The branch, v3-3-stable has been updated via aff7429440784c41666d978e2b74784f36f87d98 (commit) via 5afa5a02307635d71f54b6e59fb9d48bd2ab9e25 (commit) via addec41170dd57570eaf26d4620c8d742480d960 (commit) via 2332ec76e73aad423e575ca52b621bb1bb634b47 (commit) via 544cd04a90a45e4b8ba7caca531d103351e14948 (commit) via 6e96bae05598fc7601e9a50de75cf57271d984bb (commit) via af56d80f4475f1025b318facf6f26445243e4dc7 (commit) via 34a2082e68b24694d28598e14265b57a7b4a9769 (commit) via 3992e319fd854293724d884830571ed251c48496 (commit) via 717e7960c11d3d88ddfdd8c9f037331019b80cd9 (commit) via a227c3bff49a5d5bef2e2dfd55793b0cb9533461 (commit) via b2cd69dcec47ba9f374bc272990f935d7cb48ec9 (commit) via ebdb11132c65192efd1854300e54b3ba844d8c3d (commit) via 85b2eef569e6a253be79d0de697481fcc6a9acf2 (commit) via 2932c38b84d0c3c6af9fd166478d12c8d7f2515b (commit) via 8cf64375b9832e3300a7fdc3a1da570ee033d342 (commit) via a452ff839d2afa79c7bf56451ad544b9a4b37612 (commit) via dc86f0e542aaaf0f352a20b183465fb7eeb4d2e8 (commit) via 57e5390105f40c1ed9167520a7ade967f0833c60 (commit) via 108c1ea57996a286ff7046ec5e54a3a93e59007c (commit) via 7a706c27c1365e729a598e237209d544912aff9e (commit) via 59130016b7676ec89855e8a44b9d3c4f3e97839c (commit) via fb65c345976b2125f9b68d65ff3946c78b4cddd5 (commit) via 6631ca4a51d4b13d2edd2dc899f7b76c233825b5 (commit) via 12cf12f10c1c6adad568daf6c16144a99b0f822e (commit) via 96d43ea011c5e1008ea371951e6b9e9b63813c67 (commit) via 159568e7b8fe5021d924e459fc76717d468db057 (commit) via 85e3c288dfbcdad9ffb1f68c9bedd3dd1f6962ad (commit) via b1960eb8aa36b4c8d136f138392481a50a9475da (commit) via 6b0d6f909999605e5940156fd614f9bb75c24bff (commit) via 947a727e5205780c3c4d32a3e161b47e67d448f0 (commit) via 750c7f565bdef64636fa6d414ca6d24e40f54536 (commit) via f56e4a993ab1ed6eed99c7c67b9de7c83ed6608a (commit) from 57930cf3e4eb79b26cd062b51635d1df2d68a0ed (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-stable - Log ----------------------------------------------------------------- commit aff7429440784c41666d978e2b74784f36f87d98 Author: Karolin Seeger <ksee...@samba.org> Date: Fri Mar 6 09:00:58 2009 +0100 s3/WHATSNEW: Update changes since 3.3.0. Karolin (cherry picked from commit ca623a7aa45b93c76e4c03ef041fb518c330ca3f) commit 5afa5a02307635d71f54b6e59fb9d48bd2ab9e25 Author: Jeremy Allison <j...@samba.org> Date: Thu Mar 5 21:51:00 2009 -0800 Get the sense of the integer wrap test the right way around. Sorry. Jeremy. (cherry picked from commit bbf72022b64a2ae207936f0208d3db2373a6d32b) commit addec41170dd57570eaf26d4620c8d742480d960 Author: Jeremy Allison <j...@samba.org> Date: Thu Mar 5 21:04:52 2009 -0800 Now we're allowing a lower bound for auth_len, ensure we also check for an upper one (integer wrap). Jeremy. (cherry picked from commit acf2223f803c14c64a38f5218d823b8f8171e47f) commit 2332ec76e73aad423e575ca52b621bb1bb634b47 Author: Jeremy Allison <j...@samba.org> Date: Thu Mar 5 17:17:52 2009 -0800 Fix bug #6161 - smbclient corrupts source path in tar mode This was my fault. I broke the smbclient tar argument processing in creating the string for chdir when removing pstrings. Jeremy. (cherry picked from commit a9e6c91cd18b8b7b805f4b69f3867ea4bd6bc3ba) commit 544cd04a90a45e4b8ba7caca531d103351e14948 Author: Jeremy Allison <j...@samba.org> Date: Thu Mar 5 15:16:53 2009 -0800 Last part of fix for #6154 - zfs does not honor admin users. Jeremy. (cherry picked from commit ddaa1bae7567c81fb8e478c439bb970edab2f9c3) commit 6e96bae05598fc7601e9a50de75cf57271d984bb Author: Volker Lendecke <v...@samba.org> Date: Thu Mar 5 22:20:55 2009 +0100 Complete the fix for bug 6100 According to [MS-RPCE].pdf, section 2.2.2.11: ---- A client or a server that (during composing of a PDU) has allocated more space for the authentication token than the security provider fills in SHOULD fill in the rest of the allocated space with zero octets. These zero octets are still considered to belong to the authentication token part of the PDU.<36> ---- RPC implementations are allowed to send padding bytes at the end of an auth footer. Windows 7 makes use of this. Thanks to Nick Meier <nme...@microsoft.com> Volker (cherry picked from commit 224364d6c9eaa4d07b57cdef04ac17acb416e413) commit af56d80f4475f1025b318facf6f26445243e4dc7 Author: Jeremy Allison <j...@samba.org> Date: Thu Mar 5 09:03:48 2009 -0800 Fix bug #6160 - Office 2007 fails saving files to a Samba mapped drive. Confirmed by reporters. Jeremy. (cherry picked from commit 2cc696192fbc66b10fa6377d84cdebd23a045284) commit 34a2082e68b24694d28598e14265b57a7b4a9769 Author: Jeremy Allison <j...@samba.org> Date: Wed Mar 4 17:18:12 2009 -0800 Second part of fix for #6154, ensure we return max access if admin user. Jeremy. (cherry picked from commit 30d2017c7bb01adb5e9ce4bf84df845d676665de) commit 3992e319fd854293724d884830571ed251c48496 Author: Jeremy Allison <j...@samba.org> Date: Wed Mar 4 16:56:45 2009 -0800 Fix bug #6154 - zfs does not honor admin users. Jeremy. (cherry picked from commit a7efcb3666fe4df778df95449e98970a77369b79) commit 717e7960c11d3d88ddfdd8c9f037331019b80cd9 Author: Jeremy Allison <j...@samba.org> Date: Wed Mar 4 14:47:44 2009 -0800 Fix crashes when running RAW-ACLs against system with tdb ACL modules (caused by the POSIX pathname fixes). Jeremy. (cherry picked from commit 9809849d976597a0b1ed098ac5f9f353a98ca651) commit a227c3bff49a5d5bef2e2dfd55793b0cb9533461 Author: Tim Prouty <tpro...@samba.org> Date: Tue Mar 3 16:47:48 2009 -0800 s3 passdb: Add back some useful debug statements Originally removed in be1dfff02d562e42a7847bd02fed8538630d3f41 (cherry picked from commit 784a9ae6fed4169b2e21608a1963a2b9af8c47fc) commit b2cd69dcec47ba9f374bc272990f935d7cb48ec9 Author: Jeremy Allison <j...@samba.org> Date: Tue Mar 3 16:05:47 2009 -0800 Fix bug #6155 - "force group" is no longer working as expected. We need to store the "force group" uid separately from the conn->server_info token as we need to apply it separately also. Volker PLEASE CHECK ! Jeremy. (cherry picked from commit da340c674d52d79cd4c45ab961a8fd7a204f7a67) commit ebdb11132c65192efd1854300e54b3ba844d8c3d Author: Dan Sledz <dan.sl...@isilon.com> Date: Mon Mar 2 16:42:37 2009 -0800 It appears that the first time we see a uid/gid that winbind can't map, we end up returning the null sid instead of falling back to the legacy code. Next time through the code we'll hit the negative cache and do the right thing, but we still fail the first time. If we fail the winbind id to sid mapping, call the legacy version. This catches the case where we don't have a negative cache entry for the mapping. This is better than returning the NULL sid to the caller. (cherry picked from commit c4d05e8e1fc776dd9c528513346256cf35c9f226) commit 85b2eef569e6a253be79d0de697481fcc6a9acf2 Author: Bo Yang <boy...@novell.com> Date: Mon Mar 2 16:08:58 2009 -0800 More fix to initialize idmap statuses (cherry picked from commit 3480224cef289ef0915787d735cd79adad4815fe) commit 2932c38b84d0c3c6af9fd166478d12c8d7f2515b Author: Karolin Seeger <ksee...@samba.org> Date: Fri Feb 27 11:09:59 2009 +0100 s3/docs: Add missing full stop. Karolin (cherry picked from commit 2ab9d365cfceb28c1280566b6fe8ec3767e18149) (cherry picked from commit aff67e24f3675ace3c69c210aa387bc008f1cbbc) commit 8cf64375b9832e3300a7fdc3a1da570ee033d342 Author: Jeremy Allison <j...@samba.org> Date: Sat Feb 28 13:14:54 2009 -0800 Fix bug #6082 - smbd_gpfs_getacl failed: Windows client can´t rename or delete file (directory fix). Jeremy. (cherry picked from commit fc5765f843fbbe0a8c9ae6be6dc7658033d539d3) commit a452ff839d2afa79c7bf56451ad544b9a4b37612 Author: Bo Yang <boy...@novell.com> Date: Fri Feb 27 10:34:47 2009 -0800 Initialize the id_map status in idmap_ldap to avoid surprise (cherry picked from commit 13a13122f40221edd76aeaaff47c8964a692301a) commit dc86f0e542aaaf0f352a20b183465fb7eeb4d2e8 Author: Steven Danneman <steven.danne...@isilon.com> Date: Fri Feb 27 08:32:51 2009 -0800 s3: fix guest auth when winbindd is running This fix is very subtle. If a server is configured with "security = share" and "guest ok = yes" and winbindd is running authorization will fail during tree connect. This is due to our inability to map the guest sid S-1-5-21-X-501 to a uid through sid_to_uid(). Winbindd is unaware of the hard coded mapping between this sid and whatever uid the name in lp_guestaccount() is assigned. So sid_to_uid() fails and we exit create_token_from_username() without ever calling pdb_getsampwsid() which IS aware of the hard coded mapping. This patch just reorganizes the code, moving sid_to_uid() down to the block of code in which it is needed, avoiding this early failure. (cherry picked from commit fbf615dee95d13026fb9d092be8cf956c64eda75) commit 57e5390105f40c1ed9167520a7ade967f0833c60 Author: Jeremy Allison <j...@samba.org> Date: Thu Feb 26 11:43:07 2009 -0800 Make us pass the RAW-RENAME torture test I just added. Inside a directory, keep a file open and then renaming the directory should fail with ACCESS_DENIED. Jeremy. (cherry picked from commit eb02b1e7fe98f826606d0129b1ba172b8645207a) commit 108c1ea57996a286ff7046ec5e54a3a93e59007c Author: Jeremy Allison <j...@samba.org> Date: Wed Feb 25 14:56:49 2009 -0800 Fix more POSIX path lstat calls. Fix bug where close can return failure if we have a pending modtime and the containing directory of the file has been renamed (there is no POSIX "update time by fd" call). This can't happen on Windows as the rename will fail if there are open files beneath it. Will add a torture test for this. Jeremy. (cherry picked from commit 032f052c9ccfb32f822352155e5f3c17a34f896a) commit 7a706c27c1365e729a598e237209d544912aff9e Author: Jeremy Allison <j...@samba.org> Date: Wed Feb 25 14:50:43 2009 -0800 Use fsp->posix_open in preference if we have it. Jeremy. (cherry picked from commit 2b5b5bed41320f1890c69c714c7596e1a7a1b964) commit 59130016b7676ec89855e8a44b9d3c4f3e97839c Author: Jeremy Allison <j...@samba.org> Date: Wed Feb 25 14:12:31 2009 -0800 Ensure ACL modules work with POSIX paths. Jeremy. (cherry picked from commit 6d5bf226e91eaa7405103f2c32b5d5a310fa35eb) commit fb65c345976b2125f9b68d65ff3946c78b4cddd5 Author: Jeremy Allison <j...@samba.org> Date: Wed Feb 25 13:46:46 2009 -0800 Fix use of streams modules with CIFSFS client. Jeremy. (cherry picked from commit 0c8b8f2f3483a585d974ce803357f1d9f39e3c9f) commit 6631ca4a51d4b13d2edd2dc899f7b76c233825b5 Author: Jeremy Allison <j...@samba.org> Date: Wed Feb 25 13:00:21 2009 -0800 Make test for open modes more robust against other bits. Jeremy. (cherry picked from commit 8d178837f259757340a09a688ed194e3e4a92c36) commit 12cf12f10c1c6adad568daf6c16144a99b0f822e Author: Jeremy Allison <j...@samba.org> Date: Wed Feb 25 12:54:58 2009 -0800 Fix bug in processing of open modes in POSIX open. Was missing case of "If file exists open. If file doesn't exist error." Damn damn damn. CIFSFS client will have to have fallback cases for this error for a long time. Jeremy. (cherry picked from commit b652082648c49b525d2b2ce619b575ee75bc242e) commit 96d43ea011c5e1008ea371951e6b9e9b63813c67 Author: Jeremy Allison <j...@samba.org> Date: Wed Feb 25 10:00:01 2009 -0800 Fix some NetBSD warnings. Jeremy. (cherry picked from commit 8858ed261917ce6c80562f05f5407109d66bd6a8) commit 159568e7b8fe5021d924e459fc76717d468db057 Author: Volker Lendecke <v...@samba.org> Date: Thu Oct 2 03:37:52 2008 +0200 Fix bug 6124: Attempt to fix the build on IRIX Under irix, "sa_family" is a #define to sa_union.sa_generic.sa_family2 (cherry picked from commit 7fea973c6a204f422d92c2abf1d40d3558808696) commit 85e3c288dfbcdad9ffb1f68c9bedd3dd1f6962ad Author: Jeremy Allison <j...@samba.org> Date: Tue Feb 24 17:58:14 2009 -0800 Allow set attributes on a stream fnum to be redirected to the base filename. Fixes the new RAW-STREAMS torture test. Jeremy. (cherry picked from commit 3c01f93b4cf4f4dec41511bae622736f1ade3b0f) commit b1960eb8aa36b4c8d136f138392481a50a9475da Author: Steve French <smfre...@gmail.com> Date: Tue Feb 24 17:07:12 2009 -0600 Fix guest mounts guest session setup, login (user id) as anonymous. This patch is for samba bugzilla bug 4640. Signed-off-by: Shirish Pargaonkar <shiri...@us.ibm.com> Acked-by: Jeff Layton <jlay...@redhat.com> Signed-off-by: Steve French <sfre...@samba.org> (cherry picked from commit dc2f9854c400a9bde604a8c3ababb29fb3e9747f) commit 6b0d6f909999605e5940156fd614f9bb75c24bff Author: Tim Prouty <tpro...@samba.org> Date: Tue Feb 24 14:07:29 2009 -0800 Fix a bug that prevent core files from being created Removed an erroneous free() that was causing the corepath to be NULL during dump_core(). This prevented dump_core() from actually calling abort() to create a core file. The bug was introduced in December by: 0994b094569474d47e7b98e39438829e962a27e1 (cherry picked from commit a70bb435d339df52eef56fb0c5788534252d7ab7) commit 947a727e5205780c3c4d32a3e161b47e67d448f0 Author: Steve French <smfre...@gmail.com> Date: Tue Feb 24 12:43:12 2009 -0600 cifs mount did not properly display version string when no other parameters passed in. Acked-by: Jeff Layton <jlay...@redhat.com> (cherry picked from commit c7bf0f4c222ae46be2a751997e03197832b494cd) commit 750c7f565bdef64636fa6d414ca6d24e40f54536 Author: Derrell Lipman <derrell.lip...@unwireduniverse.com> Date: Tue Feb 24 09:49:21 2009 -0500 Make char* parameters const - Use const in function signatures whenever appropriate, to help prevent errant scribbling on users' buffers. smbc_set_credentials() always acted as if its formal parameters were const char *, and changing the formal declaration to specify that should not cause any change to the ABI. It is still allowable to pass a writable buffer to a function which specifies that it will not write to the buffer. Derrell (cherry picked from commit 53fea3a7aef481151c3a15d01481cb0f11ae2e8b) commit f56e4a993ab1ed6eed99c7c67b9de7c83ed6608a Author: Björn Jacke <b...@sernet.de> Date: Sun Feb 22 19:46:40 2009 +0100 prefer gssapi header files from subdirectory this fixes some compile time noise on FreeBSD 7 (cherry picked from commit 1bfdbb093f7c5e434ea3e653d389e1ccec578af6) ----------------------------------------------------------------------- Summary of changes: WHATSNEW.txt | 169 +++++---------------- docs-xml/smbdotconf/security/clientlanmanauth.xml | 2 +- source/auth/auth_util.c | 14 +- source/client/clitar.c | 16 ++ source/client/mount.cifs.c | 12 ++- source/include/includes.h | 6 +- source/include/libsmbclient.h | 8 +- source/include/proto.h | 7 +- source/include/smb.h | 6 + source/lib/fault.c | 1 - source/libaddns/dns.h | 6 +- source/librpc/gen_ndr/nbt.h | 2 +- source/librpc/gen_ndr/ndr_nbt.c | 6 +- source/librpc/idl/nbt.idl | 2 +- source/libsmb/dsgetdcname.c | 2 +- source/libsmb/libsmb_context.c | 22 +-- source/locking/locking.c | 19 ++- source/modules/vfs_acl_tdb.c | 89 +++++++++--- source/modules/vfs_acl_xattr.c | 12 ++- source/modules/vfs_streams_depot.c | 14 ++- source/modules/vfs_streams_xattr.c | 15 ++- source/passdb/lookup_sid.c | 38 +++-- source/printing/nt_printing.c | 6 +- source/rpc_server/srv_pipe.c | 6 +- source/smbd/close.c | 22 ++- source/smbd/conn.c | 1 + source/smbd/file_access.c | 5 + source/smbd/files.c | 43 ++++++ source/smbd/open.c | 50 ++++++ source/smbd/reply.c | 12 ++- source/smbd/service.c | 8 + source/smbd/trans2.c | 19 ++- source/smbd/uid.c | 11 +- source/winbindd/idmap_ad.c | 10 ++ source/winbindd/idmap_adex/idmap_adex.c | 10 ++ source/winbindd/idmap_hash/idmap_hash.c | 10 ++ source/winbindd/idmap_ldap.c | 8 + source/winbindd/idmap_nss.c | 10 ++ source/winbindd/idmap_rid.c | 10 ++ source/winbindd/idmap_tdb.c | 10 ++ source/winbindd/idmap_tdb2.c | 10 ++ 41 files changed, 493 insertions(+), 236 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 141d76b..873c7bc 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,170 +1,71 @@ ============================= - Release Notes for Samba 3.3.1 - February, 24 2009 + Release Notes for Samba 3.3.2 + March, 09 2009 ============================= This is the latest bugfix release release of the Samba 3.3 series. -Major enhancements in Samba 3.3.1 include: +Major enhancements in Samba 3.3.2 include: - * Fix net ads join when "ldap ssl = start tls" (bug #6073). - * Fix renaming/deleting of files using Windows clients (bug #6082). - * Fix renaming/deleting a "not matching/resolving" symlink (bug #6090). - * Fix remotely adding a share via the Windows MMC. + * Fix "force group" (bug #6155). + * Fix guest authentication in setups with "security = share" and + "guest ok = yes" when Winbind is running. + * Fix corruptions of source path in tar mode of smbclient (bug #6161). ###################################################################### Changes ####### -smb.conf changes ----------------- - Parameter Name Description Default - -------------- ----------- ------- - ldap ssl ads New No - - -Changes since 3.3.0: +Changes since 3.3.1: -------------------- o Jeremy Allison <j...@samba.org> - * BUG 6082: Fix renaming/deleting of files using Windows clients. - * BUG 6069: Fix build with too many arguments. - * BUG 6090: Fix renaming/deleting a "not matching/resolving" symlink. - * BUG 6099: Try to fix domain join of Win7 Beta. - * BUG 6117: Fix core dump of pdbedit -a. - * BUG 6133: Fix deletion of non-ACL files on Solaris/ZFS/NFSv4 ACL - filesystem. - * Fix Coverity IDs 115, 116, 117, 602. - * Fix warning (bad handler prototype). - * Unify the detection of the timespec code in configure.in, and the - application of it in time.c. - * Correctly use chroot(). - * Parameterize in local.h the MAX_RPC_DATA_SIZE, and ensure that "offered" - read from the rpc packet in spoolss is under that size. - * Backport the semantics of when to delete alternate data streams on a file - truncate. - * Fix printf warnings. - * Fix warnings on Solaris. - - -o Michael Adam <ob...@samba.org> - * BUG 6066: netinet/ip.h present but cannot be compiled on Solaris. - * BUG 6073: Prevent ads_connect() from using SSL unless explicitly - requested. - * Fix 'getent passwd' to allocate new uids. - * Fix 'getent group' to allocate new gids. - * Remove check for sharename being a username in 'net conf - addshare'. - - -o Guenther Deschner <g...@samba.org> - * Fix Coverity ID 848. - * Remove unused ENUM_HND from 'net'. - * Fix getform command asprintf return code in rpcclient. - * Fix memleak in get_remote_printer_publishing_data(). - * Remove duplicate prototypes for generated rpc server functions. - - -o Holger Hetterich <hhet...@novell.com> - * Enable total anonymization in vfs_smb_traffic_analyzer. - - -o Bjoern Jacke <b...@sernet.de> - * Fix build with external dns_sd libraries. - * Fix configure check "sub-second timestamps without struct timespec". - * Add configure check for AIX style sub-second resolution support. - * Add configure check for Tru64 sub-second timestamp resolution. - * Add Tru64 sub-second resolution timestamp support. - * Enable IPv6 support for NetBSD and FreeBSD. - * Use correct BSD evironment variable. - - -o Guenter Kukkukk <li...@kukkukk.com> - * Don't try and delete a default ACL from a file. - - -o Volker Lendecke <v...@samba.org> - * BUG 5798: CFLAGS info lost in configure. - * Fix Coverity IDs 740, 742, 744, 745, 876, 879, 880. - * Fix remotely adding a share via the Windows MMC. - * Avoid valgrind errors. - * Fix 'net rpc join' for users with the SeMachineAccountPrivilege. - * Fix resume handle for _samr_EnumDomainGroups. - * Fix a buffer handling bug when adding lots of registry keys. - * Fix a O(n^2) algorithm in regdb_fetch_keys(). - - -o Jeff Layton <jlay...@redhat.com> - * Initialize rc to 0 in main in mount.cifs. - - -o Derrell Lipman <derrell.lip...@unwireduniverse.com> - * BUG 6069: Add a fstatvfs function for libsmbclient. - * Eliminate compiler warnings. - - -o Glenn Machin <gmac...@sandia.gov> - * Don't miss an absolute pathname as a kerberos keytab path. + * BUG 6082: Fix renaming and deleting of directories using Windows clients. + * BUG 6154: Make ZFS honor admin users. + * BUG 6155: Fix "force group". + * BUG 6160: Fix saving of files on Samba share using MS Office 2007 + * BUG 6161: Fix corruptions of source path in tar mode of smbclient. + * Fix some NetBSD warnings. + * Fix bug in processing of open modes in POSIX open. + * Fix use of streams modules with CIFSFS client. + * Ensure ACL modules work with POSIX paths. + * Use fsp->posix_open in preference if we have it. + * Fix more POSIX path lstat calls. -o Stefan Metzmacher <me...@samba.org> - * BUG 6100: Implement _netr_LogonGetCapabilities() with - NT_STATUS_NOT_IMPLEMENTED. - * Make Samba work with older ctdb versions. - * Add S-1-22-X-Y sids to the local token. +o Steven Danneman <steven.danne...@isilon.com> + * Fix guest authentication in setups with "security = share" and "guest ok = + yes" when Winbind is running. -o Lars Mueller <l...@samba.org> - * Conditional install of the cifs.upcall man page. - * Adjust regex to match variable names including underscores. +o Steve French <smfre...@gmail.com> + * BUG 4640: Fix guest mounts in mount.cifs. + * Fix displaying the version string properly when no other parameters passed + in in mount.cifs. -o Shirish Pargaonkar <shirishpargaon...@gmail.com> - * BUG 4370: Clean-up entries in /etc/mtab after unmount. - * Add fakemount (-f) and nomtab (-n) flags to mount.cifs. +o Björn Jacke <b...@sernet.de> + * Prefer gssapi header files from subdirectory. -o Ted Percival <ted.perci...@quest.com> - * Fix a crash during name resolution. +o Volker Lendecke <v...@samba.org> + * BUG 6124: Fix the build on IRIX. o Tim Prouty <tpro...@samba.org> - * Fix "assignment discards qualifiers from pointer target type" - warnings. - * Fix SMB_VFS_RECVFILE/SENDFILE macros. - - -o Karolin Seeger <ksee...@samba.org> - * Change "ldap ssl:ads" parameter to "ldap ssl ads". - * Add manpages for vfs_acl_xattr and vfs_acl_tdb. - - -o Dan Sledz <dsl...@isilon.com> - * Fix double free caused by incorrect talloc_steal usage. - - -o Simo Sorce <i...@samba.org> - * Build ldbrename. - - -o Aravind Srinivasan <aravind.sriniva...@isilon.com> - * Make nmbd check all available interfaces for WINS before failing. - - -o Miguel Suarez <miguel.sua...@stratus.com> - * Fix compilation of vfs_default on systems that do not support utimes(). + * Fix creation of core files. -o Yasuma Takeda <yas...@osstech.co.jp> - * BUG 5920: Fix the calculation of the memcpy length. - * BUG 6098: Fix ads_find_dc() in setups with "security = domain". +o Dan Sledz <dan.sl...@isilon.com> + * Fix first mapping of uids/gids in Winbind. o Bo Yang <boy...@novell.com> - * Make libsmbclient work with DFS. + * Initialize the id_map status in idmap_ldap to avoid surprise. + * Fix initialization of idmap status. ###################################################################### diff --git a/docs-xml/smbdotconf/security/clientlanmanauth.xml b/docs-xml/smbdotconf/security/clientlanmanauth.xml index 967eacf..9c61ded 100644 --- a/docs-xml/smbdotconf/security/clientlanmanauth.xml +++ b/docs-xml/smbdotconf/security/clientlanmanauth.xml @@ -17,7 +17,7 @@ this option. </para> <para>Disabling this option will also disable the <command - moreinfo="none">client plaintext auth</command> option</para> + moreinfo="none">client plaintext auth</command> option.</para> <para>Likewise, if the <command moreinfo="none">client ntlmv2 auth</command> parameter is enabled, then only NTLMv2 logins will be diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c index b84c168..2a535bf 100644 --- a/source/auth/auth_util.c +++ b/source/auth/auth_util.c @@ -789,7 +789,7 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info) } /* - * Create an artificial NT token given just a username. (Initially indended + * Create an artificial NT token given just a username. (Initially intended * for force user) * * We go through lookup_name() to avoid problems we had with 'winbind use @@ -842,12 +842,6 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, goto done; } - if (!sid_to_uid(&user_sid, uid)) { - DEBUG(1, ("sid_to_uid for %s (%s) failed\n", - username, sid_string_dbg(&user_sid))); - goto done; - } - if (sid_check_is_in_our_domain(&user_sid)) { bool ret; @@ -905,6 +899,12 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, unix_user: + if (!sid_to_uid(&user_sid, uid)) { + DEBUG(1, ("sid_to_uid for %s (%s) failed\n", + username, sid_string_dbg(&user_sid))); + goto done; + } + uid_to_unix_users_sid(*uid, &user_sid); pass = getpwuid_alloc(tmp_ctx, *uid); diff --git a/source/client/clitar.c b/source/client/clitar.c index 5a97446..d6c02df 100644 --- a/source/client/clitar.c +++ b/source/client/clitar.c @@ -1513,6 +1513,7 @@ int process_tar(void) if (strrchr_m(cliplist[i], '\\')) { char *p; + char saved_char; char *saved_dir = talloc_strdup(ctx, client_get_cur_dir()); if (!saved_dir) { @@ -1531,13 +1532,28 @@ int process_tar(void) if (!tarmac) { return 1; } + /* + * Strip off the last \\xxx + * xxx element of tarmac to set + * it as current directory. + */ p = strrchr_m(tarmac, '\\'); if (!p) { return 1; } + saved_char = p[1]; p[1] = '\0'; + client_set_cur_dir(tarmac); + /* + * Restore the character we + * just replaced to + * put the pathname + * back as it was. + */ + p[1] = saved_char; + DEBUG(5, ("process_tar, do_list with tarmac: %s\n", tarmac)); do_list(tarmac,attribute,do_tar, False, True); diff --git a/source/client/mount.cifs.c b/source/client/mount.cifs.c index a736609..d05115b 100644 --- a/source/client/mount.cifs.c +++ b/source/client/mount.cifs.c @@ -650,7 +650,9 @@ static int parse_options(char ** optionsp, int * filesys_flags) } else if (strncmp(data, "exec", 4) == 0) { *filesys_flags &= ~MS_NOEXEC; } else if (strncmp(data, "guest", 5) == 0) { - got_password=1; + user_name = (char *)calloc(1, 1); + got_user = 1; + got_password = 1; } else if (strncmp(data, "ro", 2) == 0) { *filesys_flags |= MS_RDONLY; } else if (strncmp(data, "rw", 2) == 0) { @@ -1079,6 +1081,14 @@ int main(int argc, char ** argv) } mountpoint = argv[2]; } else { + if ((strcmp (argv[1], "--version") == 0) || + ((strcmp (argv[1], "-V") == 0))) { + printf ("mount.cifs version: %s.%s%s\n", + MOUNT_CIFS_VERSION_MAJOR, + MOUNT_CIFS_VERSION_MINOR, + MOUNT_CIFS_VENDOR_SUFFIX); + exit (0); + } mount_cifs_usage(); exit(EX_USAGE); } diff --git a/source/include/includes.h b/source/include/includes.h index d95b821..7b24b72 100644 --- a/source/include/includes.h +++ b/source/include/includes.h @@ -207,12 +207,12 @@ typedef int ber_int_t; #undef HAVE_LDAP #endif -#if HAVE_GSSAPI_H -#include <gssapi.h> -#elif HAVE_GSSAPI_GSSAPI_H +#if HAVE_GSSAPI_GSSAPI_H #include <gssapi/gssapi.h> #elif HAVE_GSSAPI_GSSAPI_GENERIC_H #include <gssapi/gssapi_generic.h> +#elif HAVE_GSSAPI_H +#include <gssapi.h> #endif #if HAVE_COM_ERR_H diff --git a/source/include/libsmbclient.h b/source/include/libsmbclient.h index 8c642b1..869aeb6 100644 --- a/source/include/libsmbclient.h +++ b/source/include/libsmbclient.h @@ -2677,11 +2677,11 @@ smbc_version(void); */ void -smbc_set_credentials(char *workgroup, - char *user, - char *password, +smbc_set_credentials(const char *workgroup, + const char *user, + const char *password, smbc_bool use_kerberos, - char *signing_state); + const char *signing_state); /* * Wrapper around smbc_set_credentials. diff --git a/source/include/proto.h b/source/include/proto.h index 72d3ffe..c3df0ae 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -5202,9 +5202,9 @@ bool remove_share_oplock(struct share_mode_lock *lck, files_struct *fsp); bool downgrade_share_oplock(struct share_mode_lock *lck, files_struct *fsp); NTSTATUS can_set_delete_on_close(files_struct *fsp, bool delete_on_close, uint32 dosmode); -void set_delete_on_close_token(struct share_mode_lock *lck, UNIX_USER_TOKEN *tok); -void set_delete_on_close_lck(struct share_mode_lock *lck, bool delete_on_close, UNIX_USER_TOKEN *tok); -bool set_delete_on_close(files_struct *fsp, bool delete_on_close, UNIX_USER_TOKEN *tok); +void set_delete_on_close_token(struct share_mode_lock *lck, const UNIX_USER_TOKEN *tok); +void set_delete_on_close_lck(struct share_mode_lock *lck, bool delete_on_close, const UNIX_USER_TOKEN *tok); +bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const UNIX_USER_TOKEN *tok); bool set_sticky_write_time(struct file_id fileid, struct timespec write_time); bool set_write_time(struct file_id fileid, struct timespec write_time); int share_mode_forall(void (*fn)(const struct share_mode_entry *, const char *, @@ -8906,6 +8906,7 @@ files_struct *file_find_fsp(files_struct *orig_fsp); files_struct *file_find_di_first(struct file_id id); files_struct *file_find_di_next(files_struct *start_fsp); files_struct *file_find_print(void); +bool file_find_subpath(files_struct *dir_fsp); void file_sync_all(connection_struct *conn); void file_free(files_struct *fsp); files_struct *file_fnum(uint16 fnum); diff --git a/source/include/smb.h b/source/include/smb.h index a98d151..56d9461 100644 --- a/source/include/smb.h +++ b/source/include/smb.h @@ -597,6 +597,12 @@ typedef struct connection_struct { */ struct auth_serversupplied_info *server_info; + /* + * If the "force group" parameter is set, this is the primary gid that + * may be used in the users token, depending on the vuid using this tid. + */ + gid_t force_group_gid; + char client_address[INET6_ADDRSTRLEN]; /* String version of client IP address. */ uint16 vuid; /* vuid of user who *opened* this connection, or UID_FIELD_INVALID */ diff --git a/source/lib/fault.c b/source/lib/fault.c index 1bd7d03..4a94932 100644 --- a/source/lib/fault.c +++ b/source/lib/fault.c @@ -157,7 +157,6 @@ void dump_core_setup(const char *progname) return; } - SAFE_FREE(corepath); SAFE_FREE(logbase); #ifdef HAVE_GETRLIMIT diff --git a/source/libaddns/dns.h b/source/libaddns/dns.h index 2eaeaf7..9f6e7e9 100644 --- a/source/libaddns/dns.h +++ b/source/libaddns/dns.h @@ -81,12 +81,12 @@ #include <krb5.h> #endif -#if HAVE_GSSAPI_H -#include <gssapi.h> -#elif HAVE_GSSAPI_GSSAPI_H +#if HAVE_GSSAPI_GSSAPI_H #include <gssapi/gssapi.h> #elif HAVE_GSSAPI_GSSAPI_GENERIC_H #include <gssapi/gssapi_generic.h> +#elif HAVE_GSSAPI_H +#include <gssapi.h> #endif #if defined(HAVE_GSSAPI_H) || defined(HAVE_GSSAPI_GSSAPI_H) || defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) diff --git a/source/librpc/gen_ndr/nbt.h b/source/librpc/gen_ndr/nbt.h index 264b00b..4b872d7 100644 --- a/source/librpc/gen_ndr/nbt.h +++ b/source/librpc/gen_ndr/nbt.h @@ -391,7 +391,7 @@ struct nbt_dgram_packet { }/* [public,flag(LIBNDR_FLAG_NOALIGN|LIBNDR_FLAG_BIGENDIAN|LIBNDR_PRINT_ARRAY_HEX)] */; struct nbt_sockaddr { - uint32_t sa_family; + uint32_t sockaddr_family; const char * pdc_ip;/* [flag(LIBNDR_FLAG_BIGENDIAN)] */ DATA_BLOB remaining;/* [flag(LIBNDR_FLAG_REMAINING)] */ }/* [gensize,public] */; diff --git a/source/librpc/gen_ndr/ndr_nbt.c b/source/librpc/gen_ndr/ndr_nbt.c index 84cfabd..c02b539 100644 --- a/source/librpc/gen_ndr/ndr_nbt.c +++ b/source/librpc/gen_ndr/ndr_nbt.c @@ -1531,7 +1531,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_nbt_sockaddr(struct ndr_push *ndr, int ndr_f { if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_push_align(ndr, 4)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->sa_family)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->sockaddr_family)); { uint32_t _flags_save_ipv4address = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_FLAG_BIGENDIAN); @@ -1554,7 +1554,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_nbt_sockaddr(struct ndr_pull *ndr, int ndr_f { if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sa_family)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sockaddr_family)); { uint32_t _flags_save_ipv4address = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_FLAG_BIGENDIAN); @@ -1577,7 +1577,7 @@ _PUBLIC_ void ndr_print_nbt_sockaddr(struct ndr_print *ndr, const char *name, co { ndr_print_struct(ndr, name, "nbt_sockaddr"); ndr->depth++; - ndr_print_uint32(ndr, "sa_family", r->sa_family); + ndr_print_uint32(ndr, "sockaddr_family", r->sockaddr_family); ndr_print_ipv4address(ndr, "pdc_ip", r->pdc_ip); ndr_print_DATA_BLOB(ndr, "remaining", r->remaining); ndr->depth--; diff --git a/source/librpc/idl/nbt.idl b/source/librpc/idl/nbt.idl index bd55b11..2ce8fa0 100644 --- a/source/librpc/idl/nbt.idl +++ b/source/librpc/idl/nbt.idl @@ -339,7 +339,7 @@ interface nbt */ typedef [public,gensize] struct { - uint32 sa_family; -- Samba Shared Repository