svn commit: samba r17437 - in branches/SAMBA_3_0_RELEASE/source:
auth libsmb passdb smbd
jerry at samba.org
jerry at samba.org
Mon Aug 7 12:12:20 GMT 2006
Author: jerry
Date: 2006-08-07 12:12:20 +0000 (Mon, 07 Aug 2006)
New Revision: 17437
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17437
Log:
sync valid users and server signing fixes
Modified:
branches/SAMBA_3_0_RELEASE/source/auth/auth_util.c
branches/SAMBA_3_0_RELEASE/source/libsmb/smb_signing.c
branches/SAMBA_3_0_RELEASE/source/passdb/lookup_sid.c
branches/SAMBA_3_0_RELEASE/source/smbd/service.c
branches/SAMBA_3_0_RELEASE/source/smbd/share_access.c
Changeset:
Modified: branches/SAMBA_3_0_RELEASE/source/auth/auth_util.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/auth/auth_util.c 2006-08-07 12:04:28 UTC (rev 17436)
+++ branches/SAMBA_3_0_RELEASE/source/auth/auth_util.c 2006-08-07 12:12:20 UTC (rev 17437)
@@ -1052,9 +1052,9 @@
return NT_STATUS_NO_MEMORY;
}
- if (!lookup_name(tmp_ctx, username, LOOKUP_NAME_ALL,
+ if (!lookup_name_smbconf(tmp_ctx, username, LOOKUP_NAME_ALL,
NULL, NULL, &user_sid, &type)) {
- DEBUG(1, ("lookup_name for %s failed\n", username));
+ DEBUG(1, ("lookup_name_smbconf for %s failed\n", username));
goto done;
}
Modified: branches/SAMBA_3_0_RELEASE/source/libsmb/smb_signing.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/libsmb/smb_signing.c 2006-08-07 12:04:28 UTC (rev 17436)
+++ branches/SAMBA_3_0_RELEASE/source/libsmb/smb_signing.c 2006-08-07 12:12:20 UTC (rev 17437)
@@ -847,6 +847,9 @@
while (get_sequence_for_reply(&data->outstanding_packet_list, mid, &dummy_seq))
;
+
+ /* cancel doesn't send a reply so doesn't burn a sequence number. */
+ data->send_seq_num -= 1;
}
/***********************************************************
Modified: branches/SAMBA_3_0_RELEASE/source/passdb/lookup_sid.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/passdb/lookup_sid.c 2006-08-07 12:04:28 UTC (rev 17436)
+++ branches/SAMBA_3_0_RELEASE/source/passdb/lookup_sid.c 2006-08-07 12:12:20 UTC (rev 17437)
@@ -61,6 +61,9 @@
name = talloc_strdup(tmp_ctx, full_name);
}
+ DEBUG(10,("lookup_name: %s => %s (domain), %s (name)\n",
+ full_name, domain, name));
+
if ((domain == NULL) || (name == NULL)) {
DEBUG(0, ("talloc failed\n"));
return False;
@@ -353,6 +356,72 @@
return True;
}
+/************************************************************************
+ Names from smb.conf can be unqualified. eg. valid users = foo
+ These names should never map to a remote name. Try global_sam_name()\foo,
+ and then "Unix Users"\foo (or "Unix Groups"\foo).
+************************************************************************/
+
+BOOL lookup_name_smbconf(TALLOC_CTX *mem_ctx,
+ const char *full_name, int flags,
+ const char **ret_domain, const char **ret_name,
+ DOM_SID *ret_sid, enum SID_NAME_USE *ret_type)
+{
+ char *qualified_name;
+ const char *p;
+
+ /* NB. No winbindd_separator here as lookup_name needs \\' */
+ if ((p = strchr_m(full_name, *lp_winbind_separator())) != NULL) {
+
+ /* The name is already qualified with a domain. */
+
+ if (*lp_winbind_separator() != '\\') {
+ char *tmp;
+
+ /* lookup_name() needs '\\' as a separator */
+
+ tmp = talloc_strdup(mem_ctx, full_name);
+ if (!tmp) {
+ return False;
+ }
+ tmp[p - full_name] = '\\';
+ full_name = tmp;
+ }
+
+ return lookup_name(mem_ctx, full_name, flags,
+ ret_domain, ret_name,
+ ret_sid, ret_type);
+ }
+
+ /* Try with our own SAM name. */
+ qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
+ get_global_sam_name(),
+ full_name );
+ if (!qualified_name) {
+ return False;
+ }
+
+ if (lookup_name(mem_ctx, qualified_name, flags,
+ ret_domain, ret_name,
+ ret_sid, ret_type)) {
+ return True;
+ }
+
+ /* Finally try with "Unix Users" or "Unix Group" */
+ qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
+ flags & LOOKUP_NAME_GROUP ?
+ unix_groups_domain_name() :
+ unix_users_domain_name(),
+ full_name );
+ if (!qualified_name) {
+ return False;
+ }
+
+ return lookup_name(mem_ctx, qualified_name, flags,
+ ret_domain, ret_name,
+ ret_sid, ret_type);
+}
+
static BOOL winbind_lookup_rids(TALLOC_CTX *mem_ctx,
const DOM_SID *domain_sid,
int num_rids, uint32 *rids,
Modified: branches/SAMBA_3_0_RELEASE/source/smbd/service.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/smbd/service.c 2006-08-07 12:04:28 UTC (rev 17436)
+++ branches/SAMBA_3_0_RELEASE/source/smbd/service.c 2006-08-07 12:12:20 UTC (rev 17437)
@@ -443,10 +443,10 @@
groupname = talloc_string_sub(mem_ctx, groupname,
"%S", lp_servicename(snum));
- if (!lookup_name(mem_ctx, groupname,
+ if (!lookup_name_smbconf(mem_ctx, groupname,
LOOKUP_NAME_ALL|LOOKUP_NAME_GROUP,
NULL, NULL, &group_sid, &type)) {
- DEBUG(10, ("lookup_name(%s) failed\n",
+ DEBUG(10, ("lookup_name_smbconf(%s) failed\n",
groupname));
goto done;
}
Modified: branches/SAMBA_3_0_RELEASE/source/smbd/share_access.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/smbd/share_access.c 2006-08-07 12:04:28 UTC (rev 17436)
+++ branches/SAMBA_3_0_RELEASE/source/smbd/share_access.c 2006-08-07 12:12:20 UTC (rev 17437)
@@ -94,7 +94,7 @@
}
if (!do_group_checks(&name, &prefix)) {
- if (!lookup_name(mem_ctx, name, LOOKUP_NAME_ALL,
+ if (!lookup_name_smbconf(mem_ctx, name, LOOKUP_NAME_ALL,
NULL, NULL, &sid, &type)) {
DEBUG(5, ("lookup_name %s failed\n", name));
return False;
@@ -109,7 +109,7 @@
for (/* initialized above */ ; *prefix != '\0'; prefix++) {
if (*prefix == '+') {
- if (!lookup_name(mem_ctx, name,
+ if (!lookup_name_smbconf(mem_ctx, name,
LOOKUP_NAME_ALL|LOOKUP_NAME_GROUP,
NULL, NULL, &sid, &type)) {
DEBUG(5, ("lookup_name %s failed\n", name));
More information about the samba-cvs
mailing list