Ira Cooper [Thu, 24 May 2012 01:39:03 +0000 (21:39 -0400)]
s3-passdb: Fix negative SID->uid/gid cache handling. (bug #8952)
-1 uid/gid signals a non existent uid/gid.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
baac32c43460ed5e78e7f8bb2304f79cae2b15ef)
Andreas Schneider [Mon, 14 May 2012 08:31:32 +0000 (10:31 +0200)]
s3-auth: Don't lookup the system user in pdb.
This fixes bug #8944, ldapsam:trusted and ipasam. It is an additional
fix for bug #8567 (
0528cb5f3a15b72dcb34ece21a3ffb3e7b8d6eb9).
Signed-off-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
96b6f3a4777fa3288ee071e01bf293c28002fc5f)
Richard Sharpe [Thu, 17 May 2012 03:21:34 +0000 (20:21 -0700)]
Check the return from create_acl_blob
Autobuild-User: Richard Sharpe <sharpe@samba.org>
Autobuild-Date: Thu May 17 07:17:29 CEST 2012 on sn-devel-104
(cherry picked from commit
632af6645376185500820a5be9dbf5c0c3d1e515)
The last two commits address bug #8945 (vfs_acl_common discards errors from
writing to the underlying storage).
(cherry picked from commit
865eca15e080d9eb9e81e91985d6859e316ce081)
Richard Sharpe [Tue, 15 May 2012 14:47:14 +0000 (07:47 -0700)]
Fix the overwriting of errno before use in a DEBUG statement and use the return value from store_acl_blob_fsp rather than ignoring it.
Autobuild-User: Richard Sharpe <sharpe@samba.org>
Autobuild-Date: Wed May 16 03:43:41 CEST 2012 on sn-devel-104
(cherry picked from commit
bfe4a2baeec6bc4558a617ec67532ea11f865861)
(cherry picked from commit
a398d1bc102933da01d126f2c893ad393f1fb1d2)
Karolin Seeger [Fri, 11 May 2012 14:26:25 +0000 (16:26 +0200)]
WHATSNEW: Start release notes for 3.6.6.
Karolin
(cherry picked from commit
6ea4ad30f4d3c30f824f278c7a93347887942514)
Björn Baumbach [Fri, 28 Oct 2011 03:43:05 +0000 (05:43 +0200)]
s3-printing: Add new printers to registry.
This fixes bug #8554, #8612 and #8748.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
8a553705d9045dbbc3ab71189f2496fe97e1a802)
Alejandro Escanero Blanco [Wed, 9 May 2012 09:35:51 +0000 (11:35 +0200)]
s3:auth/server_info: the primary rid should be in the groups rid array (bug #8798)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed May 9 19:36:01 CEST 2012 on sn-devel-104
(cherry picked from commit
6132cf2a5cd77c79546a2d6cc3fbf3c93f54183b)
(cherry picked from commit
6eae984cfc3ceb0661f7993c9274e048c6eda6e0)
Michael Adam [Fri, 4 May 2012 16:01:00 +0000 (18:01 +0200)]
s3:registry: return error when Key does not exist in regdb_fetch_values_internal() (cherry picked from commit
8a723ddfc1645e52830fb5f47a34f032f9c38931)
(cherry picked from commit
32cf92f2388c0fc26e24c3174fab43089bffba03)
Michael Adam [Mon, 23 Apr 2012 14:44:15 +0000 (16:44 +0200)]
s3:registry: replace call to reg_openkey() in reg_createkey() by accesscheck. (cherry picked from commit
c1cc15c33be8926ffef173b514d0fb260292d9a3)
(cherry picked from commit
2b29bfcf593aa8a80e1e4cab1d344f5a70036c6e)
Michael Adam [Mon, 23 Apr 2012 14:13:29 +0000 (16:13 +0200)]
s3:registry: remove a superfluous fill_subkey_cache() in reg_createkey()
Pair-Programmed-With: Gregor Beck <gbeck@sernet.de>
(cherry picked from commit
03ae7117df2ae42213a3ef9a5ea3adad2bf264e0)
(cherry picked from commit
404c9cec7e538a8301ad1a57f04ec4f4f05e80e1)
Michael Adam [Mon, 23 Apr 2012 14:07:21 +0000 (16:07 +0200)]
s3:registry: use fill_subkey_cache to check exsistence in regkey_open_onelevel().
Pair-Programmed-With: Gregor Beck <gbeck@sernet.de>
(cherry picked from commit
af9d70fbce541c382a5fc54b1cc1af9b0b60a692)
(cherry picked from commit
98c96425420485ae1609a16a88d8af4310fa85d6)
Michael Adam [Mon, 23 Apr 2012 14:05:33 +0000 (16:05 +0200)]
s3:registry: let fill_subkey_cache return WERR_BADFILE when the subkey list could not be loaded
WERR_NO_MORE_ITEMS seems inappropriate.
Pair-Programmed-With: Gregor Beck <gbeck@sernet.de>
(cherry picked from commit
4b3dca83bf0da405524a64ca19771fd747ebe267)
(cherry picked from commit
015033657a9b4bf0de043cbc00e1513616c2d714)
Michael Adam [Mon, 23 Apr 2012 13:47:33 +0000 (15:47 +0200)]
s3:registry: convert reg_openkey() to use talloc instead of SMB_STRDUP etc (cherry picked from commit
42dd99d85ca04c10691f78d6340c6b702ade974b)
(cherry picked from commit
086c1e96b412688691639e89eb6cb947710eedb0)
Michael Adam [Mon, 23 Apr 2012 13:30:38 +0000 (15:30 +0200)]
s3:registry untangle an assignment from the check in regkey_open_onelevel() (cherry picked from commit
12b7b4f0a7d8607dc206c32a3822d5678c14d43b)
(cherry picked from commit
7a36a22f00d8b5024df04932eb60ec9ffa5c2932)
Michael Adam [Mon, 23 Apr 2012 13:29:41 +0000 (15:29 +0200)]
s3:registry: untangle assignment from check in regkey_open_onelevel() (cherry picked from commit
52d3c5c14898b5f2514d1512289370eb6f6fd369)
(cherry picked from commit
e4fc313293c35dda0ff35392dbcdccbfda0e1d24)
Michael Adam [Wed, 11 Apr 2012 13:51:40 +0000 (15:51 +0200)]
s3:registry: fix seqnum race in regdb_fetch_keys_internal
This prevents race between fetching seqnum and key content.
Because there is currently no way to atomically fetch the
record along with the seqnum, I use a loop.
This is far from optimal and should should ideally be done
differently. But for now it fixes the race.
(cherry picked from commit
66fcac5e479a530091ecb43d9f8cf90f4351ad17)
(cherry picked from commit
521c7ea32d36263d218d98fc31420afc1b7cb0e1)
Gregor Beck [Wed, 13 Jul 2011 14:51:54 +0000 (16:51 +0200)]
s3:registry avoid pruning the sequencenumber while flushing the regsubkey_ctr
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jul 15 08:34:47 CEST 2011 on sn-devel-104
(cherry picked from commit
5049e3e142977a4c3d0f5a0fd9c06429f4d85bed)
(cherry picked from commit
2517f435574876ad44bf0212f507114a610f2377)
Michael Adam [Wed, 11 Apr 2012 13:48:02 +0000 (15:48 +0200)]
s3:registry: fix seqnum race in fetch_values_internal
This prevents race between fetching seqnum and key content.
Because there is currently no way to atomically fetch the
record along with the seqnum, I use a loop.
This is far from optimal and should should ideally be done
differently. But for now it fixes the race.
(cherry picked from commit
13bccba3c2f6e6fdda2b4a40dd4b1e250a98a7ef)
Conflicts:
source3/registry/reg_backend_db.c
(cherry picked from commit
11413a95a2db14ef14a8f8f4fcb1f11adf44e7a0)
Michael Adam [Wed, 11 Apr 2012 14:02:44 +0000 (16:02 +0200)]
s3:registry: update the seqnum in the subkey cache at the end of regval_store_keys
The purpose is to prevent next reads from going to disk.
Note that this will currently only be effective with local tdbs, not
with ctdb: For tdb, store and delete bump the seqnum while transaction
commit does not. For ctdb, transaction commit bumps the seqnum, while
store and delete don't... This needs fixing (in ctdb).
(cherry picked from commit
16d83149c1b5620598edd37bbd1a73bebec82b6e)
(cherry picked from commit
96f08f6d43cb9bebda175efd5719ca15549a5b99)
Michael Adam [Wed, 11 Apr 2012 13:38:29 +0000 (15:38 +0200)]
s3:registry:db: update the value container seqnum after storing/deleting to prevent next read from going to disk if possible
Note that this will currently only be effective in the local TDB implementation.
For CTDB, this wont work since seqnum currently works differently there (needs
fixing): For tdb, store and delete operations bump the db seqnum, while
transaction commits don't. For ctdb, the seqnum is bumped by the transaction
commit but not by store and delete operations.
(cherry picked from commit
13347d11c0e918f82e7e3c21125acc5e241d389f)
(cherry picked from commit
f4d800d8d010e638d37d993d8eef00645398f811)
Michael Adam [Thu, 12 Apr 2012 20:53:24 +0000 (22:53 +0200)]
s3:registry: wrap reg_deletekey() into a transaction
This is wrong layering but fixes a race condition.
(cherry picked from commit
e3ad0456515c97f6697190c86b8cec4af8e1e190)
(cherry picked from commit
8980168a16463e1d4fabd5a96f8385882aa0fe7b)
Michael Adam [Thu, 12 Apr 2012 20:17:35 +0000 (22:17 +0200)]
s3:registry: wrap reg_createkey() in a transaction
This is wrong layering (calling into regdb_transaction* in the reg_api code)
but fixes a potential race. It makes the multi-step create procedure atomic.
This should completely be done in the backend.
(cherry picked from commit
65d9b116d0283b010e9e3c9ecf185ca42850838e)
(cherry picked from commit
14d9621c39c67872316c6d4f11387b7c3a6dbb00)
Michael Adam [Thu, 12 Apr 2012 15:58:26 +0000 (17:58 +0200)]
s3:registry: untangle assignments from checks in reg_createkey() (cherry picked from commit
4ac9625fe42ded0717aafdf6eec4c1b2217c3c68)
(cherry picked from commit
95ba1aa132e6097a0d35cbc05296427aebdf21b1)
Michael Adam [Thu, 12 Apr 2012 15:52:43 +0000 (17:52 +0200)]
s3:registry: wrap reg_deletevalue() in a transaction
This is at the wrong layer, but if fixes a race potentially causing
data corruption by concurrent access.
(cherry picked from commit
c1208c4a9c10b03579dca3bcd304709e631d3c25)
(cherry picked from commit
d67b1813ac563f79ed055a7e918c5f293a7069fc)
Michael Adam [Thu, 12 Apr 2012 15:46:02 +0000 (17:46 +0200)]
s3:registry: untangle assignment from check in reg_deletevalue() (cherry picked from commit
585746338bda22ff8337d41c8cc50533c5facf56)
(cherry picked from commit
866faf77f92c17e7dbb21686601c7e45a3f406cd)
Michael Adam [Thu, 12 Apr 2012 11:38:32 +0000 (13:38 +0200)]
s3:registry: fix race in reg_setvalue that could lead to data corruption
(there was no lock around fetching the values and storing them)
The layering is wrong in that it uses regdb transactions in reg_api
(cherry picked from commit
9220377ceebf05e756fd108cbd30b503598e0fb8)
(cherry picked from commit
e2d087619076e8c7ec9e46e63037753d8c07138f)
Michael Adam [Fri, 20 Apr 2012 13:19:47 +0000 (15:19 +0200)]
s3:registry: untangle assignment from check and add a debugmessage in reg_setvalue() (cherry picked from commit
a81d399456eb86ffb60bed8704cd8c7864b742db)
(cherry picked from commit
a5025e27890a96b11d8d2119ca72a27b929aa2bc)
Michael Adam [Thu, 12 Apr 2012 06:18:04 +0000 (08:18 +0200)]
s3:registry: don't leak the old contents when updating the value cache (cherry picked from commit
0bf44361caace3a4974dafa305033fb926d0f6d6)
(cherry picked from commit
488b94637952de1cc6251f2d4267ee361b041a0e)
Michael Adam [Fri, 30 Mar 2012 13:39:58 +0000 (15:39 +0200)]
s3:registry: fix debug message in regdb_store_values_internal() (cherry picked from commit
c46403f74116708f2f8b1d531f5881bb9d7f2a84)
(cherry picked from commit
b6aaf6b043699cd2d518100ac2934190e3d51639)
Michael Adam [Fri, 30 Mar 2012 13:35:14 +0000 (15:35 +0200)]
s3:registry: improve log message in regdb_unpack_values() (cherry picked from commit
ae441d97cdbe8e35cd342ba979bacc3757c06cb7)
(cherry picked from commit
bdbfde84e2b722cc8697228d8abdb0663f4addd7)
Michael Adam [Fri, 30 Mar 2012 13:14:01 +0000 (15:14 +0200)]
s3:registry: fix a debug message typo (cherry picked from commit
9f82e1175f28bdc1c09e7bd795699b29049a77e3)
(cherry picked from commit
6413d234911ab9211cf05b89412162d864b89c0a)
Michael Adam [Fri, 30 Mar 2012 12:39:50 +0000 (14:39 +0200)]
s3:registry: add a new function regval_ctr_value_byname()
This is like regval_ctr_key_exists() but does not return bool,
but the regval_blob instead, if found, and NULL if not found.
(cherry picked from commit
b037d5461a7a9a2e51a3dd2794fcc47dfcff4468)
(cherry picked from commit
18d3d3f34c355b182bdb0327a8e4d890965f1594)
Michael Adam [Fri, 30 Mar 2012 12:33:39 +0000 (14:33 +0200)]
s3:registry: rename regval_ctr_key_exists() to regval_ctr_value_exists() (cherry picked from commit
60cdf3c8b5bbda9434f0d8a05fc581ab41b42d5c)
(cherry picked from commit
b712448006fe5d31d9c8db164ffd7b0f0ee1191f)
Michael Adam [Thu, 29 Mar 2012 23:00:51 +0000 (01:00 +0200)]
s4:torture:rpc:spoolss: also initialize driverName before checking it in test_PrinterData_DsSpooler() (cherry picked from commit
46428f96a4089925355b4eeebebb8d7f27e2ec0b)
(cherry picked from commit
4cfbe636d4398e4486a6e402a86e53b77f4aaaf9)
Michael Adam [Thu, 29 Mar 2012 22:10:14 +0000 (00:10 +0200)]
s3:registry:reg_api: fix reg_queryvalue to not fail when values are modified while it runs (cherry picked from commit
5d26120b5ab180212d570dd256e8989e0c80224d)
(cherry picked from commit
b356e42c0828049af8b8f3b5b977aee89c086db6)
Michael Adam [Sat, 5 May 2012 00:12:25 +0000 (02:12 +0200)]
s3:registry: implement values_need_update and subkeys_need_update in the smbconf backend
It simply calls to the regdb functions.
This fixes a caching issue uncovered by recent changes.
(cherry picked from commit
bff7589818e602ace6cd0a4125d5f6a2ba97cded)
(cherry picked from commit
f2ab0372049f839c9201bc326030163996dec769)
Steve Langasek [Wed, 9 May 2012 05:56:00 +0000 (07:56 +0200)]
Fix bug 8920, null dereference
Description: Avoid null dereference in initialize_password_db()
When initialize_password_db() is called with reload=True, it's assumed that
the free_private_data member of pdb_methods is non-null. This is not
necessarily the case, as the tdb backend has no private data and therefore
no free function. Check to see if we have private data that needs freed
before calling.
Author: Steve Langasek <steve.langasek@ubuntu.com>
Bug-Ubuntu: https://bugs.launchpad.net/bugs/829221
(cherry picked from commit
da5c342b6d3d3c05a8ab42bb40eb2e77d7b40ec2)
Jeremy Allison [Thu, 10 May 2012 07:53:57 +0000 (09:53 +0200)]
s3-pam_winbind: Fix the build.
Jeremy
Part of a fix for bug #8915 (Samba fails to build with iniparser-3.0.0 and
iniparser-3.1.0).
(cherry picked from commit
00c901a5be83bfe4c70eccbe7fa2a35d3d2a368d)
Simo Sorce [Wed, 9 May 2012 11:55:41 +0000 (13:55 +0200)]
Fix pam_winbind build against newer iniparser library.
iniparser_getstr is deprecated and has been removed in newer libraries
available in Fedora. Use iniparse_getstring instead.
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Tue Apr 24 02:56:10 CEST 2012 on sn-devel-104
Based on commit
adbace20a24b6ae4fbd6d17b7153833f4ac8c88d in master.
(cherry picked from commit
e295905f2840b5e814f88cd483b7f5f0fb3b4150)
Karolin Seeger [Tue, 8 May 2012 14:33:07 +0000 (16:33 +0200)]
s3-docs: Fix bug #7930.
Add hint that setting "profile acls = yes" on normal shares can cause trouble.
Karolin
Autobuild-User: Karolin Seeger <kseeger@samba.org>
Autobuild-Date: Tue May 8 18:47:59 CEST 2012 on sn-devel-104
(cherry picked from commit
4cc04a29247a0c4b3de9884890364a5712534073)
(cherry picked from commit
5efc31595beae5ec661d0bf6d001bcfbf59bc446)
Richard Sharpe [Tue, 8 May 2012 12:53:10 +0000 (14:53 +0200)]
s3-VFS: Fix building out-of-tree modules.
Fix bug #8822 (VFS module init function name has to be manually changed
depending on build environment).
(cherry picked from commit
d2f4164e3db2c341ff3a1b35a68f691848c9a859)
Karolin Seeger [Tue, 8 May 2012 10:01:28 +0000 (12:01 +0200)]
s3-docs: Fix several typos.
Part of a fix for bug #7938. Based on a patch provided by John Bradshaw
<john@johnbradshaw.org>.
Karolin
(cherry picked from commit
3522cbb537069286b55264bfdd5484c278d76181)
Karolin Seeger [Tue, 8 May 2012 09:05:37 +0000 (11:05 +0200)]
s3-docs: overrided -> overridden
Fix typo. Part of a fix for bug #7938. Based on a patch provided by John
Bradshaw <john@johnbradshaw.org>.
(cherry picked from commit
6b4890246ddbd606484e7247bea86c238cc0a057)
Björn Jacke [Tue, 8 May 2012 12:10:51 +0000 (14:10 +0200)]
s3/ldap: remove outdated netscape ds 5 schema file
remove outdated netscape ds 5 schema file and put a README there pointing to
the FDS schema file instead. This fixes bug #8869
(commit
b31f773ae1640313dc1ba86b334e9bbb9cb31bd6 in master)
(cherry picked from commit
9fd8692a9d066f4e469eb0668ae1f0c8b2c8db6c)
Joseph Tam [Thu, 19 Apr 2012 18:46:16 +0000 (11:46 -0700)]
Fix bug #8877 - Syslog broken owing to mistyping of debug_settings.syslog.
Setting "syslog only = yes" did not divert log messages to syslog. The test in
lib/util/debug.c:Debug1():747
if( syslog_level < state.settings.syslog )
produces wrong results since .syslog is typed "bool" rather than "int".
The attached patch fixes this by typing this field correctly as "int".
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Apr 20 00:06:12 CEST 2012 on sn-devel-104
(cherry picked from commit
00d5f32025bf13285ab3f8ffae914107c9eca275)
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
50973b96e2e5bf1f8a434a8be986e359a9e3b3e5)
Jeremy Allison [Tue, 17 Apr 2012 01:17:25 +0000 (18:17 -0700)]
Bugfix for #8857 - Setting traverse rights fails to enable directory traversal when acl_xattr in use.
We were incorrectly checking the parent directory ACL, instead
of the ACL of the directory we're trying to open.
(cherry picked from commit
faafade5dd948918a27284b82384340995d1bf55)
Jeremy Allison [Tue, 17 Apr 2012 01:04:51 +0000 (18:04 -0700)]
Fix incorrect debug - parent_name is never set !
(cherry picked from commit
bed05b8d6b10c77a98a73318ba483bafcccb8a34)
Jeremy Allison [Fri, 30 Mar 2012 19:23:07 +0000 (12:23 -0700)]
Fix bug #8831 - Inconsistent (with manpage) command-line switch for "help" in smbtree
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Mar 30 22:59:53 CEST 2012 on sn-devel-104
(cherry picked from commit
efd94d159883cb0841d8ac83223a1e63098a8d72)
(cherry picked from commit
815ba9db6f9ae405c6e8a590ee96a31cf30ba481)
Olaf Flebbe [Thu, 12 Apr 2012 09:29:41 +0000 (11:29 +0200)]
Wrong assertion/comparison: Compare value not pointer
Fix bug #8859 (Wrong assertion: Checks pointer not value).
(cherry picked from commit
b2f728823e8976e2ce5a2e630134ae8e01d83e82)
Jeremy Allison [Wed, 25 Apr 2012 22:17:09 +0000 (15:17 -0700)]
Fix bug #8897 - winbind_krb5_locator only returns one IP address.
Reported by Dina_Fine@Dell.com.
Don't ask the DC for an IP list when locating kdc's. Ask for the
name and use getaddrinfo to get all possible addresses instead.
(cherry picked from commit
56b0ec0e91f9af0eb6c109fc1cc300ad5fee3fe6)
Jeremy Allison [Mon, 9 Apr 2012 21:15:22 +0000 (14:15 -0700)]
Final back port of fix for bug #8837 - smbd crashes when deleting directory and veto files are enabled.
Use ndr encoding to add the NT security token into the stored data when
delete on close is set.
(cherry picked from commit
3d9a8dd1a97f68df7d91cef5afe4dda80cc03454)
Jeremy Allison [Mon, 9 Apr 2012 18:47:27 +0000 (11:47 -0700)]
Convert parse_delete_tokens_list() and unparse_share_modes() to use ndr encoding for the struct security_unix_token. We can do this as libsmb_share_modes never looks inside the delete tokens list, only implicitly gets the length.
(cherry picked from commit
5b5351022fb81da09d28ab3e7c8c2e2a8956c45e)
Jeremy Allison [Fri, 6 Apr 2012 22:39:03 +0000 (15:39 -0700)]
The delete tokens are unique to each name hash representing a pathname, if we don't correctly return here we'll add duplicate tokens for a given pasname hash.
(cherry picked from commit
a66a725f6190fe48b6c83dc7f0e65bac6fa4bbac)
Jeremy Allison [Fri, 6 Apr 2012 21:53:48 +0000 (14:53 -0700)]
Fix the talloc heirarchy when adding the unix delete token.
(cherry picked from commit
e691385e25804c744fc820fdd6e039c3cf6b6128)
Jeremy Allison [Wed, 4 Apr 2012 21:57:12 +0000 (14:57 -0700)]
Third part of fix for bug #8837 - smbd crashes when deleting directory and veto files are enabled.
Use correct check to see if veto files has been enabled. Even if not
set lp_veto_files() returns a valid string address (to a '\0' character).
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Apr 5 01:36:04 CEST 2012 on sn-devel-104
(cherry picked from commit
704ea4729b499ae2716cfe6ad5d952bcb1251a3b)
(cherry picked from commit
483c25eb0c88178012cec11f713b714c3c54f8d6)
Jeremy Allison [Wed, 4 Apr 2012 21:53:10 +0000 (14:53 -0700)]
First part of fix for bug 8837 - smbd crashes when deleting directory and veto files are enabled.
Add some const to the sec_ctx code.
(cherry picked from commit
f042de2f346c98a852957cdbb09a7f8ac871b69c)
(cherry picked from commit
dd2246f0262ef1002bf9e348d6097734596ce100)
Volker Lendecke [Sat, 28 Apr 2012 17:51:46 +0000 (19:51 +0200)]
s3: Fix bug 8904 -- wbinfo --lookup-sids "" crashes winbind
Much of the code further down and up the call chain expects the
structures wb_lookupsids returns to be allocated. Do that despite
we have nothing to look up.
(cherry picked from commit
e68662130c6c4c081d23f1a24cc3e9a3d2993224)
Volker Lendecke [Thu, 12 Apr 2012 10:15:50 +0000 (12:15 +0200)]
s3: Fix a segfault with debug level 3 on Solaris
printf can not deal with NULL strings
Fix bug #8861 (smbd crashes on high debug level with anonymous logins).
(cherry picked from commit
237d4dacfed478ce7f23a5f46b609189215259d3)
SATOH Fumiyasu [Mon, 26 Mar 2012 10:13:12 +0000 (19:13 +0900)]
s3-docs: Prepend '/' to filename argument (Bug #8826)
(cherry picked from commit
6804e46811dd13cfd405f7c48a3dc2bc6501d75c)
(cherry picked from commit
e538c0b1f99853e2921c48db28ef32d33f4fd50d)
Ralph Wuerthner [Wed, 4 Apr 2012 15:40:27 +0000 (17:40 +0200)]
s3-smbd: move print_backend_init() behind init_system_info()
On smbd startup check_published_printers() fails with the following error
messages:
[2012/04/04 16:29:50.511526, 0] printing/nt_printing_ads.c:360(check_published_printers)
check_published_printers: Could not create system session_info
[2012/04/04 16:29:50.512101, 0] printing/nt_printing.c:102(nt_printing_init)
nt_printing_init: error checking published printers: WERR_ACCESS_DENIED
check_published_printers() requires session_info to be set, but
initialization of session_info in main() is done after calling
print_backend_init(). Move print_backend_init() behind init_system_info().
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Fix bug #8845 (check_published_printers: Could not create system session_info).
(cherry picked from commit
3bdcf3208c8ff1a99bc457549257af83a869b381)
Björn Baumbach [Wed, 4 Apr 2012 14:41:35 +0000 (16:41 +0200)]
docs: remove whitespace in example samba.ldif (fix bug #8789) (cherry picked from commit
9a68a98e87e5597ba684bea3d5e6a44951e51973)
(cherry picked from commit
6edb03ed1678c4301c559e2f67c131450d3a8cfa)
Volker Lendecke [Sat, 31 Mar 2012 11:37:20 +0000 (13:37 +0200)]
s3-aio-fork: Fix a segfault in vfs_aio_fork
aio_suspend does not signal the main process with a signal, it just waits. The
aio_fork module does not use the signal at all, it directly calls back into the
main smbd by calling smbd_aio_complete_aio_ex. This is an abstraction
violation, but the alternative would have been to use signals where they are
not needed. However, in wait_for_aio_completion this bites us: With aio_fork we
call handle_aio_completed twice on the same aio_ex struct: Once from the call
to handle_aio_completion within the aio_fork module and once from the code in
wait_for_aio_completion.
This patch fixes it in a pretty bad way by introducing flag variables and more
state. But the mid-term plan is to replace the posix aio calls from the vfs and
do pread_send/recv and pwrite_send/recv at the vfs layer, so this will
significantly change anyway.
Thanks to Kirill Malkin <kirill.malkin@starboardstorage.com> for reporting this
crash!
The last 2 patches address bug #8836 (aio_fork segfaults on "smbcontrol
close-share").
(cherry picked from commit
b4abc44a370b8196c72d58a2ed4d8c9bcbc49d17)
Volker Lendecke [Sat, 31 Mar 2012 11:34:42 +0000 (13:34 +0200)]
s3-aio-fork: Fix aio_suspend event hierarchy
We end up here multiple times. There's no real point putting the events into
the child struct, at the end of this routine we need to free them anyway.
(cherry picked from commit
ee81564123be5e21b87e7003b51467180c3fdcb5)
Björn Baumbach [Wed, 4 Apr 2012 14:58:24 +0000 (16:58 +0200)]
docs-xml: fix default name resolve order (fix bug #7564)
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Fri Apr 6 09:54:37 CEST 2012 on sn-devel-104
(cherry picked from commit
189b3d9b24bf553ff7096397c389f20ba99e0dfa)
(cherry picked from commit
ad6d51892597336aa162452f3944393fa5afa7c4)
Andrew Bartlett [Wed, 14 Dec 2011 23:00:36 +0000 (10:00 +1100)]
s3-winbindd Only use SamLogonEx when we can get unencrypted session keys
This ensures that we have some check on the session keys being returned
as the RC4 cipher is not checksumed.
The check comes from the fact that the credentials chain is tied to
the session key, and so if the credentials check passes then the
netlogon session key will be correct, and so the user session key
will be correctly decrypted.
Andrew Bartlett
Part of a fix for bug #8599 (WINBINDD_PAM_AUTH_CRAP returns invalid user session
key).
(cherry picked from commit
8852ad6bd77b44e9dd71de3994869f5603964ef7)
Richard Sharpe [Fri, 9 Mar 2012 22:54:38 +0000 (14:54 -0800)]
Fix bug #8797 - Samba does not correctly handle DENY ACEs when privileges apply. Signed-off-by: Jeremy Allison <jra@samba.org> (cherry picked from commit
9aafc490db58017133bbd7a7f49264ee0d48f0ff)
(cherry picked from commit
28150366a958a3133dc8e418695b914f2ff3f472)
Volker Lendecke [Tue, 20 Sep 2011 20:45:52 +0000 (22:45 +0200)]
v3-6-test: Further fix for bug 8338
OS/X can not deal with a 10-vwv read on normal files.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Sep 21 00:51:08 CEST 2011 on sn-devel-104
(cherry picked from commit
5ca1ff390843e2a0c217a3627297d7af4eadd50d)
Christian Ambach [Tue, 13 Mar 2012 17:07:11 +0000 (10:07 -0700)]
Fix bug #8807 - dcerpc_lsa_lookup_sids_noalloc() crashes when groups has more than 1000 groups
Use correct talloc heirarchy.
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
7936fb0ab8c3413768e83975c9d8544d653ee13c)
(cherry picked from commit
8c4491c6ad126771eafa8ea0f54f733f52437a10)
Karolin Seeger [Fri, 2 Mar 2012 19:29:58 +0000 (20:29 +0100)]
Revert "s3: Add sys_statvfs() wrapper support for OpenBSD/FreeBSD/DragonFly."
This reverts commit
a0d51949abde68134eb35150d797387a1fb57ab7.
https://bugzilla.samba.org/show_bug.cgi?id=8777
--- Comment #9 from Volker Lendecke <vl@samba.org> 2012-03-02 00:32:41 UTC ---
Karolin, would it be possible that you revert
a0d51949abde68134eb35150d797387a1fb57ab7 from v3-6-test? I did test this on
FreeBSD, but it makes the build fail on NetBSD. This patch needs to grow a bit
in master and is not ready for 3.6.
[...]
Volker
(cherry picked from commit
14fe979a32c94ebd88a934bcfaef3cb754e3c04c)
Jeremy Allison [Tue, 28 Feb 2012 17:47:50 +0000 (09:47 -0800)]
Fix problem reported by Tom Lee <tlee2951@gmail.com> - when calculating the share security mask, take priviliges into account for the connecting user.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Feb 28 20:21:26 CET 2012 on sn-devel-104
(cherry picked from commit
6081fabe7e0f461ea7d288c40727d4fb5defce5d)
Fix bug #8784 (Open file with SEC_FLAG_SYSTEM_SECURITY mask requested is blocked
by share security mask.)
(cherry picked from commit
5278f1c89191ae56ffe68feac4eb019fbc8336bc)
Matthieu Patou [Fri, 10 Feb 2012 19:45:21 +0000 (11:45 -0800)]
s3-winbindd: set the can_do_validation6 also for trusted domain
The flag can_do_validation6 was only set for the domain to which
winbindd is the member. Setting this flag in other domains (trusted
domain) if it's active directory domain is a good idea as it allow to do
level 6 validation also when winbindd is querying them directly.
(cherry picked from commit
05036fab0a9847219c73c0abd931a39fba0bccfd)
Address bug #8599 (WINBINDD_PAM_AUTH_CRAP returns invalid user session key).
(cherry picked from commit
01747a5554839f21992b8845328c4b08c3dd8ff8)
Brad Smith [Tue, 28 Feb 2012 19:45:41 +0000 (20:45 +0100)]
s3: Add sys_statvfs() wrapper support for OpenBSD/FreeBSD/DragonFly.
Fix bug #8777.
(cherry picked from commit
a0d51949abde68134eb35150d797387a1fb57ab7)
Matthieu Patou [Sat, 25 Feb 2012 00:13:10 +0000 (16:13 -0800)]
s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path
If not the child process would hang for quite a long time up to the
moment when the connection is cleaned by the kernel (took ~ 20 minutes)
in my tests.
Fix bug #8771 (Winbind takes up to 20 minutes to change from DC 1 to DC 2 and
keeps in the meantime to respond NT_STATUS_IO_TIMEOUT).
(cherry picked from commit
990274481795a47376cdbc95d5f80d830079d702)
Richard Sharpe [Wed, 22 Feb 2012 14:25:54 +0000 (06:25 -0800)]
Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER but has no permission for that, but token has SeTakeOwnershipPrivilege
Autobuild-User: Richard Sharpe <sharpe@samba.org>
Autobuild-Date: Wed Feb 22 19:19:32 CET 2012 on sn-devel-104
(cherry picked from commit
108253250048673493a636fd9fb2bf99b64ccf3c)
Fix bug #8768 (Samba does not honor SeTakeOwnershipPrivilege when file opened
with SEC_STD_WRITE_OWNER).
(cherry picked from commit
4d603924fa07b908994bdc0a15dcfa2f83a3f1be)
Volker Lendecke [Sun, 19 Feb 2012 11:49:55 +0000 (12:49 +0100)]
s3: Fix bug 8567 -- segfault in dom_sid_compare
The underlying problem was that with ldapsam:trusted we require the
a group mapping for the primary group of every user, including root.
(cherry picked from commit
57ff85c0d785be074d2c62bb979fbd104db6edfe)
Volker Lendecke [Thu, 16 Feb 2012 22:22:42 +0000 (14:22 -0800)]
s3: Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY, bug 8760
Back-port of commit
dd5868d41eeaa304a471822d7783526d9f4c37f5
from master. Back-port done by Manoj Dahal <mdahal@novell.com>.
(cherry picked from commit
271a1f42b5dc95bff6ffd93a653ca8a1269e92af)
David Disseldorp [Wed, 15 Feb 2012 15:30:27 +0000 (16:30 +0100)]
s3-printing: fix crash in printer_list_set_printer()
The printer list database format was recently changed to accommodate for
the printcap location field.
One of the tdb_pack calls is not provided with a location string
argument, this causes a crash on some platforms.
https://bugzilla.samba.org/show_bug.cgi?id=8762
(cherry picked from commit
43f9e7400a106cd70d12cf50e84a552f3f75a294)
Stefan Metzmacher [Fri, 14 Oct 2011 14:11:06 +0000 (16:11 +0200)]
s3:dbwrap_ctdb: return the number of records in db_ctdb_traverse() for persistent dbs
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Oct 14 20:59:37 CEST 2011 on sn-devel-104
(cherry picked from commit
15b8efeae3b0133ae60a8ce582e4ca4d4dbe6bb1)
The last 4 patches address bug #8527 (db_ctdb_traverse fails to traverse records
created within the current transaction).
(cherry picked from commit
fa17a5518ff050234cccc1d35ec3699202a3e941)
Günther Deschner [Wed, 12 Oct 2011 09:48:55 +0000 (11:48 +0200)]
s3-dbwrap_ctdb: fix the build.
Michael, please check.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Oct 12 15:25:56 CEST 2011 on sn-devel-104
(cherry picked from commit
fc320551d84508371ab1c082752515d538648f49)
(cherry picked from commit
b0ac12539673a2e6b19e52f36822850b40d9dfae)
Gregor Beck [Thu, 22 Sep 2011 11:58:24 +0000 (13:58 +0200)]
s3:dbwrap: traverse records created within this transaction.
Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
a6cd71da858062a66f83775cf655b79b6c8d75e7)
(cherry picked from commit
fc5ba7a9cc0e3fd76edb85be72406d0e77788dab)
Michael Adam [Fri, 14 Oct 2011 14:33:00 +0000 (16:33 +0200)]
s3:dbwrap: change the dbwrap_traverse() wrapper to return the count in an additional parameter (similar to commit
8f098a635f713652c4846d71e24c0a199c25b8b7)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
9c5bee9f731b70b0a01248f52adf7622025591c2)
Christian Ambach [Fri, 27 Jan 2012 18:25:13 +0000 (10:25 -0800)]
Allow vfs_aio_pthread to build as a static module.
The last 6 patches address bug #8723 (Add pthread-based aio module to 3.6.3.).
(cherry picked from commit
16f900cb94a69a47d627666751d374f097f092f4)
Jeremy Allison [Thu, 26 Jan 2012 01:17:48 +0000 (17:17 -0800)]
Update man page to fix typo vfs_aio_fork -> vfs_aio_pthread, add aio read size, aio write size examples. (cherry picked from commit
12b614a9298974ba5daee7aa8d1aa47006de01e2)
(cherry picked from commit
c738f0ea9e1c2356eab1dac778ceb94f22036f0a)
Jeremy Allison [Thu, 26 Jan 2012 00:54:39 +0000 (16:54 -0800)]
Add vfs_aio_pthread code.
(cherry picked from commit
0ba64e6bc78404b2f75af638c22b52007159d96b)
Jeremy Allison [Thu, 26 Jan 2012 00:27:54 +0000 (16:27 -0800)]
Ensure we always free aio_ex on all error paths by moving the TALLOC_FREE call out of smbd_aio_complete_aio_ex() and into the caller.
(cherry picked from commit
caa7ccae10f9be77cf28890aadff735ca83de93e)
Jeremy Allison [Wed, 25 Jan 2012 22:11:12 +0000 (14:11 -0800)]
Add man page for vfs_aio_pthread module. (cherry picked from commit
d8c699190d2cc0ce64395c7b2b10bb25c98a2943)
(cherry picked from commit
00d59a043dc4008f25cdf44dc233d181114dfa2d)
Jeremy Allison [Thu, 22 Dec 2011 04:38:32 +0000 (20:38 -0800)]
Change the signature of pthreadpool_finished_job() to return 0 on success, errno on fail and return the jobid in a separate variable.
I need this fix for my vfs_aio_pthread.c module.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Dec 22 12:12:33 CET 2011 on sn-devel-104
(cherry picked from commit
711c18c2301d1bea35cac1144080a94e6b89be27)
(cherry picked from commit
b30626720405c435ad48abf8e1445ee8f4b859a3)
Stefan Metzmacher [Thu, 22 Sep 2011 19:04:51 +0000 (21:04 +0200)]
s3:smb2_server: fix a logic error, we should sign non guest sessions
metze
The last 2 patches address bug #8749 (SMB2: SessionSetup responses are not
signed).
(cherry picked from commit
5bfe963d9279571b8392fabf0373b603014615eb)
Michael Adam [Wed, 21 Sep 2011 01:56:30 +0000 (03:56 +0200)]
s3:smb2-server: session setup replies should always be signed (except for guest sessions)
not only if the session should be signed
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Sep 21 11:00:09 CEST 2011 on sn-devel-104
(cherry picked from commit
ecb99789acc1cd8a4caa6635291cf5f44fe39e7e)
Ira Cooper [Sat, 4 Feb 2012 00:47:18 +0000 (16:47 -0800)]
s3-popt: Fix configure.developer builds on Solaris.
alloca.h needs to be included, or the build complains the implicit
definition of alloca.
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Feb 4 03:27:42 CET 2012 on sn-devel-104
(cherry picked from commit
74ca6d1ddb1c5a4fbe9ddb29566878efe1761897)
Fix bug #8743 (configure.developer build is broken).
(cherry picked from commit
9269f41229368b2614880718e710fd461b28196f)
Christian Ambach [Wed, 24 Aug 2011 14:21:37 +0000 (16:21 +0200)]
s3:winbindd fix a return code check
talloc_traverse_dict will return with -1 in case of an error and
might return positive values that indicate the count of found
entries
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Wed Aug 24 18:09:11 CEST 2011 on sn-devel-104
Fix bug #8406 (winbind might not return groupnames to getgrgid nss calls).
(cherry picked from commit
9d5ed16ddac1598918338a432e9effa8ab869300)
Volker Lendecke [Tue, 31 Jan 2012 21:26:35 +0000 (22:26 +0100)]
s3: Add rmdir operation to streams_depot
The last 2 patches address bug #8733 (streams_depot leaves streams around on
rmdir).
(cherry picked from commit
693533ba5b91d74925568f719bdee969c6637ba7)
Volker Lendecke [Tue, 31 Jan 2012 21:26:23 +0000 (22:26 +0100)]
s3: Delete streams on directories
(cherry picked from commit
9ba7748b5f1c08dbefbb8d9c9646f631c2a355e0)
Michael Adam [Wed, 1 Feb 2012 14:25:12 +0000 (14:25 +0000)]
s3:smbd:smb2: fix an assignment-instead-of-check bug conn_snum_used()
Accidential "=" instead of "==".
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Wed Feb 1 17:10:15 CET 2012 on sn-devel-104
(cherry picked from commit
6ba09e039e4efee33ce6b8cd9f919409656c2afb)
Fix bug #8738 (SMB2 server will not release unused shares).
(cherry picked from commit
15a423bf373a8116a0de7a627eaaea3932541e88)
Ira Cooper [Tue, 31 Jan 2012 20:15:36 +0000 (12:15 -0800)]
Fix bug #8729 - getpass regressions on Solaris/Illumos - 3.6 and
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Jan 31 23:28:09 CET 2012 on sn-devel-104
(cherry picked from commit
a1901b55cfa658f39a33d0ea120641f56453fe4e)
(cherry picked from commit
6fdeb105904803d5402619419d4dc8bcc4423c35)
Stefan Metzmacher [Wed, 1 Feb 2012 16:04:17 +0000 (17:04 +0100)]
s3:auth: fill the sids array of the info3 in wbcAuthUserInfo_to_netr_SamInfo3() (bug #8739)
Originally, only the rid array was filled and foreign domain sids were omitted.
Pair-Programmed-With: Michael Adam <obnox@samba.org>
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Feb 2 12:59:32 CET 2012 on sn-devel-104
(cherry picked from commit
dab7b0e7171edf5b11af154175711e2b972c000b)
(cherry picked from commit
53109bfa351da21b07ad99fa9b2a26d7c87bfa44)
Stefan Metzmacher [Wed, 1 Feb 2012 16:02:52 +0000 (17:02 +0100)]
s3:auth: fix potential gap creation in wbcsids_to_samr_RidWithAttributeArray()
Pair-Programmed-With: Michael Adam <obnox@samba.org>
metze
(cherry picked from commit
adbab7710d1fc4ca31469982dae0ee51e6b19896)
(cherry picked from commit
4e9091a65a9a19511763a09ae6a48ec05fb156d6)
Stefan Metzmacher [Tue, 31 Jan 2012 18:02:18 +0000 (10:02 -0800)]
s3:client: ignore SMBecho errors (the server may not support it) (bug #8139) Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
bb28a9387d3c76f6f8c7f79ec61d37a499d6c8f6)
Matthieu Patou [Mon, 30 Jan 2012 08:05:08 +0000 (00:05 -0800)]
s3-winbind: don't try to do clever thing if the username is not found while authenticating through winbind
This could cause that we authenticate a user with a bogus domain to
winbind's domain if the password supplied for the PAM_AUTH match.
The problem was reported by Jeff Venable (jvenable@juniper.net).
Patch from Andrew Bartlett (abartlett@samba.org).
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Mon Jan 30 18:58:12 CET 2012 on sn-devel-104
(cherry picked from commit
56d5cb938651b9c67a8400d1adc61a23889a6a29)
Fix bug #8734 (When using PAM_AUTH API from winbind if Kerberos auth is enabled,
samba will authenticate user with a bogus domain).
(cherry picked from commit
a1ea9634fd07d1a949b9f772c36fcfb84c2f230f)
Andrew Bartlett [Sat, 28 Jan 2012 00:03:55 +0000 (16:03 -0800)]
Fix for bug #8727 - smbclient fails with posix large reads.
s3-libsmb Do not limit read replies to NBT packet sizes
With the posix extensions, we can read 16MB at a time, so we need to check
the full size of the packet, not the size rounded down to the old NBT
limit.
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
e86ad41af9d50265cab7cfdabdacb40bb4d3acc0)