[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 3c0f934 tests: Add regression test for s3-passdb: Respect
LOOKUP_NAME_GROUP flag in sid lookup.
from 8c41cbb s3:smb2_server: defer channel/session validation to the
session setup code.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 3c0f9340e6c691e25ee2d188ac2a9c85feb797fe
Author: Jeremy Allison
Date: Tue Jul 28 11:28:20 2015 -0700
tests: Add regression test for s3-passdb: Respect LOOKUP_NAME_GROUP flag in
sid lookup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11320
Signed-off-by: Jeremy Allison
Reviewed-by: Andreas Schneider
Autobuild-User(master): Jeremy Allison
Autobuild-Date(master): Thu Jul 30 00:36:14 CEST 2015 on sn-devel-104
---
Summary of changes:
selftest/target/Samba3.pm| 30 --
source3/script/tests/test_valid_users.sh | 70
source3/selftest/tests.py| 1 +
3 files changed, 97 insertions(+), 4 deletions(-)
create mode 100755 source3/script/tests/test_valid_users.sh
Changeset truncated at 500 lines:
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 9af8faa..7ceb4fa 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -583,6 +583,9 @@ sub setup_fileserver($$)
my $dfree_share_dir="$share_dir/dfree";
push(@dirs, $dfree_share_dir);
+ my $valid_users_sharedir="$share_dir/valid_users";
+ push(@dirs,$valid_users_sharedir);
+
my $fileserver_options = "
[lowercase]
path = $lower_case_share_dir
@@ -602,11 +605,14 @@ sub setup_fileserver($$)
path = $dfree_share_dir
comment = smb username is [%U]
dfree command = $srcdir_abs/testprogs/blackbox/dfree.sh
+[valid-users-access]
+ path = $valid_users_sharedir
+ valid users = +SAMBA-TEST/userdup
";
my $vars = $self->provision($path,
"FILESERVER",
- "fileserver_secret",
+ "fileserver",
$fileserver_options,
undef,
undef,
@@ -656,6 +662,17 @@ sub setup_fileserver($$)
close $fh;
}
+ ##
+ ## create a listable file in valid_users_share
+ ##
+my $valid_users_target = "$valid_users_sharedir/foo";
+unless (open(VALID_USERS_TARGET, ">$valid_users_target")) {
+warn("Unable to open $valid_users_target");
+return undef;
+}
+close(VALID_USERS_TARGET);
+chmod 0644, $valid_users_target;
+
return $vars;
}
@@ -1193,10 +1210,11 @@ sub provision()
##
my ($max_uid, $max_gid);
- my ($uid_nobody, $uid_root, $uid_pdbtest, $uid_pdbtest2);
+ my ($uid_nobody, $uid_root, $uid_pdbtest, $uid_pdbtest2, $uid_userdup);
my ($gid_nobody, $gid_nogroup, $gid_root, $gid_domusers,
$gid_domadmins);
+ my ($gid_userdup);
- if ($unix_uid < 0x - 4) {
+ if ($unix_uid < 0x - 5) {
$max_uid = 0x;
} else {
$max_uid = $unix_uid;
@@ -1206,8 +1224,9 @@ sub provision()
$uid_nobody = $max_uid - 2;
$uid_pdbtest = $max_uid - 3;
$uid_pdbtest2 = $max_uid - 4;
+ $uid_userdup = $max_uid - 5;
- if ($unix_gids[0] < 0x - 5) {
+ if ($unix_gids[0] < 0x - 6) {
$max_gid = 0x;
} else {
$max_gid = $unix_gids[0];
@@ -1218,6 +1237,7 @@ sub provision()
$gid_root = $max_gid - 3;
$gid_domusers = $max_gid - 4;
$gid_domadmins = $max_gid - 5;
+ $gid_userdup = $max_gid - 6;
##
## create conffile
@@ -1488,6 +1508,7 @@ sub provision()
$unix_name:x:$unix_uid:$unix_gids[0]:$unix_name gecos:$prefix_abs:/bin/false
pdbtest:x:$uid_pdbtest:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false
pdbtest2:x:$uid_pdbtest2:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false
+userdup:x:$uid_userdup:$gid_userdup:userdup gecos:$prefix_abs:/bin/false
";
if ($unix_uid != 0) {
print PASSWD "root:x:$uid_root:$gid_root:root
gecos:$prefix_abs:/bin/false
@@ -1504,6 +1525,7 @@ nogroup:x:$gid_nogroup:nobody
$unix_name-group:x:$unix_gids[0]:
domusers:X:$gid_domusers:
domadmins:X:$gid_domadmins:
+userdup:x:$gid_userdup:$unix_name
";
if ($unix_gids[0] != 0) {
print GROUP "root:x:$gid_root:
diff --git a/source3/script/tests/test_valid_users.sh
b/source3/script/tests/test_valid_users.sh
new file mode 100755
index 000..a7f9333
--- /dev/null
+++ b/source3/script/tests/test_valid_users.sh
@@ -0,0 +1,70 @@
+#!/bin/sh
+#
+#
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8c41cbb s3:smb2_server: defer channel/session validation to the session setup code. via 8ab4b05 s3:smb2_sesssetup: check that the connection belongs to the session in sess.setup via 19ec5f3 smbXsrv: use smb2srv_session_lookup_client in smbXsrv_session_close_loop via f6816ae smbXsrv: add smb2srv_session_lookup_client(). via d6acf95 smbXsrv: rename smb2srv_session_lookup -> smb2srv_session_lookup_conn via c765d11 smbXsrv: add a smbXsrv_connection argument to smb2srv_session_lookup_raw via 66bf0e5 smbXsrv: add a smbXsrv_connection argument to smbXsrv_session_local_lookup() from d57e4ac build: fix build with gpfs support - add missing dependency to samba-debug https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8c41cbbf9ea9527b7482ec3ec44ef195dc0917c2 Author: Michael Adam Date: Mon Jul 27 09:01:55 2015 +0200 s3:smb2_server: defer channel/session validation to the session setup code. For session bind, and the channel is only to be bound to the given session just now, so it is not valid. The early request validation code can hence not check it, and hence validation is defered to the actual session setup code, which can look at the session binding flags. Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Michael Adam Signed-off-by: Stefan Metzmacher Autobuild-User(master): Michael Adam Autobuild-Date(master): Wed Jul 29 21:31:09 CEST 2015 on sn-devel-104 commit 8ab4b05d3302d543037973e26609e2d27bb6bc15 Author: Michael Adam Date: Wed Jul 29 11:19:55 2015 +0200 s3:smb2_sesssetup: check that the connection belongs to the session in sess.setup Signed-off-by: Michael Adam Reviewed-by: Michael Adam commit 19ec5f3474efa5ce62f78ae723f1e41b87a7c51a Author: Michael Adam Date: Wed Jul 29 10:35:08 2015 +0200 smbXsrv: use smb2srv_session_lookup_client in smbXsrv_session_close_loop Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Michael Adam Signed-off-by: Stefan Metzmacher commit f6816ae5bdaa0aceca154c16ad845afe781beb30 Author: Michael Adam Date: Mon Jul 27 08:59:57 2015 +0200 smbXsrv: add smb2srv_session_lookup_client(). This is a variant of smb2srv_session_lookup_conn() that does not verify the session on the channel. Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Michael Adam Signed-off-by: Stefan Metzmacher commit d6acf950e4bbff294fe8d6cabadee39717910d1e Author: Michael Adam Date: Wed Jul 29 10:23:14 2015 +0200 smbXsrv: rename smb2srv_session_lookup -> smb2srv_session_lookup_conn This is in preparation of adding a variant that operates on the client and does in particular not verify that the connection belongs to a session as a channel. Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Michael Adam Signed-off-by: Stefan Metzmacher commit c765d11347048c46dc0e1cb5cc1e0da747b73524 Author: Michael Adam Date: Fri May 8 23:15:51 2015 +0200 smbXsrv: add a smbXsrv_connection argument to smb2srv_session_lookup_raw This way, we can verify that the session is valid on a channel. Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Michael Adam Signed-off-by: Stefan Metzmacher commit 66bf0e51bc864d87ef1db5b52dd54da28b75af52 Author: Stefan Metzmacher Date: Fri May 8 23:12:19 2015 +0200 smbXsrv: add a smbXsrv_connection argument to smbXsrv_session_local_lookup() This way, we can verify that a session is valid on the channel. Pair-Programmed-With: Michael Adam Signed-off-by: Stefan Metzmacher Signed-off-by: Michael Adam --- Summary of changes: source3/smbd/globals.h | 9 +--- source3/smbd/smb2_break.c | 8 +++ source3/smbd/smb2_server.c | 27 ++- source3/smbd/smb2_sesssetup.c | 8 +++ source3/smbd/smbXsrv_session.c | 49 ++ 5 files changed, 80 insertions(+), 21 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index 35a3ee9..1885629 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -553,9 +553,12 @@ NTSTATUS smb1srv_session_lookup(struct smbXsrv_connection *conn, uint16_t vuid, NTTIME now, struct smbXsrv_session **session); NTSTATUS smb2srv_session_table_init(struct smbXsrv_connection *conn); -NTSTATUS smb2srv_session_lookup(struct smbXsrv_connection *conn, - uint64_t session_id, NTTIME now, - struct smbXsrv_session **session); +NTSTATUS smb2srv_session_lookup_conn(struct smbXsrv_con
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via d57e4ac build: fix build with gpfs support - add missing dependency
to samba-debug
via b9bef36 configure: add --with-gpfs option for selecting directory
with gpfs headers
via cef8897 s3:wscript: fix indentation
via 952a504 ctdb-daemon: Check if updates are in flight when releasing
all IPs
via 8eb04d0 ctdb-banning: If node is already banned, do not run
ctdb_local_node_got_banned()
via 1286b02 ctdb-client: Return the correct status sent from the daemon
from f07b746 lib: replace: Add strsep function (missing on Solaris).
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit d57e4ac3de5f53346a8d7c3f96825c1345b58f6a
Author: Björn Baumbach
Date: Mon Jul 27 15:15:07 2015 +0200
build: fix build with gpfs support - add missing dependency to samba-debug
Pair-programmed-with: Stefan Metzmacher
Signed-off-by: Björn Baumbach
Reviewed-by: Alexander Bokovoy
Reviewed-by: Martin Schwenke
Autobuild-User(master): Martin Schwenke
Autobuild-Date(master): Wed Jul 29 13:38:59 CEST 2015 on sn-devel-104
commit b9bef361d95daf0f38363acbdec9c23f094ffaca
Author: Björn Baumbach
Date: Mon Jul 27 12:14:37 2015 +0200
configure: add --with-gpfs option for selecting directory with gpfs headers
Signed-off-by: Björn Baumbach
Reviewed-by: Alexander Bokovoy
Reviewed-by: Martin Schwenke
commit cef8897f45f1b231d26342688542560bbe695276
Author: Björn Baumbach
Date: Mon Jul 27 13:20:43 2015 +0200
s3:wscript: fix indentation
Signed-off-by: Björn Baumbach
Reviewed-by: Alexander Bokovoy
Reviewed-by: Martin Schwenke
commit 952a50485f68b3cffdf57da84aa9bb9fde630b7e
Author: Martin Schwenke
Date: Fri Jul 24 15:32:42 2015 +1000
ctdb-daemon: Check if updates are in flight when releasing all IPs
Some code involved in releasing IPs is not re-entrant. Memory
corruption can occur if, for example, overlapping attempts are made to
ban a node. We haven't been able to recreate the corruption but this
should protect against it.
Signed-off-by: Martin Schwenke
Reviewed-by: Amitay Isaacs
commit 8eb04d09b119e234c88150e1dc35fc5057f9c926
Author: Amitay Isaacs
Date: Mon Jul 27 16:51:08 2015 +1000
ctdb-banning: If node is already banned, do not run
ctdb_local_node_got_banned()
This calls release_all_ips() only once on the first ban. If the node gets
banned again due to event script timeout while running release_all_ips(),
then avoid calling release_all_ips() in re-entrant fashion.
Signed-off-by: Amitay Isaacs
Reviewed-by: Martin Schwenke
commit 1286b02e24a521dafa7061d09fb5c21d1ebb3011
Author: Amitay Isaacs
Date: Fri Jul 24 07:39:26 2015 +1000
ctdb-client: Return the correct status sent from the daemon
If a control fails and error message is set, the returned status of the
control is always set to -1 ignoring the status passed by the daemon.
Signed-off-by: Amitay Isaacs
Reviewed-by: Martin Schwenke
---
Summary of changes:
ctdb/client/ctdb_client.c | 2 +-
ctdb/server/ctdb_banning.c | 7 ++-
ctdb/server/ctdb_takeover.c | 18 +++---
lib/util/wscript| 4
lib/util/wscript_build | 3 +++
lib/util/wscript_configure | 2 +-
source3/wscript | 2 +-
7 files changed, 31 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/ctdb/client/ctdb_client.c b/ctdb/client/ctdb_client.c
index 7bffefe..3383c57 100644
--- a/ctdb/client/ctdb_client.c
+++ b/ctdb/client/ctdb_client.c
@@ -1138,7 +1138,7 @@ int ctdb_control_recv(struct ctdb_context *ctdb,
state->async.fn(state);
}
talloc_free(tmp_ctx);
- return -1;
+ return (status == 0 ? -1 : state->status);
}
if (outdata) {
diff --git a/ctdb/server/ctdb_banning.c b/ctdb/server/ctdb_banning.c
index a9d1891..d8f7ab1 100644
--- a/ctdb/server/ctdb_banning.c
+++ b/ctdb/server/ctdb_banning.c
@@ -80,6 +80,7 @@ void ctdb_local_node_got_banned(struct ctdb_context *ctdb)
int32_t ctdb_control_set_ban_state(struct ctdb_context *ctdb, TDB_DATA indata)
{
struct ctdb_ban_time *bantime = (struct ctdb_ban_time *)indata.dptr;
+ bool already_banned;
DEBUG(DEBUG_INFO,("SET BAN STATE\n"));
@@ -107,9 +108,11 @@ int32_t ctdb_control_set_ban_state(struct ctdb_context
*ctdb, TDB_DATA indata)
return 0;
}
+ already_banned = false;
if (ctdb->banning_ctx != NULL) {
talloc_free(ctdb->banning_ctx);
ctdb->banning_ctx = NULL;
+ already_banned = true;
}
if (bantime->time == 0) {
@@ -136,7 +139,9
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via f07b746 lib: replace: Add strsep function (missing on Solaris).
from dc99d45 s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid lookup.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit f07b746ad3f3ee2fcbb65a0d452ed80f07c9e8f9
Author: Jeremy Allison
Date: Wed Jul 15 10:43:56 2015 -0700
lib: replace: Add strsep function (missing on Solaris).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11359
Signed-off-by: Jeremy Allison
Reviewed-by: Ira Cooper
Autobuild-User(master): Jeremy Allison
Autobuild-Date(master): Wed Jul 29 02:24:55 CEST 2015 on sn-devel-104
---
Summary of changes:
lib/replace/replace.c | 20
lib/replace/replace.h | 5 +
lib/replace/wscript | 4 ++--
3 files changed, 27 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/replace/replace.c b/lib/replace/replace.c
index dccf514..0806ce3 100644
--- a/lib/replace/replace.c
+++ b/lib/replace/replace.c
@@ -475,6 +475,26 @@ char *rep_strcasestr(const char *haystack, const char
*needle)
}
#endif
+#ifndef HAVE_STRSEP
+char *rep_strsep(char **pps, const char *delim)
+{
+ char *ret = *pps;
+ char *p = *pps;
+
+ if (p == NULL) {
+ return NULL;
+ }
+ p += strcspn(p, delim);
+ if (*p == '\0') {
+ *pps = NULL;
+ } else {
+ *p = '\0';
+ *pps = p + 1;
+ }
+ return ret;
+}
+#endif
+
#ifndef HAVE_STRTOK_R
/* based on GLIBC version, copyright Free Software Foundation */
char *rep_strtok_r(char *s, const char *delim, char **save_ptr)
diff --git a/lib/replace/replace.h b/lib/replace/replace.h
index 3ff4e36..c764d06 100644
--- a/lib/replace/replace.h
+++ b/lib/replace/replace.h
@@ -349,6 +349,11 @@ void rep_setlinebuf(FILE *);
char *rep_strcasestr(const char *haystack, const char *needle);
#endif
+#ifndef HAVE_STRSEP
+#define strsep rep_strsep
+char *rep_strsep(char **pps, const char *delim);
+#endif
+
#ifndef HAVE_STRTOK_R
#define strtok_r rep_strtok_r
char *rep_strtok_r(char *s, const char *delim, char **save_ptr);
diff --git a/lib/replace/wscript b/lib/replace/wscript
index 516db2f..30eede2 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -240,7 +240,7 @@ def configure(conf):
conf.CHECK_FUNCS('lstat getpgrp utime utimes setuid seteuid setreuid
setresuid setgid setegid')
conf.CHECK_FUNCS('setregid setresgid chroot strerror vsyslog setlinebuf
mktime')
conf.CHECK_FUNCS('ftruncate chsize rename waitpid wait4')
-conf.CHECK_FUNCS('initgroups pread pwrite strndup strcasestr')
+conf.CHECK_FUNCS('initgroups pread pwrite strndup strcasestr strsep')
conf.CHECK_FUNCS('strtok_r mkdtemp dup2 dprintf vdprintf isatty chown
lchown')
conf.CHECK_FUNCS('link readlink symlink realpath snprintf vsnprintf')
conf.CHECK_FUNCS('asprintf vasprintf setenv unsetenv strnlen strtoull
__strtoull')
@@ -630,7 +630,7 @@ REPLACEMENT_FUNCTIONS = {
'memmove', 'strdup', 'setlinebuf', 'vsyslog', 'strnlen',
'strndup', 'waitpid', 'seteuid', 'setegid', 'chroot',
'mkstemp', 'mkdtemp', 'pread', 'pwrite', 'strcasestr',
- 'strtok_r', 'strtoll', 'strtoull', 'setenv', 'unsetenv',
+ 'strsep', 'strtok_r', 'strtoll', 'strtoull', 'setenv',
'unsetenv',
'utime', 'utimes', 'dup2', 'chown', 'link', 'readlink',
'symlink', 'lchown', 'realpath', 'memmem', 'vdprintf',
'dprintf', 'get_current_dir_name',
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via dc99d45 s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid lookup.
from adbd6d3 pidl: merge multiple 'genpad' implementations into one.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit dc99d451bf23668d73878847219682fced547622
Author: Justin Maggard
Date: Tue Jul 21 15:17:30 2015 -0700
s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid lookup.
Somewhere along the line, a config line like "valid users = @foo"
broke when "foo" also exists as a user.
user_ok_token() already does the right thing by adding the LOOKUP_NAME_GROUP
flag; but lookup_name() was not respecting that flag, and went ahead and
looked
for users anyway.
Regression test to follow.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11320
Signed-off-by: Justin Maggard
Reviewed-by: Jeremy Allison
Reviewed-by: Marc Muehlfeld
Autobuild-User(master): Jeremy Allison
Autobuild-Date(master): Tue Jul 28 21:35:58 CEST 2015 on sn-devel-104
---
Summary of changes:
source3/passdb/lookup_sid.c | 4 ++--
source3/passdb/lookup_sid.h | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 3cc64de..3f99ee1 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -120,7 +120,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
goto ok;
}
- if (((flags & LOOKUP_NAME_NO_NSS) == 0)
+ if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0)
&& strequal(domain, unix_users_domain_name())) {
if (lookup_unix_user_name(name, &sid)) {
type = SID_NAME_USER;
@@ -293,7 +293,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
/* 11. Ok, windows would end here. Samba has two more options:
Unmapped users and unmapped groups */
- if (((flags & LOOKUP_NAME_NO_NSS) == 0)
+ if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0)
&& lookup_unix_user_name(name, &sid)) {
domain = talloc_strdup(tmp_ctx, unix_users_domain_name());
type = SID_NAME_USER;
diff --git a/source3/passdb/lookup_sid.h b/source3/passdb/lookup_sid.h
index 872f4ef..8b5edf6 100644
--- a/source3/passdb/lookup_sid.h
+++ b/source3/passdb/lookup_sid.h
@@ -31,7 +31,7 @@ struct unixid;
#define LOOKUP_NAME_NONE 0x
#define LOOKUP_NAME_ISOLATED 0x0001 /* Look up unqualified
names */
#define LOOKUP_NAME_REMOTE 0x0002 /* Ask others */
-#define LOOKUP_NAME_GROUP0x0004 /* (unused) This is a
NASTY hack for
+#define LOOKUP_NAME_GROUP0x0004 /* This is a NASTY hack
for
valid users = @foo
where foo also
exists in as user. */
#define LOOKUP_NAME_NO_NSS 0x0008 /* no NSS calls to avoid
--
Samba Shared Repository
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2015-07-29-0904/flakey.log The samba build logs are available here: http://git.samba.org/autobuild.flakey/2015-07-29-0904/samba.stderr http://git.samba.org/autobuild.flakey/2015-07-29-0904/samba.stdout The top commit at the time of the failure was: commit f07b746ad3f3ee2fcbb65a0d452ed80f07c9e8f9 Author: Jeremy Allison Date: Wed Jul 15 10:43:56 2015 -0700 lib: replace: Add strsep function (missing on Solaris). BUG: https://bugzilla.samba.org/show_bug.cgi?id=11359 Signed-off-by: Jeremy Allison Reviewed-by: Ira Cooper Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Jul 29 02:24:55 CEST 2015 on sn-devel-104
