[SCM] Samba Shared Repository - branch v3-3-stable updated - release-3-3-8-23-g702ad7e
Karolin Seeger
kseeger at samba.org
Wed Oct 7 01:55:44 MDT 2009
The branch, v3-3-stable has been updated
via 702ad7e193d50133cb22038dd937940341003a69 (commit)
via 1f60be6ad0ecbdb56488e55772a65b022c055e84 (commit)
via 201f15926c0907bb68b250c7b178a8bfc6232d16 (commit)
via c3c8b134fa17258c52947b095686613e56d03985 (commit)
via 51b7fda12e8ac7f95fb0abdef78582cface645fc (commit)
via 94157bfd9b5d195e2ecc07971e58c12ba9698b1a (commit)
via c2b0e8d1d054670d7b52ef3860df27232570a9d8 (commit)
via 42678a945516eb7e61723eb98df0047d3413cdea (commit)
via b6319e8910d96f9a53d07d38321afcee6a30f1d3 (commit)
via 1cd8f66ad37fe8222d09ed0909ea8514cc843d9e (commit)
via 46fcb7cb14af4a2af05d10dab3532e3915942b66 (commit)
via dbcf9638e4291035c8564d97328286c1eef63853 (commit)
via c8e5c1a4e9d19cbc36907bdaebae14d51ec10619 (commit)
via 41106eda6bce2dc7e70fea00f23071e0820d9a13 (commit)
via 6a31e7b25e1a742761f13363cc2e1ebea9a57f4c (commit)
via ed2223a88a651253e627a4b0236749ad4faba79f (commit)
via 1a30b49679a8210e92dfbaa11d07950f8b9de78d (commit)
via 08f3e9ade974fcf5abfff71aa01cbf083f952149 (commit)
via b122b7d06dc4a08421ec3a57f7b1014234dc05db (commit)
via 877c02a4259fd580a957af91d08f9086a1b9b66e (commit)
via 076d41be965fb56cfa0551c93f317abb31cfd0b8 (commit)
via c6fd52b2025236e912b0bc8dc3e63f99ed4854e1 (commit)
via 7ce571615fa2e78a46828ba1c53036fdf8c3b976 (commit)
from 5f1f1c47623f846909481073d56bc909d13e5e37 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-stable
- Log -----------------------------------------------------------------
commit 702ad7e193d50133cb22038dd937940341003a69
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed Oct 7 09:23:27 2009 +0200
WHATSNEW: Prepare release notes for Samba 3.3.9.
Karolin
(cherry picked from commit f31c2218c4cd6c04b4899f46c3cc2294c677a688)
commit 1f60be6ad0ecbdb56488e55772a65b022c055e84
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed Oct 7 08:44:52 2009 +0200
VERSION: Raise version number up to 3.3.9.
Karolin
(cherry picked from commit b6f21ad0732d207c7c831c6094fad25e1469b426)
commit 201f15926c0907bb68b250c7b178a8bfc6232d16
Author: Jeremy Allison <jra at samba.org>
Date: Fri Oct 2 12:23:32 2009 +0200
Second part of a fix for bug #6235.
Domain enumeration breaks if master browser has space in name.
(cherry picked from commit d984b39d971b7fc8f66e6c5376a2b7a98dfc20d8)
commit c3c8b134fa17258c52947b095686613e56d03985
Author: Derrell Lipman <derrell.lipman at unwireduniverse.com>
Date: Fri Oct 2 12:22:25 2009 +0200
Fix bug #6532.
Domain enumeration breaks if master browser has space in name.
(cherry picked from commit e3601a43421cc51b2b4b6413f547daf6ea9b0b41)
commit 51b7fda12e8ac7f95fb0abdef78582cface645fc
Author: Kumar Thangavelu <Kumar.Thangavelu at riverbed.com>
Date: Fri May 29 11:27:38 2009 +0200
s3/getdcname: Fix 'net' crash.
'net' command crashed when attempting to join a
domain. This occurred in a very specific case where
the DC had multiple IPs and one of the IPs was invalid.
Signed-off-by: Volker Lendecke <vl at samba.org>
Fixes bug #6420.
(cherry picked from commit 30cca93674d0dad15ad0ccfaf0d81f94d7d17b4a)
commit 94157bfd9b5d195e2ecc07971e58c12ba9698b1a
Author: Bo Yang <boyang at samba.org>
Date: Wed Sep 16 23:58:35 2009 +0800
s3: Don't overwrite password in pam_winbind, subsequent pam modules might use the old password and new password.
Signed-off-by: Bo Yang <boyang at samba.org>
Fix bug #6735.
(cherry picked from commit 457cbb36700cf460375cdbea85ada5676e03aa45)
commit c2b0e8d1d054670d7b52ef3860df27232570a9d8
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 9 12:24:08 2009 +0200
s3:libsmb: Correctly chew keepalive packets
Thanks a *lot* to Günther to send me the relevant traces!
Volker
Signed-off-by: Günther Deschner <gd at samba.org>
Fixes bug #6646 (Winbind authentication issue on 3.2.13/14 and 3.4.0 (was:
[Samba] Crazied NTLM_AUTH on samba 3.4.0)).
(cherry picked from commit 28674fcda7aaf839fdf5704e4133a0bd3a3f93a2)
commit 42678a945516eb7e61723eb98df0047d3413cdea
Author: Günther Deschner <gd at samba.org>
Date: Wed Sep 9 02:29:58 2009 +0200
s3-winbindd: Fix Bug #6700: Use dns domain name when needing to guess server principal.
Patch from Robert LeBlanc <robert at leblancnet.us>.
Thanks!
Guenther
(cherry picked from commit cd920dcff320a097bcc46a9468a78cedca6fb2be)
commit b6319e8910d96f9a53d07d38321afcee6a30f1d3
Author: Günther Deschner <gd at samba.org>
Date: Tue Sep 8 11:57:52 2009 +0200
s3-schannel: Fix Bug #6697. Interdomain trusts with Windows 2008 R2 DCs.
The Schannel verifier (aka NL_AUTH_SIGNATURE) structure (32 byte) sent from a
W2k8r2 DC is passed in a buffer with the size of a NL_AUTH_SHA2_SIGNATURE (56
byte). We should just ignore the remaining 12 zeroed bytes and proceed.
Guenther
(cherry picked from commit e7e1e1887e79e4dcbd8836b775e387751c44f318)
commit 1cd8f66ad37fe8222d09ed0909ea8514cc843d9e
Author: Simo Sorce <idra at samba.org>
Date: Sat Sep 5 10:18:12 2009 -0400
Check we read off the compelte event from inotify
The kernel may return a short read, so we must use read_data() to make sure we
read off the full buffer. If somethign bad happens we also need to kill the
inotify watch because the filedescriptor will return out of sync structures if
we read only part of the data.
Fixes bug #6693.
(cherry picked from commit 7fd407fefe92939ecb78400d22aac55590851f70)
commit 46fcb7cb14af4a2af05d10dab3532e3915942b66
Author: Volker Lendecke <vl at samba.org>
Date: Sun Aug 30 11:39:41 2009 +0200
s3:libwbclient: Fix bug 6349, initialize domain info struct
(cherry picked from commit 39a7cc3c1fd6a3fbb56c8030b6e12962d9fb7181)
commit dbcf9638e4291035c8564d97328286c1eef63853
Author: Günther Deschner <gd at samba.org>
Date: Tue Sep 1 11:58:05 2009 +0200
wbclient: Fix Bug #6680: always activate handling of large (> 256 byte) ntlmv2 blobs in wbcAuthenticateUserEx().
Guenther
(cherry picked from commit 7253d96fc205717d9fed973bbcad2884ce656fd9)
commit c8e5c1a4e9d19cbc36907bdaebae14d51ec10619
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jul 14 23:12:59 2009 +0200
Fix bug 5886
Ok, that's a very long-standing one. I finally got around to install a recent
OpenLDAP and test the different variants of setting a NULL password etc.
Thanks all for your patience!
Volker
(cherry picked from commit 983c6f22f411aab2488fe41b5b06174c55108868)
commit 41106eda6bce2dc7e70fea00f23071e0820d9a13
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Aug 27 13:16:15 2009 +0200
s3:netlogon: replace cred_hash3 by des_crypt112_16
This makes sure we don't truncate the session key to 8 bytes
Fixes bug #6664.
metze
(cherry picked from commit 570a8cf5bb6924905b3ad20353d1e7b0ca087748)
commit 6a31e7b25e1a742761f13363cc2e1ebea9a57f4c
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jul 29 04:30:52 2009 -0400
Fix unqualified "net join"
Kai, please check!
Fixes bug #6585.
Thanks,
Volker
(cherry picked from commit d8543da9dad3286cd330b98374405edb9f976e77)
(cherry picked from commit bf7d1758a77a462d9b30cc2549a960736884ee32)
(cherry picked from commit 9509763346de5e587a098a90e33a5e38d6d00a78)
commit ed2223a88a651253e627a4b0236749ad4faba79f
Author: Günther Deschner <gd at samba.org>
Date: Thu Aug 6 17:17:26 2009 +0200
s3-ldap: Fix Bug #5879. Update LDAP schema for Netscape DS 5.
Patch from TAKEDA Yasuma <yasuma at osstech.co.jp>.
Guenther
(cherry picked from commit 9fa042bb9f71057fc869e37d4cc180e8a772b1bb)
(cherry picked from commit a01f0a4025d382c1bc82f4992ea4566db4df3818)
commit 1a30b49679a8210e92dfbaa11d07950f8b9de78d
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 11 11:17:14 2009 +0200
s3:winbindd: raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds.
metze
(cherry picked from commit 1e1445bc7672b17a1d689fa0f0732b05b6e04da5)
Fixes bug #6627.
(cherry picked from commit 8d57806544dade748aaac9cc493deb75d4e95735)
commit 08f3e9ade974fcf5abfff71aa01cbf083f952149
Author: Michael Adam <obnox at samba.org>
Date: Fri Jun 26 14:09:10 2009 +0200
s3:passdb: fix bug #6509: use gid (not uid) cache in fetch_gid_from_cache().
With the previous code, the cache can never have been hit at all.
Michael
(cherry picked from commit c70d54508e1cb8f5edbad02a632dfd52d65fd699)
commit b122b7d06dc4a08421ec3a57f7b1014234dc05db
Author: Bo Yang <boyang at samba.org>
Date: Fri Aug 7 14:58:36 2009 +0800
s3: Unable to browse DFS when using kerberos in libsmbclient
Signed-off-by: Bo Yang <boyang at samba.org>
Fixes bug #6615.
(cherry picked from commit 40da23b6a7dc7acfbdf76a6808b7e50c6c39093e)
commit 877c02a4259fd580a957af91d08f9086a1b9b66e
Author: Karolin Seeger <kseeger at samba.org>
Date: Thu Aug 6 10:06:29 2009 +0200
s3/smbldap: Fix typo in debug message.
Karolin
(cherry picked from commit 54dffbea663ecf4542d6c5e30da6e346d5d60424)
(cherry picked from commit 2538df1ea3229ea6d8242b5ae6fdd3d453395609)
commit 076d41be965fb56cfa0551c93f317abb31cfd0b8
Author: Jeremy Allison <jra at samba.org>
Date: Mon May 18 14:26:37 2009 -0700
Fix SAMR server for winbindd access. Ensure we allow MAX_ACCESS to be mapped to what we're giving Everyone. Jeremy.
Fixes bug #6504.
(cherry picked from commit 4e854cb52cfb4f3c25c92324c6e7505f1c8290b3)
commit c6fd52b2025236e912b0bc8dc3e63f99ed4854e1
Author: Yannick Bergeron <burgergold at hotmail.com>
Date: Thu Jul 30 19:31:24 2009 -0400
Increase the max_grp value to 128 (AIX NGROUPS_MAX value) instead of 32 to allow AIX to call sys_getgrouplist only once
(cherry picked from commit c3e12444f57e24dcd6c9259537ed0489db4658e9)
(cherry picked from commit 2666b3e27444ffcad3afc21e276f189ac238433f)
(cherry picked from commit 1da21f70ec4cebb7ee523dda8abf4100584901f8)
commit 7ce571615fa2e78a46828ba1c53036fdf8c3b976
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon Aug 3 10:19:45 2009 +0200
s3/docs: Fix typos.
Thanks to OPC oota <t-oota at dh.jp.nec.com> for reporting!
Karolin
(cherry picked from commit 7ee7ec3fdba2ef6a6cc3e1f96a5d2154290cdb18)
(cherry picked from commit c94d3183a8e4c7e03c0dd2771cb7b9f4665198ce)
(cherry picked from commit 1310ba934b87b804f435cef2c21e6e65590e4a83)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 101 ++++++++++++++++++++++++-
docs-xml/Samba3-HOWTO/TOSHARG-ChangeNotes.xml | 4 +-
examples/LDAP/samba-schema-netscapeds5.x | 7 ++-
source/VERSION | 2 +-
source/include/rpc_dce.h | 2 +-
source/lib/smbldap.c | 2 +-
source/lib/system_smbd.c | 2 +-
source/libsmb/async_smb.c | 6 ++
source/libsmb/dsgetdcname.c | 4 +-
source/libsmb/libsmb_context.c | 17 +++-
source/libsmb/libsmb_dir.c | 2 +-
source/libsmb/namequery.c | 3 +-
source/nsswitch/libwbclient/wbc_pam.c | 19 ++++-
source/nsswitch/libwbclient/wbc_util.c | 2 +
source/nsswitch/pam_winbind.c | 4 -
source/passdb/lookup_sid.c | 2 +-
source/passdb/pdb_ldap.c | 34 +++++++--
source/rpc_client/cli_netlogon.c | 6 +-
source/rpc_client/cli_pipe.c | 2 +-
source/rpc_server/srv_netlog_nt.c | 3 +-
source/rpc_server/srv_samr_nt.c | 4 +-
source/smbd/notify_inotify.c | 10 ++-
source/utils/net_join.c | 5 +-
source/winbindd/winbindd_ads.c | 21 +++++
source/winbindd/winbindd_cm.c | 2 +-
source/winbindd/winbindd_rpc.c | 37 +++++++++-
26 files changed, 253 insertions(+), 50 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 0d9aaac..1c207dc 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,101 @@
=============================
+ Release Notes for Samba 3.3.9
+ October, 8 2009
+ =============================
+
+
+This is the latest bugfix release of the Samba 3.3 series.
+
+Major enhancements in Samba 3.3.9 include:
+
+ o
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.3.8
+-------------------
+
+o Michael Adam <obnox at samba.org>
+ * BUG 6509: Use gid (not uid) cache in fetch_gid_from_cache().
+
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 6504: Fix SAMR server for Winbind access.
+
+
+o Yannick Bergeron <burgergold at hotmail.com>
+ * Increase the max_grp value to 128 (AIX NGROUPS_MAX value).
+
+
+o Günther Deschner <gd at samba.org>
+ * BUG 6700: Use DNS domain name when needing to guess server principal.
+ * BUG 6680: Always activate handling of large (> 256 byte) ntlmv2 blobs
+ in wbcAuthenticateUserEx().
+ * BUG 6697: Fix interdomain trusts with Windows 2008 R2 DCs.
+
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 5886: Fix password change propagation.
+ * BUG 6349: Initialize domain info struct.
+ * BUG 6585: Fix unqualified "net join".
+ * BUG 6646: Correctly chew keepalive packets.
+
+
+o Derrell Lipman <derrell.lipman at unwireduniverse.com>
+ * BUG 6532: Fix domain enumeration if master browser has space in name.
+
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 6627: Raise the timeout for lsa_Lookup*() calls
+ from 10 to 35 seconds.
+ * BUG 6664: Make sure we don't truncate the session key to 8 bytes.
+
+
+o Simo Sorce <idra at samba.org>
+ * BUG 6693: Check we read off the complete event from inotify.
+
+
+o TAKEDA Yasuma <yasuma at osstech.co.jp>
+ * BUG 5879: Update LDAP schema for Netscape DS 5.
+
+
+o Kumar Thangavelu <Kumar.Thangavelu at riverbed.com>
+ * BUG 6420: Fix 'net' crash when attempting to join a
+ domain.
+
+
+o Bo Yang <boyang at samba.org>
+ * BUG 6615: Fix browsing DFS when using kerberos in libsmbclient.
+ * BUG 6735: Don't overwrite password in pam_winbind.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.3 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ =============================
Release Notes for Samba 3.3.8
October, 1 2009
=============================
@@ -61,8 +158,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 3.3.7
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-ChangeNotes.xml b/docs-xml/Samba3-HOWTO/TOSHARG-ChangeNotes.xml
index 6c2af32..29bdf40 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-ChangeNotes.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-ChangeNotes.xml
@@ -107,7 +107,7 @@ An example helps to illustrate the change:
<indexterm><primary>ACL</primary></indexterm>
<indexterm><primary>SID</primary></indexterm>
Assume that a group named <emphasis>developers</emphasis> exists with a UNIX GID of 782. In this
-case this user does not exist in Samba's group mapping table. It would be perfectly normal for
+case this group does not exist in Samba's group mapping table. It would be perfectly normal for
this group to be appear in an ACL editor. Prior to Samba-3.0.23, the group SID might appear as
<literal>S-1-5-21-647511796-4126122067-3123570092-2565</literal>.
</para>
@@ -188,7 +188,7 @@ and UNIX</link>.
<indexterm><primary>GID</primary></indexterm>
<indexterm><primary>SQL</primary></indexterm>
<indexterm><primary>XML</primary></indexterm>
-The <smbconfoption name="passdb backend"/> parameter no long accepts multiple passdb backends in a
+The <smbconfoption name="passdb backend"/> parameter no longer accepts multiple passdb backends in a
chained configuration. Also be aware that the SQL and XML based passdb modules have been
removed in the Samba-3.0.23 release. More information regarding external support for a SQL
passdb module can be found on the <ulink url="http://pdbsql.sourceforge.net/">pdbsql</ulink> web site.
diff --git a/examples/LDAP/samba-schema-netscapeds5.x b/examples/LDAP/samba-schema-netscapeds5.x
index efc528b..661521c 100644
--- a/examples/LDAP/samba-schema-netscapeds5.x
+++ b/examples/LDAP/samba-schema-netscapeds5.x
@@ -4,9 +4,11 @@
## Thomas Mueller 12.04.2003, thomas.mueller at christ-wasser.de
## Richard Renard rrenard at idealx.com 2005-01-28
## - added support for MungedDial, BadPasswordCount, BadPasswordTime, PasswordHistory, LogonHours
+## TAKEDA Yasuma yasuma at osstech.co.jp 2008-11-06
+## - added sambaTrustedDomainPassword objectClasses
## - in Sun One 5.2 copy it as 99samba-schema-netscapeds5.ldif
##
-## Samba 3.0 schema file for Netscape DS 5.x
+## Samba 3.2 schema file for Netscape DS 5.x
##
## INSTALL-DIRECTORY/slapd-your_name/config/schema/samba-schema-netscapeds5.ldif
####################################################################
@@ -33,6 +35,7 @@ objectClasses: ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL DE
objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY DESC 'Pool for allocating UNIX uids/gids' MUST ( uidNumber $ gidNumber ) X-ORIGIN 'user defined' )
objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY DESC 'Mapping from a SID to an ID' MUST ( sambaSID ) MAY ( uidNumber $ gidNumber ) X-ORIGIN 'user defined' )
objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL DESC 'Structural Class for a SID' MUST ( sambaSID ) X-ORIGIN 'user defined' )
+objectClasses: ( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPassword' SUP top STRUCTURAL DESC 'Samba Trusted Domain Password' MUST ( sambaDomainName $ sambaSID $ sambaClearTextPassword $ sambaPwdLastSet ) MAY ( sambaPreviousClearTextPassword ) X-ORIGIN 'user defined')
attributeTypes: ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'LanManager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 hash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Account Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE X-ORIGIN 'user defined' )
@@ -60,3 +63,5 @@ attributeTypes: ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC 'Next NT
attributeTypes: ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC 'Next NT rid to give out for groups' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Next NT rid to give out for anything' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' DESC 'Base at which the samba RID generation algorithm should operate' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
+attributeTypes: ( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword' DESC 'Clear text password (used for trusted domain passwords)' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'user defined')
+attributeTypes: ( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextPassword' DESC 'Previous clear text password (used for trusted domain passwords)' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'user defined')
diff --git a/source/VERSION b/source/VERSION
index 7aff985..863ef6c 100644
--- a/source/VERSION
+++ b/source/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=3
SAMBA_VERSION_MINOR=3
-SAMBA_VERSION_RELEASE=8
+SAMBA_VERSION_RELEASE=9
########################################################
# Bug fix releases use a letter for the patch revision #
diff --git a/source/include/rpc_dce.h b/source/include/rpc_dce.h
index b63f0ea..2129c6d 100644
--- a/source/include/rpc_dce.h
+++ b/source/include/rpc_dce.h
@@ -150,7 +150,7 @@ enum schannel_direction {
};
/* Maximum size of the signing data in a fragment. */
-#define RPC_MAX_SIGN_SIZE 0x20 /* 32 */
+#define RPC_MAX_SIGN_SIZE 0x38 /* 56 */
/* Maximum PDU fragment size. */
/* #define MAX_PDU_FRAG_LEN 0x1630 this is what wnt sets */
diff --git a/source/lib/smbldap.c b/source/lib/smbldap.c
index 03c6573..704a516 100644
--- a/source/lib/smbldap.c
+++ b/source/lib/smbldap.c
@@ -1409,7 +1409,7 @@ int smbldap_search_paged(struct smbldap_state *ldap_state,
goto done;
}
- DEBUG(3,("smbldap_search_paged: search was successfull\n"));
+ DEBUG(3,("smbldap_search_paged: search was successful\n"));
rc = ldap_parse_result(ldap_state->ldap_struct, *res, NULL, NULL,
NULL, NULL, &rcontrols, 0);
diff --git a/source/lib/system_smbd.c b/source/lib/system_smbd.c
index 1f5dd31..b22d15f 100644
--- a/source/lib/system_smbd.c
+++ b/source/lib/system_smbd.c
@@ -153,7 +153,7 @@ bool getgroups_unix_user(TALLOC_CTX *mem_ctx, const char *user,
gid_t *groups;
int i;
- max_grp = MIN(32, groups_max());
+ max_grp = MIN(128, groups_max());
temp_groups = SMB_MALLOC_ARRAY(gid_t, max_grp);
if (! temp_groups) {
return False;
diff --git a/source/libsmb/async_smb.c b/source/libsmb/async_smb.c
index a1896e1..3418788 100644
--- a/source/libsmb/async_smb.c
+++ b/source/libsmb/async_smb.c
@@ -238,6 +238,12 @@ static void handle_incoming_pdu(struct cli_state *cli)
}
+ if ((raw_pdu_len == 4) && (CVAL(pdu, 0) == SMBkeepalive)) {
+ DEBUG(10, ("Got keepalive\n"));
+ TALLOC_FREE(pdu);
+ return;
+ }
+
/*
* TODO: Handle oplock break requests
*/
diff --git a/source/libsmb/dsgetdcname.c b/source/libsmb/dsgetdcname.c
index 77c2dcf..714c11b 100644
--- a/source/libsmb/dsgetdcname.c
+++ b/source/libsmb/dsgetdcname.c
@@ -626,8 +626,8 @@ static NTSTATUS discover_dc_dns(TALLOC_CTX *mem_ctx,
struct ip_service_name *r = &dclist[count];
- r->port = dcs[count].port;
- r->hostname = dcs[count].hostname;
+ r->port = dcs[i].port;
+ r->hostname = dcs[i].hostname;
/* If we don't have an IP list for a name, lookup it up */
diff --git a/source/libsmb/libsmb_context.c b/source/libsmb/libsmb_context.c
index ec16311..8e0aa1e 100644
--- a/source/libsmb/libsmb_context.c
+++ b/source/libsmb/libsmb_context.c
@@ -655,14 +655,23 @@ void smbc_set_credentials_with_fallback(SMBCCTX *context,
smbc_bool use_kerberos = false;
const char *signing_state = "off";
- if (!context ||
- ! workgroup || ! *workgroup ||
- ! user || ! *user ||
- ! password || ! *password) {
+ if (! context) {
return;
}
+ if (! workgroup || ! *workgroup) {
+ workgroup = smbc_getWorkgroup(context);
+ }
+
+ if (! user) {
+ user = smbc_getUser(context);
+ }
+
+ if (! password) {
+ password = "";
+ }
+
if (smbc_getOptionUseKerberos(context)) {
use_kerberos = True;
}
diff --git a/source/libsmb/libsmb_dir.c b/source/libsmb/libsmb_dir.c
index 8846abb..d238ab9 100644
--- a/source/libsmb/libsmb_dir.c
+++ b/source/libsmb/libsmb_dir.c
@@ -625,7 +625,7 @@ SMBC_opendir_ctx(SMBCCTX *context,
/*
* Get the backup list ...
*/
- if (!name_status_find(server, 0, 0,
+ if (!name_status_find(server, 0x20, 0x20,
&rem_ss, buserver)) {
DEBUG(0,("Could not get name of "
diff --git a/source/libsmb/namequery.c b/source/libsmb/namequery.c
index cf8c20e..66e6910 100644
--- a/source/libsmb/namequery.c
+++ b/source/libsmb/namequery.c
@@ -408,7 +408,8 @@ bool name_status_find(const char *q_name,
goto done;
for (i=0;i<count;i++) {
- if (status[i].type == type)
+ /* Find first one of the requested type that's not a GROUP. */
+ if (status[i].type == type && ! (status[i].flags & 0x80))
break;
}
if (i == count)
diff --git a/source/nsswitch/libwbclient/wbc_pam.c b/source/nsswitch/libwbclient/wbc_pam.c
index 401d2ad..3f44681 100644
--- a/source/nsswitch/libwbclient/wbc_pam.c
+++ b/source/nsswitch/libwbclient/wbc_pam.c
@@ -439,15 +439,24 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
request.data.auth_crap.lm_resp_len =
MIN(params->password.response.lm_length,
sizeof(request.data.auth_crap.lm_resp));
- request.data.auth_crap.nt_resp_len =
- MIN(params->password.response.nt_length,
- sizeof(request.data.auth_crap.nt_resp));
if (params->password.response.lm_data) {
memcpy(request.data.auth_crap.lm_resp,
params->password.response.lm_data,
request.data.auth_crap.lm_resp_len);
}
- if (params->password.response.nt_data) {
+ request.data.auth_crap.nt_resp_len = params->password.response.nt_length;
+ if (params->password.response.nt_length > sizeof(request.data.auth_crap.nt_resp)) {
+ request.flags |= WBFLAG_BIG_NTLMV2_BLOB;
+ request.extra_len = params->password.response.nt_length;
+ request.extra_data.data = talloc_zero_array(NULL, char, request.extra_len);
+ if (request.extra_data.data == NULL) {
+ wbc_status = WBC_ERR_NO_MEMORY;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+ memcpy(request.extra_data.data,
+ params->password.response.nt_data,
+ request.data.auth_crap.nt_resp_len);
+ } else if (params->password.response.nt_data) {
memcpy(request.data.auth_crap.nt_resp,
params->password.response.nt_data,
request.data.auth_crap.nt_resp_len);
@@ -493,6 +502,8 @@ done:
if (response.extra_data.data)
free(response.extra_data.data);
+ talloc_free(request.extra_data.data);
+
return wbc_status;
}
diff --git a/source/nsswitch/libwbclient/wbc_util.c b/source/nsswitch/libwbclient/wbc_util.c
index b486874..77613e0 100644
--- a/source/nsswitch/libwbclient/wbc_util.c
+++ b/source/nsswitch/libwbclient/wbc_util.c
@@ -285,6 +285,8 @@ static wbcErr process_domain_info_string(TALLOC_CTX *ctx,
BAIL_ON_WBC_ERROR(wbc_status);
}
+ ZERO_STRUCTP(info);
+
r = info_string;
/* Short Name */
diff --git a/source/nsswitch/pam_winbind.c b/source/nsswitch/pam_winbind.c
index 73be3e0..4dcfe73 100644
--- a/source/nsswitch/pam_winbind.c
+++ b/source/nsswitch/pam_winbind.c
@@ -3056,8 +3056,6 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
ret = winbind_chauthtok_request(ctx, user, pass_old,
pass_new, pwdlastset_update);
if (ret) {
- _pam_overwrite(pass_new);
- _pam_overwrite(pass_old);
pass_old = pass_new = NULL;
goto out;
}
@@ -3086,8 +3084,6 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
member, cctype, 0,
&error, &info, &policy,
NULL, &username_ret);
- _pam_overwrite(pass_new);
- _pam_overwrite(pass_old);
pass_old = pass_new = NULL;
if (ret == PAM_SUCCESS) {
diff --git a/source/passdb/lookup_sid.c b/source/passdb/lookup_sid.c
index 25dd73e..10f6cc6 100644
--- a/source/passdb/lookup_sid.c
+++ b/source/passdb/lookup_sid.c
@@ -1085,7 +1085,7 @@ static bool fetch_gid_from_cache(gid_t *pgid, const DOM_SID *psid)
{
DATA_BLOB cache_value;
- if (!memcache_lookup(NULL, SID_UID_CACHE,
+ if (!memcache_lookup(NULL, SID_GID_CACHE,
data_blob_const(psid, ndr_size_dom_sid(psid, 0)),
&cache_value)) {
return false;
diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c
index bc485e3..73f3e87 100644
--- a/source/passdb/pdb_ldap.c
+++ b/source/passdb/pdb_ldap.c
@@ -1700,6 +1700,7 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
char *utf8_password;
char *utf8_dn;
size_t converted_size;
+ int ret;
if (!ldap_state->is_nds_ldap) {
@@ -1731,14 +1732,31 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
}
if ((ber_printf (ber, "{") < 0) ||
- (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, utf8_dn) < 0) ||
- (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, utf8_password) < 0) ||
- (ber_printf (ber, "n}") < 0)) {
- DEBUG(0,("ldapsam_modify_entry: ber_printf returns a value <0\n"));
- ber_free(ber,1);
- SAFE_FREE(utf8_dn);
- SAFE_FREE(utf8_password);
- return NT_STATUS_UNSUCCESSFUL;
+ (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID,
+ utf8_dn) < 0)) {
+ DEBUG(0,("ldapsam_modify_entry: ber_printf returns a "
+ "value <0\n"));
+ ber_free(ber,1);
+ SAFE_FREE(utf8_dn);
+ SAFE_FREE(utf8_password);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ if ((utf8_password != NULL) && (*utf8_password != '\0')) {
+ ret = ber_printf(ber, "ts}",
+ LDAP_TAG_EXOP_MODIFY_PASSWD_NEW,
+ utf8_password);
+ } else {
+ ret = ber_printf(ber, "}");
+ }
+
+ if (ret < 0) {
+ DEBUG(0,("ldapsam_modify_entry: ber_printf returns a "
+ "value <0\n"));
+ ber_free(ber,1);
+ SAFE_FREE(utf8_dn);
+ SAFE_FREE(utf8_password);
+ return NT_STATUS_UNSUCCESSFUL;
}
if ((rc = ber_flatten (ber, &bv))<0) {
diff --git a/source/rpc_client/cli_netlogon.c b/source/rpc_client/cli_netlogon.c
index 23618ef..f2a260c 100644
--- a/source/rpc_client/cli_netlogon.c
+++ b/source/rpc_client/cli_netlogon.c
@@ -601,9 +601,9 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
struct samr_Password new_password;
- cred_hash3(new_password.hash,
- new_trust_passwd_hash,
- cli->dc->sess_key, 1);
+ des_crypt112_16(new_password.hash,
+ new_trust_passwd_hash,
+ cli->dc->sess_key, 1);
result = rpccli_netr_ServerPasswordSet(cli, mem_ctx,
cli->dc->remote_machine,
diff --git a/source/rpc_client/cli_pipe.c b/source/rpc_client/cli_pipe.c
index 1442a3c..2e2767b 100644
--- a/source/rpc_client/cli_pipe.c
+++ b/source/rpc_client/cli_pipe.c
@@ -490,7 +490,7 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p
return NT_STATUS_OK;
}
- if (auth_len != RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) {
+ if (auth_len < RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) {
DEBUG(0,("cli_pipe_verify_schannel: auth_len %u.\n", (unsigned int)auth_len ));
return NT_STATUS_INVALID_PARAMETER;
}
diff --git a/source/rpc_server/srv_netlog_nt.c b/source/rpc_server/srv_netlog_nt.c
index dd49096..0c76c8e 100644
--- a/source/rpc_server/srv_netlog_nt.c
+++ b/source/rpc_server/srv_netlog_nt.c
@@ -669,8 +669,7 @@ NTSTATUS _netr_ServerPasswordSet(pipes_struct *p,
return NT_STATUS_ACCOUNT_DISABLED;
}
- /* Woah - what does this to to the credential chain ? JRA */
- cred_hash3(pwd, r->in.new_password->hash, p->dc->sess_key, 0);
+ des_crypt112_16(pwd, r->in.new_password->hash, p->dc->sess_key, 0);
DEBUG(100,("_netr_ServerPasswordSet: new given value was :\n"));
for(i = 0; i < sizeof(pwd); i++)
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
--
Samba Shared Repository
More information about the samba-cvs
mailing list