svn commit: samba r16472 - in branches/SAMBA_3_0_RELEASE: . source source/auth source/include source/libsmb source/locking source/smbd source/utils source/web

jerry at samba.org jerry at samba.org
Thu Jun 22 19:52:34 GMT 2006 

Author: jerry
Date: 2006-06-22 19:52:32 +0000 (Thu, 22 Jun 2006)
New Revision: 16472

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16472

Log:
final pass for 3.0.23rc3 I think.  Current with SAMBA_3_0 r16471
Modified:
   branches/SAMBA_3_0_RELEASE/WHATSNEW.txt
   branches/SAMBA_3_0_RELEASE/source/Makefile.in
   branches/SAMBA_3_0_RELEASE/source/auth/auth_util.c
   branches/SAMBA_3_0_RELEASE/source/include/smb.h
   branches/SAMBA_3_0_RELEASE/source/libsmb/smb_share_modes.c
   branches/SAMBA_3_0_RELEASE/source/locking/locking.c
   branches/SAMBA_3_0_RELEASE/source/smbd/open.c
   branches/SAMBA_3_0_RELEASE/source/smbd/oplock.c
   branches/SAMBA_3_0_RELEASE/source/utils/status.c
   branches/SAMBA_3_0_RELEASE/source/web/statuspage.c


Changeset:
Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt
===================================================================
--- branches/SAMBA_3_0_RELEASE/WHATSNEW.txt	2006-06-22 19:47:44 UTC (rev 16471)
+++ branches/SAMBA_3_0_RELEASE/WHATSNEW.txt	2006-06-22 19:52:32 UTC (rev 16472)
@@ -38,12 +38,17 @@
     * Fix naming conflicts with 'net usershare' structures and 
       Solaris header files.
     * Fix memleaks on error paths from the ASN.1 parsing code.
+    * Add uid to share_mode_entry structure so we can report who 
+      opened the file.
 
 
 o   Gerald (Jerry) Carter <jerry at samba.org>
     * Fix 'make install' problem when building outside source/.
     * Fix 'net ads join' when the workgroup is set incorrectly in 
       smb.conf.
+    * Re-add code to include the BUILTIN\Administrators SID when
+      winbindd is not running, but the user's token includes the 
+      Domain Admin SID.  Fixes access problem for managing Services.
 
 
 o   Guenther Deschner <gd at samba.org>

Modified: branches/SAMBA_3_0_RELEASE/source/Makefile.in
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/Makefile.in	2006-06-22 19:47:44 UTC (rev 16471)
+++ branches/SAMBA_3_0_RELEASE/source/Makefile.in	2006-06-22 19:52:32 UTC (rev 16472)
@@ -1616,7 +1616,8 @@
 	@rm -f include/proto.h include/build_env.h  \
 		nsswitch/winbindd_proto.h web/swat_proto.h \
 		client/client_proto.h utils/net_proto.h \
-		smbd/build_options.c
+		smbd/build_options.c utils/ntlm_auth_proto.h \
+		utils/passwd_proto.h
 
 MKPROTO_SH = $(srcdir)/script/mkproto.sh
 

Modified: branches/SAMBA_3_0_RELEASE/source/auth/auth_util.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/auth/auth_util.c	2006-06-22 19:47:44 UTC (rev 16471)
+++ branches/SAMBA_3_0_RELEASE/source/auth/auth_util.c	2006-06-22 19:52:32 UTC (rev 16472)
@@ -688,6 +688,31 @@
 
 static NTSTATUS add_builtin_administrators( TALLOC_CTX *ctx, struct nt_user_token *token )
 {
+	DOM_SID domadm;
+
+	/* nothing to do if we aren't in a domain */
+	
+	if ( !(IS_DC || lp_server_role()==ROLE_DOMAIN_MEMBER) ) {
+		return NT_STATUS_OK;
+	}
+	
+	/* Find the Domain Admins SID */
+	
+	if ( IS_DC ) {
+		sid_copy( &domadm, get_global_sam_sid() );
+	} else {
+		if ( !secrets_fetch_domain_sid( lp_workgroup(), &domadm ) )
+			return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+	}
+	sid_append_rid( &domadm, DOMAIN_GROUP_RID_ADMINS );
+	
+	/* Add Administrators if the user beloongs to Domain Admins */
+	
+	if ( nt_token_check_sid( &domadm, token ) ) {
+		add_sid_to_array(token, &global_sid_Builtin_Administrators,
+				 &token->user_sids, &token->num_sids);
+	}
+	
 	return NT_STATUS_OK;
 }
 

Modified: branches/SAMBA_3_0_RELEASE/source/include/smb.h
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/include/smb.h	2006-06-22 19:47:44 UTC (rev 16471)
+++ branches/SAMBA_3_0_RELEASE/source/include/smb.h	2006-06-22 19:52:32 UTC (rev 16472)
@@ -671,6 +671,7 @@
 	SMB_DEV_T dev;
 	SMB_INO_T inode;
 	unsigned long share_file_id;
+	uint32 uid;		/* uid of file opener. */
 };
 
 /* oplock break message definition - linearization of share_mode_entry.
@@ -687,10 +688,11 @@
 28	SMB_DEV_T dev		8 bytes.
 36	SMB_INO_T inode		8 bytes
 44	unsigned long file_id	4 bytes
-48
+48	uint32 uid		4 bytes
+52
 
 */
-#define MSG_SMB_SHARE_MODE_ENTRY_SIZE 48
+#define MSG_SMB_SHARE_MODE_ENTRY_SIZE 52
 
 struct share_mode_lock {
 	const char *servicepath; /* canonicalized. */

Modified: branches/SAMBA_3_0_RELEASE/source/libsmb/smb_share_modes.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/libsmb/smb_share_modes.c	2006-06-22 19:47:44 UTC (rev 16471)
+++ branches/SAMBA_3_0_RELEASE/source/libsmb/smb_share_modes.c	2006-06-22 19:52:32 UTC (rev 16472)
@@ -149,6 +149,7 @@
 	out->access_mask = in->access_mask;
 	out->dev = (SMB_DEV_T)in->dev;
 	out->inode = (SMB_INO_T)in->ino;
+	out->uid = (uint32)geteuid();
 }
 
 /*

Modified: branches/SAMBA_3_0_RELEASE/source/locking/locking.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/locking/locking.c	2006-06-22 19:47:44 UTC (rev 16471)
+++ branches/SAMBA_3_0_RELEASE/source/locking/locking.c	2006-06-22 19:52:32 UTC (rev 16472)
@@ -443,13 +443,13 @@
 	slprintf(share_str, sizeof(share_str)-1, "share_mode_entry[%d]: %s "
 		 "pid = %s, share_access = 0x%x, private_options = 0x%x, "
 		 "access_mask = 0x%x, mid = 0x%x, type= 0x%x, file_id = %lu, "
-		 "dev = 0x%x, inode = %.0f",
+		 "uid = %u, dev = 0x%x, inode = %.0f",
 		 num,
 		 e->op_type == UNUSED_SHARE_MODE_ENTRY ? "UNUSED" : "",
 		 procid_str_static(&e->pid),
 		 e->share_access, e->private_options,
 		 e->access_mask, e->op_mid, e->op_type, e->share_file_id,
-		 (unsigned int)e->dev, (double)e->inode );
+		 (unsigned int)e->uid, (unsigned int)e->dev, (double)e->inode );
 
 	return share_str;
 }
@@ -917,7 +917,7 @@
 
 static void fill_share_mode_entry(struct share_mode_entry *e,
 				  files_struct *fsp,
-				  uint16 mid, uint16 op_type)
+				  uid_t uid, uint16 mid, uint16 op_type)
 {
 	ZERO_STRUCTP(e);
 	e->pid = procid_self();
@@ -928,9 +928,10 @@
 	e->op_type = op_type;
 	e->time.tv_sec = fsp->open_time.tv_sec;
 	e->time.tv_usec = fsp->open_time.tv_usec;
-	e->share_file_id = fsp->fh->file_id;
 	e->dev = fsp->dev;
 	e->inode = fsp->inode;
+	e->share_file_id = fsp->fh->file_id;
+	e->uid = (uint32)uid;
 }
 
 static void fill_deferred_open_entry(struct share_mode_entry *e,
@@ -945,6 +946,7 @@
 	e->time.tv_usec = request_time.tv_usec;
 	e->dev = dev;
 	e->inode = ino;
+	e->uid = (uint32)-1;
 }
 
 static void add_share_mode_entry(struct share_mode_lock *lck,
@@ -969,10 +971,10 @@
 }
 
 void set_share_mode(struct share_mode_lock *lck, files_struct *fsp,
-		    uint16 mid, uint16 op_type)
+			uid_t uid, uint16 mid, uint16 op_type)
 {
 	struct share_mode_entry entry;
-	fill_share_mode_entry(&entry, fsp, mid, op_type);
+	fill_share_mode_entry(&entry, fsp, uid, mid, op_type);
 	add_share_mode_entry(lck, &entry);
 }
 
@@ -1044,7 +1046,8 @@
 {
 	struct share_mode_entry entry, *e;
 
-	fill_share_mode_entry(&entry, fsp, 0, NO_OPLOCK);
+	/* Don't care about the pid owner being correct here - just a search. */
+	fill_share_mode_entry(&entry, fsp, (uid_t)-1, 0, NO_OPLOCK);
 
 	e = find_share_mode_entry(lck, &entry);
 	if (e == NULL) {
@@ -1080,7 +1083,8 @@
 {
 	struct share_mode_entry entry, *e;
 
-	fill_share_mode_entry(&entry, fsp, 0, NO_OPLOCK);
+	/* Don't care about the pid owner being correct here - just a search. */
+	fill_share_mode_entry(&entry, fsp, (uid_t)-1, 0, NO_OPLOCK);
 
 	e = find_share_mode_entry(lck, &entry);
 	if (e == NULL) {
@@ -1101,7 +1105,8 @@
 {
 	struct share_mode_entry entry, *e;
 
-	fill_share_mode_entry(&entry, fsp, 0, NO_OPLOCK);
+	/* Don't care about the pid owner being correct here - just a search. */
+	fill_share_mode_entry(&entry, fsp, (uid_t)-1, 0, NO_OPLOCK);
 
 	e = find_share_mode_entry(lck, &entry);
 	if (e == NULL) {

Modified: branches/SAMBA_3_0_RELEASE/source/smbd/open.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/smbd/open.c	2006-06-22 19:47:44 UTC (rev 16471)
+++ branches/SAMBA_3_0_RELEASE/source/smbd/open.c	2006-06-22 19:52:32 UTC (rev 16472)
@@ -1685,7 +1685,7 @@
 			fsp->oplock_type = NO_OPLOCK;
 		}
 	}
-	set_share_mode(lck, fsp, 0, fsp->oplock_type);
+	set_share_mode(lck, fsp, current_user.ut.uid, 0, fsp->oplock_type);
 
 	if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED ||
 				info == FILE_WAS_SUPERSEDED) {
@@ -1991,7 +1991,7 @@
 		return NULL;
 	}
 
-	set_share_mode(lck, fsp, 0, NO_OPLOCK);
+	set_share_mode(lck, fsp, current_user.ut.uid, 0, NO_OPLOCK);
 
 	/* For directories the delete on close bit at open time seems
 	   always to be honored on close... See test 19 in Samba4 BASE-DELETE. */

Modified: branches/SAMBA_3_0_RELEASE/source/smbd/oplock.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/smbd/oplock.c	2006-06-22 19:47:44 UTC (rev 16471)
+++ branches/SAMBA_3_0_RELEASE/source/smbd/oplock.c	2006-06-22 19:52:32 UTC (rev 16472)
@@ -830,6 +830,7 @@
 	SDEV_T_VAL(msg,28,e->dev);
 	SINO_T_VAL(msg,36,e->inode);
 	SIVAL(msg,44,e->share_file_id);
+	SIVAL(msg,48,e->uid);
 }
 
 /****************************************************************************
@@ -849,6 +850,7 @@
 	e->dev = DEV_T_VAL(msg,28);
 	e->inode = INO_T_VAL(msg,36);
 	e->share_file_id = (unsigned long)IVAL(msg,44);
+	e->uid = (uint32)IVAL(msg,48);
 }
 
 /****************************************************************************

Modified: branches/SAMBA_3_0_RELEASE/source/utils/status.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/utils/status.c	2006-06-22 19:47:44 UTC (rev 16471)
+++ branches/SAMBA_3_0_RELEASE/source/utils/status.c	2006-06-22 19:52:32 UTC (rev 16472)
@@ -108,13 +108,14 @@
 
 	if (count==0) {
 		d_printf("Locked files:\n");
-		d_printf("Pid          DenyMode   Access      R/W        Oplock           SharePath           Name\n");
-		d_printf("----------------------------------------------------------------------------------------\n");
+		d_printf("Pid          Uid        DenyMode   Access      R/W        Oplock           SharePath   Name   Time\n");
+		d_printf("--------------------------------------------------------------------------------------------------\n");
 	}
 	count++;
 
 	if (Ucrit_checkPid(procid_to_pid(&e->pid))) {
 		d_printf("%-11s  ",procid_str_static(&e->pid));
+		d_printf("%-9u  ", (unsigned int)e->uid);
 		switch (map_share_mode_to_deny_mode(e->share_access,
 						    e->private_options)) {
 			case DENY_NONE: d_printf("DENY_NONE  "); break;

Modified: branches/SAMBA_3_0_RELEASE/source/web/statuspage.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/web/statuspage.c	2006-06-22 19:47:44 UTC (rev 16471)
+++ branches/SAMBA_3_0_RELEASE/source/web/statuspage.c	2006-06-22 19:52:32 UTC (rev 16472)
@@ -119,6 +119,7 @@
 						    e->private_options);
 
 	printf("<tr><td>%s</td>",_(mapPid2Machine(e->pid)));
+	printf("<td>%u</td>",(unsigned int)e->uid);
 	printf("<td>");
 	switch ((deny_mode>>4)&0xF) {
 	case DENY_NONE: printf("DENY_NONE"); break;

More information about the samba-cvs mailing list