Jeremy Allison [Mon, 29 Aug 2011 23:53:04 +0000 (16:53 -0700)]
Fix bug Bug 8422 - Infinite loop in ACL module code.
Missing assignment means this loop will never terminate. Need to be applied
to 3.5.x and 3.6.1.
Jeremy Allison [Sat, 20 Aug 2011 18:49:59 +0000 (20:49 +0200)]
s3-vfs: Fix vfs_chown_fsp.
Fix bug #8370 (vfs_chown_fsp broken -- returns in the wrong directory).
Volker Lendecke [Thu, 11 Aug 2011 14:52:22 +0000 (16:52 +0200)]
s3: Fix bug 8360
OS/2 sends an unexpected write&x/read&x chain
(cherry picked from commit
2aca833308049d005c647aabcd9d894f59698ef4)
Volker Lendecke [Fri, 29 Jul 2011 22:43:46 +0000 (15:43 -0700)]
s3: Add a fallback for missing open&x support in OS/X Lion
The last 4 patches address bug #8338 (MAC Lion - smbclient "Open AndX
Request->STATUS_NOT_SUPPORTED).
Volker Lendecke [Fri, 29 Jul 2011 22:03:03 +0000 (15:03 -0700)]
s3: Make map_open_params_to_ntcreate() available in lib/
Volker Lendecke [Fri, 29 Jul 2011 21:41:10 +0000 (14:41 -0700)]
s3: Make is_executable() available in lib/
Volker Lendecke [Fri, 29 Jul 2011 21:26:58 +0000 (14:26 -0700)]
s3: We only need base_name in map_open_params_to_ntcreate
Björn Jacke [Thu, 4 Aug 2011 14:25:08 +0000 (16:25 +0200)]
s3/swat: use strlcat instead of strncat to fix build on old Linux distros
SLES 9's glibc for example had weird macros where the use of strncat resulted
in the use of strcat which we don't allow.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Thu Aug 4 17:50:24 CEST 2011 on sn-devel-104
(cherry picked from commit
d3b4d75364210e2d2a4a1cd806f28b0021f22909)
Fix bug #8362 (build issue on old glibc systems).
(cherry picked from commit
87fa72a5202fe3780d4a61289bf755027cd078f4)
Stefan Metzmacher [Fri, 5 Aug 2011 17:48:38 +0000 (19:48 +0200)]
s3:web/swat: use strtoll() instead of atoi/atol/atoll
This is more portable, as we have a strtoll replacement
in lib/replace.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Aug 6 11:55:45 CEST 2011 on sn-devel-104
(cherry picked from commit
a6be0820d09b3f3eabfbb5f4356add303aa8a494)
Fix bug #8347 (CVE-2011-2522 regression for HP-UX, AIX and OSF).
Karolin Seeger [Sun, 7 Aug 2011 18:50:50 +0000 (20:50 +0200)]
WHATSNEW: Fix typo.
Karolin
Karolin Seeger [Thu, 4 Aug 2011 19:40:47 +0000 (21:40 +0200)]
WHATSNEW: Remove wrong entry.
This one was added by accident, sorry!
Karolin
Karolin Seeger [Thu, 4 Aug 2011 19:38:26 +0000 (21:38 +0200)]
WHATSNEW: Start release notes for 3.5.12.
Karolin
Karolin Seeger [Thu, 4 Aug 2011 19:35:51 +0000 (21:35 +0200)]
VERSION: Bump version up to 3.5.12.
Karolin
Karolin Seeger [Wed, 3 Aug 2011 18:20:58 +0000 (20:20 +0200)]
WHATSNEW: Add changes since 3.5.10.
Karolin
Karolin Seeger [Tue, 2 Aug 2011 19:19:36 +0000 (21:19 +0200)]
WHATSNEW: Sync with v3-5-stable.
Karolin
Jeremy Allison [Tue, 2 Aug 2011 18:49:46 +0000 (20:49 +0200)]
Fix bug 7462 - Non-standard SA_RESETHAND is used in ...lib/tevent/tevent_sig
Make SA_RESETHAND conditional on its existance.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Aug 1 22:03:45 CEST 2011 on sn-devel-104
(cherry picked from commit
0c67efdd68b9808542c090b9fd9920e4e37d85d0)
Volker Lendecke [Mon, 10 May 2010 09:53:03 +0000 (11:53 +0200)]
s3: Test for "__attribute__((destructor))"
(cherry picked from commit
36e736871e28665ffcbbc4d0c87e1a2b60fcf0e0)
Fix bug #8322 (HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR is missing from 3.5.x).
Karolin Seeger [Tue, 26 Jul 2011 18:39:28 +0000 (20:39 +0200)]
WHATSNEW: Start release notes for 3.5.11.
Karolin
(cherry picked from commit
6ab1dc24d77a58d4c37cb816ce04762c1df7521c)
Karolin Seeger [Tue, 26 Jul 2011 18:36:37 +0000 (20:36 +0200)]
VERSION: Bump version up to 3.5.11.
Karolin
(cherry picked from commit
b6678d3dbcba6a2ee4961d2565477d362035e1b3)
Karolin Seeger [Sun, 24 Jul 2011 19:09:38 +0000 (21:09 +0200)]
s3-swat: Fix typo.
Thanks to Simo for reporting!
Karolin
(cherry picked from commit
9f73c1990a19daa899fa5345530a867e69a5be94)
Kai Blin [Tue, 12 Jul 2011 06:08:24 +0000 (08:08 +0200)]
s3 swat: Create random nonce in CGI mode
In CGI mode, we don't get access to the user's password, which would
reduce the hash used so far to parameters an attacker can easily guess.
To work around this, read the nonce from secrets.tdb or generate one if
it's not there.
Also populate the C_user field so we can use that for token creation.
Signed-off-by: Kai Blin <kai@samba.org>
The last 12 patches address bug #8290 (CSRF vulnerability in SWAT).
This addresses CVE-2011-2522 (Cross-Site Request Forgery in SWAT).
(cherry picked from commit
0e17d8ef7e4004a0d35011c322b93b6da5811951)
Kai Blin [Sat, 9 Jul 2011 07:52:07 +0000 (09:52 +0200)]
s3 swat: Add time component to XSRF token
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
227921871146563c1d57f9a8faa3b8354058740c)
Kai Blin [Fri, 8 Jul 2011 13:06:13 +0000 (15:06 +0200)]
s3 swat: Add XSRF protection to printer page
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
c287fe37acc8d8cd64ffc5227498f5950df64c2b)
Kai Blin [Fri, 8 Jul 2011 13:05:38 +0000 (15:05 +0200)]
s3 swat: Add XSRF protection to password page
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
01dec3486857243151a63c8f877a4258d5864869)
Kai Blin [Fri, 8 Jul 2011 13:04:48 +0000 (15:04 +0200)]
s3 swat: Add XSRF protection to shares page
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
ecf5f0e613ca7f908cc961e406033bcc842b097a)
Kai Blin [Fri, 8 Jul 2011 13:04:12 +0000 (15:04 +0200)]
s3 swat: Add XSRF protection to globals page
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
9482f46dd0e961145345bd2cdbb01fa35ec9f048)
Kai Blin [Fri, 8 Jul 2011 13:03:44 +0000 (15:03 +0200)]
s3 swat: Add XSRF protection to wizard page
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
02a58bf633f7cd0cb04747d09a8b0a720b5b39b5)
Kai Blin [Fri, 8 Jul 2011 13:03:15 +0000 (15:03 +0200)]
s3 swat: Add XSRF protection to wizard_params page
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
19a697f189156fed86d9d78e8bb6667e764075af)
Kai Blin [Fri, 8 Jul 2011 13:02:53 +0000 (15:02 +0200)]
s3 swat: Add XSRF protection to viewconfig page
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
eae32a3f33c7c555663f917d5fba71033c968511)
Kai Blin [Fri, 8 Jul 2011 10:58:53 +0000 (12:58 +0200)]
s3 swat: Add XSRF protection to status page
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
587002c21aa4e944bf6422d77ec3bc6240bf04d5)
Kai Blin [Fri, 8 Jul 2011 10:57:43 +0000 (12:57 +0200)]
s3 swat: Add support for anti-XSRF token
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
abaccc2a7b45f9c778c00597b2d927222a118f27)
Kai Blin [Fri, 8 Jul 2011 10:56:21 +0000 (12:56 +0200)]
s3 swat: Allow getting the user's HTTP auth password
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
988f59f7eb512fbae5a6cab6ed1dbf32a5737fe7)
Kai Blin [Thu, 7 Jul 2011 08:03:33 +0000 (10:03 +0200)]
s3 swat: Fix possible XSS attack (bug #8289)
Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack
against SWAT, the Samba Web Administration Tool. The attack uses reflection to
insert arbitrary content into the "change password" page.
This patch fixes the reflection issue by not printing user-specified content on
the website anymore.
Signed-off-by: Kai Blin <kai@samba.org>
CVE-2011-2694.
(cherry picked from commit
4cd5237ed156bb5a288e865b5afc88a966e1f386)
Karolin Seeger [Wed, 6 Jul 2011 14:12:27 +0000 (16:12 +0200)]
WHATSNEW: Add changes since 3.5.9.
Karolin
Stefan Metzmacher [Mon, 4 Jul 2011 09:47:24 +0000 (11:47 +0200)]
s3:librpc/gen_ndr: regen after wbint.idl changes
metze
Part of a fix for bug #7841 (WINBINDD_LOOKUPRIDS asks the wrong domain).
Stefan Metzmacher [Thu, 30 Jun 2011 08:09:56 +0000 (10:09 +0200)]
s3:nmbd_subnetdb: close all sockets attached to a subnet in close_subnet() (bug #8276)
metze
(cherry picked from commit
75e9f2110876137a57632d223248ac51dbfc4569)
Stefan Metzmacher [Thu, 30 Jun 2011 07:56:06 +0000 (09:56 +0200)]
s3:nmbd_packets: make sure create_listen_fdset() returns initialized data (bug #8276)
Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open)
(commit
feb3fcd0fa4bda0967b881315595d7702f4d1752) changed the bahavior,
so that we skipped some sockets.
This should work for v3-5-test.
metze
Gregor Beck [Tue, 21 Jun 2011 06:16:56 +0000 (08:16 +0200)]
s3:smbldap: make smbldap_connect_system self contained
The last 5 patches address bug #8253 (winbindd panics if verify_idpool() fails).
Gregor Beck [Tue, 21 Jun 2011 06:06:28 +0000 (08:06 +0200)]
s3:smbldap: add a destructor to smbldap_state, just in case
Gregor Beck [Tue, 21 Jun 2011 06:02:53 +0000 (08:02 +0200)]
s3:smbldap: let smbldap_free_struct do what it claims to
Gregor Beck [Tue, 21 Jun 2011 06:00:59 +0000 (08:00 +0200)]
s3:smbldap: free the idle event scheduled in smbldap_open in smbldap_close
Gregor Beck [Tue, 21 Jun 2011 05:51:41 +0000 (07:51 +0200)]
s3:smbldap: use smbldap_state as memory context for idle event
ensure the event is canceled if the smbldap_state gets freed
this fixes a panic of winbindd if verify_idpool fails
Volker Lendecke [Mon, 27 Jun 2011 12:34:39 +0000 (14:34 +0200)]
s3: explicitly pass domain_sid to wbint_LookupRids() (bug #7841)
Jeremy Allison [Thu, 23 Jun 2011 21:42:27 +0000 (14:42 -0700)]
Fix bug #8254 - "acl check permissions = no" does not work in all cases
Move lp_acl_check_permissions() into can_delete_file_in_directory()
where it makes sense. Remove ACL check when requesting DELETE_ACCESS
when lp_acl_check_permissions is false.
Thanks to John Janosik @ IBM for noticing this.
David Disseldorp [Wed, 16 Feb 2011 16:23:25 +0000 (17:23 +0100)]
s3: increase the log level for missing PIDs on SIGCHLD
Since the fix for bso#7836, the parent smbd is responsible for
maintaining an up-to-date printcap cache. It does this by forking a
child process to asynchronously fetch printcap data from CUPS.
When the child process exits after fetching all printcap data, the
parent smbd is sent SIGCHLD. This triggers smbd_sig_chld_handler() which
looks for the exited process PID on a "children" list.
Child smbd process PIDs are added to the "children" list to ensure
cleanup on unclean shutdown and log level change notification messages.
Printcap update process PIDs are not added to the list as they do not
maintain any state that requires cleanup, nor do they wait on tevent for
messages.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu Feb 17 11:11:45 CET 2011 on sn-devel-104
(cherry picked from commit
9c12232f1ae36e00d04114ad73edd8ba3c2c6a5c)
Fix bug #8269 (smbd spams log with "Could not find child X -- ignoring"
messages).
Karolin Seeger [Fri, 24 Jun 2011 19:16:17 +0000 (21:16 +0200)]
WHATSNEW: Formatting.
Karolin
Andrew Bartlett [Tue, 14 Jun 2011 12:04:11 +0000 (22:04 +1000)]
s3-WHATSNEW 3.5.9 Add information on kerberos change
Volker Lendecke [Thu, 16 Jun 2011 20:20:49 +0000 (22:20 +0200)]
s3: Fix bug 8238 -- KB2536276 prevents access to shares
Without this we were not sending the workgroup name in the negprot reply if
plain text passwords are used.
Michael Adam [Tue, 5 Apr 2011 21:07:01 +0000 (23:07 +0200)]
docs: fix the missing parameter description section in the smb.conf manpage
The smb.conf (5) manpage recently sometimes failed to contain the
contents of the description of each parameter section. The reason
was a unreliable chain of dependencies in the Makefile.
The error can be reproduced by touching manpages-3/smb.conf.5.xml
and then building the manpages.
Then smb.conf.5.xml is newer than any of the smbdotconf/*/*.xml
files and hence the intermediate inexistent parameters.*.xml
don't get generated.
This patch fixes this problem by introducing a phony "parameters"
target referencing the parameters.*.xml targets, so that they
get build unconditionally.
Fix bug #7997 (smb.conf.5 manpage truncated in 3.5.8).
Björn Jacke [Sun, 30 May 2010 19:52:39 +0000 (21:52 +0200)]
libreplace: include sys/file.h only when available
thanks to Joachim Schmitz <schmitz@hp.com>. This fixes #7460.
Andrew Bartlett [Tue, 14 Jun 2011 12:16:02 +0000 (22:16 +1000)]
s3-docs Add documentation for 'client use spnego principal'
Karolin Seeger [Tue, 14 Jun 2011 17:11:21 +0000 (19:11 +0200)]
WHATSNEW: Start release notes for 3.5.10.
Karolin
Karolin Seeger [Tue, 14 Jun 2011 17:08:58 +0000 (19:08 +0200)]
VERSION: Bump version up to 3.5.10.
Karolin
Karolin Seeger [Tue, 14 Jun 2011 11:15:37 +0000 (13:15 +0200)]
WHATSNEW: Update changes since 3.5.8.
Karolin
Jeremy Allison [Tue, 7 Jun 2011 19:36:24 +0000 (12:36 -0700)]
Fix re-opened bug 8083 - "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module.
Fix incorrect interaction when all of
"inherit permissions = yes"
"inherit acls = yes"
"inherit owner = yes"
are set. Found by Björn Jacke. Thanks Björn !
Jeremy Allison [Wed, 8 Jun 2011 21:37:25 +0000 (14:37 -0700)]
Part 5 of bugfix for #8211 - "inherit owner = yes" doesn't interact correctly with "inherit permissions = yes" and POSIX ACLs
Ensure when creating a directory, if we make any changes due to inheritance parameters, we update the stat returned.
Jeremy Allison [Wed, 8 Jun 2011 21:21:52 +0000 (14:21 -0700)]
Part 4 of bugfix for #8211 - "inherit owner = yes" doesn't interact correctly with "inherit permissions = yes" and POSIX ACLs
We don't need to check mode bits as well as dev/ino to
ensure we're in the same place.
Jeremy Allison [Wed, 8 Jun 2011 17:25:33 +0000 (10:25 -0700)]
Part 3 of bugfix for #8211 - "inherit owner = yes" doesn't interact correctly with "inherit permissions = yes" and POSIX ACLs
When changing ownership on a new file make sure we
must have a valid stat struct before making the inheritance
calls (as they may look at it), and if we make changes we
must have a valid stat struct after them.
Jeremy Allison [Wed, 8 Jun 2011 17:17:42 +0000 (10:17 -0700)]
Part 2 of bugfix for #8211 - "inherit owner = yes" doesn't interact correctly with "inherit permissions = yes" and POSIX ACLs
When changing ownership on a new file make sure we
also change the returned stat struct to have the correct uid.
Jeremy Allison [Wed, 8 Jun 2011 17:24:02 +0000 (10:24 -0700)]
Part 1 of bugfix for #8211 - "inherit owner = yes" doesn't interact correctly with "inherit permissions = yes" and POSIX ACLs
When changing ownership on a new directory make sure we
also change the returned stat struct to have the correct uid.
Stefan Metzmacher [Sun, 24 Apr 2011 19:20:19 +0000 (21:20 +0200)]
s3:lib/access: normalize IPv4 mapped IPv6 addresses in both directions (bug #7383)
metze
(cherry picked from commit
4bfe2d5655d97fbc7e65744425b5a098e77f5ba1)
(cherry picked from commit
62b2083c627abeb8a2fb7e5adc793c630d0d561c)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Karolin Seeger [Sun, 5 Jun 2011 19:10:53 +0000 (21:10 +0200)]
WHATSNEW: Add more changes since 3.5.8.
Karolin
Jim McDonough [Wed, 25 May 2011 14:49:41 +0000 (10:49 -0400)]
s3-winbind: BUG 8166 - Don't lockout users when offline.
Windows does not track bad password attempts when offline. We were locking users out but not honoring the lockout duration.
Autobuild-User: Jim McDonough <jmcd@samba.org>
Autobuild-Date: Wed May 25 18:11:10 CEST 2011 on sn-devel-104
(cherry picked from commit
b58534f1fca27e3e72f4f4107538ec05734bd42a)
Jeremy Allison [Wed, 1 Jun 2011 18:38:48 +0000 (20:38 +0200)]
Fix bug #7528 - Solaris with NIS autohome.
Karolin Seeger [Tue, 31 May 2011 19:27:29 +0000 (21:27 +0200)]
WHATSNEW: Start to add changes since 3.5.8.
To be completed...
Karolin
Karolin Seeger [Mon, 30 May 2011 19:17:19 +0000 (21:17 +0200)]
WHATSNEW: Start release notes for 3.5.9.
Karolin
Karolin Seeger [Mon, 30 May 2011 19:13:58 +0000 (21:13 +0200)]
VERSION: Bump version number up to 3.5.9.
Karolin
Jeremy Allison [Tue, 19 Apr 2011 20:25:43 +0000 (13:25 -0700)]
Fix bug #8083 - "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module.
If "inherit owner = yes", pass in the directory owner and group
owner as the target for CREATOR_OWNER and CREATOR_GROUP substitutions,
and also as the owner and primary group of the new security descriptor
being applied to the object.
Jeremy.
Jeremy Allison [Thu, 26 May 2011 23:39:30 +0000 (16:39 -0700)]
Fix bug #6911 - Kerberos authentication from vista to samba fails when security blob size is greater than 16 kB
We were not correctly checking the output of asn1_start_tag().
asn1_start_tag() returns -1 and sets data->has_error if the
remaining blob size is too short to contain the tag length.
We were checking data->has_error and returning NT_STATUS_OK
(to allow the second asn.1 parse to fail in that case). We
should not be checking data->has_error in this case, but
falling through to the code that already checks the length.
Thanks to Jim for reproducing this for me. We don't get bitten
by this as we announce a max buffer size of 16k, greater than
Windows's 4k, which means that most krb5 spnego packets already
fit.
Jeremy.
Jim McDonough [Thu, 26 May 2011 18:29:24 +0000 (20:29 +0200)]
s3-libnet: fix bug #6364: Pull realm from supplied username on libnet join
David Disseldorp [Tue, 24 May 2011 09:50:12 +0000 (11:50 +0200)]
s3-printing: remove duplicate cups response processing code
There is currently a lot of duplicate code included for processing
responses to CUPS_GET_PRINTERS and CUPS_GET_CLASSES requests. This
change splits this code into a separate function.
Signed-off-by: Günther Deschner <gd@samba.org>
David Disseldorp [Tue, 24 May 2011 09:46:25 +0000 (11:46 +0200)]
s3-printing: use printcap IDL for IPC
Use printcap IDL for marshalling and unmarshalling messages between cups
child and parent smbd processes. This simplifies the IPC and ensures
the parent is notified of cups errors encountered by the child.
https://bugzilla.samba.org/show_bug.cgi?id=7994
Signed-off-by: Günther Deschner <gd@samba.org>
David Disseldorp [Tue, 24 May 2011 09:41:27 +0000 (11:41 +0200)]
idl: define printcap IPC message format
Signed-off-by: Günther Deschner <gd@samba.org>
David Disseldorp [Tue, 24 May 2011 09:34:59 +0000 (11:34 +0200)]
s3-printing: an empty cups printer list is treated as an error
cups_async_callback() is called to receive new printcap data from a
child process which requests the information from cupsd.
Newly received printcap information is stored in a temporary printcap
cache (tmp_pcap_cache). Once the child process closes the printcap IPC
file descriptor, the system printcap cache is replaced with the newly
populated tmp_pcap_cache, however this only occurs if tmp_pcap_cache is
non null (has at least one printer).
If the printcap cache is empty, which is the case when cups is not
exporting any printers, the printcap cache is not replaced resulting in
stale data.
Signed-off-by: Günther Deschner <gd@samba.org>
Jeremy Allison [Tue, 24 May 2011 19:47:31 +0000 (12:47 -0700)]
Fix our asn.1 parser to handle negative numbers.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue May 24 22:57:16 CEST 2011 on sn-devel-104
(cherry picked from commit
e719dfd4dc178f001a5f804fb1ac4e587574415f)
Fix bug #8163 (asn.1 library does not correctly read negative integers).
(cherry picked from commit
859d13141cd831488b60e413f7141514ae4464b5)
Jeremy Allison [Fri, 20 May 2011 19:36:56 +0000 (12:36 -0700)]
Fix bug #8157 - std_pcap_cache_reload() fails to parse a cups printcap file correctly.
The parsing code made some strange assumptions about what is a printer
name, and what is a comment.
David Disseldorp [Mon, 17 Jan 2011 15:09:32 +0000 (16:09 +0100)]
s3-printing: remove pcap_cache_loaded asserts
pcap_cache_loaded() assertions were added to the (re)load_printers()
functions, to ensure the caller had called pcap_cache_reload() prior to
reloading printer shares.
The problem is, pcap_cache_loaded() returns false if the the pcap_cache
contains no printer entries. i.e. pcap_cache_reload() has run but not
detected any printers.
Remove these assertions, correct call ordering is already enforced.
Signed-off-by: Günther Deschner <gd@samba.org>
The last 3 patches address bug #7836 (A newly added printer isn't visbile to
clients).
David Disseldorp [Thu, 19 May 2011 09:22:37 +0000 (11:22 +0200)]
Revert "Revert "s3-printing: update parent smbd pcap cache""
This reverts commit
b6268f507fa3276c2ef22c58bad400a3fed48cd9.
Signed-off-by: Günther Deschner <gd@samba.org>
David Disseldorp [Thu, 19 May 2011 09:22:18 +0000 (11:22 +0200)]
Revert "Revert "s3-printing: reload shares after pcap cache fill""
This reverts commit
e4579eab7fe3eab7a5209e6de74e6fd2f53099d0.
Signed-off-by: Günther Deschner <gd@samba.org>
Karolin Seeger [Mon, 23 May 2011 18:17:13 +0000 (20:17 +0200)]
Revert "s3-spoolss: Added EN ISO 216, A0 and A1 to builtin forms."
This reverts commit
73bec197a91a15aa9a69c9a3868ed51bdd3674ea.
Please see bug #8129 (Application requests printing on Format A5, but prints as
A4) fro details.
Volker Lendecke [Fri, 23 Apr 2010 17:41:29 +0000 (19:41 +0200)]
libwbclient: Fix bug 8087 -- wbcChangeUserPasswordEx in RESPONSE mode does not work
This is
03115efae89c8c4f51dea1ce82613817bd9fcf5b from master
Actually copy something in wbcChangeUserPasswordEx
The length argument for memcpy was initialized to 0 and not initialized
Günther Deschner [Fri, 1 Oct 2010 04:08:12 +0000 (06:08 +0200)]
s3-net: make sure we dont crash when publishing a single printer.
Guenther
(cherry picked from commit
21576e3f8c32878910460bf9575c200ad93d682a)
Part of a fix for bug #7993 ("net rpc printer MIGRATE" command fails).
Björn Jacke [Fri, 26 Nov 2010 14:14:14 +0000 (15:14 +0100)]
s3/configure: fix GNU ld version detection with old gcc releases
needed as old gcc releases output everything to stderr, even stdout output from
ld
Fixes #7825
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Fri Nov 26 20:15:24 CET 2010 on sn-devel-104
(cherry picked from commit
70a7da0e101910e3ceb08b86d4b840b219e24d7d)
Simo Sorce [Mon, 18 Apr 2011 12:45:11 +0000 (22:15 +0930)]
tdb_expand: limit the expansion with huge records
ldb can create huge records when saving indexes.
Limit the tdb expansion to avoid consuming a lot of memory for
no good reason if the record being saved is huge.
Fix bug #7610 (winbindd_cache.tdb grows too large when scaled).
Günther Deschner [Wed, 11 May 2011 08:30:42 +0000 (10:30 +0200)]
s3-printing: make cups_pull_comment_location() work again.
we deal with lp_cups_server in cups_connect() already, inside the URI all our
other cups functions we use ipp://localhost, do the same here.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed May 11 11:36:07 CEST 2011 on sn-devel-104
The last 3 patches address bug #8132 (Samba does not fill printers Location
field when using cups).
Günther Deschner [Tue, 10 May 2011 13:49:05 +0000 (15:49 +0200)]
s3-printing: Fix double free of cups request.
We never free the request in our cups api usage except for here. The reason is
probably htis (from the cupsDoConnect API docs):
"This function sends the IPP request to the specified server, retrying and
authenticating as necessary. The request is freed with ippDelete() after
receiving a valid IPP response."
Revert "Fix a memory leak in cups_pull_comment_location"
This reverts commit
fee2664dad37536b05ce8bdae3e74d45b257f632.
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Tue May 10 17:32:58 CEST 2011 on sn-devel-104
(cherry picked from commit
019f11dd5b3240d05c1abe30dec3d793d6919313)
Günther Deschner [Tue, 10 May 2011 13:48:25 +0000 (15:48 +0200)]
s3-printing: very obvious fix for cups_pull_comment_location().
This has been in there since 2008...
Guenther
(cherry picked from commit
3ba3f68e03510e3bb5b7627c200af0395e853bc2)
Andrew Bartlett [Thu, 9 Dec 2010 20:57:59 +0000 (07:57 +1100)]
s3-libsmb Don't ever ask for machine$ principals as a target.
It is never correct to ask for a machine$ principal as the target of a
kerberos connection. You should always connect via the
servicePrincipalName.
This current code appears to have built up from a series of minimal
changes, as the codebase adapted the to lack of a SPNEGO principal
from Windows 2008.
Andrew Bartlett
The last two patches address bug #7893 (CIFS tickets vs. <host>$ tickets).
Andrew Bartlett [Sat, 4 Dec 2010 02:48:37 +0000 (13:48 +1100)]
s3-libads Default to NOT using the server-supplied principal from SPNEGO
This principal is not supplied by later versions of windows, and using
it opens up some oportunities for man in the middle attacks. (Becuase
it isn't the name being contacted that is verified with the KDC).
This adds the option 'client use spnego principal' to the smb.conf (as
used in Samba4) to control this behaivour. As in Samba4, this
defaults to false.
Against 2008 servers, this will not change behaviour. Against earlier
servers, it may cause a downgrade to NTLMSSP more often, in
environments where server names are not registered with the KDC as
servicePrincipalName values.
Andrew Bartlett
(cherry picked from commit
bb7806283e71f3b8029aae0eed326b5847a36d83)
Jeremy Allison [Fri, 29 Apr 2011 21:22:54 +0000 (14:22 -0700)]
Fix bug 8111 - CIFS VFS: unexpected error on SMB posix open
We are conflating the O_CREAT|O_EXCL with the O_TRUNC
processing, they need to be separate. We need to chose
using (O_CREAT|O_EXCL) first, then modify if O_TRUNC is
set. This needs two separate switch statements.
Jeremy
Jeremy Allison [Thu, 24 Mar 2011 18:55:38 +0000 (11:55 -0700)]
Fix is_myname_or_ipaddr() to be robust against strange DNS setups.
If IPv6 DNS names are turned on, but Samba isn't configured to
listen on an IPv6 interface, then is_myname_or_ipaddr() can return
false on a valid DNS name that it should detect is our own. If the
IPv6 addr is returned by preference, then looking at the first addr
only causes is_myname_or_ipaddr() to fail. We need to look at all the
addresses returned by the DNS lookup and check all of them against
our interface list. This is an order N^2 lookup, but there shouldn't
be enough addresses to make this a practical problem.
Jeremy.
Fix bug #8038 - Connecting to a printer can return INVALID_PARAMETER when IPv6
DNS names are turned on.
Sergey Korsak [Tue, 19 Apr 2011 16:51:32 +0000 (18:51 +0200)]
s3: Fix bug 8099 - setpwent() actually does endpwent() on FreeBSD
Jeremy Allison [Fri, 8 Apr 2011 22:25:18 +0000 (15:25 -0700)]
Fix bug 8072 - PANIC: create_file_acl_common frees handle two times.
Caused by premature optimisation storing the parent ACL on the
module handle instead of (correctly) on the file fsp. Previous
code wasn't reentrant safe. This is less optimal but doesn't
crash in the specific case :-).
Jeremy.
Jeremy Allison [Mon, 18 Apr 2011 21:26:09 +0000 (14:26 -0700)]
Fix bug 8088 - rpccli_samr_chng_pswd_auth_crap segfaults if any input blobs are null.
Dmitry Butskoy [Mon, 18 Apr 2011 21:14:09 +0000 (14:14 -0700)]
Fix bug 6966 - "allow trusted domains = no" not respected in winbind.
Volker Lendecke [Thu, 7 Apr 2011 20:03:49 +0000 (22:03 +0200)]
s3: Fix bug 8066, wrong output in smbget
Jeremy Allison [Wed, 6 Apr 2011 00:26:00 +0000 (17:26 -0700)]
Fix bug #7987 - ACL can get lost when files are being renamed.
There is no reason for smbd with Windows ACLs to use chmod
or fchmod unless it's a file opened with UNIX extensions or
with posix pathnames.
Günther Deschner [Wed, 13 Apr 2011 15:41:36 +0000 (17:41 +0200)]
s3-cli_pipe: fix timeout in rpc_pipe_open_tcp_port().
Make sure we use a timeout of 60 seconds, not 60 milliseconds...
This prevented us from successfully using the ncacn_ip_tcp client in a lot of
places, I guess.
Guenther
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Apr 13 18:59:19 CEST 2011 on sn-devel-104
(cherry picked from commit
4b3fe5247a6e16b1ad9f05269e9aa00e3120e36a)
Fix bug #8085 - incorrect timeout handling in ncacn_ip_tcp client code.
Günther Deschner [Tue, 12 Apr 2011 08:22:23 +0000 (10:22 +0200)]
s3-docs: document all wbinfo options.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Feb 23 23:45:40 CET 2011 on sn-devel-104
Fix bug #7983 - not all wbinfo parameters are documented in manpage.
Björn Baumbach [Mon, 11 Apr 2011 08:27:58 +0000 (10:27 +0200)]
s3-modules: Fix debug message (bug #8074)
Print child descriptor instead of parent.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Apr 11 11:48:42 CEST 2011 on sn-devel-104
(cherry picked from commit
e6cf92c574fba14132757f141d8b1242fa71be88)
(cherry picked from commit
42ad7630259829f1c40d9d0fcf5376fa007568a3)
git.samba.org / samba.git / log