Michael Adam [Mon, 22 Sep 2008 12:51:51 +0000 (14:51 +0200)]
winbindd: fix a comment typo
Michael
(cherry picked from commit
d3e3c2c50ee404de25b46a06bd71f90a7214e69c)
Michael Adam [Mon, 22 Sep 2008 08:34:57 +0000 (10:34 +0200)]
winbind_util: fix an implicit cast compile warning.
Michael
(cherry picked from commit
38020bdeb9115fe41038723a2ffaedb75df8e564)
Michael Adam [Fri, 21 Nov 2008 22:28:08 +0000 (23:28 +0100)]
winbindd: make all winbind rpc-methods static.
Now that the methods are no longer needed in winbindd_ads,
we can make them static again.
Michael
(cherry picked from commit
fc82807659cf4ab23df8ae7b98edfc715b54f591)
Michael Adam [Fri, 21 Nov 2008 01:24:06 +0000 (02:24 +0100)]
winbindd_ads: use the reconnect methods instead of the rpc methods directly
Some of the ads methods just point to the rpc methods.
This makes winbindd_ads use the reconnect methods instead of
calling the rpc methods directly in order to prevent
negative cache entries for e.g. name_to_sid, when the dc
has closed the connection without sending a reset.
Michael
(cherry picked from commit
afd1cba6c18cb56ec13659cec7c86b32de2fda39)
Michael Adam [Thu, 20 Nov 2008 22:26:35 +0000 (23:26 +0100)]
winbindd_ads: prevent negative GM/ cache entries due to broken connections
The ads lookup_groupmem() function calls lda_lookupsids to resolve sids
to names. This is tried only once. So in case the connection was broken,
e.g. closed by the server (without a reset packet), there will be an empty
GM/ cache entry for the requested group which will prevent proper working
of access checks among other checks for the expiry period.
This patch works around this problem by retrying once if the lsa_lookupsids
call fails, re-establishing the dc-connection, as we already do in many other
places (e.g. the winbindd retry methods for the rpc layer).
Michael
(cherry picked from commit
9d5af844c53ff2b25904c96d28546271a249debb)
Jeremy Allison [Fri, 21 Nov 2008 20:32:11 +0000 (12:32 -0800)]
Second part of the fix for bug #5903 - vfs_streams_xattr breaks contents of the file
Jeremy.
(cherry picked from commit
d4481329438d27a23ded85f01f5cf06725221d0e)
Jeremy Allison [Fri, 21 Nov 2008 19:06:33 +0000 (11:06 -0800)]
Ensure we always reply in reply_printopen().
Jeremy.
(cherry picked from commit
e2f699a5d1a2415ce37c052bf24bbecf0d41bae7)
Jeremy Allison [Fri, 21 Nov 2008 18:46:31 +0000 (10:46 -0800)]
First part of fix for bug #5903 - vfs_streams_xattr breaks contents of the file.
Restructures parts of open code so that fsp must be allocated before calling
open_file_ntcreate(_internal). Also fix up file ref-counting inside files.c.
Jeremy.
(cherry picked from commit
1f36db34d7483614e1a4d6d5f3437205bcb20541)
Yasuma Takeda [Thu, 20 Nov 2008 19:36:51 +0000 (11:36 -0800)]
Fix bug #5909 - MS-DFS does not work on Vista, if link name includes multibyte character.
(cherry picked from commit
cae1717f58c89faaf68502c72124ecd1728d3374)
Jeremy Allison [Thu, 20 Nov 2008 18:55:23 +0000 (10:55 -0800)]
Second part of fix for bug #5891 - smbd crashed when viewing the eventlog exported by "eventlog list". Don't leak memory on error paths.
Jeremy.
(cherry picked from commit
b4f01de83a6f65e065117e917fdb208ce6d58c01)
Michael Adam [Thu, 20 Nov 2008 15:31:44 +0000 (16:31 +0100)]
eventlog: don't crash in sync_eventlog_params().
When freeing the talloc ctx at the end of the routine,
it must be a talloc ctx created inside. talloc_tos() needs
to be valid after the function finishes, since callers
(may) have data attached to it.
Michael
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
113c5d28edabdd17a2507e68aad612aa21c758f3)
(cherry picked from commit
3677b2edd42765e50335cdba1651eebc3518e2ae)
Jeremy Allison [Thu, 20 Nov 2008 00:48:53 +0000 (16:48 -0800)]
This code mixes up int and uint32 when pulling out of a TDB. This is very bad. Fixing... May fix bug #5891, not sure.
Jeremy.
(cherry picked from commit
3c92c4f3140d7817a66c6b8d601dd30e5d15c88d)
Jeremy Allison [Wed, 19 Nov 2008 19:31:05 +0000 (11:31 -0800)]
Fix error in commit for bugfix "Fix bug #5904 - libnss_wins causes SIGABRT while servicing getaddrinfo() request."
Jeremy.
(cherry picked from commit
e4b4e9cafbb7dcda761b396a71be9ba4965956bc)
Jeremy Allison [Wed, 19 Nov 2008 19:23:11 +0000 (11:23 -0800)]
Fix bug #5904 - libnss_wins causes SIGABRT while servicing getaddrinfo() request.
Jeremy.
(cherry picked from commit
89d234574b1a2f12b2d9d21c4286648d0da436c3)
Steven Danneman [Sat, 15 Nov 2008 21:07:15 +0000 (13:07 -0800)]
Fix extended DN parse error when AD object does not have a SID.
Some AD objects, like Exchange Public Folders, can be members of Security
Groups but do not have a SID attribute. This patch adds more granular return
errors to ads_get_sid_from_extended_dn(). Callers can now determine if a parse
error occured because of bad input, or the DN was valid but contained no SID.
I updated all callers to ignore SIDless objects when appropriate.
Also did some cleanup to the out paths of lookup_usergroups_memberof()
(cherry picked from commit
48959de11bdeea7f114d8019349b37ada1df5aef)
Steven Danneman [Sat, 15 Nov 2008 03:16:12 +0000 (19:16 -0800)]
Whitespace and >80 column cleanups.
(cherry picked from commit
8a9df932bfcae6bb9bd60914e9c74d13b3dfcd30)
Günther Deschner [Tue, 18 Nov 2008 22:10:22 +0000 (23:10 +0100)]
Fix Bug #5898. ("net rpc shutdown" fails).
Guenther
(cherry picked from commit
40712b9ab1e915d405db45e2f18c72a9957158a9)
Dina Fine [Tue, 18 Nov 2008 20:44:19 +0000 (12:44 -0800)]
Fix bug #5908 - Samba 3.0.32 - internal change notify on share directory fails"
(cherry picked from commit
a3c79bd8d09262257cf8c025753332fb639fc09e)
Kai Blin [Tue, 18 Nov 2008 15:31:34 +0000 (16:31 +0100)]
libsmb: Fix up pointer passed to cli_send_trans in cli_link_internal
Seems like this one fell victim to the pstring removal. The other callers seem
to be fine, even though removing the casts would make the code less confusing.
(cherry picked from commit
aa26b0aa3d913b09ead97c2c0bbfade0dddcd251)
Jeremy Allison [Tue, 18 Nov 2008 18:58:48 +0000 (10:58 -0800)]
Re-structure Volker's patch to "Fix trans2findfirst for the large directory optimization". Makes the change clearer.
Jeremy.
(cherry picked from commit
71878cb566aa9edeb85ac134a1ad60cfbc2927fe)
Volker Lendecke [Tue, 18 Nov 2008 16:03:38 +0000 (17:03 +0100)]
Fix trans2findfirst for the large directory optimization
With
case sensitive = yes
preserve case = no
short preserve case = no
default case = upper
a "dir FOO.txt" would not find "FOO.TXT" because FOO.txt ends up unconverted in
the mask for mask_match.
Jeremy, please check!
Volker
(cherry picked from commit
0dbcc308e30b121268cdfcdd70c50c4ed38ab433)
(cherry picked from commit
96764065e2e2eaa13cb71bc9ea2d75800da7db4f)
Davide Sfriso [Mon, 17 Nov 2008 23:40:43 +0000 (15:40 -0800)]
Fix bug #5906 when running winbindd on a Samba PDC. Winbindd crash on 'getent group'.
(cherry picked from commit
742ac5c45674446546b9e8ee22320a39d700b195)
Jeremy Allison [Mon, 17 Nov 2008 22:05:55 +0000 (14:05 -0800)]
When clearing out vuid cache remember to set entries = 0.
Jeremy.
(cherry picked from commit
1daad740c6f0e3914b691b3e9c57aaf68ba0ca01)
Jeremy Allison [Mon, 17 Nov 2008 21:46:35 +0000 (13:46 -0800)]
Fix bug #5900 reported by monyo@samba.gr.jp - vfs_readonly.so does not work.
Jeremy.
(cherry picked from commit
4cd70457781907edf6641696cc311915905c96fa)
Karolin Seeger [Mon, 17 Nov 2008 14:23:34 +0000 (15:23 +0100)]
s3 create-tarball.sh: Remove dashes in git commands.
Newer git versions (e.g. 1.6.0.2) do not provide the 'git-' commands
any longer.
Karolin
(cherry picked from commit
0cba859f12177aaf3ef2d96663f0a51f61c24d56)
(cherry picked from commit
3d64e67de2b50f7b781aa3f5ad13ec8e866d4333)
(cherry picked from commit
aa41a80969bd413d5922c602c7309bd8c05f3181)
(cherry picked from commit
0b4dd0cb1f81126344a6fe3304b46f880089718d)
Carsten Dumke [Thu, 13 Nov 2008 18:05:00 +0000 (12:05 -0600)]
net: Fix documentation of net rap printq info
The man-page (see net(8)) and the usage-info (call "net help rap printq") of
'net rap printq' do contain an option "list" but in net_rap.c
the option is named "info".
Rename the option "list" in the documentation (man-pages + usage) to "info" to
match the code.
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
0a7fb721cdc0d825cf246d53075ad32a81b2b31d)
TAKAHASHI Motonobu [Sun, 16 Nov 2008 12:17:16 +0000 (13:17 +0100)]
Fix bug 5901: Default for streams_depot location
(cherry picked from commit
a512cc80890a2183d5643d8324fb9dc13fca1e9e)
Günther Deschner [Tue, 15 Jul 2008 21:05:13 +0000 (23:05 +0200)]
Volker Lendecke [Fri, 14 Nov 2008 12:42:54 +0000 (13:42 +0100)]
Make memcache_add_talloc NULL out the source pointer
This is an orthogonality measure to make clear this pointer now belongs to the
cache.
(cherry picked from commit
b0031a6e86565857e602f8011e57e2114835581a)
Volker Lendecke [Thu, 13 Nov 2008 22:50:19 +0000 (23:50 +0100)]
Actually finish memcache_add_talloc
This fixes a memleak found by Martin Zielinski <mz@seh.de>. Thanks for
looking closely!
Volker
(cherry picked from commit
26b1fda4020b7f6629865ae1c62e9b464222e1a2)
Volker Lendecke [Sat, 14 Jun 2008 08:59:11 +0000 (10:59 +0200)]
Use the correct cups-devel test for HAVE_IPRINT also
(cherry picked from commit
a42d7e1146e7469062ead2c8f22f549a48154e03)
(cherry picked from commit
70e5b876b6b422c44ea588dbe319b6ce86a035d7)
Volker Lendecke [Sat, 14 Jun 2008 08:31:11 +0000 (10:31 +0200)]
Correctly check for presence of cups-devel
On SuSE at least cups-config belongs to cups-libs which does not contain the
headers which are in cups-devel.
(cherry picked from commit
2408d2493f7c6e0beee58febd547516bbeb0929d)
(cherry picked from commit
27b0b8f99c6d5b43d9b9079aa74789e27d0a8d84)
Günther Deschner [Fri, 14 Nov 2008 18:49:11 +0000 (19:49 +0100)]
winbind: fix build warning.
Guenther
(cherry picked from commit
3d2570150201e357f31e3d651bc05b7234c84796)
Günther Deschner [Fri, 14 Nov 2008 16:53:29 +0000 (17:53 +0100)]
make some more parts of security.idl public and re-run make idl.
Guenther
(cherry picked from commit
9bca541af7204fedd549a54eec7aa80ed565a8c1)
Günther Deschner [Fri, 14 Nov 2008 15:12:34 +0000 (16:12 +0100)]
re-run make idl.
Guenther
(cherry picked from commit
19568f4e4e94266a7792e6dce8eaa5086f435fc3)
(cherry picked from commit
9c35abfd79d42b1ba04ad8a72a45c4471f8c2fa7)
Stefan Metzmacher [Fri, 7 Nov 2008 09:49:59 +0000 (10:49 +0100)]
security.idl: sometimes ACEs have some padding at the end
metze
(cherry picked from commit
2dc120377baec2c8b7c9b6fe40d15218588c97fd)
(cherry picked from commit
3fa176b5552341ed8ccd40786bd4caee39b414df)
Volker Lendecke [Fri, 14 Nov 2008 12:13:40 +0000 (13:13 +0100)]
Rename some variables in getpwnam_alloc() for clarity
(cherry picked from commit
71bc142bea33af124f07b6244f97bde289fe3a2d)
Volker Lendecke [Fri, 14 Nov 2008 11:49:18 +0000 (12:49 +0100)]
sys_pwnam doesn't return talloced memory, so don't mix up the returned struct.
(cherry picked from commit
eb99923991960e53bd150ac8f1d818cb746101b4)
Günther Deschner [Thu, 13 Nov 2008 20:11:12 +0000 (21:11 +0100)]
re-run make idl.
Guenther
(cherry picked from commit
86deff8d6e6b8e094b15a4e5392098d9b23e5ff5)
(cherry picked from commit
b04a4001813cf0427539a52b0abd2e9a1fa1e5eb)
Günther Deschner [Thu, 13 Nov 2008 20:11:31 +0000 (21:11 +0100)]
Fix PNP_GetHwProfInfo() (fixes Bug: #5888).
Guenther
(cherry picked from commit
111ec984729fe2c47e173dab82f438bcacf42d1c)
(cherry picked from commit
420b68ae51df5b407b7a87033084d41433ef3267)
Jeremy Allison [Thu, 13 Nov 2008 03:26:58 +0000 (19:26 -0800)]
Pretty print out SD's on get/set.
Jeremy.
(cherry picked from commit
ddd3e0524707d732143c1fb831c1ce2bf67dc2bf)
Jeremy Allison [Wed, 12 Nov 2008 22:03:54 +0000 (14:03 -0800)]
Fix memory leak in error path, spotted by Martin Zielinski <mz@seh.de>.
Jeremy.
(cherry picked from commit
a2b17597ea4ad171411a972ba4aa0c14b0f2b058)
Jeremy Allison [Tue, 11 Nov 2008 22:38:36 +0000 (14:38 -0800)]
Fix bug 5891] : smbd crashed when viewing the eventlog exported by "eventlog list"
Don't mix TALLOC and SAFE_FREE().
Jeremy.
(cherry picked from commit
d54624159adc91f82f46e0635d59fc7d858db48f)
Jeremy Allison [Tue, 11 Nov 2008 22:20:53 +0000 (14:20 -0800)]
Fix bug 5889. "delete veto files = no" seems to break.
Jeremy.
(cherry picked from commit
5a58a4f2b689571c52c90d04c969fe3c56551c5c)
Michael Adam [Mon, 10 Nov 2008 14:01:18 +0000 (15:01 +0100)]
build: prevent make errors for picky makes when $(EXTRA_ALL_TARGETS) is empty
picky make implementations don't like lines with only tabs in rules or dependencie
Michael
(cherry picked from commit
058d1e2d0a4985825a62d2adc336a48d91ae4771)
Martin Schwenke [Fri, 7 Nov 2008 01:20:59 +0000 (12:20 +1100)]
Add @CIFSUPCALL_PROGS@ to "all" target so cifs.upcall gets built at
compile time rather than install time. This stops problems where
packaging scripts pass CFLAGS to "make" but not "make install".
Signed-off-by: Martin Schwenke <martin@meltin.net>
Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
884349af686faaf7b6bfec08eb2ac5dbc8e30fe5)
Kai Blin [Fri, 7 Nov 2008 08:50:33 +0000 (09:50 +0100)]
ntlm_auth: Put huge NTLMv2 blobs into extra_data on CRAP auth
This fixes bug #5865
(cherry picked from commit
29257fb4a8faf0ccb49dc4dcb6871a145c5b7f21)
Jeff Layton [Thu, 6 Nov 2008 20:15:57 +0000 (15:15 -0500)]
mount.cifs: use lock/unlock_mtab scheme from util-linux-ng mount prog
The util-linux-ng sources have a good, but rather complex scheme for
locking the mtab before updating it. Mount helpers need to follow the
same scheme. Advisory locking only works if everyone is using the same
locking scheme.
Copy the routines we need from util-linux-ng into a separate source file
and then have mount.cifs and umount.cifs link in this object.
The long term goal is to have these routines in a separate helper
library (libmount). Mount helpers can then dynamically link in that lib.
Until that happens, this should serve as a suitable stopgap solution.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
(cherry picked from commit
ecabc19a114657f38c48a19073eb970338f97010)
Jeremy Allison [Thu, 6 Nov 2008 14:40:35 +0000 (06:40 -0800)]
Fix bug #5825 - Account locking out doesnt work with an LDAP backend.Based on a problem found by Boyang. Only the pdb_nds backend implements login attempts so this was broken for tdbsam and ldap.
Jeremy.
(cherry picked from commit
ab984c93a2b197368ad21cfa0982ac2438ec57bf)
Jeremy Allison [Thu, 6 Nov 2008 03:11:53 +0000 (19:11 -0800)]
Add reference to bug #4308 to remind me to add regression test to smbtorture.
Jeremy.
(cherry picked from commit
b0027aebdfece34a4fa6d5a796989232992dbc59)
Joe Smith [Tue, 4 Nov 2008 19:31:04 +0000 (20:31 +0100)]
Fixed typo in source/utils/net_rap.c
(cherry picked from commit
6c5d5665f24b7317f392d404a600170eacd2b39c)
Volker Lendecke [Tue, 4 Nov 2008 12:33:36 +0000 (04:33 -0800)]
Ignore 3.0 style invalid group mappings during upgrade to ldb
(cherry picked from commit
aed67987cac4daa56fe04c9330a8083223a48a1d)
Volker Lendecke [Mon, 3 Nov 2008 16:09:40 +0000 (17:09 +0100)]
Fix bug triggered by the RAW-SAMBA3OPLOCKLOGOFF test
(cherry picked from commit
71ed975a608126769c9669409d46c894da3ca43e)
Michael Adam [Sun, 2 Nov 2008 22:02:02 +0000 (23:02 +0100)]
winbindd: speed up fill_grent_mem (i.e. winbindd_getgrent) a lot.
With large groups, getgrent ran into timeouts because after each
single user that was added to the expanded group list, the list
was sorted and made unique.
Now the list is sorted just once after all members have been added.
Michael
(cherry picked from commit
ea0858842d20966796bb47f20bae04bbb7232643)
Volker Lendecke [Sun, 2 Nov 2008 09:28:00 +0000 (10:28 +0100)]
Fix bug 5860: safe_strcpy gives a nasty error message for overlong strings
Thanks to Robert Dahlem <Robert.Dahlem@gmx.net> for reporting this!
(cherry picked from commit
9c4617f18f851e3f79061ba89ce0d50a83c6563d)
Andrew Tridgell [Thu, 30 Oct 2008 19:32:06 +0000 (12:32 -0700)]
use glibc sys/inotify.h header
when we first added the inotify code glibc didn't have the inotify
functions yet. Now that it does we can use the official header and
avoid the asm/unistd.h syscall workaround
(cherry picked from commit
09b629e2c42315f8d4dcd0106de9ea840ac28721)
Günther Deschner [Mon, 25 Aug 2008 09:36:56 +0000 (11:36 +0200)]
auth: Fix build warning.
Guenther
(cherry picked from commit
4661ef625a6522d6f859b83e3e3702f01d0b952f)
(cherry picked from commit
60649a74cdf2594bc89c301025f86d23caba91c2)
(cherry picked from commit
680ec1bb2c2e987a40d9d08a14dab6b2e44152a7)
Jeremy Allison [Thu, 30 Oct 2008 00:07:54 +0000 (17:07 -0700)]
Fix CID: 456 - resource leak on function exit.
Jeremy.
(cherry picked from commit
39dd4d55c8cf65641e5c6fbd227d9c92785278c9)
Jeremy Allison [Wed, 29 Oct 2008 23:43:29 +0000 (16:43 -0700)]
Fix CID 606 - failed to return -1 after socket() fail.
Jeremy.
(cherry picked from commit
fb69ff191ded20f58054e398fc67227b63ecb673)
Jeremy Allison [Wed, 29 Oct 2008 23:28:04 +0000 (16:28 -0700)]
Fix CID 574 - tidies up the code expression.
Jeremy.
(cherry picked from commit
64ae7048fefe39d05d0c2c92e3c96b6d83fd8ef5)
Jeremy Allison [Wed, 29 Oct 2008 23:02:16 +0000 (16:02 -0700)]
Coverity fix CID: 592 - null deref (can't happen but doesn't hurt to be sure).
Jeremy.
(cherry picked from commit
7b24a4af219331b12836cd03353fb6a52ddae11c)
Jeremy Allison [Wed, 29 Oct 2008 22:54:57 +0000 (15:54 -0700)]
Coverity fix #CID: 607 - resource leak on error path.
Jeremy.
(cherry picked from commit
2d06ea18caf0cb764bb20e80828d791bf497eae4)
Michael Adam [Mon, 27 Oct 2008 13:28:44 +0000 (14:28 +0100)]
winbind: fix smbd hanging on Solaris when winbindd closes socket.
On some versions of Solaris, we observed a strange effect of close(2)
on a socket: After the server (here winbindd) called close, the client fd
was not marked as readable for select. And a write call to the fd did
not produce an error EPIPE but just returned as if successful.
So while winbindd had called remove_client(), the corresponding smbd
still thought that it was connected, but failed to retrieve answers
for its queries.
This patch works around the problem by forcing the client fd to
the readable state: Just write one byte into the socket before
closing.
Michael
(cherry picked from commit
6cd1575e1cf7564f7c7c56eedf58af8dcb709f44)
Michael Adam [Mon, 27 Oct 2008 12:50:27 +0000 (13:50 +0100)]
build: fix bug #5765 - fix installlibs on solaris by using portable "test -r"
instead of test -e, which /bin/sh on solaris does not know.
Michael
(cherry picked from commit
ed05ee03c59c7fe9994aaa79b15eb6984d641755)
Michael Adam [Mon, 27 Oct 2008 11:59:11 +0000 (12:59 +0100)]
build: fix bug #5677 - fix test_{shlibs,nss_modules,pam_modules} on Solaris
and other systems where sh does not support "export FOO=bar"
by separating setting and exporting the variable.
Thanks to Yasuma Takeda <yasuma@osstech.co.jp> for the patch.
Michael
(cherry picked from commit
be4496be7b7196df4710e1a45878d62c34386305)
Derrell Lipman [Fri, 24 Oct 2008 15:35:10 +0000 (11:35 -0400)]
Error return is boolean false, not -1
- There were a few places in SMBC_getatr() that returned -1 instead of a
boolean. -1 was intended to mean error, but that's what False/false is for,
and the usages of this function assume that it returns a boolean false as
the error condition.
- per Jelmer's request, use false vs. False in new code, even if not making
changes globally.
Derrell
(cherry picked from commit
623391308f3fb26fdc2515baf41bb57ac1e5fc96)
Günther Deschner [Thu, 23 Oct 2008 01:31:32 +0000 (03:31 +0200)]
s3-samr-server: unify callback convention: _samr_UserSetInfo.
Guenther
(cherry picked from commit
aa301e82d0c44c6a733e8be2546d661ea56512ef)
(cherry picked from commit
dcc40a6adec5d00c29a062164cbc68ff4a7779f8)
Günther Deschner [Thu, 23 Oct 2008 01:30:58 +0000 (03:30 +0200)]
s3-samr-server: unify callback convention: _samr_QueryDomainInfo.
Guenther
(cherry picked from commit
ac2c35bc379de83091644455dbeba0bea3e5ceb6)
(cherry picked from commit
02bc790f209f56cc704566ded46973efc35f4a4f)
Günther Deschner [Thu, 23 Oct 2008 01:30:14 +0000 (03:30 +0200)]
s3-samr-server: fix return code in _samr_QueryDisplayInformation.
Guenther
(cherry picked from commit
30fa6c3ba19a8f816043405ba5d9eec84dd1c97b)
(cherry picked from commit
0f6a80fb198f3cc4ffc875c77da3ff3d8b8c5ca3)
Günther Deschner [Wed, 22 Oct 2008 21:16:19 +0000 (23:16 +0200)]
s3-samr-server: fix access check in _samr_QuerySecurity().
Guenther
(cherry picked from commit
25cb282f7042e8192c0bc6d720df0646b74e9a47)
(cherry picked from commit
96b35c32ae99d74608ad95d063629554fee77979)
Jeremy Allison [Mon, 20 Oct 2008 23:53:05 +0000 (16:53 -0700)]
Remove the requirement for ldap call made as root. Add in security
checks for all SAMR calls.
Jeremy.
(cherry picked from commit
b848f96d747fb41c074dd073f24f186539257d71)
(cherry picked from commit
b339f17132b18edad52b4c2f6b348e4b8d789bcb)
Günther Deschner [Wed, 22 Oct 2008 23:42:27 +0000 (01:42 +0200)]
s3-samr-server: _samr_DeleteUser needs to wipe out the user_handle on success.
Guenther
(cherry picked from commit
8a0054c6d273049bea235803db25912f6cf03610)
(cherry picked from commit
40a904ee021e4c9390235f1d476bc37b87ac9b70)
(cherry picked from commit
ae01a98d49be39c258e479d610fa2e58ea2b6c62)
Jeremy Allison [Wed, 22 Oct 2008 20:18:58 +0000 (13:18 -0700)]
Fix net rpc vampire, based on an *amazing* piece of debugging work by "Cooper S. Blake" <the_analogkid@yahoo.com>.
"I believe I have found two bugs in the 3.2 code and one bug that
carried on to the 3.3 branch. In the 3.2 code, everything is
located in the utils/net_rpc_samsync.c file. What I believe is the
first problem is that fetch_database() is calling
samsync_fix_delta_array() with rid_crypt set to true, which means
the password hashes are unencrypted from the RID encryption.
However, I believe this call is redundant, and the corresponding
call for samdump has rid_crypt set to false. So I think the
rid_crypt param should be false in fetch_database().
If you follow the code, it makes its way to sam_account_from_delta()
where the password hashes are decrypted a second time by calling
sam_pwd_hash(). I believe this is what is scrambling my passwords.
These methods were refactored somewhere in the 3.3 branch. Now the
net_rpc_samsync.c class calls rpc_vampire_internals, which calls
libnet/libnet_samsync.c, which calls samsync_fix_delta_array() with
rid_crypt always set to false. I think that's correct. But the
second bug has carried through in the sam_account_from_delta()
function:
208 if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) {
209 sam_pwd_hash(r->rid, r->ntpassword.hash, lm_passwd, 0);
210 pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED);
211 }
212
213 if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) {
214 sam_pwd_hash(r->rid, r->lmpassword.hash, nt_passwd, 0);
215 pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED);
If you look closely you'll see that the nt hash is going into the
lm_passwd variable and the decrypted value is being set in the lanman
hash, and the lanman hash is being decrypted and put into the nt hash
field. So the LanMan and NT hashes look like they're being put in
the opposite fields."
Fix this by removing the rid_crypt parameter.
Jeremy.
(cherry picked from commit
e38436f731ff09333588cc0751c79029a569f390)
(cherry picked from commit
61046225de8a4cd77e94d8c5c4a8f510bc11b79e)
Volker Lendecke [Wed, 22 Oct 2008 12:26:05 +0000 (14:26 +0200)]
Fix bug 5840: Segfault in "rpcclient lsaaddacctrights"
(cherry picked from commit
79222e476edbccf81e70cf1c0d1f40db0b88e20b)
(cherry picked from commit
369fecaeb2470a1f7e68417ccdddb61334e37d92)
Jeremy Allison [Wed, 22 Oct 2008 00:06:53 +0000 (17:06 -0700)]
Cope with MAXIMUM_ALLOWED_ACCESS requests when opening handles.
Jeremy.
(cherry picked from commit
82ec832f7edffe2fcfd1bb067e092c159bed2973)
(cherry picked from commit
042e50f8709cfbe45d5b184cb3c4fe1b16bdc3b0)
Andreas Schneider [Mon, 20 Oct 2008 15:35:42 +0000 (17:35 +0200)]
Delete the krb5 ccname variable from the PAM environment if set.
If winbind sets the KRB5CCNAME variable it should unset it when
the cache gets destroyed.
(cherry picked from commit
e7b0d1c984a37600a234c1f4c95b06e9b5898f30)
(cherry picked from commit
ddba89d7713923bfbf1c8492c5dc6c6d5b220f1e)
Günther Deschner [Mon, 20 Oct 2008 18:16:03 +0000 (20:16 +0200)]
s3-samr-server: be consistent when reporting we do password complexity.
Guenther
(cherry picked from commit
7c2831c5872ad26e1e0cd7df59d6c0b88d566760)
(cherry picked from commit
f8d4596ec2b8f35dd3cc05aa7ee356abb9c0920b)
Jeremy Allison [Fri, 17 Oct 2008 22:25:58 +0000 (15:25 -0700)]
Unify access checks for lsa server functions.
Jeremy.
(cherry picked from commit
ef15ff6abec34377ab7fa75201e2799c0bb72aeb)
(cherry picked from commit
afed4929f9c707fb72b0e8dd12b1a1e8dcab9a84)
Jeremy Allison [Fri, 17 Oct 2008 04:04:18 +0000 (21:04 -0700)]
Cope with bad trans2mkdir requests from System i QNTC IBM SMB client.
If total_data == 4 Windows doesn't care what values
are placed in that field, it just ignores them.
The System i QNTC IBM SMB client puts bad values here,
so ignore them.
Jeremy.
(cherry picked from commit
5b1d8588d01d11251541829c5a3dff211fe925fd)
(cherry picked from commit
feb057d4503118e519b5dbd9d2c3ca2c1ee55380)
Jeremy Allison [Thu, 16 Oct 2008 22:06:13 +0000 (15:06 -0700)]
Unify the logic in pull_ascii_base_talloc() and pull_ucs2_base_talloc().
Jeremy.
(cherry picked from commit
5109bd33719a4bb1534cb0e012c92ec778fb26df)
(cherry picked from commit
01fd94981e322da59ac2c00055220c89de135ebe)
Jeremy Allison [Thu, 16 Oct 2008 18:57:51 +0000 (11:57 -0700)]
Fix bug 5826 - Directory/Filenames get truncated when 3.2.0 client acesses old server.
Karolin this is a show-stopper for 3.2.5.
There was some code in pull_ucs2_base_talloc() to cope with this case which
hadn't been added to pull_ascii_base_talloc(). The older Samba returns non
unicode names which is why you are seeing this codepath being executed.
Jeremy.
(cherry picked from commit
09fa53d927436310ae3c17096d42e2fa4de1dd2e)
(cherry picked from commit
f3b0e219f1a7660ff275db701935eecbe053fa25)
Jeremy Allison [Thu, 16 Oct 2008 01:08:07 +0000 (18:08 -0700)]
Don't use debug level 1 to log a trivial message.
Jeremy.
(cherry picked from commit
7c53cde257515e7bfffc8f3c0b54b7c99554d240)
(cherry picked from commit
520dcfffe78bb079bbdad6de5a4cdc392527f4b8)
Jeremy Allison [Tue, 14 Oct 2008 23:05:00 +0000 (16:05 -0700)]
Attempt to fix bug #5818 - "smbcacls: sorts ACEs improperly and loses inheritance", based on
a patch from Paul Fertser <fercerpav@gmail.com>. I also added the ability to get/set hex
and symbolic inheritance flag names on ACE flags. I'm still investigating the effects
of setting the "SEC_DESC_DACL_AUTO_INHERIT_REQ" flag as I don't yet see what effects
this is having on the ACE sent.
Jeremy.
(cherry picked from commit
e59a21e945e6336f3d7622bf77cf5c2304936b70)
(cherry picked from commit
5d2d94b46bd2ab03e2f83036b4d7fa3e401c3458)
Jeremy Allison [Tue, 14 Oct 2008 22:40:44 +0000 (15:40 -0700)]
Note url explaining this code.
Jeremy.
(cherry picked from commit
4f1cdfe0901f4c78dff56ae5c26d2801b97d50d5)
(cherry picked from commit
9953885d0be6a2477f5fd29940f3f1d6a7136cf4)
Holger Hetterich [Tue, 14 Oct 2008 18:37:41 +0000 (11:37 -0700)]
Fix the "Premature end of data in tag" error when buiding the manpage, fix a typo in the text, add an example for anonymization usage.
(cherry picked from commit
1d202a8a7bccc65e47fc78b17d89b7e74a358487)
(cherry picked from commit
abfdb52b60e84980d22e6c6c3479e67e20311b12)
Holger Hetterich [Mon, 13 Oct 2008 21:18:54 +0000 (14:18 -0700)]
Update the manpage for vfs_smb_traffic_analyzer to include the anonymize_prefix option
(cherry picked from commit
c67cf648331bf4b8268813cb005b7283dd65eb73)
(cherry picked from commit
9222fde6505deb31324b507d73c96bcb6edb161d)
Holger Hetterich [Mon, 13 Oct 2008 21:14:25 +0000 (14:14 -0700)]
Enable optional anonymization of user names,
if the configuration parameter anonymization_prefix is defined in
smb.conf, and use the prefix given there.
(cherry picked from commit
86a621a1a3e08bad8a0b276d8444f1f69a500385)
(cherry picked from commit
e9359e6e8f692c693aad95f9a241c41cc23aa02a)
Volker Lendecke [Tue, 7 Oct 2008 19:24:25 +0000 (21:24 +0200)]
Fix bug 5691: SIGBUS on Solaris
(cherry picked from commit
0f3f34033a80e44fa18cae452a164e445392138a)
(cherry picked from commit
41b2199fd87598076a1f45106b512c94042f7968)
Volker Lendecke [Sun, 12 Oct 2008 08:41:29 +0000 (10:41 +0200)]
Jeremy Allison [Sat, 11 Oct 2008 00:25:44 +0000 (17:25 -0700)]
Now it's working, back port the aync fix for parsing large cups printer lists.
Jeremy.
(cherry picked from commit
48ee5a66d18b805d03f93c85e98a41374d82cfb9)
(cherry picked from commit
f5f7ed4041ef986a5ce208d59bbf39d34373ce71)
Volker Lendecke [Thu, 9 Oct 2008 15:22:59 +0000 (17:22 +0200)]
Make use of ZERO_STRUCT (the first memset was actually wrong)
(cherry picked from commit
e42477caece1a2e861aa0698d2e06847819f0b0d)
(cherry picked from commit
69de2806465742ea6f1ea96d75d2cb3be6b84284)
Jeff Layton [Thu, 9 Oct 2008 14:44:37 +0000 (10:44 -0400)]
mount.cifs: make return codes match the return codes for /bin/mount (try #3)
The manpage for /bin/mount specifies that the return code should be a
positive integer (actually, it's a bitfield). Clean up the return
codes from mount.cifs to make them match the expected return values
from /bin/mount. This necessary for proper integration with autofs.
This is the third attempt at this patch. The changes here are minor,
just changing some return's from main() into exit() calls for
consistency's sake.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
(cherry picked from commit
2374799c8114ae3ed422d1cbe4ca12c4fd075274)
(cherry picked from commit
98bcd52a568c274707cc6ccb9071d07a8bfca1ca)
Jeff Layton [Thu, 9 Oct 2008 14:42:28 +0000 (10:42 -0400)]
mount.cifs: have uppercase_string return success on NULL pointer
We currently don't attempt to uppercase the device portion of the mount
string if there isn't a prefixpath. Fix that by making uppercase_string
return success without doing anything on a NULL pointer.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
(cherry picked from commit
34b5cfe8a0cb8674da0c5ac7d81b6e64160ccaa2)
(cherry picked from commit
3f4cdabc965f824b70891f6a6bcb29e5f9b579e5)
Jeremy Allison [Wed, 8 Oct 2008 18:40:16 +0000 (11:40 -0700)]
Fix bug #5814 - Winbindd dumping core in a strange manner while doing "rescan_trusted_domain".
From analysis by hargagan <shargagan@novell.com> :
"The winbindd_child_died() is also getting called from process_loop() in case of
SIGCHLD signal. In this case it doesn't make the timeout_handler to NULL for
the first request. It then initiate a new request using
schedule_async_request() which installs a new timeout handler for the same
request. In such a case, for a badly unresponsive system both the timeout
handler can be called. For the first call the "private_data" will be cleared
and for another call the timeout handler will be detecting the double free. So,
for such a case as well, the winbindd_child_died() should make the
timeout_handler to NULL."
Jeremy.
(cherry picked from commit
ce8de496ec139b7a56db20c5ffbcbdc2f4db0a51)
(cherry picked from commit
15b2f1d8744d157b131a0441e8738d8519de37c7)
Tim Prouty [Tue, 7 Oct 2008 17:30:22 +0000 (10:30 -0700)]
Fixed build warning "passing arg from incompatible pointer type"
The fix explicitly makes the conversion from timeval to time_t using the
existing time utility functions.
Compiling modules/vfs_smb_traffic_analyzer.c
modules/vfs_smb_traffic_analyzer.c: In function `smb_traffic_analyzer_send_data':
modules/vfs_smb_traffic_analyzer.c:173: warning: passing arg 1 of `localtime' from incompatible pointer type
(cherry picked from commit
22852666ddf3e77404373042ceecb19747ae25cd)
(cherry picked from commit
ed955214133c264865d2f6ca532349f0c1ea8d4b)
Tim Prouty [Tue, 7 Oct 2008 17:13:51 +0000 (10:13 -0700)]
Fixed "declaration shadows global declaration" warnings.
The patch simply uses a more descriptive variable name for tcp_seq.
lib/socket_wrapper/socket_wrapper.c:753: warning: declaration of 'tcp_seq' shadows a global declaration
/usr/include/netinet/tcp.h:40: warning: shadowed declaration is here
lib/socket_wrapper/socket_wrapper.c: In function `swrap_marshall_packet':
lib/socket_wrapper/socket_wrapper.c:919: warning: declaration of 'tcp_seq' shadows a global declaration
/usr/include/netinet/tcp.h:40: warning: shadowed declaration is here
(cherry picked from commit
03cbea1d653c716b16347c831aa56dca0eb297ab)
(cherry picked from commit
fa3096b975de2c7fd747ca9f344e36c911e27a9c)
Volker Lendecke [Mon, 6 Oct 2008 21:10:23 +0000 (14:10 -0700)]
If name_to_fqdn fails, retry with the dns domain the DC gave us
This is a workaround for the cases where you want to join under a netbios name
that is different from your hostname, i.e. a name that can not be found in
/etc/hosts or dns. In these cases, name_to_fqdn fails or gives invalid results.
(cherry picked from commit
84951b54bc1473aa9275c02cc37a9f0d7d4150e2)
(cherry picked from commit
82a086fb6f70dd6b725e4976293bc377a6a90f3a)
Volker Lendecke [Mon, 6 Oct 2008 21:10:10 +0000 (14:10 -0700)]
Log in the parent winbind log where a request is going
(cherry picked from commit
f63bac521f0595ccbcf687678e325649f3e0e5e3)
(cherry picked from commit
b1bcaf45ce14108b7e2b429b96908e30bf6eb90d)
Volker Lendecke [Sun, 21 Sep 2008 18:39:17 +0000 (20:39 +0200)]
Attempt to fix bug 5778
Jeff, Steve, please check!
(cherry picked from commit
110756cc7bcaed5a9d6aa58f3b3fe4481f8d1f31)
(cherry picked from commit
46b050e525b339fbac68329f668e47ebd11b3e08)
(cherry picked from commit
ecc67001315111493738e893917c4550be7828a1)
Volker Lendecke [Sun, 5 Oct 2008 21:34:58 +0000 (14:34 -0700)]
Remove an unused variable
(cherry picked from commit
41aed9f2f3c6d53e1b8b6d72467bc5d5a0689dce)
(cherry picked from commit
7cb9d82244a8e93261d12a3800334d8152a2431e)