The branch, master has been updated
via d62de8d lib/param: Set s4 "host msdfs = true" by default
via 77a551d loadparm: fixed service list handling
via fae42c1 pidfile: use set_close_on_exec()
via 9f4c3da s4-socket: use set_close_on_exec()
via d581c9d genrand: use set_close_on_exec()
via 3b56f64 lib/util: added set_close_on_exec()
via 9782501 dynconfig: added SBINDIR and BINDIR as updated dynconfig
variables
from 1355f0a s3: Fix a typo
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit d62de8d83e451a8c562dd59d8599c2a325c7ac1f
Author: Andrew Bartlett <[email protected]>
Date: Fri Dec 16 09:26:04 2011 +1100
lib/param: Set s4 "host msdfs = true" by default
This matches the s3 loadparm, and makes this feature available
by default for our users in a DC environment. (This is needed
for the correct operation of GPOs).
Andrew Bartlett
Autobuild-User: Andrew Bartlett <[email protected]>
Autobuild-Date: Fri Dec 16 01:08:34 CET 2011 on sn-devel-104
commit 77a551d613059fd2df0fbfbd86f206c2b59e91a7
Author: Andrew Tridgell <[email protected]>
Date: Tue Dec 6 11:30:24 2011 +1100
loadparm: fixed service list handling
when you have:
server services = +smb -s3fs
and 'smb' is already in the list, then this should not be an
error. This ensures that a config that specifically sets the services
it wants doesn't generate an error if the service list being set
happens to be the default
commit fae42c1f41435bf087c23d384cd6147dd9f7f4ef
Author: Andrew Tridgell <[email protected]>
Date: Wed Nov 30 15:18:54 2011 +1100
pidfile: use set_close_on_exec()
this prevents a fd leak to child processes
commit 9f4c3da734adbabf457074563f3fb3fae7b85585
Author: Andrew Tridgell <[email protected]>
Date: Wed Nov 30 15:18:45 2011 +1100
s4-socket: use set_close_on_exec()
this prevents a fd leak to child processes
commit d581c9d284e7c635b0379d57e95cb32e682f0f02
Author: Andrew Tridgell <[email protected]>
Date: Wed Nov 30 15:18:08 2011 +1100
genrand: use set_close_on_exec()
this prevents a fd leak to child processes
commit 3b56f64923a71a90734c5167d549e4eb14002d18
Author: Andrew Tridgell <[email protected]>
Date: Wed Nov 30 15:17:47 2011 +1100
lib/util: added set_close_on_exec()
this was already in tevent_util.c, but library layering prevented us
from using it in some other libraries
commit 9782501f0b9fafa171c4ed830abd8433b0be1f1b
Author: Andrew Tridgell <[email protected]>
Date: Wed Nov 30 10:07:30 2011 +1100
dynconfig: added SBINDIR and BINDIR as updated dynconfig variables
this allows these to work correctly in a build environment, pointing
at bin/
-----------------------------------------------------------------------
Summary of changes:
dynconfig/wscript | 2 ++
lib/param/loadparm.c | 20 ++++++--------------
lib/util/blocking.c | 18 ++++++++++++++++++
lib/util/genrand.c | 9 +++++++++
lib/util/samba_util.h | 5 +++++
source4/lib/socket/socket_ip.c | 4 ++++
source4/lib/socket/socket_unix.c | 4 ++++
source4/smbd/pidfile.c | 2 ++
8 files changed, 50 insertions(+), 14 deletions(-)
Changeset truncated at 500 lines:
diff --git a/dynconfig/wscript b/dynconfig/wscript
index 28f6e8d..374ede2 100755
--- a/dynconfig/wscript
+++ b/dynconfig/wscript
@@ -340,6 +340,8 @@ def dynconfig_cflags(bld, list=None):
override = { 'MODULESDIR' : 'bin/modules',
'PYTHONDIR' : 'bin/python',
'PYTHONARCHDIR' : 'bin/python',
+ 'BINDIR' : 'bin',
+ 'SBINDIR' : 'bin',
'CODEPAGEDIR' : os.path.join(bld.env.srcdir, 'codepages'),
'SCRIPTSBINDIR' : os.path.join(bld.env.srcdir,
'source4/scripting/bin'),
'SETUPDIR' : os.path.join(bld.env.srcdir,
'source4/setup') }
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 48b5221..8ed9ced 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2509,23 +2509,13 @@ static bool set_variable(TALLOC_CTX *mem_ctx, int
parmnum, void *parm_ptr,
char **new_list = str_list_make(mem_ctx,
pszParmValue, NULL);
for (i=0; new_list[i]; i++) {
- if (new_list[i][0] == '+' && new_list[i][1] &&
- (!str_list_check(*(const char ***)parm_ptr,
- &new_list[i][1]))) {
- *(const char ***)parm_ptr =
str_list_add(*(const char ***)parm_ptr,
-
&new_list[i][1]);
- } else if (new_list[i][0] == '-' &&
new_list[i][1]) {
-#if 0 /* This is commented out because we sometimes parse the list
- * twice, and so we can't assert on this */
+ if (new_list[i][0] == '+' && new_list[i][1]) {
if (!str_list_check(*(const char
***)parm_ptr,
&new_list[i][1])) {
- DEBUG(0, ("Unsupported value
for: %s = %s, %s is not in the original list [%s]\n",
- pszParmName,
pszParmValue, new_list[i],
-
str_list_join_shell(mem_ctx, *(const char ***)parm_ptr, ' ')));
- return false;
-
+ *(const char ***)parm_ptr =
str_list_add(*(const char ***)parm_ptr,
+
&new_list[i][1]);
}
-#endif
+ } else if (new_list[i][0] == '-' &&
new_list[i][1]) {
str_list_remove(*(const char
***)parm_ptr,
&new_list[i][1]);
} else {
@@ -3295,6 +3285,8 @@ struct loadparm_context *loadparm_init(TALLOC_CTX
*mem_ctx)
lpcfg_do_global_parameter(lp_ctx, "max mux", "50");
lpcfg_do_global_parameter(lp_ctx, "max xmit", "12288");
+ lpcfg_do_global_parameter(lp_ctx, "host msdfs", "true");
+
lpcfg_do_global_parameter(lp_ctx, "password level", "0");
lpcfg_do_global_parameter(lp_ctx, "LargeReadwrite", "True");
lpcfg_do_global_parameter(lp_ctx, "server min protocol", "CORE");
diff --git a/lib/util/blocking.c b/lib/util/blocking.c
index f5933cc..9dede7a 100644
--- a/lib/util/blocking.c
+++ b/lib/util/blocking.c
@@ -60,3 +60,21 @@ _PUBLIC_ int set_blocking(int fd, bool set)
return fcntl( fd, F_SETFL, val);
#undef FLAG_TO_SET
}
+
+
+_PUBLIC_ bool set_close_on_exec(int fd)
+{
+#ifdef FD_CLOEXEC
+ int val;
+
+ val = fcntl(fd, F_GETFD, 0);
+ if (val >= 0) {
+ val |= FD_CLOEXEC;
+ val = fcntl(fd, F_SETFD, val);
+ if (val != -1) {
+ return true;
+ }
+ }
+#endif
+ return false;
+}
diff --git a/lib/util/genrand.c b/lib/util/genrand.c
index 7fe55f3..b8d3c78 100644
--- a/lib/util/genrand.c
+++ b/lib/util/genrand.c
@@ -172,6 +172,9 @@ static int do_reseed(bool use_fd, int fd)
if (use_fd) {
if (fd == -1) {
fd = open( "/dev/urandom", O_RDONLY,0);
+ if (fd != -1) {
+ set_close_on_exec(fd);
+ }
}
if (fd != -1
&& (read(fd, seed_inbuf, sizeof(seed_inbuf)) ==
sizeof(seed_inbuf))) {
@@ -232,6 +235,9 @@ _PUBLIC_ void generate_random_buffer(uint8_t *out, int len)
if (bytes_since_reseed < 40) {
if (urand_fd == -1) {
urand_fd = open( "/dev/urandom", O_RDONLY,0);
+ if (urand_fd != -1) {
+ set_close_on_exec(urand_fd);
+ }
}
if(urand_fd != -1 && (read(urand_fd, out, len) == len))
{
return;
@@ -269,6 +275,9 @@ _PUBLIC_ void generate_secret_buffer(uint8_t *out, int len)
{
if (urand_fd == -1) {
urand_fd = open( "/dev/urandom", O_RDONLY,0);
+ if (urand_fd != -1) {
+ set_close_on_exec(urand_fd);
+ }
}
if(urand_fd != -1 && (read(urand_fd, out, len) == len)) {
return;
diff --git a/lib/util/samba_util.h b/lib/util/samba_util.h
index 9a76fa9..3b5169d 100644
--- a/lib/util/samba_util.h
+++ b/lib/util/samba_util.h
@@ -668,6 +668,11 @@ _PUBLIC_ bool directory_create_or_exist(const char *dname,
uid_t uid,
_PUBLIC_ int set_blocking(int fd, bool set);
/**
+ set close on exec on a file descriptor if available
+ **/
+_PUBLIC_ bool set_close_on_exec(int fd);
+
+/**
Sleep for a specified number of milliseconds.
**/
_PUBLIC_ void smb_msleep(unsigned int t);
diff --git a/source4/lib/socket/socket_ip.c b/source4/lib/socket/socket_ip.c
index cab51be..d2d5779 100644
--- a/source4/lib/socket/socket_ip.c
+++ b/source4/lib/socket/socket_ip.c
@@ -50,6 +50,8 @@ static NTSTATUS ipv4_init(struct socket_context *sock)
return map_nt_error_from_unix_common(errno);
}
+ set_close_on_exec(sock->fd);
+
sock->backend_name = "ipv4";
sock->family = AF_INET;
@@ -610,6 +612,8 @@ static NTSTATUS ipv6_init(struct socket_context *sock)
return map_nt_error_from_unix_common(errno);
}
+ set_close_on_exec(sock->fd);
+
sock->backend_name = "ipv6";
sock->family = AF_INET6;
diff --git a/source4/lib/socket/socket_unix.c b/source4/lib/socket/socket_unix.c
index d492f01..ab9b06d 100644
--- a/source4/lib/socket/socket_unix.c
+++ b/source4/lib/socket/socket_unix.c
@@ -59,6 +59,8 @@ static NTSTATUS unixdom_init(struct socket_context *sock)
sock->backend_name = "unix";
+ set_close_on_exec(sock->fd);
+
return NT_STATUS_OK;
}
@@ -198,6 +200,8 @@ static NTSTATUS unixdom_accept(struct socket_context *sock,
}
}
+ set_close_on_exec(new_fd);
+
(*new_sock) = talloc(NULL, struct socket_context);
if (!(*new_sock)) {
close(new_fd);
diff --git a/source4/smbd/pidfile.c b/source4/smbd/pidfile.c
index 71a203b..85a6322 100644
--- a/source4/smbd/pidfile.c
+++ b/source4/smbd/pidfile.c
@@ -107,6 +107,8 @@ void pidfile_create(const char *piddir, const char *name)
exit(1);
}
+ set_close_on_exec(fd);
+
if (fcntl_lock(fd,F_SETLK,0,1,F_WRLCK)==false) {
DEBUG(0,("ERROR: %s : fcntl lock of file %s failed. Error was
%s\n",
name, pidFile, strerror(errno)));
--
Samba Shared Repository
