[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 08fa573... s3: Enable use of ccache by default for libsmbclient from 1e2e92f... Correct fix for unused variable return from ndr_decode. Use it :-). Jeremy. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 08fa57335a2e1ac44764330c0d95aaf099aa0c15 Author: Volker Lendecke v...@samba.org Date: Tue Jan 26 10:51:32 2010 +0100 s3: Enable use of ccache by default for libsmbclient Disable this by setting the environment variable LIBSMBCLIENT_NO_CCACHE, which has the advantage over an smb.conf option to be easily settable per application. --- Summary of changes: source3/libsmb/libsmb_context.c |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/libsmb_context.c b/source3/libsmb/libsmb_context.c index 2e56911..c44d92c 100644 --- a/source3/libsmb/libsmb_context.c +++ b/source3/libsmb/libsmb_context.c @@ -173,6 +173,9 @@ smbc_new_context(void) smbc_setOptionBrowseMaxLmbCount(context, 3);/* # LMBs to query */ smbc_setOptionUrlEncodeReaddirEntries(context, False); smbc_setOptionOneSharePerServer(context, False); + if (getenv(LIBSMBCLIENT_NO_CCACHE) == NULL) { + smbc_setOptionUseCCache(context, true); + } smbc_setFunctionAuthData(context, SMBC_get_auth_data); smbc_setFunctionCheckServer(context, SMBC_check_server); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a0c31ec... mount.cifs: don't allow it to be run as setuid root program via a065c17... mount.cifs: check for invalid characters in device name and mountpoint via 3ae5dac... mount.cifs: take extra care that mountpoint isn't changed during mount from 7148eff... s4-smbtorture: also test smbc_getOptionUseCCache http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a0c31ec1c8d1220a5884e40d9ba6b191a04a24d5 Author: Jeff Layton jlay...@redhat.com Date: Tue Jan 26 08:15:41 2010 -0500 mount.cifs: don't allow it to be run as setuid root program mount.cifs has been the subject of several security fire drills due to distributions installing it as a setuid root program. This program has not been properly audited for security and the Samba team highly recommends that it not be installed as a setuid root program at this time. To make that abundantly clear, this patch forcibly disables the ability for mount.cifs to run as a setuid root program. People are welcome to trivially patch this out, but they do so at their own peril. A security audit and redesign of this program is in progress and we hope that we'll be able to remove this in the near future. Signed-off-by: Jeff Layton jlay...@redhat.com commit a065c177dfc8f968775593ba00dffafeebb2e054 Author: Jeff Layton jlay...@redhat.com Date: Tue Jan 26 08:15:41 2010 -0500 mount.cifs: check for invalid characters in device name and mountpoint It's apparently possible to corrupt the mtab if you pass embedded newlines to addmntent. Apparently tabs are also a problem with certain earlier glibc versions. Backslashes are also a minor issue apparently, but we can't reasonably filter those. Make sure that neither the devname or mountpoint contain any problematic characters before allowing the mount to proceed. Signed-off-by: Jeff Layton jlay...@redhat.com commit 3ae5dac462c4ed0fb2cd94553583c56fce2f9d80 Author: Jeff Layton jlay...@redhat.com Date: Tue Jan 26 08:15:41 2010 -0500 mount.cifs: take extra care that mountpoint isn't changed during mount It's possible to trick mount.cifs into mounting onto the wrong directory by replacing the mountpoint with a symlink to a directory. mount.cifs attempts to check the validity of the mountpoint, but there's still a possible race between those checks and the mount(2) syscall. To guard against this, chdir to the mountpoint very early, and only deal with it as . from then on out. Signed-off-by: Jeff Layton jlay...@redhat.com --- Summary of changes: client/mount.cifs.c | 107 ++ 1 files changed, 98 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/client/mount.cifs.c b/client/mount.cifs.c index 459a9f3..9044184 100644 --- a/client/mount.cifs.c +++ b/client/mount.cifs.c @@ -43,7 +43,7 @@ #include mount.h #define MOUNT_CIFS_VERSION_MAJOR 1 -#define MOUNT_CIFS_VERSION_MINOR 13 +#define MOUNT_CIFS_VERSION_MINOR 14 #ifndef MOUNT_CIFS_VENDOR_SUFFIX #ifdef _SAMBA_BUILD_ @@ -87,6 +87,17 @@ #define MAX_ADDRESS_LEN INET6_ADDRSTRLEN /* + * mount.cifs has been the subject of many security bugs that have arisen + * because of users and distributions installing it as a setuid root program. + * mount.cifs has not been audited for security. Thus, we strongly recommend + * that it not be installed setuid root. To make that abundantly clear, + * mount.cifs now check whether it's running setuid root and exit with an + * error if it is. If you wish to disable this check, then set the following + * #define to 1, but please realize that you do so at your own peril. + */ +#define CIFS_DISABLE_SETUID_CHECK 0 + +/* * By default, mount.cifs follows the conventions set forth by /bin/mount * for user mounts. That is, it requires that the mount be listed in * /etc/fstab with the user option when run as an unprivileged user and @@ -178,7 +189,7 @@ check_mountpoint(const char *progname, char *mountpoint) struct stat statbuf; /* does mountpoint exist and is it a directory? */ - err = stat(mountpoint, statbuf); + err = stat(., statbuf); if (err) { fprintf(stderr, %s: failed to stat %s: %s\n, progname, mountpoint, strerror(errno)); @@ -212,6 +223,29 @@ check_mountpoint(const char *progname, char *mountpoint) return 0; } +#if CIFS_DISABLE_SETUID_CHECK +static int +check_setuid(void) +{ + return 0; +} +#else /* CIFS_DISABLE_SETUID_CHECK */ +static int +check_setuid(void) +{ + if (getuid() !geteuid()) { + printf(This mount.cifs program has been built with the +
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 77bb3f2... s3-docs: Fix version in man ldbrename. via 0e8552a... s3: Enable use of ccache by default for libsmbclient via 9698c21... s3-libsmbclient: Add smbc_setOptionUseCCache() via af32a49... s3: Add --use-ccache to net via b99ab82... s3: add libnetapi_set_use_ccache() via 3402773... s3: Fix a bug in net's use of popt via 2aca69e... s3: Enable -C in rpcclient via 36854ea... s3: Add CLI_FULL_CONNECTION_USE_CCACHE via 5e91f9e... s3: Use -C in smbclient via 58ebc50... s3: Add -C (--use-ccache) to popt_common_credentials via e06abe4... s3: Add ccache use to cli_session_setup_ntlmssp via 8e96e1f... s3: Add NTLMSSP_FEATURE_CCACHE via 7ab798d... libwbclient: Actually implement wbcCredentialCache() via 99f6f32... s3: Add the session key to the ccache_ntlm_auth response via 1ae7b07... s3: Add wbinfo --ccache-save from 007dbc5... lib/popt: Fix typo in README. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 77bb3f2a5596c84e99b9006d2a31a752c68ab34a Author: Karolin Seeger ksee...@samba.org Date: Tue Jan 26 14:19:31 2010 +0100 s3-docs: Fix version in man ldbrename. Karolin commit 0e8552abc1b48e62aaac3cab7c13c8dea60c9f9b Author: Volker Lendecke v...@samba.org Date: Tue Jan 26 10:51:32 2010 +0100 s3: Enable use of ccache by default for libsmbclient Disable this by setting the environment variable LIBSMBCLIENT_NO_CCACHE, which has the advantage over an smb.conf option to be easily settable per application. commit 9698c214624678125551f2d65b95deb29ea72b64 Author: Volker Lendecke v...@samba.org Date: Sun Jan 24 19:24:10 2010 +0100 s3-libsmbclient: Add smbc_setOptionUseCCache() Can we enable this by default? This would be a change in behaviour, but this feature is just too cool for everyone to catch up in the apps. The patch would be commit af32a49c7d8803f597e184f1361e795f179b809f Author: Volker Lendecke v...@samba.org Date: Sun Jan 24 18:50:48 2010 +0100 s3: Add --use-ccache to net commit b99ab82ebab598b45eb6729498c9e67b195e698d Author: Volker Lendecke v...@samba.org Date: Sun Jan 24 18:50:31 2010 +0100 s3: add libnetapi_set_use_ccache() commit 340277382518c62e23faae4af69a9c5c32b96af2 Author: Volker Lendecke v...@samba.org Date: Sun Jan 24 18:51:58 2010 +0100 s3: Fix a bug in net's use of popt In order to add --use-ccache to net, I added another bool opt_ccache; to struct net_context. popt did not like this, it took a while to figure out why. Popt has the lines /* XXX Check alignment, may fail on funky platforms. */ if (arg == NULL || (((unsigned long)arg) (sizeof(*arg)-1))) return POPT_ERROR_NULLARG; The bool opt_ccache; was not aligned anymore... commit 2aca69ef0df02e655125d9db31e1f0144d21a144 Author: Volker Lendecke v...@samba.org Date: Sun Jan 24 17:35:04 2010 +0100 s3: Enable -C in rpcclient commit 36854ea0aa260dfe23f77825e942f5b3905d396d Author: Volker Lendecke v...@samba.org Date: Sun Jan 24 17:34:13 2010 +0100 s3: Add CLI_FULL_CONNECTION_USE_CCACHE commit 5e91f9eb10404a1df470fd87fc8c1cae5ea7b70c Author: Volker Lendecke v...@samba.org Date: Sun Jan 24 17:08:56 2010 +0100 s3: Use -C in smbclient $ bin/wbinfo --ccache-save=w2k3ad\\vl%Password saving creds succeeded $ bin/smbclient //192.168.42.160/tmp -Uvl -N -C -W w2k3ad OS=[Windows Server 2003 R2 3790 Service Pack 2] Server=[Windows Server 2003 R2 5.2] smb: \ $ bin/wbinfo --ccache-save=w2k3ad\\vl%WrongPassword saving creds succeeded $ bin/smbclient //192.168.42.160/tmp -Uvl -N -C -W w2k3ad Anonymous login successful Domain=[W2K3AD] OS=[Windows Server 2003 R2 3790 Service Pack 2] Server=[Windows Server 2003 R2 5.2] tree connect failed: NT_STATUS_ACCESS_DENIED $ commit 58ebc50663a299e16684aa24cfae95954d5a14f0 Author: Volker Lendecke v...@samba.org Date: Sun Jan 24 17:07:24 2010 +0100 s3: Add -C (--use-ccache) to popt_common_credentials commit e06abe412f78b58f36998037637d1b3478fdc477 Author: Volker Lendecke v...@samba.org Date: Sun Jan 24 16:50:46 2010 +0100 s3: Add ccache use to cli_session_setup_ntlmssp commit 8e96e1f49867d1260aa291b688fbb58e01ef2009 Author: Volker Lendecke v...@samba.org Date: Sun Jan 24 16:47:24 2010 +0100 s3: Add NTLMSSP_FEATURE_CCACHE Uses the winbind ccache to do authentication if asked to do so commit 7ab798d141bf715808fa0941f19422069e65fa0e Author: Volker Lendecke v...@samba.org Date: Sun Jan 24 16:44:15 2010 +0100 libwbclient: Actually implement wbcCredentialCache() commit 99f6f322ae5aa13596c5b0f1a6e600b6fec48896 Author: Volker Lendecke v...@samba.org Date: Sun Jan 24 16:41:30 2010 +0100 s3: Add the
[SCM] Samba Shared Repository - branch v3-4-test updated
The branch, v3-4-test has been updated via 69100db... s3-docs: Adapt version in man ldbrename. via ba665a5... s3/docs: Add missing meta data to man ldbrename. from 28b3cf3... s3: Fix bug 7052: DFS broken on AIX (maybe others) (cherry picked from commit c531d00abdb19ff6ba4c60ebdcc8319949c6) (cherry picked from commit f21796955e7aa2e84a1c810612f2fdee2bde611c) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit 69100db8c331ed15651ae52b88632d047f148ae4 Author: Karolin Seeger ksee...@samba.org Date: Tue Jan 26 14:28:12 2010 +0100 s3-docs: Adapt version in man ldbrename. Karolin commit ba665a53b3a86a56b1cf3adeccf6764291dc264b Author: Karolin Seeger ksee...@samba.org Date: Thu Oct 15 12:27:24 2009 +0200 s3/docs: Add missing meta data to man ldbrename. Avoid warnings. Karolin (cherry picked from commit 6a9e88e08bfa4463ce5bdc57183f6518b524c98c) (cherry picked from commit 1a25ef232bacb59aa753fbe21fed53a996d2e6b3) --- Summary of changes: docs-xml/manpages-3/ldbrename.1.xml |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/ldbrename.1.xml b/docs-xml/manpages-3/ldbrename.1.xml index 391ec84..8567cd4 100644 --- a/docs-xml/manpages-3/ldbrename.1.xml +++ b/docs-xml/manpages-3/ldbrename.1.xml @@ -5,6 +5,9 @@ refmeta refentrytitleldbrename/refentrytitle manvolnum1/manvolnum +refmiscinfo class=sourceSamba/refmiscinfo +refmiscinfo class=manualUser Commands/refmiscinfo +refmiscinfo class=version3.4/refmiscinfo /refmeta -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 048adb5... WHATSNEW: Update changes. from 77bb3f2... s3-docs: Fix version in man ldbrename. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 048adb50d83a3928820e6607451d582696cd7cc7 Author: Karolin Seeger ksee...@samba.org Date: Tue Jan 26 14:58:45 2010 +0100 WHATSNEW: Update changes. Karolin --- Summary of changes: WHATSNEW.txt | 11 +++ 1 files changed, 11 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index ac82c51..1a30e15 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -13,6 +13,7 @@ Major enhancements in Samba 3.5.0 include: General changes: o Add support for full Windows timestamp resolution o The Using Samba HTML book has been removed. +o 'net', 'smbclient' and libsmbclient can use credentials cached by Winbind. Protocol changes: o Experimental implementation of SMB2 @@ -38,6 +39,12 @@ kernel (2.6.22 and higher) and the glibc (2.6 and higher). The Using Samba HTML book has been removed from the Samba tarball. It is still available at http://www.samba.org/samba/docs/using_samba/toc.html. +Samba client tools like 'net', 'smbclient' and libsmbclient can use the user +credentials cached by Winbind at logon time. This is very useful e.g. when +connecting to a Samba server using Nautilus without re-entering username and +password. This feature is enabled by default and can be disabled per application +by setting the LIBSMBCLIENT_NO_CCACHE environment variable. + Protocol changes @@ -105,6 +112,8 @@ o Björn Jacke b...@sernet.de o Volker Lendecke v...@samba.org * Major internal refactoring of the Winbind daemon. * Make Winbind asynchronous. +* Make 'net', 'smbclient' and libsmbclient use the logon credentials cached + by Winbind. o Stefan Metzmacher me...@samba.org @@ -159,6 +168,8 @@ o Volker Lendecke v...@samba.org * BUG 7027: Fix a segfault in winbindd_dual_ccache_ntlm_auth(). * BUG 7037: Fix a Winbind segfault in trusted_domains. * BUG 7046: Fix libsmbclient crash against OpenSolaris CIFS server. +* BUG 7062: Make 'net', 'smbclient' and libsmbclient use the logon + credentials cached by Winbind. * Lock down some srvsvc calls according to what w2k3 seems to do. -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag release-3-5-0rc2 created
The annotated tag, release-3-5-0rc2 has been created at 94bf3471d9196f3bf070d73ef2fa804f09c106b2 (tag) tagging 6e4252217a6f239a64afc5103d6416c402e5e10f (commit) replaces release-3-5-0rc1 tagged by Karolin Seeger on Tue Jan 26 15:11:54 2010 +0100 - Log - tag release-3-5-0rc2 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.12 (GNU/Linux) iD8DBQBLXvhGbzORW2Vot+oRAhbcAKCMxgBPqfsN5HvWo7Uy4apLyvuyQACgoqqJ c3EZUrn5lamOPpPunOw4CoI= =tT+U -END PGP SIGNATURE- André Hentschel (1): net: Add German translation, specially for the command listing Björn Jacke (3): s3/i18n/de: improve some German translations Ñ3/i18n/de: fix typo s3/net: split up some printable stings to ease i18n Giovanni Bajo (1): s3-lanman: Allow a level2 descriptor for a level1 NetShareGetInfo Günther Deschner (2): s3-docs: mention -K option in pdbedit manpage. s3-libsmbclient: Fix crash bug in SMBC_parse_path(). Jeremy Allison (7): Re-fix bug 5202 - cannot change ACLs on writable file with dos filemode=yes Fix bug #7033 - SMBrmdir call always returns true, even on failure to delete a directory. Fix two uses of strncat - strlcat. Ensure proper use of strncpy when setting socket name. Fix bug #7036 - net rpc getsid fails in hardened windows environments. Fix bug #6876 - Delete of an object whose parent folder does not have delete rights fails even if the delete right is set on the object. Modification of fix for bug 6876 - Delete of an object whose parent folder does not have delete rights fails even if the delete right is set on the object Fix bug 7045 - Bad (non memory copying) interfaces in smbc_set calls. Kai Blin (5): s3 net: Fix compile error with WITH_DNS_UPDATES s3 net/i18n: Use only one spelling for Usage: s3 net/i18n: update .po files s3 net: Fix compile warnings s3 net/i18n: Update .po files Karolin Seeger (11): VERSION: Raise version number up to 3.5.0rc2. WHATSNEW: Start 3.5.0rc2 release notes. s3-docs: Adapt version number in man vfs_scannedonly. WHATSNEW: Update release notes. s3-docs: Fix typos. WHATSNEW: Update changes since 3.5.0rc1. WHATSNEW: Update changes. s3/docs: Fix typo. lib/popt: Fix typo in README. s3-docs: Fix version in man ldbrename. WHATSNEW: Update changes. Michael Adam (15): docs: fix xml tag in the pdbedit manpage s3:check_sam_security: untangle assignment from statement s3:auth:sam_password_ok: enhance readability (imho) by adding some pointers s3:auth:sam_password_ok: fix allocation of a data blob. s3:auth: use data_blob_null instead of data_blob(NULL, 0) in sam_password_ok() s3:auth:sam_password_ok: take username, acct_ctrl and nt/lm hashes, not sampass s3:auth:check_sam_security: null out sampass after it has been stolen. s3:auth:check_sam_security: create (and use) a common exit point s3:auth:check_sam_security: fix a leading tab/ws mixup s3:auth:check_sam_security: improve calling and logging of pdb_update_sam_account s3:smbd:password_in_history: treat entry with 0 salt as 0 + plain nt hash s3:passdb: store the plain nt passwords hashes in history, not salted md5 s3:auth:check_sam_security: introduce a bool var to control pad_pw_count incrementation s3:auth: don't update the bad pw count if pw is among last 2 history entries s3:auth: fix account unlock regression introduced with fix for bug #4347 Olivier Sessink (3): Bug #7028 part1 Part 4 of bug #7028 - include scannedonly VFS module s3-docs: Add man page for vfs_scannedonly. SASAJIMA Toshihiro (1): Fix bug #7034 - vfs_cap causes signal 11 (SIGSEGV) (cherry picked from commit ca847952054f5bbde1d40ad4260589b6fcc9721d) Stefan Metzmacher (2): s3:smbldap: add smbldap_talloc_first_attribute() s3:pdb_ldap: restore Samba 3.0.x behavior and use the first uid value. Volker Lendecke (33): s3: Lock down some srvsvc calls according to what w2k3 seems to do s3: Fix a segfault in winbindd_dual_ccache_ntlm_auth() s3: Fix a winbind segfault in trusted_domains s3: Lift the version of the scannedonly VFS module (cherry picked from commit 2d4dda0688d5c88fb73ae17db970afe9d0f77f6a) s3: Fix a crash in libsmbclient used against the OpenSolaris CIFS server s3:pdb_ldap: Fix large paged search. s3: Avoid a memset(, 0, ) call s3: Fix a typo s3: Simplify pdb_set_plaintext_passwd() slightly s3: Simplify pdb_set_plaintext_passwd() a bit s3: Make use of talloc_array in pdb_set_plaintext_passwd() s3: Simplify pdb_set_plaintext_passwd by using talloc_zero_array s3: Simplify pdb_set_plaintext_passwd: memcpy deals fine with 0 bytes s3: Simplify pdb_set_plaintext_passwd() by
[SCM] Samba Shared Repository - branch v3-5-stable updated
The branch, v3-5-stable has been updated via 6e42522... WHATSNEW: Update changes. via ff7027a... s3-docs: Fix version in man ldbrename. via a4e7412... s3: Enable use of ccache by default for libsmbclient via b244e3e... s3-libsmbclient: Add smbc_setOptionUseCCache() via ce033a7... s3: Add --use-ccache to net (cherry picked from commit af32a49c7d8803f597e184f1361e795f179b809f) via b2c393a... s3: add libnetapi_set_use_ccache() (cherry picked from commit b99ab82ebab598b45eb6729498c9e67b195e698d) via e2e48df... s3: Fix a bug in net's use of popt via a97d76b... s3: Enable -C in rpcclient (cherry picked from commit 2aca69ef0df02e655125d9db31e1f0144d21a144) via a361992... s3: Add CLI_FULL_CONNECTION_USE_CCACHE (cherry picked from commit 36854ea0aa260dfe23f77825e942f5b3905d396d) via f3428ec... s3: Use -C in smbclient via 1fcfa0b... s3: Add -C (--use-ccache) to popt_common_credentials (cherry picked from commit 58ebc50663a299e16684aa24cfae95954d5a14f0) via bef877a... s3: Add ccache use to cli_session_setup_ntlmssp (cherry picked from commit e06abe412f78b58f36998037637d1b3478fdc477) via 7928241... s3: Add NTLMSSP_FEATURE_CCACHE via dc3e7f7... libwbclient: Actually implement wbcCredentialCache() (cherry picked from commit 7ab798d141bf715808fa0941f19422069e65fa0e) via 2643ff4... s3: Add the session key to the ccache_ntlm_auth response (cherry picked from commit 99f6f322ae5aa13596c5b0f1a6e600b6fec48896) via b444541... s3: Add wbinfo --ccache-save from 43c03a6... lib/popt: Fix typo in README. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-stable - Log - commit 6e4252217a6f239a64afc5103d6416c402e5e10f Author: Karolin Seeger ksee...@samba.org Date: Tue Jan 26 14:58:45 2010 +0100 WHATSNEW: Update changes. Karolin (cherry picked from commit 048adb50d83a3928820e6607451d582696cd7cc7) commit ff7027abcba3bfc69f068da2a8c3b0792c72e870 Author: Karolin Seeger ksee...@samba.org Date: Tue Jan 26 14:19:31 2010 +0100 s3-docs: Fix version in man ldbrename. Karolin (cherry picked from commit 77bb3f2a5596c84e99b9006d2a31a752c68ab34a) commit a4e7412578752a03a10d5c6a95221cba8c7bb077 Author: Volker Lendecke v...@samba.org Date: Tue Jan 26 10:51:32 2010 +0100 s3: Enable use of ccache by default for libsmbclient Disable this by setting the environment variable LIBSMBCLIENT_NO_CCACHE, which has the advantage over an smb.conf option to be easily settable per application. (cherry picked from commit 0e8552abc1b48e62aaac3cab7c13c8dea60c9f9b) commit b244e3ec83d508c4515dd0987c2880117ae9119f Author: Volker Lendecke v...@samba.org Date: Sun Jan 24 19:24:10 2010 +0100 s3-libsmbclient: Add smbc_setOptionUseCCache() Can we enable this by default? This would be a change in behaviour, but this feature is just too cool for everyone to catch up in the apps. The patch would be (cherry picked from commit 9698c214624678125551f2d65b95deb29ea72b64) commit ce033a724aff9bf587e8b3ba02e3010b565f3912 Author: Volker Lendecke v...@samba.org Date: Sun Jan 24 18:50:48 2010 +0100 s3: Add --use-ccache to net (cherry picked from commit af32a49c7d8803f597e184f1361e795f179b809f) commit b2c393a4bd4c9d8a8c2f5007fa287ca0a97a0919 Author: Volker Lendecke v...@samba.org Date: Sun Jan 24 18:50:31 2010 +0100 s3: add libnetapi_set_use_ccache() (cherry picked from commit b99ab82ebab598b45eb6729498c9e67b195e698d) commit e2e48df6dc9efb245f4c16d46f487a065d806d99 Author: Volker Lendecke v...@samba.org Date: Sun Jan 24 18:51:58 2010 +0100 s3: Fix a bug in net's use of popt In order to add --use-ccache to net, I added another bool opt_ccache; to struct net_context. popt did not like this, it took a while to figure out why. Popt has the lines /* XXX Check alignment, may fail on funky platforms. */ if (arg == NULL || (((unsigned long)arg) (sizeof(*arg)-1))) return POPT_ERROR_NULLARG; The bool opt_ccache; was not aligned anymore... (cherry picked from commit 340277382518c62e23faae4af69a9c5c32b96af2) commit a97d76b1515be57746b22413ec4bc1533feee71d Author: Volker Lendecke v...@samba.org Date: Sun Jan 24 17:35:04 2010 +0100 s3: Enable -C in rpcclient (cherry picked from commit 2aca69ef0df02e655125d9db31e1f0144d21a144) commit a3619926795f2bb139e9b9a3c9c4ceb40858d38e Author: Volker Lendecke v...@samba.org Date: Sun Jan 24 17:34:13 2010 +0100 s3: Add CLI_FULL_CONNECTION_USE_CCACHE (cherry picked from commit 36854ea0aa260dfe23f77825e942f5b3905d396d) commit f3428ecb6b3c640e703822592cb369c4bbe4d8fa Author: Volker Lendecke v...@samba.org Date: Sun Jan 24 17:08:56 2010 +0100 s3: Use -C in smbclient $ bin/wbinfo --ccache-save=w2k3ad\\vl%Password saving
svn commit: samba-web r1361 - in trunk: .
Author: kseeger Date: 2010-01-26 08:10:26 -0700 (Tue, 26 Jan 2010) New Revision: 1361 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1361 Log: Announce Samba 3.5.0rc2 Karolin Modified: trunk/index.html Changeset: Modified: trunk/index.html === --- trunk/index.html2010-01-19 11:08:25 UTC (rev 1360) +++ trunk/index.html2010-01-26 15:10:26 UTC (rev 1361) @@ -24,6 +24,38 @@ h2Latest News/h2 !--#include virtual=/samba/news/headlines.html -- +h426 January 2010/h4 +p class=headlineSamba 3.5.0rc2 Available for Download/p + +pSamba 3.5.0rc2 is now available for download. This the second +release candidate of the next upgrade production release version of Samba. +It is intended for testing purposes only. Please test and +a href=https://bugzilla.samba.org/;report any bugs that you +find/a. Please read the changes in the +a href=/samba/ftp/rc/WHATSNEW-3-5-0rc2.txtRelease Notes/a +for details on new features and difference in behavior from +previous releases./p + +pPlans are to ship the final 3.5.0 release on February 16 if there +are no major issues with 3.5.0rc2. Please see +a href=http://wiki.samba.org/index.php/Release_Planning_for_Samba_3.5; +Samba 3.5 Release Planning/a for more information on the current release +schedule./p + +pThe a href=/samba/ftp/rc/samba-3.5.0rc2.tar.gzSamba 3.5.0rc2 +source code/a can be downloaded now. The a +href=/samba/ftp/rc/samba-3.5.0rc2.tar.ascGnuPG +signature is for the for the emun/emcompressed tarball/a. +If you prefer, the a +href=/samba/ftp/rc/patch-3.5.0rc1-3.5.0rc2.diffs.gzpatch +file against Samba 3.5.0rc1/a +(a href=/samba/ftp/rc/patch-3.5.0rc1-3.5.0rc2.diffs.ascGnuPG +signature/a) is also available for download. +Please read these a href=/samba/download/instructions on +how to verify the gpg signature/a. Precompiled packages will +be made available on a volunteer basis and can be found in the +a href=/samba/ftp/Binary_Packages/Binary_Packages download area/a./p + h4a name=latest19 January 2010/a/h4 p class=headlineSamba 3.4.5 Available for Download/p @@ -68,7 +100,7 @@ signature is for the for the emun/emcompressed tarball/a. If you prefer, the a href=/samba/ftp/rc/patch-3.5.0pre2-3.5.0rc1.diffs.gzpatch -file against Samba 3.3.0pre2/a +file against Samba 3.5.0pre2/a (a href=/samba/ftp/rc/patch-3.5.0pre2-3.5.0rc1.diffs.ascGnuPG signature/a) is also available for download. Please read these a href=/samba/download/instructions on
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 137fd79... s4:winsrepl.idl: add random interface uuid via 601642d... s4:smbtorture: add BASE-BENCH-HOLDOPEN from a0c31ec... mount.cifs: don't allow it to be run as setuid root program http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 137fd79f445c30b04d443288c03db2b1cc5dcba3 Author: Stefan Metzmacher me...@samba.org Date: Tue Jan 26 15:22:09 2010 +0100 s4:winsrepl.idl: add random interface uuid This is needed to include the wrepl interface into ndrdump. metze commit 601642d92369ca9c572e40aa32b5b3b53eeb8dbf Author: Stefan Metzmacher me...@samba.org Date: Tue Jan 26 15:20:57 2010 +0100 s4:smbtorture: add BASE-BENCH-HOLDOPEN This is useful for manual performance testing with a large number of share mode entries. metze --- Summary of changes: source4/librpc/idl/winsrepl.idl |5 ++- source4/torture/basic/base.c|1 + source4/torture/basic/misc.c| 63 +++ 3 files changed, 68 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/librpc/idl/winsrepl.idl b/source4/librpc/idl/winsrepl.idl index 0ec05e8..cedc70b 100644 --- a/source4/librpc/idl/winsrepl.idl +++ b/source4/librpc/idl/winsrepl.idl @@ -11,7 +11,10 @@ import nbt.idl; -interface wrepl +[ + uuid(915f5653-bac1-431c-97ee-9ffb34526921), + helpstring(WINS Replication PDUs) +] interface wrepl { const int WINS_REPLICATION_PORT = 42; diff --git a/source4/torture/basic/base.c b/source4/torture/basic/base.c index 2c72257..ed389fb 100644 --- a/source4/torture/basic/base.c +++ b/source4/torture/basic/base.c @@ -1771,6 +1771,7 @@ NTSTATUS torture_base_init(void) torture_suite_add_1smb_test(suite, MAXIMUM_ALLOWED, torture_maximum_allowed); torture_suite_add_simple_test(suite, BENCH-HOLDCON, torture_holdcon); + torture_suite_add_1smb_test(suite, BENCH-HOLDOPEN, torture_holdopen); torture_suite_add_simple_test(suite, BENCH-READWRITE, run_benchrw); torture_suite_add_smb_multi_test(suite, BENCH-TORTURE, run_torture); torture_suite_add_1smb_test(suite, SCAN-PIPE_NUMBER, run_pipe_number); diff --git a/source4/torture/basic/misc.c b/source4/torture/basic/misc.c index a8ea88f..ab79d79 100644 --- a/source4/torture/basic/misc.c +++ b/source4/torture/basic/misc.c @@ -231,6 +231,69 @@ bool torture_holdcon(struct torture_context *tctx) } /* + open a file N times on the server and just hold them open + used for testing performance when there are N file handles + alopenn + */ +bool torture_holdopen(struct torture_context *tctx, + struct smbcli_state *cli) +{ + int i, fnum; + const char *fname = \\holdopen.dat; + NTSTATUS status; + + smbcli_unlink(cli-tree, fname); + + fnum = smbcli_open(cli-tree, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE); + if (fnum == -1) { + torture_comment(tctx, open of %s failed (%s)\n, fname, smbcli_errstr(cli-tree)); + return false; + } + + smbcli_close(cli-tree, fnum); + + for (i=0;itorture_numops;i++) { + union smb_open op; + + op.generic.level = RAW_OPEN_NTCREATEX; + op.ntcreatex.in.root_fid.fnum = 0; + op.ntcreatex.in.flags = 0; + op.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA; + op.ntcreatex.in.create_options = 0; + op.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL; + op.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_MASK; + op.ntcreatex.in.alloc_size = 0; + op.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN; + op.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS; + op.ntcreatex.in.security_flags = 0; + op.ntcreatex.in.fname = fname; + status = smb_raw_open(cli-tree, tctx, op); + if (!NT_STATUS_IS_OK(status)) { + torture_warning(tctx, open %d failed\n, i); + continue; + } + + if (torture_setting_bool(tctx, progress, true)) { + torture_comment(tctx, opened %d file\r, i); + fflush(stdout); + } + } + + torture_comment(tctx, \nStarting pings\n); + + while (1) { + struct smb_echo ec; + + status = smb_raw_echo(cli-transport, ec); + torture_comment(tctx, .); + fflush(stdout); + sleep(15); + } + + return true; +} + +/* test how many open files this server supports on the one socket */ bool run_maxfidtest(struct torture_context *tctx, struct smbcli_state *cli,
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 899bd00... Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to respond to a read or write. from 2dd301e... Add dependency of bin/smbfilter to libwbclient. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 899bd0005f56dcc1e95c3988d41ab3f628bb15db Author: Jeremy Allison j...@samba.org Date: Tue Jan 26 16:51:57 2010 -0800 Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to respond to a read or write. Only works on Linux kernels 2.6.26 and above. Grants CAP_KILL capability to allow Linux threads under different euids to send signals to each other. Jeremy. --- Summary of changes: source3/include/smb.h |3 +- source3/lib/system.c | 65 ++--- source3/smbd/server.c |8 ++ 3 files changed, 71 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/smb.h b/source3/include/smb.h index bc7a90d..041c96b 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -1723,7 +1723,8 @@ minimum length == 24. enum smbd_capability { KERNEL_OPLOCK_CAPABILITY, DMAPI_ACCESS_CAPABILITY, -LEASE_CAPABILITY +LEASE_CAPABILITY, +KILL_CAPABILITY }; /* diff --git a/source3/lib/system.c b/source3/lib/system.c index a58d903..9c1da3a 100644 --- a/source3/lib/system.c +++ b/source3/lib/system.c @@ -883,6 +883,11 @@ char *sys_getwd(char *s) #if defined(HAVE_POSIX_CAPABILITIES) +/* This define hasn't made it into the glibc capabilities header yet. */ +#ifndef SECURE_NO_SETUID_FIXUP +#define SECURE_NO_SETUID_FIXUP 2 +#endif + /** Try and abstract process capabilities (for systems that have them). / @@ -913,6 +918,32 @@ static bool set_process_capability(enum smbd_capability capability, } #endif +#if defined(HAVE_PRCTL) defined(PR_SET_SECUREBITS) defined(SECURE_NO_SETUID_FIXUP) +/* New way of setting capabilities as sticky. */ + + /* +* Use PR_SET_SECUREBITS to prevent setresuid() +* atomically dropping effective capabilities on +* uid change. Only available in Linux kernels +* 2.6.26 and above. +* +* See here: +* http://www.kernel.org/doc/man-pages/online/pages/man7/capabilities.7.html +* for details. +* +* Specifically the CAP_KILL capability we need +* to allow Linux threads under different euids +* to send signals to each other. +*/ + + if (prctl(PR_SET_SECUREBITS, 1 SECURE_NO_SETUID_FIXUP)) { + DEBUG(0,(set_process_capability: + prctl PR_SET_SECUREBITS failed with error %s\n, + strerror(errno) )); + return false; + } +#endif + cap = cap_get_proc(); if (cap == NULL) { DEBUG(0,(set_process_capability: cap_get_proc failed: %s\n, @@ -941,6 +972,11 @@ static bool set_process_capability(enum smbd_capability capability, cap_vals[num_cap_vals++] = CAP_LEASE; #endif break; + case KILL_CAPABILITY: +#ifdef CAP_KILL + cap_vals[num_cap_vals++] = CAP_KILL; +#endif + break; } SMB_ASSERT(num_cap_vals = ARRAY_SIZE(cap_vals)); @@ -950,16 +986,37 @@ static bool set_process_capability(enum smbd_capability capability, return True; } - cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals, - enable ? CAP_SET : CAP_CLEAR); + /* +* Ensure the capability is effective. We assume that as a root +* process it's always permitted. +*/ + + if (cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals, + enable ? CAP_SET : CAP_CLEAR) == -1) { + DEBUG(0, (set_process_capability: cap_set_flag effective + failed (%d): %s\n, + (int)capability, + strerror(errno))); + cap_free(cap); + return false; + } /* We never want to pass capabilities down to our children, so make * sure they are not inherited. */ - cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals, cap_vals, CAP_CLEAR); + if (cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals, + cap_vals, CAP_CLEAR) == -1) { + DEBUG(0, (set_process_capability: cap_set_flag inheritable + failed (%d): %s\n, + (int)capability, + strerror(errno))); +
Build status as of Wed Jan 27 07:00:05 2010
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2010-01-26 00:00:07.0 -0700 +++ /home/build/master/cache/broken_results.txt 2010-01-27 00:00:05.0 -0700 @@ -1,22 +1,22 @@ -Build status as of Tue Jan 26 07:00:07 2010 +Build status as of Wed Jan 27 07:00:05 2010 Build counts: Tree Total Broken Panic build_farm 0 0 0 -ccache 1 0 0 +ccache 19 13 0 distcc 0 0 0 -ldb 27 27 0 -libreplace 27 12 0 +ldb 28 28 0 +libreplace 29 12 0 lorikeet 0 0 0 pidl 0 0 0 -ppp 0 0 0 +ppp 1 0 0 rsync0 0 0 samba-docs 0 0 0 samba-web0 0 0 -samba_3_current 26 26 0 -samba_3_master 26 25 3 -samba_3_next 26 25 3 +samba_3_current 27 26 0 +samba_3_master 27 26 3 +samba_3_next 27 25 3 samba_4_0_test 28 27 0 -talloc 27 10 0 -tdb 25 17 0 +talloc 29 10 0 +tdb 26 17 0