The branch, v4-2-stable has been updated
via 0a7b693 VERSION: Disable git snapshots for the 4.2.6 release.
via a6f9a79 WHATSNEW: Add release notes for Samba 4.2.6.
via 785158f docs: Fix some typos in the idmap backend section.
via b83e261 doc: fix a typo in the smb.conf manpage, explanation of
idmap config
via fdac7f1 s3: smbd: have_file_open_below() fails to enumerate open
files below an open directory handle.
via 6f47535 wafsamba: Also build libraries with RELRO protection
via 6033569 fix writev(vector[...]) points to uninitialised bytes in
call_trans2findfirst
via 1eb6f36 fix 'Invalid read of size 1' in reply_search
via 9e8475e fix writev(vector[...]) points to uninitialised bytes in
call_trans2findnext
via 579c13de fix uninitialised read in process_host_announce
via 6a7f87b remove many valgrind errors for base.lock test
via 7cbca2f nss_wins: Use lp_global_no_reinit()
via 92cc4e0 s3: winbind: Prevent null ptr access by returning error if
no creds available
via d9afa70 s3: rpcclient: Prevent null ptr access by returning error
if no creds available
via 01ca2cf s3: smbd: If EA's are turned off on a share don't allow an
SMB2 create containing them.
via c63638e vfs_gpfs: Re-enable share modes
via 95232e6 Changing log level of two entries to from 1 to 3
via 2aded40 lib: util: Make non-critical message a warning.
via 6f95e55 manpage: corrected small typo error
via 1998b07 ctdb: strip trailing spaces from nodes file.
via f0238b7 ctdb: open the RO tracking db with perms 0600 instead of
0000
via 1bbb6bf selftest: Avoid system krb5.conf in "none" test env
via fbf5c79 selftest: Avoid system krb5.conf in some test envs that
don't use kerberos
via 0d3fd03 selftest: Avoid system krb5.conf in testenv provisioning
via 52e3615 auth: gensec: Parameters out_mem_ctx and ev are passed in
the wrong order to gensec_spnego_server_try_fallback().
via fc280ca async_req: fix non-blocking connect()
via c016c1a selftest: add a test for async_connect_send()
via a915f8f s3-torture: Remove (incorrect) samba3-specific behavior in
samba3.raw.unlink now the server is correct
via 7c535ad s3-torture: Add WILDDELETE test to smbtorture3 to test old
wildcard delete with zero attribute
via 84f6010 s3-smbd: Fix old DOS client doing wildcard delete - gives a
attribute type of zero
via d098372 smbd: Send SMB2 oplock breaks unencrypted
via 929166e VERSION: Bump version up to 4.2.6...
from 851ea18 VERSION: Disable git snapshots for the 4.2.5 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 91 +++++++++++++++-
auth/gensec/spnego.c | 2 +-
buildtools/wafsamba/wafsamba.py | 2 +
ctdb/server/ctdb_ltdb_server.c | 2 +-
ctdb/server/ctdb_server.c | 15 ++-
ctdb/tools/ctdb.c | 15 ++-
docs-xml/smbdotconf/security/aclgroupcontrol.xml | 2 +-
docs-xml/smbdotconf/winbind/idmapconfig.xml | 15 +--
lib/async_req/async_connect_send_test.c | 130 +++++++++++++++++++++++
lib/async_req/async_sock.c | 56 +++++-----
lib/async_req/wscript_build | 4 +
lib/util/util.c | 2 +-
nsswitch/wins.c | 2 +-
selftest/selftest.pl | 5 +-
selftest/target/Samba3.pm | 14 +++
selftest/target/Samba4.pm | 18 +++-
source3/auth/auth_generic.c | 2 +-
source3/auth/user_krb5.c | 2 +-
source3/locking/brlock.c | 2 +
source3/modules/vfs_gpfs.c | 3 +-
source3/nmbd/nmbd_incomingdgrams.c | 2 +
source3/rpcclient/cmd_netlogon.c | 5 +
source3/script/tests/test_async_req.sh | 11 ++
source3/selftest/tests.py | 5 +-
source3/smbd/dir.c | 13 ++-
source3/smbd/reply.c | 12 ++-
source3/smbd/smb2_create.c | 6 ++
source3/smbd/smb2_server.c | 2 +-
source3/smbd/trans2.c | 11 +-
source3/torture/torture.c | 67 ++++++++++++
source3/winbindd/winbindd_pam.c | 7 +-
source4/torture/raw/unlink.c | 7 +-
33 files changed, 457 insertions(+), 77 deletions(-)
create mode 100644 lib/async_req/async_connect_send_test.c
create mode 100644 source3/script/tests/test_async_req.sh
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 967a8fa..3d49de5 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=2
-SAMBA_VERSION_RELEASE=5
+SAMBA_VERSION_RELEASE=6
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 8e65255..a13c837 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,91 @@
=============================
+ Release Notes for Samba 4.2.6
+ December 08, 2015
+ =============================
+
+
+This is the latest stable release of Samba 4.2.
+
+
+Changes since 4.2.5:
+--------------------
+
+o Michael Adam <[email protected]>
+ * BUG 11365: ctdb: Strip trailing spaces from nodes file.
+ * BUG 11577: ctdb: Open the RO tracking db with perms 0600 instead of 0000.
+ * BUG 11619: doc: Fix a typo in the smb.conf manpage.
+
+
+o Jeremy Allison <[email protected]>
+ * BUG 11452: s3-smbd: Fix old DOS client doing wildcard delete - gives a
+ attribute type of zero.
+ * BUG 11565: auth: gensec: Fix a memory leak.
+ * BUG 11566: lib: util: Make non-critical message a warning.
+ * BUG 11589: s3: smbd: If EA's are turned off on a share don't allow an
SMB2
+ create containing them.
+ * BUG 11615: s3: smbd: have_file_open_below() fails to enumerate open files
+ below an open directory handle.
+
+
+o Ralph Boehme <[email protected]>
+ * BUG 11564: async_req: Fix non-blocking connect().
+
+
+o Volker Lendecke <[email protected]>
+ * BUG 11243: vfs_gpfs: Re-enable share modes.
+ * BUG 11570: smbd: Send SMB2 oplock breaks unencrypted.
+
+
+o YvanM <[email protected]>
+ * BUG 11584: manpage: Correct small typo error.
+
+
+o Marc Muehlfeld <[email protected]>
+ * BUG 9912: Changing log level of two entries to from 1 to 3.
+
+
+o Andreas Schneider <[email protected]>
+ * BUG 11346: wafsamba: Also build libraries with RELRO protection.
+ * BUG 11563: nss_wins: Do not run into use after free issues when we access
+ memory allocated on the globals and the global being reinitialized.
+
+
+o Karolin Seeger <[email protected]>
+ * BUG 11619: docs: Fix some typos in the idmap config section of man 5
+ smb.conf.
+
+
+o Noel Power <[email protected]>
+ * BUG 11569: Fix winbindd crashes with samlogon for trusted domain user.
+ * BUG 11597: Backport some valgrind fixes from upstream master.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.2 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+======================================================================
+
+ =============================
Release Notes for Samba 4.2.5
October 27, 2015
=============================
@@ -84,10 +171,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
-======================================================================
=============================
Release Notes for Samba 4.2.4
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 20cacdb..8fd11e9 100644
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -791,7 +791,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security
*gensec_security, TA
len = spnego_read_data(gensec_security, in, &spnego);
if (len == -1) {
return
gensec_spnego_server_try_fallback(gensec_security, spnego_state,
-
out_mem_ctx, ev, in, out);
+ ev,
out_mem_ctx, in, out);
}
/* client sent NegTargetInit, we send NegTokenTarg */
diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py
index 188e535..39d9605 100644
--- a/buildtools/wafsamba/wafsamba.py
+++ b/buildtools/wafsamba/wafsamba.py
@@ -239,6 +239,8 @@ def SAMBA_LIBRARY(bld, libname, source,
bundled_extension, private_library)
ldflags = TO_LIST(ldflags)
+ if bld.env['ENABLE_RELRO'] is True:
+ ldflags.extend(TO_LIST('-Wl,-z,relro,-z,now'))
features = 'cc cshlib symlink_lib install_lib'
if pyext:
diff --git a/ctdb/server/ctdb_ltdb_server.c b/ctdb/server/ctdb_ltdb_server.c
index 174a460..d6a36a5 100644
--- a/ctdb/server/ctdb_ltdb_server.c
+++ b/ctdb/server/ctdb_ltdb_server.c
@@ -723,7 +723,7 @@ int ctdb_set_db_readonly(struct ctdb_context *ctdb, struct
ctdb_db_context *ctdb
ctdb_db->rottdb = tdb_open(ropath,
ctdb->tunable.database_hash_size,
TDB_NOLOCK|TDB_CLEAR_IF_FIRST|TDB_NOSYNC,
- O_CREAT|O_RDWR, 0);
+ O_CREAT|O_RDWR, 0600);
if (ctdb_db->rottdb == NULL) {
DEBUG(DEBUG_CRIT,("Failed to open/create the tracking database
'%s'\n", ropath));
talloc_free(ropath);
diff --git a/ctdb/server/ctdb_server.c b/ctdb/server/ctdb_server.c
index 1e3fde4..b87f5ab 100644
--- a/ctdb/server/ctdb_server.c
+++ b/ctdb/server/ctdb_server.c
@@ -183,6 +183,7 @@ static int ctdb_set_nlist(struct ctdb_context *ctdb, const
char *nlist)
num_present = 0;
for (i=0; i < nlines; i++) {
char *node;
+ size_t len;
node = lines[i];
/* strip leading spaces */
@@ -196,7 +197,19 @@ static int ctdb_set_nlist(struct ctdb_context *ctdb, const
char *nlist)
}
continue;
}
- if (strcmp(node, "") == 0) {
+
+ /* strip trailing spaces */
+
+ len = strlen(node);
+
+ while ((len > 1) &&
+ ((node[len-1] == ' ') || (node[len-1] == '\t')))
+ {
+ node[len-1] = '\0';
+ len--;
+ }
+
+ if (len == 0) {
continue;
}
if (ctdb_add_node(ctdb, node) != 0) {
diff --git a/ctdb/tools/ctdb.c b/ctdb/tools/ctdb.c
index 6911dff..c4490ac 100644
--- a/ctdb/tools/ctdb.c
+++ b/ctdb/tools/ctdb.c
@@ -870,6 +870,7 @@ static struct pnn_node *read_pnn_node_file(TALLOC_CTX
*mem_ctx,
}
for (i=0, pnn=0; i<nlines; i++) {
char *node;
+ size_t len;
node = lines[i];
/* strip leading spaces */
@@ -880,7 +881,19 @@ static struct pnn_node *read_pnn_node_file(TALLOC_CTX
*mem_ctx,
pnn++;
continue;
}
- if (strcmp(node, "") == 0) {
+
+ /* strip trailing spaces */
+
+ len = strlen(node);
+
+ while ((len > 1) &&
+ ((node[len-1] == ' ') || (node[len-1] == '\t')))
+ {
+ node[len-1] = '\0';
+ len--;
+ }
+
+ if (len == 0) {
continue;
}
pnn_node = talloc(mem_ctx, struct pnn_node);
diff --git a/docs-xml/smbdotconf/security/aclgroupcontrol.xml
b/docs-xml/smbdotconf/security/aclgroupcontrol.xml
index 279a57b..fbc4c7d 100644
--- a/docs-xml/smbdotconf/security/aclgroupcontrol.xml
+++ b/docs-xml/smbdotconf/security/aclgroupcontrol.xml
@@ -30,7 +30,7 @@
</para>
<para>
- This is parameter has been was deprecated in Samba 3.0.23, but
re-activated in
+ This parameter was deprecated in Samba 3.0.23, but re-activated in
Samba 3.0.31 and above, as it now only controls permission changes if
the user
is in the owning primary group. It is now no longer equivalent to the
<parameter moreinfo="none">dos filemode</parameter> option.
diff --git a/docs-xml/smbdotconf/winbind/idmapconfig.xml
b/docs-xml/smbdotconf/winbind/idmapconfig.xml
index 30925a2..f27de11 100644
--- a/docs-xml/smbdotconf/winbind/idmapconfig.xml
+++ b/docs-xml/smbdotconf/winbind/idmapconfig.xml
@@ -39,21 +39,16 @@
(<citerefentry><refentrytitle>idmap_tdb2</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>),
ldap
(<citerefentry><refentrytitle>idmap_ldap</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>),
- ,
rid
(<citerefentry><refentrytitle>idmap_rid</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>),
- ,
hash
(<citerefentry><refentrytitle>idmap_hash</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>),
- ,
autorid
(<citerefentry><refentrytitle>idmap_autorid</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>),
- ,
ad
- (<citerefentry><refentrytitle>idmap_ad</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>),
- ,
- and nss.
- (<citerefentry><refentrytitle>idmap_nss</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>),
+ (<citerefentry><refentrytitle>idmap_ad</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>)
+ and nss
+ (<citerefentry><refentrytitle>idmap_nss</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>).
The corresponding manual pages contain the details, but
here is a summary.
</para>
@@ -66,9 +61,9 @@
mixture of the tdb and rid backend. It creates ranges for
each domain encountered and then uses the rid algorithm for each
of these automatically configured domains individually.
- The ad backend usees unix IDs stored in Active Directory via
+ The ad backend uses unix ids stored in Active Directory via
the standard schema extensions. The nss backend reverses
- the standard winbindd setup and gets the unixids via names
+ the standard winbindd setup and gets the unix ids via names
from nsswitch which can be useful in an ldap setup.
</para></listitem>
</varlistentry>
diff --git a/lib/async_req/async_connect_send_test.c
b/lib/async_req/async_connect_send_test.c
new file mode 100644
index 0000000..34ea6b7
--- /dev/null
+++ b/lib/async_req/async_connect_send_test.c
@@ -0,0 +1,130 @@
+/*
+ * Test async connect
+ * Copyright (C) Ralph Boehme 2015
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "replace.h"
+#include "lib/tevent/tevent.h"
+#include "lib/async_req/async_sock.h"
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+
+int main(int argc, const char *argv[])
+{
+ int result, listen_sock, status, exit_status;
+ uint16_t port;
+ struct sockaddr_in addr = { 0 };
+ pid_t pid;
+
+ listen_sock = socket(PF_INET, SOCK_STREAM, 0);
+ if (listen_sock == -1) {
+ perror("socket() failed");
+ exit(1);
+ }
+
+ addr.sin_family = AF_INET;
+ addr.sin_addr.s_addr = inet_addr("127.0.0.1");
+
+ for (port = 1024; port < UINT16_MAX; port++) {
+ addr.sin_port = htons(port);
+ result = bind(listen_sock, (struct sockaddr *)&addr,
sizeof(addr));
+ if (result == 0) {
+ break;
+ }
+ }
+
+ if (port == UINT16_MAX) {
+ printf("Huh, no free port?\n");
+ return 1;
+ }
+
+ result = listen(listen_sock, 1);
+ if (result == -1) {
+ perror("listen() failed");
+ close(listen_sock);
+ return 1;
+ }
+
+ pid = fork();
+ if (pid == -1) {
+ perror("fork");
+ return 1;
+ }
+
+ if (pid == 0) {
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ int fd;
+
+ ev = tevent_context_init(NULL);
+ if (ev == NULL) {
+ fprintf(stderr, "tevent_context_init failed\n");
+ return 1;
+ }
+
+ fd = socket(PF_INET, SOCK_STREAM, 0);
+ if (fd == -1) {
+ perror("socket");
+ return 1;
+ }
+
+ memset(&addr, 0, sizeof(addr));
+ addr.sin_family = AF_INET;
+ addr.sin_port = htons(port);
+ addr.sin_addr.s_addr = inet_addr("127.0.0.1");
+
+ req = async_connect_send(ev, ev, fd,
+ (struct sockaddr *)&addr,
+ sizeof(struct sockaddr_in),
+ NULL, NULL, NULL);
+
+ if (!tevent_req_poll(req, ev)) {
+ perror("tevent_req_poll() failed");
+ return 1;
+ }
+
+ status = 0;
+ result = async_connect_recv(req, &status);
+ if (result != 0) {
+ return status;
+ }
+ return 0;
+ }
+
+ result = waitpid(pid, &status, 0);
+ if (result == -1) {
+ perror("waitpid");
+ return 1;
+ }
+
+ if (!WIFEXITED(status)) {
+ printf("child status: %d\n", status);
+ return 2;
+ }
+
+ exit_status = WEXITSTATUS(status);
+ printf("test done: status=%d\n", exit_status);
+
+ if (exit_status != 0) {
+ return exit_status;
+ }
+
+ return 0;
+}
diff --git a/lib/async_req/async_sock.c b/lib/async_req/async_sock.c
index 2f3225d..9c58f98 100644
--- a/lib/async_req/async_sock.c
+++ b/lib/async_req/async_sock.c
@@ -121,24 +121,17 @@ struct tevent_req *async_connect_send(
return tevent_req_post(req, ev);
}
- /**
- * A number of error messages show that something good is progressing
- * and that we have to wait for readability.
- *
- * If none of them are present, bail out.
+ /*
+ * The only errno indicating that the connect is still in
+ * flight is EINPROGRESS, everything else is an error
*/
- if (!(errno == EINPROGRESS || errno == EALREADY ||
-#ifdef EISCONN
- errno == EISCONN ||
-#endif
- errno == EAGAIN || errno == EINTR)) {
+ if (errno != EINPROGRESS) {
tevent_req_error(req, errno);
return tevent_req_post(req, ev);
}
- state->fde = tevent_add_fd(ev, state, fd,
- TEVENT_FD_READ | TEVENT_FD_WRITE,
+ state->fde = tevent_add_fd(ev, state, fd, TEVENT_FD_WRITE,
async_connect_connected, req);
if (state->fde == NULL) {
tevent_req_error(req, ENOMEM);
@@ -177,27 +170,32 @@ static void async_connect_connected(struct tevent_context
*ev,
struct async_connect_state *state =
tevent_req_data(req, struct async_connect_state);
int ret;
-
- if (state->before_connect != NULL) {
- state->before_connect(state->private_data);
- }
-
- ret = connect(state->fd, (struct sockaddr *)(void *)&state->address,
- state->address_len);
-
- if (state->after_connect != NULL) {
- state->after_connect(state->private_data);
- }
-
- if (ret == 0) {
- tevent_req_done(req);
+ int socket_error = 0;
+ socklen_t slen = sizeof(socket_error);
+
+ ret = getsockopt(state->fd, SOL_SOCKET, SO_ERROR,
+ &socket_error, &slen);
+
+ if (ret != 0) {
+ /*
+ * According to Stevens this is the Solaris behaviour
+ * in case the connection encountered an error:
+ * getsockopt() fails, error is in errno
+ */
+ tevent_req_error(req, errno);
return;
}
- if (errno == EINPROGRESS) {
- /* Try again later, leave the fde around */
+
+ if (socket_error != 0) {
+ /*
+ * Berkeley derived implementations (including) Linux
+ * return the pending error via socket_error.
+ */
+ tevent_req_error(req, socket_error);
return;
}
- tevent_req_error(req, errno);
+
+ tevent_req_done(req);
return;
}
--
Samba Shared Repository
