svn commit: samba r10591 - in branches/SAMBA_3_0_RELEASE/source: . client nsswitch printing rpc_parse rpc_server

jerry at samba.org jerry at samba.org
Wed Sep 28 21:28:27 GMT 2005 

Author: jerry
Date: 2005-09-28 21:28:25 +0000 (Wed, 28 Sep 2005)
New Revision: 10591

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10591

Log:
merges from SAMBA_3_0

* Guenther's BUILT group fix in security = ads (winbindd)
* access checks in registry and svcctl code (jerry)
* solaris build fixes for configure.in
* a few compile warning fixes
* winbindd on a PDC fix (wbinfo -t)



Modified:
   branches/SAMBA_3_0_RELEASE/source/client/smbspool.c
   branches/SAMBA_3_0_RELEASE/source/configure.in
   branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_ads.c
   branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_cm.c
   branches/SAMBA_3_0_RELEASE/source/printing/nt_printing.c
   branches/SAMBA_3_0_RELEASE/source/printing/printing.c
   branches/SAMBA_3_0_RELEASE/source/rpc_parse/parse_shutdown.c
   branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_reg_nt.c
   branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_svcctl_nt.c


Changeset:
Modified: branches/SAMBA_3_0_RELEASE/source/client/smbspool.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/client/smbspool.c	2005-09-28 21:26:04 UTC (rev 10590)
+++ branches/SAMBA_3_0_RELEASE/source/client/smbspool.c	2005-09-28 21:28:25 UTC (rev 10591)
@@ -459,15 +459,15 @@
 
   get_myname(myname);  
 
-  if ( (username) && ( *username ) && (password) && (*password) ) 
+  /* See if we have a username first.  This is for backwards compatible 
+     behavior with 3.0.14a */
+
+  if ( username &&  *username )
   {
-      /* 
-       * User/password specified in the DEVICE_URI, use those credentials 
-       * to connect to the server 
-       */
       cli = smb_complete_connection(myname, server, port, username, 
                                     password, workgroup, share, 0 );
-      if (cli ) { return cli; }
+      if (cli) 
+        return cli;
   }
   
   /* 

Modified: branches/SAMBA_3_0_RELEASE/source/configure.in
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/configure.in	2005-09-28 21:26:04 UTC (rev 10590)
+++ branches/SAMBA_3_0_RELEASE/source/configure.in	2005-09-28 21:28:25 UTC (rev 10591)
@@ -4876,12 +4876,12 @@
   esac ])
 AC_SUBST(PYTHON)
 
-for i in `echo $default_static_modules | sed -e's/,/ /g'`
+for i in `echo $default_static_modules | sed -e 's/,/ /g'`
 do
 	eval MODULE_DEFAULT_$i=STATIC
 done
 
-for i in `echo $default_shared_modules | sed -e's/,/ /g'`
+for i in `echo $default_shared_modules | sed -e 's/,/ /g'`
 do
 	dnl Fall back to static if we cannot build shared libraries
 	eval MODULE_DEFAULT_$i=STATIC
@@ -4900,7 +4900,7 @@
 AC_ARG_WITH(static-modules,
 [  --with-static-modules=MODULES  Comma-seperated list of names of modules to statically link in],
 [ if test $withval; then
-	for i in `echo $withval | sed -e's/,/ /g'`
+	for i in `echo $withval | sed -e 's/,/ /g'`
 	do
 		eval MODULE_$i=STATIC
 	done
@@ -4909,7 +4909,7 @@
 AC_ARG_WITH(shared-modules,
 [  --with-shared-modules=MODULES  Comma-seperated list of names of modules to build shared],
 [ if test $withval; then
-	for i in `echo $withval | sed -e's/,/ /g'`
+	for i in `echo $withval | sed -e 's/,/ /g'`
 	do
 			eval MODULE_$i=SHARED
 	done

Modified: branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_ads.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_ads.c	2005-09-28 21:26:04 UTC (rev 10590)
+++ branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_ads.c	2005-09-28 21:28:25 UTC (rev 10591)
@@ -613,9 +613,16 @@
 
 	add_sid_to_array(mem_ctx, &primary_group, user_sids, num_groups);
 	
-	for (i=0;i<count;i++)
+	for (i=0;i<count;i++) {
+
+		/* ignore Builtin groups from ADS - Guenther */
+		if (sid_check_is_in_builtin(&sids[i])) {
+			continue;
+		}
+			       
 		add_sid_to_array_unique(mem_ctx, &sids[i],
 					user_sids, num_groups);
+	}
 
 	status = (user_sids != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY;
 

Modified: branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_cm.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_cm.c	2005-09-28 21:26:04 UTC (rev 10590)
+++ branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_cm.c	2005-09-28 21:28:25 UTC (rev 10591)
@@ -1175,7 +1175,10 @@
 	/* if we are a DC and this is a trusted domain, then we need to use our
 	   domain name in the net_req_auth2() request */
 
-	if ( IS_DC ) {
+	if ( IS_DC 
+		&& !strequal(domain->name, lp_workgroup())
+		&& lp_allow_trusted_domains() ) 
+	{
 		account_name = talloc_asprintf( mem_ctx, "%s$", lp_workgroup() );
 	}
 	else {

Modified: branches/SAMBA_3_0_RELEASE/source/printing/nt_printing.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/printing/nt_printing.c	2005-09-28 21:26:04 UTC (rev 10590)
+++ branches/SAMBA_3_0_RELEASE/source/printing/nt_printing.c	2005-09-28 21:28:25 UTC (rev 10591)
@@ -1395,12 +1395,19 @@
 	*perr = WERR_INVALID_PARAM;
 
 	/* If architecture is Windows 95/98/ME, the version is always 0. */
-	if (strcmp(architecture, "WIN40") == 0) {
+	if (strcmp(architecture, SPL_ARCH_WIN40) == 0) {
 		DEBUG(10,("get_correct_cversion: Driver is Win9x, cversion = 0\n"));
 		*perr = WERR_OK;
 		return 0;
 	}
 
+	/* If architecture is Windows x64, the version is always 3. */
+	if (strcmp(architecture, SPL_ARCH_X64) == 0) {
+		DEBUG(10,("get_correct_cversion: Driver is x64, cversion = 3\n"));
+		*perr = WERR_OK;
+		return 3;
+	}
+
 	/*
 	 * Connect to the print$ share under the same account as the user connected
 	 * to the rpc pipe. Note we must still be root to do this.

Modified: branches/SAMBA_3_0_RELEASE/source/printing/printing.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/printing/printing.c	2005-09-28 21:26:04 UTC (rev 10590)
+++ branches/SAMBA_3_0_RELEASE/source/printing/printing.c	2005-09-28 21:28:25 UTC (rev 10591)
@@ -91,7 +91,7 @@
 	if (rap_jobid == 0)
 		rap_jobid = ++next_rap_jobid;
 	SSVAL(buf,0,rap_jobid);
-	data.dptr = buf;
+	data.dptr = (char*)buf;
 	data.dsize = sizeof(rap_jobid);
 	tdb_store(rap_tdb, key, data, TDB_REPLACE);
 	tdb_store(rap_tdb, data, key, TDB_REPLACE);
@@ -112,7 +112,7 @@
 		return False;
 
 	SSVAL(buf,0,rap_jobid);
-	key.dptr = buf;
+	key.dptr = (char*)buf;
 	key.dsize = sizeof(rap_jobid);
 	data = tdb_fetch(rap_tdb, key);
 	if ( data.dptr && data.dsize == sizeof(struct rap_jobid_key) ) 
@@ -164,7 +164,7 @@
 	rap_jobid = SVAL(data.dptr, 0);
 	SAFE_FREE(data.dptr);
 	SSVAL(buf,0,rap_jobid);
-	data.dptr=buf;
+	data.dptr = (char*)buf;
 	data.dsize = sizeof(rap_jobid);
 	tdb_delete(rap_tdb, key);
 	tdb_delete(rap_tdb, data);

Modified: branches/SAMBA_3_0_RELEASE/source/rpc_parse/parse_shutdown.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/rpc_parse/parse_shutdown.c	2005-09-28 21:26:04 UTC (rev 10590)
+++ branches/SAMBA_3_0_RELEASE/source/rpc_parse/parse_shutdown.c	2005-09-28 21:28:25 UTC (rev 10591)
@@ -110,7 +110,6 @@
 	if (!prs_uint8("reboot ", ps, depth, &(q_s->reboot)))
 		return False;
 
-
 	return True;
 }
 

Modified: branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_reg_nt.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_reg_nt.c	2005-09-28 21:26:04 UTC (rev 10590)
+++ branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_reg_nt.c	2005-09-28 21:28:25 UTC (rev 10591)
@@ -44,6 +44,12 @@
 {
 	NTSTATUS result;
 		
+	if ( geteuid() == sec_initial_uid() ) {
+		DEBUG(5,("registry_access_check: access check bypassed for 'root'\n"));
+		*access_granted = REG_KEY_ALL;
+		return NT_STATUS_OK;
+	}
+
 	se_map_generic( &access_desired, &reg_generic_map );
 	se_access_check( sec_desc, token, access_desired, access_granted, &result );
 	

Modified: branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_svcctl_nt.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_svcctl_nt.c	2005-09-28 21:26:04 UTC (rev 10590)
+++ branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_svcctl_nt.c	2005-09-28 21:28:25 UTC (rev 10591)
@@ -59,11 +59,15 @@
                                      uint32 access_desired, uint32 *access_granted )
 {
 	NTSTATUS result;
+
+	if ( geteuid() == sec_initial_uid() ) {
+		DEBUG(5,("svcctl_access_check: access check bypassed for 'root'\n"));
+		*access_granted = access_desired;
+		return NT_STATUS_OK;
+	}
 	
-	/* maybe add privilege checks in here later */
-	
 	se_access_check( sec_desc, token, access_desired, access_granted, &result );
-	
+
 	return result;
 }

More information about the samba-cvs mailing list