[SCM] Samba Shared Repository - branch v3-3-stable updated
Karolin Seeger
kseeger at samba.org
Thu Feb 25 02:47:00 MST 2010
The branch, v3-3-stable has been updated
via adc7b06... WHATSNEW: Update changes since 3.3.10.
via 8a00207... s3:winbind: Fix bug 5626
via e9fb545... s3:winbindd: never mark external domains as internal!
via 9816f15... s3-docs: Add missing para end tag.
via 07e9144... Fix bug #7122 - Reading a large browselist fails (server returns invalid values in subsequent SMBtrans replies)
via 56c764a... Fix off-by-one error in working out the limit of the NetServerEnum comment.
via 02f866a... s3:smbd: Fix really ugly bool vs. int bug!!!
via 0d86cb0... s3:libsmb: fix NetServerEnum3 rap calls.
via 5657bfc... Fix bug #7154 - mangling method = hash can crash storing a name not containing a '.'
via a7dc17e... Fix bug #7155 - valgrind Conditional jump or move depends on uninitialised value(s) error when "mangling method = hash"
via c02aa2f... Fix bug #6557 - Do not work VFS full_audit
via 7cd8009... Fixes issue with preexec scripts creating a share directory, and problems if a smb.conf reload turns wide links back on after a connection is establised.
via a056ee7... Fix bug 7104 - "wide links" and "unix extensions" are incompatible.
via eadf5b5... s3: Fix an uninitialized variable reference
via 04dd168... s3: Fix malformed require_membership_of_sid.
via 98e8e6a... s3:libsmb: don't reuse the callers stype variable in cli_NetServerEnum()
via 00388e6... Fix bug #7072 - Accounts can't be unlocked from ldap.
via 153357b... Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to respond to a read or write.
via 7d9b391... s3: Fix bug 7052: "DFS broken on AIX (maybe others)" (cherry picked from commit c531d00ab4444db19ff6ba4c60ebdcc8319949c6) (cherry picked from commit f21796955e7aa2e84a1c810612f2fdee2bde611c) (cherry picked from commit 28b3cf328312a26cd72bbc54f3283bc46b51bc32) (cherry picked from commit e66e5cb6324800d20f5f091a7fb2eba2d751241a)
via de2f4e1... s3-docs: Fix typos.
via be69516... WHATSNEW: Update release notes.
via 5d6a4bc... VERSION: Raise version up to 3.3.11.
via 57849c3... s3: Fix a crash in libsmbclient used against the OpenSolaris CIFS server
via b990e66... Fix bug 7045 - Bad (non memory copying) interfaces in smbc_setXXXX calls.
via e07bded... s3-libsmbclient: Fix crash bug in SMBC_parse_path().
via 2e64359... Fix bug #7036 - net rpc getsid fails in hardened windows environments.
from 3df467f... WHATSNEW: Update release notes.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-stable
- Log -----------------------------------------------------------------
commit adc7b060e42b6183d45b5206c23e4e1828f548eb
Author: Karolin Seeger <kseeger at samba.org>
Date: Thu Feb 25 10:38:52 2010 +0100
WHATSNEW: Update changes since 3.3.10.
Karolin
(cherry picked from commit 550cc063271ff3e1e337207a2e6bc214bc128f40)
commit 8a002075e13578fe861e2db90284975df0fa0ba3
Author: Volker Lendecke <vl at samba.org>
Date: Sun Aug 30 11:06:14 2009 +0200
s3:winbind: Fix bug 5626
Apparently the AIX compiler can't deal with sizeless array declarations
(cherry picked from commit dd4194bc43cc5efd7517783e5e524d252d1f82c7)
commit e9fb545b5888c4627dae56d53ec61c778182c21f
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 23 08:42:41 2010 +0100
s3:winbindd: never mark external domains as internal!
This way we can endup with silently using builtin_passdb_methods
for an ad domain without an inbound trust.
This fixes bug #7170.
metze
(cherry picked from commit f924b7749280b31ece19885de1c3ad1bd71942ac)
(cherry picked from commit 40f359476d7ec3aec252f79bd2127dd08b305a9f)
commit 9816f15ed245a0d678500da5958c4190c3b47316
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Feb 9 16:36:39 2010 +0100
s3-docs: Add missing para end tag.
Karolin
(cherry picked from commit b78de63ef3cde53e3aabbe46654aac5a335f16a8)
(cherry picked from commit d3738dbe1cabb0ad0acf5f8c9b5e8106285ca9a1)
(cherry picked from commit 7e5e74b351ce466f490d6388ceb368bd718fa93d)
commit 07e9144aab08e26a61016c76eb7afb1f9dbec7e4
Author: Jeremy Allison <jra at samba.org>
Date: Tue Feb 9 15:23:38 2010 -0800
Fix bug #7122 - Reading a large browselist fails (server returns invalid values in subsequent SMBtrans replies)
There are two problems:
1). The server is off-by-one in the end of buffer space test.
2). The server returns 0 in the totaldata (smb_vwv1) and totalparams (smb_vwv0)
fields in the second and subsequent SMBtrans replies.
This patch fixes both.
Jeremy.
(similar to commit b07a14dc37d2899f662e1cf87064f99c0bd10b25)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit de658f95ea12d4c532f309634b9aedb09c5e4d1d)
commit 56c764a2d168a8cd3627e7d551e5eb802af48756
Author: Jeremy Allison <jra at samba.org>
Date: Tue Feb 9 12:17:08 2010 -0800
Fix off-by-one error in working out the limit of the NetServerEnum comment.
Jeremy.
(cherry picked from commit 9ad6f432f3f5844b4b419e7cbaf3c3e70b052d29)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 8cac1af47cad9d40b0ab86cda3674f4420507008)
commit 02f866afccc37ddc7ad4f8bd3ea201d86a94763f
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 10 19:49:48 2010 +0100
s3:smbd: Fix really ugly bool vs. int bug!!!
A comparison function for qsort needs to return an 'int'!
Otherwise you'll get random results depending on the compiler
and the architecture...
metze
(cherry picked from commit 1686a5e7e7eb1b411b003cbbde5c0d28741c6d02)
(cherry picked from commit 5d4d547b901986cff378f640e9e22931d77c61b8)
commit 0d86cb0fd92fc30541bc586cbb9098eb39dbfee6
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Feb 8 18:38:03 2010 +0100
s3:libsmb: fix NetServerEnum3 rap calls.
metze
(cherry picked from commit 9b5198dd443a00fdad4faa1f9cdabedd81012d93)
(cherry picked from commit 98399a69d6fc3d30c899588c8846ce19ef974fa3)
commit 5657bfc7c85827969933c57d5193b214215c279c
Author: Jeremy Allison <jra at samba.org>
Date: Thu Feb 18 11:22:44 2010 -0800
Fix bug #7154 - mangling method = hash can crash storing a name not containing a '.'
Fix use of uninitialized variable. This can lead to crashes if
mangling = hash processes names with no '.'.
Jeremy.
(cherry picked from commit df13b1303a751962d8f7d5298b39e4a7500fef15)
(cherry picked from commit e904ccd25a3b7050a8d1895c9535e42abd0b4d07)
commit a7dc17eedc69a838fb00d0535bf2e459d2841f8a
Author: Jeremy Allison <jra at samba.org>
Date: Thu Feb 18 12:21:10 2010 -0800
Fix bug #7155 - valgrind Conditional jump or move depends on uninitialised value(s) error when "mangling method = hash"
The charset array allocated in init_chartest() is allocated
by MALLOC, but only some elements of it being set after allocation. Fix is to
memset to zero after allocation.
Jeremy.
(cherry picked from commit a4e8210ba7d6d471cb9f17754244393b9c1e5930)
(cherry picked from commit 80d9663b3635ed7b2e9b3308d27aed08cd1f38fb)
commit c02aa2fb818762d6197255396c64e54be88d22a9
Author: Jeremy Allison <jra at samba.org>
Date: Wed Feb 17 10:46:21 2010 -0800
Fix bug #6557 - Do not work VFS full_audit
Re-arrange the operations order so SMB_VFS_CONNECT is done
first as root (to allow modules to correctly initialize themselves).
Reviewed modules to check if they needed CONNECT invoked as
a user (which we previously did) and it turns out any of them
that cared needed root permissions anyway.
Jeremy.
(cherry picked from commit 20b6d0406f0f72895f99636beee7a370195147fd)
commit 7cd8009598af1efa255418562f8b4f9bfdf6a9be
Author: Jeremy Allison <jra at samba.org>
Date: Thu Feb 11 16:09:59 2010 -0800
Fixes issue with preexec scripts creating a share directory, and problems if a smb.conf reload turns wide links back on after a connection is establised.
Includes git refs :
cd18695fc2e4d09ab75e9eab2f0c43dcc15adf0b
94865e4dbd3d721c9855aada8c55e02be8b3881e
5d92d969dda450cc3564dd2265d2b042d832c542
02a5078f1fe6285e4a0b6ad95a3aea1c5bb3e8cf
a6f402ad87ff0ae14d57d97278d67d0ceaaa1d82
from master.
Jeremy.
Fix bug #7104 ("wide links" and "unix extensions" are incompatible.)
(cherry picked from commit ce04bf60499104c166657df959e4033573b5be5c)
commit a056ee7f4f1ecc4e54e3cda58df73e2ed66b41e7
Author: Jeremy Allison <jra at samba.org>
Date: Fri Feb 5 16:22:27 2010 -0800
Fix bug 7104 - "wide links" and "unix extensions" are incompatible.
Change parameter "wide links" to default to "no".
Ensure "wide links = no" if "unix extensions = yes" on a share.
Fix man pages to refect this.
Remove "within share" checks for a UNIX symlink set - even if
widelinks = no. The server will not follow that link anyway.
Correct DEBUG message in check_reduced_name() to add missing "\n"
so it's really clear when a path is being denied as it's outside
the enclosing share path.
Jeremy.
(cherry picked from commit c1b05ae4febfba1a419eee0d04c3886de9f5fee0)
commit eadf5b5cfc0f796b381b174395d19c20de6e714f
Author: Volker Lendecke <vl at samba.org>
Date: Sun Nov 29 22:57:19 2009 +0100
s3: Fix an uninitialized variable reference
Fix bug #5885 (swat prints a bogus ip-address in smb.conf).
(cherry picked from commit 22ca62f7bb268e3695458d6105b847685112ec0f)
commit 04dd168aa9a2907e6109e0b1fef428d09d44da53
Author: Bo Yang <boyang at samba.org>
Date: Sun Feb 7 15:04:51 2010 +0800
s3: Fix malformed require_membership_of_sid.
Signed-off-by: Bo Yang <boyang at samba.org>
Fix bug #7106.
(cherry picked from commit 0ee0ba83dcd9726244b07c1747e0676a74e1d82f)
commit 98e8e6a58fe6f1fa1444ad89c06aa0d99a5639be
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 4 14:03:20 2010 +0100
s3:libsmb: don't reuse the callers stype variable in cli_NetServerEnum()
When we need to do more than one network operation to get the
browse list we need to use the same 'stype' value each time.
metze
(cherry picked from commit c2e4746fa9d68e7601e8e90cc0144d2e65a695b6)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Fix bug #7098 (smbclient -L gives wrong results with a large browse list).
(cherry picked from commit f6484f7febd853122d4b91e52ee896d70686d9d2)
commit 00388e6b8776c4e54ca0d0b566a50a19e0f6d78f
Author: Jeremy Allison <jra at samba.org>
Date: Wed Jan 27 17:16:04 2010 -0800
Fix bug #7072 - Accounts can't be unlocked from ldap.
Fix suggested by Andy Hanton <andyhanton at gmail.com>. The LOGIN_CACHE
struct contains two time_t entries, but was being written to and
read from via tdb_pack/tdb_unpack functions using explicit 32-bit int specifiers.
This would break on machines with a 64-bit time_t. Use correct int
sizes for tdb_pack/tdb_unpack.
We have to fix this properly before 2037 :-).
Contains fixes from master 627fb85092f728065b6d772c41aeb75018154e86
and 69fd8461b8792f4fee1b61db03953044565492c6.
Jeremy.
(cherry picked from commit 0b36486fa7d2689635018c2fc883860251dc8066)
commit 153357b9bb4d70a168c81cb9ff2da437eae823fc
Author: Jeremy Allison <jra at samba.org>
Date: Thu Jan 28 14:55:32 2010 -0800
Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to respond to a read or write.
Only works on Linux kernels 2.6.26 and above. Grants CAP_KILL capability
to allow Linux threads under different euids to send signals to each other.
Same as mater commit 899bd0005f56dcc1e95c3988d41ab3f628bb15db.
Jeremy.
(cherry picked from commit cbf09baa90f5c4cfa8a0019ccc79211d72d13629)
commit 7d9b391ed61a01dfe189dd91a2531c4e2a9a901f
Author: William Jojo <w.jojo at hvcc.edu>
Date: Thu Jan 21 14:21:03 2010 +0100
s3: Fix bug 7052: "DFS broken on AIX (maybe others)"
(cherry picked from commit c531d00ab4444db19ff6ba4c60ebdcc8319949c6)
(cherry picked from commit f21796955e7aa2e84a1c810612f2fdee2bde611c)
(cherry picked from commit 28b3cf328312a26cd72bbc54f3283bc46b51bc32)
(cherry picked from commit e66e5cb6324800d20f5f091a7fb2eba2d751241a)
commit de2f4e12093e34e393140f5538215a5417ca8a59
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed Jan 20 13:34:50 2010 +0100
s3-docs: Fix typos.
Thanks to the Debian samba package maintainers
<pkg-samba-maint at lists.alioth.debian.org> for providing the patch!
Fix bug #7017 (Typos and spelling errors in manpages).
Karolin
(cherry picked from commit e1e6b19acff6d8ba3b70c3ab474a85de8b6f6a6c)
(cherry picked from commit eaa10cfec3c389c79ac3c43f7ec1596015a9b8e1)
(cherry picked from commit 436e13608e489b4bd5c00597efca9c9ca66b8be1)
(cherry picked from commit c2cdd4dff7a78c5c4abeb04679f07e3807f88dfb)
commit be6951627356ba1428bf40830fa84133bbc11de6
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed Jan 20 13:43:15 2010 +0100
WHATSNEW: Update release notes.
Karolin
(cherry picked from commit a4e7398fead7cb9210932ed14fb4d2e87b472234)
commit 5d6a4bc4a5ac517246067ac202338e55e2609f2f
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed Jan 20 13:42:12 2010 +0100
VERSION: Raise version up to 3.3.11.
Karolin
(cherry picked from commit 7242d5ac288b88e151b368ae7d6fc623f60968da)
commit 57849c31b9bc4b1ceb0dac63306481e7b50ab161
Author: Volker Lendecke <vl at samba.org>
Date: Sat Jan 16 13:31:44 2010 +0100
s3: Fix a crash in libsmbclient used against the OpenSolaris CIFS server
A user has sent me a sniff where the OpenSolaris CIFS server returns "32" in
totalentries, but the array in ctr only contains 15 entries. Look at the right
delimiter for walking the array.
Fix bug #7046 (libsmbclient crash against OpenSolaris CIFS server).
(cherry picked from commit 1d611028433db18e96d946b206a8eed1048f9b26)
commit b990e6614f462edb4a00f8ea5665f244a3c9ac40
Author: Jeremy Allison <jra at samba.org>
Date: Fri Jan 15 17:52:54 2010 -0800
Fix bug 7045 - Bad (non memory copying) interfaces in smbc_setXXXX calls.
In smbc_free_context libsmbclient just called free() on the string options
so it assumes the callers have malloced them before setting them via smbc_set
calls.
Change to correctly malloc/free string options to the library.
Protect against SMB_STRDUP of null.
Contains 2d41b1ab78639abe4ae030ff482573f464564dd7 and
f85b6ee90b88c7f7b2a92c8a5f3e2ebe59c1087b from master.
Jeremy
(cherry picked from commit edc44312f76e14e94c56e70cf7bb49139f9f081e)
commit e07bdeda53353597787183131cbe44eeeac5ec15
Author: Günther Deschner <gd at samba.org>
Date: Thu Jan 14 11:34:04 2010 -0800
s3-libsmbclient: Fix crash bug in SMBC_parse_path().
Patch from Tim Waugh <twaugh at redhat.com>.
This resolves https://bugzilla.redhat.com/show_bug.cgi?id=552658
LIBSMBCLIENT-OPENDIR torture test checks this as well.
Guenther
Fix bug #7043 (SIGSEGV in "SMBC_parse_path").
(cherry picked from commit 07263901632bb98851d86dc0ba1d2dc22735c020)
commit 2e6435952779134614c2a8adbfffb83eff5bd96e
Author: Jeremy Allison <jra at samba.org>
Date: Thu Jan 14 15:50:02 2010 -0800
Fix bug #7036 - net rpc getsid fails in hardened windows environments.
Fix suggested by Dave.Daugherty at Centrify.com.
(cherry picked from commit a92d42cf8ae37fe579061f762af601dc49ed71af)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 88 +++++++++++++++++++-
docs-xml/manpages-3/ntlm_auth.1.xml | 2 +-
docs-xml/manpages-3/smbd.8.xml | 2 +-
docs-xml/manpages-3/winbindd.8.xml | 2 +-
docs-xml/smbdotconf/browse/preferredmaster.xml | 2 +-
docs-xml/smbdotconf/misc/widelinks.xml | 13 ++-
docs-xml/smbdotconf/protocol/largereadwrite.xml | 2 +-
docs-xml/smbdotconf/protocol/unixextensions.xml | 4 +
.../smbdotconf/winbind/winbindnormalizenames.xml | 2 +-
source/VERSION | 2 +-
source/include/proto.h | 1 +
source/include/smb.h | 3 +-
source/lib/system.c | 65 +++++++++++++-
source/libsmb/clirap.c | 31 +++++--
source/libsmb/libsmb_context.c | 26 ++++--
source/libsmb/libsmb_dir.c | 2 +-
source/libsmb/libsmb_path.c | 2 +-
source/libsmb/libsmb_setget.c | 15 +++-
source/nsswitch/pam_winbind.c | 12 +++
source/param/loadparm.c | 35 +++++++-
source/passdb/login_cache.c | 25 ++++--
source/smbd/ipc.c | 3 +
source/smbd/lanman.c | 6 +-
source/smbd/mangle_hash.c | 9 ++-
source/smbd/server.c | 8 ++
source/smbd/service.c | 89 +++++++++++--------
source/smbd/trans2.c | 37 --------
source/smbd/vfs.c | 2 +-
source/utils/net_rpc.c | 8 ++-
source/web/cgi.c | 3 +-
source/winbindd/winbindd_cm.c | 5 +-
source/winbindd/winbindd_domain.c | 20 ++---
source/winbindd/winbindd_idmap.c | 16 ++--
source/winbindd/winbindd_locator.c | 16 ++--
tests/readlink.c | 2 +-
35 files changed, 394 insertions(+), 166 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 8c42cbf..0d5d5f0 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,88 @@
==============================
+ Release Notes for Samba 3.3.11
+ February 26, 2010
+ ==============================
+
+
+This is the latest bugfix release of the Samba 3.3 series.
+
+Major enhancements in Samba 3.3.11 include:
+
+ o "wide links" and "unix extensions" are incompatible (bug #7104).
+ o Fix failing of smbd to respond to a read or a write caused by
+ Linux asynchronous IO (aio) (bug #7067).
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.3.10
+--------------------
+
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 6557: Fix vfs_full_audit.
+ * BUG 7036: Fix 'net rpc getsid' in hardened Windows environments.
+ * BUG 7045: Fix bad (non memory copying) interfaces in smbc_setXXXX calls.
+ * BUG 7067: Fix failing of smbd to respond to a read or a write caused by
+ Linux asynchronous IO (aio).
+ * BUG 7072: Fix unlocking of accounts from ldap.
+ * BUG 7104: "wide links" and "unix extensions" are incompatible.
+ * BUG 7122: Fix reading of large browselist.
+ * BUG 7154: "mangling method = hash" can crash storing a name containing a '.'.
+ * BUG 7155: Valgrind Conditional jump or move depends on uninitialised
+ value(s) error when "mangling method = hash".
+
+
+o Günther Deschner <gd at samba.org>
+ * BUG 7043: Fix crash bug in "SMBC_parse_path".
+
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 5626: Fix build on AIX.
+ * BUG 5885: Fix bogus ip address in SWAT.
+ * BUG 7046: Fix a crash in libsmbclient used against the OpenSolaris CIFS
+ server.
+
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 7098: Fix results of 'smbclient -L' with a large browse list.
+ * BUG 7170: Fix handling of external domains in setups with one way trusts.
+
+
+o William Jojo <w.jojo at hvcc.edu>
+ * BUG 7052: Fix DFS on AIX (maybe others).
+
+
+o Bo Yang <boyang at samba.org>
+ * BUG 7106: Fix malformed require_membership_of_sid.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.3 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ ==============================
Release Notes for Samba 3.3.10
January 14, 2010
==============================
@@ -118,8 +202,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 3.3.9
diff --git a/docs-xml/manpages-3/ntlm_auth.1.xml b/docs-xml/manpages-3/ntlm_auth.1.xml
index ac23326..9377972 100644
--- a/docs-xml/manpages-3/ntlm_auth.1.xml
+++ b/docs-xml/manpages-3/ntlm_auth.1.xml
@@ -35,7 +35,7 @@
users using NT/LM authentication. It returns 0 if the users is authenticated
successfully and 1 if access was denied. ntlm_auth uses winbind to access
the user and authentication data for a domain. This utility
- is only indended to be used by other programs (currently
+ is only intended to be used by other programs (currently
<ulink url="http://www.squid-cache.org/">Squid</ulink>
and <ulink url="http://download.samba.org/ftp/unpacked/lorikeet/trunk/mod_ntlm_winbind/">mod_ntlm_winbind</ulink>)
</para>
diff --git a/docs-xml/manpages-3/smbd.8.xml b/docs-xml/manpages-3/smbd.8.xml
index 54de1d9..75451c2 100644
--- a/docs-xml/manpages-3/smbd.8.xml
+++ b/docs-xml/manpages-3/smbd.8.xml
@@ -120,7 +120,7 @@
<listitem><para>If this parameter is specified it causes the
server to run "interactively", not as a daemon, even if the
server is executed on the command line of a shell. Setting this
- parameter negates the implicit deamon mode when run from the
+ parameter negates the implicit daemon mode when run from the
command line. <command>smbd</command> also logs to standard
output, as if the <command>-S</command> parameter had been
given.
diff --git a/docs-xml/manpages-3/winbindd.8.xml b/docs-xml/manpages-3/winbindd.8.xml
index 6a00580..61c6479 100644
--- a/docs-xml/manpages-3/winbindd.8.xml
+++ b/docs-xml/manpages-3/winbindd.8.xml
@@ -53,7 +53,7 @@
<para> The Name Service Switch allows user
and system information to be obtained from different databases
services such as NIS or DNS. The exact behaviour can be configured
- throught the <filename>/etc/nsswitch.conf</filename> file.
+ through the <filename>/etc/nsswitch.conf</filename> file.
Users and groups are allocated as they are resolved to a range
of user and group ids specified by the administrator of the
Samba system.</para>
diff --git a/docs-xml/smbdotconf/browse/preferredmaster.xml b/docs-xml/smbdotconf/browse/preferredmaster.xml
index edddae8..9dcffb4 100644
--- a/docs-xml/smbdotconf/browse/preferredmaster.xml
+++ b/docs-xml/smbdotconf/browse/preferredmaster.xml
@@ -16,7 +16,7 @@
parameter is used in conjunction with <smbconfoption name="domain master">yes</smbconfoption>, so that
<command moreinfo="none">nmbd</command> can guarantee becoming a domain master.
</para>
-
+
<para>
Use this option with caution, because if there are several hosts (whether Samba servers, Windows 95 or NT)
that are preferred master browsers on the same subnet, they will each periodically and continuously attempt
diff --git a/docs-xml/smbdotconf/misc/widelinks.xml b/docs-xml/smbdotconf/misc/widelinks.xml
index fb707c1..1c30bb7 100644
--- a/docs-xml/smbdotconf/misc/widelinks.xml
+++ b/docs-xml/smbdotconf/misc/widelinks.xml
@@ -9,10 +9,15 @@
server are always allowed; this parameter controls access only
to areas that are outside the directory tree being exported.</para>
- <para>Note that setting this parameter can have a negative
- effect on your server performance due to the extra system calls
- that Samba has to do in order to perform the link checks.</para>
+ <para>Note: Turning this parameter on when UNIX extensions are enabled
+ will allow UNIX clients to create symbolic links on the share that
+ can point to files or directories outside restricted path exported
+ by the share definition. This can cause access to areas outside of
+ the share. Due to this problem, this parameter will be automatically
+ disabled (with a message in the log file) if the
+ <smbconfoption name="unix extensions"/> option is on.
+ </para>
</description>
-<value type="default">yes</value>
+<value type="default">no</value>
</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/largereadwrite.xml b/docs-xml/smbdotconf/protocol/largereadwrite.xml
index 12be741..0b4158d 100644
--- a/docs-xml/smbdotconf/protocol/largereadwrite.xml
+++ b/docs-xml/smbdotconf/protocol/largereadwrite.xml
@@ -7,7 +7,7 @@
<para>This parameter determines whether or not
<citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> supports the new 64k
- streaming read and write varient SMB requests introduced with
+ streaming read and write variant SMB requests introduced with
Windows 2000. Note that due to Windows 2000 client redirector bugs
this requires Samba to be running on a 64-bit capable operating
system such as IRIX, Solaris or a Linux 2.4 kernel. Can improve
diff --git a/docs-xml/smbdotconf/protocol/unixextensions.xml b/docs-xml/smbdotconf/protocol/unixextensions.xml
index da9ad10..d816648 100644
--- a/docs-xml/smbdotconf/protocol/unixextensions.xml
+++ b/docs-xml/smbdotconf/protocol/unixextensions.xml
@@ -10,6 +10,10 @@
by supporting features such as symbolic links, hard links, etc...
These extensions require a similarly enabled client, and are of
no current use to Windows clients.</para>
+ <para>
+ Note if this parameter is turned on, the <smbconfoption name="wide links"/>
+ parameter will automatically be disabled.
+ </para>
</description>
<value type="default">yes</value>
diff --git a/docs-xml/smbdotconf/winbind/winbindnormalizenames.xml b/docs-xml/smbdotconf/winbind/winbindnormalizenames.xml
index ba71686..3bcdeca 100644
--- a/docs-xml/smbdotconf/winbind/winbindnormalizenames.xml
+++ b/docs-xml/smbdotconf/winbind/winbindnormalizenames.xml
@@ -20,7 +20,7 @@
version. Please refer to the manpage for the configured
idmap and nss_info plugin for the specifics on how to configure
name aliasing for a specific configuration. Name aliasing takes
- precendence (and is mutually exclusive) over the whitespace
+ precedence (and is mutually exclusive) over the whitespace
replacement mechanism discussed previsouly.
</para>
diff --git a/source/VERSION b/source/VERSION
index 9b13830..29efdb3 100644
--- a/source/VERSION
+++ b/source/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=3
SAMBA_VERSION_MINOR=3
-SAMBA_VERSION_RELEASE=10
+SAMBA_VERSION_RELEASE=11
########################################################
# Bug fix releases use a letter for the patch revision #
diff --git a/source/include/proto.h b/source/include/proto.h
index 8dbab9a..8fdd454 100644
--- a/source/include/proto.h
+++ b/source/include/proto.h
@@ -6073,6 +6073,7 @@ void lp_set_posix_pathnames(void);
enum brl_flavour lp_posix_cifsu_locktype(files_struct *fsp);
void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val);
int lp_min_receive_file_size(void);
+void widelinks_warning(int snum);
/* The following definitions come from param/params.c */
diff --git a/source/include/smb.h b/source/include/smb.h
index 327f212..3825c63 100644
--- a/source/include/smb.h
+++ b/source/include/smb.h
@@ -1684,7 +1684,8 @@ minimum length == 18.
enum smbd_capability {
KERNEL_OPLOCK_CAPABILITY,
DMAPI_ACCESS_CAPABILITY,
- LEASE_CAPABILITY
+ LEASE_CAPABILITY,
+ KILL_CAPABILITY
};
/* if a kernel does support oplocks then a structure of the following
diff --git a/source/lib/system.c b/source/lib/system.c
index 36745b1..fd18928 100644
--- a/source/lib/system.c
+++ b/source/lib/system.c
@@ -705,6 +705,11 @@ int sys_chroot(const char *dname)
#if defined(HAVE_POSIX_CAPABILITIES)
+/* This define hasn't made it into the glibc capabilities header yet. */
+#ifndef SECURE_NO_SETUID_FIXUP
+#define SECURE_NO_SETUID_FIXUP 2
+#endif
+
/**************************************************************************
Try and abstract process capabilities (for systems that have them).
****************************************************************************/
@@ -735,6 +740,32 @@ static bool set_process_capability(enum smbd_capability capability,
}
#endif
+#if defined(HAVE_PRCTL) && defined(PR_SET_SECUREBITS) && defined(SECURE_NO_SETUID_FIXUP)
+ /* New way of setting capabilities as "sticky". */
+
+ /*
+ * Use PR_SET_SECUREBITS to prevent setresuid()
+ * atomically dropping effective capabilities on
+ * uid change. Only available in Linux kernels
+ * 2.6.26 and above.
+ *
+ * See here:
+ * http://www.kernel.org/doc/man-pages/online/pages/man7/capabilities.7.html
+ * for details.
+ *
+ * Specifically the CAP_KILL capability we need
+ * to allow Linux threads under different euids
+ * to send signals to each other.
+ */
+
+ if (prctl(PR_SET_SECUREBITS, 1 << SECURE_NO_SETUID_FIXUP)) {
+ DEBUG(0,("set_process_capability: "
+ "prctl PR_SET_SECUREBITS failed with error %s\n",
+ strerror(errno) ));
+ return false;
+ }
+#endif
+
cap = cap_get_proc();
if (cap == NULL) {
DEBUG(0,("set_process_capability: cap_get_proc failed: %s\n",
@@ -763,6 +794,11 @@ static bool set_process_capability(enum smbd_capability capability,
cap_vals[num_cap_vals++] = CAP_LEASE;
#endif
break;
+ case KILL_CAPABILITY:
+#ifdef CAP_KILL
+ cap_vals[num_cap_vals++] = CAP_KILL;
+#endif
+ break;
}
SMB_ASSERT(num_cap_vals <= ARRAY_SIZE(cap_vals));
@@ -772,16 +808,37 @@ static bool set_process_capability(enum smbd_capability capability,
return True;
}
- cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals,
- enable ? CAP_SET : CAP_CLEAR);
+ /*
+ * Ensure the capability is effective. We assume that as a root
+ * process it's always permitted.
+ */
+
+ if (cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals,
+ enable ? CAP_SET : CAP_CLEAR) == -1) {
+ DEBUG(0, ("set_process_capability: cap_set_flag effective "
+ "failed (%d): %s\n",
+ (int)capability,
+ strerror(errno)));
+ cap_free(cap);
+ return false;
+ }
/* We never want to pass capabilities down to our children, so make
* sure they are not inherited.
*/
- cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals, cap_vals, CAP_CLEAR);
+ if (cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals,
+ cap_vals, CAP_CLEAR) == -1) {
+ DEBUG(0, ("set_process_capability: cap_set_flag inheritable "
+ "failed (%d): %s\n",
+ (int)capability,
+ strerror(errno)));
+ cap_free(cap);
+ return false;
+ }
if (cap_set_proc(cap) == -1) {
- DEBUG(0, ("set_process_capability: cap_set_proc failed: %s\n",
+ DEBUG(0, ("set_process_capability: cap_set_flag (%d) failed: %s\n",
+ (int)capability,
strerror(errno)));
cap_free(cap);
return False;
diff --git a/source/libsmb/clirap.c b/source/libsmb/clirap.c
index 61e2fb7..ea9e439 100644
--- a/source/libsmb/clirap.c
+++ b/source/libsmb/clirap.c
@@ -270,11 +270,9 @@ bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
p = param;
SIVAL(p,0,func); /* api number */
p += 2;
- /* Next time through we need to use the continue api */
- func = RAP_NetServerEnum3;
- if (last_entry) {
- strlcpy(p,"WrLehDOz", sizeof(param)-PTR_DIFF(p,param));
+ if (func == RAP_NetServerEnum3) {
+ strlcpy(p,"WrLehDzz", sizeof(param)-PTR_DIFF(p,param));
} else {
strlcpy(p,"WrLehDz", sizeof(param)-PTR_DIFF(p,param));
}
@@ -293,7 +291,7 @@ bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
* to continue from.
*/
len = push_ascii(p,
- last_entry ? last_entry : workgroup,
+ workgroup,
sizeof(param) - PTR_DIFF(p,param) - 1,
STR_TERMINATE|STR_UPPER);
@@ -303,6 +301,22 @@ bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
}
p += len;
+ if (func == RAP_NetServerEnum3) {
+ len = push_ascii(p,
+ last_entry ? last_entry : "",
+ sizeof(param) - PTR_DIFF(p,param) - 1,
+ STR_TERMINATE);
+
+ if (len == (size_t)-1) {
+ SAFE_FREE(last_entry);
+ return false;
+ }
+ p += len;
+ }
+
+ /* Next time through we need to use the continue api */
+ func = RAP_NetServerEnum3;
+
if (!cli_api(cli,
param, PTR_DIFF(p,param), 8, /* params, length, max */
NULL, 0, CLI_BUFFER_SIZE, /* data, length, max */
@@ -364,6 +378,7 @@ bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
const char *p1;
char *s1, *s2;
TALLOC_CTX *frame = talloc_stackframe();
+ uint32_t entry_stype;
if (p + 26 > rdata_end) {
TALLOC_FREE(frame);
@@ -374,7 +389,7 @@ bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
comment_offset = (IVAL(p,22) & 0xFFFF)-converter;
cmnt = comment_offset?(rdata+comment_offset):"";
- if (comment_offset < 0 || comment_offset > (int)rdrcnt) {
+ if (comment_offset < 0 || comment_offset >= (int)rdrcnt) {
TALLOC_FREE(frame);
continue;
}
@@ -387,7 +402,7 @@ bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
len++;
}
- stype = IVAL(p,18) & ~SV_TYPE_LOCAL_LIST_ONLY;
+ entry_stype = IVAL(p,18) & ~SV_TYPE_LOCAL_LIST_ONLY;
pull_string_talloc(frame,rdata,0,
&s1,sname,16,STR_ASCII);
@@ -399,7 +414,7 @@ bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
continue;
}
- fn(s1, stype, s2, state);
+ fn(s1, entry_stype, s2, state);
TALLOC_FREE(frame);
}
diff --git a/source/libsmb/libsmb_context.c b/source/libsmb/libsmb_context.c
index 8e0aa1e..fb14c26 100644
--- a/source/libsmb/libsmb_context.c
+++ b/source/libsmb/libsmb_context.c
@@ -192,13 +192,8 @@ smbc_free_context(SMBCCTX *context,
}
/* Things we have to clean up */
- free(smbc_getWorkgroup(context));
smbc_setWorkgroup(context, NULL);
-
- free(smbc_getNetbiosName(context));
smbc_setNetbiosName(context, NULL);
-
- free(smbc_getUser(context));
smbc_setUser(context, NULL);
DEBUG(3, ("Context %p successfully freed\n", context));
@@ -423,7 +418,6 @@ SMBCCTX *
smbc_init_context(SMBCCTX *context)
{
int pid;
- char *user = NULL;
char *home = NULL;
if (!context) {
@@ -532,7 +526,7 @@ smbc_init_context(SMBCCTX *context)
/*
* FIXME: Is this the best way to get the user info?
*/
- user = getenv("USER");
+ char *user = getenv("USER");
/* walk around as "guest" if no username can be found */
if (!user) {
user = SMB_STRDUP("guest");
@@ -546,6 +540,12 @@ smbc_init_context(SMBCCTX *context)
}
smbc_setUser(context, user);
+ SAFE_FREE(user);
+
+ if (!smbc_getUser(context)) {
+ errno = ENOMEM;
+ return NULL;
+ }
}
if (!smbc_getNetbiosName(context)) {
@@ -578,6 +578,12 @@ smbc_init_context(SMBCCTX *context)
}
smbc_setNetbiosName(context, netbios_name);
--
Samba Shared Repository
More information about the samba-cvs
mailing list