autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2011-05-24-1907/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2011-05-24-1907/samba3.stderr http://git.samba.org/autobuild.flakey/2011-05-24-1907/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2011-05-24-1907/samba4.stderr http://git.samba.org/autobuild.flakey/2011-05-24-1907/samba4.stdout The top commit at the time of the failure was: commit 9c3e5380ecabe44796f5d53f8aa9f81642434dd8 Author: Jeremy Allison j...@samba.org Date: Mon May 23 10:57:56 2011 -0700 Fix bug #8150 - Ban 'dos charset = utf8' Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Tue May 24 03:52:50 CEST 2011 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 53829fd s3:modules properly terminate enums in nfs4 acl code via 425ac2c s3:vfs properly terminate enums in audit modules from 9c3e538 Fix bug #8150 - Ban 'dos charset = utf8' http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 53829fd4951fc1189d64ecef1c1f58d21f0fb38b Author: Christian Ambach a...@samba.org Date: Tue May 24 19:01:22 2011 +0200 s3:modules properly terminate enums in nfs4 acl code same issue as with the audit modules: using a wrong parameter leads to smbd crash as lp_enum() will not terminate on last entry of the array Autobuild-User: Christian Ambach a...@samba.org Autobuild-Date: Tue May 24 20:13:39 CEST 2011 on sn-devel-104 commit 425ac2c361fc1712c09b52f2cab0988597bf9b7e Author: Christian Ambach a...@samba.org Date: Tue May 24 17:19:52 2011 +0200 s3:vfs properly terminate enums in audit modules without the proper terminations of the enums, invalid arguments for the audit modules will lead to a smbd crash as the loop in lp_enum() will attempt to access memory behind the array --- Summary of changes: source3/modules/nfs4_acls.c |4 +++- source3/modules/vfs_audit.c |6 -- source3/modules/vfs_extd_audit.c |6 -- source3/modules/vfs_full_audit.c |6 -- 4 files changed, 15 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index 91e98f6..c841d83 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -398,13 +398,15 @@ static int smbacl4_get_vfs_params( { static const struct enum_list enum_smbacl4_modes[] = { { e_simple, simple }, - { e_special, special } + { e_special, special }, + { -1 , NULL } }; static const struct enum_list enum_smbacl4_acedups[] = { { e_dontcare, dontcare }, { e_reject, reject }, { e_ignore, ignore }, { e_merge, merge }, + { -1 , NULL } }; memset(params, 0, sizeof(smbacl4_vfs_params)); diff --git a/source3/modules/vfs_audit.c b/source3/modules/vfs_audit.c index 349600f..8213baf 100644 --- a/source3/modules/vfs_audit.c +++ b/source3/modules/vfs_audit.c @@ -40,7 +40,8 @@ static int audit_syslog_facility(vfs_handle_struct *handle) { LOG_LOCAL4, LOCAL4 }, { LOG_LOCAL5, LOCAL5 }, { LOG_LOCAL6, LOCAL6 }, - { LOG_LOCAL7, LOCAL7 } + { LOG_LOCAL7, LOCAL7 }, + { -1, NULL} }; int facility; @@ -61,7 +62,8 @@ static int audit_syslog_priority(vfs_handle_struct *handle) { LOG_WARNING, WARNING }, { LOG_NOTICE, NOTICE }, { LOG_INFO, INFO }, - { LOG_DEBUG, DEBUG } + { LOG_DEBUG, DEBUG }, + { -1, NULL} }; int priority; diff --git a/source3/modules/vfs_extd_audit.c b/source3/modules/vfs_extd_audit.c index 34a43c7..192b075 100644 --- a/source3/modules/vfs_extd_audit.c +++ b/source3/modules/vfs_extd_audit.c @@ -43,7 +43,8 @@ static int audit_syslog_facility(vfs_handle_struct *handle) { LOG_LOCAL4, LOCAL4 }, { LOG_LOCAL5, LOCAL5 }, { LOG_LOCAL6, LOCAL6 }, - { LOG_LOCAL7, LOCAL7 } + { LOG_LOCAL7, LOCAL7 }, + { -1, NULL} }; int facility; @@ -64,7 +65,8 @@ static int audit_syslog_priority(vfs_handle_struct *handle) { LOG_WARNING, WARNING }, { LOG_NOTICE, NOTICE }, { LOG_INFO, INFO }, - { LOG_DEBUG, DEBUG } + { LOG_DEBUG, DEBUG }, + { -1, NULL} }; int priority; diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c index a723a0c..e4d9599 100644 --- a/source3/modules/vfs_full_audit.c +++ b/source3/modules/vfs_full_audit.c @@ -355,7 +355,8 @@ static int audit_syslog_facility(vfs_handle_struct *handle) { LOG_LOCAL4, LOCAL4 }, { LOG_LOCAL5, LOCAL5 }, { LOG_LOCAL6, LOCAL6 }, - { LOG_LOCAL7, LOCAL7 } + { LOG_LOCAL7, LOCAL7 }, + { -1, NULL} }; int facility; @@ -375,7 +376,8 @@ static int audit_syslog_priority(vfs_handle_struct *handle) { LOG_WARNING, WARNING }, { LOG_NOTICE, NOTICE }, { LOG_INFO, INFO }, - { LOG_DEBUG, DEBUG } + { LOG_DEBUG, DEBUG }, + { -1, NULL} }; int priority; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 13d20fa Actually make use of the SMBTA_SUBRELEASE define in smb_traffic_analyzer.h. This will allow to introduce new features or fixes into the protocol after the 3.6.0 release. The client software is designed to take care for the subrelease number. via 309a8fd Fix bug #7054 - X account flag does not work when pwdlastset is 0. from 53829fd s3:modules properly terminate enums in nfs4 acl code http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 13d20faa1d294f99414e64343a3c36472506bf96 Author: Holger Hetterich hhet...@novell.com Date: Sun Feb 20 11:32:39 2011 +0100 Actually make use of the SMBTA_SUBRELEASE define in smb_traffic_analyzer.h. This will allow to introduce new features or fixes into the protocol after the 3.6.0 release. The client software is designed to take care for the subrelease number. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Tue May 24 21:23:22 CEST 2011 on sn-devel-104 commit 309a8fd7c62e7008b1a4c4c77c3a9ea35ed4bb07 Author: Jeremy Allison j...@samba.org Date: Mon May 23 17:14:47 2011 -0700 Fix bug #7054 - X account flag does not work when pwdlastset is 0. Don't allow pass_last_set_time to be set to zero (which means user must change password on next logon) if user object doesn't allow password change. Don't automatically allow user object password change if user must change password on next logon is set. Jim please check. Jeremy. --- Summary of changes: source3/modules/vfs_smb_traffic_analyzer.c | 11 +++ source3/modules/vfs_smb_traffic_analyzer.h |2 +- source3/passdb/pdb_get_set.c |3 +-- source3/rpc_server/samr/srv_samr_util.c| 11 ++- 4 files changed, 23 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c index 4146d78..462932d 100644 --- a/source3/modules/vfs_smb_traffic_analyzer.c +++ b/source3/modules/vfs_smb_traffic_analyzer.c @@ -417,6 +417,17 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, */ char state_flags[9] = 00\0; + /** +* The first byte of the state flag string represents +* the modules protocol subversion number, defined +* in smb_traffic_analyzer.h. smbtatools/smbtad are designed +* to handle not yet implemented protocol enhancements +* by ignoring them. By recognizing the SMBTA_SUBRELEASE +* smbtatools can tell the user to update the client +* software. +*/ + state_flags[0] = SMBTA_SUBRELEASE; + SMB_VFS_HANDLE_GET_DATA(handle, rf_sock, struct refcounted_sock, return); if (rf_sock == NULL || rf_sock-sock == -1) { diff --git a/source3/modules/vfs_smb_traffic_analyzer.h b/source3/modules/vfs_smb_traffic_analyzer.h index bfc0614..817ffd8 100644 --- a/source3/modules/vfs_smb_traffic_analyzer.h +++ b/source3/modules/vfs_smb_traffic_analyzer.h @@ -77,7 +77,7 @@ */ /* Protocol subrelease number */ -#define SMBTA_SUBRELEASE 0 +#define SMBTA_SUBRELEASE '0' /* * Every data block sends a number of blocks sending common data diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index 6c1a2ab..782c08f 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -123,8 +123,7 @@ time_t pdb_get_pass_must_change_time(const struct samu *sampass) bool pdb_get_pass_can_change(const struct samu *sampass) { - if (sampass-pass_can_change_time == get_time_t_max() - sampass-pass_last_set_time != 0) + if (sampass-pass_can_change_time == get_time_t_max()) return False; return True; } diff --git a/source3/rpc_server/samr/srv_samr_util.c b/source3/rpc_server/samr/srv_samr_util.c index 2912332..d052846 100644 --- a/source3/rpc_server/samr/srv_samr_util.c +++ b/source3/rpc_server/samr/srv_samr_util.c @@ -612,7 +612,16 @@ void copy_id21_to_sam_passwd(const char *log_prefix, DEBUG(10,(%s SAMR_FIELD_EXPIRED_FLAG: %02X\n, l, from-password_expired)); if (from-password_expired != 0) { - pdb_set_pass_last_set_time(to, 0, PDB_CHANGED); + /* Only allow the set_time to zero (which means + User Must Change Password on Next Login + if the user object allows password change. */ + if (pdb_get_pass_can_change(to)) { + pdb_set_pass_last_set_time(to, 0, PDB_CHANGED); + } else { + DEBUG(10,(%s Disallowing set of 'User Must +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e719dfd Fix our asn.1 parser to handle negative numbers. via ede98c0 lib/util Add Volker's asn1_Integer test into code that runs in 'make test' from 13d20fa Actually make use of the SMBTA_SUBRELEASE define in smb_traffic_analyzer.h. This will allow to introduce new features or fixes into the protocol after the 3.6.0 release. The client software is designed to take care for the subrelease number. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e719dfd4dc178f001a5f804fb1ac4e587574415f Author: Jeremy Allison j...@samba.org Date: Tue May 24 12:47:31 2011 -0700 Fix our asn.1 parser to handle negative numbers. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Tue May 24 22:57:16 CEST 2011 on sn-devel-104 commit ede98c0e5190bf59461703629d5a4742ad8e044f Author: Andrew Bartlett abart...@samba.org Date: Sat May 14 19:49:36 2011 +0200 lib/util Add Volker's asn1_Integer test into code that runs in 'make test' The comfychair test harness isn't hooked up, and with the current infrustructure C code is better tested directly here. Andrew Bartlett --- Summary of changes: lib/util/asn1.c |9 lib/util/tests/asn1_tests.c | 94 +++ 2 files changed, 103 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/asn1.c b/lib/util/asn1.c index b716da6..c23bf65 100644 --- a/lib/util/asn1.c +++ b/lib/util/asn1.c @@ -885,10 +885,19 @@ bool asn1_read_ContextSimple(struct asn1_data *data, uint8_t num, DATA_BLOB *blo bool asn1_read_implicit_Integer(struct asn1_data *data, int *i) { uint8_t b; + bool first_byte = true; *i = 0; while (!data-has_error asn1_tag_remaining(data)0) { if (!asn1_read_uint8(data, b)) return false; + if (first_byte) { + if (b 0x80) { + /* Number is negative. + Set i to -1 for sign extend. */ + *i = -1; + } + first_byte = false; + } *i = (*i 8) + b; } return !data-has_error; diff --git a/lib/util/tests/asn1_tests.c b/lib/util/tests/asn1_tests.c index ac8ca53..3ee64c3 100644 --- a/lib/util/tests/asn1_tests.c +++ b/lib/util/tests/asn1_tests.c @@ -4,6 +4,8 @@ util_asn1 testing Copyright (C) Kamen Mazdrashki kamen.mazdras...@postpath.com 2009 + Copyright (C) Volker Lendecke 2004 + Copyright (C) Andrew Bartlett 2011 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -103,6 +105,55 @@ static const struct oid_data partial_oid_data_ok[] = { }, }; +static const struct { + DATA_BLOB blob; + int value; +} integer_tests[] = { +{ + .blob = {\x02\x01\x00, 3}, + .value = 0 + }, + { + .blob = {\x02\x01\x7f, 3}, + .value = 127 + }, + { + .blob = {\x02\x02\x00\x80, 4}, + .value = 128 + }, + { + .blob = {\x02\x02\x01\x00, 4}, + .value = 256 + }, + { + .blob = {\x02\x01\x80, 3}, + .value = -128 + }, + { + .blob = {\x02\x02\xff\x7f, 4}, + .value = -129 + }, + { + .blob = {\x02\x01\xff, 3}, + .value = -1 + }, + { + .blob = {\x02\x02\xff\x01, 4}, + .value = -255 + }, + { + .blob = {\x02\x02\x00\xff, 4}, + .value = 255 + }, + { + .blob = {\x02\x04\x80\x00\x00\x00, 6}, + .value = 0x8000 + }, + { + .blob = {\x02\x04\x7f\xff\xff\xff, 6}, + .value = 0x7fff + } +}; /* Testing ber_write_OID_String() function */ static bool test_ber_write_OID_String(struct torture_context *tctx) @@ -260,6 +311,46 @@ static bool test_ber_read_partial_OID_String(struct torture_context *tctx) return true; } +/* + * Testing asn1_read_Integer and asn1_write_Integer functions, + * inspired by Love Hornquist Astrand + */ + +static bool test_asn1_Integer(struct torture_context *tctx) +{ + int i; + TALLOC_CTX *mem_ctx; + + mem_ctx = talloc_new(tctx); + + for (i = 0; i ARRAY_SIZE(integer_tests); i++) { + ASN1_DATA *data; + DATA_BLOB blob; + int val; + + data = asn1_init(mem_ctx); + if (!data) { + return -1; +
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via a3e4abb Added Univention entry to verdors list. from 8997f02 Added Paulo Dias company to Portugal index. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit a3e4abb490012d2e6e511a5b924722e2c7a564ef Author: John H Terpstra j...@samba.org Date: Tue May 24 19:36:52 2011 -0500 Added Univention entry to verdors list. --- Summary of changes: vendors/UCS-logo.png | Bin 0 - 4348 bytes vendors/UCS.html | 22 ++ 2 files changed, 22 insertions(+), 0 deletions(-) create mode 100644 vendors/UCS-logo.png create mode 100755 vendors/UCS.html Changeset truncated at 500 lines: diff --git a/vendors/UCS-logo.png b/vendors/UCS-logo.png new file mode 100644 index 000..45a2994 Binary files /dev/null and b/vendors/UCS-logo.png differ diff --git a/vendors/UCS.html b/vendors/UCS.html new file mode 100755 index 000..f32ee4c --- /dev/null +++ b/vendors/UCS.html @@ -0,0 +1,22 @@ +table border=0 +tr +td +img src=UCS-logo.png width=184 height=50 +/td +td + +UCS is a standardized and easy to operate Open Source Linux-Solution that +includes an extensive management system besides the actual operating system. +With this identity- and infrastructure-management-system UCS provides, +besides its standard services, every important function to manage smaller and +larger IT-environments. It fits perfectly into existing systems and is +extendable with a great number of certified applications (groupware, backup, +fax, network-monitoring, virtualization etc.) by different producers. + +To get further information please visit: +a href=http://www.univention.de/en/products/ucs/;http://www.univention.de/en/products/ucs//a +Information about UCS and Samba: +a href=http://www.univention.de/en/products/ucs/components/services-for-windows/;http://www.univention.de/en/products/ucs/components/services-for-windows//a +/td +/tr +/table -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ee0ee5e s3-testparm Warn about incorrect use of 'password server' via 3ba3243 s3-param Depricate 'password server = foo:12389' syntax via ddbc5fa docs: Rewrite 'password server' documentation via 53b0c44 s4-provision Use correct tkey-gssapi-credential via 387cbb1 docs: Clarify the 'security=server' fails for NTLMv2 via e7cf95c selftest: Make knowfail/skip files consistent, always use ^prefix from e719dfd Fix our asn.1 parser to handle negative numbers. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ee0ee5e925dd19d0c185804f41c40564f441cb39 Author: Andrew Bartlett abart...@samba.org Date: Wed May 25 09:19:50 2011 +1000 s3-testparm Warn about incorrect use of 'password server' This merges master with v3-6-test Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Wed May 25 05:20:57 CEST 2011 on sn-devel-104 commit 3ba32439c1b3c84f25677f7b1b1eaf092723d24b Author: Andrew Bartlett abart...@samba.org Date: Mon May 23 10:42:57 2011 +1000 s3-param Depricate 'password server = foo:12389' syntax This was originally intended to allow the LDAP port on a DC to be varied, but makes little sense to change one port when in an environment where krb5, ldap, smb and potentially DCE/RPC over TCP are involved. Andrew Bartlett commit ddbc5fa236a91d4b9ecd7641ab1d3c69d9569410 Author: Andrew Bartlett abart...@samba.org Date: Mon May 23 10:20:47 2011 +1000 docs: Rewrite 'password server' documentation I think this new version is more clear. Andrew Bartlett commit 53b0c44d8c0f21682220a212baa4b8a2e0f3ceae Author: Andrew Bartlett abart...@samba.org Date: Mon May 23 15:27:50 2011 +1000 s4-provision Use correct tkey-gssapi-credential We changed to ${DNSNAME} (the fully qualified domain name) a while back, and while it's usually functionally idential to the previous setting, this breaks down if there is more than one DNS server. Andrew Bartlett commit 387cbb1c37fba6a0a18b87ced31c91d0948a0699 Author: Andrew Bartlett abart...@samba.org Date: Mon May 23 10:42:40 2011 +1000 docs: Clarify the 'security=server' fails for NTLMv2 commit e7cf95c5417e07fb3544b8731cb6a33fbcf40eff Author: Andrew Bartlett abart...@samba.org Date: Mon May 23 09:22:07 2011 +1000 selftest: Make knowfail/skip files consistent, always use ^prefix Except in one case (where we mark printing tests as knownfail), this has all our regular expressions start with ^, which ensures we don't accidentially mix up the samba3/samba4 prefix here. Because of the particular values in these files at the moment, this should not change the set of tests, but it will help to ensure that future edits follow the correct pattern. Andrew Bartlett --- Summary of changes: docs-xml/smbdotconf/security/passwordserver.xml| 106 +++--- docs-xml/smbdotconf/security/security.xml |3 + source3/param/loadparm.c |5 + source3/selftest/knownfail | 22 ++-- source3/selftest/skip | 46 +++--- source3/utils/testparm.c |8 +- .../scripting/python/samba/provision/__init__.py |4 +- source4/selftest/knownfail | 160 ++-- source4/setup/named.txt|2 +- 9 files changed, 184 insertions(+), 172 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/security/passwordserver.xml b/docs-xml/smbdotconf/security/passwordserver.xml index 0e92af9..0ac39f1 100644 --- a/docs-xml/smbdotconf/security/passwordserver.xml +++ b/docs-xml/smbdotconf/security/passwordserver.xml @@ -10,54 +10,24 @@ it is possible to get Samba to do all its username/password validation using a specific remote server./para -paraThis option sets the name or IP address of the password server to use. -New syntax has been added to support defining the port to use when connecting -to the server the case of an ADS realm. To define a port other than the -default LDAP port of 389, add the port number using a colon after the -name or IP address (e.g. 192.168.1.100:389). If you do not specify a port, -Samba will use the standard LDAP port of tcp/389. Note that port numbers -have no effect on password servers for Windows NT 4.0 domains or netbios -connections./para - -paraIf parameter is a name, it is looked up using the -parameter smbconfoption name=name resolve order/ and so may resolved -by any method and order described in that parameter./para - -paraThe password server must be a machine capable