diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/examples/LDAP/samba-nds.schema samba-3.0.21c/examples/LDAP/samba-nds.schema --- samba-3.0.21b/examples/LDAP/samba-nds.schema 2005-12-29 14:45:14.000000000 -0600 +++ samba-3.0.21c/examples/LDAP/samba-nds.schema 2006-02-20 15:27:34.000000000 -0600 @@ -234,6 +234,57 @@ add: attributetypes attributeTypes: ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' DESC 'Trust Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' DESC 'Minimal password length (default: 5)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength' DESC 'Length of Password History Entries (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' DESC 'Force Users to logon for password change (default: 0 => off, 2 => on)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' DESC 'Maximum password age, in seconds (default: -1 => never expire passwords)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' DESC 'Minimum password age, in seconds (default: 0 => allow immediate password change)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration' DESC 'Lockout duration in minutes (default: 30, -1 => forever)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindow' DESC 'Reset time after lockout in minutes (default: 30)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold' DESC 'Lockout users after bad logon attempts (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' DESC 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange' DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + + ####################################################################### ## objectClasses used by Samba 3.0 schema ## ####################################################################### @@ -268,7 +319,7 @@ dn: cn=schema changetype: modify add: objectClasses -objectClasses: ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba Domain Information' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBase )) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba Domain Information' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBase $ sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $ sambaMaxPwdAge $ sambaMinPwdAge $ sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $ sambaForceLogoff $ sambaRefuseMachinePwdChange )) ## ## used for idmap_ldap module diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/examples/VFS/Makefile.in samba-3.0.21c/examples/VFS/Makefile.in --- samba-3.0.21b/examples/VFS/Makefile.in 2005-07-28 08:19:54.000000000 -0500 +++ samba-3.0.21c/examples/VFS/Makefile.in 2006-02-20 15:27:34.000000000 -0600 @@ -7,7 +7,7 @@ SAMBA_SOURCE = @SAMBA_SOURCE@ SHLIBEXT = @SHLIBEXT@ OBJEXT = @OBJEXT@ -FLAGS = $(CFLAGS) -Iinclude -I$(SAMBA_SOURCE)/include -I$(SAMBA_SOURCE)/ubiqx -I$(SAMBA_SOURCE)/smbwrapper -I. $(CPPFLAGS) -I$(SAMBA_SOURCE) -fPIC +FLAGS = $(CFLAGS) -Iinclude -I$(SAMBA_SOURCE)/include -I$(SAMBA_SOURCE)/popt -I$(SAMBA_SOURCE)/ubiqx -I$(SAMBA_SOURCE)/smbwrapper -I. $(CPPFLAGS) -I$(SAMBA_SOURCE) -fPIC prefix = @prefix@ diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/packaging/Debian/debian-sarge/changelog samba-3.0.21c/packaging/Debian/debian-sarge/changelog --- samba-3.0.21b/packaging/Debian/debian-sarge/changelog 2005-11-09 12:29:06.000000000 -0600 +++ samba-3.0.21c/packaging/Debian/debian-sarge/changelog 2006-02-20 15:27:34.000000000 -0600 @@ -1,3 +1,21 @@ +samba (3.0.21b-1) stable; urgency=high + + * samba 3.0.21b Samba Team Release + + -- Simo Sorce Tue, 07 Feb 2006 16:45:30 -0500 + +samba (3.0.21a-1) stable; urgency=high + + * samba 3.0.21a Samba Team Release + + -- Simo Sorce Wed, 04 Jan 2006 16:10:30 -0500 + +samba (3.0.21-1) stable; urgency=low + + * samba 3.0.21 Samba Team Release + + -- Simo Sorce Wed, 21 Dec 2005 15:35:30 +0100 + samba (3.0.20b-1) stable; urgency=low * samba 3.0.20b Samba Team Release diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/packaging/Debian/debian-sarge/patches/fhs.patch samba-3.0.21c/packaging/Debian/debian-sarge/patches/fhs.patch --- samba-3.0.21b/packaging/Debian/debian-sarge/patches/fhs.patch 2005-11-09 12:29:05.000000000 -0600 +++ samba-3.0.21c/packaging/Debian/debian-sarge/patches/fhs.patch 2006-02-20 15:27:33.000000000 -0600 @@ -151,13 +151,13 @@ if (stat(msg_path, &st) != 0) { /* the msg file isn't available */ DEBUG(10, ("lang_tdb_init: %s: %s\n", msg_path, -diff -uNr samba-3.0.10.orig/source/lib/account_pol.c samba-3.0.10/source/lib/account_pol.c ---- samba-3.0.10.orig/source/lib/account_pol.c 2004-12-17 03:50:08.000000000 -0800 -+++ samba-3.0.10/source/lib/account_pol.c 2004-12-17 03:55:29.000000000 -0800 -@@ -35,7 +35,7 @@ - - if (tdb) +diff -uNr samba-3.0.21.orig/source/lib/account_pol.c samba-3.0.21/source/lib/account_pol.c +--- samba-3.0.21.orig/source/lib/account_pol.c 2005-12-20 15:28:38.000000000 +0000 ++++ samba-3.0.21/source/lib/account_pol.c 2005-12-23 11:41:08.000000000 +0000 +@@ -262,7 +262,7 @@ return True; + } + - tdb = tdb_open_log(lock_path("account_policy.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); + tdb = tdb_open_log(state_path("account_policy.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); if (!tdb) { @@ -448,26 +448,39 @@ pstrcat(printdb_path, printername); pstrcat(printdb_path, ".tdb"); -diff -uNr samba-3.0.20b.orig/source/registry/reg_db.c samba-3.0.20b/source/registry/reg_db.c ---- samba-3.0.20b.orig/source/registry/reg_db.c 2003-07-02 23:26:47.000000000 -0500 -+++ samba-3.0.20b/source/registry/reg_db.c 2003-07-02 23:19:02.000000000 -0500 -@@ -198,13 +198,13 @@ - if ( tdb_reg ) - return True; - +diff -uNr samba-3.0.21.orig/source/registry/reg_db.c samba-3.0.21/source/registry/reg_db.c +--- samba-3.0.21.orig/source/registry/reg_db.c 2005-10-18 02:45:06.000000000 +0000 ++++ samba-3.0.21/source/registry/reg_db.c 2005-12-23 11:48:19.000000000 +0000 +@@ -205,12 +205,12 @@ + if ( tdb_reg ) + return True; + - if ( !(tdb_reg = tdb_open_log(lock_path("registry.tdb"), 0, TDB_DEFAULT, O_RDWR, 0600)) ) + if ( !(tdb_reg = tdb_open_log(state_path("registry.tdb"), 0, TDB_DEFAULT, O_RDWR, 0600)) ) - { + { - tdb_reg = tdb_open_log(lock_path("registry.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); + tdb_reg = tdb_open_log(state_path("registry.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); - if ( !tdb_reg ) { - DEBUG(0,("init_registry: Failed to open registry %s (%s)\n", + if ( !tdb_reg ) { + DEBUG(0,("regdb_init: Failed to open registry %s (%s)\n", - lock_path("registry.tdb"), strerror(errno) )); + state_path("registry.tdb"), strerror(errno) )); - return False; - } - - DEBUG(10,("init_registry: Successfully created registry tdb\n")); + return False; + } + +@@ -252,11 +252,11 @@ + + become_root(); + +- tdb_reg = tdb_open_log(lock_path("registry.tdb"), 0, TDB_DEFAULT, O_RDWR, 0600); ++ tdb_reg = tdb_open_log(state_path("registry.tdb"), 0, TDB_DEFAULT, O_RDWR, 0600); + if ( !tdb_reg ) { + result = ntstatus_to_werror( map_nt_error_from_unix( errno ) ); + DEBUG(0,("regdb_open: Failed to open %s! (%s)\n", +- lock_path("registry.tdb"), strerror(errno) )); ++ state_path("registry.tdb"), strerror(errno) )); + } + + unbecome_root(); diff -uNr samba-3.0.10.orig/source/rpc_server/srv_srvsvc_nt.c samba-3.0.10/source/rpc_server/srv_srvsvc_nt.c --- samba-3.0.10.orig/source/rpc_server/srv_srvsvc_nt.c 2004-12-17 03:50:09.000000000 -0800 +++ samba-3.0.10/source/rpc_server/srv_srvsvc_nt.c 2004-12-17 03:55:31.000000000 -0800 diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/packaging/Debian/debian-sarge/patches/version-fix-vscan.patch samba-3.0.21c/packaging/Debian/debian-sarge/patches/version-fix-vscan.patch --- samba-3.0.21b/packaging/Debian/debian-sarge/patches/version-fix-vscan.patch 2005-11-09 12:29:05.000000000 -0600 +++ samba-3.0.21c/packaging/Debian/debian-sarge/patches/version-fix-vscan.patch 1969-12-31 18:00:00.000000000 -0600 @@ -1,37 +0,0 @@ -Author: Lars Mueller -Subject: Non integer SAMBA_VERSION_RELEASE breaks samba-vscan build -Bugzilla: bugzilla.Samba.org #2618 - ---- samba-3.0.20b/source/script/mkversion.sh -+++ samba-3.0.20b/source/script/mkversion.sh 2005-10-22 12:56:30 -@@ -17,6 +17,7 @@ - SAMBA_VERSION_MAJOR=`sed -n 's/^SAMBA_VERSION_MAJOR=//p' $SOURCE_DIR$VERSION_FILE` - SAMBA_VERSION_MINOR=`sed -n 's/^SAMBA_VERSION_MINOR=//p' $SOURCE_DIR$VERSION_FILE` - SAMBA_VERSION_RELEASE=`sed -n 's/^SAMBA_VERSION_RELEASE=//p' $SOURCE_DIR$VERSION_FILE` -+SAMBA_VERSION_RELEASE_SUFFIX=`sed -n 's/^SAMBA_VERSION_RELEASE_SUFFIX=//p' $SOURCE_DIR$VERSION_FILE` - - SAMBA_VERSION_PRE_RELEASE=`sed -n 's/^SAMBA_VERSION_PRE_RELEASE=//p' $SOURCE_DIR$VERSION_FILE` - -@@ -31,9 +32,10 @@ - echo "#define SAMBA_VERSION_MAJOR ${SAMBA_VERSION_MAJOR}" >> $OUTPUT_FILE - echo "#define SAMBA_VERSION_MINOR ${SAMBA_VERSION_MINOR}" >> $OUTPUT_FILE - echo "#define SAMBA_VERSION_RELEASE ${SAMBA_VERSION_RELEASE}" >> $OUTPUT_FILE -+echo "#define SAMBA_VERSION_RELEASE_SUFFIX ${SAMBA_VERSION_RELEASE_SUFFIX}" >> $OUTPUT_FILE - - --SAMBA_VERSION_STRING="${SAMBA_VERSION_MAJOR}.${SAMBA_VERSION_MINOR}.${SAMBA_VERSION_RELEASE}" -+SAMBA_VERSION_STRING="${SAMBA_VERSION_MAJOR}.${SAMBA_VERSION_MINOR}.${SAMBA_VERSION_RELEASE}${SAMBA_VERSION_RELEASE_SUFFIX}" - - - if test -n "${SAMBA_VERSION_PRE_RELEASE}";then ---- samba-3.0.20b/source/VERSION -+++ samba-3.0.20b/source/VERSION 2005-10-22 12:56:30 -@@ -19,7 +19,8 @@ - ######################################################## - SAMBA_VERSION_MAJOR=3 - SAMBA_VERSION_MINOR=0 - SAMBA_VERSION_RELEASE=20 -+SAMBA_VERSION_RELEASE_SUFFIX=b - - ######################################################## - # For 'pre' releases the version will be # diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/packaging/Debian/debian-sarge/patches/VERSION.patch samba-3.0.21c/packaging/Debian/debian-sarge/patches/VERSION.patch --- samba-3.0.21b/packaging/Debian/debian-sarge/patches/VERSION.patch 2005-11-09 12:29:05.000000000 -0600 +++ samba-3.0.21c/packaging/Debian/debian-sarge/patches/VERSION.patch 1969-12-31 18:00:00.000000000 -0600 @@ -1,8 +0,0 @@ ---- samba-3.0.0rc2/source/VERSION.orig 2003-09-02 21:56:11.000000000 -0400 -+++ samba-3.0.0rc2/source/VERSION 2003-09-02 21:56:30.000000000 -0400 -@@ -78,4 +78,4 @@ - # e.g. SAMBA_VERSION_VENDOR_SUFFIX=vendor_version() # - # -> "CVS 3.0.0rc2-VendorVersion" # - ######################################################## --SAMBA_VERSION_VENDOR_SUFFIX= -+SAMBA_VERSION_VENDOR_SUFFIX="Debian" diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/packaging/Debian/debian-sarge/rules samba-3.0.21c/packaging/Debian/debian-sarge/rules --- samba-3.0.21b/packaging/Debian/debian-sarge/rules 2005-11-09 12:29:04.000000000 -0600 +++ samba-3.0.21c/packaging/Debian/debian-sarge/rules 2006-02-20 15:27:34.000000000 -0600 @@ -69,6 +69,7 @@ --with-automount \ --with-tdbsam \ --with-ldap \ + --with-shared-modules=idmap_ad,idmap_rid \ --with-python=python2.3 ifeq ($(DEB_HOST_GNU_SYSTEM),linux) @@ -229,7 +230,7 @@ # The smbwrapper package is not being generated anymore, so we must # delete the related man pages. - rm $(DESTDIR)/usr/share/man/man1/smbsh.1 + # rm $(DESTDIR)/usr/share/man/man1/smbsh.1 # We're not providing findsmb (should we?) so let's remove the man # pages. diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/packaging/Debian/debian-sarge/samba.files samba-3.0.21c/packaging/Debian/debian-sarge/samba.files --- samba-3.0.21b/packaging/Debian/debian-sarge/samba.files 2005-11-09 12:29:05.000000000 -0600 +++ samba-3.0.21c/packaging/Debian/debian-sarge/samba.files 2006-02-20 15:27:34.000000000 -0600 @@ -6,6 +6,7 @@ usr/sbin/nmbd usr/sbin/mksmbpasswd usr/lib/samba/vfs +usr/lib/samba/idmap usr/share/man/man1/smbcontrol.1 usr/share/man/man1/smbstatus.1 usr/share/man/man5/smbpasswd.5 diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/packaging/Debian/debian-unstable/samba-common.dhcp samba-3.0.21c/packaging/Debian/debian-unstable/samba-common.dhcp --- samba-3.0.21b/packaging/Debian/debian-unstable/samba-common.dhcp 2006-01-27 08:09:41.000000000 -0600 +++ samba-3.0.21c/packaging/Debian/debian-unstable/samba-common.dhcp 2006-02-20 15:27:34.000000000 -0600 @@ -15,7 +15,7 @@ # Nor should we continue if no settings have changed if [ "$new_netbios_name_servers" = "$old_netbios_name_servers" ] \ - && [ "$new_netbios_scope" = "$old_netbios_scope" ] + && [ "$new_netbios_scope" = "$old_netbios_scope" ] \ && [ -f $SAMBA_DHCP_CONF ] then return @@ -58,4 +58,8 @@ fi } -netbios_setup +# Only call netbios_setup if we're not sourced. +case "$0" in + *bin/sh|*bin/bash) : ;; + *) netbios_setup ;; +esac diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/packaging/RedHat-9/makerpms.sh samba-3.0.21c/packaging/RedHat-9/makerpms.sh --- samba-3.0.21b/packaging/RedHat-9/makerpms.sh 2006-01-30 13:38:33.000000000 -0600 +++ samba-3.0.21c/packaging/RedHat-9/makerpms.sh 2006-02-24 00:39:55.000000000 -0600 @@ -20,7 +20,7 @@ USERID=`id -u` GRPID=`id -g` -VERSION='3.0.21b' +VERSION='3.0.21c' SPECFILE="samba3.spec" RPMVER=`rpm --version | awk '{print $3}'` RPM="rpm" diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/packaging/RedHat-9/samba.spec samba-3.0.21c/packaging/RedHat-9/samba.spec --- samba-3.0.21b/packaging/RedHat-9/samba.spec 2006-01-30 13:38:33.000000000 -0600 +++ samba-3.0.21c/packaging/RedHat-9/samba.spec 2006-02-24 00:39:55.000000000 -0600 @@ -4,7 +4,7 @@ Summary: Samba SMB client and server Vendor: Samba Team Name: samba -Version: 3.0.21b +Version: 3.0.21c Release: 1 License: GNU GPL version 2 Group: Networking diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/packaging/RHEL/makerpms.sh samba-3.0.21c/packaging/RHEL/makerpms.sh --- samba-3.0.21b/packaging/RHEL/makerpms.sh 2006-01-30 13:38:33.000000000 -0600 +++ samba-3.0.21c/packaging/RHEL/makerpms.sh 2006-02-24 00:39:55.000000000 -0600 @@ -18,7 +18,7 @@ USERID=`id -u` GRPID=`id -g` -VERSION='3.0.21b' +VERSION='3.0.21c' SPECFILE="samba.spec" RPMVER=`rpm --version | awk '{print $3}'` RPM="rpmbuild" diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/packaging/RHEL/samba.spec samba-3.0.21c/packaging/RHEL/samba.spec --- samba-3.0.21b/packaging/RHEL/samba.spec 2006-01-30 13:38:33.000000000 -0600 +++ samba-3.0.21c/packaging/RHEL/samba.spec 2006-02-24 00:39:55.000000000 -0600 @@ -5,7 +5,7 @@ Vendor: Samba Team Packager: Samba Team Name: samba -Version: 3.0.21b +Version: 3.0.21c Release: 1 License: GNU GPL version 2 Group: System Environment/Daemons @@ -17,17 +17,17 @@ Source998: filter-requires-samba.sh Source999: setup.tar.bz2 -Requires: pam >= 0.64 %{auth} samba-common = %{version} -Requires: logrotate >= 3.4 initscripts >= 5.54-1 -BuildRoot: %{_tmppath}/%{name}-%{version}-root Prereq: /sbin/chkconfig /bin/mktemp /usr/bin/killall Prereq: fileutils sed /etc/init.d -BuildRequires: pam-devel, readline-devel, fileutils, libacl-devel, openldap-devel, krb5-devel, cups-devel + +Requires: pam >= 0.64 %{auth} +Requires: samba-common = %{version}-%{release} +Requires: logrotate >= 3.4 initscripts >= 5.54-1 Provides: samba = %{version} -Obsoletes: samba-common, samba-client, samba-swat -BuildRoot: %{_tmppath}/%{name}-%{version}-root Prefix: /usr +BuildRoot: %{_tmppath}/%{name}-%{version}-root +BuildRequires: pam-devel, readline-devel, ncurses-devel, fileutils, libacl-devel, openldap-devel, krb5-devel, cups-devel # Working around perl dependency problem from docs %define __perl_requires %{SOURCE998} @@ -45,11 +45,13 @@ NetBIOS frame) protocol. +####################################################################### %package client Summary: Samba (SMB) client programs. Group: Applications/System -Requires: samba-common = %{version} +Requires: samba-common = %{version}-%{release} Obsoletes: smbfs +Provides: samba-client = %{version}-%{release} %description client The samba-client package provides some SMB clients to compliment the @@ -57,19 +59,23 @@ shares and printing to SMB printers. +####################################################################### %package common Summary: Files used by both Samba servers and clients. Group: Applications/System +Provides: samba-common = %{version}-%{release} %description common Samba-common provides files necessary for both the server and client packages of Samba. +####################################################################### %package swat Summary: The Samba SMB server configuration program. Group: Applications/System Requires: samba = %{version} xinetd +Provides: samba-swat = %{version}-%{release} %description swat The samba-swat package includes the new SWAT (Samba Web Administration @@ -77,6 +83,21 @@ Web browser. +####################################################################### +%package doc +Summary: Samba Documentation +Group: Documentation/Other +Provides: samba-doc = %{version}-%{release} +Prereq: /usr/bin/find /bin/rm /usr/bin/xargs + +%description doc +The samba-doc package includes the HTML versions of the Samba manpages +utilized by SWAT as well as the HTML and PDF version of "Using Samba", +"Samba By Example", and "The Official Samba HOWTO and Reference Guide". + + +####################################################################### + %prep %setup -q @@ -98,17 +119,15 @@ EXTRA="-D_LARGEFILE64_SOURCE" %endif -## run autogen if missing the configure script -if [ ! -f "configure" ]; then - ./autogen.sh -fi +## always run autogen.sh +./autogen.sh CFLAGS="$RPM_OPT_FLAGS $EXTRA -D_GNU_SOURCE" ./configure \ --prefix=%{_prefix} \ --localstatedir=/var \ --with-configdir=%{_sysconfdir}/samba \ --with-libdir=%{_libdir}/samba \ - --with-lockdir=/var/cache/samba \ + --with-lockdir=/var/lib/samba \ --with-logfilebase=/var/log/samba \ --with-mandir=%{_mandir} \ --with-piddir=/var/run \ @@ -117,11 +136,13 @@ --with-swatdir=%{_datadir}/swat \ --enable-cups \ --with-acl-support \ + --with-ads \ --with-automount \ --with-fhs \ --with-pam_smbpass \ --with-libsmbclient \ --with-libsmbsharemodes \ + --without-smbwrapper \ --with-pam \ --with-quotas \ --with-shared-modules=idmap_rid,idmap_ad \ @@ -131,7 +152,18 @@ make showlayout -make CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE" proto pch +make CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE" proto + +## check for gcc 3.4 or later +CC_VERSION=`${CC} --version | head -1 | awk '{print $3}'` +CC_MAJOR=`echo ${CC_VERSION} | cut -d. -f 1` +CC_MINOR=`echo ${CC_VERSION} | cut -d. -f 2` +if [ ${CC_MAJOR} -ge 3 ]; then + if [ ${CC_MAJOR} -gt 3 -o ${CC_MINOR} -ge 4 ]; then + make pch + fi +fi + make CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE" %{?_smp_mflags} \ all modules pam_smbpass @@ -167,7 +199,7 @@ mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/{samba,sysconfig} mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d -mkdir -p $RPM_BUILD_ROOT/var/cache/samba/winbindd_privileged +mkdir -p $RPM_BUILD_ROOT/var/lib/samba/winbindd_privileged mkdir -p $RPM_BUILD_ROOT/var/{log,run/winbindd,spool}/samba cd source @@ -213,8 +245,8 @@ install -m755 source/bin/pam_smbpass.so $RPM_BUILD_ROOT/%{_lib}/security/pam_smbpass.so # we need a symlink for mount to recognise the smb and smbfs filesystem types -ln -sf %{_prefix}/bin/smbmount $RPM_BUILD_ROOT/sbin/mount.smbfs -ln -sf %{_prefix}/bin/smbmount $RPM_BUILD_ROOT/sbin/mount.smb +ln -sf %{_prefix}/sbin/smbmount $RPM_BUILD_ROOT/sbin/mount.smbfs +ln -sf %{_prefix}/sbin/smbmount $RPM_BUILD_ROOT/sbin/mount.smb # Install the miscellany echo 127.0.0.1 localhost > $RPM_BUILD_ROOT%{_sysconfdir}/samba/lmhosts @@ -255,19 +287,32 @@ rm -rf $RPM_BUILD_ROOT %post -/sbin/chkconfig --add smb +## deal with an upgrade from a broken 3.0.21b RPM +if [ "$1" -eq "2" ]; then + if [ -d /var/cache/samba ]; then + for file in `ls /var/cache/samba/*tdb`; do + /bin/cp -up $file /var/lib/samba/`basename $file` + done + mkdir -p /var/lib/samba/eventlog + for file in `ls /var/cache/samba/eventlog/*tdb`; do + /bin/cp -up $file /var/lib/samba/eventlog/`basename $file` + done + /bin/mv /var/cache/samba /var/cache/samba.moved + fi +fi %preun if [ $1 = 0 ] ; then /sbin/chkconfig --del smb - rm -rf /var/log/samba/* /var/cache/samba/* + /sbin/chkconfig --del winbind + # rm -rf /var/log/samba/* /var/lib/samba/* /sbin/service smb stop >/dev/null 2>&1 fi exit 0 %postun if [ "$1" -ge "1" ]; then - %{initdir}/smb condrestart >/dev/null 2>&1 + %{initdir}/smb restart >/dev/null 2>&1 fi @@ -278,54 +323,56 @@ fi %post common -/sbin/chkconfig --add winbind /sbin/ldconfig -%preun common -if [ $1 = 0 ] ; then - /sbin/chkconfig --del winbind - /sbin/service winbind stop >/dev/null 2>&1 -fi -exit 0 - -%postun common -p /sbin/ldconfig - -%triggerpostun -- samba < 1.9.18p7 -if [ $1 != 0 ]; then - /sbin/chkconfig --add smb -fi +%postun common +/sbin/ldconfig -%triggerpostun -- samba < 2.0.5a-3 -if [ $1 != 0 ]; then - [ ! -d /var/lock/samba ] && mkdir -m 0755 /var/lock/samba - [ ! -d /var/spool/samba ] && mkdir -m 1777 /var/spool/samba - chmod 644 /etc/services - [ -f /etc/inetd.conf ] && chmod 644 /etc/inetd.conf -fi +####################################################################### +## Files section ## +####################################################################### %files %defattr(-,root,root) -%doc README COPYING Manifest -%doc WHATSNEW.txt Roadmap -%doc docs -%doc examples/autofs examples/LDAP examples/libsmbclient examples/misc examples/printer-accounting -%doc examples/printing -%attr(755,root,root) /%{_lib}/security/pam_smbpass.so +%config(noreplace) %{_sysconfdir}/sysconfig/samba +%config(noreplace) %{_sysconfdir}/samba/smbusers +%attr(755,root,root) %config %{initdir}/smb +%attr(755,root,root) %config %{initdir}/winbind +%config(noreplace) %{_sysconfdir}/logrotate.d/samba +%config(noreplace) %{_sysconfdir}/pam.d/samba + +%attr(0755,root,root) %dir /var/log/samba +%attr(0755,root,root) %dir /var/lib/samba +%attr(1777,root,root) %dir /var/spool/samba + %{_sbindir}/samba %{_sbindir}/winbind + %{_sbindir}/smbd %{_sbindir}/nmbd +%{_sbindir}/winbindd + +%attr(755,root,root) /%{_lib}/libnss_wins.so* +%attr(755,root,root) /%{_lib}/libnss_winbind.so* +%attr(755,root,root) /%{_lib}/security/pam_winbind.so +%attr(755,root,root) /%{_lib}/security/pam_smbpass.so + %{_bindir}/mksmbpasswd.sh %{_bindir}/smbcontrol %{_bindir}/smbstatus %{_bindir}/tdbbackup %{_bindir}/tdbtool -%config(noreplace) %{_sysconfdir}/sysconfig/samba -%config(noreplace) %{_sysconfdir}/samba/smbusers -%attr(755,root,root) %config %{initdir}/smb -%config(noreplace) %{_sysconfdir}/logrotate.d/samba -%config(noreplace) %{_sysconfdir}/pam.d/samba +%{_bindir}/tdbdump +%{_bindir}/wbinfo +%{_bindir}/ntlm_auth +%{_bindir}/pdbedit +%{_bindir}/eventlogadm + +%{_libdir}/samba/idmap/*.so +%{_libdir}/samba/vfs/*.so +%{_libdir}/samba/auth/*.so + %{_mandir}/man1/smbcontrol.1* %{_mandir}/man1/smbstatus.1* %{_mandir}/man1/vfstest.1* @@ -336,20 +383,36 @@ %{_mandir}/man8/smbd.8* %{_mandir}/man7/pam_winbind.7* %{_mandir}/man8/tdbbackup.8* -%{_mandir}/man7/libsmbclient.7* +%{_mandir}/man8/tdbdump.8* +%{_mandir}/man8/winbindd.8* +%{_mandir}/man1/ntlm_auth.1* +%{_mandir}/man1/wbinfo.1* -%{_libdir}/samba/vfs -%attr(0700,root,root) %dir /var/log/samba -%attr(1777,root,root) %dir /var/spool/samba +########## + +%files doc +%defattr(-,root,root) +%doc README COPYING Manifest +%doc WHATSNEW.txt Roadmap +%doc docs +%doc examples/autofs examples/LDAP examples/libsmbclient examples/misc examples/printer-accounting +%doc examples/printing +%doc %{_datadir}/swat/help + +########## %files swat %defattr(-,root,root) %config(noreplace) %{_sysconfdir}/xinetd.d/swat -%{_datadir}/swat +%dir %{_datadir}/swat +%{_datadir}/swat/include +%{_datadir}/swat/images +%{_datadir}/swat/lang %{_sbindir}/swat %{_mandir}/man8/swat.8* -%attr(755,root,root) %{_libdir}/samba/*.msg + +########## %files client %defattr(-,root,root) @@ -357,23 +420,14 @@ /sbin/mount.smbfs /sbin/mount.cifs /sbin/umount.cifs -%{_libdir}/samba/lowcase.dat -%{_libdir}/samba/upcase.dat -%{_libdir}/samba/valid.dat + %{_bindir}/rpcclient %{_bindir}/smbcacls %{_bindir}/smbmount %{_bindir}/smbmnt %{_bindir}/smbumount %{_bindir}/findsmb -%{_bindir}/tdbdump -%{_mandir}/man8/tdbdump.8* -%{_mandir}/man8/smbmnt.8* -%{_mandir}/man8/smbmount.8* -%{_mandir}/man8/smbumount.8* -%{_mandir}/man8/mount.cifs.8.* -%{_mandir}/man8/umount.cifs.8.* -%{_mandir}/man8/smbspool.8* +%{_bindir}/smbcquotas %{_bindir}/nmblookup %{_bindir}/smbget %{_bindir}/smbclient @@ -382,6 +436,13 @@ %{_bindir}/smbtar %{_bindir}/net %{_bindir}/smbtree + +%{_mandir}/man8/smbmnt.8* +%{_mandir}/man8/smbmount.8* +%{_mandir}/man8/smbumount.8* +%{_mandir}/man8/mount.cifs.8.* +%{_mandir}/man8/umount.cifs.8.* +%{_mandir}/man8/smbspool.8* %{_mandir}/man1/smbget.1* %{_mandir}/man5/smbgetrc.5* %{_mandir}/man1/findsmb.1* @@ -392,45 +453,37 @@ %{_mandir}/man1/smbtar.1* %{_mandir}/man1/smbtree.1* %{_mandir}/man8/net.8* +%{_mandir}/man1/smbcquotas.1* + +########## %files common %defattr(-,root,root) -/%{_lib}/libnss_wins.so* -/%{_lib}/libnss_winbind.so* -/%{_lib}/security/pam_winbind.so +%dir %{_sysconfdir}/samba +%config(noreplace) %{_sysconfdir}/samba/smb.conf +%config(noreplace) %{_sysconfdir}/samba/lmhosts + %{_includedir}/libsmbclient.h %{_libdir}/libsmbclient.a -%{_libdir}/libsmbclient.so -%{_libdir}/libsmbclient.so.0 +%{_libdir}/libsmbclient.so* %{_includedir}/libmsrpc.h %{_libdir}/libmsrpc.a -%{_libdir}/libmsrpc.so -%{_libdir}/libmsrpc.so.0 -%{_libdir}/samba/charset/CP*.so -%{_libdir}/samba/idmap/*.so -%{_libdir}/samba/auth/script.so +%{_libdir}/libmsrpc.so* + +%{_libdir}/samba/*.dat +%{_libdir}/samba/*.msg +%{_libdir}/samba/charset/*.so + %{_bindir}/testparm %{_bindir}/smbpasswd -%{_bindir}/wbinfo -%{_bindir}/ntlm_auth -%{_bindir}/pdbedit -%{_bindir}/eventlogadm %{_bindir}/profiles -%{_bindir}/smbcquotas -%{_sbindir}/winbindd -%config(noreplace) %{_sysconfdir}/samba/smb.conf -%config(noreplace) %{_sysconfdir}/samba/lmhosts -%dir %{_sysconfdir}/samba -%{initdir}/winbind -%{_mandir}/man1/ntlm_auth.1* + %{_mandir}/man1/profiles.1* -%{_mandir}/man1/smbcquotas.1* %{_mandir}/man1/testparm.1* %{_mandir}/man5/smb.conf.5* %{_mandir}/man5/lmhosts.5* %{_mandir}/man8/smbpasswd.8* -%{_mandir}/man1/wbinfo.1* -%{_mandir}/man8/winbindd.8* +%{_mandir}/man7/libsmbclient.7* %changelog * Fri Jan 16 2004 Gerald (Jerry) Carter diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/packaging/RHEL/samba.spec.tmpl samba-3.0.21c/packaging/RHEL/samba.spec.tmpl --- samba-3.0.21b/packaging/RHEL/samba.spec.tmpl 2006-01-25 06:27:46.000000000 -0600 +++ samba-3.0.21c/packaging/RHEL/samba.spec.tmpl 2006-02-20 15:27:34.000000000 -0600 @@ -17,17 +17,17 @@ Source998: filter-requires-samba.sh Source999: setup.tar.bz2 -Requires: pam >= 0.64 %{auth} samba-common = %{version} -Requires: logrotate >= 3.4 initscripts >= 5.54-1 -BuildRoot: %{_tmppath}/%{name}-%{version}-root Prereq: /sbin/chkconfig /bin/mktemp /usr/bin/killall Prereq: fileutils sed /etc/init.d -BuildRequires: pam-devel, readline-devel, fileutils, libacl-devel, openldap-devel, krb5-devel, cups-devel + +Requires: pam >= 0.64 %{auth} +Requires: samba-common = %{version}-%{release} +Requires: logrotate >= 3.4 initscripts >= 5.54-1 Provides: samba = %{version} -Obsoletes: samba-common, samba-client, samba-swat -BuildRoot: %{_tmppath}/%{name}-%{version}-root Prefix: /usr +BuildRoot: %{_tmppath}/%{name}-%{version}-root +BuildRequires: pam-devel, readline-devel, ncurses-devel, fileutils, libacl-devel, openldap-devel, krb5-devel, cups-devel # Working around perl dependency problem from docs %define __perl_requires %{SOURCE998} @@ -45,11 +45,13 @@ NetBIOS frame) protocol. +####################################################################### %package client Summary: Samba (SMB) client programs. Group: Applications/System -Requires: samba-common = %{version} +Requires: samba-common = %{version}-%{release} Obsoletes: smbfs +Provides: samba-client = %{version}-%{release} %description client The samba-client package provides some SMB clients to compliment the @@ -57,19 +59,23 @@ shares and printing to SMB printers. +####################################################################### %package common Summary: Files used by both Samba servers and clients. Group: Applications/System +Provides: samba-common = %{version}-%{release} %description common Samba-common provides files necessary for both the server and client packages of Samba. +####################################################################### %package swat Summary: The Samba SMB server configuration program. Group: Applications/System Requires: samba = %{version} xinetd +Provides: samba-swat = %{version}-%{release} %description swat The samba-swat package includes the new SWAT (Samba Web Administration @@ -77,6 +83,21 @@ Web browser. +####################################################################### +%package doc +Summary: Samba Documentation +Group: Documentation/Other +Provides: samba-doc = %{version}-%{release} +Prereq: /usr/bin/find /bin/rm /usr/bin/xargs + +%description doc +The samba-doc package includes the HTML versions of the Samba manpages +utilized by SWAT as well as the HTML and PDF version of "Using Samba", +"Samba By Example", and "The Official Samba HOWTO and Reference Guide". + + +####################################################################### + %prep %setup -q @@ -98,17 +119,15 @@ EXTRA="-D_LARGEFILE64_SOURCE" %endif -## run autogen if missing the configure script -if [ ! -f "configure" ]; then - ./autogen.sh -fi +## always run autogen.sh +./autogen.sh CFLAGS="$RPM_OPT_FLAGS $EXTRA -D_GNU_SOURCE" ./configure \ --prefix=%{_prefix} \ --localstatedir=/var \ --with-configdir=%{_sysconfdir}/samba \ --with-libdir=%{_libdir}/samba \ - --with-lockdir=/var/cache/samba \ + --with-lockdir=/var/lib/samba \ --with-logfilebase=/var/log/samba \ --with-mandir=%{_mandir} \ --with-piddir=/var/run \ @@ -117,11 +136,13 @@ --with-swatdir=%{_datadir}/swat \ --enable-cups \ --with-acl-support \ + --with-ads \ --with-automount \ --with-fhs \ --with-pam_smbpass \ --with-libsmbclient \ --with-libsmbsharemodes \ + --without-smbwrapper \ --with-pam \ --with-quotas \ --with-shared-modules=idmap_rid,idmap_ad \ @@ -131,7 +152,18 @@ make showlayout -make CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE" proto pch +make CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE" proto + +## check for gcc 3.4 or later +CC_VERSION=`${CC} --version | head -1 | awk '{print $3}'` +CC_MAJOR=`echo ${CC_VERSION} | cut -d. -f 1` +CC_MINOR=`echo ${CC_VERSION} | cut -d. -f 2` +if [ ${CC_MAJOR} -ge 3 ]; then + if [ ${CC_MAJOR} -gt 3 -o ${CC_MINOR} -ge 4 ]; then + make pch + fi +fi + make CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE" %{?_smp_mflags} \ all modules pam_smbpass @@ -167,7 +199,7 @@ mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/{samba,sysconfig} mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d -mkdir -p $RPM_BUILD_ROOT/var/cache/samba/winbindd_privileged +mkdir -p $RPM_BUILD_ROOT/var/lib/samba/winbindd_privileged mkdir -p $RPM_BUILD_ROOT/var/{log,run/winbindd,spool}/samba cd source @@ -213,8 +245,8 @@ install -m755 source/bin/pam_smbpass.so $RPM_BUILD_ROOT/%{_lib}/security/pam_smbpass.so # we need a symlink for mount to recognise the smb and smbfs filesystem types -ln -sf %{_prefix}/bin/smbmount $RPM_BUILD_ROOT/sbin/mount.smbfs -ln -sf %{_prefix}/bin/smbmount $RPM_BUILD_ROOT/sbin/mount.smb +ln -sf %{_prefix}/sbin/smbmount $RPM_BUILD_ROOT/sbin/mount.smbfs +ln -sf %{_prefix}/sbin/smbmount $RPM_BUILD_ROOT/sbin/mount.smb # Install the miscellany echo 127.0.0.1 localhost > $RPM_BUILD_ROOT%{_sysconfdir}/samba/lmhosts @@ -255,19 +287,32 @@ rm -rf $RPM_BUILD_ROOT %post -/sbin/chkconfig --add smb +## deal with an upgrade from a broken 3.0.21b RPM +if [ "$1" -eq "2" ]; then + if [ -d /var/cache/samba ]; then + for file in `ls /var/cache/samba/*tdb`; do + /bin/cp -up $file /var/lib/samba/`basename $file` + done + mkdir -p /var/lib/samba/eventlog + for file in `ls /var/cache/samba/eventlog/*tdb`; do + /bin/cp -up $file /var/lib/samba/eventlog/`basename $file` + done + /bin/mv /var/cache/samba /var/cache/samba.moved + fi +fi %preun if [ $1 = 0 ] ; then /sbin/chkconfig --del smb - rm -rf /var/log/samba/* /var/cache/samba/* + /sbin/chkconfig --del winbind + # rm -rf /var/log/samba/* /var/lib/samba/* /sbin/service smb stop >/dev/null 2>&1 fi exit 0 %postun if [ "$1" -ge "1" ]; then - %{initdir}/smb condrestart >/dev/null 2>&1 + %{initdir}/smb restart >/dev/null 2>&1 fi @@ -278,54 +323,56 @@ fi %post common -/sbin/chkconfig --add winbind /sbin/ldconfig -%preun common -if [ $1 = 0 ] ; then - /sbin/chkconfig --del winbind - /sbin/service winbind stop >/dev/null 2>&1 -fi -exit 0 - -%postun common -p /sbin/ldconfig - -%triggerpostun -- samba < 1.9.18p7 -if [ $1 != 0 ]; then - /sbin/chkconfig --add smb -fi +%postun common +/sbin/ldconfig -%triggerpostun -- samba < 2.0.5a-3 -if [ $1 != 0 ]; then - [ ! -d /var/lock/samba ] && mkdir -m 0755 /var/lock/samba - [ ! -d /var/spool/samba ] && mkdir -m 1777 /var/spool/samba - chmod 644 /etc/services - [ -f /etc/inetd.conf ] && chmod 644 /etc/inetd.conf -fi +####################################################################### +## Files section ## +####################################################################### %files %defattr(-,root,root) -%doc README COPYING Manifest -%doc WHATSNEW.txt Roadmap -%doc docs -%doc examples/autofs examples/LDAP examples/libsmbclient examples/misc examples/printer-accounting -%doc examples/printing -%attr(755,root,root) /%{_lib}/security/pam_smbpass.so +%config(noreplace) %{_sysconfdir}/sysconfig/samba +%config(noreplace) %{_sysconfdir}/samba/smbusers +%attr(755,root,root) %config %{initdir}/smb +%attr(755,root,root) %config %{initdir}/winbind +%config(noreplace) %{_sysconfdir}/logrotate.d/samba +%config(noreplace) %{_sysconfdir}/pam.d/samba + +%attr(0755,root,root) %dir /var/log/samba +%attr(0755,root,root) %dir /var/lib/samba +%attr(1777,root,root) %dir /var/spool/samba + %{_sbindir}/samba %{_sbindir}/winbind + %{_sbindir}/smbd %{_sbindir}/nmbd +%{_sbindir}/winbindd + +%attr(755,root,root) /%{_lib}/libnss_wins.so* +%attr(755,root,root) /%{_lib}/libnss_winbind.so* +%attr(755,root,root) /%{_lib}/security/pam_winbind.so +%attr(755,root,root) /%{_lib}/security/pam_smbpass.so + %{_bindir}/mksmbpasswd.sh %{_bindir}/smbcontrol %{_bindir}/smbstatus %{_bindir}/tdbbackup %{_bindir}/tdbtool -%config(noreplace) %{_sysconfdir}/sysconfig/samba -%config(noreplace) %{_sysconfdir}/samba/smbusers -%attr(755,root,root) %config %{initdir}/smb -%config(noreplace) %{_sysconfdir}/logrotate.d/samba -%config(noreplace) %{_sysconfdir}/pam.d/samba +%{_bindir}/tdbdump +%{_bindir}/wbinfo +%{_bindir}/ntlm_auth +%{_bindir}/pdbedit +%{_bindir}/eventlogadm + +%{_libdir}/samba/idmap/*.so +%{_libdir}/samba/vfs/*.so +%{_libdir}/samba/auth/*.so + %{_mandir}/man1/smbcontrol.1* %{_mandir}/man1/smbstatus.1* %{_mandir}/man1/vfstest.1* @@ -336,20 +383,36 @@ %{_mandir}/man8/smbd.8* %{_mandir}/man7/pam_winbind.7* %{_mandir}/man8/tdbbackup.8* -%{_mandir}/man7/libsmbclient.7* +%{_mandir}/man8/tdbdump.8* +%{_mandir}/man8/winbindd.8* +%{_mandir}/man1/ntlm_auth.1* +%{_mandir}/man1/wbinfo.1* -%{_libdir}/samba/vfs -%attr(0700,root,root) %dir /var/log/samba -%attr(1777,root,root) %dir /var/spool/samba +########## + +%files doc +%defattr(-,root,root) +%doc README COPYING Manifest +%doc WHATSNEW.txt Roadmap +%doc docs +%doc examples/autofs examples/LDAP examples/libsmbclient examples/misc examples/printer-accounting +%doc examples/printing +%doc %{_datadir}/swat/help + +########## %files swat %defattr(-,root,root) %config(noreplace) %{_sysconfdir}/xinetd.d/swat -%{_datadir}/swat +%dir %{_datadir}/swat +%{_datadir}/swat/include +%{_datadir}/swat/images +%{_datadir}/swat/lang %{_sbindir}/swat %{_mandir}/man8/swat.8* -%attr(755,root,root) %{_libdir}/samba/*.msg + +########## %files client %defattr(-,root,root) @@ -357,23 +420,14 @@ /sbin/mount.smbfs /sbin/mount.cifs /sbin/umount.cifs -%{_libdir}/samba/lowcase.dat -%{_libdir}/samba/upcase.dat -%{_libdir}/samba/valid.dat + %{_bindir}/rpcclient %{_bindir}/smbcacls %{_bindir}/smbmount %{_bindir}/smbmnt %{_bindir}/smbumount %{_bindir}/findsmb -%{_bindir}/tdbdump -%{_mandir}/man8/tdbdump.8* -%{_mandir}/man8/smbmnt.8* -%{_mandir}/man8/smbmount.8* -%{_mandir}/man8/smbumount.8* -%{_mandir}/man8/mount.cifs.8.* -%{_mandir}/man8/umount.cifs.8.* -%{_mandir}/man8/smbspool.8* +%{_bindir}/smbcquotas %{_bindir}/nmblookup %{_bindir}/smbget %{_bindir}/smbclient @@ -382,6 +436,13 @@ %{_bindir}/smbtar %{_bindir}/net %{_bindir}/smbtree + +%{_mandir}/man8/smbmnt.8* +%{_mandir}/man8/smbmount.8* +%{_mandir}/man8/smbumount.8* +%{_mandir}/man8/mount.cifs.8.* +%{_mandir}/man8/umount.cifs.8.* +%{_mandir}/man8/smbspool.8* %{_mandir}/man1/smbget.1* %{_mandir}/man5/smbgetrc.5* %{_mandir}/man1/findsmb.1* @@ -392,45 +453,37 @@ %{_mandir}/man1/smbtar.1* %{_mandir}/man1/smbtree.1* %{_mandir}/man8/net.8* +%{_mandir}/man1/smbcquotas.1* + +########## %files common %defattr(-,root,root) -/%{_lib}/libnss_wins.so* -/%{_lib}/libnss_winbind.so* -/%{_lib}/security/pam_winbind.so +%dir %{_sysconfdir}/samba +%config(noreplace) %{_sysconfdir}/samba/smb.conf +%config(noreplace) %{_sysconfdir}/samba/lmhosts + %{_includedir}/libsmbclient.h %{_libdir}/libsmbclient.a -%{_libdir}/libsmbclient.so -%{_libdir}/libsmbclient.so.0 +%{_libdir}/libsmbclient.so* %{_includedir}/libmsrpc.h %{_libdir}/libmsrpc.a -%{_libdir}/libmsrpc.so -%{_libdir}/libmsrpc.so.0 -%{_libdir}/samba/charset/CP*.so -%{_libdir}/samba/idmap/*.so -%{_libdir}/samba/auth/script.so +%{_libdir}/libmsrpc.so* + +%{_libdir}/samba/*.dat +%{_libdir}/samba/*.msg +%{_libdir}/samba/charset/*.so + %{_bindir}/testparm %{_bindir}/smbpasswd -%{_bindir}/wbinfo -%{_bindir}/ntlm_auth -%{_bindir}/pdbedit -%{_bindir}/eventlogadm %{_bindir}/profiles -%{_bindir}/smbcquotas -%{_sbindir}/winbindd -%config(noreplace) %{_sysconfdir}/samba/smb.conf -%config(noreplace) %{_sysconfdir}/samba/lmhosts -%dir %{_sysconfdir}/samba -%{initdir}/winbind -%{_mandir}/man1/ntlm_auth.1* + %{_mandir}/man1/profiles.1* -%{_mandir}/man1/smbcquotas.1* %{_mandir}/man1/testparm.1* %{_mandir}/man5/smb.conf.5* %{_mandir}/man5/lmhosts.5* %{_mandir}/man8/smbpasswd.8* -%{_mandir}/man1/wbinfo.1* -%{_mandir}/man8/winbindd.8* +%{_mandir}/man7/libsmbclient.7* %changelog * Fri Jan 16 2004 Gerald (Jerry) Carter diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/README samba-3.0.21c/README --- samba-3.0.21b/README 2005-02-25 11:59:51.000000000 -0600 +++ samba-3.0.21c/README 2006-02-20 15:27:34.000000000 -0600 @@ -1,4 +1,4 @@ -This is a development version of Samba, the free SMB and CIFS client and +This is the release version of Samba, the free SMB and CIFS client and server for UNIX and other operating systems. Samba is maintained by the Samba Team, who support the original author, Andrew Tridgell. @@ -6,7 +6,7 @@ >>>> about the configuration and use of Samba. NOTE: Installation instructions may be found in - docs/htmldocs/Samba-HOWTO-Collection/install.html + docs/htmldocs/Samba3-HOWTO/install.html This software is freely distributable under the GNU public license, a copy of which you should have received with this software (in a file diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/REVISION samba-3.0.21c/REVISION --- samba-3.0.21b/REVISION 2006-01-30 13:38:35.000000000 -0600 +++ samba-3.0.21c/REVISION 2006-02-24 00:39:57.000000000 -0600 @@ -1,11 +1,11 @@ Path: . URL: svn+ssh://svn.samba.org/home/svn/samba/branches/SAMBA_3_0_RELEASE Repository UUID: 0c0555d6-39d7-0310-84fc-f1cc0bd64818 -Revision: 13236 +Revision: 13672 Node Kind: directory Schedule: normal Last Changed Author: jerry -Last Changed Rev: 13235 -Last Changed Date: 2006-01-30 13:23:32 -0600 (Mon, 30 Jan 2006) +Last Changed Rev: 13672 +Last Changed Date: 2006-02-24 00:39:13 -0600 (Fri, 24 Feb 2006) Properties Last Updated: 2005-12-20 09:28:40 -0600 (Tue, 20 Dec 2005) diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/client/clitar.c samba-3.0.21c/source/client/clitar.c --- samba-3.0.21b/source/client/clitar.c 2006-01-24 17:46:41.000000000 -0600 +++ samba-3.0.21c/source/client/clitar.c 2006-02-20 14:33:23.000000000 -0600 @@ -1698,8 +1698,8 @@ return 0; } newOptind++; - Optind++; - if (! read_inclusion_file(argv[Optind])) { + /* Optind points at the tar output file, Optind+1 at the inclusion file. */ + if (! read_inclusion_file(argv[Optind+1])) { return 0; } } else if (Optind+1 #endif" -ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS configdir lockdir piddir logfilebase privatedir swatdir LDSHFLAGS SONAMEFLAG SHLD HOST_OS PICFLAGS PICSUFFIX libc_cv_fpie PIE_CFLAGS PIE_LDFLAGS SHLIBEXT INSTALLLIBCMD_SH INSTALLLIBCMD_A INSTALL_LIBMSRPC LIBMSRPC_SHARED LIBMSRPC INSTALL_LIBSMBCLIENT LIBSMBCLIENT_SHARED LIBSMBCLIENT INSTALL_LIBSMBSHAREMODES LIBSMBSHAREMODES_SHARED LIBSMBSHAREMODES PRINT_LIBS AUTH_LIBS ACL_LIBS PASSDB_LIBS IDMAP_LIBS KRB5_LIBS LDAP_LIBS SHLIB_PROGS SMBWRAPPER SMBWRAP_OBJS SMBWRAP_INC EXTRA_BIN_PROGS EXTRA_SBIN_PROGS EXTRA_ALL_TARGETS CONFIG_LIBS SOCKWRAP CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT CPP INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA AWK PERL AR ac_ct_AR BROKEN_CC build build_cpu build_vendor build_os host host_cpu host_vendor host_os target target_cpu target_vendor target_os EGREP CUPS_CONFIG LIBOBJS TERMLIBS TERMLDFLAGS ROFF DYNEXP SMBLDAP SMBLDAPUTIL KRB5CONFIG XML2_CONFIG XML_CFLAGS XML_LIBS MYSQL_CONFIG MYSQL_CFLAGS MYSQL_LIBS PGSQL_CONFIG PGSQL_CFLAGS PGSQL_LIBS WINBIND_NSS WINBIND_WINS_NSS WINBIND_NSS_LDSHFLAGS WINBIND_NSS_EXTRA_OBJS WINBIND_NSS_EXTRA_LIBS BUILD_POPT POPTLIBS FLAGS1 PYTHON PDB_STATIC PDB_MODULES RPC_STATIC RPC_MODULES IDMAP_STATIC IDMAP_MODULES CHARSET_STATIC CHARSET_MODULES AUTH_STATIC AUTH_MODULES VFS_STATIC VFS_MODULES builddir LTLIBOBJS' +ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS configdir lockdir piddir logfilebase privatedir swatdir LDSHFLAGS SONAMEFLAG SONAMEVERSIONSUFFIX SHLD HOST_OS PICFLAGS PICSUFFIX libc_cv_fpie PIE_CFLAGS PIE_LDFLAGS SHLIBEXT INSTALLLIBCMD_SH INSTALLLIBCMD_A INSTALL_LIBMSRPC LIBMSRPC_SHARED LIBMSRPC INSTALL_LIBSMBCLIENT LIBSMBCLIENT_SHARED LIBSMBCLIENT INSTALL_LIBSMBSHAREMODES LIBSMBSHAREMODES_SHARED LIBSMBSHAREMODES PRINT_LIBS AUTH_LIBS ACL_LIBS PASSDB_LIBS IDMAP_LIBS KRB5_LIBS LDAP_LIBS SHLIB_PROGS SMBWRAPPER SMBWRAP_OBJS SMBWRAP_INC EXTRA_BIN_PROGS EXTRA_SBIN_PROGS EXTRA_ALL_TARGETS CONFIG_LIBS SOCKWRAP CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT CPP INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA AWK PERL AR ac_ct_AR BROKEN_CC build build_cpu build_vendor build_os host host_cpu host_vendor host_os target target_cpu target_vendor target_os EGREP CUPS_CONFIG LIBOBJS TERMLIBS TERMLDFLAGS ROFF DYNEXP SMBLDAP SMBLDAPUTIL KRB5CONFIG XML2_CONFIG XML_CFLAGS XML_LIBS MYSQL_CONFIG MYSQL_CFLAGS MYSQL_LIBS PGSQL_CONFIG PGSQL_CFLAGS PGSQL_LIBS WINBIND_NSS WINBIND_WINS_NSS WINBIND_NSS_LDSHFLAGS WINBIND_NSS_EXTRA_OBJS WINBIND_NSS_EXTRA_LIBS BUILD_POPT POPTLIBS FLAGS1 PYTHON PDB_STATIC PDB_MODULES RPC_STATIC RPC_MODULES IDMAP_STATIC IDMAP_MODULES CHARSET_STATIC CHARSET_MODULES AUTH_STATIC AUTH_MODULES VFS_STATIC VFS_MODULES builddir LTLIBOBJS' ac_subst_files='' # Initialize some variables set by options. @@ -1680,6 +1680,7 @@ + # Set defaults PIE_CFLAGS="" PIE_LDFLAGS="" @@ -25694,6 +25695,7 @@ HOST_OS="$host_os" LDSHFLAGS="-shared" SONAMEFLAG="#" +SONAMEVERSIONSUFFIX="" SHLD="\${CC} \${CFLAGS}" PICFLAGS="" PICSUFFIX="po" @@ -25723,6 +25725,7 @@ DYNEXP="-Wl,--export-dynamic" PICFLAGS="-fPIC" SONAMEFLAG="-Wl,-soname=" + SONAMEVERSIONSUFFIX=".2" cat >>confdefs.h <<\_ACEOF #define STAT_ST_BLOCKSIZE 512 _ACEOF @@ -48141,6 +48144,7 @@ s,@swatdir@,$swatdir,;t t s,@LDSHFLAGS@,$LDSHFLAGS,;t t s,@SONAMEFLAG@,$SONAMEFLAG,;t t +s,@SONAMEVERSIONSUFFIX@,$SONAMEVERSIONSUFFIX,;t t s,@SHLD@,$SHLD,;t t s,@HOST_OS@,$HOST_OS,;t t s,@PICFLAGS@,$PICFLAGS,;t t diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/configure.in samba-3.0.21c/source/configure.in --- samba-3.0.21b/source/configure.in 2006-01-30 08:45:07.000000000 -0600 +++ samba-3.0.21c/source/configure.in 2006-02-20 14:33:23.000000000 -0600 @@ -206,6 +206,7 @@ AC_SUBST(SHELL) AC_SUBST(LDSHFLAGS) AC_SUBST(SONAMEFLAG) +AC_SUBST(SONAMEVERSIONSUFFIX) AC_SUBST(SHLD) AC_SUBST(HOST_OS) AC_SUBST(PICFLAGS) @@ -1382,6 +1383,7 @@ HOST_OS="$host_os" LDSHFLAGS="-shared" SONAMEFLAG="#" +SONAMEVERSIONSUFFIX="" SHLD="\${CC} \${CFLAGS}" PICFLAGS="" PICSUFFIX="po" @@ -1406,6 +1408,7 @@ DYNEXP="-Wl,--export-dynamic" PICFLAGS="-fPIC" SONAMEFLAG="-Wl,-soname=" + SONAMEVERSIONSUFFIX=".2" AC_DEFINE(STAT_ST_BLOCKSIZE,512) ;; *solaris*) AC_DEFINE(SUNOS5,1,[Whether the host os is solaris]) diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/include/ads.h samba-3.0.21c/source/include/ads.h --- samba-3.0.21b/source/include/ads.h 2005-11-09 12:29:00.000000000 -0600 +++ samba-3.0.21c/source/include/ads.h 2006-02-23 10:29:34.000000000 -0600 @@ -47,6 +47,7 @@ char *sfu_shell_attr; char *sfu_uidnumber_attr; char *sfu_gidnumber_attr; + char *sfu_gecos_attr; } schema; } ADS_STRUCT; @@ -97,6 +98,7 @@ #define ADS_ATTR_SFU_GIDNUMBER_OID "1.2.840.113556.1.6.18.1.311" #define ADS_ATTR_SFU_HOMEDIR_OID "1.2.840.113556.1.6.18.1.344" #define ADS_ATTR_SFU_SHELL_OID "1.2.840.113556.1.6.18.1.312" +#define ADS_ATTR_SFU_GECOS_OID "1.2.840.113556.1.6.18.1.337" /* ldap bitwise searches */ #define ADS_LDAP_MATCHING_RULE_BIT_AND "1.2.840.113556.1.4.803" diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/include/authdata.h samba-3.0.21c/source/include/authdata.h --- samba-3.0.21b/source/include/authdata.h 2005-10-17 21:45:04.000000000 -0500 +++ samba-3.0.21c/source/include/authdata.h 2006-02-23 10:29:34.000000000 -0600 @@ -42,7 +42,7 @@ typedef struct pac_logon_name { NTTIME logon_time; uint16 len; - uint16 *username; /* might not be null terminated, so not UNISTR */ + uint8 *username; /* Actually always little-endian. might not be null terminated, so not UNISTR */ } PAC_LOGON_NAME; typedef struct pac_signature_data { diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/include/includes.h samba-3.0.21c/source/include/includes.h --- samba-3.0.21b/source/include/includes.h 2006-01-24 17:46:39.000000000 -0600 +++ samba-3.0.21c/source/include/includes.h 2006-02-20 14:33:22.000000000 -0600 @@ -533,9 +533,11 @@ /* If we have --enable-developer and the valgrind header is present, * then we're OK to use it. Set a macro so this logic can be done only * once. */ -#if defined(DEVELOPER) && (HAVE_VALGRIND_H || HAVE_VALGRIND_VALGRIND_H) +#if defined(DEVELOPER) && !defined(HAVE_64BIT_LINUX) +#if (HAVE_VALGRIND_H || HAVE_VALGRIND_VALGRIND_H) #define VALGRIND #endif +#endif /* we support ADS if we want it and have krb5 and ldap libs */ diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/include/smb.h samba-3.0.21c/source/include/smb.h --- samba-3.0.21b/source/include/smb.h 2006-01-30 08:45:07.000000000 -0600 +++ samba-3.0.21c/source/include/smb.h 2006-02-20 14:33:22.000000000 -0600 @@ -173,7 +173,7 @@ #define UCS2_CHAR(c) ((c) << UCS2_SHIFT) /* return an ascii version of a ucs2 character */ -#define UCS2_TO_CHAR(c) ((c) & 0xff) +#define UCS2_TO_CHAR(c) (((c) >> UCS2_SHIFT) & 0xff) /* Copy into a smb_ucs2_t from a possibly unaligned buffer. Return the copied smb_ucs2_t */ #define COPY_UCS2_CHAR(dest,src) (((unsigned char *)(dest))[0] = ((unsigned char *)(src))[0],\ diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/include/version.h samba-3.0.21c/source/include/version.h --- samba-3.0.21b/source/include/version.h 2006-01-30 13:39:27.000000000 -0600 +++ samba-3.0.21c/source/include/version.h 2006-02-24 00:40:02.000000000 -0600 @@ -2,6 +2,6 @@ #define SAMBA_VERSION_MAJOR 3 #define SAMBA_VERSION_MINOR 0 #define SAMBA_VERSION_RELEASE 21 -#define SAMBA_VERSION_REVISION "b" -#define SAMBA_VERSION_OFFICIAL_STRING "3.0.21b" +#define SAMBA_VERSION_REVISION "c" +#define SAMBA_VERSION_OFFICIAL_STRING "3.0.21c" #define SAMBA_VERSION_STRING samba_version_string() diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/lib/util_str.c samba-3.0.21c/source/lib/util_str.c --- samba-3.0.21b/source/lib/util_str.c 2006-01-24 17:46:34.000000000 -0600 +++ samba-3.0.21c/source/lib/util_str.c 2006-02-20 14:33:21.000000000 -0600 @@ -1797,6 +1797,9 @@ { int i = 0; + if ( ! list ) + return 0; + /* count the number of list members */ for ( i=0; *list; i++, list++ ); diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/libads/ads_struct.c samba-3.0.21c/source/libads/ads_struct.c --- samba-3.0.21b/source/libads/ads_struct.c 2005-07-28 08:19:50.000000000 -0500 +++ samba-3.0.21c/source/libads/ads_struct.c 2006-02-23 10:29:34.000000000 -0600 @@ -139,6 +139,7 @@ SAFE_FREE((*ads)->schema.sfu_gidnumber_attr); SAFE_FREE((*ads)->schema.sfu_shell_attr); SAFE_FREE((*ads)->schema.sfu_homedir_attr); + SAFE_FREE((*ads)->schema.sfu_gecos_attr); ZERO_STRUCTP(*ads); diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/libads/authdata.c samba-3.0.21c/source/libads/authdata.c --- samba-3.0.21b/source/libads/authdata.c 2005-11-09 12:29:02.000000000 -0600 +++ samba-3.0.21c/source/libads/authdata.c 2006-02-23 10:29:34.000000000 -0600 @@ -42,24 +42,24 @@ if (!prs_uint16("len", ps, depth, &logon_name->len)) return False; + /* The following string is always in little endian 16 bit values, + copy as 8 bits to avoid endian reversal on big-endian machines. + len is the length in bytes. */ + if (UNMARSHALLING(ps) && logon_name->len) { - logon_name->username = PRS_ALLOC_MEM(ps, uint16, logon_name->len); + logon_name->username = PRS_ALLOC_MEM(ps, uint8, logon_name->len); if (!logon_name->username) { DEBUG(3, ("No memory available\n")); return False; } } - if (!prs_uint16s(True, "name", ps, depth, logon_name->username, - (logon_name->len / sizeof(uint16)))) + if (!prs_uint8s(True, "name", ps, depth, logon_name->username, logon_name->len)) return False; return True; - } - - #if 0 /* Unused (handled now in net_io_user_info3()) - Guenther */ static BOOL pac_io_krb_sids(const char *desc, KRB_SID_AND_ATTRS *sid_and_attr, prs_struct *ps, int depth) @@ -891,7 +891,7 @@ nt_status = NT_STATUS_INVALID_PARAMETER; goto out; } - rpcstr_pull(username, logon_name->username, sizeof(username), -1, STR_TERMINATE); + rpcstr_pull(username, logon_name->username, sizeof(username), logon_name->len, 0); ret = smb_krb5_parse_name_norealm(context, username, &client_principal_pac); if (ret) { diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/libads/ldap.c samba-3.0.21c/source/libads/ldap.c --- samba-3.0.21b/source/libads/ldap.c 2006-01-24 17:46:39.000000000 -0600 +++ samba-3.0.21c/source/libads/ldap.c 2006-02-23 10:29:34.000000000 -0600 @@ -2563,7 +2563,7 @@ { BOOL ret = False; TALLOC_CTX *ctx = NULL; - const char *gidnumber, *uidnumber, *homedir, *shell; + const char *gidnumber, *uidnumber, *homedir, *shell, *gecos; ctx = talloc_init("ads_check_sfu_mapping"); if (ctx == NULL) @@ -2589,6 +2589,11 @@ goto done; ads->schema.sfu_shell_attr = SMB_STRDUP(shell); + gecos = ads_get_attrname_by_oid(ads, ctx, ADS_ATTR_SFU_GECOS_OID); + if (gecos == NULL) + goto done; + ads->schema.sfu_gecos_attr = SMB_STRDUP(gecos); + ret = True; done: if (ctx) diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/libmsrpc/cac_samr.c samba-3.0.21c/source/libmsrpc/cac_samr.c --- samba-3.0.21b/source/libmsrpc/cac_samr.c 2005-10-17 21:45:06.000000000 -0500 +++ samba-3.0.21c/source/libmsrpc/cac_samr.c 2006-02-20 14:33:23.000000000 -0600 @@ -891,7 +891,7 @@ int result = CAC_SUCCESS; - uint32 i = 0; + int i = 0; uint32 num_mem = 0; uint32 *rid = NULL; @@ -1389,7 +1389,7 @@ int result = CAC_SUCCESS; - uint32 i = 0; + int i = 0; uint32 num_mem = 0; DOM_SID *sid = NULL; diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/libsmb/clientgen.c samba-3.0.21c/source/libsmb/clientgen.c --- samba-3.0.21b/source/libsmb/clientgen.c 2005-12-20 09:28:39.000000000 -0600 +++ samba-3.0.21c/source/libsmb/clientgen.c 2006-02-24 00:39:24.000000000 -0600 @@ -357,7 +357,15 @@ void cli_rpc_pipe_close(struct rpc_pipe_client *cli) { - if (!cli_close(cli->cli, cli->fnum)) { + BOOL ret; + + if (!cli) { + return; + } + + ret = cli_close(cli->cli, cli->fnum); + + if (!ret) { DEBUG(0,("cli_rpc_pipe_close: cli_close failed on pipe %s, " "fnum 0x%x " "to machine %s. Error was %s\n", diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/libsmb/clierror.c samba-3.0.21c/source/libsmb/clierror.c --- samba-3.0.21b/source/libsmb/clierror.c 2005-10-17 21:45:00.000000000 -0500 +++ samba-3.0.21c/source/libsmb/clierror.c 2006-02-23 23:32:14.000000000 -0600 @@ -3,6 +3,7 @@ client error handling routines Copyright (C) Andrew Tridgell 1994-1998 Copyright (C) Jelmer Vernooij 2003 + Copyright (C) Jeremy Allison 2006 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -29,49 +30,73 @@ *******************************************************/ -static const struct -{ - int err; - const char *message; -} rap_errmap[] = -{ - {5, "RAP5: User has insufficient privilege" }, - {50, "RAP50: Not supported by server" }, - {65, "RAP65: Access denied" }, - {86, "RAP86: The specified password is invalid" }, - {2220, "RAP2220: Group does not exist" }, - {2221, "RAP2221: User does not exist" }, - {2226, "RAP2226: Operation only permitted on a Primary Domain Controller" }, - {2237, "RAP2237: User is not in group" }, - {2242, "RAP2242: The password of this user has expired." }, - {2243, "RAP2243: The password of this user cannot change." }, - {2244, "RAP2244: This password cannot be used now (password history conflict)." }, - {2245, "RAP2245: The password is shorter than required." }, - {2246, "RAP2246: The password of this user is too recent to change."}, - - /* these really shouldn't be here ... */ - {0x80, "Not listening on called name"}, - {0x81, "Not listening for calling name"}, - {0x82, "Called name not present"}, - {0x83, "Called name present, but insufficient resources"}, +static const struct { + int err; + const char *message; +} rap_errmap[] = { + {5, "RAP5: User has insufficient privilege" }, + {50, "RAP50: Not supported by server" }, + {65, "RAP65: Access denied" }, + {86, "RAP86: The specified password is invalid" }, + {2220, "RAP2220: Group does not exist" }, + {2221, "RAP2221: User does not exist" }, + {2226, "RAP2226: Operation only permitted on a Primary Domain Controller" }, + {2237, "RAP2237: User is not in group" }, + {2242, "RAP2242: The password of this user has expired." }, + {2243, "RAP2243: The password of this user cannot change." }, + {2244, "RAP2244: This password cannot be used now (password history conflict)." }, + {2245, "RAP2245: The password is shorter than required." }, + {2246, "RAP2246: The password of this user is too recent to change."}, + + /* these really shouldn't be here ... */ + {0x80, "Not listening on called name"}, + {0x81, "Not listening for calling name"}, + {0x82, "Called name not present"}, + {0x83, "Called name present, but insufficient resources"}, - {0, NULL} + {0, NULL} }; /**************************************************************************** - return a description of an SMB error + Return a description of an SMB error. ****************************************************************************/ + static const char *cli_smb_errstr(struct cli_state *cli) { return smb_dos_errstr(cli->inbuf); } +/**************************************************************************** + Convert a socket error into an NTSTATUS. +****************************************************************************/ + +static NTSTATUS cli_smb_rw_error_to_ntstatus(struct cli_state *cli) +{ + switch(cli->smb_rw_error) { + case READ_TIMEOUT: + return NT_STATUS_IO_TIMEOUT; + case READ_EOF: + return NT_STATUS_END_OF_FILE; + /* What we shoud really do for read/write errors is convert from errno. */ + /* FIXME. JRA. */ + case READ_ERROR: + return NT_STATUS_INVALID_NETWORK_RESPONSE; + case WRITE_ERROR: + return NT_STATUS_UNEXPECTED_NETWORK_ERROR; + case READ_BAD_SIG: + return NT_STATUS_INVALID_PARAMETER; + default: + break; + } + return NT_STATUS_UNSUCCESSFUL; +} + /*************************************************************************** Return an error message - either an NT error, SMB error or a RAP error. Note some of the NT errors are actually warnings or "informational" errors in which case they can be safely ignored. ****************************************************************************/ - + const char *cli_errstr(struct cli_state *cli) { static fstring cli_error_message; @@ -145,11 +170,19 @@ } -/* Return the 32-bit NT status code from the last packet */ +/**************************************************************************** + Return the 32-bit NT status code from the last packet. +****************************************************************************/ + NTSTATUS cli_nt_error(struct cli_state *cli) { int flgs2 = SVAL(cli->inbuf,smb_flg2); + /* Deal with socket errors first. */ + if (cli->fd == -1 && cli->smb_rw_error) { + return cli_smb_rw_error_to_ntstatus(cli); + } + if (!(flgs2 & FLAGS2_32_BIT_ERROR_CODES)) { int e_class = CVAL(cli->inbuf,smb_rcls); int code = SVAL(cli->inbuf,smb_err); @@ -160,15 +193,27 @@ } -/* Return the DOS error from the last packet - an error class and an error - code. */ +/**************************************************************************** + Return the DOS error from the last packet - an error class and an error + code. +****************************************************************************/ + void cli_dos_error(struct cli_state *cli, uint8 *eclass, uint32 *ecode) { int flgs2; char rcls; int code; - if(!cli->initialised) return; + if(!cli->initialised) { + return; + } + + /* Deal with socket errors first. */ + if (cli->fd == -1 && cli->smb_rw_error) { + NTSTATUS status = cli_smb_rw_error_to_ntstatus(cli); + ntstatus_to_dos( status, eclass, ecode); + return; + } flgs2 = SVAL(cli->inbuf,smb_flg2); @@ -185,6 +230,10 @@ if (ecode) *ecode = code; } +/**************************************************************************** + The following mappings need tidying up and moving into libsmb/errormap.c... +****************************************************************************/ + /* Return a UNIX errno from a dos error class, error number tuple */ static int cli_errno_from_dos(uint8 eclass, uint32 num) @@ -327,6 +376,10 @@ {NT_STATUS(0), 0} }; +/**************************************************************************** + The following mappings need tidying up and moving into libsmb/errormap.c... +****************************************************************************/ + static int cli_errno_from_nt(NTSTATUS status) { int i; @@ -334,8 +387,9 @@ /* Status codes without this bit set are not errors */ - if (!(NT_STATUS_V(status) & 0xc0000000)) + if (!(NT_STATUS_V(status) & 0xc0000000)) { return 0; + } for (i=0;nt_errno_map[i].error;i++) { if (NT_STATUS_V(nt_errno_map[i].status) == @@ -351,7 +405,10 @@ int cli_errno(struct cli_state *cli) { - NTSTATUS status; + if (cli_is_nt_error(cli)) { + NTSTATUS status = cli_nt_error(cli); + return cli_errno_from_nt(status); + } if (cli_is_dos_error(cli)) { uint8 eclass; @@ -361,9 +418,8 @@ return cli_errno_from_dos(eclass, ecode); } - status = cli_nt_error(cli); - - return cli_errno_from_nt(status); + /* for other cases */ + return EINVAL; } /* Return true if the last packet was in error */ @@ -372,8 +428,10 @@ { uint32 flgs2 = SVAL(cli->inbuf,smb_flg2), rcls = 0; - if (cli->fd == -1 && cli->smb_rw_error != 0) + /* A socket error is always an error. */ + if (cli->fd == -1 && cli->smb_rw_error != 0) { return True; + } if (flgs2 & FLAGS2_32_BIT_ERROR_CODES) { /* Return error is error bits are set */ @@ -393,6 +451,11 @@ { uint32 flgs2 = SVAL(cli->inbuf,smb_flg2); + /* A socket error is always an NT error. */ + if (cli->fd == -1 && cli->smb_rw_error != 0) { + return True; + } + return cli_is_error(cli) && (flgs2 & FLAGS2_32_BIT_ERROR_CODES); } @@ -402,6 +465,11 @@ { uint32 flgs2 = SVAL(cli->inbuf,smb_flg2); + /* A socket error is always a DOS error. */ + if (cli->fd == -1 && cli->smb_rw_error != 0) { + return True; + } + return cli_is_error(cli) && !(flgs2 & FLAGS2_32_BIT_ERROR_CODES); } diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/libsmb/conncache.c samba-3.0.21c/source/libsmb/conncache.c --- samba-3.0.21b/source/libsmb/conncache.c 2005-02-25 11:59:33.000000000 -0600 +++ samba-3.0.21c/source/libsmb/conncache.c 2006-02-20 14:33:22.000000000 -0600 @@ -105,10 +105,11 @@ a domain, but maybe not a specific DC name. */ for (fcc = failed_connection_cache; fcc; fcc = fcc->next) { - if ( strequal(fcc->domain_name, domain) && strequal(fcc->controller, server) ) - { + if ( strequal(fcc->domain_name, domain) && strequal(fcc->controller, server) ) { DEBUG(10, ("add_failed_connection_entry: domain %s (%s) already tried and failed\n", domain, server )); + /* Update the failed time. */ + fcc->lookup_time = time(NULL); return; } } diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/libsmb/ntlmssp.c samba-3.0.21c/source/libsmb/ntlmssp.c --- samba-3.0.21b/source/libsmb/ntlmssp.c 2006-01-24 17:46:35.000000000 -0600 +++ samba-3.0.21c/source/libsmb/ntlmssp.c 2006-02-20 14:33:22.000000000 -0600 @@ -72,6 +72,8 @@ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_SIGN\n")); if (neg_flags & NTLMSSP_NEGOTIATE_SEAL) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_SEAL\n")); + if (neg_flags & NTLMSSP_NEGOTIATE_DATAGRAM_STYLE) + DEBUGADD(4, (" NTLMSSP_NEGOTIATE_DATAGRAM_STYLE\n")); if (neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_LM_KEY\n")); if (neg_flags & NTLMSSP_NEGOTIATE_NETWARE) @@ -86,6 +88,10 @@ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL\n")); if (neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_ALWAYS_SIGN\n")); + if (neg_flags & NTLMSSP_CHAL_ACCEPT_RESPONSE) + DEBUGADD(4, (" NTLMSSP_CHAL_ACCEPT_RESPONSE\n")); + if (neg_flags & NTLMSSP_CHAL_NON_NT_SESSION_KEY) + DEBUGADD(4, (" NTLMSSP_CHAL_NON_NT_SESSION_KEY\n")); if (neg_flags & NTLMSSP_NEGOTIATE_NTLM2) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NTLM2\n")); if (neg_flags & NTLMSSP_CHAL_TARGET_INFO) @@ -94,6 +100,8 @@ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_128\n")); if (neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_KEY_EXCH\n")); + if (neg_flags & NTLMSSP_NEGOTIATE_56) + DEBUGADD(4, (" NTLMSSP_NEGOTIATE_56\n")); } /** @@ -382,11 +390,16 @@ by the client lanman auth/lanman auth parameters, it isn't too bad. */ -void ntlmssp_weaken_keys(NTLMSSP_STATE *ntlmssp_state) +DATA_BLOB ntlmssp_weaken_keys(NTLMSSP_STATE *ntlmssp_state, TALLOC_CTX *mem_ctx) { + DATA_BLOB weakened_key = data_blob_talloc(mem_ctx, + ntlmssp_state->session_key.data, + ntlmssp_state->session_key.length); + /* Nothing to weaken. We certainly don't want to 'extend' the length... */ - if (ntlmssp_state->session_key.length < 8) { - return; + if (weakened_key.length < 16) { + /* perhaps there was no key? */ + return weakened_key; } /* Key weakening not performed on the master key for NTLM2 @@ -395,17 +408,19 @@ */ if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) { - if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_128) { - ; - } else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) { - ntlmssp_state->session_key.data[7] = 0xa0; + /* LM key doesn't support 128 bit crypto, so this is + * the best we can do. If you negotiate 128 bit, but + * not 56, you end up with 40 bit... */ + if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) { + weakened_key.data[7] = 0xa0; } else { /* forty bits */ - ntlmssp_state->session_key.data[5] = 0xe5; - ntlmssp_state->session_key.data[6] = 0x38; - ntlmssp_state->session_key.data[7] = 0xb0; + weakened_key.data[5] = 0xe5; + weakened_key.data[6] = 0x38; + weakened_key.data[7] = 0xb0; } - ntlmssp_state->session_key.length = 8; + weakened_key.length = 8; } + return weakened_key; } /** @@ -775,9 +790,6 @@ ntlmssp_state->session_key = session_key; } - /* The client might need us to use a partial-strength session key */ - ntlmssp_weaken_keys(ntlmssp_state); - if (!NT_STATUS_IS_OK(nt_status)) { ntlmssp_state->session_key = data_blob(NULL, 0); } else if (ntlmssp_state->session_key.length) { @@ -1093,9 +1105,6 @@ ntlmssp_state->session_key = session_key; - /* The client might be using 56 or 40 bit weakened keys */ - ntlmssp_weaken_keys(ntlmssp_state); - ntlmssp_state->chal = challenge_blob; ntlmssp_state->lm_resp = lm_response; ntlmssp_state->nt_resp = nt_response; diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/libsmb/ntlmssp_sign.c samba-3.0.21c/source/libsmb/ntlmssp_sign.c --- samba-3.0.21b/source/libsmb/ntlmssp_sign.c 2006-01-24 17:46:35.000000000 -0600 +++ samba-3.0.21c/source/libsmb/ntlmssp_sign.c 2006-02-20 14:33:22.000000000 -0600 @@ -236,8 +236,6 @@ uchar *whole_pdu, size_t pdu_length, DATA_BLOB *sig) { - NTSTATUS nt_status; - if (!(ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL)) { DEBUG(3, ("NTLMSSP Sealing not negotiated - cannot seal packet!\n")); return NT_STATUS_INVALID_PARAMETER; @@ -254,10 +252,14 @@ /* The order of these two operations matters - we must first seal the packet, then seal the sequence number - this is becouse the send_seal_hash is not constant, but is is rather updated with each iteration */ - nt_status = ntlmssp_make_packet_signature(ntlmssp_state, + NTSTATUS nt_status = ntlmssp_make_packet_signature(ntlmssp_state, data, length, whole_pdu, pdu_length, NTLMSSP_SEND, sig, False); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } + smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state, data, length); if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) { smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state, sig->data+4, 8); @@ -283,8 +285,6 @@ smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4); ntlmssp_state->ntlmv1_seq_num++; - - nt_status = NT_STATUS_OK; } dump_data_pw("ntlmssp signature\n", sig->data, sig->length); dump_data_pw("ntlmssp sealed data\n", data, length); @@ -327,18 +327,24 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state) { unsigned char p24[24]; + TALLOC_CTX *mem_ctx; ZERO_STRUCT(p24); + mem_ctx = talloc_init("weak_keys"); + if (!mem_ctx) { + return NT_STATUS_NO_MEMORY; + } + DEBUG(3, ("NTLMSSP Sign/Seal - Initialising with flags:\n")); debug_ntlmssp_flags(ntlmssp_state->neg_flags); - if (!ntlmssp_state->session_key.length) { + if (ntlmssp_state->session_key.length < 8) { + talloc_free(mem_ctx); DEBUG(3, ("NO session key, cannot intialise signing\n")); return NT_STATUS_NO_USER_SESSION_KEY; } - if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) - { + if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { DATA_BLOB weak_session_key = ntlmssp_state->session_key; const char *send_sign_const; const char *send_seal_const; @@ -359,11 +365,8 @@ recv_seal_const = CLI_SEAL; break; default: - send_sign_const = "unknown role"; - send_seal_const = "unknown role"; - recv_sign_const = "unknown role"; - recv_seal_const = "unknown role"; - break; + talloc_free(mem_ctx); + return NT_STATUS_INTERNAL_ERROR; } /** @@ -374,7 +377,7 @@ if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_128) { ; } else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) { - weak_session_key.length = 6; + weak_session_key.length = 7; } else { /* forty bits */ weak_session_key.length = 5; } @@ -383,12 +386,13 @@ weak_session_key.data, weak_session_key.length); - /* SEND */ + /* SEND: sign key */ calc_ntlmv2_key(ntlmssp_state->send_sign_key, ntlmssp_state->session_key, send_sign_const); dump_data_pw("NTLMSSP send sign key:\n", ntlmssp_state->send_sign_key, 16); + /* SEND: seal ARCFOUR pad */ calc_ntlmv2_key(ntlmssp_state->send_seal_key, weak_session_key, send_seal_const); dump_data_pw("NTLMSSP send seal key:\n", @@ -401,12 +405,13 @@ ntlmssp_state->send_seal_arc4_state, sizeof(ntlmssp_state->send_seal_arc4_state)); - /* RECV */ + /* RECV: sign key */ calc_ntlmv2_key(ntlmssp_state->recv_sign_key, ntlmssp_state->session_key, recv_sign_const); dump_data_pw("NTLMSSP recv send sign key:\n", ntlmssp_state->recv_sign_key, 16); + /* RECV: seal ARCFOUR pad */ calc_ntlmv2_key(ntlmssp_state->recv_seal_key, weak_session_key, recv_seal_const); @@ -446,10 +451,12 @@ weak_session_key.length); #endif + DATA_BLOB weak_session_key = ntlmssp_weaken_keys(ntlmssp_state, mem_ctx); + DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n")); smb_arc4_init(ntlmssp_state->ntlmv1_arc4_state, - ntlmssp_state->session_key.data, ntlmssp_state->session_key.length); + weak_session_key.data, weak_session_key.length); dump_data_pw("NTLMv1 arc4 state:\n", ntlmssp_state->ntlmv1_arc4_state, sizeof(ntlmssp_state->ntlmv1_arc4_state)); @@ -457,5 +464,6 @@ ntlmssp_state->ntlmv1_seq_num = 0; } + talloc_free(mem_ctx); return NT_STATUS_OK; } diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/libsmb/passchange.c samba-3.0.21c/source/libsmb/passchange.c --- samba-3.0.21b/source/libsmb/passchange.c 2005-10-17 21:45:00.000000000 -0500 +++ samba-3.0.21c/source/libsmb/passchange.c 2006-02-20 14:33:22.000000000 -0600 @@ -34,6 +34,7 @@ struct in_addr ip; NTSTATUS result; + BOOL pass_must_change = False; *err_str = '\0'; @@ -73,6 +74,28 @@ /* Given things like SMB signing, restrict anonymous and the like, try an authenticated connection first */ if (!cli_session_setup(&cli, user_name, old_passwd, strlen(old_passwd)+1, old_passwd, strlen(old_passwd)+1, "")) { + + result = cli_nt_error(&cli); + + if (!NT_STATUS_IS_OK(result)) { + + /* Password must change is the only valid error + * condition here from where we can proceed, the rest + * like account locked out or logon failure will lead + * to errors later anyway */ + + if (!NT_STATUS_EQUAL(result, + NT_STATUS_PASSWORD_MUST_CHANGE)) { + slprintf(err_str, err_str_len-1, "Could not " + "connect to machine %s: %s\n", + remote_machine, cli_errstr(&cli)); + cli_shutdown(&cli); + return False; + } + + pass_must_change = True; + } + /* * We should connect as the anonymous user here, in case * the server has "must change password" checked... @@ -100,13 +123,25 @@ /* Try not to give the password away too easily */ - pipe_hnd = cli_rpc_pipe_open_ntlmssp(&cli, + if (!pass_must_change) { + pipe_hnd = cli_rpc_pipe_open_ntlmssp(&cli, PI_SAMR, PIPE_AUTH_LEVEL_PRIVACY, "", /* what domain... ? */ user_name, old_passwd, &result); + } else { + /* + * If the user password must be changed the ntlmssp bind will + * fail the same way as the session setup above did. The + * difference ist that with a pipe bind we don't get a good + * error message, the result will be that the rpc call below + * will just fail. So we do it anonymously, there's no other + * way. + */ + pipe_hnd = cli_rpc_pipe_open_noauth(&cli, PI_SAMR, &result); + } if (!pipe_hnd) { if (lp_client_lanman_auth()) { diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/Makefile.in samba-3.0.21c/source/Makefile.in --- samba-3.0.21b/source/Makefile.in 2006-01-30 12:38:49.000000000 -0600 +++ samba-3.0.21c/source/Makefile.in 2006-02-20 14:33:23.000000000 -0600 @@ -481,14 +481,15 @@ $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \ $(SECRETS_OBJ) $(LIBSAMBA_OBJ) -SMBPASSWD_OBJ = utils/smbpasswd.o $(PASSCHANGE_OBJ) $(PARAM_OBJ) $(SECRETS_OBJ) \ - $(LIBSMB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ)\ - $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) \ - $(SMBLDAP_OBJ) $(RPC_PARSE_OBJ) $(LIBMSRPC_OBJ) - -PDBEDIT_OBJ = utils/pdbedit.o $(PARAM_OBJ) $(PASSDB_OBJ) $(LIBSAMBA_OBJ) \ - $(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) $(SECRETS_OBJ) \ - $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) libsmb/asn1.o +SMBPASSWD_OBJ = utils/smbpasswd.o utils/passwd_util.o $(PASSCHANGE_OBJ) \ + $(PARAM_OBJ) $(SECRETS_OBJ) $(LIBSMB_OBJ) $(PASSDB_OBJ) \ + $(GROUPDB_OBJ) $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) \ + $(POPT_OBJS) $(SMBLDAP_OBJ) $(RPC_PARSE_OBJ) $(LIBMSRPC_OBJ) + +PDBEDIT_OBJ = utils/pdbedit.o utils/passwd_util.o $(PARAM_OBJ) $(PASSDB_OBJ) \ + $(LIBSAMBA_OBJ) $(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) \ + $(SECRETS_OBJ) $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) libsmb/asn1.o \ + $(RPC_PARSE_OBJ1) $(DOSERR_OBJ) SMBGET_OBJ = utils/smbget.o $(POPT_LIB_OBJ) $(LIBSMBCLIENT_OBJ) @@ -663,7 +664,7 @@ $(RPC_SVC_OBJ) $(RPC_WKS_OBJ) $(RPC_DFS_OBJ) $(RPC_SPOOLSS_OBJ) \ $(RPC_ECHO_OBJ) $(RPC_SVCCTL_OBJ) $(RPC_EVENTLOG_OBJ) $(SMBLDAP_OBJ) \ $(IDMAP_OBJ) libsmb/spnego.o $(PASSCHANGE_OBJ) \ - $(RPC_NTSVCS_OBJ) + $(RPC_NTSVCS_OBJ) utils/passwd_util.o WINBIND_WINS_NSS_OBJ = nsswitch/wins.o $(PARAM_OBJ) \ $(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) $(NSSWINS_OBJ) $(KRBCLIENT_OBJ) @@ -864,7 +865,7 @@ @echo Generating $@ @dir=smbd $(MAKEDIR) && $(AWK) -f $(srcdir)/script/mkbuildoptions.awk > $(builddir)/smbd/build_options.c < $(srcdir)/include/config.h.in -.c.@PICSUFFIX@: +.c.@PICSUFFIX@: @if (: >> $@ || : > $@) >/dev/null 2>&1; then rm -f $@; else \ dir=`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` $(MAKEDIR); fi @echo Compiling $*.c with @PICFLAGS@ @@ -1172,13 +1173,13 @@ @WINBIND_NSS@: $(WINBIND_NSS_PICOBJS) @echo "Linking $@" @$(SHLD) $(WINBIND_NSS_LDSHFLAGS) -o $@ $(WINBIND_NSS_PICOBJS) \ - @WINBIND_NSS_EXTRA_LIBS@ @SONAMEFLAG@`basename $@` + @WINBIND_NSS_EXTRA_LIBS@ @SONAMEFLAG@`basename $@`@SONAMEVERSIONSUFFIX@ @WINBIND_WINS_NSS@: $(WINBIND_WINS_NSS_PICOBJS) @echo "Linking $@" @$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_WINS_NSS_PICOBJS) \ - $(LDAP_LIBS) $(KRB5LIBS) -lc \ - @SONAMEFLAG@`basename $@` + $(LDAP_LIBS) $(KRB5LIBS) \ + @SONAMEFLAG@`basename $@`@SONAMEVERSIONSUFFIX@ nsswitch/pam_winbind.@SHLIBEXT@: $(PAM_WINBIND_PICOBJ) bin/.dummy @echo "Linking $@" @@ -1356,7 +1357,7 @@ bin/pam_smbpass.@SHLIBEXT@: $(PAM_SMBPASS_PICOOBJ) @echo "Linking shared library $@" - @$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_SMBPASS_PICOOBJ) -lpam $(DYNEXP) $(LIBS) -lc $(LDAP_LIBS) $(KRB5LIBS) + @$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_SMBPASS_PICOOBJ) -lpam $(DYNEXP) $(LIBS) $(LDAP_LIBS) $(KRB5LIBS) bin/tdbbackup@EXEEXT@: $(TDBBACKUP_OBJ) bin/.dummy @echo Linking $@ @@ -1479,7 +1480,7 @@ PYTHON_OBJS="$(PYTHON_PICOBJS)" \ PYTHON_CFLAGS="$(CFLAGS) $(CPPFLAGS)" \ LIBS="$(LDFLAGS) $(LIBS)" \ - $(PYTHON) python/setup.py install + $(PYTHON) python/setup.py install --root=$(DESTDIR) python_clean: @-if test -n "$(PYTHON)"; then $(PYTHON) python/setup.py clean; fi @@ -1494,7 +1495,7 @@ .PHONY: showlayout -showlayout: +showlayout: @echo "Samba will be installed into:" @echo " basedir: $(BASEDIR)" @echo " bindir: $(BINDIR)" @@ -1572,27 +1573,32 @@ -h _WREPLD_PROTO_H_ $(builddir)/include/wrepld_proto.h \ $(WREPL_OBJ1) -nsswitch/winbindd_proto.h: +nsswitch/winbindd_proto.h: @cd $(srcdir) && $(SHELL) $(MKPROTO_SH) $(AWK) \ -h _WINBINDD_PROTO_H_ $(builddir)/nsswitch/winbindd_proto.h \ $(WINBINDD_OBJ1) -web/swat_proto.h: +web/swat_proto.h: @cd $(srcdir) && $(SHELL) $(MKPROTO_SH) $(AWK) \ -h _SWAT_PROTO_H_ $(builddir)/web/swat_proto.h \ $(SWAT_OBJ1) -client/client_proto.h: +client/client_proto.h: @cd $(srcdir) && $(SHELL) $(MKPROTO_SH) $(AWK) \ -h _CLIENT_PROTO_H_ $(builddir)/client/client_proto.h \ $(CLIENT_OBJ1) -utils/net_proto.h: +utils/net_proto.h: @cd $(srcdir) && $(SHELL) $(MKPROTO_SH) $(AWK) \ -h _NET_PROTO_H_ $(builddir)/utils/net_proto.h \ $(NET_OBJ1) -utils/ntlm_auth_proto.h: +utils/passwd_proto.h: + @cd $(srcdir) && $(SHELL) $(MKPROTO_SH) $(AWK) \ + -h _PASSWD_PROTO_H_ $(builddir)/utils/passwd_proto.h \ + utils/passwd_util.o + +utils/ntlm_auth_proto.h: @cd $(srcdir) && $(SHELL) $(MKPROTO_SH) $(AWK) \ -h _NTLM_AUTH_PROTO_H_ $(builddir)/utils/ntlm_auth_proto.h \ $(NTLM_AUTH_OBJ1) @@ -1600,7 +1606,7 @@ # "make headers" or "make proto" calls a subshell because we need to # make sure these commands are executed in sequence even for a # parallel make. -headers: +headers: $(MAKE) delheaders; \ $(MAKE) smbd/build_options.c; \ $(MAKE) include/proto.h; \ @@ -1610,7 +1616,8 @@ $(MAKE) web/swat_proto.h; \ $(MAKE) client/client_proto.h; \ $(MAKE) utils/ntlm_auth_proto.h; \ - $(MAKE) utils/net_proto.h; + $(MAKE) utils/net_proto.h; \ + $(MAKE) utils/passwd_proto.h; proto: headers diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/modules/getdate.c samba-3.0.21c/source/modules/getdate.c --- samba-3.0.21b/source/modules/getdate.c 2005-07-28 08:19:46.000000000 -0500 +++ samba-3.0.21c/source/modules/getdate.c 2006-02-20 14:33:21.000000000 -0600 @@ -138,6 +138,7 @@ #endif #include +#include #if HAVE_STDLIB_H # include /* for `free'; used by Bison 1.27 */ diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/modules/getdate.y samba-3.0.21c/source/modules/getdate.y --- samba-3.0.21b/source/modules/getdate.y 2005-07-28 08:19:45.000000000 -0500 +++ samba-3.0.21c/source/modules/getdate.y 2006-02-20 14:33:21.000000000 -0600 @@ -43,6 +43,7 @@ #endif #include +#include #if HAVE_STDLIB_H # include /* for `free'; used by Bison 1.27 */ diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/nsswitch/winbindd_ads.c samba-3.0.21c/source/nsswitch/winbindd_ads.c --- samba-3.0.21b/source/nsswitch/winbindd_ads.c 2006-01-24 17:46:34.000000000 -0600 +++ samba-3.0.21c/source/nsswitch/winbindd_ads.c 2006-02-23 23:32:14.000000000 -0600 @@ -151,7 +151,8 @@ "name", "objectSid", "primaryGroupID", "sAMAccountType", ADS_ATTR_SFU_HOMEDIR_OID, - ADS_ATTR_SFU_SHELL_OID, + ADS_ATTR_SFU_SHELL_OID, + ADS_ATTR_SFU_GECOS_OID, NULL}; int i, count; ADS_STATUS rc; @@ -191,7 +192,7 @@ i = 0; for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) { - char *name, *gecos; + char *name, *gecos = NULL; char *homedir = NULL; char *shell = NULL; uint32 group; @@ -204,10 +205,18 @@ } name = ads_pull_username(ads, mem_ctx, msg); - gecos = ads_pull_string(ads, mem_ctx, msg, "name"); + if (use_nss_info("sfu")) { - homedir = ads_pull_string(ads, mem_ctx, msg, ads->schema.sfu_homedir_attr); - shell = ads_pull_string(ads, mem_ctx, msg, ads->schema.sfu_shell_attr); + homedir = ads_pull_string(ads, mem_ctx, msg, + ads->schema.sfu_homedir_attr); + shell = ads_pull_string(ads, mem_ctx, msg, + ads->schema.sfu_shell_attr); + gecos = ads_pull_string(ads, mem_ctx, msg, + ads->schema.sfu_gecos_attr); + } + + if (gecos == NULL) { + gecos = ads_pull_string(ads, mem_ctx, msg, "name"); } if (!ads_pull_sid(ads, msg, "objectSid", @@ -433,7 +442,8 @@ "name", "primaryGroupID", ADS_ATTR_SFU_HOMEDIR_OID, - ADS_ATTR_SFU_SHELL_OID, + ADS_ATTR_SFU_SHELL_OID, + ADS_ATTR_SFU_GECOS_OID, NULL}; ADS_STATUS rc; int count; @@ -471,11 +481,18 @@ } info->acct_name = ads_pull_username(ads, mem_ctx, msg); - info->full_name = ads_pull_string(ads, mem_ctx, msg, "name"); if (use_nss_info("sfu")) { - info->homedir = ads_pull_string(ads, mem_ctx, msg, ads->schema.sfu_homedir_attr); - info->shell = ads_pull_string(ads, mem_ctx, msg, ads->schema.sfu_shell_attr); + info->homedir = ads_pull_string(ads, mem_ctx, msg, + ads->schema.sfu_homedir_attr); + info->shell = ads_pull_string(ads, mem_ctx, msg, + ads->schema.sfu_shell_attr); + info->full_name = ads_pull_string(ads, mem_ctx, msg, + ads->schema.sfu_gecos_attr); + } + + if (info->full_name == NULL) { + info->full_name = ads_pull_string(ads, mem_ctx, msg, "name"); } if (!ads_pull_uint32(ads, msg, "primaryGroupID", &group_rid)) { diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/pam_smbpass/pam_smb_auth.c samba-3.0.21c/source/pam_smbpass/pam_smb_auth.c --- samba-3.0.21b/source/pam_smbpass/pam_smb_auth.c 2005-10-17 21:44:59.000000000 -0500 +++ samba-3.0.21c/source/pam_smbpass/pam_smb_auth.c 2006-02-20 14:33:21.000000000 -0600 @@ -67,7 +67,7 @@ SAM_ACCOUNT *sampass = NULL; extern BOOL in_client; const char *name; - void (*oldsig_handler)(int); + void (*oldsig_handler)(int) = NULL; BOOL found; /* Points to memory managed by the PAM library. Do not free. */ diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/param/loadparm.c samba-3.0.21c/source/param/loadparm.c --- samba-3.0.21b/source/param/loadparm.c 2006-01-24 17:46:33.000000000 -0600 +++ samba-3.0.21c/source/param/loadparm.c 2006-02-20 14:33:21.000000000 -0600 @@ -1623,10 +1623,7 @@ operations as root */ Globals.bEnablePrivileges = False; - Globals.bASUSupport = True; - - Globals.szServicesList = str_list_make( "Spooler NETLOGON", NULL ); } static TALLOC_CTX *lp_talloc; diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/printing/nt_printing.c samba-3.0.21c/source/printing/nt_printing.c --- samba-3.0.21b/source/printing/nt_printing.c 2006-01-24 17:46:33.000000000 -0600 +++ samba-3.0.21c/source/printing/nt_printing.c 2006-02-20 14:33:21.000000000 -0600 @@ -4779,6 +4779,11 @@ return False; } + if ( !CAN_WRITE(conn) ) { + DEBUG(3,("delete_driver_files: Cannot delete print driver when [print$] is read-only\n")); + return False; + } + /* Save who we are - we are temporarily becoming the connection user. */ if ( !become_user(conn, conn->vuid) ) { diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/printing/print_iprint.c samba-3.0.21c/source/printing/print_iprint.c --- samba-3.0.21b/source/printing/print_iprint.c 2005-10-17 21:44:57.000000000 -0500 +++ samba-3.0.21c/source/printing/print_iprint.c 2006-02-20 14:33:21.000000000 -0600 @@ -1206,7 +1206,7 @@ static int iprint_queue_pause(int snum) { - return(-1); //Not supported without credentials + return(-1); /* Not supported without credentials */ } @@ -1216,7 +1216,7 @@ static int iprint_queue_resume(int snum) { - return(-1); //Not supported without credentials + return(-1); /* Not supported without credentials */ } /******************************************************************* diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/python/setup.py samba-3.0.21c/source/python/setup.py --- samba-3.0.21b/source/python/setup.py 2006-01-24 17:46:31.000000000 -0600 +++ samba-3.0.21c/source/python/setup.py 2006-02-20 14:33:20.000000000 -0600 @@ -63,9 +63,9 @@ next_is_flag = 0; elif lib == "-Wl,-rpath": next_is_path = 1; - elif lib[0:2] in ("-l"): + elif lib[0:2] == ("-l"): libraries.append(lib[2:]) - elif lib[0:8] in ("-pthread"): + elif lib[0:8] == ("-pthread"): pass # Skip linker flags elif lib[0:2] == "-L": library_dirs.append(lib[2:]) diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/rpcclient/rpcclient.c samba-3.0.21c/source/rpcclient/rpcclient.c --- samba-3.0.21b/source/rpcclient/rpcclient.c 2006-01-24 17:46:31.000000000 -0600 +++ samba-3.0.21c/source/rpcclient/rpcclient.c 2006-02-20 14:33:20.000000000 -0600 @@ -689,6 +689,7 @@ struct in_addr server_ip; NTSTATUS nt_status; static int opt_port = 0; + fstring new_workgroup; /* make sure the vars that get altered (4th field) are in a fixed location or certain compilers complain */ @@ -755,11 +756,22 @@ if (!init_names()) return 1; + /* save the workgroup... + + FIXME!! do we need to do this for other options as well + (or maybe a generic way to keep lp_load() from overwriting + everything)? */ + + fstrcpy( new_workgroup, lp_workgroup() ); + /* Load smb.conf file */ if (!lp_load(dyn_CONFIGFILE,True,False,False)) fprintf(stderr, "Can't load %s\n", dyn_CONFIGFILE); + if ( strlen(new_workgroup) != 0 ) + set_global_myworkgroup( new_workgroup ); + /* * Get password * from stdin if necessary diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/rpc_client/cli_pipe.c samba-3.0.21c/source/rpc_client/cli_pipe.c --- samba-3.0.21b/source/rpc_client/cli_pipe.c 2005-12-20 09:28:37.000000000 -0600 +++ samba-3.0.21c/source/rpc_client/cli_pipe.c 2006-02-23 10:29:34.000000000 -0600 @@ -2393,13 +2393,14 @@ /**************************************************************************** Open a netlogon pipe and get the schannel session key. + Now exposed to external callers. ****************************************************************************/ -static struct rpc_pipe_client *get_schannel_session_key(struct cli_state *cli, +struct rpc_pipe_client *get_schannel_session_key(struct cli_state *cli, const char *domain, + uint32 *pneg_flags, NTSTATUS *perr) { - uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL; struct rpc_pipe_client *netlogon_pipe = NULL; uint32 sec_chan_type = 0; unsigned char machine_pwd[16]; @@ -2438,7 +2439,7 @@ machine_account, /* machine account name */ machine_pwd, sec_chan_type, - &neg_flags); + pneg_flags); if (!NT_STATUS_IS_OK(*perr)) { DEBUG(3,("get_schannel_session_key: rpccli_netlogon_setup_creds " @@ -2448,7 +2449,7 @@ return NULL; } - if ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0) { + if (((*pneg_flags) & NETLOGON_NEG_SCHANNEL) == 0) { DEBUG(3, ("get_schannel_session_key: Server %s did not offer schannel\n", cli->desthost)); cli_rpc_pipe_close(netlogon_pipe); @@ -2520,9 +2521,9 @@ const char *domain, const char *username, const char *password, + uint32 *pneg_flags, NTSTATUS *perr) { - uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL; struct rpc_pipe_client *netlogon_pipe = NULL; uint32 sec_chan_type = 0; unsigned char machine_pwd[16]; @@ -2564,7 +2565,7 @@ machine_account, /* machine account name */ machine_pwd, sec_chan_type, - &neg_flags); + pneg_flags); if (!NT_STATUS_IS_OK(*perr)) { DEBUG(3,("get_schannel_session_key_auth_ntlmssp: rpccli_netlogon_setup_creds " @@ -2574,7 +2575,7 @@ return NULL; } - if ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0) { + if (((*pneg_flags) & NETLOGON_NEG_SCHANNEL) == 0) { DEBUG(3, ("get_schannel_session_key_auth_ntlmssp: Server %s did not offer schannel\n", cli->desthost)); cli_rpc_pipe_close(netlogon_pipe); @@ -2599,10 +2600,12 @@ const char *password, NTSTATUS *perr) { + uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL; struct rpc_pipe_client *netlogon_pipe = NULL; struct rpc_pipe_client *result = NULL; - netlogon_pipe = get_schannel_session_key_auth_ntlmssp(cli, domain, username, password, perr); + netlogon_pipe = get_schannel_session_key_auth_ntlmssp(cli, domain, username, + password, &neg_flags, perr); if (!netlogon_pipe) { DEBUG(0,("cli_rpc_pipe_open_ntlmssp_auth_schannel: failed to get schannel session " "key from server %s for domain %s.\n", @@ -2631,10 +2634,11 @@ const char *domain, NTSTATUS *perr) { + uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL; struct rpc_pipe_client *netlogon_pipe = NULL; struct rpc_pipe_client *result = NULL; - netlogon_pipe = get_schannel_session_key(cli, domain, perr); + netlogon_pipe = get_schannel_session_key(cli, domain, &neg_flags, perr); if (!netlogon_pipe) { DEBUG(0,("cli_rpc_pipe_open_schannel: failed to get schannel session " "key from server %s for domain %s.\n", diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/rpc_server/srv_samr_nt.c samba-3.0.21c/source/rpc_server/srv_samr_nt.c --- samba-3.0.21b/source/rpc_server/srv_samr_nt.c 2006-01-27 08:09:40.000000000 -0600 +++ samba-3.0.21c/source/rpc_server/srv_samr_nt.c 2006-02-20 14:33:22.000000000 -0600 @@ -252,6 +252,17 @@ TALLOC_CTX *mem_ctx; DISP_INFO *dpi; + /* There are two cases to consider here: + 1) The SID is a domain SID and we look for an equality match, or + 2) This is an account SID and so we return the DISP_INFO* for our + domain */ + + if ( psid && sid_check_is_in_our_domain( psid ) ) { + DEBUG(10,("get_samr_dispinfo_by_sid: Replacing %s with our domain SID\n", + sid_str)); + psid = get_global_sam_sid(); + } + for (dpi = disp_info_list; dpi; dpi = dpi->next) { if (sid_equal(psid, &dpi->sid)) { return dpi; diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/rpc_server/srv_spoolss_nt.c samba-3.0.21c/source/rpc_server/srv_spoolss_nt.c --- samba-3.0.21b/source/rpc_server/srv_spoolss_nt.c 2006-01-24 17:46:36.000000000 -0600 +++ samba-3.0.21c/source/rpc_server/srv_spoolss_nt.c 2006-02-20 14:33:22.000000000 -0600 @@ -1967,9 +1967,20 @@ struct current_user user; WERROR status; WERROR status_win2k = WERR_ACCESS_DENIED; + SE_PRIV se_printop = SE_PRINT_OPERATOR; get_current_user(&user, p); + /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, + and not a printer admin, then fail */ + + if ( (user.uid != 0) + && !user_has_privileges(user.nt_user_token, &se_printop ) + && !user_in_list(uidtoname(user.uid), lp_printer_admin(-1), user.groups, user.ngroups) ) + { + return WERR_ACCESS_DENIED; + } + unistr2_to_ascii(driver, &q_u->driver, sizeof(driver)-1 ); unistr2_to_ascii(arch, &q_u->arch, sizeof(arch)-1 ); @@ -2053,9 +2064,20 @@ struct current_user user; WERROR status; WERROR status_win2k = WERR_ACCESS_DENIED; + SE_PRIV se_printop = SE_PRINT_OPERATOR; get_current_user(&user, p); + /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, + and not a printer admin, then fail */ + + if ( (user.uid != 0) + && !user_has_privileges(user.nt_user_token, &se_printop ) + && !user_in_list(uidtoname(user.uid), lp_printer_admin(-1), user.groups, user.ngroups) ) + { + return WERR_ACCESS_DENIED; + } + unistr2_to_ascii(driver, &q_u->driver, sizeof(driver)-1 ); unistr2_to_ascii(arch, &q_u->arch, sizeof(arch)-1 ); diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/rpc_server/srv_svcctl_nt.c samba-3.0.21c/source/rpc_server/srv_svcctl_nt.c --- samba-3.0.21b/source/rpc_server/srv_svcctl_nt.c 2006-01-24 17:46:36.000000000 -0600 +++ samba-3.0.21c/source/rpc_server/srv_svcctl_nt.c 2006-02-20 14:33:22.000000000 -0600 @@ -72,7 +72,7 @@ /* services listed in smb.conf get the rc.init interface */ - for ( i=0; service_list[i]; i++ ) { + for ( i=0; service_list && service_list[i]; i++ ) { svcctl_ops[i].name = talloc_strdup( svcctl_ops, service_list[i] ); svcctl_ops[i].ops = &rcinit_svc_ops; } diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/services/services_db.c samba-3.0.21c/source/services/services_db.c --- samba-3.0.21b/source/services/services_db.c 2006-01-24 17:46:31.000000000 -0600 +++ samba-3.0.21c/source/services/services_db.c 2006-02-20 14:33:20.000000000 -0600 @@ -436,7 +436,7 @@ for ( i=0; builtin_svcs[i].servicename; i++ ) add_new_svc_name( key, subkeys, builtin_svcs[i].servicename ); - for ( i=0; service_list[i]; i++ ) { + for ( i=0; service_list && service_list[i]; i++ ) { /* only add new services */ if ( regsubkey_ctr_key_exists( subkeys, service_list[i] ) ) diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/smbadduser.in samba-3.0.21c/source/smbadduser.in --- samba-3.0.21b/source/smbadduser.in 2005-02-25 11:59:41.000000000 -0600 +++ samba-3.0.21c/source/smbadduser.in 2006-02-20 14:33:23.000000000 -0600 @@ -10,15 +10,15 @@ CONFIGDIR=@configdir@ unalias * -set path = ($path /usr/local/samba/bin) +set path = ($path /usr/bin) set smbpasswd = $PRIVATEDIR/smbpasswd -set user_map = $CONFIGDIR/users.map +set user_map = $CONFIGDIR/smbusers # # Set to site specific passwd command # -set passwd = "cat /etc/passwd" +set passwd = "getent passwd" #set passwd = "niscat passwd.org_dir" #set passwd = "ypcat passwd" diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/smbd/negprot.c samba-3.0.21c/source/smbd/negprot.c --- samba-3.0.21b/source/smbd/negprot.c 2005-11-09 12:28:54.000000000 -0600 +++ samba-3.0.21c/source/smbd/negprot.c 2006-02-23 10:29:34.000000000 -0600 @@ -178,6 +178,7 @@ OID_KERBEROS5_OLD, OID_NTLMSSP, NULL}; + const char *OIDs_plain[] = {OID_NTLMSSP, NULL}; int len; global_spnego_negotiated = True; @@ -212,9 +213,13 @@ */ if (lp_security() != SEC_ADS && !lp_use_kerberos_keytab()) { - memcpy(p, guid, 16); - *pkeylen = 0; - return 16; +#if 0 + /* Code for PocketPC client */ + blob = data_blob(guid, 16); +#else + /* Code for standalone WXP client */ + blob = spnego_gen_negTokenInit(guid, OIDs_plain, "NONE"); +#endif } else { fstring myname; char *host_princ_s = NULL; @@ -224,14 +229,20 @@ blob = spnego_gen_negTokenInit(guid, OIDs_krb5, host_princ_s); SAFE_FREE(host_princ_s); } + memcpy(p, blob.data, blob.length); len = blob.length; if (len > 256) { DEBUG(0,("negprot_spnego: blob length too long (%d)\n", len)); len = 255; } - *pkeylen = len; data_blob_free(&blob); + + if (lp_security() != SEC_ADS && !lp_use_kerberos_keytab()) { + *pkeylen = 0; + } else { + *pkeylen = len; + } return len; } diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/smbd/open.c samba-3.0.21c/source/smbd/open.c --- samba-3.0.21b/source/smbd/open.c 2006-01-24 17:46:32.000000000 -0600 +++ samba-3.0.21c/source/smbd/open.c 2006-02-20 14:33:20.000000000 -0600 @@ -73,23 +73,6 @@ return fd_close_posix(conn, fsp); } - -/**************************************************************************** - Check a filename for the pipe string. -****************************************************************************/ - -static void check_for_pipe(const char *fname) -{ - /* special case of pipe opens */ - char s[10]; - StrnCpy(s,fname,sizeof(s)-1); - strlower_m(s); - if (strstr(s,"pipe/")) { - DEBUG(3,("Rejecting named pipe open for %s\n",fname)); - set_saved_error_triple(ERRSRV, ERRaccess, NT_STATUS_ACCESS_DENIED); - } -} - /**************************************************************************** Change the ownership of a file to that of the parent directory. Do this by fd if possible. @@ -226,7 +209,6 @@ /* It's a read-only share - fail if we wanted to write. */ if(accmode != O_RDONLY) { DEBUG(3,("Permission denied opening %s\n",fname)); - check_for_pipe(fname); return False; } else if(flags & O_CREAT) { /* We don't want to write - but we must make sure that @@ -292,7 +274,6 @@ DEBUG(3,("Error opening file %s (%s) (local_flags=%d) " "(flags=%d)\n", fname,strerror(errno),local_flags,flags)); - check_for_pipe(fname); return False; } @@ -1832,12 +1813,6 @@ return NULL; } - if (dir_existed && !S_ISDIR(psbuf->st_mode)) { - DEBUG(0,("open_directory: %s is not a directory !\n", fname )); - set_saved_ntstatus(NT_STATUS_NOT_A_DIRECTORY); - return NULL; - } - switch( create_disposition ) { case FILE_OPEN: /* If directory exists open. If directory doesn't diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/smbd/oplock.c samba-3.0.21c/source/smbd/oplock.c --- samba-3.0.21b/source/smbd/oplock.c 2006-01-30 12:38:49.000000000 -0600 +++ samba-3.0.21c/source/smbd/oplock.c 2006-02-20 14:33:20.000000000 -0600 @@ -56,23 +56,14 @@ } /**************************************************************************** - Read an oplock break message from either the oplock UDP fd or the - kernel (if kernel oplocks are supported). - - If timeout is zero then *fds contains the file descriptors that - are ready to be read and acted upon. If timeout is non-zero then - *fds contains the file descriptors to be selected on for read. - The timeout is in milliseconds - + Find out if there are any kernel oplock messages waiting and process them + if so. pfds is the fd_set from the main select loop (which contains any + kernel oplock fd if that's what the system uses (IRIX). If may be NULL if + we're calling this in a shutting down state. ****************************************************************************/ -void process_kernel_oplocks(void) +void process_kernel_oplocks(fd_set *pfds) { - fd_set fds; - - FD_ZERO(&fds); - smb_read_error = 0; - /* * We need to check for kernel oplocks before going into the select * here, as the EINTR generated by the linux kernel oplock may have @@ -83,11 +74,11 @@ return; } - while (koplocks->msg_waiting(&fds)) { + while (koplocks->msg_waiting(pfds)) { files_struct *fsp; char msg[MSG_SMB_KERNEL_BREAK_SIZE]; - fsp = koplocks->receive_message(&fds); + fsp = koplocks->receive_message(pfds); if (fsp == NULL) { DEBUG(3, ("Kernel oplock message announced, but none " diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/smbd/oplock_irix.c samba-3.0.21c/source/smbd/oplock_irix.c --- samba-3.0.21b/source/smbd/oplock_irix.c 2005-10-17 21:44:57.000000000 -0500 +++ samba-3.0.21c/source/smbd/oplock_irix.c 2006-02-20 14:33:20.000000000 -0600 @@ -93,6 +93,9 @@ char dummy; files_struct *fsp; + /* Ensure we only get one call per select fd set. */ + FD_CLR(oplock_pipe_read, fds); + /* * Read one byte of zero to clear the * kernel break notify message. @@ -204,14 +207,32 @@ /**************************************************************************** Set *maxfd to include oplock read pipe. + Note that fds MAY BE NULL ! If so we must do our own select. ****************************************************************************/ static BOOL irix_oplock_msg_waiting(fd_set *fds) { + int maxfd, selrtn; + fd_set myfds; + struct timeval to; + if (oplock_pipe_read == -1) return False; - return FD_ISSET(oplock_pipe_read,fds); + if (fds) { + return FD_ISSET(oplock_pipe_read, fds); + } + + /* Do a zero-time select. We just need to find out if there + * are any outstanding messages. We use sys_select_intr as + * we need to ignore any signals. */ + + FD_ZERO(&myfds); + FD_SET(oplock_pipe_read, &myfds); + + to = timeval_set(0, 0); + selrtn = sys_select_intr(oplock_pipe_read+1,&myfds,NULL,NULL,&to); + return (selrtn == 1) ? True : False; } /**************************************************************************** diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/smbd/posix_acls.c samba-3.0.21c/source/smbd/posix_acls.c --- samba-3.0.21b/source/smbd/posix_acls.c 2006-01-27 08:09:40.000000000 -0600 +++ samba-3.0.21c/source/smbd/posix_acls.c 2006-02-20 14:33:20.000000000 -0600 @@ -4218,7 +4218,6 @@ SEC_DESC* get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname) { SEC_DESC *psd, *ret_sd; - size_t sd_size; connection_struct conn; files_struct finfo; struct fd_handle fh; @@ -4229,7 +4228,7 @@ conn.service = -1; if ( !(conn.mem_ctx = talloc_init( "novfs_get_nt_acl" )) ) { - DEBUG(0,("novfs_get_nt_acl: talloc() failed!\n")); + DEBUG(0,("get_nt_acl_no_snum: talloc() failed!\n")); return NULL; } @@ -4237,7 +4236,8 @@ string_set(&conn.connectpath, path); if (!smbd_vfs_init(&conn)) { - DEBUG(0,("novfs_get_nt_acl: Unable to create a fake connection struct!\n")); + DEBUG(0,("get_nt_acl_no_snum: Unable to create a fake connection struct!\n")); + conn_free_internal( &conn ); return NULL; } @@ -4251,7 +4251,11 @@ pstrcpy( filename, fname ); finfo.fsp_name = filename; - sd_size = get_nt_acl( &finfo, DACL_SECURITY_INFORMATION, &psd ); + if (get_nt_acl( &finfo, DACL_SECURITY_INFORMATION, &psd ) == 0) { + DEBUG(0,("get_nt_acl_no_snum: get_nt_acl returned zero.\n")); + conn_free_internal( &conn ); + return NULL; + } ret_sd = dup_sec_desc( ctx, psd ); diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/smbd/process.c samba-3.0.21c/source/smbd/process.c --- samba-3.0.21b/source/smbd/process.c 2005-10-17 21:44:55.000000000 -0500 +++ samba-3.0.21c/source/smbd/process.c 2006-02-20 14:33:20.000000000 -0600 @@ -398,13 +398,13 @@ notify events etc. ****************************************************************************/ -static void async_processing(void) +static void async_processing(fd_set *pfds) { DEBUG(10,("async_processing: Doing async processing.\n")); process_aio_queue(); - process_kernel_oplocks(); + process_kernel_oplocks(pfds); /* Do the aio check again after receive_local_message as it does a select and may have eaten our signal. */ @@ -527,7 +527,7 @@ if (oplock_message_waiting(&fds)) { DEBUG(10,("receive_message_or_smb: oplock_message is waiting.\n")); - async_processing(); + async_processing(&fds); /* * After async processing we must go and do the select again, as * the state of the flag in fds for the server file descriptor is @@ -554,7 +554,7 @@ is the best we can do until the oplock code knows more about signals */ if (selrtn == -1 && errno == EINTR) { - async_processing(); + async_processing(&fds); /* * After async processing we must go and do the select again, as * the state of the flag in fds for the server file descriptor is @@ -583,7 +583,7 @@ */ if (oplock_message_waiting(&fds)) { - async_processing(); + async_processing(&fds); /* * After async processing we must go and do the select again, as * the state of the flag in fds for the server file descriptor is @@ -632,7 +632,7 @@ return; } - process_kernel_oplocks(); + process_kernel_oplocks(NULL); return; } diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/smbd/sesssetup.c samba-3.0.21c/source/smbd/sesssetup.c --- samba-3.0.21b/source/smbd/sesssetup.c 2005-12-02 13:21:44.000000000 -0600 +++ samba-3.0.21c/source/smbd/sesssetup.c 2006-02-23 10:29:34.000000000 -0600 @@ -70,6 +70,23 @@ } /**************************************************************************** + Start the signing engine if needed. Don't fail signing here. +****************************************************************************/ + +static void sessionsetup_start_signing_engine(const auth_serversupplied_info *server_info, char *inbuf) +{ + if (!server_info->guest && !srv_signing_started()) { + /* We need to start the signing engine + * here but a W2K client sends the old + * "BSRSPYL " signature instead of the + * correct one. Subsequent packets will + * be correct. + */ + srv_check_sign_mac(inbuf, False); + } +} + +/**************************************************************************** Send a security blob via a session setup reply. ****************************************************************************/ @@ -357,15 +374,7 @@ SSVAL(outbuf, smb_uid, sess_vuid); - if (!server_info->guest && !srv_signing_started()) { - /* We need to start the signing engine - * here but a W2K client sends the old - * "BSRSPYL " signature instead of the - * correct one. Subsequent packets will - * be correct. - */ - srv_check_sign_mac(inbuf, False); - } + sessionsetup_start_signing_engine(server_info, inbuf); } /* wrap that up in a nice GSS-API wrapping */ @@ -438,16 +447,7 @@ SSVAL(outbuf,smb_uid,sess_vuid); - if (!server_info->guest && !srv_signing_started()) { - /* We need to start the signing engine - * here but a W2K client sends the old - * "BSRSPYL " signature instead of the - * correct one. Subsequent packets will - * be correct. - */ - - srv_check_sign_mac(inbuf, False); - } + sessionsetup_start_signing_engine(server_info, inbuf); } } @@ -1099,9 +1099,7 @@ /* current_user_info is changed on new vuid */ reload_services( True ); - if (!server_info->guest && !srv_signing_started() && !srv_check_sign_mac(inbuf, True)) { - exit_server("reply_sesssetup_and_X: bad smb signature"); - } + sessionsetup_start_signing_engine(server_info, inbuf); SSVAL(outbuf,smb_uid,sess_vuid); SSVAL(inbuf,smb_uid,sess_vuid); diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/smbd/trans2.c samba-3.0.21c/source/smbd/trans2.c --- samba-3.0.21b/source/smbd/trans2.c 2006-01-24 17:46:32.000000000 -0600 +++ samba-3.0.21c/source/smbd/trans2.c 2006-02-20 14:33:20.000000000 -0600 @@ -1927,6 +1927,8 @@ case SMB_FIND_FILE_FULL_DIRECTORY_INFO: case SMB_FIND_FILE_NAMES_INFO: case SMB_FIND_FILE_BOTH_DIRECTORY_INFO: + case SMB_FIND_ID_FULL_DIRECTORY_INFO: + case SMB_FIND_ID_BOTH_DIRECTORY_INFO: break; case SMB_FIND_FILE_UNIX: if (!lp_unix_extensions()) diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/utils/net_rpc_join.c samba-3.0.21c/source/utils/net_rpc_join.c --- samba-3.0.21b/source/utils/net_rpc_join.c 2006-01-24 17:46:40.000000000 -0600 +++ samba-3.0.21c/source/utils/net_rpc_join.c 2006-02-23 10:29:34.000000000 -0600 @@ -43,31 +43,57 @@ **/ static int net_rpc_join_ok(const char *domain) { + uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL; struct cli_state *cli = NULL; struct rpc_pipe_client *pipe_hnd = NULL; - int retval = 1; - NTSTATUS ret; + struct rpc_pipe_client *netlogon_pipe = NULL; + NTSTATUS ntret = NT_STATUS_UNSUCCESSFUL; /* Connect to remote machine */ if (!(cli = net_make_ipc_connection(NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC))) { - return 1; + return -1; } - pipe_hnd = cli_rpc_pipe_open_schannel(cli, PI_NETLOGON, - PIPE_AUTH_LEVEL_PRIVACY, - domain, &ret); + /* Setup the creds as though we're going to do schannel... */ + netlogon_pipe = get_schannel_session_key(cli, domain, &neg_flags, &ntret); - if (!pipe_hnd) { - DEBUG(0,("Error connecting to NETLOGON pipe. Error was %s\n", nt_errstr(ret) )); - goto done; + /* We return NT_STATUS_INVALID_NETWORK_RESPONSE if the server is refusing + to negotiate schannel, but the creds were set up ok. That'll have to do. */ + + if (!netlogon_pipe) { + if (NT_STATUS_EQUAL(ntret, NT_STATUS_INVALID_NETWORK_RESPONSE)) { + cli_shutdown(cli); + return 0; + } else { + DEBUG(0,("net_rpc_join_ok: failed to get schannel session " + "key from server %s for domain %s. Error was %s\n", + cli->desthost, domain, nt_errstr(ntret) )); + cli_shutdown(cli); + return -1; + } } - retval = 0; /* Success! */ - -done: + /* Only do the rest of the schannel test if the client is allowed to do this. */ + if (!lp_client_schannel()) { + cli_shutdown(cli); + /* We're good... */ + return 0; + } + + pipe_hnd = cli_rpc_pipe_open_schannel_with_key(cli, PI_NETLOGON, + PIPE_AUTH_LEVEL_PRIVACY, + domain, netlogon_pipe->dc, &ntret); + + if (!pipe_hnd) { + DEBUG(0,("net_rpc_join_ok: failed to open schannel session " + "on netlogon pipe to server %s for domain %s. Error was %s\n", + cli->desthost, domain, nt_errstr(ntret) )); + cli_shutdown(cli); + return -1; + } cli_shutdown(cli); - return retval; + return 0; } /** @@ -88,10 +114,9 @@ struct cli_state *cli; TALLOC_CTX *mem_ctx; uint32 acb_info = ACB_WSTRUST; - uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL; + uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0); uint32 sec_channel_type; struct rpc_pipe_client *pipe_hnd = NULL; - struct rpc_pipe_client *netlogon_schannel_pipe = NULL; /* rpc variables */ @@ -325,29 +350,37 @@ goto done; } - netlogon_schannel_pipe = cli_rpc_pipe_open_schannel_with_key(cli, + /* We can only check the schannel connection if the client is allowed + to do this and the server supports it. If not, just assume success + (after all the rpccli_netlogon_setup_creds() succeeded, and we'll + do the same again (setup creds) in net_rpc_join_ok(). JRA. */ + + if (lp_client_schannel() && (neg_flags & NETLOGON_NEG_SCHANNEL)) { + struct rpc_pipe_client *netlogon_schannel_pipe = + cli_rpc_pipe_open_schannel_with_key(cli, PI_NETLOGON, PIPE_AUTH_LEVEL_PRIVACY, domain, pipe_hnd->dc, &result); - if (!NT_STATUS_IS_OK(result)) { - DEBUG(0, ("Error in domain join verification (schannel setup failed): %s\n\n", - nt_errstr(result))); + if (!NT_STATUS_IS_OK(result)) { + DEBUG(0, ("Error in domain join verification (schannel setup failed): %s\n\n", + nt_errstr(result))); + + if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) && + (sec_channel_type == SEC_CHAN_BDC) ) { + d_fprintf(stderr, "Please make sure that no computer account\n" + "named like this machine (%s) exists in the domain\n", + global_myname()); + } - if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) && - (sec_channel_type == SEC_CHAN_BDC) ) { - d_fprintf(stderr, "Please make sure that no computer account\n" - "named like this machine (%s) exists in the domain\n", - global_myname()); + goto done; } - - goto done; + cli_rpc_pipe_close(netlogon_schannel_pipe); } cli_rpc_pipe_close(pipe_hnd); - cli_rpc_pipe_close(netlogon_schannel_pipe); /* Now store the secret in the secrets database */ diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/utils/nmblookup.c samba-3.0.21c/source/utils/nmblookup.c --- samba-3.0.21b/source/utils/nmblookup.c 2006-01-24 17:46:40.000000000 -0600 +++ samba-3.0.21c/source/utils/nmblookup.c 2006-02-20 14:33:23.000000000 -0600 @@ -169,13 +169,12 @@ } } d_printf("%s %s<%02x>\n",inet_ntoa(ip_list[j]),lookup, lookup_type); - } - - /* We can only do find_status if the ip address returned - was valid - ie. name_query returned true. - */ - if (find_status) { - do_node_status(ServerFD, lookup, lookup_type, ip_list[0]); + /* We can only do find_status if the ip address returned + was valid - ie. name_query returned true. + */ + if (find_status) { + do_node_status(ServerFD, lookup, lookup_type, ip_list[j]); + } } safe_free(ip_list); diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/utils/passwd_util.c samba-3.0.21c/source/utils/passwd_util.c --- samba-3.0.21b/source/utils/passwd_util.c 1969-12-31 18:00:00.000000000 -0600 +++ samba-3.0.21c/source/utils/passwd_util.c 2006-02-20 14:33:23.000000000 -0600 @@ -0,0 +1,69 @@ +/* + Unix SMB/CIFS implementation. + passdb editing frontend + + Copyright (C) Jeremy Allison 1998 + Copyright (C) Andrew Tridgell 1998 + Copyright (C) Tim Potter 2000 + Copyright (C) Simo Sorce 2000 + Copyright (C) Martin Pool 2001 + Copyright (C) Gerald Carter 2002 + Copyright (C) Andrew Bartlett 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +/************************************************************* + Utility function to prompt for passwords from stdin. Each + password entered must end with a newline. +*************************************************************/ +char *stdin_new_passwd( void) +{ + static fstring new_pw; + size_t len; + + ZERO_ARRAY(new_pw); + + /* + * if no error is reported from fgets() and string at least contains + * the newline that ends the password, then replace the newline with + * a null terminator. + */ + if ( fgets(new_pw, sizeof(new_pw), stdin) != NULL) { + if ((len = strlen(new_pw)) > 0) { + if(new_pw[len-1] == '\n') + new_pw[len - 1] = 0; + } + } + return(new_pw); +} + +/************************************************************* + Utility function to get passwords via tty or stdin + Used if the '-s' (smbpasswd) or '-t' (pdbedit) option is set + to silently get passwords to enable scripting. +*************************************************************/ +char *get_pass( const char *prompt, BOOL stdin_get) +{ + char *p; + if (stdin_get) { + p = stdin_new_passwd(); + } else { + p = getpass( prompt); + } + return smb_xstrdup( p); +} diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/utils/pdbedit.c samba-3.0.21c/source/utils/pdbedit.c --- samba-3.0.21b/source/utils/pdbedit.c 2006-01-24 17:46:40.000000000 -0600 +++ samba-3.0.21c/source/utils/pdbedit.c 2006-02-23 10:29:34.000000000 -0600 @@ -490,12 +490,14 @@ static int new_user (struct pdb_context *in, const char *username, const char *fullname, const char *homedir, const char *drive, const char *script, - const char *profile, char *user_sid, char *group_sid) + const char *profile, char *user_sid, char *group_sid, + BOOL stdin_get) { SAM_ACCOUNT *sam_pwent=NULL; - char *password1, *password2, *staticpass; - + char *password1, *password2; + int rc_pwd_cmp; + get_global_sam_sid(); if (!NT_STATUS_IS_OK(pdb_init_sam_new(&sam_pwent, username, 0))) { @@ -503,28 +505,24 @@ return -1; } - staticpass = getpass("new password:"); - password1 = SMB_STRDUP(staticpass); - memset(staticpass, 0, strlen(staticpass)); - staticpass = getpass("retype new password:"); - password2 = SMB_STRDUP(staticpass); - memset(staticpass, 0, strlen(staticpass)); - if (strcmp (password1, password2)) { - fprintf (stderr, "Passwords does not match!\n"); - memset(password1, 0, strlen(password1)); - SAFE_FREE(password1); - memset(password2, 0, strlen(password2)); - SAFE_FREE(password2); + password1 = get_pass( "new password:", stdin_get); + password2 = get_pass( "retype new password:", stdin_get); + if ((rc_pwd_cmp = strcmp (password1, password2))) { + fprintf (stderr, "Passwords do not match!\n"); pdb_free_sam (&sam_pwent); - return -1; + } else { + pdb_set_plaintext_passwd(sam_pwent, password1); } - pdb_set_plaintext_passwd(sam_pwent, password1); memset(password1, 0, strlen(password1)); SAFE_FREE(password1); memset(password2, 0, strlen(password2)); SAFE_FREE(password2); + /* pwds do _not_ match? */ + if (rc_pwd_cmp) + return -1; + if (fullname) pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED); if (homedir) @@ -732,6 +730,7 @@ static char *pwd_can_change_time = NULL; static char *pwd_must_change_time = NULL; static char *pwd_time_format = NULL; + static BOOL pw_from_stdin = False; struct pdb_context *bin; struct pdb_context *bout; @@ -769,8 +768,9 @@ {"bad-password-count-reset", 'z', POPT_ARG_NONE, &badpw_reset, 0, "reset bad password count", NULL}, {"logon-hours-reset", 'Z', POPT_ARG_NONE, &hours_reset, 0, "reset logon hours", NULL}, {"pwd-can-change-time", 0, POPT_ARG_STRING, &pwd_can_change_time, 0, "Set password can change time (unix time in seconds since 1970 if time format not provided)", NULL }, - {"pwd-must-change-time", 0, POPT_ARG_STRING, &pwd_must_change_time, 0, "Set password can change time (unix time in seconds since 1970 if time format not provided)", NULL }, + {"pwd-must-change-time", 0, POPT_ARG_STRING, &pwd_must_change_time, 0, "Set password must change time (unix time in seconds since 1970 if time format not provided)", NULL }, {"time-format", 0, POPT_ARG_STRING, &pwd_time_format, 0, "The time format for time parameters", NULL }, + {"password-from-stdin", 't', POPT_ARG_NONE, &pw_from_stdin, 0, "get password from standard in", NULL}, POPT_COMMON_SAMBA POPT_TABLEEND }; @@ -979,7 +979,8 @@ } else { return new_user (bdef, user_name, full_name, home_dir, home_drive, logon_script, - profile_path, user_sid, group_sid); + profile_path, user_sid, group_sid, + pw_from_stdin); } } diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/utils/profiles.c samba-3.0.21c/source/utils/profiles.c --- samba-3.0.21b/source/utils/profiles.c 2005-11-09 12:29:02.000000000 -0600 +++ samba-3.0.21c/source/utils/profiles.c 2006-02-20 14:33:23.000000000 -0600 @@ -145,6 +145,8 @@ }; poptContext pc; + load_case_tables(); + /* setup logging options */ setup_logging( "profiles", True ); diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/utils/smbpasswd.c samba-3.0.21c/source/utils/smbpasswd.c --- samba-3.0.21b/source/utils/smbpasswd.c 2006-01-24 17:46:40.000000000 -0600 +++ samba-3.0.21c/source/utils/smbpasswd.c 2006-02-20 14:33:23.000000000 -0600 @@ -197,48 +197,6 @@ } /************************************************************* - Utility function to prompt for passwords from stdin. Each - password entered must end with a newline. -*************************************************************/ -static char *stdin_new_passwd(void) -{ - static fstring new_pw; - size_t len; - - ZERO_ARRAY(new_pw); - - /* - * if no error is reported from fgets() and string at least contains - * the newline that ends the password, then replace the newline with - * a null terminator. - */ - if ( fgets(new_pw, sizeof(new_pw), stdin) != NULL) { - if ((len = strlen(new_pw)) > 0) { - if(new_pw[len-1] == '\n') - new_pw[len - 1] = 0; - } - } - return(new_pw); -} - - -/************************************************************* - Utility function to get passwords via tty or stdin - Used if the '-s' option is set to silently get passwords - to enable scripting. -*************************************************************/ -static char *get_pass( const char *prompt, BOOL stdin_get) -{ - char *p; - if (stdin_get) { - p = stdin_new_passwd(); - } else { - p = getpass(prompt); - } - return smb_xstrdup(p); -} - -/************************************************************* Utility function to prompt for new password. *************************************************************/ static char *prompt_for_new_password(BOOL stdin_get) diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/utils/status.c samba-3.0.21c/source/utils/status.c --- samba-3.0.21b/source/utils/status.c 2006-01-24 17:46:40.000000000 -0600 +++ samba-3.0.21c/source/utils/status.c 2006-02-20 14:33:23.000000000 -0600 @@ -101,6 +101,11 @@ static void print_share_mode(const struct share_mode_entry *e, const char *sharepath, const char *fname) { static int count; + + if (!is_valid_share_mode_entry(e)) { + return; + } + if (count==0) { d_printf("Locked files:\n"); d_printf("Pid DenyMode Access R/W Oplock SharePath Name\n"); diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/VERSION samba-3.0.21c/source/VERSION --- samba-3.0.21b/source/VERSION 2006-01-24 17:46:41.000000000 -0600 +++ samba-3.0.21c/source/VERSION 2006-02-20 14:33:23.000000000 -0600 @@ -37,7 +37,7 @@ # e.g. SAMBA_VERSION_REVISION=a # # -> "2.2.8a" # ######################################################## -SAMBA_VERSION_REVISION=b +SAMBA_VERSION_REVISION=c ######################################################## # For 'pre' releases the version will be # diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/web/statuspage.c samba-3.0.21c/source/web/statuspage.c --- samba-3.0.21b/source/web/statuspage.c 2005-12-20 09:28:39.000000000 -0600 +++ samba-3.0.21c/source/web/statuspage.c 2006-02-20 14:33:22.000000000 -0600 @@ -109,7 +109,13 @@ static void print_share_mode(const struct share_mode_entry *e, const char *sharepath, const char *fname) { char *utf8_fname; - int deny_mode = map_share_mode_to_deny_mode(e->share_access, + int deny_mode; + + if (!is_valid_share_mode_entry(e)) { + return; + } + + deny_mode = map_share_mode_to_deny_mode(e->share_access, e->private_options); printf("%s",_(mapPid2Machine(e->pid))); diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/source/web/swat.c samba-3.0.21c/source/web/swat.c --- samba-3.0.21b/source/web/swat.c 2006-01-27 08:09:41.000000000 -0600 +++ samba-3.0.21c/source/web/swat.c 2006-02-20 14:33:22.000000000 -0600 @@ -580,7 +580,11 @@ ****************************************************************************/ static void welcome_page(void) { - include_html("help/welcome.html"); + if (file_exist("help/welcome.html", NULL)) { + include_html("help/welcome.html"); + } else { + include_html("help/welcome-no-samba-doc.html"); + } } /**************************************************************************** diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/swat/help/welcome-no-samba-doc.html samba-3.0.21c/swat/help/welcome-no-samba-doc.html --- samba-3.0.21b/swat/help/welcome-no-samba-doc.html 1969-12-31 18:00:00.000000000 -0600 +++ samba-3.0.21c/swat/help/welcome-no-samba-doc.html 2006-02-20 15:27:34.000000000 -0600 @@ -0,0 +1,3 @@ +

Welcome to SWAT!

+ +More documentation is available at this point if you install the samba-doc package. diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.21b/WHATSNEW.txt samba-3.0.21c/WHATSNEW.txt --- samba-3.0.21b/WHATSNEW.txt 2006-01-30 08:45:08.000000000 -0600 +++ samba-3.0.21c/WHATSNEW.txt 2006-02-24 00:39:24.000000000 -0600 @@ -1,6 +1,6 @@ =============================== - Release Notes for Samba 3.0.21b - Jan 30, 2006 + Release Notes for Samba 3.0.21c + Feb 24, 2006 =============================== This is the latest stable release of Samba. This is the version @@ -8,6 +8,129 @@ bug-fixes. Please read the following important changes in this release. +Common bugs fixed in 3.0.21c include: + + o Access checks when deleting printer driver meta-data. + o Several non-default combinations schannel and SPNEGO support. + o Password changes with NT4 and Win2k pre-SP4 clients. + o High load issues on IRIX caused by a bug when interfacing + with kernel oplocks. + + +###################################################################### +Changes +####### + +Changes since 3.0.21b +--------------------- + +commits +------- +o Michael Adam + * Add popt to the include path for examples/VFS. + + +o Jeremy Allison + * Fix bug in the USC2 macros on big-endian CPUs. + * Filter deleted oplocks from the output of smbstatus. + * Remove invalid test check_for_pipe(). + * BUG 3515: Fix kernel oplock support on IRIX. + * BUG 3522: Fix return value for mkdir request when the directory + already exists. + * BUG 3526: Add missing FindNext info levels (diagnosed by Corinna + Vinschen). + * BUG 3330: Fix username parsing in Kerberos PAC (based on work + by Guenther). + * BUG 3512: Fix cause of "use spnego=no" and "server signing=auto" + resulting in a client disconnect after negprot. + * BUG 3510: Fix 'net join' against a server with client schannel + disabled. + * Fix negprot bug causing a 2k client with cached domain + credentials to refuse to connect to a standalone Samba host. + * Ensure that the correct error is checked when encountering a + socket error (fixes crashes in winbindd). + + +o Andrew Bartlett + * Fix domain joins from NT4 clients and password changes. + + +o Richard Bollinger . + * Compile fix in pdbedit. + + +o Gerald (Jerry) Carter + * Break RHEL/Fedora packaging out to include a samba-docs rpm. + * Remove use of /var/cache/samba from RHEL/Fedora packaging. + * Fix bug in loadparm.c that caused builtin services to be also + listed as external services (e.g. Spooler, NETLOGON, etc..). + * Fix bug in the samr dispinfo enumeration code. + * Add earlier checks to deny deleting a printer driver meta-data. + + +o Guenther Deschner + * Add Account Policy LDAP attributes for eDirectory schema. + + +o William JoJo + * BUG 1870: Make nmblookup do a node status on all IP's when + requested. + * BUG 2353: Fix clitar -F processing. + + +o Volker Lendecke + * Fix the build for --with-aio-support. + * Fix remote password changing if password must change is set. + * Fix rpcclient to obey the -W parameter. + * Fix segv in smbmount and the profiles tool. + * Fix typo in pdbedit help text (reported by Karolin Seeger). + + +o Vladimir Lettiev + * Honour the $(DESTDIR) Makefile variable when installing + Python extensions. + + +o Jason Mader + * Compiler warning fixes. + + +o Lars Müller + * Fix python build with older python versions. + * Update dhcp.conf files in Debian packaging + * SWAT welcome file updates + * Compiler warning fixes. + * Add .2 to the SONAME as version suffix if we link the nss + modules on linux. + * Add -t|--password-from-stdin option to pdbedit. + + +o James Peach + * Continue not enabling valgrind on 64-bit Linux. + + +o Tim Potter + * Remove unused #defines. + + +o Simo Sorce + * Debian packaging updates. + + +o Qiao Yang + * Make sure to refresh the timestamp on entries in the failed + connection code in winbindd. + + + +Release Notes for older release follow: + + -------------------------------------------------- + =============================== + Release Notes for Samba 3.0.21b + Jan 30, 2006 + =============================== + Common bugs fixed in 3.0.21b include: o Server crashes in smbd. @@ -22,7 +145,7 @@ ####### Changes since 3.0.21a --------------------- +--------------------- commits ------- @@ -226,10 +349,6 @@ * RHEL/Fedora spec file patches. - - -Release Notes for older release follow: - -------------------------------------------------- =============================== Release Notes for Samba 3.0.21a