Karolin Seeger [Mon, 15 Feb 2010 09:22:45 +0000 (10:22 +0100)]
VERSION: We need another release candidate.
Karolin
(cherry picked from commit
70e4d52d290e1851afe9c1f9e4503534713ec8fb)
Karolin Seeger [Mon, 15 Feb 2010 09:37:09 +0000 (10:37 +0100)]
WHATSNEW: Update changes since 3.5.0rc2.
Karolin
(cherry picked from commit
4a386fb1850b558cc7355ecd4e0ce0a9849283e0)
Jeremy Allison [Fri, 12 Feb 2010 00:00:51 +0000 (16:00 -0800)]
Fixes issue with preexec scripts creating a share directory, and problems is a smb.conf reload turns wide links back on after a connection is establised.
Includes git refs :
cd18695fc2e4d09ab75e9eab2f0c43dcc15adf0b
94865e4dbd3d721c9855aada8c55e02be8b3881e
5d92d969dda450cc3564dd2265d2b042d832c542
02a5078f1fe6285e4a0b6ad95a3aea1c5bb3e8cf
a6f402ad87ff0ae14d57d97278d67d0ceaaa1d82
from master.
Jeremy.
Fix bug #7104 ("wide links" and "unix extensions" are incompatible.)
(cherry picked from commit
09fbad07d7fc6577b5617b1ecc912072ad220463)
Volker Lendecke [Sat, 13 Feb 2010 15:38:25 +0000 (16:38 +0100)]
s3: Fix typo found by jhell <jhell@DataIX.net>
(cherry picked from commit
271a4c60dbec0d001dc55df58de8e54274137853)
(cherry picked from commit
eb390b8f917f52eb28f46f39a19abdc717051f3d)
Günther Deschner [Wed, 10 Feb 2010 23:44:06 +0000 (00:44 +0100)]
s3-spoolss: implement spoolss_EnumJobs level 3.
Level 3 has been added with NT 4.0 and Windows 7 (at least 64bit version) makes
use of it in order to display queued jobs. Windows 7 will *not* fall back to
level 2 if we just return WERR_UNKNOWN_LEVEL, instead there will be no printjobs
displayed at all.
Guenther
(cherry picked from commit
25001bbd1b0b32073073dab7cf5b78a2b902163f)
Fix bug #7130 (enumjobs level 3 is required by win7).
(cherry picked from commit
223d9163651a3a2c0bb2bd72886f1a119b7f1fed)
Karolin Seeger [Thu, 11 Feb 2010 12:25:12 +0000 (13:25 +0100)]
WHATSNEW: Mention new "nmbd bind explicit broadcast" parameter.
Karolin
(cherry picked from commit
df5db3d3f02d40d08891faa83717d306ebcd1331)
Jeremy Allison [Wed, 10 Feb 2010 20:32:05 +0000 (12:32 -0800)]
More of the fix for bug #7118 - nmbd problems with socket address.
Add a simple "processed packet queue" cache to stop nmbd responding to
packets received on the broadcast and non-broadcast socket (which
it has opened when "nmbd bind explicit broadcast = yes").
This is a very simple packet queue - it only keeps the packets
processed during a single call to listen_for_packets() (i.e. one
select call). This means that if the delivery notification for a
packet received on both broadcast and non-broadcast addresses
is done in two different select calls, the packet will still be
processed twice. This is a very rare occurrance and we can just
live with it when it does as the protocol is stateless. If this
is ever flagged as a repeatable problem then we can add a longer
lived cache, using timeout processing to clear etc. etc. But without
storing all packets processed we can never be *sure* we've eliminated
the race condition so I'm going to go with this simple solution until
someone proves a more complex one is needed :-).
Jeremy.
(cherry picked from commit
6fe7ee1d216fcf722b3efa23fd80782ce0dd0e9f)
Jeremy Allison [Mon, 8 Feb 2010 22:35:02 +0000 (14:35 -0800)]
Make "nmbd bind explicit broadcast" on by default.
Fix a comment typo.
Jeremy.
(cherry picked from commit
05123ef78c903de2a12b95fb30632f03ac919a4d)
Stefan Metzmacher [Mon, 8 Feb 2010 11:59:13 +0000 (12:59 +0100)]
s3:docs-xml: document "nmbd bind explicit broadcast"
metze
(cherry picked from commit
9887751f6fa6f7e4fd5c79c637e0576405000c01)
The last 3 fixes address bug #7118 (nmbd problems with socket address).
(cherry picked from commit
5456e5e460041256cfa886eb8bab380c59c25b19)
Stefan Metzmacher [Mon, 8 Feb 2010 11:51:29 +0000 (12:51 +0100)]
s3:nmbd: change "nmbd:bind explicit broadcast" into "nmbd bind explicit broadcast"
metze
(cherry picked from commit
0140bc389d56511c3255720856bdb64803ba8930)
(cherry picked from commit
431a78a2f823b415d9fb2b207448e33e6ba12138)
Stefan Metzmacher [Thu, 28 Jan 2010 10:04:05 +0000 (11:04 +0100)]
s3:nmbd: also listen explicit on the subnet broadcast addresses
And send replies always via the unicast address of the subnet.
This behavior is off by default (as before)
and can be enabled with "nmbd:bind explicit broadcast = yes".
metze
(cherry picked from commit
30a1bc365071befd07e68e24ca4fa3843159ab13)
(cherry picked from commit
fe629dbf1aab33f6e75c14b916684c9adeca017f)
Björn Jacke [Wed, 10 Feb 2010 12:48:11 +0000 (13:48 +0100)]
s3: change ldap filter to what really was intended (cherry picked from commit
9b75650f1a963e36a6dd697b5ad2725a8c7c9250)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Part of a fix for bug #7116.
(cherry picked from commit
23116018779938f931394a022893f2a46654a697)
Karolin Seeger [Wed, 10 Feb 2010 10:05:13 +0000 (11:05 +0100)]
WHATSNEW: Update changes since 3.5.0rc2.
Karolin
(cherry picked from commit
085bd69d49e7605e511060110cc0bab5faf99e62)
Jeremy Allison [Tue, 9 Feb 2010 20:17:08 +0000 (12:17 -0800)]
Fix off-by-one error in working out the limit of the NetServerEnum comment.
Jeremy.
Part of a fix for bug #7122 (Reading a large browselist fails (server returns
invalid values in subsequent SMBtrans replies).
(cherry picked from commit
89a7121a3ff3ad110c3635bb493983fafdcee9f6)
Jeremy Allison [Tue, 9 Feb 2010 23:14:38 +0000 (15:14 -0800)]
Fix bug #7122 - Reading a large browselist fails (server returns invalid values in subsequent SMBtrans replies)
There are two problems:
1). The server is off-by-one in the end of buffer space test.
2). The server returns 0 in the totaldata (smb_vwv1) and totalparams (smb_vwv0)
fields in the second and subsequent SMBtrans replies.
This patch fixes both.
Jeremy.
(cherry picked from commit
b07a14dc37d2899f662e1cf87064f99c0bd10b25)
Simo Sorce [Sat, 6 Feb 2010 15:48:39 +0000 (10:48 -0500)]
tdb: raise version to 1.2.1
after recent fixes we need to raise the version to 1.2.1 so that
we can require also the right patched version.
Original commit was
70534adee10fc6f5bba2d9304668dc6508e5de5a in master.
source4/min_versions.m4 was copied from the master branch.
(cherry picked from commit
70128dded977498ef5a693214053192f13c93c6b)
Stefan Metzmacher [Tue, 9 Feb 2010 17:58:36 +0000 (18:58 +0100)]
s3:smbd: use StrCaseCmp() instead of strcasecmp
metze
(cherry picked from commit
bc8242a08e1bb9489cc8171b1ec02bd2518b1857)
Part of a fix for bug #7119 (support for large browselist).
(cherry picked from commit
89b5ebed83ce8e4363928b2b5ddcc2953762c56c)
Stefan Metzmacher [Tue, 9 Feb 2010 17:54:41 +0000 (18:54 +0100)]
s3:smbd: Fix really ugly bool vs. int bug!!!
A comparison function for qsort needs to return an 'int'!
Otherwise you'll get random results depending on the compiler
and the architecture...
metze
(cherry picked from commit
1686a5e7e7eb1b411b003cbbde5c0d28741c6d02)
Part of a fix for bug #7119 (support for large browselist).
(cherry picked from commit
81191c8bbdf7517f35245cca6945ed898ae1e0e2)
Stefan Metzmacher [Tue, 9 Feb 2010 11:57:01 +0000 (12:57 +0100)]
s3:passdb: only use gid_to_sid() result if the result is a group of our local sam
Otherwise retry with pdb_gid_to_sid().
metze
(cherry picked from commit
4dc2be2264926fe415e4e40e212f94793c9831d1)
Last seven patches address bug #7116 (pdb_ldap performance fixes).
(cherry picked from commit
8946a47fcebe57f459c59ee2cb163e15901ff996)
Stefan Metzmacher [Fri, 5 Feb 2010 15:20:21 +0000 (16:20 +0100)]
s3:pdb_ldap: don't search for the users primary group, if we already know it
metze
(cherry picked from commit
6753fb1cf6a834b12b2a9dce3b1a9555390c17be)
(cherry picked from commit
da7cb9feacc7cb84499c73ef463d187a7b2754e8)
Stefan Metzmacher [Wed, 3 Feb 2010 10:32:41 +0000 (11:32 +0100)]
s3:pdb_ldap: optimize ldapsam_alias_memberships() and cache ldap searches.
ldapsam_alias_memberships() does the same LDAP search twice, triggered
via add_aliases() from create_local_nt_token().
This happens when no domain aliases are used.
metze
(cherry picked from commit
49ace81e19de231825216cbf07c7422687131bb6)
(cherry picked from commit
cb31c1df92b195b3fb80b6e21bfba83b8cd867fd)
Stefan Metzmacher [Thu, 4 Feb 2010 16:19:57 +0000 (17:19 +0100)]
s3:pdb_ldap: try to build the full unix_pw structure with ldapsam:trusted support
And also store the gid_to_sid mappings in the idmap_cache.
metze
(cherry picked from commit
25038fa85ff69962ca0975f31802218a897aa1ec)
(cherry picked from commit
66a48d2226d245c373b744c7edea60b3daa57f0f)
Stefan Metzmacher [Thu, 4 Feb 2010 16:16:59 +0000 (17:16 +0100)]
s3:passdb: speed up pdb_get_group_sid()
Use the cached version gid_to_sid() instead
of pdb_gid_to_sid().
And also avoid the expensive lookup_sid() call
for wellkown domain groups.
metze
(cherry picked from commit
e10d0869567436902c8b8cfb50f8c64148d554cb)
(cherry picked from commit
b0c8ff971934ef8aa21abece8693807e0a2ca722)
Volker Lendecke [Sun, 31 Jan 2010 14:18:51 +0000 (15:18 +0100)]
s3: Make pdb_copy_sam_account also copy the group sid
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
b99046fed1bf4a908ed856afb17c3c934c6d305d)
(cherry picked from commit
a1862c23346959cd0aa77653bf488e0686d14376)
Stefan Metzmacher [Sat, 30 Jan 2010 21:28:19 +0000 (22:28 +0100)]
s3: shortcut gid_to_sid when "ldapsam:trusted = yes"
The normal gid_to_sid behaviour is to call sys_getgrgid()
to get the name for the given gid and then call the
getsamgrnam passdb method for the resulting name.
In the ldapsam:trusted case we can reduce the gid_to_sid
operation to one simple search for the gidNumber attribute
and only get the sambaSID attribute from the correspoinding
LDAP object. This reduces the number of ldap roundtrips
for this operation.
metze
(cherry picked from commit
779821df8ecfe3ed2392582b500d26332f0b80fc)
(cherry picked from commit
0fb99386d41241f62312d4bb535976344e5d6492)
Jeremy Allison [Tue, 9 Feb 2010 22:56:12 +0000 (14:56 -0800)]
Missed one check on the memcpy for bug #7063.
Jeremy.
(cherry picked from commit
60fed68259f430cbd67cd1f347cc3218e3c0ea35)
Jeremy Allison [Tue, 9 Feb 2010 22:48:15 +0000 (14:48 -0800)]
Second part of fix for bug 7063 - Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps.
Ensure we have no naked memcpy calls. This isn't a crash bug (it's
already checked in the data_blob_talloc_zero() above, but I want to
get into the pattern of having all memcpy's covered by safety checks.
Jeremy.
(cherry picked from commit
faf4f9cd5e3d948b93dc94b099e87eceec8a3909)
Karolin Seeger [Tue, 9 Feb 2010 15:36:39 +0000 (16:36 +0100)]
s3-docs: Add missing para end tag.
Karolin
(cherry picked from commit
b78de63ef3cde53e3aabbe46654aac5a335f16a8)
Karolin Seeger [Tue, 9 Feb 2010 14:28:33 +0000 (15:28 +0100)]
WHATSNEW: Add changes since 3.5.0rc2.
Karolin
(cherry picked from commit
e504f6c153854016e879a6af3bcffbab7c5652af)
Karolin Seeger [Tue, 9 Feb 2010 10:36:37 +0000 (11:36 +0100)]
WHATSNEW: Update changes.
Karolin
(cherry picked from commit
d7d33a15a66a0afd0b5004294ed3bf2210ce7361)
Jeremy Allison [Mon, 8 Feb 2010 19:04:38 +0000 (11:04 -0800)]
Fix bug #6876 for acl_tdb module.
As pointed out by bj@sernet.de, the rmdir module initializer was
duplicated. Fix this properly.
Jeremy.
(cherry picked from commit
b5a81d917e52a595f691d42372d727422286a377)
Stefan Metzmacher [Mon, 8 Feb 2010 17:38:03 +0000 (18:38 +0100)]
s3:libsmb: fix NetServerEnum3 rap calls.
metze
(cherry picked from commit
9b5198dd443a00fdad4faa1f9cdabedd81012d93)
Fix bug #7119 (support for large browselist).
(cherry picked from commit
8a3e7bffdad2b1493cc962313bab8b0e58bc5543)
Stefan Metzmacher [Fri, 5 Feb 2010 17:08:46 +0000 (18:08 +0100)]
s3:smbd: implement api_RNetServerEnum3
This is needed to support large browse lists.
metze
(cherry picked from commit
30eec0656c926d3d85a438dc28f17649b53318f8)
(cherry picked from commit
68119c56d7080e292b7245feec6bb7b2b7c47e79)
Andrew Tridgell [Thu, 10 Dec 2009 03:35:24 +0000 (14:35 +1100)]
util: added binsearch.h for binary array searches
This was moved from the schema_query code. It will now be used in more
than one place, so best to make it a library macro. I think there are
quite a few places that could benefit from this.
(cherry picked from commit
71943e8858943718affb6a3c0ded2127f07057f0)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
448b8f35d7a7cff73d35304673302178f593c9d0)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
6b24639c08b764eb0205c63674e80b303b2be2ac)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
dd7a09d2098fe0951f8dc716aba1bc9c7a485219)
Stefan Metzmacher [Mon, 8 Feb 2010 17:45:18 +0000 (18:45 +0100)]
s3:smbd: add/improve some DEBUG messages in api_RNetServerEnum2()
metze
(cherry picked from commit
495ac4616654c9e62e14031b7439aff21e42ec91)
(cherry picked from commit
50129a89262a0ae44709d868f30e4fee9f376c4a)
Stefan Metzmacher [Fri, 5 Feb 2010 15:55:15 +0000 (16:55 +0100)]
s3:smbd: rename api_RNetServerEnum => api_RNetServerEnum2
metze
(cherry picked from commit
dc58672c6588a1715698721153b35ed2d594bc67)
(cherry picked from commit
8283604f4e2ed6ab6ce9189859884e7db10392aa)
Jeremy Allison [Sat, 6 Feb 2010 00:28:49 +0000 (16:28 -0800)]
Fix bug 7104 - "wide links" and "unix extensions" are incompatible.
Change parameter "wide links" to default to "no".
Ensure "wide links = no" if "unix extensions = yes" on a share.
Fix man pages to refect this.
Remove "within share" checks for a UNIX symlink set - even if
widelinks = no. The server will not follow that link anyway.
Correct DEBUG message in check_reduced_name() to add missing "\n"
so it's really clear when a path is being denied as it's outside
the enclosing share path.
Jeremy.
(cherry picked from commit
44030967049202b766dd865861b1fa8fbaa4d69d)
Björn Jacke [Tue, 9 Feb 2010 08:07:54 +0000 (09:07 +0100)]
s3: fix some wrong newlines in de translation strings
(cherry picked from commit
fb0c03209773059caad8d0aad5899828e5f5e64e)
(cherry picked from commit
a115b05969564b1c9a2cac0986e113f69dd08d2c)
Jeremy Allison [Wed, 3 Feb 2010 00:32:51 +0000 (16:32 -0800)]
Fix bug 7063 - Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps.
Reported and found by Martin Hochreiter <linuxbox@wavenet.at>.
Ensure we copy the right amount of registry data into the outgoing
buffer.
Jeremy.
(cherry picked from commit
110a6f29f0d130753419d5fc5c7b238ab30822ec)
(cherry picked from commit
c940cadd00c4ea87e5988288bf241a46a57b9170)
Bo Yang [Sun, 7 Feb 2010 06:45:42 +0000 (14:45 +0800)]
s3: Fix malformed require_membership_of_sid.
Signed-off-by: Bo Yang <boyang@samba.org>
(cherry picked from commit
913a9f4e420c7a4177e6a7874e8ec2703f447918)
Fix bug #7106.
(cherry picked from commit
d8d96fa8f9500d34fab1c7ffdb287a055cc209bb)
Björn Jacke [Sun, 7 Feb 2010 19:10:57 +0000 (20:10 +0100)]
s3: fix build issue on Tru64
Thanks, Volker for the hint - acl_type is a macro on Tru64. Renamed it
to acltype. This fixes #7103.
(cherry picked from commit
328a6264a7b64dce9378bf9c9c2ab3aeb7d755c7)
(cherry picked from commit
2c6d488537962fdab718aac68cab7f790fe480e5)
Lars Müller [Fri, 5 Feb 2010 16:38:04 +0000 (17:38 +0100)]
s3: normalize "Changing password for" msg IDs and STRs
An additional space at the end of the "Changing password for" msgid lead
to untranslated pam_winnind messages.
(cherry picked from commit
f9f1db18834648da73b7b1f6d9472523941e8277)
Fix bug #7102 (normalize "Changing password for" msg IDs and STRs).
(cherry picked from commit
f6322442f54d49b8bacec2d8fc7960d0b87d674b)
Jeremy Allison [Sun, 31 Jan 2010 03:24:28 +0000 (19:24 -0800)]
Fix bug #7079 - cliconnect gets realm wrong with trusted domains.
Passing NULL as dest_realm for cli_session_setup_spnego() was
always using our own realm (as for a NetBIOS name). Change this
to look for the mapped realm using krb5_get_host_realm() if
the destination machine name is a DNS name (contains a '.').
Could get fancier with DNS name detection (length, etc.) but
this will do for now.
Jeremy.
(cherry picked from commit
1983959f53ddd601d771b670a19eea4204e16f4b)
Stefan Metzmacher [Thu, 4 Feb 2010 13:03:20 +0000 (14:03 +0100)]
s3:libsmb: don't reuse the callers stype variable in cli_NetServerEnum()
When we need to do more than one network operation to get the
browse list we need to use the same 'stype' value each time.
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
c2e4746fa9d68e7601e8e90cc0144d2e65a695b6)
Fix bug #7098 (smbclient -L gives wrong results with a large browse list).
(cherry picked from commit
4de319afb5dd520b0a72fadeabf70d2aafe262d5)
Lars Müller [Wed, 20 Jan 2010 11:41:43 +0000 (12:41 +0100)]
Add cross option to samba_cv_linux_getgrouplist_ok
"cross" as an option got removed accidentl with commit
e5a95132 while
moving in direction of 3.2.
Patch proposed by Richard Sharpe <realrichardsharpe@gmail.com>.
(cherry picked from commit
30ea9932f5ea8a73c84dbab3ae3e997c2ae34e79)
Fix bug #7047.
(cherry picked from commit
4879e70f31e70d357abb3ea4fbb252f3ad4e971f)
Steven Danneman [Sat, 30 Jan 2010 21:29:23 +0000 (13:29 -0800)]
s3/smbd: Fix string buffer overflow causing heap corruption
The destname malloc size was not taking into account the 1 extra byte
needed if a string without a leading '/' was passed in and that slash
was added.
This would cause the '\0' byte to be written past the end of the
malloced destname string and corrupt whatever heap memory was there.
This problem would be hit if a share name was given in smb.conf without
a leading '/' and if it was the exact size of the allocated STRDUP memory
which in some implementations of malloc is a power of 2.
(cherry picked from commit
f42971c520360e69c4cdd64bebb02a5f5ba49b94)
Fix bug #7096.
(cherry picked from commit
db5ccb70b6ac51ea263889cc9cdd523673ae8ecd)
Volker Lendecke [Fri, 29 Jan 2010 17:21:09 +0000 (18:21 +0100)]
tdb: fix an early release of the global lock that can cause data corruption
There was a bug in tdb where the
tdb_brlock(tdb, GLOBAL_LOCK, F_UNLCK, F_SETLKW, 0, 1);
(ending the transaction-"mutex") was done before the
/* remove the recovery marker */
This means that when a transaction is committed there is a window where another
opener of the file sees the transaction marker while the transaction committer
is still fully functional and working on it. This led to transaction being
rolled back by that second opener of the file while transaction_commit() gave
no error to the caller.
This patch moves the F_UNLCK to after the recovery marker was removed, closing
this window.
(cherry picked from commit
531059696e17d1ee538310d81af309c107d08e3e)
Fix bug #7085.
(cherry picked from commit
ad17c1ab08e15ebf1d3d3aac1e874e9602a15e75)
Jeremy Allison [Tue, 2 Feb 2010 02:50:43 +0000 (18:50 -0800)]
Fix bug #7084 - Create time on directories not stored properly in an EA in new create time code.
Remove erroneous optimisation that caused no EA to be set
if calculated btime matched st_ex btime, and calculated DOS
attribute matched existing file attribute.
Jeremy.
(cherry picked from commit
f3ee1516e631274531439e0ab7c384d02aff789c)
(cherry picked from commit
f68ac68676bb7d3594030ebc89f13980fced32c1)
Volker Lendecke [Wed, 3 Feb 2010 06:37:29 +0000 (07:37 +0100)]
s3: Simplify the code a bit: Catch (len==0) early
Part of a fix for bug #7081.
(cherry picked from commit
abcbca12316fadea0db1fa8bc1522789926e8dba)
Jeremy Allison [Wed, 3 Feb 2010 00:43:41 +0000 (16:43 -0800)]
Fix bug 7081 - vfs_expand_msdfs doesn't work correctly (with fix identified)
Fix inspired by idea from Eric Horst <erich@cac.washington.edu>.
Jeremy.
(cherry picked from commit
de24209f0a745ada4220a1751c4ed88ae6eea575)
(cherry picked from commit
6e478ce2483a4376566693d16869d88f0d429951)
olivier [Fri, 29 Jan 2010 11:04:35 +0000 (12:04 +0100)]
s3/vfs_scannedonly: AIX doesn't have MSG_DONTWAIT
(cherry picked from commit
e95e3270d1f3fece7292359d276ce45913a699ac)
Fix bug #7076 (vfs_scannedonly does not compile on AIX which does not have
MSG_DONTWAIT).
(cherry picked from commit
da2297fe67808a78ca69ed7c37372598192779ca)
Jeremy Allison [Thu, 28 Jan 2010 18:38:24 +0000 (10:38 -0800)]
Fix bug #7069 - smbget does not return an error status after some errors
A combination patch from Johannes Poehlmann <johannes@lst.de> and
Jeremy. Fix the return codes from smb_download_file() and smb_download_dir().
Jeremy.
(cherry picked from commit
f387ed88e8b5b32eb121724d99d73d8ce55e745e)
(cherry picked from commit
23408bb31b0ca690a5e7a3dffa798075cab265ad)
Jeremy Allison [Thu, 28 Jan 2010 00:55:47 +0000 (16:55 -0800)]
Fix bug #7072 - Accounts can't be unlocked from ldap.
Fix suggested by Andy Hanton <andyhanton@gmail.com>. The LOGIN_CACHE
struct contains two time_t entries, but was being written to and
read from via tdb_pack/tdb_unpack functions using explicit 32-bit int specifiers.
This would break on machines with a 64-bit time_t. Use correct int
sizes for tdb_pack/tdb_unpack.
We have to fix this properly before 2037 :-).
Contains fixes from master
627fb85092f728065b6d772c41aeb75018154e86
and
69fd8461b8792f4fee1b61db03953044565492c6.
Jeremy.
(cherry picked from commit
0c3c061abb55742da4d7e97e3c4b348ba78a3698)
Jeremy Allison [Wed, 27 Jan 2010 00:51:57 +0000 (16:51 -0800)]
Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to respond to a read or write.
Only works on Linux kernels 2.6.26 and above. Grants CAP_KILL capability
to allow Linux threads under different euids to send signals to each other.
Jeremy.
(cherry picked from commit
899bd0005f56dcc1e95c3988d41ab3f628bb15db)
(cherry picked from commit
b30792299e8fc2057c4e825c2f9457a54096852a)
Karolin Seeger [Thu, 28 Jan 2010 14:10:54 +0000 (15:10 +0100)]
s3/winbind_ccache: Fix typo in debug message.
Karolin
(cherry picked from commit
139634563824a92c98091786e17b82d480df4a8a)
(cherry picked from commit
c994cd476073573a2bd2c9525ce199822e655a46)
Lars Müller [Tue, 26 Jan 2010 21:54:15 +0000 (22:54 +0100)]
Add dependency of bin/smbfilter to libwbclient.
(cherry picked from commit
2dd301e5cd6ff97943c4bf9c7cd9b820d6193b45)
Fix bug #7071 (Missing dependency of smbfilter to libwbclient).
(cherry picked from commit
ec4bd3b7728a2d3db2116b4260120a3346478e2a)
Karolin Seeger [Tue, 26 Jan 2010 18:37:12 +0000 (19:37 +0100)]
VERSION: Raise version number up to 3.5.0.
Karolin
(cherry picked from commit
06dfc7f2d63491b80497813c70311fefcdf2ec49)
Karolin Seeger [Tue, 26 Jan 2010 13:58:45 +0000 (14:58 +0100)]
WHATSNEW: Update changes.
Karolin
(cherry picked from commit
048adb50d83a3928820e6607451d582696cd7cc7)
Karolin Seeger [Tue, 26 Jan 2010 13:19:31 +0000 (14:19 +0100)]
s3-docs: Fix version in man ldbrename.
Karolin
(cherry picked from commit
77bb3f2a5596c84e99b9006d2a31a752c68ab34a)
Volker Lendecke [Tue, 26 Jan 2010 09:51:32 +0000 (10:51 +0100)]
s3: Enable use of ccache by default for libsmbclient
Disable this by setting the environment variable LIBSMBCLIENT_NO_CCACHE, which
has the advantage over an smb.conf option to be easily settable per
application.
(cherry picked from commit
0e8552abc1b48e62aaac3cab7c13c8dea60c9f9b)
Volker Lendecke [Sun, 24 Jan 2010 18:24:10 +0000 (19:24 +0100)]
s3-libsmbclient: Add smbc_setOptionUseCCache()
Can we enable this by default? This would be a change in behaviour, but this
feature is just too cool for everyone to catch up in the apps.
The patch would be
(cherry picked from commit
9698c214624678125551f2d65b95deb29ea72b64)
Volker Lendecke [Sun, 24 Jan 2010 17:50:48 +0000 (18:50 +0100)]
s3: Add --use-ccache to net
(cherry picked from commit
af32a49c7d8803f597e184f1361e795f179b809f)
Volker Lendecke [Sun, 24 Jan 2010 17:50:31 +0000 (18:50 +0100)]
s3: add libnetapi_set_use_ccache()
(cherry picked from commit
b99ab82ebab598b45eb6729498c9e67b195e698d)
Volker Lendecke [Sun, 24 Jan 2010 17:51:58 +0000 (18:51 +0100)]
s3: Fix a bug in net's use of popt
In order to add --use-ccache to net, I added another "bool opt_ccache;" to
struct net_context. popt did not like this, it took a while to figure out why.
Popt has the lines
/* XXX Check alignment, may fail on funky platforms. */
if (arg == NULL || (((unsigned long)arg) & (sizeof(*arg)-1)))
return POPT_ERROR_NULLARG;
The "bool opt_ccache;" was not aligned anymore...
(cherry picked from commit
340277382518c62e23faae4af69a9c5c32b96af2)
Volker Lendecke [Sun, 24 Jan 2010 16:35:04 +0000 (17:35 +0100)]
s3: Enable -C in rpcclient
(cherry picked from commit
2aca69ef0df02e655125d9db31e1f0144d21a144)
Volker Lendecke [Sun, 24 Jan 2010 16:34:13 +0000 (17:34 +0100)]
s3: Add CLI_FULL_CONNECTION_USE_CCACHE
(cherry picked from commit
36854ea0aa260dfe23f77825e942f5b3905d396d)
Volker Lendecke [Sun, 24 Jan 2010 16:08:56 +0000 (17:08 +0100)]
s3: Use -C in smbclient
$ bin/wbinfo --ccache-save=w2k3ad\\vl%Password
saving creds succeeded
$ bin/smbclient //192.168.42.160/tmp -Uvl -N -C -W w2k3ad
OS=[Windows Server 2003 R2 3790 Service Pack 2] Server=[Windows Server 2003 R2 5.2]
smb: \>
$ bin/wbinfo --ccache-save=w2k3ad\\vl%WrongPassword
saving creds succeeded
$ bin/smbclient //192.168.42.160/tmp -Uvl -N -C -W w2k3ad
Anonymous login successful
Domain=[W2K3AD] OS=[Windows Server 2003 R2 3790 Service Pack 2] Server=[Windows Server 2003 R2 5.2]
tree connect failed: NT_STATUS_ACCESS_DENIED
$
(cherry picked from commit
5e91f9eb10404a1df470fd87fc8c1cae5ea7b70c)
Volker Lendecke [Sun, 24 Jan 2010 16:07:24 +0000 (17:07 +0100)]
s3: Add -C (--use-ccache) to popt_common_credentials
(cherry picked from commit
58ebc50663a299e16684aa24cfae95954d5a14f0)
Volker Lendecke [Sun, 24 Jan 2010 15:50:46 +0000 (16:50 +0100)]
s3: Add ccache use to cli_session_setup_ntlmssp
(cherry picked from commit
e06abe412f78b58f36998037637d1b3478fdc477)
Volker Lendecke [Sun, 24 Jan 2010 15:47:24 +0000 (16:47 +0100)]
s3: Add NTLMSSP_FEATURE_CCACHE
Uses the winbind ccache to do authentication if asked to do so
(cherry picked from commit
8e96e1f49867d1260aa291b688fbb58e01ef2009)
Volker Lendecke [Sun, 24 Jan 2010 15:44:15 +0000 (16:44 +0100)]
libwbclient: Actually implement wbcCredentialCache()
(cherry picked from commit
7ab798d141bf715808fa0941f19422069e65fa0e)
Volker Lendecke [Sun, 24 Jan 2010 15:41:30 +0000 (16:41 +0100)]
s3: Add the session key to the ccache_ntlm_auth response
(cherry picked from commit
99f6f322ae5aa13596c5b0f1a6e600b6fec48896)
Volker Lendecke [Sat, 9 Jan 2010 19:20:36 +0000 (20:20 +0100)]
s3: Add wbinfo --ccache-save
With this command you can give winbind your password for later use by
the automatic ntlm_auth
(cherry picked from commit
1ae7b074113497342f0b85223df270bdee0b07a0)
Karolin Seeger [Mon, 25 Jan 2010 18:54:24 +0000 (19:54 +0100)]
lib/popt: Fix typo in README.
Karolin
(cherry picked from commit
463aa06442f1d6c7088c5d47f003b82e4293b70d)
(cherry picked from commit
007dbc57a954e3eea6db191b34f3be9ab3c4a9b6)
Karolin Seeger [Mon, 25 Jan 2010 18:53:42 +0000 (19:53 +0100)]
s3/docs: Fix typo.
Karolin
(cherry picked from commit
a3420bf7a52c3d9fa6cba75aa88d1f4087c0e3aa)
(cherry picked from commit
7e4dd20a6bb7ae44f2137ca9f914e09a15f00110)
Karolin Seeger [Mon, 25 Jan 2010 11:51:41 +0000 (12:51 +0100)]
WHATSNEW: Update changes.
Karolin
(cherry picked from commit
05850542df7c9c6e15bbc609df59c7177d3ab996)
Michael Adam [Thu, 14 Jan 2010 13:24:35 +0000 (14:24 +0100)]
s3:auth: fix account unlock regression introduced with fix for bug #4347
By an oversight, the patchset for #4347 made the unlocking of a locked
account after the lockout duration ineffective.
Thanks to Björn for finding this!
Michael
(cherry picked from commit
5eb9b66de0fd0adc59339a944f02f5fe25868568)
Michael Adam [Wed, 6 Jan 2010 16:29:04 +0000 (17:29 +0100)]
s3:auth: don't update the bad pw count if pw is among last 2 history entries
This conforms to the behaviour of Windows 2003:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx
This is supposed to fixes Bug #4347 .
Michael
(cherry picked from commit
fcadc524779a50ee379fb4feb02448944dc174dc)
Michael Adam [Wed, 6 Jan 2010 15:35:44 +0000 (16:35 +0100)]
s3:auth:check_sam_security: introduce a bool var to control pad_pw_count incrementation
This is a preparatory patch for the last part in fixing bug #4347 .
Michael
(cherry picked from commit
0d6ad513e27e83b6a460954f3120395f13f65088)
Michael Adam [Tue, 5 Jan 2010 17:28:48 +0000 (18:28 +0100)]
s3:passdb: store the plain nt passwords hashes in history, not salted md5
This is in order to be able to do challenge response with the history,
so that this can be checked when an invalid password was entered:
If the given password is wrong but in the history, then the bad password
count should not be updated...
The "lucky" bit here is that the md5 has and the nt hash (md4) both are
16 bytes long.
This is part of the fix for bug #4347 .
Michael
(cherry picked from commit
d909861c64cf874b1625039b0e1eace507a29b28)
Michael Adam [Tue, 5 Jan 2010 15:58:30 +0000 (16:58 +0100)]
s3:smbd:password_in_history: treat entry with 0 salt as 0 + plain nt hash
This is to introduce a new format of the password history, maintaining backwards
compatibility: The old format was 16 byte hash + 16 byte md5(salt + nt hash).
The new format is 16 zero bytes and 16 bytes nt hash.
This will allow us to respect the last X entries of the nt password history
when deciding whether to increment the bad password count.
This is part of the fix for bug #4347 .
Michael
(cherry picked from commit
f260d6a48dce32208424aa9bfbf2b1e293e48045)
Michael Adam [Wed, 6 Jan 2010 12:53:10 +0000 (13:53 +0100)]
s3:auth:check_sam_security: improve calling and logging of pdb_update_sam_account
Log what went wrongl, and also call pdb_update_sam_account inside
become_root/unbecome_root: do the logging outside.
Michael
(cherry picked from commit
640dfa851a296a403e218096444b203da13ebf10)
Michael Adam [Wed, 6 Jan 2010 12:40:58 +0000 (13:40 +0100)]
s3:auth:check_sam_security: fix a leading tab/ws mixup
Michael
(cherry picked from commit
093607e082657ebbf2b49dd5d615c5e6f14c8dcb)
Michael Adam [Wed, 6 Jan 2010 11:36:56 +0000 (12:36 +0100)]
s3:auth:check_sam_security: create (and use) a common exit point
for use after sam_password_ok() has been called.
Michael
(cherry picked from commit
10a847fe9d03d1fe62aa96fee251e10bea1da463)
Michael Adam [Wed, 6 Jan 2010 11:32:51 +0000 (12:32 +0100)]
s3:auth:check_sam_security: null out sampass after it has been stolen.
So that a later talloc_free would not harm. I could have used
talloc_move instead of talloc steal in make_server_info_sam(),
but this would have required a change of the signature.
Michael
(cherry picked from commit
1bb4a2ca3a1e11b395b3b819e468ecac67e16d64)
Michael Adam [Mon, 4 Jan 2010 17:15:24 +0000 (18:15 +0100)]
s3:auth:sam_password_ok: take username, acct_ctrl and nt/lm hashes, not sampass
This is in preparation to extending check_sam_security to also check
against the password history before updating the bad password count.
This way, sam_password_ok can more easily be reused for that purpose.
Michael
(cherry picked from commit
2925209acc8bcda487fa8f05365ea8fedb232218)
Michael Adam [Mon, 4 Jan 2010 14:37:24 +0000 (15:37 +0100)]
s3:auth: use data_blob_null instead of data_blob(NULL, 0) in sam_password_ok()
This way it is more explicit that there is no allocated data here
that may leak.
Michael
(cherry picked from commit
c9e05e11b152401d63ae9b8b40c717d0bd3d0646)
Michael Adam [Wed, 30 Dec 2009 14:37:23 +0000 (15:37 +0100)]
s3:auth:sam_password_ok: fix allocation of a data blob.
data_blob(mem_ctx, 16) does not use mem_ctx as a talloc ctx but
copies 16 bytes from mem_ctx into the newly allocated data blob.
This can not have been intentional. A blank uint8_t array of
length 16 is allocated by passing NULL instead of mem_ctx.
And using data_blob_talloc(mem_ctx, NULL, 16) adds the allocated
blank 16 byte array to mem_ctx - so this is what must have been
intended.
Michael
(cherry picked from commit
c3bd0b5951f09f102abaa19fb2e1f55711b975d2)
Michael Adam [Wed, 30 Dec 2009 14:35:50 +0000 (15:35 +0100)]
s3:auth:sam_password_ok: enhance readability (imho) by adding some pointers
and removing bool variables and several checks.
Michael
(cherry picked from commit
761a8b8fa5b5d05d5802fecf07229de40d33c558)
Michael Adam [Wed, 30 Dec 2009 11:46:22 +0000 (12:46 +0100)]
s3:check_sam_security: untangle assignment from statement
Michael
(cherry picked from commit
232602ee2914851b0af851aa5dada3bf1c99dcff)
Volker Lendecke [Mon, 14 Dec 2009 19:54:33 +0000 (20:54 +0100)]
s3: Factor password_in_history() out of check_passwd_history()
(cherry picked from commit
a92102cf3044ad3be49d6f746ed3f95c49d30412)
Volker Lendecke [Mon, 14 Dec 2009 18:29:36 +0000 (19:29 +0100)]
Simplify E_md5hash a bit
(cherry picked from commit
7e430f3093c5bc06d8ca1186f982fe51af8c5637)
Volker Lendecke [Mon, 14 Dec 2009 18:18:09 +0000 (19:18 +0100)]
s3: Simplify pdb_set_plaintext_passwd: pwhistory==NULL can not happen anymore
(cherry picked from commit
2042f4937db80939ca3d70816d864b4d762d46fb)
Volker Lendecke [Mon, 14 Dec 2009 18:16:58 +0000 (19:16 +0100)]
s3: Simplify pdb_set_plaintext_passwd: pwHistLen==0 was checked above
(cherry picked from commit
bfa814be469e5a7c22e45ff8261de749e51414b2)
Volker Lendecke [Mon, 14 Dec 2009 18:12:50 +0000 (19:12 +0100)]
s3: Add a paranoia check to pdb_set_plaintext_passwd()
(cherry picked from commit
58b2f41c14e590724e2cb45f23ff7e75d5d2e7ab)
Volker Lendecke [Mon, 14 Dec 2009 17:50:38 +0000 (18:50 +0100)]
s3: Simplify pdb_set_plaintext_passwd() by removing a redundant condition
if (current_history_len != pwHistLen) {
if (current_history_len < pwHistLen) {
}
}
The second "if" is a bit pointless here
(cherry picked from commit
76a9af7cac4a6d6ba00d81a946db094ecfd43817)
Volker Lendecke [Mon, 14 Dec 2009 17:44:38 +0000 (18:44 +0100)]
s3: Simplify pdb_set_plaintext_passwd: memcpy deals fine with 0 bytes
(cherry picked from commit
8a4463c61292872e9a294a6b026ec6d65d2219b8)
Volker Lendecke [Mon, 14 Dec 2009 17:43:03 +0000 (18:43 +0100)]
s3: Simplify pdb_set_plaintext_passwd by using talloc_zero_array
(cherry picked from commit
501dd6fe17e72d8e487a622c0e66cb5938e66731)
Volker Lendecke [Mon, 14 Dec 2009 17:39:19 +0000 (18:39 +0100)]
s3: Make use of talloc_array in pdb_set_plaintext_passwd()
(cherry picked from commit
a5a477648f301b9c435609b0c6f4d76d4229b9ae)
Volker Lendecke [Mon, 14 Dec 2009 17:24:04 +0000 (18:24 +0100)]
s3: Simplify pdb_set_plaintext_passwd() a bit
Remove an indentation by the early return in
+ if (pwHistLen == 0) {
+ /* Set the history length to zero. */
+ pdb_set_pw_history(sampass, NULL, 0, PDB_CHANGED);
+ return true;
+ }
(cherry picked from commit
7097be60809252c6faf0388d0019384f01a7ff42)