[SCM] Samba Shared Repository - branch v3-4-test updated -
release-4-0-0alpha7-543-g59811de
Günther Deschner
gd at samba.org
Fri Mar 20 09:53:29 GMT 2009
The branch, v3-4-test has been updated
via 59811de7a80d5ecdf090c116087c7a03ae288887 (commit)
via 42a692da477d7986767ad90a15087aa8a2ebcb40 (commit)
via 990917cbe3f8cd00e2d13dd67ee752fffae94401 (commit)
via 98dd60a0e85d37945deaa997d87f5cb173eaaea9 (commit)
from b20cace3a7c312f44f39390954bc087b888d9b27 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test
- Log -----------------------------------------------------------------
commit 59811de7a80d5ecdf090c116087c7a03ae288887
Author: Günther Deschner <gd at samba.org>
Date: Thu Mar 19 12:53:01 2009 +0100
s3-spoolss: pure comsetics.
sorry, I just need to do that.
Guenther
(cherry picked from commit 045151b767c62ac1343e86cb3886107226e73fda)
commit 42a692da477d7986767ad90a15087aa8a2ebcb40
Author: Günther Deschner <gd at samba.org>
Date: Thu Mar 19 16:42:54 2009 +0100
s3-krb5: Fix Coverity #722 (RESOURCE_LEAK).
Guenther
(cherry picked from commit 1524abd8bf12d82e1fb0063585fc9a465fc7bf9c)
commit 990917cbe3f8cd00e2d13dd67ee752fffae94401
Author: Günther Deschner <gd at samba.org>
Date: Thu Mar 19 16:18:29 2009 +0100
s3-net: Fix Coverity #886 (FORWARD_NULL).
Guenther
(cherry picked from commit 2c186be0df33664eea980c17720be41f25f91288)
commit 98dd60a0e85d37945deaa997d87f5cb173eaaea9
Author: Günther Deschner <gd at samba.org>
Date: Thu Nov 27 17:49:25 2008 +0100
s3-samr: try to to fix password_expired flag handling.
Guenther
(cherry picked from commit 842edcd2b08763a35dbdea3518fcc039aa70aad4)
-----------------------------------------------------------------------
Summary of changes:
source3/include/proto.h | 11 ++-
source3/libsmb/clikrb5.c | 30 +++--
source3/rpc_server/srv_samr_nt.c | 120 ++++++++++-------
source3/rpc_server/srv_samr_util.c | 87 +++++++++++-
source3/rpc_server/srv_spoolss_nt.c | 259 +++++++++++++++++------------------
source3/rpcclient/cmd_spoolss.c | 32 ++--
source3/utils/net_rpc_printer.c | 84 ++++++------
7 files changed, 368 insertions(+), 255 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 3d87f75..9bffa4d 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -5898,6 +5898,8 @@ NTSTATUS np_read_recv(struct tevent_req *req, ssize_t *nread,
/* The following definitions come from rpc_server/srv_samr_util.c */
+void copy_id18_to_sam_passwd(struct samu *to,
+ struct samr_UserInfo18 *from);
void copy_id20_to_sam_passwd(struct samu *to,
struct samr_UserInfo20 *from);
void copy_id21_to_sam_passwd(const char *log_prefix,
@@ -5905,8 +5907,12 @@ void copy_id21_to_sam_passwd(const char *log_prefix,
struct samr_UserInfo21 *from);
void copy_id23_to_sam_passwd(struct samu *to,
struct samr_UserInfo23 *from);
+void copy_id24_to_sam_passwd(struct samu *to,
+ struct samr_UserInfo24 *from);
void copy_id25_to_sam_passwd(struct samu *to,
struct samr_UserInfo25 *from);
+void copy_id26_to_sam_passwd(struct samu *to,
+ struct samr_UserInfo26 *from);
/* The following definitions come from rpc_server/srv_spoolss_nt.c */
@@ -5925,8 +5931,9 @@ void reset_all_printerdata(struct messaging_context *msg,
bool convert_devicemode(const char *printername,
const struct spoolss_DeviceMode *devmode,
NT_DEVICEMODE **pp_nt_devmode);
-WERROR set_printer_dataex( NT_PRINTER_INFO_LEVEL *printer, const char *key, const char *value,
- uint32 type, uint8 *data, int real_len );
+WERROR set_printer_dataex(NT_PRINTER_INFO_LEVEL *printer,
+ const char *key, const char *value,
+ uint32_t type, uint8_t *data, int real_len);
void spoolss_notify_server_name(int snum,
struct spoolss_Notify *data,
print_queue_struct *queue,
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 168ca63..4ab3137 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -878,24 +878,30 @@ failed:
bool get_krb5_smb_session_key(krb5_context context, krb5_auth_context auth_context, DATA_BLOB *session_key, bool remote)
{
- krb5_keyblock *skey;
- krb5_error_code err;
- bool ret = False;
+ krb5_keyblock *skey = NULL;
+ krb5_error_code err = 0;
+ bool ret = false;
- if (remote)
+ if (remote) {
err = krb5_auth_con_getremotesubkey(context, auth_context, &skey);
- else
+ } else {
err = krb5_auth_con_getlocalsubkey(context, auth_context, &skey);
- if (err == 0 && skey != NULL) {
- DEBUG(10, ("Got KRB5 session key of length %d\n", (int)KRB5_KEY_LENGTH(skey)));
- *session_key = data_blob(KRB5_KEY_DATA(skey), KRB5_KEY_LENGTH(skey));
- dump_data_pw("KRB5 Session Key:\n", session_key->data, session_key->length);
+ }
- ret = True;
+ if (err || skey == NULL) {
+ DEBUG(10, ("KRB5 error getting session key %d\n", err));
+ goto done;
+ }
+ DEBUG(10, ("Got KRB5 session key of length %d\n", (int)KRB5_KEY_LENGTH(skey)));
+ *session_key = data_blob(KRB5_KEY_DATA(skey), KRB5_KEY_LENGTH(skey));
+ dump_data_pw("KRB5 Session Key:\n", session_key->data, session_key->length);
+
+ ret = true;
+
+ done:
+ if (skey) {
krb5_free_keyblock(context, skey);
- } else {
- DEBUG(10, ("KRB5 error getting session key %d\n", err));
}
return ret;
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index dcbd096..c60d904 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -3636,12 +3636,7 @@ static NTSTATUS set_user_info_18(struct samr_UserInfo18 *id18,
pdb_set_pass_last_set_time(pwd, time(NULL), PDB_CHANGED);
}
- if (id18->password_expired) {
- pdb_set_pass_last_set_time(pwd, 0, PDB_CHANGED);
- } else {
- /* FIXME */
- pdb_set_pass_last_set_time(pwd, time(NULL), PDB_CHANGED);
- }
+ copy_id18_to_sam_passwd(pwd, id18);
return pdb_update_sam_account(pwd);
}
@@ -3848,23 +3843,16 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx,
set_user_info_pw
********************************************************************/
-static bool set_user_info_pw(uint8 *pass, struct samu *pwd,
- int level)
+static bool set_user_info_pw(uint8 *pass, struct samu *pwd)
{
uint32 len = 0;
char *plaintext_buf = NULL;
uint32 acct_ctrl;
- time_t last_set_time;
- enum pdb_value_state last_set_state;
DEBUG(5, ("Attempting administrator password change for user %s\n",
pdb_get_username(pwd)));
acct_ctrl = pdb_get_acct_ctrl(pwd);
- /* we need to know if it's expired, because this is an admin change, not a
- user change, so it's still expired when we're done */
- last_set_state = pdb_get_init_flags(pwd, PDB_PASSLASTSET);
- last_set_time = pdb_get_pass_last_set_time(pwd);
if (!decode_pw_buffer(talloc_tos(),
pass,
@@ -3907,29 +3895,38 @@ static bool set_user_info_pw(uint8 *pass, struct samu *pwd,
memset(plaintext_buf, '\0', strlen(plaintext_buf));
- /*
- * A level 25 change does reset the pwdlastset field, a level 24
- * change does not. I know this is probably not the full story, but
- * it is needed to make XP join LDAP correctly, without it the later
- * auth2 check can fail with PWD_MUST_CHANGE.
- */
- if (level != 25) {
- /*
- * restore last set time as this is an admin change, not a
- * user pw change
- */
- pdb_set_pass_last_set_time (pwd, last_set_time,
- last_set_state);
+ DEBUG(5,("set_user_info_pw: pdb_update_pwd()\n"));
+
+ return True;
+}
+
+/*******************************************************************
+ set_user_info_24
+ ********************************************************************/
+
+static NTSTATUS set_user_info_24(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo24 *id24,
+ struct samu *pwd)
+{
+ NTSTATUS status;
+
+ if (id24 == NULL) {
+ DEBUG(5, ("set_user_info_24: NULL id24\n"));
+ return NT_STATUS_INVALID_PARAMETER;
}
- DEBUG(5,("set_user_info_pw: pdb_update_pwd()\n"));
+ if (!set_user_info_pw(id24->password.data, pwd)) {
+ return NT_STATUS_WRONG_PASSWORD;
+ }
- /* update the SAMBA password */
- if(!NT_STATUS_IS_OK(pdb_update_sam_account(pwd))) {
- return False;
+ copy_id24_to_sam_passwd(pwd, id24);
+
+ status = pdb_update_sam_account(pwd);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- return True;
+ return NT_STATUS_OK;
}
/*******************************************************************
@@ -3955,6 +3952,14 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx,
return NT_STATUS_ACCESS_DENIED;
}
+ if ((id25->info.fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT) ||
+ (id25->info.fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT)) {
+
+ if (!set_user_info_pw(id25->password.data, pwd)) {
+ return NT_STATUS_WRONG_PASSWORD;
+ }
+ }
+
copy_id25_to_sam_passwd(pwd, id25);
/* write the change out */
@@ -3981,6 +3986,36 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx,
}
/*******************************************************************
+ set_user_info_26
+ ********************************************************************/
+
+static NTSTATUS set_user_info_26(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo26 *id26,
+ struct samu *pwd)
+{
+ NTSTATUS status;
+
+ if (id26 == NULL) {
+ DEBUG(5, ("set_user_info_26: NULL id26\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (!set_user_info_pw(id26->password.data, pwd)) {
+ return NT_STATUS_WRONG_PASSWORD;
+ }
+
+ copy_id26_to_sam_passwd(pwd, id26);
+
+ status = pdb_update_sam_account(pwd);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
+
+/*******************************************************************
samr_SetUserInfo
********************************************************************/
@@ -4139,10 +4174,8 @@ NTSTATUS _samr_SetUserInfo(pipes_struct *p,
dump_data(100, info->info24.password.data, 516);
- if (!set_user_info_pw(info->info24.password.data, pwd,
- switch_value)) {
- status = NT_STATUS_WRONG_PASSWORD;
- }
+ status = set_user_info_24(p->mem_ctx,
+ &info->info24, pwd);
break;
case 25:
@@ -4157,13 +4190,6 @@ NTSTATUS _samr_SetUserInfo(pipes_struct *p,
status = set_user_info_25(p->mem_ctx,
&info->info25, pwd);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
- if (!set_user_info_pw(info->info25.password.data, pwd,
- switch_value)) {
- status = NT_STATUS_WRONG_PASSWORD;
- }
break;
case 26:
@@ -4176,18 +4202,14 @@ NTSTATUS _samr_SetUserInfo(pipes_struct *p,
dump_data(100, info->info26.password.data, 516);
- if (!set_user_info_pw(info->info26.password.data, pwd,
- switch_value)) {
- status = NT_STATUS_WRONG_PASSWORD;
- }
+ status = set_user_info_26(p->mem_ctx,
+ &info->info26, pwd);
break;
default:
status = NT_STATUS_INVALID_INFO_CLASS;
}
- done:
-
TALLOC_FREE(pwd);
if (has_enough_rights) {
diff --git a/source3/rpc_server/srv_samr_util.c b/source3/rpc_server/srv_samr_util.c
index ef588ae..0681560 100644
--- a/source3/rpc_server/srv_samr_util.c
+++ b/source3/rpc_server/srv_samr_util.c
@@ -36,6 +36,27 @@
((s1) && (s2) && (strcmp((s1), (s2)) != 0))
/*************************************************************
+ Copies a struct samr_UserInfo18 to a struct samu
+**************************************************************/
+
+void copy_id18_to_sam_passwd(struct samu *to,
+ struct samr_UserInfo18 *from)
+{
+ struct samr_UserInfo21 i;
+
+ if (from == NULL || to == NULL) {
+ return;
+ }
+
+ ZERO_STRUCT(i);
+
+ i.fields_present = SAMR_FIELD_EXPIRED_FLAG;
+ i.password_expired = from->password_expired;
+
+ copy_id21_to_sam_passwd("INFO_18", to, &i);
+}
+
+/*************************************************************
Copies a struct samr_UserInfo20 to a struct samu
**************************************************************/
@@ -336,7 +357,7 @@ void copy_id21_to_sam_passwd(const char *log_prefix,
if (from->fields_present & SAMR_FIELD_EXPIRED_FLAG) {
DEBUG(10,("%s SAMR_FIELD_EXPIRED_FLAG: %02X\n", l,
from->password_expired));
- if (from->password_expired == PASS_MUST_CHANGE_AT_NEXT_LOGON) {
+ if (from->password_expired != 0) {
pdb_set_pass_last_set_time(to, 0, PDB_CHANGED);
} else {
/* A subtlety here: some windows commands will
@@ -345,9 +366,27 @@ void copy_id21_to_sam_passwd(const char *log_prefix,
in these caess. "net user /dom <user> /active:y"
for example, to clear an autolocked acct.
We must check to see if it's expired first. jmcd */
+
+ uint32_t pwd_max_age = 0;
+ time_t now = time(NULL);
+
+ pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &pwd_max_age);
+
+ if (pwd_max_age == (uint32_t)-1 || pwd_max_age == 0) {
+ pwd_max_age = get_time_t_max();
+ }
+
stored_time = pdb_get_pass_last_set_time(to);
- if (stored_time == 0)
- pdb_set_pass_last_set_time(to, time(NULL),PDB_CHANGED);
+
+ /* we will only *set* a pwdlastset date when
+ a) the last pwdlastset time was 0 (user was forced to
+ change password).
+ b) the users password has not expired. gd. */
+
+ if ((stored_time == 0) ||
+ ((now - stored_time) > pwd_max_age)) {
+ pdb_set_pass_last_set_time(to, now, PDB_CHANGED);
+ }
}
}
}
@@ -368,6 +407,27 @@ void copy_id23_to_sam_passwd(struct samu *to,
}
/*************************************************************
+ Copies a struct samr_UserInfo24 to a struct samu
+**************************************************************/
+
+void copy_id24_to_sam_passwd(struct samu *to,
+ struct samr_UserInfo24 *from)
+{
+ struct samr_UserInfo21 i;
+
+ if (from == NULL || to == NULL) {
+ return;
+ }
+
+ ZERO_STRUCT(i);
+
+ i.fields_present = SAMR_FIELD_EXPIRED_FLAG;
+ i.password_expired = from->password_expired;
+
+ copy_id21_to_sam_passwd("INFO_24", to, &i);
+}
+
+/*************************************************************
Copies a struct samr_UserInfo25 to a struct samu
**************************************************************/
@@ -380,3 +440,24 @@ void copy_id25_to_sam_passwd(struct samu *to,
copy_id21_to_sam_passwd("INFO_25", to, &from->info);
}
+
+/*************************************************************
+ Copies a struct samr_UserInfo26 to a struct samu
+**************************************************************/
+
+void copy_id26_to_sam_passwd(struct samu *to,
+ struct samr_UserInfo26 *from)
+{
+ struct samr_UserInfo21 i;
+
+ if (from == NULL || to == NULL) {
+ return;
+ }
+
+ ZERO_STRUCT(i);
+
+ i.fields_present = SAMR_FIELD_EXPIRED_FLAG;
+ i.password_expired = from->password_expired;
+
+ copy_id21_to_sam_passwd("INFO_26", to, &i);
+}
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index ab15e5c..b66f48a 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -66,13 +66,13 @@ typedef struct _counter_printer_0 {
struct _counter_printer_0 *prev;
int snum;
- uint32 counter;
+ uint32_t counter;
} counter_printer_0;
static counter_printer_0 *counter_list;
static struct rpc_pipe_client *notify_cli_pipe; /* print notify back-channel pipe handle*/
-static uint32 smb_connections=0;
+static uint32_t smb_connections = 0;
/* in printing/nt_printing.c */
@@ -186,7 +186,7 @@ static void srv_spoolss_replycloseprinter(int snum, struct policy_handle *handle
/* Tell the connections db we're no longer interested in
* printer notify messages. */
- register_message_flags( False, FLAG_MSG_PRINT_NOTIFY );
+ register_message_flags(false, FLAG_MSG_PRINT_NOTIFY);
}
smb_connections--;
@@ -198,7 +198,7 @@ static void srv_spoolss_replycloseprinter(int snum, struct policy_handle *handle
static int printer_entry_destructor(Printer_entry *Printer)
{
- if (Printer->notify.client_connected==True) {
+ if (Printer->notify.client_connected == true) {
int snum = -1;
if ( Printer->printer_type == SPLHND_SERVER) {
@@ -217,7 +217,7 @@ static int printer_entry_destructor(Printer_entry *Printer)
Printer->notify.localmachine[0]='\0';
Printer->notify.printerlocal=0;
TALLOC_FREE(Printer->notify.option);
- Printer->notify.client_connected=False;
+ Printer->notify.client_connected = false;
free_nt_devicemode( &Printer->nt_devmode );
free_a_printer( &Printer->printer_info, 2 );
@@ -255,12 +255,12 @@ static bool close_printer_handle(pipes_struct *p, struct policy_handle *hnd)
if (!Printer) {
DEBUG(2,("close_printer_handle: Invalid handle (%s:%u:%u)\n",
OUR_HANDLE(hnd)));
- return False;
+ return false;
}
close_policy_hnd(p, hnd);
- return True;
+ return true;
}
/****************************************************************************
@@ -273,7 +273,7 @@ WERROR delete_printer_hook(TALLOC_CTX *ctx, NT_USER_TOKEN *token, const char *sh
char *command = NULL;
int ret;
SE_PRIV se_printop = SE_PRINT_OPERATOR;
- bool is_print_op = False;
+ bool is_print_op = false;
/* can't fail if we don't try */
@@ -315,7 +315,7 @@ WERROR delete_printer_hook(TALLOC_CTX *ctx, NT_USER_TOKEN *token, const char *sh
return WERR_BADFID; /* What to return here? */
/* go ahead and re-read the services immediately */
- reload_services( False );
+ reload_services(false);
if ( lp_servicenumber( sharename ) < 0 )
return WERR_ACCESS_DENIED;
@@ -373,7 +373,7 @@ static bool get_printer_snum(pipes_struct *p, struct policy_handle *hnd,
if (!Printer) {
DEBUG(2,("get_printer_snum: Invalid handle (%s:%u:%u)\n",
OUR_HANDLE(hnd)));
- return False;
+ return false;
}
switch (Printer->printer_type) {
@@ -382,9 +382,9 @@ static bool get_printer_snum(pipes_struct *p, struct policy_handle *hnd,
*number = print_queue_snum(Printer->sharename);
--
Samba Shared Repository
More information about the samba-cvs
mailing list