[SCM] Samba Shared Repository - branch v3-2-stable updated -
release-3-2-11-38-g2a5f155
Karolin Seeger
kseeger at samba.org
Tue Jun 2 10:43:40 GMT 2009
The branch, v3-2-stable has been updated
via 2a5f155a63fb1c94760657431cc696952c4674a7 (commit)
via c5364448899752d86528766cb663fadd4367d387 (commit)
via 80a26aa8f4880e6c3363e43929fec9d62554be82 (commit)
via 01d6dc39121c884b82fd591b5e05e65b05357746 (commit)
via 38819b522f39f2c94e50e86f48c856ab7a4a576a (commit)
via fca06aeb060c7a7c1ff5ceeee3f4a769e050f7db (commit)
via 73bbe44bb5afff41576d5412625da60bc67aa5b4 (commit)
via a89c969d86ccf6eb74c413dfaa608a99200a86ff (commit)
via 7140792b54de7f692cfd10c0563d48c5c6d6d727 (commit)
via 51b827e9ed787989eb595f19787420419f3b368e (commit)
via 4faf0054c32545454d1a92357d6785387de48b0b (commit)
via 38f5e34107bd8b29e174f0a0b8addc98aab658a7 (commit)
via c66488284db97477e21866dd704b6562c1b0dda0 (commit)
via 7ee9206d8d8f1c1049534d538259044f7cc83e29 (commit)
via 8d454f5783a834a8cd05a07995f4654129f14ff2 (commit)
via 2dd95f1ecc98d03fd4a2f6c3a0d18f3586109ed4 (commit)
via 554cdcbd15155e21a7226a8393ce16929093cd2b (commit)
via 21e4502b54fbf4ae1e79dbf162c4342c537d3600 (commit)
via f28e99bc939ab739a35f19675a511319479fe0f3 (commit)
via f0f21df93ff02bf9b2e9990ed5fe73102fb717e7 (commit)
via dbc913bbed0a604b80d0388081733d584b457c84 (commit)
via f5086d26ee08eb1a8a2b89f827de7748914c1813 (commit)
via 846496d878ea52b9f103c1b3434c594563fadd4a (commit)
via 9e09b68e3a88b38ed414ee746662eb5c22c1cd24 (commit)
via 827bf317ab2e4960324de039ce59b50eb19995f2 (commit)
via f5925ac6a7951dbfbc410ffc22b66fa55e4f1849 (commit)
via e32c8dcde3e0e56ad028b1fc8f7b03900995bf00 (commit)
via 3d0424f63bdc4d69a8dc69c00a0a1c5e39c66f37 (commit)
via 83f5477340dc46d29bb9ae467d1adac481c41130 (commit)
via 216bc5665468cafaf191fd400cf31d48eafd5e4d (commit)
via 7ce3a0cc305eff5b64d06639fb622aef63317987 (commit)
via af7cf2ae894ee85e9f07498ca39a0aa8fcc1bc64 (commit)
via 24fd3ea71d5f1ac38851a8a849e3d08663c8c69b (commit)
via ae084f570cd0a40162893a756f2cf89e433a11a8 (commit)
via 7fc0e6117152cda961426882b859ecc4cd3ad6de (commit)
via 12c6b37618702dd4b56fe1afdd8e4d335315aab0 (commit)
via adebf903eb9e6520baa76d5c9c718fd1436873ca (commit)
via 9c227985c3ee5d24718b79960e7a2b1cdce5b71d (commit)
from 47311ed9f3ed39c02ffbdf7b958135065ab7f0c2 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable
- Log -----------------------------------------------------------------
commit 2a5f155a63fb1c94760657431cc696952c4674a7
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Jun 2 12:39:11 2009 +0200
VERSION: Raise version number up to 3.2.12.
Karolin
(cherry picked from commit a7fbd3ae42fd3849150da27c37405dbefb59f86e)
commit c5364448899752d86528766cb663fadd4367d387
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Jun 2 12:38:27 2009 +0200
WHATSNEW: Start WHATSNEW for 3.2.12.
Karolin
(cherry picked from commit 5493ea49b64029eee48d4c0128c5172ef24638a7)
commit 80a26aa8f4880e6c3363e43929fec9d62554be82
Author: Karolin Seeger <kseeger at samba.org>
Date: Fri May 29 09:49:49 2009 +0200
s3/docs: Fix typo.
This fixes bug #4341.
Thanks to Michael Cartmell <michael.cartmell [at] thomson.com> for reporting!
Karolin
(cherry picked from commit 2228cc6a0f942b774bef7fb0b99009897fa4dff4)
(cherry picked from commit e1b1f14e0260395a8d452ea0a129bcc9bb3f98cc)
(cherry picked from commit de156e6ee292ad7fc683d681d7c4b44edba67626)
(cherry picked from commit 58539095ee526a08234a4a3111d54af45a84e13a)
commit 01d6dc39121c884b82fd591b5e05e65b05357746
Author: Marc VanHeyningen <marc.vanheyningen at isilon.com>
Date: Tue May 5 22:07:40 2009 +0000
s3: zero an uninitialized array
Invalid pointers were being dereferenced in lookup_sids causing
occasional seg faults.
Signed-off-by: Tim Prouty <tprouty at samba.org>
(cherry picked from commit 34ca12c9396f7c8475cd1525bdbc40021b0e533f)
(cherry picked from commit 9f5f8278b905b38d288618916c23f85373919b83)
commit 38819b522f39f2c94e50e86f48c856ab7a4a576a
Author: Volker Lendecke <vl at samba.org>
Date: Sun May 24 18:57:13 2009 +0200
Fix a race condition in winbind leading to a panic
In winbind, we do multiple events in one select round. This needs fixing, but
as long as we're still using it, for efficiency reasons we need to do that.
What can happen is the following: We have outgoing data pending for a client,
thus
state->fd_event.flags == EVENT_FD_WRITE
Now a new client comes in, we go through the list of clients to find an idle
one. The detection for idle clients in remove_idle_client does not take the
pending data into account. We close the socket that has pending outgoing data,
the accept(2) one syscall later gives us the same socket.
In new_connection(), we do a setup_async_read, setting up a read fde. The
select from before however had found the socket (that we had already closed!!)
to be writable. In rw_callback we only want to see a readable flag, and we
panic in the SMB_ASSERT(flags == EVENT_FD_READ).
Found using
bin/smbtorture //127.0.0.1/tmp -U% -N 500 -o 2 local-wbclient
Volker
(commit 68c5c6df in master)
(cherry picked from commit d12681489f18df97b11c4ce6e069d6e2d006c184)
commit fca06aeb060c7a7c1ff5ceeee3f4a769e050f7db
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon May 25 10:50:23 2009 +0200
s3/docs: Fix typos.
Thanks to Oota Toshiya <t-oota at dh.jp.nec.com> for reporting!
Karolin
(cherry picked from commit f3df38362cc15211d9fca8229a0f9d9fc9c8e481)
(cherry picked from commit 7434898b10a5c5780bd015b7bdca3eaa7a2b5475)
(cherry picked from commit 58372ab5dccce60b40e29196767b29e81dfe9872)
commit 73bbe44bb5afff41576d5412625da60bc67aa5b4
Author: Jeremy Allison <jra at samba.org>
Date: Sat May 23 21:04:54 2009 +0200
s3/groupmapping: Groupdb mapping fix (bug #6386).
(cherry picked from commit fad2741ec79a34f25577d0a5d3c35a6455d3ce24)
commit a89c969d86ccf6eb74c413dfaa608a99200a86ff
Author: Simo Sorce <idra at samba.org>
Date: Thu May 21 21:32:17 2009 -0400
Insure we always return NULL on error.
It is not technically an ldb bug, but apparently some callers try to access
res before checking the ldb_search() return code.
So make their attempt very evident (a NULL dereference will make it cristal
clear where the bug is).
(cherry picked from commit c60539f31f63bd65e5b0e3ee16365f036bef3d5b)
commit 7140792b54de7f692cfd10c0563d48c5c6d6d727
Author: Jeremy Allison <jra at samba.org>
Date: Wed Feb 25 13:00:21 2009 -0800
Make test for open modes more robust against other bits.
Jeremy.
(cherry picked from commit 8d178837f259757340a09a688ed194e3e4a92c36)
(cherry picked from commit 6631ca4a51d4b13d2edd2dc899f7b76c233825b5)
(cherry picked from commit a7f96104b957ba0eb910f8c0073818f872345e3c)
commit 51b827e9ed787989eb595f19787420419f3b368e
Author: Jeremy Allison <jra at samba.org>
Date: Wed Feb 25 12:54:58 2009 -0800
Fix bug in processing of open modes in POSIX open.
Was missing case of "If file exists open. If file doesn't exist error."
Damn damn damn. CIFSFS client will have to have fallback cases
for this error for a long time.
Jeremy.
(cherry picked from commit b652082648c49b525d2b2ce619b575ee75bc242e)
(cherry picked from commit 12cf12f10c1c6adad568daf6c16144a99b0f822e)
(cherry picked from commit 2050a239a5fee6cfd17d083619cc4a03a3a6dd6d)
commit 4faf0054c32545454d1a92357d6785387de48b0b
Author: Volker Lendecke <vl at samba.org>
Date: Wed May 20 17:45:47 2009 +0200
Fix bug 6382: Case insensitive access to DFS links broken
(cherry picked from commit cdc93a7edc6798078a7b21b1728a844437b6522b)
commit 38f5e34107bd8b29e174f0a0b8addc98aab658a7
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue May 19 13:42:16 2009 +0200
s3/docs: Fix shutdown script example.
This fixes bug #5897. Thanks to TAKAHASHI Motonobu
<monyo [at] samba.gr.jp> for reporting and providing the example!
Karolin
(cherry picked from commit f741b90ee8f74077871a0b5d1df55c0dd34a313f)
(cherry picked from commit 1653bbf50b02e4f4dc2f01c5dab32c1cc4894582)
(cherry picked from commit 3f45721216cc6144784c28b82a594f25ebdb1608)
commit c66488284db97477e21866dd704b6562c1b0dda0
Author: Jeremy Allison <jra at samba.org>
Date: Thu May 7 12:53:31 2009 -0700
s3-auth: use full 16byte session key in make_user_info_netlogon_interactive().
Patch from Jeremy.
With this patch, I was able to join Windows 7 RC to a Samba3 DC, and login into a
Samba 3 Domain.
There are still two registry settings required:
HKLM\System\CCS\Services\LanmanWorkstation\Parameters
DWORD DomainCompatibilityMode = 1
DWORD DNSNameResolutionRequired = 0
Do *not* modify the other netlogon registry parameters that were passed around,
they weaken security.
Guenther / Jeremy.
(cherry picked from commit 43bab13d00fa073acf709ac9a66cb2782694811b)
commit 7ee9206d8d8f1c1049534d538259044f7cc83e29
Author: Guenther Deschner <gd at samba.org>
Date: Thu May 7 12:53:00 2009 -0700
s3-credentials: protect netlogon_creds_server_step() against NULL creds.
Found by SCHANNEL torture tests.
Guenther
(cherry picked from commit c578c66569eed3ae19b42c9787399eb70b935e0a)
commit 8d454f5783a834a8cd05a07995f4654129f14ff2
Author: Jeremy Allison <jra at samba.org>
Date: Mon May 11 11:17:56 2009 -0700
After getting confirmation from Guenther, add 3 changes we'll ultimately need to fix bug #6099 Samba returns incurrate capabilities list. 1). Add a comment to point out that r->in.negotiate_flags is an aliased pointer to r->out.negotiate_flags. 2). Ensure we return NETLOGON_NEG_STRONG_KEYS in our flags return if the client requested it. 3). Clean up the error exits so we always return the same way. Signed off by Guenther. Jeremy.
(cherry picked from commit 59ee131464636d3363bc7ee398ba6390a6333558)
commit 2dd95f1ecc98d03fd4a2f6c3a0d18f3586109ed4
Author: Guenther Deschner <gd at samba.org>
Date: Mon May 11 11:13:47 2009 -0700
Jeremy, with 9a5d5cc1db0ee60486f932e34cd7961b90c70a56 you alter the in negotiate flags (which are a pointer to the out negotiate flags assigned in the generated netlogon server code). So, while you wanted to just set the *out* negflags, you did in fact reset the *in* negflags, effectively eliminating the NETLOGON_NEG_STRONG_KEYS bit (formerly known as NETLOGON_NEG_128BIT) which then caused creds_server_init() to generate 64bit creds instead of 128bit, causing the whole chain to break. *Please* check.
Guenther
(cherry picked from commit 853bbc0d3920654aa7401fa5d6fcba7ff86e1a21)
commit 554cdcbd15155e21a7226a8393ce16929093cd2b
Author: Björn Jacke <bj at sernet.de>
Date: Thu May 7 17:50:34 2009 +0200
s3/ldap: also handle DirX return codes
this is a backport of f238809d236443b8968e1b4b197a55935c7c7e85 from master
(cherry picked from commit 1b040289f14bb22d3b6ab07a452236549d6c9bf6)
(cherry picked from commit 7f1771f26dcc334c32df332545d33937f8602bd6)
commit 21e4502b54fbf4ae1e79dbf162c4342c537d3600
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri May 8 14:33:49 2009 +0200
s3:smbd: fix posix acls when setting an ACL without explicit ACE for the owner (bug#2346)
The problem of bug #2346 remains for users exported by
winbindd, because create_token_from_username() just fakes
the token when the user is not in the local sam domain. This causes
user_in_group_sid() to give totally wrong results.
In uid_entry_in_group() we need to check if we already
have the full unix token in the current_user struct.
If so we should use the current_user unix token,
instead of doing a very complex user_in_group_sid()
which doesn't give reliable results anyway.
metze
(cherry picked from commit b79eff843be392f3065e912edca1434081d93c44)
(cherry picked from commit cb5c72c0a05a78ff1b86eb02cf5ecd3d7d69623d)
(cherry picked from commit ef0d72513b5404f176186632aab67d7b87039ba2)
commit f28e99bc939ab739a35f19675a511319479fe0f3
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed May 13 10:07:56 2009 +0200
s3/packaging: Fix build on RHEL when ccache is not available.
This fixes bug #5832.
Patch was provided by D.L. Meyer <dlmeyer [at] uiuc.edu>.
Thanks for reporting and providing the patch!
Karolin
(cherry picked from commit 42e0cb8c0a1b8470ac8e9ad1c5a741e299debb8f)
(cherry picked from commit b2205a7697598729f85cb767621b8c610654053c)
(cherry picked from commit 07d40da10ac9aab58cb7684dc39f6c1ffeb2d020)
commit f0f21df93ff02bf9b2e9990ed5fe73102fb717e7
Author: Volker Lendecke <vl at samba.org>
Date: Thu Oct 2 02:17:04 2008 +0200
Fix bug 5798: "CFLAGS info lost in configure"
picked from 9097a67de
Volker
(cherry picked from commit 9ffb1e6f0ded2647efe567912873a1a63e2ffed1)
(cherry picked from commit d3f39da433c22632007a9300d4dab4cda0dfd43e)
commit dbc913bbed0a604b80d0388081733d584b457c84
Author: Jeremy Allison <jra at samba.org>
Date: Tue Apr 28 11:07:51 2009 -0700
Fix bug #6291 - force user stop working. A previous fix broke the invariant that *uid is always initialized on return from create_token_from_username(). Restore it. Jeremy.
(cherry picked from commit 09b76c57098ed4d11855000ae31cd346cb9a765d)
(cherry picked from commit 191e4c415e7008070110970ba51f3f82dc493a8b)
commit f5086d26ee08eb1a8a2b89f827de7748914c1813
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed May 6 16:06:59 2009 +0200
s3/docs: Remove unnecessary .sp.
Karolin
(cherry picked from commit 4a4dc776b2f0ca813abcf4f47f0d5721f75f3e6a)
(cherry picked from commit 6a617a9677da9df8f70cf2039245cfb5ce3d94c3)
(cherry picked from commit 8c5771422bf25dba0638c3419ac14f0841b94293)
(cherry picked from commit fe7c528089815a533402b5a3b247db94a2c70d6d)
commit 846496d878ea52b9f103c1b3434c594563fadd4a
Author: Günther Deschner <gd at samba.org>
Date: Wed May 6 15:43:23 2009 +0200
s3-docs: Fix Bug #6331. Document "net dom join/net dom unjoin".
Guenther
(cherry picked from commit e398f1e91575909d2a90fab1e6f00804815a0b2f)
(cherry picked from commit e19dddb2b438b75dcd995aaa763fcbe55d7de5cc)
(cherry picked from commit 457313c37904246fb0628ab0f2ef207dc38b2f85)
commit 9e09b68e3a88b38ed414ee746662eb5c22c1cd24
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon May 4 15:54:34 2009 +0200
s3/packaging: Add keyutils-devel to build requires.
This should fiy bug #5853. Thanks to D.L. Meyer <dlmeyer [at] uiuc.edu>
for reporting.
Karolin
(cherry picked from commit d8de7e3193143ec50d86adc704123ca240a8f549)
(cherry picked from commit c89c2db8c51bd3cede2e2e8fb58214971eda4129)
(cherry picked from commit 437136465e52a893a3f866bda40d4c9d812693d9)
commit 827bf317ab2e4960324de039ce59b50eb19995f2
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon May 4 15:17:30 2009 +0200
s3/docs: Fix typo.
Karolin
(cherry picked from commit c2eb0d87a2436614741119ebd14fda05b42a2ddd)
(cherry picked from commit 98c238a54dbe3e64262252a9fb38b382c53c1bcf)
(cherry picked from commit b118a70a9fc96e8ae5e51ebc8abc9076b07fdf27)
commit f5925ac6a7951dbfbc410ffc22b66fa55e4f1849
Author: Günther Deschner <gd at samba.org>
Date: Wed Apr 29 01:55:09 2009 +0200
3.2 samr bug 6301: fix samr_ConnectVersion enum which is 32bit not 16bit.
Port of 67ca76c288eb095ae to 3.2
Signed-off-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 0b0b0499f0ba60cfff943fa2200a6534c0a3f816)
commit e32c8dcde3e0e56ad028b1fc8f7b03900995bf00
Author: Karolin Seeger <kseeger at samba.org>
Date: Sun May 3 09:55:46 2009 +0200
s3/docs: Fix typos.
That fixes bug #4247. Thanks to David McNeill <davemc [at] mcpond.co.nz>
for reporting!
Karolin
(cherry picked from commit eaf949947c2eb03363c4b6f588f87b70110d6ff7)
(cherry picked from commit cea79d1fbf44b0d5bff5aa12962fb3d3cb61c367)
(cherry picked from commit 226620d0ed221da983b4f662fcef14906588f1bd)
(cherry picked from commit 07835177469d7699a478014f7a4a556684705bb6)
commit 3d0424f63bdc4d69a8dc69c00a0a1c5e39c66f37
Author: Karolin Seeger <kseeger at samba.org>
Date: Sun May 3 09:35:55 2009 +0200
s3/docs: Fix typo.
This fixes bug #4245. Thanks to David McNeill <davemc [at] mcpond.co.nz>
for reporting!
Karolin
(cherry picked from commit 579c91581f5b6d5341a12923fe6cde377223caff)
(cherry picked from commit 49caab4044e47236594c6688f202aed555b9da61)
(cherry picked from commit 139f95c85f96e7ccba024283608f9ee5990f6676)
(cherry picked from commit 148aa12c89df78718addd7b72c79a8005e680509)
commit 83f5477340dc46d29bb9ae467d1adac481c41130
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed Apr 29 14:12:01 2009 +0200
s3/docs: Fix serveral typos.
This fixes bug #4315.
Thanks to Felipe Augusto van de Wiel <faw [at] cathedrallabs [dot] org>!
Karolin
(cherry picked from commit 3422b9c546cdd262bd747e1e737c2b6479b4d21e)
(cherry picked from commit 3da62734fffa99cde1084beeb69e94a7bc623dde)
(cherry picked from commit b487a48c876fcaf88ec3fb4b05bacdd9b0bd8cd0)
(cherry picked from commit ccea7f24879265291615802982b67451ddb818ad)
commit 216bc5665468cafaf191fd400cf31d48eafd5e4d
Author: Günther Deschner <gd at samba.org>
Date: Wed Apr 22 23:48:24 2009 +0200
s3-selftest: test wbinfo --allocate-uid/gid.
Guenther
(cherry picked from commit c3843c40b5c426910a184dcef3b17283e6e224e9)
(cherry picked from commit 679be14a080dfcbbbc9403ff0fc67b61073a357e)
commit 7ce3a0cc305eff5b64d06639fb622aef63317987
Author: Simo Sorce <ssorce at redhat.com>
Date: Wed Apr 22 09:12:58 2009 -0400
Fix profile acls in some corner cases
Always add back the real original owner of the directory in the ACE List after
we steal its ACE for the Administrators group.
(cherry picked from commit 8e438431a1447fd482c107fbe0aee3af49afe068)
commit af7cf2ae894ee85e9f07498ca39a0aa8fcc1bc64
Author: Simo Sorce <ssorce at redhat.com>
Date: Wed Apr 22 06:15:21 2009 -0400
Avoid duplicate aces
When adding arbitrary aces to an nt_ace_list we need to make sure we
are not actually adding a duplicate.
add_or_replace_ace() takes care of doing the right thing.
(cherry picked from commit 958207e321f330426536bf7e936b30fa2efffddc)
commit 24fd3ea71d5f1ac38851a8a849e3d08663c8c69b
Author: Jeremy Allison <jra at samba.org>
Date: Wed Apr 22 03:04:22 2009 -0700
Add comment explaining the previous fix.
Jeremy.
(cherry picked from commit 9da82269dc6d9da3c0393a85e0217bf22cd2fe5c)
commit ae084f570cd0a40162893a756f2cf89e433a11a8
Author: Jeremy Allison <jra at samba.org>
Date: Wed Apr 22 02:24:27 2009 -0700
Fix bug #6279 - winbindd crash. Cope with LDAP libraries returning LDAP_SUCCESS but not returning a result.
Jeremy
(cherry picked from commit e7687dd9ca244a53fdf2312a78cdb028dd8971d5)
commit 7fc0e6117152cda961426882b859ecc4cd3ad6de
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Apr 3 12:21:17 2009 +0200
s3:docs: document the --request-timeout option of net
metze
(cherry picked from commit cdbbc81bad5d53397bf80898cf68d8867cf64cba)
(cherry picked from commit 1d1e859c4e08fed1775a170ccff459f3a18e13ba)
(cherry picked from commit 8775968526046f040a2e6ba8697d719b5e3bced8)
(cherry picked from commit b9395cb807b7c2a72ec6ba3cb7429bd2add79c54)
commit 12c6b37618702dd4b56fe1afdd8e4d335315aab0
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 26 20:32:55 2009 +0100
s3:net: add --request-timeout option
metze
(cherry picked from commit 257809558bfab3e45703cf8be76357596392a3ea)
(cherry picked from commit e20b8706401d1a4eee0fe494825deef6ab23ab23)
(cherry picked from commit d80e02de5714aaa650bef91767ce0775bd2392f5)
(cherry picked from commit 340c23e150061a20af72e9b9a1762d288660861c)
commit adebf903eb9e6520baa76d5c9c718fd1436873ca
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 26 20:29:24 2009 +0100
s3:net_rpc: don't shutdown a cli_state passed from the caller
This fixes a crash bug if we timeout in net rpc trustdom list.
metze
(cherry picked from commit c0dfe0cf80ee50f395912b7d6aec0d87febd34c0)
(cherry picked from commit d87563604ca7b1c18c5a84d76726c2a99dc454f8)
(cherry picked from commit cba4214b963983730bedc792e391b5435889597a)
(cherry picked from commit 34bf50b0302ff112af52088b93b40b1bcaf002e8)
commit 9c227985c3ee5d24718b79960e7a2b1cdce5b71d
Author: Michael Adam <obnox at samba.org>
Date: Fri Apr 17 11:40:17 2009 +0200
s3:registry: Prevent creation of keys containing the '/' character.
Even though "net conf setparm abc/def comment xyz" does not
create a broken registry we do not want such keys to be created.
Since we get problems accessing these with "net registry" since
the registry code treats the '/' sign as a separator as a lower
level.
This makes e.g. "net conf setparm abc/def comment xyz" fail with
WERR_INVALID_PARAM, which is much more desirable than a broken
registry.tdb.
Michael
(cherry picked from commit de6f09988d84752e5333cba1fa69c5a685e903b7)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 33 +------
.../Samba3-ByExample/SBE-KerberosFastStart.xml | 4 +-
docs-xml/Samba3-HOWTO/TOSHARG-Install.xml | 17 ++--
docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml | 10 +-
docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml | 2 +-
docs-xml/Samba3-HOWTO/TOSHARG-foreword-cargill.xml | 2 +-
docs-xml/manpages-3/net.8.xml | 91 +++++++++++++++++
docs-xml/smbdotconf/logon/shutdownscript.xml | 9 +-
packaging/RHEL/samba.spec.tmpl | 5 +-
source/VERSION | 2 +-
source/auth/auth_util.c | 41 +++++++-
source/configure.in | 2 +-
source/groupdb/mapping_ldb.c | 26 ++++-
source/include/ntdomain.h | 2 +-
source/lib/ldb/common/ldb.c | 1 +
source/libads/ldap.c | 10 ++
source/librpc/gen_ndr/ndr_samr.c | 6 +-
source/librpc/idl/samr.idl | 2 +-
source/libsmb/credentials.c | 4 +
source/passdb/lookup_sid.c | 5 +-
source/passdb/pdb_ldap.c | 2 +
source/registry/reg_api.c | 10 ++
source/rpc_server/srv_netlog_nt.c | 34 +++++--
source/script/tests/test_wbinfo_s3.sh | 2 +
source/smbd/msdfs.c | 2 +
source/smbd/posix_acls.c | 103 ++++++++++++++++----
source/smbd/trans2.c | 2 +
source/utils/net.c | 4 +
source/utils/net.h | 1 +
source/utils/net_help.c | 3 +-
source/utils/net_rpc.c | 17 ++--
source/winbindd/winbindd.c | 1 +
32 files changed, 348 insertions(+), 107 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 4137597..71db9d6 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,47 +1,24 @@
==============================
- Release Notes for Samba 3.2.11
- April 17, 2009
+ Release Notes for Samba 3.2.12
+ June 09, 2009
==============================
This is a maintenance release of the Samba 3.2 series.
-Major enhancements in 3.2.11 include:
+Major enhancements in 3.2.12 include:
- o Fix domain logins for WinXP clients pre SP3 (bug #6263).
- o Fix samr_OpenDomain access checks (bug #6089).
- o Fix smbd crash for close_on_completion.
+ o
######################################################################
Changes
#######
-Changes since 3.2.10
+Changes since 3.2.11
--------------------
-o Jeremy Allison <jra at samba.org>
- * BUG 6089: Fix samr_OpenDomain access checks.
- * BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with
- "msdfs root" set to "yes".
- * Allow pdbedit to change a user rid/sid.
- * When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid.
-
-
-o Günther Deschner <gd at samba.org>
- * BUG 6205: Correct sample smb.conf share configuration.
- * BUG 6263: Fix domain logins for WinXP clients pre SP3.
- * Fix resume command typo for "printing = vlp".
-
-
-o Volker Lendecke <vl at samba.org>
- * Fix smbd crash for close_on_completion.
- * Fix a memleak in an unlikely error path in change_notify_create().
-
-
-o Jim McDonough <jmcd at samba.org>
- * Don't look up local user for remote changes, even when root.
######################################################################
diff --git a/docs-xml/Samba3-ByExample/SBE-KerberosFastStart.xml b/docs-xml/Samba3-ByExample/SBE-KerberosFastStart.xml
index b593eed..7f2ac4b 100644
--- a/docs-xml/Samba3-ByExample/SBE-KerberosFastStart.xml
+++ b/docs-xml/Samba3-ByExample/SBE-KerberosFastStart.xml
@@ -1368,8 +1368,10 @@
<orderedlist>
<listitem><para>
- A user opens a Work document from a network drive. The file was owned by user <constant>janetp</constant>
+ A user opens a Word document from a network drive. The file was owned by user <constant>janetp</constant>
and <group>users</group>, and was set read/write-enabled for everyone.
+ A user opens a Word document from a network drive. The file was owned by user <constant>janetp</constant>
+ and <constant>users</constant>, and was set read/write-enabled for everyone.
</para></listitem>
<listitem><para>
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml
index 9894ed2..d13f6ee 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml
@@ -334,8 +334,8 @@
<variablelist>
<varlistentry><term>nmbd</term>
<listitem><para>
- <indexterm><primary>smbd</primary></indexterm>
- <indexterm><primary>starting samba</primary><secondary>smbd</secondary></indexterm>
+ <indexterm><primary>nmbd</primary></indexterm>
+ <indexterm><primary>starting samba</primary><secondary>nmbd</secondary></indexterm>
This daemon handles all name registration and resolution requests. It is the primary vehicle involved
in network browsing. It handles all UDP-based protocols. The <command>nmbd</command> daemon should
be the first command started as part of the Samba startup process.
@@ -344,8 +344,8 @@
<varlistentry><term>smbd</term>
<listitem><para>
- <indexterm><primary>nmbd</primary></indexterm>
- <indexterm><primary>starting samba</primary><secondary>nmbd</secondary></indexterm>
+ <indexterm><primary>smbd</primary></indexterm>
+ <indexterm><primary>starting samba</primary><secondary>smbd</secondary></indexterm>
This daemon handles all TCP/IP-based connection services for file- and print-based operations. It also
manages local authentication. It should be started immediately following the startup of <command>nmbd</command>.
</para></listitem>
@@ -467,7 +467,7 @@
and thus the need to keep this file small goes against good documentation wisdom. One solution that may
be adopted is to do all documentation and configuration in a file that has another name, such as
<filename>smb.conf.master</filename>. The <command>testparm</command> utility can be used to generate a
- fully optimized &smb.conf; file from this master configuration and documtenation file as shown here:
+ fully optimized &smb.conf; file from this master configuration and documentation file as shown here:
<screen>
&rootprompt; testparm -s smb.conf.master > smb.conf
</screen>
@@ -484,8 +484,7 @@
<para>
<indexterm><primary>swat</primary></indexterm>
SWAT is a Web-based interface that can be used to facilitate the configuration of Samba. SWAT might not
- be available in the Samba package that shipped with your platform, but in a separate package. If it is
- necesaary to built SWAT please read the SWAT man page regarding compilation, installation, and
+ be available in the Samba package that shipped with your platform, but in a separate package. If you need to build SWAT please read the SWAT man page regarding compilation, installation, and
configuration of SWAT from the source code.
</para>
@@ -498,10 +497,12 @@
<para>
SWAT can be used from a browser on any IP-connected machine, but be aware that connecting from a remote
- machine leaves your connection open to password sniffing because passwords will be sent over the wire in the clear.
+ machine leaves your connection open to password sniffing because passwords will be sent over the wire in the clear.
</para>
<para>
+ Please note that re-writing the configuration file using SWAT will
+ remove all comments!
More information about SWAT can be found in <link linkend="SWAT">The Samba Web Administration Tool</link>.
</para>
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml
index 957abbf..8659437 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml
@@ -757,7 +757,7 @@ Samba-3 introduces a number of new password backend capabilities.
<indexterm><primary>trust accounts</primary></indexterm>
The POSIX and sambaSamAccount components of computer (machine) accounts are both used by Samba.
Thus, machine accounts are treated inside Samba in the same way that Windows NT4/200X treats
- them. A user account and a machine account are indistinquishable from each other, except that
+ them. A user account and a machine account are indistinguishable from each other, except that
the machine account ends in a $ character, as do trust accounts.
</para>
@@ -1050,7 +1050,7 @@ is being added to the <command>net</command> toolset (see <link linkend="NetComm
<entry><para>0</para></entry>
</row>
<row>
- <entry><para>Mimimum Password Length</para></entry>
+ <entry><para>Minimum Password Length</para></entry>
<entry><para>min password length</para></entry>
<entry><para>1 - 14 (Chars)</para></entry>
<entry><para>0 - 4294967295 (Chars)</para></entry>
@@ -1615,7 +1615,7 @@ account policy value for password history is now 4
&rootprompt; pdbedit -P "maximum password age" -C 7776000
account policy value for maximum password age was 4294967295
account policy value for maximum password age is now 7776000
-&rootprompt; pdbedit -P "minimum password age" -C 7
+&rootprompt; pdbedit -P "minimum password age" -C 604800
account policy value for minimum password age was 0
account policy value for minimum password age is now 7
&rootprompt; pdbedit -P "bad lockout attempt" -C 8
@@ -1735,7 +1735,7 @@ to be removed.
<listitem><para>
<indexterm><primary>lookups</primary></indexterm>
The first problem is that all lookups must be performed sequentially. Given that
- there are approximately two lookups per domain logon (one during intial logon validation
+ there are approximately two lookups per domain logon (one during initial logon validation
and one for a session connection setup, such as when mapping a network drive or printer), this
is a performance bottleneck for large sites. What is needed is an indexed approach
such as that used in databases.
@@ -2626,7 +2626,7 @@ sambaNTPassword: 878D8014606CDA29677A44EFA1353FC7
</sect3>
<sect3>
- <title>Using OpenLDAP Overlay for Password Syncronization</title>
+ <title>Using OpenLDAP Overlay for Password Synchronization</title>
<para>
Howard Chu has written a special overlay called <command>smbk5pwd</command>. This tool modifies the
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml b/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml
index b8bd327..91e9712 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml
@@ -276,7 +276,7 @@ quotasettings: gid nolimit = no
<para>
<indexterm><primary>logging</primary></indexterm>
- This auditing tool is more felxible than most people readily will recognize. There are a number of ways
+ This auditing tool is more flexible than most people will readily recognize. There are a number of ways
by which useful logging information can be recorded.
</para>
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-foreword-cargill.xml b/docs-xml/Samba3-HOWTO/TOSHARG-foreword-cargill.xml
index 6331d2f..b5da92d 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-foreword-cargill.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-foreword-cargill.xml
@@ -38,7 +38,7 @@ know</emphasis>, why are you doing a standard?
<para>
A <emphasis>good standard</emphasis> survives because people know how to use it. People know how to use a
-standard when it is so transparent, so obvious, and so easy that it become invisible. And a standard becomes
+standard when it is so transparent, so obvious, and so easy that it becomes invisible. And a standard becomes
invisible only when the documentation describing how to deploy it is clear, unambiguous, and correct. These
three elements must be present for a standard to be useful, allowing communication and interaction between two
separate and distinct entities to occur without obvious effort. As you read this book, look for the evidence
diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml
index 876992d..97c6c86 100644
--- a/docs-xml/manpages-3/net.8.xml
+++ b/docs-xml/manpages-3/net.8.xml
@@ -35,6 +35,7 @@
<arg choice="opt">-P</arg>
<arg choice="opt">-d debuglevel</arg>
<arg choice="opt">-V</arg>
+ <arg choice="opt">--request-timeout seconds</arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -125,6 +126,14 @@
</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term>--request-timeout 30</term>
+ <listitem><para>
+ Let client requests timeout after 30 seconds the default is 10
+ seconds.
+ </para></listitem>
+ </varlistentry>
+
&stdarg.server.debug;
</variablelist>
</refsect1>
@@ -1560,6 +1569,88 @@ Delete the list of includes from the provided section (global or share).
</refsect2>
<refsect2>
+<title>DOM</title>
+
+<para>Starting with version 3.2.0 Samba has support for remote join and unjoin APIs, both client and server-side. Windows supports remote join capabilities since Windows 2000.
+</para>
+<para>In order for Samba to be joined or unjoined remotely an account must be used that is either member of the Domain Admins group, a member of the local Administrators group or a user that is granted the SeMachineAccountPrivilege privilege.
+</para>
+
+<para>The client side support for remote join is implemented in the net dom commands which are:
+<simplelist>
+<member>net dom join - Join a remote computer into a domain.</member>
+<member>net dom unjoin - Unjoin a remote computer from a domain.</member>
+</simplelist>
+</para>
+
+<refsect3>
+<title>DOM JOIN <replaceable>domain=DOMAIN</replaceable> <replaceable>ou=OU</replaceable> <replaceable>account=ACCOUNT</replaceable> <replaceable>password=PASSWORD</replaceable> <replaceable>reboot</replaceable></title>
+
+<para>
+Joins a computer into a domain. This command supports the following additional parameters:
+</para>
+
+<itemizedlist>
+
+<listitem><para><replaceable>DOMAIN</replaceable> can be a NetBIOS domain name (also known as short domain name) or a DNS domain name for Active Directory Domains. As in Windows, it is also possible to control which Domain Controller to use. This can be achieved by appending the DC name using the \ separator character. Example: MYDOM\MYDC. The <replaceable>DOMAIN</replaceable> parameter cannot be NULL.</para></listitem>
+
+<listitem><para><replaceable>OU</replaceable> can be set to a RFC 1779 LDAP DN, like <emphasis>ou=mymachines,cn=Users,dc=example,dc=com</emphasis> in order to create the machine account in a non-default LDAP containter. This optional parameter is only supported when joining Active Directory Domains.</para></listitem>
+
+<listitem><para><replaceable>ACCOUNT</replaceable> defines a domain account that will be used to join the machine to the domain. This domain account needs to have sufficient privileges to join machines.</para></listitem>
+
+<listitem><para><replaceable>PASSWORD</replaceable> defines the password for the domain account defined with <replaceable>ACCOUNT</replaceable>.</para></listitem>
+
+<listitem><para><replaceable>REBOOT</replaceable> is an optional parameter that can be set to reboot the remote machine after successful join to the domain.</para></listitem>
+
+</itemizedlist>
+
+<para>
+Note that you also need to use standard net paramters to connect and authenticate to the remote machine that you want to join. These additional parameters include: -S computer and -U user.
+</para>
+<para>
+ Example:
+ net dom join -S xp -U XP\\administrator%secret domain=MYDOM account=MYDOM\\administrator password=topsecret reboot.
+</para>
+<para>
+This example would connect to a computer named XP as the local administrator using password secret, and join the computer into a domain called MYDOM using the MYDOM domain administrator account and password topsecret. After successful join, the computer would reboot.
+</para>
+
+</refsect3>
+
+<refsect3>
+<title>DOM UNJOIN <replaceable>account=ACCOUNT</replaceable> <replaceable>password=PASSWORD</replaceable> <replaceable>reboot</replaceable></title>
+
+<para>
+Unjoins a computer from a domain. This command supports the following additional parameters:
+</para>
+
+<itemizedlist>
+
+<listitem><para><replaceable>ACCOUNT</replaceable> defines a domain account that will be used to unjoin the machine from the domain. This domain account needs to have sufficient privileges to unjoin machines.</para></listitem>
+
+<listitem><para><replaceable>PASSWORD</replaceable> defines the password for the domain account defined with <replaceable>ACCOUNT</replaceable>.</para></listitem>
+
+<listitem><para><replaceable>REBOOT</replaceable> is an optional parameter that can be set to reboot the remote machine after successful unjoin from the domain.</para></listitem>
+
+</itemizedlist>
+
+<para>
+Note that you also need to use standard net paramters to connect and authenticate to the remote machine that you want to unjoin. These additional parameters include: -S computer and -U user.
+</para>
+<para>
+ Example:
+ net dom unjoin -S xp -U XP\\administrator%secret account=MYDOM\\administrator password=topsecret reboot.
+</para>
+<para>
+This example would connect to a computer named XP as the local administrator using password secret, and unjoin the computer from the domain using the MYDOM domain administrator account and password topsecret. After successful unjoin, the computer would reboot.
+</para>
+
+</refsect3>
+
+</refsect2>
+
+<refsect2>
+>>>>>>> 80d32b8... s3-docs: Fix Bug #6331. Document "net dom join/net dom unjoin".:docs-xml/manpages-3/net.8.xml
<title>HELP [COMMAND]</title>
<para>Gives usage information for the specified command.</para>
diff --git a/docs-xml/smbdotconf/logon/shutdownscript.xml b/docs-xml/smbdotconf/logon/shutdownscript.xml
index 7e8ec8f..076704a 100644
--- a/docs-xml/smbdotconf/logon/shutdownscript.xml
+++ b/docs-xml/smbdotconf/logon/shutdownscript.xml
@@ -42,12 +42,13 @@
<para>Shutdown script example:
<programlisting format="linespecific">
#!/bin/bash
-
-$time=0
-let "time/60"
-let "time++"
+
+time=$2
+let time="${time} / 60"
+let time="${time} + 1"
/sbin/shutdown $3 $4 +$time $1 &
+
</programlisting>
Shutdown does not return so we need to launch it in background.
</para>
diff --git a/packaging/RHEL/samba.spec.tmpl b/packaging/RHEL/samba.spec.tmpl
index 071fe87..2bcb8dc 100644
--- a/packaging/RHEL/samba.spec.tmpl
+++ b/packaging/RHEL/samba.spec.tmpl
@@ -28,7 +28,7 @@ Provides: samba = %{version}
Prefix: /usr
BuildRoot: %{_tmppath}/%{name}-%{version}-root
-BuildRequires: pam-devel, readline-devel, fileutils, libacl-devel, openldap-devel, krb5-devel, cups-devel
+BuildRequires: pam-devel, readline-devel, fileutils, libacl-devel, openldap-devel, krb5-devel, cups-devel, keyutils-devel
# Working around perl dependency problem from docs
%define __perl_requires %{SOURCE998}
@@ -122,8 +122,7 @@ cd source
# RPM_OPT_FLAGS="$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64"
## check for ccache
- ccache -h 2>&1 > /dev/null
-if [ $? -eq 0 ]; then
+if [ "$(which ccache 2> /dev/null)" != "" ]; then
CC="ccache gcc"
else
CC="gcc"
diff --git a/source/VERSION b/source/VERSION
index b1413a5..eb5efdd 100644
--- a/source/VERSION
+++ b/source/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=3
SAMBA_VERSION_MINOR=2
-SAMBA_VERSION_RELEASE=11
+SAMBA_VERSION_RELEASE=12
########################################################
# Bug fix releases use a letter for the patch revision #
diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index 24b05a5..c9b5614 100644
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -292,8 +292,7 @@ bool make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
unsigned char local_nt_response[24];
unsigned char key[16];
- ZERO_STRUCT(key);
- memcpy(key, dc_sess_key, 8);
+ memcpy(key, dc_sess_key, 16);
if (lm_interactive_pwd)
memcpy(lm_pwd, lm_interactive_pwd, sizeof(lm_pwd));
@@ -867,6 +866,33 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
*found_username = talloc_strdup(mem_ctx,
pdb_get_username(sam_acct));
+ /*
+ * If the SID from lookup_name() was the guest sid, passdb knows
+ * about the mapping of guest sid to lp_guestaccount()
+ * username and will return the unix_pw info for a guest
+ * user. Use it if it's there, else lookup the *uid details
+ * using getpwnam_alloc(). See bug #6291 for details. JRA.
+ */
+
+ /* We must always assign the *uid. */
+ if (sam_acct->unix_pw == NULL) {
+ struct passwd *pwd = getpwnam_alloc(sam_acct, *found_username );
+ if (!pwd) {
+ DEBUG(10, ("getpwnam_alloc failed for %s\n",
+ *found_username));
+ result = NT_STATUS_NO_SUCH_USER;
+ goto done;
+ }
+ result = samu_set_unix(sam_acct, pwd );
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(10, ("samu_set_unix failed for %s\n",
+ *found_username));
+ result = NT_STATUS_NO_SUCH_USER;
+ goto done;
+ }
+ }
+ *uid = sam_acct->unix_pw->pw_uid;
+
} else if (sid_check_is_in_unix_users(&user_sid)) {
/* This is a unix user not in passdb. We need to ask nss
@@ -883,8 +909,9 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
unix_user:
if (!sid_to_uid(&user_sid, uid)) {
- DEBUG(1, ("sid_to_uid for %s (%s) failed\n",
+ DEBUG(1, ("unix_user case, sid_to_uid for %s (%s) failed\n",
username, sid_string_dbg(&user_sid)));
+ result = NT_STATUS_NO_SUCH_USER;
goto done;
}
@@ -937,6 +964,14 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
uint32 dummy;
+ /* We must always assign the *uid. */
+ if (!sid_to_uid(&user_sid, uid)) {
+ DEBUG(1, ("winbindd case, sid_to_uid for %s (%s) failed\n",
+ username, sid_string_dbg(&user_sid)));
+ result = NT_STATUS_NO_SUCH_USER;
+ goto done;
+ }
+
num_group_sids = 1;
group_sids = TALLOC_ARRAY(tmp_ctx, DOM_SID, num_group_sids);
if (group_sids == NULL) {
diff --git a/source/configure.in b/source/configure.in
index 257d2ad..dce60bc 100644
--- a/source/configure.in
+++ b/source/configure.in
@@ -127,7 +127,7 @@ fi
if test "x$debug" = "xyes" ; then
CFLAGS="${CFLAGS} -g"
else
- CFLAGS="-O"
+ CFLAGS="${CFLAGS} -O"
fi
CFLAGS="${CFLAGS} -D_SAMBA_BUILD_=3"
diff --git a/source/groupdb/mapping_ldb.c b/source/groupdb/mapping_ldb.c
index 68e5b4c..a69d306 100644
--- a/source/groupdb/mapping_ldb.c
+++ b/source/groupdb/mapping_ldb.c
@@ -222,8 +222,11 @@ static bool get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map)
if (dn == NULL) goto failed;
ret = ldb_search(ldb, dn, LDB_SCOPE_BASE, NULL, NULL, &res);
+ if (ret != LDB_SUCCESS) {
+ goto failed;
+ }
talloc_steal(dn, res);
- if (ret != LDB_SUCCESS || res->count != 1) {
+ if (res->count != 1) {
goto failed;
}
@@ -251,8 +254,13 @@ static bool get_group_map_from_gid(gid_t gid, GROUP_MAP *map)
if (expr == NULL) goto failed;
ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, expr, NULL, &res);
+ if (ret != LDB_SUCCESS) {
+ goto failed;
+ }
talloc_steal(expr, res);
- if (ret != LDB_SUCCESS || res->count != 1) goto failed;
+ if (res->count != 1) {
+ goto failed;
+ }
if (!msg_to_group_map(res->msgs[0], map)) goto failed;
--
Samba Shared Repository
More information about the samba-cvs
mailing list