svn commit: samba r24089 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec Date: 2007-07-31 08:06:56 + (Tue, 31 Jul 2007) New Revision: 24089 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24089 Log: Add reply_prep/post_legacy Routines to ease the transition to the new API Modified: branches/SAMBA_3_2/source/smbd/process.c Changeset: Modified: branches/SAMBA_3_2/source/smbd/process.c === --- branches/SAMBA_3_2/source/smbd/process.c2007-07-31 07:57:33 UTC (rev 24088) +++ branches/SAMBA_3_2/source/smbd/process.c2007-07-31 08:06:56 UTC (rev 24089) @@ -67,6 +67,60 @@ req-outbuf = NULL; } +/* + * From within a converted call you might have to call non-converted + * subroutines that still take the old inbuf/outbuf/lenght/bufsize + * parameters. This takes a struct smb_request and prepares the legacy + * parameters. + */ + +BOOL reply_prep_legacy(struct smb_request *req, + char **pinbuf, char **poutbuf, + int *psize, int *pbufsize) +{ + const int bufsize = (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE ++ SAFETY_MARGIN); + char *inbuf, *outbuf; + + if (!(inbuf = TALLOC_ARRAY(req, char, bufsize))) { + DEBUG(0, (Could not allocate legacy inbuf\n)); + return False; + } + memcpy(inbuf, req-inbuf, MIN(smb_len(req-inbuf)+4, bufsize)); + req-inbuf = (uint8 *)inbuf; + + if (!(outbuf = TALLOC_ARRAY(req, char, bufsize))) { + DEBUG(0, (Could not allocate legacy outbuf\n)); + return False; + } + req-outbuf = (uint8 *)outbuf; + + construct_reply_common(inbuf, outbuf); + + *pinbuf = inbuf; + *poutbuf = outbuf; + *psize= smb_len(inbuf)+4; + *pbufsize = bufsize; + + return True; +} + +/* + * Post-process the output of the legacy routine so that the result fits into + * the new reply_xxx API + */ + +void reply_post_legacy(struct smb_request *req, int outsize) +{ + if (outsize 0) { + smb_setlen((char *)req-inbuf, (char *)req-outbuf, + outsize); + } + else { + TALLOC_FREE(req-outbuf); + } +} + / structure to hold a linked list of queued messages. for processing.
svn commit: samba r24090 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec Date: 2007-07-31 08:37:54 + (Tue, 31 Jul 2007) New Revision: 24090 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24090 Log: Separate parsing in reply_ntcreate_and_X In particular, check if we have enough parameters Modified: branches/SAMBA_3_2/source/smbd/nttrans.c Changeset: Modified: branches/SAMBA_3_2/source/smbd/nttrans.c === --- branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 08:06:56 UTC (rev 24089) +++ branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 08:37:54 UTC (rev 24090) @@ -484,13 +484,14 @@ { int result; pstring fname; - uint32 flags = IVAL(inbuf,smb_ntcreate_Flags); - uint32 access_mask = IVAL(inbuf,smb_ntcreate_DesiredAccess); - uint32 file_attributes = IVAL(inbuf,smb_ntcreate_FileAttributes); - uint32 share_access = IVAL(inbuf,smb_ntcreate_ShareAccess); - uint32 create_disposition = IVAL(inbuf,smb_ntcreate_CreateDisposition); - uint32 create_options = IVAL(inbuf,smb_ntcreate_CreateOptions); - uint16 root_dir_fid = (uint16)IVAL(inbuf,smb_ntcreate_RootDirectoryFid); + uint32 flags; + uint32 access_mask; + uint32 file_attributes; + uint32 share_access; + uint32 create_disposition; + uint32 create_options; + uint16 root_dir_fid; + SMB_BIG_UINT allocation_size; /* Breakout the oplock request bits so we can set the reply bits separately. */ int oplock_request = 0; @@ -510,6 +511,25 @@ START_PROFILE(SMBntcreateX); + init_smb_request(req, (uint8 *)inbuf); + + if (req.wct 24) { + return ERROR_NT(NT_STATUS_INVALID_PARAMETER); + } + + flags = IVAL(inbuf,smb_ntcreate_Flags); + access_mask = IVAL(inbuf,smb_ntcreate_DesiredAccess); + file_attributes = IVAL(inbuf,smb_ntcreate_FileAttributes); + share_access = IVAL(inbuf,smb_ntcreate_ShareAccess); + create_disposition = IVAL(inbuf,smb_ntcreate_CreateDisposition); + create_options = IVAL(inbuf,smb_ntcreate_CreateOptions); + root_dir_fid = (uint16)IVAL(inbuf,smb_ntcreate_RootDirectoryFid); + + allocation_size = (SMB_BIG_UINT)IVAL(inbuf,smb_ntcreate_AllocationSize); +#ifdef LARGE_SMB_OFF_T + allocation_size |= (((SMB_BIG_UINT)IVAL(inbuf,smb_ntcreate_AllocationSize + 4)) 32); +#endif + DEBUG(10,(reply_ntcreate_and_X: flags = 0x%x, access_mask = 0x%x file_attributes = 0x%x, share_access = 0x%x, create_disposition = 0x%x create_options = 0x%x @@ -522,8 +542,6 @@ (unsigned int)create_options, (unsigned int)root_dir_fid )); - init_smb_request(req, (uint8 *)inbuf); - /* * If it's an IPC, use the pipe handler. */ @@ -562,7 +580,7 @@ if(!dir_fsp-is_directory) { - srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), fname, + srvstr_get_path(inbuf, req.flags2, fname, smb_buf(inbuf), sizeof(fname), 0, STR_TERMINATE, status); if (!NT_STATUS_IS_OK(status)) { @@ -606,7 +624,7 @@ dir_name_len++; } - srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), rel_fname, + srvstr_get_path(inbuf, req.flags2, rel_fname, smb_buf(inbuf), sizeof(rel_fname), 0, STR_TERMINATE, status); if (!NT_STATUS_IS_OK(status)) { @@ -615,7 +633,7 @@ } pstrcat(fname, rel_fname); } else { - srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), fname, + srvstr_get_path(inbuf, req.flags2, fname, smb_buf(inbuf), sizeof(fname), 0, STR_TERMINATE, status); if (!NT_STATUS_IS_OK(status)) { @@ -654,7 +672,7 @@ * Now contruct the smb_open_mode value from the filename, * desired access and the share access. */ - status = resolve_dfspath(conn, SVAL(inbuf,smb_flg2) FLAGS2_DFS_PATHNAMES, fname); + status = resolve_dfspath(conn, req.flags2 FLAGS2_DFS_PATHNAMES, fname); if (!NT_STATUS_IS_OK(status)) { END_PROFILE(SMBntcreateX); if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) { @@ -842,7 +860,7 @@ } else { TALLOC_FREE(case_state); END_PROFILE(SMBntcreateX); - if (open_was_deferred(SVAL(inbuf,smb_mid))) { + if (open_was_deferred(req.mid)) { /* We have re-scheduled this call. */
svn commit: samba r24091 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec Date: 2007-07-31 08:56:08 + (Tue, 31 Jul 2007) New Revision: 24091 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24091 Log: Convert reply_ntcreate_and_X to the new API The routines called will follow Modified: branches/SAMBA_3_2/source/smbd/nttrans.c branches/SAMBA_3_2/source/smbd/process.c Changeset: Modified: branches/SAMBA_3_2/source/smbd/nttrans.c === --- branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 08:37:54 UTC (rev 24090) +++ branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 08:56:08 UTC (rev 24091) @@ -479,10 +479,9 @@ Reply to an NT create and X call. / -int reply_ntcreate_and_X(connection_struct *conn, -char *inbuf,char *outbuf,int length,int bufsize) +void reply_ntcreate_and_X(connection_struct *conn, + struct smb_request *req) { - int result; pstring fname; uint32 flags; uint32 access_mask; @@ -506,28 +505,26 @@ struct timespec m_timespec; BOOL extended_oplock_granted = False; NTSTATUS status; - struct smb_request req; struct case_semantics_state *case_state = NULL; START_PROFILE(SMBntcreateX); - init_smb_request(req, (uint8 *)inbuf); - - if (req.wct 24) { - return ERROR_NT(NT_STATUS_INVALID_PARAMETER); + if (req-wct 24) { + reply_nterror(req, NT_STATUS_INVALID_PARAMETER); + return; } - flags = IVAL(inbuf,smb_ntcreate_Flags); - access_mask = IVAL(inbuf,smb_ntcreate_DesiredAccess); - file_attributes = IVAL(inbuf,smb_ntcreate_FileAttributes); - share_access = IVAL(inbuf,smb_ntcreate_ShareAccess); - create_disposition = IVAL(inbuf,smb_ntcreate_CreateDisposition); - create_options = IVAL(inbuf,smb_ntcreate_CreateOptions); - root_dir_fid = (uint16)IVAL(inbuf,smb_ntcreate_RootDirectoryFid); + flags = IVAL(req-inbuf,smb_ntcreate_Flags); + access_mask = IVAL(req-inbuf,smb_ntcreate_DesiredAccess); + file_attributes = IVAL(req-inbuf,smb_ntcreate_FileAttributes); + share_access = IVAL(req-inbuf,smb_ntcreate_ShareAccess); + create_disposition = IVAL(req-inbuf,smb_ntcreate_CreateDisposition); + create_options = IVAL(req-inbuf,smb_ntcreate_CreateOptions); + root_dir_fid = (uint16)IVAL(req-inbuf,smb_ntcreate_RootDirectoryFid); - allocation_size = (SMB_BIG_UINT)IVAL(inbuf,smb_ntcreate_AllocationSize); + allocation_size = (SMB_BIG_UINT)IVAL(req-inbuf,smb_ntcreate_AllocationSize); #ifdef LARGE_SMB_OFF_T - allocation_size |= (((SMB_BIG_UINT)IVAL(inbuf,smb_ntcreate_AllocationSize + 4)) 32); + allocation_size |= (((SMB_BIG_UINT)IVAL(req-inbuf,smb_ntcreate_AllocationSize + 4)) 32); #endif DEBUG(10,(reply_ntcreate_and_X: flags = 0x%x, access_mask = 0x%x @@ -548,17 +545,30 @@ if (IS_IPC(conn)) { if (lp_nt_pipe_support()) { + char *inbuf, *outbuf; + int length, bufsize; + + if (!reply_prep_legacy(req, inbuf, outbuf, + length, bufsize)) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + return; + } + reply_post_legacy(req, do_ntcreate_pipe_open( + conn, inbuf, outbuf, + length, bufsize)); END_PROFILE(SMBntcreateX); - return do_ntcreate_pipe_open(conn,inbuf,outbuf,length,bufsize); + return; } else { + reply_doserror(req, ERRDOS, ERRnoaccess); END_PROFILE(SMBntcreateX); - return(ERROR_DOS(ERRDOS,ERRnoaccess)); + return; } } if (create_options FILE_OPEN_BY_FILE_ID) { + reply_nterror(req, NT_STATUS_NOT_SUPPORTED); END_PROFILE(SMBntcreateX); - return ERROR_NT(NT_STATUS_NOT_SUPPORTED); + return; } /* @@ -570,22 +580,25 @@ * This filename is relative to a directory fid. */ pstring rel_fname; - files_struct *dir_fsp = file_fsp(inbuf,smb_ntcreate_RootDirectoryFid); + files_struct *dir_fsp = file_fsp( + (char *)req-inbuf, smb_ntcreate_RootDirectoryFid); size_t dir_name_len; if(!dir_fsp) { + reply_doserror(req, ERRDOS, ERRbadfid); END_PROFILE(SMBntcreateX); - return
svn commit: samba r24092 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec Date: 2007-07-31 09:22:16 + (Tue, 31 Jul 2007) New Revision: 24092 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24092 Log: Convert do_ntcreate_pipe_open to the new API nt_open_pipe_new() is a copy of nt_open_pipe(). It will stick for a bit until do_nt_transact_create_pipe is converted as well. Modified: branches/SAMBA_3_2/source/smbd/nttrans.c Changeset: Modified: branches/SAMBA_3_2/source/smbd/nttrans.c === --- branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 08:56:08 UTC (rev 24091) +++ branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 09:22:16 UTC (rev 24092) @@ -321,7 +321,8 @@ } / - Reply to an NT create and X call on a pipe. + Reply to an NT create and X call on a pipe -- this will die when all + callers are converted to nt_open_pipe_new / static int nt_open_pipe(char *fname, connection_struct *conn, @@ -369,24 +370,75 @@ return 0; } +static void nt_open_pipe_new(char *fname, connection_struct *conn, +struct smb_request *req, int *ppnum) +{ + smb_np_struct *p = NULL; + int i; + + DEBUG(4,(nt_open_pipe: Opening pipe %s.\n, fname)); + + /* See if it is one we want to handle. */ + + if (lp_disable_spoolss() strequal(fname, \\spoolss)) { + reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND, + ERRDOS, ERRbadpipe); + return; + } + + for( i = 0; known_nt_pipes[i]; i++ ) { + if( strequal(fname,known_nt_pipes[i])) { + break; + } + } + + if ( known_nt_pipes[i] == NULL ) { + reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND, + ERRDOS, ERRbadpipe); + return; + } + + /* Strip \\ off the name. */ + fname++; + + DEBUG(3,(nt_open_pipe: Known pipe %s opening.\n, fname)); + + p = open_rpc_pipe_p(fname, conn, req-vuid); + if (!p) { + reply_doserror(req, ERRSRV, ERRnofids); + return; + } + + /* TODO: Add pipe to db */ + + if ( !store_pipe_opendb( p ) ) { + DEBUG(3,(nt_open_pipe: failed to store %s pipe open.\n, fname)); + } + + *ppnum = p-pnum; + return; +} + / Reply to an NT create and X call for pipes. / -static int do_ntcreate_pipe_open(connection_struct *conn, -char *inbuf,char *outbuf,int length,int bufsize) +static void do_ntcreate_pipe_open(connection_struct *conn, + struct smb_request *req) { pstring fname; - int ret; int pnum = -1; char *p = NULL; - uint32 flags = IVAL(inbuf,smb_ntcreate_Flags); + uint32 flags = IVAL(req-inbuf,smb_ntcreate_Flags); - srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), fname, smb_buf(inbuf), - sizeof(fname), STR_TERMINATE); + srvstr_pull_buf((char *)req-inbuf, req-flags2, fname, + smb_buf(req-inbuf), sizeof(fname), STR_TERMINATE); - if ((ret = nt_open_pipe(fname, conn, inbuf, outbuf, pnum)) != 0) { - return ret; + nt_open_pipe_new(fname, conn, req, pnum); + + if (req-outbuf) { + /* error reply */ + return; } /* @@ -399,13 +451,13 @@ * the wcnt to 42 ? It's definately * what happens on the wire */ - set_message(inbuf,outbuf,50,0,True); - SCVAL(outbuf,smb_wct,42); + reply_outbuf(req, 50, 0); + SCVAL(req-outbuf,smb_wct,42); } else { - set_message(inbuf,outbuf,34,0,True); + reply_outbuf(req, 34, 0); } - p = outbuf + smb_vwv2; + p = (char *)req-outbuf + smb_vwv2; p++; SSVAL(p,0,pnum); p += 2; @@ -433,7 +485,7 @@ DEBUG(5,(do_ntcreate_pipe_open: open pipe = %s\n, fname)); - return chain_reply(inbuf,outbuf,length,bufsize); + chain_reply_new(req); } / @@ -545,17 +597,7 @@ if (IS_IPC(conn)) { if (lp_nt_pipe_support()) { - char *inbuf, *outbuf; - int length, bufsize; - - if (!reply_prep_legacy(req, inbuf, outbuf, - length, bufsize)) { - reply_nterror(req, NT_STATUS_NO_MEMORY); -
svn commit: samba r24093 - in branches/SAMBA_3_2/source/libads: .
Author: metze Date: 2007-07-31 09:31:47 + (Tue, 31 Jul 2007) New Revision: 24093 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24093 Log: move gssapi/krb5 principal handling into a function metze Modified: branches/SAMBA_3_2/source/libads/sasl.c Changeset: Modified: branches/SAMBA_3_2/source/libads/sasl.c === --- branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 09:22:16 UTC (rev 24092) +++ branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 09:31:47 UTC (rev 24093) @@ -360,7 +360,7 @@ /* perform a LDAP/SASL/SPNEGO/GSSKRB5 bind */ -static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const char *sname) +static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const gss_name_t serv_name) { ADS_STATUS status; BOOL ok; @@ -371,7 +371,6 @@ gss_OID mech_type = krb5_mech_type; gss_OID actual_mech_type = GSS_C_NULL_OID; const char *spnego_mechs[] = {OID_KERBEROS5_OLD, OID_KERBEROS5, OID_NTLMSSP, NULL}; - gss_name_t serv_name; gss_ctx_id_t context_handle = GSS_C_NO_CONTEXT; gss_buffer_desc input_token, output_token; uint32 req_flags, ret_flags; @@ -379,51 +378,7 @@ DATA_BLOB unwrapped; DATA_BLOB wrapped; struct berval cred, *scred = NULL; - krb5_principal principal = NULL; - gss_buffer_desc input_name; - krb5_context ctx = NULL; - krb5_enctype enc_types[] = { -#ifdef ENCTYPE_ARCFOUR_HMAC - ENCTYPE_ARCFOUR_HMAC, -#endif - ENCTYPE_DES_CBC_MD5, - ENCTYPE_NULL}; - gss_OID_desc nt_principal = - {10, CONST_DISCARD(char *, \052\206\110\206\367\022\001\002\002\002)}; - initialize_krb5_error_table(); - status = ADS_ERROR_KRB5(krb5_init_context(ctx)); - if (!ADS_ERR_OK(status)) { - return status; - } - status = ADS_ERROR_KRB5(krb5_set_default_tgs_ktypes(ctx, enc_types)); - if (!ADS_ERR_OK(status)) { - krb5_free_context(ctx); - return status; - } - status = ADS_ERROR_KRB5(smb_krb5_parse_name(ctx, sname, principal)); - if (!ADS_ERR_OK(status)) { - krb5_free_context(ctx); - return status; - } - - /* -* The MIT libraries have a *HORRIBLE* bug - input_value.value needs -* to point to the *address* of the krb5_principal, and the gss libraries -* to a shallow copy of the krb5_principal pointer - so we need to keep -* the krb5_principal around until we do the gss_release_name. MIT *SUCKS* ! -* Just one more way in which MIT engineers screwed me over JRA. -*/ - input_name.value = principal; - input_name.length = sizeof(principal); - - gss_rc = gss_import_name(minor_status, input_name, nt_principal, serv_name); - if (gss_rc) { - krb5_free_principal(ctx, principal); - krb5_free_context(ctx); - return ADS_ERROR_GSS(gss_rc, minor_status); - } - input_token.value = NULL; input_token.length = 0; @@ -633,17 +588,136 @@ } failed: - gss_release_name(minor_status, serv_name); if (context_handle != GSS_C_NO_CONTEXT) gss_delete_sec_context(minor_status, context_handle, GSS_C_NO_BUFFER); - krb5_free_principal(ctx, principal); - krb5_free_context(ctx); return status; } #endif #ifdef HAVE_KRB5 +struct ads_service_principal { +krb5_context ctx; +char *string; +krb5_principal principal; +#ifdef HAVE_GSSAPI +gss_name_t name; +#endif +}; + +static void ads_free_service_principal(struct ads_service_principal *p) +{ + SAFE_FREE(p-string); + +#ifdef HAVE_GSSAPI + if (p-name) { + uint32 minor_status; + gss_release_name(minor_status, p-name); + } +#endif + if (p-principal) { + krb5_free_principal(p-ctx, p-principal); + } + + if (p-ctx) { + krb5_free_context(p-ctx); + } + + ZERO_STRUCTP(p); +} + +static ADS_STATUS ads_generate_service_principal(ADS_STRUCT *ads, +const char *given_principal, +struct ads_service_principal *p) +{ + ADS_STATUS status; + krb5_enctype enc_types[] = { +#ifdef ENCTYPE_ARCFOUR_HMAC + ENCTYPE_ARCFOUR_HMAC, +#endif + ENCTYPE_DES_CBC_MD5, + ENCTYPE_NULL}; +#ifdef HAVE_GSSAPI + gss_buffer_desc input_name; + gss_OID_desc nt_principal = + {10, CONST_DISCARD(char *, \052\206\110\206\367\022\001\002\002\002)}; + uint32 minor_status; + int gss_rc; +#endif + + ZERO_STRUCTP(p); + + /* I've seen a child Windows
svn commit: samba r24094 - in branches/SAMBA_3_2_0/source/libads: .
Author: metze Date: 2007-07-31 09:33:27 + (Tue, 31 Jul 2007) New Revision: 24094 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24094 Log: merge from SAMBA_3_2: move gssapi/krb5 principal handling into a function metze Modified: branches/SAMBA_3_2_0/source/libads/sasl.c Changeset: Modified: branches/SAMBA_3_2_0/source/libads/sasl.c === --- branches/SAMBA_3_2_0/source/libads/sasl.c 2007-07-31 09:31:47 UTC (rev 24093) +++ branches/SAMBA_3_2_0/source/libads/sasl.c 2007-07-31 09:33:27 UTC (rev 24094) @@ -360,7 +360,7 @@ /* perform a LDAP/SASL/SPNEGO/GSSKRB5 bind */ -static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const char *sname) +static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const gss_name_t serv_name) { ADS_STATUS status; BOOL ok; @@ -371,7 +371,6 @@ gss_OID mech_type = krb5_mech_type; gss_OID actual_mech_type = GSS_C_NULL_OID; const char *spnego_mechs[] = {OID_KERBEROS5_OLD, OID_KERBEROS5, OID_NTLMSSP, NULL}; - gss_name_t serv_name; gss_ctx_id_t context_handle = GSS_C_NO_CONTEXT; gss_buffer_desc input_token, output_token; uint32 req_flags, ret_flags; @@ -379,51 +378,7 @@ DATA_BLOB unwrapped; DATA_BLOB wrapped; struct berval cred, *scred = NULL; - krb5_principal principal = NULL; - gss_buffer_desc input_name; - krb5_context ctx = NULL; - krb5_enctype enc_types[] = { -#ifdef ENCTYPE_ARCFOUR_HMAC - ENCTYPE_ARCFOUR_HMAC, -#endif - ENCTYPE_DES_CBC_MD5, - ENCTYPE_NULL}; - gss_OID_desc nt_principal = - {10, CONST_DISCARD(char *, \052\206\110\206\367\022\001\002\002\002)}; - initialize_krb5_error_table(); - status = ADS_ERROR_KRB5(krb5_init_context(ctx)); - if (!ADS_ERR_OK(status)) { - return status; - } - status = ADS_ERROR_KRB5(krb5_set_default_tgs_ktypes(ctx, enc_types)); - if (!ADS_ERR_OK(status)) { - krb5_free_context(ctx); - return status; - } - status = ADS_ERROR_KRB5(smb_krb5_parse_name(ctx, sname, principal)); - if (!ADS_ERR_OK(status)) { - krb5_free_context(ctx); - return status; - } - - /* -* The MIT libraries have a *HORRIBLE* bug - input_value.value needs -* to point to the *address* of the krb5_principal, and the gss libraries -* to a shallow copy of the krb5_principal pointer - so we need to keep -* the krb5_principal around until we do the gss_release_name. MIT *SUCKS* ! -* Just one more way in which MIT engineers screwed me over JRA. -*/ - input_name.value = principal; - input_name.length = sizeof(principal); - - gss_rc = gss_import_name(minor_status, input_name, nt_principal, serv_name); - if (gss_rc) { - krb5_free_principal(ctx, principal); - krb5_free_context(ctx); - return ADS_ERROR_GSS(gss_rc, minor_status); - } - input_token.value = NULL; input_token.length = 0; @@ -633,17 +588,136 @@ } failed: - gss_release_name(minor_status, serv_name); if (context_handle != GSS_C_NO_CONTEXT) gss_delete_sec_context(minor_status, context_handle, GSS_C_NO_BUFFER); - krb5_free_principal(ctx, principal); - krb5_free_context(ctx); return status; } #endif #ifdef HAVE_KRB5 +struct ads_service_principal { +krb5_context ctx; +char *string; +krb5_principal principal; +#ifdef HAVE_GSSAPI +gss_name_t name; +#endif +}; + +static void ads_free_service_principal(struct ads_service_principal *p) +{ + SAFE_FREE(p-string); + +#ifdef HAVE_GSSAPI + if (p-name) { + uint32 minor_status; + gss_release_name(minor_status, p-name); + } +#endif + if (p-principal) { + krb5_free_principal(p-ctx, p-principal); + } + + if (p-ctx) { + krb5_free_context(p-ctx); + } + + ZERO_STRUCTP(p); +} + +static ADS_STATUS ads_generate_service_principal(ADS_STRUCT *ads, +const char *given_principal, +struct ads_service_principal *p) +{ + ADS_STATUS status; + krb5_enctype enc_types[] = { +#ifdef ENCTYPE_ARCFOUR_HMAC + ENCTYPE_ARCFOUR_HMAC, +#endif + ENCTYPE_DES_CBC_MD5, + ENCTYPE_NULL}; +#ifdef HAVE_GSSAPI + gss_buffer_desc input_name; + gss_OID_desc nt_principal = + {10, CONST_DISCARD(char *, \052\206\110\206\367\022\001\002\002\002)}; + uint32 minor_status; + int gss_rc; +#endif + + ZERO_STRUCTP(p); + + /*
svn commit: samba r24095 - in branches/SAMBA_3_2/source/libads: .
Author: metze Date: 2007-07-31 09:37:25 + (Tue, 31 Jul 2007) New Revision: 24095 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24095 Log: add one more fallback alternative to construct the principal metze Modified: branches/SAMBA_3_2/source/libads/sasl.c Changeset: Modified: branches/SAMBA_3_2/source/libads/sasl.c === --- branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 09:33:27 UTC (rev 24094) +++ branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 09:37:25 UTC (rev 24095) @@ -676,6 +676,26 @@ if (!p-string) { return ADS_ERROR(LDAP_NO_MEMORY); } + } else if (ads-config.realm ads-config.ldap_server_name) { + char *server, *server_realm; + + server = SMB_STRDUP(ads-config.ldap_server_name); + server_realm = SMB_STRDUP(ads-config.realm); + + if (!server || !server_realm) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + + strlower_m(server); + strupper_m(server_realm); + asprintf(p-string, ldap/[EMAIL PROTECTED], server, server_realm); + + SAFE_FREE(server); + SAFE_FREE(server_realm); + + if (!p-string) { + return ADS_ERROR(LDAP_NO_MEMORY); + } } initialize_krb5_error_table();
svn commit: samba r24096 - in branches/SAMBA_3_2_0/source/libads: .
Author: metze Date: 2007-07-31 09:38:15 + (Tue, 31 Jul 2007) New Revision: 24096 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24096 Log: merge from SAMBA_3_2: add one more fallback alternative to construct the principal metze Modified: branches/SAMBA_3_2_0/source/libads/sasl.c Changeset: Modified: branches/SAMBA_3_2_0/source/libads/sasl.c === --- branches/SAMBA_3_2_0/source/libads/sasl.c 2007-07-31 09:37:25 UTC (rev 24095) +++ branches/SAMBA_3_2_0/source/libads/sasl.c 2007-07-31 09:38:15 UTC (rev 24096) @@ -676,6 +676,26 @@ if (!p-string) { return ADS_ERROR(LDAP_NO_MEMORY); } + } else if (ads-config.realm ads-config.ldap_server_name) { + char *server, *server_realm; + + server = SMB_STRDUP(ads-config.ldap_server_name); + server_realm = SMB_STRDUP(ads-config.realm); + + if (!server || !server_realm) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + + strlower_m(server); + strupper_m(server_realm); + asprintf(p-string, ldap/[EMAIL PROTECTED], server, server_realm); + + SAFE_FREE(server); + SAFE_FREE(server_realm); + + if (!p-string) { + return ADS_ERROR(LDAP_NO_MEMORY); + } } initialize_krb5_error_table();
svn commit: samba r24097 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec Date: 2007-07-31 09:41:21 + (Tue, 31 Jul 2007) New Revision: 24097 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24097 Log: Convert reply_ntcreate_and_X_quota to the new API Modified: branches/SAMBA_3_2/source/smbd/nttrans.c Changeset: Modified: branches/SAMBA_3_2/source/smbd/nttrans.c === --- branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 09:38:15 UTC (rev 24096) +++ branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 09:41:21 UTC (rev 24097) @@ -492,17 +492,13 @@ Reply to an NT create and X call for a quota file. / -int reply_ntcreate_and_X_quota(connection_struct *conn, - char *inbuf, - char *outbuf, - int length, - int bufsize, - enum FAKE_FILE_TYPE fake_file_type, - const char *fname) +static void reply_ntcreate_and_X_quota(connection_struct *conn, + struct smb_request *req, + enum FAKE_FILE_TYPE fake_file_type, + const char *fname) { - int result; char *p; - uint32 desired_access = IVAL(inbuf,smb_ntcreate_DesiredAccess); + uint32 desired_access = IVAL(req-inbuf,smb_ntcreate_DesiredAccess); files_struct *fsp; NTSTATUS status; @@ -510,12 +506,13 @@ fsp); if (!NT_STATUS_IS_OK(status)) { - return ERROR_NT(status); + reply_nterror(req, status); + return; } - set_message(inbuf,outbuf,34,0,True); + reply_outbuf(req, 34, 0); - p = outbuf + smb_vwv2; + p = (char *)req-outbuf + smb_vwv2; /* SCVAL(p,0,NO_OPLOCK_RETURN); */ p++; @@ -523,8 +520,7 @@ DEBUG(5,(reply_ntcreate_and_X_quota: fnum = %d, open name = %s\n, fsp-fnum, fsp-fsp_name)); - result = chain_reply(inbuf,outbuf,length,bufsize); - return result; + chain_reply_new(req); } / @@ -708,10 +704,6 @@ if( is_ntfs_stream_name(fname)) { enum FAKE_FILE_TYPE fake_file_type = is_fake_file(fname); if (fake_file_type!=FAKE_FILE_TYPE_NONE) { - - char *inbuf, *outbuf; - int length, bufsize; - /* * Here we go! support for changing the disk quotas --metze * @@ -721,22 +713,13 @@ * w2k close this file directly after openening * xp also tries a QUERY_FILE_INFO on the file and then close it */ - if (!reply_prep_legacy(req, inbuf, outbuf, - length, bufsize)) { - reply_nterror(req, NT_STATUS_NO_MEMORY); - return; - } - reply_post_legacy(req, reply_ntcreate_and_X_quota( - conn, inbuf, outbuf, - length, bufsize, - fake_file_type, fname)); - END_PROFILE(SMBntcreateX); - return; + reply_ntcreate_and_X_quota(conn, req, + fake_file_type, fname); } else { reply_nterror(req, NT_STATUS_OBJECT_PATH_NOT_FOUND); - END_PROFILE(SMBntcreateX); - return; } + END_PROFILE(SMBntcreateX); + return; } }
svn commit: samba r24098 - in branches/SAMBA_3_2/source/libads: .
Author: metze Date: 2007-07-31 09:49:14 + (Tue, 31 Jul 2007) New Revision: 24098 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24098 Log: - make use of the ads_service_principal abstraction also for the GSSAPI sasl mech. - also use the ads_kinit_password() fallback logic from the GSS-SPNEGO sasl mech. metze Modified: branches/SAMBA_3_2/source/libads/sasl.c Changeset: Modified: branches/SAMBA_3_2/source/libads/sasl.c === --- branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 09:41:21 UTC (rev 24097) +++ branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 09:49:14 UTC (rev 24098) @@ -905,11 +905,9 @@ this routine is much less fragile see RFC2078 and RFC for details */ -static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads) +static ADS_STATUS ads_sasl_gssapi_do_bind(ADS_STRUCT *ads, const gss_name_t serv_name) { uint32 minor_status; - gss_name_t serv_name; - gss_buffer_desc input_name; gss_ctx_id_t context_handle = GSS_C_NO_CONTEXT; gss_OID mech_type = GSS_C_NULL_OID; gss_buffer_desc output_token, input_token; @@ -921,63 +919,8 @@ int gss_rc, rc; uint8 *p; uint32 max_msg_size = 0; - char *sname = NULL; ADS_STATUS status; - krb5_principal principal = NULL; - krb5_context ctx = NULL; - krb5_enctype enc_types[] = { -#ifdef ENCTYPE_ARCFOUR_HMAC - ENCTYPE_ARCFOUR_HMAC, -#endif - ENCTYPE_DES_CBC_MD5, - ENCTYPE_NULL}; - gss_OID_desc nt_principal = - {10, CONST_DISCARD(char *, \052\206\110\206\367\022\001\002\002\002)}; - /* we need to fetch a service ticket as the ldap user in the - servers realm, regardless of our realm */ - asprintf(sname, ldap/[EMAIL PROTECTED], ads-config.ldap_server_name, ads-config.realm); - - initialize_krb5_error_table(); - status = ADS_ERROR_KRB5(krb5_init_context(ctx)); - if (!ADS_ERR_OK(status)) { - SAFE_FREE(sname); - return status; - } - status = ADS_ERROR_KRB5(krb5_set_default_tgs_ktypes(ctx, enc_types)); - if (!ADS_ERR_OK(status)) { - SAFE_FREE(sname); - krb5_free_context(ctx); - return status; - } - status = ADS_ERROR_KRB5(smb_krb5_parse_name(ctx, sname, principal)); - if (!ADS_ERR_OK(status)) { - SAFE_FREE(sname); - krb5_free_context(ctx); - return status; - } - - input_name.value = principal; - input_name.length = sizeof(principal); - - gss_rc = gss_import_name(minor_status, input_name, nt_principal, serv_name); - - /* -* The MIT libraries have a *HORRIBLE* bug - input_value.value needs -* to point to the *address* of the krb5_principal, and the gss libraries -* to a shallow copy of the krb5_principal pointer - so we need to keep -* the krb5_principal around until we do the gss_release_name. MIT *SUCKS* ! -* Just one more way in which MIT engineers screwed me over JRA. -*/ - - SAFE_FREE(sname); - - if (gss_rc) { - krb5_free_principal(ctx, principal); - krb5_free_context(ctx); - return ADS_ERROR_GSS(gss_rc, minor_status); - } - input_token.value = NULL; input_token.length = 0; @@ -1122,16 +1065,44 @@ } failed: - gss_release_name(minor_status, serv_name); if (context_handle != GSS_C_NO_CONTEXT) gss_delete_sec_context(minor_status, context_handle, GSS_C_NO_BUFFER); - krb5_free_principal(ctx, principal); - krb5_free_context(ctx); if(scred) ber_bvfree(scred); return status; } + +static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads) +{ + ADS_STATUS status; + struct ads_service_principal p; + + status = ads_generate_service_principal(ads, NULL, p); + if (!ADS_ERR_OK(status)) { + return status; + } + + status = ads_sasl_gssapi_do_bind(ads, p.name); + if (ADS_ERR_OK(status)) { + ads_free_service_principal(p); + return status; + } + + DEBUG(10,(ads_sasl_gssapi_do_bind failed with: %s, + calling kinit\n, ads_errstr(status))); + + status = ADS_ERROR_KRB5(ads_kinit_password(ads)); + + if (ADS_ERR_OK(status)) { + status = ads_sasl_gssapi_do_bind(ads, p.name); + } + + ads_free_service_principal(p); + + return status; +} + #endif /* HAVE_GGSAPI */ /* mapping between SASL mechanisms and functions */
svn commit: samba r24100 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec Date: 2007-07-31 10:04:54 + (Tue, 31 Jul 2007) New Revision: 24100 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24100 Log: Convert reply_ntcancel to the new API Modified: branches/SAMBA_3_2/source/smbd/nttrans.c branches/SAMBA_3_2/source/smbd/process.c Changeset: Modified: branches/SAMBA_3_2/source/smbd/nttrans.c === --- branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 09:50:05 UTC (rev 24099) +++ branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 10:04:54 UTC (rev 24100) @@ -1786,23 +1786,21 @@ conn POINTER CAN BE NULL HERE ! / -int reply_ntcancel(connection_struct *conn, - char *inbuf,char *outbuf,int length,int bufsize) +void reply_ntcancel(connection_struct *conn, struct smb_request *req) { /* * Go through and cancel any pending change notifies. */ - int mid = SVAL(inbuf,smb_mid); START_PROFILE(SMBntcancel); - remove_pending_change_notify_requests_by_mid(mid); - remove_pending_lock_requests_by_mid(mid); - srv_cancel_sign_response(mid); + remove_pending_change_notify_requests_by_mid(req-mid); + remove_pending_lock_requests_by_mid(req-mid); + srv_cancel_sign_response(req-mid); - DEBUG(3,(reply_ntcancel: cancel called on mid = %d.\n, mid)); + DEBUG(3,(reply_ntcancel: cancel called on mid = %d.\n, req-mid)); END_PROFILE(SMBntcancel); - return(-1); + return; } / Modified: branches/SAMBA_3_2/source/smbd/process.c === --- branches/SAMBA_3_2/source/smbd/process.c2007-07-31 09:50:05 UTC (rev 24099) +++ branches/SAMBA_3_2/source/smbd/process.c2007-07-31 10:04:54 UTC (rev 24100) @@ -852,7 +852,7 @@ /* 0xa1 */ { SMBnttranss, reply_nttranss,NULL, AS_USER | CAN_IPC }, /* 0xa2 */ { SMBntcreateX, NULL,reply_ntcreate_and_X, AS_USER | CAN_IPC }, /* 0xa3 */ { NULL, NULL, NULL, 0 }, -/* 0xa4 */ { SMBntcancel, reply_ntcancel,NULL, 0 }, +/* 0xa4 */ { SMBntcancel, NULL,reply_ntcancel, 0 }, /* 0xa5 */ { SMBntrename, reply_ntrename,NULL, AS_USER | NEED_WRITE }, /* 0xa6 */ { NULL, NULL, NULL, 0 }, /* 0xa7 */ { NULL, NULL, NULL, 0 },
svn commit: samba r24099 - in branches/SAMBA_3_2_0/source/libads: .
Author: metze Date: 2007-07-31 09:50:05 + (Tue, 31 Jul 2007) New Revision: 24099 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24099 Log: merge from SAMBA_3_2: - make use of the ads_service_principal abstraction also for the GSSAPI sasl mech. - also use the ads_kinit_password() fallback logic from the GSS-SPNEGO sasl mech. metze Modified: branches/SAMBA_3_2_0/source/libads/sasl.c Changeset: Modified: branches/SAMBA_3_2_0/source/libads/sasl.c === --- branches/SAMBA_3_2_0/source/libads/sasl.c 2007-07-31 09:49:14 UTC (rev 24098) +++ branches/SAMBA_3_2_0/source/libads/sasl.c 2007-07-31 09:50:05 UTC (rev 24099) @@ -905,11 +905,9 @@ this routine is much less fragile see RFC2078 and RFC for details */ -static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads) +static ADS_STATUS ads_sasl_gssapi_do_bind(ADS_STRUCT *ads, const gss_name_t serv_name) { uint32 minor_status; - gss_name_t serv_name; - gss_buffer_desc input_name; gss_ctx_id_t context_handle = GSS_C_NO_CONTEXT; gss_OID mech_type = GSS_C_NULL_OID; gss_buffer_desc output_token, input_token; @@ -921,63 +919,8 @@ int gss_rc, rc; uint8 *p; uint32 max_msg_size = 0; - char *sname = NULL; ADS_STATUS status; - krb5_principal principal = NULL; - krb5_context ctx = NULL; - krb5_enctype enc_types[] = { -#ifdef ENCTYPE_ARCFOUR_HMAC - ENCTYPE_ARCFOUR_HMAC, -#endif - ENCTYPE_DES_CBC_MD5, - ENCTYPE_NULL}; - gss_OID_desc nt_principal = - {10, CONST_DISCARD(char *, \052\206\110\206\367\022\001\002\002\002)}; - /* we need to fetch a service ticket as the ldap user in the - servers realm, regardless of our realm */ - asprintf(sname, ldap/[EMAIL PROTECTED], ads-config.ldap_server_name, ads-config.realm); - - initialize_krb5_error_table(); - status = ADS_ERROR_KRB5(krb5_init_context(ctx)); - if (!ADS_ERR_OK(status)) { - SAFE_FREE(sname); - return status; - } - status = ADS_ERROR_KRB5(krb5_set_default_tgs_ktypes(ctx, enc_types)); - if (!ADS_ERR_OK(status)) { - SAFE_FREE(sname); - krb5_free_context(ctx); - return status; - } - status = ADS_ERROR_KRB5(smb_krb5_parse_name(ctx, sname, principal)); - if (!ADS_ERR_OK(status)) { - SAFE_FREE(sname); - krb5_free_context(ctx); - return status; - } - - input_name.value = principal; - input_name.length = sizeof(principal); - - gss_rc = gss_import_name(minor_status, input_name, nt_principal, serv_name); - - /* -* The MIT libraries have a *HORRIBLE* bug - input_value.value needs -* to point to the *address* of the krb5_principal, and the gss libraries -* to a shallow copy of the krb5_principal pointer - so we need to keep -* the krb5_principal around until we do the gss_release_name. MIT *SUCKS* ! -* Just one more way in which MIT engineers screwed me over JRA. -*/ - - SAFE_FREE(sname); - - if (gss_rc) { - krb5_free_principal(ctx, principal); - krb5_free_context(ctx); - return ADS_ERROR_GSS(gss_rc, minor_status); - } - input_token.value = NULL; input_token.length = 0; @@ -1122,16 +1065,44 @@ } failed: - gss_release_name(minor_status, serv_name); if (context_handle != GSS_C_NO_CONTEXT) gss_delete_sec_context(minor_status, context_handle, GSS_C_NO_BUFFER); - krb5_free_principal(ctx, principal); - krb5_free_context(ctx); if(scred) ber_bvfree(scred); return status; } + +static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads) +{ + ADS_STATUS status; + struct ads_service_principal p; + + status = ads_generate_service_principal(ads, NULL, p); + if (!ADS_ERR_OK(status)) { + return status; + } + + status = ads_sasl_gssapi_do_bind(ads, p.name); + if (ADS_ERR_OK(status)) { + ads_free_service_principal(p); + return status; + } + + DEBUG(10,(ads_sasl_gssapi_do_bind failed with: %s, + calling kinit\n, ads_errstr(status))); + + status = ADS_ERROR_KRB5(ads_kinit_password(ads)); + + if (ADS_ERR_OK(status)) { + status = ads_sasl_gssapi_do_bind(ads, p.name); + } + + ads_free_service_principal(p); + + return status; +} + #endif /* HAVE_GGSAPI */ /* mapping between SASL mechanisms and functions */
svn commit: samba r24101 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec Date: 2007-07-31 11:26:24 + (Tue, 31 Jul 2007) New Revision: 24101 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24101 Log: Move prohibited_ea_names[] into samba_private_attr_name() Minor cleanup Modified: branches/SAMBA_3_2/source/smbd/trans2.c Changeset: Modified: branches/SAMBA_3_2/source/smbd/trans2.c === --- branches/SAMBA_3_2/source/smbd/trans2.c 2007-07-31 10:04:54 UTC (rev 24100) +++ branches/SAMBA_3_2/source/smbd/trans2.c 2007-07-31 11:26:24 UTC (rev 24101) @@ -90,18 +90,18 @@ Utility functions for dealing with extended attributes. / -static const char *prohibited_ea_names[] = { - SAMBA_POSIX_INHERITANCE_EA_NAME, - SAMBA_XATTR_DOS_ATTRIB, - NULL -}; - / Refuse to allow clients to overwrite our private xattrs. / static BOOL samba_private_attr_name(const char *unix_ea_name) { + static const char *prohibited_ea_names[] = { + SAMBA_POSIX_INHERITANCE_EA_NAME, + SAMBA_XATTR_DOS_ATTRIB, + NULL + }; + int i; for (i = 0; prohibited_ea_names[i]; i++) {
svn commit: samba r24102 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec Date: 2007-07-31 12:05:40 + (Tue, 31 Jul 2007) New Revision: 24102 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24102 Log: Pass the fid instead of inbuf and an offset to file_fsp. This removes the buf==NULL condition in file_fsp(), but wherever it is called we do have a buffer anyway. Volker Modified: branches/SAMBA_3_2/source/smbd/files.c branches/SAMBA_3_2/source/smbd/nttrans.c branches/SAMBA_3_2/source/smbd/reply.c branches/SAMBA_3_2/source/smbd/trans2.c Changeset: Modified: branches/SAMBA_3_2/source/smbd/files.c === --- branches/SAMBA_3_2/source/smbd/files.c 2007-07-31 11:26:24 UTC (rev 24101) +++ branches/SAMBA_3_2/source/smbd/files.c 2007-07-31 12:05:40 UTC (rev 24102) @@ -487,7 +487,7 @@ Get an fsp from a packet given the offset of a 16 bit fnum. / -files_struct *file_fsp(const char *buf, int where) +files_struct *file_fsp(uint16 fid) { files_struct *fsp; @@ -495,11 +495,7 @@ return chain_fsp; } - if (!buf) { - return NULL; - } - - fsp = file_fnum(SVAL(buf, where)); + fsp = file_fnum(fid); if (fsp) { chain_fsp = fsp; } Modified: branches/SAMBA_3_2/source/smbd/nttrans.c === --- branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 11:26:24 UTC (rev 24101) +++ branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 12:05:40 UTC (rev 24102) @@ -619,7 +619,7 @@ */ pstring rel_fname; files_struct *dir_fsp = file_fsp( - (char *)req-inbuf, smb_ntcreate_RootDirectoryFid); + SVAL(req-inbuf, smb_ntcreate_RootDirectoryFid)); size_t dir_name_len; if(!dir_fsp) { @@ -1377,7 +1377,7 @@ /* * This filename is relative to a directory fid. */ - files_struct *dir_fsp = file_fsp(params,4); + files_struct *dir_fsp = file_fsp(SVAL(params,4)); size_t dir_name_len; if(!dir_fsp) { @@ -2078,7 +2078,7 @@ return ERROR_DOS(ERRDOS,ERRbadfunc); } - fsp = file_fsp((char *)setup,4); + fsp = file_fsp(SVAL(setup,4)); filter = IVAL(setup, 0); recursive = (SVAL(setup, 6) != 0) ? True : False; @@ -2173,7 +2173,7 @@ return ERROR_DOS(ERRDOS,ERRbadfunc); } - fsp = file_fsp(params, 0); + fsp = file_fsp(SVAL(params, 0)); replace_if_exists = (SVAL(params,2) RENAME_REPLACE_IF_EXISTS) ? True : False; CHECK_FSP(fsp, conn); srvstr_get_path_wcard(inbuf, SVAL(inbuf,smb_flg2), new_name, params+4, @@ -2244,7 +2244,7 @@ return ERROR_DOS(ERRDOS,ERRbadfunc); } - fsp = file_fsp(params,0); + fsp = file_fsp(SVAL(params,0)); if(!fsp) { return ERROR_DOS(ERRDOS,ERRbadfid); } @@ -2358,7 +2358,7 @@ return ERROR_DOS(ERRDOS,ERRbadfunc); } - if((fsp = file_fsp(params,0)) == NULL) { + if((fsp = file_fsp(SVAL(params,0))) == NULL) { return ERROR_DOS(ERRDOS,ERRbadfid); } @@ -2415,7 +2415,7 @@ DEBUG(10,(call_nt_transact_ioctl: function[0x%08X] FID[0x%04X] isFSctl[0x%02X] compfilter[0x%02X]\n, function, fidnum, isFSctl, compfilter)); - fsp=file_fsp((char *)*ppsetup, 4); + fsp=file_fsp(SVAL(ppsetup, 4)); /* this check is done in each implemented function case for now because I don't want to break anything... --metze FSP_BELONGS_CONN(fsp,conn);*/ @@ -2693,7 +2693,7 @@ } /* maybe we can check the quota_fnum */ - fsp = file_fsp(params,0); + fsp = file_fsp(SVAL(params,0)); if (!CHECK_NTQUOTA_HANDLE_OK(fsp,conn)) { DEBUG(3,(TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n)); return ERROR_NT(NT_STATUS_INVALID_HANDLE); @@ -2941,7 +2941,7 @@ } /* maybe we can check the quota_fnum */ - fsp = file_fsp(params,0); + fsp = file_fsp(SVAL(params,0)); if (!CHECK_NTQUOTA_HANDLE_OK(fsp,conn)) { DEBUG(3,(TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n)); return ERROR_NT(NT_STATUS_INVALID_HANDLE); Modified: branches/SAMBA_3_2/source/smbd/reply.c === --- branches/SAMBA_3_2/source/smbd/reply.c 2007-07-31 11:26:24 UTC (rev 24101) +++ branches/SAMBA_3_2/source/smbd/reply.c 2007-07-31 12:05:40 UTC (rev 24102) @@ -709,7 +709,7 @@ switch (ioctl_code) { case IOCTL_QUERY_JOB_INFO:
svn commit: samba r24103 - in branches/SAMBA_3_2/source/libads: .
Author: metze Date: 2007-07-31 12:27:25 + (Tue, 31 Jul 2007) New Revision: 24103 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24103 Log: add some useful debug messages, as not all LDAP libraries support wrapping hooks... metze Modified: branches/SAMBA_3_2/source/libads/sasl.c Changeset: Modified: branches/SAMBA_3_2/source/libads/sasl.c === --- branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 12:05:40 UTC (rev 24102) +++ branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 12:27:25 UTC (rev 24103) @@ -251,7 +251,13 @@ ads-ldap.out.sig_size = NTLMSSP_SIG_SIZE; ads-ldap.in.min = 4; ads-ldap.in.max = 0x0FFF; - ads_setup_sasl_wrapping(ads, ads_sasl_ntlmssp_ops, ntlmssp_state); + status = ads_setup_sasl_wrapping(ads, ads_sasl_ntlmssp_ops, ntlmssp_state); + if (!ADS_ERR_OK(status)) { + DEBUG(0, ads_setup_sasl_wrapping() failed: %s\n, + ads_errstr(status))); + ntlmssp_end(ntlmssp_state); + return status; + } } else { ntlmssp_end(ntlmssp_state); } @@ -582,7 +588,12 @@ ads-ldap.out.sig_size = max_msg_size - ads-ldap.out.max; ads-ldap.in.min = 4; ads-ldap.in.max = max_msg_size; - ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops, context_handle); + status = ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops, context_handle); + if (!ADS_ERR_OK(status)) { + DEBUG(0, ads_setup_sasl_wrapping() failed: %s\n, + ads_errstr(status))); + goto failed; + } /* make sure we don't free context_handle */ context_handle = GSS_C_NO_CONTEXT; } @@ -1059,7 +1070,12 @@ ads-ldap.out.sig_size = max_msg_size - ads-ldap.out.max; ads-ldap.in.min = 4; ads-ldap.in.max = max_msg_size; - ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops, context_handle); + status = ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops, context_handle); + if (!ADS_ERR_OK(status)) { + DEBUG(0, ads_setup_sasl_wrapping() failed: %s\n, + ads_errstr(status))); + goto failed; + } /* make sure we don't free context_handle */ context_handle = GSS_C_NO_CONTEXT; }
svn commit: samba r24104 - in branches/SAMBA_3_2/source/libads: .
Author: metze Date: 2007-07-31 12:30:37 + (Tue, 31 Jul 2007) New Revision: 24104 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24104 Log: fix the build, sorry... metze Modified: branches/SAMBA_3_2/source/libads/sasl.c Changeset: Modified: branches/SAMBA_3_2/source/libads/sasl.c === --- branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 12:27:25 UTC (rev 24103) +++ branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 12:30:37 UTC (rev 24104) @@ -126,6 +126,7 @@ struct berval cred, *scred = NULL; int rc; NTSTATUS nt_status; + ADS_STATUS status; int turn = 1; uint32 features = 0; @@ -253,7 +254,7 @@ ads-ldap.in.max = 0x0FFF; status = ads_setup_sasl_wrapping(ads, ads_sasl_ntlmssp_ops, ntlmssp_state); if (!ADS_ERR_OK(status)) { - DEBUG(0, ads_setup_sasl_wrapping() failed: %s\n, + DEBUG(0, (ads_setup_sasl_wrapping() failed: %s\n, ads_errstr(status))); ntlmssp_end(ntlmssp_state); return status; @@ -590,7 +591,7 @@ ads-ldap.in.max = max_msg_size; status = ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops, context_handle); if (!ADS_ERR_OK(status)) { - DEBUG(0, ads_setup_sasl_wrapping() failed: %s\n, + DEBUG(0, (ads_setup_sasl_wrapping() failed: %s\n, ads_errstr(status))); goto failed; } @@ -1072,7 +1073,7 @@ ads-ldap.in.max = max_msg_size; status = ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops, context_handle); if (!ADS_ERR_OK(status)) { - DEBUG(0, ads_setup_sasl_wrapping() failed: %s\n, + DEBUG(0, (ads_setup_sasl_wrapping() failed: %s\n, ads_errstr(status))); goto failed; }
svn commit: samba r24105 - in branches/SAMBA_3_2_0/source/libads: .
Author: metze Date: 2007-07-31 12:32:01 + (Tue, 31 Jul 2007) New Revision: 24105 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24105 Log: merge from SAMBA_3_2: add some useful debug messages, as not all LDAP libraries support wrapping hooks... metze Modified: branches/SAMBA_3_2_0/source/libads/sasl.c Changeset: Modified: branches/SAMBA_3_2_0/source/libads/sasl.c === --- branches/SAMBA_3_2_0/source/libads/sasl.c 2007-07-31 12:30:37 UTC (rev 24104) +++ branches/SAMBA_3_2_0/source/libads/sasl.c 2007-07-31 12:32:01 UTC (rev 24105) @@ -126,6 +126,7 @@ struct berval cred, *scred = NULL; int rc; NTSTATUS nt_status; + ADS_STATUS status; int turn = 1; uint32 features = 0; @@ -251,7 +252,13 @@ ads-ldap.out.sig_size = NTLMSSP_SIG_SIZE; ads-ldap.in.min = 4; ads-ldap.in.max = 0x0FFF; - ads_setup_sasl_wrapping(ads, ads_sasl_ntlmssp_ops, ntlmssp_state); + status = ads_setup_sasl_wrapping(ads, ads_sasl_ntlmssp_ops, ntlmssp_state); + if (!ADS_ERR_OK(status)) { + DEBUG(0, (ads_setup_sasl_wrapping() failed: %s\n, + ads_errstr(status))); + ntlmssp_end(ntlmssp_state); + return status; + } } else { ntlmssp_end(ntlmssp_state); } @@ -582,7 +589,12 @@ ads-ldap.out.sig_size = max_msg_size - ads-ldap.out.max; ads-ldap.in.min = 4; ads-ldap.in.max = max_msg_size; - ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops, context_handle); + status = ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops, context_handle); + if (!ADS_ERR_OK(status)) { + DEBUG(0, (ads_setup_sasl_wrapping() failed: %s\n, + ads_errstr(status))); + goto failed; + } /* make sure we don't free context_handle */ context_handle = GSS_C_NO_CONTEXT; } @@ -1059,7 +1071,12 @@ ads-ldap.out.sig_size = max_msg_size - ads-ldap.out.max; ads-ldap.in.min = 4; ads-ldap.in.max = max_msg_size; - ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops, context_handle); + status = ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops, context_handle); + if (!ADS_ERR_OK(status)) { + DEBUG(0, (ads_setup_sasl_wrapping() failed: %s\n, + ads_errstr(status))); + goto failed; + } /* make sure we don't free context_handle */ context_handle = GSS_C_NO_CONTEXT; }
svn commit: samba r24106 - in branches/SAMBA_3_2/source: rpc_server smbd
Author: vlendec Date: 2007-07-31 13:14:07 + (Tue, 31 Jul 2007) New Revision: 24106 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24106 Log: Pass fnum instead of buf/offset into get_rpc_pipe_p Modified: branches/SAMBA_3_2/source/rpc_server/srv_pipe_hnd.c branches/SAMBA_3_2/source/smbd/pipes.c branches/SAMBA_3_2/source/smbd/trans2.c Changeset: Modified: branches/SAMBA_3_2/source/rpc_server/srv_pipe_hnd.c === --- branches/SAMBA_3_2/source/rpc_server/srv_pipe_hnd.c 2007-07-31 12:32:01 UTC (rev 24105) +++ branches/SAMBA_3_2/source/rpc_server/srv_pipe_hnd.c 2007-07-31 13:14:07 UTC (rev 24106) @@ -1246,10 +1246,8 @@ Find an rpc pipe given a pipe handle in a buffer and an offset. / -smb_np_struct *get_rpc_pipe_p(const char *buf, int where) +smb_np_struct *get_rpc_pipe_p(uint16 pnum) { - int pnum = SVAL(buf,where); - if (chain_p) { return chain_p; } Modified: branches/SAMBA_3_2/source/smbd/pipes.c === --- branches/SAMBA_3_2/source/smbd/pipes.c 2007-07-31 12:32:01 UTC (rev 24105) +++ branches/SAMBA_3_2/source/smbd/pipes.c 2007-07-31 13:14:07 UTC (rev 24106) @@ -140,7 +140,7 @@ int reply_pipe_write(char *inbuf,char *outbuf,int length,int dum_bufsize) { - smb_np_struct *p = get_rpc_pipe_p(inbuf,smb_vwv0); + smb_np_struct *p = get_rpc_pipe_p(SVAL(inbuf,smb_vwv0)); uint16 vuid = SVAL(inbuf,smb_uid); size_t numtowrite = SVAL(inbuf,smb_vwv1); int nwritten; @@ -185,7 +185,7 @@ int reply_pipe_write_and_X(char *inbuf,char *outbuf,int length,int bufsize) { - smb_np_struct *p = get_rpc_pipe_p(inbuf,smb_vwv2); + smb_np_struct *p = get_rpc_pipe_p(SVAL(inbuf,smb_vwv2)); uint16 vuid = SVAL(inbuf,smb_uid); size_t numtowrite = SVAL(inbuf,smb_vwv10); int nwritten = -1; @@ -247,7 +247,7 @@ int reply_pipe_read_and_X(char *inbuf,char *outbuf,int length,int bufsize) { - smb_np_struct *p = get_rpc_pipe_p(inbuf,smb_vwv2); + smb_np_struct *p = get_rpc_pipe_p(SVAL(inbuf,smb_vwv2)); int smb_maxcnt = SVAL(inbuf,smb_vwv5); int smb_mincnt = SVAL(inbuf,smb_vwv6); int nread = -1; @@ -292,7 +292,7 @@ void reply_pipe_close(connection_struct *conn, struct smb_request *req) { - smb_np_struct *p = get_rpc_pipe_p((char *)req-inbuf,smb_vwv0); + smb_np_struct *p = get_rpc_pipe_p(SVAL(req-inbuf,smb_vwv0)); if (!p) { reply_doserror(req, ERRDOS, ERRbadfid); Modified: branches/SAMBA_3_2/source/smbd/trans2.c === --- branches/SAMBA_3_2/source/smbd/trans2.c 2007-07-31 12:32:01 UTC (rev 24105) +++ branches/SAMBA_3_2/source/smbd/trans2.c 2007-07-31 13:14:07 UTC (rev 24106) @@ -3244,7 +3244,7 @@ return ERROR_NT(NT_STATUS_INVALID_PARAMETER); } - p_pipe = get_rpc_pipe_p(params,0); + p_pipe = get_rpc_pipe_p(SVAL(params,0)); if (p_pipe == NULL) { return ERROR_NT(NT_STATUS_INVALID_HANDLE); }
svn commit: samba r24107 - in branches: SAMBA_3_0_25/source/utils SAMBA_3_2/source/utils SAMBA_3_2_0/source/utils
Author: vlendec Date: 2007-07-31 19:15:27 + (Tue, 31 Jul 2007) New Revision: 24107 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24107 Log: Fix bug 4849. Thanks to Matthijs Kooijman [EMAIL PROTECTED] Modified: branches/SAMBA_3_0_25/source/utils/net_ads.c branches/SAMBA_3_2/source/utils/net_ads.c branches/SAMBA_3_2_0/source/utils/net_ads.c Changeset: Modified: branches/SAMBA_3_0_25/source/utils/net_ads.c === --- branches/SAMBA_3_0_25/source/utils/net_ads.c2007-07-31 13:14:07 UTC (rev 24106) +++ branches/SAMBA_3_0_25/source/utils/net_ads.c2007-07-31 19:15:27 UTC (rev 24107) @@ -1720,7 +1720,7 @@ #endif if (argc 0) { - d_fprintf(stderr, net ads dns register name ip\n); + d_fprintf(stderr, net ads dns register\n); return -1; } Modified: branches/SAMBA_3_2/source/utils/net_ads.c === --- branches/SAMBA_3_2/source/utils/net_ads.c 2007-07-31 13:14:07 UTC (rev 24106) +++ branches/SAMBA_3_2/source/utils/net_ads.c 2007-07-31 19:15:27 UTC (rev 24107) @@ -1743,7 +1743,7 @@ #endif if (argc 0) { - d_fprintf(stderr, net ads dns register name ip\n); + d_fprintf(stderr, net ads dns register\n); return -1; } Modified: branches/SAMBA_3_2_0/source/utils/net_ads.c === --- branches/SAMBA_3_2_0/source/utils/net_ads.c 2007-07-31 13:14:07 UTC (rev 24106) +++ branches/SAMBA_3_2_0/source/utils/net_ads.c 2007-07-31 19:15:27 UTC (rev 24107) @@ -1743,7 +1743,7 @@ #endif if (argc 0) { - d_fprintf(stderr, net ads dns register name ip\n); + d_fprintf(stderr, net ads dns register\n); return -1; }
svn commit: samba r24109 - in branches/SAMBA_4_0/source/winbind: .
Author: kai Date: 2007-07-31 23:49:04 + (Tue, 31 Jul 2007) New Revision: 24109 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24109 Log: Add a wb_name2domain call Added: branches/SAMBA_4_0/source/winbind/wb_name2domain.c Modified: branches/SAMBA_4_0/source/winbind/config.mk Changeset: Modified: branches/SAMBA_4_0/source/winbind/config.mk === --- branches/SAMBA_4_0/source/winbind/config.mk 2007-07-31 23:43:59 UTC (rev 24108) +++ branches/SAMBA_4_0/source/winbind/config.mk 2007-07-31 23:49:04 UTC (rev 24109) @@ -15,6 +15,7 @@ wb_dom_info.o \ wb_dom_info_trusted.o \ wb_sid2domain.o \ + wb_name2domain.o \ wb_connect_lsa.o \ wb_connect_sam.o \ wb_cmd_lookupname.o \ Added: branches/SAMBA_4_0/source/winbind/wb_name2domain.c === --- branches/SAMBA_4_0/source/winbind/wb_name2domain.c 2007-07-31 23:43:59 UTC (rev 24108) +++ branches/SAMBA_4_0/source/winbind/wb_name2domain.c 2007-07-31 23:49:04 UTC (rev 24109) @@ -0,0 +1,131 @@ +/* + Unix SMB/CIFS implementation. + + Find and init a domain struct for a name + + Copyright (C) Kai Blin 2007 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see http://www.gnu.org/licenses/. +*/ + +#include includes.h +#include libcli/composite/composite.h +#include winbind/wb_server.h +#include smbd/service_task.h +#include winbind/wb_helper.h + +struct name2domain_state { + struct composite_context *ctx; + struct wbsrv_service *service; + + struct wbsrv_domain *domain; +}; + +static void name2domain_recv_sid(struct composite_context *ctx); +static void name2domain_recv_domain(struct composite_context *ctx); + +struct composite_context *wb_name2domain_send(TALLOC_CTX *mem_ctx, + struct wbsrv_service *service, const char* name) +{ + struct composite_context *result, *ctx; + struct name2domain_state *state; + char *user_dom, *user_name; + + DEBUG(5, (wb_name2domain_send called\n)); + + result = composite_create(mem_ctx, service-task-event_ctx); + if (result == NULL) goto failed; + + state = talloc(result, struct name2domain_state); + if (state == NULL) goto failed; + state-ctx = result; + result-private_data = state; + state-service = service; + + if(!wb_samba3_split_username(state, name, user_dom, user_name)) + goto failed; + + ctx = wb_cmd_lookupname_send(state, service, user_dom, user_name); + if (ctx == NULL) goto failed; + + ctx-async.fn = name2domain_recv_sid; + ctx-async.private_data = state; + return result; + +failed: + talloc_free(result); + return NULL; +} + +static void name2domain_recv_sid(struct composite_context *ctx) +{ + struct name2domain_state *state = + talloc_get_type(ctx-async.private_data, + struct name2domain_state); + struct wb_sid_object *sid; + + DEBUG(1, (name2domain_recv_sid called\n)); + + state-ctx-status = wb_cmd_lookupname_recv(ctx, state, sid); + if(!composite_is_ok(state-ctx)) return; + + ctx = wb_sid2domain_send(state, state-service, sid-sid); + + composite_continue(state-ctx, ctx, name2domain_recv_domain, state); +} + +static void name2domain_recv_domain(struct composite_context *ctx) +{ + struct name2domain_state *state = + talloc_get_type(ctx-async.private_data, + struct name2domain_state); + struct wbsrv_domain *domain; + + DEBUG(1, (name2domain_recv_domain called\n)); + + state-ctx-status = wb_sid2domain_recv(ctx, domain); + if(!composite_is_ok(state-ctx)) return; + + state-domain = domain; + + composite_done(state-ctx); +} + +NTSTATUS wb_name2domain_recv(struct composite_context *ctx, + struct wbsrv_domain **result) +{ + NTSTATUS status = composite_wait(ctx); + + DEBUG(1, (wb_name2domain_recv called\n)); + + if (NT_STATUS_IS_OK(status)) { + struct name2domain_state *state = + talloc_get_type(ctx-private_data, + struct name2domain_state); + *result =
svn commit: samba r24108 - in branches/SAMBA_4_0/source/winbind: .
Author: kai Date: 2007-07-31 23:43:59 + (Tue, 31 Jul 2007) New Revision: 24108 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24108 Log: Split out samba3_parse_domuser to a seperate file and rename, so it can be used for a name2domain call. Added: branches/SAMBA_4_0/source/winbind/wb_utils.c Modified: branches/SAMBA_4_0/source/winbind/config.mk branches/SAMBA_4_0/source/winbind/wb_samba3_cmd.c Changeset: Modified: branches/SAMBA_4_0/source/winbind/config.mk === --- branches/SAMBA_4_0/source/winbind/config.mk 2007-07-31 19:15:27 UTC (rev 24107) +++ branches/SAMBA_4_0/source/winbind/config.mk 2007-07-31 23:43:59 UTC (rev 24108) @@ -41,7 +41,8 @@ [SUBSYSTEM::WB_HELPER] PRIVATE_PROTO_HEADER = wb_helper.h OBJ_FILES = \ - wb_async_helpers.o + wb_async_helpers.o \ + wb_utils.o PUBLIC_DEPENDENCIES = RPC_NDR_LSA dcerpc_samr # End SUBSYSTEM WB_HELPER Modified: branches/SAMBA_4_0/source/winbind/wb_samba3_cmd.c === --- branches/SAMBA_4_0/source/winbind/wb_samba3_cmd.c 2007-07-31 19:15:27 UTC (rev 24107) +++ branches/SAMBA_4_0/source/winbind/wb_samba3_cmd.c 2007-07-31 23:43:59 UTC (rev 24108) @@ -25,6 +25,7 @@ #include nsswitch/winbindd_nss.h #include winbind/wb_server.h #include winbind/wb_async_helpers.h +#include winbind/wb_helper.h #include libcli/composite/composite.h #include version.h #include librpc/gen_ndr/netlogon.h @@ -529,27 +530,6 @@ wbsrv_samba3_async_auth_epilogue(status, s3call); } -/* Helper function: Split a domain\\user string into it's parts, - * because the client supplies it as one string */ - -static BOOL samba3_parse_domuser(TALLOC_CTX *mem_ctx, const char *domuser, -char **domain, char **user) -{ - char *p = strchr(domuser, *lp_winbind_separator()); - - if (p == NULL) { - *domain = talloc_strdup(mem_ctx, lp_workgroup()); - } else { - *domain = talloc_strndup(mem_ctx, domuser, -PTR_DIFF(p, domuser)); - domuser = p+1; - } - - *user = talloc_strdup(mem_ctx, domuser); - - return ((*domain != NULL) (*user != NULL)); -} - /* Plaintext authentication This interface is used by ntlm_auth in it's 'basic' authentication @@ -566,7 +546,7 @@ s3call-wbconn-listen_socket-service; char *user, *domain; - if (!samba3_parse_domuser(s3call, + if (!wb_samba3_split_username(s3call, s3call-request.data.auth.user, domain, user)) { return NT_STATUS_NO_SUCH_USER; Added: branches/SAMBA_4_0/source/winbind/wb_utils.c === --- branches/SAMBA_4_0/source/winbind/wb_utils.c2007-07-31 19:15:27 UTC (rev 24107) +++ branches/SAMBA_4_0/source/winbind/wb_utils.c2007-07-31 23:43:59 UTC (rev 24108) @@ -0,0 +1,47 @@ +/* + Unix SMB/CIFS implementation. + + Utility functions that are not related with async operations. + + Copyright (C) Andrew Bartlett [EMAIL PROTECTED] 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see http://www.gnu.org/licenses/. +*/ + +#include includes.h + + +/* Split a domain\\user string into it's parts, because the client supplies it + * as one string. + * TODO: We probably will need to handle other formats later. */ + +BOOL wb_samba3_split_username(TALLOC_CTX *mem_ctx, const char *domuser, +char **domain, char **user) +{ + char *p = strchr(domuser, *lp_winbind_separator()); + + if (p == NULL) { + *domain = talloc_strdup(mem_ctx, lp_workgroup()); + } else { + *domain = talloc_strndup(mem_ctx, domuser, +PTR_DIFF(p, domuser)); + domuser = p+1; + } + + *user = talloc_strdup(mem_ctx, domuser); + + return ((*domain != NULL) (*user != NULL)); +} + +
Build status as of Wed Aug 1 00:00:02 2007
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2007-07-31 00:01:34.0 + +++ /home/build/master/cache/broken_results.txt 2007-08-01 00:03:28.0 + @@ -1,4 +1,4 @@ -Build status as of Tue Jul 31 00:00:03 2007 +Build status as of Wed Aug 1 00:00:02 2007 Build counts: Tree Total Broken Panic @@ -7,7 +7,7 @@ ccache 32 8 0 ctdb 0 0 0 distcc 2 0 0 -ldb 30 4 0 +ldb 32 4 0 libreplace 31 10 0 lorikeet-heimdal 28 12 0 pidl 19 4 0 @@ -17,7 +17,7 @@ samba-docs 0 0 0 samba-gtk3 3 0 samba4 30 27 6 -samba_3_234 21 0 +samba_3_234 20 0 smb-build30 30 0 talloc 33 1 0 tdb 32 3 0
svn commit: samba r24110 - in branches/SAMBA_4_0/source/winbind: .
Author: abartlet Date: 2007-08-01 00:38:53 + (Wed, 01 Aug 2007) New Revision: 24110 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24110 Log: I hate seeing callers manually filling in the composite context. Use the helper functions instead (and in kai's new code, which just copied the previous bad practice). Andrew Bartlett Modified: branches/SAMBA_4_0/source/winbind/wb_name2domain.c branches/SAMBA_4_0/source/winbind/wb_sid2domain.c Changeset: Modified: branches/SAMBA_4_0/source/winbind/wb_name2domain.c === --- branches/SAMBA_4_0/source/winbind/wb_name2domain.c 2007-07-31 23:49:04 UTC (rev 24109) +++ branches/SAMBA_4_0/source/winbind/wb_name2domain.c 2007-08-01 00:38:53 UTC (rev 24110) @@ -59,8 +59,7 @@ ctx = wb_cmd_lookupname_send(state, service, user_dom, user_name); if (ctx == NULL) goto failed; - ctx-async.fn = name2domain_recv_sid; - ctx-async.private_data = state; + composite_continue(result, ctx, name2domain_recv_sid, ctx-async.private_data); return result; failed: Modified: branches/SAMBA_4_0/source/winbind/wb_sid2domain.c === --- branches/SAMBA_4_0/source/winbind/wb_sid2domain.c 2007-07-31 23:49:04 UTC (rev 24109) +++ branches/SAMBA_4_0/source/winbind/wb_sid2domain.c 2007-08-01 00:38:53 UTC (rev 24110) @@ -94,8 +94,8 @@ ctx = wb_cmd_lookupsid_send(state, service, state-sid); if (ctx == NULL) goto failed; - ctx-async.fn = sid2domain_recv_name; - ctx-async.private_data = state; + composite_continue(result, ctx, sid2domain_recv_name, ctx-async.private_data); + return result; failed:
svn commit: samba r24111 - in branches/SAMBA_4_0/source/winbind: .
Author: abartlet Date: 2007-08-01 01:22:53 + (Wed, 01 Aug 2007) New Revision: 24111 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24111 Log: Untested code is broken code, untested code is broken code... Apologies for my previous commit, which should never have been commited untested. Andrew Bartlett Modified: branches/SAMBA_4_0/source/winbind/wb_name2domain.c branches/SAMBA_4_0/source/winbind/wb_sid2domain.c Changeset: Modified: branches/SAMBA_4_0/source/winbind/wb_name2domain.c === --- branches/SAMBA_4_0/source/winbind/wb_name2domain.c 2007-08-01 00:38:53 UTC (rev 24110) +++ branches/SAMBA_4_0/source/winbind/wb_name2domain.c 2007-08-01 01:22:53 UTC (rev 24111) @@ -59,7 +59,7 @@ ctx = wb_cmd_lookupname_send(state, service, user_dom, user_name); if (ctx == NULL) goto failed; - composite_continue(result, ctx, name2domain_recv_sid, ctx-async.private_data); + composite_continue(result, ctx, name2domain_recv_sid, state); return result; failed: Modified: branches/SAMBA_4_0/source/winbind/wb_sid2domain.c === --- branches/SAMBA_4_0/source/winbind/wb_sid2domain.c 2007-08-01 00:38:53 UTC (rev 24110) +++ branches/SAMBA_4_0/source/winbind/wb_sid2domain.c 2007-08-01 01:22:53 UTC (rev 24111) @@ -94,7 +94,7 @@ ctx = wb_cmd_lookupsid_send(state, service, state-sid); if (ctx == NULL) goto failed; - composite_continue(result, ctx, sid2domain_recv_name, ctx-async.private_data); + composite_continue(result, ctx, sid2domain_recv_name, state); return result;
svn commit: samba r24112 - in branches/SAMBA_4_0/source/winbind: .
Author: abartlet Date: 2007-08-01 04:05:06 + (Wed, 01 Aug 2007) New Revision: 24112 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24112 Log: Complete initialistion of the libnet_ctx when setting up the domain. We need to set the access_mask and the domain name, or else libnet will try to do this itself. This seems to fix the issues Kai was having. Andrew Bartlett Modified: branches/SAMBA_4_0/source/winbind/wb_init_domain.c Changeset: Modified: branches/SAMBA_4_0/source/winbind/wb_init_domain.c === --- branches/SAMBA_4_0/source/winbind/wb_init_domain.c 2007-08-01 01:22:53 UTC (rev 24111) +++ branches/SAMBA_4_0/source/winbind/wb_init_domain.c 2007-08-01 04:05:06 UTC (rev 24112) @@ -284,6 +284,8 @@ talloc_steal(state-domain-libnet_ctx, state-domain-libnet_ctx-lsa.pipe); talloc_steal(state-domain-libnet_ctx-lsa.pipe, state-domain-lsa_binding); + state-domain-libnet_ctx-lsa.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + state-domain-libnet_ctx-lsa.name = state-domain-info-name; ZERO_STRUCT(state-domain-libnet_ctx-lsa.handle); state-lsa_openpolicy.in.system_name = @@ -392,6 +394,8 @@ if (!composite_is_ok(state-ctx)) return; talloc_steal(state-domain-libnet_ctx-samr.pipe, state-domain-samr_binding); + state-domain-libnet_ctx-samr.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + state-domain-libnet_ctx-samr.name = state-domain-info-name; state-domain-ldap_conn = ldap4_new_connection(state-domain, state-ctx-event_ctx);