Simo Sorce [Thu, 11 Sep 2008 13:51:39 +0000 (09:51 -0400)]
Fix for bug 5571
Make sure that usernames are parsed using the correct separator.
Otherwise group memeberships in winbind may be result broken.
Karolin Seeger [Thu, 11 Sep 2008 11:48:25 +0000 (13:48 +0200)]
WHATSNEW: Update changes since 3.2.3.
Karolin
Michael Adam [Wed, 10 Sep 2008 21:31:26 +0000 (23:31 +0200)]
packaging(RHEL): fix direction of link (.so) of nss libs.
libnss_winbindd.so -> libnss_winbindd.so.2
libnss_wins.so -> libnss_wins.so.2
Michael
Michael Adam [Wed, 10 Sep 2008 11:48:13 +0000 (13:48 +0200)]
packaging(RHEL): workaround all library installations by mv to %{_libarchdir}
This is all that is still necessary in 3.2.3+.
(The eloquent workarounds for libsmbclient and libsmbsharemodes
are removed.)
In 3.3.0, with the separation of libdir and modulesdir, even this
step becomes unnecessary.
Michael
Michael Adam [Wed, 10 Sep 2008 11:46:07 +0000 (13:46 +0200)]
packaging(RHEL): remove even another manual installation of pam_smbpass.so
Michael
Michael Adam [Mon, 8 Sep 2008 13:51:33 +0000 (15:51 +0200)]
packaging(RHEL): fix installation of pam modules.
Michael
Michael Adam [Fri, 29 Aug 2008 14:55:55 +0000 (16:55 +0200)]
packaging(RHEL): fix libdir installation by using _libarch/_libarchdir
Michael
Jeremy Allison [Wed, 10 Sep 2008 23:21:25 +0000 (16:21 -0700)]
Fix bug #5052 - not work cancel inheritance on share. We were
using the parent security descriptor type and flags instead
of using the passed in SD.
Jeremy.
Jeremy Allison [Wed, 10 Sep 2008 21:52:34 +0000 (14:52 -0700)]
When requesting UNIX info levels on findfirst/findnext, don't play games with write time,
just return what the underlying filesystem says. Trying not to confuse UNIX apps any more than necessary.
Jeremy.
Jeremy Allison [Wed, 10 Sep 2008 17:16:42 +0000 (10:16 -0700)]
Fix blocker bug 5745 kerberos authentication with (lib)smbclient is broken.
Jeremy.
Karolin Seeger [Wed, 10 Sep 2008 10:11:05 +0000 (12:11 +0200)]
WHATSNEW: Update changes since 3.2.3.
Karolin
Michael Adam [Fri, 29 Aug 2008 14:44:06 +0000 (16:44 +0200)]
packaging(RHEL): remove duplicate installation of pam_smbpass.so
Michael
(cherry picked from commit
cdc24fbb195b1a5460c05fcd20d7ba81ad69ef22)
Michael Adam [Mon, 8 Sep 2008 15:38:55 +0000 (17:38 +0200)]
packaging(RHEL): use ccache if available
Michael
(cherry picked from commit
e8abbfabde3da0844ffb4e2507084c139a70d503)
Michael Adam [Mon, 8 Sep 2008 13:52:27 +0000 (15:52 +0200)]
packaging(RHEL): add ldbtools binaries and man pages to common package
Michael
(cherry picked from commit
206985dfda5a9f62df975629046b00a88ec666f5)
Michael Adam [Mon, 8 Sep 2008 12:46:31 +0000 (14:46 +0200)]
packaging(RHEL): remove leftovers of smbmount from SPEC file.
Michael
(cherry picked from commit
041875c64daba3d185b1954eb0eb9a21b2f41ee1)
Michael Adam [Fri, 29 Aug 2008 15:45:45 +0000 (17:45 +0200)]
packaging(RHEL): add new libs (talloc, tdb, ...) to the common package
Michael
(cherry picked from commit
f23183bbec55faf2d6496e04e73f8dd415a08d1c)
Michael Adam [Fri, 29 Aug 2008 14:41:30 +0000 (16:41 +0200)]
packaging(RHEL): remove smbmount related stuff from spec file
Michael
(cherry picked from commit
4420cf6199e3c718a3dea84fe814d6ad6e83c2d8)
Michael Adam [Fri, 29 Aug 2008 13:45:18 +0000 (15:45 +0200)]
packaging(RHEL): fix version of GPL (2 --> 3)
Michael
(cherry picked from commit
c015e8e0cf4131f21305451943df13b81f51ea6a)
Karolin Seeger [Wed, 10 Sep 2008 09:15:02 +0000 (11:15 +0200)]
WHATSNEW: Update changes since 3.2.3.
Karolin
Michael Adam [Fri, 29 Aug 2008 14:48:37 +0000 (16:48 +0200)]
packaging(RHEL): remove libmsrpc stuff which is no more...
Michael
(cherry picked from commit
3eaa33e9df6d58ef93f13a840b38a063649fffbc)
Karolin Seeger [Tue, 9 Sep 2008 11:23:28 +0000 (13:23 +0200)]
WHATSNEW: Update changes since 3.2.3.
Karolin
Volker Lendecke [Mon, 8 Sep 2008 20:53:50 +0000 (22:53 +0200)]
Fix calculation of useable_space for trans2 and nttrans replies
When alignment was in place, we pretended to send more data/params according to
the param_offset/param_length and data_offset/data_length parameters than would
actually fit into the SMB according to the NBSS length field.
Stefan Metzmacher [Mon, 8 Sep 2008 13:12:24 +0000 (15:12 +0200)]
smbd: some write time fixes
- only the first non truncating write causes
the write time update with 2 seconds delay.
It's not enough to check for an existing update event
as it will be NULL after the event was triggered.
- SMBwrite truncates always update the write time
unless the sticky write time is set.
- SMBwrite truncates don't trigger a write time update on close.
metze
Volker Lendecke [Mon, 8 Sep 2008 14:42:06 +0000 (16:42 +0200)]
When setting an NFSv4 ACL, map generic bits
(cherry picked from commit
dbe7a61be2beac50d1665e38ac374cefbbabec00)
Karolin Seeger [Mon, 8 Sep 2008 10:42:52 +0000 (12:42 +0200)]
WHATSNEW: Update changes since 3.2.3.
Karolin
Jeremy Allison [Sat, 6 Sep 2008 03:40:02 +0000 (20:40 -0700)]
Fix debug message to show correct function name.
Jeremy.
Jeremy Allison [Sat, 6 Sep 2008 02:01:09 +0000 (19:01 -0700)]
Write times code update.
Ok, here's the fix for the write times breakage
with the new tests in S4 smbtorture.
The key is keeping in the share mode struct
the "old_file_time" as the real write time,
set by all the write and allocation calls,
and the "changed_write_time" as the "sticky"
write time - set by the SET_FILE_TIME calls.
We can set them independently (although I
kept the optimization of not setting the
"old_file_time" is a "changed_write_time"
was already set, as we'll never see it.
This allows us to update the write time
immediately on the SMBwrite truncate case,
SET_END_OF_FILE and SET_ALLOCATION_SIZE calls,
whilst still have the 2 second delay on the
"normal" SMBwrite, SMBwriteX calls.
I think in a subsequent patch I'd like to
change the name of these from "old_file_time"
to "write_time" and "changed_write_time" to
"sticky_write_time" to make this clearer.
I think I also fixed a bug in Metze's original
code in that once a write timestamp had been
set from a "normal" SMBwriteX call the fsp->update_write_time_triggered
variable was set and then never reset - thus
meaning the write timestamp would never get
updated again on subsequent SMBwriteX's.
The new code checks the update_write_time_event
event instead, and doesn't update is there's
an event already scheduled.
Metze especially, please check this over for
your understanding.
Jeremy.
Jeremy Allison [Fri, 5 Sep 2008 22:35:04 +0000 (15:35 -0700)]
Remove unecessary msync.
Jeremy.
Qiao Yang [Fri, 5 Sep 2008 12:08:09 +0000 (14:08 +0200)]
Fix a memleak
request.extra_data is not freed if there is no extra_data in response or
when there is some error happens in processing. This patch will free the
buffer right after processing a request before sending back a response.
(cherry picked from commit
be6f12273f171a3eb1967d2299064e57d737f6a4)
Volker Lendecke [Fri, 5 Sep 2008 09:48:36 +0000 (11:48 +0200)]
Do proper error handling if the socket is closed
This is a step in fixing bug 5707.
Thanks to Igor Galić <i.galic@brainsware.org> for reporting!
Volker
Michael Adam [Tue, 26 Aug 2008 15:19:33 +0000 (17:19 +0200)]
run "make idl" after after idl change "Handle arbitrary new PAC types"
Michael
Andrew Tridgell [Sun, 24 Aug 2008 04:00:58 +0000 (14:00 +1000)]
Handle arbitrary new PAC types
When MS introduces a new PAC type, we should just ignore it, not
generate a parse error. New PAC info structures are supposed to be
backwards compatible with old ones
(cherry picked from commit
2971b926c835412b02c93ad1e30f1471bc0a3612)
Michael Adam [Tue, 26 Aug 2008 15:17:14 +0000 (17:17 +0200)]
re-run make idl after Jelmer's "poperly cast array lengths" pidl change.
(
f321240fa91fa19c1131f119c42f64897d220682)
Michael
Andrew Tridgell [Sun, 24 Aug 2008 03:53:19 +0000 (13:53 +1000)]
fixed an errno handling bug that could lead to an infinite loop
(cherry picked from commit
5ccdc58ce91ee40ca7171dd040191291aeb7fe02)
Andrew Tridgell [Sat, 23 Aug 2008 01:36:27 +0000 (11:36 +1000)]
fixed tsmsm_sendfile(). The logic was totally broken.
(cherry picked from commit
794e48b809036871287df8416a2c669b7e26f216)
Michael Adam [Fri, 5 Sep 2008 09:39:38 +0000 (11:39 +0200)]
configure: fix typo in GNU ld version-script test.
Michael
(cherry picked from commit
0d9f3dfc4c139938ee57b6cf60c29cf4ce404be7)
Gerald (Jerry) Carter [Mon, 25 Aug 2008 21:08:28 +0000 (16:08 -0500)]
Add workaround for docs build and dependency on parameters.all.xml
(cherry picked from commit
d4f5b5255f9b95050ddd9d67bd3958402be77918)
(cherry picked from commit
c8154142d97ccf973feb36d77f932c893fda0af5)
(cherry picked from commit
c91e7e9f7f392d5ba850619395eddac34617f1e4)
(cherry picked from commit
bdb0a5d5fdbc331e11391f7b6e0aae963cebd3fc)
Gerald W. Carter [Tue, 27 May 2008 21:27:21 +0000 (16:27 -0500)]
Release scripts: Update create-tarball to include docs and other packaging details.
I've updated the create-tarball script to support command line options,
docs build (or copy and existing build), and to run the packaging update
scripts.
$ release-scripts/create-tarball --help
Usage release-scripts/create-tarball [options]
--help Print command usage
--branch <name> Specify the branch to to create the archive file from
--copy-docs <dir> Copy documentation from <dir> rather than building
--tag <name> Tag name for release
--keyid <email> The GnuPG key ID used to sign the release tag
(cherry picked from commit
7c96795e5954b6a716beb6f5a30d6c7bb1647717)
Gerald (Jerry) Carter [Tue, 27 May 2008 17:00:00 +0000 (12:00 -0500)]
Add simple script to build docs
(cherry picked from commit
0865f4615d3ee91673dd6d02c6537765f34b3129)
James Ding [Thu, 4 Sep 2008 22:17:18 +0000 (15:17 -0700)]
Fix winbindd crash bug with trusted domains. Bug #5736
Herb Lewis [Thu, 4 Sep 2008 21:32:09 +0000 (14:32 -0700)]
get rid of unneeded argument for get_alloc_methods as well
Herb Lewis [Thu, 4 Sep 2008 20:58:06 +0000 (13:58 -0700)]
get rid of unneeded argument for get_methods
Steven Danneman [Thu, 4 Sep 2008 19:05:13 +0000 (12:05 -0700)]
Cleanup of DC enumeration in get_dcs()
This is a fix for a few small inefficiencies/bugs in the get_dcs() path.
* because the third add_one_dc_unique() loop was outside the ADS check all DCs
returned from the non-sitename lookup were being tacked onto the dc_name_ip
list twice.
* add_one_dc_unique() now checks if the given IP address already exists before
adding it to the list, making the returned list actually unique
* added more thorough doxygen comment headers
Günther Deschner [Thu, 4 Sep 2008 13:11:22 +0000 (15:11 +0200)]
kerberos: fix indent of enc type lines in generated krb5.conf files.
Guenther
(cherry picked from commit
18a26f08b6fab4119a1421a7ca59c32dde8bb8cb)
Jeremy Allison [Wed, 3 Sep 2008 20:06:20 +0000 (13:06 -0700)]
Fix bug #5729. Explicitly allow "-valid".
Jeremy
Simo Sorce [Wed, 3 Sep 2008 14:44:09 +0000 (10:44 -0400)]
The msync manpage reports that msync *must* be called before munmap. Failure to do so may result in lost data. Fix an ifdef check, I really think we meant to check HAVE_MMAP here.
Volker Lendecke [Mon, 1 Sep 2008 11:46:27 +0000 (13:46 +0200)]
Fix Coverity ID 587
The following test program prints "8" on 64-bit :-)
static void print_size(const char lenbuf[4])
{
printf("sizeof(lenbuf) = %d\n", (int)sizeof(lenbuf));
}
int main(void)
{
const char lenbuf[4];
print_size(lenbuf);
return 0;
}
Jeremy, please check :-)
Volker
(cherry picked from commit
9daea0ccfdda58450be3c9a9a94c016f5900c319)
Jeremy Allison [Fri, 29 Aug 2008 16:29:35 +0000 (09:29 -0700)]
Deal with systems that don't initialize birthtime correctly.
Pointed out by SATOH Fumiyasu <fumiyas@osstech.jp>.
Jeremy.
Jeremy Allison [Thu, 28 Aug 2008 23:04:30 +0000 (16:04 -0700)]
Clarify usage of "force create mode".
Jeremy.
Jeremy Allison [Thu, 28 Aug 2008 19:09:06 +0000 (12:09 -0700)]
Add st_birthtime and friends for accurate create times on systems that support it (*BSD and MacOSX). This really needs to be in 3.2.x.
Should have done this ages ago, sorry.
Jeremy.
Günther Deschner [Thu, 28 Aug 2008 10:29:24 +0000 (12:29 +0200)]
winbindd: fix invalid sid copy (hit when enumerating sibling domains).
Guenther
(cherry picked from commit
5eee7423351ffd05486e33ff8eb905babcbc9422)
Jeremy Allison [Thu, 28 Aug 2008 00:26:59 +0000 (17:26 -0700)]
Fix the wcache_invalidate_samlogon calls.
Jeremy.
Ephi Dror [Thu, 28 Aug 2008 00:26:36 +0000 (17:26 -0700)]
Correct the netsamlogon_clear_cached_user function.
Jeremy Allison [Wed, 27 Aug 2008 18:30:02 +0000 (11:30 -0700)]
Be explicit about setting perms for the ldb. Helps others who may use this api.
Jeremy.
Karolin Seeger [Wed, 27 Aug 2008 11:23:20 +0000 (13:23 +0200)]
ldb: Fix permissions of new ldg files.
This one fixes together with
2eaf4ed62 bug #5715 and CVE-2008-3789.
Thanks to Steve Langasek <vorlon@debian.org> for reporting!
Karolin
(cherry picked from commit
b666d0a4b597218f5f5020bf36d80d84dcbf7259)
Karolin Seeger [Wed, 27 Aug 2008 09:09:54 +0000 (11:09 +0200)]
WHATSNEW: Add updates for 3.2.3.
Karolin
(cherry picked from commit
86634dc0c89b8c0ddf61273d31cc7d8cdb443643)
Andrew Tridgell [Wed, 27 Aug 2008 08:45:43 +0000 (10:45 +0200)]
ldb: Fix permissions of group_mapping.ldb.
This one fixes bug #5715 and CVE-2008-3789.
(cherry picked from commit
a94f44c49f668fcf12f4566777a668043326bf97)
Steve French [Tue, 26 Aug 2008 20:27:07 +0000 (15:27 -0500)]
Merge branch 'v3-2-test' of git://git.samba.org/samba into v3-2-test
Steve French [Tue, 26 Aug 2008 18:04:44 +0000 (13:04 -0500)]
mount.cifs: unclear error message with "credentials"
Thanks to Christophe Curis for the suggestion
Andrew Tridgell [Sun, 24 Aug 2008 03:58:05 +0000 (13:58 +1000)]
become root for AIO operations
We need to become root for AIO read and write to allow the AIO thread
to send a completion signal to the parent process when the IO
completes
Andrew Tridgell [Tue, 26 Aug 2008 04:06:42 +0000 (14:06 +1000)]
EINVAL is also a valid error return, meaning "this filesystem
cannot do sendfile for this file"
Andrew Tridgell [Sun, 24 Aug 2008 03:56:59 +0000 (13:56 +1000)]
Avoid a race condition in glibc between AIO and setresuid().
See this test: http://samba.org/~tridge/junkcode/aio_uid.c
The problem is that setresuid() tries to be clever about threads, and
tries to change the euid of any threads that are running. If a AIO read
or write completes while this is going on then the signal from the thread
where the IO completed is lost, as it gets -1/EPERM from rt_sigqueueinfo()
The simplest fix is to try to use setreuid() instead of setresuid(),
as setreuid() doesn't try to be clever. Unfortunately this also means
we must use become_root()/unbecome_root() in the aio code.
David Leonard [Mon, 25 Aug 2008 22:15:35 +0000 (15:15 -0700)]
Fix bug 4516, no IPv6 on Solaris 2.6.
Jeff Layton [Sun, 24 Aug 2008 21:31:49 +0000 (17:31 -0400)]
cifs.upcall: bump SPNEGO msg version number and don't reject old versions
When we added the ability for the kernel to send sec=mskrb5 to the
upcall, we subtly broke old cifs.upcall versions that don't understand
it. Bump the spnego message version to 2 to make this clear. Also,
change cifs.upcall to not reject requests with a version that's lower
than the current one, and to send the reply with the same version that
the request sent. The idea is to try and keep cifs.upcall backward
compatible with old kernels.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeremy Allison [Fri, 22 Aug 2008 20:50:53 +0000 (13:50 -0700)]
Don't re-initialize a token when we already have one. This fixes the build farm failures when winbindd connects as guest.
This one took a *lot* of tracking down :-).
Jeremy.
Gerald (Jerry) Carter [Fri, 22 Aug 2008 15:17:04 +0000 (10:17 -0500)]
winbindd: Fix crash in cm_connect_sam()
Fix segv when talking to parent DC (joined to child domain).
The root cause was
(a) storing the parent domain in the cli_state struct caused
the NTLMSSP pipe bind to fail which made us fallover to
the schannel code path
(b) the dcinfo pointer in cm_get_schannel_dcinfo() was returning
NULL even though the function indicated success.
(cherry picked from commit
5ce4a2ae6697970ea37d0078a506615b4b7a9a9c)
Jeff Layton [Fri, 22 Aug 2008 01:41:19 +0000 (21:41 -0400)]
cifs.upcall: fix build warning
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Günther Deschner [Thu, 21 Aug 2008 13:05:35 +0000 (15:05 +0200)]
Fix Bug #5710 and make machine account password changing work again.
When we negotiated NETLOGON_NEG_PASSWORD_SET2 we need to use
NetrServerPasswordSet2 to change the machine password.
Tested with NT4, W2k, W2k3 and W2k8.
Guenther
Günther Deschner [Thu, 21 Aug 2008 13:02:03 +0000 (15:02 +0200)]
re-run make idl.
Guenther
(cherry picked from commit
f24cef9fa7be45212744d39b7c66804e64147afd)
Günther Deschner [Thu, 21 Aug 2008 13:01:36 +0000 (15:01 +0200)]
IDL: fix IDL for netr_ServerPasswordSet2().
Guenther
(cherry picked from commit
7b312a0abc6de5a51555ccfbde7f8f78fc11d043)
Jeremy Allison [Thu, 21 Aug 2008 17:25:51 +0000 (10:25 -0700)]
Fix bug 5698 - mixup of TALLOC/malloc. Spotted by Douglas Wegscheid <Douglas_E_Wegscheid@whirlpool.com>.
Jeremy.
Michael Adam [Wed, 20 Aug 2008 12:56:18 +0000 (14:56 +0200)]
build: fix bug #5590 by not linking in the static libs but the objects.
Michael
(cherry picked from commit
6ad2090391a92ebe822b2d7b80e180c251dc8e7a)
Michael Adam [Wed, 20 Aug 2008 12:55:24 +0000 (14:55 +0200)]
build: fall down to the same place when using an internal lib statically.
Michael
(cherry picked from commit
702c0bc04668117e3521d687b9b5a87fd7e0f1b1)
Michael Adam [Wed, 20 Aug 2008 11:22:13 +0000 (13:22 +0200)]
build: rename LIBNETAPI_OBJ1 to LIBNETAPI_OBJ0 for consistency.
Michael
(cherry picked from commit
ead9b9d7167d999d73cf4111f3b321236aac2a15)
Günther Deschner [Wed, 20 Aug 2008 16:40:58 +0000 (18:40 +0200)]
fix build warning.
Guenther
(cherry picked from commit
a75055be5ff7ebe3476cfac86c6597a56a843c23)
Günther Deschner [Wed, 20 Aug 2008 18:24:45 +0000 (20:24 +0200)]
fix another build warning.
Guenther
(cherry picked from commit
43693ce6c678b961fa516bbf502af92f87cd5346)
Gerald (Jerry) Carter [Wed, 20 Aug 2008 18:00:40 +0000 (13:00 -0500)]
nss_winbind: When returning NSS_UNAVAIL, squash errno to ENOENT
According to the GNU libc nss guide, we should always set
errno to ENOENT when returning NSS_UNAVAIL.
http://www.gnu.org/software/libtool/manual/libc/NSS-Modules-Interface.html#NSS-Modules-Interface
At least the MQ Series message queing service that runs
on WebSphere will fail if you return any other errno in this case.
(cherry picked from commit
ee26664602445fa7798e2061f6bcbef0756d6528)
Stefan Metzmacher [Tue, 19 Aug 2008 14:34:50 +0000 (16:34 +0200)]
smbd: fix the handling of create_options to pass RAW-OPEN
Some of the bits generate INVALID_PARAMETER and some bits
are ignored when they come from a client, that's why we need
to use bits from the ignored range for our internal usage.
metze
(cherry picked from commit
7b4c8a4e39f310eb450918fa841b0ea1b4af19f7)
Jeff Layton [Wed, 20 Aug 2008 01:35:35 +0000 (21:35 -0400)]
cifs.upcall: handle MSKRB5 OID properly
When the kernel sends the upcall a sec=mskrb5 parameter, that means
the the MSKRB5 OID is preferred by the server. This patch fixes the
upcall to use that OID in place of the "normal" krb5 OID when it
gets a sec=mskrb5 parameter.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve French <smfrench@gmail.com>
Jeremy Allison [Wed, 20 Aug 2008 00:31:46 +0000 (17:31 -0700)]
Fix bug 5697 nmbd spins in reload_interfaces when only loopback has an IPv4 address
reported by Ted Percival <ted@midg3t.net>.
Jeremy.
Michael Adam [Tue, 19 Aug 2008 11:29:24 +0000 (13:29 +0200)]
build: fix linking cifs.upcall when nscd_flush_cache() is found.
Michael
(cherry picked from commit
661b7fdffda40a9ca7cb36627dbaf91cb4357cd0)
Karolin Seeger [Tue, 19 Aug 2008 09:36:45 +0000 (11:36 +0200)]
WHATSNEW: Start WHATSNEW for 3.2.3.
Karolin
Karolin Seeger [Tue, 19 Aug 2008 09:35:27 +0000 (11:35 +0200)]
VERSION: Raise version number up to 3.2.3.
Karolin
Igor Mammedov [Mon, 18 Aug 2008 16:55:44 +0000 (09:55 -0700)]
Fix length error in wrapping spnego blob. Karoling this needs to be in 3.2.2 (sorry).
Karolin Seeger [Mon, 18 Aug 2008 14:36:53 +0000 (16:36 +0200)]
WHATSNEW: Update release date.
Karolin
Karolin Seeger [Mon, 18 Aug 2008 13:59:07 +0000 (15:59 +0200)]
WHATSNEW: Add some more major bug fixes.
Karolin
Karolin Seeger [Mon, 18 Aug 2008 13:56:52 +0000 (15:56 +0200)]
WHATSNEW: Add corresponding bug number.
Karolin
Karolin Seeger [Mon, 18 Aug 2008 13:52:09 +0000 (15:52 +0200)]
WHATSNEW: Update changes since 3.2.1.
Karolin
Jeremy Allison [Sun, 17 Aug 2008 02:27:25 +0000 (19:27 -0700)]
Merge branch 'v3-2-test' of ssh://jra@git.samba.org/data/git/samba into v3-2-test
Jeremy Allison [Sun, 17 Aug 2008 02:25:22 +0000 (19:25 -0700)]
Fix bug 5696. The problem was when smbd
was asking for a winbindd name to SID lookup of
"Unix Group\name" where "name" was also a valid username,
the winbindd passdb lookup of that name was losing the
domain string info before calling lookup name (ie. lookup_name()
was being called with just the string "name", not the
full string "Unix Group\name").
The passdb backend of winbindd has to cope with
not only names from it's own global SAM domain,
but it does lookups for BUILTIN and "Unix User"
and "Unix Group" also, so making it guess by
losing the domain string is "A Bad Idea" (tm) :-).
Note that as winbind globally calls winbind_off()
at startup, it's safe for winbind to call sys_getgrnam()
to do the "Unix Group" lookup from inside lookup_name().
Jeremy.
Jeff Layton [Sat, 16 Aug 2008 18:30:20 +0000 (14:30 -0400)]
cifs.upcall: negatively instantiate keys on error
When a request-key upcall exits without instantiating a key, the kernel
will negatively instantiate the key with a 60s timeout. Older kernels,
however seem to also link that key into the session keyring. This
behavior can interefere with subsequent mount attempts until the
key times out. The next request_key() call will get this negative key
even if the upcall would have worked the second time.
Fix this by having cifs.upcall negatively instantiate the key itself
with a 1s timeout and don't attach it to the session keyring.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Steve French [Sat, 16 Aug 2008 18:30:19 +0000 (14:30 -0400)]
Building cifs.upcall is giving this build warning:
client/cifs.upcall.c:205: warning: function declaration isn’t a prototype
This patch fixes this by properly declaring usage() args as void.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@samba.org>
Steve French [Sat, 16 Aug 2008 18:30:18 +0000 (14:30 -0400)]
cifs.upcall: fix manpage and comments
The "cifs.resolver" key type has been changed to "dns_resolver". Fix
the comments at the top of cifs.upcall and the manpage accordingly.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@samba.org>
---
docs-xml/manpages-3/cifs.upcall.8.xml | 4 ++--
source/client/cifs.upcall.c | 8 ++++----
2 files changed, 6 insertions(+), 6 deletions(-)
Steve French [Sat, 16 Aug 2008 18:30:17 +0000 (14:30 -0400)]
cifs.upcall was not recognizing the newer name "dns_resolver" key type
(as a synonym for the older "cifs.resolver" name) when resolving host
names to ip addresses for the kernel.
Acked-by: Jeff Layton
Steve French [Sat, 16 Aug 2008 18:30:16 +0000 (14:30 -0400)]
cifs.upcall: fix compile warning
Steve French noticed these warnings when building cifs.upcall:
Compiling client/cifs.upcall.c
client/cifs.upcall.c: In function 'usage':
client/cifs.upcall.c:204: warning: declaration of 'prog' shadows a global declaration
client/cifs.upcall.c:33: warning: shadowed declaration is here
Change the usage function to not take and arg and have it just use the global
"prog" variable. Fix a typo in the log message generated when an unknown
option is specified. Also getopt() always returns '?' when it sees an unknown
option so there's no point in printing it out.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeremy Allison [Sat, 16 Aug 2008 18:30:08 +0000 (14:30 -0400)]
This patchset comprises a number of cleanups for the cifs upcall
binary. The biggest change is that it renames it from cifs.spnego
to cifs.upcall since the cifs.spnego name really isn't applicable
anymore.
It also fixes a segfault when the program is run without any args
and adds a manpage. Comments and/or suggestions appreciated.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Volker Lendecke [Sat, 16 Aug 2008 09:12:35 +0000 (11:12 +0200)]
Attempt to fix Coverity ID 596
Jeremy, please check & push if it's ok.
Volker Lendecke [Sat, 16 Aug 2008 09:17:09 +0000 (11:17 +0200)]
Attempt to fix Coverity ID 595
is_ipaddress already dereferences "name", so the NULL check is pointless after
calling it.
Herb Lewis [Fri, 15 Aug 2008 22:30:40 +0000 (15:30 -0700)]
I think the problem with these functions is that lookup_usergroups
should never include the user SID.
The comment for the function in winbindd/winbindd_ads.c says
/* Lookup groups a user is a member of. */
The following patch makes the wbinfo calls return the correct data
before and after a login.
Michael Adam [Fri, 15 Aug 2008 21:17:48 +0000 (23:17 +0200)]
build: fix a typo in the installlibtalloc rule.
The symlink liballoc.so -> libtalloc.so.1 would have been
created unconditionally, independent of the existence of
libtalloc.so.1.
Michael
(cherry picked from commit
04974818bda75c4315ad09b623e5df55c87dbc87)