tprouty/samba.git
11 years agoFix a segv in winbindd caused by trying to free an fstring. Make a copy of the machin...
Gerald (Jerry) Carter [Mon, 17 Dec 2007 23:33:48 +0000 (17:33 -0600)]
Fix a segv in winbindd caused by trying to free an fstring. Make a copy of the machine_password and machine_account strings in all conditional paths so that SAFE_FREE() will always be valid.

11 years agoMake cm_connect_sam() try harder to connect autheticated.
Michael Adam [Mon, 17 Dec 2007 22:26:48 +0000 (23:26 +0100)]
Make cm_connect_sam() try harder to connect autheticated.

Even if the session setup was anonymous, try and collect
trust creds with get_trust_creds() and use these before
falling back to schannel.

This is the first attempt to fix interdomain trusts.
(get password policy and stuff)

Michael

11 years agoRefactor out assembling of trust creds (pw, account name, principal).
Michael Adam [Mon, 17 Dec 2007 22:24:36 +0000 (23:24 +0100)]
Refactor out assembling of trust creds (pw, account name, principal).

Michael

11 years agoStreamline and fix logic of cm_prepare_connection().
Michael Adam [Mon, 17 Dec 2007 22:22:28 +0000 (23:22 +0100)]
Streamline and fix logic of cm_prepare_connection().

Do not attempt to do a session setup when in a trusted domain
situation (this gives STATUS_NOLOGON_TRUSTED_DOMAIN_ACCOUNT).

Use get_trust_pw_clear to get machine trust account.
Only call this when the results is really used.
Use the proper domain and account name for session setup.

Michael

11 years agoRefactor out get_schannel_session_key logic.
Michael Adam [Mon, 17 Dec 2007 22:11:31 +0000 (23:11 +0100)]
Refactor out get_schannel_session_key logic.

Refactor the actual retrieval of the session key through the
established netlogon pipe out of get_schannel_session_key()
and get_schannel_session_key_auth_ntlmssp() into a new
function get_schannel_session_key_common().
(To avoid code duplication.)

Michael

11 years agoPass NULL instead of unneeded &sid: secrets_fetch_trusted_domain_password() checks.
Michael Adam [Mon, 17 Dec 2007 21:37:29 +0000 (22:37 +0100)]
Pass NULL instead of unneeded &sid: secrets_fetch_trusted_domain_password() checks.

Michael

11 years agoRename get_trust_pw() to get_trust_pw_hash().
Michael Adam [Mon, 17 Dec 2007 21:29:54 +0000 (22:29 +0100)]
Rename get_trust_pw() to get_trust_pw_hash().

Michael

11 years agoExport logic of get_trust_pw() to new function get_trust_pw_clear().
Michael Adam [Mon, 17 Dec 2007 21:26:52 +0000 (22:26 +0100)]
Export logic of get_trust_pw() to new function get_trust_pw_clear().

get_trust_pw() just now computes the md4 hash of the result of
get_trust_pw_clear() if that was successful. As a last resort,
in the non-trusted-domain-situation, get_trust_pw() now tries to
directly obtain the hashed version of the password out of secrets.tdb.

Michael

11 years agoRefactor the lagacy part of secrets_fetch_trust_account_password() out
Michael Adam [Mon, 17 Dec 2007 16:49:13 +0000 (17:49 +0100)]
Refactor the lagacy part of secrets_fetch_trust_account_password() out

into a new function secrets_fetch_trust_account_password_legacy() that
does only try to obtain the hashed version of the machine password directly
from secrets.tdb.

Michael

11 years agoLet get_trust_pw() determine the machine_account_name to use.
Michael Adam [Mon, 17 Dec 2007 16:42:05 +0000 (17:42 +0100)]
Let get_trust_pw() determine the machine_account_name to use.

Up to now each caller used its own logic.

This eliminates code paths where there was a special treatment
of the following situation: the domain given is not our workgroup
(i.e. our own domain) and we are not a DC (i.e. it is not a typical
trusted domain situation). In situation the given domain name was
previously used as the machine account name, resulting in an account
name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me.
get_trust_pw would not have obtained a password in this situation
anyways.

I hope I have not missed an important point here!

Michael

11 years agoRemove silly amounts of trailing white spaces.
Michael Adam [Mon, 17 Dec 2007 16:38:06 +0000 (17:38 +0100)]
Remove silly amounts of trailing white spaces.

Michael

11 years agoStreamline logic in cm_connect_netlogon()
Michael Adam [Tue, 11 Dec 2007 11:47:28 +0000 (12:47 +0100)]
Streamline logic in cm_connect_netlogon()

by retrieving trust password only, when it will be used.

Michael

11 years agor25086: Fix interdomain trusts (this povides the fix expected in r22709):
Michael Adam [Tue, 11 Sep 2007 16:15:36 +0000 (16:15 +0000)]
r25086: Fix interdomain trusts (this povides the fix expected in r22709):

Fix winbindd on a Samba DC talking to a trusted domain DC by
making it use the trusted domain password...

Michael

I hope this does not brake any other setup.

11 years agor22709: we can only use tschannel when commectcing to our primary (might need some...
Gerald Carter [Sun, 6 May 2007 19:48:13 +0000 (19:48 +0000)]
r22709: we can only use tschannel when commectcing to our primary (might need some fixing here for a Samba DC)

11 years agoIn cm_prepare_connection(), only get auth user creds if we need to.
Michael Adam [Tue, 11 Dec 2007 07:52:20 +0000 (08:52 +0100)]
In cm_prepare_connection(), only get auth user creds if we need to.

Michael

11 years agoRemove two unneeded functions.
Michael Adam [Mon, 17 Dec 2007 14:19:38 +0000 (15:19 +0100)]
Remove two unneeded functions.

secrets_store_trust_account_password() and trust_password_delete()
are the write access functions to the SECRETS/$MACHINE.ACC/domain keys
in secrets.tdb, the md4 hashed machine passwords. These are not used
any more: Current code always writes the clear text password.

Michael

11 years agopacket_struct is used in several places as raw memory
Volker Lendecke [Wed, 19 Dec 2007 16:05:26 +0000 (17:05 +0100)]
packet_struct is used in several places as raw memory

-> Fix more uninitialized variable warnings

11 years agoSome paranoia checks
Volker Lendecke [Wed, 19 Dec 2007 15:48:18 +0000 (16:48 +0100)]
Some paranoia checks

11 years agoZero the tdb key, there might be padding
Volker Lendecke [Wed, 19 Dec 2007 15:48:04 +0000 (16:48 +0100)]
Zero the tdb key, there might be padding

This leads to uninitialized variable warnings if nmbd is run under valgrind.

11 years agoEnsure we can't pass -1 to smb_fn_name(). Fixes bug #4612.
Jeremy Allison [Wed, 19 Dec 2007 02:08:18 +0000 (18:08 -0800)]
Ensure we can't pass -1 to smb_fn_name(). Fixes bug #4612.
This is not used in 3.2 code.
Jeremy.

11 years agoFix socket_wrapper build for 3.0.x.
Jeremy Allison [Mon, 17 Dec 2007 23:09:59 +0000 (15:09 -0800)]
Fix socket_wrapper build for 3.0.x.
Jeremy.

11 years agoWhile 'data' is usually 0 terminated, nothing in the spec requires that.
Simo Sorce [Mon, 17 Dec 2007 20:21:38 +0000 (15:21 -0500)]
While 'data' is usually 0 terminated, nothing in the spec requires that.
The correct way is to copy only 'length' bytes.

Simo.

11 years agoFix bug #5121 (unix passwd sync bnot working on a streams based
Jeremy Allison [Mon, 17 Dec 2007 18:44:01 +0000 (10:44 -0800)]
Fix bug #5121 (unix passwd sync bnot working on a streams based
system).
Jeremy.

11 years agoResolve conflict of merging in J.Layton patch
Simo Sorce [Mon, 17 Dec 2007 14:40:10 +0000 (09:40 -0500)]
Resolve conflict of merging in J.Layton patch

Merge branch 'v3-0-test' of ssh://git.samba.org/data/git/samba into v3-0-simo

Conflicts:

source/client/mount.cifs.c

11 years agomount.cifs: fix several problems when mounting subdirectories of shares
Jeff Layton [Tue, 13 Nov 2007 14:04:33 +0000 (09:04 -0500)]
mount.cifs: fix several problems when mounting subdirectories of shares

This is essentially the same patch as I posted yesterday. The only
difference is that I added the replace_char helper function and now
have the code call it instead of doing the conversion internally.

Thoughts?

-------[snip]-------

CIFS has a few problems when mounting subdirectories of shares:

a) mount.cifs assumes that the prefixpath will always begin with a
forward slash. If it begins with a backslash, then it fails to parse out
the prefixpath and leaves it appended to the sharename. This causes the
mount to fail.

b) if the prefixpath uses '/' as a delimiter, it doesn't convert that to
a "native" prefixpath ('\\' delimiter). The kernel will blindly stuff
this prefix into the beginning of a path when it builds one from a dentry,
and this confuses windows servers (samba doesn't seem to care).

c) When you mount a subdir of a share, mount.cifs munges the device string
so that you can't tell what the prefixpath is. So if I mount:

//server/share/p1/p2/p3

..then /proc/mounts and mtab will show only:

//server/share

d) If the client has to retry the mount with an uppercase sharename, it
doesn't also uppercase the prefixpath (not sure if that's a real issue,
but it seems inconsistent).

The following patch fixes all of these problems. It separates the
"share_name" from the "device_name", and passes the share_name as the
unc= string, and the device_name as the first arg to mount(), and to
setmntent().

It also changes mount.cifs to use '\\' exclusively as a delimiter for
the unc= and prefixpath= options, and to use '/' exclusively as a
delimiter in the device string (seemingly necessary since the kernel
doesn't deal well with backslashes in the device string).

Signed-off-by: Jeff Layton <jlayton@redhat.com>
11 years agoFix flags in all callers of lookup_name() in net_sam.c.
Michael Adam [Mon, 17 Dec 2007 11:15:21 +0000 (12:15 +0100)]
Fix flags in all callers of lookup_name() in net_sam.c.

Michael

11 years agoFix flags in call of lookup_name() in srv_samr_nt.c:can_create().
Michael Adam [Mon, 17 Dec 2007 11:14:28 +0000 (12:14 +0100)]
Fix flags in call of lookup_name() in srv_samr_nt.c:can_create().

Use LOOKUP_NAME_LOCAL instead of LOOKUP_NAME_ISOLATED.

Michael

11 years agoFix flags in call of lookup_name() in pdb_default_create_alias().
Michael Adam [Mon, 17 Dec 2007 11:14:01 +0000 (12:14 +0100)]
Fix flags in call of lookup_name() in pdb_default_create_alias().

Use new flag LOOKUP_NAME_LOCAL.

Michael

11 years agoAdd combined flag LOOKUP_NAME_LOCAL.
Michael Adam [Mon, 17 Dec 2007 11:11:41 +0000 (12:11 +0100)]
Add combined flag LOOKUP_NAME_LOCAL.

Presence of LOOKUP_NAME_ISOLATED as the only flag is not the sign
for doing local lookups only but the sign for allowing lookups
of unqualified names. The correct sign is absence of the flag
LOOKUP_NAME_REMOTE.

Michael

11 years agoFix flags in caller of lookup_name() in create_builtin_administrators().
Michael Adam [Mon, 17 Dec 2007 11:10:46 +0000 (12:10 +0100)]
Fix flags in caller of lookup_name() in create_builtin_administrators().

Michael

11 years agoDoh, fix typo in error exit.
Jeremy Allison [Sun, 16 Dec 2007 07:32:22 +0000 (23:32 -0800)]
Doh, fix typo in error exit.
Jeremy.

11 years agoAdded patch originally by Andreas Schneider <anschneider@suse.de>
Jeremy Allison [Sun, 16 Dec 2007 07:22:17 +0000 (23:22 -0800)]
Added patch originally by Andreas Schneider <anschneider@suse.de>
to cause us to behave like Vista when looking for remote
machine principal. Modified by me.
Jeremy.

11 years agoCope with valgrind > 3.2.x.
Jeremy Allison [Sun, 16 Dec 2007 07:05:37 +0000 (23:05 -0800)]
Cope with valgrind > 3.2.x.
Jeremy.

11 years agoMore work on bug #5082, use LC_ALL as this takes
Jeremy Allison [Sun, 16 Dec 2007 06:28:46 +0000 (22:28 -0800)]
More work on bug #5082, use LC_ALL as this takes
precedence.
Jeremy.

11 years agoFix for bug #5082 from Mathias Gug <mathiaz@ubuntu.com>, Steve Langasek <vorlon@debia...
Jeremy Allison [Sat, 15 Dec 2007 01:03:04 +0000 (17:03 -0800)]
Fix for bug #5082 from Mathias Gug <mathiaz@ubuntu.com>, Steve Langasek <vorlon@debian.org>.
Recent versions of Linux-PAM support localization of user prompts,
so Samba must use the C locale when invoking PAM (directly or via
/usr/bin/passwd) to ensure that password chat values match the prompts in a
locale-invariant fashion.
Jeremy.

11 years agoFix bug #5141, patch from Hans Mayer <hans.mayer@ages.at>.
Jeremy Allison [Sat, 15 Dec 2007 00:32:44 +0000 (16:32 -0800)]
Fix bug #5141, patch from Hans Mayer <hans.mayer@ages.at>.
Already fixed in 3.2 code.
Jeremy.

11 years agoWe don't need to call endpwent if we never call getpwent.
Jeremy Allison [Fri, 14 Dec 2007 01:25:28 +0000 (17:25 -0800)]
We don't need to call endpwent if we never call getpwent.
Jeremy.

11 years agoAdd a varient of Steve Langasek <vorlon@debian.org> patch
Jeremy Allison [Fri, 14 Dec 2007 01:18:44 +0000 (17:18 -0800)]
Add a varient of Steve Langasek <vorlon@debian.org> patch
for bug #4780. Cause user mounts to inherit uid= and gid= from the
calling user when called as non-root, except when overridden on the
commandline.
Jeremy.

11 years agoMissed one strcpy call.
Jeremy Allison [Thu, 13 Dec 2007 03:12:24 +0000 (19:12 -0800)]
Missed one strcpy call.
Jeremy.

11 years agoAdd a portable version of strlcpy and strlcat and convert
Jeremy Allison [Thu, 13 Dec 2007 03:11:26 +0000 (19:11 -0800)]
Add a portable version of strlcpy and strlcat and convert
all strncpy/strcat calls to them.
Convert all sprintf calls to snprintf. Safety first !
Jeremy.

11 years agoFix bug #4784. Patch from Steve Langasek <vorlon@debian.org>.
Jeremy Allison [Thu, 13 Dec 2007 02:45:20 +0000 (18:45 -0800)]
Fix bug #4784. Patch from Steve Langasek <vorlon@debian.org>.
Jeremy.

11 years agoMerge debian patch for distclean.
Jeremy Allison [Thu, 13 Dec 2007 02:23:17 +0000 (18:23 -0800)]
Merge debian patch for distclean.
Jeremy.

11 years agoMerge debian fix for smbstatus locking error message.
Jeremy Allison [Thu, 13 Dec 2007 02:17:34 +0000 (18:17 -0800)]
Merge debian fix for smbstatus locking error message.
Already fixed differently for 3.2.
Jeremy.

11 years agoOnly add the non-root escape on !developer.
Jeremy Allison [Thu, 13 Dec 2007 02:07:04 +0000 (18:07 -0800)]
Only add the non-root escape on !developer.
Jeremy.

11 years agoFix bug #3727 with patch from Steve Langasek <vorlon@debian.org>
Jeremy Allison [Thu, 13 Dec 2007 01:26:45 +0000 (17:26 -0800)]
Fix bug #3727 with patch from Steve Langasek <vorlon@debian.org>
Jeremy.

11 years agoMake sure this is fixed for both MIT and Heimdal.
Jeremy Allison [Wed, 12 Dec 2007 21:00:41 +0000 (13:00 -0800)]
Make sure this is fixed for both MIT and Heimdal.
Jeremy.

11 years agoMerge branch 'v3-0-test' of ssh://jra@git.samba.org/data/git/samba into v3-0-test
Jeremy Allison [Wed, 12 Dec 2007 17:49:26 +0000 (09:49 -0800)]
Merge branch 'v3-0-test' of ssh://jra@git.samba.org/data/git/samba into v3-0-test

11 years agoVista SP1-rc1 appears to break against Samba-3.0.27a
Guenther Deschner [Wed, 12 Dec 2007 12:38:28 +0000 (13:38 +0100)]
Vista SP1-rc1 appears to break against Samba-3.0.27a

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Jason,

Jason Haar wrote:
> Patched 3.0.28, compiled, installed and here's the log file.
>
> Hope it helps. BTW I don't think it matters, but this is on 32bit
> CentOS4.5 systems.

yes, it helps. Thanks for that.

Very interesting, there are two auth data structures where the first one
is a PAC and the second something unknown (yet).

Can you please try the attached fix ? It should make it work again.

Guenther
- --
G√ľnther Deschner                    GPG-ID: 8EE11688
Red Hat                         gdeschner@redhat.com
Samba Team                              gd@samba.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHX9ZESOk3aI7hFogRAivSAJ9bMcD+PcsIzjYYLtAUoLNfVVEl1QCfV/Qd
MPsZW4G31VOVu64SPjgnJiI=
=Co+H
-----END PGP SIGNATURE-----

11 years agoFix for bug #4801: Correctly implement lsa lookup levels for lookupnames.
Michael Adam [Fri, 30 Nov 2007 15:11:43 +0000 (16:11 +0100)]
Fix for bug #4801: Correctly implement lsa lookup levels for lookupnames.

This is a first patch aimed at fixing bug #4801.
It is still incomplete in that winbindd does not walk
the the trusted domains to lookup unqualified names here.
Apart from that this fix should be pretty much complete.

Michael

11 years agoAdd flags for correctly implementing lsa_lookup_name levels.
Michael Adam [Fri, 30 Nov 2007 15:11:43 +0000 (16:11 +0100)]
Add flags for correctly implementing lsa_lookup_name levels.

This is in preparation of the upcoming fix for bug #4801
(correct implementation of lsa lookup name levels.)

Michael

11 years agoAdd patches for bug #4866 from jiri sasek - Sun Microsystems - Prague Czech Republic...
Jeremy Allison [Tue, 11 Dec 2007 20:12:48 +0000 (12:12 -0800)]
Add patches for bug #4866 from jiri sasek - Sun Microsystems - Prague Czech Republic <Jiri.Sasek@Sun.COM>
to allow Solaris to get passwords > 8 chars.
Jeremy.

11 years agoMerge branch 'v3-0-stable' into v3-0-test
Gerald (Jerry) Carter [Mon, 10 Dec 2007 15:59:46 +0000 (09:59 -0600)]
Merge branch 'v3-0-stable' into v3-0-test

11 years agoCorrect typos in the name of the CVE-2007-6015 references release-3-0-28
Gerald (Jerry) Carter [Mon, 10 Dec 2007 15:59:27 +0000 (09:59 -0600)]
Correct typos in the name of the CVE-2007-6015 references

11 years agoMerge branch 'v3-0-stable' into v3-0-test
Gerald (Jerry) Carter [Mon, 10 Dec 2007 15:30:23 +0000 (09:30 -0600)]
Merge branch 'v3-0-stable' into v3-0-test

11 years agoAdditional fixes for SAMBA_VERSION_VENDOR_PATCH in lib/version.c
Gerald (Jerry) Carter [Mon, 10 Dec 2007 14:59:39 +0000 (08:59 -0600)]
Additional fixes for SAMBA_VERSION_VENDOR_PATCH in lib/version.c

11 years agoAdapt VERSION to use SAMBA_VERSION_VENDOR_PATCH instead of
Michael Adam [Fri, 23 Nov 2007 15:52:45 +0000 (16:52 +0100)]
Adapt VERSION to use SAMBA_VERSION_VENDOR_PATCH instead of
SAMBA_VENDOR_PATCH as expected by mkversion.sh.

Thanks to Thomas Bork for noticing this.

Michael

11 years agoMerge branch 'v3-0-stable' into v3-0-test
Gerald (Jerry) Carter [Mon, 10 Dec 2007 14:34:15 +0000 (08:34 -0600)]
Merge branch 'v3-0-stable' into v3-0-test

Resolved conflicts in source/VERSION.

11 years agoRemove "-stable" vendor suffix from release
Gerald (Jerry) Carter [Mon, 10 Dec 2007 14:31:50 +0000 (08:31 -0600)]
Remove "-stable" vendor suffix from release

11 years agoUpdate release notes for 3.0.28
Gerald (Jerry) Carter [Mon, 10 Dec 2007 13:53:41 +0000 (07:53 -0600)]
Update release notes for 3.0.28

11 years agoCorrectly unbecome_root() on error
Volker Lendecke [Mon, 10 Dec 2007 10:47:17 +0000 (11:47 +0100)]
Correctly unbecome_root() on error

11 years agoCorrectly unbecome_root() on error
Volker Lendecke [Mon, 10 Dec 2007 10:47:17 +0000 (11:47 +0100)]
Correctly unbecome_root() on error

11 years agoFix a debug message (add a newline).
Michael Adam [Thu, 6 Dec 2007 00:13:07 +0000 (01:13 +0100)]
Fix a debug message (add a newline).

Michael

11 years agoSet release version to 3.0.28.
Gerald (Jerry) Carter [Thu, 6 Dec 2007 20:46:18 +0000 (14:46 -0600)]
Set release version to 3.0.28.

11 years agoFix from Jeremy for CVE-2007-6015 (send_mailslot() buffer overrun).
Gerald (Jerry) Carter [Thu, 6 Dec 2007 20:46:06 +0000 (14:46 -0600)]
Fix from Jeremy for CVE-2007-6015 (send_mailslot() buffer overrun).

This one fixes cli_send_mailslot() which could be called from the
nmbd server code.

11 years agoFix from Volker for CVE-2007-6015 (send_mailslot() buffer overrun).
Gerald (Jerry) Carter [Thu, 6 Dec 2007 20:45:13 +0000 (14:45 -0600)]
Fix from Volker for CVE-2007-6015 (send_mailslot() buffer overrun).

11 years agoRemove trailing slashes from service name
Andreas Schneider [Thu, 6 Dec 2007 11:29:52 +0000 (12:29 +0100)]
Remove trailing slashes from service name

11 years agoFix signing bug found by Volker. That one was *subtle*.
Jeremy Allison [Tue, 4 Dec 2007 21:30:29 +0000 (13:30 -0800)]
Fix signing bug found by Volker. That one was *subtle*.
Jeremy

11 years agoCorrectly invalidate intermediate vuids
Volker Lendecke [Tue, 4 Dec 2007 12:16:37 +0000 (13:16 +0100)]
Correctly invalidate intermediate vuids

Because of the "&& usp->server_info" test in get_valid_user_struct,
invalidate_vuid() called for an intermediate vuid would never do what it was
supposed to do. There is no server_info in the intermediate vuids.

This fixes a memleak, it was found for a client that does silly sequences of
sesssionsetup/ulogoff for every operation.

11 years agoWhen allocating a new vuid, also avoid partial ones
Volker Lendecke [Tue, 4 Dec 2007 12:13:45 +0000 (13:13 +0100)]
When allocating a new vuid, also avoid partial ones

11 years agoadd SESSSETUP_BENCH
Volker Lendecke [Tue, 4 Dec 2007 10:38:57 +0000 (11:38 +0100)]
add SESSSETUP_BENCH

11 years agoPrevent net getdomainsid from panicing when called as non-root.
Michael Adam [Fri, 30 Nov 2007 15:10:32 +0000 (16:10 +0100)]
Prevent net getdomainsid from panicing when called as non-root.

(Unable to open secrets.tdb.)

Michael

11 years agoFix old cut-and-paste bug where the wrong field was being written to.
Jeremy Allison [Wed, 28 Nov 2007 01:42:46 +0000 (17:42 -0800)]
Fix old cut-and-paste bug where the wrong field was being written to.
Jerry please check.
Jeremy.

11 years agoAdapt VERSION to use SAMBA_VERSION_VENDOR_PATCH instead of
Michael Adam [Fri, 23 Nov 2007 15:52:45 +0000 (16:52 +0100)]
Adapt VERSION to use SAMBA_VERSION_VENDOR_PATCH instead of
SAMBA_VENDOR_PATCH as expected by mkversion.sh.

Thanks to Thomas Bork for noticing this.

Michael

11 years agoprinting: fix default printing subsystem detection
Stefan Metzmacher [Fri, 23 Nov 2007 10:51:33 +0000 (11:51 +0100)]
printing: fix default printing subsystem detection

"system/printing.h" includes an outdated copy of
the stuff in samba3's includes.h, so we should not use it.

metze
(cherry picked from commit 0a7338abfabaf31c2cbd81fb4ac8f1ce45735bed)

11 years agoMerge commit 'origin/v3-0-stable' into v3-0-test
Stefan Metzmacher [Wed, 21 Nov 2007 14:47:21 +0000 (15:47 +0100)]
Merge commit 'origin/v3-0-stable' into v3-0-test

11 years agoMerge commit 'release-3-0-27a' into v3-0-stable
Gerald (Jerry) Carter [Wed, 21 Nov 2007 13:38:19 +0000 (07:38 -0600)]
Merge commit 'release-3-0-27a' into v3-0-stable

Resolved Conflicts:

source/VERSION

11 years agoSet version to 3.0.27b-GIT-XXXX-test
Gerald (Jerry) Carter [Wed, 21 Nov 2007 13:13:14 +0000 (07:13 -0600)]
Set version to 3.0.27b-GIT-XXXX-test

11 years agoSet version to 3.0.27a-GIT-XXXX-stable
Gerald (Jerry) Carter [Wed, 21 Nov 2007 13:12:08 +0000 (07:12 -0600)]
Set version to 3.0.27a-GIT-XXXX-stable

11 years agoUpdate release notes for the 3.0.27a release.
Gerald (Jerry) Carter [Wed, 21 Nov 2007 03:55:27 +0000 (21:55 -0600)]
Update release notes for the 3.0.27a release.
(cherry picked from commit 7fe4b24fcebe231843149fd8f7dbe5676812367d)

11 years agoCopy the full release notes from the 3.0.27 tag.
Gerald (Jerry) Carter [Wed, 21 Nov 2007 00:19:32 +0000 (18:19 -0600)]
Copy the full release notes from the 3.0.27 tag.

Some parts were somehow different.
(cherry picked from commit d6c3df20e8f6656da40b1baba4618d0220c1a4c1)

11 years agoUpdate release notes for the 3.0.27a release. release-3-0-27a
Gerald (Jerry) Carter [Wed, 21 Nov 2007 03:55:27 +0000 (21:55 -0600)]
Update release notes for the 3.0.27a release.

11 years agoCopy the full release notes from the 3.0.27 tag.
Gerald (Jerry) Carter [Wed, 21 Nov 2007 00:19:32 +0000 (18:19 -0600)]
Copy the full release notes from the 3.0.27 tag.

Some parts were somehow different.

11 years agoSetting release version to 3.0.27a
Gerald (Jerry) Carter [Tue, 20 Nov 2007 23:44:25 +0000 (17:44 -0600)]
Setting release version to 3.0.27a

11 years ago32/64 bit compatibility fix
Simo Sorce [Tue, 20 Nov 2007 23:19:54 +0000 (18:19 -0500)]
32/64 bit compatibility fix
this patch fixes platform where 32 and 64 bit apps can run at the same time
fixed in and tested in Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=253036

11 years agoDon't overrun directory listings by incorrectly calculating
Jeremy Allison [Tue, 20 Nov 2007 22:06:50 +0000 (14:06 -0800)]
Don't overrun directory listings by incorrectly calculating
end-of-data. Syncs up with 3.2.0. Jerry - this should fix the
profile bug.
Jeremy.

11 years agoPrevent segv in winbindd running on a DC using the "idmap backend" syntax.
Gerald (Jerry) Carter [Tue, 20 Nov 2007 19:24:03 +0000 (13:24 -0600)]
Prevent segv in winbindd running on a DC using the "idmap backend" syntax.

The number of domains should be counted as they are added and not assumed
to match the loop counter.

11 years agoEnsure every use of push_ascii checks for error -1 condition.
Jeremy Allison [Mon, 19 Nov 2007 23:27:11 +0000 (15:27 -0800)]
Ensure every use of push_ascii checks for error -1 condition.
Ensure that is zero termination is requested that it is
applied if there's space.
Jeremy.

11 years agoBack-port fix for bug found by kukks - Samba adding
Jeremy Allison [Mon, 19 Nov 2007 20:02:11 +0000 (12:02 -0800)]
Back-port fix for bug found by kukks - Samba adding
non-initialized name to IP mapping.
Jeremy.

11 years agoFix remaining calls to srvstr_push -1 - noticed
Jeremy Allison [Sun, 18 Nov 2007 23:06:53 +0000 (15:06 -0800)]
Fix remaining calls to srvstr_push -1 - noticed
by Simo (thanks !)
Jeremy.

11 years agoFix for Bug #5023 (separate access check from posix_acls code)
Michael Adam [Sat, 20 Oct 2007 00:17:07 +0000 (02:17 +0200)]
Fix for Bug #5023 (separate access check from posix_acls code)

The three can_* access check functions in smbd/posix_acls.c that are used in
smbd/open.c and smbd/nttrans.c explicitly called check_posix_acl_group_access()

This lead to errors with nfsv4 acls (e.g. ZFS and GPFS).

This changes the can_* functions to get the nt_acl via VFS layer and call
se_access_check on that. It also removes check_posix_acl_group_access()
which has no more callers.

Michael

Note: This merges the original fix 6f961a23de745aba5dcd4585b731e651b8cbeef4
from branch v3-2-test along with some subsequent improvements:

c61b4222d30288add216fac4da3cfaa537f5cd01 - no double fast pathing
cd62122916defbfb57468c3b82a60b766fc4652e - cosmetic fix
f4f700cf0c1657c36e801fab20fe7b1a4efcb714 - prevent orphaned open files

11 years agoFix for bug 4393 smbclient does not store files with zero filesize in tar-archives
Jeremy Allison [Fri, 16 Nov 2007 22:15:56 +0000 (14:15 -0800)]
Fix for bug 4393 smbclient does not store files with zero filesize in tar-archives
from Tomasz Ostrowski <tometzky@batory.org.pl>
Jeremy.

11 years agoFix for bug #4781: allow cleaning of /etc/mtab by canonicalizing mountpoint.
Michael Adam [Fri, 16 Nov 2007 21:26:26 +0000 (22:26 +0100)]
Fix for bug #4781: allow cleaning of /etc/mtab by canonicalizing mountpoint.

Canonicalize mountpoint by trimming trailing slashes before unmounting.
This allows for correct cleanup of /etc/mtab after unmounting.

Thanks to Steve Langasek <vorlon@debian.org>.

Michael

11 years agoFix smbfs to not trigger our paranoid checker.
Jeremy Allison [Fri, 16 Nov 2007 21:12:51 +0000 (13:12 -0800)]
Fix smbfs to not trigger our paranoid checker.
Jeremy.

11 years agoSet release to 3.0.27a in development branch
Gerald (Jerry) Carter [Thu, 15 Nov 2007 16:51:37 +0000 (10:51 -0600)]
Set release to 3.0.27a in development branch

11 years agoPull in release notes from 3.0.27 to the v3-0 development branch
Gerald (Jerry) Carter [Thu, 15 Nov 2007 16:51:23 +0000 (10:51 -0600)]
Pull in release notes from 3.0.27 to the v3-0 development branch

11 years agoSet version to 3.0.27a
Gerald (Jerry) Carter [Thu, 15 Nov 2007 16:48:13 +0000 (10:48 -0600)]
Set version to 3.0.27a

11 years agoFix for CVE-2007-4572
Gerald (Jerry) Carter [Thu, 15 Nov 2007 02:54:44 +0000 (20:54 -0600)]
Fix for CVE-2007-4572

== Subject:     Stack buffer overflow in nmbd's logon
==              request processing.
==
== CVE ID#:     CVE-2007-4572
==
== Versions:    Samba 3.0.0 - 3.0.26a (inclusive)

...
Samba developers have discovered what is believed to be
a non-exploitable buffer over in nmbd during the processing
of GETDC logon server requests.  This code is only used
when the Samba server is configured as a Primary or Backup
Domain Controller.

11 years agoFix for CVE-2007-5398.
Gerald (Jerry) Carter [Thu, 15 Nov 2007 02:51:14 +0000 (20:51 -0600)]
Fix for CVE-2007-5398.

== Subject:     Remote code execution in Samba's WINS
==              server daemon (nmbd) when processing name
==              registration followed name query requests.
==
== CVE ID#:     CVE-2007-5398
==
== Versions:    Samba 3.0.0 - 3.0.26a (inclusive)
...
Secunia Research reported a vulnerability that allows for
the execution of arbitrary code in nmbd.  This defect may
only be exploited when the "wins support" parameter has
been enabled in smb.conf.

11 years agoFix bug #5083 (and duplicate bug #5084).
Michael Adam [Thu, 15 Nov 2007 10:08:53 +0000 (11:08 +0100)]
Fix bug #5083 (and duplicate bug #5084).

Make solarisacl_sys_acl_get_fd() return a result
when there is one (thereby fixing a memleak).

Thanks to Markus Zell for reporting this.

Michael

11 years agoFix bug where tdb lock call interrupted with
Jeremy Allison [Wed, 7 Nov 2007 05:48:01 +0000 (21:48 -0800)]
Fix bug where tdb lock call interrupted with
an alarm sig would not terminate and could lead
to runaway smbd processes.
Thanks to Dave Daugherty @ Centrify for pointing
this out to us.
Jeremy.