=================================
- Release Notes for Samba 3.0.25rc2
- Apr 22, 2007
+ Release Notes for Samba 3.0.25rc3
+ Apr 25, 2007
=================================
-This is the second release candidate of the Samba 3.0.25 code base
+This is the third release candidate of the Samba 3.0.25 code base
and is provided for testing only. An RC release means that we are
close to the final release but the code may still have a few
remaining minor bugs. This release is *not* intended for production
by side on the Same server.
o Improved compatibility with Windows Vista clients including
improved read performance with Linux servers.
- o Man pages for VFS plug-ins.
+ o Man pages for IdMap and VFS plug-ins.
Off-line Logons and AD Site Support
New IdMap Interface for Winbindd
================================
-The 3.0.25 release of Samba will include a rewritten IdMap interface
-for winbindd which replaces the "idmap backend" parameter. The
-initial design document may be found at
-
- http://www.samba.org/~idra/samba3_newidmap.pdf
-
-Please refer to the "idmap domains" description in the smb.conf(5)
-man page for more details.
+The 3.0.25 release of Samba includes a rewritten IdMap interface
+for winbindd which replaces the "idmap backend" parameter. Please
+refer to the "idmap domains" description in the smb.conf(5) man
+page for more details.
Dynamic DNS Updates
Changes
#######
-Changes since 3.0.25pre2
-------------------------
+Changes since 3.0.25rc2
+-----------------------
+
+commits
+-------
+
+o Jeremy Allison <jra@samba.org>
+ * Allow Well-Known and Local Groups to be stored in POSIX ACLs
+ as long as there is a SID/gid mapping entry available.
+ * Fix memory corruption bug in the CIFS POSIX open/mkdir.
+ * BUG 4536: Correctly delete symlinks pointing to a directory.
+
+
+o Gerald (Jerry) Carter <jerry@samba.org>
+ * Ensure winbindd honors the "idmap domains" option and not
+ default to idmap_tdb.
+ * Fix memory corruption caused by calling free() on talloc()'d
+ memory when adding and removing users from local groups.
+
+
+o Guenther Deschner <gd@samba.org>
+ * Memory allocation error checks in libgpo.
+
+
+o Jim McDonough <jmcd@us.ibm.com>
+ * Fix crate_user() access checks when setting the "User Cannot
+ Change Password" flag.
+
+
+o Simo Sorce <idra@samba.org>
+ * Fix linking flags used when creating shared libraries.
+
+
+
+Release Notes for older release follow:
+
+ --------------------------------------------------
+
+ =================================
+ Release Notes for Samba 3.0.25rc2
+ Apr 22, 2007
+ =================================
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.25rc1
+-----------------------
commits
-------
CFLAGS=@CFLAGS@
CPPFLAGS=-DHAVE_CONFIG_H @CPPFLAGS@
EXEEXT=@EXEEXT@
-LDFLAGS=@PIE_LDFLAGS@ @LDFLAGS@
AR=@AR@
LDSHFLAGS=@LDSHFLAGS@ @LDFLAGS@
WINBIND_NSS_LDSHFLAGS=@WINBIND_NSS_LDSHFLAGS@ @LDFLAGS@
+LDFLAGS=@PIE_LDFLAGS@ @LDFLAGS@
AWK=@AWK@
PICFLAG=@PICFLAG@
DYNEXP=@DYNEXP@
bin/libaddns.@SHLIBEXT@: proto_exists $(LIBADDNS_OBJ)
@echo Linking libaddns shared library $@
- @$(SHLD) $(LDSHFLAGS) -o $@ $(LIBADDNS_OBJ) $(LDFLAGS) $(LIBS) \
+ @$(SHLD) $(LDSHFLAGS) -o $@ $(LIBADDNS_OBJ) $(LIBS) \
$(KRB5LIBS) $(UUID_LIBS)\
@SONAMEFLAG@`basename $@`.$(LIBADDNS_MAJOR)
bin/libsmbclient.@SHLIBEXT@: proto_exists $(LIBSMBCLIENT_OBJ)
@echo Linking libsmbclient shared library $@
- @$(SHLD) $(LDSHFLAGS) -o $@ $(LIBSMBCLIENT_OBJ) $(LDFLAGS) $(LIBS) \
+ @$(SHLD) $(LDSHFLAGS) -o $@ $(LIBSMBCLIENT_OBJ) $(LIBS) \
$(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
@SONAMEFLAG@`basename $@`.$(LIBSMBCLIENT_MAJOR)
bin/libsmbsharemodes.@SHLIBEXT@: proto_exists $(LIBSMBSHAREMODES_OBJ)
@echo Linking libsmbsharemodes shared library $@
- @$(SHLD) $(LDSHFLAGS) -o $@ $(LIBSMBSHAREMODES_OBJ) $(LDFLAGS) $(LIBS) \
+ @$(SHLD) $(LDSHFLAGS) -o $@ $(LIBSMBSHAREMODES_OBJ) $(LIBS) \
$(KRB5LIBS) $(LDAP_LIBS) \
@SONAMEFLAG@`basename $@`.$(LIBSMBSHAREMODES_MAJOR)
bin/libmsrpc.@SHLIBEXT@: proto_exists $(CAC_OBJ)
@echo Linking libmsrpc shared library $@
- @$(SHLD) $(LDSHFLAGS) -o $@ $(CAC_OBJ) $(LDFLAGS) $(LIBS) \
+ @$(SHLD) $(LDSHFLAGS) -o $@ $(CAC_OBJ) $(LIBS) \
@SONAMEFLAG@`basename $@`.$(LIBMSRPC_MAJOR)
bin/libmsrpc.a: proto_exists $(CAC_OBJ)
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
-SAMBA_VERSION_RC_RELEASE=2
+SAMBA_VERSION_RC_RELEASE=3
########################################################
# To mark SVN snapshots this should be set to 'yes' #
for (i=0; i<num; i++) {
if (sid_compare(alias, &sids[i]) == 0) {
- SAFE_FREE(sids);
+ TALLOC_FREE(sids);
return True;
}
}
- SAFE_FREE(sids);
+ TALLOC_FREE(sids);
return False;
}
}
if (!found) {
- SAFE_FREE(sids);
+ TALLOC_FREE(sids);
return NT_STATUS_MEMBER_NOT_IN_ALIAS;
}
member_string = SMB_STRDUP("");
if (member_string == NULL) {
- SAFE_FREE(sids);
+ TALLOC_FREE(sids);
return NT_STATUS_NO_MEMORY;
}
SAFE_FREE(s);
if (member_string == NULL) {
- SAFE_FREE(sids);
+ TALLOC_FREE(sids);
return NT_STATUS_NO_MEMORY;
}
}
result = tdb_store(tdb, kbuf, dbuf, 0) == 0 ?
NT_STATUS_OK : NT_STATUS_ACCESS_DENIED;
- SAFE_FREE(sids);
+ TALLOC_FREE(sids);
SAFE_FREE(member_string);
return result;
DOM_SID dom;
uint32 rid;
+ if (sid_equal(sid, &global_sid_System))
+ return True;
+
sid_copy(&dom, sid);
sid_split_rid(&dom, &rid);
if (name && *display_name) {
*display_name = talloc_strdup(mem_ctx, name);
+ NT_STATUS_HAVE_NO_MEMORY(*display_name);
}
return NT_STATUS_OK;
temp))
return (time_t) 0;
- strptime(temp, "%Y%m%d%H%M%SZ", &tm);
+ if ( !strptime(temp, "%Y%m%d%H%M%SZ", &tm)) {
+ DEBUG(2,("ldapsam_get_entry_timestamp: strptime failed on: %s\n",
+ (char*)temp));
+ return (time_t) 0;
+ }
tzset();
return timegm(&tm);
}
return NT_STATUS_ACCESS_DENIED;
}
- status = pdb_update_sam_account(sampass);
+ status = access_check_samr_function(acc_granted, SA_RIGHT_USER_SET_ATTRIBUTES, "_samr_set_sec_obj");
+ if (NT_STATUS_IS_OK(status)) {
+ become_root();
+ status = pdb_update_sam_account(sampass);
+ unbecome_root();
+ }
TALLOC_FREE(sampass);
for(i = 0; i < dacl->num_aces; i++) {
SEC_ACE *psa = &dacl->aces[i];
- /*
- * Ignore non-mappable SIDs (NT Authority, BUILTIN etc).
- */
-
- if (non_mappable_sid(&psa->trustee)) {
- fstring str;
- DEBUG(10,("create_canon_ace_lists: ignoring non-mappable SID %s\n",
- sid_to_string(str, &psa->trustee) ));
- continue;
- }
-
/*
* Create a cannon_ace entry representing this NT DACL ACE.
*/
} else {
fstring str;
+ /*
+ * Silently ignore map failures in non-mappable SIDs (NT Authority, BUILTIN etc).
+ */
+
+ if (non_mappable_sid(&psa->trustee)) {
+ DEBUG(10,("create_canon_ace_lists: ignoring non-mappable SID %s\n",
+ sid_to_string(str, &psa->trustee) ));
+ continue;
+ }
+
free_canon_ace_list(file_ace);
free_canon_ace_list(dir_ace);
DEBUG(0,("create_canon_ace_lists: unable to map SID %s to uid or gid.\n",
int ret;
SMB_STRUCT_STAT st;
- ret = SMB_VFS_RMDIR(conn,directory);
+ /* Might be a symlink. */
+ if(SMB_VFS_LSTAT(conn, directory, &st) != 0) {
+ return map_nt_error_from_unix(errno);
+ }
+
+ if (S_ISLNK(st.st_mode)) {
+ /* Is what it points to a directory ? */
+ if(SMB_VFS_STAT(conn, directory, &st) != 0) {
+ return map_nt_error_from_unix(errno);
+ }
+ if (!(S_ISDIR(st.st_mode))) {
+ return NT_STATUS_NOT_A_DIRECTORY;
+ }
+ ret = SMB_VFS_UNLINK(conn,directory);
+ } else {
+ ret = SMB_VFS_RMDIR(conn,directory);
+ }
if (ret == 0) {
notify_fname(conn, NOTIFY_ACTION_REMOVED,
FILE_NOTIFY_CHANGE_DIR_NAME,
SIVAL(pdata,0,0); /* ??? */
SIVAL(pdata,4,byte_len); /* Byte length of unicode string ::$DATA */
SOFF_T(pdata,8,file_size);
- SIVAL(pdata,16,allocation_size);
+ SOFF_T(pdata,16,allocation_size);
SIVAL(pdata,20,0); /* ??? */
data_size = 24 + byte_len;
}
put_long_date_timespec(pdata+8,atime_ts);
put_long_date_timespec(pdata+16,mtime_ts); /* write time */
put_long_date_timespec(pdata+24,mtime_ts); /* change time */
- SIVAL(pdata,32,allocation_size);
+ SOFF_T(pdata,32,allocation_size);
SOFF_T(pdata,40,file_size);
SIVAL(pdata,48,mode);
SIVAL(pdata,52,0); /* ??? */
*pdata_return_size = 0;
return NT_STATUS_NO_MEMORY;
}
+ pdata = *ppdata;
SSVAL(pdata,0,NO_OPLOCK_RETURN);
SSVAL(pdata,2,0); /* No fnum. */
*pdata_return_size = 0;
return NT_STATUS_NO_MEMORY;
}
+ pdata = *ppdata;
if (extended_oplock_granted) {
if (flags & REQUEST_BATCH_OPLOCK) {