Jeremy Allison [Thu, 22 Jan 2009 18:58:38 +0000 (10:58 -0800)]
Another attempt to fix bug #4308 - Excel save operation corrupts file ACLs.
Simo is completely correct. We should be doing the chown *first*, and fail the
ACL set if this fails. The long standing assumption I made when writing the
initial POSIX ACL code was that Windows didn't control who could chown a file
in the same was as POSIX. In POSIX only root can do this whereas I wasn't sure
who could do this in Windows at the time (I didn't understand the privilege
model). So the assumption was that setting the ACL was more important (early
tests showed many failed ACL set's due to inability to chown). But now we have
privileges in smbd, and we must always fail an ACL set when we can't chown
first. The key that Simo noticed is that the CREATOR_OWNER bits in the ACL
incoming are relative to the *new* owner, not the old one. This is why the old
user owner disappears on ACL set - their access was set via the USER_OBJ in the
creator POSIX ACL and when the ownership changes they lose their access.
Patch is simple - just ensure we do the chown first before evaluating the
incoming ACL re-read the owners. We already have code to do this it just wasn't
rigorously being applied.
Jeremy.
Karolin Seeger [Wed, 21 Jan 2009 10:37:30 +0000 (11:37 +0100)]
build_docs: Use 'make distclean' instead of 'make clean'.
This fixes bug #6058.
Thanks to Christian Perrier for reporting!
Karolin
(cherry picked from commit
162e4b66601b41dd5adb24e192f3b5a91dfb41cc)
(cherry picked from commit
2545fcc48888628eef2d6b83ef5656be1e53bf7e)
Karolin Seeger [Tue, 9 Dec 2008 21:08:13 +0000 (22:08 +0100)]
build-docs: Change to the right directory before calling 'make clean'.
This fixes build-docs if it's called from the create-tarball script.
Karolin
(cherry picked from commit
dd3ef73c8c184eaec7ee515ef2130f30f9e481b3)
(cherry picked from commit
1e7c488097d67457632778a09e7f82db5d0e93e3)
Karolin Seeger [Thu, 18 Sep 2008 13:52:06 +0000 (15:52 +0200)]
Karolin Seeger [Mon, 19 Jan 2009 09:22:46 +0000 (10:22 +0100)]
S3-ByExample: Use 'winbindd -D' instead of 'winbindd -B'.
The option '-B' does not exist at all.
Thanks to Jason Ellison for reporting!
Karolin
(cherry picked from commit
4b26c7bbf4fe93f5ffb92d3f04012be290be25be)
(cherry picked from commit
05c7d97e6cf25c05ba6a661c0a31c88946ffd5cd)
(cherry picked from commit
f89c3db4ae0bcf1680c2532833ee115005b8ed70)
Karolin Seeger [Mon, 19 Jan 2009 07:55:30 +0000 (08:55 +0100)]
S3-HowTo: Change 'winbindd -B' to 'winbindd -D'.
There is no option '-B' at all.
Thanks to Jason Ellison for reporting!
Karolin
(cherry picked from commit
7c1e08518bfbe054db270e72476c642d5db93c0a)
(cherry picked from commit
3b5d2fd4cc5f7cbe22be1dfc593ca4ba29197b66)
(cherry picked from commit
0900b10f64fbb9f2e55591d1b11be9bb29526744)
Karolin Seeger [Thu, 15 Jan 2009 07:34:53 +0000 (08:34 +0100)]
WHATSNEW: Update WHATSNEW.
Karolin
Jeremy Allison [Wed, 14 Jan 2009 21:17:58 +0000 (13:17 -0800)]
Fix bug #6035 - Possible race between fcntl F_SETLKW and alarm delivery.
Jeremy.
Karolin Seeger [Wed, 14 Jan 2009 13:02:08 +0000 (14:02 +0100)]
WHATSNEW: Update changes since 3.0.33.
Karolin
Karolin Seeger [Wed, 14 Jan 2009 12:59:19 +0000 (13:59 +0100)]
WHATSNEW: Update WHATSNEW.
Karolin
Karolin Seeger [Wed, 14 Jan 2009 12:53:12 +0000 (13:53 +0100)]
VERSION: Raise version number up to 3.0.34.
Karolin
Jeremy Allison [Tue, 13 Jan 2009 19:24:24 +0000 (11:24 -0800)]
Fix bug #6019 File corruption in Clustered SMB/NFS environment managed via CTDB
Jeremy.
Karolin Seeger [Mon, 17 Nov 2008 14:23:34 +0000 (15:23 +0100)]
s3 create-tarball.sh: Remove dashes in git commands.
Newer git versions (e.g. 1.6.0.2) do not provide the 'git-' commands
any longer.
Karolin
(cherry picked from commit
0cba859f12177aaf3ef2d96663f0a51f61c24d56)
(cherry picked from commit
3d64e67de2b50f7b781aa3f5ad13ec8e866d4333)
(cherry picked from commit
aa41a80969bd413d5922c602c7309bd8c05f3181)
(cherry picked from commit
0b4dd0cb1f81126344a6fe3304b46f880089718d)
(cherry picked from commit
4d988d0c9f22dda706ee1802985830ce4999f4d5)
Karolin Seeger [Wed, 19 Nov 2008 12:16:38 +0000 (13:16 +0100)]
build-docs: Use 'git clean' instead of 'git-clean'.
Karolin
(cherry picked from commit
12e72140b944f844e7f44f21a087ab4a4ecc51a7)
(cherry picked from commit
ab02316ced8b0dc0d577960d1bab02d239313ef5)
Stefan Metzmacher [Mon, 12 Jan 2009 11:32:46 +0000 (12:32 +0100)]
s3:libsmb: handle the smb signing states the same in the krb5 and ntlmssp cases
SMB signing works the same regardless of the used auth mech.
We need to start with the temp signing ("BSRSPYL ")
and the session setup response with NT_STATUS_OK
is the first signed packet.
Now we set the krb5 session key if we got the NT_STATUS_OK
from the server and then recheck the packet.
All this is needed to make the fallback from krb5 to
ntlmssp possible. This commit also resets the cli->vuid
value to 0, if the krb5 auth didn't succeed. Otherwise
the server handles NTLMSSP packets as krb5 packets.
The restructuring of the SMB signing code is needed to
make sure the krb5 code only starts the signing engine
on success. Otherwise the NTLMSSP fallback could not initialize
the signing engine (again).
metze
(cherry picked from commit
7d9fd64f38aa5821b38c1223cf87979fc87bfb71)
(cherry picked from commit
8e29070ccd0b5103af2e6da75644169f46700313)
(cherry picked from commit
38b297f99ec166e5c40ba33774222b37b45b4fec)
(a little bit modified to compile in v3-0)
Karolin Seeger [Mon, 12 Jan 2009 11:30:13 +0000 (12:30 +0100)]
WHATSNEW: Add footer.
Karolin
Karolin Seeger [Mon, 12 Jan 2009 11:25:58 +0000 (12:25 +0100)]
WHATSNEW: Update changes since 3.0.33.
Karolin
Karolin Seeger [Mon, 12 Jan 2009 09:19:02 +0000 (10:19 +0100)]
VERSION: Set vendor suffix to "test" according to the other branches.
Karolin
Bo Yang [Mon, 12 Jan 2009 06:15:00 +0000 (14:15 +0800)]
Fix null pointer refrence in event context in backport from v3-3-test
Signed-off-by: Bo Yang <boyang@novell.com>
Jeremy Allison [Sun, 11 Jan 2009 04:04:27 +0000 (20:04 -0800)]
Fix logic bug introduce in backport of ccache_regain_all_now, sync with
3.3 implementation.
Jeremy.
Bo Yang [Sat, 10 Jan 2009 22:32:43 +0000 (14:32 -0800)]
Backport of the clean event context after fork and
krb5 refresh chain fixes.
Bo Yang [Sat, 10 Jan 2009 22:13:32 +0000 (14:13 -0800)]
Don't set child->requests to NULL in parent after fork
Karolin Seeger [Fri, 9 Jan 2009 10:22:00 +0000 (11:22 +0100)]
docs: Improve man mount.cifs.
Add hint about specifying the workgroup in the credentials file.
Whitespace cleanup.
This fixes bug #4541.
Patch based on proposed patch from Christian Perrier <bubulle@debian.org>.
Thanks for reporting and providing a patch!
Karolin
(cherry picked from commit
1f7e09ea542df3a2f5f553c0cb11a39c74712950)
(cherry picked from commit
b99d98ff2ef5491979301656e7f516d3c8829f6e)
(cherry picked from commit
1900233ede3083410eb3dc691d2d486c5340ccc4)
Jeremy Allison [Thu, 8 Jan 2009 18:56:36 +0000 (10:56 -0800)]
Fix race condition in alarm lock processing noticed by Richard Sharpe <realrichardsharpe@gmail.com>.
"It seems to me that if the lock is already held by another process when we
enter this code, there is a race between the timeout and the granting. If
the lock is subsequently granted, the process releasing the lock will signal
the wait variable (or whatever) and our process will be scheduled. However,
if the timeout occurs before we are scheduled, the timeout will be delivered
first.
We will have the lock but will forget we have the lock, and never release
it."
Jeremy.
Volker Lendecke [Tue, 6 Jan 2009 14:13:43 +0000 (15:13 +0100)]
s3/swat: Fix creation of the first share using SWAT.
This fixes bug #5965.
(cherry picked from commit
f76614169f1e0a932cf2895702cfa9e8a5735875)
(cherry picked from commit
148437fcd0896591ebbf6c2808723575d025123f)
Karolin Seeger [Tue, 6 Jan 2009 11:26:23 +0000 (12:26 +0100)]
docs: Improve description of the share commands in man smb.conf.
-Correct the parameter names.
-Fix typos.
-Fix related parameters.
This fixes bug #6008.
Thanks to TAKAHASHI Motonobu <monyo@samba.gr.jp> for reporting!
Karolin
(cherry picked from commit
8b7f66c548ed170d2dab0c91ccff4aca00f4b52d)
(cherry picked from commit
6f38786aa878bd1a7fc10069773c19b28437fbbb)
(cherry picked from commit
f420b5c2af7d46e88269d9ec89c5dcd37f1f8f46)
Karolin Seeger [Tue, 6 Jan 2009 09:26:37 +0000 (10:26 +0100)]
docs: Fix example in man vfs_recycle.
This fixes bug #6001.
Thanks to TAKAHASHI Motonobu <monyo@samba.gr.jp> for reporting!
Karolin
(cherry picked from commit
9f44a17c3bf36067d04cec036c3e529798932cd7)
(cherry picked from commit
5e073807f7c4679dd299a2b8f3e2643dc1c82405)
(cherry picked from commit
c0877d14cb04956b29ca329897a7b4bface7f363)
Karolin Seeger [Mon, 5 Jan 2009 15:33:00 +0000 (16:33 +0100)]
examples: Avoid bashism in perfcount.init.
This fixes bug #6000.
Thanks to the Debian Samba package maintainers for providing the patch!
Remove trailing whitespaces.
Karolin
(cherry picked from commit
2e09746a4db4186c9d648370b9004971bc18e5c9)
(cherry picked from commit
9b17f7907bca32282d6e56fa28ca62ef84bf7afc)
(cherry picked from commit
de41f0e9a08b796873bdd319fe784b6c90e28b23)
Karolin Seeger [Mon, 5 Jan 2009 15:38:25 +0000 (16:38 +0100)]
Revert "examples: Avoid bashism in perfcount.init."
This reverts commit
744c7007b4b798699613e06933f92fdf5261b222.
Karolin Seeger [Mon, 5 Jan 2009 13:54:28 +0000 (14:54 +0100)]
examples: Avoid bashism in perfcount.init.
This fixes bug #6000.
Thanks to the Debian Samba package maintainers for providing the patch!
Remove trailing whitespaces.
Karolin
(cherry picked from commit
73875cd344608b591fa884ab99b5f3a10550c149)
(cherry picked from commit
e273c07e94ee607bbf05b6fa66cf3cea13fe4502)
(cherry picked from commit
a1bf1f1819ab184682327583d05b0258db8856ef)
(cherry picked from commit
b4ffffc5c03b69ac2f8e0ed74fd7788549f7e822)
Karolin Seeger [Mon, 5 Jan 2009 13:39:59 +0000 (14:39 +0100)]
docs: Document the -g option of smbclient.
This fixes bug #6013.
Thanks to the Debian Samba packages maintainers for reporting!
Karolin
(cherry picked from commit
6752d78e946b2c4278e2deba325c76fb7ffbc06a)
(cherry picked from commit
e6abdbde9b67801d46c9d331045d155717e8b241)
(cherry picked from commit
8a79b8796f98dd80b6e1f04d7302fb8342f0052d)
(cherry picked from commit
1f979334266706656874fdbe6cce14f17105360b)
Stefan Metzmacher [Fri, 2 Jan 2009 08:46:17 +0000 (09:46 +0100)]
Happy New Year!
metze
Karolin Seeger [Wed, 17 Dec 2008 15:26:43 +0000 (16:26 +0100)]
s3/smb.h: Remove unused LDAP_SSL_ON.
LDAP_SSL_ON is not defined at all.
Ldaps can be used by specifying an ldaps URL using the "passdb backend"
parameter.
Karolin
(cherry picked from commit
0c6cf1f8793edfde924289aafbd174ce4a4fae0c)
(cherry picked from commit
7f36de6906811d4f0428b75c79c72b17b8ccfcef)
Karolin Seeger [Wed, 17 Dec 2008 14:53:51 +0000 (15:53 +0100)]
s3/loadparm.c: Change default value for "ldap ssl".
LDAP_SSL_ON is not defined at all. That's why the actual default value
was "" for a long time. Set a more sensible default value without chnging the
default behaviour.
-----8<------------------snip--------------8<--------------
user@host:/data/git/samba/v3-0-test/source> git grep LDAP_SSL_ON | cat
include/smb.h:enum ldap_ssl_types {LDAP_SSL_ON, LDAP_SSL_OFF,
LDAP_SSL_START_TLS};
param/loadparm.c: Globals.ldap_ssl = LDAP_SSL_ON;
----->8------------------snap-------------->8--------------
It's the same in 3.2 and 3.3 series.
Karolin
(cherry picked from commit
e6d883e003d4560c55259ae1cfdf7319602f76e3)
(cherry picked from commit
5c686419096362176d80f3d05339b8836d0178a4)
Karolin Seeger [Wed, 17 Dec 2008 15:18:38 +0000 (16:18 +0100)]
docs: Update section "ldap ssl" in man smb.conf.
Remove non-existent value "on".
Change default value to "no".
Add hint about ldaps.
Karolin
(cherry picked from commit
580461629bb88ce3b61770e7abfe2c942a121877)
(cherry picked from commit
d74356627579fe7b9961844a77c4e6daa978d62b)
(cherry picked from commit
882ac5e5a79646754dfd1669ea6720ab52c9b6ee)
Karolin Seeger [Wed, 17 Dec 2008 14:42:12 +0000 (15:42 +0100)]
docs: Fix some formatting issues in the "ldap ssl" section of man smb.conf.
Karolin
(cherry picked from commit
6ac36698e975649d26e3f2975c2101129c3ffe97)
(cherry picked from commit
655a1c7b05d56326d6cfffbc8e46e1d64565717a)
(cherry picked from commit
2534619eedc3e9528d589cfee793a55b3cc62bed)
Karolin Seeger [Wed, 17 Dec 2008 08:17:26 +0000 (09:17 +0100)]
docs: Fix TOC of generated HTML docs.
This fixes bug #5968.
Thanks to Christian Perrier <bubulle@debian.org> for reporting!
Karolin
(cherry picked from commit
675b363b712e0b91b9b7d1189a819a36853db539)
(cherry picked from commit
3566615292f9cb2d00b03156e515274751e05969)
(cherry picked from commit
0d6b3df8d9c8b5e777ac6717168a11455b2ad2ce)
Karolin Seeger [Tue, 16 Dec 2008 14:10:29 +0000 (15:10 +0100)]
docs: "acl compatibility" is a global parameter.
This fixes bug #5866.
Thanks to TAKAHASHI Motonobu <monyo@samba.gr.jp> for reporting!
Karolin
(cherry picked from commit
9e64ed018e5aa84d802b01953b481fbb07eb00aa)
(cherry picked from commit
386b0fc4bdc0822ffbc51cfee536bea23df0a755)
(cherry picked from commit
877951eea6e67273748aa9f56a56e41cf2dca00a)
Karolin Seeger [Tue, 16 Dec 2008 08:04:32 +0000 (09:04 +0100)]
docs: Fix typo in the idmap_ad manpage.
Karolin
(cherry picked from commit
b876e1336bed52e0823e0e88381d223bd6aa95e4)
(cherry picked from commit
611ac35a694930693d2f773d15e59be138261a8e)
(cherry picked from commit
d54a1e49d5fe567bcda7c4c02f6ace2d03e189e9)
Karolin Seeger [Fri, 12 Dec 2008 13:30:01 +0000 (14:30 +0100)]
docs: Add hint that "socket address" usually don't need to be set.
This fixes bug #5950.
Thanks to the Debian Samba package maintainers for reporting!
Karolin
(cherry picked from commit
19beef0dd9354296ae79d32077c58fbacf570c85)
(cherry picked from commit
0d035d36bd3707ccb9f77f0b2730869dc78719d4)
(cherry picked from commit
6be19f94802d545cc43286aa242b0ca2e5b79721)
(cherry picked from commit
879a4fbe99739b67d877caac2d7a2f763c69d41f)
Karolin Seeger [Thu, 11 Dec 2008 17:08:29 +0000 (18:08 +0100)]
Samba3-HOWTO: Fix usage of 'net idmap restore'.
This fixes bug #5883.
Karolin
(cherry picked from commit
b4a4e635246b88277b235fa343eda48bd4bb4ce3)
(cherry picked from commit
5744177740120524740db884564142df19358ae7)
(cherry picked from commit
7584fe4e8bcbaf73f509d6981a70ff9dde92db1c)
(cherry picked from commit
fda3f00246c3ecb664d2bf387ecd0e28dec16e34)
Jeremy Allison [Thu, 4 Dec 2008 23:35:07 +0000 (15:35 -0800)]
Fix bug #5937 - filenames with "*" char hide other files
Jeremy.
Jeremy Allison [Thu, 4 Dec 2008 19:07:53 +0000 (11:07 -0800)]
Fix bug #1254 - write list not working under share-level security
(mtab.c, fix build).
Jeremy.
Karolin Seeger [Tue, 2 Dec 2008 19:50:02 +0000 (20:50 +0100)]
docs: Add default value for "writeable" to man smb.conf.
Karolin
(cherry picked from commit
c09e04ac83365333605b7b1db3d07ccfd451a667)
(cherry picked from commit
70c581586ea02fbff4c5dde0ec002b22d472dfc5)
(cherry picked from commit
1ba197a3054c6d997ceca6f124039d3cabf00289)
Karolin Seeger [Tue, 18 Nov 2008 15:33:23 +0000 (16:33 +0100)]
WHATSNEW: Update WHATSNEW for 3.0.33.
Karolin
Volker Lendecke [Sat, 8 Nov 2008 16:14:06 +0000 (17:14 +0100)]
Fix the offset checks in the trans routines
This fixes a potential crash bug, a client can make us read memory we
should not read. Luckily I got the disp checks right...
Volker
Andreas Schneider [Wed, 29 Oct 2008 13:12:04 +0000 (14:12 +0100)]
Fix circular dependency error with autoconf 2.6.3.
Signed-off-by: Andreas Schneider <anschneider@suse.de>
Jeremy Allison [Tue, 25 Nov 2008 23:57:18 +0000 (15:57 -0800)]
Fix bug #5914 - Build failure: redefinition of struct name_list
Jeremy.
Jeremy Allison [Mon, 24 Nov 2008 23:40:50 +0000 (15:40 -0800)]
Fix bug #5873 - ACL inheritance cannot be broken. This regresses #4308, but that will have to
be fixed another way.
Jeremy.
Jeremy Allison [Mon, 24 Nov 2008 23:35:12 +0000 (15:35 -0800)]
Merge branch 'v3-0-test' of ssh://jra@git.samba.org/data/git/samba into v3-0-test
Stefan Metzmacher [Mon, 24 Nov 2008 14:26:21 +0000 (15:26 +0100)]
libads/ldap.c: return an error instead of crashing when no realm is given
The bug was triggered by "net ads info -S 127.8.7.6" (where 127.8.7.6 doesn't ex
and "disable netbios = yes".
metze
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Fri, 21 Nov 2008 23:43:43 +0000 (00:43 +0100)]
winbindd: make all winbind rpc-methods static.
Now that the methods are no longer needed in winbindd_ads,
we can make them static again.
Michael
Michael Adam [Fri, 21 Nov 2008 23:42:54 +0000 (00:42 +0100)]
winbindd_ads: use the reconnect methods instead of the rpc methods directly
Some of the ads methods just point to the rpc methods.
This makes winbindd_ads use the reconnect methods instead of
calling the rpc methods directly in order to prevent
negative cache entries for e.g. name_to_sid, when the dc
has closed the connection without sending a reset.
Michael
Yasuma Takeda [Thu, 20 Nov 2008 19:41:47 +0000 (11:41 -0800)]
Fix bug #5909 - MS-DFS does not work on Vista, if link name includes multibyte character.
Dina Fine [Tue, 18 Nov 2008 20:43:26 +0000 (12:43 -0800)]
Fix bug #5908 - Samba 3.0.32 - internal change notify on share directory fails"
Carsten Dumke [Thu, 13 Nov 2008 18:05:00 +0000 (12:05 -0600)]
net: Fix documentation of net rap printq info (bug #5892)
The man-page (see net(8)) and the usage-info (call "net help rap printq") of
'net rap printq' do contain an option "list" but in net_rap.c
the option is named "info".
Rename the option "list" in the documentation (man-pages + usage) to "info" to
match the code.
Signed-off-by: Kai Blin <kai@samba.org>
Jeremy Allison [Wed, 12 Nov 2008 22:09:22 +0000 (14:09 -0800)]
Fix memory leak in error path, spotted by Martin Zielinski <mz@seh.de>.
Jeremy.
Kai Blin [Fri, 7 Nov 2008 08:43:46 +0000 (09:43 +0100)]
ntlm_auth: Put huge NTLMv2 blobs into extra_data on CRAP auth
This fixes bug #5865
Kai Blin [Fri, 7 Nov 2008 08:40:35 +0000 (09:40 +0100)]
winbindd: Reformat the WBFLAGS defines to prepare for adding a new flag.
Jeff Layton [Thu, 6 Nov 2008 20:20:55 +0000 (15:20 -0500)]
mount.cifs: use lock/unlock_mtab scheme from util-linux-ng mount prog
The util-linux-ng sources have a good, but rather complex scheme for
locking the mtab before updating it. Mount helpers need to follow the
same scheme. Advisory locking only works if everyone is using the same
locking scheme.
Copy the routines we need from util-linux-ng into a separate source file
and then have mount.cifs and umount.cifs link in this object.
The long term goal is to have these routines in a separate helper
library (libmount). Mount helpers can then dynamically link in that lib.
Until that happens, this should serve as a suitable stopgap solution.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeremy Allison [Thu, 6 Nov 2008 03:12:10 +0000 (19:12 -0800)]
Add reference to bug #4308 to remind me to add regression test to smbtorture.
Jeremy.
Volker Lendecke [Mon, 3 Nov 2008 16:14:35 +0000 (17:14 +0100)]
Fix bug triggered by the RAW-SAMBA3OPLOCKLOGOFF test
Günther Deschner [Mon, 25 Aug 2008 09:36:56 +0000 (11:36 +0200)]
auth: Fix build warning.
Guenther
(cherry picked from commit
4661ef625a6522d6f859b83e3e3702f01d0b952f)
(cherry picked from commit
60649a74cdf2594bc89c301025f86d23caba91c2)
Stefan Metzmacher [Mon, 27 Oct 2008 18:40:23 +0000 (19:40 +0100)]
utils/net_ads.c: call saf_join_store() after a the join.
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 27 Oct 2008 18:39:30 +0000 (19:39 +0100)]
libads/ldap.c: store the dc name in the saf cache as in all other places
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 27 Oct 2008 18:38:15 +0000 (19:38 +0100)]
libads/ldap.c: if the client belongs to no site at all any dc is the closest
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 27 Oct 2008 18:36:25 +0000 (19:36 +0100)]
libads/ldap.c: pass the real workgroup name to get_dc_name()
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 27 Oct 2008 18:31:30 +0000 (19:31 +0100)]
libsmb/namequery.c: add saf_join_store() function
saf_join_store() should be called after a successful
domain join, the affinity to the dc used at join time
has a larger ttl, to avoid problems with delayed replication.
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 27 Oct 2008 08:40:25 +0000 (09:40 +0100)]
libsmb/namequery: fallback to returning all dcs, when none is available in the requested site
It could happen that all dcs in a site are unavailable
(some sites have only one dc) and then we need to fallback
to get all dcs.
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 22 Oct 2008 09:14:10 +0000 (11:14 +0200)]
s3: libads: use get_dc_name() instead of get_sorted_dc_list() in the LDAP case
We use get_dc_name() for LDAP because it generates the selfwritten
krb5.conf with the correct kdc addresses and sets KRB5_CONFIG.
For CLDAP we need to use get_sorted_dc_list() to avoid recursion.
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 22 Oct 2008 08:36:21 +0000 (10:36 +0200)]
s3: correctly detect if the current dc is the closest one
ads->config.tried_closest_dc was never set.
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Michael Adam [Mon, 27 Oct 2008 13:28:44 +0000 (14:28 +0100)]
winbind: fix smbd hanging on Solaris when winbindd closes socket.
On some versions of Solaris, we observed a strange effect of close(2)
on a socket: After the server (here winbindd) called close, the client fd
was not marked as readable for select. And a write call to the fd did
not produce an error EPIPE but just returned as if successful.
So while winbindd had called remove_client(), the corresponding smbd
still thought that it was connected, but failed to retrieve answers
for its queries.
This patch works around the problem by forcing the client fd to
the readable state: Just write one byte into the socket before
closing.
Michael
Andreas Schneider [Fri, 24 Oct 2008 10:01:24 +0000 (12:01 +0200)]
Fix the build of pam_winbind.
Andreas Schneider [Mon, 20 Oct 2008 15:39:35 +0000 (17:39 +0200)]
Delete the krb5 ccname variable from the PAM environment if set.
If winbind sets the KRB5CCNAME variable it should unset it when
the cache gets destroyed.
Jeremy Allison [Fri, 17 Oct 2008 04:01:56 +0000 (21:01 -0700)]
Cope with bad trans2mkdir requests from System i QNTC IBM SMB client.
If total_data == 4 Windows doesn't care what values
are placed in that field, it just ignores them.
The System i QNTC IBM SMB client puts bad values here,
so ignore them.
Jeremy.
Jeff Layton [Thu, 9 Oct 2008 14:51:33 +0000 (10:51 -0400)]
mount.cifs: make return codes match the return codes for /bin/mount (try #3)
The manpage for /bin/mount specifies that the return code should be a
positive integer (actually, it's a bitfield). Clean up the return
codes from mount.cifs to make them match the expected return values
from /bin/mount. This necessary for proper integration with autofs.
This is the third attempt at this patch. The changes here are minor,
just changing some return's from main() into exit() calls for
consistency's sake.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Thu, 9 Oct 2008 14:47:45 +0000 (10:47 -0400)]
mount.cifs: have uppercase_string return success on NULL pointer
We currently don't attempt to uppercase the device portion of the mount
string if there isn't a prefixpath. Fix that by making uppercase_string
return success without doing anything on a NULL pointer.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeremy Allison [Wed, 8 Oct 2008 18:37:43 +0000 (11:37 -0700)]
Fix bug #5814 - Winbindd dumping core in a strange manner while doing "rescan_trusted_domain".
From analysis by hargagan <shargagan@novell.com> :
"The winbindd_child_died() is also getting called from process_loop() in case of
SIGCHLD signal. In this case it doesn't make the timeout_handler to NULL for
the first request. It then initiate a new request using
schedule_async_request() which installs a new timeout handler for the same
request. In such a case, for a badly unresponsive system both the timeout
handler can be called. For the first call the "private_data" will be cleared
and for another call the timeout handler will be detecting the double free. So,
for such a case as well, the winbindd_child_died() should make the
timeout_handler to NULL."
Jeremy.
Jeremy Allison [Wed, 1 Oct 2008 20:23:36 +0000 (13:23 -0700)]
Fix use of DLIST_REMOVE as spotted by Constantine Vetoshev <gepardcv@gmail.com>.
This API is unusual in that if used to remove a non-list head it nulls out
the next and prev pointers. This is what you want for debugging (don't want
an entry removed from the list to be still virtually linked into it) but
means there is no consistent idiom for use as the next and prev pointers
get trashed on removal from the list, meaning you must save them yourself.
You can use it one way when deleting everything via the head pointer, as
this preserves the next pointer, but you *must* use it another way when not
deleting everything via the head pointer. Fix all known uses of this (the main
one is in conn_free_internal() and would not free all the private data entries
for vfs modules. The other changes in web/statuspage.c and winbindd_util.c
are not strictly neccessary, as the head pointer is being used, but I've done
them for consistency. Long term we must revisit this as this API is too hard
to use correctly.
Jeremy.
Jeremy Allison [Tue, 30 Sep 2008 20:37:54 +0000 (13:37 -0700)]
Ensure we emit the notify message before renaming the open files.
Jeremy.
Jeremy Allison [Sat, 27 Sep 2008 01:41:05 +0000 (18:41 -0700)]
Fix for bug #5790 - samba returns STATUS_OBJECT_NAME_NOT_FOUND on set file disposition call.
This was my fault. I use a singleton cache (positive and negative) to speed up pathname based
qfileinfo/setfileinfo lookups for alternate fsp's open on the same path. I only invalidated the
negative cache on adding a new file fsp, as I incorrectly imagined the new fsp was put at the *end* of
the open files list. DLIST_ADD puts it at the start, meaning any subsequent open wasn't seen once the
cache was set. Doh !
Jeremy.
Jeremy Allison [Tue, 23 Sep 2008 23:47:21 +0000 (16:47 -0700)]
Fix winbindd crash in an unusual failure mode. Bug #5737. Based on original patch from shargagan@novell.com
Jeremy.
Günther Deschner [Thu, 18 Sep 2008 12:09:27 +0000 (14:09 +0200)]
fix net_io_q_srv_pwset2.
yes, we all love hand-marshalled rpc...
Guenther
Jeff Layton [Sun, 14 Sep 2008 12:37:58 +0000 (08:37 -0400)]
mount.cifs: make local versions of strlcat and strlcpy static
...to silence -Wmissing-prototypes
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Sun, 14 Sep 2008 12:37:57 +0000 (08:37 -0400)]
cifs.upcall: make most functions static and silence compiler warnings
...to silence -Wmissing-prototypes and some uninit'ed variable
warnings. Thanks to GD for the extra-paranoid compiler flags.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Fri, 12 Sep 2008 20:58:00 +0000 (16:58 -0400)]
mount.cifs: don't prompt for password on krb5 mounts
krb5 mounts require that the user already have a valid krb5 ticket.
Since we can't currently use the password entered, don't prompt for it.
Also, switch to using strncmp instead of strcmp here.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Fri, 12 Sep 2008 20:58:00 +0000 (16:58 -0400)]
mount.cifs: fix several problems when mounting subdirectories of shares (try 2)
This patch is the second patch to attempt to fix up some of the problems
with mounting subdirectories of shares. The earlier patch didn't handle
this correctly when POSIX extensions were enabled. This one does.
This is a bit of a confusing area since the different components of
a service string have different rules:
1) hostname: no '/' (slash) or '\' (backslash) is allowed to be
embedded within the string
2) sharename: same rules as hostname
3) prefixpath: '\' *is* allowed to be embedded in a path component,
iff POSIX extensions are enabled. Otherwise, neither
character is allowed.
The idea here is to allow either character to act as a delimiter when we
know that the character can't be anything but a delimiter (namely
everywhere up to the start of the prefixpath). The patch will convert
any '\' unconditionally to '/' in the UNC portion of the string.
However, inside the prefixpath, we can't make assumptions about what
constitutes a delimiter because POSIX allows for embedded '\'
characters. So there we don't attempt to do any conversion, and pass the
prefixpath to the kernel as is. Once the kernel determines whether POSIX
extensions are enabled, it can then convert the path if needed and it's
able to do so. A patch to handle this has already been committed to the
cifs-2.6 git tree.
This patch also fixes an annoyance. When you mount a subdir of a share,
mount.cifs munges the device string so that you can't tell what the
prefixpath is. So if I mount:
//server/share/p1/p2/p3
..then /proc/mounts and mtab will show only:
//server/share
Finally, it also tries to apply some consistent rules to the uppercasing
of strings.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Fri, 12 Sep 2008 20:58:00 +0000 (16:58 -0400)]
Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL };
Cherry picked from commit
3d3d61687ef00181f4f04e001d42181d93ac931e
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Fri, 12 Sep 2008 20:57:59 +0000 (16:57 -0400)]
cifs.upcall: bump SPNEGO msg version number and don't reject old versions
When we added the ability for the kernel to send sec=mskrb5 to the
upcall, we subtly broke old cifs.upcall versions that don't understand
it. Bump the spnego message version to 2 to make this clear. Also,
change cifs.upcall to not reject requests with a version that's lower
than the current one, and to send the reply with the same version that
the request sent. The idea is to try and keep cifs.upcall backward
compatible with old kernels.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Fri, 12 Sep 2008 20:57:59 +0000 (16:57 -0400)]
cifs.upcall: fix build warning
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Fri, 12 Sep 2008 20:57:59 +0000 (16:57 -0400)]
cifs.upcall: handle MSKRB5 OID properly
When the kernel sends the upcall a sec=mskrb5 parameter, that means
the the MSKRB5 OID is preferred by the server. This patch fixes the
upcall to use that OID in place of the "normal" krb5 OID when it
gets a sec=mskrb5 parameter.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve French <smfrench@gmail.com>
Jeff Layton [Fri, 12 Sep 2008 20:57:59 +0000 (16:57 -0400)]
cifs.upcall: negatively instantiate keys on error
When a request-key upcall exits without instantiating a key, the kernel
will negatively instantiate the key with a 60s timeout. Older kernels,
however seem to also link that key into the session keyring. This
behavior can interefere with subsequent mount attempts until the
key times out. The next request_key() call will get this negative key
even if the upcall would have worked the second time.
Fix this by having cifs.upcall negatively instantiate the key itself
with a 1s timeout and don't attach it to the session keyring.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Steve French [Fri, 12 Sep 2008 20:57:59 +0000 (16:57 -0400)]
Building cifs.upcall is giving this build warning:
client/cifs.upcall.c:205: warning: function declaration isn’t a prototype
This patch fixes this by properly declaring usage() args as void.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@samba.org>
Steve French [Fri, 12 Sep 2008 20:57:59 +0000 (16:57 -0400)]
cifs.upcall: fix manpage and comments
The "cifs.resolver" key type has been changed to "dns_resolver". Fix
the comments at the top of cifs.upcall and the manpage accordingly.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@samba.org>
---
docs-xml/manpages-3/cifs.upcall.8.xml | 4 ++--
source/client/cifs.upcall.c | 8 ++++----
2 files changed, 6 insertions(+), 6 deletions(-)
Steve French [Fri, 12 Sep 2008 20:57:59 +0000 (16:57 -0400)]
cifs.upcall was not recognizing the newer name "dns_resolver" key type
(as a synonym for the older "cifs.resolver" name) when resolving host
names to ip addresses for the kernel.
Acked-by: Jeff Layton
Steve French [Fri, 12 Sep 2008 20:57:59 +0000 (16:57 -0400)]
cifs.upcall: fix compile warning
Steve French noticed these warnings when building cifs.upcall:
Compiling client/cifs.upcall.c
client/cifs.upcall.c: In function 'usage':
client/cifs.upcall.c:204: warning: declaration of 'prog' shadows a global declaration
client/cifs.upcall.c:33: warning: shadowed declaration is here
Change the usage function to not take and arg and have it just use the global
"prog" variable. Fix a typo in the log message generated when an unknown
option is specified. Also getopt() always returns '?' when it sees an unknown
option so there's no point in printing it out.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Michael Adam [Fri, 12 Sep 2008 20:57:59 +0000 (16:57 -0400)]
build: fix linking cifs.upcall when nscd_flush_cache() is found.
Michael
Jeff Layton [Fri, 12 Sep 2008 20:57:58 +0000 (16:57 -0400)]
cifs.upcall: move default install location to EPREFIX/sbin
cifs.upcall links to libraries that live under /usr, so installing it
in /sbin doesn't seem appropriate. Move it to EPREFIX/sbin instead
(i.e. /usr/sbin).
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Fri, 12 Sep 2008 20:57:58 +0000 (16:57 -0400)]
cifs.upcall: enable building by default on linux
When building on linux, default to building cifs.upcall. Throw a
warning if ADS support is disabled or keyutils isn't installed.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeremy Allison [Fri, 12 Sep 2008 20:57:58 +0000 (16:57 -0400)]
This patchset comprises a number of cleanups for the cifs upcall
binary. The biggest change is that it renames it from cifs.spnego
to cifs.upcall since the cifs.spnego name really isn't applicable
anymore.
It also fixes a segfault when the program is run without any args
and adds a manpage. Comments and/or suggestions appreciated.
This set should apply cleanly to the 3.3 test branch.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeremy.