Enable total anonymization in vfs_smb_traffic_analyzer, by mapping any user names to the one given by anonymize_prefix, without generating a hash number. This setting is optional and is compatible with the module configuration format of Samba 3.3.
(cherry picked from commit 31d854fff40799f056748333c35df81466c3614c)
Jeremy Allison [Sat, 14 Feb 2009 00:04:15 +0000 (16:04 -0800)]
Parameterize in local.h the MAX_RPC_DATA_SIZE, and ensure
that "offered" read from the rpc packet in spoolss is under
that size. Tidyup from analysis from Veracode.
Jeremy.
(cherry picked from commit 6b654d12fd46b68fef824bf281783396ca81283d)
Volker Lendecke [Fri, 13 Feb 2009 17:53:56 +0000 (09:53 -0800)]
Fix Coverity ID 744
This was marked as a resource leak. This change makes the code a bit clearer
that we always free error_string.
(cherry picked from commit fa0ac60d985995a6a07aa05b114683f4cbd731c8)
Yasuma Takeda [Wed, 11 Feb 2009 22:36:51 +0000 (14:36 -0800)]
Fix bug #6098 - When the DNS server is invalid, the ads_find_dc() does not work correctly with "security = domain"
1. If DNS server is invalid, the get_sorted_dc_list() is called with
realm(FQDN) and it fails.
2. On the next step, the get_sorted_dc_list() is called with realm(FQDN) again.
I think "again" is wrong place.
On the 2nd step, get_sorted_dc_list() should be called with realm(WORKGROUP).
(cherry picked from commit a8a7040d7dbffe7b1c2bccb8b46e08fb996786ac)
Michael Adam [Tue, 10 Feb 2009 17:54:16 +0000 (18:54 +0100)]
packaging: add script fill-templates
This is a standalone-wrapper for update-pkginfo, which is
usually called from create-tarball. It basically repeats
some functionality of create-tarball.
Derrell Lipman [Tue, 10 Feb 2009 15:28:32 +0000 (10:28 -0500)]
[Bug 6069] Add a fstatvfs function for libsmbclient
- Reverse the sense of the flags. Since the fstatvfs() function on POSIX-like
systems would almost certainly indicate case sensitivity (for example),
leave the bit turned off if the result is the POSIX-like result just as if
issued on a typical local file system on a POSIX system.
I was confused about the real meaning of find_domain_from_name_noinit()
vs. find_domain_from_name(). We don't need the connection established
here, just the domain struct which gets initialized by rescan_trusted_domains().
Derrell Lipman [Mon, 9 Feb 2009 17:41:29 +0000 (12:41 -0500)]
[Bug 6069] Add a fstatvfs function for libsmbclient
- Add initial test implementation. This works on a Linux client to determine
whether a connection's server supports UNIX CIFS. I'm eager to see what the
build farm has to say about this, specifically how many, if any, hosts don't
provide a statvfs.h file with the requisite struct statvfs.
Jeff Layton [Fri, 6 Feb 2009 13:31:45 +0000 (08:31 -0500)]
mount.cifs: initialize rc to 0 in main
The value of rc in main() isn't initialized in the declaration. This
wasn't a problem before, but Shirish's fakemount patch can make it so
that we return the uninitialized variable if the -n flag is used.
Have nmbd check all available interfaces for WINS before failing
When nmbd is acting as WINS, it picks the first interface's IP as WINS
server's IP. If the first interface's IP is zero, we will just quit
(even though we might have other interfaces with valid IPs).
This patch makes nmbd look at all interfaces and pick the first interface
with a valid IP as the WINS server's IP.
(cherry picked from commit d998ee9025f2ad2df73e25c12e35e9218b97147e)
Jeremy Allison [Wed, 4 Feb 2009 23:35:02 +0000 (15:35 -0800)]
Fix bug #Bug 6090 renaming or deleting a "not matching/resolving" symlink is failing.
Reported by Kukks. Make sure we correctly use LSTAT in all cases where
POSIX pathnames are being used. This matters when dealing with symlinks
pointing to invalid paths being renamed or deleted not all deletes and
renames are done via an nt_create open.
Jeremy.
(cherry picked from commit 249dab1abbf49b0ca45360eb9aedb20d51a80e5f)
Ted Percival [Tue, 3 Feb 2009 22:10:20 +0000 (14:10 -0800)]
Probably fixes a crash during name resolution when log level >= 10
and libc segfaults if printf is passed NULL for a "%s" arg
(eg. Solaris).
(cherry picked from commit 16e49e8be8a942aa77a013c197a20d4c0bb3875f)
Jeremy Allison [Tue, 3 Feb 2009 01:11:15 +0000 (17:11 -0800)]
Fix bug #6082 - smbd_gpfs_getacl failed: Windows client can´t rename or delete file
This fixes the generic rename/delete problem for 3.3.0 and above.
Fixed slightly differently to discussions, user viewable modified
ACLs are not a good idea :-).
Jeremy.
(cherry picked from commit c5462c8b43435763783185a03029903efe3b0c11)
Michael Adam [Sun, 1 Feb 2009 23:46:57 +0000 (00:46 +0100)]
s3:winbind_group: fix "getent group" to allocate new gids.
"getent group" used to fill the idmap cache with negative
cache entries for unmapped group sids.
Don't pass domain name unconditionally to idmap_sid_to_gid().
idmap_sid_to_gid() only creates new mappings (allocating
idmap backends tdb, tdb2, ldap...) when the domain name passed
in is "".
Note that it is _wrong_ to directly call the idmap_sid_to_gid()
functions here, in the main winbindd. The correct fix would be
to send a sid_to_gid request to winbindd itself, but this needs
more work to prepare the async mechanisms, and we nee a quick
fix for getent passwd now.
Michael Adam [Sun, 1 Feb 2009 23:36:59 +0000 (00:36 +0100)]
s3:winbind_user: fix "getent passwd" to allocate new uids.
"getent passwd" used to fill the idmap cache with negative
cache entries for unmapped user sids.
Don't pass domain name unconditionally to idmap_sid_to_[ug]id().
idmap_sid_to_[ug]id() only creates new mappings (allocating
idmap backends tdb, tdb2, ldap...) when the domain name passed
in is "".
Note that it is _wrong_ to directly call the idmap_sid_to_[ug]id()
functions here, in the main winbindd. The correct fix would be
to send a sid_to_[ug]id request to winbindd itself, but this needs
more work to prepare the async mechanisms, and we nee a quick
fix for getent passwd now.
Björn Jacke [Thu, 29 Jan 2009 19:56:51 +0000 (20:56 +0100)]
add missing semicolons
the fixed configure check led to a missing semicolon in the now activated BSD
code. Then this error was even copypasted into the new AIX code. grrr
(cherry picked from commit ee90448a7aa0a0972e5801b319a011fd52750c20)
Jeremy Allison [Thu, 29 Jan 2009 18:47:02 +0000 (10:47 -0800)]
Following Björn JACKE's patch, unify the detection of the timespec code in configure.in, and the application of it in time.c
Jeremy.
(cherry picked from commit 9ef86eff7ac41a174dcb8eae070eda24006c6c70)
Michael Adam [Thu, 29 Jan 2009 12:17:46 +0000 (13:17 +0100)]
fix bug #6073: prevent ads_connect() from using SSL unless explicitly requested
This fixes "net ads join".
It copes with the changed default "ldap ssl = start tls".
A new boolean option "ldap ssl : ads" is added to allow for
explicitly requesting ssl with ads.
Volker Lendecke [Wed, 28 Jan 2009 09:35:35 +0000 (10:35 +0100)]
Avoid valgrind errors
In event handlers, we might destroy other events that are pending in the lists.
We can only run one event safely per select call.
Yes, I've seen these valgrind errors :-)
Jeremy, with ccdd921e61 you had checked in the change to run multiple events.
Do you remember why it was necessary and could not be solved in a different
way?
Jeremy Allison [Tue, 27 Jan 2009 23:47:47 +0000 (15:47 -0800)]
Fix bug #6069 - Build breaks with too many arguments to
samba-3.3.0/source/smbd/dnsregister.c:85:event_add_timed().
Jeremy.
(cherry picked from commit 458a6a4265bc9b429375d7efb52d25969d7faad5)
Jeremy Allison [Fri, 23 Jan 2009 00:22:04 +0000 (16:22 -0800)]
Apply same logic fix for #4308 Excel save operation corrupts file ACLs
to NFSv4 ACL code as this uses the same flawed logic as posix_acls.c.
Jeremy.
(cherry picked from commit cad872fc385ba30fb72baab25ee6341a41396e39)
Jeremy Allison [Fri, 23 Jan 2009 00:09:26 +0000 (16:09 -0800)]
Fix logic error in try_chown - we shouldn't arbitrarily chown
to ourselves unless that was passed in.
Jeremy.
(cherry picked from commit db2d56484e21daeb91df4b5e2286d242910336e8)
Jeremy Allison [Thu, 22 Jan 2009 22:32:32 +0000 (14:32 -0800)]
Second part of the attemt to fix #4308 - Excel save operation corrupts file ACLs.
If the chown succeeds then the ACL set should also. Ensure this is the case
(refactor some of this code to make it simpler to read also).
Jeremy.
(cherry picked from commit 90b660e2382711d005e8c4c4ae1c6adbd5e5b687)
projects / thirdparty / samba.git / log
