The branch, v4-5-stable has been updated
via 2cb8fc1 VERSION: Disable GIT_SNAPSHOTS for the 4.5.9 release.
via 1d36d51 WHATSNEW: Add release notes for Samba 4.5.9.
via fce999c idmap_rfc2307: Test unix-ids-to-sids with 35 groups
via 90a28a9 selftest: Avoid idmap caching when testing idmap_rfc2307
via 3e250e6 idmap_rfc2307: "ldap_next_entry" needs the previous entry,
not the start
via 0e6fe5c idmap_rfc2307: Don't stop after 30 entries
via babc72b test_idmap_rfc2307: Test wbinfo -r for 35 supplementary
group memberships
via a24025c test_idmap_rfc2307: Do a recursive delete in ou=idmap
via 07938b5 test_idmap_rfc2307: Correct usage
via 99e8ff5 test_idmap_rfc2307: Avoid a tmpfile
via dffa119 test_idmap_rfc2307: Remove the correct file
via d168aae idmap_rfc2307: "ldap_next_entry" needs the previous entry,
not the start
via 080f69e idmap_rfc2307: Don't stop after 30 entries
via 8d11ac4 samba-tool: let 'samba-tool user syncpasswords' report
deletions immediately
via 165cdf3 s3/smbd: update exclusive oplock optimisation to the lease
area
via bce6578 s3/smbd: update exclusive oplock optimisation to the lease
area
via 88360c7 s3/locking: helper functions for lease types
via 935fab0 s3/locking: add const to fsp_lease_type
via 5542648 s3: smbd: inotify_map_mask_to_filter incorrectly indexes an
array.
via bc62091 vfs_fruit: lp_case_sensitive() does not return a bool
via 68461b9 vfs_acl_xattr|tdb: ensure create mask is at least 0666 if
ignore_system_acls is set
via 36ff82f lib: Fix CID 1373623 Dereference after null check
via 6800744 notify: Fix ordering of events in notifyd
via bd0f2e8 cleanupdb: Fix a memory read error
via 136d0d8 s3:vfs:shadow_copy2: fix corner case of "/@GMT-token" in
shadow_copy2_strip_snapshot
via 5b0b84e s3:vfs:shadow_copy2: fix the corner case if cwd=/ in
make_relative_path
via 609ae13 s3:vfs:shadow_copy2: fix quoting in debug messages
via ea91004 pam_winbind: no longer use wbcUserPasswordPolicyInfo when
authenticating
via 685437e s3:smbd: Fix incorrect use of sys_getgroups()
via 36a97de s3:lib: Fix incorrect logic in sys_broken_getgroups()
via 96c7150 lib: debug: Avoid negative array access.
via 5cba8bb vfs_acl_xattr: avoid needlessly supplying a large buffer to
getxattr()
via c0bf985 vfs_acl_xattr: factor out fetching of an extended attribute
via 4b0b012 vfs_xattr_tdb: handle case of zero size.
via 5e29379 selftest: test fetching a large ACL from vfs_acl_xattr
via 8c283d4 ctdb-docs: Fix documentation of -n option to ctdb tool
via 490f722 winbindd: trigger possible passdb_dsdb initialisation
via 46abe7f winbindd: error handling in rpc_lookup_sids()
via bc6d901 s3/rpc_client: lookupsids error handling of
NT_STATUS_NONE_MAPPED
via 84c7c56 s3/rpc_client: use NT_STATUS_LOOKUP_ERR
via f81a0ff s3/include: add NT_STATUS_LOOKUP_ERR
via 2735992 selftest: fix for wbinfo -s tests for wellknown SIDs
via cca29f8 winbindd: explicit check for well-known SIDs in
wb_lookupsids_bulk()
via 888e75a selftest: wbinfo --sids-to-unix-ids tests for wellknown SIDs
via 82bbb79 selftest: wbinfo -s tests for wellknown SIDs
via 089711e winbindd: use passdb backend for well-known SIDs
via 6bcfe2d s4/torture: vfs_fruit: test for bug 12565
via 92cc3b2 vfs_fruit: resource fork open request with
flags=O_CREAT|O_RDONLY
via 1de3e92 waf: Explicitly link libreplace against libnss_wins.so
via f54ff44 selftest: Test for bug 12558
via 2ead4b4 smbd: Fix smb1 findfirst with DFS
via 3dc328c winbindd: Fix password policy for pam authentication
via 107f3ee selftest: tests idmap mapping with idmap_rid
via 6249de7 selftest: new environment "ad_member_idmap_rid"
via d5d552d winbindd: remove unused single_domains array
via 82cf367 winbindd: use correct domain name for failed lookupsids
via fa9bc20 VERSION: Bump version up to 4.5.9.
via 25ed615 Merge tag 'samba-4.5.8' into v4-5-test
via 342e39b s3: Test for CVE-2017-2619 regression with "follow symlinks
= no" - part 2
via 080a390 s3: smbd: Fix "follow symlink = no" regression part 2.
via 9ddabbf s3: smbd: Fix "follow symlink = no" regression part 2.
via 3b4cb58 s3: Fixup test for CVE-2017-2619 regression with "follow
symlinks = no"
via c5c8e6a s3: Test for CVE-2017-2619 regression with "follow symlinks
= no".
via e5094cf s3: smbd: Fix incorrect logic exposed by fix for the
security bug 12496 (CVE-2017-2619).
via 78b188d selftest: tests for vfs_fruite file-id behavior
via d89cfae torture: add torture_assert_mem_not_equal_goto()
via 42b77e9 vfs_fruit: document added zero_file_id parameter
via 3722b06 vfs_fruit: enable zero file id
via a5c92d8 smbd: add zero_file_id flag
via cecab32 s3: libgpo: Allow skipping GPO objects that don't have the
expected LDAP attributes.
via 8e8ebe5 Changes to make the Solaris C compiler happy.
via 968e3e2 Fix for Solaris C compiler.
via 19b6c87 ctdb-readonly: Avoid a tight loop waiting for revoke to
complete
via 85e3446 s3:vfs_expand_msdfs: Do not open the remote address as a
file
via 9533a55 s3: locking: Update oplock optimization for the leases era !
via cd86895 s3: locking: Move two leases functions into a new file.
via d537977 VERSION: Up to Samba 4.5.8.
via 28b3311 Merge tag 'samba-4.5.7' into v4-5-test
via 6226261 replace: Include sysmacros.h
via 708b1e2 manpages/vfs_fruit: document global options
via f70070c s4/torture: some tests for kernel oplocks
via e103ad5 s3/selftest: adopt config.h check from source4
via a54aa79 s3/smbd: fix deferred open with streams and kernel oplocks
via 1b5e504 s3/smbd: all callers of defer_open() pass a lck
via 5f09845 s3/smbd: remove async_open arg from defer_open()
via 5e02ff1 s3/smbd: fix schedule_async_open() timer
via 6f7f844 s3/smbd: add and use retry_open() instead of defer_open()
in two places
via 8707c86 s3/smbd: simplify defer_open()
via 32faf95 s3/smbd: req is already validated at the beginning of
open_file_ntcreate()
via 5263453 s3/smbd: add comments and some reformatting to
open_file_ntcreate()
via c0d2c63 s3/smbd: add const to get_lease_type() args
via 8f4bb3a s3/wscript: fix Linux kernel oplock detection
via 73f6042 smbd: Do an early exit on negprot failure
via 520e1a5 VERSION: Bump version up to 4.5.7...
from 964d1fc VERSION: Disable GIT_SNAPSHOTS for the 4.5.8 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-5-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 93 ++++-
ctdb/doc/ctdb.1.xml | 4 +-
ctdb/server/ctdb_call.c | 8 +-
docs-xml/manpages/vfs_fruit.8.xml | 172 ++++++----
lib/replace/replace.h | 4 +
lib/torture/torture.h | 10 +
lib/util/debug.c | 2 +-
libgpo/gpo_ldap.c | 27 +-
nsswitch/pam_winbind.c | 58 +---
nsswitch/tests/test_idmap_rfc2307.sh | 130 +++++--
nsswitch/tests/test_idmap_rid.sh | 66 ++++
nsswitch/tests/test_wbinfo.sh | 25 ++
nsswitch/wscript_build | 2 +-
python/samba/netcmd/user.py | 2 +-
selftest/knownfail | 6 -
selftest/target/Samba.pm | 1 +
selftest/target/Samba3.pm | 98 ++++++
selftest/target/Samba4.pm | 6 +
source3/include/lsa.h | 4 +
source3/include/tldap.h | 6 +
source3/lib/cleanupdb.c | 2 +-
source3/lib/dbwrap/dbwrap_watch.c | 2 +-
source3/lib/substitute.c | 7 +-
source3/lib/system.c | 12 +-
source3/locking/leases_util.c | 72 ++++
source3/locking/locking.c | 22 +-
source3/locking/proto.h | 6 +
source3/modules/vfs_acl_tdb.c | 24 +-
source3/modules/vfs_acl_xattr.c | 108 ++++--
source3/modules/vfs_expand_msdfs.c | 3 +-
source3/modules/vfs_fruit.c | 41 ++-
source3/modules/vfs_shadow_copy2.c | 17 +-
source3/modules/vfs_xattr_tdb.c | 12 +
source3/rpc_client/cli_lsarpc.c | 8 +-
source3/script/tests/test_large_acl.sh | 59 ++++
source3/script/tests/test_smbclient_s3.sh | 11 +
source3/script/tests/test_wbinfo_sids2xids_int.py | 2 +-
source3/selftest/tests.py | 57 +++-
source3/smbd/files.c | 8 -
source3/smbd/globals.h | 1 +
source3/smbd/msdfs.c | 4 +-
source3/smbd/negprot.c | 23 +-
source3/smbd/notify_inotify.c | 2 +-
source3/smbd/notifyd/notifyd.c | 3 +-
source3/smbd/open.c | 391 ++++++++++++++++------
source3/smbd/oplock.c | 40 +--
source3/smbd/proto.h | 6 +-
source3/smbd/sec_ctx.c | 3 +-
source3/smbd/trans2.c | 14 +
source3/winbindd/idmap_rfc2307.c | 9 +-
source3/winbindd/idmap_util.c | 5 +-
source3/winbindd/wb_lookupsids.c | 21 +-
source3/winbindd/winbindd_pam.c | 7 +-
source3/winbindd/winbindd_rpc.c | 9 +-
source3/winbindd/winbindd_util.c | 27 +-
source3/wscript | 6 +-
source3/wscript_build | 6 +
source4/selftest/tests.py | 2 +-
source4/torture/smb2/oplock.c | 140 ++++++++
source4/torture/smb2/smb2.c | 1 +
source4/torture/vfs/fruit.c | 149 ++++++++-
source4/torture/vfs/vfs.c | 1 +
63 files changed, 1629 insertions(+), 440 deletions(-)
create mode 100755 nsswitch/tests/test_idmap_rid.sh
create mode 100644 source3/locking/leases_util.c
create mode 100755 source3/script/tests/test_large_acl.sh
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index a40efff..8075d7c 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=5
-SAMBA_VERSION_RELEASE=8
+SAMBA_VERSION_RELEASE=9
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 5f37176..7c57603 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,93 @@
=============================
+ Release Notes for Samba 4.5.9
+ May 18, 2017
+ =============================
+
+
+This is the latest stable release of the Samba 4.5 release series.
+
+
+Changes since 4.5.8:
+--------------------
+
+o Michael Adam <ob...@samba.org>
+ * BUG 12743: vfs_shadow_copy2 fails to list snapshots from shares with
+ GlusterFS backend.
+
+o Jeremy Allison <j...@samba.org>
+ * BUG 12747: Wrong use of getgroups causes buffer overflow.
+
+o Hanno Böck <ha...@hboeck.de>
+ * BUG 12746: lib: debug: Avoid negative array access.
+ * BUG 12748: cleanupdb: Fix a memory read error.
+
+o Ralph Boehme <s...@samba.org>
+ * BUG 11961: idmap_autorid allocates ids for unknown SIDs from other
backends.
+ * BUG 12562: vfs_acl_common should force "create mask = 0777".
+ * BUG 12565: vfs_fruit: resource fork open request with
+ flags=O_CREAT|O_RDONLY.
+ * BUG 12727: Lookup-domain for well-known SIDs on a DC.
+ * BUG 12728: winbindd: Fix error handling in rpc_lookup_sids().
+ * BUG 12729: winbindd: Trigger possible passdb_dsdb initialisation.
+ * BUG 12749: Can't case-rename files with vfs_fruit.
+ * BUG 12766: s3/smbd: Update exclusive oplock optimisation to the lease
area.
+
+o Amitay Isaacs <ami...@gmail.com>
+ * BUG 12733: ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'.
+
+o Shilpa Krishnareddy <skrishnare...@panzura.com>
+ * BUG 12756: notify: Fix ordering of events in notifyd.
+
+o Volker Lendecke <v...@samba.org>
+ * BUG 12276: lib: Fix CID 1373623 Dereference after null check.
+ * BUG 12558: smbd: Fix smb1 findfirst with DFS.
+ * BUG 12757: idmap_rfc2307: Fix lookup of more than two SIDs.
+
+o Stefan Metzmacher <me...@samba.org>
+ * BUG 12767: samba-tool: Let 'samba-tool user syncpasswords' report
deletions
+ immediately.
+ * BUG 12725: pam_winbind: no longer use wbcUserPasswordPolicyInfo when
+ authenticating.
+
+o Doug Nazar <naz...@nazar.ca>
+ * BUG 12760: s3: smbd: inotify_map_mask_to_filter incorrectly indexes an
+ array.
+
+o Christof Schmitt <c...@samba.org>
+ * BUG 12725: winbindd: Fix password policy for pam authentication.
+
+o Andreas Schneider <a...@samba.org>
+ * BUG 12277: waf: Explicitly link libreplace against libnss_wins.so.
+
+o Uri Simchoni <u...@samba.org>
+ * BUG 12737: vfs_acl_xattr - failure to get ACL on Linux if memory is
+ fragmented.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ =============================
Release Notes for Samba 4.5.8
March 31, 2017
=============================
@@ -36,8 +125,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 4.5.7
diff --git a/ctdb/doc/ctdb.1.xml b/ctdb/doc/ctdb.1.xml
index 71af0a5..4508969 100644
--- a/ctdb/doc/ctdb.1.xml
+++ b/ctdb/doc/ctdb.1.xml
@@ -123,10 +123,10 @@
<title>OPTIONS</title>
<variablelist>
- <varlistentry><term>-n <parameter>PNN-LIST</parameter></term>
+ <varlistentry><term>-n <parameter>PNN</parameter></term>
<listitem>
<para>
- The nodes specified by PNN-LIST should be queried for the
+ The node specified by PNN should be queried for the
requested information. Default is to query the daemon
running on the local host.
</para>
diff --git a/ctdb/server/ctdb_call.c b/ctdb/server/ctdb_call.c
index 3478419..f9c2922 100644
--- a/ctdb/server/ctdb_call.c
+++ b/ctdb/server/ctdb_call.c
@@ -1599,7 +1599,6 @@ static int deferred_call_destructor(struct
revokechild_deferred_call *deferred_c
{
struct ctdb_context *ctdb = deferred_call->ctdb;
struct revokechild_requeue_handle *requeue_handle = talloc(ctdb, struct
revokechild_requeue_handle);
- struct ctdb_req_call_old *c = (struct ctdb_req_call_old
*)deferred_call->hdr;
requeue_handle->ctdb = ctdb;
requeue_handle->hdr = deferred_call->hdr;
@@ -1607,9 +1606,12 @@ static int deferred_call_destructor(struct
revokechild_deferred_call *deferred_c
requeue_handle->ctx = deferred_call->ctx;
talloc_steal(requeue_handle, requeue_handle->hdr);
- /* when revoking, any READONLY requests have 1 second grace to let
read/write finish first */
+ /* Always delay revoke requests. Either wait for the read/write
+ * operation to complete, or if revoking failed wait for recovery to
+ * complete
+ */
tevent_add_timer(ctdb->ev, requeue_handle,
- timeval_current_ofs(c->flags & CTDB_WANT_READONLY ? 1
: 0, 0),
+ timeval_current_ofs(1, 0),
deferred_call_requeue, requeue_handle);
return 0;
diff --git a/docs-xml/manpages/vfs_fruit.8.xml
b/docs-xml/manpages/vfs_fruit.8.xml
index 83ebb68..e2e696c 100644
--- a/docs-xml/manpages/vfs_fruit.8.xml
+++ b/docs-xml/manpages/vfs_fruit.8.xml
@@ -79,8 +79,98 @@
</refsect1>
<refsect1>
+ <title>GLOBAL OPTIONS</title>
+
+ <para>The following options must be set in the global smb.conf section
+ and won't take effect when set per share.</para>
+
+ <variablelist>
+
+ <varlistentry>
+ <term>fruit:aapl = yes | no</term>
+ <listitem>
+ <para>A <emphasis>global</emphasis> option whether to enable
Apple's SMB2+
+ extension codenamed AAPL. Default
+ <emphasis>yes</emphasis>. This extension enhances
+ several deficiencies when connecting from Macs:</para>
+
+ <itemizedlist>
+ <listitem><para>directory enumeration is enriched with
+ Mac relevant filesystem metadata (UNIX mode,
+ FinderInfo, resource fork size and effective
+ permission), as a result the Mac client doesn't need
+ to fetch this metadata individuallly per directory
+ entry resulting in an often tremendous performance
+ increase.</para></listitem>
+
+ <listitem><para>The ability to query and modify the
+ UNIX mode of directory entries.</para></listitem>
+ </itemizedlist>
+
+ <para>There's a set of per share options that come into play when
+ <emphasis>fruit:aapl</emphasis> is enabled. These opions, listed
+ below, can be used to disable the computation of specific Mac
+ metadata in the directory enumeration context, all are enabled by
+ default:</para>
+
+ <itemizedlist>
+ <listitem><para>readdir_attr:aapl_rsize = yes |
no</para></listitem>
+ <listitem><para>readdir_attr:aapl_finder_info = yes |
no</para></listitem>
+ <listitem><para>readdir_attr:aapl_max_access = yes |
no</para></listitem>
+ </itemizedlist>
+
+ <para>See below for a description of these options.</para>
+
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>fruit:nfs_aces = yes | no</term>
+ <listitem>
+ <para>A <emphasis>global</emphasis> option whether support for
+ querying and modifying the UNIX mode of directory entries via NFS
+ ACEs is enabled, default <emphasis>yes</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>fruit:copyfile = yes | no</term>
+ <listitem>
+ <para>A <emphasis>global</emphasis> option whether to enable OS X
+ specific copychunk ioctl that requests a copy of a whole file
+ along with all attached metadata.</para>
+ <para>WARNING: the copyfile request is blocking the
+ client while the server does the copy.</para>.
+ <para>The default is <emphasis>no</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>fruit:zero_file_id = yes | no</term>
+ <listitem>
+ <para>A <emphasis>global</emphasis> option whether to return
+ zero to queries of on-disk file identifier, if the client
+ has negotiated AAPL.</para>
+ <para>Mac applications and / or the Mac SMB
+ client code expect the on-disk file identifier to have the
+ semantics of HFS+ Catalog Node Identifier (CNID). Samba
+ doesn't provide those semantics, and that occasionally cause
+ usability issues or even data loss. Returning a file identifier
+ of zero causes the Mac client to stop using and trusting the
+ file id returned from the server.</para>
+ <para>The default is <emphasis>yes</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+</refsect1>
+
+<refsect1>
<title>OPTIONS</title>
+ <para>The following options can be set either in the global smb.conf
section
+ or per share.</para>
+
<variablelist>
<varlistentry>
@@ -189,50 +279,6 @@
</varlistentry>
<varlistentry>
- <term>fruit:aapl = yes | no</term>
- <listitem>
- <para>A global option whether to enable Apple's SMB2+
- extension codenamed AAPL. Default
- <emphasis>yes</emphasis>. This extension enhances
- several deficiencies when connecting from Macs:</para>
-
- <itemizedlist>
- <listitem><para>directory enumeration is enriched with
- Mac relevant filesystem metadata (UNIX mode,
- FinderInfo, resource fork size and effective
- permission), as a result the Mac client doesn't need
- to fetch this metadata individuallly per directory
- entry resulting in an often tremendous performance
- increase.</para></listitem>
-
- <listitem><para>The ability to query and modify the
- UNIX mode of directory entries.</para></listitem>
- </itemizedlist>
-
- <para>There's a set of per share options that can be
- used to disable the computation of specific Mac metadata
- in the directory enumeration context, all are enabled by
- default:</para>
-
- <itemizedlist>
- <listitem><para>readdir_attr:aapl_rsize = true |
false</para></listitem>
- <listitem><para>readdir_attr:aapl_finder_info = true |
false</para></listitem>
- <listitem><para>readdir_attr:aapl_max_access = true |
false</para></listitem>
- </itemizedlist>
-
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>fruit:nfs_aces = yes | no</term>
- <listitem>
- <para>Whether support for querying and modifying the
- UNIX mode of directory entries via NFS ACEs is enabled,
- default <emphasis>yes</emphasis>.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
<term>fruit:veto_appledouble = yes | no</term>
<listitem>
<para><emphasis>Note:</emphasis> this option only applies when
@@ -254,18 +300,6 @@
</varlistentry>
<varlistentry>
- <term>fruit:copyfile = yes | no</term>
- <listitem>
- <para>Whether to enable OS X specific copychunk ioctl
- that requests a copy of a whole file along with all
- attached metadata.</para>
- <para>WARNING: the copyfile request is blocking the
- client while the server does the copy.</para>.
- <para>The default is <emphasis>no</emphasis>.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
<term>fruit:posix_rename = yes | no</term>
<listitem>
<para>Whether to enable POSIX directory rename behaviour
@@ -276,6 +310,32 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>readdir_attr:aapl_rsize = yes | no</term>
+ <listitem>
+ <para>Return resource fork size in SMB2 FIND responses.</para>
+ <para>The default is <emphasis>yes</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>readdir_attr:aapl_finder_info = yes | no</term>
+ <listitem>
+ <para>Return FinderInfo in SMB2 FIND responses.</para>
+ <para>The default is <emphasis>yes</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>readdir_attr:aapl_max_access = yes | no</term>
+ <listitem>
+ <para>Return the user's effective maximum permissions in SMB2 FIND
+ responses. This is an expensive computation, setting this to off
+ pretends the use has maximum effective permissions.</para>
+ <para>The default is <emphasis>yes</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
diff --git a/lib/replace/replace.h b/lib/replace/replace.h
index c69a069..1dbeacf 100644
--- a/lib/replace/replace.h
+++ b/lib/replace/replace.h
@@ -171,6 +171,10 @@
#include <sys/types.h>
#endif
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
+
#ifdef HAVE_SETPROCTITLE_H
#include <setproctitle.h>
#endif
diff --git a/lib/torture/torture.h b/lib/torture/torture.h
index b6d1301..668458a 100644
--- a/lib/torture/torture.h
+++ b/lib/torture/torture.h
@@ -367,6 +367,16 @@ void torture_result(struct torture_context *test,
} \
} while(0)
+#define
torture_assert_mem_not_equal_goto(torture_ctx,got,expected,len,ret,label,cmt) \
+ do { const void *__got = (got), *__expected = (expected); \
+ if (memcmp(__got, __expected, len) == 0) { \
+ torture_result(torture_ctx, TORTURE_FAIL, \
+ __location__": "#got" of len %d unexpectedly
matches "#expected": %s", (int)len, cmt); \
+ ret = false; \
+ goto label; \
+ } \
+ } while(0)
+
static inline void torture_dump_data_str_cb(const char *buf, void
*private_data)
{
char **dump = (char **)private_data;
diff --git a/lib/util/debug.c b/lib/util/debug.c
index ed89944..2662c2d 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -396,7 +396,7 @@ static void debug_backends_log(const char *msg, int
msg_level)
* a buffer without the newline character.
*/
len = MIN(strlen(msg), FORMAT_BUFR_SIZE - 1);
- if (msg[len - 1] == '\n') {
+ if ((len > 0) && (msg[len - 1] == '\n')) {
len--;
}
diff --git a/libgpo/gpo_ldap.c b/libgpo/gpo_ldap.c
index 9a95f8b..4533d61 100644
--- a/libgpo/gpo_ldap.c
+++ b/libgpo/gpo_ldap.c
@@ -424,24 +424,30 @@ ADS_STATUS ads_delete_gpo_link(ADS_STRUCT *ads,
ADS_ERROR_HAVE_NO_MEMORY(gpo->ds_path);
if (!ads_pull_uint32(ads, res, "versionNumber", &gpo->version)) {
- return ADS_ERROR(LDAP_NO_MEMORY);
+ return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
}
if (!ads_pull_uint32(ads, res, "flags", &gpo->options)) {
- return ADS_ERROR(LDAP_NO_MEMORY);
+ return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
}
gpo->file_sys_path = ads_pull_string(ads, mem_ctx, res,
"gPCFileSysPath");
- ADS_ERROR_HAVE_NO_MEMORY(gpo->file_sys_path);
+ if (gpo->file_sys_path == NULL) {
+ return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
+ }
gpo->display_name = ads_pull_string(ads, mem_ctx, res,
"displayName");
- ADS_ERROR_HAVE_NO_MEMORY(gpo->display_name);
+ if (gpo->display_name == NULL) {
+ return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
+ }
gpo->name = ads_pull_string(ads, mem_ctx, res,
"name");
- ADS_ERROR_HAVE_NO_MEMORY(gpo->name);
+ if (gpo->name == NULL) {
+ return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
+ }
gpo->machine_extensions = ads_pull_string(ads, mem_ctx, res,
"gPCMachineExtensionNames");
@@ -450,7 +456,9 @@ ADS_STATUS ads_delete_gpo_link(ADS_STRUCT *ads,
ads_pull_sd(ads, mem_ctx, res, "ntSecurityDescriptor",
&gpo->security_descriptor);
- ADS_ERROR_HAVE_NO_MEMORY(gpo->security_descriptor);
+ if (gpo->security_descriptor == NULL) {
+ return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
+ }
return ADS_ERROR(LDAP_SUCCESS);
}
@@ -586,6 +594,13 @@ static ADS_STATUS add_gplink_to_gpo_list(ADS_STRUCT *ads,
if (!ADS_ERR_OK(status)) {
DEBUG(10,("failed to get gpo: %s\n",
gp_link->link_names[i]));
+ if ((status.error_type == ENUM_ADS_ERROR_LDAP) &&
+ (status.err.rc == LDAP_NO_SUCH_ATTRIBUTE)) {
+ DEBUG(10,("skipping empty gpo: %s\n",
+ gp_link->link_names[i]));
+ talloc_free(new_gpo);
+ continue;
+ }
return status;
}
diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index 4ae78b3..0692960 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -1002,7 +1002,6 @@ static bool _pam_send_password_expiry_message(struct
pwb_context *ctx,
static void _pam_warn_password_expiry(struct pwb_context *ctx,
const struct wbcAuthUserInfo *info,
- const struct wbcUserPasswordPolicyInfo
*policy,
int warn_pwd_expire,
bool *already_expired,
bool *change_pwd)
@@ -1010,7 +1009,7 @@ static void _pam_warn_password_expiry(struct pwb_context
*ctx,
time_t now = time(NULL);
--
Samba Shared Repository
