[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d2bc45e build: only use the git version on install, not in the build tree via 0b3b7e3 samba-tool: exit with non-zero status on dbcheck failure via b07e493 talloc: added talloc_stackframe_exists() via e080ae0 s4-auth: quiet down the krb5 warnings when kerberos is not set to 'MUST' via 705ed1c samba-tool: show success message on group operations from 0c3075c s4-pysamdb: fixed the normalisation of grouptype in group add http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d2bc45e7ffb4e8d47878a6fc53c5f5c90dfd2114 Author: Andrew Tridgell tri...@samba.org Date: Fri Jun 17 15:21:39 2011 +1000 build: only use the git version on install, not in the build tree having the git version in our version.h in the build tree is annoying for developers, as every time you commit or rebase you need to spend several minutes re-linking. This changes it to use the git version only on install, which is much more useful as when you actually install the binaries you may be using them in a way that reporting the version is useful Pair-Programmed-With: Andrew Bartlett abart...@samba.org Autobuild-User: Andrew Tridgell tri...@samba.org Autobuild-Date: Fri Jun 17 08:37:06 CEST 2011 on sn-devel-104 commit 0b3b7e3797a9aa0dc8f0922c8cd873b0f0b3231e Author: Andrew Tridgell tri...@samba.org Date: Fri Jun 17 14:40:48 2011 +1000 samba-tool: exit with non-zero status on dbcheck failure Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit b07e4933b7ed4b2452cfdd9d223eecb8c0b74fec Author: Andrew Tridgell tri...@samba.org Date: Fri Jun 17 14:22:28 2011 +1000 talloc: added talloc_stackframe_exists() This can be used to tell if a talloc stackframe is currently available. Callers can use this to decide if they will use talloc_tos() or instead use an alternative strategy. This gives us a way to safely have calls to talloc_tos() in common code that may end up in external libraries, as long as all talloc_tos() calls in these pieces of common code check first that a stackframe is available. commit e080ae0faa2556825189f82fa61a7ff5f249dbc5 Author: Andrew Tridgell tri...@samba.org Date: Fri Jun 17 13:47:14 2011 +1000 s4-auth: quiet down the krb5 warnings when kerberos is not set to 'MUST' this prevents spurious error messages on client commands when when we will fallback to NTLM authentication Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit 705ed1c4921a1456ebcf80ac352567679ab7dfa9 Author: Andrew Tridgell tri...@samba.org Date: Fri Jun 17 13:35:52 2011 +1000 samba-tool: show success message on group operations --- Summary of changes: buildtools/wafsamba/samba_patterns.py|3 ++- buildtools/wafsamba/samba_version.py | 15 +-- lib/util/talloc_stack.c | 17 + lib/util/talloc_stack.h |8 source4/auth/credentials/credentials_krb5.c |6 +- source4/auth/gensec/gensec.c |2 +- source4/scripting/python/samba/netcmd/dbcheck.py |4 +++- source4/scripting/python/samba/netcmd/group.py |4 wscript |2 +- wscript_build|2 +- 10 files changed, 51 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/samba_patterns.py b/buildtools/wafsamba/samba_patterns.py index 37ef419..f064608 100644 --- a/buildtools/wafsamba/samba_patterns.py +++ b/buildtools/wafsamba/samba_patterns.py @@ -10,7 +10,7 @@ def write_version_header(task): src = task.inputs[0].srcpath(task.env) tgt = task.outputs[0].bldpath(task.env) -version = samba_version_file(src, task.env.srcdir, env=task.env) +version = samba_version_file(src, task.env.srcdir, env=task.env, is_install=task.env.is_install) string = str(version) f = open(tgt, 'w') @@ -26,4 +26,5 @@ def SAMBA_MKVERSION(bld, target): source= 'VERSION', target=target, always=True) +t.env.is_install = bld.is_install Build.BuildContext.SAMBA_MKVERSION = SAMBA_MKVERSION diff --git a/buildtools/wafsamba/samba_version.py b/buildtools/wafsamba/samba_version.py index 0b0c159..0c39ed4 100644 --- a/buildtools/wafsamba/samba_version.py +++ b/buildtools/wafsamba/samba_version.py @@ -90,7 +90,7 @@ def git_version_summary(path, env=None): class SambaVersion(object): -def __init__(self, version_dict, path, env=None): +def __init__(self, version_dict, path, env=None, is_install=True): '''Determine the version
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via acc9535 s4-errors: Import error maps from the source3/ unix - ntstatus mapping via 4162c7b errors: reorder error codes for easier s3/s4 comparison via e645675 s4-util: removed the s4 nterr.c via 2644097 s3-util: remove the s3 nterr.c via b341979 util: moved nt_errstr() into common code via 1233ba7 libclu/util: Move get_friendly_nt_error_msg() in common. from d2bc45e build: only use the git version on install, not in the build tree http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit acc95354008ff11be5e59f74481228f04869095c Author: Andrew Bartlett abart...@samba.org Date: Fri Jun 17 17:07:26 2011 +1000 s4-errors: Import error maps from the source3/ unix - ntstatus mapping We need to syncronise these mappings, as the duplication of this symobol in the build means that either may be called based only on library link orders. Andrew Bartlett Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Fri Jun 17 10:22:07 CEST 2011 on sn-devel-104 commit 4162c7b74aa94ee77ef47f0abae058b80eca6e38 Author: Andrew Bartlett abart...@samba.org Date: Fri Jun 17 16:06:34 2011 +1000 errors: reorder error codes for easier s3/s4 comparison commit e645675aa46e945da5293b54a1bd368599b7b5a7 Author: Andrew Tridgell tri...@samba.org Date: Fri Jun 17 14:40:26 2011 +1000 s4-util: removed the s4 nterr.c this is now in common code Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit 264409750a569b632576e8cd6fddd72fc29e9660 Author: Andrew Tridgell tri...@samba.org Date: Fri Jun 17 14:40:07 2011 +1000 s3-util: remove the s3 nterr.c this is now in common code Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit b341979adb950ae6abd518df3a170db9e9708797 Author: Andrew Tridgell tri...@samba.org Date: Fri Jun 17 14:39:37 2011 +1000 util: moved nt_errstr() into common code this brings nt_errstr() into common code, using the new talloc_stackframe_exists() to ensure that we only allocate an error string using talloc_tos() if a talloc stackframe does currently exists. This makes it safe to use in external libraries Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit 1233ba7bf3d2dfd9a84eb52d601e589411c55185 Author: Andrew Bartlett abart...@samba.org Date: Thu Jun 16 13:00:09 2011 +1000 libclu/util: Move get_friendly_nt_error_msg() in common. Andrew Bartlett Signed-off-by: Andrew Tridgell tri...@samba.org --- Summary of changes: libcli/util/nterr.c| 58 ++ libcli/util/ntstatus.h |9 + libcli/util/wscript_build |2 +- source3/Makefile.in|2 +- source3/include/proto.h|7 source3/lib/errmap_unix.c | 22 ++-- source3/libsmb/nterr.c | 77 source3/wscript_build |2 +- source4/libcli/util/errormap.c | 17 +++-- source4/libcli/util/nterr.c| 74 -- source4/libcli/wscript_build |2 +- 11 files changed, 96 insertions(+), 176 deletions(-) delete mode 100644 source3/libsmb/nterr.c delete mode 100644 source4/libcli/util/nterr.c Changeset truncated at 500 lines: diff --git a/libcli/util/nterr.c b/libcli/util/nterr.c index 5f31c3c..1158fdd 100644 --- a/libcli/util/nterr.c +++ b/libcli/util/nterr.c @@ -1,7 +1,10 @@ /* * Unix SMB/CIFS implementation. * RPC Pipe client / server routines + * * Copyright (C) Luke Kenneth Casson Leighton 1997-2001. + * Copyright (C) Andrew Bartlett + * Copyright (C) Andrew Tridgell * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -906,3 +909,58 @@ NTSTATUS nt_status_squash(NTSTATUS nt_status) return nt_status; } } + +/* + Returns an NT error message. not amazingly helpful, but better than a number. + */ + +const char *nt_errstr(NTSTATUS nt_code) +{ + int idx = 0; + char *result; + + while (nt_errs[idx].nt_errstr != NULL) { + if (NT_STATUS_V(nt_errs[idx].nt_errcode) == + NT_STATUS_V(nt_code)) { + return nt_errs[idx].nt_errstr; + } + idx++; + } + + if (!talloc_stackframe_exists()) { + /* prevent memory leaks from talloc_tos() by using a +* static area. This means the caller will overwrite +* the string
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 4a9a11c s3:libsmb/clireadwrite: calculate cli_write_max_bufsize() correct based on max_xmit via 0144836 s3:libsmb/clireadwrite: calculate cli_read_max_bufsize() correct based on max_xmit via ed31c08 s3:libsmb/clitrans: correctly transfer the seqnum between secondary and primary requests via fa1ff15 s3:libsmb/clitrans: fix handling of multi pdu [nt]trans[s][2] calls via 09da3b1 s3:libsmb/clitrans: use subreq2 as variable for the secondary requests via 036c8b7 s3:libsmb/clitrans: move MID handling to the end of cli_trans_send() and add a comment via da5870b s3:libsmb/clitrans: correctly marshall [nt]trans[s][2] requests via 6e3eefa s3:libsmb/clitrans: marshall SMBnttrans[2] as the others via 0440d3c s3:libsmb/clitrans: use uint32_t for param and data variables via c5434b5 s3:libsmb/clitrans: remove unused secondary_request_ctx via bad85df s3:libsmb/async_smb: add helpers to get and set the seqnum for signing via 60932bc s3:libsmb/async_smb: don't remove pending requests if the mid is set via 43f383b s3:libsmb/async_smb: call cli_smb_req_unset_pending() instead of destructor directly via 956bbf7 s3:libsmb/async_smb: let cli_smb_recv() initialize output values for one way requests from 2dec07d s3:libsmb/cli_np_tstream: s/TSTREAM_CLI_NP_BUF_SIZE/TSTREAM_CLI_NP_MAX_BUF_SIZE http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 4a9a11c0398692fe103597c8694867d6b6184134 Author: Stefan Metzmacher me...@samba.org Date: Wed Jun 8 19:01:13 2011 +0200 s3:libsmb/clireadwrite: calculate cli_write_max_bufsize() correct based on max_xmit This is important in order to support DCERPC over ncacn_np against NT4 servers, where max_xmit is just 4356. metze (cherry picked from commit f0ba1afe5f7dbafaf22c3028864de0f3910f675f) The last 14 patches address the generic part of bug #8195 (rpc client code doesn't work against NT4, when we need to fragment requests). commit 01448363c55ea890c7c6733213681cb3c4165fc3 Author: Stefan Metzmacher me...@samba.org Date: Wed Jun 8 18:59:39 2011 +0200 s3:libsmb/clireadwrite: calculate cli_read_max_bufsize() correct based on max_xmit This is important in order to support DCERPC over ncacn_np against NT4 servers, where max_xmit is just 4356. metze (cherry picked from commit 73128b7cc7f536f80072a19cb69527c53d9a6c2f) commit ed31c08d2aa59ec81dbcc747cfe7f0d42f9d9e3b Author: Stefan Metzmacher me...@samba.org Date: Thu Jun 9 11:57:55 2011 +0200 s3:libsmb/clitrans: correctly transfer the seqnum between secondary and primary requests This is needed to implement SMB signing correct. metze (cherry picked from commit 5d06b2197b5fd95aaf0394d1bdba957bac6c3570) commit fa1ff15b19df1e0cf2a2616bdcb28554a8e2458b Author: Stefan Metzmacher me...@samba.org Date: Wed Jun 8 10:31:23 2011 +0200 s3:libsmb/clitrans: fix handling of multi pdu [nt]trans[s][2] calls We now keep the primary request open for the whole logical request. The primary request is the one that gets all incoming replies. While secondary requests are handled as separate one-way requests. metze (cherry picked from commit 1dd24ac06a7472f53b06bc0aaa54cb22c8da0f78) commit 09da3b1fa685973619c833cc14e375abf859b5c1 Author: Stefan Metzmacher me...@samba.org Date: Wed Jun 8 16:41:11 2011 +0200 s3:libsmb/clitrans: use subreq2 as variable for the secondary requests metze (cherry picked from commit 10bb088cf1e005fd047c09afcf6b5b8999d416fe) commit 036c8b736852d002e0806f5c36b698c19b42ec98 Author: Stefan Metzmacher me...@samba.org Date: Wed Jun 8 16:11:00 2011 +0200 s3:libsmb/clitrans: move MID handling to the end of cli_trans_send() and add a comment metze (cherry picked from commit 5146c9ba9df063d6611abe356f9262adb027b091) commit da5870b0073ad2a8b3f1bd3957551283a5f0da33 Author: Stefan Metzmacher me...@samba.org Date: Wed Jun 8 00:44:34 2011 +0200 s3:libsmb/clitrans: correctly marshall [nt]trans[s][2] requests We need to align params and data to 4 byte offsets. This also correctly recalculates the useable space after each step. metze (cherry picked from commit 0a8fd50bd806e925a915c74cb86733481b2144f6) commit 6e3eefad3a265e7417ab9393fe8fc276523efd8a Author: Stefan Metzmacher me...@samba.org Date: Thu Jun 9 12:22:59 2011 +0200 s3:libsmb/clitrans: marshall SMBnttrans[2] as the others This is just to make the code more readable and easier to notice how many words we're using in vwv. metze (cherry picked from commit 6f7af1b0388d30c8a06c495713066b90ded00780) commit 0440d3cb3585ceb636d7945c10d1a2b269401312 Author: Stefan Metzmacher me...@samba.org Date:
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via a33b603 libreplace: include sys/file.h only when available from 4829da5 s3-docs Add documentation for 'client use spnego principal' http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit a33b6032beb45f7ba07432899236fccb133a6dfc Author: Björn Jacke b...@sernet.de Date: Sun May 30 21:52:39 2010 +0200 libreplace: include sys/file.h only when available thanks to Joachim Schmitz schm...@hp.com. This fixes #7460. --- Summary of changes: lib/replace/system/config.m4 |2 +- lib/replace/system/filesys.h |2 ++ 2 files changed, 3 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/replace/system/config.m4 b/lib/replace/system/config.m4 index 39c2f58..b8568a5 100644 --- a/lib/replace/system/config.m4 +++ b/lib/replace/system/config.m4 @@ -1,7 +1,7 @@ # filesys AC_HEADER_DIRENT AC_CHECK_HEADERS(fcntl.h sys/fcntl.h sys/resource.h sys/ioctl.h sys/mode.h sys/filio.h sys/fs/s5param.h sys/filsys.h) -AC_CHECK_HEADERS(sys/acl.h acl/libacl.h) +AC_CHECK_HEADERS(sys/acl.h acl/libacl.h sys/file.h) # select AC_CHECK_HEADERS(sys/select.h) diff --git a/lib/replace/system/filesys.h b/lib/replace/system/filesys.h index 22e3d23..6cf2dd2 100644 --- a/lib/replace/system/filesys.h +++ b/lib/replace/system/filesys.h @@ -77,7 +77,9 @@ #include sys/filio.h #endif +#ifdef HAVE_SYS_FILE_H #include sys/file.h +#endif #ifdef HAVE_FCNTL_H #include fcntl.h -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via df22e63 s3:utils/net_*registry: use c99 initializers which are supported by old gcc 2.95 compilers (bug #8226) from 4a9a11c s3:libsmb/clireadwrite: calculate cli_write_max_bufsize() correct based on max_xmit http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit df22e635f51d3423e8e8a810de57270b3c13edd3 Author: Stefan Metzmacher me...@samba.org Date: Wed Jun 15 02:34:53 2011 +0200 s3:utils/net_*registry: use c99 initializers which are supported by old gcc 2.95 compilers (bug #8226) metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Wed Jun 15 03:48:41 CEST 2011 on sn-devel-104 (cherry picked from commit 5d736d87778754de7043d902c7d1d5db1c46cb02) --- Summary of changes: source3/utils/net_registry.c |8 +--- source3/utils/net_rpc_registry.c |4 +++- 2 files changed, 8 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/utils/net_registry.c b/source3/utils/net_registry.c index 19405e2..dcc88a9 100644 --- a/source3/utils/net_registry.c +++ b/source3/utils/net_registry.c @@ -958,9 +958,11 @@ static int net_registry_import(struct net_context *c, int argc, .createkey = (reg_import_callback_createkey_t)import_create_key, .deletekey = (reg_import_callback_deletekey_t)import_delete_key, .deleteval = (reg_import_callback_deleteval_t)import_delete_val, - .setval.registry_value = (reg_import_callback_setval_registry_value_t) - import_create_val, - .setval_type = REGISTRY_VALUE, + .setval = { + .registry_value = (reg_import_callback_setval_registry_value_t) + import_create_val, + }, + .setval_type = REGISTRY_VALUE, .data= import_ctx }; diff --git a/source3/utils/net_rpc_registry.c b/source3/utils/net_rpc_registry.c index 20a6bda..dde129f 100644 --- a/source3/utils/net_rpc_registry.c +++ b/source3/utils/net_rpc_registry.c @@ -1959,7 +1959,9 @@ static NTSTATUS rpc_registry_import_internal(struct net_context *c, .createkey = (reg_import_callback_createkey_t)import_create_key, .deletekey = (reg_import_callback_deletekey_t)import_delete_key, .deleteval = (reg_import_callback_deleteval_t)import_delete_val, - .setval.blob = (reg_import_callback_setval_blob_t)import_create_val, + .setval = { + .blob = (reg_import_callback_setval_blob_t)import_create_val, + }, .setval_type = BLOB, .data = import_ctx }; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via df0a827 s3:wb_lookupsids: add some paranoia checks to wb_lookupsids_recv() via e26fb59 s3:wb_lookupsids: don't ignore 'result' and check if we got useable values via 1269dec Revert s3-winbind: Fix paranoia checks in winbindd_samr.c. from df22e63 s3:utils/net_*registry: use c99 initializers which are supported by old gcc 2.95 compilers (bug #8226) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit df0a827e74096b295c7624278ca5f0b7b7e8d6e5 Author: Stefan Metzmacher me...@samba.org Date: Thu Jun 16 18:25:15 2011 +0200 s3:wb_lookupsids: add some paranoia checks to wb_lookupsids_recv() This hopefully catches future bugs. metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Thu Jun 16 19:50:16 CEST 2011 on sn-devel-104 (cherry picked from commit 5961852d9c0e5cf64cea988586d610af9d63d487) commit e26fb591060b10880b25f6b0a4437f9c9052dab4 Author: Stefan Metzmacher me...@samba.org Date: Thu Jun 16 18:16:15 2011 +0200 s3:wb_lookupsids: don't ignore 'result' and check if we got useable values The wrong fix for bug #8215 discovered this bug, as it caused sam_rids_to_names() to always return NT_STATUS_NONE_MAPPED. metze (cherry picked from commit 85809ccbe3a79f307af1fdd227f33b899d8db1b4) commit 1269dec1b0121fcbf6dda36a385a4a510232124e Author: Stefan Metzmacher me...@samba.org Date: Thu Jun 16 18:40:04 2011 +0200 Revert s3-winbind: Fix paranoia checks in winbindd_samr.c. This reverts commit 207a84d725b905c2b119d2ef0f4f4d4eb391140d. This is the wrong fix for the problem, see bug #8215. metze (cherry picked from commit 283f8a7fb5089a7126f07e26315fd06ab59997d8) --- Summary of changes: source3/winbindd/wb_lookupsids.c | 70 +++-- source3/winbindd/winbindd_samr.c |4 +- 2 files changed, 68 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/wb_lookupsids.c b/source3/winbindd/wb_lookupsids.c index 05601ad..bf2ddb3 100644 --- a/source3/winbindd/wb_lookupsids.c +++ b/source3/winbindd/wb_lookupsids.c @@ -428,6 +428,7 @@ static void wb_lookupsids_done(struct tevent_req *subreq) req, struct wb_lookupsids_state); struct wb_lookupsids_domain *d; uint32_t i; + bool fallback = false; NTSTATUS status, result; @@ -437,13 +438,31 @@ static void wb_lookupsids_done(struct tevent_req *subreq) return; } + d = state-domains[state-domains_done]; + + if (NT_STATUS_IS_ERR(result)) { + fallback = true; + } else if (state-tmp_names.count != d-sids.num_sids) { + fallback = true; + } + + if (fallback) { + for (i=0; i d-sids.num_sids; i++) { + uint32_t res_sid_index = d-sid_indexes[i]; + + state-single_sids[state-num_single_sids] = + res_sid_index; + state-num_single_sids += 1; + } + state-domains_done += 1; + wb_lookupsids_next(req, state); + return; + } + /* -* Ignore result here. We depend on the individual states in -* the translated names. +* Look at the individual states in the translated names. */ - d = state-domains[state-domains_done]; - for (i=0; istate-tmp_names.count; i++) { uint32_t res_sid_index = d-sid_indexes[i]; @@ -544,6 +563,7 @@ static void wb_lookupsids_lookuprids_done(struct tevent_req *subreq) NTSTATUS status, result; struct wb_lookupsids_domain *d; uint32_t i; + bool fallback = false; status = dcerpc_wbint_LookupRids_recv(subreq, state, result); TALLOC_FREE(subreq); @@ -552,6 +572,30 @@ static void wb_lookupsids_lookuprids_done(struct tevent_req *subreq) } d = state-domains[state-domains_done]; + + if (NT_STATUS_IS_ERR(result)) { + fallback = true; + } else if (state-rid_names.num_principals != d-sids.num_sids) { + fallback = true; + } + + if (fallback) { + for (i=0; i d-sids.num_sids; i++) { + uint32_t res_sid_index = d-sid_indexes[i]; + + state-single_sids[state-num_single_sids] = + res_sid_index; + state-num_single_sids += 1; + } + state-domains_done += 1; + wb_lookupsids_next(req, state); + return; + } + + /* +* Look at the individual states in the translated names. +*/ +
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via b08149c s3: improve WHATSNEW around kerberos changes from df0a827 s3:wb_lookupsids: add some paranoia checks to wb_lookupsids_recv() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit b08149c6b8ddcac1399808b1b96e1fc08d382318 Author: Andrew Bartlett abart...@samba.org Date: Tue Jun 14 21:51:36 2011 +1000 s3: improve WHATSNEW around kerberos changes --- Summary of changes: WHATSNEW.txt | 19 ++- 1 files changed, 10 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index c3c514c..813d5b3 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -30,15 +30,16 @@ released in-kernel CIFS client. To re-enable the poorer NTLM encryption set '--option=clientusentlmv2auth=no' on your smbclient command line, or set 'client ntlmv2 auth = no' in your smb.conf -The impact of 'client use spnego principal = no' is that we may be able -to use Kerberos to communicate with a server less often in smbclient, -winbind and other Samba client tools. We may fall back to NTLMSSP in -more situations where we would previously rely on the insecure -indication from the 'NegProt' CIFS packet. This mostly occursed when -connecting to a name alias not recorded as a servicePrincipalName for -the server. This indication is not available from Windows 2008 or later -in any case, and is not used by modern Windows clients, so this makes -Samba's behaviour consistent with other clients and against all servers. +The impact of 'client use spnego principal = no' is that Samba will +use CIFS/hostname to obtain a kerberos ticket, acting more like +Windows when using Kerberos against a CIFS server in smbclient, +winbind and other Samba client tools. This will change which servers +we will successfully negotiate kerberos connections to. This is due +to Samba no longer trusting a server-provided hint which is not +available from Windows 2008 or later. For correct operation with all +clients, all aliases for a server should be recorded as a as a +servicePrincipalName on the server's record in AD. (For this reason, +this behavior change and parameter was also made in Samba 3.5.9) The impact of 'send spnego principal = no' is to match Windows 2008 and not to send this principal, making existing clients give more consistent -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 8925b0c [PATCH] s3-WHATSNEW 3.5.9 Add information on kerberos change from ec99588 Update latest stable release. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 8925b0ceed6bfb6109a5283ce040fd705421a427 Author: Andrew Bartlett abart...@samba.org Date: Fri Jun 17 22:06:10 2011 +0200 [PATCH] s3-WHATSNEW 3.5.9 Add information on kerberos change This patch modifies the release notes after the release, so the hints are not included in the 3.5.9 tarball. --- Summary of changes: history/samba-3.5.9.html | 15 +++ 1 files changed, 15 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/history/samba-3.5.9.html b/history/samba-3.5.9.html index 8450077..feb9b58 100755 --- a/history/samba-3.5.9.html +++ b/history/samba-3.5.9.html @@ -25,6 +25,21 @@ Major enhancements in Samba 3.5.9 include: o Sgid bit lost on folder rename (bug #7996). o ACL can get lost when files are being renamed (bug #7987). o Respect allow trusted domains = no in Winbind (bug #6966). +o Samba now follows Windows behaviour as a kerberos client, + requesting a CIFS/ ticket (bug #7893). + +New Kerberos behaviour +-- + +A new parameter 'client use spnego principal' defaults to 'no' and +means Samba will use CIFS/hostname to obtain a kerberos ticket, acting +more like Windows when using Kerberos against a CIFS server in +smbclient, Winbind and other Samba client tools. This will change +which servers we will successfully negotiate Kerberos connections to. +This is due to Samba no longer trusting a server-provided hint which +is not available from Windows 2008 or later. For correct operation +with all clients, all aliases for a server should be recorded as a as +a servicePrincipalName on the server's record in AD. Changes since 3.5.8: -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via bb66504 s3:modules fix Bug 8244 - Cannot copy files larger than 2 GB to Samba share from acc9535 s4-errors: Import error maps from the source3/ unix - ntstatus mapping http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit bb66504dadf56366ea30697ae73673de3df08132 Author: Christian Ambach a...@samba.org Date: Fri Jun 17 21:54:30 2011 +0200 s3:modules fix Bug 8244 - Cannot copy files larger than 2 GB to Samba share the time_audit module uses int instead of uint64 as return value in get_alloc_size so that sizes of files larger than 2 GB are cut of leading to wrong replies to NtCreateAndX and Windows clients giving up While checking the types of all functions, I found two more wrong return value types that needed correction Autobuild-User: Christian Ambach a...@samba.org Autobuild-Date: Fri Jun 17 23:11:10 CEST 2011 on sn-devel-104 --- Summary of changes: source3/modules/vfs_time_audit.c |6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_time_audit.c b/source3/modules/vfs_time_audit.c index 0f32619..25332e4 100644 --- a/source3/modules/vfs_time_audit.c +++ b/source3/modules/vfs_time_audit.c @@ -564,7 +564,7 @@ static SMB_OFF_T smb_time_audit_lseek(vfs_handle_struct *handle, files_struct *fsp, SMB_OFF_T offset, int whence) { - ssize_t result; + SMB_OFF_T result; struct timespec ts1,ts2; double timediff; @@ -721,7 +721,7 @@ static uint64_t smb_time_audit_get_alloc_size(vfs_handle_struct *handle, files_struct *fsp, const SMB_STRUCT_STAT *sbuf) { - int result; + uint64_t result; struct timespec ts1,ts2; double timediff; @@ -2216,7 +2216,7 @@ static ssize_t smb_time_audit_aio_return(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb) { - int result; + ssize_t result; struct timespec ts1,ts2; double timediff; -- Samba Shared Repository