diff -u -r --new-file --exclude=CVS samba-3.0.2/WHATSNEW.txt samba-3.0.2a/WHATSNEW.txt --- samba-3.0.2/WHATSNEW.txt Fri Feb 6 13:05:12 2004 +++ samba-3.0.2a/WHATSNEW.txt Fri Feb 13 13:02:08 2004 @@ -1,12 +1,88 @@ + ============================== + Release Notes for Samba 3.0.2a + February 13, 2004 + ============================== + +Samba 3.0.2a is a minor patch release for the 3.0.2 code base +to address, in particular, a problem when using pdbedit to +sanitize (--force-initialized-passwords) Samba's tdbsam +backend. This is the latest stable release of Samba. This +is the version that all production Samba servers should be +running for all current bug-fixes. + +******************* Attention! Achtung! Kree! ********************* + +Beginning with Samba 3.0.2, passwords for accounts with a last +change time (LCT-XXX in smbpasswd, sambaPwdLastSet attribute in +ldapsam, etc...) of zero (0) will be regarded as uninitialized +strings. This will cause authentication to fail for such +accounts. If you have valid passwords that meet this criteria, +you must update the last change time to a non-zero value. If you +do not, then 'pdbedit --force-initialized-passwords' will disable +these accounts and reset the password hashes to a string of X's. + +******************* Attention! Achtung! Kree! ********************* + + +###################################################################### +Changes +####### + +Changes since 3.0.2 +------------------- + +commits +------- + +Please refer to the CVS log for the SAMBA_3_0 branch for complete +details. The list of changes per contributor are as follows: + + +o Jeremy Allison + * Added paranoia checks in parsing code. + + +o Andrew Bartlet + * Ensure that changes to uninitialized passwords in ldapsam + are written to the DIT. + + +o Gerald (Jerry) Carter + * Fixed iterator in tdbsam. + * Fix bug that disabled accounts with a valid NT password + hash, but no LanMan hash. + + +o Steve French + * Added missing nosetuid and noexec options. + + +o Bostjan Golob + * BUG 1046: Don't overwrite usernames of entries returned + by getpwent_list(). + + +o Sebastian Krahmer + * Fixed potential crash bug in NTLMSSP parsing code. + + +o Tim Potter + * Fixed logic in tdb_brlock error checking. + + +o Urban Widmark + * Set nosuid,nodev flags in smbmnt by default. + + +Changes for older versions follow below: + + -------------------------------------------------- + ============================= Release Notes for Samba 3.0.2 February 9, 2004 ============================= -This is the latest stable release of Samba. This is the version -that all production Samba servers should be running for all current -bug-fixes. - It has been confirmed that previous versions of Samba 3.0 are susceptible to a password initialization bug that could grant an attacker unauthorized access to a user account created by the @@ -46,9 +122,6 @@ with scripts based on the 2.2 version. -###################################################################### -Changes -####### Changes since 3.0.1 ------------------- @@ -78,6 +151,8 @@ * Fix SMB signing bug when copying large files. * Correct error logic in mkdir_internals() (caused a panic when combined with --enable-developer). + * BUG 830: Protect against crashes due to bad character + conversions. o Petri Asikainen @@ -118,6 +193,7 @@ * Increase separation between DNS queries for hosts and queries for AD domain controllers. * Include additional NT_STATUS to PAM error mappings. + * Password initialization fixes. o Justin Baugh @@ -164,6 +240,7 @@ * BUG 977: Don't create a homes share for a user if a static share already exists by the same name. * Removed unused smb.conf options. + * Password initialization fixes. * Set the disable flag for template accounts created by mksmbpasswd.sh. * Disable any account has no passwords and does not have the @@ -286,6 +363,10 @@ * Small fixes for the smbldap-tool scripts. +o Andrew Tridgell + * Fix src len check in pull_usc2(). + + o Jelmer Vernooij * Put functions for generating SQL queries in pdb_sql.c * Add pgSQL backend (based on patch by Hamish Friedlander) @@ -295,7 +376,31 @@ * Fix swatdir for --with-fhs. - + -------------------------------------------------- + + ============================= + Release Notes for Samba 3.0.1 + December 15, 2003 + ============================= + +Some of the more common bugs in 3.0.0 addressed in the release +include: + + o Substitution problems with smb.conf variables. + o Errors in return codes which caused some applications + to fail to open files. + o General Protection Faults on Windows 2000/XP clients + using Samba point-n-print features. + o Several miscellaneous crash bugs. + o Access problems when enumerating group mappings are + stored in an LDAP Directory. + o Several common SWAT bugs when writing changes to + smb.conf. + o Internal inconsistencies when 'winbind use default + domain = yes' + + + Changes since 3.0.0 ---------------------- @@ -583,8 +688,10 @@ ###################################################################### + The original 3.0.0 release notes follow ======================================= - The original 3.0.0 release notes follow + WHATS NEW IN Samba 3.0.0 + September 24, 2003 ======================================= diff -u -r --new-file --exclude=CVS samba-3.0.2/packaging/Fedora/makerpms.sh samba-3.0.2a/packaging/Fedora/makerpms.sh --- samba-3.0.2/packaging/Fedora/makerpms.sh Fri Feb 6 16:43:29 2004 +++ samba-3.0.2a/packaging/Fedora/makerpms.sh Fri Feb 13 13:55:51 2004 @@ -18,7 +18,7 @@ USERID=`id -u` GRPID=`id -g` -VERSION='3.0.2' +VERSION='3.0.2a' SPECFILE="samba.spec" RPMVER=`rpm --version | awk '{print $3}'` RPM="rpmbuild" diff -u -r --new-file --exclude=CVS samba-3.0.2/packaging/Fedora/samba.spec samba-3.0.2a/packaging/Fedora/samba.spec --- samba-3.0.2/packaging/Fedora/samba.spec Fri Feb 6 16:43:29 2004 +++ samba-3.0.2a/packaging/Fedora/samba.spec Fri Feb 13 13:55:51 2004 @@ -3,7 +3,7 @@ Summary: The Samba SMB server. Name: samba -Version: 3.0.2 +Version: 3.0.2a Release: 1 License: GNU GPL Version 2 Group: System Environment/Daemons diff -u -r --new-file --exclude=CVS samba-3.0.2/packaging/Mandrake/makerpms.sh samba-3.0.2a/packaging/Mandrake/makerpms.sh --- samba-3.0.2/packaging/Mandrake/makerpms.sh Fri Feb 6 16:43:29 2004 +++ samba-3.0.2a/packaging/Mandrake/makerpms.sh Fri Feb 13 13:55:51 2004 @@ -20,7 +20,7 @@ USERID=`id -u` GRPID=`id -g` -VERSION='3.0.2' +VERSION='3.0.2a' RPMVER=`rpm --version | awk '{print $3}'` echo The RPM Version on this machine is: $RPMVER diff -u -r --new-file --exclude=CVS samba-3.0.2/packaging/Mandrake/samba2.spec samba-3.0.2a/packaging/Mandrake/samba2.spec --- samba-3.0.2/packaging/Mandrake/samba2.spec Fri Feb 6 16:43:29 2004 +++ samba-3.0.2a/packaging/Mandrake/samba2.spec Fri Feb 13 13:55:51 2004 @@ -24,7 +24,7 @@ %define libname %mklibname smbclient %libsmbmajor # Version and release replaced by samba-team at release from samba cvs -%define pversion 3.0.2 +%define pversion 3.0.2a %define prelease 1 #Check to see if p(version|release) has been replaced (1 if replaced) diff -u -r --new-file --exclude=CVS samba-3.0.2/packaging/RedHat/makerpms.sh samba-3.0.2a/packaging/RedHat/makerpms.sh --- samba-3.0.2/packaging/RedHat/makerpms.sh Fri Feb 6 16:43:29 2004 +++ samba-3.0.2a/packaging/RedHat/makerpms.sh Fri Feb 13 13:55:51 2004 @@ -20,7 +20,7 @@ USERID=`id -u` GRPID=`id -g` -VERSION='3.0.2' +VERSION='3.0.2a' SPECFILE="samba3.spec" RPMVER=`rpm --version | awk '{print $3}'` RPM="rpm" diff -u -r --new-file --exclude=CVS samba-3.0.2/packaging/RedHat/samba.spec samba-3.0.2a/packaging/RedHat/samba.spec --- samba-3.0.2/packaging/RedHat/samba.spec Fri Feb 6 16:43:29 2004 +++ samba-3.0.2a/packaging/RedHat/samba.spec Fri Feb 13 13:55:51 2004 @@ -4,7 +4,7 @@ Summary: Samba SMB client and server Vendor: Samba Team Name: samba -Version: 3.0.2 +Version: 3.0.2a Release: 1 License: GNU GPL version 2 Group: Networking @@ -160,6 +160,17 @@ installman installswat installdat installmodules cd .. +## work around a temporary bug in the installswat script +## copy the images +mv docs/htmldocs/images $RPM_BUILD_ROOT/%{prefix}/share/swat/help + +## don't duplicate the docs. These are installed with SWAT +rm -rf docs/htmldocs +rm -rf docs/manpages +( cd docs; ln -s %{prefix}/share/swat/help htmldocs ) + + + # Install the nsswitch wins library install -m755 source/nsswitch/libnss_wins.so $RPM_BUILD_ROOT/lib ( cd $RPM_BUILD_ROOT/lib; ln -sf libnss_wins.so libnss_wins.so.2 ) diff -u -r --new-file --exclude=CVS samba-3.0.2/packaging/RedHat/samba.spec.tmpl samba-3.0.2a/packaging/RedHat/samba.spec.tmpl --- samba-3.0.2/packaging/RedHat/samba.spec.tmpl Fri Jan 16 13:04:01 2004 +++ samba-3.0.2a/packaging/RedHat/samba.spec.tmpl Fri Feb 13 11:19:17 2004 @@ -160,6 +160,17 @@ installman installswat installdat installmodules cd .. +## work around a temporary bug in the installswat script +## copy the images +mv docs/htmldocs/images $RPM_BUILD_ROOT/%{prefix}/share/swat/help + +## don't duplicate the docs. These are installed with SWAT +rm -rf docs/htmldocs +rm -rf docs/manpages +( cd docs; ln -s %{prefix}/share/swat/help htmldocs ) + + + # Install the nsswitch wins library install -m755 source/nsswitch/libnss_wins.so $RPM_BUILD_ROOT/lib ( cd $RPM_BUILD_ROOT/lib; ln -sf libnss_wins.so libnss_wins.so.2 ) diff -u -r --new-file --exclude=CVS samba-3.0.2/packaging/Solaris/makepkg.sh samba-3.0.2a/packaging/Solaris/makepkg.sh --- samba-3.0.2/packaging/Solaris/makepkg.sh Fri Feb 6 16:43:29 2004 +++ samba-3.0.2a/packaging/Solaris/makepkg.sh Fri Feb 13 13:55:51 2004 @@ -156,7 +156,7 @@ fi # Setup version from version.h -VERSION=3.0.2 +VERSION=3.0.2a sed -e "s|__VERSION__|$VERSION|" -e "s|__ARCH__|`uname -p`|" -e "s|__BASEDIR__|$INSTALL_BASE|g" pkginfo.master >pkginfo sed -e "s|__BASEDIR__|$INSTALL_BASE|g" inetd.conf.master >inetd.conf diff -u -r --new-file --exclude=CVS samba-3.0.2/source/VERSION samba-3.0.2a/source/VERSION --- samba-3.0.2/source/VERSION Fri Feb 6 16:40:27 2004 +++ samba-3.0.2a/source/VERSION Thu Feb 12 12:47:51 2004 @@ -31,7 +31,7 @@ # e.g. SAMBA_VERSION_PRE_RELEASE=a # # -> "2.2.8a" # ######################################################## -SAMBA_VERSION_REVISION= +SAMBA_VERSION_REVISION=a ######################################################## # For 'pre' releases the version will be # diff -u -r --new-file --exclude=CVS samba-3.0.2/source/bin/.cvsignore samba-3.0.2a/source/bin/.cvsignore --- samba-3.0.2/source/bin/.cvsignore Wed Sep 24 12:16:13 2003 +++ samba-3.0.2a/source/bin/.cvsignore Fri Feb 13 11:09:03 2004 @@ -39,6 +39,7 @@ smbumount smbiconv swat +tdbdump t_push_ucs2 t_snprintf t_strcmp diff -u -r --new-file --exclude=CVS samba-3.0.2/source/client/mount.cifs.c samba-3.0.2a/source/client/mount.cifs.c --- samba-3.0.2/source/client/mount.cifs.c Tue Jan 6 15:08:39 2004 +++ samba-3.0.2a/source/client/mount.cifs.c Thu Feb 12 12:54:37 2004 @@ -38,12 +38,16 @@ #include #define MOUNT_CIFS_VERSION_MAJOR "1" -#define MOUNT_CIFS_VERSION_MINOR "0" +#define MOUNT_CIFS_VERSION_MINOR "1" #ifndef MOUNT_CIFS_VENDOR_SUFFIX #define MOUNT_CIFS_VENDOR_SUFFIX "" #endif +#ifndef MS_MOVE +#define MS_MOVE 8192 +#endif + char * thisprogram; int verboseflag = 0; static int got_password = 0; @@ -227,7 +231,7 @@ return rc; } -static int parse_options(char * options) +static int parse_options(char * options, int * filesys_flags) { char * data; char * percent_char = 0; @@ -394,7 +398,7 @@ if (strcmp (data, "fmask") == 0) { printf ("WARNING: CIFS mount option 'fmask' is deprecated. Use 'file_mode' instead.\n"); - data = "file_mode"; + data = "file_mode"; /* BB fix this */ } } else if (strcmp(data, "dir_mode") == 0 || strcmp(data, "dmask")==0) { if (!value || !*value) { @@ -410,6 +414,28 @@ printf ("WARNING: CIFS mount option 'dmask' is deprecated. Use 'dir_mode' instead.\n"); data = "dir_mode"; } + /* the following eight mount options should be + stripped out from what is passed into the kernel + since these eight options are best passed as the + mount flags rather than redundantly to the kernel + and could generate spurious warnings depending on the + level of the corresponding cifs vfs kernel code */ + } else if (strncmp(data, "nosuid", 6) == 0) { + *filesys_flags |= MS_NOSUID; + } else if (strncmp(data, "suid", 4) == 0) { + *filesys_flags &= ~MS_NOSUID; + } else if (strncmp(data, "nodev", 5) == 0) { + *filesys_flags |= MS_NODEV; + } else if (strncmp(data, "dev", 3) == 0) { + *filesys_flags &= ~MS_NODEV; + } else if (strncmp(data, "noexec", 6) == 0) { + *filesys_flags |= MS_NOEXEC; + } else if (strncmp(data, "exec", 4) == 0) { + *filesys_flags &= ~MS_NOEXEC; + } else if (strncmp(data, "ro", 3) == 0) { + *filesys_flags |= MS_RDONLY; + } else if (strncmp(data, "rw", 2) == 0) { + *filesys_flags &= ~MS_RDONLY; } /* else if (strnicmp(data, "port", 4) == 0) { if (value && *value) { vol->port = @@ -522,7 +548,9 @@ static struct option longopts[] = { { "all", 0, 0, 'a' }, - { "help", 0, 0, 'h' }, + { "help",0, 0, 'h' }, + { "move",0, 0, 'm' }, + { "bind",0, 0, 'b' }, { "read-only", 0, 0, 'r' }, { "ro", 0, 0, 'r' }, { "verbose", 0, 0, 'v' }, @@ -530,12 +558,11 @@ { "read-write", 0, 0, 'w' }, { "rw", 0, 0, 'w' }, { "options", 1, 0, 'o' }, - { "types", 1, 0, 't' }, + { "type", 1, 0, 't' }, { "rsize",1, 0, 'R' }, { "wsize",1, 0, 'W' }, { "uid", 1, 0, '1'}, { "gid", 1, 0, '2'}, - { "uuid",1,0,'U' }, { "user",1,0,'u'}, { "username",1,0,'u'}, { "dom",1,0,'d'}, @@ -544,13 +571,14 @@ { "pass",1,0,'p'}, { "credentials",1,0,'c'}, { "port",1,0,'P'}, + /* { "uuid",1,0,'U'}, */ /* BB unimplemented */ { NULL, 0, 0, 0 } }; int main(int argc, char ** argv) { int c; - int flags = MS_MANDLOCK | MS_MGC_VAL; + int flags = MS_MANDLOCK; /* no need to set legacy MS_MGC_VAL */ char * orgoptions = NULL; char * share_name = NULL; char * domain_name = NULL; @@ -615,6 +643,12 @@ case 'n': ++nomtab; break; + case 'b': + flags |= MS_BIND; + break; + case 'm': + flags |= MS_MOVE; + break; case 'o': orgoptions = strdup(optarg); break; @@ -693,7 +727,7 @@ ipaddr = parse_server(share_name); - if (orgoptions && parse_options(orgoptions)) + if (orgoptions && parse_options(orgoptions, &flags)) return 1; /* BB save off path and pop after mount returns? */ diff -u -r --new-file --exclude=CVS samba-3.0.2/source/client/smbmnt.c samba-3.0.2a/source/client/smbmnt.c --- samba-3.0.2/source/client/smbmnt.c Thu Aug 28 16:42:42 2003 +++ samba-3.0.2a/source/client/smbmnt.c Thu Feb 12 11:39:58 2004 @@ -240,7 +240,7 @@ data.dir_mode |= S_IXOTH; } - flags = MS_MGC_VAL; + flags = MS_MGC_VAL | MS_NOSUID | MS_NODEV; if (mount_ro) flags |= MS_RDONLY; diff -u -r --new-file --exclude=CVS samba-3.0.2/source/include/version.h samba-3.0.2a/source/include/version.h --- samba-3.0.2/source/include/version.h Fri Feb 6 16:44:44 2004 +++ samba-3.0.2a/source/include/version.h Fri Feb 13 13:57:33 2004 @@ -2,5 +2,6 @@ #define SAMBA_VERSION_MAJOR 3 #define SAMBA_VERSION_MINOR 0 #define SAMBA_VERSION_RELEASE 2 -#define SAMBA_VERSION_OFFICIAL_STRING "3.0.2" +#define SAMBA_VERSION_REVISION "a" +#define SAMBA_VERSION_OFFICIAL_STRING "3.0.2a" #define SAMBA_VERSION_STRING samba_version_string() diff -u -r --new-file --exclude=CVS samba-3.0.2/source/lib/util_getent.c samba-3.0.2a/source/lib/util_getent.c --- samba-3.0.2/source/lib/util_getent.c Sat Jun 7 12:57:33 2003 +++ samba-3.0.2a/source/lib/util_getent.c Fri Feb 13 13:02:10 2004 @@ -156,15 +156,15 @@ pent->pw_uid = pwd->pw_uid; pent->pw_gid = pwd->pw_gid; if (pwd->pw_gecos) { - if ((pent->pw_name = strdup(pwd->pw_gecos)) == NULL) + if ((pent->pw_gecos = strdup(pwd->pw_gecos)) == NULL) goto err; } if (pwd->pw_dir) { - if ((pent->pw_name = strdup(pwd->pw_dir)) == NULL) + if ((pent->pw_dir = strdup(pwd->pw_dir)) == NULL) goto err; } if (pwd->pw_shell) { - if ((pent->pw_name = strdup(pwd->pw_shell)) == NULL) + if ((pent->pw_shell = strdup(pwd->pw_shell)) == NULL) goto err; } diff -u -r --new-file --exclude=CVS samba-3.0.2/source/libsmb/asn1.c samba-3.0.2a/source/libsmb/asn1.c --- samba-3.0.2/source/libsmb/asn1.c Fri Aug 15 15:39:56 2003 +++ samba-3.0.2a/source/libsmb/asn1.c Thu Feb 12 12:47:51 2004 @@ -219,6 +219,11 @@ /* read from a ASN1 buffer, advancing the buffer pointer */ BOOL asn1_read(ASN1_DATA *data, void *p, int len) { + if (len < 0 || data->ofs + len < data->ofs || data->ofs + len < len) { + data->has_error = True; + return False; + } + if (data->ofs + len > data->length) { data->has_error = True; return False; @@ -365,6 +370,10 @@ int len; if (!asn1_start_tag(data, ASN1_GENERAL_STRING)) return False; len = asn1_tag_remaining(data); + if (len < 0) { + data->has_error = True; + return False; + } *s = malloc(len+1); if (! *s) { data->has_error = True; @@ -383,6 +392,10 @@ ZERO_STRUCTP(blob); if (!asn1_start_tag(data, ASN1_OCTET_STRING)) return False; len = asn1_tag_remaining(data); + if (len < 0) { + data->has_error = True; + return False; + } *blob = data_blob(NULL, len); asn1_read(data, blob->data, len); asn1_end_tag(data); diff -u -r --new-file --exclude=CVS samba-3.0.2/source/libsmb/ntlmssp_parse.c samba-3.0.2a/source/libsmb/ntlmssp_parse.c --- samba-3.0.2/source/libsmb/ntlmssp_parse.c Thu Dec 4 15:38:37 2003 +++ samba-3.0.2a/source/libsmb/ntlmssp_parse.c Thu Feb 12 12:47:51 2004 @@ -216,7 +216,9 @@ /* if odd length and unicode */ return False; } - + if (blob->data + ptr < (uint8 *)ptr || blob->data + ptr < blob->data) + return False; + if (0 < len1) { pull_string(NULL, p, blob->data + ptr, sizeof(p), len1, @@ -241,7 +243,10 @@ if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) { return False; } - + + if (blob->data + ptr < (uint8 *)ptr || blob->data + ptr < blob->data) + return False; + if (0 < len1) { pull_string(NULL, p, blob->data + ptr, sizeof(p), len1, @@ -266,6 +271,10 @@ if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) { return False; } + + if (blob->data + ptr < (uint8 *)ptr || blob->data + ptr < blob->data) + return False; + *b = data_blob(blob->data + ptr, len1); } break; @@ -274,6 +283,9 @@ len1 = va_arg(ap, unsigned); /* make sure its in the right format - be strict */ NEED_DATA(len1); + if (blob->data + head_ofs < (uint8 *)head_ofs || blob->data + head_ofs < blob->data) + return False; + *b = data_blob(blob->data + head_ofs, len1); head_ofs += len1; break; @@ -284,6 +296,10 @@ break; case 'C': s = va_arg(ap, char *); + + if (blob->data + head_ofs < (uint8 *)head_ofs || blob->data + head_ofs < blob->data) + return False; + head_ofs += pull_string(NULL, p, blob->data+head_ofs, sizeof(p), blob->length - head_ofs, STR_ASCII|STR_TERMINATE); diff -u -r --new-file --exclude=CVS samba-3.0.2/source/passdb/pdb_interface.c samba-3.0.2a/source/passdb/pdb_interface.c --- samba-3.0.2/source/passdb/pdb_interface.c Fri Feb 6 16:40:31 2004 +++ samba-3.0.2a/source/passdb/pdb_interface.c Fri Feb 13 13:55:10 2004 @@ -61,13 +61,13 @@ { lm_pwd = pdb_get_lanman_passwd(pass); if (lm_pwd) - pdb_set_lanman_passwd(pass, NULL, PDB_SET); + pdb_set_lanman_passwd(pass, NULL, PDB_CHANGED); } if (pdb_get_init_flags(pass, PDB_NTPASSWD) != PDB_DEFAULT) { nt_pwd = pdb_get_nt_passwd(pass); if (nt_pwd) - pdb_set_nt_passwd(pass, NULL, PDB_SET); + pdb_set_nt_passwd(pass, NULL, PDB_CHANGED); } } @@ -244,12 +244,11 @@ been allowed by the ACB_PWNOTREQ bit */ lm_pw = pdb_get_lanman_passwd( sam_acct ); - nt_pw = pdb_get_lanman_passwd( sam_acct ); + nt_pw = pdb_get_nt_passwd( sam_acct ); acb_flags = pdb_get_acct_ctrl( sam_acct ); if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) { acb_flags |= ACB_DISABLED; - pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_SET ); - pdb_set_init_flags(sam_acct, PDB_ACCTCTRL, PDB_SET); + pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED ); } /** @todo This is where a 're-read on add' should be done */ @@ -279,12 +278,11 @@ been allowed by the ACB_PWNOTREQ bit */ lm_pw = pdb_get_lanman_passwd( sam_acct ); - nt_pw = pdb_get_lanman_passwd( sam_acct ); + nt_pw = pdb_get_nt_passwd( sam_acct ); acb_flags = pdb_get_acct_ctrl( sam_acct ); if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) { acb_flags |= ACB_DISABLED; - pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_SET ); - pdb_set_init_flags(sam_acct, PDB_ACCTCTRL, PDB_SET); + pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED ); } /** @todo This is where a 're-read on update' should be done */ diff -u -r --new-file --exclude=CVS samba-3.0.2/source/passdb/pdb_tdb.c samba-3.0.2a/source/passdb/pdb_tdb.c --- samba-3.0.2/source/passdb/pdb_tdb.c Fri Aug 15 15:39:57 2003 +++ samba-3.0.2a/source/passdb/pdb_tdb.c Thu Feb 12 12:47:51 2004 @@ -43,40 +43,103 @@ #define RIDPREFIX "RID_" struct tdbsam_privates { - TDB_CONTEXT *passwd_tdb; - TDB_DATA key; + TDB_CONTEXT *passwd_tdb; /* retrive-once info */ const char *tdbsam_location; }; +struct pwent_list { + struct pwent_list *prev, *next; + TDB_DATA key; +}; +static struct pwent_list *tdbsam_pwent_list; + +/***************************************************************************** + Utility functions to open the tdb sam database + ****************************************************************************/ + +static TDB_CONTEXT * tdbsam_tdbopen (const char *name, int open_flags) +{ + TDB_CONTEXT *tdb; + + if ( !(tdb = tdb_open_log(name, 0, TDB_DEFAULT, open_flags, 0600)) ) { + DEBUG(0, ("Unable to open/create TDB passwd\n")); + return NULL; + } + + return tdb; +} + +/***************************************************************************** + Utility functions to open the tdb sam database + ****************************************************************************/ + +static void tdbsam_tdbclose ( struct tdbsam_privates *state ) +{ + if ( !state ) + return; + + if ( state->passwd_tdb ) { + tdb_close( state->passwd_tdb ); + state->passwd_tdb = NULL; + } + + return; + +} + +/**************************************************************************** + creates a list of user keys +****************************************************************************/ + +static int tdbsam_traverse_setpwent(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *state) +{ + const char *prefix = USERPREFIX; + int prefixlen = strlen (prefix); + struct pwent_list *ptr; + + if ( strncmp(key.dptr, prefix, prefixlen) == 0 ) { + if ( !(ptr=(struct pwent_list*)malloc(sizeof(struct pwent_list))) ) { + DEBUG(0,("tdbsam_traverse_setpwent: Failed to malloc new entry for list\n")); + + /* just return 0 and let the traversal continue */ + return 0; + } + ZERO_STRUCTP(ptr); + + /* save a copy of the key */ + + ptr->key.dptr = memdup( key.dptr, key.dsize ); + ptr->key.dsize = key.dsize; + + DLIST_ADD( tdbsam_pwent_list, ptr ); + + } + + + return 0; +} + /*************************************************************** Open the TDB passwd database for SAM account enumeration. + Save a list of user keys for iteration. ****************************************************************/ static NTSTATUS tdbsam_setsampwent(struct pdb_methods *my_methods, BOOL update) { + uint32 flags = update ? (O_RDWR|O_CREAT) : O_RDONLY; + struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - /* Open tdb passwd */ - if (!(tdb_state->passwd_tdb = tdb_open_log(tdb_state->tdbsam_location, 0, TDB_DEFAULT, update?(O_RDWR|O_CREAT):O_RDONLY, 0600))) - { - DEBUG(0, ("Unable to open/create TDB passwd\n")); + if ( !(tdb_state->passwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, flags )) ) return NT_STATUS_UNSUCCESSFUL; - } - - tdb_state->key = tdb_firstkey(tdb_state->passwd_tdb); + tdb_traverse( tdb_state->passwd_tdb, tdbsam_traverse_setpwent, NULL ); + return NT_STATUS_OK; } -static void close_tdb(struct tdbsam_privates *tdb_state) -{ - if (tdb_state->passwd_tdb) { - tdb_close(tdb_state->passwd_tdb); - tdb_state->passwd_tdb = NULL; - } -} /*************************************************************** End enumeration of the TDB passwd list. @@ -85,8 +148,18 @@ static void tdbsam_endsampwent(struct pdb_methods *my_methods) { struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - SAFE_FREE(tdb_state->key.dptr); - close_tdb(tdb_state); + struct pwent_list *ptr, *ptr_next; + + tdbsam_tdbclose( tdb_state ); + + /* clear out any remaining entries in the list */ + + for ( ptr=tdbsam_pwent_list; ptr; ptr = ptr_next ) { + ptr_next = ptr->next; + DLIST_REMOVE( tdbsam_pwent_list, ptr ); + SAFE_FREE( ptr->key.dptr); + SAFE_FREE( ptr ); + } DEBUG(7, ("endtdbpwent: closed sam database.\n")); } @@ -97,55 +170,48 @@ static NTSTATUS tdbsam_getsampwent(struct pdb_methods *my_methods, SAM_ACCOUNT *user) { - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - TDB_DATA data, old_key; - const char *prefix = USERPREFIX; - int prefixlen = strlen (prefix); + TDB_DATA data; + struct pwent_list *pkey; - - if (user==NULL) { - DEBUG(0,("pdb_get_sampwent: SAM_ACCOUNT is NULL.\n")); + if ( !user ) { + DEBUG(0,("tdbsam_getsampwent: SAM_ACCOUNT is NULL.\n")); return nt_status; } - /* skip all non-USER entries (eg. RIDs) */ - while ((tdb_state->key.dsize != 0) && (strncmp(tdb_state->key.dptr, prefix, prefixlen))) { - - old_key = tdb_state->key; - - /* increment to next in line */ - tdb_state->key = tdb_nextkey(tdb_state->passwd_tdb, tdb_state->key); - - SAFE_FREE(old_key.dptr); - } - - /* do we have an valid iteration pointer? */ - if(tdb_state->passwd_tdb == NULL) { - DEBUG(0,("pdb_get_sampwent: Bad TDB Context pointer.\n")); + if ( !tdbsam_pwent_list ) { + DEBUG(4,("tdbsam_getsampwent: end of list\n")); + tdbsam_tdbclose( tdb_state ); return nt_status; } + + if ( !tdb_state->passwd_tdb ) { + if ( !(tdb_state->passwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDONLY)) ) + return nt_status; + } + + /* pull the next entry */ + + pkey = tdbsam_pwent_list; + DLIST_REMOVE( tdbsam_pwent_list, pkey ); + + data = tdb_fetch(tdb_state->passwd_tdb, pkey->key); - data = tdb_fetch(tdb_state->passwd_tdb, tdb_state->key); + SAFE_FREE( pkey->key.dptr); + SAFE_FREE( pkey); + if (!data.dptr) { - DEBUG(5,("pdb_getsampwent: database entry not found.\n")); + DEBUG(5,("pdb_getsampwent: database entry not found. Was the user deleted?\n")); return nt_status; } - /* unpack the buffer */ if (!init_sam_from_buffer(user, (unsigned char *)data.dptr, data.dsize)) { DEBUG(0,("pdb_getsampwent: Bad SAM_ACCOUNT entry returned from TDB!\n")); - SAFE_FREE(data.dptr); - return nt_status; } - SAFE_FREE(data.dptr); - old_key = tdb_state->key; + SAFE_FREE( data.dptr ); - /* increment to next in line */ - tdb_state->key = tdb_nextkey(tdb_state->passwd_tdb, tdb_state->key); - - SAFE_FREE(old_key.dptr); return NT_STATUS_OK; } @@ -163,11 +229,10 @@ fstring keystr; fstring name; - if (user==NULL) { + if ( !user ) { DEBUG(0,("pdb_getsampwnam: SAM_ACCOUNT is NULL.\n")); return nt_status; } - /* Data is stored in all lower-case */ fstrcpy(name, sname); @@ -179,14 +244,14 @@ key.dsize = strlen(keystr) + 1; /* open the accounts TDB */ - if (!(pwd_tdb = tdb_open_log(tdb_state->tdbsam_location, 0, TDB_DEFAULT, O_RDONLY, 0600))) { + if (!(pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDONLY))) { if (errno == ENOENT) { /* * TDB file doesn't exist, so try to create new one. This is useful to avoid * confusing error msg when adding user account first time */ - if (!(pwd_tdb = tdb_open_log(tdb_state->tdbsam_location, 0, TDB_DEFAULT, O_CREAT, 0600))) { + if (!(pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_CREAT ))) { DEBUG(0, ("pdb_getsampwnam: TDB passwd (%s) did not exist. File successfully created.\n", tdb_state->tdbsam_location)); } else { @@ -251,14 +316,14 @@ key.dsize = strlen (keystr) + 1; /* open the accounts TDB */ - if (!(pwd_tdb = tdb_open_log(tdb_state->tdbsam_location, 0, TDB_DEFAULT, O_RDONLY, 0600))) { + if ( !(pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDONLY)) ) { DEBUG(0, ("pdb_getsampwrid: Unable to open TDB rid database!\n")); return nt_status; } /* get the record */ data = tdb_fetch (pwd_tdb, key); - if (!data.dptr) { + if ( !data.dptr ) { DEBUG(5,("pdb_getsampwrid (TDB): error looking up RID %d by key %s.\n", rid, keystr)); DEBUGADD(5, (" Error: %s\n", tdb_errorstr(pwd_tdb))); tdb_close (pwd_tdb); @@ -299,7 +364,7 @@ strlower_m(name); /* open the TDB */ - if (!(pwd_tdb = tdb_open_log(tdb_state->tdbsam_location, 0, TDB_DEFAULT, O_RDWR, 0600))) { + if (!(pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDWR))) { DEBUG(0, ("Unable to open TDB passwd!")); return nt_status; } @@ -363,7 +428,7 @@ /* open the account TDB passwd*/ - pwd_tdb = tdb_open_log(tdb_state->tdbsam_location, 0, TDB_DEFAULT, O_RDWR | O_CREAT, 0600); + pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDWR | O_CREAT); if (!pwd_tdb) { DEBUG(0, ("tdb_update_sam: Unable to open TDB passwd (%s)!\n", @@ -464,7 +529,7 @@ static void free_private_data(void **vp) { struct tdbsam_privates **tdb_state = (struct tdbsam_privates **)vp; - close_tdb(*tdb_state); + tdbsam_tdbclose(*tdb_state); *tdb_state = NULL; /* No need to free any further, as it is talloc()ed */ diff -u -r --new-file --exclude=CVS samba-3.0.2/source/tdb/tdb.c samba-3.0.2a/source/tdb/tdb.c --- samba-3.0.2/source/tdb/tdb.c Fri Jan 16 11:47:53 2004 +++ samba-3.0.2a/source/tdb/tdb.c Thu Feb 12 12:47:51 2004 @@ -242,10 +242,14 @@ tdb->fd, offset, rw_type, lck_type)); return TDB_ERRCODE(TDB_ERR_LOCK_TIMEOUT, -1); } - /* Otherwise - generic lock error. */ - /* errno set by fcntl */ - TDB_LOG((tdb, 5, "tdb_brlock failed (fd=%d) at offset %d rw_type=%d lck_type=%d: %s\n", - tdb->fd, offset, rw_type, lck_type, strerror(errno))); + /* Otherwise - generic lock error. errno set by fcntl. + * EAGAIN is an expected return from non-blocking + * locks. */ + if (errno != EAGAIN) { + TDB_LOG((tdb, 5, "tdb_brlock failed (fd=%d) at offset %d rw_type=%d lck_type=%d: %s\n", + tdb->fd, offset, rw_type, lck_type, + strerror(errno))); + } return TDB_ERRCODE(TDB_ERR_LOCK, -1); } return 0; diff -u -r --new-file --exclude=CVS samba-3.0.2/source/utils/pdbedit.c samba-3.0.2a/source/utils/pdbedit.c --- samba-3.0.2/source/utils/pdbedit.c Sat Jan 31 09:45:57 2004 +++ samba-3.0.2a/source/utils/pdbedit.c Thu Feb 12 12:47:52 2004 @@ -251,13 +251,15 @@ if (!(NT_STATUS_IS_OK(pdb_init_sam(&sam_pwent)))) return 1; while (check && (ret = NT_STATUS_IS_OK(in->pdb_getsampwent (in, sam_pwent)))) { + printf("Updating record for user %s\n", pdb_get_username(sam_pwent)); + if (!pdb_update_sam_account(sam_pwent)) { - DEBUG(0, ("Update of user %s failed!\n", pdb_get_username(sam_pwent))); + printf("Update of user %s failed!\n", pdb_get_username(sam_pwent)); } pdb_free_sam(&sam_pwent); check = NT_STATUS_IS_OK(pdb_init_sam(&sam_pwent)); if (!check) { - DEBUG(0, ("Failed to initialise new SAM_ACCOUNT structure (out of memory?)\n")); + fprintf(stderr, "Failed to initialise new SAM_ACCOUNT structure (out of memory?)\n"); } }