[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via a245a47 Freenode -> Libera.chat from 3548fc7 Add Samba 4.13.9. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit a245a472aff7db78a908473a28c7f1d6e91d624c Author: Simo Sorce Date: Thu May 20 11:38:33 2021 -0400 Freenode -> Libera.chat Signed-off-by: Simo Sorce --- Summary of changes: devel/TODO.html | 4 +++- irc.html| 6 ++ 2 files changed, 5 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/devel/TODO.html b/devel/TODO.html index 1196809..604cef5 100755 --- a/devel/TODO.html +++ b/devel/TODO.html @@ -16,7 +16,9 @@ Coding Projects -All coding work needs to be coordinated with a Samba Team member, at the very least, on the https://lists.samba.org/listinfo/samba-technical;>samba-technical mailing list or on the #samba-technical IRC channel (irc.freenode.net). Don't just start coding and expect patches to automatically be integrated in. Obviously, projects by specific team members need to be coordinated with those team members in charge. +All coding work needs to be coordinated with a Samba +Team member, at the very least, on the https://lists.samba.org/listinfo/samba-technical;>samba-technical mailing list or on the #samba-technical IRC channel (irc.libera.chat). Don't just start coding and expect patches to automatically be integrated in. Obviously, projects by specific team members need to be coordinated with those team members in charge. For those without Git write access (non-team members), patches should be incremental and in the form of context diffs (attached diff -u output or better diff --git a/irc.html b/irc.html index 3f312b0..79e612e 100644 --- a/irc.html +++ b/irc.html @@ -5,7 +5,7 @@ Samba IRC Channels Samba is discussed on two IRC channels on the http://www.freenode.net/;>FreeNode network (irc.freenode.net). +href="https://libera.chat/;>Libera.Chat network (irc.libera.chat). #samba @@ -29,8 +29,6 @@ href="http://www.freenode.net/;>FreeNode network (irc.freenode.net). Note: This channel is for discussion about development issues only, not for questions about problems with Samba! -Logs for #samba-technical are available at http://irclog.samba.org/;>http://irclog.samba.org/. - -Freenode has a couple of http://freenode.net/channel_guidelines.shtml;>general notes about behaviour in IRC channels. +Libera.chat has a couple of https://libera.chat/guidelines;>general notes about behaviour in IRC channels. -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f5e3b1e Remove dead code via 01319b6 Revert "Use "localhost" to be ipv6 only friendly" via 3e8c509 Use "localhost" to be ipv6 only friendly from f092ac5 Update help text for dbcheck https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f5e3b1e9d31510490976b992074024c5a0c1393b Author: Simo Sorce <i...@samba.org> Date: Sun Mar 18 14:15:30 2018 -0400 Remove dead code Signed-off-by: Simo Sorce <i...@samba.org> Autobuild-User(master): Simo Sorce <i...@samba.org> Autobuild-Date(master): Mon Mar 19 20:29:28 CET 2018 on sn-devel-144 commit 01319b6e659ab29050dd3aa14d800d6f77e511d5 Author: Simo Sorce <i...@samba.org> Date: Sat Mar 17 14:50:49 2018 -0400 Revert "Use "localhost" to be ipv6 only friendly" This reverts commit 54548f6dde3cf74f0e90ef577a55fd720dca6d93. commit 3e8c50901c982aaddd86f81328a89e16f1bb5289 Author: Simo Sorce <i...@samba.org> Date: Sat Mar 17 14:07:37 2018 -0400 Use "localhost" to be ipv6 only friendly Signed-off-by: Simo Sorce <i...@samba.org> --- Summary of changes: file_server/file_server.c| 1 - file_server/file_server.h| 25 - source4/smb_server/service_smb.c | 1 - source4/winbind/winbindd.c | 1 - 4 files changed, 28 deletions(-) delete mode 100644 file_server/file_server.h Changeset truncated at 500 lines: diff --git a/file_server/file_server.c b/file_server/file_server.c index 20fa577..1b6a01b 100644 --- a/file_server/file_server.c +++ b/file_server/file_server.c @@ -26,7 +26,6 @@ #include "lib/param/param.h" #include "source4/smbd/service.h" #include "source4/smbd/process_model.h" -#include "file_server/file_server.h" #include "dynconfig.h" #include "nsswitch/winbind_client.h" diff --git a/file_server/file_server.h b/file_server/file_server.h deleted file mode 100644 index 7da9437..000 --- a/file_server/file_server.h +++ /dev/null @@ -1,25 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - run s3 file server within Samba4 - - Copyright (C) Andrew Tridgell 2011 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -/* - open the s3 smb server sockets -*/ -void s3_smbd_task_init(struct task_server *task); diff --git a/source4/smb_server/service_smb.c b/source4/smb_server/service_smb.c index ddf24a9..3f0f009 100644 --- a/source4/smb_server/service_smb.c +++ b/source4/smb_server/service_smb.c @@ -33,7 +33,6 @@ #include "param/share.h" #include "dsdb/samdb/samdb.h" #include "param/param.h" -#include "file_server/file_server.h" #include "ntvfs/ntvfs.h" #include "lib/cmdline/popt_common.h" /* diff --git a/source4/winbind/winbindd.c b/source4/winbind/winbindd.c index 6aa0418..7fb0836 100644 --- a/source4/winbind/winbindd.c +++ b/source4/winbind/winbindd.c @@ -27,7 +27,6 @@ #include "lib/param/param.h" #include "source4/smbd/service.h" #include "source4/smbd/process_model.h" -#include "file_server/file_server.h" #include "dynconfig.h" #include "nsswitch/winbind_client.h" -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 461c69b s3:smb2_server: In CCM and GCM mode we can't reuse nonces
via 477ecfb libcli/smb: In CCM and GCM mode we can't reuse nonces
from 3073a2e ctdbd_conn: Fix CID 1301580 Explicit null dereferenced
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 461c69bd7c52c8b980cf56be2abf9ce7accb6048
Author: Simo Sorce i...@samba.org
Date: Wed May 20 14:01:44 2015 +0200
s3:smb2_server: In CCM and GCM mode we can't reuse nonces
Reuse of nonces with AES-CCM and AES-GCM leads to catastrophic failure,
so make sure the server drops the connection if that ever happens.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11300
Pair-Programmed-With: Stefan Metzmacher me...@samba.org
Signed-off-by: Simo Sorce s...@redhat.com
Signed-off-by: Stefan Metzmacher me...@samba.org
Autobuild-User(master): Simo Sorce i...@samba.org
Autobuild-Date(master): Fri May 29 22:38:50 CEST 2015 on sn-devel-104
commit 477ecfbdaf73a8a2b7af31938c14b84242336460
Author: Stefan Metzmacher me...@samba.org
Date: Thu May 28 15:20:54 2015 +0200
libcli/smb: In CCM and GCM mode we can't reuse nonces
Reuse of nonces with AES-CCM and AES-GCM leads to catastrophic failure,
so make sure the server drops the connection if that ever happens.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11300
Signed-off-by: Stefan Metzmacher me...@samba.org
Reviewed-by: Simo Sorce i...@samba.org
---
Summary of changes:
libcli/smb/smb2_constants.h| 5 +++
libcli/smb/smbXcli_base.c | 71 +--
source3/librpc/idl/smbXsrv.idl | 2 ++
source3/smbd/smb2_server.c | 76 +-
source3/smbd/smb2_sesssetup.c | 31 +++--
5 files changed, 148 insertions(+), 37 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/smb/smb2_constants.h b/libcli/smb/smb2_constants.h
index 2bda4e9..f6edf6b 100644
--- a/libcli/smb/smb2_constants.h
+++ b/libcli/smb/smb2_constants.h
@@ -138,6 +138,11 @@
/* Values for the SMB2_ENCRYPTION_CAPABILITIES Context (= 0x310) */
#define SMB2_ENCRYPTION_AES128_CCM 0x0001 /* only in dialect = 0x224
*/
#define SMB2_ENCRYPTION_AES128_GCM 0x0002 /* only in dialect = 0x310
*/
+#define SMB2_NONCE_HIGH_MAX(nonce_len_bytes) ((uint64_t)(\
+ ((nonce_len_bytes) = 16) ? UINT64_MAX : \
+ ((nonce_len_bytes) = 8) ? 0 : \
+ (((uint64_t)1 (((nonce_len_bytes) - 8)*8)) - 1) \
+ ))
/* SMB2 session (request) flags */
#define SMB2_SESSION_FLAG_BINDING 0x01
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 2f47fe6..c2ba83a 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -34,6 +34,9 @@
#include librpc/ndr/libndr.h
#include libcli/smb/smb2_negotiate_context.h
#include lib/crypto/sha512.h
+#include lib/crypto/aes.h
+#include lib/crypto/aes_ccm_128.h
+#include lib/crypto/aes_gcm_128.h
struct smbXcli_conn;
struct smbXcli_req;
@@ -150,6 +153,8 @@ struct smb2cli_session {
bool should_encrypt;
DATA_BLOB encryption_key;
DATA_BLOB decryption_key;
+ uint64_t nonce_high_random;
+ uint64_t nonce_high_max;
uint64_t nonce_high;
uint64_t nonce_low;
uint16_t channel_sequence;
@@ -2863,6 +2868,8 @@ NTSTATUS smb2cli_req_compound_submit(struct tevent_req
**reqs,
int tf_iov = -1;
const DATA_BLOB *encryption_key = NULL;
uint64_t encryption_session_id = 0;
+ uint64_t nonce_high = UINT64_MAX;
+ uint64_t nonce_low = UINT64_MAX;
/*
* 1 for the nbt length, optional TRANSFORM
@@ -2913,6 +2920,31 @@ NTSTATUS smb2cli_req_compound_submit(struct tevent_req
**reqs,
encryption_session_id = state-session-smb2-session_id;
+ state-session-smb2-nonce_low += 1;
+ if (state-session-smb2-nonce_low == 0) {
+ state-session-smb2-nonce_high += 1;
+ state-session-smb2-nonce_low += 1;
+ }
+
+ /*
+* CCM and GCM algorithms must never have their
+* nonce wrap, or the security of the whole
+* communication and the keys is destroyed.
+* We must drop the connection once we have
+* transfered too much data.
+*
+* NOTE: We assume nonces greater than 8 bytes.
+*/
+ if (state-session-smb2-nonce_high =
+ state-session-smb2-nonce_high_max)
+ {
+ return NT_STATUS_ENCRYPTION_FAILED;
+ }
+
+ nonce_high = state-session-smb2-nonce_high_random
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via ca6206d Add Red Hat link to Team members working for RH from 244c099 Add Jose to Team page. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit ca6206d2846ff2ec002c92b48ef74fb16f7bc7fc Author: Simo Sorce i...@samba.org Date: Thu Jun 12 10:19:18 2014 -0400 Add Red Hat link to Team members working for RH --- Summary of changes: team/index.html | 14 +++--- 1 files changed, 7 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/team/index.html b/team/index.html index 2d861ad..3cc1e2c 100755 --- a/team/index.html +++ b/team/index.html @@ -52,14 +52,14 @@ mailing list/a and start contributing to the development of Samba./p lia href=mailto:anato...@samba.org;Anatoliy Atanasov/a/li lia href=http://samba.org/~abartlet/;Andrew Bartlett/a/li lia href=mailto:k...@samba.org;Kai Blin/a/li -lia href=mailto:a...@samba.org;Alexander Bokovoy/a/li -lia href=mailto:i...@samba.org;Ira Cooper/a/li +lia href=mailto:a...@samba.org;Alexander Bokovoy/anbsp;(a href=https://www.redhat.com/;Red Hat/a)/li +lia href=mailto:i...@samba.org;Ira Cooper/anbsp;(a href=https://www.redhat.com/;Red Hat/a)/li lia href=http://samba.org/~sdanneman/;Steven Danneman/a/li -lia href=http://samba.org/~gd;Guuml;nther Deschner/a/li +lia href=http://samba.org/~gd;Guuml;nther Deschner/anbsp;(a href=https://www.redhat.com/;Red Hat/a)/li lia href=mailto:dd...@samba.org;David Disseldorp/anbsp;(a href=https://www.suse.com/;SUSE/a)/li lia href=mailto:sfre...@samba.org;Steve French/a/li lia href=mailto:pa...@samba.org;Paul Green/a/li -lia href=http://ubiqx.org/;Chris Hertel/a/li +lia href=http://ubiqx.org/;Chris Hertel/anbsp;(a href=https://www.redhat.com/;Red Hat/a)/li lia href=mailto:hhet...@samba.org;Holger Hetterich/anbsp;(a href=https://www.suse.com/;SUSE/a)/li lia href=http://people.su.se/~lha/;Love Houml;rnquist Aring;strand/a/li lia href=mailto:ami...@samba.org;Amitay Isaacs/a/li @@ -83,15 +83,15 @@ mailing list/a and start contributing to the development of Samba./p lia href=mailto:jpe...@samba.org;James Peach/a/li lia href=mailto:t...@samba.org;Tim Potter/a/li lia href=http://samba.org/~tprouty/;Tim Prouty/a/li -lia href=http://jarrpa.net;José A. Rivera/a/li +lia href=http://jarrpa.net;José A. Rivera/anbsp;(a href=https://www.redhat.com/;Red Hat/a)/li lia href=http://ozlabs.org/~rusty/;Rusty Russell/a/li lia href=mailto:c...@samba.org;Christof Schmitt/a/li -lia href=http://samba.org/~asn/;Andreas Schneider/a/li +lia href=http://samba.org/~asn/;Andreas Schneider/anbsp;(a href=https://www.redhat.com/;Red Hat/a)/li lia href=http://martin.meltin.net/;Martin Schwenke/a/li lia href=mailto:ksee...@samba.org;Karolin Seeger/anbsp;(a href=http://www.sernet.de/en/;SerNet/a)/li lia href=http://www.richardsharpe.com;Richard Sharpe/a/li lia href=mailto:d...@samba.org;Dan Shearer/a/li -lia href=mailto:i...@samba.org;Simo Sorce/a/li +lia href=mailto:i...@samba.org;Simo Sorce/anbsp;(a href=https://www.redhat.com/;Red Hat/a)/li lia href=mailto:mi...@samba.org;Rafal Szczesniak/a/li lia href=mailto:j...@samba.org;John Terpstra/a/li lia href=http://samba.org/~tridge/;Andrew Tridgell/a/li -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 3f60f0e Fix selfetet environment user gid
from c1507bc s4:imessaging: Remove event context from irpc and
imessaging structures
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 3f60f0e36b6de1be3944f8de039df875a2278078
Author: Simo Sorce i...@samba.org
Date: Tue May 13 12:57:10 2014 +0200
Fix selfetet environment user gid
The real invoking user's gid should be in the /etc/group file or it may
cause spurious error messages.
Signed-off-by: Simo Sorce i...@samba.org
Reviewed-by: Andreas Schneider a...@samba.org
Autobuild-User(master): Simo Sorce i...@samba.org
Autobuild-Date(master): Tue May 13 15:33:21 CEST 2014 on sn-devel-104
---
Summary of changes:
selftest/target/Samba4.pm |3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
mode change 100644 = 100755 selftest/target/Samba4.pm
Changeset truncated at 500 lines:
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
old mode 100644
new mode 100755
index 86ee4fe..15fb5d2
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -511,6 +511,8 @@ sub provision_raw_prepare($$)
chomp $unix_name;
$ctx-{unix_name} = $unix_name;
$ctx-{unix_uid} = $;
+ my @mygid = split( , $();
+ $ctx-{unix_gid} = $mygid[0];
$ctx-{unix_gids_str} = $);
@{$ctx-{unix_gids}} = split( , $ctx-{unix_gids_str});
@@ -688,6 +690,7 @@ wheel:x:10:
users:x:100:
nobody:x:65533:
nogroup:x:65534:nobody
+$ctx-{unix_name}:x:$ctx-{unix_gid}:
;
close(GRP);
my $gid_rfc2307test = 65532;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 2b77b07 s3/libsmb: Free memdup'd local variable
via 9a9e569 passdb: Patch memory leak in pdb_ldap.c
from 293aac0 testprogs: Fix pkinit test with system ldb.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 2b77b072862accc3fffddc964740917102898567
Author: Jose A. Rivera jar...@redhat.com
Date: Thu Feb 20 09:14:59 2014 -0600
s3/libsmb: Free memdup'd local variable
secrets_fetch_machine_password() sets pwd to point to memdup()'d (and thus
malloc()'d) memory. This memory should be freed before we go out of scope.
Change-Id: I07e575819c309fa5b85627dce2eb969bc720ce4e
Coverity-Id: 1168001
Reviewed-by: Ira Cooper i...@samba.org
Signed-off-by: Jose A. Rivera jar...@redhat.com
Reviewed-by: Simo Sorce i...@samba.org
Autobuild-User(master): Simo Sorce i...@samba.org
Autobuild-Date(master): Sat Feb 22 00:58:23 CET 2014 on sn-devel-104
commit 9a9e56943d186e5a8655b5d731a339e453da8ae8
Author: Jose A. Rivera jar...@redhat.com
Date: Tue Feb 18 07:35:37 2014 -0600
passdb: Patch memory leak in pdb_ldap.c
Moved the call to the talloc autofree function to as early a point as
possible. init_ldap_from_sam() already calls smbldap_set_mod(), and there's
a chance that the init will fail after having already allocated memory for
mods.
Coverity-Id: 1167997
Change-Id: Ic26bfb3c530f90aa885e447b8409deba49708d64
Reviewed-by: Ira Cooper i...@samba.org
Signed-off-by: Jose A. Rivera jar...@redhat.com
Reviewed-by: Simo Sorce i...@samba.org
---
Summary of changes:
source3/libsmb/trusts_util.c |1 +
source3/passdb/pdb_ldap.c| 10 ++
2 files changed, 7 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
index b38aec6..bb2e977 100644
--- a/source3/libsmb/trusts_util.c
+++ b/source3/libsmb/trusts_util.c
@@ -118,6 +118,7 @@ NTSTATUS trust_pw_change(struct netlogon_creds_cli_context
*context,
TALLOC_FREE(frame);
return NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE;
}
+ free(pwd);
break;
case SEC_CHAN_DOMAIN:
if (!pdb_get_trusteddom_pw(domain, pwd, sid,
pass_last_set_time)) {
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 6be5fb6..cea8627 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -5168,6 +5168,7 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods
*my_methods,
uint32_t num_result;
bool is_machine = False;
bool add_posix = False;
+ bool init_okay = False;
LDAPMod **mods = NULL;
struct samu *user;
char *filter;
@@ -5285,7 +5286,10 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods
*my_methods,
return NT_STATUS_UNSUCCESSFUL;
}
- if (!init_ldap_from_sam(ldap_state, entry, mods, user,
pdb_element_is_set_or_changed)) {
+ init_okay = init_ldap_from_sam(ldap_state, entry, mods, user,
pdb_element_is_set_or_changed);
+ smbldap_talloc_autofree_ldapmod(tmp_ctx, mods);
+
+ if (!init_okay) {
DEBUG(1,(ldapsam_create_user: Unable to fill user structs\n));
return NT_STATUS_UNSUCCESSFUL;
}
@@ -5371,9 +5375,7 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods
*my_methods,
smbldap_set_mod(mods, LDAP_MOD_ADD, loginShell, shell);
}
- smbldap_talloc_autofree_ldapmod(tmp_ctx, mods);
-
- if (add_posix) {
+ if (add_posix) {
rc = smbldap_add(ldap_state-smbldap_state, dn, mods);
} else {
rc = smbldap_modify(ldap_state-smbldap_state, dn, mods);
--
Samba Shared Repository
Re: [SCM] Samba Shared Repository - branch master updated
On Mon, 2013-12-16 at 10:34 -0800, Jeremy Allison wrote: On Sat, Dec 14, 2013 at 01:20:04PM +0100, Stefan Metzmacher wrote: commit 5baa7402ba8eebd9b2ddc6b259ae9bb2852b4bb1 Author: Volker Lendecke v...@samba.org Date: Fri Dec 6 14:34:05 2013 + smbd: Implement and use full_path_tos Yes, this looks like a hack, but talloc_asprintf does show up high in profiles called from these routines Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Hahaha ! Coming this summer to a cinema near you : Samba 4 - Revenge of the pstrings :-) :-). Uhm, given this string is never passed anywhere and you want to use the stack, why didn't you simply use alloca() + snprintf() ? That would seem a lot simpler and as effective to me, am I missing something ? Simo.
Re: [SCM] Samba Shared Repository - branch master updated
On Mon, 2013-12-16 at 13:05 -0800, Jeremy Allison wrote: On Mon, Dec 16, 2013 at 03:56:16PM -0500, Simo wrote: On Mon, 2013-12-16 at 10:34 -0800, Jeremy Allison wrote: On Sat, Dec 14, 2013 at 01:20:04PM +0100, Stefan Metzmacher wrote: commit 5baa7402ba8eebd9b2ddc6b259ae9bb2852b4bb1 Author: Volker Lendecke v...@samba.org Date: Fri Dec 6 14:34:05 2013 + smbd: Implement and use full_path_tos Yes, this looks like a hack, but talloc_asprintf does show up high in profiles called from these routines Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Hahaha ! Coming this summer to a cinema near you : Samba 4 - Revenge of the pstrings :-) :-). Uhm, given this string is never passed anywhere and you want to use the stack, why didn't you simply use alloca() + snprintf() ? That would seem a lot simpler and as effective to me, am I missing something ? I don't think alloca is as portable as the code Volker wrote. I see. Simo.
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 4b637c3 ldb: use of NULL pointer bugfix
from bdb818d s4-rpc: dnsserver: Ignore duplicate dns zones from multiple
locations
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 4b637c367fdda832e95208f49e8893b0a0cac4b4
Author: Pavel Reichl pavel.rei...@redhat.com
Date: Tue Dec 3 14:37:20 2013 +
ldb: use of NULL pointer bugfix
Autobuild-User(master): Simo Sorce i...@samba.org
Autobuild-Date(master): Tue Dec 3 21:13:53 CET 2013 on sn-devel-104
---
Summary of changes:
lib/ldb/common/ldb.c |4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/ldb/common/ldb.c b/lib/ldb/common/ldb.c
index 3dc6d87..d2b873f 100644
--- a/lib/ldb/common/ldb.c
+++ b/lib/ldb/common/ldb.c
@@ -572,8 +572,8 @@ int ldb_wait(struct ldb_handle *handle, enum ldb_wait_type
type)
struct tevent_context *ev;
int ret;
- if (!handle) {
- return ldb_error(handle-ldb, LDB_ERR_UNAVAILABLE, NULL);
+ if (handle == NULL) {
+ return LDB_ERR_UNAVAILABLE;
}
if (handle-state == LDB_ASYNC_DONE) {
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 9423d5a Fix bug #10063 - source3/lib/util.c:1493 leaking memory w/
pam_winbind.so / winbind
from 3ddb77f torture: Split the fsinfo check into a separate test
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 9423d5afb71e272298f4858d82f436e19ee2b07f
Author: Jeremy Allison j...@samba.org
Date: Fri Aug 2 15:03:39 2013 -0700
Fix bug #10063 - source3/lib/util.c:1493 leaking memory w/ pam_winbind.so /
winbind
Don't use talloc_tos() in something that can be linked to in pam_winbindd.so
Signed-off-by: Jeremy Allison j...@samba.org
Reviewed-by: Simo Sorce i...@samba.org
Autobuild-User(master): Simo Sorce i...@samba.org
Autobuild-Date(master): Sat Aug 24 02:28:28 CEST 2013 on sn-devel-104
---
Summary of changes:
source3/lib/util.c |6 --
1 files changed, 4 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/lib/util.c b/source3/lib/util.c
index bf6c8c5..5168092 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -1462,10 +1462,12 @@ char *myhostname(void)
char *myhostname_upper(void)
{
- char *name;
static char *ret;
if (ret == NULL) {
- name = get_myname(talloc_tos());
+ char *name = get_myname(NULL);
+ if (name == NULL) {
+ return NULL;
+ }
ret = strupper_talloc(NULL, name);
talloc_free(name);
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via c8c84b4 vfs_glusterfs: Implement proper mashalling/unmarshalling of
ACLs
from 91b0ff7 smbd: Do not wait unnecessarily
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit c8c84b47be6721626dc9a111b186d2b8f658409e
Author: Anand Avati av...@redhat.com
Date: Sun Aug 11 15:59:29 2013 -0400
vfs_glusterfs: Implement proper mashalling/unmarshalling of ACLs
Use the primitives available in Samba byteorder.h for implementing
proper (un)marshalling of ACL xattrs.
- Incorporated Raghavendra Talur's comments on v3
Signed-off-by: Anand Avati av...@redhat.com
Signed-off-by: Raghavendra Talur rta...@redhat.com
Reviewed-by: Jeremy Allison j...@samba.org
Reviewed-by: Christopher R. Hertel c...@samba.org
Tested-by: Jose A. Rivera jar...@redhat.com
Autobuild-User(master): Simo Sorce i...@samba.org
Autobuild-Date(master): Fri Aug 16 20:34:51 CEST 2013 on sn-devel-104
---
Summary of changes:
source3/modules/vfs_glusterfs.c | 153 ---
1 files changed, 111 insertions(+), 42 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
index af8d5b7..eac1b24 100644
--- a/source3/modules/vfs_glusterfs.c
+++ b/source3/modules/vfs_glusterfs.c
@@ -992,13 +992,36 @@ static int vfs_gluster_set_offline(struct
vfs_handle_struct *handle,
return -1;
}
-/* Posix ACL Operations */
+/*
+ Gluster ACL Format:
+
+ Size = 4 (header) + N * 8 (entry)
+
+ Offset SizeField (Little Endian)
+ -
+ 0-3 4-byte Version
+
+ 4-5 2-byte Entry-1 tag
+ 6-7 2-byte Entry-1 perm
+ 8-114-byte Entry-1 id
+
+ 12-13 2-byte Entry-2 tag
+ 14-15 2-byte Entry-2 perm
+ 16-19 4-byte Entry-2 id
+ ...
+
+ */
+
+/* header version */
#define GLUSTER_ACL_VERSION 2
+
+/* perm bits */
#define GLUSTER_ACL_READ0x04
#define GLUSTER_ACL_WRITE 0x02
#define GLUSTER_ACL_EXECUTE 0x01
+/* tag values */
#define GLUSTER_ACL_UNDEFINED_TAG 0x00
#define GLUSTER_ACL_USER_OBJ 0x01
#define GLUSTER_ACL_USER 0x02
@@ -1009,58 +1032,49 @@ static int vfs_gluster_set_offline(struct
vfs_handle_struct *handle,
#define GLUSTER_ACL_UNDEFINED_ID (-1)
-struct gluster_ace {
- uint16_t tag;
- uint16_t perm;
- uint32_t id;
-};
-
-struct gluster_acl_header {
- uint32_t version;
- struct gluster_ace entries[];
-};
+#define GLUSTER_ACL_HEADER_SIZE4
+#define GLUSTER_ACL_ENTRY_SIZE 8
static SMB_ACL_T gluster_to_smb_acl(const char *buf, size_t xattr_size,
TALLOC_CTX *mem_ctx)
{
int count;
size_t size;
- struct gluster_ace *ace;
struct smb_acl_entry *smb_ace;
- struct gluster_acl_header *hdr;
struct smb_acl_t *result;
int i;
+ int offset;
uint16_t tag;
uint16_t perm;
uint32_t id;
size = xattr_size;
- if (size sizeof(*hdr)) {
- /* ACL should be at least as big as the header */
+ if (size GLUSTER_ACL_HEADER_SIZE) {
+ /* ACL should be at least as big as the header (4 bytes) */
errno = EINVAL;
return NULL;
}
- size -= sizeof(*hdr);
+ size -= GLUSTER_ACL_HEADER_SIZE; /* size of header = 4 bytes */
- if (size % sizeof(*ace)) {
+ if (size % GLUSTER_ACL_ENTRY_SIZE) {
/* Size of entries must strictly be a multiple of
- size of an ACE
+ size of an ACE (8 bytes)
*/
errno = EINVAL;
return NULL;
}
- count = size / sizeof(*ace);
+ count = size / GLUSTER_ACL_ENTRY_SIZE;
- hdr = (void *)buf;
-
- if (ntohl(hdr-version) != GLUSTER_ACL_VERSION) {
+ /* Version is the first 4 bytes of the ACL */
+ if (IVAL(buf, 0) != GLUSTER_ACL_VERSION) {
DEBUG(0, (Unknown gluster ACL version: %d\n,
- ntohl(hdr-version)));
+ IVAL(buf, 0)));
return NULL;
}
+ offset = GLUSTER_ACL_HEADER_SIZE;
result = sys_acl_init(mem_ctx);
if (!result) {
@@ -1078,10 +1092,19 @@ static SMB_ACL_T gluster_to_smb_acl(const char *buf,
size_t xattr_size,
result-count = count;
smb_ace = result-acl;
- ace = hdr-entries;
for (i = 0; i count; i++) {
- tag = ntohs(ace-tag);
+ /* TAG is the first 2 bytes of an entry */
+ tag = SVAL(buf, offset);
+ offset += 2;
+
+ /* PERM is the next 2 bytes of an entry */
+ perm = SVAL(buf, offset
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1573638 Fix typos in man-pages from e6a58d3 s4:rpc_server: make sure we don't terminate a connection with pending requests (bug #9820) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1573638212a9733a44939a4d38a226f38dca36f1 Author: Michele Baldessari mich...@acksyn.org Date: Tue Jul 9 23:23:33 2013 +0200 Fix typos in man-pages Fix some typos in the man-pages. Signed-off-by: Michele Baldessari mich...@acksyn.org Reviewed-by: Simo Sorce i...@samba.org Autobuild-User(master): Simo Sorce i...@samba.org Autobuild-Date(master): Wed Jul 10 16:45:07 CEST 2013 on sn-devel-104 --- Summary of changes: docs-xml/manpages/dbwrap_tool.1.xml |2 +- docs-xml/manpages/idmap_autorid.8.xml|2 +- docs-xml/manpages/net.8.xml |2 +- docs-xml/manpages/pdbedit.8.xml |2 +- docs-xml/manpages/samba.7.xml|2 +- docs-xml/manpages/smbclient.1.xml|2 +- docs-xml/manpages/smbpasswd.5.xml|2 +- docs-xml/manpages/vfs_smb_traffic_analyzer.8.xml |2 +- 8 files changed, 8 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/dbwrap_tool.1.xml b/docs-xml/manpages/dbwrap_tool.1.xml index e2b2cee..a1a2f97 100644 --- a/docs-xml/manpages/dbwrap_tool.1.xml +++ b/docs-xml/manpages/dbwrap_tool.1.xml @@ -49,7 +49,7 @@ listitemparafetch: fetch a record/para/listitem listitemparastore: create or modify a record/para/listitem listitemparadelete: remove a record/para/listitem - listitemparaexists: test for existance of a record/para/listitem + listitemparaexists: test for existence of a record/para/listitem listitemparaerase: remove all records/para/listitem listitemparalistkeys: list all available records/para/listitem listitemparalistwatchers: list processes, which are waiting for changes in a record/para/listitem diff --git a/docs-xml/manpages/idmap_autorid.8.xml b/docs-xml/manpages/idmap_autorid.8.xml index c35f903..7446d53 100644 --- a/docs-xml/manpages/idmap_autorid.8.xml +++ b/docs-xml/manpages/idmap_autorid.8.xml @@ -109,7 +109,7 @@ titleEXAMPLES/title para This example shows you the minimal configuration that will - work for the principial domain and 19 trusted domains / range + work for the principal domain and 19 trusted domains / range extensions. /para diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml index dd5b3ab..0df2e07 100644 --- a/docs-xml/manpages/net.8.xml +++ b/docs-xml/manpages/net.8.xml @@ -1671,7 +1671,7 @@ shares created by other users. paraStarting with version 3.2.0, a Samba server can be configured by data stored in registry. This configuration data can be edited with the new net -conf commands. There is also the possiblity to configure a remote Samba server +conf commands. There is also the possibility to configure a remote Samba server by enabling the RPC conf mode and specifying the the address of the remote server. /para diff --git a/docs-xml/manpages/pdbedit.8.xml b/docs-xml/manpages/pdbedit.8.xml index 4bb3751..c5d6b23 100644 --- a/docs-xml/manpages/pdbedit.8.xml +++ b/docs-xml/manpages/pdbedit.8.xml @@ -289,7 +289,7 @@ retype new password /programlisting /para - noteparapdbedit does not call the unix password syncronisation + noteparapdbedit does not call the unix password synchronization script if smbconfoption name=unix password sync/ has been set. It only updates the data in the Samba user database. diff --git a/docs-xml/manpages/samba.7.xml b/docs-xml/manpages/samba.7.xml index 9299660..cedb4e4 100644 --- a/docs-xml/manpages/samba.7.xml +++ b/docs-xml/manpages/samba.7.xml @@ -91,7 +91,7 @@ manvolnum8/manvolnum/citerefentry/term listitemparaThe commandsamba-tool/command is the main Samba Administration tool regarding - Acitive Directory services./para + Active Directory services./para /listitem /varlistentry diff --git a/docs-xml/manpages/smbclient.1.xml b/docs-xml/manpages/smbclient.1.xml index 328fd50..b222c56 100644 --- a/docs-xml/manpages/smbclient.1.xml +++ b/docs-xml/manpages/smbclient.1.xml @@ -564,7 +564,7 @@ sent to the server on directory listings and file opens. If the backup intent flag is true, the server will try and bypass
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via cf87f85 time: prefer CLOCK_BOOTTIME for clock_gettime_mono()
via e3c2dd1 time: don't try to use the coarse clock
from 2bdaf53 VERSION: change to 4.2.0pre1
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit cf87f8587415df2119995e82ccf51bb64e44115b
Author: Björn Jacke b...@sernet.de
Date: Wed Jul 3 18:57:57 2013 +0200
time: prefer CLOCK_BOOTTIME for clock_gettime_mono()
this clock moves on while the machine was suspended. This is what we prefer
actually.
Signed-off-by: Björn Jacke b...@sernet.de
Reviewed-by: Simo Sorce i...@samba.org
Autobuild-User(master): Simo Sorce i...@samba.org
Autobuild-Date(master): Fri Jul 5 16:47:34 CEST 2013 on sn-devel-104
commit e3c2dd13d4519d89fc78fd36a9ee4552f0f241ac
Author: Björn Jacke b...@sernet.de
Date: Wed Jul 3 18:51:14 2013 +0200
time: don't try to use the coarse clock
as we prefer to use the suspend aware CLOCK_BOOTTIME as monotonic clock
source
we cannot deal with the mono coarse clock any more. Actually I never saw a
real
performance gain with it.
Signed-off-by: Björn Jacke b...@sernet.de
Reviewed-by: Simo Sorce i...@samba.org
---
Summary of changes:
lib/util/time.c | 25 ++---
1 files changed, 14 insertions(+), 11 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/util/time.c b/lib/util/time.c
index 56b2ec5..05251dd 100644
--- a/lib/util/time.c
+++ b/lib/util/time.c
@@ -62,26 +62,29 @@ a wrapper to preferably get the monotonic time
**/
_PUBLIC_ void clock_gettime_mono(struct timespec *tp)
{
- if (clock_gettime(CUSTOM_CLOCK_MONOTONIC,tp) != 0) {
- clock_gettime(CLOCK_REALTIME,tp);
+/* prefer a suspend aware monotonic CLOCK_BOOTTIME: */
+#ifdef CLOCK_BOOTTIME
+ if (clock_gettime(CLOCK_BOOTTIME,tp) == 0) {
+ return;
+ }
+#endif
+/* then try the monotonic clock: */
+#if CUSTOM_CLOCK_MONOTONIC != CLOCK_REALTIME
+ if (clock_gettime(CUSTOM_CLOCK_MONOTONIC,tp) == 0) {
+ return;
}
+#endif
+ clock_gettime(CLOCK_REALTIME,tp);
}
/**
a wrapper to preferably get the monotonic time in seconds
-as this is only second resolution we can use the cached
-(and much faster) COARSE clock variant
**/
_PUBLIC_ time_t time_mono(time_t *t)
{
struct timespec tp;
- int rc = -1;
-#ifdef CLOCK_MONOTONIC_COARSE
- rc = clock_gettime(CLOCK_MONOTONIC_COARSE,tp);
-#endif
- if (rc != 0) {
- clock_gettime_mono(tp);
- }
+
+ clock_gettime_mono(tp);
if (t != NULL) {
*t = tp.tv_sec;
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via c0cbf59 Remove remaining references to password level in the tree
via 3f73002 docs: Do not encourage unix passwords, and remove reference
to password level
via 26279a9 auth: Remove password level
from 3fba9ba dsdb: reset schema-{classes,attributes}_to_remove_size to 0
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit c0cbf5936f0385ab93315cc366a0aa16c0ebd237
Author: Andrew Bartlett abart...@samba.org
Date: Mon Jun 3 10:38:29 2013 +1000
Remove remaining references to password level in the tree
Reviewed-by: Simo Sorce i...@samba.org
Autobuild-User(master): Simo Sorce i...@samba.org
Autobuild-Date(master): Tue Jun 11 16:25:54 CEST 2013 on sn-devel-104
commit 3f73002f2d5f8a27820e09b024f561fda1560184
Author: Andrew Bartlett abart...@samba.org
Date: Mon Jun 3 10:27:41 2013 +1000
docs: Do not encourage unix passwords, and remove reference to password
level
Reviewed-by: Simo Sorce i...@samba.org
commit 26279a969879bfbd943dfda03c511ed7e14057ba
Author: Andrew Bartlett abart...@samba.org
Date: Mon Jun 3 10:02:39 2013 +1000
auth: Remove password level
We now only lowercase the password, we do not attempt to find another case
combination that the password might be in.
This option is already depricated, so it is now time to remove it.
Andrew Bartlett
Reviewed-by: Simo Sorce i...@samba.org
---
Summary of changes:
docs-xml/Samba3-Developers-Guide/unix-smb.xml | 13 ++--
docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml|2 +-
docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml |7 +--
docs-xml/smbdotconf/security/passwordlevel.xml | 48 --
docs-xml/using_samba/appc.xml | 14
docs-xml/using_samba/ch06.xml | 14
examples/dce-dfs/smb.conf |1 -
examples/scripts/shares/python/smbparm.py |1 -
examples/tridge/smb.conf |1 -
examples/tridge/smb.conf.fjall |1 -
lib/param/loadparm.c |1 -
lib/param/param_functions.c|1 -
lib/param/param_table.c|9 ---
packaging/LSB/smb.conf |1 -
python/samba/upgrade.py|1 -
source3/auth/pass_check.c | 79
source3/param/loadparm.c |1 -
17 files changed, 8 insertions(+), 187 deletions(-)
delete mode 100644 docs-xml/smbdotconf/security/passwordlevel.xml
Changeset truncated at 500 lines:
diff --git a/docs-xml/Samba3-Developers-Guide/unix-smb.xml
b/docs-xml/Samba3-Developers-Guide/unix-smb.xml
index ae6bdcd..6964b7f 100644
--- a/docs-xml/Samba3-Developers-Guide/unix-smb.xml
+++ b/docs-xml/Samba3-Developers-Guide/unix-smb.xml
@@ -112,7 +112,7 @@ shares.
titlePasswords/title
para
-Many SMB clients uppercase passwords before sending them. I have no
+When plaintext passwords are used, very old SMB clients uppercase passwords
before sending them. I have no
idea why they do this. Interestingly WfWg uppercases the password only
if the server is running a protocol greater than COREPLUS, so
obviously it isn't just the data entry routines that are to blame.
@@ -123,12 +123,11 @@ Unix passwords are case sensitive. So if users use mixed
case
passwords they are in trouble.
/para
-para
-Samba can try to cope with this by either using the password level
-option which causes Samba to try the offered password with up to the
-specified number of case changes, or by using the password server
-option which allows Samba to do its validation via another machine
-(typically a WinNT server).
+paraSamba will try an additional all lower cased password
+authentication if it receives an all uppercase password. Samba used to
+support an option called password level that would try to crack
+password by trying all case permutations, but that option has been
+removed.
/para
para
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml
b/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml
index 5ea2db2..657cc97 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml
@@ -446,7 +446,7 @@ If it says quoteerrornamebad
password,/errorname/quote then the likely c
listitem
para
You have explicitly disabled encrypted passwords with
- smbconfoption name=encrypt passwordsno/smbconfoption have a
mixed-case password and you haven't enabled the smbconfoption name=password
level/ option at a high enough level.
+ smbconfoption name=encrypt passwordsno/smbconfoption have a
mixed-case password.
/para
/listitem
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml
Re: [SCM] Samba Website Repository - branch master updated
On 05/27/2013 04:26 AM, Andrew Bartlett wrote: The branch, master has been updated via b06d18f docs: The russian translation site times out from 35e443c docs: Remove dead links http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit b06d18fc18bed2cc9996c01654a58a2fc9ead355 Author: Andrew Bartlett abart...@samba.org Date: Mon May 27 18:26:41 2013 +1000 docs: The russian translation site times out --- Summary of changes: docs/index.html |1 - 1 files changed, 0 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/docs/index.html b/docs/index.html index f3cd1ff..3dd9889 100755 --- a/docs/index.html +++ b/docs/index.html @@ -53,7 +53,6 @@ earlier version of Samba then you may find some differences./p lia href=http://www.samba.gr.jp/project/translation/Samba3-HOWTO/ Samba HOWTO Collection in Japanese/a/li lia href=http://smb-conf.ru/;Samba 3 smb.conf man page in Russian/a/li - lia href=http://samba-doc.ru/samba3example/index.html;Samba 3 by Example in Russian (translation in progress)/a/li /ul h3Contributing/h3 Andrew, seem to be working fine here. Have you contacted the maintainer before just yanking it ? If not it would be polite to revert and contact the maintainer first. Simo.
Re: [Samba] EXTERNAL: Re: SAMBA bringing NFS server to a halt
On 03/06/2013 08:28 AM, Joseph, Matthew (EXP) wrote: Hello JAB, Thank you for taking the time to respond to this in a very helpful manner... If the SAMBA community does not care about helping someone with a wildly out of date server then they should state that before letting someone join the mailing list. Do not ascribe to the whole community the shortcomings of an individuals the volunteers 'his' opinion please. This is a production server on a closed LAN which we don't have the option of upgrading it to RHEL 5.9 or greater in the near future. So with that being said, anyone have any experience with what I am dealing with? Unless you have 15000 servers connected the fact you have that many processes indicates a serious issue with the server or at least one of the clients. Samba creates just 1 single process per client and all its requests are served by that process. If you are seeing multiple processes it means the client is opening multiple connections. That is wrong and indicate there is probably a bug with either server processes crashing, becoming unresponsive or both, or the client misbehaving.. You may want to consider trying playing with the following parameters on your samba server: - deadtime - max connections - keepalive - reset on zero vc You may also want to prevent samba from dumping core if that is activated as it could put pressure on disks and the kernel if too many processes core all at once. HTH, Simo. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] EXTERNAL: Re: SAMBA bringing NFS server to a halt
On 03/06/2013 09:46 AM, Jonathan Buzzard wrote: On Wed, 2013-03-06 at 08:28 -0500, Joseph, Matthew (EXP) wrote: Hello JAB, Thank you for taking the time to respond to this in a very helpful manner... Actually it is helpful given the limited and insufficient information you provided. The basic problem is you are looking for a magic fix that likely does not exist because you want to keep running an OS that is many revisions out of date and has numerous serious security holes and a whole slew of known problems as a consequence. Where simply keeping your system properly patched has a good chance of eliminating the problem, which would have known had you been reading the release and security bulletins for RHEL5 over the last four years. There is simply too many NFS and Samba issues in RHEL5.3 for it to be remotely reasonable to expect any help trying to debug a setup still running at that level. Consequently a sensible course of action is to upgrade to something recent that does not have a whole bunch of known problems and serious security holes and if the problem still exists then come back with a more detail explanation of your setup. Jonathan, you are not being helpful here. We all understood you really want Joseph to upgrade, and we all acknowledge that is good practice, but Joseph seem to have constraints he cannot overcome right now. So please stop hammering on this point. If you do not have anything useful to say for his current situation then just ignore this thread and carry on. Simo. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 05235d5 tdb: Fix a typo
from 10b96e3 Fix the maxfids test so that it does not fork lots of
processes and so that it works for all cases of maxfids.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 05235d5b444558f6d06ef12ea7d74850800425cf
Author: Volker Lendecke v...@samba.org
Date: Sat Feb 16 13:26:36 2013 +0100
tdb: Fix a typo
Signed-off-by: Volker Lendecke v...@samba.org
Autobuild-User(master): Simo Sorce i...@samba.org
Autobuild-Date(master): Sat Feb 16 17:13:32 CET 2013 on sn-devel-104
---
Summary of changes:
lib/tdb/common/open.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/tdb/common/open.c b/lib/tdb/common/open.c
index 08b9450..05d7cae 100644
--- a/lib/tdb/common/open.c
+++ b/lib/tdb/common/open.c
@@ -215,7 +215,7 @@ _PUBLIC_ struct tdb_context *tdb_open_ex(const char *name,
int hash_size, int td
goto fail;
}
- /* now make a copy of the name, as the caller memory might went away */
+ /* now make a copy of the name, as the caller memory might go away */
if (!(tdb-name = (char *)strdup(name))) {
/*
* set the name as the given string, so that tdb_name() will
--
Samba Shared Repository
Re: [SCM] Samba Shared Repository - branch master updated
On Tue, 2012-10-30 at 23:57 +0100, Andrew Bartlett wrote: commit cc6d0decc7980028293168aee267e7610752fc80 Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 30 10:21:42 2012 +1100 ldb: Change ltdb_unpack_data to take an ldb_context It always de-references the module to find the ldb anyway. Andrew Bartlett Andrew, why are you messing over with these interface conventions ? I see no rationale for this change, can you please revert and learn a bit about consistent and predictable interfaces ? Thanks. Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 36ea39e talloc: Convert error cecking macros into fns
from 7d7e33c Add tests for talloc_memlimit
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 36ea39edf8dd9ede756debaf9632f3ded2a51abb
Author: Simo Sorce i...@samba.org
Date: Fri Oct 5 10:32:32 2012 -0400
talloc: Convert error cecking macros into fns
This will avoid 'surprise returns' and makes the code cleare to readers.
These macros were complex enough to warrant a full function anyway not
just for readability but also for debuggability.
Thanks David for pointing out this issue.
Autobuild-User(master): Simo Sorce i...@samba.org
Autobuild-Date(master): Fri Oct 5 23:24:17 CEST 2012 on sn-devel-104
---
Summary of changes:
lib/talloc/talloc.c | 111 ++-
1 files changed, 74 insertions(+), 37 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c
index afc44b3..3e33fc0 100644
--- a/lib/talloc/talloc.c
+++ b/lib/talloc/talloc.c
@@ -222,37 +222,6 @@ static struct {
TC_UNDEFINE_GROW_VALGRIND_CHUNK(_tc, _new_size); \
} while (0)
-#define TALLOC_MEMLIMIT_CHECK(limit, size) do { \
- struct talloc_memlimit *l; \
- for (l = limit; l != NULL; l = l-upper) { \
- if (l-max_size != 0 \
- ((l-max_size = l-cur_size) || \
-(l-max_size - l-cur_size TC_HDR_SIZE+size))) { \
- errno = ENOMEM; \
- return NULL; \
- } \
- } \
-} while(0)
-
-#define TALLOC_MEMLIMIT_UPDATE(limit, o_size, n_size) do { \
- struct talloc_memlimit *l; \
- ssize_t d; \
- if (o_size == 0) { \
- d = n_size + TC_HDR_SIZE; \
- } else { \
- d = n_size - o_size; \
- } \
- for (l = limit; l != NULL; l = l-upper) { \
- ssize_t new_size = l-cur_size + d; \
- if (new_size 0) { \
- talloc_abort(cur_size memlimit counter not correct!);
\
- errno = EINVAL; \
- return NULL; \
- } \
- l-cur_size = new_size; \
- } \
-} while(0)
-
struct talloc_reference_handle {
struct talloc_reference_handle *next, *prev;
void *ptr;
@@ -266,6 +235,10 @@ struct talloc_memlimit {
size_t cur_size;
};
+static bool talloc_memlimit_check(struct talloc_memlimit *limit, size_t size);
+static bool talloc_memlimit_update(struct talloc_memlimit *limit,
+ size_t old_size, size_t new_size);
+
typedef int (*talloc_destructor_t)(void *);
struct talloc_chunk {
@@ -608,7 +581,10 @@ static inline void *__talloc(const void *context, size_t
size)
limit = ptc-limit;
}
- TALLOC_MEMLIMIT_CHECK(limit, (TC_HDR_SIZE+size));
+ if (!talloc_memlimit_check(limit, (TC_HDR_SIZE+size))) {
+ errno = ENOMEM;
+ return NULL;
+ }
tc = talloc_alloc_pool(ptc, TC_HDR_SIZE+size);
}
@@ -996,7 +972,11 @@ static void *_talloc_steal_internal(const void *new_ctx,
const void *ptr)
ctx_size = _talloc_total_limit_size(ptr, NULL, NULL);
- TALLOC_MEMLIMIT_UPDATE(tc-limit-upper, ctx_size, 0);
+ if (!talloc_memlimit_update(tc-limit-upper, ctx_size, 0)) {
+ talloc_abort(cur_size memlimit counter not correct!);
+ errno = EINVAL;
+ return NULL;
+ }
if (tc-limit-parent == tc) {
tc-limit-upper = NULL;
@@ -1531,7 +1511,10 @@ _PUBLIC_ void *_talloc_realloc(const void *context, void
*ptr, size_t size, cons
}
if (tc-limit (size - tc-size 0)) {
- TALLOC_MEMLIMIT_CHECK(tc-limit, (size - tc-size));
+ if (!talloc_memlimit_check(tc-limit, (size - tc-size))) {
+ errno = ENOMEM;
+ return NULL;
+ }
}
/* handle realloc inside a talloc_pool */
@@ -1649,7 +1632,14 @@ _PUBLIC_ void *_talloc_realloc(const void *context, void
*ptr, size_t size, cons
if (new_chunk_size == old_chunk_size) {
TC_UNDEFINE_GROW_CHUNK(tc, size);
tc-flags = ~TALLOC_FLAG_FREE;
- TALLOC_MEMLIMIT_UPDATE(tc-limit, tc-size, size);
+ if (!talloc_memlimit_update(tc-limit,
+ tc-size, size)) {
+ talloc_abort(cur_size memlimit counter
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 7d7e33c Add tests for talloc_memlimit
via a33a78c Add memory limiting capability to talloc
from 7859490 Ensure the masks don't conflict with the ACL checks.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 7d7e33c624875a9694fcebdde942147ac3bf5f74
Author: Simo Sorce i...@samba.org
Date: Sat Sep 22 16:35:21 2012 -0400
Add tests for talloc_memlimit
Autobuild-User(master): Simo Sorce i...@samba.org
Autobuild-Date(master): Fri Oct 5 07:36:38 CEST 2012 on sn-devel-104
commit a33a78c302fde61fdb7a6e71669f19be2cf5c836
Author: Simo Sorce i...@samba.org
Date: Sat Sep 22 16:15:47 2012 -0400
Add memory limiting capability to talloc
By calling talloc_set_memlimit() we can now set a max memory limit
for a whole talloc hierarchy.
ANy attempt to allocate memory beyond the max allowed for the whole
hierarchy wil cause an allocation failure.
Stealing memory correctly accounts for used memory in the old and the new
hierarchy but exceeding the memory limit in the new parent will not cause
a failure.
---
Summary of changes:
...oc-util-2.0.6.sigs = pytalloc-util-2.0.8.sigs} |0
.../ABI/{talloc-2.0.3.sigs = talloc-2.0.8.sigs} |1 +
lib/talloc/talloc.c| 277 +---
lib/talloc/talloc.h| 19 ++
lib/talloc/testsuite.c | 172
lib/talloc/wscript |2 +-
6 files changed, 431 insertions(+), 40 deletions(-)
copy lib/talloc/ABI/{pytalloc-util-2.0.6.sigs = pytalloc-util-2.0.8.sigs}
(100%)
copy lib/talloc/ABI/{talloc-2.0.3.sigs = talloc-2.0.8.sigs} (98%)
Changeset truncated at 500 lines:
diff --git a/lib/talloc/ABI/pytalloc-util-2.0.6.sigs
b/lib/talloc/ABI/pytalloc-util-2.0.8.sigs
similarity index 100%
copy from lib/talloc/ABI/pytalloc-util-2.0.6.sigs
copy to lib/talloc/ABI/pytalloc-util-2.0.8.sigs
diff --git a/lib/talloc/ABI/talloc-2.0.3.sigs b/lib/talloc/ABI/talloc-2.0.8.sigs
similarity index 98%
copy from lib/talloc/ABI/talloc-2.0.3.sigs
copy to lib/talloc/ABI/talloc-2.0.8.sigs
index 6e236d5..15a9e95 100644
--- a/lib/talloc/ABI/talloc-2.0.3.sigs
+++ b/lib/talloc/ABI/talloc-2.0.8.sigs
@@ -43,6 +43,7 @@ talloc_report_full: void (const void *, FILE *)
talloc_set_abort_fn: void (void (*)(const char *))
talloc_set_log_fn: void (void (*)(const char *))
talloc_set_log_stderr: void (void)
+talloc_set_memlimit: int (const void *, size_t)
talloc_set_name: const char *(const void *, const char *, ...)
talloc_set_name_const: void (const void *, const char *)
talloc_show_parents: void (const void *, FILE *)
diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c
index 18ee548..afc44b3 100644
--- a/lib/talloc/talloc.c
+++ b/lib/talloc/talloc.c
@@ -71,6 +71,7 @@
#define TALLOC_FLAG_LOOP 0x02
#define TALLOC_FLAG_POOL 0x04 /* This is a talloc pool */
#define TALLOC_FLAG_POOLMEM 0x08 /* This is allocated in a pool */
+
#define TALLOC_MAGIC_REFERENCE ((const char *)1)
/* by default we abort when given a bad pointer (such as when talloc_free() is
called
@@ -221,12 +222,50 @@ static struct {
TC_UNDEFINE_GROW_VALGRIND_CHUNK(_tc, _new_size); \
} while (0)
+#define TALLOC_MEMLIMIT_CHECK(limit, size) do { \
+ struct talloc_memlimit *l; \
+ for (l = limit; l != NULL; l = l-upper) { \
+ if (l-max_size != 0 \
+ ((l-max_size = l-cur_size) || \
+(l-max_size - l-cur_size TC_HDR_SIZE+size))) { \
+ errno = ENOMEM; \
+ return NULL; \
+ } \
+ } \
+} while(0)
+
+#define TALLOC_MEMLIMIT_UPDATE(limit, o_size, n_size) do { \
+ struct talloc_memlimit *l; \
+ ssize_t d; \
+ if (o_size == 0) { \
+ d = n_size + TC_HDR_SIZE; \
+ } else { \
+ d = n_size - o_size; \
+ } \
+ for (l = limit; l != NULL; l = l-upper) { \
+ ssize_t new_size = l-cur_size + d; \
+ if (new_size 0) { \
+ talloc_abort(cur_size memlimit counter not correct!);
\
+ errno = EINVAL; \
+ return NULL; \
+ } \
+ l-cur_size = new_size; \
+ } \
+} while(0)
+
struct talloc_reference_handle {
struct talloc_reference_handle *next, *prev;
void *ptr;
const char *location;
};
+struct talloc_memlimit {
+ struct talloc_chunk *parent;
+ struct talloc_memlimit *upper;
+ size_t max_size;
+ size_t cur_size;
+};
+
typedef int (*talloc_destructor_t)(void *);
struct talloc_chunk {
@@ -239,6 +278,15 @@ struct talloc_chunk {
unsigned flags
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via a6be8a9 Support UPN_DNS_INFO in the PAC
from 322e3d4 Fix bug #9209 - Parse of invalid SMB2 create blob can cause
smbd crash.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit a6be8a97f705247c1b1cbb0595887d8924740a71
Author: Simo Sorce i...@samba.org
Date: Thu Sep 27 14:12:06 2012 -0400
Support UPN_DNS_INFO in the PAC
Previously marked as UNKNOWN_12 the UPN_DNS_INFO is defined in MS-PAC
Autobuild-User(master): Simo Sorce i...@samba.org
Autobuild-Date(master): Fri Sep 28 01:13:44 CEST 2012 on sn-devel-104
---
Summary of changes:
librpc/idl/krb5pac.idl | 16 +---
1 files changed, 9 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/idl/krb5pac.idl b/librpc/idl/krb5pac.idl
index 8a6540c..0fce16b 100644
--- a/librpc/idl/krb5pac.idl
+++ b/librpc/idl/krb5pac.idl
@@ -37,18 +37,20 @@ interface krb5pac
[size_is(num_transited_services)] lsa_String
*transited_services;
} PAC_CONSTRAINED_DELEGATION;
+ typedef [public,bitmap32bit] bitmap {
+ UDI_ACCT_HAS_NO_UPN = 0x0001 /* 1= User account has no
UPN */
+ } upn_dns_info_flags;
+
typedef struct {
[value(2*strlen_m(upn_name))] uint16 upn_size;
uint16 upn_offset;
[value(2*strlen_m(domain_name))] uint16 domain_size;
uint16 domain_offset;
- uint16 unknown3; /* 0x01 */
- uint16 unknown4;
- uint32 unknown5;
+ upn_dns_info_flags flags;
+ uint32 padding;
[charset(UTF16)] uint8 upn_name[upn_size+2];
[charset(UTF16)] uint8 domain_name[domain_size+2];
- uint32 unknown6; /* padding */
- } PAC_UNKNOWN_12;
+ } PAC_UPN_DNS_INFO;
typedef [public] struct {
PAC_LOGON_INFO *info;
@@ -64,7 +66,7 @@ interface krb5pac
PAC_TYPE_KDC_CHECKSUM = 7,
PAC_TYPE_LOGON_NAME = 10,
PAC_TYPE_CONSTRAINED_DELEGATION = 11,
- PAC_TYPE_UNKNOWN_12 = 12
+ PAC_TYPE_UPN_DNS_INFO = 12
} PAC_TYPE;
typedef struct {
@@ -78,12 +80,12 @@ interface krb5pac
[case(PAC_TYPE_LOGON_NAME)] PAC_LOGON_NAME logon_name;
[case(PAC_TYPE_CONSTRAINED_DELEGATION)][subcontext(0xFC01)]
PAC_CONSTRAINED_DELEGATION_CTR constrained_delegation;
+ [case(PAC_TYPE_UPN_DNS_INFO)] PAC_UPN_DNS_INFO upn_dns_info;
/* when new PAC info types are added they are supposed to be
done
in such a way that they are backwards compatible with
existing
servers. This makes it safe to just use a [default] for
unknown types, which lets us ignore the data */
[default] [subcontext(0)] DATA_BLOB_REM unknown;
- /* [case(PAC_TYPE_UNKNOWN_12)] PAC_UNKNOWN_12 unknown; */
} PAC_INFO;
typedef [public,nopush,nopull,noprint] struct {
--
Samba Shared Repository
Re: [SCM] Samba Shared Repository - branch master updated
then write_attributes Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com
Re: [SCM] Samba Shared Repository - branch master updated
On Sat, 2012-06-16 at 10:14 +0200, Andrew Bartlett wrote: The branch, master has been updated via 4edd8b8 s3-auth: Remove auth_netlogond via 9c715da s3-passdb: Remove pdb_ads Andrew, I would like you to revert these two commits ASAP. Simo. via d949736 s4-classicupgrade: Also ask testparm for 'smb passwd file' via a0a2f79 WHATSNEW: Bump the version and announce the s3fs default via d9f7195 s4-classicupgrade: Use samba classic description for samba3 NT4-like domains in samba3upgrade via 39766b7 s4-lib/param: FLAG DAY for the default FILE SERVER via b58dc18 s4-s3upgrade: Assert that administrator has a SID of -500, and only skip root if it is -500 via 61f7f01 s4-s3upgrade: Add my wins.dat and fix the parsing error via d0b60f0 s4-s3upgrade: improve idmap import to use posixAccount and posixGroup entries via 3c65bac s4-idmap: Add mapping using uidNumber and gidNumber like idmap_ad from bbb7cbf Same fix as bug 8989 - Samba 3.5.x (and probably all other versions of Samba) does not send correct responses to NT Transact Secondary when no data and no params http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4edd8b891a90a89a84fbfa3636cc568d247b04b2 Author: Andrew Bartlett abart...@samba.org Date: Sun Jun 3 10:56:46 2012 +1000 s3-auth: Remove auth_netlogond auth_netlogond was an important module in the development of the combined Samba 4.0, and was the first module to link smbd with the AD authentication store, showing that it was possible for NTLM authentication to be offloaded to the AD server components. We now have auth_samba4, which provides the full GENSEC stack to smbd, which also matches exactly the group membership and privileges assignment and which is supported and tested as part of the official Samba 4.0 release configuration. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Sat Jun 16 10:13:20 CEST 2012 on sn-devel-104 commit 9c715da1cbc256b9ae9298618c92807592607c9b Author: Andrew Bartlett abart...@samba.org Date: Sun Jun 3 10:54:06 2012 +1000 s3-passdb: Remove pdb_ads pdb_ads was an important module in the development of the combined Samba 4.0, and was the first module to show that standard samba3 tools such as smbpasswd can be made to operate on the sam.ldb. We now have pdb_samba4, which operates directly on the sam.ldb, rather than via ldapi://, which uses transactions and which is supported and tested as part of the official Samba 4.0 release configuration. This module is not as complete (for example, it does not honour the idmap configuration) and requires that the samba binary be running to operate. Andrew Bartlett commit d949736f8dc02eec180723a55f4604b7b3aa83d8 Author: Andrew Bartlett abart...@samba.org Date: Sat Jun 16 15:34:50 2012 +1000 s4-classicupgrade: Also ask testparm for 'smb passwd file' commit a0a2f7999e20ab64dcbfca8299dbf0adfba0dea3 Author: Andrew Bartlett abart...@samba.org Date: Sat Jun 16 13:12:50 2012 +1000 WHATSNEW: Bump the version and announce the s3fs default commit d9f7195a1f5a12d5dc8865aa5553b61a4f770e3d Author: Andrew Bartlett abart...@samba.org Date: Sat Jun 16 13:06:44 2012 +1000 s4-classicupgrade: Use samba classic description for samba3 NT4-like domains in samba3upgrade commit 39766b75a40fbab73fc23dd947de44f8349ed466 Author: Andrew Bartlett abart...@samba.org Date: Sat Jun 16 12:54:12 2012 +1000 s4-lib/param: FLAG DAY for the default FILE SERVER This commit changes the default file server to be s3fs. Existing installs wishing to keep the ntvfs file server need to set this in their smb.conf: server services = +smb -s3fs dcerpc endpoint services = +winreg +srvsvc Andrew Bartlett commit b58dc1826e69c61a30d38b05e7f451404670baef Author: Andrew Bartlett abart...@samba.org Date: Sat Jun 16 14:19:42 2012 +1000 s4-s3upgrade: Assert that administrator has a SID of -500, and only skip root if it is -500 Many upgraded installations have root as -1000, and so that account needs to be kept. Andrew Bartlett commit 61f7f0155465b14612f7ac29a12c442ff25031b4 Author: Andrew Bartlett abart...@samba.org Date: Sat Jun 16 13:58:06 2012 +1000 s4-s3upgrade: Add my wins.dat and fix the parsing error The issue was that the numbers at the end of the lines are space padded. Andrew Bartlett commit d0b60f02dd3c324d4c990dae7334b228dddba075 Author: Andrew Bartlett abart...@samba.org Date: Sun Jun 10 20:42:25 2012 +1000 s4-s3upgrade: improve idmap import to use posixAccount
Re: [Samba] Windows 7 attempting to access Samba over port 80
IIRc I have seen Windows trying to use port 80 and webdav when no port 139/445 was available. Only from the graphical shell though. This is not done at the redirector level, but up the stack when the machine can't be found using SMB. Simo. On Tue, 2012-05-29 at 14:02 -0400, Gaiseric Vandal wrote: Since it is port 80, can you capture the contents of the packets? It might be Outlook trying to autoconfigure a mail account? Outlook will poke around on several ports trying to locate a mail server. I believe Windows clients should try to connect on port 445 then fall back to 137-139.The only way samba would use port 80 is if you were using an SSL tunnel BUT I don't think Windows client natively supports that. On 05/29/12 11:15, Tom Noonan II wrote: Good Morning: I'm running a domain-joined Samba 3.6 server. For the majority of users it is working as expected; they can log in without issue using their domain credentials and AD group ACLs are working. However, I have one Windows 7 user who is complaining he can't log in. When I looked on the server I see no logs for his machine. I did a initial traffic sniff and I see his machine is pinging the Samba server on port 80. I want to clearly state I don't think this is a samba problem. The overall majority of users are not complaining about this server. Based on the information I have today, Samba doesn't even come into play as the Win7 box pings the wrong port. I do still need to verify that the client is starting initially on port 80, and not trying 445, failing, caching the failure, and then falling back to 80 on subsequent attempts. So, I want to pose the following question to the list: has anyone seen this? I shoulder surfed and I don't believe it to be user error at this time. I have a sit-down with the user tomorrow to try and resolve this. However, I currently believe this is a client side issue and I don't know what to check client side. (I'm a Linux admin, not Windows) Can any of the Windows guys on this list advise? Thanks! -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via e8e5afd krb5samba: Add smb_krb5_make_pac_checksum.
via 7f9e4d7 s4-auth: Use smb_krb5_make_pac_checksum.
via 3ef95a0 krb5samba: Add krb5_free_checksum_contents wrapper
from 470cfb3 lib/util: Map 0x7fffLL as 0x7fffLL
in time conversion
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit e8e5afd4d4038043f1125c5e2afc41e9e87ebfde
Author: Andreas Schneider a...@samba.org
Date: Thu May 3 17:10:27 2012 +0200
krb5samba: Add smb_krb5_make_pac_checksum.
Signed-off-by: Simo Sorce i...@samba.org
Autobuild-User: Simo Sorce i...@samba.org
Autobuild-Date: Tue May 8 08:30:52 CEST 2012 on sn-devel-104
commit 7f9e4d70b9a2db7400791fbfef284dd63e79f078
Author: Andreas Schneider a...@samba.org
Date: Thu May 3 17:10:53 2012 +0200
s4-auth: Use smb_krb5_make_pac_checksum.
Signed-off-by: Simo Sorce i...@samba.org
commit 3ef95a0b59fa2a9ec5d01398d702bd107f290422
Author: Simo Sorce i...@samba.org
Date: Fri May 4 11:02:48 2012 -0400
krb5samba: Add krb5_free_checksum_contents wrapper
---
Summary of changes:
lib/krb5_wrap/krb5_samba.c | 83 +++
lib/krb5_wrap/krb5_samba.h | 14 +
source3/configure.in|2 +
source4/auth/kerberos/kerberos_pac.c| 78 +
source4/heimdal_build/wscript_configure |2 +
wscript_configure_krb5 |3 +-
6 files changed, 127 insertions(+), 55 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index ddebdd8..16c6901 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -2175,6 +2175,89 @@ krb5_error_code smb_krb5_cc_get_lifetime(krb5_context
context,
}
#endif /* HAVE_KRB5_CC_GET_LIFETIME */
+#if !defined(HAVE_KRB5_FREE_CHECKSUM_CONTENTS) defined(HAVE_FREE_CHECKSUM)
+void smb_krb5_free_checksum_contents(krb5_context ctx, krb5_checksum *cksum)
+{
+ free_Checksum(cksum);
+}
+#endif
+
+krb5_error_code smb_krb5_make_pac_checksum(TALLOC_CTX *mem_ctx,
+ DATA_BLOB *pac_data,
+ krb5_context context,
+ const krb5_keyblock *keyblock,
+ uint32_t *sig_type,
+ DATA_BLOB *sig_blob)
+{
+ krb5_error_code ret;
+ krb5_checksum cksum;
+#if defined(HAVE_KRB5_CRYPTO_INIT) defined(HAVE_KRB5_CREATE_CHECKSUM)
+ krb5_crypto crypto;
+
+
+ ret = krb5_crypto_init(context,
+ keyblock,
+ 0,
+ crypto);
+ if (ret) {
+ DEBUG(0,(krb5_crypto_init() failed: %s\n,
+ smb_get_krb5_error_message(context, ret, mem_ctx)));
+ return ret;
+ }
+ ret = krb5_create_checksum(context,
+ crypto,
+ KRB5_KU_OTHER_CKSUM,
+ 0,
+ pac_data-data,
+ pac_data-length,
+ cksum);
+ if (ret) {
+ DEBUG(2, (PAC Verification failed: %s\n,
+ smb_get_krb5_error_message(context, ret, mem_ctx)));
+ }
+
+ krb5_crypto_destroy(context, crypto);
+
+ if (ret) {
+ return ret;
+ }
+
+ *sig_type = cksum.cksumtype;
+ *sig_blob = data_blob_talloc(mem_ctx,
+ cksum.checksum.data,
+ cksum.checksum.length);
+#elif defined(HAVE_KRB5_C_MAKE_CHECKSUM)
+ krb5_data input;
+
+ input.data = (char *)pac_data-data;
+ input.length = pac_data-length;
+
+ ret = krb5_c_make_checksum(context,
+ 0,
+ keyblock,
+ KRB5_KEYUSAGE_APP_DATA_CKSUM,
+ input,
+ cksum);
+ if (ret) {
+ DEBUG(2, (PAC Verification failed: %s\n,
+ smb_get_krb5_error_message(context, ret, mem_ctx)));
+ return ret;
+ }
+
+ *sig_type = cksum.checksum_type;
+ *sig_blob = data_blob_talloc(mem_ctx,
+ cksum.contents,
+ cksum.length);
+
+#else
+#error krb5_create_checksum or krb5_c_make_checksum not available
+#endif /* HAVE_KRB5_C_MAKE_CHECKSUM */
+ smb_krb5_free_checksum_contents(context, cksum);
+
+ return 0
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d0e7770 waf: Fix com_err detection with MIT krb5. via 822e679 s4:auth/kerberos: don't do tracing in MIT build via 21d383d s4:torture: auth/pac.c: use Kerberos wrapper for krb5_keyblock_init via 4875a12 Avoid using Heimdal-specific tests in MIT build via 5668845 s4:ntvfs: add missing headers to vfs_ipc via 27549b4 Fix direct access to krb5_principal structure via eb9e3e8 auth-session: MIT doesn't have import/export cred yet via 5832c61c s4-auth: Use smb_krb5_cc_get_lifetime() wrapper. via 4d77466 krb5samba: Add a smb_krb5_cc_get_lifetime() function. via 6bec64b s4-auth-krb: Make srv_keytab.c build against MIT Kerberos via 38c7d8e krb5samba: Add compat function for krb5_kt_compare via 548046f Fix incompatible assignment warning via b776bc5 krb5samba: Add compat krb5_make_principal for MIT build via 205b032 Fix compiler warning via cf7d15e s4-auth-krb: Use compat code to initialize keyblock contents via 93de8e4 krb5samba: Add compat code to initialize keyblock contents via 62f3be7 s4-auth-krb: Disable code in MIT build via c2f6632 Move keytab_copy to krb5samba lib via 94b9af6 Fix keytab_copy to compile with MIT librariues too via 07953e1 keytab_copy: Fix style, whitespaces via 57dc8aa kerberos_pac: Fix code to work with MIT too via a2de8a1 s4-auth-krb: smb_rd_req_return_stuff is used only in gensec_krb5 via 3109a3d Split normal kinit from s4u2 flavored kinit via 29d284c Move kerberos_kinit_password_cc to krb5samba lib via 38a5a2c Move kerberos_kinit_keyblock_cc to krb5samba lib via aa1a0d8 krb-init: define out heimdal specific stuff in mitkrb build via 9a585a3 s4-auth-krb: avoid useless condition via afa6c31 krb5samba: Remove unnecessary include file via b7b0903 Fix krb5_samba.c build from eb6e22b s4:torture: add a check for talloc success in test_session_reauth http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d0e7770017a1322ad78b13f0840c54514ee1d9bd Author: Andreas Schneider a...@samba.org Date: Thu May 3 11:28:50 2012 +0200 waf: Fix com_err detection with MIT krb5. Signed-off-by: Simo Sorce i...@samba.org Autobuild-User: Simo Sorce i...@samba.org Autobuild-Date: Fri May 4 18:43:05 CEST 2012 on sn-devel-104 commit 822e6794f09ff2440972453adbac38d3efd1c54e Author: Alexander Bokovoy a...@samba.org Date: Thu May 3 12:33:42 2012 +0300 s4:auth/kerberos: don't do tracing in MIT build Signed-off-by: Simo Sorce i...@samba.org commit 21d383d04f21755418c755139824cfe7234ff474 Author: Alexander Bokovoy a...@samba.org Date: Wed May 2 21:40:13 2012 +0300 s4:torture: auth/pac.c: use Kerberos wrapper for krb5_keyblock_init Signed-off-by: Simo Sorce i...@samba.org commit 4875a12ab840c413b6804050ca2ecd78db98 Author: Alexander Bokovoy a...@samba.org Date: Wed May 2 21:16:01 2012 +0300 Avoid using Heimdal-specific tests in MIT build commit 566884553ccb9c99cc3b05bc6fc84bf5efa9fae2 Author: Alexander Bokovoy a...@samba.org Date: Wed May 2 20:59:00 2012 +0300 s4:ntvfs: add missing headers to vfs_ipc vfs_ipc.c had system/kerberos.h and system/filesys.h missing Signed-off-by: Simo Sorce i...@samba.org commit 27549b4e31b47fab23af0bce6bf888e4148f88e9 Author: Simo Sorce i...@samba.org Date: Wed May 2 13:22:08 2012 -0400 Fix direct access to krb5_principal structure commit eb9e3e8a54aa7d6b805d280fd5586f9d1a2a094a Author: Simo Sorce i...@samba.org Date: Wed May 2 12:24:34 2012 -0400 auth-session: MIT doesn't have import/export cred yet For now let's just loose this functionality with the MIT build. gss_import/export_cred should be availa ble when MIT 1.11 is released and this code is used only in some proxy scenario. Not normally needed for common configurations. commit 5832c61c5f9905f91ae6a010f5c90c674cdace91 Author: Andreas Schneider a...@samba.org Date: Fri Apr 27 20:29:47 2012 +0200 s4-auth: Use smb_krb5_cc_get_lifetime() wrapper. Signed-off-by: Simo Sorce i...@samba.org commit 4d77466dafdb4def6681534e47c06aa07ccf6e17 Author: Andreas Schneider a...@samba.org Date: Fri Apr 27 16:52:26 2012 +0200 krb5samba: Add a smb_krb5_cc_get_lifetime() function. Signed-off-by: Simo Sorce i...@samba.org commit 6bec64b12a90ba81996ca6d049b56f168ef70bc0 Author: Simo Sorce i...@samba.org Date: Thu Apr 26 18:11:09 2012 -0400 s4-auth-krb: Make srv_keytab.c build against MIT Kerberos commit 38c7d8e4fdf6facd37310aa848eb5b2459d4fbe7 Author: Simo Sorce i...@samba.org Date: Thu Apr 26 18:22:43 2012 -0400 krb5samba: Add compat function for krb5_kt_compare commit 548046ff4df23f08e1f652136e7322623885d7ab Author
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 1fbc185 replace: Fix use of mktemp
via 701fc99 addns: clean up headers
from 05456ac s3: Remove an unused variable
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 1fbc18572543ed3056057df6ec4990278726fbf4
Author: Simo Sorce i...@samba.org
Date: Wed Apr 25 18:55:46 2012 -0400
replace: Fix use of mktemp
mktemp always returns the template, so checking for NULL doesn't cactch any
error. Errors are reported by turning the template into an empty string.
Autobuild-User: Simo Sorce i...@samba.org
Autobuild-Date: Thu Apr 26 16:14:24 CEST 2012 on sn-devel-104
commit 701fc995b75e392e896edc0c4314d758f7a5bee6
Author: Simo Sorce i...@samba.org
Date: Wed Apr 25 09:47:47 2012 -0400
addns: clean up headers
All this stuff is already included properly in the replace headers on top.
---
Summary of changes:
lib/addns/dns.h | 33 -
lib/replace/replace.c |4 ++--
2 files changed, 2 insertions(+), 35 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/addns/dns.h b/lib/addns/dns.h
index 88ba9d1..2e80577 100644
--- a/lib/addns/dns.h
+++ b/lib/addns/dns.h
@@ -38,47 +38,14 @@
#endif
#endif /* NO_CONFIG_H */
-#include stdio.h
-#include stdlib.h
#include fcntl.h
#include time.h
-#include string.h
-#include errno.h
#include netdb.h
-#include sys/types.h
-#include sys/socket.h
-#include netinet/in.h
-#include arpa/inet.h
-#include stdarg.h
#ifdef HAVE_UUID_UUID_H
#include uuid/uuid.h
#endif
-#ifdef HAVE_KRB5_H
-#include krb5.h
-#endif
-
-#ifdef HAVE_INTTYPES_H
-#include inttypes.h
-
-#ifndef int16
-#define int16 int16_t
-#endif
-
-#ifndef uint16
-#define uint16 uint16_t
-#endif
-
-#ifndef int32
-#define int32 int32_t
-#endif
-
-#ifndef uint32
-#define uint32 uint32_t
-#endif
-#endif
-
#include talloc.h
/***
diff --git a/lib/replace/replace.c b/lib/replace/replace.c
index c076ba1..322bf49 100644
--- a/lib/replace/replace.c
+++ b/lib/replace/replace.c
@@ -412,8 +412,8 @@ int rep_mkstemp(char *template)
{
/* have a reasonable go at emulating it. Hope that
the system mktemp() isn't completely hopeless */
- char *p = mktemp(template);
- if (!p)
+ mktemp(template);
+ if (template[0] == 0)
return -1;
return open(p, O_CREAT|O_EXCL|O_RDWR, 0600);
}
--
Samba Shared Repository
Re: [SCM] Samba Shared Repository - branch master updated
On Wed, 2012-04-25 at 11:44 +0200, Andrew Bartlett wrote: commit b8055132b1c62dd19981fea2822ab9e1829a8ded Author: Andrew Bartlett abart...@samba.org Date: Wed Apr 25 17:53:18 2012 +1000 s4-messaging: Use generate_random() to get a unique ID for messaging clients The call to random() resulted in duplicate values for s3fs configurations which, due to the forked child, all started with the same random seed. A future improvement would be to move to a proven unique value. Andrew Bartlett Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Wed Apr 25 11:43:40 CEST 2012 on sn-devel-104 Andrew are you sure you need to use /dev/urandom here ? It doesn't look like you need absolutelu unpredictable numbers here, just non-colliding numbers. You changed the code to draw from urandom, and if it is used often it mean it will suck a lot of entropy out of the system, causing any application that need to use /dev/random to halt. Wouldn't it have been simpler to just run srand(time(NULL)*pid) to get a new seed for the process ? Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via adbace2 Fix pam_winbind build against newer iniparser library via 360c11e Avoid warning about KRB5_DEPRECATE with MIT libs via 87c95e4 Cracknames: use krb wrapper functions so it works with MIT via d43c2c0 krb5_samba: Add support for krb5_princ_size when using Heimdal via 08c733d Make krb5 wrapper library common so they can be used all over via f7070c9 For now just disable this Heindal specific stuff in the MIT build via 110dad8 Make krb5 context initialization not heimdal specific via 090f907 Make sure krb5_principal_get_num_comp is identified as present for Heimdal build via 5cae929 waf: rename SAMBA4_INTERNAL_HEIMDAL to SAMBA4_USES_HEIMDAL via 4291fdc waf: move krb5 checks to a separate waf file from 5b5b696 Fix bug #8882 - Broken processing of %U with vfs_full_audit when force user is set. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit adbace20a24b6ae4fbd6d17b7153833f4ac8c88d Author: Simo Sorce i...@samba.org Date: Mon Apr 23 17:23:35 2012 -0400 Fix pam_winbind build against newer iniparser library iniparser_getstr is deprecated and has been removed in newer libraries available in Fedora. Use iniparse_getstring instead. Autobuild-User: Simo Sorce i...@samba.org Autobuild-Date: Tue Apr 24 02:56:10 CEST 2012 on sn-devel-104 commit 360c11eaaafb0b74d2cc2e733eea922553407b16 Author: Simo Sorce i...@samba.org Date: Sun Apr 22 19:05:31 2012 -0400 Avoid warning about KRB5_DEPRECATE with MIT libs commit 87c95e49efbcbdbf76e66a240e769f6cb80a40b4 Author: Simo Sorce i...@samba.org Date: Sat Apr 21 16:55:35 2012 -0400 Cracknames: use krb wrapper functions so it works with MIT Also avoid a silly game with directly modifying the principal and then calling krb5_principal_unparse_flags to get out a string. If we already assume it is a 2 components name and know what outcome we are going to get, just go ahead and talloc_asprintf the linearized string. commit d43c2c094558fcb83aa18358bc724195a9c26001 Author: Simo Sorce i...@samba.org Date: Sun Apr 22 21:38:29 2012 -0400 krb5_samba: Add support for krb5_princ_size when using Heimdal commit 08c733d75fd83fd5e32ced9712d41dd595e0f182 Author: Simo Sorce i...@samba.org Date: Sat Apr 21 17:26:18 2012 -0400 Make krb5 wrapper library common so they can be used all over commit f7070c90b94954835478a09e89a85c03f0f85500 Author: Simo Sorce i...@samba.org Date: Sat Apr 21 16:35:48 2012 -0400 For now just disable this Heindal specific stuff in the MIT build commit 110dad8c9eb95e6729e589b52ef204d369803bdb Author: Simo Sorce i...@samba.org Date: Fri Apr 20 13:14:30 2012 -0400 Make krb5 context initialization not heimdal specific Turn the logging data to an opaque pointer. Ifdef code and use MIT logging function when built against system MIT. commit 090f9072da6974b506901547c0091e3e1b8a11cc Author: Alexander Bokovoy a...@samba.org Date: Mon Apr 23 15:01:07 2012 +0300 Make sure krb5_principal_get_num_comp is identified as present for Heimdal build Common wrappers for MIT / Heimdal use krb5_principal_get_num_comp() to replace krb5_princ_size but rely on krb5_principal_get_num_comp() identified by the build. As we know it exists in Heimdal, define it for waf build. Signed-off-by: Simo Sorce i...@samba.org commit 5cae9293d118da8765b301f9872e77993f44ad86 Author: Alexander Bokovoy a...@samba.org Date: Fri Apr 20 20:22:39 2012 +0300 waf: rename SAMBA4_INTERNAL_HEIMDAL to SAMBA4_USES_HEIMDAL SAMBA4_INTERNAL_HEIMDAL is defined unconditionally regardless where Heimdal comes from, system-wide or embedded version. This define is not used anywhere. We'll use it to distinguish between Heimdal and MIT Krb5 builds. Signed-off-by: Simo Sorce i...@samba.org commit 4291fdcf3910b37d7dc7ed3849847fb162b5569b Author: Alexander Bokovoy a...@samba.org Date: Fri Apr 20 12:53:11 2012 +0300 waf: move krb5 checks to a separate waf file With PROCESS_SEPARATE_RULE in wafsamba it is now possible to simplify configuration and checks for MIT/Heimdal Kerberos implementations. 1. Move MIT krb5 checks from source3/wscript to wscript_configure_krb5 2. Make sure they are called same way (--with-mit-krb5-checks) 3. If no configure checks identified MIT krb5 in system (or were disabled), make sure Heimdal build is selected, embedded (default) or system-provided. This makes logic of configuration unchanged for Heimdal builds but adds less hacky way to use MIT krb5 builds. The latter does not work yet as we need to untangle more subsystems from HDB/Heimdal-specific details but lays out a foundation for that. Signed-off-by: Simo Sorce i...@samba.org
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via e21029a waf: Fix mispelling
via 70d44a9 Fix Error messages
from b31f773 s3/ldap: remove outdated netscape ds 5 schema file
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit e21029a270a6e3b8bcc5ff33b74977cb0cd6cd17
Author: Simo Sorce i...@samba.org
Date: Mon Apr 9 08:33:37 2012 -0400
waf: Fix mispelling
Autobuild-User: Simo Sorce i...@samba.org
Autobuild-Date: Thu Apr 19 17:36:41 CEST 2012 on sn-devel-104
commit 70d44a9a177621b173c8a24c7cb503f5632a8ff7
Author: Simo Sorce i...@samba.org
Date: Thu Apr 19 09:35:08 2012 -0400
Fix Error messages
---
Summary of changes:
buildtools/wafsamba/samba_deps.py | 12 ++--
buildtools/wafsamba/samba_python.py|6 +++---
buildtools/wafsamba/wafsamba.py|2 +-
source4/auth/kerberos/srv_keytab.c |6 ++
source4/scripting/python/wscript_build |2 +-
5 files changed, 13 insertions(+), 15 deletions(-)
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/samba_deps.py
b/buildtools/wafsamba/samba_deps.py
index 51b7da9..f073e41 100644
--- a/buildtools/wafsamba/samba_deps.py
+++ b/buildtools/wafsamba/samba_deps.py
@@ -214,7 +214,7 @@ def add_init_functions(self):
if m is not None:
modules.append(m)
-sentinal = getattr(self, 'init_function_sentinal', 'NULL')
+sentinel = getattr(self, 'init_function_sentinel', 'NULL')
targets= LOCAL_CACHE(bld, 'TARGET_TYPE')
cflags = getattr(self, 'samba_cflags', [])[:]
@@ -222,8 +222,8 @@ def add_init_functions(self):
if modules == []:
sname = sname.replace('-','_')
sname = sname.replace('/','_')
-cflags.append('-DSTATIC_%s_MODULES=%s' % (sname, sentinal))
-if sentinal == 'NULL':
+cflags.append('-DSTATIC_%s_MODULES=%s' % (sname, sentinel))
+if sentinel == 'NULL':
cflags.append('-DSTATIC_%s_MODULES_PROTO' % sname)
self.ccflags = cflags
return
@@ -236,11 +236,11 @@ def add_init_functions(self):
if targets[d['TARGET']] != 'DISABLED':
init_fn_list.append(d['INIT_FUNCTION'])
if init_fn_list == []:
-cflags.append('-DSTATIC_%s_MODULES=%s' % (m, sentinal))
-if sentinal == 'NULL':
+cflags.append('-DSTATIC_%s_MODULES=%s' % (m, sentinel))
+if sentinel == 'NULL':
cflags.append('-DSTATIC_%s_MODULES_PROTO' % m)
else:
-cflags.append('-DSTATIC_%s_MODULES=%s' % (m,
','.join(init_fn_list) + ',' + sentinal))
+cflags.append('-DSTATIC_%s_MODULES=%s' % (m,
','.join(init_fn_list) + ',' + sentinel))
proto=''
for f in init_fn_list:
proto = proto + '_MODULE_PROTO(%s)' % f
diff --git a/buildtools/wafsamba/samba_python.py
b/buildtools/wafsamba/samba_python.py
index 503fa75..6bc32f0 100644
--- a/buildtools/wafsamba/samba_python.py
+++ b/buildtools/wafsamba/samba_python.py
@@ -21,7 +21,7 @@ def SAMBA_PYTHON(bld, name,
realname=None,
cflags='',
includes='',
- init_function_sentinal=None,
+ init_function_sentinel=None,
local_include=True,
vars=None,
enabled=True):
@@ -29,8 +29,8 @@ def SAMBA_PYTHON(bld, name,
# when we support static python modules we'll need to gather
# the list from all the SAMBA_PYTHON() targets
-if init_function_sentinal is not None:
-cflags += '-DSTATIC_LIBPYTHON_MODULES=%s' % init_function_sentinal
+if init_function_sentinel is not None:
+cflags += '-DSTATIC_LIBPYTHON_MODULES=%s' % init_function_sentinel
source = bld.EXPAND_VARIABLES(source, vars=vars)
diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py
index fd72cf3..317bca1 100644
--- a/buildtools/wafsamba/wafsamba.py
+++ b/buildtools/wafsamba/wafsamba.py
@@ -477,7 +477,7 @@ def SAMBA_SUBSYSTEM(bld, modname, source,
cflags='',
cflags_end=None,
group='main',
-init_function_sentinal=None,
+init_function_sentinel=None,
autoproto=None,
autoproto_extra_source='',
depends_on='',
diff --git a/source4/auth/kerberos/srv_keytab.c
b/source4/auth/kerberos/srv_keytab.c
index ca2d385..b7a2079 100644
--- a/source4/auth/kerberos/srv_keytab.c
+++ b/source4/auth/kerberos/srv_keytab.c
@@ -54,8 +54,7 @@ static krb5_error_code principals_from_list(TALLOC_CTX
*parent_ctx,
}
if (!realm) {
- *error_string = Cannot have a kerberos secret in
- secrets.ldb without a realm
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 4b29cf5 Move kdc_get_policy helper in the lsa server where it
belongs.
via 37e98ff Use loadparm helper to find lifetime defaults
via 86910e1 loadparm: Add helper function to fetch default lifetime
policies
via 74510b0 loadparm: Add convenience function to return long integers
via e0f425a loadparm: Fix broken lp_ulong utility function
via 97f5b28 Move README file in the right place.
from 00d5f32 Fix bug #8877 - Syslog broken owing to mistyping of
debug_settings.syslog.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 4b29cf5f66c5e75f759a5c2a79ba26629f907778
Author: Simo Sorce i...@samba.org
Date: Thu Apr 19 17:54:57 2012 -0400
Move kdc_get_policy helper in the lsa server where it belongs.
This was used in only 2 places, db-glue.c and the lsa server.
In db-glue.c it is awkward though, as it forces to use an unconvenient lsa
structure and conversions from time_t to nt_time only to have nt_times
converted back to time_t for actual use. This is silly.
Also the kdc-policy file was a single funciton library, that's just
ridiculous.
The loadparm helper is all we need to keep the values consistent, and if we
ever end up doing something with group policies we will care about it when
it's
the time. the code would have to change quite a lot anyway.
Autobuild-User: Simo Sorce i...@samba.org
Autobuild-Date: Fri Apr 20 01:53:37 CEST 2012 on sn-devel-104
commit 37e98ff252edc5e76d2c74a8459247ffcb5fd101
Author: Simo Sorce i...@samba.org
Date: Thu Apr 19 11:17:25 2012 -0400
Use loadparm helper to find lifetime defaults
Implictly fixes buggy use of int for time_t
commit 86910e15feaa490cf70f592c6e9af44f3db7e6f0
Author: Simo Sorce i...@samba.org
Date: Thu Apr 19 11:16:03 2012 -0400
loadparm: Add helper function to fetch default lifetime policies
This use long to fetch time_t quantities, because there are architectures
were
time_t is a signed long but long != int, So long is the proper way to deal
with
it.
commit 74510b059e6852d1491a4cb6eaa9cc7c2ed61fbf
Author: Simo Sorce i...@samba.org
Date: Thu Apr 19 11:00:45 2012 -0400
loadparm: Add convenience function to return long integers
commit e0f425ab2d49779d0abbc0756326f548ff1ee19b
Author: Simo Sorce i...@samba.org
Date: Thu Apr 19 10:58:39 2012 -0400
loadparm: Fix broken lp_ulong utility function
commit 97f5b287fbe36e8e0026c3a76f90a7662111e9aa
Author: Simo Sorce i...@samba.org
Date: Thu Apr 19 10:34:54 2012 -0400
Move README file in the right place.
Someone forgot to move the README when they moved the code ...
---
Summary of changes:
{source4 = lib}/param/README |0
lib/param/loadparm.c| 29 +++-
lib/param/param.h |5 +++
lib/param/util.c| 19 ++
source4/kdc/db-glue.c | 17 +++-
source4/kdc/kdc-policy.h| 25 --
source4/kdc/policy.c| 48 ---
source4/kdc/samba_kdc.h |8 +-
source4/kdc/wscript_build | 10 +--
source4/rpc_server/lsa/dcesrv_lsa.c | 26 ++-
source4/rpc_server/wscript_build|2 +-
11 files changed, 95 insertions(+), 94 deletions(-)
rename {source4 = lib}/param/README (100%)
delete mode 100644 source4/kdc/kdc-policy.h
delete mode 100644 source4/kdc/policy.c
mode change 100644 = 100755 source4/kdc/wscript_build
Changeset truncated at 500 lines:
diff --git a/source4/param/README b/lib/param/README
similarity index 100%
rename from source4/param/README
rename to lib/param/README
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 46bae44..d68d585 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -1699,11 +1699,11 @@ static int lp_int(const char *s)
/**
* convenience routine to return unsigned long parameters.
*/
-static int lp_ulong(const char *s)
+static unsigned long lp_ulong(const char *s)
{
if (!s) {
- DEBUG(0,(lp_int(%s): is called with NULL!\n,s));
+ DEBUG(0,(lp_ulong(%s): is called with NULL!\n,s));
return -1;
}
@@ -1713,6 +1713,20 @@ static int lp_ulong(const char *s)
/**
* convenience routine to return unsigned long parameters.
*/
+static long lp_long(const char *s)
+{
+
+ if (!s) {
+ DEBUG(0,(lp_long(%s): is called with NULL!\n,s));
+ return -1;
+ }
+
+ return strtol(s, NULL, 0);
+}
+
+/**
+ * convenience routine to return unsigned long parameters.
+ */
static double lp_double(const char *s)
{
@@ -1840,6 +1854,17 @@ unsigned long lpcfg_parm_ulong(struct
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via e49efe9 Fix typo
from 0a4ab49 waf: Use Logs.info() instead of print.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit e49efe9e7e8ebd62fa79e35a1e2fff489c3bcc96
Author: Simo Sorce i...@samba.org
Date: Fri Apr 6 15:22:06 2012 -0400
Fix typo
Autobuild-User: Simo Sorce i...@samba.org
Autobuild-Date: Tue Apr 17 22:22:26 CEST 2012 on sn-devel-104
---
Summary of changes:
buildtools/wafsamba/samba_deps.py |4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/samba_deps.py
b/buildtools/wafsamba/samba_deps.py
index ed2169b..51b7da9 100644
--- a/buildtools/wafsamba/samba_deps.py
+++ b/buildtools/wafsamba/samba_deps.py
@@ -298,7 +298,7 @@ def check_duplicate_sources(bld, tgt_list):
return ret
-def check_orpaned_targets(bld, tgt_list):
+def check_orphaned_targets(bld, tgt_list):
'''check if any build targets are orphaned'''
target_dict = LOCAL_CACHE(bld, 'TARGET_TYPE')
@@ -1145,7 +1145,7 @@ def check_project_rules(bld):
debug('deps: project rules stage1 completed')
-#check_orpaned_targets(bld, tgt_list)
+#check_orphaned_targets(bld, tgt_list)
if not check_duplicate_sources(bld, tgt_list):
Logs.error(Duplicate sources present - aborting)
--
Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 31eb555 Add note about patches that apply to alpha18 from 6698fef Fix typo. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 31eb5557bb01549be26bd4c20aacce0c00f0b262 Author: Simo Sorce i...@samba.org Date: Wed Apr 11 09:46:27 2012 -0400 Add note about patches that apply to alpha18 --- Summary of changes: security/CVE-2012-1182.html |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/security/CVE-2012-1182.html b/security/CVE-2012-1182.html index 4aa1ca4..2e3f9c2 100644 --- a/security/CVE-2012-1182.html +++ b/security/CVE-2012-1182.html @@ -71,6 +71,9 @@ Due to the seriousness of this vulnerability, patches have been released for all Samba versions currently out of support and maintenance from 3.0.37 onwards. +Patches for the 3.6 series also apply to Samba4 alpha18 and can be used to +make a pure security release on top of it. + == Workaround -- Samba Website Repository
Re: [SCM] Samba Shared Repository - branch master updated
On Tue, 2012-04-10 at 11:15 +0200, Andrew Bartlett wrote:
index cafc020..f07bbc9 100644
--- a/lib/ldb/include/ldb_private.h
+++ b/lib/ldb/include/ldb_private.h
@@ -181,4 +181,12 @@ struct ldb_val ldb_binary_decode(TALLOC_CTX
*mem_ctx, const char *str);
const char *ldb_options_find(struct ldb_context *ldb, const char
*options[],
const char *option_name);
+struct ldif_read_file_state {
+ FILE *f;
+ size_t line_no;
+};
Andrew,
can you put this back in ldb_ldif.c and provide a getter function for
the line number instead ?
Let's avoid keeping spreading structures all over.
+struct ldb_ldif *ldb_ldif_read_file_state(struct ldb_context *ldb,
+ struct ldif_read_file_state
*state);
+
--
Simo Sorce
Samba Team GPL Compliance Officer s...@samba.org
Principal Software Engineer at Red Hat, Inc. s...@redhat.com
Re: [Samba] allow trusted domains
On Sat, 2012-03-03 at 16:59 +0700, Victor Sudakov wrote: Andrew Bartlett wrote: As written in http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html Where winbindd is not used Samba (smbd) uses the underlying UNIX/Linux mechanisms to resolve the identity of incoming network traffic. This is done using the LoginID (account name) in the session setup request and passing it to the getpwnam() system function call. This call is implemented using the name service switch (NSS) mechanism on modern UNIX/Linux systems. By saying users and groups are local, we are implying that they are stored only on the local system, in the /etc/passwd and /etc/group respectively. For example, when the user BERYLIUM\WambatW tries to open a connection to a Samba server the incoming SessionSetupAndX request will make a system call to look up the user WambatW in the /etc/passwd file. My question: if BERYLIUM trusts ANOTHERDOMAIN, and ANOTHERDOMAIN\WambatW tries to open a connection to my Samba server, what user will be looked up in /etc/passwd? It should be: ANOTHERDOMAIN\WambatW A Unix user with a slash in the login name? Sorry I doubt that because I have a script in smb.conf: add user script = /usr/sbin/pw useradd %u -m -Y -M 755 and the script's log shows that those users from trusted domains are being created as WambatW, not ANOTHERDOMAIN\WambatW. How/where can I see/debug the actual mapping happening? When using trusted domains you should run winbindd, relying on add user script is basically not supported/tested for trusted domain. Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Proposal to change security=share in Samba 4.0
On Tue, 2012-02-28 at 10:16 +1100, Andrew Bartlett wrote: On Mon, 2012-02-27 at 17:53 -0500, David Collier-Brown wrote: Am I correct in thinking this would make all shares have the same password as the guest user, or do you mean there really is no password at all, or alternatively that one would specify the share, provide it's password and be logged on as guest??? It's been a while since I had a security=share setup, but I remember WfW clients thinking that they had per-share passwords... In the past, Samba tried to match the 'per share' password provided by the client against a list of users, falling back to guest if 'guest ok = yes' was set on the share. What will happen now is that the password will be ignored, and only the 'guest ok' will be checked, and access will be as guest. This in effect means dropping security = share, can't we just effectively drop it instead of deceiving our users and making them believe they are using it ? Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Proposal to change security=share in Samba 4.0
On Tue, 2012-02-28 at 12:19 +1100, Andrew Bartlett wrote: On Mon, 2012-02-27 at 19:45 -0500, simo wrote: On Tue, 2012-02-28 at 10:16 +1100, Andrew Bartlett wrote: On Mon, 2012-02-27 at 17:53 -0500, David Collier-Brown wrote: Am I correct in thinking this would make all shares have the same password as the guest user, or do you mean there really is no password at all, or alternatively that one would specify the share, provide it's password and be logged on as guest??? It's been a while since I had a security=share setup, but I remember WfW clients thinking that they had per-share passwords... In the past, Samba tried to match the 'per share' password provided by the client against a list of users, falling back to guest if 'guest ok = yes' was set on the share. What will happen now is that the password will be ignored, and only the 'guest ok' will be checked, and access will be as guest. This in effect means dropping security = share, can't we just effectively drop it instead of deceiving our users and making them believe they are using it ? I am fully in support of dropping it. Kai asked that we still have a way to 'simply' configure the system for trivial file access. These semantics (guest only) broadly matches the default file sharing access on WinXP. (Windows 7 instead wants you to use a HomeGroup, and makes just sharing a folder with no pw substantially more difficult). If the consensus of the list is to drop it outright, and simply error on parsing security=share, I will prepare a patch to do that. The recommended simple sharing option of 'map to guest = bad user' naturally remains. I would prefer dropping security = share completely. security = user + map to guest is sufficient for people that want to allow 'guest' access. Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via b5b2041 Rename obscure defined constants.
from 95d3096 s3-selftest: Remove .posix_s3 from s3 test names
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit b5b204184aa6d0f14e7d3bd08322a98dc4f432e6
Author: Christopher R. Hertel (crh) c...@samba.org
Date: Tue Feb 14 21:51:35 2012 -0600
Rename obscure defined constants.
Replaced the undescriptive SMB_PORT1 and SMB_PORT2 defined constants
with the slightly more descriptive names NBT_SMB_PORT and TCP_SMB_PORT.
Also replaced several hard-coded references to the well-known port
numbers (139 and 445, respectively) as appropriate.
Small changes to clarify some comments regarding the two transport
types.
Signed-off-by: Simo Sorce i...@samba.org
Autobuild-User: Simo Sorce i...@samba.org
Autobuild-Date: Thu Feb 16 08:29:41 CET 2012 on sn-devel-104
---
Summary of changes:
source3/auth/auth_ntlmssp.c |4 ++--
source3/client/client.c |9 +
source3/include/smb.h|4 ++--
source3/lib/util_sock.c |5 +++--
source3/libsmb/libsmb_server.c |2 +-
source3/libsmb/smbsock_connect.c | 14 +++---
source3/nmbd/nmbd_synclists.c|2 +-
source3/smbd/reply.c |4 ++--
source3/torture/torture.c|2 +-
source3/utils/smbfilter.c|4 ++--
source3/winbindd/winbindd_cm.c |2 +-
11 files changed, 27 insertions(+), 25 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 00a99c3..b5935e6 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -143,8 +143,8 @@ static NTSTATUS auth_ntlmssp_check_password(struct
ntlmssp_state *ntlmssp_state,
NTSTATUS nt_status;
bool username_was_mapped;
- /* the client has given us its machine name (which we otherwise would
not get on port 445).
- we need to possibly reload smb.conf if smb.conf includes depend on
the machine name */
+ /* The client has given us its machine name (which we only get over NBT
transport).
+ We need to possibly reload smb.conf if smb.conf includes depend on
the machine name. */
set_remote_machine_name(gensec_ntlmssp-ntlmssp_state-client.netbios_name,
True);
diff --git a/source3/client/client.c b/source3/client/client.c
index 89fd1d4..9d4ef15 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -5168,7 +5168,7 @@ static int do_host_query(const char *query_host)
}
}
- if (port != 139) {
+ if (port != NBT_SMB_PORT) {
/* Workgroups simply don't make sense over anything
else but port 139... */
@@ -5177,7 +5177,8 @@ static int do_host_query(const char *query_host)
status = cli_cm_open(talloc_tos(), NULL,
have_ip ? dest_ss_str : query_host,
IPC$, auth_info, true, smb_encrypt,
-max_protocol, 139, name_type, cli);
+max_protocol, NBT_SMB_PORT, name_type,
+cli);
if (!NT_STATUS_IS_OK(status)) {
cli = NULL;
}
@@ -5242,7 +5243,7 @@ static int do_message_op(struct user_auth_info *a_info)
NTSTATUS status;
status = cli_connect_nb(desthost, have_ip ? dest_ss : NULL,
- port ? port : 139, name_type,
+ port ? port : NBT_SMB_PORT, name_type,
lp_netbios_name(), SMB_SIGNING_DEFAULT, 0,
cli);
if (!NT_STATUS_IS_OK(status)) {
d_printf(Connection to %s failed. Error %s\n, desthost,
nt_errstr(status));
@@ -5354,7 +5355,7 @@ static int do_message_op(struct user_auth_info *a_info)
exit(ENOMEM);
}
if( !port )
- port = 139;
+ port = NBT_SMB_PORT;
message = true;
break;
case 'I':
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 22653cd..7dd77ec 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -44,8 +44,8 @@
#define NMB_PORT 137
#define DGRAM_PORT 138
-#define SMB_PORT1 445
-#define SMB_PORT2 139
+#define NBT_SMB_PORT 139 /* Port for SMB over NBT transport (IETF STD#19).
*/
+#define TCP_SMB_PORT 445 /* Port for SMB over naked TCP transport.
*/
#define SMB_PORTS 445 139
#define Undefined (-1)
diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c
index 9ade23c..dcc41bb 100644
Re: [Samba] Problem Accessing Samba share from Windows workstation via DNS Round Robin
On Mon, 2012-01-23 at 12:40 +1000, Peter Tan wrote: Hi Simo, It's ok I've worked it out. You were spot on wrt missing 'cifs' keytab entries. I kinda expected these to be added when creating the keytab but I guess not the case. All the doco I had read revolved around keytab 'host' entries so I couldn't see what was missing (probably just my ignorance!:) I had to add them afterwards using: net ads keytab add cifs -U spn and this did the trick! Is this a bug? The following link suggests it is a bug too? -- https://bugzilla.samba.org/show_bug.cgi?id=8004 Anyway thank you very much for pointing me in the right direction! You are welcome. Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem Accessing Samba share from Windows workstation via DNS Round Robin
On Fri, 2012-01-20 at 16:38 +1000, Peter Tan wrote: I have set up a 2 node linux cluster and wish to share a ocfs2 mount on san storage. I have configured ctdb, samba and Kerberos and am able to map the share on my windows workstation when I hit the ip of each of the two nodes. I am able to mount this share via nfs on other linux servers ok. However it does not appear to be authenticating when I try to map to the DNS hostname that has been set up to round robins across the two ip's - I keep getting prompted for a login and password and I get the following in /var/log/messages: krb5_rd_req failed (Key table entry not found) Node 1: 10.101.4.16 Node 2: 10.101.4.17 DNS A Name: clusterpub 10.101.4.16 DNS A Name: clusterpub 10.101.4.17 I have set the netbios name = clusterpub in smb.conf on both nodes Interestingly, I am able to successfully connect to the clusterpub share from one of the nodes via smbclient. # smbclient //clusterpub/archive -U user Enter user password: Domain=[COUNCIL] OS=[Unix] Server=[Samba 3.5.4-0.83.el5] smb: \ dir . D0 Fri Jan 20 14:28:01 2012 ..D0 Wed Jan 18 13:56:46 2012 hello-from-samba 0 Fri Jan 20 14:28:01 2012 64000 blocks of size 16777216. 63805 blocks available smb: \ What am I missing? You have 2 ways to solve this issue. My preferred one is to join the cluster to the domain with the public name (clusterpub) in your case, and share the keytab between the 2 nodes. They are logically a single server and need to share the same credentials. Another way I like a lot less is to make sure you have PTR records set up so that they point to the respective private names, and join each node with these names. I like this less because it relies on reverse address resolution and kinda breaks the fact you are trying to present a single service to the clients. Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem Accessing Samba share from Windows workstation via DNS Round Robin
Nico, you present some many questionable 'facts' as absolutes I feel the need to reply to your statements. On Fri, 2012-01-20 at 08:40 -0500, Nico Kadel-Garcia wrote: On Fri, Jan 20, 2012 at 1:38 AM, Peter Tan p...@ipswich.qld.gov.au wrote: I have set up a 2 node linux cluster and wish to share a ocfs2 mount on san storage. I have configured ctdb, samba and Kerberos and am able to map the share on my windows workstation when I hit the ip of each of the two nodes. I am able to mount this share via nfs on other linux servers ok. However it does not appear to be authenticating when I try to map to the DNS hostname that has been set up to round robins across the two ip's - I keep getting prompted for a login and password and I get the following in /var/log/messages: krb5_rd_req failed (Key table entry not found) Nor should it. They're not the same machine, and Kerberos tickets for one are not going to be valid on the other. Why shouldn't you present a _cluster_ as a single node ? That's exactly what a cluster should look like to a client. and DNS round robin is always a crap shoot due to client DNS caching and ordering of returned entries, over which you have *no* control from the server side. This really does not matter in a controlled environment. It is good enough for the task at hand. What you say may make sense in uncontrolled environments like the internet but not in a local one. NFS is an *entirely* different game. Once the mount is created, it's tied to the IP address, not the DNS entries, and remains that way unless detached and a new mount created. Autofs supports this sort of thing, but most NFS setups don't rely on Kerberos tickets or, in fact, any reliable authentication, especially the much simpler NFSv3 setups. Simple setups use the uid's and gid's reported by the client and assume that is enough. (It's really not for secure environments, which is why Kerberos works so hard to make sure you really are who you say you are, on both ends and is incorporated into NFSv4 and integrated automatically most modern CIFS setups.) Node 1: 10.101.4.16 Node 2: 10.101.4.17 DNS A Name: clusterpub 10.101.4.16 DNS A Name: clusterpub 10.101.4.17 This is not round robin unless your DNS server is prepared to re-arrange the response order for lookups of clusterpub, and even then, clients can mess it up. It's duplicate A records: it's important to keep this straight. Uninteresting details in this kind of setup, really. I have set the netbios name = clusterpub in smb.conf on both nodes But they're not the same host. Presenting them both as the same host is begging for confusion. The point of a cluster is to present itself as a single node to clients, I do not know what you are talking about here ... Interestingly, I am able to successfully connect to the clusterpub share from one of the nodes via smbclient. [...] That round robin DNS is not your friend, and never will be. Oh come on, it works well enough. Also, smbclient is not the same as mounting a file system. From the protocol point of view it is exactly the same, your point is ? You might consider giving different netbios names: duplicate A records are most usefully published *as well* as distinct hostnames, so you can gracefully select one or the other host, and reverse DNS compatble specific hostname to differentiate reverse DNS lookups between the two hosts. You can *add* those for admin purposes, clients should not be pointed to specific cluster names, although IP take over will help avoiding issues, if you have different names kerberos won't work anymore unless you share all keytabs for all names. It also means retiring a name becomes impossible in the long run, and also rebalancing clients when you add a node to scale more becomes a hard task. You do not certainly want to make the setup more complicated than it needs to be. And round robin with share keytab in the name of the public DNS name is the easiest. Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem Accessing Samba share from Windows workstation via DNS Round Robin
On Mon, 2012-01-23 at 09:58 +1000, Peter Tan wrote: Hi Simo, Thanks for your email. (It is good to get some reassurances I am on the right track...:) My preferred one is to join the cluster to the domain with the public name (clusterpub) in your case, and share the keytab between the 2 nodes. They are logically a single server and need to share the same credentials. This is how I have set it up (as per samba ctdb wiki documentation) using clusterpub but it just refuses to let me map \\clusterpub\share on my windows client. I can hit the individual node's share using IP: \\10.101.4.16\share \\10.101.4.17\share and these work fine (which is really working as per your option two). As given before, incredibly I am able to successfully connect to \\clusterpub\share using smbclient from one of the linux nodes using my window domain login. I am confident winbind is working ok. It looks like Kerberos is having a problem. When trying to map from windows I get the following error in /var/log/messages (on the node that dns happens to send me to): krb5_rd_req failed (Key table entry not found). # klist -ke Keytab name: FILE:/etc/krb5.keytab KVNO Principal -- 2 host/clusterpub.mydomain...@mydomain.au (DES cbc mode with CRC-32) 2 host/clusterpub. mydomain.au @ MYDOMAIN.AU (DES cbc mode with RSA-MD5) 2 host/clusterpub. mydomain.au @ MYDOMAIN.AU (ArcFour with HMAC/md5) 2 host/clusterpub@ MYDOMAIN.AU (DES cbc mode with CRC-32) 2 host/clusterpub@ MYDOMAIN.AU (DES cbc mode with RSA-MD5) 2 host/clusterpub@ MYDOMAIN.AU (ArcFour with HMAC/md5) 2 CLUSTERPUB$@ MYDOMAIN.AU (DES cbc mode with CRC-32) 2 CLUSTERPUB$@ MYDOMAIN.AU (DES cbc mode with RSA-MD5) 2 CLUSTERPUB$@ MYDOMAIN.AU (ArcFour with HMAC/md5) I think you are missing keys for cifs/fqdn@REALM Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [SCM] Samba Shared Repository - branch master updated
On Fri, 2011-10-28 at 11:35 +0200, Andreas Schneider wrote: +Requires=smb.service nmb.service +After=syslog.target network.target smb.service nmb.service This looks wrong, winbind does not require smb or nmb to run, if you have a laptop and do not offer shares you may want to run just winbind and no smb or nmb service. And actually I think you probably want to start winbind before smb *if* you are using winbind on a samba file server. Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 605d7d9 pdb-interface: Do not use unid_t here
from 94799db s3-auth move the s3 auth context onto gensec_ntlmssp once
we start
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 605d7d965a33d6a4be632dde9b15abb42801fdaf
Author: Simo Sorce i...@samba.org
Date: Tue Oct 18 10:44:52 2011 -0400
pdb-interface: Do not use unid_t here
This interface needs to be publicly available, unid_t here is not really
useful
and makes it harder to use it as unid_t is not a public union.
Autobuild-User: Simo Sorce i...@samba.org
Autobuild-Date: Tue Oct 18 20:57:16 CEST 2011 on sn-devel-104
---
Summary of changes:
source3/include/passdb.h|4 ++--
source3/passdb/lookup_sid.c | 14 --
source3/passdb/pdb_ads.c| 13 ++---
source3/passdb/pdb_interface.c | 36
source3/passdb/pdb_ldap.c | 15 ---
source3/passdb/pdb_samba4.c | 13 ++---
source3/passdb/py_passdb.c |7 ---
source3/winbindd/idmap_passdb.c |9 +
8 files changed, 59 insertions(+), 52 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index cd3880c..70b21c9 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -563,7 +563,7 @@ struct pdb_methods
bool (*gid_to_sid)(struct pdb_methods *methods, gid_t gid,
struct dom_sid *sid);
bool (*sid_to_id)(struct pdb_methods *methods, const struct dom_sid
*sid,
- union unid_t *id, enum lsa_SidType *type);
+ uid_t *uid, gid_t *gid, enum lsa_SidType *type);
uint32_t (*capabilities)(struct pdb_methods *methods);
bool (*new_rid)(struct pdb_methods *methods, uint32_t *rid);
@@ -868,7 +868,7 @@ bool pdb_set_account_policy(enum pdb_policy_type type,
uint32_t value);
bool pdb_get_seq_num(time_t *seq_num);
bool pdb_uid_to_sid(uid_t uid, struct dom_sid *sid);
bool pdb_gid_to_sid(gid_t gid, struct dom_sid *sid);
-bool pdb_sid_to_id(const struct dom_sid *sid, union unid_t *id,
+bool pdb_sid_to_id(const struct dom_sid *sid, uid_t *uid, gid_t *gid,
enum lsa_SidType *type);
uint32_t pdb_capabilities(void);
bool pdb_new_rid(uint32_t *rid);
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index a02c941..cfc78ad 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -1193,11 +1193,12 @@ static bool legacy_sid_to_uid(const struct dom_sid
*psid, uid_t *puid)
enum lsa_SidType type;
if (sid_check_is_in_our_domain(psid)) {
- union unid_t id;
+ uid_t uid;
+ gid_t gid;
bool ret;
become_root();
- ret = pdb_sid_to_id(psid, id, type);
+ ret = pdb_sid_to_id(psid, uid, gid, type);
unbecome_root();
if (ret) {
@@ -1207,7 +1208,7 @@ static bool legacy_sid_to_uid(const struct dom_sid *psid,
uid_t *puid)
sid_type_lookup(type)));
return false;
}
- *puid = id.uid;
+ *puid = uid;
goto done;
}
@@ -1234,7 +1235,6 @@ done:
static bool legacy_sid_to_gid(const struct dom_sid *psid, gid_t *pgid)
{
GROUP_MAP *map;
- union unid_t id;
enum lsa_SidType type;
map = talloc_zero(NULL, GROUP_MAP);
@@ -1260,10 +1260,12 @@ static bool legacy_sid_to_gid(const struct dom_sid
*psid, gid_t *pgid)
}
if (sid_check_is_in_our_domain(psid)) {
+ uid_t uid;
+ gid_t gid;
bool ret;
become_root();
- ret = pdb_sid_to_id(psid, id, type);
+ ret = pdb_sid_to_id(psid, uid, gid, type);
unbecome_root();
if (ret) {
@@ -1274,7 +1276,7 @@ static bool legacy_sid_to_gid(const struct dom_sid *psid,
gid_t *pgid)
sid_type_lookup(type)));
return false;
}
- *pgid = id.gid;
+ *pgid = gid;
goto done;
}
diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c
index 5742534..8dc9585 100644
--- a/source3/passdb/pdb_ads.c
+++ b/source3/passdb/pdb_ads.c
@@ -2204,7 +2204,7 @@ static bool pdb_ads_gid_to_sid(struct pdb_methods *m,
gid_t gid,
}
static bool pdb_ads_sid_to_id(struct pdb_methods *m, const struct dom_sid *sid,
- union unid_t *id, enum
Re: [Samba] Need information about the net ads user command
Trimming unrelated development mailing lists and people. Pankaj, it is very unpolite to waste a large amount of developer time by cross posting a large amount of development lists and people, for a user help question. Please Do not do that in future. On Tue, 2011-10-11 at 11:49 +0530, Pankaj Baranwal wrote: Hi, net ads user command doesn't returns users starting with $. Is there any another way to search users starting with $. The $ sign is a reserved char for Windows. Can be used only as the last char of an account name and that identify computer accounts names. Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 6bed577 pac: Fix wrong memory allocation check
via c9eba24 ndr.pc: needs samba-util not samba-hostconfig
from b787b6e libcli/cldap: don't pass tevent_context to
cldap_socket_init()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 6bed57788c2341a92e1c4431ea764bf037431254
Author: Simo Sorce i...@samba.org
Date: Mon Oct 10 17:48:02 2011 -0400
pac: Fix wrong memory allocation check
Autobuild-User: Simo Sorce i...@samba.org
Autobuild-Date: Tue Oct 11 01:18:22 CEST 2011 on sn-devel-104
commit c9eba24886806bca795f294183b7543e4f9376ca
Author: Simo Sorce i...@samba.org
Date: Mon Oct 10 15:52:38 2011 -0400
ndr.pc: needs samba-util not samba-hostconfig
---
Summary of changes:
librpc/ndr.pc.in |2 +-
source4/kdc/pac-glue.c |2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/ndr.pc.in b/librpc/ndr.pc.in
index f7a1651..1ee50cc 100644
--- a/librpc/ndr.pc.in
+++ b/librpc/ndr.pc.in
@@ -5,7 +5,7 @@ includedir=@includedir@
Name: ndr
Description: Network Data Representation Core Library
-Requires: samba-hostconfig talloc
+Requires: samba-util talloc
Version: 0.0.1
Libs: @LIB_RPATH@ -L${libdir} -lndr
Cflags: -I${includedir} -DHAVE_IMMEDIATE_STRUCTURES=1 -D_GNU_SOURCE=1
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index e92a511..5718452 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -51,7 +51,7 @@ NTSTATUS samba_get_logon_info_pac_blob(TALLOC_CTX *mem_ctx,
}
pac_info.logon_info.info = talloc_zero(mem_ctx, struct PAC_LOGON_INFO);
- if (!mem_ctx) {
+ if (!pac_info.logon_info.info) {
return NT_STATUS_NO_MEMORY;
}
--
Samba Shared Repository
Re: [Samba] can't turn on wide links in homedir
On Thu, 2011-09-15 at 09:11 -0700, Linda Walsh wrote: simo wrote: On Wed, 2011-09-14 at 18:16 -0700, Linda Walsh wrote: Jeremy Allison wrote: I didn't like re-enabling the feature as it re-introduces something that was widely regarded as a security hole, People widely regarded the earth as flat and ... well sometime ago, as in some areas, as only 6000 years old... Did you know the greks (150 BC and earlier) knew perfectly well the earth was round and calculated things like the radius of the earth with decent accuracy for the means and things like the precession ? Sometimes people walk backward :) Science and reason almost always suffer in the face of 'mass (pun?) opinion' (or wide regard, as the case may be)... So glad we are not on the mass side then :-p Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can't turn on wide links in homedir
On Wed, 2011-09-14 at 18:16 -0700, Linda Walsh wrote: Jeremy Allison wrote: I didn't like re-enabling the feature as it re-introduces something that was widely regarded as a security hole, People widely regarded the earth as flat and ... well sometime ago, as in some areas, as only 6000 years old... Did you know the greks (150 BC and earlier) knew perfectly well the earth was round and calculated things like the radius of the earth with decent accuracy for the means and things like the precession ? Sometimes people walk backward :) Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d713f9e s3-passdb: Only delete 1 entry from memcache. via 99bb3ee s3-passdb: Remove always the user from getpwsid cache. via 1152aa8 s3-passdb: Keep caches coherent via 61ada70 s3-id_cache: Use better names for id cache management ops via 177db0a s3-id_cache: Move id caches mgmt out of smbd via 0f4ee5d s3-lsasd: Listen on \PIPE\lsass. via 8efdac8 s3-lsasd: Add missing ncalrpc listeners. via b501f6f s3-rpc_server: Add create_dcerpc_ncalrpc_socket(). via 8a1572f s3-rpc_server: Increase epm monitor wait time. via 51d4b3c s3-prefork: Listening fds must be in non-blocking mode via a4188aa s3-spoolss: Remove useless check via 2c45954 s3-lsasd: Remove useless check via 7bb4b99 s3-prefork: Fix code to retire children via feadd84 s3-spoolssd: Listen on parent messages via cce8c72 s3-lsasd: Listen on parent messages via 91ba8ae s3-prefork: Add parent-client messaging via 98d2bf0 s3-lsasd: Send a message to the parent when we accept a connection via 7274649 s3-spoolssd: Send a message to the parent when we accept a connection via 5c1a8dc s3-messaging: Add preforked child-parent message types via 0f71639 s3-prefork: Improve error detection when handling new connections via 75f3da7 s3-prefork: Improve heuristics via 89dde6b s3-lsasd: User new prefork helpers to simplify code. via f07f5c5 s3-spoolssd: User new prefork helpers to simplify code. via 308e4e0 s3-prefork: add a few more utility functions via df6f320 s3-prefrok: Handle only valid children via e3736f8 s3-prefork: Fix worker flags handling. via ee0c69a s3-prefork: do not use a lock_fd, just race on accept() via 0723871 rpc_server: Add forward declaration for dcerpc_transport_t. via 5de61e6 s3-waf: Fix build with lsasd. via c538b01 s3-lsasd: Use prefrok utils to manage children via 884969e s3-spoolssd: Use prefrok utils to manage children via 3451f42 s3-prefork: Add common utilities for daemons via 0647a93 s3-spoolss: Introduce helper function to manage pool. via 2a0aac0 s3-prefork: Allow better management of allowed_clients via eb8a0c7 s3-winbind: We need to use internal rpc connections in winbind. via bfd9624 s3-spoolssd: Fix spoolss logging. via 5b3eb83 s3-lsasd: Import fixes from spoolssd via d5ba5de selftest: Enable testing of the lsa service daemon. via d1bc22e s3-rpc_server: Use rpc_epmapper_mode() in ep_register() via 32a53be s3-rpc_server: Use rpc_service_mode() in np_open() via ef24917 s3-rpc_server: Use rpc_service_mode() in rpc_pipe_open_interface() via f9c7b59 selftest: Fix daemon testing to use the new syntax. via 23e7e1c s3-rpc_server: Replace RPC_SERVICE_MODE_DAEMON checks via 11cbe24 s3-rpc_server: Move config helpers in one place. via 5a4e0dd s3-rpc_server: Add helper to define/retrieve daemons configuration via 9738ee4 s3-rpc_server: Reduce code duplication via 7b715f1 s3-smbd: Start lsasd as deamon. via 7abdf6e s3-rpc_server: Correctly register lsa, samr and netlogon. via 0364bf0 s3-lsasd: Create a lsa service daemon. via dea2161 s3-spoolssd: Check if we were able to create the prefork pool. via 5169dff s3-prefork: Fix cast warning. via e4b566d s3-rpc_server: Make dcerpc_ncacn_accept() public. via 312c519 s3-rpc_server: Check explicit for external and daemon server type. via ea3fa58 s3-rpc_server: Fix include order in srv_pipe_hnd.c. from 9fa8f27 talloc: Fix talloc-compat pc files/headers. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d713f9e9f50dfe680f66798098ee5ede3ee80e06 Author: Andreas Schneider a...@samba.org Date: Sat Aug 20 16:19:43 2011 +0200 s3-passdb: Only delete 1 entry from memcache. If we delete or update one user we shouldn't flush the complete memcache. Signed-off-by: Simo Sorce i...@samba.org Autobuild-User: Simo Sorce i...@samba.org Autobuild-Date: Sun Aug 21 16:39:10 CEST 2011 on sn-devel-104 commit 99bb3eed1dac5d2e81fd213beda414bd65076eea Author: Andreas Schneider a...@samba.org Date: Sat Aug 20 14:48:38 2011 +0200 s3-passdb: Remove always the user from getpwsid cache. We should do it always, not only in the pdb_default_delete_user() function. Signed-off-by: Simo Sorce i...@samba.org commit 1152aa8e0354ed2446397725b75e905bef3c4afb Author: Andreas Schneider a...@samba.org Date: Fri Aug 19 17:36:53 2011 +0200 s3-passdb: Keep caches coherent When deleting a user send a message to all interested parties so they can purge their caches. Otherwise some processes may
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0825a52 Revert s3-messaging: IDMAP_ messages belongs to the Winbind range from 0db0e93 s3-passdb pdb_samba4 handles PDB_PWHISTORY already http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0825a52a369883ec422efbebfce5eaac78bf94a5 Author: Simo Sorce i...@samba.org Date: Fri Aug 19 08:07:30 2011 -0400 Revert s3-messaging: IDMAP_ messages belongs to the Winbind range This reverts commit 102f39ae3e7df26faf81595c8e0120b2e2a45bbd. These messages are handled by smbd not winbind, and could potentially be of general interest. Autobuild-User: Simo Sorce i...@samba.org Autobuild-Date: Fri Aug 19 16:16:05 CEST 2011 on sn-devel-104 --- Summary of changes: source3/librpc/idl/messaging.idl |8 1 files changed, 4 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/librpc/idl/messaging.idl b/source3/librpc/idl/messaging.idl index 41df791..aca90c4 100644 --- a/source3/librpc/idl/messaging.idl +++ b/source3/librpc/idl/messaging.idl @@ -35,6 +35,10 @@ interface messaging MSG_REQ_DMALLOC_LOG_CHANGED = 0x000C, MSG_SHUTDOWN= 0x000D, + MSG_IDMAP_FLUSH = 0x000E, + MSG_IDMAP_DELETE= 0x000F, + MSG_IDMAP_KILL = 0x0010, + /* Changes to smb.conf are really of general interest */ MSG_SMB_CONF_UPDATED= 0x0021, @@ -90,10 +94,6 @@ interface messaging MSG_WINBIND_DUMP_DOMAIN_LIST= 0x0409, MSG_WINBIND_IP_DROPPED = 0x040A, - MSG_IDMAP_FLUSH = 0x040E, - MSG_IDMAP_DELETE= 0x040F, - MSG_IDMAP_KILL = 0x0410, - /* event messages */ MSG_DUMP_EVENT_LIST = 0x0500, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 102f39a s3-messaging: IDMAP_ messages belongs to the Winbind range from 6c8ee02 s3: Use ZERO_STRUCT where appropriate http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 102f39ae3e7df26faf81595c8e0120b2e2a45bbd Author: Simo Sorce i...@samba.org Date: Tue Aug 16 10:46:17 2011 -0400 s3-messaging: IDMAP_ messages belongs to the Winbind range Autobuild-User: Simo Sorce i...@samba.org Autobuild-Date: Tue Aug 16 22:27:05 CEST 2011 on sn-devel-104 --- Summary of changes: source3/librpc/idl/messaging.idl |8 1 files changed, 4 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/librpc/idl/messaging.idl b/source3/librpc/idl/messaging.idl index aca90c4..41df791 100644 --- a/source3/librpc/idl/messaging.idl +++ b/source3/librpc/idl/messaging.idl @@ -35,10 +35,6 @@ interface messaging MSG_REQ_DMALLOC_LOG_CHANGED = 0x000C, MSG_SHUTDOWN= 0x000D, - MSG_IDMAP_FLUSH = 0x000E, - MSG_IDMAP_DELETE= 0x000F, - MSG_IDMAP_KILL = 0x0010, - /* Changes to smb.conf are really of general interest */ MSG_SMB_CONF_UPDATED= 0x0021, @@ -94,6 +90,10 @@ interface messaging MSG_WINBIND_DUMP_DOMAIN_LIST= 0x0409, MSG_WINBIND_IP_DROPPED = 0x040A, + MSG_IDMAP_FLUSH = 0x040E, + MSG_IDMAP_DELETE= 0x040F, + MSG_IDMAP_KILL = 0x0410, + /* event messages */ MSG_DUMP_EVENT_LIST = 0x0500, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 2e5fc83 s3-prefork: Do not use mmap/mremap/munmap directly
via 039ddef util: add function to extend anonymous shared memory
via a171938 replace: Check if we have mremap() available
from 88ecf1a Use public pytalloc header file.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 2e5fc8335022df44a015817d4628a48e9195e311
Author: Simo Sorce i...@samba.org
Date: Sun Aug 14 18:11:18 2011 -0400
s3-prefork: Do not use mmap/mremap/munmap directly
Use the wrappers in util.h as they deal with trying to do the best they can
on
platfroms that do not support mmap extensions.
Autobuild-User: Simo Sorce i...@samba.org
Autobuild-Date: Mon Aug 15 04:13:51 CEST 2011 on sn-devel-104
commit 039ddef20900322760093a04881007dbb0897b50
Author: Simo Sorce i...@samba.org
Date: Sun Aug 14 18:10:53 2011 -0400
util: add function to extend anonymous shared memory
commit a171938408adde0d787b9ff40a4cebeee66d747a
Author: Simo Sorce i...@samba.org
Date: Sun Aug 14 18:05:27 2011 -0400
replace: Check if we have mremap() available
---
Summary of changes:
lib/replace/libreplace.m4|7
lib/replace/test/shared_mremap.c | 48
lib/util/util.c | 64 ++
lib/util/util.h |1 +
source3/lib/server_prefork.c | 20 ++-
5 files changed, 131 insertions(+), 9 deletions(-)
create mode 100644 lib/replace/test/shared_mremap.c
Changeset truncated at 500 lines:
diff --git a/lib/replace/libreplace.m4 b/lib/replace/libreplace.m4
index 808d5d1..d644e50 100644
--- a/lib/replace/libreplace.m4
+++ b/lib/replace/libreplace.m4
@@ -98,6 +98,13 @@ if test x$libreplace_cv_HAVE_MMAP = xyes; then
AC_DEFINE(HAVE_MMAP,1,[Whether mmap works])
fi
+AC_CACHE_CHECK([for working mremap],libreplace_cv_HAVE_MREMAP,[
+AC_TRY_RUN([#include $libreplacedir/test/shared_mremap.c],
+
libreplace_cv_HAVE_MREMAP=yes,libreplace_cv_HAVE_MREMAP=no,libreplace_cv_HAVE_MREMAP=cross)])
+if test x$libreplace_cv_HAVE_MREMAP = xyes; then
+AC_DEFINE(HAVE_MREMAP,1,[Whether mremap works])
+fi
+
AC_CHECK_HEADERS(sys/syslog.h syslog.h)
AC_CHECK_HEADERS(sys/time.h time.h)
diff --git a/lib/replace/test/shared_mremap.c b/lib/replace/test/shared_mremap.c
new file mode 100644
index 000..05032ad
--- /dev/null
+++ b/lib/replace/test/shared_mremap.c
@@ -0,0 +1,48 @@
+/* this tests whether we can use mremap */
+
+#if defined(HAVE_UNISTD_H)
+#include unistd.h
+#endif
+#include sys/mman.h
+#include sys/types.h
+#include sys/stat.h
+#include fcntl.h
+
+#define DATA conftest.mmap
+
+#ifndef MAP_FILE
+#define MAP_FILE 0
+#endif
+
+#ifndef MAP_FAILED
+#define MAP_FAILED (int *)-1
+#endif
+
+main()
+{
+ int *buf;
+ int fd;
+ int err = 1;
+
+ fd = open(DATA, O_RDWR|O_CREAT|O_TRUNC, 0666);
+ if (fd == -1) {
+ exit(1);
+ }
+
+ buf = (int *)mmap(NULL, 0x1000, PROT_READ | PROT_WRITE,
+ MAP_FILE | MAP_SHARED, fd, 0);
+ if (buf == MAP_FAILED) {
+ goto done;
+ }
+
+ buf = mremap(buf, 0x1000, 0x2000, MREMAP_MAYMOVE);
+ if (buf == MAP_FAILED) {
+ goto done;
+ }
+
+ err = 0;
+done:
+ close(fd);
+ unlink(DATA);
+ exit(err);
+}
diff --git a/lib/util/util.c b/lib/util/util.c
index 2d1d830..b700f37 100644
--- a/lib/util/util.c
+++ b/lib/util/util.c
@@ -1073,6 +1073,70 @@ void *anonymous_shared_allocate(size_t orig_bufsz)
return ptr;
}
+void *anonymous_shared_resize(void *ptr, size_t new_size, bool maymove)
+{
+#ifdef HAVE_MREMAP
+ void *buf;
+ size_t pagesz = getpagesize();
+ size_t pagecnt;
+ size_t bufsz;
+ struct anonymous_shared_header *hdr;
+ int flags = 0;
+
+ if (ptr == NULL) {
+ errno = EINVAL;
+ return NULL;
+ }
+
+ hdr = (struct anonymous_shared_header *)ptr;
+ hdr--;
+ if (hdr-u.length (new_size + sizeof(*hdr))) {
+ errno = EINVAL;
+ return NULL;
+ }
+
+ bufsz = new_size + sizeof(*hdr);
+
+ /* round up to full pages */
+ pagecnt = bufsz / pagesz;
+ if (bufsz % pagesz) {
+ pagecnt += 1;
+ }
+ bufsz = pagesz * pagecnt;
+
+ if (new_size = bufsz) {
+ /* integer wrap */
+ errno = ENOSPC;
+ return NULL;
+ }
+
+ if (bufsz = hdr-u.length) {
+ return ptr;
+ }
+
+ if (maymove) {
+ flags = MREMAP_MAYMOVE;
+ }
+
+ buf = mremap(hdr, hdr-u.length, bufsz, flags);
+
+ if (buf == MAP_FAILED) {
+ errno = ENOSPC
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c84caab s4:misc: remove last usage of legacy event_ fn names via 15efcba s4:lib: use tevent_ fns names instead of legcay event_ ones via edc3266 s4:smbd: use tevent_ fn names instead of leagcy event_ ones via b1feb9d s4:ntvfs: use tevent_ fn names instead of legacy event_ ones via 4a8fdc3 s4:librpc: use tevent_ fn names instead of legacy event_ ones via ab81505 s4:libcli: use tevent_ fn names instead of legacy event_ ones via f364dae s4:dsdb: use tevent_ fn names instaed of legacy event_ ones via 47b6457 s4:messaging: use tevent_ function names instead of legacy event_ ones via b120c5f torture: use tevent_ functions names instead of the legacy event_ ones from 813bdf4 ldb: Remove use after free in error case http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c84caabf8c5061af75d9e046813c1e2e8eff3722 Author: Simo Sorce sso...@redhat.com Date: Tue May 25 15:29:14 2010 -0400 s4:misc: remove last usage of legacy event_ fn names Autobuild-User: Simo Sorce i...@samba.org Autobuild-Date: Sun Aug 14 00:38:13 CEST 2011 on sn-devel-104 commit 15efcbaa09472b306a875178ee535a06d1b01811 Author: Simo Sorce sso...@redhat.com Date: Tue May 25 15:28:35 2010 -0400 s4:lib: use tevent_ fns names instead of legcay event_ ones commit edc32665d0f5cfd5d86f975c8ac8e8ff100956f7 Author: Simo Sorce sso...@redhat.com Date: Tue May 25 15:28:10 2010 -0400 s4:smbd: use tevent_ fn names instead of leagcy event_ ones commit b1feb9d4324dfca7190ec3816d43392b65a94671 Author: Simo Sorce sso...@redhat.com Date: Tue May 25 15:27:41 2010 -0400 s4:ntvfs: use tevent_ fn names instead of legacy event_ ones commit 4a8fdc3958b7bc42bd90d4307f6fb0556944b300 Author: Simo Sorce sso...@redhat.com Date: Tue May 25 15:27:11 2010 -0400 s4:librpc: use tevent_ fn names instead of legacy event_ ones commit ab81505e080e72c2217cb3946b04eee872397763 Author: Simo Sorce sso...@redhat.com Date: Tue May 25 15:26:42 2010 -0400 s4:libcli: use tevent_ fn names instead of legacy event_ ones commit f364daed2203170bc772c8ff9bb28f78da615669 Author: Simo Sorce sso...@redhat.com Date: Tue May 25 15:26:00 2010 -0400 s4:dsdb: use tevent_ fn names instaed of legacy event_ ones commit 47b64573c0d41d418d441ffc40325b822bfadb26 Author: Simo Sorce sso...@redhat.com Date: Tue May 25 15:25:26 2010 -0400 s4:messaging: use tevent_ function names instead of legacy event_ ones commit b120c5f28876fd9efe032a6dbecebfaaff7dfd14 Author: Simo Sorce sso...@redhat.com Date: Tue May 25 15:23:55 2010 -0400 torture: use tevent_ functions names instead of the legacy event_ ones --- Summary of changes: source3/torture/torture.c |6 +++--- source4/auth/gensec/socket.c|6 +++--- source4/dsdb/kcc/kcc_periodic.c |2 +- source4/dsdb/repl/drepl_notify.c|2 +- source4/dsdb/repl/drepl_periodic.c |2 +- source4/lib/com/main.c |2 +- source4/lib/messaging/messaging.c | 16 source4/lib/messaging/tests/irpc.c |6 +++--- source4/lib/messaging/tests/messaging.c |4 ++-- source4/lib/socket/connect.c|4 ++-- source4/lib/socket/connect_multi.c |2 +- source4/lib/stream/packet.c | 16 source4/lib/tls/tls.c | 20 ++-- source4/libcli/composite/composite.c|8 source4/libcli/dgram/dgramsocket.c | 12 ++-- source4/libcli/dgram/mailslot.c |2 +- source4/libcli/raw/clitransport.c | 14 +++--- source4/libcli/raw/rawrequest.c |2 +- source4/libcli/resolve/dns_ex.c |2 +- source4/libcli/smb2/request.c |2 +- source4/libcli/smb2/transport.c | 14 +++--- source4/librpc/rpc/dcerpc.c |8 source4/librpc/rpc/dcerpc_connect.c |2 +- source4/librpc/rpc/dcerpc_sock.c|8 source4/nbt_server/register.c |2 +- source4/nbt_server/wins/winsclient.c|4 ++-- source4/ntvfs/posix/pvfs_notify.c |2 +- source4/ntvfs/posix/pvfs_search.c |2 +- source4/ntvfs/posix/pvfs_wait.c |2 +- source4/ntvfs/posix/pvfs_write.c|4 ++-- source4/rpc_server/echo/rpc_echo.c |2 +- source4/smbd/process_onefork.c |2 +- source4/smbd/process_prefork.c |6 +++--- source4/smbd/process_standard.c |4 ++-- source4/smbd/process_thread.c |4 ++-- source4/torture/basic/base.c|2 +- source4/torture/basic/misc.c|2 +- source4/torture/nbt/dgram.c | 20
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via ce93b4f tevent: fix documentation for tevent_context_init_byname()
via 158b208 tevent: Set FD_CLOEXEC on epoll handle
from d52343a s3-messaging: Do not register to classes we are not going
to use.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit ce93b4f4645b15e204590633a8047c2bfec13154
Author: Sumit Bose sb...@redhat.com
Date: Thu Aug 11 12:39:57 2011 +0200
tevent: fix documentation for tevent_context_init_byname()
Signed-off-by: Simo Sorce i...@samba.org
Autobuild-User: Simo Sorce i...@samba.org
Autobuild-Date: Thu Aug 11 21:56:37 CEST 2011 on sn-devel-104
commit 158b208dfd75c04698f9f9196161322b16a020a2
Author: Sumit Bose sb...@redhat.com
Date: Thu Aug 11 12:30:48 2011 +0200
tevent: Set FD_CLOEXEC on epoll handle
If an application using libtevent starts a new process the epoll file
descriptor
is leaked to the new process if the event context is not freed explicitly.
By
setting FD_CLOEXEC this is not needed anymore.
Signed-off-by: Simo Sorce i...@samba.org
---
Summary of changes:
lib/tevent/tevent.h |4 ++--
lib/tevent/tevent_epoll.c| 19 +--
lib/tevent/tevent_standard.c | 17 +
lib/tevent/tevent_util.c | 17 +
lib/tevent/tevent_util.h |1 +
5 files changed, 54 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/tevent/tevent.h b/lib/tevent/tevent.h
index 6e3ed76..c38f7c3 100644
--- a/lib/tevent/tevent.h
+++ b/lib/tevent/tevent.h
@@ -111,7 +111,7 @@ typedef void (*tevent_signal_handler_t)(struct
tevent_context *ev,
struct tevent_context *tevent_context_init(TALLOC_CTX *mem_ctx);
/**
- * @brief Create a event_context structure and name it.
+ * @brief Create a event_context structure and select a specific backend.
*
* This must be the first events call, and all subsequent calls pass this
* event_context as the first element. Event handlers also receive this as
@@ -119,7 +119,7 @@ struct tevent_context *tevent_context_init(TALLOC_CTX
*mem_ctx);
*
* @param[in] mem_ctx The memory context to use.
*
- * @param[in] name The name for the tevent context.
+ * @param[in] name The name of the backend to use.
*
* @return An allocated tevent context, NULL on error.
*/
diff --git a/lib/tevent/tevent_epoll.c b/lib/tevent/tevent_epoll.c
index 3ab8283..33e1d3f 100644
--- a/lib/tevent/tevent_epoll.c
+++ b/lib/tevent/tevent_epoll.c
@@ -78,11 +78,20 @@ static int epoll_ctx_destructor(struct epoll_event_context
*epoll_ev)
static int epoll_init_ctx(struct epoll_event_context *epoll_ev)
{
epoll_ev-epoll_fd = epoll_create(64);
- epoll_ev-pid = getpid();
- talloc_set_destructor(epoll_ev, epoll_ctx_destructor);
if (epoll_ev-epoll_fd == -1) {
+ tevent_debug(epoll_ev-ev, TEVENT_DEBUG_FATAL,
+Failed to create epoll handle.\n);
return -1;
}
+
+ if (!ev_set_close_on_exec(epoll_ev-epoll_fd)) {
+ tevent_debug(epoll_ev-ev, TEVENT_DEBUG_WARNING,
+Failed to set close-on-exec, file descriptor may
be leaked to children.\n);
+ }
+
+ epoll_ev-pid = getpid();
+ talloc_set_destructor(epoll_ev, epoll_ctx_destructor);
+
return 0;
}
@@ -108,6 +117,12 @@ static void epoll_check_reopen(struct epoll_event_context
*epoll_ev)
Failed to recreate epoll handle after fork\n);
return;
}
+
+ if (!ev_set_close_on_exec(epoll_ev-epoll_fd)) {
+ tevent_debug(epoll_ev-ev, TEVENT_DEBUG_WARNING,
+Failed to set close-on-exec, file descriptor may
be leaked to children.\n);
+ }
+
epoll_ev-pid = getpid();
for (fde=epoll_ev-ev-fd_events;fde;fde=fde-next) {
epoll_add_event(epoll_ev, fde);
diff --git a/lib/tevent/tevent_standard.c b/lib/tevent/tevent_standard.c
index 35f7ded..e2ca44f 100644
--- a/lib/tevent/tevent_standard.c
+++ b/lib/tevent/tevent_standard.c
@@ -100,6 +100,17 @@ static int epoll_ctx_destructor(struct std_event_context
*std_ev)
static void epoll_init_ctx(struct std_event_context *std_ev)
{
std_ev-epoll_fd = epoll_create(64);
+ if (std_ev-epoll_fd == -1) {
+ tevent_debug(std_ev-ev, TEVENT_DEBUG_FATAL,
+Failed to create epoll handle.\n);
+ return;
+ }
+
+ if (!ev_set_close_on_exec(std_ev-epoll_fd)) {
+ tevent_debug(std_ev-ev, TEVENT_DEBUG_WARNING,
+Failed to set close-on-exec, file descriptor may
be leaked to children.\n);
+ }
+
std_ev-pid = getpid
Re: [Samba] Testing samba4 ( alfa11 ) from Cebtos6 rpm
On Wed, 2011-08-03 at 19:04 +1000, Andrew Bartlett wrote: On Fri, 2011-07-29 at 16:49 -0400, Konstantin Pobudzey wrote: Hello #On Centos6 I did : yum install samba4 As I understand it: Red Hat did not decide to ship and support Samba4 except for the minimal required to support OpenChange, to support MAPI access in evolution. The rest of Samba4 is simply not packaged in the RHEL6 RPMs. This is correct, RHEL only ships samba4 libraries for now. Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via e84c7a2 s3-rpc_server: Use talloc for pipe_rpc_fns
via 48a7166 s3-rpc_server: remove useless code
via 262af47 s3-rpc_server: remove unnecessary talloc_free
via 0a72744 s3-rpc_server: Remove dead code
from a97fef3 s3-spoolss: Use existing handle in
printer_driver_files_in_use().
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit e84c7a2e26d206f38bcb94d4d1b6c854cdd4094c
Author: Simo Sorce i...@samba.org
Date: Wed Jul 27 16:40:21 2011 -0400
s3-rpc_server: Use talloc for pipe_rpc_fns
Everything uses talloc in the rpc server nowadays, remove this ancient use
of
malloc. This also allows us to remove the free fucntion and let talloc
handle
it properly.
Autobuild-User: Simo Sorce i...@samba.org
Autobuild-Date: Thu Jul 28 17:41:08 CEST 2011 on sn-devel-104
commit 48a71664f21f50616749b467e6f082b6c20036a1
Author: Simo Sorce i...@samba.org
Date: Wed Jul 27 16:30:42 2011 -0400
s3-rpc_server: remove useless code
We do not reuse pies_struct so there is no reason to SERO_STRUCT() it when
we
are freeing it as we are done using it anyways.
commit 262af4713e192ba80327c1e6607ba8f92d3cc7ea
Author: Simo Sorce i...@samba.org
Date: Wed Jul 27 16:27:17 2011 -0400
s3-rpc_server: remove unnecessary talloc_free
The auth_ctx is a child of pipes_struct, and this function is a used only
as a
destructor on pipes_struct. So it is not really necessary to free this
struct
in the destructor as it will be freed soon enough anyway.
commit 0a72744dd247298fe6aff160d77ae50dc97b8c4f
Author: Simo Sorce i...@samba.org
Date: Wed Jul 27 15:51:17 2011 -0400
s3-rpc_server: Remove dead code
srv_str and cli_str are not used anymore.
---
Summary of changes:
source3/rpc_server/rpc_handles.c | 20
source3/rpc_server/rpc_ncacn_np.c |7 ---
source3/rpc_server/rpc_server.c | 16
source3/rpc_server/srv_pipe.c |6 +++---
4 files changed, 7 insertions(+), 42 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/rpc_handles.c b/source3/rpc_server/rpc_handles.c
index f9251ee..87145ca 100644
--- a/source3/rpc_server/rpc_handles.c
+++ b/source3/rpc_server/rpc_handles.c
@@ -107,20 +107,6 @@ bool check_open_pipes(void)
Close an rpc pipe.
/
-static void free_pipe_rpc_context_internal(struct pipe_rpc_fns *list)
-{
- struct pipe_rpc_fns *tmp = list;
- struct pipe_rpc_fns *tmp2;
-
- while (tmp) {
- tmp2 = tmp-next;
- SAFE_FREE(tmp);
- tmp = tmp2;
- }
-
- return;
-}
-
int close_internal_rpc_pipe_hnd(struct pipes_struct *p)
{
if (!p) {
@@ -128,17 +114,11 @@ int close_internal_rpc_pipe_hnd(struct pipes_struct *p)
return False;
}
- TALLOC_FREE(p-auth.auth_ctx);
-
/* Free the handles database. */
close_policy_by_pipe(p);
- free_pipe_rpc_context_internal( p-contexts );
-
DLIST_REMOVE(InternalPipes, p);
- ZERO_STRUCTP(p);
-
return 0;
}
diff --git a/source3/rpc_server/rpc_ncacn_np.c
b/source3/rpc_server/rpc_ncacn_np.c
index 2ed4a01..1080a98 100644
--- a/source3/rpc_server/rpc_ncacn_np.c
+++ b/source3/rpc_server/rpc_ncacn_np.c
@@ -80,10 +80,11 @@ struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX
*mem_ctx,
return NULL;
}
- context_fns = SMB_MALLOC_P(struct pipe_rpc_fns);
+ context_fns = talloc(p, struct pipe_rpc_fns);
if (context_fns == NULL) {
- DEBUG(0,(malloc() failed!\n));
- return False;
+ DEBUG(0,(talloc() failed!\n));
+ TALLOC_FREE(p);
+ return NULL;
}
context_fns-next = context_fns-prev = NULL;
diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c
index 269b701..2e109a5 100644
--- a/source3/rpc_server/rpc_server.c
+++ b/source3/rpc_server/rpc_server.c
@@ -934,8 +934,6 @@ static void dcerpc_ncacn_accept(struct tevent_context
*ev_ctx,
dcerpc_ncacn_disconnect_fn fn) {
struct dcerpc_ncacn_conn *ncacn_conn;
struct tevent_req *subreq;
- const char *cli_str;
- const char *srv_str = NULL;
bool system_user = false;
char *pipe_name;
NTSTATUS status;
@@ -1046,20 +1044,6 @@ static void dcerpc_ncacn_accept(struct tevent_context
*ev_ctx,
return;
}
- if (tsocket_address_is_inet(ncacn_conn-client, ip)) {
- cli_str = ncacn_conn-client_name;
- } else {
- cli_str = ;
- }
-
- if (ncacn_conn-server
Re: [Samba] Very slow write performance to RAID
On Tue, 2011-07-26 at 00:32 +0100, Jonathan Buzzard wrote: Jeremy Allison wrote: [SNIP] Test using a modern (i.e. much later than 3.0.33) smbclient. To back that up he is using CentOS 5, so there is no excuse for using such an old version. Needs to switch to the samba3x packages that have been present since CentOS 5.5 asap. From recollection it is getting on now for a year since CentOS 5.5 came out which gave you version 3.3.8 in the samba3x packages and CentOS 5.6 bumped that to 3.5.4, which has been out for several months now. For those that say upgrade to CentOS 6, you won't get any newer samba as the samba3x packages in CentOS 5.6 are at the same level as the samba packages in CentOS 6. FWIW RHEL 6.1 has a newer version with a ton of patches on top. Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via b19b05c s3-rpc_server: Do not set msg_ctx twice
from 2b1fc7c s3:winbindd_cm: remove unused checks for address family
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit b19b05cd0aa0e3f82c134f8d9d5d486dad60dd5a
Author: Simo Sorce i...@samba.org
Date: Thu Jul 21 17:10:06 2011 -0400
s3-rpc_server: Do not set msg_ctx twice
msg_ctx was already passed to make_base_pipes_struct,
no need to set it again.
Autobuild-User: Simo Sorce i...@samba.org
Autobuild-Date: Fri Jul 22 00:47:28 CEST 2011 on sn-devel-104
---
Summary of changes:
source3/rpc_server/rpc_server.c |1 -
1 files changed, 0 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c
index 2a0f675..269b701 100644
--- a/source3/rpc_server/rpc_server.c
+++ b/source3/rpc_server/rpc_server.c
@@ -74,7 +74,6 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx,
*perrno = ret;
return -1;
}
- p-msg_ctx = msg_ctx;
if (session_info-unix_token session_info-unix_info
session_info-security_token) {
/* Don't call create_local_token(), we already have the full
details here */
--
Samba Shared Repository
Re: [Samba] Proposal to change Samba contribution copyright policy.
On Tue, 2011-07-12 at 14:19 -0700, Jeremy Allison wrote: Hi all, Some history. Samba has historically only accepted code with personal, not corporate copyright attached. There were a couple of good reasons for this in the past, one of which was that we preferred GPL enforcement decisions to be made by individuals, not by corporations. Under GPLv2, a license violator loses all rights under the license and these have to be reinstated by the copyright holders, which made controlling who those copyright holders were very important. People are usually much more reasonable than corporations :-). With the move to GPLv3, this is much less important than it once was. The GPLv3, unlike GPLv2, allows an automatic reinstatement of rights under the license if a violator cures the license violation problem within 30 days. Given this, I'm proposing that we modify our policy slightly to allow corporate owned copyright within Samba. Note I'm not proposing open season on corporate (C), and we'd still prefer to get individual copyright, or assignment to the Software Freedom Conservancy (as we have done in the past). The reason to prefer individual, or SFC owned copyright is for ease of relicensing components within Samba. Over time, we have moved certain libraries within Samba from GPL to LGPL, for example the tdb and talloc libraries. Re-licensing like this is easier if we don't have to get permission from a corporate legal department, but can just directly ask the engineers themselves, so I'd still suggest that we keep personal or SFC copyright for code that goes into libraries, or code that might be moved into a library. But for things like build fixes for specific platforms, I don't think it's necessary any more to insist on personal copyright, which can delay or prevent engineers from giving us good fixes. I already raised this with tridge, who told me that he had been meaning to raise the very same issue with me (just one more proof that great minds think alike :-), so I promised to write this email to propose it to the lists in general. Please comment and let us know what you think about this possibility. Samba Team members get to vote, but we'd be really interested in hearing from all Samba users to understand if this is something the community thinks is a good idea or not. Jeremy I have no objections in principle, but for copyrights that cover feature changes if companies want to retain copyright I think we should request that they defer any decision on licensing (need to find appropriate legal wording) to the team so that we are not constrained by disappeared, sold or otherwise unresponsive or recalcitrant companies in case we need to change the license of one of the components. What do corporate contributors think ? Is that something your legal department can swallow, do you need the team to give promises about the kind of licenses we will consider in case changes are needed. I think we have ever used GPLvX, LGPLvX, and public domain/extremely permissive X11 style license. And I think we can restrict ourselves to that set or equivalent. Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via d566146 s3-passdb: Implement new pdb trust calls for the default
backend
from 97af358 s4:libcli/raw/raw*.c - add unhandled enum values
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit d5661467e17cc233fe8605e8138991b4a459e78f
Author: Sumit Bose sb...@redhat.com
Date: Tue May 31 15:32:29 2011 +0200
s3-passdb: Implement new pdb trust calls for the default backend
Signed-off-by: Simo Sorce i...@samba.org
Autobuild-User: Simo Sorce i...@samba.org
Autobuild-Date: Sun Jun 12 06:45:25 CEST 2011 on sn-devel-104
---
Summary of changes:
source3/Makefile.in| 15 --
source3/passdb/pdb_interface.c | 104 +++-
source3/torture/pdbtest.c | 83
3 files changed, 194 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/Makefile.in b/source3/Makefile.in
index a06c8c7..3ef7541 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -1037,6 +1037,7 @@ PDBEDIT_OBJ = utils/pdbedit.o $(PASSWD_UTIL_OBJ)
$(PARAM_OBJ) $(PASSDB_OBJ) \
$(LIBSAMBA_OBJ) $(LIBTSOCKET_OBJ) \
$(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) \
$(LIBCLI_LDAP_NDR_OBJ) \
+ $(DRSUAPI_OBJ) $(LIBNDR_GEN_OBJ0) \
$(POPT_LIB_OBJ) $(SMBLDAP_OBJ) ../lib/util/asn1.o
SMBGET_OBJ = utils/smbget.o $(POPT_LIB_OBJ) $(LIBSMBCLIENT_OBJ1)
@@ -1320,6 +1321,7 @@ PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o
pam_smbpass/pam_smb_passwd.o \
pam_smbpass/pam_smb_acct.o pam_smbpass/support.o
../lib/util/asn1.o
PAM_SMBPASS_OBJ = $(PAM_SMBPASS_OBJ_0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ)
$(PASSDB_OBJ) $(GROUPDB_OBJ) \
$(SMBLDAP_OBJ) $(LIBSAMBA_OBJ) \
+ $(DRSUAPI_OBJ) $(LIBNDR_GEN_OBJ0) \
$(LIBTSOCKET_OBJ) $(PAM_ERRORS_OBJ)
IDMAP_RW_OBJ = winbindd/idmap_rw.o
@@ -1502,6 +1504,7 @@ NTLM_AUTH_OBJ = ${NTLM_AUTH_OBJ1} $(LIBSAMBA_OBJ)
$(POPT_LIB_OBJ) \
$(SMBLDAP_OBJ) $(LIBNMB_OBJ) \
$(WBCOMMON_OBJ) \
$(LIBCLI_LDAP_NDR_OBJ) \
+ $(DRSUAPI_OBJ) \
$(LIBNDR_GEN_OBJ0) $(LIBNDR_NETLOGON_OBJ) @BUILD_INIPARSER@
@@ -1871,11 +1874,11 @@ bin/smbpasswd@EXEEXT@: $(BINARY_PREREQS)
$(SMBPASSWD_OBJ) @BUILD_POPT@ $(LIBTALL
$(DYNEXP) $(LIBS) $(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS)
$(ZLIB_LIBS)
-bin/pdbedit@EXEEXT@: $(BINARY_PREREQS) $(PDBEDIT_OBJ) @BUILD_POPT@
$(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
+bin/pdbedit@EXEEXT@: $(BINARY_PREREQS) $(PDBEDIT_OBJ) @BUILD_POPT@
$(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) $(ZLIB_LIBS)
@echo Linking $@
@$(CC) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
$(POPT_LIBS) $(PASSDB_LIBS) $(LDAP_LIBS) $(LIBTALLOC_LIBS) \
- $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS)
+ $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS) $(ZLIB_LIBS)
bin/smbget@EXEEXT@: $(BINARY_PREREQS) $(SMBGET_OBJ) @BUILD_POPT@ $(LIBTALLOC)
$(LIBTDB) $(LIBWBCLIENT)
@echo Linking $@
@@ -3115,17 +3118,17 @@ bin/wbinfo@EXEEXT@: $(BINARY_PREREQS) $(WBINFO_OBJ)
@BUILD_POPT@ $(LIBTALLOC) $(
$(LIBWBCLIENT_LIBS)
bin/ntlm_auth@EXEEXT@: $(BINARY_PREREQS) $(NTLM_AUTH_OBJ) $(PARAM_OBJ) \
- $(LIB_NONSMBD_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
+ $(LIB_NONSMBD_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
$(ZLIB_LIBS)
@echo Linking $@
@$(CC) -o $@ $(LDFLAGS) $(DYNEXP) $(NTLM_AUTH_OBJ) \
- $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(LIBS) \
+ $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(LIBS) $(ZLIB_LIBS) \
$(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS)
@INIPARSERLIBS@
-bin/pam_smbpass.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_SMBPASS_OBJ)
$(LIBCLI_LDAP_NDR_OBJ) $(LIBTALLOC) $(LIBWBCLIENT) $(LIBTDB)
+bin/pam_smbpass.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_SMBPASS_OBJ)
$(LIBCLI_LDAP_NDR_OBJ) $(LIBTALLOC) $(LIBWBCLIENT) $(LIBTDB) $(ZLIB_LIBS)
@echo Linking shared library $@
@$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_SMBPASS_OBJ) $(LIBCLI_LDAP_NDR_OBJ)
-lpam $(DYNEXP) \
- $(LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
+ $(LIBS) $(LDAP_LIBS) $(NSCD_LIBS) $(ZLIB_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS)
bin/tdbbackup@EXEEXT@: $(BINARY_PREREQS) $(TDBBACKUP_OBJ) $(LIBTALLOC)
$(LIBTDB)
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index b3d62bc..94ed355 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -25,6 +25,8 @@
#include
Re: [Samba] missing symbols talloc_* (opensuse 11.4/samba 3.5.7-xxx)
/nmbd) undefined symbol: _talloc_realloc_array (/usr/sbin/nmbd) undefined symbol: _talloc_zero_array(/usr/sbin/nmbd) undefined symbol: talloc_set_name_const (/usr/sbin/nmbd) undefined symbol: _talloc_realloc (/usr/sbin/nmbd) undefined symbol: talloc_asprintf_append(/usr/sbin/nmbd) undefined symbol: talloc_get_size (/usr/sbin/nmbd) undefined symbol: talloc_total_size (/usr/sbin/nmbd) undefined symbol: talloc_set_log_fn (/usr/sbin/nmbd) undefined symbol: talloc_set_abort_fn (/usr/sbin/nmbd) undefined symbol: talloc_total_blocks (/usr/sbin/nmbd) undefined symbol: talloc_autofree_context (/usr/sbin/nmbd) undefined symbol: _talloc_move (/usr/sbin/nmbd) undefined symbol: talloc_named_const(/usr/sbin/nmbd) undefined symbol: talloc_check_name (/usr/sbin/nmbd) undefined symbol: _talloc_get_type_abort(/usr/sbin/nmbd) undefined symbol: _talloc_set_destructor(/usr/sbin/nmbd) Any ideas as to what library i'm missing? Looks like nmbd is not being linked against libtalloc. Simo. Prior to this I was running w/a self-built version installed into the standard opensuse locations. Thanks! Linda -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: talloc dep for talloc.h
On Tue, 2011-01-04 at 11:30 +0100, Jelmer Vernooij wrote: On Tue, 2011-01-04 at 21:27 +1100, Andrew Bartlett wrote: On Tue, 2011-01-04 at 09:55 +0100, Jelmer Vernooij wrote: On Tue, 2011-01-04 at 05:40 +0100, Andrew Bartlett wrote: commit 640028d158583825ea5ffd1266f099cf8776db5d Author: Andrew Bartlett abart...@samba.org Date: Tue Jan 4 14:41:38 2011 +1100 nsswitch Add talloc depencency for nsstest nsstest does not use talloc, but it includes talloc.h via includes.h, and so without this it cannot find the right internal header. This wasn't noticed before, as most linux developer boxes have a talloc.h. The issue was reported by Adam Tauno Williams awilliam at whitemice.org I'm a bit puzzled by this, as e.g. sn doesn't have talloc.h installed either and neither have most of the build farm hosts. Perhaps it happens if talloc.h is installed but not in /usr/include ? That is odd, but I reproduced it locally, by removing libtalloc-devel from my Fedora 12 laptop. I've tested it before and after this commit (including a waf configure). That is odd indeed. Is talloc.pc perhaps part of the the libtalloc package on RedHat instead of libtalloc-devel ? talloc.pc is in libtalloc-devel in fedora and in RHEL. Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via f07f3d5 Fix 3.6 headers via ad8415c s3-gse: Use gss_get_name_attribute to fetch the pac from 3db7254 WHATSNEW: Start 3.6.0rc1 release notes. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit f07f3d5d11b57321dc0616b88afc78199a59e2d8 Author: Simo Sorce i...@samba.org Date: Fri May 13 16:36:42 2011 -0400 Fix 3.6 headers commit ad8415cb8a7bbd1f653eecce1aa2b88242bcc9e5 Author: Simo Sorce i...@samba.org Date: Mon May 9 11:33:41 2011 -0400 s3-gse: Use gss_get_name_attribute to fetch the pac This is the only way to be sure the pac signatures are correct. It requires a fairly new version of MIT Kerberos, but that should be fine, it is new functionality in 3.6 anyways. --- Summary of changes: source3/configure.in|1 + source3/include/proto.h | 28 +- source3/lib/netapi/netapi_private.h |2 + source3/librpc/crypto/gse.c | 74 +++ source3/librpc/crypto/gse.h |3 +- source3/librpc/rpc/dcerpc_ep.c |1 + source3/rpc_client/cli_winreg_int.h |1 + source3/rpc_server/dcesrv_gssapi.c | 42 +--- source3/rpc_server/rpc_ncacn_np.h |2 + source3/smbd/lanman.c |1 + 10 files changed, 61 insertions(+), 94 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/configure.in b/source3/configure.in index d8c59b6..72568d8 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -3860,6 +3860,7 @@ if test x$with_ads_support != xno; then AC_CHECK_FUNC_EXT(krb5_get_credentials_for_user, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_get_host_realm, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_free_host_realm, $KRB5_LIBS) + AC_CHECK_FUNC_EXT(gss_get_name_attribute, $KRB5_LIBS) # MIT krb5 1.8 does not expose this call (yet) AC_CHECK_DECLS(krb5_get_credentials_for_user, [], [], [#include krb5.h]) diff --git a/source3/include/proto.h b/source3/include/proto.h index 5f0e878..6c76029 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -2667,33 +2667,6 @@ const struct ndr_interface_table *get_iface_from_syntax( const char *get_pipe_name_from_syntax(TALLOC_CTX *mem_ctx, const struct ndr_syntax_id *syntax); -/* The following definitions come from rpc_server/rpc_ncacn_np.c */ -struct auth_serversupplied_info; -struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx, - const struct ndr_syntax_id *syntax, - struct client_address *client_id, - const struct auth_serversupplied_info *session_info, - struct messaging_context *msg_ctx); -struct dcerpc_binding_handle; -NTSTATUS rpcint_binding_handle(TALLOC_CTX *mem_ctx, - const struct ndr_interface_table *ndr_table, - struct client_address *client_id, - const struct auth_serversupplied_info *session_info, - struct messaging_context *msg_ctx, - struct dcerpc_binding_handle **binding_handle); -NTSTATUS rpc_pipe_open_internal(TALLOC_CTX *mem_ctx, - const struct ndr_syntax_id *abstract_syntax, - const struct auth_serversupplied_info *serversupplied_info, - struct client_address *client_id, - struct messaging_context *msg_ctx, - struct rpc_pipe_client **presult); -NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx, -const struct ndr_syntax_id *syntax, -const struct auth_serversupplied_info *session_info, -struct client_address *client_id, -struct messaging_context *msg_ctx, -struct rpc_pipe_client **cli_pipe); - /* The following definitions come from rpc_client/cli_pipe_schannel.c */ NTSTATUS get_schannel_session_key(struct cli_state *cli, @@ -2703,6 +2676,7 @@ NTSTATUS get_schannel_session_key(struct cli_state *cli, /* The following definitions come from rpc_server/rpc_handles.c */ +struct pipes_struct; size_t num_pipe_handles(struct pipes_struct *p); bool init_pipe_handles(struct pipes_struct *p, const struct ndr_syntax_id *syntax); bool create_policy_hnd(struct pipes_struct *p, struct policy_handle *hnd, void *data_ptr); diff --git a/source3/lib/netapi/netapi_private.h b/source3/lib/netapi/netapi_private.h index 7559c61..349287b 100644 --- a/source3/lib/netapi
Re: [SCM] Samba Shared Repository - branch master updated
On Sat, 2011-05-07 at 02:21 +0200, Jeremy Allison wrote:
The branch, master has been updated
via ac25835 Fix Samba3 on OpenIndiana.
from f7b3909 A couple more off-by-one calculations with strlcpy.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit ac25835ab7b76226bd59fec9ffef46d5c5817d54
Author: Gordon Ross gordon.w.r...@gmail.com
Date: Fri May 6 16:00:08 2011 -0700
Fix Samba3 on OpenIndiana.
I'd like Samba to use the native OpenLDAP and MIT Kerberos libs.
Attached are some patches to do that. (relative to git master)
It does not build for me without these.
(OpenIndiana is an off-shoot of OpenSolaris See
http://www.openindiana.org)
Autobuild-User: Jeremy Allison j...@samba.org
Autobuild-Date: Sat May 7 02:20:14 CEST 2011 on sn-devel-104
---
Summary of changes:
auth/kerberos/gssapi_pac.c| 24
lib/replace/system/kerberos.h |4 +++-
source3/configure.in | 26 +-
source3/wscript |2 +-
4 files changed, 49 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/kerberos/gssapi_pac.c b/auth/kerberos/gssapi_pac.c
index d89a649..e115cfe 100644
--- a/auth/kerberos/gssapi_pac.c
+++ b/auth/kerberos/gssapi_pac.c
@@ -23,6 +23,30 @@
#include libcli/auth/krb5_wrap.h
+#if 0
+/* FIXME - need proper configure/waf test
+ * to determine if gss_mech_krb5 and friends
+ * exist. JRA.
+ */
+/*
+ * These are not exported by Solaris -lkrb5
+ * Maybe move to libreplace somewhere?
+ */
+static const gss_OID_desc krb5_gss_oid_array[] = {
+ /* this is the official, rfc-specified OID */
+ { 9, \052\206\110\206\367\022\001\002\002 },
+ /* this is the pre-RFC mech OID */
+ { 5, \053\005\001\005\002 },
+ /* this is the unofficial, incorrect mech OID emitted by MS */
+ { 9, \052\206\110\202\367\022\001\002\002 },
+ { 0, 0 }
+};
Jeremy something looks wrong here.
The comments seem to imply the MS and the official OID should be
different, (the MS being wrong), yet I see non difference between them.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer s...@samba.org
Principal Software Engineer at Red Hat, Inc. s...@redhat.com
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 1804d9a tdb_backup: avoid transaction on backup file, use lockall
from 9bf3dc3 Fix Bug #8099 setpwent() actually does endpwent() and vice
versa on FreeBSD
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 1804d9a64662d37f6c7c50bdd7b8edd80f42192b
Author: Simo Sorce i...@samba.org
Date: Sat Apr 9 22:21:35 2011 -0400
tdb_backup: avoid transaction on backup file, use lockall
Transactions have the side effect of generating bigger files.
By removing the transaction files get as much as 30% smaller.
Autobuild-User: Simo Sorce i...@samba.org
Autobuild-Date: Tue Apr 19 23:34:37 CEST 2011 on sn-devel-104
---
Summary of changes:
lib/tdb/tools/tdbbackup.c | 21 +
1 files changed, 13 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/tdb/tools/tdbbackup.c b/lib/tdb/tools/tdbbackup.c
index 6aca8dd..11ecaa0 100644
--- a/lib/tdb/tools/tdbbackup.c
+++ b/lib/tdb/tools/tdbbackup.c
@@ -152,8 +152,9 @@ static int backup_tdb(const char *old_name, const char
*new_name, int hash_size)
return 1;
}
- if (tdb_transaction_start(tdb_new) != 0) {
- printf(Failed to start transaction on new tdb\n);
+ /* lock the backup tdb so that nobody else can change it */
+ if (tdb_lockall(tdb_new) != 0) {
+ printf(Failed to lock backup tdb\n);
tdb_close(tdb);
tdb_close(tdb_new);
unlink(tmp_name);
@@ -177,12 +178,16 @@ static int backup_tdb(const char *old_name, const char
*new_name, int hash_size)
/* close the old tdb */
tdb_close(tdb);
- if (tdb_transaction_commit(tdb_new) != 0) {
- fprintf(stderr, Failed to commit new tdb\n);
- tdb_close(tdb_new);
- unlink(tmp_name);
- free(tmp_name);
- return 1;
+ /* copy done, unlock the backup tdb */
+ tdb_unlockall(tdb_new);
+
+#ifdef HAVE_FDATASYNC
+ if (fdatasync(tdb_fd(tdb_new)) != 0) {
+#else
+ if (fsync(tdb_fd(tdb_new)) != 0) {
+#endif
+ /* not fatal */
+ fprintf(stderr, failed to fsync backup file\n);
}
/* close the new tdb and re-open read-only */
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 72bd60b s3-epmapper: fix vars init and return errors
via edc2600 librpc: Return an error if we a broken floor.
via 95daebe cleanup: fix some trailing spaces
via dbe957e s3-epmapper: Fix allocation of data on the wrong context
via 5ebf007 s3-epmapper: Make sure we work on a description duplicate.
via f534dcd librpc: Added a dcerpc_binding_dup() function.
via e8912b9 s3-epmapper: Refactor the cleanup of endpoints.
via fd89e29 s3-epmapper: Use strcmp instead of strequal and check IPv6.
via bf1e330 s3-epmapper: Increase debug levels.
from 155c4fb s3: Fix some errno assignments in SMBC_opendir_ctx
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 72bd60b2fee20dc85c1cc88d5d4e2efdfb74b701
Author: Simo Sorce i...@samba.org
Date: Thu Mar 24 11:49:27 2011 -0400
s3-epmapper: fix vars init and return errors
Properly initialize variables at each cycle.
Convert to the right error when returning EPMAPPER ones.
Autobuild-User: Simo Sorce i...@samba.org
Autobuild-Date: Thu Mar 24 20:43:49 CET 2011 on sn-devel-104
commit edc26007bf50ce165b8f8dfba5e1c7f86f6918e6
Author: Andreas Schneider a...@samba.org
Date: Thu Mar 24 13:45:32 2011 +0100
librpc: Return an error if we a broken floor.
Pair-Programmed-With: Simo Sorce i...@samba.org
commit 95daebe1c339cefe87bcb5d4e2afc79a45af3b62
Author: Simo Sorce i...@samba.org
Date: Thu Mar 24 09:21:11 2011 -0400
cleanup: fix some trailing spaces
commit dbe957e48fec13aec39b7c2675cd4b7cde55d9d0
Author: Simo Sorce i...@samba.org
Date: Thu Mar 24 08:23:48 2011 -0400
s3-epmapper: Fix allocation of data on the wrong context
p-mem_ctx is the short-lived per request context, while this data is long
lived, allocate on p instead.
commit 5ebf0072336ece5acf120bcdeb6612445fa059f1
Author: Andreas Schneider a...@samba.org
Date: Thu Mar 24 14:39:56 2011 +0100
s3-epmapper: Make sure we work on a description duplicate.
commit f534dcdca3184a342df2d702663088a4afba6571
Author: Andreas Schneider a...@samba.org
Date: Thu Mar 24 14:39:37 2011 +0100
librpc: Added a dcerpc_binding_dup() function.
commit e8912b9ad31154adca4d2065b2986661a956a959
Author: Andreas Schneider a...@samba.org
Date: Thu Mar 24 13:07:54 2011 +0100
s3-epmapper: Refactor the cleanup of endpoints.
commit fd89e29e7ee5065b6f4349e391c90c5f81e7c476
Author: Andreas Schneider a...@samba.org
Date: Thu Mar 24 13:07:05 2011 +0100
s3-epmapper: Use strcmp instead of strequal and check IPv6.
commit bf1e330f69951400f12ecb17c82adadd1e901a58
Author: Andreas Schneider a...@samba.org
Date: Thu Mar 24 10:44:14 2011 +0100
s3-epmapper: Increase debug levels.
---
Summary of changes:
librpc/rpc/binding.c | 101 +--
librpc/rpc/rpc_common.h|2 +
source3/rpc_server/epmapper/srv_epmapper.c | 78 -
3 files changed, 140 insertions(+), 41 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/rpc/binding.c b/librpc/rpc/binding.c
index 2a0295b..422537e 100644
--- a/librpc/rpc/binding.c
+++ b/librpc/rpc/binding.c
@@ -646,13 +646,22 @@ _PUBLIC_ const char
*derpc_transport_string_by_transport(enum dcerpc_transport_t
return NULL;
}
-_PUBLIC_ NTSTATUS dcerpc_binding_from_tower(TALLOC_CTX *mem_ctx,
- struct epm_tower *tower,
- struct dcerpc_binding **b_out)
+_PUBLIC_ NTSTATUS dcerpc_binding_from_tower(TALLOC_CTX *mem_ctx,
+ struct epm_tower *tower,
+ struct dcerpc_binding **b_out)
{
NTSTATUS status;
struct dcerpc_binding *binding;
+ /*
+* A tower needs to have at least 4 floors to carry useful
+* information. Floor 3 is the transport identifier which defines
+* how many floors are required at least.
+*/
+ if (tower-num_floors 4) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
binding = talloc_zero(mem_ctx, struct dcerpc_binding);
NT_STATUS_HAVE_NO_MEMORY(binding);
@@ -669,15 +678,11 @@ _PUBLIC_ NTSTATUS dcerpc_binding_from_tower(TALLOC_CTX
*mem_ctx,
return NT_STATUS_NOT_SUPPORTED;
}
- if (tower-num_floors 1) {
- return NT_STATUS_OK;
- }
-
/* Set object uuid */
status = dcerpc_floor_get_lhs_data(tower-floors[0], binding-object);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, (Error pulling object uuid and version: %s,
nt_errstr(status)));
+ DEBUG(1, (Error pulling object uuid and version: %s,
nt_errstr(status
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 17fe342 s3-epmapper: fix vars init and return errors
via 8a8f4df librpc: Return an error if we a broken floor.
via e41b818 cleanup: fix some trailing spaces
via 7ae0d64 s3-epmapper: Fix allocation of data on the wrong context
via 409e67e s3-epmapper: Make sure we work on a description duplicate.
via bdd17bb librpc: Added a dcerpc_binding_dup() function.
via 5f47e57 s3-epmapper: Refactor the cleanup of endpoints.
via 824f65c s3-epmapper: Use strcmp instead of strequal and check IPv6.
from 2896698 s3: Fix some errno assignments in SMBC_opendir_ctx
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 17fe34287e582f804cc139a6164563699877d440
Author: Simo Sorce i...@samba.org
Date: Thu Mar 24 11:49:27 2011 -0400
s3-epmapper: fix vars init and return errors
Properly initialize variables at each cycle.
Convert to the right error when returning EPMAPPER ones.
Autobuild-User: Simo Sorce i...@samba.org
Autobuild-Date: Thu Mar 24 20:43:49 CET 2011 on sn-devel-104
commit 8a8f4dfe617d4d9625e3788c33f788e140e37f06
Author: Andreas Schneider a...@samba.org
Date: Thu Mar 24 13:45:32 2011 +0100
librpc: Return an error if we a broken floor.
Pair-Programmed-With: Simo Sorce i...@samba.org
commit e41b8186557bef3b2205fa998be514d7c9f61f1f
Author: Simo Sorce i...@samba.org
Date: Thu Mar 24 09:21:11 2011 -0400
cleanup: fix some trailing spaces
commit 7ae0d6404ed4a02702be139329939b2d7f0c9c5d
Author: Simo Sorce i...@samba.org
Date: Thu Mar 24 08:23:48 2011 -0400
s3-epmapper: Fix allocation of data on the wrong context
p-mem_ctx is the short-lived per request context, while this data is long
lived, allocate on p instead.
commit 409e67e780ad8b90d7d7a1a11f8c920e9a86381b
Author: Andreas Schneider a...@samba.org
Date: Thu Mar 24 14:39:56 2011 +0100
s3-epmapper: Make sure we work on a description duplicate.
commit bdd17bb4b2785988f8f546ef60b54d655712a946
Author: Andreas Schneider a...@samba.org
Date: Thu Mar 24 14:39:37 2011 +0100
librpc: Added a dcerpc_binding_dup() function.
commit 5f47e5763459fa2582a609074b448201854b4fa7
Author: Andreas Schneider a...@samba.org
Date: Thu Mar 24 13:07:54 2011 +0100
s3-epmapper: Refactor the cleanup of endpoints.
commit 824f65c5e3dede8a2f29fe3bb92f89c03f3d4070
Author: Andreas Schneider a...@samba.org
Date: Thu Mar 24 13:07:05 2011 +0100
s3-epmapper: Use strcmp instead of strequal and check IPv6.
---
Summary of changes:
librpc/rpc/binding.c | 101 +--
librpc/rpc/rpc_common.h|2 +
source3/rpc_server/epmapper/srv_epmapper.c | 62 ++---
3 files changed, 132 insertions(+), 33 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/rpc/binding.c b/librpc/rpc/binding.c
index 2a0295b..422537e 100644
--- a/librpc/rpc/binding.c
+++ b/librpc/rpc/binding.c
@@ -646,13 +646,22 @@ _PUBLIC_ const char
*derpc_transport_string_by_transport(enum dcerpc_transport_t
return NULL;
}
-_PUBLIC_ NTSTATUS dcerpc_binding_from_tower(TALLOC_CTX *mem_ctx,
- struct epm_tower *tower,
- struct dcerpc_binding **b_out)
+_PUBLIC_ NTSTATUS dcerpc_binding_from_tower(TALLOC_CTX *mem_ctx,
+ struct epm_tower *tower,
+ struct dcerpc_binding **b_out)
{
NTSTATUS status;
struct dcerpc_binding *binding;
+ /*
+* A tower needs to have at least 4 floors to carry useful
+* information. Floor 3 is the transport identifier which defines
+* how many floors are required at least.
+*/
+ if (tower-num_floors 4) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
binding = talloc_zero(mem_ctx, struct dcerpc_binding);
NT_STATUS_HAVE_NO_MEMORY(binding);
@@ -669,15 +678,11 @@ _PUBLIC_ NTSTATUS dcerpc_binding_from_tower(TALLOC_CTX
*mem_ctx,
return NT_STATUS_NOT_SUPPORTED;
}
- if (tower-num_floors 1) {
- return NT_STATUS_OK;
- }
-
/* Set object uuid */
status = dcerpc_floor_get_lhs_data(tower-floors[0], binding-object);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, (Error pulling object uuid and version: %s,
nt_errstr(status)));
+ DEBUG(1, (Error pulling object uuid and version: %s,
nt_errstr(status)));
return status;
}
@@ -702,6 +707,86 @@ _PUBLIC_ NTSTATUS dcerpc_binding_from_tower(TALLOC_CTX
*mem_ctx,
return NT_STATUS_OK;
}
+_PUBLIC_ struct dcerpc_binding *dcerpc_binding_dup(TALLOC_CTX
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7f1fd07 s3-epmapper: Log error if we can't register the endpoint. via b38517b s3-epmapper: Setup epm in smbd to forward np requests. via 73e985f s3-epmapper: Remove unregister on shutdown. via da1a18c s3-epmd: Cleanup endpoints on service pipe disconnect. via 0d97741 s3-epmapper: Added function to delete endpoint entries. via e69d922 s3-rpc_server: Added disconnect callback function. via 044eabe s3-rpc_server: Rename req to subreq. via 73faa82 s3-rpc_server: Implement an endpoint monitor loop. via b2bdc20 s3-rpc_server: Added a memory context to the ep regsiter state. via 81a2046 s3-librpc: Leave the epm registration connection open. via d6a1469 s3-epmd: Cleanup endpoint mapper correctly. via de77524 s3-epmapper: Shutdown the embedded epmapper cleanly. via 661ac49 s3-epmapper: Added a cleanup function. via da718a5 s3-epmapper: Use DCERPC_AUTH_LEVEL_CONNECT for ep ncalrpc. via 3766f3e s3-rpc_server: Rename system_user to ncalrpc_as_system. from 177df3c s3: Fix a shadowed declaration warning http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7f1fd07fbe99fc167eb529d482b084142c39ea8a Author: Andreas Schneider a...@samba.org Date: Mon Mar 21 16:14:19 2011 +0100 s3-epmapper: Log error if we can't register the endpoint. Autobuild-User: Simo Sorce i...@samba.org Autobuild-Date: Wed Mar 23 18:06:54 CET 2011 on sn-devel-104 commit b38517bbdc746fe53e0bd804623b2ea7b0e98cbc Author: Andreas Schneider a...@samba.org Date: Thu Mar 17 17:56:37 2011 +0100 s3-epmapper: Setup epm in smbd to forward np requests. commit 73e985fe4b1b4c3e879f4d7fe7bc2f98851aee6e Author: Andreas Schneider a...@samba.org Date: Thu Mar 17 16:59:10 2011 +0100 s3-epmapper: Remove unregister on shutdown. This is done automatically now. commit da1a18cd032760c33cf4573124c5b88507b84425 Author: Andreas Schneider a...@samba.org Date: Thu Mar 17 11:14:12 2011 +0100 s3-epmd: Cleanup endpoints on service pipe disconnect. commit 0d97741b9b825350e3e04b5dc49b4e039bd744dc Author: Andreas Schneider a...@samba.org Date: Wed Mar 16 13:42:26 2011 +0100 s3-epmapper: Added function to delete endpoint entries. commit e69d92236744bb06d60faa4f21f3cd748ec5629d Author: Andreas Schneider a...@samba.org Date: Mon Mar 14 12:29:49 2011 +0100 s3-rpc_server: Added disconnect callback function. commit 044eabe425f9ae6e2fcea5ec1481b33c35b173f7 Author: Andreas Schneider a...@samba.org Date: Thu Mar 10 13:02:31 2011 +0100 s3-rpc_server: Rename req to subreq. commit 73faa82bf9ebebdff9662e60715e9fd4f1614b9f Author: Andreas Schneider a...@samba.org Date: Thu Mar 10 10:17:51 2011 +0100 s3-rpc_server: Implement an endpoint monitor loop. commit b2bdc20f65f0d5fda5b9fdb9dc6222e2f219bbea Author: Andreas Schneider a...@samba.org Date: Wed Mar 9 10:38:00 2011 +0100 s3-rpc_server: Added a memory context to the ep regsiter state. commit 81a2046879299a051e69fd4d78b3a8e49b690f1b Author: Andreas Schneider a...@samba.org Date: Wed Mar 9 10:17:06 2011 +0100 s3-librpc: Leave the epm registration connection open. commit d6a1469f4350fa24204e11bb9aee0e33f8d21c34 Author: Andreas Schneider a...@samba.org Date: Mon Mar 14 14:50:09 2011 +0100 s3-epmd: Cleanup endpoint mapper correctly. commit de775244a97b011fa34e52987a76ff81a5d36fb0 Author: Andreas Schneider a...@samba.org Date: Mon Mar 14 17:14:19 2011 +0100 s3-epmapper: Shutdown the embedded epmapper cleanly. commit 661ac49794a0594003463e1cf3ae1bf806f24213 Author: Andreas Schneider a...@samba.org Date: Mon Mar 14 14:49:51 2011 +0100 s3-epmapper: Added a cleanup function. commit da718a5961c3404435f9bc64bebabb71b53455eb Author: Andreas Schneider a...@samba.org Date: Mon Mar 21 09:29:14 2011 +0100 s3-epmapper: Use DCERPC_AUTH_LEVEL_CONNECT for ep ncalrpc. commit 3766f3ec0e495277c79df8eb8918cb739bc14358 Author: Andreas Schneider a...@samba.org Date: Mon Mar 14 10:47:41 2011 +0100 s3-rpc_server: Rename system_user to ncalrpc_as_system. --- Summary of changes: source3/include/ntdomain.h |5 +- source3/librpc/rpc/dcerpc_ep.c | 50 ++- source3/librpc/rpc/dcerpc_ep.h | 18 +- source3/rpc_client/cli_pipe.c |2 +- source3/rpc_server/epmapper/srv_epmapper.c | 65 +++ .../rpc_server/epmapper/srv_epmapper.h | 27 +- source3/rpc_server/epmd.c | 19 +- source3/rpc_server/rpc_ep_setup.c | 549 source3/rpc_server/rpc_server.c| 30 +- source3/rpc_server/rpc_server.h|5 +- source3
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 5d55ae0 lib-util: put data_blob back in the public library
from 1413af9 s3-waf: add --with-pam_smbpass configure option.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 5d55ae0a2907b5ead5fb7d131aa00788d806ed9a
Author: Simo Sorce i...@samba.org
Date: Thu Mar 17 09:02:57 2011 -0400
lib-util: put data_blob back in the public library
data_blob is defined ina public header, so it needs to be exposed in the
public
library.
Autobuild-User: Simo Sorce i...@samba.org
Autobuild-Date: Thu Mar 17 15:39:08 CET 2011 on sn-devel-104
---
Summary of changes:
lib/util/wscript_build |4 ++--
source3/wscript_build |2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
mode change 100644 = 100755 lib/util/wscript_build
mode change 100644 = 100755 source3/wscript_build
Changeset truncated at 500 lines:
diff --git a/lib/util/wscript_build b/lib/util/wscript_build
old mode 100644
new mode 100755
index e8883a3..7c18075
--- a/lib/util/wscript_build
+++ b/lib/util/wscript_build
@@ -6,7 +6,7 @@ bld.SAMBA_LIBRARY('samba-util-common',
source='''talloc_stack.c smb_threads.c xfile.c
util_file.c time.c rbtree.c rfc1738.c select.c
genrand.c fsusage.c blocking.c become_daemon.c
- data_blob.c signal.c system.c params.c util.c util_id.c
util_net.c
+ signal.c system.c params.c util.c util_id.c util_net.c
util_strlist.c idtree.c debug.c''',
public_deps='talloc pthread LIBCRYPTO',
# until we get all the dependencies in this library in common
@@ -20,7 +20,7 @@ bld.SAMBA_LIBRARY('samba-util-common',
if bld.env._SAMBA_BUILD_ == 4:
bld.SAMBA_LIBRARY('samba-util',
- source='''dprintf.c fault.c
+ source='''dprintf.c fault.c data_blob.c
ms_fnmatch.c parmlist.c substitute.c util_str.c
''',
deps='samba-util-common',
diff --git a/source3/wscript_build b/source3/wscript_build
old mode 100644
new mode 100755
index 3f7e3b6..dbfb465
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -962,7 +962,7 @@ bld.SAMBA3_SUBSYSTEM('CHARSET3',
deps='DYNCONFIG')
bld.SAMBA3_SUBSYSTEM('samba-util3',
-source='',
+source='../lib/util/data_blob.c',
deps='talloc CHARSET3 samba-util-common')
bld.SAMBA3_SUBSYSTEM('ldb3',
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 2a608ba dcerpc: we do not need these as public headers
from ab37eae s3: Fix Coverity ID 2231, REVERSE_INULL
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 2a608ba856a4f28c13f295ac554e46168f3f045c
Author: Simo Sorce i...@samba.org
Date: Wed Mar 16 15:32:53 2011 -0400
dcerpc: we do not need these as public headers
latest openchange doesn't need these headers either
fix _PRINTF_ATTRIBUTE in tdr.h, as it was failing to work after removing
proto.h due to side effects. PRINTF_ATTRIBUTE is ok and is define in
talloc.h
which is included by tdr.h
Autobuild-User: Simo Sorce i...@samba.org
Autobuild-Date: Wed Mar 16 23:45:20 CET 2011 on sn-devel-104
---
Summary of changes:
lib/tdr/tdr.h|2 +-
source4/rpc_server/wscript_build |2 --
2 files changed, 1 insertions(+), 3 deletions(-)
mode change 100644 = 100755 source4/rpc_server/wscript_build
Changeset truncated at 500 lines:
diff --git a/lib/tdr/tdr.h b/lib/tdr/tdr.h
index cd4785e..fa0a4d7 100644
--- a/lib/tdr/tdr.h
+++ b/lib/tdr/tdr.h
@@ -95,6 +95,6 @@ struct tdr_push *tdr_push_init(TALLOC_CTX *mem_ctx);
struct tdr_pull *tdr_pull_init(TALLOC_CTX *mem_ctx);
NTSTATUS tdr_push_to_fd(int fd, tdr_push_fn_t push_fn, const void *p);
-void tdr_print_debug_helper(struct tdr_print *tdr, const char *format, ...)
_PRINTF_ATTRIBUTE(2,3);
+void tdr_print_debug_helper(struct tdr_print *tdr, const char *format, ...)
PRINTF_ATTRIBUTE(2,3);
#endif /* __TDR_H__ */
diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build
old mode 100644
new mode 100755
index a1d1fc5..f1d3c0d
--- a/source4/rpc_server/wscript_build
+++ b/source4/rpc_server/wscript_build
@@ -9,8 +9,6 @@ bld.SAMBA_SUBSYSTEM('DCERPC_SHARE',
bld.SAMBA_SUBSYSTEM('DCERPC_COMMON',
source='common/forward.c common/reply.c dcesrv_auth.c',
autoproto='common/proto.h',
- public_headers='common/common.h common/proto.h',
- header_path='dcerpc_server',
deps='ldb DCERPC_SHARE samba_server_gensec'
)
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via a57c2b0 Fix public header not to include private (not installed)
ones.
from 72c1fe0 librpc/rpc: move DCERPC_ flags to rpc_common.h
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit a57c2b02f13569bce8e485c39924bce980a61403
Author: Simo Sorce i...@samba.org
Date: Mon Mar 14 11:01:47 2011 -0400
Fix public header not to include private (not installed) ones.
Autobuild-User: Simo Sorce i...@samba.org
Autobuild-Date: Mon Mar 14 17:01:20 CET 2011 on sn-devel-104
---
Summary of changes:
source4/auth/auth.h|1 +
source4/auth/session.h |2 +-
2 files changed, 2 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index 0e0aa01..9eb3e7d 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -158,6 +158,7 @@ struct auth_critical_sizes {
#include auth/session.h
#include auth/system_session_proto.h
+#include libcli/security/security.h
struct ldb_message;
struct ldb_context;
diff --git a/source4/auth/session.h b/source4/auth/session.h
index 8ab6288..97a8aba 100644
--- a/source4/auth/session.h
+++ b/source4/auth/session.h
@@ -21,7 +21,7 @@
#ifndef _SAMBA_AUTH_SESSION_H
#define _SAMBA_AUTH_SESSION_H
-#include libcli/security/security.h
+#include librpc/gen_ndr/security.h
#include librpc/gen_ndr/netlogon.h
#include librpc/gen_ndr/auth.h
--
Samba Shared Repository
Re: [SCM] Samba Shared Repository - branch master updated
On Wed, 2011-03-09 at 09:04 +0100, Andrew Bartlett wrote: The branch, master has been updated via 9728b5a librpc/ndr use hyper for uid_t/gid_t rather than udlong from c4b52fb s3: Use talloc_tos() in idmap_nss_sids_to_unixids http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9728b5a0d5a5c09615a09a97bf217bcacb773579 Author: Andrew Bartlett abart...@samba.org Date: Wed Mar 2 19:06:15 2011 +1100 librpc/ndr use hyper for uid_t/gid_t rather than udlong This has 8 byte alignment, which is what was specified in pidl for these types. I am puzzled, uid_t and gid_t are 32 bit quantitiers on all platforms I know, do you know of platforms that use 64 bit uid/gid types ? If not, why do you use a 64 bit type for them ? Also uid_t and gid_t are signed in many platforms while here you seem to be casting to uint64_t, and that doesn't look right to me. Care to comment ? Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com
Re: [SCM] Samba Shared Repository - branch master updated
On Tue, 2011-03-01 at 07:35 +0100, Volker Lendecke wrote: On Tue, Mar 01, 2011 at 04:33:01AM +0100, Andrew Bartlett wrote: The branch, master has been updated via 5f5ca91 lib/util: new merged debug system via 4acef31 lib/util move debug.[ch] out of the way from b1f68b6 s4-libnet_vampire: Ignore some attributes when building working schema cache http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5f5ca913b7abfcf95782339fac2dc8c1541b1126 Author: Andrew Bartlett abart...@samba.org Date: Thu Feb 24 16:14:03 2011 +1100 lib/util: new merged debug system This is the s3 debug system, with a number of changes to tidy it up for common use. The debug class system is simplified by the removal of the ISSET table, the system no longer attempts to cope with assignment of DEBUGLEVEL, and the full class table is always available (rather than just DEBUGLEVEL_CLASS[DBCG_ALL]) from startup. It is also no longer confusingly described as a hack, but as the initial table. The way git diff / git whatchanged works makes it more difficult than necessary to compare the actual code changes if you make changes and move the files at the same time. Next time, can you please split those two changes into two commits? Volker, If you want to see this patch in a slightly better form you can use a command like this: git showh -M -C --patience 5f5ca913b7abfcf95782339fac2dc8c1541b1126 With this one git is told to detect the rename and does show only the differences. you can use the same arguments for generating better patches when you want to send them around for review, like this: git format-patch -M -C --patience --full-index -1 5f5ca913b7abfcf95782339fac2dc8c1541b1126 Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 63af546 Fix broken build with make dist tarballs
from 0516112 s3:libsmb only log a dead connection if it was not closed
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 63af5468a58436121a3b3cc658e9dd672238d8cf
Author: Simo Sorce i...@samba.org
Date: Wed Feb 23 15:09:48 2011 -0500
Fix broken build with make dist tarballs
Autobuild-User: Simo Sorce i...@samba.org
Autobuild-Date: Wed Feb 23 22:02:06 CET 2011 on sn-devel-104
---
Summary of changes:
wscript |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
mode change 100644 = 100755 wscript
Changeset truncated at 500 lines:
diff --git a/wscript b/wscript
old mode 100644
new mode 100755
index b2e6f2a..0dd8c90
--- a/wscript
+++ b/wscript
@@ -21,7 +21,7 @@ samba_dist.DIST_DIRS('.')
#samba-4.0.0 branded tarball (until the merge is complete) and the
#core elements of the autotools build system (which is known to
#produce buggy binaries).
-samba_dist.DIST_BLACKLIST('README Manifest Read-Manifest-Now Roadmap source3/
' +
+samba_dist.DIST_BLACKLIST('README Manifest Read-Manifest-Now Roadmap ' +
'packaging/ docs-xml/ examples/ swat/ WHATSNEW.txt
MAINTAINERS ')
# install in /usr/local/samba by default
Options.default_prefix = '/usr/local/samba'
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via d6a41c2 Return NULL if tevent_add_fd() is passed a negative fd
from b423d83 s4:ldapcmp: cope with range retrivals of multivalued
attributes
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit d6a41c2723cda59b3cd6ae9a1e77b62f25067663
Author: Stephen Gallagher sgall...@redhat.com
Date: Mon Feb 14 10:29:49 2011 -0500
Return NULL if tevent_add_fd() is passed a negative fd
Autobuild-User: Simo Sorce i...@samba.org
Autobuild-Date: Mon Feb 14 17:47:03 CET 2011 on sn-devel-104
---
Summary of changes:
lib/tevent/tevent_fd.c |6 ++
1 files changed, 6 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/tevent/tevent_fd.c b/lib/tevent/tevent_fd.c
index c58e8e1..455961b 100644
--- a/lib/tevent/tevent_fd.c
+++ b/lib/tevent/tevent_fd.c
@@ -51,6 +51,12 @@ struct tevent_fd *tevent_common_add_fd(struct tevent_context
*ev, TALLOC_CTX *me
{
struct tevent_fd *fde;
+ /* tevent will crash later on select() if we save
+* a negative file descriptor. Better to fail here
+* so that consumers will be able to debug it
+*/
+ if (fd 0) return NULL;
+
fde = talloc(mem_ctx?mem_ctx:ev, struct tevent_fd);
if (!fde) return NULL;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 0a05a36 Increase minor version since a public header has changed
from 3722f65 librpc: make NDR_KRB5PAC a shared library
(libndr-krb5pac.so).
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 0a05a364f3a8bb2ec89e261e372e762ab05d5e6b
Author: Simo Sorce i...@samba.org
Date: Mon Feb 14 11:49:41 2011 -0500
Increase minor version since a public header has changed
Samba4 now depends on a new macro defined in the public ldb_modules.h
header:
LDB_FLAG_INTERNAL_FORCE_SINGLE_VALUE_CHECK.
Bump up the minor release of ldb accordingly.
Autobuild-User: Simo Sorce i...@samba.org
Autobuild-Date: Mon Feb 14 19:39:31 CET 2011 on sn-devel-104
---
Summary of changes:
.../ldb/ABI/{ldb-0.9.24.sigs = ldb-1.0.1.sigs}|0
source4/lib/ldb/wscript|2 +-
2 files changed, 1 insertions(+), 1 deletions(-)
copy source4/lib/ldb/ABI/{ldb-0.9.24.sigs = ldb-1.0.1.sigs} (100%)
mode change 100644 = 100755 source4/lib/ldb/wscript
Changeset truncated at 500 lines:
diff --git a/source4/lib/ldb/ABI/ldb-0.9.24.sigs
b/source4/lib/ldb/ABI/ldb-1.0.1.sigs
similarity index 100%
copy from source4/lib/ldb/ABI/ldb-0.9.24.sigs
copy to source4/lib/ldb/ABI/ldb-1.0.1.sigs
diff --git a/source4/lib/ldb/wscript b/source4/lib/ldb/wscript
old mode 100644
new mode 100755
index 73125fc..69d8725
--- a/source4/lib/ldb/wscript
+++ b/source4/lib/ldb/wscript
@@ -1,7 +1,7 @@
#!/usr/bin/env python
APPNAME = 'ldb'
-VERSION = '1.0.0'
+VERSION = '1.0.1'
blddir = 'bin'
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 18926e5 Fix private libdir and codepages paths
from 64c63a3 s3: Fix a C++ warning
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 18926e5907ac91881fe5b8cf35193c4bc010500a
Author: Simo Sorce i...@samba.org
Date: Mon Feb 14 19:46:42 2011 -0500
Fix private libdir and codepages paths
The private libraries need to be arch specific as well.
With --enable-fhs the codepages should go in /usr/share/samba and not
in /usr/lib{64}/samba as they are data files not libraries.
Autobuild-User: Simo Sorce i...@samba.org
Autobuild-Date: Tue Feb 15 04:22:37 CET 2011 on sn-devel-104
---
Summary of changes:
buildtools/wafsamba/wscript |2 +-
source4/dynconfig/wscript |2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
mode change 100644 = 100755 buildtools/wafsamba/wscript
mode change 100644 = 100755 source4/dynconfig/wscript
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript
old mode 100644
new mode 100755
index ad5b938..4f93bb1
--- a/buildtools/wafsamba/wscript
+++ b/buildtools/wafsamba/wscript
@@ -277,7 +277,7 @@ def configure(conf):
conf.env.RPATH_ON_INSTALL = (conf.env.RPATH_ON_BUILD and
not Options.options.disable_rpath_install)
if not conf.env.PRIVATELIBDIR:
-conf.env.PRIVATELIBDIR = '${PREFIX}/lib/%s' %
Utils.g_module.APPNAME
+conf.env.PRIVATELIBDIR = '%s/%s' % (conf.env.LIBDIR,
Utils.g_module.APPNAME)
conf.env.RPATH_ON_INSTALL_PRIVATE = (
not Options.options.disable_rpath_private_install)
else:
diff --git a/source4/dynconfig/wscript b/source4/dynconfig/wscript
old mode 100644
new mode 100755
index 50ae44f..c2741fd
--- a/source4/dynconfig/wscript
+++ b/source4/dynconfig/wscript
@@ -57,7 +57,6 @@ dyn_cflags_fhs = {
'LOGFILEBASE': '${LOCALSTATEDIR}/log/samba',
'LOCKDIR': '${LOCALSTATEDIR}/lib/samba',
'PIDDIR' : '${LOCALSTATEDIR}/run/samba',
-'DATADIR': '${DATADIR}/samba',
'SETUPDIR' : '${DATADIR}/samba/setup',
'WINBINDD_SOCKET_DIR': '${LOCALSTATEDIR}/run/samba/winbindd',
'WINBINDD_PRIVILEGED_SOCKET_DIR' :
'${LOCALSTATEDIR}/run/samba/winbindd_privileged',
@@ -69,6 +68,7 @@ dyn_cflags_fhs = {
'INCLUDEDIR' : '${INCLUDEDIR}/samba-4.0',
'PKGCONFIGDIR' : '${LIBDIR}/pkgconfig',
'SWATDIR': '${DATADIR}/swat',
+'CODEPAGEDIR': '${DATADIR}/samba',
}
def get_varname(v):
--
Samba Shared Repository
Re: [SCM] Samba Shared Repository - branch v3-6-test updated
On Tue, 2011-02-08 at 19:19 +0100, Günther Deschner wrote: s3-spoolss: Dont wipe out all drivers when only one should be deleted. Great catch from Bjoern Baumbach b...@sernet.de ! Andreas, Simo, please check. We now have a torture test (rpc.spoolss.driver.driver.multiple_drivers) for this. Good catch indeed. Looks good to me. Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 1d27f0b mit-samba: Allow nesting on the event context
from 1d58fcc libcli/security: Make add_sid_to_array_unique use a uin32_t
counter
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 1d27f0b26431d32d969d1ad10d47c396d1c7517f
Author: Simo Sorce i...@samba.org
Date: Thu Feb 3 20:51:45 2011 -0500
mit-samba: Allow nesting on the event context
This context is used in ldb, and ldb modules apparently abort if nesting is
not
allowed.
Autobuild-User: Simo Sorce i...@samba.org
Autobuild-Date: Mon Feb 7 20:58:02 CET 2011 on sn-devel-104
---
Summary of changes:
source4/kdc/mit_samba.c |3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
index b959978..dcabe39 100644
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -17,6 +17,8 @@
along with this program. If not, see http://www.gnu.org/licenses/.
*/
+#define TEVENT_DEPRECATED 1
+
#include includes.h
#include param/param.h
#include dsdb/samdb/samdb.h
@@ -68,6 +70,7 @@ static int mit_samba_context_init(struct mit_samba_context
**_ctx)
ret = ENOMEM;
goto done;
}
+ tevent_loop_allow_nesting(base_ctx.ev_ctx);
base_ctx.lp_ctx = loadparm_init_global(false);
if (!base_ctx.lp_ctx) {
ret = ENOMEM;
--
Samba Shared Repository
[offlist] Re: [SCM] Samba Shared Repository - branch v3-6-test updated
On Mon, 2010-12-13 at 19:21 -0800, Jeremy Allison wrote: On Tue, Dec 14, 2010 at 04:20:48AM +0100, Jeremy Allison wrote: The branch, v3-6-test has been updated via 274fc73 Ensure we use vfs_fsp_stat(), not VFS_STAT directly, and store into fsp-fsp_name-st instead of a SMB_STRUCT_STAT on the stack. via 2ff6822 Merge branch 'v3-6-test' of ssh://git.samba.org/data/git/samba into v3-6-test via dc38715 smbtorture: correct error handling in BASE-OPEN. from 1ef50b1 Change crediting so that the credits are returned on the interim async response. (cherry picked from commit 58ebe1de32050fca71059c521f74488cfa5b3729) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 274fc732d751429c7a6ce9d4257b3bde68ffa8cd Author: Jeremy Allison j...@samba.org Date: Mon Dec 13 19:17:57 2010 -0800 Ensure we use vfs_fsp_stat(), not VFS_STAT directly, and store into fsp-fsp_name-st instead of a SMB_STRUCT_STAT on the stack. Jeremy. (cherry picked from commit 68f8f220dcd20f4f04bc95916ae04da81a2cdda1) commit 2ff682226bed8ac1f55caee4aaa7cc1e8c0d1a47 Merge: dc38715527d282545ba7b05051bda70067fe5d6a 1ef50b15da1ca23afc2d3af6abe7f375e57946a1 Author: Jeremy Allison j...@samba.org Date: Mon Dec 13 17:08:08 2010 -0800 Merge branch 'v3-6-test' of ssh://git.samba.org/data/git/samba into v3-6-test Arg. Sorry for the bloody merge commit. Didn't see that one happen :-(. If you want to avoid merges you can use this alias that I use all the time: alias git-get='git fetch origin master git rebase -i origin/master' Use git-get instead of git pull It will always cause an interactive rebase, but I find it the best way to avoid really annoying merges all over. Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 0b3180b ldb: error out when modules are not found
from 47784a1 s4-tests: Descriptor tests should use the existing samdb
domain_dn method instead of defining a new one
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 0b3180bbf5933943cf0c5b0e9d47da33cf4ff99c
Author: Simo Sorce i...@samba.org
Date: Thu Nov 18 08:01:15 2010 -0500
ldb: error out when modules are not found
We shouldn't proceed without all required modules, it could cause damage to
the
ldb if operations are performed w/o the needed modules.
Autobuild-User: Simo Sorce i...@samba.org
Autobuild-Date: Thu Nov 18 14:02:34 UTC 2010 on sn-devel-104
---
Summary of changes:
source4/lib/ldb/common/ldb_modules.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/lib/ldb/common/ldb_modules.c
b/source4/lib/ldb/common/ldb_modules.c
index 123d218..e330137 100644
--- a/source4/lib/ldb/common/ldb_modules.c
+++ b/source4/lib/ldb/common/ldb_modules.c
@@ -312,7 +312,7 @@ int ldb_module_load_list(struct ldb_context *ldb, const
char **module_list,
if (ops == NULL) {
ldb_debug(ldb, LDB_DEBUG_FATAL, WARNING: Module [%s]
not found - do you need to set LDB_MODULES_PATH?,
module_list[i]);
- continue;
+ return LDB_ERR_OPERATIONS_ERROR;
}
current = talloc_zero(ldb, struct ldb_module);
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via feb6034 talloc: make header C++ safe
from c8000c9 smbtorture: Fix typo in status message.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit feb60345816f0fd45ea9b381fbd374b21542f518
Author: Simo Sorce i...@samba.org
Date: Wed Oct 20 13:09:57 2010 -0400
talloc: make header C++ safe
Autobuild-User: Simo Sorce i...@samba.org
Autobuild-Date: Wed Oct 20 18:15:09 UTC 2010 on sn-devel-104
---
Summary of changes:
lib/talloc/talloc.h |8
1 files changed, 8 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/talloc/talloc.h b/lib/talloc/talloc.h
index 8b9ade2..bc5b0fa 100644
--- a/lib/talloc/talloc.h
+++ b/lib/talloc/talloc.h
@@ -29,6 +29,10 @@
#include stdio.h
#include stdarg.h
+#ifdef __cplusplus
+extern C {
+#endif
+
/**
* @defgroup talloc The talloc API
*
@@ -1701,4 +1705,8 @@ void talloc_set_log_stderr(void);
#define TALLOC_MAX_DEPTH 1
#endif
+#ifdef __cplusplus
+} /* end of extern C */
+#endif
+
#endif
--
Samba Shared Repository
Re: [Samba] Highly-available file server question..
On Tue, 2010-10-19 at 16:52 -0700, Jeremy Allison wrote: On Wed, Oct 20, 2010 at 10:19:36AM +1030, Indexer wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20/10/2010, at 4:31 AM, john_deli...@ceridian.ca wrote: I wasn't sure DFS was a good fit, my understanding of DFS is limited (reading up today..). As i understood it, Samba does not support DFS? Am i wrong? I have done some googling into this and cant find any results about it. Yes you are wrong. Samba supports DFS. Samba supports the DFS mechanism but I think that some Windows Admins tend to also imply the related File Replication when they say DFS. We do not support the File Replication Protocol, yet. Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [SCM] Samba Shared Repository - branch master updated
On Wed, 2010-09-29 at 01:23 +0200, Günther Deschner wrote:
The branch, master has been updated
via ec33a87 s3-printing: skip metadata entry when traversing
printerlist.
from fcee50b pidl: add support for pointers in typedefs
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit ec33a87d5855348e6de4c1f0f02d3bd5a0638985
Author: Günther Deschner g...@samba.org
Date: Wed Sep 29 01:18:07 2010 +0200
s3-printing: skip metadata entry when traversing printerlist.
We were creating a new printer (with a very broken name) out of the
lasttimestamp entry all the time.
Simo, please check.
Guenther
---
Summary of changes:
source3/printing/printer_list.c |5 +
1 files changed, 5 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/printing/printer_list.c b/source3/printing/printer_list.c
index 667ff70..8e9e06a 100644
--- a/source3/printing/printer_list.c
+++ b/source3/printing/printer_list.c
@@ -380,6 +380,11 @@ static int printer_list_exec_fn(struct db_record *rec,
void *private_data)
char *comment;
int ret;
+ /* always skip PL_TIMESTAMP_KEY key */
+ if (strequal((const char *)rec-key.dptr, PL_TIMESTAMP_KEY)) {
+ return 0;
+ }
+
ret = tdb_unpack(rec-value.dptr, rec-value.dsize,
PL_DATA_FORMAT, time_h, time_l, name, comment);
if (ret == -1) {
Obviously correct, sorry for introducing this bug :/
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer s...@samba.org
Principal Software Engineer at Red Hat, Inc. s...@redhat.com
Re: [SCM] Samba Shared Repository - branch master updated
On Fri, 2010-09-24 at 06:44 +0200, Jeremy Allison wrote:
diff --git a/source3/rpc_server/dcesrv_spnego.c
b/source3/rpc_server/dcesrv_spnego.c
index 4686534..fb758e3 100644
--- a/source3/rpc_server/dcesrv_spnego.c
+++ b/source3/rpc_server/dcesrv_spnego.c
@@ -230,7 +230,7 @@ NTSTATUS spnego_server_auth_start(TALLOC_CTX
*mem_ctx,
ret = spnego_parse_negTokenInit(sp_ctx, *spnego_in,
sp_ctx-oid_list, NULL,
token_in);
- if (!ret) {
+ if (!ret || sp_ctx-oid_list[0] == NULL) {
DEBUG(3, (Invalid SPNEGO message\n));
status = NT_STATUS_INVALID_PARAMETER;
goto done;
Jeremy, not sure this is right.
In the dcerpc server I think w can easily cope with a missing OId by
sending a packet with the OIDs we support instead.
(I looked only at this diff though, so I am not 100% confident).
Is the test supposed to get back an error ?
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer s...@samba.org
Principal Software Engineer at Red Hat, Inc. s...@redhat.com
Re: [SCM] Samba Shared Repository - branch master updated
On Fri, 2010-09-24 at 08:58 -0700, Jeremy Allison wrote:
On Fri, Sep 24, 2010 at 06:28:15AM -0400, simo wrote:
On Fri, 2010-09-24 at 06:44 +0200, Jeremy Allison wrote:
diff --git a/source3/rpc_server/dcesrv_spnego.c
b/source3/rpc_server/dcesrv_spnego.c
index 4686534..fb758e3 100644
--- a/source3/rpc_server/dcesrv_spnego.c
+++ b/source3/rpc_server/dcesrv_spnego.c
@@ -230,7 +230,7 @@ NTSTATUS spnego_server_auth_start(TALLOC_CTX
*mem_ctx,
ret = spnego_parse_negTokenInit(sp_ctx, *spnego_in,
sp_ctx-oid_list, NULL,
token_in);
- if (!ret) {
+ if (!ret || sp_ctx-oid_list[0] == NULL) {
DEBUG(3, (Invalid SPNEGO message\n));
status = NT_STATUS_INVALID_PARAMETER;
goto done;
Jeremy, not sure this is right.
In the dcerpc server I think w can easily cope with a missing OId by
sending a packet with the OIDs we support instead.
(I looked only at this diff though, so I am not 100% confident).
Is the test supposed to get back an error ?
Well it's not supposed to crash, which is what it did :-).
Actually it didn't crash here, but in the sessionsetup code,
but when I fixed that I fixed all places we use spnego_parse_negTokenInit().
In your new code here it wouldn't crash, but would fall back
silently to NTLMSSP, but I decided that sending no OIDs
was probably a client error, so telling them about it was
the appropriate thing to do.
Do you know how windows behaves against the same test ?
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer s...@samba.org
Principal Software Engineer at Red Hat, Inc. s...@redhat.com
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated
via c06c99b Fix CVE number, it's 3069, not 2069
from 31cbb3e Update latest stable release.
http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -
commit c06c99b5ec1d3c31b926166241a8ed0342152f1a
Author: Simo Sorce i...@samba.org
Date: Tue Sep 14 09:48:05 2010 -0400
Fix CVE number, it's 3069, not 2069
---
Summary of changes:
history/security.html | 10 +-
.../{CVE-2010-2069.html = CVE-2010-3069.html} |0
2 files changed, 5 insertions(+), 5 deletions(-)
rename security/{CVE-2010-2069.html = CVE-2010-3069.html} (100%)
Changeset truncated at 500 lines:
diff --git a/history/security.html b/history/security.html
index f3ef89a..f0ee28a 100755
--- a/history/security.html
+++ b/history/security.html
@@ -23,16 +23,16 @@ link to full release notes for each release./p
tr
td14 Sep 2010/td
- tda
href=/samba/ftp/patches/security/samba-3.3.13-CVE-2010-2069.patch
+ tda
href=/samba/ftp/patches/security/samba-3.3.13-CVE-2010-3069.patch
patch for Samba 3.3.13/a
- a href=/samba/ftp/patches/security/samba-3.4.8-CVE-2010-2069.patch
+ a href=/samba/ftp/patches/security/samba-3.4.8-CVE-2010-3069.patch
patch for Samba 3.4.8/a
- a href=/samba/ftp/patches/security/samba-3.5.4-CVE-2010-2069.patch
+ a href=/samba/ftp/patches/security/samba-3.5.4-CVE-2010-3069.patch
patch for Samba 3.5.4/a
tdBuffer Overrun Vulnerability/td
tdall current releases/td
- tda
href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-CVE-2010-2069;CVE-2010-2069/a/td
- tda href=/samba/security/CVE-2010-2069.htmlAnnouncement/a/td
+ tda
href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-369;CVE-2010-3069/a/td
+ tda href=/samba/security/CVE-2010-3069.htmlAnnouncement/a/td
/tr
tr
diff --git a/security/CVE-2010-2069.html b/security/CVE-2010-3069.html
similarity index 100%
rename from security/CVE-2010-2069.html
rename to security/CVE-2010-3069.html
--
Samba Website Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via ac5be36 Fix typo from c06c99b Fix CVE number, it's 3069, not 2069 http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit ac5be36eaa61864039006fdae6a8069251b6fb00 Author: Simo Sorce i...@samba.org Date: Tue Sep 14 09:50:08 2010 -0400 Fix typo --- Summary of changes: history/security.html |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/history/security.html b/history/security.html index f0ee28a..b1c7882 100755 --- a/history/security.html +++ b/history/security.html @@ -31,7 +31,7 @@ link to full release notes for each release./p patch for Samba 3.5.4/a tdBuffer Overrun Vulnerability/td tdall current releases/td - tda href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-369;CVE-2010-3069/a/td + tda href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3069;CVE-2010-3069/a/td tda href=/samba/security/CVE-2010-3069.htmlAnnouncement/a/td /tr -- Samba Website Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 08e2cfa Fix one more place where 2069 was used instead of 3069 from ac5be36 Fix typo http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 08e2cfa1164329f09a0e6423a0e89c06565b4c7c Author: Simo Sorce i...@samba.org Date: Tue Sep 14 10:06:30 2010 -0400 Fix one more place where 2069 was used instead of 3069 --- Summary of changes: security/CVE-2010-3069.html |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/security/CVE-2010-3069.html b/security/CVE-2010-3069.html index 898e183..8683b91 100644 --- a/security/CVE-2010-3069.html +++ b/security/CVE-2010-3069.html @@ -8,7 +8,7 @@ body - H2CVE-2010-2069: /H2 + H2CVE-2010-3069: /H2 p pre -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 20e7b4e s3-auth: The unlock of the account is now done by the
get_sampwnam call.
via c5cfad1 s3-passdb: Try to unlock the account if it is locked out.
via 2ab0b63 s3-passdb: Added a pdb_try_account_unlock function.
via 9dd7e7f s3-auth: Use SamInfo3_for_guest to create guest server_info.
from 5f419ea packaging: Build with -O3
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 20e7b4ec744dead1544a4b7625dc3fcb5d802418
Author: Andreas Schneider a...@samba.org
Date: Mon Aug 23 23:02:44 2010 +0200
s3-auth: The unlock of the account is now done by the get_sampwnam call.
Signed-off-by: Simo Sorce i...@samba.org
commit c5cfad142c6bc5cd4819726cf2444108bc7639c3
Author: Andreas Schneider a...@samba.org
Date: Mon Aug 23 10:08:53 2010 +0200
s3-passdb: Try to unlock the account if it is locked out.
Signed-off-by: Simo Sorce i...@samba.org
commit 2ab0b63bd89d2d833695dc33aecec7a63ccbab0c
Author: Andreas Schneider a...@samba.org
Date: Mon Aug 23 10:08:34 2010 +0200
s3-passdb: Added a pdb_try_account_unlock function.
The function checks if the account has been autolocked. If we have a
lockout_duration and a bad password time it checks if we can unlock the
account.
Signed-off-by: Simo Sorce i...@samba.org
commit 9dd7e7fc2d6d1aa7f3c3b741ac134e087ce808fd
Author: Andreas Schneider a...@samba.org
Date: Wed Aug 18 17:17:42 2010 +0200
s3-auth: Use SamInfo3_for_guest to create guest server_info.
Signed-off-by: Simo Sorce i...@samba.org
---
Summary of changes:
source3/auth/auth_util.c | 89 +--
source3/auth/check_samsec.c|7 +--
source3/passdb/pdb_interface.c | 131 +--
3 files changed, 196 insertions(+), 31 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 1ff9714..23f557a 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -25,6 +25,7 @@
#include smbd/globals.h
#include ../libcli/auth/libcli_auth.h
#include ../lib/crypto/arcfour.h
+#include rpc_client/init_lsa.h
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
@@ -631,6 +632,54 @@ NTSTATUS make_server_info_pw(struct
auth_serversupplied_info **server_info,
return NT_STATUS_OK;
}
+static NTSTATUS get_guest_info3(TALLOC_CTX *mem_ctx,
+ struct netr_SamInfo3 *info3)
+{
+ const char *guest_account = lp_guestaccount();
+ struct dom_sid domain_sid;
+ struct passwd *pwd;
+ const char *tmp;
+ NTSTATUS status;
+
+ pwd = getpwnam_alloc(mem_ctx, guest_account);
+ if (pwd == NULL) {
+ DEBUG(0,(SamInfo3_for_guest: Unable to locate guest
+account [%s]!\n, guest_account));
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ /* Set acount name */
+ tmp = talloc_strdup(mem_ctx, pwd-pw_name);
+ if (tmp == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ init_lsa_String(info3-base.account_name, tmp);
+
+ /* Set domain name */
+ tmp = talloc_strdup(mem_ctx, get_global_sam_name());
+ if (tmp == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ init_lsa_StringLarge(info3-base.domain, tmp);
+
+ /* Domain sid */
+ sid_copy(domain_sid, get_global_sam_sid());
+
+ info3-base.domain_sid = sid_dup_talloc(mem_ctx, domain_sid);
+ if (info3-base.domain_sid == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /* Guest rid */
+ info3-base.rid = DOMAIN_RID_GUEST;
+
+ /* Primary gid */
+ info3-base.primary_gid = BUILTIN_RID_GUESTS;
+
+ TALLOC_FREE(pwd);
+ return status;
+}
+
/***
Make (and fill) a user_info struct for a guest login.
This *must* succeed for smbd to start. If there is no mapping entry for
@@ -639,43 +688,42 @@ NTSTATUS make_server_info_pw(struct
auth_serversupplied_info **server_info,
static NTSTATUS make_new_server_info_guest(struct auth_serversupplied_info
**server_info)
{
+ static const char zeros[16] = {0};
+ const char *guest_account = lp_guestaccount();
+ const char *domain = global_myname();
+ struct netr_SamInfo3 info3;
+ TALLOC_CTX *tmp_ctx;
NTSTATUS status;
- struct samu *sampass = NULL;
- struct dom_sid guest_sid;
- bool ret;
- static const char zeros[16] = {0, };
fstring tmp;
- if ( !(sampass = samu_new( NULL )) ) {
+ tmp_ctx = talloc_stackframe();
+ if (tmp_ctx == NULL) {
return NT_STATUS_NO_MEMORY;
}
- sid_compose
Re: [Samba] Windows 7 with smb2 can not connect as guest ?
On Fri, 2010-08-27 at 08:43 -0700, Jeremy Allison wrote: On Fri, Aug 27, 2010 at 03:14:53PM +0200, Francois Lepretre wrote: Le 26/08/2010 19:40, Jeremy Allison a écrit : OK. I have also tried 3.6-pre1 and git version. Same result : Win7 clients can not connect to a guest ok share. Should I file a bug on this ? Yes please, and attach a debug level 10 log. Are you testing v3-6-test git tree ? I fixed a bug in that area post 3.6-pre1 related to guest access. Yes, smbd version shows '3.6.0pre1-GIT-f87ecd7-test' so I think/hope I am testing v3-6-test tree :-) I have opened bugid 7653 and attached log files of a test case ( https://bugzilla.samba.org/show_bug.cgi?id=7653 ) Thanks a lot for your help. Oh, you're using security = share. How I *hate* that setting :-). You do realize security = user can do everything that security = share can do, don't you ? I'm pretty sure SMB2 guest connections work with security = user (as that's how I test them :-). If we can vote on this I would vote to *never* support security = share on smb2. I don't think there is any native smb2 client that would really expect it or work with it anyway. Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a782a80... s3-dcerpc: Allocate structure members on the right context from a16a56f... s3: PAM_RHOST and PAM_TTY are enums on FreeBSD http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a782a80d2f5e70d40708bd578a1f456c451d2979 Author: Simo Sorce i...@samba.org Date: Mon Aug 23 17:11:32 2010 -0400 s3-dcerpc: Allocate structure members on the right context --- Summary of changes: source3/rpc_client/cli_pipe.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index daf30d7..c9b1ef6 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -827,7 +827,7 @@ static void rpc_api_pipe_got_pdu(struct tevent_req *subreq) return; } - status = dcerpc_pull_ncacn_packet(state, + status = dcerpc_pull_ncacn_packet(state-pkt, state-incoming_frag, state-pkt, !state-endianess); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 64a4b02... Do not leak pkt data on the long term cli memory context
from 0529160... s3: Fix netgrent configure checks for compilers not
supporting -Werror-implicit-function-declaration
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 64a4b0206bf9f7d28af39cdce8d712b0e6c2b3d2
Author: Simo Sorce i...@samba.org
Date: Mon Aug 23 18:21:17 2010 -0400
Do not leak pkt data on the long term cli memory context
---
Summary of changes:
source3/rpc_client/cli_pipe.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 87575cb..d3e0c60 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -383,7 +383,7 @@ static NTSTATUS cli_pipe_validate_current_pdu(TALLOC_CTX
*mem_ctx,
NTSTATUS ret = NT_STATUS_OK;
size_t pad_len = 0;
- ret = dcerpc_pull_ncacn_packet(cli, pdu, pkt, false);
+ ret = dcerpc_pull_ncacn_packet(pkt, pdu, pkt, false);
if (!NT_STATUS_IS_OK(ret)) {
return ret;
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via cbe9f87... s3-ads: Fix wrong test in if statement
from 861566c... s3-waf: fix the build.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit cbe9f879afc7b212c1e105fcb54b4563d5f6dfe0
Author: Simo Sorce i...@samba.org
Date: Thu Aug 19 07:35:01 2010 -0400
s3-ads: Fix wrong test in if statement
---
Summary of changes:
source3/include/krb5_protos.h|2 ++
source3/libads/kerberos_keytab.c |2 +-
2 files changed, 3 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/krb5_protos.h b/source3/include/krb5_protos.h
index e229a14..7ac0f3e 100644
--- a/source3/include/krb5_protos.h
+++ b/source3/include/krb5_protos.h
@@ -137,6 +137,8 @@ krb5_error_code smb_krb5_get_creds(const char *server_s,
krb5_creds **creds_p);
char *smb_krb5_principal_get_realm(krb5_context context,
krb5_principal principal);
+
+
#endif /* HAVE_KRB5 */
int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx,
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 10c7087..94698c6 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -56,7 +56,7 @@ static krb5_error_code
seek_and_delete_old_entries(krb5_context context,
ZERO_STRUCT(zero_kt_entry);
ret = krb5_kt_start_seq_get(context, keytab, cursor);
- if (ret == KRB5_KT_END ret == ENOENT ) {
+ if (ret == KRB5_KT_END || ret == ENOENT ) {
/* no entries */
return 0;
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 71dfa62... s3-ads: cleanup ads_keytab_list()
via 64d8300... s3-ads: cleanup ads_keytab_create_default()
via 3a99123... s3-ads: cleanup ads_keytab_add_entry()
via d6d1ed8... s3-ads: Split, simplify and cleanup keytab functions
from b9353c6... s3: Fix serverid_register_msg_flags
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 71dfa62b61380396785c7856c38f45c77c966ff0
Author: Simo Sorce i...@samba.org
Date: Wed Aug 18 06:46:53 2010 -0400
s3-ads: cleanup ads_keytab_list()
commit 64d8300a56eb0891389a5a2afc5e4902c2d909a2
Author: Simo Sorce i...@samba.org
Date: Wed Aug 18 06:09:27 2010 -0400
s3-ads: cleanup ads_keytab_create_default()
commit 3a9912370dc36500d207aeb9d1ae58834526b6c3
Author: Simo Sorce i...@samba.org
Date: Wed Aug 18 04:33:32 2010 -0400
s3-ads: cleanup ads_keytab_add_entry()
commit d6d1ed8bdfb290ac6e1fa4264f2b84d0e4790d98
Author: Simo Sorce i...@samba.org
Date: Wed Aug 18 04:16:41 2010 -0400
s3-ads: Split, simplify and cleanup keytab functions
add helper function for both smb_krb5_kt_add_entry_ext() and
ads_keytab_flush()
---
Summary of changes:
source3/libads/kerberos_keytab.c | 756 --
1 files changed, 404 insertions(+), 352 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 386ce83..d2215ec 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -35,130 +35,184 @@
/**
**/
-int smb_krb5_kt_add_entry_ext(krb5_context context,
- krb5_keytab keytab,
- krb5_kvno kvno,
- const char *princ_s,
- krb5_enctype *enctypes,
- krb5_data password,
- bool no_salt,
- bool keep_old_entries)
+static krb5_error_code seek_and_delete_old_entries(krb5_context context,
+ krb5_keytab keytab,
+ krb5_kvno kvno,
+ const char *princ_s,
+ krb5_principal princ,
+ bool flush,
+ bool keep_old_entries)
{
- krb5_error_code ret = 0;
+ krb5_error_code ret;
krb5_kt_cursor cursor;
+ krb5_kt_cursor zero_csr;
krb5_keytab_entry kt_entry;
- krb5_principal princ = NULL;
- int i;
+ krb5_keytab_entry zero_kt_entry;
char *ktprinc = NULL;
- ZERO_STRUCT(kt_entry);
ZERO_STRUCT(cursor);
-
- ret = smb_krb5_parse_name(context, princ_s, princ);
- if (ret) {
- DEBUG(1,(smb_krb5_kt_add_entry_ext: smb_krb5_parse_name(%s)
failed (%s)\n, princ_s, error_message(ret)));
- goto out;
- }
+ ZERO_STRUCT(zero_csr);
+ ZERO_STRUCT(kt_entry);
+ ZERO_STRUCT(zero_kt_entry);
- /* Seek and delete old keytab entries */
ret = krb5_kt_start_seq_get(context, keytab, cursor);
- if (ret != KRB5_KT_END ret != ENOENT ) {
- DEBUG(3,(smb_krb5_kt_add_entry_ext: Will try to delete old
keytab entries\n));
- while(!krb5_kt_next_entry(context, keytab, kt_entry, cursor))
{
- bool compare_name_ok = False;
+ if (ret == KRB5_KT_END ret == ENOENT ) {
+ /* no entries */
+ return 0;
+ }
+
+ DEBUG(3, (__location__ : Will try to delete old keytab entries\n));
+ while (!krb5_kt_next_entry(context, keytab, kt_entry, cursor)) {
+ bool name_ok = False;
- ret = smb_krb5_unparse_name(talloc_tos(), context,
kt_entry.principal, ktprinc);
+ if (!flush (princ_s != NULL)) {
+ ret = smb_krb5_unparse_name(talloc_tos(), context,
+ kt_entry.principal,
+ ktprinc);
if (ret) {
- DEBUG(1,(smb_krb5_kt_add_entry_ext:
smb_krb5_unparse_name failed (%s)\n,
- error_message(ret)));
+ DEBUG(1, (__location__
+ : smb_krb5_unparse_name failed
+ (%s)\n, error_message(ret)));
goto out
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 1ab17f1... s3-ads: Remove unused wrapper and make function static
from d7c8fb2... s3: async cli_list
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 1ab17f13a27429d34439c0ba3b77685e3a55c2c3
Author: Simo Sorce i...@samba.org
Date: Wed Aug 18 09:36:54 2010 -0400
s3-ads: Remove unused wrapper and make function static
---
Summary of changes:
source3/include/krb5_protos.h|8 ---
source3/libads/kerberos_keytab.c | 39 +++--
2 files changed, 12 insertions(+), 35 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/krb5_protos.h b/source3/include/krb5_protos.h
index 0b8aa71..e229a14 100644
--- a/source3/include/krb5_protos.h
+++ b/source3/include/krb5_protos.h
@@ -124,14 +124,6 @@ krb5_error_code smb_krb5_keytab_name(TALLOC_CTX *mem_ctx,
krb5_context context,
krb5_keytab keytab,
const char **keytab_name);
-int smb_krb5_kt_add_entry_ext(krb5_context context,
- krb5_keytab keytab,
- krb5_kvno kvno,
- const char *princ_s,
- krb5_enctype *enctypes,
- krb5_data password,
- bool no_salt,
- bool keep_old_entries);
krb5_error_code smb_krb5_get_credentials(krb5_context context,
krb5_ccache ccache,
krb5_principal me,
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index d2215ec..10c7087 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -180,14 +180,14 @@ out:
return ret;
}
-int smb_krb5_kt_add_entry_ext(krb5_context context,
- krb5_keytab keytab,
- krb5_kvno kvno,
- const char *princ_s,
- krb5_enctype *enctypes,
- krb5_data password,
- bool no_salt,
- bool keep_old_entries)
+static int smb_krb5_kt_add_entry(krb5_context context,
+krb5_keytab keytab,
+krb5_kvno kvno,
+const char *princ_s,
+krb5_enctype *enctypes,
+krb5_data password,
+bool no_salt,
+bool keep_old_entries)
{
krb5_error_code ret;
krb5_keytab_entry kt_entry;
@@ -250,23 +250,6 @@ out:
return (int)ret;
}
-static int smb_krb5_kt_add_entry(krb5_context context,
-krb5_keytab keytab,
-krb5_kvno kvno,
-const char *princ_s,
-krb5_enctype *enctypes,
-krb5_data password)
-{
- return smb_krb5_kt_add_entry_ext(context,
-keytab,
-kvno,
-princ_s,
-enctypes,
-password,
-false,
-false);
-}
-
/**
Adds a single service principal, i.e. 'host' to the system keytab
***/
@@ -415,7 +398,8 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char
*srvPrinc)
/* add the fqdn principal to the keytab */
ret = smb_krb5_kt_add_entry(context, keytab, kvno,
- princ_s, enctypes, password);
+ princ_s, enctypes, password,
+ false, false);
if (ret) {
DEBUG(1, (__location__ : Failed to add entry to keytab\n));
goto out;
@@ -424,7 +408,8 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char
*srvPrinc)
/* add the short principal name if we have one */
if (short_princ_s) {
ret = smb_krb5_kt_add_entry(context, keytab, kvno,
- short_princ_s, enctypes, password);
+ short_princ_s, enctypes, password,
+ false, false);
if (ret) {
DEBUG(1, (__location__
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via f40ef7e... s3-dcerpc: Use common send functions for ntlmssp too
via 86914b8... s3-dcerpc: properly implement gse/spnego_get_session_key
via 26a3ba6... s3-dcerpc: Check data and return appropriate error
via 9b8c7d4... s3-dcerpc: Remove unused function
via 7b12513... s3-dcerpc: make a few local functions as static
via 9a9a38c... Change debug statements to use __location__
via 72a0098... s3-dcerpc: Pull packet in the caller, before validation
via 558320c... Add my (c)
from 1791d05... s3-samr: Fixed some build warnings.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit f40ef7e24cda2d25dcb04cb7e83cd1f3d62a66e4
Author: Simo Sorce i...@samba.org
Date: Tue Aug 3 05:11:28 2010 -0400
s3-dcerpc: Use common send functions for ntlmssp too
Remove unused function.
commit 86914b8fab764667ca5021f44b61c0222dbb2e09
Author: Simo Sorce i...@samba.org
Date: Mon Aug 2 12:15:43 2010 -0400
s3-dcerpc: properly implement gse/spnego_get_session_key
commit 26a3ba60e661bc2eaf05a2c03f8851d252515d3e
Author: Simo Sorce i...@samba.org
Date: Mon Aug 2 12:05:45 2010 -0400
s3-dcerpc: Check data and return appropriate error
commit 9b8c7d47f98dffe961dc513f5452dfd72b508136
Author: Simo Sorce i...@samba.org
Date: Mon Aug 2 12:18:58 2010 -0400
s3-dcerpc: Remove unused function
commit 7b12513d125e13a4db3f32adc05030fbb302f510
Author: Simo Sorce i...@samba.org
Date: Mon Aug 2 10:28:10 2010 -0400
s3-dcerpc: make a few local functions as static
commit 9a9a38c666a8285fdfac35758aa85f5d33ba6e95
Author: Simo Sorce i...@samba.org
Date: Mon Aug 2 10:14:02 2010 -0400
Change debug statements to use __location__
commit 72a0098415c1d676a77a032c0f5fda90e9c1b905
Author: Simo Sorce i...@samba.org
Date: Mon Aug 2 10:03:04 2010 -0400
s3-dcerpc: Pull packet in the caller, before validation
commit 558320cf582a5ebc50af28061f5e33f7e4158fba
Author: Simo Sorce i...@samba.org
Date: Mon Aug 2 09:47:01 2010 -0400
Add my (c)
---
Summary of changes:
source3/include/proto.h |4 -
source3/librpc/rpc/dcerpc_gssapi.c | 51 +-
source3/librpc/rpc/dcerpc_gssapi.h |3 +-
source3/librpc/rpc/dcerpc_helpers.c |1 +
source3/librpc/rpc/dcerpc_spnego.c | 11 ++-
source3/librpc/rpc/dcerpc_spnego.h |3 +-
source3/rpc_client/cli_pipe.c | 184 +++---
source3/rpc_server/srv_pipe.c | 27 +
8 files changed, 147 insertions(+), 137 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 70a2102..ebb3432 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -4742,10 +4742,6 @@ NTSTATUS rpc_pipe_register_commands(int version, const
char *clnt,
const struct ndr_syntax_id *interface,
const struct api_struct *cmds, int size);
bool is_known_pipename(const char *cli_filename, struct ndr_syntax_id *syntax);
-bool api_pipe_bind_req(struct pipes_struct *p, struct ncacn_packet *pkt);
-bool api_pipe_alter_context(struct pipes_struct *p, struct ncacn_packet *pkt);
-void free_pipe_rpc_context( PIPE_RPC_FNS *list );
-bool api_pipe_request(struct pipes_struct *p, struct ncacn_packet *pkt);
/* The following definitions come from rpc_server/srv_pipe_hnd.c */
diff --git a/source3/librpc/rpc/dcerpc_gssapi.c
b/source3/librpc/rpc/dcerpc_gssapi.c
index 2de46b5..777f5f1 100644
--- a/source3/librpc/rpc/dcerpc_gssapi.c
+++ b/source3/librpc/rpc/dcerpc_gssapi.c
@@ -28,6 +28,21 @@
#include gssapi/gssapi_krb5.h
#include gssapi/gssapi_ext.h
+#ifndef GSS_KRB5_INQ_SSPI_SESSION_KEY_OID
+#define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH 11
+#define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID
\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05
+#endif
+
+#ifndef GSS_KRB5_SESSION_KEY_ENCTYPE_OID
+#define GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH 10
+#define GSS_KRB5_SESSION_KEY_ENCTYPE_OID
\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x04
+#endif
+
+gss_OID_desc gse_sesskey_inq_oid = { GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH,
+ (void *)GSS_KRB5_INQ_SSPI_SESSION_KEY_OID };
+gss_OID_desc gse_sesskeytype_oid = { GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH,
+ (void *)GSS_KRB5_SESSION_KEY_ENCTYPE_OID };
+
static char *gse_errstr(TALLOC_CTX *mem_ctx, OM_uint32 maj, OM_uint32 min);
struct gse_context {
@@ -44,8 +59,6 @@ struct gse_context {
gss_name_t server_name;
gss_cred_id_t cli_creds;
- DATA_BLOB session_key;
-
bool more_processing;
};
@@ -348,9 +361,39 @@ bool gse_require_more_processing(struct gse_context
*gse_ctx)
return gse_ctx-more_processing;
}
-DATA_BLOB
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 0a89722... s3-ads: Remove unused function and file
from aca7b22... s3:winbindd: don't ignore 'result' in
wb_dsgetdcname_done()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 0a89722671aa7fba8d7befa530dc69bb67260919
Author: Simo Sorce i...@samba.org
Date: Tue Aug 17 06:40:38 2010 -0400
s3-ads: Remove unused function and file
---
Summary of changes:
source3/Makefile.in|2 +-
source3/libads/ads_proto.h |2 --
source3/libads/ads_utils.c | 28
3 files changed, 1 insertions(+), 31 deletions(-)
delete mode 100644 source3/libads/ads_utils.c
Changeset truncated at 500 lines:
diff --git a/source3/Makefile.in b/source3/Makefile.in
index fac4e0b..6d08f43 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -460,7 +460,7 @@ LIBADS_OBJ = libads/ldap.o \
libads/kerberos_util.o \
libads/ldap_user.o \
libads/ads_struct.o libads/kerberos_keytab.o \
- libads/disp_sec.o libads/ads_utils.o libads/ldap_utils.o \
+ libads/disp_sec.o libads/ldap_utils.o \
libads/ldap_schema.o libads/util.o libads/ndr.o
LIBADS_SERVER_OBJ = libads/kerberos_verify.o libads/authdata.o \
diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h
index aedd23f..b924034 100644
--- a/source3/libads/ads_proto.h
+++ b/source3/libads/ads_proto.h
@@ -9,8 +9,6 @@ ADS_STRUCT *ads_init(const char *realm,
bool ads_set_sasl_wrap_flags(ADS_STRUCT *ads, int flags);
void ads_destroy(ADS_STRUCT **ads);
-const char *ads_get_ldap_server_name(ADS_STRUCT *ads);
-
/* The following definitions come from libads/disp_sec.c */
void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct
security_descriptor *sd);
diff --git a/source3/libads/ads_utils.c b/source3/libads/ads_utils.c
deleted file mode 100644
index ec3efa8..000
--- a/source3/libads/ads_utils.c
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- ads (active directory) utility library
-
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Andrew Tridgell 2001
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see http://www.gnu.org/licenses/.
-*/
-
-#include includes.h
-#include ads.h
-
-const char *ads_get_ldap_server_name(ADS_STRUCT *ads)
-{
- return ads-config.ldap_server_name;
-}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 71d80e6... s3-krb5 Only build ADS support if arcfour-hmac-md5 is
available
via fff6fa7... s3:libnet Add other required headers for
libnet_samsync_keytab.c
from 5390bae... tdb: add TDB_DEPS variable filled with required libraries
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 71d80e6be0687ac7c2f3caab5e7b8caf400fe37e
Author: Andrew Bartlett abart...@samba.org
Date: Tue Aug 10 08:25:02 2010 +1000
s3-krb5 Only build ADS support if arcfour-hmac-md5 is available
Modern Kerberos implementations have either defines or enums for these
key types, which makes doing #ifdef difficult. This shows up in files
such as libnet_samsync_keytab.c, the bulk of which is not compiled on
current Fedora 12, for example.
The downside is that this makes Samba unconditionally depend on the
arcfour-hmac-md5 encryption type at build time. We will no longer
support libraries that only support the DES based encryption types.
However, the single-DES types that are supported in common with AD are
already painfully weak - so much so that they are disabled by default
in modern Kerberos libraries.
If not found, ADS support will not be compiled in.
This means that our 'net ads join' will no longer set the
ACB_USE_DES_KEY_ONLY flag, and we will always try to use
arcfour-hmac-md5.
A future improvement would be to remove the use of the DES encryption
types totally, but this would require that any ACB_USE_DES_KEY_ONLY
flag be removed from existing joins.
Andrew Bartlett
Signed-off-by: Simo Sorce i...@samba.org
commit fff6fa72ffa7890cee516bd7e65b50bdb8daf51d
Author: Andrew Bartlett abart...@samba.org
Date: Tue Aug 10 12:00:29 2010 +1000
s3:libnet Add other required headers for libnet_samsync_keytab.c
Due to missing defines in modern kerberos libraries, this code was
not compiled and so this wasn't noticed.
Andrew Bartlett
Signed-off-by: Simo Sorce i...@samba.org
---
Summary of changes:
source3/configure.in | 20 +++-
source3/include/smb_krb5.h |2 +-
source3/libads/kerberos_keytab.c |9 -
source3/libads/kerberos_verify.c |2 --
source3/libnet/libnet_dssync_keytab.c |4 ++--
source3/libnet/libnet_join.c |6 --
.../libnet/{libnet_join.c = libnet_join.c.orig} |0
source3/libnet/libnet_samsync_keytab.c |7 +--
...msync_keytab.c = libnet_samsync_keytab.c.orig} |3 +++
source3/libsmb/clikrb5.c |2 --
10 files changed, 34 insertions(+), 21 deletions(-)
copy source3/libnet/{libnet_join.c = libnet_join.c.orig} (100%)
copy source3/libnet/{libnet_samsync_keytab.c = libnet_samsync_keytab.c.orig}
(99%)
Changeset truncated at 500 lines:
diff --git a/source3/configure.in b/source3/configure.in
index 6b73671..b4564ee 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -4040,6 +4040,7 @@ if test x$with_ads_support != xno; then
[Whether the krb5_keyblock struct has a keyvalue property])
fi
+ found_arcfour_hmac=no
AC_CACHE_CHECK([for ENCTYPE_ARCFOUR_HMAC_MD5],
samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5,[
AC_TRY_COMPILE([#include krb5.h],
@@ -4057,7 +4058,19 @@ if test x$with_ads_support != xno; then
if test x$samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5 = xyes -a\
x$samba_cv_HAVE_KEYTYPE_ARCFOUR_56 = xyes; then
AC_DEFINE(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5,1,
- [Whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type is available])
+ [Whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type definition is
available])
+found_arcfour_hmac=yes
+ fi
+ AC_CACHE_CHECK([for ENCTYPE_ARCFOUR_HMAC],
+ samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC,[
+AC_TRY_COMPILE([#include krb5.h],
+ [krb5_enctype enctype; enctype = ENCTYPE_ARCFOUR_HMAC;],
+ samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC=yes,
+ samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC=no)])
+ if test x$samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC = xyes; then
+AC_DEFINE(HAVE_ENCTYPE_ARCFOUR_HMAC,1,
+ [Whether the ENCTYPE_ARCFOUR_HMAC key type definition is
available])
+found_arcfour_hmac=yes
fi
AC_CACHE_CHECK([for AP_OPTS_USE_SUBKEY],
@@ -4300,6 +4313,11 @@ if test x$with_ads_support != xno; then
# NOTE: all tests should be done before this block!
#
#
+ if test x$found_arcfour_hmac != xyes; then
+AC_MSG_WARN(arcfour-hmac-md5 encryption type not found in -lkrb5)
+use_ads=no
+ fi
+
if test x$ac_cv_lib_ext_krb5_krb5_mk_req_extended != xyes; then
AC_MSG_WARN(krb5_mk_req_extended not found
