From: Gerald Carter Date: Fri, 7 Nov 2003 17:36:51 +0000 (+0000) Subject: last routnd of syncs for 3.01.pre2 X-Git-Tag: samba-3.0.1pre2~3 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=2b9129b68da568a3f711112b8e149b4d58974ce4;p=thirdparty%2Fsamba.git last routnd of syncs for 3.01.pre2 --- diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 8b21e101b46..6bd2b93cb15 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,5 +1,5 @@ - WHATS NEW IN Samba 3.0.1pre1 - October 10, 2003 + WHATS NEW IN Samba 3.0.1pre2 + November 7, 2003 ============================== This is a preview release of the Samba 3.0.1 code base and is @@ -15,13 +15,110 @@ exact updates. ###################################################################### Changes ####### - -Changes since 3.0.0 -------------------- +Changes since 3.0.1pre1 +----------------------- Please refer to the CVS log for the SAMBA_3_0 branch for complete details: +1) Match Samba 2.2 behavior; make ACB_NORMAL the default ACB value. +2) Updated Japanese welcome file in SWAT. +3) Fix to nt-time <-> unix-time functions reversible. +4) Ensure that winbindd uses the the escaped DN when querying + an AD ldap server. +5) Fix portability issues when compiling (bug 505, 550) +6) Compile fix for tdbbackup when Samba needs to override + non-C99 compliant implementations of snprintf(). +7) Use @PICSUFFIX@ instead of .po in Makefile.in (bug 574). +8) Make sure we break out of samsync loop on error. +9) Ensure error code path doesn't free unmalloc()'d memory + (bug 628). +10) Add configure test for krb5_keytab_entry keyblock vs key + member (bug 636). +11) Fixed spinlocks. +12) Modified testparm so that all output so all debug output goes + to stderr, and all file processing goes to stdout. +13) Fix error return code for BUFFER_TOO_SMALL in smbcacls + and smbcquotas. +14) Fix "NULL dest in safe_strcpy()" log message by ensuring that + we have a devmode before copying a string to the devicename. +15) Support mapping REALM.COM\user to a local user account (without + running winbindd) for compatibility with 2.2.x release. +16) Ensure we don't use mmap() on blacklisted systems. +17) fixed a number of bugs and memory leaks in the AIX + winbindd shim +18) Call initgroups() in SWAT before becomming the user so that + secondary group permissions can be used when writing to + smb.conf. +19) Fix signing problems when reverse connecting back to a + client for printer notify +20) Fix signing problems caused by a miss-sequence bug. +21) Missing map in errormap for ERROR_MORE_DATA -> ERRDOS, ERRmoredata. + Fixes NEXUS tools running on Win9x clients (bug 64). +22) Don't leave the domain field uninitialized in cli_lsa.c if some + SID could not be mapped. +23) Fix segfault in mount.cifs helper when there is no options + specified during mount. +24) Change the \n after the password prompt to go to tty instead + of stdout (bug 668). +25) Stop net -P from prompting for machine account password (bug 451). +26) Change in behavior to Not only change the effective uid but also + the real uid when becoming unprivileged. +27) Cope with Exchange 5.5 cleartext pop password auth. +28) New files for support of initshutdown pipe. Win2k doesn't + respond properly to all requests on the winreg pipe, so we need + to handle this new pipe (bug 534). +29) Added more va_copy() checks in configure.in. +30) Include fixes for libsmbclient build problems. +31) Missing UNIX -> DOS codepage conversion in lanman.c. +32) Allow DFMS-S filenames can now have arbitrary case (bug 667). +33) Parameterize the listen backlog in smbd and make it larger by + default. A backlog of 5 is way too small these days. +34) Check for an invalid fid before dereferencing the fsp pointer + (bug 696). +35) Remove invalid memory frees and return codes in pdb_ldap.c. +36) Prompt for password when invoking --set-auth-user and no + password is given. +37) Bind the nmbd sending socket to the 'socket address'. +38) Re-order link command for smbd, rpcclient and smbpasswd to ensure + $LDFLAGS occurs before any library specification (bug 661). +39) Fix large number of printf() calls for 64-bit size_t. +40) Fix AC_CHECK_MEMBER so that SLES8 does correctly finds the + keyblock in the krb5 structs. +41) Remove #include in hopes to avoid problems with + apache header files. +42) COrrect winbindd build problems on HP-UX 11 +43) Lowercase netgroups lookups (bug 703). +44) Use the actual size of the buffer in strftime instead of a made + up value which just happens to be less than sizeof(fstring). + (bug 713). +45) Add ldaplibs to pdbedit link line (bug 651). +46) Fix crash bug in smbclient completion (bug 659). +47) Fix packet length for browse list reply (bug 771). +48) Fix coredump in cli_get_backup_list(). +49) Make sure that we expand %N (bug 612). +50) Allow rpcclient adddriver command to specify printer driver + version (bug 514). +51) Compile tdbdump by default. +52) Apply patches to fix iconv detection for FreeBSD. +53) Do not allow the 'guest account' to be added to a passdb backend + using smbpasswd or pdbedit (bug 624). +54) Save LDFLAGS during iconv detection (bug 57). +55) Run krb5 logins through the username map if the winbindd + lookup fails (bug 698). +56) Add const for lp_set_name_resolve_order() to avoid compiler warnings + (bug 471). +57) Add support for the %i macro in smb.conf to stand in for the for + the local IP address to which a client connected. +58) Allow winbindd to match local accounts to domain SID when + 'winbind trusted domains only = yes' (bug 680). +59) Remove code in idmap_ldap that searches the user suffix and group + suffix. It's not needed and provides inconsistent functionality + from the tdb backend. + + +Changes since 3.0.0 +------------------- Modified parameters * mangled map (deprecated) diff --git a/packaging/Mandrake/samba2.spec.tmpl b/packaging/Mandrake/samba2.spec.tmpl index 787ea1e5dba..28bc8f9dafb 100644 --- a/packaging/Mandrake/samba2.spec.tmpl +++ b/packaging/Mandrake/samba2.spec.tmpl @@ -222,6 +222,7 @@ %endif Summary: Samba SMB server. +Vendor: Samba Team Name: %{pkg_name}%{samba_major} %if %have_pre diff --git a/packaging/RedHat/samba.spec.tmpl b/packaging/RedHat/samba.spec.tmpl index 7afb30bb31e..034c909fb7f 100644 --- a/packaging/RedHat/samba.spec.tmpl +++ b/packaging/RedHat/samba.spec.tmpl @@ -2,6 +2,7 @@ %define rpm_version `rpm --version | awk '{print $3}' | awk -F. '{print $1$2}'` Summary: Samba SMB client and server +Vendor: Samba Team Name: samba Version: PVERSION Release: PRELEASE diff --git a/packaging/SuSE/samba3.spec b/packaging/SuSE/samba3.spec index 1b620e60c25..37d8a4d36f8 100644 --- a/packaging/SuSE/samba3.spec +++ b/packaging/SuSE/samba3.spec @@ -14,6 +14,7 @@ # usedforbuild aaa_base acl attr bash bind9-utils bison coreutils cpio cpp cvs cyrus-sasl2 db devs diffutils e2fsprogs file filesystem fillup findutils flex gawk gdbm-devel glibc glibc-devel glibc-locale gpm grep groff gzip info insserv kbd less libacl libattr libgcc libstdc++ libxcrypt m4 make man mktemp modutils ncurses ncurses-devel net-tools netcfg pam pam-devel pam-modules patch permissions ps rcs readline sed sendmail shadow strace syslogd sysvinit tar texinfo timezone unzip util-linux vim zlib zlib-devel XFree86-libs autoconf automake binutils bzip2 cracklib cups-devel cups-libs dialog docbook-utils docbook-xsl-stylesheets docbook_4 ed freetype2 gcc gdbm gettext ghostscript-fonts-std ghostscript-library ghostscript-x11 glib heimdal heimdal-devel heimdal-lib iso_ent libacl-devel libattr-devel libgimpprint libpng libtiff libtool libxml2 libxml2-devel libxslt mysql-devel mysql-shared openldap2 openldap2-client openldap2-devel openssl openssl-devel perl popt popt-devel python python-devel readline-devel rpm te_ams te_etex te_latex te_pdf tetex xmlcharent Name: samba3 +Vendor: Samba Team License: GPL Group: Productivity/Networking/Samba Url: http://www.samba.org diff --git a/source/intl/lang_tdb.c b/source/intl/lang_tdb.c index b0e9e414de6..b98e5734cbf 100644 --- a/source/intl/lang_tdb.c +++ b/source/intl/lang_tdb.c @@ -131,7 +131,7 @@ BOOL lang_tdb_init(const char *lang) asprintf(&msg_path, "%s.msg", lib_path((const char *)lang)); if (stat(msg_path, &st) != 0) { /* the msg file isn't available */ - DEBUG(10, ("lang_tdb_init: %s: %s", msg_path, + DEBUG(10, ("lang_tdb_init: %s: %s\n", msg_path, strerror(errno))); goto done; } diff --git a/source/lib/access.c b/source/lib/access.c index 62414726fb0..a642a92d716 100644 --- a/source/lib/access.c +++ b/source/lib/access.c @@ -311,21 +311,21 @@ BOOL check_access(int sock, const char **allow_list, const char **deny_list) if (only_ipaddrs_in_list(allow_list) && only_ipaddrs_in_list(deny_list)) { only_ip = True; DEBUG (3, ("check_access: no hostnames in host allow/deny list.\n")); - ret = allow_access(deny_list,allow_list, "", get_socket_addr(sock)); + ret = allow_access(deny_list,allow_list, "", get_peer_addr(sock)); } else { DEBUG (3, ("check_access: hostnames in host allow/deny list.\n")); - ret = allow_access(deny_list,allow_list, get_socket_name(sock,True), - get_socket_addr(sock)); + ret = allow_access(deny_list,allow_list, get_peer_name(sock,True), + get_peer_addr(sock)); } if (ret) { DEBUG(2,("Allowed connection from %s (%s)\n", - only_ip ? "" : get_socket_name(sock,True), - get_socket_addr(sock))); + only_ip ? "" : get_peer_name(sock,True), + get_peer_addr(sock))); } else { DEBUG(0,("Denied connection from %s (%s)\n", - only_ip ? "" : get_socket_name(sock,True), - get_socket_addr(sock))); + only_ip ? "" : get_peer_name(sock,True), + get_peer_addr(sock))); } } diff --git a/source/lib/substitute.c b/source/lib/substitute.c index 923afd989f7..ee342964d0f 100644 --- a/source/lib/substitute.c +++ b/source/lib/substitute.c @@ -363,6 +363,9 @@ void standard_sub_basic(const char *smb_name, char *str,size_t len) case 'I' : string_sub(p,"%I", client_addr(),l); break; + case 'i' : + string_sub(p,"%i", client_socket_addr(),l); + break; case 'L' : if (local_machine_name && *local_machine_name) string_sub(p,"%L", local_machine_name,l); diff --git a/source/lib/util_sock.c b/source/lib/util_sock.c index b59d7aa7ebb..1d62da53c5b 100644 --- a/source/lib/util_sock.c +++ b/source/lib/util_sock.c @@ -794,10 +794,15 @@ void client_setfd(int fd) char *client_name(void) { - return get_socket_name(client_fd,False); + return get_peer_name(client_fd,False); } char *client_addr(void) +{ + return get_peer_addr(client_fd); +} + +char *client_socket_addr(void) { return get_socket_addr(client_fd); } @@ -866,7 +871,7 @@ static BOOL matchname(char *remotehost,struct in_addr addr) Return the DNS name of the remote end of a socket. ******************************************************************/ -char *get_socket_name(int fd, BOOL force_lookup) +char *get_peer_name(int fd, BOOL force_lookup) { static pstring name_buf; static fstring addr_buf; @@ -879,10 +884,10 @@ char *get_socket_name(int fd, BOOL force_lookup) with dns. To avoid the delay we avoid the lookup if possible */ if (!lp_hostname_lookups() && (force_lookup == False)) { - return get_socket_addr(fd); + return get_peer_addr(fd); } - p = get_socket_addr(fd); + p = get_peer_addr(fd); /* it might be the same as the last one - save some DNS work */ if (strcmp(p, addr_buf) == 0) return name_buf; @@ -918,7 +923,7 @@ char *get_socket_name(int fd, BOOL force_lookup) Return the IP addr of the remote end of a socket as a string. ******************************************************************/ -char *get_socket_addr(int fd) +char *get_peer_addr(int fd) { struct sockaddr sa; struct sockaddr_in *sockin = (struct sockaddr_in *) (&sa); @@ -941,6 +946,29 @@ char *get_socket_addr(int fd) return addr_buf; } +char *get_socket_addr(int fd) +{ + struct sockaddr sa; + struct sockaddr_in *sockin = (struct sockaddr_in *) (&sa); + int length = sizeof(sa); + static fstring addr_buf; + + fstrcpy(addr_buf,"0.0.0.0"); + + if (fd == -1) { + return addr_buf; + } + + if (getsockname(fd, &sa, &length) < 0) { + DEBUG(0,("getpeername failed. Error was %s\n", strerror(errno) )); + return addr_buf; + } + + fstrcpy(addr_buf,(char *)inet_ntoa(sockin->sin_addr)); + + return addr_buf; +} + /******************************************************************* Create protected unix domain socket. diff --git a/source/nsswitch/winbindd_sid.c b/source/nsswitch/winbindd_sid.c index 3b30c3e2ebc..0faeec56369 100644 --- a/source/nsswitch/winbindd_sid.c +++ b/source/nsswitch/winbindd_sid.c @@ -411,7 +411,7 @@ enum winbindd_result winbindd_gid_to_sid(struct winbindd_cli_state *state) if ( !winbindd_lookup_sid_by_name(domain, grp->gr_name, &sid, &type) ) return WINBINDD_ERROR; - if ( type!=SID_NAME_DOM_GRP || type!=SID_NAME_ALIAS ) + if ( type!=SID_NAME_DOM_GRP && type!=SID_NAME_ALIAS ) return WINBINDD_ERROR; /* don't fail if we can't store it */ diff --git a/source/passdb/lookup_sid.c b/source/passdb/lookup_sid.c index ecf7f226298..425c9b87f10 100644 --- a/source/passdb/lookup_sid.c +++ b/source/passdb/lookup_sid.c @@ -300,20 +300,28 @@ static void store_gid_sid_cache(const DOM_SID *psid, gid_t gid) NTSTATUS uid_to_sid(DOM_SID *psid, uid_t uid) { fstring sid; + uid_t low, high; ZERO_STRUCTP(psid); if (fetch_sid_from_uid_cache(psid, uid)) return ( psid ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL ); - if (winbind_uid_to_sid(psid, uid)) { + /* DC's never use winbindd to resolve users outside the + defined idmap range */ - DEBUG(10,("uid_to_sid: winbindd %u -> %s\n", - (unsigned int)uid, sid_to_string(sid, psid))); + if ( lp_server_role()==ROLE_DOMAIN_MEMBER + || (lp_idmap_uid(&low, &high) && uid >= low && uid <= high) ) + { + if (winbind_uid_to_sid(psid, uid)) { - if (psid) - store_uid_sid_cache(psid, uid); - return ( psid ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL ); + DEBUG(10,("uid_to_sid: winbindd %u -> %s\n", + (unsigned int)uid, sid_to_string(sid, psid))); + + if (psid) + store_uid_sid_cache(psid, uid); + return ( psid ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL ); + } } if (!local_uid_to_sid(psid, uid)) { @@ -334,20 +342,28 @@ NTSTATUS uid_to_sid(DOM_SID *psid, uid_t uid) NTSTATUS gid_to_sid(DOM_SID *psid, gid_t gid) { fstring sid; + gid_t low, high; ZERO_STRUCTP(psid); if (fetch_sid_from_gid_cache(psid, gid)) return ( psid ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL ); - if (winbind_gid_to_sid(psid, gid)) { + /* DC's never use winbindd to resolve groups outside the + defined idmap range */ - DEBUG(10,("gid_to_sid: winbindd %u -> %s\n", - (unsigned int)gid, sid_to_string(sid, psid))); + if ( lp_server_role()==ROLE_DOMAIN_MEMBER + || (lp_idmap_gid(&low, &high) && gid >= low && gid <= high) ) + { + if (winbind_gid_to_sid(psid, gid)) { + + DEBUG(10,("gid_to_sid: winbindd %u -> %s\n", + (unsigned int)gid, sid_to_string(sid, psid))); - if (psid) - store_gid_sid_cache(psid, gid); - return ( psid ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL ); + if (psid) + store_gid_sid_cache(psid, gid); + return ( psid ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL ); + } } if (!local_gid_to_sid(psid, gid)) { @@ -452,7 +468,9 @@ NTSTATUS sid_to_gid(const DOM_SID *psid, gid_t *pgid) /* winbindd knows it; Ensure this is a group sid */ - if ((name_type != SID_NAME_DOM_GRP) && (name_type != SID_NAME_ALIAS) && (name_type != SID_NAME_WKN_GRP)) { + if ((name_type != SID_NAME_DOM_GRP) && (name_type != SID_NAME_ALIAS) + && (name_type != SID_NAME_WKN_GRP)) + { DEBUG(10,("sid_to_gid: winbind lookup succeeded but SID is not a known group (%u)\n", (unsigned int)name_type )); diff --git a/source/passdb/pdb_get_set.c b/source/passdb/pdb_get_set.c index 46c49be8b11..4a5a5759d4f 100644 --- a/source/passdb/pdb_get_set.c +++ b/source/passdb/pdb_get_set.c @@ -1045,19 +1045,6 @@ BOOL pdb_set_backend_private_data (SAM_ACCOUNT *sampass, void *private_data, if (!sampass) return False; -#if 0 - /* With this check backend_private_data_free_fn is *never* set - as the methods are never set anywhere. What is this - supposed to do ???? - - Volker - */ - - /* does this backend 'own' this SAM_ACCOUNT? */ - if (my_methods != sampass->private.backend_private_methods) - return False; -#endif - if (sampass->private.backend_private_data && sampass->private.backend_private_data_free_fn) { sampass->private.backend_private_data_free_fn(&sampass->private.backend_private_data); } diff --git a/source/rpc_server/srv_netlog_nt.c b/source/rpc_server/srv_netlog_nt.c index 602cd7d2d50..e6d005b1575 100644 --- a/source/rpc_server/srv_netlog_nt.c +++ b/source/rpc_server/srv_netlog_nt.c @@ -581,8 +581,6 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * return NT_STATUS_INVALID_INFO_CLASS; } /* end switch */ - /* check username exists */ - rpcstr_pull(nt_username,uni_samlogon_user->buffer,sizeof(nt_username),uni_samlogon_user->uni_str_len*2,0); rpcstr_pull(nt_domain,uni_samlogon_domain->buffer,sizeof(nt_domain),uni_samlogon_domain->uni_str_len*2,0); rpcstr_pull(nt_workstation,uni_samlogon_workstation->buffer,sizeof(nt_workstation),uni_samlogon_workstation->uni_str_len*2,0); @@ -593,10 +591,6 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * fstrcpy(current_user_info.smb_name, nt_username); sub_set_smb_name(nt_username); - /* - * Convert to a UNIX username. - */ - DEBUG(5,("Attempting validation level %d for unmapped username %s.\n", q_u->sam_id.ctr->switch_value, nt_username)); status = NT_STATUS_OK; diff --git a/source/sam/idmap_ldap.c b/source/sam/idmap_ldap.c index 718f134de4a..2a94de755ac 100644 --- a/source/sam/idmap_ldap.c +++ b/source/sam/idmap_ldap.c @@ -1,4 +1,4 @@ -/* +/* Unix SMB/CIFS implementation. idmap LDAP backend @@ -7,17 +7,17 @@ Copyright (C) Jim McDonough 2003 Copyright (C) Simo Sorce 2003 Copyright (C) Gerald Carter 2003 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. @@ -34,25 +34,84 @@ #include "smbldap.h" -#define IDMAP_GROUP_SUFFIX "ou=idmap group" -#define IDMAP_USER_SUFFIX "ou=idmap people" - - struct ldap_idmap_state { struct smbldap_state *smbldap_state; TALLOC_CTX *mem_ctx; }; -#define LDAP_MAX_ALLOC_ID 128 /* number tries while allocating - new id */ - static struct ldap_idmap_state ldap_state; -static NTSTATUS ldap_set_mapping(const DOM_SID *sid, unid_t id, int id_type); -static NTSTATUS ldap_set_mapping_internals(const DOM_SID *sid, unid_t id, int id_type, - const char *ldap_dn, LDAPMessage *entry); -static NTSTATUS ldap_idmap_close(void); +/* number tries while allocating new id */ +#define LDAP_MAX_ALLOC_ID 128 + + +/*********************************************************************** + This function cannot be called to modify a mapping, only set a new one +***********************************************************************/ + +static NTSTATUS ldap_set_mapping(const DOM_SID *sid, unid_t id, int id_type) +{ + pstring dn; + pstring id_str; + fstring type; + LDAPMod **mods = NULL; + int rc = -1; + int ldap_op; + fstring sid_string; + LDAPMessage *entry = NULL; + + sid_to_string( sid_string, sid ); + + ldap_op = LDAP_MOD_ADD; + pstr_sprintf(dn, "%s=%s,%s", get_attr_key2string( sidmap_attr_list, LDAP_ATTR_SID), + sid_string, lp_ldap_idmap_suffix()); + + if ( id_type & ID_USERID ) + fstrcpy( type, get_attr_key2string( sidmap_attr_list, LDAP_ATTR_UIDNUMBER ) ); + else + fstrcpy( type, get_attr_key2string( sidmap_attr_list, LDAP_ATTR_GIDNUMBER ) ); + + pstr_sprintf(id_str, "%lu", ((id_type & ID_USERID) ? (unsigned long)id.uid : + (unsigned long)id.gid)); + + smbldap_set_mod( &mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_IDMAP_ENTRY ); + + smbldap_make_mod( ldap_state.smbldap_state->ldap_struct, + entry, &mods, type, id_str ); + + smbldap_make_mod( ldap_state.smbldap_state->ldap_struct, + entry, &mods, + get_attr_key2string(sidmap_attr_list, LDAP_ATTR_SID), + sid_string ); + + /* There may well be nothing at all to do */ + + if (mods) { + smbldap_set_mod( &mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_SID_ENTRY ); + rc = smbldap_add(ldap_state.smbldap_state, dn, mods); + ldap_mods_free( mods, True ); + } else { + rc = LDAP_SUCCESS; + } + + if (rc != LDAP_SUCCESS) { + char *ld_error = NULL; + ldap_get_option(ldap_state.smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, + &ld_error); + DEBUG(0,("ldap_set_mapping_internals: Failed to %s mapping from %s to %lu [%s]\n", + (ldap_op == LDAP_MOD_ADD) ? "add" : "replace", + sid_string, (unsigned long)((id_type & ID_USERID) ? id.uid : id.gid), type)); + DEBUG(0, ("ldap_set_mapping_internals: Error was: %s (%s)\n", + ld_error ? ld_error : "(NULL)", ldap_err2string (rc))); + return NT_STATUS_UNSUCCESSFUL; + } + + DEBUG(10,("ldap_set_mapping: Successfully created mapping from %s to %lu [%s]\n", + sid_string, ((id_type & ID_USERID) ? (unsigned long)id.uid : + (unsigned long)id.gid), type)); + return NT_STATUS_OK; +} /********************************************************************** Even if the sambaDomain attribute in LDAP tells us that this RID is @@ -77,7 +136,7 @@ static BOOL sid_in_use(struct ldap_idmap_state *state, if (rc != LDAP_SUCCESS) { char *ld_error = NULL; ldap_get_option(state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(2, ("Failed to check if sid %s is alredy in use: %s\n", + DEBUG(2, ("Failed to check if sid %s is alredy in use: %s\n", sid_string, ld_error)); SAFE_FREE(ld_error); @@ -142,7 +201,7 @@ static NTSTATUS ldap_next_rid(struct ldap_idmap_state *state, uint32 *rid, } /* yes, we keep 3 seperate counters, one for rids between 1000 (BASE_RID) and - algorithmic_rid_base. The other two are to avoid stomping on the + algorithmic_rid_base. The other two are to avoid stomping on the different sets of algorithmic RIDs */ if (smbldap_get_single_attribute(state->smbldap_state->ldap_struct, entry, @@ -337,7 +396,7 @@ static NTSTATUS ldap_allocate_id(unid_t *id, int id_type) pstr_sprintf(filter, "(objectClass=%s)", LDAP_OBJ_IDPOOL); attr_list = get_attr_list( idpool_attr_list ); - + rc = smbldap_search(ldap_state.smbldap_state, lp_ldap_idmap_suffix(), LDAP_SCOPE_SUBTREE, filter, attr_list, 0, &result); @@ -430,17 +489,16 @@ static NTSTATUS ldap_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type) NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; char **attr_list; + if ( id_type & ID_USERID ) + type = get_attr_key2string( idpool_attr_list, LDAP_ATTR_UIDNUMBER ); + else + type = get_attr_key2string( idpool_attr_list, LDAP_ATTR_GIDNUMBER ); + pstrcpy( suffix, lp_ldap_idmap_suffix() ); pstr_sprintf(filter, "(&(objectClass=%s)(%s=%lu))", LDAP_OBJ_IDMAP_ENTRY, type, ((id_type & ID_USERID) ? (unsigned long)id.uid : (unsigned long)id.gid)); - if ( id_type & ID_USERID ) { - type = get_attr_key2string( idpool_attr_list, LDAP_ATTR_UIDNUMBER ); - } - else { - type = get_attr_key2string( idpool_attr_list, LDAP_ATTR_GIDNUMBER ); - } DEBUG(5,("ldap_get_sid_from_id: Searching \"%s\"\n", filter )); @@ -468,7 +526,7 @@ static NTSTATUS ldap_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type) if ( !smbldap_get_single_attribute(ldap_state.smbldap_state->ldap_struct, entry, LDAP_ATTRIBUTE_SID, sid_str) ) goto out; - if (!string_to_sid(sid, sid_str)) + if (!string_to_sid(sid, sid_str)) goto out; ret = NT_STATUS_OK; @@ -509,12 +567,10 @@ static NTSTATUS ldap_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *si pstr_sprintf(filter, "(&(objectClass=%s)(%s=%s))", LDAP_OBJ_IDMAP_ENTRY, LDAP_ATTRIBUTE_SID, sid_str); - if ( *id_type & ID_GROUPID ) { + if ( *id_type & ID_GROUPID ) type = get_attr_key2string( sidmap_attr_list, LDAP_ATTR_GIDNUMBER ); - } - else { + else type = get_attr_key2string( sidmap_attr_list, LDAP_ATTR_UIDNUMBER ); - } DEBUG(10,("ldap_get_id_from_sid: Searching for \"%s\"\n", filter)); @@ -540,12 +596,16 @@ static NTSTATUS ldap_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *si goto out; } - /* try to allocate a new id if we still haven't found one */ - if ( (count==0) && !(*id_type & ID_QUERY_ONLY) ) { + if ( !count ) { int i; + if (*id_type & ID_QUERY_ONLY) { + DEBUG(5,("ldap_get_id_from_sid: No matching entry found and QUERY_ONLY flag set\n")); + goto out; + } + DEBUG(8,("ldap_get_id_from_sid: Allocating new id\n")); for (i = 0; i < LDAP_MAX_ALLOC_ID; i++) { @@ -598,206 +658,6 @@ out: return ret; } -/*********************************************************************** - This function cannot be called to modify a mapping, only set a new one - - This takes a possible pointer to the existing entry for the UID or SID - involved. -***********************************************************************/ - -static NTSTATUS ldap_set_mapping_internals(const DOM_SID *sid, unid_t id, - int id_type, const char *ldap_dn, - LDAPMessage *entry) -{ - pstring dn; - pstring id_str; - fstring type; - LDAPMod **mods = NULL; - int rc = -1; - int ldap_op; - fstring sid_string; - char **values = NULL; - int i; - - sid_to_string( sid_string, sid ); - - if (ldap_dn) { - DEBUG(10, ("Adding new IDMAP mapping on DN: %s", ldap_dn)); - ldap_op = LDAP_MOD_REPLACE; - pstrcpy( dn, ldap_dn ); - } else { - ldap_op = LDAP_MOD_ADD; - pstr_sprintf(dn, "%s=%s,%s", get_attr_key2string( sidmap_attr_list, LDAP_ATTR_SID), - sid_string, lp_ldap_idmap_suffix()); - } - - if ( id_type & ID_USERID ) - fstrcpy( type, get_attr_key2string( sidmap_attr_list, LDAP_ATTR_UIDNUMBER ) ); - else - fstrcpy( type, get_attr_key2string( sidmap_attr_list, LDAP_ATTR_GIDNUMBER ) ); - - pstr_sprintf(id_str, "%lu", ((id_type & ID_USERID) ? (unsigned long)id.uid : - (unsigned long)id.gid)); - - if (entry) - values = ldap_get_values(ldap_state.smbldap_state->ldap_struct, entry, "objectClass"); - - if (values) { - BOOL found_idmap = False; - for (i=0; values[i]; i++) { - if (StrCaseCmp(values[i], LDAP_OBJ_IDMAP_ENTRY) == 0) { - found_idmap = True; - break; - } - } - if (!found_idmap) - smbldap_set_mod( &mods, LDAP_MOD_ADD, - "objectClass", LDAP_OBJ_IDMAP_ENTRY ); - } else { - smbldap_set_mod( &mods, LDAP_MOD_ADD, - "objectClass", LDAP_OBJ_IDMAP_ENTRY ); - } - - smbldap_make_mod( ldap_state.smbldap_state->ldap_struct, - entry, &mods, type, id_str ); - - smbldap_make_mod( ldap_state.smbldap_state->ldap_struct, - entry, &mods, - get_attr_key2string(sidmap_attr_list, LDAP_ATTR_SID), - sid_string ); - - /* There may well be nothing at all to do */ - if (mods) { - switch(ldap_op) - { - case LDAP_MOD_ADD: - smbldap_set_mod( &mods, LDAP_MOD_ADD, - "objectClass", LDAP_OBJ_SID_ENTRY ); - rc = smbldap_add(ldap_state.smbldap_state, dn, mods); - break; - case LDAP_MOD_REPLACE: - rc = smbldap_modify(ldap_state.smbldap_state, dn, mods); - break; - } - - ldap_mods_free( mods, True ); - } else { - rc = LDAP_SUCCESS; - } - - if (rc != LDAP_SUCCESS) { - char *ld_error = NULL; - ldap_get_option(ldap_state.smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, - &ld_error); - DEBUG(0,("ldap_set_mapping_internals: Failed to %s mapping from %s to %lu [%s]\n", - (ldap_op == LDAP_MOD_ADD) ? "add" : "replace", - sid_string, (unsigned long)((id_type & ID_USERID) ? id.uid : id.gid), type)); - DEBUG(0, ("ldap_set_mapping_internals: Error was: %s (%s)\n", ld_error ? ld_error : "(NULL)", ldap_err2string (rc))); - return NT_STATUS_UNSUCCESSFUL; - } - - DEBUG(10,("ldap_set_mapping: Successfully created mapping from %s to %lu [%s]\n", - sid_string, ((id_type & ID_USERID) ? (unsigned long)id.uid : - (unsigned long)id.gid), type)); - - return NT_STATUS_OK; -} - -/*********************************************************************** - This function cannot be called to modify a mapping, only set a new one -***********************************************************************/ - -static NTSTATUS ldap_set_mapping(const DOM_SID *sid, unid_t id, int id_type) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - char *dn = NULL; - LDAPMessage *result = NULL; - LDAPMessage *entry = NULL; - const char *type; - const char *obj_class; - const char *posix_obj_class; - const char *suffix; - fstring sid_str; - fstring id_str; - pstring filter; - char **attr_list; - int rc; - int count; - - /* try for a samba user or group mapping (looking for an entry with a SID) */ - if ( id_type & ID_USERID ) { - obj_class = LDAP_OBJ_SAMBASAMACCOUNT; - suffix = lp_ldap_suffix(); - type = get_attr_key2string( idpool_attr_list, LDAP_ATTR_UIDNUMBER ); - posix_obj_class = LDAP_OBJ_POSIXACCOUNT; - fstr_sprintf(id_str, "%lu", (unsigned long)id.uid ); - } - else { - obj_class = LDAP_OBJ_GROUPMAP; - suffix = lp_ldap_group_suffix(); - type = get_attr_key2string( idpool_attr_list, LDAP_ATTR_GIDNUMBER ); - posix_obj_class = LDAP_OBJ_POSIXGROUP; - fstr_sprintf(id_str, "%lu", (unsigned long)id.gid ); - } - - sid_to_string(sid_str, sid); - pstr_sprintf(filter, - "(|" - "(&(|(objectClass=%s)(|(objectClass=%s)(objectClass=%s)))(%s=%s))" - "(&(objectClass=%s)(%s=%s))" - ")", - /* objectClasses that might contain a SID */ - LDAP_OBJ_SID_ENTRY, LDAP_OBJ_IDMAP_ENTRY, obj_class, - get_attr_key2string( sidmap_attr_list, LDAP_ATTR_SID ), - sid_str, - - /* objectClasses that might contain a Unix UID/GID */ - posix_obj_class, - /* Unix UID/GID specifier*/ - type, - /* actual ID */ - id_str); - - attr_list = get_attr_list( sidmap_attr_list ); - rc = smbldap_search(ldap_state.smbldap_state, suffix, LDAP_SCOPE_SUBTREE, - filter, attr_list, 0, &result); - free_attr_list( attr_list ); - - if (rc != LDAP_SUCCESS) - goto out; - - count = ldap_count_entries(ldap_state.smbldap_state->ldap_struct, result); - - /* fall back to looking up an idmap entry if we didn't find anything under the idmap - user or group suffix */ - - if (count == 1) { - entry = ldap_first_entry(ldap_state.smbldap_state->ldap_struct, result); - - dn = smbldap_get_dn(ldap_state.smbldap_state->ldap_struct, result); - if (!dn) - goto out; - DEBUG(10, ("Found partial mapping entry at dn=%s, looking for %s\n", dn, type)); - - ret = ldap_set_mapping_internals(sid, id, id_type, dn, entry); - - goto out; - } else if (count > 1) { - DEBUG(0, ("Too many entries trying to find DN to attach ldap \n")); - goto out; - } - - ret = ldap_set_mapping_internals(sid, id, id_type, NULL, NULL); - -out: - if (result) - ldap_msgfree(result); - SAFE_FREE(dn); - - return ret; -} - - /********************************************************************** Verify the sambaUnixIdPool entry in the directiry. **********************************************************************/ diff --git a/source/smbd/server.c b/source/smbd/server.c index af39bcb757d..89d6f92e983 100644 --- a/source/smbd/server.c +++ b/source/smbd/server.c @@ -398,7 +398,7 @@ static BOOL open_sockets_smbd(BOOL is_daemon, BOOL interactive, const char *smb_ /* this is needed so that we get decent entries in smbstatus for port 445 connects */ - set_remote_machine_name(get_socket_addr(smbd_server_fd()), False); + set_remote_machine_name(get_peer_addr(smbd_server_fd()), False); /* Reset global variables in util.c so that client substitutions will be diff --git a/source/web/cgi.c b/source/web/cgi.c index 6778e596569..49a8fa92de4 100644 --- a/source/web/cgi.c +++ b/source/web/cgi.c @@ -578,7 +578,7 @@ return the hostname of the client char *cgi_remote_host(void) { if (inetd_server) { - return get_socket_name(1,False); + return get_peer_name(1,False); } return getenv("REMOTE_HOST"); } @@ -589,7 +589,7 @@ return the hostname of the client char *cgi_remote_addr(void) { if (inetd_server) { - return get_socket_addr(1); + return get_peer_addr(1); } return getenv("REMOTE_ADDR"); } diff --git a/source/wrepld/process.c b/source/wrepld/process.c index 1f96dc996cd..0e9a9b34610 100644 --- a/source/wrepld/process.c +++ b/source/wrepld/process.c @@ -342,7 +342,7 @@ static void receive_version_number_map_table(GENERIC_PACKET *q, GENERIC_PACKET * return; } - fstrcpy(peer,get_socket_addr(q->fd)); + fstrcpy(peer,get_peer_addr(q->fd)); addr=*interpret_addr2(peer); get_our_last_id(&global_wins_table[0][0]); @@ -842,7 +842,7 @@ void construct_reply(struct wins_packet_struct *p) fstring peer; struct in_addr addr; int i; - fstrcpy(peer,get_socket_addr(p->fd)); + fstrcpy(peer,get_peer_addr(p->fd)); addr=*interpret_addr2(peer); for (i=1; i