| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
These were added between 3.2.4 and 3.2.5 that have caused users problems.
This fixes among others bug #6089 and #6112.
(cherry picked from commit bd2f3695c117773032e16958a0266d0d1e75defe)
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes bug #6472.
Karolin
Signed-off-by: Volker Lendecke <vl@samba.org>
Was commit f92269a6 in master.
(cherry picked from commit 7108ebb87902f3b5d2c43ba95d557278ad8e120f)
|
|
|
|
|
|
| |
others. The reason we couldn't delete was we were erroring out early if requestor was not the owner of the file we wanted to delete, instead of checking if the requestor owned the directory as well. If either of these is true, we must go on and check the ACL. Karolin, this is a must for 3.4.0 and also 3.3.next. I'll update the bug report with patches for 3.4.0 and 3.3.next and ask vl to review. Jeremy.
(cherry picked from commit 966a51da8998cfd15875ba047b7f765c84b914dd)
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is totally valid to have an alias with no members.
This fixes bug #6465.
Tridge, please check.
Found by RPC-SAMR torture test.
Guenther
(cherry picked from commit d7b749b056a667f0b180d6d5198faca9b0a69fea)
|
|
|
|
|
| |
Karolin
(cherry picked from commit 48b5d16c39b60c0fb6db60780bc36eaa8ef2506c)
|
|
|
|
|
| |
Thanks to TAKAHASHI Motonobu <monyo@samba.gr.jp> for reporting!
(cherry picked from commit aa03326fe523e9bc85e6db276f94e9d04aaf009d)
|
|
|
|
|
| |
Thanks to TAKAHASHI Motonobu <monyo@samba.gr.jp> for reporting!
(cherry picked from commit a956e36ceb22072cd4ea755ce9b4457896af4b14)
|
|
|
|
|
|
|
|
|
| |
The server side of dnssd has been replaced with native avahi support. The code
is only left in in case some OS/X fan wants to revive it, and the client-side
has not been converted yet.
Fix the build of the server side by removing the #ifdef
(cherry picked from commit 8b8336a115b73eb99cd1f9a8d1286df713ec53c3)
|
|
|
|
|
|
| |
This patch picks the alphabetically smallest one of the multi-value attribute
"uid". This fixes a regression against 3.0 and also becomes deterministic.
(cherry picked from commit 47333fc8785457239a499a298536664f152b681d)
|
|
|
|
|
|
|
|
| |
This is aiming bug #6351.
Karolin
(cherry picked from commit c94d1cd7b1dc3ff99ae5a1eb9058ed6015fb9749)
(cherry picked from commit 11ed212591d612632fcb47f1eac10507b89ffdec)
|
|
|
|
|
|
|
|
| |
This is now also verified with the RPC-SAMR-LARGE-DC test.
Guenther
(cherry picked from commit fca7dce1a908570e463ddcbd663955fcafd1d843)
(cherry picked from commit f3bf1eebe1cb74aa9ed2d00b823c90c6ed743980)
|
|
|
|
| |
(cherry picked from commit f9ea09b61a46136fc55314e2e1cd2e9cfb362802)
|
|
|
|
| |
(cherry picked from commit f586b209b0216150f07bcc998c0d57e0d179b8ee)
|
|
|
|
|
|
|
|
| |
This fixes bug #6415
Michael
(cherry picked from commit 3d3f39838261ddc401053dadcc5bd8e6317a3a8e)
(cherry picked from commit 307c73ce8bc29803230c22e3f8abd579c5d90ba2)
|
|
|
|
|
|
|
|
| |
This fixes bug #6417
Michael
(cherry picked from commit e381c13b023f2b512b3f6aec133db9f323bc8132)
(cherry picked from commit 06cab60eb0ba966174f493fcbe25bede0c5d2125)
|
|
|
|
|
|
|
|
| |
This fixes bug #6416
Michael
(cherry picked from commit e12670a1053edf57af137026bd3fdb9fc7dfb0b2)
(cherry picked from commit a74cb0ca04d61df6f01f3d737e52a8b7349d5a73)
|
|
|
|
|
|
|
|
| |
Invalid pointers were being dereferenced in lookup_sids causing
occasional seg faults.
Signed-off-by: Tim Prouty <tprouty@samba.org>
(cherry picked from commit 34ca12c9396f7c8475cd1525bdbc40021b0e533f)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In winbind, we do multiple events in one select round. This needs fixing, but
as long as we're still using it, for efficiency reasons we need to do that.
What can happen is the following: We have outgoing data pending for a client,
thus
state->fd_event.flags == EVENT_FD_WRITE
Now a new client comes in, we go through the list of clients to find an idle
one. The detection for idle clients in remove_idle_client does not take the
pending data into account. We close the socket that has pending outgoing data,
the accept(2) one syscall later gives us the same socket.
In new_connection(), we do a setup_async_read, setting up a read fde. The
select from before however had found the socket (that we had already closed!!)
to be writable. In rw_callback we only want to see a readable flag, and we
panic in the SMB_ASSERT(flags == EVENT_FD_READ).
Found using
bin/smbtorture //127.0.0.1/tmp -U% -N 500 -o 2 local-wbclient
Volker
(commit 68c5c6df in master)
(cherry picked from commit c9df9c68da21610d9c32a57e24f45d36ebe432c5)
|
|
|
|
| |
(cherry picked from commit fda54237e8a4a87086a670499273c1402d1cd02b)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Patch from Jeremy.
With this patch, I was able to join Windows 7 RC to a Samba3 DC, and login into a
Samba 3 Domain.
There are still two registry settings required:
HKLM\System\CCS\Services\LanmanWorkstation\Parameters
DWORD DomainCompatibilityMode = 1
DWORD DNSNameResolutionRequired = 0
Do *not* modify the other netlogon registry parameters that were passed around,
they weaken security.
Guenther / Jeremy.
(cherry picked from commit 0da133101ab149b074ab369d819fc48b7c95bf71)
|
|
|
|
|
|
|
| |
Found by SCHANNEL torture tests.
Guenther
(cherry picked from commit 339b99e31577d8a522711f84bc7d94e88c75d334)
|
|
|
|
|
|
| |
need to fix bug #6099 Samba returns incurrate capabilities list. 1). Add a comment to point out that r->in.negotiate_flags is an aliased pointer to r->out.negotiate_flags. 2). Ensure we return NETLOGON_NEG_STRONG_KEYS in our flags return if the client requested it. 3). Clean up the error exits so we always return the same way. Signed off by Guenther. Jeremy.
(cherry picked from commit 41f9e61d7c8c106a98792e9009bbecf5edfcebe9)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
joining Samba3) and probably many, many more.
Jeremy, with 9a5d5cc1db0ee60486f932e34cd7961b90c70a56 you alter the in negotiate
flags (which are a pointer to the out negotiate flags assigned in the generated
netlogon server code). So, while you wanted to just set the *out* negflags, you
did in fact reset the *in* negflags, effectively eliminating the
NETLOGON_NEG_STRONG_KEYS bit (formerly known as NETLOGON_NEG_128BIT) which then
caused creds_server_init() to generate 64bit creds instead of 128bit, causing
the whole chain to break. *Please* check.
Guenther
(cherry picked from commit 1f05472b9a27861f8e4b9b60410890b920f9d359)
|
|
|
|
|
| |
Thanks to j scott <gl@arlut.utexas.edu> for reporting!
(cherry picked from commit 2238f7eede55fe780630df70b712fad7ebc95c76)
|
|
|
|
| |
(cherry picked from commit 5ed457f984c093642afde854715b3792524e0798)
|
|
|
|
|
| |
This reverts commit 5a5dcd125fe236ddd93a6e56ae361fc84e306185.
(cherry picked from commit 79003837947882c4a62490c0eff7984f7c343807)
|
|
|
|
|
| |
this is a backport of f238809d236443b8968e1b4b197a55935c7c7e85 from master
(cherry picked from commit 1b040289f14bb22d3b6ab07a452236549d6c9bf6)
|
|
|
|
|
|
|
|
|
|
| |
I.e. does not require smbd restart after changing share default options
in the global registry section with "include = registry".
Michael
This was commit 4842e45d59 in master.
(cherry picked from commit a72e409bd1b9a9d91bd7311417d7175a64aa39b0)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
owner (bug#2346)
The problem of bug #2346 remains for users exported by
winbindd, because create_token_from_username() just fakes
the token when the user is not in the local sam domain. This causes
user_in_group_sid() to give totally wrong results.
In uid_entry_in_group() we need to check if we already
have the full unix token in the current_user struct.
If so we should use the current_user unix token,
instead of doing a very complex user_in_group_sid()
which doesn't give reliable results anyway.
metze
(cherry picked from commit b79eff843be392f3065e912edca1434081d93c44)
(cherry picked from commit cb5c72c0a05a78ff1b86eb02cf5ecd3d7d69623d)
|
|
|
|
|
| |
This was commit 3d6f4a7af in master.
(cherry picked from commit c66b3807a356655d1d4e351502cad939f4d1d101)
|
|
|
|
| |
(cherry picked from commit a0e9521b306a7e83d09de4616a66b49d259f0bbc)
|
|
|
|
|
|
| |
that *uid is always initialized on return from create_token_from_username(). Restore it. Jeremy.
(cherry picked from commit 09b76c57098ed4d11855000ae31cd346cb9a765d)
|
|
|
|
|
|
|
|
| |
Found by David Markey <admin@dmarkey.com>. Thanks!
Guenther
(cherry picked from commit ab4b8c9c0438bc5afca17e3ebf05dde6f98bc0aa)
(cherry picked from commit 242ae00e56ac553f9ac736b4c2a18b4610bdb6e9)
|
|
|
|
| |
(cherry picked from commit f97e37d0130752dded728a29f5b1024ca19a0733)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
underlying problem is that once SMBulogoff is called, all server_info contexts associated with the vuid should become invalid, even if that's the context being currently used by the connection struct (tid). When the SMBtdis comes in it doesn't need a valid vuid value, but the code called inside vfs_full_audit always assumes that there is one (and hence a valid conn->server_info pointer) available.
This is actually a bug inside the vfs_full_audit and other code inside Samba,
which should only indirect conn->server_info on calls which require AS_USER to
be set in our process table. I could fix all these issues, but there's no
guarentee that someone might not add more code that fails this assumption, as
it's a hard assumption to break (it's usually true).
So what I've done is to ensure that on SMBulogoff the previously used
conn->server_info struct is kept around to be used for print debugging purposes
(it won't be used to change to an invalid user context, as such calls need
AS_USER set). This isn't strictly correct, as there's no association with the
(now invalid) context being freed and the call that causes conn->server_info to
be indirected, but it's good enough for most cases.
The hard part was to ensure that once a valid context is used again (via new
sessionsetupX calls, or new calls on a still valid vuid on this tid) that we
don't leak memory by simply replacing the stored conn->server_info pointer. We
would never actually leak the memory (as all conn->server_info pointers are
talloc children of conn), but with the previous patch a malicious client could
cause many server_info structs to be talloced by the right combination of SMB
calls. This new patch introduces free_conn_server_info_if_unused(), which
protects against the above.
Jeremy.
This was commit e46a88ce35e1aba9d9a344773bc97a9f3f2bd616 in master.
(cherry picked from commit 146d007e70351532431b739f1264615111044768)
|
|
|
|
| |
(cherry picked from commit e5f0f6b7fb428e4cc8e5e782a0038a847d74edcc)
|
|
|
|
|
|
| |
I don't think we should unconditionally send every refused connection attempt
to a share to syslog, that's where all debug level 0 messages end up.
(cherry picked from commit 65fe7c42c6c229a99b7cffc0515fc7a1ed30c43c)
|
|
|
|
|
|
|
| |
This prevents users from getting access to "/" in misconfigured setups.
Michael
(cherry picked from commit 1921d77fa2490bd19aded05924a62795641231ea)
|
|
|
|
|
|
|
|
|
| |
...just as with text config.
This applies to testparm and friends.
smbd is fixed in a second patch.
Michael
(cherry picked from commit 1d345210381b1f543c2ccaa6e66f52532916413e)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This introduces a hard coded MAX_INCLUDE_DEPTH of 100.
When this is exceeded, handle_include (and hence lp_load) fails.
One could of course implement a more intelligent loop detection
in the include-tree, but this would require some restructuring
of the internal loadparm housekeeping. Maybe as a second improvement
step.
Michael
(cherry picked from commit a100a9c48d73df69851099e15253a65f2dbc9f65)
|
|
|
|
|
| |
Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit 02368626a273368a3b731d2b413e90d91ed15c5c)
|
|
|
|
|
|
|
| |
Port of 67ca76c288eb095ae to 3.3
Signed-off-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 151042f5b348c6eb7bcc702193fb046305630116)
|
|
|
|
|
|
|
| |
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
(commit 740c2c4366badc62d017881c9484ee5153b62f94 in master)
(commit 172ecfae44768289b98c1bafa7aa2b89dbecc312 in v3-4-test)
(cherry picked from commit c53c875a7d205ba5f6fdb196db81e7c89d04b83b)
|
|
|
|
|
|
|
|
|
|
| |
probing for them as shared modules.
idmap-gurus of the world, please check.
Guenther
(cherry picked from commit 67588ca80d654183b8b7b062b9660a506a825f94)
(cherry picked from commit a552aa1c3f67b76692e26a5560640dcfae0831b6)
|
|
|
|
|
| |
Guenther
(cherry picked from commit c3843c40b5c426910a184dcef3b17283e6e224e9)
|
|
|
|
|
|
| |
Always add back the real original owner of the directory in the ACE List after
we steal its ACE for the Administrators group.
(cherry picked from commit df44b4f2f6a5e83115e1e04883c94f89fdc9a28f)
|
|
|
|
|
|
|
| |
When adding arbitrary aces to an nt_ace_list we need to make sure we
are not actually adding a duplicate.
add_or_replace_ace() takes care of doing the right thing.
(cherry picked from commit 59ba5e05c01e9a20fbae7cce40b2301585db5c34)
|
|
|
|
|
| |
Jeremy.
(cherry picked from commit b2e0cb32c1a6f68430b36288c5d704b46d072e79)
|
|
|
|
|
|
|
| |
LDAP_SUCCESS but not returning a result.
Jeremy
(cherry picked from commit b32b0d502fe0f63e82d277039dda0a6f4bb2100f)
|
|
|
|
| |
(cherry picked from commit d235881c9f3e5d14beb2ebcfa2e4a7d18e890784)
|