[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6f846dd lib/util/charset Always set *converted_size even on failure via 79e6fea lib/util/charset create _handle functions for convert_string() et al via f28f5db libcli/auth Move PAC parsing and verification in common. via 0e5482c libcli/auth: Move more kerberos wrapping in common via 3a2afe4 s3-gse: Allow the GSSAPI wrapper to load a keytab using gss_krb5_import_cred() from 1804d9a tdb_backup: avoid transaction on backup file, use lockall http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6f846ddf3213c825b676f770b5c8c053066ec4c7 Author: Andrew Bartlett Date: Thu Apr 14 17:22:53 2011 +1000 lib/util/charset Always set *converted_size even on failure The caller may wish to inspect the partially converted string. Andrew Bartlett Autobuild-User: Andrew Bartlett Autobuild-Date: Wed Apr 20 05:17:48 CEST 2011 on sn-devel-104 commit 79e6fea77443099a6ebe4a2e3bbf606cd444341d Author: Andrew Bartlett Date: Tue Apr 12 14:36:17 2011 +1000 lib/util/charset create _handle functions for convert_string() et al This is now API compatible with the existing code in lib/util/charset lazy_initialize_conv() is no longer called as init_iconv() is called when the smb.conf is processed, and get_conv_handle() will auto-init with defaults if required. load_case_tables_library() is no longer requried as all binaries and libraries already load these in their entry points, as otherwise all the other string functions would fail. Andrew Bartlett commit f28f5db15a4bcf4c838ee6e4c6ef82c6b9dbd938 Author: Andrew Bartlett Date: Wed Apr 20 12:05:27 2011 +1000 libcli/auth Move PAC parsing and verification in common. This uses the source3 PAC code (originally from Samba4) with some small changes to restore functionality needed by the torture tests, and to have a common API. Andrew Bartlett commit 0e5482c791b9d99a44ca62323aa4dedbbf8d188e Author: Andrew Bartlett Date: Wed Apr 20 12:03:48 2011 +1000 libcli/auth: Move more kerberos wrapping in common These functions are required to get the krb5 PAC parsing and verfication in common. Andrew Bartlett commit 3a2afe4285fca8ab9e3e323ef7f5388f4090d669 Author: Andrew Bartlett Date: Sat Apr 16 08:50:53 2011 +1000 s3-gse: Allow the GSSAPI wrapper to load a keytab using gss_krb5_import_cred() This Heimdal function does not set the global state, and allows the GSSAPI server to progress further when compiled against Heimdal (such as in the top level build). The ability to specify a keytab has been removed from the API as it is unused, and and the Heimdal function (avoiding setting global variables) works with an open keytab. Andrew Bartlett --- Summary of changes: lib/util/charset/convert_string.c | 121 ++-- .../authdata.c => libcli/auth/kerberos_pac.c | 195 ++-- libcli/auth/krb5_wrap.c| 207 +- libcli/auth/krb5_wrap.h| 39 +++ libcli/auth/wscript_build |4 +- source3/Makefile.in|2 +- source3/configure.in |1 + source3/include/krb5_protos.h | 15 - source3/include/proto.h|1 - source3/lib/charcnv.c | 12 - source3/libads/authdata.c | 317 --- source3/libads/kerberos_verify.c |6 +- source3/librpc/crypto/gse.c| 50 ++-- source3/librpc/crypto/gse.h|1 - source3/libsmb/clikrb5.c | 228 -- source3/rpc_server/dcesrv_gssapi.c |2 +- source3/wscript|2 +- source3/wscript_build |2 +- source4/auth/gensec/gensec_krb5.c |4 +- source4/auth/kerberos/kerberos.h | 27 +-- source4/auth/kerberos/kerberos_pac.c | 324 +--- source4/torture/auth/pac.c | 23 +- 22 files changed, 430 insertions(+), 1153 deletions(-) copy source3/libads/authdata.c => libcli/auth/kerberos_pac.c (68%) Changeset truncated at 500 lines: diff --git a/lib/util/charset/convert_string.c b/lib/util/charset/convert_string.c index 86bb625..e51add2 100644 --- a/lib/util/charset/convert_string.c +++ b/lib/util/charset/convert_string.c @@ -54,19 +54,17 @@ * **/ -static bool convert_string_internal(charset_t from, charset_t to, - void const *src,
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 9953e69 tdb_backup: avoid transaction on backup file, use lockall
from 77b0bcc Fix Bug #8099 setpwent() actually does endpwent() and vice
versa on FreeBSD
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 9953e698611defdd6919883a965bdfc12ce51bd5
Author: Simo Sorce
Date: Sat Apr 9 22:21:35 2011 -0400
tdb_backup: avoid transaction on backup file, use lockall
Transactions have the side effect of generating bigger files.
By removing the transaction files get as much as 30% smaller.
Autobuild-User: Simo Sorce
Autobuild-Date: Tue Apr 19 23:34:37 CEST 2011 on sn-devel-104
(cherry picked from commit 1804d9a64662d37f6c7c50bdd7b8edd80f42192b)
---
Summary of changes:
lib/tdb/tools/tdbbackup.c | 21 +
1 files changed, 13 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/tdb/tools/tdbbackup.c b/lib/tdb/tools/tdbbackup.c
index 6aca8dd..11ecaa0 100644
--- a/lib/tdb/tools/tdbbackup.c
+++ b/lib/tdb/tools/tdbbackup.c
@@ -152,8 +152,9 @@ static int backup_tdb(const char *old_name, const char
*new_name, int hash_size)
return 1;
}
- if (tdb_transaction_start(tdb_new) != 0) {
- printf("Failed to start transaction on new tdb\n");
+ /* lock the backup tdb so that nobody else can change it */
+ if (tdb_lockall(tdb_new) != 0) {
+ printf("Failed to lock backup tdb\n");
tdb_close(tdb);
tdb_close(tdb_new);
unlink(tmp_name);
@@ -177,12 +178,16 @@ static int backup_tdb(const char *old_name, const char
*new_name, int hash_size)
/* close the old tdb */
tdb_close(tdb);
- if (tdb_transaction_commit(tdb_new) != 0) {
- fprintf(stderr, "Failed to commit new tdb\n");
- tdb_close(tdb_new);
- unlink(tmp_name);
- free(tmp_name);
- return 1;
+ /* copy done, unlock the backup tdb */
+ tdb_unlockall(tdb_new);
+
+#ifdef HAVE_FDATASYNC
+ if (fdatasync(tdb_fd(tdb_new)) != 0) {
+#else
+ if (fsync(tdb_fd(tdb_new)) != 0) {
+#endif
+ /* not fatal */
+ fprintf(stderr, "failed to fsync backup file\n");
}
/* close the new tdb and re-open read-only */
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 1804d9a tdb_backup: avoid transaction on backup file, use lockall
from 9bf3dc3 Fix Bug #8099 setpwent() actually does endpwent() and vice
versa on FreeBSD
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 1804d9a64662d37f6c7c50bdd7b8edd80f42192b
Author: Simo Sorce
Date: Sat Apr 9 22:21:35 2011 -0400
tdb_backup: avoid transaction on backup file, use lockall
Transactions have the side effect of generating bigger files.
By removing the transaction files get as much as 30% smaller.
Autobuild-User: Simo Sorce
Autobuild-Date: Tue Apr 19 23:34:37 CEST 2011 on sn-devel-104
---
Summary of changes:
lib/tdb/tools/tdbbackup.c | 21 +
1 files changed, 13 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/tdb/tools/tdbbackup.c b/lib/tdb/tools/tdbbackup.c
index 6aca8dd..11ecaa0 100644
--- a/lib/tdb/tools/tdbbackup.c
+++ b/lib/tdb/tools/tdbbackup.c
@@ -152,8 +152,9 @@ static int backup_tdb(const char *old_name, const char
*new_name, int hash_size)
return 1;
}
- if (tdb_transaction_start(tdb_new) != 0) {
- printf("Failed to start transaction on new tdb\n");
+ /* lock the backup tdb so that nobody else can change it */
+ if (tdb_lockall(tdb_new) != 0) {
+ printf("Failed to lock backup tdb\n");
tdb_close(tdb);
tdb_close(tdb_new);
unlink(tmp_name);
@@ -177,12 +178,16 @@ static int backup_tdb(const char *old_name, const char
*new_name, int hash_size)
/* close the old tdb */
tdb_close(tdb);
- if (tdb_transaction_commit(tdb_new) != 0) {
- fprintf(stderr, "Failed to commit new tdb\n");
- tdb_close(tdb_new);
- unlink(tmp_name);
- free(tmp_name);
- return 1;
+ /* copy done, unlock the backup tdb */
+ tdb_unlockall(tdb_new);
+
+#ifdef HAVE_FDATASYNC
+ if (fdatasync(tdb_fd(tdb_new)) != 0) {
+#else
+ if (fsync(tdb_fd(tdb_new)) != 0) {
+#endif
+ /* not fatal */
+ fprintf(stderr, "failed to fsync backup file\n");
}
/* close the new tdb and re-open read-only */
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated
via 23e6f41 Fix bug 8072 - PANIC: create_file_acl_common frees handle
two times.
from fae43d2 Fix bug 8088 - rpccli_samr_chng_pswd_auth_crap segfaults if
any input blobs are null.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -
commit 23e6f41ec923e2d3b4684ee646c8cd29506d787a
Author: Jeremy Allison
Date: Fri Apr 8 15:25:18 2011 -0700
Fix bug 8072 - PANIC: create_file_acl_common frees handle two times.
Caused by premature optimisation storing the parent ACL on the
module handle instead of (correctly) on the file fsp. Previous
code wasn't reentrant safe. This is less optimal but doesn't
crash in the specific case :-).
Jeremy.
---
Summary of changes:
source3/modules/vfs_acl_common.c | 111 ++---
1 files changed, 54 insertions(+), 57 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index 3f02e7f..2203749 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -479,14 +479,11 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
psd);
}
-static NTSTATUS check_parent_acl_common(vfs_handle_struct *handle,
+static NTSTATUS get_parent_acl_common(vfs_handle_struct *handle,
const char *path,
- uint32_t access_mask,
struct security_descriptor **pp_parent_desc)
{
char *parent_name = NULL;
- struct security_descriptor *parent_desc = NULL;
- uint32_t access_granted = 0;
NTSTATUS status;
if (!parent_dirname(talloc_tos(), path, &parent_name, NULL)) {
@@ -496,20 +493,39 @@ static NTSTATUS check_parent_acl_common(vfs_handle_struct
*handle,
status = get_nt_acl_internal(handle,
NULL,
parent_name,
- (OWNER_SECURITY_INFORMATION |
-GROUP_SECURITY_INFORMATION |
-DACL_SECURITY_INFORMATION),
- &parent_desc);
+ (SECINFO_OWNER |
+SECINFO_GROUP |
+SECINFO_DACL),
+ pp_parent_desc);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10,("check_parent_acl_common: get_nt_acl_internal "
+ DEBUG(10,("get_parent_acl_common: get_nt_acl_internal "
"on directory %s for "
"path %s returned %s\n",
parent_name,
path,
nt_errstr(status) ));
+ }
+ return status;
+}
+
+static NTSTATUS check_parent_acl_common(vfs_handle_struct *handle,
+ const char *path,
+ uint32_t access_mask,
+ struct security_descriptor **pp_parent_desc)
+{
+ char *parent_name = NULL;
+ struct security_descriptor *parent_desc = NULL;
+ uint32_t access_granted = 0;
+ NTSTATUS status;
+
+ status = get_parent_acl_common(handle, path, &parent_desc);
+ if (!NT_STATUS_IS_OK(status)) {
return status;
}
+ if (pp_parent_desc) {
+ *pp_parent_desc = parent_desc;
+ }
status = smb1_file_se_access_check(handle->conn,
parent_desc,
handle->conn->server_info->ptok,
@@ -525,17 +541,9 @@ static NTSTATUS check_parent_acl_common(vfs_handle_struct
*handle,
nt_errstr(status) ));
return status;
}
- if (pp_parent_desc) {
- *pp_parent_desc = parent_desc;
- }
return NT_STATUS_OK;
}
-static void free_sd_common(void **ptr)
-{
- TALLOC_FREE(*ptr);
-}
-
/*
Check ACL on open. For new files inherit from parent directory.
*/
@@ -548,7 +556,6 @@ static int open_acl_common(vfs_handle_struct *handle,
{
uint32_t access_granted = 0;
struct security_descriptor *pdesc = NULL;
- struct security_descriptor *parent_desc = NULL;
bool file_existed = true;
char *fname = NULL;
NTSTATUS status;
@@ -594,29 +601,28 @@ static int open_acl_common(vfs_handle_struct *handle,
* Check the parent directory ACL will allow this.
*/
if (flags & O_CR
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated
via fae43d2 Fix bug 8088 - rpccli_samr_chng_pswd_auth_crap segfaults if
any input blobs are null.
from 66de22f Fix bug 6966 - "allow trusted domains = no" not respected
in winbind.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -
commit fae43d2640459fe8cb3d485eacd1624de59b9622
Author: Jeremy Allison
Date: Mon Apr 18 14:26:09 2011 -0700
Fix bug 8088 - rpccli_samr_chng_pswd_auth_crap segfaults if any input blobs
are null.
---
Summary of changes:
source3/rpc_client/cli_samr.c | 21 +
1 files changed, 17 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
index ca7a6b4..936f3bb 100644
--- a/source3/rpc_client/cli_samr.c
+++ b/source3/rpc_client/cli_samr.c
@@ -158,15 +158,28 @@ NTSTATUS rpccli_samr_chng_pswd_auth_crap(struct
rpc_pipe_client *cli,
struct samr_Password old_lm_hash_enc;
struct lsa_String server, account;
+ ZERO_STRUCT(new_nt_password);
+ ZERO_STRUCT(new_lm_password);
+ ZERO_STRUCT(old_nt_hash_enc);
+ ZERO_STRUCT(old_lm_hash_enc);
+
DEBUG(10,("rpccli_samr_chng_pswd_auth_crap\n"));
init_lsa_String(&server, cli->srv_name_slash);
init_lsa_String(&account, username);
- memcpy(&new_nt_password.data, new_nt_password_blob.data, 516);
- memcpy(&new_lm_password.data, new_lm_password_blob.data, 516);
- memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16);
- memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16);
+ if (new_nt_password_blob.data && new_nt_password_blob.length >= 516) {
+ memcpy(&new_nt_password.data, new_nt_password_blob.data, 516);
+ }
+ if (new_lm_password_blob.data && new_lm_password_blob.length >= 516) {
+ memcpy(&new_lm_password.data, new_lm_password_blob.data, 516);
+ }
+ if (old_nt_hash_enc_blob.data && old_nt_hash_enc_blob.length >= 16) {
+ memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16);
+ }
+ if (old_lm_hash_enc_blob.data && old_lm_hash_enc_blob.length >= 16) {
+ memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16);
+ }
result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx,
&server,
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated
via 66de22f Fix bug 6966 - "allow trusted domains = no" not respected
in winbind.
from 4a46715 s3: Fix bug 8066, wrong output in smbget
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -
commit 66de22f7b242ae9e3358d33e580547c2618bd918
Author: Dmitry Butskoy
Date: Mon Apr 18 14:14:09 2011 -0700
Fix bug 6966 - "allow trusted domains = no" not respected in winbind.
---
Summary of changes:
source3/winbindd/winbindd.c | 12 ++--
1 files changed, 6 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index 9c676f0..70749c5 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -1013,7 +1013,6 @@ int main(int argc, char **argv, char **envp)
poptContext pc;
int opt;
TALLOC_CTX *frame = talloc_stackframe();
- struct tevent_timer *te;
/* glibc (?) likes to print "User defined signal 1" and exit if a
SIGUSR[12] is received before a handler is installed */
@@ -1260,11 +1259,12 @@ int main(int argc, char **argv, char **envp)
exit(1);
}
- te = tevent_add_timer(winbind_event_context(), NULL, timeval_zero(),
- rescan_trusted_domains, NULL);
- if (te == NULL) {
- DEBUG(0, ("Could not trigger rescan_trusted_domains()\n"));
- exit(1);
+ if (lp_allow_trusted_domains()) {
+ if (tevent_add_timer(winbind_event_context(), NULL,
timeval_zero(),
+ rescan_trusted_domains, NULL) == NULL) {
+ DEBUG(0, ("Could not trigger
rescan_trusted_domains()\n"));
+ exit(1);
+ }
}
TALLOC_FREE(frame);
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 77b0bcc Fix Bug #8099 setpwent() actually does endpwent() and vice
versa on FreeBSD
via 2612643 tdb: make sure we skip over recovery area correctly.
via 84a264a tdb_expand: limit the expansion with huge records
via 51761db tdb: tdb_repack() only when it's worthwhile.
via 59cccbf tdb: fix transaction recovery area for converted tdbs.
from 19af621 Fix bug 8088 - rpccli_samr_chng_pswd_auth_crap segfaults if
any input blobs are null.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 77b0bcca87114a51c273e98a1e5776da69024aa6
Author: Sergey Korsak
Date: Mon Apr 18 14:48:47 2011 +0200
Fix Bug #8099 setpwent() actually does endpwent() and vice versa on FreeBSD
Signed-off-by: Günther Deschner
Autobuild-User: Günther Deschner
Autobuild-Date: Tue Apr 19 19:15:14 CEST 2011 on sn-devel-104
(cherry picked from commit 9bf3dc3ca796f2b90acf7e21b0eefdce444147e1)
commit 261264325e5e1e71e114a26d4e1daa33e5c2e80d
Author: Rusty Russell
Date: Tue Apr 19 21:00:59 2011 +0930
tdb: make sure we skip over recovery area correctly.
If it's really the recovery area, we can trust the rec_len field, and
don't have to go groping for bitpatterns.
Signed-off-by: Rusty Russell
Autobuild-User: Rusty Russell
Autobuild-Date: Tue Apr 19 14:15:22 CEST 2011 on sn-devel-104
(cherry picked from commit 36cfa7b79e36d880cdbf24d0769558be44d0edda)
commit 84a264a6f05675302b79eaf3da1edb45697836a6
Author: Simo Sorce
Date: Mon Apr 18 22:15:11 2011 +0930
tdb_expand: limit the expansion with huge records
ldb can create huge records when saving indexes.
Limit the tdb expansion to avoid consuming a lot of memory for
no good reason if the record being saved is huge.
(cherry picked from commit cb884186a55c9ef8aca6ee48b16423b3c881e689)
commit 51761dbcb07f98168ede2fc54be633d4ecee69a2
Author: Rusty Russell
Date: Mon Apr 18 22:15:11 2011 +0930
tdb: tdb_repack() only when it's worthwhile.
tdb_repack() is expensive and consumes memory, so we can spend some
effort to see if it's worthwhile. In particular, tdbbackup doesn't
need to repack: it started with an empty database!
Signed-off-by: Rusty Russell
(cherry picked from commit 094ab60053bcc0bc3542af8144e394d83270053e)
commit 59cccbf09e53b457bc400edd371e092ed8259acb
Author: Rusty Russell
Date: Mon Apr 18 22:15:11 2011 +0930
tdb: fix transaction recovery area for converted tdbs.
This is why macros are dangerous; these were converting the pointers, not
the
things pointed to!
Signed-off-by: Rusty Russell
(cherry picked from commit 6aa72dae8fc341de5b497f831ded1f8f519fa8fb)
---
Summary of changes:
lib/tdb/common/io.c| 25 +--
lib/tdb/common/summary.c | 13 +-
lib/tdb/common/tdb_private.h |4 ++
lib/tdb/common/transaction.c | 87 +--
nsswitch/winbind_nss_freebsd.c |8 ++--
5 files changed, 103 insertions(+), 34 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/tdb/common/io.c b/lib/tdb/common/io.c
index 058ca6c..78bbf2e 100644
--- a/lib/tdb/common/io.c
+++ b/lib/tdb/common/io.c
@@ -299,7 +299,7 @@ static int tdb_expand_file(struct tdb_context *tdb,
tdb_off_t size, tdb_off_t ad
int tdb_expand(struct tdb_context *tdb, tdb_off_t size)
{
struct tdb_record rec;
- tdb_off_t offset, new_size;
+ tdb_off_t offset, new_size, top_size, map_size;
if (tdb_lock(tdb, -1, F_WRLCK) == -1) {
TDB_LOG((tdb, TDB_DEBUG_ERROR, "lock failed in tdb_expand\n"));
@@ -309,10 +309,25 @@ int tdb_expand(struct tdb_context *tdb, tdb_off_t size)
/* must know about any previous expansions by another process */
tdb->methods->tdb_oob(tdb, tdb->map_size + 1, 1);
- /* always make room for at least 100 more records, and at
- least 25% more space. Round the database up to a multiple
- of the page size */
- new_size = MAX(tdb->map_size + size*100, tdb->map_size * 1.25);
+ /* limit size in order to avoid using up huge amounts of memory for
+* in memory tdbs if an oddball huge record creeps in */
+ if (size > 100 * 1024) {
+ top_size = tdb->map_size + size * 2;
+ } else {
+ top_size = tdb->map_size + size * 100;
+ }
+
+ /* always make room for at least top_size more records, and at
+ least 25% more space. if the DB is smaller than 100MiB,
+ otherwise grow it by 10% only. */
+ if (tdb->map_size > 100 * 1024 * 1024) {
+ map_size = tdb->map_size * 1.10;
+ } else {
+ map_size = tdb->map_size * 1.25
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 19af621 Fix bug 8088 - rpccli_samr_chng_pswd_auth_crap segfaults if
any input blobs are null.
from 7299c19 s3-build: fix the --with-profiling-data build on mac os x.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 19af6216877577b11f97e132faebcfe1c15a3f7d
Author: Jeremy Allison
Date: Mon Apr 18 14:32:11 2011 -0700
Fix bug 8088 - rpccli_samr_chng_pswd_auth_crap segfaults if any input blobs
are null.
Correct fix - ensure we have enough length, and correctly null out
passed in structs if not.
Jeremy.
Autobuild-User: Jeremy Allison
Autobuild-Date: Tue Apr 19 00:17:08 CEST 2011 on sn-devel-104
(cherry picked from commit bde2bcc8efd735d08b55ac3083d7b0f6490100d0)
---
Summary of changes:
source3/rpc_client/cli_samr.c | 21 +
1 files changed, 9 insertions(+), 12 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
index 5baf3e6..e2bf08d 100644
--- a/source3/rpc_client/cli_samr.c
+++ b/source3/rpc_client/cli_samr.c
@@ -217,31 +217,28 @@ NTSTATUS dcerpc_samr_chng_pswd_auth_crap(struct
dcerpc_binding_handle *h,
DEBUG(10,("rpccli_samr_chng_pswd_auth_crap\n"));
+ ZERO_STRUCT(new_nt_password);
+ ZERO_STRUCT(new_lm_password);
+ ZERO_STRUCT(old_nt_hash_enc);
+ ZERO_STRUCT(old_lm_hash_enc);
+
init_lsa_String(&server, srv_name_slash);
init_lsa_String(&account, username);
- if (new_nt_password_blob.length > 0) {
+ if (new_nt_password_blob.data && new_nt_password_blob.length >= 516) {
memcpy(&new_nt_password.data, new_nt_password_blob.data, 516);
- } else {
- ZERO_STRUCT(new_nt_password_blob);
}
- if (new_lm_password_blob.length > 0) {
+ if (new_lm_password_blob.data && new_lm_password_blob.length >= 516) {
memcpy(&new_lm_password.data, new_lm_password_blob.data, 516);
- } else {
- ZERO_STRUCT(new_lm_password);
}
- if (old_nt_hash_enc_blob.length > 0) {
+ if (old_nt_hash_enc_blob.data && old_nt_hash_enc_blob.length >= 16) {
memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16);
- } else {
- ZERO_STRUCT(old_nt_hash_enc);
}
- if (old_lm_hash_enc_blob.length > 0) {
+ if (old_lm_hash_enc_blob.data && old_lm_hash_enc_blob.length >= 16) {
memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16);
- } else {
- ZERO_STRUCT(old_lm_hash_enc);
}
status = dcerpc_samr_ChangePasswordUser2(h,
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 9bf3dc3 Fix Bug #8099 setpwent() actually does endpwent() and vice
versa on FreeBSD
from 36cfa7b tdb: make sure we skip over recovery area correctly.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 9bf3dc3ca796f2b90acf7e21b0eefdce444147e1
Author: Sergey Korsak
Date: Mon Apr 18 14:48:47 2011 +0200
Fix Bug #8099 setpwent() actually does endpwent() and vice versa on FreeBSD
Signed-off-by: Günther Deschner
Autobuild-User: Günther Deschner
Autobuild-Date: Tue Apr 19 19:15:14 CEST 2011 on sn-devel-104
---
Summary of changes:
nsswitch/winbind_nss_freebsd.c |8
1 files changed, 4 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/nsswitch/winbind_nss_freebsd.c b/nsswitch/winbind_nss_freebsd.c
index ac230c8..5fcd557 100644
--- a/nsswitch/winbind_nss_freebsd.c
+++ b/nsswitch/winbind_nss_freebsd.c
@@ -58,14 +58,14 @@ static ns_mtab methods[] = {
{ NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_winbind_getgrnam_r },
{ NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_winbind_getgrgid_r },
{ NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_winbind_getgrent_r },
-{ NSDB_GROUP, "endgrent", __nss_compat_setgrent, _nss_winbind_setgrent },
-{ NSDB_GROUP, "setgrent", __nss_compat_endgrent, _nss_winbind_endgrent },
+{ NSDB_GROUP, "setgrent", __nss_compat_setgrent, _nss_winbind_setgrent },
+{ NSDB_GROUP, "endgrent", __nss_compat_endgrent, _nss_winbind_endgrent },
{ NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_winbind_getpwnam_r
},
{ NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_winbind_getpwuid_r
},
{ NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, _nss_winbind_getpwent_r
},
-{ NSDB_PASSWD, "endpwent", __nss_compat_setpwent, _nss_winbind_setpwent },
-{ NSDB_PASSWD, "setpwent", __nss_compat_endpwent, _nss_winbind_endpwent },
+{ NSDB_PASSWD, "setpwent", __nss_compat_setpwent, _nss_winbind_setpwent },
+{ NSDB_PASSWD, "endpwent", __nss_compat_endpwent, _nss_winbind_endpwent },
};
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 7299c19 s3-build: fix the --with-profiling-data build on mac os x. from 2789b8b s3 waf: Mimic the autoconf check for netgrent http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 7299c198268530d40c282c20b230be629e961fdd Author: Günther Deschner Date: Fri Apr 15 12:39:15 2011 +0200 s3-build: fix the --with-profiling-data build on mac os x. Guenther Autobuild-User: Günther Deschner Autobuild-Date: Fri Apr 15 13:33:43 CEST 2011 on sn-devel-104 (cherry picked from commit 0e18a59ed0aa48a8a9dee856faf05c1ad624e264) --- Summary of changes: source3/profile/profile.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/profile/profile.c b/source3/profile/profile.c index 6c47c98..0287860 100644 --- a/source3/profile/profile.c +++ b/source3/profile/profile.c @@ -21,6 +21,7 @@ #include "includes.h" #include "system/shmem.h" +#include "system/filesys.h" #include "messages.h" #include "smbprofile.h" -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 2789b8b s3 waf: Mimic the autoconf check for netgrent
via e9b9e6b s3 autobuild: Fix CFLAG check for netgrent tests
from 7abd8b7 s3: Fix a typo
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 2789b8bf8027d2a3ce6a588b8f005e8e9536ba30
Author: Kai Blin
Date: Mon Apr 18 14:55:51 2011 +0200
s3 waf: Mimic the autoconf check for netgrent
The autoconf check for netgrent headers makes sure that the compiler flag
used
(-Werror-implicit-function-declaration) is recognized by the compiler before
using it for the test. Mimic this behaviour in the waf checks.
Thanks to gd for noticing this.
Signed-off-by: Günther Deschner
Autobuild-User: Günther Deschner
Autobuild-Date: Mon Apr 18 16:24:15 CEST 2011 on sn-devel-104
(cherry picked from commit c2a62e854632dcae69a5ae911b6ab11e272d0a81)
commit e9b9e6bdd9d5663f04f31edf465d67aec0d0c500
Author: Kai Blin
Date: Mon Apr 18 14:48:47 2011 +0200
s3 autobuild: Fix CFLAG check for netgrent tests
In 45ac8ffd I accidently added the wrong flag check. Fix this.
Thanks to gd for noticing.
Signed-off-by: Günther Deschner
(cherry picked from commit d09f02909f6adae1d68264bd3790c77fcee5e80d)
---
Summary of changes:
source3/configure.in |2 +-
source3/wscript | 10 +++---
2 files changed, 8 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/configure.in b/source3/configure.in
index 086e044..c951828 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -6687,7 +6687,7 @@ AC_SUBST(FLAGS1)
###
# Check for different/missing (set|get|end)netgrent prototypes
CFLAGS_SAVE=$CFLAGS
-if test x"$samba_cv_HAVE_Wdeclaration_after_statement" = x"yes"; then
+if test x"$samba_cv_HAVE_Werror_implicit_function_declaration" = x"yes"; then
CFLAGS="$CFLAGS -Werror-implicit-function-declaration"
fi
AC_CACHE_CHECK([for setnetgrent prototype],samba_cv_setnetgrent_prototype, [
diff --git a/source3/wscript b/source3/wscript
index cf96b39..da4bb73 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -522,18 +522,22 @@ msg.msg_acctrightslen = sizeof(fd);
define='HAVE_DIRENT_D_OFF')
conf.CHECK_FUNCS('setnetgrent getnetgrent endnetgrent')
+if conf.CHECK_CFLAGS('-Werror-implicit-function-declaration'):
+netgrent_cflags = '-Werror-implicit-function-declaration'
+else:
+netgrent_cflags = ''
conf.CHECK_CODE('setnetgrent("foo")', 'HAVE_SETNETGRENT_PROTOTYPE',
msg="Checking for setnetgrent prototype",
headers='netdb.h netgroup.h',
-cflags="-Werror-implicit-function-declaration")
+cflags=netgrent_cflags)
conf.CHECK_CODE('getnetgrent', 'HAVE_GETNETGRENT_PROTOTYPE',
msg="Checking for getnetgrent prototype",
headers='netdb.h netgroup.h',
-cflags="-Werror-implicit-function-declaration")
+cflags=netgrent_cflags)
conf.CHECK_CODE('endnetgrent', 'HAVE_ENDNETGRENT_PROTOTYPE',
msg="Checking for endnetgrent prototype",
headers='netdb.h netgroup.h',
-cflags="-Werror-implicit-function-declaration")
+cflags=netgrent_cflags)
# Look for CUPS
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 36cfa7b tdb: make sure we skip over recovery area correctly.
via cb88418 tdb_expand: limit the expansion with huge records
via 094ab60 tdb: tdb_repack() only when it's worthwhile.
via 6aa72da tdb: fix transaction recovery area for converted tdbs.
from dfb490d selftest Consolidate server wall clock time limits
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 36cfa7b79e36d880cdbf24d0769558be44d0edda
Author: Rusty Russell
Date: Tue Apr 19 21:00:59 2011 +0930
tdb: make sure we skip over recovery area correctly.
If it's really the recovery area, we can trust the rec_len field, and
don't have to go groping for bitpatterns.
Signed-off-by: Rusty Russell
Autobuild-User: Rusty Russell
Autobuild-Date: Tue Apr 19 14:15:22 CEST 2011 on sn-devel-104
commit cb884186a55c9ef8aca6ee48b16423b3c881e689
Author: Simo Sorce
Date: Mon Apr 18 22:15:11 2011 +0930
tdb_expand: limit the expansion with huge records
ldb can create huge records when saving indexes.
Limit the tdb expansion to avoid consuming a lot of memory for
no good reason if the record being saved is huge.
commit 094ab60053bcc0bc3542af8144e394d83270053e
Author: Rusty Russell
Date: Mon Apr 18 22:15:11 2011 +0930
tdb: tdb_repack() only when it's worthwhile.
tdb_repack() is expensive and consumes memory, so we can spend some
effort to see if it's worthwhile. In particular, tdbbackup doesn't
need to repack: it started with an empty database!
Signed-off-by: Rusty Russell
commit 6aa72dae8fc341de5b497f831ded1f8f519fa8fb
Author: Rusty Russell
Date: Mon Apr 18 22:15:11 2011 +0930
tdb: fix transaction recovery area for converted tdbs.
This is why macros are dangerous; these were converting the pointers, not
the
things pointed to!
Signed-off-by: Rusty Russell
---
Summary of changes:
lib/tdb/common/io.c | 25 ++--
lib/tdb/common/summary.c | 13 +-
lib/tdb/common/tdb_private.h |4 ++
lib/tdb/common/transaction.c | 87 +++---
4 files changed, 99 insertions(+), 30 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/tdb/common/io.c b/lib/tdb/common/io.c
index 058ca6c..78bbf2e 100644
--- a/lib/tdb/common/io.c
+++ b/lib/tdb/common/io.c
@@ -299,7 +299,7 @@ static int tdb_expand_file(struct tdb_context *tdb,
tdb_off_t size, tdb_off_t ad
int tdb_expand(struct tdb_context *tdb, tdb_off_t size)
{
struct tdb_record rec;
- tdb_off_t offset, new_size;
+ tdb_off_t offset, new_size, top_size, map_size;
if (tdb_lock(tdb, -1, F_WRLCK) == -1) {
TDB_LOG((tdb, TDB_DEBUG_ERROR, "lock failed in tdb_expand\n"));
@@ -309,10 +309,25 @@ int tdb_expand(struct tdb_context *tdb, tdb_off_t size)
/* must know about any previous expansions by another process */
tdb->methods->tdb_oob(tdb, tdb->map_size + 1, 1);
- /* always make room for at least 100 more records, and at
- least 25% more space. Round the database up to a multiple
- of the page size */
- new_size = MAX(tdb->map_size + size*100, tdb->map_size * 1.25);
+ /* limit size in order to avoid using up huge amounts of memory for
+* in memory tdbs if an oddball huge record creeps in */
+ if (size > 100 * 1024) {
+ top_size = tdb->map_size + size * 2;
+ } else {
+ top_size = tdb->map_size + size * 100;
+ }
+
+ /* always make room for at least top_size more records, and at
+ least 25% more space. if the DB is smaller than 100MiB,
+ otherwise grow it by 10% only. */
+ if (tdb->map_size > 100 * 1024 * 1024) {
+ map_size = tdb->map_size * 1.10;
+ } else {
+ map_size = tdb->map_size * 1.25;
+ }
+
+ /* Round the database up to a multiple of the page size */
+ new_size = MAX(top_size, map_size);
size = TDB_ALIGN(new_size, tdb->page_size) - tdb->map_size;
if (!(tdb->flags & TDB_INTERNAL))
diff --git a/lib/tdb/common/summary.c b/lib/tdb/common/summary.c
index b222a59..171a1a2 100644
--- a/lib/tdb/common/summary.c
+++ b/lib/tdb/common/summary.c
@@ -86,12 +86,13 @@ static size_t get_hash_length(struct tdb_context *tdb,
unsigned int i)
_PUBLIC_ char *tdb_summary(struct tdb_context *tdb)
{
- tdb_off_t off;
+ tdb_off_t off, rec_off;
struct tally freet, keys, data, dead, extra, hash, uncoal;
struct tdb_record rec;
char *ret = NULL;
bool locked;
size_t len, unc = 0;
+ struct tdb_record recovery;
/* Read-only databases use no locking at all: it's best-effort.
* We may have a wri
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via dfb490d selftest Consolidate server wall clock time limits via 5189cfc selftest: move warning about invalid environments up to selftest.pl via 5439553 selftest: Don't specify SELFTEST_TARGET as an env variable via cfb4eb9 selftest Test for socket_wrapper support in combined samba target as well via 1ac4651 selftest: Add hooks to enable a combined selftest run. via 790ceec s4-selftest Rename Samba4 'member' test environment to s4member via 55cb125 s4-selftest: Move Samba4 test interfaces out of the way of the Samba3 tests. via 148efda s3-selftest Fix interface localktest6 listens on. via 9000188 selftest Add combined 'Samba' target module via aed450d s4-selftest: Avoid duplicating the servers IP in the provision() sub arguments. via 36d4bbf s3-selftest Rename s3 DC environment to s3dc via 8f58b13 s4-selftest: Stop creating netbios aliases everywhere via d041ed2 selftest: put the target on the environment via 29d8c59 lib/socket_wrapper: allow up to 32 interfaces for a bigger 'make test' from bde2bcc Fix bug 8088 - rpccli_samr_chng_pswd_auth_crap segfaults if any input blobs are null. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit dfb490d551e9213e957ea547cb399c3ed408bdc9 Author: Andrew Bartlett Date: Tue Apr 19 13:50:40 2011 +1000 selftest Consolidate server wall clock time limits This helps ensure that we don't have the Samba3 servers stop before the full make test is finished. Andrew Bartlett Autobuild-User: Andrew Bartlett Autobuild-Date: Tue Apr 19 09:03:07 CEST 2011 on sn-devel-104 commit 5189cfca4ea230125c7995d30caf2b48a332deb0 Author: Andrew Bartlett Date: Tue Apr 19 12:43:54 2011 +1000 selftest: move warning about invalid environments up to selftest.pl commit 5439553c96bd906e19be7060552cb59bdaec3eb1 Author: Andrew Bartlett Date: Tue Apr 19 11:59:28 2011 +1000 selftest: Don't specify SELFTEST_TARGET as an env variable It is much more reliable to specify it as a direct parameter, and this is needed for the combined 'make test'. Andrew Bartlett commit cfb4eb9d8050a52a22679c3261bd3ff8cc7ab1fc Author: Andrew Bartlett Date: Tue Apr 19 11:58:50 2011 +1000 selftest Test for socket_wrapper support in combined samba target as well commit 1ac46518a7b2009bb6ee21a84d20ee991e7a35ee Author: Andrew Bartlett Date: Mon Apr 18 18:59:00 2011 +1000 selftest: Add hooks to enable a combined selftest run. Andrew Bartlett commit 790ceec78bc4f1b5234d8f90eb4bfaa11c2f7d4b Author: Andrew Bartlett Date: Mon Apr 18 18:57:22 2011 +1000 s4-selftest Rename Samba4 'member' test environment to s4member This will avoid a conflict with the s3 'member' environment. Andrew Bartlett commit 55cb12531201f0c999172ef1b17e05051062 Author: Andrew Bartlett Date: Mon Apr 18 18:56:41 2011 +1000 s4-selftest: Move Samba4 test interfaces out of the way of the Samba3 tests. This avoids a conflict when we merge the test suites. commit 148efda795e65eb9f5c969dce7f98da0e28d6e97 Author: Andrew Bartlett Date: Mon Apr 18 18:55:35 2011 +1000 s3-selftest Fix interface localktest6 listens on. Andrew Bartlett commit 9000188fb4226b4c70ae6b50292a0fe2a55e653c Author: Andrew Bartlett Date: Mon Apr 18 17:38:35 2011 +1000 selftest Add combined 'Samba' target module To work around environment variable handling, the initialisation of NSS_WRAPPER_WINBIND_SO_PATH is pushed in to Samba3.pm (the s3 autoconf build still overrides this) Andrew Bartlett commit aed450df0b38d6648cbfd3229722db82a85ad746 Author: Andrew Bartlett Date: Mon Apr 18 16:09:30 2011 +1000 s4-selftest: Avoid duplicating the servers IP in the provision() sub arguments. This should make it easier to change the IP address. Andrew Bartlett commit 36d4bbfeefc8e3818b8cfc2c64941715bded1267 Author: Andrew Bartlett Date: Mon Apr 18 15:28:40 2011 +1000 s3-selftest Rename s3 DC environment to s3dc This should avoid a clash with the s4 DC environment in a future combined 'make test'. Andrew Bartlett commit 8f58b13579e305b7ce57c220d34934120bca198b Author: Andrew Bartlett Date: Mon Apr 18 14:34:40 2011 +1000 s4-selftest: Stop creating netbios aliases everywhere This reduces some of the clutter when we have quite so many server configurations starting. The one case that actually needs an alias (dc environment for the test_nmblookup.sh test) will still keep it. Andrew Bartlett commit d041ed233d1b10604ef1b9f7f1e68f6f5cd96132 Author: Andrew Bartlett Date: Mon Apr 18 13:44:36 2011 +1000 selftest: put the target on the environment This will allow u
