[SCM] Samba Shared Repository - branch v3-2-stable updated - release-3-2-13-21-ga50a4d4
Karolin Seeger
kseeger at samba.org
Mon Aug 10 10:07:38 MDT 2009
The branch, v3-2-stable has been updated
via a50a4d48d8174b2e02daeef508d36f08a1bbe32a (commit)
via 6d43789468bc9bfa679f71e5c8ab449f6a70ae4e (commit)
via 0ffb342d68b2899cc0b59b2f61453ebeeeffb214 (commit)
via 724016d4a670e7cbbc2c127f9166fb8a6affcbb1 (commit)
via 59bae47f7953651cf4b46b23d06caf654b306153 (commit)
via 9491844b980e264dc19daaa378ddddfe4daaaacf (commit)
via 007e41bbae99a285deffd1674b33f85112aebaa0 (commit)
via 96c6cced2ff4b4f42687f3c93b68c89a3e19271d (commit)
via 6a6c30823601bd65718aa6ed4df5c2709ef64c7f (commit)
via b231c124f406308abcd58400de07ab7eabf5a4d7 (commit)
via 3da8fe95122a2742480acd93ffbdcd5635d7b23f (commit)
via 27d6d14a4b14fed91577345e7b5bcfc4f7f1fea6 (commit)
via 7bb9534dd94cb34eb51dc3a46435503feddeb0a9 (commit)
via dc70a2b87959bb3b808ea288fdce6447a04ccfa0 (commit)
via 559d9bd0363f4fb1f7e814e32fd024695adfcfb4 (commit)
via 48cb3172de395edd3be00d5b18d51cd7a06a4ba2 (commit)
via e4ad8b5084ed8cc17c285f88e7e92617e9906e5f (commit)
via 2117a158d40425f4e167794181057a9a49d53ea8 (commit)
via 099d2302c981ba51353898ad43a2539d06cf1e9f (commit)
via 4c1aa6fd2f84dd895717c0b22cac6348e312e1d9 (commit)
via 3e1e09b05f2f629c84ab2287ff324e5b50730681 (commit)
from fcb091407ba003db807964f27a2b7cecc70896c7 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable
- Log -----------------------------------------------------------------
commit a50a4d48d8174b2e02daeef508d36f08a1bbe32a
Author: Günther Deschner <gd at samba.org>
Date: Wed May 13 15:17:46 2009 +0200
s3-net: Fix bug 6340: don't segfault when cleartext trustdom pwd could not be retrieved.
Guenther
(cherry picked from commit 1fb3ee26df3271dca802df07e20ea5b30da660e4)
commit 6d43789468bc9bfa679f71e5c8ab449f6a70ae4e
Author: Jeremy Allison <jra at samba.org>
Date: Fri Jun 19 10:10:13 2009 +0200
Fix bug #6487: Missing DFS call in trans2 mkdir call. (cherry picked from commit 1a0005e1c508cf3b170d1c7e43b94a47b2820506)
(cherry picked from commit 133cdb46be154eeceb080fa9db88a38d9f87c919)
(cherry picked from commit 1acc2a976a9ede216d2ad4bb241c3f3babef2637)
commit 0ffb342d68b2899cc0b59b2f61453ebeeeffb214
Author: Jeremy Allison <jra at samba.org>
Date: Thu Jun 18 11:53:52 2009 +0200
Fix bug #6476 - more then 3000 smbd-zombies in memory
We weren't reaping children in the [x]inetd case.
Jeremy.
(cherry picked from commit 7e51314f2e18241876b049642fcb133df7e44c70)
(cherry picked from commit a0626827c820cad082001ab76f1f7e37f1a7307b)
commit 724016d4a670e7cbbc2c127f9166fb8a6affcbb1
Author: Jeremy Allison <jra at samba.org>
Date: Sat May 30 13:28:03 2009 -0700
Fix bug #6421 - POSIX read-only open fails on read-only shares. The change to smbd/trans2.c opens up SETFILEINFO calls to POSIX_OPEN only. The change to first smbd/open.c closes 2 holes that would have been exposed by allowing POSIX_OPENS on readonly shares, and their ability to set arbitrary flags permutations. The O_CREAT -> O_CREAT|O_EXCL change removes an illegal combination (O_EXCL without O_CREAT) that previously was being passed down to the open syscall. Jeremy.
(cherry picked from commit 79f26472b4ae561ec00c30f31dd63ccab6dfc0c4)
(cherry picked from commit fedc34b47664439b0d066c087d9bfa5a34c81fff)
commit 59bae47f7953651cf4b46b23d06caf654b306153
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 16 11:51:11 2009 +0200
s3/lanman: Workaround for KB932762.
This addresses bug #6498.
(cherry picked from commit a702dea5a86f22e0b7857b67447152a06b3bbea2)
(cherry picked from commit aa769edfcef6937927201f765509c10b60764817)
(cherry picked from commit 471f905f788209d0e76ca2d327d30f830ce4648c)
commit 9491844b980e264dc19daaa378ddddfe4daaaacf
Author: Günther Deschner <gd at samba.org>
Date: Mon May 11 18:27:40 2009 +0200
s3-lsa: Fix _lsa_LookupNames2() server implementation which always returned a NULL sid_array since 3.2.0.
Found by torture test.
This makes it possible to search for users while adding them to groups via
windows usermanager.
Fixes bug #6484.
Guenther
(cherry picked from commit 0cfe59f1b580371f445b50151ceae5aef02bf0c4)
(cherry picked from commit b653d1b1186e1c43f1ad0a64d19ee2fc015594a6)
commit 007e41bbae99a285deffd1674b33f85112aebaa0
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed Jun 17 10:38:40 2009 +0200
s3/libsmb: Fix typo in error message.
Thanks to Herb Lewis <hlewis [at] panasas.com> for noticing!
Was commit 095f66b0 in master.
Karolin
(cherry picked from commit 0839aeb2c583272b041c5a3ebe762c33bc8245f4)
commit 96c6cced2ff4b4f42687f3c93b68c89a3e19271d
Author: Karolin Seeger <kseeger at samba.org>
Date: Fri Jun 19 15:23:22 2009 +0200
s3/docs: Fix typo.
This fixes bug #6412.
Thanks to Carsten Dumke <carsten [at] cdumke.de> for reporting!
Karolin
(cherry picked from commit 4ad43a21344b43f1c9fe459165098bcab1695711)
(cherry picked from commit 84750d556d0a42b5d8b134308311e2cb9a533b58)
(cherry picked from commit 304c25a518aba988c3d36e78f6a8416a340b3b33)
(cherry picked from commit df9c7dba85859bdafb7265b24275ed3ac6d4957d)
commit 6a6c30823601bd65718aa6ed4df5c2709ef64c7f
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed Jun 17 15:19:20 2009 +0200
s3/packaging: pam_winbind has been moved to section 8.
Karolin
(cherry picked from commit 13494c0f8f9459c51b520a7cf60790e9e2f475b4)
(cherry picked from commit 3c44cd7a10948454fea58f521164fdbe7e20d959)
(cherry picked from commit 1457541f35d50b58b3e322ae69092190634a236d)
commit b231c124f406308abcd58400de07ab7eabf5a4d7
Author: Karolin Seeger <kseeger at samba.org>
Date: Thu Jun 18 09:32:10 2009 +0200
s3/docs: Add documentation for 'net sam rights'.
This is part of a fix for bug #6328.
Karolin
(cherry picked from commit a5a31512de9d9b9ed7eed906487dd154fde7e483)
(cherry picked from commit 8fdb612155e36980249b7dd0daf5c57fb4d80f8c)
commit 3da8fe95122a2742480acd93ffbdcd5635d7b23f
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon Aug 10 17:45:52 2009 +0200
WHATSNEW: Start WHATSNEW for 3.2.14.
Karolin
(cherry picked from commit 32fdc5cef5c7aaea61228037f8c417369328e4d4)
commit 27d6d14a4b14fed91577345e7b5bcfc4f7f1fea6
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon Aug 10 16:37:14 2009 +0200
VERSION: Raise version up to 3.2.14.
Karolin
(cherry picked from commit 623a625ebe701d67b0547152e186721c7aa6d6e7)
commit 7bb9534dd94cb34eb51dc3a46435503feddeb0a9
Author: Karolin Seeger <kseeger at samba.org>
Date: Thu Aug 6 10:06:29 2009 +0200
s3/smbldap: Fix typo in debug message.
Karolin
(cherry picked from commit 54dffbea663ecf4542d6c5e30da6e346d5d60424)
(cherry picked from commit 2538df1ea3229ea6d8242b5ae6fdd3d453395609)
(cherry picked from commit 85f3b70d4aca641339b86f71b551156fa9aa27cb)
commit dc70a2b87959bb3b808ea288fdce6447a04ccfa0
Author: Jeremy Allison <jra at samba.org>
Date: Mon May 18 14:26:37 2009 -0700
Fix SAMR server for winbindd access. Ensure we allow MAX_ACCESS to be mapped to what we're giving Everyone. Jeremy.
Fixes bug #6504.
(cherry picked from commit 4e854cb52cfb4f3c25c92324c6e7505f1c8290b3)
(cherry picked from commit eb1c74737e5d40ae85102613a4dfcd89a3235feb)
commit 559d9bd0363f4fb1f7e814e32fd024695adfcfb4
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon Aug 3 10:19:45 2009 +0200
s3/docs: Fix typos.
Thanks to OPC oota <t-oota at dh.jp.nec.com> for reporting!
Karolin
(cherry picked from commit 7ee7ec3fdba2ef6a6cc3e1f96a5d2154290cdb18)
(cherry picked from commit c94d3183a8e4c7e03c0dd2771cb7b9f4665198ce)
(cherry picked from commit 1310ba934b87b804f435cef2c21e6e65590e4a83)
(cherry picked from commit 0c75e4da04b27df3c079c22676b5fbf05521d93f)
commit 48cb3172de395edd3be00d5b18d51cd7a06a4ba2
Author: Bo Yang <boyang at samba.org>
Date: Sat Jul 18 13:15:36 2009 +0800
handling upn name
lookupname failed, cannot find domain when attempt
to change password.
This addresses bug #6560.
Signed-off-by: Bo Yang <boyang at samba.org>
(cherry picked from commit 87b52c1b2062fc8e23c6d3cf630eac5cb9fbaecf)
commit e4ad8b5084ed8cc17c285f88e7e92617e9906e5f
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jun 30 16:03:11 2009 +0200
s3:util: let parent_dirname() correctly return toplevel filenames
metze
(cherry picked from commit a14efbadd53ac9678d75e6029f947d63cfa0c4e5)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
This addresses bug #6526.
(cherry picked from commit 92bb02adbc808ed3180ab66b45fb717c9dad03b4)
commit 2117a158d40425f4e167794181057a9a49d53ea8
Author: Jeremy Allison <jra at samba.org>
Date: Thu Jul 2 08:37:59 2009 +0200
Fix bug #6520 time stamps.
E.g. last mod time is not preserved when "unix extensions=yes" are set - and u
Cancel out any pending "sticky" writes or "last write" changes when
doing a UNIX info level set.
Jeremy.
(cherry picked from commit 5b03af33ad45368bea7cf6cabc91f62e2503de99)
(cherry picked from commit 00aaf9a46a202d7cd0a8cd3b8e2f9d95238a761a)
commit 099d2302c981ba51353898ad43a2539d06cf1e9f
Author: Matt Kraai <mkraai at beckman.com>
Date: Wed Jul 1 08:18:11 2009 +0200
s3/docs: Fix typo.
This fixes bug #6519.
(cherry picked from commit 4fb1f8e8fe46b3e77c06612ac3fc3d67cf650a11)
(cherry picked from commit 39bfcc5d50892ad0c387f0ca3932e961e77fdc39)
(cherry picked from commit 408cc7ec9f4119aa9a768474152a83ef796309a9)
(cherry picked from commit 8fe47789306605c174a800e549991027b9203f4c)
commit 4c1aa6fd2f84dd895717c0b22cac6348e312e1d9
Author: Jim McDonough <jmcd at samba.org>
Date: Mon Jun 29 10:06:14 2009 -0400
Don't require "Modify property" perms to unjoin (bug #6481) "net ads leave" stopped working when "modify properties" permissions were not granted (meaning you had to be allowed to disable the account that you were about to delete).
Libnetapi should not delete machine accounts, as this does not
happen on win32. The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag
really means "disable" (both in practice and docs).
However, to keep the functionality in "net ads leave", we
will still try to do the delete. If this fails, we try
to do the disable.
Additionally, it is possible in windows to not disable or
delete the account, but just tell the local machine that it
is no longer in the account. libnet can now do this as well.
Don't use ads realm name for non-ads case. #6481
Also check that the connection to ads worked.
(cherry picked from commit 880d1a3f83a0834225d5a7c0f179c236b0e59ef8)
commit 3e1e09b05f2f629c84ab2287ff324e5b50730681
Author: Günther Deschner <gd at samba.org>
Date: Mon Jun 29 15:48:16 2009 +0200
s3-test: add RPC-SAMR-MACHINE-AUTH to list of tests to run against s3.
Guenther
(cherry picked from commit db7c5d175ba2d733df445f7d0dc570a79a417f49)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 126 +++++++++++++++++++-
docs-xml/Samba3-HOWTO/TOSHARG-ChangeNotes.xml | 4 +-
docs-xml/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml | 2 +-
docs-xml/manpages-3/net.8.xml | 27 ++++
.../smbdotconf/security/checkpasswordscript.xml | 2 +-
packaging/RHEL/samba.spec.tmpl | 2 +-
source/VERSION | 2 +-
source/lib/netapi/joindomain.c | 1 +
source/lib/smbldap.c | 2 +-
source/lib/util.c | 2 +-
source/libnet/libnet_join.c | 61 +++++++---
source/librpc/gen_ndr/libnet_join.h | 1 +
source/librpc/gen_ndr/ndr_libnet_join.c | 1 +
source/librpc/idl/libnet_join.idl | 1 +
source/libsmb/passchange.c | 2 +-
source/nsswitch/pam_winbind.c | 17 +++-
source/rpc_server/srv_lsa_nt.c | 1 +
source/rpc_server/srv_samr_nt.c | 4 +-
source/script/tests/test_posix_s3.sh | 2 +
source/smbd/lanman.c | 1 +
source/smbd/open.c | 6 +-
source/smbd/server.c | 19 +++-
source/smbd/trans2.c | 64 +++++++++--
source/utils/net_ads.c | 11 ++-
source/utils/net_rpc.c | 2 +-
source/winbindd/winbindd_sid.c | 4 +
source/winbindd/winbindd_util.c | 3 +-
27 files changed, 317 insertions(+), 53 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 8b34c13..41ccffe 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,126 @@
==============================
+ Release Notes for Samba 3.2.14
+ August 10, 2009
+ ==============================
+
+
+This is a maintenance release of the Samba 3.2 series.
+
+Major enhancements in 3.2.14 include:
+
+ o Fix SAMR access checks (e.g. bugs #6089 and #6112).
+ o Fix 'force user' (bug #6291).
+ o Improve Win7 support (bug #6099).
+ o Fix posix ACLs when setting an ACL without explicit ACE for the
+ owner (bug #2346).
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.2.13
+--------------------
+
+
+o Michael Adam <obnox at samba.org>
+ * Prevent creation of keys containing the '/' character.
+
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 6089: Fix SAMR access checks.
+ * BUG 6112: Fix SAMR access checks.
+ * BUG 6279: Fix Winbind crash.
+ * BUG 6291: Fix 'force user'.
+ * BUG 6099: Try to fix domain join of Win7 Beta.
+ * BUG 6386: Groupdb mapping fix.
+ * BUG 6421: Fix POSIX read-only open on read-only shares.
+ * BUG 6476: Fix more smbd-zombies in memory.
+ * BUG 6488: acl_group_override() call in posix acls references an
+ uninitialized variable.
+ * BUG 6504: Fix SAMR server for Winbind access.
+ * BUG 6520: Fix time stamps.
+ * Fix join of Windows 7 RC to a Samba3 DC.
+ * Fix bug in processing of open modes in POSIX open.
+
+
+o Günther Deschner <gd at samba.org>
+ * BUG 6301: Fix samr_ConnectVersion enum which is 32bit not 16bit.
+ * BUG 6340: Don't segfault when cleartext trustdom pwd could not be
+ retrieved.
+ * BUG 6372: Fix usermanager only displaying 1024 groups and aliases.
+ * BUG 6465: Fix enum_aliasmem in ldb branch.
+ * BUG 6484: Fix searching for users while adding them to groups via
+ Windows usermanager.
+ * Fix the negotiate flags.
+ * Protect netlogon_creds_server_step() against NULL creds.
+
+
+o Björn Jacke <bj at sernet.de>
+ * Also handle DirX return codes.
+
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 2346: Fix posix ACLs when setting an ACL without explicit ACE for the
+ owner.
+ * BUG 6526: Let parent_dirname() correctly return toplevel filenames.
+ * Fix a crash bug if we timeout in net rpc trustdom list.
+ * Add '--request-timeout' option to 'net'.
+
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 5798: Preserve CFLAGS info in configure.
+ * BUG 6382: Case insensitive access to DFS links broken.
+ * Fix a race condition in Winbind leading to a panic.
+ * Add workaround for MS KB932762.
+
+
+o Jim McDonough <jmcd at samba.org>
+ * BUG 6481: Don't require "Modify property" perms to unjoin.
+
+
+o Sébastien Prud'homme <sebastien.prudhomme at gmail.com>
+ * 5945: Fix out of memory error with Winbind idmap.
+
+
+o Simo Sorce <ssorce at redhat.com>
+ * Avoid duplicate ACEs.
+ * Fix profile ACLs in some corner cases.
+
+
+o Marc VanHeyningen <marc.vanheyningen at isilon.com>
+ * Zero an uninitialized array.
+
+
+o Bo Yang <boyang at samba.org>
+ * BUG 6560: Lookupname failed, cannot find domain when attempt
+ to change password.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.2 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ ==============================
Release Notes for Samba 3.2.13
June 23, 2009
==============================
@@ -51,8 +173,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
==============================
Release Notes for Samba 3.2.12
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-ChangeNotes.xml b/docs-xml/Samba3-HOWTO/TOSHARG-ChangeNotes.xml
index 6c2af32..29bdf40 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-ChangeNotes.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-ChangeNotes.xml
@@ -107,7 +107,7 @@ An example helps to illustrate the change:
<indexterm><primary>ACL</primary></indexterm>
<indexterm><primary>SID</primary></indexterm>
Assume that a group named <emphasis>developers</emphasis> exists with a UNIX GID of 782. In this
-case this user does not exist in Samba's group mapping table. It would be perfectly normal for
+case this group does not exist in Samba's group mapping table. It would be perfectly normal for
this group to be appear in an ACL editor. Prior to Samba-3.0.23, the group SID might appear as
<literal>S-1-5-21-647511796-4126122067-3123570092-2565</literal>.
</para>
@@ -188,7 +188,7 @@ and UNIX</link>.
<indexterm><primary>GID</primary></indexterm>
<indexterm><primary>SQL</primary></indexterm>
<indexterm><primary>XML</primary></indexterm>
-The <smbconfoption name="passdb backend"/> parameter no long accepts multiple passdb backends in a
+The <smbconfoption name="passdb backend"/> parameter no longer accepts multiple passdb backends in a
chained configuration. Also be aware that the SQL and XML based passdb modules have been
removed in the Samba-3.0.23 release. More information regarding external support for a SQL
passdb module can be found on the <ulink url="http://pdbsql.sourceforge.net/">pdbsql</ulink> web site.
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml b/docs-xml/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml
index aa879ae..f3fb688 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml
@@ -88,7 +88,7 @@ See <link linkend="pdbeditthing">The <emphasis>pdbedit</emphasis> Command</link>
</sect1>
<sect1>
-<title>New Featuers in Samba-3.x Series</title>
+<title>New Features in Samba-3.x Series</title>
<para>
</para>
diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml
index 3db3533..652975e 100644
--- a/docs-xml/manpages-3/net.8.xml
+++ b/docs-xml/manpages-3/net.8.xml
@@ -1043,6 +1043,33 @@ the rid and description is also provided for each account.
</refsect2>
<refsect2>
+<title>SAM RIGHTS LIST</title>
+
+<para>
+List all available privileges.
+</para>
+
+</refsect2>
+
+<refsect2>
+<title>SAM RIGHTS GRANT <NAME> <PRIVILEGE></title>
+
+<para>
+Grant a certain privilege to a user.
+</para>
+
+</refsect2>
+
+<refsect2>
+<title>SAM RIGHTS REVOKE <NAME> <PRIVILEGE></title>
+
+<para>
+Revoke a certain privilege from a user.
+</para>
+
+</refsect2>
+
+<refsect2>
<title>SAM SHOW <NAME></title>
<para>
diff --git a/docs-xml/smbdotconf/security/checkpasswordscript.xml b/docs-xml/smbdotconf/security/checkpasswordscript.xml
index 152632c..1344997 100644
--- a/docs-xml/smbdotconf/security/checkpasswordscript.xml
+++ b/docs-xml/smbdotconf/security/checkpasswordscript.xml
@@ -18,5 +18,5 @@
</description>
<value type="default">Disabled</value>
-<value type="example">check password script = /usr/local/sbin/crackcheck</value>
+<value type="example">/usr/local/sbin/crackcheck</value>
</samba:parameter>
diff --git a/packaging/RHEL/samba.spec.tmpl b/packaging/RHEL/samba.spec.tmpl
index 2bcb8dc..0573bd9 100644
--- a/packaging/RHEL/samba.spec.tmpl
+++ b/packaging/RHEL/samba.spec.tmpl
@@ -483,7 +483,7 @@ fi
%{_mandir}/man5/lmhosts.5*
%{_mandir}/man8/smbpasswd.8*
%{_mandir}/man7/libsmbclient.7*
-%{_mandir}/man7/pam_winbind.7*
+%{_mandir}/man8/pam_winbind.8*
%{_mandir}/man1/ldbadd.1*
%{_mandir}/man1/ldbdel.1*
diff --git a/source/VERSION b/source/VERSION
index 4b857ad..4787b52 100644
--- a/source/VERSION
+++ b/source/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=3
SAMBA_VERSION_MINOR=2
-SAMBA_VERSION_RELEASE=13
+SAMBA_VERSION_RELEASE=14
########################################################
# Bug fix releases use a letter for the patch revision #
diff --git a/source/lib/netapi/joindomain.c b/source/lib/netapi/joindomain.c
index 66f7cfb..c204a80 100644
--- a/source/lib/netapi/joindomain.c
+++ b/source/lib/netapi/joindomain.c
@@ -209,6 +209,7 @@ WERROR NetUnjoinDomain_l(struct libnetapi_ctx *mem_ctx,
u->in.domain_name = domain;
u->in.unjoin_flags = r->in.unjoin_flags;
+ u->in.delete_machine_account = false;
u->in.modify_config = true;
u->in.debug = true;
diff --git a/source/lib/smbldap.c b/source/lib/smbldap.c
index 315b1e3..9189627 100644
--- a/source/lib/smbldap.c
+++ b/source/lib/smbldap.c
@@ -1348,7 +1348,7 @@ int smbldap_search_paged(struct smbldap_state *ldap_state,
goto done;
}
- DEBUG(3,("smbldap_search_paged: search was successfull\n"));
+ DEBUG(3,("smbldap_search_paged: search was successful\n"));
rc = ldap_parse_result(ldap_state->ldap_struct, *res, NULL, NULL,
NULL, NULL, &rcontrols, 0);
diff --git a/source/lib/util.c b/source/lib/util.c
index 002c14a..e3a346b 100644
--- a/source/lib/util.c
+++ b/source/lib/util.c
@@ -2669,7 +2669,7 @@ bool parent_dirname_talloc(TALLOC_CTX *mem_ctx, const char *dir,
return False;
}
if (name) {
- *name = "";
+ *name = dir;
}
return True;
}
diff --git a/source/libnet/libnet_join.c b/source/libnet/libnet_join.c
index c13ac9b..face9d3 100644
--- a/source/libnet/libnet_join.c
+++ b/source/libnet/libnet_join.c
@@ -1835,6 +1835,12 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx,
W_ERROR_HAVE_NO_MEMORY(r->in.domain_sid);
}
+ if (!(r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE) &&
+ !r->in.delete_machine_account) {
+ libnet_join_unjoindomain_remove_secrets(mem_ctx, r);
+ return WERR_OK;
+ }
+
if (!r->in.dc_name) {
struct netr_DsRGetDCNameInfo *info;
const char *dc;
@@ -1860,38 +1866,55 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx,
W_ERROR_HAVE_NO_MEMORY(r->in.dc_name);
}
- status = libnet_join_unjoindomain_rpc(mem_ctx, r);
- if (!NT_STATUS_IS_OK(status)) {
- libnet_unjoin_set_error_string(mem_ctx, r,
- "failed to disable machine account via rpc: %s",
- get_friendly_nt_error_msg(status));
- if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
- return WERR_SETUP_NOT_JOINED;
- }
- return ntstatus_to_werror(status);
- }
-
- r->out.disabled_machine_account = true;
-
#ifdef WITH_ADS
- if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE) {
+ /* for net ads leave, try to delete the account. If it works,
+ no sense in disabling. If it fails, we can still try to
+ disable it. jmcd */
+
+ if (r->in.delete_machine_account) {
ADS_STATUS ads_status;
- libnet_unjoin_connect_ads(mem_ctx, r);
- ads_status = libnet_unjoin_remove_machine_acct(mem_ctx, r);
+ ads_status = libnet_unjoin_connect_ads(mem_ctx, r);
+ if (ADS_ERR_OK(ads_status)) {
+ /* dirty hack */
+ r->out.dns_domain_name =
+ talloc_strdup(mem_ctx,
+ r->in.ads->server.realm);
+ ads_status =
+ libnet_unjoin_remove_machine_acct(mem_ctx, r);
+ }
if (!ADS_ERR_OK(ads_status)) {
libnet_unjoin_set_error_string(mem_ctx, r,
"failed to remove machine account from AD: %s",
ads_errstr(ads_status));
} else {
r->out.deleted_machine_account = true;
- /* dirty hack */
- r->out.dns_domain_name = talloc_strdup(mem_ctx,
- r->in.ads->server.realm);
W_ERROR_HAVE_NO_MEMORY(r->out.dns_domain_name);
+ libnet_join_unjoindomain_remove_secrets(mem_ctx, r);
+ return WERR_OK;
}
}
#endif /* WITH_ADS */
+ /* The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag really means
+ "disable". */
+ if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE) {
+ status = libnet_join_unjoindomain_rpc(mem_ctx, r);
+ if (!NT_STATUS_IS_OK(status)) {
+ libnet_unjoin_set_error_string(mem_ctx, r,
+ "failed to disable machine account via rpc: %s",
+ get_friendly_nt_error_msg(status));
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
+ return WERR_SETUP_NOT_JOINED;
+ }
+ return ntstatus_to_werror(status);
+ }
+
+ r->out.disabled_machine_account = true;
+ }
+
+ /* If disable succeeded or was not requested at all, we
+ should be getting rid of our end of things */
+
libnet_join_unjoindomain_remove_secrets(mem_ctx, r);
return WERR_OK;
diff --git a/source/librpc/gen_ndr/libnet_join.h b/source/librpc/gen_ndr/libnet_join.h
index e5ec438..0de7132 100644
--- a/source/librpc/gen_ndr/libnet_join.h
+++ b/source/librpc/gen_ndr/libnet_join.h
@@ -56,6 +56,7 @@ struct libnet_UnjoinCtx {
const char * admin_password;
const char * machine_password;
uint32_t unjoin_flags;
+ uint8_t delete_machine_account;
uint8_t modify_config;
struct dom_sid *domain_sid;/* [ref] */
struct ads_struct *ads;/* [ref] */
diff --git a/source/librpc/gen_ndr/ndr_libnet_join.c b/source/librpc/gen_ndr/ndr_libnet_join.c
index 753859f..a550cd6 100644
--- a/source/librpc/gen_ndr/ndr_libnet_join.c
+++ b/source/librpc/gen_ndr/ndr_libnet_join.c
@@ -87,6 +87,7 @@ _PUBLIC_ void ndr_print_libnet_UnjoinCtx(struct ndr_print *ndr, const char *name
ndr_print_ptr(ndr, "machine_password", r->in.machine_password);
#endif
ndr_print_wkssvc_joinflags(ndr, "unjoin_flags", r->in.unjoin_flags);
+ ndr_print_uint8(ndr, "delete_machine_account", r->in.delete_machine_account);
ndr_print_uint8(ndr, "modify_config", r->in.modify_config);
ndr_print_ptr(ndr, "domain_sid", r->in.domain_sid);
ndr->depth++;
diff --git a/source/librpc/idl/libnet_join.idl b/source/librpc/idl/libnet_join.idl
index 7f6e346..93b1f09 100644
--- a/source/librpc/idl/libnet_join.idl
+++ b/source/librpc/idl/libnet_join.idl
@@ -51,6 +51,7 @@ interface libnetjoin
[in] string admin_password,
[in] string machine_password,
[in] wkssvc_joinflags unjoin_flags,
+ [in] boolean8 delete_machine_account,
[in] boolean8 modify_config,
[in] dom_sid *domain_sid,
[in] ads_struct *ads,
diff --git a/source/libsmb/passchange.c b/source/libsmb/passchange.c
index 468750f..8e01eeb 100644
--- a/source/libsmb/passchange.c
+++ b/source/libsmb/passchange.c
@@ -169,7 +169,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
} else {
asprintf(err_str, "SAMR connection to machine %s "
"failed. Error was %s, but LANMAN password "
- "changed are disabled\n",
+ "changes are disabled\n",
nt_errstr(result), remote_machine);
result = cli_nt_error(cli);
cli_shutdown(cli);
diff --git a/source/nsswitch/pam_winbind.c b/source/nsswitch/pam_winbind.c
index ad063c3..a816572 100644
--- a/source/nsswitch/pam_winbind.c
+++ b/source/nsswitch/pam_winbind.c
@@ -1910,6 +1910,9 @@ static char* winbind_upn_to_username(struct pwb_context *ctx,
char *account_name;
int account_name_len;
char sep;
+ char *p;
+ char *name;
+ char *domain;
/* This cannot work when the winbind separator = @ */
@@ -1918,14 +1921,23 @@ static char* winbind_upn_to_username(struct pwb_context *ctx,
return NULL;
}
+ name = strdup(upn);
+ if (!name) {
+ return NULL;
+ }
+ if ((p = strchr(name, '@')) != NULL) {
+ *p = 0;
+ domain = p + 1;
+ }
+
/* Convert the UPN to a SID */
ZERO_STRUCT(req);
ZERO_STRUCT(resp);
- strncpy(req.data.name.dom_name, "",
+ strncpy(req.data.name.dom_name, domain,
sizeof(req.data.name.dom_name) - 1);
- strncpy(req.data.name.name, upn,
+ strncpy(req.data.name.name, name,
sizeof(req.data.name.name) - 1);
retval = pam_winbind_request_log(ctx, WINBINDD_LOOKUPNAME,
&req, &resp, upn);
@@ -1947,6 +1959,7 @@ static char* winbind_upn_to_username(struct pwb_context *ctx,
account_name_len = asprintf(&account_name, "%s\\%s",
resp.data.name.dom_name,
resp.data.name.name);
+ SAFE_FREE(name);
return account_name;
}
diff --git a/source/rpc_server/srv_lsa_nt.c b/source/rpc_server/srv_lsa_nt.c
index 697cc52..cf883bb 100644
--- a/source/rpc_server/srv_lsa_nt.c
+++ b/source/rpc_server/srv_lsa_nt.c
@@ -1092,6 +1092,7 @@ NTSTATUS _lsa_LookupNames2(pipes_struct *p,
status = _lsa_LookupNames(p, &q);
+ sid_array2->count = sid_array->count;
sid_array2->sids = TALLOC_ARRAY(p->mem_ctx, struct lsa_TranslatedSid2, sid_array->count);
if (!sid_array2->sids) {
return NT_STATUS_NO_MEMORY;
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index 47aa1e9..92a198d 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -260,8 +260,8 @@ static void map_max_allowed_access(const NT_USER_TOKEN *token,
}
*pacc_requested &= ~MAXIMUM_ALLOWED_ACCESS;
- /* At least try for generic read. */
--
Samba Shared Repository
More information about the samba-cvs
mailing list