Jeremy Allison [Sat, 12 Apr 2008 00:03:53 +0000 (17:03 -0700)]
Janitor for Michael :-).
util_tdb: fix a segfault caused by a fatal typo.
In tdb_wrap_log(), in on occurrence of "debug_level = 0"
instead of "debuglevel = 0" caused me segfaults when
accessing DEBUGLEVEL (which is defined as "*debug_level"...)
Jeremy Allison [Fri, 4 Apr 2008 22:28:18 +0000 (15:28 -0700)]
When using plaintext ucs2 passwords clistr_push calls ucs2_align, which causes
the space taken by the unicode password to be one byte too
long (as we're on an odd byte boundary here). Reduce the
count by 1 to cope with this. Fixes smbclient against NetApp
servers which can't cope. Fix from
bryan.kolodziej@allenlund.com in bug #3840.
Jeremy.
Jeremy Allison [Fri, 4 Apr 2008 18:14:15 +0000 (11:14 -0700)]
Fix bug #5372. With a large CUPS installation with a remote server, contacting
the server when searching for a name for the location and comment fields can
take so much time the client times out. When searching for a name we don't
use these fields anyway, so add a function get_a_printer_search() which
doesn't contact the CUPS server.
Jeremy.
Fix NETLOGON credential chain with Windows 2008 all over the place.
In order to avoid receiving NT_STATUS_DOWNGRADE_DETECTED from a w2k8
netr_ServerAuthenticate2 reply, we need to start with the AD netlogon negotiate
flags everywhere (not only when running in security=ads). Only for NT4 we need
to do a downgrade to the returned negotiate flags.
Jeremy Allison [Wed, 2 Apr 2008 18:23:38 +0000 (11:23 -0700)]
Fix MSDFS bug noticed by Ofir Azoulay <Ofir.Azoulay@expand.com>.
There is no reason to ensure the target host is ourselves, and
this breaks MS clients in some cases.
Jeremy.
Jeremy Allison [Fri, 7 Mar 2008 01:40:53 +0000 (17:40 -0800)]
Fix bug #5267 - nmbd shuts down when network interfaces go down.
Cause nmbd to wait for an interface, in a mode where SIGTERM
will kills us (same way we wait on startup for an interface).
Jeremy.
Jeremy Allison [Thu, 28 Feb 2008 10:26:16 +0000 (02:26 -0800)]
Fix from Guenter Kukkukk <linux@kukkukk.com> to fix listing against
OS/2 servers. OS/2 returns eclass == ERRDOS && ecode == ERRnofiles
for a zero entry directory listing.
Jeremy.
Add variable to define if a share should be hidden.
If you create a share on a Windows machine called foo$ then this share is
of the type STYPE_DISKTREE. So it is possible to administrate this kind of
share. Tested on Windows NT and 2003.
In samba we assume that if a share with a $ at the end must be of the type
STYPE_DISKTREE_HIDDEN. This is wrong, so we need a variable in the config
to define if the share should be hidden or not.
We found that this patch does not play well with currently released cifs.ko
code, so after discussions with Jeff Layton and Steve french we decided it
is best to back it off and re-think a better approach. Jeff will send new
patches later, but for now it is better to just revert to the previous code
Jeremy Allison [Thu, 14 Feb 2008 03:21:12 +0000 (19:21 -0800)]
Fix obscure bug where if client sends us the krb5 part
of a SPNEGO packet we could drop into the NTLMSSP
part of the processing. This fix only for 3.0.28a,
I have a proper SPNEGO negotiate fix for 3.2.
Jeremy
If I'm not completely blind, we should return here. Not doing it here seems not
to be a major flaw, as far as I can see we're only missing the error code. This
might account for some of the very unhelpful NT_STATUS_UNSUCCESSFUL error
messages people see during joins.
Jeremy Allison [Sat, 9 Feb 2008 00:05:08 +0000 (16:05 -0800)]
Fix bug #5247 "Wildcard expansion in mget is broken"
by making cur_dir an invarient ending in '\\' or '/'.
Will forward-port to 3.2 as the code is different here.
Jeremy.
Michael Adam [Wed, 6 Feb 2008 17:16:03 +0000 (18:16 +0100)]
Add configure check for LBER_LOG_PRINT_FN - to intercept ldap debug.
Use the resulting HAVE_LBER_LOG_PRINT_FN to determine whether we can
use it in init_ldap_debugging to intercept LDAP debug output and print
it out in the samba logs (controlled with "ldap debug level").
Jeremy Allison [Fri, 1 Feb 2008 22:54:19 +0000 (14:54 -0800)]
Ensure that convert_string_allocate() allocates 2 extra
bytes and null terminates them to ensure NDR wire-reads
of string types are always null terminated. Bug found by
Volker after great pain :-).
Jeremy.
Simo Sorce [Fri, 1 Feb 2008 18:50:04 +0000 (13:50 -0500)]
Fix winbindd running on a Samba DC,
This patch make sure we do not try to contact smbd in the main dameon
to avoid deadlocks.
All the operations that require connecting to smbd are performed in
the domain child anyway.
Günther Deschner [Thu, 31 Jan 2008 12:05:36 +0000 (13:05 +0100)]
Enable v3-0-test to successfully join a windows 2008 domain controller.
This is hand-merged from a couple of commits from 3-2-test, cherry-picking was
hardly possible without importing all the ldap sign/seal work from metze.
Gerald W. Carter [Mon, 28 Jan 2008 17:32:09 +0000 (11:32 -0600)]
Restrict the enctypes in the generated krb5.conf files to Win2003 types.
This fixes the failure observed on FC8 when joining a Windows 2008 RC1
domain. We currently do not handle user session keys correctly
when the KDC uses AES in the ticket replies.
Jeremy Allison [Fri, 25 Jan 2008 02:13:20 +0000 (18:13 -0800)]
Fix a really subtle old, old bug :-). When canonicalizing the
NT ACL into a POSIX one, if the group being set is the primary group
of the file, map it into a SMB_ACL_GROUP_OBJ, not a SMB_ACL_GROUP.
Otherwise we get an extra bogus group entry in the POSIX ACL.
Jeremy.
Jeremy Allison [Wed, 23 Jan 2008 23:24:57 +0000 (15:24 -0800)]
Added :
Author: Jeremy Allison <jra@samba.org>
Date: Wed Jan 23 15:23:16 2008 -0800
Don't leak memory in error path.
Jeremy.
Author: Jeremy Allison <jra@samba.org>
Date: Wed Jan 23 15:00:40 2008 -0800
Use strchr_m in seaching for '.' in the hostname to make sure we're mb safe.
Jeremy.
Author: Andreas Schneider <anschneider@suse.de>
Date: Thu Jan 17 11:35:40 2008 +0100
Fix Windows 2008 (Longhorn) join.
During 'net ads join' the cli->desthost is a hostname (e.g.
rupert.galaxy.site). Check if we have a hostname and use only the
first part, the machine name, of the string.
Author: Andreas Schneider <anschneider@suse.de>
Date: Thu Jan 17 10:11:11 2008 +0100
Windows 2008 (Longhorn) auth2 flag fixes.
Interop fixes for AD specific flags. Original patch from Todd Stetcher.
Volker Lendecke [Tue, 22 Jan 2008 10:54:31 +0000 (11:54 +0100)]
Copy the 3.2 version of string_replace to 3.0
There are several callers in 3.0 that don't give a pstring to string_replace,
thus it will end up in segfaults like the one reported by Sergio Pires
<suporte@grupovdl.com.br> on samba@samba.org. The 3.2 version of string_replace
does not have the pstring assumption anymore.
Kai Blin [Tue, 15 Jan 2008 18:28:23 +0000 (19:28 +0100)]
libsmb: Do not upper-case target name on NTLMv2 hash generation
This makes our NTLMv2 hash generation compatible to the Davenport example
and fixes a bug when ntlm_auth is called with a non-upper-case --domain
parameter and client ntlmv2 auth = yes