| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
Karolin
|
| |
|
|
| |
Karolin
|
| |
|
|
|
|
|
|
|
|
|
|
| |
with vfs_acl_xattr or vfs_acl_tdb module.
Fix incorrect interaction when all of
"inherit permissions = yes"
"inherit acls = yes"
"inherit owner = yes"
are set. Found by Björn Jacke. Thanks Björn !
|
| |
|
|
|
|
| |
correctly with "inherit permissions = yes" and POSIX ACLs
Ensure when creating a directory, if we make any changes due to inheritance parameters, we update the stat returned.
|
| |
|
|
|
|
|
| |
correctly with "inherit permissions = yes" and POSIX ACLs
We don't need to check mode bits as well as dev/ino to
ensure we're in the same place.
|
| |
|
|
|
|
|
|
|
| |
correctly with "inherit permissions = yes" and POSIX ACLs
When changing ownership on a new file make sure we
must have a valid stat struct before making the inheritance
calls (as they may look at it), and if we make changes we
must have a valid stat struct after them.
|
| |
|
|
|
|
|
| |
correctly with "inherit permissions = yes" and POSIX ACLs
When changing ownership on a new file make sure we
also change the returned stat struct to have the correct uid.
|
| |
|
|
|
|
|
| |
correctly with "inherit permissions = yes" and POSIX ACLs
When changing ownership on a new directory make sure we
also change the returned stat struct to have the correct uid.
|
| |
|
|
|
|
|
|
|
|
| |
#7383)
metze
(cherry picked from commit 4bfe2d5655d97fbc7e65744425b5a098e77f5ba1)
(cherry picked from commit 62b2083c627abeb8a2fb7e5adc793c630d0d561c)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
| |
Karolin
|
| |
|
|
|
|
|
|
| |
Windows does not track bad password attempts when offline. We were locking users out but not honoring the lockout duration.
Autobuild-User: Jim McDonough <jmcd@samba.org>
Autobuild-Date: Wed May 25 18:11:10 CEST 2011 on sn-devel-104
(cherry picked from commit b58534f1fca27e3e72f4f4107538ec05734bd42a)
|
| | |
|
| |
|
|
|
|
| |
To be completed...
Karolin
|
| |
|
|
| |
Karolin
|
| |
|
|
| |
Karolin
|
| |
|
|
|
|
|
|
|
|
|
| |
vfs_acl_xattr or vfs_acl_tdb module.
If "inherit owner = yes", pass in the directory owner and group
owner as the target for CREATOR_OWNER and CREATOR_GROUP substitutions,
and also as the owner and primary group of the new security descriptor
being applied to the object.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
security blob size is greater than 16 kB
We were not correctly checking the output of asn1_start_tag().
asn1_start_tag() returns -1 and sets data->has_error if the
remaining blob size is too short to contain the tag length.
We were checking data->has_error and returning NT_STATUS_OK
(to allow the second asn.1 parse to fail in that case). We
should not be checking data->has_error in this case, but
falling through to the code that already checks the length.
Thanks to Jim for reproducing this for me. We don't get bitten
by this as we announce a max buffer size of 16k, greater than
Windows's 4k, which means that most krb5 spnego packets already
fit.
Jeremy.
|
| | |
|
| |
|
|
|
|
|
|
| |
There is currently a lot of duplicate code included for processing
responses to CUPS_GET_PRINTERS and CUPS_GET_CLASSES requests. This
change splits this code into a separate function.
Signed-off-by: Günther Deschner <gd@samba.org>
|
| |
|
|
|
|
|
|
|
|
| |
Use printcap IDL for marshalling and unmarshalling messages between cups
child and parent smbd processes. This simplifies the IPC and ensures
the parent is notified of cups errors encountered by the child.
https://bugzilla.samba.org/show_bug.cgi?id=7994
Signed-off-by: Günther Deschner <gd@samba.org>
|
| |
|
|
| |
Signed-off-by: Günther Deschner <gd@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cups_async_callback() is called to receive new printcap data from a
child process which requests the information from cupsd.
Newly received printcap information is stored in a temporary printcap
cache (tmp_pcap_cache). Once the child process closes the printcap IPC
file descriptor, the system printcap cache is replaced with the newly
populated tmp_pcap_cache, however this only occurs if tmp_pcap_cache is
non null (has at least one printer).
If the printcap cache is empty, which is the case when cups is not
exporting any printers, the printcap cache is not replaced resulting in
stale data.
Signed-off-by: Günther Deschner <gd@samba.org>
|
| |
|
|
|
|
|
|
|
| |
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue May 24 22:57:16 CEST 2011 on sn-devel-104
(cherry picked from commit e719dfd4dc178f001a5f804fb1ac4e587574415f)
Fix bug #8163 (asn.1 library does not correctly read negative integers).
(cherry picked from commit 859d13141cd831488b60e413f7141514ae4464b5)
|
| |
|
|
|
|
|
| |
correctly.
The parsing code made some strange assumptions about what is a printer
name, and what is a comment.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pcap_cache_loaded() assertions were added to the (re)load_printers()
functions, to ensure the caller had called pcap_cache_reload() prior to
reloading printer shares.
The problem is, pcap_cache_loaded() returns false if the the pcap_cache
contains no printer entries. i.e. pcap_cache_reload() has run but not
detected any printers.
Remove these assertions, correct call ordering is already enforced.
Signed-off-by: Günther Deschner <gd@samba.org>
The last 3 patches address bug #7836 (A newly added printer isn't visbile to
clients).
|
| |
|
|
|
|
| |
This reverts commit b6268f507fa3276c2ef22c58bad400a3fed48cd9.
Signed-off-by: Günther Deschner <gd@samba.org>
|
| |
|
|
|
|
| |
This reverts commit e4579eab7fe3eab7a5209e6de74e6fd2f53099d0.
Signed-off-by: Günther Deschner <gd@samba.org>
|
| |
|
|
|
|
|
| |
This reverts commit 73bec197a91a15aa9a69c9a3868ed51bdd3674ea.
Please see bug #8129 (Application requests printing on Format A5, but prints as
A4) fro details.
|
| |
|
|
|
|
|
|
|
|
| |
not work
This is 03115efae89c8c4f51dea1ce82613817bd9fcf5b from master
Actually copy something in wbcChangeUserPasswordEx
The length argument for memcpy was initialized to 0 and not initialized
|
| |
|
|
|
|
|
| |
Guenther
(cherry picked from commit 21576e3f8c32878910460bf9575c200ad93d682a)
Part of a fix for bug #7993 ("net rpc printer MIGRATE" command fails).
|
| |
|
|
|
|
|
|
|
|
|
| |
needed as old gcc releases output everything to stderr, even stdout output from
ld
Fixes #7825
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Fri Nov 26 20:15:24 CET 2010 on sn-devel-104
(cherry picked from commit 70a7da0e101910e3ceb08b86d4b840b219e24d7d)
|
| |
|
|
|
|
|
|
| |
ldb can create huge records when saving indexes.
Limit the tdb expansion to avoid consuming a lot of memory for
no good reason if the record being saved is huge.
Fix bug #7610 (winbindd_cache.tdb grows too large when scaled).
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
we deal with lp_cups_server in cups_connect() already, inside the URI all our
other cups functions we use ipp://localhost, do the same here.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed May 11 11:36:07 CEST 2011 on sn-devel-104
The last 3 patches address bug #8132 (Samba does not fill printers Location
field when using cups).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We never free the request in our cups api usage except for here. The reason is
probably htis (from the cupsDoConnect API docs):
"This function sends the IPP request to the specified server, retrying and
authenticating as necessary. The request is freed with ippDelete() after
receiving a valid IPP response."
Revert "Fix a memory leak in cups_pull_comment_location"
This reverts commit fee2664dad37536b05ce8bdae3e74d45b257f632.
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Tue May 10 17:32:58 CEST 2011 on sn-devel-104
(cherry picked from commit 019f11dd5b3240d05c1abe30dec3d793d6919313)
|
| |
|
|
|
|
|
| |
This has been in there since 2008...
Guenther
(cherry picked from commit 3ba3f68e03510e3bb5b7627c200af0395e853bc2)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is never correct to ask for a machine$ principal as the target of a
kerberos connection. You should always connect via the
servicePrincipalName.
This current code appears to have built up from a series of minimal
changes, as the codebase adapted the to lack of a SPNEGO principal
from Windows 2008.
Andrew Bartlett
The last two patches address bug #7893 (CIFS tickets vs. <host>$ tickets).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This principal is not supplied by later versions of windows, and using
it opens up some oportunities for man in the middle attacks. (Becuase
it isn't the name being contacted that is verified with the KDC).
This adds the option 'client use spnego principal' to the smb.conf (as
used in Samba4) to control this behaivour. As in Samba4, this
defaults to false.
Against 2008 servers, this will not change behaviour. Against earlier
servers, it may cause a downgrade to NTLMSSP more often, in
environments where server names are not registered with the KDC as
servicePrincipalName values.
Andrew Bartlett
(cherry picked from commit bb7806283e71f3b8029aae0eed326b5847a36d83)
|
| |
|
|
|
|
|
|
|
| |
We are conflating the O_CREAT|O_EXCL with the O_TRUNC
processing, they need to be separate. We need to chose
using (O_CREAT|O_EXCL) first, then modify if O_TRUNC is
set. This needs two separate switch statements.
Jeremy
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If IPv6 DNS names are turned on, but Samba isn't configured to
listen on an IPv6 interface, then is_myname_or_ipaddr() can return
false on a valid DNS name that it should detect is our own. If the
IPv6 addr is returned by preference, then looking at the first addr
only causes is_myname_or_ipaddr() to fail. We need to look at all the
addresses returned by the DNS lookup and check all of them against
our interface list. This is an order N^2 lookup, but there shouldn't
be enough addresses to make this a practical problem.
Jeremy.
Fix bug #8038 - Connecting to a printer can return INVALID_PARAMETER when IPv6
DNS names are turned on.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Caused by premature optimisation storing the parent ACL on the
module handle instead of (correctly) on the file fsp. Previous
code wasn't reentrant safe. This is less optimal but doesn't
crash in the specific case :-).
Jeremy.
|
| |
|
|
| |
are null.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
There is no reason for smbd with Windows ACLs to use chmod
or fchmod unless it's a file opened with UNIX extensions or
with posix pathnames.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make sure we use a timeout of 60 seconds, not 60 milliseconds...
This prevented us from successfully using the ncacn_ip_tcp client in a lot of
places, I guess.
Guenther
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Apr 13 18:59:19 CEST 2011 on sn-devel-104
(cherry picked from commit 4b3fe5247a6e16b1ad9f05269e9aa00e3120e36a)
Fix bug #8085 - incorrect timeout handling in ncacn_ip_tcp client code.
|
| |
|
|
|
|
|
|
|
| |
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Feb 23 23:45:40 CET 2011 on sn-devel-104
Fix bug #7983 - not all wbinfo parameters are documented in manpage.
|
| |
|
|
|
|
|
|
|
|
|
| |
Print child descriptor instead of parent.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Apr 11 11:48:42 CEST 2011 on sn-devel-104
(cherry picked from commit e6cf92c574fba14132757f141d8b1242fa71be88)
(cherry picked from commit 42ad7630259829f1c40d9d0fcf5376fa007568a3)
|
| | |
|
| |
|
|
|
|
|
|
|
| |
as pointed out by Metze in bug #8031
cherry-picked from dca465fa53f4d16cdce1353685b11010aa8ff0c7
The last two patches address bug #8031 - merge patc to make
sharemodes/leases parameter a per share setting.
|
