Stefan Metzmacher [Wed, 19 Sep 2012 22:52:19 +0000 (00:52 +0200)]
s3:smb2_server: do the req->next_status check before the signing checks
Windows 2012 returns NT_STATUS_INVALID_PARAMETER to
the smb2.compound.invalid1 test if that uses signing
(instead of NT_STATUS_ACCESS_DENIED).
metze
(similar to commit
4384485f82aac109bf4c4c31075e313e54b4c076)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
ebabb40d1d423fab720735ac9225a09a8fc5feca)
Stefan Metzmacher [Thu, 20 Sep 2012 03:10:28 +0000 (05:10 +0200)]
s3:smb2_server: reset req->last_session_id and req->last_tid after using it
If we can find a valid session or tcon we'll set it after the lookup,
but it need to make sure to reset it if we don't find the session.
This fixes a problem where a compound unrelated request between
related requests doesn't reset the session.
If we have 3 requests in a compound chain, request 3 should never
use the id's cached from request 1. It should only every inherit
handles from request 2.
metze
(similar to commit
2552b6632372b35cbd7b788c4e00091dfe520a41)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
68ef8cf99a7421daa1d57895189cfc2dc508adfd)
Michael Adam [Wed, 19 Sep 2012 22:36:29 +0000 (00:36 +0200)]
s4:torture:smb2: fix the compound.invalid3 test to work against windows (cherry picked from commit
bd8d50b451ea7f94efa7777fbe5dc0c2c19f6bf9)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
9e662f376f7ecffb7b0d113db674192b2d64a77a)
Michael Adam [Wed, 19 Sep 2012 22:35:52 +0000 (00:35 +0200)]
s4:torture:smb2: fix compound.related3 test to work against windows (cherry picked from commit
8e525a29a7c6512f61e4647ecb2e0771e2019a49)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
96aa3cdc6846994c0799672b509d60796198b9fa)
Ira Cooper [Wed, 19 Sep 2012 18:39:07 +0000 (18:39 +0000)]
s3: Compound requests should continue processing.
This patch addresses #9173.
Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
75951946193c874b6db30c1b9c8722264c3ce656)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
750b600d35f87103f47619fb5961afabeb4d32f2)
Stefan Metzmacher [Thu, 27 Oct 2011 19:41:11 +0000 (21:41 +0200)]
s4:torture/smb2: fix compound.invalid2 against windows
Tested against w2k8r2 with signing and win8pre0 without signing.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Oct 31 21:40:25 CET 2011 on sn-devel-104
(cherry picked from commit
c90870f9b728dfb827ebc2fe8ad67a7ca3a50c43)
(cherry picked from commit
41a797a4c0d082d4e2a1d34645c4974de41df199)
Jeremy Allison [Fri, 13 Jul 2012 23:25:23 +0000 (16:25 -0700)]
Fix bug #9016 - Connection to outbound trusted domain goes offline.
By the time we've gotten to init_dc_connection_network() we shouldn't
be second guessing the caller by calling winbindd_can_contact_domain().
If for some reason we do need to restrict the contact list here we
can add a condition to only contact the primary domain or domains
listed in the tdc cache, but I don't think that's neccessary.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jul 14 03:17:57 CEST 2012 on sn-devel-104
(cherry picked from commit
726ecf6a915ff534af4076e9d0cdebf8b5435d61)
(cherry picked from commit
d4faae3dbdfdd600bbf9bddb2589b8a6dc8434b6)
Andreas Schneider [Wed, 26 Sep 2012 16:21:55 +0000 (18:21 +0200)]
s3-spoolss: Fix builtin forms order to match Windows again.
Thanks to mamachine@gmail.com.
(cherry picked from commit
24fc5b46f2b33f94bf79fc375432609697aaa45e)
Signed-off-by: Andreas Schneider <asn@samba.org>
Fix bug #8632 - printing regression: form sizes seem broken, cannot print letter
size correctly.
(cherry picked from commit
f2d6c007503a335fb7ef0f74cc2f3d4850752829)
Jeremy Allison [Mon, 24 Sep 2012 23:43:12 +0000 (16:43 -0700)]
Fix bug #9189 - SMB2 Create doesn't return correct MAX ACCESS access mask in blob.
If we aren't already granted DELETE access, check if we have
DELETE_CHILD in the containing directory.
(cherry picked from commit
d0eb11f521fb21dc0eed4279101e41102a123757)
Jeremy Allison [Mon, 24 Sep 2012 23:42:57 +0000 (16:42 -0700)]
Add some const to can_delete_file_in_directory().
(cherry picked from commit
0a1f8e7de939c7eb71cfa8cc8f8eef4800d00b78)
Björn Jacke [Tue, 18 Sep 2012 11:57:30 +0000 (13:57 +0200)]
quota: add supprt for gfs2
gfs2 uses the same generic quota interface as xfs and it has the same base
block/quota block size ratio and seems to work nice with the xfs quota module.
(People using gfs should be aware that quota reporting is lagging quite a bit
on gfs. If you copy a file on a gfs volume the quota values are being updated
with a delay of 30s here with kernel 3.5. This reporting can lead to data
corruption if a client thinks he can write but actually he suddently can't.)
(cherry picked from commit
0b57d1c07520f4995412f224945324fef29f5989)
Fix bug #9172 - quota on gfs2 being reported wrong.
(cherry picked from commit
16a3b6e02d1bb8345984ab6a8c81e446d8de2f54)
Günther Deschner [Wed, 19 Sep 2012 08:59:50 +0000 (10:59 +0200)]
pam_winbind: match more return codes when wbcGetPwnam has failed.
This is required to properly return PAM_USER_UNKNOWN in case winbind had a
problem.
Guenther
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Sep 19 15:06:10 CEST 2012 on sn-devel-104
Fix bug #9177 - pam_winbind's pm_sm_acct_mgmt needs to return PAM_USER_UNKNOWN.
(cherry picked from commit
de0764d75dc6dd0900a699fe504c576f3f6f2de4)
Andreas Schneider [Tue, 18 Sep 2012 12:43:33 +0000 (14:43 +0200)]
s3-docs: Remove non-existent option from winbindd manpage.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Fix bug #9171 - winbindd -Y is documented but not implemented.
(cherry picked from commit
1a97d0cf2baa306a0d33e0fc8d4d3e7d01e1d5ca)
Volker Lendecke [Tue, 18 Sep 2012 22:31:26 +0000 (15:31 -0700)]
s3: Fix idmap_hash
Calling be_init with NULL safely crashes, because we dereference NULL. We
don't need to call it here, this is called in all workers anyway. Thanks
to Jiri Sasek <jiri.sasek@oracle.com> for finding this.
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Sep 20 05:03:54 CEST 2012 on sn-devel-104
Fix bug #9188 - idmap_hash crashes.
(cherry picked from commit
09c91a947005f8feb377dab40fcb937390a4efcb)
Jeremy Allison [Tue, 18 Sep 2012 18:51:31 +0000 (11:51 -0700)]
Fix bug #9174: Empty SPNEGO packet can cause smbd to crash.
All fields within NegTokenInit and NegTokenTarg are optional. We incorrectly
assume we'll always get a data blob and indirect within it.
(cherry picked from commit
66c3247e74f8d545b1d769c7d9ef6542a08f0719)
Karolin Seeger [Tue, 18 Sep 2012 09:08:17 +0000 (11:08 +0200)]
RHEL packaging: Try to fix makerpms.sh on RHEL.
Address bug #9165 - makerpms.sh can't create package fo RHEL.
Karolin
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Tue Sep 18 12:51:01 CEST 2012 on sn-devel-104
(cherry picked from commit
6fb91dd36950151aeec69c074f4d900a6e7adba1)
(cherry picked from commit
6357c591b62ca275d861d80a651977e16fce949d)
Björn Jacke [Fri, 14 Sep 2012 18:08:19 +0000 (20:08 +0200)]
configure: fix wrong test == syntax
This fixes bug #8146. Thanks to Joachim Schmitz for reporting!
(cherry picked from commit
03a93b81d63b686ba57d106002584b893d885da3)
Andreas Schneider [Wed, 12 Sep 2012 10:12:58 +0000 (12:12 +0200)]
s3-rap: Open printers with the right access mask.
Fix bug #9154.
(cherry picked from commit
1f8c9ab88e7a2e28e503e99baabb88c3cebbc4b6)
Signed-off-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
9b3a4a16c2068437996650c36d201616a9daa8d3)
Luca Lorenzetto [Tue, 11 Sep 2012 16:35:42 +0000 (18:35 +0200)]
nsswitch: fix crash on null pam change pw response
The function _pam_winbind_change_pwd crashes due to a null value passed
to the function strcasecmp and denies to login via graphical login
manager. Check for a null value before doing a strcasecmp.
Bug-Ubuntu: https://bugs.launchpad.net/bugs/
1003296
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9013
(Desktop Managers (xdm, gdm, lightdm...) crashes with SIGSEGV in
_pam_winbind_change_pwd() when password is expiring)
(cherry picked from commit
47f2211f137688a7c46c4a38571a9f94e59dbf6a)
Jeremy Allison [Tue, 11 Sep 2012 20:25:14 +0000 (13:25 -0700)]
Fix bug #9147 - winbind can't fetch user or group info from AD via LDAP
Don't use "isprint" in ldb_binary_encode(). This is locale specific.
Restrict to ASCII only, hex encode everything else.
(cherry picked from commit
f4d2e6b6c321ecfccadc3b19f4a27991cf93eb8c)
Karolin Seeger [Mon, 17 Sep 2012 08:18:45 +0000 (10:18 +0200)]
WHATSNEW: Start release notes for Samba 3.6.9.
Karolin
(cherry picked from commit
734e17745b8c7e0fea91949c9871a4372b8d9b3d)
Karolin Seeger [Mon, 17 Sep 2012 08:16:12 +0000 (10:16 +0200)]
VERSION: Bump version number up to 3.6.9.
Karolin
(cherry picked from commit
2b3c81117875259b45a5afcac022d25872c85a47)
Karolin Seeger [Fri, 14 Sep 2012 08:08:12 +0000 (10:08 +0200)]
WHATSNEW: Add major changes.
Karolin
(cherry picked from commit
4ba3dedfa898ad12465fc4307aa29575ba8b44d5)
Karolin Seeger [Fri, 14 Sep 2012 07:47:47 +0000 (09:47 +0200)]
WHATSNEW: Add changes since 3.6.7.
Karolin
(cherry picked from commit
34476abd44cb0b7c806b671727b3b814928202e1)
Volker Lendecke [Mon, 10 Sep 2012 09:25:03 +0000 (11:25 +0200)]
s3: delete requests are not special
The only difference between batch and exclusive oplocks is the time of
the check: Batch is checked before the share mode check, exclusive after.
Signed-off-by: Jeremy Allison <jra@samba.org>
Fix bug #9150 - Valid open requests can cause smbd assert due to incorrect
oplock handling on delete requests.
(cherry picked from commit
9d0a8945ce9f521934d6f580d2b48abce0169a6d)
Björn Jacke [Thu, 6 Sep 2012 05:58:00 +0000 (07:58 +0200)]
sysquota: we need to list nfs4 as a separate fs name for the sys_get_nfs_quota backend
at least the Linux kernel up to 3.5.0 lists NFSv4 aѕ nfs4 and not as nfs
(cherry picked from commit
a6df44b3ae1ca6395d05e1af804a779d785358db)
Fix bug #9144 - nfs quota support not working with Linux nfs4 mounts.
(cherry picked from commit
e059bcc59498661f165b13fb84edcb80900815ce)
Christian Ambach [Wed, 5 Sep 2012 13:07:54 +0000 (15:07 +0200)]
s3:client use more access bits for snapshot display
otherwise Windows server will reject the request for shadow copy enumeration
with access denied
The last 2 patches address bug #9137 - smbclient allinfo does not show snapshot
list.
(cherry picked from commit
9acfa6126229cc61ba5f45908f97c68f353f8f85)
Christian Ambach [Thu, 30 Aug 2012 14:43:33 +0000 (16:43 +0200)]
s3:libsmb correctly set isFsctl for snapshot list
FSCTL_GET_SHADOW_COPY_DATA is a FSCTL, so set the isFsctl marker
otherwise smbclient allinfo will not report snapshots any more with the changes
made for Bug #8311
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Thu Aug 30 18:57:24 CEST 2012 on sn-devel-104
(cherry picked from commit
1f8d68699ffcee1513ae68f8c6ef947a05742bc6)
Andreas Schneider [Tue, 4 Sep 2012 12:30:38 +0000 (14:30 +0200)]
s3-winbind: DON'T PANIC if we couldn't find the domain.
If we don't have a connection to a trusted domain but still try to do a
lookup we shouldn't segfault.
Signed-off-by: Andreas Schneider <asn@samba.org>
Fix bug #9135 - Don't segfault if we don't find a domain in
resolve_username_to_alias()/fill_grent() .
(cherry picked from commit
7ec71c28e9153164d222966a3753333f1804c8c7)
Jeremy Allison [Wed, 29 Aug 2012 23:55:21 +0000 (16:55 -0700)]
Fix bug #9124 - Samba fails to set "inherited" bit on inherited ACE's.
Change se_create_child_secdesc() to handle inheritance correctly.
(cherry picked from commit
1bb5d205ecc071a98ce5717e2e009fb1875aeae2)
Jeremy Allison [Wed, 29 Aug 2012 20:40:29 +0000 (13:40 -0700)]
Windows does canonicalization of inheritance bits. Do the same.
We need to filter out the
SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ
bits. If both are set we store SEC_DESC_DACL_AUTO_INHERITED
as this alters whether SEC_ACE_FLAG_INHERITED_ACE is set
when an ACE is inherited. Otherwise we zero these bits out.
See:
http://social.msdn.microsoft.com/Forums/eu/os_fileservices/thread/
11f77b68-731e-407d-b1b3-
064750716531
for details.
(cherry picked from commit
d02f39f97624260bd226977b30c80974d0ce0fe0)
(cherry picked from commit
c36e78f98f45b51a2d1fba6bedb5e4d39c0f4bbe)
Jeremy Allison [Wed, 29 Aug 2012 23:52:02 +0000 (16:52 -0700)]
Change the other two places where we set a security descriptor given by the client to got through set_sd(), the canonicalize sd function.
(cherry picked from commit
7e03ebf094a98c572816cb81ef3cf4c02aaafcfd)
Jeremy Allison [Wed, 29 Aug 2012 20:29:34 +0000 (13:29 -0700)]
Re-add set_sd(), called from set_sd_blob(). Allows us to centralize all ACL canonicalization. (cherry picked from commit
05734b67b8ed5516d81000eac48acd0915567629)
(cherry picked from commit
67f82b4cb65294dc2e3c3a144d91df9bbfdaa90c)
Jeremy Allison [Wed, 29 Aug 2012 20:23:06 +0000 (13:23 -0700)]
Rename set_sd() to set_sd_blob() - this describes what it does. (cherry picked from commit
61957ff9f6124eabae050f5425d7d0597ae6a127)
(cherry picked from commit
b6791f4878bfdd2266f27b1e962324966ef03e31)
Andreas Schneider [Tue, 28 Aug 2012 12:17:22 +0000 (14:17 +0200)]
s3-smbd: Fix flooding the logs with records we don't find in pcap.
Signed-off-by: Andreas Schneider <asn@samba.org>
Fix bug #9112 - smbd.log is flooded by 'printer_list_get_printer: Failed to
fetch record!'.
(cherry picked from commit
4f4a972e277859a63b60a9bbaff094e00338aba9)
Jeremy Allison [Wed, 22 Aug 2012 18:05:19 +0000 (11:05 -0700)]
Bug #9058] Files not deleted, smbstatus shows "Segmentation fault".
Fix smbstatus code dump when a file entry has delete tokens.
(cherry picked from commit
2d1bf06f440c9607ee7b60e65ab33f70b9657770)
David Disseldorp [Tue, 28 Aug 2012 16:58:24 +0000 (18:58 +0200)]
s3-printing: fix bug 9123 lprng job tracking errors
The lprng printing back-end is truncating the print job filename in the
lpq output, which means that Samba is not able to determine the back-end
job ID for a newly submitted print job.
Remove the unneeded spoolss job ID from the print job file name to
ensure the job filename is not truncated. Also log these warnings at a
higher log level.
(cherry picked from commit
4050cc8be25299514f7ebe609419f74aff8da423)
Andreas Schneider [Tue, 28 Aug 2012 12:53:01 +0000 (14:53 +0200)]
s3-smbd: Initialize the print backend after we setup winreg.
The print backend init also migrates the printing tdb to winreg. For
this we need to setup the winreg pipe first.
Signed-off-by: Andreas Schneider <asn@samba.org>
Fix bug #9122 - winreg_printer_openkey: Could not open HKLM hive:
NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE.
(cherry picked from commit
0f1496516d4f4c3da0fb875e944b48861ef2330b)
Günther Deschner [Tue, 28 Aug 2012 12:30:13 +0000 (14:30 +0200)]
s4-torture: let torture_suite_add_ndr_pull_test always work with NDR_SCALARS|NDR_BUFFERS flags.
I checked all the callers (one) that needs them.
Guenther
See bug #9026 - 3.6.6 upgrade from 3.5.x fails with "Couldn't migrate printers
tdb file: NT_STATUS_NO_MEMORY" for details.
(cherry picked from commit
b61e67d9fbb5d412da31233c6cd08ebdea6718ac)
hargagan [Tue, 28 Aug 2012 07:29:52 +0000 (09:29 +0200)]
s3: Fix bug #9085.
NMB registration for a duplicate workstation fails with registration refuse.
(cherry picked from commit
71c4227fd0a741984fb273ad1973ad1724ecb04b)
Björn Jacke [Fri, 24 Aug 2012 19:13:45 +0000 (21:13 +0200)]
s3: fix #9037 even more - open and netbsd have the md5 symbols in libc
(cherry picked from commit
e2200d51550f73e66924277d4c7290b0eeab3f23)
Stefan Metzmacher [Thu, 23 Aug 2012 16:46:27 +0000 (09:46 -0700)]
s3:smb2_ioctl: add some more validation checks
Based on a patch from Christian Ambach <ambi@samba.org>.
metze
The last 2 patches address bug #9058 - Files not deleted, smbstatus shows
"Segmentation fault".
(cherry picked from commit
16cda12d31bf0ce495ec957b2cf1f432369d5102)
Volker Lendecke [Thu, 23 Aug 2012 16:45:53 +0000 (09:45 -0700)]
Backport FSCTL codes from master
(cherry picked from commit
20909ff4eda1181612e0f1f09191e86369044d24)
Andreas Schneider [Wed, 30 Nov 2011 16:58:30 +0000 (17:58 +0100)]
s3-libsmb: Remove obsolete smb_krb5_locate_kdc.
Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Fix bug #9111 - Fix compilation with newer MIT kerberos which hides internal
symbols.
(cherry picked from commit
bc593e2ddfb33d88d2b58a0e721d448bbd30426c)
Volker Lendecke [Thu, 16 Aug 2012 18:10:41 +0000 (20:10 +0200)]
s3: Fix #9037, BSD has -lmd instead of -lmd5
(cherry picked from commit
a9fc50f9e97d437e18f67f077b0de89b6781e2c3)
Jeremy Allison [Tue, 21 Aug 2012 18:24:58 +0000 (11:24 -0700)]
Fix bug #9098 - winbind does not refresh kerberos tickets.
Based on work from Ian Gordon <ian.gordon@strath.ac.uk>.
(cherry picked from commit
3f60bff699223a8895d060585f765706e167da37)
(cherry picked from commit
ecf4d5e79c4dad452600498958ebe7a8e1c81fcd)
Herb Lewis [Mon, 20 Aug 2012 21:51:28 +0000 (14:51 -0700)]
Fix bug #9104 - winbindd can mis-identify idle clients - can cause crashes and NDR parsing errors.
A connection is idle when both struct winbindd_cli_state->request AND
struct winbindd_cli_state->response are NULL. Otherwise we can flag
as idle a connection in the state of having sent the request to
the winbindd child (request != NULL) but not yet received a reply
(response == NULL).
(cherry picked from commit
f6f27baa92a20d5beeee23b8e1e86f0c9ace85b8)
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
733dbbb5e71fe24c46206d3497aa4067138f375d)
Jeremy Allison [Mon, 20 Aug 2012 22:21:26 +0000 (15:21 -0700)]
Ensure we keep last_access up to date when processing a request.
(cherry picked from commit
c4dadb5867111029c90fd395b64217a23d53f722)
Salvador I. Gonzalez [Sat, 11 Aug 2012 17:46:41 +0000 (13:46 -0400)]
Fix smbclient/tarmode panic on connecting to Windows 2000 clients.
'Freed frame ../source3/libsmb/clilist.c:934, expected ../source3/client/clitar.c:821'
Cause: (strequal(finfo->name,"..") || strequal(finfo->name,"."))
evaluates to true, do_tar returns without freeing ctx
Fix bug #9088 - [PATCH] Freed frame ../source3/libsmb/clilist.c:934, expected
../source3/client/clitar.c:821.
(cherry picked from commit
10d21935d69579f381f85cdd19883f57b8030fef)
Andrew Bartlett [Sun, 15 Jul 2012 04:38:18 +0000 (14:38 +1000)]
s3-auth Use correct RID for domain guests primary group
This was incorrect in commit
9dd7e7fc2d6d1aa7f3c3b741ac134e087ce808fd
as the RID was from the BUILTIN domain, but this creates a guest
account token for the real domain.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jul 19 05:56:28 CEST 2012 on sn-devel-104
Fix bug #9067 - Domain Guest have wrong primary group RID.
(cherry picked from commit
5c0a169275ccf046190a0d08d93fc37e6b9bcf75)
Andrew Bartlett [Sun, 15 Jul 2012 02:22:44 +0000 (12:22 +1000)]
Revert "s3:auth make sure the primary group sid is usable"
This reverts commit
00089fd74af740f832573d904312854e494a869e.
The issue with this patch, which I did sign off on, is that for the
domain member case, we already know that the SID is reasonable and
valid, and we indeed rely on that, because we keep it as an additonal
group anyway. The primary group is not so special that we need to do
extra validation.
Calling this function may put a user into the domain 'domain users'
group, even if they are not in that group to start with.
Andrew Bartlett
Fix bug #9066 - Domain Users incorrectly added as addition group on domain
members.
(cherry picked from commit
68aedaf59787971cd9520cef3a345d99da079ca3)
Volker Lendecke [Tue, 7 Aug 2012 23:49:52 +0000 (16:49 -0700)]
s3: Fix a crash in reply_lockingX_error
A timed brlock with 2 locks comes in and the second one blocks,
file is closed. smbd_cancel_pending_lock_requests_by_fid sets
blr->fsp to NULL. reply_lockingX_error (called via
MSG_SMB_BLOCKING_LOCK_CANCEL) deferences blr->fsp because
blr->lock_num==1 (the second one blocked).
This patch fixes the bug by only undoing the locks if fsp!=NULL.
fsp==NULL is the close case where everything is undone anyway.
Thanks to Peter Somogyi, somogyi@hu.ibm.com for this bug report.
Fix bug #9084 - Blocking lock followed by close can crash smbd.
(cherry picked from commit
d80fbbea8ec77c0bda0e3fb9eaed2f170784ea7d)
David Binderman [Tue, 24 Jul 2012 22:46:10 +0000 (15:46 -0700)]
Fix bug 9065: source3/registry/regfio.c: bad call to memcpy
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
2575cd4f189d28e7d4def211a89348ab7e515e83)
(cherry picked from commit
3ce8703a0a8566be36ccbab4271d4f953d2763de)
Karolin Seeger [Mon, 6 Aug 2012 18:05:13 +0000 (20:05 +0200)]
WHASTNEW: Start release notes for Samba 3.6.8.
Karolin
(cherry picked from commit
af159e2873888186665aeafc23491bf0b22f738c)
Karolin Seeger [Mon, 6 Aug 2012 18:02:52 +0000 (20:02 +0200)]
VERSION: Bump version number up to 3.6.8.
Karolin
(cherry picked from commit
cefbf9a13ee9c3a4ca3df2e7687466a0c542d888)
Karolin Seeger [Mon, 30 Jul 2012 17:10:53 +0000 (19:10 +0200)]
WHATSNEW: Add latest changes to the release notes.
Karolin
(cherry picked from commit
54233b5eecb6a29641e69d5fe36be9a3ad7b9dc2)
Günther Deschner [Fri, 6 Jul 2012 17:02:00 +0000 (19:02 +0200)]
s4-torture: add ntprinting ndr operations testsuite.
Guenther
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Jul 6 20:55:26 CEST 2012 on sn-devel-104
(cherry picked from commit
4cafbb4e7443779ab1c58581709114db9a7bf918)
The last 4 patches address bug #9026 - 3.6.6 upgrade from 3.5.x fails with
"Couldn't migrate printers tdb file: NT_STATUS_NO_MEMORY".
(cherry picked from commit
25745ccc264ff4c649a778fc18ff7fb60ca80333)
Günther Deschner [Fri, 6 Jul 2012 16:22:36 +0000 (18:22 +0200)]
ntprinting: mark the final 4 byte null pointer for printer data in ndr_pull_ntprinting_printer as read.
Guenther
(cherry picked from commit
8835eab013ea1c8919dd6aafda090733f6224535)
(cherry picked from commit
91bf5dc455faf0741dd74243e73f922683f5a5ab)
David Disseldorp [Fri, 6 Jul 2012 12:00:27 +0000 (14:00 +0200)]
ndr: fix push/pull DATA_BLOB with NDR_NOALIGN
This change addresses bug 9026.
There are 3 use cases for DATA_BLOB marshalling/unmarshalling:
1)
ndr_push_DATA_BLOB and ndr_pull_DATA_BLOB when called with
LIBNDR_FLAG_ALIGN* alignment flags set, are used to push/pull padding
bytes _only_. The length is determined by the alignment required and
the current ndr offset.
e.g. dcerpc.idl:
typedef struct {
...
[flag(NDR_ALIGN8)] DATA_BLOB _pad;
} dcerpc_request;
2)
When called with the LIBNDR_FLAG_REMAINING flag, all remaining bytes in
the ndr buffer are pushed/pulled.
e.g. dcerpc.idl:
typedef struct {
...
[flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier;
} dcerpc_request;
3)
When called without alignment flags, push/pull a uint32 length _and_ a
corresponding byte array to/from the ndr buffer.
e.g. drsblobs.idl
typedef [public] struct {
...
DATA_BLOB data;
} DsCompressedChunk;
The fix for bug 8373 changed the definition of "alignment flags", such
that when called with LIBNDR_FLAG_NOALIGN ndr_push/pull_DATA_BLOB
behaves as (1: padding bytes) rather than (3: uint32 length + byte
array).
This breaks marshalling/unmarshalling for the following structures.
eventlog.idl:
typedef [flag(NDR_NOALIGN|NDR_PAHEX),public] struct {
...
DATA_BLOB sid;
...
} eventlog_Record_tdb;
ntprinting.idl:
typedef [flag(NDR_NOALIGN),public] struct {
...
DATA_BLOB *nt_dev_private;
} ntprinting_devicemode;
typedef [flag(NDR_NOALIGN),public] struct {
...
DATA_BLOB data;
} ntprinting_printer_data;
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
0d3249b927465fdca1765cbd7e17c947364b5ef0)
(cherry picked from commit
896e312c8067f5d14a7fbf6b8b810c7a61bf26e2)
Günther Deschner [Fri, 6 Jul 2012 16:04:33 +0000 (18:04 +0200)]
ntprinting: make decode_ntprinting helpers public in idl.
Guenther
(cherry picked from commit
66514f8bbe5f9e2dcd8be90450ef339305a3161c)
(cherry picked from commit
23a5cbc7311090d93584acc12ce52a49993cfdec)
Karolin Seeger [Thu, 26 Jul 2012 17:50:09 +0000 (19:50 +0200)]
WHATSNEW: Add changes since 3.6.6.
Karolin
(cherry picked from commit
5c57ea4fd6af0b520dd3cabc57f07cc94f95b468)
David Binderman [Mon, 23 Jul 2012 22:25:57 +0000 (15:25 -0700)]
Fix bug 9062: cmd_lsarpc.c:1171: bad call to data_blob_const
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
db007b46222c02e23fb9566128ee436ad6c11bf9)
Jiri Popelka [Fri, 20 Jul 2012 18:53:31 +0000 (11:53 -0700)]
Use ippGet/ippSet (accessors) for IPP API.
CUPS 1.6 makes various structures private and
introduces these ippGet and ippSet functions
for all of the fields in these structures.
http://www.cups.org/str.php?L3928
We define our own accessors when CUPS < 1.6.
Modified for 3.6.x by Jeremy Allison.
Signed-off-by: Jeremy Allison <jra@samba.org>
Fix bug #9055 - doesn't build against CUPS 1.6.
(cherry picked from commit
684f83433d9697137aab9d8516ad2155929e15bf)
Jura Sasek [Tue, 24 Jul 2012 18:58:58 +0000 (20:58 +0200)]
Fix bug #9037 - Name clash in MD5 cause...
... the "net ads join" fails on T4 (sun4v) systems on Solaris 10.
(cherry picked from commit
c6673d9d2161ff1d8491f6cbc0b6ea0be03cdf4d)
Andreas Schneider [Sat, 21 Jul 2012 00:12:09 +0000 (17:12 -0700)]
s3-winbind: Fix bug #9052 resolving our own "Domain Local" groups.
We don't resolve our own "Domain Local" groups since bug #7843 has been
fixed. So we need to add the add resource groups to the sid list too.
Before bug #7843 the "Domain Local" groups were added with a
lookupuseraliases call, but this isn't done anymore for our domain
so we need to resolve resource groups here.
When to use Resource Groups:
http://technet.microsoft.com/en-us/library/
cc753670%28v=WS.10%29.aspx
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ce8dfb6be131edb94191a78bf28102415b5d8c4c)
David Disseldorp [Tue, 26 Jun 2012 23:23:57 +0000 (01:23 +0200)]
s3-printing: fix broken print_job_get_name() return
The last 18 patches address bug #8719 - printing fails in function
cups_job_submit.
(cherry picked from commit
7ea0c96fe47f3d1b753b5f6cf9591e70eacf502b)
David Disseldorp [Fri, 22 Jun 2012 16:49:50 +0000 (18:49 +0200)]
s3-torture: Use static printer for smbd spooler test
(cherry picked from commit
e0e0f30958f9cd4dbc8faba901216869bb6601e5)
David Disseldorp [Thu, 21 Jun 2012 13:49:55 +0000 (15:49 +0200)]
s3-printing: use euid for vlp job tracking
vlp can be called by print_run_command as root with euids set
appropriately, vlp should use this to track the job owner.
(cherry picked from commit
32584347e93e5ff219cce4dd8e13bf8b2868072c)
David Disseldorp [Thu, 9 Feb 2012 11:08:27 +0000 (12:08 +0100)]
s3-printing: fill print_generic sysjob id on job submission
Change the generic print backend to fill the printing backend job
identifier (sysjob) on submission of a new job.
This is needed to ensure correct mapping of spoolss jobs and entries in
the backend print queue.
This and the last 13 commits attempt to address bug 8719.
(cherry picked from commit
76c101c151303c6063623f5f72073e3af50c3eeb)
David Disseldorp [Wed, 8 Feb 2012 17:47:11 +0000 (18:47 +0100)]
s3-printing: pass lpq command to job_submit
Currently the generic print backend does not fill the printing backend
job identifier (sysjob) on submission of a new job. The sysjob
identifier is required to correctly map jobs in the printer queue to
corresponding spoolss print jobs.
Passing the lpq command to job_submit allows the generic print backend
to check the printer queue for the new job following submission. This
behaviour will come in a later commit.
(cherry picked from commit
7531533e797a2421b5b1a7b383fbddc70ccad34b)
David Disseldorp [Wed, 8 Feb 2012 16:03:06 +0000 (17:03 +0100)]
s3-printing: remove unused print_job_fname()
(cherry picked from commit
f831a9bdbdddd77c3e7ea7e5ae1653567ee12ceb)
David Disseldorp [Wed, 8 Feb 2012 16:57:02 +0000 (17:57 +0100)]
s3-printing: pass a talloc ctx to unpack_pjob
Rather than allocating the devicemode on a null context.
(cherry picked from commit
9ec5b7b9e2d8ac42e4172cbabb7a3b57c1f7ba39)
David Disseldorp [Wed, 8 Feb 2012 15:55:40 +0000 (16:55 +0100)]
s3-printing: return talloced print jobs
print_job_find() currently returns print jobs to callers via a
statically allocated variable, this is particularly messy as the
device mode is talloced under the static variable.
This change adds or passes a talloc context to all callers, giving them
ownership of the returned print job.
(cherry picked from commit
9d481ce29b1f47ffda2696862109eebfe942097c)
David Disseldorp [Wed, 8 Feb 2012 14:01:15 +0000 (15:01 +0100)]
s3-printing: clean up print_job_pause/resume interface
Currently both return a bool and sometimes set a werr pointer argument,
always return werror instead.
(cherry picked from commit
7ba7b3678cd505dc4ccef25b6fc4db7bd4cc3442)
David Disseldorp [Wed, 8 Feb 2012 12:45:40 +0000 (13:45 +0100)]
s3-printing: fix potential print db refcount leak
(cherry picked from commit
41d935744a03435337a90ab1477a7a54f96ca972)
David Disseldorp [Wed, 1 Feb 2012 12:21:04 +0000 (13:21 +0100)]
s3-spoolss: remove duplicate "." in smbd spooler path
(cherry picked from commit
df9a97b81f2a5520ed0ef79d9aeb3a014799e89c)
David Disseldorp [Mon, 30 Jan 2012 16:35:28 +0000 (17:35 +0100)]
s3-printing: remove print_parse_jobid()
With all callers fixed, it is now safe to remove.
(cherry picked from commit
bb3b4890c77bcf1c50f4f27f10e5f5812ae24a76)
David Disseldorp [Mon, 30 Jan 2012 15:05:21 +0000 (16:05 +0100)]
s3-printing: remove redundant variable set
(cherry picked from commit
bf00b2155bc3e42946a3b2c6b9f88606b77f4bc8)
David Disseldorp [Mon, 30 Jan 2012 12:35:21 +0000 (13:35 +0100)]
s3-printing: remove print_parse_jobid() calls from printing.c
In all cases the spoolss layer job id can be determinded from the
printing subsystem allocated job identifier (sysjob).
(cherry picked from commit
dd1a076efe8c2118827c04d8f276b85893888be7)
David Disseldorp [Fri, 27 Jan 2012 11:33:27 +0000 (12:33 +0100)]
s3-printing: rename queue->job sysjob
Print jobs maintain two job identifiers, the jobid allocated by the
spoolss layer (pj->jobid), and the job identifier defined by the
printing backend (pj->sysjob).
Printer job queues currently only contain a single job identifier
variable (queue->job), the variable is sometimes representative of the
spoolss layer job identifier, and more often representative of the
printing backend id.
This change renames the queue job identifier from queue->job to
queue->sysjob, in preparation for a change to only store the printing
backend identifier.
(cherry picked from commit
5aeda94f201ce8794d09f16a314b4044c5370f07)
David Disseldorp [Mon, 30 Jan 2012 12:44:33 +0000 (13:44 +0100)]
s3-printing: remove print_parse_jobid() from print_cups.c
The spoolss print job identifier is now passed to the cups layer via
struct printjob, therefore it is no longer necessary to parse the job
filename to determine it.
(cherry picked from commit
4dea77df91c418633a2a411fd5be2cc9bb3a8eea)
David Disseldorp [Thu, 26 Jan 2012 14:28:34 +0000 (15:28 +0100)]
s3-printing: store print jobid as part of struct printjob
Printing code in some places relies upon the spool-file format to
retrieve the print jobid. By storing the jobid as part of struct
printjob, and hence in the printing TDB, we can move away from this ugly
behaviour.
(cherry picked from commit
994da027ee96811e2d5a025b667d8c6f85442ada)
David Disseldorp [Thu, 21 Jun 2012 15:12:23 +0000 (17:12 +0200)]
torture: add test for smbd print job spooling
Clients can print by performing file IO on a printer share, rather than
issuing spoolss RPCs.
This commit attempts to reproduce bug 8719.
(cherry picked from commit
8b25aa4feb00c6b9a1a7e5fdd61ffffa9fc4d1f5)
Stefan Metzmacher [Wed, 27 Jun 2012 13:33:43 +0000 (15:33 +0200)]
s3:smb2_server: implement credit granting similar to windows
This makes it much easier to compare traces.
metze
(cherry picked from commit
648b959b13224105addaae483823bc422ed1cc21)
The last 10 patches address bug #9057 - SMB2 credit handling code has bugs.
(cherry picked from commit
8ce206519c34e95ec5222e50513dd253c673d11c)
Stefan Metzmacher [Wed, 27 Jun 2012 13:33:43 +0000 (15:33 +0200)]
s3:smb2_server: make sure sequence numbers don't wrap at UINT64_MAX
metze
(cherry picked from commit
82dc0b33b9af5094d78f3ecd855900e49c580343)
(cherry picked from commit
09e26d6a177d82d7b73e632956f912edfcb874bb)
Stefan Metzmacher [Wed, 27 Jun 2012 13:33:43 +0000 (15:33 +0200)]
s3:smb2_server: make sure we don't grant more credits than we allow
If the client hasn't consumed the lowest seqnum, but the distance
between lowest and highest seqnum has reached max credits.
In that case we should stop granting credits.
metze
(similar to commit
ee8ae459aea6879377b5510851a6dc673cf72aad)
(cherry picked from commit
c96dc10849c52cae7d3bfddce212a2595563081e)
Stefan Metzmacher [Tue, 26 Jun 2012 12:28:07 +0000 (14:28 +0200)]
s3:smb2_server: check the already granted credits like in the master branch
metze
Backport of: s3:smb2_server: check the credit_charge against the already granted credits
(similar to commit
4fe41c0bb14f6ae7e52aa7f180e66c7695eb6fa0)
(cherry picked from commit
c3559ee48fe3da59dba3b5afb69a45ef15475fa0)
Stefan Metzmacher [Mon, 25 Jun 2012 21:17:55 +0000 (23:17 +0200)]
s3:smb2_server: split out a smb2_validate_sequence_number() function
metze
(similar to commit
984fdaf9149d96d0d28600443981d87d13eb355c)
(cherry picked from commit
4391a14adca1c94016318b6890129f842b9ae1e7)
Stefan Metzmacher [Tue, 26 Jun 2012 06:08:37 +0000 (08:08 +0200)]
s3:smb2_server: clear sequence window if we got the lowest sequence id
Otherwise we'll never consume sequence id '0'.
metze
(similar to commit
d6e7a76461ad7582efa510676aa2bea230ea9f02)
(cherry picked from commit
d9d25dedad4b64d5562f451b645e2dfab89d8c13)
Stefan Metzmacher [Tue, 26 Jun 2012 07:12:44 +0000 (09:12 +0200)]
s3:smb2_server: fix calculation of the next bitmap_offset
metze
(similar to commit
bd6d415cae550e97e04830eecefa2881b497de89)
(cherry picked from commit
492f0878e49c141f31bb076c906c52131d7660ab)
Stefan Metzmacher [Tue, 26 Jun 2012 07:11:23 +0000 (09:11 +0200)]
s3:smb2_server: remove unused and confusing DEFAULT_SMB2_MAX_CREDIT_BITMAP_FACTOR
metze
(similar to commit
d1ee774ed0b4b3882b4b85da16d9bb9c082a0c49)
(cherry picked from commit
4bea48ff5a6c23818082b6b42401c72d892de51a)
Stefan Metzmacher [Mon, 25 Jun 2012 21:14:24 +0000 (23:14 +0200)]
s3:smb2_server: call smbd_smb2_request_validate() also in smbd_smb2_first_negprot()
We need to consume message_id 0, for SMB1 negprot starts.
metze
(cherry picked from commit
925994e42eba5b72ce605b68e8980adc1b5ecd83)
(cherry picked from commit
aa2965377a6156c74692829763f950f85a48f5f7)
Stefan Metzmacher [Tue, 26 Jun 2012 12:23:12 +0000 (14:23 +0200)]
s3:smb2_server: start the connection with one credit granted to the client
metze
(cherry picked from commit
0b8eac9b79197c4659a5738f1b9399b3c88f2f8d)
(cherry picked from commit
138535dfc528ed66295991d10d063dbfd1a78ced)
Volker Lendecke [Fri, 13 Jul 2012 06:38:07 +0000 (08:38 +0200)]
s3: Make us survive smb2.lock.rw-shared with aio enabled
schedule_aio_smb2_write can return NT_STATUS_FILE_LOCK_CONFLICT.
This is a valid error code that smb2.lock.rw-shared expects and
checks for. The code before this patch maps this to NT_STATUS_FILE_CLOSED,
masking the real, correct error message.
Fix bug #9040 - Using asynchronous IO with SMB2 can return NT_STATUS_FILE_CLOSED
in error instead ofNT_STATUS_FILE_LOCK_CONFLICT.
(cherry picked from commit
9c69a2359107b7c31feb03b9971e08645205e400)
Jeremy Allison [Wed, 11 Jul 2012 04:13:03 +0000 (21:13 -0700)]
Fix bug #9034 - Typo in set_re_uid() call when USE_SETRESUID selected in configure.
Previous code only set the real euid, not the effective one. This is not a security issue
as this is *only* used in the quota code, and only between code that brackets
it with save_re_uid()/restore_re_uid(), Also this is not used on most platforms
(we use USE_SETREUID by preference) but it's better to have this right.
(cherry picked from commit
ceed322622b46be3745b32a5f6a02e634bfe1789)
Stefan Metzmacher [Thu, 22 Dec 2011 13:20:32 +0000 (14:20 +0100)]
s3:vfs_gpfs: be less verbose in get/set_xattr functions
metze
Signed-off-by: Christian Ambach <ambi@samba.org>
(cherry picked from commit
2e95d8048b9e9c7025ddada7ede15494e6016ba9)
Fix bug #9022 - vfs_gpfs is very verbose in get/set_xattr functions.
(cherry picked from commit
3abaa9dd8a2af9497dfc6afd6f93a638956c1c3a)
Volker Lendecke [Fri, 22 Jun 2012 13:46:13 +0000 (15:46 +0200)]
s3-vfs_gpfs: Fix bug #9003, posix acl on gpfs
gpfs2smb_acl can leave errno!=0 around even if it returned a correct
result!=NULL. We can only rely on errno being set if another error
condition (in this case result==NULL) indicates an error. If
result!=NULL, errno is undefined and can be anything. This leads to
SAFE_FREE(result) further down even in the success case.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jun 22 19:27:39 CEST 2012 on sn-devel-104
(cherry picked from commit
e7b58146d8576ae8bf4eaf2ec1063fe7697e05b8)
(cherry picked from commit
bea2d3d007cef5643e863d2d4a80f0ea72461ec3)
Stefan Metzmacher [Tue, 19 Jun 2012 15:57:19 +0000 (17:57 +0200)]
s3:winbindd: don't turn negative cache entries into valid idmappings (bug #9002)
It's typical that some file operations set a NTACL, which tries
sid2uid() before sid2gid(), this will create a negative cache entry.
Negative SID2UID entries cause that a valid SID2GID mapping is ignored
and the group is ignored in the UNIX Token.
metze
(cherry picked from commit
65cc848fde9e383afa0c9eff78e66d6cd57aea18)
Stefan Metzmacher [Tue, 19 Jun 2012 15:57:19 +0000 (17:57 +0200)]
s3:passdb: don't turn negative cache entries into valid idmappings (bug #9002)
It's typical that some file operations set a NTACL, which tries
sid2uid() before sid2gid(), this will create a negative cache entry.
Negative SID2UID entries cause that a valid SID2GID mapping is ignored
and the group is ignored in the UNIX Token.
metze
(cherry picked from commit
e19d064b2a23ec083da06fa56af47be694152442)
Stefan Metzmacher [Thu, 24 May 2012 07:08:21 +0000 (09:08 +0200)]
s3:winbindd: do not expose negative cache idmap entries as valid mappings (bug #9002)
metze
(cherry picked from commit
a1a0babdbd89b229a9d539993c2ad3791b654952)