[SCM] Samba Shared Repository - branch v3-5-stable updated
Karolin Seeger
kseeger at samba.org
Sun Jul 1 23:16:14 MDT 2012
The branch, v3-5-stable has been updated
via 5e47111 WHATSNEW: Prepare release notes for Samba 3.5.16.
via 6e3863b s3-winbindd Only use SamLogonEx when we can get unencrypted session keys
via 2f22366 v3-6-test: Further fix for bug 8338
via bbaf9ec Fix bug 8314] - smbd crash with unknown user.
via 5c0531e docs-xml: fix default name resolve order (fix bug #7564)
via 96bf61a s3: fix build on HP-UX
via 58ab75f s3-vfs_gpfs: Fix bug #9003, posix acl on gpfs
via a50fae4 Fix bug #8974 - Kernel oplocks are broken when uid(file) != uid(process).
via 7613be7 s3: Correct documentation of case sensitive
via efa2050 Same fix as bug 8989 - Samba 3.5.x (and probably all other versions of Samba) does not send correct responses to NT Transact Secondary when no data and no params
via e296914 Fix Bug 8989 - Samba 3.5.x (and probably all other versions of Samba) does not send correct responses to NT Transact Secondary when no data and no params
via 7172d1f s3: Fix a winbind race leading to 100% CPU
via 45ce22b Fix for bug #8998 - Notify code can miss a ChDir. (cherry picked from commit dfa5366a6ee418d6292c1832520c0c1bd974af49)
via 4432e8b Fix bug #8994 - winbind normalize names.
via a72ea5e Fix bug #8972 - Directory group write permission bit is set if unix extensions are enabled
via 8a4df6f s3-winbindd: call dump_core_setup after command line option has been parsed
via 7046a1e s3: Fix uninitialized memory read in talloc_free()
via 427c973 Fix bug #8970 - Possible memory leaks in the samba master process.
via eac9d9b Fix bug #8882 - Broken processing of %U with vfs_full_audit when force user is set.
via 3239ce4 s3-utils: Use ads_do_search_retry in net ads search
via 179a71f s3-libads: Use a reducing page size to try and cope with a slow LDAP server
via d63a8bd s3-winbindd: Always map the LDAP error code to an NTSTATUS
via 7f0abf6 s3-libads: Map LDAP_TIMELIMIT_EXCEEDED as NT_STATUS_IO_TIMEOUT
via e4d9909 Fix the loop unrolling inside resolve_ads().
via f7cbb02 Protect all of the name resolution methods from returning null addrs. Ensure all returns go through remove_duplicate_addrs2(). (cherry picked from commit 6d5aae1d9680657c7021af2974db9b0dc2336f13)
via 1896cf4 Fix convert_ss2service() to filter out zero addresses. (cherry picked from commit 3226be5b5ab771c8cdf98588c40713d36eae4702)
via 6d200f4 Fix remove_duplicate_addrs2 to do exactly what it says. Previously it could leave zero addresses in the list. (cherry picked from commit 8e9db61b447d22bad84a8c9ae450a71d9c3e6d58)
via fd3ad53 Fix bug #8957 - Typo in pam_winbindd code MUST fix. (cherry picked from commit ee4ef9a535a2d9db11bd94987fb96ae8f8771e79) (cherry picked from commit 991f83fed8f49fe4c6b4f47bd63b8064d57d811f)
via b6623ac s3-pam_winbind: Fix the build.
via 7e7418c Fix pam_winbind build against newer iniparser library.
via 309bdf4 s3-docs: Fix bug #7930.
via 13f7e96 s3-VFS: Fix building out-of-tree modules.
via 6df440d s3-docs: overrided -> overridden
via b050000 s3/ldap: remove outdated netscape ds 5 schema file
via c49c62c Fix bug #8831 - Inconsistent (with manpage) command-line switch for "help" in smbtree
via da87aaf Fix bug #8897 - winbind_krb5_locator only returns one IP address.
from f28fea9 WHATSNEW: Start release notes for 3.5.16.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-stable
- Log -----------------------------------------------------------------
commit 5e47111901a3fcaf18cb03e4bc6e77a395807343
Author: Karolin Seeger <kseeger at samba.org>
Date: Sat Jun 30 21:45:53 2012 +0200
WHATSNEW: Prepare release notes for Samba 3.5.16.
Karolin
(cherry picked from commit b1a6698ec7a6fc661e8ff9876dfbdf740f33ae2d)
commit 6e3863bcf179a72f1217d85af55a52b60cf1ba4f
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Dec 15 09:57:56 2011 +1100
s3-winbindd Only use SamLogonEx when we can get unencrypted session keys
This ensures that we have some check on the session keys being returned
as the RC4 cipher is not checksumed.
The check comes from the fact that the credentials chain is tied to
the netlgon session key, and so if the credentials check passes then
the netlogon session key will be correct, and so the user session key
will be correctly decrypted.
Andrew Bartlett
Signed-off-by: Matthieu Patou <mat at matws.net>
s3: If we can't do validation 6 or sam_logon_ex use sam_logon only
(cherry picked from commit c119cd8868fc7e2eb08b09f7092519007fd83bf6)
commit 2f2236661c0353f6dc1aedf70eb99c9c2be202b5
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 20 22:45:52 2011 +0200
v3-6-test: Further fix for bug 8338
OS/X can not deal with a 10-vwv read on normal files.
Autobuild-User: Volker Lendecke <vlendec at samba.org>
Autobuild-Date: Wed Sep 21 00:51:08 CEST 2011 on sn-devel-104
(cherry picked from commit 81703ab7528055bbae8306d2c9a8314316107f85)
commit bbaf9ec54dc80c742a6327d0b037af297a62ef8e
Author: Jeremy Allison <jra at samba.org>
Date: Fri Jul 22 16:40:54 2011 -0700
Fix bug 8314] - smbd crash with unknown user.
All other auth modules code with being called with
auth_method->private_data being NULL, make the auth_server
module cope with this too.
Autobuild-User: Jeremy Allison <jra at samba.org>
Autobuild-Date: Sat Jul 23 02:55:01 CEST 2011 on sn-devel-104
(cherry picked from commit 1832c9591099be941ef3afe7b0381c4af61f4728)
(cherry picked from commit c352832e2fadf1207cadef525bf21068f1d1ee1b)
commit 5c0531e2b84f6f401746493e0f4c36ab4eb03079
Author: Björn Baumbach <bb at sernet.de>
Date: Wed Apr 4 16:58:24 2012 +0200
docs-xml: fix default name resolve order (fix bug #7564)
Autobuild-User: Volker Lendecke <vl at samba.org>
Autobuild-Date: Fri Apr 6 09:54:37 CEST 2012 on sn-devel-104
(cherry picked from commit 189b3d9b24bf553ff7096397c389f20ba99e0dfa)
(cherry picked from commit ad6d51892597336aa162452f3944393fa5afa7c4)
(cherry picked from commit 5118001d493061a4a3ec757332f0bff5c1e056d4)
commit 96bf61ac6075bda4fbaac91a964ac5ac119a0dbf
Author: Björn Jacke <bj at sernet.de>
Date: Thu Jun 10 17:19:16 2010 +0200
s3: fix build on HP-UX
this struct member h_errno is not used in the HP-UX code paths, it was just
there because Solaris has it, too. As h_errno is a function call macro on HP-UX
when thread support is enabled we run into trouble here. Just commenting it out
should be okay as we don't use it anyway.
(cherry picked from commit ec94efb79d4516b09c7d1d93a4ff8ce0f7046f41)
Fix bug #9011 - Build on HP-UX broken.
(cherry picked from commit 9658d8e13dc045a338a7b1496a6cc3ce5ed0e704)
commit 58ab75f7beaf54722bb45d9f4fcbdd5118e9230b
Author: Volker Lendecke <vl at samba.org>
Date: Fri Jun 22 15:46:13 2012 +0200
s3-vfs_gpfs: Fix bug #9003, posix acl on gpfs
gpfs2smb_acl can leave errno!=0 around even if it returned a correct
result!=NULL. We can only rely on errno being set if another error
condition (in this case result==NULL) indicates an error. If
result!=NULL, errno is undefined and can be anything. This leads to
SAFE_FREE(result) further down even in the success case.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Jun 22 19:27:39 CEST 2012 on sn-devel-104
(cherry picked from commit e7b58146d8576ae8bf4eaf2ec1063fe7697e05b8)
(cherry picked from commit bea2d3d007cef5643e863d2d4a80f0ea72461ec3)
(cherry picked from commit 6fa785d9b2379138bff759266a1545bf0240f092)
commit a50fae46f3c7ab39adba9b4633dd483e6273f915
Author: Jeremy Allison <jra at samba.org>
Date: Wed Jun 20 15:50:00 2012 -0700
Fix bug #8974 - Kernel oplocks are broken when uid(file) != uid(process).
Based on a fix from "Etienne Dechamps " <e-t172 at akegroup.org>
(cherry picked from commit 0e2fb6c69e971c7502fabe17fa71d1453dda18a6)
(cherry picked from commit 92b1d6b93571facbb07b7d32f169ba32ef6f8e1f)
commit 7613be78c421d2707d9c35ded429888a8c2b27d7
Author: Olaf Flebbe <o.flebbe at science-computing.de>
Date: Fri Oct 28 09:59:07 2011 +0200
s3: Correct documentation of case sensitive
this fixes bug #8552
Autobuild-User(master): Björn Jacke <bj at sernet.de>
Autobuild-Date(master): Fri Jun 22 21:59:59 CEST 2012 on sn-devel-104
(cherry picked from commit 8558e321c5fc7eab94f47b243024e0439dfe1378)
(cherry picked from commit 1f19c2de580b04fe9e3038c879c80d8a54ce828f)
(cherry picked from commit fad706e7a7c47d4f0a0933daf5769abfda1f5c49)
commit efa20500fbdcfa501ae6ce3cbdbdc2672e10254a
Author: Jeremy Allison <jra at samba.org>
Date: Mon Jun 18 16:24:12 2012 -0700
Same fix as bug 8989 - Samba 3.5.x (and probably all other versions of Samba) does not send correct responses to NT Transact Secondary when no data and no params
for the Trans2 calls. See MS-CIFS 2.2.4.47.2 for details.
(cherry picked from commit d5c01dc502e02cde12abc939afd48519d38c09a9)
(cherry picked from commit 8243fb8dbeed34e1a9a61d44c48d82321eebe7ab)
commit e296914f42d2fea9d34851b3b6af5edc45d165c2
Author: Jeremy Allison <jra at samba.org>
Date: Mon Jun 18 16:23:13 2012 -0700
Fix Bug 8989 - Samba 3.5.x (and probably all other versions of Samba) does not send correct responses to NT Transact Secondary when no data and no params
Found by Richard Sharpe <realrichardsharpe at gmail.com>. The correct
command code in a reply to NT Transact Secondary (0xa1) is
NT Transact (0xa0).
(cherry picked from commit 115f5af9a89a20929f02578c08a34ae2736951dd)
(cherry picked from commit e46f24296158ca48ac450b013cce39dd6ea91b42)
commit 7172d1f74e94a5ed4df1aa9ace03a4a711cc3e39
Author: Volker Lendecke <vl at samba.org>
Date: Fri Aug 26 16:54:18 2011 +0200
s3: Fix a winbind race leading to 100% CPU
This fixes a race condition that leads to the winbindd_children list becoming
corrupted. It happens when on a busy winbind SIGCHLD is a bit late.
Imagine a winbind with multiple requests in the queue for a single child. Child
dies, and before the SIGCHLD handler is called we find the socket to be dead.
wb_child_request_done is called, receiving an error from wb_simple_trans_recv.
It closes the socket. Then immediately the wb_child_request_trigger will do
another fork_domain_child before the signal handler is called. This means that
we do another fork_domain_child, we have child->sock==-1 at this point.
fork_domain_child will do a DLIST_ADD(winbindd_children, child) a second time
where the child is already part of that list. This corrupts the list. Then the
signal handler kicks in, spinning in
for (child = winbindd_children; child != NULL; child = child->next) {
forever. Not good. This patch makes sure that both conditions (sock==-1 and not
part of the list) for a winbindd_child struct match up.
Autobuild-User: Volker Lendecke <vlendec at samba.org>
Autobuild-Date: Fri Aug 26 18:51:24 CEST 2011 on sn-devel-104
Fix bug #9000 - winbindd hangs when disconnect domain connection.
(cherry picked from commit 41c2411286f76919546b677f98f1166f1e40c706)
commit 45ce22b9ffb43ea555c263f119e6587f5ede3e56
Author: Volker Lendecke <Volker.Lendecke at SerNet.DE>
Date: Thu Jun 14 12:07:33 2012 -0700
Fix for bug #8998 - Notify code can miss a ChDir.
(cherry picked from commit dfa5366a6ee418d6292c1832520c0c1bd974af49)
commit 4432e8ba8542c3a47ddb83d232a755f0961194ab
Author: Jeremy Allison <jra at samba.org>
Date: Thu Jul 29 13:47:27 2010 -0700
Fix bug #8994 - winbind normalize names.
We should be using the winbindd separator in this case, not hardcoding a \\ value.
Jeremy.
(cherry picked from commit b7f029016a6a3fb98652c65f27ae80ad78048396)
Signed-off-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit c615d8e8e037996a9dd8d5a1982cf49d7c19a831)
commit a72ea5e34b6b325e7eb9736d9f9ae07e7b299ba8
Author: Jeremy Allison <jra at samba.org>
Date: Wed Jun 13 10:48:32 2012 -0700
Fix bug #8972 - Directory group write permission bit is set if unix extensions are enabled
We can't manipulate file_attributes if it's a posix call.
(cherry picked from commit bb750d7232bd266c06a14ac3ea577aeecfb81b14)
(cherry picked from commit fe7d9d85102613346a1365929f4545e43f412ab8)
commit 8a4df6f36f2af39b54b9f5b9c98428eea064d460
Author: Matthieu Patou <mat at matws.net>
Date: Fri Jun 1 15:33:04 2012 -0700
s3-winbindd: call dump_core_setup after command line option has been parsed
Without this fix in some situations winbindd can't coredump.
Such cases append when samba is compiled in a custom prefix (ie.
/home/build/mat/prod/1/) in this case get_dyn_LOGFILEBASE or basename(lp_logfile)
before the configuration file and the command line is parsed will be something like /home/build/mat/prod/1/var
which might not exists on the host where you run it (where it's most
probably more "normal" directories).
Specifying --log-basename didn't help as dump_core_setup is called before the command line and
the config file is read so it didn't help getting a correct value in dump_core_setup.
We fix this issue by calling dump_core_setup() also after the command
line has been read and also after the configfile has been parsed so that
the final location for the coredump is coherent with the final logile
location.
Fix bug #8975 (winbindd can't coredump).
(cherry picked from commit 4cf3fb815610c6f0939f8b142296cd836faac7e6)
(cherry picked from commit 529333322fb373ad23a0ce9034bf9630cdb17765)
commit 7046a1e4f9a51003030ae60f3e8400d0222ddc45
Author: Volker Lendecke <vl at samba.org>
Date: Mon Jun 4 12:22:21 2012 -0700
s3: Fix uninitialized memory read in talloc_free()
Thanks to laurent gaffie <laurent.gaffie at gmail.com> for reporting
this issue!
(cherry picked from commit bc4a2c143b531f9362acb8f3d6e099cbac070840)
commit 427c9737e3bfbeb1ac87aad50f13c2e44f4a3ffb
Author: Richard Sharpe <realrichardsharpe at gmail.com>
Date: Thu May 31 15:43:14 2012 -0700
Fix bug #8970 - Possible memory leaks in the samba master process.
Signed-off-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit d853bc02c32a4c1172bf5f3f64c75db5ecc5ccca)
commit eac9d9b5e6c85866768a5455326aa9a6e3afcf9d
Author: Jeremy Allison <jra at samba.org>
Date: Mon Apr 23 16:19:50 2012 -0700
Fix bug #8882 - Broken processing of %U with vfs_full_audit when force user is set.
When doing a "force user" we need to remember what the "sanitized_username"
was from the original connect.
(cherry picked from commit 0529cf9d039d0ae449f4b167952b42b2039238be)
commit 3239ce4b352c25c5c29c8158b6ebb2ef635c3565
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri May 18 22:02:57 2012 +1000
s3-utils: Use ads_do_search_retry in net ads search
This makes it possible to search against a slow server, as will
fallback from 1000 to (eventually) 125 users at a time.
Andrew Bartlett
The last 4 patches addres bug #8943 (Slow but responsive DC can lock up winbindd
for > 10 minutes at a time).
(cherry picked from commit 76c570fe6be4d6b5b254ec3264a97cb13864a6df)
commit 179a71f78748c52aca73280cc35e2580d7f75416
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri May 18 22:01:14 2012 +1000
s3-libads: Use a reducing page size to try and cope with a slow LDAP server
If we cannot get 1000 users downloaded in 15seconds, try with 500, 250
and then 125 users at a time.
Andrew Bartlett
(cherry picked from commit 8572ce0e5ff17bfe0df2823078119be9182a0378)
commit d63a8bd52709835ea063b8f0230f973540965397
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri May 18 17:40:59 2012 +1000
s3-winbindd: Always map the LDAP error code to an NTSTATUS
We do this so that we catch LDAP_TIMELIMIT_EXCEEDED as NT_STATUS_IO_TIMEOUT, which
has special handling in winbindd_cache.c
Andrew Bartlett
(cherry picked from commit 5daa8d2f7fa7d15ac6d6b0238e299f69c70be024)
commit 7f0abf6b9dbe684775c428b99ef12014d5050fec
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri May 18 17:38:48 2012 +1000
s3-libads: Map LDAP_TIMELIMIT_EXCEEDED as NT_STATUS_IO_TIMEOUT
This allows Samba to then handle this error in the same way it would for RPC connections
Andrew Bartlett
(cherry picked from commit d113c69edb57c7a3d72e3ab122cec44858a5313e)
commit e4d9909be5f7c8c022d2ee22d3259a6b412d4fc9
Author: Jeremy Allison <jra at samba.org>
Date: Mon Apr 30 16:32:51 2012 -0700
Fix the loop unrolling inside resolve_ads().
If we don't get an IP list don't use interpret_string_addr(), as this only returns one address, use interpret_string_addr_internal() instead.
The last 4 patches address bug #8910 (resolve_ads() code can return zero
addresses and miss valid DC IP addresses).
(cherry picked from commit b9d3f8258396873d6ec8b6ea9ad066e2f1f8e973)
commit f7cbb0289c81fb73422c424f8dcffc5890be5204
Author: Jeremy Allison <jra at samba.org>
Date: Mon Apr 30 16:29:19 2012 -0700
Protect all of the name resolution methods from returning null addrs. Ensure all returns go through remove_duplicate_addrs2().
(cherry picked from commit 6d5aae1d9680657c7021af2974db9b0dc2336f13)
commit 1896cf4b8bf46436130750f32ebb5d2eecb881d6
Author: Jeremy Allison <jra at samba.org>
Date: Mon Apr 30 16:24:27 2012 -0700
Fix convert_ss2service() to filter out zero addresses.
(cherry picked from commit 3226be5b5ab771c8cdf98588c40713d36eae4702)
commit 6d200f4342ce074bbf66ae4e247fcadb95620cf7
Author: Jeremy Allison <jra at samba.org>
Date: Mon Apr 30 16:16:39 2012 -0700
Fix remove_duplicate_addrs2 to do exactly what it says. Previously it could leave zero addresses in the list.
(cherry picked from commit 8e9db61b447d22bad84a8c9ae450a71d9c3e6d58)
commit fd3ad537976f2633a6e91dcc2a596c12e7b5f400
Author: Jeremy Allison <jra at samba.org>
Date: Fri May 25 17:19:29 2012 -0700
Fix bug #8957 - Typo in pam_winbindd code MUST fix.
(cherry picked from commit ee4ef9a535a2d9db11bd94987fb96ae8f8771e79)
(cherry picked from commit 991f83fed8f49fe4c6b4f47bd63b8064d57d811f)
commit b6623acc011f8d33f184647c2846c1abac9b8b92
Author: Jeremy Allison <jra at samba.org>
Date: Thu May 10 09:53:57 2012 +0200
s3-pam_winbind: Fix the build.
Jeremy
Part of a fix for bug #8915 (Samba fails to build with iniparser-3.0.0 and
iniparser-3.1.0).
(cherry picked from commit 00c901a5be83bfe4c70eccbe7fa2a35d3d2a368d)
(cherry picked from commit 19fc7d6733a61417477dcc4b53a24a0c1bc40187)
commit 7e7418c44299d7d5ddef44ff16eb6a990ca0a07c
Author: Simo Sorce <idra at samba.org>
Date: Wed May 9 13:55:41 2012 +0200
Fix pam_winbind build against newer iniparser library.
iniparser_getstr is deprecated and has been removed in newer libraries
available in Fedora. Use iniparse_getstring instead.
Autobuild-User: Simo Sorce <idra at samba.org>
Autobuild-Date: Tue Apr 24 02:56:10 CEST 2012 on sn-devel-104
Based on commit adbace20a24b6ae4fbd6d17b7153833f4ac8c88d in master.
(cherry picked from commit e295905f2840b5e814f88cd483b7f5f0fb3b4150)
(cherry picked from commit 76dcbb84e3fa13959df5931d21051695327c29f4)
commit 309bdf4c77224187e63324b8759fea9a28421494
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue May 8 16:33:07 2012 +0200
s3-docs: Fix bug #7930.
Add hint that setting "profile acls = yes" on normal shares can cause trouble.
Karolin
Autobuild-User: Karolin Seeger <kseeger at samba.org>
Autobuild-Date: Tue May 8 18:47:59 CEST 2012 on sn-devel-104
(cherry picked from commit 4cc04a29247a0c4b3de9884890364a5712534073)
(cherry picked from commit 5efc31595beae5ec661d0bf6d001bcfbf59bc446)
(cherry picked from commit f5d942840bd5e2d728cbf7e4ab4d9dae25cb3323)
commit 13f7e96e1b09f45394ef1709cd0cb2215bf8afde
Author: Richard Sharpe <realrichardsharpe at gmail.com>
Date: Tue May 8 14:53:10 2012 +0200
s3-VFS: Fix building out-of-tree modules.
Fix bug #8822 (VFS module init function name has to be manually changed
depending on build environment).
(cherry picked from commit d2f4164e3db2c341ff3a1b35a68f691848c9a859)
(cherry picked from commit ca9538bcd8ac153ab7d9bc21dab01d702d13c554)
commit 6df440dd113d492d5f18221c06c6a3193d056bfb
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue May 8 11:05:37 2012 +0200
s3-docs: overrided -> overridden
Fix typo. Part of a fix for bug #7938. Based on a patch provided by John
Bradshaw <john at johnbradshaw.org>.
(cherry picked from commit 6b4890246ddbd606484e7247bea86c238cc0a057)
(cherry picked from commit 8b266d110d77b2204a29c00f7f57e62fe801cbfc)
commit b050000ccf22cc54cbc7c097a2b7014364e08640
Author: Björn Jacke <bj at sernet.de>
Date: Tue May 8 14:23:33 2012 +0200
s3/ldap: remove outdated netscape ds 5 schema file
remove outdated netscape ds 5 schema file and put a README there pointing to
the FDS schema file instead. This fixes bug #8869
(commit b31f773ae1640313dc1ba86b334e9bbb9cb31bd6 in master)
(commit 9fd8692a9d066f4e469eb0668ae1f0c8b2c8db6c in v3-6-test)
(cherry picked from commit 353d7436468247ad20c006480a134caaccf0228c)
commit c49c62c124b5877a4545be134b3af2cd4151be06
Author: Jeremy Allison <jra at samba.org>
Date: Fri Mar 30 12:23:07 2012 -0700
Fix bug #8831 - Inconsistent (with manpage) command-line switch for "help" in smbtree
Autobuild-User: Jeremy Allison <jra at samba.org>
Autobuild-Date: Fri Mar 30 22:59:53 CEST 2012 on sn-devel-104
(cherry picked from commit efd94d159883cb0841d8ac83223a1e63098a8d72)
(cherry picked from commit 815ba9db6f9ae405c6e8a590ee96a31cf30ba481)
(cherry picked from commit 6692bd5944bcc060453a8ae3424cef71b47d37f4)
commit da87aafb09ab682a9d1329fafbaeb7492d17e815
Author: Jeremy Allison <jra at samba.org>
Date: Wed Apr 25 15:17:09 2012 -0700
Fix bug #8897 - winbind_krb5_locator only returns one IP address.
Reported by Dina_Fine at Dell.com.
Don't ask the DC for an IP list when locating kdc's. Ask for the
name and use getaddrinfo to get all possible addresses instead.
(cherry picked from commit 56b0ec0e91f9af0eb6c109fc1cc300ad5fee3fe6)
(cherry picked from commit cf39e013930d29574826f6ad3a259fe47203c000)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 72 ++++++++-
docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml | 2 +-
docs-xml/build/DTD/samba.entities | 2 +-
docs-xml/smbdotconf/filename/casesensitive.xml | 2 +-
docs-xml/smbdotconf/protocol/nameresolveorder.xml | 2 +-
docs-xml/smbdotconf/protocol/profileacls.xml | 8 +-
examples/LDAP/samba-schema-netscapeds5.x | 67 --------
examples/LDAP/samba-schema-netscapeds5.x.README | 2 +
examples/VFS/Makefile.in | 2 +-
nsswitch/pam_winbind.c | 8 +-
nsswitch/winbind_krb5_locator.c | 35 ++--
nsswitch/winbind_nss_hpux.h | 7 +-
source3/auth/auth_server.c | 15 ++-
source3/include/ads.h | 1 +
source3/include/proto.h | 6 +-
source3/lib/debug.c | 13 +-
source3/libads/ads_status.c | 3 +
source3/libads/ads_struct.c | 4 +
source3/libads/ldap.c | 4 +-
source3/libads/ldap_utils.c | 7 +
source3/libsmb/clireadwrite.c | 13 +-
source3/libsmb/clispnego.c | 3 +
source3/libsmb/namequery.c | 189 ++++++++++++++-------
source3/modules/vfs_default.c | 5 -
source3/modules/vfs_gpfs.c | 4 +-
source3/nmbd/nmbd.c | 3 +-
source3/param/loadparm.c | 12 +-
source3/smbd/notify.c | 55 +++++--
source3/smbd/nttrans.c | 11 +-
source3/smbd/open.c | 6 +-
source3/smbd/oplock_linux.c | 13 ++
source3/smbd/server.c | 1 +
source3/smbd/service.c | 8 +
source3/smbd/trans2.c | 15 +-
source3/utils/net_ads.c | 2 +-
source3/winbindd/winbindd.c | 17 ++-
source3/winbindd/winbindd_ads.c | 28 +++-
source3/winbindd/winbindd_dual.c | 5 +-
source3/winbindd/winbindd_pam.c | 8 +-
39 files changed, 431 insertions(+), 229 deletions(-)
delete mode 100644 examples/LDAP/samba-schema-netscapeds5.x
create mode 100644 examples/LDAP/samba-schema-netscapeds5.x.README
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 3e8711d..1e2ff06 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,6 +1,6 @@
==============================
Release Notes for Samba 3.5.16
- , 2012
+ July 2, 2012
==============================
@@ -8,13 +8,79 @@ This is the latest stable release of Samba 3.5.
Major enhancements in Samba 3.5.16 include:
-o
+o Fix possible memory leaks in the Samba master process (bug #8970).
+o Fix uninitialized memory read in talloc_free().
+o Fix smbd crash with unknown user (bug #8314).
+
Changes since 3.5.15:
---------------------
-
o Jeremy Allison <jra at samba.org>
+ * BUG 8314: Fix smbd crash with unknown user.
+ * BUG 8831: Fix inconsistent (with manpage) command-line switch for "help"
+ in smbtree.
+ * BUG 8882: Fix processing of %U with vfs_full_audit when "force user"
+ is set.
+ * BUG 8897: winbind_krb5_locator only returns one IP address.
+ * BUG 8910: resolve_ads() code can return zero addresses and miss valid DC
+ IP addresses.
+ * BUG 8957: Fix typo in pam_winbindd code.
+ * BUG 8972: Directory group write permission bit is set if unix extensions
+ are enabled.
+ * BUG 8974: Kernel oplocks are broken when uid(file) != uid(process).
+ * BUG 8989: Send correct responses to NT Transact Secondary when no data and
+ no params.
+ * BUG 8994: Fix "winbind normalize names".
+
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 8599: Only use SamLogonEx when we can get unencrypted session keys.
+ * BUG 8943: Slow but responsive DC can lock up winbindd for > 10 minutes
+ at a time.
+
+
+o Björn Baumbach <bb at sernet.de>
+ * BUG 7564: Fix default name resolve order in the manpage.
+
+
+o John Bradshaw <john at johnbradshaw.org>
+ * BUG 7938: Fix typo (overrided -> overridden) in Samba3-HOWTO.
+
+
+o Olaf Flebbe <o.flebbe at science-computing.de>
+ * BUG 8552: Correct documentation of "case sensitive".
+
+
+o Björn Jacke <bj at sernet.de>
+ * BUG 8869: Remove outdated netscape ds 5 schema file.
+ * BUG 9011: Fix build on HP-UX.
+
+
+o Volker Lendecke <vl at samba.org>
+ * Fix uninitialized memory read in talloc_free().
+ * BUG 8338: OS/X can not deal with a 10-vwv read on normal files.
+ * BUG 8998: Notify code can miss a ChDir.
+ * BUG 9000: Fix a Winbind race leading to 100% CPU.
+ * BUG 9003: Fix posix acl on gpfs.
+
+
+o Matthieu Patou <mat at matws.net>
+ * BUG 8975: Make sure that Winbind can coredump.
+
+
+o Karolin Seeger <kseeger at samba.org>
+ * BUG 7930: Add hint that setting "profile acls = yes" on normal shares can
+ cause trouble.
+
+
+o Richard Sharpe <realrichardsharpe at gmail.com>
+ * BUG 8822: Fix building out-of-tree vfs modules.
+ * BUG 8970: Fix possible memory leaks in the Samba master process.
+
+
+o Simo Sorce <idra at samba.org>
+ * BUG 8915: Fix pam_winbind build against newer iniparser library.
######################################################################
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml b/docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml
index ea68594..a97ffbf 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml
@@ -1380,7 +1380,7 @@ mystic:/home/hannibal > rm filename
Samba has to deal with the complicated matter of handling the challenge of the Windows
ACL that implements <emphasis>inheritance</emphasis>, a concept not anticipated by POSIX
ACLs as implemented in UNIX file systems. Samba provides support for <emphasis>masks</emphasis>
- that permit normal ugo and ACLs functionality to be overrided. This further complicates
+ that permit normal ugo and ACLs functionality to be overridden. This further complicates
the way in which Windows ACLs must be implemented.
</para>
diff --git a/docs-xml/build/DTD/samba.entities b/docs-xml/build/DTD/samba.entities
index d204156..f5d8cd2 100644
--- a/docs-xml/build/DTD/samba.entities
+++ b/docs-xml/build/DTD/samba.entities
@@ -440,7 +440,7 @@ Try to use the credentials cached by winbind.
<!ENTITY stdarg.help '
<varlistentry>
-<term>-h|--help</term>
+<term>-?|--help</term>
<listitem><para>Print a summary of command line options.
</para></listitem>
</varlistentry>'>
diff --git a/docs-xml/smbdotconf/filename/casesensitive.xml b/docs-xml/smbdotconf/filename/casesensitive.xml
index ed77050..e90f468 100644
--- a/docs-xml/smbdotconf/filename/casesensitive.xml
+++ b/docs-xml/smbdotconf/filename/casesensitive.xml
@@ -8,5 +8,5 @@
<para>See the discussion in the section <smbconfoption name="name mangling"/>.</para>
</description>
-<value type="default">no</value>
+<value type="default">auto</value>
</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/nameresolveorder.xml b/docs-xml/smbdotconf/protocol/nameresolveorder.xml
index 9b1ad07..662c3fb 100644
--- a/docs-xml/smbdotconf/protocol/nameresolveorder.xml
+++ b/docs-xml/smbdotconf/protocol/nameresolveorder.xml
@@ -65,6 +65,6 @@
</description>
-<value type="default">lmhosts host wins bcast</value>
+<value type="default">lmhosts wins host bcast</value>
<value type="example">lmhosts bcast host</value>
</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/profileacls.xml b/docs-xml/smbdotconf/protocol/profileacls.xml
index 1c6f0c9..be89753 100644
--- a/docs-xml/smbdotconf/protocol/profileacls.xml
+++ b/docs-xml/smbdotconf/protocol/profileacls.xml
@@ -25,7 +25,7 @@
every returned ACL. This will allow any Windows 2000 or XP workstation
user to access the profile.
</para>
-
+
<para>
Note that if you have multiple users logging
on to a workstation then in order to prevent them from being able to access
@@ -35,6 +35,12 @@
workstation profile code and has an ACL restricting entry to the directory
tree to the owning user.
</para>
+
+ <para>
+ Note that this parameter should be set to yes on dedicated profile shares only.
+ On other shares, it might cause incorrect file ownerships.
+ </para>
+
</description>
<value type="default">no</value>
diff --git a/examples/LDAP/samba-schema-netscapeds5.x b/examples/LDAP/samba-schema-netscapeds5.x
deleted file mode 100644
index 8125adc..0000000
--- a/examples/LDAP/samba-schema-netscapeds5.x
+++ /dev/null
@@ -1,67 +0,0 @@
-##
-## Darren Chew <darren.chew at vicscouts dot asn dot au>
-## Andre Fiebach <andre dot fiebach at stud dot uni-rostock dot de>
-## Thomas Mueller 12.04.2003, thomas.mueller at christ-wasser.de
-## Richard Renard rrenard at idealx.com 2005-01-28
-## - added support for MungedDial, BadPasswordCount, BadPasswordTime, PasswordHistory, LogonHours
-## TAKEDA Yasuma yasuma at osstech.co.jp 2008-11-06
-## - added sambaTrustedDomainPassword objectClasses
-## - in Sun One 5.2 copy it as 99samba-schema-netscapeds5.ldif
-##
-## Samba 3.2 schema file for Netscape DS 5.x
-##
-## INSTALL-DIRECTORY/slapd-your_name/config/schema/samba-schema-netscapeds5.ldif
-####################################################################
-# Sun One DS do not load the schema without this lines
-# André Fiebach <af123 at uni-rostock.de>
-dn: cn=schema
-objectClass: top
-objectClass: ldapSubentry
-objectClass: subschema
-cn: schema
-aci: (target="ldap:///cn=schema")(targetattr !="aci")(version 3.0;acl "anonymo
- us, no acis"; allow (read, search, compare) userdn = "ldap:///anyone";)
-aci: (targetattr = "*")(version 3.0; acl "Configuration Administrator"; allow
- (all) userdn = "ldap:///uid=admin,ou=Administrators, ou=TopologyManagement,
- o=NetscapeRoot";)
-aci: (targetattr = "*")(version 3.0; acl "Local Directory Administrators Group
- "; allow (all) groupdn = "ldap:///cn=Directory Administrators, dc=samba,dc=org";)
-aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all)groupdn = "ld
- ap:///cn=slapd-sambaldap, cn=iPlanet Directory Server, cn=Server Group, cn=iPlanetDirectory.samba.org, ou=samba.org, o=NetscapeRoot";)
-####################################################################
-objectClasses: ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY DESC 'Samba 3.0 Auxilary SAM Account' MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $ sambaBadPasswordTime $ sambaPasswordHistory $ sambaLogonHours) X-ORIGIN 'user defined' )
-objectClasses: ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY DESC 'Samba Group Mapping' MUST ( gidNumber $ sambaSID $ sambaGroupType ) MAY ( displayName $ description ) X-ORIGIN 'user defined' )
-objectClasses: ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL DESC 'Samba Domain Information' MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBase ) X-ORIGIN 'user defined' )
-objectClasses: ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY DESC 'Pool for allocating UNIX uids/gids' MUST ( uidNumber $ gidNumber ) X-ORIGIN 'user defined' )
-objectClasses: ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY DESC 'Mapping from a SID to an ID' MUST ( sambaSID ) MAY ( uidNumber $ gidNumber ) X-ORIGIN 'user defined' )
-objectClasses: ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL DESC 'Structural Class for a SID' MUST ( sambaSID ) X-ORIGIN 'user defined' )
-objectClasses: ( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPassword' SUP top STRUCTURAL DESC 'Samba Trusted Domain Password' MUST ( sambaDomainName $ sambaSID $ sambaClearTextPassword $ sambaPwdLastSet ) MAY ( sambaPreviousClearTextPassword ) X-ORIGIN 'user defined')
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'LanManager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE X-ORIGIN 'user defined' )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 hash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE X-ORIGIN 'user defined' )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Account Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE X-ORIGIN 'user defined' )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'Timestamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC 'Timestamp of when the user is allowed to update the password' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC 'Timestamp of when the password will expire' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Timestamp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'Timestamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC 'Timestamp of when the user will be logged off automatically' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'Driver letter of home directory mapping' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE X-ORIGIN 'user defined' )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC 'Logon script path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE X-ORIGIN 'user defined' )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC 'Roaming profile path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE X-ORIGIN 'user defined' )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' DESC 'List of user workstations the user is allowed to logon to' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE X-ORIGIN 'user defined' )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Home directory UNC path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC 'Windows NT domain to which the user belongs' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC 'Base64 encoded user parameter string' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' DESC 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' DESC 'Time of the last bad password attempt' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC 'Concatenated MD4 hashes of the unicode passwords used on this account' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC 'Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE X-ORIGIN 'user defined' )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' DESC 'Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE X-ORIGIN 'user defined' )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'NT Group Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC 'Next NT rid to give our for users' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC 'Next NT rid to give out for groups' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Next NT rid to give out for anything' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' DESC 'Base at which the samba RID generation algorithm should operate' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword' DESC 'Clear text password (used for trusted domain passwords)' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'user defined')
-attributeTypes: ( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextPassword' DESC 'Previous clear text password (used for trusted domain passwords)' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'user defined')
diff --git a/examples/LDAP/samba-schema-netscapeds5.x.README b/examples/LDAP/samba-schema-netscapeds5.x.README
new file mode 100644
index 0000000..78c9073
--- /dev/null
+++ b/examples/LDAP/samba-schema-netscapeds5.x.README
@@ -0,0 +1,2 @@
+The LDAP schema file for the Netscape DS 5 has been outdated since years.
+Please use the LDIF based FDS schema file instead.
diff --git a/examples/VFS/Makefile.in b/examples/VFS/Makefile.in
index 8fe414a..98d259f 100644
--- a/examples/VFS/Makefile.in
+++ b/examples/VFS/Makefile.in
@@ -36,7 +36,7 @@ default: $(patsubst %.c,%.$(SHLIBEXT),$(wildcard *.c))
%.$(OBJEXT): %.c
@echo "Compiling $<"
- @$(CC) $(FLAGS) -c $<
+ @$(CC) $(FLAGS) -c $< -D$*_init=init_samba_module
install: default
diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index b802036..81055c9 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -437,13 +437,13 @@ static int _pam_parse(const pam_handle_t *pamh,
ctrl |= WINBIND_SILENT;
}
- if (iniparser_getstr(d, CONST_DISCARD(char *, "global:krb5_ccache_type")) != NULL) {
+ if (iniparser_getstring(d, CONST_DISCARD(char *, "global:krb5_ccache_type"), NULL) != NULL) {
ctrl |= WINBIND_KRB5_CCACHE_TYPE;
}
- if ((iniparser_getstr(d, CONST_DISCARD(char *, "global:require-membership-of"))
+ if ((iniparser_getstring(d, CONST_DISCARD(char *, "global:require-membership-of"), NULL)
!= NULL) ||
- (iniparser_getstr(d, CONST_DISCARD(char *, "global:require_membership_of"))
+ (iniparser_getstring(d, CONST_DISCARD(char *, "global:require_membership_of"), NULL)
!= NULL)) {
ctrl |= WINBIND_REQUIRED_MEMBERSHIP;
}
@@ -2290,7 +2290,7 @@ static const char *get_conf_item_string(struct pwb_context *ctx,
goto out;
}
- parm_opt = iniparser_getstr(ctx->dict, key);
+ parm_opt = iniparser_getstring(ctx->dict, key, NULL);
TALLOC_FREE(key);
_pam_log_debug(ctx, LOG_INFO, "CONFIG file: %s '%s'\n",
diff --git a/nsswitch/winbind_krb5_locator.c b/nsswitch/winbind_krb5_locator.c
index e921cae..385a156 100644
--- a/nsswitch/winbind_krb5_locator.c
+++ b/nsswitch/winbind_krb5_locator.c
@@ -182,7 +182,8 @@ static krb5_error_code smb_krb5_locator_call_cbfunc(const char *name,
void *cbdata)
{
struct addrinfo *out = NULL;
- int ret;
+ int ret = 0;
+ struct addrinfo *res = NULL;
int count = 3;
while (count) {
@@ -206,16 +207,25 @@ static krb5_error_code smb_krb5_locator_call_cbfunc(const char *name,
return KRB5_PLUGIN_NO_HANDLE;
}
- ret = cbfunc(cbdata, out->ai_socktype, out->ai_addr);
+ for (res = out; res; res = res->ai_next) {
+ if (!res->ai_addr || res->ai_addrlen == 0) {
+ continue;
+ }
+
+ ret = cbfunc(cbdata, res->ai_socktype, res->ai_addr);
+ if (ret) {
#ifdef DEBUG_KRB5
- if (ret) {
- fprintf(stderr, "[%5u]: smb_krb5_locator_lookup: "
- "failed to call callback: %s (%d)\n",
- (unsigned int)getpid(), error_message(ret), ret);
- }
+ fprintf(stderr, "[%5u]: smb_krb5_locator_lookup: "
+ "failed to call callback: %s (%d)\n",
+ (unsigned int)getpid(), error_message(ret), ret);
#endif
+ break;
+ }
+ }
- freeaddrinfo(out);
+ if (out) {
+ freeaddrinfo(out);
+ }
return ret;
}
@@ -257,8 +267,7 @@ static bool ask_winbind(const char *realm, char **dcname)
flags = WBC_LOOKUP_DC_KDC_REQUIRED |
WBC_LOOKUP_DC_IS_DNS_NAME |
- WBC_LOOKUP_DC_RETURN_DNS_NAME |
- WBC_LOOKUP_DC_IP_REQUIRED;
+ WBC_LOOKUP_DC_RETURN_DNS_NAME;
wbc_status = wbcLookupDomainControllerEx(realm, NULL, NULL, flags, &dc_info);
@@ -270,12 +279,6 @@ static bool ask_winbind(const char *realm, char **dcname)
return false;
}
- if (dc_info->dc_address) {
- dc = dc_info->dc_address;
- if (dc[0] == '\\') dc++;
- if (dc[0] == '\\') dc++;
- }
-
if (!dc && dc_info->dc_unc) {
dc = dc_info->dc_unc;
if (dc[0] == '\\') dc++;
diff --git a/nsswitch/winbind_nss_hpux.h b/nsswitch/winbind_nss_hpux.h
index 40a352d..393c0a3 100644
--- a/nsswitch/winbind_nss_hpux.h
+++ b/nsswitch/winbind_nss_hpux.h
@@ -130,7 +130,12 @@ typedef struct nss_XbyY_args {
void *returnval;
int erange;
- int h_errno;
+ /*
+ * h_errno is defined as function call macro for multithreaded applications
+ * in HP-UX. *this* h_errno is not used in the HP-UX codepath of our nss
+ * modules, so let's simply comment it out here:
+ * int h_errno;
+ */
nss_status_t status;
} nss_XbyY_args_t;
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
index 287b50b..bc38041 100644
--- a/source3/auth/auth_server.c
+++ b/source3/auth/auth_server.c
@@ -273,14 +273,23 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context
const auth_usersupplied_info *user_info,
auth_serversupplied_info **server_info)
{
- struct server_security_state *state = talloc_get_type_abort(
- my_private_data, struct server_security_state);
- struct cli_state *cli;
+ struct server_security_state *state = NULL;
+ struct cli_state *cli = NULL;
static bool tested_password_server = False;
static bool bad_password_server = False;
NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED;
bool locally_made_cli = False;
+ DEBUG(10, ("check_smbserver_security: Check auth for: [%s]\n",
+ user_info->smb_name));
+
+ if (my_private_data == NULL) {
+ DEBUG(10,("check_smbserver_security: "
+ "password server is not connected\n"));
+ return NT_STATUS_LOGON_FAILURE;
+ }
+
+ state = talloc_get_type_abort(my_private_data, struct server_security_state);
cli = state->cli;
if (cli) {
diff --git a/source3/include/ads.h b/source3/include/ads.h
index 62d51ce..ff3dc12 100644
--- a/source3/include/ads.h
+++ b/source3/include/ads.h
@@ -108,6 +108,7 @@ typedef struct ads_struct {
time_t current_time;
char *schema_path;
char *config_path;
+ int ldap_page_size;
} config;
/* info about the current LDAP connection */
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 579fc1b..559a34e 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -3918,9 +3918,9 @@ void expire_workgroups_and_servers(time_t t);
/* The following definitions come from param/loadparm.c */
char *lp_smb_ports(void);
-char *lp_dos_charset(void);
-char *lp_unix_charset(void);
-char *lp_display_charset(void);
+const char *lp_dos_charset(void);
+const char *lp_unix_charset(void);
+const char *lp_display_charset(void);
char *lp_logfile(void);
char *lp_configfile(void);
char *lp_smb_passwd_file(void);
diff --git a/source3/lib/debug.c b/source3/lib/debug.c
index 80b8310..05e9eee 100644
--- a/source3/lib/debug.c
+++ b/source3/lib/debug.c
@@ -657,9 +657,11 @@ bool reopen_logs( void )
SAFE_FREE(fname);
fname = SMB_STRDUP(logfname);
if (!fname) {
+ TALLOC_FREE(logfname);
return false;
}
}
+ TALLOC_FREE(logfname);
}
debugf = fname;
@@ -1028,6 +1030,8 @@ bool dbghdrclass(int level, int cls, const char *location, const char *func)
*/
if( lp_timestamp_logs() || lp_debug_prefix_timestamp() || !(lp_loaded()) ) {
char header_str[200];
+ char *curtime = current_timestring(talloc_tos(),
+ lp_debug_hires_timestamp());
header_str[0] = '\0';
@@ -1050,19 +1054,18 @@ bool dbghdrclass(int level, int cls, const char *location, const char *func)
", class=%s",
default_classname_table[cls]);
}
-
+
/* Print it all out at once to prevent split syslog output. */
if( lp_debug_prefix_timestamp() ) {
(void)Debug1( "[%s, %2d%s] ",
- current_timestring(talloc_tos(),
- lp_debug_hires_timestamp()),
+ curtime,
level, header_str);
} else {
(void)Debug1( "[%s, %2d%s] %s(%s)\n",
- current_timestring(talloc_tos(),
- lp_debug_hires_timestamp()),
+ curtime,
level, header_str, location, func );
}
+ TALLOC_FREE(curtime);
}
errno = old_errno;
diff --git a/source3/libads/ads_status.c b/source3/libads/ads_status.c
index 6680766..392e82f 100644
--- a/source3/libads/ads_status.c
+++ b/source3/libads/ads_status.c
@@ -79,6 +79,9 @@ NTSTATUS ads_ntstatus(ADS_STATUS status)
if (status.err.rc == LDAP_SUCCESS) {
return NT_STATUS_OK;
}
+ if (status.err.rc == LDAP_TIMELIMIT_EXCEEDED) {
+ return NT_STATUS_IO_TIMEOUT;
--
Samba Shared Repository
More information about the samba-cvs
mailing list