Carsten Dumke [Thu, 13 Nov 2008 18:05:00 +0000 (12:05 -0600)]
net: Fix documentation of net rap printq info
The man-page (see net(8)) and the usage-info (call "net help rap printq") of
'net rap printq' do contain an option "list" but in net_rap.c
the option is named "info".
Rename the option "list" in the documentation (man-pages + usage) to "info" to
match the code.
Volker Lendecke [Sat, 14 Jun 2008 08:31:11 +0000 (10:31 +0200)]
Correctly check for presence of cups-devel
On SuSE at least cups-config belongs to cups-libs which does not contain the
headers which are in cups-devel.
(cherry picked from commit 2408d2493f7c6e0beee58febd547516bbeb0929d)
Martin Schwenke [Fri, 7 Nov 2008 01:20:59 +0000 (12:20 +1100)]
Add @CIFSUPCALL_PROGS@ to "all" target so cifs.upcall gets built at
compile time rather than install time. This stops problems where
packaging scripts pass CFLAGS to "make" but not "make install".
Signed-off-by: Martin Schwenke <martin@meltin.net> Signed-off-by: Michael Adam <obnox@samba.org>
Jeff Layton [Thu, 6 Nov 2008 20:15:57 +0000 (15:15 -0500)]
mount.cifs: use lock/unlock_mtab scheme from util-linux-ng mount prog
The util-linux-ng sources have a good, but rather complex scheme for
locking the mtab before updating it. Mount helpers need to follow the
same scheme. Advisory locking only works if everyone is using the same
locking scheme.
Copy the routines we need from util-linux-ng into a separate source file
and then have mount.cifs and umount.cifs link in this object.
The long term goal is to have these routines in a separate helper
library (libmount). Mount helpers can then dynamically link in that lib.
Until that happens, this should serve as a suitable stopgap solution.
Jeremy Allison [Thu, 6 Nov 2008 14:40:35 +0000 (06:40 -0800)]
Fix bug #5825 - Account locking out doesnt work with an LDAP backend.Based on a problem found by Boyang. Only the pdb_nds backend implements login attempts so this was broken for tdbsam and ldap.
Jeremy.
Michael Adam [Sun, 2 Nov 2008 22:02:02 +0000 (23:02 +0100)]
winbindd: speed up fill_grent_mem (i.e. winbindd_getgrent) a lot.
With large groups, getgrent ran into timeouts because after each
single user that was added to the expanded group list, the list
was sorted and made unique.
Now the list is sorted just once after all members have been added.
Andrew Tridgell [Thu, 30 Oct 2008 19:32:06 +0000 (12:32 -0700)]
use glibc sys/inotify.h header
when we first added the inotify code glibc didn't have the inotify
functions yet. Now that it does we can use the official header and
avoid the asm/unistd.h syscall workaround
Michael Adam [Mon, 27 Oct 2008 13:28:44 +0000 (14:28 +0100)]
winbind: fix smbd hanging on Solaris when winbindd closes socket.
On some versions of Solaris, we observed a strange effect of close(2)
on a socket: After the server (here winbindd) called close, the client fd
was not marked as readable for select. And a write call to the fd did
not produce an error EPIPE but just returned as if successful.
So while winbindd had called remove_client(), the corresponding smbd
still thought that it was connected, but failed to retrieve answers
for its queries.
This patch works around the problem by forcing the client fd to
the readable state: Just write one byte into the socket before
closing.
Derrell Lipman [Fri, 24 Oct 2008 15:35:10 +0000 (11:35 -0400)]
Error return is boolean false, not -1
- There were a few places in SMBC_getatr() that returned -1 instead of a
boolean. -1 was intended to mean error, but that's what False/false is for,
and the usages of this function assume that it returns a boolean false as
the error condition.
- per Jelmer's request, use false vs. False in new code, even if not making
changes globally.
Jeremy Allison [Wed, 22 Oct 2008 20:18:58 +0000 (13:18 -0700)]
Fix net rpc vampire, based on an *amazing* piece of debugging work by "Cooper S. Blake" <the_analogkid@yahoo.com>.
"I believe I have found two bugs in the 3.2 code and one bug that
carried on to the 3.3 branch. In the 3.2 code, everything is
located in the utils/net_rpc_samsync.c file. What I believe is the
first problem is that fetch_database() is calling
samsync_fix_delta_array() with rid_crypt set to true, which means
the password hashes are unencrypted from the RID encryption.
However, I believe this call is redundant, and the corresponding
call for samdump has rid_crypt set to false. So I think the
rid_crypt param should be false in fetch_database().
If you follow the code, it makes its way to sam_account_from_delta()
where the password hashes are decrypted a second time by calling
sam_pwd_hash(). I believe this is what is scrambling my passwords.
These methods were refactored somewhere in the 3.3 branch. Now the
net_rpc_samsync.c class calls rpc_vampire_internals, which calls
libnet/libnet_samsync.c, which calls samsync_fix_delta_array() with
rid_crypt always set to false. I think that's correct. But the
second bug has carried through in the sam_account_from_delta()
function:
If you look closely you'll see that the nt hash is going into the
lm_passwd variable and the decrypted value is being set in the lanman
hash, and the lanman hash is being decrypted and put into the nt hash
field. So the LanMan and NT hashes look like they're being put in
the opposite fields."
Fix this by removing the rid_crypt parameter.
Jeremy.
Jeremy Allison [Fri, 17 Oct 2008 04:04:18 +0000 (21:04 -0700)]
Cope with bad trans2mkdir requests from System i QNTC IBM SMB client.
If total_data == 4 Windows doesn't care what values
are placed in that field, it just ignores them.
The System i QNTC IBM SMB client puts bad values here,
so ignore them.
Jeremy.
Jeremy Allison [Thu, 16 Oct 2008 18:57:51 +0000 (11:57 -0700)]
Fix bug 5826 - Directory/Filenames get truncated when 3.2.0 client acesses old server.
Karolin this is a show-stopper for 3.2.5.
There was some code in pull_ucs2_base_talloc() to cope with this case which
hadn't been added to pull_ascii_base_talloc(). The older Samba returns non
unicode names which is why you are seeing this codepath being executed.
Jeremy.
Jeremy Allison [Tue, 14 Oct 2008 23:05:00 +0000 (16:05 -0700)]
Attempt to fix bug #5818 - "smbcacls: sorts ACEs improperly and loses inheritance", based on
a patch from Paul Fertser <fercerpav@gmail.com>. I also added the ability to get/set hex
and symbolic inheritance flag names on ACE flags. I'm still investigating the effects
of setting the "SEC_DESC_DACL_AUTO_INHERIT_REQ" flag as I don't yet see what effects
this is having on the ACE sent.
Jeremy.
Holger Hetterich [Mon, 13 Oct 2008 21:14:25 +0000 (14:14 -0700)]
Enable optional anonymization of user names,
if the configuration parameter anonymization_prefix is defined in
smb.conf, and use the prefix given there.
Jeff Layton [Thu, 9 Oct 2008 14:44:37 +0000 (10:44 -0400)]
mount.cifs: make return codes match the return codes for /bin/mount (try #3)
The manpage for /bin/mount specifies that the return code should be a
positive integer (actually, it's a bitfield). Clean up the return
codes from mount.cifs to make them match the expected return values
from /bin/mount. This necessary for proper integration with autofs.
This is the third attempt at this patch. The changes here are minor,
just changing some return's from main() into exit() calls for
consistency's sake.
Jeff Layton [Thu, 9 Oct 2008 14:42:28 +0000 (10:42 -0400)]
mount.cifs: have uppercase_string return success on NULL pointer
We currently don't attempt to uppercase the device portion of the mount
string if there isn't a prefixpath. Fix that by making uppercase_string
return success without doing anything on a NULL pointer.
Jeremy Allison [Wed, 8 Oct 2008 18:40:16 +0000 (11:40 -0700)]
Fix bug #5814 - Winbindd dumping core in a strange manner while doing "rescan_trusted_domain".
From analysis by hargagan <shargagan@novell.com> :
"The winbindd_child_died() is also getting called from process_loop() in case of
SIGCHLD signal. In this case it doesn't make the timeout_handler to NULL for
the first request. It then initiate a new request using
schedule_async_request() which installs a new timeout handler for the same
request. In such a case, for a badly unresponsive system both the timeout
handler can be called. For the first call the "private_data" will be cleared
and for another call the timeout handler will be detecting the double free. So,
for such a case as well, the winbindd_child_died() should make the
timeout_handler to NULL."
Jeremy.
Tim Prouty [Tue, 7 Oct 2008 17:30:22 +0000 (10:30 -0700)]
Fixed build warning "passing arg from incompatible pointer type"
The fix explicitly makes the conversion from timeval to time_t using the
existing time utility functions.
Compiling modules/vfs_smb_traffic_analyzer.c
modules/vfs_smb_traffic_analyzer.c: In function `smb_traffic_analyzer_send_data':
modules/vfs_smb_traffic_analyzer.c:173: warning: passing arg 1 of `localtime' from incompatible pointer type
Tim Prouty [Tue, 7 Oct 2008 17:13:51 +0000 (10:13 -0700)]
Fixed "declaration shadows global declaration" warnings.
The patch simply uses a more descriptive variable name for tcp_seq.
lib/socket_wrapper/socket_wrapper.c:753: warning: declaration of 'tcp_seq' shadows a global declaration
/usr/include/netinet/tcp.h:40: warning: shadowed declaration is here
lib/socket_wrapper/socket_wrapper.c: In function `swrap_marshall_packet':
lib/socket_wrapper/socket_wrapper.c:919: warning: declaration of 'tcp_seq' shadows a global declaration
/usr/include/netinet/tcp.h:40: warning: shadowed declaration is here
Volker Lendecke [Mon, 6 Oct 2008 21:10:23 +0000 (14:10 -0700)]
If name_to_fqdn fails, retry with the dns domain the DC gave us
This is a workaround for the cases where you want to join under a netbios name
that is different from your hostname, i.e. a name that can not be found in
/etc/hosts or dns. In these cases, name_to_fqdn fails or gives invalid results.
net_dns: Make "lwinet ads dns register" honor the "interfaces" parameter.
This is helpful on multihomed hosts that only require a subset
of IP addresses be registered with DNS.
(cherry picked from commit 17c9f8810598d8117befc896d12a597a52b0ac3b)
libaddns: Use the same prerequisite for DDNS update as Windows XP.
Hostname, TYPE: CNAME, CLASS: NONE
This has to have been broken for ages. I cannot see
how it would have worked in any environment.
(cherry picked from commit 6b6402bce318a48b0890ed6fc23ed5b30440927b)
Jeremy Allison [Thu, 2 Oct 2008 21:02:20 +0000 (14:02 -0700)]
Fix bug #5080. Access to cups-printers via samba broken with cups 1.3.4, Unsupported character set.
Cups 1.3.4 expects utf8 to be used in all messages to/from the server. We may be using a
different character set so we need to use talloc utf8 push/pull functions in all communication.
Contains the !server fix already applied to 3.3.
Jeremy.
Derrell Lipman [Thu, 2 Oct 2008 13:17:49 +0000 (09:17 -0400)]
Fix bug 5805: don't close stdout
- When calling setup_logging multiple times, the code was closing the debug
file descriptor before opening or assigning the new one. We don't, however,
want to close the debug file descriptor if it is stdout.
Jeremy Allison [Wed, 1 Oct 2008 20:22:02 +0000 (13:22 -0700)]
Fix use of DLIST_REMOVE as spotted by Constantine Vetoshev <gepardcv@gmail.com>.
This API is unusual in that if used to remove a non-list head it nulls out
the next and prev pointers. This is what you want for debugging (don't want
an entry removed from the list to be still virtually linked into it) but
means there is no consistent idiom for use as the next and prev pointers
get trashed on removal from the list, meaning you must save them yourself.
You can use it one way when deleting everything via the head pointer, as
this preserves the next pointer, but you *must* use it another way when not
deleting everything via the head pointer. Fix all known uses of this (the main
one is in conn_free_internal() and would not free all the private data entries
for vfs modules. The other changes in web/statuspage.c and winbindd_util.c
are not strictly neccessary, as the head pointer is being used, but I've done
them for consistency. Long term we must revisit this as this API is too hard
to use correctly.
Jeremy.
Jeremy Allison [Wed, 1 Oct 2008 19:30:12 +0000 (12:30 -0700)]
Turn the socket connections into a refcounted list - in the common case there'll now only be one socket per smbd.
Changed the format of the wire data to (a) include a version number (V1) as the first element. (b) removed the
";)" at the end an replaced it with a "\n". Receiver can change back if needed, and now receiver can just log
"as-is" to a text file (making testing easier). Added my (C). Sorry Holger, but I've changed quite a bit now.
Jeremy.
Jeremy Allison [Tue, 30 Sep 2008 23:20:29 +0000 (16:20 -0700)]
Convert to allocated strings. Use write_data(), not send as this doesn't correctly
deal with EINTR. Jim and Holger please check this still works.
Jeremy.
Jeremy Allison [Tue, 30 Sep 2008 22:09:49 +0000 (15:09 -0700)]
Restructure the module so it connects to the remote data sink
on connect, and closes the socket on client disconnect. This should
make it much more efficient. Store the remote fd in a private data
pointer off the handle. Finally we need to remove the fstrings and
convert to allocated buffer storage.
Jeremy.
Jeremy Allison [Tue, 30 Sep 2008 20:21:27 +0000 (13:21 -0700)]
Fix the make test problem Karolin reported. Now rename_open_files actually works correctly we must emit the change notify before we change the name, not before.
Jeremy.
Andrew Tridgell [Mon, 29 Sep 2008 23:04:23 +0000 (16:04 -0700)]
re-added "winbind:ignore domains" patch
This option really is essential, as we discover again and again at
customer sites. Due to bugs in winbind some domains are toxic. When
you are installing at a site and a particular domain in a complex
setup causes winbind to segfault or hang then you need a way to
disable that domain and continue.
In an ideal world winbind could handle arbitrarily complex ADS
domains, but we are nowhere near that yet. If we ever get to that
stage then we won't need this option.
Andrew Tridgell [Mon, 29 Sep 2008 18:24:00 +0000 (11:24 -0700)]
fixed segv on startup with trusted domains
With some setups, idmap_tdb2_allocate_id can be called before the
allocate backend is initialised, leading to a segv. This change
ensures that the db is opened in all paths that use it
projects / thirdparty / samba.git / log
