[SCM] Samba Shared Repository - branch master updated -
release-4-0-0alpha6-917-g8e19a28
Tim Prouty
tprouty at samba.org
Mon Feb 16 08:43:09 GMT 2009
The branch, master has been updated
via 8e19a288052bca5efdb0277a40c1e0fdd099cc2b (commit)
via 57a31ef2030d3146ec1c099c1c4036efa01a3dfa (commit)
via 6bd7e2b097c54615929b9fdcb7ca00a3fa4cc2aa (commit)
via dea223ba7914ff9cdc1a35720086c437c74fc5ac (commit)
from 6211162d3eeebcfde86a039c67119e6388e6dfbc (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8e19a288052bca5efdb0277a40c1e0fdd099cc2b
Author: Zach Loafman <zach.loafman at isilon.com>
Date: Sat Feb 14 18:20:33 2009 +0000
s3 auth: Add parameter that forces every user through an NSS lookup
When set to yes, "force username map" forces every user, even AD
users, through an NSS lookup. This allows the token to be overridden
with information from NSS in certain broken environments.
commit 57a31ef2030d3146ec1c099c1c4036efa01a3dfa
Author: Tim Prouty <tprouty at samba.org>
Date: Sun Feb 15 12:36:02 2009 -0800
s3 perfcount: Fix segfault with smbclient 'echo 3 foo'
commit 6bd7e2b097c54615929b9fdcb7ca00a3fa4cc2aa
Author: Tim Prouty <tprouty at samba.org>
Date: Sat Feb 14 16:10:51 2009 -0800
s3 OneFS: Add defaults to the fake timestamp parameters
commit dea223ba7914ff9cdc1a35720086c437c74fc5ac
Author: Tim Prouty <tprouty at samba.org>
Date: Mon Feb 9 23:43:08 2009 -0800
make receive_smb_raw_talloc more readable
-----------------------------------------------------------------------
Summary of changes:
source3/auth/auth_util.c | 26 +++++++++++++++++++---
source3/include/proto.h | 2 +
source3/modules/onefs.h | 8 +++++++
source3/modules/perfcount_test.c | 44 +++++++++----------------------------
source3/modules/vfs_onefs.c | 19 +++++++++-------
source3/param/loadparm.c | 11 +++++++++
source3/smbd/process.c | 8 +++---
7 files changed, 69 insertions(+), 49 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 1f00e22..0dab05b 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -710,6 +710,8 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
NTSTATUS status;
size_t i;
struct dom_sid tmp_sid;
+ const char *name_to_use;
+ bool force_nss;
/*
* If winbind is not around, we can not make much use of the SIDs the
@@ -717,11 +719,22 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
* mapped to some local unix user.
*/
+ DEBUG(10, ("creating token for %s (SAM: %s)\n", server_info->unix_name,
+ server_info->sam_account->username));
+
+ force_nss = lp_force_username_map() && !server_info->nss_token;
if (((lp_server_role() == ROLE_DOMAIN_MEMBER) && !winbind_ping()) ||
- (server_info->nss_token)) {
+ server_info->nss_token || force_nss) {
+ if (force_nss)
+ name_to_use =
+ pdb_get_username(server_info->sam_account);
+ else
+ name_to_use = server_info->unix_name;
+
status = create_token_from_username(server_info,
- server_info->unix_name,
+ name_to_use,
server_info->guest,
+ force_nss,
&server_info->utok.uid,
&server_info->utok.gid,
&server_info->unix_name,
@@ -826,6 +839,7 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
bool is_guest,
+ bool force_nss,
uid_t *uid, gid_t *gid,
char **found_username,
struct nt_user_token **token)
@@ -841,6 +855,9 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
size_t num_gids;
size_t i;
+ DEBUG(10, ("creating token for %s,%s guest,%s forcing NSS lookup\n",
+ username, is_guest ? "" : " not", force_nss ? "" : " not"));
+
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
DEBUG(0, ("talloc_new failed\n"));
@@ -865,7 +882,7 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
goto done;
}
- if (sid_check_is_in_our_domain(&user_sid)) {
+ if (sid_check_is_in_our_domain(&user_sid) && !force_nss) {
bool ret;
/* This is a passdb user, so ask passdb */
@@ -907,7 +924,7 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
*found_username = talloc_strdup(mem_ctx,
pdb_get_username(sam_acct));
- } else if (sid_check_is_in_unix_users(&user_sid)) {
+ } else if (force_nss || sid_check_is_in_unix_users(&user_sid)) {
/* This is a unix user not in passdb. We need to ask nss
* directly, without consulting passdb */
@@ -1063,6 +1080,7 @@ bool user_in_group_sid(const char *username, const DOM_SID *group_sid)
}
status = create_token_from_username(mem_ctx, username, False,
+ lp_force_username_map(),
&uid, &gid, &found_username,
&token);
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 8a5d649..3baa8c0 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -110,6 +110,7 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info,
NTSTATUS create_local_token(auth_serversupplied_info *server_info);
NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
bool is_guest,
+ bool force_nss,
uid_t *uid, gid_t *gid,
char **found_username,
struct nt_user_token **token);
@@ -3969,6 +3970,7 @@ const char *lp_afs_username_map(void);
int lp_afs_token_lifetime(void);
char *lp_log_nt_token_command(void);
char *lp_username_map(void);
+bool lp_force_username_map(void);
const char *lp_logon_script(void);
const char *lp_logon_path(void);
const char *lp_logon_drive(void);
diff --git a/source3/modules/onefs.h b/source3/modules/onefs.h
index 126b756..b979cfd 100644
--- a/source3/modules/onefs.h
+++ b/source3/modules/onefs.h
@@ -42,17 +42,25 @@ enum onefs_acl_wire_format
#define PARM_ACL_WIRE_FORMAT "acl wire format"
#define PARM_ACL_WIRE_FORMAT_DEFAULT ACL_FORMAT_WINDOWS_SD
#define PARM_ATIME_NOW "atime now files"
+#define PARM_ATIME_NOW_DEFAULT NULL
#define PARM_ATIME_STATIC "atime static files"
+#define PARM_ATIME_STATIC_DEFAULT NULL
#define PARM_ATIME_SLOP "atime now slop"
+#define PARM_ATIME_SLOP_DEFAULT 0
#define PARM_CREATOR_OWNER_GETS_FULL_CONTROL "creator owner gets full control"
#define PARM_CREATOR_OWNER_GETS_FULL_CONTROL_DEFAULT true
#define PARM_CTIME_NOW "ctime now files"
+#define PARM_CTIME_NOW_DEFAULT NULL
#define PARM_CTIME_SLOP "ctime now slop"
+#define PARM_CTIME_SLOP_DEFAULT 0
#define PARM_IGNORE_SACLS "ignore sacls"
#define PARM_IGNORE_SACLS_DEFAULT false
#define PARM_MTIME_NOW "mtime now files"
+#define PARM_MTIME_NOW_DEFAULT NULL
#define PARM_MTIME_STATIC "mtime static files"
+#define PARM_MTIME_STATIC_DEFAULT NULL
#define PARM_MTIME_SLOP "mtime now slop"
+#define PARM_MTIME_SLOP_DEFAULT 0
#define PARM_USE_READDIRPLUS "use readdirplus"
#define PARM_USE_READDIRPLUS_DEFAULT true
#define PARM_SIMPLE_FILE_SHARING_COMPATIBILITY_MODE "simple file sharing compatibility mode"
diff --git a/source3/modules/perfcount_test.c b/source3/modules/perfcount_test.c
index 3221adf..b140172 100644
--- a/source3/modules/perfcount_test.c
+++ b/source3/modules/perfcount_test.c
@@ -227,11 +227,8 @@ static void perfcount_test_add(struct smb_perfcount_data *pcd)
(struct perfcount_test_context *)pcd->context;
struct perfcount_test_counter *ctr;
- if (pcd->context == NULL) {
- DEBUG(0,("perfcount_test_add - uninitialized "
- "perfcount context - %p\n", pcd));
+ if (pcd->context == NULL)
return;
- }
ctr = SMB_MALLOC_P(struct perfcount_test_counter);
if (!ctr) {
@@ -247,11 +244,8 @@ static void perfcount_test_set_op(struct smb_perfcount_data *pcd, int op)
struct perfcount_test_context *ctxt =
(struct perfcount_test_context *)pcd->context;
- if (pcd->context == NULL) {
- DEBUG(0,("perfcount_test_set_op - uninitialized "
- "perfcount context - %p\n", pcd));
+ if (pcd->context == NULL)
return;
- }
ctxt->ops->op = op;
}
@@ -261,11 +255,8 @@ static void perfcount_test_set_subop(struct smb_perfcount_data *pcd, int sub_op)
struct perfcount_test_context *ctxt =
(struct perfcount_test_context *)pcd->context;
- if (pcd->context == NULL) {
- DEBUG(0,("perfcount_test_set_sub_op - uninitialized "
- "perfcount context - %p\n", pcd));
+ if (pcd->context == NULL)
return;
- }
ctxt->ops->sub_op = sub_op;
}
@@ -274,11 +265,9 @@ static void perfcount_test_set_ioctl(struct smb_perfcount_data *pcd, int io_ctl)
{
struct perfcount_test_context *ctxt =
(struct perfcount_test_context *)pcd->context;
- if (pcd->context == NULL) {
- DEBUG(0,("perfcount_test_set_ioctl - uninitialized "
- "perfcount context - %p\n", pcd));
+ if (pcd->context == NULL)
return;
- }
+
ctxt->ops->ioctl = io_ctl;
}
@@ -287,11 +276,9 @@ static void perfcount_test_set_msglen_in(struct smb_perfcount_data *pcd,
{
struct perfcount_test_context *ctxt =
(struct perfcount_test_context *)pcd->context;
- if (pcd->context == NULL) {
- DEBUG(0,("perfcount_test_set_msglen_in - "
- "uninitialized perfcount context - %p\n", pcd));
+ if (pcd->context == NULL)
return;
- }
+
ctxt->ops->bytes_in = bytes_in;
}
@@ -301,11 +288,8 @@ static void perfcount_test_set_msglen_out(struct smb_perfcount_data *pcd,
struct perfcount_test_context *ctxt =
(struct perfcount_test_context *)pcd->context;
- if (pcd->context == NULL) {
- DEBUG(0,("perfcount_test_set_msglen_out - uninitialized "
- "perfcount context - %p\n", pcd));
+ if (pcd->context == NULL)
return;
- }
ctxt->ops->bytes_out = bytes_out;
}
@@ -318,11 +302,7 @@ static void perfcount_test_defer_op(struct smb_perfcount_data *pcd,
struct smb_perfcount_data *def_pcd)
{
/* we don't do anything special to deferred ops */
- if (pcd->context == NULL) {
- DEBUG(0,("perfcount_test_set_msglen_out - uninitialized "
- "perfcount context - %p\n", pcd));
- return;
- }
+ return;
}
static void perfcount_test_set_client(struct smb_perfcount_data *pcd,
@@ -337,15 +317,13 @@ static void perfcount_test_end(struct smb_perfcount_data *pcd)
{
struct perfcount_test_context *ctxt =
(struct perfcount_test_context *)pcd->context;
- if (pcd->context == NULL) {
- DEBUG(0,("perfcount_test_end - uninitialized "
- "perfcount context - %p\n", pcd));
+ if (pcd->context == NULL)
return;
- }
/* @bug - we don't store outbytes right for chained cmds */
perfcount_test_add_counters(ctxt);
perfcount_test_dump_counters();
+ pcd->context = NULL;
SAFE_FREE(ctxt);
}
diff --git a/source3/modules/vfs_onefs.c b/source3/modules/vfs_onefs.c
index fe0dfc9..9667d86 100644
--- a/source3/modules/vfs_onefs.c
+++ b/source3/modules/vfs_onefs.c
@@ -36,7 +36,7 @@ static void onefs_load_faketimestamp_config(struct vfs_handle_struct *handle,
int snum = SNUM(handle->conn);
parm = lp_parm_string_list(snum, PARM_ONEFS_TYPE, PARM_ATIME_NOW,
- NULL);
+ PARM_ATIME_NOW_DEFAULT);
if (parm) {
cfg->init_flags |= ONEFS_VFS_CONFIG_FAKETIMESTAMPS;
@@ -44,7 +44,7 @@ static void onefs_load_faketimestamp_config(struct vfs_handle_struct *handle,
}
parm = lp_parm_string_list(snum, PARM_ONEFS_TYPE, PARM_CTIME_NOW,
- NULL);
+ PARM_CTIME_NOW_DEFAULT);
if (parm) {
cfg->init_flags |= ONEFS_VFS_CONFIG_FAKETIMESTAMPS;
@@ -52,7 +52,7 @@ static void onefs_load_faketimestamp_config(struct vfs_handle_struct *handle,
}
parm = lp_parm_string_list(snum, PARM_ONEFS_TYPE, PARM_MTIME_NOW,
- NULL);
+ PARM_MTIME_NOW_DEFAULT);
if (parm) {
cfg->init_flags |= ONEFS_VFS_CONFIG_FAKETIMESTAMPS;
@@ -60,7 +60,7 @@ static void onefs_load_faketimestamp_config(struct vfs_handle_struct *handle,
}
parm = lp_parm_string_list(snum, PARM_ONEFS_TYPE, PARM_ATIME_STATIC,
- NULL);
+ PARM_ATIME_STATIC_DEFAULT);
if (parm) {
cfg->init_flags |= ONEFS_VFS_CONFIG_FAKETIMESTAMPS;
@@ -68,16 +68,19 @@ static void onefs_load_faketimestamp_config(struct vfs_handle_struct *handle,
}
parm = lp_parm_string_list(snum, PARM_ONEFS_TYPE, PARM_MTIME_STATIC,
- NULL);
+ PARM_MTIME_STATIC_DEFAULT);
if (parm) {
cfg->init_flags |= ONEFS_VFS_CONFIG_FAKETIMESTAMPS;
set_namearray(&cfg->mtime_static_list,*parm);
}
- cfg->atime_slop = lp_parm_int(snum, PARM_ONEFS_TYPE, PARM_ATIME_SLOP,0);
- cfg->ctime_slop = lp_parm_int(snum, PARM_ONEFS_TYPE, PARM_CTIME_SLOP,0);
- cfg->mtime_slop = lp_parm_int(snum, PARM_ONEFS_TYPE, PARM_MTIME_SLOP,0);
+ cfg->atime_slop = lp_parm_int(snum, PARM_ONEFS_TYPE, PARM_ATIME_SLOP,
+ PARM_ATIME_SLOP_DEFAULT);
+ cfg->ctime_slop = lp_parm_int(snum, PARM_ONEFS_TYPE, PARM_CTIME_SLOP,
+ PARM_CTIME_SLOP_DEFAULT);
+ cfg->mtime_slop = lp_parm_int(snum, PARM_ONEFS_TYPE, PARM_MTIME_SLOP,
+ PARM_MTIME_SLOP_DEFAULT);
}
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index a9f2809..37af703 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -144,6 +144,7 @@ struct global {
int iAfsTokenLifetime;
char *szLogNtTokenCommand;
char *szUsernameMap;
+ bool bForceUsernameMap;
char *szLogonScript;
char *szLogonPath;
char *szLogonDrive;
@@ -1282,6 +1283,15 @@ static struct parm_struct parm_table[] = {
.flags = FLAG_ADVANCED,
},
{
+ .label = "force username map",
+ .type = P_BOOL,
+ .p_class = P_GLOBAL,
+ .ptr = &Globals.bForceUsernameMap,
+ .special = NULL,
+ .enum_list = NULL,
+ .flags = FLAG_ADVANCED,
+ },
+ {
.label = "password level",
.type = P_INTEGER,
.p_class = P_GLOBAL,
@@ -5200,6 +5210,7 @@ FN_GLOBAL_CONST_STRING(lp_afs_username_map, &Globals.szAfsUsernameMap)
FN_GLOBAL_INTEGER(lp_afs_token_lifetime, &Globals.iAfsTokenLifetime)
FN_GLOBAL_STRING(lp_log_nt_token_command, &Globals.szLogNtTokenCommand)
FN_GLOBAL_STRING(lp_username_map, &Globals.szUsernameMap)
+FN_GLOBAL_BOOL(lp_force_username_map, &Globals.bForceUsernameMap)
FN_GLOBAL_CONST_STRING(lp_logon_script, &Globals.szLogonScript)
FN_GLOBAL_CONST_STRING(lp_logon_path, &Globals.szLogonPath)
FN_GLOBAL_CONST_STRING(lp_logon_drive, &Globals.szLogonDrive)
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 0285d00..18fbdd7 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -272,10 +272,10 @@ static NTSTATUS receive_smb_raw_talloc(TALLOC_CTX *mem_ctx, int fd,
return status;
}
- if (CVAL(lenbuf,0) == 0 &&
- min_recv_size &&
- smb_len_large(lenbuf) > (min_recv_size + STANDARD_WRITE_AND_X_HEADER_SIZE) && /* Could be a UNIX large writeX. */
- !srv_is_signing_active()) {
+ if (CVAL(lenbuf,0) == 0 && min_recv_size &&
+ (smb_len_large(lenbuf) > /* Could be a UNIX large writeX. */
+ (min_recv_size + STANDARD_WRITE_AND_X_HEADER_SIZE)) &&
+ !srv_is_signing_active()) {
return receive_smb_raw_talloc_partial_read(
mem_ctx, lenbuf, fd, buffer, timeout, p_unread, plen);
--
Samba Shared Repository
More information about the samba-cvs
mailing list