r16472: final pass for 3.0.23rc3 I think. Current with SAMBA_3_0 r16471

10 files changed, 59 insertions, 16 deletions

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index cf725f52d33..be26aa9cbec 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -38,12 +38,17 @@ o   Jeremy Allison <jra@samba.org>
     * Fix naming conflicts with 'net usershare' structures and 
       Solaris header files.
     * Fix memleaks on error paths from the ASN.1 parsing code.
+    * Add uid to share_mode_entry structure so we can report who 
+      opened the file.
 
 
 o   Gerald (Jerry) Carter <jerry@samba.org>
     * Fix 'make install' problem when building outside source/.
     * Fix 'net ads join' when the workgroup is set incorrectly in 
       smb.conf.
+    * Re-add code to include the BUILTIN\Administrators SID when
+      winbindd is not running, but the user's token includes the 
+      Domain Admin SID.  Fixes access problem for managing Services.
 
 
 o   Guenther Deschner <gd@samba.org>
diff --git a/source/Makefile.in b/source/Makefile.in
index bba29456133..136f597af3d 100644
--- a/source/Makefile.in
+++ b/source/Makefile.in
@@ -1616,7 +1616,8 @@ delheaders:
 	@rm -f include/proto.h include/build_env.h  \
 		nsswitch/winbindd_proto.h web/swat_proto.h \
 		client/client_proto.h utils/net_proto.h \
-		smbd/build_options.c
+		smbd/build_options.c utils/ntlm_auth_proto.h \
+		utils/passwd_proto.h
 
 MKPROTO_SH = $(srcdir)/script/mkproto.sh
 
diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index 9427c7681ee..0401e02b7d4 100644
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -688,6 +688,31 @@ static NTSTATUS log_nt_token(TALLOC_CTX *tmp_ctx, NT_USER_TOKEN *token)
 
 static NTSTATUS add_builtin_administrators( TALLOC_CTX *ctx, struct nt_user_token *token )
 {
+	DOM_SID domadm;
+
+	/* nothing to do if we aren't in a domain */
+	
+	if ( !(IS_DC || lp_server_role()==ROLE_DOMAIN_MEMBER) ) {
+		return NT_STATUS_OK;
+	}
+	
+	/* Find the Domain Admins SID */
+	
+	if ( IS_DC ) {
+		sid_copy( &domadm, get_global_sam_sid() );
+	} else {
+		if ( !secrets_fetch_domain_sid( lp_workgroup(), &domadm ) )
+			return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+	}
+	sid_append_rid( &domadm, DOMAIN_GROUP_RID_ADMINS );
+	
+	/* Add Administrators if the user beloongs to Domain Admins */
+	
+	if ( nt_token_check_sid( &domadm, token ) ) {
+		add_sid_to_array(token, &global_sid_Builtin_Administrators,
+				 &token->user_sids, &token->num_sids);
+	}
+	
 	return NT_STATUS_OK;
 }
 
diff --git a/source/include/smb.h b/source/include/smb.h
index 41ffce1a155..5aa06347f8c 100644
--- a/source/include/smb.h
+++ b/source/include/smb.h
@@ -671,6 +671,7 @@ struct share_mode_entry {
 	SMB_DEV_T dev;
 	SMB_INO_T inode;
 	unsigned long share_file_id;
+	uint32 uid;		/* uid of file opener. */
 };
 
 /* oplock break message definition - linearization of share_mode_entry.
@@ -687,10 +688,11 @@ Offset  Data			length.
 28	SMB_DEV_T dev		8 bytes.
 36	SMB_INO_T inode		8 bytes
 44	unsigned long file_id	4 bytes
-48
+48	uint32 uid		4 bytes
+52
 
 */
-#define MSG_SMB_SHARE_MODE_ENTRY_SIZE 48
+#define MSG_SMB_SHARE_MODE_ENTRY_SIZE 52
 
 struct share_mode_lock {
 	const char *servicepath; /* canonicalized. */
diff --git a/source/libsmb/smb_share_modes.c b/source/libsmb/smb_share_modes.c
index 090571b8107..34ede9df296 100644
--- a/source/libsmb/smb_share_modes.c
+++ b/source/libsmb/smb_share_modes.c
@@ -149,6 +149,7 @@ static void create_share_mode_entry(struct share_mode_entry *out,
 	out->access_mask = in->access_mask;
 	out->dev = (SMB_DEV_T)in->dev;
 	out->inode = (SMB_INO_T)in->ino;
+	out->uid = (uint32)geteuid();
 }
 
 /*
diff --git a/source/locking/locking.c b/source/locking/locking.c
index 0ffb9374326..01f12bbb58d 100644
--- a/source/locking/locking.c
+++ b/source/locking/locking.c
@@ -443,13 +443,13 @@ char *share_mode_str(int num, struct share_mode_entry *e)
 	slprintf(share_str, sizeof(share_str)-1, "share_mode_entry[%d]: %s "
 		 "pid = %s, share_access = 0x%x, private_options = 0x%x, "
 		 "access_mask = 0x%x, mid = 0x%x, type= 0x%x, file_id = %lu, "
-		 "dev = 0x%x, inode = %.0f",
+		 "uid = %u, dev = 0x%x, inode = %.0f",
 		 num,
 		 e->op_type == UNUSED_SHARE_MODE_ENTRY ? "UNUSED" : "",
 		 procid_str_static(&e->pid),
 		 e->share_access, e->private_options,
 		 e->access_mask, e->op_mid, e->op_type, e->share_file_id,
-		 (unsigned int)e->dev, (double)e->inode );
+		 (unsigned int)e->uid, (unsigned int)e->dev, (double)e->inode );
 
 	return share_str;
 }
@@ -917,7 +917,7 @@ BOOL is_unused_share_mode_entry(const struct share_mode_entry *e)
 
 static void fill_share_mode_entry(struct share_mode_entry *e,
 				  files_struct *fsp,
-				  uint16 mid, uint16 op_type)
+				  uid_t uid, uint16 mid, uint16 op_type)
 {
 	ZERO_STRUCTP(e);
 	e->pid = procid_self();
@@ -928,9 +928,10 @@ static void fill_share_mode_entry(struct share_mode_entry *e,
 	e->op_type = op_type;
 	e->time.tv_sec = fsp->open_time.tv_sec;
 	e->time.tv_usec = fsp->open_time.tv_usec;
-	e->share_file_id = fsp->fh->file_id;
 	e->dev = fsp->dev;
 	e->inode = fsp->inode;
+	e->share_file_id = fsp->fh->file_id;
+	e->uid = (uint32)uid;
 }
 
 static void fill_deferred_open_entry(struct share_mode_entry *e,
@@ -945,6 +946,7 @@ static void fill_deferred_open_entry(struct share_mode_entry *e,
 	e->time.tv_usec = request_time.tv_usec;
 	e->dev = dev;
 	e->inode = ino;
+	e->uid = (uint32)-1;
 }
 
 static void add_share_mode_entry(struct share_mode_lock *lck,
@@ -969,10 +971,10 @@ static void add_share_mode_entry(struct share_mode_lock *lck,
 }
 
 void set_share_mode(struct share_mode_lock *lck, files_struct *fsp,
-		    uint16 mid, uint16 op_type)
+			uid_t uid, uint16 mid, uint16 op_type)
 {
 	struct share_mode_entry entry;
-	fill_share_mode_entry(&entry, fsp, mid, op_type);
+	fill_share_mode_entry(&entry, fsp, uid, mid, op_type);
 	add_share_mode_entry(lck, &entry);
 }
 
@@ -1044,7 +1046,8 @@ BOOL del_share_mode(struct share_mode_lock *lck, files_struct *fsp)
 {
 	struct share_mode_entry entry, *e;
 
-	fill_share_mode_entry(&entry, fsp, 0, NO_OPLOCK);
+	/* Don't care about the pid owner being correct here - just a search. */
+	fill_share_mode_entry(&entry, fsp, (uid_t)-1, 0, NO_OPLOCK);
 
 	e = find_share_mode_entry(lck, &entry);
 	if (e == NULL) {
@@ -1080,7 +1083,8 @@ BOOL remove_share_oplock(struct share_mode_lock *lck, files_struct *fsp)
 {
 	struct share_mode_entry entry, *e;
 
-	fill_share_mode_entry(&entry, fsp, 0, NO_OPLOCK);
+	/* Don't care about the pid owner being correct here - just a search. */
+	fill_share_mode_entry(&entry, fsp, (uid_t)-1, 0, NO_OPLOCK);
 
 	e = find_share_mode_entry(lck, &entry);
 	if (e == NULL) {
@@ -1101,7 +1105,8 @@ BOOL downgrade_share_oplock(struct share_mode_lock *lck, files_struct *fsp)
 {
 	struct share_mode_entry entry, *e;
 
-	fill_share_mode_entry(&entry, fsp, 0, NO_OPLOCK);
+	/* Don't care about the pid owner being correct here - just a search. */
+	fill_share_mode_entry(&entry, fsp, (uid_t)-1, 0, NO_OPLOCK);
 
 	e = find_share_mode_entry(lck, &entry);
 	if (e == NULL) {
diff --git a/source/smbd/open.c b/source/smbd/open.c
index 2e4091d937e..832a8df7559 100644
--- a/source/smbd/open.c
+++ b/source/smbd/open.c
@@ -1685,7 +1685,7 @@ files_struct *open_file_ntcreate(connection_struct *conn,
 			fsp->oplock_type = NO_OPLOCK;
 		}
 	}
-	set_share_mode(lck, fsp, 0, fsp->oplock_type);
+	set_share_mode(lck, fsp, current_user.ut.uid, 0, fsp->oplock_type);
 
 	if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED ||
 				info == FILE_WAS_SUPERSEDED) {
@@ -1991,7 +1991,7 @@ files_struct *open_directory(connection_struct *conn,
 		return NULL;
 	}
 
-	set_share_mode(lck, fsp, 0, NO_OPLOCK);
+	set_share_mode(lck, fsp, current_user.ut.uid, 0, NO_OPLOCK);
 
 	/* For directories the delete on close bit at open time seems
 	   always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
diff --git a/source/smbd/oplock.c b/source/smbd/oplock.c
index 1f731e17291..e4f5c434b09 100644
--- a/source/smbd/oplock.c
+++ b/source/smbd/oplock.c
@@ -830,6 +830,7 @@ void share_mode_entry_to_message(char *msg, struct share_mode_entry *e)
 	SDEV_T_VAL(msg,28,e->dev);
 	SINO_T_VAL(msg,36,e->inode);
 	SIVAL(msg,44,e->share_file_id);
+	SIVAL(msg,48,e->uid);
 }
 
 /****************************************************************************
@@ -849,6 +850,7 @@ void message_to_share_mode_entry(struct share_mode_entry *e, char *msg)
 	e->dev = DEV_T_VAL(msg,28);
 	e->inode = INO_T_VAL(msg,36);
 	e->share_file_id = (unsigned long)IVAL(msg,44);
+	e->uid = (uint32)IVAL(msg,48);
 }
 
 /****************************************************************************
diff --git a/source/utils/status.c b/source/utils/status.c
index 2566c8a50de..163d99a2f69 100644
--- a/source/utils/status.c
+++ b/source/utils/status.c
@@ -108,13 +108,14 @@ static void print_share_mode(const struct share_mode_entry *e, const char *share
 
 	if (count==0) {
 		d_printf("Locked files:\n");
-		d_printf("Pid          DenyMode   Access      R/W        Oplock           SharePath           Name\n");
-		d_printf("----------------------------------------------------------------------------------------\n");
+		d_printf("Pid          Uid        DenyMode   Access      R/W        Oplock           SharePath   Name   Time\n");
+		d_printf("--------------------------------------------------------------------------------------------------\n");
 	}
 	count++;
 
 	if (Ucrit_checkPid(procid_to_pid(&e->pid))) {
 		d_printf("%-11s  ",procid_str_static(&e->pid));
+		d_printf("%-9u  ", (unsigned int)e->uid);
 		switch (map_share_mode_to_deny_mode(e->share_access,
 						    e->private_options)) {
 			case DENY_NONE: d_printf("DENY_NONE  "); break;
diff --git a/source/web/statuspage.c b/source/web/statuspage.c
index 769ab217b3e..cb6fa911711 100644
--- a/source/web/statuspage.c
+++ b/source/web/statuspage.c
@@ -119,6 +119,7 @@ static void print_share_mode(const struct share_mode_entry *e, const char *share
 						    e->private_options);
 
 	printf("<tr><td>%s</td>",_(mapPid2Machine(e->pid)));
+	printf("<td>%u</td>",(unsigned int)e->uid);
 	printf("<td>");
 	switch ((deny_mode>>4)&0xF) {
 	case DENY_NONE: printf("DENY_NONE"); break;