Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Jul 6 20:55:26 CEST 2012 on sn-devel-104
(cherry picked from commit 4cafbb4e7443779ab1c58581709114db9a7bf918)
The last 4 patches address bug #9026 - 3.6.6 upgrade from 3.5.x fails with
"Couldn't migrate printers tdb file: NT_STATUS_NO_MEMORY".
(cherry picked from commit 25745ccc264ff4c649a778fc18ff7fb60ca80333)
This change addresses bug 9026.
There are 3 use cases for DATA_BLOB marshalling/unmarshalling:
1)
ndr_push_DATA_BLOB and ndr_pull_DATA_BLOB when called with
LIBNDR_FLAG_ALIGN* alignment flags set, are used to push/pull padding
bytes _only_. The length is determined by the alignment required and
the current ndr offset.
e.g. dcerpc.idl:
typedef struct {
...
[flag(NDR_ALIGN8)] DATA_BLOB _pad;
} dcerpc_request;
2)
When called with the LIBNDR_FLAG_REMAINING flag, all remaining bytes in
the ndr buffer are pushed/pulled.
e.g. dcerpc.idl:
typedef struct {
...
[flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier;
} dcerpc_request;
3)
When called without alignment flags, push/pull a uint32 length _and_ a
corresponding byte array to/from the ndr buffer.
e.g. drsblobs.idl
typedef [public] struct {
...
DATA_BLOB data;
} DsCompressedChunk;
The fix for bug 8373 changed the definition of "alignment flags", such
that when called with LIBNDR_FLAG_NOALIGN ndr_push/pull_DATA_BLOB
behaves as (1: padding bytes) rather than (3: uint32 length + byte
array).
This breaks marshalling/unmarshalling for the following structures.
eventlog.idl:
typedef [flag(NDR_NOALIGN|NDR_PAHEX),public] struct {
...
DATA_BLOB sid;
...
} eventlog_Record_tdb;
CUPS 1.6 makes various structures private and
introduces these ippGet and ippSet functions
for all of the fields in these structures.
http://www.cups.org/str.php?L3928
We define our own accessors when CUPS < 1.6.
Modified for 3.6.x by Jeremy Allison.
Signed-off-by: Jeremy Allison <jra@samba.org>
Fix bug #9055 - doesn't build against CUPS 1.6.
(cherry picked from commit 684f83433d9697137aab9d8516ad2155929e15bf)
s3-winbind: Fix bug #9052 resolving our own "Domain Local" groups.
We don't resolve our own "Domain Local" groups since bug #7843 has been
fixed. So we need to add the add resource groups to the sid list too.
Before bug #7843 the "Domain Local" groups were added with a
lookupuseraliases call, but this isn't done anymore for our domain
so we need to resolve resource groups here.
When to use Resource Groups:
http://technet.microsoft.com/en-us/library/cc753670%28v=WS.10%29.aspx
David Disseldorp [Thu, 21 Jun 2012 13:49:55 +0000 (15:49 +0200)]
s3-printing: use euid for vlp job tracking
vlp can be called by print_run_command as root with euids set
appropriately, vlp should use this to track the job owner.
(cherry picked from commit 32584347e93e5ff219cce4dd8e13bf8b2868072c)
s3-printing: fill print_generic sysjob id on job submission
Change the generic print backend to fill the printing backend job
identifier (sysjob) on submission of a new job.
This is needed to ensure correct mapping of spoolss jobs and entries in
the backend print queue.
Currently the generic print backend does not fill the printing backend
job identifier (sysjob) on submission of a new job. The sysjob
identifier is required to correctly map jobs in the printer queue to
corresponding spoolss print jobs.
Passing the lpq command to job_submit allows the generic print backend
to check the printer queue for the new job following submission. This
behaviour will come in a later commit.
(cherry picked from commit 7531533e797a2421b5b1a7b383fbddc70ccad34b)
print_job_find() currently returns print jobs to callers via a
statically allocated variable, this is particularly messy as the
device mode is talloced under the static variable.
This change adds or passes a talloc context to all callers, giving them
ownership of the returned print job.
(cherry picked from commit 9d481ce29b1f47ffda2696862109eebfe942097c)
s3-printing: clean up print_job_pause/resume interface
Currently both return a bool and sometimes set a werr pointer argument,
always return werror instead.
(cherry picked from commit 7ba7b3678cd505dc4ccef25b6fc4db7bd4cc3442)
David Disseldorp [Mon, 30 Jan 2012 12:35:21 +0000 (13:35 +0100)]
s3-printing: remove print_parse_jobid() calls from printing.c
In all cases the spoolss layer job id can be determinded from the
printing subsystem allocated job identifier (sysjob).
(cherry picked from commit dd1a076efe8c2118827c04d8f276b85893888be7)
David Disseldorp [Fri, 27 Jan 2012 11:33:27 +0000 (12:33 +0100)]
s3-printing: rename queue->job sysjob
Print jobs maintain two job identifiers, the jobid allocated by the
spoolss layer (pj->jobid), and the job identifier defined by the
printing backend (pj->sysjob).
Printer job queues currently only contain a single job identifier
variable (queue->job), the variable is sometimes representative of the
spoolss layer job identifier, and more often representative of the
printing backend id.
This change renames the queue job identifier from queue->job to
queue->sysjob, in preparation for a change to only store the printing
backend identifier.
(cherry picked from commit 5aeda94f201ce8794d09f16a314b4044c5370f07)
David Disseldorp [Mon, 30 Jan 2012 12:44:33 +0000 (13:44 +0100)]
s3-printing: remove print_parse_jobid() from print_cups.c
The spoolss print job identifier is now passed to the cups layer via
struct printjob, therefore it is no longer necessary to parse the job
filename to determine it.
(cherry picked from commit 4dea77df91c418633a2a411fd5be2cc9bb3a8eea)
David Disseldorp [Thu, 26 Jan 2012 14:28:34 +0000 (15:28 +0100)]
s3-printing: store print jobid as part of struct printjob
Printing code in some places relies upon the spool-file format to
retrieve the print jobid. By storing the jobid as part of struct
printjob, and hence in the printing TDB, we can move away from this ugly
behaviour.
(cherry picked from commit 994da027ee96811e2d5a025b667d8c6f85442ada)
David Disseldorp [Thu, 21 Jun 2012 15:12:23 +0000 (17:12 +0200)]
torture: add test for smbd print job spooling
Clients can print by performing file IO on a printer share, rather than
issuing spoolss RPCs.
This commit attempts to reproduce bug 8719.
(cherry picked from commit 8b25aa4feb00c6b9a1a7e5fdd61ffffa9fc4d1f5)
s3: Make us survive smb2.lock.rw-shared with aio enabled
schedule_aio_smb2_write can return NT_STATUS_FILE_LOCK_CONFLICT.
This is a valid error code that smb2.lock.rw-shared expects and
checks for. The code before this patch maps this to NT_STATUS_FILE_CLOSED,
masking the real, correct error message.
Fix bug #9040 - Using asynchronous IO with SMB2 can return NT_STATUS_FILE_CLOSED
in error instead ofNT_STATUS_FILE_LOCK_CONFLICT.
(cherry picked from commit 9c69a2359107b7c31feb03b9971e08645205e400)
Jeremy Allison [Wed, 11 Jul 2012 04:13:03 +0000 (21:13 -0700)]
Fix bug #9034 - Typo in set_re_uid() call when USE_SETRESUID selected in configure.
Previous code only set the real euid, not the effective one. This is not a security issue
as this is *only* used in the quota code, and only between code that brackets
it with save_re_uid()/restore_re_uid(), Also this is not used on most platforms
(we use USE_SETREUID by preference) but it's better to have this right.
(cherry picked from commit ceed322622b46be3745b32a5f6a02e634bfe1789)
Volker Lendecke [Fri, 22 Jun 2012 13:46:13 +0000 (15:46 +0200)]
s3-vfs_gpfs: Fix bug #9003, posix acl on gpfs
gpfs2smb_acl can leave errno!=0 around even if it returned a correct
result!=NULL. We can only rely on errno being set if another error
condition (in this case result==NULL) indicates an error. If
result!=NULL, errno is undefined and can be anything. This leads to
SAFE_FREE(result) further down even in the success case.
Björn Jacke [Wed, 13 Jun 2012 17:28:06 +0000 (19:28 +0200)]
s3: fix build without ads support
when we have no ads support we don't have the ads_get_sid_token symbol used in
this unused code :-)
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Wed Jun 13 21:20:15 CEST 2012 on sn-devel-104
(cherry picked from commit 43c56dc4255a7a6cbd176e6ae66a7652c6d72d2c)
Jeremy Allison [Mon, 18 Jun 2012 23:24:12 +0000 (16:24 -0700)]
Same fix as bug 8989 - Samba 3.5.x (and probably all other versions of Samba) does not send correct responses to NT Transact Secondary when no data and no params
Jeremy Allison [Mon, 18 Jun 2012 23:23:13 +0000 (16:23 -0700)]
Fix Bug 8989 - Samba 3.5.x (and probably all other versions of Samba) does not send correct responses to NT Transact Secondary when no data and no params
Found by Richard Sharpe <realrichardsharpe@gmail.com>. The correct
command code in a reply to NT Transact Secondary (0xa1) is
NT Transact (0xa0).
(cherry picked from commit 115f5af9a89a20929f02578c08a34ae2736951dd)
s3:smbd: use fsp_persistent_id() as persistent_file_id part for SMB2 (bug #8995)
It seems to be important to have unique persistent file ids,
because windows clients seem to index files by server_guid + persistent_file_id.
Which may break, if we just have a 16-bit range per connection
and the client connects multiple times.
Based on code from Ira Cooper. Use fsp->fh->gen_id as the persistent
fileid in SMB2.
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jun 14 22:04:13 CEST 2012 on sn-devel-104
Jeremy Allison [Fri, 11 May 2012 10:27:01 +0000 (03:27 -0700)]
Fix bug #8922.
Looking at the do_list status returns was historically
ignored, allowing tar to continue after NT_STATUS_ACCESS_DENIED.
Return to this state.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri May 11 14:55:53 CEST 2012 on sn-devel-104
(cherry picked from commit 633093685734e44afd7a0de1d58a0ffe905ae13a)
Jeremy Allison [Fri, 30 Mar 2012 18:58:31 +0000 (11:58 -0700)]
Complete fix for bug #8811 - sd_has_inheritable_components segfaults on an SD that se_access_check accepts.
(cherry picked from commit e5e86688bdcb91817954fb23ecf10a3b6ddd3933)
Matthieu Patou [Fri, 1 Jun 2012 22:33:04 +0000 (15:33 -0700)]
s3-winbindd: call dump_core_setup after command line option has been parsed
Without this fix in some situations winbindd can't coredump.
Such cases append when samba is compiled in a custom prefix (ie.
/home/build/mat/prod/1/) in this case get_dyn_LOGFILEBASE or basename(lp_logfile)
before the configuration file and the command line is parsed will be something like /home/build/mat/prod/1/var
which might not exists on the host where you run it (where it's most
probably more "normal" directories).
Specifying --log-basename didn't help as dump_core_setup is called before the command line and
the config file is read so it didn't help getting a correct value in dump_core_setup.
We fix this issue by calling dump_core_setup() also after the command
line has been read and also after the configfile has been parsed so that
the final location for the coredump is coherent with the final logile
location.
Fix bug #8311 - Winzip occasionally can not read files out of an open winzip dialog.
Backport of the changes in master without the VFS change. Move
all processing into smb_fsctl().
(cherry picked from commit 87d75c675ccd1cd455afb67e149ce1e835ad6b21)
s3-librpc-crypto: avoid crash with MIT krb5 1.10.0 in gss_get_name_attribute()
gss_get_name_attribute() can return unintialized pac_display_buffer
and later gss_release_buffer() will crash on attempting to release it.
The fix on MIT krb5 side is in 1.10.1, reported in both Debian and MIT upstream:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658514
http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7087
We need to initialize variables before using gss_get_name_attribute()
Jeremy Allison [Fri, 1 Jun 2012 19:28:33 +0000 (12:28 -0700)]
We are triggering the cleanup_timeout_fn() too often, on exiting when an smbd is idle.
Calls to exit_server_cleanly() should be treated as a "clean" shutdown,
and not trigger the master smbd to call cleanup_timeout_fn.
The last 2 patches address bug #8971 (cleanup_timeout_fn() is called too often,
on exiting when an smbd is idle.)
(cherry picked from commit 8b3b1aa4ff76d7f03285e3fa87f30f3068a7ea5d)
Jeremy Allison [Fri, 1 Jun 2012 19:02:04 +0000 (12:02 -0700)]
Stop spamming the logs with "Could not remove pid XX from serverid.tdb" messages and initiating the cleanup function on every process deat
We now have many sub-processes from smbd that don't serve SMB1/SMB2 requests and
don't register themselves in the serverid.tdb. Only initiate the cleanup
from processes that were explicitly in the child list.
(cherry picked from commit 777ac04a99467594805a03635b04011c495ff7e7)
Jeremy Allison [Thu, 31 May 2012 23:25:52 +0000 (16:25 -0700)]
Forward port of Richard Sharpe's <realrichardsharpe@gmail.com> fix for bug #8970 - Possible memory leaks in the samba master process.
(cherry picked from commit ec7a5f2593b67797fc3924611d3b0b05b807d0bf)
Fix bug #8714 (smbcontrol can't find the pid file of winbindd because the later
is created with a different name).
(cherry picked from commit 1a596076697624545f415eb558c4647267cfe46c)
Herb Lewis [Tue, 29 May 2012 23:38:53 +0000 (16:38 -0700)]
Second part of fix for bug 8953 - winbind can hang as nbt_getdc() has no timeout.
If we're running with SEC_ADS and we don't get a cldap response from
the server when querying its name, don't fall back to NetBIOS requests
as they're unlikely to succeed.
Jeremy Allison [Tue, 29 May 2012 23:37:35 +0000 (16:37 -0700)]
Fix bug #8953 - winbind can hang as nbt_getdc() has no timeout.
Add a timeout_in_seconds parameter to nbt_getdc() to make it fail
after that time with NT_STATUS_IO_TIMEOUT.
(cherry picked from commit 0d9d67d180ffea2a4e1942ec0c34ce3b4910fe18)
Jeremy Allison [Tue, 24 Apr 2012 00:49:49 +0000 (17:49 -0700)]
Fix bug #8882 - Broken processing of %U with vfs_full_audit when force user is set.
When doing a "force user" we need to remember what the "sanitized_username"
was from the original connect.
(cherry picked from commit f68121db6f78680a328acec11f475ccca3184412)
Andrew Bartlett [Fri, 18 May 2012 12:02:57 +0000 (22:02 +1000)]
s3-utils: Use ads_do_search_retry in net ads search
This makes it possible to search against a slow server, as will
fallback from 1000 to (eventually) 125 users at a time.
Andrew Bartlett
The last 4 patches address big #8943 (Slow but responsive DC can lock up
winbindd for > 10 minutes at a time).
(cherry picked from commit 04a9988ffa60b0ca32923da20a0d25d14aa460e4)
projects / thirdparty / samba.git / log
