Re: [Samba] Very slow write performance to RAID
On Mon, 2011-07-25 at 19:51 -0400, simo wrote: On Tue, 2011-07-26 at 00:32 +0100, Jonathan Buzzard wrote: Jeremy Allison wrote: [SNIP] Test using a modern (i.e. much later than 3.0.33) smbclient. To back that up he is using CentOS 5, so there is no excuse for using such an old version. Needs to switch to the samba3x packages that have been present since CentOS 5.5 asap. From recollection it is getting on now for a year since CentOS 5.5 came out which gave you version 3.3.8 in the samba3x packages and CentOS 5.6 bumped that to 3.5.4, which has been out for several months now. For those that say upgrade to CentOS 6, you won't get any newer samba as the samba3x packages in CentOS 5.6 are at the same level as the samba packages in CentOS 6. FWIW RHEL 6.1 has a newer version with a ton of patches on top. Indeed you make the massive jump to 3.5.6 :-) Compared to moving off 3.0.33 this is small and I would expect RHEL/CentOS 5.7 to switch to this version as well when it is released. I would note however that all the RHEL/CentOS versions of Samba have a bunch of patches over the official releases. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to detect active users
Am 25.07.2011 23:34, schrieb Chris Weiss: On Mon, Jul 25, 2011 at 3:50 PM, Pascal Valois pascal.val...@devinci.fr wrote: Le 25/07/11 22:44, Jeremy Allison a écrit : On Mon, Jul 25, 2011 at 10:21:35PM +0200, Malte Forkel wrote: Hi, I'm running Samba 3.2.5 on a server which I'd like to shut down when it is not used by any client. Is there a way to detect whether any user has opened a file on the server? smbstatus will tell you. slight correction, smbstatus tells you what file are used and by who, currently. not who HAS opened a file. smbstatus will also tell you who has an active connection to what shares, even if they have yet to actually open some file. while it's possible for someone to open a file in app that reads to ram then closes, such as notepad.exe, making edits and letting them sit without saving for long enough that an smb client would disconnect the session is unlikely given the save often mentality that most have gotten from using PC's. From application crashes, to power outages, to 2 year old kids pressing buttons, save often! Thanks for your suggestions! so depending on what you mean by has opened (opened before and still use it, or opened before and may have close it), smbstatus may be the answer or not. By has opened I mean opened before and still use it. Actually, something more like would be disappointed if the server went down. Ideally, a user might e.g. open a couple of source files to analyze them and after a while (without making changes of saving anything) try to open another file in the same directory. I've done a couple of experiments with smbstatus, specifically its -S and -L options. My clients run Windows 7 SP1 and Windows XP SP3. While a Windows Expolores is opened for a share (or one of its subdirectories), smbstatus -S will list that share. But once the Explorer is closed, the entry is cleared. Similarly, using a File Open Dialog only produces a short lived entry. smbstatus -L does not seem to produce any list entries once a user has opened a file. May be I have to specify some more specific locking in smb.conf? I've also experimented with root preexec and root postexec. Those seem to be triggered at the same time the output of smbstatus -S changes. Currently, I'm not even sure Samba preserves the kind of state information required to detect the usage scenario I'm interested in. Is there any concept of an open file in Windows/Samba, after all? May be it depends on the application used to open the file? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Copying files between 2 samba serv with ACL in mind using winbind database - solution?
Hi The question how to copy files and preserve ACLs appears from time to time but I have not find the right (stable and working) solution so far on this list and on the other Internet sites. So after some thinking I have 'discovered' my own solution. But what is the situation. I have old samba 3.0.24 (debian) on old computer. Now there is new computer with new samba 3.5.6 (debian 6.x). Both are working as domain member servers (in the same domain). The problem is: copy files form old to new server keeping in mind that there are 100 users with their ACLs on the files. I'm using winbindd. There are of course different UID-SID mappings on those servers so the solutions are two (IMHO): 1. Somehow set the new server mappings on the copied files or 2. Transfer the mappings itself from old to new server Ad.1 It is possible using some windows station to copy all the files from one server to another. But it is a bit extra work and time consuming. Ad.2 Use whatever linux copy tools (tar etc) to copy files. Faster but here is the problem I have faced. First I have dumped winbindd_idmap.tdb mapping on oldserver: net idmap dump /var/lib/samba/winbindd_idmap.tdb idmap_dump.txt copied this file to new server and restored it: net idmap restore /var/lib/samba/winbindd_idmap.tdb idmap_dump.txt during this restore operation the following errors (warnings?) appeared: ignoring invalid line [] . ignoring invalid line [BB] . Why? What does it mean? Ignore or it is serious? Looking at the dumped file it seems to be ok. So I have tried other solution, just copied the database file winbindd_idmap.tdb from old to new server. After flushing the samba cache net cache flush and restarting winbind the ACLs appeared to be the same on both servers. So after untaring the files from old server it just started to work. But my question: is it safe to do it the way I did it? The fields in databases tends to change so I have no idea if winbindd_idmap.tdb on the samba 3.0 is the same as on the 3.5? Regards Piotr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Win7/W2K8 R2 sp1
update to 3.5.9 On Fri, 22 Jul 2011 10:44:25 -0400, Gaiseric Vandal gaiseric.van...@gmail.com wrote: On 07/22/2011 10:43 AM, Gaiseric Vandal wrote: On 03/10/2011 12:00 PM, Zuskov, M.S. wrote: After upgrading Win7 and W2K8 R2 clients to service pack 1 it is no longer possible to log in to domain(before the upgrade the clients can log in into domain). Clean installation of Win7/W2K8 R2 with integrated sp1 has the same effect. Our domain PDC is running on samba 3.3.7. I'm curious if anyone else has seen this already. Thank you Mikhail Zuskov Can you remove the machine from the domain and then rejoin it back to the domain? Just to clarify - remove/rejoin the Windows 7 PC, not the samba server. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 7 client not mounting 'HOME' share.
Hi, I'm running a samba server (3.5.6 on Debian Squeeze 64 bits) as a PDC with Windows 7 64 bits clients. Workstations successfully registered with the PDC, users can login, profiles are found and updated, network shares are all mounted during login (logon script = %G.bat) except for the home directory of the user. Yet, if I try to manually add it to windows (net use Z: /HOME), it succeeds without complaining. I don't really understand where the problem comes from. Anyone ? Thanks, Julien. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Very slow write performance to RAID
These are XP clients. Date: Mon, 25 Jul 2011 13:28:33 -0700 From: j...@samba.org To: groucho.64...@hotmail.com CC: samba@lists.samba.org Subject: Re: [Samba] Very slow write performance to RAID On Mon, Jul 25, 2011 at 01:06:48PM -0400, Kevin Taylor wrote: We have a RAID set up as our main fileserver (running samba 3.0.33 on linux, CentOS 5). The main disk area is an XFS partition of about 8TB. I'm using iostat to monitor disk I/O since we've gotten complaints about speed and I'm noticing that when I write something to the samba share, the write speed is horrible. For a 15GB file it is reporting to finish in about 20 minutes. iostat reports very little write I/O...on the level of maybe 7 write i/o's every 5 seconds or so. If I were to read .5GB of data off of the samba share, it transfers quickly (and I see 300 reads/s through iostat)...which would be about normal. Any idea of why I'm getting such lousy write speed? Test using a modern (i.e. much later than 3.0.33) smbclient. This pipelines writes so you should see much greater throughput if it's the client that's at fault. What client are you using ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Incoming External Trust
I'm running a Samba domain (Samba 3.4.7) with OpenLDAP. I also have an Server 2003 AD domain, and want to set up an external trust so that AD users can access resources on the Samba domain, but not visa versa (I believe this is called a one-way incoming external trust). I'm not finding a lot of information out there that makes sense. Does anybody have any hints? -- Aaron Clausen mightymartia...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Incoming External Trust
From: Aaron Clausen mightymartia...@gmail.com Date: Tue, 26 Jul 2011 08:14:39 -0700 I'm running a Samba domain (Samba 3.4.7) with OpenLDAP. I also have an Server 2003 AD domain, and want to set up an external trust so that AD users can access resources on the Samba domain, but not visa versa. See http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html#id2602062 I examined between Windows Server 2008 (Domain/Forest level is Windows Server 2003) and Samba 3.3.4. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to detect active users
On Tue, Jul 26, 2011 at 10:06:20AM +0200, Malte Forkel wrote: Currently, I'm not even sure Samba preserves the kind of state information required to detect the usage scenario I'm interested in. Is there any concept of an open file in Windows/Samba, after all? May be it depends on the application used to open the file? Yes, Samba keeps state on all open files. That's what smbstatus shows. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 client not mounting 'HOME' share.
Hi, What do your logon scripts look like? Dennis On Tue, Jul 26, 2011 at 11:15 AM, Julien Celle julien.ce...@sivalex.comwrote: Hi, I'm running a samba server (3.5.6 on Debian Squeeze 64 bits) as a PDC with Windows 7 64 bits clients. Workstations successfully registered with the PDC, users can login, profiles are found and updated, network shares are all mounted during login (logon script = %G.bat) except for the home directory of the user. Yet, if I try to manually add it to windows (net use Z: /HOME), it succeeds without complaining. I don't really understand where the problem comes from. Anyone ? Thanks, Julien. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Very odd issue with Win7 and trust relationships
Hello all, We have just concluded a very drawn out test of our domain that is having some trust relationship problems with Windows 7 desktops. Here is a breakdown of our setup: roark PDC running samba 3.4.7 (also has OpenLDAP) on VLAN 2 archives3 BDC running samba 3.4.7 (also has OpenLDAP) on VLAN2 arrowhead BDC home server running samba 3.4.3 on VLAN 9 archives4 BDC home server running samba 3.2.14 on VLAN8 ocm BDC home server running samba 3.3.8 on VLAN8 defiant BDC soon to be home server running samba 3.5.8 on VLAN3 pubinfo BDC home server running samba 3.5.4 on VLAN3 Ok, so we currently have Windows 7 machines on vlan's 3, 8, and 9. The only ones having issues is the ones on vlan3. This problem started a few weeks ago when we upgraded our core network switches. Only on my workstation and one other are we having this problem as we are the only two that have windows 7 on this vlan. In order to test some possible fixes I setup a new machine with windows 7 to perform all the tests on. Usually when I or the other user have to reboot we have to shut down and power right back up and immediately log back in to get past the trust relationship error. The machines on vlan's 8 and 9 are functioning perfectly with no issues what so ever. I have tried turning samba off on all of the servers on the 3 vlan and logging in to the domain on our test machine. Also have tried only having one at a time running samba. Neither way works as we always get the same error. I can then do nothing but change the vlan on the port the machine is plugged in to and then try to log back in and it works flawlessly every time, reboot, power on/off, or log off/on doesn't matter as they all work every time on a different vlan. We have roughly 50 new pc's with Windows 7 that we are about to deploy and I need to get this fixed before we can do so. Would anyone have any idea where to begin? We are working to upgrade our version of samba on the main PDC and BDC but that will require doing a hand compiled version and we would rather just replace the machines with new ones and that has it's own set of challenges in terms of keeping the domain functioning. Looking at the Windows7 page of the wiki I see this: If you use older versions, Windows 7 box still can join the Samba Domain but after rebooting, you will receive an error message: the trust relation between this workstation and the primary domain failed and no one can logon as any domain user. -- Monyo http://wiki.samba.org/index.php?title=User:Monyoaction=editredlink=1 16:22, 5 June 2011 (UTC) But as you can see when on the other vlan's I am not using the latest samba but it works. I am at a loss and need some fresh thoughts on this. I appreciate any and all assistance on this problem. Donny B. MDAH -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to detect active users
On Tue, Jul 26, 2011 at 3:06 AM, Malte Forkel malte.for...@berlin.de wrote: Currently, I'm not even sure Samba preserves the kind of state information required to detect the usage scenario I'm interested in. Is there any concept of an open file in Windows/Samba, after all? May be it depends on the application used to open the file? yes, it depends on the application. If the app closes the file and leaves the share, samba honors that. if the app keeps the file handle open, samba does too. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to detect active users
Am 26.07.2011 18:31, schrieb Jeremy Allison: On Tue, Jul 26, 2011 at 10:06:20AM +0200, Malte Forkel wrote: Currently, I'm not even sure Samba preserves the kind of state information required to detect the usage scenario I'm interested in. Is there any concept of an open file in Windows/Samba, after all? May be it depends on the application used to open the file? Yes, Samba keeps state on all open files. That's what smbstatus shows. Well, is it a problem with my Samba configuration then? Or a different concept of open? I just used SciTE (a text editor) on a Windows 7 PC to open a text file on the server. When I ran smbstatus immediately after opening the file, it showed entries for the share(s) and the file itself. When I called smbstatus again about a minute later and while the editor window was still open, those entries were gone again. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to detect active users
On Tue, Jul 26, 2011 at 06:54:07PM +0200, Malte Forkel wrote: Am 26.07.2011 18:31, schrieb Jeremy Allison: On Tue, Jul 26, 2011 at 10:06:20AM +0200, Malte Forkel wrote: Currently, I'm not even sure Samba preserves the kind of state information required to detect the usage scenario I'm interested in. Is there any concept of an open file in Windows/Samba, after all? May be it depends on the application used to open the file? Yes, Samba keeps state on all open files. That's what smbstatus shows. Well, is it a problem with my Samba configuration then? Or a different concept of open? I just used SciTE (a text editor) on a Windows 7 PC to open a text file on the server. When I ran smbstatus immediately after opening the file, it showed entries for the share(s) and the file itself. When I called smbstatus again about a minute later and while the editor window was still open, those entries were gone again. The editor closed the file in the meantime. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to detect active users
On Tue, Jul 26, 2011 at 12:54 PM, Malte Forkel malte.for...@berlin.de wrote: Am 26.07.2011 18:31, schrieb Jeremy Allison: On Tue, Jul 26, 2011 at 10:06:20AM +0200, Malte Forkel wrote: Currently, I'm not even sure Samba preserves the kind of state information required to detect the usage scenario I'm interested in. Is there any concept of an open file in Windows/Samba, after all? May be it depends on the application used to open the file? Yes, Samba keeps state on all open files. That's what smbstatus shows. Well, is it a problem with my Samba configuration then? Or a different concept of open? I just used SciTE (a text editor) on a Windows 7 PC to open a text file on the server. When I ran smbstatus immediately after opening the file, it showed entries for the share(s) and the file itself. When I called smbstatus again about a minute later and while the editor window was still open, those entries were gone again. This program could read the whole file to memory and close the file allowing you to edit the closed file. Then when you save it could open it again and save. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 client not mounting 'HOME' share.
Le 26/07/2011 18:32, Dennis Dryden a écrit : Hi, What do your logon scripts look like? Dennis On Tue, Jul 26, 2011 at 11:15 AM, Julien Cellejulien.ce...@sivalex.comwrote: Hi, I'm running a samba server (3.5.6 on Debian Squeeze 64 bits) as a PDC with Windows 7 64 bits clients. Workstations successfully registered with the PDC, users can login, profiles are found and updated, network shares are all mounted during login (logon script = %G.bat) except for the home directory of the user. Yet, if I try to manually add it to windows (net use Z: /HOME), it succeeds without complaining. I don't really understand where the problem comes from. Anyone ? Thanks, Julien. Hi, HOME share is 'homes' and path is '/home/%U'. I tried it with '/home/%u', no difference. I also have difficulties running scripts at startup: if I do not modify the 'EnableLinkedConnections' registry setting to '1', scripts in netlogon share are not run. In fact, If I only modify registry setting as suggested in http://wiki.samba.org/index.php/Windows7, I can join the domain, a user can login, but shares are not automatically mounted. Manually calling the script in \\myserver\netlogon works. Manually calling 'net use Z: /HOME' works. Scripts are of the type %G.bat. Typical script is : @echo off net use Y: \\mypdc\theshare They used to work perfectly with Windows XP clients. Here is my smb.conf : [global] dos charset = 850 unix charset = UTF8 display charset = UTF8 workgroup = MYDOMAIN server string = %h server netbios name = mypdc interfaces = lo, eth0 bind interfaces only = Yes domain logons = Yes os level = 20 preferred master = Yes domain master = Yes local master = Yes security = user dns proxy = No wins support = Yes passdb backend = ldapsam:ldap://ldapserver.domain.local/ client NTLMv2 auth = Yes #log level = 3 #debug timestamp = yes log file = /var/log/samba/log.%m max log size = 1000 name resolve order = wins lmhosts host bcast time server = Yes #socket options = TCP_NODELAY IPTOS_LOWDELAY SO_REUSEADDR IPTOS_THROUGHPUT SO_RCVBUF=32768 SO_SNDBUF=32768 socket options = TCP_NODELAY SO_RCVBUF=32768 SO_SNDBUF=32768 #socket options = TCP_NODELAY IPTOS_LOWDELAY SO_REUSEADDR IPTOS_THROUGHPUT SO_RCVBUF=8192 SO_SNDBUF=8192 case sensitive = auto default case = lower preserve case = yes short preserve case = yes ldap ssl = start tls ldap passwd sync = Yes ldap admin dn = cn=admin,dc=domain,dc=local ldap delete dn = Yes ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Users ldap machine suffix = ou=Computers ldap suffix = dc=sivalex,dc=local add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u logon path = \\%L\profiles\%U logon drive = Z: logon home = \\%L\homes\%U logon script = %G.bat panic action = /usr/share/samba/panic-action %d winbind use default domain = Yes winbind trusted domains only = Yes hosts allow = 127.0.0.1 192.168. hide unreadable = Yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon write list = Administrator writable = No guest ok = Yes browseable = No [profiles] comment = Users profiles path = /profiles create mask = 0700 directory mask = 0700 browseable = No writable = yes profile acls = yes [profiles.V2] copy = profiles [homes] comment = Home Directories path = /home/%u valid users = %u create mask = 0700 directory mask = 0700 browseable = No writable = yes [Theshare] comment = Documents for the share path = /mnt/theshare read only = No dos filemode = yes create mask = 0770 directory mask = 0770 map acl inherit = Yes inherit acls = Yes csc policy = disable dos filemode = Yes inherit owner = Yes hide special files = Yes map archive = No admin users = @Domain Admins force unknown acl user = Yes veto files = /.VFSTrash/ vfs objects = recycle recycle:repository = .VFSTrash
Re: [Samba] How to detect active users
Am 26.07.2011 18:42, schrieb Chris Weiss: On Tue, Jul 26, 2011 at 3:06 AM, Malte Forkel malte.for...@berlin.de wrote: Currently, I'm not even sure Samba preserves the kind of state information required to detect the usage scenario I'm interested in. Is there any concept of an open file in Windows/Samba, after all? May be it depends on the application used to open the file? yes, it depends on the application. If the app closes the file and leaves the share, samba honors that. if the app keeps the file handle open, samba does too. So an application (like SciTE) might open a file, read and display its contents, and close the file while continuing to display it. And in contrast, a different application might not close the file while it is displaying its contents? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to detect active users
On Tue, Jul 26, 2011 at 12:04 PM, Malte Forkel malte.for...@berlin.de wrote: Am 26.07.2011 18:42, schrieb Chris Weiss: On Tue, Jul 26, 2011 at 3:06 AM, Malte Forkel malte.for...@berlin.de wrote: Currently, I'm not even sure Samba preserves the kind of state information required to detect the usage scenario I'm interested in. Is there any concept of an open file in Windows/Samba, after all? May be it depends on the application used to open the file? yes, it depends on the application. If the app closes the file and leaves the share, samba honors that. if the app keeps the file handle open, samba does too. So an application (like SciTE) might open a file, read and display its contents, and close the file while continuing to display it. And in contrast, a different application might not close the file while it is displaying its contents? exactly. Scite and notepad are known to close the file, Word and Excel are known to keep the file open because they only read parts of the file into ram. not sure if that applies to .txt and .csv though, but doc and xls for sure -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to detect active users
On Tue, Jul 26, 2011 at 1:04 PM, Malte Forkel malte.for...@berlin.de wrote: Am 26.07.2011 18:42, schrieb Chris Weiss: On Tue, Jul 26, 2011 at 3:06 AM, Malte Forkel malte.for...@berlin.de wrote: Currently, I'm not even sure Samba preserves the kind of state information required to detect the usage scenario I'm interested in. Is there any concept of an open file in Windows/Samba, after all? May be it depends on the application used to open the file? yes, it depends on the application. If the app closes the file and leaves the share, samba honors that. if the app keeps the file handle open, samba does too. So an application (like SciTE) might open a file, read and display its contents, and close the file while continuing to display it. And in contrast, a different application might not close the file while it is displaying its contents? Exactly. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 client not mounting 'HOME' share.
Please show the result of pdbedit -v a-user HomeDir Drive: is correctly set? From: Julien Celle julien.ce...@sivalex.com Date: Tue, 26 Jul 2011 18:59:26 +0200 (logon script = %G.bat) except for the home directory of the user. Yet, if I try to manually add it to windows (net use Z: /HOME), it succeeds without complaining. I don't really understand where the problem comes from. Anyone ? --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to detect active users
Am 26.07.2011 19:08, schrieb John Drescher: On Tue, Jul 26, 2011 at 1:04 PM, Malte Forkel malte.for...@berlin.de wrote: Am 26.07.2011 18:42, schrieb Chris Weiss: On Tue, Jul 26, 2011 at 3:06 AM, Malte Forkel malte.for...@berlin.de wrote: Currently, I'm not even sure Samba preserves the kind of state information required to detect the usage scenario I'm interested in. Is there any concept of an open file in Windows/Samba, after all? May be it depends on the application used to open the file? yes, it depends on the application. If the app closes the file and leaves the share, samba honors that. if the app keeps the file handle open, samba does too. So an application (like SciTE) might open a file, read and display its contents, and close the file while continuing to display it. And in contrast, a different application might not close the file while it is displaying its contents? Exactly. John Well, thanks to all of you for your help. In summary then, it looks to me like I won't be able to reliably detect if there is any client out there who would be disappointed if the server shuts down. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to detect active users
On Tue, Jul 26, 2011 at 07:18:15PM +0200, Malte Forkel wrote: Am 26.07.2011 19:08, schrieb John Drescher: On Tue, Jul 26, 2011 at 1:04 PM, Malte Forkel malte.for...@berlin.de wrote: Am 26.07.2011 18:42, schrieb Chris Weiss: On Tue, Jul 26, 2011 at 3:06 AM, Malte Forkel malte.for...@berlin.de wrote: Currently, I'm not even sure Samba preserves the kind of state information required to detect the usage scenario I'm interested in. Is there any concept of an open file in Windows/Samba, after all? May be it depends on the application used to open the file? yes, it depends on the application. If the app closes the file and leaves the share, samba honors that. if the app keeps the file handle open, samba does too. So an application (like SciTE) might open a file, read and display its contents, and close the file while continuing to display it. And in contrast, a different application might not close the file while it is displaying its contents? Exactly. John Well, thanks to all of you for your help. In summary then, it looks to me like I won't be able to reliably detect if there is any client out there who would be disappointed if the server shuts down. Of course you will ! smbstatus does this as I keep repeating. If an application has opened and closed the file and keeps it in memory, then the user won't be disappointed if the server is shut down, they'll get an IO error on save and have to do a save as to a local (or other remote) drive. If an application keeps the file open (so it's not safely stored in memory) then smbstatus will show this and you don't shut the server down. You seem to think there's some magic option that will show you client intent, not client activity. Client activity is all you need to care about, and smbstatus show you this. Doesn't matter if applications are running or not, whether that have actual files open is all that matters. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] regpatch writing to local registry hive with -F not working (registery-utils 4.0.0~alpha15~git20110124.dfsg1-2ubuntu1)
Hi Denis, I was just wondering if any progress was made with regpatch? Yours hopefully :) Rich On Thu, 2011-05-19 at 09:08 +0200, denis.bonnenfant wrote: Wilco Baan Hofman a écrit : On Wed, 2011-05-18 at 16:01 +0200, denis bonnenfant wrote: Le mercredi 18 mai 2011 à 15:07 +0200, Wilco Baan Hofman a écrit : On Wed, 2011-05-18 at 12:33 +0200, Michael Wood wrote: Then it seems the -F option should be removed from regpatch. Or should regpatch be replaced with something similar to the Python script you included below? My patch adds a -K option to regpatch for specifying the predef key where -F registry should be mounted. I will submit it for review soon, I'm currently experimenting a little bit, and there are still some bugs in .reg parsing In fact it doesn't make sense to mount regf files to anything but HKCU , so -K option is not necessary, and HKCU can be hardcoded as mountpoint for files specified by -F option. I use this quite a bit and I'm aware of two bugs, which is not directly related to the parsing, but that on windows unicode is implicit for certain data types even when the data is given in binary format, it's still converted. The other 'bug' is that unicode .reg files are not yet supported. I'd be very interested to know what other bugs there are. I found some problems with value deletion, sometimes values are not deleted, reg_expand_sz data not correctly saved, but i'm not sure that the problem is in parsing. I'm going to experiment a little bit more. Denis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 client not mounting 'HOME' share.
# pdbedit -v jcelle ... Home Directory: \\svl1001\homes\jcelle ... Homedir is correctly set. And windows knows it (or at least it knows where to find the information): `net use Z: /HOME`without specifying where to find the share is working. This is really driving me nuts. Le 26/07/2011 19:17, TAKAHASHI Motonobu a écrit : Please show the result of pdbedit -v a-user HomeDir Drive: is correctly set? From: Julien Cellejulien.ce...@sivalex.com Date: Tue, 26 Jul 2011 18:59:26 +0200 (logon script = %G.bat) except for the home directory of the user. Yet, if I try to manually add it to windows (net use Z: /HOME), it succeeds without complaining. I don't really understand where the problem comes from. Anyone ? --- TAKAHASHI Motonobumo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Announce] Samba 3.5.10, 3.4.14 and 3.3.16 Security Releases Available
Release Announcements = Samba 3.5.10, 3.4.14 and 3.3.16 are security releases in order to address CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT). o CVE-2011-2522: The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 3.5.9 are affected by a cross-site request forgery. o CVE-2011-2694: The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 3.5.9 are affected by a cross-site scripting vulnerability. Please note that SWAT must be enabled in order for these vulnerabilities to be exploitable. By default, SWAT is *not* enabled on a Samba install. Changes --- o Kai Blin k...@samba.org * BUG 8289: SWAT contains a cross-site scripting vulnerability. * BUG 8290: CSRF vulnerability in SWAT. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.5.10.html http://www.samba.org/samba/history/samba-3.4.14.html http://www.samba.org/samba/history/samba-3.3.16.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba + inotify
Hi all, I am running a Samba share (hosted on my Ubuntu box, shared with Windows and Mac machines) and wanted to monitor file events. I tried using 1. inotify 2. pyinotify 3. incron but nothing seems to work. The file events reported on the Samba share are erratic, repeated (10+ IN_MOVED_TO events thrown for moving files into folder), and often wrong (throws IN_DELETE events for when files are dragged in using Mac finder). does anyone here use file events notification on Samba successfully? What resources can you point me to? do you have an example of working inotify config file with this? thank you so much for any advice you can give. My other options are to periodically inventory the directory with my own script - to messy and process heavy! - will -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 client not mounting 'HOME' share.
Workstations successfully registered with the PDC, users can login, profiles are found and updated, network shares are all mounted during login (logon script = %G.bat) except for the home directory of the user. I met the same problem more than once and I found that I have to remove the corresponding entries from the LDAP database (sambaHomePath and sambaHomeDrive attributes). If these attributes are set, the user does not connect to his home service. The homedir needs to be only in smb.conf. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 client not mounting 'HOME' share.
On 2011-07-26 19:31, Miguel Medalha wrote: Workstations successfully registered with the PDC, users can login, profiles are found and updated, network shares are all mounted during login (logon script = %G.bat) except for the home directory of the user. I met the same problem more than once and I found that I have to remove the corresponding entries from the LDAP database (sambaHomePath and sambaHomeDrive attributes). If these attributes are set, the user does not connect to his home service. The homedir needs to be only in smb.conf. I must add that, according to documentation, the home directory LDAP attributes need only to be set for a particular user if they differ from the general setting. Quoting from The Official Samba 3.5 HOWTO: « 11.4.4.8 LDAP Special Attributes for sambaSamAccounts The sambaSamAccount ObjectClass is composed of the attributes shown in next tables: Part A, and Part B. The majority of these parameters are only used when Samba is acting as a PDC of a domain (refer to Domain Control, for details on how to configure Samba as a PDC). The following four attributes are only stored with the sambaSamAccount entry if the values are non-default values: • sambaHomePath • sambaLogonScript • sambaProfilePath • sambaHomeDrive These attributes are only stored with the sambaSamAccount entry if the values are non-default values. For example, assume MORIA has now been configured as a PDC and that logon home = \\%L\%u was defined in its smb.conf file. When a user named ‘becky’ logs on to the domain, the logon home string is expanded to \\MORIA\becky. If the smbHome attribute exists in the entry ‘uid=becky,ou=People,dc=samba,dc=org’, this value is used. However, if this attribute does not exist, then the value of the logon home parameter is used in its place. Samba will only write the attribute value to the directory entry if the value is something other than the default (e.g., \\MOBY\becky). » -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request
I am getting errors in my samba logs like _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client XXX machine account XXX$ (Host log: http://pastebin.com/QXhbngN5). So far, machines do seem to join the domain (Machine account is created in LDAP, user can log in, etc), but I am concerned that when Windows 7 machines reach their 30 days they will begin issuing trust account has expired or is incorrect messages. Since we have a couple thousand machines, I wish to avoid that. I have followed the instructions at http://wiki.samba.org/index.php/Windows7 and tried a few other thnigs (but have not touch the sign/seal regkeys) and still get these errors in the logs when a machine boots and auths any user. I have updated the samba bins from debian backports to run version 3.5.8. I have made sure that our DNS server registers the machine account with hostname.DOMAIN, have tried turning off/on ntlmv2 on the server and using gpedit on the client, have made sure that time is synchronous on the server/client, have removed and re-added the machine account many times, and have tried some registry hacks like: HKLM\System\CCS\Services\TcpIp\Parameters Domain: XXX.com NV Domain: XXX.com Where should I look next? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Announce] Samba 3.6.0rc3 Available for Download
Release Announcements - This is the third release candidate of Samba 3.6.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.6.0 include: Changed security defaults - Samba 3.6 has adopted a number of improved security defaults that will impact on existing users of Samba. client ntlmv2 auth = yes client use spnego principal = no send spnego principal = no The impact of 'client ntlmv2 auth = yes' is that by default we will not use NTLM authentication as a client. This applies to the Samba client tools such as smbclient and winbind, but does not change the separately released in-kernel CIFS client. To re-enable the poorer NTLM encryption set '--option=clientusentlmv2auth=no' on your smbclient command line, or set 'client ntlmv2 auth = no' in your smb.conf The impact of 'client use spnego principal = no' is that Samba will use CIFS/hostname to obtain a kerberos ticket, acting more like Windows when using Kerberos against a CIFS server in smbclient, winbind and other Samba client tools. This will change which servers we will successfully negotiate kerberos connections to. This is due to Samba no longer trusting a server-provided hint which is not available from Windows 2008 or later. For correct operation with all clients, all aliases for a server should be recorded as a as a servicePrincipalName on the server's record in AD. (For this reason, this behavior change and parameter was also made in Samba 3.5.9) The impact of 'send spnego principal = no' is to match Windows 2008 and not to send this principal, making existing clients give more consistent behaviour (more likely to fall back to NTLMSSP) between Samba and Windows 2008, and between Windows versions that did and no longer use this insecure hint. SMB2 support SMB2 support in 3.6.0 is fully functional (with one omission), and can be enabled by setting: max protocol = SMB2 in the [global] section of your smb.conf and re-starting Samba. All features should work over SMB2 except the modification of user quotas using the Windows quota management tools. As this is the first release containing what we consider to be a fully featured SMB2 protocol, we are not enabling this by default, but encourage users to enable SMB2 and test it. Once we have enough confirmation from Samba users and OEMs that SMB2 support is stable in wide user testing we will enable SMB2 by default in a future Samba release. Internal Winbind passdb changes --- Winbind has been changed to use the internal samr and lsa rpc pipe to get local user and group information instead of calling passdb functions. The reason is to use more of our infrastructure and test this infrastructure by using it. With this approach more code in Winbind is shared. New Spoolss code The spoolss and the old RAP printing code have been completely overhauled and refactored. All calls from lanman/printing code has been changed to go through the spoolss RPC interfaces, this allows us to keep all checks in one place and avoid special cases in the main printing code. Printing code has been therefore confined within the spoolss code. All the printing code, including the spoolss RPC interfaces has been changed to use the winreg RPC interfaces to store all data. All data has been migrated from custom, arbitrary TDB files to the registry interface. This transition allow us to present correct data to windows client accessing the server registry through the winreg RPC interfaces to query for printer data. Data is served out from a real registry implementation and therefore arguably 100% forward compatible. Migration code from the previous TDB files formats is provided. This code is automatically invoked the first time the new code is run on the server. Although manual migration is also available using the 'net printer migrate' command. These changes not only make all the spoolss code much more closer to the spec, it also greatly improves our internal testing of both spoolss and winreg interfaces, and reduces overall code duplication. As part of this work, new tests have been also added to increase coverage. This code will also allow, in future, an easy transition to split out the spooling functions into a separate daemon for those OEMs that do not need printing functionality in their appliances, reducing the code footprint. ID Mapping Changes -- The id mapping configuration has been a source of much grief in the past. For this release, id mapping has been rewritten yet again with the goal of making the configuration more simple and more coherent while keeping the needed flexibility and even adding to the flexibility in some respects. The major change that implies the configuration simplifications is at the
Re: [Samba] Very odd issue with Win7 and trust relationships
On 7/26/2011 11:28 AM, Donny Brooks wrote: Hello all, We have just concluded a very drawn out test of our domain that is having some trust relationship problems with Windows 7 desktops. Here is a breakdown of our setup: roark PDC running samba 3.4.7 (also has OpenLDAP) on VLAN 2 archives3 BDC running samba 3.4.7 (also has OpenLDAP) on VLAN2 arrowhead BDC home server running samba 3.4.3 on VLAN 9 archives4 BDC home server running samba 3.2.14 on VLAN8 ocm BDC home server running samba 3.3.8 on VLAN8 defiant BDC soon to be home server running samba 3.5.8 on VLAN3 pubinfo BDC home server running samba 3.5.4 on VLAN3 Ok, so we currently have Windows 7 machines on vlan's 3, 8, and 9. The only ones having issues is the ones on vlan3. This problem started a few weeks ago when we upgraded our core network switches. Only on my workstation and one other are we having this problem as we are the only two that have windows 7 on this vlan. In order to test some possible fixes I setup a new machine with windows 7 to perform all the tests on. Usually when I or the other user have to reboot we have to shut down and power right back up and immediately log back in to get past the trust relationship error. The machines on vlan's 8 and 9 are functioning perfectly with no issues what so ever. I have tried turning samba off on all of the servers on the 3 vlan and logging in to the domain on our test machine. Also have tried only having one at a time running samba. Neither way works as we always get the same error. I can then do nothing but change the vlan on the port the machine is plugged in to and then try to log back in and it works flawlessly every time, reboot, power on/off, or log off/on doesn't matter as they all work every time on a different vlan. We have roughly 50 new pc's with Windows 7 that we are about to deploy and I need to get this fixed before we can do so. Would anyone have any idea where to begin? We are working to upgrade our version of samba on the main PDC and BDC but that will require doing a hand compiled version and we would rather just replace the machines with new ones and that has it's own set of challenges in terms of keeping the domain functioning. Looking at the Windows7 page of the wiki I see this: If you use older versions, Windows 7 box still can join the Samba Domain but after rebooting, you will receive an error message: the trust relation between this workstation and the primary domain failed and no one can logon as any domain user. -- Monyo http://wiki.samba.org/index.php?title=User:Monyoaction=editredlink=1 16:22, 5 June 2011 (UTC) But as you can see when on the other vlan's I am not using the latest samba but it works. I am at a loss and need some fresh thoughts on this. I appreciate any and all assistance on this problem. Donny B. MDAH Also, in addition to the above testing we decided to create a new vlan (vlan 11) and put defiant and the test machine on it. Worked flawlessly pulling multiple users profiles from both roark and arrowhead servers. So something is wrong just on vlan 3. This is very odd. A friend suggested to find a .tdb file editor and see if there are any wonky settings in those files. Could anyone suggest a good program to do that? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Announce] Samba 3.6.0rc3 Available for Download
Release Announcements - This is the third release candidate of Samba 3.6.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.6.0 include: Changed security defaults - Samba 3.6 has adopted a number of improved security defaults that will impact on existing users of Samba. client ntlmv2 auth = yes client use spnego principal = no send spnego principal = no The impact of 'client ntlmv2 auth = yes' is that by default we will not use NTLM authentication as a client. This applies to the Samba client tools such as smbclient and winbind, but does not change the separately released in-kernel CIFS client. To re-enable the poorer NTLM encryption set '--option=clientusentlmv2auth=no' on your smbclient command line, or set 'client ntlmv2 auth = no' in your smb.conf The impact of 'client use spnego principal = no' is that Samba will use CIFS/hostname to obtain a kerberos ticket, acting more like Windows when using Kerberos against a CIFS server in smbclient, winbind and other Samba client tools. This will change which servers we will successfully negotiate kerberos connections to. This is due to Samba no longer trusting a server-provided hint which is not available from Windows 2008 or later. For correct operation with all clients, all aliases for a server should be recorded as a as a servicePrincipalName on the server's record in AD. (For this reason, this behavior change and parameter was also made in Samba 3.5.9) The impact of 'send spnego principal = no' is to match Windows 2008 and not to send this principal, making existing clients give more consistent behaviour (more likely to fall back to NTLMSSP) between Samba and Windows 2008, and between Windows versions that did and no longer use this insecure hint. SMB2 support SMB2 support in 3.6.0 is fully functional (with one omission), and can be enabled by setting: max protocol = SMB2 in the [global] section of your smb.conf and re-starting Samba. All features should work over SMB2 except the modification of user quotas using the Windows quota management tools. As this is the first release containing what we consider to be a fully featured SMB2 protocol, we are not enabling this by default, but encourage users to enable SMB2 and test it. Once we have enough confirmation from Samba users and OEMs that SMB2 support is stable in wide user testing we will enable SMB2 by default in a future Samba release. Internal Winbind passdb changes --- Winbind has been changed to use the internal samr and lsa rpc pipe to get local user and group information instead of calling passdb functions. The reason is to use more of our infrastructure and test this infrastructure by using it. With this approach more code in Winbind is shared. New Spoolss code The spoolss and the old RAP printing code have been completely overhauled and refactored. All calls from lanman/printing code has been changed to go through the spoolss RPC interfaces, this allows us to keep all checks in one place and avoid special cases in the main printing code. Printing code has been therefore confined within the spoolss code. All the printing code, including the spoolss RPC interfaces has been changed to use the winreg RPC interfaces to store all data. All data has been migrated from custom, arbitrary TDB files to the registry interface. This transition allow us to present correct data to windows client accessing the server registry through the winreg RPC interfaces to query for printer data. Data is served out from a real registry implementation and therefore arguably 100% forward compatible. Migration code from the previous TDB files formats is provided. This code is automatically invoked the first time the new code is run on the server. Although manual migration is also available using the 'net printer migrate' command. These changes not only make all the spoolss code much more closer to the spec, it also greatly improves our internal testing of both spoolss and winreg interfaces, and reduces overall code duplication. As part of this work, new tests have been also added to increase coverage. This code will also allow, in future, an easy transition to split out the spooling functions into a separate daemon for those OEMs that do not need printing functionality in their appliances, reducing the code footprint. ID Mapping Changes -- The id mapping configuration has been a source of much grief in the past. For this release, id mapping has been rewritten yet again with the goal of making the configuration more simple and more coherent while keeping the needed flexibility and even adding to the flexibility in some respects. The major change that implies the configuration simplifications is at the
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via aa3f10c s3: Fix MIT trusts from 51b94ab s4:kdc: canonicalize the principal if HDB_F_FOR_TGS_REQ is given http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit aa3f10c61e90e55f2763dd3cb70e8920edc80ab4 Author: Volker Lendecke v...@samba.org Date: Mon Jul 25 12:38:27 2011 +0200 s3: Fix MIT trusts Winbind can't really cope with trusts that don't have a SID associated. This happens with external MIT trusts for example. This filters them out when sending the trust list from child to parent. Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Tue Jul 26 11:39:53 CEST 2011 on sn-devel-104 --- Summary of changes: source3/winbindd/winbindd_misc.c |5 + 1 files changed, 5 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd_misc.c b/source3/winbindd/winbindd_misc.c index 3fb1436..d2259be 100644 --- a/source3/winbindd/winbindd_misc.c +++ b/source3/winbindd/winbindd_misc.c @@ -171,6 +171,11 @@ enum winbindd_result winbindd_dual_list_trusted_domains(struct winbindd_domain * extra_data = talloc_strdup(state-mem_ctx, ); for (i=0; itrusts.count; i++) { + + if (trusts.array[i].sid == NULL) { + continue; + } + extra_data = talloc_asprintf_append_buffer( extra_data, %s\\%s\\%s\n, trusts.array[i].netbios_name, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ac57cfd libsamba-util: Build in libbitmap. via 221a79a policy: Rename to samba-policy to avoid name space clashes. via 47a41c8 cli_composite: Lowercase name. via 23cbfef cli_smb_common: Lowercase name. via 08785dd cli_cldap: Lowercase name. via 8a6bc73 cli_spools: Lowercase name. from aa3f10c s3: Fix MIT trusts http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ac57cfda9d9a530b8759c65986c9e5a7f1105d3c Author: Jelmer Vernooij jel...@samba.org Date: Tue Jul 26 13:29:00 2011 +0200 libsamba-util: Build in libbitmap. Autobuild-User: Jelmer Vernooij jel...@samba.org Autobuild-Date: Tue Jul 26 14:45:27 CEST 2011 on sn-devel-104 commit 221a79ad008f839dae892e4b7f1a396c50442ecb Author: Jelmer Vernooij jel...@samba.org Date: Mon Jul 25 22:32:12 2011 +0200 policy: Rename to samba-policy to avoid name space clashes. commit 47a41c8daf4df59f4d80723c38749209c044d1a4 Author: Jelmer Vernooij jel...@samba.org Date: Mon Jul 25 22:27:17 2011 +0200 cli_composite: Lowercase name. commit 23cbfef542013193fad54963fbf8a886740e9b00 Author: Jelmer Vernooij jel...@samba.org Date: Mon Jul 25 21:24:35 2011 +0200 cli_smb_common: Lowercase name. commit 08785dd73d39954fa02c2cb15947613b7e27494f Author: Jelmer Vernooij jel...@samba.org Date: Mon Jul 25 21:24:20 2011 +0200 cli_cldap: Lowercase name. commit 8a6bc7331b71a7040fa9ee56eb23b976c42d Author: Jelmer Vernooij jel...@samba.org Date: Mon Jul 25 21:23:31 2011 +0200 cli_spools: Lowercase name. --- Summary of changes: lib/util/wscript_build |9 + libcli/cldap/wscript_build |2 +- libcli/smb/wscript_build |4 ++-- source3/wscript_build | 20 ++-- source4/cldap_server/wscript_build |2 +- .../policy/{policy.pc.in = samba-policy.pc.in}|4 ++-- source4/lib/policy/wscript_build |6 +++--- source4/lib/socket/wscript_build |2 +- source4/libcli/ldap/wscript_build |2 +- source4/libcli/wscript_build | 10 +- source4/libnet/wscript_build |2 +- source4/param/wscript_build|4 ++-- source4/samba_tool/wscript_build |2 +- source4/torture/wscript_build |2 +- 14 files changed, 32 insertions(+), 39 deletions(-) rename source4/lib/policy/{policy.pc.in = samba-policy.pc.in} (79%) Changeset truncated at 500 lines: diff --git a/lib/util/wscript_build b/lib/util/wscript_build index 659cb54..ee963ad 100755 --- a/lib/util/wscript_build +++ b/lib/util/wscript_build @@ -7,7 +7,7 @@ bld.SAMBA_LIBRARY('samba-util', signal.c system.c params.c util.c util_id.c util_net.c util_strlist.c util_paths.c idtree.c debug.c fault.c base64.c util_str.c util_str_common.c substitute.c ms_fnmatch.c -server_id.c dprintf.c parmlist.c''', +server_id.c dprintf.c parmlist.c bitmap.c''', deps='DYNCONFIG', public_deps='talloc execinfo uid_wrapper pthread LIBCRYPTO charset', public_headers='debug.h attr.h byteorder.h data_blob.h memory.h safe_string.h time.h talloc_stack.h xfile.h dlinklist.h util.h string_wrappers.h', @@ -85,10 +85,3 @@ bld.SAMBA_LIBRARY('tdb-wrap', private_library=True, local_include=False ) - -bld.SAMBA_LIBRARY('bitmap', - source='bitmap.c', - deps='talloc samba-util', - local_include=False, - private_library=True) - diff --git a/libcli/cldap/wscript_build b/libcli/cldap/wscript_build index 9dd94c6..c6257b2 100644 --- a/libcli/cldap/wscript_build +++ b/libcli/cldap/wscript_build @@ -1,7 +1,7 @@ #!/usr/bin/env python -bld.SAMBA_LIBRARY('LIBCLI_CLDAP', +bld.SAMBA_LIBRARY('cli_cldap', source='cldap.c', public_deps='cli-ldap', deps='LIBTSOCKET samba-util UTIL_TEVENT ldb LIBCLI_NETLOGON', diff --git a/libcli/smb/wscript_build b/libcli/smb/wscript_build index 0d74e26..84ca225 100644 --- a/libcli/smb/wscript_build +++ b/libcli/smb/wscript_build @@ -1,9 +1,9 @@ #!/usr/bin/env python -bld.SAMBA_LIBRARY('LIBCLI_SMB_COMMON', +bld.SAMBA_LIBRARY('cli_smb_common', source='smb2_create_blob.c util.c', autoproto='smb_common_proto.h', public_deps='talloc samba-util', - private_library=True + private_library=True ) diff --git a/source3/wscript_build
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 749868e s3:lib change default share security access mask from ac57cfd libsamba-util: Build in libbitmap. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 749868ede4cf2d3888135716d98d38dff020cae3 Author: Christian Ambach a...@samba.org Date: Tue Jul 26 13:43:14 2011 +0200 s3:lib change default share security access mask when there is no share SD set, the default share SD that is used e.g. for the output of sharesec -v defaults to a value that is not equivalent to the desired FULL access. This is a more or less a cosmetical follow-up for the patches in Bug #8201 that makes them more consumeable by printing FULL (that is what the user expects) instead of a bitmask in hexadecimal form. previous output: REVISION:1 OWNER:(NULL SID) GROUP:(NULL SID) ACL:S-1-1-0:ALLOWED/0/0x101f01ff with patch: REVISION:1 OWNER:(NULL SID) GROUP:(NULL SID) ACL:S-1-1-0:ALLOWED/0/FULL Autobuild-User: Christian Ambach a...@samba.org Autobuild-Date: Tue Jul 26 15:57:55 CEST 2011 on sn-devel-104 --- Summary of changes: source3/lib/sharesec.c |6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 2f62535..11ccb42 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -293,7 +293,7 @@ struct security_descriptor *get_share_security( TALLOC_CTX *ctx, const char *ser if (data.dptr == NULL) { return get_share_security_default(ctx, psize, - GENERIC_ALL_ACCESS); + SEC_RIGHTS_DIR_ALL); } status = unmarshall_sec_desc(ctx, data.dptr, data.dsize, psd); @@ -304,14 +304,14 @@ struct security_descriptor *get_share_security( TALLOC_CTX *ctx, const char *ser DEBUG(0, (unmarshall_sec_desc failed: %s\n, nt_errstr(status))); return get_share_security_default(ctx, psize, - GENERIC_ALL_ACCESS); + SEC_RIGHTS_DIR_ALL); } if (psd) { *psize = ndr_size_security_descriptor(psd, 0); } else { return get_share_security_default(ctx, psize, - GENERIC_ALL_ACCESS); + SEC_RIGHTS_DIR_ALL); } return psd; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 14d5983 s4:samba-tool: ldapcmp needs CredentialsOptionsDouble from 749868e s3:lib change default share security access mask http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 14d5983d4d014f8a4b2ab3dc9c38ad94f041355f Author: Stefan Metzmacher me...@samba.org Date: Tue Jul 26 14:23:34 2011 +0200 s4:samba-tool: ldapcmp needs CredentialsOptionsDouble metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Tue Jul 26 17:09:32 CEST 2011 on sn-devel-104 --- Summary of changes: source4/scripting/python/samba/netcmd/ldapcmp.py |6 ++ 1 files changed, 6 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/python/samba/netcmd/ldapcmp.py b/source4/scripting/python/samba/netcmd/ldapcmp.py index 44badce..0b02e04 100755 --- a/source4/scripting/python/samba/netcmd/ldapcmp.py +++ b/source4/scripting/python/samba/netcmd/ldapcmp.py @@ -842,6 +842,12 @@ class cmd_ldapcmp(Command): compare two ldap databases synopsis = ldapcmp URL1 URL2 domain|configuration|schema [options] +takes_optiongroups = { +sambaopts: options.SambaOptions, +versionopts: options.VersionOptions, +credopts: options.CredentialsOptionsDouble, +} + takes_args = [URL1, URL2, context1?, context2?, context3?] takes_options = [ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3ce1894 s3-build: Only define ldb3 when not in standalone build. via fc94f52 shares: Remove dependencies on share modules. from 14d5983 s4:samba-tool: ldapcmp needs CredentialsOptionsDouble http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3ce1894ff8befab199f8754f30331fa34aeb6530 Author: Jelmer Vernooij jel...@samba.org Date: Tue Jul 26 15:21:02 2011 +0200 s3-build: Only define ldb3 when not in standalone build. This prevents errors about it by 'make SYMBOLCHECK=1' if there is a system ldb present. Autobuild-User: Jelmer Vernooij jel...@samba.org Autobuild-Date: Tue Jul 26 18:21:48 CEST 2011 on sn-devel-104 commit fc94f5238be46db85c9bb7fb4fcbd617a28769ee Author: Jelmer Vernooij jel...@samba.org Date: Tue Jul 26 13:32:39 2011 +0200 shares: Remove dependencies on share modules. The build system will already pull these in - if necessary. --- Summary of changes: source3/wscript_build |7 +++ source4/param/wscript_build |2 +- 2 files changed, 4 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/wscript_build b/source3/wscript_build index 40a1d9b..50b21e9 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -1052,10 +1052,6 @@ bld.SAMBA3_LIBRARY('CHARSET3', deps='samba-util util_str', private_library=True) -bld.SAMBA3_SUBSYSTEM('ldb3', -source='lib/ldb_compat.c', -deps='samba-util') - bld.SAMBA3_SUBSYSTEM('errors3', source='libsmb/errormap.c libsmb/smberr.c lib/errmap_unix.c', deps='errors') @@ -1411,6 +1407,9 @@ bld.INSTALL_FILES('${SWATDIR}', swat_files, base_name='../swat') if not bld.env.toplevel_build: bld.SAMBA3_SUBSYSTEM('POPT_SAMBA', source='', deps='popt_samba3') +bld.SAMBA3_SUBSYSTEM('ldb3', +source='lib/ldb_compat.c', +deps='samba-util') bld.SAMBA3_SUBSYSTEM('ldb', source='', deps='ldb3') bld.SAMBA3_SUBSYSTEM('dcerpc', '', deps='UTIL_TEVENT') bld.SAMBA3_SUBSYSTEM('cli-ldap', '', deps='UTIL_TEVENT') diff --git a/source4/param/wscript_build b/source4/param/wscript_build index 9a45512..a354637 100644 --- a/source4/param/wscript_build +++ b/source4/param/wscript_build @@ -73,6 +73,6 @@ bld.SAMBA_SUBSYSTEM('pyparam_util', bld.SAMBA_LIBRARY('shares', source=[], - deps='share share_classic share_ldb', + deps='share', grouping_library=True, private_library=True) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-stable updated
The branch, v3-5-stable has been updated via 9f73c19 s3-swat: Fix typo. via 0e17d8e s3 swat: Create random nonce in CGI mode via 2279218 s3 swat: Add time component to XSRF token via c287fe3 s3 swat: Add XSRF protection to printer page via 01dec34 s3 swat: Add XSRF protection to password page via ecf5f0e s3 swat: Add XSRF protection to shares page via 9482f46 s3 swat: Add XSRF protection to globals page via 02a58bf s3 swat: Add XSRF protection to wizard page via 19a697f s3 swat: Add XSRF protection to wizard_params page via eae32a3 s3 swat: Add XSRF protection to viewconfig page via 587002c s3 swat: Add XSRF protection to status page via abaccc2 s3 swat: Add support for anti-XSRF token via 988f59f s3 swat: Allow getting the user's HTTP auth password via 4cd5237 s3 swat: Fix possible XSS attack (bug #8289) via 983d930 WHATSNEW: Update release notes. from 4aa69fe WHATSNEW: Start release notes for 3.5.10. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-stable - Log - commit 9f73c1990a19daa899fa5345530a867e69a5be94 Author: Karolin Seeger ksee...@samba.org Date: Sun Jul 24 21:09:38 2011 +0200 s3-swat: Fix typo. Thanks to Simo for reporting! Karolin commit 0e17d8ef7e4004a0d35011c322b93b6da5811951 Author: Kai Blin k...@samba.org Date: Tue Jul 12 08:08:24 2011 +0200 s3 swat: Create random nonce in CGI mode In CGI mode, we don't get access to the user's password, which would reduce the hash used so far to parameters an attacker can easily guess. To work around this, read the nonce from secrets.tdb or generate one if it's not there. Also populate the C_user field so we can use that for token creation. Signed-off-by: Kai Blin k...@samba.org The last 12 patches address bug #8290 (CSRF vulnerability in SWAT). This addresses CVE-2011-2522 (Cross-Site Request Forgery in SWAT). commit 227921871146563c1d57f9a8faa3b8354058740c Author: Kai Blin k...@samba.org Date: Sat Jul 9 09:52:07 2011 +0200 s3 swat: Add time component to XSRF token Signed-off-by: Kai Blin k...@samba.org commit c287fe37acc8d8cd64ffc5227498f5950df64c2b Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:06:13 2011 +0200 s3 swat: Add XSRF protection to printer page Signed-off-by: Kai Blin k...@samba.org commit 01dec3486857243151a63c8f877a4258d5864869 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:05:38 2011 +0200 s3 swat: Add XSRF protection to password page Signed-off-by: Kai Blin k...@samba.org commit ecf5f0e613ca7f908cc961e406033bcc842b097a Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:04:48 2011 +0200 s3 swat: Add XSRF protection to shares page Signed-off-by: Kai Blin k...@samba.org commit 9482f46dd0e961145345bd2cdbb01fa35ec9f048 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:04:12 2011 +0200 s3 swat: Add XSRF protection to globals page Signed-off-by: Kai Blin k...@samba.org commit 02a58bf633f7cd0cb04747d09a8b0a720b5b39b5 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:03:44 2011 +0200 s3 swat: Add XSRF protection to wizard page Signed-off-by: Kai Blin k...@samba.org commit 19a697f189156fed86d9d78e8bb6667e764075af Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:03:15 2011 +0200 s3 swat: Add XSRF protection to wizard_params page Signed-off-by: Kai Blin k...@samba.org commit eae32a3f33c7c555663f917d5fba71033c968511 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:02:53 2011 +0200 s3 swat: Add XSRF protection to viewconfig page Signed-off-by: Kai Blin k...@samba.org commit 587002c21aa4e944bf6422d77ec3bc6240bf04d5 Author: Kai Blin k...@samba.org Date: Fri Jul 8 12:58:53 2011 +0200 s3 swat: Add XSRF protection to status page Signed-off-by: Kai Blin k...@samba.org commit abaccc2a7b45f9c778c00597b2d927222a118f27 Author: Kai Blin k...@samba.org Date: Fri Jul 8 12:57:43 2011 +0200 s3 swat: Add support for anti-XSRF token Signed-off-by: Kai Blin k...@samba.org commit 988f59f7eb512fbae5a6cab6ed1dbf32a5737fe7 Author: Kai Blin k...@samba.org Date: Fri Jul 8 12:56:21 2011 +0200 s3 swat: Allow getting the user's HTTP auth password Signed-off-by: Kai Blin k...@samba.org commit 4cd5237ed156bb5a288e865b5afc88a966e1f386 Author: Kai Blin k...@samba.org Date: Thu Jul 7 10:03:33 2011 +0200 s3 swat: Fix possible XSS attack (bug #8289) Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack against SWAT, the Samba Web Administration Tool. The attack uses reflection to insert arbitrary content into the change password page. This patch fixes the reflection issue by not printing user-specified content on the website anymore.
[SCM] Samba Shared Repository - annotated tag samba-3.5.10 created
The annotated tag, samba-3.5.10 has been created at 23bf3a4546c9515f3a7c669a4c558ac69b5c4021 (tag) tagging 9f73c1990a19daa899fa5345530a867e69a5be94 (commit) replaces release-3-5-9 tagged by Karolin Seeger on Sun Jul 24 22:05:47 2011 +0200 - Log - tag samba-3.5.10 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) iD8DBQBOLHsmbzORW2Vot+oRAmKMAKC2snA81Bx69EEXL0+XehQj0PcJzQCfZRVW JXxfwAui9shOmZBivgzBvEM= =jCYM -END PGP SIGNATURE- --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-stable updated
The branch, v3-4-stable has been updated via 4078769 s3-swat: Fix typo. via a492219 s3 swat: Create random nonce in CGI mode via 0b811f5 s3 swat: Add time component to XSRF token via deb6647 s3 swat: Add XSRF protection to printer page via e4e6195 s3 swat: Add XSRF protection to password page via 9839935 s3 swat: Add XSRF protection to shares page via 6ea5fac s3 swat: Add XSRF protection to globals page via d499c09 s3 swat: Add XSRF protection to wizard page via 4b64b7e s3 swat: Add XSRF protection to wizard_params page via b25d00e s3 swat: Add XSRF protection to viewconfig page via 8af2d4c s3 swat: Add XSRF protection to status page via 69ebd0e s3 swat: Add support for anti-XSRF token via dffaf0e s3 swat: Allow getting the user's HTTP auth password via 05fa09b s3 swat: Fix possible XSS attack (bug #8289) via 315437d WHATSNEW: Update release notes. from d4ae73b WHATSNEW: Start release notes for Samba 3.4.14. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-stable - Log - commit 40787695a1a3200421c9409eef9e520b849ee3a1 Author: Karolin Seeger ksee...@samba.org Date: Sun Jul 24 21:09:38 2011 +0200 s3-swat: Fix typo. Thanks to Simo for reporting! Karolin commit a4922192d9b95e79bb31c54ca820a9b876a1bbe9 Author: Kai Blin k...@samba.org Date: Tue Jul 12 08:08:24 2011 +0200 s3 swat: Create random nonce in CGI mode In CGI mode, we don't get access to the user's password, which would reduce the hash used so far to parameters an attacker can easily guess. To work around this, read the nonce from secrets.tdb or generate one if it's not there. Also populate the C_user field so we can use that for token creation. Signed-off-by: Kai Blin k...@samba.org The last 12 patches address bug #8290 (CSRF vulnerability in SWAT). This addresses CVE-2011-2522 (Cross-Site Request Forgery in SWAT). commit 0b811f5b825637b2ecb0450d24dc6b3425ad05a8 Author: Kai Blin k...@samba.org Date: Sat Jul 9 09:52:07 2011 +0200 s3 swat: Add time component to XSRF token Signed-off-by: Kai Blin k...@samba.org commit deb66470413780c93656294a1dca40f8cc1bada8 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:06:13 2011 +0200 s3 swat: Add XSRF protection to printer page Signed-off-by: Kai Blin k...@samba.org commit e4e6195701d761326ad5f2dbb63aeb71b0dc7971 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:05:38 2011 +0200 s3 swat: Add XSRF protection to password page Signed-off-by: Kai Blin k...@samba.org commit 9839935c29ec0ab522994436e6e89939696409de Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:04:48 2011 +0200 s3 swat: Add XSRF protection to shares page Signed-off-by: Kai Blin k...@samba.org commit 6ea5fac27f2fef35ea12c24250948e00245aacee Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:04:12 2011 +0200 s3 swat: Add XSRF protection to globals page Signed-off-by: Kai Blin k...@samba.org commit d499c09fc7bf6d86e9694bc8dc60b96c80d94c35 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:03:44 2011 +0200 s3 swat: Add XSRF protection to wizard page Signed-off-by: Kai Blin k...@samba.org commit 4b64b7e57d729df996d073415f12c066b89f Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:03:15 2011 +0200 s3 swat: Add XSRF protection to wizard_params page Signed-off-by: Kai Blin k...@samba.org commit b25d00e3c1ff91e7ec5f56ec2ad0d6b3d635d1e3 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:02:53 2011 +0200 s3 swat: Add XSRF protection to viewconfig page Signed-off-by: Kai Blin k...@samba.org commit 8af2d4c60a9bad18ef1b37d4034f11c6008efcfa Author: Kai Blin k...@samba.org Date: Fri Jul 8 12:58:53 2011 +0200 s3 swat: Add XSRF protection to status page Signed-off-by: Kai Blin k...@samba.org commit 69ebd0eee88b1b4b8e29a7620e01c8d9c89b452a Author: Kai Blin k...@samba.org Date: Fri Jul 8 12:57:43 2011 +0200 s3 swat: Add support for anti-XSRF token Signed-off-by: Kai Blin k...@samba.org commit dffaf0ed0bb7f38c23f15b0b128a5eb39a55a813 Author: Kai Blin k...@samba.org Date: Fri Jul 8 12:56:21 2011 +0200 s3 swat: Allow getting the user's HTTP auth password Signed-off-by: Kai Blin k...@samba.org commit 05fa09be5a801baa5d35014e2f54b46c1ff5466b Author: Kai Blin k...@samba.org Date: Thu Jul 7 10:03:33 2011 +0200 s3 swat: Fix possible XSS attack (bug #8289) Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack against SWAT, the Samba Web Administration Tool. The attack uses reflection to insert arbitrary content into the change password page. This patch fixes the reflection issue by not printing user-specified content on the website anymore.
[SCM] Samba Shared Repository - annotated tag samba-3.4.14 created
The annotated tag, samba-3.4.14 has been created at d51830616af8b820e57d92e9c74e4e490a7a3ecc (tag) tagging 40787695a1a3200421c9409eef9e520b849ee3a1 (commit) replaces release-3-4-13 tagged by Karolin Seeger on Sun Jul 24 21:35:19 2011 +0200 - Log - tag samba-3.4.14 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) iD8DBQBOLHQDbzORW2Vot+oRApO5AKC6NFPjNqf/bDg8gW+lUZ+LkLVS4wCglXTl ehImaqBUP8kiBCxZvBC4yJk= =zOYi -END PGP SIGNATURE- --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-stable updated
The branch, v3-3-stable has been updated via f571f36 s3-swat: Fix typo. via 3973cfa s3 swat: Create random nonce in CGI mode via 11e2812 s3 swat: Add time component to XSRF token via 407ae61 s3 swat: Add XSRF protection to printer page via 4850456 s3 swat: Add XSRF protection to password page via ef457a2 s3 swat: Add XSRF protection to shares page via 8fb3064 s3 swat: Add XSRF protection to globals page via eb22fd7 s3 swat: Add XSRF protection to wizard page via 94f8482 s3 swat: Add XSRF protection to wizard_params page via ba996f0 s3 swat: Add XSRF protection to viewconfig page via 3f38cf4 s3 swat: Add XSRF protection to status page via 3806fec s3 swat: Add support for anti-XSRF token via b610e0c s3 swat: Allow getting the user's HTTP auth password via d401cca s3 swat: Fix possible XSS attack (bug #8289) via 5d2d4fb WAHTSNEW: Prepare release notes for 3.3.16. via ad64256 VERSION: Bump version number up to 3.3.16. from 074ad65 WHATSNEW: Prepare 3.3.15 release notes. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-stable - Log - commit f571f362deaa5bfbdb22c3a7d8409bab9b6c8d82 Author: Karolin Seeger ksee...@samba.org Date: Sun Jul 24 21:09:38 2011 +0200 s3-swat: Fix typo. Thanks to Simo for reporting! Karolin commit 3973cfa50024983618a44ffdb9f756b642b85be7 Author: Kai Blin k...@samba.org Date: Tue Jul 12 08:08:24 2011 +0200 s3 swat: Create random nonce in CGI mode In CGI mode, we don't get access to the user's password, which would reduce the hash used so far to parameters an attacker can easily guess. To work around this, read the nonce from secrets.tdb or generate one if it's not there. Also populate the C_user field so we can use that for token creation. Signed-off-by: Kai Blin k...@samba.org The last 12 patches address bug #8290 (CSRF vulnerability in SWAT). This addresses CVE-2011-2522 (Cross-Site Request Forgery in SWAT). commit 11e281228f334bf3d384df5655136f0b4b4068aa Author: Kai Blin k...@samba.org Date: Sat Jul 9 09:52:07 2011 +0200 s3 swat: Add time component to XSRF token Signed-off-by: Kai Blin k...@samba.org commit 407ae61fbfc8ee1643a4db8ea9b104f031b32e0f Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:06:13 2011 +0200 s3 swat: Add XSRF protection to printer page Signed-off-by: Kai Blin k...@samba.org commit 4850456845d2da5e3451716a5ad4ca0ef034e01f Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:05:38 2011 +0200 s3 swat: Add XSRF protection to password page Signed-off-by: Kai Blin k...@samba.org commit ef457a20422cfa8231e25b539d2cd87f299686b9 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:04:48 2011 +0200 s3 swat: Add XSRF protection to shares page Signed-off-by: Kai Blin k...@samba.org commit 8fb3064eeaa3640af6c8b91aa5859d8bfb6d0888 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:04:12 2011 +0200 s3 swat: Add XSRF protection to globals page Signed-off-by: Kai Blin k...@samba.org commit eb22fd73060534700d514ec295985549131c7569 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:03:44 2011 +0200 s3 swat: Add XSRF protection to wizard page Signed-off-by: Kai Blin k...@samba.org commit 94f8482607a175c44436fae456fbda3624629982 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:03:15 2011 +0200 s3 swat: Add XSRF protection to wizard_params page Signed-off-by: Kai Blin k...@samba.org commit ba996f0ae87f6bf4f19a4918e44dbd6d44a96561 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:02:53 2011 +0200 s3 swat: Add XSRF protection to viewconfig page Signed-off-by: Kai Blin k...@samba.org commit 3f38cf42facc38c19e0448cbae3078b9606b08e4 Author: Kai Blin k...@samba.org Date: Fri Jul 8 12:58:53 2011 +0200 s3 swat: Add XSRF protection to status page Signed-off-by: Kai Blin k...@samba.org commit 3806fec53dcf3b6e5c3fd71917f9d67d47c65e32 Author: Kai Blin k...@samba.org Date: Fri Jul 8 12:57:43 2011 +0200 s3 swat: Add support for anti-XSRF token Signed-off-by: Kai Blin k...@samba.org commit b610e0cee563465c6b970647b215f8ae4d0c6599 Author: Kai Blin k...@samba.org Date: Fri Jul 8 12:56:21 2011 +0200 s3 swat: Allow getting the user's HTTP auth password Signed-off-by: Kai Blin k...@samba.org commit d401ccaedaec09ad6900ec24ecaf205bed3e3ac1 Author: Kai Blin k...@samba.org Date: Thu Jul 7 10:03:33 2011 +0200 s3 swat: Fix possible XSS attack (bug #8289) Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack against SWAT, the Samba Web Administration Tool. The attack uses reflection to insert arbitrary content into the change password page. This patch fixes the reflection issue by not
[SCM] Samba Shared Repository - annotated tag samba-3.3.16 created
The annotated tag, samba-3.3.16 has been created at d8cd9736acb1ebcaa558ab87b394eb272174c41c (tag) tagging f571f362deaa5bfbdb22c3a7d8409bab9b6c8d82 (commit) replaces release-3-3-15 tagged by Karolin Seeger on Sun Jul 24 21:10:33 2011 +0200 - Log - tag samba-3.3.16 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) iD8DBQBOLG41bzORW2Vot+oRAgqQAJ9UO+/JxN8CgfBWW19P/MZvcJvZhgCfTXlJ sMxrnp+M3xE64o+FDXvNh5c= =PRb3 -END PGP SIGNATURE- --- -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 5b1c8c8 Announce Samba 3.3.16, 3.4.14 and 3.5.10. from ab39177 List 3.4.13 also. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 5b1c8c852bb41d9483443b03a871c4dbe58bca48 Author: Karolin Seeger ksee...@samba.org Date: Tue Jul 26 19:35:56 2011 +0200 Announce Samba 3.3.16, 3.4.14 and 3.5.10. These are security releases in order to address CVE-2011-2522 and CVE-2011-2694. Karolin --- Summary of changes: generated_news/latest_10_bodies.html| 82 ++- generated_news/latest_10_headlines.html | 12 ++-- generated_news/latest_2_bodies.html | 47 + history/header_history.html |3 + history/samba-3.3.16.html | 52 +++ history/samba-3.4.14.html | 52 +++ history/samba-3.5.10.html | 51 +++ history/security.html | 28 +++ latest_stable_release.html |6 +- security/CVE-2011-2522.html | 79 + security/CVE-2011-2694.html | 73 +++ 11 files changed, 420 insertions(+), 65 deletions(-) create mode 100755 history/samba-3.3.16.html create mode 100755 history/samba-3.4.14.html create mode 100755 history/samba-3.5.10.html create mode 100644 security/CVE-2011-2522.html create mode 100644 security/CVE-2011-2694.html Changeset truncated at 500 lines: diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html index 60e81d6..af5b994 100644 --- a/generated_news/latest_10_bodies.html +++ b/generated_news/latest_10_bodies.html @@ -1,3 +1,51 @@ + h5a name=3.5.1026 July 2011/a/h5 + p class=headlineSamba 3.5.10 Available for Download/p + +pThis is a security release in order to address +a href=http://www.samba.org/samba/security/CVE-2011-2522;CVE-2011-2522/a +(Cross-Site Request Forgery in SWAT) and +a href=http://www.samba.org/samba/security/CVE-2011-2694;CVE-2011-2694/a +(Cross-Site Scripting vulnerability in SWAT)./p + +pThe uncompressed tarballs and patch files have been signed +using GnuPG (ID 6568B7EA). The source code can be +a href=http://samba.org/samba/ftp/stable/samba-3.5.10.tar.gz;downloaded +now/a. See a href=http://samba.org/samba/history/samba-3.5.10.html; +the release notes for more info/a./p + + + h5a name=3.4.1426 July 2011/a/h5 + p class=headlineSamba 3.4.14 Available for Download/p + +pThis is a security release in order to address +a href=http://www.samba.org/samba/security/CVE-2011-2522;CVE-2011-2522/a +(Cross-Site Request Forgery in SWAT) and +a href=http://www.samba.org/samba/security/CVE-2011-2694;CVE-2011-2694/a +(Cross-Site Scripting vulnerability in SWAT)./p + +pThe uncompressed tarballs and patch files have been signed +using GnuPG (ID 6568B7EA). The source code can be +a href=http://samba.org/samba/ftp/stable/samba-3.4.14.tar.gz;downloaded +now/a. See a href=http://samba.org/samba/history/samba-3.4.14.html; +the release notes for more info/a./p + + + h5a name=3.3.1626 July 2011/a/h5 + p class=headlineSamba 3.3.16 Available for Download/p + +pThis is a security release in order to address +a href=http://www.samba.org/samba/security/CVE-2011-2522;CVE-2011-2522/a +(Cross-Site Request Forgery in SWAT) and +a href=http://www.samba.org/samba/security/CVE-2011-2694;CVE-2011-2694/a +(Cross-Site Scripting vulnerability in SWAT)./p + +pThe uncompressed tarballs and patch files have been signed +using GnuPG (ID 6568B7EA). The source code can be +a href=http://samba.org/samba/ftp/stable/samba-3.3.16.tar.gz;downloaded +now/a. See a href=http://samba.org/samba/history/samba-3.3.16.html; +the release notes for more info/a./p + + h5a name=3.5.914 June 2011/a/h5 p class=headlineSamba 3.5.9 Available for Download/p pThis is the latest stable release of the Samba 3.5 series./p @@ -105,37 +153,3 @@ info/a./p using GnuPG (ID 6568B7EA). The source code can be a href=http://samba.org/samba/ftp/stable/samba-3.5.8.tar.gz;downloaded now/a. A a href=http://samba.org/samba/ftp/patches/patch-3.5.7-3.5.8.diffs.gz;patch against Samba 3.5.7/a is also available. See a href=http://samba.org/samba/history/samba-3.5.8.html;the release notes for more info/a./p - - - h5a name=3.5.728 February 2011/a/h5 - p class=headlineSamba 3.5.7 Security Release Available/p - - pThis is a security release to address a href=http://www.samba.org/samba/security/CVE-2011-0719;CVE-2011-0719/a (Denial of service - memory corruption). Patches for all current releases are available on our a href=http://www.samba.org/samba/security/;security page/a./p - -pThe uncompressed tarballs and patch files have been
[SCM] Samba Shared Repository - branch v3-4-stable updated
The branch, v3-4-stable has been updated via 999514b WHATSNEW: Start release notes for 3.4.15. via eff1c77 VERSION: Bump version up to 3.4.15. from 4078769 s3-swat: Fix typo. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-stable - Log - commit 999514b140c5f85497109da558d5e8630d59b57e Author: Karolin Seeger ksee...@samba.org Date: Tue Jul 26 20:35:15 2011 +0200 WHATSNEW: Start release notes for 3.4.15. Karolin commit eff1c775066938267c44ab0bd25de99363c1d569 Author: Karolin Seeger ksee...@samba.org Date: Tue Jul 26 20:32:21 2011 +0200 VERSION: Bump version up to 3.4.15. Karolin --- Summary of changes: WHATSNEW.txt| 45 +++-- source3/VERSION |2 +- 2 files changed, 44 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index b18c902..890d002 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,45 @@ == + Release Notes for Samba 3.4.15 + , 2011 + == + + +This is the latest stable release of Samba 3.4. + +Major enhancements in Samba 3.4.15 include: + + +Changes since 3.4.14 + + + +o + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.4 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older versions follow: + + + == Release Notes for Samba 3.4.14 July 26, 2011 == @@ -53,8 +94,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older versions follow: - +-- + == Release Notes for Samba 3.4.13 diff --git a/source3/VERSION b/source3/VERSION index 5770e04..f678b11 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=4 -SAMBA_VERSION_RELEASE=14 +SAMBA_VERSION_RELEASE=15 # Bug fix releases use a letter for the patch revision # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-stable updated
The branch, v3-5-stable has been updated via 6ab1dc2 WHATSNEW: Start release notes for 3.5.11. via b6678d3 VERSION: Bump version up to 3.5.11. from 9f73c19 s3-swat: Fix typo. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-stable - Log - commit 6ab1dc24d77a58d4c37cb816ce04762c1df7521c Author: Karolin Seeger ksee...@samba.org Date: Tue Jul 26 20:39:28 2011 +0200 WHATSNEW: Start release notes for 3.5.11. Karolin commit b6678d3dbcba6a2ee4961d2565477d362035e1b3 Author: Karolin Seeger ksee...@samba.org Date: Tue Jul 26 20:36:37 2011 +0200 VERSION: Bump version up to 3.5.11. Karolin --- Summary of changes: WHATSNEW.txt| 47 +-- source3/VERSION |2 +- 2 files changed, 46 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 2f75a9a..6a5db3b 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,47 @@ == + Release Notes for Samba 3.5.11 + , 2011 + == + + +This is the latest stable release of Samba 3.5. + +Major enhancements in Samba 3.5.11 include: + +o + + +Changes since 3.5.10: + + + +o + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 3.5.10 July 26, 2011 == @@ -53,8 +96,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- + = Release Notes for Samba 3.5.9 diff --git a/source3/VERSION b/source3/VERSION index b6c1cd1..3558afc 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=5 -SAMBA_VERSION_RELEASE=10 +SAMBA_VERSION_RELEASE=11 # Bug fix releases use a letter for the patch revision # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 7b8ba88 WHATSNEW: Start release notes for 3.5.11. via e95cb39 VERSION: Bump version up to 3.5.11. via bcb052c s3-swat: Fix typo. via 4cfe6ad s3 swat: Create random nonce in CGI mode via f537824 s3 swat: Add time component to XSRF token via 04c8584 s3 swat: Add XSRF protection to printer page via 805fa37 s3 swat: Add XSRF protection to password page via 623e86e s3 swat: Add XSRF protection to shares page via 75fc7f7 s3 swat: Add XSRF protection to globals page via 1252b96 s3 swat: Add XSRF protection to wizard page via 4afa481 s3 swat: Add XSRF protection to wizard_params page via 89a08cc s3 swat: Add XSRF protection to viewconfig page via 934015e s3 swat: Add XSRF protection to status page via c3d9c41 s3 swat: Add support for anti-XSRF token via 48c59a1 s3 swat: Allow getting the user's HTTP auth password via 4d3b2db s3 swat: Fix possible XSS attack (bug #8289) from 70e9d82 WHATSNEW: Add changes since 3.5.9. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 7b8ba88234333176067220a2c2bae63d3a385b40 Author: Karolin Seeger ksee...@samba.org Date: Tue Jul 26 20:39:28 2011 +0200 WHATSNEW: Start release notes for 3.5.11. Karolin (cherry picked from commit 6ab1dc24d77a58d4c37cb816ce04762c1df7521c) commit e95cb39141f6ae87a300765c215bd3e2a7b15b06 Author: Karolin Seeger ksee...@samba.org Date: Tue Jul 26 20:36:37 2011 +0200 VERSION: Bump version up to 3.5.11. Karolin (cherry picked from commit b6678d3dbcba6a2ee4961d2565477d362035e1b3) commit bcb052c29212954a3ed10c9f095c51e4e0a96af5 Author: Karolin Seeger ksee...@samba.org Date: Sun Jul 24 21:09:38 2011 +0200 s3-swat: Fix typo. Thanks to Simo for reporting! Karolin (cherry picked from commit 9f73c1990a19daa899fa5345530a867e69a5be94) commit 4cfe6adbc421262f1e55cfba159bc2d2260a9a99 Author: Kai Blin k...@samba.org Date: Tue Jul 12 08:08:24 2011 +0200 s3 swat: Create random nonce in CGI mode In CGI mode, we don't get access to the user's password, which would reduce the hash used so far to parameters an attacker can easily guess. To work around this, read the nonce from secrets.tdb or generate one if it's not there. Also populate the C_user field so we can use that for token creation. Signed-off-by: Kai Blin k...@samba.org The last 12 patches address bug #8290 (CSRF vulnerability in SWAT). This addresses CVE-2011-2522 (Cross-Site Request Forgery in SWAT). (cherry picked from commit 0e17d8ef7e4004a0d35011c322b93b6da5811951) commit f5378245192735bd0a53c0721f279a8d88d9488b Author: Kai Blin k...@samba.org Date: Sat Jul 9 09:52:07 2011 +0200 s3 swat: Add time component to XSRF token Signed-off-by: Kai Blin k...@samba.org (cherry picked from commit 227921871146563c1d57f9a8faa3b8354058740c) commit 04c85840b5bba5cc9c35acb7931e08aa3a1270df Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:06:13 2011 +0200 s3 swat: Add XSRF protection to printer page Signed-off-by: Kai Blin k...@samba.org (cherry picked from commit c287fe37acc8d8cd64ffc5227498f5950df64c2b) commit 805fa37fc261efcd956c57715120fba3763b1811 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:05:38 2011 +0200 s3 swat: Add XSRF protection to password page Signed-off-by: Kai Blin k...@samba.org (cherry picked from commit 01dec3486857243151a63c8f877a4258d5864869) commit 623e86ee23bd133e8193fad31c4a001e6cefcfe6 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:04:48 2011 +0200 s3 swat: Add XSRF protection to shares page Signed-off-by: Kai Blin k...@samba.org (cherry picked from commit ecf5f0e613ca7f908cc961e406033bcc842b097a) commit 75fc7f727d713fa2f5a1915c03c152a029d034f6 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:04:12 2011 +0200 s3 swat: Add XSRF protection to globals page Signed-off-by: Kai Blin k...@samba.org (cherry picked from commit 9482f46dd0e961145345bd2cdbb01fa35ec9f048) commit 1252b9691414623851ad94d2c21875edfd64e210 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:03:44 2011 +0200 s3 swat: Add XSRF protection to wizard page Signed-off-by: Kai Blin k...@samba.org (cherry picked from commit 02a58bf633f7cd0cb04747d09a8b0a720b5b39b5) commit 4afa481d0821d4e90b65e947739e790f283c8dc6 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:03:15 2011 +0200 s3 swat: Add XSRF protection to wizard_params page Signed-off-by: Kai Blin k...@samba.org (cherry picked from commit 19a697f189156fed86d9d78e8bb6667e764075af) commit 89a08cc6658d37cb2e447d52c9683257b189b822 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:02:53 2011 +0200 s3 swat: Add XSRF protection to
[SCM] Samba Shared Repository - branch v3-4-test updated
The branch, v3-4-test has been updated via 6165a76 WHATSNEW: Start release notes for 3.4.15. via 93e3c3c VERSION: Bump version up to 3.4.15. via 5041779 s3-swat: Fix typo. via 57501db s3 swat: Create random nonce in CGI mode via 3136459 s3 swat: Add time component to XSRF token via e4fe62f s3 swat: Add XSRF protection to printer page via 78bee10 s3 swat: Add XSRF protection to password page via 68c94f8 s3 swat: Add XSRF protection to shares page via ac070b0 s3 swat: Add XSRF protection to globals page via b7af3ce s3 swat: Add XSRF protection to wizard page via b8b08f7 s3 swat: Add XSRF protection to wizard_params page via 4c5f175 s3 swat: Add XSRF protection to viewconfig page via 4649eea s3 swat: Add XSRF protection to status page via 387ab46 s3 swat: Add support for anti-XSRF token via 2c46845 s3 swat: Allow getting the user's HTTP auth password via de91a83 s3 swat: Fix possible XSS attack (bug #8289) from 11b4dec s3:nmbd_packets: return the used number of sockets in create_listen_fdset() (bug #8276) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit 6165a7684320b83089b4cbdbd41b9f8dd43e2a45 Author: Karolin Seeger ksee...@samba.org Date: Tue Jul 26 20:35:15 2011 +0200 WHATSNEW: Start release notes for 3.4.15. Karolin (cherry picked from commit 999514b140c5f85497109da558d5e8630d59b57e) commit 93e3c3ce0985f40ff68d6a44ddfa314515760b3f Author: Karolin Seeger ksee...@samba.org Date: Tue Jul 26 20:32:21 2011 +0200 VERSION: Bump version up to 3.4.15. Karolin (cherry picked from commit eff1c775066938267c44ab0bd25de99363c1d569) commit 5041779ab2a504ded448df5c80aafcd76625baa4 Author: Karolin Seeger ksee...@samba.org Date: Sun Jul 24 21:09:38 2011 +0200 s3-swat: Fix typo. Thanks to Simo for reporting! Karolin (cherry picked from commit 40787695a1a3200421c9409eef9e520b849ee3a1) commit 57501dbfe425d53c0b20ce5a1c140e2d408cbc4c Author: Kai Blin k...@samba.org Date: Tue Jul 12 08:08:24 2011 +0200 s3 swat: Create random nonce in CGI mode In CGI mode, we don't get access to the user's password, which would reduce the hash used so far to parameters an attacker can easily guess. To work around this, read the nonce from secrets.tdb or generate one if it's not there. Also populate the C_user field so we can use that for token creation. Signed-off-by: Kai Blin k...@samba.org The last 12 patches address bug #8290 (CSRF vulnerability in SWAT). This addresses CVE-2011-2522 (Cross-Site Request Forgery in SWAT). (cherry picked from commit a4922192d9b95e79bb31c54ca820a9b876a1bbe9) commit 31364595d493d2795dd6b0b5c162c8d911d35e21 Author: Kai Blin k...@samba.org Date: Sat Jul 9 09:52:07 2011 +0200 s3 swat: Add time component to XSRF token Signed-off-by: Kai Blin k...@samba.org (cherry picked from commit 0b811f5b825637b2ecb0450d24dc6b3425ad05a8) commit e4fe62ff8d558f3f2bfe22fd880f76e69162e2f8 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:06:13 2011 +0200 s3 swat: Add XSRF protection to printer page Signed-off-by: Kai Blin k...@samba.org (cherry picked from commit deb66470413780c93656294a1dca40f8cc1bada8) commit 78bee109191146c10bb0fd751dfa845d4796668d Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:05:38 2011 +0200 s3 swat: Add XSRF protection to password page Signed-off-by: Kai Blin k...@samba.org (cherry picked from commit e4e6195701d761326ad5f2dbb63aeb71b0dc7971) commit 68c94f82a5f0be5e7efe0bc12a3d7fd8b8174cd8 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:04:48 2011 +0200 s3 swat: Add XSRF protection to shares page Signed-off-by: Kai Blin k...@samba.org (cherry picked from commit 9839935c29ec0ab522994436e6e89939696409de) commit ac070b0e400bfe74c77331308e10db6da4e53ab9 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:04:12 2011 +0200 s3 swat: Add XSRF protection to globals page Signed-off-by: Kai Blin k...@samba.org (cherry picked from commit 6ea5fac27f2fef35ea12c24250948e00245aacee) commit b7af3ce33f4d640d83e3afbe3da487b6782df976 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:03:44 2011 +0200 s3 swat: Add XSRF protection to wizard page Signed-off-by: Kai Blin k...@samba.org (cherry picked from commit d499c09fc7bf6d86e9694bc8dc60b96c80d94c35) commit b8b08f7083a469a75ac21be52d637f453e652825 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:03:15 2011 +0200 s3 swat: Add XSRF protection to wizard_params page Signed-off-by: Kai Blin k...@samba.org (cherry picked from commit 4b64b7e57d729df996d073415f12c066b89f) commit 4c5f175064bcbb8c404cba90f9f08f623275c6de Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:02:53
[SCM] Samba Shared Repository - branch v3-3-stable updated
The branch, v3-3-stable has been updated via 0fb8c85 WHATSNEW: Start release notes for 3.3.17. via a646b2e VERSION: Bump version number up to 3.6.17. from f571f36 s3-swat: Fix typo. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-stable - Log - commit 0fb8c85001ee0657be20aae81716d9c309420652 Author: Karolin Seeger ksee...@samba.org Date: Tue Jul 26 20:51:52 2011 +0200 WHATSNEW: Start release notes for 3.3.17. Karolin commit a646b2e5ad0e19f8506bff3ff8b0ce2e3bcbf061 Author: Karolin Seeger ksee...@samba.org Date: Tue Jul 26 20:49:58 2011 +0200 VERSION: Bump version number up to 3.6.17. Karolin --- Summary of changes: WHATSNEW.txt | 42 -- source/VERSION |2 +- 2 files changed, 41 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 140f22a..6c42542 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,42 @@ == + Release Notes for Samba 3.3.17 + , 2011 + == + + +This is a security release in order to address + + +Changes since 3.3.16 + + + +o + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.3 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 3.3.16 July 26, 2011 == @@ -53,8 +91,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- + == Release Notes for Samba 3.3.15 diff --git a/source/VERSION b/source/VERSION index 29371ae..d95d74b 100644 --- a/source/VERSION +++ b/source/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=3 -SAMBA_VERSION_RELEASE=16 +SAMBA_VERSION_RELEASE=17 # Bug fix releases use a letter for the patch revision # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 589bc35 s3 swat: Create random nonce in CGI mode via fb0d393 s3 swat: Add time component to XSRF token via 3b13840 s3 swat: Add XSRF protection to printer page via 395503b s3 swat: Add XSRF protection to password page via 869590c s3 swat: Add XSRF protection to shares page via dc3aa10 s3 swat: Add XSRF protection to globals page via e33970f s3 swat: Add XSRF protection to wizard page via a887d84 s3 swat: Add XSRF protection to wizard_params page via bb9bb43 s3 swat: Add XSRF protection to viewconfig page via d240094 s3 swat: Add XSRF protection to status page via 5e32110 s3 swat: Add support for anti-XSRF token via 4592956 s3 swat: Allow getting the user's HTTP auth password via 43cf676 s3-swat: Fix typo. via d88744f s3 swat: Fix possible XSS attack (bug #8289) from d7242cb release-scripts/create-tarball: always create a tag in form of samba-${version} http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 589bc35590aebfdd20fe786c08005bb43ef47d94 Author: Kai Blin k...@samba.org Date: Tue Jul 12 08:08:24 2011 +0200 s3 swat: Create random nonce in CGI mode In CGI mode, we don't get access to the user's password, which would reduce the hash used so far to parameters an attacker can easily guess. To work around this, read the nonce from secrets.tdb or generate one if it's not there. Also populate the C_user field so we can use that for token creation. Signed-off-by: Kai Blin k...@samba.org commit fb0d393a1972c28ecd6e49959c8c5b7900e1b574 Author: Kai Blin k...@samba.org Date: Sat Jul 9 09:52:07 2011 +0200 s3 swat: Add time component to XSRF token Signed-off-by: Kai Blin k...@samba.org commit 3b138403ea157f1c6b8dfc40016f293831765948 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:06:13 2011 +0200 s3 swat: Add XSRF protection to printer page Signed-off-by: Kai Blin k...@samba.org commit 395503b9f51445d9ca493c2fc7e6022ee75cb743 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:05:38 2011 +0200 s3 swat: Add XSRF protection to password page Signed-off-by: Kai Blin k...@samba.org commit 869590cc3a0c09e11f77277af1d3b7334b718ce0 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:04:48 2011 +0200 s3 swat: Add XSRF protection to shares page Signed-off-by: Kai Blin k...@samba.org commit dc3aa10bbc5936aebab88db2ea34b46648839745 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:04:12 2011 +0200 s3 swat: Add XSRF protection to globals page Signed-off-by: Kai Blin k...@samba.org commit e33970f1c60451a063bb2eeb64f9515c64722508 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:03:44 2011 +0200 s3 swat: Add XSRF protection to wizard page Signed-off-by: Kai Blin k...@samba.org commit a887d8446bc74b255682a4047cb5616fe236bcaf Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:03:15 2011 +0200 s3 swat: Add XSRF protection to wizard_params page Signed-off-by: Kai Blin k...@samba.org commit bb9bb437fc3685879f5b34c444d58c4a564f148d Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:02:53 2011 +0200 s3 swat: Add XSRF protection to viewconfig page Signed-off-by: Kai Blin k...@samba.org commit d240094fbe7b581a6c97f506fa17747e21180598 Author: Kai Blin k...@samba.org Date: Fri Jul 8 12:58:53 2011 +0200 s3 swat: Add XSRF protection to status page Signed-off-by: Kai Blin k...@samba.org commit 5e32110742a310aff6946acd34b0dca3a3fc8130 Author: Kai Blin k...@samba.org Date: Fri Jul 8 12:57:43 2011 +0200 s3 swat: Add support for anti-XSRF token Signed-off-by: Kai Blin k...@samba.org commit 4592956a35d700aaf4ec2be7fc183f42fbe14fba Author: Kai Blin k...@samba.org Date: Fri Jul 8 12:56:21 2011 +0200 s3 swat: Allow getting the user's HTTP auth password Signed-off-by: Kai Blin k...@samba.org commit 43cf67654ebcfd3f0a8298af7f6cf15cd5f2d981 Author: Karolin Seeger ksee...@samba.org Date: Sun Jul 24 21:09:38 2011 +0200 s3-swat: Fix typo. Thanks to Simo for reporting! Karolin (cherry picked from commit 9f73c1990a19daa899fa5345530a867e69a5be94) (cherry picked from commit bcb052c29212954a3ed10c9f095c51e4e0a96af5) commit d88744f460a2a65d4e0cfb6c944f90f09e15d3b4 Author: Kai Blin k...@samba.org Date: Thu Jul 7 10:03:33 2011 +0200 s3 swat: Fix possible XSS attack (bug #8289) Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack against SWAT, the Samba Web Administration Tool. The attack uses reflection to insert arbitrary content into the change password page. This patch fixes the reflection issue by not printing user-specified content on the website anymore. Signed-off-by: Kai
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via e173f04 Fix bug 8314] - smbd crash with unknown user. from 589bc35 s3 swat: Create random nonce in CGI mode http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit e173f04a822944e96171866d9fbf43301cd611a4 Author: Jeremy Allison j...@samba.org Date: Fri Jul 22 16:42:51 2011 -0700 Fix bug 8314] - smbd crash with unknown user. All other auth modules code with being called with auth_method-private_data being NULL, make the auth_server module cope with this too. --- Summary of changes: source3/auth/auth_server.c | 15 +++ 1 files changed, 11 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 1dfa646..fdd7671 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -277,16 +277,23 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context const struct auth_usersupplied_info *user_info, struct auth_serversupplied_info **server_info) { - struct server_security_state *state = talloc_get_type_abort( - my_private_data, struct server_security_state); - struct cli_state *cli; + struct server_security_state *state = NULL; + struct cli_state *cli = NULL; static bool tested_password_server = False; static bool bad_password_server = False; NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; bool locally_made_cli = False; - DEBUG(10, (Check auth for: [%s]\n, user_info-mapped.account_name)); + DEBUG(10, (check_smbserver_security: Check auth for: [%s]\n, + user_info-mapped.account_name)); + + if (my_private_data == NULL) { + DEBUG(10,(check_smbserver_security: + password server is not connected\n)); + return NT_STATUS_LOGON_FAILURE; + } + state = talloc_get_type_abort(my_private_data, struct server_security_state); cli = state-cli; if (cli) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 7738d8b s3:utils/net_afs fix compiler warnings via 8a14ccb s3:lib/afs fix the build with --with-vfs-afsacl via caa4226 s3:lib/afs fix the build with --with-fake-kaserver from e173f04 Fix bug 8314] - smbd crash with unknown user. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 7738d8b89bcf2b43d65f1bf4599a688cb4143768 Author: Christian Ambach a...@samba.org Date: Fri Jul 15 15:44:36 2011 +0200 s3:utils/net_afs fix compiler warnings this also fixes the usage displays of net afs commit 8a14ccb99388e31b366fc84060186be1ea708d75 Author: Christian Ambach a...@samba.org Date: Fri Jul 15 15:54:25 2011 +0200 s3:lib/afs fix the build with --with-vfs-afsacl This fixes the second piece of Bug #8263 commit caa4226c315a70138016cf8fae13ce3f050057e7 Author: Christian Ambach a...@samba.org Date: Fri Jul 15 15:27:07 2011 +0200 s3:lib/afs fix the build with --with-fake-kaserver This fixes one piece of Bug #8263 --- Summary of changes: source3/lib/afs.c| 12 +--- source3/lib/afs_settoken.c |2 ++ source3/modules/vfs_afsacl.c |4 source3/utils/net_afs.c |7 +-- 4 files changed, 20 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/afs.c b/source3/lib/afs.c index d73e9df..4e0fa6f 100644 --- a/source3/lib/afs.c +++ b/source3/lib/afs.c @@ -23,6 +23,11 @@ #define NO_ASN1_TYPEDEFS 1 +#include secrets.h +#include passdb.h +#include auth.h +#include ../librpc/gen_ndr/ndr_netlogon.h + #include afs/param.h #include afs/stds.h #include afs/afs.h @@ -231,16 +236,17 @@ bool afs_login(connection_struct *conn) } afs_username = talloc_sub_advanced(ctx, - SNUM(conn), conn-session_info-unix_name, + lp_servicename(SNUM(conn)), + conn-session_info-unix_name, conn-connectpath, conn-session_info-utok.gid, conn-session_info-sanitized_username, - pdb_get_domain(conn-session_info-sam_account), + conn-session_info-info3-base.domain.string, afs_username); if (!afs_username) { return false; } - user_sid = conn-session_info-security_token-user_sids[0]; + user_sid = conn-session_info-security_token-sids[0]; afs_username = talloc_string_sub(talloc_tos(), afs_username, %s, diff --git a/source3/lib/afs_settoken.c b/source3/lib/afs_settoken.c index 80eed13..149fc66 100644 --- a/source3/lib/afs_settoken.c +++ b/source3/lib/afs_settoken.c @@ -23,6 +23,8 @@ #define NO_ASN1_TYPEDEFS 1 +#include system/filesys.h + #include afs/param.h #include afs/stds.h #include afs/afs.h diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c index 06ce6f5..ec91360 100644 --- a/source3/modules/vfs_afsacl.c +++ b/source3/modules/vfs_afsacl.c @@ -20,6 +20,10 @@ #include includes.h #include system/filesys.h #include smbd/smbd.h +#include ../librpc/gen_ndr/lsa.h +#include ../libcli/security/security.h +#include ../libcli/security/dom_sid.h +#include passdb.h #undef DBGC_CLASS #define DBGC_CLASS DBGC_VFS diff --git a/source3/utils/net_afs.c b/source3/utils/net_afs.c index f6b2b2d..786627d 100644 --- a/source3/utils/net_afs.c +++ b/source3/utils/net_afs.c @@ -19,6 +19,8 @@ #include includes.h #include utils/net.h +#include secrets.h +#include system/filesys.h int net_afs_usage(struct net_context *c, int argc, const char **argv) { @@ -35,7 +37,7 @@ int net_afs_key(struct net_context *c, int argc, const char **argv) struct afs_keyfile keyfile; if (argc != 2) { - d_printf(_(Usage:), net afs key keyfile cell\n); + d_printf(%s net afs key keyfile cell\n, _(Usage:)); return -1; } @@ -70,7 +72,8 @@ int net_afs_impersonate(struct net_context *c, int argc, char *token; if (argc != 2) { - fprintf(stderr, _(Usage:), net afs impersonate user cell\n); + d_fprintf(stderr, %s net afs impersonate user cell\n, + _(Usage:)); exit(1); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 1a045c4 WHATSNEW: Update changes since rc2. from 7738d8b s3:utils/net_afs fix compiler warnings http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 1a045c461ec74001596e9ccf8a676328216e547f Author: Karolin Seeger ksee...@samba.org Date: Tue Jul 26 22:06:04 2011 +0200 WHATSNEW: Update changes since rc2. Karolin --- Summary of changes: WHATSNEW.txt | 10 ++ 1 files changed, 10 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 6fa673a..ec5d863 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -271,11 +271,16 @@ o Jeremy Allison j...@samba.org * BUG 8254: Fix acl check permissions = no. * BUG 8293: Fix log file rotating in SMB2. * BUG 8304: Fix uninitialized variable in error path. +* BUG 8307: brl_close_fnum does not call SMB_VFS_BRL_UNLOCK_WINDOWS on all + locks. +* BUG 8310: toupper_ascii() is broken on big-endian systems. +* BUG 8314: Fix smbd crash with unknown user. o Christian Ambach a...@samba.org * BUG 8231: Fix crash bug in 'net cache get'. * BUG 8244: Fix copying files larger than 2 GB to a Samba share. +* BUG 8263: Fix build with --with-fake-kaserver or --with-vfs-afsacl. * BUG 8278: Fix smbd panic when CTDB is unhealthy. * BUG 8286: Fix smbd crash on premature end of smb2 conn. @@ -290,6 +295,11 @@ o Gregor Beck gb...@sernet.de * BUG 8253: Fix Winbind panic if verify_idpool() fails. +o Kai Blin k...@samba.org +* BUG 8289: Fix possible XSS attack (CVE-2011-2694). +* BUG 8290: Fix Cross-Site Request Forgery in SWAT (CVE-2011-2522). + + o Günther Deschner g...@samba.org * BUG 7888: Deal with buggy 3.0 based PDCs. * BUG 8214: Fix smbd crash on printer driver upgrade. -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag samba-3.6.0rc3 created
The annotated tag, samba-3.6.0rc3 has been created at 06689cd68715313f5da8affebc828b660b34d5ea (tag) tagging 64a03c4212f21e674da7bc4256ba097c6e1c69fa (commit) replaces release-3-6-0rc2 tagged by Karolin Seeger on Tue Jul 26 22:19:29 2011 +0200 - Log - tag samba-3.6.0rc3 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) iD8DBQBOLyFabzORW2Vot+oRAl2mAJ4vkV5gEMVQO/a3jD6ak25Oj+Iq2ACeNUur cSoWPiKYKRPenHbLciYAHko= =h0LY -END PGP SIGNATURE- --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 78b54e9 talloc: Support PYTHON environment variable. from 3ce1894 s3-build: Only define ldb3 when not in standalone build. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 78b54e9ee1d9fa7d3117a0a82db11da3f9ec8223 Author: Jelmer Vernooij jel...@samba.org Date: Tue Jul 26 21:07:20 2011 +0200 talloc: Support PYTHON environment variable. Autobuild-User: Jelmer Vernooij jel...@samba.org Autobuild-Date: Tue Jul 26 22:21:30 CEST 2011 on sn-devel-104 --- Summary of changes: lib/talloc/wscript |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/talloc/wscript b/lib/talloc/wscript index c96c69c..51a06ac 100644 --- a/lib/talloc/wscript +++ b/lib/talloc/wscript @@ -57,6 +57,7 @@ def configure(conf): if not conf.env.disable_python: # also disable if we don't have the python libs installed +conf.find_program('python', var='PYTHON') conf.check_tool('python') conf.check_python_version((2,4,2)) conf.SAMBA_CHECK_PYTHON_HEADERS(mandatory=False) -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 7dad6aa Announce Samba 3.6.0rc3. from 5b1c8c8 Announce Samba 3.3.16, 3.4.14 and 3.5.10. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 7dad6aaa27e283a99a77ddc9b2afbfd91876832d Author: Karolin Seeger ksee...@samba.org Date: Tue Jul 26 22:33:14 2011 +0200 Announce Samba 3.6.0rc3. Karolin --- Summary of changes: generated_news/latest_10_bodies.html| 30 +--- generated_news/latest_10_headlines.html |4 +- generated_news/latest_2_bodies.html | 38 ++- 3 files changed, 45 insertions(+), 27 deletions(-) Changeset truncated at 500 lines: diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html index af5b994..a951037 100644 --- a/generated_news/latest_10_bodies.html +++ b/generated_news/latest_10_bodies.html @@ -1,3 +1,24 @@ + h5a name=3.6.0rc326 July 2011/a/h5 + p class=headlineSamba 3.6.0rc3 Available for Download/p + pSamba 3.6.0rc3 is available for download. This is the +third release candidate of the next upgrade production release version of Samba +3.6.0. It is intended for btesting purposes only/b. Please test and +a href=https://bugzilla.samba.org/;report any bugs that you +find/a. Please read the changes in the +a href=http://samba.org/samba/ftp/rc/WHATSNEW-3-6-0rc3.txt;Release Notes/a +for details on new features and difference in behavior from +previous releases./p + +pThe a href=http://samba.org/samba/ftp/rc/samba-3.6.0rc3.tar.gz;Samba +3.6.0rc3 source code/a can be downloaded now. The a +href=http://samba.org/samba/ftp/rc/samba-3.6.0rc3.tar.asc;GnuPG +signature is for the emun/emcompressed tarball/a. +Precompiled packages will +be made available on a volunteer basis and can be found in the +a href=http://samba.org/samba/ftp/Binary_Packages/;Binary_Packages download +area/a./p + + h5a name=3.5.1026 July 2011/a/h5 p class=headlineSamba 3.5.10 Available for Download/p @@ -144,12 +165,3 @@ info/a./p Precompiled packages will be made available on a volunteer basis and can be found in the a href=http://samba.org/samba/ftp/Binary_Packages/;Binary_Packages download area/a./p - - h5a name=3.5.87 March 2011/a/h5 - p class=headlineSamba 3.5.8 Available for Download/p - pThis is the latest stable release of the Samba 3.5 series./p - -pThe uncompressed tarballs and patch files have been signed -using GnuPG (ID 6568B7EA). The source code can be -a href=http://samba.org/samba/ftp/stable/samba-3.5.8.tar.gz;downloaded -now/a. A a href=http://samba.org/samba/ftp/patches/patch-3.5.7-3.5.8.diffs.gz;patch against Samba 3.5.7/a is also available. See a href=http://samba.org/samba/history/samba-3.5.8.html;the release notes for more info/a./p diff --git a/generated_news/latest_10_headlines.html b/generated_news/latest_10_headlines.html index e060f9c..bb56c4f 100644 --- a/generated_news/latest_10_headlines.html +++ b/generated_news/latest_10_headlines.html @@ -1,4 +1,6 @@ ul + li 26 July 2011 a href=#3.6.0rc3Samba 3.6.0rc3 Available for Download/a/li + li 26 July 2011 a href=#3.5.10Samba 3.5.10 Available for Download/a/li li 26 July 2011 a href=#3.4.14Samba 3.4.14 Available for Download/a/li @@ -16,6 +18,4 @@ li 21 April 2011 a href=#3.4.13Samba 3.4.13 Available for Download/a/li li 12 April 2011 a href=#3.6.0pre2Samba 3.6.0pre2 Available for Download/a/li - - li 7 March 2011 a href=#3.5.8Samba 3.5.8 Available for Download/a/li /ul diff --git a/generated_news/latest_2_bodies.html b/generated_news/latest_2_bodies.html index 4e74e54..7378a9c 100644 --- a/generated_news/latest_2_bodies.html +++ b/generated_news/latest_2_bodies.html @@ -1,21 +1,27 @@ - h5a name=3.5.1026 July 2011/a/h5 - p class=headlineSamba 3.5.10 Available for Download/p + h5a name=3.6.0rc326 July 2011/a/h5 + p class=headlineSamba 3.6.0rc3 Available for Download/p + pSamba 3.6.0rc3 is available for download. This is the +third release candidate of the next upgrade production release version of Samba +3.6.0. It is intended for btesting purposes only/b. Please test and +a href=https://bugzilla.samba.org/;report any bugs that you +find/a. Please read the changes in the +a href=http://samba.org/samba/ftp/rc/WHATSNEW-3-6-0rc3.txt;Release Notes/a +for details on new features and difference in behavior from +previous releases./p -pThis is a security release in order to address -a href=http://www.samba.org/samba/security/CVE-2011-2522;CVE-2011-2522/a -(Cross-Site Request Forgery in SWAT) and -a href=http://www.samba.org/samba/security/CVE-2011-2694;CVE-2011-2694/a -(Cross-Site Scripting vulnerability in SWAT)./p +pThe a
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 5f9bc14 WHATSNEW: Start release notes for 3.6.0. via ef152f6 VERSION: Bump version up to 3.6.0. from 1a045c4 WHATSNEW: Update changes since rc2. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 5f9bc1433738002acd9a93946955494908af9c05 Author: Karolin Seeger ksee...@samba.org Date: Tue Jul 26 22:40:15 2011 +0200 WHATSNEW: Start release notes for 3.6.0. Karolin commit ef152f60c2be5b51c042979ad29596309059af1d Author: Karolin Seeger ksee...@samba.org Date: Tue Jul 26 22:38:09 2011 +0200 VERSION: Bump version up to 3.6.0. Karolin --- Summary of changes: WHATSNEW.txt| 18 +- source3/VERSION |2 +- 2 files changed, 10 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index ec5d863..6aa0daf 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,14 +1,10 @@ - - Release Notes for Samba 3.6.0rc3 -July , 2011 - + = + Release Notes for Samba 3.6.0 + , 2011 + = -This is the third release candidate of Samba 3.6.0. This is *not* -intended for production environments and is designed for testing -purposes only. Please report any defects via the Samba bug reporting -system at https://bugzilla.samba.org/. - +This is the first release of Samba 3.6.0. Major enhancements in Samba 3.6.0 include: @@ -253,6 +249,10 @@ o Andreas Schneider a...@samba.org * Add an Endpoint Mapper daemon. +Changes since 3.6.0rc3 +-- + + Changes since 3.6.0rc2 -- diff --git a/source3/VERSION b/source3/VERSION index c8cfdbc..8946805 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -56,7 +56,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # - 3.0.0rc1 # -SAMBA_VERSION_RC_RELEASE=3 +SAMBA_VERSION_RC_RELEASE= # To mark SVN snapshots this should be set to 'yes'# -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-stable updated
The branch, v3-6-stable has been updated via e4428a5 WHATSNEW: Start release notes for 3.6.0. via 61ea6fe VERSION: Bump version up to 3.6.0. from 64a03c4 WHATSNEW: Update changes since rc2. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-stable - Log - commit e4428a50959cde0d199b6da7082e47b9e914c955 Author: Karolin Seeger ksee...@samba.org Date: Tue Jul 26 22:40:15 2011 +0200 WHATSNEW: Start release notes for 3.6.0. Karolin (cherry picked from commit 5f9bc1433738002acd9a93946955494908af9c05) commit 61ea6fe16653d9e2b0fe09fecbe63ff79e74ae47 Author: Karolin Seeger ksee...@samba.org Date: Tue Jul 26 22:38:09 2011 +0200 VERSION: Bump version up to 3.6.0. Karolin (cherry picked from commit ef152f60c2be5b51c042979ad29596309059af1d) --- Summary of changes: WHATSNEW.txt| 18 +- source3/VERSION |2 +- 2 files changed, 10 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index ec5d863..6aa0daf 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,14 +1,10 @@ - - Release Notes for Samba 3.6.0rc3 -July , 2011 - + = + Release Notes for Samba 3.6.0 + , 2011 + = -This is the third release candidate of Samba 3.6.0. This is *not* -intended for production environments and is designed for testing -purposes only. Please report any defects via the Samba bug reporting -system at https://bugzilla.samba.org/. - +This is the first release of Samba 3.6.0. Major enhancements in Samba 3.6.0 include: @@ -253,6 +249,10 @@ o Andreas Schneider a...@samba.org * Add an Endpoint Mapper daemon. +Changes since 3.6.0rc3 +-- + + Changes since 3.6.0rc2 -- diff --git a/source3/VERSION b/source3/VERSION index b5fe1e9..504743b 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -56,7 +56,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # - 3.0.0rc1 # -SAMBA_VERSION_RC_RELEASE=3 +SAMBA_VERSION_RC_RELEASE= # To mark SVN snapshots this should be set to 'yes'# -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c79e08f s3 swat: Create random nonce in CGI mode via 52d2ba7 s3 swat: Add time component to XSRF token via b5d63c3 s3 swat: Add XSRF protection to printer page via 072c199 s3 swat: Add XSRF protection to password page via c02df79 s3 swat: Add XSRF protection to shares page via 68f8924 s3 swat: Add XSRF protection to globals page via 99fa6b3 s3 swat: Add XSRF protection to wizard page via ab98edd s3 swat: Add XSRF protection to wizard_params page via 00d255f s3 swat: Add XSRF protection to viewconfig page via 15ed2a0 s3 swat: Add XSRF protection to status page via c379b36 s3 swat: Add support for anti-XSRF token via b7521dc s3 swat: Allow getting the user's HTTP auth password via cc86a11 s3-swat: Fix typo. via dc50cf3 s3 swat: Fix possible XSS attack (bug #8289) from 78b54e9 talloc: Support PYTHON environment variable. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c79e08fb1bb36a36bb09e01fdf62094a850ec3ed Author: Kai Blin k...@samba.org Date: Tue Jul 12 08:08:24 2011 +0200 s3 swat: Create random nonce in CGI mode In CGI mode, we don't get access to the user's password, which would reduce the hash used so far to parameters an attacker can easily guess. To work around this, read the nonce from secrets.tdb or generate one if it's not there. Also populate the C_user field so we can use that for token creation. Signed-off-by: Kai Blin k...@samba.org Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Tue Jul 26 23:33:24 CEST 2011 on sn-devel-104 commit 52d2ba7103ffc10a58c81b472d9d62fca446d09b Author: Kai Blin k...@samba.org Date: Sat Jul 9 09:52:07 2011 +0200 s3 swat: Add time component to XSRF token Signed-off-by: Kai Blin k...@samba.org commit b5d63c3c11c469e576f7e961f7d72e6d7db47ba7 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:06:13 2011 +0200 s3 swat: Add XSRF protection to printer page Signed-off-by: Kai Blin k...@samba.org commit 072c199180d7d0580665f15e4182f32bf9a565c0 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:05:38 2011 +0200 s3 swat: Add XSRF protection to password page Signed-off-by: Kai Blin k...@samba.org commit c02df79f610d69d5311b7659f94d9161e88836ee Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:04:48 2011 +0200 s3 swat: Add XSRF protection to shares page Signed-off-by: Kai Blin k...@samba.org commit 68f8924c7c9157e4a324c77695fbf0e07635fb32 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:04:12 2011 +0200 s3 swat: Add XSRF protection to globals page Signed-off-by: Kai Blin k...@samba.org commit 99fa6b386aad3a78ea54f1f083d40754c9ef6703 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:03:44 2011 +0200 s3 swat: Add XSRF protection to wizard page Signed-off-by: Kai Blin k...@samba.org commit ab98edd79dd98c989812ea9eab0418cfcb6bfc86 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:03:15 2011 +0200 s3 swat: Add XSRF protection to wizard_params page Signed-off-by: Kai Blin k...@samba.org commit 00d255fc1d91f2baae9294c838012b9b2cb6dfbc Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:02:53 2011 +0200 s3 swat: Add XSRF protection to viewconfig page Signed-off-by: Kai Blin k...@samba.org commit 15ed2a0eedb530fbfd244ed6c0121db18102860f Author: Kai Blin k...@samba.org Date: Fri Jul 8 12:58:53 2011 +0200 s3 swat: Add XSRF protection to status page Signed-off-by: Kai Blin k...@samba.org commit c379b3623a484c1522f5c16d9a32019155ad1a46 Author: Kai Blin k...@samba.org Date: Tue Jul 26 12:46:30 2011 -0700 s3 swat: Add support for anti-XSRF token commit b7521dc7566fbd8bfb8a09f391ce0cd8c7f18e14 Author: Kai Blin k...@samba.org Date: Fri Jul 8 12:56:21 2011 +0200 s3 swat: Allow getting the user's HTTP auth password Signed-off-by: Kai Blin k...@samba.org commit cc86a11b9eb4cc5e3aeb45dbfe2edf3e9d05b7db Author: Karolin Seeger ksee...@samba.org Date: Sun Jul 24 21:09:38 2011 +0200 s3-swat: Fix typo. Thanks to Simo for reporting! Karolin (cherry picked from commit 9f73c1990a19daa899fa5345530a867e69a5be94) (cherry picked from commit bcb052c29212954a3ed10c9f095c51e4e0a96af5) commit dc50cf38c11ad845115bae35d2dc8a7e9c4893ff Author: Kai Blin k...@samba.org Date: Thu Jul 7 10:03:33 2011 +0200 s3 swat: Fix possible XSS attack (bug #8289) Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack against SWAT, the Samba Web Administration Tool. The attack uses reflection to insert arbitrary content into the change password page. This patch fixes the reflection issue by not printing user-specified content on the website anymore.
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a5ba418 s4-dcerpc: Do not return linked attribute on deleted objects it makes W2k8R2 loops when joining s4 domains via 326e2dd s4-dsdb: Improve the calculation of system flags according to 3.1.1.5.2.4 via 5f1f153 s4-upgradeprovision: Detect recent provision in a more reliable way from c79e08f s3 swat: Create random nonce in CGI mode http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a5ba41881c393d075238a537aeca273df446389b Author: Matthieu Patou m...@matws.net Date: Tue Jul 19 00:59:20 2011 +0400 s4-dcerpc: Do not return linked attribute on deleted objects it makes W2k8R2 loops when joining s4 domains Autobuild-User: Matthieu Patou m...@samba.org Autobuild-Date: Wed Jul 27 00:46:56 CEST 2011 on sn-devel-104 commit 326e2dd681c7210375a9b6e3b3e512dbab94bf7e Author: Matthieu Patou m...@matws.net Date: Mon Jul 25 17:31:03 2011 +0400 s4-dsdb: Improve the calculation of system flags according to 3.1.1.5.2.4 commit 5f1f15399843760d3c3cf98022c76017a3a415c8 Author: Matthieu Patou m...@matws.net Date: Thu Jul 21 00:50:38 2011 +0400 s4-upgradeprovision: Detect recent provision in a more reliable way --- Summary of changes: source4/dsdb/samdb/ldb_modules/objectclass.c |5 +++-- source4/rpc_server/drsuapi/getncchanges.c| 16 +++- source4/scripting/bin/upgradeprovision | 13 - 3 files changed, 30 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 7ae90d3..ab1766f 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -734,14 +734,15 @@ static int objectclass_do_add(struct oc_context *ac) } else if (ldb_attr_cmp(objectclass-lDAPDisplayName, site) == 0 || ldb_attr_cmp(objectclass-lDAPDisplayName, serversContainer) == 0 || ldb_attr_cmp(objectclass-lDAPDisplayName, nTDSDSA) == 0) { + if (ldb_attr_cmp(objectclass-lDAPDisplayName, site) == 0) + systemFlags |= (int32_t)(SYSTEM_FLAG_CONFIG_ALLOW_RENAME); systemFlags |= (int32_t)(SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE); - } else if (ldb_attr_cmp(objectclass-lDAPDisplayName, siteLink) == 0 + || ldb_attr_cmp(objectclass-lDAPDisplayName, subnet) == 0 || ldb_attr_cmp(objectclass-lDAPDisplayName, siteLinkBridge) == 0 || ldb_attr_cmp(objectclass-lDAPDisplayName, nTDSConnection) == 0) { systemFlags |= (int32_t)(SYSTEM_FLAG_CONFIG_ALLOW_RENAME); } - /* TODO: If parent object is site or subnet, also add (SYSTEM_FLAG_CONFIG_ALLOW_RENAME) */ if (el || systemFlags != 0) { diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index dc50fc0..2abab78 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -362,7 +362,21 @@ static WERROR get_nc_changes_add_la(TALLOC_CTX *mem_ctx, struct GUID guid; struct ldb_dn *tdn; int ret; - + const char *v; + + v = ldb_msg_find_attr_as_string(msg, isDeleted, false); + if (strncasecmp(v, true, 4) == 0) { + v = ldb_msg_find_attr_as_string(msg, isRecycled, false); + /* +* Do not skip link when the object is just deleted (isRecycled not present) +* Do it for tomstones or recycled ones +*/ + if (strncasecmp(v, true, 4) == 0) { + DEBUG(2, ( object %s is deleted, not returning linked attribute !\n, + ldb_dn_get_linearized(msg-dn))); + return WERR_OK; + } + } status = dsdb_get_extended_dn_guid(dsdb_dn-dn, guid, GUID); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,(__location__ Unable to extract GUID in linked attribute '%s' in '%s'\n, diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision index 54f3cf1..af97964 100755 --- a/source4/scripting/bin/upgradeprovision +++ b/source4/scripting/bin/upgradeprovision @@ -1346,6 +1346,16 @@ def rebuild_sd(samdb, names): message(ERROR, On %s bad stuff %s % (str(delta.dn),badsd.as_sddl(names.domainsid))) return
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 61d420e s3: cli_close_done-write_andx_done in test_async_echo via cdae9ef s3: Fix a debug message via 45ec7d6 s3: Fix formatting via 9f66e30 s3: Fix an error message via 1335059 s3: Fix async smb handling from a5ba418 s4-dcerpc: Do not return linked attribute on deleted objects it makes W2k8R2 loops when joining s4 domains http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 61d420e0d84483a4182108b00eec7484ab89b478 Author: Volker Lendecke v...@samba.org Date: Tue Jul 26 21:07:08 2011 +0200 s3: cli_close_done-write_andx_done in test_async_echo Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Wed Jul 27 02:03:49 CEST 2011 on sn-devel-104 commit cdae9ef267088c6b6b940a5f8fd0a8402e27da86 Author: Volker Lendecke v...@samba.org Date: Tue Jul 26 21:06:41 2011 +0200 s3: Fix a debug message commit 45ec7d6f24d7df9751823c431cf4302d96b333d0 Author: Volker Lendecke v...@samba.org Date: Tue Jul 26 20:49:32 2011 +0200 s3: Fix formatting commit 9f66e302b8b5e1497eac188f680e90122889dcec Author: Volker Lendecke v...@samba.org Date: Tue Jul 26 20:48:59 2011 +0200 s3: Fix an error message commit 1335059ff5ef1a8f0f9aedf6a6db366074d457f3 Author: Volker Lendecke v...@samba.org Date: Tue Jul 26 19:44:51 2011 +0200 s3: Fix async smb handling In cli_echo with more than one response we ended up with more than one read_smb request. One from the call to cli_smb_req_set_pending called from cli_smb_received. The other one from cli_smb_received itself. I don't really see another way to deal with this than to hold the read_smb request in the cli_state. Metze, please check! Volker --- Summary of changes: source3/include/client.h |1 + source3/libsmb/async_smb.c| 30 +- source3/torture/test_async_echo.c | 14 -- 3 files changed, 30 insertions(+), 15 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/client.h b/source3/include/client.h index 34d99d4..c4f011d 100644 --- a/source3/include/client.h +++ b/source3/include/client.h @@ -124,6 +124,7 @@ struct cli_state { struct sockaddr_storage local_ss; struct sockaddr_storage remote_ss; const char *remote_name; + struct tevent_req *read_smb_req; struct tevent_queue *outgoing; struct tevent_req **pending; } conn; diff --git a/source3/libsmb/async_smb.c b/source3/libsmb/async_smb.c index 87614bd..ecc7780 100644 --- a/source3/libsmb/async_smb.c +++ b/source3/libsmb/async_smb.c @@ -139,6 +139,7 @@ void cli_smb_req_unset_pending(struct tevent_req *req) * delete the socket read fde. */ TALLOC_FREE(cli-conn.pending); + cli-conn.read_smb_req = NULL; return; } @@ -193,7 +194,6 @@ bool cli_smb_req_set_pending(struct tevent_req *req) struct cli_state *cli; struct tevent_req **pending; int num_pending; - struct tevent_req *subreq; cli = state-cli; num_pending = talloc_array_length(cli-conn.pending); @@ -207,7 +207,7 @@ bool cli_smb_req_set_pending(struct tevent_req *req) cli-conn.pending = pending; talloc_set_destructor(req, cli_smb_req_destructor); - if (num_pending 0) { + if (cli-conn.read_smb_req != NULL) { return true; } @@ -215,12 +215,13 @@ bool cli_smb_req_set_pending(struct tevent_req *req) * We're the first ones, add the read_smb request that waits for the * answer from the server */ - subreq = read_smb_send(cli-conn.pending, state-ev, cli-conn.fd); - if (subreq == NULL) { + cli-conn.read_smb_req = read_smb_send(cli-conn.pending, state-ev, + cli-conn.fd); + if (cli-conn.read_smb_req == NULL) { cli_smb_req_unset_pending(req); return false; } - tevent_req_set_callback(subreq, cli_smb_received, cli); + tevent_req_set_callback(cli-conn.read_smb_req, cli_smb_received, cli); return true; } @@ -531,8 +532,16 @@ static void cli_smb_received(struct tevent_req *subreq) uint16_t mid; bool oplock_break; + if (subreq != cli-conn.read_smb_req) { + DEBUG(1, (Internal error: cli_smb_received called with + unexpected subreq\n)); + status = NT_STATUS_INTERNAL_ERROR; + goto fail; + } + received = read_smb_recv(subreq, talloc_tos(), inbuf, err); TALLOC_FREE(subreq); + cli-conn.read_smb_req = NULL; if
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4fdad19 Fix bug #8324 - smbclient cannot list directories from a big-endian machine. from 61d420e s3: cli_close_done-write_andx_done in test_async_echo http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4fdad1960cf45973eec97f09721eeb4dfdc8088c Author: Jeremy Allison j...@samba.org Date: Tue Jul 26 15:15:26 2011 -0700 Fix bug #8324 - smbclient cannot list directories from a big-endian machine. Two uses of the setup array are not being correctly byte-swapped to little endian. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Wed Jul 27 03:14:48 CEST 2011 on sn-devel-104 --- Summary of changes: source3/libsmb/clilist.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/clilist.c b/source3/libsmb/clilist.c index 1aa5699..55a6636 100644 --- a/source3/libsmb/clilist.c +++ b/source3/libsmb/clilist.c @@ -572,7 +572,7 @@ static struct tevent_req *cli_list_trans_send(TALLOC_CTX *mem_ctx, state-max_matches = 1366; /* Match W2k */ - state-setup[0] = TRANSACT2_FINDFIRST; + SSVAL(state-setup[0], 0, TRANSACT2_FINDFIRST); state-param = talloc_array(state, uint8_t, 12); if (tevent_req_nomem(state-param, req)) { @@ -736,7 +736,7 @@ static void cli_list_trans_done(struct tevent_req *subreq) return; } - state-setup[0] = TRANSACT2_FINDNEXT; + SSVAL(state-setup[0], 0, TRANSACT2_FINDNEXT); param = talloc_realloc(state, state-param, uint8_t, 12); if (tevent_req_nomem(param, req)) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e98e0cf waf: update to latest waf 1.5 version from 4fdad19 Fix bug #8324 - smbclient cannot list directories from a big-endian machine. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e98e0cf785ec1269cb5ab9f761d951d35d6792a1 Author: Andrew Tridgell tri...@samba.org Date: Wed Jul 27 10:07:50 2011 +1000 waf: update to latest waf 1.5 version this includes an on_results fix from thomas that fixes a dependency problem with our autoproto code Note that this changes task signatures, so it will trigger a complete rebuild Autobuild-User: Andrew Tridgell tri...@samba.org Autobuild-Date: Wed Jul 27 04:27:32 CEST 2011 on sn-devel-104 --- Summary of changes: buildtools/bin/waf-svn | Bin 109281 - 109232 bytes 1 files changed, 0 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/bin/waf-svn b/buildtools/bin/waf-svn index b2e4885..6d54d5f 100755 Binary files a/buildtools/bin/waf-svn and b/buildtools/bin/waf-svn differ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3276060 s3:idmap_tdb2: remove the undocumented option of the silly name tdb:idmap2.tdb via 67cd2f9 s3:idmap_tdb2: remove a legacy comment via 4b5ada3 s3:idmap_tdb2: remove legacy comment via 5511855 s3:idmap_tdb2: remove superfluous initialization with bogus comment via 7d3dc21 s3:idmap_tdb2: fix a legacy comment that does not apply any more via 86973ee s3:doc: add an example with idmap script to the idmap_tdb2 manpage via 2f253c2 s3:docs: remove legacy text from the example in the idmap_tdb2 manpage via 4daab85 s3:doc: clarify the idmap script section in the idmap_tdb2 manpage via 2aa19b4 s3:docs:idmap_tdb2: update the documentation of idmap script via b6c82f1 s3:idmap_tdb2: deprecate the idmap:script parameter and use idmap config * : script instead from e98e0cf waf: update to latest waf 1.5 version http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3276060da4e7d495bd5cf5cbf7237e64d948ee77 Author: Michael Adam ob...@samba.org Date: Fri Jun 24 10:15:02 2011 +0200 s3:idmap_tdb2: remove the undocumented option of the silly name tdb:idmap2.tdb In ancient times, when ctdb had not support for persistent databases and tdb2 was introduced as a two-layer solution and it was more important than today to be able to change the location of the permanent database file because it had to reside on shared storage. But these were times when idmap_tdb2 was not even officially released. Nowadays, with ctdb handling the persistent idmap2.tdb database, the path is stripped anyways, so this undocumented option has become unnecessary and is hence removed. Autobuild-User: Michael Adam ob...@samba.org Autobuild-Date: Wed Jul 27 05:37:57 CEST 2011 on sn-devel-104 commit 67cd2f9d867fad1f7df2d6a6a5cdb723336ac495 Author: Michael Adam ob...@samba.org Date: Thu Jun 9 13:36:54 2011 +0200 s3:idmap_tdb2: remove a legacy comment commit 4b5ada3d27198b49771acb70ae979087235be783 Author: Michael Adam ob...@samba.org Date: Thu Jun 9 13:35:21 2011 +0200 s3:idmap_tdb2: remove legacy comment commit 551185573899b6e608863f833633d40ae04458d8 Author: Michael Adam ob...@samba.org Date: Thu Jun 9 13:34:04 2011 +0200 s3:idmap_tdb2: remove superfluous initialization with bogus comment commit 7d3dc2164b3929c642127659593e69fc865a6184 Author: Michael Adam ob...@samba.org Date: Thu Jun 9 13:07:54 2011 +0200 s3:idmap_tdb2: fix a legacy comment that does not apply any more commit 86973eee43605a3680fb51470a81ea9ca7f1b515 Author: Michael Adam ob...@samba.org Date: Fri Jun 24 11:38:05 2011 +0200 s3:doc: add an example with idmap script to the idmap_tdb2 manpage commit 2f253c2791ccb2421f26f563e3983ee950da1d05 Author: Michael Adam ob...@samba.org Date: Fri Jun 24 11:36:33 2011 +0200 s3:docs: remove legacy text from the example in the idmap_tdb2 manpage commit 4daab85ae60f2821a1d9d98f1edff6a318e8e3c1 Author: Michael Adam ob...@samba.org Date: Fri Jun 24 11:35:51 2011 +0200 s3:doc: clarify the idmap script section in the idmap_tdb2 manpage commit 2aa19b4aeb9de43a0e2b94ad1202f2068b29c710 Author: Michael Adam ob...@samba.org Date: Fri Jun 24 10:59:04 2011 +0200 s3:docs:idmap_tdb2: update the documentation of idmap script to reflect the new variant idmap config * : script of configuring the idmap script commit b6c82f18f17cdded771d285930566c1d104686aa Author: Michael Adam ob...@samba.org Date: Tue Jun 7 18:00:36 2011 +0200 s3:idmap_tdb2: deprecate the idmap:script parameter and use idmap config * : script instead With this patch, idmap config * : script will override idmap : script. If idmap : script is present, a deprecation warning will be printed in any case. If idmap config * : script is not set, then the value of idmap :script will be used for backwards compatibility. --- Summary of changes: docs-xml/manpages-3/idmap_tdb2.8.xml | 48 --- source3/winbindd/idmap_tdb2.c| 52 ++--- 2 files changed, 59 insertions(+), 41 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/idmap_tdb2.8.xml b/docs-xml/manpages-3/idmap_tdb2.8.xml index 980ffe6..1faf590 100644 --- a/docs-xml/manpages-3/idmap_tdb2.8.xml +++ b/docs-xml/manpages-3/idmap_tdb2.8.xml @@ -43,6 +43,16 @@ backend is authoritative. /para/listitem /varlistentry + + varlistentry + termscript/term + listitempara + This option can be used to configure an external program + for performing id mappings instead of using the tdb +