[SCM] Samba Shared Repository - branch v3-6-stable updated
Karolin Seeger
kseeger at samba.org
Mon Sep 17 01:10:20 MDT 2012
The branch, v3-6-stable has been updated
via c4f50da WHATSNEW: Add major changes.
via 7aeeac3 WHATSNEW: Add changes since 3.6.7.
via c507e98 s3: delete requests are not special
via d743a04 sysquota: we need to list nfs4 as a separate fs name for the sys_get_nfs_quota backend
via 1f7bf36 s3:client use more access bits for snapshot display
via 982a4ea s3:libsmb correctly set isFsctl for snapshot list
via 08f6bde s3-winbind: DON'T PANIC if we couldn't find the domain.
via c7ad604 Fix bug #9124 - Samba fails to set "inherited" bit on inherited ACE's.
via 735ec75 Windows does canonicalization of inheritance bits. Do the same.
via 21fe3f0 Change the other two places where we set a security descriptor given by the client to got through set_sd(), the canonicalize sd function. (cherry picked from commit 7e03ebf094a98c572816cb81ef3cf4c02aaafcfd)
via a372cfa Re-add set_sd(), called from set_sd_blob(). Allows us to centralize all ACL canonicalization. (cherry picked from commit 05734b67b8ed5516d81000eac48acd0915567629) (cherry picked from commit 67f82b4cb65294dc2e3c3a144d91df9bbfdaa90c)
via a8c84b4 Rename set_sd() to set_sd_blob() - this describes what it does. (cherry picked from commit 61957ff9f6124eabae050f5425d7d0597ae6a127) (cherry picked from commit b6791f4878bfdd2266f27b1e962324966ef03e31)
via 7503ef9 s3-smbd: Fix flooding the logs with records we don't find in pcap.
via e7cf33c Bug #9058] Files not deleted, smbstatus shows "Segmentation fault".
via 634142c s3-printing: fix bug 9123 lprng job tracking errors
via bbffd42 s3-smbd: Initialize the print backend after we setup winreg.
via e61ab52 s4-torture: let torture_suite_add_ndr_pull_test always work with NDR_SCALARS|NDR_BUFFERS flags.
via 4520d4f s3: Fix bug #9085.
via 02dc354 s3: fix #9037 even more - open and netbsd have the md5 symbols in libc (cherry picked from commit e2200d51550f73e66924277d4c7290b0eeab3f23)
via ea172c2 s3:smb2_ioctl: add some more validation checks
via 313bf72 Backport FSCTL codes from master (cherry picked from commit 20909ff4eda1181612e0f1f09191e86369044d24)
via 6606982 s3-libsmb: Remove obsolete smb_krb5_locate_kdc.
via 4151f94 s3: Fix #9037, BSD has -lmd instead of -lmd5 (cherry picked from commit a9fc50f9e97d437e18f67f077b0de89b6781e2c3)
via 02c4886 Fix bug #9098 - winbind does not refresh kerberos tickets.
via 227d353 Fix bug #9104 - winbindd can mis-identify idle clients - can cause crashes and NDR parsing errors.
via 1bcdcc1 Ensure we keep last_access up to date when processing a request. (cherry picked from commit c4dadb5867111029c90fd395b64217a23d53f722)
via 084727c Fix smbclient/tarmode panic on connecting to Windows 2000 clients.
via 4e9b2cc s3-auth Use correct RID for domain guests primary group
via a5b4f3e Revert "s3:auth make sure the primary group sid is usable"
via eae2e4d s3: Fix a crash in reply_lockingX_error
via 285a715 Fix bug 9065: source3/registry/regfio.c: bad call to memcpy
from f31bbbc WHASTNEW: Start release notes for Samba 3.6.8.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-stable
- Log -----------------------------------------------------------------
commit c4f50dadc4a3baccd23e5c126448c3bccd05dc68
Author: Karolin Seeger <kseeger at samba.org>
Date: Fri Sep 14 10:08:12 2012 +0200
WHATSNEW: Add major changes.
Karolin
(cherry picked from commit 4ba3dedfa898ad12465fc4307aa29575ba8b44d5)
commit 7aeeac3d25a6f71b7bdd588c941a9aecafa0ceaf
Author: Karolin Seeger <kseeger at samba.org>
Date: Fri Sep 14 09:47:47 2012 +0200
WHATSNEW: Add changes since 3.6.7.
Karolin
(cherry picked from commit 34476abd44cb0b7c806b671727b3b814928202e1)
commit c507e985185f998bab8147ff08dec815107f036c
Author: Volker Lendecke <vl at samba.org>
Date: Mon Sep 10 11:25:03 2012 +0200
s3: delete requests are not special
The only difference between batch and exclusive oplocks is the time of
the check: Batch is checked before the share mode check, exclusive after.
Signed-off-by: Jeremy Allison <jra at samba.org>
Fix bug #9150 - Valid open requests can cause smbd assert due to incorrect
oplock handling on delete requests.
(cherry picked from commit 9d0a8945ce9f521934d6f580d2b48abce0169a6d)
commit d743a042a6a12a9df92195f15f667be3ee068715
Author: Björn Jacke <bj at sernet.de>
Date: Thu Sep 6 07:58:00 2012 +0200
sysquota: we need to list nfs4 as a separate fs name for the sys_get_nfs_quota backend
at least the Linux kernel up to 3.5.0 lists NFSv4 aѕ nfs4 and not as nfs
(cherry picked from commit a6df44b3ae1ca6395d05e1af804a779d785358db)
Fix bug #9144 - nfs quota support not working with Linux nfs4 mounts.
(cherry picked from commit e059bcc59498661f165b13fb84edcb80900815ce)
commit 1f7bf360fa9c4fb79c40436ce7caaf05897a3aac
Author: Christian Ambach <ambi at samba.org>
Date: Wed Sep 5 15:07:54 2012 +0200
s3:client use more access bits for snapshot display
otherwise Windows server will reject the request for shadow copy enumeration
with access denied
The last 2 patches address bug #9137 - smbclient allinfo does not show snapshot
list.
(cherry picked from commit 9acfa6126229cc61ba5f45908f97c68f353f8f85)
commit 982a4ea7ee7ba992c049d20dbd8d9e9dc5eab87d
Author: Christian Ambach <ambi at samba.org>
Date: Thu Aug 30 16:43:33 2012 +0200
s3:libsmb correctly set isFsctl for snapshot list
FSCTL_GET_SHADOW_COPY_DATA is a FSCTL, so set the isFsctl marker
otherwise smbclient allinfo will not report snapshots any more with the changes
made for Bug #8311
Autobuild-User(master): Christian Ambach <ambi at samba.org>
Autobuild-Date(master): Thu Aug 30 18:57:24 CEST 2012 on sn-devel-104
(cherry picked from commit 1f8d68699ffcee1513ae68f8c6ef947a05742bc6)
commit 08f6bde5595e13a9872df03a18e0d5d3481ba186
Author: Andreas Schneider <asn at samba.org>
Date: Tue Sep 4 14:30:38 2012 +0200
s3-winbind: DON'T PANIC if we couldn't find the domain.
If we don't have a connection to a trusted domain but still try to do a
lookup we shouldn't segfault.
Signed-off-by: Andreas Schneider <asn at samba.org>
Fix bug #9135 - Don't segfault if we don't find a domain in
resolve_username_to_alias()/fill_grent() .
(cherry picked from commit 7ec71c28e9153164d222966a3753333f1804c8c7)
commit c7ad604aa5528b7f4697afde079691636266ac90
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 29 16:55:21 2012 -0700
Fix bug #9124 - Samba fails to set "inherited" bit on inherited ACE's.
Change se_create_child_secdesc() to handle inheritance correctly.
(cherry picked from commit 1bb5d205ecc071a98ce5717e2e009fb1875aeae2)
commit 735ec75ded550ee2a732cde26dc47f0c866d92e4
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 29 13:40:29 2012 -0700
Windows does canonicalization of inheritance bits. Do the same.
We need to filter out the
SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ
bits. If both are set we store SEC_DESC_DACL_AUTO_INHERITED
as this alters whether SEC_ACE_FLAG_INHERITED_ACE is set
when an ACE is inherited. Otherwise we zero these bits out.
See:
http://social.msdn.microsoft.com/Forums/eu/os_fileservices/thread/11f77b68-731e-407d-b1b3-064750716531
for details.
(cherry picked from commit d02f39f97624260bd226977b30c80974d0ce0fe0)
(cherry picked from commit c36e78f98f45b51a2d1fba6bedb5e4d39c0f4bbe)
commit 21fe3f0fd6541c9afbb4a292e42d429bad182b7f
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 29 16:52:02 2012 -0700
Change the other two places where we set a security descriptor given by the client to got through set_sd(), the canonicalize sd function.
(cherry picked from commit 7e03ebf094a98c572816cb81ef3cf4c02aaafcfd)
commit a372cfac90a4d30a002111c64d1c30ed61dc821c
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 29 13:29:34 2012 -0700
Re-add set_sd(), called from set_sd_blob(). Allows us to centralize all ACL canonicalization. (cherry picked from commit 05734b67b8ed5516d81000eac48acd0915567629)
(cherry picked from commit 67f82b4cb65294dc2e3c3a144d91df9bbfdaa90c)
commit a8c84b4104d9ed28bf7cf12047d1588626c52d2c
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 29 13:23:06 2012 -0700
Rename set_sd() to set_sd_blob() - this describes what it does. (cherry picked from commit 61957ff9f6124eabae050f5425d7d0597ae6a127)
(cherry picked from commit b6791f4878bfdd2266f27b1e962324966ef03e31)
commit 7503ef98f6959cb0dcb9a1ad55aa647d3a6787f4
Author: Andreas Schneider <asn at samba.org>
Date: Tue Aug 28 14:17:22 2012 +0200
s3-smbd: Fix flooding the logs with records we don't find in pcap.
Signed-off-by: Andreas Schneider <asn at samba.org>
Fix bug #9112 - smbd.log is flooded by 'printer_list_get_printer: Failed to
fetch record!'.
(cherry picked from commit 4f4a972e277859a63b60a9bbaff094e00338aba9)
commit e7cf33c9dd41bf6f55f5984ddcfd908ef29c1e95
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 22 11:05:19 2012 -0700
Bug #9058] Files not deleted, smbstatus shows "Segmentation fault".
Fix smbstatus code dump when a file entry has delete tokens.
(cherry picked from commit 2d1bf06f440c9607ee7b60e65ab33f70b9657770)
commit 634142ca468734cecca009411005d1a6f24c85d6
Author: David Disseldorp <ddiss at samba.org>
Date: Tue Aug 28 18:58:24 2012 +0200
s3-printing: fix bug 9123 lprng job tracking errors
The lprng printing back-end is truncating the print job filename in the
lpq output, which means that Samba is not able to determine the back-end
job ID for a newly submitted print job.
Remove the unneeded spoolss job ID from the print job file name to
ensure the job filename is not truncated. Also log these warnings at a
higher log level.
(cherry picked from commit 4050cc8be25299514f7ebe609419f74aff8da423)
commit bbffd4213879046e6de907e810b2f620ef5e7b0c
Author: Andreas Schneider <asn at samba.org>
Date: Tue Aug 28 14:53:01 2012 +0200
s3-smbd: Initialize the print backend after we setup winreg.
The print backend init also migrates the printing tdb to winreg. For
this we need to setup the winreg pipe first.
Signed-off-by: Andreas Schneider <asn at samba.org>
Fix bug #9122 - winreg_printer_openkey: Could not open HKLM hive:
NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE.
(cherry picked from commit 0f1496516d4f4c3da0fb875e944b48861ef2330b)
commit e61ab52b90788b9b2833c05c65c30ce54e623daa
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 28 14:30:13 2012 +0200
s4-torture: let torture_suite_add_ndr_pull_test always work with NDR_SCALARS|NDR_BUFFERS flags.
I checked all the callers (one) that needs them.
Guenther
See bug #9026 - 3.6.6 upgrade from 3.5.x fails with "Couldn't migrate printers
tdb file: NT_STATUS_NO_MEMORY" for details.
(cherry picked from commit b61e67d9fbb5d412da31233c6cd08ebdea6718ac)
commit 4520d4f80b23cad1973420142a9d4f1e010aa838
Author: hargagan <shargagan at novell.com>
Date: Tue Aug 28 09:29:52 2012 +0200
s3: Fix bug #9085.
NMB registration for a duplicate workstation fails with registration refuse.
(cherry picked from commit 71c4227fd0a741984fb273ad1973ad1724ecb04b)
commit 02dc354c54af4dd1b825cb4ff6f44917cf57efb7
Author: Björn Jacke <bj at sernet.de>
Date: Fri Aug 24 21:13:45 2012 +0200
s3: fix #9037 even more - open and netbsd have the md5 symbols in libc
(cherry picked from commit e2200d51550f73e66924277d4c7290b0eeab3f23)
commit ea172c293d08d659f438d5851efc42a61f3bbb9e
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Aug 23 09:46:27 2012 -0700
s3:smb2_ioctl: add some more validation checks
Based on a patch from Christian Ambach <ambi at samba.org>.
metze
The last 2 patches address bug #9058 - Files not deleted, smbstatus shows
"Segmentation fault".
(cherry picked from commit 16cda12d31bf0ce495ec957b2cf1f432369d5102)
commit 313bf72c7af92e7034cdebff55b6978e6e6bed49
Author: Volker Lendecke <vl at samba.org>
Date: Thu Aug 23 09:45:53 2012 -0700
Backport FSCTL codes from master
(cherry picked from commit 20909ff4eda1181612e0f1f09191e86369044d24)
commit 6606982b313f1e7e0129b854a361c1f67b82ccd0
Author: Andreas Schneider <asn at samba.org>
Date: Wed Nov 30 17:58:30 2011 +0100
s3-libsmb: Remove obsolete smb_krb5_locate_kdc.
Signed-off-by: Günther Deschner <gd at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Fix bug #9111 - Fix compilation with newer MIT kerberos which hides internal
symbols.
(cherry picked from commit bc593e2ddfb33d88d2b58a0e721d448bbd30426c)
commit 4151f94afcfbf09e5d5277050dda3a282db7adaa
Author: Volker Lendecke <vl at samba.org>
Date: Thu Aug 16 20:10:41 2012 +0200
s3: Fix #9037, BSD has -lmd instead of -lmd5
(cherry picked from commit a9fc50f9e97d437e18f67f077b0de89b6781e2c3)
commit 02c4886863e9a4066b89f2dcb8ff853bfbda7e86
Author: Jeremy Allison <jra at samba.org>
Date: Tue Aug 21 11:24:58 2012 -0700
Fix bug #9098 - winbind does not refresh kerberos tickets.
Based on work from Ian Gordon <ian.gordon at strath.ac.uk>.
(cherry picked from commit 3f60bff699223a8895d060585f765706e167da37)
(cherry picked from commit ecf4d5e79c4dad452600498958ebe7a8e1c81fcd)
commit 227d353346292f559624deb6b142c18914057046
Author: Herb Lewis <hlewis at panasas.com>
Date: Mon Aug 20 14:51:28 2012 -0700
Fix bug #9104 - winbindd can mis-identify idle clients - can cause crashes and NDR parsing errors.
A connection is idle when both struct winbindd_cli_state->request AND
struct winbindd_cli_state->response are NULL. Otherwise we can flag
as idle a connection in the state of having sent the request to
the winbindd child (request != NULL) but not yet received a reply
(response == NULL).
(cherry picked from commit f6f27baa92a20d5beeee23b8e1e86f0c9ace85b8)
Signed-off-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 733dbbb5e71fe24c46206d3497aa4067138f375d)
commit 1bcdcc14d483e854d1bcc1b4c41ac446e6b7bf40
Author: Jeremy Allison <jra at samba.org>
Date: Mon Aug 20 15:21:26 2012 -0700
Ensure we keep last_access up to date when processing a request.
(cherry picked from commit c4dadb5867111029c90fd395b64217a23d53f722)
commit 084727cc8f55755cea86141adfb0eb59feab22b8
Author: Salvador I. Gonzalez <sgonzalez at codejunkie.net>
Date: Sat Aug 11 13:46:41 2012 -0400
Fix smbclient/tarmode panic on connecting to Windows 2000 clients.
'Freed frame ../source3/libsmb/clilist.c:934, expected ../source3/client/clitar.c:821'
Cause: (strequal(finfo->name,"..") || strequal(finfo->name,"."))
evaluates to true, do_tar returns without freeing ctx
Fix bug #9088 - [PATCH] Freed frame ../source3/libsmb/clilist.c:934, expected
../source3/client/clitar.c:821.
(cherry picked from commit 10d21935d69579f381f85cdd19883f57b8030fef)
commit 4e9b2cc30a8e414e09a1961f4f8071187c6ad938
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Jul 15 14:38:18 2012 +1000
s3-auth Use correct RID for domain guests primary group
This was incorrect in commit 9dd7e7fc2d6d1aa7f3c3b741ac134e087ce808fd
as the RID was from the BUILTIN domain, but this creates a guest
account token for the real domain.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Jul 19 05:56:28 CEST 2012 on sn-devel-104
Fix bug #9067 - Domain Guest have wrong primary group RID.
(cherry picked from commit 5c0a169275ccf046190a0d08d93fc37e6b9bcf75)
commit a5b4f3ebed937bff8bb98c54ca7c730f91387667
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Jul 15 12:22:44 2012 +1000
Revert "s3:auth make sure the primary group sid is usable"
This reverts commit 00089fd74af740f832573d904312854e494a869e.
The issue with this patch, which I did sign off on, is that for the
domain member case, we already know that the SID is reasonable and
valid, and we indeed rely on that, because we keep it as an additonal
group anyway. The primary group is not so special that we need to do
extra validation.
Calling this function may put a user into the domain 'domain users'
group, even if they are not in that group to start with.
Andrew Bartlett
Fix bug #9066 - Domain Users incorrectly added as addition group on domain
members.
(cherry picked from commit 68aedaf59787971cd9520cef3a345d99da079ca3)
commit eae2e4df0027cb6d58bc6476f5332dfe084a47c9
Author: Volker Lendecke <vl at samba.org>
Date: Tue Aug 7 16:49:52 2012 -0700
s3: Fix a crash in reply_lockingX_error
A timed brlock with 2 locks comes in and the second one blocks,
file is closed. smbd_cancel_pending_lock_requests_by_fid sets
blr->fsp to NULL. reply_lockingX_error (called via
MSG_SMB_BLOCKING_LOCK_CANCEL) deferences blr->fsp because
blr->lock_num==1 (the second one blocked).
This patch fixes the bug by only undoing the locks if fsp!=NULL.
fsp==NULL is the close case where everything is undone anyway.
Thanks to Peter Somogyi, somogyi at hu.ibm.com for this bug report.
Fix bug #9084 - Blocking lock followed by close can crash smbd.
(cherry picked from commit d80fbbea8ec77c0bda0e3fb9eaed2f170784ea7d)
commit 285a715761fa760d42d2c5b83805e6685f1af2d1
Author: David Binderman <dcb314 at hotmail.com>
Date: Tue Jul 24 15:46:10 2012 -0700
Fix bug 9065: source3/registry/regfio.c: bad call to memcpy
Signed-off-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 2575cd4f189d28e7d4def211a89348ab7e515e83)
(cherry picked from commit 3ce8703a0a8566be36ccbab4271d4f953d2763de)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 71 ++++++++++++++++++++++-
source3/auth/auth_util.c | 45 +++++----------
source3/client/client.c | 3 +-
source3/client/clitar.c | 27 ++++++---
source3/configure.in | 33 ++++++++---
source3/include/krb5_protos.h | 4 -
source3/include/ntioctl.h | 80 +++++++++++++++++++++-----
source3/lib/secdesc.c | 10 ++-
source3/lib/sysquotas.c | 1 +
source3/libsmb/clifile.c | 2 +-
source3/libsmb/clikrb5.c | 89 -----------------------------
source3/locking/locking.c | 42 +++++--------
source3/nmbd/nmbd_winsserver.c | 2 +-
source3/printing/print_generic.c | 2 +-
source3/printing/printing.c | 3 +-
source3/registry/regfio.c | 2 +-
source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 21 +-------
source3/smbd/blocking.c | 17 ++++--
source3/smbd/nttrans.c | 73 +++++++++++++++++++----
source3/smbd/open.c | 20 +------
source3/smbd/proto.h | 4 +-
source3/smbd/server.c | 10 ++-
source3/smbd/server_reload.c | 2 +-
source3/smbd/smb2_ioctl.c | 27 ++++++++-
source3/smbd/smb2_setinfo.c | 2 +-
source3/utils/net_lookup.c | 42 ++++++++------
source3/winbindd/winbindd.c | 4 +-
source3/winbindd/winbindd_cred_cache.c | 29 +++++++++
source3/winbindd/winbindd_group.c | 10 +++-
source3/winbindd/winbindd_pam.c | 9 +++
source3/winbindd/winbindd_proto.h | 1 +
source3/wscript | 2 +-
source4/torture/ndr/ndr.h | 2 +-
33 files changed, 408 insertions(+), 283 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 05de570..cd3f26a 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -8,12 +8,77 @@ This is is the latest stable release of Samba 3.6.
Major enhancements in Samba 3.6.8 include:
-o
+o Fix crash bug in smbd caused by a blocking lock followed by
+ close (bug #9084).
+o Fix Winbind panic if we couldn't find the domain (bug #9135).
+
Changes since 3.6.7:
--------------------
o Jeremy Allison <jra at samba.org>
+ * BUG 9058: Fix smbstatus code dump when a file entry has delete tokens.
+ * BUG 9098: Fix refreshing of Kerberos tickets in Winbind.
+ * BUG 9124: Fix setting of "inherited" bit on inherited ACE's.
+
+
+o Christian Ambach <ambi at samba.org>
+ * BUG 9137: Make 'smbclient allinfo' show the snapshot list.
+
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 9066: "Domain Users" incorrectly added as additional group on domain
+ members.
+ * BUG 9067: Use correct RID for "Domain Guests" primary group.
+
+
+o David Binderman <dcb314 at hotmail.com>
+ * BUG 9065: Fix bad call to memcpy source3/registry/regfio.c.
+
+
+o David Disseldorp <ddiss at samba.org>
+ * BUG 9123: Fix lprng job tracking errors.
+
+
+o Salvador I. Gonzalez <sgonzalez at codejunkie.net>
+ * BUG 9088: Fix smbclient/tarmode panic when connecting to Windows 2000
+ clients.
+
+
+o Hargagan <shargagan at novell.com>
+ * BUG 9085: Fix NMB registration for a duplicate workstation.
+
+
+o Björn Jacke <bj at sernet.de>
+ * BUG 9037: Open and netbsd have the md5 symbols in libc.
+ * BUG 9144: Fix nfs quota support with Linux nfs4 mounts.
+
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 9037: Fix name clash in MD5 causing the "net ads join" to fail on
+ T4 (sun4v) systems on Solaris 10.
+ * BUG 9058: Backport FSCTL codes from master.
+ * BUG 9084: Fix crash bug in smbd caused by a blocking lock followed by
+ close.
+ * BUG 9150: Valid open requests can cause smbd assert due to incorrect
+ oplock handling on delete requests.
+
+
+o Herb Lewis <hlewis at panasas.com>
+ * BUG 9104: Fix identification of idle clients in Winbind to avoid crashes
+ and NDR parsing errors.
+
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 9058: Fix segfault in smbstatus.
+
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 9111: Fix compilation with newer MIT Kerberos which hides internal
+ symbols.
+ * BUG 9112: Fix flooding the logs with records we don't find in pcap.
+ * BUG 9122: Initialize the print backend after we setup winreg.
+ * BUG 9135: Fix Winbind panic if we couldn't find the domain.
######################################################################
@@ -57,8 +122,8 @@ Changes since 3.6.6:
o Jeremy Allison <jra at samba.org>
* BUG 8974: Fix kernel oplocks when uid(file) != uid(process).
- * BUG 8989: Send correct responses to NT Transact Secondary when no data and
- no params for the Trans2 calls are set.
+ * BUG 8989: Send correct responses to NT Transact Secondary when no data
+ and no params for the Trans2 calls are set.
* BUG 9034: Fix typo in set_re_uid() call when USE_SETRESUID selected in
configure.
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index c7e266a..fc93641 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -734,7 +734,7 @@ static NTSTATUS get_guest_info3(TALLOC_CTX *mem_ctx,
info3->base.rid = DOMAIN_RID_GUEST;
/* Primary gid */
- info3->base.primary_gid = BUILTIN_RID_GUESTS;
+ info3->base.primary_gid = DOMAIN_RID_GUESTS;
TALLOC_FREE(pwd);
return NT_STATUS_OK;
@@ -1250,11 +1250,11 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
char *found_username = NULL;
const char *nt_domain;
const char *nt_username;
+ struct dom_sid user_sid;
+ struct dom_sid group_sid;
bool username_was_mapped;
struct passwd *pwd;
struct auth_serversupplied_info *result;
- struct dom_sid *group_sid;
- struct netr_SamInfo3 *i3;
/*
Here is where we should check the list of
@@ -1262,6 +1262,15 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
matches.
*/
+ if (!sid_compose(&user_sid, info3->base.domain_sid, info3->base.rid)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (!sid_compose(&group_sid, info3->base.domain_sid,
+ info3->base.primary_gid)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
nt_username = talloc_strdup(mem_ctx, info3->base.account_name.string);
if (!nt_username) {
/* If the server didn't give us one, just use the one we sent
@@ -1313,43 +1322,17 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
}
/* copy in the info3 */
- result->info3 = i3 = copy_netr_SamInfo3(result, info3);
+ result->info3 = copy_netr_SamInfo3(result, info3);
if (result->info3 == NULL) {
TALLOC_FREE(result);
return NT_STATUS_NO_MEMORY;
}
/* Fill in the unix info we found on the way */
+
result->utok.uid = pwd->pw_uid;
result->utok.gid = pwd->pw_gid;
- /* We can't just trust that the primary group sid sent us is something
- * we can really use. Obtain the useable sid, and store the original
- * one as an additional group if it had to be replaced */
- nt_status = get_primary_group_sid(mem_ctx, found_username,
- &pwd, &group_sid);
- if (!NT_STATUS_IS_OK(nt_status)) {
- TALLOC_FREE(result);
- return nt_status;
- }
-
- /* store and check if it is the same we got originally */
- sid_peek_rid(group_sid, &i3->base.primary_gid);
- if (i3->base.primary_gid != info3->base.primary_gid) {
- uint32_t n = i3->base.groups.count;
- /* not the same, store the original as an additional group */
- i3->base.groups.rids =
- talloc_realloc(i3, i3->base.groups.rids,
- struct samr_RidWithAttribute, n + 1);
- if (i3->base.groups.rids == NULL) {
- TALLOC_FREE(result);
- return NT_STATUS_NO_MEMORY;
- }
- i3->base.groups.rids[n].rid = info3->base.primary_gid;
- i3->base.groups.rids[n].attributes = SE_GROUP_ENABLED;
- i3->base.groups.count = n + 1;
- }
-
/* ensure we are never given NULL session keys */
if (memcmp(info3->base.key.key, zeros, sizeof(zeros)) == 0) {
diff --git a/source3/client/client.c b/source3/client/client.c
index 05c4f91..58115ad 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -1717,7 +1717,8 @@ static int do_allinfo(const char *name)
}
status = cli_ntcreate(cli, name, 0,
- CREATE_ACCESS_READ, 0,
+ SEC_FILE_READ_DATA | SEC_FILE_READ_ATTRIBUTE |
+ SEC_STD_SYNCHRONIZE, 0,
FILE_SHARE_READ|FILE_SHARE_WRITE
|FILE_SHARE_DELETE,
FILE_OPEN, 0x0, 0x0, &fnum);
diff --git a/source3/client/clitar.c b/source3/client/clitar.c
index b658688..9a40c3e 100644
--- a/source3/client/clitar.c
+++ b/source3/client/clitar.c
@@ -837,8 +837,10 @@ static NTSTATUS do_tar(struct cli_state *cli_state, struct file_info *finfo,
TALLOC_CTX *ctx = talloc_stackframe();
NTSTATUS status = NT_STATUS_OK;
- if (strequal(finfo->name,"..") || strequal(finfo->name,"."))
- return NT_STATUS_OK;
+ if (strequal(finfo->name,"..") || strequal(finfo->name,".")) {
+ status = NT_STATUS_OK;
+ goto cleanup;
+ }
/* Is it on the exclude list ? */
if (!tar_excl && clipn) {
@@ -851,7 +853,8 @@ static NTSTATUS do_tar(struct cli_state *cli_state, struct file_info *finfo,
client_get_cur_dir(),
finfo->name);
if (!exclaim) {
- return NT_STATUS_NO_MEMORY;
+ status = NT_STATUS_NO_MEMORY;
+ goto cleanup;
}
DEBUG(5, ("...tar_re_search: %d\n", tar_re_search));
@@ -860,7 +863,8 @@ static NTSTATUS do_tar(struct cli_state *cli_state, struct file_info *finfo,
(tar_re_search && mask_match_list(exclaim, cliplist, clipn, True))) {
DEBUG(3,("Skipping file %s\n", exclaim));
TALLOC_FREE(exclaim);
- return NT_STATUS_OK;
+ status = NT_STATUS_OK;
+ goto cleanup;
}
TALLOC_FREE(exclaim);
}
@@ -872,7 +876,8 @@ static NTSTATUS do_tar(struct cli_state *cli_state, struct file_info *finfo,
saved_curdir = talloc_strdup(ctx, client_get_cur_dir());
if (!saved_curdir) {
- return NT_STATUS_NO_MEMORY;
+ status = NT_STATUS_NO_MEMORY;
+ goto cleanup;
}
DEBUG(5, ("strlen(cur_dir)=%d, \
@@ -885,7 +890,8 @@ strlen(finfo->name)=%d\nname=%s,cur_dir=%s\n",
client_get_cur_dir(),
finfo->name);
if (!new_cd) {
- return NT_STATUS_NO_MEMORY;
+ status = NT_STATUS_NO_MEMORY;
+ goto cleanup;
}
client_set_cur_dir(new_cd);
@@ -904,7 +910,8 @@ strlen(finfo->name)=%d\nname=%s,cur_dir=%s\n",
"%s*",
client_get_cur_dir());
if (!mtar_mask) {
- return NT_STATUS_NO_MEMORY;
+ status = NT_STATUS_NO_MEMORY;
+ goto cleanup;
}
DEBUG(5, ("Doing list with mtar_mask: %s\n", mtar_mask));
do_list(mtar_mask, attribute, do_tar, False, True);
@@ -918,11 +925,15 @@ strlen(finfo->name)=%d\nname=%s,cur_dir=%s\n",
client_get_cur_dir(),
finfo->name);
if (!rname) {
- return NT_STATUS_NO_MEMORY;
+ status = NT_STATUS_NO_MEMORY;
+ goto cleanup;
}
status = do_atar(rname,finfo->name,finfo);
TALLOC_FREE(rname);
}
+
+ cleanup:
+ TALLOC_FREE(ctx);
return status;
}
diff --git a/source3/configure.in b/source3/configure.in
index 373396a..eef3d13 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -753,20 +753,36 @@ AC_CHECK_HEADERS(linux/falloc.h)
dnl check for OS implementation of md5 conformant to rfc1321
AC_CHECK_HEADERS(md5.h)
+
+samba_cv_md5lib=none
+
if test x"$ac_cv_header_md5_h" = x"yes"; then
AC_DEFINE(HAVE_MD5_H, 1,
[Whether md5.h is available.])
- AC_CHECK_LIB(md5, MD5Update,
- [
- LIBS="${LIBS} -lmd5"
- CRYPTO_MD5_OBJ=
- AC_DEFINE(HAVE_LIBMD5, 1,
- [Whether libmd5 conformant to rfc1321 is available.])],
- [
- CRYPTO_MD5_OBJ="../lib/crypto/md5.o"])
+ AC_CHECK_LIB(md5, MD5Update, [samba_cv_md5lib=md5])
+fi
+
+if test x"$ac_cv_header_md5_h" = x"yes" -a \
+ x"$samba_cv_md5lib" = x"none" ; then
+ AC_CHECK_LIB(md, MD5Update, [samba_cv_md5lib=md])
+fi
+
+if test x"$ac_cv_header_md5_h" = x"yes" -a \
+ x"$samba_cv_md5lib" = x"none" ; then
+ AC_CHECK_LIB(c, MD5Update, [samba_cv_md5lib=""])
+fi
+
+if test x"$samba_cv_md5lib" != x"none" ; then
+ if test x"$samba_cv_md5lib" != x ; then
+ LIBS="${LIBS} -l${samba_cv_md5lib}"
+ fi
+ CRYPTO_MD5_OBJ=
+ AC_DEFINE(HAVE_LIBMD5, 1,
+ [Whether libmd5 conformant to rfc1321 is available.])
else
CRYPTO_MD5_OBJ="../lib/crypto/md5.o"
fi
+
AC_SUBST(CRYPTO_MD5_OBJ)
@@ -3862,7 +3878,6 @@ if test x"$with_ads_support" != x"no"; then
AC_CHECK_FUNC_EXT(krb5_string_to_key_salt, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_auth_con_setkey, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_auth_con_setuseruserkey, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_locate_kdc, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_get_permitted_enctypes, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_get_default_in_tkt_etypes, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_free_data_contents, $KRB5_LIBS)
diff --git a/source3/include/krb5_protos.h b/source3/include/krb5_protos.h
index 7b53389..55e353d 100644
--- a/source3/include/krb5_protos.h
+++ b/source3/include/krb5_protos.h
@@ -71,10 +71,6 @@ bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr);
int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype, bool no_salt);
bool get_auth_data_from_tkt(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, krb5_ticket *tkt);
krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt);
-krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters);
-#if defined(HAVE_KRB5_LOCATE_KDC)
-krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters);
-#endif
krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes);
bool get_krb5_smb_session_key(TALLOC_CTX *mem_ctx,
krb5_context context,
diff --git a/source3/include/ntioctl.h b/source3/include/ntioctl.h
index 18707c5..925a06f 100644
--- a/source3/include/ntioctl.h
+++ b/source3/include/ntioctl.h
@@ -31,34 +31,84 @@
/* Some of the following such as the encryption/compression ones would be */
/* invoked from tools via a specialized hook into the VFS rather than via the */
/* standard vfs entry points */
-#define FSCTL_REQUEST_OPLOCK_LEVEL_1 0x00090000
-#define FSCTL_REQUEST_OPLOCK_LEVEL_2 0x00090004
-#define FSCTL_REQUEST_BATCH_OPLOCK 0x00090008
#define FSCTL_LOCK_VOLUME 0x00090018
#define FSCTL_UNLOCK_VOLUME 0x0009001C
#define FSCTL_GET_COMPRESSION 0x0009003C
#define FSCTL_SET_COMPRESSION 0x0009C040
-#define FSCTL_IS_VOLUME_DIRTY 0x00090078
#define FSCTL_REQUEST_FILTER_OPLOCK 0x0009008C
-#define FSCTL_FIND_FILES_BY_SID 0x0009008F
-#define FSCTL_FILESYS_GET_STATISTICS 0x00090090
-#define FSCTL_SET_OBJECT_ID 0x00090098
-#define FSCTL_GET_OBJECT_ID 0x0009009C
-#define FSCTL_SET_REPARSE_POINT 0x000900A4
-#define FSCTL_GET_REPARSE_POINT 0x000900A8
-#define FSCTL_DELETE_REPARSE_POINT 0x000900AC
-#define FSCTL_CREATE_OR_GET_OBJECT_ID 0x000900C0
-#define FSCTL_SET_SPARSE 0x000900C4
#define FSCTL_SET_ZERO_DATA 0x000900C8
#define FSCTL_SET_ENCRYPTION 0x000900D7
#define FSCTL_ENCRYPTION_FSCTL_IO 0x000900DB
#define FSCTL_WRITE_RAW_ENCRYPTED 0x000900DF
#define FSCTL_READ_RAW_ENCRYPTED 0x000900E3
#define FSCTL_SIS_COPYFILE 0x00090100
-#define FSCTL_QUERY_ALLOCATED_RANGES 0x000940CF
#define FSCTL_SIS_LINK_FILES 0x0009C104
-#define FSCTL_GET_SHADOW_COPY_DATA 0x00144064 /* KJC -- Shadow Copy information */
+/* filesystem control codes */
+#define FSCTL_METHOD_BUFFERED 0x00000000
+#define FSCTL_METHOD_IN_DIRECT 0x00000001
+#define FSCTL_METHOD_OUT_DIRECT 0x00000002
+#define FSCTL_METHOD_NEITHER 0x00000003
+
+#define FSCTL_ACCESS_ANY 0x00000000
+#define FSCTL_ACCESS_READ 0x00004000
+#define FSCTL_ACCESS_WRITE 0x00008000
+
+#define FSCTL_DFS 0x00060000
+#define FSCTL_DFS_GET_REFERRALS (FSCTL_DFS | FSCTL_ACCESS_ANY | 0x0194 | FSCTL_METHOD_BUFFERED)
+#define FSCTL_DFS_GET_REFERRALS_EX (FSCTL_DFS | FSCTL_ACCESS_ANY | 0x01B0 | FSCTL_METHOD_BUFFERED)
+
+#define FSCTL_FILESYSTEM 0x00090000
+#define FSCTL_REQUEST_OPLOCK_LEVEL_1 (FSCTL_FILESYSTEM | FSCTL_ACCESS_ANY | 0x0000 | FSCTL_METHOD_BUFFERED)
+#define FSCTL_REQUEST_OPLOCK_LEVEL_2 (FSCTL_FILESYSTEM | FSCTL_ACCESS_ANY | 0x0004 | FSCTL_METHOD_BUFFERED)
+#define FSCTL_REQUEST_BATCH_OPLOCK (FSCTL_FILESYSTEM | FSCTL_ACCESS_ANY | 0x0008 | FSCTL_METHOD_BUFFERED)
+#define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE (FSCTL_FILESYSTEM | FSCTL_ACCESS_ANY | 0x000C | FSCTL_METHOD_BUFFERED)
+#define FSCTL_OPBATCH_ACK_CLOSE_PENDING (FSCTL_FILESYSTEM | FSCTL_ACCESS_ANY | 0x0010 | FSCTL_METHOD_BUFFERED)
+#define FSCTL_OPLOCK_BREAK_NOTIFY (FSCTL_FILESYSTEM | FSCTL_ACCESS_ANY | 0x0014 | FSCTL_METHOD_BUFFERED)
+#define FSCTL_FILESYS_GET_STATISTICS (FSCTL_FILESYSTEM | FSCTL_ACCESS_ANY | 0x0060 | FSCTL_METHOD_BUFFERED)
+#define FSCTL_GET_NTFS_VOLUME_DATA (FSCTL_FILESYSTEM | FSCTL_ACCESS_ANY | 0x0064 | FSCTL_METHOD_BUFFERED)
+#define FSCTL_IS_VOLUME_DIRTY (FSCTL_FILESYSTEM | FSCTL_ACCESS_ANY | 0x0078 | FSCTL_METHOD_BUFFERED)
+#define FSCTL_FIND_FILES_BY_SID (FSCTL_FILESYSTEM | FSCTL_ACCESS_ANY | 0x008C | FSCTL_METHOD_NEITHER)
+#define FSCTL_SET_OBJECT_ID (FSCTL_FILESYSTEM | FSCTL_ACCESS_ANY | 0x0098 | FSCTL_METHOD_BUFFERED)
+#define FSCTL_GET_OBJECT_ID (FSCTL_FILESYSTEM | FSCTL_ACCESS_ANY | 0x009C | FSCTL_METHOD_BUFFERED)
+#define FSCTL_DELETE_OBJECT_ID (FSCTL_FILESYSTEM | FSCTL_ACCESS_ANY | 0x00A0 | FSCTL_METHOD_BUFFERED)
+#define FSCTL_SET_REPARSE_POINT (FSCTL_FILESYSTEM | FSCTL_ACCESS_ANY | 0x00A4 | FSCTL_METHOD_BUFFERED)
+#define FSCTL_GET_REPARSE_POINT (FSCTL_FILESYSTEM | FSCTL_ACCESS_ANY | 0x00A8 | FSCTL_METHOD_BUFFERED)
+#define FSCTL_DELETE_REPARSE_POINT (FSCTL_FILESYSTEM | FSCTL_ACCESS_ANY | 0x00AC | FSCTL_METHOD_BUFFERED)
+#define FSCTL_CREATE_OR_GET_OBJECT_ID (FSCTL_FILESYSTEM | FSCTL_ACCESS_ANY | 0x00C0 | FSCTL_METHOD_BUFFERED)
+#define FSCTL_SET_SPARSE (FSCTL_FILESYSTEM | FSCTL_ACCESS_ANY | 0x00C4 | FSCTL_METHOD_BUFFERED)
+#define FSCTL_QUERY_ALLOCATED_RANGES (FSCTL_FILESYSTEM | FSCTL_ACCESS_READ | 0x00CC | FSCTL_METHOD_NEITHER)
+#define FSCTL_FILE_LEVEL_TRIM (FSCTL_FILESYSTEM | FSCTL_ACCESS_WRITE | 0x0208 | FSCTL_METHOD_BUFFERED)
+#define FSCTL_OFFLOAD_READ (FSCTL_FILESYSTEM | FSCTL_ACCESS_READ | 0x0264 | FSCTL_METHOD_BUFFERED)
+#define FSCTL_OFFLOAD_WRITE (FSCTL_FILESYSTEM | FSCTL_ACCESS_WRITE | 0x0268 | FSCTL_METHOD_BUFFERED)
+
+#define FSCTL_NAMED_PIPE 0x00110000
+#define FSCTL_PIPE_PEEK (FSCTL_NAMED_PIPE | FSCTL_ACCESS_READ | 0x000C | FSCTL_METHOD_BUFFERED)
+#define FSCTL_NAMED_PIPE_READ_WRITE (FSCTL_NAMED_PIPE | FSCTL_ACCESS_READ \
+ | FSCTL_ACCESS_WRITE | 0x0014 | FSCTL_METHOD_NEITHER)
+#define FSCTL_PIPE_TRANSCEIVE FSCTL_NAMED_PIPE_READ_WRITE /* SMB2 function name */
+#define FSCTL_PIPE_WAIT (FSCTL_NAMED_PIPE | FSCTL_ACCESS_ANY | 0x0018 | FSCTL_METHOD_BUFFERED)
+
+#define FSCTL_NETWORK_FILESYSTEM 0x00140000
+#define FSCTL_GET_SHADOW_COPY_DATA (FSCTL_NETWORK_FILESYSTEM | FSCTL_ACCESS_READ | 0x0064 | FSCTL_METHOD_BUFFERED)
+#define FSCTL_SRV_ENUM_SNAPS FSCTL_GET_SHADOW_COPY_DATA /* SMB2 function name */
+#define FSCTL_SRV_REQUEST_RESUME_KEY (FSCTL_NETWORK_FILESYSTEM | FSCTL_ACCESS_ANY | 0x0078 | FSCTL_METHOD_BUFFERED)
+#define FSCTL_SRV_COPYCHUNK (FSCTL_NETWORK_FILESYSTEM | FSCTL_ACCESS_READ | 0x00F0 | FSCTL_METHOD_OUT_DIRECT)
+#define FSCTL_SRV_COPYCHUNK_WRITE (FSCTL_NETWORK_FILESYSTEM | FSCTL_ACCESS_WRITE | 0x00F0 | FSCTL_METHOD_OUT_DIRECT)
+#define FSCTL_SRV_READ_HASH (FSCTL_NETWORK_FILESYSTEM | FSCTL_ACCESS_READ| 0x01B8 | FSCTL_METHOD_NEITHER)
+#define FSCTL_LMR_REQ_RESILIENCY (FSCTL_NETWORK_FILESYSTEM | FSCTL_ACCESS_ANY | 0x01D4 | FSCTL_METHOD_BUFFERED)
+#define FSCTL_LMR_SET_LINK_TRACKING_INFORMATION \
+ (FSCTL_NETWORK_FILESYSTEM | FSCTL_ACCESS_ANY | 0x00EC | FSCTL_METHOD_BUFFERED)
+#define FSCTL_QUERY_NETWORK_INTERFACE_INFO \
+ (FSCTL_NETWORK_FILESYSTEM | FSCTL_ACCESS_ANY | 0x01FC | FSCTL_METHOD_BUFFERED)
+
+/*
+ * FSCTL_VALIDATE_NEGOTIATE_INFO_224 was used used in
+ * Windows 8 server beta with SMB 2.24
+ */
+#define FSCTL_VALIDATE_NEGOTIATE_INFO_224 \
+ (FSCTL_NETWORK_FILESYSTEM | FSCTL_ACCESS_ANY | 0x0200 | FSCTL_METHOD_BUFFERED)
+#define FSCTL_VALIDATE_NEGOTIATE_INFO (FSCTL_NETWORK_FILESYSTEM | FSCTL_ACCESS_ANY | 0x0204 | FSCTL_METHOD_BUFFERED)
#if 0
#define FSCTL_SECURITY_ID_CHECK
diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c
index 007e097..b7c9fc5 100644
--- a/source3/lib/secdesc.c
+++ b/source3/lib/secdesc.c
@@ -563,6 +563,7 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
struct security_acl *new_dacl = NULL, *the_acl = NULL;
struct security_ace *new_ace_list = NULL;
unsigned int new_ace_list_ndx = 0, i;
+ bool set_inherited_flags = (parent_ctr->type & SEC_DESC_DACL_AUTO_INHERITED);
*ppsd = NULL;
*psize = 0;
@@ -625,7 +626,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
/* First add the regular ACE entry. */
init_sec_ace(new_ace, ptrustee, ace->type,
- ace->access_mask, 0);
+ ace->access_mask,
+ set_inherited_flags ? SEC_ACE_FLAG_INHERITED_ACE : 0);
DEBUG(5,("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x"
" inherited as %s:%d/0x%02x/0x%08x\n",
@@ -648,7 +650,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
}
init_sec_ace(new_ace, ptrustee, ace->type,
- ace->access_mask, new_flags);
+ ace->access_mask, new_flags |
+ (set_inherited_flags ? SEC_ACE_FLAG_INHERITED_ACE : 0));
DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x "
" inherited as %s:%d/0x%02x/0x%08x\n",
@@ -675,7 +678,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
*ppsd = make_sec_desc(ctx,
SECURITY_DESCRIPTOR_REVISION_1,
- SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT,
+ SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT|
+ (set_inherited_flags ? SEC_DESC_DACL_AUTO_INHERITED : 0),
owner_sid,
group_sid,
NULL,
diff --git a/source3/lib/sysquotas.c b/source3/lib/sysquotas.c
--
Samba Shared Repository
More information about the samba-cvs
mailing list