[Samba] samba shadow copy
Hi ,all I have some problems concerned with samba shadow copy ACL. I have a public share folder which everyone can access and I create a snapshot for the share folder. Since everyone can have access to the folder then it means everyone can recover the folder by shadow copy client in windows explorer. I want to know is there any method to do ACL on the recovery in windows so that only specific users can recover the folder instead of everyone. Many Thanks Ben. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ldapsearch with samba4 (now a question about SASL and ldaps
Hello Andrew, Update... I did get ldaps and -Z working, but I can't do it with SASL, I can't find docs that say, but is it possible that SASL (GSSAPI) and ldaps are not compatible? What -Z is supposed to do ? ldapsearch -H ldaps://ldapserver.domain -Y GSSAPI SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Server is unwilling to perform (53) additional info: SASL:[GSSAPI]: Sign or Seal are not allowed if TLS is used snip So the question is are SASL and ldaps not compatible and if that is the case which is better? I like GSSAPI because I don't need to store passwords on the system, but I'm not clear on how encrypted the data being transmitted is. I did a packet capture and I do see some data that doesn't look like clear text, but that's all I know for sure :) Have a look at ldbsearch (our ldap like search tool). Can you try ldbsearch -H ldaps://name_of_your_dc -k 1 It should work to do GSSAPI (kerberos) and ldaps, at least it works for me ! Can you also try ldbsearch -H ldaps://name_of_your_dc -U user_in_the_ad -- Matthieu Patou Samba Teamhttp://samba.org Private repo http://git.samba.org/?p=mat/samba.git;a=summary -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] LDAP Account Manager 3.4.0 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 LDAP Account Manager (LAM) 3.4.0 - April 25th, 2011 === LAM is a web frontend for managing accounts stored in an LDAP directory. Announcement: - - The IMAP module supports quota management and the Asterisk module now manages all possible attributes. You can synchronize Samba 3 and Shadow expiration dates. LAM Pro users may now manage automount entries and can use enhanced wildcards in custom scripts. Full changelog: http://www.ldap-account-manager.org/lamcms/changelog Download: http://www.ldap-account-manager.org/lamcms/releases Features: - - * management of various account types * Unix * Samba 3 * Kolab 2 * Asterisk * phpGroupwWare * Zarafa * DHCP * SSH keys * profiles for account creation * account creation via file upload * automatic creation/deletion of home directories * setting quotas * PDF output for all accounts * editor for organizational units * schema browser * tree view * multiple configuration files * multi-language support: Catalan, Chinese (Traditional + Simplified), Czech, Dutch, English, French, German, Hungarian, Italian, Japanese, Polish, Portuguese, Russian and Spanish * support for LDAP+SSL/TLS Demo installation: - -- You can try our demo installation online. http://www.ldap-account-manager.org/lamcms/liveDemo Support: - If you find a bug please file a bug report. For questions or implementing new features please use the mailinglist and feature request tracker at our homepage http://www.ldap-account-manager.org. Authors Copyright: - Copyright (C) 2003 - 2011: Roland Gruber p...@rolandgruber.de LAM is published under the GNU General Public License. The complete list of licenses can be found in the copyright file. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk21r5AACgkQq/ywNCsrGZ5HMgCfWu5XTVNXVadNohBNks+s5QbB ejAAoIJ6Q1aT4WreP1lbxODC9Ifv9TEh =HfT2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows prompt for password complexity
From: Tom Lobato tomlob...@gmail.com Date: Sun, 24 Apr 2011 13:35:22 -0300 On 24-04-2011 13:26, Tom Lobato wrote: (snip) check password script cannot do more than return status 0 or != 0 to tell samba about check result. Would be nice if this could return the custom error message to Samba, so it could tell the user properly. Is there some way to customize this message? No, Samba return only a status code such as NT_STATUS_PASSWORD_RESTRICTION or DOMAIN_PASSWORD_COMPLEX ... The error message is choosen by the client based on received status code, so you cannnot customize it. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] GPO in Linux!!
Greetings, Is there any way to assign Group Policy in Samba 4 AD on linux clients? I was trying to implement a logon/logout script which will mount active directory user's home directory automatically but unsuccessful. Sincerely, -- Yared Berhanu Woldegiorgis Økern torgvei 92 N-0589 Oslo, Norway tel. 004746263024 yare...@ifi.uio.no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Share mounts as read-only on MacOSX client
I have a user with an older Mac Mini, running MacOSX 10.4.11 When she mounts the share from my Samba server it is mounted Read Only. I am able to mount it using her credentials on my Win7 computer and it is readable and writable. Here are the details: Server: Samba Version 3.3.8-0.52.el5_5 CentOS 5.5 Authenticating from OpenDirectory (LDAP) server. Client: Mac Mini running Mac OSX 10.4.11 Error Message I am seeing in /var/log/samba/samba.log [2011/04/25 10:51:47, 1] smbd/service.c:close_cnum(1331) jannettes-mac-m (:::192.168.10.71) closed connection to service user1 [2011/04/25 10:51:57, 1] librpc/ndr/ndr.c:ndr_pull_error(467) ndr_pull_error(11): ndr_pull_advance by 570425342 failed [2011/04/25 10:51:57, 1] librpc/ndr/ndr.c:ndr_pull_error(467) ndr_pull_error(11): Pull bytes 2 [2011/04/25 10:51:57, 0] rpc_server/srv_pipe.c:api_rpcTNP(2381) api_rpcTNP: srvsvc: SRVSVC_NETSHAREENUMALL failed. [2011/04/25 10:52:14, 1] librpc/ndr/ndr.c:ndr_pull_error(467) ndr_pull_error(11): ndr_pull_advance by 570425342 failed [2011/04/25 10:52:14, 1] librpc/ndr/ndr.c:ndr_pull_error(467) ndr_pull_error(11): Pull bytes 2 [2011/04/25 10:52:14, 0] rpc_server/srv_pipe.c:api_rpcTNP(2381) api_rpcTNP: srvsvc: SRVSVC_NETSHAREENUMALL failed. [2011/04/25 10:52:19, 1] smbd/service.c:make_connection_snum(1119) jannettes-mac-m (:::192.168.10.71) connect to service user1 initially as user user1 (uid=632, gid=109) (pid 24167) Anyone run into this before? Thanks, -- Kyle K -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ldapsearch with samba4 (now a question about SASL and ldaps
On 4/25/2011 10:14 AM, Matthieu Patou wrote: Hello Andrew, What -Z is supposed to do ? -Z and ldaps are pretty much the same thing as I recall... basically putting ldapsearch in SSL or TLS... Have a look at ldbsearch (our ldap like search tool). Can you try ldbsearch -H ldaps://name_of_your_dc -k 1 It should work to do GSSAPI (kerberos) and ldaps, at least it works for me ! Can you also try ldbsearch -H ldaps://name_of_your_dc -U user_in_the_ad ldbsearch does work, but I am trying to use ldap pam, which basically does ldapsearch so this solution won't work for me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] GPO in Linux!!
On Mon, Apr 25, 2011 at 3:54 PM, Yared Berhanu yar...@gmail.com wrote: Greetings, Is there any way to assign Group Policy in Samba 4 AD on linux clients? I was trying to implement a logon/logout script which will mount active directory user's home directory automatically but unsuccessful. Sincerely, Why not simply use autofs and a relevant /home/[DOMAIN]/user automount table? Keep it out of /home directly to avoid conflicts with other software, but such subdirectories are easily published with automounting tables and even wildcards. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 422b2fa s3: Run pthreadpooltest in make test via 39375de s3: Add pthreadpooltest to main build via f4a0f85 s3: pthreadpool_sig_fd-pthreadpool_signal_fd via 3c405f5 s3: Tiny doc for pthreadpool via 62689d8 s3: Many pthreadpool fixes via 23a6af4 s3: Add a 10-second timeout for the 445 or netbios connection to a DC from f7bc844 s3:rpc_client: map fault codes to NTSTATUS with dcerpc_fault_to_nt_status() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 422b2fa0d064f2afeeec400223bb8a47deecc4a5 Author: Volker Lendecke v...@samba.org Date: Sun Apr 24 10:36:56 2011 +0200 s3: Run pthreadpooltest in make test Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Mon Apr 25 10:39:12 CEST 2011 on sn-devel-104 commit 39375de8354b676904e1fea097a68178acd987e4 Author: Volker Lendecke v...@samba.org Date: Sat Apr 23 16:49:04 2011 +0200 s3: Add pthreadpooltest to main build commit f4a0f856f31291dd316a937f8060d2f205e8d4d6 Author: Volker Lendecke v...@samba.org Date: Sun Apr 24 10:09:45 2011 +0200 s3: pthreadpool_sig_fd-pthreadpool_signal_fd commit 3c405f5e1d81d33a01ab822aeba93634338d5b25 Author: Volker Lendecke v...@samba.org Date: Sat Apr 23 22:25:36 2011 +0200 s3: Tiny doc for pthreadpool commit 62689d8166b8e070f855e6910470796dd7e1b2c8 Author: Volker Lendecke v...@samba.org Date: Fri Apr 22 11:47:11 2011 +0200 s3: Many pthreadpool fixes In particular, this makes it fork-safe commit 23a6af46c84cd9b738af403d80c5187d858eac03 Author: Volker Lendecke v...@samba.org Date: Sun Apr 17 20:16:07 2011 +0200 s3: Add a 10-second timeout for the 445 or netbios connection to a DC --- Summary of changes: source3/Makefile.in | 12 +- source3/configure.in|4 +- source3/include/proto.h |3 +- source3/include/pthreadpool.h | 42 --- source3/lib/fncall.c|4 +- source3/lib/pthreadpool/Makefile|9 + source3/lib/{ = pthreadpool}/pthreadpool.c | 259 +--- source3/lib/pthreadpool/pthreadpool.h | 94 +++ source3/lib/pthreadpool/tests.c | 362 +++ source3/libsmb/smbsock_connect.c| 13 +- source3/script/tests/test_pthreadpool.sh| 17 ++ source3/selftest/tests.py |3 + source3/torture/test_smbsock_any_connect.c |2 +- source3/winbindd/winbindd_cm.c |4 +- 14 files changed, 691 insertions(+), 137 deletions(-) delete mode 100644 source3/include/pthreadpool.h create mode 100644 source3/lib/pthreadpool/Makefile rename source3/lib/{ = pthreadpool}/pthreadpool.c (70%) create mode 100644 source3/lib/pthreadpool/pthreadpool.h create mode 100644 source3/lib/pthreadpool/tests.c create mode 100755 source3/script/tests/test_pthreadpool.sh Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index e503112..b3764ca 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -97,6 +97,7 @@ TDBTOOL = @TDBTOOL@ TDBDUMP = @TDBDUMP@ TDBRESTORE = @TDBRESTORE@ TDBTORTURE = @TDBTORTURE@ +PTHREADPOOLTEST = @PTHREADPOOLTEST@ INSTALLCMD=@INSTALL@ INSTALLLIBCMD_SH=@INSTALLLIBCMD_SH@ @@ -230,7 +231,7 @@ TORTURE_PROGS = bin/smbtorture@EXEEXT@ bin/msgtest@EXEEXT@ \ bin/masktest@EXEEXT@ bin/locktest@EXEEXT@ \ bin/locktest2@EXEEXT@ bin/nsstest@EXEEXT@ bin/vfstest@EXEEXT@ \ bin/pdbtest@EXEEXT@ $(TALLOCTORT) bin/replacetort@EXEEXT@ \ - $(TDBTORTURE) \ + $(TDBTORTURE) $(PTHREADPOOLTEST) \ bin/smbconftort@EXEEXT@ bin/vlp@EXEEXT@ BIN_PROGS = @EXTRA_BIN_PROGS@ \ @@ -1129,6 +1130,9 @@ SMBCONFTORT_OBJ = $(SMBCONFTORT_OBJ0) \ $(LIBSMB_ERR_OBJ) \ $(POPT_LIB_OBJ) +PTHREADPOOLTEST_OBJ = lib/pthreadpool/pthreadpool.o \ + lib/pthreadpool/tests.o + LIBNET_OBJ = libnet/libnet_join.o \ libnet/libnet_keytab.o \ librpc/gen_ndr/ndr_libnet_join.o @@ -1567,6 +1571,8 @@ replacetort : SHOWFLAGS bin/replacetort@EXEEXT@ smbconftort : SHOWFLAGS bin/smbconftort@EXEEXT@ +pthreadpooltest : SHOWFLAGS bin/pthreadpooltest@EXEEXT@ + timelimit : SHOWFLAGS bin/timelimit@EXEEXT@ nsswitch : SHOWFLAGS bin/winbindd@EXEEXT@ bin/wbinfo@EXEEXT@ @WINBIND_NSS@ \ @@ -1892,6 +1898,10 @@ bin/smbconftort@EXEEXT@: $(SMBCONFTORT_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(DYNEXP) $(LIBS) $(LDAP_LIBS) $(POPT_LIBS) \ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) +bin/pthreadpooltest@EXEEXT@: $(PTHREADPOOLTEST_OBJ) + @echo Linking $@ + @$(CC) -o $@ $(PTHREADPOOLTEST_OBJ) $(LDFLAGS) -lpthread + bin/masktest@EXEEXT@:
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 6be972b s3: Add a 10-second timeout for the 445 or netbios connection to a DC (cherry picked from commit 23a6af46c84cd9b738af403d80c5187d858eac03) from 045895d s3: Fix Coverity ID 2047, UNUSED_VALUE http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 6be972bd5b55c29f3a3a1ebcbee654a2ece020b6 Author: Volker Lendecke v...@samba.org Date: Sun Apr 17 20:16:07 2011 +0200 s3: Add a 10-second timeout for the 445 or netbios connection to a DC (cherry picked from commit 23a6af46c84cd9b738af403d80c5187d858eac03) --- Summary of changes: source3/include/proto.h|3 ++- source3/libsmb/smbsock_connect.c | 13 - source3/torture/test_smbsock_any_connect.c |2 +- source3/winbindd/winbindd_cm.c |4 ++-- 4 files changed, 17 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 6b315d3..8819fd2 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -2926,7 +2926,7 @@ NTSTATUS smbsock_connect_recv(struct tevent_req *req, int *sock, NTSTATUS smbsock_connect(const struct sockaddr_storage *addr, uint16_t port, const char *called_name, int called_type, const char *calling_name, int calling_type, -int *pfd, uint16_t *ret_port); +int *pfd, uint16_t *ret_port, int sec_timeout); struct tevent_req *smbsock_any_connect_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, @@ -2945,6 +2945,7 @@ NTSTATUS smbsock_any_connect(const struct sockaddr_storage *addrs, int *calling_types, size_t num_addrs, uint16_t port, +int sec_timeout, int *pfd, size_t *chosen_index, uint16_t *chosen_port); diff --git a/source3/libsmb/smbsock_connect.c b/source3/libsmb/smbsock_connect.c index fd8626f..9dc2f68 100644 --- a/source3/libsmb/smbsock_connect.c +++ b/source3/libsmb/smbsock_connect.c @@ -368,7 +368,7 @@ NTSTATUS smbsock_connect_recv(struct tevent_req *req, int *sock, NTSTATUS smbsock_connect(const struct sockaddr_storage *addr, uint16_t port, const char *called_name, int called_type, const char *calling_name, int calling_type, -int *pfd, uint16_t *ret_port) +int *pfd, uint16_t *ret_port, int sec_timeout) { TALLOC_CTX *frame = talloc_stackframe(); struct event_context *ev; @@ -385,6 +385,11 @@ NTSTATUS smbsock_connect(const struct sockaddr_storage *addr, uint16_t port, if (req == NULL) { goto fail; } + if ((sec_timeout != 0) + !tevent_req_set_endtime( + req, ev, timeval_current_ofs(sec_timeout, 0))) { + goto fail; + } if (!tevent_req_poll_ntstatus(req, ev, status)) { goto fail; } @@ -610,6 +615,7 @@ NTSTATUS smbsock_any_connect(const struct sockaddr_storage *addrs, int *calling_types, size_t num_addrs, uint16_t port, +int sec_timeout, int *pfd, size_t *chosen_index, uint16_t *chosen_port) { @@ -629,6 +635,11 @@ NTSTATUS smbsock_any_connect(const struct sockaddr_storage *addrs, if (req == NULL) { goto fail; } + if ((sec_timeout != 0) + !tevent_req_set_endtime( + req, ev, timeval_current_ofs(sec_timeout, 0))) { + goto fail; + } if (!tevent_req_poll_ntstatus(req, ev, status)) { goto fail; } diff --git a/source3/torture/test_smbsock_any_connect.c b/source3/torture/test_smbsock_any_connect.c index 28a9981..a964e0f 100644 --- a/source3/torture/test_smbsock_any_connect.c +++ b/source3/torture/test_smbsock_any_connect.c @@ -35,7 +35,7 @@ bool run_smb_any_connect(int dummy) interpret_string_addr(addrs[4], 192.168.99.9, 0); status = smbsock_any_connect(addrs, NULL, NULL, NULL, NULL, -ARRAY_SIZE(addrs), 0, +ARRAY_SIZE(addrs), 0, 0, fd, chosen_index, port); d_printf(smbsock_any_connect returned %s (fd %d)\n, diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 1473d33..abb51a9 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -1375,7
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4f6b1e8 s3: Check for res_ninit from 422b2fa s3: Run pthreadpooltest in make test http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4f6b1e8c81776cf1fa386574e60e54fe6b4fe82e Author: Volker Lendecke v...@samba.org Date: Mon Apr 25 10:55:58 2011 +0200 s3: Check for res_ninit Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Mon Apr 25 11:44:58 CEST 2011 on sn-devel-104 --- Summary of changes: source3/configure.in |8 1 files changed, 8 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/configure.in b/source3/configure.in index 3a2f089..556b8d3 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -1411,6 +1411,14 @@ AC_CHECK_LIB(resolv, dn_expand) AC_CHECK_LIB(resolv, _dn_expand) AC_CHECK_LIB(resolv, __dn_expand) +AC_TRY_COMPILE([#include resolv.h], + [struct __res_state s; res_ninit(s);], + ac_cv_have_res_ninit=yes,ac_cv_have_res_ninit=no) + +if test x$ac_cv_have_res_ninit = xyes; then + AC_DEFINE(HAVE_RES_NINIT, 1, [Whether we have res_ninit]) +fi + # # Check for the functions putprpwnam, set_auth_parameters, # getspnam, bigcrypt and getprpwnam in -lsec and -lsecurity -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b61c38f s3: Fix some typos in dsgetdcname via 60e8e33 s3: port is not used in dsgetdcname from 4f6b1e8 s3: Check for res_ninit http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b61c38fde6eee796097ae4f0cd4c3c31b052c599 Author: Volker Lendecke v...@samba.org Date: Mon Apr 25 11:25:02 2011 +0200 s3: Fix some typos in dsgetdcname Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Mon Apr 25 12:35:30 CEST 2011 on sn-devel-104 commit 60e8e33414f7dee8deb99b276182975b234bed0d Author: Volker Lendecke v...@samba.org Date: Mon Apr 25 11:24:31 2011 +0200 s3: port is not used in dsgetdcname Günther, please check! --- Summary of changes: source3/libsmb/dsgetdcname.c |9 +++-- 1 files changed, 3 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c index e062818..7706994 100644 --- a/source3/libsmb/dsgetdcname.c +++ b/source3/libsmb/dsgetdcname.c @@ -32,7 +32,6 @@ struct ip_service_name { struct sockaddr_storage ss; - unsigned port; const char *hostname; }; @@ -514,7 +513,6 @@ static NTSTATUS discover_dc_netbios(TALLOC_CTX *mem_ctx, iplist[i].ss); r-ss = iplist[i].ss; - r-port = iplist[i].port; r-hostname = talloc_strdup(mem_ctx, addr); if (!r-hostname) { SAFE_FREE(iplist); @@ -598,7 +596,6 @@ static NTSTATUS discover_dc_dns(TALLOC_CTX *mem_ctx, struct ip_service_name *r = dclist[count]; - r-port = dcs[i].port; r-hostname = dcs[i].hostname; /* If we don't have an IP list for a name, lookup it up */ @@ -609,7 +606,7 @@ static NTSTATUS discover_dc_dns(TALLOC_CTX *mem_ctx, i++; j = 0; } else { - /* use the IP addresses from the SRV sresponse */ + /* use the IP addresses from the SRV response */ if (j = dcs[i].num_ips) { i++; @@ -623,8 +620,8 @@ static NTSTATUS discover_dc_dns(TALLOC_CTX *mem_ctx, /* make sure it is a valid IP. I considered checking the * negative connection cache, but this is the wrong place for -* it. Maybe only as a hac. After think about it, if all of -* the IP addresses retuend from DNS are dead, what hope does a +* it. Maybe only as a hack. After think about it, if all of +* the IP addresses returned from DNS are dead, what hope does a * netbios name lookup have? The standard reason for falling * back to netbios lookups is that our DNS server doesn't know * anything about the DC's -- jerry */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 40e0079 s3: Some build farm machines do not have /bin/true from b61c38f s3: Fix some typos in dsgetdcname http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 40e0079bae731f691a620a280b74ada951018458 Author: Volker Lendecke v...@samba.org Date: Mon Apr 25 13:40:15 2011 +0200 s3: Some build farm machines do not have /bin/true Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Mon Apr 25 14:35:42 CEST 2011 on sn-devel-104 --- Summary of changes: source3/script/tests/test_pthreadpool.sh | 11 +++ 1 files changed, 7 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/script/tests/test_pthreadpool.sh b/source3/script/tests/test_pthreadpool.sh index 79e578e..b1c7c6d 100755 --- a/source3/script/tests/test_pthreadpool.sh +++ b/source3/script/tests/test_pthreadpool.sh @@ -3,15 +3,18 @@ incdir=`dirname $0`/../../../testprogs/blackbox . $incdir/subunit.sh -TESTPROG=$BINDIR/pthreadpooltest - if [ ! -x $BINDIR/pthreadpooltest ] ; then -TESTPROG=/bin/true +# Some machines don't have /bin/true, simulate it +cat $BINDIR/pthreadpooltest EOF +#!/bin/sh +exit 0 +EOF +chmod +x $BINDIR/pthreadpooltest fi failed=0 -testit pthreadpool $VALGRIND $TESTPROG || +testit pthreadpool $VALGRIND $BINDIR/pthreadpooltest || failed=`expr $failed + 1` testok $0 $failed -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7269e45 docs-xml/smb.conf.5: %i and %I no longer contain IPv4 mapped IPv6 addresses via a3a38ee s3:lib/util_sock: listen on IPv6 addresses with IPV6_ONLY (bug #7383) via 4bfe2d5 s3:lib/access: normalize IPv4 mapped IPv6 addresses in both directions (bug #7383) from 40e0079 s3: Some build farm machines do not have /bin/true http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7269e455a7d4f659777b4ab7db5d8b68376c8d19 Author: Stefan Metzmacher me...@samba.org Date: Mon Apr 25 17:40:25 2011 +0200 docs-xml/smb.conf.5: %i and %I no longer contain IPv4 mapped IPv6 addresses metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Mon Apr 25 18:38:16 CEST 2011 on sn-devel-104 commit a3a38ee90ab4ab2be68ac71d9c581daa6b9ee189 Author: Stefan Metzmacher me...@samba.org Date: Sat Apr 23 11:29:51 2011 +0200 s3:lib/util_sock: listen on IPv6 addresses with IPV6_ONLY (bug #7383) This avoids getting IPv4 addresses as mapped IPv6 addresses (e.g. :::192.168.0.1). Before the bahavior was inconsistent between operating system and distributions. Some system have IPV6_ONLY as default. Now we consistently get AF_INET for IPv4 addresses and AF_INET6 for IPv6 addresses. It also makes it possible to listen only on IPv6 now as :: doesn't imply 0.0.0.0 anymore. Which also avoids confusing log messages that we were not able to bind to 0.0.0.0. metze commit 4bfe2d5655d97fbc7e65744425b5a098e77f5ba1 Author: Stefan Metzmacher me...@samba.org Date: Sun Apr 24 21:20:19 2011 +0200 s3:lib/access: normalize IPv4 mapped IPv6 addresses in both directions (bug #7383) metze --- Summary of changes: docs-xml/manpages-3/smb.conf.5.xml |4 source3/lib/access.c | 31 +-- source3/lib/util_sock.c| 26 ++ 3 files changed, 47 insertions(+), 14 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/smb.conf.5.xml b/docs-xml/manpages-3/smb.conf.5.xml index 2b93065..f5f252b 100644 --- a/docs-xml/manpages-3/smb.conf.5.xml +++ b/docs-xml/manpages-3/smb.conf.5.xml @@ -503,12 +503,16 @@ chmod 1770 /usr/local/samba/lib/usershares varlistentry term%I/term listitemparathe IP address of the client machine./para + paraBefore 3.6.0 it could contain IPv4 mapped IPv6 addresses, + now it only contains IPv4 or IPv6 addresses./para /listitem /varlistentry varlistentry term%i/term listitemparathe local IP address to which a client connected./para + paraBefore 3.6.0 it could contain IPv4 mapped IPv6 addresses, + now it only contains IPv4 or IPv6 addresses./para /listitem /varlistentry diff --git a/source3/lib/access.c b/source3/lib/access.c index a7475a5..f9cd9d5 100644 --- a/source3/lib/access.c +++ b/source3/lib/access.c @@ -182,29 +182,32 @@ static bool string_match(const char *tok,const char *s) bool client_match(const char *tok, const void *item) { const char **client = (const char **)item; + const char *tok_addr = tok; + const char *cli_addr = client[ADDR_INDEX]; + + /* +* tok and client[ADDR_INDEX] can be an IPv4 mapped to IPv6, +* we try and match the IPv4 part of address only. +* Bug #5311 and #7383. +*/ + + if (strnequal(tok_addr, :::,7)) { + tok_addr += 7; + } + + if (strnequal(cli_addr,:::,7)) { + cli_addr += 7; + } /* * Try to match the address first. If that fails, try to match the host * name if available. */ - if (string_match(tok, client[ADDR_INDEX])) { + if (string_match(tok_addr, cli_addr)) { return true; } - if (strnequal(client[ADDR_INDEX],:::,7) - !strnequal(tok, :::,7)) { - /* client[ADDR_INDEX] is an IPv4 mapped to IPv6, but -* the list item is not. Try and match the IPv4 part of -* address only. This will happen a lot on IPv6 enabled -* systems with IPv4 allow/deny lists in smb.conf. -* Bug #5311. JRA. -*/ - if (string_match(tok, (client[ADDR_INDEX])+7)) { - return true; - } - } - if (client[NAME_INDEX][0] != 0) { if (string_match(tok, client[NAME_INDEX])) { return true; diff --git a/source3/lib/util_sock.c
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 80c395a s3: Remove unused code via a3d35ac s3: Move setting the name_query timeout from 7269e45 docs-xml/smb.conf.5: %i and %I no longer contain IPv4 mapped IPv6 addresses http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 80c395aef44785497387d8c41eb767efa435bf3e Author: Volker Lendecke v...@samba.org Date: Mon Apr 25 18:29:59 2011 +0200 s3: Remove unused code This is done in name_query_send these days Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Mon Apr 25 19:24:58 CEST 2011 on sn-devel-104 commit a3d35ac44b53b8a79eac5c927ff771c1c6ceec12 Author: Volker Lendecke v...@samba.org Date: Mon Apr 25 17:37:08 2011 +0200 s3: Move setting the name_query timeout An async caller might want a different timeout behaviour --- Summary of changes: source3/libsmb/namequery.c | 24 +--- 1 files changed, 9 insertions(+), 15 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c index ef7aab6..752b4b1 100644 --- a/source3/libsmb/namequery.c +++ b/source3/libsmb/namequery.c @@ -1177,7 +1177,6 @@ struct tevent_req *name_query_send(TALLOC_CTX *mem_ctx, struct packet_struct p; struct nmb_packet *nmb = p.packet.nmb; struct sockaddr_in *in_addr; - struct timeval timeout; req = tevent_req_create(mem_ctx, state, struct name_query_state); if (req == NULL) { @@ -1243,14 +1242,6 @@ struct tevent_req *name_query_send(TALLOC_CTX *mem_ctx, DEBUG(10, (nb_trans_send failed\n)); return tevent_req_post(req, ev); } - if (bcast) { - timeout = timeval_current_ofs(0, 25); - } else { - timeout = timeval_current_ofs(2, 0); - } - if (!tevent_req_set_endtime(req, ev, timeout)) { - return tevent_req_post(req, ev); - } tevent_req_set_callback(subreq, name_query_done, req); return req; } @@ -1433,6 +1424,7 @@ NTSTATUS name_query(const char *name, int name_type, TALLOC_CTX *frame = talloc_stackframe(); struct tevent_context *ev; struct tevent_req *req; + struct timeval timeout; NTSTATUS status = NT_STATUS_NO_MEMORY; ev = tevent_context_init(frame); @@ -1443,6 +1435,14 @@ NTSTATUS name_query(const char *name, int name_type, if (req == NULL) { goto fail; } + if (bcast) { + timeout = timeval_current_ofs(0, 25); + } else { + timeout = timeval_current_ofs(2, 0); + } + if (!tevent_req_set_endtime(req, ev, timeout)) { + goto fail; + } if (!tevent_req_poll_ntstatus(req, ev, status)) { goto fail; } @@ -1494,7 +1494,6 @@ NTSTATUS name_resolve_bcast(const char *name, int i; int num_interfaces = iface_count(); struct sockaddr_storage *ss_list; - struct sockaddr_storage ss; NTSTATUS status = NT_STATUS_NOT_FOUND; if (lp_disable_netbios()) { @@ -1513,11 +1512,6 @@ NTSTATUS name_resolve_bcast(const char *name, DEBUG(3,(name_resolve_bcast: Attempting broadcast lookup for name %s0x%x\n, name, name_type)); - if (!interpret_string_addr(ss, lp_socket_address(), - AI_NUMERICHOST|AI_PASSIVE)) { - zero_sockaddr(ss); - } - /* * Lookup the name on all the interfaces, return on * the first successful match. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 6c08f12 WHATSNEW: Update changes since pre2. via 423bad1 WHATSNEW: Add changes since pre2. from 6be972b s3: Add a 10-second timeout for the 445 or netbios connection to a DC (cherry picked from commit 23a6af46c84cd9b738af403d80c5187d858eac03) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 6c08f12699e8c527c26dae042e74d0453ebb6bf5 Author: Karolin Seeger ksee...@samba.org Date: Mon Apr 25 19:31:32 2011 +0200 WHATSNEW: Update changes since pre2. Karolin commit 423bad15899fb28bb7fa3ed4e02718cc478e29d1 Author: Karolin Seeger ksee...@samba.org Date: Mon Apr 25 19:22:44 2011 +0200 WHATSNEW: Add changes since pre2. Karolin --- Summary of changes: WHATSNEW.txt | 35 +++ 1 files changed, 35 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index cea21ae..0c36ba2 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -251,6 +251,41 @@ o Andreas Schneider a...@samba.org Changes since 3.6.0pre2 --- +o Michael Adam ob...@samba.org +* Fix build of tdb2. + + +o Jeremy Allison j...@samba.org +* BUG 8083: inherit owner = yes doesn't interact correctly with + vfs_acl_xattr or vfs_acl_tdb module. +* BUG 8088: rpccli_samr_chng_pswd_auth_crap segfaults if any input blobs + are null. + + +o Günther Deschner g...@samba.org +* Fix timeout in rpc_pipe_open_tcp_port(). +* Fix the build of --with-profiling-data. +* Fix the AIX 5.3 build. + + +o Sergey Korsak s...@1plus1.net +* BUG #8099: setpwent() actually does endpwent() and vice versa on FreeBSD. + + +o Volker Lendecke v...@samba.org +* BUG 8066: Fix wrong output in 'smbget'. +* Fix Coverity IDs 986, 1340, 2047, 2299, 2307, 2325, 2335, 2336, 2470, + 2471. +* nsswitch: Add 'wbinfo --lookup-sids'. +* nsswitch: Add 'wbinfo --sids-to-unix-ids'. +* Fix smbd with the async echo responder. +* Fix the build of vfs_gpfs.c. +* Add a 10-second timeout for the 445 or netbios connection to a DC. + + +o Rusty Russell ru...@rustcorp.com.au +* Fix transaction recovery area for converted tdbs. + Changes since 3.6.0pre1 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 5f21737 s3: Fix Coverity ID 2478, UNINIT via 7031fae s3:rpc_client: map fault codes to NTSTATUS with dcerpc_fault_to_nt_status() via f8415f5 s3:winbindd: let winbindd_lookup_names() use dcerpc_binding_handle functions via 8b9bb30 s3:winbindd: let winbindd_lookup_sids() dcerpc_binding_handle functions via 632e11f docs-xml/smb.conf.5: %i and %I no longer contain IPv4 mapped IPv6 addresses via c4c49be s3:lib/util_sock: listen on IPv6 addresses with IPV6_ONLY (bug #7383) via 62b2083 s3:lib/access: normalize IPv4 mapped IPv6 addresses in both directions (bug #7383) via 79c65e4 lib/util: add RBVAL, RBVALS, RSBVAL and RSRBVALS macros via 0ef0fd8 s3:includes: simplify INO_T_VAL macros via 90edf53 s3:includes: simplify BIG_UINT macros via 3a9f8ec s3:smbd/trans2: make use of BVAL() and remove ugly LARGE_SMB_OFF_T ifdef's via b82b990 s3:include/vfs.h: remove very old hints for vfs modules with interface version 8 via ae13244 s3:smbd/nttrans: make use of BVAL() and remove ugly LARGE_SMB_OFF_T ifdef's via 005ec26 s3:lib/sysquota: remove ugly LARGE_SMB_OFF_T ifdef's via 9e94404 s3:libsmb: make use of BVAL() and remove ugly LARGE_SMB_OFF_T ifdef's from 6c08f12 WHATSNEW: Update changes since pre2. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 5f21737a7413750622d87f1f71dbd6eec843e882 Author: Volker Lendecke v...@samba.org Date: Sat Apr 23 10:31:14 2011 +0200 s3: Fix Coverity ID 2478, UNINIT Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Sat Apr 23 14:11:22 CEST 2011 on sn-devel-104 (cherry picked from commit 123e5c1a75a7e6cfe245af05d2954ab126238acf) commit 7031faeefc1c9ec5af5fdaee0bcfd3410640ff00 Author: Stefan Metzmacher me...@samba.org Date: Sun Apr 24 00:00:40 2011 +0200 s3:rpc_client: map fault codes to NTSTATUS with dcerpc_fault_to_nt_status() Most fault codes have a NTSTATUS representation, so use that. This brings the fault handling in common with the source4/librpc/rpc code, which make it possible to share more highlevel code, between source3 and source4 as the error checking can be the same now. metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Sun Apr 24 10:44:53 CEST 2011 on sn-devel-104 (cherry picked from commit f7bc84409a7a6736ec2cf1110dd7200a954e3b7e) commit f8415f5cefa640a4da513335bc2d00a1bdc30bdf Author: Stefan Metzmacher me...@samba.org Date: Sat Apr 23 23:57:19 2011 +0200 s3:winbindd: let winbindd_lookup_names() use dcerpc_binding_handle functions metze (cherry picked from commit e7cf7204e60552b45952325f343ea894fda21346) commit 8b9bb30a6cc21152b642a8382cc2876d189cacde Author: Stefan Metzmacher me...@samba.org Date: Sat Apr 23 23:56:27 2011 +0200 s3:winbindd: let winbindd_lookup_sids() dcerpc_binding_handle functions metze (cherry picked from commit 7309daa532c9689d64ce3f33da522f23635213d6) commit 632e11fa52cc790e962808e67da36ba0155f53b5 Author: Stefan Metzmacher me...@samba.org Date: Mon Apr 25 17:40:25 2011 +0200 docs-xml/smb.conf.5: %i and %I no longer contain IPv4 mapped IPv6 addresses metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Mon Apr 25 18:38:16 CEST 2011 on sn-devel-104 (cherry picked from commit 7269e455a7d4f659777b4ab7db5d8b68376c8d19) commit c4c49be416aeac890628c9a9f2fd7975860884d4 Author: Stefan Metzmacher me...@samba.org Date: Sat Apr 23 11:29:51 2011 +0200 s3:lib/util_sock: listen on IPv6 addresses with IPV6_ONLY (bug #7383) This avoids getting IPv4 addresses as mapped IPv6 addresses (e.g. :::192.168.0.1). Before the bahavior was inconsistent between operating system and distributions. Some system have IPV6_ONLY as default. Now we consistently get AF_INET for IPv4 addresses and AF_INET6 for IPv6 addresses. It also makes it possible to listen only on IPv6 now as :: doesn't imply 0.0.0.0 anymore. Which also avoids confusing log messages that we were not able to bind to 0.0.0.0. metze (cherry picked from commit a3a38ee90ab4ab2be68ac71d9c581daa6b9ee189) commit 62b2083c627abeb8a2fb7e5adc793c630d0d561c Author: Stefan Metzmacher me...@samba.org Date: Sun Apr 24 21:20:19 2011 +0200 s3:lib/access: normalize IPv4 mapped IPv6 addresses in both directions (bug #7383) metze (cherry picked from commit 4bfe2d5655d97fbc7e65744425b5a098e77f5ba1) commit 79c65e434283f41a1739cdbc132f0e78010b0b47 Author: Stefan Metzmacher me...@samba.org Date: Sat Apr 23 11:01:34 2011 +0200 lib/util: add RBVAL, RBVALS, RSBVAL and RSRBVALS macros They pull and push [u]int64_t values in big endian.
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 2698b40 s3-selftest Rename s3 DC environment to s3dc via 2df698f selftest: put the target on the environment via 4aba6e4 s3: Run pthreadpooltest in make test via 37d9636 s3: Add pthreadpooltest to main build (cherry picked from commit 39375de8354b676904e1fea097a68178acd987e4) via 28394b9 s3: pthreadpool_sig_fd-pthreadpool_signal_fd (cherry picked from commit f4a0f856f31291dd316a937f8060d2f205e8d4d6) via 39ab4b0 s3: Tiny doc for pthreadpool (cherry picked from commit 3c405f5e1d81d33a01ab822aeba93634338d5b25) via 2caf8e0 s3: Many pthreadpool fixes from 5f21737 s3: Fix Coverity ID 2478, UNINIT http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 2698b40a3d920cfc5bb85333818d98f2fced9d9d Author: Jeremy Allison j...@samba.org Date: Mon Apr 25 13:12:23 2011 -0700 s3-selftest Rename s3 DC environment to s3dc This should avoid a clash with the s4 DC environment in a future combined 'make test'. commit 2df698ffec823938566de0a3c7120d149b57bf0a Author: Andrew Bartlett abart...@samba.org Date: Mon Apr 18 13:44:36 2011 +1000 selftest: put the target on the environment This will allow us to have a 'switch' target type that creates environments from Samba3 or Samba4 as required. Andrew Bartlett (cherry picked from commit d041ed233d1b10604ef1b9f7f1e68f6f5cd96132) commit 4aba6e44cbd2d3cb3b20d864008971f424d99878 Author: Volker Lendecke v...@samba.org Date: Sun Apr 24 10:36:56 2011 +0200 s3: Run pthreadpooltest in make test Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Mon Apr 25 10:39:12 CEST 2011 on sn-devel-104 (cherry picked from commit 422b2fa0d064f2afeeec400223bb8a47deecc4a5) commit 37d963684aae4c80c4a3286bb22503592156b630 Author: Volker Lendecke v...@samba.org Date: Sat Apr 23 16:49:04 2011 +0200 s3: Add pthreadpooltest to main build (cherry picked from commit 39375de8354b676904e1fea097a68178acd987e4) commit 28394b98affe38650c56cf37e110d08c71145f0f Author: Volker Lendecke v...@samba.org Date: Sun Apr 24 10:09:45 2011 +0200 s3: pthreadpool_sig_fd-pthreadpool_signal_fd (cherry picked from commit f4a0f856f31291dd316a937f8060d2f205e8d4d6) commit 39ab4b06f8fde50489d68a554102fdcea78c1fec Author: Volker Lendecke v...@samba.org Date: Sat Apr 23 22:25:36 2011 +0200 s3: Tiny doc for pthreadpool (cherry picked from commit 3c405f5e1d81d33a01ab822aeba93634338d5b25) commit 2caf8e097cd8f724c7cd93c3f8e1fc3cd095d8ff Author: Volker Lendecke v...@samba.org Date: Fri Apr 22 11:47:11 2011 +0200 s3: Many pthreadpool fixes In particular, this makes it fork-safe (cherry picked from commit 62689d8166b8e070f855e6910470796dd7e1b2c8) --- Summary of changes: selftest/selftest.pl| 16 +- selftest/target/Samba3.pm | 58 +++--- source3/Makefile.in | 14 +- source3/configure.in|4 +- source3/include/pthreadpool.h | 42 --- source3/lib/fncall.c|4 +- source3/lib/pthreadpool/Makefile|9 + source3/lib/{ = pthreadpool}/pthreadpool.c | 259 +--- source3/lib/pthreadpool/pthreadpool.h | 94 +++ source3/lib/pthreadpool/tests.c | 362 +++ source3/script/tests/test_pthreadpool.sh| 17 ++ source3/selftest/tests.py | 49 ++-- 12 files changed, 738 insertions(+), 190 deletions(-) delete mode 100644 source3/include/pthreadpool.h create mode 100644 source3/lib/pthreadpool/Makefile rename source3/lib/{ = pthreadpool}/pthreadpool.c (70%) create mode 100644 source3/lib/pthreadpool/pthreadpool.h create mode 100644 source3/lib/pthreadpool/tests.c create mode 100755 source3/script/tests/test_pthreadpool.sh Changeset truncated at 500 lines: diff --git a/selftest/selftest.pl b/selftest/selftest.pl index 9db3f21..158ff48 100755 --- a/selftest/selftest.pl +++ b/selftest/selftest.pl @@ -846,12 +846,15 @@ sub setup_env($$) $testenv_vars = {}; } elsif (defined(get_running_env($envname))) { $testenv_vars = get_running_env($envname); - if (not $target-check_env($testenv_vars)) { - print $target-getlog_env($testenv_vars); + if (not $testenv_vars-{target}-check_env($testenv_vars)) { + print $testenv_vars-{target}-getlog_env($testenv_vars); $testenv_vars = undef; } } else { $testenv_vars = $target-setup_env($envname, $prefix); + if (defined($testenv_vars) not defined($testenv_vars-{target})) { +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d00f1fe No longer need to call SMB_VFS_LSTAT - check name hasn't changed above is sufficient. via eeb24c1 Correctly detect and deny symlinks anywhere in a path (not just the last component) if follow symlinks = no. from 80c395a s3: Remove unused code http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d00f1febd50b4779e8c5588055ee1f601448550c Author: Jeremy Allison j...@samba.org Date: Mon Apr 25 12:45:49 2011 -0700 No longer need to call SMB_VFS_LSTAT - check name hasn't changed above is sufficient. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Mon Apr 25 23:35:37 CEST 2011 on sn-devel-104 commit eeb24c17739dd0bccf561b142841a7d2e560cdd0 Author: Jeremy Allison j...@samba.org Date: Thu Apr 21 22:29:06 2011 -0700 Correctly detect and deny symlinks anywhere in a path (not just the last component) if follow symlinks = no. --- Summary of changes: source3/smbd/vfs.c | 64 ++-- 1 files changed, 37 insertions(+), 27 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c index 3b482e7..39b30ec 100644 --- a/source3/smbd/vfs.c +++ b/source3/smbd/vfs.c @@ -899,6 +899,8 @@ char *vfs_GetWd(TALLOC_CTX *ctx, connection_struct *conn) NTSTATUS check_reduced_name(connection_struct *conn, const char *fname) { char *resolved_name = NULL; + bool allow_symlinks = true; + bool allow_widelinks = false; DEBUG(3,(check_reduced_name [%s] [%s]\n, fname, conn-connectpath)); @@ -973,9 +975,13 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname) return NT_STATUS_OBJECT_NAME_INVALID; } - /* Check for widelinks allowed. */ - if (!lp_widelinks(SNUM(conn))) { + allow_widelinks = lp_widelinks(SNUM(conn)); + allow_symlinks = lp_symlinks(SNUM(conn)); + + /* Common widelinks and symlinks checks. */ + if (!allow_widelinks || !allow_symlinks) { const char *conn_rootdir; + size_t rootdir_len; conn_rootdir = SMB_VFS_CONNECTPATH(conn, fname); if (conn_rootdir == NULL) { @@ -985,8 +991,9 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname) return NT_STATUS_ACCESS_DENIED; } + rootdir_len = strlen(conn_rootdir); if (strncmp(conn_rootdir, resolved_name, - strlen(conn_rootdir)) != 0) { + rootdir_len) != 0) { DEBUG(2, (check_reduced_name: Bad access attempt: %s is a symlink outside the share path\n, fname)); @@ -995,35 +1002,38 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname) SAFE_FREE(resolved_name); return NT_STATUS_ACCESS_DENIED; } - } -/* Check if we are allowing users to follow symlinks */ -/* Patch from David Clerc david.cl...@cui.unige.ch -University of Geneva */ + /* Extra checks if all symlinks are disallowed. */ + if (!allow_symlinks) { + /* fname can't have changed in resolved_path. */ + const char *p = resolved_name[rootdir_len]; -#ifdef S_ISLNK -if (!lp_symlinks(SNUM(conn))) { - struct smb_filename *smb_fname = NULL; - NTSTATUS status; + /* *p ran be '\0' if fname was . */ + if (*p == '\0' ISDOT(fname)) { + goto out; + } - status = create_synthetic_smb_fname(talloc_tos(), fname, NULL, - NULL, smb_fname); - if (!NT_STATUS_IS_OK(status)) { - SAFE_FREE(resolved_name); -return status; + if (*p != '/') { + DEBUG(2, (check_reduced_name: logic error (%c) + in resolved_name: %s\n, + *p, + fname)); + SAFE_FREE(resolved_name); + return NT_STATUS_ACCESS_DENIED; + } + + p++; + if (strcmp(fname, p)!=0) { + DEBUG(2, (check_reduced_name: Bad access + attempt: %s is a symlink\n, + fname)); +
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via e4f6038 No longer need to call SMB_VFS_LSTAT - check name hasn't changed above is sufficient. via 78623e8 Correctly detect and deny symlinks anywhere in a path (not just the last component) if follow symlinks = no. (cherry picked from commit eeb24c17739dd0bccf561b142841a7d2e560cdd0) from 2698b40 s3-selftest Rename s3 DC environment to s3dc http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit e4f6038fdefafd0e1020782f265843577bd44b53 Author: Jeremy Allison j...@samba.org Date: Mon Apr 25 12:45:49 2011 -0700 No longer need to call SMB_VFS_LSTAT - check name hasn't changed above is sufficient. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Mon Apr 25 23:35:37 CEST 2011 on sn-devel-104 (cherry picked from commit d00f1febd50b4779e8c5588055ee1f601448550c) commit 78623e8ab4cef8e28194260dbb87535402cafd30 Author: Jeremy Allison j...@samba.org Date: Thu Apr 21 22:29:06 2011 -0700 Correctly detect and deny symlinks anywhere in a path (not just the last component) if follow symlinks = no. (cherry picked from commit eeb24c17739dd0bccf561b142841a7d2e560cdd0) --- Summary of changes: source3/smbd/vfs.c | 64 ++-- 1 files changed, 37 insertions(+), 27 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c index 3b482e7..39b30ec 100644 --- a/source3/smbd/vfs.c +++ b/source3/smbd/vfs.c @@ -899,6 +899,8 @@ char *vfs_GetWd(TALLOC_CTX *ctx, connection_struct *conn) NTSTATUS check_reduced_name(connection_struct *conn, const char *fname) { char *resolved_name = NULL; + bool allow_symlinks = true; + bool allow_widelinks = false; DEBUG(3,(check_reduced_name [%s] [%s]\n, fname, conn-connectpath)); @@ -973,9 +975,13 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname) return NT_STATUS_OBJECT_NAME_INVALID; } - /* Check for widelinks allowed. */ - if (!lp_widelinks(SNUM(conn))) { + allow_widelinks = lp_widelinks(SNUM(conn)); + allow_symlinks = lp_symlinks(SNUM(conn)); + + /* Common widelinks and symlinks checks. */ + if (!allow_widelinks || !allow_symlinks) { const char *conn_rootdir; + size_t rootdir_len; conn_rootdir = SMB_VFS_CONNECTPATH(conn, fname); if (conn_rootdir == NULL) { @@ -985,8 +991,9 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname) return NT_STATUS_ACCESS_DENIED; } + rootdir_len = strlen(conn_rootdir); if (strncmp(conn_rootdir, resolved_name, - strlen(conn_rootdir)) != 0) { + rootdir_len) != 0) { DEBUG(2, (check_reduced_name: Bad access attempt: %s is a symlink outside the share path\n, fname)); @@ -995,35 +1002,38 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname) SAFE_FREE(resolved_name); return NT_STATUS_ACCESS_DENIED; } - } -/* Check if we are allowing users to follow symlinks */ -/* Patch from David Clerc david.cl...@cui.unige.ch -University of Geneva */ + /* Extra checks if all symlinks are disallowed. */ + if (!allow_symlinks) { + /* fname can't have changed in resolved_path. */ + const char *p = resolved_name[rootdir_len]; -#ifdef S_ISLNK -if (!lp_symlinks(SNUM(conn))) { - struct smb_filename *smb_fname = NULL; - NTSTATUS status; + /* *p ran be '\0' if fname was . */ + if (*p == '\0' ISDOT(fname)) { + goto out; + } - status = create_synthetic_smb_fname(talloc_tos(), fname, NULL, - NULL, smb_fname); - if (!NT_STATUS_IS_OK(status)) { - SAFE_FREE(resolved_name); -return status; + if (*p != '/') { + DEBUG(2, (check_reduced_name: logic error (%c) + in resolved_name: %s\n, + *p, + fname)); + SAFE_FREE(resolved_name); + return NT_STATUS_ACCESS_DENIED; + } + + p++; + if
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 4572b33 s3: Remove unused code via 60b2215 s3: Move setting the name_query timeout from e4f6038 No longer need to call SMB_VFS_LSTAT - check name hasn't changed above is sufficient. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 4572b3334f3a24facae6842087ac5cf649a6b0a2 Author: Volker Lendecke v...@samba.org Date: Mon Apr 25 18:29:59 2011 +0200 s3: Remove unused code This is done in name_query_send these days Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Mon Apr 25 19:24:58 CEST 2011 on sn-devel-104 (cherry picked from commit 80c395aef44785497387d8c41eb767efa435bf3e) commit 60b221587baeb6ced2ef2bf0559802c3756b1c74 Author: Volker Lendecke v...@samba.org Date: Mon Apr 25 17:37:08 2011 +0200 s3: Move setting the name_query timeout An async caller might want a different timeout behaviour (cherry picked from commit a3d35ac44b53b8a79eac5c927ff771c1c6ceec12) --- Summary of changes: source3/libsmb/namequery.c | 24 +--- 1 files changed, 9 insertions(+), 15 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c index ef7aab6..752b4b1 100644 --- a/source3/libsmb/namequery.c +++ b/source3/libsmb/namequery.c @@ -1177,7 +1177,6 @@ struct tevent_req *name_query_send(TALLOC_CTX *mem_ctx, struct packet_struct p; struct nmb_packet *nmb = p.packet.nmb; struct sockaddr_in *in_addr; - struct timeval timeout; req = tevent_req_create(mem_ctx, state, struct name_query_state); if (req == NULL) { @@ -1243,14 +1242,6 @@ struct tevent_req *name_query_send(TALLOC_CTX *mem_ctx, DEBUG(10, (nb_trans_send failed\n)); return tevent_req_post(req, ev); } - if (bcast) { - timeout = timeval_current_ofs(0, 25); - } else { - timeout = timeval_current_ofs(2, 0); - } - if (!tevent_req_set_endtime(req, ev, timeout)) { - return tevent_req_post(req, ev); - } tevent_req_set_callback(subreq, name_query_done, req); return req; } @@ -1433,6 +1424,7 @@ NTSTATUS name_query(const char *name, int name_type, TALLOC_CTX *frame = talloc_stackframe(); struct tevent_context *ev; struct tevent_req *req; + struct timeval timeout; NTSTATUS status = NT_STATUS_NO_MEMORY; ev = tevent_context_init(frame); @@ -1443,6 +1435,14 @@ NTSTATUS name_query(const char *name, int name_type, if (req == NULL) { goto fail; } + if (bcast) { + timeout = timeval_current_ofs(0, 25); + } else { + timeout = timeval_current_ofs(2, 0); + } + if (!tevent_req_set_endtime(req, ev, timeout)) { + goto fail; + } if (!tevent_req_poll_ntstatus(req, ev, status)) { goto fail; } @@ -1494,7 +1494,6 @@ NTSTATUS name_resolve_bcast(const char *name, int i; int num_interfaces = iface_count(); struct sockaddr_storage *ss_list; - struct sockaddr_storage ss; NTSTATUS status = NT_STATUS_NOT_FOUND; if (lp_disable_netbios()) { @@ -1513,11 +1512,6 @@ NTSTATUS name_resolve_bcast(const char *name, DEBUG(3,(name_resolve_bcast: Attempting broadcast lookup for name %s0x%x\n, name, name_type)); - if (!interpret_string_addr(ss, lp_socket_address(), - AI_NUMERICHOST|AI_PASSIVE)) { - zero_sockaddr(ss); - } - /* * Lookup the name on all the interfaces, return on * the first successful match. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0ffc4c5 build: Invert --enable-s3build into --disable-s3build via 26a0ba7 lib/util Define samba-util-common only for s3-waf via ad6ee6d build: Move Heimdal/MIT compat build rules to heimdal_build from d00f1fe No longer need to call SMB_VFS_LSTAT - check name hasn't changed above is sufficient. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0ffc4c51ee8cc9147c76d2ab1ba1f2f72c8107ca Author: Andrew Bartlett abart...@samba.org Date: Thu Apr 21 20:02:28 2011 +1000 build: Invert --enable-s3build into --disable-s3build We always want the s3 binaries, except when building an smbtorture4 for the s3-waf and autoconf builds. Andrew Bartlett Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Tue Apr 26 04:27:28 CEST 2011 on sn-devel-104 commit 26a0ba7ee9ee0700746759c046a7e12edb8ecdd9 Author: Andrew Bartlett abart...@samba.org Date: Thu Apr 21 17:19:29 2011 +1000 lib/util Define samba-util-common only for s3-waf It causes too much trouble in the top level build. Andrew Bartlett commit ad6ee6d55abaeb0eb4373b148fd7e000bfbff194 Author: Andrew Bartlett abart...@samba.org Date: Thu Apr 21 12:28:27 2011 +1000 build: Move Heimdal/MIT compat build rules to heimdal_build This allows top level build rules to rely on these names at all times. Andrew Bartlett --- Summary of changes: lib/util/wscript_build | 35 +++ source3/Makefile-smbtorture4|2 +- source3/wscript_build | 11 --- source4/heimdal_build/wscript_build | 13 + wscript |7 --- 5 files changed, 29 insertions(+), 39 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/wscript_build b/lib/util/wscript_build index aad386e..f1bb9e7 100755 --- a/lib/util/wscript_build +++ b/lib/util/wscript_build @@ -15,7 +15,7 @@ s4_util_public_deps = 'talloc CHARSET execinfo uid_wrapper' s4_util_public_headers = 'attr.h byteorder.h data_blob.h memory.h safe_string.h time.h talloc_stack.h xfile.h dlinklist.h util.h' s4_util_header_path = [ ('dlinklist.h util.h', '.'), ('*', 'util') ] -if bld.env.enable_s3build or bld.env._SAMBA_BUILD_ == 3: +if bld.env._SAMBA_BUILD_ == 3: # as we move files into common between samba-util and samba-util3, move them here. # Both samba-util and samba-util3 depend on this private library bld.SAMBA_LIBRARY('samba-util-common', @@ -30,30 +30,17 @@ if bld.env.enable_s3build or bld.env._SAMBA_BUILD_ == 3: private_library=True ) -if bld.env._SAMBA_BUILD_ == 4: -bld.SAMBA_LIBRARY('samba-util', -source=s4_util_sources, -deps=s4_util_deps + ' samba-util-common', -public_deps=s4_util_public_deps, -public_headers=s4_util_public_headers, -header_path= s4_util_header_path, -local_include=False, -vnum='0.0.1', -pc_files='samba-util.pc' -) - else: -if bld.env._SAMBA_BUILD_ == 4: -bld.SAMBA_LIBRARY('samba-util', -source=s4_util_sources + + common_util_sources, -deps=s4_util_deps, -public_deps=s4_util_public_deps + ' ' + common_util_public_deps, -public_headers=s4_util_public_headers + ' ' + common_util_headers, -header_path= s4_util_header_path, -local_include=False, -vnum='0.0.1', -pc_files='samba-util.pc' -) +bld.SAMBA_LIBRARY('samba-util', + source=s4_util_sources + + common_util_sources, + deps=s4_util_deps, + public_deps=s4_util_public_deps + ' ' + common_util_public_deps, + public_headers=s4_util_public_headers + ' ' + common_util_headers, + header_path= s4_util_header_path, + local_include=False, + vnum='0.0.1', + pc_files='samba-util.pc' + ) # dummy subsystem for avoid wider deps changes. bld.SAMBA_SUBSYSTEM('samba-util-common', diff --git a/source3/Makefile-smbtorture4 b/source3/Makefile-smbtorture4 index 4a1bed7..3e23b05 100644 --- a/source3/Makefile-smbtorture4 +++ b/source3/Makefile-smbtorture4 @@ -6,7 +6,7 @@ SAMBA4_BINARIES=smbtorture,ndrdump samba4-configure: @(cd .. \ CFLAGS='' $(WAF) reconfigure || \ -