diff options
Diffstat (limited to 'source')
-rw-r--r-- | source/lib/smbldap.c | 2 | ||||
-rw-r--r-- | source/libads/dns.c | 10 | ||||
-rw-r--r-- | source/passdb/pdb_smbpasswd.c | 6 | ||||
-rw-r--r-- | source/rpc_server/srv_lsa_nt.c | 5 | ||||
-rw-r--r-- | source/rpc_server/srv_samr_nt.c | 8 | ||||
-rw-r--r-- | source/rpc_server/srv_spoolss_nt.c | 45 | ||||
-rw-r--r-- | source/smbd/open.c | 17 | ||||
-rw-r--r-- | source/utils/net_ads.c | 81 |
8 files changed, 98 insertions, 76 deletions
diff --git a/source/lib/smbldap.c b/source/lib/smbldap.c index 5b18f4e3113..a63e1c1bcc3 100644 --- a/source/lib/smbldap.c +++ b/source/lib/smbldap.c @@ -325,7 +325,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { return NULL; } - if (pull_utf8_talloc(mem_ctx, &result, values[0]) < 0) { + if (pull_utf8_talloc(mem_ctx, &result, values[0]) == (size_t)-1) { DEBUG(10, ("pull_utf8_talloc failed\n")); ldap_value_free(values); return NULL; diff --git a/source/libads/dns.c b/source/libads/dns.c index 321b4355277..7dd877ea76d 100644 --- a/source/libads/dns.c +++ b/source/libads/dns.c @@ -204,17 +204,11 @@ static BOOL ads_dns_parse_rr_srv( TALLOC_CTX *ctx, uint8 *start, uint8 *end, static int dnssrvcmp( struct dns_rr_srv *a, struct dns_rr_srv *b ) { - BOOL init = False; - - if ( !init ) { - srand( (uint32)time(NULL) ); - } - if ( a->priority == b->priority ) { /* randomize entries with an equal weight and priority */ if ( a->weight == b->weight ) - return rand() % 2 ? -1 : 1; + return 0; /* higher weights should be sorted lower */ if ( a->weight > b->weight ) @@ -285,7 +279,7 @@ NTSTATUS ads_dns_lookup_srv( TALLOC_CTX *ctx, const char *name, struct dns_rr_sr DEBUG(4,("ads_dns_lookup_srv: %d records returned in the answer section.\n", answer_count)); - if ( (dcs = TALLOC_ARRAY(ctx, struct dns_rr_srv, answer_count)) == NULL ) { + if ( (dcs = TALLOC_ZERO_ARRAY(ctx, struct dns_rr_srv, answer_count)) == NULL ) { DEBUG(0,("ads_dns_lookup_srv: talloc() failure for %d char*'s\n", answer_count)); return NT_STATUS_NO_MEMORY; diff --git a/source/passdb/pdb_smbpasswd.c b/source/passdb/pdb_smbpasswd.c index a8a42196d48..ff2afd1a6f0 100644 --- a/source/passdb/pdb_smbpasswd.c +++ b/source/passdb/pdb_smbpasswd.c @@ -1189,6 +1189,7 @@ static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state, struct samu *sam_pass, const struct smb_passwd *pw_buf) { struct passwd *pwfile; + fstring unix_username; if ( !sam_pass ) { DEBUG(5,("build_sam_account: struct samu is NULL\n")); @@ -1196,8 +1197,11 @@ static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state, } /* verify the user account exists */ + + fstrcpy( unix_username, pw_buf->smb_name ); + strlower_m( unix_username ); - if ( !(pwfile = getpwnam_alloc(NULL, pw_buf->smb_name)) ) { + if ( !(pwfile = getpwnam_alloc(NULL, unix_username )) ) { DEBUG(0,("build_sam_account: smbpasswd database is corrupt! username %s with uid " "%u is not in unix passwd database!\n", pw_buf->smb_name, pw_buf->smb_userid)); return False; diff --git a/source/rpc_server/srv_lsa_nt.c b/source/rpc_server/srv_lsa_nt.c index efa7156eea6..010c35e3fff 100644 --- a/source/rpc_server/srv_lsa_nt.c +++ b/source/rpc_server/srv_lsa_nt.c @@ -873,8 +873,9 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p, if (name->type == SID_NAME_UNKNOWN) { name->dom_idx = -1; - name->name = talloc_asprintf(p->mem_ctx, "%8.8x", - name->rid); + /* unknown sids should return the string representation of the SID */ + name->name = talloc_asprintf(p->mem_ctx, "%s", + sid_string_static(sids[i])); if (name->name == NULL) { return NT_STATUS_NO_MEMORY; } diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c index 7422b18d46e..b8d4f072aee 100644 --- a/source/rpc_server/srv_samr_nt.c +++ b/source/rpc_server/srv_samr_nt.c @@ -3758,7 +3758,9 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_ DEBUG(10, ("sid is %s\n", sid_string_static(&alias_sid))); + become_root(); status = pdb_enum_aliasmem(&alias_sid, &sids, &num_sids); + unbecome_root(); if (!NT_STATUS_IS_OK(status)) { return status; @@ -4589,7 +4591,11 @@ NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_ /* get the current group information */ - if ( !pdb_get_aliasinfo( &group_sid, &info ) ) { + become_root(); + ret = pdb_get_aliasinfo( &group_sid, &info ); + unbecome_root(); + + if ( !ret ) { return NT_STATUS_NO_SUCH_ALIAS; } diff --git a/source/rpc_server/srv_spoolss_nt.c b/source/rpc_server/srv_spoolss_nt.c index 0281e3da0ca..0cbc3fcf85d 100644 --- a/source/rpc_server/srv_spoolss_nt.c +++ b/source/rpc_server/srv_spoolss_nt.c @@ -441,7 +441,7 @@ static BOOL set_printer_hnd_name(Printer_entry *Printer, char *handlename) const char *servername; fstring sname; BOOL found=False; - NT_PRINTER_INFO_LEVEL *printer; + NT_PRINTER_INFO_LEVEL *printer = NULL; WERROR result; DEBUG(4,("Setting printer name=%s (len=%lu)\n", handlename, (unsigned long)strlen(handlename))); @@ -532,6 +532,7 @@ static BOOL set_printer_hnd_name(Printer_entry *Printer, char *handlename) printername++; if ( strequal(printername, aprinter) ) { + free_a_printer( &printer, 2); found = True; break; } @@ -541,6 +542,8 @@ static BOOL set_printer_hnd_name(Printer_entry *Printer, char *handlename) free_a_printer( &printer, 2); } + free_a_printer( &printer, 2); + if ( !found ) { DEBUGADD(4,("Printer not found\n")); return False; @@ -3560,6 +3563,7 @@ static BOOL construct_notify_printer_info(Printer_entry *print_hnd, SPOOL_NOTIFY if((info->data=SMB_REALLOC_ARRAY(info->data, SPOOL_NOTIFY_INFO_DATA, info->count+1)) == NULL) { DEBUG(2,("construct_notify_printer_info: failed to enlarge buffer info->data!\n")); + free_a_printer(&printer, 2); return False; } @@ -4190,6 +4194,7 @@ static BOOL construct_printer_info_3(Printer_entry *print_hnd, PRINTER_INFO_3 ** *pp_printer = NULL; if ((printer = SMB_MALLOC_P(PRINTER_INFO_3)) == NULL) { DEBUG(2,("construct_printer_info_3: malloc fail.\n")); + free_a_printer(&ntprinter, 2); return False; } @@ -4992,8 +4997,10 @@ static WERROR construct_printer_driver_info_1(DRIVER_INFO_1 *info, int snum, fst if (!W_ERROR_IS_OK(get_a_printer(NULL, &printer, 2, lp_const_servicename(snum)))) return WERR_INVALID_PRINTER_NAME; - if (!W_ERROR_IS_OK(get_a_printer_driver(&driver, 3, printer->info_2->drivername, architecture, version))) + if (!W_ERROR_IS_OK(get_a_printer_driver(&driver, 3, printer->info_2->drivername, architecture, version))) { + free_a_printer(&printer, 2); return WERR_UNKNOWN_PRINTER_DRIVER; + } fill_printer_driver_info_1(info, driver, servername, architecture); @@ -5052,8 +5059,10 @@ static WERROR construct_printer_driver_info_2(DRIVER_INFO_2 *info, int snum, fst if (!W_ERROR_IS_OK(get_a_printer(NULL, &printer, 2, lp_const_servicename(snum)))) return WERR_INVALID_PRINTER_NAME; - if (!W_ERROR_IS_OK(get_a_printer_driver(&driver, 3, printer->info_2->drivername, architecture, version))) + if (!W_ERROR_IS_OK(get_a_printer_driver(&driver, 3, printer->info_2->drivername, architecture, version))) { + free_a_printer(&printer, 2); return WERR_UNKNOWN_PRINTER_DRIVER; + } fill_printer_driver_info_2(info, driver, servername); @@ -6402,9 +6411,9 @@ WERROR _spoolss_addjob(pipes_struct *p, SPOOL_Q_ADDJOB *q_u, SPOOL_R_ADDJOB *r_u /**************************************************************************** ****************************************************************************/ -static void fill_job_info_1(JOB_INFO_1 *job_info, print_queue_struct *queue, +static void fill_job_info_1(JOB_INFO_1 *job_info, const print_queue_struct *queue, int position, int snum, - NT_PRINTER_INFO_LEVEL *ntprinter) + const NT_PRINTER_INFO_LEVEL *ntprinter) { struct tm *t; @@ -6429,9 +6438,9 @@ static void fill_job_info_1(JOB_INFO_1 *job_info, print_queue_struct *queue, /**************************************************************************** ****************************************************************************/ -static BOOL fill_job_info_2(JOB_INFO_2 *job_info, print_queue_struct *queue, +static BOOL fill_job_info_2(JOB_INFO_2 *job_info, const print_queue_struct *queue, int position, int snum, - NT_PRINTER_INFO_LEVEL *ntprinter, + const NT_PRINTER_INFO_LEVEL *ntprinter, DEVICEMODE *devmode) { struct tm *t; @@ -6474,8 +6483,8 @@ static BOOL fill_job_info_2(JOB_INFO_2 *job_info, print_queue_struct *queue, Enumjobs at level 1. ****************************************************************************/ -static WERROR enumjobs_level1(print_queue_struct *queue, int snum, - NT_PRINTER_INFO_LEVEL *ntprinter, +static WERROR enumjobs_level1(const print_queue_struct *queue, int snum, + const NT_PRINTER_INFO_LEVEL *ntprinter, RPC_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) { @@ -6485,7 +6494,6 @@ static WERROR enumjobs_level1(print_queue_struct *queue, int snum, info=SMB_MALLOC_ARRAY(JOB_INFO_1,*returned); if (info==NULL) { - SAFE_FREE(queue); *returned=0; return WERR_NOMEM; } @@ -6493,8 +6501,6 @@ static WERROR enumjobs_level1(print_queue_struct *queue, int snum, for (i=0; i<*returned; i++) fill_job_info_1( &info[i], &queue[i], i, snum, ntprinter ); - SAFE_FREE(queue); - /* check the required size. */ for (i=0; i<*returned; i++) (*needed) += spoolss_size_job_info_1(&info[i]); @@ -6527,8 +6533,8 @@ out: Enumjobs at level 2. ****************************************************************************/ -static WERROR enumjobs_level2(print_queue_struct *queue, int snum, - NT_PRINTER_INFO_LEVEL *ntprinter, +static WERROR enumjobs_level2(const print_queue_struct *queue, int snum, + const NT_PRINTER_INFO_LEVEL *ntprinter, RPC_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) { @@ -6549,9 +6555,6 @@ static WERROR enumjobs_level2(print_queue_struct *queue, int snum, for (i=0; i<*returned; i++) fill_job_info_2(&(info[i]), &queue[i], i, snum, ntprinter, devmode); - free_a_printer(&ntprinter, 2); - SAFE_FREE(queue); - /* check the required size. */ for (i=0; i<*returned; i++) (*needed) += spoolss_size_job_info_2(&info[i]); @@ -6627,22 +6630,24 @@ WERROR _spoolss_enumjobs( pipes_struct *p, SPOOL_Q_ENUMJOBS *q_u, SPOOL_R_ENUMJO if (*returned == 0) { SAFE_FREE(queue); + free_a_printer(&ntprinter, 2); return WERR_OK; } switch (level) { case 1: wret = enumjobs_level1(queue, snum, ntprinter, buffer, offered, needed, returned); - return wret; + break; case 2: wret = enumjobs_level2(queue, snum, ntprinter, buffer, offered, needed, returned); - return wret; + break; default: - SAFE_FREE(queue); *returned=0; wret = WERR_UNKNOWN_LEVEL; + break; } + SAFE_FREE(queue); free_a_printer( &ntprinter, 2 ); return wret; } diff --git a/source/smbd/open.c b/source/smbd/open.c index a3c3cc4fc95..bf18b089a3e 100644 --- a/source/smbd/open.c +++ b/source/smbd/open.c @@ -1204,14 +1204,12 @@ files_struct *open_file_ntcreate(connection_struct *conn, /* If file exists replace/overwrite. If file doesn't * exist create. */ flags2 |= (O_CREAT | O_TRUNC); - open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */ break; case FILE_OVERWRITE_IF: /* If file exists replace/overwrite. If file doesn't * exist create. */ flags2 |= (O_CREAT | O_TRUNC); - open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */ break; case FILE_OPEN: @@ -1238,7 +1236,6 @@ files_struct *open_file_ntcreate(connection_struct *conn, return NULL; } flags2 |= O_TRUNC; - open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */ break; case FILE_CREATE: @@ -1292,9 +1289,6 @@ files_struct *open_file_ntcreate(connection_struct *conn, /* This is a nasty hack - must fix... JRA. */ if (access_mask == MAXIMUM_ALLOWED_ACCESS) { open_access_mask = access_mask = FILE_GENERIC_ALL; - if (flags2 & O_TRUNC) { - open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */ - } } /* @@ -1302,6 +1296,11 @@ files_struct *open_file_ntcreate(connection_struct *conn, */ se_map_generic(&access_mask, &file_generic_mapping); + open_access_mask = access_mask; + + if (flags2 & O_TRUNC) { + open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */ + } DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping " "access_mask=0x%x\n", fname, access_mask )); @@ -1539,9 +1538,11 @@ files_struct *open_file_ntcreate(connection_struct *conn, unx_mode = 0777; } - DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o\n", + DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, " + "access_mask = 0x%x, open_access_mask = 0x%x\n", (unsigned int)flags, (unsigned int)flags2, - (unsigned int)unx_mode)); + (unsigned int)unx_mode, (unsigned int)access_mask, + (unsigned int)open_access_mask)); /* * open_file strips any O_TRUNC flags itself. diff --git a/source/utils/net_ads.c b/source/utils/net_ads.c index 31a6b80912a..dcbd53bafc3 100644 --- a/source/utils/net_ads.c +++ b/source/utils/net_ads.c @@ -28,39 +28,34 @@ int net_ads_usage(int argc, const char **argv) { - d_printf( -"\nnet ads join <org_unit>"\ -"\n\tjoins the local machine to a ADS realm\n"\ -"\nnet ads leave"\ -"\n\tremoves the local machine from a ADS realm\n"\ -"\nnet ads testjoin"\ -"\n\ttests that an exiting join is OK\n"\ -"\nnet ads user"\ -"\n\tlist, add, or delete users in the realm\n"\ -"\nnet ads group"\ -"\n\tlist, add, or delete groups in the realm\n"\ -"\nnet ads info"\ -"\n\tshows some info on the server\n"\ -"\nnet ads status"\ -"\n\tdump the machine account details to stdout\n" -"\nnet ads lookup"\ -"\n\tperform a CLDAP search on the server\n" -"\nnet ads password <username@realm> <password> -Uadmin_username@realm%%admin_pass"\ -"\n\tchange a user's password using an admin account"\ -"\n\t(note: use realm in UPPERCASE, prompts if password is obmitted)\n"\ -"\nnet ads changetrustpw"\ -"\n\tchange the trust account password of this machine in the AD tree\n"\ -"\nnet ads printer [info | publish | remove] <printername> <servername>"\ -"\n\t lookup, add, or remove directory entry for a printer\n"\ -"\nnet ads search"\ -"\n\tperform a raw LDAP search and dump the results\n" -"\nnet ads dn"\ -"\n\tperform a raw LDAP search and dump attributes of a particular DN\n" -"\nnet ads sid"\ -"\n\tperform a raw LDAP search and dump attributes of a particular SID\n" -"\nnet ads keytab"\ -"\n\tcreates and updates the kerberos system keytab file\n" - ); + d_printf("join [createupn[=principal]] [createcomputer=<org_unit>]\n"); + d_printf(" Join the local machine to a ADS realm\n"); + d_printf("leave\n"); + d_printf(" Remove the local machine from a ADS realm\n"); + d_printf("testjoin\n"); + d_printf(" Validates the machine account in the domain\n"); + d_printf("user\n"); + d_printf(" List, add, or delete users in the realm\n"); + d_printf("group\n"); + d_printf(" List, add, or delete groups in the realm\n"); + d_printf("info\n"); + d_printf(" Displays details regarding a specific AD server\n"); + d_printf("status\n"); + d_printf(" Display details regarding the machine's account in AD\n"); + d_printf("lookup\n"); + d_printf(" Performs CLDAP query of AD domain controllers\n"); + d_printf("password <username@realm> <password> -Uadmin_username@realm%%admin_pass\n"); + d_printf(" Change a user's password using an admin account\n"); + d_printf(" (note: use realm in UPPERCASE, prompts if password is obmitted)\n"); + d_printf("changetrustpw\n"); + d_printf(" Change the trust account password of this machine in the AD tree\n"); + d_printf("printer [info | publish | remove] <printername> <servername>\n"); + d_printf(" Lookup, add, or remove directory entry for a printer\n"); + d_printf("{search,dn,sid}\n"); + d_printf(" Issue LDAP search queries using a general filter, by DN, or by SID\n"); + d_printf("keytab\n"); + d_printf(" Manage a local keytab file based on the machine account in AD\n"); + return -1; } @@ -1152,8 +1147,24 @@ static char* get_string_param( const char* param ) return (p+1); } + +/******************************************************************* + ********************************************************************/ + +static int net_ads_join_usage(int argc, const char **argv) +{ + d_printf("net ads join [options]\n"); + d_printf("Valid options:\n"); + d_printf(" createupn[=UPN] Set the userPrincipalName attribute during the join.\n"); + d_printf(" The deault UPN is in the form host/netbiosname@REALM.\n"); + d_printf(" createcomputer=OU Precreate the computer account in a specific OU.\n"); + d_printf(" The OU string read from top to bottom without RDNs and delimited by a '/'.\n"); + d_printf(" E.g. \"createcomputer=Computers/Servers/Unix\"\n"); + + return -1; +} + /******************************************************************* - join a domain using ADS (LDAP mods) ********************************************************************/ int net_ads_join(int argc, const char **argv) @@ -1991,7 +2002,7 @@ int net_ads_help(int argc, const char **argv) {"PRINTER", net_ads_printer_usage}, {"SEARCH", net_ads_search_usage}, {"INFO", net_ads_info}, - {"JOIN", net_ads_join}, + {"JOIN", net_ads_join_usage}, {"LEAVE", net_ads_leave}, {"STATUS", net_ads_status}, {"PASSWORD", net_ads_password}, |