| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
uninitialized variable. (cherry picked from commit f92195e3a1baaddda47a5d496f9488c8445b41ad)
|
|
|
|
| |
Karolin
|
|
|
|
| |
This is the part of checkin cfee2025 that is relevant to this bug.
|
|
|
|
|
| |
This fixes bug #5945.
(cherry picked from commit a7735416792f8156e53a04af98e7e2dff0b6707d)
|
|
|
|
|
|
| |
These were added between 3.2.4 and 3.2.5 that have caused users problems.
This fixes among others bug #6089 and #6112.
(cherry picked from commit f2a29585123e6072a75eb9abdd202f99f5a01e1e)
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is totally valid to have an alias with no members.
This fixes bug #6465.
Tridge, please check.
Found by RPC-SAMR torture test.
Guenther
(cherry picked from commit d27c4346397b828e3d7d01473f174577440d950a)
|
|
|
|
|
|
|
|
|
| |
This is aiming bug #6351.
Karolin
(cherry picked from commit c94d1cd7b1dc3ff99ae5a1eb9058ed6015fb9749)
(cherry picked from commit 11ed212591d612632fcb47f1eac10507b89ffdec)
(cherry picked from commit 28d4cd50d1a76bc374a8420c490411a52c32fdbb)
|
|
|
|
|
|
|
|
| |
This is now also verified with the RPC-SAMR-LARGE-DC test.
Guenther
(cherry picked from commit fca7dce1a908570e463ddcbd663955fcafd1d843)
(cherry picked from commit 6ad726f50ee10ac2a2f157906b3b3adb88bfea37)
|
|
|
|
|
| |
Karolin
(cherry picked from commit a7fbd3ae42fd3849150da27c37405dbefb59f86e)
|
|
|
|
|
|
|
|
|
| |
Invalid pointers were being dereferenced in lookup_sids causing
occasional seg faults.
Signed-off-by: Tim Prouty <tprouty@samba.org>
(cherry picked from commit 34ca12c9396f7c8475cd1525bdbc40021b0e533f)
(cherry picked from commit 9f5f8278b905b38d288618916c23f85373919b83)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In winbind, we do multiple events in one select round. This needs fixing, but
as long as we're still using it, for efficiency reasons we need to do that.
What can happen is the following: We have outgoing data pending for a client,
thus
state->fd_event.flags == EVENT_FD_WRITE
Now a new client comes in, we go through the list of clients to find an idle
one. The detection for idle clients in remove_idle_client does not take the
pending data into account. We close the socket that has pending outgoing data,
the accept(2) one syscall later gives us the same socket.
In new_connection(), we do a setup_async_read, setting up a read fde. The
select from before however had found the socket (that we had already closed!!)
to be writable. In rw_callback we only want to see a readable flag, and we
panic in the SMB_ASSERT(flags == EVENT_FD_READ).
Found using
bin/smbtorture //127.0.0.1/tmp -U% -N 500 -o 2 local-wbclient
Volker
(commit 68c5c6df in master)
(cherry picked from commit d12681489f18df97b11c4ce6e069d6e2d006c184)
|
|
|
|
| |
(cherry picked from commit fad2741ec79a34f25577d0a5d3c35a6455d3ce24)
|
|
|
|
|
|
|
|
| |
It is not technically an ldb bug, but apparently some callers try to access
res before checking the ldb_search() return code.
So make their attempt very evident (a NULL dereference will make it cristal
clear where the bug is).
(cherry picked from commit c60539f31f63bd65e5b0e3ee16365f036bef3d5b)
|
|
|
|
|
|
|
| |
Jeremy.
(cherry picked from commit 8d178837f259757340a09a688ed194e3e4a92c36)
(cherry picked from commit 6631ca4a51d4b13d2edd2dc899f7b76c233825b5)
(cherry picked from commit a7f96104b957ba0eb910f8c0073818f872345e3c)
|
|
|
|
|
|
|
|
|
|
| |
Was missing case of "If file exists open. If file doesn't exist error."
Damn damn damn. CIFSFS client will have to have fallback cases
for this error for a long time.
Jeremy.
(cherry picked from commit b652082648c49b525d2b2ce619b575ee75bc242e)
(cherry picked from commit 12cf12f10c1c6adad568daf6c16144a99b0f822e)
(cherry picked from commit 2050a239a5fee6cfd17d083619cc4a03a3a6dd6d)
|
|
|
|
| |
(cherry picked from commit cdc93a7edc6798078a7b21b1728a844437b6522b)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Patch from Jeremy.
With this patch, I was able to join Windows 7 RC to a Samba3 DC, and login into a
Samba 3 Domain.
There are still two registry settings required:
HKLM\System\CCS\Services\LanmanWorkstation\Parameters
DWORD DomainCompatibilityMode = 1
DWORD DNSNameResolutionRequired = 0
Do *not* modify the other netlogon registry parameters that were passed around,
they weaken security.
Guenther / Jeremy.
(cherry picked from commit 43bab13d00fa073acf709ac9a66cb2782694811b)
|
|
|
|
|
|
|
| |
Found by SCHANNEL torture tests.
Guenther
(cherry picked from commit c578c66569eed3ae19b42c9787399eb70b935e0a)
|
|
|
|
|
|
| |
need to fix bug #6099 Samba returns incurrate capabilities list. 1). Add a comment to point out that r->in.negotiate_flags is an aliased pointer to r->out.negotiate_flags. 2). Ensure we return NETLOGON_NEG_STRONG_KEYS in our flags return if the client requested it. 3). Clean up the error exits so we always return the same way. Signed off by Guenther. Jeremy.
(cherry picked from commit 59ee131464636d3363bc7ee398ba6390a6333558)
|
|
|
|
|
|
|
| |
negotiate flags (which are a pointer to the out negotiate flags assigned in the generated netlogon server code). So, while you wanted to just set the *out* negflags, you did in fact reset the *in* negflags, effectively eliminating the NETLOGON_NEG_STRONG_KEYS bit (formerly known as NETLOGON_NEG_128BIT) which then caused creds_server_init() to generate 64bit creds instead of 128bit, causing the whole chain to break. *Please* check.
Guenther
(cherry picked from commit 853bbc0d3920654aa7401fa5d6fcba7ff86e1a21)
|
|
|
|
|
|
| |
this is a backport of f238809d236443b8968e1b4b197a55935c7c7e85 from master
(cherry picked from commit 1b040289f14bb22d3b6ab07a452236549d6c9bf6)
(cherry picked from commit 7f1771f26dcc334c32df332545d33937f8602bd6)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
owner (bug#2346)
The problem of bug #2346 remains for users exported by
winbindd, because create_token_from_username() just fakes
the token when the user is not in the local sam domain. This causes
user_in_group_sid() to give totally wrong results.
In uid_entry_in_group() we need to check if we already
have the full unix token in the current_user struct.
If so we should use the current_user unix token,
instead of doing a very complex user_in_group_sid()
which doesn't give reliable results anyway.
metze
(cherry picked from commit b79eff843be392f3065e912edca1434081d93c44)
(cherry picked from commit cb5c72c0a05a78ff1b86eb02cf5ecd3d7d69623d)
(cherry picked from commit ef0d72513b5404f176186632aab67d7b87039ba2)
|
|
|
|
|
|
|
|
| |
picked from 9097a67de
Volker
(cherry picked from commit 9ffb1e6f0ded2647efe567912873a1a63e2ffed1)
(cherry picked from commit d3f39da433c22632007a9300d4dab4cda0dfd43e)
|
|
|
|
|
|
|
| |
that *uid is always initialized on return from create_token_from_username(). Restore it. Jeremy.
(cherry picked from commit 09b76c57098ed4d11855000ae31cd346cb9a765d)
(cherry picked from commit 191e4c415e7008070110970ba51f3f82dc493a8b)
|
|
|
|
|
|
|
| |
Port of 67ca76c288eb095ae to 3.2
Signed-off-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 0b0b0499f0ba60cfff943fa2200a6534c0a3f816)
|
|
|
|
|
|
| |
Guenther
(cherry picked from commit c3843c40b5c426910a184dcef3b17283e6e224e9)
(cherry picked from commit 679be14a080dfcbbbc9403ff0fc67b61073a357e)
|
|
|
|
|
|
| |
Always add back the real original owner of the directory in the ACE List after
we steal its ACE for the Administrators group.
(cherry picked from commit 8e438431a1447fd482c107fbe0aee3af49afe068)
|
|
|
|
|
|
|
| |
When adding arbitrary aces to an nt_ace_list we need to make sure we
are not actually adding a duplicate.
add_or_replace_ace() takes care of doing the right thing.
(cherry picked from commit 958207e321f330426536bf7e936b30fa2efffddc)
|
|
|
|
|
| |
Jeremy.
(cherry picked from commit 9da82269dc6d9da3c0393a85e0217bf22cd2fe5c)
|
|
|
|
|
|
|
| |
LDAP_SUCCESS but not returning a result.
Jeremy
(cherry picked from commit e7687dd9ca244a53fdf2312a78cdb028dd8971d5)
|
|
|
|
|
|
|
|
| |
metze
(cherry picked from commit 257809558bfab3e45703cf8be76357596392a3ea)
(cherry picked from commit e20b8706401d1a4eee0fe494825deef6ab23ab23)
(cherry picked from commit d80e02de5714aaa650bef91767ce0775bd2392f5)
(cherry picked from commit 340c23e150061a20af72e9b9a1762d288660861c)
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a crash bug if we timeout in net rpc trustdom list.
metze
(cherry picked from commit c0dfe0cf80ee50f395912b7d6aec0d87febd34c0)
(cherry picked from commit d87563604ca7b1c18c5a84d76726c2a99dc454f8)
(cherry picked from commit cba4214b963983730bedc792e391b5435889597a)
(cherry picked from commit 34bf50b0302ff112af52088b93b40b1bcaf002e8)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Even though "net conf setparm abc/def comment xyz" does not
create a broken registry we do not want such keys to be created.
Since we get problems accessing these with "net registry" since
the registry code treats the '/' sign as a separator as a lower
level.
This makes e.g. "net conf setparm abc/def comment xyz" fail with
WERR_INVALID_PARAM, which is much more desirable than a broken
registry.tdb.
Michael
(cherry picked from commit de6f09988d84752e5333cba1fa69c5a685e903b7)
|
|
|
|
|
| |
Karolin
(cherry picked from commit aaf5c25489b916d4892ce757bb5c0f32f9910c59)
|
|
|
|
|
| |
Jeremy.
(cherry picked from commit 72f55ca71c2d9b4c24866b7e1418fa4c17948db6)
|
|
|
|
| |
(cherry picked from commit 1c47bcb5b24ab360d5e632bbf3dcbc7d1d9f6fc4)
|
|
|
|
|
|
|
|
| |
LookupSids needs to bounce back string sids in case of NT_STATUS_NONE_MAPPED.
Guenther
(cherry picked from commit 597be402e40ff880b595ae49a8600b932365cbcb)
(cherry picked from commit f049fb5643f93cc4806ada5db8e591bbe4cb9204)
|
|
|
|
|
|
|
|
| |
What a difference a name makes... :-). Just because something is missnamed
SA_RIGHT_SAM_OPEN_DOMAIN, when it should actually be SA_RIGHT_SAM_LOOKUP_DOMAIN,
don't automatically use it for a security check in _samr_OpenDomain().
Jeremy.
(cherry picked from commit 3591c95beaed3abfa10b1579e377b0103647a177)
|
|
|
|
| |
(cherry picked from commit 8203f5f3890afec3ec631f822b0f2e5ddd262b9a)
|
|
|
|
| |
(cherry picked from commit 7284b7bb226990abce91d40782bf4e592e2f7b4d)
|
|
|
|
|
|
|
|
|
|
|
| |
has parameter "msdfs root = yes"
This was broken by the refactoring around create_file().
MSDFS pathname processing must be done FIRST.
MSDFS pathnames containing IPv6 addresses can
be confused with NTFS stream names (they contain
":" characters.
Jeremy.
(cherry picked from commit eb29aa406f14397e3c55e559e2c02da6eb6c4cbd)
|
|
|
|
|
|
|
|
| |
This used to be commit 8da2fa36 in master.
Karolin
(cherry picked from commit 3df28fce45ce552df2c0815597fc1808ea08b363)
(cherry picked from commit 89542c9dc4fede1547886b480791322f0497f277)
|
|
|
|
|
|
|
|
| |
This used to be commit 44588095 in master.
Karolin
(cherry picked from commit 7648c51afaf844e576935dadc0d66a94e2cad28b)
(cherry picked from commit a3081c94e64d226328885191212bd1ba46add09e)
|
|
|
|
|
|
|
|
| |
This used to be commit a103222e in master.
Karolin
(cherry picked from commit a33677c8a80925965a4023785fc3a221d2ed9585)
(cherry picked from commit 7038846d514b9ea25d991bc72b807921ab1ee158)
|
|
|
|
|
|
|
|
| |
This used to be commit 6343cab3 in master.
Karolin
(cherry picked from commit 56e877662dd6da64b348803c24e85f60ee6b3d85)
(cherry picked from commit 36cb36581208f754b14e2a955fbd886e6c82cfaa)
|
|
|
|
|
|
|
| |
handle_trans() can talloc_free "conn" if the client requests
close_on_completion. "state" is a talloc_child of conn, so it will be gone when
we later free state->data et al.
(cherry picked from commit 51ecc77eeabe5fc89e4d1b1fb8a15c71614d4049)
|
|
|
|
|
|
| |
Zagrebin <alexz@visp.ru>.
Jeremy.
(cherry picked from commit 5b43fff78081541f642b07a70b03c6d5902e42dd)
|
|
|
|
|
| |
Karolin
(cherry picked from commit 887420a30dbb178f29ee9313f2c19dd1b3c3c5e9)
|
|
|
|
|
| |
Jeremy.
(cherry picked from commit 3797ddb3acc713cc200114e9e27dfb3901e5cdf1)
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch makes sure the original and temporary TDBs are closed
_before_ the rename. Originally, the open TDB was renamed, and so
the name passdb.tdb.tmp stayed around in the db context. Hence
upon client connect, the smbd children died because reinit_after_fork()
calling tdb_reopen_all() would try to reopen passdb.tdb.tmp which
existed no longer...
Michael
(cherry picked from commit 1ab40fbca806f1136dd1d65edd688beb5ec592c7)
|