diff options
30 files changed, 892 insertions, 568 deletions
@@ -134,9 +134,9 @@ collection of information under docs/. A list of Samba documentation in languages other than English is available on the web page. -If you would like to help with the documentation (and we _need_ help!) -then have a look at the mailing list samba-docs, archived at -http://lists.samba.org/listinfo/samba-docs/ +If you would like to help with the documentation, please coodinate +on the samba@samba.org mailing list. See the next section for details +on subscribing to samba mailing lists. MAILING LIST diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 61f11847b5b..d2f6020f59c 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,75 @@ + =============================== + Release Notes for Samba 3.0.26a + Sep 11, 2007 + =============================== + +This is a bug fix release of the Samba 3.0.26 code base and is the +version that servers should be run for for all current bug Samba 3.0.x +fixes. + +Major bug fixes included in Samba 3.0.26a are: + + o Memory leaks in Winbind's IDMap manager. + + +###################################################################### +Changes +####### + +Changes since 3.0.26 +-------------------- + +o Michael Adam <obnox@samba.org> + * Fix read_sock() semantics in wb_common.c to address "invalid + request size" errors in winbindd logs. + * Fix use of pwrite() in tdb IO code paths. + + +o Jeremy Allison <jra@samba.org> + * Fix logic error in timeout of blocking lock processing. + + +o Guenther Deschner <gd@samba.org> + * Fix error code in the msrpc EnumerateDomainGroups() Winbind + method when a memory allocation fails. + * Fix Winbind initialization storms when contacting an older Samba DC. + + +o Volker Lendecke <vl@samba.org> + * Fix compile failure in NFSv4 VFS module. + * Fix compile failures on True64. + * Fix compile failure in unmaintained python bindings. + * BUG 4917: Fix memory leaks in Winbind's idmap_ldap and + idmap_cache backends. + * Coverity fixes in the group mapping code. + + +o Derrell Lipman <derrell@samba.org> + * Remove NetBIOS keepalives from libsmbclient and consolidate on + the use of getpeername() when checking connection health. + * Use formal syntax for invoking function pointers in + libsmbclient. + + +o Lars Mueller <lars@samba.org> + * Fixes for Winbind's AD site support when the host is not + configured in any site or nor DC's are present within the host's + configured site. + + +o Simo Sorce <idra@samba.org> + * Debian packaging updates for 3.0.25c. + * Add sanity checks for "smb ports" values. + * Fix compile issues related to the VFS "open" method and newer + glibc implementations. + * Fix a segv in smbldap_set_creds() when using an anonymous + connection. + * BUG 4772: Fix us of ldap_base_dn for the idmap_ldap plugin. + + +Release notes for older releases follow: + + -------------------------------------------------- ============================== Release Notes for Samba 3.0.26 Sep 11, 2007 @@ -26,8 +98,6 @@ o Gerald (Jerry) Carter <jerry@samba.org> plugin (idmap_ad.c) -Release notes for older releases follow: - -------------------------------------------------- =============================== Release Notes for Samba 3.0.25c diff --git a/examples/libsmbclient/Makefile b/examples/libsmbclient/Makefile index d44df77b3fb..be383aea671 100644 --- a/examples/libsmbclient/Makefile +++ b/examples/libsmbclient/Makefile @@ -10,12 +10,12 @@ EXTLIB_INCL = -I/usr/include/gtk-1.2 \ DEFS = -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE CFLAGS = -O0 -g -I$(SAMBA_INCL) $(EXTLIB_INCL) $(DEFS) -LDFLAGS = -L/usr/local/samba/lib +LDFLAGS = -L/usr/local/samba/lib \ + -lldap -lkrb5 -lgssapi_krb5 #LIBSMBCLIENT = /usr/local/samba/lib/libsmbclient.so LIBSMBCLIENT = ../../source/bin/libsmbclient.a -ldl -lresolv TESTS= testsmbc \ - tree \ testacl \ testacl2 \ testbrowse \ @@ -26,6 +26,8 @@ TESTS= testsmbc \ testutime \ testread +# tree \ + all: $(TESTS) smbsh testsmbc: testsmbc.o @@ -38,11 +40,11 @@ tree: tree.o testacl: testacl.o @echo Linking testacl - $(CC) `gtk-config --cflags` $(CFLAGS) $(LDFLAGS) -o $@ $< `gtk-config --libs` $(LIBSMBCLIENT) -lpopt + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< $(LIBSMBCLIENT) -lpopt testacl2: testacl2.o @echo Linking testacl2 - $(CC) `gtk-config --cflags` $(CFLAGS) $(LDFLAGS) -o $@ $< `gtk-config --libs` $(LIBSMBCLIENT) -lpopt + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< $(LIBSMBCLIENT) -lpopt testbrowse: testbrowse.o @echo Linking testbrowse diff --git a/packaging/Debian/README b/packaging/Debian/README index 8efe8164c8d..9c7a1d921fa 100644 --- a/packaging/Debian/README +++ b/packaging/Debian/README @@ -1,3 +1,6 @@ +NOTE: the debian-unstable and debian-woody are not updated anymore, +they are left only as a reference for now. --SSS + Building Samba Packages for Debian GNU/Linux -------------------------------------------- diff --git a/packaging/Debian/debian-sarge/changelog b/packaging/Debian/debian-sarge/changelog index 26e1568432b..65a25106903 100644 --- a/packaging/Debian/debian-sarge/changelog +++ b/packaging/Debian/debian-sarge/changelog @@ -1,3 +1,15 @@ +samba (3.0.25c-1) stable; urgency=low + + * samba 3.0.25c bugfix release + + -- Simo Sorce <idra@samba.org> Mon, 3 Sep 2007 11:18:30 -0400 + +samba (3.0.25b-1) stable; urgency=low + + * samba 3.0.25b bugfix release + + -- Simo Sorce <idra@samba.org> Mon, 2 Jul 2007 12:16:30 -0400 + samba (3.0.25a-2) stable; urgency=low * Fix bug in fhs.patch diff --git a/packaging/Debian/debian-sarge/patches/documentation.patch b/packaging/Debian/debian-sarge/patches/documentation.patch index c7291eff98f..65fd1722b49 100644 --- a/packaging/Debian/debian-sarge/patches/documentation.patch +++ b/packaging/Debian/debian-sarge/patches/documentation.patch @@ -13,15 +13,15 @@ .PP @@ -87,12 +94,12 @@ .TP 3n - • + \(bu -/usr/local/samba/sbin/swat +/usr/sbin/swat .TP 3n - • + \(bu -/usr/local/samba/swat/images/* +/usr/share/samba/swat/images/* .TP 3n - • + \(bu -/usr/local/samba/swat/help/* +/usr/share/samba/swat/help/* .SS "Inetd Installation" @@ -43,8 +43,8 @@ -you should add a line like this: +you should add a line like this (not needed for Debian since the maintainer scripts do it automatically. You need to uncomment the line, though, because it is added commented out for security reasons): .PP --\fBswat stream tcp nowait.400 root /usr/local/samba/sbin/swat swat\fR -+\fBswat stream tcp nowait.400 root /usr/sbin/swat swat\fR +-swat stream tcp nowait.400 root /usr/local/samba/sbin/swat swat ++swat stream tcp nowait.400 root /usr/sbin/swat swat .PP Once you have edited \fI/etc/services\fR diff --git a/packaging/Debian/debian-sarge/patches/nmbd-signalling.patch b/packaging/Debian/debian-sarge/patches/nmbd-signalling.patch.unused index ca04cce3bfa..ca04cce3bfa 100644 --- a/packaging/Debian/debian-sarge/patches/nmbd-signalling.patch +++ b/packaging/Debian/debian-sarge/patches/nmbd-signalling.patch.unused diff --git a/packaging/Debian/debian-sarge/patches/py_smb.patch b/packaging/Debian/debian-sarge/patches/py_smb.patch new file mode 100644 index 00000000000..5d7578950bc --- /dev/null +++ b/packaging/Debian/debian-sarge/patches/py_smb.patch @@ -0,0 +1,11 @@ +--- samba-3.0.25c.orig/source/python/py_smb.c 2007-09-03 15:34:13.000000000 +0000 ++++ samba-3.0.25c/source/python/py_smb.c 2007-09-03 15:34:31.000000000 +0000 +@@ -48,7 +48,7 @@ + + ZERO_STRUCT(ip); + +- if (!cli_connect(cli, server, &ip)) ++ if (!NT_STATUS_IS_OK(cli_connect(cli, server, &ip))) + return NULL; + + return new_cli_state_object(cli); diff --git a/source/VERSION b/source/VERSION index 71460648231..44ef543fbb5 100644 --- a/source/VERSION +++ b/source/VERSION @@ -36,7 +36,7 @@ SAMBA_VERSION_RELEASE=26 # e.g. SAMBA_VERSION_REVISION=a # # -> "2.2.8a" # ######################################################## -SAMBA_VERSION_REVISION= +SAMBA_VERSION_REVISION=a ######################################################## # For 'pre' releases the version will be # diff --git a/source/groupdb/mapping.c b/source/groupdb/mapping.c index 46e27d4de68..6520a42f2af 100644 --- a/source/groupdb/mapping.c +++ b/source/groupdb/mapping.c @@ -179,6 +179,7 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) fstrcpy( map->comment, "Ordinary Users" ); sid_copy( &map->sid, &sid ); map->sid_name_use = SID_NAME_DOM_GRP; + map->gid = (gid_t)-1; return True; } diff --git a/source/include/vfs_macros.h b/source/include/vfs_macros.h index 2ff313b42ce..18c8fef38c4 100644 --- a/source/include/vfs_macros.h +++ b/source/include/vfs_macros.h @@ -47,7 +47,7 @@ #define SMB_VFS_CLOSEDIR(conn, dir) ((conn)->vfs.ops.closedir((conn)->vfs.handles.closedir, dir)) /* File operations */ -#define SMB_VFS_OPEN(conn, fname, fsp, flags, mode) ((conn)->vfs.ops.open((conn)->vfs.handles.open, (fname), (fsp), (flags), (mode))) +#define SMB_VFS_OPEN(conn, fname, fsp, flags, mode) (((conn)->vfs.ops.open)((conn)->vfs.handles.open, (fname), (fsp), (flags), (mode))) #define SMB_VFS_CLOSE(fsp, fd) ((fsp)->conn->vfs.ops.close_fn((fsp)->conn->vfs.handles.close_hnd, (fsp), (fd))) #define SMB_VFS_READ(fsp, fd, data, n) ((fsp)->conn->vfs.ops.read((fsp)->conn->vfs.handles.read, (fsp), (fd), (data), (n))) #define SMB_VFS_PREAD(fsp, fd, data, n, off) ((fsp)->conn->vfs.ops.pread((fsp)->conn->vfs.handles.pread, (fsp), (fd), (data), (n), (off))) @@ -163,7 +163,7 @@ #define SMB_VFS_OPAQUE_CLOSEDIR(conn, dir) ((conn)->vfs_opaque.ops.closedir((conn)->vfs_opaque.handles.closedir, dir)) /* File operations */ -#define SMB_VFS_OPAQUE_OPEN(conn, fname, fsp, flags, mode) ((conn)->vfs_opaque.ops.open((conn)->vfs_opaque.handles.open, (fname), (fsp), (flags), (mode))) +#define SMB_VFS_OPAQUE_OPEN(conn, fname, fsp, flags, mode) (((conn)->vfs_opaque.ops.open)((conn)->vfs_opaque.handles.open, (fname), (fsp), (flags), (mode))) #define SMB_VFS_OPAQUE_CLOSE(fsp, fd) ((fsp)->conn->vfs_opaque.ops.close_fn((fsp)->conn->vfs_opaque.handles.close_hnd, (fsp), (fd))) #define SMB_VFS_OPAQUE_READ(fsp, fd, data, n) ((fsp)->conn->vfs_opaque.ops.read((fsp)->conn->vfs_opaque.handles.read, (fsp), (fd), (data), (n))) #define SMB_VFS_OPAQUE_PREAD(fsp, fd, data, n, off) ((fsp)->conn->vfs_opaque.ops.pread((fsp)->conn->vfs_opaque.handles.pread, (fsp), (fd), (data), (n), (off))) @@ -280,7 +280,7 @@ #define SMB_VFS_NEXT_CLOSEDIR(handle, dir) ((handle)->vfs_next.ops.closedir((handle)->vfs_next.handles.closedir, dir)) /* File operations */ -#define SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode) ((handle)->vfs_next.ops.open((handle)->vfs_next.handles.open, (fname), (fsp), (flags), (mode))) +#define SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode) (((handle)->vfs_next.ops.open)((handle)->vfs_next.handles.open, (fname), (fsp), (flags), (mode))) #define SMB_VFS_NEXT_CLOSE(handle, fsp, fd) ((handle)->vfs_next.ops.close_fn((handle)->vfs_next.handles.close_hnd, (fsp), (fd))) #define SMB_VFS_NEXT_READ(handle, fsp, fd, data, n) ((handle)->vfs_next.ops.read((handle)->vfs_next.handles.read, (fsp), (fd), (data), (n))) #define SMB_VFS_NEXT_PREAD(handle, fsp, fd, data, n, off) ((handle)->vfs_next.ops.pread((handle)->vfs_next.handles.pread, (fsp), (fd), (data), (n), (off))) diff --git a/source/libads/kerberos.c b/source/libads/kerberos.c index f703a4cfac7..c74c98dd977 100644 --- a/source/libads/kerberos.c +++ b/source/libads/kerberos.c @@ -490,9 +490,11 @@ int kerberos_kinit_password(const char *principal, static char *get_kdc_ip_string(char *mem_ctx, const char *realm, const char *sitename, struct in_addr primary_ip) { - struct ip_service *ip_srv_site; + int i; + struct ip_service *ip_srv_site = NULL; struct ip_service *ip_srv_nonsite; - int count_site, count_nonsite, i; + int count_site = 0; + int count_nonsite; char *kdc_str = talloc_asprintf(mem_ctx, "\tkdc = %s\n", inet_ntoa(primary_ip)); diff --git a/source/libsmb/libsmb_compat.c b/source/libsmb/libsmb_compat.c index cfd5948e269..82b02cdf67e 100644 --- a/source/libsmb/libsmb_compat.c +++ b/source/libsmb/libsmb_compat.c @@ -157,13 +157,13 @@ int smbc_open(const char *furl, int flags, mode_t mode) SMBCFILE * file; int fd; - file = statcont->open(statcont, furl, flags, mode); + file = (statcont->open)(statcont, furl, flags, mode); if (!file) return -1; fd = add_fd(file); if (fd == -1) - statcont->close_fn(statcont, file); + (statcont->close_fn)(statcont, file); return fd; } @@ -173,15 +173,15 @@ int smbc_creat(const char *furl, mode_t mode) SMBCFILE * file; int fd; - file = statcont->creat(statcont, furl, mode); + file = (statcont->creat)(statcont, furl, mode); if (!file) return -1; fd = add_fd(file); if (fd == -1) { /* Hmm... should we delete the file too ? I guess we could try */ - statcont->close_fn(statcont, file); - statcont->unlink(statcont, furl); + (statcont->close_fn)(statcont, file); + (statcont->unlink)(statcont, furl); } return fd; } @@ -190,36 +190,36 @@ int smbc_creat(const char *furl, mode_t mode) ssize_t smbc_read(int fd, void *buf, size_t bufsize) { SMBCFILE * file = find_fd(fd); - return statcont->read(statcont, file, buf, bufsize); + return (statcont->read)(statcont, file, buf, bufsize); } ssize_t smbc_write(int fd, void *buf, size_t bufsize) { SMBCFILE * file = find_fd(fd); - return statcont->write(statcont, file, buf, bufsize); + return (statcont->write)(statcont, file, buf, bufsize); } off_t smbc_lseek(int fd, off_t offset, int whence) { SMBCFILE * file = find_fd(fd); - return statcont->lseek(statcont, file, offset, whence); + return (statcont->lseek)(statcont, file, offset, whence); } int smbc_close(int fd) { SMBCFILE * file = find_fd(fd); del_fd(fd); - return statcont->close_fn(statcont, file); + return (statcont->close_fn)(statcont, file); } int smbc_unlink(const char *fname) { - return statcont->unlink(statcont, fname); + return (statcont->unlink)(statcont, fname); } int smbc_rename(const char *ourl, const char *nurl) { - return statcont->rename(statcont, ourl, statcont, nurl); + return (statcont->rename)(statcont, ourl, statcont, nurl); } int smbc_opendir(const char *durl) @@ -227,13 +227,13 @@ int smbc_opendir(const char *durl) SMBCFILE * file; int fd; - file = statcont->opendir(statcont, durl); + file = (statcont->opendir)(statcont, durl); if (!file) return -1; fd = add_fd(file); if (fd == -1) - statcont->closedir(statcont, file); + (statcont->closedir)(statcont, file); return fd; } @@ -242,62 +242,62 @@ int smbc_closedir(int dh) { SMBCFILE * file = find_fd(dh); del_fd(dh); - return statcont->closedir(statcont, file); + return (statcont->closedir)(statcont, file); } int smbc_getdents(unsigned int dh, struct smbc_dirent *dirp, int count) { SMBCFILE * file = find_fd(dh); - return statcont->getdents(statcont, file,dirp, count); + return (statcont->getdents)(statcont, file,dirp, count); } struct smbc_dirent* smbc_readdir(unsigned int dh) { SMBCFILE * file = find_fd(dh); - return statcont->readdir(statcont, file); + return (statcont->readdir)(statcont, file); } off_t smbc_telldir(int dh) { SMBCFILE * file = find_fd(dh); - return statcont->telldir(statcont, file); + return (statcont->telldir)(statcont, file); } int smbc_lseekdir(int fd, off_t offset) { SMBCFILE * file = find_fd(fd); - return statcont->lseekdir(statcont, file, offset); + return (statcont->lseekdir)(statcont, file, offset); } int smbc_mkdir(const char *durl, mode_t mode) { - return statcont->mkdir(statcont, durl, mode); + return (statcont->mkdir)(statcont, durl, mode); } int smbc_rmdir(const char *durl) { - return statcont->rmdir(statcont, durl); + return (statcont->rmdir)(statcont, durl); } int smbc_stat(const char *url, struct stat *st) { - return statcont->stat(statcont, url, st); + return (statcont->stat)(statcont, url, st); } int smbc_fstat(int fd, struct stat *st) { SMBCFILE * file = find_fd(fd); - return statcont->fstat(statcont, file, st); + return (statcont->fstat)(statcont, file, st); } int smbc_chmod(const char *url, mode_t mode) { - return statcont->chmod(statcont, url, mode); + return (statcont->chmod)(statcont, url, mode); } int smbc_utimes(const char *fname, struct timeval *tbuf) { - return statcont->utimes(statcont, fname, tbuf); + return (statcont->utimes)(statcont, fname, tbuf); } #ifdef HAVE_UTIME_H @@ -306,13 +306,13 @@ int smbc_utime(const char *fname, struct utimbuf *utbuf) struct timeval tv[2]; if (utbuf == NULL) - return statcont->utimes(statcont, fname, NULL); + return (statcont->utimes)(statcont, fname, NULL); tv[0].tv_sec = utbuf->actime; tv[1].tv_sec = utbuf->modtime; tv[0].tv_usec = tv[1].tv_usec = 0; - return statcont->utimes(statcont, fname, tv); + return (statcont->utimes)(statcont, fname, tv); } #endif @@ -322,7 +322,7 @@ int smbc_setxattr(const char *fname, size_t size, int flags) { - return statcont->setxattr(statcont, fname, name, value, size, flags); + return (statcont->setxattr)(statcont, fname, name, value, size, flags); } int smbc_lsetxattr(const char *fname, @@ -331,7 +331,7 @@ int smbc_lsetxattr(const char *fname, size_t size, int flags) { - return statcont->setxattr(statcont, fname, name, value, size, flags); + return (statcont->setxattr)(statcont, fname, name, value, size, flags); } int smbc_fsetxattr(int fd, @@ -345,8 +345,8 @@ int smbc_fsetxattr(int fd, errno = EBADF; return -1; } - return statcont->setxattr(statcont, file->fname, - name, value, size, flags); + return (statcont->setxattr)(statcont, file->fname, + name, value, size, flags); } int smbc_getxattr(const char *fname, @@ -354,7 +354,7 @@ int smbc_getxattr(const char *fname, const void *value, size_t size) { - return statcont->getxattr(statcont, fname, name, value, size); + return (statcont->getxattr)(statcont, fname, name, value, size); } int smbc_lgetxattr(const char *fname, @@ -362,7 +362,7 @@ int smbc_lgetxattr(const char *fname, const void *value, size_t size) { - return statcont->getxattr(statcont, fname, name, value, size); + return (statcont->getxattr)(statcont, fname, name, value, size); } int smbc_fgetxattr(int fd, @@ -375,19 +375,19 @@ int smbc_fgetxattr(int fd, errno = EBADF; return -1; } - return statcont->getxattr(statcont, file->fname, name, value, size); + return (statcont->getxattr)(statcont, file->fname, name, value, size); } int smbc_removexattr(const char *fname, const char *name) { - return statcont->removexattr(statcont, fname, name); + return (statcont->removexattr)(statcont, fname, name); } int smbc_lremovexattr(const char *fname, const char *name) { - return statcont->removexattr(statcont, fname, name); + return (statcont->removexattr)(statcont, fname, name); } int smbc_fremovexattr(int fd, @@ -398,21 +398,21 @@ int smbc_fremovexattr(int fd, errno = EBADF; return -1; } - return statcont->removexattr(statcont, file->fname, name); + return (statcont->removexattr)(statcont, file->fname, name); } int smbc_listxattr(const char *fname, char *list, size_t size) { - return statcont->listxattr(statcont, fname, list, size); + return (statcont->listxattr)(statcont, fname, list, size); } int smbc_llistxattr(const char *fname, char *list, size_t size) { - return statcont->listxattr(statcont, fname, list, size); + return (statcont->listxattr)(statcont, fname, list, size); } int smbc_flistxattr(int fd, @@ -424,29 +424,29 @@ int smbc_flistxattr(int fd, errno = EBADF; return -1; } - return statcont->listxattr(statcont, file->fname, list, size); + return (statcont->listxattr)(statcont, file->fname, list, size); } int smbc_print_file(const char *fname, const char *printq) { - return statcont->print_file(statcont, fname, statcont, printq); + return (statcont->print_file)(statcont, fname, statcont, printq); } int smbc_open_print_job(const char *fname) { - SMBCFILE * file = statcont->open_print_job(statcont, fname); + SMBCFILE * file = (statcont->open_print_job)(statcont, fname); if (!file) return -1; return file->cli_fd; } int smbc_list_print_jobs(const char *purl, smbc_list_print_job_fn fn) { - return statcont->list_print_jobs(statcont, purl, fn); + return (statcont->list_print_jobs)(statcont, purl, fn); } int smbc_unlink_print_job(const char *purl, int id) { - return statcont->unlink_print_job(statcont, purl, id); + return (statcont->unlink_print_job)(statcont, purl, id); } diff --git a/source/libsmb/libsmbclient.c b/source/libsmb/libsmbclient.c index 2e00a3ca898..1633aa469cc 100644 --- a/source/libsmb/libsmbclient.c +++ b/source/libsmb/libsmbclient.c @@ -503,30 +503,8 @@ smbc_check_server(SMBCCTX * context, socklen_t size; struct sockaddr addr; - /* - * Although the use of port 139 is not a guarantee that we're using - * netbios, we assume so. We don't want to send a keepalive packet if - * not netbios because it's not valid, and Vista, at least, - * disconnects the client on such a request. - */ - if (server->cli->port == 139) { - /* Assuming netbios. Send a keepalive packet */ - if ( send_keepalive(server->cli->fd) == False ) { - return 1; - } - } else { - /* - * Assuming not netbios. Try a different method to detect if - * the connection is still alive. - */ - size = sizeof(addr); - if (getpeername(server->cli->fd, &addr, &size) == -1) { - return 1; - } - } - - /* connection is ok */ - return 0; + size = sizeof(addr); + return (getpeername(server->cli->fd, &addr, &size) == -1); } /* @@ -564,7 +542,7 @@ smbc_remove_unused_server(SMBCCTX * context, DEBUG(3, ("smbc_remove_usused_server: %p removed.\n", srv)); - context->callbacks.remove_cached_srv_fn(context, srv); + (context->callbacks.remove_cached_srv_fn)(context, srv); SAFE_FREE(srv); @@ -584,19 +562,19 @@ find_server(SMBCCTX *context, check_server_cache: - srv = context->callbacks.get_cached_srv_fn(context, server, share, - workgroup, username); + srv = (context->callbacks.get_cached_srv_fn)(context, server, share, + workgroup, username); if (!auth_called && !srv && (!username[0] || !password[0])) { if (context->internal->_auth_fn_with_context != NULL) { - context->internal->_auth_fn_with_context( + (context->internal->_auth_fn_with_context)( context, server, share, workgroup, sizeof(fstring), username, sizeof(fstring), password, sizeof(fstring)); } else { - context->callbacks.auth_fn( + (context->callbacks.auth_fn)( server, share, workgroup, sizeof(fstring), username, sizeof(fstring), @@ -614,22 +592,22 @@ find_server(SMBCCTX *context, } if (srv) { - if (context->callbacks.check_server_fn(context, srv)) { + if ((context->callbacks.check_server_fn)(context, srv)) { /* * This server is no good anymore * Try to remove it and check for more possible * servers in the cache */ - if (context->callbacks.remove_unused_server_fn(context, - srv)) { + if ((context->callbacks.remove_unused_server_fn)(context, + srv)) { /* * We could not remove the server completely, * remove it from the cache so we will not get * it again. It will be removed when the last * file/dir is closed. */ - context->callbacks.remove_cached_srv_fn(context, - srv); + (context->callbacks.remove_cached_srv_fn)(context, + srv); } /* @@ -706,14 +684,14 @@ smbc_server(SMBCCTX *context, if (srv->cli->cnum == (uint16) -1) { /* Ensure we have accurate auth info */ if (context->internal->_auth_fn_with_context != NULL) { - context->internal->_auth_fn_with_context( + (context->internal->_auth_fn_with_context)( context, server, share, workgroup, sizeof(fstring), username, sizeof(fstring), password, sizeof(fstring)); } else { - context->callbacks.auth_fn( + (context->callbacks.auth_fn)( server, share, workgroup, sizeof(fstring), username, sizeof(fstring), @@ -726,8 +704,8 @@ smbc_server(SMBCCTX *context, errno = smbc_errno(context, srv->cli); cli_shutdown(srv->cli); srv->cli = NULL; - context->callbacks.remove_cached_srv_fn(context, - srv); + (context->callbacks.remove_cached_srv_fn)(context, + srv); srv = NULL; } @@ -904,7 +882,9 @@ smbc_server(SMBCCTX *context, /* now add it to the cache (internal or external) */ /* Let the cache function set errno if it wants to */ errno = 0; - if (context->callbacks.add_cached_srv_fn(context, srv, server, share, workgroup, username)) { + if ((context->callbacks.add_cached_srv_fn)(context, srv, + server, share, + workgroup, username)) { int saved_errno = errno; DEBUG(3, (" Failed to add server to cache\n")); errno = saved_errno; @@ -963,14 +943,14 @@ smbc_attr_server(SMBCCTX *context, if (*password == '\0') { /* ... then retrieve it now. */ if (context->internal->_auth_fn_with_context != NULL) { - context->internal->_auth_fn_with_context( + (context->internal->_auth_fn_with_context)( context, server, share, workgroup, sizeof(fstring), username, sizeof(fstring), password, sizeof(fstring)); } else { - context->callbacks.auth_fn( + (context->callbacks.auth_fn)( server, share, workgroup, sizeof(fstring), username, sizeof(fstring), @@ -1042,11 +1022,11 @@ smbc_attr_server(SMBCCTX *context, /* now add it to the cache (internal or external) */ errno = 0; /* let cache function set errno if it likes */ - if (context->callbacks.add_cached_srv_fn(context, ipc_srv, - server, - "*IPC$", - workgroup, - username)) { + if ((context->callbacks.add_cached_srv_fn)(context, ipc_srv, + server, + "*IPC$", + workgroup, + username)) { DEBUG(3, (" Failed to add server to cache\n")); if (errno == 0) { errno = ENOMEM; @@ -1209,7 +1189,7 @@ smbc_open_ctx(SMBCCTX *context, int eno = 0; eno = smbc_errno(context, srv->cli); - file = context->opendir(context, fname); + file = (context->opendir)(context, fname); if (!file) errno = eno; return file; @@ -1448,7 +1428,7 @@ smbc_close_ctx(SMBCCTX *context, /* IS a dir ... */ if (!file->file) { - return context->closedir(context, file); + return (context->closedir)(context, file); } @@ -1485,7 +1465,7 @@ smbc_close_ctx(SMBCCTX *context, DLIST_REMOVE(context->internal->_files, file); SAFE_FREE(file->fname); SAFE_FREE(file); - context->callbacks.remove_unused_server_fn(context, srv); + (context->callbacks.remove_unused_server_fn)(context, srv); return -1; @@ -2198,7 +2178,7 @@ smbc_fstat_ctx(SMBCCTX *context, if (!file->file) { - return context->fstatdir(context, file, st); + return (context->fstatdir)(context, file, st); } @@ -2967,20 +2947,22 @@ smbc_opendir_ctx(SMBCCTX *context, */ cb = &context->callbacks; if (cli_is_error(targetcli) && - cb->check_server_fn(context, srv)) { - - /* ... then remove it. */ - if (cb->remove_unused_server_fn(context, - srv)) { - /* - * We could not remove the server - * completely, remove it from the - * cache so we will not get it - * again. It will be removed when the - * last file/dir is closed. - */ - cb->remove_cached_srv_fn(context, srv); - } + (cb->check_server_fn)(context, srv)) { + + /* ... then remove it. */ + if ((cb->remove_unused_server_fn)(context, + srv)) { + /* + * We could not remove the + * server completely, remove + * it from the cache so we + * will not get it again. It + * will be removed when the + * last file/dir is closed. + */ + (cb->remove_cached_srv_fn)(context, + srv); + } } errno = saved_errno; @@ -6002,7 +5984,7 @@ smbc_open_print_job_ctx(SMBCCTX *context, /* What if the path is empty, or the file exists? */ - return context->open(context, fname, O_WRONLY, 666); + return (context->open)(context, fname, O_WRONLY, 666); } @@ -6043,7 +6025,7 @@ smbc_print_file_ctx(SMBCCTX *c_file, /* Try to open the file for reading ... */ - if ((long)(fid1 = c_file->open(c_file, fname, O_RDONLY, 0666)) < 0) { + if ((long)(fid1 = (c_file->open)(c_file, fname, O_RDONLY, 0666)) < 0) { DEBUG(3, ("Error, fname=%s, errno=%i\n", fname, errno)); return -1; /* smbc_open sets errno */ @@ -6052,24 +6034,24 @@ smbc_print_file_ctx(SMBCCTX *c_file, /* Now, try to open the printer file for writing */ - if ((long)(fid2 = c_print->open_print_job(c_print, printq)) < 0) { + if ((long)(fid2 = (c_print->open_print_job)(c_print, printq)) < 0) { saverr = errno; /* Save errno */ - c_file->close_fn(c_file, fid1); + (c_file->close_fn)(c_file, fid1); errno = saverr; return -1; } - while ((bytes = c_file->read(c_file, fid1, buf, sizeof(buf))) > 0) { + while ((bytes = (c_file->read)(c_file, fid1, buf, sizeof(buf))) > 0) { tot_bytes += bytes; - if ((c_print->write(c_print, fid2, buf, bytes)) < 0) { + if (((c_print->write)(c_print, fid2, buf, bytes)) < 0) { saverr = errno; - c_file->close_fn(c_file, fid1); - c_print->close_fn(c_print, fid2); + (c_file->close_fn)(c_file, fid1); + (c_print->close_fn)(c_print, fid2); errno = saverr; } @@ -6078,8 +6060,8 @@ smbc_print_file_ctx(SMBCCTX *c_file, saverr = errno; - c_file->close_fn(c_file, fid1); /* We have to close these anyway */ - c_print->close_fn(c_print, fid2); + (c_file->close_fn)(c_file, fid1); /* We have to close these anyway */ + (c_print->close_fn)(c_print, fid2); if (bytes < 0) { @@ -6329,7 +6311,7 @@ smbc_free_context(SMBCCTX *context, f = context->internal->_files; while (f) { - context->close_fn(context, f); + (context->close_fn)(context, f); f = f->next; } context->internal->_files = NULL; @@ -6345,8 +6327,8 @@ smbc_free_context(SMBCCTX *context, DEBUG(1, ("Forced shutdown: %p (fd=%d)\n", s, s->cli->fd)); cli_shutdown(s->cli); - context->callbacks.remove_cached_srv_fn(context, - s); + (context->callbacks.remove_cached_srv_fn)(context, + s); next = s->next; DLIST_REMOVE(context->internal->_servers, s); SAFE_FREE(s); @@ -6357,7 +6339,7 @@ smbc_free_context(SMBCCTX *context, } else { /* This is the polite way */ - if (context->callbacks.purge_cached_fn(context)) { + if ((context->callbacks.purge_cached_fn)(context)) { DEBUG(1, ("Could not purge all servers, " "free_context failed.\n")); errno = EBUSY; diff --git a/source/libsmb/namequery_dc.c b/source/libsmb/namequery_dc.c index 65e860d45e7..eee5e92c045 100644 --- a/source/libsmb/namequery_dc.c +++ b/source/libsmb/namequery_dc.c @@ -99,15 +99,23 @@ static BOOL ads_dc_name(const char *domain, } #ifdef HAVE_KRB5 - if (is_our_primary_domain(domain) && (ads->config.flags & ADS_KDC) && ads_closest_dc(ads)) { - /* We're going to use this KDC for this realm/domain. - If we are using sites, then force the krb5 libs - to use this KDC. */ - - create_local_private_krb5_conf_for_domain(realm, - domain, - sitename, - ads->ldap_ip); + if (is_our_primary_domain(domain) && (ads->config.flags & ADS_KDC)) { + if (ads_closest_dc(ads)) { + /* We're going to use this KDC for this realm/domain. + If we are using sites, then force the krb5 libs + to use this KDC. */ + + create_local_private_krb5_conf_for_domain(realm, + domain, + sitename, + ads->ldap_ip); + } else { + /* use an off site KDC */ + create_local_private_krb5_conf_for_domain(realm, + domain, + NULL, + ads->ldap_ip); + } } #endif break; diff --git a/source/modules/nfs4_acls.h b/source/modules/nfs4_acls.h index 13f373c16cc..469a50af56a 100644 --- a/source/modules/nfs4_acls.h +++ b/source/modules/nfs4_acls.h @@ -138,7 +138,7 @@ size_t smb_get_nt_acl_nfs4(files_struct *fsp, * when applicable */ typedef BOOL (*set_nfs4acl_native_fn_t)(files_struct *, SMB4ACL_T *); -NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp, +BOOL smb_set_nt_acl_nfs4(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd, set_nfs4acl_native_fn_t set_nfs4_native); diff --git a/source/nsswitch/idmap.c b/source/nsswitch/idmap.c index fd6de933f24..84fcb835419 100644 --- a/source/nsswitch/idmap.c +++ b/source/nsswitch/idmap.c @@ -1,9 +1,9 @@ -/* +/* Unix SMB/CIFS implementation. ID Mapping Copyright (C) Tim Potter 2000 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003 - Copyright (C) Simo Sorce 2003 + Copyright (C) Simo Sorce 2003-2007 Copyright (C) Jeremy Allison 2006 This program is free software; you can redistribute it and/or modify @@ -61,11 +61,23 @@ static int def_dom_num = -1; static struct idmap_alloc_backend *alloc_backends = NULL; static struct idmap_alloc_context *idmap_alloc_ctx = NULL; -#define IDMAP_CHECK_RET(ret) do { if ( ! NT_STATUS_IS_OK(ret)) { DEBUG(2, ("ERROR: NTSTATUS = 0x%08x\n", NT_STATUS_V(ret))); goto done; } } while(0) -#define IDMAP_REPORT_RET(ret) do { if ( ! NT_STATUS_IS_OK(ret)) { DEBUG(2, ("ERROR: NTSTATUS = 0x%08x\n", NT_STATUS_V(ret))); } } while(0) -#define IDMAP_CHECK_ALLOC(mem) do { if (!mem) { DEBUG(0, ("Out of memory!\n")); ret = NT_STATUS_NO_MEMORY; goto done; } } while(0) - -static struct idmap_methods *get_methods(struct idmap_backend *be, const char *name) +#define IDMAP_CHECK_RET(ret) do { \ + if ( ! NT_STATUS_IS_OK(ret)) { \ + DEBUG(2, ("ERROR: NTSTATUS = 0x%08x\n", NT_STATUS_V(ret))); \ + goto done; \ + } } while(0) +#define IDMAP_REPORT_RET(ret) do { \ + if ( ! NT_STATUS_IS_OK(ret)) { \ + DEBUG(2, ("ERROR: NTSTATUS = 0x%08x\n", NT_STATUS_V(ret))); \ + } } while(0) +#define IDMAP_CHECK_ALLOC(mem) do { \ + if (!mem) { \ + DEBUG(0, ("Out of memory!\n")); ret = NT_STATUS_NO_MEMORY; \ + goto done; \ + } } while(0) + +static struct idmap_methods *get_methods(struct idmap_backend *be, + const char *name) { struct idmap_backend *b; @@ -78,7 +90,9 @@ static struct idmap_methods *get_methods(struct idmap_backend *be, const char *n return NULL; } -static struct idmap_alloc_methods *get_alloc_methods(struct idmap_alloc_backend *be, const char *name) +static struct idmap_alloc_methods *get_alloc_methods( + struct idmap_alloc_backend *be, + const char *name) { struct idmap_alloc_backend *b; @@ -101,7 +115,8 @@ BOOL idmap_is_offline(void) Allow a module to register itself as a method. **********************************************************************/ -NTSTATUS smb_register_idmap(int version, const char *name, struct idmap_methods *methods) +NTSTATUS smb_register_idmap(int version, const char *name, + struct idmap_methods *methods) { struct idmap_methods *test; struct idmap_backend *entry; @@ -112,9 +127,11 @@ NTSTATUS smb_register_idmap(int version, const char *name, struct idmap_methods if ((version != SMB_IDMAP_INTERFACE_VERSION)) { DEBUG(0, ("Failed to register idmap module.\n" - "The module was compiled against SMB_IDMAP_INTERFACE_VERSION %d,\n" + "The module was compiled against " + "SMB_IDMAP_INTERFACE_VERSION %d,\n" "current SMB_IDMAP_INTERFACE_VERSION is %d.\n" - "Please recompile against the current version of samba!\n", + "Please recompile against the current version " + "of samba!\n", version, SMB_IDMAP_INTERFACE_VERSION)); return NT_STATUS_OBJECT_TYPE_MISMATCH; } @@ -151,7 +168,8 @@ NTSTATUS smb_register_idmap(int version, const char *name, struct idmap_methods Allow a module to register itself as a method. **********************************************************************/ -NTSTATUS smb_register_idmap_alloc(int version, const char *name, struct idmap_alloc_methods *methods) +NTSTATUS smb_register_idmap_alloc(int version, const char *name, + struct idmap_alloc_methods *methods) { struct idmap_alloc_methods *test; struct idmap_alloc_backend *entry; @@ -162,9 +180,11 @@ NTSTATUS smb_register_idmap_alloc(int version, const char *name, struct idmap_al if ((version != SMB_IDMAP_INTERFACE_VERSION)) { DEBUG(0, ("Failed to register idmap alloc module.\n" - "The module was compiled against SMB_IDMAP_INTERFACE_VERSION %d,\n" + "The module was compiled against " + "SMB_IDMAP_INTERFACE_VERSION %d,\n" "current SMB_IDMAP_INTERFACE_VERSION is %d.\n" - "Please recompile against the current version of samba!\n", + "Please recompile against the current version " + "of samba!\n", version, SMB_IDMAP_INTERFACE_VERSION)); return NT_STATUS_OBJECT_TYPE_MISMATCH; } @@ -242,14 +262,14 @@ static const char *idmap_default_domain[] = { "default domain", NULL }; ****************************************************************************/ NTSTATUS idmap_init_cache(void) -{ +{ /* Always initialize the cache. We'll have to delay initialization of backends if we are offline */ if ( idmap_ctx ) { return NT_STATUS_OK; - } - + } + if ( (idmap_ctx = talloc_named_const(NULL, 0, "idmap_ctx")) == NULL ) { return NT_STATUS_NO_MEMORY; } @@ -265,7 +285,7 @@ NTSTATUS idmap_init_cache(void) ****************************************************************************/ NTSTATUS idmap_init(void) -{ +{ NTSTATUS ret; static NTSTATUS idmap_init_status = NT_STATUS_UNSUCCESSFUL; struct idmap_domain *dom; @@ -279,7 +299,7 @@ NTSTATUS idmap_init(void) int i; ret = idmap_init_cache(); - if ( !NT_STATUS_IS_OK(ret) ) + if (!NT_STATUS_IS_OK(ret)) return ret; if (NT_STATUS_IS_OK(idmap_init_status)) @@ -288,46 +308,48 @@ NTSTATUS idmap_init(void) static_init_idmap; dom_list = lp_idmap_domains(); - + if ( lp_idmap_backend() ) { const char **compat_list = lp_idmap_backend(); char *p = NULL; - const char *q = NULL; + const char *q = NULL; - if ( dom_list ) { - DEBUG(0, ("WARNING: idmap backend and idmap domains are " - "mutually excusive!\n")); + if (dom_list) { + DEBUG(0, ("WARNING: idmap backend and idmap domains " + "are mutually excusive!\n")); DEBUGADD(0,("idmap backend option will be IGNORED!\n")); } else { compat = 1; - if ( (compat_backend = talloc_strdup( idmap_ctx, *compat_list )) == NULL ) { + compat_backend = talloc_strdup(idmap_ctx, *compat_list); + if (compat_backend == NULL) { ret = NT_STATUS_NO_MEMORY; goto done; } - + /* strip any leading idmap_ prefix of */ if (strncmp(*compat_list, "idmap_", 6) == 0 ) { q = *compat_list += 6; - DEBUG(0, ("WARNING: idmap backend uses obsolete and " - "deprecated 'idmap_' prefix.\n" - "Please replace 'idmap_%s' by '%s' in %s\n", - q, q, dyn_CONFIGFILE)); - compat_backend = talloc_strdup( idmap_ctx, q); + DEBUG(0, ("WARNING: idmap backend uses obsolete" + " and deprecated 'idmap_' prefix.\n" + "Please replace 'idmap_%s' by '%s' in" + " %s\n", q, q, dyn_CONFIGFILE)); + compat_backend = talloc_strdup(idmap_ctx, q); } else { - compat_backend = talloc_strdup( idmap_ctx, *compat_list); + compat_backend = talloc_strdup(idmap_ctx, + *compat_list); } - + /* separate the backend and module arguements */ if ((p = strchr(compat_backend, ':')) != NULL) { - *p = '\0'; + *p = '\0'; compat_params = p + 1; } - } + } } else if ( !dom_list ) { /* Back compatible: without idmap domains and explicit idmap backend. Taking default idmap backend: tdb */ - + compat = 1; compat_backend = talloc_strdup( idmap_ctx, "tdb"); compat_params = compat_backend; @@ -336,7 +358,7 @@ NTSTATUS idmap_init(void) if ( ! dom_list) { dom_list = idmap_default_domain; } - + /*************************** * initialize idmap domains */ @@ -347,10 +369,10 @@ NTSTATUS idmap_init(void) char *config_option; /* ignore BUILTIN and local MACHINE domains */ - if ( strequal(dom_list[i], "BUILTIN") - || strequal(dom_list[i], get_global_sam_name() ) ) + if (strequal(dom_list[i], "BUILTIN") + || strequal(dom_list[i], get_global_sam_name())) { - DEBUG(0,("idmap_init: Ignoring invalid domain %s\n", + DEBUG(0,("idmap_init: Ignoring invalid domain %s\n", dom_list[i])); continue; } @@ -359,44 +381,50 @@ NTSTATUS idmap_init(void) pri_dom_is_in_list = True; } /* init domain */ - + dom = TALLOC_ZERO_P(idmap_ctx, struct idmap_domain); IDMAP_CHECK_ALLOC(dom); dom->name = talloc_strdup(dom, dom_list[i]); IDMAP_CHECK_ALLOC(dom->name); - config_option = talloc_asprintf(dom, "idmap config %s", dom->name); + config_option = talloc_asprintf(dom, "idmap config %s", + dom->name); IDMAP_CHECK_ALLOC(config_option); /* default or specific ? */ - dom->default_domain = lp_parm_bool(-1, config_option, "default", False); + dom->default_domain = lp_parm_bool(-1, config_option, + "default", False); if (dom->default_domain || strequal(dom_list[i], idmap_default_domain[0])) { - /* make sure this is set even when we match idmap_default_domain[0] */ + /* make sure this is set even when we match + * idmap_default_domain[0] */ dom->default_domain = True; if (default_already_defined) { - DEBUG(1, ("ERROR: Multiple domains defined as default!\n")); + DEBUG(1, ("ERROR: Multiple domains defined as" + " default!\n")); ret = NT_STATUS_INVALID_PARAMETER; goto done; } default_already_defined = True; - } + } - dom->readonly = lp_parm_bool(-1, config_option, "readonly", False); + dom->readonly = lp_parm_bool(-1, config_option, + "readonly", False); /* find associated backend (default: tdb) */ if (compat) { parm_backend = talloc_strdup(idmap_ctx, compat_backend); } else { - parm_backend = talloc_strdup(idmap_ctx, - lp_parm_const_string(-1, config_option, "backend", "tdb")); + char *backend = lp_parm_const_string(-1, config_option, + "backend", "tdb"); + parm_backend = talloc_strdup(idmap_ctx, backend); } IDMAP_CHECK_ALLOC(parm_backend); @@ -406,22 +434,27 @@ NTSTATUS idmap_init(void) if ( ! dom->methods) { ret = smb_probe_module("idmap", parm_backend); if (NT_STATUS_IS_OK(ret)) { - dom->methods = get_methods(backends, parm_backend); + dom->methods = get_methods(backends, + parm_backend); } } if ( ! dom->methods) { - DEBUG(0, ("ERROR: Could not get methods for backend %s\n", parm_backend)); + DEBUG(0, ("ERROR: Could not get methods for " + "backend %s\n", parm_backend)); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - /* check the set_mapping function exists otherwise mark the module as readonly */ + /* check the set_mapping function exists otherwise mark the + * module as readonly */ if ( ! dom->methods->set_mapping) { - DEBUG(5, ("Forcing to readonly, as this module can't store arbitrary mappings.\n")); + DEBUG(5, ("Forcing to readonly, as this module can't" + " store arbitrary mappings.\n")); dom->readonly = True; } - /* now that we have methods, set the destructor for this domain */ + /* now that we have methods, + * set the destructor for this domain */ talloc_set_destructor(dom, close_domain_destructor); if (compat_params) { @@ -434,10 +467,12 @@ NTSTATUS idmap_init(void) /* Finally instance a backend copy for this domain */ ret = dom->methods->init(dom); if ( ! NT_STATUS_IS_OK(ret)) { - DEBUG(0, ("ERROR: Initialization failed for backend %s (domain %s), deferred!\n", - parm_backend, dom->name)); + DEBUG(0, ("ERROR: Initialization failed for backend " + "%s (domain %s), deferred!\n", + parm_backend, dom->name)); } - idmap_domains = talloc_realloc(idmap_ctx, idmap_domains, struct idmap_domain *, i+1); + idmap_domains = talloc_realloc(idmap_ctx, idmap_domains, + struct idmap_domain *, i+1); if ( ! idmap_domains) { DEBUG(0, ("Out of memory!\n")); ret = NT_STATUS_NO_MEMORY; @@ -445,13 +480,15 @@ NTSTATUS idmap_init(void) } idmap_domains[i] = dom; - if (dom->default_domain) { /* save default domain position for future uses */ + /* save default domain position for future uses */ + if (dom->default_domain) { def_dom_num = i; } DEBUG(10, ("Domain %s - Backend %s - %sdefault - %sreadonly\n", dom->name, parm_backend, - dom->default_domain?"":"not ", dom->readonly?"":"not ")); + dom->default_domain?"":"not ", + dom->readonly?"":"not ")); talloc_free(config_option); } @@ -478,12 +515,13 @@ NTSTATUS idmap_init(void) /* (the nss module is always statically linked) */ if ( ! dom->methods) { - DEBUG(0, ("ERROR: Could not get methods for idmap_nss ?!\n")); + DEBUG(0, ("ERROR: No methods for idmap_nss ?!\n")); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - /* now that we have methods, set the destructor for this domain */ + /* now that we have methods, + * set the destructor for this domain */ talloc_set_destructor(dom, close_domain_destructor); if (compat_params) { @@ -496,12 +534,15 @@ NTSTATUS idmap_init(void) /* Finally instance a backend copy for this domain */ ret = dom->methods->init(dom); if ( ! NT_STATUS_IS_OK(ret)) { - DEBUG(0, ("ERROR: Initialization failed for idmap_nss ?!\n")); + DEBUG(0, ("ERROR: Init. failed for idmap_nss ?!\n")); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - idmap_domains = talloc_realloc(idmap_ctx, idmap_domains, struct idmap_domain *, num_domains+1); + idmap_domains = talloc_realloc(idmap_ctx, + idmap_domains, + struct idmap_domain *, + num_domains+1); if ( ! idmap_domains) { DEBUG(0, ("Out of memory!\n")); ret = NT_STATUS_NO_MEMORY; @@ -509,7 +550,8 @@ NTSTATUS idmap_init(void) } idmap_domains[num_domains] = dom; - DEBUG(10, ("Domain %s - Backend nss - not default - readonly\n", dom->name )); + DEBUG(10, ("Domain %s - Backend nss - not default - readonly\n", + dom->name )); num_domains++; } @@ -529,7 +571,7 @@ NTSTATUS idmap_init(void) /* (the passdb module is always statically linked) */ if ( ! dom->methods) { - DEBUG(0, ("ERROR: Could not get methods for idmap_passdb ?!\n")); + DEBUG(0, ("ERROR: No methods for idmap_passdb ?!\n")); ret = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -547,12 +589,15 @@ NTSTATUS idmap_init(void) /* Finally instance a backend copy for this domain */ ret = dom->methods->init(dom); if ( ! NT_STATUS_IS_OK(ret)) { - DEBUG(0, ("ERROR: Initialization failed for idmap_passdb ?!\n")); + DEBUG(0, ("ERROR: Init. failed for idmap_passdb ?!\n")); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - idmap_domains = talloc_realloc(idmap_ctx, idmap_domains, struct idmap_domain *, num_domains+1); + idmap_domains = talloc_realloc(idmap_ctx, + idmap_domains, + struct idmap_domain *, + num_domains+1); if ( ! idmap_domains) { DEBUG(0, ("Out of memory!\n")); ret = NT_STATUS_NO_MEMORY; @@ -563,14 +608,16 @@ NTSTATUS idmap_init(void) /* needed to handle special BUILTIN and wellknown SIDs cases */ pdb_dom_num = num_domains; - DEBUG(10, ("Domain %s - Backend passdb - not default - readonly\n", dom->name)); + DEBUG(10, ("Domain %s - Backend passdb - not default - readonly\n", + dom->name)); num_domains++; /**** finished adding idmap_passdb backend ****/ /* sort domains so that the default is the last one */ /* don't sort if no default domain defined */ - if (def_dom_num != -1 && def_dom_num != num_domains-1) { /* default is not last, move it */ + if (def_dom_num != -1 && def_dom_num != num_domains-1) { + /* default is not last, move it */ struct idmap_domain *tmp; if (pdb_dom_num > def_dom_num) { @@ -599,28 +646,35 @@ NTSTATUS idmap_init(void) alloc_backend = talloc_strdup(idmap_ctx, compat_backend); } else { char *ab = lp_idmap_alloc_backend(); - + if (ab && (ab[0] != '\0')) { - alloc_backend = talloc_strdup(idmap_ctx, lp_idmap_alloc_backend()); + alloc_backend = talloc_strdup(idmap_ctx, + lp_idmap_alloc_backend()); } } if ( alloc_backend ) { - - idmap_alloc_ctx = TALLOC_ZERO_P(idmap_ctx, struct idmap_alloc_context); + + idmap_alloc_ctx = TALLOC_ZERO_P(idmap_ctx, + struct idmap_alloc_context); IDMAP_CHECK_ALLOC(idmap_alloc_ctx); - idmap_alloc_ctx->methods = get_alloc_methods(alloc_backends, alloc_backend); + idmap_alloc_ctx->methods = get_alloc_methods(alloc_backends, + alloc_backend); if ( ! idmap_alloc_ctx->methods) { ret = smb_probe_module("idmap", alloc_backend); if (NT_STATUS_IS_OK(ret)) { - idmap_alloc_ctx->methods = get_alloc_methods(alloc_backends, alloc_backend); + idmap_alloc_ctx->methods = + get_alloc_methods(alloc_backends, + alloc_backend); } } if (idmap_alloc_ctx->methods) { if (compat_params) { - idmap_alloc_ctx->params = talloc_strdup(idmap_alloc_ctx, compat_params); + idmap_alloc_ctx->params = + talloc_strdup(idmap_alloc_ctx, + compat_params); IDMAP_CHECK_ALLOC(idmap_alloc_ctx->params); } else { idmap_alloc_ctx->params = NULL; @@ -628,13 +682,15 @@ NTSTATUS idmap_init(void) ret = idmap_alloc_ctx->methods->init(idmap_alloc_ctx->params); if ( ! NT_STATUS_IS_OK(ret)) { - DEBUG(0, ("ERROR: Initialization failed for alloc " - "backend %s, deferred!\n", alloc_backend)); + DEBUG(0, ("ERROR: Initialization failed for " + "alloc backend %s, deferred!\n", + alloc_backend)); } else { idmap_alloc_ctx->initialized = True; } } else { - DEBUG(2, ("idmap_init: Unable to get methods for alloc backend %s\n", + DEBUG(2, ("idmap_init: Unable to get methods for " + "alloc backend %s\n", alloc_backend)); /* certain compat backends are just readonly */ if ( compat ) { @@ -645,12 +701,12 @@ NTSTATUS idmap_init(void) } } } - + /* cleanpu temporary strings */ TALLOC_FREE( compat_backend ); idmap_init_status = NT_STATUS_OK; - + return ret; done: @@ -748,16 +804,16 @@ static struct idmap_domain* find_idmap_domain_from_sid( DOM_SID *account_sid ) uint32 rid; struct winbindd_domain *domain = NULL; int i; - + /* 1. Handle BUILTIN or Special SIDs and prevent them from falling into the default domain space (if we have a configured passdb backend. */ - if ( (pdb_dom_num != -1) && + if ( (pdb_dom_num != -1) && (sid_check_is_in_builtin(account_sid) || sid_check_is_in_wellknown_domain(account_sid) || sid_check_is_in_unix_groups(account_sid) || - sid_check_is_in_unix_users(account_sid)) ) + sid_check_is_in_unix_users(account_sid)) ) { return idmap_domains[pdb_dom_num]; } @@ -765,8 +821,8 @@ static struct idmap_domain* find_idmap_domain_from_sid( DOM_SID *account_sid ) /* 2. Lookup the winbindd_domain from the account_sid */ sid_copy( &domain_sid, account_sid ); - sid_split_rid( &domain_sid, &rid ); - domain = find_domain_from_sid_noinit( &domain_sid ); + sid_split_rid( &domain_sid, &rid ); + domain = find_domain_from_sid_noinit( &domain_sid ); for (i = 0; domain && i < num_domains; i++) { if ( strequal( idmap_domains[i]->name, domain->name ) ) { @@ -790,13 +846,13 @@ static struct idmap_domain* find_idmap_domain_from_sid( DOM_SID *account_sid ) static uint32 find_idmap_domain_index( struct idmap_domain *id_domain) { int i; - + for (i = 0; i < num_domains; i++) { if ( idmap_domains[i] == id_domain ) - return i; + return i; } - return -1; + return -1; } @@ -804,15 +860,18 @@ static uint32 find_idmap_domain_index( struct idmap_domain *id_domain) Check if creating a mapping is permitted for the domain *********************************************************/ -static NTSTATUS idmap_can_map(const struct id_map *map, struct idmap_domain **ret_dom) +static NTSTATUS idmap_can_map(const struct id_map *map, + struct idmap_domain **ret_dom) { struct idmap_domain *dom; - /* Check we do not create mappings for our own local domain, or BUILTIN or special SIDs */ + /* Check we do not create mappings for our own local domain, + * or BUILTIN or special SIDs */ if ((sid_compare_domain(map->sid, get_global_sam_sid()) == 0) || sid_check_is_in_builtin(map->sid) || sid_check_is_in_wellknown_domain(map->sid)) { - DEBUG(10, ("We are not supposed to create mappings for our own domains (local, builtin, specials)\n")); + DEBUG(10, ("We are not supposed to create mappings for " + "our own domains (local, builtin, specials)\n")); return NT_STATUS_UNSUCCESSFUL; } @@ -820,21 +879,28 @@ static NTSTATUS idmap_can_map(const struct id_map *map, struct idmap_domain **re if (lp_winbind_trusted_domains_only()) { struct winbindd_domain *wdom = find_our_domain(); if (wdom && (sid_compare_domain(map->sid, &wdom->sid) == 0)) { - DEBUG(10, ("We are not supposed to create mappings for our primary domain when <trusted domain only> is True\n")); - DEBUGADD(10, ("Leave [%s] unmapped\n", sid_string_static(map->sid))); + DEBUG(10, ("We are not supposed to create mappings for " + "our primary domain when <trusted domain " + "only> is True\n")); + DEBUGADD(10, ("Leave [%s] unmapped\n", + sid_string_static(map->sid))); return NT_STATUS_UNSUCCESSFUL; } } if ( (dom = find_idmap_domain_from_sid( map->sid )) == NULL ) { - /* huh, couldn't find a suitable domain, let's just leave it unmapped */ - DEBUG(10, ("Could not find idmap backend for SID %s", sid_string_static(map->sid))); + /* huh, couldn't find a suitable domain, + * let's just leave it unmapped */ + DEBUG(10, ("Could not find idmap backend for SID %s", + sid_string_static(map->sid))); return NT_STATUS_NO_SUCH_DOMAIN; } if (dom->readonly) { - /* ouch the domain is read only, let's just leave it unmapped */ - DEBUG(10, ("idmap backend for SID %s is READONLY!\n", sid_string_static(map->sid))); + /* ouch the domain is read only, + * let's just leave it unmapped */ + DEBUG(10, ("idmap backend for SID %s is READONLY!\n", + sid_string_static(map->sid))); return NT_STATUS_UNSUCCESSFUL; } @@ -863,7 +929,8 @@ static NTSTATUS idmap_new_mapping(TALLOC_CTX *ctx, struct id_map *map) ret = idmap_allocate_uid(&map->xid); if ( ! NT_STATUS_IS_OK(ret)) { /* can't allocate id, let's just leave it unmapped */ - DEBUG(2, ("uid allocation failed! Can't create mapping\n")); + DEBUG(2, ("uid allocation failed! " + "Can't create mapping\n")); return NT_STATUS_NONE_MAPPED; } break; @@ -871,14 +938,15 @@ static NTSTATUS idmap_new_mapping(TALLOC_CTX *ctx, struct id_map *map) ret = idmap_allocate_gid(&map->xid); if ( ! NT_STATUS_IS_OK(ret)) { /* can't allocate id, let's just leave it unmapped */ - DEBUG(2, ("gid allocation failed! Can't create mapping\n")); + DEBUG(2, ("gid allocation failed! " + "Can't create mapping\n")); return NT_STATUS_NONE_MAPPED; } break; default: /* invalid sid, let's just leave it unmapped */ DEBUG(3,("idmap_new_mapping: Refusing to create a " - "mapping for an unspecified ID type.\n")); + "mapping for an unspecified ID type.\n")); return NT_STATUS_NONE_MAPPED; } @@ -895,7 +963,7 @@ static NTSTATUS idmap_new_mapping(TALLOC_CTX *ctx, struct id_map *map) /* something wrong here :-( */ DEBUG(2, ("Failed to commit mapping\n!")); - /* TODO: would it make sense to have an "unalloc_id function?" */ + /* TODO: would it make sense to have an "unalloc_id function?" */ return NT_STATUS_NONE_MAPPED; } @@ -918,7 +986,7 @@ static NTSTATUS idmap_backends_set_mapping(const struct id_map *map) return ret; } - DEBUG(10,("set_mapping for domain %s\n", dom->name )); + DEBUG(10,("set_mapping for domain %s\n", dom->name )); return dom->methods->set_mapping(dom, map); } @@ -956,7 +1024,7 @@ static NTSTATUS idmap_backends_unixids_to_sids(struct id_map **ids) dom = idmap_domains[n]; DEBUG(10, ("Query sids from domain %s\n", dom->name)); - + ret = dom->methods->unixids_to_sids(dom, _ids); IDMAP_REPORT_RET(ret); @@ -964,7 +1032,8 @@ static NTSTATUS idmap_backends_unixids_to_sids(struct id_map **ids) for (i = 0, u = 0; _ids[i]; i++) { if (_ids[i]->status != ID_MAPPED) { - unmapped = talloc_realloc(ctx, unmapped, struct id_map *, u + 2); + unmapped = talloc_realloc(ctx, unmapped, + struct id_map *, u + 2); IDMAP_CHECK_ALLOC(unmapped); unmapped[u] = _ids[i]; u++; @@ -978,21 +1047,27 @@ static NTSTATUS idmap_backends_unixids_to_sids(struct id_map **ids) } _ids = unmapped; - + } if (unmapped) { - /* there are still unmapped ids, map them to the unix users/groups domains */ - /* except for expired entries, these will be returned as valid (offline mode) */ + /* there are still unmapped ids, + * map them to the unix users/groups domains */ + /* except for expired entries, + * these will be returned as valid (offline mode) */ for (i = 0; unmapped[i]; i++) { if (unmapped[i]->status == ID_EXPIRED) continue; switch (unmapped[i]->xid.type) { case ID_TYPE_UID: - uid_to_unix_users_sid((uid_t)unmapped[i]->xid.id, unmapped[i]->sid); + uid_to_unix_users_sid( + (uid_t)unmapped[i]->xid.id, + unmapped[i]->sid); unmapped[i]->status = ID_MAPPED; break; case ID_TYPE_GID: - gid_to_unix_groups_sid((gid_t)unmapped[i]->xid.id, unmapped[i]->sid); + gid_to_unix_groups_sid( + (gid_t)unmapped[i]->xid.id, + unmapped[i]->sid); unmapped[i]->status = ID_MAPPED; break; default: /* what?! */ @@ -1007,7 +1082,7 @@ static NTSTATUS idmap_backends_unixids_to_sids(struct id_map **ids) done: talloc_free(ctx); return ret; -} +} static NTSTATUS idmap_backends_sids_to_unixids(struct id_map **ids) { @@ -1038,22 +1113,23 @@ static NTSTATUS idmap_backends_sids_to_unixids(struct id_map **ids) /* partition the requests by domain */ for (i = 0; ids[i]; i++) { - uint32 idx; + uint32 idx; - if ( (dom = find_idmap_domain_from_sid( ids[i]->sid )) == NULL ) { + if ((dom = find_idmap_domain_from_sid(ids[i]->sid)) == NULL) { /* no available idmap_domain. Move on */ continue; } - DEBUG(10,("SID %s is being handled by %s\n", - sid_string_static(ids[i]->sid), + DEBUG(10,("SID %s is being handled by %s\n", + sid_string_static(ids[i]->sid), dom ? dom->name : "none" )); idx = find_idmap_domain_index( dom ); SMB_ASSERT( idx != -1 ); - - dom_ids[idx] = talloc_realloc(ctx, dom_ids[idx], - struct id_map *, counters[idx] + 2); + + dom_ids[idx] = talloc_realloc(ctx, dom_ids[idx], + struct id_map *, + counters[idx] + 2); IDMAP_CHECK_ALLOC(dom_ids[idx]); dom_ids[idx][counters[idx]] = ids[i]; @@ -1079,13 +1155,15 @@ static NTSTATUS idmap_backends_sids_to_unixids(struct id_map **ids) for (i = 0; ids[i]; i++) { /* NOTE: this will NOT touch ID_EXPIRED entries that the backend * was not able to confirm/deny (offline mode) */ - if (ids[i]->status == ID_UNKNOWN || ids[i]->status == ID_UNMAPPED) { + if (ids[i]->status == ID_UNKNOWN || + ids[i]->status == ID_UNMAPPED) { /* ok this is an unmapped one, see if we can map it */ ret = idmap_new_mapping(ctx, ids[i]); if (NT_STATUS_IS_OK(ret)) { /* successfully mapped */ ids[i]->status = ID_MAPPED; - } else if (NT_STATUS_EQUAL(ret, NT_STATUS_NONE_MAPPED)) { + } else + if (NT_STATUS_EQUAL(ret, NT_STATUS_NONE_MAPPED)) { /* could not map it */ ids[i]->status = ID_UNMAPPED; } else { @@ -1101,7 +1179,7 @@ static NTSTATUS idmap_backends_sids_to_unixids(struct id_map **ids) done: talloc_free(ctx); return ret; -} +} /************************************************************************** idmap interface functions @@ -1133,7 +1211,7 @@ NTSTATUS idmap_unixids_to_sids(struct id_map **ids) /* no ids to be asked to the backends by default */ bids = NULL; bi = 0; - + for (i = 0; ids[i]; i++) { if ( ! ids[i]->sid) { @@ -1147,7 +1225,8 @@ NTSTATUS idmap_unixids_to_sids(struct id_map **ids) if ( ! NT_STATUS_IS_OK(ret)) { if ( ! bids) { - /* alloc space for ids to be resolved by backends (realloc ten by ten) */ + /* alloc space for ids to be resolved by + * backends (realloc ten by ten) */ bids = TALLOC_ARRAY(ctx, struct id_map *, 10); if ( ! bids) { DEBUG(1, ("Out of memory!\n")); @@ -1157,14 +1236,17 @@ NTSTATUS idmap_unixids_to_sids(struct id_map **ids) bn = 10; } - /* add this id to the ones to be retrieved from the backends */ + /* add this id to the ones to be retrieved + * from the backends */ bids[bi] = ids[i]; bi++; - - /* check if we need to allocate new space on the rids array */ + + /* check if we need to allocate new space + * on the rids array */ if (bi == bn) { bn += 10; - bids = talloc_realloc(ctx, bids, struct id_map *, bn); + bids = talloc_realloc(ctx, bids, + struct id_map *, bn); if ( ! bids) { DEBUG(1, ("Out of memory!\n")); talloc_free(ctx); @@ -1177,7 +1259,8 @@ NTSTATUS idmap_unixids_to_sids(struct id_map **ids) } } - /* let's see if there is any id mapping to be retieved from the backends */ + /* let's see if there is any id mapping to be retieved + * from the backends */ if (bi) { ret = idmap_backends_unixids_to_sids(bids); @@ -1188,18 +1271,21 @@ NTSTATUS idmap_unixids_to_sids(struct id_map **ids) if (bids[i]->status == ID_MAPPED) { ret = idmap_cache_set(idmap_cache, bids[i]); } else if (bids[i]->status == ID_EXPIRED) { - /* the cache returned an expired entry and the backend was - * was not able to clear the situation (offline). - * This handles a previous NT_STATUS_SYNCHRONIZATION_REQUIRED + /* the cache returned an expired entry and the + * backend was not able to clear the situation + * (offline). This handles a previous + * NT_STATUS_SYNCHRONIZATION_REQUIRED * for disconnected mode, */ bids[i]->status = ID_MAPPED; } else if (bids[i]->status == ID_UNKNOWN) { - /* something bad here. We were not able to handle this for some - * reason, mark it as unmapped and hope next time things will + /* something bad here. We were not able to + * handle this for some reason, mark it as + * unmapped and hope next time things will * settle down. */ bids[i]->status = ID_UNMAPPED; } else { /* unmapped */ - ret = idmap_cache_set_negative_id(idmap_cache, bids[i]); + ret = idmap_cache_set_negative_id(idmap_cache, + bids[i]); } IDMAP_CHECK_RET(ret); } @@ -1237,7 +1323,7 @@ NTSTATUS idmap_sids_to_unixids(struct id_map **ids) /* no ids to be asked to the backends by default */ bids = NULL; bi = 0; - + for (i = 0; ids[i]; i++) { if ( ! ids[i]->sid) { @@ -1262,14 +1348,17 @@ NTSTATUS idmap_sids_to_unixids(struct id_map **ids) bn = 10; } - /* add this id to the ones to be retrieved from the backends */ + /* add this id to the ones to be retrieved + * from the backends */ bids[bi] = ids[i]; bi++; - /* check if we need to allocate new space on the ids array */ + /* check if we need to allocate new space + * on the ids array */ if (bi == bn) { bn += 10; - bids = talloc_realloc(ctx, bids, struct id_map *, bn); + bids = talloc_realloc(ctx, bids, + struct id_map *, bn); if ( ! bids) { DEBUG(1, ("Out of memory!\n")); talloc_free(ctx); @@ -1282,9 +1371,10 @@ NTSTATUS idmap_sids_to_unixids(struct id_map **ids) } } - /* let's see if there is any id mapping to be retieved from the backends */ + /* let's see if there is any id mapping to be retieved + * from the backends */ if (bids) { - + ret = idmap_backends_sids_to_unixids(bids); IDMAP_CHECK_RET(ret); @@ -1293,18 +1383,21 @@ NTSTATUS idmap_sids_to_unixids(struct id_map **ids) if (bids[i]->status == ID_MAPPED) { ret = idmap_cache_set(idmap_cache, bids[i]); } else if (bids[i]->status == ID_EXPIRED) { - /* the cache returned an expired entry and the backend was - * was not able to clear the situation (offline). - * This handles a previous NT_STATUS_SYNCHRONIZATION_REQUIRED + /* the cache returned an expired entry and the + * backend was not able to clear the situation + * (offline). This handles a previous + * NT_STATUS_SYNCHRONIZATION_REQUIRED * for disconnected mode, */ bids[i]->status = ID_MAPPED; } else if (bids[i]->status == ID_UNKNOWN) { - /* something bad here. We were not able to handle this for some - * reason, mark it as unmapped and hope next time things will + /* something bad here. We were not able to + * handle this for some reason, mark it as + * unmapped and hope next time things will * settle down. */ bids[i]->status = ID_UNMAPPED; } else { /* unmapped */ - ret = idmap_cache_set_negative_sid(idmap_cache, bids[i]); + ret = idmap_cache_set_negative_sid(idmap_cache, + bids[i]); } IDMAP_CHECK_RET(ret); } @@ -1371,28 +1464,30 @@ void idmap_dump_maps(char *logfile) dump = fopen(logfile, "w"); if ( ! dump) { - DEBUG(0, ("Unable to open open stream for file [%s], errno: %d\n", logfile, errno)); + DEBUG(0, ("Unable to open open stream for file [%s], " + "errno: %d\n", logfile, errno)); return; } - if (NT_STATUS_IS_OK(ret = idmap_alloc_init())) { + if (NT_STATUS_IS_OK(ret = idmap_alloc_init())) { allid.type = ID_TYPE_UID; allid.id = 0; idmap_alloc_ctx->methods->get_id_hwm(&allid); fprintf(dump, "USER HWM %lu\n", (unsigned long)allid.id); - + allid.type = ID_TYPE_GID; allid.id = 0; idmap_alloc_ctx->methods->get_id_hwm(&allid); fprintf(dump, "GROUP HWM %lu\n", (unsigned long)allid.id); } - + maps = talloc(idmap_ctx, struct id_map); num_maps = 0; for (i = 0; i < num_domains; i++) { if (idmap_domains[i]->methods->dump_data) { - idmap_domains[i]->methods->dump_data(idmap_domains[i], &maps, &num_maps); + idmap_domains[i]->methods->dump_data(idmap_domains[i], + &maps, &num_maps); } } @@ -1429,13 +1524,13 @@ char *idmap_fetch_secret(const char *backend, bool alloc, r = asprintf(&tmp, "IDMAP_%s_%s", backend, domain); } - if (r < 0) + if (r < 0) return NULL; strupper_m(tmp); /* make sure the key is case insensitive */ ret = secrets_fetch_generic(tmp, identity); - SAFE_FREE( tmp ); + SAFE_FREE(tmp); return ret; } diff --git a/source/nsswitch/idmap_cache.c b/source/nsswitch/idmap_cache.c index 037b1cb1e81..b56b155f83c 100644 --- a/source/nsswitch/idmap_cache.c +++ b/source/nsswitch/idmap_cache.c @@ -399,7 +399,8 @@ NTSTATUS idmap_cache_map_sid(struct idmap_cache_ctx *cache, struct id_map *id) if (databuf.dptr == NULL) { DEBUG(10, ("Cache entry with key = %s couldn't be found\n", sidkey)); - return NT_STATUS_NONE_MAPPED; + ret = NT_STATUS_NONE_MAPPED; + goto done; } t = strtol(databuf.dptr, &endptr, 10); @@ -496,7 +497,8 @@ NTSTATUS idmap_cache_map_id(struct idmap_cache_ctx *cache, struct id_map *id) if (databuf.dptr == NULL) { DEBUG(10, ("Cache entry with key = %s couldn't be found\n", idkey)); - return NT_STATUS_NONE_MAPPED; + ret = NT_STATUS_NONE_MAPPED; + goto done; } t = strtol(databuf.dptr, &endptr, 10); diff --git a/source/nsswitch/idmap_ldap.c b/source/nsswitch/idmap_ldap.c index ca7d32b3924..d1639c07721 100644 --- a/source/nsswitch/idmap_ldap.c +++ b/source/nsswitch/idmap_ldap.c @@ -6,7 +6,7 @@ Copyright (C) Tim Potter 2000 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003 Copyright (C) Gerald Carter 2003 - Copyright (C) Simo Sorce 2003-2006 + Copyright (C) Simo Sorce 2003-2007 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -52,39 +52,47 @@ struct idmap_ldap_alloc_context { }; -#define CHECK_ALLOC_DONE(mem) do { if (!mem) { DEBUG(0, ("Out of memory!\n")); ret = NT_STATUS_NO_MEMORY; goto done; } } while (0) +#define CHECK_ALLOC_DONE(mem) do { \ + if (!mem) { \ + DEBUG(0, ("Out of memory!\n")); \ + ret = NT_STATUS_NO_MEMORY; \ + goto done; \ + } } while (0) /********************************************************************** IDMAP ALLOC TDB BACKEND **********************************************************************/ - + static struct idmap_ldap_alloc_context *idmap_alloc_ldap; /********************************************************************* ********************************************************************/ -static NTSTATUS get_credentials( TALLOC_CTX *mem_ctx, +static NTSTATUS get_credentials( TALLOC_CTX *mem_ctx, struct smbldap_state *ldap_state, const char *config_option, struct idmap_domain *dom, char **dn ) { NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - char *user_dn = NULL; char *secret = NULL; const char *tmp = NULL; - + char *user_dn = NULL; + BOOL anon = False; + /* assume anonymous if we don't have a specified user */ tmp = lp_parm_const_string(-1, config_option, "ldap_user_dn", NULL); if ( tmp ) { if (!dom) { - /* only the alloc backend is allowed to pass in a NULL dom */ - secret = idmap_fetch_secret("ldap", true, NULL, tmp); + /* only the alloc backend can pass in a NULL dom */ + secret = idmap_fetch_secret("ldap", True, + NULL, tmp); } else { - secret = idmap_fetch_secret("ldap", false, dom->name, tmp); - } + secret = idmap_fetch_secret("ldap", False, + dom->name, tmp); + } if (!secret) { DEBUG(0, ("get_credentials: Unable to fetch " @@ -92,33 +100,33 @@ static NTSTATUS get_credentials( TALLOC_CTX *mem_ctx, tmp, (dom==NULL)?"ALLOC":dom->name)); ret = NT_STATUS_ACCESS_DENIED; goto done; - } + } *dn = talloc_strdup(mem_ctx, tmp); - CHECK_ALLOC_DONE(*dn); + CHECK_ALLOC_DONE(*dn); } else { - if ( !fetch_ldap_pw( &user_dn, &secret ) ) { + if (!fetch_ldap_pw(&user_dn, &secret)) { DEBUG(2, ("get_credentials: Failed to lookup ldap " - "bind creds. Using anonymous connection.\n")); - *dn = talloc_strdup( mem_ctx, "" ); + "bind creds. Using anonymous connection.\n")); + anon = True; } else { *dn = talloc_strdup(mem_ctx, user_dn); - SAFE_FREE( user_dn ); + SAFE_FREE( user_dn ); CHECK_ALLOC_DONE(*dn); - } + } } - smbldap_set_creds(ldap_state, false, *dn, secret); + smbldap_set_creds(ldap_state, anon, *dn, secret); ret = NT_STATUS_OK; - - done: - SAFE_FREE( secret ); - return ret; +done: + SAFE_FREE(secret); + + return ret; } /********************************************************************** - Verify the sambaUnixIdPool entry in the directory. + Verify the sambaUnixIdPool entry in the directory. **********************************************************************/ static NTSTATUS verify_idpool(void) @@ -131,7 +139,7 @@ static NTSTATUS verify_idpool(void) char *filter; int count; int rc; - + if ( ! idmap_alloc_ldap) { return NT_STATUS_UNSUCCESSFUL; } @@ -144,12 +152,12 @@ static NTSTATUS verify_idpool(void) filter = talloc_asprintf(ctx, "(objectclass=%s)", LDAP_OBJ_IDPOOL); CHECK_ALLOC_DONE(filter); - + attr_list = get_attr_list(ctx, idpool_attr_list); CHECK_ALLOC_DONE(attr_list); rc = smbldap_search(idmap_alloc_ldap->smbldap_state, - idmap_alloc_ldap->suffix, + idmap_alloc_ldap->suffix, LDAP_SCOPE_SUBTREE, filter, attr_list, @@ -157,11 +165,13 @@ static NTSTATUS verify_idpool(void) &result); if (rc != LDAP_SUCCESS) { - DEBUG(1, ("Unable to verify the idpool, cannot continue initialization!\n")); + DEBUG(1, ("Unable to verify the idpool, " + "cannot continue initialization!\n")); return NT_STATUS_UNSUCCESSFUL; } - count = ldap_count_entries(idmap_alloc_ldap->smbldap_state->ldap_struct, result); + count = ldap_count_entries(idmap_alloc_ldap->smbldap_state->ldap_struct, + result); ldap_msgfree(result); @@ -173,17 +183,21 @@ static NTSTATUS verify_idpool(void) } else if (count == 0) { char *uid_str, *gid_str; - - uid_str = talloc_asprintf(ctx, "%lu", (unsigned long)idmap_alloc_ldap->low_uid); - gid_str = talloc_asprintf(ctx, "%lu", (unsigned long)idmap_alloc_ldap->low_gid); + + uid_str = talloc_asprintf(ctx, "%lu", + (unsigned long)idmap_alloc_ldap->low_uid); + gid_str = talloc_asprintf(ctx, "%lu", + (unsigned long)idmap_alloc_ldap->low_gid); smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_IDPOOL); - smbldap_set_mod(&mods, LDAP_MOD_ADD, - get_attr_key2string(idpool_attr_list, LDAP_ATTR_UIDNUMBER), + smbldap_set_mod(&mods, LDAP_MOD_ADD, + get_attr_key2string(idpool_attr_list, + LDAP_ATTR_UIDNUMBER), uid_str); smbldap_set_mod(&mods, LDAP_MOD_ADD, - get_attr_key2string(idpool_attr_list, LDAP_ATTR_GIDNUMBER), + get_attr_key2string(idpool_attr_list, + LDAP_ATTR_GIDNUMBER), gid_str); if (mods) { rc = smbldap_modify(idmap_alloc_ldap->smbldap_state, @@ -203,12 +217,12 @@ done: } /***************************************************************************** - Initialise idmap database. + Initialise idmap database. *****************************************************************************/ static NTSTATUS idmap_ldap_alloc_init(const char *params) { - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; const char *range; const char *tmp; uid_t low_uid = 0; @@ -223,7 +237,7 @@ static NTSTATUS idmap_ldap_alloc_init(const char *params) idmap_alloc_ldap = TALLOC_ZERO_P(NULL, struct idmap_ldap_alloc_context); CHECK_ALLOC_DONE( idmap_alloc_ldap ); - + /* load ranges */ idmap_alloc_ldap->low_uid = 0; @@ -237,13 +251,17 @@ static NTSTATUS idmap_ldap_alloc_init(const char *params) if (sscanf(range, "%u - %u", &low_id, &high_id) == 2) { if (low_id < high_id) { - idmap_alloc_ldap->low_gid = idmap_alloc_ldap->low_uid = low_id; - idmap_alloc_ldap->high_gid = idmap_alloc_ldap->high_uid = high_id; + idmap_alloc_ldap->low_gid = low_id; + idmap_alloc_ldap->low_uid = low_id; + idmap_alloc_ldap->high_gid = high_id; + idmap_alloc_ldap->high_uid = high_id; } else { - DEBUG(1, ("ERROR: invalid idmap alloc range [%s]", range)); + DEBUG(1, ("ERROR: invalid idmap alloc range " + "[%s]", range)); } } else { - DEBUG(1, ("ERROR: invalid syntax for idmap alloc config:range [%s]", range)); + DEBUG(1, ("ERROR: invalid syntax for idmap alloc " + "config:range [%s]", range)); } } @@ -275,28 +293,23 @@ static NTSTATUS idmap_ldap_alloc_init(const char *params) /* assume location is the only parameter */ idmap_alloc_ldap->url = talloc_strdup(idmap_alloc_ldap, params); } else { - tmp = lp_parm_const_string(-1, "idmap alloc config", "ldap_url", NULL); + tmp = lp_parm_const_string(-1, "idmap alloc config", + "ldap_url", NULL); if ( ! tmp) { DEBUG(1, ("ERROR: missing idmap ldap url\n")); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - + idmap_alloc_ldap->url = talloc_strdup(idmap_alloc_ldap, tmp); } CHECK_ALLOC_DONE( idmap_alloc_ldap->url ); - tmp = lp_ldap_idmap_suffix(); + tmp = lp_parm_const_string(-1, "idmap alloc config", + "ldap_base_dn", NULL); if ( ! tmp || ! *tmp) { - tmp = lp_parm_const_string(-1, "idmap alloc config", "ldap_base_dn", NULL); - } - if ( ! tmp) { - tmp = lp_ldap_suffix(); - if (tmp) { - DEBUG(1, ("WARNING: Trying to use the global ldap suffix(%s)\n", tmp)); - DEBUGADD(1, ("as suffix. This may not be what you want!\n")); - } + tmp = lp_ldap_idmap_suffix(); if ( ! tmp) { DEBUG(1, ("ERROR: missing idmap ldap suffix\n")); ret = NT_STATUS_UNSUCCESSFUL; @@ -306,33 +319,33 @@ static NTSTATUS idmap_ldap_alloc_init(const char *params) idmap_alloc_ldap->suffix = talloc_strdup(idmap_alloc_ldap, tmp); CHECK_ALLOC_DONE( idmap_alloc_ldap->suffix ); - + ret = smbldap_init(idmap_alloc_ldap, idmap_alloc_ldap->url, - &idmap_alloc_ldap->smbldap_state); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(1, ("ERROR: smbldap_init (%s) failed!\n", + &idmap_alloc_ldap->smbldap_state); + if (!NT_STATUS_IS_OK(ret)) { + DEBUG(1, ("ERROR: smbldap_init (%s) failed!\n", idmap_alloc_ldap->url)); - goto done; + goto done; } - ret = get_credentials( idmap_alloc_ldap, - idmap_alloc_ldap->smbldap_state, + ret = get_credentials( idmap_alloc_ldap, + idmap_alloc_ldap->smbldap_state, "idmap alloc config", NULL, &idmap_alloc_ldap->user_dn ); if ( !NT_STATUS_IS_OK(ret) ) { DEBUG(1,("idmap_ldap_alloc_init: Failed to get connection " "credentials (%s)\n", nt_errstr(ret))); goto done; - } + } /* see if the idmap suffix and sub entries exists */ - ret = verify_idpool(); + ret = verify_idpool(); done: if ( !NT_STATUS_IS_OK( ret ) ) TALLOC_FREE( idmap_alloc_ldap ); - + return ret; } @@ -375,11 +388,13 @@ static NTSTATUS idmap_ldap_allocate_id(struct unixid *xid) switch (xid->type) { case ID_TYPE_UID: - type = get_attr_key2string(idpool_attr_list, LDAP_ATTR_UIDNUMBER); + type = get_attr_key2string(idpool_attr_list, + LDAP_ATTR_UIDNUMBER); break; case ID_TYPE_GID: - type = get_attr_key2string(idpool_attr_list, LDAP_ATTR_GIDNUMBER); + type = get_attr_key2string(idpool_attr_list, + LDAP_ATTR_GIDNUMBER); break; default: @@ -399,23 +414,27 @@ static NTSTATUS idmap_ldap_allocate_id(struct unixid *xid) idmap_alloc_ldap->suffix, LDAP_SCOPE_SUBTREE, filter, attr_list, 0, &result); - + if (rc != LDAP_SUCCESS) { DEBUG(0,("%s object not found\n", LDAP_OBJ_IDPOOL)); goto done; } talloc_autofree_ldapmsg(ctx, result); - - count = ldap_count_entries(idmap_alloc_ldap->smbldap_state->ldap_struct, result); + + count = ldap_count_entries(idmap_alloc_ldap->smbldap_state->ldap_struct, + result); if (count != 1) { DEBUG(0,("Single %s object not found\n", LDAP_OBJ_IDPOOL)); goto done; } - entry = ldap_first_entry(idmap_alloc_ldap->smbldap_state->ldap_struct, result); + entry = ldap_first_entry(idmap_alloc_ldap->smbldap_state->ldap_struct, + result); - dn = smbldap_talloc_dn(ctx, idmap_alloc_ldap->smbldap_state->ldap_struct, entry); + dn = smbldap_talloc_dn(ctx, + idmap_alloc_ldap->smbldap_state->ldap_struct, + entry); if ( ! dn) { goto done; } @@ -438,15 +457,15 @@ static NTSTATUS idmap_ldap_allocate_id(struct unixid *xid) switch (xid->type) { case ID_TYPE_UID: if (xid->id > idmap_alloc_ldap->high_uid) { - DEBUG(0,("Cannot allocate uid above %lu!\n", + DEBUG(0,("Cannot allocate uid above %lu!\n", (unsigned long)idmap_alloc_ldap->high_uid)); goto done; } break; - - case ID_TYPE_GID: + + case ID_TYPE_GID: if (xid->id > idmap_alloc_ldap->high_gid) { - DEBUG(0,("Cannot allocate gid above %lu!\n", + DEBUG(0,("Cannot allocate gid above %lu!\n", (unsigned long)idmap_alloc_ldap->high_uid)); goto done; } @@ -456,33 +475,35 @@ static NTSTATUS idmap_ldap_allocate_id(struct unixid *xid) /* impossible */ goto done; } - + new_id_str = talloc_asprintf(ctx, "%lu", (unsigned long)xid->id + 1); if ( ! new_id_str) { DEBUG(0,("Out of memory\n")); ret = NT_STATUS_NO_MEMORY; goto done; } - + smbldap_set_mod(&mods, LDAP_MOD_DELETE, type, id_str); smbldap_set_mod(&mods, LDAP_MOD_ADD, type, new_id_str); if (mods == NULL) { DEBUG(0,("smbldap_set_mod() failed.\n")); - goto done; + goto done; } - DEBUG(10, ("Try to atomically increment the id (%s -> %s)\n", id_str, new_id_str)); + DEBUG(10, ("Try to atomically increment the id (%s -> %s)\n", + id_str, new_id_str)); rc = smbldap_modify(idmap_alloc_ldap->smbldap_state, dn, mods); ldap_mods_free(mods, True); if (rc != LDAP_SUCCESS) { - DEBUG(1,("Failed to allocate new %s. smbldap_modify() failed.\n", type)); + DEBUG(1,("Failed to allocate new %s. " + "smbldap_modify() failed.\n", type)); goto done; } - + ret = NT_STATUS_OK; done: @@ -491,7 +512,7 @@ done: } /********************************** - Get current highest id. + Get current highest id. **********************************/ static NTSTATUS idmap_ldap_get_hwm(struct unixid *xid) @@ -526,11 +547,13 @@ static NTSTATUS idmap_ldap_get_hwm(struct unixid *xid) switch (xid->type) { case ID_TYPE_UID: - type = get_attr_key2string(idpool_attr_list, LDAP_ATTR_UIDNUMBER); + type = get_attr_key2string(idpool_attr_list, + LDAP_ATTR_UIDNUMBER); break; case ID_TYPE_GID: - type = get_attr_key2string(idpool_attr_list, LDAP_ATTR_GIDNUMBER); + type = get_attr_key2string(idpool_attr_list, + LDAP_ATTR_GIDNUMBER); break; default: @@ -548,21 +571,23 @@ static NTSTATUS idmap_ldap_get_hwm(struct unixid *xid) idmap_alloc_ldap->suffix, LDAP_SCOPE_SUBTREE, filter, attr_list, 0, &result); - + if (rc != LDAP_SUCCESS) { DEBUG(0,("%s object not found\n", LDAP_OBJ_IDPOOL)); goto done; } talloc_autofree_ldapmsg(memctx, result); - - count = ldap_count_entries(idmap_alloc_ldap->smbldap_state->ldap_struct, result); + + count = ldap_count_entries(idmap_alloc_ldap->smbldap_state->ldap_struct, + result); if (count != 1) { DEBUG(0,("Single %s object not found\n", LDAP_OBJ_IDPOOL)); goto done; } - entry = ldap_first_entry(idmap_alloc_ldap->smbldap_state->ldap_struct, result); + entry = ldap_first_entry(idmap_alloc_ldap->smbldap_state->ldap_struct, + result); id_str = smbldap_talloc_single_attribute(idmap_alloc_ldap->smbldap_state->ldap_struct, entry, type, memctx); @@ -577,14 +602,14 @@ static NTSTATUS idmap_ldap_get_hwm(struct unixid *xid) } xid->id = strtoul(id_str, NULL, 10); - + ret = NT_STATUS_OK; done: talloc_free(memctx); return ret; } /********************************** - Set highest id. + Set highest id. **********************************/ static NTSTATUS idmap_ldap_set_hwm(struct unixid *xid) @@ -621,11 +646,13 @@ static NTSTATUS idmap_ldap_set_hwm(struct unixid *xid) switch (xid->type) { case ID_TYPE_UID: - type = get_attr_key2string(idpool_attr_list, LDAP_ATTR_UIDNUMBER); + type = get_attr_key2string(idpool_attr_list, + LDAP_ATTR_UIDNUMBER); break; case ID_TYPE_GID: - type = get_attr_key2string(idpool_attr_list, LDAP_ATTR_GIDNUMBER); + type = get_attr_key2string(idpool_attr_list, + LDAP_ATTR_GIDNUMBER); break; default: @@ -643,23 +670,27 @@ static NTSTATUS idmap_ldap_set_hwm(struct unixid *xid) idmap_alloc_ldap->suffix, LDAP_SCOPE_SUBTREE, filter, attr_list, 0, &result); - + if (rc != LDAP_SUCCESS) { DEBUG(0,("%s object not found\n", LDAP_OBJ_IDPOOL)); goto done; } talloc_autofree_ldapmsg(ctx, result); - - count = ldap_count_entries(idmap_alloc_ldap->smbldap_state->ldap_struct, result); + + count = ldap_count_entries(idmap_alloc_ldap->smbldap_state->ldap_struct, + result); if (count != 1) { DEBUG(0,("Single %s object not found\n", LDAP_OBJ_IDPOOL)); goto done; } - entry = ldap_first_entry(idmap_alloc_ldap->smbldap_state->ldap_struct, result); + entry = ldap_first_entry(idmap_alloc_ldap->smbldap_state->ldap_struct, + result); - dn = smbldap_talloc_dn(ctx, idmap_alloc_ldap->smbldap_state->ldap_struct, entry); + dn = smbldap_talloc_dn(ctx, + idmap_alloc_ldap->smbldap_state->ldap_struct, + entry); if ( ! dn) { goto done; } @@ -670,12 +701,12 @@ static NTSTATUS idmap_ldap_set_hwm(struct unixid *xid) ret = NT_STATUS_NO_MEMORY; goto done; } - + smbldap_set_mod(&mods, LDAP_MOD_REPLACE, type, new_id_str); if (mods == NULL) { DEBUG(0,("smbldap_set_mod() failed.\n")); - goto done; + goto done; } rc = smbldap_modify(idmap_alloc_ldap->smbldap_state, dn, mods); @@ -683,10 +714,11 @@ static NTSTATUS idmap_ldap_set_hwm(struct unixid *xid) ldap_mods_free(mods, True); if (rc != LDAP_SUCCESS) { - DEBUG(1,("Failed to allocate new %s. smbldap_modify() failed.\n", type)); + DEBUG(1,("Failed to allocate new %s. " + "smbldap_modify() failed.\n", type)); goto done; } - + ret = NT_STATUS_OK; done: @@ -713,7 +745,7 @@ static NTSTATUS idmap_ldap_alloc_close(void) /********************************************************************** IDMAP MAPPING LDAP BACKEND **********************************************************************/ - + static int idmap_ldap_close_destructor(struct idmap_ldap_context *ctx) { smbldap_free_struct(&ctx->smbldap_state); @@ -724,7 +756,7 @@ static int idmap_ldap_close_destructor(struct idmap_ldap_context *ctx) } /******************************** - Initialise idmap database. + Initialise idmap database. ********************************/ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom) @@ -756,7 +788,8 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom) /* load ranges */ range = lp_parm_const_string(-1, config_option, "range", NULL); if (range && range[0]) { - if ((sscanf(range, "%u - %u", &ctx->filter_low_id, &ctx->filter_high_id) != 2) || + if ((sscanf(range, "%u - %u", &ctx->filter_low_id, + &ctx->filter_high_id) != 2) || (ctx->filter_low_id > ctx->filter_high_id)) { DEBUG(1, ("ERROR: invalid filter range [%s]", range)); ctx->filter_low_id = 0; @@ -775,26 +808,21 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom) ret = NT_STATUS_UNSUCCESSFUL; goto done; } - + ctx->url = talloc_strdup(ctx, tmp); } CHECK_ALLOC_DONE(ctx->url); - tmp = lp_ldap_idmap_suffix(); - if ( ! tmp || ! *tmp) { - tmp = lp_parm_const_string(-1, config_option, "ldap_base_dn", NULL); - } - if ( ! tmp) { - tmp = lp_ldap_suffix(); - if (tmp) { - DEBUG(1, ("WARNING: Trying to use the global ldap suffix(%s)\n", tmp)); - DEBUGADD(1, ("as suffix. This may not be what you want!\n")); - } else { - DEBUG(1, ("ERROR: missing idmap ldap suffix\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - } + tmp = lp_parm_const_string(-1, config_option, "ldap_base_dn", NULL); + if ( ! tmp || ! *tmp) { + tmp = lp_ldap_idmap_suffix(); + if ( ! tmp) { + DEBUG(1, ("ERROR: missing idmap ldap suffix\n")); + ret = NT_STATUS_UNSUCCESSFUL; + goto done; + } + } + ctx->suffix = talloc_strdup(ctx, tmp); CHECK_ALLOC_DONE(ctx->suffix); @@ -804,14 +832,14 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom) goto done; } - ret = get_credentials( ctx, ctx->smbldap_state, config_option, + ret = get_credentials( ctx, ctx->smbldap_state, config_option, dom, &ctx->user_dn ); if ( !NT_STATUS_IS_OK(ret) ) { DEBUG(1,("idmap_ldap_db_init: Failed to get connection " "credentials (%s)\n", nt_errstr(ret))); goto done; - } - + } + /* set the destructor on the context, so that resource are properly freed if the contexts is released */ @@ -830,14 +858,17 @@ done: } /* max number of ids requested per batch query */ -#define IDMAP_LDAP_MAX_IDS 30 +#define IDMAP_LDAP_MAX_IDS 30 /********************************** - lookup a set of unix ids. + lookup a set of unix ids. **********************************/ -/* this function searches up to IDMAP_LDAP_MAX_IDS entries in maps for a match */ -static struct id_map *find_map_by_id(struct id_map **maps, enum id_type type, uint32_t id) +/* this function searches up to IDMAP_LDAP_MAX_IDS entries + * in maps for a match */ +static struct id_map *find_map_by_id(struct id_map **maps, + enum id_type type, + uint32_t id) { int i; @@ -850,10 +881,11 @@ static struct id_map *find_map_by_id(struct id_map **maps, enum id_type type, ui } } - return NULL; + return NULL; } -static NTSTATUS idmap_ldap_unixids_to_sids(struct idmap_domain *dom, struct id_map **ids) +static NTSTATUS idmap_ldap_unixids_to_sids(struct idmap_domain *dom, + struct id_map **ids) { NTSTATUS ret; TALLOC_CTX *memctx; @@ -883,7 +915,7 @@ static NTSTATUS idmap_ldap_unixids_to_sids(struct idmap_domain *dom, struct id_m } } - ctx = talloc_get_type(dom->private_data, struct idmap_ldap_context); + ctx = talloc_get_type(dom->private_data, struct idmap_ldap_context); memctx = talloc_new(ctx); if ( ! memctx) { @@ -894,7 +926,7 @@ static NTSTATUS idmap_ldap_unixids_to_sids(struct idmap_domain *dom, struct id_m uidNumber = get_attr_key2string(idpool_attr_list, LDAP_ATTR_UIDNUMBER); gidNumber = get_attr_key2string(idpool_attr_list, LDAP_ATTR_GIDNUMBER); - attr_list = get_attr_list(ctx, sidmap_attr_list); + attr_list = get_attr_list(memctx, sidmap_attr_list); if ( ! ids[1]) { /* if we are requested just one mapping use the simple filter */ @@ -914,7 +946,9 @@ again: if (multi) { talloc_free(filter); - filter = talloc_asprintf(memctx, "(&(objectClass=%s)(|", LDAP_OBJ_IDMAP_ENTRY); + filter = talloc_asprintf(memctx, + "(&(objectClass=%s)(|", + LDAP_OBJ_IDMAP_ENTRY); CHECK_ALLOC_DONE(filter); bidx = idx; @@ -932,7 +966,7 @@ again: idx = 1; } - rc = smbldap_search(ctx->smbldap_state, ctx->suffix, LDAP_SCOPE_SUBTREE, + rc = smbldap_search(ctx->smbldap_state, ctx->suffix, LDAP_SCOPE_SUBTREE, filter, attr_list, 0, &result); if (rc != LDAP_SUCCESS) { @@ -956,12 +990,15 @@ again: uint32_t id; if (i == 0) { /* first entry */ - entry = ldap_first_entry(ctx->smbldap_state->ldap_struct, result); + entry = ldap_first_entry(ctx->smbldap_state->ldap_struct, + result); } else { /* following ones */ - entry = ldap_next_entry(ctx->smbldap_state->ldap_struct, entry); + entry = ldap_next_entry(ctx->smbldap_state->ldap_struct, + entry); } if ( ! entry) { - DEBUG(2, ("ERROR: Unable to fetch ldap entries from results\n")); + DEBUG(2, ("ERROR: Unable to fetch ldap entries " + "from results\n")); break; } @@ -976,7 +1013,8 @@ again: /* now try to see if it is a uid, if not try with a gid * (gid is more common, but in case both uidNumber and - * gidNumber are returned the SID is mapped to the uid not the gid) */ + * gidNumber are returned the SID is mapped to the uid + *not the gid) */ type = ID_TYPE_UID; tmp = smbldap_talloc_single_attribute( ctx->smbldap_state->ldap_struct, @@ -988,7 +1026,8 @@ again: entry, gidNumber, memctx); } if ( ! tmp) { /* wow very strange entry, how did it match ? */ - DEBUG(5, ("Unprobable match on (%s), no uidNumber, nor gidNumber returned\n", sidstr)); + DEBUG(5, ("Unprobable match on (%s), no uidNumber, " + "nor gidNumber returned\n", sidstr)); TALLOC_FREE(sidstr); continue; } @@ -997,8 +1036,9 @@ again: if ((id == 0) || (ctx->filter_low_id && (id < ctx->filter_low_id)) || (ctx->filter_high_id && (id > ctx->filter_high_id))) { - DEBUG(5, ("Requested id (%u) out of range (%u - %u). Filtered!\n", - id, ctx->filter_low_id, ctx->filter_high_id)); + DEBUG(5, ("Requested id (%u) out of range (%u - %u). " + "Filtered!\n", id, + ctx->filter_low_id, ctx->filter_high_id)); TALLOC_FREE(sidstr); TALLOC_FREE(tmp); continue; @@ -1007,7 +1047,8 @@ again: map = find_map_by_id(&ids[bidx], type, id); if (!map) { - DEBUG(2, ("WARNING: couldn't match sid (%s) with requested ids\n", sidstr)); + DEBUG(2, ("WARNING: couldn't match sid (%s) " + "with requested ids\n", sidstr)); TALLOC_FREE(sidstr); continue; } @@ -1022,7 +1063,9 @@ again: /* mapped */ map->status = ID_MAPPED; - DEBUG(10, ("Mapped %s -> %lu (%d)\n", sid_string_static(map->sid), (unsigned long)map->xid.id, map->xid.type)); + DEBUG(10, ("Mapped %s -> %lu (%d)\n", + sid_string_static(map->sid), + (unsigned long)map->xid.id, map->xid.type)); } /* free the ldap results */ @@ -1049,10 +1092,11 @@ done: } /********************************** - lookup a set of sids. + lookup a set of sids. **********************************/ -/* this function searches up to IDMAP_LDAP_MAX_IDS entries in maps for a match */ +/* this function searches up to IDMAP_LDAP_MAX_IDS entries + * in maps for a match */ static struct id_map *find_map_by_sid(struct id_map **maps, DOM_SID *sid) { int i; @@ -1066,10 +1110,11 @@ static struct id_map *find_map_by_sid(struct id_map **maps, DOM_SID *sid) } } - return NULL; + return NULL; } -static NTSTATUS idmap_ldap_sids_to_unixids(struct idmap_domain *dom, struct id_map **ids) +static NTSTATUS idmap_ldap_sids_to_unixids(struct idmap_domain *dom, + struct id_map **ids) { LDAPMessage *entry = NULL; NTSTATUS ret; @@ -1100,7 +1145,7 @@ static NTSTATUS idmap_ldap_sids_to_unixids(struct idmap_domain *dom, struct id_m } } - ctx = talloc_get_type(dom->private_data, struct idmap_ldap_context); + ctx = talloc_get_type(dom->private_data, struct idmap_ldap_context); memctx = talloc_new(ctx); if ( ! memctx) { @@ -1111,7 +1156,7 @@ static NTSTATUS idmap_ldap_sids_to_unixids(struct idmap_domain *dom, struct id_m uidNumber = get_attr_key2string(idpool_attr_list, LDAP_ATTR_UIDNUMBER); gidNumber = get_attr_key2string(idpool_attr_list, LDAP_ATTR_GIDNUMBER); - attr_list = get_attr_list(ctx, sidmap_attr_list); + attr_list = get_attr_list(memctx, sidmap_attr_list); if ( ! ids[1]) { /* if we are requested just one mapping use the simple filter */ @@ -1131,7 +1176,9 @@ again: if (multi) { TALLOC_FREE(filter); - filter = talloc_asprintf(memctx, "(&(objectClass=%s)(|", LDAP_OBJ_IDMAP_ENTRY); + filter = talloc_asprintf(memctx, + "(&(objectClass=%s)(|", + LDAP_OBJ_IDMAP_ENTRY); CHECK_ALLOC_DONE(filter); bidx = idx; @@ -1149,11 +1196,12 @@ again: idx = 1; } - rc = smbldap_search(ctx->smbldap_state, ctx->suffix, LDAP_SCOPE_SUBTREE, + rc = smbldap_search(ctx->smbldap_state, ctx->suffix, LDAP_SCOPE_SUBTREE, filter, attr_list, 0, &result); if (rc != LDAP_SUCCESS) { - DEBUG(3,("Failure looking up sids (%s)\n", ldap_err2string(rc))); + DEBUG(3,("Failure looking up sids (%s)\n", + ldap_err2string(rc))); ret = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -1173,12 +1221,15 @@ again: uint32_t id; if (i == 0) { /* first entry */ - entry = ldap_first_entry(ctx->smbldap_state->ldap_struct, result); + entry = ldap_first_entry(ctx->smbldap_state->ldap_struct, + result); } else { /* following ones */ - entry = ldap_next_entry(ctx->smbldap_state->ldap_struct, entry); + entry = ldap_next_entry(ctx->smbldap_state->ldap_struct, + entry); } if ( ! entry) { - DEBUG(2, ("ERROR: Unable to fetch ldap entries from results\n")); + DEBUG(2, ("ERROR: Unable to fetch ldap entries " + "from results\n")); break; } @@ -1199,7 +1250,8 @@ again: map = find_map_by_sid(&ids[bidx], &sid); if (!map) { - DEBUG(2, ("WARNING: couldn't find entry sid (%s) in ids", sidstr)); + DEBUG(2, ("WARNING: couldn't find entry sid (%s) " + "in ids", sidstr)); TALLOC_FREE(sidstr); continue; } @@ -1208,7 +1260,8 @@ again: /* now try to see if it is a uid, if not try with a gid * (gid is more common, but in case both uidNumber and - * gidNumber are returned the SID is mapped to the uid not the gid) */ + * gidNumber are returned the SID is mapped to the uid + * not the gid) */ type = ID_TYPE_UID; tmp = smbldap_talloc_single_attribute( ctx->smbldap_state->ldap_struct, @@ -1220,7 +1273,8 @@ again: entry, gidNumber, memctx); } if ( ! tmp) { /* no ids ?? */ - DEBUG(5, ("no uidNumber, nor gidNumber attributes found\n")); + DEBUG(5, ("no uidNumber, " + "nor gidNumber attributes found\n")); continue; } @@ -1228,8 +1282,9 @@ again: if ((id == 0) || (ctx->filter_low_id && (id < ctx->filter_low_id)) || (ctx->filter_high_id && (id > ctx->filter_high_id))) { - DEBUG(5, ("Requested id (%u) out of range (%u - %u). Filtered!\n", - id, ctx->filter_low_id, ctx->filter_high_id)); + DEBUG(5, ("Requested id (%u) out of range (%u - %u). " + "Filtered!\n", id, + ctx->filter_low_id, ctx->filter_high_id)); TALLOC_FREE(tmp); continue; } @@ -1239,8 +1294,10 @@ again: map->xid.type = type; map->xid.id = id; map->status = ID_MAPPED; - - DEBUG(10, ("Mapped %s -> %lu (%d)\n", sid_string_static(map->sid), (unsigned long)map->xid.id, map->xid.type)); + + DEBUG(10, ("Mapped %s -> %lu (%d)\n", + sid_string_static(map->sid), + (unsigned long)map->xid.id, map->xid.type)); } /* free the ldap results */ @@ -1267,12 +1324,14 @@ done: } /********************************** - set a mapping. + set a mapping. **********************************/ -/* TODO: change this: This function cannot be called to modify a mapping, only set a new one */ +/* TODO: change this: This function cannot be called to modify a mapping, + * only set a new one */ -static NTSTATUS idmap_ldap_set_mapping(struct idmap_domain *dom, const struct id_map *map) +static NTSTATUS idmap_ldap_set_mapping(struct idmap_domain *dom, + const struct id_map *map) { NTSTATUS ret; TALLOC_CTX *memctx; @@ -1298,15 +1357,17 @@ static NTSTATUS idmap_ldap_set_mapping(struct idmap_domain *dom, const struct id } } - ctx = talloc_get_type(dom->private_data, struct idmap_ldap_context); + ctx = talloc_get_type(dom->private_data, struct idmap_ldap_context); switch(map->xid.type) { case ID_TYPE_UID: - type = get_attr_key2string(sidmap_attr_list, LDAP_ATTR_UIDNUMBER); + type = get_attr_key2string(sidmap_attr_list, + LDAP_ATTR_UIDNUMBER); break; case ID_TYPE_GID: - type = get_attr_key2string(sidmap_attr_list, LDAP_ATTR_GIDNUMBER); + type = get_attr_key2string(sidmap_attr_list, + LDAP_ATTR_GIDNUMBER); break; default: @@ -1331,12 +1392,15 @@ static NTSTATUS idmap_ldap_set_mapping(struct idmap_domain *dom, const struct id ctx->suffix); CHECK_ALLOC_DONE(dn); - smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_IDMAP_ENTRY); + smbldap_set_mod(&mods, LDAP_MOD_ADD, + "objectClass", LDAP_OBJ_IDMAP_ENTRY); - smbldap_make_mod(ctx->smbldap_state->ldap_struct, entry, &mods, type, id_str); + smbldap_make_mod(ctx->smbldap_state->ldap_struct, + entry, &mods, type, id_str); - smbldap_make_mod(ctx->smbldap_state->ldap_struct, entry, &mods, - get_attr_key2string(sidmap_attr_list, LDAP_ATTR_SID), sid); + smbldap_make_mod(ctx->smbldap_state->ldap_struct, entry, &mods, + get_attr_key2string(sidmap_attr_list, LDAP_ATTR_SID), + sid); if ( ! mods) { DEBUG(2, ("ERROR: No mods?\n")); @@ -1351,14 +1415,16 @@ static NTSTATUS idmap_ldap_set_mapping(struct idmap_domain *dom, const struct id DEBUG(10, ("Set DN %s (%s -> %s)\n", dn, sid, id_str)); rc = smbldap_add(ctx->smbldap_state, dn, mods); - ldap_mods_free(mods, True); + ldap_mods_free(mods, True); if (rc != LDAP_SUCCESS) { char *ld_error = NULL; - ldap_get_option(ctx->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(0,("ldap_set_mapping_internals: Failed to add %s to %lu mapping [%s]\n", - sid, (unsigned long)map->xid.id, type)); - DEBUG(0, ("ldap_set_mapping_internals: Error was: %s (%s)\n", + ldap_get_option(ctx->smbldap_state->ldap_struct, + LDAP_OPT_ERROR_STRING, &ld_error); + DEBUG(0,("ldap_set_mapping_internals: Failed to add %s to %lu " + "mapping [%s]\n", sid, + (unsigned long)map->xid.id, type)); + DEBUG(0, ("ldap_set_mapping_internals: Error was: %s (%s)\n", ld_error ? ld_error : "(NULL)", ldap_err2string (rc))); if (ld_error) { ldap_memfree(ld_error); @@ -1366,9 +1432,9 @@ static NTSTATUS idmap_ldap_set_mapping(struct idmap_domain *dom, const struct id ret = NT_STATUS_UNSUCCESSFUL; goto done; } - - DEBUG(10,("ldap_set_mapping: Successfully created mapping from %s to %lu [%s]\n", - sid, (unsigned long)map->xid.id, type)); + + DEBUG(10,("ldap_set_mapping: Successfully created mapping from %s to " + "%lu [%s]\n", sid, (unsigned long)map->xid.id, type)); ret = NT_STATUS_OK; @@ -1378,7 +1444,7 @@ done: } /********************************** - Close the idmap ldap instance + Close the idmap ldap instance **********************************/ static NTSTATUS idmap_ldap_close(struct idmap_domain *dom) @@ -1386,12 +1452,13 @@ static NTSTATUS idmap_ldap_close(struct idmap_domain *dom) struct idmap_ldap_context *ctx; if (dom->private_data) { - ctx = talloc_get_type(dom->private_data, struct idmap_ldap_context); + ctx = talloc_get_type(dom->private_data, + struct idmap_ldap_context); talloc_free(ctx); dom->private_data = NULL; } - + return NT_STATUS_OK; } @@ -1416,18 +1483,21 @@ static struct idmap_alloc_methods idmap_ldap_alloc_methods = { NTSTATUS idmap_alloc_ldap_init(void) { - return smb_register_idmap_alloc(SMB_IDMAP_INTERFACE_VERSION, "ldap", &idmap_ldap_alloc_methods); + return smb_register_idmap_alloc(SMB_IDMAP_INTERFACE_VERSION, "ldap", + &idmap_ldap_alloc_methods); } NTSTATUS idmap_ldap_init(void) { NTSTATUS ret; - /* FIXME: bad hack to actually register also the alloc_ldap module without changining configure.in */ + /* FIXME: bad hack to actually register also the alloc_ldap module + * without changining configure.in */ ret = idmap_alloc_ldap_init(); if (! NT_STATUS_IS_OK(ret)) { return ret; } - return smb_register_idmap(SMB_IDMAP_INTERFACE_VERSION, "ldap", &idmap_ldap_methods); + return smb_register_idmap(SMB_IDMAP_INTERFACE_VERSION, "ldap", + &idmap_ldap_methods); } diff --git a/source/nsswitch/wb_common.c b/source/nsswitch/wb_common.c index fb84373aa63..563c38648af 100644 --- a/source/nsswitch/wb_common.c +++ b/source/nsswitch/wb_common.c @@ -422,7 +422,7 @@ int write_sock(void *buffer, int count, int recursing, int need_priv) static int read_sock(void *buffer, int count) { - int result = 0, nread = 0; + int nread = 0; int total_time = 0, selret; if (winbindd_fd == -1) { @@ -463,7 +463,7 @@ static int read_sock(void *buffer, int count) /* Do the Read */ - result = read(winbindd_fd, (char *)buffer + nread, + int result = read(winbindd_fd, (char *)buffer + nread, count - nread); if ((result == -1) || (result == 0)) { @@ -481,7 +481,7 @@ static int read_sock(void *buffer, int count) } } - return result; + return nread; } /* Read reply */ diff --git a/source/nsswitch/winbindd_cache.c b/source/nsswitch/winbindd_cache.c index a2b8cb4193e..a88a061686c 100644 --- a/source/nsswitch/winbindd_cache.c +++ b/source/nsswitch/winbindd_cache.c @@ -1133,14 +1133,15 @@ do_query: domain->name )); status = domain->backend->query_user_list(domain, mem_ctx, num_entries, info); - if (!NT_STATUS_IS_OK(status)) + if (!NT_STATUS_IS_OK(status)) { DEBUG(3, ("query_user_list: returned 0x%08x, " "retrying\n", NT_STATUS_V(status))); - if (NT_STATUS_EQUAL(status, NT_STATUS_UNSUCCESSFUL)) { - DEBUG(3, ("query_user_list: flushing " - "connection cache\n")); - invalidate_cm_connection(&domain->conn); - } + } + if (NT_STATUS_EQUAL(status, NT_STATUS_UNSUCCESSFUL)) { + DEBUG(3, ("query_user_list: flushing " + "connection cache\n")); + invalidate_cm_connection(&domain->conn); + } } while (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL) && (retry++ < 5)); diff --git a/source/nsswitch/winbindd_cm.c b/source/nsswitch/winbindd_cm.c index f96478fe516..9fa1ef16269 100644 --- a/source/nsswitch/winbindd_cm.c +++ b/source/nsswitch/winbindd_cm.c @@ -1032,19 +1032,27 @@ static BOOL dcip_to_name(const struct winbindd_domain *domain, struct in_addr ip DEBUG(10,("dcip_to_name: flags = 0x%x\n", (unsigned int)ads->config.flags)); - if (domain->primary && (ads->config.flags & ADS_KDC) && ads_closest_dc(ads)) { - char *sitename = sitename_fetch(ads->config.realm); - - /* We're going to use this KDC for this realm/domain. - If we are using sites, then force the krb5 libs - to use this KDC. */ - - create_local_private_krb5_conf_for_domain(domain->alt_name, - domain->name, - sitename, - ip); - - SAFE_FREE(sitename); + if (domain->primary && (ads->config.flags & ADS_KDC)) { + if (ads_closest_dc(ads)) { + char *sitename = sitename_fetch(ads->config.realm); + + /* We're going to use this KDC for this realm/domain. + If we are using sites, then force the krb5 libs + to use this KDC. */ + + create_local_private_krb5_conf_for_domain(domain->alt_name, + domain->name, + sitename, + ip); + + SAFE_FREE(sitename); + } else { + /* use an off site KDC */ + create_local_private_krb5_conf_for_domain(domain->alt_name, + domain->name, + NULL, + ip); + } /* Ensure we contact this DC also. */ saf_store( domain->name, name); saf_store( domain->alt_name, name); @@ -1550,6 +1558,16 @@ static void set_dc_type_and_flags( struct winbindd_domain *domain ) DEBUG(5, ("set_dc_type_and_flags: rpccli_ds_getprimarydominfo " "on domain %s failed: (%s)\n", domain->name, nt_errstr(result))); + + /* older samba3 DCs will return DCERPC_FAULT_OP_RNG_ERROR for + * every opcode on the LSARPC_DS pipe, continue with + * no_lsarpc_ds mode here as well to get domain->initialized + * set - gd */ + + if (NT_STATUS_V(result) == DCERPC_FAULT_OP_RNG_ERROR) { + goto no_lsarpc_ds; + } + return; } diff --git a/source/nsswitch/winbindd_rpc.c b/source/nsswitch/winbindd_rpc.c index f408e1e15ee..3c79670d635 100644 --- a/source/nsswitch/winbindd_rpc.c +++ b/source/nsswitch/winbindd_rpc.c @@ -168,8 +168,7 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, (*num_entries) + count); if (! *info) { talloc_destroy(mem_ctx2); - status = NT_STATUS_NO_MEMORY; - break; + return NT_STATUS_NO_MEMORY; } memcpy(&(*info)[*num_entries], info2, count*sizeof(*info2)); diff --git a/source/param/loadparm.c b/source/param/loadparm.c index 8d30b65d905..be49927cc6f 100644 --- a/source/param/loadparm.c +++ b/source/param/loadparm.c @@ -456,6 +456,7 @@ typedef struct { int iAioReadSize; int iAioWriteSize; int iMap_readonly; + int iDirectoryNameCacheSize; param_opt_struct *param_opt; char dummy[3]; /* for alignment */ @@ -597,7 +598,11 @@ static service sDefault = { 0, /* iAioReadSize */ 0, /* iAioWriteSize */ MAP_READONLY_YES, /* iMap_readonly */ - +#ifdef BROKEN_DIRECTORY_HANDLING + 0, /* iDirectoryNameCacheSize */ +#else + 100, /* iDirectoryNameCacheSize */ +#endif NULL, /* Parametric options */ "" /* dummy */ @@ -1012,6 +1017,7 @@ static struct parm_struct parm_table[] = { {"getwd cache", P_BOOL, P_GLOBAL, &use_getwd_cache, NULL, NULL, FLAG_ADVANCED}, {"keepalive", P_INTEGER, P_GLOBAL, &keepalive, NULL, NULL, FLAG_ADVANCED}, {"change notify", P_BOOL, P_LOCAL, &sDefault.bChangeNotify, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE }, + {"directory name cache size", P_INTEGER, P_LOCAL, &sDefault.iDirectoryNameCacheSize, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE }, {"kernel change notify", P_BOOL, P_LOCAL, &sDefault.bKernelChangeNotify, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE }, {"lpq cache time", P_INTEGER, P_GLOBAL, &Globals.lpqcachetime, NULL, NULL, FLAG_ADVANCED}, @@ -2140,6 +2146,7 @@ FN_LOCAL_INTEGER(lp_allocation_roundup_size, iallocation_roundup_size) FN_LOCAL_INTEGER(lp_aio_read_size, iAioReadSize) FN_LOCAL_INTEGER(lp_aio_write_size, iAioWriteSize) FN_LOCAL_INTEGER(lp_map_readonly, iMap_readonly) +FN_LOCAL_INTEGER(lp_directory_name_cache_size, iDirectoryNameCacheSize) FN_LOCAL_CHAR(lp_magicchar, magic_char) FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time) FN_GLOBAL_LIST(lp_winbind_nss_info, &Globals.szWinbindNssInfo) diff --git a/source/python/py_smb.c b/source/python/py_smb.c index 2f5d1161d87..a1eba47964a 100644 --- a/source/python/py_smb.c +++ b/source/python/py_smb.c @@ -48,7 +48,7 @@ static PyObject *py_smb_connect(PyObject *self, PyObject *args, PyObject *kw) ZERO_STRUCT(ip); - if (!cli_connect(cli, server, &ip)) + if (!NT_STATUS_IS_OK(cli_connect(cli, server, &ip))) return NULL; return new_cli_state_object(cli); diff --git a/source/smbd/blocking.c b/source/smbd/blocking.c index 66baf4022a0..b9e7c144705 100644 --- a/source/smbd/blocking.c +++ b/source/smbd/blocking.c @@ -685,18 +685,14 @@ void process_blocking_lock_queue(void) DEBUG(5,("process_blocking_lock_queue: examining pending lock fnum = %d for file %s\n", fsp->fnum, fsp->fsp_name )); - if (!timeval_is_zero(&blr->expire_time) && timeval_compare(&blr->expire_time, &tv_curr) <= 0) { + if(!change_to_user(conn,vuid)) { struct byte_range_lock *br_lck = brl_get_locks(NULL, fsp); /* - * Lock expired - throw away all previously - * obtained locks and return lock error. + * Remove the entry and return an error to the client. */ if (br_lck) { - DEBUG(5,("process_blocking_lock_queue: pending lock fnum = %d for file %s timed out.\n", - fsp->fnum, fsp->fsp_name )); - brl_lock_cancel(br_lck, blr->lock_pid, procid_self(), @@ -706,13 +702,15 @@ void process_blocking_lock_queue(void) TALLOC_FREE(br_lck); } - blocking_lock_reply_error(blr,NT_STATUS_FILE_LOCK_CONFLICT); + DEBUG(0,("process_blocking_lock_queue: Unable to become user vuid=%d.\n", + vuid )); + blocking_lock_reply_error(blr,NT_STATUS_ACCESS_DENIED); DLIST_REMOVE(blocking_lock_queue, blr); free_blocking_lock_record(blr); continue; } - if(!change_to_user(conn,vuid)) { + if(!set_current_service(conn,SVAL(blr->inbuf,smb_flg),True)) { struct byte_range_lock *br_lck = brl_get_locks(NULL, fsp); /* @@ -729,20 +727,22 @@ void process_blocking_lock_queue(void) TALLOC_FREE(br_lck); } - DEBUG(0,("process_blocking_lock_queue: Unable to become user vuid=%d.\n", - vuid )); + DEBUG(0,("process_blocking_lock_queue: Unable to become service Error was %s.\n", strerror(errno) )); blocking_lock_reply_error(blr,NT_STATUS_ACCESS_DENIED); DLIST_REMOVE(blocking_lock_queue, blr); free_blocking_lock_record(blr); + change_to_root_user(); continue; } - if(!set_current_service(conn,SVAL(blr->inbuf,smb_flg),True)) { - struct byte_range_lock *br_lck = brl_get_locks(NULL, fsp); + /* + * Go through the remaining locks and try and obtain them. + * The call returns True if all locks were obtained successfully + * and False if we still need to wait. + */ - /* - * Remove the entry and return an error to the client. - */ + if(blocking_lock_record_process(blr)) { + struct byte_range_lock *br_lck = brl_get_locks(NULL, fsp); if (br_lck) { brl_lock_cancel(br_lck, @@ -754,24 +754,31 @@ void process_blocking_lock_queue(void) TALLOC_FREE(br_lck); } - DEBUG(0,("process_blocking_lock_queue: Unable to become service Error was %s.\n", strerror(errno) )); - blocking_lock_reply_error(blr,NT_STATUS_ACCESS_DENIED); DLIST_REMOVE(blocking_lock_queue, blr); free_blocking_lock_record(blr); change_to_root_user(); continue; } + change_to_root_user(); + /* - * Go through the remaining locks and try and obtain them. - * The call returns True if all locks were obtained successfully - * and False if we still need to wait. + * We couldn't get the locks for this record on the list. + * If the time has expired, return a lock error. */ - if(blocking_lock_record_process(blr)) { + if (!timeval_is_zero(&blr->expire_time) && timeval_compare(&blr->expire_time, &tv_curr) <= 0) { struct byte_range_lock *br_lck = brl_get_locks(NULL, fsp); + /* + * Lock expired - throw away all previously + * obtained locks and return lock error. + */ + if (br_lck) { + DEBUG(5,("process_blocking_lock_queue: pending lock fnum = %d for file %s timed out.\n", + fsp->fnum, fsp->fsp_name )); + brl_lock_cancel(br_lck, blr->lock_pid, procid_self(), @@ -781,10 +788,12 @@ void process_blocking_lock_queue(void) TALLOC_FREE(br_lck); } + blocking_lock_reply_error(blr,NT_STATUS_FILE_LOCK_CONFLICT); DLIST_REMOVE(blocking_lock_queue, blr); free_blocking_lock_record(blr); + continue; } - change_to_root_user(); + } } diff --git a/source/smbd/dir.c b/source/smbd/dir.c index db3e155ae47..57ed1df6ac3 100644 --- a/source/smbd/dir.c +++ b/source/smbd/dir.c @@ -33,8 +33,6 @@ extern struct current_user current_user; /* Make directory handle internals available. */ -#define NAME_CACHE_SIZE 100 - struct name_cache_entry { char *name; long offset; @@ -45,6 +43,7 @@ struct smb_Dir { SMB_STRUCT_DIR *dir; long offset; char *dir_path; + size_t name_cache_size; struct name_cache_entry *name_cache; unsigned int name_cache_index; unsigned int file_number; @@ -1062,12 +1061,14 @@ BOOL is_visible_file(connection_struct *conn, const char *dir_path, const char * struct smb_Dir *OpenDir(connection_struct *conn, const char *name, const char *mask, uint32 attr) { struct smb_Dir *dirp = SMB_MALLOC_P(struct smb_Dir); + if (!dirp) { return NULL; } ZERO_STRUCTP(dirp); dirp->conn = conn; + dirp->name_cache_size = lp_directory_name_cache_size(SNUM(conn)); dirp->dir_path = SMB_STRDUP(name); if (!dirp->dir_path) { @@ -1079,9 +1080,14 @@ struct smb_Dir *OpenDir(connection_struct *conn, const char *name, const char *m goto fail; } - dirp->name_cache = SMB_CALLOC_ARRAY(struct name_cache_entry, NAME_CACHE_SIZE); - if (!dirp->name_cache) { - goto fail; + if (dirp->name_cache_size) { + dirp->name_cache = SMB_CALLOC_ARRAY(struct name_cache_entry, + dirp->name_cache_size); + if (!dirp->name_cache) { + goto fail; + } + } else { + dirp->name_cache = NULL; } dirhandles_open++; @@ -1114,7 +1120,7 @@ int CloseDir(struct smb_Dir *dirp) } SAFE_FREE(dirp->dir_path); if (dirp->name_cache) { - for (i = 0; i < NAME_CACHE_SIZE; i++) { + for (i = 0; i < dirp->name_cache_size; i++) { SAFE_FREE(dirp->name_cache[i].name); } } @@ -1230,7 +1236,12 @@ void DirCacheAdd(struct smb_Dir *dirp, const char *name, long offset) { struct name_cache_entry *e; - dirp->name_cache_index = (dirp->name_cache_index+1) % NAME_CACHE_SIZE; + if (!dirp->name_cache_size || !dirp->name_cache) { + return; + } + + dirp->name_cache_index = (dirp->name_cache_index+1) % + dirp->name_cache_size; e = &dirp->name_cache[dirp->name_cache_index]; SAFE_FREE(e->name); e->name = SMB_STRDUP(name); @@ -1249,20 +1260,22 @@ BOOL SearchDir(struct smb_Dir *dirp, const char *name, long *poffset) connection_struct *conn = dirp->conn; /* Search back in the name cache. */ - for (i = dirp->name_cache_index; i >= 0; i--) { - struct name_cache_entry *e = &dirp->name_cache[i]; - if (e->name && (conn->case_sensitive ? (strcmp(e->name, name) == 0) : strequal(e->name, name))) { - *poffset = e->offset; - SeekDir(dirp, e->offset); - return True; + if (dirp->name_cache_size && dirp->name_cache) { + for (i = dirp->name_cache_index; i >= 0; i--) { + struct name_cache_entry *e = &dirp->name_cache[i]; + if (e->name && (conn->case_sensitive ? (strcmp(e->name, name) == 0) : strequal(e->name, name))) { + *poffset = e->offset; + SeekDir(dirp, e->offset); + return True; + } } - } - for (i = NAME_CACHE_SIZE-1; i > dirp->name_cache_index; i--) { - struct name_cache_entry *e = &dirp->name_cache[i]; - if (e->name && (conn->case_sensitive ? (strcmp(e->name, name) == 0) : strequal(e->name, name))) { - *poffset = e->offset; - SeekDir(dirp, e->offset); - return True; + for (i = dirp->name_cache_size - 1; i > dirp->name_cache_index; i--) { + struct name_cache_entry *e = &dirp->name_cache[i]; + if (e->name && (conn->case_sensitive ? (strcmp(e->name, name) == 0) : strequal(e->name, name))) { + *poffset = e->offset; + SeekDir(dirp, e->offset); + return True; + } } } diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c index def918b29fb..ade64c1c6cc 100644 --- a/source/smbd/posix_acls.c +++ b/source/smbd/posix_acls.c @@ -3107,7 +3107,7 @@ static NTSTATUS append_ugw_ace(files_struct *fsp, { mode_t perms; SEC_ACCESS acc; - int acl_type; + int nt_acl_type; /* Tru64 has "acl_type" as a macro.. */ DOM_SID trustee; switch (ugw) { @@ -3136,13 +3136,13 @@ static NTSTATUS append_ugw_ace(files_struct *fsp, return NT_STATUS_INVALID_PARAMETER; } acc = map_canon_ace_perms(SNUM(fsp->conn), - &acl_type, + &nt_acl_type, perms, fsp->is_directory); init_sec_ace(se, &trustee, - acl_type, + nt_acl_type, acc, 0); return NT_STATUS_OK; diff --git a/source/smbd/server.c b/source/smbd/server.c index 99fe2348b11..89cceae2a6d 100644 --- a/source/smbd/server.c +++ b/source/smbd/server.c @@ -363,7 +363,7 @@ static BOOL open_sockets_smbd(BOOL is_daemon, BOOL interactive, const char *smb_ for (ptr=ports; next_token(&ptr, tok, " \t,", sizeof(tok)); ) { unsigned port = atoi(tok); - if (port == 0) { + if (port == 0 || port > 0xffff) { continue; } s = fd_listenset[num_sockets] = open_socket_in(SOCK_STREAM, port, 0, ifip->s_addr, True); @@ -403,7 +403,7 @@ static BOOL open_sockets_smbd(BOOL is_daemon, BOOL interactive, const char *smb_ for (ptr=ports; next_token(&ptr, tok, " \t,", sizeof(tok)); ) { unsigned port = atoi(tok); - if (port == 0) continue; + if (port == 0 || port > 0xffff) continue; /* open an incoming socket */ s = open_socket_in(SOCK_STREAM, port, 0, interpret_addr(lp_socket_address()),True); diff --git a/source/tdb/common/io.c b/source/tdb/common/io.c index cccc9ecc1a6..01ada7647b9 100644 --- a/source/tdb/common/io.c +++ b/source/tdb/common/io.c @@ -89,12 +89,31 @@ static int tdb_write(struct tdb_context *tdb, tdb_off_t off, if (tdb->map_ptr) { memcpy(off + (char *)tdb->map_ptr, buf, len); - } else if (pwrite(tdb->fd, buf, len, off) != (ssize_t)len) { - /* Ensure ecode is set for log fn. */ - tdb->ecode = TDB_ERR_IO; - TDB_LOG((tdb, TDB_DEBUG_FATAL,"tdb_write failed at %d len=%d (%s)\n", - off, len, strerror(errno))); - return TDB_ERRCODE(TDB_ERR_IO, -1); + } else { + ssize_t written = pwrite(tdb->fd, buf, len, off); + if ((written != (ssize_t)len) && (written != -1)) { + /* try once more */ + TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_write: wrote only " + "%d of %d bytes at %d, trying once more\n", + written, len, off)); + errno = ENOSPC; + written = pwrite(tdb->fd, (void *)((char *)buf+written), + len-written, + off+written); + } + if (written == -1) { + /* Ensure ecode is set for log fn. */ + tdb->ecode = TDB_ERR_IO; + TDB_LOG((tdb, TDB_DEBUG_FATAL,"tdb_write failed at %d " + "len=%d (%s)\n", off, len, strerror(errno))); + return TDB_ERRCODE(TDB_ERR_IO, -1); + } else if (written != (ssize_t)len) { + TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_write: failed to " + "write %d bytes at %d in two attempts\n", + len, off)); + errno = ENOSPC; + return TDB_ERRCODE(TDB_ERR_IO, -1); + } } return 0; } |