The branch, v3-6-test has been updated
via 7602225 WHATSNEW: Update changes since rc3.
via d1ab64c s3:modules:nfs4_acls: improve fix for bug #8330
via 3c05013 s3:modules fix Bug 8330 NFSv4 ACL merging logic is broken
via 6a587c9 s3:lib/events: Fix a bug in run_poll_events().
via cbd408d s3:smb2_server: make sure we grant credits on async
read/write operations (bug #8357)
via 87fa72a s3/swat: use strlcat instead of strncat to fix build on old
Linux distros
via be41d88 s3:web/swat: use strtoll() instead of atoi/atol/atoll
from d6f841b WHATSNEW: Update release notes.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit 76022256cd23cd71354e21384e2350c761e9f373
Author: Karolin Seeger <[email protected]>
Date: Tue Aug 9 13:15:02 2011 +0200
WHATSNEW: Update changes since rc3.
Karolin
commit d1ab64cbc2d62744f541eea0d80d7b522416ac1c
Author: Michael Adam <[email protected]>
Date: Thu Jul 28 09:49:34 2011 +0200
s3:modules:nfs4_acls: improve fix for bug #8330
simplify the check insmbacl4_find_equal_special()
Signed-off-by: Michael Adam <[email protected]>
commit 3c05013694c453411b78a1df884a80c8d48e7393
Author: Christian Ambach <[email protected]>
Date: Wed Jul 27 14:46:00 2011 +0200
s3:modules fix Bug 8330 NFSv4 ACL merging logic is broken
we should not merge ACEs with different flags (e.g. CI/OI/I/)
Otherwise ACLs get wrong entries and thus wrong semantics
Example:
ACL:BUILTIN\Users:ALLOWED/0x0/FULL
ACL:BUILTIN\Users:ALLOWED/I/READ
got merged to
ACL:BUILTIN\Users:ALLOWED/I/FULL
This is not the same and also leads to wrong displays
in the Windows ACL dialog
Autobuild-User: Christian Ambach <[email protected]>
Autobuild-Date: Wed Jul 27 16:03:51 CEST 2011 on sn-devel-104
commit 6a587c926b7fdcb934b916a29bdd04bd0ef606b9
Author: Stefan Metzmacher <[email protected]>
Date: Mon Aug 8 18:49:06 2011 +0200
s3:lib/events: Fix a bug in run_poll_events().
Ignore fd events without EVENT_FD_READ or EVENT_FD_WRITE also in
run_events_poll(). They are ignore when building the array
for the syscall in event_add_to_poll_args(), so we need to
ignore them run_events_poll() too.
metze
Signed-off-by: Andreas Schneider <[email protected]>
Autobuild-User: Stefan Metzmacher <[email protected]>
Autobuild-Date: Tue Aug 9 10:11:54 CEST 2011 on sn-devel-104
(cherry picked from commit 020032e114c0e966acf24f24e707942219d60cf3)
Fix bug #8358 (smbd exits with NT_STATUS_INTERNAL_ERROR in
run_poll_events()).
commit cbd408df89ec51fb06fbfb935458eb8425639bed
Author: Stefan Metzmacher <[email protected]>
Date: Sat Aug 6 10:19:21 2011 +0200
s3:smb2_server: make sure we grant credits on async read/write operations
(bug #8357)
Currently we skip, the "gone async" interim response on read and write,
this caused the aio code path to grant 0 credits to the client
in the read/write responses.
metze
Autobuild-User: Stefan Metzmacher <[email protected]>
Autobuild-Date: Sun Aug 7 22:23:57 CEST 2011 on sn-devel-104
(cherry picked from commit 47bffb9b9243dc72d7305cd9ec3e63e176841bf5)
commit 87fa72a5202fe3780d4a61289bf755027cd078f4
Author: Björn Jacke <[email protected]>
Date: Thu Aug 4 16:25:08 2011 +0200
s3/swat: use strlcat instead of strncat to fix build on old Linux distros
SLES 9's glibc for example had weird macros where the use of strncat
resulted
in the use of strcat which we don't allow.
Signed-off-by: Stefan Metzmacher <[email protected]>
Autobuild-User: Björn Jacke <[email protected]>
Autobuild-Date: Thu Aug 4 17:50:24 CEST 2011 on sn-devel-104
(cherry picked from commit d3b4d75364210e2d2a4a1cd806f28b0021f22909)
Fix bug #8362 (build issue on old glibc systems).
commit be41d88e55237214e5a27f7bd8d8c15e27d31579
Author: Stefan Metzmacher <[email protected]>
Date: Fri Aug 5 19:48:38 2011 +0200
s3:web/swat: use strtoll() instead of atoi/atol/atoll
This is more portable, as we have a strtoll replacement
in lib/replace.
metze
Autobuild-User: Stefan Metzmacher <[email protected]>
Autobuild-Date: Sat Aug 6 11:55:45 CEST 2011 on sn-devel-104
(cherry picked from commit a6be0820d09b3f3eabfbb5f4356add303aa8a494)
Fix bug #8347 (CVE-2011-2522 regression for HP-UX, AIX and OSF).
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 14 ++++++++++++++
source3/lib/events.c | 4 ++++
source3/modules/nfs4_acls.c | 7 ++-----
source3/smbd/smb2_server.c | 21 +++++++++++++++------
source3/web/swat.c | 27 ++++++++++++++++++++-------
5 files changed, 55 insertions(+), 18 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 8933d92..4c147be 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -264,6 +264,10 @@ o Jeremy Allison <[email protected]>
* BUG 8335: File copy aborts with smb2_validate_message_id: bad message_id.
+o Christian Ambach <[email protected]>
+ * BUG 8330: Fix NFSv4 ACL merging logic.
+
+
o Andrew Bartlett <[email protected]>
* BUG 8326: WinXP cannot join a Samba3 domain with a 'even' hostname.
@@ -276,10 +280,20 @@ o Alban Browaeys <[email protected]>
* BUG 8341: Fix segfault in libsmbclient.
+o Björn Jacke <[email protected]>
+ * BUG 8362: Fix build issue on old glibc systems.
+
+
o Volker Lendecke <[email protected]>
* BUG 8343: Fix SMB2 crash reading with aio_fork beyond the end of file.
+o Stefan Metzmacher <[email protected]>
+ * BUG 8347: Fix regression for HP-UX, AIX and OSF.
+ * BUG 8357: Make sure we grant credits on async read/write operations.
+ * BUG 8358: Fix a bug in run_poll_events().
+
+
Changes since 3.6.0rc2
----------------------
diff --git a/source3/lib/events.c b/source3/lib/events.c
index fbe3db9..5631436 100644
--- a/source3/lib/events.c
+++ b/source3/lib/events.c
@@ -243,6 +243,10 @@ bool run_events_poll(struct tevent_context *ev, int
pollrtn,
struct pollfd *pfd;
uint16 flags = 0;
+ if ((fde->flags & (EVENT_FD_READ|EVENT_FD_WRITE)) == 0) {
+ continue;
+ }
+
if (pollfd_idx[fde->fd] >= num_pfds) {
DEBUG(1, ("internal error: pollfd_idx[fde->fd] (%d) "
">= num_pfds (%d)\n", pollfd_idx[fde->fd],
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index be8a505..c9d795d 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -516,11 +516,8 @@ static SMB_ACE4PROP_T *smbacl4_find_equal_special(
if (ace->flags == aceNew->flags &&
ace->aceType==aceNew->aceType &&
- ((ace->aceFlags&SMB_ACE4_INHERIT_ONLY_ACE)==
- (aceNew->aceFlags&SMB_ACE4_INHERIT_ONLY_ACE)) &&
- (ace->aceFlags&SMB_ACE4_IDENTIFIER_GROUP)==
- (aceNew->aceFlags&SMB_ACE4_IDENTIFIER_GROUP)
- ) {
+ ace->aceFlags==aceNew->aceFlags)
+ {
/* keep type safety; e.g. gid is an u.short */
if (ace->flags & SMB_ACE4_ID_SPECIAL)
{
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index b77c636..0cc80ed 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -441,17 +441,26 @@ static void smb2_set_operation_credit(struct
smbd_server_connection *sconn,
const struct iovec *in_vector,
struct iovec *out_vector)
{
+ const uint8_t *inhdr = (const uint8_t *)in_vector->iov_base;
uint8_t *outhdr = (uint8_t *)out_vector->iov_base;
- uint16_t credits_requested = 0;
+ uint16_t credits_requested;
+ uint32_t out_flags;
uint16_t credits_granted = 0;
- if (in_vector != NULL) {
- const uint8_t *inhdr = (const uint8_t *)in_vector->iov_base;
- credits_requested = SVAL(inhdr, SMB2_HDR_CREDIT);
- }
+ credits_requested = SVAL(inhdr, SMB2_HDR_CREDIT);
+ out_flags = IVAL(outhdr, SMB2_HDR_FLAGS);
SMB_ASSERT(sconn->smb2.max_credits >= sconn->smb2.credits_granted);
+ if (out_flags & SMB2_HDR_FLAG_ASYNC) {
+ /*
+ * In case we already send an async interim
+ * response, we should not grant
+ * credits on the final response.
+ */
+ credits_requested = 0;
+ }
+
if (credits_requested) {
uint16_t modified_credits_requested;
uint32_t multiplier;
@@ -1617,7 +1626,7 @@ static NTSTATUS smbd_smb2_request_reply(struct
smbd_smb2_request *req)
/* Set credit for this operation (zero credits if this
is a final reply for an async operation). */
smb2_set_operation_credit(req->sconn,
- req->async ? NULL : &req->in.vector[i],
+ &req->in.vector[i],
&req->out.vector[i]);
if (req->do_signing) {
diff --git a/source3/web/swat.c b/source3/web/swat.c
index 8b6ae31..e7c0378 100644
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -174,7 +174,7 @@ void get_xsrf_token(const char *username, const char *pass,
char tmp[3];
snprintf(tmp, sizeof(tmp), "%02x", token[i]);
- strncat(token_str, tmp, sizeof(tmp));
+ strlcat(token_str, tmp, sizeof(tmp));
}
}
@@ -198,16 +198,29 @@ bool verify_xsrf_token(const char *formname)
const char *pass = cgi_user_pass();
const char *token = cgi_variable_nonull(XSRF_TOKEN);
const char *time_str = cgi_variable_nonull(XSRF_TIME);
+ char *p = NULL;
+ long long xsrf_time_ll = 0;
time_t xsrf_time = 0;
time_t now = time(NULL);
- if (sizeof(time_t) == sizeof(int)) {
- xsrf_time = atoi(time_str);
- } else if (sizeof(time_t) == sizeof(long)) {
- xsrf_time = atol(time_str);
- } else if (sizeof(time_t) == sizeof(long long)) {
- xsrf_time = atoll(time_str);
+ errno = 0;
+ xsrf_time_ll = strtoll(time_str, &p, 10);
+ if (errno != 0) {
+ return false;
+ }
+ if (p == NULL) {
+ return false;
+ }
+ if (PTR_DIFF(p, time_str) > strlen(time_str)) {
+ return false;
+ }
+ if (xsrf_time_ll > _TYPE_MAXIMUM(time_t)) {
+ return false;
+ }
+ if (xsrf_time_ll < _TYPE_MINIMUM(time_t)) {
+ return false;
}
+ xsrf_time = xsrf_time_ll;
if (abs(now - xsrf_time) > XSRF_TIMEOUT) {
return false;
--
Samba Shared Repository
