[SCM] Samba Shared Repository - branch v3-4-stable updated -
release-3-4-0pre1-255-g533457a
Karolin Seeger
kseeger at samba.org
Tue Jun 2 06:44:39 GMT 2009
The branch, v3-4-stable has been updated
via 533457a3a8cbabcc84af89a905c2513852a409b5 (commit)
via c840e6151842b35b8f5ba0946d3dec479f32cb43 (commit)
via 9c4caffc7d64bac3cb2ac5c384ae92c9802327ee (commit)
via 84a29259c04f192a3f989b5339ead71eda767136 (commit)
via 838f852ce4d8a88cfafeddf841342692ef7e21a9 (commit)
via 1ca97c39de40f607cdc572551353e2960e90de6e (commit)
via 315ceca4930a380b05b9e9e10348fb698a7116f8 (commit)
via e7ce761c3f9c7873fbf636c5d5a5a3498e065770 (commit)
via e1499290f7fe20e6d2b966dbe2e03411c90348c4 (commit)
via f5288a78b8d1c7118a3d73c65dbcf915cc857c0e (commit)
from f53577bc5588dc07ef31ec3e615dcc3bb7449b5a (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-stable
- Log -----------------------------------------------------------------
commit 533457a3a8cbabcc84af89a905c2513852a409b5
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Jun 2 08:21:04 2009 +0200
s3/WHATSNEW: Mention new passdb backend default.
Karolin
(cherry picked from commit b1f7b6ebb9ea1ac53a83eca734e271e0a7137d0b)
commit c840e6151842b35b8f5ba0946d3dec479f32cb43
Author: Jeremy Allison <jra at samba.org>
Date: Mon Jun 1 14:36:34 2009 -0700
Fix bug #6419 - smbclient -L 127.0.0.1" displays "netbios name" instead of "workgroup"
Unify the handling of the sessionsetup parsing so we don't get different
results when parsing a guest reply than an ntlmssp reply.
Jeremy.
(cherry picked from commit 736c4dddef28d53b55e58a6f62784f068e88dc01)
commit 9c4caffc7d64bac3cb2ac5c384ae92c9802327ee
Author: Björn Jacke <bj at sernet.de>
Date: Wed May 27 12:01:21 2009 +0200
s3: update manpage as to the new passdb backend default
(cherry picked from commit 83613fd2fa6d4c6e7d9eb9bdb60aac31a37bbcaf)
commit 84a29259c04f192a3f989b5339ead71eda767136
Author: Björn Jacke <bj at sernet.de>
Date: Mon May 25 14:55:04 2009 +0200
s3: make passdb backend defaults to tdbsam
(cherry picked from commit f15af8bf2def12eedd967b6e0e411f690be2f804)
commit 838f852ce4d8a88cfafeddf841342692ef7e21a9
Author: Jeremy Allison <jra at samba.org>
Date: Sat May 30 13:28:03 2009 -0700
Fix bug #6421 - POSIX read-only open fails on read-only shares.
The change to smbd/trans2.c opens up
SETFILEINFO calls to POSIX_OPEN only. The change to first smbd/open.c closes 2
holes that would have been exposed by allowing POSIX_OPENS on readonly shares,
and their ability to set arbitrary flags permutations. The O_CREAT ->
O_CREAT|O_EXCL change removes an illegal combination (O_EXCL without O_CREAT)
that previously was being passed down to the open syscall.
Jeremy.
(cherry picked from commit d49ae9c87d182f32702a0b6a1cc2a2038f31d81d)
commit 1ca97c39de40f607cdc572551353e2960e90de6e
Author: Jeremy Allison <jra at samba.org>
Date: Sat May 30 11:30:16 2009 +0200
Simplify the dropbox patch
(cherry picked from commit 0d32230c17dbfa5e790d2023ba655f109938ef28)
commit 315ceca4930a380b05b9e9e10348fb698a7116f8
Author: Volker Lendecke <vl at samba.org>
Date: Wed May 13 15:46:35 2009 +0200
Re-Add the "dropbox" functionality with -wx rights on a directory
(cherry picked from commit 78aecba62195822f3edb6134548657cf7ba9037c)
commit e7ce761c3f9c7873fbf636c5d5a5a3498e065770
Author: Günther Deschner <gd at samba.org>
Date: Fri May 29 13:15:27 2009 +0200
s3-netlogon: Fix _netr_LogonSamLogon{Ex} with validation level != 3.
Guenther
(cherry picked from commit 90b38906541de554e3964d96ed83a7c71b5ea05c)
(cherry picked from commit a8868d7fbf51e4706a7d2ee44a9066a8e1efcb4a)
commit e1499290f7fe20e6d2b966dbe2e03411c90348c4
Author: Günther Deschner <gd at samba.org>
Date: Fri May 29 12:42:15 2009 +0200
s3-netlogon: return proper error code for unsupported validation class.
Guenther
(cherry picked from commit 65f86a644a8171a99c63b6cb32e01e22897174f6)
(cherry picked from commit 745f8d37fffe9d2ac2938101b08ff39ebf50c94c)
commit f5288a78b8d1c7118a3d73c65dbcf915cc857c0e
Author: Günther Deschner <gd at samba.org>
Date: Fri May 29 12:41:41 2009 +0200
s3-rpc_server: increase max number of open policy handles per pipe to 2048.
Guenther
(cherry picked from commit 9bd8b0a15773d3d5c0649bfb49bb16acfb4bb5f1)
(cherry picked from commit aebc22c407c60588eabae324eb9cc06e73538dd4)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 20 ++++++++++++++++
docs-xml/smbdotconf/security/passdbbackend.xml | 8 ++++--
source3/libsmb/cliconnect.c | 29 +++++++++++++++++++++--
source3/param/loadparm.c | 2 +-
source3/rpc_server/srv_lsa_hnd.c | 2 +-
source3/rpc_server/srv_netlog_nt.c | 13 +++++-----
source3/smbd/filename.c | 13 +++++++---
source3/smbd/open.c | 6 ++--
source3/smbd/trans2.c | 14 +++++++----
9 files changed, 81 insertions(+), 26 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 7060d85..9809072 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -13,6 +13,9 @@ system at https://bugzilla.samba.org/.
Major enhancements in Samba 3.4.0 include:
------------------------------------------
+Configuration changes:
+o The default passdb backend has been changed to 'tdbsam'!
+
General changes:
o Samba4 and Samba3 sources are included in the tarball
@@ -35,6 +38,22 @@ o An asynchronous API has been added.
net Command Changes:
o Parameter syntax made more consistent.
+
+Configuration changes
+=====================
+
+!!! ATTENTION !!!
+The default passdb backend has been changed to 'tdbsam'! That breaks existing
+setups using the 'smbpasswd' backend without explicit declaration! Please use
+'passdb backend = smbpasswd' if you would like to stick to the 'smbpasswd'
+backend or convert your smbpasswd entries using e.g. 'pdbedit -i smbpasswd -e
+tdbsam'.
+
+The 'tdbsam' backend is much more flexible concerning per user settings
+like 'profile path' or 'home directory' and there are some commands which do not
+work with the 'smbpasswd' backend at all.
+
+
General Changes
===============
@@ -148,6 +167,7 @@ smb.conf changes
kerberos method New default
map untrusted to domain New No
max open files Changed Default auto detected
+ passdb backend Changed Default tdbsam
perfcount module New ""
use kerberos keytab Removed
diff --git a/docs-xml/smbdotconf/security/passdbbackend.xml b/docs-xml/smbdotconf/security/passdbbackend.xml
index 487d8b8..b761f97 100644
--- a/docs-xml/smbdotconf/security/passdbbackend.xml
+++ b/docs-xml/smbdotconf/security/passdbbackend.xml
@@ -16,8 +16,10 @@
<para>Available backends can include:
<itemizedlist>
<listitem>
- <para><command moreinfo="none">smbpasswd</command> - The default smbpasswd
- backend. Takes a path to the smbpasswd file as an optional argument.
+ <para><command moreinfo="none">smbpasswd</command> - The old plaintext passdb
+ backend. Some Samba features will not work if this passdb
+ backend is used. Takes a path to the smbpasswd file as an
+ optional argument.
</para>
</listitem>
@@ -60,5 +62,5 @@ passdb backend = ldapsam:"ldap://ldap-1.example.com ldap-2.example.com"
</programlisting>
</description>
-<value type="default">smbpasswd</value>
+<value type="default">tdbsam</value>
</samba:parameter>
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index fb17378..8a3667d 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -616,9 +616,30 @@ static DATA_BLOB cli_session_setup_blob_receive(struct cli_state *cli)
/* w2k with kerberos doesn't properly null terminate this field */
len = smb_bufrem(cli->inbuf, p);
- p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
- len, 0);
+ if (p + len < cli->inbuf + cli->bufsize+SAFETY_MARGIN - 2) {
+ char *end_of_buf = p + len;
+ SSVAL(p, len, 0);
+ /* Now it's null terminated. */
+ p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
+ -1, STR_TERMINATE);
+ /*
+ * See if there's another string. If so it's the
+ * server domain (part of the 'standard' Samba
+ * server signature).
+ */
+ if (p < end_of_buf) {
+ p += clistr_pull(cli->inbuf, cli->server_domain, p, sizeof(fstring),
+ -1, STR_TERMINATE);
+ }
+ } else {
+ /*
+ * No room to null terminate so we can't see if there
+ * is another string (server_domain) afterwards.
+ */
+ p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
+ len, 0);
+ }
return blob2;
}
@@ -867,7 +888,9 @@ static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *use
if (NT_STATUS_IS_OK(nt_status)) {
- fstrcpy(cli->server_domain, ntlmssp_state->server_domain);
+ if (cli->server_domain[0] == '\0') {
+ fstrcpy(cli->server_domain, ntlmssp_state->server_domain);
+ }
cli_set_session_key(cli, ntlmssp_state->session_key);
if (cli_simple_set_signing(
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 09d7378..faffb8e 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -4982,7 +4982,7 @@ static void init_globals(bool first_time_only)
a large number of sites (tridge) */
Globals.bHostnameLookups = False;
- string_set(&Globals.szPassdbBackend, "smbpasswd");
+ string_set(&Globals.szPassdbBackend, "tdbsam");
string_set(&Globals.szLdapSuffix, "");
string_set(&Globals.szLdapMachineSuffix, "");
string_set(&Globals.szLdapUserSuffix, "");
diff --git a/source3/rpc_server/srv_lsa_hnd.c b/source3/rpc_server/srv_lsa_hnd.c
index e853bb2..a09c7ec 100644
--- a/source3/rpc_server/srv_lsa_hnd.c
+++ b/source3/rpc_server/srv_lsa_hnd.c
@@ -26,7 +26,7 @@
/* This is the max handles across all instances of a pipe name. */
#ifndef MAX_OPEN_POLS
-#define MAX_OPEN_POLS 1024
+#define MAX_OPEN_POLS 2048
#endif
/****************************************************************************
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index e0d1e22..79606ab 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -881,6 +881,13 @@ NTSTATUS _netr_LogonSamLogon(pipes_struct *p,
return NT_STATUS_ACCESS_DENIED;
}
+ *r->out.authoritative = true; /* authoritative response */
+ if (r->in.validation_level != 2 && r->in.validation_level != 3) {
+ DEBUG(0,("%s: bad validation_level value %d.\n",
+ fn, (int)r->in.validation_level));
+ return NT_STATUS_INVALID_INFO_CLASS;
+ }
+
sam3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo3);
if (!sam3) {
return NT_STATUS_NO_MEMORY;
@@ -888,12 +895,6 @@ NTSTATUS _netr_LogonSamLogon(pipes_struct *p,
/* store the user information, if there is any. */
r->out.validation->sam3 = sam3;
- *r->out.authoritative = true; /* authoritative response */
- if (r->in.validation_level != 2 && r->in.validation_level != 3) {
- DEBUG(0,("%s: bad validation_level value %d.\n",
- fn, (int)r->in.validation_level));
- return NT_STATUS_ACCESS_DENIED;
- }
if (process_creds) {
diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index 0d5529b..e3acfc8 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -490,8 +490,14 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
goto fail;
}
- /* ENOENT is the only valid error here. */
- if ((errno != 0) && (errno != ENOENT)) {
+ /*
+ * ENOENT/EACCESS are the only valid errors
+ * here. EACCESS needs handling here for
+ * "dropboxes", i.e. directories where users
+ * can only put stuff with permission -wx.
+ */
+ if ((errno != 0) && (errno != ENOENT)
+ && (errno != EACCES)) {
/*
* ENOTDIR and ELOOP both map to
* NT_STATUS_OBJECT_PATH_NOT_FOUND
@@ -501,8 +507,7 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
errno == ELOOP) {
result =
NT_STATUS_OBJECT_PATH_NOT_FOUND;
- }
- else {
+ } else {
result =
map_nt_error_from_unix(errno);
}
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 3578f2a..a721c58 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -346,7 +346,7 @@ static NTSTATUS open_file(files_struct *fsp,
if (!CAN_WRITE(conn)) {
/* It's a read-only share - fail if we wanted to write. */
- if(accmode != O_RDONLY) {
+ if(accmode != O_RDONLY || (flags & O_TRUNC) || (flags & O_APPEND)) {
DEBUG(3,("Permission denied opening %s\n", path));
return NT_STATUS_ACCESS_DENIED;
} else if(flags & O_CREAT) {
@@ -354,8 +354,8 @@ static NTSTATUS open_file(files_struct *fsp,
O_CREAT doesn't create the file if we have write
access into the directory.
*/
- flags &= ~O_CREAT;
- local_flags &= ~O_CREAT;
+ flags &= ~(O_CREAT|O_EXCL);
+ local_flags &= ~(O_CREAT|O_EXCL);
}
}
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 4eb44e3..931b7df 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -6840,16 +6840,20 @@ static void call_trans2setfilepathinfo(connection_struct *conn,
}
}
- if (!CAN_WRITE(conn)) {
- reply_doserror(req, ERRSRV, ERRaccess);
- return;
- }
-
if (INFO_LEVEL_IS_UNIX(info_level) && !lp_unix_extensions()) {
reply_nterror(req, NT_STATUS_INVALID_LEVEL);
return;
}
+ if (!CAN_WRITE(conn)) {
+ /* Allow POSIX opens. The open path will deny
+ * any non-readonly opens. */
+ if (info_level != SMB_POSIX_PATH_OPEN) {
+ reply_doserror(req, ERRSRV, ERRaccess);
+ return;
+ }
+ }
+
DEBUG(3,("call_trans2setfilepathinfo(%d) %s (fnum %d) info_level=%d totdata=%d\n",
tran_call,fname, fsp ? fsp->fnum : -1, info_level,total_data));
--
Samba Shared Repository
More information about the samba-cvs
mailing list