Jeremy Allison [Tue, 26 Mar 2013 23:55:03 +0000 (16:55 -0700)]
Fix bug #9130 - Certain xattrs cause Windows error 0x800700FF
Ensure we never return any zero-length EA's.
Signed-off-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Tue, 26 Mar 2013 23:53:45 +0000 (16:53 -0700)]
Change estimate_ea_size() to correctly estimate the EA size over SMB2.
Signed-off-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Tue, 26 Mar 2013 23:50:13 +0000 (16:50 -0700)]
Modify fill_ea_chained_buffer() to be able to do size calculation only, no marshalling.
Signed-off-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 18 Mar 2013 08:36:17 +0000 (09:36 +0100)]
wkssvc: Fix bug 9727, NULL pointer dereference
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Mar 18 11:39:27 CET 2013 on sn-devel-104
(cherry picked from commit
05a7a10c88be99d864eacd6f9d37a340022f01f6)
David Disseldorp [Fri, 15 Mar 2013 15:54:06 +0000 (16:54 +0100)]
printing: update registry and publish in background
Currently all smbd processes unnecessarily access each printer registry
TDB entry following printcap cache reload.
This change moves responsibility for this to the background print queue
process.
This and the last four commits address bug 9650: New or delete cups
printerqueues are not recognized by the samba.
David Disseldorp [Fri, 15 Feb 2013 11:17:53 +0000 (12:17 +0100)]
spoolss: only reload printers on pcap update message
Printcap cache updates are the responsibility of the background
printing process, which after doing so broadcasts a MSG_PRINTER_PCAP
message. Spoolssd should only reload printers after receiving such a
message.
David Disseldorp [Thu, 14 Feb 2013 16:02:08 +0000 (17:02 +0100)]
printing: add sighup and conf change handlers
The background printing process is now responsible for all printcap
cache updates, which should be done on SIGHUP and configuration change.
David Disseldorp [Thu, 14 Feb 2013 13:42:21 +0000 (14:42 +0100)]
printing: move pcap change notifier to bg process
The background print queue process is responsible for printcap cache
updates, and should be the only process to send notifications.
David Disseldorp [Tue, 12 Feb 2013 17:57:53 +0000 (18:57 +0100)]
smbd: fix cups printcap cache updates on startup
On startup the parent smbd process currently calls pcap_cache_reload(),
which is done immediately before the background queue process is forked.
pcap_cache_reload() is asynchronous with cups, in that it forks a
separate process to obtain the printer listing. The cache_fd_event
print_cups.c global variable is used to track when a cups printer
listing is in progress.
cache_fd_event is set when the background queue process is forked, due
to smbd's pcap_cache_reload() call immediately prior. As a result, the
background queue process assumes an existing pcap_cache_reload() call is
indefinitely outstanding, causing the printcap cache to remain stale
thereafter.
Jeremy Allison [Thu, 28 Mar 2013 16:36:41 +0000 (09:36 -0700)]
Make sure that we only propogate the INHERITED flag when we are allowed to.
Signed-off-by: Jeremy Allison <jra@samba.org>
Fix bug #9747 - When creating a directory Samba allows inherited bit to slip
through.
Andreas Schneider [Thu, 14 Mar 2013 06:29:20 +0000 (07:29 +0100)]
torture: Add ntprinting latin1 test.
Reviewed-by: Günther Deschner <gd@samba.org>
The last 7 patches address bug #9723 - Add a tool to migrate latin1 printing
tdb's to registry.
Andreas Schneider [Tue, 12 Mar 2013 17:42:02 +0000 (18:42 +0100)]
s3-net: Add encoding=<CP> to 'net printing dump'.
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Tue, 12 Mar 2013 10:39:08 +0000 (11:39 +0100)]
s3-net: Add encoding=<CP> to 'net printing migrate'.
This allows you to convert printing tdb's which are in e.g. in latin1 to
convert to UTF-8 and import them into the registry.
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Tue, 12 Mar 2013 14:17:54 +0000 (15:17 +0100)]
ndr: Pass down string_flags in ndr_pull_ntprinting_printer().
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Mon, 11 Mar 2013 14:47:00 +0000 (15:47 +0100)]
idl: Add flags for strings in ntprinting idl.
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Mon, 11 Mar 2013 14:45:15 +0000 (15:45 +0100)]
ndr: Add ndr_ntprinting_string_flags() function.
It defaults to utf8string.
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Tue, 12 Mar 2013 10:36:38 +0000 (11:36 +0100)]
pidl: Add skip option to elements.
This option allows to skip struct elements in pull and push function.
This can be used to pass flags to the structure e.g. for string values.
Reviewed-by: Günther Deschner <gd@samba.org>
Jeremy Allison [Fri, 15 Mar 2013 22:13:24 +0000 (15:13 -0700)]
Fix bug #9724 - is_encrypted_packet() function incorrectly used inside server.
The is_encrypted_packet() function should only be used on the raw received data
to determine if a packet came in encrypted. Once we're inside the SMB1
processing code in smbd/reply.c we should be looking at the
smb1request->encrypted field to determine if a packet was really encrypted or
not.
Signed-off-by: Jeremy Allison <jra@samba.org>
Karolin Seeger [Wed, 20 Mar 2013 08:55:41 +0000 (09:55 +0100)]
WHATSNEW: Start release notes for Samba 3.6.14.
Karolin
Karolin Seeger [Wed, 20 Mar 2013 08:52:47 +0000 (09:52 +0100)]
VERSION: Bump version number up to 3.6.14.
Karolin
Karolin Seeger [Mon, 18 Mar 2013 08:58:45 +0000 (09:58 +0100)]
WHATSNEW: Prepare release notes for Samba 3.6.13.
Karolin
Guenter Kukkukk [Sat, 9 Mar 2013 03:45:15 +0000 (04:45 +0100)]
vfs_catia: new version of the manual page for samba-3.6.x
well, i was not aware of the change
./docs-xml/manpages-3/
./docs-xml/manpages/
in samba-4.0.x
Signed-off-by: Guenter Kukkukk <kukks@samba.org>
The last 4 patches address bug #9701 - vfs_catia is not working anymore (due to
a former regression).
Guenter Kukkukk [Thu, 28 Feb 2013 23:58:05 +0000 (00:58 +0100)]
vfs_catia: add my copyright
Signed-off-by: Guenter Kukkukk <kukks@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Guenter Kukkukk [Wed, 27 Feb 2013 04:50:52 +0000 (05:50 +0100)]
vfs_catia: fix the translation to "vfs_translate_to_windows"
THANKS to an IRC user (Raimund ?) who asked for a char mapping possibility.
I suggested vfs_catia - but it did not work!
Hopefully now it will. :-)
Signed-off-by: Guenter Kukkukk <kukks@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Guenter Kukkukk [Wed, 27 Feb 2013 04:34:05 +0000 (05:34 +0100)]
vfs_catia: add debug class for that module
Signed-off-by: Guenter Kukkukk <kukks@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Karolin Seeger [Wed, 6 Mar 2013 11:11:53 +0000 (12:11 +0100)]
selftest: Skip tests failing on ext4 fs.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Jeremy Allison [Wed, 6 Mar 2013 00:23:06 +0000 (16:23 -0800)]
Fix bug #9637 - Renaming directories as guest user in security share mode doesn't work.
Ensure guest is treated consistently when creating a auth_serversupplied_info struct.
Signed-off-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Wed, 20 Feb 2013 08:51:43 +0000 (09:51 +0100)]
winbind: Don't leak centry memory. Reviewed-by: Alexander Bokovoy <ab@samba.org>
The last two patches address bug #9684 - Fix two resource leaks in winbindd.
Andreas Schneider [Wed, 20 Feb 2013 08:41:55 +0000 (09:41 +0100)]
winbind: Don't leak memory on return. Reviewed-by: Alexander Bokovoy <ab@samba.org>
Daniel Kobras [Sat, 23 Feb 2013 00:24:26 +0000 (16:24 -0800)]
Fix bug #9039 'map untrusted to domain' treats WORKSTATION as bogus domain.
s3: never try to map global SAM name
Do not treat the global SAM name as a BOGUS domain, and exempt
local users from mapping, instead. This change reinstates the
exact mapping behaviour of Samba 3.2 if parameter 'map untrusted
to domain' is set.
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Andreas Schneider [Tue, 19 Feb 2013 08:23:53 +0000 (09:23 +0100)]
pdb: Fix array overrun by one. Reviewed-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Fix bug #9686 - Fix a possible buffer overrun in pdb_smbpasswd.
Björn Jacke [Wed, 20 Feb 2013 16:06:49 +0000 (17:06 +0100)]
build/autoconf: put ld check variable in quotes
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
ac9620b942d6d51a1c35c4177c3f241351fc1ebd)
The last 2 patches address bug #7825 (need to fix GNU ld version detection with
old gcc releases).
Björn Jacke [Tue, 19 Feb 2013 14:30:34 +0000 (15:30 +0100)]
build/autoconf: fix check for GNU ld version
we need to look for the version once in the stdout and once in the stderr
output. Some version of ld output to stdout, some output to stderr. redirecting
stderr to stdout messes the output up in our case, that's why we have to do two
runs. See also bug #7825.
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Tue Feb 19 20:56:12 CET 2013 on sn-devel-104
(cherry picked from commit
ff8ba0628f6f13a5be1df94e5ac2e83008b7c69c)
David Disseldorp [Tue, 12 Feb 2013 10:58:06 +0000 (11:58 +0100)]
smbd: fix initial large PAC sess setup response
An oversize Kerberos security token may be split across multiple Session
Setup AndX requests when authenticating as a user who is a member of
many (~2000) groups.
In such a case the NativeOS, NativeLanMan & PrimaryDomain fields must be
sent with the NT_STATUS_MORE_PROCESSING_REQUIRED response. Otherwise
Windows clients may resend the same security token data in subsequent
session setup andX requests, as observed with Windows 7 and Server 2012.
This change fixes the SMB1 server only.
Fix bug #9658 - Session Setup AndX exchange fails with an oversize security
token.
Jeremy Allison [Tue, 12 Feb 2013 18:48:09 +0000 (10:48 -0800)]
Fix bug 9519 - Samba returns unexpected error on SMB posix open.
Explicitly ignore bare O_EXCL flags instead of returning INVALID_PARAMETER.
That's what the Linux kernel does.
Signed-off-by: Jeremy Allison <jra@samba.org>
Ira Cooper [Fri, 8 Feb 2013 22:47:57 +0000 (14:47 -0800)]
s3: Make SMB2_GETINFO multi-volume aware.
Not all shares are a single volume. Some actually
expose multiple volumes under a single share. In these
cases showing the amount of space free as the space free
at the base of the directory heirarchy is wrong.
Reviewed-by: Jeremy Allison <jra@samba.org>
Fix bug #9646 - dir and similar commands are returning the wrong amount of free
space.
David Disseldorp [Mon, 4 Feb 2013 18:04:39 +0000 (19:04 +0100)]
Fix bug 9633: recursive mget should continue on EPERM
Regression introduced by
14ff2e8de9bd8d0064762234555260f5eea643fe.
When downloading files recursively, smbclient halts if it encounters
a folder to which it does not have permission to traverse.
Stefan Metzmacher [Thu, 31 Jan 2013 12:39:42 +0000 (13:39 +0100)]
s3:auth: wbcAuthenticateEx gives unix times (bug #9625)
We also need to convert last_logon, last_logoff and acct_expiry
from unix time to nt time.
Otherwise a windows member server will reject clients
using CAP_DYNAMIC_REAUTH or smb2) with STATUS_NETWORK_SESSION_EXPIRED,
if the logoff and kickoff time is expired.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Karolin Seeger [Wed, 30 Jan 2013 10:42:53 +0000 (11:42 +0100)]
WHATSNEW: Start release notes for Samba 3.6.13.
Karolin
Karolin Seeger [Wed, 30 Jan 2013 10:42:18 +0000 (11:42 +0100)]
VERSION: Bump version number up to 3.6.13.
Karolin
Kai Blin [Mon, 28 Jan 2013 20:41:07 +0000 (21:41 +0100)]
swat: Use additional nonce on XSRF protection
If the user had a weak password on the root account of a machine running
SWAT, there still was a chance of being targetted by an XSRF on a
malicious web site targetting the SWAT setup.
Use a random nonce stored in secrets.tdb to close this possible attack
window. Thanks to Jann Horn for reporting this issue.
Signed-off-by: Kai Blin <kai@samba.org>
Fix bug #9577: CVE-2013-0214: Potential XSRF in SWAT.
(cherry picked from commit
91f4275873ebeda8f57684f09df67162ae80515a)
Kai Blin [Fri, 18 Jan 2013 22:11:07 +0000 (23:11 +0100)]
swat: Use X-Frame-Options header to avoid clickjacking
Jann Horn reported a potential clickjacking vulnerability in SWAT where
the SWAT page could be embedded into an attacker's page using a frame or
iframe and then used to trick the user to change Samba settings.
Avoid this by telling the browser to refuse the frame embedding via the
X-Frame-Options: DENY header.
Signed-off-by: Kai Blin <kai@samba.org>
Fix bug #9576 - CVE-2013-0213: Clickjacking issue in SWAT.
(cherry picked from commit
71225948a249f079120282740fcc39fd6faa880e)
Karolin Seeger [Tue, 29 Jan 2013 08:45:06 +0000 (09:45 +0100)]
WHATSNEW: Prepare release notes for Samba 3.6.12.
This is a Security Release in order to address
CVE-2013-0213 (Clickjacking issue in SWAT) and
CVE-2013-0214 (Potential XSRF in SWAT).
Karolin
(cherry picked from commit
184d5ab26a553ca7ef3f529e90e4dd8c9aded75d)
Jeremy Allison [Tue, 29 Jan 2013 00:01:27 +0000 (16:01 -0800)]
Fix bug #9585 - Samba 3.6.x not correctly signing any but the last response in a compound request/response
Add in the missing code we already have in master
and 4.0.x.
Signed-off-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Wed, 23 Jan 2013 22:39:09 +0000 (14:39 -0800)]
Fix bug #9586 - smbd[29175]: disk_free: sys_popen() failed" message logged in /var/log/message many times.
Ensure when reading lines from an interruptible
pipe source we ignore EINTR.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jan 24 10:45:48 CET 2013 on sn-devel-104
(cherry picked from commit
497febfe36354c4aff3696cd32c6c7e8fee55af8)
Pavel Shilovsky [Wed, 16 Jan 2013 11:02:26 +0000 (15:02 +0400)]
Fix bug #9571 - Unlink after open causes smbd to panic.
s3:smbd: fix wrong lock order in posix unlink
Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Fri, 25 Jan 2013 18:21:48 +0000 (10:21 -0800)]
Fix bug #9588 - ACLs are not inherited to directories for DFS shares.
We can return with NT_STATUS_OK in an error code path. This
has a really strange effect in that it prevents the ACL editor
in Windows XP from recursively changing ACE entries on sub-directories
after a change in a DFS-root share (we end up returning a path
that looks like: \\IPV4\share1\xptest/testdir with a mixture
of Windows and POSIX pathname separators).
Signed-off-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Thu, 24 Jan 2013 19:02:30 +0000 (11:02 -0800)]
Fix bug #9587 - archive flag is always set on directories.
Creating a directory to a Samba share sets the attributes to 'D' only
(correct) - only when creating a new file should the 'A' attribute
be set.
However, doing a rename of that directory sets the 'A' attribute in error.
This should only be done on a file rename. smbclient regression test to follow.
Signed-off-by: Jeremy Allison <jra@samba.org>
Günther Deschner [Thu, 17 Jan 2013 23:22:31 +0000 (00:22 +0100)]
BUG 9474: Downgrade v4 printer driver requests to v3.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 21 16:11:02 CET 2013 on sn-devel-104
(cherry picked from commit
58fadf2f48a2a409b4ee98fdc0166c7f801a7629)
Günther Deschner [Mon, 7 Jan 2013 14:14:30 +0000 (15:14 +0100)]
spoolss: add SPOOLSS_DRIVER_VERSION_2012 (4) define to IDL.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
638ed90620e3c6a35ef56a11c612c13d6b7d6ff5)
David Disseldorp [Thu, 17 Jan 2013 12:21:25 +0000 (13:21 +0100)]
BUG 9378: Add extra attributes for AD printer publishing.
Currently attempting to publish a printer in AD fails with "Object class
violation", due to a number of missing attributes in the LDAP request.
Reviewed-by: Andreas Schneider <asn@samba.org>
David Disseldorp [Fri, 18 Jan 2013 10:48:20 +0000 (11:48 +0100)]
printing: Remove invalid free from error path.
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Fri, 18 Jan 2013 17:04:17 +0000 (18:04 +0100)]
BUG 9574: Fix a possible null pointer dereference in spoolss.
If the the client enumerates the printers and didn't specify a
servername we have a null pointer dereference, so the process serving
the connection crashes.
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Jan 21 13:30:11 CET 2013 on sn-devel-104
(cherry picked from commit
c38fb0b106b62e42a5b75b1c78386bb8912c7d7e)
Andreas Schneider [Mon, 17 Dec 2012 14:31:21 +0000 (15:31 +0100)]
s3-rpc_server: Fix a possible null pointer dereference.
This variable can be set to NULL in an earlier function call.
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
72e02c73b64f1ff56b2d53ec63d68486a4f1ff90)
Volker Lendecke [Fri, 11 Jan 2013 09:36:04 +0000 (10:36 +0100)]
samr: Make use of posix_openpt
The last 2 patches address bug #9541 - Add support for posix_openpt.
Volker Lendecke [Fri, 11 Jan 2013 09:31:42 +0000 (10:31 +0100)]
samr: Split up an assignment from an if condition
Björn Baumbach [Mon, 15 Oct 2012 15:17:29 +0000 (17:17 +0200)]
docs-xml: add dbwrap_tool.1 manual page (fix bug #9568)
Based on commit
8d6104f02d9ab879efe7867fec53cbe5cc408ded.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Karolin Seeger [Mon, 21 Jan 2013 09:09:38 +0000 (10:09 +0100)]
WHATSNEW: Start release notes for Samba 3.6.12.
Karolin
Karolin Seeger [Mon, 21 Jan 2013 09:06:31 +0000 (10:06 +0100)]
VERSION: Bump version number up to 3.6.12.
Karolin
Karolin Seeger [Fri, 18 Jan 2013 10:23:51 +0000 (11:23 +0100)]
WHATSNEW: Prepare release notes for 3.6.11.
Karolin
Björn Baumbach [Tue, 4 Dec 2012 09:54:05 +0000 (10:54 +0100)]
ntlm_auth(1): fix format and make examples visible (bug #9569)
"<example>" is no child of "<para>". So these examples were not visible.
Using a varlist instead may be not the best way but it does look nice.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
cabc89a1e72fc95300d4b6f8d480a7d666221b8b)
Volker Lendecke [Mon, 7 Jan 2013 10:06:15 +0000 (11:06 +0100)]
configure: Fix bug 9546, aio_suspend detection on FreeBSD
NULL is not defined without some includes
Jeremy Allison [Mon, 14 Jan 2013 23:22:11 +0000 (15:22 -0800)]
tevent: Fix bug 9550 - sigprocmask does not work on FreeBSD to stop further signals in a signal handler
Mask off signals the correct way from the signal handler.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan 15 12:13:43 CET 2013 on sn-devel-104
Jeremy Allison [Mon, 14 Jan 2013 23:21:52 +0000 (15:21 -0800)]
lib/replace: Include sys/ucontext.h if available.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Jeremy Allison [Tue, 15 Jan 2013 18:16:27 +0000 (10:16 -0800)]
lib/replace: Add ucontext configure autoconf checks.
Signed-off-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Mon, 14 Jan 2013 23:06:12 +0000 (15:06 -0800)]
lib/replace: Add missing check for sys/wait.h
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Sat, 12 Jan 2013 15:08:07 +0000 (16:08 +0100)]
Fix bug 9548: Correctly detect O_DIRECT
Jeremy Allison [Fri, 14 Dec 2012 16:56:52 +0000 (08:56 -0800)]
Fix bug #9196 - defer_open is triggered multiple times on the same request.
get_deferred_open_message_state_smb2() is buggy in that it is checking
the wrong things to determine if an open is in the deferred state.
It checks if (smb2req->async == NULL) which is incorrect,
as we're not always async in a deferred open - remove this.
It should check instead state->open_was_deferred as this
is explicity set to 'true' when an open is going deferred,
so add this check.
Signed-off-by: Jeremy Allison <jra@samba.org>
Tsukasa Hamano [Thu, 6 Dec 2012 21:01:33 +0000 (13:01 -0800)]
Fix bug #9471 - SEGV when using second vfs module.
Don't use default_classname_table when we obviously shoud be using
classname_table.
Reviewed by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Dec 7 17:51:50 CET 2012 on sn-devel-104
(cherry picked from commit
16d725b4f5ed77db865e2a3c27ae0eb4accca5a8)
(cherry picked from commit
25eb1af07cc09e5e019a0702c60a763cc3266196)
Karolin Seeger [Mon, 10 Dec 2012 08:47:43 +0000 (09:47 +0100)]
WHATSNEW: Start release notes for Samba 3.6.11.
Karolin
Karolin Seeger [Mon, 10 Dec 2012 08:45:54 +0000 (09:45 +0100)]
VERSION: Bump version up to 3.6.11.
Karolin
Karolin Seeger [Thu, 6 Dec 2012 09:26:19 +0000 (10:26 +0100)]
WHATSNEW: Prepare release notes for Samba 3.6.10.
Karolin
Richard Sharpe [Wed, 5 Dec 2012 01:21:29 +0000 (17:21 -0800)]
Fix bug #9460 - Samba 3.6.x and Master respond incorrectly to FILE_STREAM_INFO requests.
Ensure we check the buffer size correctly.
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Dec 6 01:31:08 CET 2012 on sn-devel-104
(cherry picked from commit
943797c232f96a5dd411a803ad90b6980b2785b0)
Günther Deschner [Mon, 1 Oct 2012 14:19:28 +0000 (16:19 +0200)]
s3-net: Fix DEBUG() location.
Guenther
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Oct 2 18:06:17 CEST 2012 on sn-devel-104
Signed-off-by: Günther Deschner <gd@samba.org>
The last 5 patches address bug #9451 - Allow to force DNS updates using net.
Günther Deschner [Tue, 25 Sep 2012 09:09:45 +0000 (11:09 +0200)]
s3-net: give more control how to update/register DNS entries.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Tue, 25 Sep 2012 09:08:48 +0000 (11:08 +0200)]
s3-net: pass down a flags field to DoDNSUpdate().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Wed, 19 Sep 2012 13:35:15 +0000 (15:35 +0200)]
s3-net: move out some prototypes to net_dns.h.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Wed, 19 Sep 2012 13:31:57 +0000 (15:31 +0200)]
s3-net: pass down struct net_context to the dns update calls.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Jeremy Allison [Tue, 13 Nov 2012 00:30:32 +0000 (16:30 -0800)]
Final part of #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend.
We need to do the same check for overriding ACCESS_DENIED on DELETE_ACCESS
as we do in smbd/open.c, as the ACL check is duplicated here. This has
been fixed in 4.0.0 and later code.
Jeremy Allison [Tue, 13 Nov 2012 00:26:25 +0000 (16:26 -0800)]
More for #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend.
Change can_delete_directory() to can_delete_directory_fsp(), as
we only ever call this from an open directory file handle.
This allows us to use OpenDir_fsp() instead of OpenDir().
OpenDir() re-checks the ACL on the directory, which may
refuse DIR_LIST permissions. OpenDir_fsp() does not. As
this is a file-server internal check to see if the directory
actually contains any files before setting delete on close,
we can ignore the ACL here (Windows does).
Jeremy Allison [Tue, 13 Nov 2012 00:22:52 +0000 (16:22 -0800)]
Ensure when calculating the access mask for MAXIMUM_ALLOWED_ACCESS that we add in FILE_READ_ATTRIBUTES, even if this doesn't come from the file/directory ACL.
If we can access the path to this file, by
default we have FILE_READ_ATTRIBUTES from the
containing directory. See the section.
"Algorithm to Check Access to an Existing File"
in MS-FSA.pdf.
Jeremy Allison [Tue, 13 Nov 2012 00:21:15 +0000 (16:21 -0800)]
Add comment explaining exactly *why* we don't check FILE_READ_ATTRIBUTES when evaluating file/directory ACE's.
If we can access the path to this file, by
default we have FILE_READ_ATTRIBUTES from the
containing directory. See the section.
"Algorithm to Check Access to an Existing File"
in MS-FSA.pdf.
Jeremy Allison [Tue, 13 Nov 2012 00:17:19 +0000 (16:17 -0800)]
First part of #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend.
Use the requested access mask before making the fd_open request in
open_directory() rather than faking up an access mask of
FILE_READ_DATA | FILE_READ_ATTRIBUTES.
The underlying ACL may not permit FILE_READ_DATA.
Sumit Bose [Mon, 29 Oct 2012 11:09:22 +0000 (12:09 +0100)]
Use work around for 'winbind use default domain' only if it is set
Currently in smb_getpwnam() the NetBIOS domain name and the winbind separator
character is always added to the user name returned by Get_Pwnam_alloc() if it
does not contain the winbind separator character. As comments in the code
indicates this is done as a work around if 'winbind use default domain' is set
to yes in the samba configuration.
This make sense if the option is set because otherwise the domain information is
lost from the user name. But it causes errors if other services than winbind are
used for user lookup, e.g. sssd. sssd can handle different kind of fully
qualified user names as input, e.g. user@domain.name or DOM\user, but returns a
canonical name, by default user@domain.name.
While it would be possible to get around this issue with a special configuration
either on the sssd or samba side I think the cleaner solution is to use the work
around only if 'winbind use default domain' is set to yes which is what this
patch does.
Fix bug #9367 - Use work around for 'winbind use default domain' only if it is
set.
(cherry picked from commit
6c0b864654001046b8bbb585112e60a7e146cb2a)
Günther Deschner [Thu, 29 Nov 2012 13:31:19 +0000 (14:31 +0100)]
s3-winbind: use new reconnect logic in rpc_lookup_sids() also.
Volker, please check.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
The last 10 patches address bug #9439 - ncacn_ip_tcp reconnection code for lsa
lookups still broken.
Günther Deschner [Thu, 29 Nov 2012 11:03:53 +0000 (12:03 +0100)]
s3-winbindd: rework reconnect logic in winbindd_lookup_names().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Thu, 29 Nov 2012 11:03:16 +0000 (12:03 +0100)]
s3-winbindd: rework reconnect logic in winbindd_lookup_sids().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Wed, 28 Nov 2012 19:41:21 +0000 (20:41 +0100)]
s3-winbindd: remove lookup_sids_fn_t.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Wed, 28 Nov 2012 16:03:40 +0000 (17:03 +0100)]
s3-winbindd: remove lookup_names_fn_t.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Wed, 28 Nov 2012 16:00:49 +0000 (17:00 +0100)]
s3-rpc_client: make dcerpc_lsa_lookup_names_generic() public.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Wed, 28 Nov 2012 15:57:57 +0000 (16:57 +0100)]
s3-rpc_cli: make dcerpc_lsa_lookup_sids_generic() public.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Wed, 28 Nov 2012 15:57:24 +0000 (16:57 +0100)]
s3-winbindd: add cm_connect_lsat().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Wed, 28 Nov 2012 13:53:27 +0000 (14:53 +0100)]
s3-rpc_cli: Remove some unused wrapping code.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Volker Lendecke [Tue, 6 Sep 2011 16:33:35 +0000 (18:33 +0200)]
s3: Make winbindd_lookup_names static
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Sep 6 20:03:56 CEST 2011 on sn-devel-104
(cherry picked from commit
fd65e5eb8cdd38917a574734c9079cd75e4e1be0)
David Disseldorp [Tue, 27 Nov 2012 15:10:28 +0000 (16:10 +0100)]
spoolss: fix segfault when "default devmode" is disabled
Currently when "default devmode" is explicitly disabled, and a printer
is added with a null device mode, spoolssd crashes in copy_devicemode().
Both construct_printer_info2() and construct_printer_info8() code paths
currently unconditionally attempt to copy a printers device mode,
without checking whether one is present.
This change fixes this regression such that construct_printer_info*()
functions check for a null device mode before copying.
https://bugzilla.samba.org/show_bug.cgi?id=9433
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Wed, 28 Nov 2012 11:53:39 +0000 (12:53 +0100)]
BUG 9436: Fix leaking sockets of SMB connections to a DC.
As this is a burst of 3 unbound sockets with each try to reach a DC
we're running out of file descriptors pretty fast. So winbind is then
mostly spinning in an accept loop failing with EMFILE.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Autobuild-User(master): Jim McDonough <jmcd@samba.org>
Autobuild-Date(master): Wed Nov 28 17:17:21 CET 2012 on sn-devel-104
Matthieu Patou [Fri, 23 Nov 2012 00:14:42 +0000 (16:14 -0800)]
Fix MD5 detection in the autoconf build
This is synthesis of patches made for bugs
* 9037
* 9086
* 9094
* 9418
It checks if there is a library for md5 related functions (libmd or
libmd5) and if so it checks for the presence of md5.h headers.
Signed-off-by: Matthieu Patou <mat@matws.net>
Volker Lendecke [Thu, 22 Nov 2012 20:46:53 +0000 (21:46 +0100)]
Fix Bug 9422 - large read requests cause server to issue malformed reply
Günther Deschner [Fri, 23 Nov 2012 12:19:53 +0000 (13:19 +0100)]
s3-rpc_client: lookup nametype 0x20 in rpc_pipe_open_tcp_port(). (bug #9426)
The server name type (0x20) is much more likely to be available in the name cache, as
this type gets stored by winbind itself - the primary user of the ncacn_ip_tcp
code currently.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Nov 23 16:30:57 CET 2012 on sn-devel-104
(cherry picked from commit
2032f2746d70bbebd1af26a7a046eb1cc61ac175)
(cherry picked from commit
ac0623cab847a4df9c5cd35442e9be8924d9e261)
Stefan Metzmacher [Fri, 9 Nov 2012 07:59:36 +0000 (08:59 +0100)]
lib/addns: don't depend on the order in resp->answers[]
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
eecc1d294256210ee8c2f6ab79d21b835258a6d4)
The last 2 patches address bug #9402 - lib/addns doesn't work samba4 with a
bind9 server.
git.samba.org / samba.git / log