Volker Lendecke [Fri, 13 Feb 2009 17:53:56 +0000 (09:53 -0800)]
Fix Coverity ID 744
This was marked as a resource leak. This change makes the code a bit clearer
that we always free error_string.
(cherry picked from commit fa0ac60d985995a6a07aa05b114683f4cbd731c8)
Yasuma Takeda [Wed, 11 Feb 2009 22:36:51 +0000 (14:36 -0800)]
Fix bug #6098 - When the DNS server is invalid, the ads_find_dc() does not work correctly with "security = domain"
1. If DNS server is invalid, the get_sorted_dc_list() is called with
realm(FQDN) and it fails.
2. On the next step, the get_sorted_dc_list() is called with realm(FQDN) again.
I think "again" is wrong place.
On the 2nd step, get_sorted_dc_list() should be called with realm(WORKGROUP).
(cherry picked from commit a8a7040d7dbffe7b1c2bccb8b46e08fb996786ac)
Michael Adam [Tue, 10 Feb 2009 17:54:16 +0000 (18:54 +0100)]
packaging: add script fill-templates
This is a standalone-wrapper for update-pkginfo, which is
usually called from create-tarball. It basically repeats
some functionality of create-tarball.
Derrell Lipman [Tue, 10 Feb 2009 15:28:32 +0000 (10:28 -0500)]
[Bug 6069] Add a fstatvfs function for libsmbclient
- Reverse the sense of the flags. Since the fstatvfs() function on POSIX-like
systems would almost certainly indicate case sensitivity (for example),
leave the bit turned off if the result is the POSIX-like result just as if
issued on a typical local file system on a POSIX system.
I was confused about the real meaning of find_domain_from_name_noinit()
vs. find_domain_from_name(). We don't need the connection established
here, just the domain struct which gets initialized by rescan_trusted_domains().
Derrell Lipman [Mon, 9 Feb 2009 17:41:29 +0000 (12:41 -0500)]
[Bug 6069] Add a fstatvfs function for libsmbclient
- Add initial test implementation. This works on a Linux client to determine
whether a connection's server supports UNIX CIFS. I'm eager to see what the
build farm has to say about this, specifically how many, if any, hosts don't
provide a statvfs.h file with the requisite struct statvfs.
Jeff Layton [Fri, 6 Feb 2009 13:31:45 +0000 (08:31 -0500)]
mount.cifs: initialize rc to 0 in main
The value of rc in main() isn't initialized in the declaration. This
wasn't a problem before, but Shirish's fakemount patch can make it so
that we return the uninitialized variable if the -n flag is used.
Have nmbd check all available interfaces for WINS before failing
When nmbd is acting as WINS, it picks the first interface's IP as WINS
server's IP. If the first interface's IP is zero, we will just quit
(even though we might have other interfaces with valid IPs).
This patch makes nmbd look at all interfaces and pick the first interface
with a valid IP as the WINS server's IP.
(cherry picked from commit d998ee9025f2ad2df73e25c12e35e9218b97147e)
Jeremy Allison [Wed, 4 Feb 2009 23:35:02 +0000 (15:35 -0800)]
Fix bug #Bug 6090 renaming or deleting a "not matching/resolving" symlink is failing.
Reported by Kukks. Make sure we correctly use LSTAT in all cases where
POSIX pathnames are being used. This matters when dealing with symlinks
pointing to invalid paths being renamed or deleted not all deletes and
renames are done via an nt_create open.
Jeremy.
(cherry picked from commit 249dab1abbf49b0ca45360eb9aedb20d51a80e5f)
Ted Percival [Tue, 3 Feb 2009 22:10:20 +0000 (14:10 -0800)]
Probably fixes a crash during name resolution when log level >= 10
and libc segfaults if printf is passed NULL for a "%s" arg
(eg. Solaris).
(cherry picked from commit 16e49e8be8a942aa77a013c197a20d4c0bb3875f)
Jeremy Allison [Tue, 3 Feb 2009 01:11:15 +0000 (17:11 -0800)]
Fix bug #6082 - smbd_gpfs_getacl failed: Windows client can´t rename or delete file
This fixes the generic rename/delete problem for 3.3.0 and above.
Fixed slightly differently to discussions, user viewable modified
ACLs are not a good idea :-).
Jeremy.
(cherry picked from commit c5462c8b43435763783185a03029903efe3b0c11)
Michael Adam [Sun, 1 Feb 2009 23:46:57 +0000 (00:46 +0100)]
s3:winbind_group: fix "getent group" to allocate new gids.
"getent group" used to fill the idmap cache with negative
cache entries for unmapped group sids.
Don't pass domain name unconditionally to idmap_sid_to_gid().
idmap_sid_to_gid() only creates new mappings (allocating
idmap backends tdb, tdb2, ldap...) when the domain name passed
in is "".
Note that it is _wrong_ to directly call the idmap_sid_to_gid()
functions here, in the main winbindd. The correct fix would be
to send a sid_to_gid request to winbindd itself, but this needs
more work to prepare the async mechanisms, and we nee a quick
fix for getent passwd now.
Michael Adam [Sun, 1 Feb 2009 23:36:59 +0000 (00:36 +0100)]
s3:winbind_user: fix "getent passwd" to allocate new uids.
"getent passwd" used to fill the idmap cache with negative
cache entries for unmapped user sids.
Don't pass domain name unconditionally to idmap_sid_to_[ug]id().
idmap_sid_to_[ug]id() only creates new mappings (allocating
idmap backends tdb, tdb2, ldap...) when the domain name passed
in is "".
Note that it is _wrong_ to directly call the idmap_sid_to_[ug]id()
functions here, in the main winbindd. The correct fix would be
to send a sid_to_[ug]id request to winbindd itself, but this needs
more work to prepare the async mechanisms, and we nee a quick
fix for getent passwd now.
Björn Jacke [Thu, 29 Jan 2009 19:56:51 +0000 (20:56 +0100)]
add missing semicolons
the fixed configure check led to a missing semicolon in the now activated BSD
code. Then this error was even copypasted into the new AIX code. grrr
(cherry picked from commit ee90448a7aa0a0972e5801b319a011fd52750c20)
Jeremy Allison [Thu, 29 Jan 2009 18:47:02 +0000 (10:47 -0800)]
Following Björn JACKE's patch, unify the detection of the timespec code in configure.in, and the application of it in time.c
Jeremy.
(cherry picked from commit 9ef86eff7ac41a174dcb8eae070eda24006c6c70)
Michael Adam [Thu, 29 Jan 2009 12:17:46 +0000 (13:17 +0100)]
fix bug #6073: prevent ads_connect() from using SSL unless explicitly requested
This fixes "net ads join".
It copes with the changed default "ldap ssl = start tls".
A new boolean option "ldap ssl : ads" is added to allow for
explicitly requesting ssl with ads.
Volker Lendecke [Wed, 28 Jan 2009 09:35:35 +0000 (10:35 +0100)]
Avoid valgrind errors
In event handlers, we might destroy other events that are pending in the lists.
We can only run one event safely per select call.
Yes, I've seen these valgrind errors :-)
Jeremy, with ccdd921e61 you had checked in the change to run multiple events.
Do you remember why it was necessary and could not be solved in a different
way?
Jeremy Allison [Tue, 27 Jan 2009 23:47:47 +0000 (15:47 -0800)]
Fix bug #6069 - Build breaks with too many arguments to
samba-3.3.0/source/smbd/dnsregister.c:85:event_add_timed().
Jeremy.
(cherry picked from commit 458a6a4265bc9b429375d7efb52d25969d7faad5)
Jeremy Allison [Fri, 23 Jan 2009 00:22:04 +0000 (16:22 -0800)]
Apply same logic fix for #4308 Excel save operation corrupts file ACLs
to NFSv4 ACL code as this uses the same flawed logic as posix_acls.c.
Jeremy.
(cherry picked from commit cad872fc385ba30fb72baab25ee6341a41396e39)
Jeremy Allison [Fri, 23 Jan 2009 00:09:26 +0000 (16:09 -0800)]
Fix logic error in try_chown - we shouldn't arbitrarily chown
to ourselves unless that was passed in.
Jeremy.
(cherry picked from commit db2d56484e21daeb91df4b5e2286d242910336e8)
Jeremy Allison [Thu, 22 Jan 2009 22:32:32 +0000 (14:32 -0800)]
Second part of the attemt to fix #4308 - Excel save operation corrupts file ACLs.
If the chown succeeds then the ACL set should also. Ensure this is the case
(refactor some of this code to make it simpler to read also).
Jeremy.
(cherry picked from commit 90b660e2382711d005e8c4c4ae1c6adbd5e5b687)
Jeremy Allison [Thu, 22 Jan 2009 18:59:14 +0000 (10:59 -0800)]
Another attempt to fix bug #4308 - Excel save operation corrupts file ACLs.
Simo is completely correct. We should be doing the chown *first*, and fail the
ACL set if this fails. The long standing assumption I made when writing the
initial POSIX ACL code was that Windows didn't control who could chown a file
in the same was as POSIX. In POSIX only root can do this whereas I wasn't sure
who could do this in Windows at the time (I didn't understand the privilege
model). So the assumption was that setting the ACL was more important (early
tests showed many failed ACL set's due to inability to chown). But now we have
privileges in smbd, and we must always fail an ACL set when we can't chown
first. The key that Simo noticed is that the CREATOR_OWNER bits in the ACL
incoming are relative to the *new* owner, not the old one. This is why the old
user owner disappears on ACL set - their access was set via the USER_OBJ in the
creator POSIX ACL and when the ownership changes they lose their access.
Patch is simple - just ensure we do the chown first before evaluating the
incoming ACL re-read the owners. We already have code to do this it just wasn't
rigorously being applied.
Jeremy.
(cherry picked from commit 96b819e04cd71a6c899801ae68031bf55b54ea46)
projects / thirdparty / samba.git / log
