Volker Lendecke [Sat, 28 Mar 2009 18:58:45 +0000 (19:58 +0100)]
Fix smbd crash for close_on_completion
handle_trans() can talloc_free "conn" if the client requests
close_on_completion. "state" is a talloc_child of conn, so it will be gone when
we later free state->data et al.
Michael Adam [Wed, 1 Apr 2009 10:23:07 +0000 (12:23 +0200)]
s3: fix the fix for bug #6195 - dont let smbd child processes panic
This patch makes sure the original and temporary TDBs are closed
_before_ the rename. Originally, the open TDB was renamed, and so
the name passdb.tdb.tmp stayed around in the db context. Hence
upon client connect, the smbd children died because reinit_after_fork()
calling tdb_reopen_all() would try to reopen passdb.tdb.tmp which
existed no longer...
Jeremy Allison [Mon, 30 Mar 2009 22:09:10 +0000 (15:09 -0700)]
Ensure files starting with multiple dots are hidden
if "hide dot files" is set. Thanks to Barry Kelly <bkelly.ie@gmail.com>
for pointing this one out.
Jeremy.
Jeremy Allison [Sat, 28 Mar 2009 04:26:56 +0000 (21:26 -0700)]
Fix the problem of 3.0.x passdb databases being version
3 but using a different hash calculation than 3.2.x passwd
databases (also version 3). Introduces a minor version
number.
Jeremy.
Derrell Lipman [Fri, 27 Mar 2009 21:10:04 +0000 (17:10 -0400)]
[Bug 6228] SMBC_open_ctx failure due to path resolve failure doesn't set errno
Fixed.
It turns out there were a number of places where cli_resolve_path() was called
and the error path upon that function failing did not set errno. There were a
couple of places the failure handling code did set errno to ENOENT, so I made
them all consistent, although I think better errno choices for this condition
exist, e.g. EHOSTUNREACH.
Jeremy Allison [Fri, 27 Mar 2009 19:09:51 +0000 (12:09 -0700)]
Fix bug #6195 - Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb correctly. For the clustering case.
Clustered setups should have only ever used
the unsigned version of TDB_DATA in the
first place so they can't be in this mess :-).
Just do the normal upgrade in the clustered case.
Jeremy.
Jeremy Allison [Thu, 26 Mar 2009 22:33:39 +0000 (15:33 -0700)]
Try and fix the build farm RAW-STREAMS errors. Ordering of
modules shouldn't matter, so as vfs_streams_depot doesn't
implement get/setxattrs then call into the full VFS stack
at the top.
Jeremy
Jeremy Allison [Thu, 26 Mar 2009 19:13:28 +0000 (12:13 -0700)]
Fix bug #6224 - nmbd waits 5 minutes at startup before checking if it needs to run elections
Fix logic bug that causes nmbd to wait 5 minutes before
looking for a master browser. This one is *old* :-). Thanks
for Simo for bugging me on this.
Jeremy.
Günther Deschner [Wed, 25 Mar 2009 16:06:57 +0000 (17:06 +0100)]
s3-net: Fix Bug #6193: avoid messing with sync_context in fetch_database_to_ldif().
We absolutely need to avoid messing with the sync_context as that breaks the
stream of replication data coming from the DC (only replicates ~350 instead of
~4000 groups).
s3:libsmb: fix smb signing for fragmented trans/trans2/nttrans requests
Before we send the secondary requests we need to remove the
old mid=>seqnum mapping and reset cli->mid and make the new
mid=>seqnum mapping "persistent".
The bug we had in cli_send_trans was this:
The first cli_send_smb() incremented cli->mid
and the secondary requests used the incremented mid,
but as cli->outbuf still had the correct mid,
we send the correct mid to the server. The real problem
was that the cli_send_smb() function stored the seqnum
under the wrong mid.
cli_send_nttrans() was totally broken and now follows the
same logic as cli_send_trans().
The good thing is that in practice the problem is unlikely to happen,
because max_xmit is large enough to avoid secondary requests.
Jeremy Allison [Thu, 19 Mar 2009 02:58:01 +0000 (19:58 -0700)]
Fix bug #6196 - Unable to serve files with colons to Linux CIFS/VFS client
Looks like the pathname parsing for POSIX paths got
broken when the code for doing Windows streams parsing got added.
Jeremy.
Jeremy Allison [Wed, 18 Mar 2009 21:31:01 +0000 (14:31 -0700)]
Fix bug 6195 - Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb correctly.
This is a really nasty one to fix as in order to successfully update the
passdb.tdb we must do the equivalent of a tdbbackup to move to the new hash
values before we do the upgrade.
Jeremy.
Andrew Tridgell [Tue, 10 Mar 2009 05:45:45 +0000 (16:45 +1100)]
fixed a bug in message handling for code the change notify code
The change notify code registered a separate message handler for each
tree connect. This registration uses the global messaging context.
The messaging code would consider a 2nd registration for the same
messaging type as being an 'update' of the handler, rather than a new
handler. It also would only call the first handler in the linked list
for a given message type when dispatching messages.
This patch changes the messaging code to allow for multiple
registrations of the same message type, and allow for multiple calls
to different messaging handler for one incoming message.
This fixes the problem with the test_notify_tcon() test that I
recently committed to the S4 smbtorture
(cherry picked from commit 89e340e09fbdc375c0aa85506add525b8ba5dcd0)
Jeremy Allison [Fri, 6 Mar 2009 01:16:54 +0000 (17:16 -0800)]
Fix bug #6161 - smbclient corrupts source path in tar mode
This was my fault. I broke the smbclient tar argument processing
in creating the string for chdir when removing pstrings.
Jeremy.
Volker Lendecke [Thu, 5 Mar 2009 23:12:55 +0000 (15:12 -0800)]
Complete the fix for bug 6100
According to [MS-RPCE].pdf, section 2.2.2.11:
----
A client or a server that (during composing of a PDU) has allocated more space
for the authentication token than the security provider fills in SHOULD fill in
the rest of the allocated space with zero octets. These zero octets are still
considered to belong to the authentication token part of the PDU.<36>
----
RPC implementations are allowed to send padding bytes at the end of an auth
footer. Windows 7 makes use of this.
Steven Danneman [Fri, 27 Feb 2009 16:35:18 +0000 (08:35 -0800)]
s3: fix guest auth when winbindd is running
This fix is very subtle. If a server is configured with "security = share"
and "guest ok = yes" and winbindd is running authorization will fail during
tree connect.
This is due to our inability to map the guest sid S-1-5-21-X-501 to a uid
through sid_to_uid(). Winbindd is unaware of the hard coded mapping
between this sid and whatever uid the name in lp_guestaccount() is assigned.
So sid_to_uid() fails and we exit create_token_from_username() without
ever calling pdb_getsampwsid() which IS aware of the hard coded mapping.
This patch just reorganizes the code, moving sid_to_uid() down to the
block of code in which it is needed, avoiding this early failure.
Jeremy Allison [Wed, 25 Feb 2009 22:55:19 +0000 (14:55 -0800)]
Fix more POSIX path lstat calls. Fix bug where close can return
failure if we have a pending modtime and the containing directory
of the file has been renamed (there is no POSIX "update time by
fd" call). This can't happen on Windows as the rename will fail
if there are open files beneath it. Will add a torture test
for this.
Jeremy.
Jeremy Allison [Fri, 20 Feb 2009 16:25:29 +0000 (08:25 -0800)]
Fix bug #6133 - Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem.
As the NFSv4 ACL mapping code doesn't map write directory into the DELETE_CHILD
permission bit (which we require before allowing a delete) no one can delete
files without an explicit DELETE_CHILD bit set on the directory. Add this mapping.
Jeremy.
Jeremy Allison [Mon, 16 Feb 2009 02:18:21 +0000 (18:18 -0800)]
Attempt to fix bug #6099. According to Microsoft
Windows 7 looks at the negotiate_flags
returned in this structure *even if the
call fails with access denied ! So in order
to allow Win7 to connect to a Samba NT style
PDC we set the flags before we know if it's
an error or not.
Jeremy.
Holger Hetterich [Sat, 14 Feb 2009 01:30:22 +0000 (17:30 -0800)]
Enable total anonymization in vfs_smb_traffic_analyzer, by mapping
any user names to the one given by anonymize_prefix, without
generating a hash number. This setting is optional and is compatible
with the module configuration format of Samba 3.3.
Jeremy Allison [Sat, 14 Feb 2009 00:06:29 +0000 (16:06 -0800)]
Parameterize in local.h the MAX_RPC_DATA_SIZE, and ensure
that "offered" read from the rpc packet in spoolss is under
that size. Tidyup from analysis from Veracode.
Jeremy.
Yasuma Takeda [Wed, 11 Feb 2009 22:23:29 +0000 (14:23 -0800)]
Fix bug #6098 - When the DNS server is invalid, the ads_find_dc() does not work correctly with "security = domain"
1. If DNS server is invalid, the get_sorted_dc_list() is called with
realm(FQDN) and it fails.
2. On the next step, the get_sorted_dc_list() is called with realm(FQDN) again.
I think "again" is wrong place.
On the 2nd step, get_sorted_dc_list() should be called with realm(WORKGROUP).
projects / thirdparty / samba.git / log
