The branch, master has been updated
via eaf63f0b845 docs-xml: "cluster addresses" dns registration
via 3e25d4d55f8 docs-xml: Update documentation for 'restrict anonymous'
option
via f132c3767ef s3/lib/popt_common: use stack buffer in set_logfile()
via 901ca24e43a s3/lib/popt_common: don't assume stackframe presence
via c824240cd48 lib/debug: retain full string in state.prog_name global
from 61670169d52 Clean up reference used with PyDict_Setxxx
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit eaf63f0b845fb766ff243b1a7d0587c9507ab31e
Author: David Disseldorp <dd...@samba.org>
Date: Tue Jan 29 12:49:28 2019 +0100
docs-xml: "cluster addresses" dns registration
Bug 7871 added functionality to register smb.conf "cluster addresses"
when net ads dns register is called with clustering=yes, but the man
page was not updated. Add documentation for this behaviour.
Signed-off-by: David Disseldorp <dd...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
Autobuild-User(master): David Disseldorp <dd...@samba.org>
Autobuild-Date(master): Thu Feb 7 21:33:15 CET 2019 on sn-devel-144
commit 3e25d4d55f85be3323861b9a2f59626246b57182
Author: Andreas Schneider <a...@samba.org>
Date: Tue Feb 5 16:08:46 2019 +0100
docs-xml: Update documentation for 'restrict anonymous' option
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Rowland Penny <rpe...@samba.org>
Reviewed-by: David Disseldorp <dd...@samba.org>
commit f132c3767efd4197ae32a7114a7b91b55759adb4
Author: David Disseldorp <dd...@samba.org>
Date: Wed Feb 6 12:01:12 2019 +0100
s3/lib/popt_common: use stack buffer in set_logfile()
Signed-off-by: David Disseldorp <dd...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 901ca24e43a1b2b441f070e5dc40a6c7ddcba883
Author: David Disseldorp <dd...@samba.org>
Date: Wed Feb 6 00:58:17 2019 +0100
s3/lib/popt_common: don't assume stackframe presence
popt_common_callback() should be leak-safe if a talloc stackframe isn't
available, as it's invoked early on.
Signed-off-by: David Disseldorp <dd...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit c824240cd48aea9e0655287c98c8de7c3ffd5f94
Author: David Disseldorp <dd...@samba.org>
Date: Wed Feb 6 12:39:03 2019 +0100
lib/debug: retain full string in state.prog_name global
setup_logging() retains a global pointer to the provided const string in
state.prog_name, which is later used in the debug_backend->reload()
callback.
Some setup_logging() callers, such as popt_common_callback(),
incorrectly assume that a dynamic buffer is safe to provide as a
prog_name parameter. Fix this by copying the entire string in
setup_logging().
Signed-off-by: David Disseldorp <dd...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/smbdotconf/misc/clusteraddresses.xml | 12 +++---
docs-xml/smbdotconf/security/restrictanonymous.xml | 45 +++++++++++-----------
lib/util/debug.c | 12 ++++--
source3/lib/popt_common.c | 42 ++++++++++++++------
4 files changed, 67 insertions(+), 44 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/misc/clusteraddresses.xml
b/docs-xml/smbdotconf/misc/clusteraddresses.xml
index d01a4f9004b..66878cdb642 100644
--- a/docs-xml/smbdotconf/misc/clusteraddresses.xml
+++ b/docs-xml/smbdotconf/misc/clusteraddresses.xml
@@ -3,12 +3,12 @@
type="cmdlist"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc";>
<description>
- <para>With this parameter you can add additional addresses
- nmbd will register with a WINS server. These addresses are not
- necessarily present on all nodes simultaneously, but they will
- be registered with the WINS server so that clients can contact
- any of the nodes.
- </para>
+ <para>With this parameter you can add additional addresses that
+ nmbd will register with a WINS server. Similarly, these
+ addresses will be registered by default when
+ <emphasis>net ads dns register</emphasis> is called with
+ <smbconfoption name="clustering">yes</smbconfoption>
+ configured.</para>
</description>
<value type="default"></value>
diff --git a/docs-xml/smbdotconf/security/restrictanonymous.xml
b/docs-xml/smbdotconf/security/restrictanonymous.xml
index 78cafd21d55..06abe7b2bf7 100644
--- a/docs-xml/smbdotconf/security/restrictanonymous.xml
+++ b/docs-xml/smbdotconf/security/restrictanonymous.xml
@@ -3,34 +3,35 @@
context="G"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc";>
<description>
- <para>The setting of this parameter determines whether user and
- group list information is returned for an anonymous connection.
- and mirrors the effects of the
-<programlisting>
-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
- Control\LSA\RestrictAnonymous
-</programlisting>
- registry key in Windows 2000 and Windows NT. When set to 0, user
- and group list information is returned to anyone who asks. When set
- to 1, only an authenticated user can retrieve user and
- group list information. For the value 2, supported by
- Windows 2000/XP and Samba, no anonymous connections are allowed at
- all. This can break third party and Microsoft
- applications which expect to be allowed to perform
- operations anonymously.</para>
+ <para>
+ The setting of this parameter determines whether SAMR and LSA
+ DCERPC services can be accessed anonymously. This corresponds
+ to the following Windows Server registry options:
+ </para>
+
+ <programlisting>
+
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymous
+ </programlisting>
+
+ <para>
+ The option also affects the browse option which is required by
+ legacy clients which rely on Netbios browsing. While modern
+ Windows version should be fine with restricting the access
+ there could still be applications relying on anonymous access.
+ </para>
<para>
- The security advantage of using restrict anonymous = 1 is dubious,
- as user and group list information can be obtained using other
- means.
+ Setting <smbconfoption name="restrict
anonymous">1</smbconfoption>
+ will disable anonymous SAMR access.
</para>
- <note>
<para>
- The security advantage of using restrict anonymous = 2 is removed
- by setting <smbconfoption name="guest ok">yes</smbconfoption> on any share.
+ Setting <smbconfoption name="restrict
anonymous">2</smbconfoption>
+ will, in addition to restricting SAMR access, disallow anonymous
+ connections to the IPC$ share in general.
+ Setting <smbconfoption name="guest ok">yes</smbconfoption> on
any share
+ will remove the security advantage.
</para>
- </note>
</description>
<value type="default">0</value>
diff --git a/lib/util/debug.c b/lib/util/debug.c
index 30e5a28a233..e6a1ba4f96f 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -87,7 +87,7 @@
static struct {
bool initialized;
enum debug_logtype logtype; /* The type of logging we are doing: eg
stdout, file, stderr */
- const char *prog_name;
+ char prog_name[255];
bool reopening_logs;
bool schedule_reopen_logs;
@@ -227,11 +227,15 @@ static void debug_syslog_reload(bool enabled, bool
previously_enabled,
const char *prog_name, char *option)
{
if (enabled && !previously_enabled) {
+ const char *ident = NULL;
+ if ((prog_name != NULL) && (prog_name[0] != '\0')) {
+ ident = prog_name;
+ }
#ifdef LOG_DAEMON
- openlog(prog_name, LOG_PID, SYSLOG_FACILITY);
+ openlog(ident, LOG_PID, SYSLOG_FACILITY);
#else
/* for old systems that have no facility codes. */
- openlog(prog_name, LOG_PID );
+ openlog(ident, LOG_PID);
#endif
return;
}
@@ -1001,7 +1005,7 @@ void setup_logging(const char *prog_name, enum
debug_logtype new_logtype)
prog_name = p + 1;
}
- state.prog_name = prog_name;
+ strlcpy(state.prog_name, prog_name, sizeof(state.prog_name));
}
reopen_logs_internal();
}
diff --git a/source3/lib/popt_common.c b/source3/lib/popt_common.c
index 6379135a267..fa21668000e 100644
--- a/source3/lib/popt_common.c
+++ b/source3/lib/popt_common.c
@@ -42,22 +42,23 @@ extern bool override_logfile;
static void set_logfile(poptContext con, const char * arg)
{
- char *lfile = NULL;
+ char lfile[PATH_MAX];
const char *pname;
+ int ret;
/* Find out basename of current program */
- pname = strrchr_m(poptGetInvocationName(con),'/');
-
- if (!pname)
+ pname = strrchr_m(poptGetInvocationName(con), '/');
+ if (pname == NULL) {
pname = poptGetInvocationName(con);
- else
+ } else {
pname++;
+ }
- if (asprintf(&lfile, "%s/log.%s", arg, pname) < 0) {
+ ret = snprintf(lfile, sizeof(lfile), "%s/log.%s", arg, pname);
+ if (ret >= sizeof(lfile)) {
return;
}
lp_set_logfile(lfile);
- SAFE_FREE(lfile);
}
static bool PrintSambaVersionString;
@@ -72,11 +73,16 @@ static void popt_common_callback(poptContext con,
const struct poptOption *opt,
const char *arg, const void *data)
{
+ TALLOC_CTX *mem_ctx = talloc_new(NULL);
+ if (mem_ctx == NULL) {
+ exit(1);
+ }
if (reason == POPT_CALLBACK_REASON_PRE) {
set_logfile(con, get_dyn_LOGFILEBASE());
talloc_set_log_fn(popt_s3_talloc_log_fn);
talloc_set_abort_fn(smb_panic);
+ talloc_free(mem_ctx);
return;
}
@@ -84,20 +90,27 @@ static void popt_common_callback(poptContext con,
if (PrintSambaVersionString) {
printf( "Version %s\n", samba_version_string());
+ talloc_free(mem_ctx);
exit(0);
}
if (is_default_dyn_CONFIGFILE()) {
- if(getenv("SMB_CONF_PATH")) {
+ if (getenv("SMB_CONF_PATH")) {
set_dyn_CONFIGFILE(getenv("SMB_CONF_PATH"));
}
}
if (override_logfile) {
- setup_logging(lp_logfile(talloc_tos()), DEBUG_FILE );
+ char *logfile = lp_logfile(mem_ctx);
+ if (logfile == NULL) {
+ talloc_free(mem_ctx);
+ exit(1);
+ }
+ setup_logging(logfile, DEBUG_FILE);
}
/* Further 'every Samba program must do this' hooks here. */
+ talloc_free(mem_ctx);
return;
}
@@ -105,18 +118,21 @@ static void popt_common_callback(poptContext con,
case OPT_OPTION:
{
struct loadparm_context *lp_ctx;
+ bool ok;
- lp_ctx = loadparm_init_s3(talloc_tos(), loadparm_s3_helpers());
+ lp_ctx = loadparm_init_s3(mem_ctx, loadparm_s3_helpers());
if (lp_ctx == NULL) {
fprintf(stderr, "loadparm_init_s3() failed!\n");
+ talloc_free(mem_ctx);
exit(1);
}
- if (!lpcfg_set_option(lp_ctx, arg)) {
+ ok = lpcfg_set_option(lp_ctx, arg);
+ if (!ok) {
fprintf(stderr, "Error setting option '%s'\n", arg);
+ talloc_free(mem_ctx);
exit(1);
}
- TALLOC_FREE(lp_ctx);
break;
}
case 'd':
@@ -167,6 +183,8 @@ static void popt_common_callback(poptContext con,
}
break;
}
+
+ talloc_free(mem_ctx);
}
struct poptOption popt_common_connection[] = {
--
Samba Shared Repository
