diff -c -r samba-2.0.3/source/acconfig.h samba-2.0.3-dce-0.5/source/acconfig.h *** samba-2.0.3/source/acconfig.h Fri Feb 5 18:17:34 1999 --- samba-2.0.3-dce-0.5/source/acconfig.h Wed Mar 24 10:24:47 1999 *************** *** 17,22 **** --- 17,23 ---- #undef HAVE_SHORT_INO_T #undef WITH_SMBWRAPPER #undef WITH_AFS + #undef WITH_DCE #undef WITH_DFS #undef SUNOS5 #undef SUNOS4 diff -c -r samba-2.0.3/source/configure samba-2.0.3-dce-0.5/source/configure *** samba-2.0.3/source/configure Sat Feb 27 14:08:58 1999 --- samba-2.0.3-dce-0.5/source/configure Wed Mar 24 10:45:55 1999 *************** *** 21,26 **** --- 21,29 ---- --with-afs Include AFS support --without-afs Don't include AFS support (default)" ac_help="$ac_help + --with-dce Include DCE support + --without-dce Don't include DCE support (default)" + ac_help="$ac_help --with-dfs Include DFS support --without-dfs Don't include DFS support (default)" ac_help="$ac_help *************** *** 3403,3554 **** ############################################### # test for where we get pam_authenticate() from # might need libdl for this to work ! if test "$ac_cv_header_security_pam_appl_h" = "yes"; then ! echo $ac_n "checking for main in -ldl""... $ac_c" 1>&6 ! echo "configure:3409: checking for main in -ldl" >&5 ! ac_lib_var=`echo dl'_'main | sed 'y%./+-%__p_%'` ! if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then ! echo $ac_n "(cached) $ac_c" 1>&6 ! else ! ac_save_LIBS="$LIBS" ! LIBS="-ldl $LIBS" ! cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then ! rm -rf conftest* ! eval "ac_cv_lib_$ac_lib_var=yes" ! else ! echo "configure: failed program was:" >&5 ! cat conftest.$ac_ext >&5 ! rm -rf conftest* ! eval "ac_cv_lib_$ac_lib_var=no" ! fi ! rm -f conftest* ! LIBS="$ac_save_LIBS" ! ! fi ! if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then ! echo "$ac_t""yes" 1>&6 ! ac_tr_lib=HAVE_LIB`echo dl | sed -e 's/[^a-zA-Z0-9_]/_/g' \ ! -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` ! cat >> confdefs.h <&6 ! fi ! ! fi ! for ac_func in pam_authenticate ! do ! echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 ! echo "configure:3455: checking for $ac_func" >&5 ! if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then ! echo $ac_n "(cached) $ac_c" 1>&6 ! else ! cat > conftest.$ac_ext < ! /* Override any gcc2 internal prototype to avoid an error. */ ! /* We use char because int might match the return type of a gcc2 ! builtin and then its argument prototype would still apply. */ ! char $ac_func(); ! ! int main() { ! ! /* The GNU C library defines this for functions which it implements ! to always fail with ENOSYS. Some functions are actually named ! something starting with __ and the normal name is an alias. */ ! #if defined (__stub_$ac_func) || defined (__stub___$ac_func) ! choke me #else ! $ac_func(); ! #endif ! ! ; return 0; } ! EOF ! if { (eval echo configure:3483: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ! rm -rf conftest* ! eval "ac_cv_func_$ac_func=yes" ! else ! echo "configure: failed program was:" >&5 ! cat conftest.$ac_ext >&5 ! rm -rf conftest* ! eval "ac_cv_func_$ac_func=no" ! fi ! rm -f conftest* ! fi ! ! if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then ! echo "$ac_t""yes" 1>&6 ! ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` ! cat >> confdefs.h <&6 ! fi ! done ! ! if test x"$ac_cv_func_pam_authenticate" = x"no"; then ! echo $ac_n "checking for pam_authenticate in -lpam""... $ac_c" 1>&6 ! echo "configure:3509: checking for pam_authenticate in -lpam" >&5 ! ac_lib_var=`echo pam'_'pam_authenticate | sed 'y%./+-%__p_%'` ! if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then ! echo $ac_n "(cached) $ac_c" 1>&6 ! else ! ac_save_LIBS="$LIBS" ! LIBS="-lpam $LIBS" ! cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then ! rm -rf conftest* ! eval "ac_cv_lib_$ac_lib_var=yes" ! else ! echo "configure: failed program was:" >&5 ! cat conftest.$ac_ext >&5 ! rm -rf conftest* ! eval "ac_cv_lib_$ac_lib_var=no" ! fi ! rm -f conftest* ! LIBS="$ac_save_LIBS" ! ! fi ! if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then ! echo "$ac_t""yes" 1>&6 ! LIBS="$LIBS -lpam" ! cat >> confdefs.h <<\EOF ! #define HAVE_PAM_AUTHENTICATE 1 ! EOF ! ! else ! echo "$ac_t""no" 1>&6 ! fi ! ! fi ############################################### --- 3406,3557 ---- ############################################### # test for where we get pam_authenticate() from # might need libdl for this to work ! #if test "$ac_cv_header_security_pam_appl_h" = "yes"; then ! # echo $ac_n "checking for main in -ldl""... $ac_c" 1>&6 ! #echo "configure:3409: checking for main in -ldl" >&5 ! #ac_lib_var=`echo dl'_'main | sed 'y%./+-%__p_%'` ! #if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then ! # echo $ac_n "(cached) $ac_c" 1>&6 ! #else ! # ac_save_LIBS="$LIBS" ! #LIBS="-ldl $LIBS" ! #cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then ! # rm -rf conftest* ! # eval "ac_cv_lib_$ac_lib_var=yes" ! #else ! # echo "configure: failed program was:" >&5 ! # cat conftest.$ac_ext >&5 ! # rm -rf conftest* ! # eval "ac_cv_lib_$ac_lib_var=no" ! #fi ! #rm -f conftest* ! #LIBS="$ac_save_LIBS" ! # ! #fi ! #if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then ! # echo "$ac_t""yes" 1>&6 ! # ac_tr_lib=HAVE_LIB`echo dl | sed -e 's/[^a-zA-Z0-9_]/_/g' \ ! # -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` ! # cat >> confdefs.h <&6 ! #fi ! # ! #fi ! #for ac_func in pam_authenticate ! #do ! #echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 ! #echo "configure:3455: checking for $ac_func" >&5 ! #if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then ! # echo $ac_n "(cached) $ac_c" 1>&6 ! #else ! # cat > conftest.$ac_ext < ! #/* Override any gcc2 internal prototype to avoid an error. */ ! #/* We use char because int might match the return type of a gcc2 ! # builtin and then its argument prototype would still apply. */ ! #char $ac_func(); ! # ! #int main() { ! # ! #/* The GNU C library defines this for functions which it implements ! # to always fail with ENOSYS. Some functions are actually named ! # something starting with __ and the normal name is an alias. */ ! ##if defined (__stub_$ac_func) || defined (__stub___$ac_func) ! #choke me ! ##else ! #$ac_func(); ! ##endif ! # ! #; return 0; } ! #EOF ! #if { (eval echo configure:3483: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ! # rm -rf conftest* ! # eval "ac_cv_func_$ac_func=yes" ! #else ! # echo "configure: failed program was:" >&5 ! # cat conftest.$ac_ext >&5 ! # rm -rf conftest* ! # eval "ac_cv_func_$ac_func=no" ! #fi ! #rm -f conftest* ! #fi ! # ! #if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then ! # echo "$ac_t""yes" 1>&6 ! # ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` ! # cat >> confdefs.h <&6 ! #fi ! #done ! # ! #if test x"$ac_cv_func_pam_authenticate" = x"no"; then ! # echo $ac_n "checking for pam_authenticate in -lpam""... $ac_c" 1>&6 ! #echo "configure:3509: checking for pam_authenticate in -lpam" >&5 ! #ac_lib_var=`echo pam'_'pam_authenticate | sed 'y%./+-%__p_%'` ! #if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then ! # echo $ac_n "(cached) $ac_c" 1>&6 ! #else ! # ac_save_LIBS="$LIBS" ! #LIBS="-lpam $LIBS" ! #cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then ! # rm -rf conftest* ! # eval "ac_cv_lib_$ac_lib_var=yes" ! #else ! # echo "configure: failed program was:" >&5 ! # cat conftest.$ac_ext >&5 ! # rm -rf conftest* ! # eval "ac_cv_lib_$ac_lib_var=no" ! #fi ! #rm -f conftest* ! #LIBS="$ac_save_LIBS" ! # ! #fi ! #if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then ! # echo "$ac_t""yes" 1>&6 ! # LIBS="$LIBS -lpam" ! # cat >> confdefs.h <<\EOF ! ##define HAVE_PAM_AUTHENTICATE 1 ! #EOF ! # ! #else ! # echo "$ac_t""no" 1>&6 ! #fi ! # ! #fi ############################################### *************** *** 8805,8819 **** ################################################# ! # check for the DFS auth system ! echo $ac_n "checking whether to use DFS auth""... $ac_c" 1>&6 ! echo "configure:8811: checking whether to use DFS auth" >&5 # Check whether --with-dfs or --without-dfs was given. if test "${with_dfs+set}" = set; then withval="$with_dfs" case "$withval" in yes) echo "$ac_t""yes" 1>&6 cat >> confdefs.h <<\EOF #define WITH_DFS 1 EOF --- 8808,8849 ---- ################################################# ! # check for the DCE auth system ! echo $ac_n "checking whether to use DCE auth""... $ac_c" 1>&6 ! echo "configure:8700: checking whether to use DCE auth" >&5 ! # Check whether --with-dce or --without-dce was given. ! if test "${with_dce+set}" = set; then ! withval="$with_dce" ! case "$withval" in ! yes) ! echo "$ac_t""yes" 1>&6 ! LIBS="-ldce -lpthread $LIBS" ! CPPFLAGS="$CPPFLAGS -D_REENTRANT" ! cat >> confdefs.h <<\EOF ! #define WITH_DCE 1 ! EOF ! ! ;; ! *) ! echo "$ac_t""no" 1>&6 ! ;; ! esac ! else ! echo "$ac_t""no" 1>&6 ! ! fi ! ! ################################################# ! # check for DFS ! echo $ac_n "checking whether to use DFS""... $ac_c" 1>&6 ! echo "configure:8700: checking whether to use DFS" >&5 # Check whether --with-dfs or --without-dfs was given. if test "${with_dfs+set}" = set; then withval="$with_dfs" case "$withval" in yes) echo "$ac_t""yes" 1>&6 + LIBS="$LIBS -ldcedfs" cat >> confdefs.h <<\EOF #define WITH_DFS 1 EOF diff -c -r samba-2.0.3/source/include/config.h.in samba-2.0.3-dce-0.5/source/include/config.h.in *** samba-2.0.3/source/include/config.h.in Sat Feb 27 14:08:59 1999 --- samba-2.0.3-dce-0.5/source/include/config.h.in Wed Mar 24 10:24:47 1999 *************** *** 80,85 **** --- 80,86 ---- #undef HAVE_SHORT_INO_T #undef WITH_SMBWRAPPER #undef WITH_AFS + #undef WITH_DCE #undef WITH_DFS #undef SUNOS5 #undef SUNOS4 diff -c -r samba-2.0.3/source/include/proto.h samba-2.0.3-dce-0.5/source/include/proto.h *** samba-2.0.3/source/include/proto.h Sat Feb 27 14:08:59 1999 --- samba-2.0.3-dce-0.5/source/include/proto.h Wed Mar 24 10:24:47 1999 *************** *** 1204,1210 **** /*The following definitions come from passdb/pass_check.c */ - void dfs_unlogin(void); BOOL pass_check(char *user,char *password, int pwlen, struct passwd *pwd, BOOL (*fn)(char *, char *)); --- 1204,1209 ---- diff -c -r samba-2.0.3/source/include/smb.h samba-2.0.3-dce-0.5/source/include/smb.h *** samba-2.0.3/source/include/smb.h Sat Feb 27 14:08:59 1999 --- samba-2.0.3-dce-0.5/source/include/smb.h Wed Mar 24 10:24:47 1999 *************** *** 1340,1350 **** int slprintf(); #endif - #ifdef WITH_DFS - void dfs_unlogin(void); - extern int dcelogin_atmost_once; - #endif - #ifdef NOSTRDUP char *strdup(char *s); #endif --- 1340,1345 ---- diff -c -r samba-2.0.3/source/passdb/pass_check.c samba-2.0.3-dce-0.5/source/passdb/pass_check.c *** samba-2.0.3/source/passdb/pass_check.c Wed Dec 30 17:36:58 1998 --- samba-2.0.3-dce-0.5/source/passdb/pass_check.c Wed Mar 24 10:24:48 1999 *************** *** 168,461 **** #endif ! #ifdef WITH_DFS - #include #include ! /***************************************************************** ! This new version of the DFS_AUTH code was donated by Karsten Muuss ! . It fixes the following problems with the ! old code : ! ! - Server credentials may expire ! - Client credential cache files have wrong owner ! - purge_context() function is called with invalid argument ! ! This new code was modified to ensure that on exit the uid/gid is ! still root, and the original directory is restored. JRA. ! ******************************************************************/ ! ! sec_login_handle_t my_dce_sec_context; ! int dcelogin_atmost_once = 0; ! /******************************************************************* ! check on a DCE/DFS authentication ! ********************************************************************/ ! static BOOL dfs_auth(char *user,char *password) { ! error_status_t err; ! int err2; ! int prterr; ! signed32 expire_time, current_time; ! boolean32 password_reset; ! struct passwd *pw; ! sec_passwd_rec_t passwd_rec; ! sec_login_auth_src_t auth_src = sec_login_auth_src_network; ! unsigned char dce_errstr[dce_c_error_string_len]; ! gid_t egid; ! ! if (dcelogin_atmost_once) return(False); ! ! #ifdef HAVE_CRYPT ! /* ! * We only go for a DCE login context if the given password ! * matches that stored in the local password file.. ! * Assumes local passwd file is kept in sync w/ DCE RGY! ! */ ! ! if (strcmp((char *)crypt(password,this_salt),this_crypted)) { ! return(False); ! } ! #endif ! ! sec_login_get_current_context(&my_dce_sec_context, &err); ! if (err != error_status_ok ) { ! dce_error_inq_text(err, dce_errstr, &err2); ! DEBUG(0,("DCE can't get current context. %s\n", dce_errstr)); ! ! return(False); ! } ! ! sec_login_certify_identity(my_dce_sec_context, &err); ! if (err != error_status_ok) { ! dce_error_inq_text(err, dce_errstr, &err2); ! DEBUG(0,("DCE can't get current context. %s\n", dce_errstr)); ! ! return(False); ! } ! ! sec_login_get_expiration(my_dce_sec_context, &expire_time, &err); ! if (err != error_status_ok) { ! dce_error_inq_text(err, dce_errstr, &err2); ! DEBUG(0,("DCE can't get expiration. %s\n", dce_errstr)); ! ! return(False); ! } ! ! time(¤t_time); ! ! if (expire_time < (current_time + 60)) { ! struct passwd *pw; ! sec_passwd_rec_t *key; ! ! sec_login_get_pwent(my_dce_sec_context, ! (sec_login_passwd_t*)&pw, &err); ! if (err != error_status_ok ) { ! dce_error_inq_text(err, dce_errstr, &err2); ! DEBUG(0,("DCE can't get pwent. %s\n", dce_errstr)); ! ! return(False); ! } ! ! sec_login_refresh_identity(my_dce_sec_context, &err); ! if (err != error_status_ok) { ! dce_error_inq_text(err, dce_errstr, &err2); ! DEBUG(0,("DCE can't refresh identity. %s\n", ! dce_errstr)); ! ! return(False); ! } ! ! sec_key_mgmt_get_key(rpc_c_authn_dce_secret, NULL, ! (unsigned char *)pw->pw_name, ! sec_c_key_version_none, ! (void**)&key, &err); ! if (err != error_status_ok) { ! dce_error_inq_text(err, dce_errstr, &err2); ! DEBUG(0,("DCE can't get key for %s. %s\n", ! pw->pw_name, dce_errstr)); ! ! return(False); ! } ! ! sec_login_valid_and_cert_ident(my_dce_sec_context, key, ! &password_reset, &auth_src, ! &err); ! if (err != error_status_ok ) { ! dce_error_inq_text(err, dce_errstr, &err2); ! DEBUG(0,("DCE can't validate and certify identity for %s. %s\n", ! pw->pw_name, dce_errstr)); ! } ! ! sec_key_mgmt_free_key(key, &err); ! if (err != error_status_ok ) { ! dce_error_inq_text(err, dce_errstr, &err2); ! DEBUG(0,("DCE can't free key.\n", dce_errstr)); ! } ! } ! ! if (sec_login_setup_identity((unsigned char *)user, ! sec_login_no_flags, ! &my_dce_sec_context, ! &err) == 0) { ! dce_error_inq_text(err, dce_errstr, &err2); ! DEBUG(0,("DCE Setup Identity for %s failed: %s\n", ! user,dce_errstr)); ! return(False); ! } ! ! sec_login_get_pwent(my_dce_sec_context, ! (sec_login_passwd_t*)&pw, &err); ! if (err != error_status_ok) { ! dce_error_inq_text(err, dce_errstr, &err2); ! DEBUG(0,("DCE can't get pwent. %s\n", dce_errstr)); ! ! return(False); ! } ! ! sec_login_purge_context(&my_dce_sec_context, &err); ! if (err != error_status_ok) { ! dce_error_inq_text(err, dce_errstr, &err2); ! DEBUG(0,("DCE can't purge context. %s\n", dce_errstr)); ! ! return(False); ! } ! ! /* ! * NB. I'd like to change these to call something like become_user() ! * instead but currently we don't have a connection ! * context to become the correct user. This is already ! * fairly platform specific code however, so I think ! * this should be ok. I have added code to go ! * back to being root on error though. JRA. ! */ ! ! egid = getegid(); ! ! if (set_effective_gid(pw->pw_gid) != 0) { ! DEBUG(0,("Can't set egid to %d (%s)\n", ! pw->pw_gid, strerror(errno))); ! return False; ! } ! ! if (set_effective_uid(pw->pw_uid) != 0) { ! set_effective_gid(egid); ! DEBUG(0,("Can't set euid to %d (%s)\n", ! pw->pw_uid, strerror(errno))); ! return False; ! } ! ! if (sec_login_setup_identity((unsigned char *)user, ! sec_login_no_flags, ! &my_dce_sec_context, ! &err) == 0) { ! dce_error_inq_text(err, dce_errstr, &err2); ! DEBUG(0,("DCE Setup Identity for %s failed: %s\n", ! user,dce_errstr)); ! goto err; ! } ! ! sec_login_get_pwent(my_dce_sec_context, ! (sec_login_passwd_t*)&pw, &err); ! if (err != error_status_ok ) { ! dce_error_inq_text(err, dce_errstr, &err2); ! DEBUG(0,("DCE can't get pwent. %s\n", dce_errstr)); ! goto err; ! } ! ! passwd_rec.version_number = sec_passwd_c_version_none; ! passwd_rec.pepper = NULL; ! passwd_rec.key.key_type = sec_passwd_plain; ! passwd_rec.key.tagged_union.plain = (idl_char *)password; ! ! sec_login_validate_identity(my_dce_sec_context, ! &passwd_rec, &password_reset, ! &auth_src, &err); ! if (err != error_status_ok ) { ! dce_error_inq_text(err, dce_errstr, &err2); ! DEBUG(0,("DCE Identity Validation failed for principal %s: %s\n", ! user,dce_errstr)); ! goto err; ! } ! ! sec_login_certify_identity(my_dce_sec_context, &err); ! if (err != error_status_ok) { ! dce_error_inq_text(err, dce_errstr, &err2); ! DEBUG(0,("DCE certify identity failed: %s\n", dce_errstr)); ! goto err; ! } ! ! if (auth_src != sec_login_auth_src_network) { ! DEBUG(0,("DCE context has no network credentials.\n")); ! } ! ! sec_login_set_context(my_dce_sec_context, &err); ! if (err != error_status_ok) { ! dce_error_inq_text(err, dce_errstr, &err2); ! DEBUG(0,("DCE login failed for principal %s, cant set context: %s\n", ! user,dce_errstr)); ! ! sec_login_purge_context(&my_dce_sec_context, &err); ! goto err; ! } ! ! sec_login_get_pwent(my_dce_sec_context, ! (sec_login_passwd_t*)&pw, &err); ! if (err != error_status_ok) { ! dce_error_inq_text(err, dce_errstr, &err2); ! DEBUG(0,("DCE can't get pwent. %s\n", dce_errstr)); ! goto err; ! } ! ! DEBUG(0,("DCE login succeeded for principal %s on pid %d\n", ! user, getpid())); ! ! DEBUG(3,("DCE principal: %s\n" ! " uid: %d\n" ! " gid: %d\n", ! pw->pw_name, pw->pw_uid, pw->pw_gid)); ! DEBUG(3,(" info: %s\n" ! " dir: %s\n" ! " shell: %s\n", ! pw->pw_gecos, pw->pw_dir, pw->pw_shell)); ! ! sec_login_get_expiration(my_dce_sec_context, &expire_time, &err); ! if (err != error_status_ok) { ! dce_error_inq_text(err, dce_errstr, &err2); ! DEBUG(0,("DCE can't get expiration. %s\n", dce_errstr)); ! goto err; ! } ! ! set_effective_uid(0); ! set_effective_gid(0); ! ! DEBUG(0,("DCE context expires: %s",asctime(localtime(&expire_time)))); ! ! dcelogin_atmost_once = 1; ! return (True); ! ! err: ! ! /* Go back to root, JRA. */ ! set_effective_uid(0); ! set_effective_gid(egid); ! return(False); } ! void dfs_unlogin(void) { ! error_status_t err; ! int err2; ! unsigned char dce_errstr[dce_c_error_string_len]; ! ! sec_login_purge_context(&my_dce_sec_context, &err); ! if (err != error_status_ok) { ! dce_error_inq_text(err, dce_errstr, &err2); ! DEBUG(0,("DCE purge login context failed for server instance %d: %s\n", ! getpid(), dce_errstr)); ! } } #endif #ifdef KRB5_AUTH --- 168,238 ---- #endif ! #ifdef WITH_DCE #include + #include ! static sec_login_handle_t dce_login_context = NULL; ! int dce_auth(char *user, char *password) { ! error_status_t dce_st; ! dce_error_string_t dce_error; ! int dce_error_st; ! sec_login_auth_src_t auth_src; ! sec_passwd_rec_t pw_entry; ! boolean32 reset_passwd; ! sec_passwd_str_t tmp_pw; ! ! if (!sec_login_setup_identity(user, sec_login_no_flags, &dce_login_context, &dce_st)) ! { ! dce_error_inq_text(dce_st, dce_error, &dce_error_st); ! DEBUG(0, ("dce_auth: unable to setup identity for %s - %s\n", user, dce_error)); ! return 0; ! } ! ! pw_entry.version_number = sec_passwd_c_version_none; ! pw_entry.pepper = NULL; ! pw_entry.key.key_type = sec_passwd_plain; ! strncpy( (char *)tmp_pw, password, sec_passwd_str_max_len); ! tmp_pw[sec_passwd_str_max_len] = '\0'; ! pw_entry.key.tagged_union.plain = &(tmp_pw[0]); ! ! if (!sec_login_valid_and_cert_ident(dce_login_context, &pw_entry, &reset_passwd, &auth_src, &dce_st)) ! { ! dce_error_inq_text(dce_st, dce_error, &dce_error_st); ! DEBUG(0, ("dce_auth: unable to validate identity for %s - %s\n", user, dce_error)); ! return 0; ! } ! ! if (auth_src != sec_login_auth_src_network) ! { ! sec_login_purge_context(&dce_login_context, &dce_st); ! DEBUG(0, ("dce_auth: no network credentials for %s\n", user)); ! return 0; ! } ! ! sec_login_set_context(dce_login_context, &dce_st); ! ! if (dce_st) ! { ! dce_error_inq_text(dce_st, dce_error, &dce_error_st); ! DEBUG(0, ("dce_auth: unable to set context for %s - %s\n", user, dce_error)); ! sec_login_purge_context(&dce_login_context, &dce_st); ! return 0; ! } ! return 1; } ! void dce_logout() { ! error_status_t dce_st; ! ! if (dce_login_context) ! sec_login_purge_context(&dce_login_context, &dce_st); } + #endif #ifdef KRB5_AUTH *************** *** 693,700 **** if (afs_auth(this_user,password)) return(True); #endif ! #ifdef WITH_DFS ! if (dfs_auth(this_user,password)) return(True); #endif #ifdef KRB5_AUTH --- 470,477 ---- if (afs_auth(this_user,password)) return(True); #endif ! #ifdef WITH_DCE ! if (dce_auth(this_user,password)) return(True); #endif #ifdef KRB5_AUTH diff -c -r samba-2.0.3/source/smbd/dosmode.c samba-2.0.3-dce-0.5/source/smbd/dosmode.c *** samba-2.0.3/source/smbd/dosmode.c Sat Feb 27 14:09:09 1999 --- samba-2.0.3-dce-0.5/source/smbd/dosmode.c Wed Mar 24 10:24:48 1999 *************** *** 80,88 **** int result = 0; DEBUG(8,("dos_mode: %s\n", path)); ! if ((sbuf->st_mode & S_IWUSR) == 0) ! result |= aRONLY; if (MAP_ARCHIVE(conn) && ((sbuf->st_mode & S_IXUSR) != 0)) result |= aARCH; --- 80,93 ---- int result = 0; DEBUG(8,("dos_mode: %s\n", path)); ! ! #ifdef WITH_DFS ! if (access(path, W_OK)) ! result |= aRONLY; ! #else if ((sbuf->st_mode & S_IWUSR) == 0) ! result |= aRONLY; ! #endif if (MAP_ARCHIVE(conn) && ((sbuf->st_mode & S_IXUSR) != 0)) result |= aARCH; diff -c -r samba-2.0.3/source/smbd/quotas.c samba-2.0.3-dce-0.5/source/smbd/quotas.c *** samba-2.0.3/source/smbd/quotas.c Sat Feb 27 14:09:09 1999 --- samba-2.0.3-dce-0.5/source/smbd/quotas.c Wed Mar 24 10:24:48 1999 *************** *** 30,36 **** extern int DEBUGLEVEL; ! #ifdef LINUX #include #include --- 30,336 ---- extern int DEBUGLEVEL; ! #ifdef WITH_DFS ! ! #include ! #include ! #include ! #include ! #include ! #include ! #include ! #include ! #include ! #include ! #include ! #include ! #include ! #include ! #include ! #include ! #include ! #include ! #include ! #include ! #include ! #include ! #include ! #include ! #include ! ! #define FLSERVER_H_SIZE 5 ! static rpc_binding_handle_t flserver_h[FLSERVER_H_SIZE]; ! static int flserver_h_count = 0; ! static int flserver_h_index = 0; ! ! static int path_to_fid(char *path, struct afsFid *fidp) ! { ! struct afs_ioctl ioctl_data; ! ! ioctl_data.in_size = 0; ! ioctl_data.out_size = sizeof(afsFid); ! ioctl_data.out = (caddr_t) fidp; ! ! return (!pioctl(path, VIOCGETFID, &ioctl_data, 1)); ! } ! ! static int bind_flservers() ! { ! unsigned32 import_status, group_status, rpc_status; ! rpc_ns_handle_t import_context; ! rpc_ns_handle_t group_context; ! unsigned_char_t *name, *string_binding, *protseq, *network_addr; ! uuid_t obj_uuid; ! unsigned_char_t *string_uuid; ! rpc_binding_handle_t temp_h; ! dce_error_string_t dce_error; ! int dce_error_st; ! ! ! rpc_ns_entry_object_inq_begin(rpc_c_ns_syntax_default, "/.:/fs", ! &import_context, &import_status); ! ! if (import_status) ! { ! dce_error_inq_text(import_status, dce_error, &dce_error_st); ! DEBUG(0, ("dfsquota: bind_flservers.entry_object_inq_begin failed - %s\n", dce_error)); ! return 0; ! } ! ! rpc_ns_entry_object_inq_next(import_context, &obj_uuid, &import_status); ! ! if (import_status) ! { ! dce_error_inq_text(import_status, dce_error, &dce_error_st); ! DEBUG(0, ("dfsquota: bind_flservers.entry_object_inq_next failed - %s\n", dce_error)); ! return 0; ! } ! ! rpc_ns_entry_object_inq_done(&import_context, &import_status); ! ! uuid_to_string(&obj_uuid, &string_uuid, &import_status); ! ! if (import_status) ! { ! dce_error_inq_text(import_status, dce_error, &dce_error_st); ! DEBUG(0, ("dfsquota: bind_flservers.uuid_to_string failed - %s\n", dce_error)); ! return 0; ! } ! ! rpc_ns_group_mbr_inq_begin(rpc_c_ns_syntax_default, "/.:/fs", rpc_c_ns_syntax_default, ! &group_context, &group_status); ! ! if (group_status) ! { ! dce_error_inq_text(group_status, dce_error, &dce_error_st); ! DEBUG(0, ("dfsquota: bind_flservers.group_mbr_inq_begin failed - %s\n", dce_error)); ! return 0; ! } ! ! while ((!group_status) && (flserver_h_count < FLSERVER_H_SIZE)) ! { ! rpc_ns_group_mbr_inq_next(group_context, &name, &group_status); ! ! if (group_status) ! { ! if (group_status != rpc_s_no_more_members) ! { ! dce_error_inq_text(group_status, dce_error, &dce_error_st); ! DEBUG(0, ("dfsquota: bind_flservers.group_mbr_inq_next failed - %s\n", dce_error)); ! } ! continue; ! } ! ! rpc_ns_binding_import_begin(rpc_c_ns_syntax_default, name, NULL, ! NULL, &import_context, &import_status); ! ! if (import_status) ! { ! dce_error_inq_text(import_status, dce_error, &dce_error_st); ! DEBUG(0, ("dfsquota: bind_flservers.binding_import_begin failed - %s\n", dce_error)); ! rpc_ns_binding_import_done(&import_context, &import_status); ! continue; ! } ! ! rpc_ns_binding_import_next(import_context, &temp_h, &import_status); ! ! if (import_status) ! { ! dce_error_inq_text(import_status, dce_error, &dce_error_st); ! DEBUG(0, ("dfsquota: bind_flservers.binding_import_next failed - %s\n", dce_error)); ! rpc_ns_binding_import_done(&import_context, &import_status); ! continue; ! } ! ! rpc_binding_to_string_binding(temp_h, &string_binding, &import_status); ! rpc_binding_free(&temp_h, &rpc_status); ! ! if (import_status) ! { ! dce_error_inq_text(import_status, dce_error, &dce_error_st); ! DEBUG(0, ("dfsquota: bind_flservers.to_string_binding failed - %s\n", dce_error)); ! rpc_ns_binding_import_done(&import_context, &import_status); ! continue; ! } ! ! rpc_string_binding_parse(string_binding, NULL, &protseq, &network_addr, ! NULL, NULL, &import_status); ! rpc_string_free(&string_binding, &rpc_status); ! ! if (import_status) ! { ! dce_error_inq_text(import_status, dce_error, &dce_error_st); ! DEBUG(0, ("dfsquota: bind_flservers.binding_parse failed - %s\n", dce_error)); ! rpc_ns_binding_import_done(&import_context, &import_status); ! continue; ! } ! ! rpc_string_binding_compose(string_uuid, ! protseq, network_addr, NULL, NULL, ! &string_binding, &import_status); ! rpc_string_free(&protseq, &rpc_status); ! rpc_string_free(&network_addr, &rpc_status); ! ! if (import_status) ! { ! dce_error_inq_text(import_status, dce_error, &dce_error_st); ! DEBUG(0, ("dfsquota: bind_flservers.binding_compose failed - %s\n", dce_error)); ! rpc_ns_binding_import_done(&import_context, &import_status); ! continue; ! } ! ! rpc_binding_from_string_binding(string_binding, ! &flserver_h[flserver_h_count], ! &import_status); ! rpc_string_free(&string_binding, &rpc_status); ! ! if (import_status) ! { ! dce_error_inq_text(import_status, dce_error, &dce_error_st); ! DEBUG(0, ("dfsquota: bind_flservers.from_string_binding failed - %s\n", dce_error)); ! } ! else ! flserver_h_count++; ! ! rpc_ns_binding_import_done(&import_context, &import_status); ! } ! rpc_ns_group_mbr_inq_done(&group_context, &group_status); ! rpc_string_free(&string_uuid, &import_status); ! ! return flserver_h_count; ! } ! ! ! BOOL disk_quotas(char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize) ! { ! struct afsFid fidp; ! struct vldbentry fl_entry; ! unsigned32 status, status2; ! unsigned_char_t *string_binding; ! rpc_binding_handle_t ftserver_h; ! struct ftserver_status ft_status; ! struct afsHyper hyper; ! unsigned32 ft_quota, ft_used; ! int index; ! ! if (flserver_h_count == 0) ! if (!bind_flservers()) ! { ! DEBUG(0, ("dfsquota: retrying flserver bind\n")); ! if (!bind_flservers()) ! { ! DEBUG(0, ("dfsquota: unable to bind to any flservers\n")); ! return 0; ! } ! } ! ! if (!path_to_fid(path, &fidp)) ! { ! DEBUG(0, ("dfsquota: path_to_fid failed for %s\n", path)); ! return 0; ! } ! ! for(index = 0; index < flserver_h_count; index++) ! { ! int raised = 0; ! ! TRY ! status = VL_GetEntryByID(flserver_h[flserver_h_index], &fidp.Volume, -1, &fl_entry); ! CATCH_ALL ! status = THIS_CATCH->status.status; ! DEBUG(0, ("dfsquota: flserver[%d] rpc failed - %d\n", flserver_h_index, status)); ! raised = 1; ! ENDTRY ! ! if (!raised) ! { ! if (status) ! { ! DEBUG(0, ("dfsquota: flserver call failed - %d\n", status)); ! return 0; ! } ! else ! break; ! } ! else if ((status >= rpc_s_mod) && (status <= (rpc_s_mod+4096))) ! { ! error_status_t reset_status; ! ! rpc_binding_reset(flserver_h[flserver_h_index], &reset_status); ! if (reset_status) ! DEBUG(0, ("dfsquota: flserver[%d] handle reset failed - %d\n", flserver_h_index, reset_status)); ! } ! ! flserver_h_index = ((flserver_h_index + 1) % flserver_h_count); ! } ! ! if (index == flserver_h_count) ! { ! DEBUG(0, ("dfsquota - all flservers failed\n")); ! return 0; ! } ! ! flserver_h_index = ((flserver_h_index + 1) % flserver_h_count); ! ! rpc_string_binding_compose(NULL, "ncadg_ip_udp", ! inet_ntoa(((struct sockaddr_in *)(&fl_entry.siteAddr[0]))->sin_addr), ! NULL, NULL, &string_binding, &status); ! ! if (status) ! return 0; ! ! rpc_binding_from_string_binding(string_binding, &ftserver_h, &status); ! rpc_string_free(&string_binding, &status2); ! ! if (status) ! return 0; ! ! TRY ! status = FTSERVER_GetOneVolStatus(ftserver_h, &fidp.Volume, ! fl_entry.sitePartition[0], 0, &ft_status); ! CATCH_ALL ! status = THIS_CATCH->status.status; ! ENDTRY; ! ! rpc_binding_free(&ftserver_h, &status2); ! ! if (status) ! { ! DEBUG(0, ("dfsquota: ftserver call failed - %d\n", status)); ! return 0; ! } ! ! ft_quota = ((0xffc00000 & (AFS_hgethi(ft_status.vsd.visQuotaLimit) << 22)) | (0x003fffff & (AFS_hgetlo(ft_status.vsd.visQuotaLimit) >> 10))); ! ! ft_used = ((0xffc00000 & (AFS_hgethi(ft_status.vsd.visQuotaUsage) << 22)) | (0x003fffff & (AFS_hgetlo(ft_status.vsd.visQuotaUsage) >> 10))); ! ! *bsize = 1024; ! *dfree = (ft_quota - ft_used); ! *dsize = ft_quota; ! return 1; ! } ! ! #elif LINUX #include #include diff -c -r samba-2.0.3/source/smbd/server.c samba-2.0.3-dce-0.5/source/smbd/server.c *** samba-2.0.3/source/smbd/server.c Sat Feb 27 14:09:10 1999 --- samba-2.0.3-dce-0.5/source/smbd/server.c Wed Mar 24 10:24:48 1999 *************** *** 40,50 **** extern pstring user_socket_options; - #ifdef WITH_DFS - extern int dcelogin_atmost_once; - #endif /* WITH_DFS */ - - extern fstring remote_machine; extern pstring OriginalDir; extern pstring myhostname; --- 40,45 ---- *************** *** 407,416 **** conn_close_all(); ! #ifdef WITH_DFS ! if (dcelogin_atmost_once) { ! dfs_unlogin(); ! } #endif if (!reason) { --- 402,409 ---- conn_close_all(); ! #ifdef WITH_DCE ! dce_logout(); #endif if (!reason) {