svn commit: samba r13134 - in branches/SAMBA_3_0_RELEASE/source: .
libsmb nsswitch passdb rpc_server smbd utils
jerry at samba.org
jerry at samba.org
Wed Jan 25 15:52:10 GMT 2006
Author: jerry
Date: 2006-01-25 15:52:08 +0000 (Wed, 25 Jan 2006)
New Revision: 13134
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13134
Log:
Last planned code merge for 3.0.21b
* missing SMS 2003 fix
* posix_acl double free fix
* Guenther's pam_winbind fixes
* testparm server role fix.
* 64-bit fix in clireadwrite.c
Added:
branches/SAMBA_3_0_RELEASE/source/passdb/util_builtin.c
Modified:
branches/SAMBA_3_0_RELEASE/source/Makefile.in
branches/SAMBA_3_0_RELEASE/source/libsmb/clireadwrite.c
branches/SAMBA_3_0_RELEASE/source/nsswitch/pam_winbind.c
branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_samr_nt.c
branches/SAMBA_3_0_RELEASE/source/smbd/posix_acls.c
branches/SAMBA_3_0_RELEASE/source/utils/testparm.c
Changeset:
Modified: branches/SAMBA_3_0_RELEASE/source/Makefile.in
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/Makefile.in 2006-01-25 15:43:15 UTC (rev 13133)
+++ branches/SAMBA_3_0_RELEASE/source/Makefile.in 2006-01-25 15:52:08 UTC (rev 13134)
@@ -326,7 +326,7 @@
PASSDB_GET_SET_OBJ = passdb/pdb_get_set.o
PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \
- passdb/util_sam_sid.o passdb/pdb_compat.o \
+ passdb/util_sam_sid.o passdb/util_builtin.o passdb/pdb_compat.o \
passdb/lookup_sid.o \
passdb/login_cache.o @PDB_STATIC@ passdb/pdb_sql.o \
lib/system_smbd.o lib/account_pol.o lib/privileges.o
Modified: branches/SAMBA_3_0_RELEASE/source/libsmb/clireadwrite.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/libsmb/clireadwrite.c 2006-01-25 15:43:15 UTC (rev 13133)
+++ branches/SAMBA_3_0_RELEASE/source/libsmb/clireadwrite.c 2006-01-25 15:52:08 UTC (rev 13134)
@@ -49,8 +49,9 @@
SSVAL(cli->outbuf,smb_vwv7,((size >> 16) & 1));
SSVAL(cli->outbuf,smb_mid,cli->mid + i);
- if (bigoffset)
- SIVAL(cli->outbuf,smb_vwv10,(offset>>32) & 0xffffffff);
+ if (bigoffset) {
+ SIVAL(cli->outbuf,smb_vwv10,(((SMB_BIG_UINT)offset)>>32) & 0xffffffff);
+ }
return cli_send_smb(cli);
}
@@ -302,8 +303,9 @@
SSVAL(cli->outbuf,smb_vwv11,
smb_buf(cli->outbuf) - smb_base(cli->outbuf));
- if (large_writex)
- SIVAL(cli->outbuf,smb_vwv12,(offset>>32) & 0xffffffff);
+ if (large_writex) {
+ SIVAL(cli->outbuf,smb_vwv12,(((SMB_BIG_UINT)offset)>>32) & 0xffffffff);
+ }
p = smb_base(cli->outbuf) + SVAL(cli->outbuf,smb_vwv11);
memcpy(p, buf, size);
Modified: branches/SAMBA_3_0_RELEASE/source/nsswitch/pam_winbind.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/nsswitch/pam_winbind.c 2006-01-25 15:43:15 UTC (rev 13133)
+++ branches/SAMBA_3_0_RELEASE/source/nsswitch/pam_winbind.c 2006-01-25 15:52:08 UTC (rev 13134)
@@ -57,6 +57,11 @@
return ctrl;
}
+static void _pam_winbind_cleanup_func(pam_handle_t *pamh, void *data, int error_status)
+{
+ SAFE_FREE(data);
+}
+
/* --- authentication management functions --- */
/* Attempt a conversation */
@@ -508,7 +513,22 @@
}
/* Now use the username to look up password */
- return winbind_auth_request(username, password, member, ctrl);
+ retval = winbind_auth_request(username, password, member, ctrl);
+ if (retval == PAM_NEW_AUTHTOK_REQD ||
+ retval == PAM_AUTHTOK_EXPIRED) {
+
+ char *buf;
+
+ if (!asprintf(&buf, "%d", retval)) {
+ return PAM_BUF_ERR;
+ }
+
+ pam_set_data( pamh, PAM_WINBIND_NEW_AUTHTOK_REQD, (void *)buf, _pam_winbind_cleanup_func);
+
+ return PAM_SUCCESS;
+ }
+
+ return retval;
}
PAM_EXTERN
@@ -527,6 +547,8 @@
int argc, const char **argv)
{
const char *username;
+ void *tmp = NULL;
+
int retval = PAM_USER_UNKNOWN;
/* parse arguments */
@@ -555,6 +577,26 @@
return PAM_IGNORE;
return PAM_USER_UNKNOWN;
case 0:
+ pam_get_data( pamh, PAM_WINBIND_NEW_AUTHTOK_REQD, (const void **)&tmp);
+
+ if (tmp != NULL) {
+ retval = atoi(tmp);
+ switch (retval) {
+ case PAM_AUTHTOK_EXPIRED:
+ /* fall through, since new token is required in this case */
+ case PAM_NEW_AUTHTOK_REQD:
+ _pam_log(LOG_WARNING, "pam_sm_acct_mgmt success but %s is set",
+ PAM_WINBIND_NEW_AUTHTOK_REQD);
+ _pam_log(LOG_NOTICE, "user '%s' needs new password", username);
+ /* PAM_AUTHTOKEN_REQD does not exist, but is documented in the manpage */
+ return PAM_NEW_AUTHTOK_REQD;
+ default:
+ _pam_log(LOG_WARNING, "pam_sm_acct_mgmt success");
+ _pam_log(LOG_NOTICE, "user '%s' granted access", username);
+ return PAM_SUCCESS;
+ }
+ }
+
/* Otherwise, the authentication looked good */
_pam_log(LOG_NOTICE, "user '%s' granted access", username);
return PAM_SUCCESS;
Added: branches/SAMBA_3_0_RELEASE/source/passdb/util_builtin.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/passdb/util_builtin.c 2006-01-25 15:43:15 UTC (rev 13133)
+++ branches/SAMBA_3_0_RELEASE/source/passdb/util_builtin.c 2006-01-25 15:52:08 UTC (rev 13134)
@@ -0,0 +1,31 @@
+/*
+ Unix SMB/CIFS implementation.
+ Translate BUILTIN names to SIDs and vice versa
+ Copyright (C) Volker Lendecke 2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/*****************************************************************
+ Return the name of the BUILTIN domain
+*****************************************************************/
+
+const char *builtin_domain_name(void)
+{
+ return "BUILTIN";
+}
+
Modified: branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_samr_nt.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_samr_nt.c 2006-01-25 15:43:15 UTC (rev 13133)
+++ branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_samr_nt.c 2006-01-25 15:52:08 UTC (rev 13134)
@@ -2648,9 +2648,13 @@
ZERO_STRUCT(sid);
+ if (strequal(domain_name, builtin_domain_name())) {
+ sid_copy(&sid, &global_sid_Builtin);
+ } else {
if (!secrets_fetch_domain_sid(domain_name, &sid)) {
r_u->status = NT_STATUS_NO_SUCH_DOMAIN;
}
+ }
DEBUG(2,("Returning domain sid for domain %s -> %s\n", domain_name, sid_string_static(&sid)));
@@ -2785,7 +2789,7 @@
* JFM.
*/
- /* associate the user's SID with the new handle. */
+ /* associate the alias SID with the new handle. */
if ((info = get_samr_info_by_sid(&sid)) == NULL)
return NT_STATUS_NO_MEMORY;
Modified: branches/SAMBA_3_0_RELEASE/source/smbd/posix_acls.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/smbd/posix_acls.c 2006-01-25 15:43:15 UTC (rev 13133)
+++ branches/SAMBA_3_0_RELEASE/source/smbd/posix_acls.c 2006-01-25 15:52:08 UTC (rev 13134)
@@ -1447,7 +1447,6 @@
Deny entry after Allow entry. Failing to set on file %s.\n", fsp->fsp_name ));
free_canon_ace_list(file_ace);
free_canon_ace_list(dir_ace);
- SAFE_FREE(current_ace);
return False;
}
@@ -1506,7 +1505,6 @@
Deny entry after Allow entry. Failing to set on file %s.\n", fsp->fsp_name ));
free_canon_ace_list(file_ace);
free_canon_ace_list(dir_ace);
- SAFE_FREE(current_ace);
return False;
}
Modified: branches/SAMBA_3_0_RELEASE/source/utils/testparm.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/utils/testparm.c 2006-01-25 15:43:15 UTC (rev 13133)
+++ branches/SAMBA_3_0_RELEASE/source/utils/testparm.c 2006-01-25 15:52:08 UTC (rev 13134)
@@ -349,7 +349,7 @@
}
- if (!silent_mode && !section_name && !parameter_name) {
+ if (!section_name && !parameter_name) {
fprintf(stderr,"Server role: %s\n", server_role_str(lp_server_role()));
}
More information about the samba-cvs
mailing list