[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via dd60dcf test-chgdcpass: test the ldap case for server password change via 0e6c5c0 s4-ldapclient: cope with logon failure retry in LDAP via b0cc0d5 s4-librpc: set error code to LOGON_FAILURE on RPC fault with access denied via 538dd04 samba-tool: drs options does not need a samdb connection via 5d6ae34 s4-librpc: try a 2nd logon for more error cases via 30ffdda ldb: fixed callers for ldb_pack_data() and ldb_unpack_data() via fc47b0d ldb: move ldb_pack.c into common via e480995 test_chgdpass: use drs bind to test password change on RPC via ed2e69f s4-librpc: use cli_credentials_failed_kerberos_login to cope with stale tickets via fce66b2 test_chgdpass: added test for kerberos retry via d4ea637 libcli: use cli_credentials_failed_kerberos_login() to cope with server changes via 994696c auth: added cli_credentials_failed_kerberos_login() from ffb608b util: remove accidently committed hunk http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit dd60dcf343bfb8286951d3109055693634574d8b Author: Andrew Tridgell tri...@samba.org Date: Thu Nov 1 14:11:02 2012 +1100 test-chgdcpass: test the ldap case for server password change use samba-tool drs options which does both RPC and LDAP connections Pair-Programmed-With: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Tridgell tri...@samba.org Autobuild-Date(master): Thu Nov 1 07:21:17 CET 2012 on sn-devel-104 commit 0e6c5c036f8faddcc6ca65c26453ffaf248ed2b5 Author: Andrew Tridgell tri...@samba.org Date: Thu Nov 1 14:10:14 2012 +1100 s4-ldapclient: cope with logon failure retry in LDAP similar to what was done for rpc and cifs, we now retry once on logon failure for ldap, allowing for a new ticket to be fetched when a server password changes while we have a valid ticket for the old password Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit b0cc0d5698d34aa7956b22faa8b79bd9b338286d Author: Andrew Tridgell tri...@samba.org Date: Thu Nov 1 13:42:52 2012 +1100 s4-librpc: set error code to LOGON_FAILURE on RPC fault with access denied this allows the client code to trigger a retry with a new password callback for NTLM connections Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit 538dd046f1efefbeb8660ef1ff5afd594a003341 Author: Andrew Tridgell tri...@samba.org Date: Thu Nov 1 13:31:47 2012 +1100 samba-tool: drs options does not need a samdb connection this gives us a handy pure RPC client test for use in blackbox testing Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit 5d6ae3498ad77ccdb7a8b3a316d7aa86c2f0c56a Author: Andrew Tridgell tri...@samba.org Date: Thu Nov 1 13:30:47 2012 +1100 s4-librpc: try a 2nd logon for more error cases not all servers give LOGON_FAILURE on authentication failures, so we need to do the retry with a new ticket on a wider range of error types Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit 30ffdda45bd3ae602b453c9c1bbdb77ea3de8a8d Author: Andrew Tridgell tri...@samba.org Date: Wed Oct 31 16:06:03 2012 +1100 ldb: fixed callers for ldb_pack_data() and ldb_unpack_data() with ltdb_pack_data() and ltdb_unpack_data() now moved into common, we need to increase the minor version and fixup callers of the API Note that this relies on struct ldb_val being the same shape as TDB_DATA, in much the same way as we rely on ldb_val and DATA_BLOB being the same shape. Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit fc47b0d03c577730ce0ef9e09092f80c0712d5d0 Author: Andrew Tridgell tri...@samba.org Date: Wed Oct 31 15:39:09 2012 +1100 ldb: move ldb_pack.c into common this code should not be tied to the ldb_tdb backend, both because it could be used for any record oriented backend, and because it should be exposed for use by diagnosis/repair tools such as the recently added ldbdump tool Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit e48099516e4975cb69c7e2850d3b13b25bab7c44 Author: Andrew Tridgell tri...@samba.org Date: Wed Oct 31 18:45:25 2012 +1100 test_chgdpass: use drs bind to test password change on RPC Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit ed2e69fe91fee642392803a17d42d64adc36e41d Author: Andrew Tridgell tri...@samba.org Date: Wed Oct 31 18:44:23 2012 +1100 s4-librpc: use cli_credentials_failed_kerberos_login to cope with stale tickets This allows our RPC client code to cope with a kerberos server changing password while we have a valid service ticket Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 4067d19 WHATSNEW: Prepare release notes for Samba 3.5.19. from 92bd768 Revert Fix bug #7781 (Samba transforms ShareName to lowercase when adding new share via MMC) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 4067d192f62d6fc20e1cdf8820656b03aa9f5931 Author: Karolin Seeger ksee...@samba.org Date: Thu Nov 1 09:30:00 2012 +0100 WHATSNEW: Prepare release notes for Samba 3.5.19. Karolin --- Summary of changes: WHATSNEW.txt | 27 ++- 1 files changed, 26 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 1551865..5bf1c53 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -8,12 +8,37 @@ This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.19 include: -o +o Connection to outbound trusted domain goes offline (bug #9016). +o ACL masks incorrectly applied when setting ACLs (bug #9236). +o Samba panics if a user specifies an invalid port number (bug #9218). + Changes since 3.5.17: - o Jeremy Allison j...@samba.org +* BUG 9016: Connection to outbound trusted domain goes offline. +* BUG 9117: smbclient can't connect to a Windows 7 server using NTLMv2. +* BUG 9213: Bad ASN.1 NegTokenInit packet can cause invalid free. +* BUG 9236: ACL masks incorrectly applied when setting ACLs. + + +o Andrew Bartlett abart...@samba.org +* BUG 8788: libsmb: Initialise ticket to ensure we do not free invalid memory. + + +o Björn Jacke b...@sernet.de +* BUG 8344: autoconf: Fix --with(out)-sendfile-support option handling. +* BUG 8732: Fix compile of krb5 locator on Solaris. +* BUG 9172: Add quota support for gfs2. + + +o Matthieu Patou m...@matws.net +* BUG 9259: lib-addns: Ensure that allocated buffer are pre set to 0. + + +o Andreas Schneider a...@samba.org +* BUG 9218: Samba panics if a user specifies an invalid port number. ## -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 75c51d6 s3-param: Move the options needed for running smbd in the AD DC to loadparm via fc5caff file_server: put set create mask and directory mask in fileserver.conf from dd60dcf test-chgdcpass: test the ldap case for server password change http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 75c51d6561f6f39dd02fd942709039b871957f44 Author: Andrew Bartlett abart...@samba.org Date: Thu Nov 1 11:26:16 2012 +1100 s3-param: Move the options needed for running smbd in the AD DC to loadparm This avoids the whole fileserver.conf thing, and simply handles everything in C. The main challenge is that if s3fs is enabled in a member server configuration (unlikely) then these options will not be set, and it overrides any other attempt to set these as globals. (The previous approach essentially just changed defaults, because the include = of smb.conf was after the values were set in fileserver.conf). Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Michael Adam ob...@samba.org Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Thu Nov 1 11:47:22 CET 2012 on sn-devel-104 commit fc5caffbc139d63cab1ec105884863f73772586f Author: Andrew Bartlett abart...@samba.org Date: Thu Nov 1 11:24:00 2012 +1100 file_server: put set create mask and directory mask in fileserver.conf This allows any ACL to be set from the client, without restriction from the Samba side. Based on advise from Jermey at https://lists.samba.org/archive/samba-technical/2012-October/088414.html Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Michael Adam ob...@samba.org --- Summary of changes: file_server/file_server.c | 51 +--- source3/param/loadparm.c | 17 +++ 2 files changed, 19 insertions(+), 49 deletions(-) Changeset truncated at 500 lines: diff --git a/file_server/file_server.c b/file_server/file_server.c index 0777de5..430782c 100644 --- a/file_server/file_server.c +++ b/file_server/file_server.c @@ -30,49 +30,6 @@ #include dynconfig.h /* - generate a smbd config file for the file server - */ -static const char *generate_smb_conf(struct task_server *task) -{ - int fd; - struct loadparm_context *lp_ctx = task-lp_ctx; - const char *path = smbd_tmp_path(task, lp_ctx, fileserver.conf); - - if (path == NULL) { - return NULL; - } - - fd = open(path, O_WRONLY|O_CREAT|O_TRUNC, 0644); - if (fd == -1) { - DEBUG(0,(Failed to create %s, path)); - return NULL; - } - - fdprintf(fd, [globals]\n); - fdprintf(fd, # auto-generated config for fileserver\n); - fdprintf(fd, server role check:inhibit=yes\n); -fdprintf(fd, rpc_server:default = external\n); - fdprintf(fd, rpc_server:svcctl = embedded\n); - fdprintf(fd, rpc_server:srvsvc = embedded\n); - fdprintf(fd, rpc_server:eventlog = embedded\n); - fdprintf(fd, rpc_server:ntsvcs = embedded\n); - fdprintf(fd, rpc_server:winreg = embedded\n); - fdprintf(fd, rpc_server:spoolss = embedded\n); - fdprintf(fd, rpc_daemon:spoolssd = embedded\n); - fdprintf(fd, rpc_server:tcpip = no\n); - - fdprintf(fd, map hidden = no\n); - fdprintf(fd, map system = no\n); - fdprintf(fd, map readonly = no\n); - fdprintf(fd, store dos attributes = yes\n); - - fdprintf(fd, include = %s\n, lpcfg_configfile(lp_ctx)); - - close(fd); - return path; -} - -/* called if smbd exits */ static void file_server_smbd_done(struct tevent_req *subreq) @@ -98,23 +55,19 @@ static void file_server_smbd_done(struct tevent_req *subreq) */ static void s3fs_task_init(struct task_server *task) { - const char *fileserver_conf; struct tevent_req *subreq; const char *smbd_path; const char *smbd_cmd[2] = { NULL, NULL }; task_server_set_title(task, task[s3fs_parent]); - /* create a smb.conf for smbd to use */ - fileserver_conf = generate_smb_conf(task); - smbd_path = talloc_asprintf(task, %s/smbd, dyn_SBINDIR); smbd_cmd[0] = smbd_path; /* start it as a child process */ subreq = samba_runcmd_send(task, task-event_ctx, timeval_zero(), 1, 0, smbd_cmd, - --configfile, fileserver_conf, + --option=server role check:inhibit=yes, --foreground, debug_get_output_is_stdout()?--log-stdout:NULL, NULL); @@
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-11-01-1221/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-11-01-1221/samba3.stderr http://git.samba.org/autobuild.flakey/2012-11-01-1221/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-11-01-1221/samba.stderr http://git.samba.org/autobuild.flakey/2012-11-01-1221/samba.stdout The top commit at the time of the failure was: commit 75c51d6561f6f39dd02fd942709039b871957f44 Author: Andrew Bartlett abart...@samba.org Date: Thu Nov 1 11:26:16 2012 +1100 s3-param: Move the options needed for running smbd in the AD DC to loadparm This avoids the whole fileserver.conf thing, and simply handles everything in C. The main challenge is that if s3fs is enabled in a member server configuration (unlikely) then these options will not be set, and it overrides any other attempt to set these as globals. (The previous approach essentially just changed defaults, because the include = of smb.conf was after the values were set in fileserver.conf). Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Michael Adam ob...@samba.org Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Thu Nov 1 11:47:22 CET 2012 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2a3eb64 s3:winbindd: use PROTOCOL_LATEST instead of PROTOCOL_SMB2_02 (bug #9175) via 45105af s3:winbindd: disconnection after getting NETWORK_SESSION_EXPIRED (bug #9175) via c5cd22b libcli/smb: add smbXcli_session_set_disconnect_expired() (bug #9175) via 24f3f87 lib/krb5_wrap: request enc_types in the correct order (bug #9272) via f853c17 s3:winbindd:cache: fix offline logons with cached credentials (bug #9321) from 75c51d6 s3-param: Move the options needed for running smbd in the AD DC to loadparm http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2a3eb641fe34fb95bf713f0e7184581847af1357 Author: Stefan Metzmacher me...@samba.org Date: Mon Oct 22 14:35:41 2012 +0200 s3:winbindd: use PROTOCOL_LATEST instead of PROTOCOL_SMB2_02 (bug #9175) We should use the latest supported dialect. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewd-by: Michael Adam ob...@samba.org Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Thu Nov 1 18:11:27 CET 2012 on sn-devel-104 commit 45105afffc5678082b23165ff74610d67e57a82a Author: Stefan Metzmacher me...@samba.org Date: Mon Oct 22 14:31:20 2012 +0200 s3:winbindd: disconnection after getting NETWORK_SESSION_EXPIRED (bug #9175) Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org commit c5cd22b5bbce724dcd68fe94320382b3f772cabf Author: Stefan Metzmacher me...@samba.org Date: Mon Oct 22 14:18:20 2012 +0200 libcli/smb: add smbXcli_session_set_disconnect_expired() (bug #9175) This should be a short term hack until the upper layers have implemented re-authentication. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org commit 24f3f87706329e6e280dc6be6d025e997d46c910 Author: Stefan Metzmacher me...@samba.org Date: Mon Oct 22 13:47:48 2012 +0200 lib/krb5_wrap: request enc_types in the correct order (bug #9272) aes256-cts-hmac-sha1-96 and aes128-cts-hmac-sha1-96 should have a higher priority than arcfour-hmac-md5, otherwise the KDC still gives us arcfour-hmac-md5 session keys. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org commit f853c1792967332c4aff52c0fb35f653f614f86d Author: Michael Adam ob...@samba.org Date: Thu Nov 1 14:41:56 2012 +0100 s3:winbindd:cache: fix offline logons with cached credentials (bug #9321) The removal of consumption of the time field from the centry as removal of unused variable in 21528da9cd12a4f5c3792a482a5d18fe946a6f7a had the side effect of changing the offset for reading the following nt password hash, so the read password hash was wrong. This patch re-installs the consumption of the time, thereby fixing the bug without changing the disk format of the cache. Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: lib/krb5_wrap/krb5_samba.c| 12 ++-- libcli/smb/smbXcli_base.c | 34 ++ libcli/smb/smbXcli_base.h |1 + source3/winbindd/winbindd_cache.c |7 +++ source3/winbindd/winbindd_cm.c| 13 - 5 files changed, 60 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index 8037337..f04f6e1 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -685,15 +685,15 @@ int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx, krb5_ccache ccdef = NULL; krb5_auth_context auth_context = NULL; krb5_enctype enc_types[] = { - ENCTYPE_ARCFOUR_HMAC, - ENCTYPE_DES_CBC_MD5, - ENCTYPE_DES_CBC_CRC, -#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 - ENCTYPE_AES128_CTS_HMAC_SHA1_96, -#endif #ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96 ENCTYPE_AES256_CTS_HMAC_SHA1_96, #endif +#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 + ENCTYPE_AES128_CTS_HMAC_SHA1_96, +#endif + ENCTYPE_ARCFOUR_HMAC, + ENCTYPE_DES_CBC_MD5, + ENCTYPE_DES_CBC_CRC, ENCTYPE_NULL}; initialize_krb5_error_table(); diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index 02d0227..c547515 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -157,6 +157,13 @@ struct smbXcli_session { struct { DATA_BLOB signing_key; } smb2_channel; + + /* +* this should be a short term hack +* until the upper layers have implemented +*