svn commit: lorikeet r555 - in trunk/heimdal/lib/hdb: .
Author: abartlet Date: 2006-06-06 04:52:31 + (Tue, 06 Jun 2006) New Revision: 555 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=555 Log: Merge fix for missing hdb flags from Samba4. Andrew Bartlett Modified: trunk/heimdal/lib/hdb/keytab.c Changeset: Modified: trunk/heimdal/lib/hdb/keytab.c === --- trunk/heimdal/lib/hdb/keytab.c 2006-06-02 15:15:03 UTC (rev 554) +++ trunk/heimdal/lib/hdb/keytab.c 2006-06-06 04:52:31 UTC (rev 555) @@ -218,7 +218,7 @@ (*db->hdb_destroy)(context, db); return ret; } -ret = (*db->hdb_fetch)(context, db, principal, HDB_F_DECRYPT, &ent); +ret = (*db->hdb_fetch)(context, db, principal, HDB_F_DECRYPT|HDB_F_GET_CLIENT|HDB_F_GET_SERVER, &ent); /* Shutdown the hdb on error */
svn commit: samba r16056 - in branches/SAMBA_4_0/source: auth/gensec heimdal/lib/hdb kdc
Author: abartlet
Date: 2006-06-06 04:50:14 + (Tue, 06 Jun 2006)
New Revision: 16056
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16056
Log:
Fix errors found by trying to use our kpasswd server and the Apple client.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c
branches/SAMBA_4_0/source/heimdal/lib/hdb/keytab.c
branches/SAMBA_4_0/source/kdc/hdb-ldb.c
Changeset:
Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c
===
--- branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c 2006-06-06 03:19:15 UTC
(rev 16055)
+++ branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c 2006-06-06 04:50:14 UTC
(rev 16056)
@@ -151,7 +151,7 @@
}
}
- peer_addr = gensec_get_my_addr(gensec_security);
+ peer_addr = gensec_get_peer_addr(gensec_security);
if (peer_addr && peer_addr->sockaddr) {
ret =
krb5_sockaddr2address(gensec_krb5_state->smb_krb5_context->krb5_context,
peer_addr->sockaddr,
&peer_krb5_addr);
Modified: branches/SAMBA_4_0/source/heimdal/lib/hdb/keytab.c
===
--- branches/SAMBA_4_0/source/heimdal/lib/hdb/keytab.c 2006-06-06 03:19:15 UTC
(rev 16055)
+++ branches/SAMBA_4_0/source/heimdal/lib/hdb/keytab.c 2006-06-06 04:50:14 UTC
(rev 16056)
@@ -218,7 +218,7 @@
(*db->hdb_destroy)(context, db);
return ret;
}
-ret = (*db->hdb_fetch)(context, db, principal, HDB_F_DECRYPT, &ent);
+ret = (*db->hdb_fetch)(context, db, principal,
HDB_F_DECRYPT|HDB_F_GET_CLIENT|HDB_F_GET_SERVER, &ent);
/* Shutdown the hdb on error */
Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c
===
--- branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2006-06-06 03:19:15 UTC (rev
16055)
+++ branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2006-06-06 04:50:14 UTC (rev
16056)
@@ -611,13 +611,10 @@
&msg, &realm_ref_msg);
free(principal_string);
if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) {
- talloc_free(mem_ctx);
return HDB_ERR_NOENTRY;
} else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_MEMORY)) {
- talloc_free(mem_ctx);
return ENOMEM;
} else if (!NT_STATUS_IS_OK(nt_status)) {
- talloc_free(mem_ctx);
return EINVAL;
}
@@ -788,7 +785,7 @@
unsigned flags,
hdb_entry_ex *entry_ex)
{
- krb5_error_code ret;
+ krb5_error_code ret = HDB_ERR_NOENTRY;
TALLOC_CTX *mem_ctx = talloc_named(db, 0, "LDB_fetch context");
svn commit: samba r16055 - in trunk/source: include smbd
Author: jpeach
Date: 2006-06-06 03:19:15 + (Tue, 06 Jun 2006)
New Revision: 16055
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16055
Log:
Provide an API for modules to add their own private info to
files_struct.
This patch is a candidate for the SAMBA_3_0 branch post-3.0.23.
Modified:
trunk/source/include/smb.h
trunk/source/include/vfs.h
trunk/source/smbd/vfs.c
Changeset:
Modified: trunk/source/include/smb.h
===
--- trunk/source/include/smb.h 2006-06-06 00:34:26 UTC (rev 16054)
+++ trunk/source/include/smb.h 2006-06-06 03:19:15 UTC (rev 16055)
@@ -408,6 +408,14 @@
struct idle_event;
struct share_mode_entry;
+struct vfs_fsp_data {
+struct vfs_fsp_data *next;
+struct vfs_handle_struct *owner;
+/* NOTE: This structure contains two pointers so that we can guarantee
+ * that the end of the structure is always both 4-byte and 8-byte aligned.
+ */
+};
+
typedef struct files_struct {
struct files_struct *next, *prev;
int fnum;
@@ -446,6 +454,8 @@
BOOL aio_write_behind;
BOOL lockdb_clean;
char *fsp_name;
+
+ struct vfs_fsp_data *vfs_extension;
FAKE_FILE_HANDLE *fake_file_handle;
} files_struct;
Modified: trunk/source/include/vfs.h
===
--- trunk/source/include/vfs.h 2006-06-06 00:34:26 UTC (rev 16054)
+++ trunk/source/include/vfs.h 2006-06-06 03:19:15 UTC (rev 16055)
@@ -531,7 +531,15 @@
/* NB flags can come from FILE_SYSTEM_DEVICE_INFO call */
} vfs_statvfs_struct;
+#define VFS_ADD_FSP_EXTENSION(handle, fsp, type) \
+vfs_add_fsp_extension_notype(handle, (fsp), sizeof(type))
+#define VFS_FETCH_FSP_EXTENSION(handle, fsp) \
+vfs_fetch_fsp_extension(handle, (fsp))
+
+#define VFS_REMOVE_FSP_EXTENSION(handle, fsp) \
+vfs_remove_fsp_extension((handle), (fsp))
+
#define SMB_VFS_HANDLE_GET_DATA(handle, datap, type, ret) { \
if (!(handle)||((datap=(type *)(handle)->data)==NULL)) { \
DEBUG(0,("%s() failed to get
vfs_handle->data!\n",FUNCTION_MACRO)); \
Modified: trunk/source/smbd/vfs.c
===
--- trunk/source/smbd/vfs.c 2006-06-06 00:34:26 UTC (rev 16054)
+++ trunk/source/smbd/vfs.c 2006-06-06 03:19:15 UTC (rev 16055)
@@ -4,6 +4,7 @@
VFS initialisation and support functions
Copyright (C) Tim Potter 1999
Copyright (C) Alexander Bokovoy 2002
+ Copyright (C) James Peach 2006
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -188,6 +189,71 @@
}
/*
+ Allow VFS modules to extend files_struct with VFS-specific state.
+ This will be ok for small numbers of extensions, but might need to
+ be refactored if it becomes more widely used.
+**/
+
+#define EXT_DATA_AREA(e) ((uint8 *)(e) + sizeof(struct vfs_fsp_data))
+
+void *vfs_add_fsp_extension_notype(vfs_handle_struct *handle, files_struct
*fsp, size_t ext_size)
+{
+ struct vfs_fsp_data *ext;
+ void * ext_data;
+
+ /* Prevent VFS modules adding multiple extensions. */
+ if ((ext_data = vfs_fetch_fsp_extension(handle, fsp))) {
+ return ext_data;
+ }
+
+ ext = TALLOC_ZERO(handle->conn->mem_ctx,
+ sizeof(struct vfs_fsp_data) + ext_size);
+ if (ext == NULL) {
+ return NULL;
+ }
+
+ ext->owner = handle;
+ ext->next = fsp->vfs_extension;
+ fsp->vfs_extension = ext;
+ return EXT_DATA_AREA(ext);
+}
+
+void vfs_remove_fsp_extension(vfs_handle_struct *handle, files_struct *fsp)
+{
+ struct vfs_fsp_data *curr;
+ struct vfs_fsp_data *prev;
+
+ for (curr = fsp->vfs_extension, prev = NULL;
+curr;
+prev = curr, curr = curr->next) {
+ if (curr->owner == handle) {
+ if (prev) {
+ prev->next = curr->next;
+ } else {
+ fsp->vfs_extension = curr->next;
+ }
+ TALLOC_FREE(curr);
+ return;
+ }
+ }
+}
+
+void *vfs_fetch_fsp_extension(vfs_handle_struct *handle, files_struct *fsp)
+{
+ struct vfs_fsp_data *head;
+
+ for (head = fsp->vfs_extension; head; head = head->next) {
+ if (head->owner == handle) {
+ return EXT_DATA_AREA(head);
+ }
+ }
+
+ return NULL;
+}
+
+#undef EXT_DATA_AREA
+
+/*
Generic VFS init.
**/
svn commit: samba r16054 - in branches/SAMBA_3_0/source/rpc_server: .
Author: jra
Date: 2006-06-06 00:34:26 + (Tue, 06 Jun 2006)
New Revision: 16054
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16054
Log:
Janitor for Volker ? Volker - some reason you didn't
fix this in 3.0 ?
Jeremy.
We had no way to return NT_STATUS_OK from the netlogon serverpwset,
although
we successfully set the machine password...
One thing the samba3 join test found.
Volker
Modified:
branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c
Changeset:
Modified: branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c
===
--- branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c2006-06-05
23:22:22 UTC (rev 16053)
+++ branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c2006-06-06
00:34:26 UTC (rev 16054)
@@ -510,7 +510,6 @@
NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET
*r_u)
{
- NTSTATUS status = NT_STATUS_ACCESS_DENIED;
fstring remote_machine;
struct samu *sampass=NULL;
BOOL ret = False;
@@ -632,7 +631,7 @@
}
/* set up the LSA Server Password Set response */
- init_net_r_srv_pwset(r_u, &cred_out, status);
+ init_net_r_srv_pwset(r_u, &cred_out, r_u->status);
TALLOC_FREE(sampass);
return r_u->status;
Re: svn commit: samba r16046 - branches/SAMBA_3_0/source/lib trunk/source/lib
On Mon, 2006-06-05 at 13:00 +, [EMAIL PROTECTED] wrote: > Author: vlendec > Date: 2006-06-05 13:00:24 + (Mon, 05 Jun 2006) > New Revision: 16046 > > WebSVN: > http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16046 > > Log: > Hmmm. I don't fully understand popt, but this is necessary for smbclient to > show a prompt again :-) > > James, could you check that this is ok? I think this was part of your Revision > 15848. Ok, I think I see what happened. When I moved the setting of override_logfile into set_logfile(), I didn't notice that set_logfile is always called as a popt pre-op. This means that override_logfile was, if fact, always true. Now, in smbclient, if override_logfile was true, this makes it call setup_logging(), telling it to enter non-interactive mode. This closes the global XFILE * dbf and forces it to NULL. Just prior to this, however, we have forced dbf to x_stderr. It turns out that dbf is being used in the readline replacement. If you run smbclient on a system that used the readline replacement, the smbclient prompt actually goes to stderr, whereas other output goes to stdout!! So, without readline, we are now emitting prompts to stderr, which we have just closed, so no prompts for you! I think the fix here is ok, but it would be good to have a cleanup of this because it seems very fragile :) -- James Peach | [EMAIL PROTECTED]
Build status as of Tue Jun 6 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-06-05 00:00:32.0 + +++ /home/build/master/cache/broken_results.txt 2006-06-06 00:00:47.0 + @@ -1,18 +1,18 @@ -Build status as of Mon Jun 5 00:00:01 2006 +Build status as of Tue Jun 6 00:00:02 2006 Build counts: Tree Total Broken Panic SOC 0 0 0 -ccache 40 6 0 -distcc 39 5 0 -lorikeet-heimdal 35 28 0 -ppp 20 0 0 -rsync39 2 0 +ccache 41 5 0 +distcc 40 5 0 +lorikeet-heimdal 34 27 0 +ppp 19 0 0 +rsync40 2 0 samba5 1 0 samba-docs 0 0 0 -samba4 44 28 4 -samba_3_042 15 0 -smb-build31 0 0 -talloc 35 17 0 -tdb 35 4 0 +samba4 45 31 3 +samba_3_043 16 0 +smb-build32 0 0 +talloc 36 18 0 +tdb 37 4 0
svn commit: samba r16053 - in branches/SAMBA_4_0/source/lib/ldb/modules: .
Author: abartlet
Date: 2006-06-05 23:22:22 + (Mon, 05 Jun 2006)
New Revision: 16053
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16053
Log:
Allow entries without an objectClass. We need this to permit the
cn=rootDSE entry.
(it was also crashing, as 'ac' wasn't initialised at this point)
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/lib/ldb/modules/objectclass.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/ldb/modules/objectclass.c
===
--- branches/SAMBA_4_0/source/lib/ldb/modules/objectclass.c 2006-06-05
21:51:10 UTC (rev 16052)
+++ branches/SAMBA_4_0/source/lib/ldb/modules/objectclass.c 2006-06-05
23:22:22 UTC (rev 16053)
@@ -96,12 +96,10 @@
objectClassAttr = ldb_msg_find_element(req->op.add.message,
"objectClass");
- /* If no part of this touches the objectClass, then we don't
-* need to make any changes. */
- /* If the only operation is the deletion of the objectClass then go on
*/
+ /* If no part of this add has an objectClass, then we don't
+* need to make any changes. cn=rootdse doesn't have an objectClass */
if (!objectClassAttr) {
- ldb_set_errstring(module->ldb, talloc_asprintf(ac, "Object
class violation: no objectClass present"));
- return LDB_ERR_OBJECT_CLASS_VIOLATION;
+ return ldb_next_request(module, req);
}
h = oc_init_handle(req, module);
svn commit: samba r16052 - in branches/SAMBA_4_0/source/lib/util: .
Author: abartlet
Date: 2006-06-05 21:51:10 + (Mon, 05 Jun 2006)
New Revision: 16052
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16052
Log:
Add .m4 file for XATTR detection (from ntvfs/posix/config.m4)
Andrew Bartlett
Added:
branches/SAMBA_4_0/source/lib/util/xattr.m4
Changeset:
Added: branches/SAMBA_4_0/source/lib/util/xattr.m4
===
--- branches/SAMBA_4_0/source/lib/util/xattr.m4 2006-06-05 21:48:29 UTC (rev
16051)
+++ branches/SAMBA_4_0/source/lib/util/xattr.m4 2006-06-05 21:51:10 UTC (rev
16052)
@@ -0,0 +1,32 @@
+dnl
+dnl use flistxattr as the key function for having
+dnl sufficient xattr support for posix xattr backend
+AC_CHECK_HEADERS(sys/attributes.h attr/xattr.h sys/xattr.h)
+AC_SEARCH_LIBS_EXT(flistxattr, [attr], XATTR_LIBS)
+AC_CHECK_FUNC_EXT(flistxattr, $XATTR_LIBS)
+SMB_EXT_LIB(XATTR,[${XATTR_LIBS}],[${XATTR_CFLAGS}],[${XATTR_CPPFLAGS}],[${XATTR_LDFLAGS}])
+if test x"$ac_cv_func_ext_flistxattr" = x"yes"; then
+ AC_CACHE_CHECK([whether xattr interface takes additional options],
smb_attr_cv_xattr_add_opt,
+ [old_LIBS=$LIBS
+LIBS="$LIBS $XATTRLIBS"
+AC_TRY_COMPILE([
+ #include
+ #if HAVE_ATTR_XATTR_H
+ #include
+ #elif HAVE_SYS_XATTR_H
+ #include
+ #endif
+ #ifndef NULL
+ #define NULL ((void *)0)
+ #endif
+ ],[
+ getxattr(NULL, NULL, NULL, 0, 0, 0);
+ ],smb_attr_cv_xattr_add_opt=yes,smb_attr_cv_xattr_add_opt=no)
+ LIBS=$old_LIBS])
+ if test x"$smb_attr_cv_xattr_add_opt" = x"yes"; then
+ AC_DEFINE(XATTR_ADDITIONAL_OPTIONS, 1, [xattr functions have
additional options])
+ fi
+ AC_DEFINE(HAVE_XATTR_SUPPORT,1,[Whether we have xattr support])
+ SMB_ENABLE(XATTR,YES)
+fi
+
svn commit: samba r16051 - in branches/SAMBA_4_0/source: . lib/util ntvfs/posix utils
Author: abartlet
Date: 2006-06-05 21:48:29 + (Mon, 05 Jun 2006)
New Revision: 16051
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16051
Log:
Move the XATTR compatability code into a new file, so I can use it for
the getntacl utility.
Andrew Bartlett
Added:
branches/SAMBA_4_0/source/lib/util/wrap_xattr.c
branches/SAMBA_4_0/source/lib/util/wrap_xattr.h
Modified:
branches/SAMBA_4_0/source/configure.ac
branches/SAMBA_4_0/source/lib/util/config.mk
branches/SAMBA_4_0/source/ntvfs/posix/config.m4
branches/SAMBA_4_0/source/ntvfs/posix/config.mk
branches/SAMBA_4_0/source/ntvfs/posix/xattr_system.c
branches/SAMBA_4_0/source/utils/config.mk
branches/SAMBA_4_0/source/utils/getntacl.c
Changeset:
Modified: branches/SAMBA_4_0/source/configure.ac
===
--- branches/SAMBA_4_0/source/configure.ac 2006-06-05 20:38:21 UTC (rev
16050)
+++ branches/SAMBA_4_0/source/configure.ac 2006-06-05 21:48:29 UTC (rev
16051)
@@ -22,6 +22,7 @@
sinclude(lib/util/signal.m4)
sinclude(lib/util/util.m4)
sinclude(lib/util/fsusage.m4)
+sinclude(lib/util/xattr.m4)
sinclude(lib/util/capability.m4)
sinclude(lib/util/time.m4)
sinclude(lib/popt/config.m4)
Modified: branches/SAMBA_4_0/source/lib/util/config.mk
===
--- branches/SAMBA_4_0/source/lib/util/config.mk2006-06-05 20:38:21 UTC
(rev 16050)
+++ branches/SAMBA_4_0/source/lib/util/config.mk2006-06-05 21:48:29 UTC
(rev 16051)
@@ -39,3 +39,14 @@
[SUBSYSTEM::UNIX_PRIVS]
PRIVATE_PROTO_HEADER = unix_privs.h
OBJ_FILES = unix_privs.o
+
+
+# Start SUBSYSTEM WRAP_XATTR
+[SUBSYSTEM::WRAP_XATTR]
+PUBLIC_PROTO_HEADER = wrap_xattr.h
+OBJ_FILES = \
+ wrap_xattr.o
+PUBLIC_DEPENDENCIES = XATTR
+#
+# End SUBSYSTEM WRAP_XATTR
+
Added: branches/SAMBA_4_0/source/lib/util/wrap_xattr.c
===
--- branches/SAMBA_4_0/source/lib/util/wrap_xattr.c 2006-06-05 20:38:21 UTC
(rev 16050)
+++ branches/SAMBA_4_0/source/lib/util/wrap_xattr.c 2006-06-05 21:48:29 UTC
(rev 16051)
@@ -0,0 +1,121 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ POSIX NTVFS backend - xattr support using filesystem xattrs
+
+ Copyright (C) Andrew Tridgell 2004
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "wrap_xattr.h"
+
+#if defined(HAVE_XATTR_SUPPORT) && defined(XATTR_ADDITIONAL_OPTIONS)
+static ssize_t _wrap_darwin_fgetxattr(int fd, const char *name, void *value,
size_t size)
+{
+ return fgetxattr(fd, name, value, size, 0, 0);
+}
+static ssize_t _wrap_darwin_getxattr(const char *path, const char *name, void
*value, size_t size)
+{
+ return getxattr(path, name, value, size, 0, 0);
+}
+static int _wrap_darwin_fsetxattr(int fd, const char *name, void *value,
size_t size, int flags)
+{
+ return fsetxattr(fd, name, value, size, 0, flags);
+}
+static int _wrap_darwin_setxattr(const char *path, const char *name, void
*value, size_t size, int flags)
+{
+ return setxattr(path, name, value, size, 0, flags);
+}
+static int _wrap_darwin_fremovexattr(int fd, const char *name)
+{
+ return fremovexattr(fd, name, 0);
+}
+static int _wrap_darwin_removexattr(const char *path, const char *name)
+{
+ return removexattr(path, name, 0);
+}
+#define fgetxattr _wrap_darwin_fgetxattr
+#define getxattr _wrap_darwin_getxattr
+#define fsetxattr _wrap_darwin_fsetxattr
+#define setxattr _wrap_darwin_setxattr
+#define fremovexattr _wrap_darwin_fremovexattr
+#define removexattr_wrap_darwin_removexattr
+#elif !defined(HAVE_XATTR_SUPPORT)
+static ssize_t _none_fgetxattr(int fd, const char *name, void *value, size_t
size)
+{
+ errno = ENOSYS;
+ return -1;
+}
+static ssize_t _none_getxattr(const char *path, const char *name, void *value,
size_t size)
+{
+ errno = ENOSYS;
+ return -1;
+}
+static int _none_fsetxattr(int fd, const char *name, void *value, size_t size,
int flags)
+{
+ errno = ENOSYS;
+ return -1;
+}
+static int _none_setxattr(const char *p
svn commit: samba r16050 - in trunk/source/rpc_server: .
Author: vlendec
Date: 2006-06-05 20:38:21 + (Mon, 05 Jun 2006)
New Revision: 16050
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16050
Log:
Set the session key "SystemLibraryDTC" on ntlmssp binds. We only do INTEGRITY
and PRIVACY, so no other cases to take care of so far...
Andrew B., if you have time, could you take a look? This makes us survive the
RPC-SAMBA3SESSIONKEY test.
Volker
Modified:
trunk/source/rpc_server/srv_pipe.c
Changeset:
Modified: trunk/source/rpc_server/srv_pipe.c
===
--- trunk/source/rpc_server/srv_pipe.c 2006-06-05 20:19:22 UTC (rev 16049)
+++ trunk/source/rpc_server/srv_pipe.c 2006-06-05 20:38:21 UTC (rev 16050)
@@ -46,6 +46,11 @@
auth->a_u.auth_ntlmssp_state = NULL;
}
+static DATA_BLOB generic_session_key(void)
+{
+ return data_blob("SystemLibraryDTC", 16);
+}
+
/***
Generate the next PDU to be returned from the data in p->rdata.
Handle NTLMSSP.
@@ -657,11 +662,13 @@
p->pipe_user.ut.gid = a->server_info->gid;
/*
-* Copy the session key from the ntlmssp state.
+* We're an authenticated bind over smbd, so the session key needs to
+* be set to "SystemLibraryDTC". Weird, but this is what Windows
+* does. See the RPC-SAMBA3SESSIONKEY.
*/
data_blob_free(&p->session_key);
- p->session_key = data_blob(a->ntlmssp_state->session_key.data,
a->ntlmssp_state->session_key.length);
+ p->session_key = generic_session_key();
if (!p->session_key.data) {
return False;
}
@@ -1340,8 +1347,21 @@
* JRA. Should we also copy the schannel session key into the pipe
session key p->session_key
* here ? We do that for NTLMSSP, but the session key is already set up
from the vuser
* struct of the person who opened the pipe. I need to test this
further. JRA.
+*
+* VL. As we are mapping this to guest set the generic key
+* "SystemLibraryDTC" key here. It's a bit difficult to test against
+* W2k3, as it does not allow schannel binds against SAMR and LSA
+* anymore.
*/
+ data_blob_free(&p->session_key);
+ p->session_key = generic_session_key();
+ if (p->session_key.data == NULL) {
+ DEBUG(0, ("pipe_schannel_auth_bind: Could not alloc session"
+ " key\n"));
+ return False;
+ }
+
init_rpc_hdr_auth(&auth_info, RPC_SCHANNEL_AUTH_TYPE,
pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1);
if(!smb_io_rpc_hdr_auth("", &auth_info, pout_auth, 0)) {
DEBUG(0,("pipe_schannel_auth_bind: marshalling of RPC_HDR_AUTH
failed.\n"));
@@ -1625,6 +1645,8 @@
/* We must set the pipe auth_level here also. */
p->auth.auth_level = PIPE_AUTH_LEVEL_NONE;
p->pipe_bound = True;
+ /* The session key was initialized from the SMB
+* session in make_internal_rpc_pipe_p */
break;
default:
svn commit: samba r16049 - in trunk/source: . passdb
Author: vlendec
Date: 2006-06-05 20:19:22 + (Mon, 05 Jun 2006)
New Revision: 16049
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16049
Log:
Get real NTSTATUS out of smbpasswd_add_sam_account
Modified:
trunk/source/Makefile.in
trunk/source/passdb/pdb_smbpasswd.c
Changeset:
Modified: trunk/source/Makefile.in
===
--- trunk/source/Makefile.in2006-06-05 20:09:24 UTC (rev 16048)
+++ trunk/source/Makefile.in2006-06-05 20:19:22 UTC (rev 16049)
@@ -509,7 +509,7 @@
PDBEDIT_OBJ = utils/pdbedit.o utils/passwd_util.o $(PARAM_OBJ) $(PASSDB_OBJ) \
$(LIBSAMBA_OBJ) $(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) \
$(SECRETS_OBJ) $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) libsmb/asn1.o \
- $(RPC_PARSE_OBJ1) $(DOSERR_OBJ)
+ $(RPC_PARSE_OBJ1) $(DOSERR_OBJ) libsmb/errormap.o
SMBGET_OBJ = utils/smbget.o $(POPT_LIB_OBJ) $(LIBSMBCLIENT_OBJ)
@@ -781,7 +781,8 @@
libsmb/asn1.o libsmb/spnego.o libsmb/clikrb5.o
libads/kerberos.o \
libads/kerberos_verify.o $(SECRETS_OBJ) $(SERVER_MUTEX_OBJ) \
libads/authdata.o $(RPC_PARSE_OBJ1) $(PASSDB_OBJ)
$(GROUPDB_OBJ) \
- $(SMBLDAP_OBJ) $(DOSERR_OBJ) rpc_parse/parse_net.o $(LIBNMB_OBJ)
+ $(SMBLDAP_OBJ) $(DOSERR_OBJ) rpc_parse/parse_net.o
$(LIBNMB_OBJ) \
+ libsmb/errormap.o
##
# now the rules...
Modified: trunk/source/passdb/pdb_smbpasswd.c
===
--- trunk/source/passdb/pdb_smbpasswd.c 2006-06-05 20:09:24 UTC (rev 16048)
+++ trunk/source/passdb/pdb_smbpasswd.c 2006-06-05 20:19:22 UTC (rev 16049)
@@ -584,7 +584,8 @@
Routine to add an entry to the smbpasswd file.
*/
-static BOOL add_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state,
struct smb_passwd *newpwd)
+static NTSTATUS add_smbfilepwd_entry(struct smbpasswd_privates
*smbpasswd_state,
+struct smb_passwd *newpwd)
{
const char *pfile = smbpasswd_state->smbpasswd_file;
struct smb_passwd *pwd = NULL;
@@ -605,7 +606,7 @@
if (fp == NULL) {
DEBUG(0, ("add_smbfilepwd_entry: unable to open file.\n"));
- return False;
+ return map_nt_error_from_unix(errno);
}
/*
@@ -616,7 +617,7 @@
if (strequal(newpwd->smb_name, pwd->smb_name)) {
DEBUG(0, ("add_smbfilepwd_entry: entry with name %s
already exists\n", pwd->smb_name));
endsmbfilepwent(fp,
&smbpasswd_state->pw_file_lock_depth);
- return False;
+ return NT_STATUS_USER_EXISTS;
}
}
@@ -630,17 +631,18 @@
fd = fileno(fp);
if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1) {
+ NTSTATUS result = map_nt_error_from_unix(errno);
DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry
for user %s to file %s. \
Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
- return False;
+ return result;
}
if((new_entry = format_new_smbpasswd_entry(newpwd)) == NULL) {
DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry
for user %s to file %s. \
Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
- return False;
+ return NT_STATUS_NO_MEMORY;
}
new_entry_length = strlen(new_entry);
@@ -651,6 +653,7 @@
#endif
if ((wr_len = write(fd, new_entry, new_entry_length)) !=
new_entry_length) {
+ NTSTATUS result = map_nt_error_from_unix(errno);
DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry
for user %s to file %s. \
Error was %s\n", wr_len, newpwd->smb_name, pfile, strerror(errno)));
@@ -663,12 +666,12 @@
endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
free(new_entry);
- return False;
+ return result;
}
free(new_entry);
endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
- return True;
+ return NT_STATUS_OK;
}
/
@@ -1423,11 +1426,7 @@
}
/* add the entry */
- if(!add_smbfilepwd_entry(smbpasswd_state, &smb_pw)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- return NT_STATUS_OK;
+ return add_smbfilepwd_entry(smbpasswd_state, &smb_pw);
}
static NTSTATUS smbpasswd_update_s
svn commit: samba r16048 - in trunk/source/rpc_server: .
Author: vlendec
Date: 2006-06-05 20:09:24 + (Mon, 05 Jun 2006)
New Revision: 16048
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16048
Log:
We had no way to return NT_STATUS_OK from the netlogon serverpwset, although
we successfully set the machine password...
One thing the samba3 join test found.
Volker
Modified:
trunk/source/rpc_server/srv_netlog_nt.c
Changeset:
Modified: trunk/source/rpc_server/srv_netlog_nt.c
===
--- trunk/source/rpc_server/srv_netlog_nt.c 2006-06-05 16:59:10 UTC (rev
16047)
+++ trunk/source/rpc_server/srv_netlog_nt.c 2006-06-05 20:09:24 UTC (rev
16048)
@@ -510,7 +510,6 @@
NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET
*r_u)
{
- NTSTATUS status = NT_STATUS_ACCESS_DENIED;
fstring remote_machine;
struct samu *sampass=NULL;
BOOL ret = False;
@@ -632,7 +631,7 @@
}
/* set up the LSA Server Password Set response */
- init_net_r_srv_pwset(r_u, &cred_out, status);
+ init_net_r_srv_pwset(r_u, &cred_out, r_u->status);
TALLOC_FREE(sampass);
return r_u->status;
svn commit: samba r16047 - branches/SAMBA_3_0/source/lib trunk/source/lib
Author: jmcd
Date: 2006-06-05 16:59:10 + (Mon, 05 Jun 2006)
New Revision: 16047
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16047
Log:
Remove unnecessary line, as this value is set in either branch of the
'if' below. Spotted by Aleksey Fedoseev.
Modified:
branches/SAMBA_3_0/source/lib/time.c
trunk/source/lib/time.c
Changeset:
Modified: branches/SAMBA_3_0/source/lib/time.c
===
--- branches/SAMBA_3_0/source/lib/time.c2006-06-05 13:00:24 UTC (rev
16046)
+++ branches/SAMBA_3_0/source/lib/time.c2006-06-05 16:59:10 UTC (rev
16047)
@@ -153,7 +153,6 @@
GetTimeOfDay(&time_now_hires);
ret_time->tv_sec = time_now_hires.tv_sec - start_time_hires.tv_sec;
- ret_time->tv_usec = time_now_hires.tv_usec - start_time_hires.tv_usec;
if (time_now_hires.tv_usec < start_time_hires.tv_usec) {
ret_time->tv_sec -= 1;
ret_time->tv_usec = 100 + (time_now_hires.tv_usec -
start_time_hires.tv_usec);
Modified: trunk/source/lib/time.c
===
--- trunk/source/lib/time.c 2006-06-05 13:00:24 UTC (rev 16046)
+++ trunk/source/lib/time.c 2006-06-05 16:59:10 UTC (rev 16047)
@@ -153,7 +153,6 @@
GetTimeOfDay(&time_now_hires);
ret_time->tv_sec = time_now_hires.tv_sec - start_time_hires.tv_sec;
- ret_time->tv_usec = time_now_hires.tv_usec - start_time_hires.tv_usec;
if (time_now_hires.tv_usec < start_time_hires.tv_usec) {
ret_time->tv_sec -= 1;
ret_time->tv_usec = 100 + (time_now_hires.tv_usec -
start_time_hires.tv_usec);
svn commit: samba r16046 - branches/SAMBA_3_0/source/lib trunk/source/lib
Author: vlendec
Date: 2006-06-05 13:00:24 + (Mon, 05 Jun 2006)
New Revision: 16046
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16046
Log:
Hmmm. I don't fully understand popt, but this is necessary for smbclient to
show a prompt again :-)
James, could you check that this is ok? I think this was part of your Revision
15848.
Thanks,
Volker
Modified:
branches/SAMBA_3_0/source/lib/popt_common.c
trunk/source/lib/popt_common.c
Changeset:
Modified: branches/SAMBA_3_0/source/lib/popt_common.c
===
--- branches/SAMBA_3_0/source/lib/popt_common.c 2006-06-05 12:00:28 UTC (rev
16045)
+++ branches/SAMBA_3_0/source/lib/popt_common.c 2006-06-05 13:00:24 UTC (rev
16046)
@@ -56,7 +56,6 @@
pstr_sprintf(logfile, "%s/log.%s", arg, pname);
lp_set_logfile(logfile);
- override_logfile = True;
}
static void popt_common_callback(poptContext con,
@@ -104,6 +103,7 @@
case 'l':
if (arg) {
set_logfile(con, arg);
+ override_logfile = True;
pstr_sprintf(dyn_LOGFILEBASE, "%s", arg);
}
break;
Modified: trunk/source/lib/popt_common.c
===
--- trunk/source/lib/popt_common.c 2006-06-05 12:00:28 UTC (rev 16045)
+++ trunk/source/lib/popt_common.c 2006-06-05 13:00:24 UTC (rev 16046)
@@ -56,7 +56,6 @@
pstr_sprintf(logfile, "%s/log.%s", arg, pname);
lp_set_logfile(logfile);
- override_logfile = True;
}
static void popt_common_callback(poptContext con,
@@ -104,6 +103,7 @@
case 'l':
if (arg) {
set_logfile(con, arg);
+ override_logfile = True;
pstr_sprintf(dyn_LOGFILEBASE, "%s", arg);
}
break;
svn commit: samba r16045 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: vlendec
Date: 2006-06-05 12:00:28 + (Mon, 05 Jun 2006)
New Revision: 16045
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16045
Log:
RPC-SAMBA3SESSIONKEY tests the different variants of joins (anon/auth smb,
anon/auth bind).
Jeremy, this is the little test I promised to you that shows the places where
we need the SystemLibraryDTC key.
Volker
Modified:
branches/SAMBA_4_0/source/torture/rpc/rpc.c
branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c
Changeset:
Modified: branches/SAMBA_4_0/source/torture/rpc/rpc.c
===
--- branches/SAMBA_4_0/source/torture/rpc/rpc.c 2006-06-05 10:00:41 UTC (rev
16044)
+++ branches/SAMBA_4_0/source/torture/rpc/rpc.c 2006-06-05 12:00:28 UTC (rev
16045)
@@ -125,6 +125,7 @@
register_torture_op("RPC-AUTHCONTEXT", torture_bind_authcontext, 0);
register_torture_op("RPC-BINDSAMBA3", torture_bind_samba3, 0);
register_torture_op("RPC-NETLOGSAMBA3", torture_netlogon_samba3, 0);
+ register_torture_op("RPC-SAMBA3SESSIONKEY", torture_samba3_sessionkey,
0);
register_torture_op("RPC-DRSUAPI", torture_rpc_drsuapi, 0);
register_torture_op("RPC-CRACKNAMES", torture_rpc_drsuapi_cracknames,
0);
register_torture_op("RPC-ROT", torture_rpc_rot, 0);
Modified: branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c
===
--- branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c 2006-06-05 10:00:41 UTC
(rev 16044)
+++ branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c 2006-06-05 12:00:28 UTC
(rev 16045)
@@ -307,6 +307,8 @@
static NTSTATUS get_usr_handle(struct smbcli_state *cli,
TALLOC_CTX *mem_ctx,
struct cli_credentials *admin_creds,
+ uint8_t auth_type,
+ uint8_t auth_level,
const char *wks_name,
char **domain,
struct dcerpc_pipe **result_pipe,
@@ -343,12 +345,23 @@
goto fail;
}
- status = dcerpc_bind_auth(samr_pipe, &dcerpc_table_samr,
- admin_creds, DCERPC_AUTH_TYPE_NTLMSSP,
- DCERPC_AUTH_LEVEL_INTEGRITY, NULL);
- if (!NT_STATUS_IS_OK(status)) {
- d_printf("dcerpc_bind_auth failed: %s\n", nt_errstr(status));
- goto fail;
+ if (admin_creds != NULL) {
+ status = dcerpc_bind_auth(samr_pipe, &dcerpc_table_samr,
+ admin_creds, auth_type, auth_level,
+ NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("dcerpc_bind_auth failed: %s\n",
+nt_errstr(status));
+ goto fail;
+ }
+ } else {
+ /* We must have an authenticated SMB connection */
+ status = dcerpc_bind_auth_none(samr_pipe, &dcerpc_table_samr);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("dcerpc_bind_auth_none failed: %s\n",
+nt_errstr(status));
+ goto fail;
+ }
}
conn.in.system_name = talloc_asprintf(
@@ -479,6 +492,8 @@
}
status = get_usr_handle(cli, mem_ctx, admin_creds,
+ DCERPC_AUTH_TYPE_NTLMSSP,
+ DCERPC_AUTH_LEVEL_PRIVACY,
cli_credentials_get_workstation(wks_creds),
&dom_name, &samr_pipe, &wks_handle);
@@ -577,8 +592,6 @@
goto done;
}
- d_printf("Got the netlogon pipe\n");
-
status = dcerpc_bind_auth_none(net_pipe, &dcerpc_table_netlogon);
if (!NT_STATUS_IS_OK(status)) {
d_printf("dcerpc_bind_auth_none failed: %s\n",
@@ -858,12 +871,14 @@
struct policy_handle *wks_handle;
BOOL ret = False;
- if ((mem_ctx = talloc_init("join3")) == NULL) {
+ if ((mem_ctx = talloc_init("leave")) == NULL) {
d_printf("talloc_init failed\n");
return False;
}
status = get_usr_handle(cli, mem_ctx, admin_creds,
+ DCERPC_AUTH_TYPE_NTLMSSP,
+ DCERPC_AUTH_LEVEL_INTEGRITY,
cli_credentials_get_workstation(wks_creds),
&dom_name, &samr_pipe, &wks_handle);
@@ -947,7 +962,7 @@
cli_credentials_set_secure_channel_type(wks_creds, SEC_CHAN_WKSTA);
cli_credentials_set_username(wks_creds, wks_name, CRED_SPECIFIED);
cli_credentials_set_workstation(wks_creds, wks_name, CRED_SPECIFIED);
- cli_credentials_set_password(wks_creds, "bl
svn commit: samba r16044 - in branches/SAMBA_4_0/source/torture: . rpc
Author: vlendec Date: 2006-06-05 10:00:41 + (Mon, 05 Jun 2006) New Revision: 16044 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16044 Log: Create a samba3 specific file in torture/rpc. The tests in there survive against W2k3, but they are designed to walk existing Samba3 code paths. It might be possible that I add something like that to other subdirs like raw/. RPC-BINDSAMBA3 excercises the bind variants that samba3 supports right now. RPC-NETLOGSAMBA3 does a samba3 style join, does some schannel-protected netlogon operations and leaves again. Samba3 right now does not survive this, I'm about to fix it soon. I'll also post a *VERY* dirty hack (fake users in sys_getpwnam()) to be able to run this in the build farm. Volker Added: branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c Modified: branches/SAMBA_4_0/source/torture/config.mk branches/SAMBA_4_0/source/torture/rpc/bind.c branches/SAMBA_4_0/source/torture/rpc/rpc.c Changeset: Sorry, the patch is too large (1160 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16044
