Arvid Requate [Thu, 21 Nov 2013 11:35:20 +0000 (12:35 +0100)]
spoolss: accept XPS_PASS datatype used by Windows 8
The new v4 driver model used in Windows 8 declares print jobs
intended to bypass the XPS processing layer by setting datatype to
"XPS_PASS" instead of "RAW".
Reviewed-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit b2815b4c8c3e436a79fb7f07be285a417fd6e8cb)
Jeremy Allison [Thu, 31 Oct 2013 20:48:42 +0000 (13:48 -0700)]
Fix bug #10229 - No access check verification on stream files.
https://bugzilla.samba.org/show_bug.cgi?id=10229
We need to check if the requested access mask
could be used to open the underlying file (if
it existed), as we're passing in zero for the
access mask to the base filename.
Signed-off-by: Jeremy Allison <jra@samba.org>
Fix Bug #10235 - CVE-2013-4475: No access check verification on stream files.
https://bugzilla.samba.org/show_bug.cgi?id=10235
(cherry picked from commit 14d48130870579541c07f5a0f64638e635ddce95)
Jeremy Allison [Tue, 8 Oct 2013 22:01:38 +0000 (15:01 -0700)]
Fix bug #10187 - Missing talloc_free can leak stackframe in error path.
Fix error path.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Oct 9 03:50:56 CEST 2013 on sn-devel-104
s3:libnet increase timeout for machine password change
DCs might run password filter modules that can delay the setting of
the machine password for a significant amount of time
use the same timeout as in the other paths of domain join
(e.g. rpccli_netlogon_set_trust_password)
Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 9755541ed156d71df98607375ee3b925266c3c74)
The last 2 patches address bug #8955 - NetrServerPasswordSet2 timeout is too
short.
Jeremy Allison [Tue, 3 Sep 2013 21:07:43 +0000 (14:07 -0700)]
Optimization. Don't do the retry logic if sitename_fetch() returned NULL, we already did a NULL query.
Bug 5917 - Samba does not work on site with Read Only Domain Controller
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 4 01:19:05 CEST 2013 on sn-devel-104
Jeremy Allison [Tue, 3 Sep 2013 19:20:52 +0000 (12:20 -0700)]
Move the retry logic when site_name is passed in a NULL or "" to the wrapper function.
Bug 5917 - Samba does not work on site with Read Only Domain Controller
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Richard Sharpe <rsharpe@samba.org>
(cherry picked from commit 68e7b1c9446c7d1274b0fb85b59b90ac1a7f6041)
Jeremy Allison [Tue, 3 Sep 2013 19:08:46 +0000 (12:08 -0700)]
Move the manipulation of site_name into the caller function dsgetdcname().
Leave dsgetdcname_internal() only using const char *site_name.
Bug 5917 - Samba does not work on site with Read Only Domain Controller
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Richard Sharpe <rsharpe@samba.org>
(cherry picked from commit 181c11066bd53b07015a199f56eb71182e89ff71)
Jeremy Allison [Tue, 3 Sep 2013 19:04:37 +0000 (12:04 -0700)]
Refactor dsgetdcname to be called via a wrapper function.
Bug 5917 - Samba does not work on site with Read Only Domain Controller
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Richard Sharpe <rsharpe@samba.org>
(cherry picked from commit 66006be7ef703b2935334633d27641050cee5f58)
Jeremy Allison [Tue, 3 Sep 2013 19:13:45 +0000 (12:13 -0700)]
dsgetdcname_cache_fetch() doesn't use the site_name parameter so don't pass it.
Bug 5917 - Samba does not work on site with Read Only Domain Controller
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Richard Sharpe <rsharpe@samba.org>
(cherry picked from commit dd12bfbcbf359c1642cc2e968aec62ae904aad5d)
Volker Lendecke [Mon, 26 Aug 2013 08:36:14 +0000 (08:36 +0000)]
smbd: Use #defines in smb2_getinfo_send
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Aug 27 15:08:08 CEST 2013 on sn-devel-104
Volker Lendecke [Wed, 28 Aug 2013 22:42:22 +0000 (15:42 -0700)]
smbd: Simplify dropbox special case in unix_convert
EACCESS needs special treatment: If we want to create a fresh file,
return OBJECT_PATH_NOT_FOUND, so that the client will continue creating
the file. If the client wants us to open a potentially existing file,
we need to correctly return ACCESS_DENIED.
This patch makes this behaviour hopefully a bit clearer than the code
before did.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
The last 2 patches address bug #10114 - Dropbox (write-only-directory) case
isn't handled correctly in pathname lookup.
Volker Lendecke [Wed, 28 Aug 2013 22:39:41 +0000 (15:39 -0700)]
smbd: Fix a profile problem
When trying to read a profile, under certain circumstances Windows tries
to read with its machine account first. The profile previously written
was stored with an ACL that only allows access for the user and not
the machine. Windows should get an NT_STATUS_ACCESS_DENIED when using
the machine account, making it retry with the user account (which would
then succeed).
Samba under these circumstances erroneously gives
NT_STATUS_OBJECT_PATH_NOT_FOUND, which makes Windows give up and not
retry. The reasons is the "dropbox" patch in unix_convert, turning EACCESS
on the last path component to OBJECT_PATH_NOT_FOUND. This patch makes
the dropbox behaviour only kick in when we are creating a file. I think
this is an abstraction violation. unix_convert() should not have to know
about the create_disposition, but given that we have pathname resolution
separated from the core open code right now this is the best we can do.
Signed-off-by: Volker Lendecke <Volker.Lendecke@SerNet.DE> Reviewed-by: Jeremy Allison <jra@samba.org>
Günther Deschner [Mon, 12 Aug 2013 15:23:12 +0000 (17:23 +0200)]
s3-winbindd: fix fallback to ncacn_np in cm_connect_lsat().
Fallback to lsa named-pipe connection when tcp connection has failed twice (it
could be a trusted domain connection where we cannot setup a secure channel).
Signed-off-by: Günther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Tested-by: Christof Schmitt <christof.schmitt@us.ibm.com>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 13 20:55:33 CEST 2013 on sn-devel-104
Richard Sharpe [Mon, 19 Aug 2013 20:14:55 +0000 (13:14 -0700)]
Fix bug #10097 - MacOSX 10.9 will not follow path-based DFS referrals handed out by Samba.
Windows overloads the EA Length field in the DIRECTORY INFO leves of FIND FIRST/FIND NEXT.
This field indicates either the REPARSE_TAG if the file/folder has a reparse proint or
the EA Length if it has EAs, and is the fundamental reason you cannot have both on a
file or folder.
Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Karolin Seeger [Tue, 13 Aug 2013 09:04:50 +0000 (11:04 +0200)]
docs: Fix variable list in man vfs_crossrename.
The varlist entries need a paragraph, otherwise the list is broken and the list
entries end with ".RE".
Fix bug #10076 - varlist in man vfs_crossrename broken.
Signed-off-by: Karolin Seeger <kseeger@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 20 04:19:42 CEST 2013 on sn-devel-104
(cherry picked from commit 1808316b1245290fd4a4aa87a801410899e4c1e3)
s3-libads: Print a message if no realm has been specified.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Aug 5 12:24:44 CEST 2013 on sn-devel-104
Ralph Wuerthner [Wed, 31 Jul 2013 23:33:48 +0000 (16:33 -0700)]
Ensure gpfs kernel leases are wrapped in a become_root()/unbecome_root() pair.
Ensures correct lease owner for signal delivery.
Signed-off-by: Ralph Wuerthner <ralphw@de.ibm.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 1 03:57:11 CEST 2013 on sn-devel-104
The last 2 patches address bug #10064 - Linux kernel oplock breaks can miss
signals.
Gregor Beck [Thu, 1 Aug 2013 12:16:24 +0000 (14:16 +0200)]
Fix bug 9678 - Windows 8 Roaming profiles fail
Windows 8 tries to set 'ATTRIBUTE_SECURITY_INFORMATION' on some
dirs. Ignoring it makes roaming profiles work again.
Just like w2k3 gracefully ignore all the other bits.
PIDL: fix parsing linemarkers in preprocessor output
When PIDL calls out to C preprocessor to expand IDL files
and parse the output, it filters out linemarkers and line control
information as described in http://gcc.gnu.org/onlinedocs/cpp/Preprocessor-Output.html
and http://gcc.gnu.org/onlinedocs/cpp/Line-Control.html#Line-Control
With gcc 4.8 stdc-predef.h is included automatically and linemarker for the
file has extended flags that PIDL couldn't parse ('system header that needs to
be extern "C" protected for C++')
Thanks to Jakub Jelinek <jakub@redhat.com> for explanation of the linemarker format.
Jeremy Allison [Tue, 9 Apr 2013 23:56:24 +0000 (16:56 -0700)]
Ensure we test the dirsort module in make test.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 11 21:17:21 CEST 2013 on sn-devel-104
The last 10 patches address bug #9777 - vfs_dirsort uses non-stackable calls,
dirfd(), malloc instead of talloc and doesn't cope with directories being
modified whilst reading.
Michael Adam [Tue, 18 Jun 2013 09:47:17 +0000 (11:47 +0200)]
s3-autoconf: Add missing libtevent dependency for dbwrap_torture.
Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Karolin Seeger <kseeger@samba.org>
The last 3 patches are part of a fix for bug #9881 - Samba doesn't check for
system libtevent.
libreplace currently includes socket.c and getifaddrs.c both of which
are GPL licensed.
Although not required, talloc and tdb build alongside this source,
leading to some ambiguity regarding their LGPL licences.
The following copyright holders have agreed to the GPL->LGPL change:
lib/replace/getifaddrs.c
Copyright (C) Andrew Tridgell 1998
Copyright (C) Jeremy Allison 2007
Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
lib/replace/test/getifaddrs.c
lib/replace/socket.c
* Copyright (C) Michael Adam <obnox@samba.org> 2008
Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 8a6743e4edcdff1c7860d150720483f19f3b33bb)
Jeremy Allison [Fri, 26 Apr 2013 17:47:41 +0000 (10:47 -0700)]
Fix bug #9822 - Samba crashing during Win8 sync.
When refactoring the dptr desctructor in the
fix for bug:
9778 (Samba directory code uses dirfd() without vectoring through a VFS call)
I removed the code to NULL out the struct smb_Dir *
pointer inside the fsp struct by mistake.
Re-add the NULLing out of that pointer when
closing a directory pointer associated with
an open file.
Reporter confirms it fixes the crash.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Sat Apr 27 20:44:55 CEST 2013 on sn-devel-104
(cherry picked from commit 251767cde9a146d8122d76e257ab232c05ad452a)
Jeremy Allison [Wed, 10 Apr 2013 23:30:10 +0000 (16:30 -0700)]
Remove dependency on detection of HAVE_DIRFD for use of fdopendir().
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Apr 12 16:21:10 CEST 2013 on sn-devel-104
(cherry picked from commit 7a4dd845958f1411daa8031ca242987001ab2f26)
Jeremy Allison [Wed, 10 Apr 2013 23:29:03 +0000 (16:29 -0700)]
Remove the "Ugly hack" that was the second use of dirfd().
The destructor does all the resource deallocation needed.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 0fe894fb89f4867e266bb04670a58101311e0234)
Jeremy Allison [Wed, 10 Apr 2013 23:24:15 +0000 (16:24 -0700)]
In the struct smb_Dir destructor, use the fsp back pointer to release resources.
Removes one use of dirfd().
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit ea14c9443178da9ae6ccbe71e573156396f6f699)
Jeremy Allison [Wed, 10 Apr 2013 23:21:39 +0000 (16:21 -0700)]
Maintain a back-pointer to the fsp in struct smb_Dir when opening with FDOPENDIR.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit e89ec641fc98ffd7f7193deb3728b0a284a093eb)
David Disseldorp [Wed, 22 May 2013 15:58:38 +0000 (17:58 +0200)]
Fix bug 9900: is_printer_published GUID retrieval
Samba currently always responds to GetPrinter(level = 7) requests with
DSPRINT_UNPUBLISH, regardless of the AD publish status tracked via the
PRINTER_ATTRIBUTE_PUBLISHED flag. This is due to erroneous "objectGUID"
unmarshalling in is_printer_published().
This change splits "objectGUID" retrieval into a separate function, and
adds a pull_reg_sz() call to correctly unmarshall the GUID.
David Disseldorp [Thu, 23 May 2013 17:32:08 +0000 (19:32 +0200)]
printing: explicitly clear PUBLISHED attribute
Currently nt_printer_publish(DSPRINT_UNPUBLISH) flips (via xor) the
info2->attributes PRINTER_ATTRIBUTE_PUBLISHED flag, rather than
explicitly clearing it.
projects / thirdparty / samba.git / log
