git.samba.org - samba.git/log

Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS.

Ensure we never wrap whilst adding client provided input.
CVE-2013-4124

Signed-off-by: Jeremy Allison <jra@samba.org>

WHATSNEW: Start release notes for Samba 3.6.17.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit 1e064e91759b541bfee81c9f0df9392d12ba9e84)

VERSION: Bump version number up to 3.6.17.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit 35c13477545df38c279ba83eeba5fe3273bdf41f)

WHATSNEW: Add another fix since 3.6.15.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit c81635ab7a6f2d6ed68cba92809053ea036dae76)

s3-autoconf: Add missing libtevent dependency for dbwrap_torture.

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Karolin Seeger <kseeger@samba.org>
The last 3 patches are part of a fix for bug #9881 - Samba doesn't check for
system libtevent.
(cherry picked from commit 30187a839643337415ce78efec566aeff80f5a60)

s3-autoconf: Add missing libtevent dependency to dbwrap_tool.

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit f46e512bc033fb7b1303fbadfba96634041bcdcb)

s3-autoconf: Add missing libtevent dependency.

Signed-off-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit f7588c73b9e8d95dcf3ca15067e05284dc117d3d)

WHATSNEW: Add changes since 3.6.15.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit a1a0c53d87fea7565032e22cb59a1bb9cddd0656)

Bug 8997: change libreplace GPL source to LGPL

libreplace currently includes socket.c and getifaddrs.c both of which
are GPL licensed.
Although not required, talloc and tdb build alongside this source,
leading to some ambiguity regarding their LGPL licences.

The following copyright holders have agreed to the GPL->LGPL change:
lib/replace/getifaddrs.c
   Copyright (C) Andrew Tridgell 1998
   Copyright (C) Jeremy Allison 2007
   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007

lib/replace/test/getifaddrs.c
lib/replace/socket.c
* Copyright (C) Michael Adam <obnox@samba.org> 2008

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 8a6743e4edcdff1c7860d150720483f19f3b33bb)
(cherry picked from commit acae464f7fedd96bbddaed5227756328ea0fe32d)

When message-type is drvupgrade, MSG_DEBUG should be replaced with MSG_PRINTER_DRVUPGRADE.

Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Fix bug #9941 - Fix a bug of drvupgrade of smbcontrol.
(cherry picked from commit 242cc0b992cc627d6b1730ce089e39125ed7d300)

check_parent_exists() can change errno. Ensure we preserve it across calls.

Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Apr 30 11:00:11 CEST 2013 on sn-devel-104

Fix bug #9927 - errno gets overwritten in call to check_parent_exists().
(cherry picked from commit b5243a52a237b524b7afb8125c4b75378af622d1)

BUG 9881: Check for system libtevent.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit 5e6dfd1650d724c5f21b1b4324dfd44c68c3046d)

Fix bug #9822 - Samba crashing during Win8 sync.

When refactoring the dptr desctructor in the
fix for bug:

9778 (Samba directory code uses dirfd() without vectoring through a VFS call)

I removed the code to NULL out the struct smb_Dir *
pointer inside the fsp struct by mistake.

Re-add the NULLing out of that pointer when
closing a directory pointer associated with
an open file.

Reporter confirms it fixes the crash.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Sat Apr 27 20:44:55 CEST 2013 on sn-devel-104
(cherry picked from commit 251767cde9a146d8122d76e257ab232c05ad452a)
(cherry picked from commit fe51e23801b24af43ce605f51f3e607fae74d3b7)

Remove dependency on detection of HAVE_DIRFD for use of fdopendir().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Apr 12 16:21:10 CEST 2013 on sn-devel-104
(cherry picked from commit 7a4dd845958f1411daa8031ca242987001ab2f26)
(cherry picked from commit abff441e445431970d1e25fa79e10276e576d9e3)

Remove the "Ugly hack" that was the second use of dirfd().

The destructor does all the resource deallocation needed.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 0fe894fb89f4867e266bb04670a58101311e0234)
(cherry picked from commit 8d96eb3666ce2e0f016068dfae60eb32ed2b518e)

In the struct smb_Dir destructor, use the fsp back pointer to release resources.

Removes one use of dirfd().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit ea14c9443178da9ae6ccbe71e573156396f6f699)
(cherry picked from commit 93417c945e12c3d03ba5c4b1cc0b02fb8dd692e0)

Maintain a back-pointer to the fsp in struct smb_Dir when opening with FDOPENDIR.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit e89ec641fc98ffd7f7193deb3728b0a284a093eb)
(cherry picked from commit 2683c9ba9d85ca7f341ae3b21d6e0430a4e7b8d7)

Fix bug 9900: is_printer_published GUID retrieval

Samba currently always responds to GetPrinter(level = 7) requests with
DSPRINT_UNPUBLISH, regardless of the AD publish status tracked via the
PRINTER_ATTRIBUTE_PUBLISHED flag. This is due to erroneous "objectGUID"
unmarshalling in is_printer_published().

This change splits "objectGUID" retrieval into a separate function, and
adds a pull_reg_sz() call to correctly unmarshall the GUID.
(cherry picked from commit 577b2e554cff29d7676ef74ace1536210503601c)

printing: explicitly clear PUBLISHED attribute

Currently nt_printer_publish(DSPRINT_UNPUBLISH) flips (via xor) the
info2->attributes PRINTER_ATTRIBUTE_PUBLISHED flag, rather than
explicitly clearing it.
(cherry picked from commit d867da670e42e3cbcf5f251a8a758f9506511086)

printing: use const in is_printer_published
(cherry picked from commit c8e399b8b164e13789dcaa8801cb74f26d91f22a)

s3-docs: Remove "experimental" label on "max protocol=SMB2" parameter

Fix bug #9688 - smb.conf(5) says: "max protocol=SMB2" is experimental.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit c5173ab356e49625da01d4f2e703f53748d7db4a)

Makefile: Fix bug 9868 -- Don't know how to make LIBNDR_PREG_OBJ.

Thanks to Lucs for finding the issue

Signed-off-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 16ed254d9ca66ba0e3effcb1dcb4ac71d62b7d88)

Remove the compound_related_in_progress state from the smb2 global state.

And also remove the restriction that we can't read a new
request whilst we're in this state.

Signed-off-by: Jeremy Allison <jra@samba.org>
The last 4 patches address bug #9722 - Samba does not properly handle Oplock
breaks in compound requests.
(cherry picked from commit 9094b538c85a550b40827799f56427a926d315cd)

The core of the fix to allow opens to go async inside a compound request.

This is only allowed for opens that cause an oplock break, otherwise it
is not allowed. See [MS-SMB2].pdf note <194> on Section 3.3.5.2.7.

Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit f4900ce9e0c52beb2dcf34eaf4bcd5f398d7900c)

Ensure we don't try and cancel anything that is in a compound-related request.

Too hard to deal with splitting off the replies.

Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 5185365c6b215905663aca5161924a357268f64d)

Only do the 1 second delay for sharing violations for SMB1, not SMB2.

Match Windows behavior.

Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 171087a499531bf529fe800de73e0e10ecdcc6f7)

WHATSNEW: Start release notes for Samba 3.6.16.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit 1303a689c7530cd1b4787050dd837a5e655544bc)

VERSION: Bump version up to 3.6.16.

Karolin
(cherry picked from commit 9b46794780b906e0e38e8f86a49c2ae2ee556c16)

WHATSNEW: Prepare release notes for Samba 3.6.15.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit 8a3db2e8ef12d259feaa2af5092ddda74c5b4def)

winbind: Fix bug 9854 -- NULL pointer dereference

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue May 7 14:49:07 CEST 2013 on sn-devel-104
(cherry picked from commit 8c1283a89f746a108e8014b6fbc9a58a371950cf)
(cherry picked from commit 0872d998cd2bcfa274283bd7dd1d70010ca33166)

BUG 9817: Fix 'map untrusted to domain' with NTLMv2.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr 24 17:14:48 CEST 2013 on sn-devel-104
(cherry picked from commit 62873916076d748f7c91868a6cd28d35e64d8dca)

bug 9830: fix panic in nt_printer_publish_ads

Check for ads_find_machine_acct() errors, to ensure a NULL LDAPMessage
pointer doesn't get passed to ldap_get_dn().

Signed-off-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit dd07b3c4973b169f07d227869dba8d0f4a76569a)

s3:librpc: add support for PFC_FLAG_OBJECT_UUID when parsing packets (bug #9382)

Now the logic matches the one in dcerpc_read_ncacn_packet_done().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: David Disseldorp <ddiss@suse.de>
(cherry picked from commit 65860c540faba0ca3542ee2edc0a16fa76a2bcde)

s3-smbd: Split make_serverinfo_from_username guest parameters into two parts

This handles differently the case where we are the guest (from security=share) and
when we are forced to be a different user with force user. We want to maintain
only the is_guest flag if were forced to become any other user, we need the rest
of the token to change.

Andrew Bartlett

Fix bug #9746 - guest ok + force user + force group doesn't work.
(cherry picked from commit 24d68d799553b0806e580a47aed70a4eaac09191)

WHATSNEW: Start release notes for Samba 3.6.15.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit 022d37a0626086ea0f1776feeead070335923871)

VERSION: Bump version number up to 3.6.15.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit f0d5f12c2780726085cff4c17b1c4b584515e1af)

WHATSNEW: Add some information on migrating printers.

Thanks to Andreas for providing the text and making sure that it ends up in the
release notes!

Karolin
(cherry picked from commit 5aba70a99dd8d3e7e12a4837c00194eaba5f271c)

WHATSNEW: Add changes since 3.6.13.

Karolin
(cherry picked from commit 544e41ec27bcc8c5fe3ec784c4a937830bc8096b)

docs: Fix bug 9809 -- missing entry in specfile

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon Apr 22 11:35:52 CEST 2013 on sn-devel-104
(cherry picked from commit 5512a43a93833d3d6f1721d69c894db0e2c77ef8)
(cherry picked from commit 7441f3d9f1d2cec29e0caaeaf7a4fc92761fe82f)

Fix bug 9811 - Old DOS SMB CTEMP request uses a non-VFS function to access the filesystem.

Fix bug in old create temp SMB request. Only use VFS functions.

Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 61d591bb1eacbd7bcdf6a1c4abe8442edfece524)

Bug 9807 - wbinfo: fix segfault in wbinfo_pam_logon

wbinfo_pam_logon() incorrectly assumes that wbcLogonUser() always
returns an allocated wbcAuthErrorInfo struct on failure.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 17 21:29:29 CEST 2013 on sn-devel-104
(cherry picked from commit 8bb8f0011e567501a98a901adcfffbf4f34e73ae)

BUG 9766: Cache name_to_sid/sid_to_name correctly.

If there is no domain_name specified we still need to set to for
caching else we will not find the entry later if we lookup the entry
with the domain_name.

Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Apr 9 16:32:44 CEST 2013 on sn-devel-104
(cherry picked from commit afcbaf373a1959f2323ffa729886b688c2b965e3)

BUG 9139: Fix the username map optimization.

If we successfully map a user. We call

set_last_from_to(user_in, unixname);

in the while loop reading the map file. After a successfull map we don't
stop and continue the loop to check all other mappings in the username
mapfile. But when we hit the end of the file and leave the loop we call:

set_last_from_to(user_in, user_in);

This overwrites the successful mapping, and the next time we call
map_username() we skip the username and no mapping is done.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit d9b8bd03d002e0329a4b0ed4b1cc81d64fe9c6eb)

BUG 9699: Fix adding case sensitive spn.

We should be able to define the case of the spn cause it is important
for some services like nfs. 'net ads keytab add "nfs"' should not
result in an uppercase spn.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 6848fb121a3a16b2d87b2bf2f7cca8364a1343f1)

vfs_fake_perms: Fix bug 9775, segfault for "artificial" conn_structs
(cherry picked from commit 70107fc911570bbbc1cd613e9c594f5481e5685e)

Optimization suggested by Volker. Don't do a stat system call on normal read path.

Only do it if we need it in the sendfile() path.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Mar 28 17:51:22 CET 2013 on sn-devel-104

Fix bug #9748 - Remove unneeded fstat system call from hot read path.
(cherry picked from commit 60a2fb5ddac02376d82f323f2acb1211bb7929e3)

smbd: Tune "dir" a bit.

for i in $(seq 1 20000) ; do echo dir ; done | smbclient //127.0.0.1/tmp -U%

without and with this patch:

$ time bin/smbd -d0 -i
smbd version 4.1.0pre1-GIT-1f139ae started.
Copyright Andrew Tridgell and the Samba Team 1992-2013
Beendet

real    0m28.342s
user    0m10.249s
sys     0m10.513s

$ time bin/smbd -d0 -i
smbd version 4.1.0pre1-GIT-1f139ae started.
Copyright Andrew Tridgell and the Samba Team 1992-2013
Beendet

real    0m27.348s
user    0m9.089s
sys     0m10.853s

The "real" timestamp is irrelevant, this also contains the time between
starting smbd and the smbclient job. It's the "user" time. The result that this
patch improves the time spent in user space by 10% is consistent.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Fix bug #9736 - Change to smbd/dir.c code gives significant performance
increases on large directory listings.
(cherry picked from commit 565d1409c7c424fbbeed1e98b042d3970b0acf73)

BUG 9735: Fix winbind seperator in upn to username conversion.

Reviewed-by: Günther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 01192ce939cf77737de8efe7072dded5c3e1da94)

Fix bug #9733 - smbcontrol close-share is not working.

As part of forcibly disconnecting a client from a share,
smbd must atomically call reload_services() to ensure that
the entry in the ServicePtrs[] array corresponding to
that share is removed if the share was removed from
the smb.conf or registry entries.

Otherwise the ServicePtrs[] array entry for the share
remains active and the client races to auto-reconnect to
the share before a second message to reload the smb.conf
file can be sent.

This has to be done as part of the close-share message
processing, as removing the share from the smb.conf file
first, then telling the smbd to reload followed by the
forcible disconnect message doesn't work as in this
sequence of events when the reload message is received
the client is still connected to the share, so the
ServicePtrs[] entry is still left active.

The forcible-disconnect + service reload has to be done
together as an atomic operation in order for this to work.

Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 1df61789ca466923a7a252244888bd1b7cfbc79e)

Final fix for bug #9130 - Certain xattrs cause Windows error 0x800700FF

The spec lies when it says that NextEntryOffset is the only value
considered when finding the next EA. We were adding 4 more extra
pad bytes than needed (i.e. if the next entry already was on a 4
byte boundary, then we were adding 4 additional pad bytes).

Signed-off-by: Jeremy Allison <jra@samba.org>
The last 5 patches address bug #9130 - Certain xattrs cause Windows error
0x800700FF.
(cherry picked from commit 57db33599589b06a60cb7cbb454f87bf40c542e0)

Ensure we don't return uninitialized memory in the pad bytes.

Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 79503841059e945e6b14fa8c92375041c5390764)

Fix bug #9130 - Certain xattrs cause Windows error 0x800700FF

Ensure we never return any zero-length EA's.

Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 8794bb97495a7de4bf98f497abdf713be68db7a9)

Change estimate_ea_size() to correctly estimate the EA size over SMB2.

Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit c6688532c8a01836f29a38806ced62b34617222d)

Modify fill_ea_chained_buffer() to be able to do size calculation only, no marshalling.

Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 45654424a5c686a43cd9edb8026c0d0424260fd9)

wkssvc: Fix bug 9727, NULL pointer dereference

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Mar 18 11:39:27 CET 2013 on sn-devel-104
(cherry picked from commit 05a7a10c88be99d864eacd6f9d37a340022f01f6)
(cherry picked from commit 64fb72ccb26b8e48c50407bc58618499ab2f5603)

printing: update registry and publish in background

Currently all smbd processes unnecessarily access each printer registry
TDB entry following printcap cache reload.
This change moves responsibility for this to the background print queue
process.

This and the last four commits address bug 9650: New or delete cups
printerqueues are not recognized by the samba.
(cherry picked from commit ac6604868d1325dd4c872dc0f6ab056d10ebaecf)

spoolss: only reload printers on pcap update message

Printcap cache updates are the responsibility of the background
printing process, which after doing so broadcasts a MSG_PRINTER_PCAP
message. Spoolssd should only reload printers after receiving such a
message.
(cherry picked from commit c30c66d8b5b4ebbde1b148c51310e336f29ca04e)

printing: add sighup and conf change handlers

The background printing process is now responsible for all printcap
cache updates, which should be done on SIGHUP and configuration change.
(cherry picked from commit f4af7c4d4cafe15c437742d450c7753a8b6d8422)

printing: move pcap change notifier to bg process

The background print queue process is responsible for printcap cache
updates, and should be the only process to send notifications.
(cherry picked from commit 23ac828ba93e2ffc60ced19656af9609dcc1b2ab)

smbd: fix cups printcap cache updates on startup

On startup the parent smbd process currently calls pcap_cache_reload(),
which is done immediately before the background queue process is forked.

pcap_cache_reload() is asynchronous with cups, in that it forks a
separate process to obtain the printer listing. The cache_fd_event
print_cups.c global variable is used to track when a cups printer
listing is in progress.

cache_fd_event is set when the background queue process is forked, due
to smbd's pcap_cache_reload() call immediately prior. As a result, the
background queue process assumes an existing pcap_cache_reload() call is
indefinitely outstanding, causing the printcap cache to remain stale
thereafter.
(cherry picked from commit d7286bb6520ebe03355e98e3311e1d79e2746791)

Make sure that we only propogate the INHERITED flag when we are allowed to.

Signed-off-by: Jeremy Allison <jra@samba.org>
Fix bug #9747 - When creating a directory Samba allows inherited bit to slip
through.
(cherry picked from commit 93bca1881e3a8993c76fec408d7c0c369556683d)

torture: Add ntprinting latin1 test.

Reviewed-by: Günther Deschner <gd@samba.org>
The last 7 patches address bug #9723 - Add a tool to migrate latin1 printing
tdb's to registry.
(cherry picked from commit 97bb3cc15bfa6572486e176aed9040ee3e7df714)

s3-net: Add encoding=<CP> to 'net printing dump'.

Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit c28da2d725e70a5494bebee3b4bb35a85ea7cf3b)

s3-net: Add encoding=<CP> to 'net printing migrate'.

This allows you to convert printing tdb's which are in e.g. in latin1 to
convert to UTF-8 and import them into the registry.

Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 3877c1865550446ed25ac06a809518135d62e4f8)

ndr: Pass down string_flags in ndr_pull_ntprinting_printer().

Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit fa6a654790e2d61a3d69cdfed8ecba74450a870f)

idl: Add flags for strings in ntprinting idl.

Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 171251595f18f5518f15d7b8c05aea68df0b024f)

ndr: Add ndr_ntprinting_string_flags() function.

It defaults to utf8string.

Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 6abfeb7d806e40c932f09f0323f20535b54a5613)

pidl: Add skip option to elements.

This option allows to skip struct elements in pull and push function.
This can be used to pass flags to the structure e.g. for string values.

Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 7f13e139825a4363d8d304c5b86c805bb2a1b0db)

Fix bug #9724 - is_encrypted_packet() function incorrectly used inside server.

The is_encrypted_packet() function should only be used on the raw received data
to determine if a packet came in encrypted. Once we're inside the SMB1
processing code in smbd/reply.c we should be looking at the
smb1request->encrypted field to determine if a packet was really encrypted or
not.

Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 3bc39aa493aa8d2db9ac423d82bed08bda10e754)

WHATSNEW: Start release notes for Samba 3.6.14.

Karolin
(cherry picked from commit fb7971cf9305f4a596636c73c17a3c73bfcbdb02)

VERSION: Bump version number up to 3.6.14.

Karolin
(cherry picked from commit 5e70508c735dee1daab09bbf394b65080e21c551)

WHATSNEW: Prepare release notes for Samba 3.6.13.

Karolin
(cherry picked from commit f70d3d214c7d3f45cac98678a37762b9a67d56f1)

vfs_catia: new version of the manual page for samba-3.6.x

well, i was not aware of the change
./docs-xml/manpages-3/
./docs-xml/manpages/
in samba-4.0.x

Signed-off-by: Guenter Kukkukk <kukks@samba.org>
The last 4 patches address bug #9701 - vfs_catia is not working anymore (due to
a former regression).
(cherry picked from commit 17113c33a77a257560f33dbb35286ae20250a8f5)

vfs_catia: add my copyright

Signed-off-by: Guenter Kukkukk <kukks@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit ddb98cae501020e2fc02523b4083d16dc44d8908)

vfs_catia: fix the translation to "vfs_translate_to_windows"

THANKS to an IRC user (Raimund ?) who asked for a char mapping possibility.
I suggested vfs_catia - but it did not work!
Hopefully now it will. :-)

Signed-off-by: Guenter Kukkukk <kukks@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit ad8fe6215f68d2aaf143b44888b75498cfd03e6d)

vfs_catia: add debug class for that module

Signed-off-by: Guenter Kukkukk <kukks@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 58ac0d30aba4a0c0aab2a358b42e17d8c0e896ca)

selftest: Skip tests failing on ext4 fs.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 797c7ff362fad007b0bb1d24f5b10a77c77af5fb)

Fix bug #9637 - Renaming directories as guest user in security share mode doesn't work.

Ensure guest is treated consistently when creating a auth_serversupplied_info struct.

Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 9d4d9b99740f3500e682a4067a1b5e566845ea27)

winbind: Don't leak centry memory. Reviewed-by: Alexander Bokovoy <ab@samba.org>

The last two patches address bug #9684 - Fix two resource leaks in winbindd.
(cherry picked from commit eb657c324f83e94d46f80b9c1b97fa0228c3a47a)

winbind: Don't leak memory on return. Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 30d7a3ad920456fee2a589b501ba835d13de6c29)

Fix bug #9039 'map untrusted to domain' treats WORKSTATION as bogus domain.

s3: never try to map global SAM name

Do not treat the global SAM name as a BOGUS domain, and exempt
local users from mapping, instead. This change reinstates the
exact mapping behaviour of Samba 3.2 if parameter 'map untrusted
to domain' is set.

Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit 180ef28a4874026740e3b5381fe4d25fb70167bf)

pdb: Fix array overrun by one. Reviewed-by: Alexander Bokovoy <ab@samba.org>

Signed-off-by: Andreas Schneider <asn@samba.org>
Fix bug #9686 - Fix a possible buffer overrun in pdb_smbpasswd.
(cherry picked from commit b174e1b496659c9e7a0fc70ad49ed0fc5906d252)

build/autoconf: put ld check variable in quotes

Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit ac9620b942d6d51a1c35c4177c3f241351fc1ebd)

The last 2 patches address bug #7825 (need to fix GNU ld version detection with
old gcc releases).
(cherry picked from commit b76501dbf14bcba0eba7b5420b191caf237f0b35)

build/autoconf: fix check for GNU ld version

we need to look for the version once in the stdout and once in the stderr
output. Some version of ld output to stdout, some output to stderr. redirecting
stderr to stdout messes the output up in our case, that's why we have to do two
runs. See also bug #7825.

Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Tue Feb 19 20:56:12 CET 2013 on sn-devel-104
(cherry picked from commit ff8ba0628f6f13a5be1df94e5ac2e83008b7c69c)
(cherry picked from commit 1f1feddc6f414a91859b0dae77b34953b479d47e)

smbd: fix initial large PAC sess setup response

An oversize Kerberos security token may be split across multiple Session
Setup AndX requests when authenticating as a user who is a member of
many (~2000) groups.
In such a case the NativeOS, NativeLanMan & PrimaryDomain fields must be
sent with the NT_STATUS_MORE_PROCESSING_REQUIRED response. Otherwise
Windows clients may resend the same security token data in subsequent
session setup andX requests, as observed with Windows 7 and Server 2012.

This change fixes the SMB1 server only.

Fix bug #9658 - Session Setup AndX exchange fails with an oversize security
token.
(cherry picked from commit e28ec902a207655acab665c4cfabb1f2031fb24f)

Fix bug 9519 - Samba returns unexpected error on SMB posix open.

Explicitly ignore bare O_EXCL flags instead of returning INVALID_PARAMETER.
That's what the Linux kernel does.

Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit d21280f983249038bf7efda4edc1b1eadaff546a)

s3: Make SMB2_GETINFO multi-volume aware.

Not all shares are a single volume. Some actually
expose multiple volumes under a single share. In these
cases showing the amount of space free as the space free
at the base of the directory heirarchy is wrong.

Reviewed-by: Jeremy Allison <jra@samba.org>
Fix bug #9646 - dir and similar commands are returning the wrong amount of free
space.
(cherry picked from commit 872a7d61ca769c47890244a1005c1bd445a3bab6)

Fix bug 9633: recursive mget should continue on EPERM

Regression introduced by 14ff2e8de9bd8d0064762234555260f5eea643fe.
When downloading files recursively, smbclient halts if it encounters
a folder to which it does not have permission to traverse.
(cherry picked from commit e5b4ac7978213acf7517b6852f7750e41cad787a)

s3:auth: wbcAuthenticateEx gives unix times (bug #9625)

We also need to convert last_logon, last_logoff and acct_expiry
from unix time to nt time.

Otherwise a windows member server will reject clients
using CAP_DYNAMIC_REAUTH or smb2) with STATUS_NETWORK_SESSION_EXPIRED,
if the logoff and kickoff time is expired.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit 292504a759caf811fb6201e273ffeab20522a991)

Fix bug #9585 - Samba 3.6.x not correctly signing any but the last response in a compound request/response

Add in the missing code we already have in master
and 4.0.x.

Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 022e1d889cbb752fc4f339dd537486bf3a52e34e)

Fix bug #9586 - smbd[29175]: disk_free: sys_popen() failed" message logged in /var/log/message many times.

Ensure when reading lines from an interruptible
pipe source we ignore EINTR.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jan 24 10:45:48 CET 2013 on sn-devel-104
(cherry picked from commit 497febfe36354c4aff3696cd32c6c7e8fee55af8)
(cherry picked from commit 035be05db96b0544434febc33349adb910dba78e)

Fix bug #9571 - Unlink after open causes smbd to panic.

s3:smbd: fix wrong lock order in posix unlink

Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit fb0868e290cdc23671a84b7600af689a8b8b806f)

Fix bug #9588 - ACLs are not inherited to directories for DFS shares.

We can return with NT_STATUS_OK in an error code path. This
has a really strange effect in that it prevents the ACL editor
in Windows XP from recursively changing ACE entries on sub-directories
after a change in a DFS-root share (we end up returning a path
that looks like: \\IPV4\share1\xptest/testdir with a mixture
of Windows and POSIX pathname separators).

Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 99d2cb211f04e907bf2ed19656843026207ae0e3)

Fix bug #9587 - archive flag is always set on directories.

Creating a directory to a Samba share sets the attributes to 'D' only
(correct) - only when creating a new file should the 'A' attribute
be set.

However, doing a rename of that directory sets the 'A' attribute in error.
This should only be done on a file rename. smbclient regression test to follow.

Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 6603013f8f03773d141c33fd1c4923197a5350c8)

BUG 9474: Downgrade v4 printer driver requests to v3.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 21 16:11:02 CET 2013 on sn-devel-104
(cherry picked from commit 58fadf2f48a2a409b4ee98fdc0166c7f801a7629)
(cherry picked from commit ae0cf58a75874541c4c9b8b29a2b1fc45928be69)

spoolss: add SPOOLSS_DRIVER_VERSION_2012 (4) define to IDL.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 638ed90620e3c6a35ef56a11c612c13d6b7d6ff5)
(cherry picked from commit 93a1d4ee4685305e0060e9d5c8028c96ff83257d)

BUG 9378: Add extra attributes for AD printer publishing.

Currently attempting to publish a printer in AD fails with "Object class
violation", due to a number of missing attributes in the LDAP request.

Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 069f1029a76c9b9c0a48ac7cb3d2c5f45c3a231c)

printing: Remove invalid free from error path.

Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 31d61ad8f9c850c302c83a65af8474545723ea1c)

BUG 9574: Fix a possible null pointer dereference in spoolss.

If the the client enumerates the printers and didn't specify a
servername we have a null pointer dereference, so the process serving
the connection crashes.

Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Jan 21 13:30:11 CET 2013 on sn-devel-104
(cherry picked from commit c38fb0b106b62e42a5b75b1c78386bb8912c7d7e)
(cherry picked from commit a2d68842ea33733fa7900831ed10e73f820afcf7)

s3-rpc_server: Fix a possible null pointer dereference.

This variable can be set to NULL in an earlier function call.

Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 72e02c73b64f1ff56b2d53ec63d68486a4f1ff90)
(cherry picked from commit 43810c80936c8f509cc2adba6193dd4c55325875)