Jeremy Allison [Wed, 30 Sep 2009 12:21:56 +0000 (14:21 +0200)]
Fix for CVE-2009-2906.
Summary:
Specially crafted SMB requests on
authenticated SMB connections can send smbd
into a 100% CPU loop, causing a DoS on the
Samba server.
Karolin Seeger [Wed, 30 Sep 2009 11:55:57 +0000 (13:55 +0200)]
WHATSNEW: Update release notes.
Karolin
Karolin Seeger [Mon, 28 Sep 2009 18:36:29 +0000 (20:36 +0200)]
Fix for CVE-2009-2813.
===========================================================
== Subject: Misconfigured /etc/passwd file may share folders unexpectedly
==
== CVE ID#: CVE-2009-2813
==
== Versions: All versions of Samba later than 3.0.11
==
== Summary: If a user in /etc/passwd is misconfigured to have
== an empty home directory then connecting to the home
== share of this user will use the root of the filesystem
== as the home directory.
===========================================================
Jeff Layton [Fri, 25 Sep 2009 11:05:00 +0000 (07:05 -0400)]
mount.cifs: don't leak passwords with verbose option
When running mount.cifs with the --verbose option, it'll print out the
option string that it passes to the kernel...including the mount
password if there is one. Print a placeholder string instead to help
ensure that this info can't be used for nefarious purposes.
Also, the --verbose option printed the option string before it was
completely assembled anyway. This patch should also make sure that
the complete option string is printed out.
Finally, strndup passwords passed in on the command line to ensure that
they aren't shown by --verbose as well. Passwords used this way can
never be truly kept private from other users on the machine of course,
but it's simple enough to do it this way for completeness sake.
Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve French <sfrench@us.ibm.com>
Part 2/2 of a fix for CVE-2009-2948.
Jeff Layton [Fri, 25 Sep 2009 11:05:00 +0000 (07:05 -0400)]
mount.cifs: check access of credential files before opening
It's possible for an unprivileged user to pass a setuid mount.cifs a
credential or password file to which he does not have access. This can cause
mount.cifs to open the file on his behalf and possibly leak the info in the
first few lines of the file.
Check the access permissions of the file before opening it.
Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve French <sfrench@us.ibm.com>
Part 1/2 of a fix for CVE-2009-2948.
Karolin Seeger [Mon, 28 Sep 2009 18:33:23 +0000 (20:33 +0200)]
WHATSNEW: Prepare release notes for Samba 3.0.37.
Karolin
Karolin Seeger [Thu, 24 Sep 2009 12:27:19 +0000 (14:27 +0200)]
Raise version number up to 3.0.37.
Karolin
Karolin Seeger [Tue, 4 Aug 2009 12:01:09 +0000 (14:01 +0200)]
Makefile.in: Fix installation of cifs.upcall.
INSTALLPERMS_BIN does not exist.
Karolin
(cherry picked from commit
3bcbe4a70ee07c688c3b6a286aeeacc634659545)
Karolin Seeger [Thu, 30 Jul 2009 08:11:57 +0000 (10:11 +0200)]
WHATSNEW: Start WHATSNEW for 3.0.36.
Karolin
(cherry picked from commit
0fd1c6370f8d163edd9d3a99f00e2a6e5e322ba9)
Karolin Seeger [Mon, 29 Jun 2009 10:22:08 +0000 (12:22 +0200)]
VERSION: Raise version number up to 3.0.36.
Karolin
(cherry picked from commit
d6c81c70c45348c86433dd64297e1a659535c155)
Volker Lendecke [Tue, 16 Jun 2009 09:14:29 +0000 (11:14 +0200)]
Workaround for KB932762
(cherry picked from commit
a15c816ba5fd4dcedd68beb1fcb0540de325c1cb)
Karolin Seeger [Wed, 27 May 2009 16:12:23 +0000 (18:12 +0200)]
s3/docs: Correct version number.
Karolin
(cherry picked from commit
ccded3263ad1135cc707e24cc78d0fd95e2e88d3)
Karolin Seeger [Mon, 4 May 2009 13:17:30 +0000 (15:17 +0200)]
Karolin Seeger [Sun, 3 May 2009 07:55:46 +0000 (09:55 +0200)]
s3/docs: Fix typos.
That fixes bug #4247. Thanks to David McNeill <davemc [at] mcpond.co.nz>
for reporting!
Karolin
(cherry picked from commit
eaf949947c2eb03363c4b6f588f87b70110d6ff7)
(cherry picked from commit
cea79d1fbf44b0d5bff5aa12962fb3d3cb61c367)
(cherry picked from commit
226620d0ed221da983b4f662fcef14906588f1bd)
(cherry picked from commit
e0eb78298e63c8dafbee9dea27a4e5f2150a4807)
Karolin Seeger [Sun, 3 May 2009 07:35:55 +0000 (09:35 +0200)]
s3/docs: Fix typo.
This fixes bug #4245. Thanks to David McNeill <davemc [at] mcpond.co.nz>
for reporting!
Karolin
(cherry picked from commit
579c91581f5b6d5341a12923fe6cde377223caff)
(cherry picked from commit
49caab4044e47236594c6688f202aed555b9da61)
(cherry picked from commit
139f95c85f96e7ccba024283608f9ee5990f6676)
(cherry picked from commit
148aa12c89df78718addd7b72c79a8005e680509)
(cherry picked from commit
c36d3dae4740529427ea5ee5b77ad687de371d9c)
Karolin Seeger [Wed, 29 Apr 2009 12:12:01 +0000 (14:12 +0200)]
s3/docs: Fix serveral typos.
This fixes bug #4315.
Thanks to Felipe Augusto van de Wiel <faw [at] cathedrallabs [dot] org>!
Karolin
(cherry picked from commit
3422b9c546cdd262bd747e1e737c2b6479b4d21e)
(cherry picked from commit
3da62734fffa99cde1084beeb69e94a7bc623dde)
(cherry picked from commit
b487a48c876fcaf88ec3fb4b05bacdd9b0bd8cd0)
(cherry picked from commit
ccea7f24879265291615802982b67451ddb818ad)
(cherry picked from commit
3ba226109c01ee7f96be1592874aff4b930e2793)
Jeremy Allison [Wed, 22 Apr 2009 10:07:37 +0000 (03:07 -0700)]
Add comment explaining the previous fix. (and fix the previous patch :-).
By-hand merge error :-).
Jeremy.
(cherry picked from commit
869b56a24a1408ea798682b45f9c297341f88ad5)
Jeremy Allison [Wed, 22 Apr 2009 09:55:47 +0000 (02:55 -0700)]
Fix bug #6279 - winbindd crash. Cope with LDAP libraries returning LDAP_SUCCESS but not returning a result.
Jeremy
(cherry picked from commit
448d6cd32c793d04c3c509200bfaa75f466a0ee5)
Günther Deschner [Mon, 6 Apr 2009 10:45:46 +0000 (12:45 +0200)]
s3-examples: Fix Bug #6205. Correct sample smb.conf share configuration.
Thanks to Jeffrey Riaboy <dakusan@castledragmire.com>.
Guenther
(cherry picked from commit
2b1fe2c98f4e0013dee4cbae62dc36cdd4085c7d)
(cherry picked from commit
cb29ca98bb1c166ecd806e82c9d13865ae502a65)
Bhaskar Jain (bhajain) [Fri, 20 Mar 2009 07:11:30 +0000 (08:11 +0100)]
prevent segmentation fault on joining a very long domain name in samba-3.0.32
For a detailed explanation, see
http://lists.samba.org/archive/samba-technical/2009-March/063626.html
(cherry picked from commit
a92280537071b5a9a9bc56fbeead14c6874d5a55)
Jeremy Allison [Fri, 6 Mar 2009 05:51:26 +0000 (21:51 -0800)]
Get the sense of the integer wrap test the right way around. Sorry.
Jeremy.
(cherry picked from commit
bdf46ea491801cdf8ff6f42c0a1ef51080cfc410)
Jeremy Allison [Fri, 6 Mar 2009 04:59:48 +0000 (20:59 -0800)]
Now we're allowing a lower bound for auth_len, ensure we
also check for an upper one (integer wrap).
Jeremy.
(cherry picked from commit
f03bacbf695f877d27186a39755ae726a22a61c8)
Volker Lendecke [Thu, 5 Mar 2009 23:14:27 +0000 (15:14 -0800)]
Complete the fix for bug 6100
According to [MS-RPCE].pdf, section 2.2.2.11:
----
A client or a server that (during composing of a PDU) has allocated more space
for the authentication token than the security provider fills in SHOULD fill in
the rest of the allocated space with zero octets. These zero octets are still
considered to belong to the authentication token part of the PDU.<36>
----
RPC implementations are allowed to send padding bytes at the end of an auth
footer. Windows 7 makes use of this.
Thanks to Nick Meier <nmeier@microsoft.com>
Volker
(cherry picked from commit
7274d5691a339087f2770acf2f954830506f5cdc)
Jeremy Allison [Wed, 25 Feb 2009 21:01:04 +0000 (13:01 -0800)]
Fix bug in processing of open modes in POSIX open.
Was missing case of "If file exists open. If file doesn't exist error."
Damn damn damn. CIFSFS client will have to have fallback cases
for this error for a long time.
Make test for open modes more robust against other bits.
Jeremy.
(cherry picked from commit
ac11d94f36e1878f3f5d86f2e7197fd8ecdd196b)
Steve French [Tue, 24 Feb 2009 23:11:55 +0000 (17:11 -0600)]
Fix guest mounts
guest session setup, login (user id) as anonymous.
This patch is for samba bugzilla bug 4640.
Signed-off-by: Shirish Pargaonkar <shirishp@us.ibm.com>
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@samba.org>
(cherry picked from commit
a8f10f4469b31565e33669560657c2b3df68c13b)
Steve French [Tue, 24 Feb 2009 20:40:59 +0000 (14:40 -0600)]
Fix mount.cifs handling of -V option (to display version)
Also sync with current mount.cifs
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@samba.org>
(cherry picked from commit
510619be1897f1610d1a033c4e318002e077fdb2)
Björn Jacke [Sun, 22 Feb 2009 18:46:40 +0000 (19:46 +0100)]
prefer gssapi header files from subdirectory
this fixes some compile time noise on FreeBSD 7
(cherry picked from commit
1bfdbb093f7c5e434ea3e653d389e1ccec578af6)
(cherry picked from commit
de96e1a82d6e92c00a0ab3020db8d7c0284aadb1)
(cherry picked from commit
b4fc28ddffa4f9a74ca72ee6c2d30f544de5360c)
Karolin Seeger [Mon, 23 Feb 2009 08:24:50 +0000 (09:24 +0100)]
s3/docs: Fix typo in man mount.cifs.
Thanks to Tobias Stoeckmann for reporting!
Karolin
(cherry picked from commit
09a7f93f6be66a8f2a124e49b4effe2b5863f01d)
(cherry picked from commit
fdb5c65fc51784b6a159748ec4df3953b7d2c1cb)
(cherry picked from commit
b19f58ccd088a10e487a1261cadb4f3f41987391)
(cherry picked from commit
eebc7e7ff0e6580b55ca0964a1f38096e11caa78)
Jeremy Allison [Mon, 16 Feb 2009 02:23:09 +0000 (18:23 -0800)]
Attempt to fix bug #6099. According to Microsoft
Windows 7 looks at the negotiate_flags
returned in this structure *even if the
call fails with access denied ! So in order
to allow Win7 to connect to a Samba NT style
PDC we set the flags before we know if it's
an error or not.
Jeremy.
(cherry picked from commit
194fdee65f91e8ea88196d2cff1c678f868bb3df)
Jeremy Allison [Fri, 13 Feb 2009 22:59:48 +0000 (14:59 -0800)]
Noted by Vericode analysis. Correctly use chroot().
Jeremy.
(cherry picked from commit
3086400b61ee3dda639c5520b539d4ff76e4d9c5)
Yasuma Takeda [Wed, 11 Feb 2009 22:10:21 +0000 (14:10 -0800)]
Fix bug #6098 - When the DNS server is invalid, the ads_find_dc() does not work correctly with "security = domain"
1. If DNS server is invalid, the get_sorted_dc_list() is called with
realm(FQDN) and it fails.
2. On the next step, the get_sorted_dc_list() is called with realm(FQDN) again.
I think "again" is wrong place.
On the 2nd step, get_sorted_dc_list() should be called with realm(WORKGROUP).
(cherry picked from commit
58331a118dd6a7fb56e70afe6cf93ef7cfff7e81)
Jeremy Allison [Wed, 11 Feb 2009 19:35:51 +0000 (11:35 -0800)]
Fix bug #5906 - Winbindd crash on 'getent group' (INTERNAL ERROR: Signal 11).
Was missed in the last maintenence release.
Jeremy.
(cherry picked from commit
db4a435d235bedf48d668a0f4418dd46f38044ed)
Shirish Pargaonkar [Fri, 6 Feb 2009 13:23:52 +0000 (08:23 -0500)]
mount.cifs: add fakemount (-f) and nomtab (-n) flags to mount.cifs
...so that these options work correctly when passed in by mount(8).
(cherry picked from commit
a894bd4504f070233dd2785a62483090581f5bf3)
Michael Adam [Thu, 5 Feb 2009 21:19:58 +0000 (22:19 +0100)]
docs: fix two typos in the mount.cifs manpage
Michael
(cherry picked from commit
145fe37766cf1ecffb16a03b58b44d08f7ed7558)
Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
45699a287d27cce24e883384a72441d310c8ee28)
Günter Kukkukk [Fri, 6 Feb 2009 03:48:58 +0000 (19:48 -0800)]
Don't try and delete a default ACL from a file.
(cherry picked from commit
04fc826efb290ba4b1f173752efb37a4b87281f2)
Shirish Pargaonkar [Thu, 5 Feb 2009 19:18:36 +0000 (14:18 -0500)]
umount.cifs: clean-up entries in /etc/mtab after unmount
This patch removes the remaining entry in /etc/mtab after a filesystem
is unmounted by canonicalizing the mountpoint supplied on the command
line.
Please refer to bug 4370 in samba bugzilla.
(cherry picked from commit
df341bd2b83cc67e31d5b91ae39b4f4f7619ffd0)
Miguel Suarez [Tue, 3 Feb 2009 22:31:51 +0000 (14:31 -0800)]
Fix bug #6085 - In vfs_default.c change utime( ) call.
(cherry picked from commit
7a1408f89f1addff993d1e2dfb7462d12d0a2f48)
Ted Percival [Tue, 3 Feb 2009 22:10:20 +0000 (14:10 -0800)]
Probably fixes a crash during name resolution when log level >= 10
and libc segfaults if printf is passed NULL for a "%s" arg
(eg. Solaris).
(cherry picked from commit
d3220d9d58477f2a6ef7a78c3cf05cb232b57aff)
Lars Müller [Mon, 2 Feb 2009 20:38:38 +0000 (21:38 +0100)]
Adjust regex to match variable names including underscores
This is required to get the CIFSUPCALL_PROGS setting extracted from
config.log.
(cherry picked from commit
dbfdfd047e8e69942b3289733d300d716cdbec53)
Lars Müller [Mon, 2 Feb 2009 20:12:52 +0000 (21:12 +0100)]
Conditional install of the cifs.upcall man page
Only install the cifs.upcall man page if CIFSUPCALL_PROGS was set while
configure.
(cherry picked from commit
fda450e4d6f9d2661235a3422c0db644a6c686b3)
Günther Deschner [Fri, 5 Sep 2008 12:01:45 +0000 (14:01 +0200)]
build: don't install the cifs.upcall binary twice.
Guenther
(cherry picked from commit
5202fa31b227d8dd9a3ddfab26f7933bfd349281)
Karolin Seeger [Mon, 2 Feb 2009 10:46:39 +0000 (11:46 +0100)]
docs: Describe "service" in man mount.cifs.
This fixes bug #5346.
Thanks to the Debian Samba package maintainers for reporting and providing a
patch!
Karolin
(cherry picked from commit
73f4fc1f802f31459b70dba4777d142d00fcdd92)
(cherry picked from commit
ab4768452811e67f6606253b5a79101184f777d0)
(cherry picked from commit
876b0b001976226a7c1887570c08178d72842a48)
(cherry picked from commit
72655775487617e2f76836a7b16bee81e430f6f1)
Michael Adam [Tue, 27 Jan 2009 14:52:03 +0000 (15:52 +0100)]
libreplace: fix detection of netinet/ip.h on solaris 8
(The test needs to additionally include <netinet/in_systm.h>.)
Michael
(cherry picked from commit
1868bfd40f7bf4caf9a31116111fa3a5169f4735)
Michael Adam [Tue, 27 Jan 2009 11:37:13 +0000 (12:37 +0100)]
libreplace: fix bug #6066 - netinet/ip.h present but cannot be compiled
under solaris
Michael
(cherry picked from commit
d09c9b459638242b9df53cc82a8849699d572486)
Michael Adam [Wed, 21 Jan 2009 14:10:10 +0000 (15:10 +0100)]
build-docs: cleanup exit of the script
exit in the directory where it was called using pushd/popd.
Michael
(cherry picked from commit
b319549f129b1c79afc9bfd4a84f2730b96d69a3)
Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
84433b32a9339662ddad9443b90beafdcd8a2044)
Michael Adam [Wed, 21 Jan 2009 14:09:46 +0000 (15:09 +0100)]
s3:docs: clean build/catalog.xml in "make clean"
Michael
(cherry picked from commit
5e21fc3506f2ba7b1135b1acad2697dfb86b5df0)
Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
12116d757e2d9e3472dcccecc83ba77e09767d52)
Michael Adam [Wed, 21 Jan 2009 14:09:12 +0000 (15:09 +0100)]
s3:docs: clean generated .png images in "make clean"
Michael
(cherry picked from commit
9b32e839bec8611c30745607a3a6b124d5b34c01)
Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
c6c1ab779c50c24c362132d4a5f26bee198a8a1a)
Michael Adam [Wed, 21 Jan 2009 10:47:46 +0000 (11:47 +0100)]
s3:docs: fix ommission in fix of (real)distclean targets
Michael
(cherry picked from commit
37412017c5dd2f05a7f4bbe0410a6e00ce4805e5)
Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
892ab9ce709a478fad31f552a70a4b5992a386ed)
Michael Adam [Wed, 21 Jan 2009 10:45:23 +0000 (11:45 +0100)]
s3:create-tarball: also include the VENDOR_PATCH in the version
Michael
(cherry picked from commit
ce3e34d37ce5592e0268be5d16240387d971585a)
Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
347cc7f911cdbbe04aa3254444f7060cb0d2038e)
Michael Adam [Wed, 21 Jan 2009 10:41:14 +0000 (11:41 +0100)]
s3:docs: fix distclean target and add realdistclean target
- remove stuff created by configure in distclean
- remove stuff created by autoconf in realdistclean
Michael
(cherry picked from commit
65c92fea3d18c3520ff2a1e53a0c5c8825c9788f)
Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
4976a8737700aff1772126375b60566046f29ec4)
Jelmer Vernooij [Tue, 27 May 2008 16:40:14 +0000 (18:40 +0200)]
Depend on latexfigures files directly as using a rule in between causes problems.
(This used to be commit
bf3c2773f94c1db29a8a3e5935ff587f16f9a905)
(cherry picked from commit
5f6d0078d41e790ab4fa7dac15294821cdb4d4f0)
Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
c52786ee1c37139b9d2f7041fcc858cdd0c6e8f3)
Jelmer Vernooij [Wed, 21 May 2008 15:55:20 +0000 (17:55 +0200)]
Use double colon targets.
(This used to be commit
825cf91fa8b30a67d04cbda8885ff62a4c26458f)
(cherry picked from commit
323be4a6907e4915bb76aa103bf5b868f0b459b1)
Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
9894ba47fa0d75bf0b9b2993eb6115a33e39ce9c)
Jelmer Vernooij [Fri, 16 May 2008 13:46:36 +0000 (15:46 +0200)]
Add test target in Makefile.
(This used to be commit
ac0d768676b1b8105a9141169b1afa248df6ce66)
(cherry picked from commit
0f3ba4b766ed83d2a38e6cae8db8690374d88989)
Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
f430afc9c78178184601b08ea3e2efd5b1db761c)
Jelmer Vernooij [Fri, 16 May 2008 13:31:54 +0000 (15:31 +0200)]
Make the make output a bit less chatty.
(This used to be commit
1fa4ef553c437bae07389c0f6a5410ba22ee4905)
(cherry picked from commit
70f52c06ba1d0d9638f1dfb8c42cd0d70364e9df)
Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
4591c073be8feb767764aaa4030d6f23ea4a07db)
Andreas Schneider [Mon, 26 Jan 2009 13:38:34 +0000 (14:38 +0100)]
Document default of the printing config variable.
Signed-off-by: Andreas Schneider <anschneider@suse.de>
(cherry picked from commit
d8f15e4efc00b9d509ff5761e9ca8ff5c6f443f7)
(cherry picked from commit
541704e253f06f8b33006b6c27f51b934c2eb51f)
(cherry picked from commit
69880dac28ac1681bb0c3d84280494de3d788cc6)
(cherry picked from commit
c2d30b0a8e3609854908aeff19174e8e4e291cb7)
(cherry picked from commit
ab3e06e58b3b82377621262002837a63429ef87d)
Karolin Seeger [Fri, 23 Jan 2009 12:02:46 +0000 (13:02 +0100)]
docs: Fix formatting issue in man libsmbclient.
Karolin
(cherry picked from commit
aa2fb0efb7ce2bc732569b4baf20c57375fdce59)
(cherry picked from commit
e1e3a0554fcaabacc5bec51c213622271a83ad04)
(cherry picked from commit
84237fb48aad5f11789d75a6767a6f47465f140b)
(cherry picked from commit
2d4997f9bb7aa7b99c384defe6c7766d5169653d)
Jeremy Allison [Fri, 23 Jan 2009 00:29:46 +0000 (16:29 -0800)]
Apply same logic fix for #4308 Excel save operation corrupts file ACLs
to NFSv4 ACL code as this uses the same flawed logic as posix_acls.c.
Jeremy.
(cherry picked from commit
11fbc11e396a300aed04a37d44411d287d4c17d3)
Jeremy Allison [Fri, 23 Jan 2009 00:04:36 +0000 (16:04 -0800)]
Fix logic error in try_chown - we shouldn't arbitrarily chown
to ourselves unless that was passed in.
Jeremy.
(cherry picked from commit
60289187a91e23787be581b824076651230245b2)
Jeremy Allison [Thu, 22 Jan 2009 22:31:27 +0000 (14:31 -0800)]
Second part of the attemt to fix #4308 - Excel save operation corrupts file ACLs.
If the chown succeeds then the ACL set should also. Ensure this is the case
(refactor some of this code to make it simpler to read also).
Jeremy.
(cherry picked from commit
08836722e63cfd6cfd88059dd3f10d98474f49cb)
Jeremy Allison [Thu, 22 Jan 2009 18:58:38 +0000 (10:58 -0800)]
Another attempt to fix bug #4308 - Excel save operation corrupts file ACLs.
Simo is completely correct. We should be doing the chown *first*, and fail the
ACL set if this fails. The long standing assumption I made when writing the
initial POSIX ACL code was that Windows didn't control who could chown a file
in the same was as POSIX. In POSIX only root can do this whereas I wasn't sure
who could do this in Windows at the time (I didn't understand the privilege
model). So the assumption was that setting the ACL was more important (early
tests showed many failed ACL set's due to inability to chown). But now we have
privileges in smbd, and we must always fail an ACL set when we can't chown
first. The key that Simo noticed is that the CREATOR_OWNER bits in the ACL
incoming are relative to the *new* owner, not the old one. This is why the old
user owner disappears on ACL set - their access was set via the USER_OBJ in the
creator POSIX ACL and when the ownership changes they lose their access.
Patch is simple - just ensure we do the chown first before evaluating the
incoming ACL re-read the owners. We already have code to do this it just wasn't
rigorously being applied.
Jeremy.
(cherry picked from commit
9a95b6cac2dea88cb9e9b428292dfca9d1e3e801)
Karolin Seeger [Wed, 21 Jan 2009 10:37:30 +0000 (11:37 +0100)]
build_docs: Use 'make distclean' instead of 'make clean'.
This fixes bug #6058.
Thanks to Christian Perrier for reporting!
Karolin
(cherry picked from commit
162e4b66601b41dd5adb24e192f3b5a91dfb41cc)
(cherry picked from commit
2545fcc48888628eef2d6b83ef5656be1e53bf7e)
(cherry picked from commit
0098eb45d99373a4d1945e61dda24ea282c377e7)
Karolin Seeger [Mon, 22 Jun 2009 20:35:07 +0000 (22:35 +0200)]
VERSION: Raise version number to 3.0.35.
Karolin
Karolin Seeger [Mon, 22 Jun 2009 20:34:42 +0000 (22:34 +0200)]
WHATSNEW: Update changes since 3.0.34.
Karolin
Jeremy Allison [Mon, 22 Jun 2009 20:29:49 +0000 (22:29 +0200)]
Fix bug #6488.
Karolin Seeger [Tue, 9 Dec 2008 21:08:13 +0000 (22:08 +0100)]
build-docs: Change to the right directory before calling 'make clean'.
This fixes build-docs if it's called from the create-tarball script.
Karolin
(cherry picked from commit
dd3ef73c8c184eaec7ee515ef2130f30f9e481b3)
(cherry picked from commit
1e7c488097d67457632778a09e7f82db5d0e93e3)
Karolin Seeger [Thu, 18 Sep 2008 13:52:06 +0000 (15:52 +0200)]
Karolin Seeger [Mon, 19 Jan 2009 09:22:46 +0000 (10:22 +0100)]
S3-ByExample: Use 'winbindd -D' instead of 'winbindd -B'.
The option '-B' does not exist at all.
Thanks to Jason Ellison for reporting!
Karolin
(cherry picked from commit
4b26c7bbf4fe93f5ffb92d3f04012be290be25be)
(cherry picked from commit
05c7d97e6cf25c05ba6a661c0a31c88946ffd5cd)
(cherry picked from commit
f89c3db4ae0bcf1680c2532833ee115005b8ed70)
(cherry picked from commit
604fb1e00c18d81b5be8f096274e8a121a413745)
Karolin Seeger [Mon, 19 Jan 2009 07:55:30 +0000 (08:55 +0100)]
S3-HowTo: Change 'winbindd -B' to 'winbindd -D'.
There is no option '-B' at all.
Thanks to Jason Ellison for reporting!
Karolin
(cherry picked from commit
7c1e08518bfbe054db270e72476c642d5db93c0a)
(cherry picked from commit
3b5d2fd4cc5f7cbe22be1dfc593ca4ba29197b66)
(cherry picked from commit
0900b10f64fbb9f2e55591d1b11be9bb29526744)
(cherry picked from commit
f41988a343b1ac38e184f0e3aa34c6050953a6b4)
Karolin Seeger [Thu, 15 Jan 2009 07:34:53 +0000 (08:34 +0100)]
WHATSNEW: Update WHATSNEW.
Karolin
(cherry picked from commit
f121ad38a1306b3c69eb4485b18ed187d1fd9270)
Jeremy Allison [Wed, 14 Jan 2009 21:17:58 +0000 (13:17 -0800)]
Fix bug #6035 - Possible race between fcntl F_SETLKW and alarm delivery.
Jeremy.
(cherry picked from commit
0b880a684356d5cc2c266c760994838910134eef)
Karolin Seeger [Wed, 14 Jan 2009 13:02:08 +0000 (14:02 +0100)]
WHATSNEW: Update changes since 3.0.33.
Karolin
(cherry picked from commit
01debccb65fe63b070a2e219f7e4f2903f19fcfd)
Karolin Seeger [Wed, 14 Jan 2009 12:59:19 +0000 (13:59 +0100)]
WHATSNEW: Update WHATSNEW.
Karolin
(cherry picked from commit
5c3ec78c6dda9f354bee030967364411aafc0817)
Karolin Seeger [Wed, 14 Jan 2009 12:53:12 +0000 (13:53 +0100)]
VERSION: Raise version number up to 3.0.34.
Karolin
(cherry picked from commit
d5e8b958c33491635a07be7b6ad84c0218d83aad)
Jeremy Allison [Tue, 13 Jan 2009 19:24:24 +0000 (11:24 -0800)]
Fix bug #6019 File corruption in Clustered SMB/NFS environment managed via CTDB
Jeremy.
(cherry picked from commit
974262ba3e8226ec9805d38e602ec8d083e44f72)
Karolin Seeger [Mon, 17 Nov 2008 14:23:34 +0000 (15:23 +0100)]
s3 create-tarball.sh: Remove dashes in git commands.
Newer git versions (e.g. 1.6.0.2) do not provide the 'git-' commands
any longer.
Karolin
(cherry picked from commit
0cba859f12177aaf3ef2d96663f0a51f61c24d56)
(cherry picked from commit
3d64e67de2b50f7b781aa3f5ad13ec8e866d4333)
(cherry picked from commit
aa41a80969bd413d5922c602c7309bd8c05f3181)
(cherry picked from commit
0b4dd0cb1f81126344a6fe3304b46f880089718d)
(cherry picked from commit
4d988d0c9f22dda706ee1802985830ce4999f4d5)
(cherry picked from commit
b0f66f65e4d7cf0d70708783e5486fe3e1e5e8e8)
Karolin Seeger [Wed, 19 Nov 2008 12:16:38 +0000 (13:16 +0100)]
build-docs: Use 'git clean' instead of 'git-clean'.
Karolin
(cherry picked from commit
12e72140b944f844e7f44f21a087ab4a4ecc51a7)
(cherry picked from commit
ab02316ced8b0dc0d577960d1bab02d239313ef5)
(cherry picked from commit
d70bd3eebfa8a8705db2bdf9a3fd0e037701a756)
Stefan Metzmacher [Mon, 12 Jan 2009 11:32:46 +0000 (12:32 +0100)]
s3:libsmb: handle the smb signing states the same in the krb5 and ntlmssp cases
SMB signing works the same regardless of the used auth mech.
We need to start with the temp signing ("BSRSPYL ")
and the session setup response with NT_STATUS_OK
is the first signed packet.
Now we set the krb5 session key if we got the NT_STATUS_OK
from the server and then recheck the packet.
All this is needed to make the fallback from krb5 to
ntlmssp possible. This commit also resets the cli->vuid
value to 0, if the krb5 auth didn't succeed. Otherwise
the server handles NTLMSSP packets as krb5 packets.
The restructuring of the SMB signing code is needed to
make sure the krb5 code only starts the signing engine
on success. Otherwise the NTLMSSP fallback could not initialize
the signing engine (again).
metze
(cherry picked from commit
7d9fd64f38aa5821b38c1223cf87979fc87bfb71)
(cherry picked from commit
8e29070ccd0b5103af2e6da75644169f46700313)
(cherry picked from commit
38b297f99ec166e5c40ba33774222b37b45b4fec)
(a little bit modified to compile in v3-0)
(cherry picked from commit
db109da6b10a091593435e3f8b0d9adb57d3c972)
Karolin Seeger [Mon, 12 Jan 2009 11:30:13 +0000 (12:30 +0100)]
WHATSNEW: Add footer.
Karolin
(cherry picked from commit
c53a691187a855b9f5ac06f83aebcc51b8d20bf7)
Karolin Seeger [Mon, 12 Jan 2009 11:25:58 +0000 (12:25 +0100)]
WHATSNEW: Update changes since 3.0.33.
Karolin
(cherry picked from commit
8fb328a16feb0b3e9b1bdf8f9a451b1a271d3e4d)
Karolin Seeger [Mon, 12 Jan 2009 09:15:36 +0000 (10:15 +0100)]
VERSION: Remove git snapshot flag.
Karolin
Bo Yang [Mon, 12 Jan 2009 06:15:00 +0000 (14:15 +0800)]
Fix null pointer refrence in event context in backport from v3-3-test
Signed-off-by: Bo Yang <boyang@novell.com>
(cherry picked from commit
514dfc632ed35a80a175a4afbe9607aa4d913da3)
Jeremy Allison [Sun, 11 Jan 2009 04:04:27 +0000 (20:04 -0800)]
Fix logic bug introduce in backport of ccache_regain_all_now, sync with
3.3 implementation.
Jeremy.
(cherry picked from commit
ab29d6c6d349352db017d3046aeaee59e33745f4)
Bo Yang [Sat, 10 Jan 2009 22:32:43 +0000 (14:32 -0800)]
Backport of the clean event context after fork and
krb5 refresh chain fixes.
(cherry picked from commit
194425f8074e2cfd5893499099614666f8d8ecd9)
Bo Yang [Sat, 10 Jan 2009 22:13:32 +0000 (14:13 -0800)]
Don't set child->requests to NULL in parent after fork
(cherry picked from commit
a4438df44621ae37c13e5c5064cc3dc5e1371457)
Karolin Seeger [Fri, 9 Jan 2009 10:22:00 +0000 (11:22 +0100)]
docs: Improve man mount.cifs.
Add hint about specifying the workgroup in the credentials file.
Whitespace cleanup.
This fixes bug #4541.
Patch based on proposed patch from Christian Perrier <bubulle@debian.org>.
Thanks for reporting and providing a patch!
Karolin
(cherry picked from commit
1f7e09ea542df3a2f5f553c0cb11a39c74712950)
(cherry picked from commit
b99d98ff2ef5491979301656e7f516d3c8829f6e)
(cherry picked from commit
1900233ede3083410eb3dc691d2d486c5340ccc4)
(cherry picked from commit
47f4662b6d727f2901d630d74792a6a971b54662)
Jeremy Allison [Thu, 8 Jan 2009 18:56:36 +0000 (10:56 -0800)]
Fix race condition in alarm lock processing noticed by Richard Sharpe <realrichardsharpe@gmail.com>.
"It seems to me that if the lock is already held by another process when we
enter this code, there is a race between the timeout and the granting. If
the lock is subsequently granted, the process releasing the lock will signal
the wait variable (or whatever) and our process will be scheduled. However,
if the timeout occurs before we are scheduled, the timeout will be delivered
first.
We will have the lock but will forget we have the lock, and never release
it."
Jeremy.
(cherry picked from commit
8904b83ce6c69db31dc2ce4c05e8e8ee3db5ec3b)
Volker Lendecke [Tue, 6 Jan 2009 14:13:43 +0000 (15:13 +0100)]
s3/swat: Fix creation of the first share using SWAT.
This fixes bug #5965.
(cherry picked from commit
f76614169f1e0a932cf2895702cfa9e8a5735875)
(cherry picked from commit
148437fcd0896591ebbf6c2808723575d025123f)
(cherry picked from commit
3ee41667d7bb8358c80af24f78dbdd071fa9c765)
Karolin Seeger [Tue, 6 Jan 2009 11:26:23 +0000 (12:26 +0100)]
docs: Improve description of the share commands in man smb.conf.
-Correct the parameter names.
-Fix typos.
-Fix related parameters.
This fixes bug #6008.
Thanks to TAKAHASHI Motonobu <monyo@samba.gr.jp> for reporting!
Karolin
(cherry picked from commit
8b7f66c548ed170d2dab0c91ccff4aca00f4b52d)
(cherry picked from commit
6f38786aa878bd1a7fc10069773c19b28437fbbb)
(cherry picked from commit
f420b5c2af7d46e88269d9ec89c5dcd37f1f8f46)
(cherry picked from commit
98e2d6614f00f207de42a79d329b63e7966ab8ea)
Karolin Seeger [Tue, 6 Jan 2009 09:26:37 +0000 (10:26 +0100)]
docs: Fix example in man vfs_recycle.
This fixes bug #6001.
Thanks to TAKAHASHI Motonobu <monyo@samba.gr.jp> for reporting!
Karolin
(cherry picked from commit
9f44a17c3bf36067d04cec036c3e529798932cd7)
(cherry picked from commit
5e073807f7c4679dd299a2b8f3e2643dc1c82405)
(cherry picked from commit
c0877d14cb04956b29ca329897a7b4bface7f363)
(cherry picked from commit
232503ba417f51d93e22a2411b2d446596284e59)
Karolin Seeger [Mon, 5 Jan 2009 15:33:00 +0000 (16:33 +0100)]
examples: Avoid bashism in perfcount.init.
This fixes bug #6000.
Thanks to the Debian Samba package maintainers for providing the patch!
Remove trailing whitespaces.
Karolin
(cherry picked from commit
2e09746a4db4186c9d648370b9004971bc18e5c9)
(cherry picked from commit
9b17f7907bca32282d6e56fa28ca62ef84bf7afc)
(cherry picked from commit
de41f0e9a08b796873bdd319fe784b6c90e28b23)
(cherry picked from commit
e5e8a4a6fa866a23377d0a92eff433b59abfcebe)
Karolin Seeger [Mon, 5 Jan 2009 15:38:25 +0000 (16:38 +0100)]
Revert "examples: Avoid bashism in perfcount.init."
This reverts commit
744c7007b4b798699613e06933f92fdf5261b222.
(cherry picked from commit
26080fd575df450166e13836ea227a6d191e86c4)
Karolin Seeger [Mon, 5 Jan 2009 13:54:28 +0000 (14:54 +0100)]
examples: Avoid bashism in perfcount.init.
This fixes bug #6000.
Thanks to the Debian Samba package maintainers for providing the patch!
Remove trailing whitespaces.
Karolin
(cherry picked from commit
73875cd344608b591fa884ab99b5f3a10550c149)
(cherry picked from commit
e273c07e94ee607bbf05b6fa66cf3cea13fe4502)
(cherry picked from commit
a1bf1f1819ab184682327583d05b0258db8856ef)
(cherry picked from commit
b4ffffc5c03b69ac2f8e0ed74fd7788549f7e822)
(cherry picked from commit
744c7007b4b798699613e06933f92fdf5261b222)
Karolin Seeger [Mon, 5 Jan 2009 13:39:59 +0000 (14:39 +0100)]
docs: Document the -g option of smbclient.
This fixes bug #6013.
Thanks to the Debian Samba packages maintainers for reporting!
Karolin
(cherry picked from commit
6752d78e946b2c4278e2deba325c76fb7ffbc06a)
(cherry picked from commit
e6abdbde9b67801d46c9d331045d155717e8b241)
(cherry picked from commit
8a79b8796f98dd80b6e1f04d7302fb8342f0052d)
(cherry picked from commit
1f979334266706656874fdbe6cce14f17105360b)
(cherry picked from commit
74f5828112581fa230301f43f7685ec208a8e4f6)
Stefan Metzmacher [Fri, 2 Jan 2009 08:46:17 +0000 (09:46 +0100)]
Happy New Year!
metze
(cherry picked from commit
041435d841b457f493c940e0281cd496b52fb7dc)
Karolin Seeger [Wed, 17 Dec 2008 15:26:43 +0000 (16:26 +0100)]
s3/smb.h: Remove unused LDAP_SSL_ON.
LDAP_SSL_ON is not defined at all.
Ldaps can be used by specifying an ldaps URL using the "passdb backend"
parameter.
Karolin
(cherry picked from commit
0c6cf1f8793edfde924289aafbd174ce4a4fae0c)
(cherry picked from commit
7f36de6906811d4f0428b75c79c72b17b8ccfcef)
(cherry picked from commit
a3113657b4427eddcfbb10d71e9e8ade06bbd16f)
Karolin Seeger [Wed, 17 Dec 2008 14:53:51 +0000 (15:53 +0100)]
s3/loadparm.c: Change default value for "ldap ssl".
LDAP_SSL_ON is not defined at all. That's why the actual default value
was "" for a long time. Set a more sensible default value without chnging the
default behaviour.
-----8<------------------snip--------------8<--------------
user@host:/data/git/samba/v3-0-test/source> git grep LDAP_SSL_ON | cat
include/smb.h:enum ldap_ssl_types {LDAP_SSL_ON, LDAP_SSL_OFF,
LDAP_SSL_START_TLS};
param/loadparm.c: Globals.ldap_ssl = LDAP_SSL_ON;
----->8------------------snap-------------->8--------------
It's the same in 3.2 and 3.3 series.
Karolin
(cherry picked from commit
e6d883e003d4560c55259ae1cfdf7319602f76e3)
(cherry picked from commit
5c686419096362176d80f3d05339b8836d0178a4)
(cherry picked from commit
7a39f3eaf571fd9da6f8e103eeb50c5bcebd18c1)
Karolin Seeger [Wed, 17 Dec 2008 15:18:38 +0000 (16:18 +0100)]
docs: Update section "ldap ssl" in man smb.conf.
Remove non-existent value "on".
Change default value to "no".
Add hint about ldaps.
Karolin
(cherry picked from commit
580461629bb88ce3b61770e7abfe2c942a121877)
(cherry picked from commit
d74356627579fe7b9961844a77c4e6daa978d62b)
(cherry picked from commit
882ac5e5a79646754dfd1669ea6720ab52c9b6ee)
(cherry picked from commit
e147c4679f8095738fea6ab2c9fb37fbecc9bb85)
Karolin Seeger [Wed, 17 Dec 2008 14:42:12 +0000 (15:42 +0100)]
docs: Fix some formatting issues in the "ldap ssl" section of man smb.conf.
Karolin
(cherry picked from commit
6ac36698e975649d26e3f2975c2101129c3ffe97)
(cherry picked from commit
655a1c7b05d56326d6cfffbc8e46e1d64565717a)
(cherry picked from commit
2534619eedc3e9528d589cfee793a55b3cc62bed)
(cherry picked from commit
78ec02e8221aea7633ed63f5fc5084a12c9796d4)
Karolin Seeger [Wed, 17 Dec 2008 08:17:26 +0000 (09:17 +0100)]
docs: Fix TOC of generated HTML docs.
This fixes bug #5968.
Thanks to Christian Perrier <bubulle@debian.org> for reporting!
Karolin
(cherry picked from commit
675b363b712e0b91b9b7d1189a819a36853db539)
(cherry picked from commit
3566615292f9cb2d00b03156e515274751e05969)
(cherry picked from commit
0d6b3df8d9c8b5e777ac6717168a11455b2ad2ce)
(cherry picked from commit
875dfb887dba90807ed5b371334574997be419a8)
Karolin Seeger [Tue, 16 Dec 2008 14:10:29 +0000 (15:10 +0100)]
docs: "acl compatibility" is a global parameter.
This fixes bug #5866.
Thanks to TAKAHASHI Motonobu <monyo@samba.gr.jp> for reporting!
Karolin
(cherry picked from commit
9e64ed018e5aa84d802b01953b481fbb07eb00aa)
(cherry picked from commit
386b0fc4bdc0822ffbc51cfee536bea23df0a755)
(cherry picked from commit
877951eea6e67273748aa9f56a56e41cf2dca00a)
(cherry picked from commit
0a93af41475783ab80644729efb48a80915f7bfc)