Jeremy Allison [Wed, 9 Sep 2009 00:22:39 +0000 (17:22 -0700)]
Second part of fix for bug 6696 - smbd 3.3.7 crashes (signal 11) in dns_register_smbd_reply. Restore the code from 3.2 that actually initializes the struct dns_reg_state handle. Jeremy.
Jeremy Allison [Fri, 8 Jan 2010 18:24:34 +0000 (10:24 -0800)]
Re-fix bug 5202 - cannot change ACLs on writable file with "dos filemode=yes"
This bug re-occurred for 3.3.x and above.
The reason is that to change a NT ACL we now have to open the file requesting
WRITE_DAC and WRITE_OWNER access. The mapping from POSIX "w" to NT permissions
in posix_acls doesn't add these bits when "dos filemode = yes", so even though
the permission or owner change would be allowed by the POSIX ACL code, the
NTCreateX call fails with ACCESS_DENIED now we always check NT permissions
first.
Added in the mapping from "w" to WRITE_DAC and WRITE_OWNER access.
Jeremy.
Jim McDonough [Thu, 31 Dec 2009 02:19:46 +0000 (18:19 -0800)]
Prevent NULL dereference if group has no members
Fix bug #7014 (domain mode winbind crashes retriveing empty group members).
Jeremy Allison [Tue, 22 Dec 2009 05:16:15 +0000 (21:16 -0800)]
Fix bug 7005 - mangle method = hash truncates files with dot '. ' character
Don't change the contents of a const string via a pointer
alias (or if you do, change it back.....).
Jeremy.
Jeremy Allison [Fri, 18 Dec 2009 00:36:53 +0000 (16:36 -0800)]
Fix bug #6939 - mangling method = hash breaks long filenames.
We were returning the wrong sense of the bool. must_mangle()
has to return !NT_STATUS_IS_OK, not NT_STATUS_IS_OK.
Jeremy.
Jeremy Allison [Wed, 16 Dec 2009 02:38:06 +0000 (18:38 -0800)]
Second part of fix for 6875 - trans2 FIND_FIRST2 response --> FIND_FIRST2 Data -> Fille Attributes are returned as 0x220 for LANMAN2.1 dial
Ensure dos_mode can return FILE_ATTRIBUTE_NORMAL, then filter the returned attributes by protocol level.
This makes us consistant in returning DOS attrs across all replies. Tested on OS/2 by Günter Kukkukk.
Jeremy.
Kai Blin [Fri, 4 Dec 2009 08:47:25 +0000 (09:47 +0100)]
s3 aclocal.m4: Fix iconv checks, clean up m4 code
The check for iconv requiring giconv.h and libgiconv as well as
the check for iconv requiring biconv.h and libbiconv were using the wrong
variable to check for previous successful test results. This caused the checks
to always fall back to libbiconv on systems where that library was available.
In the course of fixing this, I had to clean up the indentation in that piece of
code, and I also rewrote/added some comments.
Many thanks to Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> for the initial
patch and diagnosis.
(cherry picked from commit
f5aff324cb9d965bbc75634596c3c40ffc588183)
Fix bug #4832 (iconv library is not used).
Volker Lendecke [Mon, 7 Dec 2009 21:35:35 +0000 (22:35 +0100)]
s3: Fix a segfault in "net" version 3.3
When neither LOGNAME nor -U is set, "net" and probably other client utils
segfault. Reported by "vinnix" on irc.
Volker
Fix bug #6973 (segfault in client tools).
Günther Deschner [Fri, 27 Nov 2009 19:08:44 +0000 (20:08 +0100)]
s3-kerberos: fix the build on Mac OS X 10.6.2.
Guenther
(cherry picked from commit
51328a7056918bc75a7c1c442f47cf0271075542)
Günther Deschner [Fri, 27 Nov 2009 17:51:56 +0000 (18:51 +0100)]
s3-kerberos: add a missing reference to authdata headers.
Guenther
(cherry picked from commit
da79cbb0800dd647be864e8bbb5fe1132708174b)
Günther Deschner [Fri, 27 Nov 2009 17:30:18 +0000 (18:30 +0100)]
s3-kerberos: do not include authdata headers before including krb5 headers.
Guenther
Günther Deschner [Fri, 27 Nov 2009 14:52:57 +0000 (15:52 +0100)]
s3-kerberos: only use krb5 headers where required.
This seems to be the only way to deal with mixed heimdal/MIT setups during
merged build.
Guenther
Günther Deschner [Fri, 27 Nov 2009 00:06:36 +0000 (01:06 +0100)]
s3-kerberos: Fix Bug #6929: build with recent heimdal.
Heimdal changed the KRB5_DEPRECATED define (which now may not take an identifier
for activation) in new releases (like 1.3.1).
Guenther
(cherry picked from commit
1a8f8382740e352a83133b8c49aaedd4716210cd)
Günther Deschner [Thu, 26 Nov 2009 09:15:45 +0000 (10:15 +0100)]
s3-kerberos: next step to resolve Bug #6929: build with recent heimdal.
Based on patch from Allan <allan@archlinux.org>.
Also should fix the FreeBSD build on the buildfarm.
Guenther
(cherry picked from commit
5b3a32be97a37c119e837bdee8f049684565458c)
Günther Deschner [Wed, 25 Nov 2009 20:33:48 +0000 (21:33 +0100)]
s3-kerberos: add check for prerequisite krb5/krb5.h header while checking for krb5/locate_plugin.h.
(Needed for new Heimdal versions).
Guenther
(cherry picked from commit
c438b2b3923db66672ec82e795eef543de5fcb8a)
Günther Deschner [Wed, 25 Nov 2009 14:21:54 +0000 (15:21 +0100)]
nsswitch: fix compile of winbind_krb5_locator with recent Heimdal versions.
Guenther
(cherry picked from commit
51864219cc12ceb66c281355f3e1191d5e32842d)
Günther Deschner [Wed, 25 Nov 2009 14:06:19 +0000 (15:06 +0100)]
cifs.upcall: 2nd part of fix for Bug #6868: support building with Heimdal we well as with MIT.
Guenther
(cherry picked from commit
660ee2e74523194e5f6b2b6428d76628beb74717)
Günther Deschner [Thu, 19 Nov 2009 12:44:33 +0000 (13:44 +0100)]
s3-build: really fix build of winbind_krb5_locator.
Guenther
(cherry picked from commit
fc9f199f2619635f73e8ee7f3b5359521d63f325)
Günther Deschner [Wed, 21 Oct 2009 00:44:44 +0000 (02:44 +0200)]
nsswitch: fix the build of the winbind krb5 locator plugin.
Guenther
(cherry picked from commit
b9d9353b548d9b2ab684aa171f511174e6414762)
Günther Deschner [Wed, 11 Nov 2009 23:52:38 +0000 (00:52 +0100)]
cifs.upcall: Fix Bug #6868: support building with Heimdal we well as with MIT.
Guenther
(cherry picked from commit
b29eed492f1c056adb0b53510be10e738276ca11)
Günther Deschner [Wed, 11 Nov 2009 23:51:46 +0000 (00:51 +0100)]
s3-kerberos: add smb_krb5_principal_get_realm().
Guenther
Günther Deschner [Fri, 6 Nov 2009 09:25:53 +0000 (10:25 +0100)]
s3-kerberos: fix some build warnings when building against heimdal.
Guenther
Günther Deschner [Thu, 9 Oct 2008 09:05:42 +0000 (11:05 +0200)]
kerberos: fix some heimdal build warnings.
Guenther
Volker Lendecke [Thu, 8 Oct 2009 12:02:39 +0000 (14:02 +0200)]
s3: Fix shadow copy display on Windows 7
Windows 7 is a bit more picky on our NT_STATUS_BUFFER_TOO_SMALL. Announce the
right buffer size, the same amount we later check for.
Fix bug #6850 (Shadow Copy Support for VISTA / Windows 7).
Karolin Seeger [Mon, 30 Nov 2009 13:53:23 +0000 (14:53 +0100)]
s3:docs: Fix typo in man mount.cifs.
Fix bug #6844 (wrong credential file format in mount.cifs manpage).
Thanks to the Debian Samba package maintainers for reporting!
Karolin
(cherry picked from commit
3b7f8a759f57f32a8c1bc2db85236e88f616ffd9)
(cherry picked from commit
54e2e0ae51e2e126696570104ed64d0458beb4ce)
(cherry picked from commit
dbe41dce7491df93a26bb0f4bd2a33b53fe90188)
Karolin Seeger [Mon, 30 Nov 2009 12:34:34 +0000 (13:34 +0100)]
s3:docs: Document "aio write behind".
Part of a fix for bug #6890 (Some smb.conf parameters are undocumented).
Karolin
(cherry picked from commit
fde7c2ab19bc7442d8ee9d85ab2fe54e0cfb4782)
(cherry picked from commit
267ebc03b43dd8c11f5aebf341620b0d94d95135)
(cherry picked from commit
93bbbd3cc776e4aa69239cb086067ec953fc8c8e)
Karolin Seeger [Mon, 30 Nov 2009 11:29:27 +0000 (12:29 +0100)]
s3:docs: Document "ldap page size".
Part of a fix for bug #6890 (Some smb.conf parameters are undocumented).
Karolin
(cherry picked from commit
9478ec35b5349f50a61bbe2aa88af88577918e91)
(cherry picked from commit
940121d666b9e0645584c93db178b763ac5c8c04)
(cherry picked from commit
a1d8a6127448fbdc25d1d87a2541a2ea8e430e17)
Karolin Seeger [Mon, 30 Nov 2009 10:40:06 +0000 (11:40 +0100)]
s3:docs: Document "enable core files".
Part of a fix for bug #6890 (Some smb.conf parameters are undocumented).
Karolin
(cherry picked from commit
b03ad70848e6ea889f382c0cb9f21057370f1ab6)
(cherry picked from commit
15f7b70b0e6b6bd2604255cff1c351bb0425e9f3)
(cherry picked from commit
5832bc1c5896b391131952a06013154cbdafe3f9)
Volker Lendecke [Sun, 22 Nov 2009 21:38:45 +0000 (22:38 +0100)]
s3: Fix bug 6338 -- net rpc trustdom list always display "none"
Günther Deschner [Tue, 24 Nov 2009 10:36:14 +0000 (11:36 +0100)]
docs: Fix Bug 6922: Add Registry patchfile for Win7 domain join.
Patchfile from SATOH Fumiyasu <fumiyas@osstech.co.jp>.
Thanks!
Guenther
(cherry picked from commit
95d0f0aab01fdd751841d57cebe6150cd6fdf80c)
Jelmer Vernooij [Thu, 4 Jun 2009 21:43:31 +0000 (23:43 +0200)]
clikrb5: Prefer krb5_free_keytab_entry_contents to krb5_kt_free_entry.
Both functions exist in MIT Kerberos >= 1.7, but only
krb5_free_keytab_entry_contents has a prototype.
Part of a fix for bug #6918 (Build breaks with krb5-client-1.7-6.1.i586).
Michael Adam [Fri, 20 Nov 2009 11:44:43 +0000 (12:44 +0100)]
s3:idmap_ldap: trim the " chars from the location string in idmap_ldap_db_init
Fix bug #6910 (idmap_ldap stumbles over idmap backend = ldap:"ldap://ldap1
ldap://ldap2"=.
When idmap backend is specified as
idmap backend = ldap:"ldap://server1 ldap://server2"
then currently "ldap://server1 ldap://server2" was passed to
ldap_initialize including the quotes, leading to an ldap error.
Michael
Andrew Tridgell [Thu, 15 Oct 2009 23:40:50 +0000 (10:40 +1100)]
s3: fixed krb5 build problem on ubuntu karmic
Karmic has MIT krb5 1.7-beta3, which has the symbol
krb5_auth_con_set_req_cksumtype but no prototype for it.
See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531635
(cherry picked from commit
a6e4cb500b4162cae1d906a1762507370b4ee89e)
Part of a fix for bug #6918.
Günther Deschner [Tue, 10 Nov 2009 12:10:12 +0000 (13:10 +0100)]
s3-rpc_client: make sure cli_rpc_pipe_open_schannel() does not always return NT_STATUS_OK.
Guenther
Part of a fix for bug #6697.
And hopefully a fix for bug #6889.
Günther Deschner [Tue, 10 Nov 2009 10:04:08 +0000 (11:04 +0100)]
s3-rpc_client: protect rpc_pipe_np_smb_conn against a NULL struct rpc_pipe_client.
Guenther
Part of a fix for bug #6697.
Jeremy Allison [Tue, 27 Oct 2009 18:55:34 +0000 (11:55 -0700)]
Second part of the fix for bug 6828 - infinite timeout occurs when byte lock held outside of samba. Fixes case where a connection with a pending lock can me marked "idle", and ensures that the lock queue timeout is always recalculated. Jeremy.
Jeremy Allison [Fri, 6 Nov 2009 22:10:49 +0000 (14:10 -0800)]
Fix bug 6875 - trans2 FIND_FIRST2 response --> FIND_FIRST2 Data -> Fille Attributes are returned as 0x220 for LANMAN2.1 dialect Jeremy.
Jeremy Allison [Mon, 9 Nov 2009 20:41:13 +0000 (12:41 -0800)]
Fix bug 6880 - cannot list workgroup servers reported by Alban Browaeys <prahal@yahoo.com> with fix. Revert
2e989bab0764c298a2530a2d4c8690258eba210c with extra comments - this broke workgroup enumeration. Jeremy.
Jeremy Allison [Mon, 2 Nov 2009 21:51:27 +0000 (13:51 -0800)]
Fix bug 6867 - trans2findnext returns reply_nterror(req, ntstatus) In a directory with a lot of files. Jeremy.
Bo Yang [Sat, 24 Oct 2009 02:55:36 +0000 (10:55 +0800)]
s3: Fix crash in pam_winbind, another reference to freed memory.
Fix bug #6840.
Signed-off-by: Bo Yang <boyang@samba.org>
Jeremy Allison [Thu, 22 Oct 2009 22:35:59 +0000 (15:35 -0700)]
Fix bug 6829 - smbclient does not show special characters properly. All successful calls to cli_session_setup() *must* be followed by calls to cli_init_creds() to stash the credentials we successfully connected with. There were 2 codepaths where this was missing. This caused smbclient to be unable to open the \srvsvc pipe to do an RPC netserverenum, and cause it to fall back to a RAP netserverenum, which uses DOS codepage conversion rather than the full UCS2 of RPC, so the returned characters were not correct (unless the DOS codepage was set correctly). Phew. That was fun to track down :-). Includes logic simplification in libsmb_server.c Jeremy.
Jeremy Allison [Wed, 21 Oct 2009 01:17:19 +0000 (18:17 -0700)]
Fix bug 6828 - infinite timeout occurs when byte lock held outside of samba Jeremy.
Bo Yang [Mon, 19 Oct 2009 18:23:36 +0000 (02:23 +0800)]
s3: Don't fail authentication when one or some group of require-membership-of is invalid.
Signed-off-by: Bo Yang <boyang@samba.org>
Fix bug #6826.
Karolin Seeger [Fri, 16 Oct 2009 14:06:17 +0000 (16:06 +0200)]
s3:packaging: Adapt directory name.
Karolin
Jeff Layton [Wed, 14 Oct 2009 15:06:23 +0000 (11:06 -0400)]
cifs.upcall: do a brute-force search for KRB5 credcache
A few weeks ago, I added some code to cifs.upcall to take the pid sent
by the kernel and use that to get the value of the $KRB5CCNAME
environment var for the process. That works fine on the initial mount,
but could be problematic on reconnect.
There's no guarantee on a reconnect that the process that initiates the
upcall will have $KRB5CCNAME pointed at the correct credcache. Because
of this, the current scheme isn't going to be reliable enough and we
need to use something different.
This patch replaces that scheme with one very similar to the one used by
rpc.gssd in nfs-utils. It searches the credcache dir (currently
hardcoded to /tmp) for a valid credcache for the given uid. If it finds
one then it uses that as the credentials cache. If it finds more than
one, it uses the one with the latest TGT expiration.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Addresses bug #6810.
Jeff Layton [Wed, 14 Oct 2009 15:06:21 +0000 (11:06 -0400)]
cifs.upcall: make using ip address conditional on new option
Igor Mammedov pointed out that reverse resolving an IP address to get
the hostname portion of a principal could open a possible attack
vector. If an attacker were to gain control of DNS, then he could
redirect the mount to a server of his choosing, and fix the reverse
resolution to point to a hostname of his choosing (one where he has
the key for the corresponding cifs/ or host/ principal).
That said, we often trust DNS for other reasons and it can be useful
to do so. Make the code that allows trusting DNS to be enabled by
adding --trust-dns to the cifs.upcall invocation.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Wed, 14 Oct 2009 15:06:20 +0000 (11:06 -0400)]
cifs.upcall: switch to getopt_long
...to allow long option names.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Wed, 14 Oct 2009 15:06:19 +0000 (11:06 -0400)]
cifs.upcall: fix IPv6 addrs sent to upcall to have colon delimiters
Current kernels don't send IPv6 addresses with the colon delimiters, add
a routine to add them when they're not present.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Wed, 14 Oct 2009 15:06:18 +0000 (11:06 -0400)]
cifs.upcall: use ip address passed by kernel to get server's hostname
Instead of using the hostname given by the upcall to get the server's
principal, take the IP address given in the upcall and reverse resolve
it to a hostname.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Wed, 14 Oct 2009 15:04:58 +0000 (11:04 -0400)]
cifs.upcall: clean up flag handling
Add a new stack var to hold the flags returned by the decoder routine
so that we don't need to worry so much about preserving "rc".
With this, we can drop privs before trying to find the location of
the credcache.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Wed, 14 Oct 2009 15:04:56 +0000 (11:04 -0400)]
cifs.upcall: try getting a "cifs/" principal and fall back to "host/"
cifs.upcall takes a "-c" flag that tells the upcall to get a principal
in the form of "cifs/hostname.example.com@REALM" instead of
"host/hostname.example.com@REALM". This has turned out to be a source of
great confusion for users.
Instead of requiring this flag, have the upcall try to get a "cifs/"
principal first. If that fails, fall back to getting a "host/"
principal.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Wed, 14 Oct 2009 15:04:55 +0000 (11:04 -0400)]
cifs.upcall: declare a structure for holding decoded args
The argument list for the decoder is becoming rather long. Declare an
args structure and use that for holding the args. This also simplifies
pointer handling a bit.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Wed, 14 Oct 2009 15:04:54 +0000 (11:04 -0400)]
cifs.upcall: formatting cleanup
Clean up some unneeded curly braces, and fix some indentation.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Wed, 14 Oct 2009 15:04:53 +0000 (11:04 -0400)]
cifs.upcall: clean up logging and add debug messages
Change the log levels to be more appropriate to the messages being
logged. Error messages should be LOG_ERR and not LOG_WARNING, for
instance.
Add some LOG_DEBUG messages that we can use to diagnose problems with
krb5 upcalls. With these, someone can set up syslog to log daemon.debug
and should be able to get more info when things aren't working.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Volker Lendecke [Wed, 14 Oct 2009 15:04:52 +0000 (11:04 -0400)]
Attempt to fix the build -- jlayton, please check!
Jeff Layton [Wed, 14 Oct 2009 15:04:50 +0000 (11:04 -0400)]
cifs.upcall: use pid value from kernel to determine KRB5CCNAME to use
If the kernel sends the upcall a pid of the requesting process, we can
open that process' /proc/<pid>/environ file and scrape the KRB5CCNAME
value out of it.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Volker Lendecke [Wed, 14 Oct 2009 18:37:10 +0000 (11:37 -0700)]
s3:winbind: Fix bug 6793 -- segfault in winbindd_pam_auth
Olaf Flebbe [Tue, 13 Oct 2009 23:49:21 +0000 (16:49 -0700)]
s3/aio: Correctly handle aio_error() and errno.
Fix bug #6805.
Bo Yang [Wed, 14 Oct 2009 19:47:49 +0000 (12:47 -0700)]
Fix bug 6811 - pam_winbind references freed memory. s3: Fix reference to freed memory in pam_winbind.
Karolin Seeger [Thu, 15 Oct 2009 10:43:47 +0000 (12:43 +0200)]
WHATSNEW: Start WHATSNEW for 3.3.10.
Karolin
Karolin Seeger [Thu, 15 Oct 2009 10:40:37 +0000 (12:40 +0200)]
VERSION: Raise version number up to 3.3.10.
Karolin
Karolin Seeger [Mon, 12 Oct 2009 11:45:39 +0000 (13:45 +0200)]
WHATSNEW: Update changes.
Karolin
Karolin Seeger [Mon, 12 Oct 2009 11:10:29 +0000 (13:10 +0200)]
WHATSNEW. Update changes since 3.3.8.
Karolin
Karolin Seeger [Mon, 12 Oct 2009 09:24:30 +0000 (11:24 +0200)]
s3:wbc_sid: Fix build.
Use talloc_free instead of TALLOC_FREE.
Signed-off-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Fri, 9 Oct 2009 20:58:14 +0000 (22:58 +0200)]
s3: Fix a memleak reported by dmarkey (cherry picked from commit
5aeb954ba9382e1975c64ac96f1e377ed6af3ae0)
Fix bug #6797.
Volker Lendecke [Fri, 18 Sep 2009 17:45:36 +0000 (19:45 +0200)]
s3:smbclient: Fix bug 6606 (reported as 6744) in 3.3
This is a port of
1f34ffa0ca and
24309bdb2efc to 3.3.
Fix file corruption using smbclient with NT4 server.
Jeremy Allison [Wed, 7 Oct 2009 22:49:56 +0000 (15:49 -0700)]
Correct fix for bug 6781 - Cannot rename subfolders in Explorer view with recent versions of Samba. Without this fix, renaming a directory ./a to ./b, whilst a directory ./aa was already open would fail. Jeremy.
Jeremy Allison [Thu, 8 Oct 2009 22:55:35 +0000 (15:55 -0700)]
Fix bug 6769 - symlink unlink does nothing. Jeremy.
Michael Adam [Thu, 8 Oct 2009 14:44:48 +0000 (10:44 -0400)]
s3:mount.cifs: make "mount.cifs -V" print the version, not usage.
(cherry-picked from
d7ca4997017e86b6f23ced64f1f1672bfb15716b)
Also make "mount.cifs -h" not exit with error exit code but with return code 0.
Michael
Part 2/2 of a fix for bug #6692 (mount.cifs segfault).
Jeff Layton [Thu, 8 Oct 2009 14:42:37 +0000 (10:42 -0400)]
Revert "cifs mount did not properly display version string when no other parameters passed in."
This reverts commit
c7bf0f4c222ae46be2a751997e03197832b494cd.
Part 1/2 of a fix for bug #6692.
Karolin Seeger [Thu, 8 Oct 2009 13:21:00 +0000 (15:21 +0200)]
WHATSNEW: Add more coherent explanation for bug #6680.
Karolin
Günther Deschner [Thu, 8 Oct 2009 13:16:25 +0000 (15:16 +0200)]
s3-pamsmbpass: copy _pam_get_item and _pam_get_data from pam_winbind.
Fix bug #6790.
Guenther
Karolin Seeger [Thu, 8 Oct 2009 13:12:27 +0000 (15:12 +0200)]
WHATSNEW: List major enhancements.
Karolin
Karolin Seeger [Thu, 8 Oct 2009 13:09:46 +0000 (15:09 +0200)]
WHATSNEW: Update release notes.
Karolin
Günther Deschner [Fri, 19 Jun 2009 15:43:57 +0000 (17:43 +0200)]
s3-{u}mount.cifs: remove unrequired dependency on popt.
Fixes bug #6789.
Guenther
Volker Lendecke [Wed, 7 Oct 2009 13:53:46 +0000 (15:53 +0200)]
s3:winbind: Only ever handle one event after a select call
While handling an fd event, the situation with other fds can change. I've just
seen a winbind stuck in the accept() call on the privileged pipe. I can only
imagine this happen because under high load we first handled other requests and
meanwhile the client on the privileged pipe went away.
Jeremy Allison [Mon, 5 Oct 2009 23:28:59 +0000 (16:28 -0700)]
Fix bug 6776 - Running overlapping Byte Lock test will core dump Samba daemon. Re-write core of POSIX locking logic. Jeremy.
Andrew Klosterman [Tue, 8 Sep 2009 15:38:37 +0000 (17:38 +0200)]
s3:smbd: Fix bug 6690, wrong error check
Stefan Metzmacher [Thu, 24 Sep 2009 19:35:38 +0000 (21:35 +0200)]
s3:winbindd_cm: don't invalidate the whole connection when just samr gave ACCCESS_DENIED
metze
Günther Deschner [Wed, 7 Oct 2009 12:34:05 +0000 (14:34 +0200)]
s3:rpc_server: we need to make a copy of my_name in serverinfo_to_SamInfo3()
This is important for the case the server_info already contains a logon_server.
metze
Günther Deschner [Tue, 6 Oct 2009 09:10:47 +0000 (11:10 +0200)]
s3-rpc_client: fix rpccli_set_timeout to cope with abstract transport.
taken from:
b7094c0b804984de8e0b50c17e7908a2685df557
Guenther
Volker Lendecke [Wed, 23 Sep 2009 04:23:50 +0000 (06:23 +0200)]
s3:winbind: Fix an uninitialized variable (cherry picked from commit
0724649a8a7c04d015317d9dc2ae43ee87c1bd25)
Günther Deschner [Thu, 17 Sep 2009 07:43:36 +0000 (09:43 +0200)]
s3-winbindd: Fix Bug #6711: trusts to windows 2008 (2008 r2) not working.
Winbindd should always try to use LSA via an schannel authenticated ncacn_ip_tcp
connection when talking to AD for LSA lookup calls.
In Samba <-> W2k8 interdomain trust scenarios, LookupSids3 and LookupNames4 via an
schannel ncacn_ip_tcp LSA connection are the *only* options to successfully resolve
sids and names.
Guenther
(cherry picked from commit
6a8ef6c424c52be861ed2a9806f917a64ec892a6)
Günther Deschner [Sat, 12 Sep 2009 21:30:39 +0000 (23:30 +0200)]
s3-winbindd: add cm_connect_lsa_tcp().
Guenther
(cherry picked from commit
58f2deb94024f002e3c3df47f45454edc97f47e1)
Günther Deschner [Thu, 17 Sep 2009 07:42:49 +0000 (09:42 +0200)]
s3-rpc_client: fix non initialized structure in rpccli_lsa_lookup_sids_noalloc.
Guenther
(cherry picked from commit
a4b5c792c55ef90648a528d279beec32f86a9b22)
Günther Deschner [Sat, 12 Sep 2009 22:28:49 +0000 (00:28 +0200)]
s3-rpc_client: add rpccli_lsa_lookup_sids3 wrapper.
Guenther
(cherry picked from commit
2f9adf04e4b3e16c046cb371a428a8a70d5de041)
Günther Deschner [Fri, 11 Sep 2009 17:35:14 +0000 (19:35 +0200)]
s3-rpc_client: add rpccli_lsa_lookup_names4 wrapper.
Guenther
(cherry picked from commit
ff968712bab6c2635ef74723c6f52b0fdac4b424)
Günther Deschner [Thu, 17 Sep 2009 06:06:34 +0000 (08:06 +0200)]
s3-winbindd: add and use winbindd_lookup_names().
Guenther
(cherry picked from commit
99c3fc19587431efda1ae6161453d84673b32071)
Günther Deschner [Thu, 17 Sep 2009 05:59:25 +0000 (07:59 +0200)]
s3-winbindd: add and use winbindd_lookup_sids().
Guenther
(cherry picked from commit
f0b52b8c3133e3696db361d9d0e7d1fff0fab991)
Günther Deschner [Thu, 10 Sep 2009 20:23:21 +0000 (22:23 +0200)]
s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_schannel().
Guenther
(cherry picked from commit
bea8e5fa6038d5abd2ec1e12f9005c4a04abb79f)
Günther Deschner [Mon, 5 Oct 2009 15:41:06 +0000 (17:41 +0200)]
s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_spnego_ntlmssp and cli_rpc_pipe_open_ntlmssp.
Guenther
Günther Deschner [Tue, 4 Nov 2008 17:40:24 +0000 (18:40 +0100)]
s3-rpc_client: add cli_rpc_pipe_open_noauth_transport.
Guenther
(cherry picked from commit
87f61a144b8d25c90b847940ca03ced1f77b036c)
Karolin Seeger [Wed, 7 Oct 2009 07:23:27 +0000 (09:23 +0200)]
WHATSNEW: Prepare release notes for Samba 3.3.9.
Karolin
Karolin Seeger [Wed, 7 Oct 2009 06:44:52 +0000 (08:44 +0200)]
VERSION: Raise version number up to 3.3.9.
Karolin
Jeremy Allison [Fri, 2 Oct 2009 10:23:32 +0000 (12:23 +0200)]
Second part of a fix for bug #6235.
Domain enumeration breaks if master browser has space in name.
Derrell Lipman [Fri, 2 Oct 2009 10:22:25 +0000 (12:22 +0200)]
Fix bug #6532.
Domain enumeration breaks if master browser has space in name.
Kumar Thangavelu [Fri, 29 May 2009 09:27:38 +0000 (11:27 +0200)]
s3/getdcname: Fix 'net' crash.
'net' command crashed when attempting to join a
domain. This occurred in a very specific case where
the DC had multiple IPs and one of the IPs was invalid.
Signed-off-by: Volker Lendecke <vl@samba.org>
Fixes bug #6420.
Jeremy Allison [Wed, 30 Sep 2009 12:27:26 +0000 (14:27 +0200)]
Fix for CVE-2009-2906.
Summary:
Specially crafted SMB requests on
authenticated SMB connections can send smbd
into a 100% CPU loop, causing a DoS on the
Samba server.
(cherry picked from commit
5f1f1c47623f846909481073d56bc909d13e5e37)
Karolin Seeger [Wed, 30 Sep 2009 11:55:06 +0000 (13:55 +0200)]
WHATSNEW: Update release notes.
Karolin
(cherry picked from commit
7fbee9050d08335c6a3dbf6e267c823b33e928c4)
Jeremy Allison [Mon, 28 Sep 2009 11:44:12 +0000 (13:44 +0200)]
Fix for CVE-2009-2813.
===========================================================
== Subject: Misconfigured /etc/passwd file may share folders unexpectedly
==
== CVE ID#: CVE-2009-2813
==
== Versions: All versions of Samba later than 3.0.11
==
== Summary: If a user in /etc/passwd is misconfigured to have
== an empty home directory then connecting to the home
== share of this user will use the root of the filesystem
== as the home directory.
===========================================================
(cherry picked from commit
8afa10ad7d7e81bcae27b6a913210ef8a1ee4426)