libsmbsharemodes added (Jermey).
Linux core dump fix from (James Peach).
Linux quota fixes from (metze).
krb5 memory leaks from (gd).
Creds fix for winbindd and server (Jeremy).
winbindd recursion fix (Jeremy).
winbindd builtin fix (gd)
universal pw error fixes (novell).
dir logic fix (Jeremy).
hide dotfiles fix (Jeremy)
no write to read-only shares fix (?).
exclusive open fix (vl).
tdb reopen fix (tridge)
status display open files fix (Jeremy)
posix acl null pointer crash (?)
posix acl mem leak (?)
mount.cifs flag fix (sfrench)
smbspool error message fix (?)
libsmbclient comment fix (?).
64-bit error message fixes (Jeremy).
LIBSMBCLIENT_MAJOR=0
LIBSMBCLIENT_MINOR=1
+LIBSMBSHAREMODES=bin/libsmbsharemodes.a @LIBSMBSHAREMODES_SHARED@
+LIBSMBSHAREMODES_MAJOR=0
+LIBSMBSHAREMODES_MINOR=1
-FLAGS1 = $(CFLAGS) @FLAGS1@ -Iinclude -I$(srcdir)/include -I$(srcdir)/ubiqx @SMBWRAP_INC@ -I. $(CPPFLAGS) -I$(srcdir)
+
+FLAGS1 = $(CFLAGS) @FLAGS1@ -Iinclude -I$(srcdir)/include -I$(srcdir)/ubiqx @SMBWRAP_INC@ -I. $(CPPFLAGS) -I$(srcdir) -I$(srcdir)/tdb
FLAGS2 =
FLAGS3 =
FLAGS4 =
EVERYTHING_PROGS = bin/debug2html@EXEEXT@ bin/smbfilter@EXEEXT@ bin/talloctort@EXEEXT@ \
bin/log2pcap@EXEEXT@
-SHLIBS = @SHLIB_PROGS@ @LIBSMBCLIENT@
+SHLIBS = @SHLIB_PROGS@ @LIBSMBCLIENT@ @LIBSMBSHAREMODES@
SCRIPTS = $(srcdir)/script/smbtar $(builddir)/script/findsmb
$(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \
$(SECRETS_OBJ) $(PASSDB_OBJ) $(SMBLDAP_OBJ) $(GROUPDB_OBJ)
+LIBSMBSHAREMODES_OBJ = libsmb/smb_share_modes.o tdb/tdb.o tdb/spinlock.o
# This shared library is intended for linking with unit test programs
# to test Samba internals. It's called libbigballofmud.so to
# discourage casual usage.
PICOBJS = $(SMBWRAPPER_OBJ:.o=.@PICSUFFIX@)
LIBSMBCLIENT_PICOBJS = $(LIBSMBCLIENT_OBJ:.o=.@PICSUFFIX@)
+LIBSMBSHAREMODES_PICOBJS = $(LIBSMBSHAREMODES_OBJ:.o=.@PICSUFFIX@)
PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \
pam_smbpass/pam_smb_acct.o pam_smbpass/support.o \
@echo Linking libsmbclient non-shared library $@
@-$(AR) -rc $@ $(LIBSMBCLIENT_PICOBJS)
+bin/libsmbsharemodes.@SHLIBEXT@: $(LIBSMBSHAREMODES_PICOBJS)
+ @echo Linking libsmbsharemodes shared library $@
+ @$(SHLD) $(LDSHFLAGS) -o $@ $(LIBSMBSHAREMODES_PICOBJS) $(LDFLAGS) $(LIBS) \
+ $(KRB5LIBS) $(LDAP_LIBS) \
+ @SONAMEFLAG@`basename $@`.$(LIBSMBSHAREMODES_MAJOR)
+
+bin/libsmbsharemodes.a: $(LIBSMBSHAREMODES_PICOBJS)
+ @echo Linking libsmbsharemodes non-shared library $@
+ @-$(AR) -rc $@ $(LIBSMBSHAREMODES_PICOBJS)
+
# This is probably wrong for anything other than the GNU linker.
bin/libbigballofmud.@SHLIBEXT@: $(LIBBIGBALLOFMUD_PICOBJS)
@echo Linking bigballofmud shared library $@
# library.
libsmbclient: $(LIBSMBCLIENT)
+libsmbsharemodes: $(LIBSMBSHAREMODES)
bin/librpc_lsarpc.@SHLIBEXT@: $(RPC_LSA_OBJ)
@echo "Linking $@"
clean: delheaders python_clean
-rm -f core */*~ *~ */*.o */*.@PICSUFFIX@ */*.@SHLIBEXT@ \
$(TOPFILES) $(BIN_PROGS) $(SBIN_PROGS) $(MODULES) $(TORTURE_PROGS) \
- $(LIBSMBCLIENT) $(EVERYTHING_PROGS) .headers.stamp
+ $(LIBSMBCLIENT) $(LIBSMBSHAREMODES) $(EVERYTHING_PROGS) .headers.stamp
+ -rm -rf t_dir
# Making this target will just make sure that the prototype files
# exist, not necessarily that they are up to date. Since they're
*filesys_flags &= ~MS_NOSUID;
} else if (strncmp(data, "nodev", 5) == 0) {
*filesys_flags |= MS_NODEV;
+ } else if (strncmp(data, "nobrl", 5) == 0) {
+ *filesys_flags &= ~MS_MANDLOCK;
} else if (strncmp(data, "dev", 3) == 0) {
*filesys_flags &= ~MS_NODEV;
} else if (strncmp(data, "noexec", 6) == 0) {
strcat(mountent.mnt_opts,"rw");
if(flags & MS_MANDLOCK)
strcat(mountent.mnt_opts,",mand");
- else
- strcat(mountent.mnt_opts,",nomand");
if(flags & MS_NOEXEC)
strcat(mountent.mnt_opts,",noexec");
if(flags & MS_NOSUID)
AC_SUBST(INSTALLCLIENTCMD_A)
AC_SUBST(LIBSMBCLIENT_SHARED)
AC_SUBST(LIBSMBCLIENT)
+AC_SUBST(LIBSMBSHAREMODES_SHARED)
+AC_SUBST(LIBSMBSHAREMODES)
AC_SUBST(PRINT_LIBS)
AC_SUBST(AUTH_LIBS)
AC_SUBST(ACL_LIBS)
AC_HEADER_TIME
AC_HEADER_SYS_WAIT
AC_CHECK_HEADERS(aio.h arpa/inet.h sys/fcntl.h sys/select.h fcntl.h sys/time.h sys/unistd.h rpc/nettype.h)
-AC_CHECK_HEADERS(unistd.h utime.h grp.h sys/id.h limits.h memory.h)
+AC_CHECK_HEADERS(unistd.h utime.h grp.h sys/id.h limits.h memory.h alloca.h)
AC_CHECK_HEADERS(rpc/rpc.h rpcsvc/nis.h rpcsvc/ypclnt.h)
-AC_CHECK_HEADERS(sys/param.h ctype.h sys/wait.h sys/resource.h sys/ioctl.h sys/ipc.h)
+AC_CHECK_HEADERS(sys/param.h ctype.h sys/wait.h sys/resource.h sys/ioctl.h sys/ipc.h sys/prctl.h)
AC_CHECK_HEADERS(sys/mman.h sys/filio.h sys/priv.h sys/shm.h string.h strings.h stdlib.h sys/socket.h)
AC_CHECK_HEADERS(sys/un.h)
AC_CHECK_HEADERS(sys/mount.h sys/vfs.h sys/fs/s5param.h sys/filsys.h termios.h termio.h)
AC_CHECK_FUNCS(pread _pread __pread pread64 _pread64 __pread64)
AC_CHECK_FUNCS(pwrite _pwrite __pwrite pwrite64 _pwrite64 __pwrite64)
AC_CHECK_FUNCS(open64 _open64 __open64 creat64)
+AC_CHECK_FUNCS(prctl)
+
+AC_TRY_COMPILE([
+#ifdef HAVE_SYS_PRCTL_H
+#include <sys/prctl.h>
+#endif
+],
+[int i; i = prtcl(0); ],
+AC_DEFINE(HAVE_PRCTL, 1, [Whether prctl is available]),[])
#
#
samba_cv_TRY_QUOTAS=no
samba_cv_RUN_QUOTA_TESTS=auto
samba_cv_WITH_SYS_QUOTAS=auto
-samba_cv_TRY_SYS_QUOTAS=no
-samba_cv_SYSQUOTA_FOUND=no;
+samba_cv_TRY_SYS_QUOTAS=auto
+samba_cv_SYSQUOTA_FOUND=no
AC_MSG_CHECKING(whether to try disk-quotas support)
AC_ARG_WITH(quotas,
AC_MSG_RESULT(${samba_cv_TRY_SYS_QUOTAS})
)
-if test x"$samba_cv_TRY_SYS_QUOTAS" != x"no"; then
+if test x"$samba_cv_TRY_SYS_QUOTAS" = x"auto"; then
AC_MSG_CHECKING(whether to try the lib/sysquotas.c interface on ${host_os})
case "$host_os" in
*linux*)
AC_MSG_RESULT(yes)
samba_cv_TRY_SYS_QUOTAS=yes
samba_cv_RUN_QUOTA_TESTS=yes
- samba_cv_SYSQUOTA_FOUND=yes
- AC_DEFINE(HAVE_QUOTACTL_LINUX,1,[Whether Linux quota support is available])
- samba_cv_sysquotas_file="lib/sysquotas_linux.c"
- AC_DEFINE(HAVE_LINUX_XFS_QUOTAS,1,[Whether Linux xfs quota support is available])
- samba_cv_found_xfs_header=yes
;;
*)
AC_MSG_RESULT(no)
# only check for quota stuff if --with-quotas
if test x"$samba_cv_RUN_QUOTA_TESTS" != x"no"; then
+case "$host_os" in
+ # on linux we didn't need to test we have builtin support
+ *linux*)
+ samba_cv_SYSQUOTA_FOUND=yes
+ AC_DEFINE(HAVE_QUOTACTL_LINUX,1,[Whether Linux quota support is available])
+ samba_cv_sysquotas_file="lib/sysquotas_linux.c"
+ AC_MSG_CHECKING(whether to use the lib/sysquotas_linux.c builtin support)
+ AC_MSG_RESULT(yes)
+
+ AC_DEFINE(HAVE_LINUX_XFS_QUOTAS,1,[Whether Linux xfs quota support is available])
+ samba_cv_found_xfs_header=yes
+ AC_MSG_CHECKING(whether to use the lib/sysquotas_xfs.c builtin support)
+ AC_MSG_RESULT(yes)
+ ;;
+ *)
+ ;;
+esac
+
# some broken header files need this
AC_CHECK_HEADER(asm/types.h,[
AC_DEFINE(HAVE_ASM_TYPES_H,1,[check for <asm/types.h>])
)
+INSTALLCLIENTCMD_SH=:
+INSTALLCLIENTCMD_A=:
+INSTALLCLIENT=
+LIBSMBSHAREMODES_SHARED=
+LIBSMBSHAREMODES=
+AC_MSG_CHECKING(whether to build the libsmbsharemodes shared library)
+AC_ARG_WITH(libsmbsharemodes,
+[ --with-libsmbsharemodes Build the libsmbsharemodes shared library (default=yes if shared libs supported)],
+[ case "$withval" in
+ no)
+ AC_MSG_RESULT(no)
+ ;;
+ *)
+ if test $BLDSHARED = true; then
+ INSTALLCLIENTCMD_SH="\$(INSTALLCMD)"
+ ## build the static version of libsmbsharemodes as well
+ INSTALLCLIENTCMD_A="\$(INSTALLCMD)"
+ LIBSMBSHAREMODES_SHARED=bin/libsmbsharemodes.$SHLIBEXT
+ LIBSMBSHAREMODES=libsmbsharemodes
+ AC_MSG_RESULT(yes)
+ else
+ enable_static=yes
+ AC_MSG_RESULT(no shared library support -- will supply static library)
+ fi
+ if test $enable_static = yes; then
+ INSTALLCLIENTCMD_A="\$(INSTALLCMD)"
+ LIBSMBSHAREMODES=libsmbsharemodes
+ fi
+ INSTALLCLIENT=installclientlib
+ ;;
+ esac ],
+[
+# if unspecified, default is to built it iff possible.
+ if test $BLDSHARED = true; then
+ INSTALLCLIENTCMD_SH="\$(INSTALLCMD)"
+ LIBSMBSHAREMODES_SHARED=bin/libsmbsharemodes.$SHLIBEXT
+ LIBSMBSHAREMODES=libsmbsharemodes
+ AC_MSG_RESULT(yes)
+ else
+ enable_static=yes
+ AC_MSG_RESULT(no shared library support -- will supply static library)
+ fi
+ if test $enable_static = yes; then
+ INSTALLCLIENTCMD_A="\$(INSTALLCMD)"
+ LIBSMBSHAREMODES=libsmbsharemodes
+ fi]
+ INSTALLCLIENT=installclientlib
+)
+
+
#################################################
# these tests are taken from the GNU fileutils package
AC_CHECKING(how to get filesystem space usage)
/** Length of this smbc_dirent in bytes
*/
unsigned int dirlen;
- /** The length of the comment string in bytes (includes null
- * terminator)
+ /** The length of the comment string in bytes (does not include
+ * null terminator)
*/
unsigned int commentlen;
/** Points to the null terminated comment string
*/
char *comment;
- /** The length of the name string in bytes (includes null
- * terminator)
+ /** The length of the name string in bytes (does not include
+ * null terminator)
*/
unsigned int namelen;
/** Points to the null terminated name string
DEBUG(0,("===============================================================\n"));
DEBUG(0,("INTERNAL ERROR: Signal %d in pid %d (%s)",sig,(int)sys_getpid(),SAMBA_VERSION_STRING));
- DEBUG(0,("\nPlease read the appendix Bugs of the Samba HOWTO collection\n"));
+ DEBUG(0,("\nPlease read the Trouble-Shooting section of the Samba3-HOWTO\n"));
+ DEBUG(0,("\nFrom: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf\n"));
DEBUG(0,("===============================================================\n"));
smb_panic("internal error");
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_QUOTA
+#ifndef HAVE_SYS_QUOTAS
+#ifdef HAVE_QUOTACTL_4A
+#undef HAVE_QUOTACTL_4A
+#endif
+#endif
+
#ifdef HAVE_QUOTACTL_4A
/* long quotactl(int cmd, char *special, qid_t id, caddr_t addr) */
/* this is used by: HPUX,IRIX */
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_QUOTA
+#ifndef HAVE_SYS_QUOTAS
+#ifdef HAVE_QUOTACTL_LINUX
+#undef HAVE_QUOTACTL_LINUX
+#endif
+#endif
+
#ifdef HAVE_QUOTACTL_LINUX
#include "samba_linux_quota.h"
A readdir wrapper which just returns the file name.
********************************************************************/
-const char *readdirname(DIR *p)
+const char *readdirname(SMB_STRUCT_DIR *p)
{
SMB_STRUCT_DIRENT *ptr;
char *dname;
goto out;
}
- ret = krb5_kt_start_seq_get(context, keytab, &kt_cursor);
if (ret != KRB5_KT_END && ret != ENOENT ) {
while (!auth_ok && (krb5_kt_next_entry(context, keytab, &kt_entry, &kt_cursor) == 0)) {
ret = krb5_unparse_name(context, kt_entry.principal, &entry_princ_s);
ZERO_STRUCT(kt_cursor);
out:
-
+
+ for (i = 0; i < sizeof(valid_princ_formats) / sizeof(valid_princ_formats[0]); i++) {
+ SAFE_FREE(valid_princ_formats[i]);
+ }
+
if (!auth_ok) {
if (!number_matched_principals) {
DEBUG(3, ("ads_keytab_verify_ticket: no keytab principals matched expected file service name.\n"));
DEBUG(1,("krb5_get_pw_salt failed (%s)\n", error_message(ret)));
return ret;
}
- return krb5_string_to_key_salt(context, enctype, password->data,
- salt, key);
+
+ ret = krb5_string_to_key_salt(context, enctype, password->data, salt, key);
+ krb5_free_salt(context, salt);
+ return ret;
}
#else
#error UNKNOWN_CREATE_KEY_FUNCTIONS
DEBUG(5,("deal_with_creds: clnt_cred=%s\n", credstr(sto_clnt_cred->challenge.data)));
- /* Bug #2953 - don't store new seed in client credentials
- here, because we need to make sure we're moving forward first
- */
+ /* store new seed in client credentials */
+ SIVAL(sto_clnt_cred->challenge.data, 0, new_cred);
return True;
}
-
-/*
- stores new seed in client credentials
- jmcd - Bug #2953 - moved this functionality out of deal_with_creds, because we're
- not supposed to move to the next step in the chain if a nonexistent user tries to logon
-*/
-void reseed_client_creds(DOM_CRED *sto_clnt_cred, DOM_CRED *rcv_clnt_cred)
-{
- UTIME new_clnt_time;
- uint32 new_cred;
-
- /* increment client time by one second */
- new_clnt_time.time = rcv_clnt_cred->timestamp.time + 1;
-
- /* first 4 bytes of the new seed is old client 4 bytes + clnt time + 1 */
- new_cred = IVAL(sto_clnt_cred->challenge.data, 0);
- new_cred += new_clnt_time.time;
-
- DEBUG(5,("reseed_client_creds: new_cred[0]=%x\n", new_cred));
- DEBUG(5,("reseed_client_creds: new_clnt_time=%x\n",
- new_clnt_time.time));
- DEBUG(5,("reseed_client_creds: clnt_cred=%s\n",
- credstr(sto_clnt_cred->challenge.data)));
-
- /* store new seed in client credentials */
- SIVAL(sto_clnt_cred->challenge.data, 0, new_cred);
-}
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
+/*
+ * This module allows the default quota values,
+ * in the windows explorer GUI, to be stored on a samba server.
+ * The problem is that linux filesystems only store quotas
+ * for users and groups, but no default quotas.
+ *
+ * Samba returns NO_LIMIT as the default quotas by default
+ * and refuses to update them.
+ *
+ * With this module you can store the default quotas that are reported to
+ * a windows client, in the quota record of a user. By default the root user
+ * is taken because quota limits for root are typically not enforced.
+ *
+ * This module takes 2 parametric parameters in smb.conf:
+ * (the default prefix for them is 'default_quota',
+ * it can be overwrittem when you load the module in
+ * the 'vfs objects' parameter like this:
+ * vfs objects = default_quota:myprefix)
+ *
+ * "<myprefix>:uid" parameter takes a integer argument,
+ * it specifies the uid of the quota record, that will be taken for
+ * storing the default USER-quotas.
+ *
+ * - default value: '0' (for root user)
+ * - e.g.: default_quota:uid = 65534
+ *
+ * "<myprefix>:uid nolimit" parameter takes a boolean argument,
+ * it specifies if we should report the stored default quota values,
+ * also for the user record, or if you should just report NO_LIMIT
+ * to the windows client for the user specified by the "<prefix>:uid" parameter.
+ *
+ * - default value: yes (that means to report NO_LIMIT)
+ * - e.g.: default_quota:uid nolimit = no
+ *
+ * "<myprefix>:gid" parameter takes a integer argument,
+ * it's just like "<prefix>:uid" but for group quotas.
+ * (NOTE: group quotas are not supported from the windows explorer!)
+ *
+ * - default value: '0' (for root group)
+ * - e.g.: default_quota:gid = 65534
+ *
+ * "<myprefix>:gid nolimit" parameter takes a boolean argument,
+ * it's just like "<prefix>:uid nolimit" but for group quotas.
+ * (NOTE: group quotas are not supported from the windows explorer!)
+ *
+ * - default value: yes (that means to report NO_LIMIT)
+ * - e.g.: default_quota:uid nolimit = no
+ *
+ */
+
#include "includes.h"
#undef DBGC_CLASS
result = SMB_VFS_NEXT_TELLDIR(handle, conn, dirp);
- do_log(SMB_VFS_OP_OPENDIR, True, handle, "");
+ do_log(SMB_VFS_OP_TELLDIR, True, handle, "");
return result;
}
/* Fill in request and send down pipe */
init_request(request, req_type);
- if (write_sock(request, sizeof(*request)) == -1) {
+ if (write_sock(request, sizeof(*request), 0) == -1) {
_pam_log(LOG_ERR, "write to socket failed!");
close_sock();
return PAM_SERVICE_ERR;
/* Connect to winbindd socket */
-int winbind_open_pipe_sock(void)
+static int winbind_open_pipe_sock(int recursing)
{
#ifdef HAVE_UNIXSOCKET
static pid_t our_pid;
return winbindd_fd;
}
+ if (recursing) {
+ return -1;
+ }
+
if ((winbindd_fd = winbind_named_pipe_sock(WINBINDD_SOCKET_DIR)) == -1) {
return -1;
}
/* version-check the socket */
+ request.flags = WBFLAG_RECURSE;
if ((winbindd_request_response(WINBINDD_INTERFACE_VERSION, &request, &response) != NSS_STATUS_SUCCESS) || (response.data.interface_version != WINBIND_INTERFACE_VERSION)) {
close_sock();
return -1;
/* try and get priv pipe */
+ request.flags = WBFLAG_RECURSE;
if (winbindd_request_response(WINBINDD_PRIV_PIPE_DIR, &request, &response) == NSS_STATUS_SUCCESS) {
int fd;
if ((fd = winbind_named_pipe_sock(response.extra_data)) != -1) {
/* Write data to winbindd socket */
-int write_sock(void *buffer, int count)
+int write_sock(void *buffer, int count, int recursing)
{
int result, nwritten;
restart:
- if (winbind_open_pipe_sock() == -1) {
+ if (winbind_open_pipe_sock(recursing) == -1) {
return -1;
}
init_request(request, req_type);
- if (write_sock(request, sizeof(*request)) == -1) {
+ if (write_sock(request, sizeof(*request), request->flags & WBFLAG_RECURSE) == -1) {
return NSS_STATUS_UNAVAIL;
}
NSS_STATUS winbindd_request_response(int req_type,
struct winbindd_request *request,
struct winbindd_response *response);
-int winbind_open_pipe_sock(void);
-int write_sock(void *buffer, int count);
+int write_sock(void *buffer, int count, int recursing);
int read_reply(struct winbindd_response *response);
void close_sock(void);
void free_response(struct winbindd_response *response);
continue;
}
+ if (sid_check_is_in_builtin(&sid))
+ continue;
+
if (!sid_peek_check_rid(&domain->sid, &sid, &rid)) {
DEBUG(1,("No rid for %s !?\n", name));
continue;
SMB_ASSERT(cache_retrieve_response(child->pid,
state->response));
+
DLIST_REMOVE(child->requests, state);
schedule_async_request(child);
static struct winbindd_child_dispatch_table child_dispatch_table[] = {
- { WINBINDD_LOOKUPSID, winbindd_dual_lookupsid, "LOOKUPSID" },
- { WINBINDD_LOOKUPNAME, winbindd_dual_lookupname, "LOOKUPNAME" },
- { WINBINDD_LIST_TRUSTDOM, winbindd_dual_list_trusted_domains,
- "LIST_TRUSTDOM" },
- { WINBINDD_INIT_CONNECTION, winbindd_dual_init_connection,
- "INIT_CONNECTION" },
- { WINBINDD_GETDCNAME, winbindd_dual_getdcname, "GETDCNAME" },
- { WINBINDD_SHOW_SEQUENCE, winbindd_dual_show_sequence,
- "SHOW_SEQUENCE" },
- { WINBINDD_PAM_AUTH, winbindd_dual_pam_auth, "PAM_AUTH" },
- { WINBINDD_PAM_AUTH_CRAP, winbindd_dual_pam_auth_crap, "AUTH_CRAP" },
- { WINBINDD_CHECK_MACHACC, winbindd_dual_check_machine_acct,
- "CHECK_MACHACC" },
- { WINBINDD_DUAL_SID2UID, winbindd_dual_sid2uid, "DUAL_SID2UID" },
- { WINBINDD_DUAL_SID2GID, winbindd_dual_sid2gid, "DUAL_SID2GID" },
- { WINBINDD_DUAL_UID2NAME, winbindd_dual_uid2name, "DUAL_UID2NAME" },
- { WINBINDD_DUAL_NAME2UID, winbindd_dual_name2uid, "DUAL_NAME2UID" },
- { WINBINDD_DUAL_GID2NAME, winbindd_dual_gid2name, "DUAL_GID2NAME" },
- { WINBINDD_DUAL_NAME2GID, winbindd_dual_name2gid, "DUAL_NAME2GID" },
- { WINBINDD_DUAL_IDMAPSET, winbindd_dual_idmapset, "DUAL_IDMAPSET" },
- { WINBINDD_DUAL_USERINFO, winbindd_dual_userinfo, "DUAL_USERINFO" },
- { WINBINDD_ALLOCATE_RID, winbindd_dual_allocate_rid, "ALLOCATE_RID" },
- { WINBINDD_ALLOCATE_RID_AND_GID, winbindd_dual_allocate_rid_and_gid,
- "ALLOCATE_RID_AND_GID" },
- { WINBINDD_GETUSERDOMGROUPS, winbindd_dual_getuserdomgroups,
- "GETUSERDOMGROUPS" },
- { WINBINDD_DUAL_GETSIDALIASES, winbindd_dual_getsidaliases,
- "GETSIDALIASES" },
+ { WINBINDD_LOOKUPSID, winbindd_dual_lookupsid, "LOOKUPSID" },
+ { WINBINDD_LOOKUPNAME, winbindd_dual_lookupname, "LOOKUPNAME" },
+ { WINBINDD_LIST_TRUSTDOM, winbindd_dual_list_trusted_domains, "LIST_TRUSTDOM" },
+ { WINBINDD_INIT_CONNECTION, winbindd_dual_init_connection, "INIT_CONNECTION" },
+ { WINBINDD_GETDCNAME, winbindd_dual_getdcname, "GETDCNAME" },
+ { WINBINDD_SHOW_SEQUENCE, winbindd_dual_show_sequence, "SHOW_SEQUENCE" },
+ { WINBINDD_PAM_AUTH, winbindd_dual_pam_auth, "PAM_AUTH" },
+ { WINBINDD_PAM_AUTH_CRAP, winbindd_dual_pam_auth_crap, "AUTH_CRAP" },
+ { WINBINDD_CHECK_MACHACC, winbindd_dual_check_machine_acct, "CHECK_MACHACC" },
+ { WINBINDD_DUAL_SID2UID, winbindd_dual_sid2uid, "DUAL_SID2UID" },
+ { WINBINDD_DUAL_SID2GID, winbindd_dual_sid2gid, "DUAL_SID2GID" },
+ { WINBINDD_DUAL_UID2NAME, winbindd_dual_uid2name, "DUAL_UID2NAME" },
+ { WINBINDD_DUAL_NAME2UID, winbindd_dual_name2uid, "DUAL_NAME2UID" },
+ { WINBINDD_DUAL_GID2NAME, winbindd_dual_gid2name, "DUAL_GID2NAME" },
+ { WINBINDD_DUAL_NAME2GID, winbindd_dual_name2gid, "DUAL_NAME2GID" },
+ { WINBINDD_DUAL_IDMAPSET, winbindd_dual_idmapset, "DUAL_IDMAPSET" },
+ { WINBINDD_DUAL_USERINFO, winbindd_dual_userinfo, "DUAL_USERINFO" },
+ { WINBINDD_ALLOCATE_RID, winbindd_dual_allocate_rid, "ALLOCATE_RID" },
+ { WINBINDD_ALLOCATE_RID_AND_GID, winbindd_dual_allocate_rid_and_gid, "ALLOCATE_RID_AND_GID" },
+ { WINBINDD_GETUSERDOMGROUPS, winbindd_dual_getuserdomgroups, "GETUSERDOMGROUPS" },
+ { WINBINDD_DUAL_GETSIDALIASES, winbindd_dual_getsidaliases, "GETSIDALIASES" },
/* End of list */
{ WINBINDD_NUM_CMDS, NULL, "NONE" }
if ( !((name_type==SID_NAME_DOM_GRP) ||
((name_type==SID_NAME_ALIAS) && domain->primary) ||
- ((name_type==SID_NAME_ALIAS) && domain->internal)) )
+ ((name_type==SID_NAME_ALIAS) && domain->internal) ||
+ ((name_type==SID_NAME_WKN_GRP) && domain->internal)) )
{
- DEBUG(1, ("name '%s' is not a local or domain group: %d\n",
+ DEBUG(1, ("name '%s' is not a local, domain or builtin group: %d\n",
name_group, name_type));
request_error(state);
return;
if ( ( lp_security() != SEC_ADS && domain->native_mode
&& domain->primary) || domain->internal )
{
- DEBUG(4,("get_sam_group_entries: Native Mode 2k domain; enumerating local groups as well\n"));
+ DEBUG(4,("get_sam_group_entries: %s domain; enumerating local groups as well\n",
+ domain->native_mode ? "Native Mode 2k":"BUILTIN or local"));
status = domain->methods->enum_local_groups(domain, mem_ctx, &num_entries, &sam_grp_entries);
/* This is a flag that can only be sent from parent to child */
#define WBFLAG_IS_PRIVILEGED 0x0400
+/* Flag to say this is a winbindd internal send - don't recurse. */
+#define WBFLAG_RECURSE 0x0800
/* Winbind request structure */
} while ( (attempts < 2) && retry );
- if (NT_STATUS_IS_OK(result) &&
- (!clnt_deal_with_creds(session_key, credentials,
- &ret_creds))) {
- DEBUG(3, ("DC %s sent wrong credentials\n",
- pipe_cli->cli->srv_name_slash));
- result = NT_STATUS_ACCESS_DENIED;
+ /* Only check creds if we got a connection. */
+ if (contact_domain->conn.cli &&
+ !(NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) ||
+ NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL))) {
+ if (!clnt_deal_with_creds(session_key, credentials, &ret_creds)) {
+ DEBUG(3, ("DC %s sent wrong credentials\n",
+ pipe_cli->cli->srv_name_slash));
+ result = NT_STATUS_ACCESS_DENIED;
+ }
}
if (NT_STATUS_IS_OK(result)) {
} while ( (attempts < 2) && retry );
- if (NT_STATUS_IS_OK(result) &&
- (!clnt_deal_with_creds(session_key, credentials,
- &ret_creds))) {
- DEBUG(3, ("DC %s sent wrong credentials\n",
- pipe_cli->cli->srv_name_slash));
- result = NT_STATUS_ACCESS_DENIED;
+ /* Only check creds if we got a connection. */
+ if (contact_domain->conn.cli &&
+ !(NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) ||
+ (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)))) {
+ if (!clnt_deal_with_creds(session_key, credentials, &ret_creds)) {
+ DEBUG(3, ("DC %s sent wrong credentials\n",
+ pipe_cli->cli->srv_name_slash));
+ result = NT_STATUS_ACCESS_DENIED;
+ }
}
if (NT_STATUS_IS_OK(result)) {
DOM_SID our_sid;
if (!secrets_fetch_domain_sid(lp_workgroup(), &our_sid)) {
- DEBUG(0, ("Could not fetch our SID - did we join?\n"));
+ smb_panic("Could not fetch our SID - did we join?\n");
}
domain = add_trusted_domain( lp_workgroup(), lp_realm(),
return False;
}
-/* Parse a string of the form DOMAIN/user into a domain and a user */
+/* Parse a string of the form DOMAIN\user into a domain and a user */
BOOL parse_domain_user(const char *domuser, fstring domain, fstring user)
{
fstring tmp_user;
fstrcpy(tmp_user, user);
+ strlower_m(tmp_user);
if (assume_domain(domain)) {
strlcpy(name, user, sizeof(fstring));
size_t *retDataLen,
void *retData )
{
- int rc=0, err = 0;
+ int err = 0;
BerElement *replyBer = NULL;
char *retOctStr = NULL;
size_t retOctStrLen = 0;
goto Cleanup;
}
- if( (rc = ber_scanf(replyBer, "{iis}", serverVersion, &err, retOctStr, &retOctStrLen)) != -1)
+ if(ber_scanf(replyBer, "{iis}", serverVersion, &err, retOctStr, &retOctStrLen) != -1)
{
if (*retDataLen >= retOctStrLen)
{
}
else
{
- if( (rc = ber_scanf(replyBer, "{ii}", serverVersion, &err)) == -1)
+ if(ber_scanf(replyBer, "{ii}", serverVersion, &err) == -1)
{
if (!err)
{
int pdb_nds_get_password(
struct smbldap_state *ldap_state,
char *object_dn,
- int *pwd_len,
+ size_t *pwd_len,
char *pwd )
{
LDAP *ld = ldap_state->ldap_struct;
if (rc == LDAP_SUCCESS) {
DEBUG(5,("NDS Universal Password changed for user %s\n", object_dn));
} else {
+ char *ld_error = NULL;
+ ldap_get_option(ld, LDAP_OPT_ERROR_STRING, &ld_error);
+
/* This will fail if Universal Password is not enabled for the user's context */
- DEBUG(3,("NDS Universal Password could not be changed for user %s: %d\n",
- object_dn, rc));
+ DEBUG(3,("NDS Universal Password could not be changed for user %s: %s (%s)\n",
+ object_dn, ldap_err2string(rc), ld_error?ld_error:"unknown"));
+ SAFE_FREE(ld_error);
}
/* Set eDirectory Password */
LDAPMessage *entry = NULL;
const char **attr_list;
size_t pwd_len;
- uchar clear_text_pw[512];
+ char clear_text_pw[512];
const char *p = NULL;
LDAP *ld = NULL;
int ldap_port = 0;
got_clear_text_pw = True;
}
} else {
- generate_random_buffer(clear_text_pw, 24);
+ generate_random_buffer((unsigned char *)clear_text_pw, 24);
clear_text_pw[24] = '\0';
DEBUG(5,("pdb_nds_update_login_attempts: using random password %s\n", clear_text_pw));
}
{
/* report error code */
DEBUG(0,("cli_net_srv_pwset: %s\n", nt_errstr(nt_status)));
- goto done;
}
/* Update the credentials. */
if(!smb_io_unistr2("uni_logon_srv", &usr->uni_logon_srv, usr->hdr_logon_srv.buffer, ps, depth)) /* logon server unicode string */
return False;
- if(!smb_io_unistr2("uni_logon_dom", &usr->uni_logon_dom, usr->hdr_logon_srv.buffer, ps, depth)) /* logon domain unicode string */
+ if(!smb_io_unistr2("uni_logon_dom", &usr->uni_logon_dom, usr->hdr_logon_dom.buffer, ps, depth)) /* logon domain unicode string */
return False;
if(!smb_io_dom_sid2("", &usr->dom_sid, ps, depth)) /* domain SID */
* If reading, ensure that we can read the requested size item.
*/
if (ps->data_offset + extra_size > ps->buffer_size) {
- DEBUG(0,("prs_mem_get: reading data of size %u would overrun buffer.\n",
- (unsigned int)extra_size ));
+ DEBUG(0,("prs_mem_get: reading data of size %u would overrun "
+ "buffer by %u bytes.\n",
+ (unsigned int)extra_size,
+ (unsigned int)(ps->data_offset + extra_size - ps->buffer_size) ));
return NULL;
}
} else {
if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->clnt_id.cred, &srv_cred)))
return NT_STATUS_INVALID_HANDLE;
- reseed_client_creds(&p->dc.clnt_cred, &q_u->clnt_id.cred);
memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
DEBUG(5,("_net_srv_pwset: %d\n", __LINE__));
return NT_STATUS_INVALID_HANDLE;
/* what happens if we get a logoff for an unknown user? */
- reseed_client_creds(&p->dc.clnt_cred, &q_u->sam_id.client.cred);
memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
/* XXXX maybe we want to say 'no', reject the client's credentials */
if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->sam_id.client.cred, &srv_cred)))
return NT_STATUS_INVALID_HANDLE;
+ memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
+
r_u->buffer_creds = 1; /* yes, we have valid server credentials */
memcpy(&r_u->srv_creds, &srv_cred, sizeof(r_u->srv_creds));
return status;
}
- /* moved from right after deal_with_creds above, since we weren't
- supposed to update unless logon was successful */
-
- reseed_client_creds(&p->dc.clnt_cred, &q_u->sam_id.client.cred);
- memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
-
if (server_info->guest) {
/* We don't like guest domain logons... */
DEBUG(5,("_net_sam_logon: Attempted domain logon as GUEST denied.\n"));
one byte long. If old_handle is false we allocate from the range
256 - MAX_DIRECTORY_HANDLES. We bias the number we return by 1 to ensure
a directory handle is never zero.
+ wcard must not be zero.
****************************************************************************/
int dptr_create(connection_struct *conn, pstring path, BOOL old_handle, BOOL expect_close,uint16 spid,
DEBUG(5,("dptr_create dir=%s\n", path));
+ if (!wcard) {
+ return -1;
+ }
+
if (!check_name(path,conn))
return(-2); /* Code to say use a unix error return code. */
dptr->dir_hnd = dir_hnd;
dptr->spid = spid;
dptr->expect_close = expect_close;
- if (wcard) {
- dptr->wcard = SMB_STRDUP(wcard);
- if (!dptr->wcard) {
- bitmap_clear(dptr_bmap, dptr->dnum - 1);
- SAFE_FREE(dptr);
- CloseDir(dir_hnd);
- return -1;
- }
- } else {
- dptr->wcard = NULL;
+ dptr->wcard = SMB_STRDUP(wcard);
+ if (!dptr->wcard) {
+ bitmap_clear(dptr_bmap, dptr->dnum - 1);
+ SAFE_FREE(dptr);
+ CloseDir(dir_hnd);
+ return -1;
}
- dptr->attr = attr;
- if (lp_posix_pathnames() || (wcard && (wcard[0] == '.' && wcard[1] == 0))) {
+ if (lp_posix_pathnames() || (wcard[0] == '.' && wcard[1] == 0)) {
dptr->has_wild = True;
} else {
dptr->has_wild = ms_has_wild(wcard);
}
+ dptr->attr = attr;
+
DLIST_ADD(dirptrs, dptr);
DEBUG(3,("creating new dirptr %d for path %s, expect_close = %d\n",
return 0;
}
- /* Get the DOS attributes from an EA by preference. */
- if (get_ea_dos_attribute(conn, path, sbuf, &result)) {
- result |= set_sparse_flag(sbuf);
- return result;
- }
-
- result = dos_mode_from_sbuf(conn, path, sbuf);
-
- /* Now do any modifications that depend on the path name. */
+ /* First do any modifications that depend on the path name. */
/* hide files with a name starting with a . */
if (lp_hide_dot_files(SNUM(conn))) {
const char *p = strrchr_m(path,'/');
- if (p)
+ if (p) {
p++;
- else
+ } else {
p = path;
+ }
- if (p[0] == '.' && p[1] != '.' && p[1] != 0)
+ if (p[0] == '.' && p[1] != '.' && p[1] != 0) {
result |= aHIDDEN;
+ }
}
+ /* Get the DOS attributes from an EA by preference. */
+ if (get_ea_dos_attribute(conn, path, sbuf, &result)) {
+ result |= set_sparse_flag(sbuf);
+ } else {
+ result |= dos_mode_from_sbuf(conn, path, sbuf);
+ }
+
/* Optimization : Only call is_hidden_path if it's not already
hidden. */
if (!(result & aHIDDEN) && IS_HIDDEN_PATH(conn,path)) {
errno = 0;
ZERO_STRUCT(sbuf);
+ /* Don't update the time on read-only shares */
+ /* We need this as set_filetime (which can be called on
+ close and other paths) can end up calling this function
+ without the NEED_WRITE protection. Found by :
+ Leo Weppelman <leo@wau.mis.ah.nl>
+ */
+
+ if (!CAN_WRITE(conn)) {
+ return 0;
+ }
+
if(SMB_VFS_UTIME(conn,fname, times) == 0)
return 0;
fsp_open = open_file(fsp,conn,fname,psbuf,flags|flags2,unx_mode,access_mask);
+ if (!fsp_open && (flags2 & O_EXCL) && (errno == EEXIST)) {
+ /*
+ * Two smbd's tried to open exclusively, but only one of them
+ * succeeded.
+ */
+ file_free(fsp);
+ return NULL;
+ }
+
if (!fsp_open && (flags == O_RDWR) && (errno != ENOENT)) {
if((fsp_open = open_file(fsp,conn,fname,psbuf,
O_RDONLY,unx_mode,access_mask)) == True) {
* entries can be converted to *_OBJ. Usually we will already have these
* entries in the Default ACL, and the Access ACL will not have them.
*/
- check_owning_objs(file_ace, pfile_owner_sid, pfile_grp_sid);
- check_owning_objs(dir_ace, pfile_owner_sid, pfile_grp_sid);
+ if (file_ace) {
+ check_owning_objs(file_ace, pfile_owner_sid, pfile_grp_sid);
+ }
+ if (dir_ace) {
+ check_owning_objs(dir_ace, pfile_owner_sid, pfile_grp_sid);
+ }
}
*ppfile_ace = file_ace;
if (count_canon_ace_list(file_ace) == 0) {
DEBUG(0,("get_nt_acl : No ACLs on file (%s) !\n", fsp->fsp_name ));
- return 0;
+ goto done;
}
if (fsp->is_directory && def_acl) {
if(!psd) {
DEBUG(0,("get_nt_acl: Unable to malloc space for security descriptor.\n"));
sd_size = 0;
- } else {
- /*
- * Windows 2000: The DACL_PROTECTED flag in the security
- * descriptor marks the ACL as non-inheriting, i.e., no
- * ACEs from higher level directories propagate to this
- * ACL. In the POSIX ACL model permissions are only
- * inherited at file create time, so ACLs never contain
- * any ACEs that are inherited dynamically. The DACL_PROTECTED
- * flag doesn't seem to bother Windows NT.
- * Always set this if map acl inherit is turned off.
- */
- if (get_protected_flag(pal) || !lp_map_acl_inherit(SNUM(conn))) {
- psd->type |= SE_DESC_DACL_PROTECTED;
- }
+ goto done;
}
- if (psd->dacl)
+ /*
+ * Windows 2000: The DACL_PROTECTED flag in the security
+ * descriptor marks the ACL as non-inheriting, i.e., no
+ * ACEs from higher level directories propagate to this
+ * ACL. In the POSIX ACL model permissions are only
+ * inherited at file create time, so ACLs never contain
+ * any ACEs that are inherited dynamically. The DACL_PROTECTED
+ * flag doesn't seem to bother Windows NT.
+ * Always set this if map acl inherit is turned off.
+ */
+ if (get_protected_flag(pal) || !lp_map_acl_inherit(SNUM(conn))) {
+ psd->type |= SE_DESC_DACL_PROTECTED;
+ }
+
+ if (psd->dacl) {
dacl_sort_into_canonical_order(psd->dacl->ace, (unsigned int)psd->dacl->num_aces);
+ }
*ppdesc = psd;
done:
- if (posix_acl)
+ if (posix_acl) {
SMB_VFS_SYS_ACL_FREE_ACL(conn, posix_acl);
- if (def_acl)
+ }
+ if (def_acl) {
SMB_VFS_SYS_ACL_FREE_ACL(conn, def_acl);
+ }
free_canon_ace_list(file_ace);
free_canon_ace_list(dir_ace);
free_inherited_info(pal);
uint16 session_tag = (lp_security() == SEC_SHARE) ? UID_FIELD_INVALID : SVAL(inbuf,smb_uid);
connection_struct *conn = conn_find(SVAL(inbuf,smb_tid));
- DEBUG(3,("switch message %s (pid %d) conn 0x%x\n",smb_fn_name(type),(int)pid,(unsigned int)conn));
+ DEBUG(3,("switch message %s (pid %d) conn 0x%lx\n",smb_fn_name(type),(int)pid,(unsigned long)conn));
smb_dump(smb_fn_name(type), 1, inbuf, size);
if(global_oplock_break) {
#include "includes.h"
+#ifdef HAVE_SYS_PRCTL_H
+#include <sys/prctl.h>
+#endif
+
static int am_parent = 1;
/* the last message the was processed */
* everything after this point is run after the fork()
*/
+#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
+ /* On Linux we lose the ability to dump core when we change our user
+ * ID. We know how to dump core safely, so let's make sure we have our
+ * dumpable flag set.
+ */
+ prctl(PR_SET_DUMPABLE, 1);
+#endif
+
/* Initialise the password backed before the global_sam_sid
to ensure that we fetch from ldap before we make a domain sid up */
if (tdb_store_bystring(tdb_stat_cache, original_path, data_val, TDB_REPLACE) != 0) {
DEBUG(0,("stat_cache_add: Error storing entry %s -> %s\n", original_path, translated_path));
} else {
- DEBUG(5,("stat_cache_add: Added entry (%x:size%x) %s -> %s\n",
- (unsigned int)data_val.dptr, data_val.dsize, original_path, translated_path));
+ DEBUG(5,("stat_cache_add: Added entry (%lx:size%x) %s -> %s\n",
+ (unsigned long)data_val.dptr, (unsigned int)data_val.dsize, original_path, translated_path));
}
SAFE_FREE(original_path);
return False;
}
- DEBUG(10,("get_ea_value: EA %s is of length %d: ", ea_name, sizeret));
+ DEBUG(10,("get_ea_value: EA %s is of length %u: ", ea_name, (unsigned int)sizeret));
dump_data(10, val, sizeret);
pea->flags = 0;
if (sizeret == -1)
return NULL;
- DEBUG(10,("get_ea_list_from_file: ea_namelist size = %d\n", sizeret ));
+ DEBUG(10,("get_ea_list_from_file: ea_namelist size = %u\n", (unsigned int)sizeret ));
if (sizeret) {
for (p = ea_namelist; p - ea_namelist < sizeret; p += strlen(p) + 1) {
push_ascii_fstring(dos_ea_name, listp->ea.name);
*pea_total_len += 4 + strlen(dos_ea_name) + 1 + listp->ea.value.length;
DEBUG(10,("get_ea_list_from_file: total_len = %u, %s, val len = %u\n",
- *pea_total_len, dos_ea_name,
+ (unsigned int)*pea_total_len, dos_ea_name,
(unsigned int)listp->ea.value.length ));
}
DLIST_ADD_END(ea_list_head, listp, tmp);
}
}
- DEBUG(10,("get_ea_list_from_file: total_len = %u\n", *pea_total_len));
+ DEBUG(10,("get_ea_list_from_file: total_len = %u\n", (unsigned int)*pea_total_len));
return ea_list_head;
}
canonicalize_ea_name(conn, fsp, fname, unix_ea_name);
- DEBUG(10,("set_ea: ea_name %s ealen = %u\n", unix_ea_name, ea_list->ea.value.length));
+ DEBUG(10,("set_ea: ea_name %s ealen = %u\n", unix_ea_name, (unsigned int)ea_list->ea.value.length));
if (samba_private_attr_name(unix_ea_name)) {
DEBUG(10,("set_ea: ea name %s is a private Samba name.\n", unix_ea_name));
return sys_aio_write(aiocb);
}
-int vfswrap_aio_return(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
+ssize_t vfswrap_aio_return(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
{
return sys_aio_return(aiocb);
}
goto failed;
}
- dir = (struct smbw_dir *)malloc(sizeof(*dir));
+ dir = SMB_MALLOC_P(struct smbw_dir);
if (!dir) {
errno = ENOMEM;
goto failed;
dir->fd = fd;
dir->srv = srv;
- dir->path = strdup(s);
+ dir->path = SMB_STRDUP(s);
DEBUG(4,(" -> %d\n", dir->count));
if (!buf) {
if (size <= 0) size = strlen(smbw_cwd)+1;
- buf = (char *)malloc(size);
+ buf = SMB_MALLOC_ARRAY(char, size);
if (!buf) {
errno = ENOMEM;
smbw_busy--;
/* Lock each chain from the start one. */
for (; tlock->hash < tdb->header.hash_size; tlock->hash++) {
+
+ /* this is an optimisation for the common case where
+ the hash chain is empty, which is particularly
+ common for the use of tdb with ldb, where large
+ hashes are used. In that case we spend most of our
+ time in tdb_brlock(), locking empty hash chains.
+
+ To avoid this, we do an unlocked pre-check to see
+ if the hash chain is empty before starting to look
+ inside it. If it is empty then we can avoid that
+ hash chain. If it isn't empty then we can't believe
+ the value we get back, as we read it without a
+ lock, so instead we get the lock and re-fetch the
+ value below.
+
+ Notice that not doing this optimisation on the
+ first hash chain is critical. We must guarantee
+ that we have done at least one fcntl lock at the
+ start of a search to guarantee that memory is
+ coherent on SMP systems. If records are added by
+ others during the search then thats OK, and we
+ could possibly miss those with this trick, but we
+ could miss them anyway without this trick, so the
+ semantics don't change.
+
+ With a non-indexed ldb search this trick gains us a
+ factor of around 80 in speed on a linux 2.6.x
+ system (testing using ldbtest).
+ */
+ if (!tlock->off && tlock->hash != 0) {
+ u32 off;
+ if (tdb->map_ptr) {
+ for (;tlock->hash < tdb->header.hash_size;tlock->hash++) {
+ if (0 != *(u32 *)(TDB_HASH_TOP(tlock->hash) + (unsigned char *)tdb->map_ptr)) {
+ break;
+ }
+ }
+ if (tlock->hash == tdb->header.hash_size) {
+ continue;
+ }
+ } else {
+ if (ofs_read(tdb, TDB_HASH_TOP(tlock->hash), &off) == 0 &&
+ off == 0) {
+ continue;
+ }
+ }
+ }
+
if (tdb_lock(tdb, tlock->hash, F_WRLCK) == -1)
return -1;
TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno)));
goto fail;
}
+ if ((tdb->flags & TDB_CLEAR_IF_FIRST) &&
+ (tdb_brlock(tdb, ACTIVE_LOCK, F_RDLCK, F_SETLKW, 0) == -1)) {
+ TDB_LOG((tdb, 0, "tdb_reopen: failed to obtain active lock\n"));
+ goto fail;
+ }
if (fstat(tdb->fd, &st) != 0) {
TDB_LOG((tdb, 0, "tdb_reopen: fstat failed (%s)\n", strerror(errno)));
goto fail;
goto fail;
}
tdb_mmap(tdb);
- if ((tdb->flags & TDB_CLEAR_IF_FIRST) && (tdb_brlock(tdb, ACTIVE_LOCK, F_RDLCK, F_SETLKW, 0) == -1)) {
- TDB_LOG((tdb, 0, "tdb_reopen: failed to obtain active lock\n"));
- goto fail;
- }
return 0;
TDB_CONTEXT *tdb;
for (tdb=tdbs; tdb; tdb = tdb->next) {
- /* Ensure no clear-if-first. */
- tdb->flags &= ~TDB_CLEAR_IF_FIRST;
if (tdb_reopen(tdb) != 0)
return -1;
}
if (opt_comment) {
msg = opt_comment;
+ } else {
+ msg = "";
}
+
if (opt_timeout) {
timeout = opt_timeout;
}
d_printf("\t-r or --reboot\trequest remote server reboot on shutdown\n");
d_printf("\t-f or --force\trequest the remote server force its shutdown\n");
d_printf("\t-t or --timeout=<timeout>\tnumber of seconds before shutdown\n");
- d_printf("\t-c or --comment=<message>\ttext message to display on impending shutdown\n");
+ d_printf("\t-C or --comment=<message>\ttext message to display on impending shutdown\n");
return -1;
}
}
}
d_printf("0x%-8x ",(unsigned int)e->access_mask);
- if (e->access_mask & (FILE_READ_DATA|FILE_WRITE_DATA)) {
+ if ((e->access_mask & (FILE_READ_DATA|FILE_WRITE_DATA))==
+ (FILE_READ_DATA|FILE_WRITE_DATA)) {
d_printf("RDWR ");
} else if (e->access_mask & FILE_WRITE_DATA) {
d_printf("WRONLY ");
git.samba.org / samba.git / commitdiff