svn commit: lorikeet r555 - in trunk/heimdal/lib/hdb: .
Author: abartlet Date: 2006-06-06 04:52:31 + (Tue, 06 Jun 2006) New Revision: 555 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=555 Log: Merge fix for missing hdb flags from Samba4. Andrew Bartlett Modified: trunk/heimdal/lib/hdb/keytab.c Changeset: Modified: trunk/heimdal/lib/hdb/keytab.c === --- trunk/heimdal/lib/hdb/keytab.c 2006-06-02 15:15:03 UTC (rev 554) +++ trunk/heimdal/lib/hdb/keytab.c 2006-06-06 04:52:31 UTC (rev 555) @@ -218,7 +218,7 @@ (*db->hdb_destroy)(context, db); return ret; } -ret = (*db->hdb_fetch)(context, db, principal, HDB_F_DECRYPT, &ent); +ret = (*db->hdb_fetch)(context, db, principal, HDB_F_DECRYPT|HDB_F_GET_CLIENT|HDB_F_GET_SERVER, &ent); /* Shutdown the hdb on error */
svn commit: samba r16056 - in branches/SAMBA_4_0/source: auth/gensec heimdal/lib/hdb kdc
Author: abartlet Date: 2006-06-06 04:50:14 + (Tue, 06 Jun 2006) New Revision: 16056 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16056 Log: Fix errors found by trying to use our kpasswd server and the Apple client. Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c branches/SAMBA_4_0/source/heimdal/lib/hdb/keytab.c branches/SAMBA_4_0/source/kdc/hdb-ldb.c Changeset: Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c === --- branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c 2006-06-06 03:19:15 UTC (rev 16055) +++ branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c 2006-06-06 04:50:14 UTC (rev 16056) @@ -151,7 +151,7 @@ } } - peer_addr = gensec_get_my_addr(gensec_security); + peer_addr = gensec_get_peer_addr(gensec_security); if (peer_addr && peer_addr->sockaddr) { ret = krb5_sockaddr2address(gensec_krb5_state->smb_krb5_context->krb5_context, peer_addr->sockaddr, &peer_krb5_addr); Modified: branches/SAMBA_4_0/source/heimdal/lib/hdb/keytab.c === --- branches/SAMBA_4_0/source/heimdal/lib/hdb/keytab.c 2006-06-06 03:19:15 UTC (rev 16055) +++ branches/SAMBA_4_0/source/heimdal/lib/hdb/keytab.c 2006-06-06 04:50:14 UTC (rev 16056) @@ -218,7 +218,7 @@ (*db->hdb_destroy)(context, db); return ret; } -ret = (*db->hdb_fetch)(context, db, principal, HDB_F_DECRYPT, &ent); +ret = (*db->hdb_fetch)(context, db, principal, HDB_F_DECRYPT|HDB_F_GET_CLIENT|HDB_F_GET_SERVER, &ent); /* Shutdown the hdb on error */ Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c === --- branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2006-06-06 03:19:15 UTC (rev 16055) +++ branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2006-06-06 04:50:14 UTC (rev 16056) @@ -611,13 +611,10 @@ &msg, &realm_ref_msg); free(principal_string); if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) { - talloc_free(mem_ctx); return HDB_ERR_NOENTRY; } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_MEMORY)) { - talloc_free(mem_ctx); return ENOMEM; } else if (!NT_STATUS_IS_OK(nt_status)) { - talloc_free(mem_ctx); return EINVAL; } @@ -788,7 +785,7 @@ unsigned flags, hdb_entry_ex *entry_ex) { - krb5_error_code ret; + krb5_error_code ret = HDB_ERR_NOENTRY; TALLOC_CTX *mem_ctx = talloc_named(db, 0, "LDB_fetch context");
svn commit: samba r16055 - in trunk/source: include smbd
Author: jpeach Date: 2006-06-06 03:19:15 + (Tue, 06 Jun 2006) New Revision: 16055 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16055 Log: Provide an API for modules to add their own private info to files_struct. This patch is a candidate for the SAMBA_3_0 branch post-3.0.23. Modified: trunk/source/include/smb.h trunk/source/include/vfs.h trunk/source/smbd/vfs.c Changeset: Modified: trunk/source/include/smb.h === --- trunk/source/include/smb.h 2006-06-06 00:34:26 UTC (rev 16054) +++ trunk/source/include/smb.h 2006-06-06 03:19:15 UTC (rev 16055) @@ -408,6 +408,14 @@ struct idle_event; struct share_mode_entry; +struct vfs_fsp_data { +struct vfs_fsp_data *next; +struct vfs_handle_struct *owner; +/* NOTE: This structure contains two pointers so that we can guarantee + * that the end of the structure is always both 4-byte and 8-byte aligned. + */ +}; + typedef struct files_struct { struct files_struct *next, *prev; int fnum; @@ -446,6 +454,8 @@ BOOL aio_write_behind; BOOL lockdb_clean; char *fsp_name; + + struct vfs_fsp_data *vfs_extension; FAKE_FILE_HANDLE *fake_file_handle; } files_struct; Modified: trunk/source/include/vfs.h === --- trunk/source/include/vfs.h 2006-06-06 00:34:26 UTC (rev 16054) +++ trunk/source/include/vfs.h 2006-06-06 03:19:15 UTC (rev 16055) @@ -531,7 +531,15 @@ /* NB flags can come from FILE_SYSTEM_DEVICE_INFO call */ } vfs_statvfs_struct; +#define VFS_ADD_FSP_EXTENSION(handle, fsp, type) \ +vfs_add_fsp_extension_notype(handle, (fsp), sizeof(type)) +#define VFS_FETCH_FSP_EXTENSION(handle, fsp) \ +vfs_fetch_fsp_extension(handle, (fsp)) + +#define VFS_REMOVE_FSP_EXTENSION(handle, fsp) \ +vfs_remove_fsp_extension((handle), (fsp)) + #define SMB_VFS_HANDLE_GET_DATA(handle, datap, type, ret) { \ if (!(handle)||((datap=(type *)(handle)->data)==NULL)) { \ DEBUG(0,("%s() failed to get vfs_handle->data!\n",FUNCTION_MACRO)); \ Modified: trunk/source/smbd/vfs.c === --- trunk/source/smbd/vfs.c 2006-06-06 00:34:26 UTC (rev 16054) +++ trunk/source/smbd/vfs.c 2006-06-06 03:19:15 UTC (rev 16055) @@ -4,6 +4,7 @@ VFS initialisation and support functions Copyright (C) Tim Potter 1999 Copyright (C) Alexander Bokovoy 2002 + Copyright (C) James Peach 2006 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -188,6 +189,71 @@ } /* + Allow VFS modules to extend files_struct with VFS-specific state. + This will be ok for small numbers of extensions, but might need to + be refactored if it becomes more widely used. +**/ + +#define EXT_DATA_AREA(e) ((uint8 *)(e) + sizeof(struct vfs_fsp_data)) + +void *vfs_add_fsp_extension_notype(vfs_handle_struct *handle, files_struct *fsp, size_t ext_size) +{ + struct vfs_fsp_data *ext; + void * ext_data; + + /* Prevent VFS modules adding multiple extensions. */ + if ((ext_data = vfs_fetch_fsp_extension(handle, fsp))) { + return ext_data; + } + + ext = TALLOC_ZERO(handle->conn->mem_ctx, + sizeof(struct vfs_fsp_data) + ext_size); + if (ext == NULL) { + return NULL; + } + + ext->owner = handle; + ext->next = fsp->vfs_extension; + fsp->vfs_extension = ext; + return EXT_DATA_AREA(ext); +} + +void vfs_remove_fsp_extension(vfs_handle_struct *handle, files_struct *fsp) +{ + struct vfs_fsp_data *curr; + struct vfs_fsp_data *prev; + + for (curr = fsp->vfs_extension, prev = NULL; +curr; +prev = curr, curr = curr->next) { + if (curr->owner == handle) { + if (prev) { + prev->next = curr->next; + } else { + fsp->vfs_extension = curr->next; + } + TALLOC_FREE(curr); + return; + } + } +} + +void *vfs_fetch_fsp_extension(vfs_handle_struct *handle, files_struct *fsp) +{ + struct vfs_fsp_data *head; + + for (head = fsp->vfs_extension; head; head = head->next) { + if (head->owner == handle) { + return EXT_DATA_AREA(head); + } + } + + return NULL; +} + +#undef EXT_DATA_AREA + +/* Generic VFS init. **/
svn commit: samba r16054 - in branches/SAMBA_3_0/source/rpc_server: .
Author: jra Date: 2006-06-06 00:34:26 + (Tue, 06 Jun 2006) New Revision: 16054 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16054 Log: Janitor for Volker ? Volker - some reason you didn't fix this in 3.0 ? Jeremy. We had no way to return NT_STATUS_OK from the netlogon serverpwset, although we successfully set the machine password... One thing the samba3 join test found. Volker Modified: branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c2006-06-05 23:22:22 UTC (rev 16053) +++ branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c2006-06-06 00:34:26 UTC (rev 16054) @@ -510,7 +510,6 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_u) { - NTSTATUS status = NT_STATUS_ACCESS_DENIED; fstring remote_machine; struct samu *sampass=NULL; BOOL ret = False; @@ -632,7 +631,7 @@ } /* set up the LSA Server Password Set response */ - init_net_r_srv_pwset(r_u, &cred_out, status); + init_net_r_srv_pwset(r_u, &cred_out, r_u->status); TALLOC_FREE(sampass); return r_u->status;
Re: svn commit: samba r16046 - branches/SAMBA_3_0/source/lib trunk/source/lib
On Mon, 2006-06-05 at 13:00 +, [EMAIL PROTECTED] wrote: > Author: vlendec > Date: 2006-06-05 13:00:24 + (Mon, 05 Jun 2006) > New Revision: 16046 > > WebSVN: > http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16046 > > Log: > Hmmm. I don't fully understand popt, but this is necessary for smbclient to > show a prompt again :-) > > James, could you check that this is ok? I think this was part of your Revision > 15848. Ok, I think I see what happened. When I moved the setting of override_logfile into set_logfile(), I didn't notice that set_logfile is always called as a popt pre-op. This means that override_logfile was, if fact, always true. Now, in smbclient, if override_logfile was true, this makes it call setup_logging(), telling it to enter non-interactive mode. This closes the global XFILE * dbf and forces it to NULL. Just prior to this, however, we have forced dbf to x_stderr. It turns out that dbf is being used in the readline replacement. If you run smbclient on a system that used the readline replacement, the smbclient prompt actually goes to stderr, whereas other output goes to stdout!! So, without readline, we are now emitting prompts to stderr, which we have just closed, so no prompts for you! I think the fix here is ok, but it would be good to have a cleanup of this because it seems very fragile :) -- James Peach | [EMAIL PROTECTED]
Build status as of Tue Jun 6 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-06-05 00:00:32.0 + +++ /home/build/master/cache/broken_results.txt 2006-06-06 00:00:47.0 + @@ -1,18 +1,18 @@ -Build status as of Mon Jun 5 00:00:01 2006 +Build status as of Tue Jun 6 00:00:02 2006 Build counts: Tree Total Broken Panic SOC 0 0 0 -ccache 40 6 0 -distcc 39 5 0 -lorikeet-heimdal 35 28 0 -ppp 20 0 0 -rsync39 2 0 +ccache 41 5 0 +distcc 40 5 0 +lorikeet-heimdal 34 27 0 +ppp 19 0 0 +rsync40 2 0 samba5 1 0 samba-docs 0 0 0 -samba4 44 28 4 -samba_3_042 15 0 -smb-build31 0 0 -talloc 35 17 0 -tdb 35 4 0 +samba4 45 31 3 +samba_3_043 16 0 +smb-build32 0 0 +talloc 36 18 0 +tdb 37 4 0
svn commit: samba r16053 - in branches/SAMBA_4_0/source/lib/ldb/modules: .
Author: abartlet Date: 2006-06-05 23:22:22 + (Mon, 05 Jun 2006) New Revision: 16053 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16053 Log: Allow entries without an objectClass. We need this to permit the cn=rootDSE entry. (it was also crashing, as 'ac' wasn't initialised at this point) Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/modules/objectclass.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/modules/objectclass.c === --- branches/SAMBA_4_0/source/lib/ldb/modules/objectclass.c 2006-06-05 21:51:10 UTC (rev 16052) +++ branches/SAMBA_4_0/source/lib/ldb/modules/objectclass.c 2006-06-05 23:22:22 UTC (rev 16053) @@ -96,12 +96,10 @@ objectClassAttr = ldb_msg_find_element(req->op.add.message, "objectClass"); - /* If no part of this touches the objectClass, then we don't -* need to make any changes. */ - /* If the only operation is the deletion of the objectClass then go on */ + /* If no part of this add has an objectClass, then we don't +* need to make any changes. cn=rootdse doesn't have an objectClass */ if (!objectClassAttr) { - ldb_set_errstring(module->ldb, talloc_asprintf(ac, "Object class violation: no objectClass present")); - return LDB_ERR_OBJECT_CLASS_VIOLATION; + return ldb_next_request(module, req); } h = oc_init_handle(req, module);
svn commit: samba r16052 - in branches/SAMBA_4_0/source/lib/util: .
Author: abartlet Date: 2006-06-05 21:51:10 + (Mon, 05 Jun 2006) New Revision: 16052 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16052 Log: Add .m4 file for XATTR detection (from ntvfs/posix/config.m4) Andrew Bartlett Added: branches/SAMBA_4_0/source/lib/util/xattr.m4 Changeset: Added: branches/SAMBA_4_0/source/lib/util/xattr.m4 === --- branches/SAMBA_4_0/source/lib/util/xattr.m4 2006-06-05 21:48:29 UTC (rev 16051) +++ branches/SAMBA_4_0/source/lib/util/xattr.m4 2006-06-05 21:51:10 UTC (rev 16052) @@ -0,0 +1,32 @@ +dnl +dnl use flistxattr as the key function for having +dnl sufficient xattr support for posix xattr backend +AC_CHECK_HEADERS(sys/attributes.h attr/xattr.h sys/xattr.h) +AC_SEARCH_LIBS_EXT(flistxattr, [attr], XATTR_LIBS) +AC_CHECK_FUNC_EXT(flistxattr, $XATTR_LIBS) +SMB_EXT_LIB(XATTR,[${XATTR_LIBS}],[${XATTR_CFLAGS}],[${XATTR_CPPFLAGS}],[${XATTR_LDFLAGS}]) +if test x"$ac_cv_func_ext_flistxattr" = x"yes"; then + AC_CACHE_CHECK([whether xattr interface takes additional options], smb_attr_cv_xattr_add_opt, + [old_LIBS=$LIBS +LIBS="$LIBS $XATTRLIBS" +AC_TRY_COMPILE([ + #include + #if HAVE_ATTR_XATTR_H + #include + #elif HAVE_SYS_XATTR_H + #include + #endif + #ifndef NULL + #define NULL ((void *)0) + #endif + ],[ + getxattr(NULL, NULL, NULL, 0, 0, 0); + ],smb_attr_cv_xattr_add_opt=yes,smb_attr_cv_xattr_add_opt=no) + LIBS=$old_LIBS]) + if test x"$smb_attr_cv_xattr_add_opt" = x"yes"; then + AC_DEFINE(XATTR_ADDITIONAL_OPTIONS, 1, [xattr functions have additional options]) + fi + AC_DEFINE(HAVE_XATTR_SUPPORT,1,[Whether we have xattr support]) + SMB_ENABLE(XATTR,YES) +fi +
svn commit: samba r16051 - in branches/SAMBA_4_0/source: . lib/util ntvfs/posix utils
Author: abartlet Date: 2006-06-05 21:48:29 + (Mon, 05 Jun 2006) New Revision: 16051 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16051 Log: Move the XATTR compatability code into a new file, so I can use it for the getntacl utility. Andrew Bartlett Added: branches/SAMBA_4_0/source/lib/util/wrap_xattr.c branches/SAMBA_4_0/source/lib/util/wrap_xattr.h Modified: branches/SAMBA_4_0/source/configure.ac branches/SAMBA_4_0/source/lib/util/config.mk branches/SAMBA_4_0/source/ntvfs/posix/config.m4 branches/SAMBA_4_0/source/ntvfs/posix/config.mk branches/SAMBA_4_0/source/ntvfs/posix/xattr_system.c branches/SAMBA_4_0/source/utils/config.mk branches/SAMBA_4_0/source/utils/getntacl.c Changeset: Modified: branches/SAMBA_4_0/source/configure.ac === --- branches/SAMBA_4_0/source/configure.ac 2006-06-05 20:38:21 UTC (rev 16050) +++ branches/SAMBA_4_0/source/configure.ac 2006-06-05 21:48:29 UTC (rev 16051) @@ -22,6 +22,7 @@ sinclude(lib/util/signal.m4) sinclude(lib/util/util.m4) sinclude(lib/util/fsusage.m4) +sinclude(lib/util/xattr.m4) sinclude(lib/util/capability.m4) sinclude(lib/util/time.m4) sinclude(lib/popt/config.m4) Modified: branches/SAMBA_4_0/source/lib/util/config.mk === --- branches/SAMBA_4_0/source/lib/util/config.mk2006-06-05 20:38:21 UTC (rev 16050) +++ branches/SAMBA_4_0/source/lib/util/config.mk2006-06-05 21:48:29 UTC (rev 16051) @@ -39,3 +39,14 @@ [SUBSYSTEM::UNIX_PRIVS] PRIVATE_PROTO_HEADER = unix_privs.h OBJ_FILES = unix_privs.o + + +# Start SUBSYSTEM WRAP_XATTR +[SUBSYSTEM::WRAP_XATTR] +PUBLIC_PROTO_HEADER = wrap_xattr.h +OBJ_FILES = \ + wrap_xattr.o +PUBLIC_DEPENDENCIES = XATTR +# +# End SUBSYSTEM WRAP_XATTR + Added: branches/SAMBA_4_0/source/lib/util/wrap_xattr.c === --- branches/SAMBA_4_0/source/lib/util/wrap_xattr.c 2006-06-05 20:38:21 UTC (rev 16050) +++ branches/SAMBA_4_0/source/lib/util/wrap_xattr.c 2006-06-05 21:48:29 UTC (rev 16051) @@ -0,0 +1,121 @@ +/* + Unix SMB/CIFS implementation. + + POSIX NTVFS backend - xattr support using filesystem xattrs + + Copyright (C) Andrew Tridgell 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "system/filesys.h" +#include "wrap_xattr.h" + +#if defined(HAVE_XATTR_SUPPORT) && defined(XATTR_ADDITIONAL_OPTIONS) +static ssize_t _wrap_darwin_fgetxattr(int fd, const char *name, void *value, size_t size) +{ + return fgetxattr(fd, name, value, size, 0, 0); +} +static ssize_t _wrap_darwin_getxattr(const char *path, const char *name, void *value, size_t size) +{ + return getxattr(path, name, value, size, 0, 0); +} +static int _wrap_darwin_fsetxattr(int fd, const char *name, void *value, size_t size, int flags) +{ + return fsetxattr(fd, name, value, size, 0, flags); +} +static int _wrap_darwin_setxattr(const char *path, const char *name, void *value, size_t size, int flags) +{ + return setxattr(path, name, value, size, 0, flags); +} +static int _wrap_darwin_fremovexattr(int fd, const char *name) +{ + return fremovexattr(fd, name, 0); +} +static int _wrap_darwin_removexattr(const char *path, const char *name) +{ + return removexattr(path, name, 0); +} +#define fgetxattr _wrap_darwin_fgetxattr +#define getxattr _wrap_darwin_getxattr +#define fsetxattr _wrap_darwin_fsetxattr +#define setxattr _wrap_darwin_setxattr +#define fremovexattr _wrap_darwin_fremovexattr +#define removexattr_wrap_darwin_removexattr +#elif !defined(HAVE_XATTR_SUPPORT) +static ssize_t _none_fgetxattr(int fd, const char *name, void *value, size_t size) +{ + errno = ENOSYS; + return -1; +} +static ssize_t _none_getxattr(const char *path, const char *name, void *value, size_t size) +{ + errno = ENOSYS; + return -1; +} +static int _none_fsetxattr(int fd, const char *name, void *value, size_t size, int flags) +{ + errno = ENOSYS; + return -1; +} +static int _none_setxattr(const char *p
svn commit: samba r16050 - in trunk/source/rpc_server: .
Author: vlendec Date: 2006-06-05 20:38:21 + (Mon, 05 Jun 2006) New Revision: 16050 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16050 Log: Set the session key "SystemLibraryDTC" on ntlmssp binds. We only do INTEGRITY and PRIVACY, so no other cases to take care of so far... Andrew B., if you have time, could you take a look? This makes us survive the RPC-SAMBA3SESSIONKEY test. Volker Modified: trunk/source/rpc_server/srv_pipe.c Changeset: Modified: trunk/source/rpc_server/srv_pipe.c === --- trunk/source/rpc_server/srv_pipe.c 2006-06-05 20:19:22 UTC (rev 16049) +++ trunk/source/rpc_server/srv_pipe.c 2006-06-05 20:38:21 UTC (rev 16050) @@ -46,6 +46,11 @@ auth->a_u.auth_ntlmssp_state = NULL; } +static DATA_BLOB generic_session_key(void) +{ + return data_blob("SystemLibraryDTC", 16); +} + /*** Generate the next PDU to be returned from the data in p->rdata. Handle NTLMSSP. @@ -657,11 +662,13 @@ p->pipe_user.ut.gid = a->server_info->gid; /* -* Copy the session key from the ntlmssp state. +* We're an authenticated bind over smbd, so the session key needs to +* be set to "SystemLibraryDTC". Weird, but this is what Windows +* does. See the RPC-SAMBA3SESSIONKEY. */ data_blob_free(&p->session_key); - p->session_key = data_blob(a->ntlmssp_state->session_key.data, a->ntlmssp_state->session_key.length); + p->session_key = generic_session_key(); if (!p->session_key.data) { return False; } @@ -1340,8 +1347,21 @@ * JRA. Should we also copy the schannel session key into the pipe session key p->session_key * here ? We do that for NTLMSSP, but the session key is already set up from the vuser * struct of the person who opened the pipe. I need to test this further. JRA. +* +* VL. As we are mapping this to guest set the generic key +* "SystemLibraryDTC" key here. It's a bit difficult to test against +* W2k3, as it does not allow schannel binds against SAMR and LSA +* anymore. */ + data_blob_free(&p->session_key); + p->session_key = generic_session_key(); + if (p->session_key.data == NULL) { + DEBUG(0, ("pipe_schannel_auth_bind: Could not alloc session" + " key\n")); + return False; + } + init_rpc_hdr_auth(&auth_info, RPC_SCHANNEL_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1); if(!smb_io_rpc_hdr_auth("", &auth_info, pout_auth, 0)) { DEBUG(0,("pipe_schannel_auth_bind: marshalling of RPC_HDR_AUTH failed.\n")); @@ -1625,6 +1645,8 @@ /* We must set the pipe auth_level here also. */ p->auth.auth_level = PIPE_AUTH_LEVEL_NONE; p->pipe_bound = True; + /* The session key was initialized from the SMB +* session in make_internal_rpc_pipe_p */ break; default:
svn commit: samba r16049 - in trunk/source: . passdb
Author: vlendec Date: 2006-06-05 20:19:22 + (Mon, 05 Jun 2006) New Revision: 16049 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16049 Log: Get real NTSTATUS out of smbpasswd_add_sam_account Modified: trunk/source/Makefile.in trunk/source/passdb/pdb_smbpasswd.c Changeset: Modified: trunk/source/Makefile.in === --- trunk/source/Makefile.in2006-06-05 20:09:24 UTC (rev 16048) +++ trunk/source/Makefile.in2006-06-05 20:19:22 UTC (rev 16049) @@ -509,7 +509,7 @@ PDBEDIT_OBJ = utils/pdbedit.o utils/passwd_util.o $(PARAM_OBJ) $(PASSDB_OBJ) \ $(LIBSAMBA_OBJ) $(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) \ $(SECRETS_OBJ) $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) libsmb/asn1.o \ - $(RPC_PARSE_OBJ1) $(DOSERR_OBJ) + $(RPC_PARSE_OBJ1) $(DOSERR_OBJ) libsmb/errormap.o SMBGET_OBJ = utils/smbget.o $(POPT_LIB_OBJ) $(LIBSMBCLIENT_OBJ) @@ -781,7 +781,8 @@ libsmb/asn1.o libsmb/spnego.o libsmb/clikrb5.o libads/kerberos.o \ libads/kerberos_verify.o $(SECRETS_OBJ) $(SERVER_MUTEX_OBJ) \ libads/authdata.o $(RPC_PARSE_OBJ1) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ - $(SMBLDAP_OBJ) $(DOSERR_OBJ) rpc_parse/parse_net.o $(LIBNMB_OBJ) + $(SMBLDAP_OBJ) $(DOSERR_OBJ) rpc_parse/parse_net.o $(LIBNMB_OBJ) \ + libsmb/errormap.o ## # now the rules... Modified: trunk/source/passdb/pdb_smbpasswd.c === --- trunk/source/passdb/pdb_smbpasswd.c 2006-06-05 20:09:24 UTC (rev 16048) +++ trunk/source/passdb/pdb_smbpasswd.c 2006-06-05 20:19:22 UTC (rev 16049) @@ -584,7 +584,8 @@ Routine to add an entry to the smbpasswd file. */ -static BOOL add_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, struct smb_passwd *newpwd) +static NTSTATUS add_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, +struct smb_passwd *newpwd) { const char *pfile = smbpasswd_state->smbpasswd_file; struct smb_passwd *pwd = NULL; @@ -605,7 +606,7 @@ if (fp == NULL) { DEBUG(0, ("add_smbfilepwd_entry: unable to open file.\n")); - return False; + return map_nt_error_from_unix(errno); } /* @@ -616,7 +617,7 @@ if (strequal(newpwd->smb_name, pwd->smb_name)) { DEBUG(0, ("add_smbfilepwd_entry: entry with name %s already exists\n", pwd->smb_name)); endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth); - return False; + return NT_STATUS_USER_EXISTS; } } @@ -630,17 +631,18 @@ fd = fileno(fp); if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1) { + NTSTATUS result = map_nt_error_from_unix(errno); DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \ Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth); - return False; + return result; } if((new_entry = format_new_smbpasswd_entry(newpwd)) == NULL) { DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \ Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth); - return False; + return NT_STATUS_NO_MEMORY; } new_entry_length = strlen(new_entry); @@ -651,6 +653,7 @@ #endif if ((wr_len = write(fd, new_entry, new_entry_length)) != new_entry_length) { + NTSTATUS result = map_nt_error_from_unix(errno); DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \ Error was %s\n", wr_len, newpwd->smb_name, pfile, strerror(errno))); @@ -663,12 +666,12 @@ endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth); free(new_entry); - return False; + return result; } free(new_entry); endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth); - return True; + return NT_STATUS_OK; } / @@ -1423,11 +1426,7 @@ } /* add the entry */ - if(!add_smbfilepwd_entry(smbpasswd_state, &smb_pw)) { - return NT_STATUS_UNSUCCESSFUL; - } - - return NT_STATUS_OK; + return add_smbfilepwd_entry(smbpasswd_state, &smb_pw); } static NTSTATUS smbpasswd_update_s
svn commit: samba r16048 - in trunk/source/rpc_server: .
Author: vlendec Date: 2006-06-05 20:09:24 + (Mon, 05 Jun 2006) New Revision: 16048 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16048 Log: We had no way to return NT_STATUS_OK from the netlogon serverpwset, although we successfully set the machine password... One thing the samba3 join test found. Volker Modified: trunk/source/rpc_server/srv_netlog_nt.c Changeset: Modified: trunk/source/rpc_server/srv_netlog_nt.c === --- trunk/source/rpc_server/srv_netlog_nt.c 2006-06-05 16:59:10 UTC (rev 16047) +++ trunk/source/rpc_server/srv_netlog_nt.c 2006-06-05 20:09:24 UTC (rev 16048) @@ -510,7 +510,6 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_u) { - NTSTATUS status = NT_STATUS_ACCESS_DENIED; fstring remote_machine; struct samu *sampass=NULL; BOOL ret = False; @@ -632,7 +631,7 @@ } /* set up the LSA Server Password Set response */ - init_net_r_srv_pwset(r_u, &cred_out, status); + init_net_r_srv_pwset(r_u, &cred_out, r_u->status); TALLOC_FREE(sampass); return r_u->status;
svn commit: samba r16047 - branches/SAMBA_3_0/source/lib trunk/source/lib
Author: jmcd Date: 2006-06-05 16:59:10 + (Mon, 05 Jun 2006) New Revision: 16047 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16047 Log: Remove unnecessary line, as this value is set in either branch of the 'if' below. Spotted by Aleksey Fedoseev. Modified: branches/SAMBA_3_0/source/lib/time.c trunk/source/lib/time.c Changeset: Modified: branches/SAMBA_3_0/source/lib/time.c === --- branches/SAMBA_3_0/source/lib/time.c2006-06-05 13:00:24 UTC (rev 16046) +++ branches/SAMBA_3_0/source/lib/time.c2006-06-05 16:59:10 UTC (rev 16047) @@ -153,7 +153,6 @@ GetTimeOfDay(&time_now_hires); ret_time->tv_sec = time_now_hires.tv_sec - start_time_hires.tv_sec; - ret_time->tv_usec = time_now_hires.tv_usec - start_time_hires.tv_usec; if (time_now_hires.tv_usec < start_time_hires.tv_usec) { ret_time->tv_sec -= 1; ret_time->tv_usec = 100 + (time_now_hires.tv_usec - start_time_hires.tv_usec); Modified: trunk/source/lib/time.c === --- trunk/source/lib/time.c 2006-06-05 13:00:24 UTC (rev 16046) +++ trunk/source/lib/time.c 2006-06-05 16:59:10 UTC (rev 16047) @@ -153,7 +153,6 @@ GetTimeOfDay(&time_now_hires); ret_time->tv_sec = time_now_hires.tv_sec - start_time_hires.tv_sec; - ret_time->tv_usec = time_now_hires.tv_usec - start_time_hires.tv_usec; if (time_now_hires.tv_usec < start_time_hires.tv_usec) { ret_time->tv_sec -= 1; ret_time->tv_usec = 100 + (time_now_hires.tv_usec - start_time_hires.tv_usec);
svn commit: samba r16046 - branches/SAMBA_3_0/source/lib trunk/source/lib
Author: vlendec Date: 2006-06-05 13:00:24 + (Mon, 05 Jun 2006) New Revision: 16046 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16046 Log: Hmmm. I don't fully understand popt, but this is necessary for smbclient to show a prompt again :-) James, could you check that this is ok? I think this was part of your Revision 15848. Thanks, Volker Modified: branches/SAMBA_3_0/source/lib/popt_common.c trunk/source/lib/popt_common.c Changeset: Modified: branches/SAMBA_3_0/source/lib/popt_common.c === --- branches/SAMBA_3_0/source/lib/popt_common.c 2006-06-05 12:00:28 UTC (rev 16045) +++ branches/SAMBA_3_0/source/lib/popt_common.c 2006-06-05 13:00:24 UTC (rev 16046) @@ -56,7 +56,6 @@ pstr_sprintf(logfile, "%s/log.%s", arg, pname); lp_set_logfile(logfile); - override_logfile = True; } static void popt_common_callback(poptContext con, @@ -104,6 +103,7 @@ case 'l': if (arg) { set_logfile(con, arg); + override_logfile = True; pstr_sprintf(dyn_LOGFILEBASE, "%s", arg); } break; Modified: trunk/source/lib/popt_common.c === --- trunk/source/lib/popt_common.c 2006-06-05 12:00:28 UTC (rev 16045) +++ trunk/source/lib/popt_common.c 2006-06-05 13:00:24 UTC (rev 16046) @@ -56,7 +56,6 @@ pstr_sprintf(logfile, "%s/log.%s", arg, pname); lp_set_logfile(logfile); - override_logfile = True; } static void popt_common_callback(poptContext con, @@ -104,6 +103,7 @@ case 'l': if (arg) { set_logfile(con, arg); + override_logfile = True; pstr_sprintf(dyn_LOGFILEBASE, "%s", arg); } break;
svn commit: samba r16045 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: vlendec Date: 2006-06-05 12:00:28 + (Mon, 05 Jun 2006) New Revision: 16045 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16045 Log: RPC-SAMBA3SESSIONKEY tests the different variants of joins (anon/auth smb, anon/auth bind). Jeremy, this is the little test I promised to you that shows the places where we need the SystemLibraryDTC key. Volker Modified: branches/SAMBA_4_0/source/torture/rpc/rpc.c branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/rpc.c === --- branches/SAMBA_4_0/source/torture/rpc/rpc.c 2006-06-05 10:00:41 UTC (rev 16044) +++ branches/SAMBA_4_0/source/torture/rpc/rpc.c 2006-06-05 12:00:28 UTC (rev 16045) @@ -125,6 +125,7 @@ register_torture_op("RPC-AUTHCONTEXT", torture_bind_authcontext, 0); register_torture_op("RPC-BINDSAMBA3", torture_bind_samba3, 0); register_torture_op("RPC-NETLOGSAMBA3", torture_netlogon_samba3, 0); + register_torture_op("RPC-SAMBA3SESSIONKEY", torture_samba3_sessionkey, 0); register_torture_op("RPC-DRSUAPI", torture_rpc_drsuapi, 0); register_torture_op("RPC-CRACKNAMES", torture_rpc_drsuapi_cracknames, 0); register_torture_op("RPC-ROT", torture_rpc_rot, 0); Modified: branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c === --- branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c 2006-06-05 10:00:41 UTC (rev 16044) +++ branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c 2006-06-05 12:00:28 UTC (rev 16045) @@ -307,6 +307,8 @@ static NTSTATUS get_usr_handle(struct smbcli_state *cli, TALLOC_CTX *mem_ctx, struct cli_credentials *admin_creds, + uint8_t auth_type, + uint8_t auth_level, const char *wks_name, char **domain, struct dcerpc_pipe **result_pipe, @@ -343,12 +345,23 @@ goto fail; } - status = dcerpc_bind_auth(samr_pipe, &dcerpc_table_samr, - admin_creds, DCERPC_AUTH_TYPE_NTLMSSP, - DCERPC_AUTH_LEVEL_INTEGRITY, NULL); - if (!NT_STATUS_IS_OK(status)) { - d_printf("dcerpc_bind_auth failed: %s\n", nt_errstr(status)); - goto fail; + if (admin_creds != NULL) { + status = dcerpc_bind_auth(samr_pipe, &dcerpc_table_samr, + admin_creds, auth_type, auth_level, + NULL); + if (!NT_STATUS_IS_OK(status)) { + d_printf("dcerpc_bind_auth failed: %s\n", +nt_errstr(status)); + goto fail; + } + } else { + /* We must have an authenticated SMB connection */ + status = dcerpc_bind_auth_none(samr_pipe, &dcerpc_table_samr); + if (!NT_STATUS_IS_OK(status)) { + d_printf("dcerpc_bind_auth_none failed: %s\n", +nt_errstr(status)); + goto fail; + } } conn.in.system_name = talloc_asprintf( @@ -479,6 +492,8 @@ } status = get_usr_handle(cli, mem_ctx, admin_creds, + DCERPC_AUTH_TYPE_NTLMSSP, + DCERPC_AUTH_LEVEL_PRIVACY, cli_credentials_get_workstation(wks_creds), &dom_name, &samr_pipe, &wks_handle); @@ -577,8 +592,6 @@ goto done; } - d_printf("Got the netlogon pipe\n"); - status = dcerpc_bind_auth_none(net_pipe, &dcerpc_table_netlogon); if (!NT_STATUS_IS_OK(status)) { d_printf("dcerpc_bind_auth_none failed: %s\n", @@ -858,12 +871,14 @@ struct policy_handle *wks_handle; BOOL ret = False; - if ((mem_ctx = talloc_init("join3")) == NULL) { + if ((mem_ctx = talloc_init("leave")) == NULL) { d_printf("talloc_init failed\n"); return False; } status = get_usr_handle(cli, mem_ctx, admin_creds, + DCERPC_AUTH_TYPE_NTLMSSP, + DCERPC_AUTH_LEVEL_INTEGRITY, cli_credentials_get_workstation(wks_creds), &dom_name, &samr_pipe, &wks_handle); @@ -947,7 +962,7 @@ cli_credentials_set_secure_channel_type(wks_creds, SEC_CHAN_WKSTA); cli_credentials_set_username(wks_creds, wks_name, CRED_SPECIFIED); cli_credentials_set_workstation(wks_creds, wks_name, CRED_SPECIFIED); - cli_credentials_set_password(wks_creds, "bl
svn commit: samba r16044 - in branches/SAMBA_4_0/source/torture: . rpc
Author: vlendec Date: 2006-06-05 10:00:41 + (Mon, 05 Jun 2006) New Revision: 16044 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16044 Log: Create a samba3 specific file in torture/rpc. The tests in there survive against W2k3, but they are designed to walk existing Samba3 code paths. It might be possible that I add something like that to other subdirs like raw/. RPC-BINDSAMBA3 excercises the bind variants that samba3 supports right now. RPC-NETLOGSAMBA3 does a samba3 style join, does some schannel-protected netlogon operations and leaves again. Samba3 right now does not survive this, I'm about to fix it soon. I'll also post a *VERY* dirty hack (fake users in sys_getpwnam()) to be able to run this in the build farm. Volker Added: branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c Modified: branches/SAMBA_4_0/source/torture/config.mk branches/SAMBA_4_0/source/torture/rpc/bind.c branches/SAMBA_4_0/source/torture/rpc/rpc.c Changeset: Sorry, the patch is too large (1160 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16044