svn commit: samba r17437 - in branches/SAMBA_3_0_RELEASE/source: auth libsmb passdb smbd

Mon Aug 7 12:12:20 GMT 2006

Author: jerry
Date: 2006-08-07 12:12:20 +0000 (Mon, 07 Aug 2006)
New Revision: 17437

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17437

Log:
sync valid users and server signing fixes
Modified:
   branches/SAMBA_3_0_RELEASE/source/auth/auth_util.c
   branches/SAMBA_3_0_RELEASE/source/libsmb/smb_signing.c
   branches/SAMBA_3_0_RELEASE/source/passdb/lookup_sid.c
   branches/SAMBA_3_0_RELEASE/source/smbd/service.c
   branches/SAMBA_3_0_RELEASE/source/smbd/share_access.c


Changeset:
Modified: branches/SAMBA_3_0_RELEASE/source/auth/auth_util.c
===================================================================

--- branches/SAMBA_3_0_RELEASE/source/auth/auth_util.c	2006-08-07 12:04:28 UTC (rev 17436)
+++ branches/SAMBA_3_0_RELEASE/source/auth/auth_util.c	2006-08-07 12:12:20 UTC (rev 17437)
@@ -1052,9 +1052,9 @@
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (!lookup_name(tmp_ctx, username, LOOKUP_NAME_ALL,
+	if (!lookup_name_smbconf(tmp_ctx, username, LOOKUP_NAME_ALL,
 			 NULL, NULL, &user_sid, &type)) {
-		DEBUG(1, ("lookup_name for %s failed\n", username));
+		DEBUG(1, ("lookup_name_smbconf for %s failed\n", username));
 		goto done;
 	}
 

Modified: branches/SAMBA_3_0_RELEASE/source/libsmb/smb_signing.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/libsmb/smb_signing.c	2006-08-07 12:04:28 UTC (rev 17436)
+++ branches/SAMBA_3_0_RELEASE/source/libsmb/smb_signing.c	2006-08-07 12:12:20 UTC (rev 17437)
@@ -847,6 +847,9 @@
 
 	while (get_sequence_for_reply(&data->outstanding_packet_list, mid, &dummy_seq))
 		;
+
+	/* cancel doesn't send a reply so doesn't burn a sequence number. */
+	data->send_seq_num -= 1;
 }
 
 /***********************************************************

Modified: branches/SAMBA_3_0_RELEASE/source/passdb/lookup_sid.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/passdb/lookup_sid.c	2006-08-07 12:04:28 UTC (rev 17436)
+++ branches/SAMBA_3_0_RELEASE/source/passdb/lookup_sid.c	2006-08-07 12:12:20 UTC (rev 17437)
@@ -61,6 +61,9 @@
 		name = talloc_strdup(tmp_ctx, full_name);
 	}
 
+	DEBUG(10,("lookup_name: %s => %s (domain), %s (name)\n", 
+		full_name, domain, name));
+
 	if ((domain == NULL) || (name == NULL)) {
 		DEBUG(0, ("talloc failed\n"));
 		return False;
@@ -353,6 +356,72 @@
 	return True;
 }
 
+/************************************************************************
+ Names from smb.conf can be unqualified. eg. valid users = foo
+ These names should never map to a remote name. Try global_sam_name()\foo,
+ and then "Unix Users"\foo (or "Unix Groups"\foo).
+************************************************************************/
+
+BOOL lookup_name_smbconf(TALLOC_CTX *mem_ctx,
+		 const char *full_name, int flags,
+		 const char **ret_domain, const char **ret_name,
+		 DOM_SID *ret_sid, enum SID_NAME_USE *ret_type)
+{
+	char *qualified_name;
+	const char *p;
+
+	/* NB. No winbindd_separator here as lookup_name needs \\' */
+	if ((p = strchr_m(full_name, *lp_winbind_separator())) != NULL) {
+
+		/* The name is already qualified with a domain. */
+
+		if (*lp_winbind_separator() != '\\') {
+			char *tmp;
+
+			/* lookup_name() needs '\\' as a separator */
+
+			tmp = talloc_strdup(mem_ctx, full_name);
+			if (!tmp) {
+				return False;
+			}
+			tmp[p - full_name] = '\\';
+			full_name = tmp;
+		}
+
+		return lookup_name(mem_ctx, full_name, flags,
+				ret_domain, ret_name,
+				ret_sid, ret_type);
+	}
+
+	/* Try with our own SAM name. */
+	qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
+				get_global_sam_name(),
+				full_name );
+	if (!qualified_name) {
+		return False;
+	}
+
+	if (lookup_name(mem_ctx, qualified_name, flags,
+				ret_domain, ret_name,
+				ret_sid, ret_type)) {
+		return True;
+	}
+
+	/* Finally try with "Unix Users" or "Unix Group" */
+	qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
+				flags & LOOKUP_NAME_GROUP ?
+					unix_groups_domain_name() :
+					unix_users_domain_name(),
+				full_name );
+	if (!qualified_name) {
+		return False;
+	}
+
+	return lookup_name(mem_ctx, qualified_name, flags,
+				ret_domain, ret_name,
+				ret_sid, ret_type);
+}
+
 static BOOL winbind_lookup_rids(TALLOC_CTX *mem_ctx,
 				const DOM_SID *domain_sid,
 				int num_rids, uint32 *rids,

Modified: branches/SAMBA_3_0_RELEASE/source/smbd/service.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/smbd/service.c	2006-08-07 12:04:28 UTC (rev 17436)
+++ branches/SAMBA_3_0_RELEASE/source/smbd/service.c	2006-08-07 12:12:20 UTC (rev 17437)
@@ -443,10 +443,10 @@
 	groupname = talloc_string_sub(mem_ctx, groupname,
 				      "%S", lp_servicename(snum));
 
-	if (!lookup_name(mem_ctx, groupname,
+	if (!lookup_name_smbconf(mem_ctx, groupname,
 			 LOOKUP_NAME_ALL|LOOKUP_NAME_GROUP,
 			 NULL, NULL, &group_sid, &type)) {
-		DEBUG(10, ("lookup_name(%s) failed\n",
+		DEBUG(10, ("lookup_name_smbconf(%s) failed\n",
 			   groupname));
 		goto done;
 	}

Modified: branches/SAMBA_3_0_RELEASE/source/smbd/share_access.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/smbd/share_access.c	2006-08-07 12:04:28 UTC (rev 17436)
+++ branches/SAMBA_3_0_RELEASE/source/smbd/share_access.c	2006-08-07 12:12:20 UTC (rev 17437)
@@ -94,7 +94,7 @@
 	}
 
 	if (!do_group_checks(&name, &prefix)) {
-		if (!lookup_name(mem_ctx, name, LOOKUP_NAME_ALL,
+		if (!lookup_name_smbconf(mem_ctx, name, LOOKUP_NAME_ALL,
 				 NULL, NULL, &sid, &type)) {
 			DEBUG(5, ("lookup_name %s failed\n", name));
 			return False;
@@ -109,7 +109,7 @@
 
 	for (/* initialized above */ ; *prefix != '\0'; prefix++) {
 		if (*prefix == '+') {
-			if (!lookup_name(mem_ctx, name,
+			if (!lookup_name_smbconf(mem_ctx, name,
 					 LOOKUP_NAME_ALL|LOOKUP_NAME_GROUP,
 					 NULL, NULL, &sid, &type)) {
 				DEBUG(5, ("lookup_name %s failed\n", name));

