Stefan Metzmacher [Mon, 24 Jan 2011 07:57:47 +0000 (08:57 +0100)]
s3:lib/events: don't loop over fd events is select gave -1
metze
Volker Lendecke [Sat, 22 Jan 2011 15:22:42 +0000 (16:22 +0100)]
s3: Fix connecting to port-139 only servers
When the TCP RST came before the 5 msecs timeout kicked in, we
viewed this as final, as state->req_139 was not set yet.
Fix bug introduced by a fix for bug #7881 (winbind flaky against w2k8).
Karolin Seeger [Sat, 15 Jan 2011 18:19:43 +0000 (19:19 +0100)]
Revert "s3-printing: update parent smbd pcap cache"
This reverts commit
5a2b2d4aeb6fe4af13aa0c92d22ba5bc9b7f7e13.
Karolin Seeger [Sat, 15 Jan 2011 18:19:13 +0000 (19:19 +0100)]
Revert "s3-printing: reload shares after pcap cache fill"
This reverts commit
a8a01e4a3dcafd97372021d0d6f859fd3a69235f.
This commit seems to break 'make test'.
Volker Lendecke [Fri, 14 Jan 2011 15:43:00 +0000 (16:43 +0100)]
s3: Fix bug 7917: Yet another bug in chain_reply
Found by Michael Hanscho <samba@micha.priv.at> with a WinCE client.
Björn Baumbach [Wed, 22 Dec 2010 14:20:29 +0000 (15:20 +0100)]
s3-rpcclient: Fix bug #7880: cmd_spoolss_deletedriver() returned without checking all architectures.
Continues now with next architecture if no driver is available.
Because of the broken behavior of the rpccli_*() functions,
we need special error code handling.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
f5af66e67d7c6d62315671c0cf57f47973316226)
David Disseldorp [Mon, 10 Jan 2011 13:08:07 +0000 (14:08 +0100)]
s3-printing: update parent smbd pcap cache
If a client connects to a samba share and while connected a printer is
added, the client will see the new printer share after a maximum of
'printcap cache time' seconds.
smbd's forked for new client connections inherit printcap information
from the parent (listener) smbd, which does not perform updates on
printcap cache time expiry. Therefore newly connected clients may
initially be presented with stale printer shares.
Add a housekeeping function to the parent smbd to ensure newly connected
clients see up to date printer shares.
The last 2 patches address bug #7836 (A newly added printer isn't visbile to
clients).
David Disseldorp [Sun, 19 Dec 2010 18:52:08 +0000 (19:52 +0100)]
s3-printing: reload shares after pcap cache fill
Since commit
eada8f8a, updates to the cups pcap cache are performed
asynchronously - cups_cache_reload() forks a child process to request
cups printer information and notify the parent smbd on completion.
Currently printer shares are reloaded immediately following the call to
cups_cache_reload(), this occurs prior to smbd receiving new cups pcap
information from the child process. Such behaviour can result in stale
print shares as outlined in bug 7836.
This fix ensures print shares are only reloaded after new pcap data has
been received.
Pair-Programmed-With: Lars Müller <lars@samba.org>
Günther Deschner [Mon, 29 Nov 2010 16:56:40 +0000 (17:56 +0100)]
s3-spoolss: Fix Bug #7641: handle win9x adddriver calls w/o config file.
This turned cupsaddsmb to run into an infinite loop.
Guenther
(cherry picked from commit
c62509c8f2589e7b952517626d61ee34b83e96b3)
(cherry picked from commit
0a0f3b4947689ca4ab7015e9a1ace8d204bab9f3)
Andrew Bartlett [Fri, 10 Dec 2010 04:32:08 +0000 (15:32 +1100)]
s3-dns Don't use DELEG_FLAG in DNS update, Windows 2008R2 does not like it (cherry picked from commit
280caa6b3bb1199939f9349ea5a436a491c81791)
The last 2 patches address bug #7356 (net ads dns register fails in 2008 R2
domain).
Andrew Bartlett [Fri, 10 Dec 2010 04:30:22 +0000 (15:30 +1100)]
s3-dns Don't use SEQUENCE_FLAG in DNS update, Windows 2008R2 does not like it
Andrew Bartlett
(cherry picked from commit
0f1cc889a26477e9a98629f120fe5890b2e106fa)
Stefan Metzmacher [Mon, 3 Jan 2011 15:58:56 +0000 (16:58 +0100)]
s3:net_rpc_vampire_keytab: don't return -1 on success (bug #7899)
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Jan 3 19:05:11 CET 2011 on sn-devel-104
(cherry picked from commit
ddbbc7b12ae8e51bc9658e3356bbeefe314f55bb)
(cherry picked from commit
32d111bef6d38bc3f946e68f133d37e1f1cc25bc)
Björn Baumbach [Fri, 7 Jan 2011 14:53:13 +0000 (15:53 +0100)]
s3-nmbd: Fix bug #7875
nmbd --port didn't work
Stefan Metzmacher [Wed, 29 Dec 2010 11:08:19 +0000 (12:08 +0100)]
s3:lib/netapi: don't set SAMR_FIELD_FULL_NAME if we just want to set the account name (bug #7896)
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Dec 30 18:09:13 CET 2010 on sn-devel-104
(cherry picked from commit
f1d15ea54c313e71fc032b2ed191bdecad868858)
Stefan Metzmacher [Thu, 23 Dec 2010 07:17:48 +0000 (08:17 +0100)]
s3:libsmb: use 16 zero bytes as channel binding checksum in the gssapi checksum (bug #7883)
This fixes SMB session setups with kerberos against some closed
source SMB servers.
The new behavior matches heimdal and mit.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Dec 23 09:38:43 CET 2010 on sn-devel-104
(cherry picked from commit
e9dddc55e324c62973e6a561477b532cf9ed79af)
(cherry picked from commit
3356192af5d36fbe986c4728162d10fe883ba2fd)
Andrew Bartlett [Sat, 11 Sep 2010 06:13:33 +0000 (16:13 +1000)]
s3-krb5 Fix Kerberos on FreeBSD with Samba4 DCs
The idea of this patch is: Don't support a mix of different kerberos
features.
Either we should prepare a GSSAPI (8003) checksum and mark the request as
such, or we should use the old behaviour (a normal kerberos checksum of 0 data).
Sending the GSSAPI checksum data, but without marking it as GSSAPI broke
Samba4, and seems well outside the expected behaviour, even if Windows accepts it.
Andrew Bartlett
(cherry picked from commit
3b4db34011f06fb785153fa9070fb1da9d8f5c78)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Sun, 2 Jan 2011 06:42:57 +0000 (07:42 +0100)]
s3: Fix a memleak in receive_getdc_response
The last 2 patches addresbug #7879 (Memory problems in winbind).
Volker Lendecke [Sun, 2 Jan 2011 01:48:03 +0000 (02:48 +0100)]
Fix a valgrind error
Thanks to Tridge for the hint.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Jan 2 10:58:51 CET 2011 on sn-devel-104
Volker Lendecke [Sat, 18 Dec 2010 15:02:09 +0000 (16:02 +0100)]
s3: Fix bug 7066 -- wbcAuthenticateEx gives unix times
We might eventually want to change this, but right now we get unix times
out of the winbind pipe struct
Volker Lendecke [Tue, 6 Jul 2010 14:55:14 +0000 (16:55 +0200)]
s3: Fix another aspect of bug 7262
(Unable to maintain users' groups via UsrMgr)
Björn Jacke [Fri, 26 Nov 2010 00:32:53 +0000 (01:32 +0100)]
ѕ3/configue: set Tru64 cc's PIC switch right (none)
-fPIC made shared library builds fail there
Fixes #7821
(cherry picked from commit
dbcf73c45782c310cb7ff1f2177d410399e2f06d)
Michael Adam [Thu, 30 Dec 2010 10:12:42 +0000 (11:12 +0100)]
s3:winbind: fix bug #7894 - sporadic winbind panic in rpc query_user_list
correctly evaluate return code of rpccli_samr_QueryDisplayInfo()
before accessing results.
Jeremy Allison [Wed, 29 Dec 2010 01:24:27 +0000 (17:24 -0800)]
Fix bug #7892 - open_file_fchmod() leaves a stale lock.
Volker Lendecke [Tue, 21 Dec 2010 20:55:01 +0000 (21:55 +0100)]
s3: Use smbsock_any_connect in winbind
The last 7 patches address bug #7881 (winbind flaky against w2k8).
Volker Lendecke [Tue, 21 Dec 2010 17:52:53 +0000 (18:52 +0100)]
s3: Retry *SMBSERVER in nb_connect
Volker Lendecke [Mon, 13 Dec 2010 16:17:51 +0000 (17:17 +0100)]
s3: Add smbsock_any_connect
Volker Lendecke [Sun, 12 Dec 2010 17:55:06 +0000 (18:55 +0100)]
s3: Add an async smbsock_connect
This connects to 445 and after 5 milliseconds also to 139. It treats a netbios
session setup failure as equivalent as a TCP connect failure. So if 139 is
faster but fails the nb session setup, the 445 still has the chance to succeed.
Volker Lendecke [Wed, 22 Dec 2010 14:21:27 +0000 (15:21 +0100)]
v3-5-test: Pull in tevent_req_poll_ntstatus from master
Volker Lendecke [Sun, 12 Dec 2010 17:54:31 +0000 (18:54 +0100)]
s3: Add async cli_session_request
This does not do the redirects, but I think that might be obsolete anyway
Volker Lendecke [Sun, 12 Dec 2010 17:53:49 +0000 (18:53 +0100)]
s3: Add some const to name_mangle()
Stefan Metzmacher [Thu, 16 Dec 2010 11:07:24 +0000 (12:07 +0100)]
s3:net ads dns register: use "cluster addresses" option if configured (bug #7871)
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Dec 17 16:49:14 CET 2010 on sn-devel-104
(cherry picked from commit
1dc2fa7616207a2d3a9f1cbe69b2ec1fc61634fd)
(cherry picked from commit
9a40e5f6a500571cc752383ca7fa27347e4efa45)
Michael Adam [Thu, 16 Dec 2010 00:49:14 +0000 (01:49 +0100)]
s3:net ads dns register: add support for specifying addresse on the commandline (bug #7871)
In the clustering case, this is also made the only possiblity to do dns updates,
since the list addresses on the local interfaces is not suitable in that case.
This fixes the "net ads dns register" part of bug #7871.
It might be extended by a parsing of the "cluster addresses" setting.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
5e83a05009787d8a2086db1adc1ed58d61b3725d)
(cherry picked from commit
9ed3d33fb3d7365a127ea2752032840272697902)
Michael Adam [Wed, 15 Dec 2010 23:52:41 +0000 (00:52 +0100)]
s3:net: add net_update_dns_ext() that accepts a list of addresses as parameter (bug# 7871)
This generalized form of net_update_dns() will be used to
add support for specifying a list of addresses on the commandline
of "net ads dns register".
This prepares the "net ads dns register" part of the fix for bug #7871.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
4d91f98b433e07922373bf4e3ba9668b7af71a00)
(cherry picked from commit
4b7775500b1055acf62decbc0fc8283b088da452)
Michael Adam [Wed, 1 Dec 2010 23:42:21 +0000 (00:42 +0100)]
s3:net: disable dynamic dns updates at the end of "net ads join" in a cluster (bug #7871)
In a clustered environment, registering the set of ip addresses that are
assigned to the interfaces of the node that performs the join does usually
not have the desired effect, since the local interfaces do not carry
complete set of the cluster's public IP addresses. And it can also contain
internal addresses that should not be visible to the outside at all.
In order to do dns updates in a clustererd setup, use net ads dns register.
This fixes the net ads join part of bug #7871.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
b8f19df53e66bf0260b4ae6c49acea87ac379deb)
(cherry picked from commit
1c73d52ddddfcec25cf079da4a0d6bf81fb030da)
Andrew Bartlett [Fri, 10 Dec 2010 04:08:53 +0000 (15:08 +1100)]
s3-net Allow 'net ads dns register' to take an optional hostname argument
This allows the administrator to more carefully chose what name to register.
Andrew Bartlett
(cherry picked from commit
c2a1ad9047508cf2745a9019e6783c8b8f7ef475)
(cherry picked from commit
10c5a59315ef69eeb4d8bc19237de9787284a63d)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 1 Dec 2010 23:39:23 +0000 (00:39 +0100)]
s3:ntlm_auth: support clients which offer a spnego mechs we don't support (bug #7855)
Before we rejected the authentication if we don't support the
first spnego mech the client offered.
We now negotiate the first mech we support.
This fix works arround problems, when a client
sends the NEGOEX (1.3.6.1.4.1.311.2.2.30) oid,
which we don't support.
metze
(cherry picked from commit
f802075f08fe0d86f3d176f2302236aeb5834f3d)
Modified to work in the v3-5-test branch, e.g. use ntlmssp_end()
The last 9 patches address bug #7855 (ntlm_auth only handles the first spnego
mech).
Stefan Metzmacher [Wed, 1 Dec 2010 04:59:16 +0000 (05:59 +0100)]
s3:ntlm_auth: free session key, as we don't use it (at least for now)
metze
(cherry picked from commit
ee4f5ac6182969bcab91955e6d6581e408d222f1)
Stefan Metzmacher [Wed, 1 Dec 2010 04:50:59 +0000 (05:50 +0100)]
s3:ntlm_auth: fix memory leak in the raw ntlmssp code path
metze
(cherry picked from commit
9a56ade6b1d627126418c75de4602610b4482503)
Stefan Metzmacher [Tue, 30 Nov 2010 09:52:52 +0000 (10:52 +0100)]
s3: Correctly unwrap the krb ticket in gss-spnego (cherry picked from commit
547b268cfaa2e791bf92e8804bfa504c4e37050b)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
renamed to _spnego_parse_krb5_wrap()
metze
Volker Lendecke [Thu, 16 Sep 2010 08:22:00 +0000 (10:22 +0200)]
s3: Fall back to raw NTLMSSP for the gss-spnego protocol
This is to handle the mod_auth_ntlm_winbind protocol
sending "Negotiate" to IE, which sends raw NTLMSSP
instead of a SPNEGO wrapped NTLMSSP blob.
(cherry picked from commit
70ab7eb5303a5ff058939541dd5bc1f81113a48e)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 30 Nov 2010 09:46:28 +0000 (10:46 +0100)]
s3: Split off output generation from manage_squid_ntlmssp_request (cherry picked from commit
de2c143f4d540f695db5c7fe8685614c03977365)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Thu, 16 Sep 2010 08:36:21 +0000 (10:36 +0200)]
s3: Wrap the ntlm_auth loop with a talloc_stackframe (cherry picked from commit
ae483bbe9af526623189cefe7735f3f2813da6d7)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Wed, 15 Sep 2010 08:29:44 +0000 (10:29 +0200)]
s3: Fix some debug msgs in ntlm_auth (cherry picked from commit
6400f3ee62108e3dd1e6c1013ccea9fb4b08d562)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Mon, 13 Sep 2010 16:09:20 +0000 (18:09 +0200)]
ntlm_auth: Fix a valgrind error (cherry picked from commit
69db4b4ccf051b05517e6eb9039ab48f90608075)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Holger Hetterich [Sat, 4 Dec 2010 17:18:50 +0000 (18:18 +0100)]
Fix bso#3185, return false when EOF is encountered in param name.
Jeremy Allison [Sun, 5 Dec 2010 19:40:21 +0000 (20:40 +0100)]
s3: Fix bug 7843: Expand the local SAMs aliases
Volker Lendecke [Sat, 4 Dec 2010 19:34:05 +0000 (20:34 +0100)]
s3: Fix bug 7842: WINBINDD_LOOKUPRIDS does not return the domain name
Volker Lendecke [Sat, 4 Dec 2010 19:31:36 +0000 (20:31 +0100)]
s3: Fix bug 7841: WINBINDD_LOOKUPRIDS asks the wrong domain
Jeremy Allison [Thu, 2 Dec 2010 23:27:17 +0000 (15:27 -0800)]
Fix bug #7835 - vfs_fill_sparse() doesn't use posix_fallocate when strict allocate is on
Tries posix_fallocate() and then falls back to old code.
Jeremy.
Volker Lendecke [Sat, 13 Nov 2010 17:03:25 +0000 (18:03 +0100)]
s3: Fix "force group" with ntlmssp guest session setup
This one is subtle: Set "force group = <somegroup>" together with "guest ok =
yes". Then try "smbclient //server/share -U%". Works. Then try to connect to
the same share from Windows 2003 using an anonymous connection. Breaks with
make_connection: connection to share denied due to security descriptor
although the share_info.tdb is empty. I've seen reports of this on the lists,
but I could never ever nail it until a customer gave me access to such a box.
What happens? With an empty share_info.tdb we create a security descriptor
allow everything to the world. The problem with the above parameter combination
is that S-1-1-0 (World) is lost in the token. When you look at the callers of
create_local_token, they are only called if the preceding check_ntlm_password
did not create server_info->ptok. Not so with the one in auth_ntlmssp.c. So, if
we get a NTLMSSP session setup with user="", domain="", pass="" we call
create_local_token even though check_guest_security() via
make_server_info_guest() has already correctly done so. In this case
create_local_token puts S-1-1-0 into user_sids[1], which is supposed to be the
primary group sid of the user logging in. "force group" then overwrites this ->
the world is gone -> "denied due to security descriptor".
Why don't you see it with smbclient -U% (anonymous connection)? smbclient does
not use ntlmssp for anon session setup.
This seems not to happen to 3.6.
Volker
Fix bug #7817 ("force group" broken).
Volker Lendecke [Thu, 18 Nov 2010 12:28:47 +0000 (13:28 +0100)]
s3: Make winbind recover from a signing error
When winbind sees a signing error on the smb connection to a DC (for whatever
reason, our bug, network glitch, etc) it should recover properly. The "old"
code in clientgen.c just closed the socket in this case. This is the right
thing to do, this connection is spoiled anyway. The new, async code did not do
this so far, which led to the code in winbindd_cm.c not detect that we need to
reconnect.
Fix bug #7800 (winbind does not recover from smb signing errors).
olivier [Wed, 10 Nov 2010 16:48:06 +0000 (17:48 +0100)]
switch from mtime to ctime which is more reliable if files can be accessed outside samba as well
Fix bug #7789 (change vfs_scannedonly from mtime to ctime).
Jeremy Allison [Tue, 23 Nov 2010 22:21:25 +0000 (14:21 -0800)]
Fix bug #7812 - vfs_acl_xattr/vfs_acl_tdb: ACL inheritance cannot be disabled
We were losing the incoming security descriptor revision number and
most importantly the "type" field as sent by the client. Ensure we
correctly store these in the xattr object.
Jeremy.
Jeremy Allison [Wed, 17 Nov 2010 23:58:15 +0000 (15:58 -0800)]
Fix our privileges code to display privileges with the "high" 32-bit value set.
SeSecurityPrivilege is the first LUID we have added that has a non-zero
"high" value, ensure our LUID code correctly supports it.
Jeremy.
The last 14 patches address bug #7716 (acl_xattr and acl_tdb modules don't store
unmodified copies of security descriptors).
Jeremy Allison [Fri, 19 Nov 2010 00:13:28 +0000 (16:13 -0800)]
Add SeSecurityPrivilige.
Jeremy.
Jeremy Allison [Fri, 22 Oct 2010 23:14:28 +0000 (16:14 -0700)]
Ensure we have correct parameters to use Windows ACL modules.
Jeremy Allison [Sat, 23 Oct 2010 00:28:58 +0000 (17:28 -0700)]
Add acl_xattr:ignore system acls boolean (normally false) to allow Samba ACL module to ignore mapping to lower POSIX layer. With this fix Samba 3.6.x now passes RAW-ACLs (with certain smb.conf parameters set).
Jeremy.
Jeremy Allison [Fri, 22 Oct 2010 23:04:53 +0000 (16:04 -0700)]
Add make_default_filesystem_acl() function to be used in following change to acl_xattr and acl_tdb module.
Jeremy Allison [Fri, 22 Oct 2010 22:56:31 +0000 (15:56 -0700)]
Fix handling of "NULL" DACL. Map to u/g/w - rwx.
Jeremy Allison [Sat, 23 Oct 2010 00:23:13 +0000 (17:23 -0700)]
Fix "force unknown ACL user" to strip out foreign SIDs from POSIX ACLs if they can't be mapped.
Jeremy Allison [Fri, 22 Oct 2010 21:55:52 +0000 (14:55 -0700)]
Add debug message to get_nt_acl_internal() to see what we got.
Jeremy Allison [Fri, 22 Oct 2010 21:54:19 +0000 (14:54 -0700)]
Fix valgrind "uninitialized read" error on "info" when returning !NT_STATUS_OK.
Jeremy Allison [Fri, 15 Oct 2010 21:12:04 +0000 (14:12 -0700)]
Fix bug #7734 - When creating files with "inherit ACLs" set to true, we neglect to apply appropriate create masks.
Jeremy.
(cherry picked from commit
8cad5e23b6e2440a566def6fb138d484e3b47643)
Jeremy Allison [Fri, 15 Oct 2010 20:30:07 +0000 (13:30 -0700)]
Fix bug #7733 - Invalid client DOS attributes on create can cause incorrect unix mode_t to be generated.
It turns out a client can send an NTCreateX call for a new file, but specify
FILE_ATTRIBUTE_DIRECTORY in the attribute list. Windows silently strips this,
but we don't - causing the unix_mode() function to go through the "mode bits
for new directory" codepath, instead of the "mode bits for new file" codepath.
Jeremy.
(cherry picked from commit
92adb686372a9b67e47efb5b051bc351212f1780)
Jeremy Allison [Sat, 23 Oct 2010 00:18:45 +0000 (17:18 -0700)]
Make the vfs_acl_xattr and other modules work with NULL SD's. Fix the "protected" inheritance problem (bleeding up from the POSIX layer).
Jeremy
Jeremy Allison [Sat, 23 Oct 2010 00:11:17 +0000 (17:11 -0700)]
Canonicalize incoming and outgoing ACLs.
Jeremy.
Jeremy Allison [Sat, 23 Oct 2010 00:07:10 +0000 (17:07 -0700)]
Make the posix ACL module cope with a NULL incoming DACL and a missing owner/group.
Jeremy.
Jeremy Allison [Tue, 23 Nov 2010 19:16:31 +0000 (11:16 -0800)]
Fix bug #7785 - atime limit.
On a 64-bit time_t system make MAX_TIME_T the max value that
can be represented in a struct tm. This allows applications to
set times in the future beyond the 32-bit time_t limit (2037).
This is only in source3/configure.in, needs adding to the waf
configure/build system (but I'll need help with that).
Jeremy.
Samba-JP oota [Tue, 23 Nov 2010 16:06:48 +0000 (17:06 +0100)]
s3-docs: Update 3.2 features.
(cherry picked from commit
aa54713615c5d0367528733ff2c3a5650eed96f7)
Jeremy Allison [Thu, 11 Nov 2010 17:44:21 +0000 (09:44 -0800)]
Fix bug #7791 - gvfsd-smb (Gnome vfs) fails to copy files from a SMB share using SMB signing.
The underlying problem is that the old code invoked by cli_write() increments
cli->mid directly when issuing outstanding writes. This should now be done only
in libsmb/clientgen.c to make metze's new signing engine works correctly. Just
deleting this code fixes the problem.
Jeremy.
Jeremy Allison [Fri, 5 Nov 2010 19:13:38 +0000 (12:13 -0700)]
Second part of fix for bug #7777 - When requesting lookups for BUILTIN sids, winbindd allocates new uids/gids in error.
Ensure we return after calling passdb for SID lookups for which we are
authoritative.
Jeremy.
Jeremy Allison [Fri, 5 Nov 2010 19:11:53 +0000 (12:11 -0700)]
First part of fix for bug #7777 - When requesting lookups for BUILTIN sids, winbindd allocates new uids/gids in error.
Ensure idmap_init_passdb_domain() correctly initialized the default
domain first.
Jeremy.
Volker Lendecke [Sat, 6 Nov 2010 20:18:35 +0000 (21:18 +0100)]
s3: Fix bug 7779, crash in expand_msdfs
Volker Lendecke [Wed, 3 Nov 2010 12:08:37 +0000 (13:08 +0100)]
s3: Fix a getgrent crash with many groups
Fix bug #7774.
Jeremy Allison [Wed, 20 Oct 2010 20:58:15 +0000 (13:58 -0700)]
Fix bug #7744 - "dfree cache time" doesn't work.
There is a bug in processing the dfree cache time, which is associated with the
smbd idle timer. The idle timer call conn_idle_all(), which updates the
conn->lastused timestamp. The dfree cache time code in smbd/dfree.c depends on
conn->lastused being up to date to refresh the cached dfree value.
Unfortunately the conn_idle_all() returns early if any of the connection
structs is not idle, never updating any further conn->lastused timestamps. If
(as is common due to an IPC$ connection) there are more than one used
connection struct, then the conn->lastused timestamps after the IPC$ connection
in the connection list will never be updated.
Ensure we always update conn->lastused for all connections when calling
conn_idle_all().
Jeremy.
Jeremy Allison [Wed, 20 Oct 2010 18:22:57 +0000 (11:22 -0700)]
Fix bug #7743 - Inconsistent use of system name lookup can cause a domain joined machine to fail to find users.
Ensure all username lookups go through Get_Pwnam_alloc(), which is the
correct wrapper function. We were using it *some* of the time anyway,
so this just makes us properly consistent.
Jeremy.
Volker Lendecke [Fri, 15 Oct 2010 14:37:47 +0000 (16:37 +0200)]
s3: Fix bug 7730 -- crash in winbindd_dsgetdcname.c
Jeremy Allison [Thu, 7 Oct 2010 21:26:13 +0000 (14:26 -0700)]
Fix bug 7716 - acl_xattr and acl_tdb modules don't store unmodified copies of security descriptors.
As pointed out by an OEM, the code within smbd/posix_acl.c, even though passed
a const pointer to a security descriptor, still modifies the ACE entries within
it (which are not const pointers).
This means ACLs stored in the extended attribute by the acl_xattr module have
already been modified by the POSIX acl layer, and are not the original intent
of storing the "unmodified" ACL from the client.
Use dup_sec_desc to make a copy of the incoming ACL on talloc_tos() - that
is what is then modified inside smbd/posix_acl.c, leaving the original ACL
to be correctly stored in the xattr.
Jeremy.
Volker Lendecke [Sat, 2 Oct 2010 09:50:26 +0000 (11:50 +0200)]
s3: Attempt to fix bug 7665
Quite a few of our internal routines put stuff on talloc_tos() these days.
In top-level netapi routines, properly allocate a stackframe and clean it
again. Also, don't leak memory in the rpccli_ callers onto the libnetapi
context.
Michael Adam [Sun, 31 Oct 2010 00:04:25 +0000 (02:04 +0200)]
s3:librpc/ndr: use new strlen_m_ext_term() in ndr_charset_length(): fix bug #7594
This fixes the calculation of needed space for destination unicode charset.
The last 4 patches address bug #7594 ("wbinfo -u" and "wbinfo -g" gives no
output (log=>ndr_pull_error)).
Stefan Metzmacher [Wed, 25 Aug 2010 08:05:15 +0000 (10:05 +0200)]
librpc/ndr: correctly implement ndr_charset_length()
Before we ignored the charset type.
metze
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Sun, 31 Oct 2010 00:02:16 +0000 (02:02 +0200)]
s3:lib/util_str: add strlen_m_ext_term() - variant of strlen_m_ext() counting terminator
Michael Adam [Mon, 1 Nov 2010 15:28:43 +0000 (16:28 +0100)]
s3:lib/util_str: add strlen_m_ext() that takes the dest charset as a parameter.
Jeremy Allison [Mon, 13 Sep 2010 23:51:59 +0000 (16:51 -0700)]
Fix bug 7409 - Thousands of reduce_name: couldn't get realpath.
Don't log this at level 1 - every EACCES will generate one.
Thanks to muehlfeld@medizinische-genetik.de for pointing this out.
Jeremy.
Karolin Seeger [Fri, 8 Oct 2010 12:36:50 +0000 (14:36 +0200)]
WHATASNEW: Start 3.5.7 release notes.
Karolin
Karolin Seeger [Fri, 8 Oct 2010 12:35:23 +0000 (14:35 +0200)]
VERSION: Bump version number up to 3.5.7.
Karolin
Karolin Seeger [Thu, 7 Oct 2010 16:21:32 +0000 (18:21 +0200)]
WHATSNEW: Update release notes.
Karolin
Volker Lendecke [Sat, 2 Oct 2010 15:07:00 +0000 (17:07 +0200)]
s3: Stop using the write cache after an oplock break
Fix bug #7715 (Setting Samba Write Cache Size Can Cause File Corruption).
Jeremy Allison [Sun, 26 Sep 2010 11:59:31 +0000 (04:59 -0700)]
Fix bug 7694 - Crash bug with invalid SPNEGO token.
Found by the CodeNomicon test suites at the SNIA plugfest.
http://www.codenomicon.com/
If an invalid SPNEGO packet contains no OIDs we crash in the SMB1/SMB2 server
as we indirect the first returned value OIDs[0], which is returned as NULL.
Modified for 3.5.x.
Jeremy.
Karolin Seeger [Wed, 6 Oct 2010 19:24:30 +0000 (21:24 +0200)]
WHATSNEW: Update release notes.
Karolin
Jeremy Allison [Sun, 26 Sep 2010 11:49:29 +0000 (04:49 -0700)]
Fix bug #7698 - Assert causes smbd to panic on invalid NetBIOS session request.
Found by the CodeNomicon test suites at the SNIA plugfest.
http://www.codenomicon.com/
If an invalid NetBIOS session request is received the code in name_len() in
libsmb/nmblib.c can hit an assert.
Re-write name_len() and name_extract() to use "buf/len" pairs and
always limit reads.
(Modified for 3.5.x)
Jeremy.
Volker Lendecke [Sat, 25 Sep 2010 17:56:58 +0000 (10:56 -0700)]
s3: Fix bug 7470
S_IREAD and S_IWRITE are not standard.
Thanks to Joachim Schmitz <schmitz@hp.com> for reporting!
Karolin Seeger [Mon, 27 Sep 2010 20:04:27 +0000 (22:04 +0200)]
WHATSNEW: Update changes since 3.5.5.
Karolin
Volker Lendecke [Sat, 18 Sep 2010 14:37:04 +0000 (07:37 -0700)]
s3: Fix bug 7688, rpcclient command line completion crashing
We've grown more than 100 rpcclient commands by now, so this would overwrite
the array of 100 completions. There's nicer ways to fix this problem, but 1000
rpcclient commands should be at least a bit away.
Karolin Seeger [Sat, 25 Sep 2010 13:21:17 +0000 (15:21 +0200)]
VERSION: Bump version number up to 3.5.6.
Karolin
Karolin Seeger [Sat, 25 Sep 2010 13:20:26 +0000 (15:20 +0200)]
WHATSNEW: Prepare release notes for Samba 3.5.6.
Karolin
Volker Lendecke [Tue, 21 Sep 2010 22:41:23 +0000 (15:41 -0700)]
s3: Remove a global variable in bugfix for bug 7665
Günther Deschner [Tue, 21 Sep 2010 04:05:37 +0000 (21:05 -0700)]
s3-libnetapi: Fix Bug #7665, memory leak in netapi connection manager.
Guenther
(cherry picked from commit
6f47a24bc55be0ea907594a748774675a105b5e3)
Volker Lendecke [Mon, 6 Sep 2010 13:13:48 +0000 (15:13 +0200)]
s3: Fix the charset_pull routine
In the push routine we do the SVAL, so we should do the SSVAL here.
Fix bug #7531 (3.5.3 unusable on solaris 10).
Björn Jacke [Mon, 7 Jun 2010 21:06:28 +0000 (23:06 +0200)]
s3: fix build on platforms without st_blocks and st_blksize stat struct members
This fixes bug 7474.
git.samba.org / metze / samba / wip.git / log