summaryrefslogtreecommitdiffstats
path: root/source
Commit message (Collapse)AuthorAgeFilesLines
* Revert the extra SAMR and LSA checks.Jeremy Allison2009-06-151-58/+0
| | | | | | These were added between 3.2.4 and 3.2.5 that have caused users problems. This fixes among others bug #6089 and #6112. (cherry picked from commit bd2f3695c117773032e16958a0266d0d1e75defe)
* s3/libsmb: Fix debug message.Karolin Seeger2009-06-151-1/+1
| | | | | | | | | | | This fixes bug #6472. Karolin Signed-off-by: Volker Lendecke <vl@samba.org> Was commit f92269a6 in master. (cherry picked from commit 7108ebb87902f3b5d2c43ba95d557278ad8e120f)
* Fix bug #6297 - owner of sticky directory cannot delete files created by ↵Jeremy Allison2009-06-151-2/+13
| | | | | | others. The reason we couldn't delete was we were erroring out early if requestor was not the owner of the file we wanted to delete, instead of checking if the requestor owned the directory as well. If either of these is true, we must go on and check the ACL. Karolin, this is a must for 3.4.0 and also 3.3.next. I'll update the bug report with patches for 3.4.0 and 3.3.next and ask vl to review. Jeremy. (cherry picked from commit 966a51da8998cfd15875ba047b7f765c84b914dd)
* s3-groupdb: fix enum_aliasmem in ldb branch.Günther Deschner2009-06-151-1/+1
| | | | | | | | | | | | It is totally valid to have an alias with no members. This fixes bug #6465. Tridge, please check. Found by RPC-SAMR torture test. Guenther (cherry picked from commit d7b749b056a667f0b180d6d5198faca9b0a69fea)
* VERSION: Raise version number up to 3.3.5.Karolin Seeger2009-06-101-1/+1
| | | | | Karolin (cherry picked from commit 48b5d16c39b60c0fb6db60780bc36eaa8ef2506c)
* Further fix for 6449Volker Lendecke2009-06-101-1/+1
| | | | | Thanks to TAKAHASHI Motonobu <monyo@samba.gr.jp> for reporting! (cherry picked from commit aa03326fe523e9bc85e6db276f94e9d04aaf009d)
* Fix bug 6449Volker Lendecke2009-06-101-1/+1
| | | | | Thanks to TAKAHASHI Motonobu <monyo@samba.gr.jp> for reporting! (cherry picked from commit a956e36ceb22072cd4ea755ce9b4457896af4b14)
* Fix bug 6441 -- fix the compile with --enable-dnssdVolker Lendecke2009-06-101-4/+0
| | | | | | | | | The server side of dnssd has been replaced with native avahi support. The code is only left in in case some OS/X fan wants to revive it, and the client-side has not been converted yet. Fix the build of the server side by removing the #ifdef (cherry picked from commit 8b8336a115b73eb99cd1f9a8d1286df713ec53c3)
* Fix bug 6157Volker Lendecke2009-06-103-1/+60
| | | | | | This patch picks the alphabetically smallest one of the multi-value attribute "uid". This fixes a regression against 3.0 and also becomes deterministic. (cherry picked from commit 47333fc8785457239a499a298536664f152b681d)
* s3/passdb: Fix debug message: 'net setmaxrid' does not exist.Karolin Seeger2009-06-101-2/+2
| | | | | | | | This is aiming bug #6351. Karolin (cherry picked from commit c94d1cd7b1dc3ff99ae5a1eb9058ed6015fb9749) (cherry picked from commit 11ed212591d612632fcb47f1eac10507b89ffdec)
* s3-samr: Fix Bug #6372, usermanager only displaying 1024 groups and aliases.Günther Deschner2009-06-101-0/+12
| | | | | | | | This is now also verified with the RPC-SAMR-LARGE-DC test. Guenther (cherry picked from commit fca7dce1a908570e463ddcbd663955fcafd1d843) (cherry picked from commit f3bf1eebe1cb74aa9ed2d00b823c90c6ed743980)
* Simplify the dropbox patchJeremy Allison2009-06-101-5/+10
| | | | (cherry picked from commit f9ea09b61a46136fc55314e2e1cd2e9cfb362802)
* Re-Add the "dropbox" functionality with -wx rights on a directoryVolker Lendecke2009-06-101-3/+3
| | | | (cherry picked from commit f586b209b0216150f07bcc998c0d57e0d179b8ee)
* s3:idmap_tdb: filter out of range mappings in default idmap configMichael Adam2009-06-101-16/+57
| | | | | | | | This fixes bug #6415 Michael (cherry picked from commit 3d3f39838261ddc401053dadcc5bd8e6317a3a8e) (cherry picked from commit 307c73ce8bc29803230c22e3f8abd579c5d90ba2)
* s3:idmap_ldap: filter out of range mappings in default idmap configMichael Adam2009-06-101-16/+55
| | | | | | | | This fixes bug #6417 Michael (cherry picked from commit e381c13b023f2b512b3f6aec133db9f323bc8132) (cherry picked from commit 06cab60eb0ba966174f493fcbe25bede0c5d2125)
* s3:idmap_tdb2: filter out of range mappings in default idmap configMichael Adam2009-06-101-12/+49
| | | | | | | | This fixes bug #6416 Michael (cherry picked from commit e12670a1053edf57af137026bd3fdb9fc7dfb0b2) (cherry picked from commit a74cb0ca04d61df6f01f3d737e52a8b7349d5a73)
* s3: zero an uninitialized arrayMarc VanHeyningen2009-06-101-1/+4
| | | | | | | | Invalid pointers were being dereferenced in lookup_sids causing occasional seg faults. Signed-off-by: Tim Prouty <tprouty@samba.org> (cherry picked from commit 34ca12c9396f7c8475cd1525bdbc40021b0e533f)
* Fix a race condition in winbind leading to a panicVolker Lendecke2009-06-101-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | In winbind, we do multiple events in one select round. This needs fixing, but as long as we're still using it, for efficiency reasons we need to do that. What can happen is the following: We have outgoing data pending for a client, thus state->fd_event.flags == EVENT_FD_WRITE Now a new client comes in, we go through the list of clients to find an idle one. The detection for idle clients in remove_idle_client does not take the pending data into account. We close the socket that has pending outgoing data, the accept(2) one syscall later gives us the same socket. In new_connection(), we do a setup_async_read, setting up a read fde. The select from before however had found the socket (that we had already closed!!) to be writable. In rw_callback we only want to see a readable flag, and we panic in the SMB_ASSERT(flags == EVENT_FD_READ). Found using bin/smbtorture //127.0.0.1/tmp -U% -N 500 -o 2 local-wbclient Volker (commit 68c5c6df in master) (cherry picked from commit c9df9c68da21610d9c32a57e24f45d36ebe432c5)
* Fix bug 6382: Case insensitive access to DFS links brokenVolker Lendecke2009-06-101-0/+2
| | | | (cherry picked from commit fda54237e8a4a87086a670499273c1402d1cd02b)
* s3-auth: use full 16byte session key in make_user_info_netlogon_interactive().Jeremy Allison2009-06-102-3/+2
| | | | | | | | | | | | | | | | | | | Patch from Jeremy. With this patch, I was able to join Windows 7 RC to a Samba3 DC, and login into a Samba 3 Domain. There are still two registry settings required: HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 Do *not* modify the other netlogon registry parameters that were passed around, they weaken security. Guenther / Jeremy. (cherry picked from commit 0da133101ab149b074ab369d819fc48b7c95bf71)
* s3-credentials: protect netlogon_creds_server_step() against NULL creds.Guenther Deschner2009-06-101-0/+4
| | | | | | | Found by SCHANNEL torture tests. Guenther (cherry picked from commit 339b99e31577d8a522711f84bc7d94e88c75d334)
* After getting confirmation from Guenther, add 3 changes we'll ultimately ↵Jeremy Allison2009-06-101-13/+23
| | | | | | need to fix bug #6099 Samba returns incurrate capabilities list. 1). Add a comment to point out that r->in.negotiate_flags is an aliased pointer to r->out.negotiate_flags. 2). Ensure we return NETLOGON_NEG_STRONG_KEYS in our flags return if the client requested it. 3). Clean up the error exits so we always return the same way. Signed off by Guenther. Jeremy. (cherry picked from commit 41f9e61d7c8c106a98792e9009bbecf5edfcebe9)
* s3-netlogon: Fix NETLOGON credential chain. Fixes Bug #6099 (Windows 7 ↵Guenther Deschner2009-06-101-2/+6
| | | | | | | | | | | | | | | joining Samba3) and probably many, many more. Jeremy, with 9a5d5cc1db0ee60486f932e34cd7961b90c70a56 you alter the in negotiate flags (which are a pointer to the out negotiate flags assigned in the generated netlogon server code). So, while you wanted to just set the *out* negflags, you did in fact reset the *in* negflags, effectively eliminating the NETLOGON_NEG_STRONG_KEYS bit (formerly known as NETLOGON_NEG_128BIT) which then caused creds_server_init() to generate 64bit creds instead of 128bit, causing the whole chain to break. *Please* check. Guenther (cherry picked from commit 1f05472b9a27861f8e4b9b60410890b920f9d359)
* Fix bug 6361: Make --rcfile work in smbgetVolker Lendecke2009-06-101-1/+1
| | | | | Thanks to j scott <gl@arlut.utexas.edu> for reporting! (cherry picked from commit 2238f7eede55fe780630df70b712fad7ebc95c76)
* Do not use the file system GET_REAL_FILENAME for mangled namesVolker Lendecke2009-06-101-7/+53
| | | | (cherry picked from commit 5ed457f984c093642afde854715b3792524e0798)
* Revert "Do not use the file system GET_REAL_FILENAME for mangled names"Karolin Seeger2009-06-101-23/+7
| | | | | This reverts commit 5a5dcd125fe236ddd93a6e56ae361fc84e306185. (cherry picked from commit 79003837947882c4a62490c0eff7984f7c343807)
* s3/ldap: also handle DirX return codesBjörn Jacke2009-06-101-0/+2
| | | | | this is a backport of f238809d236443b8968e1b4b197a55935c7c7e85 from master (cherry picked from commit 1b040289f14bb22d3b6ab07a452236549d6c9bf6)
* s3:loadparm: handle registry config source in file_list - fixes bug #6320Michael Adam2009-06-101-34/+44
| | | | | | | | | | I.e. does not require smbd restart after changing share default options in the global registry section with "include = registry". Michael This was commit 4842e45d59 in master. (cherry picked from commit a72e409bd1b9a9d91bd7311417d7175a64aa39b0)
* s3:smbd: fix posix acls when setting an ACL without explicit ACE for the ↵Stefan Metzmacher2009-06-101-3/+18
| | | | | | | | | | | | | | | | | | owner (bug#2346) The problem of bug #2346 remains for users exported by winbindd, because create_token_from_username() just fakes the token when the user is not in the local sam domain. This causes user_in_group_sid() to give totally wrong results. In uid_entry_in_group() we need to check if we already have the full unix token in the current_user struct. If so we should use the current_user unix token, instead of doing a very complex user_in_group_sid() which doesn't give reliable results anyway. metze (cherry picked from commit b79eff843be392f3065e912edca1434081d93c44) (cherry picked from commit cb5c72c0a05a78ff1b86eb02cf5ecd3d7d69623d)
* Fix bug #6330 - DFS doesn't work on AIX. Jeremy.Jeremy Allison2009-06-102-0/+14
| | | | | This was commit 3d6f4a7af in master. (cherry picked from commit c66b3807a356655d1d4e351502cad939f4d1d101)
* Fix Coverity ID 897: REVERSE_INULLVolker Lendecke2009-06-101-1/+1
| | | | (cherry picked from commit a0e9521b306a7e83d09de4616a66b49d259f0bbc)
* Fix bug #6291 - force user stop working. A previous fix broke the invariant ↵Jeremy Allison2009-06-101-1/+37
| | | | | | that *uid is always initialized on return from create_token_from_username(). Restore it. Jeremy. (cherry picked from commit 09b76c57098ed4d11855000ae31cd346cb9a765d)
* s3-netapi: Fix Bug #6309: support remote unjoining of Windows 2003 or greater.Günther Deschner2009-06-102-2/+4
| | | | | | | | Found by David Markey <admin@dmarkey.com>. Thanks! Guenther (cherry picked from commit ab4b8c9c0438bc5afca17e3ebf05dde6f98bc0aa) (cherry picked from commit 242ae00e56ac553f9ac736b4c2a18b4610bdb6e9)
* Fix bug 6336: "net groupmap set" segfaultsVolker Lendecke2009-06-101-2/+4
| | | | (cherry picked from commit f97e37d0130752dded728a29f5b1024ca19a0733)
* Fix bug #6315 smbd crashes doing vfs_full_audit on IPC$ close event. The ↵Jeremy Allison2009-06-101-3/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | underlying problem is that once SMBulogoff is called, all server_info contexts associated with the vuid should become invalid, even if that's the context being currently used by the connection struct (tid). When the SMBtdis comes in it doesn't need a valid vuid value, but the code called inside vfs_full_audit always assumes that there is one (and hence a valid conn->server_info pointer) available. This is actually a bug inside the vfs_full_audit and other code inside Samba, which should only indirect conn->server_info on calls which require AS_USER to be set in our process table. I could fix all these issues, but there's no guarentee that someone might not add more code that fails this assumption, as it's a hard assumption to break (it's usually true). So what I've done is to ensure that on SMBulogoff the previously used conn->server_info struct is kept around to be used for print debugging purposes (it won't be used to change to an invalid user context, as such calls need AS_USER set). This isn't strictly correct, as there's no association with the (now invalid) context being freed and the call that causes conn->server_info to be indirected, but it's good enough for most cases. The hard part was to ensure that once a valid context is used again (via new sessionsetupX calls, or new calls on a still valid vuid on this tid) that we don't leak memory by simply replacing the stored conn->server_info pointer. We would never actually leak the memory (as all conn->server_info pointers are talloc children of conn), but with the previous patch a malicious client could cause many server_info structs to be talloced by the right combination of SMB calls. This new patch introduces free_conn_server_info_if_unused(), which protects against the above. Jeremy. This was commit e46a88ce35e1aba9d9a344773bc97a9f3f2bd616 in master. (cherry picked from commit 146d007e70351532431b739f1264615111044768)
* Do not crash in ctdbd_traverse if ctdbd is not aroundVolker Lendecke2009-06-101-0/+5
| | | | (cherry picked from commit e5f0f6b7fb428e4cc8e5e782a0038a847d74edcc)
* 3.3: Increase debug level of "create_connection_server_info failed" messageVolker Lendecke2009-06-101-1/+1
| | | | | | I don't think we should unconditionally send every refused connection attempt to a share to syslog, that's where all debug level 0 messages end up. (cherry picked from commit 65fe7c42c6c229a99b7cffc0515fc7a1ed30c43c)
* s3:mark registry shares without path unavailable in the server, tooMichael Adam2009-06-101-0/+4
| | | | | | | This prevents users from getting access to "/" in misconfigured setups. Michael (cherry picked from commit 1921d77fa2490bd19aded05924a62795641231ea)
* s3:loadparm: mark registry shares without path unavailableMichael Adam2009-06-101-0/+3
| | | | | | | | | ...just as with text config. This applies to testparm and friends. smbd is fixed in a second patch. Michael (cherry picked from commit 1d345210381b1f543c2ccaa6e66f52532916413e)
* s3:loadparm: prevent infinite include nesting.Michael Adam2009-06-101-2/+19
| | | | | | | | | | | | | This introduces a hard coded MAX_INCLUDE_DEPTH of 100. When this is exceeded, handle_include (and hence lp_load) fails. One could of course implement a more intelligent loop detection in the include-tree, but this would require some restructuring of the internal loadparm housekeeping. Maybe as a second improvement step. Michael (cherry picked from commit a100a9c48d73df69851099e15253a65f2dbc9f65)
* to be portable, use options first, arguments lastBjörn Jacke2009-06-101-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> (cherry picked from commit 02368626a273368a3b731d2b413e90d91ed15c5c)
* 3.3 samr bug 6301: fix samr_ConnectVersion enum which is 32bit not 16bit.Günther Deschner2009-06-102-4/+4
| | | | | | | Port of 67ca76c288eb095ae to 3.3 Signed-off-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 151042f5b348c6eb7bcc702193fb046305630116)
* ѕ3/configure: fix regexp for ld version recognitionBjörn Jacke2009-04-281-1/+1
| | | | | | | Signed-off-by: Jelmer Vernooij <jelmer@samba.org> (commit 740c2c4366badc62d017881c9484ee5153b62f94 in master) (commit 172ecfae44768289b98c1bafa7aa2b89dbecc312 in v3-4-test) (cherry picked from commit c53c875a7d205ba5f6fdb196db81e7c89d04b83b)
* s3-idmap: Fix bug #6286: Call init function for builtin idmap modules before ↵Günther Deschner2009-04-281-0/+2
| | | | | | | | | | probing for them as shared modules. idmap-gurus of the world, please check. Guenther (cherry picked from commit 67588ca80d654183b8b7b062b9660a506a825f94) (cherry picked from commit a552aa1c3f67b76692e26a5560640dcfae0831b6)
* s3-selftest: test wbinfo --allocate-uid/gid.Günther Deschner2009-04-281-0/+2
| | | | | Guenther (cherry picked from commit c3843c40b5c426910a184dcef3b17283e6e224e9)
* Fix profile acls in some corner casesSimo Sorce2009-04-281-3/+18
| | | | | | Always add back the real original owner of the directory in the ACE List after we steal its ACE for the Administrators group. (cherry picked from commit df44b4f2f6a5e83115e1e04883c94f89fdc9a28f)
* Avoid duplicate acesSimo Sorce2009-04-281-7/+48
| | | | | | | When adding arbitrary aces to an nt_ace_list we need to make sure we are not actually adding a duplicate. add_or_replace_ace() takes care of doing the right thing. (cherry picked from commit 59ba5e05c01e9a20fbae7cce40b2301585db5c34)
* Add comment explaining the previous fix.Jeremy Allison2009-04-281-0/+6
| | | | | Jeremy. (cherry picked from commit b2e0cb32c1a6f68430b36288c5d704b46d072e79)
* Fix bug #6279 - winbindd crash. Cope with LDAP libraries returning ↵Jeremy Allison2009-04-281-0/+4
| | | | | | | LDAP_SUCCESS but not returning a result. Jeremy (cherry picked from commit b32b0d502fe0f63e82d277039dda0a6f4bb2100f)
* Added ability to revert to old modules for make revert.John H Terpstra2009-04-281-0/+5
| | | | (cherry picked from commit d235881c9f3e5d14beb2ebcfa2e4a7d18e890784)
generated by cgit (git 2.34.1) at 2024-10-05 01:32:16 +0000