Karolin Seeger [Tue, 8 May 2012 09:05:37 +0000 (11:05 +0200)]
s3-docs: overrided -> overridden
Fix typo. Part of a fix for bug #7938. Based on a patch provided by John
Bradshaw <john@johnbradshaw.org>.
(cherry picked from commit
6b4890246ddbd606484e7247bea86c238cc0a057)
(cherry picked from commit
8b266d110d77b2204a29c00f7f57e62fe801cbfc)
Björn Jacke [Tue, 8 May 2012 12:23:33 +0000 (14:23 +0200)]
s3/ldap: remove outdated netscape ds 5 schema file
remove outdated netscape ds 5 schema file and put a README there pointing to
the FDS schema file instead. This fixes bug #8869
(commit
b31f773ae1640313dc1ba86b334e9bbb9cb31bd6 in master)
(commit
9fd8692a9d066f4e469eb0668ae1f0c8b2c8db6c in v3-6-test)
(cherry picked from commit
353d7436468247ad20c006480a134caaccf0228c)
Jeremy Allison [Fri, 30 Mar 2012 19:23:07 +0000 (12:23 -0700)]
Fix bug #8831 - Inconsistent (with manpage) command-line switch for "help" in smbtree
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Mar 30 22:59:53 CEST 2012 on sn-devel-104
(cherry picked from commit
efd94d159883cb0841d8ac83223a1e63098a8d72)
(cherry picked from commit
815ba9db6f9ae405c6e8a590ee96a31cf30ba481)
(cherry picked from commit
6692bd5944bcc060453a8ae3424cef71b47d37f4)
Jeremy Allison [Wed, 25 Apr 2012 22:17:09 +0000 (15:17 -0700)]
Fix bug #8897 - winbind_krb5_locator only returns one IP address.
Reported by Dina_Fine@Dell.com.
Don't ask the DC for an IP list when locating kdc's. Ask for the
name and use getaddrinfo to get all possible addresses instead.
(cherry picked from commit
56b0ec0e91f9af0eb6c109fc1cc300ad5fee3fe6)
(cherry picked from commit
cf39e013930d29574826f6ad3a259fe47203c000)
Karolin Seeger [Mon, 30 Apr 2012 18:48:52 +0000 (20:48 +0200)]
WHATSNEW: Start release notes for 3.5.16.
Karolin
Karolin Seeger [Mon, 30 Apr 2012 18:46:52 +0000 (20:46 +0200)]
VERSION: Bump version number up to 3.5.16.
Karolin
Jeremy Allison [Tue, 17 Apr 2012 18:49:55 +0000 (11:49 -0700)]
Fix self granting privileges in security=ads.
CVE-2012-2111
Karolin Seeger [Fri, 27 Apr 2012 19:09:56 +0000 (21:09 +0200)]
WHASNEW: Release notes for 3.5.15.
Karolin
Karolin Seeger [Tue, 10 Apr 2012 18:26:01 +0000 (20:26 +0200)]
WHATSNEW: Start release notes for Samba 3.5.15.
Karolin
Karolin Seeger [Tue, 10 Apr 2012 18:24:15 +0000 (20:24 +0200)]
VERSION: Bump version up to 3.5.15.
Karolin
Stefan Metzmacher [Thu, 15 Mar 2012 17:46:44 +0000 (18:46 +0100)]
rerun 'make samba3-idl'
metze
The last 10 patches address bug #8815 (PIDL based autogenerated code allows
overwriting beyond of allocated array; CVE-2012-1182).
Stefan Metzmacher [Thu, 15 Mar 2012 16:03:05 +0000 (17:03 +0100)]
pidl/NDR/Parser: also do range checks on the array size
metze
Stefan Metzmacher [Thu, 15 Mar 2012 12:14:48 +0000 (13:14 +0100)]
pidl/NDR/Parser: do array range validation in ParseArrayPullGetLength()
metze
Stefan Metzmacher [Thu, 15 Mar 2012 12:13:20 +0000 (13:13 +0100)]
pidl/NDR/Parser: use helper variables for array size and length
metze
Stefan Metzmacher [Thu, 15 Mar 2012 14:07:08 +0000 (15:07 +0100)]
pidl/NDR/Parser: remember if we already know the array length
metze
Stefan Metzmacher [Thu, 15 Mar 2012 12:07:47 +0000 (13:07 +0100)]
pidl/NDR/Parser: use ParseArrayPullGetLength() to get the number of array elements (bug #8815 / CVE-2012-1182)
An anonymous researcher and Brian Gorenc (HP DVLabs) working
with HP's Zero Day Initiative program have found this and notified us.
metze
Stefan Metzmacher [Thu, 15 Mar 2012 12:05:39 +0000 (13:05 +0100)]
pidl/NDR/Parser: split off ParseArrayPullGetSize() and ParseArrayPullGetLength()
metze
Stefan Metzmacher [Thu, 15 Mar 2012 12:12:04 +0000 (13:12 +0100)]
pidl/NDR/Parser: simplify logic in DeclareArrayVariables*()
metze
Stefan Metzmacher [Thu, 15 Mar 2012 12:09:51 +0000 (13:09 +0100)]
pidl/NDR/Parser: declare all union helper variables in ParseUnionPull()
metze
Stefan Metzmacher [Tue, 21 Sep 2010 03:41:37 +0000 (05:41 +0200)]
pidl:NDR/Parser: fix range() for arrays
metze
(cherry picked from commit
bea4948acb4bbee2fbf886adeb53edbc84de96da)
Karolin Seeger [Sat, 7 Apr 2012 13:57:14 +0000 (15:57 +0200)]
WHATSNEW: Prepare release notes for 3.5.14.
Karolin
Karolin Seeger [Tue, 20 Mar 2012 20:27:17 +0000 (21:27 +0100)]
WHATSNEW: Start release notes for 3.5.14.
Karolin
(cherry picked from commit
4898de8a5e2f715c4672c75fa44408e756724627)
Karolin Seeger [Tue, 20 Mar 2012 20:24:51 +0000 (21:24 +0100)]
VERSION: Bump version up to 3.5.14.
Karolin
(cherry picked from commit
33d332960fa266a08ff0ee72945101051fa4d71e)
Karolin Seeger [Fri, 9 Mar 2012 20:18:11 +0000 (21:18 +0100)]
WHATSNEW: Update 3.5.13 release notes.
Karolin
(cherry picked from commit
38bfe91ea3bad2e516320f9a0fef5cce42835e83)
Karolin Seeger [Mon, 5 Mar 2012 20:18:13 +0000 (21:18 +0100)]
WHATSNEW: Start to add changes since 3.5.12.
To be continued...
Karolin
(cherry picked from commit
abb2dcde786b1656c4df1e3bbe09757d640c6549)
Matthieu Patou [Fri, 24 Feb 2012 22:06:02 +0000 (14:06 -0800)]
s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path
If not the child process would hang for quite a long time up to the
moment when the connection is cleaned by the kernel (took ~ 20 minutes)
in my tests.
Fix bug #8771 (Winbind takes up to 20 minutes to change from DC 1 to DC 2 and
in the meantime to respond NT_STATUS_IO_TIMEOUT).
(cherry picked from commit
8e141d666c3fc835001249753b6ea9b508256d73)
Matthieu Patou [Fri, 10 Feb 2012 19:45:21 +0000 (11:45 -0800)]
s3-winbindd: set the can_do_validation6 also for trusted domain
The flag can_do_validation6 was only set for the domain to which
winbindd is the member. Setting this flag in other domains (trusted
domain) if it's active directory domain is a good idea as it allow to do
level 6 validation also when winbindd is querying them directly.
(cherry picked from commit
05036fab0a9847219c73c0abd931a39fba0bccfd)
Address bug #8599 (WINBINDD_PAM_AUTH_CRAP returns invalid user session key).
(cherry picked from commit
01747a5554839f21992b8845328c4b08c3dd8ff8)
(cherry picked from commit
6c1501a8efd49efb7b9f5c75963c2f1124e7e258)
Michael Adam [Fri, 22 Jul 2011 08:11:52 +0000 (10:11 +0200)]
s3:loadparm: fix the reload of the configuration: also reload activated registry shares
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Fri Jul 22 16:53:49 CEST 2011 on sn-devel-104
(cherry picked from commit
efbe1602bd014eada4811f336bdccbf4692d3807)
The last 2 patches address bug 8327 (config reload fails to reload shares from
registry).
(cherry picked from commit
12b60f9688cb64fbfce729b3555ab75a71fbb949)
Michael Adam [Fri, 22 Jul 2011 08:10:43 +0000 (10:10 +0200)]
s3:loadparm: add reload_registry_shares() - reload only those shares already loaded (cherry picked from commit
ec113a58a4dc4e4f3ea03f7818eb312325f69482)
(cherry picked from commit
bc5a7f23e1e909a2196a1038da20c3391c922614)
Stefan Metzmacher [Tue, 31 Jan 2012 18:02:18 +0000 (10:02 -0800)]
s3:client: ignore SMBecho errors (the server may not support it) (bug #8139) Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
bb28a9387d3c76f6f8c7f79ec61d37a499d6c8f6)
(cherry picked from commit
461adc665aaadc730d7705b3785d45f787f98425)
Andrew Bartlett [Fri, 27 Jan 2012 02:53:34 +0000 (13:53 +1100)]
s3-libsmb Do not limit read replies to NBT packet sizes
With the posix extensions, we can read 16MB at a time, so we need to
check the full size of the packet, not the size rounded down to the
old NBT limit.
Andrew Bartlett
Fix bug #8727 (smbclient fails with posix large reads).
(cherry picked from commit
3394bbf45dd219dc0293809fe2c50ad3ab7cede6)
Jeremy Allison [Sat, 21 Jan 2012 00:37:50 +0000 (16:37 -0800)]
Fix bug 8636 - When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field.
(cherry picked from commit
f0c4e96cb4419015a9082e05ffc65bb370aede48)
Jeremy Allison [Tue, 10 Jan 2012 22:43:04 +0000 (14:43 -0800)]
Second part of fix for bug #8673 - NT ACL issue.
Ensure we process the entire ACE list instead of returning ACCESS_DENIED
and terminating the walk - ensure we only return the exact bits that cause
the access to be denied. Some of the S3 fileserver needs to know if we
are only denied DELETE access before overriding it by looking at the
containing directory ACL.
(cherry picked from commit
a509cda3794e8b3ba49d0e86d4aee962b3bd9309)
Jeremy Allison [Tue, 10 Jan 2012 21:41:55 +0000 (13:41 -0800)]
First part of fix for bug #8673 - NT ACL issue.
Simplify the logic in the unlink/rmdir calls - makes it readable
(and correct). Add some debug.
(cherry picked from commit
c333e7ad01fb63c9682526799b2571cac251b76e)
Jeremy Allison [Fri, 16 Dec 2011 23:43:21 +0000 (15:43 -0800)]
Third part of fix for bug #8663 - deleting a symlink fails if the symlink target is outside of the share.
can_access_file_acl() - we can always delete a symlink.
can_delete_file_in_directory() - We don't need to do another STAT call
here, we know smb_fname->st is in a valid state.
smbd_check_open_rights() - we can always delete a symlink.
(cherry picked from commit
42bcd6abe3797e0d22c8404db5edd2b96fccac47)
Jeremy Allison [Fri, 16 Dec 2011 19:56:01 +0000 (11:56 -0800)]
Second part of fix for bug #8663 - deleting a symlink fails if the symlink target is outside of the share.
Ensure we use UCF_UNIX_NAME_LOOKUP flags on filename_convert()
when doing a restricted set of infolevels in trans2setfilepathinfo().
(cherry picked from commit
f352486f9649f5b2a24851d942a5f9c5f6b6e7cc)
Jeremy Allison [Thu, 15 Dec 2011 23:50:23 +0000 (15:50 -0800)]
First part of fix for bug #8663 - deleting a symlink fails if the symlink target is outside of the share.
Remove two unneeded check_name() calls. They have already been done
in order to get here.
(cherry picked from commit
4ceba7f93f530302f3edb23be4e44e3366bcc768)
Jeremy Allison [Fri, 16 Dec 2011 20:13:52 +0000 (12:13 -0800)]
Fix bug #8664 - Renaming a symlink fails if the symlink target is outside of the share.
(cherry picked from commit
33fd99946178e3c2649b289580b1ae1285c46d23)
Günther Deschner [Fri, 6 Jan 2012 15:10:55 +0000 (16:10 +0100)]
s3-libads: fix malloc/talloc mismatch in ads_keytab_verify_ticket().
Guenther
Fix big #8692 (ads_keytab_verify_ticket mixes talloc allocation with malloc
free).
(cherry picked from commit
6da7abe87db15d260db807643a25a96fc05e5ad9)
(cherry picked from commit
aa217fb42c124800c0e1327768a45b4b07f63e6e)
Stefan Metzmacher [Thu, 10 Nov 2011 13:43:55 +0000 (14:43 +0100)]
libcli/cldap: fix a crash bug in cldap_socket_recv_dgram() (bug #8593)
After a calling any wrapper of tevent_req_notify_callback(),
e.g. tevent_req_nterror(), tevent_req_done(), tevent_req_nomem(),
a function has to return immediately otherwise it is very likely to
crash.
metze
(similar to commit
17f1a97a614db4ed8292544988cb6a6cf56621d8)
(cherry picked from commit
d2aa10c255932b2d3060fcfc5cea19caef213724)
Stefan Metzmacher [Fri, 23 Dec 2011 13:45:45 +0000 (14:45 +0100)]
s3:lib/ctdbd_conn: try ctdbd_init_connection() as root (bug #8684)
ctdbd_traverse is only called if the main db_context is already
open. So if we could get to information via dbwrap_fetch,
we should also be able to traverse.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Dec 23 18:19:14 CET 2011 on sn-devel-104
(cherry picked from commit
4a1895eb9921ad533910d08823c2814c470875fd)
(cherry picked from commit
1d61fe68230dc307c107b9eabf9583f8571f5d61)
Volker Lendecke [Wed, 4 Jan 2012 19:09:54 +0000 (11:09 -0800)]
Fix bug #8686 - Packet validation checks can be done before length validation causing uninitialized memory read.
(cherry picked from commit
24ac26ddfd9ee8841d1984e710a4dfe535b9abcf)
(cherry picked from commit
93c76f96b82ec27be97c390cd1ef5d965766e273)
Jeremy Allison [Thu, 5 Jan 2012 21:54:29 +0000 (13:54 -0800)]
Fix bug #8687 - net memberships usage info is wrong
Typo in usage.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Jan 6 00:30:20 CET 2012 on sn-devel-104
(cherry picked from commit
0453544900ef2ebff7a3c677d4048ef530713b64)
(cherry picked from commit
4e6955a05a1813c7a452ad83652ff96b43e21f06)
Andreas Schneider [Mon, 21 Nov 2011 17:19:43 +0000 (18:19 +0100)]
s3-libsmb: Don't duplicate kerberos service tickets.
This fixes bug #8628.
Each time we do a client connection. Each time we call to function to
get the service ticket from the cache we duplicate it. So with each
connection we end up with one or three duplicated tickets.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Dec 15 19:30:42 CET 2011 on sn-devel-104
(cherry picked from commit
d0330c7dd64b320cd86e2341b31da6be81ba829b)
(cherry picked from commit
60cb113d98d98200b1d8b279591c930e6b0d1857)
(cherry picked from commit
70bbd7a208014be1cb7f0e58a830787920f1d54c)
Jeremy Allison [Sat, 31 Dec 2011 05:19:08 +0000 (21:19 -0800)]
Final part of fix for bug #8679 - recvfile code path using splice() on Linux leaves data in the pipe on short write.
The code to set a DOS error on short writeX return is amazingly
legacy code, and also breaks the reply as fixup_chain_error_packet()
enforces a 2-byte wct on any reply where smb_rcls != 0.
Found in testing by Andrew Bartlett. Thanks Andrew !
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Dec 31 08:05:35 CET 2011 on sn-devel-104
(cherry picked from commit
e39df67669f61056692736db9c8dc16fbf2c3624)
(cherry picked from commit
627f57f0714f257c6082b21447d122935c6e92e2)
(cherry picked from commit
610053a6dbe0fc109e3e73c1f7cb26ec8dc48c11)
Jeremy Allison [Sat, 31 Dec 2011 04:45:10 +0000 (20:45 -0800)]
Third part of fix for bug #8679 - recvfile code path using splice() on Linux leaves data in the pipe on short write.
Fix default_sys_recvfile() to correctly cope with
short writes. Return the amount written. Return
-1 and set errno if no data could be written.
(cherry picked from commit
5e6263960aaf1a5f9993cb7bb5646d36ff92b9cc)
(cherry picked from commit
ec9b07e84e806705e22f0cf2eb527fed14efac55)
(cherry picked from commit
b0bc8bec29bce808253adf2a95b7fdb7d36a176f)
Jeremy Allison [Sat, 31 Dec 2011 04:23:00 +0000 (20:23 -0800)]
Second part of fix for bug #8679 - recvfile code path using splice() on Linux leaves data in the pipe on short write.
Split out the functionality of drain_socket() into a separate
function from default_sys_recvfile().
(cherry picked from commit
a5715420e37b98038fe8f2c3028e4c6938400eed)
(cherry picked from commit
7924e459b6677ba3500afff4b78f797e1e0ad83d)
(cherry picked from commit
1076d0d0491ca9d988c8095514838975e6fce4ec)
Jeremy Allison [Sun, 25 Dec 2011 05:12:09 +0000 (21:12 -0800)]
Fix bug #8679 - recvfile code path using splice() on Linux leaves data in the pipe on short write
Bug found and fix suggested by Andrew Bartlett.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sun Dec 25 07:46:38 CET 2011 on sn-devel-104
(cherry picked from commit
eb617374a673bb1189dd9b6bccbf3f1d9fb91010)
(cherry picked from commit
b3f344b5b52096715eb5670b146f477a67af8245)
(cherry picked from commit
e1cbc6b4ac55d2cdb55bcfa4dbcd667cedf6ffb2)
Masafumi Nakayama [Wed, 4 Jan 2012 01:24:58 +0000 (17:24 -0800)]
s3-cli: fix bug 563, >8GB tar on BE machines
Borrows on existing patches proposed by Craig Barratt and Brad Ellis.
Signed-off-by: David Disseldorp <ddiss@suse.de>
Back-ported to 3.5.x by Jeremy Allison <jra@samba.org>
(cherry picked from commit
b217fc3ac18c04011861217eb5e0b596554ab88a)
Andreas Schneider [Tue, 3 Jan 2012 15:54:39 +0000 (16:54 +0100)]
s3-winbind: Move finding the domain to it's own function.
This the first part to fix bug #8678.
(cherry picked from commit
5075e565684627dfbd23f715da344b4365351ccb)
(cherry picked from commit
2fca06a63d47619f2b6902b1c8601021843c4b95)
(cherry picked from commit
76137cbcfa6f8ecae2417b034e3f08d43242f5fa)
Andreas Schneider [Tue, 3 Jan 2012 15:55:25 +0000 (16:55 +0100)]
s3-winbind: Fix segfault if we can't map the last user.
This fixes bug #8678.
The issue is caused by bug #8608.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Wed Jan 4 18:30:53 CET 2012 on sn-devel-104
(cherry picked from commit
b9d208bdaa9da2a5ae534481865efc881b851b01)
(cherry picked from commit
23db6e7cf65bdd3974a4857dda0be6ad7d758b9a)
(cherry picked from commit
b16104ddf431d81f673bc3cf5e998c0f9421f2e9)
Jeremy Allison [Fri, 2 Dec 2011 18:55:40 +0000 (10:55 -0800)]
Fix bug #8644 - vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries on a directory with no stored ACL.
If referring to an fsp sbuf can be left as an uninitialized variable,
causing the 'is_directory' variable to be false when it should be true.
(cherry picked from commit
16c0d52842386fc2ebf975166b57b888d36796c5)
(cherry picked from commit
c4e0462a9edfee64cba6cf5db18a54cc3c51c4f1)
Andreas Schneider [Sat, 3 Dec 2011 00:19:34 +0000 (16:19 -0800)]
s3-winbind: Add an update function for winbind cache.
With
57b3d32 we changed the format for the winbind cache database and
the code deleted the database for the upgrade. As this database holds
also cached credentials, removing it is not an option. We need to update
from version 1 to version 2.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Dec 3 03:47:58 CET 2011 on sn-devel-104
(cherry picked from commit
a3f600521122d1a6d74d16668bd1ea4447c5c867)
The last 3 patches address bug #8658 (Negative / positive winbind cache won't
expire till opposite type of query is made).
(cherry picked from commit
1854e6a766e1a7bf55b175d7975d3b6235149c7d)
Jeremy Allison [Wed, 12 Oct 2011 16:43:18 +0000 (09:43 -0700)]
Fix bug #8521 - winbindd cache timeout expiry test was reversed
Found and fix reported by Micha Lenk <micha@lenk.info>. Thanks !
(cherry picked from commit
1e4761d05978b7a495d121acc1deaa7049f3911c)
(cherry picked from commit
b5215ca58c7501e093030c527f82078c8b315b88)
Christian Ambach [Thu, 4 Nov 2010 16:10:25 +0000 (17:10 +0100)]
s3:winbind add timeouts to winbind cache
This adds a timeout value to cache entries and the NDR records
in the winbind cache.
The previous approach of just comparing the sequence number has some issues,
e.g. when retrying a wbinfo -n operation for a user in a not yet trusted
domain was always failing even after the trusted domain was added.
The new approach compares sequence number and timeout value to
determine if a cache entry is still valid or not.
I increased the cache version number so an old cache will be wiped
automatically after upgrade.
(cherry picked from commit
57b3d32c8d87c4273d30d73fe2bfd3de0178945d)
(cherry picked from commit
6a761e873c34badd628a5460dd18830465ec484c)
Björn Jacke [Sat, 10 Dec 2011 12:53:42 +0000 (13:53 +0100)]
s3/doc: document the ignore system acls option of vfs_acl_xattr and vfs_acl_tdb
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Sat Dec 10 15:30:46 CET 2011 on sn-devel-104
(cherry picked from commit
f452add2231906742c9fd119371cd4fd81a1bdd6)
Fix bug #8652 (vfs_acl man pages miss "ignore system acls" option).
(cherry picked from commit
ceeab5c66cef2c5aa7931329a9976c8173f44467)
(cherry picked from commit
a8037a582795ce5bbd9361bf6d000b6110c6eb9b)
Jeff Layton [Tue, 6 Dec 2011 14:32:18 +0000 (09:32 -0500)]
manpage: add more undocumented options to mount.cifs manpage
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Fix bug #8648 (document more undocumented mount.cifs options).
(cherry picked from commit
407c3facf1061616d6dc9a814bab2217ea343040)
Andreas Schneider [Mon, 5 Dec 2011 17:12:12 +0000 (18:12 +0100)]
docs: Add missing prefixpath options for mount.cifs.
Signed-off-by: Andreas Schneider <asn@samba.org>
Fix bug #8645 (mount.cifs misses documentation for the prefixpath= option).
(cherry picked from commit
d68296009d07bb644749d4655898f7908df7bfb7)
Volker Lendecke [Wed, 30 Nov 2011 17:51:27 +0000 (18:51 +0100)]
s3: Attempt to fix the vfs_commit module
This bug went in in 2007. I wonder how much this module is actually used....
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Nov 30 21:46:09 CET 2011 on sn-devel-104
(cherry picked from commit
b638abf70a3c9b2815344454946c0931295551be)
(cherry picked from commit
33a8e161401b889feca19b2bb9222509cf77c37d)
Fix bug #8639 (vfs_commit is broken (.open_fs doesn't return a file descriptor).
(cherry picked from commit
8ceed5335c447dee08cddc66087d04478f0afd4b)
Jeremy Allison [Tue, 29 Nov 2011 19:55:39 +0000 (11:55 -0800)]
Fix bug 8631 - POSIX ACE x permission becomes rx following mapping to and from a DACL Reported by David Disseldorp. Fix based on a patch by David.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Nov 29 22:32:27 CET 2011 on sn-devel-104
(cherry picked from commit
6bf97ea3bc70745f64f82251cbce443f2637c703)
(cherry picked from commit
28fa8d8d777f3da40fde2fb57cd06659f76cf658)
(cherry picked from commit
8d8d7a1c7f2b085801bfb7b4c4885969e1d7fce1)
Richard Sharpe [Mon, 14 Nov 2011 15:47:38 +0000 (07:47 -0800)]
Improve configure.in so it can be used outside the Samba source tree.
Autobuild-User: Richard Sharpe <sharpe@samba.org>
Autobuild-Date: Thu Nov 17 07:00:38 CET 2011 on sn-devel-104
(cherry picked from commit
f50aa988c201c2fe78e467f1a419bedc741e1d31)
Fix bug #8607 (The configure.in in examples/VFS does not easily allow building
modules outside the Samba source tree).
(cherry picked from commit
7db7ea684a17b70ecae31c70c1b2e647ea0fafa1)
(cherry picked from commit
0a6d7a9ff9c96771ac0d5ca8159c5a2246cae782)
Andreas Schneider [Mon, 14 Nov 2011 09:01:31 +0000 (10:01 +0100)]
s3-winbind: Don't fail on users without a uid.
This fixes bug #8608.
If you join samba with idmap_ad backend to an AD. When you try to
enumerate users with 'getent passwd' and the user doesn't have a uid
set, then getent is aborted cause of NT_STATUS_NONE_MAPPED. If we can't
map a user we should not stop but continue enumerating users.
This normally happens with the default user 'krbtgt' with idmap_ad but
could also happen with other backends.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Tue Nov 15 16:52:04 CET 2011 on sn-devel-104
(backported from commit
10b285ccc29b106f164a6c18116e237634867717)
Signed-off-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
6849353175d6623c3508f0dd955c7aace6cfc677)
Karolin Seeger [Thu, 17 Nov 2011 20:23:09 +0000 (21:23 +0100)]
s3/packaging: Fix rpm build issues on RHEL4.
Second part of a fix for bug #7705 (RHEL samba.spec broken - and fix).
Based on patches of Jason Haar and Daniël van Eeden. Thanks a lot!
Karolin
Autobuild-User: Karolin Seeger <kseeger@samba.org>
Autobuild-Date: Fri Nov 18 22:13:06 CET 2011 on sn-devel-104
(cherry picked from commit
1d471ee393b0a0c1f9cc4256217acabcd98a5dbf)
(cherry picked from commit
b0e5fb69df8b66544afc29d0b3dac5454d04fe3e)
(cherry picked from commit
4efc4fc9a77fe94a9513bcbfc3a24878783ee3f1)
Karolin Seeger [Thu, 17 Nov 2011 20:02:30 +0000 (21:02 +0100)]
s3/packaging: Fix rpm build issues on RHEL.
Fix bug #7705 (RHEL samba.spec broken - and fix).
Based on patches of Jason Haar and Daniël van Eeden. Thanks a lot!
Karolin
Autobuild-User: Karolin Seeger <kseeger@samba.org>
Autobuild-Date: Thu Nov 17 23:05:28 CET 2011 on sn-devel-104
(cherry picked from commit
32e825d60df26fa1d4cf5c8c7cb37ca0523847ca)
(cherry picked from commit
f89cdef51633402006dcad17b49e596a41905a40)
(cherry picked from commit
3862b127bae80ed62a3a6c2ca4e43a7f58623d5b)
Stefan Metzmacher [Fri, 11 Nov 2011 01:10:00 +0000 (02:10 +0100)]
s3:libsmb: consistently use state->size in cli_write_andx_create() (bug #5326)
Otherwise we may get unexpected results.
This is a fix that was missing in commit
95595dd93fd04999fcf56ecaab7c29b064d021f8
(s3:libsmb: fix cli_write_and_x() against OS/2 print shares (bug #5326))
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Nov 9 10:13:32 CET 2011 on sn-devel-104
(cherry picked from commit
4b31c4273c45faa639445614061f3da548eb8505)
(cherry picked from commit
2bdf8728612dd7ca5b04e38375beabe9db4a91bf)
Stefan Metzmacher [Tue, 8 Nov 2011 07:25:16 +0000 (08:25 +0100)]
s3:libsmb: fix cli_write_and_x() against OS/2 print shares (bug #5326)
Print shares doesn't support CAP_LARGE_WRITEX, while it's negotiated
by the file server part.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Nov 8 17:01:36 CET 2011 on sn-devel-104
(cherry picked from commit
95595dd93fd04999fcf56ecaab7c29b064d021f8)
(cherry picked from commit
9b3a0594424a66bb410bdc48aebfdee8485b1df4)
Jeremy Allison [Tue, 15 Nov 2011 21:30:22 +0000 (13:30 -0800)]
Fix bug #8561 - Password change settings not fully observed.
(cherry picked from commit
467a586b3b25f632a5b9ca58abf428a546d97740)
Günther Deschner [Thu, 3 Nov 2011 19:55:08 +0000 (20:55 +0100)]
examples: Fix perl path.
Fix bug #8176 (wall.perl example uses /usr/loca/bin for pat to perl binary).
(cherry picked from commit
2bec3bd80fc16699dfe8cc6aa3afd97881b8bfe9)
Stefan Metzmacher [Wed, 2 Nov 2011 09:58:26 +0000 (10:58 +0100)]
s3:rpc_server/srv_netlogon: make sure we don't use an unitialized variable
metze
The last 3 patches address bug #8562 (talloc: double free error).
(cherry picked from commit
b7bc7cd98a8dbf77275d2a6f31be6798b362a1cf)
Stefan Metzmacher [Wed, 2 Nov 2011 09:57:09 +0000 (10:57 +0100)]
libcli/auth: only expose creds to the caller on success
metze
(cherry picked from commit
bb7d9fd886723e78680670ef4b0010e76f94ea80)
Stefan Metzmacher [Wed, 2 Nov 2011 09:55:27 +0000 (10:55 +0100)]
libcli/auth: debug the given computer name creds might be NULL
metze
(cherry picked from commit
b6c3195a5a08808c8cf6a6ae3099bf534ddd36a8)
Karolin Seeger [Thu, 3 Nov 2011 19:40:38 +0000 (20:40 +0100)]
WHATSNEW: Start release notes for 3.5.13.
Karolin
(cherry picked from commit
9a92f8400cddac554257127a92030f4b1cbb0cbc)
Karolin Seeger [Thu, 3 Nov 2011 19:37:28 +0000 (20:37 +0100)]
VERSION: Bump version up to 3.5.13.
Karolin
(cherry picked from commit
7f1badf7bd86593e6ca3490eaf9afd4f790b12cc)
Karolin Seeger [Tue, 1 Nov 2011 18:51:08 +0000 (19:51 +0100)]
WHATSNEW: Update changes since 3.5.11.
Karolin
(cherry picked from commit
bcf1198b1c03b3f0dd8032df93ff1b30074d37f2)
Jeremy Allison [Sat, 22 Oct 2011 01:08:46 +0000 (18:08 -0700)]
Fix bug #8542 - smbclient posix_open command fails to return correct info on open file.
(cherry picked from commit
d27f5a277ef47c5ff94e402930680b37e8f4d592)
(cherry picked from commit
a7224ca5e77aa3e7d3a460515b07aa5b6cb099ae)
Jeremy Allison [Sat, 22 Oct 2011 01:35:15 +0000 (18:35 -0700)]
Third part of fix for bug #8541 - readlink() on Linux clients fails if the symlink target is outside of the share.
Missed passing ucf_flags instead of hard coded flags in findfirst call.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Oct 22 06:30:16 CEST 2011 on sn-devel-104
(cherry picked from commit
f4593181876f7a9ef55ceee8d1a20369197a63ba)
(cherry picked from commit
73aee207497028b524f2f4d011ab28d954a598c7)
Jeremy Allison [Mon, 24 Oct 2011 22:34:27 +0000 (15:34 -0700)]
Second part of fix for bug #8541 - readlink() on Linux clients fails if the symlink target is outside of the share.
The statcache has to do lstat instead of stat when returning cached
posix pathnames.
(cherry picked from commit
84ce5f1b96be650ad80fa1dc030539113a27c50d)
Jeremy Allison [Mon, 24 Oct 2011 22:24:04 +0000 (15:24 -0700)]
Fix bug #8541 - readlink() on Linux clients fails if the symlink target is outside of the share.
The key is to only allow the lookup to succeed if it's a UNIX level lookup or readlink,
but disallow all other operations.
(cherry picked from commit
9685fb343de057598752d8f43d43523cab5c4356)
Jeremy Allison [Mon, 25 Jul 2011 23:12:45 +0000 (16:12 -0700)]
Use existing ISDOT and ISDOTDOT macros.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Jul 28 02:09:20 CEST 2011 on sn-devel-104
(cherry picked from commit
d82256ca119eb8315cc69ba725ba71c386caa901)
(cherry picked from commit
6ae54263b77f7663df0c390c496a139bed443b27)
Günther Deschner [Wed, 26 Oct 2011 11:44:49 +0000 (13:44 +0200)]
s3-netapi: remove pointless use_memory_krb5_ccache.
This breaks the ABI.
Guenther
See bug #7465 for more details.
(cherry picked from commit
9378a904740ee456758e00acdd23e3016d4810ee)
Karolin Seeger [Mon, 24 Oct 2011 17:59:21 +0000 (19:59 +0200)]
WHATSNEW: Add changes since 3.5.11.
Karolin
(cherry picked from commit
0b183a1a44720454fad597a2895762a5d77ed2b8)
Björn Jacke [Thu, 20 Oct 2011 19:39:38 +0000 (21:39 +0200)]
s3:Makefile: make DSO_EXPORTS_CMD more portable (#8531)
It sems like every not completely trivial sed expression should be tested with
Solaris' sed. Its regexp engine is way more limited than the one of GNU
sed. Thanks to Michael Pelletier for finding this! This fixes bug #8531
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Thu Oct 20 23:15:05 CEST 2011 on sn-devel-104
(cherry picked from commit
37be1df3d7534c2cc8e1e25614164c2178372b94)
(cherry picked from commit
763ad499aa4423c5e68a75f20f2ba8ee967e5984)
(cherry picked from commit
53b551d160a9e5b645aaa6582d7ffc82e5e52b59)
Jeremy Allison [Wed, 12 Oct 2011 00:00:08 +0000 (17:00 -0700)]
Add new contributing FAQ announcing acceptance of corporate (C).
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct 12 03:46:41 CEST 2011 on sn-devel-104
(cherry picked from commit
bd01ae227bc567fd7953e446236364fc4d110a48)
(cherry picked from commit
f165b54828f451943b172b8d2d1bfd15f37b7fdf)
(cherry picked from commit
390616329875e5f6bdf65c840a12b2e90141bceb)
Karolin Seeger [Tue, 18 Oct 2011 18:39:49 +0000 (20:39 +0200)]
s3-docs: Adapt version...
in man vfs_aio_fork.
Karolin
(cherry picked from commit
e07423a0d55437fcc85d205214315a21d452cee7)
Björn Jacke [Tue, 18 Oct 2011 08:54:56 +0000 (10:54 +0200)]
s3/doc: add man page for aio_fork vfs module
thanks to Volker for the content
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Tue Oct 18 12:24:35 CEST 2011 on sn-devel-104
(cherry picked from commit
56328a4d61c8d0a52f6841097bf8fc4ffd46bfb6)
(cherry picked from commit
51f87fce55d160abed6b04ea27f53f254d2db474)
Fix bug #8256 (vfs_aio_fork is undocumented).
(cherry picked from commit
c48f8ae21b8279b9b62aca5e04eb1547c6dbd9c6)
Volodymyr Khomenko [Wed, 12 Oct 2011 16:57:57 +0000 (09:57 -0700)]
Fix bug #8515 - Empty CIFS share can be blocked for other clients by deleting it via empty path (DELETE_PENDING until the last client)
Disallow "." in can_set_delete_on_close().
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct 12 21:07:27 CEST 2011 on sn-devel-104
(cherry picked from commit
bd260f03ab492d03c2890db47dc6fb4f1b824a1a)
(cherry picked from commit
c6e2256e2ef024ecdbebb9cb04d919342daeb780)
Bram [Thu, 29 Sep 2011 09:28:03 +0000 (11:28 +0200)]
Bug 7551: Return error of cli_push when 'put - /some/file' is used
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Sep 29 23:47:02 CEST 2011 on sn-devel-104
(cherry picked from commit
d883cc664cac81633a60e5b04f99f23a3577ae65)
(cherry picked from commit
20ee0810ff4da3a16a8b7947d4aa0138a8d76577)
Jeremy Allison [Sat, 8 Oct 2011 18:18:34 +0000 (20:18 +0200)]
Bug 7551: Return error of cli_push when 'put - /some/file' is used.
(cherry picked from commit
ff5b58d3038bed5a20511bc76405d8ebdae75a87)
Jeremy Allison [Tue, 4 Oct 2011 23:40:58 +0000 (16:40 -0700)]
Fix bug #8507 - smbd doesn't correctly honor the "force create mode" bits from a cifsfs create.
Don't manipulate the new_dos_attributes bits until we know it's not a POSIX open.
(cherry picked from commit
2bdf5042dd14283ae195d442d20385ed158367ae)
Jeremy Allison [Thu, 8 Sep 2011 21:10:16 +0000 (14:10 -0700)]
Second part of fix for bug #8443 - Default user entry is set to minimal permissions on incoming ACL change with no user specified.
Be smarter about setting default permissions when a ACL_USER_OBJ isn't given. Use the principle of least surprises for the user.
(cherry picked from commit
abf0629535a8082229810c6905c356b20c482be9)
Jeremy Allison [Thu, 8 Sep 2011 20:56:06 +0000 (13:56 -0700)]
First part of fix for bug #8443 - Default user entry is set to minimal permissions on incoming ACL change with no user specified.
create_default_mode() is not needed - it's taken care of by code
inside ensure_canon_entry_valid().
(cherry picked from commit
0dba9c975a8bfa9e6441c3a4726e1e68cbf364ca)
Jeremy Allison [Fri, 2 Sep 2011 22:08:42 +0000 (15:08 -0700)]
Part 3 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument)
Don't call check_owning_objs() to convert ACL_USER->ACL_USER_OBJ and
AC_GROUP->ACL_GROUP_OBJ for default (directory) ACLs, we do this separately
inside ensure_canon_entry_valid().
(cherry picked from commit
06fd08dea1dde4b86546a8f87574d68dcac0e840)
Jeremy Allison [Fri, 2 Sep 2011 22:07:48 +0000 (15:07 -0700)]
Part 2 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument)
Only map CREATOR_OWNER/CREATOR_GROUP to ACL_USER_OBJ/ACL_GROUP_OBJ in
a default(directory) ACL set.
(cherry picked from commit
36f60cef6d6ac5625a88a73ce53bdb2b0fe0f000)
Jeremy Allison [Fri, 2 Sep 2011 21:59:31 +0000 (14:59 -0700)]
Part 1 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument)
Remove the code I added for bug "6878 - Cannot change ACL's inherit flag". It is incorrect
and causes the POSIX ACL ACL_USER_OBJ duplication.
(cherry picked from commit
cd5d9a5c8fb0660835d60479fb783e4f7cae743f)
Jeremy Allison [Fri, 7 Oct 2011 15:56:59 +0000 (08:56 -0700)]
Fix bug #8458 - IE9 on Windows 7 cannot download files to samba 3.5.11 share
Handle the SECINFO_LABEL flag in the same way as Win2k3.
(cherry picked from commit
4b26ffd1ea430b2cc612884c8ba194498a64932b)
Jeremy Allison [Fri, 30 Sep 2011 20:35:59 +0000 (13:35 -0700)]
Fix bug #8493 - DFS breaks zip file extracting unless "follow symlinks = no" set
If a client sends a mangled name as part of a DFS path, use the
post-mangled name for the pathname walk, not the mangled name.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Oct 1 00:45:59 CEST 2011 on sn-devel-104
(cherry picked from commit
149875f887287dbbf016d2252962b023b0bae967)
(cherry picked from commit
1ed1b19b2eeda3217d03d66d4220abd871b03cb4)
Karolin Seeger [Wed, 28 Sep 2011 18:17:42 +0000 (20:17 +0200)]
s3-docs: Remove "experimental" label on VFS ACL modules
in the documentation also (bug #8494).
Karolin
(cherry picked from commit
bd5d9d9fba23ea585b701c41ec27482a0076729e)
(cherry picked from commit
4c060730723dcf4a2d6e2833361fa4737bc9a29b)
Jeremy Allison [Fri, 20 May 2011 21:43:50 +0000 (14:43 -0700)]
Patch for bug #8156 - net ads join fails to use the user's kerberos ticket.
If kerberos_get_realm_from_hostname() or kerberos_get_default_realm_from_ccache() fails due to
a misconfigured krb5.conf, try the "realm =" from smb.conf as a fallcback before going back to
NTLMSSP (which we'll do anyway).
(cherry picked from commit
ccab9efb653cfacdd357986f7a8a85c17df7abbb)
(cherry picked from commit
f16e4cc11fd4f195da7c4f0de13d0bb23e5b79d1)
Pierre Carrier [Tue, 14 Sep 2010 23:43:39 +0000 (16:43 -0700)]
Allows changing the maximum number of simultaneous clients in winbindd through an smb.conf option.
Signed-off-by: Jeremy Allison <jra@samba.org>
Fix bug #8186 (Allows changing the maximum number of simultaneous clients in
winbindd through an smb.conf option).
(cherry picked from commit
b6f691ede0a80aaf7226b6862120b5052e63668d)
Günther Deschner [Wed, 28 Sep 2011 16:12:49 +0000 (18:12 +0200)]
s3-winbind: Fix bug 7888 -- deal with buggy 3.0 based PDCs.
Guenther
(cherry picked from commit
d7f0de06c119abad609f87121a8a4fb533e82747)