[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via d5f845c s3: Make an if statement a bit easier to read
via 5e0365d Now SEC_RIGHTS_PRIV_RESTORE and SEC_RIGHTS_PRIV_BACKUP
don't include any generic bits (they're used directly in the fileserver where
the generic bits have already been mapped into file specific bits) we need to
add the generic bits to the test when we have these privileges.
via 6550bc0 Rewrite torture_samba3_rpc_sharesec() to use a
non-privileged user for share security descriptor testing.
via 64e57a1 Add a comment showing where to set log level in tests.
via 4645564 Change the S3 fileserver over to se_file_access_check().
via 2b89e1a Factor out privilege checking code into
se_file_access_check() which takes a bool priv_open_requested parameter.
via 69d925d SEC_RIGHTS_DIR_PRIV_BACKUP and SEC_RIGHTS_DIR_PRIV_RESTORE
aren't used anywhere. Remove (can re-add if needed).
from 4d7dad1 s4-dsdb: Remove unused variables
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit d5f845c0d3ca185181760bce3731d31a71db4f32
Author: Volker Lendecke
Date: Fri Aug 31 14:11:45 2012 +0200
s3: Make an if statement a bit easier to read
Fix indentation a bit
Signed-off-by: Jeremy Allison
Autobuild-User(master): Jeremy Allison
Autobuild-Date(master): Sat Sep 1 07:07:12 CEST 2012 on sn-devel-104
commit 5e0365dfe891f556eed180bc44ac7120c37141fb
Author: Jeremy Allison
Date: Fri Aug 31 14:42:21 2012 -0700
Now SEC_RIGHTS_PRIV_RESTORE and SEC_RIGHTS_PRIV_BACKUP don't include any
generic bits (they're used directly in the fileserver where the generic bits
have already been mapped into file specific bits) we need to add the generic
bits to the test when we have these privileges.
Mark samba4.base.maximum_allowed knownfail until we implement
NTCREATEX_OPTIONS_BACKUP_INTENT.
commit 6550bc0d26278ce96a2a752231efef274c0dcf12
Author: Jeremy Allison
Date: Fri Aug 31 12:42:16 2012 -0700
Rewrite torture_samba3_rpc_sharesec() to use a non-privileged user for
share security descriptor testing.
commit 64e57a1770b61593082ddd1191f26fa314ddafcd
Author: Jeremy Allison
Date: Fri Aug 31 12:41:48 2012 -0700
Add a comment showing where to set log level in tests.
commit 46455642a78f7a1c60f56dec8ad907d0cfd326ea
Author: Jeremy Allison
Date: Mon Aug 27 16:07:32 2012 -0700
Change the S3 fileserver over to se_file_access_check().
Don't set the priv_open_requested yet until the open-for-backup
request is correctly passed in.
commit 2b89e1a20a6c726e5c3219a944143f0beb7c5920
Author: Jeremy Allison
Date: Mon Aug 27 15:41:18 2012 -0700
Factor out privilege checking code into se_file_access_check() which takes
a bool priv_open_requested parameter.
commit 69d925d110a23e9f1cf9e6013729eb611b8ab58a
Author: Jeremy Allison
Date: Mon Aug 27 14:15:35 2012 -0700
SEC_RIGHTS_DIR_PRIV_BACKUP and SEC_RIGHTS_DIR_PRIV_RESTORE aren't used
anywhere. Remove (can re-add if needed).
Ensure the privilege rights are always specific rights, not generic.
By the time the privilege rights are examined, we've already mapped
from generic to specific in the access_mask.
---
Summary of changes:
libcli/security/access_check.c | 86 +++---
libcli/security/access_check.h | 11
librpc/idl/security.idl | 15 ++---
selftest/knownfail |1 +
selftest/target/Samba4.pm|3 +
source3/lib/sharesec.c |2 +-
source3/smbd/open.c | 20 ---
source4/torture/basic/denytest.c | 31 -
source4/torture/rpc/samba3rpc.c | 123 +-
source4/torture/rpc/testjoin.c | 74 +++
10 files changed, 320 insertions(+), 46 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index 7f08cb5..9153dad 100644
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -274,16 +274,6 @@ NTSTATUS se_access_check(const struct security_descriptor
*sd,
}
}
- /* TODO: remove this, as it is file server specific */
- if ((bits_remaining & SEC_RIGHTS_PRIV_RESTORE) &&
- security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
- bits_remaining &= ~(SEC_RIGHTS_PRIV_RESTORE);
- }
- if ((bits_remaining & SEC_RIGHTS_PRIV_BACKUP) &&
- security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
- bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP);
- }
-
if ((bits_remaining & SEC_STD_WRITE_OWNER) &&
security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
bits_remaining &= ~(SEC_STD_WRITE_OWNER);
@@ -29
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 4d7dad1 s4-dsdb: Remove unused variables
via 8557c69 s4-kdc: Improve grammer and clarity of password change
failure messages.
via f0a9180 s3: Fix warnings in aio_fork.c
via 2ffe690 s3: Remove a shadowing variable declaration
via 01ade93 s4-dsdb: Remove unused tmp_ctx leaked onto long-term
ldb_context
from c256566 s4 dns: Store TKEYs in a ringbuffer
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 4d7dad13158fe6d998d7f63ed0f4ac7935a29bf8
Author: Andrew Bartlett
Date: Sat Sep 1 11:36:36 2012 +1000
s4-dsdb: Remove unused variables
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Sat Sep 1 05:10:47 CEST 2012 on sn-devel-104
commit 8557c692f613847d190891b6d79498f4e8fb9096
Author: Andrew Bartlett
Date: Sat Sep 1 11:34:33 2012 +1000
s4-kdc: Improve grammer and clarity of password change failure messages.
This can still be improved further, but avoid mentioning reasons that
clearly do not apply in this case.
Andrew Bartlett
commit f0a9180ae9dd565e4772ba9027ade0edfe1fc8d8
Author: Volker Lendecke
Date: Fri Aug 31 14:45:08 2012 +0200
s3: Fix warnings in aio_fork.c
commit 2ffe69082e23675a96e59eea0954a6b17530e82c
Author: Volker Lendecke
Date: Fri Aug 31 14:17:49 2012 +0200
s3: Remove a shadowing variable declaration
commit 01ade93c7c0c2f2e992f5295976bbfc20429023a
Author: Andrew Bartlett
Date: Sat Sep 1 11:29:46 2012 +1000
s4-dsdb: Remove unused tmp_ctx leaked onto long-term ldb_context
This was found based on a log provided by Ricky Nance
. Thanks Ricky!
Andrew Bartlett
---
Summary of changes:
source3/modules/vfs_aio_fork.c |6 --
source3/passdb/lookup_sid.c|2 --
source4/dsdb/common/util.c |5 -
source4/kdc/kpasswdd.c |7 +++
4 files changed, 7 insertions(+), 13 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_aio_fork.c b/source3/modules/vfs_aio_fork.c
index 2ec3d3d..3db336f 100644
--- a/source3/modules/vfs_aio_fork.c
+++ b/source3/modules/vfs_aio_fork.c
@@ -590,9 +590,10 @@ static struct tevent_req *aio_fork_pread_send(struct
vfs_handle_struct *handle,
ssize_t written;
int err;
struct aio_fork_config *config;
+
SMB_VFS_HANDLE_GET_DATA(handle, config,
struct aio_fork_config,
- return -1);
+ return NULL);
req = tevent_req_create(mem_ctx, &state, struct aio_fork_pread_state);
if (req == NULL) {
@@ -821,9 +822,10 @@ static struct tevent_req *aio_fork_fsync_send(
ssize_t written;
int err;
struct aio_fork_config *config;
+
SMB_VFS_HANDLE_GET_DATA(handle, config,
struct aio_fork_config,
- return -1);
+ return NULL);
req = tevent_req_create(mem_ctx, &state, struct aio_fork_fsync_state);
if (req == NULL) {
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 530fa6b..76a454c 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -1096,8 +1096,6 @@ static bool legacy_sid_to_unixid(const struct dom_sid
*psid, struct unixid *id)
if ((sid_check_is_in_builtin(psid) ||
sid_check_is_in_wellknown_domain(psid))) {
- bool ret;
-
map = talloc_zero(NULL, GROUP_MAP);
if (!map) {
return false;
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 5d73df2..086f2a5 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1618,12 +1618,10 @@ int samdb_reference_dn(struct ldb_context *ldb,
TALLOC_CTX *mem_ctx, struct ldb_
int samdb_dn_is_our_ntdsa(struct ldb_context *ldb, struct ldb_dn *dn, bool
*is_ntdsa)
{
NTSTATUS status;
- TALLOC_CTX *tmp_ctx = talloc_new(ldb);
struct GUID dn_guid;
const struct GUID *our_ntds_guid;
status = dsdb_get_extended_dn_guid(dn, &dn_guid, "GUID");
if (!NT_STATUS_IS_OK(status)) {
- talloc_free(tmp_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
@@ -1645,10 +1643,7 @@ int samdb_reference_dn_is_our_ntdsa(struct ldb_context
*ldb, struct ldb_dn *base
{
int ret;
struct ldb_dn *referenced_dn;
- NTSTATUS status;
TALLOC_CTX *tmp_ctx = talloc_new(ldb);
- struct GUID referenced_guid;
- const struct GUID *our_ntds_guid;
if (tmp_ctx == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
}
diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c
index c05ea82..5558794 100644
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via c256566 s4 dns: Store TKEYs in a ringbuffer
from e4505fc tdb: return unpack error on strdup failure
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit c256566aa97e040a9b3007c779b1006d20462ccb
Author: Kai Blin
Date: Fri Aug 31 13:41:19 2012 +0200
s4 dns: Store TKEYs in a ringbuffer
This stops us from potentially being DoSed by tons of TKEYs
Autobuild-User(master): Kai Blin
Autobuild-Date(master): Fri Aug 31 22:46:01 CEST 2012 on sn-devel-104
---
Summary of changes:
source4/dns_server/dns_query.c | 125 ++-
source4/dns_server/dns_server.c | 27
source4/dns_server/dns_server.h | 11 +++-
3 files changed, 106 insertions(+), 57 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c
index e9c3a24..530b7b2 100644
--- a/source4/dns_server/dns_query.c
+++ b/source4/dns_server/dns_query.c
@@ -36,7 +36,6 @@
#include "auth/auth.h"
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
-#include "lib/util/dlinklist.h"
static WERROR create_response_rr(const struct dns_name_question *question,
const struct dnsp_DnssrvRpcRecord *rec,
@@ -321,19 +320,73 @@ static WERROR handle_question(struct dns_server *dns,
return WERR_OK;
}
-static NTSTATUS create_new_tkey(TALLOC_CTX *mem_ctx,
- struct dns_server *dns,
- struct dns_server_tkey **tkey,
- const char* name)
+static NTSTATUS accept_gss_ticket(TALLOC_CTX *mem_ctx,
+ struct dns_server *dns,
+ struct dns_server_tkey *tkey,
+ const DATA_BLOB *key,
+ DATA_BLOB *reply,
+ uint16_t *dns_auth_error)
+{
+ NTSTATUS status;
+
+ status = gensec_update(tkey->gensec, mem_ctx, dns->task->event_ctx,
+ *key, reply);
+
+ if (NT_STATUS_EQUAL(NT_STATUS_MORE_PROCESSING_REQUIRED, status)) {
+ *dns_auth_error = DNS_RCODE_OK;
+ return status;
+ }
+
+ if (NT_STATUS_IS_OK(status)) {
+
+ status = gensec_session_info(tkey->gensec, tkey,
&tkey->session_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ *dns_auth_error = DNS_RCODE_BADKEY;
+ return status;
+ }
+ *dns_auth_error = DNS_RCODE_OK;
+ }
+
+ return status;
+}
+
+static struct dns_server_tkey *find_tkey(struct dns_server_tkey_store *store,
+const char *name)
+{
+ struct dns_server_tkey *tkey = NULL;
+ uint16_t i = 0;
+
+ do {
+ struct dns_server_tkey *tmp_key = store->tkeys[i];
+
+ i++;
+ i %= TKEY_BUFFER_SIZE;
+
+ if (tmp_key == NULL) {
+ continue;
+ }
+ if (dns_name_equal(name, tmp_key->name)) {
+ tkey = tmp_key;
+ break;
+ }
+ } while (i != 0);
+
+ return tkey;
+}
+
+static NTSTATUS create_tkey(struct dns_server *dns,
+ const char* name,
+ struct dns_server_tkey **tkey)
{
NTSTATUS status;
- struct dns_server_tkey *k = talloc_zero(mem_ctx, struct
dns_server_tkey);
+ struct dns_server_tkey_store *store = dns->tkeys;
+ struct dns_server_tkey *k = talloc_zero(store, struct dns_server_tkey);
if (k == NULL) {
return NT_STATUS_NO_MEMORY;
}
- k->name = talloc_strdup(mem_ctx, name);
+ k->name = talloc_strdup(k, name);
if (k->name == NULL) {
return NT_STATUS_NO_MEMORY;
@@ -363,52 +416,16 @@ static NTSTATUS create_new_tkey(TALLOC_CTX *mem_ctx,
return status;
}
- *tkey = k;
- return NT_STATUS_OK;
-}
-
-static NTSTATUS accept_gss_ticket(TALLOC_CTX *mem_ctx,
- struct dns_server *dns,
- struct dns_server_tkey *tkey,
- const DATA_BLOB *key,
- DATA_BLOB *reply,
- uint16_t *dns_auth_error)
-{
- NTSTATUS status;
-
- status = gensec_update(tkey->gensec, mem_ctx, dns->task->event_ctx,
- *key, reply);
-
- if (NT_STATUS_EQUAL(NT_STATUS_MORE_PROCESSING_REQUIRED, status)) {
- *dns_auth_error = DNS_RCODE_OK;
- return status;
+ if (store->tkeys[store->n
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via e4505fc tdb: return unpack error on strdup failure
from 85706c4 s3: Fix a few "warning: ISO C90 forbids mixed declarations
and code"
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit e4505fc27bf31dbf922635fac19ea52a2a002bd4
Author: David Disseldorp
Date: Fri Aug 31 17:41:31 2012 +0200
tdb: return unpack error on strdup failure
Signed-off-by: Lars Müller
Autobuild-User(master): David Disseldorp
Autobuild-Date(master): Fri Aug 31 21:05:21 CEST 2012 on sn-devel-104
---
Summary of changes:
source3/lib/util_tdb.c |3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/lib/util_tdb.c b/source3/lib/util_tdb.c
index c6c6d26..8bfc75f 100644
--- a/source3/lib/util_tdb.c
+++ b/source3/lib/util_tdb.c
@@ -237,6 +237,9 @@ int tdb_unpack(const uint8 *buf, int bufsize, const char
*fmt, ...)
if (bufsize < len)
goto no_space;
*ps = SMB_STRDUP((const char *)buf);
+ if (*ps == NULL) {
+ goto no_space;
+ }
break;
case 'f': /* null-terminated string */
s = va_arg(ap,char *);
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 85706c4 s3: Fix a few "warning: ISO C90 forbids mixed declarations
and code"
from 2eb606b s3:build fix autoconf build on RHEL5
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 85706c4e168d90f329372b7411223cb2291ec9f6
Author: Volker Lendecke
Date: Fri Aug 31 14:10:02 2012 +0200
s3: Fix a few "warning: ISO C90 forbids mixed declarations and code"
Autobuild-User(master): Björn Jacke
Autobuild-Date(master): Fri Aug 31 19:24:47 CEST 2012 on sn-devel-104
---
Summary of changes:
source3/modules/vfs_media_harmony.c | 388 +--
1 files changed, 234 insertions(+), 154 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_media_harmony.c
b/source3/modules/vfs_media_harmony.c
index 53cb176..e1de153 100644
--- a/source3/modules/vfs_media_harmony.c
+++ b/source3/modules/vfs_media_harmony.c
@@ -132,11 +132,11 @@ typedef struct mh_dirinfo_struct
static int alloc_append_client_suffix(vfs_handle_struct *handle,
char **path)
{
- DEBUG(MH_INFO_DEBUG, ("Entering with *path '%s'\n", *path));
-
int status = 0;
char *raddr = NULL;
+ DEBUG(MH_INFO_DEBUG, ("Entering with *path '%s'\n", *path));
+
raddr = tsocket_address_inet_addr_string(
handle->conn->sconn->remote_address, talloc_tos());
if (raddr == NULL)
@@ -172,10 +172,10 @@ err:
*/
static bool is_apple_double(const char* fname)
{
- DEBUG(MH_INFO_DEBUG, ("Entering with fname '%s'\n", fname));
-
bool ret = False;
+ DEBUG(MH_INFO_DEBUG, ("Entering with fname '%s'\n", fname));
+
if (strncmp(APPLE_DOUBLE_PREFIX, fname, APPLE_DOUBLE_PREFIX_LEN)
== 0)
{
@@ -189,12 +189,12 @@ static bool is_apple_double(const char* fname)
static bool starts_with_media_dir(const char* media_dirname,
size_t media_dirname_len, const char* path)
{
- DEBUG(MH_INFO_DEBUG, ("Entering with media_dirname '%s' "
- "path '%s'\n", media_dirname, path));
-
bool ret = False;
char* path_start;
+ DEBUG(MH_INFO_DEBUG, ("Entering with media_dirname '%s' "
+ "path '%s'\n", media_dirname, path));
+
/* Sometimes Samba gives us "./OMFI MediaFiles". */
if (strncmp(path, "./", 2) == 0)
{
@@ -230,10 +230,10 @@ static bool starts_with_media_dir(const char*
media_dirname,
*/
static bool is_in_media_files(const char* path)
{
- DEBUG(MH_INFO_DEBUG, ("Entering with path '%s'\n", path));
-
bool ret = False;
+ DEBUG(MH_INFO_DEBUG, ("Entering with path '%s'\n", path));
+
if (
starts_with_media_dir(AVID_MEDIAFILES_DIRNAME,
AVID_MEDIAFILES_DIRNAME_LEN, path)
@@ -264,12 +264,13 @@ static bool is_in_media_files(const char* path)
static int depth_from_media_dir(const char* media_dirname,
size_t media_dirname_len, const char* path)
{
- DEBUG(MH_INFO_DEBUG, ("Entering with media_dirname '%s' "
- "path '%s'\n", media_dirname, path));
int transition_count = 0;
char* path_start;
char* pathPtr;
+ DEBUG(MH_INFO_DEBUG, ("Entering with media_dirname '%s' "
+ "path '%s'\n", media_dirname, path));
+
/* Sometimes Samba gives us "./OMFI MediaFiles". */
if (strncmp(path, "./", 2) == 0)
{
@@ -336,15 +337,15 @@ static bool is_avid_database(
const char *avid_db_filename,
const size_t avid_db_filename_len)
{
- DEBUG(MH_INFO_DEBUG, ("Entering with path '%s', "
- "avid_db_filename '%s', "
- "path_len '%i', "
- "avid_db_filename_len '%i'\n",
- path, avid_db_filename,
- path_len, avid_db_filename_len));
-
bool ret = False;
+ DEBUG(MH_INFO_DEBUG, ("Entering with path '%s', "
+ "avid_db_filename '%s', "
+ "path_len '%i', "
+ "avid_db_filename_len '%i'\n",
+ path, avid_db_filename,
+ path_len, avid_db_filename_len));
+
if (
path_len > avid_db_filename_len
&&
@@ -387,14 +388,16 @@ static int alloc_get_client_path(vfs_handle_struct
*handle,
const char *path,
char **newPath)
{
- DEBUG(MH_INFO_DEBUG, ("Entering with path '%s'\n", path));
-
/* replace /CREATING_DIRNAME/ or /._CREATING_DIRNAME/
* directory in path - potentially in middle
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 2eb606b s3:build fix autoconf build on RHEL5
via 3dfd179 s3:doc Fix name of timeout parameter in documentation
via 424492a s3:dbwrap_ctdb: Add DB name and key to warning message
from 7204dc9 s4 dns: Negotiate GSSAPI-based TKEYs
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 2eb606bfa907aea0a93f3eef550316fb1d663084
Author: Christian Ambach
Date: Fri Aug 31 11:00:23 2012 +0200
s3:build fix autoconf build on RHEL5
RHEL5 only has autoconf 2.59, so autogen.sh still needs to find
autoconf-2.60.m4
somewhere, but it was removed with 5f58359
Autobuild-User(master): Christian Ambach
Autobuild-Date(master): Fri Aug 31 12:50:03 CEST 2012 on sn-devel-104
commit 3dfd179638a821e83a18476dc607fe34e7e5ec57
Author: Christof Schmitt
Date: Thu Aug 30 15:42:51 2012 -0700
s3:doc Fix name of timeout parameter in documentation
The name is time_audit:timeout, not time_audit:audit_timeout.
Signed-off-by: Christian Ambach
commit 424492a96358dd52b8cc48ec26b25b97ae809e57
Author: Christof Schmitt
Date: Thu Aug 30 13:16:24 2012 -0700
s3:dbwrap_ctdb: Add DB name and key to warning message
When a operation takes too long, it is useful for debugging to know the
DB and the key.
Signed-off-by: Christian Ambach
---
Summary of changes:
docs-xml/manpages-3/vfs_time_audit.8.xml |6 +-
source3/lib/dbwrap/dbwrap_ctdb.c |9 +-
source3/m4/autoconf-2.60.m4 | 236 ++
3 files changed, 247 insertions(+), 4 deletions(-)
create mode 100644 source3/m4/autoconf-2.60.m4
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages-3/vfs_time_audit.8.xml
b/docs-xml/manpages-3/vfs_time_audit.8.xml
index fc71e28..d79acc8 100644
--- a/docs-xml/manpages-3/vfs_time_audit.8.xml
+++ b/docs-xml/manpages-3/vfs_time_audit.8.xml
@@ -31,7 +31,7 @@
The time_audit VFS module logs system calls
that take longer than the number of milliseconds defined by the variable
- time_audit:audit_timeout. It will log the calls and
+ time_audit:timeout. It will log the calls and
the time spent in it.
@@ -51,7 +51,7 @@
- time_audit:audit_timeout = number of milliseconds
+ time_audit:timeout = number of milliseconds
VFS calls that take longer than the defined number of
milliseconds
that should be logged. The default is 1 (10s).
@@ -74,7 +74,7 @@
/test/sample_share
time_audit
- 3000
+ 3000
diff --git a/source3/lib/dbwrap/dbwrap_ctdb.c b/source3/lib/dbwrap/dbwrap_ctdb.c
index 0a57997..6d46586 100644
--- a/source3/lib/dbwrap/dbwrap_ctdb.c
+++ b/source3/lib/dbwrap/dbwrap_ctdb.c
@@ -996,7 +996,14 @@ static int db_ctdb_record_destr(struct db_record* data)
if (threshold != 0) {
double timediff = timeval_elapsed(&crec->lock_time);
if ((timediff * 1000) > threshold) {
- DEBUG(0, ("Held tdb lock %f seconds\n", timediff));
+ const char *key;
+
+ key = hex_encode_talloc(data,
+ (unsigned char *)data->key.dptr,
+ data->key.dsize);
+ DEBUG(0, ("Held tdb lock on db %s, key %s %f seconds\n",
+ tdb_name(crec->ctdb_ctx->wtdb->tdb), key,
+ timediff));
}
}
diff --git a/source3/m4/autoconf-2.60.m4 b/source3/m4/autoconf-2.60.m4
new file mode 100644
index 000..b2694fd
--- /dev/null
+++ b/source3/m4/autoconf-2.60.m4
@@ -0,0 +1,236 @@
+# AC_GNU_SOURCE
+# --
+AC_DEFUN([AC_GNU_SOURCE],
+[AH_VERBATIM([_GNU_SOURCE],
+[/* Enable GNU extensions on systems that have them. */
+#ifndef _GNU_SOURCE
+# undef _GNU_SOURCE
+#endif])dnl
+AC_BEFORE([$0], [AC_COMPILE_IFELSE])dnl
+AC_BEFORE([$0], [AC_RUN_IFELSE])dnl
+AC_DEFINE([_GNU_SOURCE])
+])
+
+# _AC_C_STD_TRY(STANDARD, TEST-PROLOGUE, TEST-BODY, OPTION-LIST,
+# ACTION-IF-AVAILABLE, ACTION-IF-UNAVAILABLE)
+# --
+# Check whether the C compiler accepts features of STANDARD (e.g `c89', `c99')
+# by trying to compile a program of TEST-PROLOGUE and TEST-BODY. If this
fails,
+# try again with each compiler option in the space-separated OPTION-LIST; if
one
+# helps, append it to CC. If eventually successful, run ACTION-IF-AVAILABLE,
+# else ACTION-IF-UNAVAILABLE.
+AC_DEFUN([_AC_C_STD_TRY],
+[AC_MSG_CHECKING([for $CC option to accept ISO ]m4_translit($1, [c], [C]))
+AC_CACHE_VAL(ac_cv_prog_cc_$1,
+[ac_cv_prog_c
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 7204dc9 s4 dns: Negotiate GSSAPI-based TKEYs
from d2c0387 s4-kdc: Give information on how long the password history is
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 7204dc9708e5f5164dcd9b7cc3fcb2ea27dcd62e
Author: Kai Blin
Date: Thu Aug 30 09:04:07 2012 +0200
s4 dns: Negotiate GSSAPI-based TKEYs
Autobuild-User(master): Kai Blin
Autobuild-Date(master): Fri Aug 31 10:38:35 CEST 2012 on sn-devel-104
---
Summary of changes:
source4/dns_server/dns_query.c | 224 ++
source4/dns_server/dns_server.c | 18 +++
source4/dns_server/dns_server.h | 11 ++
source4/dns_server/wscript_build |2 +-
4 files changed, 254 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c
index 5978fe9..e9c3a24 100644
--- a/source4/dns_server/dns_query.c
+++ b/source4/dns_server/dns_query.c
@@ -33,6 +33,10 @@
#include "libcli/dns/libdns.h"
#include "lib/util/util_net.h"
#include "lib/util/tevent_werror.h"
+#include "auth/auth.h"
+#include "auth/credentials/credentials.h"
+#include "auth/gensec/gensec.h"
+#include "lib/util/dlinklist.h"
static WERROR create_response_rr(const struct dns_name_question *question,
const struct dnsp_DnssrvRpcRecord *rec,
@@ -317,6 +321,214 @@ static WERROR handle_question(struct dns_server *dns,
return WERR_OK;
}
+static NTSTATUS create_new_tkey(TALLOC_CTX *mem_ctx,
+ struct dns_server *dns,
+ struct dns_server_tkey **tkey,
+ const char* name)
+{
+ NTSTATUS status;
+ struct dns_server_tkey *k = talloc_zero(mem_ctx, struct
dns_server_tkey);
+
+ if (k == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ k->name = talloc_strdup(mem_ctx, name);
+
+ if (k->name == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = samba_server_gensec_start(k,
+ dns->task->event_ctx,
+ dns->task->msg_ctx,
+ dns->task->lp_ctx,
+ dns->server_credentials,
+ "dns",
+ &k->gensec);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to start GENSEC server code: %s\n",
nt_errstr(status)));
+ *tkey = NULL;
+ return status;
+ }
+
+ gensec_want_feature(k->gensec, GENSEC_FEATURE_SIGN);
+
+ status = gensec_start_mech_by_oid(k->gensec, GENSEC_OID_SPNEGO);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to start GENSEC server code: %s\n",
+ nt_errstr(status)));
+ *tkey = NULL;
+ return status;
+ }
+
+ *tkey = k;
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS accept_gss_ticket(TALLOC_CTX *mem_ctx,
+ struct dns_server *dns,
+ struct dns_server_tkey *tkey,
+ const DATA_BLOB *key,
+ DATA_BLOB *reply,
+ uint16_t *dns_auth_error)
+{
+ NTSTATUS status;
+
+ status = gensec_update(tkey->gensec, mem_ctx, dns->task->event_ctx,
+ *key, reply);
+
+ if (NT_STATUS_EQUAL(NT_STATUS_MORE_PROCESSING_REQUIRED, status)) {
+ *dns_auth_error = DNS_RCODE_OK;
+ return status;
+ }
+
+ if (NT_STATUS_IS_OK(status)) {
+
+ status = gensec_session_info(tkey->gensec, tkey,
&tkey->session_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ *dns_auth_error = DNS_RCODE_BADKEY;
+ return status;
+ }
+ *dns_auth_error = DNS_RCODE_OK;
+ }
+
+ return status;
+}
+
+static struct dns_server_tkey *find_tkey(struct dns_server *dns,
+const char *name)
+{
+ struct dns_server_tkey *tkey = NULL;
+
+ for (tkey = dns->tkeys; tkey != NULL; tkey = tkey->next) {
+ if (dns_name_equal(name, tkey->name)) {
+ break;
+ }
+ }
+
+ return tkey;
+}
+
+static WERROR handle_tkey(struct dns_server *dns,
+ TALLOC_CTX *mem_ctx,
+ const struct dns_name_packet *in,
+ struct dns_res_rec **answers,
+ uint16_t *ancount)
+{
+ struct dns_res_rec *in_tkey = NULL;
+ st
