[SCM] Samba Shared Repository - branch v3-3-stable updated -
release-3-3-4-53-gfd0ace3
Karolin Seeger
kseeger at samba.org
Wed Jun 10 15:18:18 GMT 2009
The branch, v3-3-stable has been updated
via fd0ace368cb4dc0b127a25509790baed2800febd (commit)
via b4dd5da566961ffd882c5dde9c5046dbedd612f7 (commit)
via bc4eb159fe3b1e026b15c9f350ef73725c001f95 (commit)
via 44198ca1cb068edbb211c046041a968e137c4eb5 (commit)
via 07e370863b4b2120c087c14e4f9e60b791113752 (commit)
via eccef1279ccf453e6da479f4279ed7641cda2e10 (commit)
via 0baedc8882d72cfe526f5f22ef3a3f53c172f918 (commit)
via ee2b661c5e153dbaf521586ff30a78ca137e9d5d (commit)
via b87e38d8b24c4667fc6ebb1330eccbcba25170e4 (commit)
via af8d402abcf0a4c473a0b553b23ec4939213ce52 (commit)
via 0d35aa29f97ac089c359e376901923a968b02658 (commit)
via 624595e80368f9aa9d530ab06d07f9b82dc8d42c (commit)
via 25b957aea1f7fddb4bdefc70a478e6306a633009 (commit)
via 90a0afc55dce0f9423311c3dcbbef99ac96caccc (commit)
via 560b7fdc27c3e07deb5614f86d1c11791ce254f1 (commit)
via 5c7435bb525fa879b40f009dbb7cb400b41754be (commit)
via 5269347361df10f67309951cbcb2403b28de66b9 (commit)
via cf8612684256f9726c9a1318d306985bc506f9e9 (commit)
via 8c1bc861a8482694935042e69449e02cc0ab4b25 (commit)
via 6ac88a21c006ea2754debaf75c41d3fb9d074d6c (commit)
via 0623d39cebf08a6bbd6f08631e7f07e2be2cae7e (commit)
via 4145a5e768d065a122d1a211bcca576244de4b50 (commit)
via da736a3d737b85a7825a2cc458b42c6ba898dad1 (commit)
via 8ede134655c0feec135d84751d62d75f67a06c8a (commit)
via 19d8e97916c909a5685e5f8a8f6ef149f87d3ebc (commit)
via a2362fc0ea283099c51e84d76f0ab5e1c2d6e6dc (commit)
via a1ccafd259f642b3dfb901a320ba6f870e3551d8 (commit)
via 0aa81a080f898244b0385309b576cb6850f575cc (commit)
via b00c7c8c743ed4c25ae694aaaf2cfefd8910807c (commit)
via 50f9d7c1549dd7e1140e36f3649260cf4a88600c (commit)
via d2af5040a7021f0367d6befac74b7fd7cb341053 (commit)
via 6526d6716f6ec47af23091b816b5d25b633af1ea (commit)
via 5a40f4b0f63bb756f75690c6f2dc28b46bc1029d (commit)
via 3feda0e3b42d7f1314d167286d570e54c15f408e (commit)
via a693a1252d2b6106fba9eaf46b22d452cd3db923 (commit)
via 1a4f811a5625e137ea3cf18b7625a22ac56920b2 (commit)
via cd5678a200410a8e05dddc818c7b8e89de82781e (commit)
via d5c893adca73c02f72bec59d1c8958cef35f1b0d (commit)
via 54abecb5e09fd23f6a478cfdc719db4059f6b1e5 (commit)
via c2ac3a2cfd60853f6327f9e2258ee8ed41ff1077 (commit)
via 0f4a3a74e5b96fb23d66e86381e5aa27f541d969 (commit)
via 9e1086c34278bc1508f79c4d57085d92a3f6298c (commit)
via fe2369e6edc18c08f51c0f62e57684db36dcf528 (commit)
via 5ce20022af3d40fc590175a9d328ec0d4e08e145 (commit)
via 0840ff7b15f2dc21dbfbe07602613e2793d282db (commit)
via fa9acc0605f60964ebdd8156a0f51b5b5719b9f3 (commit)
via 73b7d7a9f513d4521b8f0b652eedd235f11a00d3 (commit)
via 2fdd309dbd1888798fe01cdb83be949d7e8769a4 (commit)
via 65d53ccb9ff2c53061fb2f210d21849577a8317b (commit)
via 8d35c3fe579ab6407b4396a1a7a5c88b3963dc15 (commit)
via bc004338a07e93ec5b3ad4e999209cae6af1f153 (commit)
via adfbd8fce81ec1a8f802a13fbb31dea7c71203ec (commit)
via bb76c47f95d43a798b0c22b109dd10507be92164 (commit)
from 496c17067753943f3ffe26242ac0abc24ffeb1dc (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-stable
- Log -----------------------------------------------------------------
commit fd0ace368cb4dc0b127a25509790baed2800febd
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed Jun 10 17:16:42 2009 +0200
WHATSNEW: Update changes since 3.3.4.
Karolin
(cherry picked from commit 95550d2e69848089172c00798b9b50ea4e56dd48)
commit b4dd5da566961ffd882c5dde9c5046dbedd612f7
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed Jun 10 08:39:35 2009 +0200
s3/docs: Fix typos.
Fix typos reported by OPC oota <t-oota [at] dh.jp.nec.com>.
Thanks!
Karolin
(cherry picked from commit ad0d8032068fc9b920e205d3f5f923174101d777)
(cherry picked from commit b7d54f443ade79d3f2b71aa138fd5254754bb750)
(cherry picked from commit cec179962a833771b9fdba3ba747b571ef27ace6)
commit bc4eb159fe3b1e026b15c9f350ef73725c001f95
Author: Volker Lendecke <vl at samba.org>
Date: Mon Jun 8 10:05:11 2009 +0200
Further fix for 6449
Thanks to TAKAHASHI Motonobu <monyo at samba.gr.jp> for reporting!
(cherry picked from commit aa03326fe523e9bc85e6db276f94e9d04aaf009d)
commit 44198ca1cb068edbb211c046041a968e137c4eb5
Author: Volker Lendecke <vl at samba.org>
Date: Mon Jun 8 09:45:21 2009 +0200
Fix bug 6449
Thanks to TAKAHASHI Motonobu <monyo at samba.gr.jp> for reporting!
(cherry picked from commit a956e36ceb22072cd4ea755ce9b4457896af4b14)
commit 07e370863b4b2120c087c14e4f9e60b791113752
Author: Volker Lendecke <vl at samba.org>
Date: Sat Jun 6 21:43:53 2009 +0200
Fix bug 6441 -- fix the compile with --enable-dnssd
The server side of dnssd has been replaced with native avahi support. The code
is only left in in case some OS/X fan wants to revive it, and the client-side
has not been converted yet.
Fix the build of the server side by removing the #ifdef
(cherry picked from commit 8b8336a115b73eb99cd1f9a8d1286df713ec53c3)
commit eccef1279ccf453e6da479f4279ed7641cda2e10
Author: Karolin Seeger <kseeger at samba.org>
Date: Sat Jun 6 15:56:47 2009 +0200
s3/docs: Fix example.
The 'ldap suffix' is not added automatically to the 'ldap admin dn'.
This fixes bug #5584.
Thanks to Stefan Bauer <stefan.bauer [at] plzk.de> for reporting!
Karolin
(cherry picked from commit 0fee798552038b730b0107540d6cfeb475803555)
(cherry picked from commit 629e7aa91a33a5428676d8f6eeac19ea9fec14d6)
(cherry picked from commit 01acd8d9277362ae3c0e92963f66e7af3202b84d)
commit 0baedc8882d72cfe526f5f22ef3a3f53c172f918
Author: Volker Lendecke <vl at samba.org>
Date: Thu Mar 12 17:23:17 2009 +0100
Fix bug 6157
This patch picks the alphabetically smallest one of the multi-value attribute
"uid". This fixes a regression against 3.0 and also becomes deterministic.
(cherry picked from commit 47333fc8785457239a499a298536664f152b681d)
commit ee2b661c5e153dbaf521586ff30a78ca137e9d5d
Author: Karolin Seeger <kseeger at samba.org>
Date: Sat Jun 6 15:10:08 2009 +0200
s3/passdb: Fix debug message: 'net setmaxrid' does not exist.
This is aiming bug #6351.
Karolin
(cherry picked from commit c94d1cd7b1dc3ff99ae5a1eb9058ed6015fb9749)
(cherry picked from commit 11ed212591d612632fcb47f1eac10507b89ffdec)
commit b87e38d8b24c4667fc6ebb1330eccbcba25170e4
Author: Günther Deschner <gd at samba.org>
Date: Mon May 25 14:05:18 2009 +0200
s3-samr: Fix Bug #6372, usermanager only displaying 1024 groups and aliases.
This is now also verified with the RPC-SAMR-LARGE-DC test.
Guenther
(cherry picked from commit fca7dce1a908570e463ddcbd663955fcafd1d843)
(cherry picked from commit f3bf1eebe1cb74aa9ed2d00b823c90c6ed743980)
commit af8d402abcf0a4c473a0b553b23ec4939213ce52
Author: Karolin Seeger <kseeger at samba.org>
Date: Fri Jun 5 15:35:05 2009 +0200
s3/docs: Fix typo.
Karolin
(cherry picked from commit 613c8acbdd93210b40ec6fa48cbbf297a061b3cc)
(cherry picked from commit c84f1c7ac9da7e26f28cb233efe45614f0cedea3)
(cherry picked from commit 8878670414bd2607ad238b4fb61a109d5f430538)
commit 0d35aa29f97ac089c359e376901923a968b02658
Author: Jeremy Allison <jra at samba.org>
Date: Sat May 30 11:30:16 2009 +0200
Simplify the dropbox patch
(cherry picked from commit f9ea09b61a46136fc55314e2e1cd2e9cfb362802)
commit 624595e80368f9aa9d530ab06d07f9b82dc8d42c
Author: Volker Lendecke <vl at>
Date: Wed May 13 15:46:35 2009 +0200
Re-Add the "dropbox" functionality with -wx rights on a directory
(cherry picked from commit f586b209b0216150f07bcc998c0d57e0d179b8ee)
commit 25b957aea1f7fddb4bdefc70a478e6306a633009
Author: Karolin Seeger <kseeger at samba.org>
Date: Fri May 29 09:49:49 2009 +0200
s3/docs: Fix typo.
This fixes bug #4341.
Thanks to Michael Cartmell <michael.cartmell [at] thomson.com> for reporting!
Karolin
(cherry picked from commit 2228cc6a0f942b774bef7fb0b99009897fa4dff4)
(cherry picked from commit e1b1f14e0260395a8d452ea0a129bcc9bb3f98cc)
(cherry picked from commit de156e6ee292ad7fc683d681d7c4b44edba67626)
commit 90a0afc55dce0f9423311c3dcbbef99ac96caccc
Author: Michael Adam <obnox at samba.org>
Date: Wed May 27 19:12:28 2009 +0200
s3:idmap_tdb: filter out of range mappings in default idmap config
This fixes bug #6415
Michael
(cherry picked from commit 3d3f39838261ddc401053dadcc5bd8e6317a3a8e)
(cherry picked from commit 307c73ce8bc29803230c22e3f8abd579c5d90ba2)
commit 560b7fdc27c3e07deb5614f86d1c11791ce254f1
Author: Michael Adam <obnox at samba.org>
Date: Wed May 27 19:25:44 2009 +0200
s3:idmap_ldap: filter out of range mappings in default idmap config
This fixes bug #6417
Michael
(cherry picked from commit e381c13b023f2b512b3f6aec133db9f323bc8132)
(cherry picked from commit 06cab60eb0ba966174f493fcbe25bede0c5d2125)
commit 5c7435bb525fa879b40f009dbb7cb400b41754be
Author: Michael Adam <obnox at samba.org>
Date: Wed May 27 19:24:03 2009 +0200
s3:idmap_tdb2: filter out of range mappings in default idmap config
This fixes bug #6416
Michael
(cherry picked from commit e12670a1053edf57af137026bd3fdb9fc7dfb0b2)
(cherry picked from commit a74cb0ca04d61df6f01f3d737e52a8b7349d5a73)
commit 5269347361df10f67309951cbcb2403b28de66b9
Author: Marc VanHeyningen <marc.vanheyningen at isilon.com>
Date: Tue May 5 22:07:40 2009 +0000
s3: zero an uninitialized array
Invalid pointers were being dereferenced in lookup_sids causing
occasional seg faults.
Signed-off-by: Tim Prouty <tprouty at samba.org>
(cherry picked from commit 34ca12c9396f7c8475cd1525bdbc40021b0e533f)
commit cf8612684256f9726c9a1318d306985bc506f9e9
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed May 27 18:10:49 2009 +0200
s3/docs: Correct version number.
Karolin
(cherry picked from commit 7e4682d0b54ba85c7366e7232b148a594718f7cf)
commit 8c1bc861a8482694935042e69449e02cc0ab4b25
Author: Volker Lendecke <vl at samba.org>
Date: Sun May 24 18:57:13 2009 +0200
Fix a race condition in winbind leading to a panic
In winbind, we do multiple events in one select round. This needs fixing, but
as long as we're still using it, for efficiency reasons we need to do that.
What can happen is the following: We have outgoing data pending for a client,
thus
state->fd_event.flags == EVENT_FD_WRITE
Now a new client comes in, we go through the list of clients to find an idle
one. The detection for idle clients in remove_idle_client does not take the
pending data into account. We close the socket that has pending outgoing data,
the accept(2) one syscall later gives us the same socket.
In new_connection(), we do a setup_async_read, setting up a read fde. The
select from before however had found the socket (that we had already closed!!)
to be writable. In rw_callback we only want to see a readable flag, and we
panic in the SMB_ASSERT(flags == EVENT_FD_READ).
Found using
bin/smbtorture //127.0.0.1/tmp -U% -N 500 -o 2 local-wbclient
Volker
(commit 68c5c6df in master)
(cherry picked from commit c9df9c68da21610d9c32a57e24f45d36ebe432c5)
commit 6ac88a21c006ea2754debaf75c41d3fb9d074d6c
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon May 25 10:50:23 2009 +0200
s3/docs: Fix typos.
Thanks to Oota Toshiya <t-oota at dh.jp.nec.com> for reporting!
Karolin
(cherry picked from commit f3df38362cc15211d9fca8229a0f9d9fc9c8e481)
(cherry picked from commit 7434898b10a5c5780bd015b7bdca3eaa7a2b5475)
commit 0623d39cebf08a6bbd6f08631e7f07e2be2cae7e
Author: Volker Lendecke <vl at samba.org>
Date: Wed May 20 17:45:47 2009 +0200
Fix bug 6382: Case insensitive access to DFS links broken
(cherry picked from commit fda54237e8a4a87086a670499273c1402d1cd02b)
commit 4145a5e768d065a122d1a211bcca576244de4b50
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue May 19 13:42:16 2009 +0200
s3/docs: Fix shutdown script example.
This fixes bug #5897. Thanks to TAKAHASHI Motonobu
<monyo [at] samba.gr.jp> for reporting and providing the example!
Karolin
(cherry picked from commit f741b90ee8f74077871a0b5d1df55c0dd34a313f)
(cherry picked from commit 1653bbf50b02e4f4dc2f01c5dab32c1cc4894582)
commit da736a3d737b85a7825a2cc458b42c6ba898dad1
Author: Jeremy Allison <jra at samba.org>
Date: Thu May 7 12:53:31 2009 -0700
s3-auth: use full 16byte session key in make_user_info_netlogon_interactive().
Patch from Jeremy.
With this patch, I was able to join Windows 7 RC to a Samba3 DC, and login into a
Samba 3 Domain.
There are still two registry settings required:
HKLM\System\CCS\Services\LanmanWorkstation\Parameters
DWORD DomainCompatibilityMode = 1
DWORD DNSNameResolutionRequired = 0
Do *not* modify the other netlogon registry parameters that were passed around,
they weaken security.
Guenther / Jeremy.
(cherry picked from commit 0da133101ab149b074ab369d819fc48b7c95bf71)
commit 8ede134655c0feec135d84751d62d75f67a06c8a
Author: Guenther Deschner <gd at samba.org>
Date: Thu May 7 12:53:00 2009 -0700
s3-credentials: protect netlogon_creds_server_step() against NULL creds.
Found by SCHANNEL torture tests.
Guenther
(cherry picked from commit 339b99e31577d8a522711f84bc7d94e88c75d334)
commit 19d8e97916c909a5685e5f8a8f6ef149f87d3ebc
Author: Jeremy Allison <jra at samba.org>
Date: Thu May 7 12:52:35 2009 -0700
After getting confirmation from Guenther, add 3 changes we'll ultimately need to fix bug #6099 Samba returns incurrate capabilities list. 1). Add a comment to point out that r->in.negotiate_flags is an aliased pointer to r->out.negotiate_flags. 2). Ensure we return NETLOGON_NEG_STRONG_KEYS in our flags return if the client requested it. 3). Clean up the error exits so we always return the same way. Signed off by Guenther. Jeremy.
(cherry picked from commit 41f9e61d7c8c106a98792e9009bbecf5edfcebe9)
commit a2362fc0ea283099c51e84d76f0ab5e1c2d6e6dc
Author: Guenther Deschner <gd at samba.org>
Date: Thu May 7 12:52:10 2009 -0700
s3-netlogon: Fix NETLOGON credential chain. Fixes Bug #6099 (Windows 7 joining Samba3) and probably many, many more.
Jeremy, with 9a5d5cc1db0ee60486f932e34cd7961b90c70a56 you alter the in negotiate
flags (which are a pointer to the out negotiate flags assigned in the generated
netlogon server code). So, while you wanted to just set the *out* negflags, you
did in fact reset the *in* negflags, effectively eliminating the
NETLOGON_NEG_STRONG_KEYS bit (formerly known as NETLOGON_NEG_128BIT) which then
caused creds_server_init() to generate 64bit creds instead of 128bit, causing
the whole chain to break. *Please* check.
Guenther
(cherry picked from commit 1f05472b9a27861f8e4b9b60410890b920f9d359)
commit a1ccafd259f642b3dfb901a320ba6f870e3551d8
Author: Volker Lendecke <vl at samba.org>
Date: Fri May 15 21:02:08 2009 +0200
Fix bug 6361: Make --rcfile work in smbget
Thanks to j scott <gl at arlut.utexas.edu> for reporting!
(cherry picked from commit 2238f7eede55fe780630df70b712fad7ebc95c76)
commit 0aa81a080f898244b0385309b576cb6850f575cc
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 15 13:01:09 2009 +0200
Do not use the file system GET_REAL_FILENAME for mangled names
(cherry picked from commit 5ed457f984c093642afde854715b3792524e0798)
commit b00c7c8c743ed4c25ae694aaaf2cfefd8910807c
Author: Karolin Seeger <kseeger at samba.org>
Date: Fri May 15 15:25:30 2009 +0200
Revert "Do not use the file system GET_REAL_FILENAME for mangled names"
This reverts commit 5a5dcd125fe236ddd93a6e56ae361fc84e306185.
(cherry picked from commit 79003837947882c4a62490c0eff7984f7c343807)
commit 50f9d7c1549dd7e1140e36f3649260cf4a88600c
Author: Björn Jacke <bj at sernet.de>
Date: Thu May 7 17:50:34 2009 +0200
s3/ldap: also handle DirX return codes
this is a backport of f238809d236443b8968e1b4b197a55935c7c7e85 from master
(cherry picked from commit 1b040289f14bb22d3b6ab07a452236549d6c9bf6)
commit d2af5040a7021f0367d6befac74b7fd7cb341053
Author: Michael Adam <obnox at samba.org>
Date: Wed May 6 02:08:33 2009 +0200
s3:loadparm: handle registry config source in file_list - fixes bug #6320
I.e. does not require smbd restart after changing share default options
in the global registry section with "include = registry".
Michael
This was commit 4842e45d59 in master.
(cherry picked from commit a72e409bd1b9a9d91bd7311417d7175a64aa39b0)
commit 6526d6716f6ec47af23091b816b5d25b633af1ea
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri May 8 14:33:49 2009 +0200
s3:smbd: fix posix acls when setting an ACL without explicit ACE for the owner (bug#2346)
The problem of bug #2346 remains for users exported by
winbindd, because create_token_from_username() just fakes
the token when the user is not in the local sam domain. This causes
user_in_group_sid() to give totally wrong results.
In uid_entry_in_group() we need to check if we already
have the full unix token in the current_user struct.
If so we should use the current_user unix token,
instead of doing a very complex user_in_group_sid()
which doesn't give reliable results anyway.
metze
(cherry picked from commit b79eff843be392f3065e912edca1434081d93c44)
(cherry picked from commit cb5c72c0a05a78ff1b86eb02cf5ecd3d7d69623d)
commit 5a40f4b0f63bb756f75690c6f2dc28b46bc1029d
Author: Jeremy Allison <jra at samba.org>
Date: Fri May 8 11:31:34 2009 -0700
Fix bug #6330 - DFS doesn't work on AIX. Jeremy.
This was commit 3d6f4a7af in master.
(cherry picked from commit c66b3807a356655d1d4e351502cad939f4d1d101)
commit 3feda0e3b42d7f1314d167286d570e54c15f408e
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed May 13 10:07:56 2009 +0200
s3/packaging: Fix build on RHEL when ccache is not available.
This fixes bug #5832.
Patch was provided by D.L. Meyer <dlmeyer [at] uiuc.edu>.
Thanks for reporting and providing the patch!
Karolin
(cherry picked from commit 42e0cb8c0a1b8470ac8e9ad1c5a741e299debb8f)
(cherry picked from commit b2205a7697598729f85cb767621b8c610654053c)
commit a693a1252d2b6106fba9eaf46b22d452cd3db923
Author: Volker Lendecke <vl at samba.org>
Date: Wed May 6 12:00:49 2009 +0200
Fix Coverity ID 897: REVERSE_INULL
(cherry picked from commit a0e9521b306a7e83d09de4616a66b49d259f0bbc)
commit 1a4f811a5625e137ea3cf18b7625a22ac56920b2
Author: Jeremy Allison <jra at samba.org>
Date: Tue Apr 28 11:07:51 2009 -0700
Fix bug #6291 - force user stop working. A previous fix broke the invariant that *uid is always initialized on return from create_token_from_username(). Restore it. Jeremy.
(cherry picked from commit 09b76c57098ed4d11855000ae31cd346cb9a765d)
commit cd5678a200410a8e05dddc818c7b8e89de82781e
Author: Günther Deschner <gd at samba.org>
Date: Thu Apr 30 23:37:26 2009 +0200
s3-netapi: Fix Bug #6309: support remote unjoining of Windows 2003 or greater.
Found by David Markey <admin at dmarkey.com>. Thanks!
Guenther
(cherry picked from commit ab4b8c9c0438bc5afca17e3ebf05dde6f98bc0aa)
(cherry picked from commit 242ae00e56ac553f9ac736b4c2a18b4610bdb6e9)
commit d5c893adca73c02f72bec59d1c8958cef35f1b0d
Author: Volker Lendecke <vl at samba.org>
Date: Thu May 7 10:09:32 2009 +0200
Fix bug 6336: "net groupmap set" segfaults
(cherry picked from commit f97e37d0130752dded728a29f5b1024ca19a0733)
commit 54abecb5e09fd23f6a478cfdc719db4059f6b1e5
Author: Jeremy Allison <jra at samba.org>
Date: Mon May 4 08:31:40 2009 -0700
Fix bug #6315 smbd crashes doing vfs_full_audit on IPC$ close event. The underlying problem is that once SMBulogoff is called, all server_info contexts associated with the vuid should become invalid, even if that's the context being currently used by the connection struct (tid). When the SMBtdis comes in it doesn't need a valid vuid value, but the code called inside vfs_full_audit always assumes that there is one (and hence a valid conn->server_info pointer) available.
This is actually a bug inside the vfs_full_audit and other code inside Samba,
which should only indirect conn->server_info on calls which require AS_USER to
be set in our process table. I could fix all these issues, but there's no
guarentee that someone might not add more code that fails this assumption, as
it's a hard assumption to break (it's usually true).
So what I've done is to ensure that on SMBulogoff the previously used
conn->server_info struct is kept around to be used for print debugging purposes
(it won't be used to change to an invalid user context, as such calls need
AS_USER set). This isn't strictly correct, as there's no association with the
(now invalid) context being freed and the call that causes conn->server_info to
be indirected, but it's good enough for most cases.
The hard part was to ensure that once a valid context is used again (via new
sessionsetupX calls, or new calls on a still valid vuid on this tid) that we
don't leak memory by simply replacing the stored conn->server_info pointer. We
would never actually leak the memory (as all conn->server_info pointers are
talloc children of conn), but with the previous patch a malicious client could
cause many server_info structs to be talloced by the right combination of SMB
calls. This new patch introduces free_conn_server_info_if_unused(), which
protects against the above.
Jeremy.
This was commit e46a88ce35e1aba9d9a344773bc97a9f3f2bd616 in master.
(cherry picked from commit 146d007e70351532431b739f1264615111044768)
commit c2ac3a2cfd60853f6327f9e2258ee8ed41ff1077
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed May 6 16:06:59 2009 +0200
s3/docs: Remove unnecessary .sp.
Karolin
(cherry picked from commit 4a4dc776b2f0ca813abcf4f47f0d5721f75f3e6a)
(cherry picked from commit 6a617a9677da9df8f70cf2039245cfb5ce3d94c3)
(cherry picked from commit 8c5771422bf25dba0638c3419ac14f0841b94293)
commit 0f4a3a74e5b96fb23d66e86381e5aa27f541d969
Author: Günther Deschner <gd at samba.org>
Date: Wed May 6 15:43:23 2009 +0200
s3-docs: Fix Bug #6331. Document "net dom join/net dom unjoin".
Guenther
(cherry picked from commit e398f1e91575909d2a90fab1e6f00804815a0b2f)
(cherry picked from commit e19dddb2b438b75dcd995aaa763fcbe55d7de5cc)
commit 9e1086c34278bc1508f79c4d57085d92a3f6298c
Author: Volker Lendecke <vl at samba.org>
Date: Mon May 4 14:39:56 2009 +0200
Do not crash in ctdbd_traverse if ctdbd is not around
(cherry picked from commit e5f0f6b7fb428e4cc8e5e782a0038a847d74edcc)
commit fe2369e6edc18c08f51c0f62e57684db36dcf528
Author: Volker Lendecke <vl at samba.org>
Date: Mon May 4 12:36:13 2009 +0200
3.3: Increase debug level of "create_connection_server_info failed" message
I don't think we should unconditionally send every refused connection attempt
to a share to syslog, that's where all debug level 0 messages end up.
(cherry picked from commit 65fe7c42c6c229a99b7cffc0515fc7a1ed30c43c)
commit 5ce20022af3d40fc590175a9d328ec0d4e08e145
Author: Michael Adam <obnox at samba.org>
Date: Tue May 5 17:02:46 2009 +0200
s3:mark registry shares without path unavailable in the server, too
This prevents users from getting access to "/" in misconfigured setups.
Michael
(cherry picked from commit 1921d77fa2490bd19aded05924a62795641231ea)
commit 0840ff7b15f2dc21dbfbe07602613e2793d282db
Author: Michael Adam <obnox at samba.org>
Date: Tue Apr 28 01:24:27 2009 +0200
s3:loadparm: mark registry shares without path unavailable
...just as with text config.
This applies to testparm and friends.
smbd is fixed in a second patch.
Michael
(cherry picked from commit 1d345210381b1f543c2ccaa6e66f52532916413e)
commit fa9acc0605f60964ebdd8156a0f51b5b5719b9f3
Author: Michael Adam <obnox at samba.org>
Date: Mon Apr 27 18:10:14 2009 +0200
s3:loadparm: prevent infinite include nesting.
This introduces a hard coded MAX_INCLUDE_DEPTH of 100.
When this is exceeded, handle_include (and hence lp_load) fails.
One could of course implement a more intelligent loop detection
in the include-tree, but this would require some restructuring
of the internal loadparm housekeeping. Maybe as a second improvement
step.
Michael
(cherry picked from commit a100a9c48d73df69851099e15253a65f2dbc9f65)
commit 73b7d7a9f513d4521b8f0b652eedd235f11a00d3
Author: Björn Jacke <bj at sernet.de>
Date: Sun Mar 8 12:54:04 2009 +0100
to be portable, use options first, arguments last
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 02368626a273368a3b731d2b413e90d91ed15c5c)
commit 2fdd309dbd1888798fe01cdb83be949d7e8769a4
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon May 4 15:54:34 2009 +0200
s3/packaging: Add keyutils-devel to build requires.
This should fiy bug #5853. Thanks to D.L. Meyer <dlmeyer [at] uiuc.edu>
for reporting.
Karolin
(cherry picked from commit d8de7e3193143ec50d86adc704123ca240a8f549)
(cherry picked from commit c89c2db8c51bd3cede2e2e8fb58214971eda4129)
commit 65d53ccb9ff2c53061fb2f210d21849577a8317b
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon May 4 15:17:30 2009 +0200
s3/docs: Fix typo.
Karolin
(cherry picked from commit c2eb0d87a2436614741119ebd14fda05b42a2ddd)
(cherry picked from commit 98c238a54dbe3e64262252a9fb38b382c53c1bcf)
commit 8d35c3fe579ab6407b4396a1a7a5c88b3963dc15
Author: Günther Deschner <gd at samba.org>
Date: Wed Apr 29 01:55:09 2009 +0200
3.3 samr bug 6301: fix samr_ConnectVersion enum which is 32bit not 16bit.
Port of 67ca76c288eb095ae to 3.3
Signed-off-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 151042f5b348c6eb7bcc702193fb046305630116)
commit bc004338a07e93ec5b3ad4e999209cae6af1f153
Author: Karolin Seeger <kseeger at samba.org>
Date: Sun May 3 09:55:46 2009 +0200
s3/docs: Fix typos.
That fixes bug #4247. Thanks to David McNeill <davemc [at] mcpond.co.nz>
for reporting!
Karolin
(cherry picked from commit eaf949947c2eb03363c4b6f588f87b70110d6ff7)
(cherry picked from commit cea79d1fbf44b0d5bff5aa12962fb3d3cb61c367)
(cherry picked from commit 226620d0ed221da983b4f662fcef14906588f1bd)
commit adfbd8fce81ec1a8f802a13fbb31dea7c71203ec
Author: Karolin Seeger <kseeger at samba.org>
Date: Sun May 3 09:35:55 2009 +0200
s3/docs: Fix typo.
This fixes bug #4245. Thanks to David McNeill <davemc [at] mcpond.co.nz>
for reporting!
Karolin
(cherry picked from commit 579c91581f5b6d5341a12923fe6cde377223caff)
(cherry picked from commit 49caab4044e47236594c6688f202aed555b9da61)
(cherry picked from commit 139f95c85f96e7ccba024283608f9ee5990f6676)
commit bb76c47f95d43a798b0c22b109dd10507be92164
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed Apr 29 14:12:01 2009 +0200
s3/docs: Fix serveral typos.
This fixes bug #4315.
Thanks to Felipe Augusto van de Wiel <faw [at] cathedrallabs [dot] org>!
Karolin
(cherry picked from commit 3422b9c546cdd262bd747e1e737c2b6479b4d21e)
(cherry picked from commit 3da62734fffa99cde1084beeb69e94a7bc623dde)
(cherry picked from commit b487a48c876fcaf88ec3fb4b05bacdd9b0bd8cd0)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 92 ++++++++++--------
.../Samba3-ByExample/SBE-KerberosFastStart.xml | 4 +-
docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml | 4 +-
docs-xml/Samba3-HOWTO/TOSHARG-Install.xml | 17 ++--
docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml | 6 +-
docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml | 10 +-
docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml | 2 +-
docs-xml/Samba3-HOWTO/TOSHARG-foreword-cargill.xml | 2 +-
docs-xml/Samba3-HOWTO/index.xml | 2 +-
docs-xml/manpages-3/net.8.xml | 82 ++++++++++++++++
docs-xml/smbdotconf/logon/shutdownscript.xml | 9 +-
docs-xml/smbdotconf/protocol/unixextensions.xml | 4 +-
packaging/RHEL/samba.spec.tmpl | 5 +-
source/auth/auth_util.c | 41 +++++++-
source/configure.in | 10 ++
source/include/ntdomain.h | 2 +-
source/include/smbldap.h | 3 +
source/lib/ctdbd_conn.c | 5 +
.../examples/netdomjoin-gui/netdomjoin-gui.c | 3 +-
source/lib/smbldap.c | 56 +++++++++++
source/librpc/gen_ndr/ndr_samr.c | 6 +-
source/librpc/idl/samr.idl | 2 +-
source/libsmb/credentials.c | 4 +
source/locking/locking.c | 2 +-
source/param/loadparm.c | 102 +++++++++++++-------
source/passdb/lookup_sid.c | 5 +-
source/passdb/pdb_interface.c | 4 +-
source/passdb/pdb_ldap.c | 4 +-
source/rpc_server/srv_netlog_nt.c | 34 +++++--
source/rpc_server/srv_samr_nt.c | 12 +++
source/script/installmo.sh | 2 +-
source/smbd/filename.c | 55 +++++++++--
source/smbd/msdfs.c | 6 +
source/smbd/posix_acls.c | 21 ++++-
source/smbd/server.c | 4 -
source/smbd/service.c | 6 +-
source/smbd/uid.c | 47 +++++++++-
source/utils/net_dom.c | 3 +-
source/utils/net_groupmap.c | 6 +-
source/utils/net_rap.c | 4 +-
source/utils/smbget.c | 2 +-
source/winbindd/idmap_ldap.c | 71 +++++++++++---
source/winbindd/idmap_tdb.c | 73 +++++++++++---
source/winbindd/idmap_tdb2.c | 61 ++++++++++---
source/winbindd/winbindd.c | 1 +
tests/readlink.c | 33 +++++++
46 files changed, 726 insertions(+), 203 deletions(-)
mode change 100755 => 100644 source/script/installmo.sh
create mode 100644 tests/readlink.c
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index ec9eee2..bbfb367 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,16 +1,17 @@
=============================
- Release Notes for Samba 3.3.4
- April, 29 2009
+ Release Notes for Samba 3.3.5
+ June, 16 2009
=============================
This is the latest bugfix release of the Samba 3.3 series.
-Major enhancements in Samba 3.3.4 include:
+Major enhancements in Samba 3.3.5 include:
- o Fix domain logins for WinXP clients pre SP3 (bug #6263).
- o Fix samr_OpenDomain access checks (bug #6089).
- o Fix usrmgr.exe creating a user (bug #6243).
+ o Fix posix acls when setting an ACL without explicit ACE for the
+ owner (bug #2346).
+ o Fix joining of Win7 into Samba domain (bug #6099).
+ o Fix joining of Win2000 SP4 clients (bug #6301).
######################################################################
@@ -18,61 +19,72 @@ Changes
#######
-Changes since 3.3.3:
+Changes since 3.3.4:
--------------------
o Michael Adam <obnox at samba.org>
- * net conf: Save share name as given, not as lower case only.
- * Prevent creation of registry keys containing the '/' character.
+ * BUG 6320: Handle registry config source in file_list.
+ * BUG 6415: Filter out of range mappings in default idmap config in
+ idmap_tdb.
+ * BUG 6416: Filter out of range mappings in default idmap config in
+ idmap_tdb2.
+ * BUG 6417: Filter out of range mappings in default idmap config in
+ idmap_ldap.
+ * Prevent infinite include nesting.
+ * Mark registry shares without path unavailable.
o Jeremy Allison <jra at samba.org>
- * BUG 6089: Fix samr_OpenDomain access checks.
- * BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with
- "msdfs root" set to "yes".
- * BUG 6279: Fix Winbind crash.
- * Allow pdbedit to change a user rid/sid.
- * When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid.
- * Don't access a freed structure when logging off and re-using a vuid.
+ * BUG 6099: Fix joining of Win7 into Samba domain.
+ * BUG 6315: smbd crashes doing vfs_full_audit on IPC$ close event.
+ * BUG 6330: Fix DFS on AIX.
-o Günther Deschner <gd at samba.org>
- * BUG 5329: Add "net rpc service delete/create".
- * BUG 6238: Make sure wbcLogoffUserParams are properly initialized before
- freed.
- * BUG 6263: Fix domain logins for WinXP clients pre SP3.
- * BUG 6286: Call init function for builtin idmap modules before probing for
- them as shared modules.
- * Try to to fix password_expired flag handling.
- * Make sure to grey out change fields in the netdomjoin-gui when not
- running as root.
+o Guenther Deschner <gd at samba.org>
+ * BUG 6099: Fix joining of Win7 into Samba domain.
+ * BUG 6157: Fix handling of multi-value attribute "uid".
+ * BUG 6301: Fix joining of Win2000 SP4 clients.
+ * BUG 6309: Support remote unjoining of Windows 2003 or greater.
+ * BUG 6372: Fix usermanager only displaying 1024 groups and aliases.
-o Jim McDonough <jmcd at samba.org>
- * Don't look up local user for remote changes, even when root.
+o Björn Jacke <bj at sernet.de>
+ * Also handle DirX return codes.
o Volker Lendecke <vl at samba.org>
- * BUG 6243: Fix usrmgr.exe creating a user.
- * Use procid_str in debug messages for better cluster-debuggability.
- * Use cluster-aware procid_is_me instead of comparing pids.
- * Fix smbd crash for close_on_completion.
- * Fix a memleak in an unlikely error path in change_notify_create().
- * Do not use the file system GET_REAL_FILENAME for mangled names.
+ * BUG 6336: Fix 'net groupmap set' segfault.
+ * BUG 6361: Make --rcfile work in smbget.
+ * BUG 6365: Re-Add the "dropbox" functionality with -wx rights on a
+ directory.
+ * BUG 6382: Fix case insensitive access to DFS links.
+ * BUG 6441: Fix the compile with --enable-dnssd.
+ * BUG 6449: 'net rap user add' crashes without -C option.
+ * Fix Coverity ID 897.
+ * Do not crash in ctdbd_traverse if ctdbd is not around.
+ * Fix a race condition in winbind leading to a panic.
+
+
+o TAKAHASHI Motonobu <monyo at samba.gr.jp>
+ * BUG 5897: Fix shutdown script example in the smb.conf manpage.
o Stefan Metzmacher <metze at samba.org>
- * Fix a crash bug if we timeout in net rpc trustdom list.
- * Add '--request-timeout' option to net.
+ * BUG 2346: Fix posix acls when setting an ACL without explicit ACE for the
+ owner.
+
+
+o D.L. Meyer <dlmeyer at uiuc.edu>
+ * BUG 5832: Fix build on RHEL when ccache is not available.
-o Martin Schwenke <martin at meltin.net>
- * In net_conf_import, start a transaction when importing a single share.
+o Karolin Seeger <kseeger at samba.org>
+ * BUG 5853: Add keyutils-devel to build requires to fix build on RHEL.
-o Simo Sorce <ssorce at redhat.com>
- * Fix writing of roaming profiles with "profile acls" set to "yes".
+o Marc VanHeyningen <marc.vanheyningen at isilon.com>
+ * Zero an uninitialized array.
######################################################################
diff --git a/docs-xml/Samba3-ByExample/SBE-KerberosFastStart.xml b/docs-xml/Samba3-ByExample/SBE-KerberosFastStart.xml
index b593eed..7f2ac4b 100644
--- a/docs-xml/Samba3-ByExample/SBE-KerberosFastStart.xml
+++ b/docs-xml/Samba3-ByExample/SBE-KerberosFastStart.xml
@@ -1368,8 +1368,10 @@
<orderedlist>
<listitem><para>
- A user opens a Work document from a network drive. The file was owned by user <constant>janetp</constant>
+ A user opens a Word document from a network drive. The file was owned by user <constant>janetp</constant>
and <group>users</group>, and was set read/write-enabled for everyone.
+ A user opens a Word document from a network drive. The file was owned by user <constant>janetp</constant>
+ and <constant>users</constant>, and was set read/write-enabled for everyone.
</para></listitem>
<listitem><para>
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml b/docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml
index ff25525..517bb0f 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml
@@ -1214,7 +1214,7 @@ userPassword: {SSHA}0jBHgQ1vp4EDX2rEMMfIudvRMJoGwjVb
<smbconfoption name="ldap user suffix">ou=People</smbconfoption>
<smbconfoption name="ldap group suffix">ou=People</smbconfoption>
<smbconfoption name="ldap idmap suffix">ou=People</smbconfoption>
-<smbconfoption name="ldap admin dn">cn=Manager</smbconfoption>
+<smbconfoption name="ldap admin dn">cn=Manager,dc=quenya,dc=org</smbconfoption>
<smbconfoption name="ldap ssl">no</smbconfoption>
<smbconfoption name="ldap passwd sync">Yes</smbconfoption>
<smbconfoption name="idmap uid">15000-20000</smbconfoption>
@@ -1281,7 +1281,7 @@ userPassword: {SSHA}0jBHgQ1vp4EDX2rEMMfIudvRMJoGwjVb
<smbconfoption name="ldap user suffix">ou=People</smbconfoption>
<smbconfoption name="ldap group suffix">ou=People</smbconfoption>
<smbconfoption name="ldap idmap suffix">ou=People</smbconfoption>
-<smbconfoption name="ldap admin dn">cn=Manager</smbconfoption>
+<smbconfoption name="ldap admin dn">cn=Manager,dc=quenya,dc=org</smbconfoption>
<smbconfoption name="ldap ssl">no</smbconfoption>
<smbconfoption name="ldap passwd sync">Yes</smbconfoption>
<smbconfoption name="idmap uid">15000-20000</smbconfoption>
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml
index 9894ed2..d13f6ee 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml
@@ -334,8 +334,8 @@
<variablelist>
<varlistentry><term>nmbd</term>
<listitem><para>
- <indexterm><primary>smbd</primary></indexterm>
- <indexterm><primary>starting samba</primary><secondary>smbd</secondary></indexterm>
+ <indexterm><primary>nmbd</primary></indexterm>
+ <indexterm><primary>starting samba</primary><secondary>nmbd</secondary></indexterm>
This daemon handles all name registration and resolution requests. It is the primary vehicle involved
in network browsing. It handles all UDP-based protocols. The <command>nmbd</command> daemon should
be the first command started as part of the Samba startup process.
@@ -344,8 +344,8 @@
<varlistentry><term>smbd</term>
<listitem><para>
- <indexterm><primary>nmbd</primary></indexterm>
- <indexterm><primary>starting samba</primary><secondary>nmbd</secondary></indexterm>
+ <indexterm><primary>smbd</primary></indexterm>
+ <indexterm><primary>starting samba</primary><secondary>smbd</secondary></indexterm>
This daemon handles all TCP/IP-based connection services for file- and print-based operations. It also
manages local authentication. It should be started immediately following the startup of <command>nmbd</command>.
</para></listitem>
@@ -467,7 +467,7 @@
and thus the need to keep this file small goes against good documentation wisdom. One solution that may
be adopted is to do all documentation and configuration in a file that has another name, such as
<filename>smb.conf.master</filename>. The <command>testparm</command> utility can be used to generate a
- fully optimized &smb.conf; file from this master configuration and documtenation file as shown here:
+ fully optimized &smb.conf; file from this master configuration and documentation file as shown here:
<screen>
&rootprompt; testparm -s smb.conf.master > smb.conf
</screen>
@@ -484,8 +484,7 @@
<para>
<indexterm><primary>swat</primary></indexterm>
SWAT is a Web-based interface that can be used to facilitate the configuration of Samba. SWAT might not
- be available in the Samba package that shipped with your platform, but in a separate package. If it is
- necesaary to built SWAT please read the SWAT man page regarding compilation, installation, and
+ be available in the Samba package that shipped with your platform, but in a separate package. If you need to build SWAT please read the SWAT man page regarding compilation, installation, and
configuration of SWAT from the source code.
</para>
@@ -498,10 +497,12 @@
<para>
SWAT can be used from a browser on any IP-connected machine, but be aware that connecting from a remote
- machine leaves your connection open to password sniffing because passwords will be sent over the wire in the clear.
+ machine leaves your connection open to password sniffing because passwords will be sent over the wire in the clear.
</para>
<para>
+ Please note that re-writing the configuration file using SWAT will
+ remove all comments!
More information about SWAT can be found in <link linkend="SWAT">The Samba Web Administration Tool</link>.
</para>
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml b/docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml
index d37edbe..451af57 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml
@@ -306,7 +306,7 @@ many SSO solutions are an administrative nightmare.
<indexterm><primary>SSO</primary></indexterm>
SSO implementations utilize centralization of all user account information. Depending on environmental
complexity and the age of the systems over which a SSO solution is implemented, it may not be possible to
-change the solution architecture so as to accomodate a new identity management and user authentication system.
+change the solution architecture so as to accommodate a new identity management and user authentication system.
Many SSO solutions involving legacy systems consist of a new super-structure that handles authentication on
behalf of the user. The software that gets layered over the old system may simply implement a proxy
authentication system. This means that the addition of SSO increases over-all information systems complexity.
@@ -375,8 +375,8 @@ that share live services. The Liberty Alliance, an industry group formed to prom
standards, has adopted SAML 1.1 as part of its application framework. Microsoft and IBM have proposed an
alternative specification called WS-Security. Some believe that the competing technologies and methods may
converge when the SAML 2.0 standard is introduced. A few Web access-management products support SAML today,
-but implemention of the technology mostly requires customization to integrate applications and develop user
-interfaces. In a nust-shell, that is why FIM is a big and growing industry.
+but implementation of the technology mostly requires customization to integrate applications and develop user
+interfaces. In a nutshell, that is why FIM is a big and growing industry.
</para>
<para>
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml
index 957abbf..8659437 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml
@@ -757,7 +757,7 @@ Samba-3 introduces a number of new password backend capabilities.
<indexterm><primary>trust accounts</primary></indexterm>
The POSIX and sambaSamAccount components of computer (machine) accounts are both used by Samba.
Thus, machine accounts are treated inside Samba in the same way that Windows NT4/200X treats
- them. A user account and a machine account are indistinquishable from each other, except that
+ them. A user account and a machine account are indistinguishable from each other, except that
the machine account ends in a $ character, as do trust accounts.
</para>
@@ -1050,7 +1050,7 @@ is being added to the <command>net</command> toolset (see <link linkend="NetComm
<entry><para>0</para></entry>
</row>
<row>
- <entry><para>Mimimum Password Length</para></entry>
+ <entry><para>Minimum Password Length</para></entry>
<entry><para>min password length</para></entry>
<entry><para>1 - 14 (Chars)</para></entry>
<entry><para>0 - 4294967295 (Chars)</para></entry>
@@ -1615,7 +1615,7 @@ account policy value for password history is now 4
&rootprompt; pdbedit -P "maximum password age" -C 7776000
account policy value for maximum password age was 4294967295
account policy value for maximum password age is now 7776000
-&rootprompt; pdbedit -P "minimum password age" -C 7
+&rootprompt; pdbedit -P "minimum password age" -C 604800
account policy value for minimum password age was 0
account policy value for minimum password age is now 7
&rootprompt; pdbedit -P "bad lockout attempt" -C 8
@@ -1735,7 +1735,7 @@ to be removed.
<listitem><para>
<indexterm><primary>lookups</primary></indexterm>
The first problem is that all lookups must be performed sequentially. Given that
- there are approximately two lookups per domain logon (one during intial logon validation
+ there are approximately two lookups per domain logon (one during initial logon validation
and one for a session connection setup, such as when mapping a network drive or printer), this
is a performance bottleneck for large sites. What is needed is an indexed approach
such as that used in databases.
@@ -2626,7 +2626,7 @@ sambaNTPassword: 878D8014606CDA29677A44EFA1353FC7
</sect3>
<sect3>
- <title>Using OpenLDAP Overlay for Password Syncronization</title>
+ <title>Using OpenLDAP Overlay for Password Synchronization</title>
<para>
Howard Chu has written a special overlay called <command>smbk5pwd</command>. This tool modifies the
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml b/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml
index b8bd327..91e9712 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml
@@ -276,7 +276,7 @@ quotasettings: gid nolimit = no
<para>
<indexterm><primary>logging</primary></indexterm>
- This auditing tool is more felxible than most people readily will recognize. There are a number of ways
+ This auditing tool is more flexible than most people will readily recognize. There are a number of ways
by which useful logging information can be recorded.
</para>
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-foreword-cargill.xml b/docs-xml/Samba3-HOWTO/TOSHARG-foreword-cargill.xml
index 6331d2f..b5da92d 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-foreword-cargill.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-foreword-cargill.xml
@@ -38,7 +38,7 @@ know</emphasis>, why are you doing a standard?
<para>
A <emphasis>good standard</emphasis> survives because people know how to use it. People know how to use a
-standard when it is so transparent, so obvious, and so easy that it become invisible. And a standard becomes
+standard when it is so transparent, so obvious, and so easy that it becomes invisible. And a standard becomes
invisible only when the documentation describing how to deploy it is clear, unambiguous, and correct. These
three elements must be present for a standard to be useful, allowing communication and interaction between two
separate and distinct entities to occur without obvious effort. As you read this book, look for the evidence
diff --git a/docs-xml/Samba3-HOWTO/index.xml b/docs-xml/Samba3-HOWTO/index.xml
index 87b0795..4f83f96 100644
--- a/docs-xml/Samba3-HOWTO/index.xml
+++ b/docs-xml/Samba3-HOWTO/index.xml
@@ -3,7 +3,7 @@
<book id="Samba-HOWTO-Collection"
xmlns:xi="http://www.w3.org/2003/XInclude">
-<title>The Official Samba 3.2.x HOWTO and Reference Guide</title>
+<title>The Official Samba 3.3.x HOWTO and Reference Guide</title>
<bookinfo>
<authorgroup>
diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml
index 78f798c..9206cb8 100644
--- a/docs-xml/manpages-3/net.8.xml
+++ b/docs-xml/manpages-3/net.8.xml
@@ -1582,6 +1582,88 @@ Delete the list of includes from the provided section (global or share).
</refsect2>
<refsect2>
+<title>DOM</title>
+
+<para>Starting with version 3.2.0 Samba has support for remote join and unjoin APIs, both client and server-side. Windows supports remote join capabilities since Windows 2000.
+</para>
+<para>In order for Samba to be joined or unjoined remotely an account must be used that is either member of the Domain Admins group, a member of the local Administrators group or a user that is granted the SeMachineAccountPrivilege privilege.
+</para>
+
+<para>The client side support for remote join is implemented in the net dom commands which are:
+<simplelist>
+<member>net dom join - Join a remote computer into a domain.</member>
+<member>net dom unjoin - Unjoin a remote computer from a domain.</member>
+</simplelist>
+</para>
+
+<refsect3>
+<title>DOM JOIN <replaceable>domain=DOMAIN</replaceable> <replaceable>ou=OU</replaceable> <replaceable>account=ACCOUNT</replaceable> <replaceable>password=PASSWORD</replaceable> <replaceable>reboot</replaceable></title>
+
+<para>
+Joins a computer into a domain. This command supports the following additional parameters:
+</para>
+
+<itemizedlist>
+
+<listitem><para><replaceable>DOMAIN</replaceable> can be a NetBIOS domain name (also known as short domain name) or a DNS domain name for Active Directory Domains. As in Windows, it is also possible to control which Domain Controller to use. This can be achieved by appending the DC name using the \ separator character. Example: MYDOM\MYDC. The <replaceable>DOMAIN</replaceable> parameter cannot be NULL.</para></listitem>
+
+<listitem><para><replaceable>OU</replaceable> can be set to a RFC 1779 LDAP DN, like <emphasis>ou=mymachines,cn=Users,dc=example,dc=com</emphasis> in order to create the machine account in a non-default LDAP containter. This optional parameter is only supported when joining Active Directory Domains.</para></listitem>
+
+<listitem><para><replaceable>ACCOUNT</replaceable> defines a domain account that will be used to join the machine to the domain. This domain account needs to have sufficient privileges to join machines.</para></listitem>
+
+<listitem><para><replaceable>PASSWORD</replaceable> defines the password for the domain account defined with <replaceable>ACCOUNT</replaceable>.</para></listitem>
+
+<listitem><para><replaceable>REBOOT</replaceable> is an optional parameter that can be set to reboot the remote machine after successful join to the domain.</para></listitem>
+
+</itemizedlist>
+
+<para>
+Note that you also need to use standard net paramters to connect and authenticate to the remote machine that you want to join. These additional parameters include: -S computer and -U user.
+</para>
+<para>
+ Example:
+ net dom join -S xp -U XP\\administrator%secret domain=MYDOM account=MYDOM\\administrator password=topsecret reboot.
+</para>
+<para>
+This example would connect to a computer named XP as the local administrator using password secret, and join the computer into a domain called MYDOM using the MYDOM domain administrator account and password topsecret. After successful join, the computer would reboot.
+</para>
+
+</refsect3>
+
+<refsect3>
+<title>DOM UNJOIN <replaceable>account=ACCOUNT</replaceable> <replaceable>password=PASSWORD</replaceable> <replaceable>reboot</replaceable></title>
+
+<para>
+Unjoins a computer from a domain. This command supports the following additional parameters:
+</para>
+
+<itemizedlist>
+
+<listitem><para><replaceable>ACCOUNT</replaceable> defines a domain account that will be used to unjoin the machine from the domain. This domain account needs to have sufficient privileges to unjoin machines.</para></listitem>
+
+<listitem><para><replaceable>PASSWORD</replaceable> defines the password for the domain account defined with <replaceable>ACCOUNT</replaceable>.</para></listitem>
+
+<listitem><para><replaceable>REBOOT</replaceable> is an optional parameter that can be set to reboot the remote machine after successful unjoin from the domain.</para></listitem>
+
+</itemizedlist>
+
+<para>
+Note that you also need to use standard net paramters to connect and authenticate to the remote machine that you want to unjoin. These additional parameters include: -S computer and -U user.
+</para>
+<para>
+ Example:
+ net dom unjoin -S xp -U XP\\administrator%secret account=MYDOM\\administrator password=topsecret reboot.
+</para>
+<para>
+This example would connect to a computer named XP as the local administrator using password secret, and unjoin the computer from the domain using the MYDOM domain administrator account and password topsecret. After successful unjoin, the computer would reboot.
+</para>
+
+</refsect3>
+
+</refsect2>
+
+<refsect2>
+>>>>>>> 80d32b8... s3-docs: Fix Bug #6331. Document "net dom join/net dom unjoin".:docs-xml/manpages-3/net.8.xml
<title>HELP [COMMAND]</title>
<para>Gives usage information for the specified command.</para>
diff --git a/docs-xml/smbdotconf/logon/shutdownscript.xml b/docs-xml/smbdotconf/logon/shutdownscript.xml
index 7e8ec8f..076704a 100644
--- a/docs-xml/smbdotconf/logon/shutdownscript.xml
+++ b/docs-xml/smbdotconf/logon/shutdownscript.xml
@@ -42,12 +42,13 @@
<para>Shutdown script example:
<programlisting format="linespecific">
#!/bin/bash
-
-$time=0
-let "time/60"
-let "time++"
+
+time=$2
+let time="${time} / 60"
+let time="${time} + 1"
/sbin/shutdown $3 $4 +$time $1 &
+
</programlisting>
Shutdown does not return so we need to launch it in background.
</para>
diff --git a/docs-xml/smbdotconf/protocol/unixextensions.xml b/docs-xml/smbdotconf/protocol/unixextensions.xml
index 5b4a36a..da9ad10 100644
--- a/docs-xml/smbdotconf/protocol/unixextensions.xml
+++ b/docs-xml/smbdotconf/protocol/unixextensions.xml
@@ -4,8 +4,8 @@
advanced="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This boolean parameter controls whether Samba
- implments the CIFS UNIX extensions, as defined by HP.
+ <para>This boolean parameter controls whether Samba
+ implements the CIFS UNIX extensions, as defined by HP.
These extensions enable Samba to better serve UNIX CIFS clients
by supporting features such as symbolic links, hard links, etc...
These extensions require a similarly enabled client, and are of
diff --git a/packaging/RHEL/samba.spec.tmpl b/packaging/RHEL/samba.spec.tmpl
index d5e549b..7818296 100644
--- a/packaging/RHEL/samba.spec.tmpl
+++ b/packaging/RHEL/samba.spec.tmpl
@@ -28,7 +28,7 @@ Provides: samba = %{version}
Prefix: /usr
BuildRoot: %{_tmppath}/%{name}-%{version}-root
-BuildRequires: pam-devel, readline-devel, fileutils, libacl-devel, openldap-devel, krb5-devel, cups-devel
+BuildRequires: pam-devel, readline-devel, fileutils, libacl-devel, openldap-devel, krb5-devel, cups-devel, keyutils-devel
# Working around perl dependency problem from docs
%define __perl_requires %{SOURCE998}
@@ -122,8 +122,7 @@ cd source
# RPM_OPT_FLAGS="$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64"
## check for ccache
- ccache -h 2>&1 > /dev/null
-if [ $? -eq 0 ]; then
+if [ "$(which ccache 2> /dev/null)" != "" ]; then
CC="ccache gcc"
else
CC="gcc"
diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index 2a535bf..f6c5eaa 100644
--- a/source/auth/auth_util.c
--
Samba Shared Repository
More information about the samba-cvs
mailing list