Jeremy Allison [Thu, 11 Jul 2013 00:10:17 +0000 (17:10 -0700)]
Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS.
Ensure we never wrap whilst adding client provided input.
CVE-2013-4124
Signed-off-by: Jeremy Allison <jra@samba.org>
Karolin Seeger [Wed, 19 Jun 2013 08:53:41 +0000 (10:53 +0200)]
WHATSNEW: Start release notes for Samba 3.6.17.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
1e064e91759b541bfee81c9f0df9392d12ba9e84)
Karolin Seeger [Wed, 19 Jun 2013 08:47:13 +0000 (10:47 +0200)]
VERSION: Bump version number up to 3.6.17.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
35c13477545df38c279ba83eeba5fe3273bdf41f)
Karolin Seeger [Wed, 19 Jun 2013 07:33:11 +0000 (09:33 +0200)]
WHATSNEW: Add another fix since 3.6.15.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
c81635ab7a6f2d6ed68cba92809053ea036dae76)
Michael Adam [Tue, 18 Jun 2013 09:47:17 +0000 (11:47 +0200)]
s3-autoconf: Add missing libtevent dependency for dbwrap_torture.
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Karolin Seeger <kseeger@samba.org>
The last 3 patches are part of a fix for bug #9881 - Samba doesn't check for
system libtevent.
(cherry picked from commit
30187a839643337415ce78efec566aeff80f5a60)
Michael Adam [Tue, 18 Jun 2013 09:32:19 +0000 (11:32 +0200)]
s3-autoconf: Add missing libtevent dependency to dbwrap_tool.
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
f46e512bc033fb7b1303fbadfba96634041bcdcb)
Andreas Schneider [Mon, 17 Jun 2013 09:53:09 +0000 (11:53 +0200)]
s3-autoconf: Add missing libtevent dependency.
Signed-off-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
f7588c73b9e8d95dcf3ca15067e05284dc117d3d)
Karolin Seeger [Mon, 17 Jun 2013 07:34:16 +0000 (09:34 +0200)]
WHATSNEW: Add changes since 3.6.15.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
a1a0c53d87fea7565032e22cb59a1bb9cddd0656)
David Disseldorp [Mon, 3 Jun 2013 11:00:31 +0000 (13:00 +0200)]
Bug 8997: change libreplace GPL source to LGPL
libreplace currently includes socket.c and getifaddrs.c both of which
are GPL licensed.
Although not required, talloc and tdb build alongside this source,
leading to some ambiguity regarding their LGPL licences.
The following copyright holders have agreed to the GPL->LGPL change:
lib/replace/getifaddrs.c
Copyright (C) Andrew Tridgell 1998
Copyright (C) Jeremy Allison 2007
Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
lib/replace/test/getifaddrs.c
lib/replace/socket.c
* Copyright (C) Michael Adam <obnox@samba.org> 2008
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
8a6743e4edcdff1c7860d150720483f19f3b33bb)
(cherry picked from commit
acae464f7fedd96bbddaed5227756328ea0fe32d)
Peng Haitao [Wed, 22 May 2013 21:03:13 +0000 (14:03 -0700)]
When message-type is drvupgrade, MSG_DEBUG should be replaced with MSG_PRINTER_DRVUPGRADE.
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Fix bug #9941 - Fix a bug of drvupgrade of smbcontrol.
(cherry picked from commit
242cc0b992cc627d6b1730ce089e39125ed7d300)
Anand Avati [Mon, 29 Apr 2013 22:21:00 +0000 (15:21 -0700)]
check_parent_exists() can change errno. Ensure we preserve it across calls.
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Apr 30 11:00:11 CEST 2013 on sn-devel-104
Fix bug #9927 - errno gets overwritten in call to check_parent_exists().
(cherry picked from commit
b5243a52a237b524b7afb8125c4b75378af622d1)
Andreas Schneider [Tue, 14 May 2013 07:59:44 +0000 (09:59 +0200)]
BUG 9881: Check for system libtevent.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
5e6dfd1650d724c5f21b1b4324dfd44c68c3046d)
Jeremy Allison [Fri, 26 Apr 2013 17:47:41 +0000 (10:47 -0700)]
Fix bug #9822 - Samba crashing during Win8 sync.
When refactoring the dptr desctructor in the
fix for bug:
9778 (Samba directory code uses dirfd() without vectoring through a VFS call)
I removed the code to NULL out the struct smb_Dir *
pointer inside the fsp struct by mistake.
Re-add the NULLing out of that pointer when
closing a directory pointer associated with
an open file.
Reporter confirms it fixes the crash.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Sat Apr 27 20:44:55 CEST 2013 on sn-devel-104
(cherry picked from commit
251767cde9a146d8122d76e257ab232c05ad452a)
(cherry picked from commit
fe51e23801b24af43ce605f51f3e607fae74d3b7)
Jeremy Allison [Wed, 10 Apr 2013 23:30:10 +0000 (16:30 -0700)]
Remove dependency on detection of HAVE_DIRFD for use of fdopendir().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Apr 12 16:21:10 CEST 2013 on sn-devel-104
(cherry picked from commit
7a4dd845958f1411daa8031ca242987001ab2f26)
(cherry picked from commit
abff441e445431970d1e25fa79e10276e576d9e3)
Jeremy Allison [Wed, 10 Apr 2013 23:29:03 +0000 (16:29 -0700)]
Remove the "Ugly hack" that was the second use of dirfd().
The destructor does all the resource deallocation needed.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
0fe894fb89f4867e266bb04670a58101311e0234)
(cherry picked from commit
8d96eb3666ce2e0f016068dfae60eb32ed2b518e)
Jeremy Allison [Wed, 10 Apr 2013 23:24:15 +0000 (16:24 -0700)]
In the struct smb_Dir destructor, use the fsp back pointer to release resources.
Removes one use of dirfd().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
ea14c9443178da9ae6ccbe71e573156396f6f699)
(cherry picked from commit
93417c945e12c3d03ba5c4b1cc0b02fb8dd692e0)
Jeremy Allison [Wed, 10 Apr 2013 23:21:39 +0000 (16:21 -0700)]
Maintain a back-pointer to the fsp in struct smb_Dir when opening with FDOPENDIR.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
e89ec641fc98ffd7f7193deb3728b0a284a093eb)
(cherry picked from commit
2683c9ba9d85ca7f341ae3b21d6e0430a4e7b8d7)
David Disseldorp [Wed, 22 May 2013 15:58:38 +0000 (17:58 +0200)]
Fix bug 9900: is_printer_published GUID retrieval
Samba currently always responds to GetPrinter(level = 7) requests with
DSPRINT_UNPUBLISH, regardless of the AD publish status tracked via the
PRINTER_ATTRIBUTE_PUBLISHED flag. This is due to erroneous "objectGUID"
unmarshalling in is_printer_published().
This change splits "objectGUID" retrieval into a separate function, and
adds a pull_reg_sz() call to correctly unmarshall the GUID.
(cherry picked from commit
577b2e554cff29d7676ef74ace1536210503601c)
David Disseldorp [Thu, 23 May 2013 17:32:08 +0000 (19:32 +0200)]
printing: explicitly clear PUBLISHED attribute
Currently nt_printer_publish(DSPRINT_UNPUBLISH) flips (via xor) the
info2->attributes PRINTER_ATTRIBUTE_PUBLISHED flag, rather than
explicitly clearing it.
(cherry picked from commit
d867da670e42e3cbcf5f251a8a758f9506511086)
David Disseldorp [Wed, 24 Apr 2013 12:06:50 +0000 (14:06 +0200)]
printing: use const in is_printer_published
(cherry picked from commit
c8e399b8b164e13789dcaa8801cb74f26d91f22a)
SATOH Fumiyasu [Tue, 26 Feb 2013 17:06:32 +0000 (02:06 +0900)]
s3-docs: Remove "experimental" label on "max protocol=SMB2" parameter
Fix bug #9688 - smb.conf(5) says: "max protocol=SMB2" is experimental.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
c5173ab356e49625da01d4f2e703f53748d7db4a)
Volker Lendecke [Tue, 7 May 2013 13:07:34 +0000 (15:07 +0200)]
Makefile: Fix bug 9868 -- Don't know how to make LIBNDR_PREG_OBJ.
Thanks to Lucs for finding the issue
Signed-off-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
16ed254d9ca66ba0e3effcb1dcb4ac71d62b7d88)
Jeremy Allison [Wed, 8 May 2013 22:10:32 +0000 (15:10 -0700)]
Remove the compound_related_in_progress state from the smb2 global state.
And also remove the restriction that we can't read a new
request whilst we're in this state.
Signed-off-by: Jeremy Allison <jra@samba.org>
The last 4 patches address bug #9722 - Samba does not properly handle Oplock
breaks in compound requests.
(cherry picked from commit
9094b538c85a550b40827799f56427a926d315cd)
Jeremy Allison [Wed, 8 May 2013 22:08:50 +0000 (15:08 -0700)]
The core of the fix to allow opens to go async inside a compound request.
This is only allowed for opens that cause an oplock break, otherwise it
is not allowed. See [MS-SMB2].pdf note <194> on Section 3.3.5.2.7.
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
f4900ce9e0c52beb2dcf34eaf4bcd5f398d7900c)
Jeremy Allison [Wed, 8 May 2013 18:51:38 +0000 (11:51 -0700)]
Ensure we don't try and cancel anything that is in a compound-related request.
Too hard to deal with splitting off the replies.
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
5185365c6b215905663aca5161924a357268f64d)
Jeremy Allison [Wed, 8 May 2013 18:50:32 +0000 (11:50 -0700)]
Only do the 1 second delay for sharing violations for SMB1, not SMB2.
Match Windows behavior.
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
171087a499531bf529fe800de73e0e10ecdcc6f7)
Karolin Seeger [Wed, 8 May 2013 11:08:00 +0000 (13:08 +0200)]
WHATSNEW: Start release notes for Samba 3.6.16.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
1303a689c7530cd1b4787050dd837a5e655544bc)
Karolin Seeger [Wed, 8 May 2013 11:06:31 +0000 (13:06 +0200)]
VERSION: Bump version up to 3.6.16.
Karolin
(cherry picked from commit
9b46794780b906e0e38e8f86a49c2ae2ee556c16)
Karolin Seeger [Wed, 8 May 2013 08:15:32 +0000 (10:15 +0200)]
WHATSNEW: Prepare release notes for Samba 3.6.15.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
8a3db2e8ef12d259feaa2af5092ddda74c5b4def)
Volker Lendecke [Tue, 7 May 2013 10:39:16 +0000 (12:39 +0200)]
winbind: Fix bug 9854 -- NULL pointer dereference
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue May 7 14:49:07 CEST 2013 on sn-devel-104
(cherry picked from commit
8c1283a89f746a108e8014b6fbc9a58a371950cf)
(cherry picked from commit
0872d998cd2bcfa274283bd7dd1d70010ca33166)
Andreas Schneider [Wed, 24 Apr 2013 13:27:21 +0000 (15:27 +0200)]
BUG 9817: Fix 'map untrusted to domain' with NTLMv2.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr 24 17:14:48 CEST 2013 on sn-devel-104
(cherry picked from commit
62873916076d748f7c91868a6cd28d35e64d8dca)
David Disseldorp [Thu, 25 Apr 2013 14:01:54 +0000 (16:01 +0200)]
bug 9830: fix panic in nt_printer_publish_ads
Check for ads_find_machine_acct() errors, to ensure a NULL LDAPMessage
pointer doesn't get passed to ldap_get_dn().
Signed-off-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit
dd07b3c4973b169f07d227869dba8d0f4a76569a)
Stefan Metzmacher [Mon, 12 Nov 2012 09:16:50 +0000 (10:16 +0100)]
s3:librpc: add support for PFC_FLAG_OBJECT_UUID when parsing packets (bug #9382)
Now the logic matches the one in dcerpc_read_ncacn_packet_done().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: David Disseldorp <ddiss@suse.de>
(cherry picked from commit
65860c540faba0ca3542ee2edc0a16fa76a2bcde)
Andrew Bartlett [Wed, 3 Apr 2013 22:53:34 +0000 (09:53 +1100)]
s3-smbd: Split make_serverinfo_from_username guest parameters into two parts
This handles differently the case where we are the guest (from security=share) and
when we are forced to be a different user with force user. We want to maintain
only the is_guest flag if were forced to become any other user, we need the rest
of the token to change.
Andrew Bartlett
Fix bug #9746 - guest ok + force user + force group doesn't work.
(cherry picked from commit
24d68d799553b0806e580a47aed70a4eaac09191)
Karolin Seeger [Mon, 29 Apr 2013 09:29:48 +0000 (11:29 +0200)]
WHATSNEW: Start release notes for Samba 3.6.15.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
022d37a0626086ea0f1776feeead070335923871)
Karolin Seeger [Mon, 29 Apr 2013 09:27:49 +0000 (11:27 +0200)]
VERSION: Bump version number up to 3.6.15.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
f0d5f12c2780726085cff4c17b1c4b584515e1af)
Karolin Seeger [Fri, 26 Apr 2013 10:02:58 +0000 (12:02 +0200)]
WHATSNEW: Add some information on migrating printers.
Thanks to Andreas for providing the text and making sure that it ends up in the
release notes!
Karolin
(cherry picked from commit
5aba70a99dd8d3e7e12a4837c00194eaba5f271c)
Karolin Seeger [Fri, 26 Apr 2013 08:48:44 +0000 (10:48 +0200)]
WHATSNEW: Add changes since 3.6.13.
Karolin
(cherry picked from commit
544e41ec27bcc8c5fe3ec784c4a937830bc8096b)
Volker Lendecke [Fri, 19 Apr 2013 14:17:13 +0000 (16:17 +0200)]
docs: Fix bug 9809 -- missing entry in specfile
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon Apr 22 11:35:52 CEST 2013 on sn-devel-104
(cherry picked from commit
5512a43a93833d3d6f1721d69c894db0e2c77ef8)
(cherry picked from commit
7441f3d9f1d2cec29e0caaeaf7a4fc92761fe82f)
Jeremy Allison [Thu, 18 Apr 2013 18:19:20 +0000 (11:19 -0700)]
Fix bug 9811 - Old DOS SMB CTEMP request uses a non-VFS function to access the filesystem.
Fix bug in old create temp SMB request. Only use VFS functions.
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
61d591bb1eacbd7bcdf6a1c4abe8442edfece524)
David Disseldorp [Wed, 17 Apr 2013 17:39:12 +0000 (10:39 -0700)]
Bug 9807 - wbinfo: fix segfault in wbinfo_pam_logon
wbinfo_pam_logon() incorrectly assumes that wbcLogonUser() always
returns an allocated wbcAuthErrorInfo struct on failure.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 17 21:29:29 CEST 2013 on sn-devel-104
(cherry picked from commit
8bb8f0011e567501a98a901adcfffbf4f34e73ae)
Andreas Schneider [Thu, 4 Apr 2013 10:18:25 +0000 (12:18 +0200)]
BUG 9766: Cache name_to_sid/sid_to_name correctly.
If there is no domain_name specified we still need to set to for
caching else we will not find the entry later if we lookup the entry
with the domain_name.
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Apr 9 16:32:44 CEST 2013 on sn-devel-104
(cherry picked from commit
afcbaf373a1959f2323ffa729886b688c2b965e3)
Andreas Schneider [Fri, 5 Apr 2013 12:07:37 +0000 (14:07 +0200)]
BUG 9139: Fix the username map optimization.
If we successfully map a user. We call
set_last_from_to(user_in, unixname);
in the while loop reading the map file. After a successfull map we don't
stop and continue the loop to check all other mappings in the username
mapfile. But when we hit the end of the file and leave the loop we call:
set_last_from_to(user_in, user_in);
This overwrites the successful mapping, and the next time we call
map_username() we skip the username and no mapping is done.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
d9b8bd03d002e0329a4b0ed4b1cc81d64fe9c6eb)
Andreas Schneider [Wed, 3 Apr 2013 13:46:00 +0000 (15:46 +0200)]
BUG 9699: Fix adding case sensitive spn.
We should be able to define the case of the spn cause it is important
for some services like nfs. 'net ads keytab add "nfs"' should not
result in an uppercase spn.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
6848fb121a3a16b2d87b2bf2f7cca8364a1343f1)
Volker Lendecke [Tue, 9 Apr 2013 19:43:28 +0000 (21:43 +0200)]
vfs_fake_perms: Fix bug 9775, segfault for "artificial" conn_structs
(cherry picked from commit
70107fc911570bbbc1cd613e9c594f5481e5685e)
Jeremy Allison [Mon, 25 Mar 2013 16:54:50 +0000 (09:54 -0700)]
Optimization suggested by Volker. Don't do a stat system call on normal read path.
Only do it if we need it in the sendfile() path.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Mar 28 17:51:22 CET 2013 on sn-devel-104
Fix bug #9748 - Remove unneeded fstat system call from hot read path.
(cherry picked from commit
60a2fb5ddac02376d82f323f2acb1211bb7929e3)
Volker Lendecke [Thu, 21 Mar 2013 21:00:06 +0000 (22:00 +0100)]
smbd: Tune "dir" a bit.
for i in $(seq 1 20000) ; do echo dir ; done | smbclient //127.0.0.1/tmp -U%
without and with this patch:
$ time bin/smbd -d0 -i
smbd version 4.1.0pre1-GIT-
1f139ae started.
Copyright Andrew Tridgell and the Samba Team 1992-2013
Beendet
real 0m28.342s
user 0m10.249s
sys 0m10.513s
$ time bin/smbd -d0 -i
smbd version 4.1.0pre1-GIT-
1f139ae started.
Copyright Andrew Tridgell and the Samba Team 1992-2013
Beendet
real 0m27.348s
user 0m9.089s
sys 0m10.853s
The "real" timestamp is irrelevant, this also contains the time between
starting smbd and the smbclient job. It's the "user" time. The result that this
patch improves the time spent in user space by 10% is consistent.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Fix bug #9736 - Change to smbd/dir.c code gives significant performance
increases on large directory listings.
(cherry picked from commit
565d1409c7c424fbbeed1e98b042d3970b0acf73)
Andreas Schneider [Fri, 22 Mar 2013 13:15:57 +0000 (14:15 +0100)]
BUG 9735: Fix winbind seperator in upn to username conversion.
Reviewed-by: Günther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
01192ce939cf77737de8efe7072dded5c3e1da94)
Jeremy Allison [Thu, 21 Mar 2013 20:59:20 +0000 (13:59 -0700)]
Fix bug #9733 - smbcontrol close-share is not working.
As part of forcibly disconnecting a client from a share,
smbd must atomically call reload_services() to ensure that
the entry in the ServicePtrs[] array corresponding to
that share is removed if the share was removed from
the smb.conf or registry entries.
Otherwise the ServicePtrs[] array entry for the share
remains active and the client races to auto-reconnect to
the share before a second message to reload the smb.conf
file can be sent.
This has to be done as part of the close-share message
processing, as removing the share from the smb.conf file
first, then telling the smbd to reload followed by the
forcible disconnect message doesn't work as in this
sequence of events when the reload message is received
the client is still connected to the share, so the
ServicePtrs[] entry is still left active.
The forcible-disconnect + service reload has to be done
together as an atomic operation in order for this to work.
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
1df61789ca466923a7a252244888bd1b7cfbc79e)
Jeremy Allison [Wed, 27 Mar 2013 18:54:34 +0000 (11:54 -0700)]
Final fix for bug #9130 - Certain xattrs cause Windows error 0x800700FF
The spec lies when it says that NextEntryOffset is the only value
considered when finding the next EA. We were adding 4 more extra
pad bytes than needed (i.e. if the next entry already was on a 4
byte boundary, then we were adding 4 additional pad bytes).
Signed-off-by: Jeremy Allison <jra@samba.org>
The last 5 patches address bug #9130 - Certain xattrs cause Windows error
0x800700FF.
(cherry picked from commit
57db33599589b06a60cb7cbb454f87bf40c542e0)
Jeremy Allison [Wed, 27 Mar 2013 00:07:55 +0000 (17:07 -0700)]
Ensure we don't return uninitialized memory in the pad bytes.
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
79503841059e945e6b14fa8c92375041c5390764)
Jeremy Allison [Tue, 26 Mar 2013 23:55:03 +0000 (16:55 -0700)]
Fix bug #9130 - Certain xattrs cause Windows error 0x800700FF
Ensure we never return any zero-length EA's.
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
8794bb97495a7de4bf98f497abdf713be68db7a9)
Jeremy Allison [Tue, 26 Mar 2013 23:53:45 +0000 (16:53 -0700)]
Change estimate_ea_size() to correctly estimate the EA size over SMB2.
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
c6688532c8a01836f29a38806ced62b34617222d)
Jeremy Allison [Tue, 26 Mar 2013 23:50:13 +0000 (16:50 -0700)]
Modify fill_ea_chained_buffer() to be able to do size calculation only, no marshalling.
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
45654424a5c686a43cd9edb8026c0d0424260fd9)
Volker Lendecke [Mon, 18 Mar 2013 08:36:17 +0000 (09:36 +0100)]
wkssvc: Fix bug 9727, NULL pointer dereference
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Mar 18 11:39:27 CET 2013 on sn-devel-104
(cherry picked from commit
05a7a10c88be99d864eacd6f9d37a340022f01f6)
(cherry picked from commit
64fb72ccb26b8e48c50407bc58618499ab2f5603)
David Disseldorp [Fri, 15 Mar 2013 15:54:06 +0000 (16:54 +0100)]
printing: update registry and publish in background
Currently all smbd processes unnecessarily access each printer registry
TDB entry following printcap cache reload.
This change moves responsibility for this to the background print queue
process.
This and the last four commits address bug 9650: New or delete cups
printerqueues are not recognized by the samba.
(cherry picked from commit
ac6604868d1325dd4c872dc0f6ab056d10ebaecf)
David Disseldorp [Fri, 15 Feb 2013 11:17:53 +0000 (12:17 +0100)]
spoolss: only reload printers on pcap update message
Printcap cache updates are the responsibility of the background
printing process, which after doing so broadcasts a MSG_PRINTER_PCAP
message. Spoolssd should only reload printers after receiving such a
message.
(cherry picked from commit
c30c66d8b5b4ebbde1b148c51310e336f29ca04e)
David Disseldorp [Thu, 14 Feb 2013 16:02:08 +0000 (17:02 +0100)]
printing: add sighup and conf change handlers
The background printing process is now responsible for all printcap
cache updates, which should be done on SIGHUP and configuration change.
(cherry picked from commit
f4af7c4d4cafe15c437742d450c7753a8b6d8422)
David Disseldorp [Thu, 14 Feb 2013 13:42:21 +0000 (14:42 +0100)]
printing: move pcap change notifier to bg process
The background print queue process is responsible for printcap cache
updates, and should be the only process to send notifications.
(cherry picked from commit
23ac828ba93e2ffc60ced19656af9609dcc1b2ab)
David Disseldorp [Tue, 12 Feb 2013 17:57:53 +0000 (18:57 +0100)]
smbd: fix cups printcap cache updates on startup
On startup the parent smbd process currently calls pcap_cache_reload(),
which is done immediately before the background queue process is forked.
pcap_cache_reload() is asynchronous with cups, in that it forks a
separate process to obtain the printer listing. The cache_fd_event
print_cups.c global variable is used to track when a cups printer
listing is in progress.
cache_fd_event is set when the background queue process is forked, due
to smbd's pcap_cache_reload() call immediately prior. As a result, the
background queue process assumes an existing pcap_cache_reload() call is
indefinitely outstanding, causing the printcap cache to remain stale
thereafter.
(cherry picked from commit
d7286bb6520ebe03355e98e3311e1d79e2746791)
Jeremy Allison [Thu, 28 Mar 2013 16:36:41 +0000 (09:36 -0700)]
Make sure that we only propogate the INHERITED flag when we are allowed to.
Signed-off-by: Jeremy Allison <jra@samba.org>
Fix bug #9747 - When creating a directory Samba allows inherited bit to slip
through.
(cherry picked from commit
93bca1881e3a8993c76fec408d7c0c369556683d)
Andreas Schneider [Thu, 14 Mar 2013 06:29:20 +0000 (07:29 +0100)]
torture: Add ntprinting latin1 test.
Reviewed-by: Günther Deschner <gd@samba.org>
The last 7 patches address bug #9723 - Add a tool to migrate latin1 printing
tdb's to registry.
(cherry picked from commit
97bb3cc15bfa6572486e176aed9040ee3e7df714)
Andreas Schneider [Tue, 12 Mar 2013 17:42:02 +0000 (18:42 +0100)]
s3-net: Add encoding=<CP> to 'net printing dump'.
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
c28da2d725e70a5494bebee3b4bb35a85ea7cf3b)
Andreas Schneider [Tue, 12 Mar 2013 10:39:08 +0000 (11:39 +0100)]
s3-net: Add encoding=<CP> to 'net printing migrate'.
This allows you to convert printing tdb's which are in e.g. in latin1 to
convert to UTF-8 and import them into the registry.
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
3877c1865550446ed25ac06a809518135d62e4f8)
Andreas Schneider [Tue, 12 Mar 2013 14:17:54 +0000 (15:17 +0100)]
ndr: Pass down string_flags in ndr_pull_ntprinting_printer().
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
fa6a654790e2d61a3d69cdfed8ecba74450a870f)
Andreas Schneider [Mon, 11 Mar 2013 14:47:00 +0000 (15:47 +0100)]
idl: Add flags for strings in ntprinting idl.
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
171251595f18f5518f15d7b8c05aea68df0b024f)
Andreas Schneider [Mon, 11 Mar 2013 14:45:15 +0000 (15:45 +0100)]
ndr: Add ndr_ntprinting_string_flags() function.
It defaults to utf8string.
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
6abfeb7d806e40c932f09f0323f20535b54a5613)
Andreas Schneider [Tue, 12 Mar 2013 10:36:38 +0000 (11:36 +0100)]
pidl: Add skip option to elements.
This option allows to skip struct elements in pull and push function.
This can be used to pass flags to the structure e.g. for string values.
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
7f13e139825a4363d8d304c5b86c805bb2a1b0db)
Jeremy Allison [Fri, 15 Mar 2013 22:13:24 +0000 (15:13 -0700)]
Fix bug #9724 - is_encrypted_packet() function incorrectly used inside server.
The is_encrypted_packet() function should only be used on the raw received data
to determine if a packet came in encrypted. Once we're inside the SMB1
processing code in smbd/reply.c we should be looking at the
smb1request->encrypted field to determine if a packet was really encrypted or
not.
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
3bc39aa493aa8d2db9ac423d82bed08bda10e754)
Karolin Seeger [Wed, 20 Mar 2013 08:55:41 +0000 (09:55 +0100)]
WHATSNEW: Start release notes for Samba 3.6.14.
Karolin
(cherry picked from commit
fb7971cf9305f4a596636c73c17a3c73bfcbdb02)
Karolin Seeger [Wed, 20 Mar 2013 08:52:47 +0000 (09:52 +0100)]
VERSION: Bump version number up to 3.6.14.
Karolin
(cherry picked from commit
5e70508c735dee1daab09bbf394b65080e21c551)
Karolin Seeger [Mon, 18 Mar 2013 08:58:45 +0000 (09:58 +0100)]
WHATSNEW: Prepare release notes for Samba 3.6.13.
Karolin
(cherry picked from commit
f70d3d214c7d3f45cac98678a37762b9a67d56f1)
Guenter Kukkukk [Sat, 9 Mar 2013 03:45:15 +0000 (04:45 +0100)]
vfs_catia: new version of the manual page for samba-3.6.x
well, i was not aware of the change
./docs-xml/manpages-3/
./docs-xml/manpages/
in samba-4.0.x
Signed-off-by: Guenter Kukkukk <kukks@samba.org>
The last 4 patches address bug #9701 - vfs_catia is not working anymore (due to
a former regression).
(cherry picked from commit
17113c33a77a257560f33dbb35286ae20250a8f5)
Guenter Kukkukk [Thu, 28 Feb 2013 23:58:05 +0000 (00:58 +0100)]
vfs_catia: add my copyright
Signed-off-by: Guenter Kukkukk <kukks@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ddb98cae501020e2fc02523b4083d16dc44d8908)
Guenter Kukkukk [Wed, 27 Feb 2013 04:50:52 +0000 (05:50 +0100)]
vfs_catia: fix the translation to "vfs_translate_to_windows"
THANKS to an IRC user (Raimund ?) who asked for a char mapping possibility.
I suggested vfs_catia - but it did not work!
Hopefully now it will. :-)
Signed-off-by: Guenter Kukkukk <kukks@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ad8fe6215f68d2aaf143b44888b75498cfd03e6d)
Guenter Kukkukk [Wed, 27 Feb 2013 04:34:05 +0000 (05:34 +0100)]
vfs_catia: add debug class for that module
Signed-off-by: Guenter Kukkukk <kukks@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
58ac0d30aba4a0c0aab2a358b42e17d8c0e896ca)
Karolin Seeger [Wed, 6 Mar 2013 11:11:53 +0000 (12:11 +0100)]
selftest: Skip tests failing on ext4 fs.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
797c7ff362fad007b0bb1d24f5b10a77c77af5fb)
Jeremy Allison [Wed, 6 Mar 2013 00:23:06 +0000 (16:23 -0800)]
Fix bug #9637 - Renaming directories as guest user in security share mode doesn't work.
Ensure guest is treated consistently when creating a auth_serversupplied_info struct.
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9d4d9b99740f3500e682a4067a1b5e566845ea27)
Andreas Schneider [Wed, 20 Feb 2013 08:51:43 +0000 (09:51 +0100)]
winbind: Don't leak centry memory. Reviewed-by: Alexander Bokovoy <ab@samba.org>
The last two patches address bug #9684 - Fix two resource leaks in winbindd.
(cherry picked from commit
eb657c324f83e94d46f80b9c1b97fa0228c3a47a)
Andreas Schneider [Wed, 20 Feb 2013 08:41:55 +0000 (09:41 +0100)]
winbind: Don't leak memory on return. Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
30d7a3ad920456fee2a589b501ba835d13de6c29)
Daniel Kobras [Sat, 23 Feb 2013 00:24:26 +0000 (16:24 -0800)]
Fix bug #9039 'map untrusted to domain' treats WORKSTATION as bogus domain.
s3: never try to map global SAM name
Do not treat the global SAM name as a BOGUS domain, and exempt
local users from mapping, instead. This change reinstates the
exact mapping behaviour of Samba 3.2 if parameter 'map untrusted
to domain' is set.
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
180ef28a4874026740e3b5381fe4d25fb70167bf)
Andreas Schneider [Tue, 19 Feb 2013 08:23:53 +0000 (09:23 +0100)]
pdb: Fix array overrun by one. Reviewed-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Fix bug #9686 - Fix a possible buffer overrun in pdb_smbpasswd.
(cherry picked from commit
b174e1b496659c9e7a0fc70ad49ed0fc5906d252)
Björn Jacke [Wed, 20 Feb 2013 16:06:49 +0000 (17:06 +0100)]
build/autoconf: put ld check variable in quotes
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
ac9620b942d6d51a1c35c4177c3f241351fc1ebd)
The last 2 patches address bug #7825 (need to fix GNU ld version detection with
old gcc releases).
(cherry picked from commit
b76501dbf14bcba0eba7b5420b191caf237f0b35)
Björn Jacke [Tue, 19 Feb 2013 14:30:34 +0000 (15:30 +0100)]
build/autoconf: fix check for GNU ld version
we need to look for the version once in the stdout and once in the stderr
output. Some version of ld output to stdout, some output to stderr. redirecting
stderr to stdout messes the output up in our case, that's why we have to do two
runs. See also bug #7825.
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Tue Feb 19 20:56:12 CET 2013 on sn-devel-104
(cherry picked from commit
ff8ba0628f6f13a5be1df94e5ac2e83008b7c69c)
(cherry picked from commit
1f1feddc6f414a91859b0dae77b34953b479d47e)
David Disseldorp [Tue, 12 Feb 2013 10:58:06 +0000 (11:58 +0100)]
smbd: fix initial large PAC sess setup response
An oversize Kerberos security token may be split across multiple Session
Setup AndX requests when authenticating as a user who is a member of
many (~2000) groups.
In such a case the NativeOS, NativeLanMan & PrimaryDomain fields must be
sent with the NT_STATUS_MORE_PROCESSING_REQUIRED response. Otherwise
Windows clients may resend the same security token data in subsequent
session setup andX requests, as observed with Windows 7 and Server 2012.
This change fixes the SMB1 server only.
Fix bug #9658 - Session Setup AndX exchange fails with an oversize security
token.
(cherry picked from commit
e28ec902a207655acab665c4cfabb1f2031fb24f)
Jeremy Allison [Tue, 12 Feb 2013 18:48:09 +0000 (10:48 -0800)]
Fix bug 9519 - Samba returns unexpected error on SMB posix open.
Explicitly ignore bare O_EXCL flags instead of returning INVALID_PARAMETER.
That's what the Linux kernel does.
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
d21280f983249038bf7efda4edc1b1eadaff546a)
Ira Cooper [Fri, 8 Feb 2013 22:47:57 +0000 (14:47 -0800)]
s3: Make SMB2_GETINFO multi-volume aware.
Not all shares are a single volume. Some actually
expose multiple volumes under a single share. In these
cases showing the amount of space free as the space free
at the base of the directory heirarchy is wrong.
Reviewed-by: Jeremy Allison <jra@samba.org>
Fix bug #9646 - dir and similar commands are returning the wrong amount of free
space.
(cherry picked from commit
872a7d61ca769c47890244a1005c1bd445a3bab6)
David Disseldorp [Mon, 4 Feb 2013 18:04:39 +0000 (19:04 +0100)]
Fix bug 9633: recursive mget should continue on EPERM
Regression introduced by
14ff2e8de9bd8d0064762234555260f5eea643fe.
When downloading files recursively, smbclient halts if it encounters
a folder to which it does not have permission to traverse.
(cherry picked from commit
e5b4ac7978213acf7517b6852f7750e41cad787a)
Stefan Metzmacher [Thu, 31 Jan 2013 12:39:42 +0000 (13:39 +0100)]
s3:auth: wbcAuthenticateEx gives unix times (bug #9625)
We also need to convert last_logon, last_logoff and acct_expiry
from unix time to nt time.
Otherwise a windows member server will reject clients
using CAP_DYNAMIC_REAUTH or smb2) with STATUS_NETWORK_SESSION_EXPIRED,
if the logoff and kickoff time is expired.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
292504a759caf811fb6201e273ffeab20522a991)
Jeremy Allison [Tue, 29 Jan 2013 00:01:27 +0000 (16:01 -0800)]
Fix bug #9585 - Samba 3.6.x not correctly signing any but the last response in a compound request/response
Add in the missing code we already have in master
and 4.0.x.
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
022e1d889cbb752fc4f339dd537486bf3a52e34e)
Jeremy Allison [Wed, 23 Jan 2013 22:39:09 +0000 (14:39 -0800)]
Fix bug #9586 - smbd[29175]: disk_free: sys_popen() failed" message logged in /var/log/message many times.
Ensure when reading lines from an interruptible
pipe source we ignore EINTR.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jan 24 10:45:48 CET 2013 on sn-devel-104
(cherry picked from commit
497febfe36354c4aff3696cd32c6c7e8fee55af8)
(cherry picked from commit
035be05db96b0544434febc33349adb910dba78e)
Pavel Shilovsky [Wed, 16 Jan 2013 11:02:26 +0000 (15:02 +0400)]
Fix bug #9571 - Unlink after open causes smbd to panic.
s3:smbd: fix wrong lock order in posix unlink
Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
fb0868e290cdc23671a84b7600af689a8b8b806f)
Jeremy Allison [Fri, 25 Jan 2013 18:21:48 +0000 (10:21 -0800)]
Fix bug #9588 - ACLs are not inherited to directories for DFS shares.
We can return with NT_STATUS_OK in an error code path. This
has a really strange effect in that it prevents the ACL editor
in Windows XP from recursively changing ACE entries on sub-directories
after a change in a DFS-root share (we end up returning a path
that looks like: \\IPV4\share1\xptest/testdir with a mixture
of Windows and POSIX pathname separators).
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
99d2cb211f04e907bf2ed19656843026207ae0e3)
Jeremy Allison [Thu, 24 Jan 2013 19:02:30 +0000 (11:02 -0800)]
Fix bug #9587 - archive flag is always set on directories.
Creating a directory to a Samba share sets the attributes to 'D' only
(correct) - only when creating a new file should the 'A' attribute
be set.
However, doing a rename of that directory sets the 'A' attribute in error.
This should only be done on a file rename. smbclient regression test to follow.
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
6603013f8f03773d141c33fd1c4923197a5350c8)
Günther Deschner [Thu, 17 Jan 2013 23:22:31 +0000 (00:22 +0100)]
BUG 9474: Downgrade v4 printer driver requests to v3.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 21 16:11:02 CET 2013 on sn-devel-104
(cherry picked from commit
58fadf2f48a2a409b4ee98fdc0166c7f801a7629)
(cherry picked from commit
ae0cf58a75874541c4c9b8b29a2b1fc45928be69)
Günther Deschner [Mon, 7 Jan 2013 14:14:30 +0000 (15:14 +0100)]
spoolss: add SPOOLSS_DRIVER_VERSION_2012 (4) define to IDL.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
638ed90620e3c6a35ef56a11c612c13d6b7d6ff5)
(cherry picked from commit
93a1d4ee4685305e0060e9d5c8028c96ff83257d)
David Disseldorp [Thu, 17 Jan 2013 12:21:25 +0000 (13:21 +0100)]
BUG 9378: Add extra attributes for AD printer publishing.
Currently attempting to publish a printer in AD fails with "Object class
violation", due to a number of missing attributes in the LDAP request.
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
069f1029a76c9b9c0a48ac7cb3d2c5f45c3a231c)
David Disseldorp [Fri, 18 Jan 2013 10:48:20 +0000 (11:48 +0100)]
printing: Remove invalid free from error path.
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
31d61ad8f9c850c302c83a65af8474545723ea1c)
Andreas Schneider [Fri, 18 Jan 2013 17:04:17 +0000 (18:04 +0100)]
BUG 9574: Fix a possible null pointer dereference in spoolss.
If the the client enumerates the printers and didn't specify a
servername we have a null pointer dereference, so the process serving
the connection crashes.
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Jan 21 13:30:11 CET 2013 on sn-devel-104
(cherry picked from commit
c38fb0b106b62e42a5b75b1c78386bb8912c7d7e)
(cherry picked from commit
a2d68842ea33733fa7900831ed10e73f820afcf7)
Andreas Schneider [Mon, 17 Dec 2012 14:31:21 +0000 (15:31 +0100)]
s3-rpc_server: Fix a possible null pointer dereference.
This variable can be set to NULL in an earlier function call.
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
72e02c73b64f1ff56b2d53ec63d68486a4f1ff90)
(cherry picked from commit
43810c80936c8f509cc2adba6193dd4c55325875)