The branch, master has been updated
via 3a7c277 s3-lib: Use new strict directory create function in
create_pipe_sock().
via 1aa0503 Use the new directory_create_or_exist_strict() function.
via 6039388 util: Add a strict directory_create_or_exist function.
via 5d721de s3:smb2_negprot: set the 'remote_proto' value
via 4d1fd0b samba_dnsupdate: set KRB5_CONFIG for nsupdate command
via 8d9a77f s4:lib/messaging: terminate the irpc_servers_byname()
result with server_id_set_disconnected() (bug #9540)
from 2cc6f9c libnet-vampire: reports Exops as they rather than sync on
some partitions
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3a7c2777ee0de37d758fe81d67d6836a8354825e
Author: Andreas Schneider <[email protected]>
Date: Wed Jan 9 09:02:54 2013 +0100
s3-lib: Use new strict directory create function in create_pipe_sock().
Reviewed-by: Andrew Bartlett <[email protected]>
Autobuild-User(master): Andrew Bartlett <[email protected]>
Autobuild-Date(master): Wed Jan 9 10:55:23 CET 2013 on sn-devel-104
commit 1aa0503401d41fec48d4d4e30d8bbcbd847ff807
Author: Andreas Schneider <[email protected]>
Date: Tue Jan 8 14:21:23 2013 +0100
Use the new directory_create_or_exist_strict() function.
Reviewed-by: Andrew Bartlett <[email protected]>
commit 6039388fc1f3671bb60db06211814f7edfc62285
Author: Andreas Schneider <[email protected]>
Date: Tue Jan 8 14:21:00 2013 +0100
util: Add a strict directory_create_or_exist function.
Reviewed-by: Andrew Bartlett <[email protected]>
commit 5d721de7fdc250c6cb423c553134dd687590c1a0
Author: Stefan Metzmacher <[email protected]>
Date: Thu Dec 13 10:44:07 2012 +0100
s3:smb2_negprot: set the 'remote_proto' value
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 4d1fd0b7daa089bd8863f0efcaf258bf30192c29
Author: Björn Baumbach <[email protected]>
Date: Thu Dec 20 15:57:43 2012 +0100
samba_dnsupdate: set KRB5_CONFIG for nsupdate command
Let nslookup use krb5.conf, which is set in our KRB5_CONFIG.
Signed-off-by: Björn Baumbach <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 8d9a77f8646cd26371dc2ec1d3ed52730ac19eb9
Author: Stefan Metzmacher <[email protected]>
Date: Fri Jan 4 13:27:26 2013 +0100
s4:lib/messaging: terminate the irpc_servers_byname() result with
server_id_set_disconnected() (bug #9540)
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
lib/util/samba_util.h | 4 ++
lib/util/util.c | 49 +++++++++++++++++++++++++++++---
source3/lib/util_sock.c | 50 ++++-----------------------------
source3/rpc_server/rpc_server.c | 2 +-
source3/smbd/server.c | 2 +-
source3/smbd/smb2_negprot.c | 8 +++++
source4/lib/messaging/messaging.c | 6 ++--
source4/lib/messaging/pymessaging.c | 4 +-
source4/ntp_signd/ntp_signd.c | 2 +-
source4/scripting/bin/samba_dnsupdate | 9 +++--
source4/smbd/service_named_pipe.c | 2 +-
source4/winbind/wb_server.c | 9 ++++-
12 files changed, 83 insertions(+), 64 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/util/samba_util.h b/lib/util/samba_util.h
index e553ec1..27c2e6e 100644
--- a/lib/util/samba_util.h
+++ b/lib/util/samba_util.h
@@ -631,6 +631,10 @@ _PUBLIC_ bool directory_exist(const char *dname);
_PUBLIC_ bool directory_create_or_exist(const char *dname, uid_t uid,
mode_t dir_perms);
+_PUBLIC_ bool directory_create_or_exist_strict(const char *dname,
+ uid_t uid,
+ mode_t dir_perms);
+
/**
Set a fd into blocking/nonblocking mode. Uses POSIX O_NONBLOCK if available,
else
diff --git a/lib/util/util.c b/lib/util/util.c
index b50d28a..d49e20e 100644
--- a/lib/util/util.c
+++ b/lib/util/util.c
@@ -143,12 +143,13 @@ _PUBLIC_ bool directory_exist(const char *dname)
* @retval true if the directory already existed and has the right permissions
* or was successfully created.
*/
-_PUBLIC_ bool directory_create_or_exist(const char *dname, uid_t uid,
- mode_t dir_perms)
+_PUBLIC_ bool directory_create_or_exist(const char *dname,
+ uid_t uid,
+ mode_t dir_perms)
{
int ret;
- struct stat st;
-
+ struct stat st;
+
ret = lstat(dname, &st);
if (ret == -1) {
mode_t old_umask;
@@ -179,6 +180,44 @@ _PUBLIC_ bool directory_create_or_exist(const char *dname,
uid_t uid,
}
}
+ return true;
+}
+
+/**
+ * @brief Try to create a specified directory if it doesn't exist.
+ *
+ * The function creates a directory with the given uid and permissions if it
+ * doesn't exixt. If it exists it makes sure the uid and permissions are
+ * correct and it will fail if they are different.
+ *
+ * @param[in] dname The directory to create.
+ *
+ * @param[in] uid The uid the directory needs to belong too.
+ *
+ * @param[in] dir_perms The expected permissions of the directory.
+ *
+ * @return True on success, false on error.
+ */
+_PUBLIC_ bool directory_create_or_exist_strict(const char *dname,
+ uid_t uid,
+ mode_t dir_perms)
+{
+ struct stat st;
+ bool ok;
+ int rc;
+
+ ok = directory_create_or_exist(dname, uid, dir_perms);
+ if (!ok) {
+ return false;
+ }
+
+ rc = lstat(dname, &st);
+ if (rc == -1) {
+ DEBUG(0, ("lstat failed on created directory %s: %s\n",
+ dname, strerror(errno)));
+ return false;
+ }
+
/* Check ownership and permission on existing directory */
if (!S_ISDIR(st.st_mode)) {
DEBUG(0, ("directory %s isn't a directory\n",
@@ -198,7 +237,7 @@ _PUBLIC_ bool directory_create_or_exist(const char *dname,
uid_t uid,
}
return true;
-}
+}
/**
diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c
index 2063a58..e45efea 100644
--- a/source3/lib/util_sock.c
+++ b/source3/lib/util_sock.c
@@ -1236,53 +1236,18 @@ int create_pipe_sock(const char *socket_dir,
{
#ifdef HAVE_UNIXSOCKET
struct sockaddr_un sunaddr;
- struct stat st;
+ bool ok;
int sock;
- mode_t old_umask;
char *path = NULL;
- old_umask = umask(0);
-
- /* Create the socket directory or reuse the existing one */
-
- if (lstat(socket_dir, &st) == -1) {
- if (errno == ENOENT) {
- /* Create directory */
- if (mkdir(socket_dir, dir_perms) == -1) {
- DEBUG(0, ("error creating socket directory "
- "%s: %s\n", socket_dir,
- strerror(errno)));
- goto out_umask;
- }
- } else {
- DEBUG(0, ("lstat failed on socket directory %s: %s\n",
- socket_dir, strerror(errno)));
- goto out_umask;
- }
- } else {
- /* Check ownership and permission on existing directory */
- if (!S_ISDIR(st.st_mode)) {
- DEBUG(0, ("socket directory '%s' isn't a directory\n",
- socket_dir));
- goto out_umask;
- }
- if (st.st_uid != sec_initial_uid()) {
- DEBUG(0, ("invalid ownership on directory "
- "'%s'\n", socket_dir));
- umask(old_umask);
- goto out_umask;
- }
- if ((st.st_mode & 0777) != dir_perms) {
- DEBUG(0, ("invalid permissions on directory "
- "'%s': has 0%o should be 0%o\n", socket_dir,
- (st.st_mode & 0777), dir_perms));
- umask(old_umask);
- goto out_umask;
- }
+ ok = directory_create_or_exist_strict(socket_dir,
+ sec_initial_uid(),
+ dir_perms);
+ if (!ok) {
+ return -1;
}
/* Create the socket file */
-
sock = socket(AF_UNIX, SOCK_STREAM, 0);
if (sock == -1) {
@@ -1308,7 +1273,6 @@ int create_pipe_sock(const char *socket_dir,
SAFE_FREE(path);
- umask(old_umask);
return sock;
out_close:
@@ -1316,8 +1280,6 @@ out_close:
if (sock != -1)
close(sock);
-out_umask:
- umask(old_umask);
return -1;
#else
diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c
index 689e923..de54ddc 100644
--- a/source3/rpc_server/rpc_server.c
+++ b/source3/rpc_server/rpc_server.c
@@ -133,7 +133,7 @@ int create_named_pipe_socket(const char *pipe_name)
goto out;
}
- if (!directory_create_or_exist(np_dir, geteuid(), 0700)) {
+ if (!directory_create_or_exist_strict(np_dir, geteuid(), 0700)) {
DEBUG(0, ("Failed to create pipe directory %s - %s\n",
np_dir, strerror(errno)));
goto out;
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 1cd9288..00472db 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -1468,7 +1468,7 @@ extern void build_options(bool screen);
return -1;
}
- if (!directory_create_or_exist(np_dir, geteuid(), 0700)) {
+ if (!directory_create_or_exist_strict(np_dir, geteuid(), 0700)) {
DEBUG(0, ("Failed to create pipe directory %s - %s\n",
np_dir, strerror(errno)));
return -1;
diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index 6adc581..963a557 100644
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -25,6 +25,8 @@
#include "../lib/tsocket/tsocket.h"
#include "../librpc/ndr/libndr.h"
+extern fstring remote_proto;
+
/*
* this is the entry point if SMB2 is selected via
* the SMB negprot and the given dialect.
@@ -234,6 +236,12 @@ NTSTATUS smbd_smb2_request_process_negprot(struct
smbd_smb2_request *req)
set_remote_arch(RA_VISTA);
}
+ fstr_sprintf(remote_proto, "SMB%X_%02X",
+ (dialect >> 8) & 0xFF, dialect & 0xFF);
+
+ reload_services(req->sconn, conn_snum_used, true);
+ DEBUG(3,("Selected protocol %s\n", remote_proto));
+
/* negprot_spnego() returns a the server guid in the first 16 bytes */
negprot_spnego_blob = negprot_spnego(req, req->sconn);
if (negprot_spnego_blob.data == NULL) {
diff --git a/source4/lib/messaging/messaging.c
b/source4/lib/messaging/messaging.c
index 2df6f41..c37c91e 100644
--- a/source4/lib/messaging/messaging.c
+++ b/source4/lib/messaging/messaging.c
@@ -604,7 +604,7 @@ struct imessaging_context *imessaging_init(TALLOC_CTX
*mem_ctx,
msg->base_path = lpcfg_imessaging_path(msg, lp_ctx);
- ok = directory_create_or_exist(msg->base_path, geteuid(), 0700);
+ ok = directory_create_or_exist_strict(msg->base_path, geteuid(), 0700);
if (!ok) {
talloc_free(msg);
return NULL;
@@ -982,7 +982,7 @@ struct server_id *irpc_servers_byname(struct
imessaging_context *msg_ctx,
for (i=0;i<count;i++) {
ret[i] = ((struct server_id *)rec.dptr)[i];
}
- ret[i] = cluster_id(0, 0);
+ server_id_set_disconnected(&ret[i]);
free(rec.dptr);
tdb_unlock_bystring(t->tdb, name);
talloc_free(t);
@@ -1419,7 +1419,7 @@ struct dcerpc_binding_handle
*irpc_binding_handle_by_name(TALLOC_CTX *mem_ctx,
errno = EADDRNOTAVAIL;
return NULL;
}
- if (sids[0].pid == 0) {
+ if (server_id_is_disconnected(&sids[0])) {
talloc_free(sids);
errno = EADDRNOTAVAIL;
return NULL;
diff --git a/source4/lib/messaging/pymessaging.c
b/source4/lib/messaging/pymessaging.c
index fca46e6..cb79d72 100644
--- a/source4/lib/messaging/pymessaging.c
+++ b/source4/lib/messaging/pymessaging.c
@@ -247,7 +247,7 @@ static PyObject *py_irpc_servers_byname(PyObject *self,
PyObject *args, PyObject
return NULL;
}
- for (i = 0; ids[i].pid != 0; i++) {
+ for (i = 0; !server_id_is_disconnected(&ids[i]); i++) {
/* Do nothing */
}
@@ -257,7 +257,7 @@ static PyObject *py_irpc_servers_byname(PyObject *self,
PyObject *args, PyObject
PyErr_NoMemory();
return NULL;
}
- for (i = 0; ids[i].pid; i++) {
+ for (i = 0; !server_id_is_disconnected(&ids[i]); i++) {
PyObject *py_server_id;
struct server_id *p_server_id = talloc(NULL, struct server_id);
if (!p_server_id) {
diff --git a/source4/ntp_signd/ntp_signd.c b/source4/ntp_signd/ntp_signd.c
index 0c3899f..d1d8483 100644
--- a/source4/ntp_signd/ntp_signd.c
+++ b/source4/ntp_signd/ntp_signd.c
@@ -498,7 +498,7 @@ static void ntp_signd_task_init(struct task_server *task)
const char *address;
- if
(!directory_create_or_exist(lpcfg_ntp_signd_socket_directory(task->lp_ctx),
geteuid(), 0750)) {
+ if
(!directory_create_or_exist_strict(lpcfg_ntp_signd_socket_directory(task->lp_ctx),
geteuid(), 0750)) {
char *error = talloc_asprintf(task, "Cannot create NTP signd
pipe directory: %s",
lpcfg_ntp_signd_socket_directory(task->lp_ctx));
task_server_terminate(task,
diff --git a/source4/scripting/bin/samba_dnsupdate
b/source4/scripting/bin/samba_dnsupdate
index a700118..a5cece1 100755
--- a/source4/scripting/bin/samba_dnsupdate
+++ b/source4/scripting/bin/samba_dnsupdate
@@ -278,7 +278,7 @@ def get_subst_vars(samdb):
def call_nsupdate(d):
"""call nsupdate for an entry."""
- global ccachename, nsupdate_cmd
+ global ccachename, nsupdate_cmd, krb5conf
if opts.verbose:
print "Calling nsupdate for %s" % d
@@ -333,10 +333,11 @@ def call_nsupdate(d):
try:
cmd = nsupdate_cmd[:]
cmd.append(tmpfile)
+ env = {}
+ if krb5conf:
+ env["KRB5_CONFIG"] = krb5conf
if ccachename:
- env = {"KRB5CCNAME": ccachename}
- else:
- env = {}
+ env["KRB5CCNAME"] = ccachename
ret = subprocess.call(cmd, shell=False, env=env)
if ret != 0:
if opts.fail_immediately:
diff --git a/source4/smbd/service_named_pipe.c
b/source4/smbd/service_named_pipe.c
index b000083..6aa984d 100644
--- a/source4/smbd/service_named_pipe.c
+++ b/source4/smbd/service_named_pipe.c
@@ -212,7 +212,7 @@ NTSTATUS tstream_setup_named_pipe(TALLOC_CTX *mem_ctx,
goto fail;
}
- if (!directory_create_or_exist(dirname, geteuid(), 0700)) {
+ if (!directory_create_or_exist_strict(dirname, geteuid(), 0700)) {
status = map_nt_error_from_unix_common(errno);
DEBUG(0,(__location__ ": Failed to create stream pipe directory
'%s' - %s\n",
dirname, nt_errstr(status)));
diff --git a/source4/winbind/wb_server.c b/source4/winbind/wb_server.c
index a904470..f036749 100644
--- a/source4/winbind/wb_server.c
+++ b/source4/winbind/wb_server.c
@@ -199,6 +199,7 @@ static void winbind_task_init(struct task_server *task)
struct wbsrv_listen_socket *listen_socket;
char *errstring;
struct dom_sid *primary_sid;
+ bool ok;
task_server_set_title(task, "task[winbind]");
@@ -213,14 +214,18 @@ static void winbind_task_init(struct task_server *task)
}
/* Make sure the directory for the Samba3 socket exists, and is of the
correct permissions */
- if
(!directory_create_or_exist(lpcfg_winbindd_socket_directory(task->lp_ctx),
geteuid(), 0755)) {
+ ok =
directory_create_or_exist_strict(lpcfg_winbindd_socket_directory(task->lp_ctx),
+ geteuid(), 0755);
+ if (!ok) {
task_server_terminate(task,
"Cannot create winbindd pipe directory",
true);
return;
}
/* Make sure the directory for the Samba3 socket exists, and is of the
correct permissions */
- if
(!directory_create_or_exist(lpcfg_winbindd_privileged_socket_directory(task->lp_ctx),
geteuid(), 0750)) {
+ ok =
directory_create_or_exist_strict(lpcfg_winbindd_privileged_socket_directory(task->lp_ctx),
+ geteuid(), 0750);
+ if (!ok) {
task_server_terminate(task,
"Cannot create winbindd privileged pipe
directory", true);
return;
--
Samba Shared Repository
