Hello community, here is the log from the commit of package samba checked in at Fri Apr 7 17:10:24 CEST 2006. -------- --- samba/samba.changes 2006-03-23 14:49:01.000000000 +0100 +++ samba/samba.changes 2006-04-03 12:11:12.000000000 +0200 @@ -1,0 +2,18 @@ +Mon Apr 3 12:09:28 CEST 2006 - lmuelle@suse.de + +- Allow testparm to dump a paramatrical option. +- Update to 3.0.22; CVE-2006-1059; [#161778]. + +------------------------------------------------------------------- +Wed Mar 29 11:50:36 CEST 2006 - gd@suse.de + +- Only send CLDAP request to an connect AD DC; [#159684]. +- Don't assume account objectclass for eDir; [#160169]. +- Invalidate krb5 credential cache when pam_auth has failed; [#161018]. + +------------------------------------------------------------------- +Tue Mar 28 14:26:43 CEST 2006 - lmuelle@suse.de + +- Enhance comment for the 'cups options = raw' line; [#160720]. + +------------------------------------------------------------------- Old: ---- samba-3.0.21c.tar.bz2 New: ---- samba-3.0.22.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ samba-doc.spec ++++++ --- /var/tmp/diff_new_pack.YX9Q8Q/_old 2006-04-07 17:08:30.000000000 +0200 +++ /var/tmp/diff_new_pack.YX9Q8Q/_new 2006-04-07 17:08:30.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package samba-doc (Version 3.0.21c) +# spec file for package samba-doc (Version 3.0.22) # # Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -12,11 +12,11 @@ Name: samba-doc BuildRequires: ccache cracklib-devel cups-devel krb5-devel libacl-devel libnscd-devel libxml2-devel mysql-devel openldap2-devel pam-devel popt-devel postgresql-devel python-devel readline-devel -%define samba_ver 3.0.21c +%define samba_ver 3.0.22 License: GPL URL: http://www.samba.org/ -Version: 3.0.21c -Release: 16 +Version: 3.0.22 +Release: 1 Summary: Samba Documentation Group: Documentation/Other Autoreqprov: on ++++++ samba.spec ++++++ --- /var/tmp/diff_new_pack.YX9Q8Q/_old 2006-04-07 17:08:30.000000000 +0200 +++ /var/tmp/diff_new_pack.YX9Q8Q/_new 2006-04-07 17:08:30.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package samba (Version 3.0.21c) +# spec file for package samba (Version 3.0.22) # # Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -12,15 +12,15 @@ Name: samba BuildRequires: ccache cracklib-devel cups-devel krb5-devel libacl-devel libnscd-devel libxml2-devel mysql-devel openldap2-devel pam-devel popt-devel postgresql-devel python-devel readline-devel -%define samba_ver 3.0.21c +%define samba_ver 3.0.22 %define vscan_ver 0.3.6b %define ldapsmb_ver 1.34a License: GPL Group: Productivity/Networking/Samba URL: http://www.samba.org/ Autoreqprov: on -Version: 3.0.21c -Release: 11 +Version: 3.0.22 +Release: 1 Provides: sambaxp = %{version}-%{release} samba3 = %{version}-%{release} Obsoletes: samba-classic samba-ldap sambaxp samba3 < %{version} Requires: samba-client >= %{version} @@ -165,7 +165,7 @@ Group: Productivity/Networking/Samba Autoreqprov: on Version: 1.34a -Release: 5 +Release: 6 Requires: perl-ldap %endif %if %{suse_version} > 920 @@ -180,7 +180,7 @@ Group: Productivity/Networking/Samba Autoreqprov: on Version: 0.3.6b -Release: 29 +Release: 30 Provides: samba3-vscan = 0.3.6b Obsoletes: samba3-vscan Requires: samba = %{samba_ver} @@ -1213,6 +1213,15 @@ %endif %changelog -n samba +* Mon Apr 03 2006 - lmuelle@suse.de +- Allow testparm to dump a paramatrical option. +- Update to 3.0.22; CVE-2006-1059; [#161778]. +* Wed Mar 29 2006 - gd@suse.de +- Only send CLDAP request to an connect AD DC; [#159684]. +- Don't assume account objectclass for eDir; [#160169]. +- Invalidate krb5 credential cache when pam_auth has failed; [#161018]. +* Tue Mar 28 2006 - lmuelle@suse.de +- Enhance comment for the 'cups options = raw' line; [#160720]. * Thu Mar 23 2006 - gd@suse.de - Align pam_winbind patch with upstream version. * Tue Mar 21 2006 - jeallison@novell.com ++++++ patches.tar.bz2 ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/samba.org/14756 new/patches/samba.org/14756 --- old/patches/samba.org/14756 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/14756 2006-03-29 17:14:29.000000000 +0200 @@ -0,0 +1,52 @@ +------------------------------------------------------------------------ +r14756 | gd | 2006-03-29 16:52:03 +0200 (Wed, 29 Mar 2006) | 5 lines + +Make smbpasswd -a root work for eDirectory where there is no "account" +structural objectclass. + +Guenther + +------------------------------------------------------------------------ +Index: source/passdb/pdb_ldap.c +=================================================================== +--- source/passdb/pdb_ldap.c (revision 14755) ++++ source/passdb/pdb_ldap.c (revision 14756) +@@ -940,9 +940,16 @@ + * took out adding "objectclass: sambaAccount" + * do this on a per-mod basis + */ +- if (need_update(sampass, PDB_USERNAME)) ++ if (need_update(sampass, PDB_USERNAME)) { + smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, + "uid", pdb_get_username(sampass)); ++ if (ldap_state->is_nds_ldap) { ++ smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, ++ "cn", pdb_get_username(sampass)); ++ smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, ++ "sn", pdb_get_username(sampass)); ++ } ++ } + + DEBUG(2, ("init_ldap_from_sam: Setting entry for user: %s\n", pdb_get_username(sampass))); + +@@ -1525,10 +1532,16 @@ + /* may be password change below however */ + } else { + switch(ldap_op) { +- case LDAP_MOD_ADD: +- smbldap_set_mod(&mods, LDAP_MOD_ADD, +- "objectclass", +- LDAP_OBJ_ACCOUNT); ++ case LDAP_MOD_ADD: ++ if (ldap_state->is_nds_ldap) { ++ smbldap_set_mod(&mods, LDAP_MOD_ADD, ++ "objectclass", ++ "inetOrgPerson"); ++ } else { ++ smbldap_set_mod(&mods, LDAP_MOD_ADD, ++ "objectclass", ++ LDAP_OBJ_ACCOUNT); ++ } + rc = smbldap_add(ldap_state->smbldap_state, + dn, mods); + break; diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/samba.org/14757 new/patches/samba.org/14757 --- old/patches/samba.org/14757 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/14757 2006-03-29 20:12:57.000000000 +0200 @@ -0,0 +1,37 @@ +------------------------------------------------------------------------ +r14757 | gd | 2006-03-29 17:30:26 +0200 (Wed, 29 Mar 2006) | 4 lines + +Make sure we only send out a CLDAP request to an connected AD server. + +Guenther + +------------------------------------------------------------------------ +Index: source/utils/net_ads.c +=================================================================== +--- source/utils/net_ads.c (revision 14756) ++++ source/utils/net_ads.c (revision 14757) +@@ -69,18 +69,20 @@ + static int net_ads_lookup(int argc, const char **argv) + { + ADS_STRUCT *ads; ++ ADS_STATUS status; + + ads = ads_init(NULL, opt_target_workgroup, opt_host); + if (ads) { + ads->auth.flags |= ADS_AUTH_NO_BIND; + } + +- ads_connect(ads); +- +- if (!ads) { ++ status = ads_connect(ads); ++ if (!ADS_ERR_OK(status) || !ads) { + d_fprintf(stderr, "Didn't find the cldap server!\n"); + return -1; +- } if (!ads->config.realm) { ++ } ++ ++ if (!ads->config.realm) { + ads->config.realm = CONST_DISCARD(char *, opt_target_workgroup); + ads->ldap_port = 389; + } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/samba.org/14869 new/patches/samba.org/14869 --- old/patches/samba.org/14869 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/14869 2006-04-03 11:20:33.000000000 +0200 @@ -0,0 +1,46 @@ +------------------------------------------------------------------------ +r14869 | lmuelle | 2006-04-02 23:12:23 +0200 (So, 02 Apr 2006) | 5 lines + +Allow to dump a paramatrical option. + +Flaw: We print an empty line if the paramatrical option is not defined +in the requested section. + +------------------------------------------------------------------------ +Index: source/param/loadparm.c +=================================================================== +--- source/param/loadparm.c.orig ++++ source/param/loadparm.c +@@ -3829,13 +3829,31 @@ BOOL dump_a_parameter(int snum, char *pa + int i, result = False; + parm_class p_class; + unsigned flag = 0; ++ fstring local_parm_name; ++ char *parm_opt; + ++ /* check for parametrical option */ ++ fstrcpy( local_parm_name, parm_name); ++ parm_opt = strchr( local_parm_name, ':'); ++ ++ if (parm_opt) { ++ *parm_opt = '\0'; ++ parm_opt++; ++ if (strlen(parm_opt)) { ++ printf( "%s\n", lp_parm_const_string( snum, ++ local_parm_name, parm_opt, "")); ++ result = True; ++ } ++ return result; ++ } ++ ++ /* check for a key and print the value */ + if (isGlobal) { + p_class = P_GLOBAL; + flag = FLAG_GLOBAL; + } else + p_class = P_LOCAL; +- ++ + for (i = 0; parm_table[i].label; i++) { + if (strwicmp(parm_table[i].label, parm_name) == 0 && + (parm_table[i].p_class == p_class || parm_table[i].flags & flag) && diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/samba.org/14922 new/patches/samba.org/14922 --- old/patches/samba.org/14922 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/14922 2006-04-05 12:30:35.000000000 +0200 @@ -0,0 +1,20 @@ +------------------------------------------------------------------------ +r14922 | lmuelle | 2006-04-05 09:29:22 +0200 (Mi, 05 Apr 2006) | 2 lines + +Use BOOL for the returned value. + +------------------------------------------------------------------------ +Index: source/param/loadparm.c +=================================================================== +--- source/param/loadparm.c.orig ++++ source/param/loadparm.c +@@ -3826,7 +3826,8 @@ static void dump_a_service(service * pSe + BOOL dump_a_parameter(int snum, char *parm_name, FILE * f, BOOL isGlobal) + { + service * pService = ServicePtrs[snum]; +- int i, result = False; ++ int i; ++ BOOL result = False; + parm_class p_class; + unsigned flag = 0; + fstring local_parm_name; diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/samba.org/14923 new/patches/samba.org/14923 --- old/patches/samba.org/14923 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/14923 2006-04-05 12:30:40.000000000 +0200 @@ -0,0 +1,37 @@ +------------------------------------------------------------------------ +r14923 | lmuelle | 2006-04-05 09:44:14 +0200 (Mi, 05 Apr 2006) | 5 lines + +Return False in the case a parametrical option is not configured in +the config file. + +For a "somesettings: foo = " we still return an empty line. + +------------------------------------------------------------------------ +Index: source/param/loadparm.c +=================================================================== +--- source/param/loadparm.c.orig ++++ source/param/loadparm.c +@@ -3832,6 +3832,7 @@ BOOL dump_a_parameter(int snum, char *pa + unsigned flag = 0; + fstring local_parm_name; + char *parm_opt; ++ const char *parm_opt_value; + + /* check for parametrical option */ + fstrcpy( local_parm_name, parm_name); +@@ -3841,9 +3842,12 @@ BOOL dump_a_parameter(int snum, char *pa + *parm_opt = '\0'; + parm_opt++; + if (strlen(parm_opt)) { +- printf( "%s\n", lp_parm_const_string( snum, +- local_parm_name, parm_opt, "")); +- result = True; ++ parm_opt_value = lp_parm_const_string( snum, ++ local_parm_name, parm_opt, NULL); ++ if (parm_opt_value) { ++ printf( "%s\n", parm_opt_value); ++ result = True; ++ } + } + return result; + } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/series new/patches/series --- old/patches/series 2006-03-22 22:17:26.000000000 +0100 +++ new/patches/series 2006-04-05 12:29:01.000000000 +0200 @@ -22,6 +22,11 @@ samba.org/14576 -p0 samba.org/14596 -p0 samba.org/14602 -p0 +samba.org/14756 -p0 +samba.org/14757 -p0 +samba.org/14869 -p0 +samba.org/14922 -p0 +samba.org/14923 -p0 # SuSE specific changes # disabled -> WIP lmuelle diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/suse/man-pages.diff new/patches/suse/man-pages.diff --- old/patches/suse/man-pages.diff 2006-02-22 17:29:24.000000000 +0100 +++ new/patches/suse/man-pages.diff 2006-04-03 12:04:33.000000000 +0200 @@ -30,16 +30,20 @@ \-r This option is used to modify an existing user in the database\&. This command needs a user name specified with the \-u switch\&. Other options can be specified to modify the properties of the specified user\&. This flag is kept for backwards compatibility, but it is no longer necessary to specify it\&. ---- docs/manpages/testparm.1 +Index: docs/manpages/testparm.1 +=================================================================== +--- docs/manpages/testparm.1.orig +++ docs/manpages/testparm.1 -@@ -72,6 +72,15 @@ If this option is specified, testparm wi +@@ -72,6 +72,17 @@ If this option is specified, testparm wi Output data in specified encoding\&. .TP +\-\-parameter-name parametername +Dumps the named parameter\&. If no section-name is set the view -+is limited by default to the global section.\&. ++is limited by default to the global section\&. + ++It is also possible to dump a parametrical option\&. Therfore ++the option has to be separated by a colon from the parametername\&. +.TP +\-\-section-name sectionname +Dumps the named section\&. diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/suse/samba3-pam_winbind.diff new/patches/suse/samba3-pam_winbind.diff --- old/patches/suse/samba3-pam_winbind.diff 2006-03-23 14:47:59.000000000 +0100 +++ new/patches/suse/samba3-pam_winbind.diff 2006-03-29 17:14:29.000000000 +0200 @@ -3982,7 +3982,7 @@ return find_our_domain(); } -@@ -181,9 +259,372 @@ static void set_auth_errors(struct winbi +@@ -181,9 +259,388 @@ static void set_auth_errors(struct winbi resp->data.auth.pam_error = nt_status_to_pam(result); } @@ -4075,7 +4075,7 @@ + goto done; + + memory_ccache: -+ gen_cc = talloc_strdup(mem_ctx, "MEMORY:winbind_cache"); ++ gen_cc = talloc_strdup(mem_ctx, "MEMORY:winbindd_pam_ccache"); + + done: + if (gen_cc == NULL) { @@ -4233,7 +4233,7 @@ + DEBUG(1,("winbindd_raw_kerberos_login: kinit failed for '%s' with: %s (%d)\n", + principal_s, error_message(krb5_ret), krb5_ret)); + result = krb5_to_nt_status(krb5_ret); -+ goto done; ++ goto failed; + } + + /* does http_timestring use heimdals libroken strftime?? - Guenther */ @@ -4245,7 +4245,7 @@ + client_princ = talloc_strdup(state->mem_ctx, global_myname()); + if (client_princ == NULL) { + result = NT_STATUS_NO_MEMORY; -+ goto done; ++ goto failed; + } + strlower_m(client_princ); + @@ -4253,7 +4253,7 @@ + if (local_service == NULL) { + DEBUG(0,("winbindd_raw_kerberos_login: out of memory\n")); + result = NT_STATUS_NO_MEMORY; -+ goto done; ++ goto failed; + } + + krb5_ret = cli_krb5_get_ticket(local_service, @@ -4263,10 +4263,10 @@ + 0, + cc); + if (krb5_ret) { -+ DEBUG(1,("winbindd_raw_kerberos_login: failed to get ticket for: %s\n", -+ local_service)); ++ DEBUG(1,("winbindd_raw_kerberos_login: failed to get ticket for %s: %s\n", ++ local_service, error_message(krb5_ret))); + result = krb5_to_nt_status(krb5_ret); -+ goto done; ++ goto failed; + } + + if (!internal_ccache) { @@ -4285,7 +4285,7 @@ + if (!NT_STATUS_IS_OK(result)) { + DEBUG(0,("winbindd_raw_kerberos_login: ads_verify_ticket failed: %s\n", + nt_errstr(result))); -+ goto done; ++ goto failed; + } + + DEBUG(10,("winbindd_raw_kerberos_login: winbindd validated ticket of %s\n", @@ -4294,14 +4294,14 @@ + if (!pac_data) { + DEBUG(3,("winbindd_raw_kerberos_login: no pac data\n")); + result = NT_STATUS_INVALID_PARAMETER; -+ goto done; ++ goto failed; + } + + logon_info = get_logon_info_from_pac(pac_data); + if (logon_info == NULL) { + DEBUG(1,("winbindd_raw_kerberos_login: no logon info\n")); + result = NT_STATUS_INVALID_PARAMETER; -+ goto done; ++ goto failed; + } + + @@ -4337,6 +4337,22 @@ + + result = NT_STATUS_OK; + ++ goto done; ++ ++failed: ++ ++ /* we could have created a new credential cache with a valid tgt in it ++ * but we werent able to get or verify the service ticket for this ++ * local host and therefor didn't get the PAC, we need to remove that ++ * cache entirely now */ ++ ++ krb5_ret = ads_kdestroy(cc); ++ if (krb5_ret) { ++ DEBUG(0,("winbindd_raw_kerberos_login: " ++ "could not destroy krb5 credential cache: " ++ "%s\n", error_message(krb5_ret))); ++ } ++ +done: + data_blob_free(&session_key); + data_blob_free(&session_key_krb5); @@ -4357,7 +4373,7 @@ void winbindd_pam_auth(struct winbindd_cli_state *state) { -@@ -203,10 +644,19 @@ void winbindd_pam_auth(struct winbindd_c +@@ -203,10 +660,19 @@ void winbindd_pam_auth(struct winbindd_c /* Parse domain and username */ @@ -4380,7 +4396,7 @@ if (domain == NULL) { set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER); -@@ -222,12 +672,226 @@ void winbindd_pam_auth(struct winbindd_c +@@ -222,12 +688,226 @@ void winbindd_pam_auth(struct winbindd_c sendto_domain(state, domain); } @@ -4611,7 +4627,7 @@ struct rpc_pipe_client *netlogon_pipe; uchar chal[8]; DATA_BLOB lm_resp; -@@ -236,17 +900,23 @@ enum winbindd_result winbindd_dual_pam_a +@@ -236,17 +916,23 @@ enum winbindd_result winbindd_dual_pam_a unsigned char local_lm_response[24]; unsigned char local_nt_response[24]; struct winbindd_domain *contact_domain; @@ -4641,7 +4657,7 @@ /* Parse domain and username */ parse_domain_user(state->request.data.auth.user, name_domain, name_user); -@@ -332,7 +1002,7 @@ enum winbindd_result winbindd_dual_pam_a +@@ -332,7 +1018,7 @@ enum winbindd_result winbindd_dual_pam_a do { @@ -4650,7 +4666,7 @@ retry = False; result = cm_connect_netlogon(contact_domain, &netlogon_pipe); -@@ -352,7 +1022,7 @@ enum winbindd_result winbindd_dual_pam_a +@@ -352,7 +1038,7 @@ enum winbindd_result winbindd_dual_pam_a chal, lm_resp, nt_resp, @@ -4659,7 +4675,7 @@ attempts += 1; /* We have to try a second time as cm_connect_netlogon -@@ -381,25 +1051,177 @@ enum winbindd_result winbindd_dual_pam_a +@@ -381,25 +1067,177 @@ enum winbindd_result winbindd_dual_pam_a } while ( (attempts < 2) && retry ); @@ -4773,10 +4789,10 @@ - wcache_invalidate_samlogon(find_domain_from_name(name_domain), &info3); + + DOM_SID user_sid; - ++ + netsamlogon_cache_store(name_user, info3); + wcache_invalidate_samlogon(find_domain_from_name(name_domain), info3); -+ + + /* save name_to_sid info as early as possible */ + sid_compose(&user_sid, &info3->dom_sid.sid, info3->user_rid); + cache_name2sid(domain, name_domain, name_user, SID_NAME_USER, &user_sid); @@ -4843,7 +4859,7 @@ result = NT_STATUS_NO_LOGON_SERVERS; } -@@ -439,8 +1261,8 @@ done: +@@ -439,8 +1277,8 @@ done: DOM_SID user_sid; fstring sidstr; @@ -4854,7 +4870,7 @@ sid_to_string(sidstr, &user_sid); afsname = talloc_string_sub(state->mem_ctx, afsname, "%s", sidstr); -@@ -525,7 +1347,7 @@ void winbindd_pam_auth_crap(struct winbi +@@ -525,7 +1363,7 @@ void winbindd_pam_auth_crap(struct winbi } if (domain_name != NULL) @@ -4863,7 +4879,7 @@ if (domain != NULL) { sendto_domain(state, domain); -@@ -675,6 +1497,7 @@ enum winbindd_result winbindd_dual_pam_a +@@ -675,6 +1513,7 @@ enum winbindd_result winbindd_dual_pam_a } while ( (attempts < 2) && retry ); if (NT_STATUS_IS_OK(result)) { @@ -4871,7 +4887,7 @@ netsamlogon_cache_store(name_user, &info3); wcache_invalidate_samlogon(find_domain_from_name(name_domain), &info3); -@@ -732,7 +1555,7 @@ done: +@@ -732,7 +1571,7 @@ done: /* give us a more useful (more correct?) error code */ if ((NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) || @@ -4880,7 +4896,7 @@ result = NT_STATUS_NO_LOGON_SERVERS; } -@@ -763,12 +1586,16 @@ done: +@@ -763,12 +1602,16 @@ done: void winbindd_pam_chauthtok(struct winbindd_cli_state *state) { @@ -4899,7 +4915,7 @@ DEBUG(3, ("[%5lu]: pam chauthtok %s\n", (unsigned long)state->pid, state->request.data.chauthtok.user)); -@@ -798,10 +1625,70 @@ void winbindd_pam_chauthtok(struct winbi +@@ -798,10 +1641,70 @@ void winbindd_pam_chauthtok(struct winbi goto done; } @@ -4973,7 +4989,7 @@ state->response.data.auth.nt_status = NT_STATUS_V(result); fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result)); fstrcpy(state->response.data.auth.error_string, get_friendly_nt_error_msg(result)); -@@ -819,3 +1706,112 @@ done: +@@ -819,3 +1722,108 @@ done: else request_error(state); } @@ -5057,12 +5073,8 @@ + goto process_result; + } + -+ seteuid(entry->uid); -+ + ret = ads_kdestroy(entry->ccname); + -+ seteuid(0); -+ + if (ret) { + DEBUG(0,("winbindd_pam_logoff: failed to destroy user ccache %s with: %s\n", + entry->ccname, error_message(ret))); ++++++ samba-3.0.21c.tar.bz2 -> samba-3.0.22.tar.bz2 ++++++ samba/samba-3.0.21c.tar.bz2 samba/samba-3.0.22.tar.bz2 differ: char 11, line 1 ++++++ vendor-files.tar.bz2 ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/vendor-files/config/smb.conf.vendor new/vendor-files/config/smb.conf.vendor --- old/vendor-files/config/smb.conf.vendor 2006-01-20 20:56:51.000000000 +0100 +++ new/vendor-files/config/smb.conf.vendor 2006-03-28 14:26:21.000000000 +0200 @@ -80,7 +80,10 @@ printcap name = cups # Rescan for new or obsolet printers after every 12 & 1/2 minutes. printcap cache time = 750 -# Send all print jobs with option 'raw' to CUPS +# Send all print jobs with option 'raw' to CUPS. This disables any filter on +# the CUPS level. You only need such a filter if the output generated on the +# Microsoft side (e.g. from a generic PostScript driver) must be transformed +# to a format (e.g. PCL or vendor specific) supported by the attached printer. cups options = raw # If you don't want all your printers automatically shared to Samba clients, # set load printers to no and create extra individual printer shares manually. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun...