Enable total anonymization in vfs_smb_traffic_analyzer, by mapping any user names to the one given by anonymize_prefix, without generating a hash number. This setting is optional and is compatible with the module configuration format of Samba 3.3.
Jeremy Allison [Sat, 14 Feb 2009 00:04:15 +0000 (16:04 -0800)]
Parameterize in local.h the MAX_RPC_DATA_SIZE, and ensure
that "offered" read from the rpc packet in spoolss is under
that size. Tidyup from analysis from Veracode.
Jeremy.
Yasuma Takeda [Wed, 11 Feb 2009 22:36:51 +0000 (14:36 -0800)]
Fix bug #6098 - When the DNS server is invalid, the ads_find_dc() does not work correctly with "security = domain"
1. If DNS server is invalid, the get_sorted_dc_list() is called with
realm(FQDN) and it fails.
2. On the next step, the get_sorted_dc_list() is called with realm(FQDN) again.
I think "again" is wrong place.
On the 2nd step, get_sorted_dc_list() should be called with realm(WORKGROUP).
Michael Adam [Tue, 10 Feb 2009 17:54:16 +0000 (18:54 +0100)]
packaging: add script fill-templates
This is a standalone-wrapper for update-pkginfo, which is
usually called from create-tarball. It basically repeats
some functionality of create-tarball.
Derrell Lipman [Tue, 10 Feb 2009 15:28:32 +0000 (10:28 -0500)]
[Bug 6069] Add a fstatvfs function for libsmbclient
- Reverse the sense of the flags. Since the fstatvfs() function on POSIX-like
systems would almost certainly indicate case sensitivity (for example),
leave the bit turned off if the result is the POSIX-like result just as if
issued on a typical local file system on a POSIX system.
I was confused about the real meaning of find_domain_from_name_noinit()
vs. find_domain_from_name(). We don't need the connection established
here, just the domain struct which gets initialized by rescan_trusted_domains().
Derrell Lipman [Mon, 9 Feb 2009 17:41:29 +0000 (12:41 -0500)]
[Bug 6069] Add a fstatvfs function for libsmbclient
- Add initial test implementation. This works on a Linux client to determine
whether a connection's server supports UNIX CIFS. I'm eager to see what the
build farm has to say about this, specifically how many, if any, hosts don't
provide a statvfs.h file with the requisite struct statvfs.
Jeff Layton [Fri, 6 Feb 2009 13:31:45 +0000 (08:31 -0500)]
mount.cifs: initialize rc to 0 in main
The value of rc in main() isn't initialized in the declaration. This
wasn't a problem before, but Shirish's fakemount patch can make it so
that we return the uninitialized variable if the -n flag is used.
Have nmbd check all available interfaces for WINS before failing
When nmbd is acting as WINS, it picks the first interface's IP as WINS
server's IP. If the first interface's IP is zero, we will just quit
(even though we might have other interfaces with valid IPs).
This patch makes nmbd look at all interfaces and pick the first interface
with a valid IP as the WINS server's IP.
Jeremy Allison [Wed, 4 Feb 2009 23:35:02 +0000 (15:35 -0800)]
Fix bug #Bug 6090 renaming or deleting a "not matching/resolving" symlink is failing.
Reported by Kukks. Make sure we correctly use LSTAT in all cases where
POSIX pathnames are being used. This matters when dealing with symlinks
pointing to invalid paths being renamed or deleted not all deletes and
renames are done via an nt_create open.
Jeremy.
Jeremy Allison [Tue, 3 Feb 2009 01:11:15 +0000 (17:11 -0800)]
Fix bug #6082 - smbd_gpfs_getacl failed: Windows client can´t rename or delete file
This fixes the generic rename/delete problem for 3.3.0 and above.
Fixed slightly differently to discussions, user viewable modified
ACLs are not a good idea :-).
Jeremy.
Michael Adam [Sun, 1 Feb 2009 23:46:57 +0000 (00:46 +0100)]
s3:winbind_group: fix "getent group" to allocate new gids.
"getent group" used to fill the idmap cache with negative
cache entries for unmapped group sids.
Don't pass domain name unconditionally to idmap_sid_to_gid().
idmap_sid_to_gid() only creates new mappings (allocating
idmap backends tdb, tdb2, ldap...) when the domain name passed
in is "".
Note that it is _wrong_ to directly call the idmap_sid_to_gid()
functions here, in the main winbindd. The correct fix would be
to send a sid_to_gid request to winbindd itself, but this needs
more work to prepare the async mechanisms, and we nee a quick
fix for getent passwd now.
Michael Adam [Sun, 1 Feb 2009 23:36:59 +0000 (00:36 +0100)]
s3:winbind_user: fix "getent passwd" to allocate new uids.
"getent passwd" used to fill the idmap cache with negative
cache entries for unmapped user sids.
Don't pass domain name unconditionally to idmap_sid_to_[ug]id().
idmap_sid_to_[ug]id() only creates new mappings (allocating
idmap backends tdb, tdb2, ldap...) when the domain name passed
in is "".
Note that it is _wrong_ to directly call the idmap_sid_to_[ug]id()
functions here, in the main winbindd. The correct fix would be
to send a sid_to_[ug]id request to winbindd itself, but this needs
more work to prepare the async mechanisms, and we nee a quick
fix for getent passwd now.
Michael Adam [Thu, 29 Jan 2009 12:17:46 +0000 (13:17 +0100)]
fix bug #6073: prevent ads_connect() from using SSL unless explicitly requested
This fixes "net ads join".
It copes with the changed default "ldap ssl = start tls".
A new boolean option "ldap ssl : ads" is added to allow for
explicitly requesting ssl with ads.
Volker Lendecke [Wed, 28 Jan 2009 09:35:35 +0000 (10:35 +0100)]
Avoid valgrind errors
In event handlers, we might destroy other events that are pending in the lists.
We can only run one event safely per select call.
Yes, I've seen these valgrind errors :-)
Jeremy, with ccdd921e61 you had checked in the change to run multiple events.
Do you remember why it was necessary and could not be solved in a different
way?
Jeremy Allison [Thu, 22 Jan 2009 22:32:32 +0000 (14:32 -0800)]
Second part of the attemt to fix #4308 - Excel save operation corrupts file ACLs.
If the chown succeeds then the ACL set should also. Ensure this is the case
(refactor some of this code to make it simpler to read also).
Jeremy.
Jeremy Allison [Thu, 22 Jan 2009 18:59:14 +0000 (10:59 -0800)]
Another attempt to fix bug #4308 - Excel save operation corrupts file ACLs.
Simo is completely correct. We should be doing the chown *first*, and fail the
ACL set if this fails. The long standing assumption I made when writing the
initial POSIX ACL code was that Windows didn't control who could chown a file
in the same was as POSIX. In POSIX only root can do this whereas I wasn't sure
who could do this in Windows at the time (I didn't understand the privilege
model). So the assumption was that setting the ACL was more important (early
tests showed many failed ACL set's due to inability to chown). But now we have
privileges in smbd, and we must always fail an ACL set when we can't chown
first. The key that Simo noticed is that the CREATOR_OWNER bits in the ACL
incoming are relative to the *new* owner, not the old one. This is why the old
user owner disappears on ACL set - their access was set via the USER_OBJ in the
creator POSIX ACL and when the ownership changes they lose their access.
Patch is simple - just ensure we do the chown first before evaluating the
incoming ACL re-read the owners. We already have code to do this it just wasn't
rigorously being applied.
Jeremy.
projects / thirdparty / samba.git / log
