Karolin Seeger [Tue, 23 Jun 2009 09:35:13 +0000 (11:35 +0200)]
VERSION: Raise version number up to 3.3.6.
Karolin
Karolin Seeger [Tue, 23 Jun 2009 09:33:44 +0000 (11:33 +0200)]
WHATSNEW: Update changes since 3.3.5.
Karolin
Jeremy Allison [Fri, 19 Jun 2009 09:00:41 +0000 (11:00 +0200)]
Bug 6488: acl_group_override() call in posix acls references an uninitialized variable.
(cherry picked from commit
f92195e3a1baaddda47a5d496f9488c8445b41ad)
Karolin Seeger [Tue, 16 Jun 2009 09:49:54 +0000 (11:49 +0200)]
s3/docs: Fix typo.
Karolin
(cherry picked from commit
6e45c21384b8845422967ff1fa46e48de9fee1ab)
Karolin Seeger [Mon, 15 Jun 2009 13:08:43 +0000 (15:08 +0200)]
WHATSNEW: Fix typo.
Karolin
(cherry picked from commit
acde34bc7d5b038f5965acc0fccaff6f7658f3d5)
Karolin Seeger [Mon, 15 Jun 2009 12:31:04 +0000 (14:31 +0200)]
WHATSNEW: Update changes since 3.3.4.
Karolin
(cherry picked from commit
80e7638aed61cc908e7d658d208d1925ff16247c)
Andreas Schneider [Mon, 15 Jun 2009 10:22:58 +0000 (12:22 +0200)]
Fix the section of the pam_winbind manpage.
Signed-off-by: Andreas Schneider <mail@cynapses.org>
(cherry picked from commit
2f2ef4afae99eadb2b546319aa915f6391acce40)
Andreas Schneider [Mon, 15 Jun 2009 10:21:07 +0000 (12:21 +0200)]
Move pam_winbind to the right manpage section (8).
Signed-off-by: Andreas Schneider <mail@cynapses.org>
(cherry picked from commit
59ab1574e41993d24733affbca07d3f7da245fc7)
(cherry picked from commit
d547aab1511c72e1cab034e2945f6ad63bda6659)
(cherry picked from commit
c9b89676983c5fd0ec12df121fc5d9e06facdd80)
Andreas Schneider [Mon, 15 Jun 2009 10:16:49 +0000 (12:16 +0200)]
Dcoument the PAM data exports in the pam_winbind manpage.
Signed-off-by: Andreas Schneider <mail@cynapses.org>
(cherry picked from commit
1809ff4b2339bd3066532abccea0944da45edf64)
(cherry picked from commit
5d2dfba6d1699c6e417cc21233a1cc871f3c0ad1)
(cherry picked from commit
282682c989a8008de5f8d30c48c9a740b315a230)
Andreas Schneider [Mon, 15 Jun 2009 10:16:15 +0000 (12:16 +0200)]
Document the try_first_pass option in the pam_winbind manpage.
Signed-off-by: Andreas Schneider <mail@cynapses.org>
(cherry picked from commit
779eea49de3f53040fe792de4b74b73a0c51ecb3)
(cherry picked from commit
24d6f697844bc85a03c047e5470abcfdd53735a2)
(cherry picked from commit
2ed85b0ebfc50cad847050cc6b5269c470956ea3)
Andreas Schneider [Mon, 15 Jun 2009 10:15:26 +0000 (12:15 +0200)]
Add a synopsis section to the pam_winbind manpage.
Signed-off-by: Andreas Schneider <mail@cynapses.org>
(cherry picked from commit
24f9f32fedb92f881658db856db15173e57af0bd)
(cherry picked from commit
55df96313c5b966f41b0b5c426cf6a420cafa855)
(cherry picked from commit
f738862d9f419fec27c9fb15c880a452aff333d9)
Jeremy Allison [Mon, 15 Jun 2009 08:43:27 +0000 (10:43 +0200)]
Revert the extra SAMR and LSA checks.
These were added between 3.2.4 and 3.2.5 that have caused users problems.
This fixes among others bug #6089 and #6112.
(cherry picked from commit
bd2f3695c117773032e16958a0266d0d1e75defe)
Karolin Seeger [Mon, 15 Jun 2009 06:33:22 +0000 (08:33 +0200)]
s3/libsmb: Fix debug message.
This fixes bug #6472.
Karolin
Signed-off-by: Volker Lendecke <vl@samba.org>
Was commit
f92269a6 in master.
(cherry picked from commit
7108ebb87902f3b5d2c43ba95d557278ad8e120f)
Jeremy Allison [Fri, 12 Jun 2009 13:41:20 +0000 (15:41 +0200)]
Fix bug #6297 - owner of sticky directory cannot delete files created by others. The reason we couldn't delete was we were erroring out early if requestor was not the owner of the file we wanted to delete, instead of checking if the requestor owned the directory as well. If either of these is true, we must go on and check the ACL. Karolin, this is a must for 3.4.0 and also 3.3.next. I'll update the bug report with patches for 3.4.0 and 3.3.next and ask vl to review. Jeremy.
(cherry picked from commit
966a51da8998cfd15875ba047b7f765c84b914dd)
Karolin Seeger [Fri, 12 Jun 2009 08:15:51 +0000 (10:15 +0200)]
WHATSNEW: Attach older 3.3 release notes.
Karolin
(cherry picked from commit
adbba72c332b59f4ffe87cb25c5ec7f8d90148dc)
Günther Deschner [Sun, 7 Jun 2009 09:23:09 +0000 (11:23 +0200)]
s3-groupdb: fix enum_aliasmem in ldb branch.
It is totally valid to have an alias with no members.
This fixes bug #6465.
Tridge, please check.
Found by RPC-SAMR torture test.
Guenther
(cherry picked from commit
d7b749b056a667f0b180d6d5198faca9b0a69fea)
Günther Deschner [Thu, 11 Jun 2009 22:46:38 +0000 (00:46 +0200)]
s3-docs: Fix Bug #4280. Shutdown scripts are called as root for privileged users.
GUenther
(cherry picked from commit
3938d1e5fa1996f64e92d33d6893bab620d16b23)
(cherry picked from commit
0491f038403036814acf6eacc7bb742345bbe27b)
(cherry picked from commit
d4b57dab0beada704fcbeae86ae5b5dd257030a0)
Karolin Seeger [Wed, 10 Jun 2009 15:25:07 +0000 (17:25 +0200)]
VERSION: Raise version number up to 3.3.5.
Karolin
(cherry picked from commit
48b5d16c39b60c0fb6db60780bc36eaa8ef2506c)
Karolin Seeger [Wed, 10 Jun 2009 15:16:42 +0000 (17:16 +0200)]
WHATSNEW: Update changes since 3.3.4.
Karolin
(cherry picked from commit
95550d2e69848089172c00798b9b50ea4e56dd48)
Karolin Seeger [Wed, 10 Jun 2009 06:39:35 +0000 (08:39 +0200)]
s3/docs: Fix typos.
Fix typos reported by OPC oota <t-oota [at] dh.jp.nec.com>.
Thanks!
Karolin
(cherry picked from commit
ad0d8032068fc9b920e205d3f5f923174101d777)
(cherry picked from commit
b7d54f443ade79d3f2b71aa138fd5254754bb750)
(cherry picked from commit
cec179962a833771b9fdba3ba747b571ef27ace6)
Volker Lendecke [Mon, 8 Jun 2009 08:05:11 +0000 (10:05 +0200)]
Further fix for 6449
Thanks to TAKAHASHI Motonobu <monyo@samba.gr.jp> for reporting!
(cherry picked from commit
aa03326fe523e9bc85e6db276f94e9d04aaf009d)
Volker Lendecke [Mon, 8 Jun 2009 07:45:21 +0000 (09:45 +0200)]
Fix bug 6449
Thanks to TAKAHASHI Motonobu <monyo@samba.gr.jp> for reporting!
(cherry picked from commit
a956e36ceb22072cd4ea755ce9b4457896af4b14)
Volker Lendecke [Sat, 6 Jun 2009 19:43:53 +0000 (21:43 +0200)]
Fix bug 6441 -- fix the compile with --enable-dnssd
The server side of dnssd has been replaced with native avahi support. The code
is only left in in case some OS/X fan wants to revive it, and the client-side
has not been converted yet.
Fix the build of the server side by removing the #ifdef
(cherry picked from commit
8b8336a115b73eb99cd1f9a8d1286df713ec53c3)
Karolin Seeger [Sat, 6 Jun 2009 13:56:47 +0000 (15:56 +0200)]
s3/docs: Fix example.
The 'ldap suffix' is not added automatically to the 'ldap admin dn'.
This fixes bug #5584.
Thanks to Stefan Bauer <stefan.bauer [at] plzk.de> for reporting!
Karolin
(cherry picked from commit
0fee798552038b730b0107540d6cfeb475803555)
(cherry picked from commit
629e7aa91a33a5428676d8f6eeac19ea9fec14d6)
(cherry picked from commit
01acd8d9277362ae3c0e92963f66e7af3202b84d)
Volker Lendecke [Thu, 12 Mar 2009 16:23:17 +0000 (17:23 +0100)]
Fix bug 6157
This patch picks the alphabetically smallest one of the multi-value attribute
"uid". This fixes a regression against 3.0 and also becomes deterministic.
(cherry picked from commit
47333fc8785457239a499a298536664f152b681d)
Karolin Seeger [Sat, 6 Jun 2009 13:10:08 +0000 (15:10 +0200)]
s3/passdb: Fix debug message: 'net setmaxrid' does not exist.
This is aiming bug #6351.
Karolin
(cherry picked from commit
c94d1cd7b1dc3ff99ae5a1eb9058ed6015fb9749)
(cherry picked from commit
11ed212591d612632fcb47f1eac10507b89ffdec)
Günther Deschner [Mon, 25 May 2009 12:05:18 +0000 (14:05 +0200)]
s3-samr: Fix Bug #6372, usermanager only displaying 1024 groups and aliases.
This is now also verified with the RPC-SAMR-LARGE-DC test.
Guenther
(cherry picked from commit
fca7dce1a908570e463ddcbd663955fcafd1d843)
(cherry picked from commit
f3bf1eebe1cb74aa9ed2d00b823c90c6ed743980)
Karolin Seeger [Fri, 5 Jun 2009 13:35:05 +0000 (15:35 +0200)]
Jeremy Allison [Sat, 30 May 2009 09:30:16 +0000 (11:30 +0200)]
Simplify the dropbox patch
(cherry picked from commit
f9ea09b61a46136fc55314e2e1cd2e9cfb362802)
Volker Lendecke [Wed, 13 May 2009 13:46:35 +0000 (15:46 +0200)]
Re-Add the "dropbox" functionality with -wx rights on a directory
(cherry picked from commit
f586b209b0216150f07bcc998c0d57e0d179b8ee)
Karolin Seeger [Fri, 29 May 2009 07:49:49 +0000 (09:49 +0200)]
s3/docs: Fix typo.
This fixes bug #4341.
Thanks to Michael Cartmell <michael.cartmell [at] thomson.com> for reporting!
Karolin
(cherry picked from commit
2228cc6a0f942b774bef7fb0b99009897fa4dff4)
(cherry picked from commit
e1b1f14e0260395a8d452ea0a129bcc9bb3f98cc)
(cherry picked from commit
de156e6ee292ad7fc683d681d7c4b44edba67626)
Michael Adam [Wed, 27 May 2009 17:12:28 +0000 (19:12 +0200)]
s3:idmap_tdb: filter out of range mappings in default idmap config
This fixes bug #6415
Michael
(cherry picked from commit
3d3f39838261ddc401053dadcc5bd8e6317a3a8e)
(cherry picked from commit
307c73ce8bc29803230c22e3f8abd579c5d90ba2)
Michael Adam [Wed, 27 May 2009 17:25:44 +0000 (19:25 +0200)]
s3:idmap_ldap: filter out of range mappings in default idmap config
This fixes bug #6417
Michael
(cherry picked from commit
e381c13b023f2b512b3f6aec133db9f323bc8132)
(cherry picked from commit
06cab60eb0ba966174f493fcbe25bede0c5d2125)
Michael Adam [Wed, 27 May 2009 17:24:03 +0000 (19:24 +0200)]
s3:idmap_tdb2: filter out of range mappings in default idmap config
This fixes bug #6416
Michael
(cherry picked from commit
e12670a1053edf57af137026bd3fdb9fc7dfb0b2)
(cherry picked from commit
a74cb0ca04d61df6f01f3d737e52a8b7349d5a73)
Marc VanHeyningen [Tue, 5 May 2009 22:07:40 +0000 (22:07 +0000)]
s3: zero an uninitialized array
Invalid pointers were being dereferenced in lookup_sids causing
occasional seg faults.
Signed-off-by: Tim Prouty <tprouty@samba.org>
(cherry picked from commit
34ca12c9396f7c8475cd1525bdbc40021b0e533f)
Karolin Seeger [Wed, 27 May 2009 16:10:49 +0000 (18:10 +0200)]
s3/docs: Correct version number.
Karolin
(cherry picked from commit
7e4682d0b54ba85c7366e7232b148a594718f7cf)
Volker Lendecke [Sun, 24 May 2009 16:57:13 +0000 (18:57 +0200)]
Fix a race condition in winbind leading to a panic
In winbind, we do multiple events in one select round. This needs fixing, but
as long as we're still using it, for efficiency reasons we need to do that.
What can happen is the following: We have outgoing data pending for a client,
thus
state->fd_event.flags == EVENT_FD_WRITE
Now a new client comes in, we go through the list of clients to find an idle
one. The detection for idle clients in remove_idle_client does not take the
pending data into account. We close the socket that has pending outgoing data,
the accept(2) one syscall later gives us the same socket.
In new_connection(), we do a setup_async_read, setting up a read fde. The
select from before however had found the socket (that we had already closed!!)
to be writable. In rw_callback we only want to see a readable flag, and we
panic in the SMB_ASSERT(flags == EVENT_FD_READ).
Found using
bin/smbtorture //127.0.0.1/tmp -U% -N 500 -o 2 local-wbclient
Volker
(commit
68c5c6df in master)
(cherry picked from commit
c9df9c68da21610d9c32a57e24f45d36ebe432c5)
Karolin Seeger [Mon, 25 May 2009 08:50:23 +0000 (10:50 +0200)]
s3/docs: Fix typos.
Thanks to Oota Toshiya <t-oota at dh.jp.nec.com> for reporting!
Karolin
(cherry picked from commit
f3df38362cc15211d9fca8229a0f9d9fc9c8e481)
(cherry picked from commit
7434898b10a5c5780bd015b7bdca3eaa7a2b5475)
Volker Lendecke [Wed, 20 May 2009 15:45:47 +0000 (17:45 +0200)]
Fix bug 6382: Case insensitive access to DFS links broken
(cherry picked from commit
fda54237e8a4a87086a670499273c1402d1cd02b)
Karolin Seeger [Tue, 19 May 2009 11:42:16 +0000 (13:42 +0200)]
s3/docs: Fix shutdown script example.
This fixes bug #5897. Thanks to TAKAHASHI Motonobu
<monyo [at] samba.gr.jp> for reporting and providing the example!
Karolin
(cherry picked from commit
f741b90ee8f74077871a0b5d1df55c0dd34a313f)
(cherry picked from commit
1653bbf50b02e4f4dc2f01c5dab32c1cc4894582)
Jeremy Allison [Thu, 7 May 2009 19:53:31 +0000 (12:53 -0700)]
s3-auth: use full 16byte session key in make_user_info_netlogon_interactive().
Patch from Jeremy.
With this patch, I was able to join Windows 7 RC to a Samba3 DC, and login into a
Samba 3 Domain.
There are still two registry settings required:
HKLM\System\CCS\Services\LanmanWorkstation\Parameters
DWORD DomainCompatibilityMode = 1
DWORD DNSNameResolutionRequired = 0
Do *not* modify the other netlogon registry parameters that were passed around,
they weaken security.
Guenther / Jeremy.
(cherry picked from commit
0da133101ab149b074ab369d819fc48b7c95bf71)
Guenther Deschner [Thu, 7 May 2009 19:53:00 +0000 (12:53 -0700)]
s3-credentials: protect netlogon_creds_server_step() against NULL creds.
Found by SCHANNEL torture tests.
Guenther
(cherry picked from commit
339b99e31577d8a522711f84bc7d94e88c75d334)
Jeremy Allison [Thu, 7 May 2009 19:52:35 +0000 (12:52 -0700)]
After getting confirmation from Guenther, add 3 changes we'll ultimately need to fix bug #6099 Samba returns incurrate capabilities list. 1). Add a comment to point out that r->in.negotiate_flags is an aliased pointer to r->out.negotiate_flags. 2). Ensure we return NETLOGON_NEG_STRONG_KEYS in our flags return if the client requested it. 3). Clean up the error exits so we always return the same way. Signed off by Guenther. Jeremy.
(cherry picked from commit
41f9e61d7c8c106a98792e9009bbecf5edfcebe9)
Guenther Deschner [Thu, 7 May 2009 19:52:10 +0000 (12:52 -0700)]
s3-netlogon: Fix NETLOGON credential chain. Fixes Bug #6099 (Windows 7 joining Samba3) and probably many, many more.
Jeremy, with
9a5d5cc1db0ee60486f932e34cd7961b90c70a56 you alter the in negotiate
flags (which are a pointer to the out negotiate flags assigned in the generated
netlogon server code). So, while you wanted to just set the *out* negflags, you
did in fact reset the *in* negflags, effectively eliminating the
NETLOGON_NEG_STRONG_KEYS bit (formerly known as NETLOGON_NEG_128BIT) which then
caused creds_server_init() to generate 64bit creds instead of 128bit, causing
the whole chain to break. *Please* check.
Guenther
(cherry picked from commit
1f05472b9a27861f8e4b9b60410890b920f9d359)
Volker Lendecke [Fri, 15 May 2009 19:02:08 +0000 (21:02 +0200)]
Fix bug 6361: Make --rcfile work in smbget
Thanks to j scott <gl@arlut.utexas.edu> for reporting!
(cherry picked from commit
2238f7eede55fe780630df70b712fad7ebc95c76)
Volker Lendecke [Wed, 15 Apr 2009 11:01:09 +0000 (13:01 +0200)]
Do not use the file system GET_REAL_FILENAME for mangled names
(cherry picked from commit
5ed457f984c093642afde854715b3792524e0798)
Karolin Seeger [Fri, 15 May 2009 13:25:30 +0000 (15:25 +0200)]
Revert "Do not use the file system GET_REAL_FILENAME for mangled names"
This reverts commit
5a5dcd125fe236ddd93a6e56ae361fc84e306185.
(cherry picked from commit
79003837947882c4a62490c0eff7984f7c343807)
Björn Jacke [Thu, 7 May 2009 15:50:34 +0000 (17:50 +0200)]
s3/ldap: also handle DirX return codes
this is a backport of
f238809d236443b8968e1b4b197a55935c7c7e85 from master
(cherry picked from commit
1b040289f14bb22d3b6ab07a452236549d6c9bf6)
Michael Adam [Wed, 6 May 2009 00:08:33 +0000 (02:08 +0200)]
s3:loadparm: handle registry config source in file_list - fixes bug #6320
I.e. does not require smbd restart after changing share default options
in the global registry section with "include = registry".
Michael
This was commit
4842e45d59 in master.
(cherry picked from commit
a72e409bd1b9a9d91bd7311417d7175a64aa39b0)
Stefan Metzmacher [Fri, 8 May 2009 12:33:49 +0000 (14:33 +0200)]
s3:smbd: fix posix acls when setting an ACL without explicit ACE for the owner (bug#2346)
The problem of bug #2346 remains for users exported by
winbindd, because create_token_from_username() just fakes
the token when the user is not in the local sam domain. This causes
user_in_group_sid() to give totally wrong results.
In uid_entry_in_group() we need to check if we already
have the full unix token in the current_user struct.
If so we should use the current_user unix token,
instead of doing a very complex user_in_group_sid()
which doesn't give reliable results anyway.
metze
(cherry picked from commit
b79eff843be392f3065e912edca1434081d93c44)
(cherry picked from commit
cb5c72c0a05a78ff1b86eb02cf5ecd3d7d69623d)
Jeremy Allison [Fri, 8 May 2009 18:31:34 +0000 (11:31 -0700)]
Fix bug #6330 - DFS doesn't work on AIX. Jeremy.
This was commit
3d6f4a7af in master.
(cherry picked from commit
c66b3807a356655d1d4e351502cad939f4d1d101)
Karolin Seeger [Wed, 13 May 2009 08:07:56 +0000 (10:07 +0200)]
s3/packaging: Fix build on RHEL when ccache is not available.
This fixes bug #5832.
Patch was provided by D.L. Meyer <dlmeyer [at] uiuc.edu>.
Thanks for reporting and providing the patch!
Karolin
(cherry picked from commit
42e0cb8c0a1b8470ac8e9ad1c5a741e299debb8f)
(cherry picked from commit
b2205a7697598729f85cb767621b8c610654053c)
Volker Lendecke [Wed, 6 May 2009 10:00:49 +0000 (12:00 +0200)]
Fix Coverity ID 897: REVERSE_INULL
(cherry picked from commit
a0e9521b306a7e83d09de4616a66b49d259f0bbc)
Jeremy Allison [Tue, 28 Apr 2009 18:07:51 +0000 (11:07 -0700)]
Fix bug #6291 - force user stop working. A previous fix broke the invariant that *uid is always initialized on return from create_token_from_username(). Restore it. Jeremy.
(cherry picked from commit
09b76c57098ed4d11855000ae31cd346cb9a765d)
Günther Deschner [Thu, 30 Apr 2009 21:37:26 +0000 (23:37 +0200)]
s3-netapi: Fix Bug #6309: support remote unjoining of Windows 2003 or greater.
Found by David Markey <admin@dmarkey.com>. Thanks!
Guenther
(cherry picked from commit
ab4b8c9c0438bc5afca17e3ebf05dde6f98bc0aa)
(cherry picked from commit
242ae00e56ac553f9ac736b4c2a18b4610bdb6e9)
Volker Lendecke [Thu, 7 May 2009 08:09:32 +0000 (10:09 +0200)]
Fix bug 6336: "net groupmap set" segfaults
(cherry picked from commit
f97e37d0130752dded728a29f5b1024ca19a0733)
Jeremy Allison [Mon, 4 May 2009 15:31:40 +0000 (08:31 -0700)]
Fix bug #6315 smbd crashes doing vfs_full_audit on IPC$ close event. The underlying problem is that once SMBulogoff is called, all server_info contexts associated with the vuid should become invalid, even if that's the context being currently used by the connection struct (tid). When the SMBtdis comes in it doesn't need a valid vuid value, but the code called inside vfs_full_audit always assumes that there is one (and hence a valid conn->server_info pointer) available.
This is actually a bug inside the vfs_full_audit and other code inside Samba,
which should only indirect conn->server_info on calls which require AS_USER to
be set in our process table. I could fix all these issues, but there's no
guarentee that someone might not add more code that fails this assumption, as
it's a hard assumption to break (it's usually true).
So what I've done is to ensure that on SMBulogoff the previously used
conn->server_info struct is kept around to be used for print debugging purposes
(it won't be used to change to an invalid user context, as such calls need
AS_USER set). This isn't strictly correct, as there's no association with the
(now invalid) context being freed and the call that causes conn->server_info to
be indirected, but it's good enough for most cases.
The hard part was to ensure that once a valid context is used again (via new
sessionsetupX calls, or new calls on a still valid vuid on this tid) that we
don't leak memory by simply replacing the stored conn->server_info pointer. We
would never actually leak the memory (as all conn->server_info pointers are
talloc children of conn), but with the previous patch a malicious client could
cause many server_info structs to be talloced by the right combination of SMB
calls. This new patch introduces free_conn_server_info_if_unused(), which
protects against the above.
Jeremy.
This was commit
e46a88ce35e1aba9d9a344773bc97a9f3f2bd616 in master.
(cherry picked from commit
146d007e70351532431b739f1264615111044768)
Karolin Seeger [Wed, 6 May 2009 14:06:59 +0000 (16:06 +0200)]
s3/docs: Remove unnecessary .sp.
Karolin
(cherry picked from commit
4a4dc776b2f0ca813abcf4f47f0d5721f75f3e6a)
(cherry picked from commit
6a617a9677da9df8f70cf2039245cfb5ce3d94c3)
(cherry picked from commit
8c5771422bf25dba0638c3419ac14f0841b94293)
Günther Deschner [Wed, 6 May 2009 13:43:23 +0000 (15:43 +0200)]
s3-docs: Fix Bug #6331. Document "net dom join/net dom unjoin".
Guenther
(cherry picked from commit
e398f1e91575909d2a90fab1e6f00804815a0b2f)
(cherry picked from commit
e19dddb2b438b75dcd995aaa763fcbe55d7de5cc)
Volker Lendecke [Mon, 4 May 2009 12:39:56 +0000 (14:39 +0200)]
Do not crash in ctdbd_traverse if ctdbd is not around
(cherry picked from commit
e5f0f6b7fb428e4cc8e5e782a0038a847d74edcc)
Volker Lendecke [Mon, 4 May 2009 10:36:13 +0000 (12:36 +0200)]
3.3: Increase debug level of "create_connection_server_info failed" message
I don't think we should unconditionally send every refused connection attempt
to a share to syslog, that's where all debug level 0 messages end up.
(cherry picked from commit
65fe7c42c6c229a99b7cffc0515fc7a1ed30c43c)
Michael Adam [Tue, 5 May 2009 15:02:46 +0000 (17:02 +0200)]
s3:mark registry shares without path unavailable in the server, too
This prevents users from getting access to "/" in misconfigured setups.
Michael
(cherry picked from commit
1921d77fa2490bd19aded05924a62795641231ea)
Michael Adam [Mon, 27 Apr 2009 23:24:27 +0000 (01:24 +0200)]
s3:loadparm: mark registry shares without path unavailable
...just as with text config.
This applies to testparm and friends.
smbd is fixed in a second patch.
Michael
(cherry picked from commit
1d345210381b1f543c2ccaa6e66f52532916413e)
Michael Adam [Mon, 27 Apr 2009 16:10:14 +0000 (18:10 +0200)]
s3:loadparm: prevent infinite include nesting.
This introduces a hard coded MAX_INCLUDE_DEPTH of 100.
When this is exceeded, handle_include (and hence lp_load) fails.
One could of course implement a more intelligent loop detection
in the include-tree, but this would require some restructuring
of the internal loadparm housekeeping. Maybe as a second improvement
step.
Michael
(cherry picked from commit
a100a9c48d73df69851099e15253a65f2dbc9f65)
Björn Jacke [Sun, 8 Mar 2009 11:54:04 +0000 (12:54 +0100)]
to be portable, use options first, arguments last
Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
02368626a273368a3b731d2b413e90d91ed15c5c)
Karolin Seeger [Mon, 4 May 2009 13:54:34 +0000 (15:54 +0200)]
s3/packaging: Add keyutils-devel to build requires.
This should fiy bug #5853. Thanks to D.L. Meyer <dlmeyer [at] uiuc.edu>
for reporting.
Karolin
(cherry picked from commit
d8de7e3193143ec50d86adc704123ca240a8f549)
(cherry picked from commit
c89c2db8c51bd3cede2e2e8fb58214971eda4129)
Karolin Seeger [Mon, 4 May 2009 13:17:30 +0000 (15:17 +0200)]
s3/docs: Fix typo.
Karolin
(cherry picked from commit
c2eb0d87a2436614741119ebd14fda05b42a2ddd)
(cherry picked from commit
98c238a54dbe3e64262252a9fb38b382c53c1bcf)
Günther Deschner [Tue, 28 Apr 2009 23:55:09 +0000 (01:55 +0200)]
3.3 samr bug 6301: fix samr_ConnectVersion enum which is 32bit not 16bit.
Port of
67ca76c288eb095ae to 3.3
Signed-off-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
151042f5b348c6eb7bcc702193fb046305630116)
Karolin Seeger [Sun, 3 May 2009 07:55:46 +0000 (09:55 +0200)]
s3/docs: Fix typos.
That fixes bug #4247. Thanks to David McNeill <davemc [at] mcpond.co.nz>
for reporting!
Karolin
(cherry picked from commit
eaf949947c2eb03363c4b6f588f87b70110d6ff7)
(cherry picked from commit
cea79d1fbf44b0d5bff5aa12962fb3d3cb61c367)
(cherry picked from commit
226620d0ed221da983b4f662fcef14906588f1bd)
Karolin Seeger [Sun, 3 May 2009 07:35:55 +0000 (09:35 +0200)]
s3/docs: Fix typo.
This fixes bug #4245. Thanks to David McNeill <davemc [at] mcpond.co.nz>
for reporting!
Karolin
(cherry picked from commit
579c91581f5b6d5341a12923fe6cde377223caff)
(cherry picked from commit
49caab4044e47236594c6688f202aed555b9da61)
(cherry picked from commit
139f95c85f96e7ccba024283608f9ee5990f6676)
Karolin Seeger [Wed, 29 Apr 2009 12:12:01 +0000 (14:12 +0200)]
s3/docs: Fix serveral typos.
This fixes bug #4315.
Thanks to Felipe Augusto van de Wiel <faw [at] cathedrallabs [dot] org>!
Karolin
(cherry picked from commit
3422b9c546cdd262bd747e1e737c2b6479b4d21e)
(cherry picked from commit
3da62734fffa99cde1084beeb69e94a7bc623dde)
(cherry picked from commit
b487a48c876fcaf88ec3fb4b05bacdd9b0bd8cd0)
Karolin Seeger [Tue, 28 Apr 2009 06:45:27 +0000 (08:45 +0200)]
WHATSNEW: Update changes since 3.3.3.
Karolin
(cherry picked from commit
48d0ae00fa449a8368310b5edac708e8a3b97a3c)
Björn Jacke [Sat, 28 Mar 2009 00:21:25 +0000 (01:21 +0100)]
ѕ3/configure: fix regexp for ld version recognition
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
(commit
740c2c4366badc62d017881c9484ee5153b62f94 in master)
(commit
172ecfae44768289b98c1bafa7aa2b89dbecc312 in v3-4-test)
(cherry picked from commit
c53c875a7d205ba5f6fdb196db81e7c89d04b83b)
Günther Deschner [Fri, 24 Apr 2009 08:02:06 +0000 (10:02 +0200)]
s3-idmap: Fix bug #6286: Call init function for builtin idmap modules before probing for them as shared modules.
idmap-gurus of the world, please check.
Guenther
(cherry picked from commit
67588ca80d654183b8b7b062b9660a506a825f94)
(cherry picked from commit
a552aa1c3f67b76692e26a5560640dcfae0831b6)
Günther Deschner [Wed, 22 Apr 2009 21:48:24 +0000 (23:48 +0200)]
s3-selftest: test wbinfo --allocate-uid/gid.
Guenther
(cherry picked from commit
c3843c40b5c426910a184dcef3b17283e6e224e9)
Simo Sorce [Wed, 22 Apr 2009 13:12:58 +0000 (09:12 -0400)]
Fix profile acls in some corner cases
Always add back the real original owner of the directory in the ACE List after
we steal its ACE for the Administrators group.
(cherry picked from commit
df44b4f2f6a5e83115e1e04883c94f89fdc9a28f)
Simo Sorce [Wed, 22 Apr 2009 10:15:21 +0000 (06:15 -0400)]
Avoid duplicate aces
When adding arbitrary aces to an nt_ace_list we need to make sure we
are not actually adding a duplicate.
add_or_replace_ace() takes care of doing the right thing.
(cherry picked from commit
59ba5e05c01e9a20fbae7cce40b2301585db5c34)
Jeremy Allison [Wed, 22 Apr 2009 10:04:22 +0000 (03:04 -0700)]
Add comment explaining the previous fix.
Jeremy.
(cherry picked from commit
b2e0cb32c1a6f68430b36288c5d704b46d072e79)
Jeremy Allison [Wed, 22 Apr 2009 09:24:27 +0000 (02:24 -0700)]
Fix bug #6279 - winbindd crash. Cope with LDAP libraries returning LDAP_SUCCESS but not returning a result.
Jeremy
(cherry picked from commit
b32b0d502fe0f63e82d277039dda0a6f4bb2100f)
John H Terpstra [Mon, 20 Apr 2009 15:06:33 +0000 (10:06 -0500)]
Added ability to revert to old modules for make revert.
(cherry picked from commit
d235881c9f3e5d14beb2ebcfa2e4a7d18e890784)
Stefan Metzmacher [Fri, 3 Apr 2009 10:21:17 +0000 (12:21 +0200)]
s3:docs: document the --request-timeout option of net
metze
(cherry picked from commit
cdbbc81bad5d53397bf80898cf68d8867cf64cba)
(cherry picked from commit
1d1e859c4e08fed1775a170ccff459f3a18e13ba)
(cherry picked from commit
8775968526046f040a2e6ba8697d719b5e3bced8)
Stefan Metzmacher [Thu, 26 Mar 2009 19:32:55 +0000 (20:32 +0100)]
s3:net: add --request-timeout option
metze
(cherry picked from commit
257809558bfab3e45703cf8be76357596392a3ea)
(cherry picked from commit
e20b8706401d1a4eee0fe494825deef6ab23ab23)
(cherry picked from commit
d80e02de5714aaa650bef91767ce0775bd2392f5)
Stefan Metzmacher [Thu, 26 Mar 2009 19:29:24 +0000 (20:29 +0100)]
s3:net_rpc: don't shutdown a cli_state passed from the caller
This fixes a crash bug if we timeout in net rpc trustdom list.
metze
(cherry picked from commit
c0dfe0cf80ee50f395912b7d6aec0d87febd34c0)
(cherry picked from commit
d87563604ca7b1c18c5a84d76726c2a99dc454f8)
(cherry picked from commit
cba4214b963983730bedc792e391b5435889597a)
Volker Lendecke [Wed, 15 Apr 2009 11:01:09 +0000 (13:01 +0200)]
Do not use the file system GET_REAL_FILENAME for mangled names
(cherry picked from commit
5a5dcd125fe236ddd93a6e56ae361fc84e306185)
Karolin Seeger [Sat, 18 Apr 2009 09:01:36 +0000 (11:01 +0200)]
WHATSNEW: Update planned release date.
Karolin
(cherry picked from commit
bfd1d245bd27fe5c14d786702da07e5f88fb03f5)
Karolin Seeger [Sat, 18 Apr 2009 07:58:41 +0000 (09:58 +0200)]
WHATSNEW: Prepare WHATSNEW for 3.3.4.
Karolin
(cherry picked from commit
cf7a753bfca1bae7213730febdc2f8909506ac5e)
Karolin Seeger [Fri, 17 Apr 2009 14:15:08 +0000 (16:15 +0200)]
VERSION: Raise version number up to 3.3.4.
Karolin
(cherry picked from commit
a70f2928c0ceb625424af56b96ac76b74c04fa12)
Günther Deschner [Fri, 17 Apr 2009 13:46:36 +0000 (15:46 +0200)]
s3-test: enable RPC-LSA-LOOKUPSIDS and RPC-JOIN during make test.
Guenther
(cherry picked from commit
79321cad54a4303abc27766101ffb52f50d64430)
Michael Adam [Fri, 17 Apr 2009 09:40:17 +0000 (11:40 +0200)]
s3:registry: Prevent creation of keys containing the '/' character.
This creates a broken registry that can only be fixed with
tdbtool, since the '/' sign is used as a key separator after
normalization at a lower level.
This makes e.g. "net conf setparm abc/def comment xyz" fail with
WERR_INVALID_PARAM, which is much more desirable than a broken
registry.tdb.
Michael
(cherry picked from commit
943b33587c9905e0b6b6ee090fe9bf9bdfc77465)
Günther Deschner [Thu, 16 Apr 2009 23:30:54 +0000 (01:30 +0200)]
s3-docs: fix typo in smb.conf.5.
Guenther
(cherry picked from commit
05ea8daacabe62b6c20770a8518192c44e7eb763)
(cherry picked from commit
8dc31b185d67aa4cdcb367254a913039e3f286ee)
Günther Deschner [Thu, 16 Apr 2009 11:03:35 +0000 (13:03 +0200)]
s3-docs: document warn_pwd_expire pam_winbind option in manpage.
Andreas, please check.
Guenther
(cherry picked from commit
5517c0bcddfbd8c877fd1f909407824553a20e7f)
(cherry picked from commit
1f5485ed8d8e50159859b2e994680dfa224d15f3)
Jeremy Allison [Thu, 16 Apr 2009 23:21:00 +0000 (16:21 -0700)]
Add torture tester to ensure we don't regress the ulogoff bug.
Jeremy.
(cherry picked from commit
e2dd445921b509a2c05646e5aece50243f2b7a5a)
Jeremy Allison [Thu, 16 Apr 2009 23:20:12 +0000 (16:20 -0700)]
Fix bug found by Tim Prouty, logging off and then re-using a vuid can cause smbd to
access a freed structure.
Jeremy.
(cherry picked from commit
043ade0f4dff788f81e014d3c85217377226899e)
Jeremy Allison [Thu, 16 Apr 2009 22:14:37 +0000 (15:14 -0700)]
When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid.
Jeremy.
(cherry picked from commit
d7b0894c8d025ceda4b7208e134e591bc4953400)
Jim McDonough [Thu, 16 Apr 2009 15:04:00 +0000 (17:04 +0200)]
Don't look up local user for remote changes, even when root.
(cherry picked from commit
bece9b36c455de30eb601912554d43e743def6b2)
Martin Schwenke [Thu, 16 Apr 2009 00:25:29 +0000 (10:25 +1000)]
In net_conf_import, start a transaction when importing a single share.
Commit
d69c3db9d44ad5d9fd1f5d7a9499f3bd79ecfb47 caused the transaction
start to be conditional but the commit is still unconditional, so an
error occurs when importing a single share.
An alternate fix would be to return the transaction start to be
unconditional but then it would occur before other error checking.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
9a28b28314c6a76cf619fc5f1b676d1f4229e3e1)
Günther Deschner [Wed, 15 Apr 2009 23:42:35 +0000 (01:42 +0200)]
s3-lsa: Fix Bug #6263. Unexpected LookupSids reply crashes XP pre-SP3.
LookupSids needs to bounce back string sids in case of NT_STATUS_NONE_MAPPED.
Guenther
(cherry picked from commit
597be402e40ff880b595ae49a8600b932365cbcb)
Jeremy Allison [Wed, 15 Apr 2009 21:31:43 +0000 (14:31 -0700)]
Fix bug #6089 - Winbind samr_OpenDomain not possible with Samba 3.2.6+
What a difference a name makes... :-). Just because something is missnamed
SA_RIGHT_SAM_OPEN_DOMAIN, when it should actually be SA_RIGHT_SAM_LOOKUP_DOMAIN,
don't automatically use it for a security check in _samr_OpenDomain().
Jeremy.
(cherry picked from commit
8a985bcfe4aee7e602601fe78a94757dce645fcc)
Günther Deschner [Tue, 14 Apr 2009 20:39:36 +0000 (22:39 +0200)]
netdomjoin-gui: make sure to grey out change fields when not running as root.
Guenther
(cherry picked from commit
ca3de0103b545c86c8507dfc7d042f1838d5dfb2)
(cherry picked from commit
cb96e70a1d9112d9e4fff1fda4cf64abc7985347)
(cherry picked from commit
64c0c6cfc6d44a9bb8ea13e56ed6c3d1eee3861e)
Guenther Deschner [Mon, 13 Apr 2009 16:44:54 +0000 (09:44 -0700)]
s3-loadparm: Fix resume command typo for "printing = vlp".
(cherry picked from commit
f3ec61a77973781ca1f39c345d5e03a9ba9e43ae)