Stefan Metzmacher [Thu, 24 Sep 2009 04:38:08 +0000 (06:38 +0200)]
s3:rpc_server: we need to make a copy of my_name in serverinfo_to_SamInfo_base()
This is important for the case the server_info already contains a logon_server.
metze
(This is similar to commit
9ef39406d8072a1a102813fb4448af76e9020fcd)
(cherry picked from commit
dd5519d926ecdccc38f488d9a6d5138bfd871aa0)
Volker Lendecke [Wed, 23 Sep 2009 04:23:50 +0000 (06:23 +0200)]
s3:winbind: Fix an uninitialized variable (cherry picked from commit
0724649a8a7c04d015317d9dc2ae43ee87c1bd25)
(cherry picked from commit
d6af2a5ff4e4f723e521a3f708751b3155f870fc)
Günther Deschner [Thu, 17 Sep 2009 07:43:36 +0000 (09:43 +0200)]
s3-winbindd: Fix Bug #6711: trusts to windows 2008 (2008 r2) not working.
Winbindd should always try to use LSA via an schannel authenticated ncacn_ip_tcp
connection when talking to AD for LSA lookup calls.
In Samba <-> W2k8 interdomain trust scenarios, LookupSids3 and LookupNames4 via an
schannel ncacn_ip_tcp LSA connection are the *only* options to successfully resolve
sids and names.
Guenther
(cherry picked from commit
6a8ef6c424c52be861ed2a9806f917a64ec892a6)
(cherry picked from commit
3bd36630e402b6215a46f8b0ba98e9e2b18b44eb)
Günther Deschner [Sat, 12 Sep 2009 21:30:39 +0000 (23:30 +0200)]
s3-winbindd: add cm_connect_lsa_tcp().
Guenther
(cherry picked from commit
58f2deb94024f002e3c3df47f45454edc97f47e1)
(cherry picked from commit
b35d5cf97fd610874583f0d03c6cda4def0cf0f5)
Günther Deschner [Thu, 17 Sep 2009 07:42:49 +0000 (09:42 +0200)]
s3-rpc_client: fix non initialized structure in rpccli_lsa_lookup_sids_noalloc.
Guenther
(cherry picked from commit
a4b5c792c55ef90648a528d279beec32f86a9b22)
(cherry picked from commit
27219ada4ec86544ceb8488850293b07f1ea7a10)
Günther Deschner [Sat, 12 Sep 2009 22:28:49 +0000 (00:28 +0200)]
s3-rpc_client: add rpccli_lsa_lookup_sids3 wrapper.
Guenther
(cherry picked from commit
2f9adf04e4b3e16c046cb371a428a8a70d5de041)
(cherry picked from commit
e867d3d9bb6494cde621f8f951f7aece5798f5fe)
Günther Deschner [Fri, 11 Sep 2009 17:35:14 +0000 (19:35 +0200)]
s3-rpc_client: add rpccli_lsa_lookup_names4 wrapper.
Guenther
(cherry picked from commit
ff968712bab6c2635ef74723c6f52b0fdac4b424)
(cherry picked from commit
99627d8e38a28759095b6704e8314c931ca638a0)
Günther Deschner [Thu, 17 Sep 2009 06:06:34 +0000 (08:06 +0200)]
s3-winbindd: add and use winbindd_lookup_names().
Guenther
(cherry picked from commit
99c3fc19587431efda1ae6161453d84673b32071)
(cherry picked from commit
6bcf24a2affb4798840e5cc49aeeb6c78d0265d0)
Günther Deschner [Thu, 17 Sep 2009 05:59:25 +0000 (07:59 +0200)]
s3-winbindd: add and use winbindd_lookup_sids().
Guenther
(cherry picked from commit
f0b52b8c3133e3696db361d9d0e7d1fff0fab991)
(cherry picked from commit
faa6a8de595ea38d3291dc7fb80d314a3b3f05cc)
Günther Deschner [Thu, 10 Sep 2009 20:23:21 +0000 (22:23 +0200)]
s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_schannel().
Guenther
(cherry picked from commit
bea8e5fa6038d5abd2ec1e12f9005c4a04abb79f)
(cherry picked from commit
5b44f54a18b60fe3814623f351025335a0273916)
Günther Deschner [Thu, 10 Sep 2009 20:23:21 +0000 (22:23 +0200)]
s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_spnego_ntlmssp and cli_rpc_pipe_open_ntlmssp.
Guenther
(cherry picked from commit
032e01e7c13724d057b5744d7d79613449c2f24f)
(cherry picked from commit
cd8874214dba810e60faca155611dbcf2f1351f7)
Günther Deschner [Tue, 4 Nov 2008 17:40:24 +0000 (18:40 +0100)]
s3-rpc_client: add cli_rpc_pipe_open_noauth_transport.
Guenther
(cherry picked from commit
87f61a144b8d25c90b847940ca03ced1f77b036c)
(cherry picked from commit
18b8928c8cb12d2f56efcc61df5b74db3caec29c)
Günther Deschner [Thu, 10 Sep 2009 17:59:37 +0000 (19:59 +0200)]
s3-rpc_client: add enum dcerpc_transport_t to rpc_cli_transport struct.
Guenther
(cherry picked from commit
393a1f594d5f03a51448cdc465f92c599a93904c)
(cherry picked from commit
ef11ccb47db899603a100e67c3ca9ecd3298e347)
Jeremy Allison [Fri, 2 Oct 2009 10:23:32 +0000 (12:23 +0200)]
Second part of a fix for bug #6235.
Domain enumeration breaks if master browser has space in name.
(cherry picked from commit
f3f9dfd667526611b1fed3d47dc60eb45932eee0)
Derrell Lipman [Fri, 2 Oct 2009 10:22:25 +0000 (12:22 +0200)]
Fix bug #6532.
Domain enumeration breaks if master browser has space in name.
(cherry picked from commit
6b4b66c0cbf6147c693a84e6aec0b5cd07fd2e54)
Simo Sorce [Fri, 25 Sep 2009 14:59:04 +0000 (10:59 -0400)]
Fixing timeval calculation
The code was always doubling microseconds when attempting to round up.
Fix bug #6764.
(cherry picked from commit
7f8e6b98822df2ea813e6a7da6a8f14c503935d9)
Volker Lendecke [Tue, 29 Sep 2009 12:34:16 +0000 (14:34 +0200)]
s3: Document the "share:fake_fscaps" parameter, fix bug 6765
(cherry picked from commit
21794b0dd28a80b149342b3218d7ebb4c8791e09)
(cherry picked from commit
d046ab32094caa9511862144df1c00e64c234487)
Volker Lendecke [Wed, 9 Sep 2009 19:58:47 +0000 (21:58 +0200)]
s3:smbd: Add a "hidden" parameter "share:fake_fscaps"
This is needed to support some special app I've just come across where I had to
set the SPARSE_FILES bit (0x40) to make it work against Samba at all. There
might be others to fake. This is definitely a "Don't touch if you don't know
what you're doing" thing, so I decided to make this an undocumented parametric
parameter.
I know this sucks, so feel free to beat me up on this. But I don't think it
will hurt.
(cherry picked from commit
a5cace128d1dcabd6cc90dda71a09dfa8ee8c6f6)
Fix bug #6765.
(cherry picked from commit
af0c2b78f7b697fae0fae6f88a5c9922abc7c514)
Lars Müller [Mon, 2 Feb 2009 20:38:38 +0000 (21:38 +0100)]
Adjust regex to match variable names including underscores
This is required to get the CIFSUPCALL_PROGS setting extracted from
config.log.
(cherry picked from commit
5148eefe1ea6e215dcbf4ffaa642860bd8dab45f)
Fix for bug #6710.
(cherry picked from commit
f142ae80e344f098fb01a4c154a9fe46ed9a4eae)
Bo Yang [Wed, 16 Sep 2009 15:57:01 +0000 (23:57 +0800)]
s3: Don't overwrite password in pam_winbind, subsequent pam modules might use the old password and new password.
Signed-off-by: Bo Yang <boyang@samba.org>
Fix bug #6735.
(cherry picked from commit
2a2779bb752d83ff51161a7e5d62ca21c4e6c909)
Volker Lendecke [Wed, 16 Sep 2009 01:20:49 +0000 (03:20 +0200)]
s3: Fix reading beyond the end of a named stream in xattr_streams
This was found thanks to a test by Sivani from Microsoft against Samba at the
SDC plugfest
(cherry picked from commit
444a05c28df693a745809fef73ae583a78be7c8f)
Fix bug #6731.
(cherry picked from commit
ff9355149c9af7ca0e31b36690b270a03cb787fc)
Björn Jacke [Tue, 15 Sep 2009 04:48:49 +0000 (06:48 +0200)]
s3: BSD needs sys/sysctl.h included to build properly
FreeBSD (and other BSDs, too) need sys/sysctl.h inclueded to use sysctlbyname().
Thanks to Timur Bakeyev for that.
Fix bug #6728.
(cherry picked from commit
9c86a96af381f2826456f91eb99073c9fca633de)
Volker Lendecke [Fri, 18 Sep 2009 16:27:16 +0000 (18:27 +0200)]
s3:smbstatus: Fix bug 6703, allow smbstatus as non-root
We only require a ctdb connection when clustering is enabled. This limits the
restriction for only-root smbstatus to the clustering case.
(cherry picked from commit
b22713717422b822c3b8fcba611fc01e262d52c9)
Björn Jacke [Tue, 7 Jul 2009 20:11:50 +0000 (22:11 +0200)]
s3: QNX doesn't know uint - replace with uint_t
(cherry picked from commit
a28596964b44f20d794999541d38fe4bae64b56b)
(cherry picked from commit
47c2dc4eee5f7644601db0c24dca0ca30b482940)
Jeremy Allison [Tue, 15 Sep 2009 07:40:48 +0000 (09:40 +0200)]
s3/libsmb: SIVAL should have been an SVAL.
Fix bug #6726.
(cherry picked from commit
7ec7440fc2f78ef49cebdc819ff81db5ce9d143c)
Marc Aurele La France [Thu, 10 Sep 2009 16:52:11 +0000 (09:52 -0700)]
Fix bug 6707 - 3.4.1 segfault in parsing configs.
Fixes an occasional segfault caused by an out-of-bounds reference in config file parsing.
(cherry picked from commit
7c00227f00a83345035c4c0a6716b46864f2da8d)
(cherry picked from commit
0241ba8ce2b6da049fb3cc512508a9e9c5732781)
Jeremy Allison [Wed, 9 Sep 2009 21:39:17 +0000 (14:39 -0700)]
Fix bug 6529 - Offline files conflict with Vista and Office 2003. Jeremy.
(cherry picked from commit
e971428f137dcb42e8b735386d79f1b3a6effe34)
Lars Müller [Mon, 2 Feb 2009 20:12:52 +0000 (21:12 +0100)]
Conditional install of the cifs.upcall man page
Only install the cifs.upcall man page if CIFSUPCALL_PROGS was set while
configure.
(cherry picked from commit
e9e2414e798a2eb447de45803e61cc0a49752f11)
(cherry picked from commit
5cd771b964aa36082716352522a68c962e1aaba8)
Björn Jacke [Fri, 3 Jul 2009 12:25:06 +0000 (14:25 +0200)]
s3:configure: fix syntax error in avahi configure test
(cherry picked from commit
b54e48b830dbc3d66f9de5d2711a57a1630809e2)
Should fix bug #6704.
(cherry picked from commit
686439599ad78c6f4d5609129113e6da51fb4a57)
Shirish Pargaonkar [Mon, 27 Jul 2009 16:02:35 +0000 (12:02 -0400)]
umount.cifs: do not attempt to update /etc/mtab if it is symbolic link
If /etc/mtab is a symbolic link to e.g. /proc/mounts, do not update it.
This is a fix for a bug reported in 4675 on samba bugzilla
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
(cherry picked from commit
a869e4253a87f9a5e13dbe87b2799f8683d238d7)
Fixes bug #4675.
(cherry picked from commit
f710535e947008a083b49d8a3faa117208616d7f)
Jeremy Allison [Wed, 30 Sep 2009 12:17:40 +0000 (14:17 +0200)]
Fix for CVE-2009-2906.
Summary:
Specially crafted SMB requests on
authenticated SMB connections can send smbd
into a 100% CPU loop, causing a DoS on the
Samba server.
Karolin Seeger [Wed, 30 Sep 2009 11:54:22 +0000 (13:54 +0200)]
WHATSNEW: Update release notes.
Karolin
Karolin Seeger [Mon, 28 Sep 2009 11:38:32 +0000 (13:38 +0200)]
WHATSNEW: Update release date.
Karolin
Jeremy Allison [Mon, 28 Sep 2009 11:26:37 +0000 (13:26 +0200)]
Fix for CVE-2009-2813.
===========================================================
== Subject: Misconfigured /etc/passwd file may share folders unexpectedly
==
== CVE ID#: CVE-2009-2813
==
== Versions: All versions of Samba later than 3.0.11
==
== Summary: If a user in /etc/passwd is misconfigured to have
== an empty home directory then connecting to the home
== share of this user will use the root of the filesystem
== as the home directory.
===========================================================
Jeff Layton [Fri, 25 Sep 2009 11:03:07 +0000 (07:03 -0400)]
mount.cifs: don't leak passwords with verbose option
When running mount.cifs with the --verbose option, it'll print out the
option string that it passes to the kernel...including the mount
password if there is one. Print a placeholder string instead to help
ensure that this info can't be used for nefarious purposes.
Also, the --verbose option printed the option string before it was
completely assembled anyway. This patch should also make sure that
the complete option string is printed out.
Finally, strndup passwords passed in on the command line to ensure that
they aren't shown by --verbose as well. Passwords used this way can
never be truly kept private from other users on the machine of course,
but it's simple enough to do it this way for completeness sake.
Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve French <sfrench@us.ibm.com>
Part 2/2 of a fix for CVE-2009-2948.
Jeff Layton [Fri, 25 Sep 2009 10:51:01 +0000 (06:51 -0400)]
mount.cifs: check access of credential files before opening
It's possible for an unprivileged user to pass a setuid mount.cifs a
credential or password file to which he does not have access. This can cause
mount.cifs to open the file on his behalf and possibly leak the info in the
first few lines of the file.
Check the access permissions of the file before opening it.
Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve French <sfrench@us.ibm.com>
Part 1/2 of a fix for CVE-2009-2948.
Karolin Seeger [Mon, 28 Sep 2009 11:21:07 +0000 (13:21 +0200)]
WHATSNEW: Prepare release notes for 3.4.2.
Karolin
Karolin Seeger [Thu, 24 Sep 2009 12:29:43 +0000 (14:29 +0200)]
Raise version number up to 3.4.2.
Karolin
Karolin Seeger [Wed, 9 Sep 2009 12:24:08 +0000 (14:24 +0200)]
WHATSNEW: Update changes.
Karolin
(cherry picked from commit
a87116873bdbb4301f35b1d3f6bc8596f96be975)
Volker Lendecke [Wed, 9 Sep 2009 10:24:08 +0000 (12:24 +0200)]
s3:libsmb: Correctly chew keepalive packets
Thanks a *lot* to Günther to send me the relevant traces!
Volker
Signed-off-by: Günther Deschner <gd@samba.org>
Fixes bug #6646 (Winbind authentication issue on 3.2.13/14 and 3.4.0 (was:
[Samba] Crazied NTLM_AUTH on samba 3.4.0)).
(cherry picked from commit
a4f9583ce364fad963cc154f0229cb57ec0043d2)
Karolin Seeger [Wed, 9 Sep 2009 10:53:36 +0000 (12:53 +0200)]
WHATSNEW: Update changes since 3.4.0.
Karolin
(cherry picked from commit
abc676bcd5eec40946c2e851345a6e973bf2cbea)
SATOH Fumiyasu [Tue, 8 Sep 2009 23:07:17 +0000 (16:07 -0700)]
Fix bug 6496 - libsmbclient: MS-DFS: cannot follow multibyte char link name. A server returns a byte of consumed path in UCS2, not UNIX charset.
(cherry picked from commit
ee70079d08acf23cf7c342f09a7db4f5fc7ca95e)
Jeremy Allison [Tue, 8 Sep 2009 23:22:46 +0000 (16:22 -0700)]
Fix bug 6673 - smbpasswd does not work with "unix password sync = yes". Revert change from 3.3 -> 3.4 with read_socket_with_timeout changed from sys_read() to sys_recv(). read_socket_with_timeout() is called with non-fd's (with a pty in chgpasswd.c and with a disk file in lib/dbwrap_file.c via read_data()). recv works for the disk file, but not the pty. Change the name of read_socket_with_timeout() to read_fd_with_timeout() to make this clear (and add comments). Jeremy.
(cherry picked from commit
91a5b8561e2f13f77fa5648f7cc373aff1701954)
Jeremy Allison [Thu, 3 Sep 2009 14:40:48 +0000 (07:40 -0700)]
Hopefully last part of the fix for bug 6651 - smbd SIGSEGV when breaking oplocks. This one is subtle. There is a race condition where a signal can be queued for oplock break, and then the file can be closed by the client before the signal can be processed. Currently if this occurs we panic (we can't match an incoming signal fd with a fsp pointer). Simply log the error (at debug level 10 right now, might be too much) and then return without processing the break request. It looks like there is another race condition with this fix, but here's why it won't happen. If the signal was pending (caused by a kernel oplock break from a local file open), and the client closed the file and then re-opened another file which happened to use the same file descriptor as the file just closed, then theoretically the oplock break requests could be processed on the wrong fd. Here's why this should be very rare.. Processing a pending signal always take precedence over an incoming network request, so as long as the client close request is non-chained then the break signal should always be harmlessly processed *before* the open can be called. If the open is chained onto the close, and the fd on the new open is the same as the old closed fd, then it's possible this race will occur. However, all that will happen is that we'll lose the oplock on this file. A shame, but not a fatal event. Jeremy. (cherry picked from commit
bdc7bdb0d3e02d04477906dbda8995bc5789ce22)
(cherry picked from commit
95cc5af5fd6150f3c54cd344b66393dbc186c2df)
Jeremy Allison [Tue, 25 Aug 2009 04:14:52 +0000 (21:14 -0700)]
Help debug for bug 6651 - smbd SIGSEGV when breaking oplocks. Should help track if we get invoked with an invalid fd from the signal handler. Jeremy. (cherry picked from commit
213546103749c30dbb3ad8472872b9a8fad34205)
(cherry picked from commit
6b9d518b9f1244c99fbaa2812886d02635caff14)
Stefan Metzmacher [Fri, 4 Sep 2009 10:56:39 +0000 (12:56 +0200)]
tevent: change version to 0.9.8 after some critical bugs have been fixed
metze
(cherry picked from commit
1bb68402a2e37f39118eaaaa039ac69e03ba66f2)
(cherry picked from commit
a9890fb49d2372edbf2050134bb21450d98ff7f6)
Jeremy Allison [Thu, 3 Sep 2009 14:38:21 +0000 (07:38 -0700)]
Another part of the fix for bug 6651 - smbd SIGSEGV when breaking oplocks. SA_INFO_QUEUE_COUNT *MUST* be a power of 2, in order for the ring buffer wrap to work correctly at the 32 bit boundary. Thanks to Petr Vandrovec <petr@vandrovec.name> for this. (cherry picked from commit
c97698e762b1ea8d7133f04ae822225676a6f135)
(cherry picked from commit
161e20843054ecc5745e967da2a9d08ed09229d0)
Volker Lendecke [Sat, 29 Aug 2009 07:41:32 +0000 (09:41 +0200)]
tevent: Fix a segfault upon the first signal
When the first signal arrives, tevent_common_signal_handler() crashed: "ev" is
initialized to NULL, so the first "write(ev->pipe_fds[1], &c, 1);" dereferences
NULL.
Rusty, Tridge, please check. Also, can you tell me a bit more about the
environment you tested this in? I'd be curious to see where this survived.
Thanks,
Volker
(cherry picked from commit
23abcd2318c69753aa2a144e1dc0f9cf9efdb705)
(cherry picked from commit
1108225c1316521bf2bb59c9b99b030440af0002)
Rusty Russell [Fri, 28 Aug 2009 02:41:23 +0000 (12:11 +0930)]
lib/tevent: close pipe_fds on event_context destruction
The "hack_fds" were never closed before; now they're inside event_context
they should be closed when that is destroyed.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(cherry picked from commit
76d91156c82e20bbd68c752376cb814d71759033)
(cherry picked from commit
5cc105ac513164d66d4661a41d1daa99f28ab928)
Rusty Russell [Fri, 28 Aug 2009 02:38:47 +0000 (12:08 +0930)]
lib/tevent: handle tevent_common_add_signal on different event contexts.
I don't know if this is a problem in real life.
The code assumes there's only one tevent_context; all signals will notify
the first event context. That's counter-intuitive if you ever use more
than one, and there's nothing else in this code which prevents it AFAICT.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(cherry picked from commit
be4ac227842530d484659f2db683453366326d8b)
(cherry picked from commit
792ab5c34a20bd2b292b642dc96cae62e5ad1ce0)
Rusty Russell [Fri, 28 Aug 2009 02:34:22 +0000 (12:04 +0930)]
lib/tevent: fix race with signals and tevent_common_add_signal
We carefully preserve the old signal handler, but we replace it before
we've set up everything; in particular, if we fail setting up the
pipe_hack we could write a NUL char to stdout (fd 0), instead of
calling the old signal handler.
Replace the signal handler as the very last thing we do.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(cherry picked from commit
6abb637e3e0d23635fdbbb91c163731b325d696d)
(cherry picked from commit
bd28ae54a635667096e4a0d1010a1c3cce59712f)
Rusty Russell [Wed, 26 Aug 2009 08:00:32 +0000 (17:30 +0930)]
lib/tevent: remove spectacularly complicated manual subtraction
To be completely honest, I don't quite know whether to laugh or cry at
this one:
1 + (0xFFFFFFFF & ~(s.seen - s.count))
== 1 + (~(s.seen - s.count)) # s.seen, s.count are uint32_t
== s.count - s.seen # -A == ~A + 1
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(cherry picked from commit
4279879c9847ca069527e11ca934b8906009cad8)
(cherry picked from commit
fdcc157d51cce8561df37fa9eed39332772bacb9)
Günther Deschner [Mon, 24 Aug 2009 12:27:13 +0000 (14:27 +0200)]
tevent: avoid using reserved c++ word.
Guenther
(cherry picked from commit
965a079535bd11a7870d45991a0d0628d6579b3b)
(cherry picked from commit
c78d2a86f7410b6e09d0c326233e06f09dfc6ddb)
Jeremy Allison [Fri, 21 Aug 2009 22:07:25 +0000 (15:07 -0700)]
Fix for bug 6651 - smbd SIGSEGV when breaking oplocks. Based on a patch submitted by Petr Vandrovec <petr@vandrovec.name>. Multiple pending signals with siginfo_t's weren't being handled correctly leading to smbd abort with kernel oplock signals. Jeremy (cherry picked from commit
ba52f18bfecfd7b0ba22c4ad9e9b5bfd18f34c93)
(cherry picked from commit
4c63af17eda7e22fd6c258524204a44879006db7)
Michael Adam [Tue, 18 Aug 2009 09:53:42 +0000 (11:53 +0200)]
tevent: fix a comment
Michael
(cherry picked from commit
5270efab1a8dd06158aa45467958939b677e4b7b)
(cherry picked from commit
1157ff3353b528d285f456d8e946d98bf202a560)
Stefan Metzmacher [Sat, 15 Aug 2009 08:44:50 +0000 (10:44 +0200)]
tevent: change version to 0.9.7 after adding tevent_req_cancel infrastructure
metze
(cherry picked from commit
97a1ed53ca4255ac7fc5643292019ad30c276de5)
(cherry picked from commit
6e8becce900e7686dcd81307722105d175103c06)
Stefan Metzmacher [Sat, 15 Aug 2009 07:46:23 +0000 (09:46 +0200)]
tevent: add tevent_req_cancel() infrastructure
This offers a generic way for callers to cancel an
async request.
metze
(cherry picked from commit
45e4be0d96abdc729252df1e97bb9a56302e5a4a)
(cherry picked from commit
0a14a3daa8c1f6d402865b8b1f24d91c64085176)
Stefan Metzmacher [Sat, 15 Aug 2009 07:45:39 +0000 (09:45 +0200)]
tevent: add some more doxygen comments for tevent_req functions
metze
(cherry picked from commit
95c3d3b5d8fdc05f20c826a48312f1230f036029)
(cherry picked from commit
f6d54b0db737f3474820b491488c68de41e8e659)
Stefan Metzmacher [Thu, 16 Jul 2009 07:06:42 +0000 (09:06 +0200)]
tevent: try to fix the build on QNX qnx18 6.4.1 it doesn't have SA_RESTART defined
metze
(cherry picked from commit
39684d2cbe1c8c69dc9ca5c6e05861e24091bb83)
(cherry picked from commit
80d62cc788211cf2783e315359f832a95b88cdc5)
Jeremy Allison [Tue, 14 Jul 2009 23:54:01 +0000 (16:54 -0700)]
Change to talloc_zero_size instead of extra memset. Jeremy. (cherry picked from commit
5927ca7067a0ead65c00042a62545b0d940f2b2a)
(cherry picked from commit
5a66d5776923647169ab2ae816f6a632b0f4e8aa)
Jeremy Allison [Tue, 14 Jul 2009 23:42:21 +0000 (16:42 -0700)]
When tallocing a memory block for the state in a tevent_req struct, ensure it's zeroed out. Vl & Metze please check. Jeremy. (cherry picked from commit
7be1d727a31b34debbcf8faa1e0bea911112d145)
(cherry picked from commit
620dde3a0fa246ebac35e64f1a99f56415b15e97)
Stefan Metzmacher [Fri, 4 Sep 2009 11:13:53 +0000 (13:13 +0200)]
Sort the signature files (cherry picked from commit
7119241c0d12768b31ebdb489aa0bbba6ca21e40)
(cherry picked from commit
be0191b0c416f2fbf03d2cdb0a5ea3e8ce3d58e9)
Simo Sorce [Fri, 19 Jun 2009 00:06:00 +0000 (20:06 -0400)]
Expose functions need by backend writers
move publicly needed structures and functions in the public header.
Stop installing internal headers.
Update the signature and exports files with the new exposed
function.
(cherry picked from commit
30b2014a01b31d66dd76e0562c5d769dfacf167b)
(cherry picked from commit
3ee857b058780fd3df915d8dab3e7d4ede682ce8)
Simo Sorce [Thu, 18 Jun 2009 11:56:51 +0000 (07:56 -0400)]
Revert "For tevent to install tevent_util.h"
This reverts commit
b112cc5503350b248949bdbcce8072f5523ce877.
tevent_util.h is a private header. Must not be installed.
(cherry picked from commit
c92505817d6453c100ed52c9c3ab289f5589ce25)
(cherry picked from commit
1e460e95956e9c1352ad9879ed2a9833b96b8746)
Eric Sandall [Fri, 12 Jun 2009 11:24:30 +0000 (13:24 +0200)]
For tevent to install tevent_util.h
Patch for bug #6270
This patch is for the future when samba4 builds using external libraries. With
this patch, tevent now installs tevent_util.h which is required by samba4.
(cherry picked from commit
b112cc5503350b248949bdbcce8072f5523ce877)
(cherry picked from commit
6c002a988bd37cc04b488d78c910540b19cac88e)
Simo Sorce [Sun, 7 Jun 2009 18:10:15 +0000 (14:10 -0400)]
Add exports file and abi checker for tevent
This is a first attempt at exporting symbols only for public functions
We also provide a rudimentary ABI checker that tries to check that
function signatures are not changed by mistake.
Given our use of macros this is not an API checker.
It's all based on tevent.h contents and the gcc -aux-info option
(cherry picked from commit
efccef09aec93180a06955b5e03f1ceb99dc39e8)
(cherry picked from commit
5543fc2599b3ec7e3a676f95d8283d0f55113ec5)
Stefan Metzmacher [Fri, 4 Sep 2009 11:12:42 +0000 (13:12 +0200)]
Increase tevent version for tevent_req_notify_callback() (cherry picked from commit
d0aedeb46e5d2da582b5c030114186f8d755b528)
(cherry picked from commit
000d2835d78b6beb6db573a1946346e01de2ff7d)
Volker Lendecke [Thu, 4 Jun 2009 15:26:23 +0000 (17:26 +0200)]
Add tevent_req_notify_callback
This is necessary for requests that have multiple results. Examples would be
SMBEcho and ldap_search.
(cherry picked from commit
c6f39b46a7b0505331612a1bee15a82f97009f0d)
(cherry picked from commit
8d988b165d373d074b8be321bcc9c20a8e85a6fc)
Jelmer Vernooij [Tue, 19 May 2009 21:31:34 +0000 (23:31 +0200)]
tevent/python: Makefile was still trying to build some non AC_SUBST python targets
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>(cherry picked from commit cf9636ea99bb5063a8c7d771c1e29f684b4b753a)
(cherry picked from commit
d0ab357d3bae114bda2d678049e89272614da713)
Jelmer Vernooij [Sat, 16 May 2009 18:31:59 +0000 (20:31 +0200)]
tevent: Define TALLOC_FREE() if it's not defined yet, to allow building with released versions of talloc. (cherry picked from commit
72b744f38ebb9f9576c05c7bb0a00de26697ec8f)
(cherry picked from commit
ce80afbe3ad7534d659109e60874540531738aaf)
Stefan Metzmacher [Fri, 4 Sep 2009 11:10:56 +0000 (13:10 +0200)]
tevent: Remove python module.
This module didn't have any functionality that we actually used yet, and
it was quite small.
Tevent is quite low level and perhaps doesn't make much sense to expose
directly as a Python module. It was also causing build problems when used with a
system-tevent. We can always back later if necessary.
(cherry picked from commit
5065cf70f8bf41193d6d33413f2285f62bba0502)
(cherry picked from commit
1d0e302bc49c77542fa39a18d995268e8685d141)
Jelmer Vernooij [Sat, 16 May 2009 02:14:21 +0000 (04:14 +0200)]
tevent: Install tevent_internal.h in the standalone build.
This is not ideal, but at least it fixes the build of samba-gtk for now.
I've also added a warning about API guarantees at the top of the header.
(cherry picked from commit
857c3f8322005efd460c2f516a9486a2de059e9f)
(cherry picked from commit
30acc30ce5c01a30a96a6ce80ab99576574d8196)
Jelmer Vernooij [Sat, 16 May 2009 02:03:12 +0000 (04:03 +0200)]
Update copies of config.guess and config.sub. (cherry picked from commit
6230eb94af2305f479db3b76479a0dc841c3d1d5)
(cherry picked from commit
c20026a9afe1527f6442e8eedf669d199d8cdb26)
Jelmer Vernooij [Fri, 15 May 2009 23:54:10 +0000 (01:54 +0200)]
tevent: Don't install headers, since we don't install a shared lib either (from Samba). (cherry picked from commit
06864b4469f5f3d77637f8e6c97ec0558289cd29)
(cherry picked from commit
49c97fb7a1bc49b160677fc7fae69b05bd6161a4)
Stefan Metzmacher [Fri, 1 May 2009 15:45:39 +0000 (17:45 +0200)]
tevent: fix typo async_req_done() => tevent_req_done()
metze
(cherry picked from commit
6f7cd213dd38e770224cf131054862b76069aed8)
(cherry picked from commit
915a516da4ef536d09075e14959cfa7e866f7e7b)
Stefan Metzmacher [Thu, 19 Mar 2009 13:31:43 +0000 (14:31 +0100)]
tevent: fix the nesting logic
Only tevent_loop_once and tevent_loop_until() should care
about the nesting level.
This fixes the samba3 printing code where we use tevent_loop_wait()
and don't allow nested events.
We still call the nesting hook for all levels, we need to decide
if we really want this...
metze
(cherry picked from commit
36e7045340bbc7d6567008bdd87c4cdf717835bd)
(cherry picked from commit
01a4ec433627fe36c9eef7a8f1a7f45b86eb8262)
Andrew Tridgell [Thu, 19 Mar 2009 00:21:36 +0000 (11:21 +1100)]
fixed a logic bug in the tevent nesting code
The event nesting code never triggered as nesting.level was never
greater than 1. The main event loop needs to increase the nesting
level by 1.
I also added a paranoia check to the nesting setup call. The API as
currently written cannot support multiple nesting hooks, so we need to
abort if multiple hooks are tried.
(cherry picked from commit
13b6663e23a424473d14324ac229a21e1e90580a)
(cherry picked from commit
6e968a6f12de83be431e6244c34bb3cecf52ee42)
Günther Deschner [Wed, 9 Sep 2009 00:29:58 +0000 (02:29 +0200)]
s3-winbindd: Fix Bug #6700: Use dns domain name when needing to guess server principal.
Patch from Robert LeBlanc <robert@leblancnet.us>.
Thanks!
Guenther
(cherry picked from commit
1f6f0fc92b1bb487fb99ac1e9c96f8f09adb9fbc)
Karolin Seeger [Tue, 8 Sep 2009 12:39:01 +0000 (14:39 +0200)]
WHATSNEW: Update changes since 3.4.0.
Karolin
(cherry picked from commit
d5098d7372fb3ab5991df5ce6daa994372934b39)
Günther Deschner [Tue, 8 Sep 2009 09:57:52 +0000 (11:57 +0200)]
s3-schannel: Fix Bug #6697. Interdomain trusts with Windows 2008 R2 DCs.
The Schannel verifier (aka NL_AUTH_SIGNATURE) structure (32 byte) sent from a
W2k8r2 DC is passed in a buffer with the size of a NL_AUTH_SHA2_SIGNATURE (56
byte). We should just ignore the remaining 12 zeroed bytes and proceed.
Guenther
(cherry picked from commit
ebd5019ef422a85119a7ea25025ff22d5a3bd757)
Simo Sorce [Sat, 5 Sep 2009 14:18:12 +0000 (10:18 -0400)]
Check we read off the compelte event from inotify
The kernel may return a short read, so we must use read_data() to make sure we
read off the full buffer. If somethign bad happens we also need to kill the
inotify watch because the filedescriptor will return out of sync structures if
we read only part of the data.
Fixes bug #6693.
(cherry picked from commit
ada543569f498ef526ea9602eb19850e37f62fe2)
Bo Yang [Sat, 18 Jul 2009 00:01:56 +0000 (08:01 +0800)]
s3: Fix crsh in net usershare list
Signed-off-by: Bo Yang <boyang@samba.org>
(cherry picked from commit
726762c3793adc4e404dc12420c450a71519bbce)
Björn Jacke [Wed, 15 Jul 2009 15:24:14 +0000 (17:24 +0200)]
s3: make linking of rpcclient --as-needed safe
Second part of a fix for bug #6105.
(cherry picked from commit
5236b3699da2b5cc55d55310de76e4ab65a8bb46)
(cherry picked from commit
5839491d9d9e270e807048a4a505ce42bd99ea18)
Peter Volkov [Wed, 15 Jul 2009 15:36:25 +0000 (17:36 +0200)]
s3: make linking of cifs.upcall --as-needed safe
Part of a fix for bug #6105.
See http://www.gentoo.org/proj/en/qa/asneeded.xml for details.
(cherry picked from commit
2df4550aae1e326511fe4e7e0d2d98be3e578caf)
(cherry picked from commit
b9c07dd26d5177d25b4e136b790ee279aeb63887)
Stefan Metzmacher [Thu, 3 Sep 2009 12:03:02 +0000 (14:03 +0200)]
s4: disable source4 directory for the 3.4.x releases
metze
(cherry picked from commit
6ced4bcadf05578bba83cb061310ad4dcf1e9c94)
(cherry picked from commit
f97a1a0d3b708872534c85dbc5ae53215577057c)
Karolin Seeger [Thu, 3 Sep 2009 08:35:39 +0000 (10:35 +0200)]
WHATSNEW: Update release date.
Karolin
(cherry picked from commit
a527dd4a2be8879700b7adc138c2f041b49b41be)
Karolin Seeger [Thu, 3 Sep 2009 07:38:00 +0000 (09:38 +0200)]
WHATSNEW: Update changes since 3.4.0.
Karolin
(cherry picked from commit
a0f2336ed6f5adb29d636eb880b0f6cd6cfc70f3)
Günther Deschner [Tue, 23 Jun 2009 22:33:44 +0000 (00:33 +0200)]
s3-pdb_ldap: Fix bug #4296: Clean up group membership while deleting a user.
Note that this only is tried with editposix=yes.
Guenther
(cherry picked from commit
272e389ff63d929fc6b06305e00fa042d71dbec0)
Volker Lendecke [Thu, 23 Apr 2009 12:23:23 +0000 (14:23 +0200)]
Fix an uninitialized variable
Fix bug #6684.
(cherry picked from commit
b8cd1cff2dfad726cf6dab368dfcc31a29952889)
(cherry picked from commit
050ded0624a49f2ffb53dcd88a93fd1d8c17595e)
Volker Lendecke [Sun, 30 Aug 2009 09:39:41 +0000 (11:39 +0200)]
s3:libwbclient: Fix bug 6349, initialize domain info struct
(cherry picked from commit
e1a50994800ce311925214254c0a471a9f32c1f7)
Simo Sorce [Sat, 29 Aug 2009 23:31:02 +0000 (19:31 -0400)]
s3-smbpasswd: Fix Bug #6584: allow DOM\user when changing passwords remotely.
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
8cb103372be4eb3232e5e13b67f63562e5506c7e)
Günther Deschner [Tue, 1 Sep 2009 09:58:05 +0000 (11:58 +0200)]
wbclient: Fix Bug #6680: always activate handling of large (> 256 byte) ntlmv2 blobs in wbcAuthenticateUserEx().
Guenther
(cherry picked from commit
dadc57b140b4379f9f2f6fafe40332061df4d5a5)
Karolin Seeger [Tue, 1 Sep 2009 10:55:23 +0000 (12:55 +0200)]
s3-docs: Update build howto.
This addresses bug #6661.
Karolin
(cherry picked from commit
1bc05ca3bb6499d25d54ba49f2abbc54edad37ed)
(cherry picked from commit
ea0f119e7b671f3566b8eecdd0013e9c57079566)
Karolin Seeger [Tue, 1 Sep 2009 07:49:04 +0000 (09:49 +0200)]
WHATSNEW: Update changes since 3.4.0.
Karolin
(cherry picked from commit
c424fce877806bc6aef57941f6e4268300af21bf)
Olaf Flebbe [Mon, 17 Aug 2009 15:31:01 +0000 (17:31 +0200)]
make smbcontrol smbd ping work proper checking for arguments handle short pid_t correctly
Fixes bug #6655.
(cherry picked from commit
5359e397ff190c35414f6961be61a5110e237dd5)
(cherry picked from commit
86c1dbb473323ef9480cb57584be9e02363e80af)
Volker Lendecke [Tue, 14 Jul 2009 21:12:59 +0000 (23:12 +0200)]
Fix bug 5886
Ok, that's a very long-standing one. I finally got around to install a recent
OpenLDAP and test the different variants of setting a NULL password etc.
Thanks all for your patience!
Volker
(cherry picked from commit
6fb3222504a0d2b42cd9292f9e11b2ff246d5c19)
Stefan Metzmacher [Thu, 27 Aug 2009 11:16:15 +0000 (13:16 +0200)]
s3:netlogon: replace cred_hash3 by des_crypt112_16
This makes sure we don't truncate the session key to 8 bytes
Fixes bug #6664
metze
(cherry picked from commit
2467671ba55c5ac834a8aa7ae8ad736958baab1d)
Karolin Seeger [Mon, 24 Aug 2009 09:28:06 +0000 (11:28 +0200)]
WHATSNEW: Update changes since 3.4.0.
Karolin
(cherry picked from commit
0911f7137bf37a9a14e6ebff9a0990482a11375b)
Michael Adam [Fri, 21 Aug 2009 11:59:16 +0000 (13:59 +0200)]
s3: fix bug #6650, authentication at member servers when winbindd is not running
Authentication of domain users on the member server fails when winbindd
is not running. This is because the is_trusted_domain() check behaves
differently when winbindd is running and when it isn't:
Since wb_is_trusted_domain() calls wbcDomainInfo(), and this will also
give a result for our own domain, this succeeds for the member
server's own domain when winbindd is running. When winbindd is not
running, is_trusted_domain() checks (and possibly updates) the trustdom
cache, and this does the lsa_EnumTrustDom() rpc call to the DC which
does not return its own domain.
In case of winbindd not running, before 3.4, the domain part was _silently_
mapped to the workgroup in auth_util.c:make_user_info_map(),
which effectively did nothing in the member case.
But then the parameter "map untrusted to domain" was introduced
and the mapping was made to the workstation name instead of
the workgroup name by default unless "map untrusted to domain = yes".
(Commits
d8c54fddda2dba3cbc5fc13e93431b152813892e,
5cd4b7b7c03df6e896186d985b6858a06aa40b3f, and
fbca26923915a70031f561b198cfe2cc0d9c3aa6)
This was ok as long as winbindd was running, but with winbindd not running,
these changes actually uncovered the above logic bug in the check.
So the correct check is to treat the workgroup as trusted / or known
in the member case. This is most easily achieved by not comparing the
domain name against get_global_sam_name() which is the host name unless
for a DC but against my_sam_name() which is the workgroup for a DC and for
a member, too. (These names are not very intuitive...)
I admit that this is a very long commit message for a one-liner, but this has
needed some tracking down, and I think the change deserves some justification.
Michael
(cherry picked from commit
6afb02cb53f47e0fd7e7df3935b067e7e1f8a9de)
(cherry picked from commit
d4c82fcb106ba872a9987ae40e0fe2d58b7ef1bb)
Jeremy Allison [Fri, 21 Aug 2009 10:44:54 +0000 (12:44 +0200)]
Fix Red Hat bugzilla bug : https://bugzilla.redhat.com/show_bug.cgi?id=516165
nautilus fails to copy files from an SMB share. This is a show-stopper
for 3.4.1. Although gnome-vfs is doing *incredibly* stupid things by asking
for a read size of 65535 - this translates on the wire to a 65534 byte read
followed by a 1 byte read. Please send this back to the gnome developers that
they will ge horrid on the wire performance for this.
Jeremy.
Fixes bug #6649.
Fixed in master with commit
33d27797d3ae9ab3ff7e1aa940941cc450f5ad1d.
(cherry picked from commit
ef891070288cd13aff7c730de7c1baf54dddb90f)