From f17e49d2e718af9888810def54bfa25ef4269f9a Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 12 Dec 2005 21:13:37 +0000 Subject: [PATCH] r12199: grabbing some low risk fixes from 3.0 svn merge -r12027:12031 $SVNURL/branches/SAMBA_3_0 svn merge -r12055:12076 $SVNURL/branches/SAMBA_3_0 svn merge -r12076:12077 $SVNURL/branches/SAMBA_3_0 svn merge -r12098:12106 $SVNURL/branches/SAMBA_3_0 svn merge -r12119:12129 $SVNURL/branches/SAMBA_3_0 svn merge -r12131:12133 $SVNURL/branches/SAMBA_3_0 svn merge -r12170:12173 $SVNURL/branches/SAMBA_3_0 svn merge -r12173:12177 $SVNURL/branches/SAMBA_3_0 svn merge -r12185:12193 $SVNURL/branches/SAMBA_3_0 svn merge -r12194:12196 $SVNURL/branches/SAMBA_3_0 --- source/Makefile.in | 22 ++++++----- source/VERSION | 4 +- source/auth/auth_util.c | 56 ++++++++++++++++++++++++-- source/configure.in | 82 ++++++++++++++++++++++++++++++--------- source/include/doserr.h | 2 + source/include/rpc_netlogon.h | 2 +- source/include/rpc_svcctl.h | 3 +- source/libads/ldap.c | 18 ++++++++- source/libsmb/doserr.c | 1 + source/nsswitch/winbindd_cache.c | 2 +- source/nsswitch/winbindd_cm.c | 2 +- source/nsswitch/winbindd_misc.c | 2 +- source/nsswitch/winbindd_util.c | 16 +++++++- source/passdb/pdb_ldap.c | 2 +- source/rpc_client/cli_spoolss.c | 2 +- source/rpc_parse/parse_svcctl.c | 2 +- source/rpc_server/srv_srvsvc_nt.c | 46 +++++++++++++++++++--- source/rpc_server/srv_svcctl_nt.c | 13 ++++++- source/services/svc_netlogon.c | 33 ++++++++++------ source/services/svc_wins.c | 32 ++++++++------- source/smbd/quotas.c | 4 +- source/utils/net_groupmap.c | 3 ++ source/utils/net_help.c | 5 ++- source/utils/net_rpc_service.c | 1 + 24 files changed, 279 insertions(+), 76 deletions(-) diff --git a/source/Makefile.in b/source/Makefile.in index 888a0ebe344..4cc662a18e2 100644 --- a/source/Makefile.in +++ b/source/Makefile.in @@ -36,8 +36,8 @@ KRB5LIBS=@KRB5_LIBS@ LDAP_LIBS=@LDAP_LIBS@ INSTALLCMD=@INSTALL@ -INSTALLCLIENTCMD_SH=@INSTALLCLIENTCMD_SH@ -INSTALLCLIENTCMD_A=@INSTALLCLIENTCMD_A@ +INSTALLLIBCMD_SH=@INSTALLLIBCMD_SH@ +INSTALLLIBCMD_A=@INSTALLLIBCMD_A@ VPATH=@srcdir@ srcdir=@abs_srcdir@ @@ -1074,7 +1074,7 @@ bin/libsmbsharemodes.a: $(LIBSMBSHAREMODES_PICOBJS) bin/libmsrpc.@SHLIBEXT@: $(CAC_PICOBJS) @echo Linking libmsrpc shared library $@ @$(SHLD) $(LDSHFLAGS) -o $@ $(CAC_PICOBJS) $(LDFLAGS) $(LIBS) \ - @SONAMEFLAG@`basename $@` + @SONAMEFLAG@`basename $@`.$(LIBMSRPC_MAJOR) bin/libmsrpc.a: $(CAC_PICOBJS) @echo Linking libmsrpc non-shared library $@ @@ -1389,7 +1389,7 @@ bin/t_push_ucs2@EXEEXT@: bin/libbigballofmud.@SHLIBEXT@ torture/t_push_ucs2.o bin/t_snprintf@EXEEXT@: lib/snprintf.c $(CC) $(FLAGS) @PIE_LDFLAGS@ -o $@ $(DYNEXP) -DTEST_SNPRINTF lib/snprintf.c -lm -install: installbin installman installscripts installdat installswat installmodules @INSTALLCLIENT@ +install: installbin installman installscripts installdat installswat installmodules @INSTALL_LIBSMBCLIENT@ @INSTALL_LIBMSRPC@ install-everything: install installmodules @@ -1439,14 +1439,18 @@ installmsg: installdirs installswat: installdirs installmsg @$(SHELL) $(srcdir)/script/installswat.sh $(DESTDIR)$(SWATDIR) $(srcdir) -installclientlib: installdirs libsmbclient libmsrpc +installclientlib: installdirs libsmbclient @$(SHELL) $(srcdir)/script/installdirs.sh $(DESTDIR)$(LIBDIR) - -$(INSTALLCLIENTCMD_SH) bin/libsmbclient.@SHLIBEXT@ $(DESTDIR)$(LIBDIR) - -$(INSTALLCLIENTCMD_A) bin/libsmbclient.a $(DESTDIR)$(LIBDIR) - -$(INSTALLCLIENTCMD_SH) bin/libmsrpc.@SHLIBEXT@ $(DESTDIR)$(LIBDIR) - -$(INSTALLCLIENTCMD_A) bin/libmsrpc.a $(DESTDIR)$(LIBDIR) + -$(INSTALLLIBCMD_SH) bin/libsmbclient.@SHLIBEXT@ $(DESTDIR)$(LIBDIR) + -$(INSTALLLIBCMD_A) bin/libsmbclient.a $(DESTDIR)$(LIBDIR) @$(SHELL) $(srcdir)/script/installdirs.sh $(DESTDIR)${prefix}/include -$(INSTALLCMD) $(srcdir)/include/libsmbclient.h $(DESTDIR)${prefix}/include + +installlibmsrpc: installdirs libmsrpc + @$(SHELL) $(srcdir)/script/installdirs.sh $(DESTDIR)$(LIBDIR) + -$(INSTALLLIBCMD_SH) bin/libmsrpc.@SHLIBEXT@ $(DESTDIR)$(LIBDIR) + -$(INSTALLLIBCMD_A) bin/libmsrpc.a $(DESTDIR)$(LIBDIR) + @$(SHELL) $(srcdir)/script/installdirs.sh $(DESTDIR)${prefix}/include -$(INSTALLCMD) $(srcdir)/include/libmsrpc.h $(DESTDIR)${prefix}/include # Python extensions diff --git a/source/VERSION b/source/VERSION index 1c2952a55cb..f9c767381c7 100644 --- a/source/VERSION +++ b/source/VERSION @@ -51,7 +51,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # ######################################################## -SAMBA_VERSION_RC_RELEASE=2 +SAMBA_VERSION_RC_RELEASE= ######################################################## # To mark SVN snapshots this should be set to 'yes' # @@ -63,7 +63,7 @@ SAMBA_VERSION_RC_RELEASE=2 # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # # -> "3.0.0-SVN-build-199" # ######################################################## -SAMBA_VERSION_IS_SVN_SNAPSHOT= +SAMBA_VERSION_IS_SVN_SNAPSHOT=yes ######################################################## # This can be set by vendors if they want... # diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c index 61cb7f31cc7..483686a9dee 100644 --- a/source/auth/auth_util.c +++ b/source/auth/auth_util.c @@ -471,9 +471,12 @@ static NTSTATUS create_nt_user_token(const DOM_SID *user_sid, const DOM_SID *gro NT_USER_TOKEN *ptoken; int i; int sid_ndx; + DOM_SID domadm; + BOOL is_domain_admin = False; + BOOL domain_mode = False; if ((ptoken = SMB_MALLOC_P(NT_USER_TOKEN)) == NULL) { - DEBUG(0, ("create_nt_token: Out of memory allocating token\n")); + DEBUG(0, ("create_nt_user_token: Out of memory allocating token\n")); nt_status = NT_STATUS_NO_MEMORY; return nt_status; } @@ -483,7 +486,7 @@ static NTSTATUS create_nt_user_token(const DOM_SID *user_sid, const DOM_SID *gro ptoken->num_sids = n_groupSIDs + 5; if ((ptoken->user_sids = SMB_MALLOC_ARRAY( DOM_SID, ptoken->num_sids )) == NULL) { - DEBUG(0, ("create_nt_token: Out of memory allocating SIDs\n")); + DEBUG(0, ("create_nt_user_token: Out of memory allocating SIDs\n")); nt_status = NT_STATUS_NO_MEMORY; return nt_status; } @@ -517,6 +520,27 @@ static NTSTATUS create_nt_user_token(const DOM_SID *user_sid, const DOM_SID *gro sid_ndx = 5; /* next available spot */ + /* this is where we construct the domain admins SID if we can + so that we can add the BUILTIN\Administrators SID to the token */ + + ZERO_STRUCT( domadm ); + if ( IS_DC || lp_server_role()==ROLE_DOMAIN_MEMBER ) { + domain_mode = True; + + if ( IS_DC ) + sid_copy( &domadm, get_global_sam_sid() ); + else { + /* if we a re a member server and cannot find + out domain SID then reset the domain_mode flag */ + if ( !secrets_fetch_domain_sid( lp_workgroup(), &domadm ) ) + domain_mode = False; + } + + sid_append_rid( &domadm, DOMAIN_GROUP_RID_ADMINS ); + } + + /* add the group SIDs to teh token */ + for (i = 0; i < n_groupSIDs; i++) { size_t check_sid_idx; for (check_sid_idx = 1; check_sid_idx < ptoken->num_sids; check_sid_idx++) { @@ -531,6 +555,30 @@ static NTSTATUS create_nt_user_token(const DOM_SID *user_sid, const DOM_SID *gro } else { ptoken->num_sids--; } + + /* here we check if the user is a domain admin and add the + BUILTIN\Administrators SID to the token the group membership + check succeeds. */ + + if ( domain_mode ) { + if ( sid_equal( &domadm, &groupSIDs[i] ) ) + is_domain_admin = True; + } + + } + + /* finally realloc the SID array and add the BUILTIN\Administrators + SID if necessary */ + + if ( is_domain_admin ) { + DOM_SID *sids; + + if ( !(sids = SMB_REALLOC_ARRAY( ptoken->user_sids, DOM_SID, ptoken->num_sids+1 )) ) + DEBUG(0,("create_nt_user_token: Failed to realloc SID arry of size %d\n", ptoken->num_sids+1)); + else { + ptoken->user_sids = sids; + sid_copy( &(ptoken->user_sids)[ptoken->num_sids++], &global_sid_Builtin_Administrators ); + } } /* add privileges assigned to this user */ @@ -602,6 +650,8 @@ NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups, return NULL; } + /* convert the Unix group ids to SIDS */ + for (i = 0; i < ngroups; i++) { if (!NT_STATUS_IS_OK(gid_to_sid(&(group_sids)[i], (groups)[i]))) { DEBUG(1, ("create_nt_token: failed to convert gid %ld to a sid!\n", (long int)groups[i])); @@ -640,7 +690,7 @@ NT_USER_TOKEN *get_root_nt_token( void ) return token; if ( !(pw = getpwnam( "root" )) ) { - DEBUG(0,("create_root_nt_token: getpwnam\"root\") failed!\n")); + DEBUG(0,("get_root_nt_token: getpwnam\"root\") failed!\n")); return NULL; } diff --git a/source/configure.in b/source/configure.in index 296673e4b53..ec1bdacad84 100644 --- a/source/configure.in +++ b/source/configure.in @@ -214,11 +214,15 @@ AC_SUBST(libc_cv_fpie) AC_SUBST(PIE_CFLAGS) AC_SUBST(PIE_LDFLAGS) AC_SUBST(SHLIBEXT) -AC_SUBST(INSTALLCLIENT) -AC_SUBST(INSTALLCLIENTCMD_SH) -AC_SUBST(INSTALLCLIENTCMD_A) +AC_SUBST(INSTALLLIBCMD_SH) +AC_SUBST(INSTALLLIBCMD_A) +AC_SUBST(INSTALL_LIBMSRPC) +AC_SUBST(LIBMSRPC_SHARED) +AC_SUBST(LIBMSRPC) +AC_SUBST(INSTALL_LIBSMBCLIENT) AC_SUBST(LIBSMBCLIENT_SHARED) AC_SUBST(LIBSMBCLIENT) +AC_SUBST(INSTALL_LIBSMBSHAREMODES) AC_SUBST(LIBSMBSHAREMODES_SHARED) AC_SUBST(LIBSMBSHAREMODES) AC_SUBST(PRINT_LIBS) @@ -3988,20 +3992,62 @@ else AC_MSG_RESULT(no$utmp_no_reason) fi -################################################# -# should we build libsmbclient? - -INSTALLCLIENTCMD_SH=: -INSTALLCLIENTCMD_A=: +INSTALLLIBCMD_SH=: +INSTALLLIBCMD_A=: if test $BLDSHARED = true; then - INSTALLCLIENTCMD_SH="\$(INSTALLCMD)" + INSTALLLIBCMD_SH="\$(INSTALLCMD)" fi if test $enable_static = yes; then - INSTALLCLIENTCMD_A="\$(INSTALLCMD)" + INSTALLLIBCMD_A="\$(INSTALLCMD)" fi -INSTALLCLIENT= +################################################# +# should we build libmsrpc? +INSTALL_LIBMSRPC= +LIBMSRPC_SHARED= +LIBMSRPC= +AC_MSG_CHECKING(whether to build the libmsrpc shared library) +AC_ARG_WITH(libmsrpc, +[ --with-libmsrpc Build the libmsrpc shared library (default=yes if shared libs supported)], +[ case "$withval" in + no) + AC_MSG_RESULT(no) + ;; + *) + if test $BLDSHARED = true; then + LIBMSRPC_SHARED=bin/libmsrpc.$SHLIBEXT + LIBMSRPC=libmsrpc + AC_MSG_RESULT(yes) + else + enable_static=yes + AC_MSG_RESULT(no shared library support -- will supply static library) + fi + if test $enable_static = yes; then + LIBMSRPC=libmsrpc + fi + INSTALL_LIBMSRPC=installlibmsrpc + ;; + esac ], +[ +# if unspecified, default is to built it if possible. + if test $BLDSHARED = true; then + LIBMSRPC_SHARED=bin/libmsrpc.$SHLIBEXT + LIBMSRPC=libmsrpc + AC_MSG_RESULT(yes) + else + enable_static=yes + AC_MSG_RESULT(no shared library support -- will supply static library) + fi + if test $enable_static = yes; then + LIBMSRPC=libmsrpc + fi] + INSTALL_LIBMSRPC=installlibmsrpc +) + +################################################# +# should we build libsmbclient? +INSTALL_LIBSMBCLIENT= LIBSMBCLIENT_SHARED= LIBSMBCLIENT= AC_MSG_CHECKING(whether to build the libsmbclient shared library) @@ -4023,11 +4069,11 @@ AC_ARG_WITH(libsmbclient, if test $enable_static = yes; then LIBSMBCLIENT=libsmbclient fi - INSTALLCLIENT=installclientlib + INSTALL_LIBSMBCLIENT=installclientlib ;; esac ], [ -# if unspecified, default is to built it iff possible. +# if unspecified, default is to built it if possible. if test $BLDSHARED = true; then LIBSMBCLIENT_SHARED=bin/libsmbclient.$SHLIBEXT LIBSMBCLIENT=libsmbclient @@ -4039,10 +4085,10 @@ AC_ARG_WITH(libsmbclient, if test $enable_static = yes; then LIBSMBCLIENT=libsmbclient fi] - INSTALLCLIENT=installclientlib + INSTALL_LIBSMBCLIENT=installclientlib ) -INSTALLCLIENT= +INSTALL_LIBSMBSHAREMODES= LIBSMBSHAREMODES_SHARED= LIBSMBSHAREMODES= AC_MSG_CHECKING(whether to build the libsmbsharemodes shared library) @@ -4064,11 +4110,11 @@ AC_ARG_WITH(libsmbsharemodes, if test $enable_static = yes; then LIBSMBSHAREMODES=libsmbsharemodes fi - INSTALLCLIENT=installclientlib + INSTALL_LIBSMBSHAREMODES=installlibsmbsharemodes ;; esac ], [ -# if unspecified, default is to built it iff possible. +# if unspecified, default is to built it if possible. if test $BLDSHARED = true; then LIBSMBSHAREMODES_SHARED=bin/libsmbsharemodes.$SHLIBEXT LIBSMBSHAREMODES=libsmbsharemodes @@ -4080,7 +4126,7 @@ AC_ARG_WITH(libsmbsharemodes, if test $enable_static = yes; then LIBSMBSHAREMODES=libsmbsharemodes fi] - INSTALLCLIENT=installclientlib + INSTALL_LIBSMBSHAREMODES=installlibsmbsharemodes ) ################################################# diff --git a/source/include/doserr.h b/source/include/doserr.h index 60c450c819d..62c1e4fa22d 100644 --- a/source/include/doserr.h +++ b/source/include/doserr.h @@ -196,6 +196,8 @@ #define WERR_REG_FILE_INVALID W_ERROR(1017) #define WERR_NO_SUCH_SERVICE W_ERROR(1060) #define WERR_INVALID_SERVICE_CONTROL W_ERROR(1052) +#define WERR_SERVICE_DISABLED W_ERROR(1058) +#define WERR_SERVICE_NEVER_STARTED W_ERROR(1077) #define WERR_MACHINE_LOCKED W_ERROR(1271) #define WERR_INVALID_SECURITY_DESCRIPTOR W_ERROR(1338) #define WERR_EVENTLOG_FILE_CORRUPT W_ERROR(1500) diff --git a/source/include/rpc_netlogon.h b/source/include/rpc_netlogon.h index fdf2f08c03c..c1d85403448 100644 --- a/source/include/rpc_netlogon.h +++ b/source/include/rpc_netlogon.h @@ -946,7 +946,7 @@ typedef struct net_q_dsr_getdcname { struct uuid *domain_guid; uint32 ptr_site_guid; struct uuid *site_guid; - uint32_t flags; + uint32 flags; } NET_Q_DSR_GETDCNAME; /* NET_R_DSR_GETDCNAME - Ask a DC for a trusted DC name and its address */ diff --git a/source/include/rpc_svcctl.h b/source/include/rpc_svcctl.h index f5ad2afa1c7..4a058999a38 100644 --- a/source/include/rpc_svcctl.h +++ b/source/include/rpc_svcctl.h @@ -69,6 +69,7 @@ /* SERVER_STATUS - ControlAccepted */ +#define SVCCTL_ACCEPT_NONE 0x00000000 #define SVCCTL_ACCEPT_STOP 0x00000001 #define SVCCTL_ACCEPT_PAUSE_CONTINUE 0x00000002 #define SVCCTL_ACCEPT_SHUTDOWN 0x00000004 @@ -126,7 +127,7 @@ typedef struct { uint32 type; uint32 state; uint32 controls_accepted; - uint32 win32_exit_code; + WERROR win32_exit_code; uint32 service_exit_code; uint32 check_point; uint32 wait_hint; diff --git a/source/libads/ldap.c b/source/libads/ldap.c index e4cfc456a21..2123d5b55c5 100644 --- a/source/libads/ldap.c +++ b/source/libads/ldap.c @@ -37,6 +37,9 @@ * codepoints in UTF-8). This may have to change at some point **/ + +#define LDAP_SERVER_TREE_DELETE_OID "1.2.840.113556.1.4.805" + static SIG_ATOMIC_T gotalarm; /*************************************************************** @@ -1796,6 +1799,11 @@ ADS_STATUS ads_leave_realm(ADS_STRUCT *ads, const char *hostname) void *res, *msg; char *hostnameDN, *host; int rc; + LDAPControl ldap_control; + LDAPControl * pldap_control[] = {&ldap_control, 0}; + + memset(&ldap_control, 0, sizeof(LDAPControl)); + ldap_control.ldctl_oid = (char *)LDAP_SERVER_TREE_DELETE_OID; /* hostname must be lowercase */ host = SMB_STRDUP(hostname); @@ -1813,7 +1821,15 @@ ADS_STATUS ads_leave_realm(ADS_STRUCT *ads, const char *hostname) } hostnameDN = ads_get_dn(ads, (LDAPMessage *)msg); - rc = ldap_delete_s(ads->ld, hostnameDN); + + + rc = ldap_delete_ext_s(ads->ld, hostnameDN, pldap_control, NULL); + if (rc) { + DEBUG(3,("ldap_delete_ext_s failed with error code %d\n", rc)); + }else { + DEBUG(3,("ldap_delete_ext_s succeeded with error code %d\n", rc)); + } + ads_memfree(ads, hostnameDN); if (rc != LDAP_SUCCESS) { return ADS_ERROR(rc); diff --git a/source/libsmb/doserr.c b/source/libsmb/doserr.c index dd0358f69a5..253164963a4 100644 --- a/source/libsmb/doserr.c +++ b/source/libsmb/doserr.c @@ -76,6 +76,7 @@ werror_code_struct dos_errs[] = { "WERR_REG_CORRUPT", WERR_REG_CORRUPT }, { "WERR_REG_IO_FAILURE", WERR_REG_IO_FAILURE }, { "WERR_REG_FILE_INVALID", WERR_REG_FILE_INVALID }, + { "WERR_SERVICE_DISABLED", WERR_SERVICE_DISABLED }, { NULL, W_ERROR(0) } }; diff --git a/source/nsswitch/winbindd_cache.c b/source/nsswitch/winbindd_cache.c index 2d03e452ad6..841b114a785 100644 --- a/source/nsswitch/winbindd_cache.c +++ b/source/nsswitch/winbindd_cache.c @@ -1146,7 +1146,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) && netsamlogon_cache_have(user_sid)) { - DEBUG(10, ("query_user: cached access denied and have cached info3\n")); + DEBUG(10, ("lookup_usergroups: cached access denied and have cached info3\n")); domain->last_status = NT_STATUS_OK; centry_free(centry); goto do_query; diff --git a/source/nsswitch/winbindd_cm.c b/source/nsswitch/winbindd_cm.c index 77278e8c34d..6ac2520f44d 100644 --- a/source/nsswitch/winbindd_cm.c +++ b/source/nsswitch/winbindd_cm.c @@ -209,7 +209,7 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, WINBIND_SERVER_MUTEX_WAIT_TIME); if (!got_mutex) { - DEBUG(0,("cm_open_connection: mutex grab failed for %s\n", + DEBUG(0,("cm_prepare_connection: mutex grab failed for %s\n", controller)); result = NT_STATUS_POSSIBLE_DEADLOCK; goto done; diff --git a/source/nsswitch/winbindd_misc.c b/source/nsswitch/winbindd_misc.c index ec8bacc4745..1fbf4b33df2 100644 --- a/source/nsswitch/winbindd_misc.c +++ b/source/nsswitch/winbindd_misc.c @@ -179,7 +179,7 @@ enum winbindd_result winbindd_dual_getdcname(struct winbindd_domain *domain, result = cm_connect_netlogon(domain, &netlogon_pipe); if (!NT_STATUS_IS_OK(result)) { - DEBUG(1, ("Can't contact our the NETLOGON pipe\n")); + DEBUG(1, ("Can't contact the NETLOGON pipe\n")); return WINBINDD_ERROR; } diff --git a/source/nsswitch/winbindd_util.c b/source/nsswitch/winbindd_util.c index d934bc2927f..efae9568845 100644 --- a/source/nsswitch/winbindd_util.c +++ b/source/nsswitch/winbindd_util.c @@ -90,6 +90,14 @@ static BOOL is_internal_domain(const DOM_SID *sid) return (sid_check_is_domain(sid) || sid_check_is_builtin(sid)); } +static BOOL is_in_internal_domain(const DOM_SID *sid) +{ + if (sid == NULL) + return False; + + return (sid_check_is_in_our_domain(sid) || sid_check_is_in_builtin(sid)); +} + /* Add a trusted domain to our list of domains */ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const char *alt_name, @@ -648,12 +656,18 @@ struct winbindd_domain *find_lookup_domain_from_sid(const DOM_SID *sid) * one to contact the external DC's. On member servers the internal * domains are different: These are part of the local SAM. */ - if (IS_DC || is_internal_domain(sid)) + DEBUG(10, ("find_lookup_domain_from_sid(%s)\n", + sid_string_static(sid))); + + if (IS_DC || is_internal_domain(sid) || is_in_internal_domain(sid)) { + DEBUG(10, ("calling find_domain_from_sid\n")); return find_domain_from_sid(sid); + } /* On a member server a query for SID or name can always go to our * primary DC. */ + DEBUG(10, ("calling find_our_domain\n")); return find_our_domain(); } diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c index fac95e37866..20cf2d328ec 100644 --- a/source/passdb/pdb_ldap.c +++ b/source/passdb/pdb_ldap.c @@ -3193,7 +3193,7 @@ static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods, char **values; int i; pstring filter; - size_t num_members; + size_t num_members = 0; *pp_members = NULL; *p_num_members = 0; diff --git a/source/rpc_client/cli_spoolss.c b/source/rpc_client/cli_spoolss.c index 62dca0afe78..749885dbb4f 100644 --- a/source/rpc_client/cli_spoolss.c +++ b/source/rpc_client/cli_spoolss.c @@ -517,7 +517,7 @@ WERROR rpccli_spoolss_enum_printers(struct rpc_pipe_client *cli, TALLOC_CTX *mem break; case 3: if (!decode_printer_info_3(mem_ctx, out.buffer, out.returned, &ctr->printers_3)) { - WERR_GENERAL_FAILURE; + return WERR_GENERAL_FAILURE; } break; default: diff --git a/source/rpc_parse/parse_svcctl.c b/source/rpc_parse/parse_svcctl.c index e1a7ad84273..dd0c68bd797 100644 --- a/source/rpc_parse/parse_svcctl.c +++ b/source/rpc_parse/parse_svcctl.c @@ -41,7 +41,7 @@ static BOOL svcctl_io_service_status( const char *desc, SERVICE_STATUS *status, if(!prs_uint32("controls_accepted", ps, depth, &status->controls_accepted)) return False; - if(!prs_uint32("win32_exit_code", ps, depth, &status->win32_exit_code)) + if(!prs_werror("win32_exit_code", ps, depth, &status->win32_exit_code)) return False; if(!prs_uint32("service_exit_code", ps, depth, &status->service_exit_code)) diff --git a/source/rpc_server/srv_srvsvc_nt.c b/source/rpc_server/srv_srvsvc_nt.c index 0e7ded39f57..1d574d82fb1 100644 --- a/source/rpc_server/srv_srvsvc_nt.c +++ b/source/rpc_server/srv_srvsvc_nt.c @@ -29,6 +29,26 @@ extern struct generic_mapping file_generic_mapping; #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV +#define INVALID_SHARENAME_CHARS "<>*?|" + +/******************************************************************** + Check a string for any occurrences of a specified list of invalid + characters. +********************************************************************/ + +static BOOL validate_net_name( const char *name, const char *invalid_chars, int max_len ) +{ + int i; + + for ( i=0; istatus; } +/******************************************************************** +********************************************************************/ + WERROR _srv_net_name_validate(pipes_struct *p, SRV_Q_NET_NAME_VALIDATE *q_u, SRV_R_NET_NAME_VALIDATE *r_u) { - fstring share_name; + fstring sharename; switch ( q_u->type ) { case 0x9: - /* check if share name is ok. - TODO: check for invalid characters in name? */ - - unistr2_to_ascii(share_name, &q_u->uni_name, sizeof(share_name)); + /* Run the name through alpha_strcpy() to remove any unsafe + shell characters. Compare the copied string with the original + and fail if the strings don't match */ + + unistr2_to_ascii(sharename, &q_u->uni_name, sizeof(sharename)); + if ( !validate_net_name( sharename, INVALID_SHARENAME_CHARS, sizeof(sharename) ) ) { + DEBUG(5,("_srv_net_name_validate: Bad sharename \"%s\"\n", sharename)); + return WERR_INVALID_NAME; + } break; + default: return WERR_UNKNOWN_LEVEL; } diff --git a/source/rpc_server/srv_svcctl_nt.c b/source/rpc_server/srv_svcctl_nt.c index 19648f5e78b..9212fe6136a 100644 --- a/source/rpc_server/srv_svcctl_nt.c +++ b/source/rpc_server/srv_svcctl_nt.c @@ -615,9 +615,20 @@ static WERROR fill_svc_config( TALLOC_CTX *ctx, const char *name, SERVICE_CONFIG config->tag_id = 0x00000000; /* unassigned loadorder group */ config->service_type = SVCCTL_WIN32_OWN_PROC; - config->start_type = SVCCTL_DEMAND_START; config->error_control = SVCCTL_SVC_ERROR_NORMAL; + /* set the start type. NetLogon and WINS are disabled to prevent + the client from showing the "Start" button (if of course the services + are not running */ + + if ( strequal( name, "NETLOGON" ) && ( lp_servicenumber(name) == -1 ) ) + config->start_type = SVCCTL_DISABLED; + else if ( strequal( name, "WINS" ) && ( !lp_wins_support() )) + config->start_type = SVCCTL_DISABLED; + else + config->start_type = SVCCTL_DEMAND_START; + + TALLOC_FREE( values ); return WERR_OK; diff --git a/source/services/svc_netlogon.c b/source/services/svc_netlogon.c index 2aa5a31cde3..1bbef325ac3 100644 --- a/source/services/svc_netlogon.c +++ b/source/services/svc_netlogon.c @@ -25,33 +25,42 @@ /********************************************************************* *********************************************************************/ -static WERROR netlogon_stop( const char *service, SERVICE_STATUS *service_status ) +static WERROR netlogon_status( const char *service, SERVICE_STATUS *service_status ) { - return WERR_ACCESS_DENIED; + ZERO_STRUCTP( service_status ); + + service_status->type = 0x20; + service_status->controls_accepted = SVCCTL_ACCEPT_NONE; + + if ( lp_servicenumber("NETLOGON") != -1 ) { + service_status->state = SVCCTL_RUNNING; + service_status->win32_exit_code = WERR_SERVICE_NEVER_STARTED; + } + else + service_status->state = SVCCTL_STOPPED; + + return WERR_OK; } /********************************************************************* *********************************************************************/ -static WERROR netlogon_start( const char *service ) +static WERROR netlogon_stop( const char *service, SERVICE_STATUS *service_status ) { + netlogon_status( service, service_status ); + return WERR_ACCESS_DENIED; } /********************************************************************* *********************************************************************/ -static WERROR netlogon_status( const char *service, SERVICE_STATUS *service_status ) +static WERROR netlogon_start( const char *service ) { - ZERO_STRUCTP( service_status ); + if ( lp_servicenumber("NETLOGON") == -1 ) + return WERR_SERVICE_DISABLED; - service_status->type = 0x20; - if ( lp_servicenumber("NETLOGON") != -1 ) - service_status->state = SVCCTL_RUNNING; - else - service_status->state = SVCCTL_STOPPED; - - return WERR_OK; + return WERR_ACCESS_DENIED; } /********************************************************************* diff --git a/source/services/svc_wins.c b/source/services/svc_wins.c index 3a4650664df..37cfc99c06e 100644 --- a/source/services/svc_wins.c +++ b/source/services/svc_wins.c @@ -25,33 +25,39 @@ /********************************************************************* *********************************************************************/ -static WERROR wins_stop( const char *service, SERVICE_STATUS *service_status ) +static WERROR wins_status( const char *service, SERVICE_STATUS *service_status ) { - return WERR_ACCESS_DENIED; + ZERO_STRUCTP( service_status ); + + service_status->type = 0x10; + service_status->controls_accepted = SVCCTL_ACCEPT_NONE; + + if ( lp_wins_support() ) + service_status->state = SVCCTL_RUNNING; + else { + service_status->state = SVCCTL_STOPPED; + service_status->win32_exit_code = WERR_SERVICE_NEVER_STARTED; + } + + return WERR_OK; } /********************************************************************* *********************************************************************/ -static WERROR wins_start( const char *service ) +static WERROR wins_stop( const char *service, SERVICE_STATUS *service_status ) { + wins_status( service, service_status ); + return WERR_ACCESS_DENIED; } /********************************************************************* *********************************************************************/ -static WERROR wins_status( const char *service, SERVICE_STATUS *service_status ) +static WERROR wins_start( const char *service ) { - ZERO_STRUCTP( service_status ); - - service_status->type = 0x10; - if ( lp_wins_support() ) - service_status->state = SVCCTL_RUNNING; - else - service_status->state = SVCCTL_STOPPED; - - return WERR_OK; + return WERR_ACCESS_DENIED; } /********************************************************************* diff --git a/source/smbd/quotas.c b/source/smbd/quotas.c index 8cb94bca3d8..de31376d6c6 100644 --- a/source/smbd/quotas.c +++ b/source/smbd/quotas.c @@ -216,7 +216,9 @@ BOOL disk_quotas(const char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB devno = S.st_dev ; - fp = setmntent(MOUNTED,"r"); + if ((fp = setmntent(MOUNTED,"r")) == NULL) + return(False) ; + found = False ; while ((mnt = getmntent(fp))) { diff --git a/source/utils/net_groupmap.c b/source/utils/net_groupmap.c index 12c3c79ef47..9e897d8efc7 100644 --- a/source/utils/net_groupmap.c +++ b/source/utils/net_groupmap.c @@ -678,6 +678,9 @@ static int net_groupmap_listmem(int argc, const char **argv) return -1; } + members = NULL; + num = 0; + if (!pdb_enum_aliasmem(&alias, &members, &num)) { d_printf("Could not list members for sid %s\n", argv[0]); return -1; diff --git a/source/utils/net_help.c b/source/utils/net_help.c index 7c7c583fa38..c5188c3608e 100644 --- a/source/utils/net_help.c +++ b/source/utils/net_help.c @@ -61,7 +61,7 @@ static int help_usage(int argc, const char **argv) "Valid functions are:\n"\ " RPC RAP ADS FILE SHARE SESSION SERVER DOMAIN PRINTQ USER GROUP VALIDATE\n"\ " GROUPMEMBER ADMIN SERVICE PASSWORD TIME LOOKUP GETLOCALSID SETLOCALSID\n"\ -" CHANGESCRETPW\n"); +" CHANGESCRETPW IDMAP\n"); return -1; } @@ -224,6 +224,7 @@ static int net_usage(int argc, const char **argv) " net user\t\tto manage users\n"\ " net group\t\tto manage groups\n"\ " net groupmap\t\tto manage group mappings\n"\ + " net idmap\t\tto manage the idmap id mappings\n"\ " net join\t\tto join a domain\n"\ " net cache\t\tto operate on cache tdb file\n"\ " net getlocalsid [NAME]\tto get the SID for local name\n"\ @@ -273,7 +274,7 @@ int net_help(int argc, const char **argv) #ifdef WITH_FAKE_KASERVER {"AFS", net_help_afs}, #endif - + {"IDMAP", net_help_idmap}, {"HELP", help_usage}, {NULL, NULL}}; diff --git a/source/utils/net_rpc_service.c b/source/utils/net_rpc_service.c index 3cc4790884c..ed7d1dfab1f 100644 --- a/source/utils/net_rpc_service.c +++ b/source/utils/net_rpc_service.c @@ -254,6 +254,7 @@ static NTSTATUS rpc_service_status_internal(const DOM_SID *domain_sid, /* print out the configuration information for the service */ d_printf("Configuration details:\n"); + d_printf("\tControls Accepted = 0x%x\n", service_status.controls_accepted); d_printf("\tService Type = 0x%x\n", config.service_type); d_printf("\tStart Type = 0x%x\n", config.start_type); d_printf("\tError Control = 0x%x\n", config.error_control); -- 2.11.4.GIT