diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/packaging/RedHat-9/makerpms.sh samba-3.0.23c/packaging/RedHat-9/makerpms.sh --- samba-3.0.23b/packaging/RedHat-9/makerpms.sh 2006-08-07 14:22:25.000000000 -0500 +++ samba-3.0.23c/packaging/RedHat-9/makerpms.sh 2006-08-31 13:56:16.000000000 -0500 @@ -20,7 +20,7 @@ USERID=`id -u` GRPID=`id -g` -VERSION='3.0.23b' +VERSION='3.0.23c' REVISION='' SPECFILE="samba3.spec" RPMVER=`rpm --version | awk '{print $3}'` diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/packaging/RedHat-9/samba.spec samba-3.0.23c/packaging/RedHat-9/samba.spec --- samba-3.0.23b/packaging/RedHat-9/samba.spec 2006-08-07 14:22:25.000000000 -0500 +++ samba-3.0.23c/packaging/RedHat-9/samba.spec 2006-08-31 13:56:16.000000000 -0500 @@ -4,8 +4,8 @@ Summary: Samba SMB client and server Vendor: Samba Team Name: samba -Version: 3.0.23b -Release: 1 +Version: 3.0.23c +Release: 4 License: GNU GPL version 2 Group: Networking Source: http://download.samba.org/samba/ftp/samba-%{version}.tar.bz2 diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/packaging/RHEL/makerpms.sh samba-3.0.23c/packaging/RHEL/makerpms.sh --- samba-3.0.23b/packaging/RHEL/makerpms.sh 2006-08-07 14:22:25.000000000 -0500 +++ samba-3.0.23c/packaging/RHEL/makerpms.sh 2006-08-31 13:56:16.000000000 -0500 @@ -20,7 +20,7 @@ USERID=`id -u` GRPID=`id -g` -VERSION='3.0.23b' +VERSION='3.0.23c' REVISION='' SPECFILE="samba.spec" RPMVER=`rpm --version | awk '{print $3}'` diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/packaging/RHEL/samba.spec samba-3.0.23c/packaging/RHEL/samba.spec --- samba-3.0.23b/packaging/RHEL/samba.spec 2006-08-07 14:22:25.000000000 -0500 +++ samba-3.0.23c/packaging/RHEL/samba.spec 2006-08-31 13:56:16.000000000 -0500 @@ -5,8 +5,8 @@ Vendor: Samba Team Packager: Samba Team Name: samba -Version: 3.0.23b -Release: 1 +Version: 3.0.23c +Release: 4 Epoch: 0 License: GNU GPL version 2 Group: System Environment/Daemons @@ -351,11 +351,6 @@ %{_sbindir}/nmbd %{_sbindir}/winbindd -%attr(755,root,root) /%{_lib}/libnss_wins.so* -%attr(755,root,root) /%{_lib}/libnss_winbind.so* -%attr(755,root,root) /%{_lib}/security/pam_winbind.so -%attr(755,root,root) /%{_lib}/security/pam_smbpass.so - %{_bindir}/mksmbpasswd.sh %{_bindir}/smbcontrol %{_bindir}/smbstatus @@ -379,7 +374,6 @@ %{_mandir}/man8/nmbd.8* %{_mandir}/man8/pdbedit.8* %{_mandir}/man8/smbd.8* -%{_mandir}/man7/pam_winbind.7* %{_mandir}/man8/tdbbackup.8* %{_mandir}/man8/tdbdump.8* %{_mandir}/man8/winbindd.8* @@ -462,6 +456,11 @@ %config(noreplace) %{_sysconfdir}/samba/smb.conf %config(noreplace) %{_sysconfdir}/samba/lmhosts +%attr(755,root,root) /%{_lib}/libnss_wins.so* +%attr(755,root,root) /%{_lib}/libnss_winbind.so* +%attr(755,root,root) /%{_lib}/security/pam_winbind.so +%attr(755,root,root) /%{_lib}/security/pam_smbpass.so + %{_includedir}/libsmbclient.h %{_libdir}/libsmbclient.a %{_libdir}/libsmbclient.so* @@ -483,6 +482,7 @@ %{_mandir}/man5/lmhosts.5* %{_mandir}/man8/smbpasswd.8* %{_mandir}/man7/libsmbclient.7* +%{_mandir}/man7/pam_winbind.7* %changelog * Fri Jan 16 2004 Gerald (Jerry) Carter diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/packaging/RHEL/samba.spec.tmpl samba-3.0.23c/packaging/RHEL/samba.spec.tmpl --- samba-3.0.23b/packaging/RHEL/samba.spec.tmpl 2006-06-23 08:16:53.000000000 -0500 +++ samba-3.0.23c/packaging/RHEL/samba.spec.tmpl 2006-08-23 11:16:39.000000000 -0500 @@ -351,11 +351,6 @@ %{_sbindir}/nmbd %{_sbindir}/winbindd -%attr(755,root,root) /%{_lib}/libnss_wins.so* -%attr(755,root,root) /%{_lib}/libnss_winbind.so* -%attr(755,root,root) /%{_lib}/security/pam_winbind.so -%attr(755,root,root) /%{_lib}/security/pam_smbpass.so - %{_bindir}/mksmbpasswd.sh %{_bindir}/smbcontrol %{_bindir}/smbstatus @@ -379,7 +374,6 @@ %{_mandir}/man8/nmbd.8* %{_mandir}/man8/pdbedit.8* %{_mandir}/man8/smbd.8* -%{_mandir}/man7/pam_winbind.7* %{_mandir}/man8/tdbbackup.8* %{_mandir}/man8/tdbdump.8* %{_mandir}/man8/winbindd.8* @@ -462,6 +456,11 @@ %config(noreplace) %{_sysconfdir}/samba/smb.conf %config(noreplace) %{_sysconfdir}/samba/lmhosts +%attr(755,root,root) /%{_lib}/libnss_wins.so* +%attr(755,root,root) /%{_lib}/libnss_winbind.so* +%attr(755,root,root) /%{_lib}/security/pam_winbind.so +%attr(755,root,root) /%{_lib}/security/pam_smbpass.so + %{_includedir}/libsmbclient.h %{_libdir}/libsmbclient.a %{_libdir}/libsmbclient.so* @@ -483,6 +482,7 @@ %{_mandir}/man5/lmhosts.5* %{_mandir}/man8/smbpasswd.8* %{_mandir}/man7/libsmbclient.7* +%{_mandir}/man7/pam_winbind.7* %changelog * Fri Jan 16 2004 Gerald (Jerry) Carter diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/packaging/RHEL/setup/samba.pamd samba-3.0.23c/packaging/RHEL/setup/samba.pamd --- samba-3.0.23b/packaging/RHEL/setup/samba.pamd 2006-01-25 06:27:46.000000000 -0600 +++ samba-3.0.23c/packaging/RHEL/setup/samba.pamd 2006-08-23 11:16:39.000000000 -0500 @@ -1,4 +1,4 @@ -auth required /lib/security/pam_stack.so service=system-auth -session required /lib/security/pam_stack.so service=system-auth -account required /lib/security/pam_stack.so service=system-auth -password required /lib/security/pam_stack.so service=system-auth +auth required pam_stack.so service=system-auth +session required pam_stack.so service=system-auth +account required pam_stack.so service=system-auth +password required pam_stack.so service=system-auth diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/REVISION samba-3.0.23c/REVISION --- samba-3.0.23b/REVISION 2006-08-07 14:22:33.000000000 -0500 +++ samba-3.0.23c/REVISION 2006-08-31 13:56:17.000000000 -0500 @@ -1,11 +1,11 @@ Path: . URL: svn+ssh://svn.samba.org/home/svn/samba/branches/SAMBA_3_0_RELEASE Repository UUID: 0c0555d6-39d7-0310-84fc-f1cc0bd64818 -Revision: 17440 +Revision: 17973 Node Kind: directory Schedule: normal Last Changed Author: jerry -Last Changed Rev: 17440 -Last Changed Date: 2006-08-07 11:40:37 -0500 (Mon, 07 Aug 2006) +Last Changed Rev: 17973 +Last Changed Date: 2006-08-31 13:50:55 -0500 (Thu, 31 Aug 2006) Properties Last Updated: 2006-06-23 08:16:54 -0500 (Fri, 23 Jun 2006) diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/auth/auth_util.c samba-3.0.23c/source/auth/auth_util.c --- samba-3.0.23b/source/auth/auth_util.c 2006-08-07 11:46:33.000000000 -0500 +++ samba-3.0.23c/source/auth/auth_util.c 2006-08-30 13:08:38.000000000 -0500 @@ -562,6 +562,10 @@ struct passwd *pwd; gid_t *gids; auth_serversupplied_info *result; + int i; + size_t num_gids; + DOM_SID unix_group_sid; + if ( !(pwd = getpwnam_alloc(NULL, pdb_get_username(sampass))) ) { DEBUG(1, ("User %s in passdb, but getpwnam() fails!\n", @@ -592,10 +596,29 @@ TALLOC_FREE(result); return status; } + + /* Add the "Unix Group" SID for each gid to catch mapped groups + and their Unix equivalent. This is to solve the backwards + compatibility problem of 'valid users = +ntadmin' where + ntadmin has been paired with "Domain Admins" in the group + mapping table. Otherwise smb.conf would need to be changed + to 'valid user = "Domain Admins"'. --jerry */ + + num_gids = result->num_sids; + for ( i=0; isids, &result->num_sids ); + } /* For now we throw away the gids and convert via sid_to_gid * later. This needs fixing, but I'd like to get the code straight and * simple first. */ + TALLOC_FREE(gids); DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n", @@ -873,7 +896,7 @@ become_root(); status = create_builtin_administrators( ); if ( !NT_STATUS_IS_OK(status) ) { - DEBUG(0,("create_local_nt_token: Failed to create BUILTIN\\Administrators group!\n")); + DEBUG(2,("create_local_nt_token: Failed to create BUILTIN\\Administrators group!\n")); /* don't fail, just log the message */ } unbecome_root(); @@ -900,7 +923,7 @@ become_root(); status = create_builtin_users( ); if ( !NT_STATUS_IS_OK(status) ) { - DEBUG(0,("create_local_nt_token: Failed to create BUILTIN\\Administrators group!\n")); + DEBUG(2,("create_local_nt_token: Failed to create BUILTIN\\Users group!\n")); /* don't fail, just log the message */ } unbecome_root(); @@ -1044,7 +1067,10 @@ gid_t *gids; DOM_SID primary_group_sid; DOM_SID *group_sids; + DOM_SID unix_group_sid; size_t num_group_sids; + size_t num_gids; + size_t i; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { @@ -1111,7 +1137,6 @@ * directly, without consulting passdb */ struct passwd *pass; - size_t i; /* * This goto target is used as a fallback for the passdb @@ -1181,6 +1206,31 @@ *found_username = talloc_strdup(mem_ctx, username); } + /* Add the "Unix Group" SID for each gid to catch mapped groups + and their Unix equivalent. This is to solve the backwards + compatibility problem of 'valid users = +ntadmin' where + ntadmin has been paired with "Domain Admins" in the group + mapping table. Otherwise smb.conf would need to be changed + to 'valid user = "Domain Admins"'. --jerry */ + + num_gids = num_group_sids; + for ( i=0; i= low) && (gids[i] <= high) ) + continue; + + if ( !gid_to_unix_groups_sid( gids[i], &unix_group_sid ) ) { + DEBUG(1,("create_token_from_username: Failed to create SID " + "for gid %d!\n", gids[i])); + continue; + } + add_sid_to_array_unique( mem_ctx, &unix_group_sid, + &group_sids, &num_group_sids ); + } + *token = create_local_nt_token(mem_ctx, &user_sid, is_guest, num_group_sids, group_sids); @@ -1877,17 +1927,20 @@ return NULL; } - token->user_sids = talloc_memdup(token, ptoken->user_sids, + ZERO_STRUCTP(token); + + if (ptoken->user_sids && ptoken->num_sids) { + token->user_sids = talloc_memdup(token, ptoken->user_sids, sizeof(DOM_SID) * ptoken->num_sids ); - if ((ptoken->user_sids != NULL) && (token->user_sids == NULL)) { - DEBUG(0, ("talloc_memdup failed\n")); - TALLOC_FREE(token); - return NULL; + if (token->user_sids == NULL) { + DEBUG(0, ("talloc_memdup failed\n")); + TALLOC_FREE(token); + return NULL; + } + token->num_sids = ptoken->num_sids; } - token->num_sids = ptoken->num_sids; - /* copy the privileges; don't consider failure to be critical here */ if ( !se_priv_copy( &token->privileges, &ptoken->privileges ) ) { diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/groupdb/mapping.c samba-3.0.23c/source/groupdb/mapping.c --- samba-3.0.23b/source/groupdb/mapping.c 2006-04-19 21:29:21.000000000 -0500 +++ samba-3.0.23c/source/groupdb/mapping.c 2006-08-23 11:16:37.000000000 -0500 @@ -195,7 +195,7 @@ fstrcpy(map.nt_name, grpname); if (pdb_rid_algorithm()) { - rid = pdb_gid_to_group_rid( grp->gr_gid ); + rid = algorithmic_pdb_gid_to_group_rid( grp->gr_gid ); } else { if (!pdb_new_rid(&rid)) { DEBUG(3, ("Could not get a new RID for %s\n", diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/include/ads_dns.h samba-3.0.23c/source/include/ads_dns.h --- samba-3.0.23b/source/include/ads_dns.h 2006-05-23 13:54:34.000000000 -0500 +++ samba-3.0.23c/source/include/ads_dns.h 2006-08-30 13:08:39.000000000 -0500 @@ -47,7 +47,9 @@ uint16 priority; uint16 weight; uint16 port; - struct in_addr ip; + size_t num_ips; + struct in_addr *ips; /* support multi-homed hosts */ + }; diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/include/dlinklist.h samba-3.0.23c/source/include/dlinklist.h --- samba-3.0.23b/source/include/dlinklist.h 2005-10-17 21:45:05.000000000 -0500 +++ samba-3.0.23c/source/include/dlinklist.h 2006-08-30 13:08:39.000000000 -0500 @@ -46,7 +46,7 @@ if ((p)->prev) (p)->prev->next = (p)->next; \ if ((p)->next) (p)->next->prev = (p)->prev; \ } \ - if ((p) && ((p) != (list))) (p)->next = (p)->prev = NULL; \ + if ((p) != (list)) (p)->next = (p)->prev = NULL; \ } /* promote an element to the top of the list */ diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/include/doserr.h samba-3.0.23c/source/include/doserr.h --- samba-3.0.23b/source/include/doserr.h 2006-04-19 21:29:39.000000000 -0500 +++ samba-3.0.23c/source/include/doserr.h 2006-08-23 11:16:38.000000000 -0500 @@ -44,6 +44,7 @@ #define ERRnomem 8 /* Out of memory */ #define ERRbadmem 9 /* Invalid memory block address */ #define ERRbadenv 10 /* Invalid environment */ +#define ERRbadformat 11 /* Bad Format */ #define ERRbadaccess 12 /* Invalid open mode */ #define ERRbaddata 13 /* Invalid data (only from ioctl call) */ #define ERRres 14 /* reserved */ @@ -60,6 +61,7 @@ #define ERRfilexists 80 /* File in operation already exists */ #define ERRinvalidparam 87 #define ERRcannotopen 110 /* Cannot open the file specified */ +#define ERRbufferoverflow 111 #define ERRinsufficientbuffer 122 #define ERRinvalidname 123 /* Invalid name */ #define ERRunknownlevel 124 diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/include/includes.h samba-3.0.23c/source/include/includes.h --- samba-3.0.23b/source/include/includes.h 2006-06-23 08:16:52.000000000 -0500 +++ samba-3.0.23c/source/include/includes.h 2006-08-23 11:16:38.000000000 -0500 @@ -667,6 +667,14 @@ #endif /* don't lie. If we don't have it, then don't use it */ #endif +#if !defined(int64) +#if (SIZEOF_LONG == 8) +#define int64 long +#elif (SIZEOF_LONG_LONG == 8) +#define int64 long long +#endif /* don't lie. If we don't have it, then don't use it */ +#endif + /* * Types for devices, inodes and offsets. diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/include/msdfs.h samba-3.0.23c/source/include/msdfs.h --- samba-3.0.23b/source/include/msdfs.h 2005-09-29 16:52:46.000000000 -0500 +++ samba-3.0.23c/source/include/msdfs.h 2006-08-23 11:16:38.000000000 -0500 @@ -53,6 +53,7 @@ struct junction_map { pstring service_name; pstring volume_name; + pstring comment; int referral_count; struct referral* referral_list; }; diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/include/rpc_dfs.h samba-3.0.23c/source/include/rpc_dfs.h --- samba-3.0.23b/source/include/rpc_dfs.h 2006-04-19 21:29:39.000000000 -0500 +++ samba-3.0.23c/source/include/rpc_dfs.h 2006-08-23 11:16:38.000000000 -0500 @@ -243,8 +243,6 @@ uint32 bufsize; uint32 ptr0_info; NETDFS_DFS_ENUMSTRUCT info; - uint32 ptr0_unknown; - uint32 unknown; uint32 ptr0_total; uint32 total; } NETDFS_Q_DFS_ENUM; diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/include/smb.h samba-3.0.23c/source/include/smb.h --- samba-3.0.23b/source/include/smb.h 2006-07-10 11:27:52.000000000 -0500 +++ samba-3.0.23c/source/include/smb.h 2006-08-23 11:16:38.000000000 -0500 @@ -272,7 +272,7 @@ #define LOOKUP_NAME_REMOTE 2 /* Ask others */ #define LOOKUP_NAME_ALL (LOOKUP_NAME_ISOLATED|LOOKUP_NAME_REMOTE) -#define LOOKUP_NAME_GROUP 4 /* This is a NASTY hack for valid users = @foo +#define LOOKUP_NAME_GROUP 4 /* (unused) This is a NASTY hack for valid users = @foo * where foo also exists in as user. */ /** diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/include/version.h samba-3.0.23c/source/include/version.h --- samba-3.0.23b/source/include/version.h 2006-08-07 14:23:35.000000000 -0500 +++ samba-3.0.23c/source/include/version.h 2006-08-31 13:57:19.000000000 -0500 @@ -2,6 +2,6 @@ #define SAMBA_VERSION_MAJOR 3 #define SAMBA_VERSION_MINOR 0 #define SAMBA_VERSION_RELEASE 23 -#define SAMBA_VERSION_REVISION "b" -#define SAMBA_VERSION_OFFICIAL_STRING "3.0.23b" +#define SAMBA_VERSION_REVISION "c" +#define SAMBA_VERSION_OFFICIAL_STRING "3.0.23c" #define SAMBA_VERSION_STRING samba_version_string() diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/lib/access.c samba-3.0.23c/source/lib/access.c --- samba-3.0.23b/source/lib/access.c 2005-07-28 08:19:45.000000000 -0500 +++ samba-3.0.23c/source/lib/access.c 2006-08-23 11:16:37.000000000 -0500 @@ -83,8 +83,7 @@ yp_get_default_domain(&mydomain); if (!mydomain) { - DEBUG(0,("Unable to get default yp domain.\n")); - return False; + DEBUG(0,("Unable to get default yp domain. Try without it.\n")); } if (!(hostname = SMB_STRDUP(s))) { DEBUG(1,("out of memory for strdup!\n")); @@ -95,7 +94,7 @@ DEBUG(5,("looking for %s of domain %s in netgroup %s gave %s\n", hostname, - mydomain, + mydomain?mydomain:"(ANY)", tok+1, BOOLSTR(netgroup_ok))); diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/lib/snprintf.c samba-3.0.23c/source/lib/snprintf.c --- samba-3.0.23b/source/lib/snprintf.c 2006-04-19 21:29:23.000000000 -0500 +++ samba-3.0.23c/source/lib/snprintf.c 2006-08-30 13:08:38.000000000 -0500 @@ -247,7 +247,7 @@ static void fmtstr(char *buffer, size_t *currlen, size_t maxlen, char *value, int flags, int min, int max); static void fmtint(char *buffer, size_t *currlen, size_t maxlen, - long value, int base, int min, int max, int flags); + LLONG value, int base, int min, int max, int flags); static void fmtfp(char *buffer, size_t *currlen, size_t maxlen, LDOUBLE fvalue, int min, int max, int flags); static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c); @@ -589,11 +589,11 @@ if (cnk->cflags == DP_C_SHORT) cnk->value = va_arg (args, unsigned int); else if (cnk->cflags == DP_C_LONG) - cnk->value = (long)va_arg (args, unsigned long int); + cnk->value = (unsigned long int)va_arg (args, unsigned long int); else if (cnk->cflags == DP_C_LLONG) cnk->value = (LLONG)va_arg (args, unsigned LLONG); else - cnk->value = (long)va_arg (args, unsigned int); + cnk->value = (unsigned int)va_arg (args, unsigned int); for (i = 1; i < clist[pnum].num; i++) { clist[pnum].chunks[i]->value = cnk->value; @@ -799,10 +799,10 @@ /* Have to handle DP_F_NUM (ie 0x and 0 alternates) */ static void fmtint(char *buffer, size_t *currlen, size_t maxlen, - long value, int base, int min, int max, int flags) + LLONG value, int base, int min, int max, int flags) { int signvalue = 0; - unsigned long uvalue; + unsigned LLONG uvalue; char convert[20]; int place = 0; int spadlen = 0; /* amount to space pad */ @@ -920,7 +920,7 @@ static double my_modf(double x0, double *iptr) { int i; - long l; + LLONG l; double x = x0; double f = 1.0; @@ -1114,7 +1114,7 @@ static struct pr_chunk *new_chunk(void) { struct pr_chunk *new_c = (struct pr_chunk *)malloc(sizeof(struct pr_chunk)); - if ( !new_c ) + if (!new_c) return NULL; new_c->type = 0; @@ -1301,7 +1301,7 @@ "%d", NULL }; - long int_nums[] = { -1, 134, 91340, 341, 0203, 0, 1234567890}; + long int_nums[] = { -1, 134, 91340, 341, 0203, 1234567890, 0}; char *str_fmt[] = { "%10.5s", "%-10.5s", @@ -1318,6 +1318,13 @@ NULL }; char *str_vals[] = {"hello", "a", "", "a longer string", NULL}; +#ifdef HAVE_LONG_LONG + char *ll_fmt[] = { + "%llu", + NULL + }; + LLONG ll_nums[] = { 134, 91340, 341, 0203, 1234567890, 128006186140000000LL, 0}; +#endif int x, y; int fail = 0; int num = 0; @@ -1329,9 +1336,9 @@ for (y = 0; fp_nums[y] != 0 ; y++) { buf1[0] = buf2[0] = '\0'; l1 = snprintf(NULL, 0, fp_fmt[x], fp_nums[y]); - l2 = snprintf(buf1, sizeof(buf1), fp_fmt[x], fp_nums[y]); + l2 = sprintf(buf1, fp_fmt[x], fp_nums[y]); sprintf (buf2, fp_fmt[x], fp_nums[y]); - buf1[1023] = buf1[1023] = '\0'; + buf1[1023] = buf2[1023] = '\0'; if (strcmp (buf1, buf2) || (l1 != l2)) { printf("snprintf doesn't match Format: %s\n\tsnprintf(%d) = [%s]\n\t sprintf(%d) = [%s]\n", fp_fmt[x], l1, buf1, l2, buf2); @@ -1345,9 +1352,9 @@ for (y = 0; int_nums[y] != 0 ; y++) { buf1[0] = buf2[0] = '\0'; l1 = snprintf(NULL, 0, int_fmt[x], int_nums[y]); - l2 = snprintf(buf1, sizeof(buf1), int_fmt[x], int_nums[y]); + l2 = sprintf(buf1, int_fmt[x], int_nums[y]); sprintf (buf2, int_fmt[x], int_nums[y]); - buf1[1023] = buf1[1023] = '\0'; + buf1[1023] = buf2[1023] = '\0'; if (strcmp (buf1, buf2) || (l1 != l2)) { printf("snprintf doesn't match Format: %s\n\tsnprintf(%d) = [%s]\n\t sprintf(%d) = [%s]\n", int_fmt[x], l1, buf1, l2, buf2); @@ -1361,9 +1368,9 @@ for (y = 0; str_vals[y] != 0 ; y++) { buf1[0] = buf2[0] = '\0'; l1 = snprintf(NULL, 0, str_fmt[x], str_vals[y]); - l2 = snprintf(buf1, sizeof(buf1), str_fmt[x], str_vals[y]); + l2 = sprintf(buf1, str_fmt[x], str_vals[y]); sprintf (buf2, str_fmt[x], str_vals[y]); - buf1[1023] = buf1[1023] = '\0'; + buf1[1023] = buf2[1023] = '\0'; if (strcmp (buf1, buf2) || (l1 != l2)) { printf("snprintf doesn't match Format: %s\n\tsnprintf(%d) = [%s]\n\t sprintf(%d) = [%s]\n", str_fmt[x], l1, buf1, l2, buf2); @@ -1373,6 +1380,24 @@ } } +#ifdef HAVE_LONG_LONG + for (x = 0; ll_fmt[x] ; x++) { + for (y = 0; ll_nums[y] != 0 ; y++) { + buf1[0] = buf2[0] = '\0'; + l1 = snprintf(NULL, 0, ll_fmt[x], ll_nums[y]); + l2 = sprintf(buf1, ll_fmt[x], ll_nums[y]); + sprintf (buf2, ll_fmt[x], ll_nums[y]); + buf1[1023] = buf2[1023] = '\0'; + if (strcmp (buf1, buf2) || (l1 != l2)) { + printf("snprintf doesn't match Format: %s\n\tsnprintf(%d) = [%s]\n\t sprintf(%d) = [%s]\n", + ll_fmt[x], l1, buf1, l2, buf2); + fail++; + } + num++; + } + } +#endif + #define BUFSZ 2048 buf1[0] = buf2[0] = '\0'; @@ -1392,7 +1417,7 @@ buf1[0] = buf2[0] = '\0'; l1 = snprintf(buf1, sizeof(buf1), "%4$*1$d %2$s %3$*1$.*1$f", 3, "pos test", 12.3456, 9); l2 = sprintf(buf2, "%4$*1$d %2$s %3$*1$.*1$f", 3, "pos test", 12.3456, 9); - buf1[1023] = buf1[1023] = '\0'; + buf1[1023] = buf2[1023] = '\0'; if (strcmp(buf1, buf2) || (l1 != l2)) { printf("snprintf doesn't match Format: %s\n\tsnprintf(%d) = [%s]\n\t sprintf(%d) = [%s]\n", "%4$*1$d %2$s %3$*1$.*1$f", l1, buf1, l2, buf2); @@ -1402,7 +1427,7 @@ buf1[0] = buf2[0] = '\0'; l1 = snprintf(buf1, sizeof(buf1), "%4$*4$d %2$s %3$*4$.*4$f", 3, "pos test", 12.3456, 9); l2 = sprintf(buf2, "%4$*4$d %2$s %3$*4$.*4$f", 3, "pos test", 12.3456, 9); - buf1[1023] = buf1[1023] = '\0'; + buf1[1023] = buf2[1023] = '\0'; if (strcmp(buf1, buf2)) { printf("snprintf doesn't match Format: %s\n\tsnprintf(%d) = [%s]\n\t sprintf(%d) = [%s]\n", "%4$*1$d %2$s %3$*1$.*1$f", l1, buf1, l2, buf2); @@ -1412,7 +1437,7 @@ buf1[0] = buf2[0] = '\0'; l1 = snprintf(buf1, sizeof(buf1), "%lld", (LLONG)1234567890); l2 = sprintf(buf2, "%lld", (LLONG)1234567890); - buf1[1023] = buf1[1023] = '\0'; + buf1[1023] = buf2[1023] = '\0'; if (strcmp(buf1, buf2)) { printf("snprintf doesn't match Format: %s\n\tsnprintf(%d) = [%s]\n\t sprintf(%d) = [%s]\n", "%lld", l1, buf1, l2, buf2); @@ -1422,7 +1447,7 @@ buf1[0] = buf2[0] = '\0'; l1 = snprintf(buf1, sizeof(buf1), "%Lf", (LDOUBLE)890.1234567890123); l2 = sprintf(buf2, "%Lf", (LDOUBLE)890.1234567890123); - buf1[1023] = buf1[1023] = '\0'; + buf1[1023] = buf2[1023] = '\0'; if (strcmp(buf1, buf2)) { printf("snprintf doesn't match Format: %s\n\tsnprintf(%d) = [%s]\n\t sprintf(%d) = [%s]\n", "%Lf", l1, buf1, l2, buf2); diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/lib/util_str.c samba-3.0.23c/source/lib/util_str.c --- samba-3.0.23b/source/lib/util_str.c 2006-07-10 11:27:51.000000000 -0500 +++ samba-3.0.23c/source/lib/util_str.c 2006-08-30 13:08:38.000000000 -0500 @@ -2023,7 +2023,7 @@ int i; /* arguments checking */ - if (!ip_list && !ipstr_list) return 0; + if (!ip_list || !ipstr_list) return 0; *ipstr_list = NULL; @@ -2251,7 +2251,9 @@ const char *p = nptr; if (!p) { - *entptr = p; + if (entptr) { + *entptr = p; + } return val; } diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/lib/xfile.c samba-3.0.23c/source/lib/xfile.c --- samba-3.0.23b/source/lib/xfile.c 2006-06-23 08:16:50.000000000 -0500 +++ samba-3.0.23c/source/lib/xfile.c 2006-08-30 13:08:38.000000000 -0500 @@ -259,7 +259,7 @@ return -1; } - if (f->bufused == 0) return 0; + if (f->bufused == 0 || !f->buf) return 0; ret = write(f->fd, f->buf, f->bufused); if (ret == -1) return -1; diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/libads/dns.c samba-3.0.23c/source/libads/dns.c --- samba-3.0.23b/source/libads/dns.c 2006-08-07 11:46:33.000000000 -0500 +++ samba-3.0.23c/source/libads/dns.c 2006-08-30 13:08:39.000000000 -0500 @@ -334,14 +334,42 @@ } /* only interested in A records as a shortcut for having to come - back later and lookup the name */ + back later and lookup the name. For multi-homed hosts, the + number of additional records and exceed the number of answer + records. */ + if ( (rr.type != T_A) || (rr.rdatalen != 4) ) continue; for ( i=0; iinitialised) { return; @@ -223,11 +221,8 @@ return; } - rcls = CVAL(cli->inbuf,smb_rcls); - code = SVAL(cli->inbuf,smb_err); - - if (eclass) *eclass = rcls; - if (ecode) *ecode = code; + *eclass = CVAL(cli->inbuf,smb_rcls); + *ecode = SVAL(cli->inbuf,smb_err); } /* Return a UNIX errno from a NT status code */ diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/libsmb/clifile.c samba-3.0.23c/source/libsmb/clifile.c --- samba-3.0.23b/source/libsmb/clifile.c 2006-04-19 21:29:25.000000000 -0500 +++ samba-3.0.23c/source/libsmb/clifile.c 2006-08-30 13:08:38.000000000 -0500 @@ -1612,7 +1612,9 @@ struct ea_struct *ea_list; *pnum_eas = 0; - *pea_list = NULL; + if (pea_list) { + *pea_list = NULL; + } if (!cli_send_trans(cli, SMBtrans2, NULL, /* Name */ diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/libsmb/clilist.c samba-3.0.23c/source/libsmb/clilist.c --- samba-3.0.23b/source/libsmb/clilist.c 2006-07-10 11:27:51.000000000 -0500 +++ samba-3.0.23c/source/libsmb/clilist.c 2006-08-30 13:08:38.000000000 -0500 @@ -94,27 +94,13 @@ } p += 4; /* fileindex */ - /* these dates appear to arrive in a - weird way. It seems to be localtime - plus the serverzone given in the - initial connect. This is GMT when - DST is not in effect and one hour - from GMT otherwise. Can this really - be right?? - - I suppose this could be called - kludge-GMT. Is is the GMT you get - by using the current DST setting on - a different localtime. It will be - cheap to calculate, I suppose, as - no DST tables will be needed */ - - finfo->ctime = interpret_long_date(p); + /* Offset zero is "create time", not "change time". */ p += 8; finfo->atime = interpret_long_date(p); p += 8; finfo->mtime = interpret_long_date(p); p += 8; + finfo->ctime = interpret_long_date(p); p += 8; finfo->size = IVAL2_TO_SMB_BIG_UINT(p,0); p += 8; diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/libsmb/clirap.c samba-3.0.23c/source/libsmb/clirap.c --- samba-3.0.23b/source/libsmb/clirap.c 2006-04-19 21:29:25.000000000 -0500 +++ samba-3.0.23c/source/libsmb/clirap.c 2006-08-30 13:08:38.000000000 -0500 @@ -553,9 +553,10 @@ /**************************************************************************** send a qpathinfo call with the SMB_QUERY_FILE_ALL_INFO info level ****************************************************************************/ + BOOL cli_qpathinfo2(struct cli_state *cli, const char *fname, - time_t *c_time, time_t *a_time, time_t *m_time, - time_t *w_time, SMB_OFF_T *size, uint16 *mode, + time_t *create_time, time_t *access_time, time_t *write_time, + time_t *change_time, SMB_OFF_T *size, uint16 *mode, SMB_INO_T *ino) { unsigned int data_len = 0; @@ -593,17 +594,17 @@ return False; } - if (c_time) { - *c_time = interpret_long_date(rdata+0); + if (create_time) { + *create_time = interpret_long_date(rdata+0); } - if (a_time) { - *a_time = interpret_long_date(rdata+8); + if (access_time) { + *access_time = interpret_long_date(rdata+8); } - if (w_time) { - *w_time = interpret_long_date(rdata+16); + if (write_time) { + *write_time = interpret_long_date(rdata+16); } - if (m_time) { - *m_time = interpret_long_date(rdata+24); + if (change_time) { + *change_time = interpret_long_date(rdata+24); } if (mode) { *mode = SVAL(rdata, 32); @@ -669,8 +670,8 @@ ****************************************************************************/ BOOL cli_qfileinfo(struct cli_state *cli, int fnum, uint16 *mode, SMB_OFF_T *size, - time_t *c_time, time_t *a_time, time_t *m_time, - time_t *w_time, SMB_INO_T *ino) + time_t *create_time, time_t *access_time, time_t *write_time, + time_t *change_time, SMB_INO_T *ino) { unsigned int data_len = 0; unsigned int param_len = 0; @@ -708,17 +709,17 @@ return False; } - if (c_time) { - *c_time = interpret_long_date(rdata+0) - cli->serverzone; + if (create_time) { + *create_time = interpret_long_date(rdata+0); } - if (a_time) { - *a_time = interpret_long_date(rdata+8) - cli->serverzone; + if (access_time) { + *access_time = interpret_long_date(rdata+8); } - if (m_time) { - *m_time = interpret_long_date(rdata+16) - cli->serverzone; + if (write_time) { + *write_time = interpret_long_date(rdata+16); } - if (w_time) { - *w_time = interpret_long_date(rdata+24) - cli->serverzone; + if (change_time) { + *change_time = interpret_long_date(rdata+24); } if (mode) { *mode = SVAL(rdata, 32); @@ -793,9 +794,9 @@ return False; } - sbuf->st_atime = interpret_long_date( rdata+8 ); - sbuf->st_mtime = interpret_long_date( rdata+16 ); - sbuf->st_ctime = interpret_long_date( rdata+24 ); + sbuf->st_atime = interpret_long_date( rdata+8 ); /* Access time. */ + sbuf->st_mtime = interpret_long_date( rdata+16 ); /* Write time. */ + sbuf->st_ctime = interpret_long_date( rdata+24 ); /* Change time. */ *attributes = IVAL( rdata, 32 ); diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/libsmb/libsmbclient.c samba-3.0.23c/source/libsmb/libsmbclient.c --- samba-3.0.23b/source/libsmb/libsmbclient.c 2006-06-23 08:16:51.000000000 -0500 +++ samba-3.0.23c/source/libsmb/libsmbclient.c 2006-08-30 13:08:38.000000000 -0500 @@ -1516,7 +1516,7 @@ if (!srv->no_pathinfo2 && cli_qpathinfo2(targetcli, targetpath, - c_time, a_time, m_time, NULL, size, mode, ino)) { + NULL, a_time, m_time, c_time, size, mode, ino)) { return True; } @@ -2184,7 +2184,7 @@ /*d_printf(">>>fstat: resolved path as %s\n", targetpath);*/ if (!cli_qfileinfo(targetcli, file->cli_fd, &mode, &size, - &c_time, &a_time, &m_time, NULL, &ino)) { + NULL, &a_time, &m_time, &c_time, &ino)) { if (!cli_getattrE(targetcli, file->cli_fd, &mode, &size, &c_time, &a_time, &m_time)) { diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/libsmb/namecache.c samba-3.0.23c/source/libsmb/namecache.c --- samba-3.0.23b/source/libsmb/namecache.c 2005-02-25 11:59:32.000000000 -0600 +++ samba-3.0.23c/source/libsmb/namecache.c 2006-08-30 13:08:38.000000000 -0500 @@ -178,14 +178,14 @@ char *key, *value; time_t timeout; - *num_names = 0; - /* exit now if null pointers were passed as they're required further */ if (!ip_list || !num_names) return False; if (!gencache_init()) return False; + *num_names = 0; + /* * Use gencache interface - lookup the key */ diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/libsmb/namequery.c samba-3.0.23c/source/libsmb/namequery.c --- samba-3.0.23b/source/libsmb/namequery.c 2006-07-21 11:22:56.000000000 -0500 +++ samba-3.0.23c/source/libsmb/namequery.c 2006-08-30 13:08:38.000000000 -0500 @@ -1024,11 +1024,12 @@ static BOOL resolve_ads(const char *name, int name_type, struct ip_service **return_iplist, int *return_count) { - int i = 0; + int i, j; NTSTATUS status; TALLOC_CTX *ctx; struct dns_rr_srv *dcs = NULL; int numdcs = 0; + int numaddrs = 0; if ( name_type != 0x1c ) return False; @@ -1043,26 +1044,48 @@ status = ads_dns_query_dcs( ctx, name, &dcs, &numdcs ); if ( !NT_STATUS_IS_OK( status ) ) { + talloc_destroy(ctx); return False; } + + for (i=0;iip = *interpret_addr2(dcs[i].hostname); - else - r->ip = dcs[i].ip; - r->port = dcs[i].port; + + /* If we don't have an IP list for a name, lookup it up */ + + if ( !dcs[i].ips ) { + r->ip = *interpret_addr2(dcs[i].hostname); + i++; + j = 0; + } else { + /* use the IP addresses from the SRV sresponse */ + + if ( j >= dcs[i].num_ips ) { + i++; + j = 0; + continue; + } + + r->ip = dcs[i].ips[j]; + j++; + } /* make sure it is a valid IP. I considered checking the negative connection cache, but this is the wrong place for it. Maybe only @@ -1075,8 +1098,7 @@ (*return_count)++; } - TALLOC_FREE( dcs ); - + talloc_destroy(ctx); return True; } @@ -1151,86 +1173,86 @@ pstrcpy(name_resolve_list, lp_name_resolve_order()); } else { pstrcpy(name_resolve_list, resolve_order); + } - if ( !name_resolve_list[0] ) { - ptr = "host"; - } else { - ptr = name_resolve_list; - } + if ( !name_resolve_list[0] ) { + ptr = "host"; + } else { + ptr = name_resolve_list; + } - /* iterate through the name resolution backends */ + /* iterate through the name resolution backends */ - while (next_token(&ptr, tok, LIST_SEP, sizeof(tok))) { - if((strequal(tok, "host") || strequal(tok, "hosts"))) { - if (resolve_hosts(name, name_type, return_iplist, return_count)) { - result = True; - goto done; - } - } else if(strequal( tok, "ads")) { - /* deal with 0x1c names here. This will result in a - SRV record lookup */ - if (resolve_ads(name, name_type, return_iplist, return_count)) { - result = True; - goto done; - } - } else if(strequal( tok, "lmhosts")) { - if (resolve_lmhosts(name, name_type, return_iplist, return_count)) { - result = True; - goto done; - } - } else if(strequal( tok, "wins")) { - /* don't resolve 1D via WINS */ - if (name_type != 0x1D && resolve_wins(name, name_type, return_iplist, return_count)) { - result = True; - goto done; - } - } else if(strequal( tok, "bcast")) { - if (name_resolve_bcast(name, name_type, return_iplist, return_count)) { - result = True; - goto done; - } - } else { - DEBUG(0,("resolve_name: unknown name switch type %s\n", tok)); + while (next_token(&ptr, tok, LIST_SEP, sizeof(tok))) { + if((strequal(tok, "host") || strequal(tok, "hosts"))) { + if (resolve_hosts(name, name_type, return_iplist, return_count)) { + result = True; + goto done; + } + } else if(strequal( tok, "ads")) { + /* deal with 0x1c names here. This will result in a + SRV record lookup */ + if (resolve_ads(name, name_type, return_iplist, return_count)) { + result = True; + goto done; + } + } else if(strequal( tok, "lmhosts")) { + if (resolve_lmhosts(name, name_type, return_iplist, return_count)) { + result = True; + goto done; + } + } else if(strequal( tok, "wins")) { + /* don't resolve 1D via WINS */ + if (name_type != 0x1D && resolve_wins(name, name_type, return_iplist, return_count)) { + result = True; + goto done; + } + } else if(strequal( tok, "bcast")) { + if (name_resolve_bcast(name, name_type, return_iplist, return_count)) { + result = True; + goto done; } + } else { + DEBUG(0,("resolve_name: unknown name switch type %s\n", tok)); } + } - /* All of the resolve_* functions above have returned false. */ + /* All of the resolve_* functions above have returned false. */ - SAFE_FREE(*return_iplist); - *return_count = 0; + SAFE_FREE(*return_iplist); + *return_count = 0; - return False; + return False; done: - /* Remove duplicate entries. Some queries, notably #1c (domain - controllers) return the PDC in iplist[0] and then all domain - controllers including the PDC in iplist[1..n]. Iterating over - the iplist when the PDC is down will cause two sets of timeouts. */ + /* Remove duplicate entries. Some queries, notably #1c (domain + controllers) return the PDC in iplist[0] and then all domain + controllers including the PDC in iplist[1..n]. Iterating over + the iplist when the PDC is down will cause two sets of timeouts. */ - if ( *return_count ) { - *return_count = remove_duplicate_addrs2( *return_iplist, *return_count ); - } + if ( *return_count ) { + *return_count = remove_duplicate_addrs2( *return_iplist, *return_count ); + } - /* Save in name cache */ - if ( DEBUGLEVEL >= 100 ) { - for (i = 0; i < *return_count && DEBUGLEVEL == 100; i++) - DEBUG(100, ("Storing name %s of type %d (%s:%d)\n", name, - name_type, inet_ntoa((*return_iplist)[i].ip), (*return_iplist)[i].port)); - } + /* Save in name cache */ + if ( DEBUGLEVEL >= 100 ) { + for (i = 0; i < *return_count && DEBUGLEVEL == 100; i++) + DEBUG(100, ("Storing name %s of type %d (%s:%d)\n", name, + name_type, inet_ntoa((*return_iplist)[i].ip), (*return_iplist)[i].port)); + } - namecache_store(name, name_type, *return_count, *return_iplist); + namecache_store(name, name_type, *return_count, *return_iplist); - /* Display some debugging info */ + /* Display some debugging info */ - if ( DEBUGLEVEL >= 10 ) { - DEBUG(10, ("internal_resolve_name: returning %d addresses: ", *return_count)); + if ( DEBUGLEVEL >= 10 ) { + DEBUG(10, ("internal_resolve_name: returning %d addresses: ", *return_count)); - for (i = 0; i < *return_count; i++) { - DEBUGADD(10, ("%s:%d ", inet_ntoa((*return_iplist)[i].ip), (*return_iplist)[i].port)); - } - DEBUG(10, ("\n")); + for (i = 0; i < *return_count; i++) { + DEBUGADD(10, ("%s:%d ", inet_ntoa((*return_iplist)[i].ip), (*return_iplist)[i].port)); } + DEBUG(10, ("\n")); } return result; @@ -1356,6 +1378,8 @@ BOOL done_auto_lookup = False; int auto_count = 0; + *ordered = False; + /* if we are restricted to solely using DNS for looking up a domain controller, make sure that host lookups are enabled for the 'name resolve order'. If host lookups @@ -1365,14 +1389,17 @@ fstrcpy( resolve_order, lp_name_resolve_order() ); strlower_m( resolve_order ); if ( ads_only ) { - if ( strstr( resolve_order, "host" ) ) + if ( strstr( resolve_order, "host" ) ) { fstrcpy( resolve_order, "ads" ); - else - fstrcpy( resolve_order, "NULL" ); + + /* DNS SRV lookups used by the ads resolver + are already sorted by priority and weight */ + *ordered = True; + } else { + fstrcpy( resolve_order, "NULL" ); + } } - *ordered = False; - /* fetch the server we have affinity for. Add the 'password server' list to a search for our domain controllers */ diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/libsmb/smb_signing.c samba-3.0.23c/source/libsmb/smb_signing.c --- samba-3.0.23b/source/libsmb/smb_signing.c 2006-08-07 11:46:33.000000000 -0500 +++ samba-3.0.23c/source/libsmb/smb_signing.c 2006-08-23 11:16:38.000000000 -0500 @@ -108,6 +108,10 @@ static BOOL cli_set_smb_signing_common(struct cli_state *cli) { + if (!cli->sign_info.allow_smb_signing) { + return False; + } + if (!cli->sign_info.negotiated_smb_signing && !cli->sign_info.mandatory_signing) { return False; diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/nmbd/asyncdns.c samba-3.0.23c/source/nmbd/asyncdns.c --- samba-3.0.23b/source/nmbd/asyncdns.c 2006-04-19 21:29:33.000000000 -0500 +++ samba-3.0.23c/source/nmbd/asyncdns.c 2006-08-30 13:08:39.000000000 -0500 @@ -205,6 +205,7 @@ if (!process_exists_by_pid(child_pid)) { close(fd_in); + close(fd_out); start_async_dns(); } diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/nmbd/nmbd_namequery.c samba-3.0.23c/source/nmbd/nmbd_namequery.c --- samba-3.0.23b/source/nmbd/nmbd_namequery.c 2005-02-25 11:59:37.000000000 -0600 +++ samba-3.0.23c/source/nmbd/nmbd_namequery.c 2006-08-30 13:08:39.000000000 -0500 @@ -59,7 +59,15 @@ rrec->repeat_count = 0; /* How long we should wait for. */ - rrec->repeat_time = p->timestamp + nmb->answers->ttl; + if (nmb->answers) { + rrec->repeat_time = p->timestamp + nmb->answers->ttl; + } else { + /* No answer - this is probably a corrupt + packet.... */ + DEBUG(0,("query_name_response: missing answer record in " + "NMB_WACK_OPCODE response.\n")); + rrec->repeat_time = p->timestamp + 10; + } rrec->num_msgs--; return; } else if(nmb->header.rcode != 0) { diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/nmbd/nmbd_sendannounce.c samba-3.0.23c/source/nmbd/nmbd_sendannounce.c --- samba-3.0.23b/source/nmbd/nmbd_sendannounce.c 2005-02-25 11:59:38.000000000 -0600 +++ samba-3.0.23c/source/nmbd/nmbd_sendannounce.c 2006-08-23 11:16:38.000000000 -0500 @@ -35,7 +35,7 @@ void send_browser_reset(int reset_type, const char *to_name, int to_type, struct in_addr to_ip) { - pstring outbuf; + char outbuf[PSTRING_LEN]; char *p; DEBUG(3,("send_browser_reset: sending reset request type %d to %s<%02x> IP %s.\n", @@ -60,7 +60,7 @@ void broadcast_announce_request(struct subnet_record *subrec, struct work_record *work) { - pstring outbuf; + char outbuf[PSTRING_LEN]; char *p; work->needannounce = True; @@ -91,7 +91,7 @@ time_t announce_interval, const char *server_name, int server_type, const char *server_comment) { - pstring outbuf; + char outbuf[PSTRING_LEN]; unstring upper_server_name; char *p; @@ -116,7 +116,7 @@ SSVAL(p,27,BROWSER_ELECTION_VERSION); SSVAL(p,29,BROWSER_CONSTANT); /* Browse signature. */ - p += 31 + push_string(NULL, p+31, server_comment, -1, STR_ASCII|STR_TERMINATE); + p += 31 + push_string(NULL, p+31, server_comment, sizeof(outbuf) - (p + 31 - outbuf), STR_ASCII|STR_TERMINATE); send_mailslot(False,BROWSE_MAILSLOT, outbuf, PTR_DIFF(p,outbuf), from_name, 0x0, to_name, to_type, to_ip, subrec->myip, @@ -132,7 +132,7 @@ time_t announce_interval, char *server_name, int server_type, char *server_comment) { - pstring outbuf; + char outbuf[PSTRING_LEN]; char *p=outbuf; memset(outbuf,'\0',sizeof(outbuf)); @@ -145,7 +145,7 @@ p += 10; p += push_string(NULL, p, server_name, 15, STR_ASCII|STR_UPPER|STR_TERMINATE); - p += push_string(NULL, p, server_comment, sizeof(pstring)-15, STR_ASCII|STR_UPPER|STR_TERMINATE); + p += push_string(NULL, p, server_comment, sizeof(outbuf)- (p - outbuf), STR_ASCII|STR_UPPER|STR_TERMINATE); send_mailslot(False,LANMAN_MAILSLOT, outbuf, PTR_DIFF(p,outbuf), from_name, 0x0, to_name, to_type, to_ip, subrec->myip, diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/nsswitch/pam_winbind.c samba-3.0.23c/source/nsswitch/pam_winbind.c --- samba-3.0.23b/source/nsswitch/pam_winbind.c 2006-08-07 11:46:33.000000000 -0500 +++ samba-3.0.23c/source/nsswitch/pam_winbind.c 2006-08-23 11:16:37.000000000 -0500 @@ -348,7 +348,7 @@ request.data.auth.krb5_cc_type[0] = '\0'; request.data.auth.uid = -1; - request.flags = WBFLAG_PAM_INFO3_TEXT | WBFLAG_PAM_GET_PWD_POLICY; + request.flags = WBFLAG_PAM_INFO3_TEXT | WBFLAG_PAM_CONTACT_TRUSTDOM; if (ctrl & WINBIND_KRB5_AUTH) { @@ -546,7 +546,7 @@ } if (ctrl & WINBIND_KRB5_AUTH) { - request.flags = WBFLAG_PAM_KRB5; + request.flags = WBFLAG_PAM_KRB5 | WBFLAG_PAM_CONTACT_TRUSTDOM; } ret = pam_winbind_request_log(pamh, ctrl, WINBINDD_PAM_CHAUTHTOK, &request, &response, user); @@ -1132,7 +1132,7 @@ } request.data.logoff.uid = pwd->pw_uid; - request.flags = WBFLAG_PAM_KRB5; + request.flags = WBFLAG_PAM_KRB5 | WBFLAG_PAM_CONTACT_TRUSTDOM; retval = pam_winbind_request_log(pamh, ctrl, WINBINDD_PAM_LOGOFF, &request, &response, user); } @@ -1373,7 +1373,7 @@ * Copyright (c) Tim Potter 2000 * Copyright (c) Andrew Bartlettt 2002 * Copyright (c) Guenther Deschner 2005-2006 - * Copyright (c) Jan Rêkorajski 1999. + * Copyright (c) Jan Rêkorajski 1999. * Copyright (c) Andrew G. Morgan 1996-8. * Copyright (c) Alex O. Yuriev, 1996. * Copyright (c) Cristian Gafton 1996. diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/nsswitch/winbindd_cache.c samba-3.0.23c/source/nsswitch/winbindd_cache.c --- samba-3.0.23b/source/nsswitch/winbindd_cache.c 2006-07-21 11:22:56.000000000 -0500 +++ samba-3.0.23c/source/nsswitch/winbindd_cache.c 2006-08-23 11:16:37.000000000 -0500 @@ -269,7 +269,38 @@ return ret; } -/* pull a string from a cache entry, using the supplied +/* pull a hash16 from a cache entry, using the supplied + talloc context +*/ +static char *centry_hash16(struct cache_entry *centry, TALLOC_CTX *mem_ctx) +{ + uint32 len; + char *ret; + + len = centry_uint8(centry); + + if (len != 16) { + DEBUG(0,("centry corruption? hash len (%u) != 16\n", + len )); + smb_panic("centry_hash16"); + } + + if (centry->len - centry->ofs < 16) { + DEBUG(0,("centry corruption? needed 16 bytes, have %d\n", + centry->len - centry->ofs)); + smb_panic("centry_hash16"); + } + + ret = TALLOC_ARRAY(mem_ctx, char, 16); + if (!ret) { + smb_panic("centry_hash out of memory\n"); + } + memcpy(ret,centry->data + centry->ofs, 16); + centry->ofs += 16; + return ret; +} + +/* pull a sid from a cache entry, using the supplied talloc context */ static BOOL centry_sid(struct cache_entry *centry, TALLOC_CTX *mem_ctx, DOM_SID *sid) @@ -629,6 +660,17 @@ centry->ofs += len; } +/* + push a 16 byte hash into a centry - treat as 16 byte string. + */ +static void centry_put_hash16(struct cache_entry *centry, const uint8 val[16]) +{ + centry_put_uint8(centry, 16); + centry_expand(centry, 16); + memcpy(centry->data + centry->ofs, val, 16); + centry->ofs += 16; +} + static void centry_put_sid(struct cache_entry *centry, const DOM_SID *sid) { fstring sid_string; @@ -864,7 +906,7 @@ } t = centry_time(centry); - *cached_nt_pass = (const uint8 *)centry_string(centry, mem_ctx); + *cached_nt_pass = (const uint8 *)centry_hash16(centry, mem_ctx); #if DEBUG_PASSWORD dump_data(100, (const char *)cached_nt_pass, NT_HASH_LEN); @@ -905,7 +947,7 @@ #endif centry_put_time(centry, time(NULL)); - centry_put_string(centry, (const char *)nt_pass); + centry_put_hash16(centry, nt_pass); centry_end(centry, "CRED/%s", sid_to_string(sid_string, sid)); DEBUG(10,("wcache_save_creds: %s\n", sid_string)); @@ -1240,7 +1282,7 @@ status = domain->backend->name_to_sid(domain, mem_ctx, domain_name, name, sid, type); /* and save it */ - if (domain->online || !is_null_sid(sid)) { + if (domain->online && !is_null_sid(sid)) { wcache_save_name_to_sid(domain, status, domain_name, name, sid, *type); } diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/nsswitch/winbindd_nss.h samba-3.0.23c/source/nsswitch/winbindd_nss.h --- samba-3.0.23b/source/nsswitch/winbindd_nss.h 2006-07-21 11:22:56.000000000 -0500 +++ samba-3.0.23c/source/nsswitch/winbindd_nss.h 2006-08-23 11:16:37.000000000 -0500 @@ -42,8 +42,8 @@ between /lib/libnss_winbind.so.2 and /li64/libnss_winbind.so.2. The easiest way to do this is to always use 8byte values for time_t. */ -#if defined(uint64) -# define SMB_TIME_T uint64 +#if defined(int64) +# define SMB_TIME_T int64 #else # define SMB_TIME_T time_t #endif @@ -190,7 +190,7 @@ #define WBFLAG_PAM_KRB5 0x1000 #define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x2000 #define WBFLAG_PAM_CACHED_LOGIN 0x4000 -#define WBFLAG_PAM_GET_PWD_POLICY 0x8000 +#define WBFLAG_PAM_GET_PWD_POLICY 0x8000 /* not used */ #define WINBINDD_MAX_EXTRA_DATA (128*1024) diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/nsswitch/winbindd_pam.c samba-3.0.23c/source/nsswitch/winbindd_pam.c --- samba-3.0.23b/source/nsswitch/winbindd_pam.c 2006-07-10 11:27:51.000000000 -0500 +++ samba-3.0.23c/source/nsswitch/winbindd_pam.c 2006-08-23 11:16:37.000000000 -0500 @@ -6,7 +6,7 @@ Copyright (C) Andrew Tridgell 2000 Copyright (C) Tim Potter 2001 Copyright (C) Andrew Bartlett 2001-2002 - Copyright (C) Guenther Deschner 2005-2006 + Copyright (C) Guenther Deschner 2005 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -222,44 +222,18 @@ return NULL; } - if (strequal(domain_name, lp_workgroup())) { - return find_our_domain(); - } - -#ifdef HAVE_ADS - - /* when trying to login using krb5 with a trusted domain account, we - * need to make sure that our and the remote domain are AD */ - - if ((state->request.flags & WBFLAG_PAM_KRB5) && - (lp_security() == SEC_ADS)) { - - struct winbindd_domain *our_domain = find_our_domain(); - - if (!our_domain->active_directory) { - DEBUG(3,("find_auth_domain: out domain is not AD\n")); - return NULL; - } - - if ((domain = find_domain_from_name_noinit(domain_name)) == NULL) { - return NULL; - } - - /* do we already know it's AD ? */ - if (domain->active_directory) { + /* we can auth against trusted domains */ + if (state->request.flags & WBFLAG_PAM_CONTACT_TRUSTDOM) { + domain = find_domain_from_name_noinit(domain_name); + if (domain == NULL) { + DEBUG(3, ("Authentication for domain [%s] skipped " + "as it is not a trusted domain\n", + domain_name)); + } else { return domain; } - - set_dc_type_and_flags(domain); - - if (!domain->active_directory) { - DEBUG(3,("find_auth_domain: remote domain is not AD\n")); - return NULL; } - return domain; - } -#endif return find_our_domain(); } @@ -1286,15 +1260,12 @@ } - /* this is required to provide password expiry warning */ - if (state->request.flags & WBFLAG_PAM_GET_PWD_POLICY) { result = fillup_password_policy(domain, state); if (!NT_STATUS_IS_OK(result)) { DEBUG(10,("Failed to get password policies: %s\n", nt_errstr(result))); goto done; } - } } diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/nsswitch/winbind_nss_config.h samba-3.0.23c/source/nsswitch/winbind_nss_config.h --- samba-3.0.23b/source/nsswitch/winbind_nss_config.h 2006-05-23 13:54:32.000000000 -0500 +++ samba-3.0.23c/source/nsswitch/winbind_nss_config.h 2006-08-23 11:16:37.000000000 -0500 @@ -24,12 +24,12 @@ #ifndef _WINBIND_NSS_CONFIG_H #define _WINBIND_NSS_CONFIG_H -/* shutup the compiler warnings due to krb5.h on i - 64-bit sles9 */ +/* shutup the compiler warnings due to krb5.h on 64-bit sles9 */ #ifdef SIZEOF_LONG #undef SIZEOF_LONG #endif + /* Include header files from data in config.h file */ #ifndef NO_CONFIG_H @@ -137,6 +137,15 @@ #endif /* don't lie. If we don't have it, then don't use it */ #endif +#if !defined(int64) +#if (SIZEOF_LONG == 8) +#define int64 long +#elif (SIZEOF_LONG_LONG == 8) +#define int64 long long +#endif /* don't lie. If we don't have it, then don't use it */ +#endif + + /* zero a structure */ #ifndef ZERO_STRUCT diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/passdb/lookup_sid.c samba-3.0.23c/source/passdb/lookup_sid.c --- samba-3.0.23b/source/passdb/lookup_sid.c 2006-08-07 11:46:33.000000000 -0500 +++ samba-3.0.23c/source/passdb/lookup_sid.c 2006-08-31 13:54:28.000000000 -0500 @@ -43,7 +43,6 @@ DOM_SID sid; enum SID_NAME_USE type; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); - struct group *grp; if (tmp_ctx == NULL) { DEBUG(0, ("talloc_new failed\n")); @@ -120,63 +119,6 @@ goto failed; } - /* - * Nasty hack necessary for too common scenarios: - * - * For 'valid users = +users' we know "users" is most probably not - * BUILTIN\users but the unix group users. This hack requires the - * admin to explicitly qualify BUILTIN if BUILTIN\users is meant. - * - * Please note that LOOKUP_NAME_GROUP can not be requested via for - * example lsa_lookupnames, it only comes into this routine via - * the expansion of group names coming in from smb.conf - */ - - if ((flags & LOOKUP_NAME_GROUP) && ((grp = getgrnam(name)) != NULL)) { - - GROUP_MAP map; - - if (pdb_getgrgid(&map, grp->gr_gid)) { - /* The hack gets worse. Handle the case where we have - * 'force group = +unixgroup' but "unixgroup" has a - * group mapping */ - - if (sid_check_is_in_builtin(&map.sid)) { - domain = talloc_strdup( - tmp_ctx, builtin_domain_name()); - } else { - domain = talloc_strdup( - tmp_ctx, get_global_sam_name()); - } - - sid_copy(&sid, &map.sid); - type = map.sid_name_use; - goto ok; - } - - /* If we are using the smbpasswd backend, we need to use the - * algorithmic mapping for the unix group we find. This is - * necessary because when creating the NT token from the unix - * gid list we got from initgroups() we use gid_to_sid() that - * uses algorithmic mapping if pdb_rid_algorithm() is true. */ - - if (pdb_rid_algorithm() && - (grp->gr_gid < max_algorithmic_gid())) { - domain = talloc_strdup(tmp_ctx, get_global_sam_name()); - sid_compose(&sid, get_global_sam_sid(), - pdb_gid_to_group_rid(grp->gr_gid)); - type = SID_NAME_DOM_GRP; - goto ok; - } - - if (lookup_unix_group_name(name, &sid)) { - domain = talloc_strdup(tmp_ctx, - unix_groups_domain_name()); - type = SID_NAME_DOM_GRP; - goto ok; - } - } - /* Now the guesswork begins, we haven't been given an explicit * domain. Try the sequence as documented on * http://msdn.microsoft.com/library/en-us/secmgmt/security/lsalookupnames.asp @@ -1009,6 +951,11 @@ { struct uid_sid_cache *pc; + /* do not store SIDs in the "Unix Group" domain */ + + if ( sid_check_is_in_unix_users( psid ) ) + return; + if (n_uid_sid_cache >= MAX_UID_SID_CACHE_SIZE && n_uid_sid_cache > TURNOVER_UID_SID_CACHE_SIZE) { /* Delete the last TURNOVER_UID_SID_CACHE_SIZE entries. */ struct uid_sid_cache *pc_next; @@ -1080,6 +1027,11 @@ void store_gid_sid_cache(const DOM_SID *psid, gid_t gid) { struct gid_sid_cache *pc; + + /* do not store SIDs in the "Unix Group" domain */ + + if ( sid_check_is_in_unix_groups( psid ) ) + return; if (n_gid_sid_cache >= MAX_GID_SID_CACHE_SIZE && n_gid_sid_cache > TURNOVER_GID_SID_CACHE_SIZE) { /* Delete the last TURNOVER_GID_SID_CACHE_SIZE entries. */ @@ -1138,14 +1090,9 @@ goto done; } - if (pdb_rid_algorithm() && (uid < max_algorithmic_uid())) { - sid_copy(psid, get_global_sam_sid()); - sid_append_rid(psid, algorithmic_pdb_uid_to_user_rid(uid)); - goto done; - } else { - uid_to_unix_users_sid(uid, psid); - goto done; - } + /* This is an unmapped user */ + + uid_to_unix_users_sid(uid, psid); done: DEBUG(10,("uid_to_sid: local %u -> %s\n", (unsigned int)uid, @@ -1180,16 +1127,10 @@ /* This is a mapped group */ goto done; } + + /* This is an unmapped group */ - if (pdb_rid_algorithm() && (gid < max_algorithmic_gid())) { - sid_copy(psid, get_global_sam_sid()); - sid_append_rid(psid, pdb_gid_to_group_rid(gid)); - goto done; - } else { - sid_copy(psid, &global_sid_Unix_Groups); - sid_append_rid(psid, gid); - goto done; - } + gid_to_unix_groups_sid(gid, psid); done: DEBUG(10,("gid_to_sid: local %u -> %s\n", (unsigned int)gid, @@ -1235,14 +1176,9 @@ *puid = id.uid; goto done; } - if (pdb_rid_algorithm() && - algorithmic_pdb_rid_is_user(rid)) { - *puid = algorithmic_pdb_user_rid_to_uid(rid); - goto done; - } - /* This was ours, but it was neither mapped nor - * algorithmic. Fail */ + /* This was ours, but it was not mapped. Fail */ + return False; } @@ -1323,14 +1259,9 @@ *pgid = id.gid; goto done; } - if (pdb_rid_algorithm() && - !algorithmic_pdb_rid_is_user(rid)) { - /* This must be a group, presented as alias */ - *pgid = pdb_group_rid_to_gid(rid); - goto done; - } - /* This was ours, but it was neither mapped nor - * algorithmic. Fail. */ + + /* This was ours, but it was not mapped. Fail */ + return False; } diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/passdb/passdb.c samba-3.0.23c/source/passdb/passdb.c --- samba-3.0.23b/source/passdb/passdb.c 2006-07-10 11:27:52.000000000 -0500 +++ samba-3.0.23c/source/passdb/passdb.c 2006-08-30 13:08:38.000000000 -0500 @@ -136,7 +136,6 @@ { const char *guest_account = lp_guestaccount(); const char *domain = global_myname(); - DOM_SID group_sid; uint32 urid; if ( !pwd ) { @@ -148,8 +147,15 @@ pdb_set_username(user, pwd->pw_name, PDB_SET); pdb_set_fullname(user, pwd->pw_gecos, PDB_SET); pdb_set_domain (user, get_global_sam_name(), PDB_DEFAULT); +#if 0 + /* This can lead to a primary group of S-1-22-2-XX which + will be rejected by other parts of the Samba code. + Rely on pdb_get_group_sid() to "Do The Right Thing" (TM) + --jerry */ + gid_to_sid(&group_sid, pwd->pw_gid); pdb_set_group_sid(user, &group_sid, PDB_SET); +#endif /* save the password structure for later use */ @@ -505,7 +511,7 @@ there is not anymore a direct link between the gid and the rid. ********************************************************************/ -uint32 pdb_gid_to_group_rid(gid_t gid) +uint32 algorithmic_pdb_gid_to_group_rid(gid_t gid) { int rid_offset = algorithmic_rid_base(); return (((((uint32)gid)*RID_MULTIPLIER) + rid_offset) | GROUP_RID_TYPE); diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/passdb/pdb_interface.c samba-3.0.23c/source/passdb/pdb_interface.c --- samba-3.0.23b/source/passdb/pdb_interface.c 2006-07-21 11:22:57.000000000 -0500 +++ samba-3.0.23c/source/passdb/pdb_interface.c 2006-08-23 11:16:38.000000000 -0500 @@ -595,7 +595,7 @@ } if (pdb_rid_algorithm()) { - *rid = pdb_gid_to_group_rid( grp->gr_gid ); + *rid = algorithmic_pdb_gid_to_group_rid( grp->gr_gid ); } else { if (!pdb_new_rid(rid)) { return NT_STATUS_ACCESS_DENIED; diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/passdb/pdb_smbpasswd.c samba-3.0.23c/source/passdb/pdb_smbpasswd.c --- samba-3.0.23b/source/passdb/pdb_smbpasswd.c 2006-08-07 11:46:33.000000000 -0500 +++ samba-3.0.23c/source/passdb/pdb_smbpasswd.c 2006-08-23 11:16:38.000000000 -0500 @@ -1189,7 +1189,6 @@ struct samu *sam_pass, const struct smb_passwd *pw_buf) { struct passwd *pwfile; - fstring unix_username; if ( !sam_pass ) { DEBUG(5,("build_sam_account: struct samu is NULL\n")); @@ -1198,10 +1197,7 @@ /* verify the user account exists */ - fstrcpy( unix_username, pw_buf->smb_name ); - strlower_m( unix_username ); - - if ( !(pwfile = getpwnam_alloc(NULL, unix_username )) ) { + if ( !(pwfile = Get_Pwnam_alloc(NULL, pw_buf->smb_name )) ) { DEBUG(0,("build_sam_account: smbpasswd database is corrupt! username %s with uid " "%u is not in unix passwd database!\n", pw_buf->smb_name, pw_buf->smb_userid)); return False; diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/passdb/util_unixsids.c samba-3.0.23c/source/passdb/util_unixsids.c --- samba-3.0.23b/source/passdb/util_unixsids.c 2006-07-10 11:27:52.000000000 -0500 +++ samba-3.0.23c/source/passdb/util_unixsids.c 2006-08-23 11:16:38.000000000 -0500 @@ -42,6 +42,12 @@ return sid_append_rid(sid, uid); } +BOOL gid_to_unix_groups_sid(gid_t gid, DOM_SID *sid) +{ + sid_copy(sid, &global_sid_Unix_Groups); + return sid_append_rid(sid, gid); +} + const char *unix_users_domain_name(void) { return "Unix User"; diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/registry/reg_objects.c samba-3.0.23c/source/registry/reg_objects.c --- samba-3.0.23b/source/registry/reg_objects.c 2006-04-19 21:29:45.000000000 -0500 +++ samba-3.0.23c/source/registry/reg_objects.c 2006-08-30 13:08:39.000000000 -0500 @@ -109,6 +109,10 @@ { int i; + if (!ctr->subkeys) { + return False; + } + for ( i=0; inum_subkeys; i++ ) { if ( strequal( ctr->subkeys[i],keyname ) ) return True; @@ -181,6 +185,7 @@ DEBUG(0,("dup_registry_value: memdup() failed for [%d] bytes!\n", val->size)); SAFE_FREE( copy ); + return NULL; } copy->size = val->size; } diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/rpcclient/cmd_dfs.c samba-3.0.23c/source/rpcclient/cmd_dfs.c --- samba-3.0.23b/source/rpcclient/cmd_dfs.c 2006-04-19 21:29:15.000000000 -0500 +++ samba-3.0.23c/source/rpcclient/cmd_dfs.c 2006-08-23 11:16:36.000000000 -0500 @@ -190,7 +190,7 @@ NETDFS_DFS_ENUMINFO_CTR ctr; NTSTATUS result; uint32 info_level = 1; - uint32 unknown = 0, total = 0; + uint32 total = 0; if (argc > 2) { printf("Usage: %s [info_level]\n", argv[0]); @@ -204,7 +204,7 @@ init_netdfs_dfs_EnumStruct(&str, info_level, ctr); str.e.ptr0 = 1; - result = rpccli_dfs_Enum(cli, mem_ctx, info_level, 0xFFFFFFFF, &str, &unknown, &total); + result = rpccli_dfs_Enum(cli, mem_ctx, info_level, 0xFFFFFFFF, &str, &total); if (NT_STATUS_IS_OK(result)) display_dfs_enumstruct(&str); diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/rpc_client/cli_dfs.c samba-3.0.23c/source/rpc_client/cli_dfs.c --- samba-3.0.23b/source/rpc_client/cli_dfs.c 2006-04-19 21:29:14.000000000 -0500 +++ samba-3.0.23c/source/rpc_client/cli_dfs.c 2006-08-23 11:16:36.000000000 -0500 @@ -142,7 +142,7 @@ return werror_to_ntstatus(r.status); } -NTSTATUS rpccli_dfs_Enum(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, uint32 level, uint32 bufsize, NETDFS_DFS_ENUMSTRUCT *info, uint32 *unknown, uint32 *total) +NTSTATUS rpccli_dfs_Enum(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, uint32 level, uint32 bufsize, NETDFS_DFS_ENUMSTRUCT *info, uint32 *total) { prs_struct qbuf, rbuf; NETDFS_Q_DFS_ENUM q; @@ -153,7 +153,7 @@ /* Marshall data and send request */ - if (!init_netdfs_q_dfs_Enum(&q, level, bufsize, info, unknown, total)) + if (!init_netdfs_q_dfs_Enum(&q, level, bufsize, info, total)) return NT_STATUS_INVALID_PARAMETER; CLI_DO_RPC(cli, mem_ctx, PI_NETDFS, DFS_ENUM, diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/rpc_parse/parse_dfs.c samba-3.0.23c/source/rpc_parse/parse_dfs.c --- samba-3.0.23b/source/rpc_parse/parse_dfs.c 2006-04-19 21:29:29.000000000 -0500 +++ samba-3.0.23c/source/rpc_parse/parse_dfs.c 2006-08-23 11:16:38.000000000 -0500 @@ -1862,7 +1862,7 @@ return True; } -BOOL init_netdfs_q_dfs_Enum(NETDFS_Q_DFS_ENUM *v, uint32 level, uint32 bufsize, NETDFS_DFS_ENUMSTRUCT *info, uint32 *unknown, uint32 *total) +BOOL init_netdfs_q_dfs_Enum(NETDFS_Q_DFS_ENUM *v, uint32 level, uint32 bufsize, NETDFS_DFS_ENUMSTRUCT *info, uint32 *total) { DEBUG(5,("init_netdfs_q_dfs_Enum\n")); @@ -1877,13 +1877,6 @@ v->ptr0_info = 0; } - if (unknown) { - v->ptr0_unknown = 1; - v->unknown = *unknown; - } else { - v->ptr0_unknown = 0; - } - if (total) { v->ptr0_total = 1; v->total = *total; @@ -1920,17 +1913,6 @@ if (!prs_align_custom(ps, 4)) return False; - if (!prs_uint32("ptr0_unknown", ps, depth, &v->ptr0_unknown)) - return False; - - if (v->ptr0_unknown) { - if (!prs_uint32("unknown", ps, depth, &v->unknown)) - return False; - } - - if (!prs_align_custom(ps, 4)) - return False; - if (!prs_uint32("ptr0_total", ps, depth, &v->ptr0_total)) return False; diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/rpc_parse/parse_samr.c samba-3.0.23c/source/rpc_parse/parse_samr.c --- samba-3.0.23b/source/rpc_parse/parse_samr.c 2006-06-23 08:16:52.000000000 -0500 +++ samba-3.0.23c/source/rpc_parse/parse_samr.c 2006-08-30 13:08:38.000000000 -0500 @@ -6895,8 +6895,7 @@ q_u->switch_value = switch_value; q_u->ctr = ctr; - if (q_u->ctr != NULL) - q_u->ctr->switch_value = switch_value; + q_u->ctr->switch_value = switch_value; switch (switch_value) { case 18: diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/rpc_server/srv_dfs_nt.c samba-3.0.23c/source/rpc_server/srv_dfs_nt.c --- samba-3.0.23b/source/rpc_server/srv_dfs_nt.c 2006-07-10 11:27:51.000000000 -0500 +++ samba-3.0.23c/source/rpc_server/srv_dfs_nt.c 2006-08-23 11:16:38.000000000 -0500 @@ -206,6 +206,7 @@ j->service_name, j->volume_name); init_unistr2(&dfs2->path, str, UNI_STR_TERMINATE); dfs2->ptr0_comment = 0; + init_unistr2(&dfs2->comment, j->comment, UNI_STR_TERMINATE); dfs2->state = 1; /* set up state of dfs junction as OK */ dfs2->num_stores = j->referral_count; return True; @@ -225,7 +226,7 @@ init_unistr2(&dfs3->path, str, UNI_STR_TERMINATE); dfs3->ptr0_comment = 1; - init_unistr2(&dfs3->comment, "", UNI_STR_TERMINATE); + init_unistr2(&dfs3->comment, j->comment, UNI_STR_TERMINATE); dfs3->state = 1; dfs3->num_stores = dfs3->size_stores = j->referral_count; dfs3->ptr0_stores = 1; @@ -260,6 +261,14 @@ return True; } +static BOOL init_reply_dfs_info_100(struct junction_map* j, NETDFS_DFS_INFO100* dfs100) +{ + dfs100->ptr0_comment = 1; + init_unistr2(&dfs100->comment, j->comment, UNI_STR_TERMINATE); + return True; +} + + WERROR _dfs_Enum(pipes_struct *p, NETDFS_Q_DFS_ENUM *q_u, NETDFS_R_DFS_ENUM *r_u) { uint32 level = q_u->level; @@ -270,7 +279,7 @@ num_jn = enum_msdfs_links(p->mem_ctx, jn, ARRAY_SIZE(jn)); vfs_ChDir(p->conn,p->conn->connectpath); - DEBUG(5,("make_reply_dfs_enum: %d junctions found in Dfs, doing level %d\n", num_jn, level)); + DEBUG(5,("_dfs_Enum: %d junctions found in Dfs, doing level %d\n", num_jn, level)); r_u->ptr0_info = q_u->ptr0_info; r_u->ptr0_total = q_u->ptr0_total; @@ -336,7 +345,7 @@ uint32 level = q_u->level; int consumedcnt = sizeof(pstring); pstring path; - BOOL ret; + BOOL ret = False; struct junction_map jn; unistr2_to_ascii(path, uni_path, sizeof(path)-1); @@ -358,8 +367,12 @@ case 1: ret = init_reply_dfs_info_1(&jn, &r_u->info.u.info1); break; case 2: ret = init_reply_dfs_info_2(&jn, &r_u->info.u.info2); break; case 3: ret = init_reply_dfs_info_3(p->mem_ctx, &jn, &r_u->info.u.info3); break; + case 100: ret = init_reply_dfs_info_100(&jn, &r_u->info.u.info100); break; default: - ret = False; + r_u->info.ptr0 = 1; + r_u->info.switch_value = 0; + r_u->status = WERR_OK; + ret = True; break; } diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/rpc_server/srv_srvsvc_nt.c samba-3.0.23c/source/rpc_server/srv_srvsvc_nt.c --- samba-3.0.23b/source/rpc_server/srv_srvsvc_nt.c 2006-06-23 08:16:51.000000000 -0500 +++ samba-3.0.23c/source/rpc_server/srv_srvsvc_nt.c 2006-08-30 13:08:38.000000000 -0500 @@ -653,7 +653,9 @@ (*stot) = list_sessions(&session_list); if (ss0 == NULL) { - (*snum) = 0; + if (snum) { + (*snum) = 0; + } SAFE_FREE(session_list); return; } diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/sam/idmap_ad.c samba-3.0.23c/source/sam/idmap_ad.c --- samba-3.0.23b/source/sam/idmap_ad.c 2006-07-21 11:22:57.000000000 -0500 +++ samba-3.0.23c/source/sam/idmap_ad.c 2006-08-23 11:16:38.000000000 -0500 @@ -139,12 +139,12 @@ } /* no op */ -static NTSTATUS ad_idmap_init(const char *uri) +static NTSTATUS ad_idmap_init(char *uri) { return NT_STATUS_OK; } -static NTSTATUS ad_idmap_get_sid_from_id(DOM_SID *sid, unid_t unid, int id_type, int flags) +static NTSTATUS ad_idmap_get_sid_from_id(DOM_SID *sid, unid_t unid, int id_type) { ADS_STATUS rc; NTSTATUS status = NT_STATUS_NONE_MAPPED; diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/smbd/lanman.c samba-3.0.23c/source/smbd/lanman.c --- samba-3.0.23b/source/smbd/lanman.c 2006-06-23 08:16:49.000000000 -0500 +++ samba-3.0.23c/source/smbd/lanman.c 2006-08-30 13:08:38.000000000 -0500 @@ -1183,12 +1183,8 @@ break; } - if (buflen) { - *buflen = struct_len; - } - if (stringspace) { - *stringspace = len; - } + *buflen = struct_len; + *stringspace = len; return struct_len + len; } diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/smbd/msdfs.c samba-3.0.23c/source/smbd/msdfs.c --- samba-3.0.23b/source/smbd/msdfs.c 2006-08-07 11:46:33.000000000 -0500 +++ samba-3.0.23c/source/smbd/msdfs.c 2006-08-23 11:16:37.000000000 -0500 @@ -889,6 +889,7 @@ pstrcpy(jucn->service_name,dp.servicename); pstrcpy(jucn->volume_name,dp.reqpath); + pstrcpy(jucn->comment, lp_comment(lp_servicenumber(dp.servicename))); return True; } diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/smbd/password.c samba-3.0.23c/source/smbd/password.c --- samba-3.0.23b/source/smbd/password.c 2006-05-23 13:54:30.000000000 -0500 +++ samba-3.0.23c/source/smbd/password.c 2006-08-23 11:16:37.000000000 -0500 @@ -420,12 +420,11 @@ yp_get_default_domain(&mydomain); if(mydomain == NULL) { - DEBUG(5,("Unable to get default yp domain\n")); - return False; + DEBUG(5,("Unable to get default yp domain, let's try without specifying it\n")); } DEBUG(5,("looking for user %s of domain %s in netgroup %s\n", - user, mydomain, ngname)); + user, mydomain?mydomain:"(ANY)", ngname)); if (innetgr(ngname, NULL, user, mydomain)) { DEBUG(5,("user_in_netgroup: Found\n")); @@ -441,7 +440,7 @@ strlower_m(lowercase_user); DEBUG(5,("looking for user %s of domain %s in netgroup %s\n", - lowercase_user, mydomain, ngname)); + lowercase_user, mydomain?mydomain:"(ANY)", ngname)); if (innetgr(ngname, NULL, lowercase_user, mydomain)) { DEBUG(5,("user_in_netgroup: Found\n")); diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/smbd/sesssetup.c samba-3.0.23c/source/smbd/sesssetup.c --- samba-3.0.23b/source/smbd/sesssetup.c 2006-06-23 08:16:49.000000000 -0500 +++ samba-3.0.23c/source/smbd/sesssetup.c 2006-08-30 13:08:38.000000000 -0500 @@ -320,10 +320,14 @@ sub_set_smb_name( real_username ); reload_services(True); + if ( map_domainuser_to_guest ) { make_server_info_guest(&server_info); } else if (logon_info) { - ret = make_server_info_info3(mem_ctx, real_username, domain, + /* pass the unmapped username here since map_username() + will be called again from inside make_server_info_info3() */ + + ret = make_server_info_info3(mem_ctx, user, domain, &server_info, &logon_info->info3); if ( !NT_STATUS_IS_OK(ret) ) { DEBUG(1,("make_server_info_info3 failed: %s!\n", diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/torture/torture.c samba-3.0.23c/source/torture/torture.c --- samba-3.0.23b/source/torture/torture.c 2006-04-19 21:29:44.000000000 -0500 +++ samba-3.0.23c/source/torture/torture.c 2006-08-30 13:08:39.000000000 -0500 @@ -2433,8 +2433,8 @@ fnum = cli_open(cli, fname, O_RDWR | O_CREAT | O_TRUNC, DENY_NONE); cli_close(cli, fnum); - if (!cli_qpathinfo2(cli, fname, &c_time, &a_time, &m_time, - &w_time, &size, NULL, NULL)) { + if (!cli_qpathinfo2(cli, fname, &c_time, &a_time, &w_time, + &m_time, &size, NULL, NULL)) { printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(cli)); correct = False; } else { @@ -2455,8 +2455,8 @@ correct = False; } sleep(3); - if (!cli_qpathinfo2(cli, "\\trans2\\", &c_time, &a_time, &m_time, - &w_time, &size, NULL, NULL)) { + if (!cli_qpathinfo2(cli, "\\trans2\\", &c_time, &a_time, &w_time, + &m_time, &size, NULL, NULL)) { printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(cli)); correct = False; } @@ -2465,8 +2465,8 @@ O_RDWR | O_CREAT | O_TRUNC, DENY_NONE); cli_write(cli, fnum, 0, (char *)&fnum, 0, sizeof(fnum)); cli_close(cli, fnum); - if (!cli_qpathinfo2(cli, "\\trans2\\", &c_time, &a_time, &m_time2, - &w_time, &size, NULL, NULL)) { + if (!cli_qpathinfo2(cli, "\\trans2\\", &c_time, &a_time, &w_time, + &m_time2, &size, NULL, NULL)) { printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(cli)); correct = False; } else { diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/utils/net_groupmap.c samba-3.0.23c/source/utils/net_groupmap.c --- samba-3.0.23b/source/utils/net_groupmap.c 2006-04-19 21:29:41.000000000 -0500 +++ samba-3.0.23c/source/utils/net_groupmap.c 2006-08-23 11:16:38.000000000 -0500 @@ -192,7 +192,8 @@ uint32 rid = 0; gid_t gid; int i; - + const char *name_type = "domain group"; + /* get the options */ for ( i=0; igr_gid; if (opt_rid == 0) { - opt_rid = pdb_gid_to_group_rid(map.gid); + if ( pdb_rid_algorithm() ) + opt_rid = algorithmic_pdb_gid_to_group_rid(map.gid); + else { + if ( !pdb_new_rid((uint32*)&opt_rid) ) { + d_fprintf( stderr, "Could not allocate new RID\n"); + return -1; + } + } } sid_copy(&map.sid, get_global_sam_sid()); diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/utils/ntlm_auth.c samba-3.0.23c/source/utils/ntlm_auth.c --- samba-3.0.23b/source/utils/ntlm_auth.c 2006-05-23 13:54:35.000000000 -0500 +++ samba-3.0.23c/source/utils/ntlm_auth.c 2006-08-30 13:08:39.000000000 -0500 @@ -1097,7 +1097,6 @@ if (client_ntlmssp_state == NULL) { DEBUG(1, ("Got NTLMSSP tArg without a client state\n")); x_fprintf(x_stdout, "BH\n"); - ntlmssp_end(&client_ntlmssp_state); return; } diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/VERSION samba-3.0.23c/source/VERSION --- samba-3.0.23b/source/VERSION 2006-08-07 11:46:34.000000000 -0500 +++ samba-3.0.23c/source/VERSION 2006-08-30 13:32:27.000000000 -0500 @@ -37,7 +37,7 @@ # e.g. SAMBA_VERSION_REVISION=a # # -> "2.2.8a" # ######################################################## -SAMBA_VERSION_REVISION=b +SAMBA_VERSION_REVISION=c ######################################################## # For 'pre' releases the version will be # diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/source/web/cgi.c samba-3.0.23c/source/web/cgi.c --- samba-3.0.23b/source/web/cgi.c 2006-06-23 08:16:51.000000000 -0500 +++ samba-3.0.23c/source/web/cgi.c 2006-08-30 13:08:38.000000000 -0500 @@ -80,8 +80,9 @@ } - - ret[i] = 0; + if (ret) { + ret[i] = 0; + } return ret; } diff -u -r --new-file --exclude .svn --exclude CVS samba-3.0.23b/WHATSNEW.txt samba-3.0.23c/WHATSNEW.txt --- samba-3.0.23b/WHATSNEW.txt 2006-08-07 11:46:34.000000000 -0500 +++ samba-3.0.23c/WHATSNEW.txt 2006-08-31 13:54:28.000000000 -0500 @@ -1,6 +1,6 @@ =============================== - Release Notes for Samba 3.0.23b - Aug 7, 2006 + Release Notes for Samba 3.0.23c + Aug 30, 2006 =============================== This is the latest stable release of Samba. This is the version @@ -9,6 +9,128 @@ original 3.0.23 release regarding new features and difference in behavior from previous releases. +We would like to thank the developers of the Saturn code analysis +tool from Stanford University (http://glide.stanford.edu/saturn). +This release includes several code fixes based on its reports. + +Common bugs fixed in 3.0.23c include: + + o Authentication failures in pam_winbind when the AD domain + policy is set to not expire passwords. + o Authorization failures when using smb.conf options such + as "valid users" with the smbpasswd passdb backend. + + +RID Algorithms & Passdb +======================= + +Starting with the 3.0.23c release, the officially supported passdb +backends (smbpasswd, tdbsam, and ldapsam) now operate identically +with regards to the historical RID algorithm for unmapped users +and groups (i.e. accounts not in the passdb or group mapping table). +The resulting behavior is that all unmapped users are resolved +to a SID in the S-1-22-1 domain and all unmapped groups resolve +to a SID in the S-1-22-2 domain. Previously, when using the +smbpasswd passdb, such users and groups would resolve to an +algorithmic SID in the machine's own domain (S-1-5-XX-XX-XX). +However, the smbpasswd backend still utilizes the RID algorithm +when creating new user accounts or allocating a RID for a new +group mapping entry. + +With the changes in the 3.0.23c release, it is now possible to +resolve a uid/gid, name, or SID in any direction and always obtain +a symmetric mapping. This is important so that values for smb.conf +parameters such as "valid users" resolve to the same SIDs as those +included in the local user's initial token. + +Most installations will notice no change. However, because +an unmapped account's SID will now change even when using +smbpasswd it is possible that any security descriptors on files +previously copied from a Samba host to a Windows NTFS partition +may now fail to give access. The workaround is to either manually +map all affect groups (or add impacted users to the server's +passdb) or to manually reset the file's ACL. + + +###################################################################### +Changes +####### + +Changes since 3.0.23b +--------------------- + +commits +------- +o Michael Adam + * Fix incorrect logic in internal_resolve_name() caused by if + statement. + + +o Jeremy Allison + * Don't store a NULL SID in winbindd's offline cache. + * Ensure we store the offline password hash in the correct format. + * OS/2 fixes for large Extended Attributes data. + * Fix nmbd crashes caused by miscalculation in pushing + announcements. + * Handle times consistently across all client utils including + libsmbclient. + * Fix a file descriptor leak in nmbd sync DNS lookup code. + * Fix inconsistency found in checking for NULL in DLIST_REMOVE + macro. + * Pointer dereference fixes based on the Saturn analysis tool. + * Fix memory leak in the AD DC lookup code. + + +o Gerald (Jerry) Carter + * RHEL4 and Fedora packaging updates. + * Remove RID algorithm support for unmapped users and groups + when using an smbpasswd backend. + * Extend the NT token for local users' with the S-1-22-2 + SID for each supplementary group + * BUG 3969: Fix unsigned time comparison with expiration + policy from AD DC. + * Merge Guenther's fixes from the SuSE SLES10 tree to ensure + that winbindd talks to the correct DC when servicing PAM + authentication requests. + * Do not use the generic IP address sort routines for AD DCs + since the SRV lookup include a sorting algorithm based + on priority and weight. + * Fix our DNS SRV lookup code to deal with multi-homed hosts. + * More changes to ensure that the primary group SID for + a local user is based on the primary Unix group and not the + primaryGroupSID passdb attribute. + * Disable storing SIDs in the S-1-22-1 and S-1-22-2 domain + to the SID<->uid/gid cache. + + +o Guenther Deschner + * Fix msdfs RPC client and server management RPCs. + * Align idmap_ad with the current idmap_methods interface. + + +o Volker Lendecke + * Re-add support for "username level" when looking up the + matching Unix user for an smbpasswd entry. + * snprintf() fixes. + + +o Simo Sorce + * Let innetgr() work without binding its use to a + NIS domain to support netgroups in local files. + + +o Ben Winslow + * Allow client smb signing to be turned off correctly. + + +Release Notes for older release follow: + + -------------------------------------------------- + =============================== + Release Notes for Samba 3.0.23b + Aug 7, 2006 + =============================== + Common bugs fixed in 3.0.23b include: o Ambiguity with unqualified names in smb.conf parameters @@ -23,15 +145,15 @@ ============================================= Since Samba 3.0.8, it has been recommended that all domain accounts -listed in smb.conf on a member server be fully qualified with -the domain name. This is now a requirement. All unqualified names -are assumed to be local to the Unix host, either as part of the -server's local passdb or in the local system list of accounts -(e.g. /etc/passwd or /etc/group). +listed in smb.conf on a member server be fully qualified with the +domain name. This is now a requirement. All unqualified names are +assumed to be local to the Unix host, either as part of the server's +local passdb or in the local system list of accounts (e.g. /etc/passwd +or /etc/group). The reason for this change is that smbd has transitioned from access checks based on string comparisons to token based -authorization. All names are resolved to a SID and they verified +authorization. All names are resolved to a SID and then verified against the logged on user's NT user token. Local names will resolve to a local SID, while qualified domain names will resolve to the appropriate domain SID. @@ -48,8 +170,9 @@ path = /data valid users = +"DOMAIN\Linux Admins" +srvadmin -Note that to restrict the [homes] share on a member server, it -is necessary to prefix the %S valid to "valid users". +Note that to restrict the [homes] share on a member server to the +owner of that directory, it is necessary to prefix the %S value +to "valid users". [global] security = {domain,ads} @@ -64,8 +187,8 @@ Changes ####### -Changes since 3.0.23 --------------------- +Changes since 3.0.23a +--------------------- commits ------- @@ -117,9 +240,6 @@ * Fix bug where qualified user or group names in smb.conf were assumed to use the '\' character as the winbind separator. - -Release Notes for older release follow: - -------------------------------------------------- =============================== Release Notes for Samba 3.0.23a