[SCM] Samba Shared Repository - branch master updated -
release-4-0-0alpha6-747-gfdd282a
Volker Lendecke
vlendec at samba.org
Tue Feb 10 20:56:10 GMT 2009
The branch, master has been updated
via fdd282afa3e80712790c5bbac84bf4f88644692a (commit)
via e07e964729571410871318e3682710a0692e176e (commit)
via 1cbc58d3be87852052901d4a34ad92c9f584d956 (commit)
via 7ecaced8869541afd8a17c525e9b8387a8b20749 (commit)
via e3569df15b28896f4f79733df28498da2c021efe (commit)
from ca23469a906bab690162184e8d3949897f7b5a67 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit fdd282afa3e80712790c5bbac84bf4f88644692a
Author: Volker Lendecke <vl at samba.org>
Date: Sun Feb 8 14:24:22 2009 +0100
Remove an unused extern reference
commit e07e964729571410871318e3682710a0692e176e
Author: Volker Lendecke <vl at samba.org>
Date: Sun Feb 8 14:20:17 2009 +0100
Convert api_NetUserGetGroups to use samr instead of pdb
commit 1cbc58d3be87852052901d4a34ad92c9f584d956
Author: Volker Lendecke <vl at samba.org>
Date: Thu Feb 5 15:53:04 2009 +0100
Fix some nonempty blank lines
commit 7ecaced8869541afd8a17c525e9b8387a8b20749
Author: Volker Lendecke <vl at samba.org>
Date: Sun Feb 1 20:47:59 2009 +0100
Do not use strlen if not necessary... :-)
commit e3569df15b28896f4f79733df28498da2c021efe
Author: Volker Lendecke <vl at samba.org>
Date: Sun Feb 1 17:17:37 2009 +0100
If we receive a DOS error code, nt_errstr should display it
-----------------------------------------------------------------------
Summary of changes:
source3/Makefile.in | 4 +-
source3/auth/auth_sam.c | 18 +++---
source3/libsmb/cliconnect.c | 6 +--
source3/libsmb/nterr.c | 5 ++
source3/smbd/chgpasswd.c | 2 -
source3/smbd/lanman.c | 118 +++++++++++++++++++++++++------------------
6 files changed, 86 insertions(+), 67 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 6e453c9..03463e9 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -423,7 +423,7 @@ LIBNBT_OBJ = ../libcli/nbt/nbtname.o \
LIBNMB_OBJ = libsmb/unexpected.o libsmb/namecache.o libsmb/nmblib.o \
libsmb/namequery.o libsmb/conncache.o libads/dns.o
-NTERR_OBJ = libsmb/nterr.o
+NTERR_OBJ = libsmb/nterr.o libsmb/smberr.o
DOSERR_OBJ = ../libcli/util/doserr.o
ERRORMAP_OBJ = libsmb/errormap.o
DCE_RPC_ERR_OBJ = ../librpc/rpc/dcerpc_error.o
@@ -451,7 +451,7 @@ LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \
libsmb/clireadwrite.o libsmb/clilist.o libsmb/cliprint.o \
libsmb/clitrans.o libsmb/clisecdesc.o libsmb/clidgram.o \
libsmb/clistr.o libsmb/cliquota.o libsmb/clifsinfo.o libsmb/clidfs.o \
- libsmb/smberr.o libsmb/credentials.o libsmb/pwd_cache.o \
+ libsmb/credentials.o libsmb/pwd_cache.o \
libsmb/clioplock.o libsmb/clirap2.o \
libsmb/smb_seal.o libsmb/async_smb.o \
$(LIBSAMBA_OBJ) \
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index 7fe76fb..f5d61e9 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -5,17 +5,17 @@
Copyright (C) Luke Kenneth Casson Leighton 1996-2000
Copyright (C) Andrew Bartlett 2001-2003
Copyright (C) Gerald Carter 2003
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -69,7 +69,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
servers local time, as logon hours are just specified as a weekly
bitmask.
****************************************************************************/
-
+
static bool logon_hours_ok(struct samu *sampass)
{
/* In logon hours first bit is Sunday from 12AM to 1AM */
@@ -107,7 +107,7 @@ static bool logon_hours_ok(struct samu *sampass)
asct = "INVALID TIME";
}
}
-
+
DEBUG(1, ("logon_hours_ok: Account for user %s not allowed to "
"logon at this time (%s).\n",
pdb_get_username(sampass), asct ));
@@ -133,7 +133,7 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
uint32 acct_ctrl = pdb_get_acct_ctrl(sampass);
char *workstation_list;
time_t kickoff_time;
-
+
DEBUG(4,("sam_account_ok: Checking SMB password for user %s\n",pdb_get_username(sampass)));
/* Quit if the account was disabled. */
@@ -154,7 +154,7 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
}
/* Test account expire time */
-
+
kickoff_time = pdb_get_kickoff_time(sampass);
if (kickoff_time != 0 && time(NULL) > kickoff_time) {
DEBUG(1,("sam_account_ok: Account for user '%s' has expired.\n", pdb_get_username(sampass)));
@@ -406,7 +406,7 @@ static NTSTATUS check_samstrict_security(const struct auth_context *auth_context
is_my_domain = strequal(user_info->domain, lp_workgroup());
/* check whether or not we service this domain/workgroup name */
-
+
switch ( lp_server_role() ) {
case ROLE_STANDALONE:
case ROLE_DOMAIN_MEMBER:
@@ -426,7 +426,7 @@ static NTSTATUS check_samstrict_security(const struct auth_context *auth_context
default: /* name is ok */
break;
}
-
+
return check_sam_security(auth_context, my_private_data, mem_ctx, user_info, server_info);
}
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index a39e035..dabfc39 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -188,10 +188,8 @@ struct async_req *cli_session_setup_guest_send(TALLOC_CTX *mem_ctx,
NULL);
bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "", 1, /* workgroup */
NULL);
- bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "Unix",
- strlen("Unix")+1, NULL);
- bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "Samba",
- strlen("Samba")+1, NULL);
+ bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "Unix", 5, NULL);
+ bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "Samba", 6, NULL);
if (bytes == NULL) {
return NULL;
diff --git a/source3/libsmb/nterr.c b/source3/libsmb/nterr.c
index 465d88a..52e81ac 100644
--- a/source3/libsmb/nterr.c
+++ b/source3/libsmb/nterr.c
@@ -659,6 +659,11 @@ const char *nt_errstr(NTSTATUS nt_code)
}
#endif
+ if (NT_STATUS_IS_DOS(nt_code)) {
+ return smb_dos_err_name(NT_STATUS_DOS_CLASS(nt_code),
+ NT_STATUS_DOS_CODE(nt_code));
+ }
+
while (nt_errs[idx].nt_errstr != NULL) {
if (NT_STATUS_EQUAL(nt_errs[idx].nt_errcode, nt_code)) {
return nt_errs[idx].nt_errstr;
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index 78bace7..ccab71c 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -47,8 +47,6 @@
#include "includes.h"
-extern struct passdb_ops pdb_ops;
-
static NTSTATUS check_oem_password(const char *user,
uchar password_encrypted_with_lm_hash[516],
const uchar old_lm_hash_encrypted[16],
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index f4df58d..6f8f8ed 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -2194,17 +2194,17 @@ static bool api_NetUserGetGroups(connection_struct *conn,uint16 vuid,
int uLevel = get_safe_SVAL(param,tpscnt,p,0,-1);
const char *level_string;
int count=0;
- struct samu *sampw = NULL;
bool ret = False;
- DOM_SID *sids;
- gid_t *gids;
- size_t num_groups;
- size_t i;
- NTSTATUS result;
- DOM_SID user_sid;
- enum lsa_SidType type;
+ uint32_t i;
char *endp = NULL;
- TALLOC_CTX *mem_ctx;
+
+ struct rpc_pipe_client *samr_pipe;
+ struct policy_handle samr_handle, domain_handle, user_handle;
+ struct lsa_String name;
+ struct lsa_Strings names;
+ struct samr_Ids type, rid;
+ struct samr_RidWithAttributeArray *rids;
+ NTSTATUS status;
if (!str1 || !str2 || !UserName || !p) {
return False;
@@ -2244,59 +2244,75 @@ static bool api_NetUserGetGroups(connection_struct *conn,uint16 vuid,
p = *rdata;
endp = *rdata + *rdata_len;
- mem_ctx = talloc_new(NULL);
- if (mem_ctx == NULL) {
- DEBUG(0, ("talloc_new failed\n"));
- return False;
+ status = rpc_pipe_open_internal(
+ talloc_tos(), &ndr_table_samr.syntax_id, rpc_samr_dispatch,
+ conn->server_info, &samr_pipe);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("api_RNetUserEnum: Could not connect to samr: %s\n",
+ nt_errstr(status)));
+ return false;
}
- if ( !(sampw = samu_new(mem_ctx)) ) {
- DEBUG(0, ("samu_new() failed!\n"));
- TALLOC_FREE(mem_ctx);
- return False;
+ status = rpccli_samr_Connect2(samr_pipe, talloc_tos(), global_myname(),
+ SAMR_ACCESS_OPEN_DOMAIN, &samr_handle);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("api_RNetUserEnum: samr_Connect2 failed: %s\n",
+ nt_errstr(status)));
+ return false;
}
- /* Lookup the user information; This should only be one of
- our accounts (not remote domains) */
+ status = rpccli_samr_OpenDomain(samr_pipe, talloc_tos(), &samr_handle,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ get_global_sam_sid(), &domain_handle);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("api_RNetUserEnum: samr_OpenDomain failed: %s\n",
+ nt_errstr(status)));
+ goto close_sam;
+ }
- become_root(); /* ROOT BLOCK */
+ name.string = UserName;
- if (!lookup_name(mem_ctx, UserName, LOOKUP_NAME_ALL,
- NULL, NULL, &user_sid, &type)) {
- DEBUG(10, ("lookup_name(%s) failed\n", UserName));
- goto done;
+ status = rpccli_samr_LookupNames(samr_pipe, talloc_tos(),
+ &domain_handle, 1, &name,
+ &rid, &type);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("api_RNetUserEnum: samr_LookupNames failed: %s\n",
+ nt_errstr(status)));
+ goto close_domain;
}
- if (type != SID_NAME_USER) {
+ if (type.ids[0] != SID_NAME_USER) {
DEBUG(10, ("%s is a %s, not a user\n", UserName,
- sid_type_lookup(type)));
- goto done;
+ sid_type_lookup(type.ids[0])));
+ goto close_domain;
}
- if ( !pdb_getsampwsid(sampw, &user_sid) ) {
- DEBUG(10, ("pdb_getsampwsid(%s) failed for user %s\n",
- sid_string_dbg(&user_sid), UserName));
- goto done;
+ status = rpccli_samr_OpenUser(samr_pipe, talloc_tos(),
+ &domain_handle,
+ SAMR_USER_ACCESS_GET_GROUPS,
+ rid.ids[0], &user_handle);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("api_RNetUserEnum: samr_LookupNames failed: %s\n",
+ nt_errstr(status)));
+ goto close_domain;
}
- gids = NULL;
- sids = NULL;
- num_groups = 0;
-
- result = pdb_enum_group_memberships(mem_ctx, sampw,
- &sids, &gids, &num_groups);
-
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(10, ("pdb_enum_group_memberships failed for %s\n",
- UserName));
- goto done;
+ status = rpccli_samr_GetGroupsForUser(samr_pipe, talloc_tos(),
+ &user_handle, &rids);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("api_RNetUserEnum: samr_LookupNames failed: %s\n",
+ nt_errstr(status)));
+ goto close_user;
}
- for (i=0; i<num_groups; i++) {
- const char *grp_name;
+ for (i=0; i<rids->count; i++) {
- if ( lookup_sid(mem_ctx, &sids[i], NULL, &grp_name, NULL) ) {
- strlcpy(p, grp_name, PTR_DIFF(endp,p));
+ status = rpccli_samr_LookupRids(samr_pipe, talloc_tos(),
+ &domain_handle,
+ 1, &rids->rids[i].rid,
+ &names, &type);
+ if (NT_STATUS_IS_OK(status) && (names.count == 1)) {
+ strlcpy(p, names.names[0].string, PTR_DIFF(endp,p));
p += 21;
count++;
}
@@ -2309,10 +2325,12 @@ static bool api_NetUserGetGroups(connection_struct *conn,uint16 vuid,
ret = True;
-done:
- unbecome_root(); /* END ROOT BLOCK */
-
- TALLOC_FREE(mem_ctx);
+ close_user:
+ rpccli_samr_Close(samr_pipe, talloc_tos(), &user_handle);
+ close_domain:
+ rpccli_samr_Close(samr_pipe, talloc_tos(), &domain_handle);
+ close_sam:
+ rpccli_samr_Close(samr_pipe, talloc_tos(), &samr_handle);
return ret;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list