The branch, v3-3-stable has been updated
via 1066c9970e3d37b9437eaf1851df976775d331b9 (commit)
via ce5f39750eb15dc9aaa2d9def66e449ae146c0c1 (commit)
via 3328bbb927231f527c55236f1bee2b5d98b034f7 (commit)
via c6a2259f85d46ab493e9a0347d57cff70f5fb8fc (commit)
via 46db7a7b3f55d4460289dcc4533a3708c4f6bbbe (commit)
via c0b807920e9b93776231935db4ff00d2c2f2a3a0 (commit)
via 17d1f1c54ef5782f269e1c9a94987842ec18fd6e (commit)
via ea5761746b63f3ae35e13a943ac025b6458c8adf (commit)
via 189e37646094465c7cc26782c58ce07e51b77761 (commit)
via 48b5164dd1f1e11333cce30f47acb83579edcadb (commit)
via 7611bea4d8559d52ba347af51d444e68d7edce7e (commit)
via 1e82aedd0c6225fd77009ac6a983c9a691927197 (commit)
via 3c28ca29c6c0e6977076c78444ef87ae2b56eb44 (commit)
via 0450687b05322b0840e818e85d46bad97f6c5180 (commit)
via 4b4b8c34ef9b0d334537928ac26870f9fcb7775a (commit)
via 81e9fb11e548245d8d57f85db69d56c72dd4cfab (commit)
via e32b4c894d19010ceeb8a01a15f1b11e05282fe8 (commit)
via 693f82492ac980377860886cc32a30a20777bd13 (commit)
via 612af43281e41716f3d50e9f30c5250f011bc8f6 (commit)
via d847df46cd9ae7ae3a412a8c37c66163a0c5a5b5 (commit)
via 010ce01991b5bfb755eafed0da0f5858e9876acb (commit)
via a906a153f7fa33e820a1f3c7fb0216ce001c4162 (commit)
from b09440c77b93ff6088c2fd474d6b24c081054812 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-stable
- Log -----------------------------------------------------------------
commit 1066c9970e3d37b9437eaf1851df976775d331b9
Author: Michael Adam <ob...@samba.org>
Date: Mon Jul 27 14:09:39 2009 +0200
docs: fix typos in the net man page.
Noted by Oota Toshiya <t-o...@dh.jp.nec.com> .
Michael
(cherry picked from commit 4d25298b133279c0918e0663cf2fd59f7e11672f)
commit ce5f39750eb15dc9aaa2d9def66e449ae146c0c1
Author: Bo Yang <boy...@samba.org>
Date: Sat Jul 18 14:23:24 2009 +0800
handling upn
lookupname failed, cannot find domain when attempt
to change password.
This addresses bug #6560.
Signed-off-by: Bo Yang <boy...@samba.org>
(cherry picked from commit 830c4da460bcad919421acf9d537cf577b231de7)
commit 3328bbb927231f527c55236f1bee2b5d98b034f7
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Jun 30 16:03:11 2009 +0200
s3:util: let parent_dirname() correctly return toplevel filenames
metze
(cherry picked from commit a14efbadd53ac9678d75e6029f947d63cfa0c4e5)
Signed-off-by: Stefan Metzmacher <me...@samba.org>
This addresses bug #6526.
(cherry picked from commit 58f449318dd07240c60513559cf682aa243d3e4c)
commit c6a2259f85d46ab493e9a0347d57cff70f5fb8fc
Author: Jeremy Allison <j...@samba.org>
Date: Thu Jul 2 08:37:59 2009 +0200
Fix bug #6520 time stamps.
E.g. last mod time is not preserved when "unix extensions=yes" are set -
and u
Cancel out any pending "sticky" writes or "last write" changes when
doing a UNIX info level set.
Jeremy.
(cherry picked from commit 5b03af33ad45368bea7cf6cabc91f62e2503de99)
commit 46db7a7b3f55d4460289dcc4533a3708c4f6bbbe
Author: Matt Kraai <mkr...@beckman.com>
Date: Wed Jul 1 08:18:11 2009 +0200
s3/docs: Fix typo.
This fixes bug #6519.
(cherry picked from commit 4fb1f8e8fe46b3e77c06612ac3fc3d67cf650a11)
(cherry picked from commit 39bfcc5d50892ad0c387f0ca3932e961e77fdc39)
(cherry picked from commit 408cc7ec9f4119aa9a768474152a83ef796309a9)
commit c0b807920e9b93776231935db4ff00d2c2f2a3a0
Author: Jim McDonough <j...@samba.org>
Date: Mon Jun 29 09:42:35 2009 -0400
Don't require "Modify property" perms to unjoin (bug #6481) "net ads leave"
stopped working when "modify properties" permissions were not granted (meaning
you had to be allowed to disable the account that you were about to delete).
Libnetapi should not delete machine accounts, as this does not
happen on win32. The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag
really means "disable" (both in practice and docs).
However, to keep the functionality in "net ads leave", we
will still try to do the delete. If this fails, we try
to do the disable.
Additionally, it is possible in windows to not disable or
delete the account, but just tell the local machine that it
is no longer in the account. libnet can now do this as well.
Don't use ads realm name for non-ads case. #6481
Also check that the connection to ads worked.
(cherry picked from commit 6f9ed71a87e4ed5665ee8999ebf987e2165629c6)
commit 17d1f1c54ef5782f269e1c9a94987842ec18fd6e
Author: Günther Deschner <g...@samba.org>
Date: Mon Jun 29 15:27:13 2009 +0200
s3-test: add RPC-SAMR-MACHINE-AUTH to list of tests to run against s3.
Guenther
(cherry picked from commit 99f68c7b1c527bc39acd0f9db15f65ce087c5dca)
commit ea5761746b63f3ae35e13a943ac025b6458c8adf
Author: Volker Lendecke <v...@samba.org>
Date: Tue Jun 16 11:51:11 2009 +0200
s3/lanman: Workaround for KB932762.
This addresses bug #6498.
(cherry picked from commit a702dea5a86f22e0b7857b67447152a06b3bbea2)
(cherry picked from commit aa769edfcef6937927201f765509c10b60764817)
commit 189e37646094465c7cc26782c58ce07e51b77761
Author: Björn Jacke <b...@sernet.de>
Date: Sat Apr 4 11:21:01 2009 +0200
s3:configure: "test" only takes one "=" (cherry picked from commit
ddd37c2b235eb03ddb438ebb2cdd14dd67f867f3)
This fixes bug #6497.
(cherry picked from commit bcb3a4746710cb4e2800010c23b6e810c78e603d)
commit 48b5164dd1f1e11333cce30f47acb83579edcadb
Author: Karolin Seeger <ksee...@samba.org>
Date: Fri Jun 19 15:23:22 2009 +0200
s3/docs: Fix typo.
This fixes bug #6412.
Thanks to Carsten Dumke <carsten [at] cdumke.de> for reporting!
Karolin
(cherry picked from commit 4ad43a21344b43f1c9fe459165098bcab1695711)
(cherry picked from commit 84750d556d0a42b5d8b134308311e2cb9a533b58)
(cherry picked from commit 304c25a518aba988c3d36e78f6a8416a340b3b33)
commit 7611bea4d8559d52ba347af51d444e68d7edce7e
Author: Günther Deschner <g...@samba.org>
Date: Wed May 13 15:17:46 2009 +0200
s3-net: Fix bug 6340: don't segfault when cleartext trustdom pwd could not
be retrieved.
Guenther
(cherry picked from commit b4fe7ad41953c2c60bf9333cff4a5e83fcbe582e)
commit 1e82aedd0c6225fd77009ac6a983c9a691927197
Author: Jeremy Allison <j...@samba.org>
Date: Fri Jun 19 10:10:13 2009 +0200
Fix bug #6487: Missing DFS call in trans2 mkdir call. (cherry picked from
commit 1a0005e1c508cf3b170d1c7e43b94a47b2820506)
(cherry picked from commit 133cdb46be154eeceb080fa9db88a38d9f87c919)
commit 3c28ca29c6c0e6977076c78444ef87ae2b56eb44
Author: Günther Deschner <g...@samba.org>
Date: Tue May 5 12:54:21 2009 +0200
s3-pam_winbind: Fix Bug 6253: Use correct value for password expiry
calculation.
Based on patch from Blindauer Emmanuel <sa...@mooby.net>.
Guenther
(cherry picked from commit 3815e87f1ffea44c4d76e6c2515ff4894f6896c9)
commit 0450687b05322b0840e818e85d46bad97f6c5180
Author: Günther Deschner <g...@samba.org>
Date: Mon May 11 18:27:40 2009 +0200
s3-lsa: Fix _lsa_LookupNames2() server implementation which always returned
a NULL sid_array since 3.2.0.
Found by torture test.
This makes it possible to search for users while adding them to groups via
windows usermanager.
Fixes bug #6484.
Guenther
(cherry picked from commit 0cfe59f1b580371f445b50151ceae5aef02bf0c4)
commit 4b4b8c34ef9b0d334537928ac26870f9fcb7775a
Author: Jeremy Allison <j...@samba.org>
Date: Thu Jun 18 11:53:52 2009 +0200
Fix bug #6476 - more then 3000 smbd-zombies in memory
We weren't reaping children in the [x]inetd case.
Jeremy.
(cherry picked from commit 7e51314f2e18241876b049642fcb133df7e44c70)
commit 81e9fb11e548245d8d57f85db69d56c72dd4cfab
Author: Karolin Seeger <ksee...@samba.org>
Date: Thu Jun 18 09:32:10 2009 +0200
s3/docs: Add documentation for 'net sam rights'.
This is part of a fix for bug #6328.
Karolin
(cherry picked from commit a5a31512de9d9b9ed7eed906487dd154fde7e483)
commit e32b4c894d19010ceeb8a01a15f1b11e05282fe8
Author: Karolin Seeger <ksee...@samba.org>
Date: Wed Jun 17 15:21:24 2009 +0200
Revert "s3/packaging: source -> source3"
This reverts commit 646d465780fd0afea2454cf2e1c732c39a93491e.
Pushed by accident...
(cherry picked from commit 8cf6e03e9ebffa759a2a66339124492ef3e8d26f)
commit 693f82492ac980377860886cc32a30a20777bd13
Author: Karolin Seeger <ksee...@samba.org>
Date: Wed Jun 17 15:19:20 2009 +0200
s3/packaging: pam_winbind has been moved to section 8.
Karolin
(cherry picked from commit 13494c0f8f9459c51b520a7cf60790e9e2f475b4)
(cherry picked from commit 3c44cd7a10948454fea58f521164fdbe7e20d959)
commit 612af43281e41716f3d50e9f30c5250f011bc8f6
Author: Karolin Seeger <ksee...@samba.org>
Date: Wed Jun 17 15:18:16 2009 +0200
s3/packaging: source -> source3
Karolin
(cherry picked from commit 6098be34ba62b96908e6dfe7a9d63519cee6a5af)
(cherry picked from commit 646d465780fd0afea2454cf2e1c732c39a93491e)
commit d847df46cd9ae7ae3a412a8c37c66163a0c5a5b5
Author: Günther Deschner <g...@samba.org>
Date: Tue Jun 16 15:00:20 2009 +0200
s3-netapi: Fix Bug #6451: net/libnetapi user rename using wrong access bits.
Guenther
(cherry picked from commit 29b8e08b83eeb0ab7d33bf46981cdbad8c35dc9b)
(cherry picked from commit adecea9ce358e30d1b3847f3931479e6f7b42592)
commit 010ce01991b5bfb755eafed0da0f5858e9876acb
Author: Jeremy Allison <j...@samba.org>
Date: Sat May 30 13:28:03 2009 -0700
Fix bug #6421 - POSIX read-only open fails on read-only shares. The change
to smbd/trans2.c opens up SETFILEINFO calls to POSIX_OPEN only. The change to
first smbd/open.c closes 2 holes that would have been exposed by allowing
POSIX_OPENS on readonly shares, and their ability to set arbitrary flags
permutations. The O_CREAT -> O_CREAT|O_EXCL change removes an illegal
combination (O_EXCL without O_CREAT) that previously was being passed down to
the open syscall. Jeremy.
(cherry picked from commit 79f26472b4ae561ec00c30f31dd63ccab6dfc0c4)
commit a906a153f7fa33e820a1f3c7fb0216ce001c4162
Author: Karolin Seeger <ksee...@samba.org>
Date: Wed Jun 17 10:23:21 2009 +0200
s3/libsmb: Fix typo in error message.
Thanks to Herb Lewis <hlewis [at] panasas.com> for noticing!
Karolin
(cherry picked from commit 095f66b0ed74d4b5c7561ca05bbfdf33f60d0600)
(cherry picked from commit eb3889c8b745023bfd7956bfcd961adbe78b6cea)
-----------------------------------------------------------------------
Summary of changes:
docs-xml/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml | 2 +-
docs-xml/manpages-3/net.8.xml | 31 +++++++++-
.../smbdotconf/security/checkpasswordscript.xml | 2 +-
packaging/RHEL/samba.spec.tmpl | 2 +-
source/configure.in | 2 +-
source/lib/netapi/joindomain.c | 1 +
source/lib/netapi/user.c | 2 +
source/lib/util.c | 2 +-
source/libnet/libnet_join.c | 61 +++++++++++++------
source/librpc/gen_ndr/libnet_join.h | 1 +
source/librpc/gen_ndr/ndr_libnet_join.c | 1 +
source/librpc/idl/libnet_join.idl | 1 +
source/libsmb/passchange.c | 2 +-
source/nsswitch/pam_winbind.c | 16 ++++-
source/rpc_server/srv_lsa_nt.c | 1 +
source/script/tests/test_posix_s3.sh | 2 +-
source/smbd/lanman.c | 1 +
source/smbd/open.c | 6 +-
source/smbd/server.c | 19 +++++-
source/smbd/trans2.c | 64 +++++++++++++++++---
source/utils/net_ads.c | 11 +++-
source/utils/net_rpc.c | 2 +-
source/winbindd/winbindd_sid.c | 5 ++
source/winbindd/winbindd_util.c | 3 +-
24 files changed, 191 insertions(+), 49 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml
b/docs-xml/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml
index aa879ae..f3fb688 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml
@@ -88,7 +88,7 @@ See <link linkend="pdbeditthing">The
<emphasis>pdbedit</emphasis> Command</link>
</sect1>
<sect1>
-<title>New Featuers in Samba-3.x Series</title>
+<title>New Features in Samba-3.x Series</title>
<para>
</para>
diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml
index c63ec6a..89f5640 100644
--- a/docs-xml/manpages-3/net.8.xml
+++ b/docs-xml/manpages-3/net.8.xml
@@ -1056,6 +1056,33 @@ the rid and description is also provided for each
account.
</refsect2>
<refsect2>
+<title>SAM RIGHTS LIST</title>
+
+<para>
+List all available privileges.
+</para>
+
+</refsect2>
+
+<refsect2>
+<title>SAM RIGHTS GRANT <NAME> <PRIVILEGE></title>
+
+<para>
+Grant a certain privilege to a user.
+</para>
+
+</refsect2>
+
+<refsect2>
+<title>SAM RIGHTS REVOKE <NAME> <PRIVILEGE></title>
+
+<para>
+Revoke a certain privilege from a user.
+</para>
+
+</refsect2>
+
+<refsect2>
<title>SAM SHOW <NAME></title>
<para>
@@ -1618,7 +1645,7 @@ Joins a computer into a domain. This command supports the
following additional p
</itemizedlist>
<para>
-Note that you also need to use standard net paramters to connect and
authenticate to the remote machine that you want to join. These additional
parameters include: -S computer and -U user.
+Note that you also need to use standard net parameters to connect and
authenticate to the remote machine that you want to join. These additional
parameters include: -S computer and -U user.
</para>
<para>
Example:
@@ -1648,7 +1675,7 @@ Unjoins a computer from a domain. This command supports
the following additional
</itemizedlist>
<para>
-Note that you also need to use standard net paramters to connect and
authenticate to the remote machine that you want to unjoin. These additional
parameters include: -S computer and -U user.
+Note that you also need to use standard net parameters to connect and
authenticate to the remote machine that you want to unjoin. These additional
parameters include: -S computer and -U user.
</para>
<para>
Example:
diff --git a/docs-xml/smbdotconf/security/checkpasswordscript.xml
b/docs-xml/smbdotconf/security/checkpasswordscript.xml
index 152632c..1344997 100644
--- a/docs-xml/smbdotconf/security/checkpasswordscript.xml
+++ b/docs-xml/smbdotconf/security/checkpasswordscript.xml
@@ -18,5 +18,5 @@
</description>
<value type="default">Disabled</value>
-<value type="example">check password script =
/usr/local/sbin/crackcheck</value>
+<value type="example">/usr/local/sbin/crackcheck</value>
</samba:parameter>
diff --git a/packaging/RHEL/samba.spec.tmpl b/packaging/RHEL/samba.spec.tmpl
index 7818296..22f29fb 100644
--- a/packaging/RHEL/samba.spec.tmpl
+++ b/packaging/RHEL/samba.spec.tmpl
@@ -476,7 +476,7 @@ fi
%{_mandir}/man5/lmhosts.5*
%{_mandir}/man8/smbpasswd.8*
%{_mandir}/man7/libsmbclient.7*
-%{_mandir}/man7/pam_winbind.7*
+%{_mandir}/man8/pam_winbind.8*
%{_mandir}/man1/ldbadd.1*
%{_mandir}/man1/ldbdel.1*
diff --git a/source/configure.in b/source/configure.in
index b350d81..462b112 100644
--- a/source/configure.in
+++ b/source/configure.in
@@ -6181,7 +6181,7 @@ AC_ARG_ENABLE(dnssd,
[AS_HELP_STRING([--enable-dnssd], [Enable DNS service discovery support
(default=no)])])
AC_SUBST(DNSSD_LIBS)
-if test x"$enable_dnssd" == x"yes"; then
+if test x"$enable_dnssd" = x"yes"; then
have_dnssd_support=yes
AC_CHECK_HEADERS(dns_sd.h)
diff --git a/source/lib/netapi/joindomain.c b/source/lib/netapi/joindomain.c
index d15e2e7..93c2eed 100644
--- a/source/lib/netapi/joindomain.c
+++ b/source/lib/netapi/joindomain.c
@@ -207,6 +207,7 @@ WERROR NetUnjoinDomain_l(struct libnetapi_ctx *mem_ctx,
u->in.domain_name = domain;
u->in.unjoin_flags = r->in.unjoin_flags;
+ u->in.delete_machine_account = false;
u->in.modify_config = true;
u->in.debug = true;
diff --git a/source/lib/netapi/user.c b/source/lib/netapi/user.c
index bddd161..c989e18 100644
--- a/source/lib/netapi/user.c
+++ b/source/lib/netapi/user.c
@@ -1771,6 +1771,8 @@ WERROR NetUserSetInfo_r(struct libnetapi_ctx *ctx,
switch (r->in.level) {
case 0:
+ user_mask = SAMR_USER_ACCESS_SET_ATTRIBUTES;
+ break;
case 1003:
user_mask = SAMR_USER_ACCESS_SET_PASSWORD;
break;
diff --git a/source/lib/util.c b/source/lib/util.c
index 0ea7bf6..9a990d4 100644
--- a/source/lib/util.c
+++ b/source/lib/util.c
@@ -2685,7 +2685,7 @@ bool parent_dirname_talloc(TALLOC_CTX *mem_ctx, const
char *dir,
return False;
}
if (name) {
- *name = "";
+ *name = dir;
}
return True;
}
diff --git a/source/libnet/libnet_join.c b/source/libnet/libnet_join.c
index 1016e9c..9029d61 100644
--- a/source/libnet/libnet_join.c
+++ b/source/libnet/libnet_join.c
@@ -1923,6 +1923,12 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx,
W_ERROR_HAVE_NO_MEMORY(r->in.domain_sid);
}
+ if (!(r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE) &&
+ !r->in.delete_machine_account) {
+ libnet_join_unjoindomain_remove_secrets(mem_ctx, r);
+ return WERR_OK;
+ }
+
if (!r->in.dc_name) {
struct netr_DsRGetDCNameInfo *info;
const char *dc;
@@ -1948,38 +1954,55 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx,
W_ERROR_HAVE_NO_MEMORY(r->in.dc_name);
}
- status = libnet_join_unjoindomain_rpc(mem_ctx, r);
- if (!NT_STATUS_IS_OK(status)) {
- libnet_unjoin_set_error_string(mem_ctx, r,
- "failed to disable machine account via rpc: %s",
- get_friendly_nt_error_msg(status));
- if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
- return WERR_SETUP_NOT_JOINED;
- }
- return ntstatus_to_werror(status);
- }
-
- r->out.disabled_machine_account = true;
-
#ifdef WITH_ADS
- if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE) {
+ /* for net ads leave, try to delete the account. If it works,
+ no sense in disabling. If it fails, we can still try to
+ disable it. jmcd */
+
+ if (r->in.delete_machine_account) {
ADS_STATUS ads_status;
- libnet_unjoin_connect_ads(mem_ctx, r);
- ads_status = libnet_unjoin_remove_machine_acct(mem_ctx, r);
+ ads_status = libnet_unjoin_connect_ads(mem_ctx, r);
+ if (ADS_ERR_OK(ads_status)) {
+ /* dirty hack */
+ r->out.dns_domain_name =
+ talloc_strdup(mem_ctx,
+ r->in.ads->server.realm);
+ ads_status =
+ libnet_unjoin_remove_machine_acct(mem_ctx, r);
+ }
if (!ADS_ERR_OK(ads_status)) {
libnet_unjoin_set_error_string(mem_ctx, r,
"failed to remove machine account from AD: %s",
ads_errstr(ads_status));
} else {
r->out.deleted_machine_account = true;
- /* dirty hack */
- r->out.dns_domain_name = talloc_strdup(mem_ctx,
-
r->in.ads->server.realm);
W_ERROR_HAVE_NO_MEMORY(r->out.dns_domain_name);
+ libnet_join_unjoindomain_remove_secrets(mem_ctx, r);
+ return WERR_OK;
}
}
#endif /* WITH_ADS */
+ /* The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag really means
+ "disable". */
+ if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE) {
+ status = libnet_join_unjoindomain_rpc(mem_ctx, r);
+ if (!NT_STATUS_IS_OK(status)) {
+ libnet_unjoin_set_error_string(mem_ctx, r,
+ "failed to disable machine account via rpc: %s",
+ get_friendly_nt_error_msg(status));
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
+ return WERR_SETUP_NOT_JOINED;
+ }
+ return ntstatus_to_werror(status);
+ }
+
+ r->out.disabled_machine_account = true;
+ }
+
+ /* If disable succeeded or was not requested at all, we
+ should be getting rid of our end of things */
+
libnet_join_unjoindomain_remove_secrets(mem_ctx, r);
return WERR_OK;
diff --git a/source/librpc/gen_ndr/libnet_join.h
b/source/librpc/gen_ndr/libnet_join.h
index ed49062..9daf3cd 100644
--- a/source/librpc/gen_ndr/libnet_join.h
+++ b/source/librpc/gen_ndr/libnet_join.h
@@ -58,6 +58,7 @@ struct libnet_UnjoinCtx {
const char * admin_password;
const char * machine_password;
uint32_t unjoin_flags;
+ uint8_t delete_machine_account;
uint8_t modify_config;
struct dom_sid *domain_sid;/* [ref] */
struct ads_struct *ads;/* [ref] */
diff --git a/source/librpc/gen_ndr/ndr_libnet_join.c
b/source/librpc/gen_ndr/ndr_libnet_join.c
index 79fcd16..ba31ea6 100644
--- a/source/librpc/gen_ndr/ndr_libnet_join.c
+++ b/source/librpc/gen_ndr/ndr_libnet_join.c
@@ -89,6 +89,7 @@ _PUBLIC_ void ndr_print_libnet_UnjoinCtx(struct ndr_print
*ndr, const char *name
ndr_print_ptr(ndr, "machine_password", r->in.machine_password);
#endif
ndr_print_wkssvc_joinflags(ndr, "unjoin_flags",
r->in.unjoin_flags);
+ ndr_print_uint8(ndr, "delete_machine_account",
r->in.delete_machine_account);
ndr_print_uint8(ndr, "modify_config", r->in.modify_config);
ndr_print_ptr(ndr, "domain_sid", r->in.domain_sid);
ndr->depth++;
diff --git a/source/librpc/idl/libnet_join.idl
b/source/librpc/idl/libnet_join.idl
index c600ea0..80429dc 100644
--- a/source/librpc/idl/libnet_join.idl
+++ b/source/librpc/idl/libnet_join.idl
@@ -53,6 +53,7 @@ interface libnetjoin
[in] string admin_password,
[in] string machine_password,
[in] wkssvc_joinflags unjoin_flags,
+ [in] boolean8 delete_machine_account,
[in] boolean8 modify_config,
[in] dom_sid *domain_sid,
[in] ads_struct *ads,
diff --git a/source/libsmb/passchange.c b/source/libsmb/passchange.c
index b662b44..299d98d 100644
--- a/source/libsmb/passchange.c
+++ b/source/libsmb/passchange.c
@@ -186,7 +186,7 @@ NTSTATUS remote_password_change(const char *remote_machine,
const char *user_nam
} else {
if (asprintf(err_str, "SAMR connection to machine %s "
"failed. Error was %s, but LANMAN password "
- "changed are disabled\n",
+ "changes are disabled\n",
remote_machine, nt_errstr(result)) == -1) {
*err_str = NULL;
}
diff --git a/source/nsswitch/pam_winbind.c b/source/nsswitch/pam_winbind.c
index 26ef1d4..73be3e0 100644
--- a/source/nsswitch/pam_winbind.c
+++ b/source/nsswitch/pam_winbind.c
@@ -914,7 +914,8 @@ static void _pam_warn_password_expiry(struct pwb_context
*ctx,
/* now check for the global password policy */
/* good catch from Ralf Haferkamp: an expiry of "never" is translated
* to -1 */
- if (policy->expire <= 0) {
+ if ((policy->expire == (int64_t)-1) ||
+ (policy->expire == 0)) {
return;
}
@@ -2283,6 +2284,7 @@ static char* winbind_upn_to_username(struct pwb_context
*ctx,
enum wbcSidType type;
char *domain;
char *name;
+ char *p;
/* This cannot work when the winbind separator = @ */
@@ -2291,9 +2293,19 @@ static char* winbind_upn_to_username(struct pwb_context
*ctx,
return NULL;
}
+ name = talloc_strdup(ctx, upn);
+ if (!name) {
+ return NULL;
+ }
+
+ if ((p = strchr(name, '@')) != NULL) {
+ *p = 0;
+ domain = p + 1;
+ }
+
/* Convert the UPN to a SID */
- wbc_status = wbcLookupName("", upn, &sid, &type);
+ wbc_status = wbcLookupName(domain, name, &sid, &type);
if (!WBC_ERROR_IS_OK(wbc_status)) {
return NULL;
}
diff --git a/source/rpc_server/srv_lsa_nt.c b/source/rpc_server/srv_lsa_nt.c
index 96ee36a..ec7d30a 100644
--- a/source/rpc_server/srv_lsa_nt.c
+++ b/source/rpc_server/srv_lsa_nt.c
@@ -1090,6 +1090,7 @@ NTSTATUS _lsa_LookupNames2(pipes_struct *p,
status = _lsa_LookupNames(p, &q);
+ sid_array2->count = sid_array->count;
sid_array2->sids = TALLOC_ARRAY(p->mem_ctx, struct lsa_TranslatedSid2,
sid_array->count);
if (!sid_array2->sids) {
return NT_STATUS_NO_MEMORY;
diff --git a/source/script/tests/test_posix_s3.sh
b/source/script/tests/test_posix_s3.sh
index 3bd9d1c..5684b27 100755
--- a/source/script/tests/test_posix_s3.sh
+++ b/source/script/tests/test_posix_s3.sh
@@ -38,7 +38,7 @@ raw="$raw RAW-SAMBA3ROOTDIRFID"
rpc="RPC-AUTHCONTEXT RPC-BINDSAMBA3 RPC-SAMBA3-SRVSVC RPC-SAMBA3-SHARESEC"
rpc="$rpc RPC-SAMBA3-SPOOLSS RPC-SAMBA3-WKSSVC"
rpc="$rpc RPC-NETLOGSAMBA3 RPC-SAMBA3SESSIONKEY RPC-SAMBA3-GETUSERNAME"
-rpc="$rpc RPC-LSA-LOOKUPSIDS RPC-JOIN"
+rpc="$rpc RPC-LSA-LOOKUPSIDS RPC-JOIN RPC-SAMR-MACHINE-AUTH"
# NOTE: to enable the UNIX-WHOAMI test, we need to change the default share
# config to allow guest access. I'm not sure whether this would break other
diff --git a/source/smbd/lanman.c b/source/smbd/lanman.c
index fe1d766..5fb05de 100644
--- a/source/smbd/lanman.c
+++ b/source/smbd/lanman.c
@@ -1214,6 +1214,7 @@ static int get_server_info(uint32 servertype,
continue;
}
fstrcpy(s->comment, p);
+ string_truncate(s->comment, MAX_SERVER_STRING_LENGTH);
s->domain[0] = '\0';
if (!next_token_talloc(frame,&ptr,&p, NULL)) {
diff --git a/source/smbd/open.c b/source/smbd/open.c
index 658cc5a..2ec9632 100644
--- a/source/smbd/open.c
+++ b/source/smbd/open.c
@@ -317,7 +317,7 @@ static NTSTATUS open_file(files_struct *fsp,
if (!CAN_WRITE(conn)) {
/* It's a read-only share - fail if we wanted to write. */
- if(accmode != O_RDONLY) {
+ if(accmode != O_RDONLY || (flags & O_TRUNC) || (flags &
O_APPEND)) {
DEBUG(3,("Permission denied opening %s\n", path));
return NT_STATUS_ACCESS_DENIED;
} else if(flags & O_CREAT) {
@@ -325,8 +325,8 @@ static NTSTATUS open_file(files_struct *fsp,
O_CREAT doesn't create the file if we have write
access into the directory.
*/
- flags &= ~O_CREAT;
- local_flags &= ~O_CREAT;
+ flags &= ~(O_CREAT|O_EXCL);
+ local_flags &= ~(O_CREAT|O_EXCL);
}
}
diff --git a/source/smbd/server.c b/source/smbd/server.c
index 2415aeb..e0f86a6 100644
--- a/source/smbd/server.c
+++ b/source/smbd/server.c
@@ -355,10 +355,6 @@ static bool open_sockets_smbd(bool is_daemon, bool
interactive, const char *smb_
struct dns_reg_state * dns_reg = NULL;
unsigned dns_port = 0;
- if (!is_daemon) {
- return open_sockets_inetd();
- }
-
#ifdef HAVE_ATEXIT
{
static int atexit_set;
@@ -369,6 +365,17 @@ static bool open_sockets_smbd(bool is_daemon, bool
interactive, const char *smb_
}
#endif
+ if (!is_daemon) {
+ /*
+ * Stop zombies the old way.
+ * We aren't forking any new
+ * 'normal' connections when
+ * run from [x]inetd.
+ */
+ CatchChild();
+ return open_sockets_inetd();
+ }
+
/* Stop zombies */
CatchSignal(SIGCLD, sig_cld);
@@ -1252,6 +1259,10 @@ extern void build_options(bool screen);
BlockSignals(False, SIGUSR1);
BlockSignals(False, SIGTERM);
+ /* Ensure we leave no zombies until we
+ * correctly set up child handling below. */
+ CatchChild();
+
/* we want total control over the permissions on created files,
so set our umask to 0 */
umask(0);
diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c
index 1b3dff2..160fe71 100644
--- a/source/smbd/trans2.c
+++ b/source/smbd/trans2.c
@@ -4927,7 +4927,7 @@ NTSTATUS smb_set_file_time(connection_struct *conn,
if (setting_write_time) {
/*
- * This was a setfileinfo on an open file.
+ * This was a Windows setfileinfo on an open file.
* NT does this a lot. We also need to
* set the time here, as it can be read by
* FindFirst/FindNext and with the patch for bug #2045
@@ -5997,6 +5997,9 @@ static NTSTATUS smb_set_file_unix_basic(connection_struct
*conn,
NTSTATUS status = NT_STATUS_OK;
bool delete_on_fail = False;
enum perm_type ptype;
+ files_struct *all_fsps = NULL;
+ bool modify_mtime = true;
+ struct file_id id;
if (total_data < 100) {
return NT_STATUS_INVALID_PARAMETER;
@@ -6143,13 +6146,39 @@ size = %.0f, uid = %u, gid = %u, raw perms = 0%o\n",
}
/* Deal with any time changes. */
+ id = vfs_file_id_from_sbuf(conn, psbuf);
+ for(all_fsps = file_find_di_first(id); all_fsps;
+ all_fsps = file_find_di_next(all_fsps)) {
+ /*
+ * We're setting the time explicitly for UNIX.
+ * Cancel any pending changes over all handles.
+ */
+ all_fsps->update_write_time_on_close = false;
+ TALLOC_FREE(all_fsps->update_write_time_event);
+ }
- return smb_set_file_time(conn,
+ /*
+ * Override the "setting_write_time"
+ * parameter here as it almost does what
+ * we need. Just remember if we modified
+ * mtime and send the notify ourselves.
+ */
+ if (null_timespec(ts[1])) {
+ modify_mtime = false;
+ }
+
+ status = smb_set_file_time(conn,
fsp,
fname,
psbuf,
ts,
- true);
+ false);
+
+ if (modify_mtime) {
+ notify_fname(conn, NOTIFY_ACTION_MODIFIED,
+ FILE_NOTIFY_CHANGE_LAST_WRITE, fname);
+ }
+ return status;
}
/****************************************************************************
@@ -6776,16 +6805,20 @@ static void
call_trans2setfilepathinfo(connection_struct *conn,
}
--
Samba Shared Repository
