Jeremy Allison [Fri, 19 Nov 2010 00:13:28 +0000 (16:13 -0800)]
Add SeSecurityPrivilige.
Jeremy.
Jeremy Allison [Fri, 22 Oct 2010 23:14:28 +0000 (16:14 -0700)]
Ensure we have correct parameters to use Windows ACL modules.
Jeremy Allison [Sat, 23 Oct 2010 00:28:58 +0000 (17:28 -0700)]
Add acl_xattr:ignore system acls boolean (normally false) to allow Samba ACL module to ignore mapping to lower POSIX layer. With this fix Samba 3.6.x now passes RAW-ACLs (with certain smb.conf parameters set).
Jeremy.
Jeremy Allison [Fri, 22 Oct 2010 23:04:53 +0000 (16:04 -0700)]
Add make_default_filesystem_acl() function to be used in following change to acl_xattr and acl_tdb module.
Jeremy Allison [Fri, 22 Oct 2010 22:56:31 +0000 (15:56 -0700)]
Fix handling of "NULL" DACL. Map to u/g/w - rwx.
Jeremy Allison [Sat, 23 Oct 2010 00:23:13 +0000 (17:23 -0700)]
Fix "force unknown ACL user" to strip out foreign SIDs from POSIX ACLs if they can't be mapped.
Jeremy Allison [Fri, 22 Oct 2010 21:55:52 +0000 (14:55 -0700)]
Add debug message to get_nt_acl_internal() to see what we got.
Jeremy Allison [Fri, 22 Oct 2010 21:54:19 +0000 (14:54 -0700)]
Fix valgrind "uninitialized read" error on "info" when returning !NT_STATUS_OK.
Jeremy Allison [Fri, 15 Oct 2010 21:12:04 +0000 (14:12 -0700)]
Fix bug #7734 - When creating files with "inherit ACLs" set to true, we neglect to apply appropriate create masks.
Jeremy.
(cherry picked from commit
8cad5e23b6e2440a566def6fb138d484e3b47643)
Jeremy Allison [Fri, 15 Oct 2010 20:30:07 +0000 (13:30 -0700)]
Fix bug #7733 - Invalid client DOS attributes on create can cause incorrect unix mode_t to be generated.
It turns out a client can send an NTCreateX call for a new file, but specify
FILE_ATTRIBUTE_DIRECTORY in the attribute list. Windows silently strips this,
but we don't - causing the unix_mode() function to go through the "mode bits
for new directory" codepath, instead of the "mode bits for new file" codepath.
Jeremy.
(cherry picked from commit
92adb686372a9b67e47efb5b051bc351212f1780)
Jeremy Allison [Sat, 23 Oct 2010 00:18:45 +0000 (17:18 -0700)]
Make the vfs_acl_xattr and other modules work with NULL SD's. Fix the "protected" inheritance problem (bleeding up from the POSIX layer).
Jeremy
Jeremy Allison [Sat, 23 Oct 2010 00:11:17 +0000 (17:11 -0700)]
Canonicalize incoming and outgoing ACLs.
Jeremy.
Jeremy Allison [Sat, 23 Oct 2010 00:07:10 +0000 (17:07 -0700)]
Make the posix ACL module cope with a NULL incoming DACL and a missing owner/group.
Jeremy.
Jeremy Allison [Tue, 23 Nov 2010 19:16:31 +0000 (11:16 -0800)]
Fix bug #7785 - atime limit.
On a 64-bit time_t system make MAX_TIME_T the max value that
can be represented in a struct tm. This allows applications to
set times in the future beyond the 32-bit time_t limit (2037).
This is only in source3/configure.in, needs adding to the waf
configure/build system (but I'll need help with that).
Jeremy.
Samba-JP oota [Tue, 23 Nov 2010 16:06:48 +0000 (17:06 +0100)]
s3-docs: Update 3.2 features.
(cherry picked from commit
aa54713615c5d0367528733ff2c3a5650eed96f7)
Jeremy Allison [Thu, 11 Nov 2010 17:44:21 +0000 (09:44 -0800)]
Fix bug #7791 - gvfsd-smb (Gnome vfs) fails to copy files from a SMB share using SMB signing.
The underlying problem is that the old code invoked by cli_write() increments
cli->mid directly when issuing outstanding writes. This should now be done only
in libsmb/clientgen.c to make metze's new signing engine works correctly. Just
deleting this code fixes the problem.
Jeremy.
Jeremy Allison [Fri, 5 Nov 2010 19:13:38 +0000 (12:13 -0700)]
Second part of fix for bug #7777 - When requesting lookups for BUILTIN sids, winbindd allocates new uids/gids in error.
Ensure we return after calling passdb for SID lookups for which we are
authoritative.
Jeremy.
Jeremy Allison [Fri, 5 Nov 2010 19:11:53 +0000 (12:11 -0700)]
First part of fix for bug #7777 - When requesting lookups for BUILTIN sids, winbindd allocates new uids/gids in error.
Ensure idmap_init_passdb_domain() correctly initialized the default
domain first.
Jeremy.
Volker Lendecke [Sat, 6 Nov 2010 20:18:35 +0000 (21:18 +0100)]
s3: Fix bug 7779, crash in expand_msdfs
Volker Lendecke [Wed, 3 Nov 2010 12:08:37 +0000 (13:08 +0100)]
s3: Fix a getgrent crash with many groups
Fix bug #7774.
Jeremy Allison [Wed, 20 Oct 2010 20:58:15 +0000 (13:58 -0700)]
Fix bug #7744 - "dfree cache time" doesn't work.
There is a bug in processing the dfree cache time, which is associated with the
smbd idle timer. The idle timer call conn_idle_all(), which updates the
conn->lastused timestamp. The dfree cache time code in smbd/dfree.c depends on
conn->lastused being up to date to refresh the cached dfree value.
Unfortunately the conn_idle_all() returns early if any of the connection
structs is not idle, never updating any further conn->lastused timestamps. If
(as is common due to an IPC$ connection) there are more than one used
connection struct, then the conn->lastused timestamps after the IPC$ connection
in the connection list will never be updated.
Ensure we always update conn->lastused for all connections when calling
conn_idle_all().
Jeremy.
Jeremy Allison [Wed, 20 Oct 2010 18:22:57 +0000 (11:22 -0700)]
Fix bug #7743 - Inconsistent use of system name lookup can cause a domain joined machine to fail to find users.
Ensure all username lookups go through Get_Pwnam_alloc(), which is the
correct wrapper function. We were using it *some* of the time anyway,
so this just makes us properly consistent.
Jeremy.
Volker Lendecke [Fri, 15 Oct 2010 14:37:47 +0000 (16:37 +0200)]
s3: Fix bug 7730 -- crash in winbindd_dsgetdcname.c
Jeremy Allison [Thu, 7 Oct 2010 21:26:13 +0000 (14:26 -0700)]
Fix bug 7716 - acl_xattr and acl_tdb modules don't store unmodified copies of security descriptors.
As pointed out by an OEM, the code within smbd/posix_acl.c, even though passed
a const pointer to a security descriptor, still modifies the ACE entries within
it (which are not const pointers).
This means ACLs stored in the extended attribute by the acl_xattr module have
already been modified by the POSIX acl layer, and are not the original intent
of storing the "unmodified" ACL from the client.
Use dup_sec_desc to make a copy of the incoming ACL on talloc_tos() - that
is what is then modified inside smbd/posix_acl.c, leaving the original ACL
to be correctly stored in the xattr.
Jeremy.
Volker Lendecke [Sat, 2 Oct 2010 09:50:26 +0000 (11:50 +0200)]
s3: Attempt to fix bug 7665
Quite a few of our internal routines put stuff on talloc_tos() these days.
In top-level netapi routines, properly allocate a stackframe and clean it
again. Also, don't leak memory in the rpccli_ callers onto the libnetapi
context.
Michael Adam [Sun, 31 Oct 2010 00:04:25 +0000 (02:04 +0200)]
s3:librpc/ndr: use new strlen_m_ext_term() in ndr_charset_length(): fix bug #7594
This fixes the calculation of needed space for destination unicode charset.
The last 4 patches address bug #7594 ("wbinfo -u" and "wbinfo -g" gives no
output (log=>ndr_pull_error)).
Stefan Metzmacher [Wed, 25 Aug 2010 08:05:15 +0000 (10:05 +0200)]
librpc/ndr: correctly implement ndr_charset_length()
Before we ignored the charset type.
metze
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Sun, 31 Oct 2010 00:02:16 +0000 (02:02 +0200)]
s3:lib/util_str: add strlen_m_ext_term() - variant of strlen_m_ext() counting terminator
Michael Adam [Mon, 1 Nov 2010 15:28:43 +0000 (16:28 +0100)]
s3:lib/util_str: add strlen_m_ext() that takes the dest charset as a parameter.
Jeremy Allison [Mon, 13 Sep 2010 23:51:59 +0000 (16:51 -0700)]
Fix bug 7409 - Thousands of reduce_name: couldn't get realpath.
Don't log this at level 1 - every EACCES will generate one.
Thanks to muehlfeld@medizinische-genetik.de for pointing this out.
Jeremy.
Karolin Seeger [Fri, 8 Oct 2010 12:36:50 +0000 (14:36 +0200)]
WHATASNEW: Start 3.5.7 release notes.
Karolin
Karolin Seeger [Fri, 8 Oct 2010 12:35:23 +0000 (14:35 +0200)]
VERSION: Bump version number up to 3.5.7.
Karolin
Karolin Seeger [Thu, 7 Oct 2010 16:21:32 +0000 (18:21 +0200)]
WHATSNEW: Update release notes.
Karolin
Volker Lendecke [Sat, 2 Oct 2010 15:07:00 +0000 (17:07 +0200)]
s3: Stop using the write cache after an oplock break
Fix bug #7715 (Setting Samba Write Cache Size Can Cause File Corruption).
Jeremy Allison [Sun, 26 Sep 2010 11:59:31 +0000 (04:59 -0700)]
Fix bug 7694 - Crash bug with invalid SPNEGO token.
Found by the CodeNomicon test suites at the SNIA plugfest.
http://www.codenomicon.com/
If an invalid SPNEGO packet contains no OIDs we crash in the SMB1/SMB2 server
as we indirect the first returned value OIDs[0], which is returned as NULL.
Modified for 3.5.x.
Jeremy.
Karolin Seeger [Wed, 6 Oct 2010 19:24:30 +0000 (21:24 +0200)]
WHATSNEW: Update release notes.
Karolin
Jeremy Allison [Sun, 26 Sep 2010 11:49:29 +0000 (04:49 -0700)]
Fix bug #7698 - Assert causes smbd to panic on invalid NetBIOS session request.
Found by the CodeNomicon test suites at the SNIA plugfest.
http://www.codenomicon.com/
If an invalid NetBIOS session request is received the code in name_len() in
libsmb/nmblib.c can hit an assert.
Re-write name_len() and name_extract() to use "buf/len" pairs and
always limit reads.
(Modified for 3.5.x)
Jeremy.
Volker Lendecke [Sat, 25 Sep 2010 17:56:58 +0000 (10:56 -0700)]
s3: Fix bug 7470
S_IREAD and S_IWRITE are not standard.
Thanks to Joachim Schmitz <schmitz@hp.com> for reporting!
Karolin Seeger [Mon, 27 Sep 2010 20:04:27 +0000 (22:04 +0200)]
WHATSNEW: Update changes since 3.5.5.
Karolin
Volker Lendecke [Sat, 18 Sep 2010 14:37:04 +0000 (07:37 -0700)]
s3: Fix bug 7688, rpcclient command line completion crashing
We've grown more than 100 rpcclient commands by now, so this would overwrite
the array of 100 completions. There's nicer ways to fix this problem, but 1000
rpcclient commands should be at least a bit away.
Karolin Seeger [Sat, 25 Sep 2010 13:21:17 +0000 (15:21 +0200)]
VERSION: Bump version number up to 3.5.6.
Karolin
Karolin Seeger [Sat, 25 Sep 2010 13:20:26 +0000 (15:20 +0200)]
WHATSNEW: Prepare release notes for Samba 3.5.6.
Karolin
Volker Lendecke [Tue, 21 Sep 2010 22:41:23 +0000 (15:41 -0700)]
s3: Remove a global variable in bugfix for bug 7665
Günther Deschner [Tue, 21 Sep 2010 04:05:37 +0000 (21:05 -0700)]
s3-libnetapi: Fix Bug #7665, memory leak in netapi connection manager.
Guenther
(cherry picked from commit
6f47a24bc55be0ea907594a748774675a105b5e3)
Volker Lendecke [Mon, 6 Sep 2010 13:13:48 +0000 (15:13 +0200)]
s3: Fix the charset_pull routine
In the push routine we do the SVAL, so we should do the SSVAL here.
Fix bug #7531 (3.5.3 unusable on solaris 10).
Björn Jacke [Mon, 7 Jun 2010 21:06:28 +0000 (23:06 +0200)]
s3: fix build on platforms without st_blocks and st_blksize stat struct members
This fixes bug 7474.
Jeremy Allison [Wed, 22 Sep 2010 19:26:13 +0000 (12:26 -0700)]
Fix bug #7693 - smbd changing mode of files on rename
When using "map archive", don't change the archive bit on
renames or writes with UNIX extensions turned on.
Jeremy.
Chere Zhou [Tue, 6 Jul 2010 00:18:35 +0000 (17:18 -0700)]
s3:smbd: Align change notify replies on 4-byte boundary
MS-CIFS section 2.2.7.4.2 states this is mandatory. WinXP clients
don't seem to care, but a Win7 client will send an immediate Close()
to the directory handle when receiving an incorrectly aligned
change notify response.
Fix bug #7662 (Change notify replies must be aligned on 4-byte boundary for
Win7.)
Volker Lendecke [Mon, 10 May 2010 10:05:01 +0000 (12:05 +0200)]
libwbclient: Fix a fd-leak at dlclose-time
__attribute__((destructor)) makes winbind_close_sock() being called at
dlclose() time.
Found while testing apache on Linux with mod_auth_pam.
Other platforms will have to find a different fix. One possibility would be to
always close the socket after each operation, but this badly sucks
performance-wise.
Fix bug #7684 (fd leak in libwbclient.so).
Jeremy Allison [Thu, 9 Sep 2010 13:54:23 +0000 (15:54 +0200)]
Fix bug #7669.
Fix bug #7669 (buffer overflow in sid_parse() in Samba3 and dom_sid_parse in
Samba4).
CVE-2010-3069:
===========
Description
===========
All current released versions of Samba are vulnerable to
a buffer overrun vulnerability. The sid_parse() function
(and related dom_sid_parse() function in the source4 code)
do not correctly check their input lengths when reading a
binary representation of a Windows SID (Security ID). This
allows a malicious client to send a sid that can overflow
the stack variable that is being used to store the SID in the
Samba smbd server.
A connection to a file share is needed to exploit this
vulnerability, either authenticated or unauthenticated
(guest connection).
(cherry picked from commit
a34c3e999bb1ea61da31c5b3e845b19663039358)
Karolin Seeger [Wed, 15 Sep 2010 18:52:40 +0000 (20:52 +0200)]
WHATSNEW: Start release notes for 3.5.5.
Karolin
(cherry picked from commit
28f6e4144b092bd21f49ca989d36df19ce002231)
(cherry picked from commit
160cbf1d242617409977e87d12f4871625052d4d)
Günther Deschner [Thu, 3 Jun 2010 14:30:55 +0000 (16:30 +0200)]
s3-spoolss: add and use spoolss_printerinfo2_to_setprinterinfo2().
This fixes some invalid typecasts.
Guenther
The last 3 patches address bug #7658 (fix some "dereferencing type-punned
pointer will break strict-aliasing rules" warnings).
Günther Deschner [Mon, 10 May 2010 12:44:30 +0000 (14:44 +0200)]
s3-rpcclient: fix two more invalid typecasts in spoolss commands.
Guenther
(cherry picked from commit
83736066a3f94eaadb422016c9f22cb18bec2cd7)
Günther Deschner [Tue, 25 May 2010 10:43:00 +0000 (12:43 +0200)]
s3-net: fix a "dereferencing type-punned pointer will break strict-aliasing rules" warning.
Guenther
(cherry picked from commit
f12028a3fd5c64bc8e13996cb9a18a19ec0929e0)
Volker Lendecke [Fri, 27 Aug 2010 12:44:16 +0000 (14:44 +0200)]
s3: Cache results of finding printer names
With hundreds of printers or on a slow machine, this can become expensive.
Problem reported and patch sponsored by DESY, Hamburg (www.desy.de)
Fix bug #7656 (Scalability problem with hundreds of printers).
Jeremy Allison [Thu, 26 Aug 2010 23:49:21 +0000 (16:49 -0700)]
Fix bug #7651 - mknod and mkfifo fails with "No such file or directory"
Ensure we check the correct stat struct once we've created the
special fix. Thanks to izh1979@gmail.com for pointing out the
bug.
Jeremy.
Günther Deschner [Mon, 23 Aug 2010 14:02:23 +0000 (16:02 +0200)]
s3-dcerpc: avoid talloc_move on schannel creds in cli_rpc_pipe_open_schannel_with_key().
Initially, the schannel creds were talloc memduped, then, during the netlogon
creds client merge (
baf7274fed2f1ae7a9e3a57160bf5471566e636c) they were first
talloc_referenced and then later (
53765c81f726a8c056cc4e57004592dd489975c9)
talloc_moved.
The issue with using talloc_move here is that users of that function in winbind
will only be able to have two schanneled connections, as the cached schannel
credentials pointer from the netlogon pipe will be set to NULL. Do a deep copy
of the struct instead.
Guenther
(cherry picked from commit
898c6123355a3a11ec17f0396c4cb3018c75c184)
Jeremy Allison [Mon, 23 Aug 2010 20:05:56 +0000 (13:05 -0700)]
Final part of fix for bug #7636 - winbind internal error, backtrace.
Ensure cm_get_schannel_creds() returns NTSTATUS.
Jeremy.
(cherry picked from commit
33060f67be100836d381a74bced351c6579cc58d)
Björn Jacke [Thu, 12 Aug 2010 14:18:45 +0000 (16:18 +0200)]
s3: fall back to cups-config for underlinked libs
some OpenBSD systems have underlinked cups libraries. If linking against cups
alone fails, try to link against all the cups-config --libs cruft, which we
usually don't want. (bugzila #7244)
(cherry picked from commit
616e187d68e3e7b202413a96518b31d029e9563a)
Volker Lendecke [Sat, 21 Aug 2010 09:32:58 +0000 (11:32 +0200)]
s3: Fix bug 7635
smbclient -M not sending due to NT_STATUS_PIPE_BROKEN
Jeremy Allison [Thu, 29 Jul 2010 20:44:35 +0000 (13:44 -0700)]
Fix bug #7589 - ntlm_auth fails to use cached credentials.
In handling the WINBINDD_PAM_AUTH message winbindd canonicalizes a *copy*
of the mapped username, but fails to canonicalize the actual username
sent to the backend domain process. When "winbind default domain"
is set this can lead to credentials being cached with an index of
user: user, not DOMAIN\user. All other code paths that use
canonicalize_username() (WINBINDD_PAM_CHAUTHTOK, WINBINDD_PAM_LOGOFF)
correctly canonicalize the data sent to the backend. All calls
the can cause credentials to be looked up (PAM_CHAUTHTOK etc.)
correctly call canonicalize_username() to create the credential
lookup key.
Jeremy.
Jeremy Allison [Fri, 13 Aug 2010 00:02:30 +0000 (17:02 -0700)]
Fix bug 7581 - Users in "admin users" in smb.conf file are unable to read/write all files when the acl_xattr vfs module is used.
Correctly check admin users in smb1_file_se_access_check().
Jeremy.
Jim McDonough [Mon, 23 Aug 2010 09:13:06 +0000 (11:13 +0200)]
s3-printing: fix BUG 7280 - auto printers not loading with registry config
Jeremy Allison [Tue, 27 Jul 2010 08:54:01 +0000 (01:54 -0700)]
Fix bug 7590 - offline login fails because winbind deletes cache on every startup.
Sync lib/tdb_validate.c with the change in current master.
Change tdb_validate_open() to always use O_RDWR instead of O_RDONLY,
as (from the bug report): "db_check() will always return failure for a read-only database.
Silently, without any log output, when _tdb_lockall() fails."
Jeremy.
Stefan Metzmacher [Mon, 9 Aug 2010 09:26:59 +0000 (11:26 +0200)]
rerun: make samba3-idl
metze
Stefan Metzmacher [Thu, 5 Aug 2010 08:04:57 +0000 (10:04 +0200)]
pidl: Samba3/ClientNDR - Correctly copy arrays, if r.out.size < r.in.size.
metze
Signed-off-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
33d1879d5b50e2d98c1bb13b835e7cfb178e3336)
(cherry picked from commit
d1e92cd2944983ecabd0511ff7c8221c1033a3a8)
Fixes bug #7607.
Jeremy Allison [Thu, 12 Aug 2010 21:24:01 +0000 (14:24 -0700)]
Fix bug #7617 - smbd coredump due to uninitialized variables in the performance counter code.
In the file rpc_server.c, function _winreg_QueryValue()
uint8_t *outbuf
Should be :
uint8_t *outbuf = NULL;
As it is later freed by
if (free_buf) SAFE_FREE(outbuf);
in some cases, this frees the unintialized outbuf, which causes a coredump.
(cherry picked from commit
84fd910c347ddfad6f01edbe7f6e25546c8382ee)
Günther Deschner [Mon, 9 Aug 2010 12:31:24 +0000 (14:31 +0200)]
s3-winbind: Fix Bug #7568: Make sure cm_connect_lsa_tcp does not reset the secure channel.
This is an important fix as the following could and is happening:
* winbind authenticates a user via schannel secured netlogon samlogonex call,
current secure channel cred state is stored in winbind state, winbind
sucessfully decrypts session key from the info3
* winbind sets up a new schannel ncacn_ip_tcp lsa pipe (and thereby resets the
secure channel on the dc)
* subsequent samlogonex calls use the new secure channel creds on the dc to
encrypt info3 session key, while winbind tries to use old schannel creds for
decryption
Guenther
(cherry picked from commit
be396411a4e1f3a174f8a44b6c062d834135e70a)
(cherry picked from commit
afe0e73b7bb640428396c9f40dbbcba5c311fcd9)
Jeremy Allison [Tue, 27 Jul 2010 08:05:16 +0000 (10:05 +0200)]
s3: Fix bug 7578
'net idmap restore' fails to set HWM, causing duplicates
Jeremy Allison [Tue, 27 Jul 2010 06:45:46 +0000 (08:45 +0200)]
s3-libsmb: Fix bug #7577.
SPNEGO auth fails when contacting Win7 system using Microsoft Live Sign-in
Assistant.
Jeremy Allison [Tue, 27 Jul 2010 06:40:58 +0000 (08:40 +0200)]
s3-libsmb: Fix bug #7583.
Smbclient fails to kerberos connect to a Alfresco JLAN
CIFS Server.
Andrew Tridgell [Thu, 10 Dec 2009 00:22:20 +0000 (11:22 +1100)]
librpc: split out a separate GUID_from_ndr_blob() function
This will simplify many of the places that deal with NDR formatted
GUIDs
(cherry picked from commit
effff544265c63c95cf630d426b630bfe4d25aec)
This patch is part of a fix for bug #7538 (Backport fixes for
GUID_from_data_blob).
Volker Lendecke [Sun, 4 Jul 2010 08:01:42 +0000 (10:01 +0200)]
s3: Fix bug 7336: Enable idmap_passdb module build as shared
(cherry picked from commit
8c0fbc410798512b7a4b7db73bcb24cde6fa7849)
Günther Deschner [Thu, 1 Jul 2010 11:58:56 +0000 (13:58 +0200)]
s3-printing: Fix Bug #7541, %D in "printer admin" causing smbd crash.
Guenther
Andreas Schneider [Mon, 28 Jun 2010 19:00:30 +0000 (21:00 +0200)]
s3-librpc: Fixed GUID_from_data_blob() with length of 32.
If we hit the case that the blob length is 32. The code goes to the end
of the function and generates a GUID with garbage.
So try to convert the blob to the GUID and return.
Fix bug #7538 (Backport fixes for GUID_from_data_blob).
Karolin Seeger [Thu, 24 Jun 2010 06:15:24 +0000 (08:15 +0200)]
WHATSNEW: Start release notes for 3.5.5.
Karolin
Karolin Seeger [Thu, 24 Jun 2010 06:13:33 +0000 (08:13 +0200)]
VERSION: Bump version number up to 3.5.5.
Karolin
Karolin Seeger [Mon, 21 Jun 2010 08:30:25 +0000 (10:30 +0200)]
s3-docs: Add missing whitespace.
Karolin
(cherry picked from commit
2352538362977e456e8d05783f2732ff650cea41)
Karolin Seeger [Fri, 18 Jun 2010 11:59:30 +0000 (13:59 +0200)]
WHATSNEW: Update changes since 3.5.3.
Karolin
Günther Deschner [Wed, 16 Jun 2010 15:08:36 +0000 (17:08 +0200)]
s3-docs: Fix some of ntlm_auth ntlm-server-1 protocol documentation.
Guenther
(cherry picked from commit
cfb67b1a169350a8316532eb5d53de4a3f2bacb3)
Björn Jacke [Wed, 16 Jun 2010 21:36:38 +0000 (23:36 +0200)]
s3:configure: use cc for linking on IRIX and fix shlib usage
The last two patches address bug #7504 (numerous build glitches to be fixed).
Björn Jacke [Wed, 3 Feb 2010 22:28:38 +0000 (23:28 +0100)]
s3:vfs_scannedonly: fix a build issue on IRIX and HP-UX
this is a cherry-pick of
ae95e8028c294ee1e2dc66a7a62d006572142629
Olaf Flebbe [Tue, 25 May 2010 11:22:56 +0000 (13:22 +0200)]
check if LD_AS_NEEDED breaks linking with libreadline fixes #7209
Signed-off-by: Simo Sorce <idra@samba.org>
(cherry picked from commit
7aa8af144efc6d57f33b90ac856096aa7089468d)
Günther Deschner [Wed, 16 Jun 2010 12:18:45 +0000 (14:18 +0200)]
s3-auth: in make_user_info_for_reply_enc make sure to check length and data pointer of nt and lm hash.
This fixes kernel cifs client with sec=ntlmv2.
Guenther
(cherry picked from commit
b4364add896d1657263a66c55d867d28bf5ceb1b)
Fix bug #7517 (session setup from linux kernel cifs client fails with
sec=ntlmv2).
Günther Deschner [Fri, 23 Apr 2010 00:34:43 +0000 (02:34 +0200)]
s3-spoolss: fix some crash bugs and missing error codes in AddDriver paths.
Found by torture test.
Guenther
(cherry picked from commit
413ffe9adb8eea488133da0249dcb2eca08fd69d)
Addresses bug #7459 (after upgrade to samba 3.4 and 3.5 lose ability to control duplex
for normal domain user).
Björn Jacke [Wed, 16 Jun 2010 11:48:53 +0000 (13:48 +0200)]
s3:Makefile: fix a typo in flag variable name
This is the backport of
60cba59ff8ee75e3d476c1b293ca2f545b7f9e49 and fixes
another build error on AIX.
see also bug #7504 (numerous build glitches to be fixed)
Björn Jacke [Wed, 12 May 2010 17:05:37 +0000 (19:05 +0200)]
s3:build: remove CFLAGS from Solaris LDSHFLAGS, SHLD has them already
The last 9 patches address bug #7504 (numerous build glitches to be fixed).
Björn Jacke [Sun, 30 May 2010 22:26:01 +0000 (00:26 +0200)]
s3: final test for working shlib support requires PICFLAG
Björn Jacke [Sun, 30 May 2010 21:50:48 +0000 (23:50 +0200)]
s3: use autoconf macro to get some debug output in config.log
Björn Jacke [Fri, 28 May 2010 23:40:21 +0000 (01:40 +0200)]
s3: fix check for pie compiler flags
some compilers (HP and Sun e.g.) output warning messages on stderr for unknown
options and we ended up partly using some unwanted random compile flags we
did't intend to use.
Björn Jacke [Fri, 28 May 2010 23:39:16 +0000 (01:39 +0200)]
s3: add m4 macro to check if stderr is empty or not
Björn Jacke [Mon, 24 May 2010 21:28:44 +0000 (23:28 +0200)]
s3:configure: add Werror_FLAGS for IBM's xlc
Björn Jacke [Wed, 26 May 2010 15:22:24 +0000 (17:22 +0200)]
s3:Makefile: add missing linker flags for smbfilter
this should fix the AIX build
Björn Jacke [Mon, 24 May 2010 10:21:40 +0000 (12:21 +0200)]
s3:Makefile: position independency is also needed for shared libs
Björn Jacke [Sat, 22 May 2010 14:48:16 +0000 (16:48 +0200)]
s3:build: don't use pieflags twice - ldflags already have them
Björn Jacke [Mon, 24 May 2010 21:34:00 +0000 (23:34 +0200)]
s3:configure: turn "error warnings" into errors
By default "Missing argument(s)" is just an "error warning" for xlc :-)
The change to turn "error warnings" into errors should fix bug #7427.
(cherry picked from commit
ff0872d59d78ad42212c88313ef924ea4eb7a8a1)
Fix bug #7427 (Using IBM xl_C compiler produces wrong results in configure).
Björn Jacke [Wed, 9 Jun 2010 13:24:26 +0000 (15:24 +0200)]
s3: fix calculation of st_blocks in streams_xattr
Thanks to Joachim Schmitz for finding that miscalculation.
(cherry picked from commit
6a6bb768c6542d738a8b2b6da282159a65ed611d)
Fix bug #7503 (vfs_stream_xattr calculates st_blocks wrong).
Volker Lendecke [Thu, 10 Jun 2010 13:40:14 +0000 (15:40 +0200)]
s3: Fix EnumDomainAliases when no aliases are in LDAP
We used to return NT_STATUS_ACCESS_DENIED, now we just return 0 entries, just
like W2k8 does.
usrmgr.exe was pretty unhappy with the NT_STATUS_ACCESS_DENIED
(cherry picked from commit
f66cc827096c53d4d16b8c850c83a3b5664e9725)
Fix bug #7262 (Unable to maintain users' groups via UsrMgr).
Michael Adam [Thu, 10 Jun 2010 09:56:15 +0000 (11:56 +0200)]
s3:pdb_ldap: fix bug 7507 - init_sam_from_ldap stores group in sid2uid cache
(cherry picked from commit
ba809ecb8ab217e4376bf75d2300e146b62b88eb)
Volker Lendecke [Tue, 16 Mar 2010 20:03:34 +0000 (21:03 +0100)]
s3: Fix bug 7253
acct_ctrl is 32 bit in LOGIN_CACHE, but "w" as a format specifier for
tdb_unpack only writes 16 bits. Okay on x86, not okay on Solaris.
Thanks to Vladimir.Marek@Sun.COM!
Volker