Stefan Metzmacher [Mon, 10 Oct 2011 13:38:22 +0000 (15:38 +0200)]
libcli/cldap: pass tevent_context to cldap_set_incoming_handler()
metze
(cherry picked from commit
3ed85d7c69f9b68a709572ab221b9da1c17a146e)
Stefan Metzmacher [Tue, 13 Nov 2012 13:07:11 +0000 (14:07 +0100)]
lib/replace: replace all *printf function if we replace snprintf (bug #9390)
This fixes segfaults in log level = 10 on Solaris.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Jacke <bj@sernet.de>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Wed Nov 14 19:41:14 CET 2012 on sn-devel-104
(cherry picked from commit
a15da3625850d97b3da1b02308c870f820007c52)
Jelmer Vernooij [Sun, 13 May 2012 01:21:34 +0000 (03:21 +0200)]
libreplace: Fix symbol names for snprintf/asprintf/vasprintf.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun May 13 05:16:28 CEST 2012 on sn-devel-104
(cherry picked from commit
cf67da70c9a63c4dc63f287059321d6c36d1e19e)
Jeremy Allison [Thu, 8 Nov 2012 21:45:19 +0000 (13:45 -0800)]
Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs.
Not caught by make test as it's an extreme edge case for strange
incoming ACLs. I only found this as I'm making raw.acls and smb2.acls
pass against 3.6.x with acl_xattr mapped onto a POSIX backend (which
isn't tested in make test).
An incoming inheritable ACE entry containing only one permission,
WRITE_DATA maps into a POSIX owner perm of "-w-", which violates
the principle that the owner of a file/directory can always read.
Günther Deschner [Tue, 13 Nov 2012 15:23:52 +0000 (16:23 +0100)]
s3-kerberos: also try with AES keys, when decrypting tickets.
Guenther
The last 3 patches address bug #9272 - net ads join does not provide AES keys
in host keytab.
Günther Deschner [Tue, 13 Nov 2012 14:11:08 +0000 (15:11 +0100)]
s3-libsmb: make sure we copy at most 16 bytes in cli_set_session_key().
Guenther
Günther Deschner [Thu, 15 Dec 2011 16:50:33 +0000 (17:50 +0100)]
samba: check for AES encryption type defines.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Tue Jan 10 15:05:38 CET 2012 on sn-devel-104
Andreas Schneider [Fri, 9 Nov 2012 14:33:09 +0000 (15:33 +0100)]
s3:winbind: BUG 9386: Failover if netlogon pipe is not available.
Samba continues to query a broken DC while the DC did not finish to
rebuild Sysvol (after a Windows crash, for example). It causes end users
to received strange codes while trying to authenticate, even if there is
a secondary DC available.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Nov 12 18:57:18 CET 2012 on sn-devel-104
(cherry picked from commit
3b01dd5f59841b11e9906b8c23345946e0d0ea8c)
Stefan Metzmacher [Mon, 22 Oct 2012 11:47:48 +0000 (13:47 +0200)]
lib/krb5_wrap: request enc_types in the correct order (bug #9272)
aes256-cts-hmac-sha1-96 and aes128-cts-hmac-sha1-96
should have a higher priority than arcfour-hmac-md5,
otherwise the KDC still gives us arcfour-hmac-md5 session keys.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(similar to commit
24f3f87706329e6e280dc6be6d025e997d46c910)
The last 3 patches address bug #9272 - net ads join does not provide AES keys in
host keytab.
Günther Deschner [Mon, 19 Dec 2011 09:52:58 +0000 (10:52 +0100)]
s3-kerberos: add aes enctypes to generated krb5.conf.
Guenther
(cherry picked from commit
06f3b1f0b0dcf9355a8d634cdb62f1f0a8ea4dbe)
Günther Deschner [Thu, 15 Dec 2011 17:12:41 +0000 (18:12 +0100)]
s3-krb5: use and request AES keys in kerberos operations.
Guenther
(cherry picked from commit
eae33e96fcaa456830862325b91579faf2a96213)
Volker Lendecke [Mon, 5 Nov 2012 14:53:31 +0000 (15:53 +0100)]
s3-aio_pthread: Optimize aio_pthread_handle_completion
Read as much as we can
The last 3 patches address bug #9359 - Optimization needed for SMB2 performance
sensitive workloads.
Stefan Metzmacher [Fri, 2 Nov 2012 12:56:53 +0000 (13:56 +0100)]
lib/tsocket: optimize syscalls in tstream_readv_pdu_send()
Once we've got the first part of a pdu we try to optimize
readv calls for the rest of the pdu.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 2 Nov 2012 12:45:49 +0000 (13:45 +0100)]
lib/tsocket: disable the syscall optimization for recvfrom/readv by default
We only do the optimization on recvfrom/readv if the caller asked for it.
This is needed because in most cases we preferr to flush send
buffers before receiving incoming requests.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Fri, 2 Nov 2012 09:25:27 +0000 (10:25 +0100)]
docs-xml: fix use of <smbconfoption> tag (fix bug #9345)
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Karolin Seeger <ks@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Fri Nov 2 12:37:42 CET 2012 on sn-devel-104
(cherry picked from commit
3ecbe8c83a003825fc58f6dcb9e02a35aad2d86e)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Mon Nov 5 13:09:12 CET 2012 on sn-devel-104
(cherry picked from commit
6195cb667b1c162436bfbf5d4f499bdc776f83b4)
Stefan Metzmacher [Wed, 19 Sep 2012 19:18:46 +0000 (21:18 +0200)]
s4:torture/smb2: improve the smb2.create.blob test
metze
(cherry picked from commit
e6c600aa2c751e694917322378417816c3e58eb6)
See https://bugzilla.samba.org/show_bug.cgi?id=9209 for details.
Andreas Schneider [Tue, 23 Oct 2012 15:12:59 +0000 (17:12 +0200)]
BUG 9326: Fix net ads join message for the dns domain.
We don't get a realm back from the server which is useable as a realm on
Unix. On Unix they are case sensitive and on Windows they aren't. This
confuses uses and if we write realm they try to use it as it came back
in lowercase.
Signed-off-by: Andreas Schneider <asn@samba.org>
David Disseldorp [Wed, 2 Nov 2011 17:39:03 +0000 (18:39 +0100)]
pam_winbind: fix segfault in pam_sm_authenticate()
Ensure the potentially null winbind context is not dereferenced on
cleanup.
https://bugzilla.samba.org/show_bug.cgi?id=8564
Karolin Seeger [Mon, 29 Oct 2012 10:28:44 +0000 (11:28 +0100)]
WHATSNEW: Start release notes for Samba 3.6.10.
Karolin
Karolin Seeger [Mon, 29 Oct 2012 10:26:20 +0000 (11:26 +0100)]
VERSION: Bump version up to 3.6.10.
Karolin
Karolin Seeger [Mon, 29 Oct 2012 09:03:56 +0000 (10:03 +0100)]
WHATSNEW: Finish release notes for Samba 3.6.9.
Karolin
Stefan Metzmacher [Sat, 27 Oct 2012 06:11:14 +0000 (08:11 +0200)]
libcli/smb: fix unitialized padding in smb2_create_blob_push_one() (bug #9209)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Oct 27 10:05:22 CEST 2012 on sn-devel-104
(cherry picked from commit
2b4672f2d30c01a4767acf660ddb061676c59908)
Karolin Seeger [Mon, 22 Oct 2012 10:48:50 +0000 (12:48 +0200)]
WHATSNEW: Start to add changes since 3.6.8.
To be continued.
Karolin
Matthieu Patou [Thu, 27 Sep 2012 08:22:57 +0000 (01:22 -0700)]
lib-addns: ensure that allocated buffer are pre set to 0 (bug #9259)
It avoid bugs when one of the buffer is supposed to contain a string
that is not null terminated (ie. label->label) and that we don't force
the last byte to 0.
(similar to commit
03c4dceaab82ca2c60c9ce0e09fddd071f98087b)
Jeremy Allison [Thu, 23 Aug 2012 23:02:09 +0000 (16:02 -0700)]
Remove useless bool "upper_case_domain" parameter from ntv2_owf_gen().
The code in SMBNTLMv2encrypt_hash() should not be requesting case
changes on the domain name.
(cherry picked from commit
c47183b337d996640f009d133d47f90c153acd56)
The last 3 patches address bug #9117 - smbclient can't connect to a Windows 7
server using NTLMv2 (crypto code changes domain case).
Jeremy Allison [Thu, 23 Aug 2012 22:59:54 +0000 (15:59 -0700)]
Remove useless bool "upper_case_domain" parameter. (cherry picked from commit
cbdf6c5c5135ce7d14ceff5d12b99428f4285e13)
Jeremy Allison [Thu, 23 Aug 2012 22:46:16 +0000 (15:46 -0700)]
Move uppercasing the domain out of smb_pwd_check_ntlmv2()
Allows us to remove a silly bool parameter.
Based on work done by "Blohm, Guntram (I/FP-37, extern)" <extern.guntram.blohm@audi.de>.
(cherry picked from commit
43870fb2c83c0fc70fb84b48dffe8f93bacf43c9)
Andrew Bartlett [Thu, 1 Mar 2012 05:55:04 +0000 (16:55 +1100)]
s3-libsmb: Initialise ticket to ensure we do not invalid memory
The free is however a talloc_free(), which has additional protection against
freeing the wrong thing.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Mar 2 01:45:19 CET 2012 on sn-devel-104
(cherry picked from commit
f1452a296429b79755235f4a480f0d5ea38ce178)
Fix bug #8788 - spnego_parse_krb5_wrap() frees invalid memory.
Andreas Schneider [Thu, 20 Sep 2012 08:20:31 +0000 (10:20 +0200)]
s3-printing: Increase debug level for info that the db is empty.
(cherry picked from commit
c80d70da1364349a5329d17a68033163c5025264)
Signed-off-by: Andreas Schneider <asn@samba.org>
See bug #9112 - smbd.log is flooded by 'printer_list_get_printer: Failed to
fetch record!' for details.
Andreas Schneider [Wed, 10 Oct 2012 09:30:15 +0000 (11:30 +0200)]
packaging: Add support for reloading systemd services.
Signed-off-by: Andreas Schneider <asn@samba.org>
Fix bug #9280 - Add support for reloading the daemons using systemctl reload.
Björn Jacke [Thu, 13 Sep 2012 22:02:22 +0000 (00:02 +0200)]
autoconf: fix --with(out)-sendfile-support option handling
this fixes bug #8344
Joachim Schmitz [Mon, 17 Sep 2012 12:26:31 +0000 (05:26 -0700)]
libreplace: Bug 8107, Fix poll replacement to become a msleep replacement
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
7542b63188f7e73588c9abb40e36a910c87bc534)
Björn Jacke [Sun, 16 Sep 2012 00:21:39 +0000 (02:21 +0200)]
replace: add some includes for poll.h
See bug #8107
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Sun Sep 16 04:05:08 CEST 2012 on sn-devel-104
(cherry picked from commit
520c9b0b0ae33e6e8fb78034cfff685f5491aab3)
(cherry picked from commit
ea96d79e21a549204a7f64307059ea877bfb9fd5)
Jeremy Allison [Wed, 3 Oct 2012 19:58:00 +0000 (12:58 -0700)]
Correct fix for bug #9222 - smbd ignores the "server signing = no" setting for SMB2.
Signing cannot be disabled for SMB2 by design, so fix the documentation
instead.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 3 23:47:23 CEST 2012 on sn-devel-104
(cherry picked from commit
fe38a93c71d0adc0be1d43b438ac3b54eaf4ba53)
Andreas Schneider [Mon, 8 Oct 2012 10:32:49 +0000 (12:32 +0200)]
s3fs-printing: Fix RAW printing for normal users.
This fixes bug #8769.
Signed-off-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Mon, 8 Oct 2012 19:25:49 +0000 (12:25 -0700)]
s3: Add two tests a CLEAR_IF_FIRST crash
The last 3 patches address bug #9268 - Make tdb robust against improper
CLEAR_IF_FIRST restart.
Volker Lendecke [Mon, 8 Oct 2012 19:02:43 +0000 (12:02 -0700)]
tdb: Make tdb robust against improper CLEAR_IF_FIRST restart
When winbind is restarted, there is a potential crash in tdb. Following
situation: We are in a cluster with ctdb. A winbind child hangs
in a request to the DC. Cluster monitoring decides the node has a
problem. Cluster monitoring decides to kill ctdbd. winbind child
still hangs in a RPC request. winbind parent figures that ctdb is
dead and immediately commits suicide. winbind parent is restarted by
cluster management, overwriting gencache.tdb with CLEAR_IF_FIRST. The
CLEAR_IF_FIRST logic as implemented now will not see that a child still
has the tdb open, only the parent holds the ACTIVE_LOCK due to performance
reasons. During the CLEAR_IF_FIRST logic is done, there is a very small
window where we ftruncate(tfd, 0) the file and re-write a proper header
without a lock. When during this small window the winbind child comes
back, wanting to store something into gencache.tdb, that winbind child
will crash with a SIGBUS.
Sounds unlikely? See:
[2012/09/29 07:02:31.871607, 0] lib/util.c:1183(smb_panic)
PANIC (pid
1814517): internal error
[2012/09/29 07:02:31.877596, 0] lib/util.c:1287(log_stack_trace)
BACKTRACE: 35 stack frames:
#0 winbindd(log_stack_trace+0x1a) [0x7feb7d4ca18a]
#1 winbindd(smb_panic+0x2b) [0x7feb7d4ca25b]
#2 winbindd(+0x1a3cc4) [0x7feb7d4bacc4]
#3 /lib64/libc.so.6(+0x32900) [0x7feb7a929900]
#4 /lib64/libc.so.6(memcpy+0x35) [0x7feb7a97f355]
#5 /usr/lib64/libtdb.so.1(+0x6e76) [0x7feb7b0b0e76]
#6 /usr/lib64/libtdb.so.1(+0x3d37) [0x7feb7b0add37]
#7 /usr/lib64/libtdb.so.1(+0x863d) [0x7feb7b0b263d]
#8 /usr/lib64/libtdb.so.1(+0x8700) [0x7feb7b0b2700]
#9 /usr/lib64/libtdb.so.1(+0x2505) [0x7feb7b0ac505]
#10 /usr/lib64/libtdb.so.1(+0x25b7) [0x7feb7b0ac5b7]
#11 /usr/lib64/libtdb.so.1(tdb_fetch+0x13) [0x7feb7b0ac633]
#12 winbindd(gencache_set_data_blob+0x259) [0x7feb7d4d8449]
#13 winbindd(gencache_set+0x53) [0x7feb7d4d85b3]
#14 winbindd(gencache_del+0x5e) [0x7feb7d4d879e]
#15 winbindd(saf_delete+0x93) [0x7feb7d54b693]
#16 winbindd(+0xe507e) [0x7feb7d3fc07e]
#17 winbindd(+0xe85e5) [0x7feb7d3ff5e5]
#18 winbindd(+0xe65be) [0x7feb7d3fd5be]
#19 winbindd(+0xe7562) [0x7feb7d3fe562]
#20 winbindd(init_dc_connection+0x2e) [0x7feb7d3fe5be]
#21 winbindd(+0xe75d9) [0x7feb7d3fe5d9]
#22 winbindd(cm_connect_netlogon+0x58) [0x7feb7d3fe658]
#23 winbindd(_wbint_PingDc+0x61) [0x7feb7d410991]
#24 winbindd(+0x103175) [0x7feb7d41a175]
#25 winbindd(winbindd_dual_ndrcmd+0xb7) [0x7feb7d4107d7]
#26 winbindd(+0xf8609) [0x7feb7d40f609]
#27 winbindd(+0xf9075) [0x7feb7d410075]
#28 winbindd(tevent_common_loop_immediate+0xe8) [0x7feb7d4db198]
#29 winbindd(run_events_poll+0x3c) [0x7feb7d4d93fc]
#30 winbindd(+0x1c2b52) [0x7feb7d4d9b52]
#31 winbindd(_tevent_loop_once+0x90) [0x7feb7d4d9f60]
#32 winbindd(main+0x7b3) [0x7feb7d3e7aa3]
#33 /lib64/libc.so.6(__libc_start_main+0xfd) [0x7feb7a915cdd]
#34 winbindd(+0xce2a9) [0x7feb7d3e52a9]
This is in a winbind child, logfiles surrounding indicate the parent
was restarted.
This patch takes all chain locks around the CLEAR_IF_FIRST introduced
tdb_new_database.
Rusty Russell [Mon, 8 Oct 2012 18:56:47 +0000 (11:56 -0700)]
tdb: Make robust against shrinking tdbs
When probing for a size change (eg. just before tdb_expand, tdb_check,
tdb_rescue) we call tdb_oob(tdb, tdb->map_size, 1, 1). Unfortunately
this does nothing if the tdb has actually shrunk, which as Volker
demonstrated, can actually happen if a "longlived" parent crashes.
So move the map/update size/remap before the limit check.
Jeremy Allison [Tue, 2 Oct 2012 17:15:54 +0000 (10:15 -0700)]
When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries. (cherry picked from commit
6575d1d34fee45c7a965c7c9641cc52b566a9e7f)
The last 4 patches address bug #9236 - ACL masks incorrectly applied when
setting ACLs.
Jeremy Allison [Tue, 2 Oct 2012 19:21:10 +0000 (12:21 -0700)]
Only apply masks on non-default ACL entries when setting the ACL.
Jeremy Allison [Tue, 2 Oct 2012 16:55:09 +0000 (09:55 -0700)]
Use is_default_acl variable in canonicalise_acl(). (cherry picked from commit
82e7132bdf7c9d4ddead3cd5d845bfe68b93448b)
Jeremy Allison [Tue, 2 Oct 2012 16:21:17 +0000 (09:21 -0700)]
Reformat spacing to be even. (cherry picked from commit
efb446a38cca448855977666499603d12e1477b4)
Karolin Seeger [Thu, 4 Oct 2012 09:43:20 +0000 (11:43 +0200)]
html docs: Remove link to Using Samba.
Thanks to Christian Perrier <bubulle@debian.org> for reporting!
Fix bug #7826 - HTML docs index file still points to Using Samba.
Karolin
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Thu Oct 4 13:48:00 CEST 2012 on sn-devel-104
(cherry picked from commit
1bf209dd7e5a0f0001b3d1e3798093772bbd3fd3)
Björn Jacke [Thu, 6 Sep 2012 08:23:50 +0000 (10:23 +0200)]
s3:quota: don't force the block size to 512
there is no point in forcing the block size to 512 when curblocks is 1. This
will only lead to false quota reporting. See bug #3272
(cherry picked from commit
d6cc08b9eeb9de17bc0e610d6cf6dba13c5c8222)
Jeremy Allison [Thu, 4 Oct 2012 08:56:12 +0000 (10:56 +0200)]
Fix net rpc share allowedusers to work with 2008r2
The RAP NetShareEnum command was removed in 2008r2, so use the RPC equivalent
instead.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=8966
Author: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 27 Sep 2012 15:20:25 +0000 (17:20 +0200)]
s3-smbd: Move housekeeping to the background process.
If you add 200 printers using lpadmin. Then you wait for the printcap
cache to expire. As soon as this expires we notify all deamons that they
should reload the printers. This mean we need to create the default
registry keys for each printer. If you do e.g. a 'smbclient -L' during
that time you will get a lot of timeouts.
This moves the housekeeping of the printcap cache to the background
queue process and lets the background process reload the printers first.
So the background process creates the default registry keys. When it is
done with the task it will tell all smbd childs to reload the printers
and the 200 printers appear.
Signed-off-by: Andreas Schneider <asn@samba.org>
Fix bug #9231 - NT_STATUS_IO_TIMEOUT during slow import of printers into
registry.
Vladimir Marek [Mon, 17 Sep 2012 20:50:55 +0000 (13:50 -0700)]
Fix service control for non-internal services.
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
a4e8869f7c93f30dd7014ff83d6d2f2b5afc2d64)
Signed-off-by: Andreas Schneider <asn@samba.org>
Fix bug #9192 - svcctl list option prohibits smbd to start.
Stefan Metzmacher [Wed, 26 Sep 2012 01:24:22 +0000 (03:24 +0200)]
s3:selftest: run the posix_s3.smb2.oplock tests
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Sep 26 07:57:12 CEST 2012 on sn-devel-104
(silimar to commit
98d117a5424d62804b7cb3d8a9ad35e703fc158a)
Stefan Metzmacher [Wed, 26 Sep 2012 01:08:33 +0000 (03:08 +0200)]
s4:torture/smb2: remove samba specific stuff from smb2.oplock
metze
(cherry picked from commit
7a14f09f9cc14cfb6234175add1841faf751d51a)
Stefan Metzmacher [Wed, 26 Sep 2012 01:04:20 +0000 (03:04 +0200)]
s3:smb2_create: don't take 'state->te' as indication for "was_deferred" (bug #9196)
We always set state->te = NULL of TALLOC_FREE(state->te),
before calling smbd_smb2_request_dispatch(), so
open_was_deferred_smb2() always returned false, while dispatching
it again.
But it's remove_deferred_open_message_smb2_internal() which
should reset this state.
In developer mode validate_my_share_entries() did call smb_panic()
before.
metze
(cherry picked from commit
4604219ceba96955b3c4bf6ab31aa70c11442d61)
Stefan Metzmacher [Sat, 29 Sep 2012 08:04:54 +0000 (10:04 +0200)]
s3:selftest: mark the driver_info_winreg tests knownfail.
They only get executed when driver files are around.
metze
(similar to commit
ef8e228a5b4952b51d9db6b28017142759f40d10)
Jeremy Allison [Wed, 26 Sep 2012 23:58:58 +0000 (16:58 -0700)]
Fix bug #9209 - Parse of invalid SMB2 create blob can cause smbd crash.
Ensure we correctly protect against blobs with data_offset==0
and data_length != 0.
Jeremy.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 27 22:07:02 CEST 2012 on sn-devel-104
(cherry picked from commit
322e3d42f65dadabeccf8813fcb0e9b7d353ffb2)
Stefan Metzmacher [Wed, 19 Sep 2012 06:11:23 +0000 (08:11 +0200)]
libcli/smb: fix padding in smb2_create_blob*
metze
(cherry picked from commit
aa5caf1fe92b159eae00c7b11499e9ec697cf9ae)
Andreas Schneider [Tue, 25 Sep 2012 12:28:22 +0000 (14:28 +0200)]
s3-smbd: Don't segfault if user specified ports out for range.
(cherry picked from commit
50d324b7e070de4672eff3fb6231923e6dca807a)
Signed-off-by: Andreas Schneider <asn@samba.org>
Fix bug #9218 - Samba panics if a user specifies an invalid port number.
Jeremy Allison [Tue, 25 Sep 2012 23:35:09 +0000 (16:35 -0700)]
Fix bug #9213 - Bad ASN.1 NegTokenInit packet can cause invalid free.
Not the correct fix for the specific issue, but a general fix to
make sure this can never happen again.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 26 04:07:57 CEST 2012 on sn-devel-104
(cherry picked from commit
83f60672e1b3069e6b1b90b376460da895e37df3)
Michael Adam [Thu, 20 Sep 2012 18:46:53 +0000 (20:46 +0200)]
selftest: we fail samba3.smb2.compound.interim2
We currently return NT_STATUS_CANCELLED where we should
return NT_STATUS_INTERNAL_ERROR.
(similar to commit
841934647b06d6400148932cc8ce02a20c209610)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
The last 15 patches address bug #9173 - SMB2 compound request
create/delete_on_close/close doesn't work as windows.
Michael Adam [Wed, 19 Sep 2012 22:43:54 +0000 (00:43 +0200)]
s4:torture:smb2:compound: remove two unused macros (cherry picked from commit
6f6b1c6ac15f225978e8c2d67c1a817d9e098317)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Wed, 19 Sep 2012 22:41:48 +0000 (00:41 +0200)]
s4:torture:smb2: don't skip the compound.interim2 test for non win7/win2k8 (cherry picked from commit
8df0b023c51ed198d3054760447e1b273eada991)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Wed, 19 Sep 2012 22:41:04 +0000 (00:41 +0200)]
s4:torture:smb2: don't skip the compound.interim1 test for non win7/win2k8 (cherry picked from commit
917e714831178b2a3d07c7f9d09711231a7ccf31)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 20 Sep 2012 14:23:26 +0000 (16:23 +0200)]
s3:smb2_notify: don't call tevent_req_done() from smbd_smb2_notify_cancel()
smbd_notify_cancel_by_smbreq() will already trigger this via
smbd_smb2_notify_reply() and smbd_smb2_notify_reply_trigger().
metze
(cherry picked from commit
1f0dfd42f16c388abc7054a7b615d2e81031472b)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 20 Sep 2012 14:04:01 +0000 (16:04 +0200)]
s3:smb2_server: avoid segfault in smbd_smb2_request_pending_queue()
Because we should not call smbd_smb2_request_error() on an
request that is still running.
If the subreq implementes a cancel function, this should
take care of triggering smbd_smb2_request_error.
metze
Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
9249871f40aab021d62d3154f8ca286b52f5ef76)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 21 Sep 2012 20:20:20 +0000 (22:20 +0200)]
s4:torture:smb2: extend the compound.invalid1 test
Test that when turning the related flag back off for the
last compound request, the return code changes from
invalid parameter to file closed.
Pair-Programmed-With: Michael Adam <obnox@samba.org>
(cherry picked from commit
25437df8a65e56616499dda18c696f58be08f67a)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Fri, 21 Sep 2012 19:43:36 +0000 (21:43 +0200)]
s3:smbd:smb2: simplify smbd_smb2_request_validate() and smbd_smb2_request_dispatch()
removes unnneccary checks/assignments for compound_related and next_status
and duplicate setting of error status.
And remove (now) unused next_status from struct smbd_smb2_request.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
(similar to commit
1ae6f9c62629f8513bbe93a56775b3c64ff06832)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Sat, 22 Sep 2012 02:06:27 +0000 (04:06 +0200)]
s3:smbd:smb2: add check for session_status for compound requests (cherry picked from commit
27d38b5c27bd96d5124c175d946718bf0836b8f4)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 19 Sep 2012 22:52:19 +0000 (00:52 +0200)]
s3:smb2_server: do the req->next_status check before the signing checks
Windows 2012 returns NT_STATUS_INVALID_PARAMETER to
the smb2.compound.invalid1 test if that uses signing
(instead of NT_STATUS_ACCESS_DENIED).
metze
(similar to commit
4384485f82aac109bf4c4c31075e313e54b4c076)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 20 Sep 2012 03:10:28 +0000 (05:10 +0200)]
s3:smb2_server: reset req->last_session_id and req->last_tid after using it
If we can find a valid session or tcon we'll set it after the lookup,
but it need to make sure to reset it if we don't find the session.
This fixes a problem where a compound unrelated request between
related requests doesn't reset the session.
If we have 3 requests in a compound chain, request 3 should never
use the id's cached from request 1. It should only every inherit
handles from request 2.
metze
(similar to commit
2552b6632372b35cbd7b788c4e00091dfe520a41)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Wed, 19 Sep 2012 22:36:29 +0000 (00:36 +0200)]
s4:torture:smb2: fix the compound.invalid3 test to work against windows (cherry picked from commit
bd8d50b451ea7f94efa7777fbe5dc0c2c19f6bf9)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Wed, 19 Sep 2012 22:35:52 +0000 (00:35 +0200)]
s4:torture:smb2: fix compound.related3 test to work against windows (cherry picked from commit
8e525a29a7c6512f61e4647ecb2e0771e2019a49)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Ira Cooper [Wed, 19 Sep 2012 18:39:07 +0000 (18:39 +0000)]
s3: Compound requests should continue processing.
This patch addresses #9173.
Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
75951946193c874b6db30c1b9c8722264c3ce656)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 27 Oct 2011 19:41:11 +0000 (21:41 +0200)]
s4:torture/smb2: fix compound.invalid2 against windows
Tested against w2k8r2 with signing and win8pre0 without signing.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Oct 31 21:40:25 CET 2011 on sn-devel-104
(cherry picked from commit
c90870f9b728dfb827ebc2fe8ad67a7ca3a50c43)
Jeremy Allison [Fri, 13 Jul 2012 23:25:23 +0000 (16:25 -0700)]
Fix bug #9016 - Connection to outbound trusted domain goes offline.
By the time we've gotten to init_dc_connection_network() we shouldn't
be second guessing the caller by calling winbindd_can_contact_domain().
If for some reason we do need to restrict the contact list here we
can add a condition to only contact the primary domain or domains
listed in the tdc cache, but I don't think that's neccessary.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jul 14 03:17:57 CEST 2012 on sn-devel-104
(cherry picked from commit
726ecf6a915ff534af4076e9d0cdebf8b5435d61)
Andreas Schneider [Wed, 26 Sep 2012 16:21:55 +0000 (18:21 +0200)]
s3-spoolss: Fix builtin forms order to match Windows again.
Thanks to mamachine@gmail.com.
(cherry picked from commit
24fc5b46f2b33f94bf79fc375432609697aaa45e)
Signed-off-by: Andreas Schneider <asn@samba.org>
Fix bug #8632 - printing regression: form sizes seem broken, cannot print letter
size correctly.
Jeremy Allison [Mon, 24 Sep 2012 23:43:12 +0000 (16:43 -0700)]
Fix bug #9189 - SMB2 Create doesn't return correct MAX ACCESS access mask in blob.
If we aren't already granted DELETE access, check if we have
DELETE_CHILD in the containing directory.
Jeremy Allison [Mon, 24 Sep 2012 23:42:57 +0000 (16:42 -0700)]
Add some const to can_delete_file_in_directory().
Björn Jacke [Tue, 18 Sep 2012 11:57:30 +0000 (13:57 +0200)]
quota: add supprt for gfs2
gfs2 uses the same generic quota interface as xfs and it has the same base
block/quota block size ratio and seems to work nice with the xfs quota module.
(People using gfs should be aware that quota reporting is lagging quite a bit
on gfs. If you copy a file on a gfs volume the quota values are being updated
with a delay of 30s here with kernel 3.5. This reporting can lead to data
corruption if a client thinks he can write but actually he suddently can't.)
(cherry picked from commit
0b57d1c07520f4995412f224945324fef29f5989)
Fix bug #9172 - quota on gfs2 being reported wrong.
Günther Deschner [Wed, 19 Sep 2012 08:59:50 +0000 (10:59 +0200)]
pam_winbind: match more return codes when wbcGetPwnam has failed.
This is required to properly return PAM_USER_UNKNOWN in case winbind had a
problem.
Guenther
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Sep 19 15:06:10 CEST 2012 on sn-devel-104
Fix bug #9177 - pam_winbind's pm_sm_acct_mgmt needs to return PAM_USER_UNKNOWN.
Andreas Schneider [Tue, 18 Sep 2012 12:43:33 +0000 (14:43 +0200)]
s3-docs: Remove non-existent option from winbindd manpage.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Fix bug #9171 - winbindd -Y is documented but not implemented.
Volker Lendecke [Tue, 18 Sep 2012 22:31:26 +0000 (15:31 -0700)]
s3: Fix idmap_hash
Calling be_init with NULL safely crashes, because we dereference NULL. We
don't need to call it here, this is called in all workers anyway. Thanks
to Jiri Sasek <jiri.sasek@oracle.com> for finding this.
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Sep 20 05:03:54 CEST 2012 on sn-devel-104
Fix bug #9188 - idmap_hash crashes.
Jeremy Allison [Tue, 18 Sep 2012 18:51:31 +0000 (11:51 -0700)]
Fix bug #9174: Empty SPNEGO packet can cause smbd to crash.
All fields within NegTokenInit and NegTokenTarg are optional. We incorrectly
assume we'll always get a data blob and indirect within it.
Karolin Seeger [Tue, 18 Sep 2012 09:08:17 +0000 (11:08 +0200)]
RHEL packaging: Try to fix makerpms.sh on RHEL.
Address bug #9165 - makerpms.sh can't create package fo RHEL.
Karolin
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Tue Sep 18 12:51:01 CEST 2012 on sn-devel-104
(cherry picked from commit
6fb91dd36950151aeec69c074f4d900a6e7adba1)
Björn Jacke [Fri, 14 Sep 2012 18:08:19 +0000 (20:08 +0200)]
configure: fix wrong test == syntax
This fixes bug #8146. Thanks to Joachim Schmitz for reporting!
Andreas Schneider [Wed, 12 Sep 2012 10:12:58 +0000 (12:12 +0200)]
s3-rap: Open printers with the right access mask.
Fix bug #9154.
(cherry picked from commit
1f8c9ab88e7a2e28e503e99baabb88c3cebbc4b6)
Signed-off-by: Andreas Schneider <asn@samba.org>
Luca Lorenzetto [Tue, 11 Sep 2012 16:35:42 +0000 (18:35 +0200)]
nsswitch: fix crash on null pam change pw response
The function _pam_winbind_change_pwd crashes due to a null value passed
to the function strcasecmp and denies to login via graphical login
manager. Check for a null value before doing a strcasecmp.
Bug-Ubuntu: https://bugs.launchpad.net/bugs/
1003296
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9013
(Desktop Managers (xdm, gdm, lightdm...) crashes with SIGSEGV in
_pam_winbind_change_pwd() when password is expiring)
Jeremy Allison [Tue, 11 Sep 2012 20:25:14 +0000 (13:25 -0700)]
Fix bug #9147 - winbind can't fetch user or group info from AD via LDAP
Don't use "isprint" in ldb_binary_encode(). This is locale specific.
Restrict to ASCII only, hex encode everything else.
Karolin Seeger [Mon, 17 Sep 2012 08:18:45 +0000 (10:18 +0200)]
WHATSNEW: Start release notes for Samba 3.6.9.
Karolin
Karolin Seeger [Mon, 17 Sep 2012 08:16:12 +0000 (10:16 +0200)]
VERSION: Bump version number up to 3.6.9.
Karolin
Karolin Seeger [Fri, 14 Sep 2012 08:08:12 +0000 (10:08 +0200)]
WHATSNEW: Add major changes.
Karolin
Karolin Seeger [Fri, 14 Sep 2012 07:47:47 +0000 (09:47 +0200)]
WHATSNEW: Add changes since 3.6.7.
Karolin
Volker Lendecke [Mon, 10 Sep 2012 09:25:03 +0000 (11:25 +0200)]
s3: delete requests are not special
The only difference between batch and exclusive oplocks is the time of
the check: Batch is checked before the share mode check, exclusive after.
Signed-off-by: Jeremy Allison <jra@samba.org>
Fix bug #9150 - Valid open requests can cause smbd assert due to incorrect
oplock handling on delete requests.
Björn Jacke [Thu, 6 Sep 2012 05:58:00 +0000 (07:58 +0200)]
sysquota: we need to list nfs4 as a separate fs name for the sys_get_nfs_quota backend
at least the Linux kernel up to 3.5.0 lists NFSv4 aѕ nfs4 and not as nfs
(cherry picked from commit
a6df44b3ae1ca6395d05e1af804a779d785358db)
Fix bug #9144 - nfs quota support not working with Linux nfs4 mounts.
Christian Ambach [Wed, 5 Sep 2012 13:07:54 +0000 (15:07 +0200)]
s3:client use more access bits for snapshot display
otherwise Windows server will reject the request for shadow copy enumeration
with access denied
The last 2 patches address bug #9137 - smbclient allinfo does not show snapshot
list.
Christian Ambach [Thu, 30 Aug 2012 14:43:33 +0000 (16:43 +0200)]
s3:libsmb correctly set isFsctl for snapshot list
FSCTL_GET_SHADOW_COPY_DATA is a FSCTL, so set the isFsctl marker
otherwise smbclient allinfo will not report snapshots any more with the changes
made for Bug #8311
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Thu Aug 30 18:57:24 CEST 2012 on sn-devel-104
Andreas Schneider [Tue, 4 Sep 2012 12:30:38 +0000 (14:30 +0200)]
s3-winbind: DON'T PANIC if we couldn't find the domain.
If we don't have a connection to a trusted domain but still try to do a
lookup we shouldn't segfault.
Signed-off-by: Andreas Schneider <asn@samba.org>
Fix bug #9135 - Don't segfault if we don't find a domain in
resolve_username_to_alias()/fill_grent() .
Jeremy Allison [Wed, 29 Aug 2012 23:55:21 +0000 (16:55 -0700)]
Fix bug #9124 - Samba fails to set "inherited" bit on inherited ACE's.
Change se_create_child_secdesc() to handle inheritance correctly.
Jeremy Allison [Wed, 29 Aug 2012 20:40:29 +0000 (13:40 -0700)]
Windows does canonicalization of inheritance bits. Do the same.
We need to filter out the
SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ
bits. If both are set we store SEC_DESC_DACL_AUTO_INHERITED
as this alters whether SEC_ACE_FLAG_INHERITED_ACE is set
when an ACE is inherited. Otherwise we zero these bits out.
See:
http://social.msdn.microsoft.com/Forums/eu/os_fileservices/thread/
11f77b68-731e-407d-b1b3-
064750716531
for details.
(cherry picked from commit
d02f39f97624260bd226977b30c80974d0ce0fe0)
Jeremy Allison [Wed, 29 Aug 2012 23:52:02 +0000 (16:52 -0700)]
Change the other two places where we set a security descriptor given by the client to got through set_sd(), the canonicalize sd function.
Jeremy Allison [Wed, 29 Aug 2012 20:29:34 +0000 (13:29 -0700)]
Re-add set_sd(), called from set_sd_blob(). Allows us to centralize all ACL canonicalization. (cherry picked from commit
05734b67b8ed5516d81000eac48acd0915567629)
Jeremy Allison [Wed, 29 Aug 2012 20:23:06 +0000 (13:23 -0700)]
Rename set_sd() to set_sd_blob() - this describes what it does. (cherry picked from commit
61957ff9f6124eabae050f5425d7d0597ae6a127)
Andreas Schneider [Tue, 28 Aug 2012 12:17:22 +0000 (14:17 +0200)]
s3-smbd: Fix flooding the logs with records we don't find in pcap.
Signed-off-by: Andreas Schneider <asn@samba.org>
Fix bug #9112 - smbd.log is flooded by 'printer_list_get_printer: Failed to
fetch record!'.
Jeremy Allison [Wed, 22 Aug 2012 18:05:19 +0000 (11:05 -0700)]
Bug #9058] Files not deleted, smbstatus shows "Segmentation fault".
Fix smbstatus code dump when a file entry has delete tokens.