } + return NT_STATUS_OK; +} + + /******************************************************************* Create a samr_info struct. ********************************************************************/ @@ -63,17 +125,27 @@ static struct samr_info *get_samr_info_by_sid(DOM_SID *psid) { struct samr_info *info; fstring sid_str; + TALLOC_CTX *mem_ctx; + + if (psid) { + sid_to_string(sid_str, psid); + } else { + fstrcpy(sid_str,"(NULL)"); + } + + mem_ctx = talloc_init_named("samr_info for domain sid %s", sid_str); - if ((info = (struct samr_info *)malloc(sizeof(struct samr_info))) == NULL) + if ((info = (struct samr_info *)talloc(mem_ctx, sizeof(struct samr_info))) == NULL) return NULL; ZERO_STRUCTP(info); + DEBUG(10,("get_samr_info_by_sid: created new info for sid %s\n", sid_str)); if (psid) { - DEBUG(10,("get_samr_info_by_sid: created new info for sid %s\n", sid_to_string(sid_str, psid) )); sid_copy( &info->sid, psid); } else { DEBUG(10,("get_samr_info_by_sid: created new info for NULL sid.\n")); } + info->mem_ctx = mem_ctx; return info; } @@ -84,18 +156,13 @@ static void free_samr_db(struct samr_info *info) { int i; - if (info->disp_info.group_dbloaded) { - for (i=0; idisp_info.num_group_account; i++) - SAFE_FREE(info->disp_info.disp_group_info[i].grp); - - SAFE_FREE(info->disp_info.disp_group_info); - } + /* Groups are talloced */ if (info->disp_info.user_dbloaded){ - for (i=0; idisp_info.num_user_account; i++) + for (i=0; idisp_info.num_user_account; i++) { + /* Not really a free, actually a 'clear' */ pdb_free_sam(&info->disp_info.disp_user_info[i].sam); - - SAFE_FREE(info->disp_info.disp_user_info); + } } info->disp_info.user_dbloaded=False; @@ -110,26 +177,13 @@ static void free_samr_info(void *ptr) struct samr_info *info=(struct samr_info *) ptr; free_samr_db(info); - SAFE_FREE(info); + talloc_destroy(info->mem_ctx); } /******************************************************************* Ensure password info is never given out. Paranioa... JRA. ********************************************************************/ -static void samr_clear_passwd_fields( SAM_USER_INFO_21 *pass, int num_entries) -{ - int i; - - if (!pass) - return; - - for (i = 0; i < num_entries; i++) { - memset(&pass[i].lm_pwd, '\0', sizeof(pass[i].lm_pwd)); - memset(&pass[i].nt_pwd, '\0', sizeof(pass[i].nt_pwd)); - } -} - static void samr_clear_sam_passwd(SAM_ACCOUNT *sam_pass) { @@ -147,6 +201,8 @@ static NTSTATUS load_sampwd_entries(struct samr_info *info, uint16 acb_mask) { SAM_ACCOUNT *pwd = NULL; DISP_USER_INFO *pwd_array = NULL; + NTSTATUS nt_status = NT_STATUS_OK; + TALLOC_CTX *mem_ctx = info->mem_ctx; DEBUG(10,("load_sampwd_entries\n")); @@ -161,7 +217,8 @@ static NTSTATUS load_sampwd_entries(struct samr_info *info, uint16 acb_mask) return NT_STATUS_ACCESS_DENIED; } - for (pdb_init_sam(&pwd); pdb_getsampwent(pwd) == True; pwd=NULL, pdb_init_sam(&pwd) ) { + for (; (NT_STATUS_IS_OK(nt_status = pdb_init_sam_talloc(mem_ctx, &pwd))) + && pdb_getsampwent(pwd) == True; pwd=NULL) { if (acb_mask != 0 && !(pdb_get_acct_ctrl(pwd) & acb_mask)) { pdb_free_sam(&pwd); @@ -173,7 +230,7 @@ static NTSTATUS load_sampwd_entries(struct samr_info *info, uint16 acb_mask) if (info->disp_info.num_user_account % MAX_SAM_ENTRIES == 0) { DEBUG(10,("load_sampwd_entries: allocating more memory\n")); - pwd_array=(DISP_USER_INFO *)Realloc(info->disp_info.disp_user_info, + pwd_array=(DISP_USER_INFO *)talloc_realloc(mem_ctx, info->disp_info.disp_user_info, (info->disp_info.num_user_account+MAX_SAM_ENTRIES)*sizeof(DISP_USER_INFO)); if (pwd_array==NULL) @@ -198,7 +255,7 @@ static NTSTATUS load_sampwd_entries(struct samr_info *info, uint16 acb_mask) DEBUG(12,("load_sampwd_entries: done\n")); - return NT_STATUS_OK; + return nt_status; } static NTSTATUS load_group_domain_entries(struct samr_info *info, DOM_SID *sid) @@ -207,6 +264,7 @@ static NTSTATUS load_group_domain_entries(struct samr_info *info, DOM_SID *sid) DISP_GROUP_INFO *grp_array = NULL; uint32 group_entries = 0; uint32 i; + TALLOC_CTX *mem_ctx = info->mem_ctx; DEBUG(10,("load_group_domain_entries\n")); @@ -216,11 +274,13 @@ static NTSTATUS load_group_domain_entries(struct samr_info *info, DOM_SID *sid) return NT_STATUS_OK; } - enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV); + if (!enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV)) { + return NT_STATUS_NO_MEMORY; + } info->disp_info.num_group_account=group_entries; - grp_array=(DISP_GROUP_INFO *)malloc(info->disp_info.num_group_account*sizeof(DISP_GROUP_INFO)); + grp_array=(DISP_GROUP_INFO *)talloc(mem_ctx, info->disp_info.num_group_account*sizeof(DISP_GROUP_INFO)); if (group_entries!=0 && grp_array==NULL) { SAFE_FREE(map); @@ -231,7 +291,7 @@ static NTSTATUS load_group_domain_entries(struct samr_info *info, DOM_SID *sid) for (i=0; iname, map[i].nt_name); fstrcpy(grp_array[i].grp->comment, map[i].comment); @@ -251,84 +311,6 @@ static NTSTATUS load_group_domain_entries(struct samr_info *info, DOM_SID *sid) } -/******************************************************************* - This next function should be replaced with something that - dynamically returns the correct user info..... JRA. - ********************************************************************/ - -static NTSTATUS get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx, - int *total_entries, int *num_entries, - int max_num_entries, uint16 acb_mask) -{ - SAM_ACCOUNT *pwd = NULL; - BOOL not_finished = True; - - (*num_entries) = 0; - (*total_entries) = 0; - - if (pw_buf == NULL) - return NT_STATUS_NO_MEMORY; - - pdb_init_sam(&pwd); - - if (!pdb_setsampwent(False)) { - DEBUG(0, ("get_sampwd_entries: Unable to open passdb.\n")); - pdb_free_sam(&pwd); - return NT_STATUS_ACCESS_DENIED; - } - - while (((not_finished = pdb_getsampwent(pwd)) != False) - && (*num_entries) < max_num_entries) - { - int user_name_len; - - if (start_idx > 0) { - - pdb_reset_sam(pwd); - - /* skip the requested number of entries. - not very efficient, but hey... */ - start_idx--; - continue; - } - - user_name_len = strlen(pdb_get_username(pwd))+1; - init_unistr2(&pw_buf[(*num_entries)].uni_user_name, pdb_get_username(pwd), user_name_len); - init_uni_hdr(&pw_buf[(*num_entries)].hdr_user_name, user_name_len); - pw_buf[(*num_entries)].user_rid = pdb_get_user_rid(pwd); - memset((char *)pw_buf[(*num_entries)].nt_pwd, '\0', 16); - - /* Now check if the NT compatible password is available. */ - if (pdb_get_nt_passwd(pwd)) - memcpy( pw_buf[(*num_entries)].nt_pwd , pdb_get_nt_passwd(pwd), 16); - - pw_buf[(*num_entries)].acb_info = pdb_get_acct_ctrl(pwd); - - DEBUG(5, ("entry idx: %d user %s, rid 0x%x, acb %x", - (*num_entries), pdb_get_username(pwd), pdb_get_user_rid(pwd), pdb_get_acct_ctrl(pwd) )); - - if (acb_mask == 0 || (pdb_get_acct_ctrl(pwd) & acb_mask)) { - DEBUG(5,(" acb_mask %x accepts\n", acb_mask)); - (*num_entries)++; - } else { - DEBUG(5,(" acb_mask %x rejects\n", acb_mask)); - } - - (*total_entries)++; - - pdb_reset_sam(pwd); - - } - - pdb_endsampwent(); - pdb_free_sam(&pwd); - - if (not_finished) - return STATUS_MORE_ENTRIES; - else - return NT_STATUS_OK; -} - /******************************************************************* _samr_close_hnd ********************************************************************/ @@ -352,17 +334,37 @@ NTSTATUS _samr_close_hnd(pipes_struct *p, SAMR_Q_CLOSE_HND *q_u, SAMR_R_CLOSE_HN NTSTATUS _samr_open_domain(pipes_struct *p, SAMR_Q_OPEN_DOMAIN *q_u, SAMR_R_OPEN_DOMAIN *r_u) { - struct samr_info *info; + struct samr_info *info; + SEC_DESC *psd = NULL; + uint32 acc_granted; + uint32 des_access = q_u->flags; + size_t sd_size; + NTSTATUS status; r_u->status = NT_STATUS_OK; /* find the connection policy handle. */ - if (!find_policy_by_hnd(p, &q_u->pol, NULL)) + if (!find_policy_by_hnd(p, &q_u->pol, (void**)&info)) return NT_STATUS_INVALID_HANDLE; + if (!NT_STATUS_IS_OK(status = access_check_samr_function(info->acc_granted, SAMR_ACCESS_OPEN_DOMAIN,"_samr_open_domain"))) { + return status; + } + + /*check if access can be granted as requested by client. */ + samr_make_dom_obj_sd(p->mem_ctx, &psd, &sd_size); + se_map_generic(&des_access,&dom_generic_mapping); + + if (!NT_STATUS_IS_OK(status = + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_open_domain"))) { + return status; + } + /* associate the domain SID with the (unique) handle. */ if ((info = get_samr_info_by_sid(&q_u->dom_sid.sid))==NULL) return NT_STATUS_NO_MEMORY; + info->acc_granted = acc_granted; /* get a (unique) handle. open a policy on it. */ if (!create_policy_hnd(p, &r_u->domain_pol, free_samr_info, (void *)info)) @@ -402,11 +404,90 @@ NTSTATUS _samr_get_usrdom_pwinfo(pipes_struct *p, SAMR_Q_GET_USRDOM_PWINFO *q_u, return r_u->status; } + +/******************************************************************* + samr_make_sam_obj_sd + ********************************************************************/ + +static NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size) +{ + extern DOM_SID global_sid_World; + DOM_SID adm_sid; + DOM_SID act_sid; + + SEC_ACE ace[3]; + SEC_ACCESS mask; + + SEC_ACL *psa = NULL; + + sid_copy(&adm_sid, &global_sid_Builtin); + sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS); + + sid_copy(&act_sid, &global_sid_Builtin); + sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS); + + /*basic access for every one*/ + init_sec_access(&mask, SAMR_EXECUTE | SAMR_READ); + init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + /*full access for builtin aliases Administrators and Account Operators*/ + init_sec_access(&mask, SAMR_ALL_ACCESS); + init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL) + return NT_STATUS_NO_MEMORY; + + if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL) + return NT_STATUS_NO_MEMORY; + + return NT_STATUS_OK; +} + +/******************************************************************* + samr_make_dom_obj_sd + ********************************************************************/ + +static NTSTATUS samr_make_dom_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size) +{ + extern DOM_SID global_sid_World; + DOM_SID adm_sid; + DOM_SID act_sid; + + SEC_ACE ace[3]; + SEC_ACCESS mask; + + SEC_ACL *psa = NULL; + + sid_copy(&adm_sid, &global_sid_Builtin); + sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS); + + sid_copy(&act_sid, &global_sid_Builtin); + sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS); + + /*basic access for every one*/ + init_sec_access(&mask, DOMAIN_EXECUTE | DOMAIN_READ); + init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + /*full access for builtin aliases Administrators and Account Operators*/ + init_sec_access(&mask, DOMAIN_ALL_ACCESS); + init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL) + return NT_STATUS_NO_MEMORY; + + if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL) + return NT_STATUS_NO_MEMORY; + + return NT_STATUS_OK; +} + /******************************************************************* samr_make_usr_obj_sd ********************************************************************/ -static NTSTATUS samr_make_usr_obj_sd(TALLOC_CTX *ctx, SEC_DESC_BUF **buf, DOM_SID *usr_sid) +static NTSTATUS samr_make_usr_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size, DOM_SID *usr_sid) { extern DOM_SID global_sid_World; DOM_SID adm_sid; @@ -416,8 +497,6 @@ static NTSTATUS samr_make_usr_obj_sd(TALLOC_CTX *ctx, SEC_DESC_BUF **buf, DOM_SI SEC_ACCESS mask; SEC_ACL *psa = NULL; - SEC_DESC *psd = NULL; - size_t sd_size; sid_copy(&adm_sid, &global_sid_Builtin); sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS); @@ -425,29 +504,107 @@ static NTSTATUS samr_make_usr_obj_sd(TALLOC_CTX *ctx, SEC_DESC_BUF **buf, DOM_SI sid_copy(&act_sid, &global_sid_Builtin); sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS); - init_sec_access(&mask, 0x2035b); + /*basic access for every one*/ + init_sec_access(&mask, USER_EXECUTE | USER_READ); init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); - init_sec_access(&mask, 0xf07ff); + /*full access for builtin aliases Administrators and Account Operators*/ + init_sec_access(&mask, USER_ALL_ACCESS); init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); - init_sec_access(&mask,0x20044); + /*extended access for the user*/ + init_sec_access(&mask,READ_CONTROL_ACCESS | USER_ACCESS_CHANGE_PASSWORD | USER_ACCESS_SET_LOC_COM); init_sec_ace(&ace[3], usr_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); - if((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 4, ace)) == NULL) + if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 4, ace)) == NULL) return NT_STATUS_NO_MEMORY; - if((psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, &sd_size)) == NULL) + if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL) return NT_STATUS_NO_MEMORY; - if((*buf = make_sec_desc_buf(ctx, sd_size, psd)) == NULL) + return NT_STATUS_OK; +} + +/******************************************************************* + samr_make_grp_obj_sd + ********************************************************************/ + +static NTSTATUS samr_make_grp_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size) +{ + extern DOM_SID global_sid_World; + DOM_SID adm_sid; + DOM_SID act_sid; + + SEC_ACE ace[3]; + SEC_ACCESS mask; + + SEC_ACL *psa = NULL; + + sid_copy(&adm_sid, &global_sid_Builtin); + sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS); + + sid_copy(&act_sid, &global_sid_Builtin); + sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS); + + /*basic access for every one*/ + init_sec_access(&mask, GROUP_EXECUTE | GROUP_READ); + init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + /*full access for builtin aliases Administrators and Account Operators*/ + init_sec_access(&mask, GROUP_ALL_ACCESS); + init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL) + return NT_STATUS_NO_MEMORY; + + if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL) return NT_STATUS_NO_MEMORY; return NT_STATUS_OK; } -static BOOL get_lsa_policy_samr_sid(pipes_struct *p, POLICY_HND *pol, DOM_SID *sid) +/******************************************************************* + samr_make_ali_obj_sd + ********************************************************************/ + +static NTSTATUS samr_make_ali_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size) +{ + extern DOM_SID global_sid_World; + DOM_SID adm_sid; + DOM_SID act_sid; + + SEC_ACE ace[3]; + SEC_ACCESS mask; + + SEC_ACL *psa = NULL; + + sid_copy(&adm_sid, &global_sid_Builtin); + sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS); + + sid_copy(&act_sid, &global_sid_Builtin); + sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS); + + /*basic access for every one*/ + init_sec_access(&mask, ALIAS_EXECUTE | ALIAS_READ); + init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + /*full access for builtin aliases Administrators and Account Operators*/ + init_sec_access(&mask, ALIAS_ALL_ACCESS); + init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL) + return NT_STATUS_NO_MEMORY; + + if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL) + return NT_STATUS_NO_MEMORY; + + return NT_STATUS_OK; +} + +static BOOL get_lsa_policy_samr_sid(pipes_struct *p, POLICY_HND *pol, DOM_SID *sid, uint32 *acc_granted) { struct samr_info *info = NULL; @@ -459,9 +616,21 @@ static BOOL get_lsa_policy_samr_sid(pipes_struct *p, POLICY_HND *pol, DOM_SID *s return False; *sid = info->sid; + *acc_granted = info->acc_granted; return True; } +/******************************************************************* + _samr_set_sec_obj + ********************************************************************/ + +NTSTATUS _samr_set_sec_obj(pipes_struct *p, SAMR_Q_SET_SEC_OBJ *q_u, SAMR_R_SET_SEC_OBJ *r_u) +{ + DEBUG(0,("_samr_set_sec_obj: Not yet implemented!\n")); + return NT_STATUS_NOT_IMPLEMENTED; +} + + /******************************************************************* _samr_query_sec_obj ********************************************************************/ @@ -470,17 +639,52 @@ NTSTATUS _samr_query_sec_obj(pipes_struct *p, SAMR_Q_QUERY_SEC_OBJ *q_u, SAMR_R_ { DOM_SID pol_sid; fstring str_sid; + SEC_DESC * psd = NULL; + size_t sd_size; + uint32 acc_granted; r_u->status = NT_STATUS_OK; /* Get the SID. */ - - if (!get_lsa_policy_samr_sid(p, &q_u->user_pol, &pol_sid)) + if (!get_lsa_policy_samr_sid(p, &q_u->user_pol, &pol_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; + + DEBUG(10,("_samr_query_sec_obj: querying security on SID: %s\n", sid_to_string(str_sid, &pol_sid))); - r_u->status = samr_make_usr_obj_sd(p->mem_ctx, &r_u->buf, &pol_sid); + /* Check what typ of SID is beeing queried (e.g Domain SID, User SID, Group SID) */ + + /* To query the security of the SAM it self an invalid SID with S-0-0 is passed to this function */ + if (pol_sid.sid_rev_num == 0) + { + DEBUG(5,("_samr_query_sec_obj: querying security on SAM\n")); + r_u->status = samr_make_sam_obj_sd(p->mem_ctx, &psd, &sd_size); + } + else if (sid_equal(&pol_sid,get_global_sam_sid())) /* check if it is our domain SID */ + + { + DEBUG(5,("_samr_query_sec_obj: querying security on Domain with SID: %s\n", sid_to_string(str_sid, &pol_sid))); + r_u->status = samr_make_dom_obj_sd(p->mem_ctx, &psd, &sd_size); + } + else if (sid_equal(&pol_sid,&global_sid_Builtin)) /* check if it is the Builtin Domain */ + { + /* TODO: Builtin probably needs a different SD with restricted write access*/ + DEBUG(5,("_samr_query_sec_obj: querying security on Builtin Domain with SID: %s\n", sid_to_string(str_sid, &pol_sid))); + r_u->status = samr_make_dom_obj_sd(p->mem_ctx, &psd, &sd_size); + } + else if (sid_check_is_in_our_domain(&pol_sid) || + sid_check_is_in_builtin(&pol_sid)) + { + /* TODO: different SDs have to be generated for aliases groups and users. + Currently all three get a default user SD */ + DEBUG(10,("_samr_query_sec_obj: querying security on Object with SID: %s\n", sid_to_string(str_sid, &pol_sid))); + r_u->status = samr_make_usr_obj_sd(p->mem_ctx, &psd,&sd_size, &pol_sid); + } + else return NT_STATUS_OBJECT_TYPE_MISMATCH; + + if ((r_u->buf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL) + return NT_STATUS_NO_MEMORY; if (NT_STATUS_IS_OK(r_u->status)) r_u->ptr = 1; @@ -492,69 +696,123 @@ NTSTATUS _samr_query_sec_obj(pipes_struct *p, SAMR_Q_QUERY_SEC_OBJ *q_u, SAMR_R_ makes a SAM_ENTRY / UNISTR2* structure from a user list. ********************************************************************/ -static void make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UNISTR2 **uni_name_pp, - uint32 num_sam_entries, SAM_USER_INFO_21 *pass) +static NTSTATUS make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UNISTR2 **uni_name_pp, + uint32 num_entries, uint32 start_idx, DISP_USER_INFO *disp_user_info, + DOM_SID *domain_sid) { uint32 i; SAM_ENTRY *sam; UNISTR2 *uni_name; - + SAM_ACCOUNT *pwd = NULL; + UNISTR2 uni_temp_name; + const char *temp_name; + const DOM_SID *user_sid; + uint32 user_rid; + fstring user_sid_string; + fstring domain_sid_string; + *sam_pp = NULL; *uni_name_pp = NULL; - if (num_sam_entries == 0) - return; + if (num_entries == 0) + return NT_STATUS_OK; - sam = (SAM_ENTRY *)talloc_zero(ctx, sizeof(SAM_ENTRY)*num_sam_entries); + sam = (SAM_ENTRY *)talloc_zero(ctx, sizeof(SAM_ENTRY)*num_entries); - uni_name = (UNISTR2 *)talloc_zero(ctx, sizeof(UNISTR2)*num_sam_entries); + uni_name = (UNISTR2 *)talloc_zero(ctx, sizeof(UNISTR2)*num_entries); if (sam == NULL || uni_name == NULL) { - DEBUG(0, ("NULL pointers in SAMR_R_QUERY_DISPINFO\n")); - return; + DEBUG(0, ("make_user_sam_entry_list: talloc_zero failed!\n")); + return NT_STATUS_NO_MEMORY; } - ZERO_STRUCTP(sam); - ZERO_STRUCTP(uni_name); - - for (i = 0; i < num_sam_entries; i++) { - int len = pass[i].uni_user_name.uni_str_len; + for (i = 0; i < num_entries; i++) { + int len = uni_temp_name.uni_str_len; + + pwd = disp_user_info[i+start_idx].sam; + temp_name = pdb_get_username(pwd); + init_unistr2(&uni_temp_name, temp_name, strlen(temp_name)+1); + user_sid = pdb_get_user_sid(pwd); + + if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) { + DEBUG(0, ("make_user_sam_entry_list: User %s has SID %s, which conflicts with " + "the domain sid %s. Failing operation.\n", + temp_name, + sid_to_string(user_sid_string, user_sid), + sid_to_string(domain_sid_string, domain_sid))); + return NT_STATUS_UNSUCCESSFUL; + } - init_sam_entry(&sam[i], len, pass[i].user_rid); - copy_unistr2(&uni_name[i], &pass[i].uni_user_name); + init_sam_entry(&sam[i], len, user_rid); + copy_unistr2(&uni_name[i], &uni_temp_name); } *sam_pp = sam; *uni_name_pp = uni_name; + return NT_STATUS_OK; } /******************************************************************* samr_reply_enum_dom_users ********************************************************************/ -NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u, SAMR_R_ENUM_DOM_USERS *r_u) +NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u, + SAMR_R_ENUM_DOM_USERS *r_u) { - SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]; - int num_entries = 0; - int total_entries = 0; + struct samr_info *info = NULL; + uint32 struct_size=0x20; /* W2K always reply that, client doesn't care */ + int num_account; + uint32 enum_context=q_u->start_idx; + uint32 max_size=q_u->max_size; + uint32 temp_size; + enum remote_arch_types ra_type = get_remote_arch(); + int max_sam_entries = (ra_type == RA_WIN95) ? MAX_SAM_ENTRIES_W95 : MAX_SAM_ENTRIES_W2K; + uint32 max_entries = max_sam_entries; + DOM_SID domain_sid; r_u->status = NT_STATUS_OK; /* find the policy handle. open a policy on it. */ - if (!find_policy_by_hnd(p, &q_u->pol, NULL)) + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) return NT_STATUS_INVALID_HANDLE; + domain_sid = info->sid; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, + DOMAIN_ACCESS_ENUM_ACCOUNTS, + "_samr_enum_dom_users"))) { + return r_u->status; + } + DEBUG(5,("_samr_enum_dom_users: %d\n", __LINE__)); become_root(); - r_u->status = get_sampwd_entries(pass, q_u->start_idx, &total_entries, &num_entries, - MAX_SAM_ENTRIES, q_u->acb_mask); + r_u->status=load_sampwd_entries(info, q_u->acb_mask); unbecome_root(); - - if (NT_STATUS_IS_ERR(r_u->status)) + + if (!NT_STATUS_IS_OK(r_u->status)) return r_u->status; - samr_clear_passwd_fields(pass, num_entries); + num_account = info->disp_info.num_user_account; + + if (enum_context > num_account) { + DEBUG(5, ("_samr_enum_dom_users: enumeration handle over total entries\n")); + return NT_STATUS_OK; + } + + /* verify we won't overflow */ + if (max_entries > num_account-enum_context) { + max_entries = num_account-enum_context; + DEBUG(5, ("_samr_enum_dom_users: only %d entries to return\n", max_entries)); + } + + /* calculate the size and limit on the number of entries we will return */ + temp_size=max_entries*struct_size; + + if (temp_size>max_size) { + max_entries=MIN((max_size/struct_size),max_entries);; + DEBUG(5, ("_samr_enum_dom_users: buffer size limits to only %d entries\n", max_entries)); + } /* * Note from JRA. total_entries is not being used here. Currently if there is a @@ -569,9 +827,20 @@ NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u, SAMR_ * value (again I think this is wrong). */ - make_user_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_acct_name, num_entries, pass); + r_u->status = make_user_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_acct_name, + max_entries, enum_context, + info->disp_info.disp_user_info, + &domain_sid); + + if (!NT_STATUS_IS_OK(r_u->status)) + return r_u->status; + + if (enum_context+max_entries < num_account) + r_u->status = STATUS_MORE_ENTRIES; - init_samr_r_enum_dom_users(r_u, q_u->start_idx + num_entries, num_entries); + DEBUG(5, ("_samr_enum_dom_users: %d\n", __LINE__)); + + init_samr_r_enum_dom_users(r_u, q_u->start_idx + max_entries, max_entries); DEBUG(5,("_samr_enum_dom_users: %d\n", __LINE__)); @@ -654,13 +923,12 @@ static NTSTATUS get_group_alias_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM } SAFE_FREE(map); - } else if (sid_equal(sid, &global_sam_sid) && !lp_hide_local_users()) { + } else if (sid_equal(sid, get_global_sam_sid()) && !lp_hide_local_users()) { struct sys_grent *glist; struct sys_grent *grp; struct passwd *pw; gid_t winbind_gid_low, winbind_gid_high; - - lp_winbind_gid(&winbind_gid_low, &winbind_gid_high); + BOOL winbind_groups_exist = lp_winbind_gid(&winbind_gid_low, &winbind_gid_high); /* local aliases */ /* we return the UNIX groups here. This seems to be the right */ @@ -690,24 +958,15 @@ static NTSTATUS get_group_alias_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM continue; /* Don't return winbind groups as they are not local! */ - if ((grp->gr_gid >= winbind_gid_low)&&(grp->gr_gid <= winbind_gid_high)) { + if (winbind_groups_exist && (grp->gr_gid >= winbind_gid_low)&&(grp->gr_gid <= winbind_gid_high)) { DEBUG(10,("get_group_alias_entries: not returing %s, not local.\n", smap.nt_name )); continue; } /* Don't return user private groups... */ - - /* - * We used to do a Get_Pwnam() here, but this has been - * trimmed back to the common case for private groups - * to save lookups and to use the _alloc interface. - * - * This also matches the group mapping code - */ - if ((pw = getpwnam_alloc(smap.nt_name)) != 0) { + if ((pw = Get_Pwnam(smap.nt_name)) != 0) { DEBUG(10,("get_group_alias_entries: not returing %s, clashes with user.\n", smap.nt_name )); - passwd_free(&pw); continue; } @@ -808,11 +1067,16 @@ NTSTATUS _samr_enum_dom_groups(pipes_struct *p, SAMR_Q_ENUM_DOM_GROUPS *q_u, SAM DOMAIN_GRP *grp=NULL; uint32 num_entries; DOM_SID sid; + uint32 acc_granted; r_u->status = NT_STATUS_OK; - if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid)) + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, DOMAIN_ACCESS_ENUM_ACCOUNTS, "_samr_enum_dom_groups"))) { + return r_u->status; + } DEBUG(5,("samr_reply_enum_dom_groups: %d\n", __LINE__)); @@ -840,12 +1104,17 @@ NTSTATUS _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, S fstring sid_str; DOM_SID sid; NTSTATUS status; + uint32 acc_granted; r_u->status = NT_STATUS_OK; - if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid)) + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, DOMAIN_ACCESS_ENUM_ACCOUNTS, "_samr_enum_dom_aliases"))) { + return r_u->status; + } + sid_to_string(sid_str, &sid); DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n", sid_str)); @@ -867,7 +1136,8 @@ NTSTATUS _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, S /******************************************************************* samr_reply_query_dispinfo ********************************************************************/ -NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_R_QUERY_DISPINFO *r_u) +NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, + SAMR_R_QUERY_DISPINFO *r_u) { struct samr_info *info = NULL; uint32 struct_size=0x20; /* W2K always reply that, client doesn't care */ @@ -882,9 +1152,8 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_ NTSTATUS disp_ret; uint32 num_account = 0; enum remote_arch_types ra_type = get_remote_arch(); - int max_sam_entries; - - max_sam_entries = (ra_type == RA_WIN95) ? MAX_SAM_ENTRIES_W95 : MAX_SAM_ENTRIES_W2K; + int max_sam_entries = (ra_type == RA_WIN95) ? MAX_SAM_ENTRIES_W95 : MAX_SAM_ENTRIES_W2K; + DOM_SID domain_sid; DEBUG(5, ("samr_reply_query_dispinfo: %d\n", __LINE__)); r_u->status = NT_STATUS_OK; @@ -893,6 +1162,8 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_ if (!find_policy_by_hnd(p, &q_u->domain_pol, (void **)&info)) return NT_STATUS_INVALID_HANDLE; + domain_sid = info->sid; + /* * calculate how many entries we will return. * based on @@ -936,7 +1207,7 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_ become_root(); r_u->status=load_sampwd_entries(info, acb_mask); unbecome_root(); - if (NT_STATUS_IS_ERR(r_u->status)) { + if (!NT_STATUS_IS_OK(r_u->status)) { DEBUG(5, ("_samr_query_dispinfo: load_sampwd_entries failed\n")); return r_u->status; } @@ -945,7 +1216,7 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_ case 0x3: case 0x5: r_u->status = load_group_domain_entries(info, &info->sid); - if (NT_STATUS_IS_ERR(r_u->status)) + if (!NT_STATUS_IS_OK(r_u->status)) return r_u->status; num_account = info->disp_info.num_group_account; break; @@ -962,7 +1233,7 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_ if (enum_context > num_account) { DEBUG(5, ("samr_reply_query_dispinfo: enumeration handle over total entries\n")); - return NT_STATUS_OK; + return NT_STATUS_NO_MORE_ENTRIES; } /* verify we won't overflow */ @@ -991,8 +1262,9 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_ if (!(ctr->sam.info1 = (SAM_DISPINFO_1 *)talloc_zero(p->mem_ctx,max_entries*sizeof(SAM_DISPINFO_1)))) return NT_STATUS_NO_MEMORY; } - disp_ret = init_sam_dispinfo_1(p->mem_ctx, ctr->sam.info1, max_entries, enum_context, info->disp_info.disp_user_info); - if (NT_STATUS_IS_ERR(disp_ret)) + disp_ret = init_sam_dispinfo_1(p->mem_ctx, ctr->sam.info1, max_entries, enum_context, + info->disp_info.disp_user_info, &domain_sid); + if (!NT_STATUS_IS_OK(disp_ret)) return disp_ret; break; case 0x2: @@ -1000,8 +1272,9 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_ if (!(ctr->sam.info2 = (SAM_DISPINFO_2 *)talloc_zero(p->mem_ctx,max_entries*sizeof(SAM_DISPINFO_2)))) return NT_STATUS_NO_MEMORY; } - disp_ret = init_sam_dispinfo_2(p->mem_ctx, ctr->sam.info2, max_entries, enum_context, info->disp_info.disp_user_info); - if (NT_STATUS_IS_ERR(disp_ret)) + disp_ret = init_sam_dispinfo_2(p->mem_ctx, ctr->sam.info2, max_entries, enum_context, + info->disp_info.disp_user_info, &domain_sid); + if (!NT_STATUS_IS_OK(disp_ret)) return disp_ret; break; case 0x3: @@ -1010,7 +1283,7 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_ return NT_STATUS_NO_MEMORY; } disp_ret = init_sam_dispinfo_3(p->mem_ctx, ctr->sam.info3, max_entries, enum_context, info->disp_info.disp_group_info); - if (NT_STATUS_IS_ERR(disp_ret)) + if (!NT_STATUS_IS_OK(disp_ret)) return disp_ret; break; case 0x4: @@ -1019,7 +1292,7 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_ return NT_STATUS_NO_MEMORY; } disp_ret = init_sam_dispinfo_4(p->mem_ctx, ctr->sam.info4, max_entries, enum_context, info->disp_info.disp_user_info); - if (NT_STATUS_IS_ERR(disp_ret)) + if (!NT_STATUS_IS_OK(disp_ret)) return disp_ret; break; case 0x5: @@ -1028,7 +1301,7 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_ return NT_STATUS_NO_MEMORY; } disp_ret = init_sam_dispinfo_5(p->mem_ctx, ctr->sam.info5, max_entries, enum_context, info->disp_info.disp_group_info); - if (NT_STATUS_IS_ERR(disp_ret)) + if (!NT_STATUS_IS_OK(disp_ret)) return disp_ret; break; @@ -1057,22 +1330,26 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_ NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAMR_R_QUERY_ALIASINFO *r_u) { - struct samr_info *info = NULL; + DOM_SID sid; GROUP_MAP map; + uint32 acc_granted; r_u->status = NT_STATUS_OK; DEBUG(5,("_samr_query_aliasinfo: %d\n", __LINE__)); /* find the policy handle. open a policy on it. */ - if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, ALIAS_ACCESS_LOOKUP_INFO, "_samr_query_aliasinfo"))) { + return r_u->status; + } - if (!sid_check_is_in_our_domain(&info->sid) && - !sid_check_is_in_builtin(&info->sid)) + if (!sid_check_is_in_our_domain(&sid) && + !sid_check_is_in_builtin(&sid)) return NT_STATUS_OBJECT_TYPE_MISMATCH; - if(!get_local_group_from_sid(info->sid, &map, MAPPING_WITHOUT_PRIV)) + if (!get_local_group_from_sid(sid, &map, MAPPING_WITHOUT_PRIV)) return NT_STATUS_NO_SUCH_ALIAS; switch (q_u->switch_level) { @@ -1169,6 +1446,7 @@ NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LO int num_rids = q_u->num_names2; DOM_SID pol_sid; fstring sid_str; + uint32 acc_granted; r_u->status = NT_STATUS_OK; @@ -1177,10 +1455,14 @@ NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LO ZERO_ARRAY(rid); ZERO_ARRAY(type); - if (!get_lsa_policy_samr_sid(p, &q_u->pol, &pol_sid)) { + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &pol_sid, &acc_granted)) { init_samr_r_lookup_names(p->mem_ctx, r_u, 0, NULL, NULL, NT_STATUS_OBJECT_TYPE_MISMATCH); return r_u->status; } + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, 0, "_samr_lookup_names"))) { /* Don't know the acc_bits yet */ + return r_u->status; + } if (num_rids > MAX_SAM_ENTRIES) { num_rids = MAX_SAM_ENTRIES; @@ -1324,13 +1606,14 @@ NTSTATUS _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOK DOM_SID pol_sid; int num_rids = q_u->num_rids1; int i; + uint32 acc_granted; r_u->status = NT_STATUS_OK; DEBUG(5,("_samr_lookup_rids: %d\n", __LINE__)); /* find the policy handle. open a policy on it. */ - if (!get_lsa_policy_samr_sid(p, &q_u->pol, &pol_sid)) + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &pol_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; if (num_rids > MAX_SAM_ENTRIES) { @@ -1356,7 +1639,7 @@ NTSTATUS _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOK group_attrs[i] = SID_NAME_UNKNOWN; *group_names[i] = '\0'; - if (sid_equal(&pol_sid, &global_sam_sid)) { + if (sid_equal(&pol_sid, get_global_sam_sid())) { sid_copy(&sid, &pol_sid); sid_append_rid(&sid, q_u->rid[i]); @@ -1390,42 +1673,58 @@ NTSTATUS _api_samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN SAM_ACCOUNT *sampass=NULL; DOM_SID sid; POLICY_HND domain_pol = q_u->domain_pol; - uint32 user_rid = q_u->user_rid; POLICY_HND *user_pol = &r_u->user_pol; struct samr_info *info = NULL; + SEC_DESC *psd = NULL; + uint32 acc_granted; + uint32 des_access = q_u->access_mask; + size_t sd_size; BOOL ret; + NTSTATUS nt_status; r_u->status = NT_STATUS_OK; - /* find the domain policy handle. */ - if (!find_policy_by_hnd(p, &domain_pol, NULL)) + /* find the domain policy handle and get domain SID / access bits in the domain policy. */ + if (!get_lsa_policy_samr_sid(p, &domain_pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(nt_status = access_check_samr_function(acc_granted, DOMAIN_ACCESS_OPEN_ACCOUNT, "_samr_open_user"))) { + return nt_status; + } + + nt_status = pdb_init_sam_talloc(p->mem_ctx, &sampass); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } - pdb_init_sam(&sampass); + /* append the user's RID to it */ + if (!sid_append_rid(&sid, q_u->user_rid)) + return NT_STATUS_NO_SUCH_USER; + + /* check if access can be granted as requested by client. */ + samr_make_usr_obj_sd(p->mem_ctx, &psd, &sd_size, &sid); + se_map_generic(&des_access, &usr_generic_mapping); + if (!NT_STATUS_IS_OK(nt_status = + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_open_user"))) { + return nt_status; + } become_root(); - ret=pdb_getsampwrid(sampass, user_rid); + ret=pdb_getsampwsid(sampass, &sid); unbecome_root(); - /* check that the RID exists in our domain. */ + /* check that the SID exists in our domain. */ if (ret == False) { - pdb_free_sam(&sampass); return NT_STATUS_NO_SUCH_USER; } pdb_free_sam(&sampass); - /* Get the domain SID stored in the domain policy */ - if(!get_lsa_policy_samr_sid(p, &domain_pol, &sid)) - return NT_STATUS_INVALID_HANDLE; - - /* append the user's RID to it */ - if(!sid_append_rid(&sid, user_rid)) - return NT_STATUS_NO_SUCH_USER; - - /* associate the user's SID with the new handle. */ + /* associate the user's SID and access bits with the new handle. */ if ((info = get_samr_info_by_sid(&sid)) == NULL) return NT_STATUS_NO_MEMORY; + info->acc_granted = acc_granted; /* get a (unique) handle. open a policy on it. */ if (!create_policy_hnd(p, user_pol, free_samr_info, (void *)info)) @@ -1438,21 +1737,25 @@ NTSTATUS _api_samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN get_user_info_10. Safe. Only gives out acb bits. *************************************************************************/ -static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid) +static NTSTATUS get_user_info_10(TALLOC_CTX *mem_ctx, SAM_USER_INFO_10 *id10, DOM_SID *user_sid) { SAM_ACCOUNT *smbpass=NULL; BOOL ret; + NTSTATUS nt_status; - pdb_init_sam(&smbpass); + nt_status = pdb_init_sam_talloc(mem_ctx, &smbpass); + + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } become_root(); - ret = pdb_getsampwrid(smbpass, user_rid); + ret = pdb_getsampwsid(smbpass, user_sid); unbecome_root(); if (ret==False) { - DEBUG(4,("User 0x%x not found\n", user_rid)); - pdb_free_sam(&smbpass); - return False; + DEBUG(4,("User %s not found\n", sid_string_static(user_sid))); + return NT_STATUS_NO_SUCH_USER; } DEBUG(3,("User:[%s]\n", pdb_get_username(smbpass) )); @@ -1462,7 +1765,7 @@ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid) pdb_free_sam(&smbpass); - return True; + return NT_STATUS_OK; } /************************************************************************* @@ -1471,10 +1774,11 @@ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid) user. JRA. *************************************************************************/ -static NTSTATUS get_user_info_12(pipes_struct *p, SAM_USER_INFO_12 * id12, uint32 user_rid) +static NTSTATUS get_user_info_12(pipes_struct *p, TALLOC_CTX *mem_ctx, SAM_USER_INFO_12 * id12, DOM_SID *user_sid) { SAM_ACCOUNT *smbpass=NULL; BOOL ret; + NTSTATUS nt_status; if (!p->ntlmssp_auth_validated) return NT_STATUS_ACCESS_DENIED; @@ -1485,12 +1789,17 @@ static NTSTATUS get_user_info_12(pipes_struct *p, SAM_USER_INFO_12 * id12, uint3 /* * Do *NOT* do become_root()/unbecome_root() here ! JRA. */ - pdb_init_sam(&smbpass); - ret = pdb_getsampwrid(smbpass, user_rid); + nt_status = pdb_init_sam_talloc(mem_ctx, &smbpass); + + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } + + ret = pdb_getsampwsid(smbpass, user_sid); if (ret == False) { - DEBUG(4, ("User 0x%x not found\n", user_rid)); + DEBUG(4, ("User %s not found\n", sid_string_static(user_sid))); pdb_free_sam(&smbpass); return (geteuid() == (uid_t)0) ? NT_STATUS_NO_SUCH_USER : NT_STATUS_ACCESS_DENIED; } @@ -1514,21 +1823,20 @@ static NTSTATUS get_user_info_12(pipes_struct *p, SAM_USER_INFO_12 * id12, uint3 get_user_info_20 *************************************************************************/ -static BOOL get_user_info_20(SAM_USER_INFO_20 *id20, uint32 user_rid) +static NTSTATUS get_user_info_20(TALLOC_CTX *mem_ctx, SAM_USER_INFO_20 *id20, DOM_SID *user_sid) { SAM_ACCOUNT *sampass=NULL; BOOL ret; - pdb_init_sam(&sampass); + pdb_init_sam_talloc(mem_ctx, &sampass); become_root(); - ret = pdb_getsampwrid(sampass, user_rid); + ret = pdb_getsampwsid(sampass, user_sid); unbecome_root(); if (ret == False) { - DEBUG(4,("User 0x%x not found\n", user_rid)); - pdb_free_sam(&sampass); - return False; + DEBUG(4,("User %s not found\n", sid_string_static(user_sid))); + return NT_STATUS_NO_SUCH_USER; } samr_clear_sam_passwd(sampass); @@ -1540,28 +1848,32 @@ static BOOL get_user_info_20(SAM_USER_INFO_20 *id20, uint32 user_rid) pdb_free_sam(&sampass); - return True; + return NT_STATUS_OK; } /************************************************************************* get_user_info_21 *************************************************************************/ -static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) +static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21, + DOM_SID *user_sid, DOM_SID *domain_sid) { SAM_ACCOUNT *sampass=NULL; BOOL ret; + NTSTATUS nt_status; - pdb_init_sam(&sampass); + nt_status = pdb_init_sam_talloc(mem_ctx, &sampass); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } become_root(); - ret = pdb_getsampwrid(sampass, user_rid); + ret = pdb_getsampwsid(sampass, user_sid); unbecome_root(); if (ret == False) { - DEBUG(4,("User 0x%x not found\n", user_rid)); - pdb_free_sam(&sampass); - return False; + DEBUG(4,("User %s not found\n", sid_string_static(user_sid))); + return NT_STATUS_NO_SUCH_USER; } samr_clear_sam_passwd(sampass); @@ -1569,11 +1881,11 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) DEBUG(3,("User:[%s]\n", pdb_get_username(sampass) )); ZERO_STRUCTP(id21); - init_sam_user_info21A(id21, sampass); + nt_status = init_sam_user_info21A(id21, sampass, domain_sid); pdb_free_sam(&sampass); - return True; + return NT_STATUS_OK; } /******************************************************************* @@ -1583,21 +1895,24 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_R_QUERY_USERINFO *r_u) { SAM_USERINFO_CTR *ctr; - uint32 rid = 0; struct samr_info *info = NULL; - + DOM_SID domain_sid; + uint32 rid; + r_u->status=NT_STATUS_OK; /* search for the handle */ if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) return NT_STATUS_INVALID_HANDLE; + domain_sid = info->sid; + + sid_split_rid(&domain_sid, &rid); + if (!sid_check_is_in_our_domain(&info->sid)) return NT_STATUS_OBJECT_TYPE_MISMATCH; - sid_peek_rid(&info->sid, &rid); - - DEBUG(5,("_samr_query_userinfo: rid:0x%x\n", rid)); + DEBUG(5,("_samr_query_userinfo: sid:%s\n", sid_string_static(&info->sid))); ctr = (SAM_USERINFO_CTR *)talloc_zero(p->mem_ctx, sizeof(SAM_USERINFO_CTR)); if (!ctr) @@ -1614,8 +1929,8 @@ NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_ if (ctr->info.id10 == NULL) return NT_STATUS_NO_MEMORY; - if (!get_user_info_10(ctr->info.id10, rid)) - return NT_STATUS_NO_SUCH_USER; + if (!NT_STATUS_IS_OK(r_u->status = get_user_info_10(p->mem_ctx, ctr->info.id10, &info->sid))) + return r_u->status; break; #if 0 @@ -1649,24 +1964,25 @@ NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_ if (ctr->info.id12 == NULL) return NT_STATUS_NO_MEMORY; - if (NT_STATUS_IS_ERR(r_u->status = get_user_info_12(p, ctr->info.id12, rid))) + if (!NT_STATUS_IS_OK(r_u->status = get_user_info_12(p, p->mem_ctx, ctr->info.id12, &info->sid))) return r_u->status; break; - + case 20: ctr->info.id20 = (SAM_USER_INFO_20 *)talloc_zero(p->mem_ctx,sizeof(SAM_USER_INFO_20)); if (ctr->info.id20 == NULL) return NT_STATUS_NO_MEMORY; - if (!get_user_info_20(ctr->info.id20, rid)) - return NT_STATUS_NO_SUCH_USER; + if (!NT_STATUS_IS_OK(r_u->status = get_user_info_20(p->mem_ctx, ctr->info.id20, &info->sid))) + return r_u->status; break; case 21: ctr->info.id21 = (SAM_USER_INFO_21 *)talloc_zero(p->mem_ctx,sizeof(SAM_USER_INFO_21)); if (ctr->info.id21 == NULL) return NT_STATUS_NO_MEMORY; - if (!get_user_info_21(ctr->info.id21, rid)) - return NT_STATUS_NO_SUCH_USER; + if (!NT_STATUS_IS_OK(r_u->status = get_user_info_21(p->mem_ctx, ctr->info.id21, + &info->sid, &domain_sid))) + return r_u->status; break; default: @@ -1676,7 +1992,7 @@ NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_ init_samr_r_query_userinfo(r_u, ctr, r_u->status); DEBUG(5,("_samr_query_userinfo: %d\n", __LINE__)); - + return r_u->status; } @@ -1687,10 +2003,10 @@ NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, SAMR_R_QUERY_USERGROUPS *r_u) { SAM_ACCOUNT *sam_pass=NULL; + DOM_SID sid; DOM_GID *gids = NULL; int num_groups = 0; - uint32 rid; - struct samr_info *info = NULL; + uint32 acc_granted; BOOL ret; /* @@ -1710,37 +2026,39 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__)); /* find the policy handle. open a policy on it. */ - if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, USER_ACCESS_GET_GROUPS, "_samr_query_usergroups"))) { + return r_u->status; + } - if (!sid_check_is_in_our_domain(&info->sid)) + if (!sid_check_is_in_our_domain(&sid)) return NT_STATUS_OBJECT_TYPE_MISMATCH; - sid_peek_rid(&info->sid, &rid); - pdb_init_sam(&sam_pass); - + become_root(); - ret = pdb_getsampwrid(sam_pass, rid); + ret = pdb_getsampwsid(sam_pass, &sid); unbecome_root(); if (ret == False) { pdb_free_sam(&sam_pass); return NT_STATUS_NO_SUCH_USER; } - + if(!get_domain_user_groups(p->mem_ctx, &num_groups, &gids, sam_pass)) { pdb_free_sam(&sam_pass); return NT_STATUS_NO_SUCH_GROUP; } - + /* construct the response. lkclXXXX: gids are not copied! */ init_samr_r_query_usergroups(r_u, num_groups, gids, r_u->status); - + DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__)); pdb_free_sam(&sam_pass); - + return r_u->status; } @@ -1771,13 +2089,13 @@ NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SA ZERO_STRUCTP(ctr); r_u->status = NT_STATUS_OK; - + DEBUG(5,("_samr_query_dom_info: %d\n", __LINE__)); - + /* find the policy handle. open a policy on it. */ if (!find_policy_by_hnd(p, &q_u->domain_pol, (void **)&info)) return NT_STATUS_INVALID_HANDLE; - + switch (q_u->switch_value) { case 0x01: account_policy_get(AP_MIN_PASSWORD_LEN, &min_pass_len); @@ -1796,15 +2114,15 @@ NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SA become_root(); r_u->status=load_sampwd_entries(info, ACB_NORMAL); unbecome_root(); - if (NT_STATUS_IS_ERR(r_u->status)) { + if (!NT_STATUS_IS_OK(r_u->status)) { DEBUG(5, ("_samr_query_dispinfo: load_sampwd_entries failed\n")); return r_u->status; } num_users=info->disp_info.num_user_account; free_samr_db(info); - r_u->status=load_group_domain_entries(info, &global_sam_sid); - if (NT_STATUS_IS_ERR(r_u->status)) { + r_u->status=load_group_domain_entries(info, get_global_sam_sid()); + if (!NT_STATUS_IS_OK(r_u->status)) { DEBUG(5, ("_samr_query_dispinfo: load_group_domain_entries failed\n")); return r_u->status; } @@ -1842,12 +2160,12 @@ NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SA break; default: return NT_STATUS_INVALID_INFO_CLASS; - } - + } + init_samr_r_query_dom_info(r_u, q_u->switch_value, ctr, NT_STATUS_OK); - + DEBUG(5,("_samr_query_dom_info: %d\n", __LINE__)); - + return r_u->status; } @@ -1871,11 +2189,19 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_ BOOL ret; NTSTATUS nt_status; struct passwd *pw; + uint32 acc_granted; + SEC_DESC *psd; + size_t sd_size; + uint32 des_access; - /* find the policy handle. open a policy on it. */ - if (!find_policy_by_hnd(p, &dom_pol, NULL)) + /* Get the domain SID stored in the domain policy */ + if (!get_lsa_policy_samr_sid(p, &dom_pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; + if (!NT_STATUS_IS_OK(nt_status = access_check_samr_function(acc_granted, DOMAIN_ACCESS_CREATE_USER, "_samr_create_user"))) { + return nt_status; + } + /* find the account: tell the caller if it exists. lkclXXXX i have *no* idea if this is a problem or not or even if you are supposed to construct a different @@ -1944,7 +2270,7 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_ else pstrcpy(add_script, lp_adduser_script()); - if(*add_script) { + if (*add_script) { int add_ret; all_string_sub(add_script, "%u", account, sizeof(account)); add_ret = smbrun(add_script,NULL); @@ -1990,16 +2316,15 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_ return NT_STATUS_ACCESS_DENIED; } - /* Get the domain SID stored in the domain policy */ - if(!get_lsa_policy_samr_sid(p, &dom_pol, &sid)) { - pdb_free_sam(&sam_pass); - return NT_STATUS_INVALID_HANDLE; - } - - /* append the user's RID to it */ - if(!sid_append_rid(&sid, pdb_get_user_rid(sam_pass) )) { - pdb_free_sam(&sam_pass); - return NT_STATUS_NO_SUCH_USER; + /* Get the user's SID */ + sid_copy(&sid, pdb_get_user_sid(sam_pass)); + + samr_make_usr_obj_sd(p->mem_ctx, &psd, &sd_size, &sid); + se_map_generic(&des_access, &usr_generic_mapping); + if (!NT_STATUS_IS_OK(nt_status = + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_create_user"))) { + return nt_status; } /* associate the user's SID with the new handle. */ @@ -2010,6 +2335,7 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_ ZERO_STRUCTP(info); info->sid = sid; + info->acc_granted = acc_granted; /* get a (unique) handle. open a policy on it. */ if (!create_policy_hnd(p, user_pol, free_samr_info, (void *)info)) { @@ -2033,21 +2359,29 @@ NTSTATUS _samr_connect_anon(pipes_struct *p, SAMR_Q_CONNECT_ANON *q_u, SAMR_R_CO { struct samr_info *info = NULL; - /* set up the SAMR connect_anon response */ + /* Access check */ - r_u->status = NT_STATUS_OK; + if (!pipe_access_check(p)) { + DEBUG(3, ("access denied to samr_connect_anon\n")); + r_u->status = NT_STATUS_ACCESS_DENIED; + return r_u->status; + } + + /* set up the SAMR connect_anon response */ - /* associate the user's SID with the new handle. */ - if ((info = get_samr_info_by_sid(NULL)) == NULL) - return NT_STATUS_NO_MEMORY; + r_u->status = NT_STATUS_OK; + + /* associate the user's SID with the new handle. */ + if ((info = get_samr_info_by_sid(NULL)) == NULL) + return NT_STATUS_NO_MEMORY; - info->status = q_u->unknown_0; + info->status = q_u->unknown_0; - /* get a (unique) handle. open a policy on it. */ - if (!create_policy_hnd(p, &r_u->connect_pol, free_samr_info, (void *)info)) - return NT_STATUS_OBJECT_NAME_NOT_FOUND; + /* get a (unique) handle. open a policy on it. */ + if (!create_policy_hnd(p, &r_u->connect_pol, free_samr_info, (void *)info)) + return NT_STATUS_OBJECT_NAME_NOT_FOUND; - return r_u->status; + return r_u->status; } /******************************************************************* @@ -2057,24 +2391,47 @@ NTSTATUS _samr_connect_anon(pipes_struct *p, SAMR_Q_CONNECT_ANON *q_u, SAMR_R_CO NTSTATUS _samr_connect(pipes_struct *p, SAMR_Q_CONNECT *q_u, SAMR_R_CONNECT *r_u) { struct samr_info *info = NULL; + SEC_DESC *psd = NULL; + uint32 acc_granted; + uint32 des_access = q_u->access_mask; + size_t sd_size; + NTSTATUS nt_status; - DEBUG(5,("_samr_connect: %d\n", __LINE__)); - r_u->status = NT_STATUS_OK; + DEBUG(5,("_samr_connect: %d\n", __LINE__)); + + /* Access check */ + + if (!pipe_access_check(p)) { + DEBUG(3, ("access denied to samr_connect\n")); + r_u->status = NT_STATUS_ACCESS_DENIED; + return r_u->status; + } + + samr_make_sam_obj_sd(p->mem_ctx, &psd, &sd_size); + se_map_generic(&des_access, &sam_generic_mapping); + if (!NT_STATUS_IS_OK(nt_status = + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_connect"))) { + return nt_status; + } + + r_u->status = NT_STATUS_OK; - /* associate the user's SID with the new handle. */ + /* associate the user's SID and access granted with the new handle. */ if ((info = get_samr_info_by_sid(NULL)) == NULL) - return NT_STATUS_NO_MEMORY; + return NT_STATUS_NO_MEMORY; - info->status = q_u->access_mask; + info->acc_granted = acc_granted; + info->status = q_u->access_mask; - /* get a (unique) handle. open a policy on it. */ - if (!create_policy_hnd(p, &r_u->connect_pol, free_samr_info, (void *)info)) - return NT_STATUS_OBJECT_NAME_NOT_FOUND; + /* get a (unique) handle. open a policy on it. */ + if (!create_policy_hnd(p, &r_u->connect_pol, free_samr_info, (void *)info)) + return NT_STATUS_OBJECT_NAME_NOT_FOUND; - DEBUG(5,("_samr_connect: %d\n", __LINE__)); + DEBUG(5,("_samr_connect: %d\n", __LINE__)); - return r_u->status; + return r_u->status; } /********************************************************************** @@ -2083,14 +2440,19 @@ NTSTATUS _samr_connect(pipes_struct *p, SAMR_Q_CONNECT *q_u, SAMR_R_CONNECT *r_u NTSTATUS _samr_lookup_domain(pipes_struct *p, SAMR_Q_LOOKUP_DOMAIN *q_u, SAMR_R_LOOKUP_DOMAIN *r_u) { + struct samr_info *info; fstring domain_name; DOM_SID sid; r_u->status = NT_STATUS_OK; - if (!find_policy_by_hnd(p, &q_u->connect_pol, NULL)) + if (!find_policy_by_hnd(p, &q_u->connect_pol, (void**)&info)) return NT_STATUS_INVALID_HANDLE; + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, SAMR_ACCESS_OPEN_DOMAIN, "_samr_lookup_domain"))) { + return r_u->status; + } + rpcstr_pull(domain_name, q_u->uni_domain.buffer, sizeof(domain_name), q_u->uni_domain.uni_str_len*2, 0); ZERO_STRUCT(sid); @@ -2150,11 +2512,19 @@ static BOOL make_enum_domains(TALLOC_CTX *ctx, SAM_ENTRY **pp_sam, NTSTATUS _samr_enum_domains(pipes_struct *p, SAMR_Q_ENUM_DOMAINS *q_u, SAMR_R_ENUM_DOMAINS *r_u) { + struct samr_info *info; uint32 num_entries = 2; fstring dom[2]; char *name; r_u->status = NT_STATUS_OK; + + if (!find_policy_by_hnd(p, &q_u->pol, (void**)&info)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, SAMR_ACCESS_ENUM_DOMAINS, "_samr_enum_domains"))) { + return r_u->status; + } switch (lp_server_role()) { case ROLE_DOMAIN_PDC: @@ -2187,21 +2557,35 @@ NTSTATUS _api_samr_open_alias(pipes_struct *p, SAMR_Q_OPEN_ALIAS *q_u, SAMR_R_OP POLICY_HND domain_pol = q_u->dom_pol; uint32 alias_rid = q_u->rid_alias; POLICY_HND *alias_pol = &r_u->pol; - struct samr_info *info = NULL; + struct samr_info *info = NULL; + SEC_DESC *psd = NULL; + uint32 acc_granted; + uint32 des_access = q_u->access_mask; + size_t sd_size; + NTSTATUS status; r_u->status = NT_STATUS_OK; - /* get the domain policy. */ - if (!find_policy_by_hnd(p, &domain_pol, NULL)) - return NT_STATUS_INVALID_HANDLE; - - /* Get the domain SID stored in the domain policy */ - if(!get_lsa_policy_samr_sid(p, &domain_pol, &sid)) + /* find the domain policy and get the SID / access bits stored in the domain policy */ + if (!get_lsa_policy_samr_sid(p, &domain_pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(status = access_check_samr_function(acc_granted, DOMAIN_ACCESS_OPEN_ACCOUNT, "_samr_open_alias"))) { + return status; + } /* append the alias' RID to it */ - if(!sid_append_rid(&sid, alias_rid)) + if (!sid_append_rid(&sid, alias_rid)) return NT_STATUS_NO_SUCH_USER; + + /*check if access can be granted as requested by client. */ + samr_make_ali_obj_sd(p->mem_ctx, &psd, &sd_size); + se_map_generic(&des_access,&ali_generic_mapping); + if (!NT_STATUS_IS_OK(status = + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_open_alias"))) { + return status; + } /* * we should check if the rid really exist !!! @@ -2211,6 +2595,8 @@ NTSTATUS _api_samr_open_alias(pipes_struct *p, SAMR_Q_OPEN_ALIAS *q_u, SAMR_R_OP /* associate the user's SID with the new handle. */ if ((info = get_samr_info_by_sid(&sid)) == NULL) return NT_STATUS_NO_MEMORY; + + info->acc_granted = acc_granted; /* get a (unique) handle. open a policy on it. */ if (!create_policy_hnd(p, alias_pol, free_samr_info, (void *)info)) @@ -2223,14 +2609,14 @@ NTSTATUS _api_samr_open_alias(pipes_struct *p, SAMR_Q_OPEN_ALIAS *q_u, SAMR_R_OP set_user_info_10 ********************************************************************/ -static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, uint32 rid) +static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, DOM_SID *sid) { SAM_ACCOUNT *pwd =NULL; BOOL ret; pdb_init_sam(&pwd); - ret = pdb_getsampwrid(pwd, rid); + ret = pdb_getsampwsid(pwd, sid); if(ret==False) { pdb_free_sam(&pwd); @@ -2262,13 +2648,13 @@ static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, uint32 rid) set_user_info_12 ********************************************************************/ -static BOOL set_user_info_12(SAM_USER_INFO_12 *id12, uint32 rid) +static BOOL set_user_info_12(SAM_USER_INFO_12 *id12, DOM_SID *sid) { SAM_ACCOUNT *pwd = NULL; pdb_init_sam(&pwd); - if(!pdb_getsampwrid(pwd, rid)) { + if(!pdb_getsampwsid(pwd, sid)) { pdb_free_sam(&pwd); return False; } @@ -2305,7 +2691,7 @@ static BOOL set_user_info_12(SAM_USER_INFO_12 *id12, uint32 rid) set_user_info_21 ********************************************************************/ -static BOOL set_user_info_21(SAM_USER_INFO_21 *id21, uint32 rid) +static BOOL set_user_info_21(SAM_USER_INFO_21 *id21, DOM_SID *sid) { SAM_ACCOUNT *pwd = NULL; @@ -2316,7 +2702,7 @@ static BOOL set_user_info_21(SAM_USER_INFO_21 *id21, uint32 rid) pdb_init_sam(&pwd); - if (!pdb_getsampwrid(pwd, rid)) { + if (!pdb_getsampwsid(pwd, sid)) { pdb_free_sam(&pwd); return False; } @@ -2345,7 +2731,7 @@ static BOOL set_user_info_21(SAM_USER_INFO_21 *id21, uint32 rid) set_user_info_23 ********************************************************************/ -static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid) +static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, DOM_SID *sid) { SAM_ACCOUNT *pwd = NULL; pstring plaintext_buf; @@ -2359,7 +2745,7 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid) pdb_init_sam(&pwd); - if (!pdb_getsampwrid(pwd, rid)) { + if (!pdb_getsampwsid(pwd, sid)) { pdb_free_sam(&pwd); return False; } @@ -2412,7 +2798,7 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid) set_user_info_pw ********************************************************************/ -static BOOL set_user_info_pw(char *pass, uint32 rid) +static BOOL set_user_info_pw(char *pass, DOM_SID *sid) { SAM_ACCOUNT *pwd = NULL; uint32 len; @@ -2421,7 +2807,7 @@ static BOOL set_user_info_pw(char *pass, uint32 rid) pdb_init_sam(&pwd); - if (!pdb_getsampwrid(pwd, rid)) { + if (!pdb_getsampwsid(pwd, sid)) { pdb_free_sam(&pwd); return False; } @@ -2480,23 +2866,27 @@ static BOOL set_user_info_pw(char *pass, uint32 rid) NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SET_USERINFO *r_u) { - uint32 rid = 0x0; DOM_SID sid; POLICY_HND *pol = &q_u->pol; uint16 switch_value = q_u->switch_value; SAM_USERINFO_CTR *ctr = q_u->ctr; + uint32 acc_granted; + uint32 acc_required; DEBUG(5, ("_samr_set_userinfo: %d\n", __LINE__)); r_u->status = NT_STATUS_OK; /* find the policy handle. open a policy on it. */ - if (!get_lsa_policy_samr_sid(p, pol, &sid)) + if (!get_lsa_policy_samr_sid(p, pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - - sid_split_rid(&sid, &rid); - - DEBUG(5, ("_samr_set_userinfo: rid:0x%x, level:%d\n", rid, switch_value)); + + acc_required = USER_ACCESS_SET_LOC_COM | USER_ACCESS_SET_ATTRIBUTES; /* This is probably wrong */ + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, acc_required, "_samr_set_userinfo"))) { + return r_u->status; + } + + DEBUG(5, ("_samr_set_userinfo: sid:%s, level:%d\n", sid_string_static(&sid), switch_value)); if (ctr == NULL) { DEBUG(5, ("_samr_set_userinfo: NULL info level\n")); @@ -2506,7 +2896,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE /* ok! user info levels (lots: see MSDEV help), off we go... */ switch (switch_value) { case 0x12: - if (!set_user_info_12(ctr->info.id12, rid)) + if (!set_user_info_12(ctr->info.id12, &sid)) return NT_STATUS_ACCESS_DENIED; break; @@ -2515,7 +2905,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE dump_data(100, (char *)ctr->info.id24->pass, 516); - if (!set_user_info_pw((char *)ctr->info.id24->pass, rid)) + if (!set_user_info_pw((char *)ctr->info.id24->pass, &sid)) return NT_STATUS_ACCESS_DENIED; break; @@ -2533,7 +2923,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE dump_data(100, (char *)ctr->info.id25->pass, 532); - if (!set_user_info_pw(ctr->info.id25->pass, rid)) + if (!set_user_info_pw(ctr->info.id25->pass, &sid)) return NT_STATUS_ACCESS_DENIED; break; #endif @@ -2544,7 +2934,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE dump_data(100, (char *)ctr->info.id23->pass, 516); - if (!set_user_info_23(ctr->info.id23, rid)) + if (!set_user_info_23(ctr->info.id23, &sid)) return NT_STATUS_ACCESS_DENIED; break; @@ -2562,22 +2952,26 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_SET_USERINFO2 *r_u) { DOM_SID sid; - uint32 rid = 0x0; SAM_USERINFO_CTR *ctr = q_u->ctr; POLICY_HND *pol = &q_u->pol; uint16 switch_value = q_u->switch_value; + uint32 acc_granted; + uint32 acc_required; DEBUG(5, ("samr_reply_set_userinfo2: %d\n", __LINE__)); r_u->status = NT_STATUS_OK; /* find the policy handle. open a policy on it. */ - if (!get_lsa_policy_samr_sid(p, pol, &sid)) + if (!get_lsa_policy_samr_sid(p, pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; + + acc_required = USER_ACCESS_SET_LOC_COM | USER_ACCESS_SET_ATTRIBUTES; /* This is probably wrong */ + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, acc_required, "_samr_set_userinfo2"))) { + return r_u->status; + } - sid_split_rid(&sid, &rid); - - DEBUG(5, ("samr_reply_set_userinfo2: rid:0x%x\n", rid)); + DEBUG(5, ("samr_reply_set_userinfo2: sid:%s\n", sid_string_static(&sid))); if (ctr == NULL) { DEBUG(5, ("samr_reply_set_userinfo2: NULL info level\n")); @@ -2589,16 +2983,16 @@ NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_ /* ok! user info levels (lots: see MSDEV help), off we go... */ switch (switch_value) { case 21: - if (!set_user_info_21(ctr->info.id21, rid)) + if (!set_user_info_21(ctr->info.id21, &sid)) return NT_STATUS_ACCESS_DENIED; break; case 16: - if (!set_user_info_10(ctr->info.id10, rid)) + if (!set_user_info_10(ctr->info.id10, &sid)) return NT_STATUS_ACCESS_DENIED; break; case 18: /* Used by AS/U JRA. */ - if (!set_user_info_12(ctr->info.id12, rid)) + if (!set_user_info_12(ctr->info.id12, &sid)) return NT_STATUS_ACCESS_DENIED; break; default: @@ -2642,6 +3036,10 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, /* find the policy handle. open a policy on it. */ if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, USER_ACCESS_GET_GROUPS, "_samr_query_useraliases"))) { + return r_u->status; + } if (!sid_check_is_domain(&info->sid) && !sid_check_is_builtin(&info->sid)) @@ -2656,7 +3054,7 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, * if there is an error, we just continue as * it can be an unfound user or group */ - if (NT_STATUS_IS_ERR(r_u->status)) { + if (!NT_STATUS_IS_OK(r_u->status)) { DEBUG(10,("_samr_query_useraliases: an error occured while getting groups\n")); continue; } @@ -2706,11 +3104,16 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_ SAM_ACCOUNT *sam_user = NULL; BOOL check; + uint32 acc_granted; /* find the policy handle. open a policy on it. */ - if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid)) + if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, ALIAS_ACCESS_GET_MEMBERS, "_samr_query_aliasmem"))) { + return r_u->status; + } + sid_copy(&als_sid, &alias_sid); sid_to_string(alias_sid_str, &alias_sid); sid_split_rid(&alias_sid, &alias_rid); @@ -2722,7 +3125,7 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_ if(!get_local_group_from_sid(als_sid, &map, MAPPING_WITHOUT_PRIV)) return NT_STATUS_NO_SUCH_ALIAS; } else { - if (sid_equal(&alias_sid, &global_sam_sid)) { + if (sid_equal(&alias_sid, get_global_sam_sid())) { DEBUG(10, ("lookup on Server SID\n")); if(!get_local_group_from_sid(als_sid, &map, MAPPING_WITHOUT_PRIV)) return NT_STATUS_NO_SUCH_ALIAS; @@ -2741,12 +3144,12 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_ struct passwd *pass; uint32 rid; - sid_copy(&temp_sid, &global_sam_sid); + sid_copy(&temp_sid, get_global_sam_sid()); pass = getpwuid_alloc(uid[i]); if (!pass) continue; - if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user))) { + if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_user))) { passwd_free(&pass); continue; } @@ -2802,12 +3205,16 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_ SAM_ACCOUNT *sam_user = NULL; BOOL check; - + uint32 acc_granted; /* find the policy handle. open a policy on it. */ - if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid)) + if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, GROUP_ACCESS_GET_MEMBERS, "_samr_query_groupmem"))) { + return r_u->status; + } + /* todo: change to use sid_compare_front */ sid_split_rid(&group_sid, &group_rid); @@ -2815,7 +3222,7 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_ DEBUG(10, ("sid is %s\n", group_sid_str)); /* can we get a query for an SID outside our domain ? */ - if (!sid_equal(&group_sid, &global_sam_sid)) + if (!sid_equal(&group_sid, get_global_sam_sid())) return NT_STATUS_NO_SUCH_GROUP; sid_append_rid(&group_sid, group_rid); @@ -2840,7 +3247,7 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_ pass = getpwuid_alloc(uid[i]); if (!pass) continue; - if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user))) { + if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_user))) { passwd_free(&pass); continue; } @@ -2886,20 +3293,24 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD struct passwd *pwd; struct group *grp; fstring grp_name; - uint32 rid; GROUP_MAP map; NTSTATUS ret; SAM_ACCOUNT *sam_user = NULL; BOOL check; + uint32 acc_granted; /* Find the policy handle. Open a policy on it. */ - if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid)) + if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, ALIAS_ACCESS_ADD_MEMBER, "_samr_add_aliasmem"))) { + return r_u->status; + } + sid_to_string(alias_sid_str, &alias_sid); DEBUG(10, ("sid is %s\n", alias_sid_str)); - if (sid_compare(&alias_sid, &global_sam_sid)>0) { + if (sid_compare(&alias_sid, get_global_sam_sid())>0) { DEBUG(10, ("adding member on Server SID\n")); if(!get_local_group_from_sid(alias_sid, &map, MAPPING_WITHOUT_PRIV)) return NT_STATUS_NO_SUCH_ALIAS; @@ -2914,13 +3325,11 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD return NT_STATUS_NO_SUCH_ALIAS; } - sid_split_rid(&q_u->sid.sid, &rid); - ret = pdb_init_sam(&sam_user); - if (NT_STATUS_IS_ERR(ret)) + if (!NT_STATUS_IS_OK(ret)) return ret; - check = pdb_getsampwrid(sam_user, rid); + check = pdb_getsampwsid(sam_user, &q_u->sid.sid); if (check != True) { pdb_free_sam(&sam_user); @@ -2935,8 +3344,11 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD pdb_free_sam(&sam_user); - if ((pwd=getpwuid(uid)) == NULL) + if ((pwd=getpwuid_alloc(uid)) == NULL) { return NT_STATUS_NO_SUCH_USER; + } else { + passwd_free(&pwd); + } if ((grp=getgrgid(map.gid)) == NULL) return NT_STATUS_NO_SUCH_ALIAS; @@ -2971,14 +3383,18 @@ NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DE fstring alias_sid_str; struct group *grp; fstring grp_name; - uint32 rid; GROUP_MAP map; SAM_ACCOUNT *sam_pass=NULL; + uint32 acc_granted; /* Find the policy handle. Open a policy on it. */ - if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid)) + if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, ALIAS_ACCESS_REMOVE_MEMBER, "_samr_del_aliasmem"))) { + return r_u->status; + } + sid_to_string(alias_sid_str, &alias_sid); DEBUG(10, ("_samr_del_aliasmem:sid is %s\n", alias_sid_str)); @@ -2997,11 +3413,9 @@ NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DE /* we need to copy the name otherwise it's overloaded in user_in_group_list */ fstrcpy(grp_name, grp->gr_name); - sid_peek_rid(&q_u->sid.sid, &rid); - /* check if the user exists before trying to remove it from the group */ pdb_init_sam(&sam_pass); - if(!pdb_getsampwrid(sam_pass, rid)) { + if(!pdb_getsampwsid(sam_pass, &q_u->sid.sid)) { DEBUG(5,("_samr_del_aliasmem:User %s doesn't exist.\n", pdb_get_username(sam_pass))); pdb_free_sam(&sam_pass); return NT_STATUS_NO_SUCH_USER; @@ -3032,6 +3446,7 @@ NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DE NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_ADD_GROUPMEM *r_u) { DOM_SID group_sid; + DOM_SID user_sid; fstring group_sid_str; struct passwd *pwd; struct group *grp; @@ -3041,15 +3456,20 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD NTSTATUS ret; SAM_ACCOUNT *sam_user; BOOL check; + uint32 acc_granted; /* Find the policy handle. Open a policy on it. */ - if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid)) + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, GROUP_ACCESS_ADD_MEMBER, "_samr_add_groupmem"))) { + return r_u->status; + } sid_to_string(group_sid_str, &group_sid); DEBUG(10, ("sid is %s\n", group_sid_str)); - if (sid_compare(&group_sid, &global_sam_sid)<=0) + if (sid_compare(&group_sid, get_global_sam_sid())<=0) return NT_STATUS_NO_SUCH_GROUP; DEBUG(10, ("lookup on Domain SID\n")); @@ -3057,11 +3477,14 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD if(!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV)) return NT_STATUS_NO_SUCH_GROUP; + sid_copy(&user_sid, get_global_sam_sid()); + sid_append_rid(&user_sid, q_u->rid); + ret = pdb_init_sam(&sam_user); - if (NT_STATUS_IS_ERR(ret)) + if (!NT_STATUS_IS_OK(ret)) return ret; - check = pdb_getsampwrid(sam_user, q_u->rid); + check = pdb_getsampwsid(sam_user, &user_sid); if (check != True) { pdb_free_sam(&sam_user); @@ -3076,8 +3499,11 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD pdb_free_sam(&sam_user); - if ((pwd=getpwuid(uid)) == NULL) + if ((pwd=getpwuid_alloc(uid)) == NULL) { return NT_STATUS_NO_SUCH_USER; + } else { + passwd_free(&pwd); + } if ((grp=getgrgid(map.gid)) == NULL) return NT_STATUS_NO_SUCH_GROUP; @@ -3111,11 +3537,12 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DEL_GROUPMEM *r_u) { DOM_SID group_sid; + DOM_SID user_sid; SAM_ACCOUNT *sam_pass=NULL; - uint32 rid; GROUP_MAP map; fstring grp_name; struct group *grp; + uint32 acc_granted; /* * delete the group member named q_u->rid @@ -3124,15 +3551,20 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE */ /* Find the policy handle. Open a policy on it. */ - if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid)) + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - - if(!sid_check_is_in_our_domain(&group_sid)) + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, GROUP_ACCESS_REMOVE_MEMBER, "_samr_del_groupmem"))) { + return r_u->status; + } + + if (!sid_check_is_in_our_domain(&group_sid)) return NT_STATUS_NO_SUCH_GROUP; - rid=q_u->rid; + sid_copy(&user_sid, get_global_sam_sid()); + sid_append_rid(&user_sid, q_u->rid); - if(!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV)) + if (!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV)) return NT_STATUS_NO_SUCH_GROUP; if ((grp=getgrgid(map.gid)) == NULL) @@ -3143,14 +3575,14 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE /* check if the user exists before trying to remove it from the group */ pdb_init_sam(&sam_pass); - if(!pdb_getsampwrid(sam_pass, rid)) { + if (!pdb_getsampwsid(sam_pass, &user_sid)) { DEBUG(5,("User %s doesn't exist.\n", pdb_get_username(sam_pass))); pdb_free_sam(&sam_pass); return NT_STATUS_NO_SUCH_USER; } /* if the user is not in the group */ - if(!user_in_group_list(pdb_get_username(sam_pass), grp_name)) { + if (!user_in_group_list(pdb_get_username(sam_pass), grp_name)) { pdb_free_sam(&sam_pass); return NT_STATUS_MEMBER_NOT_IN_GROUP; } @@ -3158,7 +3590,7 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE smb_delete_user_group(grp_name, pdb_get_username(sam_pass)); /* check if the user has been removed then ... */ - if(user_in_group_list(pdb_get_username(sam_pass), grp_name)) { + if (user_in_group_list(pdb_get_username(sam_pass), grp_name)) { pdb_free_sam(&sam_pass); return NT_STATUS_ACCESS_DENIED; /* don't know what to reply else */ } @@ -3168,6 +3600,24 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE } +/**************************************************************************** + Delete a UNIX user on demand. +****************************************************************************/ + +static int smb_delete_user(const char *unix_user) +{ + pstring del_script; + int ret; + + pstrcpy(del_script, lp_deluser_script()); + if (! *del_script) + return -1; + all_string_sub(del_script, "%u", unix_user, sizeof(pstring)); + ret = smbrun(del_script,NULL); + DEBUG(3,("smb_delete_user: Running the command `%s' gave %d\n",del_script,ret)); + return ret; +} + /********************************************************************* _samr_delete_dom_user *********************************************************************/ @@ -3176,22 +3626,24 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM { DOM_SID user_sid; SAM_ACCOUNT *sam_pass=NULL; - uint32 rid; + uint32 acc_granted; DEBUG(5, ("_samr_delete_dom_user: %d\n", __LINE__)); /* Find the policy handle. Open a policy on it. */ - if (!get_lsa_policy_samr_sid(p, &q_u->user_pol, &user_sid)) + if (!get_lsa_policy_samr_sid(p, &q_u->user_pol, &user_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, DELETE_ACCESS, "_samr_delete_dom_user"))) { + return r_u->status; + } + if (!sid_check_is_in_our_domain(&user_sid)) return NT_STATUS_CANNOT_DELETE; - sid_peek_rid(&user_sid, &rid); - /* check if the user exists before trying to delete */ pdb_init_sam(&sam_pass); - if(!pdb_getsampwrid(sam_pass, rid)) { + if(!pdb_getsampwsid(sam_pass, &user_sid)) { DEBUG(5,("_samr_delete_dom_user:User %s doesn't exist.\n", pdb_get_username(sam_pass))); pdb_free_sam(&sam_pass); return NT_STATUS_NO_SUCH_USER; @@ -3233,13 +3685,18 @@ NTSTATUS _samr_delete_dom_group(pipes_struct *p, SAMR_Q_DELETE_DOM_GROUP *q_u, S gid_t gid; struct group *grp; GROUP_MAP map; + uint32 acc_granted; DEBUG(5, ("samr_delete_dom_group: %d\n", __LINE__)); /* Find the policy handle. Open a policy on it. */ - if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid)) + if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, DELETE_ACCESS, "_samr_delete_dom_group"))) { + return r_u->status; + } + sid_copy(&dom_sid, &group_sid); sid_to_string(group_sid_str, &dom_sid); sid_split_rid(&dom_sid, &group_rid); @@ -3247,7 +3704,7 @@ NTSTATUS _samr_delete_dom_group(pipes_struct *p, SAMR_Q_DELETE_DOM_GROUP *q_u, S DEBUG(10, ("sid is %s\n", group_sid_str)); /* we check if it's our SID before deleting */ - if (!sid_equal(&dom_sid, &global_sam_sid)) + if (!sid_equal(&dom_sid, get_global_sam_sid())) return NT_STATUS_NO_SUCH_GROUP; DEBUG(10, ("lookup on Domain SID\n")); @@ -3290,13 +3747,18 @@ NTSTATUS _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, S gid_t gid; struct group *grp; GROUP_MAP map; + uint32 acc_granted; DEBUG(5, ("_samr_delete_dom_alias: %d\n", __LINE__)); /* Find the policy handle. Open a policy on it. */ - if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid)) + if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, DELETE_ACCESS, "_samr_delete_dom_alias"))) { + return r_u->status; + } + sid_copy(&dom_sid, &alias_sid); sid_to_string(alias_sid_str, &dom_sid); sid_split_rid(&dom_sid, &alias_rid); @@ -3304,7 +3766,7 @@ NTSTATUS _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, S DEBUG(10, ("sid is %s\n", alias_sid_str)); /* we check if it's our SID before deleting */ - if (!sid_equal(&dom_sid, &global_sam_sid)) + if (!sid_equal(&dom_sid, get_global_sam_sid())) return NT_STATUS_NO_SUCH_ALIAS; DEBUG(10, ("lookup on Local SID\n")); @@ -3347,14 +3809,19 @@ NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, S struct group *grp; struct samr_info *info; PRIVILEGE_SET priv_set; + uint32 acc_granted; init_privilege(&priv_set); /* Find the policy handle. Open a policy on it. */ - if (!get_lsa_policy_samr_sid(p, &q_u->pol, &dom_sid)) + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &dom_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - - if (!sid_equal(&dom_sid, &global_sam_sid)) + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, DOMAIN_ACCESS_CREATE_GROUP, "_samr_create_dom_group"))) { + return r_u->status; + } + + if (!sid_equal(&dom_sid, get_global_sam_sid())) return NT_STATUS_ACCESS_DENIED; /* TODO: check if allowed to create group and add a become_root/unbecome_root pair.*/ @@ -3375,7 +3842,7 @@ NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, S r_u->rid=pdb_gid_to_group_rid(grp->gr_gid); /* add the group to the mapping table */ - sid_copy(&info_sid, &global_sam_sid); + sid_copy(&info_sid, get_global_sam_sid()); sid_append_rid(&info_sid, r_u->rid); sid_to_string(sid_string, &info_sid); @@ -3405,14 +3872,19 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S struct group *grp; struct samr_info *info; PRIVILEGE_SET priv_set; + uint32 acc_granted; init_privilege(&priv_set); /* Find the policy handle. Open a policy on it. */ - if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &dom_sid)) + if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &dom_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - - if (!sid_equal(&dom_sid, &global_sam_sid)) + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, DOMAIN_ACCESS_CREATE_ALIAS, "_samr_create_alias"))) { + return r_u->status; + } + + if (!sid_equal(&dom_sid, get_global_sam_sid())) return NT_STATUS_ACCESS_DENIED; /* TODO: check if allowed to create group and add a become_root/unbecome_root pair.*/ @@ -3432,7 +3904,7 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S r_u->rid=pdb_gid_to_group_rid(grp->gr_gid); - sid_copy(&info_sid, &global_sam_sid); + sid_copy(&info_sid, get_global_sam_sid()); sid_append_rid(&info_sid, r_u->rid); sid_to_string(sid_string, &info_sid); @@ -3464,10 +3936,15 @@ NTSTATUS _samr_query_groupinfo(pipes_struct *p, SAMR_Q_QUERY_GROUPINFO *q_u, SAM uid_t *uid=NULL; int num_uids=0; GROUP_INFO_CTR *ctr; + uint32 acc_granted; - if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid)) + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, GROUP_ACCESS_LOOKUP_INFO, "_samr_query_groupinfo"))) { + return r_u->status; + } + if (!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV)) return NT_STATUS_INVALID_HANDLE; @@ -3511,10 +3988,15 @@ NTSTATUS _samr_set_groupinfo(pipes_struct *p, SAMR_Q_SET_GROUPINFO *q_u, SAMR_R_ DOM_SID group_sid; GROUP_MAP map; GROUP_INFO_CTR *ctr; + uint32 acc_granted; - if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid)) + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, GROUP_ACCESS_SET_INFO, "_samr_set_groupinfo"))) { + return r_u->status; + } + if (!get_domain_group_from_sid(group_sid, &map, MAPPING_WITH_PRIV)) return NT_STATUS_NO_SUCH_GROUP; @@ -3553,10 +4035,15 @@ NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_ DOM_SID group_sid; GROUP_MAP map; ALIAS_INFO_CTR *ctr; + uint32 acc_granted; - if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &group_sid)) + if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &group_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, ALIAS_ACCESS_SET_INFO, "_samr_set_aliasinfo"))) { + return r_u->status; + } + if (!get_local_group_from_sid(group_sid, &map, MAPPING_WITH_PRIV)) return NT_STATUS_NO_SUCH_GROUP; @@ -3587,7 +4074,18 @@ NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_ NTSTATUS _samr_get_dom_pwinfo(pipes_struct *p, SAMR_Q_GET_DOM_PWINFO *q_u, SAMR_R_GET_DOM_PWINFO *r_u) { + /* Perform access check. Since this rpc does not require a + policy handle it will not be caught by the access checks on + SAMR_CONNECT or SAMR_CONNECT_ANON. */ + + if (!pipe_access_check(p)) { + DEBUG(3, ("access denied to samr_get_dom_pwinfo\n")); + r_u->status = NT_STATUS_ACCESS_DENIED; + return r_u->status; + } + /* Actually, returning zeros here works quite well :-). */ + return NT_STATUS_OK; } @@ -3601,21 +4099,42 @@ NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_G DOM_SID info_sid; GROUP_MAP map; struct samr_info *info; + SEC_DESC *psd = NULL; + uint32 acc_granted; + uint32 des_access; + size_t sd_size; + NTSTATUS status; fstring sid_string; - if (!get_lsa_policy_samr_sid(p, &q_u->domain_pol, &sid)) + if (!get_lsa_policy_samr_sid(p, &q_u->domain_pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(status = access_check_samr_function(acc_granted, DOMAIN_ACCESS_OPEN_ACCOUNT, "_samr_open_group"))) { + return status; + } + + /*check if access can be granted as requested by client. */ + samr_make_grp_obj_sd(p->mem_ctx, &psd, &sd_size); + se_map_generic(&des_access,&grp_generic_mapping); + if (!NT_STATUS_IS_OK(status = + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_open_group"))) { + return status; + } + /* this should not be hard-coded like this */ - if (!sid_equal(&sid, &global_sam_sid)) + if (!sid_equal(&sid, get_global_sam_sid())) return NT_STATUS_ACCESS_DENIED; - sid_copy(&info_sid, &global_sam_sid); + sid_copy(&info_sid, get_global_sam_sid()); sid_append_rid(&info_sid, q_u->rid_group); sid_to_string(sid_string, &info_sid); if ((info = get_samr_info_by_sid(&info_sid)) == NULL) return NT_STATUS_NO_MEMORY; + + info->acc_granted = acc_granted; DEBUG(10, ("_samr_open_group:Opening SID: %s\n", sid_string)); @@ -3692,14 +4211,14 @@ NTSTATUS _samr_unknown_2e(pipes_struct *p, SAMR_Q_UNKNOWN_2E *q_u, SAMR_R_UNKNOW become_root(); r_u->status=load_sampwd_entries(info, ACB_NORMAL); unbecome_root(); - if (NT_STATUS_IS_ERR(r_u->status)) { + if (!NT_STATUS_IS_OK(r_u->status)) { DEBUG(5, ("_samr_query_dispinfo: load_sampwd_entries failed\n")); return r_u->status; } num_users=info->disp_info.num_user_account; free_samr_db(info); - r_u->status=load_group_domain_entries(info, &global_sam_sid); + r_u->status=load_group_domain_entries(info, get_global_sam_sid()); if (NT_STATUS_IS_ERR(r_u->status)) { DEBUG(5, ("_samr_query_dispinfo: load_group_domain_entries failed\n")); return r_u->status; diff --git a/source3/rpc_server/srv_spoolss.c b/source3/rpc_server/srv_spoolss.c index c7dc5d27ffb..6e3463e79bd 100755 --- a/source3/rpc_server/srv_spoolss.c +++ b/source3/rpc_server/srv_spoolss.c @@ -4,7 +4,8 @@ * Copyright (C) Andrew Tridgell 1992-2000, * Copyright (C) Luke Kenneth Casson Leighton 1996-2000, * Copyright (C) Jean François Micouleau 1998-2000. - * Copyright (C) Jeremy Allison 2001. + * Copyright (C) Jeremy Allison 2001. + * Copyright (C) Gerald Carter 2001-2002. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -23,6 +24,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + /******************************************************************** * api_spoolss_open_printer_ex (rarely seen - older call) ********************************************************************/ @@ -1399,6 +1403,119 @@ static BOOL api_spoolss_getprintprocessordirectory(pipes_struct *p) return True; } +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_deleteprinterdataex(pipes_struct *p) +{ + SPOOL_Q_DELETEPRINTERDATAEX q_u; + SPOOL_R_DELETEPRINTERDATAEX r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_deleteprinterdataex("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_deleteprinterdataex: unable to unmarshall SPOOL_Q_DELETEPRINTERDATAEX.\n")); + return False; + } + + r_u.status = _spoolss_deleteprinterdataex(p, &q_u, &r_u); + + if(!spoolss_io_r_deleteprinterdataex("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_deleteprinterdataex: unable to marshall SPOOL_R_DELETEPRINTERDATAEX.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_deleteprinterkey(pipes_struct *p) +{ + SPOOL_Q_DELETEPRINTERKEY q_u; + SPOOL_R_DELETEPRINTERKEY r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_deleteprinterkey("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_deleteprinterkey: unable to unmarshall SPOOL_Q_DELETEPRINTERKEY.\n")); + return False; + } + + r_u.status = _spoolss_deleteprinterkey(p, &q_u, &r_u); + + if(!spoolss_io_r_deleteprinterkey("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_deleteprinterkey: unable to marshall SPOOL_R_DELETEPRINTERKEY.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_addprinterdriverex(pipes_struct *p) +{ + SPOOL_Q_ADDPRINTERDRIVEREX q_u; + SPOOL_R_ADDPRINTERDRIVEREX r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_addprinterdriverex("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_addprinterdriverex: unable to unmarshall SPOOL_Q_ADDPRINTERDRIVEREX.\n")); + return False; + } + + r_u.status = _spoolss_addprinterdriverex(p, &q_u, &r_u); + + if(!spoolss_io_r_addprinterdriverex("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_addprinterdriverex: unable to marshall SPOOL_R_ADDPRINTERDRIVEREX.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_deleteprinterdriverex(pipes_struct *p) +{ + SPOOL_Q_DELETEPRINTERDRIVEREX q_u; + SPOOL_R_DELETEPRINTERDRIVEREX r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_deleteprinterdriverex("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_deleteprinterdriverex: unable to unmarshall SPOOL_Q_DELETEPRINTERDRIVEREX.\n")); + return False; + } + + r_u.status = _spoolss_deleteprinterdriverex(p, &q_u, &r_u); + + if(!spoolss_io_r_deleteprinterdriverex("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_deleteprinterdriverex: unable to marshall SPOOL_R_DELETEPRINTERDRIVEREX.\n")); + return False; + } + + return True; +} + + /******************************************************************* \pipe\spoolss commands ********************************************************************/ @@ -1449,9 +1566,13 @@ struct api_struct api_spoolss_cmds[] = {"SPOOLSS_ENUMPRINTPROCDATATYPES", SPOOLSS_ENUMPRINTPROCDATATYPES, api_spoolss_enumprintprocdatatypes }, {"SPOOLSS_GETPRINTERDATAEX", SPOOLSS_GETPRINTERDATAEX, api_spoolss_getprinterdataex }, {"SPOOLSS_SETPRINTERDATAEX", SPOOLSS_SETPRINTERDATAEX, api_spoolss_setprinterdataex }, - {"SPOOLSS_ENUMPRINTERKEY", SPOOLSS_ENUMPRINTERKEY, api_spoolss_enumprinterkey }, + {"SPOOLSS_DELETEPRINTERDATAEX", SPOOLSS_DELETEPRINTERDATAEX, api_spoolss_deleteprinterdataex }, {"SPOOLSS_ENUMPRINTERDATAEX", SPOOLSS_ENUMPRINTERDATAEX, api_spoolss_enumprinterdataex }, + {"SPOOLSS_ENUMPRINTERKEY", SPOOLSS_ENUMPRINTERKEY, api_spoolss_enumprinterkey }, + {"SPOOLSS_DELETEPRINTERKEY", SPOOLSS_DELETEPRINTERKEY, api_spoolss_deleteprinterkey }, {"SPOOLSS_GETPRINTPROCESSORDIRECTORY",SPOOLSS_GETPRINTPROCESSORDIRECTORY,api_spoolss_getprintprocessordirectory}, + {"SPOOLSS_ADDPRINTERDRIVEREX", SPOOLSS_ADDPRINTERDRIVEREX, api_spoolss_addprinterdriverex }, + {"SPOOLSS_DELETEPRINTERDRIVEREX", SPOOLSS_DELETEPRINTERDRIVEREX, api_spoolss_deleteprinterdriverex }, { NULL, 0, NULL } }; diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 322efa22b5a..68c792f8b07 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -5,7 +5,7 @@ * Copyright (C) Luke Kenneth Casson Leighton 1996-2000, * Copyright (C) Jean François Micouleau 1998-2000, * Copyright (C) Jeremy Allison 2001, - * Copyright (C) Gerald Carter 2000-2001, + * Copyright (C) Gerald Carter 2000-2002, * Copyright (C) Tim Potter 2001-2002. * * This program is free software; you can redistribute it and/or modify @@ -28,6 +28,10 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV +/* #define EMULATE_WIN2K_HACK 1 */ + #ifndef MAX_OPEN_PRINTER_EXS #define MAX_OPEN_PRINTER_EXS 50 #endif @@ -37,6 +41,15 @@ #define PRINTER_HANDLE_IS_PRINTER 0 #define PRINTER_HANDLE_IS_PRINTSERVER 1 +/* Table to map the driver version */ +/* to OS */ +char * drv_ver_to_os[] = { + "WIN9X", /* driver version/cversion 0 */ + "", /* unused ? */ + "WINNT", /* driver version/cversion 2 */ + "WIN2K", /* driver version/cversion 3 */ +}; + struct table_node { char *long_archi; char *short_archi; @@ -68,6 +81,7 @@ typedef struct _Printer{ SPOOL_NOTIFY_OPTION *option; POLICY_HND client_hnd; uint32 client_connected; + uint32 change; } notify; struct { fstring machine; @@ -178,10 +192,10 @@ static void srv_spoolss_replycloseprinter(POLICY_HND *handle) /* if it's the last connection, deconnect the IPC$ share */ if (smb_connections==1) { - if(!spoolss_disconnect_from_client(&cli)) - return; - - message_deregister(MSG_PRINTER_NOTIFY); + cli_nt_session_close(&cli); + cli_ulogoff(&cli); + cli_shutdown(&cli); + message_deregister(MSG_PRINTER_NOTIFY2); } smb_connections--; @@ -426,7 +440,7 @@ static BOOL set_printer_hnd_name(Printer_entry *Printer, char *handlename) * anymore, so I've simplified this loop greatly. Here * we are just verifying that the printer name is a valid * printer service defined in smb.conf - * --jerry [Fri Feb 15 11:17:46 CST 2002] + * --jerry [Fri Feb 15 11:17:46 CST 2002] */ for (snum=0; snumnotify.option == NULL) - return False; - return True; } -/*************************************************************************** - Simple check to see if the client motify handle is set to watch for events - represented by 'flags' - - FIXME!!!! only a stub right now --jerry - **************************************************************************/ - -static BOOL is_client_monitoring_event(Printer_entry *p, uint32 flags) +static BOOL is_monitoring_event(Printer_entry *p, uint16 notify_type, + uint16 notify_field) { + SPOOL_NOTIFY_OPTION *option = p->notify.option; + uint32 i, j; + + if (p->notify.flags) + return is_monitoring_event_flags( + p->notify.flags, notify_type, notify_field); - return True; -} + for (i = 0; i < option->count; i++) { + + /* Check match for notify_type */ + + if (option->ctr.type[i].type != notify_type) + continue; -/*************************************************************************** - Server wrapper for cli_spoolss_routerreplyprinter() since the client - function can only send a single change notification at a time. - - FIXME!!! only handles one change currently (PRINTER_CHANGE_SET_PRINTER_DRIVER) - --jerry - **************************************************************************/ - -static WERROR srv_spoolss_routerreplyprinter (struct cli_state *reply_cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, PRINTER_MESSAGE_INFO *info, - NT_PRINTER_INFO_LEVEL *printer) -{ - WERROR result; - uint32 condition = 0x0; + /* Check match for field */ + + for (j = 0; j < option->ctr.type[i].count; j++) { + if (option->ctr.type[i].fields[j] == notify_field) { + return True; + } + } + } - if (info->flags & PRINTER_MESSAGE_DRIVER) - condition = PRINTER_CHANGE_SET_PRINTER_DRIVER; + DEBUG(10, ("%s is not monitoring 0x%02x/0x%02x\n", + (p->printer_type == PRINTER_HANDLE_IS_PRINTER) ? + p->dev.handlename : p->dev.printerservername, + notify_type, notify_field)); - result = cli_spoolss_routerreplyprinter(reply_cli, mem_ctx, pol, condition, - printer->info_2->changeid); + return False; +} - return result; +/* Convert a notification message to a SPOOL_NOTIFY_INFO_DATA struct */ + +static void notify_one_value(struct spoolss_notify_msg *msg, + SPOOL_NOTIFY_INFO_DATA *data, + TALLOC_CTX *mem_ctx) +{ + data->notify_data.value[0] = msg->notify.value[0]; + data->notify_data.value[1] = 0; } -/*********************************************************************** - Wrapper around the decision of which RPC use to in the change - notification - **********************************************************************/ - -static WERROR srv_spoolss_send_event_to_client(Printer_entry* Printer, - struct cli_state *send_cli, PRINTER_MESSAGE_INFO *msg, - NT_PRINTER_INFO_LEVEL *info) +static void notify_string(struct spoolss_notify_msg *msg, + SPOOL_NOTIFY_INFO_DATA *data, + TALLOC_CTX *mem_ctx) { - WERROR result; + UNISTR2 unistr; - if (valid_notify_options(Printer)) { - /* This is a single call that can send information about multiple changes */ - if (Printer->printer_type == PRINTER_HANDLE_IS_PRINTSERVER) - msg->flags |= PRINTER_MESSAGE_ATTRIBUTES; + /* The length of the message includes the trailing \0 */ - result = cli_spoolss_reply_rrpcn(send_cli, send_cli->mem_ctx, &Printer->notify.client_hnd, - msg, info); - } - else { - /* This requires that the server send an individual event notification for each change */ - result = srv_spoolss_routerreplyprinter(send_cli, send_cli->mem_ctx, &Printer->notify.client_hnd, - msg, info); + init_unistr2(&unistr, msg->notify.data, msg->len); + + data->notify_data.data.length = msg->len * 2; + data->notify_data.data.string = (uint16 *)talloc(mem_ctx, msg->len * 2); + + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; } - return result; + memcpy(data->notify_data.data.string, unistr.buffer, msg->len * 2); } +static void notify_system_time(struct spoolss_notify_msg *msg, + SPOOL_NOTIFY_INFO_DATA *data, + TALLOC_CTX *mem_ctx) +{ + SYSTEMTIME systime; + prs_struct ps; + + if (msg->len != sizeof(time_t)) { + DEBUG(5, ("notify_system_time: received wrong sized message (%d)\n", + msg->len)); + return; + } + + if (!prs_init(&ps, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL)) { + DEBUG(5, ("notify_system_time: prs_init() failed\n")); + return; + } + + if (!make_systemtime(&systime, localtime((time_t *)msg->notify.data))) { + DEBUG(5, ("notify_system_time: unable to make systemtime\n")); + return; + } + + if (!spoolss_io_system_time("", &ps, 0, &systime)) + return; + + data->notify_data.data.length = prs_offset(&ps); + data->notify_data.data.string = + talloc(mem_ctx, prs_offset(&ps)); + + memcpy(data->notify_data.data.string, prs_data_p(&ps), prs_offset(&ps)); + + prs_mem_free(&ps); +} + +struct notify2_message_table { + char *name; + void (*fn)(struct spoolss_notify_msg *msg, + SPOOL_NOTIFY_INFO_DATA *data, TALLOC_CTX *mem_ctx); +}; + +static struct notify2_message_table printer_notify_table[] = { + /* 0x00 */ { "PRINTER_NOTIFY_SERVER_NAME", NULL }, + /* 0x01 */ { "PRINTER_NOTIFY_PRINTER_NAME", NULL }, + /* 0x02 */ { "PRINTER_NOTIFY_SHARE_NAME", NULL }, + /* 0x03 */ { "PRINTER_NOTIFY_PORT_NAME", NULL }, + /* 0x04 */ { "PRINTER_NOTIFY_DRIVER_NAME", NULL }, + /* 0x05 */ { "PRINTER_NOTIFY_COMMENT", NULL }, + /* 0x06 */ { "PRINTER_NOTIFY_LOCATION", NULL }, + /* 0x07 */ { "PRINTER_NOTIFY_DEVMODE", NULL }, + /* 0x08 */ { "PRINTER_NOTIFY_SEPFILE", NULL }, + /* 0x09 */ { "PRINTER_NOTIFY_PRINT_PROCESSOR", NULL }, + /* 0x0a */ { "PRINTER_NOTIFY_PARAMETERS", NULL }, + /* 0x0b */ { "PRINTER_NOTIFY_DATATYPE", NULL }, + /* 0x0c */ { "PRINTER_NOTIFY_SECURITY_DESCRIPTOR", NULL }, + /* 0x0d */ { "PRINTER_NOTIFY_ATTRIBUTES", NULL }, + /* 0x0e */ { "PRINTER_NOTIFY_PRIORITY", NULL }, + /* 0x0f */ { "PRINTER_NOTIFY_DEFAULT_PRIORITY", NULL }, + /* 0x10 */ { "PRINTER_NOTIFY_START_TIME", NULL }, + /* 0x11 */ { "PRINTER_NOTIFY_UNTIL_TIME", NULL }, + /* 0x12 */ { "PRINTER_NOTIFY_STATUS", notify_one_value }, +}; + +static struct notify2_message_table job_notify_table[] = { + /* 0x00 */ { "JOB_NOTIFY_PRINTER_NAME", NULL }, + /* 0x01 */ { "JOB_NOTIFY_MACHINE_NAME", NULL }, + /* 0x02 */ { "JOB_NOTIFY_PORT_NAME", NULL }, + /* 0x03 */ { "JOB_NOTIFY_USER_NAME", notify_string }, + /* 0x04 */ { "JOB_NOTIFY_NOTIFY_NAME", NULL }, + /* 0x05 */ { "JOB_NOTIFY_DATATYPE", NULL }, + /* 0x06 */ { "JOB_NOTIFY_PRINT_PROCESSOR", NULL }, + /* 0x07 */ { "JOB_NOTIFY_PARAMETERS", NULL }, + /* 0x08 */ { "JOB_NOTIFY_DRIVER_NAME", NULL }, + /* 0x09 */ { "JOB_NOTIFY_DEVMODE", NULL }, + /* 0x0a */ { "JOB_NOTIFY_STATUS", notify_one_value }, + /* 0x0b */ { "JOB_NOTIFY_STATUS_STRING", NULL }, + /* 0x0c */ { "JOB_NOTIFY_SECURITY_DESCRIPTOR", NULL }, + /* 0x0d */ { "JOB_NOTIFY_DOCUMENT", notify_string }, + /* 0x0e */ { "JOB_NOTIFY_PRIORITY", NULL }, + /* 0x0f */ { "JOB_NOTIFY_POSITION", NULL }, + /* 0x10 */ { "JOB_NOTIFY_SUBMITTED", notify_system_time }, + /* 0x11 */ { "JOB_NOTIFY_START_TIME", NULL }, + /* 0x12 */ { "JOB_NOTIFY_UNTIL_TIME", NULL }, + /* 0x13 */ { "JOB_NOTIFY_TIME", NULL }, + /* 0x14 */ { "JOB_NOTIFY_TOTAL_PAGES", notify_one_value }, + /* 0x15 */ { "JOB_NOTIFY_PAGES_PRINTED", NULL }, + /* 0x16 */ { "JOB_NOTIFY_TOTAL_BYTES", notify_one_value }, + /* 0x17 */ { "JOB_NOTIFY_BYTES_PRINTED", NULL }, +}; /*********************************************************************** Send a change notication message on all handles which have a call back registered **********************************************************************/ -static void send_spoolss_event_notification(PRINTER_MESSAGE_INFO *msg) +static void process_notify2_message(struct spoolss_notify_msg *msg, + TALLOC_CTX *mem_ctx) { - Printer_entry *find_printer; - WERROR result; - NT_PRINTER_INFO_LEVEL *printer = NULL; + Printer_entry *p; - if (!msg) { - DEBUG(0,("send_spoolss_event_notification: NULL msg pointer!\n")); - return; - } + for (p = printers_list; p; p = p->next) { + SPOOL_NOTIFY_INFO_DATA *data; + uint32 data_len = 1; + uint32 id; - for(find_printer = printers_list; find_printer; find_printer = find_printer->next) { + /* Is there notification on this handle? */ - /* - * If the entry has a connected client we send the message. There should - * only be one of these normally when dealing with the NT/2k spooler. - * However, iterate over all to make sure we deal with user applications - * in addition to spooler service. - * - * While we are only maintaining a single connection to the client, - * the FindFirstPrinterChangeNotification() call is made on a printer - * handle, so "client_connected" represents the whether or not the - * client asked for change notication on this handle. - * - * --jerry - */ + if (!p->notify.client_connected) + continue; - if (find_printer->notify.client_connected==True) { - - /* does the client care about what changed? */ + /* For this printer? Print servers always receive + notifications. */ - if (msg->flags && !is_client_monitoring_event(find_printer, msg->flags)) { - DEBUG(10,("send_spoolss_event_notification: Client [%s] not monitoring these events\n", - find_printer->client.machine)); - continue; - } + if (p->printer_type == PRINTER_HANDLE_IS_PRINTER && + !strequal(msg->printer, p->dev.handlename)) + continue; - if (find_printer->printer_type == PRINTER_HANDLE_IS_PRINTSERVER) - DEBUG(10,("send_spoolss_event_notification: printserver [%s]\n", find_printer->dev.printerservername )); - else - DEBUG(10,("send_spoolss_event_notification: printer [%s]\n", find_printer->dev.handlename)); + /* Are we monitoring this event? */ + + if (!is_monitoring_event(p, msg->type, msg->field)) + continue; - /* - * if handle is a printer, only send if the printer_name matches. - * ...else if handle is a printerserver, send to all - */ + /* OK - send the event to the client */ - if (*msg->printer_name && (find_printer->printer_type==PRINTER_HANDLE_IS_PRINTER) - && !strequal(msg->printer_name, find_printer->dev.handlename)) - { - DEBUG(10,("send_spoolss_event_notification: ignoring message sent to %s [%s]\n", - msg->printer_name, find_printer->dev.handlename )); - continue; + data = talloc(mem_ctx, sizeof(SPOOL_NOTIFY_INFO_DATA)); + + ZERO_STRUCTP(data); + + /* Convert unix jobid to smb jobid */ + + id = msg->id; + + if (msg->flags & SPOOLSS_NOTIFY_MSG_UNIX_JOBID) { + + id = sysjob_to_jobid(msg->id); + + if (id == -1) { + DEBUG(3, ("no such unix jobid %d\n", msg->id)); + goto done; } + } + construct_info_data(data, msg->type, msg->field, id); - /* lookup the printer if we have a name if we don't already have a - valid NT_PRINTER_INFO_LEVEL structure. And yes I'm assuming we - will always have a non-empty msg.printer_name */ - - if (!printer || !printer->info_2 || strcmp(msg->printer_name, printer->info_2->printername)) - { - - if (printer) { - free_a_printer(&printer, 2); - printer = NULL; - } - - result = get_a_printer(&printer, 2, msg->printer_name); - if (!W_ERROR_IS_OK(result)) - continue; + switch(msg->type) { + case PRINTER_NOTIFY_TYPE: + if (printer_notify_table[msg->field].fn) + printer_notify_table[msg->field].fn( + msg, data, mem_ctx); + else + goto done; + break; + case JOB_NOTIFY_TYPE: + if (job_notify_table[msg->field].fn) + job_notify_table[msg->field].fn( + msg, data, mem_ctx); + else + goto done; + break; + default: + DEBUG(5, ("Unknown notification type %d\n", + msg->type)); + goto done; + } + + if (!p->notify.flags) + cli_spoolss_rrpcn( + &cli, mem_ctx, &p->notify.client_hnd, + data_len, data, p->notify.change, 0); + else { + NT_PRINTER_INFO_LEVEL *printer = NULL; + + get_a_printer(&printer, 2, msg->printer); + + if (!printer) { + DEBUG(5, ("unable to load info2 for %s\n", + msg->printer)); + goto done; } - /* issue the client call */ + /* XXX: This needs to be updated for + PRINTER_CHANGE_SET_PRINTER_DRIVER. */ - result = srv_spoolss_send_event_to_client(find_printer, &cli, msg, printer); - - if (!W_ERROR_IS_OK(result)) { - DEBUG(5,("send_spoolss_event_notification: Event notification failed [%s]\n", - dos_errstr(result))); + cli_spoolss_routerreplyprinter( + &cli, mem_ctx, &p->notify.client_hnd, + 0, printer->info_2->changeid); + + free_a_printer(&printer, 2); } } -} - +done: return; } -/*************************************************************************** - Receive the notify message and decode the message. Do not send - notification if we sent this originally as that would result in - duplicates. -****************************************************************************/ -static void srv_spoolss_receive_message(int msg_type, pid_t src, void *buf, size_t len) +/* Receive a notify2 message */ + +static void receive_notify2_message(int msg_type, pid_t src, void *buf, + size_t len) { - PRINTER_MESSAGE_INFO msg; - - if (len < sizeof(msg)) { - DEBUG(2,("srv_spoolss_receive_message: got incorrect message size (%u)!\n", (unsigned int)len)); - return; - } + struct spoolss_notify_msg msg; + int offset = 0; + TALLOC_CTX *mem_ctx = talloc_init(); - memcpy(&msg, buf, sizeof(PRINTER_MESSAGE_INFO)); - - DEBUG(10,("srv_spoolss_receive_message: Got message printer change [queue = %s] low=0x%x high=0x%x flags=0x%x\n", - msg.printer_name, (unsigned int)msg.low, (unsigned int)msg.high, msg.flags )); + /* Unpack message */ - /* Iterate the printer list */ - - send_spoolss_event_notification(&msg); + ZERO_STRUCT(msg); + + offset += tdb_unpack((char *)buf + offset, len - offset, "f", + msg.printer); + offset += tdb_unpack((char *)buf + offset, len - offset, "ddddd", + &msg.type, &msg.field, &msg.id, &msg.len, &msg.flags); + + if (msg.len == 0) + tdb_unpack((char *)buf + offset, len - offset, "dd", + &msg.notify.value[0], &msg.notify.value[1]); + else + tdb_unpack((char *)buf + offset, len - offset, "B", + &msg.len, &msg.notify.data); + + DEBUG(3, ("got NOTIFY2 message, type %d, field 0x%02x, flags 0x%04x\n", + msg.type, msg.field, msg.flags)); + + if (msg.len == 0) + DEBUG(3, ("value1 = %d, value2 = %d\n", msg.notify.value[0], + msg.notify.value[1])); + else + dump_data(3, msg.notify.data, msg.len); + + /* Process message */ + + process_notify2_message(&msg, mem_ctx); + + /* Free message */ + + if (msg.len > 0) + free(msg.notify.data); + + talloc_destroy(mem_ctx); } /*************************************************************************** - Send a notify event. -****************************************************************************/ - -static BOOL srv_spoolss_sendnotify(char* printer_name, uint32 high, uint32 low, uint32 flags) + Server wrapper for cli_spoolss_routerreplyprinter() since the client + function can only send a single change notification at a time. + + FIXME!!! only handles one change currently (PRINTER_CHANGE_SET_PRINTER_DRIVER) + --jerry + **************************************************************************/ + +static WERROR srv_spoolss_routerreplyprinter (struct cli_state *reply_cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, PRINTER_MESSAGE_INFO *info, + NT_PRINTER_INFO_LEVEL *printer) { - char msg[sizeof(PRINTER_MESSAGE_INFO)]; - PRINTER_MESSAGE_INFO info; + WERROR result; + uint32 condition = 0x0; - ZERO_STRUCT(info); + if (info->flags & PRINTER_MESSAGE_DRIVER) + condition = PRINTER_CHANGE_SET_PRINTER_DRIVER; + + result = cli_spoolss_routerreplyprinter(reply_cli, mem_ctx, pol, condition, + printer->info_2->changeid); - info.low = low; - info.high = high; - info.flags = flags; - fstrcpy(info.printer_name, printer_name); + return result; +} + +/******************************************************************** + Send a message to ourself about new driver being installed + so we can upgrade the information for each printer bound to this + driver + ********************************************************************/ + +static BOOL srv_spoolss_drv_upgrade_printer(char* drivername) +{ + int len = strlen(drivername); - memcpy(msg, &info, sizeof(PRINTER_MESSAGE_INFO)); + if (!len) + return False; - DEBUG(10,("srv_spoolss_sendnotify: printer change low=0x%x high=0x%x [%s], flags=0x%x\n", - low, high, printer_name, flags)); + DEBUG(10,("srv_spoolss_drv_upgrade_printer: Sending message about driver upgrade [%s]\n", + drivername)); - message_send_all(conn_tdb_ctx(), MSG_PRINTER_NOTIFY, msg, sizeof(PRINTER_MESSAGE_INFO), - False, NULL); + message_send_pid(sys_getpid(), MSG_PRINTER_DRVUPGRADE, drivername, len+1, False); return True; -} +} + +/********************************************************************** + callback to receive a MSG_PRINTER_DRVUPGRADE message and interate + over all printers, upgrading ones as neessary + **********************************************************************/ + +void do_drv_upgrade_printer(int msg_type, pid_t src, void *buf, size_t len) +{ + fstring drivername; + int snum; + int n_services = lp_numservices(); + + len = MIN(len,sizeof(drivername)-1); + strncpy(drivername, buf, len); + + DEBUG(10,("do_drv_upgrade_printer: Got message for new driver [%s]\n", drivername )); + + /* Iterate the printer list */ + + for (snum=0; snuminfo_2 && !strcmp(drivername, printer->info_2->drivername)) + { + DEBUG(6,("Updating printer [%s]\n", printer->info_2->printername)); + + /* all we care about currently is the change_id */ + + result = mod_a_printer(*printer, 2); + if (!W_ERROR_IS_OK(result)) { + DEBUG(3,("do_drv_upgrade_printer: mod_a_printer() failed with status [%s]\n", + dos_errstr(result))); + } + } + + free_a_printer(&printer, 2); + } + } + + /* all done */ +} /******************************************************************** Copy routines used by convert_to_openprinterex() @@ -924,16 +1126,6 @@ Can't find printer handle we created for printer %s\n", name )); return WERR_INVALID_PRINTER_NAME; } -/* - if (printer_default->datatype_ptr != NULL) - { - unistr2_to_ascii(datatype, printer_default->datatype, sizeof(datatype)-1); - set_printer_hnd_datatype(handle, datatype); - } - else - set_printer_hnd_datatype(handle, ""); -*/ - /* First case: the user is opening the print server: @@ -997,7 +1189,7 @@ Can't find printer handle we created for printer %s\n", name )); user_in_list(uidtoname(user.uid), lp_printer_admin(snum))) return WERR_OK; - + close_printer_handle(p, handle); return WERR_ACCESS_DENIED; } @@ -1031,7 +1223,9 @@ Can't find printer handle we created for printer %s\n", name )); printer_default->access_required = PRINTER_ACCESS_USE; } - if (!print_access_check(&user, snum, printer_default->access_required)) { + /* check smb.conf parameters and the the sec_desc */ + + if (!user_ok(uidtoname(user.uid), snum) || !print_access_check(&user, snum, printer_default->access_required)) { DEBUG(3, ("access DENIED for printer open\n")); close_printer_handle(p, handle); return WERR_ACCESS_DENIED; @@ -1308,10 +1502,6 @@ WERROR _spoolss_deleteprinter(pipes_struct *p, SPOOL_Q_DELETEPRINTER *q_u, SPOOL update_c_setprinter(False); - if (W_ERROR_IS_OK(result)) { - srv_spoolss_sendnotify(Printer->dev.handlename, 0, PRINTER_CHANGE_DELETE_PRINTER, 0x0); - } - return result; } @@ -1344,26 +1534,17 @@ static int get_version_id (char * arch) /******************************************************************** * _spoolss_deleteprinterdriver - * - * We currently delete the driver for the architecture only. - * This can leave the driver for other archtectures. However, - * since every printer associates a "Windows NT x86" driver name - * and we cannot delete that one while it is in use, **and** since - * it is impossible to assign a driver to a Samba printer without - * having the "Windows NT x86" driver installed,... - * - * ....we should not get into trouble here. - * - * --jerry ********************************************************************/ -WERROR _spoolss_deleteprinterdriver(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIVER *q_u, - SPOOL_R_DELETEPRINTERDRIVER *r_u) +WERROR _spoolss_deleteprinterdriver(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIVER *q_u, SPOOL_R_DELETEPRINTERDRIVER *r_u) { fstring driver; fstring arch; NT_PRINTER_DRIVER_INFO_LEVEL info; int version; + struct current_user user; + + get_current_user(&user, p); unistr2_to_ascii(driver, &q_u->driver, sizeof(driver)-1 ); unistr2_to_ascii(arch, &q_u->arch, sizeof(arch)-1 ); @@ -1373,21 +1554,89 @@ WERROR _spoolss_deleteprinterdriver(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIVER /* this is what NT returns */ return WERR_INVALID_ENVIRONMENT; } + + /* if they said "Windows NT x86", then try for version 2 & 3 */ + + if ( version == 2 ) + version = DRIVER_ANY_VERSION; ZERO_STRUCT(info); - if (!W_ERROR_IS_OK(get_a_printer_driver(&info, 3, driver, arch, version))) { + + if (!W_ERROR_IS_OK(get_a_printer_driver(&info, 3, driver, arch, version))) return WERR_UNKNOWN_PRINTER_DRIVER; - } + if (printer_driver_in_use(info.info_3)) + return WERR_PRINTER_DRIVER_IN_USE; - if (printer_driver_in_use(arch, driver)) - { + return delete_printer_driver(info.info_3, &user, DRIVER_ANY_VERSION, False); +} + +/******************************************************************** + * spoolss_deleteprinterdriverex + ********************************************************************/ + +WERROR _spoolss_deleteprinterdriverex(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIVEREX *q_u, SPOOL_R_DELETEPRINTERDRIVEREX *r_u) +{ + fstring driver; + fstring arch; + NT_PRINTER_DRIVER_INFO_LEVEL info; + int version; + uint32 flags = q_u->delete_flags; + BOOL delete_files; + struct current_user user; + + get_current_user(&user, p); + + unistr2_to_ascii(driver, &q_u->driver, sizeof(driver)-1 ); + unistr2_to_ascii(arch, &q_u->arch, sizeof(arch)-1 ); + + /* check that we have a valid driver name first */ + if ((version=get_version_id(arch)) == -1) { + /* this is what NT returns */ + return WERR_INVALID_ENVIRONMENT; + } + + if ( flags & DPD_DELETE_SPECIFIC_VERSION ) + version = q_u->version; + else if ( version == 2 ) + /* if they said "Windows NT x86", then try for version 2 & 3 */ + version = DRIVER_ANY_VERSION; + + ZERO_STRUCT(info); + + if (!W_ERROR_IS_OK(get_a_printer_driver(&info, 3, driver, arch, version))) + return WERR_UNKNOWN_PRINTER_DRIVER; + + if ( printer_driver_in_use(info.info_3) ) return WERR_PRINTER_DRIVER_IN_USE; + + /* + * we have a couple of cases to consider. + * (1) Are any files in use? If so and DPD_DELTE_ALL_FILE is set, + * then the delete should fail if **any** files overlap with + * other drivers + * (2) If DPD_DELTE_UNUSED_FILES is sert, then delete all + * non-overlapping files + * (3) If neither DPD_DELTE_ALL_FILE nor DPD_DELTE_ALL_FILES + * is set, the do not delete any files + * Refer to MSDN docs on DeletePrinterDriverEx() for details. + */ + + delete_files = flags & (DPD_DELETE_ALL_FILES|DPD_DELETE_UNUSED_FILES); + + if ( delete_files ) + { + /* fail if any files are in use and DPD_DELETE_ALL_FILES is set */ + + if ( printer_driver_files_in_use(info.info_3) & (flags&DPD_DELETE_ALL_FILES) ) + /* no idea of the correct error here */ + return WERR_ACCESS_DENIED; } - return delete_printer_driver(info.info_3); + return delete_printer_driver(info.info_3, &user, version, delete_files); } + /******************************************************************** GetPrinterData on a printer server Handle. ********************************************************************/ @@ -1438,7 +1687,11 @@ static BOOL getprinterdata_printer_server(TALLOC_CTX *ctx, fstring value, uint32 *type = 0x4; if((*data = (uint8 *)talloc(ctx, 4*sizeof(uint8) )) == NULL) return False; +#ifndef EMULATE_WIN2K_HACK /* JERRY */ SIVAL(*data, 0, 2); +#else + SIVAL(*data, 0, 3); +#endif *needed = 0x4; return True; } @@ -1574,36 +1827,126 @@ WERROR _spoolss_getprinterdata(pipes_struct *p, SPOOL_Q_GETPRINTERDATA *q_u, SPO DEBUG(2,("_spoolss_getprinterdata: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle))); return WERR_BADFID; } - - unistr2_to_ascii(value, valuename, sizeof(value)-1); - - if (Printer->printer_type == PRINTER_HANDLE_IS_PRINTSERVER) - found=getprinterdata_printer_server(p->mem_ctx, value, type, data, needed, *out_size); - else - found= getprinterdata_printer(p, p->mem_ctx, handle, value, type, data, needed, *out_size); + + unistr2_to_ascii(value, valuename, sizeof(value)-1); + + if (Printer->printer_type == PRINTER_HANDLE_IS_PRINTSERVER) + found=getprinterdata_printer_server(p->mem_ctx, value, type, data, needed, *out_size); + else + found= getprinterdata_printer(p, p->mem_ctx, handle, value, type, data, needed, *out_size); + + if (found==False) { + DEBUG(5, ("value not found, allocating %d\n", *out_size)); + /* reply this param doesn't exist */ + if (*out_size) { + if((*data=(uint8 *)talloc_zero(p->mem_ctx, *out_size*sizeof(uint8))) == NULL) + return WERR_NOMEM; + } else { + *data = NULL; + } + + /* error depends on handle type */ + + if (Printer->printer_type == PRINTER_HANDLE_IS_PRINTSERVER) + return WERR_INVALID_PARAM; + else + return WERR_BADFILE; + } + + if (*needed > *out_size) + return WERR_MORE_DATA; + else + return WERR_OK; +} + +/********************************************************* + Connect to the client machine. +**********************************************************/ + +static BOOL spoolss_connect_to_client(struct cli_state *the_cli, char *remote_machine) +{ + extern pstring global_myname; + + ZERO_STRUCTP(the_cli); + if(cli_initialise(the_cli) == NULL) { + DEBUG(0,("connect_to_client: unable to initialize client connection.\n")); + return False; + } + + if(!resolve_name( remote_machine, &the_cli->dest_ip, 0x20)) { + DEBUG(0,("connect_to_client: Can't resolve address for %s\n", remote_machine)); + cli_shutdown(the_cli); + return False; + } + + if (ismyip(the_cli->dest_ip)) { + DEBUG(0,("connect_to_client: Machine %s is one of our addresses. Cannot add to ourselves.\n", remote_machine)); + cli_shutdown(the_cli); + return False; + } + + if (!cli_connect(the_cli, remote_machine, &the_cli->dest_ip)) { + DEBUG(0,("connect_to_client: unable to connect to SMB server on machine %s. Error was : %s.\n", remote_machine, cli_errstr(the_cli) )); + cli_shutdown(the_cli); + return False; + } + + if (!attempt_netbios_session_request(the_cli, global_myname, remote_machine, &the_cli->dest_ip)) { + DEBUG(0,("connect_to_client: machine %s rejected the NetBIOS session request.\n", + remote_machine)); + return False; + } + + the_cli->protocol = PROTOCOL_NT1; + + if (!cli_negprot(the_cli)) { + DEBUG(0,("connect_to_client: machine %s rejected the negotiate protocol. Error was : %s.\n", remote_machine, cli_errstr(the_cli) )); + cli_shutdown(the_cli); + return False; + } + + if (the_cli->protocol != PROTOCOL_NT1) { + DEBUG(0,("connect_to_client: machine %s didn't negotiate NT protocol.\n", remote_machine)); + cli_shutdown(the_cli); + return False; + } + + /* + * Do an anonymous session setup. + */ + + if (!cli_session_setup(the_cli, "", "", 0, "", 0, "")) { + DEBUG(0,("connect_to_client: machine %s rejected the session setup. Error was : %s.\n", remote_machine, cli_errstr(the_cli) )); + cli_shutdown(the_cli); + return False; + } + + if (!(the_cli->sec_mode & 1)) { + DEBUG(0,("connect_to_client: machine %s isn't in user level security mode\n", remote_machine)); + cli_shutdown(the_cli); + return False; + } + + if (!cli_send_tconX(the_cli, "IPC$", "IPC", "", 1)) { + DEBUG(0,("connect_to_client: machine %s rejected the tconX on the IPC$ share. Error was : %s.\n", remote_machine, cli_errstr(the_cli) )); + cli_shutdown(the_cli); + return False; + } - if (found==False) { - DEBUG(5, ("value not found, allocating %d\n", *out_size)); - /* reply this param doesn't exist */ - if (*out_size) { - if((*data=(uint8 *)talloc_zero(p->mem_ctx, *out_size*sizeof(uint8))) == NULL) - return WERR_NOMEM; - } else { - *data = NULL; - } + /* + * Ok - we have an anonymous connection to the IPC$ share. + * Now start the NT Domain stuff :-). + */ - /* error depends on handle type */ + if(cli_nt_session_open(the_cli, PIPE_SPOOLSS) == False) { + DEBUG(0,("connect_to_client: unable to open the domain client session to machine %s. Error was : %s.\n", remote_machine, cli_errstr(the_cli))); + cli_nt_session_close(the_cli); + cli_ulogoff(the_cli); + cli_shutdown(the_cli); + return False; + } - if (Printer->printer_type == PRINTER_HANDLE_IS_PRINTSERVER) - return WERR_INVALID_PARAM; - else - return WERR_BADFILE; - } - - if (*needed > *out_size) - return WERR_MORE_DATA; - else - return WERR_OK; + return True; } /*************************************************************************** @@ -1626,15 +1969,14 @@ static BOOL srv_spoolss_replyopenprinter(char *printer, uint32 localprinter, uin if(!spoolss_connect_to_client(&cli, unix_printer)) return False; - message_register(MSG_PRINTER_NOTIFY, srv_spoolss_receive_message); - + message_register(MSG_PRINTER_NOTIFY2, receive_notify2_message); } smb_connections++; result = cli_spoolss_reply_open_printer(&cli, cli.mem_ctx, printer, localprinter, type, handle); - + if (!W_ERROR_IS_OK(result)) DEBUG(5,("srv_spoolss_reply_open_printer: Client RPC returned [%s]\n", dos_errstr(result))); @@ -1646,9 +1988,8 @@ static BOOL srv_spoolss_replyopenprinter(char *printer, uint32 localprinter, uin * _spoolss_rffpcnex * ReplyFindFirstPrinterChangeNotifyEx * - * jfmxxxx: before replying OK: status=0 - * should do a rpc call to the workstation asking ReplyOpenPrinter - * have to code it, later. + * before replying OK: status=0 a rpc call is made to the workstation + * asking ReplyOpenPrinter * * in fact ReplyOpenPrinter is the changenotify equivalent on the spoolss pipe * called from api_spoolss_rffpcnex @@ -1681,15 +2022,17 @@ WERROR _spoolss_rffpcnex(pipes_struct *p, SPOOL_Q_RFFPCNEX *q_u, SPOOL_R_RFFPCNE Printer->notify.option=dup_spool_notify_option(option); - unistr2_to_ascii(Printer->notify.localmachine, localmachine, sizeof(Printer->notify.localmachine)-1); + unistr2_to_ascii(Printer->notify.localmachine, localmachine, + sizeof(Printer->notify.localmachine)-1); + + /* Connect to the client machine and send a ReplyOpenPrinter */ - /* connect to the client machine and send a ReplyOpenPrinter */ - if(srv_spoolss_replyopenprinter(Printer->notify.localmachine, + if(!srv_spoolss_replyopenprinter(Printer->notify.localmachine, Printer->notify.printerlocal, 1, &Printer->notify.client_hnd)) - { - Printer->notify.client_connected=True; - } + return WERR_SERVER_UNAVAILABLE; + + Printer->notify.client_connected=True; return WERR_OK; } @@ -1711,7 +2054,7 @@ void spoolss_notify_server_name(int snum, len = rpcstr_push(temp, temp_name, sizeof(temp)-2, STR_TERMINATE); - data->notify_data.data.length = len / 2 - 1; + data->notify_data.data.length = len; data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); if (!data->notify_data.data.string) { @@ -1746,7 +2089,7 @@ void spoolss_notify_printer_name(int snum, len = rpcstr_push(temp, p, sizeof(temp)-2, STR_TERMINATE); - data->notify_data.data.length = len / 2 - 1; + data->notify_data.data.length = len; data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); if (!data->notify_data.data.string) { @@ -1772,7 +2115,7 @@ void spoolss_notify_share_name(int snum, len = rpcstr_push(temp, lp_servicename(snum), sizeof(temp)-2, STR_TERMINATE); - data->notify_data.data.length = len / 2 - 1; + data->notify_data.data.length = len; data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); if (!data->notify_data.data.string) { @@ -1800,7 +2143,7 @@ void spoolss_notify_port_name(int snum, len = rpcstr_push(temp, printer->info_2->portname, sizeof(temp)-2, STR_TERMINATE); - data->notify_data.data.length = len / 2 - 1; + data->notify_data.data.length = len; data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); if (!data->notify_data.data.string) { @@ -1826,7 +2169,8 @@ void spoolss_notify_driver_name(int snum, uint32 len; len = rpcstr_push(temp, printer->info_2->drivername, sizeof(temp)-2, STR_TERMINATE); - data->notify_data.data.length = len / 2 - 1; + + data->notify_data.data.length = len; data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); if (!data->notify_data.data.string) { @@ -1855,7 +2199,7 @@ void spoolss_notify_comment(int snum, else len = rpcstr_push(temp, printer->info_2->comment, sizeof(temp)-2, STR_TERMINATE); - data->notify_data.data.length = len / 2 - 1; + data->notify_data.data.length = len; data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); if (!data->notify_data.data.string) { @@ -1882,7 +2226,7 @@ void spoolss_notify_location(int snum, len = rpcstr_push(temp, printer->info_2->location,sizeof(temp)-2, STR_TERMINATE); - data->notify_data.data.length = len / 2 - 1; + data->notify_data.data.length = len; data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); if (!data->notify_data.data.string) { @@ -1921,7 +2265,7 @@ void spoolss_notify_sepfile(int snum, len = rpcstr_push(temp, printer->info_2->sepfile, sizeof(temp)-2, STR_TERMINATE); - data->notify_data.data.length = len / 2 - 1; + data->notify_data.data.length = len; data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); if (!data->notify_data.data.string) { @@ -1948,7 +2292,7 @@ void spoolss_notify_print_processor(int snum, len = rpcstr_push(temp, printer->info_2->printprocessor, sizeof(temp)-2, STR_TERMINATE); - data->notify_data.data.length = len / 2 - 1; + data->notify_data.data.length = len; data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); if (!data->notify_data.data.string) { @@ -1975,7 +2319,7 @@ void spoolss_notify_parameters(int snum, len = rpcstr_push(temp, printer->info_2->parameters, sizeof(temp)-2, STR_TERMINATE); - data->notify_data.data.length = len / 2 - 1; + data->notify_data.data.length = len; data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); if (!data->notify_data.data.string) { @@ -2002,7 +2346,7 @@ void spoolss_notify_datatype(int snum, len = rpcstr_push(temp, printer->info_2->datatype, sizeof(pstring)-2, STR_TERMINATE); - data->notify_data.data.length = len / 2 - 1; + data->notify_data.data.length = len; data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); if (!data->notify_data.data.string) { @@ -2162,7 +2506,7 @@ static void spoolss_notify_username(int snum, len = rpcstr_push(temp, queue->fs_user, sizeof(temp)-2, STR_TERMINATE); - data->notify_data.data.length = len / 2 - 1; + data->notify_data.data.length = len; data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); if (!data->notify_data.data.string) { @@ -2202,7 +2546,7 @@ static void spoolss_notify_job_name(int snum, len = rpcstr_push(temp, queue->fs_file, sizeof(temp)-2, STR_TERMINATE); - data->notify_data.data.length = len / 2 - 1; + data->notify_data.data.length = len; data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); if (!data->notify_data.data.string) { @@ -2252,7 +2596,7 @@ static void spoolss_notify_job_status_string(int snum, len = rpcstr_push(temp, p, sizeof(temp) - 2, STR_TERMINATE); - data->notify_data.data.length = len / 2 - 1; + data->notify_data.data.length = len; data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); if (!data->notify_data.data.string) { @@ -2376,8 +2720,6 @@ static void spoolss_notify_submitted_time(int snum, SSVAL(p, 14, st.milliseconds); } -#define END 65535 - struct s_notify_info_data_table { uint16 type; @@ -2389,59 +2731,61 @@ struct s_notify_info_data_table NT_PRINTER_INFO_LEVEL *printer, TALLOC_CTX *mem_ctx); }; +/* A table describing the various print notification constants and + whether the notification data is a pointer to a variable sized + buffer, a one value uint32 or a two value uint32. */ + struct s_notify_info_data_table notify_info_data_table[] = { -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_SERVER_NAME, "PRINTER_NOTIFY_SERVER_NAME", POINTER, spoolss_notify_server_name }, -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_PRINTER_NAME, "PRINTER_NOTIFY_PRINTER_NAME", POINTER, spoolss_notify_printer_name }, -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_SHARE_NAME, "PRINTER_NOTIFY_SHARE_NAME", POINTER, spoolss_notify_share_name }, -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_PORT_NAME, "PRINTER_NOTIFY_PORT_NAME", POINTER, spoolss_notify_port_name }, -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_DRIVER_NAME, "PRINTER_NOTIFY_DRIVER_NAME", POINTER, spoolss_notify_driver_name }, -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_COMMENT, "PRINTER_NOTIFY_COMMENT", POINTER, spoolss_notify_comment }, -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_LOCATION, "PRINTER_NOTIFY_LOCATION", POINTER, spoolss_notify_location }, -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_DEVMODE, "PRINTER_NOTIFY_DEVMODE", POINTER, spoolss_notify_devmode }, -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_SEPFILE, "PRINTER_NOTIFY_SEPFILE", POINTER, spoolss_notify_sepfile }, -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_PRINT_PROCESSOR, "PRINTER_NOTIFY_PRINT_PROCESSOR", POINTER, spoolss_notify_print_processor }, -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_PARAMETERS, "PRINTER_NOTIFY_PARAMETERS", POINTER, spoolss_notify_parameters }, -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_DATATYPE, "PRINTER_NOTIFY_DATATYPE", POINTER, spoolss_notify_datatype }, -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_SECURITY_DESCRIPTOR, "PRINTER_NOTIFY_SECURITY_DESCRIPTOR", POINTER, spoolss_notify_security_desc }, -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_ATTRIBUTES, "PRINTER_NOTIFY_ATTRIBUTES", ONE_VALUE, spoolss_notify_attributes }, -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_PRIORITY, "PRINTER_NOTIFY_PRIORITY", ONE_VALUE, spoolss_notify_priority }, -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_DEFAULT_PRIORITY, "PRINTER_NOTIFY_DEFAULT_PRIORITY", ONE_VALUE, spoolss_notify_default_priority }, -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_START_TIME, "PRINTER_NOTIFY_START_TIME", ONE_VALUE, spoolss_notify_start_time }, -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_UNTIL_TIME, "PRINTER_NOTIFY_UNTIL_TIME", ONE_VALUE, spoolss_notify_until_time }, -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_STATUS, "PRINTER_NOTIFY_STATUS", ONE_VALUE, spoolss_notify_status }, -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_STATUS_STRING, "PRINTER_NOTIFY_STATUS_STRING", POINTER, NULL }, -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_CJOBS, "PRINTER_NOTIFY_CJOBS", ONE_VALUE, spoolss_notify_cjobs }, -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_AVERAGE_PPM, "PRINTER_NOTIFY_AVERAGE_PPM", ONE_VALUE, spoolss_notify_average_ppm }, -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_TOTAL_PAGES, "PRINTER_NOTIFY_TOTAL_PAGES", POINTER, NULL }, -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_PAGES_PRINTED, "PRINTER_NOTIFY_PAGES_PRINTED", POINTER, NULL }, -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_TOTAL_BYTES, "PRINTER_NOTIFY_TOTAL_BYTES", POINTER, NULL }, -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_BYTES_PRINTED, "PRINTER_NOTIFY_BYTES_PRINTED", POINTER, NULL }, -{ JOB_NOTIFY_TYPE, JOB_NOTIFY_PRINTER_NAME, "JOB_NOTIFY_PRINTER_NAME", POINTER, spoolss_notify_printer_name }, -{ JOB_NOTIFY_TYPE, JOB_NOTIFY_MACHINE_NAME, "JOB_NOTIFY_MACHINE_NAME", POINTER, spoolss_notify_server_name }, -{ JOB_NOTIFY_TYPE, JOB_NOTIFY_PORT_NAME, "JOB_NOTIFY_PORT_NAME", POINTER, spoolss_notify_port_name }, -{ JOB_NOTIFY_TYPE, JOB_NOTIFY_USER_NAME, "JOB_NOTIFY_USER_NAME", POINTER, spoolss_notify_username }, -{ JOB_NOTIFY_TYPE, JOB_NOTIFY_NOTIFY_NAME, "JOB_NOTIFY_NOTIFY_NAME", POINTER, spoolss_notify_username }, -{ JOB_NOTIFY_TYPE, JOB_NOTIFY_DATATYPE, "JOB_NOTIFY_DATATYPE", POINTER, spoolss_notify_datatype }, -{ JOB_NOTIFY_TYPE, JOB_NOTIFY_PRINT_PROCESSOR, "JOB_NOTIFY_PRINT_PROCESSOR", POINTER, spoolss_notify_print_processor }, -{ JOB_NOTIFY_TYPE, JOB_NOTIFY_PARAMETERS, "JOB_NOTIFY_PARAMETERS", POINTER, spoolss_notify_parameters }, -{ JOB_NOTIFY_TYPE, JOB_NOTIFY_DRIVER_NAME, "JOB_NOTIFY_DRIVER_NAME", POINTER, spoolss_notify_driver_name }, -{ JOB_NOTIFY_TYPE, JOB_NOTIFY_DEVMODE, "JOB_NOTIFY_DEVMODE", POINTER, spoolss_notify_devmode }, -{ JOB_NOTIFY_TYPE, JOB_NOTIFY_STATUS, "JOB_NOTIFY_STATUS", ONE_VALUE, spoolss_notify_job_status }, -{ JOB_NOTIFY_TYPE, JOB_NOTIFY_STATUS_STRING, "JOB_NOTIFY_STATUS_STRING", POINTER, spoolss_notify_job_status_string }, -{ JOB_NOTIFY_TYPE, JOB_NOTIFY_SECURITY_DESCRIPTOR, "JOB_NOTIFY_SECURITY_DESCRIPTOR", POINTER, NULL }, -{ JOB_NOTIFY_TYPE, JOB_NOTIFY_DOCUMENT, "JOB_NOTIFY_DOCUMENT", POINTER, spoolss_notify_job_name }, -{ JOB_NOTIFY_TYPE, JOB_NOTIFY_PRIORITY, "JOB_NOTIFY_PRIORITY", ONE_VALUE, spoolss_notify_priority }, -{ JOB_NOTIFY_TYPE, JOB_NOTIFY_POSITION, "JOB_NOTIFY_POSITION", ONE_VALUE, spoolss_notify_job_position }, -{ JOB_NOTIFY_TYPE, JOB_NOTIFY_SUBMITTED, "JOB_NOTIFY_SUBMITTED", POINTER, spoolss_notify_submitted_time }, -{ JOB_NOTIFY_TYPE, JOB_NOTIFY_START_TIME, "JOB_NOTIFY_START_TIME", ONE_VALUE, spoolss_notify_start_time }, -{ JOB_NOTIFY_TYPE, JOB_NOTIFY_UNTIL_TIME, "JOB_NOTIFY_UNTIL_TIME", ONE_VALUE, spoolss_notify_until_time }, -{ JOB_NOTIFY_TYPE, JOB_NOTIFY_TIME, "JOB_NOTIFY_TIME", ONE_VALUE, spoolss_notify_job_time }, -{ JOB_NOTIFY_TYPE, JOB_NOTIFY_TOTAL_PAGES, "JOB_NOTIFY_TOTAL_PAGES", ONE_VALUE, spoolss_notify_total_pages }, -{ JOB_NOTIFY_TYPE, JOB_NOTIFY_PAGES_PRINTED, "JOB_NOTIFY_PAGES_PRINTED", ONE_VALUE, spoolss_notify_pages_printed }, -{ JOB_NOTIFY_TYPE, JOB_NOTIFY_TOTAL_BYTES, "JOB_NOTIFY_TOTAL_BYTES", ONE_VALUE, spoolss_notify_job_size }, -{ JOB_NOTIFY_TYPE, JOB_NOTIFY_BYTES_PRINTED, "JOB_NOTIFY_BYTES_PRINTED", ONE_VALUE, NULL }, -{ END, END, "", END, NULL } +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_SERVER_NAME, "PRINTER_NOTIFY_SERVER_NAME", NOTIFY_STRING, spoolss_notify_server_name }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_PRINTER_NAME, "PRINTER_NOTIFY_PRINTER_NAME", NOTIFY_STRING, spoolss_notify_printer_name }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_SHARE_NAME, "PRINTER_NOTIFY_SHARE_NAME", NOTIFY_STRING, spoolss_notify_share_name }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_PORT_NAME, "PRINTER_NOTIFY_PORT_NAME", NOTIFY_STRING, spoolss_notify_port_name }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_DRIVER_NAME, "PRINTER_NOTIFY_DRIVER_NAME", NOTIFY_STRING, spoolss_notify_driver_name }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_COMMENT, "PRINTER_NOTIFY_COMMENT", NOTIFY_STRING, spoolss_notify_comment }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_LOCATION, "PRINTER_NOTIFY_LOCATION", NOTIFY_STRING, spoolss_notify_location }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_DEVMODE, "PRINTER_NOTIFY_DEVMODE", NOTIFY_POINTER, spoolss_notify_devmode }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_SEPFILE, "PRINTER_NOTIFY_SEPFILE", NOTIFY_STRING, spoolss_notify_sepfile }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_PRINT_PROCESSOR, "PRINTER_NOTIFY_PRINT_PROCESSOR", NOTIFY_STRING, spoolss_notify_print_processor }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_PARAMETERS, "PRINTER_NOTIFY_PARAMETERS", NOTIFY_STRING, spoolss_notify_parameters }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_DATATYPE, "PRINTER_NOTIFY_DATATYPE", NOTIFY_STRING, spoolss_notify_datatype }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_SECURITY_DESCRIPTOR, "PRINTER_NOTIFY_SECURITY_DESCRIPTOR", NOTIFY_POINTER, spoolss_notify_security_desc }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_ATTRIBUTES, "PRINTER_NOTIFY_ATTRIBUTES", NOTIFY_ONE_VALUE, spoolss_notify_attributes }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_PRIORITY, "PRINTER_NOTIFY_PRIORITY", NOTIFY_ONE_VALUE, spoolss_notify_priority }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_DEFAULT_PRIORITY, "PRINTER_NOTIFY_DEFAULT_PRIORITY", NOTIFY_ONE_VALUE, spoolss_notify_default_priority }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_START_TIME, "PRINTER_NOTIFY_START_TIME", NOTIFY_ONE_VALUE, spoolss_notify_start_time }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_UNTIL_TIME, "PRINTER_NOTIFY_UNTIL_TIME", NOTIFY_ONE_VALUE, spoolss_notify_until_time }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_STATUS, "PRINTER_NOTIFY_STATUS", NOTIFY_ONE_VALUE, spoolss_notify_status }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_STATUS_STRING, "PRINTER_NOTIFY_STATUS_STRING", NOTIFY_POINTER, NULL }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_CJOBS, "PRINTER_NOTIFY_CJOBS", NOTIFY_ONE_VALUE, spoolss_notify_cjobs }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_AVERAGE_PPM, "PRINTER_NOTIFY_AVERAGE_PPM", NOTIFY_ONE_VALUE, spoolss_notify_average_ppm }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_TOTAL_PAGES, "PRINTER_NOTIFY_TOTAL_PAGES", NOTIFY_POINTER, NULL }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_PAGES_PRINTED, "PRINTER_NOTIFY_PAGES_PRINTED", NOTIFY_POINTER, NULL }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_TOTAL_BYTES, "PRINTER_NOTIFY_TOTAL_BYTES", NOTIFY_POINTER, NULL }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_BYTES_PRINTED, "PRINTER_NOTIFY_BYTES_PRINTED", NOTIFY_POINTER, NULL }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_PRINTER_NAME, "JOB_NOTIFY_PRINTER_NAME", NOTIFY_STRING, spoolss_notify_printer_name }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_MACHINE_NAME, "JOB_NOTIFY_MACHINE_NAME", NOTIFY_STRING, spoolss_notify_server_name }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_PORT_NAME, "JOB_NOTIFY_PORT_NAME", NOTIFY_STRING, spoolss_notify_port_name }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_USER_NAME, "JOB_NOTIFY_USER_NAME", NOTIFY_STRING, spoolss_notify_username }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_NOTIFY_NAME, "JOB_NOTIFY_NOTIFY_NAME", NOTIFY_STRING, spoolss_notify_username }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_DATATYPE, "JOB_NOTIFY_DATATYPE", NOTIFY_STRING, spoolss_notify_datatype }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_PRINT_PROCESSOR, "JOB_NOTIFY_PRINT_PROCESSOR", NOTIFY_STRING, spoolss_notify_print_processor }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_PARAMETERS, "JOB_NOTIFY_PARAMETERS", NOTIFY_STRING, spoolss_notify_parameters }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_DRIVER_NAME, "JOB_NOTIFY_DRIVER_NAME", NOTIFY_STRING, spoolss_notify_driver_name }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_DEVMODE, "JOB_NOTIFY_DEVMODE", NOTIFY_POINTER, spoolss_notify_devmode }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_STATUS, "JOB_NOTIFY_STATUS", NOTIFY_ONE_VALUE, spoolss_notify_job_status }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_STATUS_STRING, "JOB_NOTIFY_STATUS_STRING", NOTIFY_STRING, spoolss_notify_job_status_string }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_SECURITY_DESCRIPTOR, "JOB_NOTIFY_SECURITY_DESCRIPTOR", NOTIFY_POINTER, NULL }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_DOCUMENT, "JOB_NOTIFY_DOCUMENT", NOTIFY_STRING, spoolss_notify_job_name }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_PRIORITY, "JOB_NOTIFY_PRIORITY", NOTIFY_ONE_VALUE, spoolss_notify_priority }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_POSITION, "JOB_NOTIFY_POSITION", NOTIFY_ONE_VALUE, spoolss_notify_job_position }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_SUBMITTED, "JOB_NOTIFY_SUBMITTED", NOTIFY_POINTER, spoolss_notify_submitted_time }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_START_TIME, "JOB_NOTIFY_START_TIME", NOTIFY_ONE_VALUE, spoolss_notify_start_time }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_UNTIL_TIME, "JOB_NOTIFY_UNTIL_TIME", NOTIFY_ONE_VALUE, spoolss_notify_until_time }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_TIME, "JOB_NOTIFY_TIME", NOTIFY_ONE_VALUE, spoolss_notify_job_time }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_TOTAL_PAGES, "JOB_NOTIFY_TOTAL_PAGES", NOTIFY_ONE_VALUE, spoolss_notify_total_pages }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_PAGES_PRINTED, "JOB_NOTIFY_PAGES_PRINTED", NOTIFY_ONE_VALUE, spoolss_notify_pages_printed }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_TOTAL_BYTES, "JOB_NOTIFY_TOTAL_BYTES", NOTIFY_ONE_VALUE, spoolss_notify_job_size }, }; /******************************************************************* @@ -2452,43 +2796,46 @@ static uint32 size_of_notify_info_data(uint16 type, uint16 field) { int i=0; - while (notify_info_data_table[i].type != END) - { - if ( (notify_info_data_table[i].type == type ) && - (notify_info_data_table[i].field == field ) ) - { - return (notify_info_data_table[i].size); + for (i = 0; i < sizeof(notify_info_data_table); i++) { + if (notify_info_data_table[i].type == type && + notify_info_data_table[i].field == field) { + switch(notify_info_data_table[i].size) { + case NOTIFY_ONE_VALUE: + case NOTIFY_TWO_VALUE: + return 1; + case NOTIFY_STRING: + return 2; + + /* The only pointer notify data I have seen on + the wire is the submitted time and this has + the notify size set to 4. -tpot */ + + case NOTIFY_POINTER: + return 4; + } } - i++; } - return (65535); + + DEBUG(5, ("invalid notify data type %d/%d\n", type, field)); + + return 0; } /******************************************************************* Return the type of notify_info_data. ********************************************************************/ -static BOOL type_of_notify_info_data(uint16 type, uint16 field) +static int type_of_notify_info_data(uint16 type, uint16 field) { int i=0; - while (notify_info_data_table[i].type != END) - { - if ( (notify_info_data_table[i].type == type ) && - (notify_info_data_table[i].field == field ) ) - { - if (notify_info_data_table[i].size == POINTER) - { - return (False); - } - else - { - return (True); - } - } - i++; + for (i = 0; i < sizeof(notify_info_data_table); i++) { + if (notify_info_data_table[i].type == type && + notify_info_data_table[i].field == field) + return notify_info_data_table[i].size; } - return (False); + + return False; } /**************************************************************************** @@ -2496,21 +2843,18 @@ static BOOL type_of_notify_info_data(uint16 type, uint16 field) static int search_notify(uint16 type, uint16 field, int *value) { - int j; - BOOL found; + int i; - for (j=0, found=False; found==False && notify_info_data_table[j].type != END ; j++) - { - if ( (notify_info_data_table[j].type == type ) && - (notify_info_data_table[j].field == field ) ) - found=True; + for (i = 0; i < sizeof(notify_info_data_table); i++) { + if (notify_info_data_table[i].type == type && + notify_info_data_table[i].field == field && + notify_info_data_table[i].fn != NULL) { + *value = i; + return True; + } } - *value=--j; - - if ( found && (notify_info_data_table[j].fn != NULL) ) - return True; - else - return False; + + return False; } /**************************************************************************** @@ -2521,7 +2865,12 @@ void construct_info_data(SPOOL_NOTIFY_INFO_DATA *info_data, uint16 type, uint16 info_data->type = type; info_data->field = field; info_data->reserved = 0; - info_data->id = id; + + if (type == JOB_NOTIFY_TYPE) + info_data->id = id; + else + info_data->id = 0; + info_data->size = size_of_notify_info_data(type, field); info_data->enc_type = type_of_notify_info_data(type, field); } @@ -2570,7 +2919,7 @@ static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int current_data=&info->data[info->count]; - construct_info_data(current_data, type, field, id); + construct_info_data(current_data, type, field, id); DEBUG(10,("construct_notify_printer_info: calling [%s] snum=%d printername=[%s])\n", notify_info_data_table[j].name, snum, printer->info_2->printername )); @@ -2812,7 +3161,6 @@ static WERROR printer_notify_info(pipes_struct *p, POLICY_HND *hnd, SPOOL_NOTIFY WERROR _spoolss_rfnpcnex( pipes_struct *p, SPOOL_Q_RFNPCNEX *q_u, SPOOL_R_RFNPCNEX *r_u) { POLICY_HND *handle = &q_u->handle; -/* uint32 change = q_u->change; - notused. */ /* SPOOL_NOTIFY_OPTION *option = q_u->option; - notused. */ SPOOL_NOTIFY_INFO *info = &r_u->info; @@ -2830,17 +3178,19 @@ WERROR _spoolss_rfnpcnex( pipes_struct *p, SPOOL_Q_RFNPCNEX *q_u, SPOOL_R_RFNPCN DEBUG(4,("Printer type %x\n",Printer->printer_type)); - /* jfm: the change value isn't used right now. - * we will honour it when - * a) we'll be able to send notification to the client - * b) we'll have a way to communicate between the spoolss process. - * - * same thing for option->flags + /* + * We are now using the change value, and * I should check for PRINTER_NOTIFY_OPTIONS_REFRESH but as * I don't have a global notification system, I'm sending back all the * informations even when _NOTHING_ has changed. */ + /* We need to keep track of the change value to send back in + RRPCN replies otherwise our updates are ignored. */ + + if (Printer->notify.client_connected) + Printer->notify.change = q_u->change; + /* just ignore the SPOOL_NOTIFY_OPTION */ switch (Printer->printer_type) { @@ -2932,7 +3282,7 @@ static BOOL construct_printer_info_0(PRINTER_INFO_0 *printer, int snum) printer->global_counter = global_counter; printer->total_pages = 0; -#if 0 /* JERRY */ +#ifndef EMULATE_WIN2K_HACK /* JERRY */ printer->major_version = 0x0004; /* NT 4 */ printer->build_version = 0x0565; /* build 1381 */ #else @@ -2971,7 +3321,6 @@ static BOOL construct_printer_info_0(PRINTER_INFO_0 *printer, int snum) * construct_printer_info_1 * fill a printer_info_1 struct ********************************************************************/ - static BOOL construct_printer_info_1(uint32 flags, PRINTER_INFO_1 *printer, int snum) { pstring chaine; @@ -3046,8 +3395,10 @@ static DEVICEMODE *construct_dev_mode(int snum) if (printer->info_2->devmode) ntdevmode = dup_nt_devicemode(printer->info_2->devmode); - if (ntdevmode == NULL) + if (ntdevmode == NULL) { + DEBUG(5, ("BONG! There was no device mode!\n")); goto fail; + } DEBUGADD(8,("loading DEVICEMODE\n")); @@ -3408,10 +3759,26 @@ static WERROR enum_all_printers_info_1_remote(fstring name, NEW_BUFFER *buffer, enum_all_printers_info_1_network. *********************************************************************/ -static WERROR enum_all_printers_info_1_network(NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +static WERROR enum_all_printers_info_1_network(fstring name, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) { + char *s = name; + DEBUG(4,("enum_all_printers_info_1_network\n")); + /* If we respond to a enum_printers level 1 on our name with flags + set to PRINTER_ENUM_REMOTE with a list of printers then these + printers incorrectly appear in the APW browse list. + Specifically the printers for the server appear at the workgroup + level where all the other servers in the domain are + listed. Windows responds to this call with a + WERR_CAN_NOT_COMPLETE so we should do the same. */ + + if (name[0] == '\\' && name[1] == '\\') + s = name + 2; + + if (is_myname_or_ipaddr(s)) + return WERR_CAN_NOT_COMPLETE; + return enum_all_printers_info_1(PRINTER_ENUM_UNKNOWN_8, buffer, offered, needed, returned); } @@ -3449,9 +3816,9 @@ static WERROR enum_all_printers_info_2(NEW_BUFFER *buffer, uint32 offered, uint3 } /* check the required size. */ - for (i=0; i<*returned; i++) + for (i=0; i<*returned; i++) (*needed) += spoolss_size_printer_info_2(&printers[i]); - + if (!alloc_buffer_size(buffer, *needed)) { for (i=0; i<*returned; i++) { free_devmode(printers[i].devmode); @@ -3498,7 +3865,7 @@ static WERROR enumprinters_level1( uint32 flags, fstring name, return enum_all_printers_info_1_remote(name, buffer, offered, needed, returned); if (flags & PRINTER_ENUM_NETWORK) - return enum_all_printers_info_1_network(buffer, offered, needed, returned); + return enum_all_printers_info_1_network(name, buffer, offered, needed, returned); return WERR_OK; /* NT4sp5 does that */ } @@ -3681,7 +4048,7 @@ static WERROR getprinter_level_2(int snum, NEW_BUFFER *buffer, uint32 offered, u /* check the required size. */ *needed += spoolss_size_printer_info_2(printer); - + if (!alloc_buffer_size(buffer, *needed)) { free_printer_info_2(printer); return WERR_INSUFFICIENT_BUFFER; @@ -4728,6 +5095,7 @@ static BOOL check_printer_ok(NT_PRINTER_INFO_LEVEL_2 *info, int snum) static BOOL add_printer_hook(NT_PRINTER_INFO_LEVEL *printer) { + extern userdom_struct current_user_info; char *cmd = lp_addprinter_cmd(); char **qlines; pstring command; @@ -4742,13 +5110,13 @@ static BOOL add_printer_hook(NT_PRINTER_INFO_LEVEL *printer) get_called_name()); /* change \ to \\ for the shell */ all_string_sub(driverlocation,"\\","\\\\",sizeof(pstring)); - + standard_sub_basic(current_user_info.smb_name, remote_machine,sizeof(remote_machine)); + slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\" \"%s\" \"%s\" \"%s\"", cmd, printer->info_2->printername, printer->info_2->sharename, printer->info_2->portname, printer->info_2->drivername, printer->info_2->location, driverlocation, remote_machine); - /* Convert script args to unix-codepage */ DEBUG(10,("Running [%s]\n", command)); ret = smbrun(command, &fd); DEBUGADD(10,("returned [%d]\n", ret)); @@ -5039,13 +5407,10 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level, int snum; NT_PRINTER_INFO_LEVEL *printer = NULL, *old_printer = NULL; Printer_entry *Printer = find_printer_index_by_hnd(p, handle); - PRINTER_MESSAGE_INFO msg; WERROR result; DEBUG(8,("update_printer\n")); - - ZERO_STRUCT(msg); - + result = WERR_OK; if (level!=2) { @@ -5159,8 +5524,11 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level, * bound to the printer, simulating what happens in the Windows arch. */ if (!strequal(printer->info_2->drivername, old_printer->info_2->drivername)){ - set_driver_init(printer, 2); - msg.flags |= PRINTER_MESSAGE_DRIVER; + if (!set_driver_init(printer, 2)) { + DEBUG(5,("update_printer: Error restoring driver initialization data for driver [%s]!\n", + printer->info_2->drivername)); + } + notify_printer_driver(snum, printer->info_2->drivername); } } @@ -5171,28 +5539,18 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level, all the possible changes */ if (!strequal(printer->info_2->comment, old_printer->info_2->comment)) - msg.flags |= PRINTER_MESSAGE_COMMENT; + notify_printer_comment(snum, printer->info_2->comment); if (!strequal(printer->info_2->sharename, old_printer->info_2->sharename)) - msg.flags |= PRINTER_MESSAGE_SHARENAME; + notify_printer_sharename(snum, printer->info_2->sharename); if (!strequal(printer->info_2->portname, old_printer->info_2->portname)) - msg.flags |= PRINTER_MESSAGE_PORT; + notify_printer_port(snum, printer->info_2->portname); if (!strequal(printer->info_2->location, old_printer->info_2->location)) - msg.flags |= PRINTER_MESSAGE_LOCATION; - - ZERO_STRUCT(msg); - - msg.low = PRINTER_CHANGE_ADD_PRINTER; - fstrcpy(msg.printer_name, printer->info_2->printername); - - /* only send a notify if something changed */ - if (msg.flags) { - srv_spoolss_sendnotify(msg.printer_name, 0, PRINTER_CHANGE_ADD_PRINTER, msg.flags); - } + notify_printer_location(snum, printer->info_2->location); - done: +done: free_a_printer(&printer, 2); free_a_printer(&old_printer, 2); @@ -5310,7 +5668,7 @@ static void fill_job_info_1(JOB_INFO_1 *job_info, print_queue_struct *queue, static BOOL fill_job_info_2(JOB_INFO_2 *job_info, print_queue_struct *queue, int position, int snum, - NT_PRINTER_INFO_LEVEL *ntprinter, + NT_PRINTER_INFO_LEVEL *ntprinter, DEVICEMODE *devmode) { pstring temp_name; @@ -5427,7 +5785,7 @@ static WERROR enumjobs_level2(print_queue_struct *queue, int snum, *returned = 0; goto done; } - + if (!(devmode = construct_dev_mode(snum))) { *returned = 0; result = WERR_NOMEM; @@ -5470,6 +5828,7 @@ static WERROR enumjobs_level2(print_queue_struct *queue, int snum, SAFE_FREE(info); return result; + } /**************************************************************************** @@ -5538,8 +5897,6 @@ WERROR _spoolss_setjob(pipes_struct *p, SPOOL_Q_SETJOB *q_u, SPOOL_R_SETJOB *r_u { POLICY_HND *handle = &q_u->handle; uint32 jobid = q_u->jobid; -/* uint32 level = q_u->level; - notused. */ -/* JOB_INFO *ctr = &q_u->ctr; - notused. */ uint32 command = q_u->command; struct current_user user; @@ -5597,9 +5954,7 @@ static WERROR enumprinterdrivers_level1(fstring servername, fstring architecture *returned=0; -#define MAX_VERSION 4 - - for (version=0; versioninfo_2->printername, 0, PRINTER_CHANGE_ADD_PRINTER, 0x0); - free_a_printer(&printer,2); return WERR_OK; @@ -6462,10 +6810,12 @@ WERROR _spoolss_addprinterdriver(pipes_struct *p, SPOOL_Q_ADDPRINTERDRIVER *q_u, WERROR err = WERR_OK; NT_PRINTER_DRIVER_INFO_LEVEL driver; struct current_user user; - + fstring driver_name; + uint32 version; + ZERO_STRUCT(driver); - get_current_user(&user, p); + get_current_user(&user, p); if (!convert_printer_driver_info(info, &driver, level)) { err = WERR_NOMEM; @@ -6489,11 +6839,131 @@ WERROR _spoolss_addprinterdriver(pipes_struct *p, SPOOL_Q_ADDPRINTERDRIVER *q_u, goto done; } - done: + /* BEGIN_ADMIN_LOG */ + switch(level) { + case 3: + sys_adminlog(LOG_INFO,"Added printer driver. Print driver name: %s. Print driver OS: %s. Administrator name: %s.", + driver.info_3->name,drv_ver_to_os[driver.info_3->cversion],uidtoname(user.uid)); + fstrcpy(driver_name, driver.info_3->name); + break; + case 6: + sys_adminlog(LOG_INFO,"Added printer driver. Print driver name: %s. Print driver OS: %s. Administrator name: %s.", + driver.info_6->name,drv_ver_to_os[driver.info_6->version],uidtoname(user.uid)); + fstrcpy(driver_name, driver.info_6->name); + break; + } + /* END_ADMIN_LOG */ + + /* + * I think this is where he DrvUpgradePrinter() hook would be + * be called in a driver's interface DLL on a Windows NT 4.0/2k + * server. Right now, we just need to send ourselves a message + * to update each printer bound to this driver. --jerry + */ + + if (!srv_spoolss_drv_upgrade_printer(driver_name)) { + DEBUG(0,("_spoolss_addprinterdriver: Failed to send message about upgrading driver [%s]!\n", + driver_name)); + } + + /* + * Based on the version (e.g. driver destination dir: 0=9x,2=Nt/2k,3=2k/Xp), + * decide if the driver init data should be deleted. The rules are: + * 1) never delete init data if it is a 9x driver, they don't use it anyway + * 2) delete init data only if there is no 2k/Xp driver + * 3) always delete init data + * The generalized rule is always use init data from the highest order driver. + * It is necessary to follow the driver install by an initialization step to + * finish off this process. + */ + if (level == 3) + version = driver.info_3->cversion; + else if (level == 6) + version = driver.info_6->version; + else + version = -1; + switch (version) { + /* + * 9x printer driver - never delete init data + */ + case 0: + DEBUG(10,("_spoolss_addprinterdriver: init data not deleted for 9x driver [%s]\n", + driver_name)); + break; + + /* + * Nt or 2k (compatiblity mode) printer driver - only delete init data if + * there is no 2k/Xp driver init data for this driver name. + */ + case 2: + { + NT_PRINTER_DRIVER_INFO_LEVEL driver1; + + if (!W_ERROR_IS_OK(get_a_printer_driver(&driver1, 3, driver_name, "Windows NT x86", 3))) { + /* + * No 2k/Xp driver found, delete init data (if any) for the new Nt driver. + */ + if (!del_driver_init(driver_name)) + DEBUG(6,("_spoolss_addprinterdriver: del_driver_init(%s) Nt failed!\n", driver_name)); + } else { + /* + * a 2k/Xp driver was found, don't delete init data because Nt driver will use it. + */ + free_a_printer_driver(driver1,3); + DEBUG(10,("_spoolss_addprinterdriver: init data not deleted for Nt driver [%s]\n", + driver_name)); + } + } + break; + + /* + * 2k or Xp printer driver - always delete init data + */ + case 3: + if (!del_driver_init(driver_name)) + DEBUG(6,("_spoolss_addprinterdriver: del_driver_init(%s) 2k/Xp failed!\n", driver_name)); + break; + + default: + DEBUG(0,("_spoolss_addprinterdriver: invalid level=%d\n", level)); + break; + } + + +done: free_a_printer_driver(driver, level); return err; } +/******************************************************************** + * spoolss_addprinterdriverex + ********************************************************************/ + +WERROR _spoolss_addprinterdriverex(pipes_struct *p, SPOOL_Q_ADDPRINTERDRIVEREX *q_u, SPOOL_R_ADDPRINTERDRIVEREX *r_u) +{ + SPOOL_Q_ADDPRINTERDRIVER q_u_local; + SPOOL_R_ADDPRINTERDRIVER r_u_local; + + /* + * we only support the semantics of AddPrinterDriver() + * i.e. only copy files that are newer than existing ones + */ + + if ( q_u->copy_flags != APD_COPY_NEW_FILES ) + return WERR_ACCESS_DENIED; + + /* just pass the information off to _spoolss_addprinterdriver() */ + ZERO_STRUCT(q_u_local); + ZERO_STRUCT(r_u_local); + + q_u_local.server_name_ptr = q_u->server_name_ptr; + copy_unistr2(&q_u_local.server_name, &q_u->server_name); + q_u_local.level = q_u->level; + memcpy( &q_u_local.info, &q_u->info, sizeof(SPOOL_PRINTER_DRIVER_INFO_LEVEL) ); + + return _spoolss_addprinterdriver( p, &q_u_local, &r_u_local ); +} + /**************************************************************************** ****************************************************************************/ @@ -6632,23 +7102,6 @@ WERROR _spoolss_enumprinterdata(pipes_struct *p, SPOOL_Q_ENUMPRINTERDATA *q_u, S if ( (in_value_len==0) && (in_data_len==0) ) { DEBUGADD(6,("Activating NT mega-hack to find sizes\n")); -#if 0 - /* - * NT can ask for a specific parameter size - we need to return NO_MORE_ITEMS - * if this parameter size doesn't exist. - * Ok - my opinion here is that the client is not asking for the greatest - * possible size of all the parameters, but is asking specifically for the size needed - * for this specific parameter. In that case we can remove the loop below and - * simplify this lookup code considerably. JF - comments welcome. JRA. - */ - - if (!get_specific_param_by_index(*printer, 2, idx, value, &data, &type, &data_len)) { - SAFE_FREE(data); - free_a_printer(&printer, 2); - return WERR_NO_MORE_ITEMS; - } -#endif - SAFE_FREE(data); param_index=0; @@ -6692,7 +7145,7 @@ WERROR _spoolss_enumprinterdata(pipes_struct *p, SPOOL_Q_ENUMPRINTERDATA *q_u, S if((*out_value=(uint16 *)talloc_zero(p->mem_ctx, in_value_len*sizeof(uint8))) == NULL) return WERR_NOMEM; - *out_value_len = rpcstr_push((char *)*out_value, "", in_value_len, 0); + *out_value_len = (uint32)rpcstr_push((char *)*out_value, "", in_value_len, 0); /* the data is counted in bytes */ *out_max_data_len = in_data_len; @@ -6720,7 +7173,7 @@ WERROR _spoolss_enumprinterdata(pipes_struct *p, SPOOL_Q_ENUMPRINTERDATA *q_u, S return WERR_NOMEM; } - *out_value_len = rpcstr_push((char *)*out_value,value, in_value_len, 0); + *out_value_len = (uint32)rpcstr_push((char *)*out_value,value, in_value_len, 0); *out_type=type; @@ -6747,10 +7200,8 @@ WERROR _spoolss_setprinterdata( pipes_struct *p, SPOOL_Q_SETPRINTERDATA *q_u, SP POLICY_HND *handle = &q_u->handle; UNISTR2 *value = &q_u->value; uint32 type = q_u->type; -/* uint32 max_len = q_u->max_len; - notused. */ uint8 *data = q_u->data; uint32 real_len = q_u->real_len; -/* uint32 numeric_data = q_u->numeric_data; - notused. */ NT_PRINTER_INFO_LEVEL *printer = NULL; NT_PRINTER_PARAM *param = NULL, old_param; @@ -7022,8 +7473,6 @@ done: WERROR _spoolss_setform(pipes_struct *p, SPOOL_Q_SETFORM *q_u, SPOOL_R_SETFORM *r_u) { POLICY_HND *handle = &q_u->handle; -/* UNISTR2 *uni_name = &q_u->name; - notused. */ -/* uint32 level = q_u->level; - notused. */ FORM *form = &q_u->form; nt_forms_struct tmpForm; int snum; @@ -7114,12 +7563,10 @@ static WERROR enumprintprocessors_level_1(NEW_BUFFER *buffer, uint32 offered, ui WERROR _spoolss_enumprintprocessors(pipes_struct *p, SPOOL_Q_ENUMPRINTPROCESSORS *q_u, SPOOL_R_ENUMPRINTPROCESSORS *r_u) { -/* UNISTR2 *name = &q_u->name; - notused. */ -/* UNISTR2 *environment = &q_u->environment; - notused. */ uint32 level = q_u->level; - NEW_BUFFER *buffer = NULL; + NEW_BUFFER *buffer = NULL; uint32 offered = q_u->offered; - uint32 *needed = &r_u->needed; + uint32 *needed = &r_u->needed; uint32 *returned = &r_u->returned; /* that's an [in out] buffer */ @@ -7183,8 +7630,6 @@ static WERROR enumprintprocdatatypes_level_1(NEW_BUFFER *buffer, uint32 offered, WERROR _spoolss_enumprintprocdatatypes(pipes_struct *p, SPOOL_Q_ENUMPRINTPROCDATATYPES *q_u, SPOOL_R_ENUMPRINTPROCDATATYPES *r_u) { -/* UNISTR2 *name = &q_u->name; - notused. */ -/* UNISTR2 *processor = &q_u->processor; - notused. */ uint32 level = q_u->level; NEW_BUFFER *buffer = NULL; uint32 offered = q_u->offered; @@ -7279,11 +7724,10 @@ static WERROR enumprintmonitors_level_2(NEW_BUFFER *buffer, uint32 offered, uint WERROR _spoolss_enumprintmonitors(pipes_struct *p, SPOOL_Q_ENUMPRINTMONITORS *q_u, SPOOL_R_ENUMPRINTMONITORS *r_u) { -/* UNISTR2 *name = &q_u->name; - notused. */ uint32 level = q_u->level; - NEW_BUFFER *buffer = NULL; + NEW_BUFFER *buffer = NULL; uint32 offered = q_u->offered; - uint32 *needed = &r_u->needed; + uint32 *needed = &r_u->needed; uint32 *returned = &r_u->returned; /* that's an [in out] buffer */ @@ -7427,7 +7871,7 @@ static WERROR getjob_level_2(print_queue_struct *queue, int count, int snum, uin free_job_info_2(info_2); /* Also frees devmode */ SAFE_FREE(info_2); free_a_printer(&ntprinter, 2); - + return ret; } @@ -7594,6 +8038,34 @@ WERROR _spoolss_setprinterdataex(pipes_struct *p, SPOOL_Q_SETPRINTERDATAEX *q_u, return _spoolss_setprinterdata(p, &q_u_local, &r_u_local); } + +/******************************************************************** + * spoolss_deleteprinterdataex + ********************************************************************/ + +WERROR _spoolss_deleteprinterdataex(pipes_struct *p, SPOOL_Q_DELETEPRINTERDATAEX *q_u, SPOOL_R_DELETEPRINTERDATAEX *r_u) +{ + SPOOL_Q_DELETEPRINTERDATA q_u_local; + SPOOL_R_DELETEPRINTERDATA r_u_local; + fstring key; + + /* From MSDN documentation of SetPrinterDataEx: pass request to + SetPrinterData if key is "PrinterDriverData" */ + + unistr2_to_ascii(key, &q_u->keyname, sizeof(key) - 1); + + if (strcmp(key, "PrinterDriverData") != 0) + return WERR_INVALID_PARAM; + + memcpy(&q_u_local.handle, &q_u->handle, sizeof(POLICY_HND)); + copy_unistr2(&q_u_local.valuename, &q_u->valuename); + + return _spoolss_deleteprinterdata( p, &q_u_local, &r_u_local ); +} + + + + /******************************************************************** * spoolss_enumprinterkey ********************************************************************/ @@ -7660,6 +8132,34 @@ WERROR _spoolss_enumprinterkey(pipes_struct *p, SPOOL_Q_ENUMPRINTERKEY *q_u, SPO return WERR_BADFILE; } +/******************************************************************** + * spoolss_deleteprinterkey + ********************************************************************/ + +WERROR _spoolss_deleteprinterkey(pipes_struct *p, SPOOL_Q_DELETEPRINTERKEY *q_u, SPOOL_R_DELETEPRINTERKEY *r_u) +{ + Printer_entry *Printer = find_printer_index_by_hnd(p, &q_u->handle); + fstring key; + + if (!Printer) { + DEBUG(2,("_spoolss_deleteprinterkey: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(&q_u->handle))); + return WERR_BADFID; + } + + unistr2_to_ascii(key, &q_u->keyname, sizeof(key) - 1); + + if (strcmp(key, "PrinterDriverData") != 0) + return WERR_INVALID_PARAM; + + /* + * this is what 2k returns when you try to delete the "PrinterDriverData" + * key + */ + + return WERR_ACCESS_DENIED; +} + + /******************************************************************** * spoolss_enumprinterdataex ********************************************************************/ @@ -7801,7 +8301,7 @@ static WERROR getprintprocessordirectory_level_1(UNISTR2 *name, unistr2_to_ascii(long_archi, environment, sizeof(long_archi)-1); - if (get_short_archi(short_archi, long_archi)==FALSE) + if (get_short_archi(short_archi, long_archi)==False) return WERR_INVALID_ENVIRONMENT; if((info=(PRINTPROCESSOR_DIRECTORY_1 *)malloc(sizeof(PRINTPROCESSOR_DIRECTORY_1))) == NULL) @@ -7834,6 +8334,7 @@ WERROR _spoolss_getprintprocessordirectory(pipes_struct *p, SPOOL_Q_GETPRINTPROC NEW_BUFFER *buffer = NULL; uint32 offered = q_u->offered; uint32 *needed = &r_u->needed; + WERROR result; /* that's an [in out] buffer */ spoolss_move_buffer(q_u->buffer, &r_u->buffer); @@ -7845,12 +8346,13 @@ WERROR _spoolss_getprintprocessordirectory(pipes_struct *p, SPOOL_Q_GETPRINTPROC switch(level) { case 1: - return getprintprocessordirectory_level_1 + result = getprintprocessordirectory_level_1 (&q_u->name, &q_u->environment, buffer, offered, needed); default: - return WERR_UNKNOWN_LEVEL; + result = WERR_UNKNOWN_LEVEL; } - return WERR_ACCESS_DENIED; + return result; } + diff --git a/source3/rpc_server/srv_srvsvc.c b/source3/rpc_server/srv_srvsvc.c index ee4ec8aa0ac..5e1c005d540 100644 --- a/source3/rpc_server/srv_srvsvc.c +++ b/source3/rpc_server/srv_srvsvc.c @@ -25,6 +25,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + /******************************************************************* api_srv_net_srv_get_info ********************************************************************/ @@ -492,25 +495,25 @@ static BOOL api_srv_net_file_set_secdesc(pipes_struct *p) \PIPE\srvsvc commands ********************************************************************/ -struct api_struct api_srv_cmds[] = +static const struct api_struct api_srv_cmds[] = { - { "SRV_NETCONNENUM" , SRV_NETCONNENUM , api_srv_net_conn_enum }, - { "SRV_NETSESSENUM" , SRV_NETSESSENUM , api_srv_net_sess_enum }, - { "SRV_NETSHAREENUM_ALL" , SRV_NETSHAREENUM_ALL , api_srv_net_share_enum_all }, - { "SRV_NETSHAREENUM" , SRV_NETSHAREENUM , api_srv_net_share_enum }, - { "SRV_NET_SHARE_ADD" , SRV_NET_SHARE_ADD , api_srv_net_share_add }, - { "SRV_NET_SHARE_DEL" , SRV_NET_SHARE_DEL , api_srv_net_share_del }, - { "SRV_NET_SHARE_GET_INFO", SRV_NET_SHARE_GET_INFO, api_srv_net_share_get_info }, - { "SRV_NET_SHARE_SET_INFO", SRV_NET_SHARE_SET_INFO, api_srv_net_share_set_info }, - { "SRV_NETFILEENUM" , SRV_NETFILEENUM , api_srv_net_file_enum }, - { "SRV_NET_SRV_GET_INFO" , SRV_NET_SRV_GET_INFO , api_srv_net_srv_get_info }, - { "SRV_NET_SRV_SET_INFO" , SRV_NET_SRV_SET_INFO , api_srv_net_srv_set_info }, - { "SRV_NET_REMOTE_TOD" , SRV_NET_REMOTE_TOD , api_srv_net_remote_tod }, - { "SRV_NET_DISK_ENUM" , SRV_NET_DISK_ENUM , api_srv_net_disk_enum }, - { "SRV_NET_NAME_VALIDATE" , SRV_NET_NAME_VALIDATE , api_srv_net_name_validate}, - { "SRV_NETFILEQUERYSECDESC",SRV_NETFILEQUERYSECDESC,api_srv_net_file_query_secdesc}, - { "SRV_NETFILESETSECDESC" , SRV_NETFILESETSECDESC , api_srv_net_file_set_secdesc}, - { NULL , 0 , NULL } + { "SRV_NET_CONN_ENUM" , SRV_NET_CONN_ENUM , api_srv_net_conn_enum }, + { "SRV_NET_SESS_ENUM" , SRV_NET_SESS_ENUM , api_srv_net_sess_enum }, + { "SRV_NET_SHARE_ENUM_ALL" , SRV_NET_SHARE_ENUM_ALL , api_srv_net_share_enum_all }, + { "SRV_NET_SHARE_ENUM" , SRV_NET_SHARE_ENUM , api_srv_net_share_enum }, + { "SRV_NET_SHARE_ADD" , SRV_NET_SHARE_ADD , api_srv_net_share_add }, + { "SRV_NET_SHARE_DEL" , SRV_NET_SHARE_DEL , api_srv_net_share_del }, + { "SRV_NET_SHARE_GET_INFO", SRV_NET_SHARE_GET_INFO, api_srv_net_share_get_info }, + { "SRV_NET_SHARE_SET_INFO", SRV_NET_SHARE_SET_INFO, api_srv_net_share_set_info }, + { "SRV_NET_FILE_ENUM" , SRV_NET_FILE_ENUM , api_srv_net_file_enum }, + { "SRV_NET_SRV_GET_INFO" , SRV_NET_SRV_GET_INFO , api_srv_net_srv_get_info }, + { "SRV_NET_SRV_SET_INFO" , SRV_NET_SRV_SET_INFO , api_srv_net_srv_set_info }, + { "SRV_NET_REMOTE_TOD" , SRV_NET_REMOTE_TOD , api_srv_net_remote_tod }, + { "SRV_NET_DISK_ENUM" , SRV_NET_DISK_ENUM , api_srv_net_disk_enum }, + { "SRV_NET_NAME_VALIDATE" , SRV_NET_NAME_VALIDATE , api_srv_net_name_validate}, + { "SRV_NET_FILE_QUERY_SECDESC",SRV_NET_FILE_QUERY_SECDESC, api_srv_net_file_query_secdesc}, + { "SRV_NET_FILE_SET_SECDESC" , SRV_NET_FILE_SET_SECDESC , api_srv_net_file_set_secdesc}, + { NULL , 0 , NULL } }; /******************************************************************* diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 1f3b1945e35..b5f6bd2f077 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -23,6 +23,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + extern pstring global_myname; /******************************************************************* @@ -38,7 +41,7 @@ static void init_srv_share_info_1(pipes_struct *p, SRV_SHARE_INFO_1 *sh1, int sn pstrcpy(net_name, lp_servicename(snum)); pstrcpy(remark, lp_comment(snum)); - standard_sub_conn(p->conn, remark); + standard_sub_conn(p->conn, remark,sizeof(remark)); len_net_name = strlen(net_name); /* work out the share type */ @@ -70,7 +73,7 @@ static void init_srv_share_info_2(pipes_struct *p, SRV_SHARE_INFO_2 *sh2, int sn pstrcpy(net_name, lp_servicename(snum)); pstrcpy(remark, lp_comment(snum)); - standard_sub_conn(p->conn, remark); + standard_sub_conn(p->conn, remark,sizeof(remark)); pstrcpy(path, "C:"); pstrcat(path, lp_pathname(snum)); @@ -308,7 +311,7 @@ void map_generic_share_sd_bits(SEC_DESC *psd) Can this user access with share with the required permissions ? ********************************************************************/ -BOOL share_access_check(connection_struct *conn, int snum, uint16 vuid, uint32 desired_access) +BOOL share_access_check(connection_struct *conn, int snum, user_struct *vuser, uint32 desired_access) { uint32 granted; NTSTATUS status; @@ -316,7 +319,6 @@ BOOL share_access_check(connection_struct *conn, int snum, uint16 vuid, uint32 d SEC_DESC *psd = NULL; size_t sd_size; NT_USER_TOKEN *token = NULL; - user_struct *vuser = get_valid_user_struct(vuid); BOOL ret = True; mem_ctx = talloc_init(); @@ -355,7 +357,7 @@ static void init_srv_share_info_501(pipes_struct *p, SRV_SHARE_INFO_501 *sh501, pstrcpy(net_name, lp_servicename(snum)); pstrcpy(remark, lp_comment(snum)); - standard_sub_conn(p->conn, remark); + standard_sub_conn(p->conn, remark, sizeof(remark)); len_net_name = strlen(net_name); @@ -394,7 +396,7 @@ static void init_srv_share_info_502(pipes_struct *p, SRV_SHARE_INFO_502 *sh502, pstrcpy(net_name, lp_servicename(snum)); pstrcpy(remark, lp_comment(snum)); - standard_sub_conn(p->conn, remark); + standard_sub_conn(p->conn, remark,sizeof(remark)); pstrcpy(path, "C:"); pstrcat(path, lp_pathname(snum)); @@ -638,11 +640,13 @@ static void init_srv_sess_0_info(SESS_INFO_0 *se0, SESS_INFO_0_STR *str0, char * static void init_srv_sess_info_0(SRV_SESS_INFO_0 *ss0, uint32 *snum, uint32 *stot) { + struct sessionid *session_list; uint32 num_entries = 0; - (*stot) = 1; + (*stot) = list_sessions(&session_list); if (ss0 == NULL) { (*snum) = 0; + SAFE_FREE(session_list); return; } @@ -651,7 +655,7 @@ static void init_srv_sess_info_0(SRV_SESS_INFO_0 *ss0, uint32 *snum, uint32 *sto if (snum) { for (; (*snum) < (*stot) && num_entries < MAX_SESS_ENTRIES; (*snum)++) { init_srv_sess_0_info(&ss0->info_0[num_entries], - &ss0->info_0_str[num_entries], "MACHINE"); + &ss0->info_0_str[num_entries], session_list[(*snum)].remote_machine); /* move on to creating next session */ /* move on to creating next sess */ @@ -671,6 +675,7 @@ static void init_srv_sess_info_0(SRV_SESS_INFO_0 *ss0, uint32 *snum, uint32 *sto ss0->ptr_sess_info = 0; ss0->num_entries_read2 = 0; } + SAFE_FREE(session_list); } /******************************************************************* @@ -693,11 +698,13 @@ static void init_srv_sess_1_info(SESS_INFO_1 *se1, SESS_INFO_1_STR *str1, static void init_srv_sess_info_1(SRV_SESS_INFO_1 *ss1, uint32 *snum, uint32 *stot) { + struct sessionid *session_list; uint32 num_entries = 0; - (*stot) = 1; + (*stot) = list_sessions(&session_list); if (ss1 == NULL) { (*snum) = 0; + SAFE_FREE(session_list); return; } @@ -706,8 +713,10 @@ static void init_srv_sess_info_1(SRV_SESS_INFO_1 *ss1, uint32 *snum, uint32 *sto if (snum) { for (; (*snum) < (*stot) && num_entries < MAX_SESS_ENTRIES; (*snum)++) { init_srv_sess_1_info(&ss1->info_1[num_entries], - &ss1->info_1_str[num_entries], - "MACHINE", "dummy_user", 1, 10, 5, 0); + &ss1->info_1_str[num_entries], + session_list[*snum].remote_machine, + session_list[*snum].username, + 1, 10, 5, 0); /* move on to creating next session */ /* move on to creating next sess */ @@ -941,74 +950,46 @@ static void init_srv_r_net_conn_enum(SRV_R_NET_CONN_ENUM *r_n, init_enum_hnd(&r_n->enum_hnd, resume_hnd); } -/******************************************************************* - fill in a file info level 3 structure. - ********************************************************************/ - -static void init_srv_file_3_info(FILE_INFO_3 *fl3, FILE_INFO_3_STR *str3, - uint32 fnum, uint32 perms, uint32 num_locks, - char *path_name, char *user_name) -{ - init_srv_file_info3(fl3 , fnum, perms, num_locks, path_name, user_name); - init_srv_file_info3_str(str3, path_name, user_name); -} - -/******************************************************************* - fill in a file info level 3 structure. - ********************************************************************/ - -static void init_srv_file_info_3(SRV_FILE_INFO_3 *fl3, uint32 *fnum, uint32 *ftot) -{ - uint32 num_entries = 0; - (*ftot) = 1; - - if (fl3 == NULL) { - (*fnum) = 0; - return; - } - - DEBUG(5,("init_srv_file_3_fl3\n")); - - for (; (*fnum) < (*ftot) && num_entries < MAX_FILE_ENTRIES; (*fnum)++) { - init_srv_file_3_info(&fl3->info_3[num_entries], - &fl3->info_3_str[num_entries], - (*fnum), 0x35, 0, "\\PIPE\\samr", "dummy user"); - - /* move on to creating next file */ - num_entries++; - } - - fl3->num_entries_read = num_entries; - fl3->ptr_file_info = num_entries > 0 ? 1 : 0; - fl3->num_entries_read2 = num_entries; - - if ((*fnum) >= (*ftot)) { - (*fnum) = 0; - } -} - /******************************************************************* makes a SRV_R_NET_FILE_ENUM structure. ********************************************************************/ -static WERROR init_srv_file_info_ctr(SRV_FILE_INFO_CTR *ctr, +static WERROR init_srv_file_info_ctr(pipes_struct *p, SRV_FILE_INFO_CTR *ctr, int switch_value, uint32 *resume_hnd, uint32 *total_entries) { WERROR status = WERR_OK; + TALLOC_CTX *ctx = p->mem_ctx; DEBUG(5,("init_srv_file_info_ctr: %d\n", __LINE__)); + *total_entries = 1; /* dummy entries only, for */ ctr->switch_value = switch_value; + ctr->num_entries = *total_entries - *resume_hnd; + if (ctr->num_entries < 0) + ctr->num_entries = 0; + ctr->num_entries2 = ctr->num_entries; switch (switch_value) { - case 3: - init_srv_file_info_3(&ctr->file.info3, resume_hnd, total_entries); - ctr->ptr_file_ctr = 1; + case 3: { + int i; + if (*total_entries > 0) { + ctr->ptr_entries = 1; + ctr->file.info3 = talloc(ctx, ctr->num_entries * + sizeof(SRV_FILE_INFO_3)); + } + for (i=0 ;inum_entries;i++) { + init_srv_file_info3(&ctr->file.info3[i].info_3, i+*resume_hnd, 0x35, 0, "\\PIPE\\samr", "dummy user"); + init_srv_file_info3_str(&ctr->file.info3[i].info_3_str, "\\PIPE\\samr", "dummy user"); + + } + ctr->ptr_file_info = 1; + *resume_hnd = 0; break; + } default: DEBUG(5,("init_srv_file_info_ctr: unsupported switch value %d\n", switch_value)); (*resume_hnd = 0); (*total_entries) = 0; - ctr->ptr_file_ctr = 0; + ctr->ptr_entries = 0; status = WERR_UNKNOWN_LEVEL; break; } @@ -1020,7 +1001,7 @@ static WERROR init_srv_file_info_ctr(SRV_FILE_INFO_CTR *ctr, makes a SRV_R_NET_FILE_ENUM structure. ********************************************************************/ -static void init_srv_r_net_file_enum(SRV_R_NET_FILE_ENUM *r_n, +static void init_srv_r_net_file_enum(pipes_struct *p, SRV_R_NET_FILE_ENUM *r_n, uint32 resume_hnd, int file_level, int switch_value) { DEBUG(5,("init_srv_r_net_file_enum: %d\n", __LINE__)); @@ -1029,7 +1010,7 @@ static void init_srv_r_net_file_enum(SRV_R_NET_FILE_ENUM *r_n, if (file_level == 0) r_n->status = WERR_UNKNOWN_LEVEL; else - r_n->status = init_srv_file_info_ctr(r_n->ctr, switch_value, &resume_hnd, &(r_n->total_entries)); + r_n->status = init_srv_file_info_ctr(p, &r_n->ctr, switch_value, &resume_hnd, &(r_n->total_entries)); if (!W_ERROR_IS_OK(r_n->status)) resume_hnd = 0; @@ -1053,11 +1034,21 @@ WERROR _srv_net_srv_get_info(pipes_struct *p, SRV_Q_NET_SRV_GET_INFO *q_u, SRV_R DEBUG(5,("srv_net_srv_get_info: %d\n", __LINE__)); + if (!pipe_access_check(p)) { + DEBUG(3, ("access denied to srv_net_srv_get_info\n")); + return WERR_ACCESS_DENIED; + } + switch (q_u->switch_value) { + + /* Technically level 102 should only be available to + Administrators but there isn't anything super-secret + here, as most of it is made up. */ + case 102: init_srv_info_102(&ctr->srv.sv102, 500, global_myname, - string_truncate(lp_serverstring(), MAX_SERVER_STRING_LENGTH), + string_truncate(lp_serverstring(), MAX_SERVER_STRING_LENGTH), lp_major_announce_version(), lp_minor_announce_version(), lp_default_server_announce(), 0xffffffff, /* users */ @@ -1116,19 +1107,13 @@ net file enum WERROR _srv_net_file_enum(pipes_struct *p, SRV_Q_NET_FILE_ENUM *q_u, SRV_R_NET_FILE_ENUM *r_u) { - r_u->ctr = (SRV_FILE_INFO_CTR *)talloc(p->mem_ctx, sizeof(SRV_FILE_INFO_CTR)); - if (!r_u->ctr) - return WERR_NOMEM; - - ZERO_STRUCTP(r_u->ctr); - DEBUG(5,("srv_net_file_enum: %d\n", __LINE__)); /* set up the */ - init_srv_r_net_file_enum(r_u, + init_srv_r_net_file_enum(p, r_u, get_enum_hnd(&q_u->enum_hnd), q_u->file_level, - q_u->ctr->switch_value); + q_u->ctr.switch_value); DEBUG(5,("srv_net_file_enum: %d\n", __LINE__)); @@ -1193,6 +1178,11 @@ WERROR _srv_net_share_enum_all(pipes_struct *p, SRV_Q_NET_SHARE_ENUM *q_u, SRV_R { DEBUG(5,("_srv_net_share_enum: %d\n", __LINE__)); + if (!pipe_access_check(p)) { + DEBUG(3, ("access denied to srv_net_share_enum_all\n")); + return WERR_ACCESS_DENIED; + } + /* Create the list of shares for the response. */ init_srv_r_net_share_enum(p, r_u, q_u->ctr.info_level, @@ -1211,6 +1201,11 @@ WERROR _srv_net_share_enum(pipes_struct *p, SRV_Q_NET_SHARE_ENUM *q_u, SRV_R_NET { DEBUG(5,("_srv_net_share_enum: %d\n", __LINE__)); + if (!pipe_access_check(p)) { + DEBUG(3, ("access denied to srv_net_share_enum\n")); + return WERR_ACCESS_DENIED; + } + /* Create the list of shares for the response. */ init_srv_r_net_share_enum(p, r_u, q_u->ctr.info_level, @@ -1829,7 +1824,7 @@ WERROR _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *q_ "Nigel Williams" . ***********************************************************************************/ -const char *server_disks[] = {"C:"}; +static const char *server_disks[] = {"C:"}; static uint32 get_server_disk_count(void) { diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index 53bbebb95ee..f896d1d9d8c 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -38,6 +38,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + /* * A list of the rids of well known BUILTIN and Domain users * and groups. @@ -93,6 +96,7 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui uint32 *rids=NULL, *new_rids=NULL; gid_t winbind_gid_low, winbind_gid_high; BOOL ret; + BOOL winbind_groups_exist; /* * this code is far from perfect. @@ -108,17 +112,15 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui *prids=NULL; *numgroups=0; - lp_winbind_gid(&winbind_gid_low, &winbind_gid_high); + winbind_groups_exist = lp_winbind_gid(&winbind_gid_low, &winbind_gid_high); DEBUG(10,("get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n", sid_to_string(str_qsid, q_sid), sid_to_string(str_domsid, sid))); - sid_peek_rid(q_sid, &rid); - pdb_init_sam(&sam_pass); become_root(); - ret = pdb_getsampwrid(sam_pass, rid); + ret = pdb_getsampwsid(sam_pass, q_sid); unbecome_root(); if (ret == False) { pdb_free_sam(&sam_pass); @@ -157,7 +159,7 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui } /* Don't return winbind groups as they are not local! */ - if ((grp->gr_gid >= winbind_gid_low) && (grp->gr_gid <= winbind_gid_high)) { + if (winbind_groups_exist && (grp->gr_gid >= winbind_gid_low) && (grp->gr_gid <= winbind_gid_high)) { DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name)); continue; } @@ -226,7 +228,7 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui } /* Don't return winbind groups as they are not local! */ - if ((gid >= winbind_gid_low) && (gid <= winbind_gid_high)) { + if (winbind_groups_exist && (gid >= winbind_gid_low) && (gid <= winbind_gid_high)) { DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name )); goto done; } @@ -404,6 +406,8 @@ NTSTATUS local_lookup_alias_name(uint32 rid, char *alias_name, uint32 *type) return NT_STATUS_NONE_MAPPED; } + +#if 0 /*Nobody uses this function just now*/ /******************************************************************* Look up a local user rid and return a name and type. ********************************************************************/ @@ -448,6 +452,8 @@ NTSTATUS local_lookup_user_name(uint32 rid, char *user_name, uint32 *type) return NT_STATUS_NONE_MAPPED; } +#endif + /******************************************************************* Look up a local (domain) group name and return a rid ********************************************************************/ diff --git a/source3/rpc_server/srv_wkssvc.c b/source3/rpc_server/srv_wkssvc.c index 8eb5b3002e6..c783becbbeb 100644 --- a/source3/rpc_server/srv_wkssvc.c +++ b/source3/rpc_server/srv_wkssvc.c @@ -24,6 +24,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + /******************************************************************* api_wks_query_info ********************************************************************/ @@ -55,7 +58,7 @@ static BOOL api_wks_query_info(pipes_struct *p) /******************************************************************* \PIPE\wkssvc commands ********************************************************************/ -struct api_struct api_wks_cmds[] = +static struct api_struct api_wks_cmds[] = { { "WKS_Q_QUERY_INFO", WKS_QUERY_INFO, api_wks_query_info }, { NULL , 0 , NULL } diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c index 637c95af693..7687e7b00af 100644 --- a/source3/rpc_server/srv_wkssvc_nt.c +++ b/source3/rpc_server/srv_wkssvc_nt.c @@ -25,6 +25,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + extern pstring global_myname; /******************************************************************* diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c index 56ae4c6e68a..067325c06e6 100644 --- a/source3/rpcclient/cmd_lsarpc.c +++ b/source3/rpcclient/cmd_lsarpc.c @@ -2,7 +2,8 @@ Unix SMB/CIFS implementation. RPC pipe client - Copyright (C) Tim Potter 2000 + Copyright (C) Tim Potter 2000 + Copyright (C) Rafal Szczesniak 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -95,18 +96,19 @@ static NTSTATUS cmd_lsa_lookup_names(struct cli_state *cli, result = cli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 1, (const char**)(argv + 1), &sids, &types); - if (!NT_STATUS_IS_OK(result) && - NT_STATUS_V(result) != NT_STATUS_V(STATUS_SOME_UNMAPPED)) + if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != + NT_STATUS_V(STATUS_SOME_UNMAPPED)) goto done; + result = NT_STATUS_OK; + /* Print results */ for (i = 0; i < (argc - 1); i++) { fstring sid_str; - sid_to_string(sid_str, &sids[i]); - printf("%s %s (%d)\n", argv[i + 1], sid_str, - types[i]); + printf("%s %s (%s: %d)\n", argv[i + 1], sid_str, + sid_type_lookup(types[i]), types[i]); } done: @@ -147,7 +149,7 @@ static NTSTATUS cmd_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, goto done; } - for (i = 0; i < (argc - 1); i++) + for (i = 0; i < argc - 1; i++) string_to_sid(&sids[i], argv[i + 1]); /* Lookup the SIDs */ @@ -155,17 +157,19 @@ static NTSTATUS cmd_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, result = cli_lsa_lookup_sids(cli, mem_ctx, &pol, argc - 1, sids, &domains, &names, &types); - if (!NT_STATUS_IS_OK(result) && - NT_STATUS_V(result) != NT_STATUS_V(STATUS_SOME_UNMAPPED)) + if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != + NT_STATUS_V(STATUS_SOME_UNMAPPED)) goto done; + result = NT_STATUS_OK; + /* Print results */ for (i = 0; i < (argc - 1); i++) { fstring sid_str; sid_to_string(sid_str, &sids[i]); - printf("%s [%s]\\[%s] (%d)\n", sid_str, + printf("%s %s\\%s (%d)\n", sid_str, domains[i] ? domains[i] : "*unknown*", names[i] ? names[i] : "*unknown*", types[i]); } @@ -184,17 +188,31 @@ static NTSTATUS cmd_lsa_enum_trust_dom(struct cli_state *cli, NTSTATUS result = NT_STATUS_UNSUCCESSFUL; DOM_SID *domain_sids; char **domain_names; + + /* defaults, but may be changed using params */ uint32 enum_ctx = 0; - uint32 num_domains; + uint32 preferred_maxnum = 5; + uint32 num_domains = 0; int i; - if (argc != 1) { - printf("Usage: %s\n", argv[0]); + if (argc > 3) { + printf("Usage: %s [preferred max number (%d)] [enum context (0)]\n", + argv[0], preferred_maxnum); return NT_STATUS_OK; } + /* enumeration context */ + if (argc >= 2 && argv[1]) { + preferred_maxnum = atoi(argv[1]); + } + + /* preferred maximum number */ + if (argc == 3 && argv[2]) { + enum_ctx = atoi(argv[2]); + } + result = cli_lsa_open_policy(cli, mem_ctx, True, - SEC_RIGHTS_MAXIMUM_ALLOWED, + POLICY_VIEW_LOCAL_INFORMATION, &pol); if (!NT_STATUS_IS_OK(result)) @@ -203,14 +221,14 @@ static NTSTATUS cmd_lsa_enum_trust_dom(struct cli_state *cli, /* Lookup list of trusted domains */ result = cli_lsa_enum_trust_dom(cli, mem_ctx, &pol, &enum_ctx, - &num_domains, &domain_names, - &domain_sids); - - if (!NT_STATUS_IS_OK(result)) - goto done; - - /* Print results */ - + &preferred_maxnum, &num_domains, + &domain_names, &domain_sids); + if (!NT_STATUS_IS_OK(result) && + !NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) && + !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) + goto done; + + /* Print results: list of names and sids returned in this response. */ for (i = 0; i < num_domains; i++) { fstring sid_str; @@ -447,6 +465,7 @@ static NTSTATUS cmd_lsa_lookupprivvalue(struct cli_state *cli, goto done; /* Print results */ + printf("%u:%u (0x%x:0x%x)\n", luid.high, luid.low, luid.high, luid.low); done: @@ -498,7 +517,7 @@ struct cmd_set lsarpc_commands[] = { { "lsaquery", cmd_lsa_query_info_policy, PIPE_LSARPC, "Query info policy", "" }, { "lookupsids", cmd_lsa_lookup_sids, PIPE_LSARPC, "Convert SIDs to names", "" }, { "lookupnames", cmd_lsa_lookup_names, PIPE_LSARPC, "Convert names to SIDs", "" }, - { "enumtrust", cmd_lsa_enum_trust_dom, PIPE_LSARPC, "Enumerate trusted domains", "" }, + { "enumtrust", cmd_lsa_enum_trust_dom, PIPE_LSARPC, "Enumerate trusted domains", "Usage: [preferred max number] [enum context (0)]" }, { "enumprivs", cmd_lsa_enum_privilege, PIPE_LSARPC, "Enumerate privileges", "" }, { "getdispname", cmd_lsa_get_dispname, PIPE_LSARPC, "Get the privilege name", "" }, { "lsaenumsid", cmd_lsa_enum_sids, PIPE_LSARPC, "Enumerate the LSA SIDS", "" }, diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c index 4d67cba1b52..2e895726606 100644 --- a/source3/rpcclient/cmd_netlogon.c +++ b/source3/rpcclient/cmd_netlogon.c @@ -174,7 +174,8 @@ static NTSTATUS cmd_netlogon_sam_sync(struct cli_state *cli, goto done; } - result = cli_nt_setup_creds(cli, trust_passwd); + result = new_cli_nt_setup_creds(cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ? + SEC_CHAN_WKSTA : SEC_CHAN_BDC, trust_passwd); if (!NT_STATUS_IS_OK(result)) { fprintf(stderr, "Error initialising session creds\n"); @@ -237,7 +238,8 @@ static NTSTATUS cmd_netlogon_sam_deltas(struct cli_state *cli, goto done; } - result = cli_nt_setup_creds(cli, trust_passwd); + result = new_cli_nt_setup_creds(cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ? + SEC_CHAN_WKSTA : SEC_CHAN_BDC, trust_passwd); if (!NT_STATUS_IS_OK(result)) { fprintf(stderr, "Error initialising session creds\n"); @@ -299,7 +301,8 @@ static NTSTATUS cmd_netlogon_sam_logon(struct cli_state *cli, goto done; } - result = cli_nt_setup_creds(cli, trust_passwd); + result = new_cli_nt_setup_creds(cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ? + SEC_CHAN_WKSTA : SEC_CHAN_BDC, trust_passwd); if (!NT_STATUS_IS_OK(result)) { fprintf(stderr, "Error initialising session creds\n"); diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index ee46fc64a57..eae24683d2a 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -79,13 +79,13 @@ static void display_sam_user_info_21(SAM_USER_INFO_21 *usr) printf("\tunknown_2[0..31]...\n"); /* user passwords? */ - printf("\tuser_rid :\t%x\n" , usr->user_rid ); /* User ID */ - printf("\tgroup_rid:\t%x\n" , usr->group_rid); /* Group ID */ - printf("\tacb_info :\t%04x\n", usr->acb_info ); /* Account Control Info */ + printf("\tuser_rid :\t0x%x\n" , usr->user_rid ); /* User ID */ + printf("\tgroup_rid:\t0x%x\n" , usr->group_rid); /* Group ID */ + printf("\tacb_info :\t0x%04x\n", usr->acb_info ); /* Account Control Info */ - printf("\tunknown_3:\t%08x\n", usr->unknown_3); /* 0x00ff ffff */ + printf("\tunknown_3:\t0x%08x\n", usr->unknown_3); /* 0x00ff ffff */ printf("\tlogon_divs:\t%d\n", usr->logon_divs); /* 0x0000 00a8 which is 168 which is num hrs in a week */ - printf("\tunknown_5:\t%08x\n", usr->unknown_5); /* 0x0002 0000 */ + printf("\tunknown_5:\t0x%08x\n", usr->unknown_5); /* 0x0002 0000 */ printf("\tpadding1[0..7]...\n"); @@ -253,16 +253,24 @@ static NTSTATUS cmd_samr_query_user(struct cli_state *cli, POLICY_HND connect_pol, domain_pol, user_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 info_level = 21; + uint32 access_mask = MAXIMUM_ALLOWED_ACCESS; SAM_USERINFO_CTR *user_ctr; fstring server; uint32 user_rid; - if (argc != 2) { - printf("Usage: %s rid\n", argv[0]); + if ((argc < 2) || (argc > 4)) { + printf("Usage: %s rid [info level] [access mask] \n", argv[0]); return NT_STATUS_OK; } sscanf(argv[1], "%i", &user_rid); + + if (argc > 2) + sscanf(argv[2], "%i", &info_level); + + if (argc > 3) + sscanf(argv[3], "%x", &access_mask); + slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost); strupper (server); @@ -281,7 +289,7 @@ static NTSTATUS cmd_samr_query_user(struct cli_state *cli, goto done; result = cli_samr_open_user(cli, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, + access_mask, user_rid, &user_pol); if (!NT_STATUS_IS_OK(result)) @@ -354,16 +362,23 @@ static NTSTATUS cmd_samr_query_group(struct cli_state *cli, POLICY_HND connect_pol, domain_pol, group_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 info_level = 1; + uint32 access_mask = MAXIMUM_ALLOWED_ACCESS; GROUP_INFO_CTR group_ctr; fstring server; uint32 group_rid; - if (argc != 2) { - printf("Usage: %s rid\n", argv[0]); + if ((argc < 2) || (argc > 4)) { + printf("Usage: %s rid [info level] [access mask]\n", argv[0]); return NT_STATUS_OK; } sscanf(argv[1], "%i", &group_rid); + + if (argc > 2) + sscanf(argv[2], "%i", &info_level); + + if (argc > 3) + sscanf(argv[3], "%x", &access_mask); slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost); strupper (server); @@ -382,7 +397,7 @@ static NTSTATUS cmd_samr_query_group(struct cli_state *cli, goto done; result = cli_samr_open_group(cli, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, + access_mask, group_rid, &group_pol); if (!NT_STATUS_IS_OK(result)) @@ -414,45 +429,49 @@ static NTSTATUS cmd_samr_query_usergroups(struct cli_state *cli, NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 num_groups, user_rid; + uint32 access_mask = MAXIMUM_ALLOWED_ACCESS; DOM_GID *user_gids; int i; fstring server; - if (argc != 2) { - printf("Usage: %s rid\n", argv[0]); + if ((argc < 2) || (argc > 3)) { + printf("Usage: %s rid [access mask]\n", argv[0]); return NT_STATUS_OK; } sscanf(argv[1], "%i", &user_rid); + + if (argc > 2) + sscanf(argv[2], "%x", &access_mask); slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost); strupper (server); result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, &connect_pol); - if (!NT_STATUS_IS_OK(result)) { + + if (!NT_STATUS_IS_OK(result)) goto done; - } result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, MAXIMUM_ALLOWED_ACCESS, &domain_sid, &domain_pol); - if (!NT_STATUS_IS_OK(result)) { + + if (!NT_STATUS_IS_OK(result)) goto done; - } result = cli_samr_open_user(cli, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, + access_mask, user_rid, &user_pol); - if (!NT_STATUS_IS_OK(result)) { + + if (!NT_STATUS_IS_OK(result)) goto done; - } result = cli_samr_query_usergroups(cli, mem_ctx, &user_pol, &num_groups, &user_gids); - if (!NT_STATUS_IS_OK(result)) { + + if (!NT_STATUS_IS_OK(result)) goto done; - } for (i = 0; i < num_groups; i++) { printf("\tgroup rid:[0x%x] attr:[0x%x]\n", @@ -472,6 +491,7 @@ static NTSTATUS cmd_samr_query_useraliases(struct cli_state *cli, POLICY_HND connect_pol, domain_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 user_rid, num_aliases, *alias_rids; + uint32 access_mask = MAXIMUM_ALLOWED_ACCESS; int i; fstring server; DOM_SID tmp_sid; @@ -480,45 +500,47 @@ static NTSTATUS cmd_samr_query_useraliases(struct cli_state *cli, string_to_sid(&global_sid_Builtin, "S-1-5-32"); - if (argc != 3) { - printf("Usage: %s builtin|domain rid\n", argv[0]); + if ((argc < 3) || (argc > 4)) { + printf("Usage: %s builtin|domain rid [access mask]\n", argv[0]); return NT_STATUS_OK; } sscanf(argv[2], "%i", &user_rid); + + if (argc > 3) + sscanf(argv[3], "%x", &access_mask); slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost); strupper (server); result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, &connect_pol); - if (!NT_STATUS_IS_OK(result)) { + + if (!NT_STATUS_IS_OK(result)) goto done; - } if (StrCaseCmp(argv[1], "domain")==0) result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, + access_mask, &domain_sid, &domain_pol); else if (StrCaseCmp(argv[1], "builtin")==0) result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, + access_mask, &global_sid_Builtin, &domain_pol); else return NT_STATUS_OK; - if (!NT_STATUS_IS_OK(result)) { + if (!NT_STATUS_IS_OK(result)) goto done; - } sid_copy(&tmp_sid, &domain_sid); sid_append_rid(&tmp_sid, user_rid); init_dom_sid2(&sid, &tmp_sid); result = cli_samr_query_useraliases(cli, mem_ctx, &domain_pol, 1, &sid, &num_aliases, &alias_rids); - if (!NT_STATUS_IS_OK(result)) { + + if (!NT_STATUS_IS_OK(result)) goto done; - } for (i = 0; i < num_aliases; i++) { printf("\tgroup rid:[0x%x]\n", alias_rids[i]); @@ -537,45 +559,49 @@ static NTSTATUS cmd_samr_query_groupmem(struct cli_state *cli, POLICY_HND connect_pol, domain_pol, group_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 num_members, *group_rids, *group_attrs, group_rid; + uint32 access_mask = MAXIMUM_ALLOWED_ACCESS; int i; fstring server; - if (argc != 2) { - printf("Usage: %s rid\n", argv[0]); + if ((argc < 2) || (argc > 3)) { + printf("Usage: %s rid [access mask]\n", argv[0]); return NT_STATUS_OK; } sscanf(argv[1], "%i", &group_rid); + + if (argc > 2) + sscanf(argv[2], "%x", &access_mask); slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost); strupper (server); result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, &connect_pol); - if (!NT_STATUS_IS_OK(result)) { + + if (!NT_STATUS_IS_OK(result)) goto done; - } result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, MAXIMUM_ALLOWED_ACCESS, &domain_sid, &domain_pol); - if (!NT_STATUS_IS_OK(result)) { + + if (!NT_STATUS_IS_OK(result)) goto done; - } result = cli_samr_open_group(cli, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, + access_mask, group_rid, &group_pol); - if (!NT_STATUS_IS_OK(result)) { + + if (!NT_STATUS_IS_OK(result)) goto done; - } result = cli_samr_query_groupmem(cli, mem_ctx, &group_pol, &num_members, &group_rids, &group_attrs); - if (!NT_STATUS_IS_OK(result)) { + + if (!NT_STATUS_IS_OK(result)) goto done; - } for (i = 0; i < num_members; i++) { printf("\trid:[0x%x] attr:[0x%x]\n", group_rids[i], @@ -595,47 +621,71 @@ static NTSTATUS cmd_samr_enum_dom_groups(struct cli_state *cli, POLICY_HND connect_pol, domain_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 start_idx, size, num_dom_groups, i; + uint32 access_mask = MAXIMUM_ALLOWED_ACCESS; struct acct_info *dom_groups; + BOOL got_connect_pol = False, got_domain_pol = False; - if (argc != 1) { - printf("Usage: %s\n", argv[0]); + if ((argc < 1) || (argc > 2)) { + printf("Usage: %s [access_mask]\n", argv[0]); return NT_STATUS_OK; } + + if (argc > 1) + sscanf(argv[1], "%x", &access_mask); /* Get sam policy handle */ result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, &connect_pol); - if (!NT_STATUS_IS_OK(result)) { + + if (!NT_STATUS_IS_OK(result)) goto done; - } + + got_connect_pol = True; /* Get domain policy handle */ + result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, + access_mask, &domain_sid, &domain_pol); - if (!NT_STATUS_IS_OK(result)) { + + if (!NT_STATUS_IS_OK(result)) goto done; - } + + got_domain_pol = True; /* Enumerate domain groups */ start_idx = 0; size = 0xffff; - result = cli_samr_enum_dom_groups(cli, mem_ctx, &domain_pol, - &start_idx, size, - &dom_groups, &num_dom_groups); + do { + result = cli_samr_enum_dom_groups( + cli, mem_ctx, &domain_pol, &start_idx, size, + &dom_groups, &num_dom_groups); + + if (NT_STATUS_IS_OK(result) || + NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) { + + for (i = 0; i < num_dom_groups; i++) + printf("group:[%s] rid:[0x%x]\n", + dom_groups[i].acct_name, + dom_groups[i].rid); + } - for (i = 0; i < num_dom_groups; i++) - printf("group:[%s] rid:[0x%x]\n", dom_groups[i].acct_name, - dom_groups[i].rid); + } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)); done: + if (got_domain_pol) + cli_samr_close(cli, mem_ctx, &domain_pol); + + if (got_connect_pol) + cli_samr_close(cli, mem_ctx, &connect_pol); + return result; } -/* Enumerate domain groups */ +/* Enumerate alias groups */ static NTSTATUS cmd_samr_enum_als_groups(struct cli_state *cli, TALLOC_CTX *mem_ctx, @@ -643,55 +693,77 @@ static NTSTATUS cmd_samr_enum_als_groups(struct cli_state *cli, { POLICY_HND connect_pol, domain_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - uint32 start_idx, size, num_dom_groups, i; - struct acct_info *dom_groups; + uint32 start_idx, size, num_als_groups, i; + uint32 access_mask = MAXIMUM_ALLOWED_ACCESS; + struct acct_info *als_groups; DOM_SID global_sid_Builtin; + BOOL got_connect_pol = False, got_domain_pol = False; string_to_sid(&global_sid_Builtin, "S-1-5-32"); - if (argc != 2) { - printf("Usage: %s builtin|domain\n", argv[0]); + if ((argc < 2) || (argc > 3)) { + printf("Usage: %s builtin|domain [access mask]\n", argv[0]); return NT_STATUS_OK; } + + if (argc > 2) + sscanf(argv[2], "%x", &access_mask); /* Get sam policy handle */ result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, &connect_pol); - if (!NT_STATUS_IS_OK(result)) { + + if (!NT_STATUS_IS_OK(result)) goto done; - } + + got_connect_pol = True; /* Get domain policy handle */ if (StrCaseCmp(argv[1], "domain")==0) result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, + access_mask, &domain_sid, &domain_pol); else if (StrCaseCmp(argv[1], "builtin")==0) result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, + access_mask, &global_sid_Builtin, &domain_pol); else return NT_STATUS_OK; - if (!NT_STATUS_IS_OK(result)) { + + if (!NT_STATUS_IS_OK(result)) goto done; - } - /* Enumerate domain groups */ + got_domain_pol = True; + + /* Enumerate alias groups */ start_idx = 0; - size = 0xffff; + size = 0xffff; /* Number of groups to retrieve */ - result = cli_samr_enum_als_groups(cli, mem_ctx, &domain_pol, - &start_idx, size, - &dom_groups, &num_dom_groups); + do { + result = cli_samr_enum_als_groups( + cli, mem_ctx, &domain_pol, &start_idx, size, + &als_groups, &num_als_groups); - for (i = 0; i < num_dom_groups; i++) - printf("group:[%s] rid:[0x%x]\n", dom_groups[i].acct_name, - dom_groups[i].rid); + if (NT_STATUS_IS_OK(result) || + NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) { + + for (i = 0; i < num_als_groups; i++) + printf("group:[%s] rid:[0x%x]\n", + als_groups[i].acct_name, + als_groups[i].rid); + } + } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)); done: + if (got_domain_pol) + cli_samr_close(cli, mem_ctx, &domain_pol); + + if (got_connect_pol) + cli_samr_close(cli, mem_ctx, &connect_pol); + return result; } @@ -704,46 +776,59 @@ static NTSTATUS cmd_samr_query_aliasmem(struct cli_state *cli, POLICY_HND connect_pol, domain_pol, alias_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 alias_rid, num_members, i; + uint32 access_mask = MAXIMUM_ALLOWED_ACCESS; DOM_SID *alias_sids; + DOM_SID global_sid_Builtin; + + string_to_sid(&global_sid_Builtin, "S-1-5-32"); - if (argc != 2) { - printf("Usage: %s rid\n", argv[0]); + if ((argc < 3) || (argc > 4)) { + printf("Usage: %s builtin|domain rid [access mask]\n", argv[0]); return NT_STATUS_OK; } - sscanf(argv[1], "%i", &alias_rid); + sscanf(argv[2], "%i", &alias_rid); + + if (argc > 3) + sscanf(argv[3], "%x", &access_mask); /* Open SAMR handle */ result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, &connect_pol); - if (!NT_STATUS_IS_OK(result)) { + + if (!NT_STATUS_IS_OK(result)) goto done; - } /* Open handle on domain */ + + if (StrCaseCmp(argv[1], "domain")==0) + result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + &domain_sid, &domain_pol); + else if (StrCaseCmp(argv[1], "builtin")==0) + result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + &global_sid_Builtin, &domain_pol); + else + return NT_STATUS_OK; - result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - &domain_sid, &domain_pol); - if (!NT_STATUS_IS_OK(result)) { + if (!NT_STATUS_IS_OK(result)) goto done; - } /* Open handle on alias */ result = cli_samr_open_alias(cli, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, + access_mask, alias_rid, &alias_pol); - if (!NT_STATUS_IS_OK(result)) { + if (!NT_STATUS_IS_OK(result)) goto done; - } result = cli_samr_query_aliasmem(cli, mem_ctx, &alias_pol, &num_members, &alias_sids); - if (!NT_STATUS_IS_OK(result)) { + + if (!NT_STATUS_IS_OK(result)) goto done; - } for (i = 0; i < num_members; i++) { fstring sid_str; @@ -765,7 +850,8 @@ static NTSTATUS cmd_samr_query_dispinfo(struct cli_state *cli, POLICY_HND connect_pol, domain_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 start_idx=0, max_entries=250, num_entries, i; - int info_level = 1; + uint32 access_mask = MAXIMUM_ALLOWED_ACCESS; + uint32 info_level = 1; SAM_DISPINFO_CTR ctr; SAM_DISPINFO_1 info1; SAM_DISPINFO_2 info2; @@ -773,8 +859,8 @@ static NTSTATUS cmd_samr_query_dispinfo(struct cli_state *cli, SAM_DISPINFO_4 info4; SAM_DISPINFO_5 info5; - if (argc > 4) { - printf("Usage: %s [info level] [start index] [max entries]\n", argv[0]); + if (argc > 5) { + printf("Usage: %s [info level] [start index] [max entries] [access mask]\n", argv[0]); return NT_STATUS_OK; } @@ -786,22 +872,25 @@ static NTSTATUS cmd_samr_query_dispinfo(struct cli_state *cli, if (argc >= 4) sscanf(argv[3], "%i", &max_entries); + + if (argc >= 5) + sscanf(argv[4], "%x", &access_mask); /* Get sam policy handle */ result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, &connect_pol); - if (!NT_STATUS_IS_OK(result)) { + + if (!NT_STATUS_IS_OK(result)) goto done; - } /* Get domain policy handle */ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, + access_mask, &domain_sid, &domain_pol); - if (!NT_STATUS_IS_OK(result)) { + + if (!NT_STATUS_IS_OK(result)) goto done; - } /* Query display info */ @@ -832,11 +921,18 @@ static NTSTATUS cmd_samr_query_dispinfo(struct cli_state *cli, } - do { + while(1) { + result = cli_samr_query_dispinfo(cli, mem_ctx, &domain_pol, &start_idx, info_level, &num_entries, max_entries, &ctr); + if (!NT_STATUS_IS_OK(result) && !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) + break; + + if (num_entries == 0) + break; + for (i = 0; i < num_entries; i++) { switch (info_level) { case 1: @@ -856,7 +952,8 @@ static NTSTATUS cmd_samr_query_dispinfo(struct cli_state *cli, break; } } - } while (!NT_STATUS_IS_OK(result)); + } + done: return result; } @@ -869,45 +966,49 @@ static NTSTATUS cmd_samr_query_dominfo(struct cli_state *cli, { POLICY_HND connect_pol, domain_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - int switch_value = 2; + uint32 switch_level = 2; + uint32 access_mask = MAXIMUM_ALLOWED_ACCESS; SAM_UNK_CTR ctr; if (argc > 2) { - printf("Usage: %s [infolevel]\n", argv[0]); + printf("Usage: %s [info level] [access mask]\n", argv[0]); return NT_STATUS_OK; } - if (argc == 2) - sscanf(argv[1], "%i", &switch_value); + if (argc > 1) + sscanf(argv[1], "%i", &switch_level); + + if (argc > 2) + sscanf(argv[2], "%x", &access_mask); /* Get sam policy handle */ result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, &connect_pol); - if (!NT_STATUS_IS_OK(result)) { + + if (!NT_STATUS_IS_OK(result)) goto done; - } /* Get domain policy handle */ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, + access_mask, &domain_sid, &domain_pol); - if (!NT_STATUS_IS_OK(result)) { + + if (!NT_STATUS_IS_OK(result)) goto done; - } /* Query domain info */ result = cli_samr_query_dom_info(cli, mem_ctx, &domain_pol, - switch_value, &ctr); - if (!NT_STATUS_IS_OK(result)) { + switch_level, &ctr); + + if (!NT_STATUS_IS_OK(result)) goto done; - } /* Display domain info */ - switch (switch_value) { + switch (switch_level) { case 1: display_sam_unk_info_1(&ctr.info.inf1); break; @@ -916,7 +1017,7 @@ static NTSTATUS cmd_samr_query_dominfo(struct cli_state *cli, break; default: printf("cannot display domain info for switch value %d\n", - switch_value); + switch_level); break; } @@ -938,30 +1039,34 @@ static NTSTATUS cmd_samr_create_dom_user(struct cli_state *cli, char *acct_name; uint16 acb_info; uint32 unknown, user_rid; + uint32 access_mask = MAXIMUM_ALLOWED_ACCESS; - if (argc != 2) { - printf("Usage: %s username\n", argv[0]); + if ((argc < 2) || (argc > 3)) { + printf("Usage: %s username [access mask]\n", argv[0]); return NT_STATUS_OK; } acct_name = argv[1]; + + if (argc > 2) + sscanf(argv[2], "%x", &access_mask); /* Get sam policy handle */ result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, &connect_pol); - if (!NT_STATUS_IS_OK(result)) { + + if (!NT_STATUS_IS_OK(result)) goto done; - } /* Get domain policy handle */ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, + access_mask, &domain_sid, &domain_pol); - if (!NT_STATUS_IS_OK(result)) { + + if (!NT_STATUS_IS_OK(result)) goto done; - } /* Create domain user */ @@ -971,9 +1076,9 @@ static NTSTATUS cmd_samr_create_dom_user(struct cli_state *cli, result = cli_samr_create_dom_user(cli, mem_ctx, &domain_pol, acct_name, acb_info, unknown, &user_pol, &user_rid); - if (!NT_STATUS_IS_OK(result)) { + + if (!NT_STATUS_IS_OK(result)) goto done; - } done: return result; @@ -989,7 +1094,7 @@ static NTSTATUS cmd_samr_lookup_names(struct cli_state *cli, POLICY_HND connect_pol, domain_pol; uint32 flags = 0x000003e8; /* Unknown */ uint32 num_rids, num_names, *name_types, *rids; - char **names; + const char **names; int i; DOM_SID global_sid_Builtin; @@ -1007,9 +1112,8 @@ static NTSTATUS cmd_samr_lookup_names(struct cli_state *cli, result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, &connect_pol); - if (!NT_STATUS_IS_OK(result)) { + if (!NT_STATUS_IS_OK(result)) goto done; - } if (StrCaseCmp(argv[1], "domain")==0) result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, @@ -1022,14 +1126,13 @@ static NTSTATUS cmd_samr_lookup_names(struct cli_state *cli, else return NT_STATUS_OK; - if (!NT_STATUS_IS_OK(result)) { + if (!NT_STATUS_IS_OK(result)) goto done; - } /* Look up names */ num_names = argc - 2; - names = (char **)talloc(mem_ctx, sizeof(char *) * num_names); + names = (const char **)talloc(mem_ctx, sizeof(char *) * num_names); for (i = 0; i < argc - 2; i++) names[i] = argv[i + 2]; @@ -1038,9 +1141,8 @@ static NTSTATUS cmd_samr_lookup_names(struct cli_state *cli, flags, num_names, names, &num_rids, &rids, &name_types); - if (!NT_STATUS_IS_OK(result)) { + if (!NT_STATUS_IS_OK(result)) goto done; - } /* Display results */ @@ -1075,17 +1177,15 @@ static NTSTATUS cmd_samr_lookup_rids(struct cli_state *cli, result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, &connect_pol); - if (!NT_STATUS_IS_OK(result)) { + if (!NT_STATUS_IS_OK(result)) goto done; - } result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, MAXIMUM_ALLOWED_ACCESS, &domain_sid, &domain_pol); - if (!NT_STATUS_IS_OK(result)) { + if (!NT_STATUS_IS_OK(result)) goto done; - } /* Look up rids */ @@ -1099,9 +1199,8 @@ static NTSTATUS cmd_samr_lookup_rids(struct cli_state *cli, flags, num_rids, rids, &num_names, &names, &name_types); - if (!NT_STATUS_IS_OK(result)) { + if (!NT_STATUS_IS_OK(result)) goto done; - } /* Display results */ @@ -1120,28 +1219,30 @@ static NTSTATUS cmd_samr_delete_dom_user(struct cli_state *cli, { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; POLICY_HND connect_pol, domain_pol, user_pol; + uint32 access_mask = MAXIMUM_ALLOWED_ACCESS; - if (argc != 2) { + if ((argc < 2) || (argc > 3)) { printf("Usage: %s username\n", argv[0]); return NT_STATUS_OK; } + + if (argc > 2) + sscanf(argv[2], "%x", &access_mask); /* Get sam policy and domain handles */ result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, &connect_pol); - if (!NT_STATUS_IS_OK(result)) { + if (!NT_STATUS_IS_OK(result)) goto done; - } result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, MAXIMUM_ALLOWED_ACCESS, &domain_sid, &domain_pol); - if (!NT_STATUS_IS_OK(result)) { + if (!NT_STATUS_IS_OK(result)) goto done; - } /* Get handle on user */ @@ -1150,30 +1251,27 @@ static NTSTATUS cmd_samr_delete_dom_user(struct cli_state *cli, uint32 flags = 0x000003e8; /* Unknown */ result = cli_samr_lookup_names(cli, mem_ctx, &domain_pol, - flags, 1, &argv[1], + flags, 1, (const char **)&argv[1], &num_rids, &user_rids, &name_types); - if (!NT_STATUS_IS_OK(result)) { + if (!NT_STATUS_IS_OK(result)) goto done; - } result = cli_samr_open_user(cli, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, + access_mask, user_rids[0], &user_pol); - if (!NT_STATUS_IS_OK(result)) { + if (!NT_STATUS_IS_OK(result)) goto done; - } } /* Delete user */ result = cli_samr_delete_dom_user(cli, mem_ctx, &user_pol); - if (!NT_STATUS_IS_OK(result)) { + if (!NT_STATUS_IS_OK(result)) goto done; - } /* Display results */ @@ -1199,19 +1297,19 @@ static NTSTATUS cmd_samr_query_sec_obj(struct cli_state *cli, ctx=talloc_init(); - if (argc > 2) { + if ((argc < 1) || (argc > 2)) { printf("Usage: %s [rid|-d]\n", argv[0]); printf("\tSpecify rid for security on user, -d for security on domain\n"); return NT_STATUS_OK; } - if (argc == 2) { + if (argc > 1) { if (strcmp(argv[1], "-d") == 0) domain = True; else sscanf(argv[1], "%i", &user_rid); } - + slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost); strupper (server); result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, @@ -1261,6 +1359,30 @@ done: return result; } +static NTSTATUS cmd_samr_get_dom_pwinfo(struct cli_state *cli, + TALLOC_CTX *mem_ctx, + int argc, char **argv) +{ + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + uint16 unk_0, unk_1, unk_2; + + if (argc != 1) { + printf("Usage: %s\n", argv[0]); + return NT_STATUS_OK; + } + + result = cli_samr_get_dom_pwinfo(cli, mem_ctx, &unk_0, &unk_1, &unk_2); + + if (NT_STATUS_IS_OK(result)) { + printf("unk_0 = 0x%08x\n", unk_0); + printf("unk_1 = 0x%08x\n", unk_1); + printf("unk_2 = 0x%08x\n", unk_2); + } + + return result; +} + + /* List of commands exported by this module */ struct cmd_set samr_commands[] = { @@ -1283,6 +1405,7 @@ struct cmd_set samr_commands[] = { { "samlookuprids", cmd_samr_lookup_rids, PIPE_SAMR, "Look up names", "" }, { "deletedomuser", cmd_samr_delete_dom_user, PIPE_SAMR, "Delete domain user", "" }, { "samquerysecobj", cmd_samr_query_sec_obj, PIPE_SAMR, "Query SAMR security object", "" }, + { "getdompwinfo", cmd_samr_get_dom_pwinfo, PIPE_SAMR, "Retrieve domain password info", "" }, { NULL } }; diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c index 9c63ec17c05..47e3f123ba7 100644 --- a/source3/rpcclient/cmd_spoolss.c +++ b/source3/rpcclient/cmd_spoolss.c @@ -1647,10 +1647,12 @@ static NTSTATUS cmd_spoolss_setprinterdata(struct cli_state *cli, printf("%s\n", timestring(True)); printf("\tchange_id (before set)\t:[0x%x]\n", info->change_id); - /* Set the printer data */ - result = cli_spoolss_setprinterdata(cli, mem_ctx, &pol, argv[2], argv[3]); + result = cli_spoolss_setprinterdata( + cli, mem_ctx, &pol, argv[2], REG_SZ, argv[3], + strlen(argv[3]) + 1); + if (!W_ERROR_IS_OK(result)) { printf ("Unable to set [%s=%s]!\n", argv[2], argv[3]); goto done; @@ -1776,10 +1778,10 @@ static NTSTATUS cmd_spoolss_enum_jobs(struct cli_state *cli, for (i = 0; i < num_jobs; i++) { switch(level) { case 1: - display_job_info_1(&ctr.job.job_info_1[i]); + display_job_info_1(ctr.job.job_info_1[i]); break; case 2: - display_job_info_2(&ctr.job.job_info_2[i]); + display_job_info_2(ctr.job.job_info_2[i]); break; default: d_printf("unknown info level %d\n", level); diff --git a/source3/rpcclient/cmd_srvsvc.c b/source3/rpcclient/cmd_srvsvc.c index 6fbd152dfb5..43bfb250489 100644 --- a/source3/rpcclient/cmd_srvsvc.c +++ b/source3/rpcclient/cmd_srvsvc.c @@ -4,7 +4,7 @@ Copyright (C) Andrew Tridgell 1992-1999 Copyright (C) Luke Kenneth Casson Leighton 1996 - 1999 - Copyright (C) Tim Potter 2000 + Copyright (C) Tim Potter 2000,2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -221,6 +221,132 @@ static NTSTATUS cmd_srvsvc_srv_query_info(struct cli_state *cli, return result; } +static void display_share_info_1(SRV_SHARE_INFO_1 *info1) +{ + fstring netname = "", remark = ""; + + rpcstr_pull_unistr2_fstring(netname, &info1->info_1_str.uni_netname); + rpcstr_pull_unistr2_fstring(remark, &info1->info_1_str.uni_remark); + + printf("netname: %s\n", netname); + printf("\tremark:\t%s\n", remark); +} + +static void display_share_info_2(SRV_SHARE_INFO_2 *info2) +{ + fstring netname = "", remark = "", path = "", passwd = ""; + + rpcstr_pull_unistr2_fstring(netname, &info2->info_2_str.uni_netname); + rpcstr_pull_unistr2_fstring(remark, &info2->info_2_str.uni_remark); + rpcstr_pull_unistr2_fstring(path, &info2->info_2_str.uni_path); + rpcstr_pull_unistr2_fstring(passwd, &info2->info_2_str.uni_passwd); + + printf("netname: %s\n", netname); + printf("\tremark:\t%s\n", remark); + printf("\tpath:\t%s\n", path); + printf("\tpassword:\t%s\n", passwd); +} + +static NTSTATUS cmd_srvsvc_net_share_enum(struct cli_state *cli, + TALLOC_CTX *mem_ctx, + int argc, char **argv) +{ + uint32 info_level = 2; + SRV_SHARE_INFO_CTR ctr; + WERROR result; + ENUM_HND hnd; + uint32 preferred_len = 0xffffffff, i; + + if (argc > 2) { + printf("Usage: %s [infolevel]\n", argv[0]); + return NT_STATUS_OK; + } + + if (argc == 2) + info_level = atoi(argv[1]); + + init_enum_hnd(&hnd, 0); + + result = cli_srvsvc_net_share_enum( + cli, mem_ctx, info_level, &ctr, preferred_len, &hnd); + + if (!W_ERROR_IS_OK(result)) + goto done; + + /* Display results */ + + switch (info_level) { + case 1: + for (i = 0; i < ctr.num_entries; i++) + display_share_info_1(&ctr.share.info1[i]); + break; + case 2: + for (i = 0; i < ctr.num_entries; i++) + display_share_info_2(&ctr.share.info2[i]); + break; + default: + printf("unsupported info level %d\n", info_level); + break; + } + + done: + return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + +static NTSTATUS cmd_srvsvc_net_remote_tod(struct cli_state *cli, + TALLOC_CTX *mem_ctx, + int argc, char **argv) +{ + TIME_OF_DAY_INFO tod; + WERROR result; + + if (argc > 1) { + printf("Usage: %s\n", argv[0]); + return NT_STATUS_OK; + } + + result = cli_srvsvc_net_remote_tod( + cli, mem_ctx, cli->srv_name_slash, &tod); + + if (!W_ERROR_IS_OK(result)) + goto done; + + done: + return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + +static NTSTATUS cmd_srvsvc_net_file_enum(struct cli_state *cli, + TALLOC_CTX *mem_ctx, + int argc, char **argv) +{ + uint32 info_level = 3; + SRV_FILE_INFO_CTR ctr; + WERROR result; + ENUM_HND hnd; + uint32 preferred_len = 0; + + if (argc > 2) { + printf("Usage: %s [infolevel]\n", argv[0]); + return NT_STATUS_OK; + } + + if (argc == 2) + info_level = atoi(argv[1]); + + init_enum_hnd(&hnd, 0); + + ZERO_STRUCT(ctr); + + result = cli_srvsvc_net_file_enum( + cli, mem_ctx, info_level, NULL, &ctr, preferred_len, &hnd); + + if (!W_ERROR_IS_OK(result)) + goto done; + + done: + return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + /* List of commands exported by this module */ struct cmd_set srvsvc_commands[] = { @@ -228,6 +354,9 @@ struct cmd_set srvsvc_commands[] = { { "SRVSVC" }, { "srvinfo", cmd_srvsvc_srv_query_info, PIPE_SRVSVC, "Server query info", "" }, + { "netshareenum", cmd_srvsvc_net_share_enum, PIPE_SRVSVC, "Enumerate shares", "" }, + { "netfileenum", cmd_srvsvc_net_file_enum, PIPE_SRVSVC, "Enumerate open files", "" }, + { "netremotetod", cmd_srvsvc_net_remote_tod, PIPE_SRVSVC, "Fetch remote time of day", "" }, { NULL } }; diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index 193c27e8a08..a62c3d83653 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -186,7 +186,7 @@ static void get_username (char *username) /* Fetch the SID for this computer */ -void fetch_machine_sid(struct cli_state *cli) +static void fetch_machine_sid(struct cli_state *cli) { POLICY_HND pol; NTSTATUS result = NT_STATUS_OK; @@ -199,7 +199,7 @@ void fetch_machine_sid(struct cli_state *cli) if (!(mem_ctx=talloc_init())) { - DEBUG(0,("fetch_domain_sid: talloc_init returned NULL!\n")); + DEBUG(0,("fetch_machine_sid: talloc_init returned NULL!\n")); goto error; } @@ -576,17 +576,18 @@ static NTSTATUS process_cmd(struct cli_state *cli, char *cmd) /* Print usage information */ static void usage(void) { - printf("Usage: rpcclient server [options]\n"); + printf("Usage: rpcclient [options] server\n"); - printf("\t-A or --authfile authfile file containing user credentials\n"); - printf("\t-c or --command \"command string\" execute semicolon separated cmds\n"); - printf("\t-d or --debug debuglevel set the debuglevel\n"); - printf("\t-l or --logfile logfile logfile to use instead of stdout\n"); + printf("\t-A or --authfile authfile File containing user credentials\n"); + printf("\t-c or --command \"command string\" Execute semicolon separated cmds\n"); + printf("\t-d or --debug debuglevel Set the debuglevel\n"); + printf("\t-l or --logfile logfile Logfile to use instead of stdout\n"); printf("\t-h or --help Print this help message.\n"); - printf("\t-N or --nopass don't ask for a password\n"); - printf("\t-s or --conf configfile specify an alternative config file\n"); - printf("\t-U or --user username set the network username\n"); - printf("\t-W or --workgroup domain set the domain name for user account\n"); + printf("\t-N or --nopass Don't ask for a password\n"); + printf("\t-s or --conf configfile Specify an alternative config file\n"); + printf("\t-U or --user username Set the network username\n"); + printf("\t-W or --workgroup domain Set the domain name for user account\n"); + printf("\t-I or --dest-ip ip Specify destination IP address\n"); printf("\n"); } @@ -594,24 +595,23 @@ static void usage(void) int main(int argc, char *argv[]) { - extern char *optarg; - extern int optind; extern pstring global_myname; static int got_pass = 0; BOOL interactive = True; int opt; int olddebug; static char *cmdstr = ""; + const char *server; struct cli_state *cli; fstring password="", username="", - domain="", - server=""; + domain=""; static char *opt_authfile=NULL, *opt_username=NULL, *opt_domain=NULL, *opt_configfile=NULL, - *opt_logfile=NULL; + *opt_logfile=NULL, + *opt_ipaddr=NULL; static int opt_debuglevel; pstring logfile; struct cmd_set **cmd_set; @@ -633,7 +633,8 @@ static void usage(void) {"command", 'c', POPT_ARG_STRING, &cmdstr}, {"logfile", 'l', POPT_ARG_STRING, &opt_logfile, 'l'}, {"help", 'h', POPT_ARG_NONE, 0, 'h'}, - { 0, 0, 0, 0} + {"dest-ip", 'I', POPT_ARG_STRING, &opt_ipaddr, 'I'}, + { NULL } }; @@ -649,54 +650,53 @@ static void usage(void) return 0; } - if (strncmp("//", argv[1], 2) == 0 || strncmp("\\\\", argv[1], 2) == 0) - argv[1] += 2; - - pstrcpy(server, argv[1]); - - argv++; - argc--; - - pc = poptGetContext(NULL, argc, (const char **) argv, long_options, - POPT_CONTEXT_KEEP_FIRST); + pc = poptGetContext("rpcclient", argc, (const char **) argv, + long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch (opt) { case 'A': /* only get the username, password, and domain from the file */ - read_authfile (opt_authfile, username, - password, domain); + read_authfile (opt_authfile, username, password, domain); if (strlen (password)) got_pass = 1; break; - + case 'l': slprintf(logfile, sizeof(logfile) - 1, "%s.client", opt_logfile); lp_set_logfile(logfile); interactive = False; - break; - + break; + case 's': pstrcpy(dyn_CONFIGFILE, opt_configfile); break; - + case 'd': DEBUGLEVEL = opt_debuglevel; break; - + case 'U': { char *lp; + pstrcpy(username,opt_username); + if ((lp=strchr_m(username,'%'))) { *lp = 0; pstrcpy(password,lp+1); got_pass = 1; - memset(strchr_m(opt_username,'%')+1,'X',strlen(password)); + memset(strchr_m(opt_username,'%') + 1, 'X', + strlen(password)); } break; } - + case 'I': + if (!inet_aton(opt_ipaddr, &server_ip)) { + fprintf(stderr, "%s not a valid IP address\n", + opt_ipaddr); + return 1; + } case 'W': pstrcpy(domain, opt_domain); break; @@ -708,6 +708,16 @@ static void usage(void) } } + /* Get server as remaining unparsed argument. Print usage if more + than one unparsed argument is present. */ + + server = poptGetArg(pc); + + if (!server || poptGetArg(pc)) { + usage(); + return 1; + } + poptFreeContext(pc); /* the following functions are part of the Samba debugging @@ -731,7 +741,7 @@ static void usage(void) /* Resolve the IP address */ - if (!resolve_name(server, &server_ip, 0x20)) { + if (!opt_ipaddr && !resolve_name(server, &server_ip, 0x20)) { DEBUG(1,("Unable to resolve %s\n", server)); return 1; } @@ -755,7 +765,7 @@ static void usage(void) &server_ip, 0, "IPC$", "IPC", username, domain, - password, strlen(password)); + password, 0); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(1,("Cannot connect to server. Error was %s\n", nt_errstr(nt_status))); diff --git a/source3/rpcclient/samsync.c b/source3/rpcclient/samsync.c index 14f7ed89538..5b64cbc47d0 100644 --- a/source3/rpcclient/samsync.c +++ b/source3/rpcclient/samsync.c @@ -396,51 +396,19 @@ static void usage(void) printf("\n"); } -/* Initialise client credentials for authenticated pipe access */ - -void init_rpcclient_creds(struct ntuser_creds *creds, char* username, - char* domain, char* password) -{ - ZERO_STRUCTP(creds); - - if (lp_encrypted_passwords()) { - pwd_make_lm_nt_16(&creds->pwd, password); - } else { - pwd_set_cleartext(&creds->pwd, password); - } - - fstrcpy(creds->user_name, username); - fstrcpy(creds->domain, domain); - - if (! *username) { - creds->pwd.null_pwd = True; - } -} - /* Connect to primary domain controller */ -static struct cli_state *init_connection(struct cli_state *cli, +static struct cli_state *init_connection(struct cli_state **cli, char *username, char *domain, char *password) { - struct ntuser_creds creds; extern pstring global_myname; struct in_addr *dest_ip; - struct nmb_name calling, called; int count; fstring dest_host; /* Initialise cli_state information */ - ZERO_STRUCTP(cli); - - if (!cli_initialise(cli)) { - return NULL; - } - - init_rpcclient_creds(&creds, username, domain, password); - cli_init_creds(cli, &creds); - /* Look up name of PDC controller */ if (!get_dc_list(True, lp_workgroup(), &dest_ip, &count)) { @@ -456,20 +424,15 @@ static struct cli_state *init_connection(struct cli_state *cli, return NULL; } - get_myname((*global_myname)?NULL:global_myname); - strupper(global_myname); - - make_nmb_name(&called, dns_to_netbios_name(dest_host), 0x20); - make_nmb_name(&calling, dns_to_netbios_name(global_myname), 0); - - /* Establish a SMB connection */ - - if (!cli_establish_connection(cli, dest_host, dest_ip, &calling, - &called, "IPC$", "IPC", False, True)) { + if (NT_STATUS_IS_OK(cli_full_connection(cli, global_myname, dest_host, + dest_ip, 0, + "IPC$", "IPC", + username, domain, + password, 0))) { + return *cli; + } else { return NULL; } - - return cli; } /* Main function */ @@ -477,7 +440,7 @@ static struct cli_state *init_connection(struct cli_state *cli, int main(int argc, char **argv) { BOOL do_sam_sync = False, do_sam_repl = False; - struct cli_state cli; + struct cli_state *cli; NTSTATUS result; int opt; pstring logfile; @@ -605,10 +568,10 @@ static struct cli_state *init_connection(struct cli_state *cli, return 1; if (do_sam_sync) - result = sam_sync(&cli, trust_passwd, do_smbpasswd_output, verbose); + result = sam_sync(cli, trust_passwd, do_smbpasswd_output, verbose); if (do_sam_repl) - result = sam_repl(&cli, trust_passwd, low_serial); + result = sam_repl(cli, trust_passwd, low_serial); if (!NT_STATUS_IS_OK(result)) { DEBUG(0, ("%s\n", nt_errstr(result))); diff --git a/source3/script/.cvsignore b/source3/script/.cvsignore index e69de29bb2d..7a8114ecd73 100644 --- a/source3/script/.cvsignore +++ b/source3/script/.cvsignore @@ -0,0 +1 @@ +findsmb diff --git a/source3/script/mkproto.awk b/source3/script/mkproto.awk index 9b0aa360bcc..c701ed41cda 100644 --- a/source3/script/mkproto.awk +++ b/source3/script/mkproto.awk @@ -72,6 +72,11 @@ END { printf "char *%s(int );\n", a[2] } +/^FN_LOCAL_CONST_STRING/ { + split($0,a,"[,()]") + printf "const char *%s(int );\n", a[2] +} + /^FN_LOCAL_INT/ { split($0,a,"[,()]") printf "int %s(int );\n", a[2] @@ -97,6 +102,11 @@ END { printf "char *%s(void);\n", a[2] } +/^FN_GLOBAL_CONST_STRING/ { + split($0,a,"[,()]") + printf "const char *%s(void);\n", a[2] +} + /^FN_GLOBAL_INT/ { split($0,a,"[,()]") printf "int %s(void);\n", a[2] diff --git a/source3/smbd/build_options.c b/source3/smbd/build_options.c index 1d18f534b13..f52c53dda53 100644 --- a/source3/smbd/build_options.c +++ b/source3/smbd/build_options.c @@ -89,6 +89,12 @@ void build_options(BOOL screen) #ifdef HAVE_KRB5 output(screen," HAVE_KRB5"); #endif +#ifdef HAVE_GSSAPI + output(screen," HAVE_GSSAPI"); +#endif +#ifdef HAVE_LDAP + output(screen," HAVE_LDAP"); +#endif #ifdef WITH_AUTOMOUNT output(screen," WITH_AUTOMOUNT\n"); #endif @@ -101,9 +107,6 @@ void build_options(BOOL screen) #ifdef WITH_TDB_SAM output(screen," WITH_TDB_SAM\n"); #endif -#ifdef WITH_LDAP_SAM - output(screen," WITH_LDAP_SAM\n"); -#endif #ifdef WITH_SMBPASSWD_SAM output(screen," WITH_SMBPASSWD_SAM\n"); #endif @@ -113,12 +116,6 @@ void build_options(BOOL screen) #ifdef WITH_NISPLUS_HOME output(screen," WITH_NISPLUS_HOME\n"); #endif -#ifdef WITH_SSL - output(screen," WITH_SSL\n"); -#endif -#ifdef SSL_DIR - output(screen," SSL_DIR: %s\n",SSL_DIR); -#endif #ifdef WITH_SYSLOG output(screen," WITH_SYSLOG\n"); #endif @@ -220,8 +217,17 @@ void build_options(BOOL screen) #ifdef HAVE_CUPS_LANGUAGE_H output(screen," HAVE_CUPS_LANGUAGE_H\n"); #endif -#ifdef HAVE_LIBDL - output(screen," HAVE_LIBDL\n"); +#ifdef HAVE_DLOPEN + output(screen," HAVE_DLOPEN\n"); +#endif +#ifdef HAVE_DLCLOSE + output(screen," HAVE_DLCLOSE\n"); +#endif +#ifdef HAVE_DLSYM + output(screen," HAVE_DLSYM\n"); +#endif +#ifdef HAVE_DLERROR + output(screen," HAVE_DLERROR\n"); #endif #ifdef HAVE_UNIXSOCKET output(screen," HAVE_UNIXSOCKET\n"); diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c index 0d80d5718fa..0c468699b4c 100644 --- a/source3/smbd/change_trust_pw.c +++ b/source3/smbd/change_trust_pw.c @@ -35,7 +35,6 @@ static NTSTATUS modify_trust_password( char *domain, char *remote_machine, { struct cli_state *cli; DOM_SID domain_sid; - struct in_addr dest_ip; NTSTATUS nt_status; /* @@ -43,17 +42,12 @@ static NTSTATUS modify_trust_password( char *domain, char *remote_machine, */ if (!secrets_fetch_domain_sid(domain, &domain_sid)) { - DEBUG(0, ("domain_client_validate: unable to fetch domain sid.\n")); + DEBUG(0, ("modify_trust_password: unable to fetch domain sid.\n")); return NT_STATUS_UNSUCCESSFUL; } - if(!resolve_name( remote_machine, &dest_ip, 0x20)) { - DEBUG(0,("modify_trust_password: Can't resolve address for %s\n", remote_machine)); - return NT_STATUS_UNSUCCESSFUL; - } - if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname, remote_machine, - &dest_ip, 0, + NULL, 0, "IPC$", "IPC", "", "", "", 0))) { diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c index eed535cf117..68871deb90c 100644 --- a/source3/smbd/chgpasswd.c +++ b/source3/smbd/chgpasswd.c @@ -472,6 +472,10 @@ BOOL chgpasswd(const char *name, const char *oldpass, const char *newpass, BOOL struct passwd *pass; + if (!name) { + DEBUG(1, ("NULL username specfied to chgpasswd()!\n")); + } + DEBUG(3, ("Password change for user: %s\n", name)); #if DEBUG_PASSWORD diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c index f552d4a2243..c0aa4470160 100644 --- a/source3/smbd/conn.c +++ b/source3/smbd/conn.c @@ -166,7 +166,7 @@ void conn_free(connection_struct *conn) if (conn->dl_handle != NULL) { /* Close dlopen() handle */ - dlclose(conn->dl_handle); + sys_dlclose(conn->dl_handle); } DLIST_REMOVE(Connections, conn); diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c index f56e0e9ef00..7dd425ef8a5 100644 --- a/source3/smbd/dir.c +++ b/source3/smbd/dir.c @@ -558,6 +558,12 @@ BOOL dir_check_ftype(connection_struct *conn,int mode,SMB_STRUCT_STAT *st,int di return True; } +static BOOL mangle_mask_match(connection_struct *conn, char *filename, char *mask) +{ + mangle_map(filename,True,False,SNUM(conn)); + return mask_match(filename,mask,False); +} + /**************************************************************************** Get an 8.3 directory entry. ****************************************************************************/ @@ -603,8 +609,7 @@ BOOL get_dir_entry(connection_struct *conn,char *mask,int dirtype,char *fname, */ if ((strcmp(mask,"*.*") == 0) || mask_match(filename,mask,False) || - (mangle_map(filename,True,False,SNUM(conn)) && - mask_match(filename,mask,False))) + mangle_mask_match(conn,filename,mask)) { if (isrootdir && (strequal(filename,"..") || strequal(filename,"."))) continue; @@ -680,7 +685,15 @@ static BOOL user_can_read_file(connection_struct *conn, char *name) ZERO_STRUCT(ste); - /* if we can't stat it does not show it */ + /* + * If user is a member of the Admin group + * we never hide files from them. + */ + + if (conn->admin_user) + return True; + + /* If we can't stat it does not show it */ if (vfs_stat(conn, name, &ste) != 0) return False; @@ -714,73 +727,80 @@ static BOOL user_can_read_file(connection_struct *conn, char *name) void *OpenDir(connection_struct *conn, char *name, BOOL use_veto) { - Dir *dirp; - char *n; - DIR *p = conn->vfs_ops.opendir(conn,name); - int used=0; - - if (!p) return(NULL); - dirp = (Dir *)malloc(sizeof(Dir)); - if (!dirp) { - DEBUG(0,("Out of memory in OpenDir\n")); - conn->vfs_ops.closedir(conn,p); - return(NULL); - } - dirp->pos = dirp->numentries = dirp->mallocsize = 0; - dirp->data = dirp->current = NULL; - - while (True) - { - int l; - - if (used == 0) { - n = "."; - } else if (used == 2) { - n = ".."; - } else { - n = vfs_readdirname(conn, p); - if (n == NULL) - break; - if ((strcmp(".",n) == 0) ||(strcmp("..",n) == 0)) - continue; - } - - l = strlen(n)+1; - - /* If it's a vetoed file, pretend it doesn't even exist */ - if (use_veto && conn && IS_VETO_PATH(conn, n)) continue; - - /* Honour _hide unreadable_ option */ - if (conn && lp_hideunreadable(SNUM(conn))) { - char *entry; - int ret=0; + Dir *dirp; + char *n; + DIR *p = conn->vfs_ops.opendir(conn,name); + int used=0; + + if (!p) + return(NULL); + dirp = (Dir *)malloc(sizeof(Dir)); + if (!dirp) { + DEBUG(0,("Out of memory in OpenDir\n")); + conn->vfs_ops.closedir(conn,p); + return(NULL); + } + dirp->pos = dirp->numentries = dirp->mallocsize = 0; + dirp->data = dirp->current = NULL; + + while (True) { + int l; + BOOL normal_entry = True; + + if (used == 0) { + n = "."; + normal_entry = False; + } else if (used == 2) { + n = ".."; + normal_entry = False; + } else { + n = vfs_readdirname(conn, p); + if (n == NULL) + break; + if ((strcmp(".",n) == 0) ||(strcmp("..",n) == 0)) + continue; + normal_entry = True; + } + + l = strlen(n)+1; + + /* If it's a vetoed file, pretend it doesn't even exist */ + if (normal_entry && use_veto && conn && IS_VETO_PATH(conn, n)) + continue; + + /* Honour _hide unreadable_ option */ + if (normal_entry && conn && lp_hideunreadable(SNUM(conn))) { + char *entry; + int ret=0; - if (asprintf(&entry, "%s/%s/%s", conn->origpath, name, n) > 0) { - ret = user_can_read_file(conn, entry); - SAFE_FREE(entry); - } - if (!ret) continue; - } - - if (used + l > dirp->mallocsize) { - int s = MAX(used+l,used+2000); - char *r; - r = (char *)Realloc(dirp->data,s); - if (!r) { - DEBUG(0,("Out of memory in OpenDir\n")); - break; - } - dirp->data = r; - dirp->mallocsize = s; - dirp->current = dirp->data; - } - pstrcpy(dirp->data+used,n); - used += l; - dirp->numentries++; - } + if (asprintf(&entry, "%s/%s/%s", conn->origpath, name, n) > 0) { + ret = user_can_read_file(conn, entry); + SAFE_FREE(entry); + } + if (!ret) + continue; + } + + if (used + l > dirp->mallocsize) { + int s = MAX(used+l,used+2000); + char *r; + r = (char *)Realloc(dirp->data,s); + if (!r) { + DEBUG(0,("Out of memory in OpenDir\n")); + break; + } + dirp->data = r; + dirp->mallocsize = s; + dirp->current = dirp->data; + } + + pstrcpy(dirp->data+used,n); + used += l; + dirp->numentries++; + } - conn->vfs_ops.closedir(conn,p); - return((void *)dirp); + conn->vfs_ops.closedir(conn,p); + return((void *)dirp); } diff --git a/source3/smbd/fileio.c b/source3/smbd/fileio.c index addbcb0b3ca..710ba396d8d 100644 --- a/source3/smbd/fileio.c +++ b/source3/smbd/fileio.c @@ -1,7 +1,9 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 1.9. read/write to a files_struct Copyright (C) Andrew Tridgell 1992-1998 + Copyright (C) Jeremy Allison 2000-2002. - write cache. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -23,31 +25,32 @@ static BOOL setup_write_cache(files_struct *, SMB_OFF_T); /**************************************************************************** -seek a file. Try to avoid the seek if possible + Seek a file. Try to avoid the seek if possible. ****************************************************************************/ -SMB_OFF_T seek_file(files_struct *fsp,SMB_OFF_T pos) +static SMB_OFF_T seek_file(files_struct *fsp,SMB_OFF_T pos) { - SMB_OFF_T offset = 0; - SMB_OFF_T seek_ret; + SMB_OFF_T offset = 0; + SMB_OFF_T seek_ret; - if (fsp->print_file && lp_postscript(fsp->conn->service)) - offset = 3; + if (fsp->print_file && lp_postscript(fsp->conn->service)) + offset = 3; - seek_ret = fsp->conn->vfs_ops.lseek(fsp,fsp->fd,pos+offset,SEEK_SET); + seek_ret = fsp->conn->vfs_ops.lseek(fsp,fsp->fd,pos+offset,SEEK_SET); - if(seek_ret == -1) { - DEBUG(0,("seek_file: sys_lseek failed. Error was %s\n", strerror(errno) )); - fsp->pos = -1; - return -1; - } + if(seek_ret == -1) { + DEBUG(0,("seek_file: (%s) sys_lseek failed. Error was %s\n", + fsp->fsp_name, strerror(errno) )); + fsp->pos = -1; + return -1; + } - fsp->pos = seek_ret - offset; + fsp->pos = seek_ret - offset; - DEBUG(10,("seek_file: requested pos = %.0f, new pos = %.0f\n", - (double)(pos+offset), (double)fsp->pos )); + DEBUG(10,("seek_file (%s): requested pos = %.0f, new pos = %.0f\n", + fsp->fsp_name, (double)(pos+offset), (double)fsp->pos )); - return(fsp->pos); + return(fsp->pos); } /**************************************************************************** @@ -55,25 +58,25 @@ SMB_OFF_T seek_file(files_struct *fsp,SMB_OFF_T pos) ****************************************************************************/ -BOOL read_from_write_cache(files_struct *fsp,char *data,SMB_OFF_T pos,size_t n) +static BOOL read_from_write_cache(files_struct *fsp,char *data,SMB_OFF_T pos,size_t n) { - write_cache *wcp = fsp->wcp; + write_cache *wcp = fsp->wcp; - if(!wcp) - return False; + if(!wcp) + return False; - if(n > wcp->data_size || pos < wcp->offset || pos + n > wcp->offset + wcp->data_size) - return False; + if(n > wcp->data_size || pos < wcp->offset || pos + n > wcp->offset + wcp->data_size) + return False; - memcpy(data, wcp->data + (pos - wcp->offset), n); + memcpy(data, wcp->data + (pos - wcp->offset), n); - DO_PROFILE_INC(writecache_read_hits); + DO_PROFILE_INC(writecache_read_hits); - return True; + return True; } /**************************************************************************** -read from a file + Read from a file. ****************************************************************************/ ssize_t read_file(files_struct *fsp,char *data,SMB_OFF_T pos,size_t n) @@ -121,6 +124,9 @@ tryagain: ret += readret; } + DEBUG(10,("read_file (%s): pos = %.0f, size = %lu, returned %lu\n", + fsp->fsp_name, (double)pos, (unsigned long)n, (long)ret )); + return(ret); } @@ -133,10 +139,17 @@ static unsigned int allocated_write_caches; static ssize_t real_write_file(files_struct *fsp,char *data,SMB_OFF_T pos, size_t n) { - if ((pos != -1) && (seek_file(fsp,pos) == -1)) - return -1; + ssize_t ret; + + if ((pos != -1) && (seek_file(fsp,pos) == -1)) + return -1; + + ret = vfs_write_data(fsp,data,n); + + DEBUG(10,("real_write_file (%s): pos = %.0f, size = %lu, returned %ld\n", + fsp->fsp_name, (double)pos, (unsigned long)n, (long)ret )); - return vfs_write_data(fsp,data,n); + return ret; } /**************************************************************************** @@ -145,367 +158,365 @@ write to a file ssize_t write_file(files_struct *fsp, char *data, SMB_OFF_T pos, size_t n) { - write_cache *wcp = fsp->wcp; - ssize_t total_written = 0; - int write_path = -1; - - if (fsp->print_file) { - return print_job_write(fsp->print_jobid, data, n); - } - - if (!fsp->can_write) { - errno = EPERM; - return(0); - } - - if (!fsp->modified) { - SMB_STRUCT_STAT st; - fsp->modified = True; - - if (fsp->conn->vfs_ops.fstat(fsp,fsp->fd,&st) == 0) { - int dosmode = dos_mode(fsp->conn,fsp->fsp_name,&st); - fsp->size = st.st_size; - if (MAP_ARCHIVE(fsp->conn) && !IS_DOS_ARCHIVE(dosmode)) { - file_chmod(fsp->conn,fsp->fsp_name,dosmode | aARCH,&st); - } - - /* - * If this is the first write and we have an exclusive oplock then setup - * the write cache. - */ - - if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type) && !wcp) { - setup_write_cache(fsp, st.st_size); - wcp = fsp->wcp; - } - } - } + write_cache *wcp = fsp->wcp; + ssize_t total_written = 0; + int write_path = -1; + + if (fsp->print_file) + return print_job_write(fsp->print_jobid, data, n); + + if (!fsp->can_write) { + errno = EPERM; + return(0); + } + + if (!fsp->modified) { + SMB_STRUCT_STAT st; + fsp->modified = True; + + if (fsp->conn->vfs_ops.fstat(fsp,fsp->fd,&st) == 0) { + int dosmode = dos_mode(fsp->conn,fsp->fsp_name,&st); + fsp->size = st.st_size; + if (MAP_ARCHIVE(fsp->conn) && !IS_DOS_ARCHIVE(dosmode)) + file_chmod(fsp->conn,fsp->fsp_name,dosmode | aARCH,&st); + + /* + * If this is the first write and we have an exclusive oplock then setup + * the write cache. + */ + + if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type) && !wcp) { + setup_write_cache(fsp, st.st_size); + wcp = fsp->wcp; + } + } + } #ifdef WITH_PROFILE - DO_PROFILE_INC(writecache_total_writes); - if (!fsp->oplock_type) { - DO_PROFILE_INC(writecache_non_oplock_writes); - } + DO_PROFILE_INC(writecache_total_writes); + if (!fsp->oplock_type) { + DO_PROFILE_INC(writecache_non_oplock_writes); + } #endif - /* - * If this file is level II oplocked then we need - * to grab the shared memory lock and inform all - * other files with a level II lock that they need - * to flush their read caches. We keep the lock over - * the shared memory area whilst doing this. - */ + /* + * If this file is level II oplocked then we need + * to grab the shared memory lock and inform all + * other files with a level II lock that they need + * to flush their read caches. We keep the lock over + * the shared memory area whilst doing this. + */ - release_level_2_oplocks_on_change(fsp); + release_level_2_oplocks_on_change(fsp); #ifdef WITH_PROFILE - if (profile_p && profile_p->writecache_total_writes % 500 == 0) { - DEBUG(3,("WRITECACHE: initwrites=%u abutted=%u total=%u \ + if (profile_p && profile_p->writecache_total_writes % 500 == 0) { + DEBUG(3,("WRITECACHE: initwrites=%u abutted=%u total=%u \ nonop=%u allocated=%u active=%u direct=%u perfect=%u readhits=%u\n", - profile_p->writecache_init_writes, - profile_p->writecache_abutted_writes, - profile_p->writecache_total_writes, - profile_p->writecache_non_oplock_writes, - profile_p->writecache_allocated_write_caches, - profile_p->writecache_num_write_caches, - profile_p->writecache_direct_writes, - profile_p->writecache_num_perfect_writes, - profile_p->writecache_read_hits )); - - DEBUG(3,("WRITECACHE: Flushes SEEK=%d, READ=%d, WRITE=%d, READRAW=%d, OPLOCK=%d, CLOSE=%d, SYNC=%d\n", - profile_p->writecache_flushed_writes[SEEK_FLUSH], - profile_p->writecache_flushed_writes[READ_FLUSH], - profile_p->writecache_flushed_writes[WRITE_FLUSH], - profile_p->writecache_flushed_writes[READRAW_FLUSH], - profile_p->writecache_flushed_writes[OPLOCK_RELEASE_FLUSH], - profile_p->writecache_flushed_writes[CLOSE_FLUSH], - profile_p->writecache_flushed_writes[SYNC_FLUSH] )); - } + profile_p->writecache_init_writes, + profile_p->writecache_abutted_writes, + profile_p->writecache_total_writes, + profile_p->writecache_non_oplock_writes, + profile_p->writecache_allocated_write_caches, + profile_p->writecache_num_write_caches, + profile_p->writecache_direct_writes, + profile_p->writecache_num_perfect_writes, + profile_p->writecache_read_hits )); + + DEBUG(3,("WRITECACHE: Flushes SEEK=%d, READ=%d, WRITE=%d, READRAW=%d, OPLOCK=%d, CLOSE=%d, SYNC=%d\n", + profile_p->writecache_flushed_writes[SEEK_FLUSH], + profile_p->writecache_flushed_writes[READ_FLUSH], + profile_p->writecache_flushed_writes[WRITE_FLUSH], + profile_p->writecache_flushed_writes[READRAW_FLUSH], + profile_p->writecache_flushed_writes[OPLOCK_RELEASE_FLUSH], + profile_p->writecache_flushed_writes[CLOSE_FLUSH], + profile_p->writecache_flushed_writes[SYNC_FLUSH] )); + } #endif - if(!wcp) { - DO_PROFILE_INC(writecache_direct_writes); - total_written = real_write_file(fsp, data, pos, n); - if ((total_written != -1) && (pos + total_written > fsp->size)) - fsp->size = pos + total_written; - return total_written; - } + if(!wcp) { + DO_PROFILE_INC(writecache_direct_writes); + total_written = real_write_file(fsp, data, pos, n); + if ((total_written != -1) && (pos + total_written > fsp->size)) + fsp->size = pos + total_written; + return total_written; + } - DEBUG(9,("write_file(fd=%d pos=%.0f size=%u) wcp->offset=%.0f wcp->data_size=%u\n", - fsp->fd, (double)pos, (unsigned int)n, (double)wcp->offset, (unsigned int)wcp->data_size)); + DEBUG(9,("write_file (%s)(fd=%d pos=%.0f size=%u) wcp->offset=%.0f wcp->data_size=%u\n", + fsp->fsp_name, fsp->fd, (double)pos, (unsigned int)n, (double)wcp->offset, (unsigned int)wcp->data_size)); - /* - * If we have active cache and it isn't contiguous then we flush. - * NOTE: There is a small problem with running out of disk .... - */ + /* + * If we have active cache and it isn't contiguous then we flush. + * NOTE: There is a small problem with running out of disk .... + */ - if (wcp->data_size) { + if (wcp->data_size) { - BOOL cache_flush_needed = False; + BOOL cache_flush_needed = False; - if ((pos >= wcp->offset) && (pos <= wcp->offset + wcp->data_size)) { + if ((pos >= wcp->offset) && (pos <= wcp->offset + wcp->data_size)) { - /* - * Start of write overlaps or abutts the existing data. - */ + /* + * Start of write overlaps or abutts the existing data. + */ - size_t data_used = MIN((wcp->alloc_size - (pos - wcp->offset)), n); + size_t data_used = MIN((wcp->alloc_size - (pos - wcp->offset)), n); - memcpy(wcp->data + (pos - wcp->offset), data, data_used); + memcpy(wcp->data + (pos - wcp->offset), data, data_used); - /* - * Update the current buffer size with the new data. - */ + /* + * Update the current buffer size with the new data. + */ - if(pos + data_used > wcp->offset + wcp->data_size) - wcp->data_size = pos + data_used - wcp->offset; + if(pos + data_used > wcp->offset + wcp->data_size) + wcp->data_size = pos + data_used - wcp->offset; - /* - * Update the file size if changed. - */ + /* + * Update the file size if changed. + */ - if (wcp->offset + wcp->data_size > wcp->file_size) - fsp->size = wcp->file_size = wcp->offset + wcp->data_size; + if (wcp->offset + wcp->data_size > wcp->file_size) + fsp->size = wcp->file_size = wcp->offset + wcp->data_size; - /* - * If we used all the data then - * return here. - */ + /* + * If we used all the data then + * return here. + */ - if(n == data_used) - return n; - else - cache_flush_needed = True; + if(n == data_used) + return n; + else + cache_flush_needed = True; - /* - * Move the start of data forward by the amount used, - * cut down the amount left by the same amount. - */ + /* + * Move the start of data forward by the amount used, + * cut down the amount left by the same amount. + */ - data += data_used; - pos += data_used; - n -= data_used; + data += data_used; + pos += data_used; + n -= data_used; - DO_PROFILE_INC(writecache_abutted_writes); - total_written = data_used; + DO_PROFILE_INC(writecache_abutted_writes); + total_written = data_used; - write_path = 1; + write_path = 1; - } else if ((pos < wcp->offset) && (pos + n > wcp->offset) && - (pos + n <= wcp->offset + wcp->alloc_size)) { + } else if ((pos < wcp->offset) && (pos + n > wcp->offset) && + (pos + n <= wcp->offset + wcp->alloc_size)) { - /* - * End of write overlaps the existing data. - */ + /* + * End of write overlaps the existing data. + */ - size_t data_used = pos + n - wcp->offset; + size_t data_used = pos + n - wcp->offset; - memcpy(wcp->data, data + n - data_used, data_used); + memcpy(wcp->data, data + n - data_used, data_used); - /* - * Update the current buffer size with the new data. - */ + /* + * Update the current buffer size with the new data. + */ - if(pos + n > wcp->offset + wcp->data_size) - wcp->data_size = pos + n - wcp->offset; + if(pos + n > wcp->offset + wcp->data_size) + wcp->data_size = pos + n - wcp->offset; - /* - * Update the file size if changed. - */ + /* + * Update the file size if changed. + */ - if (wcp->offset + wcp->data_size > wcp->file_size) - fsp->size = wcp->file_size = wcp->offset + wcp->data_size; + if (wcp->offset + wcp->data_size > wcp->file_size) + fsp->size = wcp->file_size = wcp->offset + wcp->data_size; - /* - * We don't need to move the start of data, but we - * cut down the amount left by the amount used. - */ + /* + * We don't need to move the start of data, but we + * cut down the amount left by the amount used. + */ - n -= data_used; + n -= data_used; - /* - * We cannot have used all the data here. - */ + /* + * We cannot have used all the data here. + */ - cache_flush_needed = True; + cache_flush_needed = True; - DO_PROFILE_INC(writecache_abutted_writes); - total_written = data_used; + DO_PROFILE_INC(writecache_abutted_writes); + total_written = data_used; - write_path = 2; + write_path = 2; - } else if ( (pos >= wcp->file_size) && - (wcp->offset + wcp->data_size == wcp->file_size) && - (pos > wcp->offset + wcp->data_size) && - (pos < wcp->offset + wcp->alloc_size) ) { + } else if ( (pos >= wcp->file_size) && + (wcp->offset + wcp->data_size == wcp->file_size) && + (pos > wcp->offset + wcp->data_size) && + (pos < wcp->offset + wcp->alloc_size) ) { - /* - * Non-contiguous write part of which fits within - * the cache buffer and is extending the file - * and the cache contents reflect the current - * data up to the current end of the file. - */ + /* + * Non-contiguous write part of which fits within + * the cache buffer and is extending the file + * and the cache contents reflect the current + * data up to the current end of the file. + */ - size_t data_used; + size_t data_used; - if(pos + n <= wcp->offset + wcp->alloc_size) - data_used = n; - else - data_used = wcp->offset + wcp->alloc_size - pos; + if(pos + n <= wcp->offset + wcp->alloc_size) + data_used = n; + else + data_used = wcp->offset + wcp->alloc_size - pos; - /* - * Fill in the non-continuous area with zeros. - */ + /* + * Fill in the non-continuous area with zeros. + */ - memset(wcp->data + wcp->data_size, '\0', - pos - (wcp->offset + wcp->data_size) ); + memset(wcp->data + wcp->data_size, '\0', + pos - (wcp->offset + wcp->data_size) ); - memcpy(wcp->data + (pos - wcp->offset), data, data_used); + memcpy(wcp->data + (pos - wcp->offset), data, data_used); - /* - * Update the current buffer size with the new data. - */ + /* + * Update the current buffer size with the new data. + */ - if(pos + data_used > wcp->offset + wcp->data_size) - wcp->data_size = pos + data_used - wcp->offset; + if(pos + data_used > wcp->offset + wcp->data_size) + wcp->data_size = pos + data_used - wcp->offset; - /* - * Update the file size if changed. - */ + /* + * Update the file size if changed. + */ - if (wcp->offset + wcp->data_size > wcp->file_size) - fsp->size = wcp->file_size = wcp->offset + wcp->data_size; + if (wcp->offset + wcp->data_size > wcp->file_size) + fsp->size = wcp->file_size = wcp->offset + wcp->data_size; - /* - * If we used all the data then - * return here. - */ + /* + * If we used all the data then + * return here. + */ - if(n == data_used) - return n; - else - cache_flush_needed = True; + if(n == data_used) + return n; + else + cache_flush_needed = True; - /* - * Move the start of data forward by the amount used, - * cut down the amount left by the same amount. - */ + /* + * Move the start of data forward by the amount used, + * cut down the amount left by the same amount. + */ - data += data_used; - pos += data_used; - n -= data_used; + data += data_used; + pos += data_used; + n -= data_used; - DO_PROFILE_INC(writecache_abutted_writes); - total_written = data_used; + DO_PROFILE_INC(writecache_abutted_writes); + total_written = data_used; - write_path = 3; + write_path = 3; - } else { + } else { - /* - * Write is bigger than buffer, or there is no overlap on the - * low or high ends. - */ + /* + * Write is bigger than buffer, or there is no overlap on the + * low or high ends. + */ - DEBUG(9,("write_file: non cacheable write : fd = %d, pos = %.0f, len = %u, current cache pos = %.0f \ + DEBUG(9,("write_file: non cacheable write : fd = %d, pos = %.0f, len = %u, current cache pos = %.0f \ len = %u\n",fsp->fd, (double)pos, (unsigned int)n, (double)wcp->offset, (unsigned int)wcp->data_size )); - /* - * Update the file size if needed. - */ + /* + * Update the file size if needed. + */ - if(pos + n > wcp->file_size) - fsp->size = wcp->file_size = pos + n; + if(pos + n > wcp->file_size) + fsp->size = wcp->file_size = pos + n; - /* - * If write would fit in the cache, and is larger than - * the data already in the cache, flush the cache and - * preferentially copy the data new data into it. Otherwise - * just write the data directly. - */ + /* + * If write would fit in the cache, and is larger than + * the data already in the cache, flush the cache and + * preferentially copy the data new data into it. Otherwise + * just write the data directly. + */ - if ( n <= wcp->alloc_size && n > wcp->data_size) { - cache_flush_needed = True; - } else { - ssize_t ret = real_write_file(fsp, data, pos, n); + if ( n <= wcp->alloc_size && n > wcp->data_size) { + cache_flush_needed = True; + } else { + ssize_t ret = real_write_file(fsp, data, pos, n); - DO_PROFILE_INC(writecache_direct_writes); - if (ret == -1) - return ret; + DO_PROFILE_INC(writecache_direct_writes); + if (ret == -1) + return ret; - if (pos + ret > wcp->file_size) - fsp->size = wcp->file_size = pos + ret; + if (pos + ret > wcp->file_size) + fsp->size = wcp->file_size = pos + ret; - return ret; - } + return ret; + } - write_path = 4; + write_path = 4; - } + } - if(wcp->data_size > wcp->file_size) - fsp->size = wcp->file_size = wcp->data_size; + if(wcp->data_size > wcp->file_size) + fsp->size = wcp->file_size = wcp->data_size; - if (cache_flush_needed) { - DEBUG(3,("WRITE_FLUSH:%d: due to noncontinuous write: fd = %d, size = %.0f, pos = %.0f, \ + if (cache_flush_needed) { + DEBUG(3,("WRITE_FLUSH:%d: due to noncontinuous write: fd = %d, size = %.0f, pos = %.0f, \ n = %u, wcp->offset=%.0f, wcp->data_size=%u\n", - write_path, fsp->fd, (double)wcp->file_size, (double)pos, (unsigned int)n, - (double)wcp->offset, (unsigned int)wcp->data_size )); + write_path, fsp->fd, (double)wcp->file_size, (double)pos, (unsigned int)n, + (double)wcp->offset, (unsigned int)wcp->data_size )); - flush_write_cache(fsp, WRITE_FLUSH); - } - } + flush_write_cache(fsp, WRITE_FLUSH); + } + } - /* - * If the write request is bigger than the cache - * size, write it all out. - */ + /* + * If the write request is bigger than the cache + * size, write it all out. + */ - if (n > wcp->alloc_size ) { - ssize_t ret = real_write_file(fsp, data, pos, n); - if (ret == -1) - return -1; + if (n > wcp->alloc_size ) { + ssize_t ret = real_write_file(fsp, data, pos, n); + if (ret == -1) + return -1; - if (pos + ret > wcp->file_size) - fsp->size = wcp->file_size = pos + n; + if (pos + ret > wcp->file_size) + fsp->size = wcp->file_size = pos + n; - DO_PROFILE_INC(writecache_direct_writes); - return total_written + n; - } + DO_PROFILE_INC(writecache_direct_writes); + return total_written + n; + } - /* - * If there's any data left, cache it. - */ + /* + * If there's any data left, cache it. + */ - if (n) { + if (n) { #ifdef WITH_PROFILE - if (wcp->data_size) { - DO_PROFILE_INC(writecache_abutted_writes); - } else { - DO_PROFILE_INC(writecache_init_writes); - } + if (wcp->data_size) { + DO_PROFILE_INC(writecache_abutted_writes); + } else { + DO_PROFILE_INC(writecache_init_writes); + } #endif - memcpy(wcp->data+wcp->data_size, data, n); - if (wcp->data_size == 0) { - wcp->offset = pos; - DO_PROFILE_INC(writecache_num_write_caches); - } - wcp->data_size += n; - - /* - * Update the file size if changed. - */ - - if (wcp->offset + wcp->data_size > wcp->file_size) - fsp->size = wcp->file_size = wcp->offset + wcp->data_size; - DEBUG(9,("wcp->offset = %.0f wcp->data_size = %u cache return %u\n", - (double)wcp->offset, (unsigned int)wcp->data_size, (unsigned int)n)); - - total_written += n; - return total_written; /* .... that's a write :) */ - } + memcpy(wcp->data+wcp->data_size, data, n); + if (wcp->data_size == 0) { + wcp->offset = pos; + DO_PROFILE_INC(writecache_num_write_caches); + } + wcp->data_size += n; + + /* + * Update the file size if changed. + */ + + if (wcp->offset + wcp->data_size > wcp->file_size) + fsp->size = wcp->file_size = wcp->offset + wcp->data_size; + DEBUG(9,("wcp->offset = %.0f wcp->data_size = %u cache return %u\n", + (double)wcp->offset, (unsigned int)wcp->data_size, (unsigned int)n)); + + total_written += n; + return total_written; /* .... that's a write :) */ + } - return total_written; + return total_written; } /**************************************************************************** @@ -514,24 +525,23 @@ n = %u, wcp->offset=%.0f, wcp->data_size=%u\n", void delete_write_cache(files_struct *fsp) { - write_cache *wcp; - - if(!fsp) - return; + write_cache *wcp; - if(!(wcp = fsp->wcp)) - return; + if(!fsp) + return; - DO_PROFILE_DEC(writecache_allocated_write_caches); - allocated_write_caches--; + if(!(wcp = fsp->wcp)) + return; - SMB_ASSERT(wcp->data_size == 0); + DO_PROFILE_DEC(writecache_allocated_write_caches); + allocated_write_caches--; - SAFE_FREE(wcp->data); - SAFE_FREE(fsp->wcp); + SMB_ASSERT(wcp->data_size == 0); - DEBUG(10,("delete_write_cache: File %s deleted write cache\n", fsp->fsp_name )); + SAFE_FREE(wcp->data); + SAFE_FREE(fsp->wcp); + DEBUG(10,("delete_write_cache: File %s deleted write cache\n", fsp->fsp_name )); } /**************************************************************************** @@ -540,41 +550,41 @@ void delete_write_cache(files_struct *fsp) static BOOL setup_write_cache(files_struct *fsp, SMB_OFF_T file_size) { - ssize_t alloc_size = lp_write_cache_size(SNUM(fsp->conn)); - write_cache *wcp; - - if (allocated_write_caches >= MAX_WRITE_CACHES) - return False; - - if(alloc_size == 0 || fsp->wcp) - return False; - - if((wcp = (write_cache *)malloc(sizeof(write_cache))) == NULL) { - DEBUG(0,("setup_write_cache: malloc fail.\n")); - return False; - } - - wcp->file_size = file_size; - wcp->offset = 0; - wcp->alloc_size = alloc_size; - wcp->data_size = 0; - if((wcp->data = malloc(wcp->alloc_size)) == NULL) { - DEBUG(0,("setup_write_cache: malloc fail for buffer size %u.\n", - (unsigned int)wcp->alloc_size )); - SAFE_FREE(wcp); - return False; - } - - memset(wcp->data, '\0', wcp->alloc_size ); - - fsp->wcp = wcp; - DO_PROFILE_INC(writecache_allocated_write_caches); - allocated_write_caches++; - - DEBUG(10,("setup_write_cache: File %s allocated write cache size %u\n", + ssize_t alloc_size = lp_write_cache_size(SNUM(fsp->conn)); + write_cache *wcp; + + if (allocated_write_caches >= MAX_WRITE_CACHES) + return False; + + if(alloc_size == 0 || fsp->wcp) + return False; + + if((wcp = (write_cache *)malloc(sizeof(write_cache))) == NULL) { + DEBUG(0,("setup_write_cache: malloc fail.\n")); + return False; + } + + wcp->file_size = file_size; + wcp->offset = 0; + wcp->alloc_size = alloc_size; + wcp->data_size = 0; + if((wcp->data = malloc(wcp->alloc_size)) == NULL) { + DEBUG(0,("setup_write_cache: malloc fail for buffer size %u.\n", + (unsigned int)wcp->alloc_size )); + SAFE_FREE(wcp); + return False; + } + + memset(wcp->data, '\0', wcp->alloc_size ); + + fsp->wcp = wcp; + DO_PROFILE_INC(writecache_allocated_write_caches); + allocated_write_caches++; + + DEBUG(10,("setup_write_cache: File %s allocated write cache size %u\n", fsp->fsp_name, wcp->alloc_size )); - return True; + return True; } /**************************************************************************** @@ -583,17 +593,17 @@ static BOOL setup_write_cache(files_struct *fsp, SMB_OFF_T file_size) void set_filelen_write_cache(files_struct *fsp, SMB_OFF_T file_size) { - fsp->size = file_size; - if(fsp->wcp) { - /* The cache *must* have been flushed before we do this. */ - if (fsp->wcp->data_size != 0) { - pstring msg; - slprintf(msg, sizeof(msg)-1, "set_filelen_write_cache: size change \ + fsp->size = file_size; + if(fsp->wcp) { + /* The cache *must* have been flushed before we do this. */ + if (fsp->wcp->data_size != 0) { + pstring msg; + slprintf(msg, sizeof(msg)-1, "set_filelen_write_cache: size change \ on file %s with write cache size = %u\n", fsp->fsp_name, fsp->wcp->data_size ); - smb_panic(msg); - } - fsp->wcp->file_size = file_size; - } + smb_panic(msg); + } + fsp->wcp->file_size = file_size; + } } /******************************************************************* @@ -602,36 +612,36 @@ on file %s with write cache size = %u\n", fsp->fsp_name, fsp->wcp->data_size ); ssize_t flush_write_cache(files_struct *fsp, enum flush_reason_enum reason) { - write_cache *wcp = fsp->wcp; - size_t data_size; - ssize_t ret; + write_cache *wcp = fsp->wcp; + size_t data_size; + ssize_t ret; - if(!wcp || !wcp->data_size) - return 0; + if(!wcp || !wcp->data_size) + return 0; - data_size = wcp->data_size; - wcp->data_size = 0; + data_size = wcp->data_size; + wcp->data_size = 0; - DO_PROFILE_DEC_INC(writecache_num_write_caches,writecache_flushed_writes[reason]); + DO_PROFILE_DEC_INC(writecache_num_write_caches,writecache_flushed_writes[reason]); - DEBUG(9,("flushing write cache: fd = %d, off=%.0f, size=%u\n", - fsp->fd, (double)wcp->offset, (unsigned int)data_size)); + DEBUG(9,("flushing write cache: fd = %d, off=%.0f, size=%u\n", + fsp->fd, (double)wcp->offset, (unsigned int)data_size)); #ifdef WITH_PROFILE - if(data_size == wcp->alloc_size) - DO_PROFILE_INC(writecache_num_perfect_writes); + if(data_size == wcp->alloc_size) + DO_PROFILE_INC(writecache_num_perfect_writes); #endif - ret = real_write_file(fsp, wcp->data, wcp->offset, data_size); + ret = real_write_file(fsp, wcp->data, wcp->offset, data_size); - /* - * Ensure file size if kept up to date if write extends file. - */ + /* + * Ensure file size if kept up to date if write extends file. + */ - if ((ret != -1) && (wcp->offset + ret > wcp->file_size)) - wcp->file_size = wcp->offset + ret; + if ((ret != -1) && (wcp->offset + ret > wcp->file_size)) + wcp->file_size = wcp->offset + ret; - return ret; + return ret; } /******************************************************************* @@ -640,12 +650,13 @@ sync a file void sync_file(connection_struct *conn, files_struct *fsp) { - if(lp_strict_sync(SNUM(conn)) && fsp->fd != -1) { - flush_write_cache(fsp, SYNC_FLUSH); - conn->vfs_ops.fsync(fsp,fsp->fd); - } + if(lp_strict_sync(SNUM(conn)) && fsp->fd != -1) { + flush_write_cache(fsp, SYNC_FLUSH); + conn->vfs_ops.fsync(fsp,fsp->fd); + } } + /************************************************************ Perform a stat whether a valid fd or not. ************************************************************/ diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c index cb6a6d31a40..e5f9b7a0ae8 100644 --- a/source3/smbd/filename.c +++ b/source3/smbd/filename.c @@ -38,54 +38,29 @@ static BOOL scan_directory(char *path, char *name,connection_struct *conn,BOOL d Check if two filenames are equal. This needs to be careful about whether we are case sensitive. ****************************************************************************/ + static BOOL fname_equal(char *name1, char *name2) { - int l1 = strlen(name1); - int l2 = strlen(name2); - - /* handle filenames ending in a single dot */ - if (l1-l2 == 1 && name1[l1-1] == '.' && lp_strip_dot()) - { - BOOL ret; - name1[l1-1] = 0; - ret = fname_equal(name1,name2); - name1[l1-1] = '.'; - return(ret); - } - - if (l2-l1 == 1 && name2[l2-1] == '.' && lp_strip_dot()) - { - BOOL ret; - name2[l2-1] = 0; - ret = fname_equal(name1,name2); - name2[l2-1] = '.'; - return(ret); - } - - /* now normal filename handling */ - if (case_sensitive) - return(strcmp(name1,name2) == 0); - - return(strequal(name1,name2)); -} + /* Normal filename handling */ + if (case_sensitive) + return(strcmp(name1,name2) == 0); + return(strequal(name1,name2)); +} /**************************************************************************** Mangle the 2nd name and check if it is then equal to the first name. ****************************************************************************/ -static BOOL mangled_equal(char *name1, char *name2, int snum) + +static BOOL mangled_equal(char *name1, const char *name2, int snum) { pstring tmpname; - if (mangle_is_8_3(name2, True)) { - return False; - } pstrcpy(tmpname, name2); - return mangle_map(tmpname, True, False, snum) && - strequal(name1, tmpname); + mangle_map(tmpname, True, False, snum); + return strequal(name1, tmpname); } - /**************************************************************************** This routine is called to convert names from the dos namespace to unix namespace. It needs to handle any case conversions, mangling, format @@ -116,388 +91,391 @@ for nlinks = 0, which can never be true for any file). BOOL unix_convert(pstring name,connection_struct *conn,char *saved_last_component, BOOL *bad_path, SMB_STRUCT_STAT *pst) { - SMB_STRUCT_STAT st; - char *start, *end; - pstring dirpath; - pstring orig_path; - BOOL component_was_mangled = False; - BOOL name_has_wildcard = False; - - ZERO_STRUCTP(pst); - - *dirpath = 0; - *bad_path = False; - if(saved_last_component) - *saved_last_component = 0; - - if (conn->printer) { - /* we don't ever use the filenames on a printer share as a - filename - so don't convert them */ - return True; - } - - DEBUG(5, ("unix_convert called on file \"%s\"\n", name)); - - /* - * Convert to basic unix format - removing \ chars and cleaning it up. - */ - - unix_format(name); - unix_clean_name(name); - - /* - * Names must be relative to the root of the service - trim any leading /. - * also trim trailing /'s. - */ - - trim_string(name,"/","/"); - - /* - * If we trimmed down to a single '\0' character - * then we should use the "." directory to avoid - * searching the cache, but not if we are in a - * printing share. - */ - - if (!*name) { - name[0] = '.'; - name[1] = '\0'; - } - - /* - * Ensure saved_last_component is valid even if file exists. - */ - - if(saved_last_component) { - end = strrchr_m(name, '/'); - if(end) - pstrcpy(saved_last_component, end + 1); - else - pstrcpy(saved_last_component, name); - } - - if (!case_sensitive && - (!case_preserve || (mangle_is_8_3(name, False) && !short_case_preserve))) - strnorm(name); - - /* - * If we trimmed down to a single '\0' character - * then we will be using the "." directory. - * As we know this is valid we can return true here. - */ - - if(!*name) - return(True); - - start = name; - while (strncmp(start,"./",2) == 0) - start += 2; - - pstrcpy(orig_path, name); - - if(stat_cache_lookup(conn, name, dirpath, &start, &st)) { - *pst = st; - return True; - } - - /* - * stat the name - if it exists then we are all done! - */ - -/* ZZZ: stat1 */ if (vfs_stat(conn,name,&st) == 0) { - stat_cache_add(orig_path, name); - DEBUG(5,("conversion finished %s -> %s\n",orig_path, name)); - *pst = st; - return(True); - } - - DEBUG(5,("unix_convert begin: name = %s, dirpath = %s, start = %s\n", - name, dirpath, start)); - - /* - * A special case - if we don't have any mangling chars and are case - * sensitive then searching won't help. - */ - - if (case_sensitive && !mangle_is_mangled(name) && - !lp_strip_dot() && !use_mangled_map) - return(False); - - name_has_wildcard = ms_has_wild(start); - - /* - * is_mangled() was changed to look at an entire pathname, not - * just a component. JRA. - */ - - if (mangle_is_mangled(start)) - component_was_mangled = True; - - /* - * Now we need to recursively match the name against the real - * directory structure. - */ - - /* - * Match each part of the path name separately, trying the names - * as is first, then trying to scan the directory for matching names. - */ - - for (; start ; start = (end?end+1:(char *)NULL)) { - /* - * Pinpoint the end of this section of the filename. - */ - end = strchr_m(start, '/'); - - /* - * Chop the name at this point. - */ - if (end) - *end = 0; - - if(saved_last_component != 0) - pstrcpy(saved_last_component, end ? end + 1 : start); - - /* - * Check if the name exists up to this point. - */ - - if (vfs_stat(conn,name, &st) == 0) { - /* - * It exists. it must either be a directory or this must be - * the last part of the path for it to be OK. - */ - if (end && !(st.st_mode & S_IFDIR)) { - /* - * An intermediate part of the name isn't a directory. - */ - DEBUG(5,("Not a dir %s\n",start)); - *end = '/'; - return(False); - } - - } else { - pstring rest; - - /* Stat failed - ensure we don't use it. */ - ZERO_STRUCT(st); - *rest = 0; - - /* - * Remember the rest of the pathname so it can be restored - * later. - */ - - if (end) - pstrcpy(rest,end+1); - - /* - * Try to find this part of the path in the directory. - */ - - if (ms_has_wild(start) || !scan_directory(dirpath, start, conn, end?True:False)) { - if (end) { - /* - * An intermediate part of the name can't be found. - */ - DEBUG(5,("Intermediate not found %s\n",start)); - *end = '/'; - - /* - * We need to return the fact that the intermediate - * name resolution failed. This is used to return an - * error of ERRbadpath rather than ERRbadfile. Some - * Windows applications depend on the difference between - * these two errors. - */ - *bad_path = True; - return(False); - } + SMB_STRUCT_STAT st; + char *start, *end; + pstring dirpath; + pstring orig_path; + BOOL component_was_mangled = False; + BOOL name_has_wildcard = False; + + ZERO_STRUCTP(pst); + + *dirpath = 0; + *bad_path = False; + if(saved_last_component) + *saved_last_component = 0; + + if (conn->printer) { + /* we don't ever use the filenames on a printer share as a + filename - so don't convert them */ + return True; + } + + DEBUG(5, ("unix_convert called on file \"%s\"\n", name)); + + /* + * Convert to basic unix format - removing \ chars and cleaning it up. + */ + + unix_format(name); + unix_clean_name(name); + + /* + * Names must be relative to the root of the service - trim any leading /. + * also trim trailing /'s. + */ + + trim_string(name,"/","/"); + + /* + * If we trimmed down to a single '\0' character + * then we should use the "." directory to avoid + * searching the cache, but not if we are in a + * printing share. + */ + + if (!*name) { + name[0] = '.'; + name[1] = '\0'; + } + + /* + * Ensure saved_last_component is valid even if file exists. + */ + + if(saved_last_component) { + end = strrchr_m(name, '/'); + if(end) + pstrcpy(saved_last_component, end + 1); + else + pstrcpy(saved_last_component, name); + } + + if (!case_sensitive && (!case_preserve || (mangle_is_8_3(name, False) && !short_case_preserve))) + strnorm(name); + + /* + * If we trimmed down to a single '\0' character + * then we will be using the "." directory. + * As we know this is valid we can return true here. + */ + + if(!*name) + return(True); + + start = name; + while (strncmp(start,"./",2) == 0) + start += 2; + + pstrcpy(orig_path, name); + + if(stat_cache_lookup(conn, name, dirpath, &start, &st)) { + *pst = st; + return True; + } + + /* + * stat the name - if it exists then we are all done! + */ + + if (vfs_stat(conn,name,&st) == 0) { + stat_cache_add(orig_path, name); + DEBUG(5,("conversion finished %s -> %s\n",orig_path, name)); + *pst = st; + return(True); + } + + DEBUG(5,("unix_convert begin: name = %s, dirpath = %s, start = %s\n", name, dirpath, start)); + + /* + * A special case - if we don't have any mangling chars and are case + * sensitive then searching won't help. + */ + + if (case_sensitive && !mangle_is_mangled(name) && !use_mangled_map) + return(False); + + name_has_wildcard = ms_has_wild(start); + + /* + * is_mangled() was changed to look at an entire pathname, not + * just a component. JRA. + */ + + if (mangle_is_mangled(start)) + component_was_mangled = True; + + /* + * Now we need to recursively match the name against the real + * directory structure. + */ + + /* + * Match each part of the path name separately, trying the names + * as is first, then trying to scan the directory for matching names. + */ + + for (; start ; start = (end?end+1:(char *)NULL)) { + /* + * Pinpoint the end of this section of the filename. + */ + end = strchr_m(start, '/'); + + /* + * Chop the name at this point. + */ + if (end) + *end = 0; + + if(saved_last_component != 0) + pstrcpy(saved_last_component, end ? end + 1 : start); + + /* + * Check if the name exists up to this point. + */ + + if (vfs_stat(conn,name, &st) == 0) { + /* + * It exists. it must either be a directory or this must be + * the last part of the path for it to be OK. + */ + if (end && !(st.st_mode & S_IFDIR)) { + /* + * An intermediate part of the name isn't a directory. + */ + DEBUG(5,("Not a dir %s\n",start)); + *end = '/'; + return(False); + } + + } else { + pstring rest; + + /* Stat failed - ensure we don't use it. */ + ZERO_STRUCT(st); + *rest = 0; + + /* + * Remember the rest of the pathname so it can be restored + * later. + */ + + if (end) + pstrcpy(rest,end+1); + + /* + * Try to find this part of the path in the directory. + */ + + if (ms_has_wild(start) || !scan_directory(dirpath, start, conn, end?True:False)) { + if (end) { + /* + * An intermediate part of the name can't be found. + */ + DEBUG(5,("Intermediate not found %s\n",start)); + *end = '/'; + + /* + * We need to return the fact that the intermediate + * name resolution failed. This is used to return an + * error of ERRbadpath rather than ERRbadfile. Some + * Windows applications depend on the difference between + * these two errors. + */ + *bad_path = True; + return(False); + } - /* - * Just the last part of the name doesn't exist. - * We may need to strupper() or strlower() it in case - * this conversion is being used for file creation - * purposes. If the filename is of mixed case then - * don't normalise it. - */ - - if (!case_preserve && (!strhasupper(start) || !strhaslower(start))) - strnorm(start); - - /* - * check on the mangled stack to see if we can recover the - * base of the filename. - */ - - if (mangle_is_mangled(start)) { - mangle_check_cache( start ); - } - - DEBUG(5,("New file %s\n",start)); - return(True); - } - - /* - * Restore the rest of the string. If the string was mangled the size - * may have changed. - */ - if (end) { - end = start + strlen(start); - pstrcat(start,"/"); - pstrcat(start,rest); - *end = '\0'; - } - } /* end else */ - - /* - * Add to the dirpath that we have resolved so far. - */ - if (*dirpath) - pstrcat(dirpath,"/"); - - pstrcat(dirpath,start); - - /* - * Don't cache a name with mangled or wildcard components - * as this can change the size. - */ - - if(!component_was_mangled && !name_has_wildcard) - stat_cache_add(orig_path, dirpath); - - /* - * Restore the / that we wiped out earlier. - */ - if (end) - *end = '/'; - } + /* + * Just the last part of the name doesn't exist. + * We may need to strupper() or strlower() it in case + * this conversion is being used for file creation + * purposes. If the filename is of mixed case then + * don't normalise it. + */ + + if (!case_preserve && (!strhasupper(start) || !strhaslower(start))) + strnorm(start); + + /* + * check on the mangled stack to see if we can recover the + * base of the filename. + */ + + if (mangle_is_mangled(start)) { + mangle_check_cache( start ); + } + + DEBUG(5,("New file %s\n",start)); + return(True); + } + + /* + * Restore the rest of the string. If the string was mangled the size + * may have changed. + */ + if (end) { + end = start + strlen(start); + pstrcat(start,"/"); + pstrcat(start,rest); + *end = '\0'; + } + } /* end else */ + + /* + * Add to the dirpath that we have resolved so far. + */ + if (*dirpath) + pstrcat(dirpath,"/"); + + pstrcat(dirpath,start); + + /* + * Don't cache a name with mangled or wildcard components + * as this can change the size. + */ + + if(!component_was_mangled && !name_has_wildcard) + stat_cache_add(orig_path, dirpath); + + /* + * Restore the / that we wiped out earlier. + */ + if (end) + *end = '/'; + } - /* - * Don't cache a name with mangled or wildcard components - * as this can change the size. - */ + /* + * Don't cache a name with mangled or wildcard components + * as this can change the size. + */ - if(!component_was_mangled && !name_has_wildcard) - stat_cache_add(orig_path, name); + if(!component_was_mangled && !name_has_wildcard) + stat_cache_add(orig_path, name); - /* - * If we ended up resolving the entire path then return a valid - * stat struct if we got one. - */ + /* + * If we ended up resolving the entire path then return a valid + * stat struct if we got one. + */ - if (VALID_STAT(st) && (strlen(orig_path) == strlen(name))) - *pst = st; + if (VALID_STAT(st) && (strlen(orig_path) == strlen(name))) + *pst = st; - /* - * The name has been resolved. - */ + /* + * The name has been resolved. + */ - DEBUG(5,("conversion finished %s -> %s\n",orig_path, name)); - return(True); + DEBUG(5,("conversion finished %s -> %s\n",orig_path, name)); + return(True); } - /**************************************************************************** -check a filename - possibly caling reducename - -This is called by every routine before it allows an operation on a filename. -It does any final confirmation necessary to ensure that the filename is -a valid one for the user to access. + Check a filename - possibly caling reducename. + This is called by every routine before it allows an operation on a filename. + It does any final confirmation necessary to ensure that the filename is + a valid one for the user to access. ****************************************************************************/ + BOOL check_name(char *name,connection_struct *conn) { - BOOL ret; + BOOL ret; - errno = 0; + errno = 0; - if (IS_VETO_PATH(conn, name)) { - DEBUG(5,("file path name %s vetoed\n",name)); - return(0); - } + if (IS_VETO_PATH(conn, name)) { + if(strcmp(name, ".") && strcmp(name, "..")) { + DEBUG(5,("file path name %s vetoed\n",name)); + return(0); + } + } - ret = reduce_name(conn,name,conn->connectpath,lp_widelinks(SNUM(conn))); + ret = reduce_name(conn,name,conn->connectpath,lp_widelinks(SNUM(conn))); - /* Check if we are allowing users to follow symlinks */ - /* Patch from David Clerc - University of Geneva */ + /* Check if we are allowing users to follow symlinks */ + /* Patch from David Clerc + University of Geneva */ #ifdef S_ISLNK - if (!lp_symlinks(SNUM(conn))) { - SMB_STRUCT_STAT statbuf; - if ( (conn->vfs_ops.lstat(conn,name,&statbuf) != -1) && - (S_ISLNK(statbuf.st_mode)) ) { - DEBUG(3,("check_name: denied: file path name %s is a symlink\n",name)); - ret=0; - } - } + if (!lp_symlinks(SNUM(conn))) { + SMB_STRUCT_STAT statbuf; + if ( (conn->vfs_ops.lstat(conn,name,&statbuf) != -1) && + (S_ISLNK(statbuf.st_mode)) ) { + DEBUG(3,("check_name: denied: file path name %s is a symlink\n",name)); + ret=0; + } + } #endif - if (!ret) - DEBUG(5,("check_name on %s failed\n",name)); + if (!ret) + DEBUG(5,("check_name on %s failed\n",name)); - return(ret); + return(ret); } - /**************************************************************************** -scan a directory to find a filename, matching without case sensitivity - -If the name looks like a mangled name then try via the mangling functions + Scan a directory to find a filename, matching without case sensitivity. + If the name looks like a mangled name then try via the mangling functions ****************************************************************************/ + static BOOL scan_directory(char *path, char *name,connection_struct *conn,BOOL docache) { - void *cur_dir; - char *dname; - BOOL mangled; - pstring name2; - - mangled = mangle_is_mangled(name); - - /* handle null paths */ - if (*path == 0) - path = "."; - - if (docache && (dname = DirCacheCheck(path,name,SNUM(conn)))) { - pstrcpy(name, dname); - return(True); - } - - /* - * The incoming name can be mangled, and if we de-mangle it - * here it will not compare correctly against the filename (name2) - * read from the directory and then mangled by the mangle_map() - * call. We need to mangle both names or neither. - * (JRA). - */ - if (mangled) - mangled = !mangle_check_cache( name ); - - /* open the directory */ - if (!(cur_dir = OpenDir(conn, path, True))) { - DEBUG(3,("scan dir didn't open dir [%s]\n",path)); - return(False); - } - - /* now scan for matching names */ - while ((dname = ReadDirName(cur_dir))) { - if (*dname == '.' && (strequal(dname,".") || strequal(dname,".."))) - continue; - - pstrcpy(name2,dname); - if (!mangle_map(name2,False,True,SNUM(conn))) - continue; - - if ((mangled && mangled_equal(name,name2,SNUM(conn))) || fname_equal(name, dname)) { - /* we've found the file, change it's name and return */ - if (docache) - DirCacheAdd(path,name,dname,SNUM(conn)); - pstrcpy(name, dname); - CloseDir(cur_dir); - return(True); - } - } - - CloseDir(cur_dir); - return(False); + void *cur_dir; + char *dname; + BOOL mangled; + + mangled = mangle_is_mangled(name); + + /* handle null paths */ + if (*path == 0) + path = "."; + + if (docache && (dname = DirCacheCheck(path,name,SNUM(conn)))) { + pstrcpy(name, dname); + return(True); + } + + /* + * The incoming name can be mangled, and if we de-mangle it + * here it will not compare correctly against the filename (name2) + * read from the directory and then mangled by the mangle_map() + * call. We need to mangle both names or neither. + * (JRA). + */ + if (mangled) + mangled = !mangle_check_cache( name ); + + /* open the directory */ + if (!(cur_dir = OpenDir(conn, path, True))) { + DEBUG(3,("scan dir didn't open dir [%s]\n",path)); + return(False); + } + + /* now scan for matching names */ + while ((dname = ReadDirName(cur_dir))) { + if (*dname == '.' && (strequal(dname,".") || strequal(dname,".."))) + continue; + + /* + * At this point dname is the unmangled name. + * name is either mangled or not, depending on the state of the "mangled" + * variable. JRA. + */ + + /* + * Check mangled name against mangled name, or unmangled name + * against unmangled name. + */ + + if ((mangled && mangled_equal(name,dname,SNUM(conn))) || fname_equal(name, dname)) { + /* we've found the file, change it's name and return */ + if (docache) + DirCacheAdd(path,name,dname,SNUM(conn)); + pstrcpy(name, dname); + CloseDir(cur_dir); + return(True); + } + } + + CloseDir(cur_dir); + return(False); } diff --git a/source3/smbd/groupname.c b/source3/smbd/groupname.c index 812488571a3..5147ae4b95e 100644 --- a/source3/smbd/groupname.c +++ b/source3/smbd/groupname.c @@ -21,7 +21,6 @@ #ifdef USING_GROUPNAME_MAP #include "includes.h" -extern DOM_SID global_sam_sid; /************************************************************************** Groupname map functionality. The code loads a groupname map file and @@ -160,7 +159,7 @@ Error was %s.\n", unixname, strerror(errno) )); * It's not a well known name, convert the UNIX gid_t * to a rid within this domain SID. */ - tmp_sid = global_sam_sid; + sid_copy(&tmp_sid,get_global_sam_sid()); tmp_sid.sub_auths[tmp_sid.num_auths++] = pdb_gid_to_group_rid(gid); } @@ -228,7 +227,7 @@ void map_gid_to_sid( gid_t gid, DOM_SID *psid) * If there's no map, convert the UNIX gid_t * to a rid within this domain SID. */ - *psid = global_sam_sid; + sid_copy(psid,get_global_sam_sid()); psid->sub_auths[psid->num_auths++] = pdb_gid_to_group_rid(gid); return; diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index c2f3b7b2f0b..91b221968f2 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -375,7 +375,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int START_PROFILE(SMBtrans); memset(name, '\0',sizeof(name)); - srvstr_pull(inbuf, name, smb_buf(inbuf), sizeof(name), -1, STR_TERMINATE); + srvstr_pull_buf(inbuf, name, smb_buf(inbuf), sizeof(name), STR_TERMINATE); if (dscnt > tdscnt || pscnt > tpscnt) { exit_server("invalid trans parameters"); diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index 666bbb5f618..217bb6a6133 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -71,7 +71,7 @@ static int CopyExpanded(connection_struct *conn, StrnCpy(buf,src,sizeof(buf)/2); pstring_sub(buf,"%S",lp_servicename(snum)); - standard_sub_conn(conn,buf); + standard_sub_conn(conn,buf,sizeof(buf)); l = push_ascii(*dst,buf,*n-1, STR_TERMINATE); (*dst) += l; (*n) -= l; @@ -94,7 +94,7 @@ static int StrlenExpanded(connection_struct *conn, int snum, char* s) if (!s) return(0); StrnCpy(buf,s,sizeof(buf)/2); pstring_sub(buf,"%S",lp_servicename(snum)); - standard_sub_conn(conn,buf); + standard_sub_conn(conn,buf,sizeof(buf)); return strlen(buf) + 1; } @@ -104,7 +104,7 @@ static char* Expand(connection_struct *conn, int snum, char* s) if (!s) return(NULL); StrnCpy(buf,s,sizeof(buf)/2); pstring_sub(buf,"%S",lp_servicename(snum)); - standard_sub_conn(conn,buf); + standard_sub_conn(conn,buf,sizeof(buf)); return &buf[0]; } @@ -1670,7 +1670,7 @@ static BOOL api_RNetShareAdd(connection_struct *conn,uint16 vuid, char *param,ch fstring comment; pstring pathname; char *command, *cmdname; - uint offset; + unsigned int offset; int snum; int res = ERRunsup; @@ -1754,82 +1754,104 @@ static BOOL api_RNetGroupEnum(connection_struct *conn,uint16 vuid, char *param,c char **rdata,char **rparam, int *rdata_len,int *rparam_len) { + int i; + int errflags=0; + int resume_context, cli_buf_size; char *str1 = param+2; char *str2 = skip_string(str1,1); char *p = skip_string(str2,1); - int uLevel = SVAL(p,0); - char *p2; - int count=0; - if (!prefix_ok(str1,"WrLeh")) return False; - - /* check it's a supported variant */ - switch( uLevel ) - { - case 0: - p2 = "B21"; - break; - default: - return False; + GROUP_MAP *group_list; + int num_entries; + + if (strcmp(str1,"WrLeh") != 0) + return False; + + /* parameters + * W-> resume context (number of users to skip) + * r -> return parameter pointer to receive buffer + * L -> length of receive buffer + * e -> return parameter number of entries + * h -> return parameter total number of users + */ + if (strcmp("B21",str2) != 0) + return False; + + /* get list of domain groups SID_DOMAIN_GRP=2 */ + if(!enum_group_mapping(2 , &group_list, &num_entries, False, False)) { + DEBUG(3,("api_RNetGroupEnum:failed to get group list")); + return False; } - if (strcmp(p2,str2) != 0) return False; + resume_context = SVAL(p,0); + cli_buf_size=SVAL(p+2,0); + DEBUG(10,("api_RNetGroupEnum:resume context: %d, client buffer size: %d\n", resume_context, cli_buf_size)); - *rdata_len = mdrcnt + 1024; + *rdata_len = cli_buf_size; *rdata = REALLOC(*rdata,*rdata_len); - SSVAL(*rparam,0,NERR_Success); - SSVAL(*rparam,2,0); /* converter word */ - p = *rdata; - /* XXXX we need a real SAM database some day */ - pstrcpy(p,"Users"); p += 21; count++; - pstrcpy(p,"Domain Users"); p += 21; count++; - pstrcpy(p,"Guests"); p += 21; count++; - pstrcpy(p,"Domain Guests"); p += 21; count++; + for(i=resume_context; i resume context (number of users to skip) + * r -> return parameter pointer to receive buffer + * L -> length of receive buffer + * e -> return parameter number of entries + * h -> return parameter total number of users + */ + + resume_context = SVAL(p,0); + cli_buf_size=SVAL(p+2,0); + DEBUG(10,("api_RNetUserEnum:resume context: %d, client buffer size: %d\n", resume_context, cli_buf_size)); + *rparam_len = 8; *rparam = REALLOC(*rparam,*rparam_len); - SSVAL(*rparam,4,count); /* is this right?? */ - SSVAL(*rparam,6,count); /* is this right?? */ + /* check it's a supported varient */ + if (strcmp("B21",str2) != 0) + return False; - DEBUG(3,("api_RNetUserEnum gave %d entries\n", count)); + *rdata_len = cli_buf_size; + *rdata = REALLOC(*rdata,*rdata_len); - return(True); + p = *rdata; + + /* to get user list enumerations for NetUserEnum in B21 format */ + pdb_init_sam(&pwd); + + /* Open the passgrp file - not for update. */ + become_root(); + if(!pdb_setsampwent(False)) { + DEBUG(0, ("api_RNetUserEnum:unable to open sam database.\n")); + unbecome_root(); + return False; + } + errflags=NERR_Success; + + while ( pdb_getsampwent(pwd) ) { + const char *name=pdb_get_username(pwd); + if ((name) && (*(name+strlen(name)-1)!='$')) { + count_total++; + if(count_total>=resume_context) { + if( ((PTR_DIFF(p,*rdata)+21)<=*rdata_len)&&(strlen(name)<=21) ) { + pstrcpy(p,name); + DEBUG(10,("api_RNetUserEnum:adding entry %d username %s\n",count_sent,p)); + p += 21; + count_sent++; + } else { + /* set overflow error */ + DEBUG(10,("api_RNetUserEnum:overflow on entry %d username %s\n",count_sent,name)); + errflags=234; + break; + } + } + } + } ; + + pdb_endsampwent(); + unbecome_root(); + + pdb_free_sam(&pwd); + + *rdata_len = PTR_DIFF(p,*rdata); + + SSVAL(*rparam,0,errflags); + SSVAL(*rparam,2,0); /* converter word */ + SSVAL(*rparam,4,count_sent); /* is this right?? */ + SSVAL(*rparam,6,count_total); /* is this right?? */ + + return True; } @@ -2343,7 +2451,7 @@ static BOOL api_RNetServerGetInfo(connection_struct *conn,uint16 vuid, char *par SIVAL(p,6,0); } else { SIVAL(p,6,PTR_DIFF(p2,*rdata)); - standard_sub_conn(conn,comment); + standard_sub_conn(conn,comment,sizeof(comment)); StrnCpy(p2,comment,MAX(mdrcnt - struct_len,0)); p2 = skip_string(p2,1); } @@ -2685,8 +2793,7 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param SIVAL(p,usri11_auth_flags,AF_OP_PRINT); /* auth flags */ SIVALS(p,usri11_password_age,-1); /* password age */ SIVAL(p,usri11_homedir,PTR_DIFF(p2,p)); /* home dir */ - pstrcpy(p2, lp_logon_home()); - standard_sub_conn(conn, p2); + pstrcpy(p2, vuser && vuser->homedir ? vuser->homedir : ""); p2 = skip_string(p2,1); SIVAL(p,usri11_parms,PTR_DIFF(p2,p)); /* parms */ pstrcpy(p2,""); @@ -2722,15 +2829,13 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param SSVAL(p,42, conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */ - pstrcpy(p2,lp_logon_home()); - standard_sub_conn(conn, p2); + pstrcpy(p2, vuser && vuser->homedir ? vuser->homedir : ""); p2 = skip_string(p2,1); SIVAL(p,48,PTR_DIFF(p2,*rdata)); /* comment */ *p2++ = 0; SSVAL(p,52,0); /* flags */ SIVAL(p,54,PTR_DIFF(p2,*rdata)); /* script_path */ - pstrcpy(p2,lp_logon_script()); - standard_sub_conn( conn, p2 ); + pstrcpy(p2,vuser && vuser->logon_script ? vuser->logon_script : ""); p2 = skip_string(p2,1); if (uLevel == 2) { @@ -2755,7 +2860,7 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param SSVALS(p,104,-1); /* num_logons */ SIVAL(p,106,PTR_DIFF(p2,*rdata)); /* logon_server */ pstrcpy(p2,"\\\\%L"); - standard_sub_conn(conn, p2); + standard_sub_conn(conn, p2,0); p2 = skip_string(p2,1); SSVAL(p,110,49); /* country_code */ SSVAL(p,112,860); /* code page */ @@ -2769,56 +2874,6 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param return(True); } -/******************************************************************* - get groups that a user is a member of - ******************************************************************/ -static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *param,char *data, - int mdrcnt,int mprcnt, - char **rdata,char **rparam, - int *rdata_len,int *rparam_len) -{ - char *str1 = param+2; - char *str2 = skip_string(str1,1); - char *UserName = skip_string(str2,1); - char *p = skip_string(UserName,1); - int uLevel = SVAL(p,0); - char *p2; - int count=0; - - *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); - - /* check it's a supported varient */ - if (strcmp(str1,"zWrLeh") != 0) return False; - switch( uLevel ) { - case 0: p2 = "B21"; break; - default: return False; - } - if (strcmp(p2,str2) != 0) return False; - - *rdata_len = mdrcnt + 1024; - *rdata = REALLOC(*rdata,*rdata_len); - - SSVAL(*rparam,0,NERR_Success); - SSVAL(*rparam,2,0); /* converter word */ - - p = *rdata; - - /* XXXX we need a real SAM database some day */ - pstrcpy(p,"Users"); p += 21; count++; - pstrcpy(p,"Domain Users"); p += 21; count++; - pstrcpy(p,"Guests"); p += 21; count++; - pstrcpy(p,"Domain Guests"); p += 21; count++; - - *rdata_len = PTR_DIFF(p,*rdata); - - SSVAL(*rparam,4,count); /* is this right?? */ - SSVAL(*rparam,6,count); /* is this right?? */ - - return(True); -} - - static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, @@ -2830,6 +2885,12 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param int uLevel; struct pack_desc desc; char* name; + /* With share level security vuid will always be zero. + Don't depend on vuser being non-null !!. JRA */ + user_struct *vuser = get_valid_user_struct(vuid); + if(vuser != NULL) + DEBUG(3,(" Username of UID %d is %s\n", (int)vuser->uid, + vuser->user.unix_name)); uLevel = SVAL(p,0); name = p + 2; @@ -2873,15 +2934,7 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param } PACKS(&desc,"z",global_myworkgroup);/* domain */ -/* JHT - By calling lp_logon_script() and standard_sub() we have */ -/* made sure all macros are fully substituted and available */ - { - pstring logon_script; - pstrcpy(logon_script,lp_logon_script()); - standard_sub_conn( conn, logon_script ); - PACKS(&desc,"z", logon_script); /* script path */ - } -/* End of JHT mods */ + PACKS(&desc,"z", vuser && vuser->logon_script ? vuser->logon_script :""); /* script path */ PACKI(&desc,"D",0x00000000); /* reserved */ } @@ -3030,7 +3083,7 @@ static BOOL api_WPrintJobEnumerate(connection_struct *conn,uint16 vuid, char *pa DEBUG(3,("WPrintJobEnumerate uLevel=%d name=%s\n",uLevel,name)); - /* check it's a supported varient */ + /* check it's a supported variant */ if (strcmp(str1,"zWrLeh") != 0) return False; if (uLevel > 2) return False; /* defined only for uLevel 0,1,2 */ if (!check_printjob_info(&desc,uLevel,str2)) return False; @@ -3383,38 +3436,6 @@ static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param, return(True); } -struct session_info { - char machine[31]; - char username[24]; - char clitype[24]; - int opens; - int time; -}; - -struct sessions_info { - int count; - struct session_info *session_list; -}; - -static int gather_sessioninfo(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void *state) -{ - struct sessions_info *sinfo = state; - struct session_info *curinfo = NULL; - struct sessionid *sessid = (struct sessionid *) dbuf.dptr; - - sinfo->count += 1; - sinfo->session_list = REALLOC(sinfo->session_list, sinfo->count * sizeof(struct session_info)); - - curinfo = &(sinfo->session_list[sinfo->count - 1]); - - safe_strcpy(curinfo->machine, sessid->remote_machine, - sizeof(curinfo->machine)); - safe_strcpy(curinfo->username, uidtoname(sessid->uid), - sizeof(curinfo->username)); - DEBUG(7,("gather_sessioninfo session from %s@%s\n", - curinfo->username, curinfo->machine)); - return 0; -} /**************************************************************************** List open sessions @@ -3430,8 +3451,8 @@ static BOOL api_RNetSessionEnum(connection_struct *conn,uint16 vuid, char *param char *p = skip_string(str2,1); int uLevel; struct pack_desc desc; - struct sessions_info sinfo; - int i; + struct sessionid *session_list; + int i, num_sessions; memset((char *)&desc,'\0',sizeof(desc)); @@ -3445,26 +3466,20 @@ static BOOL api_RNetSessionEnum(connection_struct *conn,uint16 vuid, char *param if (strcmp(str1,RAP_NetSessionEnum_REQ) != 0) return False; if (uLevel != 2 || strcmp(str2,RAP_SESSION_INFO_L2) != 0) return False; - sinfo.count = 0; - sinfo.session_list = NULL; - - if (!session_traverse(gather_sessioninfo, &sinfo)) { - DEBUG(4,("RNetSessionEnum session_traverse failed\n")); - return False; - } + num_sessions = list_sessions(&session_list); if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); memset((char *)&desc,'\0',sizeof(desc)); desc.base = *rdata; desc.buflen = mdrcnt; desc.format = str2; - if (!init_package(&desc,sinfo.count,0)) { + if (!init_package(&desc,num_sessions,0)) { return False; } - for(i=0; iguest) + return ERROR_NT(NT_STATUS_ACCESS_DENIED); + } + rdata = (char *)malloc(1024); if (rdata) memset(rdata,'\0',1024); diff --git a/source3/smbd/mangle.c b/source3/smbd/mangle.c index 20b2b419cf1..392e48afc19 100644 --- a/source3/smbd/mangle.c +++ b/source3/smbd/mangle.c @@ -29,6 +29,7 @@ static struct { } mangle_backends[] = { { "hash", mangle_hash_init }, { "hash2", mangle_hash2_init }, + /*{ "tdb", mangle_tdb_init }, */ { NULL, NULL } }; @@ -40,11 +41,12 @@ static void mangle_init(void) int i; char *method; - if (mangle_fns) return; + if (mangle_fns) + return; method = lp_mangling_method(); - /* find the first mangling method that manages to initialise and + /* find the first mangling method that manages to initialise and matches the "mangling method" parameter */ for (i=0; mangle_backends[i].name && !mangle_fns; i++) { if (!method || !*method || strcmp(method, mangle_backends[i].name) == 0) { @@ -82,7 +84,12 @@ BOOL mangle_is_mangled(const char *s) */ BOOL mangle_is_8_3(const char *fname, BOOL check_case) { - return mangle_fns->is_8_3(fname, check_case); + return mangle_fns->is_8_3(fname, check_case, False); +} + +BOOL mangle_is_8_3_wildcards(const char *fname, BOOL check_case) +{ + return mangle_fns->is_8_3(fname, check_case, True); } /* @@ -99,7 +106,8 @@ BOOL mangle_check_cache(char *s) /* map a long filename to a 8.3 name. */ -BOOL mangle_map(char *OutName, BOOL need83, BOOL cache83, int snum) + +void mangle_map(char *OutName, BOOL need83, BOOL cache83, int snum) { /* name mangling can be disabled for speed, in which case we just truncate the string */ @@ -107,11 +115,10 @@ BOOL mangle_map(char *OutName, BOOL need83, BOOL cache83, int snum) if (need83) { string_truncate(OutName, 12); } - return True; + return; } /* invoke the inane "mangled map" code */ mangle_map_filename(OutName, snum); - - return mangle_fns->name_map(OutName, need83, cache83); + mangle_fns->name_map(OutName, need83, cache83); } diff --git a/source3/smbd/mangle_hash.c b/source3/smbd/mangle_hash.c index f38c2ae2c45..1d4697474ce 100644 --- a/source3/smbd/mangle_hash.c +++ b/source3/smbd/mangle_hash.c @@ -127,9 +127,8 @@ static BOOL ct_initialized = False; static ubi_cacheRoot mangled_cache[1] = { { { 0, 0, 0, 0 }, 0, 0, 0, 0, 0, 0 } }; static BOOL mc_initialized = False; -#define MANGLED_CACHE_MAX_ENTRIES 0 -#define MANGLED_CACHE_MAX_MEMORY 16384 - +#define MANGLED_CACHE_MAX_ENTRIES 1024 +#define MANGLED_CACHE_MAX_MEMORY 0 /* -------------------------------------------------------------------------- ** * External Variables... @@ -140,16 +139,19 @@ extern BOOL case_mangle; /* If true, all chars in 8.3 should be same case. */ /* -------------------------------------------------------------------- */ -static NTSTATUS has_valid_chars(const smb_ucs2_t *s) +static NTSTATUS has_valid_chars(const smb_ucs2_t *s, BOOL allow_wildcards) { - if (!s || !*s) return NT_STATUS_INVALID_PARAMETER; + if (!s || !*s) + return NT_STATUS_INVALID_PARAMETER; /* CHECK: this should not be necessary if the ms wild chars are not valid in valid.dat --- simo */ - if (ms_has_wild_w(s)) return NT_STATUS_UNSUCCESSFUL; + if (!allow_wildcards && ms_has_wild_w(s)) + return NT_STATUS_UNSUCCESSFUL; while (*s) { - if(!isvalid83_w(*s)) return NT_STATUS_UNSUCCESSFUL; + if(!isvalid83_w(*s)) + return NT_STATUS_UNSUCCESSFUL; s++; } @@ -159,7 +161,9 @@ static NTSTATUS has_valid_chars(const smb_ucs2_t *s) /* return False if something fail and * return 2 alloced unicode strings that contain prefix and extension */ -static NTSTATUS mangle_get_prefix(const smb_ucs2_t *ucs2_string, smb_ucs2_t **prefix, smb_ucs2_t **extension) + +static NTSTATUS mangle_get_prefix(const smb_ucs2_t *ucs2_string, smb_ucs2_t **prefix, + smb_ucs2_t **extension, BOOL allow_wildcards) { size_t ext_len; smb_ucs2_t *p; @@ -169,12 +173,10 @@ static NTSTATUS mangle_get_prefix(const smb_ucs2_t *ucs2_string, smb_ucs2_t **pr if (!*prefix) { return NT_STATUS_NO_MEMORY; } - if ((p = strrchr_w(*prefix, UCS2_CHAR('.')))) - { + if ((p = strrchr_w(*prefix, UCS2_CHAR('.')))) { ext_len = strlen_w(p+1); if ((ext_len > 0) && (ext_len < 4) && (p != *prefix) && - (NT_STATUS_IS_OK(has_valid_chars(p+1)))) /* check extension */ - { + (NT_STATUS_IS_OK(has_valid_chars(p+1,allow_wildcards)))) /* check extension */ { *p = 0; *extension = strdup_w(p+1); if (!*extension) { @@ -197,20 +199,34 @@ static NTSTATUS mangle_get_prefix(const smb_ucs2_t *ucs2_string, smb_ucs2_t **pr * * ************************************************************************** ** */ -static NTSTATUS is_valid_name(const smb_ucs2_t *fname) + +static NTSTATUS is_valid_name(const smb_ucs2_t *fname, BOOL allow_wildcards) { smb_ucs2_t *str, *p; NTSTATUS ret = NT_STATUS_OK; - if (!fname || !*fname) return NT_STATUS_INVALID_PARAMETER; + if (!fname || !*fname) + return NT_STATUS_INVALID_PARAMETER; - if (*fname == UCS2_CHAR('.')) return NT_STATUS_UNSUCCESSFUL; + /* . and .. are valid names. */ + if (strcmp_wa(fname, ".")==0 || strcmp_wa(fname, "..")==0) + return NT_STATUS_OK; + + /* Name cannot start with '.' */ + if (*fname == UCS2_CHAR('.')) + return NT_STATUS_UNSUCCESSFUL; - ret = has_valid_chars(fname); - if (NT_STATUS_IS_ERR(ret)) return ret; + ret = has_valid_chars(fname, allow_wildcards); + if (NT_STATUS_IS_ERR(ret)) + return ret; str = strdup_w(fname); p = strchr_w(str, UCS2_CHAR('.')); + if (p && p[1] == UCS2_CHAR(0)) { + /* Name cannot end in '.' */ + SAFE_FREE(str); + return NT_STATUS_UNSUCCESSFUL; + } if (p) *p = 0; strupper_w(str); p = &(str[1]); @@ -254,27 +270,34 @@ static NTSTATUS is_valid_name(const smb_ucs2_t *fname) return ret; } -static NTSTATUS is_8_3_w(const smb_ucs2_t *fname) +static NTSTATUS is_8_3_w(const smb_ucs2_t *fname, BOOL allow_wildcards) { smb_ucs2_t *pref = 0, *ext = 0; size_t plen; NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - if (!fname || !*fname) return NT_STATUS_INVALID_PARAMETER; + if (!fname || !*fname) + return NT_STATUS_INVALID_PARAMETER; - if (strlen_w(fname) > 12) return NT_STATUS_UNSUCCESSFUL; + if (strlen_w(fname) > 12) + return NT_STATUS_UNSUCCESSFUL; if (strcmp_wa(fname, ".") == 0 || strcmp_wa(fname, "..") == 0) return NT_STATUS_OK; - if (NT_STATUS_IS_ERR(is_valid_name(fname))) goto done; + if (NT_STATUS_IS_ERR(is_valid_name(fname, allow_wildcards))) + goto done; - if (NT_STATUS_IS_ERR(mangle_get_prefix(fname, &pref, &ext))) goto done; + if (NT_STATUS_IS_ERR(mangle_get_prefix(fname, &pref, &ext, allow_wildcards))) + goto done; plen = strlen_w(pref); - if (strchr_wa(pref, '.')) goto done; - if (plen < 1 || plen > 8) goto done; - if (ext) if (strlen_w(ext) > 3) goto done; + if (strchr_wa(pref, '.')) + goto done; + if (plen < 1 || plen > 8) + goto done; + if (ext && (strlen_w(ext) > 3)) + goto done; ret = NT_STATUS_OK; @@ -284,26 +307,29 @@ done: return ret; } -static BOOL is_8_3(const char *fname, BOOL check_case) +static BOOL is_8_3(const char *fname, BOOL check_case, BOOL allow_wildcards) { const char *f; smb_ucs2_t *ucs2name; NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - if (!fname || !*fname) return False; - if ((f = strrchr(fname, '/')) == NULL) f = fname; - else f++; + if (!fname || !*fname) + return False; + if ((f = strrchr(fname, '/')) == NULL) + f = fname; + else + f++; - if (strlen(f) > 12) return False; + if (strlen(f) > 12) + return False; ucs2name = acnv_uxu2(f); - if (!ucs2name) - { + if (!ucs2name) { DEBUG(0,("is_8_3: internal error acnv_uxu2() failed!\n")); goto done; } - ret = is_8_3_w(ucs2name); + ret = is_8_3_w(ucs2name, allow_wildcards); done: SAFE_FREE(ucs2name); @@ -334,21 +360,20 @@ done: * ************************************************************************** ** */ static void init_chartest( void ) - { - char *illegalchars = "*\\/?<>|\":"; - unsigned char *s; +{ + char *illegalchars = "*\\/?<>|\":"; + unsigned char *s; - memset( (char *)chartest, '\0', 256 ); - - for( s = (unsigned char *)illegalchars; *s; s++ ) - chartest[*s] = ILLEGAL_MASK; + memset( (char *)chartest, '\0', 256 ); - for( s = (unsigned char *)basechars; *s; s++ ) - chartest[*s] |= BASECHAR_MASK; + for( s = (unsigned char *)illegalchars; *s; s++ ) + chartest[*s] = ILLEGAL_MASK; - ct_initialized = True; - } /* init_chartest */ + for( s = (unsigned char *)basechars; *s; s++ ) + chartest[*s] |= BASECHAR_MASK; + ct_initialized = True; +} /* ************************************************************************** ** * Return True if the name *could be* a mangled name. @@ -368,24 +393,22 @@ static void init_chartest( void ) * ************************************************************************** ** */ static BOOL is_mangled(const char *s) - { - char *magic; - - if( !ct_initialized ) - init_chartest(); - - magic = strchr_m( s, magic_char ); - while( magic && magic[1] && magic[2] ) /* 3 chars, 1st is magic. */ - { - if( ('.' == magic[3] || '/' == magic[3] || !(magic[3])) /* Ends with '.' or nul or '/' ? */ - && isbasechar( toupper(magic[1]) ) /* is 2nd char basechar? */ - && isbasechar( toupper(magic[2]) ) ) /* is 3rd char basechar? */ - return( True ); /* If all above, then true, */ - magic = strchr_m( magic+1, magic_char ); /* else seek next magic. */ - } - return( False ); - } /* is_mangled */ - +{ + char *magic; + + if( !ct_initialized ) + init_chartest(); + + magic = strchr_m( s, magic_char ); + while( magic && magic[1] && magic[2] ) { /* 3 chars, 1st is magic. */ + if( ('.' == magic[3] || '/' == magic[3] || !(magic[3])) /* Ends with '.' or nul or '/' ? */ + && isbasechar( toupper(magic[1]) ) /* is 2nd char basechar? */ + && isbasechar( toupper(magic[2]) ) ) /* is 3rd char basechar? */ + return( True ); /* If all above, then true, */ + magic = strchr_m( magic+1, magic_char ); /* else seek next magic. */ + } + return( False ); +} /* ************************************************************************** ** * Compare two cache keys and return a value indicating their ordinal @@ -407,12 +430,12 @@ static BOOL is_mangled(const char *s) * ************************************************************************** ** */ static signed int cache_compare( ubi_btItemPtr ItemPtr, ubi_btNodePtr NodePtr ) - { - char *Key1 = (char *)ItemPtr; - char *Key2 = (char *)(((ubi_cacheEntryPtr)NodePtr) + 1); +{ + char *Key1 = (char *)ItemPtr; + char *Key2 = (char *)(((ubi_cacheEntryPtr)NodePtr) + 1); - return( StrCaseCmp( Key1, Key2 ) ); - } /* cache_compare */ + return( StrCaseCmp( Key1, Key2 ) ); +} /* ************************************************************************** ** * Free a cache entry. @@ -428,10 +451,10 @@ static signed int cache_compare( ubi_btItemPtr ItemPtr, ubi_btNodePtr NodePtr ) * ************************************************************************** ** */ static void cache_free_entry( ubi_trNodePtr WarrenZevon ) - { - ZERO_STRUCTP(WarrenZevon); - SAFE_FREE( WarrenZevon ); - } /* cache_free_entry */ +{ + ZERO_STRUCTP(WarrenZevon); + SAFE_FREE( WarrenZevon ); +} /* ************************************************************************** ** * Initializes or clears the mangled cache. @@ -449,28 +472,25 @@ static void cache_free_entry( ubi_trNodePtr WarrenZevon ) * * ************************************************************************** ** */ + static void mangle_reset( void ) - { - if( !mc_initialized ) - { - (void)ubi_cacheInit( mangled_cache, - cache_compare, - cache_free_entry, - MANGLED_CACHE_MAX_ENTRIES, - MANGLED_CACHE_MAX_MEMORY ); - mc_initialized = True; - } - else - { - (void)ubi_cacheClear( mangled_cache ); - } - - /* - (void)ubi_cacheSetMaxEntries( mangled_cache, lp_mangled_cache_entries() ); - (void)ubi_cacheSetMaxMemory( mangled_cache, lp_mangled_cache_memory() ); - */ - } /* reset_mangled_cache */ +{ + if( !mc_initialized ) { + (void)ubi_cacheInit( mangled_cache, + cache_compare, + cache_free_entry, + MANGLED_CACHE_MAX_ENTRIES, + MANGLED_CACHE_MAX_MEMORY ); + mc_initialized = True; + } else { + (void)ubi_cacheClear( mangled_cache ); + } + /* + (void)ubi_cacheSetMaxEntries( mangled_cache, lp_mangled_cache_entries() ); + (void)ubi_cacheSetMaxMemory( mangled_cache, lp_mangled_cache_memory() ); + */ +} /* ************************************************************************** ** * Add a mangled name into the cache. @@ -497,51 +517,49 @@ static void mangle_reset( void ) * ************************************************************************** ** */ static void cache_mangled_name( char *mangled_name, char *raw_name ) - { - ubi_cacheEntryPtr new_entry; - char *s1; - char *s2; - size_t mangled_len; - size_t raw_len; - size_t i; - - /* If the cache isn't initialized, give up. */ - if( !mc_initialized ) - return; - - /* Init the string lengths. */ - mangled_len = strlen( mangled_name ); - raw_len = strlen( raw_name ); - - /* See if the extensions are unmangled. If so, store the entry - * without the extension, thus creating a "group" reverse map. - */ - s1 = strrchr( mangled_name, '.' ); - if( s1 && (s2 = strrchr( raw_name, '.' )) ) - { - i = 1; - while( s1[i] && (tolower( s1[i] ) == s2[i]) ) - i++; - if( !s1[i] && !s2[i] ) - { - mangled_len -= i; - raw_len -= i; - } - } - - /* Allocate a new cache entry. If the allocation fails, just return. */ - i = sizeof( ubi_cacheEntry ) + mangled_len + raw_len + 2; - new_entry = malloc( i ); - if( !new_entry ) - return; - - /* Fill the new cache entry, and add it to the cache. */ - s1 = (char *)(new_entry + 1); - s2 = (char *)&(s1[mangled_len + 1]); - (void)StrnCpy( s1, mangled_name, mangled_len ); - (void)StrnCpy( s2, raw_name, raw_len ); - ubi_cachePut( mangled_cache, i, new_entry, s1 ); - } /* cache_mangled_name */ +{ + ubi_cacheEntryPtr new_entry; + char *s1; + char *s2; + size_t mangled_len; + size_t raw_len; + size_t i; + + /* If the cache isn't initialized, give up. */ + if( !mc_initialized ) + return; + + /* Init the string lengths. */ + mangled_len = strlen( mangled_name ); + raw_len = strlen( raw_name ); + + /* See if the extensions are unmangled. If so, store the entry + * without the extension, thus creating a "group" reverse map. + */ + s1 = strrchr( mangled_name, '.' ); + if( s1 && (s2 = strrchr( raw_name, '.' )) ) { + i = 1; + while( s1[i] && (tolower( s1[i] ) == s2[i]) ) + i++; + if( !s1[i] && !s2[i] ) { + mangled_len -= i; + raw_len -= i; + } + } + + /* Allocate a new cache entry. If the allocation fails, just return. */ + i = sizeof( ubi_cacheEntry ) + mangled_len + raw_len + 2; + new_entry = malloc( i ); + if( !new_entry ) + return; + + /* Fill the new cache entry, and add it to the cache. */ + s1 = (char *)(new_entry + 1); + s2 = (char *)&(s1[mangled_len + 1]); + (void)StrnCpy( s1, mangled_name, mangled_len ); + (void)StrnCpy( s2, raw_name, raw_len ); + ubi_cachePut( mangled_cache, i, new_entry, s1 ); +} /* ************************************************************************** ** * Check for a name on the mangled name stack @@ -560,63 +578,57 @@ static void cache_mangled_name( char *mangled_name, char *raw_name ) static BOOL check_cache( char *s ) { - ubi_cacheEntryPtr FoundPtr; - char *ext_start = NULL; - char *found_name; - char *saved_ext = NULL; - - /* If the cache isn't initialized, give up. */ - if( !mc_initialized ) - return( False ); - - FoundPtr = ubi_cacheGet( mangled_cache, (ubi_trItemPtr)s ); - - /* If we didn't find the name *with* the extension, try without. */ - if( !FoundPtr ) - { - ext_start = strrchr( s, '.' ); - if( ext_start ) - { - if((saved_ext = strdup(ext_start)) == NULL) - return False; - - *ext_start = '\0'; - FoundPtr = ubi_cacheGet( mangled_cache, (ubi_trItemPtr)s ); - /* - * At this point s is the name without the - * extension. We re-add the extension if saved_ext - * is not null, before freeing saved_ext. - */ - } - } - - /* Okay, if we haven't found it we're done. */ - if( !FoundPtr ) - { - if(saved_ext) - { - /* Replace the saved_ext as it was truncated. */ - (void)pstrcat( s, saved_ext ); - SAFE_FREE(saved_ext); - } - return( False ); - } - - /* If we *did* find it, we need to copy it into the string buffer. */ - found_name = (char *)(FoundPtr + 1); - found_name += (strlen( found_name ) + 1); - - (void)pstrcpy( s, found_name ); - if( saved_ext ) - { - /* Replace the saved_ext as it was truncated. */ - (void)pstrcat( s, saved_ext ); - SAFE_FREE(saved_ext); - } - - return( True ); -} /* check_mangled_cache */ + ubi_cacheEntryPtr FoundPtr; + char *ext_start = NULL; + char *found_name; + char *saved_ext = NULL; + + /* If the cache isn't initialized, give up. */ + if( !mc_initialized ) + return( False ); + + FoundPtr = ubi_cacheGet( mangled_cache, (ubi_trItemPtr)s ); + + /* If we didn't find the name *with* the extension, try without. */ + if( !FoundPtr ) { + ext_start = strrchr( s, '.' ); + if( ext_start ) { + if((saved_ext = strdup(ext_start)) == NULL) + return False; + + *ext_start = '\0'; + FoundPtr = ubi_cacheGet( mangled_cache, (ubi_trItemPtr)s ); + /* + * At this point s is the name without the + * extension. We re-add the extension if saved_ext + * is not null, before freeing saved_ext. + */ + } + } + + /* Okay, if we haven't found it we're done. */ + if( !FoundPtr ) { + if(saved_ext) { + /* Replace the saved_ext as it was truncated. */ + (void)pstrcat( s, saved_ext ); + SAFE_FREE(saved_ext); + } + return( False ); + } + + /* If we *did* find it, we need to copy it into the string buffer. */ + found_name = (char *)(FoundPtr + 1); + found_name += (strlen( found_name ) + 1); + + (void)pstrcpy( s, found_name ); + if( saved_ext ) { + /* Replace the saved_ext as it was truncated. */ + (void)pstrcat( s, saved_ext ); + SAFE_FREE(saved_ext); + } + return( True ); +} /***************************************************************************** * do the actual mangling to 8.3 format @@ -624,77 +636,67 @@ static BOOL check_cache( char *s ) ***************************************************************************** */ static void to_8_3(char *s) - { - int csum; - char *p; - char extension[4]; - char base[9]; - int baselen = 0; - int extlen = 0; - - extension[0] = 0; - base[0] = 0; - - p = strrchr(s,'.'); - if( p && (strlen(p+1) < (size_t)4) ) - { - BOOL all_normal = ( strisnormal(p+1) ); /* XXXXXXXXX */ - - if( all_normal && p[1] != 0 ) - { - *p = 0; - csum = str_checksum( s ); - *p = '.'; - } - else - csum = str_checksum(s); - } - else - csum = str_checksum(s); - - strupper( s ); - - if( p ) - { - if( p == s ) - safe_strcpy( extension, "___", 3 ); - else - { - *p++ = 0; - while( *p && extlen < 3 ) - { - if ( *p != '.') { - extension[extlen++] = p[0]; - } - p++; - } - extension[extlen] = 0; - } - } - - p = s; - - while( *p && baselen < 5 ) - { - if (*p != '.') { - base[baselen++] = p[0]; - } - p++; - } - base[baselen] = 0; +{ + int csum; + char *p; + char extension[4]; + char base[9]; + int baselen = 0; + int extlen = 0; + + extension[0] = 0; + base[0] = 0; + + p = strrchr(s,'.'); + if( p && (strlen(p+1) < (size_t)4) ) { + BOOL all_normal = ( strisnormal(p+1) ); /* XXXXXXXXX */ + + if( all_normal && p[1] != 0 ) { + *p = 0; + csum = str_checksum( s ); + *p = '.'; + } else + csum = str_checksum(s); + } else + csum = str_checksum(s); + + strupper( s ); + + if( p ) { + if( p == s ) + safe_strcpy( extension, "___", 3 ); + else { + *p++ = 0; + while( *p && extlen < 3 ) { + if ( *p != '.') { + extension[extlen++] = p[0]; + } + p++; + } + extension[extlen] = 0; + } + } - csum = csum % (MANGLE_BASE*MANGLE_BASE); + p = s; + + while( *p && baselen < 5 ) { + if (*p != '.') { + base[baselen++] = p[0]; + } + p++; + } + base[baselen] = 0; - (void)slprintf(s, 12, "%s%c%c%c", - base, magic_char, mangle( csum/MANGLE_BASE ), mangle( csum ) ); + csum = csum % (MANGLE_BASE*MANGLE_BASE); - if( *extension ) - { - (void)pstrcat( s, "." ); - (void)pstrcat( s, extension ); - } + (void)slprintf(s, 12, "%s%c%c%c", + base, magic_char, mangle( csum/MANGLE_BASE ), mangle( csum ) ); - } /* mangle_name_83 */ + if( *extension ) { + (void)pstrcat( s, "." ); + (void)pstrcat( s, extension ); + } +} /***************************************************************************** * Convert a filename to DOS format. Return True if successful. @@ -721,7 +723,8 @@ static void to_8_3(char *s) * * **************************************************************************** */ -static BOOL name_map(char *OutName, BOOL need83, BOOL cache83) + +static void name_map(char *OutName, BOOL need83, BOOL cache83) { smb_ucs2_t *OutName_ucs2; DEBUG(5,("name_map( %s, need83 = %s, cache83 = %s)\n", OutName, @@ -729,11 +732,14 @@ static BOOL name_map(char *OutName, BOOL need83, BOOL cache83) if (push_ucs2_allocate((void **)&OutName_ucs2, OutName) < 0) { DEBUG(0, ("push_ucs2_allocate failed!\n")); - return False; + return; } + if( !need83 && NT_STATUS_IS_ERR(is_valid_name(OutName_ucs2, False))) + need83 = True; + /* check if it's already in 8.3 format */ - if (need83 && !NT_STATUS_IS_OK(is_8_3_w(OutName_ucs2))) { + if (need83 && !NT_STATUS_IS_OK(is_8_3_w(OutName_ucs2, False))) { char *tmp = NULL; /* mangle it into 8.3 */ @@ -750,9 +756,7 @@ static BOOL name_map(char *OutName, BOOL need83, BOOL cache83) DEBUG(5,("name_map() ==> [%s]\n", OutName)); SAFE_FREE(OutName_ucs2); - return(True); -} /* name_map */ - +} /* the following provides the abstraction layer to make it easier diff --git a/source3/smbd/mangle_hash2.c b/source3/smbd/mangle_hash2.c index 959a93e07b1..e2c4b43bc37 100644 --- a/source3/smbd/mangle_hash2.c +++ b/source3/smbd/mangle_hash2.c @@ -2,6 +2,7 @@ Unix SMB/CIFS implementation. new hash based name mangling implementation Copyright (C) Andrew Tridgell 2002 + Copyright (C) Simo Sorce 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -30,6 +31,10 @@ for simplicity, we only allow ascii characters in 8.3 names */ + /* hash alghorithm changed to FNV1 by idra@samba.org (Simo Sorce). + * see http://www.isthe.com/chongo/tech/comp/fnv/index.html for a + * discussion on Fowler / Noll / Vo (FNV) Hash by one of it's authors + */ /* =============================================================================== @@ -73,6 +78,10 @@ #define MANGLE_CACHE_SIZE 4096 #endif +#define FNV1_PRIME 0x01000193 +/*the following number is a fnv1 of the string: idra@samba.org 2002 */ +#define FNV1_INIT 0xa6b93095 + /* these tables are used to provide fast tests for characters */ static unsigned char char_flags[256]; @@ -88,13 +97,14 @@ static char **prefix_cache; static u32 *prefix_cache_hashes; /* these are the characters we use in the 8.3 hash. Must be 36 chars long */ -const char *basechars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; +static const char *basechars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; static unsigned char base_reverse[256]; #define base_forward(v) basechars[v] /* the list of reserved dos names - all of these are illegal */ -const char *reserved_names[] = { "AUX", "LOCK$", "CON", "COM1", "COM2", "COM3", "COM4", - "LPT1", "LPT2", "LPT3", "NUL", "PRN", NULL }; +static const char *reserved_names[] = +{ "AUX", "LOCK$", "CON", "COM1", "COM2", "COM3", "COM4", + "LPT1", "LPT2", "LPT3", "NUL", "PRN", NULL }; /* hash a string of the specified length. The string does not need to be @@ -120,13 +130,14 @@ static u32 mangle_hash(const char *key, unsigned length) length = strlen(str); /* Set the initial value from the key size. */ - for (value = 0x238F13AF * length, i=0; i < length; i++) { - value = (value + (((unsigned char)str[i]) << (i*5 % 24))); - } + for (value = FNV1_INIT, i=0; i < length; i++) { + value *= (u32)FNV1_PRIME; + value ^= (u32)(str[i]); + } /* note that we force it to a 31 bit hash, to keep within the limits of the 36^6 mangle space */ - return (1103515243 * value + 12345) & ~0x80000000; + return value & ~0x80000000; } /* @@ -184,12 +195,12 @@ static const char *cache_lookup(u32 hash) In this algorithm, mangled names use only pure ascii characters (no multi-byte) so we can avoid doing a UCS2 conversion -*/ -static BOOL is_mangled(const char *name) + */ +static BOOL is_mangled_component(const char *name) { int len, i; - M_DEBUG(0,("is_mangled %s ?\n", name)); + M_DEBUG(0,("is_mangled_component %s ?\n", name)); /* the best distinguishing characteristic is the ~ */ if (name[6] != '~') return False; @@ -229,6 +240,39 @@ static BOOL is_mangled(const char *name) } + +/* + determine if a string is possibly in a mangled format, ignoring + case + + In this algorithm, mangled names use only pure ascii characters (no + multi-byte) so we can avoid doing a UCS2 conversion + + NOTE! This interface must be able to handle a path with unix + directory separators. It should return true if any component is + mangled + */ +static BOOL is_mangled(const char *name) +{ + const char *p; + const char *s; + + M_DEBUG(0,("is_mangled %s ?\n", name)); + + for (s=name; (p=strchr(s, '/')); s=p+1) { + char *component = strndup(s, PTR_DIFF(p, s)); + if (is_mangled_component(component)) { + free(component); + return True; + } + free(component); + } + + /* and the last part ... */ + return is_mangled_component(s); +} + + /* see if a filename is an allowable 8.3 name. @@ -236,7 +280,7 @@ static BOOL is_mangled(const char *name) simplifies things greatly (it means that we know the string won't get larger when converted from UNIX to DOS formats) */ -static BOOL is_8_3(const char *name, BOOL check_case) +static BOOL is_8_3(const char *name, BOOL check_case, BOOL allow_wildcards) { int len, i; char *dot_p; @@ -286,8 +330,8 @@ static BOOL is_8_3(const char *name, BOOL check_case) /* the length are all OK. Now check to see if the characters themselves are OK */ for (i=0; name[i]; i++) { - /* note that we allow wildcard petterns! */ - if (!FLAG_CHECK(name[i], FLAG_ASCII|FLAG_WILDCARD) && name[i] != '.') { + /* note that we may allow wildcard petterns! */ + if (!FLAG_CHECK(name[i], FLAG_ASCII|(allow_wildcards ? FLAG_WILDCARD : 0)) && name[i] != '.') { return False; } } @@ -343,8 +387,12 @@ static BOOL check_cache(char *name) } /* we found it - construct the full name */ - strncpy(extension, name+9, 3); - extension[3] = 0; + if (name[8] == '.') { + strncpy(extension, name+9, 3); + extension[3] = 0; + } else { + extension[0] = 0; + } if (extension[0]) { M_DEBUG(0,("check_cache: %s -> %s.%s\n", name, prefix, extension)); @@ -383,17 +431,38 @@ static BOOL is_reserved_name(const char *name) } /* - see if a filename is a legal long filename + See if a filename is a legal long filename. + A filename ending in a '.' is not legal unless it's "." or "..". JRA. */ + static BOOL is_legal_name(const char *name) { + const char *dot_pos = NULL; + BOOL alldots = True; + size_t numdots = 0; + while (*name) { if (FLAG_CHECK(name[0], FLAG_ILLEGAL)) { return False; } + if (name[0] == '.') { + dot_pos = name; + numdots++; + } else { + alldots = False; + } name++; } + if (dot_pos) { + if (alldots && (numdots == 1 || numdots == 2)) + return True; /* . or .. is a valid name */ + + /* A valid long name cannot end in '.' */ + if (dot_pos[1] == '\0') + return False; + } + return True; } @@ -408,7 +477,7 @@ static BOOL is_legal_name(const char *name) the name parameter must be able to hold 13 bytes */ -static BOOL name_map(char *name, BOOL need83, BOOL cache83) +static void name_map(char *name, BOOL need83, BOOL cache83) { char *dot_p; char lead_char; @@ -422,14 +491,14 @@ static BOOL name_map(char *name, BOOL need83, BOOL cache83) if (!is_reserved_name(name)) { /* if the name is already a valid 8.3 name then we don't need to do anything */ - if (is_8_3(name, False)) { - return True; + if (is_8_3(name, False, False)) { + return; } /* if the caller doesn't strictly need 8.3 then just check for illegal filenames */ if (!need83 && is_legal_name(name)) { - return True; + return; } } @@ -511,7 +580,6 @@ static BOOL name_map(char *name, BOOL need83, BOOL cache83) fstrcpy(name, new_name); /* all done, we've managed to mangle it */ - return True; } diff --git a/source3/smbd/mangle_map.c b/source3/smbd/mangle_map.c index 71d93407181..553e3d949de 100644 --- a/source3/smbd/mangle_map.c +++ b/source3/smbd/mangle_map.c @@ -127,8 +127,8 @@ static char *map_filename( char *s, /* This is null terminated */ */ static void mangled_map(char *s, const char *MangledMap) { - char *start=MangledMap; /* Use this to search for mappings. */ - char *end; /* Used to find the end of strings. */ + const char *start=MangledMap; /* Use this to search for mappings. */ + const char *end; /* Used to find the end of strings. */ char *match_string; pstring new_string; /* Make up the result here. */ char *np; /* Points into new_string. */ diff --git a/source3/smbd/message.c b/source3/smbd/message.c index 971834c012c..ba646f12aa0 100644 --- a/source3/smbd/message.c +++ b/source3/smbd/message.c @@ -85,7 +85,7 @@ static void msg_deliver(void) pstrcpy(s,lp_msg_command()); pstring_sub(s,"%f",alpha_strcpy(alpha_msgfrom,msgfrom,NULL,sizeof(alpha_msgfrom))); pstring_sub(s,"%t",alpha_strcpy(alpha_msgto,msgto,NULL,sizeof(alpha_msgto))); - standard_sub_basic(current_user_info.smb_name, s); + standard_sub_basic(current_user_info.smb_name, s, sizeof(s)); pstring_sub(s,"%s",name); smbrun(s,NULL); } @@ -118,8 +118,8 @@ int reply_sends(connection_struct *conn, outsize = set_message(outbuf,0,0,True); p = smb_buf(inbuf)+1; - p += srvstr_pull(inbuf, msgfrom, p, sizeof(msgfrom), -1, STR_TERMINATE) + 1; - p += srvstr_pull(inbuf, msgto, p, sizeof(msgto), -1, STR_TERMINATE) + 1; + p += srvstr_pull_buf(inbuf, msgfrom, p, sizeof(msgfrom), STR_TERMINATE) + 1; + p += srvstr_pull_buf(inbuf, msgto, p, sizeof(msgto), STR_TERMINATE) + 1; msg = p; @@ -160,8 +160,8 @@ int reply_sendstrt(connection_struct *conn, msgpos = 0; p = smb_buf(inbuf)+1; - p += srvstr_pull(inbuf, msgfrom, p, sizeof(msgfrom), -1, STR_TERMINATE) + 1; - p += srvstr_pull(inbuf, msgto, p, sizeof(msgto), -1, STR_TERMINATE) + 1; + p += srvstr_pull_buf(inbuf, msgfrom, p, sizeof(msgfrom), STR_TERMINATE) + 1; + p += srvstr_pull_buf(inbuf, msgto, p, sizeof(msgto), STR_TERMINATE) + 1; DEBUG( 3, ( "SMBsendstrt (from %s to %s)\n", msgfrom, msgto ) ); diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index 18682e6c9ff..81c2427a003 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -50,8 +50,9 @@ static void get_challenge(char buff[8]) } /**************************************************************************** -reply for the core protocol + Reply for the core protocol. ****************************************************************************/ + static int reply_corep(char *inbuf, char *outbuf) { int outsize = set_message(outbuf,1,0,True); @@ -61,107 +62,110 @@ static int reply_corep(char *inbuf, char *outbuf) return outsize; } - /**************************************************************************** -reply for the coreplus protocol + Reply for the coreplus protocol. ****************************************************************************/ + static int reply_coreplus(char *inbuf, char *outbuf) { - int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0); - int outsize = set_message(outbuf,13,0,True); - SSVAL(outbuf,smb_vwv5,raw); /* tell redirector we support - readbraw and writebraw (possibly) */ - /* Reply, SMBlockread, SMBwritelock supported. */ - SCVAL(outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD); - SSVAL(outbuf,smb_vwv1,0x1); /* user level security, don't encrypt */ + int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0); + int outsize = set_message(outbuf,13,0,True); + SSVAL(outbuf,smb_vwv5,raw); /* tell redirector we support + readbraw and writebraw (possibly) */ + /* Reply, SMBlockread, SMBwritelock supported. */ + SCVAL(outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD); + SSVAL(outbuf,smb_vwv1,0x1); /* user level security, don't encrypt */ - Protocol = PROTOCOL_COREPLUS; + Protocol = PROTOCOL_COREPLUS; - return outsize; + return outsize; } - /**************************************************************************** -reply for the lanman 1.0 protocol + Reply for the lanman 1.0 protocol. ****************************************************************************/ + static int reply_lanman1(char *inbuf, char *outbuf) { - int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0); - int secword=0; - time_t t = time(NULL); + int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0); + int secword=0; + time_t t = time(NULL); - global_encrypted_passwords_negotiated = lp_encrypted_passwords(); + global_encrypted_passwords_negotiated = lp_encrypted_passwords(); - if (lp_security()>=SEC_USER) secword |= 1; - if (global_encrypted_passwords_negotiated) secword |= 2; + if (lp_security()>=SEC_USER) + secword |= NEGOTIATE_SECURITY_USER_LEVEL; + if (global_encrypted_passwords_negotiated) + secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE; - set_message(outbuf,13,global_encrypted_passwords_negotiated?8:0,True); - SSVAL(outbuf,smb_vwv1,secword); - /* Create a token value and add it to the outgoing packet. */ - if (global_encrypted_passwords_negotiated) { - get_challenge(smb_buf(outbuf)); - } + set_message(outbuf,13,global_encrypted_passwords_negotiated?8:0,True); + SSVAL(outbuf,smb_vwv1,secword); + /* Create a token value and add it to the outgoing packet. */ + if (global_encrypted_passwords_negotiated) { + get_challenge(smb_buf(outbuf)); + } - Protocol = PROTOCOL_LANMAN1; + Protocol = PROTOCOL_LANMAN1; - /* Reply, SMBlockread, SMBwritelock supported. */ - SCVAL(outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD); - SSVAL(outbuf,smb_vwv2,max_recv); - SSVAL(outbuf,smb_vwv3,lp_maxmux()); /* maxmux */ - SSVAL(outbuf,smb_vwv4,1); - SSVAL(outbuf,smb_vwv5,raw); /* tell redirector we support - readbraw writebraw (possibly) */ - SIVAL(outbuf,smb_vwv6,sys_getpid()); - SSVAL(outbuf,smb_vwv10, TimeDiff(t)/60); + /* Reply, SMBlockread, SMBwritelock supported. */ + SCVAL(outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD); + SSVAL(outbuf,smb_vwv2,max_recv); + SSVAL(outbuf,smb_vwv3,lp_maxmux()); /* maxmux */ + SSVAL(outbuf,smb_vwv4,1); + SSVAL(outbuf,smb_vwv5,raw); /* tell redirector we support + readbraw writebraw (possibly) */ + SIVAL(outbuf,smb_vwv6,sys_getpid()); + SSVAL(outbuf,smb_vwv10, TimeDiff(t)/60); - put_dos_date(outbuf,smb_vwv8,t); + put_dos_date(outbuf,smb_vwv8,t); - return (smb_len(outbuf)+4); + return (smb_len(outbuf)+4); } - /**************************************************************************** -reply for the lanman 2.0 protocol + Reply for the lanman 2.0 protocol. ****************************************************************************/ + static int reply_lanman2(char *inbuf, char *outbuf) { - int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0); - int secword=0; - time_t t = time(NULL); + int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0); + int secword=0; + time_t t = time(NULL); - global_encrypted_passwords_negotiated = lp_encrypted_passwords(); + global_encrypted_passwords_negotiated = lp_encrypted_passwords(); - if (lp_security()>=SEC_USER) secword |= 1; - if (global_encrypted_passwords_negotiated) secword |= 2; - - set_message(outbuf,13,global_encrypted_passwords_negotiated?8:0,True); - SSVAL(outbuf,smb_vwv1,secword); - SIVAL(outbuf,smb_vwv6,sys_getpid()); - - /* Create a token value and add it to the outgoing packet. */ - if (global_encrypted_passwords_negotiated) { - get_challenge(smb_buf(outbuf)); - } - - Protocol = PROTOCOL_LANMAN2; - - /* Reply, SMBlockread, SMBwritelock supported. */ - SCVAL(outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD); - SSVAL(outbuf,smb_vwv2,max_recv); - SSVAL(outbuf,smb_vwv3,lp_maxmux()); - SSVAL(outbuf,smb_vwv4,1); - SSVAL(outbuf,smb_vwv5,raw); /* readbraw and/or writebraw */ - SSVAL(outbuf,smb_vwv10, TimeDiff(t)/60); - put_dos_date(outbuf,smb_vwv8,t); - - return (smb_len(outbuf)+4); -} + if (lp_security()>=SEC_USER) + secword |= NEGOTIATE_SECURITY_USER_LEVEL; + if (global_encrypted_passwords_negotiated) + secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE; + set_message(outbuf,13,global_encrypted_passwords_negotiated?8:0,True); + SSVAL(outbuf,smb_vwv1,secword); + SIVAL(outbuf,smb_vwv6,sys_getpid()); + /* Create a token value and add it to the outgoing packet. */ + if (global_encrypted_passwords_negotiated) { + get_challenge(smb_buf(outbuf)); + } + + Protocol = PROTOCOL_LANMAN2; + + /* Reply, SMBlockread, SMBwritelock supported. */ + SCVAL(outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD); + SSVAL(outbuf,smb_vwv2,max_recv); + SSVAL(outbuf,smb_vwv3,lp_maxmux()); + SSVAL(outbuf,smb_vwv4,1); + SSVAL(outbuf,smb_vwv5,raw); /* readbraw and/or writebraw */ + SSVAL(outbuf,smb_vwv10, TimeDiff(t)/60); + put_dos_date(outbuf,smb_vwv8,t); + + return (smb_len(outbuf)+4); +} + +/**************************************************************************** + Generate the spnego negprot reply blob. Return the number of bytes used. +****************************************************************************/ -/* - generate the spnego negprot reply blob. Return the number of bytes used -*/ static int negprot_spnego(char *p) { DATA_BLOB blob; @@ -197,7 +201,7 @@ static int negprot_spnego(char *p) blob = spnego_gen_negTokenInit(guid, OIDs_plain, "NONE"); } else { ADS_STRUCT *ads; - ads = ads_init(NULL, NULL, NULL, NULL); + ads = ads_init_simple(); /* win2000 uses host$@REALM, which we will probably use eventually, but for now this works */ asprintf(&principal, "HOST/%s@%s", guid, ads->realm); @@ -211,11 +215,10 @@ static int negprot_spnego(char *p) return len; } - - /**************************************************************************** -reply for the nt protocol + Reply for the nt protocol. ****************************************************************************/ + static int reply_nt1(char *inbuf, char *outbuf) { /* dual names + lock_and_read + nt SMBs + remote API calls */ @@ -262,9 +265,9 @@ static int reply_nt1(char *inbuf, char *outbuf) capabilities |= CAP_DFS; if (lp_security() >= SEC_USER) - secword |= 1; + secword |= NEGOTIATE_SECURITY_USER_LEVEL; if (global_encrypted_passwords_negotiated) - secword |= 2; + secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE; set_message(outbuf,17,0,True); @@ -377,133 +380,128 @@ protocol [LANMAN2.1] /* List of supported protocols, most desired first */ static struct { - char *proto_name; - char *short_name; - int (*proto_reply_fn)(char *, char *); - int protocol_level; + char *proto_name; + char *short_name; + int (*proto_reply_fn)(char *, char *); + int protocol_level; } supported_protocols[] = { - {"NT LANMAN 1.0", "NT1", reply_nt1, PROTOCOL_NT1}, - {"NT LM 0.12", "NT1", reply_nt1, PROTOCOL_NT1}, - {"LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2}, - {"Samba", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2}, - {"DOS LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2}, - {"LANMAN1.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1}, - {"MICROSOFT NETWORKS 3.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1}, - {"MICROSOFT NETWORKS 1.03", "COREPLUS", reply_coreplus, PROTOCOL_COREPLUS}, - {"PC NETWORK PROGRAM 1.0", "CORE", reply_corep, PROTOCOL_CORE}, - {NULL,NULL,NULL,0}, + {"NT LANMAN 1.0", "NT1", reply_nt1, PROTOCOL_NT1}, + {"NT LM 0.12", "NT1", reply_nt1, PROTOCOL_NT1}, + {"LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2}, + {"Samba", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2}, + {"DOS LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2}, + {"LANMAN1.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1}, + {"MICROSOFT NETWORKS 3.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1}, + {"MICROSOFT NETWORKS 1.03", "COREPLUS", reply_coreplus, PROTOCOL_COREPLUS}, + {"PC NETWORK PROGRAM 1.0", "CORE", reply_corep, PROTOCOL_CORE}, + {NULL,NULL,NULL,0}, }; - /**************************************************************************** - reply to a negprot + Reply to a negprot. ****************************************************************************/ + int reply_negprot(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize) { - int outsize = set_message(outbuf,1,0,True); - int Index=0; - int choice= -1; - int protocol; - char *p; - int bcc = SVAL(smb_buf(inbuf),-2); - int arch = ARCH_ALL; - START_PROFILE(SMBnegprot); - - p = smb_buf(inbuf)+1; - while (p < (smb_buf(inbuf) + bcc)) - { - Index++; - DEBUG(3,("Requested protocol [%s]\n",p)); - if (strcsequal(p,"Windows for Workgroups 3.1a")) - arch &= ( ARCH_WFWG | ARCH_WIN95 | ARCH_WINNT | ARCH_WIN2K ); - else if (strcsequal(p,"DOS LM1.2X002")) - arch &= ( ARCH_WFWG | ARCH_WIN95 ); - else if (strcsequal(p,"DOS LANMAN2.1")) - arch &= ( ARCH_WFWG | ARCH_WIN95 ); - else if (strcsequal(p,"NT LM 0.12")) - arch &= ( ARCH_WIN95 | ARCH_WINNT | ARCH_WIN2K ); - else if (strcsequal(p,"LANMAN2.1")) - arch &= ( ARCH_WINNT | ARCH_WIN2K | ARCH_OS2 ); - else if (strcsequal(p,"LM1.2X002")) - arch &= ( ARCH_WINNT | ARCH_WIN2K | ARCH_OS2 ); - else if (strcsequal(p,"MICROSOFT NETWORKS 1.03")) - arch &= ARCH_WINNT; - else if (strcsequal(p,"XENIX CORE")) - arch &= ( ARCH_WINNT | ARCH_OS2 ); - else if (strcsequal(p,"Samba")) { - arch = ARCH_SAMBA; - break; - } + int outsize = set_message(outbuf,1,0,True); + int Index=0; + int choice= -1; + int protocol; + char *p; + int bcc = SVAL(smb_buf(inbuf),-2); + int arch = ARCH_ALL; + START_PROFILE(SMBnegprot); + + p = smb_buf(inbuf)+1; + while (p < (smb_buf(inbuf) + bcc)) { + Index++; + DEBUG(3,("Requested protocol [%s]\n",p)); + if (strcsequal(p,"Windows for Workgroups 3.1a")) + arch &= ( ARCH_WFWG | ARCH_WIN95 | ARCH_WINNT | ARCH_WIN2K ); + else if (strcsequal(p,"DOS LM1.2X002")) + arch &= ( ARCH_WFWG | ARCH_WIN95 ); + else if (strcsequal(p,"DOS LANMAN2.1")) + arch &= ( ARCH_WFWG | ARCH_WIN95 ); + else if (strcsequal(p,"NT LM 0.12")) + arch &= ( ARCH_WIN95 | ARCH_WINNT | ARCH_WIN2K ); + else if (strcsequal(p,"LANMAN2.1")) + arch &= ( ARCH_WINNT | ARCH_WIN2K | ARCH_OS2 ); + else if (strcsequal(p,"LM1.2X002")) + arch &= ( ARCH_WINNT | ARCH_WIN2K | ARCH_OS2 ); + else if (strcsequal(p,"MICROSOFT NETWORKS 1.03")) + arch &= ARCH_WINNT; + else if (strcsequal(p,"XENIX CORE")) + arch &= ( ARCH_WINNT | ARCH_OS2 ); + else if (strcsequal(p,"Samba")) { + arch = ARCH_SAMBA; + break; + } - p += strlen(p) + 2; - } + p += strlen(p) + 2; + } - switch ( arch ) { - case ARCH_SAMBA: - set_remote_arch(RA_SAMBA); - break; - case ARCH_WFWG: - set_remote_arch(RA_WFWG); - break; - case ARCH_WIN95: - set_remote_arch(RA_WIN95); - break; - case ARCH_WINNT: - if(SVAL(inbuf,smb_flg2)==FLAGS2_WIN2K_SIGNATURE) - set_remote_arch(RA_WIN2K); - else - set_remote_arch(RA_WINNT); - break; - case ARCH_WIN2K: - set_remote_arch(RA_WIN2K); - break; - case ARCH_OS2: - set_remote_arch(RA_OS2); - break; - default: - set_remote_arch(RA_UNKNOWN); - break; - } + switch ( arch ) { + case ARCH_SAMBA: + set_remote_arch(RA_SAMBA); + break; + case ARCH_WFWG: + set_remote_arch(RA_WFWG); + break; + case ARCH_WIN95: + set_remote_arch(RA_WIN95); + break; + case ARCH_WINNT: + if(SVAL(inbuf,smb_flg2)==FLAGS2_WIN2K_SIGNATURE) + set_remote_arch(RA_WIN2K); + else + set_remote_arch(RA_WINNT); + break; + case ARCH_WIN2K: + set_remote_arch(RA_WIN2K); + break; + case ARCH_OS2: + set_remote_arch(RA_OS2); + break; + default: + set_remote_arch(RA_UNKNOWN); + break; + } - /* possibly reload - change of architecture */ - reload_services(True); + /* possibly reload - change of architecture */ + reload_services(True); - /* Check for protocols, most desirable first */ - for (protocol = 0; supported_protocols[protocol].proto_name; protocol++) - { - p = smb_buf(inbuf)+1; - Index = 0; - if ((supported_protocols[protocol].protocol_level <= lp_maxprotocol()) && - (supported_protocols[protocol].protocol_level >= lp_minprotocol())) - while (p < (smb_buf(inbuf) + bcc)) - { - if (strequal(p,supported_protocols[protocol].proto_name)) - choice = Index; - Index++; - p += strlen(p) + 2; - } - if(choice != -1) - break; - } + /* Check for protocols, most desirable first */ + for (protocol = 0; supported_protocols[protocol].proto_name; protocol++) { + p = smb_buf(inbuf)+1; + Index = 0; + if ((supported_protocols[protocol].protocol_level <= lp_maxprotocol()) && + (supported_protocols[protocol].protocol_level >= lp_minprotocol())) + while (p < (smb_buf(inbuf) + bcc)) { + if (strequal(p,supported_protocols[protocol].proto_name)) + choice = Index; + Index++; + p += strlen(p) + 2; + } + if(choice != -1) + break; + } - SSVAL(outbuf,smb_vwv0,choice); - if(choice != -1) { - extern fstring remote_proto; - fstrcpy(remote_proto,supported_protocols[protocol].short_name); - reload_services(True); - outsize = supported_protocols[protocol].proto_reply_fn(inbuf, outbuf); - DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name)); - } - else { - DEBUG(0,("No protocol supported !\n")); - } - SSVAL(outbuf,smb_vwv0,choice); + SSVAL(outbuf,smb_vwv0,choice); + if(choice != -1) { + extern fstring remote_proto; + fstrcpy(remote_proto,supported_protocols[protocol].short_name); + reload_services(True); + outsize = supported_protocols[protocol].proto_reply_fn(inbuf, outbuf); + DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name)); + } else { + DEBUG(0,("No protocol supported !\n")); + } + SSVAL(outbuf,smb_vwv0,choice); - DEBUG( 5, ( "negprot index=%d\n", choice ) ); + DEBUG( 5, ( "negprot index=%d\n", choice ) ); - END_PROFILE(SMBnegprot); - return(outsize); + END_PROFILE(SMBnegprot); + return(outsize); } - diff --git a/source3/smbd/notify_kernel.c b/source3/smbd/notify_kernel.c index 19ea41e1956..8454917163a 100644 --- a/source3/smbd/notify_kernel.c +++ b/source3/smbd/notify_kernel.c @@ -1,5 +1,6 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 3.0 change notify handling - linux kernel based implementation Copyright (C) Andrew Tridgell 2000 @@ -22,9 +23,9 @@ #if HAVE_KERNEL_CHANGE_NOTIFY -static VOLATILE sig_atomic_t fd_pending; -static VOLATILE sig_atomic_t signals_received; -static VOLATILE sig_atomic_t signals_processed; +#define FD_PENDING_SIZE 20 +static SIG_ATOMIC_T fd_pending_array[FD_PENDING_SIZE]; +static SIG_ATOMIC_T signals_received; #ifndef DN_ACCESS #define DN_ACCESS 0x00000001 /* File accessed in directory */ @@ -53,84 +54,114 @@ static VOLATILE sig_atomic_t signals_processed; This is the structure to keep the information needed to determine if a directory has changed. *****************************************************************************/ + struct change_data { int directory_handle; }; /**************************************************************************** -the signal handler for change notify + The signal handler for change notify. + The Linux kernel has a bug in that we should be able to block any + further delivery of RT signals until the kernel_check_notify() function + unblocks them, but it seems that any signal mask we're setting here is + being overwritten on exit from this handler. I should create a standalone + test case for the kernel hackers. JRA. *****************************************************************************/ + static void signal_handler(int sig, siginfo_t *info, void *unused) { - BlockSignals(True, sig); - fd_pending = (sig_atomic_t)info->si_fd; - signals_received++; + if (signals_received < FD_PENDING_SIZE - 1) { + fd_pending_array[signals_received] = (SIG_ATOMIC_T)info->si_fd; + signals_received++; + } /* Else signal is lost. */ sys_select_signal(); } - - /**************************************************************************** Check if a change notify should be issued. time non-zero means timeout check (used for hash). Ignore this (async method where time is zero will be used instead). *****************************************************************************/ + static BOOL kernel_check_notify(connection_struct *conn, uint16 vuid, char *path, uint32 flags, void *datap, time_t t) { struct change_data *data = (struct change_data *)datap; + int i; + BOOL ret = False; if (t) return False; - if (data->directory_handle != (int)fd_pending) return False; - - DEBUG(3,("kernel change notify on %s fd=%d\n", path, (int)fd_pending)); - - close((int)fd_pending); - fd_pending = (sig_atomic_t)-1; - data->directory_handle = -1; - signals_processed++; + BlockSignals(True, RT_SIGNAL_NOTIFY); + for (i = 0; i < signals_received; i++) { + if (data->directory_handle == (int)fd_pending_array[i]) { + DEBUG(3,("kernel_check_notify: kernel change notify on %s fd[%d]=%d (signals_received=%d)\n", + path, i, (int)fd_pending_array[i], (int)signals_received )); + + close((int)fd_pending_array[i]); + fd_pending_array[i] = (SIG_ATOMIC_T)-1; + if (signals_received - i - 1) { + memmove((void *)&fd_pending_array[i], (void *)&fd_pending_array[i+1], + sizeof(SIG_ATOMIC_T)*(signals_received-i-1)); + } + data->directory_handle = -1; + signals_received--; + ret = True; + break; + } + } BlockSignals(False, RT_SIGNAL_NOTIFY); - return True; + return ret; } /**************************************************************************** -remove a change notify data structure + Remove a change notify data structure. *****************************************************************************/ + static void kernel_remove_notify(void *datap) { struct change_data *data = (struct change_data *)datap; int fd = data->directory_handle; if (fd != -1) { - if (fd == (int)fd_pending) { - fd_pending = (sig_atomic_t)-1; - signals_processed++; - BlockSignals(False, RT_SIGNAL_NOTIFY); + int i; + BlockSignals(True, RT_SIGNAL_NOTIFY); + for (i = 0; i < signals_received; i++) { + if (fd == (int)fd_pending_array[i]) { + close(fd); + fd_pending_array[i] = (SIG_ATOMIC_T)-1; + if (signals_received - i - 1) { + memmove((void *)&fd_pending_array[i], (void *)&fd_pending_array[i+1], + sizeof(SIG_ATOMIC_T)*(signals_received-i-1)); + } + data->directory_handle = -1; + signals_received--; + break; + } } - close(fd); + BlockSignals(False, RT_SIGNAL_NOTIFY); } SAFE_FREE(data); - DEBUG(3,("removed kernel change notify fd=%d\n", fd)); + DEBUG(3,("kernel_remove_notify: fd=%d\n", fd)); } - /**************************************************************************** -register a change notify request + Register a change notify request. *****************************************************************************/ + static void *kernel_register_notify(connection_struct *conn, char *path, uint32 flags) { struct change_data data; int fd; unsigned long kernel_flags; - fd = conn->vfs_ops.open(conn, path, O_RDONLY, 0); + fd = sys_open(path,O_RDONLY, 0); if (fd == -1) { DEBUG(3,("Failed to open directory %s for change notify\n", path)); return NULL; } - if (fcntl(fd, F_SETSIG, RT_SIGNAL_NOTIFY) == -1) { + if (sys_fcntl_long(fd, F_SETSIG, RT_SIGNAL_NOTIFY) == -1) { DEBUG(3,("Failed to set signal handler for change notify\n")); return NULL; } @@ -147,7 +178,7 @@ static void *kernel_register_notify(connection_struct *conn, char *path, uint32 if (flags & FILE_NOTIFY_CHANGE_EA) kernel_flags |= DN_ATTRIB; if (flags & FILE_NOTIFY_CHANGE_FILE_NAME) kernel_flags |= DN_RENAME|DN_DELETE; - if (fcntl(fd, F_NOTIFY, kernel_flags) == -1) { + if (sys_fcntl_long(fd, F_NOTIFY, kernel_flags) == -1) { DEBUG(3,("Failed to set async flag for change notify\n")); return NULL; } @@ -161,22 +192,24 @@ static void *kernel_register_notify(connection_struct *conn, char *path, uint32 } /**************************************************************************** -see if the kernel supports change notify + See if the kernel supports change notify. ****************************************************************************/ + static BOOL kernel_notify_available(void) { int fd, ret; fd = open("/tmp", O_RDONLY); - if (fd == -1) return False; /* uggh! */ - ret = fcntl(fd, F_NOTIFY, 0); + if (fd == -1) + return False; /* uggh! */ + ret = sys_fcntl_long(fd, F_NOTIFY, 0); close(fd); return ret == 0; } - /**************************************************************************** -setup kernel based change notify + Setup kernel based change notify. ****************************************************************************/ + struct cnotify_fns *kernel_notify_init(void) { static struct cnotify_fns cnotify; @@ -190,7 +223,8 @@ struct cnotify_fns *kernel_notify_init(void) return NULL; } - if (!kernel_notify_available()) return NULL; + if (!kernel_notify_available()) + return NULL; cnotify.register_notify = kernel_register_notify; cnotify.check_notify = kernel_check_notify; @@ -200,7 +234,6 @@ struct cnotify_fns *kernel_notify_init(void) return &cnotify; } - #else void notify_kernel_dummy(void) {} #endif /* HAVE_KERNEL_CHANGE_NOTIFY */ diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index edee14513c8..e0a0da7a75b 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -454,6 +454,7 @@ to open_mode 0x%x\n", (unsigned long)*desired_access, (unsigned long)share_acces /**************************************************************************** Reply to an NT create and X call on a pipe. ****************************************************************************/ + static int nt_open_pipe(char *fname, connection_struct *conn, char *inbuf, char *outbuf, int *ppnum) { @@ -502,7 +503,7 @@ static int do_ntcreate_pipe_open(connection_struct *conn, int pnum = -1; char *p = NULL; - srvstr_pull(inbuf, fname, smb_buf(inbuf), sizeof(fname), -1, STR_TERMINATE); + srvstr_pull_buf(inbuf, fname, smb_buf(inbuf), sizeof(fname), STR_TERMINATE); if ((ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum)) != 0) return ret; @@ -605,12 +606,13 @@ int reply_ntcreate_and_X(connection_struct *conn, } if(!dir_fsp->is_directory) { + + srvstr_pull_buf(inbuf, fname, smb_buf(inbuf), sizeof(fname), STR_TERMINATE); + /* * Check to see if this is a mac fork of some kind. */ - srvstr_pull(inbuf, fname, smb_buf(inbuf), sizeof(fname), -1, STR_TERMINATE); - if( strchr_m(fname, ':')) { END_PROFILE(SMBntcreateX); return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND); @@ -635,10 +637,18 @@ int reply_ntcreate_and_X(connection_struct *conn, dir_name_len++; } - srvstr_pull(inbuf, &fname[dir_name_len], smb_buf(inbuf), sizeof(fname)-dir_name_len, - -1, STR_TERMINATE); + srvstr_pull_buf(inbuf, &fname[dir_name_len], smb_buf(inbuf), sizeof(fname)-dir_name_len, STR_TERMINATE); } else { - srvstr_pull(inbuf, fname, smb_buf(inbuf), sizeof(fname), -1, STR_TERMINATE); + srvstr_pull_buf(inbuf, fname, smb_buf(inbuf), sizeof(fname), STR_TERMINATE); + + /* + * Check to see if this is a mac fork of some kind. + */ + + if( strchr_m(fname, ':')) { + END_PROFILE(SMBntcreateX); + return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND); + } } /* @@ -880,29 +890,29 @@ static int do_nt_transact_create_pipe( connection_struct *conn, return ERROR_DOS(ERRDOS,ERRbadaccess); } - srvstr_pull(inbuf, fname, params+53, sizeof(fname), -1, STR_TERMINATE); - - if ((ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum)) != 0) - return ret; + srvstr_pull(inbuf, fname, params+53, sizeof(fname), total_parameter_count-53, STR_TERMINATE); + if ((ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum)) != 0) + return ret; + /* Realloc the size of parameters and data we will return */ params = Realloc(*ppparams, 69); if(params == NULL) return ERROR_DOS(ERRDOS,ERRnomem); - + *ppparams = params; - + memset((char *)params,'\0',69); - + p = params; SCVAL(p,0,NO_OPLOCK_RETURN); - + p += 2; SSVAL(p,0,pnum); p += 2; SIVAL(p,0,FILE_WAS_OPENED); p += 8; - + p += 32; SIVAL(p,0,FILE_ATTRIBUTE_NORMAL); /* File Attributes. */ p += 20; @@ -910,12 +920,12 @@ static int do_nt_transact_create_pipe( connection_struct *conn, SSVAL(p,0,FILE_TYPE_MESSAGE_MODE_PIPE); /* Device state. */ SSVAL(p,2, 0x5FF); /* ? */ - + DEBUG(5,("do_nt_transact_create_pipe: open name = %s\n", fname)); - + /* Send the required number of replies */ send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, params, 69, *ppdata, 0); - + return -1; } @@ -923,17 +933,15 @@ static int do_nt_transact_create_pipe( connection_struct *conn, Internal fn to set security descriptors. ****************************************************************************/ -static BOOL set_sd(files_struct *fsp, char *data, uint32 sd_len, uint32 security_info_sent, int *pdef_class,uint32 *pdef_code) +static NTSTATUS set_sd(files_struct *fsp, char *data, uint32 sd_len, uint32 security_info_sent) { prs_struct pd; SEC_DESC *psd = NULL; TALLOC_CTX *mem_ctx; BOOL ret; - + if (sd_len == 0) { - *pdef_class = ERRDOS; - *pdef_code = ERRbadaccess; - return False; + return NT_STATUS_OK; } /* @@ -942,9 +950,7 @@ static BOOL set_sd(files_struct *fsp, char *data, uint32 sd_len, uint32 security if ((mem_ctx = talloc_init()) == NULL) { DEBUG(0,("set_sd: talloc_init failed.\n")); - *pdef_class = ERRDOS; - *pdef_code = ERRnomem; - return False; + return NT_STATUS_NO_MEMORY; } prs_init(&pd, 0, mem_ctx, UNMARSHALL); @@ -966,11 +972,9 @@ static BOOL set_sd(files_struct *fsp, char *data, uint32 sd_len, uint32 security * Return access denied for want of a better error message.. */ talloc_destroy(mem_ctx); - *pdef_class = ERRDOS; - *pdef_code = ERRnomem; - return False; + return NT_STATUS_NO_MEMORY; } - + if (psd->off_owner_sid==0) security_info_sent &= ~OWNER_SECURITY_INFORMATION; if (psd->off_grp_sid==0) @@ -981,19 +985,15 @@ static BOOL set_sd(files_struct *fsp, char *data, uint32 sd_len, uint32 security security_info_sent &= ~DACL_SECURITY_INFORMATION; ret = fsp->conn->vfs_ops.fset_nt_acl( fsp, fsp->fd, security_info_sent, psd); - + if (!ret) { talloc_destroy(mem_ctx); - *pdef_class = ERRDOS; - *pdef_code = ERRnoaccess; - return False; + return NT_STATUS_ACCESS_DENIED; } - + talloc_destroy(mem_ctx); - - *pdef_class = 0; - *pdef_code = 0; - return True; + + return NT_STATUS_OK; } /**************************************************************************** @@ -1005,304 +1005,307 @@ static int call_nt_transact_create(connection_struct *conn, int bufsize, char **ppsetup, char **ppparams, char **ppdata) { - pstring fname; - char *params = *ppparams; - char *data = *ppdata; - int total_parameter_count = (int)IVAL(inbuf, smb_nt_TotalParameterCount); - /* Breakout the oplock request bits so we can set the - reply bits separately. */ - int oplock_request = 0; - mode_t unixmode; - int fmode=0,rmode=0; - SMB_OFF_T file_len = 0; - SMB_STRUCT_STAT sbuf; - int smb_action = 0; - BOOL bad_path = False; - files_struct *fsp = NULL; - char *p = NULL; - uint32 flags; - uint32 desired_access; - uint32 file_attributes; - uint32 share_access; - uint32 create_disposition; - uint32 create_options; - uint32 sd_len; - uint16 root_dir_fid; - int smb_ofun; - int smb_open_mode; - int smb_attr; - int error_class; - uint32 error_code; - time_t c_time; - - DEBUG(5,("call_nt_transact_create\n")); + pstring fname; + char *params = *ppparams; + char *data = *ppdata; + int total_parameter_count = (int)IVAL(inbuf, smb_nt_TotalParameterCount); + /* Breakout the oplock request bits so we can set the reply bits separately. */ + int oplock_request = 0; + mode_t unixmode; + int fmode=0,rmode=0; + SMB_OFF_T file_len = 0; + SMB_STRUCT_STAT sbuf; + int smb_action = 0; + BOOL bad_path = False; + files_struct *fsp = NULL; + char *p = NULL; + uint32 flags; + uint32 desired_access; + uint32 file_attributes; + uint32 share_access; + uint32 create_disposition; + uint32 create_options; + uint32 sd_len; + uint16 root_dir_fid; + int smb_ofun; + int smb_open_mode; + int smb_attr; + time_t c_time; + NTSTATUS nt_status; - /* - * If it's an IPC, use the pipe handler. - */ + DEBUG(5,("call_nt_transact_create\n")); + + /* + * If it's an IPC, use the pipe handler. + */ - if (IS_IPC(conn)) { + if (IS_IPC(conn)) { if (lp_nt_pipe_support()) return do_nt_transact_create_pipe(conn, inbuf, outbuf, length, bufsize, ppsetup, ppparams, ppdata); else return ERROR_DOS(ERRDOS,ERRbadaccess); - } + } - /* - * Ensure minimum number of parameters sent. - */ + /* + * Ensure minimum number of parameters sent. + */ - if(total_parameter_count < 54) { - DEBUG(0,("call_nt_transact_create - insufficient parameters (%u)\n", (unsigned int)total_parameter_count)); - return ERROR_DOS(ERRDOS,ERRbadaccess); - } + if(total_parameter_count < 54) { + DEBUG(0,("call_nt_transact_create - insufficient parameters (%u)\n", (unsigned int)total_parameter_count)); + return ERROR_DOS(ERRDOS,ERRbadaccess); + } - flags = IVAL(params,0); - desired_access = IVAL(params,8); - file_attributes = IVAL(params,20); - share_access = IVAL(params,24); - create_disposition = IVAL(params,28); - create_options = IVAL(params,32); - sd_len = IVAL(params,36); - root_dir_fid = (uint16)IVAL(params,4); - smb_attr = (file_attributes & SAMBA_ATTRIBUTES_MASK); + flags = IVAL(params,0); + desired_access = IVAL(params,8); + file_attributes = IVAL(params,20); + share_access = IVAL(params,24); + create_disposition = IVAL(params,28); + create_options = IVAL(params,32); + sd_len = IVAL(params,36); + root_dir_fid = (uint16)IVAL(params,4); + smb_attr = (file_attributes & SAMBA_ATTRIBUTES_MASK); - /* - * We need to construct the open_and_X ofun value from the - * NT values, as that's what our code is structured to accept. - */ + /* + * We need to construct the open_and_X ofun value from the + * NT values, as that's what our code is structured to accept. + */ - if((smb_ofun = map_create_disposition( create_disposition )) == -1) - return ERROR_DOS(ERRDOS,ERRbadmem); + if((smb_ofun = map_create_disposition( create_disposition )) == -1) + return ERROR_DOS(ERRDOS,ERRbadmem); - /* - * Get the file name. - */ + /* + * Get the file name. + */ - if(root_dir_fid != 0) { - /* - * This filename is relative to a directory fid. - */ + if(root_dir_fid != 0) { + /* + * This filename is relative to a directory fid. + */ - files_struct *dir_fsp = file_fsp(params,4); - size_t dir_name_len; + files_struct *dir_fsp = file_fsp(params,4); + size_t dir_name_len; - if(!dir_fsp) - return ERROR_DOS(ERRDOS,ERRbadfid); + if(!dir_fsp) + return ERROR_DOS(ERRDOS,ERRbadfid); - if(!dir_fsp->is_directory) { - /* - * Check to see if this is a mac fork of some kind. - */ + if(!dir_fsp->is_directory) { - srvstr_pull(inbuf, fname, params+53, sizeof(fname), -1, STR_TERMINATE); + srvstr_pull(inbuf, fname, params+53, sizeof(fname), total_parameter_count-53, STR_TERMINATE); - if( strchr_m(fname, ':')) { - return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND); - } + /* + * Check to see if this is a mac fork of some kind. + */ - return ERROR_DOS(ERRDOS,ERRbadfid); - } + if( strchr_m(fname, ':')) + return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND); - /* - * Copy in the base directory name. - */ + return ERROR_DOS(ERRDOS,ERRbadfid); + } - pstrcpy( fname, dir_fsp->fsp_name ); - dir_name_len = strlen(fname); + /* + * Copy in the base directory name. + */ - /* - * Ensure it ends in a '\'. - */ + pstrcpy( fname, dir_fsp->fsp_name ); + dir_name_len = strlen(fname); - if((fname[dir_name_len-1] != '\\') && (fname[dir_name_len-1] != '/')) { - pstrcat(fname, "\\"); - dir_name_len++; - } + /* + * Ensure it ends in a '\'. + */ - srvstr_pull(inbuf, &fname[dir_name_len], params+53, sizeof(fname)-dir_name_len, - -1, STR_TERMINATE); - } else { - srvstr_pull(inbuf, fname, params+53, sizeof(fname), -1, STR_TERMINATE); - } + if((fname[dir_name_len-1] != '\\') && (fname[dir_name_len-1] != '/')) { + pstrcat(fname, "\\"); + dir_name_len++; + } - /* - * Now contruct the smb_open_mode value from the desired access - * and the share access. - */ + srvstr_pull(inbuf, &fname[dir_name_len], params+53, sizeof(fname)-dir_name_len, + total_parameter_count-53, STR_TERMINATE); + } else { + srvstr_pull(inbuf, fname, params+53, sizeof(fname), total_parameter_count-53, STR_TERMINATE); + + /* + * Check to see if this is a mac fork of some kind. + */ - if((smb_open_mode = map_share_mode( fname, create_options, &desired_access, - share_access, file_attributes)) == -1) - return ERROR_DOS(ERRDOS,ERRbadaccess); + if( strchr_m(fname, ':')) + return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND); + } - oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0; - oplock_request |= (flags & REQUEST_BATCH_OPLOCK) ? BATCH_OPLOCK : 0; + /* + * Now contruct the smb_open_mode value from the desired access + * and the share access. + */ - /* - * Check if POSIX semantics are wanted. - */ + if((smb_open_mode = map_share_mode( fname, create_options, &desired_access, + share_access, file_attributes)) == -1) + return ERROR_DOS(ERRDOS,ERRbadaccess); - set_posix_case_semantics(file_attributes); + oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0; + oplock_request |= (flags & REQUEST_BATCH_OPLOCK) ? BATCH_OPLOCK : 0; + + /* + * Check if POSIX semantics are wanted. + */ + + set_posix_case_semantics(file_attributes); - RESOLVE_DFSPATH(fname, conn, inbuf, outbuf); + RESOLVE_DFSPATH(fname, conn, inbuf, outbuf); - unix_convert(fname,conn,0,&bad_path,&sbuf); + unix_convert(fname,conn,0,&bad_path,&sbuf); - unixmode = unix_mode(conn,smb_attr | aARCH, fname); + unixmode = unix_mode(conn,smb_attr | aARCH, fname); - /* - * If it's a request for a directory open, deal with it separately. - */ + /* + * If it's a request for a directory open, deal with it separately. + */ - if(create_options & FILE_DIRECTORY_FILE) { + if(create_options & FILE_DIRECTORY_FILE) { - oplock_request = 0; + oplock_request = 0; - /* - * We will get a create directory here if the Win32 - * app specified a security descriptor in the - * CreateDirectory() call. - */ + /* + * We will get a create directory here if the Win32 + * app specified a security descriptor in the + * CreateDirectory() call. + */ - fsp = open_directory(conn, fname, &sbuf, desired_access, smb_open_mode, smb_ofun, unixmode, &smb_action); + fsp = open_directory(conn, fname, &sbuf, desired_access, smb_open_mode, smb_ofun, unixmode, &smb_action); - if(!fsp) { - restore_case_semantics(file_attributes); - set_bad_path_error(errno, bad_path); - return(UNIXERROR(ERRDOS,ERRnoaccess)); - } + if(!fsp) { + restore_case_semantics(file_attributes); + set_bad_path_error(errno, bad_path); + return(UNIXERROR(ERRDOS,ERRnoaccess)); + } - } else { + } else { - /* - * Ordinary file case. - */ + /* + * Ordinary file case. + */ - fsp = open_file_shared1(conn,fname,&sbuf,desired_access, - smb_open_mode,smb_ofun,unixmode, - oplock_request,&rmode,&smb_action); + fsp = open_file_shared1(conn,fname,&sbuf,desired_access, + smb_open_mode,smb_ofun,unixmode, + oplock_request,&rmode,&smb_action); - if (!fsp) { + if (!fsp) { - if(errno == EISDIR) { + if(errno == EISDIR) { - /* - * Fail the open if it was explicitly a non-directory file. - */ + /* + * Fail the open if it was explicitly a non-directory file. + */ - if (create_options & FILE_NON_DIRECTORY_FILE) { - restore_case_semantics(file_attributes); - SSVAL(outbuf, smb_flg2, - SVAL(outbuf,smb_flg2) | FLAGS2_32_BIT_ERROR_CODES); - return ERROR_NT(NT_STATUS_FILE_IS_A_DIRECTORY); - } + if (create_options & FILE_NON_DIRECTORY_FILE) { + restore_case_semantics(file_attributes); + SSVAL(outbuf, smb_flg2, SVAL(outbuf,smb_flg2) | FLAGS2_32_BIT_ERROR_CODES); + return ERROR_NT(NT_STATUS_FILE_IS_A_DIRECTORY); + } - oplock_request = 0; - fsp = open_directory(conn, fname, &sbuf, desired_access, smb_open_mode, smb_ofun, unixmode, &smb_action); + oplock_request = 0; + fsp = open_directory(conn, fname, &sbuf, desired_access, smb_open_mode, smb_ofun, unixmode, &smb_action); - if(!fsp) { + if(!fsp) { + restore_case_semantics(file_attributes); + set_bad_path_error(errno, bad_path); + return(UNIXERROR(ERRDOS,ERRnoaccess)); + } + } else { restore_case_semantics(file_attributes); set_bad_path_error(errno, bad_path); return(UNIXERROR(ERRDOS,ERRnoaccess)); } - } else { - - restore_case_semantics(file_attributes); - set_bad_path_error(errno, bad_path); - return(UNIXERROR(ERRDOS,ERRnoaccess)); - } - } + } - file_len = sbuf.st_size; - fmode = dos_mode(conn,fname,&sbuf); - if(fmode == 0) - fmode = FILE_ATTRIBUTE_NORMAL; + file_len = sbuf.st_size; + fmode = dos_mode(conn,fname,&sbuf); + if(fmode == 0) + fmode = FILE_ATTRIBUTE_NORMAL; - if (fmode & aDIR) { - close_file(fsp,False); - restore_case_semantics(file_attributes); - return ERROR_DOS(ERRDOS,ERRnoaccess); - } + if (fmode & aDIR) { + close_file(fsp,False); + restore_case_semantics(file_attributes); + return ERROR_DOS(ERRDOS,ERRnoaccess); + } - /* - * If the caller set the extended oplock request bit - * and we granted one (by whatever means) - set the - * correct bit for extended oplock reply. - */ + /* + * If the caller set the extended oplock request bit + * and we granted one (by whatever means) - set the + * correct bit for extended oplock reply. + */ - if (oplock_request && lp_fake_oplocks(SNUM(conn))) - smb_action |= EXTENDED_OPLOCK_GRANTED; + if (oplock_request && lp_fake_oplocks(SNUM(conn))) + smb_action |= EXTENDED_OPLOCK_GRANTED; - if(oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) - smb_action |= EXTENDED_OPLOCK_GRANTED; - } - - /* - * Now try and apply the desired SD. - */ + if(oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) + smb_action |= EXTENDED_OPLOCK_GRANTED; + } - if (!set_sd( fsp, data, sd_len, ALL_SECURITY_INFORMATION, &error_class, &error_code)) { - close_file(fsp,False); - restore_case_semantics(file_attributes); - return ERROR_DOS(error_class, error_code); - } + /* + * Now try and apply the desired SD. + */ - restore_case_semantics(file_attributes); + if (sd_len && !NT_STATUS_IS_OK(nt_status = set_sd( fsp, data, sd_len, ALL_SECURITY_INFORMATION))) { + close_file(fsp,False); + restore_case_semantics(file_attributes); + return ERROR_NT(nt_status); + } + + restore_case_semantics(file_attributes); - /* Realloc the size of parameters and data we will return */ - params = Realloc(*ppparams, 69); - if(params == NULL) - return ERROR_DOS(ERRDOS,ERRnomem); + /* Realloc the size of parameters and data we will return */ + params = Realloc(*ppparams, 69); + if(params == NULL) + return ERROR_DOS(ERRDOS,ERRnomem); - *ppparams = params; + *ppparams = params; - memset((char *)params,'\0',69); + memset((char *)params,'\0',69); - p = params; - if (smb_action & EXTENDED_OPLOCK_GRANTED) - SCVAL(p,0, BATCH_OPLOCK_RETURN); - else if (LEVEL_II_OPLOCK_TYPE(fsp->oplock_type)) - SCVAL(p,0, LEVEL_II_OPLOCK_RETURN); - else - SCVAL(p,0,NO_OPLOCK_RETURN); + p = params; + if (smb_action & EXTENDED_OPLOCK_GRANTED) + SCVAL(p,0, BATCH_OPLOCK_RETURN); + else if (LEVEL_II_OPLOCK_TYPE(fsp->oplock_type)) + SCVAL(p,0, LEVEL_II_OPLOCK_RETURN); + else + SCVAL(p,0,NO_OPLOCK_RETURN); - p += 2; - SSVAL(p,0,fsp->fnum); - p += 2; - SIVAL(p,0,smb_action); - p += 8; - - /* Create time. */ - c_time = get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn))); - - if (lp_dos_filetime_resolution(SNUM(conn))) { - c_time &= ~1; - sbuf.st_atime &= ~1; - sbuf.st_mtime &= ~1; - sbuf.st_mtime &= ~1; - } + p += 2; + SSVAL(p,0,fsp->fnum); + p += 2; + SIVAL(p,0,smb_action); + p += 8; - put_long_date(p,c_time); - p += 8; - put_long_date(p,sbuf.st_atime); /* access time */ - p += 8; - put_long_date(p,sbuf.st_mtime); /* write time */ - p += 8; - put_long_date(p,sbuf.st_mtime); /* change time */ - p += 8; - SIVAL(p,0,fmode); /* File Attributes. */ - p += 4; - SOFF_T(p, 0, SMB_ROUNDUP_ALLOCATION(file_len)); - p += 8; - SOFF_T(p,0,file_len); - - DEBUG(5,("call_nt_transact_create: open name = %s\n", fname)); - - /* Send the required number of replies */ - send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, params, 69, *ppdata, 0); + /* Create time. */ + c_time = get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn))); - return -1; + if (lp_dos_filetime_resolution(SNUM(conn))) { + c_time &= ~1; + sbuf.st_atime &= ~1; + sbuf.st_mtime &= ~1; + sbuf.st_mtime &= ~1; + } + + put_long_date(p,c_time); + p += 8; + put_long_date(p,sbuf.st_atime); /* access time */ + p += 8; + put_long_date(p,sbuf.st_mtime); /* write time */ + p += 8; + put_long_date(p,sbuf.st_mtime); /* change time */ + p += 8; + SIVAL(p,0,fmode); /* File Attributes. */ + p += 4; + SOFF_T(p, 0, SMB_ROUNDUP_ALLOCATION(file_len)); + p += 8; + SOFF_T(p,0,file_len); + + DEBUG(5,("call_nt_transact_create: open name = %s\n", fname)); + + /* Send the required number of replies */ + send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, params, 69, *ppdata, 0); + + return -1; } /**************************************************************************** @@ -1560,8 +1563,7 @@ static int call_nt_transact_set_security_desc(connection_struct *conn, uint32 total_data_count = (uint32)IVAL(inbuf, smb_nts_TotalDataCount); files_struct *fsp = NULL; uint32 security_info_sent = 0; - int error_class; - uint32 error_code; + NTSTATUS nt_status; if(total_parameter_count < 8) return ERROR_DOS(ERRDOS,ERRbadfunc); @@ -1577,8 +1579,11 @@ static int call_nt_transact_set_security_desc(connection_struct *conn, DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n", fsp->fsp_name, (unsigned int)security_info_sent )); - if (!set_sd( fsp, data, total_data_count, security_info_sent, &error_class, &error_code)) - return ERROR_DOS(error_class, error_code); + if (total_data_count == 0) + return ERROR_DOS(ERRDOS, ERRbadaccess); + + if (!NT_STATUS_IS_OK(nt_status = set_sd( fsp, data, total_data_count, security_info_sent))) + return ERROR_NT(nt_status); done: @@ -1589,18 +1594,19 @@ static int call_nt_transact_set_security_desc(connection_struct *conn, /**************************************************************************** Reply to IOCTL - not implemented - no plans. ****************************************************************************/ + static int call_nt_transact_ioctl(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, char **ppsetup, char **ppparams, char **ppdata) { - static BOOL logged_message = False; + static BOOL logged_message = False; - if(!logged_message) { - DEBUG(0,("call_nt_transact_ioctl: Currently not implemented.\n")); - logged_message = True; /* Only print this once... */ - } - return ERROR_DOS(ERRSRV,ERRnosupport); + if(!logged_message) { + DEBUG(3,("call_nt_transact_ioctl: Currently not implemented.\n")); + logged_message = True; /* Only print this once... */ + } + return ERROR_DOS(ERRSRV,ERRnosupport); } /**************************************************************************** diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 29a854a3974..8c6e8ed805c 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -87,7 +87,7 @@ static void check_for_pipe(char *fname) ****************************************************************************/ static BOOL open_file(files_struct *fsp,connection_struct *conn, - char *fname1,SMB_STRUCT_STAT *psbuf,int flags,mode_t mode, uint32 desired_access) + const char *fname1,SMB_STRUCT_STAT *psbuf,int flags,mode_t mode, uint32 desired_access) { extern struct current_user current_user; pstring fname; @@ -169,11 +169,15 @@ static BOOL open_file(files_struct *fsp,connection_struct *conn, if (fsp->fd == -1) ret = vfs_stat(conn, fname, psbuf); - else + else { ret = vfs_fstat(fsp,fsp->fd,psbuf); + /* If we have an fd, this stat should succeed. */ + if (ret == -1) + DEBUG(0,("Error doing fstat on open file %s (%s)\n", fname,strerror(errno) )); + } + /* For a non-io open, this stat failing means file not found. JRA */ if (ret == -1) { - DEBUG(0,("Error doing fstat on open file %s (%s)\n", fname,strerror(errno) )); fd_close(conn, fsp); return False; } @@ -1046,7 +1050,7 @@ flags=0x%X flags2=0x%X mode=0%o returned %d\n", Open a file for for write to ensure that we can fchmod it. ****************************************************************************/ -files_struct *open_file_fchmod(connection_struct *conn, char *fname, SMB_STRUCT_STAT *psbuf) +files_struct *open_file_fchmod(connection_struct *conn, const char *fname, SMB_STRUCT_STAT *psbuf) { files_struct *fsp = NULL; BOOL fsp_open; @@ -1058,7 +1062,9 @@ files_struct *open_file_fchmod(connection_struct *conn, char *fname, SMB_STRUCT_ if(!fsp) return NULL; - fsp_open = open_file(fsp,conn,fname,psbuf,O_WRONLY,0,0); + /* note! we must use a non-zero desired access or we don't get + a real file descriptor. Oh what a twisted web we weave. */ + fsp_open = open_file(fsp,conn,fname,psbuf,O_WRONLY,0,FILE_WRITE_DATA); /* * This is not a user visible file open. @@ -1158,7 +1164,7 @@ files_struct *open_directory(connection_struct *conn, char *fname, SMB_STRUCT_ST */ if(!got_stat) { - DEBUG(0,("open_directory: unable to stat name = %s. Error was %s\n", + DEBUG(3,("open_directory: unable to stat name = %s. Error was %s\n", fname, strerror(errno) )); file_free(fsp); return NULL; diff --git a/source3/smbd/oplock.c b/source3/smbd/oplock.c index 23606f1d147..14b243b36ed 100644 --- a/source3/smbd/oplock.c +++ b/source3/smbd/oplock.c @@ -72,34 +72,69 @@ BOOL oplock_message_waiting(fd_set *fds) ****************************************************************************/ -BOOL receive_local_message(fd_set *fds, char *buffer, int buffer_len, int timeout) +BOOL receive_local_message( char *buffer, int buffer_len, int timeout) { struct sockaddr_in from; - int fromlen = sizeof(from); + socklen_t fromlen = sizeof(from); int32 msg_len = 0; + fd_set fds; + int selrtn = -1; + FD_ZERO(&fds); smb_read_error = 0; - if(timeout != 0) { + /* + * We need to check for kernel oplocks before going into the select + * here, as the EINTR generated by the linux kernel oplock may have + * already been eaten. JRA. + */ + + if (koplocks && koplocks->msg_waiting(&fds)) { + return koplocks->receive_message(&fds, buffer, buffer_len); + } + + while (timeout > 0 && selrtn == -1) { struct timeval to; - int selrtn; int maxfd = oplock_sock; + time_t starttime = time(NULL); - if (koplocks && koplocks->notification_fd != -1) { - FD_SET(koplocks->notification_fd, fds); - maxfd = MAX(maxfd, koplocks->notification_fd); - } + FD_ZERO(&fds); + maxfd = setup_oplock_select_set(&fds); to.tv_sec = timeout / 1000; to.tv_usec = (timeout % 1000) * 1000; - selrtn = sys_select(maxfd+1,fds,NULL,NULL,&to); + DEBUG(5,("receive_local_message: doing select with timeout of %d ms\n", timeout)); + + selrtn = sys_select(maxfd+1,&fds,NULL,NULL,&to); if (selrtn == -1 && errno == EINTR) { + /* could be a kernel oplock interrupt */ - if (koplocks && koplocks->msg_waiting(fds)) { - return koplocks->receive_message(fds, buffer, buffer_len); + if (koplocks && koplocks->msg_waiting(&fds)) { + return koplocks->receive_message(&fds, buffer, buffer_len); + } + + /* + * Linux 2.0.x seems to have a bug in that + * it can return -1, EINTR with a timeout of zero. + * Make sure we bail out here with a read timeout + * if we got EINTR on a timeout of 1 or less. + */ + + if (timeout <= 1) { + smb_read_error = READ_TIMEOUT; + return False; } + + /* Not a kernel interrupt - could be a SIGUSR1 message. We must restart. */ + /* We need to decrement the timeout here. */ + timeout -= ((time(NULL) - starttime)*1000); + if (timeout < 0) + timeout = 1; + + DEBUG(5,("receive_local_message: EINTR : new timeout %d ms\n", timeout)); + continue; } /* Check if error */ @@ -116,11 +151,11 @@ BOOL receive_local_message(fd_set *fds, char *buffer, int buffer_len, int timeou } } - if (koplocks && koplocks->msg_waiting(fds)) { - return koplocks->receive_message(fds, buffer, buffer_len); + if (koplocks && koplocks->msg_waiting(&fds)) { + return koplocks->receive_message(&fds, buffer, buffer_len); } - if (!FD_ISSET(oplock_sock, fds)) + if (!FD_ISSET(oplock_sock, &fds)) return False; /* @@ -131,7 +166,7 @@ BOOL receive_local_message(fd_set *fds, char *buffer, int buffer_len, int timeou /* * Read a loopback udp message. */ - msg_len = recvfrom(oplock_sock, &buffer[OPBRK_CMD_HEADER_LEN], + msg_len = sys_recvfrom(oplock_sock, &buffer[OPBRK_CMD_HEADER_LEN], buffer_len - OPBRK_CMD_HEADER_LEN, 0, (struct sockaddr *)&from, &fromlen); if(msg_len < 0) { @@ -417,7 +452,7 @@ oplocks. Returning success.\n")); toaddr.sin_port = htons(from_port); toaddr.sin_family = AF_INET; - if(sendto( oplock_sock, msg_start, OPLOCK_BREAK_MSG_LEN, 0, + if(sys_sendto( oplock_sock, msg_start, OPLOCK_BREAK_MSG_LEN, 0, (struct sockaddr *)&toaddr, sizeof(toaddr)) < 0) { DEBUG(0,("process_local_message: sendto process %d failed. Errno was %s\n", (int)remotepid, strerror(errno))); @@ -930,7 +965,7 @@ dev = %x, inode = %.0f, file_id = %lu and no fsp found !\n", (unsigned int)dev, (double)inode, file_id ); } - if(sendto(oplock_sock,op_break_msg,OPLOCK_BREAK_MSG_LEN,0, + if(sys_sendto(oplock_sock,op_break_msg,OPLOCK_BREAK_MSG_LEN,0, (struct sockaddr *)&addr_out,sizeof(addr_out)) < 0) { if( DEBUGLVL( 0 ) ) { dbgtext( "request_oplock_break: failed when sending a oplock " ); @@ -967,16 +1002,8 @@ dev = %x, inode = %.0f, file_id = %lu and no fsp found !\n", char op_break_reply[OPBRK_CMD_HEADER_LEN+OPLOCK_BREAK_MSG_LEN]; uint16 reply_from_port; char *reply_msg_start; - fd_set fds; - - FD_ZERO(&fds); - FD_SET(oplock_sock,&fds); - - if (koplocks && koplocks->notification_fd != -1) { - FD_SET(koplocks->notification_fd, &fds); - } - if(receive_local_message(&fds, op_break_reply, sizeof(op_break_reply), + if(receive_local_message(op_break_reply, sizeof(op_break_reply), time_left ? time_left * 1000 : 1) == False) { if(smb_read_error == READ_TIMEOUT) { if( DEBUGLVL( 0 ) ) { diff --git a/source3/smbd/oplock_irix.c b/source3/smbd/oplock_irix.c index 14f6de27c44..ffcf3d0af4d 100644 --- a/source3/smbd/oplock_irix.c +++ b/source3/smbd/oplock_irix.c @@ -56,7 +56,7 @@ static BOOL irix_oplocks_available(void) unlink(tmpname); - if(fcntl(fd, F_OPLKREG, pfd[1]) == -1) { + if(sys_fcntl_long(fd, F_OPLKREG, pfd[1]) == -1) { DEBUG(0,("check_kernel_oplocks: Kernel oplocks are not available on this machine. \ Disabling kernel oplock support.\n" )); close(pfd[0]); @@ -65,7 +65,7 @@ Disabling kernel oplock support.\n" )); return False; } - if(fcntl(fd, F_OPLKACK, OP_REVOKE) < 0 ) { + if(sys_fcntl_long(fd, F_OPLKACK, OP_REVOKE) < 0 ) { DEBUG(0,("check_kernel_oplocks: Error when removing kernel oplock. Error was %s. \ Disabling kernel oplock support.\n", strerror(errno) )); close(pfd[0]); @@ -99,7 +99,7 @@ static BOOL irix_oplock_receive_message(fd_set *fds, char *buffer, int buffer_le */ if(read(oplock_pipe_read, &dummy, 1) != 1) { - DEBUG(0,("receive_local_message: read of kernel notification failed. \ + DEBUG(0,("irix_oplock_receive_message: read of kernel notification failed. \ Error was %s.\n", strerror(errno) )); smb_read_error = READ_ERROR; return False; @@ -111,8 +111,8 @@ Error was %s.\n", strerror(errno) )); * request outstanding. */ - if(fcntl(oplock_pipe_read, F_OPLKSTAT, &os) < 0) { - DEBUG(0,("receive_local_message: fcntl of kernel notification failed. \ + if(sys_fcntl_ptr(oplock_pipe_read, F_OPLKSTAT, &os) < 0) { + DEBUG(0,("irix_oplock_receive_message: fcntl of kernel notification failed. \ Error was %s.\n", strerror(errno) )); if(errno == EAGAIN) { /* @@ -131,12 +131,12 @@ Error was %s.\n", strerror(errno) )); */ if ((fsp = file_find_di_first((SMB_DEV_T)os.os_dev, (SMB_INO_T)os.os_ino)) == NULL) { - DEBUG(0,("receive_local_message: unable to find open file with dev = %x, inode = %.0f\n", + DEBUG(0,("irix_oplock_receive_message: unable to find open file with dev = %x, inode = %.0f\n", (unsigned int)os.os_dev, (double)os.os_ino )); return False; } - DEBUG(5,("receive_local_message: kernel oplock break request received for \ + DEBUG(5,("irix_oplock_receive_message: kernel oplock break request received for \ dev = %x, inode = %.0f\n, file_id = %ul", (unsigned int)fsp->dev, (double)fsp->inode, fsp->file_id )); /* @@ -164,21 +164,21 @@ dev = %x, inode = %.0f\n, file_id = %ul", (unsigned int)fsp->dev, (double)fsp->i static BOOL irix_set_kernel_oplock(files_struct *fsp, int oplock_type) { - if (fcntl(fsp->fd, F_OPLKREG, oplock_pipe_write) == -1) { + if (sys_fcntl_long(fsp->fd, F_OPLKREG, oplock_pipe_write) == -1) { if(errno != EAGAIN) { - DEBUG(0,("set_file_oplock: Unable to get kernel oplock on file %s, dev = %x, \ + DEBUG(0,("irix_set_kernel_oplock: Unable to get kernel oplock on file %s, dev = %x, \ inode = %.0f, file_id = %ul. Error was %s\n", fsp->fsp_name, (unsigned int)fsp->dev, (double)fsp->inode, fsp->file_id, strerror(errno) )); } else { - DEBUG(5,("set_file_oplock: Refused oplock on file %s, fd = %d, dev = %x, \ + DEBUG(5,("irix_set_kernel_oplock: Refused oplock on file %s, fd = %d, dev = %x, \ inode = %.0f, file_id = %ul. Another process had the file open.\n", fsp->fsp_name, fsp->fd, (unsigned int)fsp->dev, (double)fsp->inode, fsp->file_id )); } return False; } - DEBUG(10,("set_file_oplock: got kernel oplock on file %s, dev = %x, inode = %.0f, file_id = %ul\n", + DEBUG(10,("irix_set_kernel_oplock: got kernel oplock on file %s, dev = %x, inode = %.0f, file_id = %ul\n", fsp->fsp_name, (unsigned int)fsp->dev, (double)fsp->inode, fsp->file_id)); return True; @@ -195,8 +195,8 @@ static void irix_release_kernel_oplock(files_struct *fsp) * Check and print out the current kernel * oplock state of this file. */ - int state = fcntl(fsp->fd, F_OPLKACK, -1); - dbgtext("release_kernel_oplock: file %s, dev = %x, inode = %.0f file_id = %ul, has kernel \ + int state = sys_fcntl_long(fsp->fd, F_OPLKACK, -1); + dbgtext("irix_release_kernel_oplock: file %s, dev = %x, inode = %.0f file_id = %ul, has kernel \ oplock state of %x.\n", fsp->fsp_name, (unsigned int)fsp->dev, (double)fsp->inode, fsp->file_id, state ); } @@ -204,9 +204,9 @@ oplock state of %x.\n", fsp->fsp_name, (unsigned int)fsp->dev, /* * Remove the kernel oplock on this file. */ - if(fcntl(fsp->fd, F_OPLKACK, OP_REVOKE) < 0) { + if(sys_fcntl_long(fsp->fd, F_OPLKACK, OP_REVOKE) < 0) { if( DEBUGLVL( 0 )) { - dbgtext("release_kernel_oplock: Error when removing kernel oplock on file " ); + dbgtext("irix_release_kernel_oplock: Error when removing kernel oplock on file " ); dbgtext("%s, dev = %x, inode = %.0f, file_id = %ul. Error was %s\n", fsp->fsp_name, (unsigned int)fsp->dev, (double)fsp->inode, fsp->file_id, strerror(errno) ); diff --git a/source3/smbd/oplock_linux.c b/source3/smbd/oplock_linux.c index d9465783807..85f89c12a06 100644 --- a/source3/smbd/oplock_linux.c +++ b/source3/smbd/oplock_linux.c @@ -22,9 +22,9 @@ #if HAVE_KERNEL_OPLOCKS_LINUX -static VOLATILE sig_atomic_t signals_received; -static VOLATILE sig_atomic_t signals_processed; -static VOLATILE sig_atomic_t fd_pending; /* the fd of the current pending signal */ +static SIG_ATOMIC_T signals_received; +#define FD_PENDING_SIZE 100 +static SIG_ATOMIC_T fd_pending_array[FD_PENDING_SIZE]; #ifndef F_SETLEASE #define F_SETLEASE 1024 @@ -52,9 +52,10 @@ static VOLATILE sig_atomic_t fd_pending; /* the fd of the current pending signal static void signal_handler(int sig, siginfo_t *info, void *unused) { - BlockSignals(True, sig); - fd_pending = (sig_atomic_t)info->si_fd; - signals_received++; + if (signals_received < FD_PENDING_SIZE - 1) { + fd_pending_array[signals_received] = (SIG_ATOMIC_T)info->si_fd; + signals_received++; + } /* Else signal is lost. */ sys_select_signal(); } @@ -124,20 +125,28 @@ static int linux_setlease(int fd, int leasetype) static BOOL linux_oplock_receive_message(fd_set *fds, char *buffer, int buffer_len) { - BOOL ret = True; + int fd; struct files_struct *fsp; - if (signals_received == signals_processed) - return False; + BlockSignals(True, RT_SIGNAL_LEASE); + fd = fd_pending_array[0]; + fsp = file_find_fd(fd); + fd_pending_array[0] = (SIG_ATOMIC_T)-1; + if (signals_received > 1) + memmove((void *)&fd_pending_array[0], (void *)&fd_pending_array[1], + sizeof(SIG_ATOMIC_T)*(signals_received-1)); + signals_received--; + /* now we can receive more signals */ + BlockSignals(False, RT_SIGNAL_LEASE); - if ((fsp = file_find_fd(fd_pending)) == NULL) { - DEBUG(0,("Invalid file descriptor %d in kernel oplock break!\n", (int)fd_pending)); - ret = False; - goto out; + if (fsp == NULL) { + DEBUG(0,("Invalid file descriptor %d in kernel oplock break!\n", (int)fd)); + return False; } - DEBUG(3,("receive_local_message: kernel oplock break request received for \ -dev = %x, inode = %.0f\n", (unsigned int)fsp->dev, (double)fsp->inode )); + DEBUG(3,("linux_oplock_receive_message: kernel oplock break request received for \ +dev = %x, inode = %.0f fd = %d, fileid = %lu \n", (unsigned int)fsp->dev, (double)fsp->inode, + fd, fsp->file_id)); /* * Create a kernel oplock break message. @@ -155,13 +164,7 @@ dev = %x, inode = %.0f\n", (unsigned int)fsp->dev, (double)fsp->inode )); memcpy(buffer + KERNEL_OPLOCK_BREAK_INODE_OFFSET, (char *)&fsp->inode, sizeof(fsp->inode)); memcpy(buffer + KERNEL_OPLOCK_BREAK_FILEID_OFFSET, (char *)&fsp->file_id, sizeof(fsp->file_id)); - out: - /* now we can receive more signals */ - fd_pending = (sig_atomic_t)-1; - signals_processed++; - BlockSignals(False, RT_SIGNAL_LEASE); - - return ret; + return True; } /**************************************************************************** @@ -171,14 +174,14 @@ dev = %x, inode = %.0f\n", (unsigned int)fsp->dev, (double)fsp->inode )); static BOOL linux_set_kernel_oplock(files_struct *fsp, int oplock_type) { if (linux_setlease(fsp->fd, F_WRLCK) == -1) { - DEBUG(3,("set_file_oplock: Refused oplock on file %s, fd = %d, dev = %x, \ + DEBUG(3,("linux_set_kernel_oplock: Refused oplock on file %s, fd = %d, dev = %x, \ inode = %.0f. (%s)\n", fsp->fsp_name, fsp->fd, (unsigned int)fsp->dev, (double)fsp->inode, strerror(errno))); return False; } - DEBUG(3,("set_file_oplock: got kernel oplock on file %s, dev = %x, inode = %.0f, file_id = %lu\n", + DEBUG(3,("linux_set_kernel_oplock: got kernel oplock on file %s, dev = %x, inode = %.0f, file_id = %lu\n", fsp->fsp_name, (unsigned int)fsp->dev, (double)fsp->inode, fsp->file_id)); return True; @@ -196,7 +199,7 @@ static void linux_release_kernel_oplock(files_struct *fsp) * oplock state of this file. */ int state = fcntl(fsp->fd, F_GETLEASE, 0); - dbgtext("release_kernel_oplock: file %s, dev = %x, inode = %.0f file_id = %lu has kernel \ + dbgtext("linux_release_kernel_oplock: file %s, dev = %x, inode = %.0f file_id = %lu has kernel \ oplock state of %x.\n", fsp->fsp_name, (unsigned int)fsp->dev, (double)fsp->inode, fsp->file_id, state ); } @@ -206,7 +209,7 @@ oplock state of %x.\n", fsp->fsp_name, (unsigned int)fsp->dev, */ if (linux_setlease(fsp->fd, F_UNLCK) == -1) { if (DEBUGLVL(0)) { - dbgtext("release_kernel_oplock: Error when removing kernel oplock on file " ); + dbgtext("linux_release_kernel_oplock: Error when removing kernel oplock on file " ); dbgtext("%s, dev = %x, inode = %.0f, file_id = %lu. Error was %s\n", fsp->fsp_name, (unsigned int)fsp->dev, (double)fsp->inode, fsp->file_id, strerror(errno) ); @@ -244,7 +247,7 @@ static BOOL linux_kernel_oplock_parse(char *msg_start, int msg_len, SMB_INO_T *i static BOOL linux_oplock_msg_waiting(fd_set *fds) { - return signals_processed != signals_received; + return signals_received != 0; } /**************************************************************************** diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 629157f22d8..82c0cef77d7 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -259,9 +259,19 @@ int register_vuid(auth_serversupplied_info *server_info, char *smb_name) { /* Keep the homedir handy */ const char *homedir = pdb_get_homedir(server_info->sam_account); + const char *unix_homedir = pdb_get_unix_homedir(server_info->sam_account); + const char *logon_script = pdb_get_logon_script(server_info->sam_account); if (homedir) { vuser->homedir = smb_xstrdup(homedir); } + + if (unix_homedir) { + vuser->unix_homedir = smb_xstrdup(unix_homedir); + } + + if (logon_script) { + vuser->logon_script = smb_xstrdup(logon_script); + } } memcpy(vuser->session_key, server_info->session_key, sizeof(vuser->session_key)); @@ -279,7 +289,7 @@ int register_vuid(auth_serversupplied_info *server_info, char *smb_name) /* Find all the groups this uid is in and store them. Used by change_to_user() */ initialise_groups(vuser->user.unix_name, vuser->uid, vuser->gid); - get_current_groups( &vuser->n_groups, &vuser->groups); + get_current_groups(vuser->gid, &vuser->n_groups, &vuser->groups); if (server_info->ptok) add_supplementary_nt_login_groups(&vuser->n_groups, &vuser->groups, &server_info->ptok); @@ -301,9 +311,11 @@ int register_vuid(auth_serversupplied_info *server_info, char *smb_name) } /* Register a home dir service for this user */ - if ((!vuser->guest) && vuser->homedir && *(vuser->homedir) + if ((!vuser->guest) && vuser->unix_homedir && *(vuser->unix_homedir) && (lp_servicenumber(vuser->user.unix_name) < 0)) { - add_home_service(vuser->user.unix_name, vuser->homedir); + vuser->homes_snum = add_home_service(vuser->user.unix_name, vuser->user.unix_name, vuser->unix_homedir); + } else { + vuser->homes_snum = -1; } return vuser->vuid; @@ -336,7 +348,7 @@ void add_session_user(char *user) /**************************************************************************** check if a username is valid ****************************************************************************/ -BOOL user_ok(char *user,int snum) +BOOL user_ok(const char *user,int snum) { char **valid, **invalid; BOOL ret; @@ -345,27 +357,27 @@ BOOL user_ok(char *user,int snum) ret = True; if (lp_invalid_users(snum)) { - lp_list_copy(&invalid, lp_invalid_users(snum)); - if (invalid && lp_list_substitute(invalid, "%S", lp_servicename(snum))) { + str_list_copy(&invalid, lp_invalid_users(snum)); + if (invalid && str_list_substitute(invalid, "%S", lp_servicename(snum))) { ret = !user_in_list(user, invalid); } } - if (invalid) lp_list_free (&invalid); + if (invalid) str_list_free (&invalid); if (ret && lp_valid_users(snum)) { - lp_list_copy(&valid, lp_valid_users(snum)); - if (valid && lp_list_substitute(valid, "%S", lp_servicename(snum))) { + str_list_copy(&valid, lp_valid_users(snum)); + if (valid && str_list_substitute(valid, "%S", lp_servicename(snum))) { ret = user_in_list(user,valid); } } - if (valid) lp_list_free (&valid); + if (valid) str_list_free (&valid); if (ret && lp_onlyuser(snum)) { - char **user_list = lp_list_make (lp_username(snum)); - if (user_list && lp_list_substitute(user_list, "%S", lp_servicename(snum))) { + char **user_list = str_list_make (lp_username(snum)); + if (user_list && str_list_substitute(user_list, "%S", lp_servicename(snum))) { ret = user_in_list(user, user_list); } - if (user_list) lp_list_free (&user_list); + if (user_list) str_list_free (&user_list); } return(ret); @@ -462,42 +474,17 @@ static char *validate_group(char *group, DATA_BLOB password,int snum) ****************************************************************************/ BOOL authorise_login(int snum,char *user, DATA_BLOB password, - BOOL *guest,BOOL *force,uint16 vuid) + BOOL *guest) { BOOL ok = False; - user_struct *vuser = get_valid_user_struct(vuid); - + #if DEBUG_PASSWORD - DEBUG(100,("authorise_login: checking authorisation on user=%s pass=%s vuid=%d\n", - user,password.data, vuid)); + DEBUG(100,("authorise_login: checking authorisation on user=%s pass=%s\n", + user,password.data)); #endif *guest = False; - if (GUEST_ONLY(snum)) - *force = True; - - if (!GUEST_ONLY(snum) && (lp_security() > SEC_SHARE)) { - - /* - * We should just use the given vuid from a sessionsetup_and_X. - */ - - if (!vuser) { - DEBUG(1,("authorise_login: refusing user '%s' with no session setup\n", user)); - return False; - } - - if ((!vuser->guest && user_ok(vuser->user.unix_name,snum)) || - (vuser->guest && GUEST_OK(snum))) { - fstrcpy(user,vuser->user.unix_name); - *guest = vuser->guest; - DEBUG(3,("authorise_login: ACCEPTED: validated based on vuid as %sguest \ -(user=%s)\n", vuser->guest ? "" : "non-", user)); - return True; - } - } - /* there are several possibilities: 1) login as the given user with given password 2) login as a previously registered username with the given password @@ -510,84 +497,61 @@ BOOL authorise_login(int snum,char *user, DATA_BLOB password, if the service is guest_only then steps 1 to 5 are skipped */ - if (!(GUEST_ONLY(snum) && GUEST_OK(snum))) { - /* check for a previously registered guest username */ - if (!ok && (vuser != 0) && vuser->guest) { - if (user_ok(vuser->user.unix_name,snum) && - password_ok(vuser->user.unix_name, password)) { - fstrcpy(user, vuser->user.unix_name); - *guest = False; - DEBUG(3,("authorise_login: ACCEPTED: given password with registered user %s\n", user)); + /* now check the list of session users */ + if (!ok) { + char *auser; + char *user_list = strdup(session_users); + if (!user_list) + return(False); + + for (auser=strtok(user_list,LIST_SEP); !ok && auser; + auser = strtok(NULL,LIST_SEP)) { + fstring user2; + fstrcpy(user2,auser); + if (!user_ok(user2,snum)) + continue; + + if (password_ok(user2,password)) { ok = True; + fstrcpy(user,user2); + DEBUG(3,("authorise_login: ACCEPTED: session list username (%s) \ +and given password ok\n", user)); } } - - /* now check the list of session users */ - if (!ok) { - char *auser; - char *user_list = strdup(session_users); - if (!user_list) - return(False); - - for (auser=strtok(user_list,LIST_SEP); !ok && auser; - auser = strtok(NULL,LIST_SEP)) { + + SAFE_FREE(user_list); + } + + /* check the user= fields and the given password */ + if (!ok && lp_username(snum)) { + char *auser; + pstring user_list; + StrnCpy(user_list,lp_username(snum),sizeof(pstring)); + + pstring_sub(user_list,"%S",lp_servicename(snum)); + + for (auser=strtok(user_list,LIST_SEP); auser && !ok; + auser = strtok(NULL,LIST_SEP)) { + if (*auser == '@') { + auser = validate_group(auser+1,password,snum); + if (auser) { + ok = True; + fstrcpy(user,auser); + DEBUG(3,("authorise_login: ACCEPTED: group username \ +and given password ok (%s)\n", user)); + } + } else { fstring user2; fstrcpy(user2,auser); - if (!user_ok(user2,snum)) - continue; - - if (password_ok(user2,password)) { + if (user_ok(user2,snum) && password_ok(user2,password)) { ok = True; fstrcpy(user,user2); - DEBUG(3,("authorise_login: ACCEPTED: session list username (%s) \ -and given password ok\n", user)); - } - } - - SAFE_FREE(user_list); - } - - /* check for a previously validated username/password pair */ - if (!ok && (lp_security() > SEC_SHARE) && (vuser != 0) && !vuser->guest && - user_ok(vuser->user.unix_name,snum)) { - fstrcpy(user,vuser->user.unix_name); - *guest = False; - DEBUG(3,("authorise_login: ACCEPTED: validated uid (%s) as non-guest\n", - user)); - ok = True; - } - - /* check the user= fields and the given password */ - if (!ok && lp_username(snum)) { - char *auser; - pstring user_list; - StrnCpy(user_list,lp_username(snum),sizeof(pstring)); - - pstring_sub(user_list,"%S",lp_servicename(snum)); - - for (auser=strtok(user_list,LIST_SEP); auser && !ok; - auser = strtok(NULL,LIST_SEP)) { - if (*auser == '@') { - auser = validate_group(auser+1,password,snum); - if (auser) { - ok = True; - fstrcpy(user,auser); - DEBUG(3,("authorise_login: ACCEPTED: group username \ + DEBUG(3,("authorise_login: ACCEPTED: user list username \ and given password ok (%s)\n", user)); - } - } else { - fstring user2; - fstrcpy(user2,auser); - if (user_ok(user2,snum) && password_ok(user2,password)) { - ok = True; - fstrcpy(user,user2); - DEBUG(3,("authorise_login: ACCEPTED: user list username \ -and given password ok (%s)\n", user)); - } } } } - } /* not guest only */ + } /* check for a normal guest connection */ if (!ok && GUEST_OK(snum)) { diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c index 6c1e6efa735..f7e9c595c13 100644 --- a/source3/smbd/pipes.c +++ b/source3/smbd/pipes.c @@ -50,7 +50,7 @@ int reply_open_pipe_and_X(connection_struct *conn, int i; /* XXXX we need to handle passed times, sattr and flags */ - srvstr_pull(inbuf, pipe_name, smb_buf(inbuf), sizeof(pipe_name), -1, STR_TERMINATE); + srvstr_pull_buf(inbuf, pipe_name, smb_buf(inbuf), sizeof(pipe_name), STR_TERMINATE); /* If the name doesn't start \PIPE\ then this is directed */ /* at a mailslot or something we really, really don't understand, */ diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 9c8835214fb..85818d524a3 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -104,7 +104,7 @@ static void print_canon_ace(canon_ace *pace, int num) dbgtext( "canon_ace index %d. Type = %s ", num, pace->attr == ALLOW_ACE ? "allow" : "deny" ); dbgtext( "SID = %s ", sid_to_string( str, &pace->trustee)); if (pace->owner_type == UID_ACE) { - char *u_name = uidtoname(pace->unix_ug.uid); + const char *u_name = uidtoname(pace->unix_ug.uid); dbgtext( "uid %u (%s) ", (unsigned int)pace->unix_ug.uid, u_name); } else if (pace->owner_type == GID_ACE) { char *g_name = gidtoname(pace->unix_ug.gid); @@ -439,9 +439,15 @@ static BOOL unpack_nt_owners(SMB_STRUCT_STAT *psbuf, uid_t *puser, gid_t *pgrp, if (security_info_sent & OWNER_SECURITY_INFORMATION) { sid_copy(&owner_sid, psd->owner_sid); if (!sid_to_uid( &owner_sid, puser, &sid_type)) { +#if ACL_FORCE_UNMAPPABLE + /* this allows take ownership to work reasonably */ + extern struct current_user current_user; + *puser = current_user.uid; +#else DEBUG(3,("unpack_nt_owners: unable to validate owner sid for %s\n", sid_string_static(&owner_sid))); return False; +#endif } } @@ -453,8 +459,14 @@ static BOOL unpack_nt_owners(SMB_STRUCT_STAT *psbuf, uid_t *puser, gid_t *pgrp, if (security_info_sent & GROUP_SECURITY_INFORMATION) { sid_copy(&grp_sid, psd->grp_sid); if (!sid_to_gid( &grp_sid, pgrp, &sid_type)) { +#if ACL_FORCE_UNMAPPABLE + /* this allows take group ownership to work reasonably */ + extern struct current_user current_user; + *pgrp = current_user.gid; +#else DEBUG(3,("unpack_nt_owners: unable to validate group sid.\n")); return False; +#endif } } @@ -467,7 +479,7 @@ static BOOL unpack_nt_owners(SMB_STRUCT_STAT *psbuf, uid_t *puser, gid_t *pgrp, Ensure the enforced permissions for this share apply. ****************************************************************************/ -static mode_t apply_default_perms(files_struct *fsp, mode_t perms, mode_t type) +static void apply_default_perms(files_struct *fsp, canon_ace *pace, mode_t type) { int snum = SNUM(fsp->conn); mode_t and_bits = (mode_t)0; @@ -486,6 +498,10 @@ static mode_t apply_default_perms(files_struct *fsp, mode_t perms, mode_t type) /* Now bounce them into the S_USR space. */ switch(type) { case S_IRUSR: + /* Ensure owner has read access. */ + pace->perms |= S_IRUSR; + if (fsp->is_directory) + pace->perms |= (S_IWUSR|S_IXUSR); and_bits = unix_perms_to_acl_perms(and_bits, S_IRUSR, S_IWUSR, S_IXUSR); or_bits = unix_perms_to_acl_perms(or_bits, S_IRUSR, S_IWUSR, S_IXUSR); break; @@ -499,7 +515,34 @@ static mode_t apply_default_perms(files_struct *fsp, mode_t perms, mode_t type) break; } - return ((perms & and_bits)|or_bits); + pace->perms = ((pace->perms & and_bits)|or_bits); +} + +/**************************************************************************** + Check if a given uid/SID is in a group gid/SID. This is probably very + expensive and will need optimisation. A *lot* of optimisation :-). JRA. +****************************************************************************/ + +static BOOL uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace ) +{ + extern DOM_SID global_sid_World; + fstring u_name; + fstring g_name; + + /* "Everyone" always matches every uid. */ + + if (sid_equal(&group_ace->trustee, &global_sid_World)) + return True; + + fstrcpy(u_name, uidtoname(uid_ace->unix_ug.uid)); + fstrcpy(g_name, gidtoname(group_ace->unix_ug.gid)); + + /* + * Due to the winbind interfaces we need to do this via names, + * not uids/gids. + */ + + return user_in_group_list(u_name, g_name ); } /**************************************************************************** @@ -524,24 +567,16 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace, BOOL got_user = False; BOOL got_grp = False; BOOL got_other = False; + canon_ace *pace_other = NULL; + canon_ace *pace_group = NULL; for (pace = *pp_ace; pace; pace = pace->next) { if (pace->type == SMB_ACL_USER_OBJ) { - if (setting_acl) { - /* Ensure owner has read access. */ - pace->perms |= S_IRUSR; - if (fsp->is_directory) - pace->perms |= (S_IWUSR|S_IXUSR); - - /* - * Ensure create mask/force create mode is respected on set. - */ - - pace->perms = apply_default_perms(fsp, pace->perms, S_IRUSR); - } - + if (setting_acl) + apply_default_perms(fsp, pace, S_IRUSR); got_user = True; + } else if (pace->type == SMB_ACL_GROUP_OBJ) { /* @@ -549,8 +584,10 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace, */ if (setting_acl) - pace->perms = apply_default_perms(fsp, pace->perms, S_IRGRP); + apply_default_perms(fsp, pace, S_IRGRP); got_grp = True; + pace_group = pace; + } else if (pace->type == SMB_ACL_OTHER) { /* @@ -558,8 +595,9 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace, */ if (setting_acl) - pace->perms = apply_default_perms(fsp, pace->perms, S_IROTH); + apply_default_perms(fsp, pace, S_IROTH); got_other = True; + pace_other = pace; } } @@ -574,9 +612,21 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace, pace->owner_type = UID_ACE; pace->unix_ug.uid = pst->st_uid; pace->trustee = *pfile_owner_sid; - pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRUSR, S_IWUSR, S_IXUSR); pace->attr = ALLOW_ACE; + if (setting_acl) { + /* If we only got an "everyone" perm, just use that. */ + if (!got_grp && got_other) + pace->perms = pace_other->perms; + else if (got_grp && uid_entry_in_group(pace, pace_group)) + pace->perms = pace_group->perms; + else + pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRUSR, S_IWUSR, S_IXUSR); + apply_default_perms(fsp, pace, S_IRUSR); + } else { + pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRUSR, S_IWUSR, S_IXUSR); + } + DLIST_ADD(*pp_ace, pace); } @@ -591,8 +641,17 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace, pace->owner_type = GID_ACE; pace->unix_ug.uid = pst->st_gid; pace->trustee = *pfile_grp_sid; - pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRGRP, S_IWGRP, S_IXGRP); pace->attr = ALLOW_ACE; + if (setting_acl) { + /* If we only got an "everyone" perm, just use that. */ + if (got_other) + pace->perms = pace_other->perms; + else + pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRGRP, S_IWGRP, S_IXGRP); + apply_default_perms(fsp, pace, S_IRGRP); + } else { + pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRGRP, S_IWGRP, S_IXGRP); + } DLIST_ADD(*pp_ace, pace); } @@ -608,8 +667,9 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace, pace->owner_type = WORLD_ACE; pace->unix_ug.world = -1; pace->trustee = global_sid_World; - pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IROTH, S_IWOTH, S_IXOTH); pace->attr = ALLOW_ACE; + pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IROTH, S_IWOTH, S_IXOTH); + apply_default_perms(fsp, pace, S_IROTH); DLIST_ADD(*pp_ace, pace); } @@ -918,33 +978,6 @@ Deny entry after Allow entry. Failing to set on file %s.\n", fsp->fsp_name )); return True; } -/**************************************************************************** - Check if a given uid/SID is in a group gid/SID. This is probably very - expensive and will need optimisation. A *lot* of optimisation :-). JRA. -****************************************************************************/ - -static BOOL uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace ) -{ - extern DOM_SID global_sid_World; - fstring u_name; - fstring g_name; - - /* "Everyone" always matches every uid. */ - - if (sid_equal(&group_ace->trustee, &global_sid_World)) - return True; - - fstrcpy(u_name, uidtoname(uid_ace->unix_ug.uid)); - fstrcpy(g_name, gidtoname(group_ace->unix_ug.gid)); - - /* - * Due to the winbind interfaces we need to do this via names, - * not uids/gids. - */ - - return user_in_group_list(u_name, g_name ); -} - /**************************************************************************** ASCII art time again... JRA :-). @@ -1996,6 +2029,52 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc) return sd_size; } +/* + try to chown a file. We will be able to chown it under the following conditions + + 1) if we have root privileges, then it will just work + 2) if we have write permission to the file and dos_filemodes is set + then allow chown to the currently authenticated user. + + */ +static int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid) +{ + int ret; + extern struct current_user current_user; + files_struct *fsp; + SMB_STRUCT_STAT st; + + /* try the direct way first */ + ret = vfs_chown(conn, fname, uid, gid); + if (ret == 0) + return 0; + + if(!CAN_WRITE(conn) || !lp_dos_filemode(SNUM(conn))) + return -1; + + if (vfs_stat(conn,fname,&st)) + return -1; + + fsp = open_file_fchmod(conn,fname,&st); + if (!fsp) + return -1; + + /* only allow chown to the current user. This is more secure, + and also copes with the case where the SID in a take ownership ACL is + a local SID on the users workstation + */ + uid = current_user.uid; + + become_root(); + /* Keep the current file gid the same. */ + ret = vfswrap_fchown(fsp, fsp->fd, uid, (gid_t)-1); + unbecome_root(); + + close_file_fchmod(fsp); + + return ret; +} + /**************************************************************************** Reply to set a security descriptor on an fsp. security_info_sent is the description of the following NT ACL. @@ -2052,7 +2131,7 @@ BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) DEBUG(3,("set_nt_acl: chown %s. uid = %u, gid = %u.\n", fsp->fsp_name, (unsigned int)user, (unsigned int)grp )); - if(vfs_chown( fsp->conn, fsp->fsp_name, user, grp) == -1) { + if(try_chown( fsp->conn, fsp->fsp_name, user, grp) == -1) { DEBUG(3,("set_nt_acl: chown %s, %u, %u failed. Error = %s.\n", fsp->fsp_name, (unsigned int)user, (unsigned int)grp, strerror(errno) )); return False; @@ -2308,6 +2387,7 @@ BOOL directory_has_default_acl(connection_struct *conn, const char *fname) if (dir_acl != NULL && (conn->vfs_ops.sys_acl_get_entry(conn, dir_acl, SMB_ACL_FIRST_ENTRY, &entry) == 1)) has_acl = True; - conn->vfs_ops.sys_acl_free_acl(conn, dir_acl); + if (dir_acl) + conn->vfs_ops.sys_acl_free_acl(conn, dir_acl); return has_acl; } diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 007621f6bb2..43d3c6c5314 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -42,8 +42,8 @@ extern int last_message; extern int global_oplock_break; extern userdom_struct current_user_info; extern int smb_read_error; -extern VOLATILE sig_atomic_t reload_after_sighup; -extern VOLATILE sig_atomic_t got_sig_term; +SIG_ATOMIC_T reload_after_sighup; +SIG_ATOMIC_T got_sig_term; extern BOOL global_machine_password_needs_changing; extern fstring global_myworkgroup; extern pstring global_myname; @@ -109,10 +109,12 @@ BOOL push_oplock_pending_smb_message(char *buf, int msg_len) oplock messages, change notify events etc. ****************************************************************************/ -static void async_processing(fd_set *fds, char *buffer, int buffer_len) +static void async_processing(char *buffer, int buffer_len) { + DEBUG(10,("async_processing: Doing async processing.\n")); + /* check for oplock messages (both UDP and kernel) */ - if (receive_local_message(fds, buffer, buffer_len, 0)) { + if (receive_local_message(buffer, buffer_len, 1)) { process_local_message(buffer, buffer_len); } @@ -193,6 +195,27 @@ static BOOL receive_message_or_smb(char *buffer, int buffer_len, int timeout) */ FD_ZERO(&fds); + + /* + * Ensure we process oplock break messages by preference. + * We have to do this before the select, after the select + * and if the select returns EINTR. This is due to the fact + * that the selects called from async_processing can eat an EINTR + * caused by a signal (we can't take the break message there). + * This is hideously complex - *MUST* be simplified for 3.0 ! JRA. + */ + + if (oplock_message_waiting(&fds)) { + DEBUG(10,("receive_message_or_smb: oplock_message is waiting.\n")); + async_processing(buffer, buffer_len); + /* + * After async processing we must go and do the select again, as + * the state of the flag in fds for the server file descriptor is + * indeterminate - we may have done I/O on it in the oplock processing. JRA. + */ + goto again; + } + FD_SET(smbd_server_fd(),&fds); maxfd = setup_oplock_select_set(&fds); @@ -206,7 +229,7 @@ static BOOL receive_message_or_smb(char *buffer, int buffer_len, int timeout) is the best we can do until the oplock code knows more about signals */ if (selrtn == -1 && errno == EINTR) { - async_processing(&fds, buffer, buffer_len); + async_processing(buffer, buffer_len); /* * After async processing we must go and do the select again, as * the state of the flag in fds for the server file descriptor is @@ -235,7 +258,7 @@ static BOOL receive_message_or_smb(char *buffer, int buffer_len, int timeout) */ if (oplock_message_waiting(&fds)) { - async_processing(&fds, buffer, buffer_len); + async_processing(buffer, buffer_len); /* * After async processing we must go and do the select again, as * the state of the flag in fds for the server file descriptor is @@ -275,7 +298,6 @@ BOOL receive_next_smb(char *inbuf, int bufsize, int timeout) void respond_to_all_remaining_local_messages(void) { char buffer[1024]; - fd_set fds; /* * Assert we have no exclusive open oplocks. @@ -287,24 +309,13 @@ void respond_to_all_remaining_local_messages(void) return; } - /* - * Setup the select read fd set. - */ - - FD_ZERO(&fds); - if(!setup_oplock_select_set(&fds)) - return; - /* * Keep doing receive_local_message with a 1 ms timeout until * we have no more messages. */ - while(receive_local_message(&fds, buffer, sizeof(buffer), 1)) { + while(receive_local_message(buffer, sizeof(buffer), 1)) { /* Deal with oplock break requests from other smbd's. */ process_local_message(buffer, sizeof(buffer)); - - FD_ZERO(&fds); - (void)setup_oplock_select_set(&fds); } return; @@ -829,10 +840,6 @@ set. Ignoring max smbd restriction.\n")); ****************************************************************************/ void process_smb(char *inbuf, char *outbuf) { -#ifdef WITH_SSL - extern BOOL sslEnabled; /* don't use function for performance reasons */ - static int sslConnected = 0; -#endif /* WITH_SSL */ static int trans_num; int msg_type = CVAL(inbuf,0); int32 len = smb_len(inbuf); @@ -860,18 +867,6 @@ void process_smb(char *inbuf, char *outbuf) DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type, len ) ); DEBUG( 3, ( "Transaction %d of length %d\n", trans_num, nread ) ); -#ifdef WITH_SSL - if(sslEnabled && !sslConnected){ - sslConnected = sslutil_negotiate_ssl(smbd_server_fd(), msg_type); - if(sslConnected < 0){ /* an error occured */ - exit_server("SSL negotiation failed"); - }else if(sslConnected){ - trans_num++; - return; - } - } -#endif /* WITH_SSL */ - if (msg_type == 0) show_msg(inbuf); else if(msg_type == SMBkeepalive) diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index fbb981781fd..0ccdf7c241b 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -163,10 +163,10 @@ int reply_tcon(connection_struct *conn, *service = *password = *dev = 0; p = smb_buf(inbuf)+1; - p += srvstr_pull(inbuf, service, p, sizeof(service), -1, STR_TERMINATE) + 1; - pwlen = srvstr_pull(inbuf, password, p, sizeof(password), -1, STR_TERMINATE) + 1; + p += srvstr_pull_buf(inbuf, service, p, sizeof(service), STR_TERMINATE) + 1; + pwlen = srvstr_pull_buf(inbuf, password, p, sizeof(password), STR_TERMINATE) + 1; p += pwlen; - p += srvstr_pull(inbuf, dev, p, sizeof(dev), -1, STR_TERMINATE) + 1; + p += srvstr_pull_buf(inbuf, dev, p, sizeof(dev), STR_TERMINATE) + 1; p = strrchr_m(service,'\\'); if (p) { @@ -233,7 +233,7 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt } p = smb_buf(inbuf) + passlen; - p += srvstr_pull(inbuf, path, p, sizeof(path), -1, STR_TERMINATE); + p += srvstr_pull_buf(inbuf, path, p, sizeof(path), STR_TERMINATE); /* * the service name can be either: \\server\share @@ -377,7 +377,7 @@ int reply_chkpth(connection_struct *conn, char *inbuf,char *outbuf, int dum_size SMB_STRUCT_STAT sbuf; START_PROFILE(SMBchkpth); - srvstr_pull(inbuf, name, smb_buf(inbuf) + 1, sizeof(name), -1, STR_TERMINATE); + srvstr_pull_buf(inbuf, name, smb_buf(inbuf) + 1, sizeof(name), STR_TERMINATE); RESOLVE_DFSPATH(name, conn, inbuf, outbuf); @@ -429,7 +429,7 @@ int reply_getatr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size START_PROFILE(SMBgetatr); p = smb_buf(inbuf) + 1; - p += srvstr_pull(inbuf, fname, p, sizeof(fname), -1, STR_TERMINATE); + p += srvstr_pull_buf(inbuf, fname, p, sizeof(fname), STR_TERMINATE); RESOLVE_DFSPATH(fname, conn, inbuf, outbuf); @@ -505,7 +505,7 @@ int reply_setatr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size START_PROFILE(SMBsetatr); p = smb_buf(inbuf) + 1; - p += srvstr_pull(inbuf, fname, p, sizeof(fname), -1, STR_TERMINATE); + p += srvstr_pull_buf(inbuf, fname, p, sizeof(fname), STR_TERMINATE); unix_convert(fname,conn,0,&bad_path,&sbuf); mode = SVAL(inbuf,smb_vwv0); @@ -542,23 +542,46 @@ int reply_setatr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size ****************************************************************************/ int reply_dskattr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize) { - int outsize = 0; - SMB_BIG_UINT dfree,dsize,bsize; - START_PROFILE(SMBdskattr); - - conn->vfs_ops.disk_free(conn,".",True,&bsize,&dfree,&dsize); - - outsize = set_message(outbuf,5,0,True); + int outsize = 0; + SMB_BIG_UINT dfree,dsize,bsize; + START_PROFILE(SMBdskattr); + + conn->vfs_ops.disk_free(conn,".",True,&bsize,&dfree,&dsize); - SSVAL(outbuf,smb_vwv0,dsize); - SSVAL(outbuf,smb_vwv1,bsize/512); - SSVAL(outbuf,smb_vwv2,512); - SSVAL(outbuf,smb_vwv3,dfree); + outsize = set_message(outbuf,5,0,True); + + if (Protocol <= PROTOCOL_LANMAN2) { + double total_space, free_space; + /* we need to scale this to a number that DOS6 can handle. We + use floating point so we can handle large drives on systems + that don't have 64 bit integers - DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree)); + we end up displaying a maximum of 2G to DOS systems + */ + total_space = dsize * (double)bsize; + free_space = dfree * (double)bsize; - END_PROFILE(SMBdskattr); - return(outsize); + dsize = (total_space+63*512) / (64*512); + dfree = (free_space+63*512) / (64*512); + + if (dsize > 0xFFFF) dsize = 0xFFFF; + if (dfree > 0xFFFF) dfree = 0xFFFF; + + SSVAL(outbuf,smb_vwv0,dsize); + SSVAL(outbuf,smb_vwv1,64); /* this must be 64 for dos systems */ + SSVAL(outbuf,smb_vwv2,512); /* and this must be 512 */ + SSVAL(outbuf,smb_vwv3,dfree); + } else { + SSVAL(outbuf,smb_vwv0,dsize); + SSVAL(outbuf,smb_vwv1,bsize/512); + SSVAL(outbuf,smb_vwv2,512); + SSVAL(outbuf,smb_vwv3,dfree); + } + + DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree)); + + END_PROFILE(SMBdskattr); + return(outsize); } @@ -602,7 +625,7 @@ int reply_search(connection_struct *conn, char *inbuf,char *outbuf, int dum_size maxentries = SVAL(inbuf,smb_vwv0); dirtype = SVAL(inbuf,smb_vwv1); p = smb_buf(inbuf) + 1; - p += srvstr_pull(inbuf, path, p, sizeof(path), -1, STR_TERMINATE); + p += srvstr_pull_buf(inbuf, path, p, sizeof(path), STR_TERMINATE); p++; status_len = SVAL(p, 0); p += 2; @@ -783,7 +806,7 @@ int reply_fclose(connection_struct *conn, char *inbuf,char *outbuf, int dum_size outsize = set_message(outbuf,1,0,True); p = smb_buf(inbuf) + 1; - p += srvstr_pull(inbuf, path, p, sizeof(path), -1, STR_TERMINATE); + p += srvstr_pull_buf(inbuf, path, p, sizeof(path), STR_TERMINATE); p++; status_len = SVAL(p,0); p += 2; @@ -831,7 +854,7 @@ int reply_open(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, share_mode = SVAL(inbuf,smb_vwv0); - srvstr_pull(inbuf, fname, smb_buf(inbuf)+1, sizeof(fname), -1, STR_TERMINATE); + srvstr_pull_buf(inbuf, fname, smb_buf(inbuf)+1, sizeof(fname), STR_TERMINATE); RESOLVE_DFSPATH(fname, conn, inbuf, outbuf); @@ -921,7 +944,7 @@ int reply_open_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt } /* XXXX we need to handle passed times, sattr and flags */ - srvstr_pull(inbuf, fname, smb_buf(inbuf), sizeof(fname), -1, STR_TERMINATE); + srvstr_pull_buf(inbuf, fname, smb_buf(inbuf), sizeof(fname), STR_TERMINATE); RESOLVE_DFSPATH(fname, conn, inbuf, outbuf); @@ -1040,7 +1063,7 @@ int reply_mknew(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, com = SVAL(inbuf,smb_com); createmode = SVAL(inbuf,smb_vwv0); - srvstr_pull(inbuf, fname, smb_buf(inbuf) + 1, sizeof(fname), -1, STR_TERMINATE); + srvstr_pull_buf(inbuf, fname, smb_buf(inbuf) + 1, sizeof(fname), STR_TERMINATE); RESOLVE_DFSPATH(fname, conn, inbuf, outbuf); @@ -1112,7 +1135,7 @@ int reply_ctemp(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, START_PROFILE(SMBctemp); createmode = SVAL(inbuf,smb_vwv0); - srvstr_pull(inbuf, fname, smb_buf(inbuf)+1, sizeof(fname), -1, STR_TERMINATE); + srvstr_pull_buf(inbuf, fname, smb_buf(inbuf)+1, sizeof(fname), STR_TERMINATE); pstrcat(fname,"\\TMXXXXXX"); RESOLVE_DFSPATH(fname, conn, inbuf, outbuf); @@ -1370,7 +1393,7 @@ int reply_unlink(connection_struct *conn, char *inbuf,char *outbuf, int dum_size dirtype = SVAL(inbuf,smb_vwv0); - srvstr_pull(inbuf, name, smb_buf(inbuf) + 1, sizeof(name), -1, STR_TERMINATE); + srvstr_pull_buf(inbuf, name, smb_buf(inbuf) + 1, sizeof(name), STR_TERMINATE); RESOLVE_DFSPATH(name, conn, inbuf, outbuf); @@ -2719,7 +2742,7 @@ int reply_mkdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, NTSTATUS status; START_PROFILE(SMBmkdir); - srvstr_pull(inbuf, directory, smb_buf(inbuf) + 1, sizeof(directory), -1, STR_TERMINATE); + srvstr_pull_buf(inbuf, directory, smb_buf(inbuf) + 1, sizeof(directory), STR_TERMINATE); status = mkdir_internal(conn, directory); if (!NT_STATUS_IS_OK(status)) @@ -2880,7 +2903,7 @@ int reply_rmdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, SMB_STRUCT_STAT sbuf; START_PROFILE(SMBrmdir); - srvstr_pull(inbuf, directory, smb_buf(inbuf) + 1, sizeof(directory), -1, STR_TERMINATE); + srvstr_pull_buf(inbuf, directory, smb_buf(inbuf) + 1, sizeof(directory), STR_TERMINATE); RESOLVE_DFSPATH(directory, conn, inbuf, outbuf) @@ -3241,9 +3264,9 @@ int reply_mv(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, START_PROFILE(SMBmv); p = smb_buf(inbuf) + 1; - p += srvstr_pull(inbuf, name, p, sizeof(name), -1, STR_TERMINATE); + p += srvstr_pull_buf(inbuf, name, p, sizeof(name), STR_TERMINATE); p++; - p += srvstr_pull(inbuf, newname, p, sizeof(newname), -1, STR_TERMINATE); + p += srvstr_pull_buf(inbuf, newname, p, sizeof(newname), STR_TERMINATE); RESOLVE_DFSPATH(name, conn, inbuf, outbuf); RESOLVE_DFSPATH(newname, conn, inbuf, outbuf); @@ -3373,8 +3396,8 @@ int reply_copy(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, *directory = *mask = 0; p = smb_buf(inbuf); - p += srvstr_pull(inbuf, name, p, sizeof(name), -1, STR_TERMINATE); - p += srvstr_pull(inbuf, newname, p, sizeof(newname), -1, STR_TERMINATE); + p += srvstr_pull_buf(inbuf, name, p, sizeof(name), STR_TERMINATE); + p += srvstr_pull_buf(inbuf, newname, p, sizeof(newname), STR_TERMINATE); DEBUG(3,("reply_copy : %s -> %s\n",name,newname)); @@ -3526,7 +3549,7 @@ int reply_setdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size return ERROR_DOS(ERRDOS,ERRnoaccess); } - srvstr_pull(inbuf, newdir, smb_buf(inbuf) + 1, sizeof(newdir), -1, STR_TERMINATE); + srvstr_pull_buf(inbuf, newdir, smb_buf(inbuf) + 1, sizeof(newdir), STR_TERMINATE); if (strlen(newdir) == 0) { ok = True; diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c index 87bf8b17443..bdcdce6e145 100644 --- a/source3/smbd/sec_ctx.c +++ b/source3/smbd/sec_ctx.c @@ -132,29 +132,39 @@ static void gain_root(void) Get the list of current groups. ****************************************************************************/ -int get_current_groups(int *p_ngroups, gid_t **p_groups) +int get_current_groups(gid_t gid, int *p_ngroups, gid_t **p_groups) { int i; gid_t grp; - int ngroups = sys_getgroups(0,&grp); - gid_t *groups; + int ngroups; + gid_t *groups = NULL; (*p_ngroups) = 0; (*p_groups) = NULL; - if (ngroups <= 0) - return -1; + /* this looks a little strange, but is needed to cope with + systems that put the current egid in the group list + returned from getgroups() (tridge) */ + save_re_gid(); + set_effective_gid(gid); + setgid(gid); - if((groups = (gid_t *)malloc(sizeof(gid_t)*ngroups)) == NULL) { + ngroups = sys_getgroups(0,&grp); + if (ngroups <= 0) { + goto fail; + } + + if((groups = (gid_t *)malloc(sizeof(gid_t)*(ngroups+1))) == NULL) { DEBUG(0,("setup_groups malloc fail !\n")); - return -1; + goto fail; } if ((ngroups = sys_getgroups(ngroups,groups)) == -1) { - SAFE_FREE(groups); - return -1; + goto fail; } + restore_re_gid(); + (*p_ngroups) = ngroups; (*p_groups) = groups; @@ -164,7 +174,12 @@ int get_current_groups(int *p_ngroups, gid_t **p_groups) } DEBUG( 3, ( "\n" ) ); - return ngroups; + return ngroups; + +fail: + SAFE_FREE(groups); + restore_re_gid(); + return -1; } /**************************************************************************** @@ -204,7 +219,7 @@ BOOL initialise_groups(char *user, uid_t uid, gid_t gid) SAFE_FREE(prev_ctx_p->groups); prev_ctx_p->ngroups = 0; - get_current_groups(&prev_ctx_p->ngroups, &prev_ctx_p->groups); + get_current_groups(gid, &prev_ctx_p->ngroups, &prev_ctx_p->groups); done: unbecome_root(); @@ -404,7 +419,7 @@ void init_sec_ctx(void) ctx_p->uid = geteuid(); ctx_p->gid = getegid(); - get_current_groups(&ctx_p->ngroups, &ctx_p->groups); + get_current_groups(ctx_p->gid, &ctx_p->ngroups, &ctx_p->groups); ctx_p->token = NULL; /* Maps to guest user. */ diff --git a/source3/smbd/server.c b/source3/smbd/server.c index c759f56e0cb..6f0d0238b0d 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -53,7 +53,7 @@ int smbd_server_fd(void) return server_fd; } -void smbd_set_server_fd(int fd) +static void smbd_set_server_fd(int fd) { server_fd = fd; client_setfd(fd); @@ -63,7 +63,7 @@ void smbd_set_server_fd(int fd) Terminate signal. ****************************************************************************/ -VOLATILE sig_atomic_t got_sig_term = 0; +SIG_ATOMIC_T got_sig_term = 0; static void sig_term(void) { @@ -75,7 +75,7 @@ static void sig_term(void) Catch a sighup. ****************************************************************************/ -VOLATILE sig_atomic_t reload_after_sighup = 0; +SIG_ATOMIC_T reload_after_sighup = 0; static void sig_hup(int sig) { @@ -382,6 +382,8 @@ BOOL reload_services(BOOL test) { BOOL ret; + set_register_printer_fn(); + if (lp_loaded()) { pstring fname; pstrcpy(fname,lp_configfile()); @@ -531,6 +533,7 @@ void exit_server(char *reason) } locking_end(); + printing_end(); DEBUG(3,("Server exit (%s)\n", (reason ? reason : ""))); exit(0); @@ -782,15 +785,6 @@ static void usage(char *pname) } #endif -#ifdef WITH_SSL - { - extern BOOL sslEnabled; - sslEnabled = lp_ssl_enabled(); - if(sslEnabled) - sslutil_init(True); - } -#endif /* WITH_SSL */ - fstrcpy(global_myworkgroup, lp_workgroup()); DEBUG(3,( "loaded services\n")); @@ -861,6 +855,9 @@ static void usage(char *pname) if (!share_info_db_init()) exit(1); + if (!init_registry()) + exit(1); + if(!initialize_password_db(False)) exit(1); @@ -869,7 +866,7 @@ static void usage(char *pname) /* possibly reload the services file. */ reload_services(True); - if(!pdb_generate_sam_sid()) { + if(!get_global_sam_sid()) { DEBUG(0,("ERROR: Samba cannot create a SAM SID.\n")); exit(1); } diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 0ae49b7adfa..9ac610ab5a9 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -78,12 +78,9 @@ BOOL set_current_service(connection_struct *conn,BOOL do_chdir) Add a home service. Returns the new service number or -1 if fail. ****************************************************************************/ -int add_home_service(const char *service, const char *homedir) +int add_home_service(const char *service, const char *username, const char *homedir) { int iHomeService; - int iService; - fstring new_service; - fstring domain; if (!service || !homedir) return -1; @@ -98,11 +95,19 @@ int add_home_service(const char *service, const char *homedir) * include any macros. */ - split_domain_and_name(service, domain, new_service); - lp_add_home(new_service, iHomeService, homedir); - iService = lp_servicenumber(new_service); + { + const char *p = strchr(service,*lp_winbind_separator()); + + /* We only want the 'user' part of the string */ + if (p) { + service = p + 1; + } + } + + lp_add_home(service, iHomeService, username, homedir); + + return lp_servicenumber(service); - return iService; } @@ -122,7 +127,7 @@ int find_service(fstring service) /* now handle the special case of a home directory */ if (iService < 0) { - char *phome_dir = get_user_service_home_dir(service); + char *phome_dir = get_user_home_dir(service); if(!phome_dir) { @@ -131,13 +136,13 @@ int find_service(fstring service) * be a Windows to unix mapped user name. */ if(map_username(service)) - phome_dir = get_user_service_home_dir(service); + phome_dir = get_user_home_dir(service); } DEBUG(3,("checking for home directory %s gave %s\n",service, phome_dir?phome_dir:"(NULL)")); - iService = add_home_service(service,phome_dir); + iService = add_home_service(service,service /* 'username' */, phome_dir); } /* If we still don't have a service, attempt to add it as a printer. */ @@ -213,7 +218,7 @@ int find_service(fstring service) do some basic sainity checks on the share. This function modifies dev, ecode. ****************************************************************************/ -static NTSTATUS share_sanity_checks(int snum, const char* service, pstring dev) +static NTSTATUS share_sanity_checks(int snum, pstring dev) { if (!lp_snum_ok(snum) || @@ -223,7 +228,7 @@ static NTSTATUS share_sanity_checks(int snum, const char* service, pstring dev) } /* you can only connect to the IPC$ service as an ipc device */ - if (strequal(service,"IPC$") || strequal(service,"ADMIN$")) + if (strequal(lp_fstype(snum), "IPC")) pstrcpy(dev,"IPC"); if (dev[0] == '?' || !dev[0]) { @@ -261,24 +266,24 @@ static void set_read_only(connection_struct *conn) if (!service) return; - lp_list_copy(&list, lp_readlist(conn->service)); + str_list_copy(&list, lp_readlist(conn->service)); if (list) { - if (!lp_list_substitute(list, "%S", service)) { + if (!str_list_substitute(list, "%S", service)) { DEBUG(0, ("ERROR: read list substitution failed\n")); } if (user_in_list(conn->user, list)) conn->read_only = True; - lp_list_free(&list); + str_list_free(&list); } - lp_list_copy(&list, lp_writelist(conn->service)); + str_list_copy(&list, lp_writelist(conn->service)); if (list) { - if (!lp_list_substitute(list, "%S", service)) { + if (!str_list_substitute(list, "%S", service)) { DEBUG(0, ("ERROR: write list substitution failed\n")); } if (user_in_list(conn->user, list)) conn->read_only = False; - lp_list_free(&list); + str_list_free(&list); } } @@ -314,89 +319,26 @@ static void set_admin_user(connection_struct *conn) } /**************************************************************************** - Make a connection to a service. - * - * @param service (May be modified to canonical form???) + Make a connection, given the snum to connect to, and the vuser of the + connecting user if appropriate. ****************************************************************************/ -connection_struct *make_connection(char *service, DATA_BLOB password, - char *dev, uint16 vuid, NTSTATUS *status) +static connection_struct *make_connection_snum(int snum, user_struct *vuser, + DATA_BLOB password, + char *dev, NTSTATUS *status) { - int snum; struct passwd *pass = NULL; BOOL guest = False; BOOL force = False; connection_struct *conn; - uid_t euid; - + struct stat st; fstring user; - ZERO_STRUCT(user); - - /* This must ONLY BE CALLED AS ROOT. As it exits this function as root. */ - if (!non_root_mode() && (euid = geteuid()) != 0) { - DEBUG(0,("make_connection: PANIC ERROR. Called as nonroot (%u)\n", (unsigned int)euid )); - smb_panic("make_connection: PANIC ERROR. Called as nonroot\n"); - } - - strlower(service); - - snum = find_service(service); - - if (snum < 0) { - if (strequal(service,"IPC$") || strequal(service,"ADMIN$")) { - DEBUG(3,("refusing IPC connection\n")); - *status = NT_STATUS_ACCESS_DENIED; - return NULL; - } - - DEBUG(0,("%s (%s) couldn't find service %s\n", - remote_machine, client_addr(), service)); - *status = NT_STATUS_BAD_NETWORK_NAME; - return NULL; - } - - if (strequal(service,HOMES_NAME)) { - if(lp_security() != SEC_SHARE) { - if (validated_username(vuid)) { - fstring unix_username; - fstrcpy(unix_username,validated_username(vuid)); - return make_connection(unix_username, - password,dev,vuid,status); - } - } else { - /* Security = share. Try with current_user_info.smb_name - * as the username. */ - if (* current_user_info.smb_name) { - fstring unix_username; - fstrcpy(unix_username, - current_user_info.smb_name); - map_username(unix_username); - return make_connection(unix_username, - password,dev,vuid,status); - } - } - } + *user = 0; - if (NT_STATUS_IS_ERR(*status = share_sanity_checks(snum, service, dev))) { + if (NT_STATUS_IS_ERR(*status = share_sanity_checks(snum, dev))) { return NULL; } - /* add it as a possible user name if we - are in share mode security */ - if (lp_security() == SEC_SHARE) { - add_session_user(service); - } - - - /* shall we let them in? */ - if (!authorise_login(snum,user,password,&guest,&force,vuid)) { - DEBUG( 2, ( "Invalid username/password for %s [%s]\n", service, user ) ); - *status = NT_STATUS_WRONG_PASSWORD; - return NULL; - } - - add_session_user(user); - conn = conn_new(); if (!conn) { DEBUG(0,("Couldn't find free connection.\n")); @@ -404,20 +346,72 @@ connection_struct *make_connection(char *service, DATA_BLOB password, return NULL; } - /* find out some info about the user */ - pass = smb_getpwnam(user,True); + if (lp_guest_only(snum)) { + char *guestname = lp_guestaccount(); + guest = True; + force = True; + pass = getpwnam_alloc(guestname); + if (!pass) { + DEBUG(0,("authorise_login: Invalid guest account %s??\n",guestname)); + conn_free(conn); + *status = NT_STATUS_NO_SUCH_USER; + return NULL; + } + fstrcpy(user,pass->pw_name); + conn->force_user = True; + string_set(&conn->user,pass->pw_name); + passwd_free(&pass); + DEBUG(3,("Guest only user %s\n",user)); + } else if (vuser) { + if (vuser->guest) { + if (!lp_guest_ok(snum)) { + DEBUG(2, ("guest user (from session setup) not permitted to access this share (%s)", lp_servicename(snum))); + conn_free(conn); + *status = NT_STATUS_ACCESS_DENIED; + return NULL; + } + } else { + if (!user_ok(vuser->user.unix_name, snum)) { + DEBUG(2, ("user '%s' (from session setup) not permitted to access this share (%s)", vuser->user.unix_name, lp_servicename(snum))); + conn_free(conn); + *status = NT_STATUS_ACCESS_DENIED; + return NULL; + } + } + conn->vuid = vuser->vuid; + conn->uid = vuser->uid; + conn->gid = vuser->gid; + string_set(&conn->user,vuser->user.unix_name); + fstrcpy(user,vuser->user.unix_name); + guest = vuser->guest; + } else if (lp_security() == SEC_SHARE) { + /* add it as a possible user name if we + are in share mode security */ + add_session_user(lp_servicename(snum)); + /* shall we let them in? */ + if (!authorise_login(snum,user,password,&guest)) { + DEBUG( 2, ( "Invalid username/password for [%s]\n", + lp_servicename(snum)) ); + conn_free(conn); + *status = NT_STATUS_WRONG_PASSWORD; + return NULL; + } + pass = Get_Pwnam(user); + conn->force_user = force; + conn->uid = pass->pw_uid; + conn->gid = pass->pw_gid; + string_set(&conn->user, pass->pw_name); + fstrcpy(user, pass->pw_name); - if (pass == NULL) { - DEBUG(0,( "Couldn't find account %s\n",user)); - *status = NT_STATUS_NO_SUCH_USER; + } else { + DEBUG(0, ("invalid VUID (vuser) but not in security=share\n")); conn_free(conn); + *status = NT_STATUS_ACCESS_DENIED; return NULL; } - conn->force_user = force; - conn->vuid = vuid; - conn->uid = pass->pw_uid; - conn->gid = pass->pw_gid; + add_session_user(user); + safe_strcpy(conn->client_address, client_addr(), sizeof(conn->client_address)-1); conn->num_files_open = 0; @@ -450,18 +444,21 @@ connection_struct *make_connection(char *service, DATA_BLOB password, pstrcpy(fuser,lp_force_user(snum)); /* Allow %S to be used by force user. */ - pstring_sub(fuser,"%S",service); + pstring_sub(fuser,"%S",lp_servicename(snum)); - pass2 = (struct passwd *)Get_Pwnam_Modify(fuser); + pass2 = (struct passwd *)Get_Pwnam(fuser); if (pass2) { conn->uid = pass2->pw_uid; conn->gid = pass2->pw_gid; - string_set(&conn->user,fuser); - fstrcpy(user,fuser); + string_set(&conn->user,pass2->pw_name); + fstrcpy(user,pass2->pw_name); conn->force_user = True; - DEBUG(3,("Forced user %s\n",fuser)); + DEBUG(3,("Forced user %s\n",user)); } else { DEBUG(1,("Couldn't find user %s\n",fuser)); + conn_free(conn); + *status = NT_STATUS_NO_SUCH_USER; + return NULL; } } @@ -483,7 +480,7 @@ connection_struct *make_connection(char *service, DATA_BLOB password, BOOL user_must_be_member = False; StrnCpy(tmp_gname,lp_force_group(snum),sizeof(pstring)-1); - + if (tmp_gname[0] == '+') { user_must_be_member = True; StrnCpy(gname,&tmp_gname[1],sizeof(pstring)-2); @@ -491,7 +488,7 @@ connection_struct *make_connection(char *service, DATA_BLOB password, StrnCpy(gname,tmp_gname,sizeof(pstring)-1); } /* default service may be a group name */ - pstring_sub(gname,"%S",service); + pstring_sub(gname,"%S",lp_servicename(snum)); gid = nametogid(gname); if (gid != (gid_t)-1) { @@ -512,6 +509,9 @@ connection_struct *make_connection(char *service, DATA_BLOB password, } } else { DEBUG(1,("Couldn't find group %s\n",gname)); + conn_free(conn); + *status = NT_STATUS_NO_SUCH_GROUP; + return NULL; } } #endif /* HAVE_GETGRNAM */ @@ -519,7 +519,7 @@ connection_struct *make_connection(char *service, DATA_BLOB password, { pstring s; pstrcpy(s,lp_pathname(snum)); - standard_sub_conn(conn,s); + standard_sub_conn(conn,s,sizeof(s)); string_set(&conn->connectpath,s); DEBUG(3,("Connect path is %s\n",s)); } @@ -531,7 +531,7 @@ connection_struct *make_connection(char *service, DATA_BLOB password, /* Find all the groups this uid is in and store them. Used by change_to_user() */ initialise_groups(conn->user, conn->uid, conn->gid); - get_current_groups(&conn->ngroups,&conn->groups); + get_current_groups(conn->gid, &conn->ngroups,&conn->groups); conn->nt_user_token = create_nt_token(conn->uid, conn->gid, conn->ngroups, conn->groups, @@ -544,15 +544,15 @@ connection_struct *make_connection(char *service, DATA_BLOB password, */ { - BOOL can_write = share_access_check(conn, snum, vuid, FILE_WRITE_DATA); + BOOL can_write = share_access_check(conn, snum, vuser, FILE_WRITE_DATA); if (!can_write) { - if (!share_access_check(conn, snum, vuid, FILE_READ_DATA)) { + if (!share_access_check(conn, snum, vuser, FILE_READ_DATA)) { /* No access, read or write. */ - *status = NT_STATUS_ACCESS_DENIED; DEBUG(0,( "make_connection: connection to %s denied due to security descriptor.\n", - service )); + lp_servicename(snum))); conn_free(conn); + *status = NT_STATUS_ACCESS_DENIED; return NULL; } else { conn->read_only = True; @@ -564,6 +564,7 @@ connection_struct *make_connection(char *service, DATA_BLOB password, if (!smbd_vfs_init(conn)) { DEBUG(0, ("vfs_init failed for service %s\n", lp_servicename(SNUM(conn)))); conn_free(conn); + *status = NT_STATUS_UNSUCCESSFUL; return NULL; } @@ -574,8 +575,8 @@ connection_struct *make_connection(char *service, DATA_BLOB password, lp_max_connections(SNUM(conn)), False)) { DEBUG(1,("too many connections - rejected\n")); - *status = NT_STATUS_INSUFFICIENT_RESOURCES; conn_free(conn); + *status = NT_STATUS_INSUFFICIENT_RESOURCES; return NULL; } @@ -585,7 +586,7 @@ connection_struct *make_connection(char *service, DATA_BLOB password, int ret; pstring cmd; pstrcpy(cmd,lp_rootpreexec(SNUM(conn))); - standard_sub_conn(conn,cmd); + standard_sub_conn(conn,cmd,sizeof(cmd)); DEBUG(5,("cmd=%s\n",cmd)); ret = smbrun(cmd,NULL); if (ret != 0 && lp_rootpreexec_close(SNUM(conn))) { @@ -605,16 +606,16 @@ connection_struct *make_connection(char *service, DATA_BLOB password, *status = NT_STATUS_LOGON_FAILURE; return NULL; } - + /* Remember that a different vuid can connect later without these checks... */ - + /* Preexecs are done here as they might make the dir we are to ChDir to below */ /* execute any "preexec = " line */ if (*lp_preexec(SNUM(conn))) { int ret; pstring cmd; pstrcpy(cmd,lp_preexec(SNUM(conn))); - standard_sub_conn(conn,cmd); + standard_sub_conn(conn,cmd,sizeof(cmd)); ret = smbrun(cmd,NULL); if (ret != 0 && lp_preexec_close(SNUM(conn))) { DEBUG(1,("preexec gave %d - failing connection\n", ret)); @@ -625,7 +626,12 @@ connection_struct *make_connection(char *service, DATA_BLOB password, return NULL; } } - + +#if CHECK_PATH_ON_TCONX + /* win2000 does not check the permissions on the directory + during the tree connect, instead relying on permission + check during individual operations. To match this behaviour + I have disabled this chdir check (tridge) */ if (vfs_ChDir(conn,conn->connectpath) != 0) { DEBUG(0,("%s (%s) Can't change directory to %s (%s)\n", remote_machine, conn->client_address, @@ -636,12 +642,23 @@ connection_struct *make_connection(char *service, DATA_BLOB password, *status = NT_STATUS_BAD_NETWORK_NAME; return NULL; } +#else + /* the alternative is just to check the directory exists */ + if (stat(conn->connectpath, &st) != 0 || !S_ISDIR(st.st_mode)) { + DEBUG(0,("%s is not a directory\n", conn->connectpath)); + change_to_root_user(); + yield_connection(conn, lp_servicename(SNUM(conn))); + conn_free(conn); + *status = NT_STATUS_BAD_NETWORK_NAME; + return NULL; + } +#endif string_set(&conn->origpath,conn->connectpath); #if SOFTLINK_OPTIMISATION - /* resolve any soft links early */ - { + /* resolve any soft links early if possible */ + if (vfs_ChDir(conn,conn->connectpath) == 0) { pstring s; pstrcpy(s,conn->connectpath); vfs_GetWd(conn,s); @@ -674,11 +691,11 @@ connection_struct *make_connection(char *service, DATA_BLOB password, /* Invoke VFS make connection hook */ if (conn->vfs_ops.connect) { - if (conn->vfs_ops.connect(conn, service, user) < 0) { + if (conn->vfs_ops.connect(conn, lp_servicename(snum), user) < 0) { DEBUG(0,("make_connection: VFS make connection failed!\n")); - *status = NT_STATUS_UNSUCCESSFUL; change_to_root_user(); conn_free(conn); + *status = NT_STATUS_UNSUCCESSFUL; return NULL; } } @@ -689,6 +706,130 @@ connection_struct *make_connection(char *service, DATA_BLOB password, return(conn); } +/*************************************************************************************** + Simple wrapper function for make_connection() to include a call to + vfs_chdir() + **************************************************************************************/ + +connection_struct *make_connection_with_chdir(const char *service_in, DATA_BLOB password, + char *dev, uint16 vuid, NTSTATUS *status) +{ + connection_struct *conn = NULL; + + conn = make_connection(service_in, password, dev, vuid, status); + + /* + * make_connection() does not change the directory for us any more + * so we have to do it as a separate step --jerry + */ + + if ( conn && vfs_ChDir(conn,conn->connectpath) != 0 ) { + DEBUG(0,("move_driver_to_download_area: Can't change directory to %s for [print$] (%s)\n", + conn->connectpath,strerror(errno))); + yield_connection(conn, lp_servicename(SNUM(conn))); + conn_free(conn); + *status = NT_STATUS_UNSUCCESSFUL; + return NULL; + } + + return conn; +} + +/**************************************************************************** + Make a connection to a service. + * + * @param service +****************************************************************************/ + +connection_struct *make_connection(const char *service_in, DATA_BLOB password, + char *dev, uint16 vuid, NTSTATUS *status) +{ + uid_t euid; + user_struct *vuser = NULL; + pstring service; + int snum = -1; + + /* This must ONLY BE CALLED AS ROOT. As it exits this function as root. */ + if (!non_root_mode() && (euid = geteuid()) != 0) { + DEBUG(0,("make_connection: PANIC ERROR. Called as nonroot (%u)\n", (unsigned int)euid )); + smb_panic("make_connection: PANIC ERROR. Called as nonroot\n"); + } + + if(lp_security() != SEC_SHARE) { + vuser = get_valid_user_struct(vuid); + if (!vuser) { + DEBUG(1,("make_connection: refusing to connect with no session setup\n")); + return NULL; + } + } + + /* Logic to try and connect to the correct [homes] share, preferably without too many + getpwnam() lookups. This is particulary nasty for winbind usernames, where the + share name isn't the same as unix username. + + The snum of the homes share is stored on the vuser at session setup time. + */ + + if (strequal(service_in,HOMES_NAME)) { + if(lp_security() != SEC_SHARE) { + DATA_BLOB no_pw = data_blob(NULL, 0); + if (vuser->homes_snum != -1) { + DEBUG(5, ("making a connection to [homes] service created at session setup time\n")); + return make_connection_snum(vuser->homes_snum, + vuser, no_pw, + dev, status); + } + } else { + /* Security = share. Try with current_user_info.smb_name + * as the username. */ + if (*current_user_info.smb_name) { + fstring unix_username; + fstrcpy(unix_username, + current_user_info.smb_name); + map_username(unix_username); + snum = find_service(unix_username); + } + if (snum != -1) { + DEBUG(5, ("making a connection to 'homes' service %s based on security=share\n", service_in)); + return make_connection_snum(snum, NULL, + password, + dev, status); + } + } + } else if ((lp_security() != SEC_SHARE) && (vuser->homes_snum != -1) + && strequal(service, lp_servicename(vuser->homes_snum))) { + DATA_BLOB no_pw = data_blob(NULL, 0); + DEBUG(5, ("making a connection to 'homes' service [%s] created at session setup time\n", service)); + return make_connection_snum(vuser->homes_snum, + vuser, no_pw, + dev, status); + } + + pstrcpy(service, service_in); + + strlower(service); + + snum = find_service(service); + + if (snum < 0) { + if (strequal(service,"IPC$") || strequal(service,"ADMIN$")) { + DEBUG(3,("refusing IPC connection to %s\n", service)); + *status = NT_STATUS_ACCESS_DENIED; + return NULL; + } + + DEBUG(0,("%s (%s) couldn't find service %s\n", + remote_machine, client_addr(), service)); + *status = NT_STATUS_BAD_NETWORK_NAME; + return NULL; + } + + DEBUG(5, ("making a connection to 'normal' service %s\n", service)); + + return make_connection_snum(snum, vuser, + password, + dev, status); +} /**************************************************************************** close a cnum @@ -721,7 +862,7 @@ void close_cnum(connection_struct *conn, uint16 vuid) change_to_user(conn, vuid)) { pstring cmd; pstrcpy(cmd,lp_postexec(SNUM(conn))); - standard_sub_conn(conn,cmd); + standard_sub_conn(conn,cmd,sizeof(cmd)); smbrun(cmd,NULL); change_to_root_user(); } @@ -731,8 +872,12 @@ void close_cnum(connection_struct *conn, uint16 vuid) if (*lp_rootpostexec(SNUM(conn))) { pstring cmd; pstrcpy(cmd,lp_rootpostexec(SNUM(conn))); - standard_sub_conn(conn,cmd); + standard_sub_conn(conn,cmd,sizeof(cmd)); smbrun(cmd,NULL); } + + /* make sure we leave the directory available for unmount */ + vfs_ChDir(conn, "/"); + conn_free(conn); } diff --git a/source3/smbd/session.c b/source3/smbd/session.c index 05a7b24da28..dade953ec1a 100644 --- a/source3/smbd/session.c +++ b/source3/smbd/session.c @@ -163,16 +163,54 @@ void session_yield(user_struct *vuser) tdb_delete(tdb, key); } -BOOL session_traverse(int (*fn)(TDB_CONTEXT *, TDB_DATA, TDB_DATA, void *), void *state) +static BOOL session_traverse(int (*fn)(TDB_CONTEXT *, TDB_DATA, TDB_DATA, void *), void *state) { - if (!tdb) { - DEBUG(3, ("No tdb opened\n")); - return False; - } + if (!tdb) { + DEBUG(3, ("No tdb opened\n")); + return False; + } - tdb_traverse(tdb, fn, state); - return True; + tdb_traverse(tdb, fn, state); + return True; } +struct session_list { + int count; + struct sessionid *sessions; +}; + +static int gather_sessioninfo(TDB_CONTEXT *stdb, TDB_DATA kbuf, TDB_DATA dbuf, + void *state) +{ + struct session_list *sesslist = (struct session_list *) state; + const struct sessionid *current = (const struct sessionid *) dbuf.dptr; + + sesslist->count += 1; + sesslist->sessions = REALLOC(sesslist->sessions, sesslist->count * + sizeof(struct sessionid)); + + memcpy(&sesslist->sessions[sesslist->count - 1], current, + sizeof(struct sessionid)); + DEBUG(7,("gather_sessioninfo session from %s@%s\n", + current->username, current->remote_machine)); + return 0; +} +int list_sessions(struct sessionid **session_list) +{ + struct session_list sesslist; + + sesslist.count = 0; + sesslist.sessions = NULL; + + if (!session_traverse(gather_sessioninfo, (void *) &sesslist)) { + DEBUG(3, ("Session traverse failed\n")); + SAFE_FREE(sesslist.sessions); + *session_list = NULL; + return 0; + } + *session_list = sesslist.sessions; + return sesslist.count; +} + diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 899c9174b22..867b00ff5cc 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -120,7 +120,7 @@ static int reply_spnego_kerberos(connection_struct *conn, return ERROR_NT(NT_STATUS_LOGON_FAILURE); } - ads = ads_init(NULL, NULL, NULL, NULL); + ads = ads_init_simple(); ret = ads_verify_ticket(ads, &ticket, &client, &auth_data); if (!NT_STATUS_IS_OK(ret)) { @@ -235,11 +235,12 @@ static int reply_spnego_negotiate(connection_struct *conn, char *OIDs[ASN1_MAX_OIDS]; DATA_BLOB secblob; int i; - uint32 ntlmssp_command, neg_flags; - DATA_BLOB sess_key, chal, spnego_chal; + uint32 ntlmssp_command, neg_flags, chal_flags; + DATA_BLOB chal, spnego_chal, extra_data; const uint8 *cryptkey; BOOL got_kerberos = False; NTSTATUS nt_status; + extern pstring global_myname; /* parse out the OIDs and the first sec blob */ if (!parse_negTokenTarg(blob1, OIDs, &secblob)) { @@ -274,18 +275,23 @@ static int reply_spnego_negotiate(connection_struct *conn, "NTLMSSP", &ntlmssp_command, &neg_flags, - &sess_key)) { + &extra_data)) { return ERROR_NT(NT_STATUS_LOGON_FAILURE); } + + DEBUG(5, ("Extra data: \n")); + dump_data(5, extra_data.data, extra_data.length); data_blob_free(&secblob); - data_blob_free(&sess_key); + data_blob_free(&extra_data); if (ntlmssp_command != NTLMSSP_NEGOTIATE) { return ERROR_NT(NT_STATUS_LOGON_FAILURE); } - DEBUG(3,("Got neg_flags=%08x\n", neg_flags)); + DEBUG(3,("Got neg_flags=0x%08x\n", neg_flags)); + + debug_ntlmssp_flags(neg_flags); if (ntlmssp_auth_context) { (ntlmssp_auth_context->free)(&ntlmssp_auth_context); @@ -300,22 +306,47 @@ static int reply_spnego_negotiate(connection_struct *conn, /* Give them the challenge. For now, ignore neg_flags and just return the flags we want. Obviously this is not correct */ - neg_flags = NTLMSSP_NEGOTIATE_UNICODE | + chal_flags = NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_LM_KEY | - NTLMSSP_NEGOTIATE_NTLM; - - msrpc_gen(&chal, "Cddddbdddd", - "NTLMSSP", - NTLMSSP_CHALLENGE, - 0, - 0x30, /* ?? */ - neg_flags, - cryptkey, 8, - 0, 0, 0, - 0x3000); /* ?? */ + NTLMSSP_NEGOTIATE_NTLM | + NTLMSSP_CHAL_TARGET_INFO; + + { + DATA_BLOB domain_blob, netbios_blob, realm_blob; + + msrpc_gen(&domain_blob, + "U", + lp_workgroup()); + + msrpc_gen(&netbios_blob, + "U", + global_myname); + + msrpc_gen(&realm_blob, + "U", + lp_realm()); + + + msrpc_gen(&chal, "CddddbBBBB", + "NTLMSSP", + NTLMSSP_CHALLENGE, + 0, + 0x30, /* ?? */ + chal_flags, + cryptkey, 8, + domain_blob.data, domain_blob.length, + domain_blob.data, domain_blob.length, + netbios_blob.data, netbios_blob.length, + realm_blob.data, realm_blob.length); + + data_blob_free(&domain_blob); + data_blob_free(&netbios_blob); + data_blob_free(&realm_blob); + } if (!spnego_gen_challenge(&spnego_chal, &chal, &chal)) { DEBUG(3,("Failed to generate challenge\n")); + data_blob_free(&chal); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } @@ -346,10 +377,15 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf, int sess_vuid; BOOL as_guest; uint32 auth_flags = AUTH_FLAG_NONE; - auth_usersupplied_info *user_info = NULL; auth_serversupplied_info *server_info = NULL; + /* we must have setup the auth context by now */ + if (!ntlmssp_auth_context) { + DEBUG(2,("ntlmssp_auth_context is NULL in reply_spnego_auth\n")); + return ERROR_NT(NT_STATUS_LOGON_FAILURE); + } + if (!spnego_parse_auth(blob1, &auth)) { #if 0 file_save("auth.dat", blob1.data, blob1.length); @@ -606,7 +642,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, plaintext_password.data[passlen1] = 0; } - srvstr_pull(inbuf, user, smb_buf(inbuf)+passlen1, sizeof(user), -1, STR_TERMINATE); + srvstr_pull_buf(inbuf, user, smb_buf(inbuf)+passlen1, sizeof(user), STR_TERMINATE); *domain = 0; } else { @@ -669,14 +705,10 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, } p += passlen1 + passlen2; - p += srvstr_pull(inbuf, user, p, sizeof(user), -1, - STR_TERMINATE); - p += srvstr_pull(inbuf, domain, p, sizeof(domain), - -1, STR_TERMINATE); - p += srvstr_pull(inbuf, native_os, p, sizeof(native_os), - -1, STR_TERMINATE); - p += srvstr_pull(inbuf, native_lanman, p, sizeof(native_lanman), - -1, STR_TERMINATE); + p += srvstr_pull_buf(inbuf, user, p, sizeof(user), STR_TERMINATE); + p += srvstr_pull_buf(inbuf, domain, p, sizeof(domain), STR_TERMINATE); + p += srvstr_pull_buf(inbuf, native_os, p, sizeof(native_os), STR_TERMINATE); + p += srvstr_pull_buf(inbuf, native_lanman, p, sizeof(native_lanman), STR_TERMINATE); DEBUG(3,("Domain=[%s] NativeOS=[%s] NativeLanMan=[%s]\n", domain,native_os,native_lanman)); } diff --git a/source3/smbd/srvstr.c b/source3/smbd/srvstr.c index 90da422f133..36fecf5bd2e 100644 --- a/source3/smbd/srvstr.c +++ b/source3/smbd/srvstr.c @@ -30,3 +30,12 @@ int srvstr_pull(void *base_ptr, char *dest, const void *src, int dest_len, int s { return pull_string(base_ptr, dest, src, dest_len, src_len, flags); } + +/* pull a string from the smb_buf part of a packet. In this case the + string can either be null terminated or it can be terminated by the + end of the smbbuf area +*/ +int srvstr_pull_buf(void *inbuf, char *dest, const void *src, int dest_len, int flags) +{ + return pull_string(inbuf, dest, src, dest_len, smb_bufrem(inbuf, src), flags); +} diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 1972e9c8c8e..f1dfb39aacf 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -37,255 +37,261 @@ extern pstring global_myname; HACK ! Always assumes smb_setup field is zero. ****************************************************************************/ -static int send_trans2_replies(char *outbuf, int bufsize, char *params, - int paramsize, char *pdata, int datasize) +static int send_trans2_replies(char *outbuf, + int bufsize, + char *params, + int paramsize, + char *pdata, + int datasize) { - /* As we are using a protocol > LANMAN1 then the max_send - variable must have been set in the sessetupX call. - This takes precedence over the max_xmit field in the - global struct. These different max_xmit variables should - be merged as this is now too confusing */ - - extern int max_send; - int data_to_send = datasize; - int params_to_send = paramsize; - int useable_space; - char *pp = params; - char *pd = pdata; - int params_sent_thistime, data_sent_thistime, total_sent_thistime; - int alignment_offset = 1; /* JRA. This used to be 3. Set to 1 to make netmon parse ok. */ - int data_alignment_offset = 0; - - /* Initially set the wcnt area to be 10 - this is true for all - trans2 replies */ - set_message(outbuf,10,0,True); - - /* If there genuinely are no parameters or data to send just send - the empty packet */ - if(params_to_send == 0 && data_to_send == 0) - { - if (!send_smb(smbd_server_fd(),outbuf)) - exit_server("send_trans2_replies: send_smb failed."); - return 0; - } - - /* When sending params and data ensure that both are nicely aligned */ - /* Only do this alignment when there is also data to send - else - can cause NT redirector problems. */ - if (((params_to_send % 4) != 0) && (data_to_send != 0)) - data_alignment_offset = 4 - (params_to_send % 4); - - /* Space is bufsize minus Netbios over TCP header minus SMB header */ - /* The alignment_offset is to align the param bytes on an even byte - boundary. NT 4.0 Beta needs this to work correctly. */ - useable_space = bufsize - ((smb_buf(outbuf)+ - alignment_offset+data_alignment_offset) - - outbuf); - - /* useable_space can never be more than max_send minus the - alignment offset. */ - useable_space = MIN(useable_space, - max_send - (alignment_offset+data_alignment_offset)); - - - while (params_to_send || data_to_send) - { - /* Calculate whether we will totally or partially fill this packet */ - total_sent_thistime = params_to_send + data_to_send + - alignment_offset + data_alignment_offset; - /* We can never send more than useable_space */ - /* - * Note that 'useable_space' does not include the alignment offsets, - * but we must include the alignment offsets in the calculation of - * the length of the data we send over the wire, as the alignment offsets - * are sent here. Fix from Marc_Jacobsen@hp.com. - */ - total_sent_thistime = MIN(total_sent_thistime, useable_space+ - alignment_offset + data_alignment_offset); - - set_message(outbuf, 10, total_sent_thistime, True); - - /* Set total params and data to be sent */ - SSVAL(outbuf,smb_tprcnt,paramsize); - SSVAL(outbuf,smb_tdrcnt,datasize); - - /* Calculate how many parameters and data we can fit into - this packet. Parameters get precedence */ - - params_sent_thistime = MIN(params_to_send,useable_space); - data_sent_thistime = useable_space - params_sent_thistime; - data_sent_thistime = MIN(data_sent_thistime,data_to_send); - - SSVAL(outbuf,smb_prcnt, params_sent_thistime); - - /* smb_proff is the offset from the start of the SMB header to the - parameter bytes, however the first 4 bytes of outbuf are - the Netbios over TCP header. Thus use smb_base() to subtract - them from the calculation */ - - SSVAL(outbuf,smb_proff,((smb_buf(outbuf)+alignment_offset) - smb_base(outbuf))); - - if(params_sent_thistime == 0) - SSVAL(outbuf,smb_prdisp,0); - else - /* Absolute displacement of param bytes sent in this packet */ - SSVAL(outbuf,smb_prdisp,pp - params); - - SSVAL(outbuf,smb_drcnt, data_sent_thistime); - if(data_sent_thistime == 0) - { - SSVAL(outbuf,smb_droff,0); - SSVAL(outbuf,smb_drdisp, 0); - } - else - { - /* The offset of the data bytes is the offset of the - parameter bytes plus the number of parameters being sent this time */ - SSVAL(outbuf,smb_droff,((smb_buf(outbuf)+alignment_offset) - - smb_base(outbuf)) + params_sent_thistime + data_alignment_offset); - SSVAL(outbuf,smb_drdisp, pd - pdata); - } - - /* Copy the param bytes into the packet */ - if(params_sent_thistime) - memcpy((smb_buf(outbuf)+alignment_offset),pp,params_sent_thistime); - /* Copy in the data bytes */ - if(data_sent_thistime) - memcpy(smb_buf(outbuf)+alignment_offset+params_sent_thistime+ - data_alignment_offset,pd,data_sent_thistime); - - DEBUG(9,("t2_rep: params_sent_thistime = %d, data_sent_thistime = %d, useable_space = %d\n", - params_sent_thistime, data_sent_thistime, useable_space)); - DEBUG(9,("t2_rep: params_to_send = %d, data_to_send = %d, paramsize = %d, datasize = %d\n", - params_to_send, data_to_send, paramsize, datasize)); - - /* Send the packet */ - if (!send_smb(smbd_server_fd(),outbuf)) - exit_server("send_trans2_replies: send_smb failed."); - - pp += params_sent_thistime; - pd += data_sent_thistime; - - params_to_send -= params_sent_thistime; - data_to_send -= data_sent_thistime; - - /* Sanity check */ - if(params_to_send < 0 || data_to_send < 0) - { - DEBUG(0,("send_trans2_replies failed sanity check pts = %d, dts = %d\n!!!", - params_to_send, data_to_send)); - return -1; - } - } - - return 0; + /* As we are using a protocol > LANMAN1 then the max_send + variable must have been set in the sessetupX call. + This takes precedence over the max_xmit field in the + global struct. These different max_xmit variables should + be merged as this is now too confusing */ + + extern int max_send; + int data_to_send = datasize; + int params_to_send = paramsize; + int useable_space; + char *pp = params; + char *pd = pdata; + int params_sent_thistime, data_sent_thistime, total_sent_thistime; + int alignment_offset = 1; /* JRA. This used to be 3. Set to 1 to make netmon parse ok. */ + int data_alignment_offset = 0; + + /* Initially set the wcnt area to be 10 - this is true for all trans2 replies */ + + set_message(outbuf,10,0,True); + + /* If there genuinely are no parameters or data to send just send the empty packet */ + + if(params_to_send == 0 && data_to_send == 0) { + if (!send_smb(smbd_server_fd(),outbuf)) + exit_server("send_trans2_replies: send_smb failed."); + return 0; + } + + /* When sending params and data ensure that both are nicely aligned */ + /* Only do this alignment when there is also data to send - else + can cause NT redirector problems. */ + + if (((params_to_send % 4) != 0) && (data_to_send != 0)) + data_alignment_offset = 4 - (params_to_send % 4); + + /* Space is bufsize minus Netbios over TCP header minus SMB header */ + /* The alignment_offset is to align the param bytes on an even byte + boundary. NT 4.0 Beta needs this to work correctly. */ + + useable_space = bufsize - ((smb_buf(outbuf)+ alignment_offset+data_alignment_offset) - outbuf); + + /* useable_space can never be more than max_send minus the alignment offset. */ + + useable_space = MIN(useable_space, max_send - (alignment_offset+data_alignment_offset)); + + while (params_to_send || data_to_send) { + /* Calculate whether we will totally or partially fill this packet */ + + total_sent_thistime = params_to_send + data_to_send + alignment_offset + data_alignment_offset; + + /* We can never send more than useable_space */ + /* + * Note that 'useable_space' does not include the alignment offsets, + * but we must include the alignment offsets in the calculation of + * the length of the data we send over the wire, as the alignment offsets + * are sent here. Fix from Marc_Jacobsen@hp.com. + */ + + total_sent_thistime = MIN(total_sent_thistime, useable_space+ alignment_offset + data_alignment_offset); + + set_message(outbuf, 10, total_sent_thistime, True); + + /* Set total params and data to be sent */ + SSVAL(outbuf,smb_tprcnt,paramsize); + SSVAL(outbuf,smb_tdrcnt,datasize); + + /* Calculate how many parameters and data we can fit into + * this packet. Parameters get precedence + */ + + params_sent_thistime = MIN(params_to_send,useable_space); + data_sent_thistime = useable_space - params_sent_thistime; + data_sent_thistime = MIN(data_sent_thistime,data_to_send); + + SSVAL(outbuf,smb_prcnt, params_sent_thistime); + + /* smb_proff is the offset from the start of the SMB header to the + parameter bytes, however the first 4 bytes of outbuf are + the Netbios over TCP header. Thus use smb_base() to subtract + them from the calculation */ + + SSVAL(outbuf,smb_proff,((smb_buf(outbuf)+alignment_offset) - smb_base(outbuf))); + + if(params_sent_thistime == 0) + SSVAL(outbuf,smb_prdisp,0); + else + /* Absolute displacement of param bytes sent in this packet */ + SSVAL(outbuf,smb_prdisp,pp - params); + + SSVAL(outbuf,smb_drcnt, data_sent_thistime); + if(data_sent_thistime == 0) { + SSVAL(outbuf,smb_droff,0); + SSVAL(outbuf,smb_drdisp, 0); + } else { + /* The offset of the data bytes is the offset of the + parameter bytes plus the number of parameters being sent this time */ + SSVAL(outbuf,smb_droff,((smb_buf(outbuf)+alignment_offset) - + smb_base(outbuf)) + params_sent_thistime + data_alignment_offset); + SSVAL(outbuf,smb_drdisp, pd - pdata); + } + + /* Copy the param bytes into the packet */ + + if(params_sent_thistime) + memcpy((smb_buf(outbuf)+alignment_offset),pp,params_sent_thistime); + + /* Copy in the data bytes */ + if(data_sent_thistime) + memcpy(smb_buf(outbuf)+alignment_offset+params_sent_thistime+ + data_alignment_offset,pd,data_sent_thistime); + + DEBUG(9,("t2_rep: params_sent_thistime = %d, data_sent_thistime = %d, useable_space = %d\n", + params_sent_thistime, data_sent_thistime, useable_space)); + DEBUG(9,("t2_rep: params_to_send = %d, data_to_send = %d, paramsize = %d, datasize = %d\n", + params_to_send, data_to_send, paramsize, datasize)); + + /* Send the packet */ + if (!send_smb(smbd_server_fd(),outbuf)) + exit_server("send_trans2_replies: send_smb failed."); + + pp += params_sent_thistime; + pd += data_sent_thistime; + + params_to_send -= params_sent_thistime; + data_to_send -= data_sent_thistime; + + /* Sanity check */ + if(params_to_send < 0 || data_to_send < 0) { + DEBUG(0,("send_trans2_replies failed sanity check pts = %d, dts = %d\n!!!", + params_to_send, data_to_send)); + return -1; + } + } + + return 0; } /**************************************************************************** Reply to a TRANSACT2_OPEN. ****************************************************************************/ -static int call_trans2open(connection_struct *conn, char *inbuf, char *outbuf, - int bufsize, - char **pparams, char **ppdata) +static int call_trans2open(connection_struct *conn, char *inbuf, char *outbuf, int bufsize, + char **pparams, int total_params, char **ppdata, int total_data) { - char *params = *pparams; - int16 open_mode = SVAL(params, 2); - int16 open_attr = SVAL(params,6); - BOOL oplock_request = (((SVAL(params,0)|(1<<1))>>1) | ((SVAL(params,0)|(1<<2))>>1)); + char *params = *pparams; + int16 open_mode; + int16 open_attr; + BOOL oplock_request; #if 0 - BOOL return_additional_info = BITSETW(params,0); - int16 open_sattr = SVAL(params, 4); - time_t open_time = make_unix_date3(params+8); + BOOL return_additional_info; + int16 open_sattr; + time_t open_time; #endif - int16 open_ofun = SVAL(params,12); - int32 open_size = IVAL(params,14); - char *pname = ¶ms[28]; - pstring fname; - mode_t unixmode; - SMB_OFF_T size=0; - int fmode=0,mtime=0,rmode; - SMB_INO_T inode = 0; - SMB_STRUCT_STAT sbuf; - int smb_action = 0; - BOOL bad_path = False; - files_struct *fsp; - - srvstr_pull(inbuf, fname, pname, sizeof(fname), -1, STR_TERMINATE); - - DEBUG(3,("trans2open %s mode=%d attr=%d ofun=%d size=%d\n", - fname,open_mode, open_attr, open_ofun, open_size)); - - if (IS_IPC(conn)) { + int16 open_ofun; + int32 open_size; + char *pname; + pstring fname; + mode_t unixmode; + SMB_OFF_T size=0; + int fmode=0,mtime=0,rmode; + SMB_INO_T inode = 0; + SMB_STRUCT_STAT sbuf; + int smb_action = 0; + BOOL bad_path = False; + files_struct *fsp; + + /* + * Ensure we have enough parameters to perform the operation. + */ + + if (total_params < 29) + return(ERROR_DOS(ERRDOS,ERRinvalidparam)); + + open_mode = SVAL(params, 2); + open_attr = SVAL(params,6); + oplock_request = (((SVAL(params,0)|(1<<1))>>1) | ((SVAL(params,0)|(1<<2))>>1)); +#if 0 + return_additional_info = BITSETW(params,0); + open_sattr = SVAL(params, 4); + open_time = make_unix_date3(params+8); +#endif + open_ofun = SVAL(params,12); + open_size = IVAL(params,14); + pname = ¶ms[28]; + + srvstr_pull(inbuf, fname, pname, sizeof(fname), -1, STR_TERMINATE); + + DEBUG(3,("trans2open %s mode=%d attr=%d ofun=%d size=%d\n", + fname,open_mode, open_attr, open_ofun, open_size)); + + if (IS_IPC(conn)) return(ERROR_DOS(ERRSRV,ERRaccess)); - } - /* XXXX we need to handle passed times, sattr and flags */ + /* XXXX we need to handle passed times, sattr and flags */ - unix_convert(fname,conn,0,&bad_path,&sbuf); + unix_convert(fname,conn,0,&bad_path,&sbuf); - if (!check_name(fname,conn)) - { - if((errno == ENOENT) && bad_path) - { - unix_ERR_class = ERRDOS; - unix_ERR_code = ERRbadpath; - } - return(UNIXERROR(ERRDOS,ERRnoaccess)); - } - - unixmode = unix_mode(conn,open_attr | aARCH, fname); + if (!check_name(fname,conn)) { + set_bad_path_error(errno, bad_path); + return(UNIXERROR(ERRDOS,ERRnoaccess)); + } + + unixmode = unix_mode(conn,open_attr | aARCH, fname); - fsp = open_file_shared(conn,fname,&sbuf,open_mode,open_ofun,unixmode, - oplock_request, &rmode,&smb_action); + fsp = open_file_shared(conn,fname,&sbuf,open_mode,open_ofun,unixmode, + oplock_request, &rmode,&smb_action); - if (!fsp) - { - if((errno == ENOENT) && bad_path) - { - unix_ERR_class = ERRDOS; - unix_ERR_code = ERRbadpath; - } - return(UNIXERROR(ERRDOS,ERRnoaccess)); - } - - size = sbuf.st_size; - fmode = dos_mode(conn,fname,&sbuf); - mtime = sbuf.st_mtime; - inode = sbuf.st_ino; - if (fmode & aDIR) { - close_file(fsp,False); - return(ERROR_DOS(ERRDOS,ERRnoaccess)); - } - - /* Realloc the size of parameters and data we will return */ - params = Realloc(*pparams, 28); - if( params == NULL ) { - return(ERROR_DOS(ERRDOS,ERRnomem)); - } - *pparams = params; - - memset((char *)params,'\0',28); - SSVAL(params,0,fsp->fnum); - SSVAL(params,2,fmode); - put_dos_date2(params,4, mtime); - SIVAL(params,8, (uint32)size); - SSVAL(params,12,rmode); - - if (oplock_request && lp_fake_oplocks(SNUM(conn))) { - smb_action |= EXTENDED_OPLOCK_GRANTED; - } - - SSVAL(params,18,smb_action); - /* - * WARNING - this may need to be changed if SMB_INO_T <> 4 bytes. - */ - SIVAL(params,20,inode); + if (!fsp) { + set_bad_path_error(errno, bad_path); + return(UNIXERROR(ERRDOS,ERRnoaccess)); + } + + size = sbuf.st_size; + fmode = dos_mode(conn,fname,&sbuf); + mtime = sbuf.st_mtime; + inode = sbuf.st_ino; + if (fmode & aDIR) { + close_file(fsp,False); + return(ERROR_DOS(ERRDOS,ERRnoaccess)); + } + + /* Realloc the size of parameters and data we will return */ + params = Realloc(*pparams, 28); + if( params == NULL ) + return(ERROR_DOS(ERRDOS,ERRnomem)); + *pparams = params; + + memset((char *)params,'\0',28); + SSVAL(params,0,fsp->fnum); + SSVAL(params,2,fmode); + put_dos_date2(params,4, mtime); + SIVAL(params,8, (uint32)size); + SSVAL(params,12,rmode); + + if (oplock_request && lp_fake_oplocks(SNUM(conn))) + smb_action |= EXTENDED_OPLOCK_GRANTED; + + SSVAL(params,18,smb_action); + + /* + * WARNING - this may need to be changed if SMB_INO_T <> 4 bytes. + */ + SIVAL(params,20,inode); - /* Send the required number of replies */ - send_trans2_replies(outbuf, bufsize, params, 28, *ppdata, 0); + /* Send the required number of replies */ + send_trans2_replies(outbuf, bufsize, params, 28, *ppdata, 0); - return -1; + return -1; } /********************************************************* @@ -304,10 +310,6 @@ static BOOL exact_match(char *str,char *mask, BOOL case_sig) return strcasecmp(str,mask) == 0; } -#if 0 - -Not finished yet - jra. - /**************************************************************************** Return the filetype for UNIX extensions. ****************************************************************************/ @@ -370,35 +372,63 @@ static uint32 unix_dev_minor(SMB_DEV_T dev) } /**************************************************************************** - Map standard UNIX permissions onto wire representations. + Map wire perms onto standard UNIX permissions. Obey share restrictions. ****************************************************************************/ -static uint32 unix_perms_to_wire(mode_t perms) +static mode_t unix_perms_from_wire( connection_struct *conn, SMB_STRUCT_STAT *pst, uint32 perms) { - uint ret = 0; - - ret |= ((perms & S_IXOTH) ? UNIX_X_OTH : 0); - ret |= ((perms & S_IWOTH) ? UNIX_W_OTH : 0); - ret |= ((perms & S_IROTH) ? UNIX_R_OTH : 0); - ret |= ((perms & S_IXGRP) ? UNIX_X_GRP : 0); - ret |= ((perms & S_IWGRP) ? UNIX_W_GRP : 0); - ret |= ((perms & S_IRGRP) ? UNIX_R_GRP : 0); - ret |= ((perms & S_IXUSR) ? UNIX_X_USR : 0); - ret |= ((perms & S_IWUSR) ? UNIX_W_USR : 0); - ret |= ((perms & S_IRUSR) ? UNIX_R_USR : 0); + mode_t ret = 0; + + if (perms == SMB_MODE_NO_CHANGE) + return pst->st_mode; + + ret |= ((perms & UNIX_X_OTH ) ? S_IXOTH : 0); + ret |= ((perms & UNIX_W_OTH ) ? S_IWOTH : 0); + ret |= ((perms & UNIX_R_OTH ) ? S_IROTH : 0); + ret |= ((perms & UNIX_X_GRP ) ? S_IXGRP : 0); + ret |= ((perms & UNIX_W_GRP ) ? S_IWGRP : 0); + ret |= ((perms & UNIX_R_GRP ) ? S_IRGRP : 0); + ret |= ((perms & UNIX_X_USR ) ? S_IXUSR : 0); + ret |= ((perms & UNIX_W_USR ) ? S_IWUSR : 0); + ret |= ((perms & UNIX_R_USR ) ? S_IRUSR : 0); #ifdef S_ISVTX - ret |= ((perms & S_ISVTX) ? UNIX_STICKY : 0); + ret |= ((perms & UNIX_STICKY ) ? S_ISVTX : 0); #endif #ifdef S_ISGID - ret |= ((perms & S_ISGID) ? UNIX_SET_GID : 0); + ret |= ((perms & UNIX_SET_GID ) ? S_ISGID : 0); #endif #ifdef S_ISUID - ret |= ((perms & S_ISVTX) ? UNIX_SET_UID : 0); + ret |= ((perms & UNIX_SET_UID ) ? S_ISUID : 0); #endif + + if (VALID_STAT(*pst) && S_ISDIR(pst->st_mode)) { + ret &= lp_dir_mask(SNUM(conn)); + /* Add in force bits */ + ret |= lp_force_dir_mode(SNUM(conn)); + } else { + /* Apply mode mask */ + ret &= lp_create_mask(SNUM(conn)); + /* Add in force bits */ + ret |= lp_force_create_mode(SNUM(conn)); + } + return ret; } -#endif +/**************************************************************************** +checks for SMB_TIME_NO_CHANGE and if not found +calls interpret_long_date +****************************************************************************/ +time_t interpret_long_unix_date(char *p) +{ + DEBUG(1,("interpret_long_unix_date\n")); + if(IVAL(p,0) == SMB_TIME_NO_CHANGE_LO && + IVAL(p,4) == SMB_TIME_NO_CHANGE_HI) { + return -1; + } else { + return interpret_long_date(p); + } +} /**************************************************************************** Get a level dependent lanman2 dir entry. @@ -508,16 +538,23 @@ static BOOL get_lanman2_dir_entry(connection_struct *conn, continue; } } else if (vfs_stat(conn,pathreal,&sbuf) != 0) { - /* Needed to show the msdfs symlinks as directories */ - if(!lp_host_msdfs() || !lp_msdfs_root(SNUM(conn)) - || !is_msdfs_link(conn, pathreal)) { + + /* Needed to show the msdfs symlinks as + * directories */ + + if(lp_host_msdfs() && + lp_msdfs_root(SNUM(conn)) && + is_msdfs_link(conn, pathreal, NULL, NULL, + &sbuf)) { + + DEBUG(5,("get_lanman2_dir_entry: Masquerading msdfs link %s as a directory\n", pathreal)); + sbuf.st_mode = (sbuf.st_mode & 0xFFF) | S_IFDIR; + + } else { + DEBUG(5,("get_lanman2_dir_entry:Couldn't stat [%s] (%s)\n", - pathreal,strerror(errno))); + pathreal,strerror(errno))); continue; - } else { - DEBUG(5,("get_lanman2_dir_entry: Masquerading msdfs link %s as a directory\n", - pathreal)); - sbuf.st_mode = (sbuf.st_mode & 0xFFF) | S_IFDIR; } } @@ -557,7 +594,7 @@ static BOOL get_lanman2_dir_entry(connection_struct *conn, nt_extmode = mode ? mode : FILE_ATTRIBUTE_NORMAL; switch (info_level) { - case 1: + case SMB_INFO_STANDARD: if(requires_resume_key) { SIVAL(p,0,reskey); p += 4; @@ -576,7 +613,7 @@ static BOOL get_lanman2_dir_entry(connection_struct *conn, p += len; break; - case 2: + case SMB_INFO_QUERY_EA_SIZE: if(requires_resume_key) { SIVAL(p,0,reskey); p += 4; @@ -693,14 +730,8 @@ static BOOL get_lanman2_dir_entry(connection_struct *conn, /* CIFS UNIX Extension. */ -#if 0 /* JRA - FIXME - NEEDS UNICODE CONVERSION !!! */ case SMB_FIND_FILE_UNIX: - - len = 108+strlen(fname)+1; /* (length of SMB_QUERY_FILE_UNIX_BASIC = 100)+4+4+strlen(fname)*/ - /* +1 to be sure to transmit the termination of fname */ - len = (len + 3) & ~3; - - SIVAL(p,0,len); p+= 4; /* Offset from this structure to the beginning of the next one */ + p+= 4; SIVAL(p,0,reskey); p+= 4; /* Used for continuing search. */ /* Begin of SMB_QUERY_FILE_UNIX_BASIC */ @@ -750,12 +781,16 @@ static BOOL get_lanman2_dir_entry(connection_struct *conn, SIVAL(p,4,0); p+= 8; + len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE); + p += len; + + len = PTR_DIFF(p, pdata); + len = (len + 3) & ~3; + SIVAL(pdata,0,len); /* Offset from this structure to the beginning of the next one */ + p = pdata + len; /* End of SMB_QUERY_FILE_UNIX_BASIC */ - pstrcpy(p,fname); - p=pdata+len; break; -#endif default: return(False); @@ -782,612 +817,664 @@ static BOOL get_lanman2_dir_entry(connection_struct *conn, Reply to a TRANS2_FINDFIRST. ****************************************************************************/ -static int call_trans2findfirst(connection_struct *conn, - char *inbuf, char *outbuf, int bufsize, - char **pparams, char **ppdata) +static int call_trans2findfirst(connection_struct *conn, char *inbuf, char *outbuf, int bufsize, + char **pparams, int total_params, char **ppdata, int total_data) { - /* We must be careful here that we don't return more than the - allowed number of data bytes. If this means returning fewer than - maxentries then so be it. We assume that the redirector has - enough room for the fixed number of parameter bytes it has - requested. */ - uint32 max_data_bytes = SVAL(inbuf, smb_mdrcnt); - char *params = *pparams; - char *pdata = *ppdata; - int dirtype = SVAL(params,0); - int maxentries = SVAL(params,2); - BOOL close_after_first = BITSETW(params+4,0); - BOOL close_if_end = BITSETW(params+4,1); - BOOL requires_resume_key = BITSETW(params+4,2); - int info_level = SVAL(params,6); - pstring directory; - pstring mask; - char *p, *wcard; - int last_name_off=0; - int dptr_num = -1; - int numentries = 0; - int i; - BOOL finished = False; - BOOL dont_descend = False; - BOOL out_of_space = False; - int space_remaining; - BOOL bad_path = False; - SMB_STRUCT_STAT sbuf; - - *directory = *mask = 0; - - DEBUG(3,("call_trans2findfirst: dirtype = %d, maxentries = %d, close_after_first=%d, close_if_end = %d requires_resume_key = %d level = %d, max_data_bytes = %d\n", - dirtype, maxentries, close_after_first, close_if_end, requires_resume_key, - info_level, max_data_bytes)); + /* We must be careful here that we don't return more than the + allowed number of data bytes. If this means returning fewer than + maxentries then so be it. We assume that the redirector has + enough room for the fixed number of parameter bytes it has + requested. */ + uint32 max_data_bytes = SVAL(inbuf, smb_mdrcnt); + char *params = *pparams; + char *pdata = *ppdata; + int dirtype = SVAL(params,0); + int maxentries = SVAL(params,2); + BOOL close_after_first = BITSETW(params+4,0); + BOOL close_if_end = BITSETW(params+4,1); + BOOL requires_resume_key = BITSETW(params+4,2); + int info_level = SVAL(params,6); + pstring directory; + pstring mask; + char *p, *wcard; + int last_name_off=0; + int dptr_num = -1; + int numentries = 0; + int i; + BOOL finished = False; + BOOL dont_descend = False; + BOOL out_of_space = False; + int space_remaining; + BOOL bad_path = False; + SMB_STRUCT_STAT sbuf; + + if (total_params < 12) + return(ERROR_DOS(ERRDOS,ERRinvalidparam)); + + *directory = *mask = 0; + + DEBUG(3,("call_trans2findfirst: dirtype = %d, maxentries = %d, close_after_first=%d, \ +close_if_end = %d requires_resume_key = %d level = %d, max_data_bytes = %d\n", + dirtype, maxentries, close_after_first, close_if_end, requires_resume_key, + info_level, max_data_bytes)); - switch (info_level) - { - case 1: - case 2: - case 3: - case 4: - case SMB_FIND_FILE_DIRECTORY_INFO: - case SMB_FIND_FILE_FULL_DIRECTORY_INFO: - case SMB_FIND_FILE_NAMES_INFO: - case SMB_FIND_FILE_BOTH_DIRECTORY_INFO: - break; - default: - return(ERROR_DOS(ERRDOS,ERRunknownlevel)); - } - - srvstr_pull(inbuf, directory, params+12, sizeof(directory), -1, STR_TERMINATE); - - RESOLVE_FINDFIRST_DFSPATH(directory, conn, inbuf, outbuf); - - unix_convert(directory,conn,0,&bad_path,&sbuf); - if(!check_name(directory,conn)) { - if((errno == ENOENT) && bad_path) - { - unix_ERR_class = ERRDOS; - unix_ERR_code = ERRbadpath; - } + switch (info_level) { + case SMB_INFO_STANDARD: + case SMB_INFO_QUERY_EA_SIZE: + case SMB_FIND_FILE_DIRECTORY_INFO: + case SMB_FIND_FILE_FULL_DIRECTORY_INFO: + case SMB_FIND_FILE_NAMES_INFO: + case SMB_FIND_FILE_BOTH_DIRECTORY_INFO: + break; + case SMB_FIND_FILE_UNIX: + if (!lp_unix_extensions()) + return(ERROR_DOS(ERRDOS,ERRunknownlevel)); + break; + default: + return(ERROR_DOS(ERRDOS,ERRunknownlevel)); + } -#if 0 - /* Ugly - NT specific hack - maybe not needed ? (JRA) */ - if((errno == ENOTDIR) && (Protocol >= PROTOCOL_NT1) && - (get_remote_arch() == RA_WINNT)) - { - unix_ERR_class = ERRDOS; - unix_ERR_code = ERRbaddirectory; - } -#endif - - return(UNIXERROR(ERRDOS,ERRbadpath)); - } - - p = strrchr_m(directory,'/'); - if(p == NULL) { - pstrcpy(mask,directory); - pstrcpy(directory,"./"); - } else { - pstrcpy(mask,p+1); - *p = 0; - } - - DEBUG(5,("dir=%s, mask = %s\n",directory, mask)); - - pdata = Realloc(*ppdata, max_data_bytes + 1024); - if( pdata == NULL ) { - return(ERROR_DOS(ERRDOS,ERRnomem)); - } - *ppdata = pdata; - memset((char *)pdata,'\0',max_data_bytes + 1024); - - /* Realloc the params space */ - params = Realloc(*pparams, 10); - if (params == NULL) { - return ERROR_DOS(ERRDOS,ERRnomem); - } - *pparams = params; - - dptr_num = dptr_create(conn,directory, False, True ,SVAL(inbuf,smb_pid)); - if (dptr_num < 0) - return(UNIXERROR(ERRDOS,ERRbadfile)); - - /* Save the wildcard match and attribs we are using on this directory - - needed as lanman2 assumes these are being saved between calls */ - - if(!(wcard = strdup(mask))) { - dptr_close(&dptr_num); - return ERROR_DOS(ERRDOS,ERRnomem); - } - - dptr_set_wcard(dptr_num, wcard); - dptr_set_attr(dptr_num, dirtype); - - DEBUG(4,("dptr_num is %d, wcard = %s, attr = %d\n",dptr_num, wcard, dirtype)); - - /* We don't need to check for VOL here as this is returned by - a different TRANS2 call. */ + srvstr_pull(inbuf, directory, params+12, sizeof(directory), -1, STR_TERMINATE); + + RESOLVE_FINDFIRST_DFSPATH(directory, conn, inbuf, outbuf); + + unix_convert(directory,conn,0,&bad_path,&sbuf); + if(!check_name(directory,conn)) { + set_bad_path_error(errno, bad_path); + return(UNIXERROR(ERRDOS,ERRbadpath)); + } + + p = strrchr_m(directory,'/'); + if(p == NULL) { + pstrcpy(mask,directory); + pstrcpy(directory,"./"); + } else { + pstrcpy(mask,p+1); + *p = 0; + } + + DEBUG(5,("dir=%s, mask = %s\n",directory, mask)); + + pdata = Realloc(*ppdata, max_data_bytes + 1024); + if( pdata == NULL ) + return(ERROR_DOS(ERRDOS,ERRnomem)); + + *ppdata = pdata; + memset((char *)pdata,'\0',max_data_bytes + 1024); + + /* Realloc the params space */ + params = Realloc(*pparams, 10); + if (params == NULL) + return ERROR_DOS(ERRDOS,ERRnomem); + *pparams = params; + + dptr_num = dptr_create(conn,directory, False, True ,SVAL(inbuf,smb_pid)); + if (dptr_num < 0) + return(UNIXERROR(ERRDOS,ERRbadfile)); + + /* Save the wildcard match and attribs we are using on this directory - + needed as lanman2 assumes these are being saved between calls */ + + if(!(wcard = strdup(mask))) { + dptr_close(&dptr_num); + return ERROR_DOS(ERRDOS,ERRnomem); + } + + dptr_set_wcard(dptr_num, wcard); + dptr_set_attr(dptr_num, dirtype); + + DEBUG(4,("dptr_num is %d, wcard = %s, attr = %d\n",dptr_num, wcard, dirtype)); + + /* We don't need to check for VOL here as this is returned by + a different TRANS2 call. */ - DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n", - conn->dirpath,lp_dontdescend(SNUM(conn)))); - if (in_list(conn->dirpath,lp_dontdescend(SNUM(conn)),case_sensitive)) - dont_descend = True; + DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n", conn->dirpath,lp_dontdescend(SNUM(conn)))); + if (in_list(conn->dirpath,lp_dontdescend(SNUM(conn)),case_sensitive)) + dont_descend = True; - p = pdata; - space_remaining = max_data_bytes; - out_of_space = False; - - for (i=0;(i 0) - { - out_of_space = True; - finished = False; - } - else - { - finished = !get_lanman2_dir_entry(conn, + p = pdata; + space_remaining = max_data_bytes; + out_of_space = False; + + for (i=0;(i 0) { + out_of_space = True; + finished = False; + } else { + finished = !get_lanman2_dir_entry(conn, inbuf, outbuf, mask,dirtype,info_level, requires_resume_key,dont_descend, &p,pdata,space_remaining, &out_of_space, &got_exact_match, &last_name_off); - } + } - if (finished && out_of_space) - finished = False; + if (finished && out_of_space) + finished = False; - if (!finished && !out_of_space) - numentries++; + if (!finished && !out_of_space) + numentries++; - /* - * As an optimisation if we know we aren't looking - * for a wildcard name (ie. the name matches the wildcard exactly) - * then we can finish on any (first) match. - * This speeds up large directory searches. JRA. - */ + /* + * As an optimisation if we know we aren't looking + * for a wildcard name (ie. the name matches the wildcard exactly) + * then we can finish on any (first) match. + * This speeds up large directory searches. JRA. + */ - if(got_exact_match) - finished = True; + if(got_exact_match) + finished = True; - space_remaining = max_data_bytes - PTR_DIFF(p,pdata); - } + space_remaining = max_data_bytes - PTR_DIFF(p,pdata); + } - /* Check if we can close the dirptr */ - if(close_after_first || (finished && close_if_end)) - { - DEBUG(5,("call_trans2findfirst - (2) closing dptr_num %d\n", dptr_num)); - dptr_close(&dptr_num); - } - - /* - * If there are no matching entries we must return ERRDOS/ERRbadfile - - * from observation of NT. - */ - - if(numentries == 0) { - dptr_close(&dptr_num); - return ERROR_DOS(ERRDOS,ERRbadfile); - } - - /* At this point pdata points to numentries directory entries. */ - - /* Set up the return parameter block */ - SSVAL(params,0,dptr_num); - SSVAL(params,2,numentries); - SSVAL(params,4,finished); - SSVAL(params,6,0); /* Never an EA error */ - SSVAL(params,8,last_name_off); - - send_trans2_replies( outbuf, bufsize, params, 10, pdata, PTR_DIFF(p,pdata)); - - if ((! *directory) && dptr_path(dptr_num)) - slprintf(directory,sizeof(directory)-1, "(%s)",dptr_path(dptr_num)); - - DEBUG( 4, ( "%s mask=%s directory=%s dirtype=%d numentries=%d\n", - smb_fn_name(CVAL(inbuf,smb_com)), - mask, directory, dirtype, numentries ) ); - - /* - * Force a name mangle here to ensure that the - * mask as an 8.3 name is top of the mangled cache. - * The reasons for this are subtle. Don't remove - * this code unless you know what you are doing - * (see PR#13758). JRA. - */ - - if(!mangle_is_8_3( mask, False)) - mangle_map(mask, True, True, SNUM(conn)); - - return(-1); + /* Check if we can close the dirptr */ + if(close_after_first || (finished && close_if_end)) { + DEBUG(5,("call_trans2findfirst - (2) closing dptr_num %d\n", dptr_num)); + dptr_close(&dptr_num); + } + + /* + * If there are no matching entries we must return ERRDOS/ERRbadfile - + * from observation of NT. + */ + + if(numentries == 0) { + dptr_close(&dptr_num); + return ERROR_DOS(ERRDOS,ERRbadfile); + } + + /* At this point pdata points to numentries directory entries. */ + + /* Set up the return parameter block */ + SSVAL(params,0,dptr_num); + SSVAL(params,2,numentries); + SSVAL(params,4,finished); + SSVAL(params,6,0); /* Never an EA error */ + SSVAL(params,8,last_name_off); + + send_trans2_replies( outbuf, bufsize, params, 10, pdata, PTR_DIFF(p,pdata)); + + if ((! *directory) && dptr_path(dptr_num)) + slprintf(directory,sizeof(directory)-1, "(%s)",dptr_path(dptr_num)); + + DEBUG( 4, ( "%s mask=%s directory=%s dirtype=%d numentries=%d\n", + smb_fn_name(CVAL(inbuf,smb_com)), + mask, directory, dirtype, numentries ) ); + + /* + * Force a name mangle here to ensure that the + * mask as an 8.3 name is top of the mangled cache. + * The reasons for this are subtle. Don't remove + * this code unless you know what you are doing + * (see PR#13758). JRA. + */ + + if(!mangle_is_8_3_wildcards( mask, False)) + mangle_map(mask, True, True, SNUM(conn)); + + return(-1); } /**************************************************************************** Reply to a TRANS2_FINDNEXT. ****************************************************************************/ -static int call_trans2findnext(connection_struct *conn, - char *inbuf, char *outbuf, - int length, int bufsize, - char **pparams, char **ppdata) +static int call_trans2findnext(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, + char **pparams, int total_params, char **ppdata, int total_data) { - /* We must be careful here that we don't return more than the - allowed number of data bytes. If this means returning fewer than - maxentries then so be it. We assume that the redirector has - enough room for the fixed number of parameter bytes it has - requested. */ - int max_data_bytes = SVAL(inbuf, smb_mdrcnt); - char *params = *pparams; - char *pdata = *ppdata; - int dptr_num = SVAL(params,0); - int maxentries = SVAL(params,2); - uint16 info_level = SVAL(params,4); - uint32 resume_key = IVAL(params,6); - BOOL close_after_request = BITSETW(params+10,0); - BOOL close_if_end = BITSETW(params+10,1); - BOOL requires_resume_key = BITSETW(params+10,2); - BOOL continue_bit = BITSETW(params+10,3); - pstring resume_name; - pstring mask; - pstring directory; - char *p; - uint16 dirtype; - int numentries = 0; - int i, last_name_off=0; - BOOL finished = False; - BOOL dont_descend = False; - BOOL out_of_space = False; - int space_remaining; - - *mask = *directory = *resume_name = 0; - - srvstr_pull(inbuf, resume_name, params+12, sizeof(resume_name), -1, STR_TERMINATE); - - DEBUG(3,("call_trans2findnext: dirhandle = %d, max_data_bytes = %d, maxentries = %d, \ + /* We must be careful here that we don't return more than the + allowed number of data bytes. If this means returning fewer than + maxentries then so be it. We assume that the redirector has + enough room for the fixed number of parameter bytes it has + requested. */ + int max_data_bytes = SVAL(inbuf, smb_mdrcnt); + char *params = *pparams; + char *pdata = *ppdata; + int dptr_num = SVAL(params,0); + int maxentries = SVAL(params,2); + uint16 info_level = SVAL(params,4); + uint32 resume_key = IVAL(params,6); + BOOL close_after_request = BITSETW(params+10,0); + BOOL close_if_end = BITSETW(params+10,1); + BOOL requires_resume_key = BITSETW(params+10,2); + BOOL continue_bit = BITSETW(params+10,3); + pstring resume_name; + pstring mask; + pstring directory; + char *p; + uint16 dirtype; + int numentries = 0; + int i, last_name_off=0; + BOOL finished = False; + BOOL dont_descend = False; + BOOL out_of_space = False; + int space_remaining; + + if (total_params < 12) + return(ERROR_DOS(ERRDOS,ERRinvalidparam)); + + *mask = *directory = *resume_name = 0; + + srvstr_pull(inbuf, resume_name, params+12, sizeof(resume_name), -1, STR_TERMINATE); + + DEBUG(3,("call_trans2findnext: dirhandle = %d, max_data_bytes = %d, maxentries = %d, \ close_after_request=%d, close_if_end = %d requires_resume_key = %d \ resume_key = %d resume name = %s continue=%d level = %d\n", - dptr_num, max_data_bytes, maxentries, close_after_request, close_if_end, - requires_resume_key, resume_key, resume_name, continue_bit, info_level)); - - switch (info_level) - { - case 1: - case 2: - case 3: - case 4: - case SMB_FIND_FILE_DIRECTORY_INFO: - case SMB_FIND_FILE_FULL_DIRECTORY_INFO: - case SMB_FIND_FILE_NAMES_INFO: - case SMB_FIND_FILE_BOTH_DIRECTORY_INFO: - break; - default: - return ERROR_DOS(ERRDOS,ERRunknownlevel); - } - - pdata = Realloc( *ppdata, max_data_bytes + 1024); - if(pdata == NULL) { - return ERROR_DOS(ERRDOS,ERRnomem); - } - *ppdata = pdata; - memset((char *)pdata,'\0',max_data_bytes + 1024); - - /* Realloc the params space */ - params = Realloc(*pparams, 6*SIZEOFWORD); - if( params == NULL ) { - return ERROR_DOS(ERRDOS,ERRnomem); - } - *pparams = params; - - /* Check that the dptr is valid */ - if(!(conn->dirptr = dptr_fetch_lanman2(dptr_num))) - return ERROR_DOS(ERRDOS,ERRnofiles); - - string_set(&conn->dirpath,dptr_path(dptr_num)); - - /* Get the wildcard mask from the dptr */ - if((p = dptr_wcard(dptr_num))== NULL) { - DEBUG(2,("dptr_num %d has no wildcard\n", dptr_num)); - return ERROR_DOS(ERRDOS,ERRnofiles); - } - pstrcpy(mask, p); - pstrcpy(directory,conn->dirpath); - - /* Get the attr mask from the dptr */ - dirtype = dptr_attr(dptr_num); - - DEBUG(3,("dptr_num is %d, mask = %s, attr = %x, dirptr=(0x%lX,%d)\n", - dptr_num, mask, dirtype, - (long)conn->dirptr, - TellDir(conn->dirptr))); - - /* We don't need to check for VOL here as this is returned by - a different TRANS2 call. */ - - DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",conn->dirpath,lp_dontdescend(SNUM(conn)))); - if (in_list(conn->dirpath,lp_dontdescend(SNUM(conn)),case_sensitive)) - dont_descend = True; + dptr_num, max_data_bytes, maxentries, close_after_request, close_if_end, + requires_resume_key, resume_key, resume_name, continue_bit, info_level)); + + switch (info_level) { + case SMB_INFO_STANDARD: + case SMB_INFO_QUERY_EA_SIZE: + case SMB_FIND_FILE_DIRECTORY_INFO: + case SMB_FIND_FILE_FULL_DIRECTORY_INFO: + case SMB_FIND_FILE_NAMES_INFO: + case SMB_FIND_FILE_BOTH_DIRECTORY_INFO: + break; + case SMB_FIND_FILE_UNIX: + if (!lp_unix_extensions()) + return(ERROR_DOS(ERRDOS,ERRunknownlevel)); + break; + default: + return ERROR_DOS(ERRDOS,ERRunknownlevel); + } + + pdata = Realloc( *ppdata, max_data_bytes + 1024); + if(pdata == NULL) + return ERROR_DOS(ERRDOS,ERRnomem); + + *ppdata = pdata; + memset((char *)pdata,'\0',max_data_bytes + 1024); + + /* Realloc the params space */ + params = Realloc(*pparams, 6*SIZEOFWORD); + if( params == NULL ) + return ERROR_DOS(ERRDOS,ERRnomem); + + *pparams = params; + + /* Check that the dptr is valid */ + if(!(conn->dirptr = dptr_fetch_lanman2(dptr_num))) + return ERROR_DOS(ERRDOS,ERRnofiles); + + string_set(&conn->dirpath,dptr_path(dptr_num)); + + /* Get the wildcard mask from the dptr */ + if((p = dptr_wcard(dptr_num))== NULL) { + DEBUG(2,("dptr_num %d has no wildcard\n", dptr_num)); + return ERROR_DOS(ERRDOS,ERRnofiles); + } + + pstrcpy(mask, p); + pstrcpy(directory,conn->dirpath); + + /* Get the attr mask from the dptr */ + dirtype = dptr_attr(dptr_num); + + DEBUG(3,("dptr_num is %d, mask = %s, attr = %x, dirptr=(0x%lX,%d)\n", + dptr_num, mask, dirtype, + (long)conn->dirptr, + TellDir(conn->dirptr))); + + /* We don't need to check for VOL here as this is returned by + a different TRANS2 call. */ + + DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",conn->dirpath,lp_dontdescend(SNUM(conn)))); + if (in_list(conn->dirpath,lp_dontdescend(SNUM(conn)),case_sensitive)) + dont_descend = True; - p = pdata; - space_remaining = max_data_bytes; - out_of_space = False; - - /* - * Seek to the correct position. We no longer use the resume key but - * depend on the last file name instead. - */ - if(requires_resume_key && *resume_name && !continue_bit) - { - /* - * Fix for NT redirector problem triggered by resume key indexes - * changing between directory scans. We now return a resume key of 0 - * and instead look for the filename to continue from (also given - * to us by NT/95/smbfs/smbclient). If no other scans have been done between the - * findfirst/findnext (as is usual) then the directory pointer - * should already be at the correct place. Check this by scanning - * backwards looking for an exact (ie. case sensitive) filename match. - * If we get to the beginning of the directory and haven't found it then scan - * forwards again looking for a match. JRA. - */ - - int current_pos, start_pos; - char *dname = NULL; - void *dirptr = conn->dirptr; - start_pos = TellDir(dirptr); - for(current_pos = start_pos; current_pos >= 0; current_pos--) - { - DEBUG(7,("call_trans2findnext: seeking to pos %d\n", current_pos)); - - SeekDir(dirptr, current_pos); - dname = ReadDirName(dirptr); - - /* - * Remember, mangle_map is called by - * get_lanman2_dir_entry(), so the resume name - * could be mangled. Ensure we do the same - * here. - */ - - if(dname != NULL) - mangle_map( dname, False, True, SNUM(conn)); - - if(dname && strcsequal( resume_name, dname)) - { - SeekDir(dirptr, current_pos+1); - DEBUG(7,("call_trans2findnext: got match at pos %d\n", current_pos+1 )); - break; - } - } - - /* - * Scan forward from start if not found going backwards. - */ - - if(current_pos < 0) - { - DEBUG(7,("call_trans2findnext: notfound: seeking to pos %d\n", start_pos)); - SeekDir(dirptr, start_pos); - for(current_pos = start_pos; (dname = ReadDirName(dirptr)) != NULL; SeekDir(dirptr,++current_pos)) - { - /* - * Remember, mangle_map is called by - * get_lanman2_dir_entry(), so the resume name - * could be mangled. Ensure we do the same - * here. - */ - - if(dname != NULL) - mangle_map( dname, False, True, SNUM(conn)); - - if(dname && strcsequal( resume_name, dname)) - { - SeekDir(dirptr, current_pos+1); - DEBUG(7,("call_trans2findnext: got match at pos %d\n", current_pos+1 )); - break; - } - } /* end for */ - } /* end if current_pos */ - } /* end if requires_resume_key && !continue_bit */ - - for (i=0;(i<(int)maxentries) && !finished && !out_of_space ;i++) - { - BOOL got_exact_match = False; - - /* this is a heuristic to avoid seeking the dirptr except when - absolutely necessary. It allows for a filename of about 40 chars */ - if (space_remaining < DIRLEN_GUESS && numentries > 0) - { - out_of_space = True; - finished = False; - } - else - { - finished = !get_lanman2_dir_entry(conn, - inbuf, outbuf, - mask,dirtype,info_level, - requires_resume_key,dont_descend, - &p,pdata,space_remaining, &out_of_space, &got_exact_match, - &last_name_off); - } + p = pdata; + space_remaining = max_data_bytes; + out_of_space = False; - if (finished && out_of_space) - finished = False; + /* + * Seek to the correct position. We no longer use the resume key but + * depend on the last file name instead. + */ - if (!finished && !out_of_space) - numentries++; + if(requires_resume_key && *resume_name && !continue_bit) { - /* - * As an optimisation if we know we aren't looking - * for a wildcard name (ie. the name matches the wildcard exactly) - * then we can finish on any (first) match. - * This speeds up large directory searches. JRA. - */ + /* + * Fix for NT redirector problem triggered by resume key indexes + * changing between directory scans. We now return a resume key of 0 + * and instead look for the filename to continue from (also given + * to us by NT/95/smbfs/smbclient). If no other scans have been done between the + * findfirst/findnext (as is usual) then the directory pointer + * should already be at the correct place. Check this by scanning + * backwards looking for an exact (ie. case sensitive) filename match. + * If we get to the beginning of the directory and haven't found it then scan + * forwards again looking for a match. JRA. + */ + + int current_pos, start_pos; + char *dname = NULL; + void *dirptr = conn->dirptr; + start_pos = TellDir(dirptr); + for(current_pos = start_pos; current_pos >= 0; current_pos--) { + DEBUG(7,("call_trans2findnext: seeking to pos %d\n", current_pos)); + + SeekDir(dirptr, current_pos); + dname = ReadDirName(dirptr); + + /* + * Remember, mangle_map is called by + * get_lanman2_dir_entry(), so the resume name + * could be mangled. Ensure we do the same + * here. + */ + + if(dname != NULL) + mangle_map( dname, False, True, SNUM(conn)); + + if(dname && strcsequal( resume_name, dname)) { + SeekDir(dirptr, current_pos+1); + DEBUG(7,("call_trans2findnext: got match at pos %d\n", current_pos+1 )); + break; + } + } + + /* + * Scan forward from start if not found going backwards. + */ + + if(current_pos < 0) { + DEBUG(7,("call_trans2findnext: notfound: seeking to pos %d\n", start_pos)); + SeekDir(dirptr, start_pos); + for(current_pos = start_pos; (dname = ReadDirName(dirptr)) != NULL; SeekDir(dirptr,++current_pos)) { + + /* + * Remember, mangle_map is called by + * get_lanman2_dir_entry(), so the resume name + * could be mangled. Ensure we do the same + * here. + */ + + if(dname != NULL) + mangle_map( dname, False, True, SNUM(conn)); + + if(dname && strcsequal( resume_name, dname)) { + SeekDir(dirptr, current_pos+1); + DEBUG(7,("call_trans2findnext: got match at pos %d\n", current_pos+1 )); + break; + } + } /* end for */ + } /* end if current_pos */ + } /* end if requires_resume_key && !continue_bit */ + + for (i=0;(i<(int)maxentries) && !finished && !out_of_space ;i++) { + BOOL got_exact_match = False; + + /* this is a heuristic to avoid seeking the dirptr except when + absolutely necessary. It allows for a filename of about 40 chars */ + if (space_remaining < DIRLEN_GUESS && numentries > 0) { + out_of_space = True; + finished = False; + } else { + finished = !get_lanman2_dir_entry(conn, + inbuf, outbuf, + mask,dirtype,info_level, + requires_resume_key,dont_descend, + &p,pdata,space_remaining, &out_of_space, &got_exact_match, + &last_name_off); + } - if(got_exact_match) - finished = True; + if (finished && out_of_space) + finished = False; - space_remaining = max_data_bytes - PTR_DIFF(p,pdata); - } + if (!finished && !out_of_space) + numentries++; + + /* + * As an optimisation if we know we aren't looking + * for a wildcard name (ie. the name matches the wildcard exactly) + * then we can finish on any (first) match. + * This speeds up large directory searches. JRA. + */ + + if(got_exact_match) + finished = True; + + space_remaining = max_data_bytes - PTR_DIFF(p,pdata); + } - /* Check if we can close the dirptr */ - if(close_after_request || (finished && close_if_end)) - { - DEBUG(5,("call_trans2findnext: closing dptr_num = %d\n", dptr_num)); - dptr_close(&dptr_num); /* This frees up the saved mask */ - } + /* Check if we can close the dirptr */ + if(close_after_request || (finished && close_if_end)) { + DEBUG(5,("call_trans2findnext: closing dptr_num = %d\n", dptr_num)); + dptr_close(&dptr_num); /* This frees up the saved mask */ + } - /* Set up the return parameter block */ - SSVAL(params,0,numentries); - SSVAL(params,2,finished); - SSVAL(params,4,0); /* Never an EA error */ - SSVAL(params,6,last_name_off); + /* Set up the return parameter block */ + SSVAL(params,0,numentries); + SSVAL(params,2,finished); + SSVAL(params,4,0); /* Never an EA error */ + SSVAL(params,6,last_name_off); - send_trans2_replies( outbuf, bufsize, params, 8, pdata, PTR_DIFF(p,pdata)); + send_trans2_replies( outbuf, bufsize, params, 8, pdata, PTR_DIFF(p,pdata)); - if ((! *directory) && dptr_path(dptr_num)) - slprintf(directory,sizeof(directory)-1, "(%s)",dptr_path(dptr_num)); + if ((! *directory) && dptr_path(dptr_num)) + slprintf(directory,sizeof(directory)-1, "(%s)",dptr_path(dptr_num)); - DEBUG( 3, ( "%s mask=%s directory=%s dirtype=%d numentries=%d\n", - smb_fn_name(CVAL(inbuf,smb_com)), - mask, directory, dirtype, numentries ) ); + DEBUG( 3, ( "%s mask=%s directory=%s dirtype=%d numentries=%d\n", + smb_fn_name(CVAL(inbuf,smb_com)), + mask, directory, dirtype, numentries ) ); - return(-1); + return(-1); } /**************************************************************************** Reply to a TRANS2_QFSINFO (query filesystem info). ****************************************************************************/ -static int call_trans2qfsinfo(connection_struct *conn, - char *inbuf, char *outbuf, - int length, int bufsize, - char **pparams, char **ppdata) +static int call_trans2qfsinfo(connection_struct *conn, char *inbuf, char *outbuf, + int length, int bufsize, + char **pparams, int total_params, char **ppdata, int total_data) { - int max_data_bytes = SVAL(inbuf, smb_mdrcnt); - char *pdata = *ppdata; - char *params = *pparams; - uint16 info_level = SVAL(params,0); - int data_len, len; - SMB_STRUCT_STAT st; - char *vname = volume_label(SNUM(conn)); - int snum = SNUM(conn); - char *fstype = lp_fstype(SNUM(conn)); - - DEBUG(3,("call_trans2qfsinfo: level = %d\n", info_level)); - - if(vfs_stat(conn,".",&st)!=0) { - DEBUG(2,("call_trans2qfsinfo: stat of . failed (%s)\n", strerror(errno))); - return ERROR_DOS(ERRSRV,ERRinvdevice); - } - - pdata = Realloc(*ppdata, max_data_bytes + 1024); - if ( pdata == NULL ) { - return ERROR_DOS(ERRDOS,ERRnomem); - } - *ppdata = pdata; - memset((char *)pdata,'\0',max_data_bytes + 1024); - - switch (info_level) - { - case 1: - { - SMB_BIG_UINT dfree,dsize,bsize; - data_len = 18; - conn->vfs_ops.disk_free(conn,".",False,&bsize,&dfree,&dsize); - SIVAL(pdata,l1_idFileSystem,st.st_dev); - SIVAL(pdata,l1_cSectorUnit,bsize/512); - SIVAL(pdata,l1_cUnit,dsize); - SIVAL(pdata,l1_cUnitAvail,dfree); - SSVAL(pdata,l1_cbSector,512); - DEBUG(5,("call_trans2qfsinfo : bsize=%u, id=%x, cSectorUnit=%u, cUnit=%u, cUnitAvail=%u, cbSector=%d\n", - (unsigned int)bsize, (unsigned int)st.st_dev, ((unsigned int)bsize)/512, (unsigned int)dsize, - (unsigned int)dfree, 512)); - break; - } - case 2: - /* Return volume name */ - /* - * Add volume serial number - hash of a combination of - * the called hostname and the service name. - */ - SIVAL(pdata,0,str_checksum(lp_servicename(snum)) ^ (str_checksum(local_machine)<<16) ); - len = srvstr_push(outbuf, pdata+l2_vol_szVolLabel, vname, -1, - STR_TERMINATE); - SCVAL(pdata,l2_vol_cch,len); - data_len = l2_vol_szVolLabel + len; - DEBUG(5,("call_trans2qfsinfo : time = %x, namelen = %d, name = %s\n", - (unsigned)st.st_ctime, len, vname)); - break; + int max_data_bytes = SVAL(inbuf, smb_mdrcnt); + char *pdata = *ppdata; + char *params = *pparams; + uint16 info_level = SVAL(params,0); + int data_len, len; + SMB_STRUCT_STAT st; + char *vname = volume_label(SNUM(conn)); + int snum = SNUM(conn); + char *fstype = lp_fstype(SNUM(conn)); + + DEBUG(3,("call_trans2qfsinfo: level = %d\n", info_level)); + + if(vfs_stat(conn,".",&st)!=0) { + DEBUG(2,("call_trans2qfsinfo: stat of . failed (%s)\n", strerror(errno))); + return ERROR_DOS(ERRSRV,ERRinvdevice); + } - case SMB_QUERY_FS_ATTRIBUTE_INFO: - SIVAL(pdata,0,FILE_CASE_PRESERVED_NAMES|FILE_CASE_SENSITIVE_SEARCH| - (lp_nt_acl_support(SNUM(conn)) ? FILE_PERSISTENT_ACLS : 0)); /* FS ATTRIBUTES */ - SIVAL(pdata,4,255); /* Max filename component length */ - /* NOTE! the fstype must *not* be null terminated or win98 won't recognise it - and will think we can't do long filenames */ - len = srvstr_push(outbuf, pdata+12, fstype, -1, 0); - SIVAL(pdata,8,len); - data_len = 12 + len; - break; + pdata = Realloc(*ppdata, max_data_bytes + 1024); + if ( pdata == NULL ) + return ERROR_DOS(ERRDOS,ERRnomem); - case SMB_QUERY_FS_LABEL_INFO: - len = srvstr_push(outbuf, pdata+4, vname, -1, STR_TERMINATE); - data_len = 4 + len; - SIVAL(pdata,0,len); - break; - case SMB_QUERY_FS_VOLUME_INFO: - /* - * Add volume serial number - hash of a combination of - * the called hostname and the service name. - */ - SIVAL(pdata,8,str_checksum(lp_servicename(snum)) ^ - (str_checksum(local_machine)<<16)); - - len = srvstr_push(outbuf, pdata+18, vname, -1, STR_TERMINATE); - SIVAL(pdata,12,len); - data_len = 18+len; - DEBUG(5,("call_trans2qfsinfo : SMB_QUERY_FS_VOLUME_INFO namelen = %d, vol=%s serv=%s\n", - (int)strlen(vname),vname, lp_servicename(snum))); - break; - case SMB_QUERY_FS_SIZE_INFO: - { - SMB_BIG_UINT dfree,dsize,bsize; - data_len = 24; - conn->vfs_ops.disk_free(conn,".",False,&bsize,&dfree,&dsize); - SBIG_UINT(pdata,0,dsize); - SBIG_UINT(pdata,8,dfree); - SIVAL(pdata,16,bsize/512); - SIVAL(pdata,20,512); - break; - } - case SMB_QUERY_FS_DEVICE_INFO: - data_len = 8; - SIVAL(pdata,0,0); /* dev type */ - SIVAL(pdata,4,0); /* characteristics */ - break; - case SMB_MAC_QUERY_FS_INFO: - /* - * Thursby MAC extension... ONLY on NTFS filesystems - * once we do streams then we don't need this - */ - if (strequal(lp_fstype(SNUM(conn)),"NTFS")) { - data_len = 88; - SIVAL(pdata,84,0x100); /* Don't support mac... */ - break; - } - /* drop through */ - default: - return ERROR_DOS(ERRDOS,ERRunknownlevel); - } - - - send_trans2_replies( outbuf, bufsize, params, 0, pdata, data_len); - - DEBUG( 4, ( "%s info_level = %d\n", - smb_fn_name(CVAL(inbuf,smb_com)), info_level) ); - - return -1; + *ppdata = pdata; + memset((char *)pdata,'\0',max_data_bytes + 1024); + + switch (info_level) { + case SMB_INFO_ALLOCATION: + { + SMB_BIG_UINT dfree,dsize,bsize; + data_len = 18; + conn->vfs_ops.disk_free(conn,".",False,&bsize,&dfree,&dsize); + SIVAL(pdata,l1_idFileSystem,st.st_dev); + SIVAL(pdata,l1_cSectorUnit,bsize/512); + SIVAL(pdata,l1_cUnit,dsize); + SIVAL(pdata,l1_cUnitAvail,dfree); + SSVAL(pdata,l1_cbSector,512); + DEBUG(5,("call_trans2qfsinfo : bsize=%u, id=%x, cSectorUnit=%u, cUnit=%u, cUnitAvail=%u, cbSector=%d\n", + (unsigned int)bsize, (unsigned int)st.st_dev, ((unsigned int)bsize)/512, (unsigned int)dsize, + (unsigned int)dfree, 512)); + break; + } + + case SMB_INFO_VOLUME: + /* Return volume name */ + /* + * Add volume serial number - hash of a combination of + * the called hostname and the service name. + */ + SIVAL(pdata,0,str_checksum(lp_servicename(snum)) ^ (str_checksum(local_machine)<<16) ); + len = srvstr_push(outbuf, pdata+l2_vol_szVolLabel, vname, -1, STR_TERMINATE); + SCVAL(pdata,l2_vol_cch,len); + data_len = l2_vol_szVolLabel + len; + DEBUG(5,("call_trans2qfsinfo : time = %x, namelen = %d, name = %s\n", + (unsigned)st.st_ctime, len, vname)); + break; + + case SMB_QUERY_FS_ATTRIBUTE_INFO: + case SMB_FS_ATTRIBUTE_INFORMATION: + + SIVAL(pdata,0,FILE_CASE_PRESERVED_NAMES|FILE_CASE_SENSITIVE_SEARCH| + (lp_nt_acl_support(SNUM(conn)) ? FILE_PERSISTENT_ACLS : 0)); /* FS ATTRIBUTES */ + SIVAL(pdata,4,255); /* Max filename component length */ + /* NOTE! the fstype must *not* be null terminated or win98 won't recognise it + and will think we can't do long filenames */ + len = srvstr_push(outbuf, pdata+12, fstype, -1, 0); + SIVAL(pdata,8,len); + data_len = 12 + len; + break; + + case SMB_QUERY_FS_LABEL_INFO: + case SMB_FS_LABEL_INFORMATION: + len = srvstr_push(outbuf, pdata+4, vname, -1, STR_TERMINATE); + data_len = 4 + len; + SIVAL(pdata,0,len); + break; + + case SMB_QUERY_FS_VOLUME_INFO: + case SMB_FS_VOLUME_INFORMATION: + + /* + * Add volume serial number - hash of a combination of + * the called hostname and the service name. + */ + SIVAL(pdata,8,str_checksum(lp_servicename(snum)) ^ + (str_checksum(local_machine)<<16)); + + len = srvstr_push(outbuf, pdata+18, vname, -1, STR_TERMINATE); + SIVAL(pdata,12,len); + data_len = 18+len; + DEBUG(5,("call_trans2qfsinfo : SMB_QUERY_FS_VOLUME_INFO namelen = %d, vol=%s serv=%s\n", + (int)strlen(vname),vname, lp_servicename(snum))); + break; + + case SMB_QUERY_FS_SIZE_INFO: + case SMB_FS_SIZE_INFORMATION: + { + SMB_BIG_UINT dfree,dsize,bsize,block_size,sectors_per_unit,bytes_per_sector; + data_len = 24; + conn->vfs_ops.disk_free(conn,".",False,&bsize,&dfree,&dsize); + block_size = lp_block_size(snum); + if (bsize < block_size) { + SMB_BIG_UINT factor = block_size/bsize; + bsize = block_size; + dsize /= factor; + dfree /= factor; + } + if (bsize > block_size) { + SMB_BIG_UINT factor = bsize/block_size; + bsize = block_size; + dsize *= factor; + dfree *= factor; + } + bytes_per_sector = 512; + sectors_per_unit = bsize/bytes_per_sector; + DEBUG(5,("call_trans2qfsinfo : SMB_QUERY_FS_SIZE_INFO bsize=%u, cSectorUnit=%u, \ +cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned int)sectors_per_unit, + (unsigned int)bytes_per_sector, (unsigned int)dsize, (unsigned int)dfree)); + SBIG_UINT(pdata,0,dsize); + SBIG_UINT(pdata,8,dfree); + SIVAL(pdata,16,sectors_per_unit); + SIVAL(pdata,20,bytes_per_sector); + break; + } + + case SMB_FS_FULL_SIZE_INFORMATION: + { + SMB_BIG_UINT dfree,dsize,bsize,block_size,sectors_per_unit,bytes_per_sector; + data_len = 32; + conn->vfs_ops.disk_free(conn,".",False,&bsize,&dfree,&dsize); + block_size = lp_block_size(snum); + if (bsize < block_size) { + SMB_BIG_UINT factor = block_size/bsize; + bsize = block_size; + dsize /= factor; + dfree /= factor; + } + if (bsize > block_size) { + SMB_BIG_UINT factor = bsize/block_size; + bsize = block_size; + dsize *= factor; + dfree *= factor; + } + bytes_per_sector = 512; + sectors_per_unit = bsize/bytes_per_sector; + DEBUG(5,("call_trans2qfsinfo : SMB_QUERY_FS_FULL_SIZE_INFO bsize=%u, cSectorUnit=%u, \ +cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned int)sectors_per_unit, + (unsigned int)bytes_per_sector, (unsigned int)dsize, (unsigned int)dfree)); + SBIG_UINT(pdata,0,dsize); /* Total Allocation units. */ + SBIG_UINT(pdata,8,dfree); /* Caller available allocation units. */ + SBIG_UINT(pdata,16,dfree); /* Actual available allocation units. */ + SIVAL(pdata,24,sectors_per_unit); /* Sectors per allocation unit. */ + SIVAL(pdata,28,bytes_per_sector); /* Bytes per sector. */ + break; + } + + case SMB_QUERY_FS_DEVICE_INFO: + case SMB_FS_DEVICE_INFORMATION: + data_len = 8; + SIVAL(pdata,0,0); /* dev type */ + SIVAL(pdata,4,0); /* characteristics */ + break; + + case SMB_FS_OBJECTID_INFORMATION: + data_len = 64; + break; + + /* + * Query the version and capabilities of the CIFS UNIX extensions + * in use. + */ + + case SMB_QUERY_CIFS_UNIX_INFO: + if (!lp_unix_extensions()) + return ERROR_DOS(ERRDOS,ERRunknownlevel); + data_len = 12; + SSVAL(pdata,0,CIFS_UNIX_MAJOR_VERSION); + SSVAL(pdata,2,CIFS_UNIX_MINOR_VERSION); + SBIG_UINT(pdata,4,((SMB_BIG_UINT)0)); /* No capabilities for now... */ + break; + + case SMB_MAC_QUERY_FS_INFO: + /* + * Thursby MAC extension... ONLY on NTFS filesystems + * once we do streams then we don't need this + */ + if (strequal(lp_fstype(SNUM(conn)),"NTFS")) { + data_len = 88; + SIVAL(pdata,84,0x100); /* Don't support mac... */ + break; + } + /* drop through */ + default: + return ERROR_DOS(ERRDOS,ERRunknownlevel); + } + + + send_trans2_replies( outbuf, bufsize, params, 0, pdata, data_len); + + DEBUG( 4, ( "%s info_level = %d\n", smb_fn_name(CVAL(inbuf,smb_com)), info_level) ); + + return -1; } /**************************************************************************** @@ -1395,21 +1482,20 @@ static int call_trans2qfsinfo(connection_struct *conn, ****************************************************************************/ static int call_trans2setfsinfo(connection_struct *conn, - char *inbuf, char *outbuf, int length, - int bufsize, - char **pparams, char **ppdata) + char *inbuf, char *outbuf, int length, int bufsize, + char **pparams, int total_params, char **ppdata, int total_data) { - /* Just say yes we did it - there is nothing that - can be set here so it doesn't matter. */ - int outsize; - DEBUG(3,("call_trans2setfsinfo\n")); + /* Just say yes we did it - there is nothing that + can be set here so it doesn't matter. */ + int outsize; + DEBUG(3,("call_trans2setfsinfo\n")); - if (!CAN_WRITE(conn)) - return ERROR_DOS(ERRSRV,ERRaccess); + if (!CAN_WRITE(conn)) + return ERROR_DOS(ERRSRV,ERRaccess); - outsize = set_message(outbuf,10,0,True); + outsize = set_message(outbuf,10,0,True); - return outsize; + return outsize; } /**************************************************************************** @@ -1434,8 +1520,7 @@ NTSTATUS set_bad_path_error(int err, BOOL bad_path) static int call_trans2qfilepathinfo(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, - char **pparams,char **ppdata, - int total_data) + char **pparams, int total_params, char **ppdata, int total_data) { int max_data_bytes = SVAL(inbuf, smb_mdrcnt); char *params = *pparams; @@ -1448,6 +1533,7 @@ static int call_trans2qfilepathinfo(connection_struct *conn, unsigned int data_size; SMB_STRUCT_STAT sbuf; pstring fname, dos_fname; + char *fullpathname; char *base_name; char *p; SMB_OFF_T pos = 0; @@ -1456,9 +1542,8 @@ static int call_trans2qfilepathinfo(connection_struct *conn, int len; time_t c_time; - if (!params) { + if (!params) return ERROR_NT(NT_STATUS_INVALID_PARAMETER); - } if (tran_call == TRANSACT2_QFILEINFO) { files_struct *fsp = file_fsp(params,0); @@ -1474,16 +1559,25 @@ static int call_trans2qfilepathinfo(connection_struct *conn, */ pstrcpy(fname, fsp->fsp_name); unix_convert(fname,conn,0,&bad_path,&sbuf); - if (!check_name(fname,conn) || - (!VALID_STAT(sbuf) && vfs_stat(conn,fname,&sbuf))) { - DEBUG(3,("fileinfo of %s failed (%s)\n",fname,strerror(errno))); - if((errno == ENOENT) && bad_path) { - unix_ERR_class = ERRDOS; - unix_ERR_code = ERRbadpath; - } + if (!check_name(fname,conn)) { + DEBUG(3,("call_trans2qfilepathinfo: fileinfo of %s failed (%s)\n",fname,strerror(errno))); + set_bad_path_error(errno, bad_path); return(UNIXERROR(ERRDOS,ERRbadpath)); } + if (INFO_LEVEL_IS_UNIX(info_level)) { + /* Always do lstat for UNIX calls. */ + if (vfs_lstat(conn,fname,&sbuf)) { + DEBUG(3,("call_trans2qfilepathinfo: vfs_lstat of %s failed (%s)\n",fname,strerror(errno))); + set_bad_path_error(errno, bad_path); + return(UNIXERROR(ERRDOS,ERRbadpath)); + } + } else if (!VALID_STAT(sbuf) && vfs_stat(conn,fname,&sbuf)) { + DEBUG(3,("call_trans2qfilepathinfo: vfs_stat of %s failed (%s)\n",fname,strerror(errno))); + set_bad_path_error(errno, bad_path); + return(UNIXERROR(ERRDOS,ERRbadpath)); + } + delete_pending = fsp->directory_delete_on_close; } else { /* @@ -1503,6 +1597,9 @@ static int call_trans2qfilepathinfo(connection_struct *conn, } } else { /* qpathinfo */ + if (total_params < 6) + return(ERROR_DOS(ERRDOS,ERRinvalidparam)); + info_level = SVAL(params,0); DEBUG(3,("call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = %d\n", info_level)); @@ -1511,18 +1608,29 @@ static int call_trans2qfilepathinfo(connection_struct *conn, RESOLVE_DFSPATH(fname, conn, inbuf, outbuf); - unix_convert(fname,conn,0,&bad_path,&sbuf); - if (!check_name(fname,conn) || - (!VALID_STAT(sbuf) && vfs_stat(conn,fname,&sbuf))) { - DEBUG(3,("fileinfo of %s failed (%s)\n",fname,strerror(errno))); - if((errno == ENOENT) && bad_path) { - unix_ERR_class = ERRDOS; - unix_ERR_code = ERRbadpath; + unix_convert(fname,conn,0,&bad_path,&sbuf); + if (!check_name(fname,conn)) { + DEBUG(3,("call_trans2qfilepathinfo: fileinfo of %s failed (%s)\n",fname,strerror(errno))); + set_bad_path_error(errno, bad_path); + return(UNIXERROR(ERRDOS,ERRbadpath)); + } + + if (INFO_LEVEL_IS_UNIX(info_level)) { + /* Always do lstat for UNIX calls. */ + if (vfs_lstat(conn,fname,&sbuf)) { + DEBUG(3,("call_trans2qfilepathinfo: vfs_lstat of %s failed (%s)\n",fname,strerror(errno))); + set_bad_path_error(errno, bad_path); + return(UNIXERROR(ERRDOS,ERRbadpath)); } + } else if (!VALID_STAT(sbuf) && vfs_stat(conn,fname,&sbuf)) { + DEBUG(3,("call_trans2qfilepathinfo: vfs_stat of %s failed (%s)\n",fname,strerror(errno))); + set_bad_path_error(errno, bad_path); return(UNIXERROR(ERRDOS,ERRbadpath)); } } + if (INFO_LEVEL_IS_UNIX(info_level) && !lp_unix_extensions()) + return ERROR_DOS(ERRDOS,ERRunknownlevel); DEBUG(3,("call_trans2qfilepathinfo %s level=%d call=%d total_data=%d\n", fname,info_level,tran_call,total_data)); @@ -1534,9 +1642,9 @@ static int call_trans2qfilepathinfo(connection_struct *conn, base_name = p+1; mode = dos_mode(conn,fname,&sbuf); + fullpathname = fname; size = sbuf.st_size; allocation_size = SMB_ROUNDUP_ALLOCATION(sbuf.st_size); - if (mode & aDIR) size = 0; @@ -1568,12 +1676,13 @@ static int call_trans2qfilepathinfo(connection_struct *conn, sbuf.st_mtime &= ~1; } - /* NT expects the name to be in an exact form */ - if (strequal(fname,".")) { + /* NT expects the name to be in an exact form of the *full* + filename. See the trans2 torture test */ + if (strequal(base_name,".")) { pstrcpy(dos_fname, "\\"); } else { snprintf(dos_fname, sizeof(dos_fname), "\\%s", fname); - string_replace( dos_fname, '/', '\\'); + string_replace(dos_fname, '/', '\\'); } switch (info_level) { @@ -1636,6 +1745,7 @@ static int call_trans2qfilepathinfo(connection_struct *conn, case SMB_FILE_STANDARD_INFORMATION: case SMB_QUERY_FILE_STANDARD_INFO: + data_size = 24; /* Fake up allocation size. */ SOFF_T(pdata,0,allocation_size); @@ -1658,8 +1768,7 @@ static int call_trans2qfilepathinfo(connection_struct *conn, pstrcpy(short_name,base_name); /* Mangle if not already 8.3 */ if(!mangle_is_8_3(short_name, True)) { - if(!mangle_map(short_name,True,True,SNUM(conn))) - *short_name = '\0'; + mangle_map(short_name,True,True,SNUM(conn)); } len = srvstr_push(outbuf, pdata+4, short_name, -1, STR_TERMINATE|STR_UPPER); data_size = 4 + len; @@ -1676,18 +1785,18 @@ static int call_trans2qfilepathinfo(connection_struct *conn, SIVAL(pdata,0,len); break; - case SMB_FILE_END_OF_FILE_INFORMATION: - case SMB_QUERY_FILE_END_OF_FILEINFO: - data_size = 8; - SOFF_T(pdata,0,size); - break; - case SMB_FILE_ALLOCATION_INFORMATION: case SMB_QUERY_FILE_ALLOCATION_INFO: data_size = 8; SOFF_T(pdata,0,allocation_size); break; + case SMB_FILE_END_OF_FILE_INFORMATION: + case SMB_QUERY_FILE_END_OF_FILEINFO: + data_size = 8; + SOFF_T(pdata,0,size); + break; + case SMB_QUERY_FILE_ALL_INFO: put_long_date(pdata,c_time); put_long_date(pdata+8,sbuf.st_atime); @@ -1793,6 +1902,14 @@ static int call_trans2qfilepathinfo(connection_struct *conn, break; } +#if 0 + /* + * NT4 server just returns "invalid query" to this - if we try to answer + * it then NTws gets a BSOD! (tridge). + * W2K seems to want this. JRA. + */ + case SMB_QUERY_FILE_STREAM_INFO: +#endif case SMB_FILE_STREAM_INFORMATION: if (mode & aDIR) { data_size = 0; @@ -1832,18 +1949,92 @@ static int call_trans2qfilepathinfo(connection_struct *conn, data_size = 8; break; -#if 0 - /* NT4 server just returns "invalid query" to this - if we try to answer - it then NTws gets a BSOD! (tridge) */ - case SMB_QUERY_FILE_STREAM_INFO: - SIVAL(pdata,0,pos); - SIVAL(pdata,4,(uint32)size); - SIVAL(pdata,12,(uint32)allocation_size); - len = srvstr_push(outbuf, pdata+24, fname, -1, STR_TERMINATE); - SIVAL(pdata,20,len); - data_size = 24 + len; + /* + * CIFS UNIX Extensions. + */ + + case SMB_QUERY_FILE_UNIX_BASIC: + + DEBUG(4,("call_trans2qfilepathinfo: st_mode=%o\n",(int)sbuf.st_mode)); + + SOFF_T(pdata,0,sbuf.st_size); /* File size 64 Bit */ + pdata += 8; + +#if defined(HAVE_STAT_ST_BLOCKS) && defined(STAT_ST_BLOCKSIZE) + SOFF_T(pdata,0,sbuf.st_blocks*STAT_ST_BLOCKSIZE); /* Number of bytes used on disk - 64 Bit */ +#else + /* Can't get the value - fake it using size. */ + SOFF_T(pdata,0,sbuf.st_size); /* Number of bytes used on disk - 64 Bit */ +#endif + pdata += 8; + + put_long_date(pdata,sbuf.st_ctime); /* Creation Time 64 Bit */ + put_long_date(pdata+8,sbuf.st_atime); /* Last access time 64 Bit */ + put_long_date(pdata+16,sbuf.st_mtime); /* Last modification time 64 Bit */ + pdata += 24; + + SIVAL(pdata,0,sbuf.st_uid); /* user id for the owner */ + SIVAL(pdata,4,0); + pdata += 8; + + SIVAL(pdata,0,sbuf.st_gid); /* group id of owner */ + SIVAL(pdata,4,0); + pdata += 8; + + SIVAL(pdata,0,unix_filetype(sbuf.st_mode)); + pdata += 4; + + SIVAL(pdata,0,unix_dev_major(sbuf.st_rdev)); /* Major device number if type is device */ + SIVAL(pdata,4,0); + pdata += 8; + + SIVAL(pdata,0,unix_dev_minor(sbuf.st_rdev)); /* Minor device number if type is device */ + SIVAL(pdata,4,0); + pdata += 8; + + SINO_T(pdata,0,(SMB_INO_T)sbuf.st_ino); /* inode number */ + pdata += 8; + + SIVAL(pdata,0, unix_perms_to_wire(sbuf.st_mode)); /* Standard UNIX file permissions */ + SIVAL(pdata,4,0); + pdata += 8; + + SIVAL(pdata,0,sbuf.st_nlink); /* number of hard links */ + SIVAL(pdata,4,0); + pdata += 8+1; + data_size = PTR_DIFF(pdata,(*ppdata)); + + { + int i; + DEBUG(4,("call_trans2qfilepathinfo: SMB_QUERY_FILE_UNIX_BASIC")); + + for (i=0; i<100; i++) + DEBUG(4,("%d=%x, ",i, (*ppdata)[i])); + DEBUG(4,("\n")); + } + break; + + case SMB_QUERY_FILE_UNIX_LINK: + { + pstring buffer; + +#ifdef S_ISLNK + if(!S_ISLNK(sbuf.st_mode)) + return(UNIXERROR(ERRSRV,ERRbadlink)); +#else + return(UNIXERROR(ERRDOS,ERRbadlink)); #endif + len = conn->vfs_ops.readlink(conn,fullpathname, buffer, sizeof(pstring)-1); /* read link */ + if (len == -1) + return(UNIXERROR(ERRDOS,ERRnoaccess)); + buffer[len] = 0; + len = srvstr_push(outbuf, pdata, buffer, -1, STR_TERMINATE); + pdata += len; + data_size = PTR_DIFF(pdata,(*ppdata)); + + break; + } default: return ERROR_DOS(ERRDOS,ERRunknownlevel); @@ -1942,20 +2133,79 @@ NTSTATUS set_delete_on_close_internal(files_struct *fsp, BOOL delete_on_close) return NT_STATUS_OK; } +/**************************************************************************** + Returns true if this pathname is within the share, and thus safe. +****************************************************************************/ + +static int ensure_link_is_safe(connection_struct *conn, const char *link_dest_in, char *link_dest_out) +{ +#ifdef PATH_MAX + char resolved_name[PATH_MAX+1]; +#else + pstring resolved_name; +#endif + fstring last_component; + pstring link_dest; + pstring link_test; + char *p; + BOOL bad_path = False; + SMB_STRUCT_STAT sbuf; + + pstrcpy(link_dest, link_dest_in); + unix_convert(link_dest,conn,0,&bad_path,&sbuf); + + /* Store the UNIX converted path. */ + pstrcpy(link_dest_out, link_dest); + + p = strrchr(link_dest, '/'); + if (p) { + fstrcpy(last_component, p+1); + *p = '\0'; + } else { + fstrcpy(last_component, link_dest); + pstrcpy(link_dest, "./"); + } + + if (conn->vfs_ops.realpath(conn,link_dest,resolved_name) == NULL) + return -1; + + pstrcpy(link_dest, resolved_name); + pstrcat(link_dest, "/"); + pstrcat(link_dest, last_component); + + if (*link_dest != '/') { + /* Relative path. */ + pstrcpy(link_test, conn->connectpath); + pstrcat(link_test, "/"); + pstrcat(link_test, link_dest); + } else { + pstrcpy(link_test, link_dest); + } + + /* + * Check if the link is within the share. + */ + + if (strncmp(conn->connectpath, link_test, strlen(conn->connectpath))) { + errno = EACCES; + return -1; + } + return 0; +} + /**************************************************************************** Reply to a TRANS2_SETFILEINFO (set file info by fileid). ****************************************************************************/ static int call_trans2setfilepathinfo(connection_struct *conn, - char *inbuf, char *outbuf, int length, - int bufsize, char **pparams, - char **ppdata, int total_data) + char *inbuf, char *outbuf, int length, int bufsize, + char **pparams, int total_params, char **ppdata, int total_data) { char *params = *pparams; char *pdata = *ppdata; uint16 tran_call = SVAL(inbuf, smb_setup0); uint16 info_level; - int mode=0; + int dosmode=0; SMB_OFF_T size=0; struct utimbuf tvs; SMB_STRUCT_STAT sbuf; @@ -1963,6 +2213,9 @@ static int call_trans2setfilepathinfo(connection_struct *conn, int fd = -1; BOOL bad_path = False; files_struct *fsp = NULL; + uid_t set_owner = (uid_t)SMB_UID_NO_CHANGE; + gid_t set_grp = (uid_t)SMB_GID_NO_CHANGE; + mode_t unixmode = 0; if (tran_call == TRANSACT2_SETFILEINFO) { fsp = file_fsp(params,0); @@ -1977,11 +2230,8 @@ static int call_trans2setfilepathinfo(connection_struct *conn, pstrcpy(fname, fsp->fsp_name); unix_convert(fname,conn,0,&bad_path,&sbuf); if (!check_name(fname,conn) || (!VALID_STAT(sbuf))) { - DEBUG(3,("fileinfo of %s failed (%s)\n",fname,strerror(errno))); - if((errno == ENOENT) && bad_path) { - unix_ERR_class = ERRDOS; - unix_ERR_code = ERRbadpath; - } + DEBUG(3,("call_trans2setfilepathinfo: fileinfo of %s failed (%s)\n",fname,strerror(errno))); + set_bad_path_error(errno, bad_path); return(UNIXERROR(ERRDOS,ERRbadpath)); } } else if (fsp && fsp->print_file) { @@ -2007,29 +2257,30 @@ static int call_trans2setfilepathinfo(connection_struct *conn, fd = fsp->fd; if (vfs_fstat(fsp,fd,&sbuf) != 0) { - DEBUG(3,("fstat of fnum %d failed (%s)\n",fsp->fnum, strerror(errno))); + DEBUG(3,("call_trans2setfilepathinfo: fstat of fnum %d failed (%s)\n",fsp->fnum, strerror(errno))); return(UNIXERROR(ERRDOS,ERRbadfid)); } } } else { /* set path info */ + if (total_params < 6) + return(ERROR_DOS(ERRDOS,ERRinvalidparam)); + info_level = SVAL(params,0); srvstr_pull(inbuf, fname, ¶ms[6], sizeof(fname), -1, STR_TERMINATE); unix_convert(fname,conn,0,&bad_path,&sbuf); if(!check_name(fname, conn)) { - if((errno == ENOENT) && bad_path) { - unix_ERR_class = ERRDOS; - unix_ERR_code = ERRbadpath; - } + set_bad_path_error(errno, bad_path); return(UNIXERROR(ERRDOS,ERRbadpath)); } - - if(!VALID_STAT(sbuf)) { - DEBUG(3,("stat of %s failed (%s)\n", fname, strerror(errno))); - if((errno == ENOENT) && bad_path) { - unix_ERR_class = ERRDOS; - unix_ERR_code = ERRbadpath; - } + + /* + * For CIFS UNIX extensions the target name may not exist. + */ + + if(!VALID_STAT(sbuf) && !INFO_LEVEL_IS_UNIX(info_level)) { + DEBUG(3,("call_trans2setfilepathinfo: stat of %s failed (%s)\n", fname, strerror(errno))); + set_bad_path_error(errno, bad_path); return(UNIXERROR(ERRDOS,ERRbadpath)); } } @@ -2037,6 +2288,12 @@ static int call_trans2setfilepathinfo(connection_struct *conn, if (!CAN_WRITE(conn)) return ERROR_DOS(ERRSRV,ERRaccess); + if (INFO_LEVEL_IS_UNIX(info_level) && !lp_unix_extensions()) + return ERROR_DOS(ERRDOS,ERRunknownlevel); + + if (VALID_STAT(sbuf)) + unixmode = sbuf.st_mode; + DEBUG(3,("call_trans2setfilepathinfo(%d) %s info_level=%d totdata=%d\n", tran_call,fname,info_level,total_data)); @@ -2048,29 +2305,36 @@ static int call_trans2setfilepathinfo(connection_struct *conn, SSVAL(params,0,0); + if (fsp) { + /* the pending modtime overrides the current modtime */ + sbuf.st_mtime = fsp->pending_modtime; + } + size = sbuf.st_size; tvs.modtime = sbuf.st_mtime; tvs.actime = sbuf.st_atime; - mode = dos_mode(conn,fname,&sbuf); + dosmode = dos_mode(conn,fname,&sbuf); + unixmode = sbuf.st_mode; - if (total_data > 4 && IVAL(pdata,0) == total_data) { - /* uggh, EAs for OS2 */ - DEBUG(4,("Rejecting EA request with total_data=%d\n",total_data)); - return ERROR_DOS(ERRDOS,ERReasnotsupported); - } + set_owner = VALID_STAT(sbuf) ? sbuf.st_uid : (uid_t)SMB_UID_NO_CHANGE; + set_grp = VALID_STAT(sbuf) ? sbuf.st_gid : (gid_t)SMB_GID_NO_CHANGE; switch (info_level) { case SMB_INFO_STANDARD: case SMB_INFO_QUERY_EA_SIZE: { + if (total_data < l1_cbFile+4) + return(ERROR_DOS(ERRDOS,ERRinvalidparam)); + /* access time */ tvs.actime = make_unix_date2(pdata+l1_fdateLastAccess); /* write time */ tvs.modtime = make_unix_date2(pdata+l1_fdateLastWrite); - mode = SVAL(pdata,l1_attrFile); + dosmode = SVAL(pdata,l1_attrFile); size = IVAL(pdata,l1_cbFile); + break; } @@ -2078,18 +2342,24 @@ static int call_trans2setfilepathinfo(connection_struct *conn, it's also not in the cifs6.txt spec. */ case SMB_INFO_QUERY_EAS_FROM_LIST: + if (total_data < 28) + return(ERROR_DOS(ERRDOS,ERRinvalidparam)); + tvs.actime = make_unix_date2(pdata+8); tvs.modtime = make_unix_date2(pdata+12); size = IVAL(pdata,16); - mode = IVAL(pdata,24); + dosmode = IVAL(pdata,24); break; /* XXXX nor this. not in cifs6.txt, either. */ case SMB_INFO_QUERY_ALL_EAS: + if (total_data < 28) + return(ERROR_DOS(ERRDOS,ERRinvalidparam)); + tvs.actime = make_unix_date2(pdata+8); tvs.modtime = make_unix_date2(pdata+12); size = IVAL(pdata,16); - mode = IVAL(pdata,24); + dosmode = IVAL(pdata,24); break; case SMB_SET_FILE_BASIC_INFO: @@ -2099,6 +2369,9 @@ static int call_trans2setfilepathinfo(connection_struct *conn, time_t write_time; time_t changed_time; + if (total_data < 36) + return(ERROR_DOS(ERRDOS,ERRinvalidparam)); + /* Ignore create time at offset pdata. */ /* access time */ @@ -2109,21 +2382,28 @@ static int call_trans2setfilepathinfo(connection_struct *conn, tvs.modtime = MIN(write_time, changed_time); + if (write_time > tvs.modtime && write_time != 0xffffffff) { + tvs.modtime = write_time; + } /* Prefer a defined time to an undefined one. */ if (tvs.modtime == (time_t)0 || tvs.modtime == (time_t)-1) tvs.modtime = (write_time == (time_t)0 || write_time == (time_t)-1 ? changed_time : write_time); /* attributes */ - mode = IVAL(pdata,32); + dosmode = IVAL(pdata,32); break; } - case SMB_FILE_ALLOCATION_INFORMATION: + case SMB_FILE_ALLOCATION_INFORMATION: case SMB_SET_FILE_ALLOCATION_INFO: { int ret = -1; SMB_OFF_T allocation_size = IVAL(pdata,0); + + if (total_data < 8) + return(ERROR_DOS(ERRDOS,ERRinvalidparam)); + #ifdef LARGE_SMB_OFF_T allocation_size |= (((SMB_OFF_T)IVAL(pdata,4)) << 32); #else /* LARGE_SMB_OFF_T */ @@ -2163,14 +2443,16 @@ static int call_trans2setfilepathinfo(connection_struct *conn, return(UNIXERROR(ERRDOS,ERRbadpath)); ret = vfs_allocate_file_space(new_fsp, allocation_size); if (vfs_fstat(new_fsp,new_fsp->fd,&new_sbuf) != 0) { - DEBUG(3,("fstat of fnum %d failed (%s)\n",new_fsp->fnum, strerror(errno))); + DEBUG(3,("call_trans2setfilepathinfo: fstat of fnum %d failed (%s)\n", + new_fsp->fnum, strerror(errno))); ret = -1; } close_file(new_fsp,True); } else { ret = vfs_allocate_file_space(fsp, allocation_size); if (vfs_fstat(fsp,fd,&new_sbuf) != 0) { - DEBUG(3,("fstat of fnum %d failed (%s)\n",fsp->fnum, strerror(errno))); + DEBUG(3,("call_trans2setfilepathinfo: fstat of fnum %d failed (%s)\n", + fsp->fnum, strerror(errno))); ret = -1; } } @@ -2184,9 +2466,12 @@ static int call_trans2setfilepathinfo(connection_struct *conn, break; } - case SMB_FILE_END_OF_FILE_INFORMATION: + case SMB_FILE_END_OF_FILE_INFORMATION: case SMB_SET_FILE_END_OF_FILE_INFO: { + if (total_data < 8) + return(ERROR_DOS(ERRDOS,ERRinvalidparam)); + size = IVAL(pdata,0); #ifdef LARGE_SMB_OFF_T size |= (((SMB_OFF_T)IVAL(pdata,4)) << 32); @@ -2204,6 +2489,9 @@ static int call_trans2setfilepathinfo(connection_struct *conn, BOOL delete_on_close = (CVAL(pdata,0) ? True : False); NTSTATUS status; + if (total_data < 1) + return(ERROR_DOS(ERRDOS,ERRinvalidparam)); + if (tran_call != TRANSACT2_SETFILEINFO) return ERROR_DOS(ERRDOS,ERRunknownlevel); @@ -2218,6 +2506,183 @@ static int call_trans2setfilepathinfo(connection_struct *conn, break; } + /* + * CIFS UNIX extensions. + */ + + case SMB_SET_FILE_UNIX_BASIC: + { + uint32 raw_unixmode; + + if (total_data < 100) + return(ERROR_DOS(ERRDOS,ERRinvalidparam)); + + if(IVAL(pdata, 0) != SMB_SIZE_NO_CHANGE_LO && + IVAL(pdata, 4) != SMB_SIZE_NO_CHANGE_HI) { + size=IVAL(pdata,0); /* first 8 Bytes are size */ +#ifdef LARGE_SMB_OFF_T + size |= (((SMB_OFF_T)IVAL(pdata,4)) << 32); +#else /* LARGE_SMB_OFF_T */ + if (IVAL(pdata,4) != 0) /* more than 32 bits? */ + return ERROR_DOS(ERRDOS,ERRunknownlevel); +#endif /* LARGE_SMB_OFF_T */ + } + pdata+=24; /* ctime & st_blocks are not changed */ + tvs.actime = interpret_long_unix_date(pdata); /* access_time */ + tvs.modtime = interpret_long_unix_date(pdata+8); /* modification_time */ + pdata+=16; + set_owner = (uid_t)IVAL(pdata,0); + pdata += 8; + set_grp = (gid_t)IVAL(pdata,0); + pdata += 8; + raw_unixmode = IVAL(pdata,28); + unixmode = unix_perms_from_wire(conn, &sbuf, raw_unixmode); + dosmode = 0; /* Ensure dos mode change doesn't override this. */ + + DEBUG(10,("call_trans2setfilepathinfo: SMB_SET_FILE_UNIX_BASIC: name = %s \ +size = %.0f, uid = %u, gid = %u, raw perms = 0%o\n", + fname, (double)size, (unsigned int)set_owner, (unsigned int)set_grp, (int)raw_unixmode)); + + if (!VALID_STAT(sbuf)) { + + /* + * The only valid use of this is to create character and block + * devices, and named pipes. This is deprecated (IMHO) and + * a new info level should be used for mknod. JRA. + */ + +#if !defined(HAVE_MAKEDEV_FN) + return(ERROR_DOS(ERRDOS,ERRnoaccess)); +#else /* HAVE_MAKEDEV_FN */ + uint32 file_type = IVAL(pdata,0); + uint32 dev_major = IVAL(pdata,4); + uint32 dev_minor = IVAL(pdata,12); + + uid_t myuid = geteuid(); + gid_t mygid = getegid(); + SMB_DEV_T dev; + + if (tran_call == TRANSACT2_SETFILEINFO) + return(ERROR_DOS(ERRDOS,ERRnoaccess)); + + if (raw_unixmode == SMB_MODE_NO_CHANGE) + return(ERROR_DOS(ERRDOS,ERRinvalidparam)); + + dev = makedev(dev_major, dev_minor); + + /* We can only create as the owner/group we are. */ + + if ((set_owner != myuid) && (set_owner != (uid_t)SMB_UID_NO_CHANGE)) + return(ERROR_DOS(ERRDOS,ERRnoaccess)); + if ((set_grp != mygid) && (set_grp != (gid_t)SMB_GID_NO_CHANGE)) + return(ERROR_DOS(ERRDOS,ERRnoaccess)); + + if (file_type != UNIX_TYPE_CHARDEV && file_type != UNIX_TYPE_BLKDEV && + file_type != UNIX_TYPE_FIFO) + return(ERROR_DOS(ERRDOS,ERRnoaccess)); + + DEBUG(10,("call_trans2setfilepathinfo: SMB_SET_FILE_UNIX_BASIC doing mknod dev %.0f mode \ +0%o for file %s\n", (double)dev, unixmode, fname )); + + /* Ok - do the mknod. */ + if (conn->vfs_ops.mknod(conn,dos_to_unix_static(fname), unixmode, dev) != 0) + return(UNIXERROR(ERRDOS,ERRnoaccess)); + + SSVAL(params,0,0); + send_trans2_replies(outbuf, bufsize, params, 2, *ppdata, 0); + return(-1); +#endif /* HAVE_MAKEDEV_FN */ + + } + + /* + * Deal with the UNIX specific mode set. + */ + + if (raw_unixmode != SMB_MODE_NO_CHANGE) { + DEBUG(10,("call_trans2setfilepathinfo: SMB_SET_FILE_UNIX_BASIC setting mode 0%o for file %s\n", + (unsigned int)unixmode, fname )); + if (vfs_chmod(conn,fname,unixmode) != 0) + return(UNIXERROR(ERRDOS,ERRnoaccess)); + } + + /* + * Deal with the UNIX specific uid set. + */ + + if ((set_owner != (uid_t)SMB_UID_NO_CHANGE) && (sbuf.st_uid != set_owner)) { + DEBUG(10,("call_trans2setfilepathinfo: SMB_SET_FILE_UNIX_BASIC changing owner %u for file %s\n", + (unsigned int)set_owner, fname )); + if (vfs_chown(conn,fname,set_owner, (gid_t)-1) != 0) + return(UNIXERROR(ERRDOS,ERRnoaccess)); + } + + /* + * Deal with the UNIX specific gid set. + */ + + if ((set_grp != (uid_t)SMB_GID_NO_CHANGE) && (sbuf.st_gid != set_grp)) { + DEBUG(10,("call_trans2setfilepathinfo: SMB_SET_FILE_UNIX_BASIC changing group %u for file %s\n", + (unsigned int)set_owner, fname )); + if (vfs_chown(conn,fname,(uid_t)-1, set_grp) != 0) + return(UNIXERROR(ERRDOS,ERRnoaccess)); + } + break; + } + + case SMB_SET_FILE_UNIX_LINK: + { + pstring link_dest; + /* Set a symbolic link. */ + /* Don't allow this if follow links is false. */ + + if (!lp_symlinks(SNUM(conn))) + return(ERROR_DOS(ERRDOS,ERRnoaccess)); + + /* Disallow if already exists. */ + if (VALID_STAT(sbuf)) + return(ERROR_DOS(ERRDOS,ERRbadpath)); + + srvstr_pull(inbuf, link_dest, pdata, sizeof(link_dest), -1, STR_TERMINATE); + + if (ensure_link_is_safe(conn, link_dest, link_dest) != 0) + return(UNIXERROR(ERRDOS,ERRnoaccess)); + + DEBUG(10,("call_trans2setfilepathinfo: SMB_SET_FILE_UNIX_LINK doing symlink %s -> %s\n", + fname, link_dest )); + + if (conn->vfs_ops.symlink(conn,link_dest,fname) != 0) + return(UNIXERROR(ERRDOS,ERRnoaccess)); + SSVAL(params,0,0); + send_trans2_replies(outbuf, bufsize, params, 2, *ppdata, 0); + return(-1); + } + + case SMB_SET_FILE_UNIX_HLINK: + { + pstring link_dest; + + /* Set a hard link. */ + + /* Disallow if already exists. */ + if (VALID_STAT(sbuf)) + return(ERROR_DOS(ERRDOS,ERRbadpath)); + + srvstr_pull(inbuf, link_dest, pdata, sizeof(link_dest), -1, STR_TERMINATE); + + if (ensure_link_is_safe(conn, link_dest, link_dest) != 0) + return(UNIXERROR(ERRDOS,ERRnoaccess)); + + DEBUG(10,("call_trans2setfilepathinfo: SMB_SET_FILE_UNIX_LINK doing hard link %s -> %s\n", + fname, link_dest )); + + if (conn->vfs_ops.link(conn,link_dest,fname) != 0) + return(UNIXERROR(ERRDOS,ERRnoaccess)); + SSVAL(params,0,0); + send_trans2_replies(outbuf, bufsize, params, 2, *ppdata, 0); + return(-1); + } + default: return ERROR_DOS(ERRDOS,ERRunknownlevel); } @@ -2232,17 +2697,18 @@ static int call_trans2setfilepathinfo(connection_struct *conn, DEBUG(6,("actime: %s " , ctime(&tvs.actime))); DEBUG(6,("modtime: %s ", ctime(&tvs.modtime))); DEBUG(6,("size: %.0f ", (double)size)); - DEBUG(6,("mode: %x\n" , mode)); if (S_ISDIR(sbuf.st_mode)) - mode |= aDIR; + dosmode |= aDIR; else - mode &= ~aDIR; + dosmode &= ~aDIR; + + DEBUG(6,("dosmode: %x\n" , dosmode)); if(!((info_level == SMB_SET_FILE_END_OF_FILE_INFO) || (info_level == SMB_SET_FILE_ALLOCATION_INFO) || (info_level == SMB_FILE_ALLOCATION_INFORMATION) || - (info_level == SMB_FILE_END_OF_FILE_INFORMATION))) { + (info_level == SMB_FILE_END_OF_FILE_INFORMATION))) { /* * Only do this test if we are not explicitly @@ -2263,7 +2729,7 @@ static int call_trans2setfilepathinfo(connection_struct *conn, * NT does this a lot. It's actually pointless * setting the time here, as it will be overwritten * on the next write, so we save the request - * away and will set it on file code. JRA. + * away and will set it on file close. JRA. */ if (tvs.modtime != (time_t)0 && tvs.modtime != (time_t)-1) { @@ -2281,11 +2747,11 @@ static int call_trans2setfilepathinfo(connection_struct *conn, } /* check the mode isn't different, before changing it */ - if ((mode != 0) && (mode != dos_mode(conn, fname, &sbuf))) { + if ((dosmode != 0) && (dosmode != dos_mode(conn, fname, &sbuf))) { - DEBUG(10,("call_trans2setfilepathinfo: file %s : setting dos mode %x\n", fname, mode )); + DEBUG(10,("call_trans2setfilepathinfo: file %s : setting dos mode %x\n", fname, dosmode )); - if(file_chmod(conn, fname, mode, NULL)) { + if(file_chmod(conn, fname, dosmode, NULL)) { DEBUG(2,("chmod of %s failed (%s)\n", fname, strerror(errno))); return(UNIXERROR(ERRDOS,ERRnoaccess)); } @@ -2331,7 +2797,6 @@ static int call_trans2setfilepathinfo(connection_struct *conn, } SSVAL(params,0,0); - send_trans2_replies(outbuf, bufsize, params, 2, *ppdata, 0); return(-1); @@ -2343,48 +2808,45 @@ static int call_trans2setfilepathinfo(connection_struct *conn, static int call_trans2mkdir(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, - char **pparams, char **ppdata) + char **pparams, int total_params, char **ppdata, int total_data) { - char *params = *pparams; - pstring directory; - int ret = -1; - SMB_STRUCT_STAT sbuf; - BOOL bad_path = False; + char *params = *pparams; + pstring directory; + int ret = -1; + SMB_STRUCT_STAT sbuf; + BOOL bad_path = False; + + if (!CAN_WRITE(conn)) + return ERROR_DOS(ERRSRV,ERRaccess); - if (!CAN_WRITE(conn)) - return ERROR_DOS(ERRSRV,ERRaccess); + if (total_params < 4) + return(ERROR_DOS(ERRDOS,ERRinvalidparam)); - srvstr_pull(inbuf, directory, ¶ms[4], sizeof(directory), -1, STR_TERMINATE); + srvstr_pull(inbuf, directory, ¶ms[4], sizeof(directory), -1, STR_TERMINATE); - DEBUG(3,("call_trans2mkdir : name = %s\n", directory)); + DEBUG(3,("call_trans2mkdir : name = %s\n", directory)); - unix_convert(directory,conn,0,&bad_path,&sbuf); - if (check_name(directory,conn)) - ret = vfs_mkdir(conn,directory,unix_mode(conn,aDIR,directory)); + unix_convert(directory,conn,0,&bad_path,&sbuf); + if (check_name(directory,conn)) + ret = vfs_mkdir(conn,directory,unix_mode(conn,aDIR,directory)); - if(ret < 0) - { - DEBUG(5,("call_trans2mkdir error (%s)\n", strerror(errno))); - if((errno == ENOENT) && bad_path) - { - unix_ERR_class = ERRDOS; - unix_ERR_code = ERRbadpath; - } - return(UNIXERROR(ERRDOS,ERRnoaccess)); - } - - /* Realloc the parameter and data sizes */ - params = Realloc(*pparams,2); - if(params == NULL) { - return ERROR_DOS(ERRDOS,ERRnomem); - } - *pparams = params; - - SSVAL(params,0,0); - - send_trans2_replies(outbuf, bufsize, params, 2, *ppdata, 0); + if(ret < 0) { + DEBUG(5,("call_trans2mkdir error (%s)\n", strerror(errno))); + set_bad_path_error(errno, bad_path); + return(UNIXERROR(ERRDOS,ERRnoaccess)); + } + + /* Realloc the parameter and data sizes */ + params = Realloc(*pparams,2); + if(params == NULL) + return ERROR_DOS(ERRDOS,ERRnomem); + *pparams = params; + + SSVAL(params,0,0); + + send_trans2_replies(outbuf, bufsize, params, 2, *ppdata, 0); - return(-1); + return(-1); } /**************************************************************************** @@ -2393,44 +2855,45 @@ static int call_trans2mkdir(connection_struct *conn, ****************************************************************************/ static int call_trans2findnotifyfirst(connection_struct *conn, - char *inbuf, char *outbuf, - int length, int bufsize, - char **pparams, char **ppdata) + char *inbuf, char *outbuf, int length, int bufsize, + char **pparams, int total_params, char **ppdata, int total_data) { - static uint16 fnf_handle = 257; - char *params = *pparams; - uint16 info_level = SVAL(params,4); - - DEBUG(3,("call_trans2findnotifyfirst - info_level %d\n", info_level)); - - switch (info_level) - { - case 1: - case 2: - break; - default: - return ERROR_DOS(ERRDOS,ERRunknownlevel); - } - - /* Realloc the parameter and data sizes */ - params = Realloc(*pparams,6); - if(params == NULL) { - return ERROR_DOS(ERRDOS,ERRnomem); - } - *pparams = params; - - SSVAL(params,0,fnf_handle); - SSVAL(params,2,0); /* No changes */ - SSVAL(params,4,0); /* No EA errors */ - - fnf_handle++; - - if(fnf_handle == 0) - fnf_handle = 257; - - send_trans2_replies(outbuf, bufsize, params, 6, *ppdata, 0); + static uint16 fnf_handle = 257; + char *params = *pparams; + uint16 info_level; + + if (total_params < 6) + return(ERROR_DOS(ERRDOS,ERRinvalidparam)); + + info_level = SVAL(params,4); + DEBUG(3,("call_trans2findnotifyfirst - info_level %d\n", info_level)); + + switch (info_level) { + case 1: + case 2: + break; + default: + return ERROR_DOS(ERRDOS,ERRunknownlevel); + } + + /* Realloc the parameter and data sizes */ + params = Realloc(*pparams,6); + if(params == NULL) + return ERROR_DOS(ERRDOS,ERRnomem); + *pparams = params; + + SSVAL(params,0,fnf_handle); + SSVAL(params,2,0); /* No changes */ + SSVAL(params,4,0); /* No EA errors */ + + fnf_handle++; + + if(fnf_handle == 0) + fnf_handle = 257; + + send_trans2_replies(outbuf, bufsize, params, 6, *ppdata, 0); - return(-1); + return(-1); } /**************************************************************************** @@ -2439,27 +2902,25 @@ static int call_trans2findnotifyfirst(connection_struct *conn, ****************************************************************************/ static int call_trans2findnotifynext(connection_struct *conn, - char *inbuf, char *outbuf, - int length, int bufsize, - char **pparams, char **ppdata) + char *inbuf, char *outbuf, int length, int bufsize, + char **pparams, int total_params, char **ppdata, int total_data) { - char *params = *pparams; + char *params = *pparams; - DEBUG(3,("call_trans2findnotifynext\n")); + DEBUG(3,("call_trans2findnotifynext\n")); - /* Realloc the parameter and data sizes */ - params = Realloc(*pparams,4); - if(params == NULL) { - return ERROR_DOS(ERRDOS,ERRnomem); - } - *pparams = params; + /* Realloc the parameter and data sizes */ + params = Realloc(*pparams,4); + if(params == NULL) + return ERROR_DOS(ERRDOS,ERRnomem); + *pparams = params; - SSVAL(params,0,0); /* No changes */ - SSVAL(params,2,0); /* No EA errors */ + SSVAL(params,0,0); /* No changes */ + SSVAL(params,2,0); /* No EA errors */ - send_trans2_replies(outbuf, bufsize, params, 4, *ppdata, 0); + send_trans2_replies(outbuf, bufsize, params, 4, *ppdata, 0); - return(-1); + return(-1); } /**************************************************************************** @@ -2467,29 +2928,33 @@ static int call_trans2findnotifynext(connection_struct *conn, ****************************************************************************/ static int call_trans2getdfsreferral(connection_struct *conn, char* inbuf, - char* outbuf, int length, int bufsize, - char** pparams, char** ppdata) + char* outbuf, int length, int bufsize, + char **pparams, int total_params, char **ppdata, int total_data) { - char *params = *pparams; - pstring pathname; - int reply_size = 0; - int max_referral_level = SVAL(params,0); + char *params = *pparams; + pstring pathname; + int reply_size = 0; + int max_referral_level; + DEBUG(10,("call_trans2getdfsreferral\n")); - DEBUG(10,("call_trans2getdfsreferral\n")); + if (total_params < 2) + return(ERROR_DOS(ERRDOS,ERRinvalidparam)); - if(!lp_host_msdfs()) - return ERROR_DOS(ERRDOS,ERRbadfunc); + max_referral_level = SVAL(params,0); - srvstr_pull(inbuf, pathname, ¶ms[2], sizeof(pathname), -1, STR_TERMINATE); + if(!lp_host_msdfs()) + return ERROR_DOS(ERRDOS,ERRbadfunc); - if((reply_size = setup_dfs_referral(pathname,max_referral_level,ppdata)) < 0) - return ERROR_DOS(ERRDOS,ERRbadfile); + srvstr_pull(inbuf, pathname, ¶ms[2], sizeof(pathname), -1, STR_TERMINATE); + + if((reply_size = setup_dfs_referral(pathname,max_referral_level,ppdata)) < 0) + return ERROR_DOS(ERRDOS,ERRbadfile); - SSVAL(outbuf,smb_flg2,SVAL(outbuf,smb_flg2) | FLAGS2_DFS_PATHNAMES); - send_trans2_replies(outbuf,bufsize,0,0,*ppdata,reply_size); + SSVAL(outbuf,smb_flg2,SVAL(outbuf,smb_flg2) | FLAGS2_DFS_PATHNAMES); + send_trans2_replies(outbuf,bufsize,0,0,*ppdata,reply_size); - return(-1); + return(-1); } #define LMCAT_SPL 0x53 @@ -2500,32 +2965,31 @@ static int call_trans2getdfsreferral(connection_struct *conn, char* inbuf, ****************************************************************************/ static int call_trans2ioctl(connection_struct *conn, char* inbuf, - char* outbuf, int length, int bufsize, - char** pparams, char** ppdata) + char* outbuf, int length, int bufsize, + char **pparams, int total_params, char **ppdata, int total_data) { - char *pdata = *ppdata; - files_struct *fsp = file_fsp(inbuf,smb_vwv15); - - if ((SVAL(inbuf,(smb_setup+4)) == LMCAT_SPL) && - (SVAL(inbuf,(smb_setup+6)) == LMFUNC_GETJOBID)) { - pdata = Realloc(*ppdata, 32); - if(pdata == NULL) { - return ERROR_DOS(ERRDOS,ERRnomem); - } - *ppdata = pdata; - - /* NOTE - THIS IS ASCII ONLY AT THE MOMENT - NOT SURE IF OS/2 - CAN ACCEPT THIS IN UNICODE. JRA. */ - - SSVAL(pdata,0,fsp->print_jobid); /* Job number */ - srvstr_push( outbuf, pdata + 2, global_myname, 15, STR_ASCII|STR_TERMINATE); /* Our NetBIOS name */ - srvstr_push( outbuf, pdata+18, lp_servicename(SNUM(conn)), 13, STR_ASCII|STR_TERMINATE); /* Service name */ - send_trans2_replies(outbuf,bufsize,*pparams,0,*ppdata,32); - return(-1); - } else { - DEBUG(2,("Unknown TRANS2_IOCTL\n")); - return ERROR_DOS(ERRSRV,ERRerror); - } + char *pdata = *ppdata; + files_struct *fsp = file_fsp(inbuf,smb_vwv15); + + if ((SVAL(inbuf,(smb_setup+4)) == LMCAT_SPL) && + (SVAL(inbuf,(smb_setup+6)) == LMFUNC_GETJOBID)) { + pdata = Realloc(*ppdata, 32); + if(pdata == NULL) + return ERROR_DOS(ERRDOS,ERRnomem); + *ppdata = pdata; + + /* NOTE - THIS IS ASCII ONLY AT THE MOMENT - NOT SURE IF OS/2 + CAN ACCEPT THIS IN UNICODE. JRA. */ + + SSVAL(pdata,0,fsp->print_jobid); /* Job number */ + srvstr_push( outbuf, pdata + 2, global_myname, 15, STR_ASCII|STR_TERMINATE); /* Our NetBIOS name */ + srvstr_push( outbuf, pdata+18, lp_servicename(SNUM(conn)), 13, STR_ASCII|STR_TERMINATE); /* Service name */ + send_trans2_replies(outbuf,bufsize,*pparams,0,*ppdata,32); + return(-1); + } else { + DEBUG(2,("Unknown TRANS2_IOCTL\n")); + return ERROR_DOS(ERRSRV,ERRerror); + } } /**************************************************************************** @@ -2736,93 +3200,84 @@ int reply_trans2(connection_struct *conn, switch(tran_call) { case TRANSACT2_OPEN: START_PROFILE_NESTED(Trans2_open); - outsize = call_trans2open(conn, - inbuf, outbuf, bufsize, - ¶ms, &data); + outsize = call_trans2open(conn, inbuf, outbuf, bufsize, + ¶ms, total_params, &data, total_data); END_PROFILE_NESTED(Trans2_open); break; case TRANSACT2_FINDFIRST: START_PROFILE_NESTED(Trans2_findfirst); - outsize = call_trans2findfirst(conn, inbuf, outbuf, - bufsize, ¶ms, &data); + outsize = call_trans2findfirst(conn, inbuf, outbuf, bufsize, + ¶ms, total_params, &data, total_data); END_PROFILE_NESTED(Trans2_findfirst); break; case TRANSACT2_FINDNEXT: START_PROFILE_NESTED(Trans2_findnext); - outsize = call_trans2findnext(conn, inbuf, outbuf, - length, bufsize, - ¶ms, &data); + outsize = call_trans2findnext(conn, inbuf, outbuf, length, bufsize, + ¶ms, total_params, &data, total_data); END_PROFILE_NESTED(Trans2_findnext); break; case TRANSACT2_QFSINFO: START_PROFILE_NESTED(Trans2_qfsinfo); - outsize = call_trans2qfsinfo(conn, inbuf, outbuf, - length, bufsize, ¶ms, - &data); + outsize = call_trans2qfsinfo(conn, inbuf, outbuf, length, bufsize, + ¶ms, total_params, &data, total_data); END_PROFILE_NESTED(Trans2_qfsinfo); break; case TRANSACT2_SETFSINFO: START_PROFILE_NESTED(Trans2_setfsinfo); - outsize = call_trans2setfsinfo(conn, inbuf, outbuf, - length, bufsize, - ¶ms, &data); + outsize = call_trans2setfsinfo(conn, inbuf, outbuf, length, bufsize, + ¶ms, total_params, &data, total_data); END_PROFILE_NESTED(Trans2_setfsinfo); break; case TRANSACT2_QPATHINFO: case TRANSACT2_QFILEINFO: START_PROFILE_NESTED(Trans2_qpathinfo); - outsize = call_trans2qfilepathinfo(conn, inbuf, outbuf, - length, bufsize, - ¶ms, &data, total_data); + outsize = call_trans2qfilepathinfo(conn, inbuf, outbuf, length, bufsize, + ¶ms, total_params, &data, total_data); END_PROFILE_NESTED(Trans2_qpathinfo); break; case TRANSACT2_SETPATHINFO: case TRANSACT2_SETFILEINFO: START_PROFILE_NESTED(Trans2_setpathinfo); - outsize = call_trans2setfilepathinfo(conn, inbuf, outbuf, - length, bufsize, - ¶ms, &data, - total_data); + outsize = call_trans2setfilepathinfo(conn, inbuf, outbuf, length, bufsize, + ¶ms, total_params, &data, total_data); END_PROFILE_NESTED(Trans2_setpathinfo); break; case TRANSACT2_FINDNOTIFYFIRST: START_PROFILE_NESTED(Trans2_findnotifyfirst); - outsize = call_trans2findnotifyfirst(conn, inbuf, outbuf, - length, bufsize, - ¶ms, &data); + outsize = call_trans2findnotifyfirst(conn, inbuf, outbuf, length, bufsize, + ¶ms, total_params, &data, total_data); END_PROFILE_NESTED(Trans2_findnotifyfirst); break; case TRANSACT2_FINDNOTIFYNEXT: START_PROFILE_NESTED(Trans2_findnotifynext); - outsize = call_trans2findnotifynext(conn, inbuf, outbuf, - length, bufsize, - ¶ms, &data); + outsize = call_trans2findnotifynext(conn, inbuf, outbuf, length, bufsize, + ¶ms, total_params, &data, total_data); END_PROFILE_NESTED(Trans2_findnotifynext); break; case TRANSACT2_MKDIR: START_PROFILE_NESTED(Trans2_mkdir); - outsize = call_trans2mkdir(conn, inbuf, outbuf, length, - bufsize, ¶ms, &data); + outsize = call_trans2mkdir(conn, inbuf, outbuf, length, bufsize, + ¶ms, total_params, &data, total_data); END_PROFILE_NESTED(Trans2_mkdir); break; case TRANSACT2_GET_DFS_REFERRAL: START_PROFILE_NESTED(Trans2_get_dfs_referral); - outsize = call_trans2getdfsreferral(conn,inbuf,outbuf,length, - bufsize, ¶ms, &data); + outsize = call_trans2getdfsreferral(conn,inbuf,outbuf,length, bufsize, + ¶ms, total_params, &data, total_data); END_PROFILE_NESTED(Trans2_get_dfs_referral); break; case TRANSACT2_IOCTL: START_PROFILE_NESTED(Trans2_ioctl); - outsize = call_trans2ioctl(conn,inbuf,outbuf,length, - bufsize,¶ms,&data); + outsize = call_trans2ioctl(conn,inbuf,outbuf,length, bufsize, + ¶ms, total_params, &data, total_data); END_PROFILE_NESTED(Trans2_ioctl); break; default: diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index ac0b535c13d..a18f62c9cc8 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -465,11 +465,11 @@ BOOL lookup_name(const char *domain, const char *name, DOM_SID *psid, enum SID_N if (ret) { DEBUG(10, - ("lookup_name: (local) [%s]\\[%s] -> SID %s (type %u)\n", + ("lookup_name: (local) [%s]\\[%s] -> SID %s (type %s: %u)\n", domain, name, sid_to_string(sid,psid), - (unsigned int)*name_type )); + sid_type_lookup(*name_type), (unsigned int)*name_type)); return True; - } else if (winbind_lookup_name(domain, name, psid, name_type) || (*name_type != SID_NAME_USER) ) { + } else if (winbind_lookup_name(domain, name, psid, name_type)) { DEBUG(10,("lookup_name (winbindd): [%s]\\[%s] -> SID %s (type %u)\n", domain, name, sid_to_string(sid, psid), @@ -504,7 +504,7 @@ BOOL lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE sid_copy(&tmp_sid, sid); sid_split_rid(&tmp_sid, &rid); - if (sid_equal(&global_sam_sid, &tmp_sid)) { + if (sid_equal(get_global_sam_sid(), &tmp_sid)) { return map_domain_sid_to_name(&tmp_sid, dom_name) && local_lookup_sid(sid, name, name_type); @@ -521,7 +521,7 @@ BOOL lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE sid_copy(&tmp_sid, sid); sid_split_rid(&tmp_sid, &rid); return map_domain_sid_to_name(&tmp_sid, dom_name) && - lookup_known_rid(&tmp_sid, rid, name, name_type); + lookup_known_rid(&tmp_sid, rid, name, name_type); } return True; } @@ -578,7 +578,8 @@ DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid) } } - local_gid_to_sid(psid, gid); + /* Make sure we report failure, (when psid == NULL) */ + psid = local_gid_to_sid(psid, gid); DEBUG(10,("gid_to_sid: local %u -> %s\n", (unsigned int)gid, sid_to_string(sid, psid))); @@ -597,7 +598,7 @@ BOOL sid_to_uid(DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype) fstring sid_str; /* if we know its local then don't try winbindd */ - if (sid_compare_domain(&global_sam_sid, psid) == 0) { + if (sid_compare_domain(get_global_sam_sid(), psid) == 0) { return local_sid_to_uid(puid, psid, sidtype); } diff --git a/source3/smbd/vfs-wrap.c b/source3/smbd/vfs-wrap.c index fadc435a2fa..394086dc075 100644 --- a/source3/smbd/vfs-wrap.c +++ b/source3/smbd/vfs-wrap.c @@ -147,7 +147,7 @@ ssize_t vfswrap_read(files_struct *fsp, int fd, void *data, size_t n) ssize_t result; START_PROFILE_BYTES(syscall_read, n); - result = read(fd, data, n); + result = sys_read(fd, data, n); END_PROFILE(syscall_read); return result; } @@ -157,7 +157,7 @@ ssize_t vfswrap_write(files_struct *fsp, int fd, const void *data, size_t n) ssize_t result; START_PROFILE_BYTES(syscall_write, n); - result = write(fd, data, n); + result = sys_write(fd, data, n); END_PROFILE(syscall_write); return result; } diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c index 4e2e353ed8a..5e1dc68bdb4 100644 --- a/source3/smbd/vfs.c +++ b/source3/smbd/vfs.c @@ -32,7 +32,7 @@ struct vfs_syminfo { very important. They must be in the same order as defined in vfs.h. Change at your own peril. */ -struct vfs_ops default_vfs_ops = { +static struct vfs_ops default_vfs_ops = { /* Disk operations */ @@ -139,7 +139,7 @@ static BOOL vfs_init_custom(connection_struct *conn) /* Open object file */ if ((conn->dl_handle = sys_dlopen(lp_vfsobj(SNUM(conn)), RTLD_NOW | RTLD_GLOBAL)) == NULL) { - DEBUG(0, ("Error opening %s: %s\n", lp_vfsobj(SNUM(conn)), dlerror())); + DEBUG(0, ("Error opening %s: %s\n", lp_vfsobj(SNUM(conn)), sys_dlerror())); return False; } @@ -222,7 +222,7 @@ BOOL vfs_directory_exist(connection_struct *conn, const char *dname, SMB_STRUCT_ /******************************************************************* vfs getwd wrapper ********************************************************************/ -char *vfs_getwd(connection_struct *conn, char *path) +static char *vfs_getwd(connection_struct *conn, char *path) { return conn->vfs_ops.getwd(conn,path); } @@ -562,7 +562,7 @@ int vfs_ChDir(connection_struct *conn, char *path) /* number of list structures for a caching GetWd function. */ #define MAX_GETWDCACHE (50) -struct { +static struct { SMB_DEV_T dev; /* These *must* be compatible with the types returned in a stat() call. */ SMB_INO_T inode; /* These *must* be compatible with the types returned in a stat() call. */ char *dos_path; /* The pathname in DOS format. */ diff --git a/source3/tdb/.cvsignore b/source3/tdb/.cvsignore index 15ff2846c7a..66445fe2690 100644 --- a/source3/tdb/.cvsignore +++ b/source3/tdb/.cvsignore @@ -1,5 +1,6 @@ *.po *.po32 +tdbbackup tdbdump tdbtest tdbtool diff --git a/source3/tdb/tdb.c b/source3/tdb/tdb.c index 98caca82a10..ed75a55e3e9 100644 --- a/source3/tdb/tdb.c +++ b/source3/tdb/tdb.c @@ -169,6 +169,7 @@ static int tdb_brlock(TDB_CONTEXT *tdb, tdb_off offset, int rw_type, int lck_type, int probe) { struct flock fl; + int ret; if (tdb->flags & TDB_NOLOCK) return 0; @@ -183,8 +184,12 @@ static int tdb_brlock(TDB_CONTEXT *tdb, tdb_off offset, fl.l_len = 1; fl.l_pid = 0; - if (fcntl(tdb->fd,lck_type,&fl) == -1) { - if (!probe) { + do { + ret = fcntl(tdb->fd,lck_type,&fl); + } while (ret == -1 && errno == EINTR); + + if (ret == -1) { + if (!probe && lck_type != F_SETLK) { TDB_LOG((tdb, 5,"tdb_brlock failed (fd=%d) at offset %d rw_type=%d lck_type=%d\n", tdb->fd, offset, rw_type, lck_type)); } @@ -407,6 +412,17 @@ static int rec_free_read(TDB_CONTEXT *tdb, tdb_off off, struct list_struct *rec) { if (tdb_read(tdb, off, rec, sizeof(*rec),DOCONV()) == -1) return -1; + + if (rec->magic == TDB_MAGIC) { + /* this happens when a app is showdown while deleting a record - we should + not completely fail when this happens */ + TDB_LOG((tdb, 0,"rec_free_read non-free magic at offset=%d - fixing\n", + rec->magic, off)); + rec->magic = TDB_FREE_MAGIC; + if (tdb_write(tdb, off, rec, sizeof(*rec)) == -1) + return -1; + } + if (rec->magic != TDB_FREE_MAGIC) { TDB_LOG((tdb, 0,"rec_free_read bad magic 0x%x at offset=%d\n", rec->magic, off)); @@ -1466,6 +1482,8 @@ TDB_CONTEXT *tdb_open_ex(const char *name, int hash_size, int tdb_flags, TDB_CONTEXT *tdb; struct stat st; int rev = 0, locked; + unsigned char *vp; + u32 vertest; if (!(tdb = calloc(1, sizeof *tdb))) { /* Can't log this */ @@ -1543,6 +1561,10 @@ TDB_CONTEXT *tdb_open_ex(const char *name, int hash_size, int tdb_flags, } rev = (tdb->flags & TDB_CONVERT); } + vp = (unsigned char *)&tdb->header.version; + vertest = (((u32)vp[0]) << 24) | (((u32)vp[1]) << 16) | + (((u32)vp[2]) << 8) | (u32)vp[3]; + tdb->flags |= (vertest==TDB_VERSION) ? TDB_BIGENDIAN : 0; if (!rev) tdb->flags &= ~TDB_CONVERT; else { diff --git a/source3/tdb/tdb.h b/source3/tdb/tdb.h index 54cde10d950..8cc908703f8 100644 --- a/source3/tdb/tdb.h +++ b/source3/tdb/tdb.h @@ -38,6 +38,7 @@ extern "C" { #define TDB_NOLOCK 4 /* don't do any locking */ #define TDB_NOMMAP 8 /* don't use mmap */ #define TDB_CONVERT 16 /* convert endian (internal use) */ +#define TDB_BIGENDIAN 32 /* header is big-endian (internal use) */ #define TDB_ERRCODE(code, ret) ((tdb->ecode = (code)), ret) diff --git a/source3/tdb/tdbbackup.c b/source3/tdb/tdbbackup.c index 48c4272d331..f59f98a90f5 100644 --- a/source3/tdb/tdbbackup.c +++ b/source3/tdb/tdbbackup.c @@ -224,6 +224,21 @@ static int verify_tdb(const char *fname, const char *bak_name) } +/* + see if one file is newer than another +*/ +static int file_newer(const char *fname1, const char *fname2) +{ + struct stat st1, st2; + if (stat(fname1, &st1) != 0) { + return 0; + } + if (stat(fname2, &st2) != 0) { + return 1; + } + return (st1.st_mtime > st2.st_mtime); +} + static void usage(void) { printf("Usage: tdbbackup [options] \n\n"); @@ -276,7 +291,8 @@ static void usage(void) ret = 1; } } else { - if (backup_tdb(fname, bak_name) != 0) { + if (file_newer(fname, bak_name) && + backup_tdb(fname, bak_name) != 0) { ret = 1; } } diff --git a/source3/tdb/tdbtool.c b/source3/tdb/tdbtool.c index caa29401418..ba0fb48957d 100644 --- a/source3/tdb/tdbtool.c +++ b/source3/tdb/tdbtool.c @@ -368,8 +368,10 @@ static void first_record(TDB_CONTEXT *the_tdb, TDB_DATA *pkey) dbuf = tdb_fetch(the_tdb, *pkey); if (!dbuf.dptr) terror("fetch failed"); - /* printf("%s : %*.*s\n", k, (int)dbuf.dsize, (int)dbuf.dsize, dbuf.dptr); */ - print_rec(the_tdb, *pkey, dbuf, NULL); + else { + /* printf("%s : %*.*s\n", k, (int)dbuf.dsize, (int)dbuf.dsize, dbuf.dptr); */ + print_rec(the_tdb, *pkey, dbuf, NULL); + } } static void next_record(TDB_CONTEXT *the_tdb, TDB_DATA *pkey) diff --git a/source3/tdb/tdbutil.c b/source3/tdb/tdbutil.c index 3e16a030474..1a3a8bb9a52 100644 --- a/source3/tdb/tdbutil.c +++ b/source3/tdb/tdbutil.c @@ -19,6 +19,7 @@ */ #include "includes.h" +#include /* these are little tdb utility functions that are meant to make dealing with a tdb database a little less cumbersome in Samba */ @@ -206,6 +207,20 @@ TDB_DATA tdb_fetch_by_string(TDB_CONTEXT *tdb, char *keystr) return tdb_fetch(tdb, key); } +/**************************************************************************** + Delete a buffer using a null terminated string key. +****************************************************************************/ + +int tdb_delete_by_string(TDB_CONTEXT *tdb, char *keystr) +{ + TDB_DATA key; + + key.dptr = keystr; + key.dsize = strlen(keystr) + 1; + + return tdb_delete(tdb, key); +} + /**************************************************************************** Atomic integer change. Returns old value. To create, set initial value in *oldval. ****************************************************************************/ @@ -219,15 +234,22 @@ int32 tdb_change_int32_atomic(TDB_CONTEXT *tdb, char *keystr, int32 *oldval, int return -1; if ((val = tdb_fetch_int32(tdb, keystr)) == -1) { - if (tdb_error(tdb) != TDB_ERR_NOEXIST) + /* The lookup failed */ + if (tdb_error(tdb) != TDB_ERR_NOEXIST) { + /* but not becouse it didn't exist */ goto err_out; - + } + + /* Start with 'old' value */ val = *oldval; } else { + /* It worked, set return value (oldval) to tdb data */ *oldval = val; - val += change_val; } + + /* Increment value for storage and return next time */ + val += change_val; if (tdb_store_int32(tdb, keystr, val) == -1) goto err_out; @@ -253,15 +275,23 @@ BOOL tdb_change_uint32_atomic(TDB_CONTEXT *tdb, char *keystr, uint32 *oldval, ui return False; if (!tdb_fetch_uint32(tdb, keystr, &val)) { - if (tdb_error(tdb) != TDB_ERR_NOEXIST) + /* It failed */ + if (tdb_error(tdb) != TDB_ERR_NOEXIST) { + /* and not becouse it didn't exist */ goto err_out; + } + /* Start with 'old' value */ val = *oldval; } else { + /* it worked, set return value (oldval) to tdb data */ *oldval = val; - val += change_val; + } + + /* get a new value to store */ + val += change_val; if (!tdb_store_uint32(tdb, keystr, val)) goto err_out; @@ -509,3 +539,74 @@ int tdb_traverse_delete_fn(TDB_CONTEXT *the_tdb, TDB_DATA key, TDB_DATA dbuf, { return tdb_delete(the_tdb, key); } + + + +/** + * Search across the whole tdb for keys that match the given pattern + * return the result as a list of keys + * + * @param tdb pointer to opened tdb file context + * @param pattern searching pattern used by fnmatch(3) functions + * + * @return list of keys found by looking up with given pattern + **/ +TDB_LIST_NODE *tdb_search_keys(TDB_CONTEXT *tdb, const char* pattern) +{ + TDB_DATA key, next; + TDB_LIST_NODE *list = NULL; + TDB_LIST_NODE *rec = NULL; + TDB_LIST_NODE *tmp = NULL; + + for (key = tdb_firstkey(tdb); key.dptr; key = next) { + /* duplicate key string to ensure null-termination */ + char *key_str = (char*) strndup(key.dptr, key.dsize); + if (!key_str) { + DEBUG(0, ("tdb_search_keys: strndup() failed!\n")); + smb_panic("strndup failed!\n"); + } + + DEBUG(18, ("checking %s for match to pattern %s\n", key_str, pattern)); + + next = tdb_nextkey(tdb, key); + + /* do the pattern checking */ + if (fnmatch(pattern, key_str, 0) == 0) { + rec = (TDB_LIST_NODE*) malloc(sizeof(*rec)); + ZERO_STRUCTP(rec); + + rec->node_key = key; + + DLIST_ADD_END(list, rec, tmp); + + DEBUG(18, ("checking %s matched pattern %s\n", key_str, pattern)); + } else { + free(key.dptr); + } + + /* free duplicated key string */ + free(key_str); + } + + return list; + +}; + + +/** + * Free the list returned by tdb_search_keys + * + * @param node list of results found by tdb_search_keys + **/ +void tdb_search_list_free(TDB_LIST_NODE* node) +{ + TDB_LIST_NODE *next_node; + + while (node) { + next_node = node->next; + SAFE_FREE(node); + node = next_node; + }; +}; + + diff --git a/source3/torture/mangle_test.c b/source3/torture/mangle_test.c index 2d5b3610d55..ced0185c951 100644 --- a/source3/torture/mangle_test.c +++ b/source3/torture/mangle_test.c @@ -88,8 +88,9 @@ static BOOL test_one(struct cli_state *cli, const char *name) if (strcasecmp(name, data.dptr) != 0) { /* we have a collision */ collisions++; - printf("Collision between %s and %s -> %s\n", - name, data.dptr, shortname); + printf("Collision between %s and %s -> %s " + " (coll/tot: %u/%u)\n", + name, data.dptr, shortname, collisions, total); } free(data.dptr); } else { diff --git a/source3/torture/nbio.c b/source3/torture/nbio.c index 0d6955c879a..2d519b40bac 100644 --- a/source3/torture/nbio.c +++ b/source3/torture/nbio.c @@ -79,6 +79,16 @@ void nbio_shmem(int n) } } +static int ne_find_handle(int handle) +{ + int i; + children[nbio_id].line = line_count; + for (i=0;i -Uadmin_username@realm%%admin_pass"\ -"\n\tchange a user's password using an admin account" -"\n\t(note: use realm in UPPERCASE)\n" -"\nnet ads chostpass" -"\n\tchange the trust account password of this machine in the AD tree\n" -"\nnet ads printer [info | publish | remove] " -"\n\t lookup, add, or remove directory entry for a printer\n" +"\n\tchange a user's password using an admin account"\ +"\n\t(note: use realm in UPPERCASE)\n"\ +"\nnet ads chostpass"\ +"\n\tchange the trust account password of this machine in the AD tree\n"\ +"\nnet ads printer [info | publish | remove] "\ +"\n\t lookup, add, or remove directory entry for a printer\n"\ +"\nnet ads search"\ +"\n\tperform a raw LDAP search and dump the results\n" ); return -1; } @@ -56,7 +58,7 @@ static int net_ads_info(int argc, const char **argv) { ADS_STRUCT *ads; - ads = ads_init(NULL, opt_host, NULL, NULL); + ads = ads_init(NULL, NULL, opt_host, NULL, NULL); ads_connect(ads); if (!ads) { @@ -81,7 +83,7 @@ static ADS_STRUCT *ads_startup(void) BOOL need_password = False; BOOL second_time = False; - ads = ads_init(NULL, opt_host, NULL, NULL); + ads = ads_init(NULL, NULL, opt_host, NULL, NULL); if (!opt_user_name) { opt_user_name = "administrator"; @@ -135,27 +137,30 @@ int net_ads_check(void) } -static void usergrp_display(char *field, void **values, void *data_area) +static BOOL usergrp_display(char *field, void **values, void *data_area) { char **disp_fields = (char **) data_area; if (!field) { /* must be end of record */ if (!strchr_m(disp_fields[0], '$')) { if (disp_fields[1]) - printf("%-21.21s %-50.50s\n", + d_printf("%-21.21s %-50.50s\n", disp_fields[0], disp_fields[1]); else - printf("%-21.21s\n", disp_fields[0]); + d_printf("%s\n", disp_fields[0]); } SAFE_FREE(disp_fields[0]); SAFE_FREE(disp_fields[1]); - return; + return True; } + if (!values) /* must be new field, indicate string field */ + return True; if (StrCaseCmp(field, "sAMAccountName") == 0) { - disp_fields[0] = strdup(((struct berval *) values[0])->bv_val); + disp_fields[0] = strdup((char *) values[0]); } if (StrCaseCmp(field, "description") == 0) - disp_fields[1] = strdup(((struct berval *) values[0])->bv_val); + disp_fields[1] = strdup((char *) values[0]); + return True; /* always strings here */ } static int net_ads_user_usage(int argc, const char **argv) @@ -167,6 +172,7 @@ static int ads_user_add(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS status; + char *upn, *userdn; void *res=NULL; int rc = -1; @@ -183,18 +189,43 @@ static int ads_user_add(int argc, const char **argv) if (ads_count_replies(ads, res)) { d_printf("ads_user_add: User %s already exists\n", argv[0]); - ads_msgfree(ads, res); goto done; } status = ads_add_user_acct(ads, argv[0], opt_comment); + if (!ADS_ERR_OK(status)) { + d_printf("Could not add user %s: %s\n", argv[0], + ads_errstr(status)); + goto done; + } + + /* if no password is to be set, we're done */ + if (argc == 1) { + d_printf("User %s added\n", argv[0]); + rc = 0; + goto done; + } + + /* try setting the password */ + asprintf(&upn, "%s@%s", argv[0], ads->realm); + status = krb5_set_password(ads->kdc_server, upn, argv[1]); + safe_free(upn); if (ADS_ERR_OK(status)) { d_printf("User %s added\n", argv[0]); rc = 0; - } else { - d_printf("Could not add user %s: %s\n", argv[0], - ads_errstr(status)); + goto done; + } + + /* password didn't set, delete account */ + d_printf("Could not add user %s. Error setting password %s\n", + argv[0], ads_errstr(status)); + ads_msgfree(ads, res); + status=ads_find_user_acct(ads, &res, argv[0]); + if (ADS_ERR_OK(status)) { + userdn = ads_get_dn(ads, res); + ads_del_dn(ads, userdn); + ads_memfree(ads, userdn); } done: @@ -233,7 +264,7 @@ static int ads_user_info(int argc, const char **argv) char **groupname; for (i=0;grouplist[i];i++) { groupname = ldap_explode_dn(grouplist[i], 1); - printf("%s\n", groupname[0]); + d_printf("%s\n", groupname[0]); ldap_value_free(groupname); } ldap_value_free(grouplist); @@ -308,26 +339,111 @@ int net_ads_user(int argc, const char **argv) return net_run_function(argc, argv, func, net_ads_user_usage); } -static int net_ads_group(int argc, const char **argv) +static int net_ads_group_usage(int argc, const char **argv) +{ + return net_help_group(argc, argv); +} + +static int ads_group_add(int argc, const char **argv) +{ + ADS_STRUCT *ads; + ADS_STATUS status; + void *res=NULL; + int rc = -1; + + if (argc < 1) return net_ads_group_usage(argc, argv); + + if (!(ads = ads_startup())) return -1; + + status = ads_find_user_acct(ads, &res, argv[0]); + + if (!ADS_ERR_OK(status)) { + d_printf("ads_group_add: %s\n", ads_errstr(status)); + goto done; + } + + if (ads_count_replies(ads, res)) { + d_printf("ads_group_add: Group %s already exists\n", argv[0]); + ads_msgfree(ads, res); + goto done; + } + + status = ads_add_group_acct(ads, argv[0], opt_comment); + + if (ADS_ERR_OK(status)) { + d_printf("Group %s added\n", argv[0]); + rc = 0; + } else { + d_printf("Could not add group %s: %s\n", argv[0], + ads_errstr(status)); + } + + done: + if (res) + ads_msgfree(ads, res); + ads_destroy(&ads); + return rc; +} + +static int ads_group_delete(int argc, const char **argv) +{ + ADS_STRUCT *ads; + ADS_STATUS rc; + void *res; + char *groupdn; + + if (argc < 1) return net_ads_group_usage(argc, argv); + + if (!(ads = ads_startup())) return -1; + + rc = ads_find_user_acct(ads, &res, argv[0]); + if (!ADS_ERR_OK(rc)) { + DEBUG(0, ("Group %s does not exist\n", argv[0])); + return -1; + } + groupdn = ads_get_dn(ads, res); + ads_msgfree(ads, res); + rc = ads_del_dn(ads, groupdn); + ads_memfree(ads, groupdn); + if (!ADS_ERR_OK(rc)) { + d_printf("Group %s deleted\n", argv[0]); + return 0; + } + d_printf("Error deleting group %s: %s\n", argv[0], + ads_errstr(rc)); + return -1; +} + +int net_ads_group(int argc, const char **argv) { + struct functable func[] = { + {"ADD", ads_group_add}, + {"DELETE", ads_group_delete}, + {NULL, NULL} + }; ADS_STRUCT *ads; ADS_STATUS rc; const char *shortattrs[] = {"sAMAccountName", NULL}; const char *longattrs[] = {"sAMAccountName", "description", NULL}; char *disp_fields[2] = {NULL, NULL}; - if (!(ads = ads_startup())) return -1; + if (argc == 0) { + if (!(ads = ads_startup())) return -1; - if (opt_long_list_entries) - d_printf("\nGroup name Comment"\ - "\n-----------------------------\n"); - rc = ads_do_search_all_fn(ads, ads->bind_path, LDAP_SCOPE_SUBTREE, - "(objectclass=group)", opt_long_list_entries - ? longattrs : shortattrs, usergrp_display, - disp_fields); + if (opt_long_list_entries) + d_printf("\nGroup name Comment"\ + "\n-----------------------------\n"); + rc = ads_do_search_all_fn(ads, ads->bind_path, + LDAP_SCOPE_SUBTREE, + "(objectclass=group)", + opt_long_list_entries ? longattrs : + shortattrs, usergrp_display, + disp_fields); - ads_destroy(&ads); - return 0; + ads_destroy(&ads); + return 0; + } + return net_run_function(argc, argv, func, net_ads_group_usage); } static int net_ads_status(int argc, const char **argv) @@ -485,7 +601,7 @@ static int net_ads_printer_info(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; - char *servername, *printername; + const char *servername, *printername; extern pstring global_myname; void *res = NULL; @@ -521,6 +637,11 @@ static int net_ads_printer_info(int argc, const char **argv) return 0; } +void do_drv_upgrade_printer(int msg_type, pid_t src, void *buf, size_t len) +{ + return; +} + static int net_ads_printer_publish(int argc, const char **argv) { ADS_STRUCT *ads; @@ -528,6 +649,7 @@ static int net_ads_printer_publish(int argc, const char **argv) char *uncname, *servername; ADS_PRINTER_ENTRY prt; extern pstring global_myname; + char *ports[2] = {"Samba", NULL}; /* these const strings are only here as an example. The attributes @@ -536,7 +658,6 @@ static int net_ads_printer_publish(int argc, const char **argv) const char *bins[] = {"Tray 21", NULL}; const char *media[] = {"Letter", NULL}; const char *orients[] = {"PORTRAIT", NULL}; - const char *ports[] = {"Samba", NULL}; if (!(ads = ads_startup())) return -1; @@ -545,6 +666,9 @@ static int net_ads_printer_publish(int argc, const char **argv) memset(&prt, 0, sizeof(ADS_PRINTER_ENTRY)); + /* we don't sue the servername or unc name provided by + get_a_printer, because the server name might be + localhost or an ip address */ prt.printerName = argv[0]; asprintf(&servername, "%s.%s", global_myname, ads->realm); prt.serverName = servername; @@ -557,7 +681,7 @@ static int net_ads_printer_publish(int argc, const char **argv) prt.printOrientationsSupported = (char **) orients; prt.portName = (char **) ports; prt.printSpooling = "PrintAfterSpooled"; - + rc = ads_add_printer(ads, &prt); if (!ADS_ERR_OK(rc)) { d_printf("ads_publish_printer: %s\n", ads_errstr(rc)); @@ -650,7 +774,7 @@ static int net_ads_password(int argc, const char **argv) /* use the realm so we can eventually change passwords for users in realms other than default */ - if (!(ads = ads_init(realm, NULL, NULL, NULL))) return -1; + if (!(ads = ads_init(realm, NULL, NULL, NULL, NULL))) return -1; asprintf(&prompt, "Enter new password for %s:", argv[0]); @@ -681,8 +805,7 @@ static int net_ads_change_localhost_pass(int argc, const char **argv) char *hostname; ADS_STATUS ret; - - if (!(ads = ads_init(NULL, NULL, NULL, NULL))) return -1; + if (!(ads = ads_init_simple())) return -1; hostname = strdup(global_myname); strlower(hostname); @@ -706,19 +829,79 @@ static int net_ads_change_localhost_pass(int argc, const char **argv) return 0; } +/* + help for net ads search +*/ +static int net_ads_search_usage(int argc, const char **argv) +{ + d_printf( + "\nnet ads search \n"\ + "\nperform a raw LDAP search on a ADS server and dump the results\n"\ + "The expression is a standard LDAP search expression, and the\n"\ + "attributes are a list of LDAP fields to show in the results\n\n"\ + "Example: net ads search '(objectCategory=group)' sAMAccountName\n\n" + ); + net_common_flags_usage(argc, argv); + return -1; +} + + +/* + general ADS search function. Useful in diagnosing problems in ADS +*/ +static int net_ads_search(int argc, const char **argv) +{ + ADS_STRUCT *ads; + ADS_STATUS rc; + const char *exp; + const char **attrs; + void *res = NULL; + + if (argc < 1) { + return net_ads_search_usage(argc, argv); + } + + if (!(ads = ads_startup())) { + return -1; + } + + exp = argv[0]; + attrs = (argv + 1); + + rc = ads_do_search_all(ads, ads->bind_path, + LDAP_SCOPE_SUBTREE, + exp, attrs, &res); + if (!ADS_ERR_OK(rc)) { + d_printf("search failed: %s\n", ads_errstr(rc)); + return -1; + } + + d_printf("Got %d replies\n\n", ads_count_replies(ads, res)); + + /* dump the results */ + ads_dump(ads, res); + + ads_msgfree(ads, res); + ads_destroy(&ads); + + return 0; +} + + int net_ads_help(int argc, const char **argv) { struct functable func[] = { {"USER", net_ads_user_usage}, + {"GROUP", net_ads_group_usage}, + {"PRINTER", net_ads_printer_usage}, + {"SEARCH", net_ads_search_usage}, #if 0 {"INFO", net_ads_info}, {"JOIN", net_ads_join}, {"LEAVE", net_ads_leave}, {"STATUS", net_ads_status}, - {"GROUP", net_ads_group}, {"PASSWORD", net_ads_password}, {"CHOSTPASS", net_ads_change_localhost_pass}, - {"PRINTER", net_ads_printer}, #endif {NULL, NULL} }; @@ -738,6 +921,7 @@ int net_ads(int argc, const char **argv) {"PASSWORD", net_ads_password}, {"CHOSTPASS", net_ads_change_localhost_pass}, {"PRINTER", net_ads_printer}, + {"SEARCH", net_ads_search}, {"HELP", net_ads_help}, {NULL, NULL} }; @@ -773,6 +957,11 @@ int net_ads_user(int argc, const char **argv) return net_ads_noads(); } +int net_ads_group(int argc, const char **argv) +{ + return net_ads_noads(); +} + /* this one shouldn't display a message */ int net_ads_check(void) { diff --git a/source3/utils/net_help.c b/source3/utils/net_help.c index 21af8a4fd93..ab3eac4b434 100644 --- a/source3/utils/net_help.c +++ b/source3/utils/net_help.c @@ -19,6 +19,7 @@ */ #include "includes.h" +#include "../utils/net.h" int net_common_methods_usage(int argc, const char**argv) { @@ -63,12 +64,12 @@ static int help_usage(int argc, const char **argv) int net_help_user(int argc, const char **argv) { - d_printf("\nnet [method] user [misc. options] [targets]\n\tList users\n"); - d_printf("\nnet [method] user DELETE [misc. options] [targets]"\ + d_printf("\nnet user [misc. options] [targets]\n\tList users\n"); + d_printf("\nnet user DELETE [misc. options] [targets]"\ "\n\tDelete specified user\n"); - d_printf("\nnet [method] user INFO [misc. options] [targets]"\ + d_printf("\nnet user INFO [misc. options] [targets]"\ "\n\tList the domain groups of the specified user\n"); - d_printf("\nnet [method] user ADD [-F user flags] [misc. options]"\ + d_printf("\nnet user ADD [password] [-F user flags] [misc. options]"\ " [targets]\n\tAdd specified user\n"); net_common_methods_usage(argc, argv); @@ -78,16 +79,66 @@ int net_help_user(int argc, const char **argv) return -1; } +int net_help_group(int argc, const char **argv) +{ + d_printf("net group [misc. options] [targets]"\ + "\n\tList user groups\n\n"); + d_printf("net group DELETE [misc. options] [targets]"\ + "\n\tDelete specified group\n"); + d_printf("\nnet group ADD [-C comment]"\ + " [misc. options] [targets]\n\tCreate specified group\n"); + net_common_methods_usage(argc, argv); + net_common_flags_usage(argc, argv); + d_printf( + "\t-C or --comment=\tdescriptive comment (for add only)\n"); + return -1; +} + +int net_help_share(int argc, const char **argv) +{ + d_printf( + "\nnet share [misc. options] [targets] \n" + "\tenumerates all exported resources (network shares) " + "on target server\n" + "\nnet share ADD [misc. options] [targets]" + "\n\tAdds a share from a server (makes the export active)\n" + "\nnet share DELETE [misc. options] [targets]\n" + "\n\tDeletes a share from a server (makes the export inactive)\n"); + net_common_methods_usage(argc, argv); + net_common_flags_usage(argc, argv); + d_printf( + "\t-C or --comment=\tdescriptive comment (for add only)\n" + "\t-M or --maxusers=\t\tmax users allowed for share\n"); + return -1; +} + +int net_help_file(int argc, const char **argv) +{ + d_printf("net file [misc. options] [targets]\n"\ + "\tlists all open files on file server\n\n"); + d_printf("net file USER [misc. options] [targets]"\ + "\n\tlists all files opened by username on file server\n\n"); + d_printf("net file CLOSE [misc. options] [targets]\n"\ + "\tcloses specified file on target server\n\n"); + d_printf("net [rap] file INFO [misc. options] [targets]\n"\ + "\tdisplays information about the specified open file\n"); + + net_common_methods_usage(argc, argv); + net_common_flags_usage(argc, argv); + return -1; +} + static int net_usage(int argc, const char **argv) { d_printf(" net time\t\tto view or set time information\n"\ " net lookup\t\tto lookup host name or ip address\n"\ " net user\t\tto manage users\n"\ + " net group\t\tto manage groups\n"\ " net join\t\tto join a domain\n"\ "\n"\ - " net ads [command]\tto run ADS commands\n"\ - " net rap [command]\tto run RAP (pre-RPC) commands\n"\ - " net rpc [command]\tto run RPC commands\n"\ + " net ads \tto run ADS commands\n"\ + " net rap \tto run RAP (pre-RPC) commands\n"\ + " net rpc \tto run RPC commands\n"\ "\n"\ "Type \"net help