[SCM] Samba Shared Repository - branch v3-4-stable updated - release-3-4-0-42-gc7449bd
Karolin Seeger
kseeger at samba.org
Mon Aug 24 03:29:46 MDT 2009
The branch, v3-4-stable has been updated
via c7449bd0ae1f60d18816e8a34be7de4fe4394fd5 (commit)
via 355aa0b9b7fdda18ae31085356918383b540c807 (commit)
via 0300ff8bac18a6e6386ec29e0c5392e0f58e69b0 (commit)
via 73103525b0c1e8ba830212f224ffd75b78869534 (commit)
via 25ab2a06392402ba72740205902ec30702110446 (commit)
from 25e378df1869a7ac514124bb699344a1426556b3 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-stable
- Log -----------------------------------------------------------------
commit c7449bd0ae1f60d18816e8a34be7de4fe4394fd5
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon Aug 24 11:28:06 2009 +0200
WHATSNEW: Update changes since 3.4.0.
Karolin
(cherry picked from commit 0911f7137bf37a9a14e6ebff9a0990482a11375b)
commit 355aa0b9b7fdda18ae31085356918383b540c807
Author: Michael Adam <obnox at samba.org>
Date: Fri Aug 21 13:59:16 2009 +0200
s3: fix bug #6650, authentication at member servers when winbindd is not running
Authentication of domain users on the member server fails when winbindd
is not running. This is because the is_trusted_domain() check behaves
differently when winbindd is running and when it isn't:
Since wb_is_trusted_domain() calls wbcDomainInfo(), and this will also
give a result for our own domain, this succeeds for the member
server's own domain when winbindd is running. When winbindd is not
running, is_trusted_domain() checks (and possibly updates) the trustdom
cache, and this does the lsa_EnumTrustDom() rpc call to the DC which
does not return its own domain.
In case of winbindd not running, before 3.4, the domain part was _silently_
mapped to the workgroup in auth_util.c:make_user_info_map(),
which effectively did nothing in the member case.
But then the parameter "map untrusted to domain" was introduced
and the mapping was made to the workstation name instead of
the workgroup name by default unless "map untrusted to domain = yes".
(Commits
d8c54fddda2dba3cbc5fc13e93431b152813892e,
5cd4b7b7c03df6e896186d985b6858a06aa40b3f, and
fbca26923915a70031f561b198cfe2cc0d9c3aa6)
This was ok as long as winbindd was running, but with winbindd not running,
these changes actually uncovered the above logic bug in the check.
So the correct check is to treat the workgroup as trusted / or known
in the member case. This is most easily achieved by not comparing the
domain name against get_global_sam_name() which is the host name unless
for a DC but against my_sam_name() which is the workgroup for a DC and for
a member, too. (These names are not very intuitive...)
I admit that this is a very long commit message for a one-liner, but this has
needed some tracking down, and I think the change deserves some justification.
Michael
(cherry picked from commit 6afb02cb53f47e0fd7e7df3935b067e7e1f8a9de)
(cherry picked from commit d4c82fcb106ba872a9987ae40e0fe2d58b7ef1bb)
commit 0300ff8bac18a6e6386ec29e0c5392e0f58e69b0
Author: Jeremy Allison <jra at samba.org>
Date: Fri Aug 21 12:44:54 2009 +0200
Fix Red Hat bugzilla bug : https://bugzilla.redhat.com/show_bug.cgi?id=516165
nautilus fails to copy files from an SMB share. This is a show-stopper
for 3.4.1. Although gnome-vfs is doing *incredibly* stupid things by asking
for a read size of 65535 - this translates on the wire to a 65534 byte read
followed by a 1 byte read. Please send this back to the gnome developers that
they will ge horrid on the wire performance for this.
Jeremy.
Fixes bug #6649.
Fixed in master with commit 33d27797d3ae9ab3ff7e1aa940941cc450f5ad1d.
(cherry picked from commit ef891070288cd13aff7c730de7c1baf54dddb90f)
commit 73103525b0c1e8ba830212f224ffd75b78869534
Author: Jeremy Allison <jra at samba.org>
Date: Thu Aug 20 11:12:22 2009 -0700
Fix bug 6638 - ADS Domain Member: Computer Mgr can not set share ACLs Add good error message for share modification denial. Jeremy.
(cherry picked from commit ed122f5e9d1e1287eb13efc99e4129492d34abbc)
commit 25ab2a06392402ba72740205902ec30702110446
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jul 29 04:30:52 2009 -0400
Fix unqualified "net join"
Kai, please check!
Fixes bug #6585.
Thanks,
Volker
(cherry picked from commit d8543da9dad3286cd330b98374405edb9f976e77)
(cherry picked from commit bf7d1758a77a462d9b30cc2549a960736884ee32)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 12 +++++++++---
source3/auth/auth_util.c | 2 +-
source3/libsmb/clireadwrite.c | 2 +-
source3/rpc_server/srv_srvsvc_nt.c | 22 +++++++++++++++++++---
source3/utils/net_join.c | 5 +----
5 files changed, 31 insertions(+), 12 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 050d342..923c95d 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,6 +1,6 @@
=============================
Release Notes for Samba 3.4.1
- August 18, 2009
+ August , 2009
=============================
@@ -9,9 +9,9 @@ This is the latest stable release of Samba 3.4.
Major enhancements in Samba 3.4.1 include:
+ o Fix authentication on member servers without Winbind (bug #6650).
+ o Nautilus fails to copy files from an SMB share (bug #6649).
o Fix connections of Win98 clients (bug #6551).
- o SetPrinter fails (panics) as non root (bug #6564).
- o Fix crash bug in spoolss_addprinterex_level_2 (bug #6607).
######################################################################
@@ -22,6 +22,10 @@ Changes since 3.4.0
-------------------
+o Michael Adam <obnox at samba.org>
+ * BUG 6650: Fix authentication on member servers without Winbind.
+
+
o Jeremy Allison <jra at samba.org>
* BUG 6437: Make open_udp_socket() IPv6 clean.
* BUG 6506: Smbd server doesn't set EAs when a file is overwritten in
@@ -29,6 +33,7 @@ o Jeremy Allison <jra at samba.org>
* BUG 6551: Fix connections of Win98 clients.
* BUG 6564: SetPrinter fails (panics) as non root.
* BUG 6593: Correctly implement SMB_INFO_STANDARD setfileinfo.
+ * BUG 6649: Nautilus fails to copy files from an SMB share.
o Yannick Bergeron <burgergold at hotmail.com>
@@ -46,6 +51,7 @@ o Matt Kraai <mkraai at beckman.com>
o Volker Lendecke <vl at samba.org>
+ * BUG 6585: Fix unqualified "net join".
* BUG 6611: Fix a valgrind error in chain_reply.
* Fix linking on Solaris.
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 4a8fc95..b743c12 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -218,7 +218,7 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
* This also deals with the client passing in a "" domain */
if (!is_trusted_domain(domain) &&
- !strequal(domain, get_global_sam_name()) )
+ !strequal(domain, my_sam_name()))
{
if (lp_map_untrusted_to_domain())
domain = my_sam_name();
diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c
index f2f447b..b1064ba 100644
--- a/source3/libsmb/clireadwrite.c
+++ b/source3/libsmb/clireadwrite.c
@@ -185,7 +185,7 @@ NTSTATUS cli_read_andx_recv(struct async_req *req, ssize_t *received,
buf = (uint8_t *)smb_base(cli_req->inbuf) + SVAL(vwv+6, 0);
if (trans_oob(smb_len(cli_req->inbuf), SVAL(vwv+6, 0), size)
- || (buf < bytes)) {
+ || (size && (buf < bytes))) {
DEBUG(5, ("server returned invalid read&x data offset\n"));
return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index 056236f..d8c0ce6 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -1512,6 +1512,9 @@ WERROR _srvsvc_NetShareSetInfo(pipes_struct *p,
|| ( lp_enable_asu_support() && strequal(share_name,"ADMIN$") )
|| strequal(share_name,"global") )
{
+ DEBUG(5,("_srvsvc_NetShareSetInfo: share %s cannot be "
+ "modified by a remote user.\n",
+ share_name ));
return WERR_ACCESS_DENIED;
}
@@ -1529,8 +1532,14 @@ WERROR _srvsvc_NetShareSetInfo(pipes_struct *p,
/* fail out now if you are not root and not a disk op */
- if ( p->server_info->utok.uid != sec_initial_uid() && !is_disk_op )
+ if ( p->server_info->utok.uid != sec_initial_uid() && !is_disk_op ) {
+ DEBUG(2,("_srvsvc_NetShareSetInfo: uid %u doesn't have the "
+ "SeDiskOperatorPrivilege privilege needed to modify "
+ "share %s\n",
+ (unsigned int)p->server_info->utok.uid,
+ share_name ));
return WERR_ACCESS_DENIED;
+ }
switch (r->in.level) {
case 1:
@@ -1597,16 +1606,23 @@ WERROR _srvsvc_NetShareSetInfo(pipes_struct *p,
}
/* We can only modify disk shares. */
- if (type != STYPE_DISKTREE)
+ if (type != STYPE_DISKTREE) {
+ DEBUG(5,("_srvsvc_NetShareSetInfo: share %s is not a "
+ "disk share\n",
+ share_name ));
return WERR_ACCESS_DENIED;
+ }
if (comment == NULL) {
return WERR_NOMEM;
}
/* Check if the pathname is valid. */
- if (!(path = valid_share_pathname(p->mem_ctx, pathname )))
+ if (!(path = valid_share_pathname(p->mem_ctx, pathname ))) {
+ DEBUG(5,("_srvsvc_NetShareSetInfo: invalid pathname %s\n",
+ pathname ));
return WERR_OBJECT_PATH_INVALID;
+ }
/* Ensure share name, pathname and comment don't contain '"' characters. */
string_replace(share_name, '"', ' ');
diff --git a/source3/utils/net_join.c b/source3/utils/net_join.c
index 98188aa..8d4d8c3 100644
--- a/source3/utils/net_join.c
+++ b/source3/utils/net_join.c
@@ -34,10 +34,7 @@ int net_join_usage(struct net_context *c, int argc, const char **argv)
int net_join(struct net_context *c, int argc, const char **argv)
{
- if (argc < 1)
- return net_join_usage(c, argc, argv);
-
- if (StrCaseCmp(argv[0], "HELP") == 0) {
+ if ((argc > 0) && (StrCaseCmp(argv[0], "HELP") == 0)) {
net_join_usage(c, argc, argv);
return 0;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list