Karolin Seeger [Tue, 14 Jun 2011 11:15:37 +0000 (13:15 +0200)]
WHATSNEW: Update changes since 3.5.8.
Karolin
(cherry picked from commit
d1880d237bdf79b036623ebf5ae477838c9482c9)
Jeremy Allison [Tue, 7 Jun 2011 19:36:24 +0000 (12:36 -0700)]
Fix re-opened bug 8083 - "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module.
Fix incorrect interaction when all of
"inherit permissions = yes"
"inherit acls = yes"
"inherit owner = yes"
are set. Found by Björn Jacke. Thanks Björn !
(cherry picked from commit
b5011e4c2cee39d4334c04ce7c8adc43a8ca7e6b)
Jeremy Allison [Wed, 8 Jun 2011 21:37:25 +0000 (14:37 -0700)]
Part 5 of bugfix for #8211 - "inherit owner = yes" doesn't interact correctly with "inherit permissions = yes" and POSIX ACLs
Ensure when creating a directory, if we make any changes due to inheritance parameters, we update the stat returned.
(cherry picked from commit
f5e238cbd97d63e107b64268691dff67cce8fe94)
Jeremy Allison [Wed, 8 Jun 2011 21:21:52 +0000 (14:21 -0700)]
Part 4 of bugfix for #8211 - "inherit owner = yes" doesn't interact correctly with "inherit permissions = yes" and POSIX ACLs
We don't need to check mode bits as well as dev/ino to
ensure we're in the same place.
(cherry picked from commit
0c1b1b73870bd477c83c130cab297b7f2615fe55)
Jeremy Allison [Wed, 8 Jun 2011 17:25:33 +0000 (10:25 -0700)]
Part 3 of bugfix for #8211 - "inherit owner = yes" doesn't interact correctly with "inherit permissions = yes" and POSIX ACLs
When changing ownership on a new file make sure we
must have a valid stat struct before making the inheritance
calls (as they may look at it), and if we make changes we
must have a valid stat struct after them.
(cherry picked from commit
d18d6df840d3a47fa1d7b877e07f804f025811ee)
Jeremy Allison [Wed, 8 Jun 2011 17:17:42 +0000 (10:17 -0700)]
Part 2 of bugfix for #8211 - "inherit owner = yes" doesn't interact correctly with "inherit permissions = yes" and POSIX ACLs
When changing ownership on a new file make sure we
also change the returned stat struct to have the correct uid.
(cherry picked from commit
59e77811b7774ad76e082ee9fd840a277df75c4c)
Jeremy Allison [Wed, 8 Jun 2011 17:24:02 +0000 (10:24 -0700)]
Part 1 of bugfix for #8211 - "inherit owner = yes" doesn't interact correctly with "inherit permissions = yes" and POSIX ACLs
When changing ownership on a new directory make sure we
also change the returned stat struct to have the correct uid.
(cherry picked from commit
f3900b0a96f98cc65d957cda5f92963f636d6ec1)
Stefan Metzmacher [Sun, 24 Apr 2011 19:20:19 +0000 (21:20 +0200)]
s3:lib/access: normalize IPv4 mapped IPv6 addresses in both directions (bug #7383)
metze
(cherry picked from commit
4bfe2d5655d97fbc7e65744425b5a098e77f5ba1)
(cherry picked from commit
62b2083c627abeb8a2fb7e5adc793c630d0d561c)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
d9ea6a10a8ba84e8a5a5a65c903ed96f9aa59aa5)
Karolin Seeger [Sun, 5 Jun 2011 19:10:53 +0000 (21:10 +0200)]
WHATSNEW: Add more changes since 3.5.8.
Karolin
(cherry picked from commit
7e307ac32ca074e47e27229fcef894343ec0f9c9)
Jim McDonough [Wed, 25 May 2011 14:49:41 +0000 (10:49 -0400)]
s3-winbind: BUG 8166 - Don't lockout users when offline.
Windows does not track bad password attempts when offline. We were locking users out but not honoring the lockout duration.
Autobuild-User: Jim McDonough <jmcd@samba.org>
Autobuild-Date: Wed May 25 18:11:10 CEST 2011 on sn-devel-104
(cherry picked from commit
b58534f1fca27e3e72f4f4107538ec05734bd42a)
(cherry picked from commit
a73963dd49d33bcfdd5cbc310dad0f895683eadf)
Jeremy Allison [Wed, 1 Jun 2011 18:38:48 +0000 (20:38 +0200)]
Fix bug #7528 - Solaris with NIS autohome.
(cherry picked from commit
0ffdf2288b1e6798e43259568818378c43b979e5)
Karolin Seeger [Tue, 31 May 2011 19:27:29 +0000 (21:27 +0200)]
WHATSNEW: Start to add changes since 3.5.8.
To be completed...
Karolin
(cherry picked from commit
ac4aca977ecb5fd1a644aa29c4b70503e906f83a)
Jeremy Allison [Tue, 19 Apr 2011 20:25:43 +0000 (13:25 -0700)]
Fix bug #8083 - "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module.
If "inherit owner = yes", pass in the directory owner and group
owner as the target for CREATOR_OWNER and CREATOR_GROUP substitutions,
and also as the owner and primary group of the new security descriptor
being applied to the object.
Jeremy.
(cherry picked from commit
ea331419108ed8575e33394f989240abeede2671)
Jeremy Allison [Thu, 26 May 2011 23:39:30 +0000 (16:39 -0700)]
Fix bug #6911 - Kerberos authentication from vista to samba fails when security blob size is greater than 16 kB
We were not correctly checking the output of asn1_start_tag().
asn1_start_tag() returns -1 and sets data->has_error if the
remaining blob size is too short to contain the tag length.
We were checking data->has_error and returning NT_STATUS_OK
(to allow the second asn.1 parse to fail in that case). We
should not be checking data->has_error in this case, but
falling through to the code that already checks the length.
Thanks to Jim for reproducing this for me. We don't get bitten
by this as we announce a max buffer size of 16k, greater than
Windows's 4k, which means that most krb5 spnego packets already
fit.
Jeremy.
(cherry picked from commit
c718b7d43bc5616f7f5e110afdf5332a62e04cb8)
Jim McDonough [Thu, 26 May 2011 18:29:24 +0000 (20:29 +0200)]
s3-libnet: fix bug #6364: Pull realm from supplied username on libnet join
(cherry picked from commit
67a9d4bb376d89c4411024164165ca1ed7a0b157)
David Disseldorp [Tue, 24 May 2011 09:50:12 +0000 (11:50 +0200)]
s3-printing: remove duplicate cups response processing code
There is currently a lot of duplicate code included for processing
responses to CUPS_GET_PRINTERS and CUPS_GET_CLASSES requests. This
change splits this code into a separate function.
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
4f0077cd6a8ffcb9f4980d71c9fc434f7fc1051c)
David Disseldorp [Tue, 24 May 2011 09:46:25 +0000 (11:46 +0200)]
s3-printing: use printcap IDL for IPC
Use printcap IDL for marshalling and unmarshalling messages between cups
child and parent smbd processes. This simplifies the IPC and ensures
the parent is notified of cups errors encountered by the child.
https://bugzilla.samba.org/show_bug.cgi?id=7994
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
53ecbc4a8cffe24f94d3e624faf3a9ea9067cc23)
David Disseldorp [Tue, 24 May 2011 09:41:27 +0000 (11:41 +0200)]
idl: define printcap IPC message format
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
2bf4660f2e3cf1921d22f74c2db1a5fb3b531657)
David Disseldorp [Tue, 24 May 2011 09:34:59 +0000 (11:34 +0200)]
s3-printing: an empty cups printer list is treated as an error
cups_async_callback() is called to receive new printcap data from a
child process which requests the information from cupsd.
Newly received printcap information is stored in a temporary printcap
cache (tmp_pcap_cache). Once the child process closes the printcap IPC
file descriptor, the system printcap cache is replaced with the newly
populated tmp_pcap_cache, however this only occurs if tmp_pcap_cache is
non null (has at least one printer).
If the printcap cache is empty, which is the case when cups is not
exporting any printers, the printcap cache is not replaced resulting in
stale data.
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
683b0652e23b787c5038ff5d7466fdc2a8b3c07f)
Jeremy Allison [Tue, 24 May 2011 19:47:31 +0000 (12:47 -0700)]
Fix our asn.1 parser to handle negative numbers.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue May 24 22:57:16 CEST 2011 on sn-devel-104
(cherry picked from commit
e719dfd4dc178f001a5f804fb1ac4e587574415f)
Fix bug #8163 (asn.1 library does not correctly read negative integers).
(cherry picked from commit
859d13141cd831488b60e413f7141514ae4464b5)
(cherry picked from commit
d210395a50b5d5043bdcfb75f670f8abab91f974)
Jeremy Allison [Fri, 20 May 2011 19:36:56 +0000 (12:36 -0700)]
Fix bug #8157 - std_pcap_cache_reload() fails to parse a cups printcap file correctly.
The parsing code made some strange assumptions about what is a printer
name, and what is a comment.
(cherry picked from commit
ef1a0c14ab41c87f133d310c5f976548caf15b9a)
David Disseldorp [Mon, 17 Jan 2011 15:09:32 +0000 (16:09 +0100)]
s3-printing: remove pcap_cache_loaded asserts
pcap_cache_loaded() assertions were added to the (re)load_printers()
functions, to ensure the caller had called pcap_cache_reload() prior to
reloading printer shares.
The problem is, pcap_cache_loaded() returns false if the the pcap_cache
contains no printer entries. i.e. pcap_cache_reload() has run but not
detected any printers.
Remove these assertions, correct call ordering is already enforced.
Signed-off-by: Günther Deschner <gd@samba.org>
The last 3 patches address bug #7836 (A newly added printer isn't visbile to
clients).
(cherry picked from commit
a88126d6e8577a9e0b6196acdee70633d0e06259)
David Disseldorp [Thu, 19 May 2011 09:22:37 +0000 (11:22 +0200)]
Revert "Revert "s3-printing: update parent smbd pcap cache""
This reverts commit
b6268f507fa3276c2ef22c58bad400a3fed48cd9.
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
8070240ed7e73b94aba591b6d985e7e32037bb5e)
David Disseldorp [Thu, 19 May 2011 09:22:18 +0000 (11:22 +0200)]
Revert "Revert "s3-printing: reload shares after pcap cache fill""
This reverts commit
e4579eab7fe3eab7a5209e6de74e6fd2f53099d0.
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
9e427e5aced5caeedeeff29b9b962913ee4f796d)
Karolin Seeger [Mon, 23 May 2011 18:17:13 +0000 (20:17 +0200)]
Revert "s3-spoolss: Added EN ISO 216, A0 and A1 to builtin forms."
This reverts commit
73bec197a91a15aa9a69c9a3868ed51bdd3674ea.
Please see bug #8129 (Application requests printing on Format A5, but prints as
A4) fro details.
(cherry picked from commit
f51ee94ee9034f88566c4441eed4ff11697454ec)
Volker Lendecke [Fri, 23 Apr 2010 17:41:29 +0000 (19:41 +0200)]
libwbclient: Fix bug 8087 -- wbcChangeUserPasswordEx in RESPONSE mode does not work
This is
03115efae89c8c4f51dea1ce82613817bd9fcf5b from master
Actually copy something in wbcChangeUserPasswordEx
The length argument for memcpy was initialized to 0 and not initialized
(cherry picked from commit
c707b1f3b199b8c785a79db308d80eee2926b060)
Günther Deschner [Fri, 1 Oct 2010 04:08:12 +0000 (06:08 +0200)]
s3-net: make sure we dont crash when publishing a single printer.
Guenther
(cherry picked from commit
21576e3f8c32878910460bf9575c200ad93d682a)
Part of a fix for bug #7993 ("net rpc printer MIGRATE" command fails).
(cherry picked from commit
9c75728c62cccb8da606ece2d9df08b592e7c7c0)
Björn Jacke [Fri, 26 Nov 2010 14:14:14 +0000 (15:14 +0100)]
s3/configure: fix GNU ld version detection with old gcc releases
needed as old gcc releases output everything to stderr, even stdout output from
ld
Fixes #7825
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Fri Nov 26 20:15:24 CET 2010 on sn-devel-104
(cherry picked from commit
70a7da0e101910e3ceb08b86d4b840b219e24d7d)
(cherry picked from commit
19bbd0a4f0c39aaf6f0f3ecdcce7c52bb8264a5a)
Simo Sorce [Mon, 18 Apr 2011 12:45:11 +0000 (22:15 +0930)]
tdb_expand: limit the expansion with huge records
ldb can create huge records when saving indexes.
Limit the tdb expansion to avoid consuming a lot of memory for
no good reason if the record being saved is huge.
Fix bug #7610 (winbindd_cache.tdb grows too large when scaled).
(cherry picked from commit
c8ba5d41f3c2ab25cb9b9d0fa78b4f884d4b9721)
Günther Deschner [Wed, 11 May 2011 08:30:42 +0000 (10:30 +0200)]
s3-printing: make cups_pull_comment_location() work again.
we deal with lp_cups_server in cups_connect() already, inside the URI all our
other cups functions we use ipp://localhost, do the same here.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed May 11 11:36:07 CEST 2011 on sn-devel-104
The last 3 patches address bug #8132 (Samba does not fill printers Location
field when using cups).
(cherry picked from commit
392d6b2ab8dcde4176a6e872699a5a076ab92068)
Günther Deschner [Tue, 10 May 2011 13:49:05 +0000 (15:49 +0200)]
s3-printing: Fix double free of cups request.
We never free the request in our cups api usage except for here. The reason is
probably htis (from the cupsDoConnect API docs):
"This function sends the IPP request to the specified server, retrying and
authenticating as necessary. The request is freed with ippDelete() after
receiving a valid IPP response."
Revert "Fix a memory leak in cups_pull_comment_location"
This reverts commit
fee2664dad37536b05ce8bdae3e74d45b257f632.
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Tue May 10 17:32:58 CEST 2011 on sn-devel-104
(cherry picked from commit
019f11dd5b3240d05c1abe30dec3d793d6919313)
(cherry picked from commit
5d503c7e8927f2bdb252f2293e53b7e87f2d3cb5)
Günther Deschner [Tue, 10 May 2011 13:48:25 +0000 (15:48 +0200)]
s3-printing: very obvious fix for cups_pull_comment_location().
This has been in there since 2008...
Guenther
(cherry picked from commit
3ba3f68e03510e3bb5b7627c200af0395e853bc2)
(cherry picked from commit
04e820ef17e5a9df90ff8b7744bf9cce5a00ae05)
Andrew Bartlett [Thu, 9 Dec 2010 20:57:59 +0000 (07:57 +1100)]
s3-libsmb Don't ever ask for machine$ principals as a target.
It is never correct to ask for a machine$ principal as the target of a
kerberos connection. You should always connect via the
servicePrincipalName.
This current code appears to have built up from a series of minimal
changes, as the codebase adapted the to lack of a SPNEGO principal
from Windows 2008.
Andrew Bartlett
The last two patches address bug #7893 (CIFS tickets vs. <host>$ tickets).
(cherry picked from commit
12bb20a0f6cd85cfdaedf746e7b05416ccde31b0)
Andrew Bartlett [Sat, 4 Dec 2010 02:48:37 +0000 (13:48 +1100)]
s3-libads Default to NOT using the server-supplied principal from SPNEGO
This principal is not supplied by later versions of windows, and using
it opens up some oportunities for man in the middle attacks. (Becuase
it isn't the name being contacted that is verified with the KDC).
This adds the option 'client use spnego principal' to the smb.conf (as
used in Samba4) to control this behaivour. As in Samba4, this
defaults to false.
Against 2008 servers, this will not change behaviour. Against earlier
servers, it may cause a downgrade to NTLMSSP more often, in
environments where server names are not registered with the KDC as
servicePrincipalName values.
Andrew Bartlett
(cherry picked from commit
bb7806283e71f3b8029aae0eed326b5847a36d83)
(cherry picked from commit
e962852687f539678b7c38ed21f1b76c328821f2)
Jeremy Allison [Fri, 29 Apr 2011 21:22:54 +0000 (14:22 -0700)]
Fix bug 8111 - CIFS VFS: unexpected error on SMB posix open
We are conflating the O_CREAT|O_EXCL with the O_TRUNC
processing, they need to be separate. We need to chose
using (O_CREAT|O_EXCL) first, then modify if O_TRUNC is
set. This needs two separate switch statements.
Jeremy
(cherry picked from commit
37823155157d735356e1f223b425252c956d8c04)
Jeremy Allison [Thu, 24 Mar 2011 18:55:38 +0000 (11:55 -0700)]
Fix is_myname_or_ipaddr() to be robust against strange DNS setups.
If IPv6 DNS names are turned on, but Samba isn't configured to
listen on an IPv6 interface, then is_myname_or_ipaddr() can return
false on a valid DNS name that it should detect is our own. If the
IPv6 addr is returned by preference, then looking at the first addr
only causes is_myname_or_ipaddr() to fail. We need to look at all the
addresses returned by the DNS lookup and check all of them against
our interface list. This is an order N^2 lookup, but there shouldn't
be enough addresses to make this a practical problem.
Jeremy.
Fix bug #8038 - Connecting to a printer can return INVALID_PARAMETER when IPv6
DNS names are turned on.
(cherry picked from commit
80078cb6ef2e6976cb5ab25a86157bca22c836a2)
Sergey Korsak [Tue, 19 Apr 2011 16:51:32 +0000 (18:51 +0200)]
s3: Fix bug 8099 - setpwent() actually does endpwent() on FreeBSD
(cherry picked from commit
2167ac2cd42c9ed5aaae0086dbd27e29d1d77686)
Jeremy Allison [Fri, 8 Apr 2011 22:25:18 +0000 (15:25 -0700)]
Fix bug 8072 - PANIC: create_file_acl_common frees handle two times.
Caused by premature optimisation storing the parent ACL on the
module handle instead of (correctly) on the file fsp. Previous
code wasn't reentrant safe. This is less optimal but doesn't
crash in the specific case :-).
Jeremy.
(cherry picked from commit
23e6f41ec923e2d3b4684ee646c8cd29506d787a)
Jeremy Allison [Mon, 18 Apr 2011 21:26:09 +0000 (14:26 -0700)]
Fix bug 8088 - rpccli_samr_chng_pswd_auth_crap segfaults if any input blobs are null.
(cherry picked from commit
fae43d2640459fe8cb3d485eacd1624de59b9622)
Dmitry Butskoy [Mon, 18 Apr 2011 21:14:09 +0000 (14:14 -0700)]
Fix bug 6966 - "allow trusted domains = no" not respected in winbind.
(cherry picked from commit
66de22f7b242ae9e3358d33e580547c2618bd918)
Volker Lendecke [Thu, 7 Apr 2011 20:03:49 +0000 (22:03 +0200)]
s3: Fix bug 8066, wrong output in smbget
(cherry picked from commit
4a467155fe9ad66a2d7e7e490d7e3957b4dcb67a)
Jeremy Allison [Wed, 6 Apr 2011 00:26:00 +0000 (17:26 -0700)]
Fix bug #7987 - ACL can get lost when files are being renamed.
There is no reason for smbd with Windows ACLs to use chmod
or fchmod unless it's a file opened with UNIX extensions or
with posix pathnames.
(cherry picked from commit
bea18a55252a06fd1da005a4f57d4d4dd89acaaf)
Günther Deschner [Wed, 13 Apr 2011 15:41:36 +0000 (17:41 +0200)]
s3-cli_pipe: fix timeout in rpc_pipe_open_tcp_port().
Make sure we use a timeout of 60 seconds, not 60 milliseconds...
This prevented us from successfully using the ncacn_ip_tcp client in a lot of
places, I guess.
Guenther
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Apr 13 18:59:19 CEST 2011 on sn-devel-104
(cherry picked from commit
4b3fe5247a6e16b1ad9f05269e9aa00e3120e36a)
Fix bug #8085 - incorrect timeout handling in ncacn_ip_tcp client code.
(cherry picked from commit
d7d39c723e1855a3d18813e8a79fcca9770b0142)
Günther Deschner [Tue, 12 Apr 2011 08:22:23 +0000 (10:22 +0200)]
s3-docs: document all wbinfo options.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Feb 23 23:45:40 CET 2011 on sn-devel-104
Fix bug #7983 - not all wbinfo parameters are documented in manpage.
(cherry picked from commit
7942bf50ce22597833bbfba99776f4b052edff1c)
Björn Baumbach [Mon, 11 Apr 2011 08:27:58 +0000 (10:27 +0200)]
s3-modules: Fix debug message (bug #8074)
Print child descriptor instead of parent.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Apr 11 11:48:42 CEST 2011 on sn-devel-104
(cherry picked from commit
e6cf92c574fba14132757f141d8b1242fa71be88)
(cherry picked from commit
42ad7630259829f1c40d9d0fcf5376fa007568a3)
(cherry picked from commit
75ab0c486927f674937b3379104eb2e4c8f026e4)
Martin Vogt [Thu, 7 Apr 2011 19:20:06 +0000 (21:20 +0200)]
Fix bug #6762 - ctdb on gpfs error with MS Office.
(cherry picked from commit
84745fe2ef953b1b5edfef473c88c71cc71d4d1e)
Björn Jacke [Sun, 3 Apr 2011 14:19:11 +0000 (16:19 +0200)]
s3/vfs_gpfs: s/syncops/gpfs
as pointed out by Metze in bug #8031
cherry-picked from
dca465fa53f4d16cdce1353685b11010aa8ff0c7
The last two patches address bug #8031 - merge patc to make
sharemodes/leases parameter a per share setting.
(cherry picked from commit
fbf1a26be29f3d78d09e5f4285c973db9e16327f)
Christian Ambach [Fri, 8 Oct 2010 11:15:57 +0000 (13:15 +0200)]
s3:vfs:gpfs convert sharemodes/leases parameter
convert gpfs:sharemodes and gpfs:leases parameters from a global setting
to a per share setting
cherry-picked from
22018b8b887c2677d30bbb4589f800197edf0e98
(cherry picked from commit
4413d05bd742f879a6af71206265791ff76070bb)
Volker Lendecke [Mon, 4 Apr 2011 17:19:18 +0000 (10:19 -0700)]
s3: Fix bug 8042: File creation on OS/X
With a case insensitive file system the stat cache lookup leaked the parent
directorys stat information from unix_convert into the smb_filename. This led
open_file_ntcreate to believe it just created a directory.
In the case where we do the search we already invalidate the stat struct.
Thanks to TAKAHASHI Motonobu for insisting! :-)
Volker
(cherry picked from commit
c9015e381905bb254ee61b64d99052b96b4d4913)
Jeremy Allison [Tue, 5 Apr 2011 21:15:56 +0000 (14:15 -0700)]
Fix bug #7080 - Quota only shown when logged as root.
Ensure we also check conn->admin_user when rejecting non-root access.
(cherry picked from commit
6d360c9e5db64fbd96d353013b7836d771935b6d)
Larry Reid [Sat, 26 Mar 2011 22:39:27 +0000 (15:39 -0700)]
Fix for servers that don't put a path separator at the end of the service.
Fix bug 8055 - Can't See Parts of DFS CIFS Share.
(cherry picked from commit
0d929df7d194574d283ea5b9f4f8a45d6d214a54)
Volker Lendecke [Fri, 1 Apr 2011 06:40:38 +0000 (08:40 +0200)]
s3: Fix Coverity ID 1137: CONSTANT_EXPRESSION_RESULT
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Apr 1 09:35:19 CEST 2011 on sn-devel-104
This patch and the last one address bug #8054 - winbindd cache stores/retrieves
wrong sizes for 16-bit ints.
(cherry picked from commit
5fc7b78c64c43fd345b96dcbc1d30f2cabfaef81)
Volker Lendecke [Fri, 1 Apr 2011 06:40:38 +0000 (08:40 +0200)]
s3: Fix Coverity ID 1136: CONSTANT_EXPRESSION_RESULT
(cherry picked from commit
ec4d201d5b9b86dfead5d999e4f186316797f77f)
Marc A. Dahlhaus [Fri, 1 Apr 2011 20:24:56 +0000 (22:24 +0200)]
s3: Fix Bug 8047 -- Fix mdns registration if "interfaces=" is used
(cherry picked from commit
baecb5a35e9f50140cf78e2dbdfe9f2791653875)
David Disseldorp [Fri, 1 Apr 2011 18:21:59 +0000 (11:21 -0700)]
alpha_strcpy() is a utility function which reportedly: Strips out all but 'a-Z0-9' and the character in other_safe_chars and replaces with '_'.
This statement does not currently hold true in all cases (e.g. src =
"ТАНЦЕВАТЬ").
Part of a fix for bug 8040 - smbclient segfaults when a Cyrillic netbios
name or workgroup is configured.
(cherry picked from commit
3e0f539596fbb867b672eeaff037e81c33428309)
Jeremy Allison [Fri, 25 Mar 2011 22:12:12 +0000 (15:12 -0700)]
Fix bug 8040 - smbclient segfaults when a Cyrillic netbios name or workgroup is configured.
As discovered by David Disseldorp <ddiss@suse.de>, convert_string_talloc()
doesn't always return consistent results for a zero length string. The
API states an incoming string must *always* contain the terminating null,
but unfotunately too much code expects passing in a zero source length
to return a null terminated string, so at least ensure we return a
correct null string in the required character set and return the
correct length.
Also ensure we cannot return a zero length for a converted string
(we ensure that the returned buffer is always allocated and zero
terminated anyway) as calling code depends on the fact that returning
true from this function will *always* return a non-zero length (as
it must include the terminating null).
Note this is a different fix from what went into master (this is
identical to the fix I'm planning for 3.5.x) as convert_string_talloc()
has diverged between the two.
Jeremy.
(cherry picked from commit
bb3ed43584e6d2c4d64b5f7b9e70a7db7f3e859d)
Jeremy Allison [Thu, 31 Mar 2011 17:49:22 +0000 (10:49 -0700)]
Fix bug #7996 - sgid bit lost on folder rename.
Refuse to set dos attributes into unix mode bits on such a
folder.
(cherry picked from commit
90e7f310ec52119359784899945f47d0a9c4e3ae)
Christian Ambach [Mon, 14 Mar 2011 12:08:58 +0000 (08:08 -0400)]
s3: use getgrset() when it is available
When getgrouplist() is not defined, use getgrset() if it is defined
instead of using the initgroups() + getgroups() combo
Major contributions from Yannick Bergeron <yaberger@ca.ibm.com>
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat Mar 19 10:09:38 CET 2011 on sn-devel-104
(cherry picked from commit
ed46dfc4f16e230645fae5f3b3b21c462694c30a)
Fix bug #8012 (Use getgrset() instead of initgroups() + getgroups() when
getgrouplist() is not defined).
(cherry picked from commit
64be11d41292fd2e9f6c13855fa6041b9290ce0c)
Björn Jacke [Tue, 23 Feb 2010 14:23:27 +0000 (15:23 +0100)]
s3: add explicit configure option whether or not to enable dmapi support
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(similar to commit
ce7727c1cc2fe4caa9b2d6e33530c3483dd5f980)
Fix bug #8033 - Backport dmapi configure checks.
(cherry picked from commit
a8552d4ea6ea3b3b59b0d1c39e8fdaf2f9e11a74)
Stefan Metzmacher [Mon, 21 Mar 2011 13:15:32 +0000 (14:15 +0100)]
s3:util_seaccess: make sure that we don't grant SEC_STD_DELETE to the owner by default
In the file server SEC_STD_DELETE is granted on the file/directory
or by FILE_DELETE_CHILD on the parent directory.
metze
(similar to commit
c7d10179108a3ae8af15c838042294f3fdced03c)
The last 2 patches address bug #8034 (SEC_STD_DELETE is always granted to the
owner of a file).
(cherry picked from commit
14a31111961278db99564d4d694f10ed66ff91bd)
Stefan Metzmacher [Fri, 18 Mar 2011 15:45:08 +0000 (16:45 +0100)]
s3:smbd: access checks should not depend on share mode flags
metze
(cherry picked from commit
f0ec69b53544b7ff702f94d58b3d64c33eaabc7a)
(cherry picked from commit
dca75c8e3ac23256d93269bdc13d1e67571bc9f2)
(cherry picked from commit
295271ca3d4346e130363ba227ff66b08368d957)
Nikolay Martynov [Wed, 16 Mar 2011 20:00:22 +0000 (13:00 -0700)]
Fix inode generation so nautilus can count total dir size correctly
Fix bug #8010 (str_checksum often returns same value for different strings
[Patch]).
(cherry picked from commit
e47dd1ed1a59d9fc721eeae0a9bb0f80e33be4c8)
Volker Lendecke [Fri, 18 Mar 2011 16:47:27 +0000 (17:47 +0100)]
s3: Attempt to fix bug 8016 -- gpfs_get_xattr broken
(cherry picked from commit
820628a6d06c715273ae221c926e1c1e7d7e8385)
Jeremy Allison [Mon, 14 Mar 2011 23:12:31 +0000 (16:12 -0700)]
Fix bug #8005 - smbtorture4 BASE-TCONDEV fails when tested on Samba
When pulling non-aligned ucs2 strings, we neglected to add in the
pad byte to the buffer length we've eaten. This caused the device
string in TCONX (which seems to be one of the few places that uses
non-aligned ucs2 strings) to be incorrectly read.
Volker please check.
Jeremy.
(cherry picked from commit
e59a950c049679f0394ea41b463dbb9837eb5e63)
(cherry picked from commit
9cddb8e6df6cc47e22a572af164deaffc6e1a774)
Christian Ambach [Thu, 10 Feb 2011 14:55:50 +0000 (15:55 +0100)]
nsswitch: fix a segfault in the krb5 locator plugin
after the number of retries was exceeded, the loop did not
bail out correctly with an error and went on using a null pointer
Fix bug #8008 (winbind krb5 locator crash).
(cherry picked from commit
f5eba15db82ed679d72dc8b13912d54919343314)
Volker Lendecke [Mon, 14 Mar 2011 17:35:23 +0000 (10:35 -0700)]
s3: Fix bug 8009 - net rap session cannot get username
Looking in [MS-RAP].pdf - these strings are always 4 bytes as an
offset in the rparam area, the string length is the size in the rdata area.
Se we must always return we have consumed 4 param bytes.
(cherry picked from commit
dd2e6fde0ab2e929b108c22244aac746e036a22c)
Volker Lendecke [Mon, 14 Mar 2011 17:35:36 +0000 (18:35 +0100)]
s3: Fix the talloc hierarchy in shadow_copy2_connectpath
We have to return on talloc_tos() because we don't have a mem_ctx given to us.
So we have to create a separate temporary talloc context.
Fix bug #8011 (memory corruption in shadow_copy2).
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Mar 14 19:21:11 CET 2011 on sn-devel-104
(cherry picked from commit
746b299ec1b11ea1e70c130b69a9a379ec478750)
(cherry picked from commit
5d734a32d9719d05f1dc53b3f61535778a7cdbf3)
Karolin Seeger [Mon, 30 May 2011 19:17:19 +0000 (21:17 +0200)]
WHATSNEW: Start release notes for 3.5.9.
Karolin
(cherry picked from commit
e75afeb933931839b855da7700f5089551ae3551)
Karolin Seeger [Mon, 30 May 2011 19:13:58 +0000 (21:13 +0200)]
VERSION: Bump version number up to 3.5.9.
Karolin
(cherry picked from commit
0e2d341c28878fa6c0b369c494f75ddbc8a0a9e5)
Karolin Seeger [Sat, 5 Mar 2011 21:14:43 +0000 (22:14 +0100)]
WHATSNEW: Update release notes for 3.5.8.
Karolin
(cherry picked from commit
fca681fede6d4b8b28490f58b5c3727f6c699e1a)
Karolin Seeger [Sat, 5 Mar 2011 14:24:10 +0000 (15:24 +0100)]
WHATSNEW: Start to list changes since 3.5.7.
Karolin
(cherry picked from commit
7c7742e589c7ed0f618eb8a1ad64e26715da34b4)
Stefan Metzmacher [Wed, 2 Mar 2011 09:14:54 +0000 (10:14 +0100)]
rerun 'make samba3-idl'
metze
The last 10 patches address bug #7567 (printing from Windows 7 fails with
0x000003e6 (in AD w2k8r2 controlled domain)).
(cherry picked from commit
c81256b04ead01f0d44c8a235d2ac793b7a51364)
Stefan Metzmacher [Tue, 1 Mar 2011 13:20:32 +0000 (14:20 +0100)]
librpc/ndr: handle NOALIGN flag for relative pointers and alignment DATA_BLOBs
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Mar 1 17:11:03 CET 2011 on sn-devel-104
(cherry picked from commit
ef224aa004d5f1726d8dca020e0ef96d8c58565e)
(cherry picked from commit
1ea17bacdb09d28a12a8b6ddeba3ac285cd9f905)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
7c6bc031b3af3643027865e444fb16f7bb7c7152)
Stefan Metzmacher [Tue, 22 Feb 2011 14:56:30 +0000 (15:56 +0100)]
spoolss.idl: align spoolss_DriverFileInfo relative pointer to 4 byte
metze
(cherry picked from commit
b6ece01c7922adeb3c9e718bc8cc610cae7c543c)
(cherry picked from commit
ba1a72cb153892e491af91a6bb61e1820135fa12)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
25f93fe17a396f9c0372dd5d1f4210ecfce7ded9)
Stefan Metzmacher [Tue, 22 Feb 2011 18:23:33 +0000 (19:23 +0100)]
spoolss.idl: align spoolss_PrinterEnumValues 'data' based on the type
metze
(cherry picked from commit
341330600aebcec92fba64ea343888c15a0c3d44)
(cherry picked from commit
757471a5fcd4f95da28402bae6c9ceccff7d6548)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
3cb71012a2cf26037323cded8cfd9ec5d12223c6)
Stefan Metzmacher [Tue, 22 Feb 2011 14:58:45 +0000 (15:58 +0100)]
librpc/ndr: remove align2 hack for relative pointers
metze
(cherry picked from commit
23f6f449792d889538e0d0028bb8fbd5c807b0da)
(cherry picked from commit
9313b5d1da24406dd7d26afb2488fee0cbea44a9)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
1757dee05942add03edb51163bead807d839fcf6)
Stefan Metzmacher [Tue, 22 Feb 2011 14:57:21 +0000 (15:57 +0100)]
librpc: align nstring and nstring_array to 2 byte
metze
(cherry picked from commit
712ef2590d0ee59a4a659926cdf8aac6e968dfa8)
(cherry picked from commit
0fb64a26b3b35b75f2f548d882bed41aa0386c6b)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
c26be77576e13582c7d51fe84f4c69f1c1abf28d)
Stefan Metzmacher [Tue, 22 Feb 2011 14:45:44 +0000 (15:45 +0100)]
librpc/ndr: ndr align relative pointers based on the given flags
We used to do this only for the reverse relative pointers
and now we always do it.
metze
(cherry picked from commit
84b884eb4bec38b721d6c38704f12d1d2c601bcb)
(cherry picked from commit
6648ce8990a97da739d4be69657e9ace6198068c)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
490d1553714ffc5afe0e49c3473e19697bdfbd53)
Stefan Metzmacher [Tue, 22 Feb 2011 17:19:13 +0000 (18:19 +0100)]
librpc/ndr: let ndr_push/pull_DATA_BLOB() look at LIBNDR_FLAG_REMAINING before LIBNDR_ALIGN_FLAGS
metze
(cherry picked from commit
6c3a49ced333988b21d86e47b2b1dd1a5957e15c)
(cherry picked from commit
5f8b7f95e9ce5946f048b242dbbaa14897aea919)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
eab30c15b2528d92e09b774be453e657020e5aa7)
Günther Deschner [Thu, 22 Apr 2010 09:42:45 +0000 (11:42 +0200)]
spoolss: pretty-print a struct spoolss_Time.
Guenther
(cherry picked from commit
440075247d11a7852d8567753f426fa67f41d875)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
0396087c36652b6c3d2bf4206212c2823352f9e0)
Günther Deschner [Mon, 2 Aug 2010 13:52:09 +0000 (15:52 +0200)]
spoolss: fix potential crash bug in spoolss_PrinterEnumValues push path.
Guenther
(cherry picked from commit
45952b56797982d27731b20d97f5648c9414814a)
(cherry picked from commit
ad68e45b505331683a2510de20f113a7c20e68e1)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
5a660f3f15e1e04d556b34b9e49e7177193df026)
Jonathan Nieder [Sun, 2 Jan 2011 08:40:09 +0000 (02:40 -0600)]
s3-param: Make "rlimit_max below minimum Windows limit" notification less scary
The fix to bug #6837 results in messages from testparm that look
like a misconfiguration even though they aren't:
rlimit_max: rlimit_max (8192) below minimum Windows limit (16384)
Apply a slight change in wording ("increasing rlimit_max to minimum
Windows limit") to make it clearer that the user has done nothing
wrong. (Similarly for sysctl_max.)
Reported-by: Miguel Medalha <miguelmedalha@sapo.pt>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
(cherry picked from commit
5d525ea0ed937e4146dee0859d0218ef730bfa27)
Rusty Russell [Fri, 20 Nov 2009 09:39:57 +0000 (10:39 +0100)]
s3:vfs:gpfs: fix logic when gpfs:winattr is false (the default!)
On my autocluster setup, it's not set. Maybe it should be? Otherwise
smbclient and some Windows client programs will get errors like:
# smbclient //localhost/data -Uadministrator%XXX
Domain=[VSOFS1] OS=[Unix] Server=[Samba 3.4.2-ctdb-10]
smb: \> put /etc/resolv.conf resolv.conf
NT_STATUS_ACCESS_DENIED closing remote file \resolv.conf
smb: \>
Caused by attempting to update the time on close.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
385d925f7e0fedca7d480e4f25d89e3194433b88)
Fix bug #7498 (robocopy fails to a GPFS share when setting the date).
(cherry picked from commit
fd6af89cb86c7ffb99ba4de986d932ec58182c81)
Jeremy Allison [Thu, 24 Feb 2011 02:24:41 +0000 (18:24 -0800)]
Fix bug 7950 - Samba 3.5.x fails BASE-CREATEX_SHAREMODES_DIR smbtorture4 test
We need to revalidate the pathname once re-constructed from a root fsp.
Jeremy.
(cherry picked from commit
916e82823b56a70d7761644b38a250ea8c38e204)
(cherry picked from commit
203b4aa318ce2aa64812006ed94a1e4e1becf66f)
Günther Deschner [Fri, 7 Jan 2011 16:28:29 +0000 (17:28 +0100)]
s3-winbindd: let winbind try to use samlogon validation level 6. (bug #7945)
The benefit of this that it makes us more robust to secure channel resets
triggered from tools outside the winbind process. Long term we need to have a
shared tdb secure channel store though as well.
Guenther
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(similar to commit
f60398d7b20869d7b09d81854f3727fdcd897430)
(similar to commit
7add712498fe93603b1bffff2c633e097ce8fbdf)
(cherry picked from commit
a5b388fc5ea81868f09590e8b7674826315c348c)
Volker Lendecke [Tue, 7 Sep 2010 03:58:45 +0000 (20:58 -0700)]
s3: Prune the printername cache when a printer is deleted.
Signed-off-by: Andreas Schneider <asn@samba.org>
Fix bug #7656 (Scalability problem with hundreds of printers).
(cherry picked from commit
f0e39788d88c4e29d9724288565241c71b860bb2)
Stefan Metzmacher [Tue, 1 Feb 2011 17:46:57 +0000 (18:46 +0100)]
s3:winbindd: catch lookup_names/sids schannel errors over ncacn_ip_tcp (bug #7944)
If winbindd connects to a domain controller it doesn't establish the lsa
connection over ncacn_ip_tcp direct. This happens only on demand.
If someone does a 'net rpc testjoin' and then a
wbinfo -n DOMAIN\\administrator, we'll get DCERPC faults with
ACCESS_DENIED/SEC_PKG_ERROR, because winbindd's in memory copy
of the schannel session key is invalidated.
This problem can also happen on other calls, but the
lookup_names/sids calls on thet lsa ncacn_ip_tcp connection
are the most important ones.
The long term fix is to store the schannel client state in a
tdb, but for now it's enough to catch the error and invalidate
the all connections to the dc and reestablish the schannel
session key.
The fix for bug 7568 (commit
be396411a4e1f3a174f8a44b6c062d834135e70a)
made this worse, as it assumes winbindd's in memory session key is
always the current one.
metze
(cherry picked from commit
255f2e06991aa543cd2c6f4d0123664b2a76c99d)
(cherry picked from commit
a699ac50f7c9a5eeb57215879e17631c9a1f534f)
(cherry picked from commit
b40ce0559c6da04f269cb9ac4d4a215ea8e9f925)
Stefan Metzmacher [Wed, 2 Feb 2011 13:18:33 +0000 (14:18 +0100)]
librpc/rpc: display DCERPC_FAULT_SEC_PKG_ERROR nicely in dcerpc_errstr()
metze
(cherry picked from commit
ab492152e86220600429d0bc85a3783463889cee)
Stefan Metzmacher [Wed, 2 Feb 2011 13:20:58 +0000 (14:20 +0100)]
rerun 'make samba3-idl'
metze
(cherry picked from commit
782726a5161da3ad1369dc63e13956a3faad4980)
Stefan Metzmacher [Sun, 30 Jan 2011 16:34:11 +0000 (17:34 +0100)]
dcerpc.idl: add DCERPC_FAULT_SEC_PKG_ERROR
metze
(cherry picked from commit
8d07deaeaacbd376f9824ac350c01510e05a76ca)
(cherry picked from commit
85358c0534472fde71e304ddada678b61637ba40)
(cherry picked from commit
80b95a13dd7c0ef57e079b370b80993326bc616d)
Stefan Metzmacher [Mon, 24 Jan 2011 07:47:12 +0000 (08:47 +0100)]
s3:lib/events: use DLIST_DEMOTE() for fd events
This makes sure that fd events doesn't dry out,
because a fd with a lower number is busy.
metze
The last 3 patches address bug #7942 (inotify can somehow cause endless loops in
with select()).
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Jan 31 16:59:44 CET 2011 on sn-devel-104
(cherry picked from commit
ad10289ebcc78ab62ec86abb29f81eb769d17f4e)
(cherry picked from commit
3d2f72844a221dbdfe94fbf6e2b45c98ee158a9b)
(cherry picked from commit
44a2e73cf07110e463f2262c50a377bdf17253d6)
Stefan Metzmacher [Mon, 24 Jan 2011 08:00:53 +0000 (09:00 +0100)]
s3:smbd: let smbd_server_connection_loop_once() check for select errors
metze
(cherry picked from commit
0bbe7334d69bcaa476f0741e0bd9685b023a4208)
(cherry picked from commit
d677921237c66e6cdf83de04e16c576a101d6493)
(cherry picked from commit
8a82e65f711e2f4ac893bd7e2365b305e1b088b8)
Stefan Metzmacher [Mon, 24 Jan 2011 07:57:47 +0000 (08:57 +0100)]
s3:lib/events: don't loop over fd events is select gave -1
metze
(cherry picked from commit
1f2be10ebf4cc06e3b7aac41ea35bfc4a41ce828)
(cherry picked from commit
d506b574bb94fdc23c5a62c5326cd478b5b63a11)
(cherry picked from commit
6647d687654aff806dfa8d797634b47ede36bf9c)
Volker Lendecke [Sat, 29 Jan 2011 09:59:14 +0000 (10:59 +0100)]
s3: Fix bug 7940 -- fall back for utimes calls
There are systems where ./configure has detected advanced utimes calls which
are then not available on other kernels. We should do a proper fallback.
(cherry picked from commit
a50a0f438a928db9c2f25c779186611e40b2a960)
Volker Lendecke [Sat, 22 Jan 2011 15:22:42 +0000 (16:22 +0100)]
s3: Fix connecting to port-139 only servers
When the TCP RST came before the 5 msecs timeout kicked in, we
viewed this as final, as state->req_139 was not set yet.
Fix bug introduced by a fix for bug #7881 (winbind flaky against w2k8).
(cherry picked from commit
f2a19b87725f9318e983dff6358a3eee721bff08)
Karolin Seeger [Sat, 15 Jan 2011 18:19:43 +0000 (19:19 +0100)]
Revert "s3-printing: update parent smbd pcap cache"
This reverts commit
5a2b2d4aeb6fe4af13aa0c92d22ba5bc9b7f7e13.
(cherry picked from commit
b6268f507fa3276c2ef22c58bad400a3fed48cd9)
Karolin Seeger [Sat, 15 Jan 2011 18:19:13 +0000 (19:19 +0100)]
Revert "s3-printing: reload shares after pcap cache fill"
This reverts commit
a8a01e4a3dcafd97372021d0d6f859fd3a69235f.
This commit seems to break 'make test'.
(cherry picked from commit
e4579eab7fe3eab7a5209e6de74e6fd2f53099d0)
Volker Lendecke [Fri, 14 Jan 2011 15:43:00 +0000 (16:43 +0100)]
s3: Fix bug 7917: Yet another bug in chain_reply
Found by Michael Hanscho <samba@micha.priv.at> with a WinCE client.
(cherry picked from commit
8917d84130991ed24767f21876b18ac82b246d87)
Björn Baumbach [Wed, 22 Dec 2010 14:20:29 +0000 (15:20 +0100)]
s3-rpcclient: Fix bug #7880: cmd_spoolss_deletedriver() returned without checking all architectures.
Continues now with next architecture if no driver is available.
Because of the broken behavior of the rpccli_*() functions,
we need special error code handling.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
f5af66e67d7c6d62315671c0cf57f47973316226)
(cherry picked from commit
dc63f45b523deb5c3d0c4be4239507e5fc4f6a40)
David Disseldorp [Mon, 10 Jan 2011 13:08:07 +0000 (14:08 +0100)]
s3-printing: update parent smbd pcap cache
If a client connects to a samba share and while connected a printer is
added, the client will see the new printer share after a maximum of
'printcap cache time' seconds.
smbd's forked for new client connections inherit printcap information
from the parent (listener) smbd, which does not perform updates on
printcap cache time expiry. Therefore newly connected clients may
initially be presented with stale printer shares.
Add a housekeeping function to the parent smbd to ensure newly connected
clients see up to date printer shares.
The last 2 patches address bug #7836 (A newly added printer isn't visbile to
clients).
(cherry picked from commit
5a2b2d4aeb6fe4af13aa0c92d22ba5bc9b7f7e13)