Stefan Metzmacher [Thu, 27 Aug 2009 11:16:15 +0000 (13:16 +0200)]
s3:netlogon: replace cred_hash3 by des_crypt112_16
This makes sure we don't truncate the session key to 8 bytes
Fixes bug #6664.
metze
(cherry picked from commit
570a8cf5bb6924905b3ad20353d1e7b0ca087748)
Volker Lendecke [Wed, 29 Jul 2009 08:30:52 +0000 (04:30 -0400)]
Fix unqualified "net join"
Kai, please check!
Fixes bug #6585.
Thanks,
Volker
(cherry picked from commit
d8543da9dad3286cd330b98374405edb9f976e77)
(cherry picked from commit
bf7d1758a77a462d9b30cc2549a960736884ee32)
(cherry picked from commit
9509763346de5e587a098a90e33a5e38d6d00a78)
Günther Deschner [Thu, 6 Aug 2009 15:17:26 +0000 (17:17 +0200)]
s3-ldap: Fix Bug #5879. Update LDAP schema for Netscape DS 5.
Patch from TAKEDA Yasuma <yasuma@osstech.co.jp>.
Guenther
(cherry picked from commit
9fa042bb9f71057fc869e37d4cc180e8a772b1bb)
(cherry picked from commit
a01f0a4025d382c1bc82f4992ea4566db4df3818)
Stefan Metzmacher [Tue, 11 Aug 2009 09:17:14 +0000 (11:17 +0200)]
s3:winbindd: raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds.
metze
(cherry picked from commit
1e1445bc7672b17a1d689fa0f0732b05b6e04da5)
Fixes bug #6627.
(cherry picked from commit
8d57806544dade748aaac9cc493deb75d4e95735)
Michael Adam [Fri, 26 Jun 2009 12:09:10 +0000 (14:09 +0200)]
s3:passdb: fix bug #6509: use gid (not uid) cache in fetch_gid_from_cache().
With the previous code, the cache can never have been hit at all.
Michael
(cherry picked from commit
c70d54508e1cb8f5edbad02a632dfd52d65fd699)
Bo Yang [Fri, 7 Aug 2009 06:58:36 +0000 (14:58 +0800)]
s3: Unable to browse DFS when using kerberos in libsmbclient
Signed-off-by: Bo Yang <boyang@samba.org>
Fixes bug #6615.
(cherry picked from commit
40da23b6a7dc7acfbdf76a6808b7e50c6c39093e)
Karolin Seeger [Thu, 6 Aug 2009 08:06:29 +0000 (10:06 +0200)]
s3/smbldap: Fix typo in debug message.
Karolin
(cherry picked from commit
54dffbea663ecf4542d6c5e30da6e346d5d60424)
(cherry picked from commit
2538df1ea3229ea6d8242b5ae6fdd3d453395609)
Jeremy Allison [Mon, 18 May 2009 21:26:37 +0000 (14:26 -0700)]
Fix SAMR server for winbindd access. Ensure we allow MAX_ACCESS to be mapped to what we're giving Everyone. Jeremy.
Fixes bug #6504.
(cherry picked from commit
4e854cb52cfb4f3c25c92324c6e7505f1c8290b3)
Yannick Bergeron [Thu, 30 Jul 2009 23:31:24 +0000 (19:31 -0400)]
Increase the max_grp value to 128 (AIX NGROUPS_MAX value) instead of 32 to allow AIX to call sys_getgrouplist only once
(cherry picked from commit
c3e12444f57e24dcd6c9259537ed0489db4658e9)
(cherry picked from commit
2666b3e27444ffcad3afc21e276f189ac238433f)
(cherry picked from commit
1da21f70ec4cebb7ee523dda8abf4100584901f8)
Karolin Seeger [Mon, 3 Aug 2009 08:19:45 +0000 (10:19 +0200)]
s3/docs: Fix typos.
Thanks to OPC oota <t-oota@dh.jp.nec.com> for reporting!
Karolin
(cherry picked from commit
7ee7ec3fdba2ef6a6cc3e1f96a5d2154290cdb18)
(cherry picked from commit
c94d3183a8e4c7e03c0dd2771cb7b9f4665198ce)
(cherry picked from commit
1310ba934b87b804f435cef2c21e6e65590e4a83)
Jeremy Allison [Wed, 30 Sep 2009 12:27:26 +0000 (14:27 +0200)]
Fix for CVE-2009-2906.
Summary:
Specially crafted SMB requests on
authenticated SMB connections can send smbd
into a 100% CPU loop, causing a DoS on the
Samba server.
Karolin Seeger [Wed, 30 Sep 2009 11:55:06 +0000 (13:55 +0200)]
WHATSNEW: Update release notes.
Karolin
Jeremy Allison [Mon, 28 Sep 2009 11:44:12 +0000 (13:44 +0200)]
Fix for CVE-2009-2813.
===========================================================
== Subject: Misconfigured /etc/passwd file may share folders unexpectedly
==
== CVE ID#: CVE-2009-2813
==
== Versions: All versions of Samba later than 3.0.11
==
== Summary: If a user in /etc/passwd is misconfigured to have
== an empty home directory then connecting to the home
== share of this user will use the root of the filesystem
== as the home directory.
===========================================================
Jeff Layton [Fri, 25 Sep 2009 11:01:59 +0000 (07:01 -0400)]
mount.cifs: don't leak passwords with verbose option
When running mount.cifs with the --verbose option, it'll print out the
option string that it passes to the kernel...including the mount
password if there is one. Print a placeholder string instead to help
ensure that this info can't be used for nefarious purposes.
Also, the --verbose option printed the option string before it was
completely assembled anyway. This patch should also make sure that
the complete option string is printed out.
Finally, strndup passwords passed in on the command line to ensure that
they aren't shown by --verbose as well. Passwords used this way can
never be truly kept private from other users on the machine of course,
but it's simple enough to do it this way for completeness sake.
Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve French <sfrench@us.ibm.com>
Part 2/2 of a fix for CVE-2009-2948.
Jeff Layton [Fri, 25 Sep 2009 11:00:18 +0000 (07:00 -0400)]
mount.cifs: check access of credential files before opening
It's possible for an unprivileged user to pass a setuid mount.cifs a
credential or password file to which he does not have access. This can cause
mount.cifs to open the file on his behalf and possibly leak the info in the
first few lines of the file.
Check the access permissions of the file before opening it.
Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve French <sfrench@us.ibm.com>
Part 1/2 of a fix for CVE-2009-2948.
Karolin Seeger [Mon, 28 Sep 2009 11:39:23 +0000 (13:39 +0200)]
WHATSNEW: Prepare release notes for 3.3.8.
Karolin
Karolin Seeger [Thu, 24 Sep 2009 12:28:54 +0000 (14:28 +0200)]
Raise version up to 3.3.8.
Karolin
Karolin Seeger [Tue, 28 Jul 2009 08:26:59 +0000 (10:26 +0200)]
WHATSNEW: Remove major enhancements.
There are not that much bugs that have been fixed for that release and it's a
bit difficult to determine major ones...
Karolin
(cherry picked from commit
7ac712fc96c2557a8ca51d5bf67957eb6861a21c)
Karolin Seeger [Mon, 27 Jul 2009 14:21:16 +0000 (16:21 +0200)]
WHATSNEW: Start WHATSNEW for 3.3.7.
Karolin
(cherry picked from commit
b280a2fee579fe1a999617c8e01b079e5e989c9d)
Karolin Seeger [Mon, 27 Jul 2009 13:56:02 +0000 (15:56 +0200)]
VERSION: Raise version number up to 3.3.7.
Karolin
(cherry picked from commit
fe911ee58b5c0b0c6c9c23bee8d10bbf53f5a90b)
Michael Adam [Mon, 27 Jul 2009 12:09:39 +0000 (14:09 +0200)]
docs: fix typos in the net man page.
Noted by Oota Toshiya <t-oota@dh.jp.nec.com> .
Michael
(cherry picked from commit
4d25298b133279c0918e0663cf2fd59f7e11672f)
Bo Yang [Sat, 18 Jul 2009 06:23:24 +0000 (14:23 +0800)]
handling upn
lookupname failed, cannot find domain when attempt
to change password.
This addresses bug #6560.
Signed-off-by: Bo Yang <boyang@samba.org>
(cherry picked from commit
830c4da460bcad919421acf9d537cf577b231de7)
Stefan Metzmacher [Tue, 30 Jun 2009 14:03:11 +0000 (16:03 +0200)]
s3:util: let parent_dirname() correctly return toplevel filenames
metze
(cherry picked from commit
a14efbadd53ac9678d75e6029f947d63cfa0c4e5)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This addresses bug #6526.
(cherry picked from commit
58f449318dd07240c60513559cf682aa243d3e4c)
Jeremy Allison [Thu, 2 Jul 2009 06:37:59 +0000 (08:37 +0200)]
Fix bug #6520 time stamps.
E.g. last mod time is not preserved when "unix extensions=yes" are set - and u
Cancel out any pending "sticky" writes or "last write" changes when
doing a UNIX info level set.
Jeremy.
(cherry picked from commit
5b03af33ad45368bea7cf6cabc91f62e2503de99)
Matt Kraai [Wed, 1 Jul 2009 06:18:11 +0000 (08:18 +0200)]
s3/docs: Fix typo.
This fixes bug #6519.
(cherry picked from commit
4fb1f8e8fe46b3e77c06612ac3fc3d67cf650a11)
(cherry picked from commit
39bfcc5d50892ad0c387f0ca3932e961e77fdc39)
(cherry picked from commit
408cc7ec9f4119aa9a768474152a83ef796309a9)
Jim McDonough [Mon, 29 Jun 2009 13:42:35 +0000 (09:42 -0400)]
Don't require "Modify property" perms to unjoin (bug #6481) "net ads leave" stopped working when "modify properties" permissions were not granted (meaning you had to be allowed to disable the account that you were about to delete).
Libnetapi should not delete machine accounts, as this does not
happen on win32. The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag
really means "disable" (both in practice and docs).
However, to keep the functionality in "net ads leave", we
will still try to do the delete. If this fails, we try
to do the disable.
Additionally, it is possible in windows to not disable or
delete the account, but just tell the local machine that it
is no longer in the account. libnet can now do this as well.
Don't use ads realm name for non-ads case. #6481
Also check that the connection to ads worked.
(cherry picked from commit
6f9ed71a87e4ed5665ee8999ebf987e2165629c6)
Günther Deschner [Mon, 29 Jun 2009 13:27:13 +0000 (15:27 +0200)]
s3-test: add RPC-SAMR-MACHINE-AUTH to list of tests to run against s3.
Guenther
(cherry picked from commit
99f68c7b1c527bc39acd0f9db15f65ce087c5dca)
Volker Lendecke [Tue, 16 Jun 2009 09:51:11 +0000 (11:51 +0200)]
s3/lanman: Workaround for KB932762.
This addresses bug #6498.
(cherry picked from commit
a702dea5a86f22e0b7857b67447152a06b3bbea2)
(cherry picked from commit
aa769edfcef6937927201f765509c10b60764817)
Björn Jacke [Sat, 4 Apr 2009 09:21:01 +0000 (11:21 +0200)]
s3:configure: "test" only takes one "=" (cherry picked from commit
ddd37c2b235eb03ddb438ebb2cdd14dd67f867f3)
This fixes bug #6497.
(cherry picked from commit
bcb3a4746710cb4e2800010c23b6e810c78e603d)
Karolin Seeger [Fri, 19 Jun 2009 13:23:22 +0000 (15:23 +0200)]
s3/docs: Fix typo.
This fixes bug #6412.
Thanks to Carsten Dumke <carsten [at] cdumke.de> for reporting!
Karolin
(cherry picked from commit
4ad43a21344b43f1c9fe459165098bcab1695711)
(cherry picked from commit
84750d556d0a42b5d8b134308311e2cb9a533b58)
(cherry picked from commit
304c25a518aba988c3d36e78f6a8416a340b3b33)
Günther Deschner [Wed, 13 May 2009 13:17:46 +0000 (15:17 +0200)]
s3-net: Fix bug 6340: don't segfault when cleartext trustdom pwd could not be retrieved.
Guenther
(cherry picked from commit
b4fe7ad41953c2c60bf9333cff4a5e83fcbe582e)
Jeremy Allison [Fri, 19 Jun 2009 08:10:13 +0000 (10:10 +0200)]
Fix bug #6487: Missing DFS call in trans2 mkdir call. (cherry picked from commit
1a0005e1c508cf3b170d1c7e43b94a47b2820506)
(cherry picked from commit
133cdb46be154eeceb080fa9db88a38d9f87c919)
Günther Deschner [Tue, 5 May 2009 10:54:21 +0000 (12:54 +0200)]
s3-pam_winbind: Fix Bug 6253: Use correct value for password expiry calculation.
Based on patch from Blindauer Emmanuel <samba@mooby.net>.
Guenther
(cherry picked from commit
3815e87f1ffea44c4d76e6c2515ff4894f6896c9)
Günther Deschner [Mon, 11 May 2009 16:27:40 +0000 (18:27 +0200)]
s3-lsa: Fix _lsa_LookupNames2() server implementation which always returned a NULL sid_array since 3.2.0.
Found by torture test.
This makes it possible to search for users while adding them to groups via
windows usermanager.
Fixes bug #6484.
Guenther
(cherry picked from commit
0cfe59f1b580371f445b50151ceae5aef02bf0c4)
Jeremy Allison [Thu, 18 Jun 2009 09:53:52 +0000 (11:53 +0200)]
Fix bug #6476 - more then 3000 smbd-zombies in memory
We weren't reaping children in the [x]inetd case.
Jeremy.
(cherry picked from commit
7e51314f2e18241876b049642fcb133df7e44c70)
Karolin Seeger [Thu, 18 Jun 2009 07:32:10 +0000 (09:32 +0200)]
s3/docs: Add documentation for 'net sam rights'.
This is part of a fix for bug #6328.
Karolin
(cherry picked from commit
a5a31512de9d9b9ed7eed906487dd154fde7e483)
Karolin Seeger [Wed, 17 Jun 2009 13:21:24 +0000 (15:21 +0200)]
Revert "s3/packaging: source -> source3"
This reverts commit
646d465780fd0afea2454cf2e1c732c39a93491e.
Pushed by accident...
(cherry picked from commit
8cf6e03e9ebffa759a2a66339124492ef3e8d26f)
Karolin Seeger [Wed, 17 Jun 2009 13:19:20 +0000 (15:19 +0200)]
s3/packaging: pam_winbind has been moved to section 8.
Karolin
(cherry picked from commit
13494c0f8f9459c51b520a7cf60790e9e2f475b4)
(cherry picked from commit
3c44cd7a10948454fea58f521164fdbe7e20d959)
Karolin Seeger [Wed, 17 Jun 2009 13:18:16 +0000 (15:18 +0200)]
s3/packaging: source -> source3
Karolin
(cherry picked from commit
6098be34ba62b96908e6dfe7a9d63519cee6a5af)
(cherry picked from commit
646d465780fd0afea2454cf2e1c732c39a93491e)
Günther Deschner [Tue, 16 Jun 2009 13:00:20 +0000 (15:00 +0200)]
s3-netapi: Fix Bug #6451: net/libnetapi user rename using wrong access bits.
Guenther
(cherry picked from commit
29b8e08b83eeb0ab7d33bf46981cdbad8c35dc9b)
(cherry picked from commit
adecea9ce358e30d1b3847f3931479e6f7b42592)
Jeremy Allison [Sat, 30 May 2009 20:28:03 +0000 (13:28 -0700)]
Fix bug #6421 - POSIX read-only open fails on read-only shares. The change to smbd/trans2.c opens up SETFILEINFO calls to POSIX_OPEN only. The change to first smbd/open.c closes 2 holes that would have been exposed by allowing POSIX_OPENS on readonly shares, and their ability to set arbitrary flags permutations. The O_CREAT -> O_CREAT|O_EXCL change removes an illegal combination (O_EXCL without O_CREAT) that previously was being passed down to the open syscall. Jeremy.
(cherry picked from commit
79f26472b4ae561ec00c30f31dd63ccab6dfc0c4)
Karolin Seeger [Wed, 17 Jun 2009 08:23:21 +0000 (10:23 +0200)]
s3/libsmb: Fix typo in error message.
Thanks to Herb Lewis <hlewis [at] panasas.com> for noticing!
Karolin
(cherry picked from commit
095f66b0ed74d4b5c7561ca05bbfdf33f60d0600)
(cherry picked from commit
eb3889c8b745023bfd7956bfcd961adbe78b6cea)
Karolin Seeger [Tue, 23 Jun 2009 09:35:13 +0000 (11:35 +0200)]
VERSION: Raise version number up to 3.3.6.
Karolin
Karolin Seeger [Tue, 23 Jun 2009 09:33:44 +0000 (11:33 +0200)]
WHATSNEW: Update changes since 3.3.5.
Karolin
Jeremy Allison [Fri, 19 Jun 2009 09:00:41 +0000 (11:00 +0200)]
Bug 6488: acl_group_override() call in posix acls references an uninitialized variable.
(cherry picked from commit
f92195e3a1baaddda47a5d496f9488c8445b41ad)
Karolin Seeger [Tue, 16 Jun 2009 09:49:54 +0000 (11:49 +0200)]
s3/docs: Fix typo.
Karolin
(cherry picked from commit
6e45c21384b8845422967ff1fa46e48de9fee1ab)
Karolin Seeger [Mon, 15 Jun 2009 13:08:43 +0000 (15:08 +0200)]
WHATSNEW: Fix typo.
Karolin
(cherry picked from commit
acde34bc7d5b038f5965acc0fccaff6f7658f3d5)
Karolin Seeger [Mon, 15 Jun 2009 12:31:04 +0000 (14:31 +0200)]
WHATSNEW: Update changes since 3.3.4.
Karolin
(cherry picked from commit
80e7638aed61cc908e7d658d208d1925ff16247c)
Andreas Schneider [Mon, 15 Jun 2009 10:22:58 +0000 (12:22 +0200)]
Fix the section of the pam_winbind manpage.
Signed-off-by: Andreas Schneider <mail@cynapses.org>
(cherry picked from commit
2f2ef4afae99eadb2b546319aa915f6391acce40)
Andreas Schneider [Mon, 15 Jun 2009 10:21:07 +0000 (12:21 +0200)]
Move pam_winbind to the right manpage section (8).
Signed-off-by: Andreas Schneider <mail@cynapses.org>
(cherry picked from commit
59ab1574e41993d24733affbca07d3f7da245fc7)
(cherry picked from commit
d547aab1511c72e1cab034e2945f6ad63bda6659)
(cherry picked from commit
c9b89676983c5fd0ec12df121fc5d9e06facdd80)
Andreas Schneider [Mon, 15 Jun 2009 10:16:49 +0000 (12:16 +0200)]
Dcoument the PAM data exports in the pam_winbind manpage.
Signed-off-by: Andreas Schneider <mail@cynapses.org>
(cherry picked from commit
1809ff4b2339bd3066532abccea0944da45edf64)
(cherry picked from commit
5d2dfba6d1699c6e417cc21233a1cc871f3c0ad1)
(cherry picked from commit
282682c989a8008de5f8d30c48c9a740b315a230)
Andreas Schneider [Mon, 15 Jun 2009 10:16:15 +0000 (12:16 +0200)]
Document the try_first_pass option in the pam_winbind manpage.
Signed-off-by: Andreas Schneider <mail@cynapses.org>
(cherry picked from commit
779eea49de3f53040fe792de4b74b73a0c51ecb3)
(cherry picked from commit
24d6f697844bc85a03c047e5470abcfdd53735a2)
(cherry picked from commit
2ed85b0ebfc50cad847050cc6b5269c470956ea3)
Andreas Schneider [Mon, 15 Jun 2009 10:15:26 +0000 (12:15 +0200)]
Add a synopsis section to the pam_winbind manpage.
Signed-off-by: Andreas Schneider <mail@cynapses.org>
(cherry picked from commit
24f9f32fedb92f881658db856db15173e57af0bd)
(cherry picked from commit
55df96313c5b966f41b0b5c426cf6a420cafa855)
(cherry picked from commit
f738862d9f419fec27c9fb15c880a452aff333d9)
Jeremy Allison [Mon, 15 Jun 2009 08:43:27 +0000 (10:43 +0200)]
Revert the extra SAMR and LSA checks.
These were added between 3.2.4 and 3.2.5 that have caused users problems.
This fixes among others bug #6089 and #6112.
(cherry picked from commit
bd2f3695c117773032e16958a0266d0d1e75defe)
Karolin Seeger [Mon, 15 Jun 2009 06:33:22 +0000 (08:33 +0200)]
s3/libsmb: Fix debug message.
This fixes bug #6472.
Karolin
Signed-off-by: Volker Lendecke <vl@samba.org>
Was commit
f92269a6 in master.
(cherry picked from commit
7108ebb87902f3b5d2c43ba95d557278ad8e120f)
Jeremy Allison [Fri, 12 Jun 2009 13:41:20 +0000 (15:41 +0200)]
Fix bug #6297 - owner of sticky directory cannot delete files created by others. The reason we couldn't delete was we were erroring out early if requestor was not the owner of the file we wanted to delete, instead of checking if the requestor owned the directory as well. If either of these is true, we must go on and check the ACL. Karolin, this is a must for 3.4.0 and also 3.3.next. I'll update the bug report with patches for 3.4.0 and 3.3.next and ask vl to review. Jeremy.
(cherry picked from commit
966a51da8998cfd15875ba047b7f765c84b914dd)
Karolin Seeger [Fri, 12 Jun 2009 08:15:51 +0000 (10:15 +0200)]
WHATSNEW: Attach older 3.3 release notes.
Karolin
(cherry picked from commit
adbba72c332b59f4ffe87cb25c5ec7f8d90148dc)
Günther Deschner [Sun, 7 Jun 2009 09:23:09 +0000 (11:23 +0200)]
s3-groupdb: fix enum_aliasmem in ldb branch.
It is totally valid to have an alias with no members.
This fixes bug #6465.
Tridge, please check.
Found by RPC-SAMR torture test.
Guenther
(cherry picked from commit
d7b749b056a667f0b180d6d5198faca9b0a69fea)
Günther Deschner [Thu, 11 Jun 2009 22:46:38 +0000 (00:46 +0200)]
s3-docs: Fix Bug #4280. Shutdown scripts are called as root for privileged users.
GUenther
(cherry picked from commit
3938d1e5fa1996f64e92d33d6893bab620d16b23)
(cherry picked from commit
0491f038403036814acf6eacc7bb742345bbe27b)
(cherry picked from commit
d4b57dab0beada704fcbeae86ae5b5dd257030a0)
Karolin Seeger [Wed, 10 Jun 2009 15:25:07 +0000 (17:25 +0200)]
VERSION: Raise version number up to 3.3.5.
Karolin
(cherry picked from commit
48b5d16c39b60c0fb6db60780bc36eaa8ef2506c)
Karolin Seeger [Wed, 10 Jun 2009 15:16:42 +0000 (17:16 +0200)]
WHATSNEW: Update changes since 3.3.4.
Karolin
(cherry picked from commit
95550d2e69848089172c00798b9b50ea4e56dd48)
Karolin Seeger [Wed, 10 Jun 2009 06:39:35 +0000 (08:39 +0200)]
s3/docs: Fix typos.
Fix typos reported by OPC oota <t-oota [at] dh.jp.nec.com>.
Thanks!
Karolin
(cherry picked from commit
ad0d8032068fc9b920e205d3f5f923174101d777)
(cherry picked from commit
b7d54f443ade79d3f2b71aa138fd5254754bb750)
(cherry picked from commit
cec179962a833771b9fdba3ba747b571ef27ace6)
Volker Lendecke [Mon, 8 Jun 2009 08:05:11 +0000 (10:05 +0200)]
Further fix for 6449
Thanks to TAKAHASHI Motonobu <monyo@samba.gr.jp> for reporting!
(cherry picked from commit
aa03326fe523e9bc85e6db276f94e9d04aaf009d)
Volker Lendecke [Mon, 8 Jun 2009 07:45:21 +0000 (09:45 +0200)]
Fix bug 6449
Thanks to TAKAHASHI Motonobu <monyo@samba.gr.jp> for reporting!
(cherry picked from commit
a956e36ceb22072cd4ea755ce9b4457896af4b14)
Volker Lendecke [Sat, 6 Jun 2009 19:43:53 +0000 (21:43 +0200)]
Fix bug 6441 -- fix the compile with --enable-dnssd
The server side of dnssd has been replaced with native avahi support. The code
is only left in in case some OS/X fan wants to revive it, and the client-side
has not been converted yet.
Fix the build of the server side by removing the #ifdef
(cherry picked from commit
8b8336a115b73eb99cd1f9a8d1286df713ec53c3)
Karolin Seeger [Sat, 6 Jun 2009 13:56:47 +0000 (15:56 +0200)]
s3/docs: Fix example.
The 'ldap suffix' is not added automatically to the 'ldap admin dn'.
This fixes bug #5584.
Thanks to Stefan Bauer <stefan.bauer [at] plzk.de> for reporting!
Karolin
(cherry picked from commit
0fee798552038b730b0107540d6cfeb475803555)
(cherry picked from commit
629e7aa91a33a5428676d8f6eeac19ea9fec14d6)
(cherry picked from commit
01acd8d9277362ae3c0e92963f66e7af3202b84d)
Volker Lendecke [Thu, 12 Mar 2009 16:23:17 +0000 (17:23 +0100)]
Fix bug 6157
This patch picks the alphabetically smallest one of the multi-value attribute
"uid". This fixes a regression against 3.0 and also becomes deterministic.
(cherry picked from commit
47333fc8785457239a499a298536664f152b681d)
Karolin Seeger [Sat, 6 Jun 2009 13:10:08 +0000 (15:10 +0200)]
s3/passdb: Fix debug message: 'net setmaxrid' does not exist.
This is aiming bug #6351.
Karolin
(cherry picked from commit
c94d1cd7b1dc3ff99ae5a1eb9058ed6015fb9749)
(cherry picked from commit
11ed212591d612632fcb47f1eac10507b89ffdec)
Günther Deschner [Mon, 25 May 2009 12:05:18 +0000 (14:05 +0200)]
s3-samr: Fix Bug #6372, usermanager only displaying 1024 groups and aliases.
This is now also verified with the RPC-SAMR-LARGE-DC test.
Guenther
(cherry picked from commit
fca7dce1a908570e463ddcbd663955fcafd1d843)
(cherry picked from commit
f3bf1eebe1cb74aa9ed2d00b823c90c6ed743980)
Karolin Seeger [Fri, 5 Jun 2009 13:35:05 +0000 (15:35 +0200)]
Jeremy Allison [Sat, 30 May 2009 09:30:16 +0000 (11:30 +0200)]
Simplify the dropbox patch
(cherry picked from commit
f9ea09b61a46136fc55314e2e1cd2e9cfb362802)
Volker Lendecke [Wed, 13 May 2009 13:46:35 +0000 (15:46 +0200)]
Re-Add the "dropbox" functionality with -wx rights on a directory
(cherry picked from commit
f586b209b0216150f07bcc998c0d57e0d179b8ee)
Karolin Seeger [Fri, 29 May 2009 07:49:49 +0000 (09:49 +0200)]
s3/docs: Fix typo.
This fixes bug #4341.
Thanks to Michael Cartmell <michael.cartmell [at] thomson.com> for reporting!
Karolin
(cherry picked from commit
2228cc6a0f942b774bef7fb0b99009897fa4dff4)
(cherry picked from commit
e1b1f14e0260395a8d452ea0a129bcc9bb3f98cc)
(cherry picked from commit
de156e6ee292ad7fc683d681d7c4b44edba67626)
Michael Adam [Wed, 27 May 2009 17:12:28 +0000 (19:12 +0200)]
s3:idmap_tdb: filter out of range mappings in default idmap config
This fixes bug #6415
Michael
(cherry picked from commit
3d3f39838261ddc401053dadcc5bd8e6317a3a8e)
(cherry picked from commit
307c73ce8bc29803230c22e3f8abd579c5d90ba2)
Michael Adam [Wed, 27 May 2009 17:25:44 +0000 (19:25 +0200)]
s3:idmap_ldap: filter out of range mappings in default idmap config
This fixes bug #6417
Michael
(cherry picked from commit
e381c13b023f2b512b3f6aec133db9f323bc8132)
(cherry picked from commit
06cab60eb0ba966174f493fcbe25bede0c5d2125)
Michael Adam [Wed, 27 May 2009 17:24:03 +0000 (19:24 +0200)]
s3:idmap_tdb2: filter out of range mappings in default idmap config
This fixes bug #6416
Michael
(cherry picked from commit
e12670a1053edf57af137026bd3fdb9fc7dfb0b2)
(cherry picked from commit
a74cb0ca04d61df6f01f3d737e52a8b7349d5a73)
Marc VanHeyningen [Tue, 5 May 2009 22:07:40 +0000 (22:07 +0000)]
s3: zero an uninitialized array
Invalid pointers were being dereferenced in lookup_sids causing
occasional seg faults.
Signed-off-by: Tim Prouty <tprouty@samba.org>
(cherry picked from commit
34ca12c9396f7c8475cd1525bdbc40021b0e533f)
Karolin Seeger [Wed, 27 May 2009 16:10:49 +0000 (18:10 +0200)]
s3/docs: Correct version number.
Karolin
(cherry picked from commit
7e4682d0b54ba85c7366e7232b148a594718f7cf)
Volker Lendecke [Sun, 24 May 2009 16:57:13 +0000 (18:57 +0200)]
Fix a race condition in winbind leading to a panic
In winbind, we do multiple events in one select round. This needs fixing, but
as long as we're still using it, for efficiency reasons we need to do that.
What can happen is the following: We have outgoing data pending for a client,
thus
state->fd_event.flags == EVENT_FD_WRITE
Now a new client comes in, we go through the list of clients to find an idle
one. The detection for idle clients in remove_idle_client does not take the
pending data into account. We close the socket that has pending outgoing data,
the accept(2) one syscall later gives us the same socket.
In new_connection(), we do a setup_async_read, setting up a read fde. The
select from before however had found the socket (that we had already closed!!)
to be writable. In rw_callback we only want to see a readable flag, and we
panic in the SMB_ASSERT(flags == EVENT_FD_READ).
Found using
bin/smbtorture //127.0.0.1/tmp -U% -N 500 -o 2 local-wbclient
Volker
(commit
68c5c6df in master)
(cherry picked from commit
c9df9c68da21610d9c32a57e24f45d36ebe432c5)
Karolin Seeger [Mon, 25 May 2009 08:50:23 +0000 (10:50 +0200)]
s3/docs: Fix typos.
Thanks to Oota Toshiya <t-oota at dh.jp.nec.com> for reporting!
Karolin
(cherry picked from commit
f3df38362cc15211d9fca8229a0f9d9fc9c8e481)
(cherry picked from commit
7434898b10a5c5780bd015b7bdca3eaa7a2b5475)
Volker Lendecke [Wed, 20 May 2009 15:45:47 +0000 (17:45 +0200)]
Fix bug 6382: Case insensitive access to DFS links broken
(cherry picked from commit
fda54237e8a4a87086a670499273c1402d1cd02b)
Karolin Seeger [Tue, 19 May 2009 11:42:16 +0000 (13:42 +0200)]
s3/docs: Fix shutdown script example.
This fixes bug #5897. Thanks to TAKAHASHI Motonobu
<monyo [at] samba.gr.jp> for reporting and providing the example!
Karolin
(cherry picked from commit
f741b90ee8f74077871a0b5d1df55c0dd34a313f)
(cherry picked from commit
1653bbf50b02e4f4dc2f01c5dab32c1cc4894582)
Jeremy Allison [Thu, 7 May 2009 19:53:31 +0000 (12:53 -0700)]
s3-auth: use full 16byte session key in make_user_info_netlogon_interactive().
Patch from Jeremy.
With this patch, I was able to join Windows 7 RC to a Samba3 DC, and login into a
Samba 3 Domain.
There are still two registry settings required:
HKLM\System\CCS\Services\LanmanWorkstation\Parameters
DWORD DomainCompatibilityMode = 1
DWORD DNSNameResolutionRequired = 0
Do *not* modify the other netlogon registry parameters that were passed around,
they weaken security.
Guenther / Jeremy.
(cherry picked from commit
0da133101ab149b074ab369d819fc48b7c95bf71)
Guenther Deschner [Thu, 7 May 2009 19:53:00 +0000 (12:53 -0700)]
s3-credentials: protect netlogon_creds_server_step() against NULL creds.
Found by SCHANNEL torture tests.
Guenther
(cherry picked from commit
339b99e31577d8a522711f84bc7d94e88c75d334)
Jeremy Allison [Thu, 7 May 2009 19:52:35 +0000 (12:52 -0700)]
After getting confirmation from Guenther, add 3 changes we'll ultimately need to fix bug #6099 Samba returns incurrate capabilities list. 1). Add a comment to point out that r->in.negotiate_flags is an aliased pointer to r->out.negotiate_flags. 2). Ensure we return NETLOGON_NEG_STRONG_KEYS in our flags return if the client requested it. 3). Clean up the error exits so we always return the same way. Signed off by Guenther. Jeremy.
(cherry picked from commit
41f9e61d7c8c106a98792e9009bbecf5edfcebe9)
Guenther Deschner [Thu, 7 May 2009 19:52:10 +0000 (12:52 -0700)]
s3-netlogon: Fix NETLOGON credential chain. Fixes Bug #6099 (Windows 7 joining Samba3) and probably many, many more.
Jeremy, with
9a5d5cc1db0ee60486f932e34cd7961b90c70a56 you alter the in negotiate
flags (which are a pointer to the out negotiate flags assigned in the generated
netlogon server code). So, while you wanted to just set the *out* negflags, you
did in fact reset the *in* negflags, effectively eliminating the
NETLOGON_NEG_STRONG_KEYS bit (formerly known as NETLOGON_NEG_128BIT) which then
caused creds_server_init() to generate 64bit creds instead of 128bit, causing
the whole chain to break. *Please* check.
Guenther
(cherry picked from commit
1f05472b9a27861f8e4b9b60410890b920f9d359)
Volker Lendecke [Fri, 15 May 2009 19:02:08 +0000 (21:02 +0200)]
Fix bug 6361: Make --rcfile work in smbget
Thanks to j scott <gl@arlut.utexas.edu> for reporting!
(cherry picked from commit
2238f7eede55fe780630df70b712fad7ebc95c76)
Volker Lendecke [Wed, 15 Apr 2009 11:01:09 +0000 (13:01 +0200)]
Do not use the file system GET_REAL_FILENAME for mangled names
(cherry picked from commit
5ed457f984c093642afde854715b3792524e0798)
Karolin Seeger [Fri, 15 May 2009 13:25:30 +0000 (15:25 +0200)]
Revert "Do not use the file system GET_REAL_FILENAME for mangled names"
This reverts commit
5a5dcd125fe236ddd93a6e56ae361fc84e306185.
(cherry picked from commit
79003837947882c4a62490c0eff7984f7c343807)
Björn Jacke [Thu, 7 May 2009 15:50:34 +0000 (17:50 +0200)]
s3/ldap: also handle DirX return codes
this is a backport of
f238809d236443b8968e1b4b197a55935c7c7e85 from master
(cherry picked from commit
1b040289f14bb22d3b6ab07a452236549d6c9bf6)
Michael Adam [Wed, 6 May 2009 00:08:33 +0000 (02:08 +0200)]
s3:loadparm: handle registry config source in file_list - fixes bug #6320
I.e. does not require smbd restart after changing share default options
in the global registry section with "include = registry".
Michael
This was commit
4842e45d59 in master.
(cherry picked from commit
a72e409bd1b9a9d91bd7311417d7175a64aa39b0)
Stefan Metzmacher [Fri, 8 May 2009 12:33:49 +0000 (14:33 +0200)]
s3:smbd: fix posix acls when setting an ACL without explicit ACE for the owner (bug#2346)
The problem of bug #2346 remains for users exported by
winbindd, because create_token_from_username() just fakes
the token when the user is not in the local sam domain. This causes
user_in_group_sid() to give totally wrong results.
In uid_entry_in_group() we need to check if we already
have the full unix token in the current_user struct.
If so we should use the current_user unix token,
instead of doing a very complex user_in_group_sid()
which doesn't give reliable results anyway.
metze
(cherry picked from commit
b79eff843be392f3065e912edca1434081d93c44)
(cherry picked from commit
cb5c72c0a05a78ff1b86eb02cf5ecd3d7d69623d)
Jeremy Allison [Fri, 8 May 2009 18:31:34 +0000 (11:31 -0700)]
Fix bug #6330 - DFS doesn't work on AIX. Jeremy.
This was commit
3d6f4a7af in master.
(cherry picked from commit
c66b3807a356655d1d4e351502cad939f4d1d101)
Karolin Seeger [Wed, 13 May 2009 08:07:56 +0000 (10:07 +0200)]
s3/packaging: Fix build on RHEL when ccache is not available.
This fixes bug #5832.
Patch was provided by D.L. Meyer <dlmeyer [at] uiuc.edu>.
Thanks for reporting and providing the patch!
Karolin
(cherry picked from commit
42e0cb8c0a1b8470ac8e9ad1c5a741e299debb8f)
(cherry picked from commit
b2205a7697598729f85cb767621b8c610654053c)
Volker Lendecke [Wed, 6 May 2009 10:00:49 +0000 (12:00 +0200)]
Fix Coverity ID 897: REVERSE_INULL
(cherry picked from commit
a0e9521b306a7e83d09de4616a66b49d259f0bbc)
Jeremy Allison [Tue, 28 Apr 2009 18:07:51 +0000 (11:07 -0700)]
Fix bug #6291 - force user stop working. A previous fix broke the invariant that *uid is always initialized on return from create_token_from_username(). Restore it. Jeremy.
(cherry picked from commit
09b76c57098ed4d11855000ae31cd346cb9a765d)
Günther Deschner [Thu, 30 Apr 2009 21:37:26 +0000 (23:37 +0200)]
s3-netapi: Fix Bug #6309: support remote unjoining of Windows 2003 or greater.
Found by David Markey <admin@dmarkey.com>. Thanks!
Guenther
(cherry picked from commit
ab4b8c9c0438bc5afca17e3ebf05dde6f98bc0aa)
(cherry picked from commit
242ae00e56ac553f9ac736b4c2a18b4610bdb6e9)
Volker Lendecke [Thu, 7 May 2009 08:09:32 +0000 (10:09 +0200)]
Fix bug 6336: "net groupmap set" segfaults
(cherry picked from commit
f97e37d0130752dded728a29f5b1024ca19a0733)
Jeremy Allison [Mon, 4 May 2009 15:31:40 +0000 (08:31 -0700)]
Fix bug #6315 smbd crashes doing vfs_full_audit on IPC$ close event. The underlying problem is that once SMBulogoff is called, all server_info contexts associated with the vuid should become invalid, even if that's the context being currently used by the connection struct (tid). When the SMBtdis comes in it doesn't need a valid vuid value, but the code called inside vfs_full_audit always assumes that there is one (and hence a valid conn->server_info pointer) available.
This is actually a bug inside the vfs_full_audit and other code inside Samba,
which should only indirect conn->server_info on calls which require AS_USER to
be set in our process table. I could fix all these issues, but there's no
guarentee that someone might not add more code that fails this assumption, as
it's a hard assumption to break (it's usually true).
So what I've done is to ensure that on SMBulogoff the previously used
conn->server_info struct is kept around to be used for print debugging purposes
(it won't be used to change to an invalid user context, as such calls need
AS_USER set). This isn't strictly correct, as there's no association with the
(now invalid) context being freed and the call that causes conn->server_info to
be indirected, but it's good enough for most cases.
The hard part was to ensure that once a valid context is used again (via new
sessionsetupX calls, or new calls on a still valid vuid on this tid) that we
don't leak memory by simply replacing the stored conn->server_info pointer. We
would never actually leak the memory (as all conn->server_info pointers are
talloc children of conn), but with the previous patch a malicious client could
cause many server_info structs to be talloced by the right combination of SMB
calls. This new patch introduces free_conn_server_info_if_unused(), which
protects against the above.
Jeremy.
This was commit
e46a88ce35e1aba9d9a344773bc97a9f3f2bd616 in master.
(cherry picked from commit
146d007e70351532431b739f1264615111044768)
Karolin Seeger [Wed, 6 May 2009 14:06:59 +0000 (16:06 +0200)]
s3/docs: Remove unnecessary .sp.
Karolin
(cherry picked from commit
4a4dc776b2f0ca813abcf4f47f0d5721f75f3e6a)
(cherry picked from commit
6a617a9677da9df8f70cf2039245cfb5ce3d94c3)
(cherry picked from commit
8c5771422bf25dba0638c3419ac14f0841b94293)