[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1d81e52 selftest: Add tests for expected behaviour on directories as well as files via a6a0155 pysmbd: Add SMB_ACL_EXECUTE to the mask set by make_simple_acl() via 312f8dd selftest: Make samba.tests.ntacl also use TestCaseInTempDir via b4d8629 samba-tool: Rework ldap attribute fetch in classicupgrade for missing attributes from c06d602 s3:smbd: Fix typo in got_duplicate_group check http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1d81e52bba65f05378db7027537aa27eb5bfa70a Author: Andrew Bartlett abart...@samba.org Date: Sun Nov 11 21:33:41 2012 +1100 selftest: Add tests for expected behaviour on directories as well as files This is important because it covers the codepath which had the talloc error fixed by commit 60cf4cb5a630506747431ecbf00d890509baf2f3 (vfs_acl_common: In add_directory_inheritable_components allocate on psd as parent) Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Jelmer Vernooij jel...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Sun Nov 11 15:48:10 CET 2012 on sn-devel-104 commit a6a01552efe69f6450425b001ad600ec056bd18c Author: Andrew Bartlett abart...@samba.org Date: Sun Nov 11 22:07:49 2012 +1100 pysmbd: Add SMB_ACL_EXECUTE to the mask set by make_simple_acl() Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Jelmer Vernooij jel...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 312f8ddae27f6fdf4f325edfa890a7b96cd348b8 Author: Andrew Bartlett abart...@samba.org Date: Sun Nov 11 14:01:44 2012 +1100 selftest: Make samba.tests.ntacl also use TestCaseInTempDir This follows on from the successful conversion of samba.tests.posixacl. Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Jelmer Vernooij jel...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit b4d8629f511005540cb1fbbbe9abfb278c064ba2 Author: Andrew Bartlett abart...@samba.org Date: Sun Nov 11 11:35:02 2012 +1100 samba-tool: Rework ldap attribute fetch in classicupgrade for missing attributes Is is not required that these additional attributes be filled in, so catch KeyError in both the nsswitch and ldap backend case. We rework get_posix_attr_from_ldap_backend() so it raises KeyError rather than trying to return None, and does not ignore other errors. Andrew Bartlett Tested-by: Chirana Gheorghita Eugeniu Theodor off...@adaptcom.ro Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Jelmer Vernooij jel...@samba.org --- Summary of changes: source3/smbd/pysmbd.c|2 +- source4/scripting/python/samba/tests/ntacls.py | 68 source4/scripting/python/samba/tests/posixacl.py | 201 +- source4/scripting/python/samba/upgrade.py| 41 +++-- 4 files changed, 255 insertions(+), 57 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c index ed3e23a..6a6a812 100644 --- a/source3/smbd/pysmbd.c +++ b/source3/smbd/pysmbd.c @@ -179,7 +179,7 @@ static SMB_ACL_T make_simple_acl(gid_t gid, mode_t chmod_mode) { TALLOC_CTX *frame = talloc_stackframe(); - mode_t mode = SMB_ACL_READ|SMB_ACL_WRITE; + mode_t mode = SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE; mode_t mode_user = (chmod_mode 0700) 6; mode_t mode_group = (chmod_mode 070) 3; diff --git a/source4/scripting/python/samba/tests/ntacls.py b/source4/scripting/python/samba/tests/ntacls.py index 8cdf613..aa9ef68 100644 --- a/source4/scripting/python/samba/tests/ntacls.py +++ b/source4/scripting/python/samba/tests/ntacls.py @@ -1,5 +1,6 @@ # Unix SMB/CIFS implementation. Tests for ntacls manipulation # Copyright (C) Matthieu Patou m...@matws.net 2009-2010 +# Copyright (C) Andrew Bartlett 2012 # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -20,70 +21,63 @@ from samba.ntacls import setntacl, getntacl, XattrBackendError from samba.dcerpc import xattr, security from samba.param import LoadParm -from samba.tests import TestCase, TestSkipped +from samba.tests import TestCaseInTempDir, TestSkipped import random import os -class NtaclsTests(TestCase): +class NtaclsTests(TestCaseInTempDir): def test_setntacl(self): -random.seed() lp = LoadParm() -path = os.environ['SELFTEST_PREFIX'] acl = O:S-1-5-21-2212615479-2695158682-2101375467
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e0ab14f s4:dsdb/acl_read: make sure confidential attributes require CONTROL_ACCESS (bug #8620) via 21dfaef s4:dsdb/acl_read: fix whitespace formatting errors via f6fa724 s4:dsdb/acl: only give administrators access to attributes marked as confidential (bug #8620) via ed8b275 s4:dsdb/acl: reorganize the logic flow in the password filtering checks via 54ad5c7 s4:dsdb/acl: fix search filter cleanup for password attributes via 94649e4 selftest: Avoid test cross-contamination in samba.tests.posixacl from 1d81e52 selftest: Add tests for expected behaviour on directories as well as files http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e0ab14f52a52c8317473b4c4cd3cf50265e1f9e4 Author: Stefan Metzmacher me...@samba.org Date: Fri Nov 9 17:23:53 2012 +0100 s4:dsdb/acl_read: make sure confidential attributes require CONTROL_ACCESS (bug #8620) Signed-off-by: Stefan Metzmacher me...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Mon Nov 12 01:25:21 CET 2012 on sn-devel-104 commit 21dfaefda0e22f7ddaac62bfd8b32e6fb9fc253d Author: Stefan Metzmacher me...@samba.org Date: Fri Nov 9 17:22:44 2012 +0100 s4:dsdb/acl_read: fix whitespace formatting errors Signed-off-by: Stefan Metzmacher me...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit f6fa7243f81891cb7703264da526fd873a9745e4 Author: Stefan Metzmacher me...@samba.org Date: Fri Nov 9 17:05:44 2012 +0100 s4:dsdb/acl: only give administrators access to attributes marked as confidential (bug #8620) The full fix will to implement and use the code of the read_acl module, but this is better than nothing for now. Signed-off-by: Stefan Metzmacher me...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit ed8b27516b212b59167bb932de949a7b54dc44cb Author: Stefan Metzmacher me...@samba.org Date: Fri Nov 9 11:23:47 2012 +0100 s4:dsdb/acl: reorganize the logic flow in the password filtering checks This avoids some nesting levels and does early returns. Signed-off-by: Stefan Metzmacher me...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 54ad5c70e3cc731c872913841cbcd2ef29ec0e54 Author: Stefan Metzmacher me...@samba.org Date: Fri Nov 9 11:25:21 2012 +0100 s4:dsdb/acl: fix search filter cleanup for password attributes We need to this when we're *not* system. Signed-off-by: Stefan Metzmacher me...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 94649e46b4dec528ab7e750d06a65ada3d978342 Author: Andrew Bartlett abart...@samba.org Date: Mon Nov 12 07:53:40 2012 +1100 selftest: Avoid test cross-contamination in samba.tests.posixacl This creates a new xattr.tdb per unit test, which avoids once and for all the issue of dev/inode reuse. For test_setposixacl_dir_getntacl_smbd the file ownership also set specifically. Andrew Bartlett Reviewed-by: Jelmer Vernooij jel...@samba.org --- Summary of changes: source4/dsdb/samdb/ldb_modules/acl.c | 231 +++- source4/dsdb/samdb/ldb_modules/acl_read.c| 256 +++--- source4/scripting/python/samba/tests/posixacl.py | 140 +--- 3 files changed, 369 insertions(+), 258 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index 843d17e..1a41ee2 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -51,12 +51,19 @@ struct extended_access_check_attribute { struct acl_private { bool acl_perform; const char **password_attrs; + void *cached_schema_ptr; + uint64_t cached_schema_metadata_usn; + uint64_t cached_schema_loaded_usn; + const char **confidential_attrs; }; struct acl_context { struct ldb_module *module; struct ldb_request *req; bool am_system; + bool am_administrator; + bool modify_search; + bool constructed_attrs; bool allowedAttributes; bool allowedAttributesEffective; bool allowedChildClasses; @@ -88,12 +95,11 @@ static int acl_module_init(struct ldb_module *module) return ldb_operr(ldb); } - data = talloc(module, struct acl_private
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ab30a8b provision: Make dsacl2fsacl() take a security.dom_sid, not str via 0334515 provision: Also walk directories checking ACLs via ab5 wintest: Try harder to recover from apparent failure to dcpromo via 0b7bb77 selftest: check that samba-tool gpo works for basic operations via 26faa8f dsdb: Simplify DsCrackNameOneFilter a bit via ec3cbb6 wafsamba.abi: Fix abi_match with both excludes and includes. via d02c8ba wafsamba.samba_abi: Add basic unit tests. via 97102fa buildtools: Remove extra space from global: line via ea5ef95 wafsamba.samba_abi: Refactor abi_write_vscript to take file argument. from 3d93616 s3:smbd: pass the current time to make_connection[_smb1]() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ab30a8bf0fb9bd4ee3c907183132f3b9abb67c7a Author: Andrew Bartlett abart...@samba.org Date: Mon Nov 5 20:44:14 2012 +1100 provision: Make dsacl2fsacl() take a security.dom_sid, not str Reviewed-by: Jelmer Vernooij jel...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Nov 6 00:12:43 CET 2012 on sn-devel-104 commit 033451587db21d6e4b829e89a64f894a32682131 Author: Andrew Bartlett abart...@samba.org Date: Mon Nov 5 15:22:02 2012 +1100 provision: Also walk directories checking ACLs The directory walk was missed due to a cut-and-paste error. Andrew Bartlett Reviewed-by: Jelmer Vernooij jel...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org commit ab5cdc39b71c0f243ff1e660d1f35a4923e3 Author: Andrew Bartlett abart...@samba.org Date: Mon Nov 5 19:35:51 2012 +1100 wintest: Try harder to recover from apparent failure to dcpromo Reviewed-by: Jelmer Vernooij jel...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org commit 0b7bb774ce836722d219d6e466a76b12c1a03de3 Author: Andrew Bartlett abart...@samba.org Date: Mon Nov 5 12:57:17 2012 +1100 selftest: check that samba-tool gpo works for basic operations Reviewed-by: Jelmer Vernooij jel...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org commit 26faa8fe3a42f9d1278d81773c8808b05fcd76f8 Author: Volker Lendecke v...@samba.org Date: Sat Nov 3 09:36:29 2012 +0100 dsdb: Simplify DsCrackNameOneFilter a bit For me else branches clutter my flow reading code. If we do a hard return at the end of an if branch, else is not required. Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit ec3cbb6c476698523c9b5ac047787df101746891 Author: Jelmer Vernooij jel...@samba.org Date: Mon Nov 5 19:36:30 2012 +0100 wafsamba.abi: Fix abi_match with both excludes and includes. This fixes a regression introduced by 9c3e294400234ebdf9b98031bae583524fd0b0ac which caused internal symbols in libldb to be exposed. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9357 Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stephen Gallagher sgall...@redhat.com commit d02c8ba122cef7d8b254e5be3ae757eb3bb14235 Author: Jelmer Vernooij jel...@samba.org Date: Mon Nov 5 19:36:29 2012 +0100 wafsamba.samba_abi: Add basic unit tests. Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stephen Gallagher sgall...@redhat.com commit 97102fa9963ba88f4ab72165a02071990031a73b Author: Andrew Bartlett abart...@samba.org Date: Tue Nov 6 07:48:52 2012 +1100 buildtools: Remove extra space from global: line This makes it easier to put the expected values in a file as we will not have trailing whitespace that is against git style. Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Jelmer Vernooij jel...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit ea5ef95fbebe28cca11f86a9015aab77522f5e18 Author: Jelmer Vernooij jel...@samba.org Date: Mon Nov 5 19:36:28 2012 +0100 wafsamba.samba_abi: Refactor abi_write_vscript to take file argument. Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stephen Gallagher sgall...@redhat.com --- Summary of changes: buildtools/wafsamba/samba_abi.py | 32 + buildtools/wafsamba/tests/test_abi.py | 67 selftest/target/Samba4.pm |2 +- source4/dsdb/samdb/cracknames.c|5 +- source4/scripting/python/samba/netcmd
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6073d21 ldb_secrets_tdb_sync: Add dependency on gssapi. via ed63300 dsdb: Rename _res argument to _result. from ab30a8b provision: Make dsacl2fsacl() take a security.dom_sid, not str http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6073d214aa8bfeff8dae8cf151357f890dd37a48 Author: Jelmer Vernooij jel...@samba.org Date: Tue Nov 6 01:25:00 2012 +0100 ldb_secrets_tdb_sync: Add dependency on gssapi. This is required when building with the system heimdal, as gssapi/gssapi_spnego.h is included. Reviewed-by: Andrew Bartlett abart...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Nov 6 05:12:28 CET 2012 on sn-devel-104 commit ed6330094b47408f33c2d933e9c80b079dd891d6 Author: Jelmer Vernooij jel...@samba.org Date: Tue Nov 6 01:24:59 2012 +0100 dsdb: Rename _res argument to _result. Newer versions of heimdal include a macro that is unfortunately named '_res'. This change prevents the clash. Reviewed-by: Andrew Bartlett abart...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org --- Summary of changes: source4/dsdb/common/util.c | 12 ++-- .../dsdb/samdb/ldb_modules/wscript_build_server|2 +- 2 files changed, 7 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 086f2a5..632d5bf 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -3845,7 +3845,7 @@ int dsdb_replace(struct ldb_context *ldb, struct ldb_message *msg, uint32_t dsdb */ int dsdb_search_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, - struct ldb_result **_res, + struct ldb_result **_result, struct ldb_dn *basedn, const char * const *attrs, uint32_t dsdb_flags) @@ -3890,7 +3890,7 @@ int dsdb_search_dn(struct ldb_context *ldb, return ret; } - *_res = res; + *_result = res; return LDB_SUCCESS; } @@ -3900,7 +3900,7 @@ int dsdb_search_dn(struct ldb_context *ldb, */ int dsdb_search_by_dn_guid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, - struct ldb_result **_res, + struct ldb_result **_result, const struct GUID *guid, const char * const *attrs, uint32_t dsdb_flags) @@ -3915,7 +3915,7 @@ int dsdb_search_by_dn_guid(struct ldb_context *ldb, return ldb_oom(ldb); } - ret = dsdb_search_dn(ldb, mem_ctx, _res, dn, attrs, dsdb_flags); + ret = dsdb_search_dn(ldb, mem_ctx, _result, dn, attrs, dsdb_flags); talloc_free(tmp_ctx); return ret; } @@ -3925,7 +3925,7 @@ int dsdb_search_by_dn_guid(struct ldb_context *ldb, */ int dsdb_search(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, - struct ldb_result **_res, + struct ldb_result **_result, struct ldb_dn *basedn, enum ldb_scope scope, const char * const *attrs, @@ -4003,7 +4003,7 @@ int dsdb_search(struct ldb_context *ldb, } } - *_res = talloc_steal(mem_ctx, res); + *_result = talloc_steal(mem_ctx, res); talloc_free(tmp_ctx); return LDB_SUCCESS; diff --git a/source4/dsdb/samdb/ldb_modules/wscript_build_server b/source4/dsdb/samdb/ldb_modules/wscript_build_server index 5d09c40..c23ad16 100755 --- a/source4/dsdb/samdb/ldb_modules/wscript_build_server +++ b/source4/dsdb/samdb/ldb_modules/wscript_build_server @@ -205,7 +205,7 @@ bld.SAMBA_MODULE('ldb_secrets_tdb_sync', init_function='ldb_secrets_tdb_sync_module_init', module_init_name='ldb_init_module', internal_module=False, - deps='talloc secrets3 DSDB_MODULE_HELPERS dbwrap' + deps='talloc secrets3 DSDB_MODULE_HELPERS dbwrap gssapi' ) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c452efe selftest: Add skip for DIR1 test which loops on 64 bit ext4 from 1f55865 s4-dns: Fix format string vulnerability in an error message (bug #9354) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c452efe977753a44807dd12a1b2ff8ce1387bfa6 Author: Andrew Bartlett abart...@samba.org Date: Sat Nov 3 09:57:40 2012 +1100 selftest: Add skip for DIR1 test which loops on 64 bit ext4 Reviewed-by: Jelmer Vernooij jel...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Mon Nov 5 00:34:56 CET 2012 on sn-devel-104 --- Summary of changes: selftest/skip |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/skip b/selftest/skip index 171eee0..66bb85c 100644 --- a/selftest/skip +++ b/selftest/skip @@ -33,6 +33,7 @@ ^samba3.smbtorture_s3.*.utable ^samba3.smbtorture_s3.*.pipe_number ^samba3.smbtorture_s3.LOCAL-DBTRANS #hangs for some reason +^samba3.smbtorture_s3.*.DIR1 #loops on 64 bit linux with ext4 ^samba3.*base.charset ^samba3.*raw.context ^samba3.*raw.ioctl -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 71e1c08 libads: Always free the talloc_stackframe() on error path from c452efe selftest: Add skip for DIR1 test which loops on 64 bit ext4 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 71e1c080cbd033b3118952c2da05186252fc411a Author: Andrew Bartlett abart...@samba.org Date: Mon Nov 5 09:46:49 2012 +1100 libads: Always free the talloc_stackframe() on error path Reviewed-by: Michael Adam ob...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Mon Nov 5 03:33:32 CET 2012 on sn-devel-104 --- Summary of changes: source3/libads/kerberos.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 3183e26..50a409c 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -701,6 +701,7 @@ static char *get_kdc_ip_string(char *mem_ctx, char *kdc_str = print_kdc_line(mem_ctx, , pss, kdc_name); if (kdc_str == NULL) { + TALLOC_FREE(frame); return NULL; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a71ad96 ldb: Add ldbdump, based on tdbdump via 4b2f3c6 ldb: Remove no-longer-existing ltdb_unpack_data_free from ldb_tdb.h via cc6d0de ldb: Change ltdb_unpack_data to take an ldb_context via 42c379f samba-tool: Add samba-tool processes subcommand via a732f2a pymessaging: Add irpc_servers_byname() and irpc_all_servers() via 76b7348 pymessaging: Use the server_id IDL structure rather than a tuple via 3b4ef03 imessaging: Add irpc_all_servers() to list all available servers from 39e58d6 s3fs-utils: Free the popt context in smbcacls and smbquotas. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a71ad96bd046f1199e67b4fe8fc7783cbd8dd771 Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 30 15:41:27 2012 +1100 ldb: Add ldbdump, based on tdbdump This uses a tdb_traverse or (more usefully) the tdb_rescue API, like tdbdump. The difference here is that it uses ldb helper functions to further eliminate faulty records, which avoids creating duplicates in the output. (The duplicates come from parts of records that are left in blank space in the db, which tdb_rescue finds, but which are not actually a full record). Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Oct 30 23:56:11 CET 2012 on sn-devel-104 commit 4b2f3c6dec997b0dd4bcafeae662a71ebd34e12b Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 30 10:22:28 2012 +1100 ldb: Remove no-longer-existing ltdb_unpack_data_free from ldb_tdb.h commit cc6d0decc7980028293168aee267e7610752fc80 Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 30 10:21:42 2012 +1100 ldb: Change ltdb_unpack_data to take an ldb_context It always de-references the module to find the ldb anyway. Andrew Bartlett commit 42c379f0dfdeb36598bb2636aa2b6e3ca4410930 Author: Andrew Bartlett abart...@samba.org Date: Mon Oct 29 15:36:36 2012 +1100 samba-tool: Add samba-tool processes subcommand This will allow administrators to inspect the process list in a similar way to what running on a platform with setproctitle might permit. --pid= returns the registered server names for a PID (eg kdc, cldap_server) --name= returns the pids registered with a particular name. Andrew Bartlett commit a732f2a621665923322422c5a3d788c9d1aa8df9 Author: Andrew Bartlett abart...@samba.org Date: Mon Oct 29 15:34:41 2012 +1100 pymessaging: Add irpc_servers_byname() and irpc_all_servers() This will allow python scripts to inspect the process list. Andrew Bartlett commit 76b7348299870279acec5b7c9f02f4e4b2461703 Author: Andrew Bartlett abart...@samba.org Date: Mon Oct 29 15:33:59 2012 +1100 pymessaging: Use the server_id IDL structure rather than a tuple This will make it easier to pass this structure in and out. The tuple is still accepted as input. Andrew Bartlett commit 3b4ef03097293f758d8f11cbe434063ed1dc6b91 Author: Andrew Bartlett abart...@samba.org Date: Mon Oct 29 15:32:21 2012 +1100 imessaging: Add irpc_all_servers() to list all available servers This is implemented with a tdb_traverse_read(), and will allow a tool to disover the name and server_id of all Samba processes, as each process registers itself to recieve messages. Andrew Bartlett --- Summary of changes: lib/ldb/ldb_tdb/ldb_index.c|2 +- lib/ldb/ldb_tdb/ldb_pack.c |4 +- lib/ldb/ldb_tdb/ldb_search.c |6 +- lib/ldb/ldb_tdb/ldb_tdb.c |2 +- lib/ldb/ldb_tdb/ldb_tdb.h |4 +- lib/ldb/tools/ldbdump.c| 219 lib/ldb/wscript|4 + librpc/wscript_build |5 + source4/lib/messaging/irpc.h |2 + source4/lib/messaging/messaging.c | 71 +++ source4/lib/messaging/pymessaging.c| 124 +++- source4/librpc/idl/irpc.idl| 13 +- source4/librpc/wscript_build |6 + source4/scripting/python/samba/netcmd/main.py |2 + source4/scripting/python/samba/netcmd/processes.py | 78 +++ source4/scripting/python/samba/tests/messaging.py | 13 +- .../python/samba/tests/samba_tool/processes.py | 35 +++ source4/selftest/tests.py |1 + 18 files changed, 572 insertions(+), 19 deletions(-) create mode 100644 lib/ldb/tools/ldbdump.c create mode 100644 source4/scripting/python/samba/netcmd
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via cb50e85 vfstest: set umask(0) in vfstest via e146fe5 pysmbd: Set umask to 0 during smbd operations via 728e56b pysmbd: Remember to close files after setting the NT ACL via e107c6a pysmbd: Add hook for unlink() so python scripts can remove xattr.tdb entries from 52ace67 s3:smbd:durable: factor stat checks out into vfs_default_durable_reconnect_check_stat() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit cb50e85a5a054eeb59bf4c27c886679285732548 Author: Andrew Bartlett abart...@samba.org Date: Fri Oct 26 14:23:39 2012 +1100 vfstest: set umask(0) in vfstest Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Fri Oct 26 10:07:03 CEST 2012 on sn-devel-104 commit e146fe5ef96c1522175a8e81db15d1e8879e5652 Author: Andrew Bartlett abart...@samba.org Date: Fri Oct 26 14:22:07 2012 +1100 pysmbd: Set umask to 0 during smbd operations commit 728e56b4636b668aaac60ec557d6fe16b530a6f9 Author: Andrew Bartlett abart...@samba.org Date: Fri Oct 26 10:07:02 2012 +1100 pysmbd: Remember to close files after setting the NT ACL commit e107c6ace73ac40894fdd66860cfeae9115d5cd9 Author: Andrew Bartlett abart...@samba.org Date: Fri Oct 26 17:25:53 2012 +1100 pysmbd: Add hook for unlink() so python scripts can remove xattr.tdb entries If we do not provide a way to remove files from xattr.tdb, we can re-use the inode. Andrew Bartlett --- Summary of changes: source3/smbd/pysmbd.c| 110 - source3/torture/vfstest.c|5 + source4/scripting/python/samba/tests/posixacl.py | 40 3 files changed, 129 insertions(+), 26 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c index 5e2daa1..5e8691a 100644 --- a/source3/smbd/pysmbd.c +++ b/source3/smbd/pysmbd.c @@ -43,6 +43,7 @@ static NTSTATUS set_sys_acl_no_snum(const char *fname, connection_struct *conn; NTSTATUS status = NT_STATUS_OK; int ret; + mode_t saved_umask; conn = talloc_zero(NULL, connection_struct); if (conn == NULL) { @@ -56,6 +57,10 @@ static NTSTATUS set_sys_acl_no_snum(const char *fname, return NT_STATUS_NO_MEMORY; } + /* we want total control over the permissions on created files, + so set our umask to 0 */ + saved_umask = umask(0); + conn-params-service = -1; set_conn_connectpath(conn, /); @@ -69,6 +74,8 @@ static NTSTATUS set_sys_acl_no_snum(const char *fname, returned zero.\n)); } + umask(saved_umask); + conn_free(conn); return status; @@ -83,9 +90,16 @@ static NTSTATUS set_nt_acl_no_snum(const char *fname, files_struct *fsp; struct smb_filename *smb_fname = NULL; int flags; + mode_t saved_umask; + + if (!posix_locking_init(false)) { + TALLOC_FREE(frame); + return NT_STATUS_NO_MEMORY; + } conn = talloc_zero(frame, connection_struct); if (conn == NULL) { + TALLOC_FREE(frame); DEBUG(0, (talloc failed\n)); return NT_STATUS_NO_MEMORY; } @@ -96,12 +110,6 @@ static NTSTATUS set_nt_acl_no_snum(const char *fname, return NT_STATUS_NO_MEMORY; } - conn-params-service = -1; - - set_conn_connectpath(conn, /); - - smbd_vfs_init(conn); - fsp = talloc_zero(frame, struct files_struct); if (fsp == NULL) { TALLOC_FREE(frame); @@ -114,10 +122,21 @@ static NTSTATUS set_nt_acl_no_snum(const char *fname, } fsp-conn = conn; + /* we want total control over the permissions on created files, + so set our umask to 0 */ + saved_umask = umask(0); + + conn-params-service = -1; + + set_conn_connectpath(conn, /); + + smbd_vfs_init(conn); + status = create_synthetic_smb_fname_split(fsp, fname, NULL, smb_fname); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(frame); + umask(saved_umask); return status; } @@ -137,6 +156,7 @@ static NTSTATUS set_nt_acl_no_snum(const char *fname, if (fsp-fh-fd == -1) { printf(open: error=%d (%s)\n, errno, strerror(errno)); TALLOC_FREE(frame); + umask(saved_umask); return NT_STATUS_UNSUCCESSFUL; } @@ -145,9 +165,12 @@ static NTSTATUS set_nt_acl_no_snum(const char *fname, DEBUG(0,(set_nt_acl_no_snum: fset_nt_acl returned %s.\n, nt_errstr(status
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3180a10 sefltest: use TestCaseInTempDir and setUp/tearDown for posixacl.py temp file via 7e90a06 provision: Fix comments in checksysvolacl from ec0f51b pam_winbind: fix segfault in pam_sm_authenticate() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3180a1082a79698a69f6721282cb8c45900f884c Author: Andrew Bartlett abart...@samba.org Date: Sat Oct 27 10:59:43 2012 +1100 sefltest: use TestCaseInTempDir and setUp/tearDown for posixacl.py temp file This manages the temp file more reliably, and reduces the repeated code in each test case. Pair-Programmed-With: Jelmer Vernooij jel...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Sat Oct 27 04:37:58 CEST 2012 on sn-devel-104 commit 7e90a064437790789726d701ada5de9503816281 Author: Andrew Bartlett abart...@samba.org Date: Sat Oct 27 09:20:52 2012 +1100 provision: Fix comments in checksysvolacl --- Summary of changes: .../scripting/python/samba/provision/__init__.py |3 +- source4/scripting/python/samba/tests/posixacl.py | 232 ++-- 2 files changed, 64 insertions(+), 171 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py index f6c11b5..b385556 100644 --- a/source4/scripting/python/samba/provision/__init__.py +++ b/source4/scripting/python/samba/provision/__init__.py @@ -1559,8 +1559,9 @@ def checksysvolacl(samdb, netlogon, sysvol, domainsid, dnsdomain, domaindn, if domain_info[dns_domain].upper() != dnsdomain.upper(): raise ProvisioningError('Realm as seen by pdb_samba_dsdb [%s] does not match Realm as seen by the provision script [%s]!' % (domain_info[dns_domain].upper(), dnsdomain.upper())) -# Set the SYSVOL_ACL on the sysvol folder and subfolder (first level) +# Ensure we can read this directly, and via the smbd VFS for direct_db_access in [True, False]: +# Check the SYSVOL_ACL on the sysvol folder and subfolder (first level) for dir_path in [os.path.join(sysvol, dnsdomain), netlogon]: fsacl = getntacl(lp, dir_path, direct_db_access=direct_db_access) if fsacl is None: diff --git a/source4/scripting/python/samba/tests/posixacl.py b/source4/scripting/python/samba/tests/posixacl.py index 2450470..5e10f8d 100644 --- a/source4/scripting/python/samba/tests/posixacl.py +++ b/source4/scripting/python/samba/tests/posixacl.py @@ -21,7 +21,7 @@ from samba.ntacls import setntacl, getntacl, checkset_backend from samba.dcerpc import xattr, security, smb_acl, idmap from samba.param import LoadParm -from samba.tests import TestCase +from samba.tests import TestCaseInTempDir from samba import provision import random import os @@ -35,224 +35,148 @@ from samba.samba3 import param as s3param #print uid: %d % entry.uid #print gid: %d % entry.gid -class PosixAclMappingTests(TestCase): +class PosixAclMappingTests(TestCaseInTempDir): def test_setntacl(self): -random.seed() lp = LoadParm() -path = os.environ['SELFTEST_PREFIX'] acl = O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512) -tempf = os.path.join(path,pytests+str(int(10*random.random( -open(tempf, 'w').write(empty) -setntacl(lp, tempf, acl, S-1-5-21-2212615479-2695158682-2101375467, use_ntvfs=False) -smbd.unlink(tempf) +setntacl(lp, self.tempf, acl, S-1-5-21-2212615479-2695158682-2101375467, use_ntvfs=False) def test_setntacl_smbd_getntacl(self): -random.seed() lp = LoadParm() -path = None -path = os.environ['SELFTEST_PREFIX'] acl = O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512) -tempf = os.path.join(path,pytests+str(int(10*random.random( -open(tempf, 'w').write(empty) -setntacl(lp,tempf,acl,S-1-5-21-2212615479-2695158682-2101375467, use_ntvfs=True) -facl = getntacl(lp,tempf, direct_db_access=True) + setntacl(lp,self.tempf,acl,S-1-5-21-2212615479-2695158682-2101375467, use_ntvfs=True) +facl = getntacl(lp,self.tempf, direct_db_access=True) anysid = security.dom_sid(security.SID_NT_SELF) self.assertEquals(facl.as_sddl(anysid),acl) -smbd.unlink(tempf) def test_setntacl_smbd_setposixacl_getntacl(self): -random.seed() lp = LoadParm() -path = None -path = os.environ
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e9b6b23 selftest: Add many more tests for our posix ACL handling via 3cdd888 pysmbd: Fix pysmbd octal mode handling from 9dbb645 dsdb-cracknames: Return DRSUAPI_DS_NAME_STATUS_NO_MAPPING when there is no SID http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e9b6b23fbdafff700ceb788dbff2ba69584ff833 Author: Andrew Bartlett abart...@samba.org Date: Thu Oct 25 16:27:19 2012 +1100 selftest: Add many more tests for our posix ACL handling This tests the mapping of posix ACLs to NT ACLs, the invalidation of NT ACLs stored as an xattr and ensures this security-critical code continues to work in the long term. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Oct 25 10:05:16 CEST 2012 on sn-devel-104 commit 3cdd888093e57a8cfc29d82ea47c8887a50e73a4 Author: Andrew Bartlett abart...@samba.org Date: Thu Oct 25 16:25:22 2012 +1100 pysmbd: Fix pysmbd octal mode handling It is clearly too long since Computer Science 101... ;-) Andrew Bartlett --- Summary of changes: source3/smbd/pysmbd.c|4 +- source4/scripting/python/samba/tests/posixacl.py | 237 +- 2 files changed, 238 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c index 66aba21..5e2daa1 100644 --- a/source3/smbd/pysmbd.c +++ b/source3/smbd/pysmbd.c @@ -158,8 +158,8 @@ static SMB_ACL_T make_simple_acl(gid_t gid, mode_t chmod_mode) mode_t mode = SMB_ACL_READ|SMB_ACL_WRITE; - mode_t mode_user = (chmod_mode 0700) 16; - mode_t mode_group = (chmod_mode 070) 8; + mode_t mode_user = (chmod_mode 0700) 6; + mode_t mode_group = (chmod_mode 070) 3; mode_t mode_other = chmod_mode 07; SMB_ACL_ENTRY_T entry; SMB_ACL_T acl = sys_acl_init(frame); diff --git a/source4/scripting/python/samba/tests/posixacl.py b/source4/scripting/python/samba/tests/posixacl.py index 78a07f7..449a87c 100644 --- a/source4/scripting/python/samba/tests/posixacl.py +++ b/source4/scripting/python/samba/tests/posixacl.py @@ -18,7 +18,7 @@ Tests for the Samba3 NT - posix ACL layer -from samba.ntacls import setntacl, getntacl +from samba.ntacls import setntacl, getntacl, checkset_backend from samba.dcerpc import xattr, security, smb_acl, idmap from samba.param import LoadParm from samba.tests import TestCase @@ -61,6 +61,70 @@ class PosixAclMappingTests(TestCase): self.assertEquals(facl.as_sddl(anysid),acl) os.unlink(tempf) +def test_setntacl_smbd_setposixacl_getntacl(self): +random.seed() +lp = LoadParm() +path = None +path = os.environ['SELFTEST_PREFIX'] +acl = O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512) +tempf = os.path.join(path,pytests+str(int(10*random.random( +open(tempf, 'w').write(empty) +setntacl(lp,tempf,acl,S-1-5-21-2212615479-2695158682-2101375467, use_ntvfs=True) + +# This will invalidate the ACL, as we have a hook! +smbd.set_simple_acl(tempf, 0640) + +# However, this only asks the xattr +try: +facl = getntacl(lp,tempf, direct_db_access=True) +self.assertTrue(False) +except TypeError: +pass +os.unlink(tempf) + +def test_setntacl_smbd_chmod_getntacl(self): +random.seed() +lp = LoadParm() +path = None +path = os.environ['SELFTEST_PREFIX'] +acl = O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512) +tempf = os.path.join(path,pytests+str(int(10*random.random( +open(tempf, 'w').write(empty) +setntacl(lp,tempf,acl,S-1-5-21-2212615479-2695158682-2101375467, use_ntvfs=True) + +# This should invalidate the ACL, as we include the posix ACL in the hash +(backend_obj, dbname) = checkset_backend(lp, None, None) +backend_obj.wrap_setxattr(dbname, + tempf, system.fake_access_acl, ) + +#however, as this is direct DB access, we do not notice it +facl = getntacl(lp,tempf, direct_db_access=True) +anysid = security.dom_sid(security.SID_NT_SELF) +self.assertEquals(acl, facl.as_sddl(anysid)) +os.unlink(tempf) + +def test_setntacl_smbd_chmod_getntacl_smbd(self): +random.seed() +lp = LoadParm() +path = None +path = os.environ['SELFTEST_PREFIX'] +acl
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a2d5326 python-ntacls: Cope with ACL revision 4 via f8e6bb4 dbwrap: use talloc_stackframe() in db_tdb_log_key() via 1008f6f selftest: Always unlink the tempf in posixacl test via 117d5f4 selftest: Cover the important non-Samba invalidation of the NT ACL via 53244c9 selftest: Cover one more NT ACL invalidation case and improve comments from e9b6b23 selftest: Add many more tests for our posix ACL handling http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a2d53262e835b0c74282d389b1dd6dad2395f0f1 Author: Andrew Bartlett abart...@samba.org Date: Wed Oct 24 18:24:12 2012 +1100 python-ntacls: Cope with ACL revision 4 This is the new revision with the hash of the posix or system ACL. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Oct 25 15:04:39 CEST 2012 on sn-devel-104 commit f8e6bb46c005e82d5a8646e691de9282828005cc Author: Andrew Bartlett abart...@samba.org Date: Wed Oct 24 18:23:04 2012 +1100 dbwrap: use talloc_stackframe() in db_tdb_log_key() We can not be sure that there is already a talloc_stackframe() in place so we must create one. Andrew Bartlett commit 1008f6fbf49d5b797c7d968ea7ffdcb29d623644 Author: Andrew Bartlett abart...@samba.org Date: Thu Oct 25 20:18:28 2012 +1100 selftest: Always unlink the tempf in posixacl test commit 117d5f4c372c02d69106df45e12ac69d1c047f50 Author: Andrew Bartlett abart...@samba.org Date: Thu Oct 25 20:17:55 2012 +1100 selftest: Cover the important non-Samba invalidation of the NT ACL This covers the case where we have a valid hash of the posix ACL (or the NT ACL from the POSIX ACL) and we notice it no longer matches. Andrew Bartlett commit 53244c915113cef87692756e9ad545ff75074df0 Author: Andrew Bartlett abart...@samba.org Date: Thu Oct 25 19:58:15 2012 +1100 selftest: Cover one more NT ACL invalidation case and improve comments This tries to show the difference between the cases where we trap the POSIX ACL change and where we actually detect an OS-level change. Andrew Bartlett --- Summary of changes: lib/dbwrap/dbwrap_tdb.c |7 ++-- source4/scripting/python/samba/ntacls.py |2 + source4/scripting/python/samba/tests/posixacl.py | 41 + 3 files changed, 39 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/dbwrap/dbwrap_tdb.c b/lib/dbwrap/dbwrap_tdb.c index 80d41b4..a3a6c87 100644 --- a/lib/dbwrap/dbwrap_tdb.c +++ b/lib/dbwrap/dbwrap_tdb.c @@ -42,10 +42,11 @@ static void db_tdb_log_key(const char *prefix, TDB_DATA key) { size_t len; char *keystr; - + TALLOC_CTX *frame; if (DEBUGLEVEL 10) { return; } + frame = talloc_stackframe(); len = key.dsize; if (DEBUGLEVEL == 10) { /* @@ -53,10 +54,10 @@ static void db_tdb_log_key(const char *prefix, TDB_DATA key) */ len = MIN(10, key.dsize); } - keystr = hex_encode_talloc(talloc_tos(), (unsigned char *)(key.dptr), + keystr = hex_encode_talloc(frame, (unsigned char *)(key.dptr), len); DEBUG(10, (%s key %s\n, prefix, keystr)); - TALLOC_FREE(keystr); + TALLOC_FREE(frame); } static int db_tdb_record_destr(struct db_record* data) diff --git a/source4/scripting/python/samba/ntacls.py b/source4/scripting/python/samba/ntacls.py index 44cbbe9..f304047 100644 --- a/source4/scripting/python/samba/ntacls.py +++ b/source4/scripting/python/samba/ntacls.py @@ -78,6 +78,8 @@ def getntacl(lp, file, backend=None, eadbfile=None, direct_db_access=True): return ntacl.info.sd elif ntacl.version == 3: return ntacl.info.sd +elif ntacl.version == 4: +return ntacl.info.sd else: return smbd.get_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL) diff --git a/source4/scripting/python/samba/tests/posixacl.py b/source4/scripting/python/samba/tests/posixacl.py index 449a87c..482b48b 100644 --- a/source4/scripting/python/samba/tests/posixacl.py +++ b/source4/scripting/python/samba/tests/posixacl.py @@ -82,7 +82,7 @@ class PosixAclMappingTests(TestCase): pass os.unlink(tempf) -def test_setntacl_smbd_chmod_getntacl(self): +def test_setntacl_invalidate_getntacl(self): random.seed() lp = LoadParm() path = None @@ -103,25 +103,47 @@ class PosixAclMappingTests(TestCase): self.assertEquals(acl, facl.as_sddl(anysid)) os.unlink(tempf
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9dbb645 dsdb-cracknames: Return DRSUAPI_DS_NAME_STATUS_NO_MAPPING when there is no SID from a9a3841 s4:dns_server: fix formatting difference compared to v4-0-test http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9dbb64563c35003311d3f3d47e6c4ef0f546ffab Author: Andrew Bartlett abart...@samba.org Date: Wed Oct 24 16:41:52 2012 +1100 dsdb-cracknames: Return DRSUAPI_DS_NAME_STATUS_NO_MAPPING when there is no SID If there is no SID for an object being mapped, then there is no NT4 name. We need to return DRSUAPI_DS_NAME_STATUS_NO_MAPPING rather than error out with anything other than WERR_OK as the return value. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Oct 25 04:43:25 CEST 2012 on sn-devel-104 --- Summary of changes: source4/dsdb/samdb/cracknames.c | 10 +++--- 1 files changed, 7 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c index 6ad8026..8b52aa3 100644 --- a/source4/dsdb/samdb/cracknames.c +++ b/source4/dsdb/samdb/cracknames.c @@ -1067,9 +1067,13 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ const struct dom_sid *sid = samdb_result_dom_sid(mem_ctx, result, objectSid); const char *_acc = , *_dom = ; - - if (samdb_find_attribute(sam_ctx, result, objectClass, domain)) { - + if (sid == NULL) { + info1-status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING; + return WERR_OK; + } else if (samdb_find_attribute(sam_ctx, result, objectClass, domain)) { + /* This can also find a DomainDNSZones entry, +* but it won't have the SID we just +* checked. */ ldb_ret = ldb_search(sam_ctx, mem_ctx, domain_res, partitions_basedn, LDB_SCOPE_ONELEVEL, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7138b21 build: Add #define FREEBSD on FreeBSD via 6d73fd0 lib/replace: Fix configure on FreeBSD: define_ret is not correct here via 80f42df lib/replace: Fix detection of prctl via debb2b2 lib/replace: Fix detection of rpcsrv/yp_prot.h on FreeBSD via 60a06ff vfs: Fix compilation of ACL support on solaris from bd099c4 waf: Create a libnss_wins.so symlink. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7138b2138ba1f67386c6aa1e1c5ef49fde07cc41 Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 23 17:53:58 2012 +1100 build: Add #define FREEBSD on FreeBSD This makes waf match autoconf Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Oct 23 11:11:44 CEST 2012 on sn-devel-104 commit 6d73fd07f94ae23f3eacaab3b220ffca201b1300 Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 23 17:31:03 2012 +1100 lib/replace: Fix configure on FreeBSD: define_ret is not correct here define_ret is for when the output of the compiled and run program should be put into the configure define. This is not the case here. Andrew Bartlett commit 80f42df4ec9194ff00aeeb3c2cf6acfa1f2ab5c3 Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 23 17:14:55 2012 +1100 lib/replace: Fix detection of prctl commit debb2b2b9e9a495b0f9f31753ac5e75e4b2d5364 Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 23 17:14:43 2012 +1100 lib/replace: Fix detection of rpcsrv/yp_prot.h on FreeBSD commit 60a06ff09cb62d4102a89194ce8fef5c4c5a2f16 Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 23 16:13:28 2012 +1100 vfs: Fix compilation of ACL support on solaris --- Summary of changes: lib/replace/wscript |6 -- source3/modules/vfs_solarisacl.h |6 -- source3/wscript |9 + 3 files changed, 17 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/replace/wscript b/lib/replace/wscript index 732c664..c21a8f8 100644 --- a/lib/replace/wscript +++ b/lib/replace/wscript @@ -89,7 +89,10 @@ struct foo bar = { .y = 'X', .x = 1 }; conf.CHECK_HEADERS('rpcsvc/nis.h rpcsvc/ypclnt.h sys/prctl.h sys/sysctl.h') conf.CHECK_HEADERS('sys/fileio.h sys/filesys.h sys/dustat.h sys/sysmacros.h') -conf.CHECK_HEADERS('xfs/libxfs.h netgroup.h rpcsvc/yp_prot.h') +conf.CHECK_HEADERS('xfs/libxfs.h netgroup.h') + +conf.CHECK_CODE('', headers='rpc/rpc.h rpcsvc/yp_prot.h', define='HAVE_RPCSVC_YP_PROT_H') + conf.CHECK_HEADERS('valgrind.h valgrind/valgrind.h valgrind/memcheck.h') conf.CHECK_HEADERS('nss_common.h nsswitch.h ns_api.h') conf.CHECK_HEADERS('sys/extattr.h sys/ea.h sys/proplist.h sys/cdefs.h') @@ -227,7 +230,6 @@ struct foo bar = { .y = 'X', .x = 1 }; msg=Checking correct behavior of strtoll, headers = 'errno.h', execute = True, -define_ret = True, define = 'HAVE_BSD_STRTOLL', ) conf.CHECK_FUNCS('if_nametoindex strerror_r') diff --git a/source3/modules/vfs_solarisacl.h b/source3/modules/vfs_solarisacl.h index 84c2cb7..20f1051 100644 --- a/source3/modules/vfs_solarisacl.h +++ b/source3/modules/vfs_solarisacl.h @@ -22,10 +22,12 @@ SMB_ACL_T solarisacl_sys_acl_get_file(vfs_handle_struct *handle, const char *path_p, - SMB_ACL_TYPE_T type); + SMB_ACL_TYPE_T type, + TALLOC_CTX *mem_ctx); SMB_ACL_T solarisacl_sys_acl_get_fd(vfs_handle_struct *handle, - files_struct *fsp); + files_struct *fsp, + TALLOC_CTX *mem_ctx); int solarisacl_sys_acl_set_file(vfs_handle_struct *handle, const char *name, diff --git a/source3/wscript b/source3/wscript index 92575c8..f049700 100644 --- a/source3/wscript +++ b/source3/wscript @@ -266,6 +266,14 @@ __sys_llseek syslog _telldir __telldir textdomain timegm utimensat vsyslog _write __write __xstat ''') +conf.CHECK_CODE(''' +#ifdef HAVE_SYS_PRCTL_H +#include sys/prctl.h +#endif +int i; i = prtcl(0); +''', +'HAVE_PRCTL', link=False) + conf.CHECK_SAMBA3_CHARSET() # see build/charset.py # FIXME: these should be tests for features, but the old build system just @@ -289,6 +297,7 @@ utimensat vsyslog _write __write __xstat conf.ADD_CFLAGS('-fno-common') conf.DEFINE('STAT_ST_BLOCKSIZE', '512') elif (host_os.rfind('freebsd') -1): +conf.DEFINE
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d2aa785 lib/tsocket: fix loop in tdgram_bsd_recvfrom() (bug #9184) from 7138b21 build: Add #define FREEBSD on FreeBSD http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d2aa785290a283e06624f22a381a7ea02baae5ad Author: Stefan Metzmacher me...@samba.org Date: Tue Oct 2 12:20:26 2012 +0200 lib/tsocket: fix loop in tdgram_bsd_recvfrom() (bug #9184) If the socket is not readable yet, we need to retry if tsocket_bsd_pending() returns 0. See also https://lists.samba.org/archive/samba-technical/2012-October/087164.html metze Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Oct 23 14:44:21 CEST 2012 on sn-devel-104 --- Summary of changes: lib/tsocket/tsocket_bsd.c | 10 +- 1 files changed, 9 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/tsocket/tsocket_bsd.c b/lib/tsocket/tsocket_bsd.c index d5721b4..135fd02 100644 --- a/lib/tsocket/tsocket_bsd.c +++ b/lib/tsocket/tsocket_bsd.c @@ -792,7 +792,7 @@ static int tdgram_bsd_set_writeable_handler(struct tdgram_bsd *bsds, struct tdgram_bsd_recvfrom_state { struct tdgram_context *dgram; - + bool first_try; uint8_t *buf; size_t len; struct tsocket_address *src; @@ -826,6 +826,7 @@ static struct tevent_req *tdgram_bsd_recvfrom_send(TALLOC_CTX *mem_ctx, } state-dgram= dgram; + state-first_try= true; state-buf = NULL; state-len = 0; state-src = NULL; @@ -876,6 +877,13 @@ static void tdgram_bsd_recvfrom_handler(void *private_data) bool retry; ret = tsocket_bsd_pending(bsds-fd); + if (state-first_try ret == 0) { + state-first_try = false; + /* retry later */ + return; + } + state-first_try = false; + err = tsocket_bsd_error_from_errno(ret, errno, retry); if (retry) { /* retry later */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8697acd dsdb-cracknames: Always use talloc_zero() from d5d0a45 build(waf): Fix the --with-cluster build http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8697acd4b08354fb4185b05da07f4399bda917bc Author: Andrew Bartlett abart...@samba.org Date: Wed Oct 24 11:56:02 2012 +1100 dsdb-cracknames: Always use talloc_zero() Otherwise, we will return un-initialised values to the caller, which will attempt to push them onto the wire. Found by Greg Dickie g...@justaguy.ca. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Oct 24 05:12:04 CEST 2012 on sn-devel-104 --- Summary of changes: source4/dsdb/samdb/cracknames.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c index c366019..6ad8026 100644 --- a/source4/dsdb/samdb/cracknames.c +++ b/source4/dsdb/samdb/cracknames.c @@ -1472,7 +1472,7 @@ WERROR dcesrv_drsuapi_CrackNamesByNameFormat(struct ldb_context *sam_ctx, TALLOC uint32_t i, count; WERROR status; - *ctr1 = talloc(mem_ctx, struct drsuapi_DsNameCtr1); + *ctr1 = talloc_zero(mem_ctx, struct drsuapi_DsNameCtr1); W_ERROR_HAVE_NO_MEMORY(*ctr1); count = req1-count; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 64886e3 Warn when setting UID/GID without idmap_ldb:use rfc2307 = Yes via 071047e Tests for 'samba-tool user create' with RFC2307 attributes via bfdaaf2 Set RFC2307 attributes in samba-tool create via 9eb022c provision: No longer use the wheel group in new AD Domains from b557f34 s3:smbd: fix brace placements in validate_my_share_entries() for readability http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 64886e312fe76145c2c4bc900b794274594368aa Author: Alexander Wuerstlein a...@arw.name Date: Sun Sep 30 04:32:01 2012 +0200 Warn when setting UID/GID without idmap_ldb:use rfc2307 = Yes Signed-off-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Oct 18 09:51:35 CEST 2012 on sn-devel-104 commit 071047e8953f36a4c71c30d9540323578a4204f2 Author: Alexander Wuerstlein a...@arw.name Date: Sun Sep 30 04:32:00 2012 +0200 Tests for 'samba-tool user create' with RFC2307 attributes Check if attributes are correctly set and read from SamDB Test automatic creation of attributes from getpwent (NSS) Check if overriding NSS attributes works getpwent will be skipped if the current UID of the user running the tests has no passwd entry (getpwuid(geteuid())). If a user with the name of the current UID already exists in the directory, the getpwent test will fail. If that should happen, the test would need to be updated to use a nonexistent UID that is visible to the Python 'pwd' module. Signed-off-by: Andrew Bartlett abart...@samba.org commit bfdaaf2327441c0cf909a70f9b3ca781caadbddc Author: Alexander Wuerstlein a...@arw.name Date: Sun Sep 30 04:31:59 2012 +0200 Set RFC2307 attributes in samba-tool create Optionally set RFC2307 (NIS Schema) attributes in samba-tool create. Mainly needed for UID mapping to be usable. Not all attributes are set-able, only harmless and non-overlapping ones (uid, uidNumber, gidNumber, loginShell, gecos). Description and homeDirectory should already be set, userPassword seems problematic. Signed-off-by: Andrew Bartlett abart...@samba.org commit 9eb022c8c65663425e60a10a12c2ec52c3017a59 Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 16 13:08:22 2012 +1100 provision: No longer use the wheel group in new AD Domains The issue here is that if we set S-1-5-32-544 (administrators) to a GID only, then users cannot force a mandetory profile to be owned by administrators (which is a requirement). There is no particularly useful reason for us to enforce this matching a system group. Andrew Bartlett --- Summary of changes: source4/scripting/bin/samba_upgradedns |2 +- source4/scripting/python/samba/netcmd/domain.py|5 +- source4/scripting/python/samba/netcmd/user.py | 39 +- .../scripting/python/samba/provision/__init__.py | 39 +++--- source4/scripting/python/samba/samdb.py| 26 - source4/scripting/python/samba/tests/posixacl.py |8 +- .../python/samba/tests/samba_tool/base.py |6 + .../python/samba/tests/samba_tool/user.py | 141 ++- source4/scripting/python/samba/upgrade.py |2 +- source4/scripting/python/samba/upgradehelpers.py |4 +- 10 files changed, 230 insertions(+), 42 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/bin/samba_upgradedns b/source4/scripting/bin/samba_upgradedns index 8304134..ba597cf 100755 --- a/source4/scripting/bin/samba_upgradedns +++ b/source4/scripting/bin/samba_upgradedns @@ -91,7 +91,7 @@ def fix_names(pnames): names.domaindn = pnames.domaindn[0] names.configdn = pnames.configdn[0] names.schemadn = pnames.schemadn[0] -names.wheel_gid = pnames.wheel_gid[0] +names.root_gid = pnames.root_gid names.serverdn = str(pnames.serverdn) return names diff --git a/source4/scripting/python/samba/netcmd/domain.py b/source4/scripting/python/samba/netcmd/domain.py index 6e3f35a..4ba305c 100644 --- a/source4/scripting/python/samba/netcmd/domain.py +++ b/source4/scripting/python/samba/netcmd/domain.py @@ -186,8 +186,6 @@ class cmd_domain_provision(Command): help=choose 'root' unix username), Option(--nobody, type=string, metavar=USERNAME, help=choose 'nobody' user), - Option(--wheel, type=string, metavar=GROUPNAME, -help=choose 'wheel' privileged group), Option(--users, type=string, metavar=GROUPNAME, help=choose 'users' group), Option(--quiet, help=Be quiet, action=store_true), @@ -237,7 +235,6 @@ class
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d09ac96 Removed phpldapadmin inclusion for Samba 4. via 83d34bb dns_server: Try and use the dns-SERVER account if we were configured with it from 0296548 ccan: check for all the used config.h defines http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d09ac9636af6a31098156ca65ab62e11ce3a5d15 Author: Ricky Nance ricky.na...@weaubleau.k12.mo.us Date: Tue Oct 16 00:52:51 2012 -0500 Removed phpldapadmin inclusion for Samba 4. Signed-off-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Oct 17 12:55:44 CEST 2012 on sn-devel-104 commit 83d34bb2bbcbc0ebbcb81825590363e996979e08 Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 16 15:08:30 2012 +1100 dns_server: Try and use the dns-SERVER account if we were configured with it --- Summary of changes: source4/dns_server/dns_server.c| 61 +++- .../scripting/python/samba/provision/__init__.py | 20 --- source4/scripting/python/samba/tests/provision.py | 10 --- source4/setup/phpldapadmin-config.php | 20 --- 4 files changed, 47 insertions(+), 64 deletions(-) delete mode 100644 source4/setup/phpldapadmin-config.php Changeset truncated at 500 lines: diff --git a/source4/dns_server/dns_server.c b/source4/dns_server/dns_server.c index 8e25396..6824fef 100644 --- a/source4/dns_server/dns_server.c +++ b/source4/dns_server/dns_server.c @@ -748,7 +748,11 @@ static void dns_task_init(struct task_server *task) int ret; struct ldb_result *res; static const char * const attrs[] = { name, NULL}; + static const char * const attrs_none[] = { NULL}; unsigned int i; + struct ldb_message *dns_acc; + char *hostname_lower; + char *dns_spn; switch (lpcfg_server_role(task-lp_ctx)) { case ROLE_STANDALONE: @@ -787,29 +791,58 @@ static void dns_task_init(struct task_server *task) return; } - cli_credentials_set_conf(dns-server_credentials, task-lp_ctx); - status = cli_credentials_set_machine_account(dns-server_credentials, task-lp_ctx); - if (!NT_STATUS_IS_OK(status)) { - task_server_terminate(task, - talloc_asprintf(task, Failed to obtain server credentials, perhaps a standalone server?: %s\n, - nt_errstr(status)), - true); + dns-samdb = samdb_connect(dns, dns-task-event_ctx, dns-task-lp_ctx, + system_session(dns-task-lp_ctx), 0); + if (!dns-samdb) { + task_server_terminate(task, dns: samdb_connect failed, true); return; } + cli_credentials_set_conf(dns-server_credentials, task-lp_ctx); + + hostname_lower = strlower_talloc(dns, lpcfg_netbios_name(task-lp_ctx)); + dns_spn = talloc_asprintf(dns, DNS/%s.%s, + hostname_lower, + lpcfg_dnsdomain(task-lp_ctx)); + TALLOC_FREE(hostname_lower); + + ret = dsdb_search_one(dns-samdb, dns, dns_acc, + ldb_get_default_basedn(dns-samdb), LDB_SCOPE_SUBTREE, + attrs_none, 0, (servicePrincipalName=%s), + dns_spn); + if (ret == LDB_SUCCESS) { + TALLOC_FREE(dns_acc); + if (!dns_spn) { + task_server_terminate(task, dns: talloc_asprintf failed, true); + return; + } + status = cli_credentials_set_stored_principal(dns-server_credentials, task-lp_ctx, dns_spn); + if (!NT_STATUS_IS_OK(status)) { + task_server_terminate(task, + talloc_asprintf(task, Failed to obtain server credentials for DNS, + despite finding it in the samdb! %s\n, + nt_errstr(status)), + true); + return; + } + } else { + TALLOC_FREE(dns_spn); + status = cli_credentials_set_machine_account(dns-server_credentials, task-lp_ctx); + if (!NT_STATUS_IS_OK(status)) { + task_server_terminate(task, + talloc_asprintf(task, Failed to obtain server credentials, perhaps a standalone server?: %s\n, + nt_errstr(status)), + true
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1ec5486 smbd: Always free the talloc_stackframe() before leaving smbd_do_query_security_desc from a11595b docs: Add very basic samba manpage. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1ec5486338772cecf953e150ebb717a8845c98d4 Author: Andrew Bartlett abart...@samba.org Date: Thu Oct 11 22:29:43 2012 +1100 smbd: Always free the talloc_stackframe() before leaving smbd_do_query_security_desc Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Oct 11 15:20:54 CEST 2012 on sn-devel-104 --- Summary of changes: source3/smbd/nttrans.c |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 1011bd7..f5e5877 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -1916,12 +1916,14 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn, if ((security_info_wanted SECINFO_SACL) !(fsp-access_mask SEC_FLAG_SYSTEM_SECURITY)) { DEBUG(10, (Access to SACL denied.\n)); + TALLOC_FREE(frame); return NT_STATUS_ACCESS_DENIED; } if ((security_info_wanted (SECINFO_DACL|SECINFO_OWNER|SECINFO_GROUP)) !(fsp-access_mask SEC_STD_READ_CONTROL)) { DEBUG(10, (Access to DACL, OWNER, or GROUP denied.\n)); + TALLOC_FREE(frame); return NT_STATUS_ACCESS_DENIED; } @@ -1942,6 +1944,7 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn, fsp, security_info_wanted, frame, psd); } if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); return status; } -- Samba Shared Repository
provision: Always create DNS user.
On Thu, 2012-10-11 at 21:23 +0200, Stefan (metze) Metzmacher wrote: Hi Jelmer, - Log - commit c2d14747d608d406de6410556807d467cd0b85ef Author: Jelmer Vernooij jel...@samba.org Date: Thu Oct 11 14:45:10 2012 +0200 provision: Always create DNS user. The DNS user is currently only used by the bind9 plugin. This makes it easier to later on switch between the builtin DNS server and bind backend. In addition, ideally the internal DNS server would use that (separate) user too. Why? Isn't that the job of samba_upgradedns? I removed this behavior because I want us to match windows as much as possible. Jelmer, We discussed this, but I think you misunderstood me. Certainly we can't do this unless we first change the internal DNS server to know about the possibility of a dns-SERVER user. Otherwise it won't use the right key on the kerberos acceptor. I was more thinking that we would keep the previous behaviour (which is more like windows), but allow the internal DNS server to work if a dns-SERVER user exists (rather than strictly requiring it to be removed). Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 547a260 vfs: Improve formatting of vfs_fake_acls via d07d888 vfs: Improve formatting of vfs_default via a581b3d examples: Re-indent and reformat skel VFS modules via 38416cc vfs: Use a blocking function in vfs_zfsacl for system ACL blobs via bac3ed2 vfs: Use posix_sys_acl_blob_get_file in vfs_tru64acl for posix ACLs via 998bdd5 vfs: Use posix_sys_acl_blob_get_file in vfs_solarisacl for posix ACLs via 010e589 vfs: Use posix_sys_acl_blob_get_file in vfs_posixacl for posix ACLs via 598b565c vfs: Use posix_sys_acl_blob_get_file in vfs_irix for posix ACLs via 4eb0e40 vfs: Use posix_sys_acl_blob_get_file in vfs_hpux for posix ACLs via abee79f vfs: Use posix_sys_acl_blob_get_file in vfs_gpfs for posix ACLs via 594 vfs: Use posix_sys_acl_blob_get_file in vfs_fake_acls for posix ACLs via 76b38f7 vfs: Use posix_sys_acl_blob_get_file in vfs_default for posix ACLs via 274ace3 vfs: Use posix_sys_acl_blob_get_file in vfs_aixacl2 for posix ACLs via 79edc54 vfs: Use posix_sys_acl_blob_get_file in vfs_aixacl via c960a49 vfs: Use a blocking function in vfs_afsacl for system ACL blobs via ddcaac9 vfs: Implement a sys_acl_blob_get_{fd,file} for POSIX ACL backends via 1f36ec1 vfs: Remove type parameter from sys_acl_blob_get_{fd,file} via c8ade07 smbd: Add mem_ctx to {f,}get_nt_acl VFS call via 9158974 smbd: Add mem_ctx to sys_acl_init() and all callers via a4d1f22 build: Add vfs_media_harmony to the waf build via bb99cf1 posixacls: Add IDL changes for vfs_acl_xattr using hash of the sys acl from 5bb60df s3-rpc_server: fix build warning http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 547a260a2865d547a4ffc756b21fa648349654fd Author: Andrew Bartlett abart...@samba.org Date: Thu Oct 11 10:47:17 2012 +1100 vfs: Improve formatting of vfs_fake_acls This avoids this bad style being copied into new modules. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Oct 11 05:10:16 CEST 2012 on sn-devel-104 commit d07d888ce1394c51019804d5717e02d088a715f8 Author: Andrew Bartlett abart...@samba.org Date: Thu Oct 11 10:46:37 2012 +1100 vfs: Improve formatting of vfs_default This avoids this bad style being copied into new modules. Andrew Bartlett commit a581b3d48edb1b3f8205e5b1dd2935e265aaba42 Author: Andrew Bartlett abart...@samba.org Date: Thu Oct 11 07:53:29 2012 +1100 examples: Re-indent and reformat skel VFS modules This avoids some of the poor style here from propogating to new VFS modules. Andrew Bartlett commit 38416ccac3970b2bf63fe218ef85d535d848302c Author: Andrew Bartlett abart...@samba.org Date: Wed Oct 10 17:00:42 2012 +1100 vfs: Use a blocking function in vfs_zfsacl for system ACL blobs This is so we do not query some other module for the ACL blob, as zfs ACLs are not posix ACLs. We may add a linearisation later. Andrew Bartlett commit bac3ed2696e621ee18f4332e5404bbf2af0c7ccb Author: Andrew Bartlett abart...@samba.org Date: Wed Oct 10 16:59:53 2012 +1100 vfs: Use posix_sys_acl_blob_get_file in vfs_tru64acl for posix ACLs commit 998bdd516adf5edb5c5884f92f04dc690aa1ce27 Author: Andrew Bartlett abart...@samba.org Date: Wed Oct 10 16:59:43 2012 +1100 vfs: Use posix_sys_acl_blob_get_file in vfs_solarisacl for posix ACLs commit 010e589c29335fc48446051347d6af5f787981a4 Author: Andrew Bartlett abart...@samba.org Date: Wed Oct 10 16:59:35 2012 +1100 vfs: Use posix_sys_acl_blob_get_file in vfs_posixacl for posix ACLs commit 598b565c632aae8792dc2917eda2e2b7365d4cec Author: Andrew Bartlett abart...@samba.org Date: Wed Oct 10 16:59:25 2012 +1100 vfs: Use posix_sys_acl_blob_get_file in vfs_irix for posix ACLs commit 4eb0e406f15c5fcf3b73361978edcac0a8db5b58 Author: Andrew Bartlett abart...@samba.org Date: Wed Oct 10 16:59:18 2012 +1100 vfs: Use posix_sys_acl_blob_get_file in vfs_hpux for posix ACLs commit abee79f99db802adc8e13a2baedf7817bf937786 Author: Andrew Bartlett abart...@samba.org Date: Wed Oct 10 16:58:59 2012 +1100 vfs: Use posix_sys_acl_blob_get_file in vfs_gpfs for posix ACLs commit 59429e9b08b3d88ed6ba8fc86ec837ef23d8 Author: Andrew Bartlett abart...@samba.org Date: Wed Oct 10 16:53:43 2012 +1100 vfs: Use posix_sys_acl_blob_get_file in vfs_fake_acls for posix ACLs commit 76b38f75e98ed68de9e649c2a0ef3b4b317292ae Author: Andrew Bartlett abart...@samba.org Date: Wed Oct 10 16:53:22 2012 +1100 vfs: Use posix_sys_acl_blob_get_file in vfs_default for posix ACLs commit 274ace37fd413240bac3d5f45fa9a481aba0bfb1 Author: Andrew Bartlett abart...@samba.org Date: Wed Oct 10 16:52:17 2012
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 957f9fa rpc_server:srvsvc Remove psd variable that was no longer set by SMB_VFS_FGET_NT_ACL via 0f435a7 build: Remove --disable-shared via 1722074 vfs: Remove irixacl module (all the fucntions in it are unimplemented) via a0588fd vfs: Fix alternative posix and no-op sys acl implementations to take a mem_ctx from 547a260 vfs: Improve formatting of vfs_fake_acls http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 957f9fa3ff2ba838bb1669c371da0f70ddeb2360 Author: Andrew Bartlett abart...@samba.org Date: Thu Oct 11 15:08:25 2012 +1100 rpc_server:srvsvc Remove psd variable that was no longer set by SMB_VFS_FGET_NT_ACL This fixes up an error introduced by c8ade07760ae0ccfdf2d875c9f3027926e62321b. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Oct 11 07:53:36 CEST 2012 on sn-devel-104 commit 0f435a7adceb6bb7e2cc57eda3bf5a4a615d6a79 Author: Andrew Bartlett abart...@samba.org Date: Wed Oct 10 21:20:24 2012 +1100 build: Remove --disable-shared This does not work, and has no known use cases. Remove it so we do not waste time trying to support it. This also removes it for ldb/tdb/ntdb/talloc, but as these are first shared libraries, and then tools on top of those, rpath or (for emergency tools) --nonshared-binary= seems more appropriate. Andrew Bartlett commit 1722074a9b4b7370ae50ba7a0b787c5f325f592b Author: Andrew Bartlett abart...@samba.org Date: Thu Oct 11 14:49:13 2012 +1100 vfs: Remove irixacl module (all the fucntions in it are unimplemented) commit a0588fdea82ab1b5d4dbd8bf75b01b82c0879d21 Author: Andrew Bartlett abart...@samba.org Date: Thu Oct 11 14:42:39 2012 +1100 vfs: Fix alternative posix and no-op sys acl implementations to take a mem_ctx These were missed with the initial conversion to use a talloc context. Andrew Bartlett --- Summary of changes: buildtools/wafsamba/samba_bundled.py |4 - buildtools/wafsamba/wscript | 13 + source3/Makefile.in |5 -- source3/configure.in |6 -- source3/lib/sysacls.c | 84 ++- source3/modules/vfs_aixacl.c | 12 ++-- source3/modules/vfs_irixacl.c | 90 - source3/modules/vfs_irixacl.h | 45 -- source3/modules/vfs_solarisacl.c |2 +- source3/modules/wscript_build |8 --- source3/rpc_server/srvsvc/srv_srvsvc_nt.c |8 +-- source3/wscript |4 - 12 files changed, 44 insertions(+), 237 deletions(-) delete mode 100644 source3/modules/vfs_irixacl.c delete mode 100644 source3/modules/vfs_irixacl.h Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/samba_bundled.py b/buildtools/wafsamba/samba_bundled.py index b8a4101..afcf708 100644 --- a/buildtools/wafsamba/samba_bundled.py +++ b/buildtools/wafsamba/samba_bundled.py @@ -30,8 +30,6 @@ def target_in_list(target, lst, default): def BUILTIN_LIBRARY(bld, name): '''return True if a library should be builtin instead of being built as a shared lib''' -if bld.env.DISABLE_SHARED: -return True return target_in_list(name, bld.env.BUILTIN_LIBRARIES, False) Build.BuildContext.BUILTIN_LIBRARY = BUILTIN_LIBRARY @@ -249,8 +247,6 @@ def CHECK_BUNDLED_SYSTEM_PYTHON(conf, libname, modulename, minversion='0.0.0'): def NONSHARED_BINARY(bld, name): '''return True if a binary should be built without non-system shared libs''' -if bld.env.DISABLE_SHARED: -return True return target_in_list(name, bld.env.NONSHARED_BINARIES, False) Build.BuildContext.NONSHARED_BINARY = NONSHARED_BINARY diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript index 5e1898c..441e727 100755 --- a/buildtools/wafsamba/wscript +++ b/buildtools/wafsamba/wscript @@ -50,9 +50,6 @@ def set_options(opt): help=(list of minimum system library versions (LIBNAME1:version,LIBNAME2:version)), action=store, dest='MINIMUM_LIBRARY_VERSION', default='') -gr.add_option('--disable-shared', - help=(Disable all use of shared libraries), - action=store_true, dest='disable_shared', default=False) gr.add_option('--disable-rpath', help=(Disable use of rpath for build binaries), action=store_true, dest='disable_rpath_build', default=False) @@ -248,7 +245,6 @@ def configure(conf): conf.env.BUNDLED_LIBS = Options.options.BUNDLED_LIBS.split(',') conf.env.PRIVATE_LIBS
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2f0753b samba-tool: skip chown in sysvolreset when it would fail on a GID from 1c35c22 s3: Pass down smb_filename to smbacl4_fill_ace4 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2f0753b456c4d9b4eb52f128a83c8ba19adde160 Author: Andrew Bartlett abart...@samba.org Date: Fri Oct 5 10:19:17 2012 +1000 samba-tool: skip chown in sysvolreset when it would fail on a GID This skips the chown of the files if (for example) the domain Admins group were to own the file and not be able to because the group maps only to a GID. This essentially papers over the problem, but may be enough to get us past the Samba 4.0 release. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Oct 9 15:24:44 CEST 2012 on sn-devel-104 --- Summary of changes: source4/scripting/python/samba/ntacls.py | 37 ++- .../scripting/python/samba/provision/__init__.py | 24 +++-- 2 files changed, 48 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/python/samba/ntacls.py b/source4/scripting/python/samba/ntacls.py index 2108a64..44cbbe9 100644 --- a/source4/scripting/python/samba/ntacls.py +++ b/source4/scripting/python/samba/ntacls.py @@ -21,7 +21,7 @@ import os import samba.xattr_native, samba.xattr_tdb, samba.posix_eadb -from samba.dcerpc import security, xattr +from samba.dcerpc import security, xattr, idmap from samba.ndr import ndr_pack, ndr_unpack from samba.samba3 import smbd @@ -82,10 +82,43 @@ def getntacl(lp, file, backend=None, eadbfile=None, direct_db_access=True): return smbd.get_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL) -def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True): +def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True, skip_invalid_chown=False, passdb=None): sid = security.dom_sid(domsid) sd = security.descriptor.from_sddl(sddl, sid) +if not use_ntvfs and skip_invalid_chown: +# Check if the owner can be resolved as a UID +(owner_id, owner_type) = passdb.sid_to_id(sd.owner_sid) +if ((owner_type != idmap.ID_TYPE_UID) and (owner_type != idmap.ID_TYPE_BOTH)): +# Check if this particular owner SID was domain admins, +# because we special-case this as mapping to +# 'administrator' instead. +if sd.owner_sid == security.dom_sid(%s-%d % (domsid, security.DOMAIN_RID_ADMINS)): +administrator = security.dom_sid(%s-%d % (domsid, security.DOMAIN_RID_ADMINISTRATOR)) +(admin_id, admin_type) = passdb.sid_to_id(administrator) + +# Confirm we have a UID for administrator +if ((admin_type == idmap.ID_TYPE_UID) or (admin_type == idmap.ID_TYPE_BOTH)): + +# Set it, changing the owner to 'administrator' rather than domain admins +sd2 = security.descriptor.from_sddl(sddl, sid) +sd2.owner_sid = administrator + +smbd.set_nt_acl(file, security.SECINFO_OWNER |security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd2) + +# and then set an NTVFS ACL (which does not set the posix ACL) to pretend the owner really was set +use_ntvfs = True +else: +raise XattrBackendError(Unable to find UID for domain administrator %s, got id %d of type %d % (administrator, admin_id, admin_type)) +else: +# For all other owning users, reset the owner to root +# and then set the ACL without changing the owner +# +# This won't work in test environments, as it tries a real (rather than xattr-based fake) chown + +os.chown(file, 0, 0) +smbd.set_nt_acl(file, security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd) + if use_ntvfs: (backend_obj, dbname) = checkset_backend(lp, backend, eadbfile) ntacl = xattr.NTACL() diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py index d5d57d2..9966192 100644 --- a/source4/scripting/python/samba/provision/__init__.py +++ b/source4/scripting/python/samba/provision/__init__.py @@ -1365,18 +1365,18 @@ SYSVOL_ACL = O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI POLICIES_ACL = O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001301bf;;;PA) -def set_dir_acl
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6245c5c wintest: Give dcpromo more time via 10eba77 wintest: Give netdom join more time to complete via 535fe95 wintest: Add config file for a second host via 1773fc0 wintest: bump version to 4.1 via 1f267ca nsswitch: Build nss_winbind on all supported platforms via 0e037bf selftest: Always build a linux-style nss_winbind for nss_wrapper from df23b17 provision: Use logger rather than print. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6245c5cba29abb54df2f961d9cbe300a49ffdacf Author: Andrew Bartlett abart...@samba.org Date: Wed Oct 3 08:22:27 2012 +1000 wintest: Give dcpromo more time Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Oct 3 16:04:44 CEST 2012 on sn-devel-104 commit 10eba77dcbeec4b389aeb0a456884b7f067c1a3e Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 2 18:45:39 2012 +1000 wintest: Give netdom join more time to complete commit 535fe95f3c884b247d374685cc4408aeabc64437 Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 2 12:34:10 2012 +1000 wintest: Add config file for a second host commit 1773fc06738846dac6c9cbfa3f3157a19f2567c1 Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 2 12:33:48 2012 +1000 wintest: bump version to 4.1 commit 1f267ca10e174ec3661631df2169e381136c2540 Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 2 08:12:16 2012 +1000 nsswitch: Build nss_winbind on all supported platforms This matches what the autoconf build can do. Andrew Bartlett commit 0e037bfc60162aa094df3e3cda59f7b9c2327ca9 Author: Andrew Bartlett abart...@samba.org Date: Wed Oct 3 16:36:34 2012 +1000 selftest: Always build a linux-style nss_winbind for nss_wrapper --- Summary of changes: nsswitch/wscript_build | 68 +--- selftest/target/Samba.pm |9 +++ selftest/target/Samba3.pm |5 +- selftest/target/Samba4.pm |2 +- .../conf/{abartlet.conf = abartlet-jesse.conf}| 38 ++-- wintest/test-s4-howto.py |6 +- wintest/wintest.py |2 +- 7 files changed, 92 insertions(+), 38 deletions(-) copy wintest/conf/{abartlet.conf = abartlet-jesse.conf} (79%) Changeset truncated at 500 lines: diff --git a/nsswitch/wscript_build b/nsswitch/wscript_build index 3931445..8499c62 100644 --- a/nsswitch/wscript_build +++ b/nsswitch/wscript_build @@ -1,5 +1,7 @@ #!/usr/bin/env python import Utils +import sys +host_os = sys.platform bld.SAMBA_LIBRARY('winbind-client', source='wb_common.c', @@ -14,19 +16,65 @@ bld.SAMBA_BINARY('nsstest', deps='replace dl' ) -if Utils.unversioned_sys_platform() == 'linux': +# The nss_wrapper code relies strictly on the linux implementation and +# name, so compile but do not install a copy under this name. +bld.SAMBA_LIBRARY('nss_wrapper_winbind', + source='winbind_nss_linux.c', + deps='winbind-client', + realname='libnss_wrapper_winbind.so.2', + install=False, + vnum='2') + +# FIXME: original was *linux* | gnu* | k*bsd*-gnu | kopensolaris*-gnu) +# the search for .rfind('gnu') covers gnu* and *-gnu is that too broad? + +if (Utils.unversioned_sys_platform() == 'linux' or (host_os.rfind('gnu') -1)): bld.SAMBA_LIBRARY('nss_winbind', - source='winbind_nss_linux.c', - deps='winbind-client', - realname='libnss_winbind.so.2', - vnum='2') + source='winbind_nss_linux.c', + deps='winbind-client', + realname='libnss_winbind.so.2', + vnum='2') +elif (host_os.rfind('freebsd') -1): + # FreeBSD winbind client is implemented as a wrapper around + # the Linux version. + bld.SAMBA_LIBRARY('nss_winbind', + source='winbind_nss_linux.c winbind_nss_freebsd.c', + deps='winbind-client', + realname='libnss_winbind.so.1', + vnum='1') + +elif (host_os.rfind('netbsd') -1): + # NetBSD winbind client is implemented as a wrapper + # around the Linux version. It needs getpwent_r() to + # indicate libc's use of the correct nsdispatch API. -if Utils.unversioned_sys_platform() == 'sunos': + if bld.CONFIG_SET(HAVE_GETPWENT_R): + bld.SAMBA_LIBRARY('nss_winbind', + source='winbind_nss_linux.c winbind_nss_netbsd.c', + deps='winbind-client
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f0f310c build: Remove duplicate check for struct getquota_rslt member getquota_rslt_u via 006bdc0 build: Fix quota tests, including move of sysquotas.c to the top level via 931ed25 lib/replace: Add test for what flag we need for -Werror behaviour from 837f47d s3-winbindd: Adjust error code loop logic in rpc_trusted_domains(). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f0f310c21d0d3863323a7759be104ee3d2d6c23d Author: Andrew Bartlett abart...@samba.org Date: Sat Sep 29 14:31:28 2012 +1000 build: Remove duplicate check for struct getquota_rslt member getquota_rslt_u Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Sat Sep 29 08:51:03 CEST 2012 on sn-devel-104 commit 006bdc0be0bf2ef70b3eb24d679bd49f6d8079fd Author: Andrew Bartlett abart...@samba.org Date: Sat Sep 29 14:28:57 2012 +1000 build: Fix quota tests, including move of sysquotas.c to the top level This correctly detects quotas on FreeBSD Andrew Bartlett commit 931ed2509d93110b525f763ffb15ee3feff87fa0 Author: Andrew Bartlett abart...@samba.org Date: Sat Sep 29 14:36:41 2012 +1000 lib/replace: Add test for what flag we need for -Werror behaviour --- Summary of changes: lib/replace/wscript |9 + source3/configure.in |4 ++-- source3/wscript | 18 +++--- {source3/tests = tests}/sysquotas.c |4 ++-- 4 files changed, 20 insertions(+), 15 deletions(-) rename {source3/tests = tests}/sysquotas.c (99%) Changeset truncated at 500 lines: diff --git a/lib/replace/wscript b/lib/replace/wscript index f1f1cef..732c664 100644 --- a/lib/replace/wscript +++ b/lib/replace/wscript @@ -53,6 +53,15 @@ struct foo bar = { .y = 'X', .x = 1 }; conf.ADD_CFLAGS(f) break +# Try to find the right extra flags for -Werror behaviour +for f in [-Werror, -w2, -errwarn]: +if conf.CHECK_CFLAGS([f], ''' +'''): +if not 'WERROR_CFLAGS' in conf.env: +conf.env['WERROR_CFLAGS'] = [] +conf.env['WERROR_CFLAGS'].extend([f]) +break + conf.CHECK_HEADERS('linux/types.h crypt.h locale.h acl/libacl.h compat.h') conf.CHECK_HEADERS('acl/libacl.h attr/xattr.h compat.h ctype.h dustat.h') conf.CHECK_HEADERS('fcntl.h fnmatch.h glob.h history.h krb5.h langinfo.h') diff --git a/source3/configure.in b/source3/configure.in index 5045742..d47f08a 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -4617,7 +4617,7 @@ AC_TRY_RUN_STRICT([ #define HAVE_QUOTACTL_4A 1 #define AUTOCONF_TEST 1 #include confdefs.h -#include ${srcdir-.}/../tests/sysquotas.c],[$CFLAGS $Werror_FLAGS],[$CPPFLAGS],[$LDFLAGS], +#include ${srcdir-.}/../../tests/sysquotas.c],[$CFLAGS $Werror_FLAGS],[$CPPFLAGS],[$LDFLAGS], samba_cv_HAVE_QUOTACTL_4A=yes,samba_cv_HAVE_QUOTACTL_4A=no,samba_cv_HAVE_QUOTACTL_4A=cross)]) if test x$samba_cv_HAVE_QUOTACTL_4A = xyes; then samba_cv_SYSQUOTA_FOUND=yes; @@ -4631,7 +4631,7 @@ AC_TRY_RUN_STRICT([ #define HAVE_QUOTACTL_4B 1 #define AUTOCONF_TEST 1 #include confdefs.h -#include ${srcdir-.}/../tests/sysquotas.c],[$CFLAGS $Werror_FLAGS],[$CPPFLAGS],[$LDFLAGS], +#include ${srcdir-.}/../../tests/sysquotas.c],[$CFLAGS $Werror_FLAGS],[$CPPFLAGS],[$LDFLAGS], samba_cv_HAVE_QUOTACTL_4B=yes,samba_cv_HAVE_QUOTACTL_4B=no,samba_cv_HAVE_QUOTACTL_4B=cross)]) if test x$samba_cv_HAVE_QUOTACTL_4B = xyes; then samba_cv_SYSQUOTA_FOUND=yes; diff --git a/source3/wscript b/source3/wscript index 3815c7c..765f761 100644 --- a/source3/wscript +++ b/source3/wscript @@ -1238,23 +1238,24 @@ main() { if not conf.CHECK_CODE(''' #define HAVE_QUOTACTL_4A 1 #define AUTOCONF_TEST 1 -#include confdefs.h -#include ${srcdir-.}/../tests/sysquotas.c +#include ../tests/sysquotas.c ''', + cflags=conf.env['WERROR_CFLAGS'], define='HAVE_QUOTACTL_4A', msg='for QUOTACTL_4A: long quotactl(int cmd, char *special, qid_t id, caddr_t addr)', execute=True, - local_include=False): + addmain=False): + conf.CHECK_CODE(''' #define HAVE_QUOTACTL_4B 1 #define AUTOCONF_TEST 1 -#include confdefs.h -#include ${srcdir-.}/../tests/sysquotas.c +#include ../tests/sysquotas.c ''', +cflags=conf.env['WERROR_CFLAGS
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7d0a9f5 selftest: use an array when starting testenv with system() from e576bf5 s3: Fix opening a file under kernel oplocks http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7d0a9f5a06c807855335b9553a15ba312a7562ff Author: Andrew Bartlett abart...@samba.org Date: Sat Sep 29 20:40:13 2012 +1000 selftest: use an array when starting testenv with system() By reduing the need for escapes and forcing the use of bash, this seems to allow 'make testenv' to start on FreeBSD Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Sun Sep 30 02:30:40 CEST 2012 on sn-devel-104 --- Summary of changes: selftest/selftest.pl | 14 +++--- 1 files changed, 11 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/selftest.pl b/selftest/selftest.pl index b636910..b50853e 100755 --- a/selftest/selftest.pl +++ b/selftest/selftest.pl @@ -838,8 +838,13 @@ if ($opt_testenv) { my $envvarstr = exported_envvars_str($testenv_vars); - my $term = ($ENV{TERMINAL} or xterm -e); - system($term 'echo -e \ + my @term = (); + if ($ENV{TERMINAL}) { + @term = ($ENV{TERMINAL}); + } else { + @term = (xterm, -e); + } + my @term_args = (bash, -c, echo -e \ Welcome to the Samba4 Test environment '$testenv_name' This matches the client environment used in make test @@ -850,7 +855,10 @@ TORTURE_OPTIONS=\$TORTURE_OPTIONS SMB_CONF_PATH=\$SMB_CONF_PATH $envvarstr -\ LD_LIBRARY_PATH=$ENV{LD_LIBRARY_PATH} bash'); +\ LD_LIBRARY_PATH=$ENV{LD_LIBRARY_PATH} bash); + + system(@term, @term_args); + teardown_env($testenv_name); } elsif ($opt_list) { foreach (@todo) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 968da5f nsswitch: Add waf tests for solaris special cases via 128fb54 build: Remove unused --with-sys-quotas option via afbc87b build: Set HAVE_SYS_QUOTAS and WITH_QUOTAS if we have any supported sysquota backend via 7ad1971 build: Remove unused samba_cv_sysquotas_file variable from autoconf configure via e1f17ee build: Add waf configure support for non-linux quotas from 11634e6 smb.conf(5): Remove documentation for removed 'lock spin count' parameter. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 968da5f890a978f482f56f9eaff0c56a0d52980c Author: Andrew Bartlett abart...@samba.org Date: Wed Sep 26 18:09:20 2012 +1000 nsswitch: Add waf tests for solaris special cases These are in configure.in for autoconf. Found in the config.h comparison on the smbtorture4 build. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Sep 26 11:50:10 CEST 2012 on sn-devel-104 commit 128fb54ab4feb0c665f438f56dca5f734e355be1 Author: Andrew Bartlett abart...@samba.org Date: Wed Sep 26 13:10:17 2012 +1000 build: Remove unused --with-sys-quotas option commit afbc87b8cc5b068feadb773bdf755abc26f7d0db Author: Andrew Bartlett abart...@samba.org Date: Wed Sep 26 12:42:15 2012 +1000 build: Set HAVE_SYS_QUOTAS and WITH_QUOTAS if we have any supported sysquota backend commit 7ad1971e2240eccda70783c4de77b7c5bc7893d3 Author: Andrew Bartlett abart...@samba.org Date: Wed Sep 26 12:33:50 2012 +1000 build: Remove unused samba_cv_sysquotas_file variable from autoconf configure commit e1f17eef970cd8432a3391b0bb79de4857fac177 Author: Andrew Bartlett abart...@samba.org Date: Wed Sep 26 12:33:13 2012 +1000 build: Add waf configure support for non-linux quotas --- Summary of changes: nsswitch/wscript_configure | 16 source3/configure.in |3 --- source3/wscript| 44 +--- 3 files changed, 57 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/wscript_configure b/nsswitch/wscript_configure index 7d6ea82..3048f48 100644 --- a/nsswitch/wscript_configure +++ b/nsswitch/wscript_configure @@ -4,3 +4,19 @@ conf.CHECK_HEADERS('nss.h nss_common.h ns_api.h') conf.CHECK_HEADERS('security/pam_appl.h security/pam_modules.h pam/pam_modules.h', together=True) conf.CHECK_FUNCS_IN('pam_start', 'pam', checklibc=True, headers='security/pam_appl.h') + +# Solaris 10 does have new member in nss_XbyY_key +conf.CHECK_STRUCTURE_MEMBER('union nss_XbyY_key', 'ipnode.af_family', +define='HAVE_NSS_XBYY_KEY_IPNODE', +headers='nss_dbdefs.h') + +# Solaris has some extra fields in struct passwd that need to be +# initialised otherwise nscd crashes. + +conf.CHECK_STRUCTURE_MEMBER('struct passwd', 'pw_comment', +define='HAVE_PASSWD_PW_COMMENT', +headers='pwd.h') + +conf.CHECK_STRUCTURE_MEMBER('struct passwd', 'pw_age', +define='HAVE_PASSWD_PW_AGE', +headers='pwd.h') diff --git a/source3/configure.in b/source3/configure.in index 489b017..5045742 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -4539,7 +4539,6 @@ case $host_os in *linux*) samba_cv_SYSQUOTA_FOUND=yes AC_DEFINE(HAVE_QUOTACTL_LINUX,1,[Whether Linux quota support is available]) - samba_cv_sysquotas_file=lib/sysquotas_linux.c AC_MSG_CHECKING(whether to use the lib/sysquotas_linux.c builtin support) AC_MSG_RESULT(yes) @@ -4623,7 +4622,6 @@ AC_TRY_RUN_STRICT([ if test x$samba_cv_HAVE_QUOTACTL_4A = xyes; then samba_cv_SYSQUOTA_FOUND=yes; AC_DEFINE(HAVE_QUOTACTL_4A,1,[Whether long quotactl(int cmd, char *special, qid_t id, caddr_t addr) is available]) -samba_cv_sysquotas_file=lib/sysquotas_4A.c fi fi @@ -4638,7 +4636,6 @@ AC_TRY_RUN_STRICT([ if test x$samba_cv_HAVE_QUOTACTL_4B = xyes; then samba_cv_SYSQUOTA_FOUND=yes; AC_DEFINE(HAVE_QUOTACTL_4B,1,[Whether int quotactl(const char *path, int cmd, int id, char *addr) is available]) -samba_cv_sysquotas_file=lib/sysquotas_4B.c AC_CHECK_MEMBERS([struct dqblk.dqb_curbytes], # Darwin bytecount style [ AC_DEFINE([HAVE_STRUCT_DQBLK_DQB_CURBYTES],[1],[darwin style quota bytecount])],, [#include sys/types.h diff --git a/source3/wscript b/source3/wscript index cb76293..3815c7c 100644 --- a/source3/wscript +++ b/source3/wscript @@ -31,7 +31,6 @@ def set_options(opt): opt.SAMBA3_ADD_OPTION('pam') opt.SAMBA3_ADD_OPTION('pam_smbpass') opt.SAMBA3_ADD_OPTION('quotas
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1c1ae6d docs: Change TOSHARG-VFS to avoid suggesting VFS modules are Linux/IRIX only via a92d95b docs: Remove mention of auth methods in TOSHARG-Passdb via 39b1ce1 docs: Fix typo in TOSHARG-Passdb via e3f554a docs: Remove Win9X/WinMe mentions from TOSHARG-PDC via f82affa docs: Add mention of AD DC support in TOSHARG-PDC via 6fcb95b docs: Explain the no-domain-logons restriction applies to all HOME editions via 3be323c docs: Remove references to default paramters in TOSHARG-PDC via f3ab050 docs: Update TOSHARG-Install via c4f143f client: Fix talloc_stackframe() free order assertion in developer mode from 6749cfb replace: Avoid returning value in void setproctitle() replacement. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1c1ae6d639364533c4b23cb71c471d0d46bfff36 Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 25 11:05:37 2012 +1000 docs: Change TOSHARG-VFS to avoid suggesting VFS modules are Linux/IRIX only Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Sep 25 08:27:15 CEST 2012 on sn-devel-104 commit a92d95b1773cb024349a0a06432b685d69d59976 Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 25 11:05:01 2012 +1000 docs: Remove mention of auth methods in TOSHARG-Passdb This is not connected to the passdb system, and we should not encourage setting of auth methods in any case. Andrew Bartlett commit 39b1ce102d4d8bca472ae96966e2afab83e8f1c0 Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 25 11:04:14 2012 +1000 docs: Fix typo in TOSHARG-Passdb commit e3f554a99f3871eabac35db1ba3236772ef58f64 Author: Andrew Bartlett abart...@samba.org Date: Sun Sep 23 04:55:20 2012 +1000 docs: Remove Win9X/WinMe mentions from TOSHARG-PDC commit f82affaa6defef52696f69f114143cfb80fee241 Author: Andrew Bartlett abart...@samba.org Date: Sun Sep 23 04:54:24 2012 +1000 docs: Add mention of AD DC support in TOSHARG-PDC commit 6fcb95bad7db8f970ae6c74f1fdd7b4c2a41f25c Author: Andrew Bartlett abart...@samba.org Date: Sun Sep 23 04:53:55 2012 +1000 docs: Explain the no-domain-logons restriction applies to all HOME editions commit 3be323c6110f1a241f86aacb94c8ff1ba69351c5 Author: Andrew Bartlett abart...@samba.org Date: Sun Sep 23 04:52:56 2012 +1000 docs: Remove references to default paramters in TOSHARG-PDC commit f3ab05003ea94ba2717b544d912ec3e15fb629d5 Author: Andrew Bartlett abart...@samba.org Date: Sun Sep 23 03:09:32 2012 +1000 docs: Update TOSHARG-Install - winbindd runs as many processes now - open_oplock_ipc errors do not happen any more, we do not use UDP messaging any more. Andrew Bartlett commit c4f143f9d7a1502712d8a6b1c872a13632a5cff3 Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 25 10:41:05 2012 +1000 client: Fix talloc_stackframe() free order assertion in developer mode Reported-by: Ricky Nance ricky.na...@weaubleau.k12.mo.us --- Summary of changes: docs-xml/Samba3-HOWTO/TOSHARG-Install.xml | 20 +-- docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml | 386 ++--- docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml | 14 +- docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml |3 +- source3/client/client.c |1 + 5 files changed, 76 insertions(+), 348 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml index 673ba93..88e0ed8 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml @@ -657,24 +657,8 @@ The following questions and issues are raised repeatedly on the Samba mailing li /para para - winbindd; will run as one or two daemons, depending on whether or not it is being - run in emphasissplit mode/emphasis (in which case there will be two instances). - /para - - /sect2 - - sect2 - titleError Message: open_oplock_ipc/title - - para - An error message is observed in the log files when smbd; is started: quoteopen_oplock_ipc: Failed to - get local UDP socket for address 17f. Error was Cannot assign requested./quote - /para - - para - Your loopback device isn't working correctly. Make sure it is configured correctly. The loopback - device is an internal (virtual) network device with the IP address emphasis127.0.0.1/emphasis. - Read your OS documentation for details on how to configure the loopback on your system. + winbindd; will run as many processes depending in part on how many + domains it needs to contact. /para
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3902e73 lib/util/charset: We do not use fucntions from wchar.h any more via 1c5c96d lib/util/charset: Try to find iconv on HP-UX via 6146b60 wscript: Removed executable bit. from 7600fd8 s3: Factor out calculate_open_access_flags http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3902e7332d3d79c257fca451635d08a58d327d70 Author: Andrew Bartlett abart...@samba.org Date: Wed Sep 26 08:10:29 2012 +1000 lib/util/charset: We do not use fucntions from wchar.h any more Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Sep 26 02:13:10 CEST 2012 on sn-devel-104 commit 1c5c96d7cd63ad1d46fb120119c5ad6594e103cf Author: Andrew Bartlett abart...@samba.org Date: Wed Sep 26 07:41:38 2012 +1000 lib/util/charset: Try to find iconv on HP-UX commit 6146b609e7add16a34067a4c40902f63d19fe5fe Author: Ricky Nance ricky.na...@weaubleau.k12.mo.us Date: Tue Sep 25 01:10:42 2012 -0500 wscript: Removed executable bit. Removed the executable for both wscript and wscript_build. --- Summary of changes: lib/util/charset/wscript_configure | 11 --- source3/passdb/pdb_nds.c |1 - source3/registry/reg_parse.c |1 - 3 files changed, 4 insertions(+), 9 deletions(-) mode change 100755 = 100644 wscript mode change 100755 = 100644 wscript_build Changeset truncated at 500 lines: diff --git a/lib/util/charset/wscript_configure b/lib/util/charset/wscript_configure index 98756fe..804c266 100644 --- a/lib/util/charset/wscript_configure +++ b/lib/util/charset/wscript_configure @@ -10,12 +10,9 @@ conf.CHECK_LIB(libs=iconv, shlib=True) +#HP-UX can use libiconv as an add-on package, which has #define iconv_open libiconv_open if (conf.CHECK_FUNCS_IN('iconv_open', 'iconv', checklibc=False, headers='iconv.h') or +conf.CHECK_FUNCS_IN('libiconv_open', 'iconv', checklibc=False, headers='iconv.h') or conf.CHECK_FUNCS('iconv_open', headers='iconv.h')): -if conf.env['HAVE_LIBICONV']: -if conf.CHECK_FUNCS('mbrtowc', headers='wchar.h'): -conf.DEFINE('HAVE_NATIVE_ICONV', 1) -elif conf.env.LIB_ICONV: -del conf.env['LIB_ICONV'] -else: -conf.DEFINE('HAVE_NATIVE_ICONV', 1) + +conf.DEFINE('HAVE_NATIVE_ICONV', 1) diff --git a/source3/passdb/pdb_nds.c b/source3/passdb/pdb_nds.c index 3e1bdfc..cce4937 100644 --- a/source3/passdb/pdb_nds.c +++ b/source3/passdb/pdb_nds.c @@ -23,7 +23,6 @@ #include lber.h #include ldap.h -#include wchar.h #include smbldap.h #include passdb/pdb_ldap.h diff --git a/source3/registry/reg_parse.c b/source3/registry/reg_parse.c index babf5c0..c276c7e 100644 --- a/source3/registry/reg_parse.c +++ b/source3/registry/reg_parse.c @@ -34,7 +34,6 @@ #include reg_format.h #include stdio.h -#include wchar.h #include talloc.h #include stdbool.h #include string.h diff --git a/wscript b/wscript old mode 100755 new mode 100644 diff --git a/wscript_build b/wscript_build old mode 100755 new mode 100644 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3c4d0ce samba_dnsupdate: Safely update/create names for Samba3 targets as well via 6d7c651 samba_dnsupdate: Move to using tmpfile/rename to keep the dns_hosts_file consistent via b320e7f selftest: Remove invalid security=share and rename secshare to simpleserver from 83f6067 Fix bug #9213 - Bad ASN.1 NegTokenInit packet can cause invalid free. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3c4d0ce46995f82921f538757783fa7a678a7fc1 Author: Andrew Bartlett abart...@samba.org Date: Wed Sep 26 10:02:43 2012 +1000 samba_dnsupdate: Safely update/create names for Samba3 targets as well This avoids unlocked writes to the dns_hosts_file, and may fix some of our issues on the build farm where large numbers of tests fail due to failed name resolution. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Sep 26 05:48:25 CEST 2012 on sn-devel-104 commit 6d7c651f2f61b481c1e1ade1e2e0e756ccef2210 Author: Andrew Bartlett abart...@samba.org Date: Wed Sep 26 09:48:48 2012 +1000 samba_dnsupdate: Move to using tmpfile/rename to keep the dns_hosts_file consistent This may be the cause of some of the large failure modes on the build farm. Andrew Bartlett commit b320e7f93b5905558efa879992c125af66f0043c Author: Andrew Bartlett abart...@samba.org Date: Wed Sep 26 10:40:17 2012 +1000 selftest: Remove invalid security=share and rename secshare to simpleserver This avoids the loadparm code failing due to the invalid smb.conf entry, and removes the very last hint of security=share! Andrew Bartlett --- Summary of changes: selftest/target/Samba3.pm | 24 +--- source3/Makefile.in |2 +- source3/selftest/tests.py |6 +++--- source4/scripting/bin/samba_dnsupdate | 29 +++-- 4 files changed, 40 insertions(+), 21 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index c1f8fbd..df8b55c 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -153,8 +153,8 @@ sub setup_env($$$) if ($envname eq s3dc) { return $self-setup_s3dc($path/s3dc); - } elsif ($envname eq secshare) { - return $self-setup_secshare($path/secshare); + } elsif ($envname eq simpleserver) { + return $self-setup_simpleserver($path/simpleserver); } elsif ($envname eq maptoguest) { return $self-setup_maptoguest($path/maptoguest); } elsif ($envname eq ktest) { @@ -337,7 +337,7 @@ sub setup_admember() return $ret; } -sub setup_secshare($$) +sub setup_simpleserver($$) { my ($self, $path) = @_; my $vfs_modulesdir_abs = $ENV{VFSLIBDIR}; @@ -346,8 +346,7 @@ sub setup_secshare($$) my $prefix_abs = abs_path($path); - my $secshare_options = - security = share + my $simpleserver_options = lanman auth = yes vfs objects = $vfs_modulesdir_abs/xattr_tdb.so $vfs_modulesdir_abs/streams_depot.so @@ -361,7 +360,7 @@ sub setup_secshare($$) my $vars = $self-provision($path, LOCALSHARE4, local4pass, - $secshare_options); + $simpleserver_options); $vars or return undef; @@ -371,7 +370,7 @@ sub setup_secshare($$) return undef; } - $self-{vars}-{secshare} = $vars; + $self-{vars}-{simpleserver} = $vars; return $vars; } @@ -1068,10 +1067,13 @@ domusers:X:$gid_domusers: } print DONE\n; - open(HOSTS, $ENV{SELFTEST_PREFIX}/dns_host_file) or die(Unable to open $ENV{SELFTEST_PREFIX}/dns_host_file); - print HOSTS A $server. $server_ip -; - close(HOSTS); + open(DNS_UPDATE_LIST, $prefix/dns_update_list) or die(Unable to open $$prefix/dns_update_list); + print DNS_UPDATE_LIST A $server. $server_ip; + close(DNS_UPDATE_LIST); + +if (system($ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate --all-interfaces --use-file=$dns_host_file -s $conffile --update-list=$prefix/dns_update_list --no-substiutions --no-credentials) != 0) { +die Unable to update hostname into $dns_host_file; +} $ret{SERVER_IP} = $server_ip; $ret{NMBD_TEST_LOG} = $prefix/nmbd_test.log; diff --git a/source3/Makefile.in b/source3/Makefile.in index 2ad8ecc..0e72fea 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -3328,7 +3328,7 @@ test:: all torture timelimit VFSLIBDIR
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 67230c4 build: Fix detection of quotas on macos from 13c2878 s3-pylibsmb: Use Py_RETURN_NONE http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 67230c43db5eb955c89ccc89d8e8d8aca1f35a1c Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 24 18:02:01 2012 +1000 build: Fix detection of quotas on macos This is a weird one. While visually OK, the . in sys/types.h was not made up of the typical ASCII character, so of course did not find types.h! Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Mon Sep 24 12:24:45 CEST 2012 on sn-devel-104 --- Summary of changes: source3/configure.in |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/configure.in b/source3/configure.in index 89e813e..489b017 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -4641,7 +4641,7 @@ if test x$samba_cv_HAVE_QUOTACTL_4B = xyes; then samba_cv_sysquotas_file=lib/sysquotas_4B.c AC_CHECK_MEMBERS([struct dqblk.dqb_curbytes], # Darwin bytecount style [ AC_DEFINE([HAVE_STRUCT_DQBLK_DQB_CURBYTES],[1],[darwin style quota bytecount])],, - [#include sys/typeѕ.h + [#include sys/types.h #include sys/quota.h]) fi -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8e5f30c build: Remove unused define UNIXWARE via ffb3f2a lib/replace: Remove unused nap and therefore the SCO define via 0f69bf2 build: Make waf configure match autoconf for HPUX ACLs via e0bcce5 build: Rework waf STAT_ST_BLOCKSIZE to match autoconf, with 512 as the default via 73bdb2a lib/util: Remove unbuilt file util_getent.c and BROKEN_GETGRNAM via 41b9cb3 build: Remove unused IRIX and IRIX6 defines via 502135d lib/replace: Try to fix build on HP-UX for os2_delete test via 08d3062 ntdb: Try to fix the build on Solaris which does not have err from a4c54f6 s4:torture:smb2: add a durable-open.read-only test http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8e5f30c830c23d8223c38e34669f069e44fee64b Author: Andrew Bartlett abart...@samba.org Date: Sun Sep 23 14:37:24 2012 +1000 build: Remove unused define UNIXWARE Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Sun Sep 23 08:33:02 CEST 2012 on sn-devel-104 commit ffb3f2a19f4780e45ea0b95520aeb73c20893c44 Author: Andrew Bartlett abart...@samba.org Date: Sun Sep 23 14:35:58 2012 +1000 lib/replace: Remove unused nap and therefore the SCO define In any case, the Samba Team stopped supporting SCO systems a long time ago. Andrew Bartlett commit 0f69bf2cc9ce8ab76afefa693f3d50e458459854 Author: Andrew Bartlett abart...@samba.org Date: Sun Sep 23 14:30:37 2012 +1000 build: Make waf configure match autoconf for HPUX ACLs commit e0bcce55033f27ffa734b839e23bc731d82614f0 Author: Andrew Bartlett abart...@samba.org Date: Sun Sep 23 14:30:10 2012 +1000 build: Rework waf STAT_ST_BLOCKSIZE to match autoconf, with 512 as the default The autoconf build simply has 512 as the default, without a warning. Rather than enumerate every OS ever made, just handle the known exceptions. Andrew Bartlett commit 73bdb2a6c2f04c22780e2441a3e671722b16dfab Author: Andrew Bartlett abart...@samba.org Date: Sun Sep 23 14:25:00 2012 +1000 lib/util: Remove unbuilt file util_getent.c and BROKEN_GETGRNAM Removing this unbuilt file allows removing BROKEN_GETGRNAM which was only ever defined per-OS, not based on an actual test. Andrew Bartlett commit 41b9cb32ce82a33b5dd8f5bd00d05ac0708a5a4d Author: Andrew Bartlett abart...@samba.org Date: Sun Sep 23 13:57:44 2012 +1000 build: Remove unused IRIX and IRIX6 defines commit 502135df9f0d839e75907260f5dcdab4052d995e Author: Andrew Bartlett abart...@samba.org Date: Sun Sep 23 13:39:01 2012 +1000 lib/replace: Try to fix build on HP-UX for os2_delete test The issue is that this file is both used in an autoconf test, and later in a smbtorture test. Because os2_delete.c does not include replace.h, bool may not be defined. So, instead we shift the need for bool to a different header. (The readdir tests in repdir.m4 are not yet in the waf configure). Andrew Bartlett commit 08d3062fc3ece6b5d98e32bad5f1d54c088b0dd0 Author: Andrew Bartlett abart...@samba.org Date: Sun Sep 23 13:20:45 2012 +1000 ntdb: Try to fix the build on Solaris which does not have err --- Summary of changes: lib/ccan/wscript|2 +- lib/ntdb/wscript|2 +- lib/replace/replace-test.h |4 - lib/replace/replace-testsuite.h | 10 ++ lib/replace/replace.c | 10 -- lib/replace/test/main.c |4 +- lib/replace/test/testsuite.c|6 +- lib/util/util_getent.c | 283 --- source3/configure.in| 18 +-- source3/wscript | 20 ++- source4/torture/local/local.c |2 +- 11 files changed, 33 insertions(+), 328 deletions(-) create mode 100644 lib/replace/replace-testsuite.h delete mode 100644 lib/util/util_getent.c Changeset truncated at 500 lines: diff --git a/lib/ccan/wscript b/lib/ccan/wscript index be5eab2..334f8fe 100644 --- a/lib/ccan/wscript +++ b/lib/ccan/wscript @@ -147,11 +147,11 @@ def build(bld): ccan_module(bld, 'endian') ccan_module(bld, 'likely', 'ccan-str') ccan_module(bld, 'typesafe_cb') +ccan_module(bld, 'err', 'ccan-compiler') # Failtest pulls in a lot of stuff, and it's only for unit tests. if bld.env.DEVELOPER_MODE: ccan_module(bld, 'container_of', 'ccan-check_type') -ccan_module(bld, 'err', 'ccan-compiler') ccan_module(bld, 'htable', 'ccan-compiler') ccan_module(bld, 'list', 'ccan-container_of') ccan_module(bld, 'time') diff --git a/lib/ntdb/wscript b/lib/ntdb/wscript index 39802db..1a4b02b 100644 --- a/lib/ntdb/wscript +++ b/lib/ntdb/wscript @@ -155,7 +155,7 @@ def build(bld
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via fe2071c build: Fix enabled handling for HAVE_LDAP, we need to use bld.CONFIG_SET via b8eaa57 build: Try not build with LDAP if we do not have ldap.h from cb157e1 s4:dns.py: reproducer for (bug #9184) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fe2071cd3bae655b9aa7908059f0e19520e2db90 Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 21 22:27:24 2012 -0700 build: Fix enabled handling for HAVE_LDAP, we need to use bld.CONFIG_SET Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Sat Sep 22 09:09:17 CEST 2012 on sn-devel-104 commit b8eaa57a100818d337c85ac42828801a59062587 Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 21 21:57:22 2012 -0700 build: Try not build with LDAP if we do not have ldap.h --- Summary of changes: source3/passdb/wscript_build |2 +- source3/winbindd/wscript_build | 12 ++-- source3/wscript|2 +- source3/wscript_build |4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/passdb/wscript_build b/source3/passdb/wscript_build index d26afc2..03a0df4 100644 --- a/source3/passdb/wscript_build +++ b/source3/passdb/wscript_build @@ -19,7 +19,7 @@ bld.SAMBA3_MODULE('pdb_ldap', source=PDB_LDAP_SRC, init_function='', internal_module=bld.SAMBA3_IS_STATIC_MODULE('pdb_ldap'), - enabled=bld.SAMBA3_IS_ENABLED_MODULE('pdb_ldap') and bld.env.HAVE_LDAP) + enabled=bld.SAMBA3_IS_ENABLED_MODULE('pdb_ldap') and bld.CONFIG_SET('HAVE_LDAP')) bld.SAMBA3_MODULE('pdb_smbpasswd', subsystem='pdb', diff --git a/source3/winbindd/wscript_build b/source3/winbindd/wscript_build index 302b9ee..0d826f0 100644 --- a/source3/winbindd/wscript_build +++ b/source3/winbindd/wscript_build @@ -32,7 +32,7 @@ bld.SAMBA3_SUBSYSTEM('IDMAP_AD', source=IDMAP_AD_SRC, deps='ads nss_info', vars=locals(), -enabled=bld.env.HAVE_LDAP) +enabled=bld.CONFIG_SET(HAVE_LDAP)) bld.SAMBA3_MODULE('idmap_ad', subsystem='idmap', @@ -41,7 +41,7 @@ bld.SAMBA3_MODULE('idmap_ad', deps='IDMAP_AD', init_function='', internal_module=bld.SAMBA3_IS_STATIC_MODULE('idmap_ad'), - enabled=bld.SAMBA3_IS_ENABLED_MODULE('idmap_ad') and bld.env.HAVE_LDAP) + enabled=bld.SAMBA3_IS_ENABLED_MODULE('idmap_ad') and bld.CONFIG_SET(HAVE_LDAP)) bld.SAMBA3_MODULE('idmap_rid', subsystem='idmap', @@ -65,7 +65,7 @@ bld.SAMBA3_MODULE('idmap_ldap', deps='smbldap smbldaphelper pdb', init_function='', internal_module=bld.SAMBA3_IS_STATIC_MODULE('idmap_ldap'), - enabled=bld.SAMBA3_IS_ENABLED_MODULE('idmap_ldap') and bld.env.HAVE_LDAP) + enabled=bld.SAMBA3_IS_ENABLED_MODULE('idmap_ldap') and bld.CONFIG_SET(HAVE_LDAP)) bld.SAMBA3_MODULE('idmap_nss', subsystem='idmap', @@ -143,7 +143,7 @@ bld.SAMBA3_MODULE('nss_info_rfc2307', allow_undefined_symbols=True, init_function='', internal_module=bld.SAMBA3_IS_STATIC_MODULE('idmap_ad'), - enabled=bld.SAMBA3_IS_ENABLED_MODULE('idmap_ad') and bld.env.HAVE_LDAP) + enabled=bld.SAMBA3_IS_ENABLED_MODULE('idmap_ad') and bld.CONFIG_SET(HAVE_LDAP)) bld.SAMBA3_MODULE('nss_info_sfu20', subsystem='nss_info', @@ -152,7 +152,7 @@ bld.SAMBA3_MODULE('nss_info_sfu20', allow_undefined_symbols=True, init_function='', internal_module=bld.SAMBA3_IS_STATIC_MODULE('idmap_ad'), - enabled=bld.SAMBA3_IS_ENABLED_MODULE('idmap_ad') and bld.env.HAVE_LDAP) + enabled=bld.SAMBA3_IS_ENABLED_MODULE('idmap_ad') and bld.CONFIG_SET(HAVE_LDAP)) bld.SAMBA3_MODULE('nss_info_sfu', subsystem='nss_info', @@ -161,4 +161,4 @@ bld.SAMBA3_MODULE('nss_info_sfu', allow_undefined_symbols=True, init_function='', internal_module=bld.SAMBA3_IS_STATIC_MODULE('idmap_ad'), - enabled=bld.SAMBA3_IS_ENABLED_MODULE('idmap_ad') and bld.env.HAVE_LDAP) + enabled=bld.SAMBA3_IS_ENABLED_MODULE('idmap_ad') and bld.CONFIG_SET(HAVE_LDAP)) diff --git a/source3/wscript b/source3/wscript index d0e76f3..23ea327 100644 --- a/source3/wscript +++ b/source3/wscript @@ -541,7 +541,7 @@ msg.msg_acctrightslen = sizeof(fd); conf.DEFINE('LDAP_SET_REBIND_PROC_ARGS
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d59688a auth/kerberos: add HAVE_KRB5 guard to fix non-krb5 build after winbindd pac changes from 7a493fd s3:smbd: release the share mode lock before calling exit_server() (bug #9191) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d59688a8e749454a59174b545f152a5c2880f999 Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 21 15:59:11 2012 -0700 auth/kerberos: add HAVE_KRB5 guard to fix non-krb5 build after winbindd pac changes Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Sat Sep 22 02:44:07 CEST 2012 on sn-devel-104 --- Summary of changes: auth/kerberos/pac_utils.h |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/auth/kerberos/pac_utils.h b/auth/kerberos/pac_utils.h index b9b6664..d09e7b6 100644 --- a/auth/kerberos/pac_utils.h +++ b/auth/kerberos/pac_utils.h @@ -21,6 +21,8 @@ #ifndef _PAC_UTILS_H #define _PAC_UTILS_H +#ifdef HAVE_KRB5 + #include lib/krb5_wrap/krb5_samba.h #include lib/krb5_wrap/gss_samba.h @@ -65,4 +67,5 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx, char *gssapi_error_string(TALLOC_CTX *mem_ctx, OM_uint32 maj_stat, OM_uint32 min_stat, const gss_OID mech); +#endif /* HAVE_KRB5 */ #endif /* _PAC_UTILS_H */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 914b02b libwbclient: bump ABI to 0.11 as wbcAuthenticateUserEx now provides PAC parsing via d9747b1 s4-torture: Complete test for winbindd PAC parsing via 05befd2 auth/kerberos: Adjust log level for failed PAC signature verification via 1bc2f28 winbind: Extend wbcAuthenticateUserEx to provide PAC via 8a6a13a auth: Fix some nonempty blank lines from 0231575 waf: Make samba ok with directories for install being symlinks http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 914b02be5a3e7805110f517e39ed9f6fe760c2bc Author: Andrew Bartlett abart...@samba.org Date: Thu Sep 20 19:46:31 2012 -0700 libwbclient: bump ABI to 0.11 as wbcAuthenticateUserEx now provides PAC parsing Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Fri Sep 21 06:37:15 CEST 2012 on sn-devel-104 commit d9747b15c4a737a1422d0156d92efed762bb672d Author: Christof Schmitt christof.schm...@us.ibm.com Date: Thu Sep 20 18:30:07 2012 -0700 s4-torture: Complete test for winbindd PAC parsing Decode the PAC through the wbcAuthenticateUserEx call, also decode it locally and compare the result. Signed-off-by: Andrew Bartlett abart...@samba.org commit 05befd2f734d3962619ebc0cc137bbe5cedfd81d Author: Christof Schmitt christof.schm...@us.ibm.com Date: Mon Jul 30 11:03:54 2012 -0700 auth/kerberos: Adjust log level for failed PAC signature verification With winbindd trying to verify the signature of an application provided PAC, this message can be easily triggered. Adjust the debug level to avoid filling up the logs. Signed-off-by: Andrew Bartlett abart...@samba.org commit 1bc2f28b9420829645ed571daf2a17e6688b2103 Author: Christof Schmitt christof.schm...@us.ibm.com Date: Wed Jul 18 14:38:47 2012 -0700 winbind: Extend wbcAuthenticateUserEx to provide PAC With this new interface, external applications that have authenticated to an ADS can pass the PAC from the Kerberos ticket to wbcAuthenticateUserEx. winbindd decodes and extracts the info3 information for the external application. If winbindd can verify the PAC signature, the info3 from the PACis also added to the netsamlogon_cache. The info3 data can be used by the external application to get the uid and primary gid. The data in netsamlogon_cache allows to retrieve the complete group list through the NSS function getgrouplist. Signed-off-by: Andrew Bartlett abart...@samba.org commit 8a6a13ab51f404525ff18f65d5a22132c465898e Author: Volker Lendecke v...@samba.org Date: Tue Sep 18 10:34:48 2012 -0700 auth: Fix some nonempty blank lines Signed-off-by: Andrew Bartlett abart...@samba.org --- Summary of changes: auth/gensec/spnego.c | 120 +- auth/kerberos/kerberos_pac.c |2 +- .../ABI/{wbclient-0.10.sigs = wbclient-0.11.sigs} |0 nsswitch/libwbclient/wbc_pam.c | 16 +++- nsswitch/libwbclient/wbclient.h| 45 --- nsswitch/libwbclient/wscript |2 +- nsswitch/winbind_struct_protocol.h |1 + source3/winbindd/winbindd_pam.c| 128 +++- source3/winbindd/winbindd_pam_auth_crap.c | 23 source3/winbindd/winbindd_proto.h |8 ++ source4/torture/winbind/winbind.c | 92 +- 11 files changed, 340 insertions(+), 97 deletions(-) copy nsswitch/libwbclient/ABI/{wbclient-0.10.sigs = wbclient-0.11.sigs} (100%) Changeset truncated at 500 lines: diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c index 5923200..da1fc0e 100644 --- a/auth/gensec/spnego.c +++ b/auth/gensec/spnego.c @@ -2,7 +2,7 @@ Unix SMB/CIFS implementation. RFC2478 Compliant SPNEGO implementation - + Copyright (C) Jim McDonough j...@us.ibm.com 2003 Copyright (C) Andrew Bartlett abart...@samba.org 2004-2005 Copyright (C) Stefan Metzmacher me...@samba.org 2004-2008 @@ -11,13 +11,13 @@ it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/. */ @@ -121,7 +121,7 @@ static NTSTATUS gensec_spnego_unseal_packet
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ffd61e2 ldb: bump version to 1.1.13 so the 4.0 release can get the isprint fix via 0eae4cd docs: Remove another reference to security=share via 8e95dee docs: Remove references to specific windows versions, instead mention Home/Professional/Server via 36bfb1e docs: Remove references to mulitple passdb backends via e221985 docs: Remove references to sysv-style CUPS from TOSHARG-CUPS-printing via d4efb94 docs: Remove very outdated TOSHARG-Other-Clients section via cbfeba7 docs: Remove very outdated TOSHARG-Portability section via 6786efa docs: Update FastStart: remove security=share, avoid disable spoolss via 6bc8616 docs: Clarify TOSHARG-Bugs for 2012 via 27359ac docs: Remove reference to inetd startup, it is not recommended via 64e3f1c docs: Update BDC docs to recognise the AD DC and to exclusivly recommend LDAP via 4de3718 docs: Remove referenece to old Red Hat Linux habits on winbindd via a5084a3 docs: Remove referenece to autogen.sh and document waf build instead via f995749 docs: Remove out of date links to pserver.samba.org and old tarballs via 0d73ce1 docs: Remove references to Subversion, replace with wiki link via 2dcc4fe docs: Remove references to old kerberos behaviour via 48e547c docs: Remove confusing reference to smb signing and client use spnego from b06dbfb s3:libsmb fix a double free error http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ffd61e2bbf46ab8660c32b90c547beb8b77fcb9d Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 17 11:57:33 2012 -0700 ldb: bump version to 1.1.13 so the 4.0 release can get the isprint fix Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Mon Sep 17 23:47:57 CEST 2012 on sn-devel-104 commit 0eae4cd787179b40375e298cfd95df817c67a94f Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 17 11:56:28 2012 -0700 docs: Remove another reference to security=share commit 8e95dee5cfc4175c7a93f1c55b08db8ab5f822c3 Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 17 11:56:08 2012 -0700 docs: Remove references to specific windows versions, instead mention Home/Professional/Server The flavours of windows seem to last longer than the individual products. Andrew Bartlett commit 36bfb1e2282d24d2cc20f812bc59ea1ede0e660c Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 17 11:55:12 2012 -0700 docs: Remove references to mulitple passdb backends These are long-gone and confusing. Andrew Bartlett commit e2219850d604470e484e9f8eb6e573c97d474298 Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 17 11:54:25 2012 -0700 docs: Remove references to sysv-style CUPS from TOSHARG-CUPS-printing This also simplifies the cups config by not duplicating the printcap name parameter that is already set by default when printing=cups is set. Andrew Bartlett commit d4efb94dbb3121ccaf17366585ba7ca325f8d699 Author: Andrew Bartlett abart...@samba.org Date: Sat Sep 15 15:55:55 2012 -0700 docs: Remove very outdated TOSHARG-Other-Clients section commit cbfeba71bcd2223c8e919c7d7d73597b03d12b99 Author: Andrew Bartlett abart...@samba.org Date: Sat Sep 15 15:52:47 2012 -0700 docs: Remove very outdated TOSHARG-Portability section commit 6786efa358b471956b017570938676e2306d29c5 Author: Andrew Bartlett abart...@samba.org Date: Sat Sep 15 12:53:37 2012 -0700 docs: Update FastStart: remove security=share, avoid disable spoolss As I understand it, all printing is via spoolss, so do not disable it! Andrew Bartlett commit 6bc861663526e1234899ca5815df7a3c122c2b2e Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 14 23:13:33 2012 -0700 docs: Clarify TOSHARG-Bugs for 2012 commit 27359acf59cc7899e8de164f9311ef3b2b6db85a Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 14 23:08:53 2012 -0700 docs: Remove reference to inetd startup, it is not recommended commit 64e3f1c637b940e60d3d6988a033f4d391b7dab9 Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 14 23:06:59 2012 -0700 docs: Update BDC docs to recognise the AD DC and to exclusivly recommend LDAP The confusing references to the not-recommended techniques and outdated steps (like net rpc getsid, replaced by simply having the SID just be in LDAP) just detract from the clarity of this document. Andrew Bartlett commit 4de371818504c522613845a1ae4fa97a69bcf412 Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 14 22:30:06 2012 -0700 docs: Remove referenece to old Red Hat Linux habits on winbindd commit a5084a3077b0fecde0772e99302e0e7353c59da3 Author: Andrew Bartlett abart...@samba.org Date: Fri Sep
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 35a4a1e build: Fix build on systems without ldap development headers via 7ef7ec7 docs: update for modern kerberos libs via f84893a docs: remove references to security=server via 963664e docs: Remove distinction between server and domain accounts via c5151b6 docs: Update docs to the modern age of Samba 4.0 from 58e62ae s4:torture: fix error reporting in the raw.oplock-brl3 test http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 35a4a1ed1f0fc6f1cbccd31bb7db9431b2518a5b Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 14 11:58:02 2012 -0700 build: Fix build on systems without ldap development headers Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Fri Sep 14 22:53:30 CEST 2012 on sn-devel-104 commit 7ef7ec7be88f365ebd0c9da425283375188be2d1 Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 14 11:57:38 2012 -0700 docs: update for modern kerberos libs commit f84893a54b27828946ca75e72542116a560315d6 Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 14 11:57:05 2012 -0700 docs: remove references to security=server commit 963664eccce0e7e221ab2c465a430b4d8e2e081b Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 14 09:29:51 2012 -0700 docs: Remove distinction between server and domain accounts Accounts on a server become accounts on the DC when upgraded. If they do not then this is simply a bug (in say tdbsam), not a feature to be documented. Andrew Bartlett commit c5151b62679edd11940023e757378c7aac66933a Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 14 09:28:06 2012 -0700 docs: Update docs to the modern age of Samba 4.0 This removes references to security=share, security=server and other outdated things. It also updates to a world where encrypted passwords are the norm. Andrew Bartlett --- Summary of changes: docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml| 40 +--- docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml | 118 +-- docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml | 272 +--- source3/wscript_build |1 + 4 files changed, 18 insertions(+), 413 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml index 951c879..5ea2db2 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml @@ -130,9 +130,9 @@ configuration file is faulty. notepara indextermprimary/etc/samba/primary/indexterm -indextermprimary/usr/local/samba/lib/primary/indexterm +indextermprimary/usr/local/samba/etc/primary/indexterm Your smb.conf; file may be located in filename/etc/samba/filename -or in filename/usr/local/samba/lib/filename. +or in filename/usr/local/samba/etc/filename. /para/note /step @@ -431,8 +431,9 @@ If it says quoteerrornamebad password,/errorname/quote then the likely c orderedlist listitem para - You have shadow passwords (or some other password system) but didn't - compile in support for them in smbd;. + Password encryption is enabled by default, but you have not + yet set a password for your samba user. Run + commandsmbpasswd -a username/command /para /listitem @@ -444,7 +445,8 @@ If it says quoteerrornamebad password,/errorname/quote then the likely c listitem para - You have a mixed-case password and you haven't enabled the smbconfoption name=password level/ option at a high enough level. + You have explicitly disabled encrypted passwords with + smbconfoption name=encrypt passwordsno/smbconfoption have a mixed-case password and you haven't enabled the smbconfoption name=password level/ option at a high enough level. /para /listitem @@ -454,12 +456,6 @@ If it says quoteerrornamebad password,/errorname/quote then the likely c /para /listitem -listitem - para - You enabled password encryption but didn't map UNIX to Samba users. Run - commandsmbpasswd -a username/command - /para -/listitem /orderedlist para @@ -544,17 +540,7 @@ and other config lines in smb.conf; are correct. /para para -It's also possible that the server can't work out what username to connect you as. -To see if this is the problem, add the line -smbconfoption name=userusername/smbconfoption to the -smbconfsection name=[tmp]/ section of -smb.conf; where parameterusername/parameter is the -username corresponding to the password you typed. If you find this -fixes things, you may need the username mapping option. -/para - -para -It might also be the case that your client only sends encrypted
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 33d9a22 smbd: Print ACL used to create hash in vfs_xattr_common via 6fbce90 provision: Only give the no posix ACLs exception if we could not set the SD via 1a3d6de torture: Add discard_const_p() to work around dlz_create prototype from 69c2e18 selftest: we fail the smb2.durable-open.delete_on_close2 test http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 33d9a22dcb3662e8a5e33d490d2739712151677c Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 10 08:43:09 2012 +1000 smbd: Print ACL used to create hash in vfs_xattr_common This should help us understand why sometimes an ACL set won't stick. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Sep 11 18:19:53 CEST 2012 on sn-devel-104 commit 6fbce905db5bc4ea5463727a13ea063811556db7 Author: Andrew Bartlett abart...@samba.org Date: Sun Sep 9 17:08:49 2012 +1000 provision: Only give the no posix ACLs exception if we could not set the SD This will allow us to run make test on all platforms again, as we emululate the posix ACLs using the fake_acls module. By then testing smbd.have_posix_acls() we gain a more specific error message. Andrew Bartlett commit 1a3d6de20aa4e45dd1c5a8ed6f8b5193efa52167 Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 7 15:10:24 2012 +1000 torture: Add discard_const_p() to work around dlz_create prototype --- Summary of changes: source3/modules/vfs_acl_common.c | 10 ++ .../scripting/python/samba/provision/__init__.py | 12 ++-- source4/torture/dns/dlz_bind9.c|4 ++-- 3 files changed, 18 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index a3d53a1..c2ac875 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -375,6 +375,12 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle, file system SD mapping.\n, name )); + if (DEBUGLEVEL = 10) { + DEBUG(10,(get_nt_acl_internal: acl for blob hash for %s is:\n, + name )); + NDR_PRINT_DEBUG(security_descriptor, pdesc_next); + } + TALLOC_FREE(psd); psd = pdesc_next; @@ -596,6 +602,10 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp, fsp_str_dbg(fsp))); NDR_PRINT_DEBUG(security_descriptor, discard_const_p(struct security_descriptor, psd)); + + DEBUG(10,(fset_nt_acl_xattr: storing has in xattr sd based on \n)); + NDR_PRINT_DEBUG(security_descriptor, + discard_const_p(struct security_descriptor, pdesc_next)); } status = create_acl_blob(psd, blob, XATTR_SD_HASH_TYPE_SHA256, hash); if (!NT_STATUS_IS_OK(status)) { diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py index 12904a7..862a0c7 100644 --- a/source4/scripting/python/samba/provision/__init__.py +++ b/source4/scripting/python/samba/provision/__init__.py @@ -1906,17 +1906,17 @@ def provision(logger, session_info, credentials, smbconf=None, if paths.sysvol is None: raise MissingShareError(sysvol, paths.smbconf) -if not smbd.have_posix_acls(): -# This clue is only strictly correct for RPM and -# Debian-like Linux systems, but hopefully other users -# will get enough clue from it. -raise ProvisioningError(Samba was compiled without the posix ACL support that s3fs requires. Try installing libacl1-dev or libacl-devel, then re-run configure and make.) - file = tempfile.NamedTemporaryFile(dir=os.path.abspath(paths.sysvol)) try: try: smbd.set_simple_acl(file.name, 0755, wheel_gid) except Exception: +if not smbd.have_posix_acls(): +# This clue is only strictly correct for RPM and +# Debian-like Linux systems, but hopefully other users +# will get enough clue from it. +raise ProvisioningError(Samba was compiled without the posix ACL support that s3fs requires. Try installing libacl1-dev or libacl-devel, then re-run configure and make.) + raise ProvisioningError(Your filesystem or build does not support posix ACLs, which s3fs requires. Try the mounting the filesystem with the 'acl' option.) try: smbd.chown(file.name
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e8375dd smbd: Add extra VFS hooks to get the posix ACL as a blob via 6638d10 smbd: Remove pre-allocation of ACL array in sys_acl_init() via ac804f0 smbd-posix_acls: Use a IDL union to store the ACL entry from bd2f160 Make metze happy and the code clearer :-). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e8375ddf2d29b12cfe84ceec7195de957d0a743c Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 10 12:44:01 2012 +1000 smbd: Add extra VFS hooks to get the posix ACL as a blob This will allow us to hash this, rather than the NT ACL it maps to. This will in turn allow us to know if the NT ACL is valid even if we have to change the mapping code. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Sep 12 07:06:01 CEST 2012 on sn-devel-104 commit 6638d1036688f7b0f15a1a18c9a251ab0a7ab626 Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 7 17:44:24 2012 +1000 smbd: Remove pre-allocation of ACL array in sys_acl_init() Instead, this is just handled with realloc in sys_acl_create_entry() This allows us to remove the size element from the SMB_ACL_T. Andrew Bartlett commit ac804f0d7f5a93ff2710e213d9213ad9960a15d6 Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 7 15:49:47 2012 +1000 smbd-posix_acls: Use a IDL union to store the ACL entry This is a clearer, long-term-stable structure we can hash without risking it changing. Andrew Bartlett --- Summary of changes: examples/VFS/skel_opaque.c | 15 + examples/VFS/skel_transparent.c | 18 ++ librpc/idl/smb_acl.idl | 25 ++-- source3/include/smb_acls.h |2 +- source3/include/vfs.h| 18 ++ source3/include/vfs_macros.h | 10 +++ source3/lib/sysacls.c| 37 +--- source3/modules/vfs_fake_acls.c | 68 ++ source3/modules/vfs_full_audit.c | 37 source3/modules/vfs_posixacl.c | 10 ++-- source3/modules/vfs_time_audit.c | 48 +++ source3/smbd/posix_acls.c|6 +- source3/smbd/pysmbd.c|2 +- source3/smbd/vfs.c | 21 +++ source4/scripting/python/samba/tests/posixacl.py | 52 - 15 files changed, 292 insertions(+), 77 deletions(-) Changeset truncated at 500 lines: diff --git a/examples/VFS/skel_opaque.c b/examples/VFS/skel_opaque.c index edfb772..a786a23 100644 --- a/examples/VFS/skel_opaque.c +++ b/examples/VFS/skel_opaque.c @@ -586,6 +586,18 @@ static SMB_ACL_T skel_sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fs return (SMB_ACL_T)NULL; } +static int skel_sys_acl_blob_get_file(vfs_handle_struct *handle, const char *path_p, SMB_ACL_TYPE_T type, TALLOC_CTX *mem_ctx, char **blob_description, DATA_BLOB *blob) +{ + errno = ENOSYS; + return -1; +} + +static int skel_sys_acl_blob_get_fd(vfs_handle_struct *handle, files_struct *fsp, TALLOC_CTX *mem_ctx, char **blob_description, DATA_BLOB *blob) +{ + errno = ENOSYS; + return -1; +} + static int skel_sys_acl_set_file(vfs_handle_struct *handle, const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) { errno = ENOSYS; @@ -771,10 +783,13 @@ struct vfs_fn_pointers skel_opaque_fns = { .sys_acl_get_file_fn = skel_sys_acl_get_file, .sys_acl_get_fd_fn = skel_sys_acl_get_fd, + .sys_acl_blob_get_file_fn = skel_sys_acl_blob_get_file, + .sys_acl_blob_get_fd_fn = skel_sys_acl_blob_get_fd, .sys_acl_set_file_fn = skel_sys_acl_set_file, .sys_acl_set_fd_fn = skel_sys_acl_set_fd, .sys_acl_delete_def_file_fn = skel_sys_acl_delete_def_file, + /* EA operations. */ .getxattr_fn = skel_getxattr, .fgetxattr_fn = skel_fgetxattr, diff --git a/examples/VFS/skel_transparent.c b/examples/VFS/skel_transparent.c index 711b7fc..02a994c 100644 --- a/examples/VFS/skel_transparent.c +++ b/examples/VFS/skel_transparent.c @@ -699,6 +699,22 @@ static SMB_ACL_T skel_sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fs return SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp); } +static int skel_sys_acl_blob_get_file(vfs_handle_struct *handle, const char *path_p, SMB_ACL_TYPE_T type, + TALLOC_CTX *mem_ctx, + char **blob_description, + DATA_BLOB *blob) +{ + return
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via baf2db6 selftest: Test configure stage of dlz_bind9 via 52f0ded selftest: Add tests for the dlz_bind9 module from 0d99175 join.py: Only replicate DNS zones if the source DC had DNS zones http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit baf2db685f1d2bff712d45288abf116f903039ed Author: Andrew Bartlett abart...@samba.org Date: Thu Sep 6 15:22:17 2012 +1000 selftest: Test configure stage of dlz_bind9 Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Sep 6 09:07:11 CEST 2012 on sn-devel-104 commit 52f0dedc1a63c75f87adc0f70f10aae2b2bfaf72 Author: Andrew Bartlett abart...@samba.org Date: Thu Sep 6 14:26:57 2012 +1000 selftest: Add tests for the dlz_bind9 module This will help ensure that we do not break the fundemental loading etc. From here, it should be easy to extend this to more comprehensive tests. Andrew Bartlett --- Summary of changes: source4/dns_server/wscript_build |7 ++ source4/selftest/tests.py |4 + source4/torture/dns/dlz_bind9.c | 152 + source4/torture/dns/wscript_build | 10 +++ source4/torture/wscript_build |1 + 5 files changed, 174 insertions(+), 0 deletions(-) create mode 100644 source4/torture/dns/dlz_bind9.c create mode 100644 source4/torture/dns/wscript_build Changeset truncated at 500 lines: diff --git a/source4/dns_server/wscript_build b/source4/dns_server/wscript_build index b8e2708..280f8de 100644 --- a/source4/dns_server/wscript_build +++ b/source4/dns_server/wscript_build @@ -30,3 +30,10 @@ bld.SAMBA_LIBRARY('dlz_bind9_9', install_path='${MODULESDIR}/bind9', deps='samba-hostconfig samdb-common gensec popt', enabled=bld.AD_DC_BUILD_IS_ENABLED()) + +bld.SAMBA_LIBRARY('dlz_bind9_for_torture', + source='dlz_bind9.c', + cflags='-DBIND_VERSION_9_8', + private_library=True, + deps='samba-hostconfig samdb-common gensec popt', + enabled=bld.AD_DC_BUILD_IS_ENABLED()) diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index b9944cb..fd4b669 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -296,6 +296,10 @@ for f in sorted(os.listdir(os.path.join(samba4srcdir, ../pidl/tests))): # DNS tests planpythontestsuite(dc, samba.tests.dns) +# Local tests +for t in smb4torture_testsuites(dlz_bind9.): +#The dlz_bind9 tests needs to look at the DNS database +plansmbtorturetestsuite(t, dc:local, ncalrpc:localhost) planpythontestsuite(s3dc, samba.tests.libsmb_samba_internal); diff --git a/source4/torture/dns/dlz_bind9.c b/source4/torture/dns/dlz_bind9.c new file mode 100644 index 000..d01e506 --- /dev/null +++ b/source4/torture/dns/dlz_bind9.c @@ -0,0 +1,152 @@ +/* + Unix SMB/CIFS implementation. + SMB torture tester + Copyright (C) Andrew Bartlett 2012 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see http://www.gnu.org/licenses/. +*/ + +#include includes.h +#include torture/smbtorture.h +#include dlz_minimal.h +#include talloc.h +#include ldb.h +#include lib/param/param.h +#include dsdb/samdb/samdb.h +#include dsdb/common/util.h +#include auth/session.h + +struct torture_context *tctx_static; + +static void dlz_bind9_log_wrapper(int level, const char *fmt, ...) +{ + va_list ap; + char *msg; + va_start(ap, fmt); + msg = talloc_vasprintf(NULL, fmt, ap); + torture_comment(tctx_static, %s\n, msg); + TALLOC_FREE(msg); + va_end(ap); +} + +static bool test_dlz_bind9_version(struct torture_context *tctx) +{ + unsigned int flags = 0; + torture_assert_int_equal(tctx, dlz_version(flags), +DLZ_DLOPEN_VERSION, got wrong DLZ version); + return true; +} + +static bool test_dlz_bind9_create(struct torture_context *tctx) +{ + void *dbdata; + const char *argv[] = { + samba_dlz, + -H, + lpcfg_private_path(tctx, tctx-lp_ctx, dns/sam.ldb), + NULL + }; + tctx_static = tctx; + torture_assert_int_equal
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7b86c18 selftest: Add python blackbox tests for samba-tool ntacl get/set via f9cee8d samba_tool: Improve samba-tool ntacl get/set to use the local sam.ldb SID via 7b5ba30 samba_tool: Fix ntacl get to correctly output in sddl via c19208e s4-provision: Fix error message to contain the string SSDL of the failed-to-match ACL from 558fa4c s4 dns: Revert erroneous push from wrong branch http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7b86c18f38412c621b3c316776067d949b0b0bbb Author: Andrew Bartlett abart...@samba.org Date: Wed Sep 5 18:13:53 2012 +1000 selftest: Add python blackbox tests for samba-tool ntacl get/set Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Sep 5 15:47:55 CEST 2012 on sn-devel-104 commit f9cee8d832495798beb025c16afed5bd6a13799b Author: Andrew Bartlett abart...@samba.org Date: Wed Sep 5 18:12:52 2012 +1000 samba_tool: Improve samba-tool ntacl get/set to use the local sam.ldb SID This gets the SID for the local machine correctly. We also add options for --use-ntvfs and --use-s3fs to help control exactly which database is being read and written. Andrew Bartlett commit 7b5ba3013867ae77d516b5ac3cd264fbaf5ca372 Author: Andrew Bartlett abart...@samba.org Date: Wed Sep 5 17:06:33 2012 +1000 samba_tool: Fix ntacl get to correctly output in sddl commit c19208e93ce401b5ef0b752b32648926f9f39824 Author: Andrew Bartlett abart...@samba.org Date: Wed Sep 5 15:16:40 2012 +1000 s4-provision: Fix error message to contain the string SSDL of the failed-to-match ACL --- Summary of changes: source4/scripting/python/samba/netcmd/ntacl.py | 76 ++-- .../scripting/python/samba/provision/__init__.py |4 +- .../python/samba/tests/samba_tool/ntacl.py | 69 +- 3 files changed, 124 insertions(+), 25 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/python/samba/netcmd/ntacl.py b/source4/scripting/python/samba/netcmd/ntacl.py index 661af80..92239a7 100644 --- a/source4/scripting/python/samba/netcmd/ntacl.py +++ b/source4/scripting/python/samba/netcmd/ntacl.py @@ -21,7 +21,7 @@ import samba.getopt as options from samba.dcerpc import security, idmap from samba.ntacls import setntacl, getntacl from samba import Ldb -from samba.ndr import ndr_unpack +from samba.ndr import ndr_unpack, ndr_print from samba.samdb import SamDB from samba.samba3 import param as s3param, passdb, smbd from samba import provision @@ -55,31 +55,42 @@ class cmd_ntacl_set(Command): Option(--xattr-backend, type=choice, help=xattr backend type (native fs or tdb), choices=[native,tdb]), Option(--eadb-file, help=Name of the tdb file where attributes are stored, type=string), +Option(--use-ntvfs, help=Set the ACLs directly to the TDB or xattr for use with the ntvfs file server, action=store_true), +Option(--use-s3fs, help=Set the ACLs for use with the default s3fs file server via the VFS layer, action=store_true) ] takes_args = [acl,file] -def run(self, acl, file, quiet=False,xattr_backend=None,eadb_file=None, +def run(self, acl, file, use_ntvfs=False, use_s3fs=False, +quiet=False,xattr_backend=None,eadb_file=None, credopts=None, sambaopts=None, versionopts=None): +logger = self.get_logger() lp = sambaopts.get_loadparm() -path = lp.private_path(secrets.ldb) -creds = credopts.get_credentials(lp) -creds.set_kerberos_state(DONT_USE_KERBEROS) try: -ldb = Ldb(path, session_info=system_session(), credentials=creds, - lp=lp) +samdb = SamDB(session_info=system_session(), + lp=lp) except Exception, e: -raise CommandError(Unable to read domain SID from configuration files, e) -attrs = [objectSid] -res = ldb.search(expression=(objectClass=*), -base=flatname=%s,cn=Primary Domains % lp.get(workgroup), -scope=SCOPE_BASE, attrs=attrs) -if len(res) !=0: -domainsid = ndr_unpack(security.dom_sid, res[0][objectSid][0]) -setntacl(lp, file, acl, str(domainsid), xattr_backend, eadb_file) -else: +raise CommandError(Unable to open samdb:, e) + +if not use_ntvfs and not use_s3fs: +use_ntvfs = smb in lp.get(server services) +elif use_s3fs: +use_ntvfs = False + +try: +domain_sid = security.dom_sid(samdb.domain_sid) +except: raise CommandError(Unable to read domain SID from configuration files) +s3conf
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0d99175 join.py: Only replicate DNS zones if the source DC had DNS zones via f453117 s3-printing: Restrict printing=cups to systems with cups development headers at build time from e00ac55 Free protect_ids in secret_store_domain_sid() as the caller of fetch_secrets() must free the result in order to not leak memory. Signed-off-by: Jeremy Allison j...@samba.org http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0d99175f2afb4badd61ba903f3752a0207b049a3 Author: Andrew Bartlett abart...@samba.org Date: Thu Sep 6 10:37:18 2012 +1000 join.py: Only replicate DNS zones if the source DC had DNS zones This avoid folks needing to specify --dns-backend=NONE Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Sep 6 04:48:55 CEST 2012 on sn-devel-104 commit f453117569e04087ae461677717b14cdd65a4cd4 Author: Andrew Bartlett abart...@samba.org Date: Wed Sep 5 15:03:31 2012 +1000 s3-printing: Restrict printing=cups to systems with cups development headers at build time This means that instead of failing due to the default commandline values not being quite correct that we clearly fail at loadparm and testparm time when parsing the printing= line. Andrew Bartlett --- Summary of changes: docs-xml/smbdotconf/printing/printing.xml |6 +- lib/param/param_table.c |4 source3/param/loadparm.c | 14 -- source3/utils/testparm.c |2 -- source4/scripting/python/samba/join.py| 25 ++--- 5 files changed, 27 insertions(+), 24 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/printing/printing.xml b/docs-xml/smbdotconf/printing/printing.xml index c365594..eb5925f 100644 --- a/docs-xml/smbdotconf/printing/printing.xml +++ b/docs-xml/smbdotconf/printing/printing.xml @@ -18,7 +18,11 @@ constantLPRNG/constant, constantPLP/constant, constantSYSV/constant, constantHPUX/constant, constantQNX/constant, constantSOFTQ/constant, -and constantCUPS/constant./para +constantCUPS/constant and constantIPRINT/constant./para + +paraBe aware that CUPS and IPRINT are only available if the CUPS +development library was available at the time Samba was compiled +or packaged./para paraTo see what the defaults are for the other print commands when using the various options use the citerefentryrefentrytitletestparm/refentrytitle diff --git a/lib/param/param_table.c b/lib/param/param_table.c index 4126d89..2aa392a 100644 --- a/lib/param/param_table.c +++ b/lib/param/param_table.c @@ -186,8 +186,12 @@ static const struct enum_list enum_printing[] = { {PRINT_QNX, qnx}, {PRINT_PLP, plp}, {PRINT_LPRNG, lprng}, +#ifdef HAVE_CUPS {PRINT_CUPS, cups}, +#endif +#ifdef HAVE_IPRINT {PRINT_IPRINT, iprint}, +#endif {PRINT_LPRNT, nt}, {PRINT_LPROS2, os2}, #if defined(DEVELOPER) || defined(ENABLE_SELFTEST) diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 1e41825..2c77691 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -408,7 +408,6 @@ static void init_printer_values(struct loadparm_service *pService) case PRINT_CUPS: case PRINT_IPRINT: -#ifdef HAVE_CUPS /* set the lpq command to contain the destination printer name only. This is used by cups_queue_get() */ string_set(pService-szLpqcommand, %p); @@ -418,15 +417,6 @@ static void init_printer_values(struct loadparm_service *pService) string_set(pService-szLpresumecommand, ); string_set(pService-szQueuepausecommand, ); string_set(pService-szQueueresumecommand, ); -#else - string_set(pService-szLpqcommand, lpq -P'%p'); - string_set(pService-szLprmcommand, lprm -P'%p' %j); - string_set(pService-szPrintcommand, lpr -P'%p' %s; rm %s); - string_set(pService-szLppausecommand, lp -i '%p-%j' -H hold); - string_set(pService-szLpresumecommand, lp -i '%p-%j' -H resume); - string_set(pService-szQueuepausecommand, disable '%p'); - string_set(pService-szQueueresumecommand, enable '%p'); -#endif /* HAVE_CUPS */ break; case PRINT_SYSV: @@ -5284,11 +5274,7 @@ const char *lp_printcapname(void) return Globals.szPrintcapname; if (sDefault.iPrinting == PRINT_CUPS) { -#ifdef HAVE_CUPS return cups
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4437547 s4-selftest: Try a more complex ACL - this example from a GPO via 97a1f8d s4-selftest: Try to make ntacl unit tests better match their names via 6c9d22d file_server: Clarify code by avoiding a goto via 30253c1 s4-samba-tool: Ensure we also sync the SACL as well as the DACL during sysvolreset from 9983ad7 s3-passdb: Rename pdb_samba4 to samba_dsdb and autoconfigure when we are a AD DC http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4437547afab2def2b53f2be1b10ac7b376f5ee8f Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 4 17:56:38 2012 +1000 s4-selftest: Try a more complex ACL - this example from a GPO Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Sep 4 11:30:17 CEST 2012 on sn-devel-104 commit 97a1f8d20be2068e3214361f844a6282e10ab28d Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 4 17:54:34 2012 +1000 s4-selftest: Try to make ntacl unit tests better match their names We are trying to test combinations of setting and getting via the VFS and directly to the underlying DB. Andrew Bartlett commit 6c9d22d1ed5cc886b7a7c886f7298fea8c60089c Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 4 17:18:45 2012 +1000 file_server: Clarify code by avoiding a goto As suggested by Ricky Nance ricky.na...@weaubleau.k12.mo.us Andrew Bartlett commit 30253c11cca5be8b5eaddeb12f1a749315928679 Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 4 17:17:34 2012 +1000 s4-samba-tool: Ensure we also sync the SACL as well as the DACL during sysvolreset --- Summary of changes: file_server/file_server.c|6 +--- source4/scripting/python/samba/ntacls.py |2 +- source4/scripting/python/samba/tests/posixacl.py | 24 + 3 files changed, 22 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/file_server/file_server.c b/file_server/file_server.c index a3efcb2..e1560c2 100644 --- a/file_server/file_server.c +++ b/file_server/file_server.c @@ -117,15 +117,13 @@ static void s3fs_task_init(struct task_server *task) NULL); if (req == NULL) { DEBUG(0, (Failed to start smbd as child daemon\n)); - goto failed; + task_server_terminate(task, Failed to startup s3fs smb task, true); + return; } tevent_req_set_callback(req, file_server_smbd_done, task); DEBUG(1,(Started file server smbd with config %s\n, fileserver_conf)); - return; -failed: - task_server_terminate(task, Failed to startup s3fs smb task, true); } /* called at smbd startup - register ourselves as a server service */ diff --git a/source4/scripting/python/samba/ntacls.py b/source4/scripting/python/samba/ntacls.py index ac4aad0..38c31c6 100644 --- a/source4/scripting/python/samba/ntacls.py +++ b/source4/scripting/python/samba/ntacls.py @@ -105,7 +105,7 @@ def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True samba.xattr_native.wrap_setxattr(file, xattr.XATTR_NTACL_NAME, ndr_pack(ntacl)) else: -smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL, sd) +smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd) def ldapmask2filemask(ldm): diff --git a/source4/scripting/python/samba/tests/posixacl.py b/source4/scripting/python/samba/tests/posixacl.py index 64c997d..ba0911d 100644 --- a/source4/scripting/python/samba/tests/posixacl.py +++ b/source4/scripting/python/samba/tests/posixacl.py @@ -59,7 +59,7 @@ class PosixAclMappingTests(TestCase): tempf = os.path.join(path,pytests+str(int(10*random.random( open(tempf, 'w').write(empty) setntacl(lp,tempf,acl,S-1-5-21-2212615479-2695158682-2101375467, use_ntvfs=True) -facl = getntacl(lp,tempf) +facl = getntacl(lp,tempf, direct_db_access=True) anysid = security.dom_sid(security.SID_NT_SELF) self.assertEquals(facl.as_sddl(anysid),acl) os.unlink(tempf) @@ -72,8 +72,8 @@ class PosixAclMappingTests(TestCase): acl = O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512) tempf = os.path.join(path,pytests+str(int(10*random.random( open(tempf, 'w').write(empty) -setntacl(lp,tempf,acl,S-1-5-21-2212615479-2695158682-2101375467, use_ntvfs=False) -facl
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4def1c1 file_server: Remove explicit set of passdb backend in fileserver.conf via 7afd476 build: sync the waf ACL checks with configure.in via a566404 build: Remove references to charset modules - we no longer have these via cac1ebf build: vfs_fake_acls does not need the acl lib via 73932a3 file_server: Run task_server_terminate when smbd exists via 8d3e193 file_server: use 'subreq' as variable instead of 'req' via 2c9c589 build: remove unused HAVE_NO_ACLS define from 4437547 s4-selftest: Try a more complex ACL - this example from a GPO http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4def1c1780c98d6595b778a6647818b79dea797a Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 4 20:31:03 2012 +1000 file_server: Remove explicit set of passdb backend in fileserver.conf The default is now set during smb.conf loading based on the server role or during provision. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Sep 4 14:05:34 CEST 2012 on sn-devel-104 commit 7afd476fe412a3cacad4671673f8cb05592bbb94 Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 4 20:15:28 2012 +1000 build: sync the waf ACL checks with configure.in This should give us full ACLs on the same set of hosts that the autoconf build supports. Andrew Bartlett commit a566404362cc7e45b5ce619db81175b55c55c288 Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 4 20:06:12 2012 +1000 build: Remove references to charset modules - we no longer have these commit cac1ebfff6c83bfe6cec3a740dface97f706f9ff Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 4 19:41:38 2012 +1000 build: vfs_fake_acls does not need the acl lib commit 73932a3aa40bb4b2c2bd22f1be3abc546ab83481 Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 4 11:06:15 2012 +0200 file_server: Run task_server_terminate when smbd exists This will help us shut down when smbd cannot bind to ports or perform some other critical startup operation. Based on a patch by Stefan Metzmacher me...@samba.org Andrew Bartlett commit 8d3e193fa153eb0c219953707db5ac4cb93cc853 Author: Stefan Metzmacher me...@samba.org Date: Tue Sep 4 11:04:16 2012 +0200 file_server: use 'subreq' as variable instead of 'req' This matches the style of all other tevent_req users. metze commit 2c9c58993cf36bc959d3bf1ca634fbaf9bb3a08f Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 4 18:58:53 2012 +1000 build: remove unused HAVE_NO_ACLS define --- Summary of changes: file_server/file_server.c | 13 ++ source3/configure.in |3 -- source3/modules/wscript_build |3 +- source3/wscript | 52 +++- 4 files changed, 45 insertions(+), 26 deletions(-) Changeset truncated at 500 lines: diff --git a/file_server/file_server.c b/file_server/file_server.c index e1560c2..0777de5 100644 --- a/file_server/file_server.c +++ b/file_server/file_server.c @@ -51,7 +51,6 @@ static const char *generate_smb_conf(struct task_server *task) fdprintf(fd, [globals]\n); fdprintf(fd, # auto-generated config for fileserver\n); fdprintf(fd, server role check:inhibit=yes\n); - fdprintf(fd, passdb backend = samba4\n); fdprintf(fd, rpc_server:default = external\n); fdprintf(fd, rpc_server:svcctl = embedded\n); fdprintf(fd, rpc_server:srvsvc = embedded\n); @@ -78,6 +77,9 @@ static const char *generate_smb_conf(struct task_server *task) */ static void file_server_smbd_done(struct tevent_req *subreq) { + struct task_server *task = + tevent_req_callback_data(subreq, + struct task_server); int sys_errno; int ret; @@ -87,6 +89,7 @@ static void file_server_smbd_done(struct tevent_req *subreq) } else { DEBUG(0,(file_server smbd daemon exited normally\n)); } + task_server_terminate(task, smbd child process exited, true); } @@ -96,7 +99,7 @@ static void file_server_smbd_done(struct tevent_req *subreq) static void s3fs_task_init(struct task_server *task) { const char *fileserver_conf; - struct tevent_req *req; + struct tevent_req *subreq; const char *smbd_path; const char *smbd_cmd[2] = { NULL, NULL }; @@ -109,19 +112,19 @@ static void s3fs_task_init(struct task_server *task) smbd_cmd[0] = smbd_path; /* start it as a child process */ - req = samba_runcmd_send(task, task-event_ctx, timeval_zero(), 1, 0, + subreq = samba_runcmd_send(task, task-event_ctx, timeval_zero(), 1, 0
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 15e3991 build: Remove unused deps from vfs modules from 084978f s3: Slightly simplify fd_open_atomic http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 15e3991b39d2e9496d01d18479db2804804a39f6 Author: Andrew Bartlett abart...@samba.org Date: Wed Sep 5 08:55:41 2012 +1000 build: Remove unused deps from vfs modules Both these modules are just implemented in terms of other modules. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Sep 5 03:34:08 CEST 2012 on sn-devel-104 --- Summary of changes: source3/modules/wscript_build |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/wscript_build b/source3/modules/wscript_build index dee7ea3..594b27c 100644 --- a/source3/modules/wscript_build +++ b/source3/modules/wscript_build @@ -99,7 +99,7 @@ bld.SAMBA3_MODULE('vfs_full_audit', bld.SAMBA3_MODULE('vfs_fake_perms', subsystem='vfs', source=VFS_FAKE_PERMS_SRC, - deps='acl attr samba-util', + deps='samba-util', init_function='', internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_fake_perms'), enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_fake_perms')) @@ -107,7 +107,7 @@ bld.SAMBA3_MODULE('vfs_fake_perms', bld.SAMBA3_MODULE('vfs_fake_acls', subsystem='vfs', source=VFS_FAKE_ACLS_SRC, - deps='attr samba-util', + deps='samba-util', init_function='', internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_fake_acls'), enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_fake_acls')) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 18c0d87 build: skip shipping the alpha13 provision in the release tarballs via 2dd0e71 s4-classicupgrade: Show more clearly what is wrong with the Adminstrator SID via 3b3d7bb build: Only make bin/ if it does not exist via 3ad9c52 selftest: skip tests if the tarball did not include the alpha13 provision from 05f9829 waf: add new quota header checks and sysquota_4B source file http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 18c0d872d119f47f3f82f6fa1f4fa8a2afc36750 Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 3 18:55:06 2012 +1000 build: skip shipping the alpha13 provision in the release tarballs This test is important, but it is not important enough to include this volume of data in every tarball. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Mon Sep 3 13:01:58 CEST 2012 on sn-devel-104 commit 2dd0e7141f24a4e92e165c3aadaaa3a97eb26712 Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 3 18:50:16 2012 +1000 s4-classicupgrade: Show more clearly what is wrong with the Adminstrator SID commit 3b3d7bb6029bf7c89abec0fb0b455a6154b0d0bf Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 3 18:43:33 2012 +1000 build: Only make bin/ if it does not exist commit 3ad9c52b1471da7192aa39f878d3ec22ea52d665 Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 3 18:42:55 2012 +1000 selftest: skip tests if the tarball did not include the alpha13 provision --- Summary of changes: source4/scripting/python/samba/upgrade.py |1 + testprogs/blackbox/dbcheck-alpha13.sh | 34 +++- wscript |5 ++- 3 files changed, 32 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index d3f0b8d..6b6a188 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -869,6 +869,7 @@ Please fix this account before attempting to upgrade again for username in userdata: if username.lower() == 'administrator': if userdata[username].user_sid != dom_sid(str(domainsid) + -500): +logger.error(User 'Administrator' in your existing directory has SID %s, expected it to be %s % (userdata[username].user_sid, dom_sid(str(domainsid) + -500))) raise ProvisioningError(User 'Administrator' in your existing directory does not have SID ending in -500) if username.lower() == 'root': if userdata[username].user_sid == dom_sid(str(domainsid) + -500): diff --git a/testprogs/blackbox/dbcheck-alpha13.sh b/testprogs/blackbox/dbcheck-alpha13.sh index 00cb97a..a028116 100755 --- a/testprogs/blackbox/dbcheck-alpha13.sh +++ b/testprogs/blackbox/dbcheck-alpha13.sh @@ -12,12 +12,14 @@ shift 1 . `dirname $0`/subunit.sh +alpha13_dir=`dirname $0`/../../source4/selftest/provisions/alpha13 + alpha13() { if test -x $BINDIR/tdbrestore; then - `dirname $0`/../../source4/selftest/provisions/undump.sh `dirname $0`/../../source4/selftest/provisions/alpha13 $PREFIX_ABS/alpha13 $BINDIR/tdbrestore + `dirname $0`/../../source4/selftest/provisions/undump.sh $alpha13_dir $PREFIX_ABS/alpha13 $BINDIR/tdbrestore else - `dirname $0`/../../source4/selftest/provisions/undump.sh `dirname $0`/../../source4/selftest/provisions/alpha13 $PREFIX_ABS/alpha13 + `dirname $0`/../../source4/selftest/provisions/undump.sh $alpha13_dir $PREFIX_ABS/alpha13 fi } @@ -34,9 +36,29 @@ dbcheck_clean() { $BINDIR/samba-tool dbcheck --cross-ncs -H tdb://$PREFIX_ABS/alpha13/private/sam.ldb $@ } -testit alpha13 alpha13 -testit reindex reindex -testit_expect_failure dbcheck dbcheck -testit dbcheck_clean dbcheck_clean +if [ -d $alpha13_dir ]; then +testit alpha13 alpha13 +testit reindex reindex +testit_expect_failure dbcheck dbcheck +testit dbcheck_clean dbcheck_clean +else +subunit_start_test alpha13 +subunit_skip_test alpha13 EOF +no test provision +EOF + +subunit_start_test reindex +subunit_skip_test reindex EOF +no test provision +EOF +subunit_start_test dbcheck +subunit_skip_test dbcheck EOF +no test provision +EOF +subunit_start_test dbcheck_clean +subunit_skip_test dbcheck_clean EOF +no test provision +EOF +fi exit $failed diff --git a/wscript b/wscript index fcf4a0f..64aaaf2 100755 --- a/wscript +++ b/wscript @@ -12,7 +12,7 @@ import wafsamba, Options, samba_dist, Scripting, Utils, samba_version samba_dist.DIST_DIRS('.') -samba_dist.DIST_BLACKLIST('.gitignore .bzrignore
[SCM] build.samba.org - branch master updated
The branch, master has been updated via 8976254 build: Fix build farm for hosts other than our coverage test from 178df90 Add action_none to assist hosts with no extra_actions http://gitweb.samba.org/?p=build-farm.git;a=shortlog;h=master - Log - commit 89762541cf479b8656040daf78127255b529c4d7 Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 4 09:56:38 2012 +1000 build: Fix build farm for hosts other than our coverage test --- Summary of changes: build_test.fns |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/build_test.fns b/build_test.fns index 3b0a4b8..ded4d09 100644 --- a/build_test.fns +++ b/build_test.fns @@ -814,7 +814,7 @@ test_tree() { fi if [ $extra_actions = ]; then - actions=none + extra_actions=none fi # start the build -- build.samba.org
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 68f68d0 docs: Move Samba4 HOWTO link into README via 8be652a docs: Update Roadmap via 3f42619 docs: Remove merged-branches.txt via 0010828 docs: Remove docs for removed parameter 'display charset' via 339fb7e remove extra tab from Makefile via f9e8f08 docs: Fix undocumented target to find smb.conf directives in the right place via 28499b0 docs: Remove references to security=share and security=server from the smb.conf docs via 4a52a3f docs: Remove docs for removed parameter 'parinoid server security' from 75484f4 docs: Rename manpages-3 - manpages. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 68f68d01529e159d965cefa1da497f3472a36972 Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 4 09:31:27 2012 +1000 docs: Move Samba4 HOWTO link into README This allows us to make clear that it applies to the AD DC deployment. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Sep 4 03:05:02 CEST 2012 on sn-devel-104 commit 8be652a675efb5f25f0e2c573b9c8d6c0f3a9b5f Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 4 09:24:52 2012 +1000 docs: Update Roadmap commit 3f42619e802b9dc13dc4dd770d419a0e4e9fce9d Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 4 09:20:19 2012 +1000 docs: Remove merged-branches.txt We are now well past simply having two projects in once tree, and each continued reference to 'samba3' and 'samba4' causes user confusion. Andrew Bartlett commit 00108282d046c2d4948c7c5977c98b412e08fb0a Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 4 09:12:17 2012 +1000 docs: Remove docs for removed parameter 'display charset' commit 339fb7ef61e675c1db7743e039f2c1e6c45c08a0 Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 4 09:10:59 2012 +1000 remove extra tab from Makefile commit f9e8f08197651f053bf6a23584bf04814440fec0 Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 4 09:09:38 2012 +1000 docs: Fix undocumented target to find smb.conf directives in the right place The manpages target needs to be reworked to know about waf. Andrew Bartlett commit 28499b04769ee0d310e48576b868e11c0d2b1422 Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 4 08:46:06 2012 +1000 docs: Remove references to security=share and security=server from the smb.conf docs commit 4a52a3f48de60c79113018ca20a420dab536f46d Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 4 08:27:23 2012 +1000 docs: Remove docs for removed parameter 'parinoid server security' --- Summary of changes: README | 11 +++- Roadmap|8 ++-- docs-xml/Makefile |6 +- docs-xml/Makefile.settings.in |2 +- docs-xml/scripts/find_missing_doc.pl |2 +- docs-xml/smbdotconf/base/displaycharset.xml| 17 -- docs-xml/smbdotconf/logon/adduserscript.xml|8 --- docs-xml/smbdotconf/security/adminusers.xml|3 - docs-xml/smbdotconf/security/encryptpasswords.xml |2 +- docs-xml/smbdotconf/security/maptoguest.xml| 18 +-- docs-xml/smbdotconf/security/passwordserver.xml| 55 ++-- docs-xml/smbdotconf/security/readlist.xml |4 -- docs-xml/smbdotconf/security/security.xml |2 +- docs-xml/smbdotconf/security/usernamemap.xml |6 +- docs-xml/smbdotconf/security/writelist.xml |5 -- .../smbdotconf/tuning/paranoidserversecurity.xml | 19 --- howto4.txt |7 --- merged-branches.txt|6 -- 18 files changed, 29 insertions(+), 152 deletions(-) delete mode 100644 docs-xml/smbdotconf/base/displaycharset.xml delete mode 100644 docs-xml/smbdotconf/tuning/paranoidserversecurity.xml delete mode 100644 howto4.txt delete mode 100644 merged-branches.txt Changeset truncated at 500 lines: diff --git a/README b/README index 6c842c3..6fc98e6 100644 --- a/README +++ b/README @@ -1,13 +1,18 @@ This is the release version of Samba, the free SMB and CIFS client and -server for UNIX and other operating systems. Samba is maintained by -the Samba Team, who support the original author, Andrew Tridgell. +server and Domain Controller for UNIX and other operating +systems. Samba is maintained by the Samba Team, who support the +original author, Andrew Tridgell. Please read THE WHOLE of this file as it gives important information about the configuration and use of Samba. -NOTE: Installation instructions may be found
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9983ad7 s3-passdb: Rename pdb_samba4 to samba_dsdb and autoconfigure when we are a AD DC from 68f68d0 docs: Move Samba4 HOWTO link into README http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9983ad7a80477d816488a93dffc6a32dd1ef Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 4 10:27:50 2012 +1000 s3-passdb: Rename pdb_samba4 to samba_dsdb and autoconfigure when we are a AD DC The name samba_dsdb is not ideal, but it matches the primary ldb module we use, and more importantly it avoids having '4' in the name. We should slowly avoid using the term samba4 in long-term places like the smb.conf because it is confusing to users given we are shipping Samba 4.0 as an AD DC as well as all the other supported roles (domain member/standalone server/classic DC) Additionally, samba4 will be an odd name when we eventually release Samba 5.0! samba4 remains accepted as an alias to ensure existing smb.conf files load, but to allow changes here in the future, we set the value during the smb.conf load, and not during the provision when we are an AD DC. This simplifies the default smb.conf for the vast majority of our users and reduces the number of things listed in smb.conf files that we later have to work around if we wish to change the name/implementation of the passdb glue module again. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Sep 4 04:45:16 CEST 2012 on sn-devel-104 --- Summary of changes: selftest/target/Samba4.pm |2 - source3/param/loadparm.c |1 + source3/passdb/{pdb_samba4.c = pdb_samba_dsdb.c} | 549 ++-- source3/passdb/wscript_build |8 +- source3/wscript|2 +- source4/scripting/python/samba/netcmd/ntacl.py |4 +- .../scripting/python/samba/provision/__init__.py | 23 +- 7 files changed, 297 insertions(+), 292 deletions(-) rename source3/passdb/{pdb_samba4.c = pdb_samba_dsdb.c} (76%) Changeset truncated at 500 lines: diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index fb437d7..d2e890e 100644 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -603,8 +603,6 @@ sub provision_raw_step1($$) dreplsrv:periodic_startup_interval = 0 dsdb:schema update allowed = yes - passdb backend = samba4 - vfs objects = dfs_samba4 acl_xattr fake_acls xattr_tdb streams_depot # remove this again, when our smb2 client library diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index c92b631..1e41825 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -4914,6 +4914,7 @@ static bool lp_load_ex(const char *pszFname, lp_do_parameter(-1, vfs objects, dfs_samba4 acl_xattr); } } + lp_do_parameter(-1, passdb backend, samba_dsdb); } bAllowIncludeRegistry = true; diff --git a/source3/passdb/pdb_samba4.c b/source3/passdb/pdb_samba_dsdb.c similarity index 76% rename from source3/passdb/pdb_samba4.c rename to source3/passdb/pdb_samba_dsdb.c index 01eb4ba..2552fb9 100644 --- a/source3/passdb/pdb_samba4.c +++ b/source3/passdb/pdb_samba_dsdb.c @@ -1,8 +1,8 @@ /* Unix SMB/CIFS implementation. - pdb glue module for samba4 + pdb glue module for direct access to the dsdb via LDB APIs Copyright (C) Volker Lendecke 2009-2011 - Copyright (C) Andrew Bartlett 2010 + Copyright (C) Andrew Bartlett 2010-2012 Copyright (C) Matthias Dieter Wallnöfer 2009 This program is free software; you can redistribute it and/or modify @@ -36,24 +36,24 @@ #include source4/dsdb/common/util.h #include source3/include/secrets.h -struct pdb_samba4_state { +struct pdb_samba_dsdb_state { struct tevent_context *ev; struct ldb_context *ldb; struct idmap_context *idmap_ctx; struct loadparm_context *lp_ctx; }; -static NTSTATUS pdb_samba4_getsampwsid(struct pdb_methods *m, +static NTSTATUS pdb_samba_dsdb_getsampwsid(struct pdb_methods *m, struct samu *sam_acct, const struct dom_sid *sid); -static NTSTATUS pdb_samba4_getsamupriv(struct pdb_samba4_state *state, +static NTSTATUS pdb_samba_dsdb_getsamupriv(struct pdb_samba_dsdb_state *state, const char *filter, TALLOC_CTX *mem_ctx, struct ldb_message **pmsg); -static bool pdb_samba4_sid_to_id(struct pdb_methods *m, const
[SCM] build.samba.org - branch master updated
The branch, master has been updated via 52601dd double the number of possible open files from 5a76ae9 move pidl build into the compiler loop http://gitweb.samba.org/?p=build-farm.git;a=shortlog;h=master - Log - commit 52601dd6844a450c51ca0862e341e7e71d7e6ec0 Author: Andrew Bartlett abart...@samba.org Date: Sat Sep 1 19:34:18 2012 +1000 double the number of possible open files With all the test environments we need a few more files. This new limit is a guess however. Andrew Bartlett --- Summary of changes: build_test.fns | 61 --- 1 files changed, 57 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/build_test.fns b/build_test.fns index ff5078c..400b802 100644 --- a/build_test.fns +++ b/build_test.fns @@ -610,9 +610,9 @@ test_tree() { # darn, this affects sparse files too! disable it # ulimit -f 10 2 /dev/null - # try and limit the number of open files to 250. That means we'll discover - # fd leaks faster - ulimit -n 250 2 /dev/null + # try and limit the number of open files to 500, up from 250. That means we'll discover + # fd leaks faster while allowing our very complex make test to run + ulimit -n 500 2 /dev/null # Keep stuff private umask 077 @@ -799,9 +799,14 @@ test_tree() { #Action == what to do ie. configure config_log ... actions=$* + extra_actions=$EXTRA_ACTIONS if [ $actions = ]; then - actions=configure config_log config_header build install test $EXTRA_ACTIONS + actions=configure config_log config_header build install test + fi + + if [ $extra_actions = ]; then + actions=none fi # start the build @@ -909,6 +914,54 @@ test_tree() { fi done + for action in $extra_actions; do + if [ x$action = x ]; then + break; + fi + + echo Running action $action + + date + + cd $builddir || exit 1 + export srcdir + df . + mount + vmstat + + if [ x$PREHOOKS != x ]; then + for hooks in $PREHOOKS; do + if [ x$hooks = x$action ]; then + ( prehook_$action ) + fi + done + fi + + ( action_$action ) + action_status=$? + + if [ x$POSTHOOKS != x ]; then + for hooks in $POSTHOOKS; do + if [ x$hooks = x$action ]; then + ( posthook_$action ) + fi + done + fi + + df . + + if [ $action_status != 0 ]; then + echo ACTION FAILED: $action; + echo return code $action_status $action; + else + echo ACTION PASSED: $action; + fi + + if [ $action_status != 0 ]; then + break; + fi + done + if [ $noclean = yes ]; then echo cleanup skipped! -- build.samba.org
[SCM] build.samba.org - branch master updated
The branch, master has been updated via 178df90 Add action_none to assist hosts with no extra_actions from 52601dd double the number of possible open files http://gitweb.samba.org/?p=build-farm.git;a=shortlog;h=master - Log - commit 178df903c098abc262c2a412d8e5c22957c14b42 Author: Andrew Bartlett abart...@samba.org Date: Sun Sep 2 10:21:59 2012 +1000 Add action_none to assist hosts with no extra_actions The previous commit added a handler for extra_actions that are not tied to the success of the previous actions (allowing lcov and callcatcher to run even on failed tests). This was missing an action_none for all the other hosts. Andrew Bartlett --- Summary of changes: build_test.fns |8 1 files changed, 8 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/build_test.fns b/build_test.fns index 400b802..3b0a4b8 100644 --- a/build_test.fns +++ b/build_test.fns @@ -579,6 +579,14 @@ action_test() { esac } +# +# Do nothing (needed if we have nothing to do for extra_actions) +# + +action_none() { +return 0; +} + ### # do a test build of a particular tree # This is the master function called by generic.fns or -- build.samba.org
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d2c0387 s4-kdc: Give information on how long the password history is via efec5a9 s4-libnet: Fix memory leak of lsa_RefDomainList and lsa_String onto libnet_ctx via a5d57a0 auth/credentials: Do not print passwords in a talloc memory dump from a3b67e5 VERSION: Move on to beta9 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d2c0387d66038fb474daa1507923c2138a6e584f Author: Andrew Bartlett abart...@samba.org Date: Fri Aug 31 14:02:28 2012 +1000 s4-kdc: Give information on how long the password history is Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Fri Aug 31 08:06:17 CEST 2012 on sn-devel-104 commit efec5a9299455bd53cc770f2bc364f9a6f4f8def Author: Andrew Bartlett abart...@samba.org Date: Fri Aug 31 12:38:41 2012 +1000 s4-libnet: Fix memory leak of lsa_RefDomainList and lsa_String onto libnet_ctx These are only needed for as long as the call, and should be children of the private context. This was found based on a log provided by Ricky Nance ricky.na...@weaubleau.k12.mo.us. Thanks Ricky! Andrew Bartlett commit a5d57a04c2e515212cc1f2b51c9a02acb33a79ba Author: Andrew Bartlett abart...@samba.org Date: Fri Aug 31 11:19:54 2012 +1000 auth/credentials: Do not print passwords in a talloc memory dump The fact that a password was created here is enough information, so overwrite with the function name and line. Andrew Bartlett --- Summary of changes: auth/credentials/credentials.c |8 source4/kdc/kpasswdd.c |3 ++- source4/libnet/libnet_lookup.c |4 ++-- 3 files changed, 12 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c index 05f0a62..e636123 100644 --- a/auth/credentials/credentials.c +++ b/auth/credentials/credentials.c @@ -371,6 +371,10 @@ _PUBLIC_ bool cli_credentials_set_password(struct cli_credentials *cred, { if (obtained = cred-password_obtained) { cred-password = talloc_strdup(cred, val); + if (cred-password) { + /* Don't print the actual password in talloc memory dumps */ + talloc_set_name_const(cred-password, password set via cli_credentials_set_password); + } cred-password_obtained = obtained; cli_credentials_invalidate_ccache(cred, cred-password_obtained); @@ -416,6 +420,10 @@ _PUBLIC_ bool cli_credentials_set_old_password(struct cli_credentials *cred, enum credentials_obtained obtained) { cred-old_password = talloc_strdup(cred, val); + if (cred-old_password) { + /* Don't print the actual password in talloc memory dumps */ + talloc_set_name_const(cred-old_password, password set via cli_credentials_set_old_password); + } return true; } diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c index 8bed20e..c05ea82 100644 --- a/source4/kdc/kpasswdd.c +++ b/source4/kdc/kpasswdd.c @@ -119,7 +119,8 @@ static bool kpasswd_make_pwchange_reply(struct kdc_server *kdc, reject_string = Password does not meet complexity requirements; break; case SAM_PWD_CHANGE_PWD_IN_HISTORY: - reject_string = Password is already in password history; + reject_string = talloc_asprintf(mem_ctx, Password is already in password history, cannot match any of your %d passwords, + dominfo-password_history_length); break; default: reject_string = talloc_asprintf(mem_ctx, Password must be at least %d characters long, and cannot match any of your %d previous passwords, diff --git a/source4/libnet/libnet_lookup.c b/source4/libnet/libnet_lookup.c index 31ac6e4..cf2d70c 100644 --- a/source4/libnet/libnet_lookup.c +++ b/source4/libnet/libnet_lookup.c @@ -308,7 +308,7 @@ static bool prepare_lookup_params(struct libnet_context *ctx, s-sids.count = 0; s-sids.sids = NULL; - s-names = talloc_array(ctx, struct lsa_String, single_name); + s-names = talloc_array(s, struct lsa_String, single_name); if (composite_nomem(s-names, c)) return false; s-names[0].string = s-name; @@ -320,7 +320,7 @@ static bool prepare_lookup_params(struct libnet_context *ctx, s-lookup.in.count = s-count; s-lookup.out.count= s-count; s-lookup.out.sids = s-sids; - s-lookup.out.domains = talloc_zero(ctx, struct lsa_RefDomainList
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4d7dad1 s4-dsdb: Remove unused variables via 8557c69 s4-kdc: Improve grammer and clarity of password change failure messages. via f0a9180 s3: Fix warnings in aio_fork.c via 2ffe690 s3: Remove a shadowing variable declaration via 01ade93 s4-dsdb: Remove unused tmp_ctx leaked onto long-term ldb_context from c256566 s4 dns: Store TKEYs in a ringbuffer http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4d7dad13158fe6d998d7f63ed0f4ac7935a29bf8 Author: Andrew Bartlett abart...@samba.org Date: Sat Sep 1 11:36:36 2012 +1000 s4-dsdb: Remove unused variables Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Sat Sep 1 05:10:47 CEST 2012 on sn-devel-104 commit 8557c692f613847d190891b6d79498f4e8fb9096 Author: Andrew Bartlett abart...@samba.org Date: Sat Sep 1 11:34:33 2012 +1000 s4-kdc: Improve grammer and clarity of password change failure messages. This can still be improved further, but avoid mentioning reasons that clearly do not apply in this case. Andrew Bartlett commit f0a9180ae9dd565e4772ba9027ade0edfe1fc8d8 Author: Volker Lendecke v...@samba.org Date: Fri Aug 31 14:45:08 2012 +0200 s3: Fix warnings in aio_fork.c commit 2ffe69082e23675a96e59eea0954a6b17530e82c Author: Volker Lendecke v...@samba.org Date: Fri Aug 31 14:17:49 2012 +0200 s3: Remove a shadowing variable declaration commit 01ade93c7c0c2f2e992f5295976bbfc20429023a Author: Andrew Bartlett abart...@samba.org Date: Sat Sep 1 11:29:46 2012 +1000 s4-dsdb: Remove unused tmp_ctx leaked onto long-term ldb_context This was found based on a log provided by Ricky Nance ricky.na...@weaubleau.k12.mo.us. Thanks Ricky! Andrew Bartlett --- Summary of changes: source3/modules/vfs_aio_fork.c |6 -- source3/passdb/lookup_sid.c|2 -- source4/dsdb/common/util.c |5 - source4/kdc/kpasswdd.c |7 +++ 4 files changed, 7 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_aio_fork.c b/source3/modules/vfs_aio_fork.c index 2ec3d3d..3db336f 100644 --- a/source3/modules/vfs_aio_fork.c +++ b/source3/modules/vfs_aio_fork.c @@ -590,9 +590,10 @@ static struct tevent_req *aio_fork_pread_send(struct vfs_handle_struct *handle, ssize_t written; int err; struct aio_fork_config *config; + SMB_VFS_HANDLE_GET_DATA(handle, config, struct aio_fork_config, - return -1); + return NULL); req = tevent_req_create(mem_ctx, state, struct aio_fork_pread_state); if (req == NULL) { @@ -821,9 +822,10 @@ static struct tevent_req *aio_fork_fsync_send( ssize_t written; int err; struct aio_fork_config *config; + SMB_VFS_HANDLE_GET_DATA(handle, config, struct aio_fork_config, - return -1); + return NULL); req = tevent_req_create(mem_ctx, state, struct aio_fork_fsync_state); if (req == NULL) { diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 530fa6b..76a454c 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -1096,8 +1096,6 @@ static bool legacy_sid_to_unixid(const struct dom_sid *psid, struct unixid *id) if ((sid_check_is_in_builtin(psid) || sid_check_is_in_wellknown_domain(psid))) { - bool ret; - map = talloc_zero(NULL, GROUP_MAP); if (!map) { return false; diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 5d73df2..086f2a5 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -1618,12 +1618,10 @@ int samdb_reference_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_ int samdb_dn_is_our_ntdsa(struct ldb_context *ldb, struct ldb_dn *dn, bool *is_ntdsa) { NTSTATUS status; - TALLOC_CTX *tmp_ctx = talloc_new(ldb); struct GUID dn_guid; const struct GUID *our_ntds_guid; status = dsdb_get_extended_dn_guid(dn, dn_guid, GUID); if (!NT_STATUS_IS_OK(status)) { - talloc_free(tmp_ctx); return LDB_ERR_OPERATIONS_ERROR; } @@ -1645,10 +1643,7 @@ int samdb_reference_dn_is_our_ntdsa(struct ldb_context *ldb, struct ldb_dn *base { int ret; struct ldb_dn *referenced_dn; - NTSTATUS status; TALLOC_CTX *tmp_ctx = talloc_new(ldb); - struct GUID referenced_guid; - const struct GUID *our_ntds_guid; if (tmp_ctx == NULL) { return
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a3b67e5 VERSION: Move on to beta9 via 524876a VERSION: Mark as the beta8 release via 757df37 WHATSNEW: prepare for 4.0 beta8 from 4ff4466 The NTVFS server doesn't pass the SMB1 INHERITFLAGS test. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a3b67e5299e9d975b7216e398311420a9524f926 Author: Andrew Bartlett abart...@samba.org Date: Fri Aug 31 08:34:03 2012 +1000 VERSION: Move on to beta9 We home beta8 will be the last beta, but to avoid confusion and allow more releases if required I won't mark it as rc1 until the actual release candidate. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Fri Aug 31 02:07:23 CEST 2012 on sn-devel-104 commit 524876aa511b3a034c324df9025f693a24842bca Author: Andrew Bartlett abart...@samba.org Date: Fri Aug 31 08:32:15 2012 +1000 VERSION: Mark as the beta8 release commit 757df37e7099fe29e6af728fccbd15ebd82e6ffd Author: Andrew Bartlett abart...@samba.org Date: Fri Aug 31 08:31:45 2012 +1000 WHATSNEW: prepare for 4.0 beta8 --- Summary of changes: VERSION |2 +- WHATSNEW.txt | 65 ++--- 2 files changed, 31 insertions(+), 36 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 14c0561..fa77135 100644 --- a/VERSION +++ b/VERSION @@ -67,7 +67,7 @@ SAMBA_VERSION_ALPHA_RELEASE= # e.g. SAMBA_VERSION_BETA_RELEASE=1# # - 4.0.0beta1# -SAMBA_VERSION_BETA_RELEASE=8 +SAMBA_VERSION_BETA_RELEASE=9 # For 'pre' releases the version will be # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index d9f2333..4b1f0fe 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,4 @@ -What's new in Samba 4.0 beta7 +What's new in Samba 4.0 beta8 = Samba 4.0 will be the next version of the Samba suite and incorporates @@ -11,7 +11,7 @@ and above. WARNINGS -Samba 4.0 beta7 is not a final Samba release, however we are now making +Samba 4.0 beta8 is not a final Samba release, however we are now making good progress towards a Samba 4.0 release. However, this is expected to be the last beta release before we start on our release candidate series. @@ -77,7 +77,7 @@ the longer term. For pure file server work, the binaries users would expect from that series (nmbd, winbindd, smbpasswd) continue to be available. When running an AD DC, you only need to run 'samba' (not -nmbd/smbd/winbind), as the required services are co-ordinated by this +nmbd/smbd/winbind), as the required services are co-coordinated by this master binary. As DNS is an integral part of Active Directory, we also provide a DNS @@ -98,56 +98,51 @@ Python programs to interface to Samba's internals, and many tools and internal workings of the DC code is now implemented in python. -CHANGES SINCE beta6 +CHANGES SINCE beta7 = -For a list of changes since beta6, please see the git log. +For a list of changes since beta7, please see the git log. $ git clone git://git.samba.org/samba.git $ cd samba.git -$ git log samba-4.0.0beta6..samba-4.0.0beta7 +$ git log samba-4.0.0beta7..samba-4.0.0beta8 Some major user-visible changes include: -- ACLs are now set during provision at the POSIX layer for the sysvol - share. This allows group policies to be modified by Domain - Administrators (Policy Administrators) that are not the actual - Administrator user. +- A fix for a segfault/abort on startup of the 'samba' binary in the + credentials_secrets code. -- A number of verified fixes for expanding memory use across the AD - domain controller, including in the Bind9 DLZ module. +- A fix for samba-tool classicupgrade of pdb_ldap-based domains -- A fix for bug #9097 (the winbind in the AD DC would lock up under - parallel requests). +- A fix for samba-tool domain exportkeyab only exporting DES keys -- wbinfo --ping-dc now returns helpful information on what failed and - against which DC it failed +- Printing is now enabled on the AD DC -- SMB3 encryption support +- Fix bug #9124 - Samba fails to set inherited bit on inherited ACE's. -- New 'samba-tool ntacl' commands: - - samba-tool ntacl sysvolreset - - samba-tool ntacl sysvolcheck +- We now avoid printing secret attributes (such as unicodePwd and + suppliementalCredentials) in ldb trace logs -Less visible, but important changes under the hood include: +- s3-printing: fix bug 9123 lprng job tracking errors -- Continued work to support SMB2 and SMB3 - -- Continued work to use async IO
[SCM] Samba Shared Repository - annotated tag samba-4.0.0beta8 created
The annotated tag, samba-4.0.0beta8 has been created at a7b9327dd48793eca878588e43ee8f06f7fa8dbe (tag) tagging 524876aa511b3a034c324df9025f693a24842bca (commit) replaces ldb-1.1.11 tagged by Andrew Bartlett on Fri Aug 31 11:43:39 2012 +1000 - Log - samba4: tag release samba-4.0.0beta8 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIVAwUAUEAWy2jGT3QfUnJfAQKgsA/+JX2BzrA2QULHwKS0IpVteL8YsmILnN20 oSSPp3tMgBwuOBzK1/17KOns2LH0CZul/n0FhZQxv8I8BVP+ZWu5ysNHZcnBu1uW pbj9T6fz4D0Mv4n+7Y+JcuXmpqorm7INi+zdxes3cZMBefnkhNnGLki/u3F7mTSa usZDXvmKwQA0siOtmMs2GeQFUKKgHHUH/6sVGHTNZxaMGtIA8YMSVoLccLSMElH1 jnWL3wmIvbrHrBHakn594EKbb2NR37bNBc7zfTtwcNoozCpZ+/h75+TCQYOmF7M2 nORa5e5ueMg9SSqFgpwQfEBq/6cCUB2Ep2GykfpXj7WEBzDghv4FYIpCrRXxkcAb R7C3wXbiYi620IAu8AWbdsAjrlxz1VD3fhBvZfFzzO5ApuY30EOFC7OZlwnmwlUz ARJz2ZE5V2NGogclfRGkcBt+414caaohGESlYuAW5d3KN4UmLfJ7VYaLV0z09AV0 eo6L6jqJN/dpjnvV+giGsMtDRDRkF8BY1ZOFd2i+evqZD4b9Nxg04tyhsAaO1x8Y 0APGqybsYKSAJtFnb+iORepkMrGbLBu6ib7JoboP/nAUSTZHXn6YlHv99SMzIGdJ 4qJJhWiLJZ5aHMfDqFfxdG6WUtXxfMX6m1Xo85jo+PGYZChhqHScr43YcKngUt+1 uZ2KVxcbdMM= =52Ul -END PGP SIGNATURE- Andreas Schneider (6): s3-smbd: Fix flooding the logs with records we don't find in pcap. libkrb5: Fix build with MIT Kerberos. selftest: Define the log directory for s3fs. file_server: Fix spoolss support with s3fs. selftest: Add missing printing options for plugin_s4_dc. selftest: Remove spoolss tests from knownfail. Andrew Bartlett (14): s3-classicupgrade: Fix import from ldap auth/credentials: Avoid double-free in the failure case selftest: Add a test for smbclient --machine-pass without secrets.tdb auth/credentials: Improve memory handling in cli_credentials_set_machine_account auth/credentials: Better integrate fetch of secrets.tdb and secrets.ldb records auth/credentials: Remove unused, and un-declared cli_credentials_set_krbtgt() lib/ldb: Avoid printing secret attributes in ldb trace logs s4-dsdb: Avoid printing secret attributes in ldb trace logs s4-libnet: Fix passing samba_all_enctypes as a fn rather than the encrypt array it returns lib/krb4_wrap: Add const to kt_copy_one_principal s4-torture: Add start of a test to confirm winbindd PAC parsing auth/credentials: Support match-by-key in cli_credentials_get_server_gss_creds() WHATSNEW: prepare for 4.0 beta8 VERSION: Mark as the beta8 release Björn Jacke (1): vfs_media_harmony: fix some compile warnings with llvm Christian Ambach (1): s3:libsmb correctly set isFsctl for snapshot list Christof Schmitt (1): s3:vfs_gpfs: Use directory not file to get fileset id David Disseldorp (1): s3-printing: fix bug 9123 lprng job tracking errors Jeremy Allison (8): Rename set_sd() to set_sd_blob() - this describes what it does. Re-add set_sd(), called from set_sd_blob(). Allows us to centralize all ACL canonicalization. Change the other two places where we set a security descriptor given by the client to got through set_sd(), Windows does canonicalization of inheritance bits. Do the same. Fix bug #9124 - Samba fails to set inherited bit on inherited ACE's. With the inheritance ACL changes we now pass samba3.smb2.acls.INHERITFLAGS. Now ACL inheritance flags are working, add test_inheritance_flags() back into raw.acls to ensure we don't regress. The NTVFS server doesn't pass the SMB1 INHERITFLAGS test. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 524876a VERSION: Mark as the beta8 release via 757df37 WHATSNEW: prepare for 4.0 beta8 via 4ff4466 The NTVFS server doesn't pass the SMB1 INHERITFLAGS test. via 7c4ae72 Now ACL inheritance flags are working, add test_inheritance_flags() back into raw.acls to ensure we don't regress. via da670e4 With the inheritance ACL changes we now pass samba3.smb2.acls.INHERITFLAGS. via cf29863 Fix bug #9124 - Samba fails to set inherited bit on inherited ACE's. via 3d34406 Windows does canonicalization of inheritance bits. Do the same. via 795920c Change the other two places where we set a security descriptor given by the client to got through set_sd(), the canonicalize sd function. via 70ebf1d Re-add set_sd(), called from set_sd_blob(). Allows us to centralize all ACL canonicalization. via 8c84ece Rename set_sd() to set_sd_blob() - this describes what it does. via 02aacb1 s3:libsmb correctly set isFsctl for snapshot list via 4612092 selftest: Remove spoolss tests from knownfail. via 20cfa38 selftest: Add missing printing options for plugin_s4_dc. via fb917eb file_server: Fix spoolss support with s3fs. via bf36462 selftest: Define the log directory for s3fs. via 5131359 auth/credentials: Support match-by-key in cli_credentials_get_server_gss_creds() via a58bf44 s4-torture: Add start of a test to confirm winbindd PAC parsing via fe36bb4 lib/krb4_wrap: Add const to kt_copy_one_principal via 6678907 s3:vfs_gpfs: Use directory not file to get fileset id via f31d0d0 vfs_media_harmony: fix some compile warnings with llvm via fb15e5a s3-printing: fix bug 9123 lprng job tracking errors via 24356f3 libkrb5: Fix build with MIT Kerberos. via e39cce4 s4-libnet: Fix passing samba_all_enctypes as a fn rather than the encrypt array it returns via 5d96498 s4-dsdb: Avoid printing secret attributes in ldb trace logs via 395b8e4 lib/ldb: Avoid printing secret attributes in ldb trace logs via 17337cf auth/credentials: Remove unused, and un-declared cli_credentials_set_krbtgt() via beafdd6 auth/credentials: Better integrate fetch of secrets.tdb and secrets.ldb records via a0e4bdc auth/credentials: Improve memory handling in cli_credentials_set_machine_account via 3a303ae5 selftest: Add a test for smbclient --machine-pass without secrets.tdb via bcc29f9 auth/credentials: Avoid double-free in the failure case via ba862f4 s3-smbd: Fix flooding the logs with records we don't find in pcap. via 9e441c4 s3-classicupgrade: Fix import from ldap via dd21bb0 lib/ldb: Bump ldb version to 1.1.11 via dc8d29c s3-vfs: Indicate the symlink destination when failing check_reduced_name via f2ccff7 s3-vfs: Try to be consistent about localtime vs GMT handling in vfs_shadow_copy2 via de20958 s3-vfs_shadow_copy2: Also accept a sscanf result via 11a5646 VERSION: Move on to beta8 from c41894c VERSION: Mark as the beta7 release http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - --- Summary of changes: VERSION|2 +- WHATSNEW.txt | 65 auth/credentials/credentials_krb5.c| 11 +- auth/credentials/credentials_secrets.c | 168 ++-- file_server/file_server.c |2 +- lib/krb5_wrap/enctype_convert.c| 12 +- lib/krb5_wrap/keytab_util.c|2 +- lib/krb5_wrap/krb5_samba.h |2 +- lib/ldb-samba/ldif_handlers.c |8 + lib/ldb/ABI/{ldb-1.1.10.sigs = ldb-1.1.11.sigs} |0 lib/ldb/ABI/{ldb-1.1.10.sigs = ldb-1.1.12.sigs} |1 + ...ldb-util-1.1.10.sigs = pyldb-util-1.1.11.sigs} |0 ...ldb-util-1.1.10.sigs = pyldb-util-1.1.12.sigs} |0 lib/ldb/common/ldb.c | 31 +++- lib/ldb/common/ldb_ldif.c | 47 +- lib/ldb/common/ldb_modules.c | 15 ++- lib/ldb/include/ldb_module.h |4 + lib/ldb/include/ldb_private.h |5 + lib/ldb/wscript|2 +- libcli/security/secdesc.c | 10 +- selftest/knownfail | 68 + selftest/target/Samba4.pm | 36 source3/libsmb/clifile.c |2 +- source3/modules/gpfs.c | 16 ++- source3/modules/vfs_gpfs.c | 24 +++-
[SCM] Samba Shared Repository - branch v4-0-stable updated
The branch, v4-0-stable has been updated via 524876a VERSION: Mark as the beta8 release via 757df37 WHATSNEW: prepare for 4.0 beta8 via 4ff4466 The NTVFS server doesn't pass the SMB1 INHERITFLAGS test. via 7c4ae72 Now ACL inheritance flags are working, add test_inheritance_flags() back into raw.acls to ensure we don't regress. via da670e4 With the inheritance ACL changes we now pass samba3.smb2.acls.INHERITFLAGS. via cf29863 Fix bug #9124 - Samba fails to set inherited bit on inherited ACE's. via 3d34406 Windows does canonicalization of inheritance bits. Do the same. via 795920c Change the other two places where we set a security descriptor given by the client to got through set_sd(), the canonicalize sd function. via 70ebf1d Re-add set_sd(), called from set_sd_blob(). Allows us to centralize all ACL canonicalization. via 8c84ece Rename set_sd() to set_sd_blob() - this describes what it does. via 02aacb1 s3:libsmb correctly set isFsctl for snapshot list via 4612092 selftest: Remove spoolss tests from knownfail. via 20cfa38 selftest: Add missing printing options for plugin_s4_dc. via fb917eb file_server: Fix spoolss support with s3fs. via bf36462 selftest: Define the log directory for s3fs. via 5131359 auth/credentials: Support match-by-key in cli_credentials_get_server_gss_creds() via a58bf44 s4-torture: Add start of a test to confirm winbindd PAC parsing via fe36bb4 lib/krb4_wrap: Add const to kt_copy_one_principal via 6678907 s3:vfs_gpfs: Use directory not file to get fileset id via f31d0d0 vfs_media_harmony: fix some compile warnings with llvm via fb15e5a s3-printing: fix bug 9123 lprng job tracking errors via 24356f3 libkrb5: Fix build with MIT Kerberos. via e39cce4 s4-libnet: Fix passing samba_all_enctypes as a fn rather than the encrypt array it returns via 5d96498 s4-dsdb: Avoid printing secret attributes in ldb trace logs via 395b8e4 lib/ldb: Avoid printing secret attributes in ldb trace logs via 17337cf auth/credentials: Remove unused, and un-declared cli_credentials_set_krbtgt() via beafdd6 auth/credentials: Better integrate fetch of secrets.tdb and secrets.ldb records via a0e4bdc auth/credentials: Improve memory handling in cli_credentials_set_machine_account via 3a303ae5 selftest: Add a test for smbclient --machine-pass without secrets.tdb via bcc29f9 auth/credentials: Avoid double-free in the failure case via ba862f4 s3-smbd: Fix flooding the logs with records we don't find in pcap. via 9e441c4 s3-classicupgrade: Fix import from ldap via dd21bb0 lib/ldb: Bump ldb version to 1.1.11 via dc8d29c s3-vfs: Indicate the symlink destination when failing check_reduced_name via f2ccff7 s3-vfs: Try to be consistent about localtime vs GMT handling in vfs_shadow_copy2 via de20958 s3-vfs_shadow_copy2: Also accept a sscanf result via 11a5646 VERSION: Move on to beta8 from c41894c VERSION: Mark as the beta7 release http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-stable - Log - --- Summary of changes: VERSION|2 +- WHATSNEW.txt | 65 auth/credentials/credentials_krb5.c| 11 +- auth/credentials/credentials_secrets.c | 168 ++-- file_server/file_server.c |2 +- lib/krb5_wrap/enctype_convert.c| 12 +- lib/krb5_wrap/keytab_util.c|2 +- lib/krb5_wrap/krb5_samba.h |2 +- lib/ldb-samba/ldif_handlers.c |8 + lib/ldb/ABI/{ldb-1.1.10.sigs = ldb-1.1.11.sigs} |0 lib/ldb/ABI/{ldb-1.1.10.sigs = ldb-1.1.12.sigs} |1 + ...ldb-util-1.1.10.sigs = pyldb-util-1.1.11.sigs} |0 ...ldb-util-1.1.10.sigs = pyldb-util-1.1.12.sigs} |0 lib/ldb/common/ldb.c | 31 +++- lib/ldb/common/ldb_ldif.c | 47 +- lib/ldb/common/ldb_modules.c | 15 ++- lib/ldb/include/ldb_module.h |4 + lib/ldb/include/ldb_private.h |5 + lib/ldb/wscript|2 +- libcli/security/secdesc.c | 10 +- selftest/knownfail | 68 + selftest/target/Samba4.pm | 36 source3/libsmb/clifile.c |2 +- source3/modules/gpfs.c | 16 ++- source3/modules/vfs_gpfs.c | 24 +++-
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e39cce4 s4-libnet: Fix passing samba_all_enctypes as a fn rather than the encrypt array it returns from 5d96498 s4-dsdb: Avoid printing secret attributes in ldb trace logs http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e39cce4214b8df14aa123d63a9ac8e1c03925f2d Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 29 16:22:24 2012 +1000 s4-libnet: Fix passing samba_all_enctypes as a fn rather than the encrypt array it returns Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Aug 29 09:56:27 CEST 2012 on sn-devel-104 --- Summary of changes: source4/libnet/libnet_export_keytab.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/libnet/libnet_export_keytab.c b/source4/libnet/libnet_export_keytab.c index 9763726..16165b8 100644 --- a/source4/libnet/libnet_export_keytab.c +++ b/source4/libnet/libnet_export_keytab.c @@ -63,7 +63,7 @@ NTSTATUS libnet_export_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, s } if (r-in.principal) { - ret = kt_copy_one_principal(smb_krb5_context-krb5_context, from_keytab, r-in.keytab_name, r-in.principal, 0, samba_all_enctypes); + ret = kt_copy_one_principal(smb_krb5_context-krb5_context, from_keytab, r-in.keytab_name, r-in.principal, 0, samba_all_enctypes()); } else { unlink(r-in.keytab_name); ret = kt_copy(smb_krb5_context-krb5_context, from_keytab, r-in.keytab_name); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5131359 auth/credentials: Support match-by-key in cli_credentials_get_server_gss_creds() via a58bf44 s4-torture: Add start of a test to confirm winbindd PAC parsing via fe36bb4 lib/krb4_wrap: Add const to kt_copy_one_principal from 6678907 s3:vfs_gpfs: Use directory not file to get fileset id http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5131359edae7a5c7092c0d41bb225941596ddcac Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 30 07:49:21 2012 +1000 auth/credentials: Support match-by-key in cli_credentials_get_server_gss_creds() This allows a password alone to be used to accept kerberos tickets. Of course, we need to have got the salt right, but we do not need also the correct kvno. This allows gensec_gssapi to accept tickets based on a secrets.tdb entry. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Aug 30 01:26:12 CEST 2012 on sn-devel-104 commit a58bf44c1ec62736fc20e0e7dedb8a1c0306380c Author: Andrew Bartlett abart...@samba.org Date: Fri Aug 24 10:01:42 2012 +1000 s4-torture: Add start of a test to confirm winbindd PAC parsing So far this confirms that we can accept a ticket using the secrets.tdb entry. Andrew Bartlett commit fe36bb4bcc35cccbc6f0a91a9ef4a29e908048a0 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 29 17:58:45 2012 +1000 lib/krb4_wrap: Add const to kt_copy_one_principal --- Summary of changes: auth/credentials/credentials_krb5.c | 11 ++- lib/krb5_wrap/keytab_util.c |2 +- lib/krb5_wrap/krb5_samba.h|2 +- source3/selftest/tests.py |4 +- source4/auth/kerberos/kerberos.h |1 + source4/auth/kerberos/kerberos_util.c |1 + source4/torture/rpc/remote_pac.c |2 +- source4/torture/winbind/winbind.c | 153 + 8 files changed, 169 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c index 2a23688..459e948 100644 --- a/auth/credentials/credentials_krb5.c +++ b/auth/credentials/credentials_krb5.c @@ -717,6 +717,11 @@ _PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred, cred-keytab_obtained = (MAX(cred-principal_obtained, cred-username_obtained)); + /* We make this keytab up based on a password. Therefore +* match-by-key is acceptable, we can't match on the wrong +* principal */ + ktc-password_based = true; + talloc_steal(cred, ktc); cred-keytab = ktc; *_ktc = cred-keytab; @@ -818,12 +823,12 @@ _PUBLIC_ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, return ENOMEM; } - if (obtained CRED_SPECIFIED) { - /* This creates a GSSAPI cred_id_t with the principal and keytab set */ + if (ktc-password_based || obtained CRED_SPECIFIED) { + /* This creates a GSSAPI cred_id_t for match-by-key with only the keytab set */ maj_stat = gss_krb5_import_cred(min_stat, NULL, NULL, ktc-keytab, gcc-creds); } else { - /* This creates a GSSAPI cred_id_t with the principal and keytab set */ + /* This creates a GSSAPI cred_id_t with the principal and keytab set, matching by name */ maj_stat = gss_krb5_import_cred(min_stat, NULL, princ, ktc-keytab, gcc-creds); } diff --git a/lib/krb5_wrap/keytab_util.c b/lib/krb5_wrap/keytab_util.c index 91e4990..f9a8679 100644 --- a/lib/krb5_wrap/keytab_util.c +++ b/lib/krb5_wrap/keytab_util.c @@ -162,7 +162,7 @@ krb5_error_code kt_copy_one_principal(krb5_context context, const char *to, const char *principal, krb5_kvno kvno, - krb5_enctype *enctypes) + const krb5_enctype *enctypes) { krb5_error_code ret; krb5_keytab src_keytab, dst_keytab; diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h index c823c73..73a52a5 100644 --- a/lib/krb5_wrap/krb5_samba.h +++ b/lib/krb5_wrap/krb5_samba.h @@ -281,7 +281,7 @@ krb5_error_code kt_copy_one_principal(krb5_context context, const char *to, const char *principal, krb5_kvno kvno, - krb5_enctype *enctypes
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9e441c4 s3-classicupgrade: Fix import from ldap via dd21bb0 lib/ldb: Bump ldb version to 1.1.11 via dc8d29c s3-vfs: Indicate the symlink destination when failing check_reduced_name via f2ccff7 s3-vfs: Try to be consistent about localtime vs GMT handling in vfs_shadow_copy2 via de20958 s3-vfs_shadow_copy2: Also accept a sscanf result from 11a5646 VERSION: Move on to beta8 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9e441c4ed98b1a2b83069ad5fa54b2b30dc75598 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 28 11:19:04 2012 +1000 s3-classicupgrade: Fix import from ldap We must not reference result before provision(), and do not need session_info and lp for reading a normal ldap backend anyway. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Aug 28 09:49:39 CEST 2012 on sn-devel-104 commit dd21bb0b728a9c6dfc70f1785a642474fe7bd78b Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 28 10:00:34 2012 +1000 lib/ldb: Bump ldb version to 1.1.11 This will ensure the next Samba release requires an ldb with the recent fixes. Andrew Bartlett commit dc8d29cdae68e96a3e8a0d647ee952611e69b49e Author: Andrew Bartlett abart...@samba.org Date: Tue Jul 3 13:09:33 2012 +1000 s3-vfs: Indicate the symlink destination when failing check_reduced_name commit f2ccff7b06a2ad762103f98a736f37da94d7cfdd Author: Andrew Bartlett abart...@samba.org Date: Mon Jul 2 22:31:49 2012 +1000 s3-vfs: Try to be consistent about localtime vs GMT handling in vfs_shadow_copy2 With the ability to handle times a abolute time_t values since 1970 this becomes more important to get absolutly correct. Andrew Bartlett commit de209587f9ddbe19d321753bb8f160ce19eb4517 Author: Andrew Bartlett abart...@samba.org Date: Mon Jul 2 19:31:58 2012 +1000 s3-vfs_shadow_copy2: Also accept a sscanf result --- Summary of changes: lib/ldb/ABI/{ldb-1.1.10.sigs = ldb-1.1.11.sigs} |0 ...ldb-util-1.1.10.sigs = pyldb-util-1.1.11.sigs} |0 lib/ldb/wscript|2 +- source3/modules/vfs_shadow_copy2.c | 87 ++-- source3/smbd/vfs.c |4 +- source4/scripting/python/samba/upgrade.py |4 +- 6 files changed, 66 insertions(+), 31 deletions(-) copy lib/ldb/ABI/{ldb-1.1.10.sigs = ldb-1.1.11.sigs} (100%) copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs = pyldb-util-1.1.11.sigs} (100%) Changeset truncated at 500 lines: diff --git a/lib/ldb/ABI/ldb-1.1.10.sigs b/lib/ldb/ABI/ldb-1.1.11.sigs similarity index 100% copy from lib/ldb/ABI/ldb-1.1.10.sigs copy to lib/ldb/ABI/ldb-1.1.11.sigs diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util-1.1.11.sigs similarity index 100% copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs copy to lib/ldb/ABI/pyldb-util-1.1.11.sigs diff --git a/lib/ldb/wscript b/lib/ldb/wscript index 611eebf..3978dd2 100755 --- a/lib/ldb/wscript +++ b/lib/ldb/wscript @@ -1,7 +1,7 @@ #!/usr/bin/env python APPNAME = 'ldb' -VERSION = '1.1.10' +VERSION = '1.1.11' blddir = 'bin' diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c index af14e04..7c42052 100644 --- a/source3/modules/vfs_shadow_copy2.c +++ b/source3/modules/vfs_shadow_copy2.c @@ -84,6 +84,12 @@ be compatible with the conversion specifications recognized by str[fp]time. The default value is @GMT-%Y.%m.%d-%H.%M.%S. + shadow:sscanf = yes/no (default is no) + + The time is the unsigned long integer (%lu) in the format string + rather than a time strptime() can parse. The result must be a unix time_t + time. + shadow:localtime = yes/no (default is no) This is an optional parameter that indicates whether the @@ -142,27 +148,45 @@ static char *shadow_copy2_insert_string(TALLOC_CTX *mem_ctx, struct vfs_handle_struct *handle, time_t snapshot) { + const char *fmt; struct tm snap_tm; - fstring gmt; - size_t gmt_len; + fstring snaptime_string; + size_t snaptime_len; - if (localtime_r(snapshot, snap_tm) == 0) { - DEBUG(10, (gmtime_r failed\n)); - return NULL; - } - gmt_len = strftime(gmt, sizeof(gmt), - lp_parm_const_string(SNUM(handle-conn), shadow, - format, GMT_FORMAT), - snap_tm); - if (gmt_len == 0) { - DEBUG(10, (strftime failed\n)); - return NULL; + fmt
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a0e4bdc auth/credentials: Improve memory handling in cli_credentials_set_machine_account via 3a303ae5 selftest: Add a test for smbclient --machine-pass without secrets.tdb via bcc29f9 auth/credentials: Avoid double-free in the failure case from ba862f4 s3-smbd: Fix flooding the logs with records we don't find in pcap. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a0e4bdcb5b374a4259164aed8fdbcc7b1761f09b Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 29 09:21:52 2012 +1000 auth/credentials: Improve memory handling in cli_credentials_set_machine_account By using a tempoary talloc context this is much tidier and more reliable code. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Aug 29 03:11:10 CEST 2012 on sn-devel-104 commit 3a303ae5ab2bfef58e0ea281e3a99406ff8fd53f Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 29 09:10:40 2012 +1000 selftest: Add a test for smbclient --machine-pass without secrets.tdb Errors in handling the upgrade case without a matching secrets.tdb caused segfaults in the server. This essentially tests both sides. Andrew Bartlett commit bcc29f9e7317601737858184f5ec6243552e0c0c Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 29 09:09:10 2012 +1000 auth/credentials: Avoid double-free in the failure case This pointer is only valid if dbwrap_fetch returned success. Andrew Bartlett --- Summary of changes: auth/credentials/credentials_secrets.c | 52 selftest/target/Samba4.pm |9 + source4/selftest/tests.py |2 +- 3 files changed, 36 insertions(+), 27 deletions(-) Changeset truncated at 500 lines: diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c index 3304200..8c8c567 100644 --- a/auth/credentials/credentials_secrets.c +++ b/auth/credentials/credentials_secrets.c @@ -73,7 +73,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, /* some other parts of the system will key off this */ cred-machine_account = true; - mem_ctx = talloc_named(cred, 0, cli_credentials fetch machine password); + mem_ctx = talloc_named(cred, 0, cli_credentials_set_secrets from ldb); if (!ldb) { /* Local secrets are stored in secrets.ldb */ @@ -209,10 +209,21 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr char *secrets_tdb_password = NULL; char *keystr; char *keystr_upper = NULL; - char *secrets_tdb = lpcfg_private_path(cred, lp_ctx, secrets.tdb); - struct db_context *db_ctx = dbwrap_local_open(cred, lp_ctx, secrets_tdb, 0, - TDB_DEFAULT, O_RDWR, 0600, - DBWRAP_LOCK_ORDER_1); + char *secrets_tdb; + struct db_context *db_ctx; + TALLOC_CTX *tmp_ctx = talloc_named(cred, 0, cli_credentials_set_secrets from ldb); + if (!tmp_ctx) { + return NT_STATUS_NO_MEMORY; + } + secrets_tdb = lpcfg_private_path(cred, lp_ctx, secrets.tdb); + if (!secrets_tdb) { + TALLOC_FREE(tmp_ctx); + return NT_STATUS_NO_MEMORY; + } + + db_ctx = dbwrap_local_open(cred, lp_ctx, secrets_tdb, 0, + TDB_DEFAULT, O_RDWR, 0600, + DBWRAP_LOCK_ORDER_1); /* Bleh, nasty recursion issues: We are setting a machine * account here, so we don't want the 'pending' flag around * any more */ @@ -225,25 +236,21 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr if (db_ctx) { TDB_DATA dbuf; - keystr = talloc_asprintf(cred, %s/%s, + keystr = talloc_asprintf(tmp_ctx, %s/%s, SECRETS_MACHINE_LAST_CHANGE_TIME, domain); - keystr_upper = strupper_talloc(cred, keystr); - TALLOC_FREE(keystr); - status = dbwrap_fetch(db_ctx, cred, string_tdb_data(keystr_upper), + keystr_upper = strupper_talloc(tmp_ctx, keystr); + status = dbwrap_fetch(db_ctx, tmp_ctx, string_tdb_data(keystr_upper), dbuf); - TALLOC_FREE(keystr_upper); if (NT_STATUS_IS_OK(status) dbuf.dsize == 4) { secrets_tdb_lct = IVAL(dbuf.dptr,0); } - TALLOC_FREE(dbuf.dptr
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5d96498 s4-dsdb: Avoid printing secret attributes in ldb trace logs via 395b8e4 lib/ldb: Avoid printing secret attributes in ldb trace logs via 17337cf auth/credentials: Remove unused, and un-declared cli_credentials_set_krbtgt() via beafdd6 auth/credentials: Better integrate fetch of secrets.tdb and secrets.ldb records from a0e4bdc auth/credentials: Improve memory handling in cli_credentials_set_machine_account http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5d96498680ec4209142ea7dc460a3fd921413a5e Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 29 11:32:26 2012 +1000 s4-dsdb: Avoid printing secret attributes in ldb trace logs These are printed when Samba has debug level 10, which is often used for debugging. To indicate that these attributes are secret, we set an opaque. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Aug 29 06:04:33 CEST 2012 on sn-devel-104 commit 395b8e4d58e2815d9848f8a6390f23d8c7d10a91 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 29 11:29:44 2012 +1000 lib/ldb: Avoid printing secret attributes in ldb trace logs These are printed when Samba has debug level 10, which is often used for debugging. Instead, print a note to say that this attribute has been skipped. Andrew Bartlett commit 17337cfec071f7f82fa4c50ace751d51277a4b20 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 29 09:44:52 2012 +1000 auth/credentials: Remove unused, and un-declared cli_credentials_set_krbtgt() commit beafdd6410f122d39c32d51629dd7eaf20a8a6c1 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 29 09:44:12 2012 +1000 auth/credentials: Better integrate fetch of secrets.tdb and secrets.ldb records By checking first if there is a secrets.tdb record and passing in the password and last change time we avoid setting one series of values and then replacing them. We also avoid the need to work around the setting of anonymous. Andrew Bartlett --- Summary of changes: auth/credentials/credentials_secrets.c | 116 ++-- lib/ldb-samba/ldif_handlers.c |8 ++ lib/ldb/ABI/{ldb-1.1.10.sigs = ldb-1.1.12.sigs} |1 + ...ldb-util-1.1.10.sigs = pyldb-util-1.1.12.sigs} |0 lib/ldb/common/ldb.c | 31 - lib/ldb/common/ldb_ldif.c | 47 +++- lib/ldb/common/ldb_modules.c | 15 +++- lib/ldb/include/ldb_module.h |4 + lib/ldb/include/ldb_private.h |5 + lib/ldb/wscript|2 +- 10 files changed, 157 insertions(+), 72 deletions(-) copy lib/ldb/ABI/{ldb-1.1.10.sigs = ldb-1.1.12.sigs} (99%) copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs = pyldb-util-1.1.12.sigs} (100%) Changeset truncated at 500 lines: diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c index 8c8c567..a44fe1c 100644 --- a/auth/credentials/credentials_secrets.c +++ b/auth/credentials/credentials_secrets.c @@ -46,12 +46,14 @@ * @param cred Credentials structure to fill in * @retval NTSTATUS error detailing any failure */ -_PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, - struct loadparm_context *lp_ctx, - struct ldb_context *ldb, - const char *base, - const char *filter, - char **error_string) +static NTSTATUS cli_credentials_set_secrets_lct(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, + struct ldb_context *ldb, + const char *base, + const char *filter, + time_t secrets_tdb_last_change_time, + const char *secrets_tdb_password, + char **error_string) { TALLOC_CTX *mem_ctx; @@ -66,6 +68,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, const char *salt_principal; char *keytab; const struct ldb_val *whenChanged; + time_t lct; /* ok, we are going to get it now, don't recurse back here */ cred-machine_account_pending = false; @@ -79,8 +82,6 @@ _PUBLIC_ NTSTATUS
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 11a5646 VERSION: Move on to beta8 via c41894c VERSION: Mark as the beta7 release via 3460340 WHATSNEW: prepare for 4.0 beta7 via 24f3147 selftest: Fix comment in blackbox_s3upgrade.sh via 444c9ff s4-classicupgrade: Do the setting of the sysvol ACLs last, after idmap is configured via 5aa9a6c s3-passdb: Allow reload of the static passdb from python via f873d42 auth/credentials: Rework credentials handling to try and find the most recent machine pw via 1a8fd71 selftest: Add test of smbclient --machine-pass against and using both s3 and s4 via e66fa2c auth/credentials: Expand secrets.tdb fetch of secrets to preserve workstation and realm via 43904cb s4-dsdb: Remove double-free in update_keytab module via 8c20539 s4-dsdb: Add secrets_tdb_sync - an ldb module to keep secrets.tdb in sync via f2d9be5 s3-secrets: Use talloc_stackframe() in secrets_init_path() via 5adf8c8 s3-secrets: Handle all valid ROLE_ values in get_default_sec_channel() via 708ce41 s3-secrets: Add helper function to set machine account password from secrets_tdb_sync via 62373b8 lib/krb5_wrap: Move enctype conversion functions into a simple helper file via d5b9972 s4-classicupgrade: Read WINS DB before the provision via 85f1c4f s4-classicupgrade: Do all the queries of data before the provision() via 738f4ac s4-classicupgrade: Use s3param.get_context() instead of result.lp via 1ed6070 lib/krb5_wrap: Move kerberos_enctype_to_bitmap() into krb5_wrap via 0f7aa3d lib/krb5_wrap: Bring list of all enc types into krb5_wrap via 8613539 s4-libnet: Ensure termination of enctype array in libnet_export_keytab() via 098c5ec examples: Remove security=share and security=server from example smb.conf via e17bf6a s3-param: Avoid assert on use of talloc_tos() without stackframe from f118eae s4-torture: Test for #9058 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 11a5646cd47bb8e845aa364120979194d95b3e16 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 28 07:43:06 2012 +1000 VERSION: Move on to beta8 We actually expect beta7 to be the last beta, but to avoid confusion I won't mark it as rc1 until the actual release candidate. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Aug 28 01:48:16 CEST 2012 on sn-devel-104 commit c41894c7dd512eeddacb6810405b64ad180af6e0 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 28 07:41:11 2012 +1000 VERSION: Mark as the beta7 release commit 3460340bf2cc65a89d441478a12bfc2deb3fd55f Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 28 07:39:36 2012 +1000 WHATSNEW: prepare for 4.0 beta7 commit 24f3147019899cdc05cd95a53ce91ded7436c9a6 Author: Andrew Bartlett abart...@samba.org Date: Mon Aug 27 22:39:35 2012 +1000 selftest: Fix comment in blackbox_s3upgrade.sh commit 444c9ffad75cfe4f1948a09a870c87b17aed21a9 Author: Andrew Bartlett abart...@samba.org Date: Mon Aug 27 22:38:53 2012 +1000 s4-classicupgrade: Do the setting of the sysvol ACLs last, after idmap is configured This will allow files to be correctly owned by the idmap that is imported. This appears to fix an issue that came up after s3fs-compatible ACLs were merged into provision. Andrew Bartlett commit 5aa9a6c936cbf4fb8a7a9d9a03b1678d6419e78f Author: Andrew Bartlett abart...@samba.org Date: Mon Aug 27 22:37:19 2012 +1000 s3-passdb: Allow reload of the static passdb from python This is then used in provision when the passdb backend is forced. Andrew Bartlett commit f873d422b153c55754c0d1e83670cda7c3a7f7e3 Author: Andrew Bartlett abart...@samba.org Date: Mon Aug 27 21:37:19 2012 +1000 auth/credentials: Rework credentials handling to try and find the most recent machine pw As winbindd will update secrets.tdb but not secrets.ldb, we need to detect this and use secrets.tdb Andrew Bartlett commit 1a8fd711d7e4f97a6749b5d6c4806b11c38f20f4 Author: Andrew Bartlett abart...@samba.org Date: Mon Aug 27 21:02:28 2012 +1000 selftest: Add test of smbclient --machine-pass against and using both s3 and s4 This uses both smbclient binaries to ensure that both work in both environments. Andrew Bartlett commit e66fa2c8134a886f52419f4a33992b200b00ff49 Author: Andrew Bartlett abart...@samba.org Date: Mon Aug 27 21:01:10 2012 +1000 auth/credentials: Expand secrets.tdb fetch of secrets to preserve workstation and realm These would otherwise be set during the fetch from the secrets.ldb, but are wiped when that fails. Andrew Bartlett commit 43904cb4f5e775a5ba72553d1a59ffd30204a83d
[SCM] Samba Shared Repository - annotated tag samba-4.0.0beta7 created
The annotated tag, samba-4.0.0beta7 has been created at 1f3d4c321be9547e04a8895073fce2366add7fc3 (tag) tagging c41894c7dd512eeddacb6810405b64ad180af6e0 (commit) replaces tevent-0.9.17 tagged by Andrew Bartlett on Tue Aug 28 10:18:12 2012 +1000 - Log - samba4: tag release samba-4.0.0beta7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIVAwUAUDwORGjGT3QfUnJfAQIkFhAAoec0rA/3rkPjTqg+t2xqHi2DZYL0NOCp RyrkbtIZHZjUCRD7T2eNtsM/7Q1t58xMyis18CGu7+coQFeAUuiH2Vx+JAegmccj 952uACW59GBZgpg0V6KrmpsI8tyWe8qpDFoxuAuaFjLXxH+E8mEOimmQBQjzsryH 2Malo3bbziA/sumhynFVgZ8BMPCz/QSgu2dVI12o16Dji27lqsOFRDh01c9+Eq8Y Y20qAmIkiWtiO0YhRfH5AzDceD34WGuZsgrtsyxLbW4M87Nz0b+p5UcRBKJyv1yk FMt7JwZPiVedNJnOe0c19A8nf5OfwsepuRplAgZ5I17+TqcfrF1TK0NMY9xtWejT Uu72VEG1XCUjqqnS6KnbdHFki8HrKR0uG7Q/xUYwuLY+dXIEgzgL3GVIEdXMYWeC sx29CbwMDSKQvXNv+QJQDMO0PcwgaACkzxJgv2B5LGFQmWtJczhQ1LgKe4lQg5Ja zONqc/59m6UNmXL1sgfwrDAU6bcGFEYphKM3LA636flja3gf8PjKVM8jJZBwyEZl 3159fyIOUHkREYJqZMaAczktRBTR8GP5ZuToV0KawoyZxSTxQ0tM1pKcmcC0gNoP cWYxvBPFLpxymIgPVBAwNMTDjyGIdaSeMhkEaC5vXJT1j9ZoBdzkWzZq4JEsFX4y kzvTHBho4kA= =aDj6 -END PGP SIGNATURE- Andrew Bartlett (89): s3-torture: Allow vfstest to set ACLs on a directory s4-dsdb: Ensure we always free tmp_ctx in schema refresh check build: Ensure -Werror=format works with -Wformat=2 on NULL format strings s4-kcc: Avoid use-after-free of dn and add tmp_ctx s4-dsdb: Use tmp_ctx in kccsrv_check_deleted to avoid leaking memory onto part-dn s3-vfs: Allow vfs_xattr_tdb to work without a connected share s4-ntvfs: Ensure we do not attempt to write EAs on streams s4-ntvfs: Add TODO on ea_size s3-smbd: Push smb_fname into estimate_ea_size s3-smbd: Do not look for EA information on a stream s3-smbd: ensure we give appropriate errors for EA requests on streams s3-vfs: Use the system. namespace for fake ACLs s3-vfs: Correct the implementation of fake_acls_sys_acl_delete_def_file() s3-vfs: Add lstat and lchown hooks to the vfs_fake_acls module s3-build: Enable vfs_fake_acls when in developer mode or on the build farm build: Do not put a .distversion file into the GIT tree WHATSNEW: Remove over-caution on s3fs and explain browsing better doc-BUILD_SYSTEMS.txt: The grand rename is complete s4-torture: Improve raw.streams test to cover EAs and to use torture_assert() s4-torture: Show that we cannot have extended attributes on streams s4-torture: Show that we cannot list extended attributes on streams selftest: Use new fake_acls module s4-torture: Use torture_fail() in the unix.unix_info2 test build: Remove accidentily added line in samba_version.py build: Remove special case for the build farm s3-pysmbd: Add hook for a VFS chown() s3-passdb: Allow pdb_sid_to_id to work on any SID s3-pysmbd: Correct comments in python VFS bindings s3-pysmbd: Add get/set functions for the posix ACL layer build: Create bin/ when doing 'waf dist' from a fresh checkout s3-vfs: Make vfs_aio_fork erratic timing behaviour a run-time option selftest: Add tests for vfs_aio_fork s4-provision: pass use_ntvfs from C wrappers and set to true in tests/vampire s4-classicupgrade: Add --use-ntvfs option selftest: Specify --use-ntvfs to provision in test scripts selftest: Pass --use-ntvfs to provison in renamedc test s3-vfs: Remove extra calls to SMB_VFS_HANDLE_GET_DATA s4-python: complete python bindigns for smb_acls.idl s3-pysmbd: Correct the python type for smb_acl_t s4-python: Complete python bindings for idmap.idl selftest: Specify --use-ntvfs for the chdcpass environment selftest: Specify --use-ntvfs when testing the LDAP backend init code selftest: Specify --use-ntvfs when testing the newuser code selftest: Specify --use-ntvfs when testing the group code selftest: Set --use-ntvfs for rodc, vampire_dc, promoted_vampire_dc and subdom_dc s4-upgradeprovision: Use ntvfs in reference provision s4-dsdb: Do not use a possibly-old loadparm context in schema reload s4-dsdb: Remove unused variables file_server: Move default VFS module settings to loadparm.c s4-provision: set POSIX ACLs to for use with the smbd file server (s3fs) s4-scripting: Redefine getntacl() as accessing via the smbd VFS or directly selftest: Add a test of the NT ACL - posix ACL mapping layer selftest: Extend posixacl test to check the actual ACL selftest: Cope with the multiple possible representations of -1 in posixacl.py selftest: Add a test of the NT ACL - posix ACL mapping layer to selftest s4-samba-tool: Add 'samba-tool ntacl sysvolreset' tool s3-pysmbd: Allow a mode to be specified for the simple ACL s4-provision: Fix internal documentation
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e14bf39 s4-selftest: Always set vfs objects in selftest smb.conf via 123ee7f s4-selftest: Add test for samba-tool ntacl sysvolcheck via ebcdc4a s4-samba-tool: Add samba-tool ntacl sysvolcheck command via 0aed291 s3-smbd: Add security_info_wanted argument to get_nt_acl_no_snum via e058dfb s3-pysmbd: Fix return type of smbd.get_nt_acl via e8e24a2 s3-smbd: Add talloc_stackframe() to get_nt_acl_no_snum() via 7cf50b9 s4-selftest: Add testing of samba-tool ntacl sysvolreset via 8c71dc3 param: Add startup checks for valid server role/binary combinations via 332efe1 s3-pysmbd: Fix error message via 7e7ed72 s4-provision: Fix internal documentation via 51e3547 s3-pysmbd: Allow a mode to be specified for the simple ACL via 8f90919 s4-samba-tool: Add 'samba-tool ntacl sysvolreset' tool via 56fd072 selftest: Add a test of the NT ACL - posix ACL mapping layer to selftest via 4fe344e selftest: Cope with the multiple possible representations of -1 in posixacl.py via bd00c92 selftest: Extend posixacl test to check the actual ACL via 318b8cb selftest: Add a test of the NT ACL - posix ACL mapping layer via b1825c6 s4-scripting: Redefine getntacl() as accessing via the smbd VFS or directly via a778662 s4-provision: set POSIX ACLs to for use with the smbd file server (s3fs) via 8518dd6 file_server: Move default VFS module settings to loadparm.c via be9a8cf s4-dsdb: Remove unused variables via d1eac79 s4-dsdb: Do not use a possibly-old loadparm context in schema reload via a58ac39 s4-upgradeprovision: Use ntvfs in reference provision via ccac50c selftest: Set --use-ntvfs for rodc, vampire_dc, promoted_vampire_dc and subdom_dc via c1012c6 selftest: Specify --use-ntvfs when testing the group code via b2ff365 selftest: Specify --use-ntvfs when testing the newuser code via 2fc6760 selftest: Specify --use-ntvfs when testing the LDAP backend init code via 8c7f4f0 selftest: Specify --use-ntvfs for the chdcpass environment from 069db9b s3:smb2_break: encrypt OPLOCK BREAK notifications http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e14bf399cfa767ffa065a1f50df07b3cf446b375 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 23 20:13:45 2012 +1000 s4-selftest: Always set vfs objects in selftest smb.conf This sets it for all enviornments, as it is harmless if ntvfs is used and critical if the provision script runs in s3fs mode. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Aug 23 16:42:41 CEST 2012 on sn-devel-104 commit 123ee7f9b5e5ccac6740e5fdfff2a8a24f98087d Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 23 10:38:06 2012 +1000 s4-selftest: Add test for samba-tool ntacl sysvolcheck commit ebcdc4a36be9b79325b11ec0c44a43db93e29519 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 23 10:37:46 2012 +1000 s4-samba-tool: Add samba-tool ntacl sysvolcheck command This command verifies that the current on-disk ACLs match the directory and the defaults from provision. Unlike sysvolreset, this does not change any of the permissions. Andrew Bartlett commit 0aed29105e9d8ddcd27a70d7af820da8813ca47b Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 23 09:45:07 2012 +1000 s3-smbd: Add security_info_wanted argument to get_nt_acl_no_snum I need to get at the owner, group, DACL and SACL when testing correct ACL storage. Andrew Bartlett commit e058dfb3b0714da229d1bddf96c72611af7b1fab Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 23 09:39:32 2012 +1000 s3-pysmbd: Fix return type of smbd.get_nt_acl The security_ prefix is stripped off in the python bindings. Andrew Bartlett commit e8e24a251b7625647352764298f108769bbad922 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 23 09:38:54 2012 +1000 s3-smbd: Add talloc_stackframe() to get_nt_acl_no_snum() This is required because the functions it calls use talloc_tos(). Andrew Bartlett commit 7cf50b9f305d6c2cdc57f38c9b4e5f8b73301f8a Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 22 21:19:41 2012 +1000 s4-selftest: Add testing of samba-tool ntacl sysvolreset commit 8c71dc3505ab83ce95ab40a56f77313c4448be16 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 22 21:01:16 2012 +1000 param: Add startup checks for valid server role/binary combinations This should eliminate confusion from our users about what they can expect to successfully run. Andrew Bartlett commit 332efe1539d83c0971f151f902f234e5a8bf0690 Author: Andrew Bartlett abart
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a817959 build: Create bin/ when doing 'waf dist' from a fresh checkout via dc063bf s3-pysmbd: Add get/set functions for the posix ACL layer via 4df2c65 s3-pysmbd: Correct comments in python VFS bindings via 02e25b2 s3-passdb: Allow pdb_sid_to_id to work on any SID via d963aaf s3-pysmbd: Add hook for a VFS chown() from 4d5471f build: Remove special case for the build farm http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a81795974ca838f48f8c323bc7563c56795e6bdd Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 21 15:22:25 2012 +1000 build: Create bin/ when doing 'waf dist' from a fresh checkout As suggested by Amitay. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Aug 21 09:03:02 CEST 2012 on sn-devel-104 commit dc063bf3bdf06aff1582c5c8784a8e0d5b06d378 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 21 15:11:30 2012 +1000 s3-pysmbd: Add get/set functions for the posix ACL layer These will be used to verify that an ACL set as an NT ACL creates the correct posix ACL. Andrew Bartlett commit 4df2c65ea637618971c406f05e68a93feb44c70c Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 21 15:10:43 2012 +1000 s3-pysmbd: Correct comments in python VFS bindings commit 02e25b2a43ae02205a3412f862a1482d24b70aa4 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 21 14:56:45 2012 +1000 s3-passdb: Allow pdb_sid_to_id to work on any SID This is needed so that pdb_samba4 can map any SID during a provision. At runtime, winbindd will be asked first, but this shortcut direct to the ldb file makes it possible to set the permissions on the sysvol share at provision time. Andrew Bartlett commit d963aaf73be22b0a027b3636c6c51292412b5931 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 21 14:23:35 2012 +1000 s3-pysmbd: Add hook for a VFS chown() --- Summary of changes: source3/passdb/lookup_sid.c| 22 +++ source3/passdb/pdb_interface.c |5 ++ source3/passdb/pdb_ldap.c |5 ++ source3/smbd/pysmbd.c | 146 +++- wscript|1 + 5 files changed, 164 insertions(+), 15 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index a2d793f..26ce41c 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -1084,20 +1084,16 @@ static void legacy_gid_to_sid(struct dom_sid *psid, gid_t gid) static bool legacy_sid_to_unixid(const struct dom_sid *psid, struct unixid *id) { GROUP_MAP *map; - if (sid_check_is_in_our_sam(psid)) { - bool ret; - - become_root(); - ret = pdb_sid_to_id(psid, id); - unbecome_root(); - - if (ret) { - goto done; - } - - /* This was ours, but it was not mapped. Fail */ + bool ret; + + become_root(); + ret = pdb_sid_to_id(psid, id); + unbecome_root(); + + if (ret) { + goto done; } - + if ((sid_check_is_in_builtin(psid) || sid_check_is_in_wellknown_domain(psid))) { bool ret; diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index cdbb378..d24301a 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -1429,6 +1429,11 @@ static bool pdb_default_sid_to_id(struct pdb_methods *methods, uint32_t rid; id-id = -1; + if (!sid_check_is_in_our_sam(sid)) { + /* Not our SID */ + return False; + } + mem_ctx = talloc_new(NULL); if (mem_ctx == NULL) { diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 9b4d8a6..ffd5743 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -4938,6 +4938,11 @@ static bool ldapsam_sid_to_id(struct pdb_methods *methods, TALLOC_CTX *mem_ctx; + if (!sid_check_is_in_our_sam(sid)) { + /* Not our SID */ + return False; + } + mem_ctx = talloc_new(NULL); if (mem_ctx == NULL) { DEBUG(0, (talloc_new failed\n)); diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c index 0004887..8fca4e7 100644 --- a/source3/smbd/pysmbd.c +++ b/source3/smbd/pysmbd.c @@ -274,6 +274,56 @@ static PyObject *py_smbd_set_simple_acl(PyObject *self, PyObject *args) } /* + chown a file + */ +static PyObject *py_smbd_chown(PyObject *self, PyObject *args) +{ + connection_struct *conn; + NTSTATUS
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ebb776f selftest: Add tests for vfs_aio_fork via e79ed4f s3-vfs: Make vfs_aio_fork erratic timing behaviour a run-time option from a817959 build: Create bin/ when doing 'waf dist' from a fresh checkout http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ebb776f51f697ece62ed5c7ee6aa4865397347c2 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 21 19:22:54 2012 +1000 selftest: Add tests for vfs_aio_fork Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Aug 21 13:12:33 CEST 2012 on sn-devel-104 commit e79ed4fe72208e632cd980d4adec07f1c78f1511 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 21 19:22:37 2012 +1000 s3-vfs: Make vfs_aio_fork erratic timing behaviour a run-time option This will allow this to be tested as part of a normal selftest. Andrew Bartlett --- Summary of changes: selftest/target/Samba3.pm |8 ++ source3/modules/vfs_aio_fork.c | 49 +++ source3/selftest/tests.py |4 +++ 3 files changed, 56 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 31bd15b..cb11827 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -344,10 +344,18 @@ sub setup_secshare($$) print PROVISIONING server with security=share...; + my $prefix_abs = abs_path($path); + my $secshare_options = security = share lanman auth = yes vfs objects = $vfs_modulesdir_abs/xattr_tdb.so $vfs_modulesdir_abs/streams_depot.so + +[vfs_aio_fork] + path = $prefix_abs/share +vfs objects = $vfs_modulesdir_abs/aio_fork.so +read only = no +vfs_aio_fork:erratic_testing_mode=yes ; my $vars = $self-provision($path, diff --git a/source3/modules/vfs_aio_fork.c b/source3/modules/vfs_aio_fork.c index 811d44e..2ec3d3d 100644 --- a/source3/modules/vfs_aio_fork.c +++ b/source3/modules/vfs_aio_fork.c @@ -33,6 +33,10 @@ #define MAP_FILE 0 #endif +struct aio_fork_config { + bool erratic_testing_mode; +}; + struct mmap_area { size_t size; volatile void *ptr; @@ -112,6 +116,7 @@ struct rw_cmd { size_t n; off_t offset; enum cmd_type cmd; + bool erratic_testing_mode; }; struct rw_ret { @@ -355,8 +360,7 @@ static void aio_child_loop(int sockfd, struct mmap_area *map) cmd_type_str(cmd_struct.cmd), (int)cmd_struct.n, (int)cmd_struct.offset, fd)); -#ifdef DEVELOPER - { + if (cmd_struct.erratic_testing_mode) { /* * For developer testing, we want erratic behaviour for * async I/O times @@ -372,8 +376,6 @@ static void aio_child_loop(int sockfd, struct mmap_area *map) DEBUG(10, (delaying for %u msecs\n, msecs)); smb_msleep(msecs); } -#endif - ZERO_STRUCT(ret_struct); @@ -587,6 +589,10 @@ static struct tevent_req *aio_fork_pread_send(struct vfs_handle_struct *handle, struct rw_cmd cmd; ssize_t written; int err; + struct aio_fork_config *config; + SMB_VFS_HANDLE_GET_DATA(handle, config, + struct aio_fork_config, + return -1); req = tevent_req_create(mem_ctx, state, struct aio_fork_pread_state); if (req == NULL) { @@ -609,6 +615,7 @@ static struct tevent_req *aio_fork_pread_send(struct vfs_handle_struct *handle, cmd.n = n; cmd.offset = offset; cmd.cmd = READ_CMD; + cmd.erratic_testing_mode = config-erratic_testing_mode; DEBUG(10, (sending fd %d to child %d\n, fsp-fh-fd, (int)state-child-pid)); @@ -698,6 +705,10 @@ static struct tevent_req *aio_fork_pwrite_send( struct rw_cmd cmd; ssize_t written; int err; + struct aio_fork_config *config; + SMB_VFS_HANDLE_GET_DATA(handle, config, + struct aio_fork_config, + return NULL); req = tevent_req_create(mem_ctx, state, struct aio_fork_pwrite_state); if (req == NULL) { @@ -720,6 +731,7 @@ static struct tevent_req *aio_fork_pwrite_send( cmd.n = n; cmd.offset = offset; cmd.cmd = WRITE_CMD; + cmd.erratic_testing_mode = config-erratic_testing_mode; DEBUG(10, (sending fd %d to child %d\n, fsp-fh-fd, (int)state-child-pid)); @@ -808,6 +820,10 @@ static struct tevent_req *aio_fork_fsync_send( struct rw_cmd cmd
[SCM] build.samba.org - branch master updated
The branch, master has been updated via b7bc145 Use --enable-selftest only on master from dd6b02d build samba_3 with --enable-selftest http://gitweb.samba.org/?p=build-farm.git;a=shortlog;h=master - Log - commit b7bc1451ced1ec73ac3eca4dda03e036f6b79e2a Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 21 23:39:16 2012 +1000 Use --enable-selftest only on master --- Summary of changes: build_test.fns |6 +- 1 files changed, 5 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/build_test.fns b/build_test.fns index 46ebc37..ff5078c 100644 --- a/build_test.fns +++ b/build_test.fns @@ -748,9 +748,13 @@ test_tree() { samba_4*) sw_config=$config --enable-selftest ;; - samba_3*) + samba_3_master) sw_config=$config --enable-selftest ;; + samba_3*) + sw_config=$config --enable-socket-wrapper + sw_config=$sw_config --enable-nss-wrapper + ;; samba-gtk) PKG_CONFIG_PATH=$test_root/prefix/samba_4_0_test.$compiler/lib/pkgconfig export PKG_CONFIG_PATH -- build.samba.org
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1219eaf s4-python: Complete python bindings for idmap.idl via 125e93c s3-pysmbd: Correct the python type for smb_acl_t via 10267f1 s4-python: complete python bindigns for smb_acls.idl via 450fcd7 s3-vfs: Remove extra calls to SMB_VFS_HANDLE_GET_DATA via 2b40446 selftest: Pass --use-ntvfs to provison in renamedc test via 9170f9c selftest: Specify --use-ntvfs to provision in test scripts via 97b1379 s4-classicupgrade: Add --use-ntvfs option via b5c2747 s4-provision: pass use_ntvfs from C wrappers and set to true in tests/vampire via c4b9c3a s4:samldb LDB module - remove unused member attribute from search filter via 32cd618 LDB:ldb_tdb.c - deny multi-valued attributes manipulation with doublets via cb63b34 LDB:ldbsearch - add search filter tests via 6a8c697 LDB:ldbsearch - search filters do not only contain = via c8bfb8e s4:dsdb - always fail if a search filter could not be parsed via 536c082 LDB:ldif_handlers.c - LDB_OP_GREATER/LDB_OP_LESS are thought as = or = via 5f8006c s4:dsdb_sort_objectClass_attr - simplify memory context handling via 166a7d3 s4:dsdb_sort_objectClass_attr - use data_blob_string_const for setting values from db075b0 libcli: fix value of NT_STATUS_FILE_NOT_AVAILABLE http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1219eaffbe60ea875306f84d3ce7965ce4ae6384 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 21 23:21:41 2012 +1000 s4-python: Complete python bindings for idmap.idl Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Aug 22 03:08:51 CEST 2012 on sn-devel-104 commit 125e93cdde0798f306cd8a5778ecbf985aa63d3e Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 21 22:41:13 2012 +1000 s3-pysmbd: Correct the python type for smb_acl_t The t is weird, but the python bindings trim the traditional IDL name prefix of each element, as it is usually rudundent. Andrew Bartlett commit 10267f153c590838d2440e71b535e55874d82d9c Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 21 22:40:12 2012 +1000 s4-python: complete python bindigns for smb_acls.idl commit 450fcd79c795698c33ef2e0e4e85460128ba7bfd Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 21 21:22:31 2012 +1000 s3-vfs: Remove extra calls to SMB_VFS_HANDLE_GET_DATA Found by the talloc_stackframe() out of order checker! Andrew Bartlett commit 2b404462f5b055843ecc7af27bfd05d5d11d09e4 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 22 07:25:59 2012 +1000 selftest: Pass --use-ntvfs to provison in renamedc test Also fix test prefix to match the test Andrew Bartlett commit 9170f9ce95583f30d108d4a2d23b05f246a3514c Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 21 20:04:16 2012 +1000 selftest: Specify --use-ntvfs to provision in test scripts Because these run as non-root, we need to avoid doing things that will fail during the provision. The main test of the s3fs provision is the plugin_s4_dc environment with a smb.conf that specifies vfs_fake_acls. Andrew Bartlett commit 97b13799ce4786f03602fba8eb6ad5da7023bb5c Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 22 06:58:19 2012 +1000 s4-classicupgrade: Add --use-ntvfs option This is an odd option, but is needed because I wish to add assertions about ACL setting that will not work in make test without the vfs_fake_acls module loaded. Andrew Bartlett commit b5c2747cad0f9bbb69cceb4b90aab20546a5cf66 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 21 19:58:18 2012 +1000 s4-provision: pass use_ntvfs from C wrappers and set to true in tests/vampire None of these cases need the complexity of the s3fs backend. Andrew Bartlett commit c4b9c3aba8a448812d401fc28ad65ac818af5b04 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Fri May 11 11:53:46 2012 +0200 s4:samldb LDB module - remove unused member attribute from search filter Signed-off-by: Andrew Bartlett abart...@samba.org commit 32cd618e6c0d44e0f64409ceda8451cc4665e625 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu May 10 16:18:37 2012 +0200 LDB:ldb_tdb.c - deny multi-valued attributes manipulation with doublets This refers to LDB add operations as well, we have only to be careful on @ATTRIBUTES entries. E.g. dn: cn=testperson,cn=users,dc=...,dc=... objectClass: person url: www.example.com url: www.example.com should not work. Signed-off-by: Andrew Bartlett abart...@samba.org commit cb63b34b053119fcab093e95f555840afa9cfdcf Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu May 10
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 84d6e09 s4-torture: Use torture_fail() in the unix.unix_info2 test via 74a4c40 selftest: Use new fake_acls module via c75b615 s4-torture: Show that we cannot list extended attributes on streams via f9837d1 s4-torture: Show that we cannot have extended attributes on streams via bf1e27b s4-torture: Improve raw.streams test to cover EAs and to use torture_assert() via 3787dcf doc-BUILD_SYSTEMS.txt: The grand rename is complete via 0e44163 WHATSNEW: Remove over-caution on s3fs and explain browsing better via 921b927 build: Do not put a .distversion file into the GIT tree via 7a59c3d s3-build: Enable vfs_fake_acls when in developer mode or on the build farm via ae4195d s3-vfs: Add lstat and lchown hooks to the vfs_fake_acls module via cbe758c s3-vfs: Correct the implementation of fake_acls_sys_acl_delete_def_file() via 6c0bef1 s3-vfs: Use the system. namespace for fake ACLs via 0f2d288 s3-smbd: ensure we give appropriate errors for EA requests on streams via 6ce084f s3-smbd: Do not look for EA information on a stream via f9f8a8c s3-smbd: Push smb_fname into estimate_ea_size via 3ef0e22 s4-ntvfs: Add TODO on ea_size via 0769d67 s4-ntvfs: Ensure we do not attempt to write EAs on streams via 9699c33 s3-vfs: Allow vfs_xattr_tdb to work without a connected share from 4f4bb1f s4:torture:basic: add more delete test - variants of deltest16 and deltest17 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 84d6e09b954548d90d996f3ef6ce89edcbef3c24 Author: Andrew Bartlett abart...@samba.org Date: Mon Aug 20 21:29:26 2012 +1000 s4-torture: Use torture_fail() in the unix.unix_info2 test Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Mon Aug 20 15:36:48 CEST 2012 on sn-devel-104 commit 74a4c40d4f4bd092d4a71d273f45aab39a8b1cb0 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 15 20:35:05 2012 +1000 selftest: Use new fake_acls module This isolates us from the OS ACL library, and allows chown to 'work' when we are non-root. In turn, this ensures that we can test the SMB - POSIX layer even when the OS would refuse the set due to non-root or simply not having acls enabled on this particular file system. This should make a number of build farm tests much more reliable, and allows a number more tests to pass. Andrew Bartlett commit c75b6154e475a89c1a43b62c8d8324834397da69 Author: Andrew Bartlett abart...@samba.org Date: Sun Aug 19 22:46:21 2012 +1000 s4-torture: Show that we cannot list extended attributes on streams commit f9837d15f30c88cc4dca19e3a54433302c11b9ae Author: Andrew Bartlett abart...@samba.org Date: Sun Aug 19 21:55:13 2012 +1000 s4-torture: Show that we cannot have extended attributes on streams commit bf1e27bd8fa509d4039ec617a486589607d0d204 Author: Andrew Bartlett abart...@samba.org Date: Sun Aug 19 21:01:33 2012 +1000 s4-torture: Improve raw.streams test to cover EAs and to use torture_assert() The extension of this test is to create an extended attribute, so we can confirm that the easize field on a stream actually refers to the parent file. This has been run against Windows 7. Andrew Bartlett commit 3787dcf42c9ab9ec5a3648b14f86e8bb2032958e Author: Andrew Bartlett abart...@samba.org Date: Sun Aug 19 08:17:45 2012 +1000 doc-BUILD_SYSTEMS.txt: The grand rename is complete commit 0e441636afd5923a92f7eb29d66dfa52e2f0a5c3 Author: Andrew Bartlett abart...@samba.org Date: Sat Aug 18 23:58:26 2012 +1000 WHATSNEW: Remove over-caution on s3fs and explain browsing better commit 921b927d3011b753a51d450a451d5f49abac9e56 Author: Andrew Bartlett abart...@samba.org Date: Sat Aug 18 21:25:30 2012 +1000 build: Do not put a .distversion file into the GIT tree This places the file only in the tarball, and shows how to auto-generate other files for placement in the tarball. Andrew Bartlett commit 7a59c3d9b8e4a5bab21d9b82cec6a77d1f808f90 Author: Andrew Bartlett abart...@samba.org Date: Sun Aug 19 00:27:01 2012 +1000 s3-build: Enable vfs_fake_acls when in developer mode or on the build farm commit ae4195dd407d96a4b8768d1c43c58ce2f19d4ef5 Author: Andrew Bartlett abart...@samba.org Date: Mon Aug 20 21:28:57 2012 +1000 s3-vfs: Add lstat and lchown hooks to the vfs_fake_acls module commit cbe758cfbb8febd02c0a80bf8f813fd464c71ce5 Author: Andrew Bartlett abart...@samba.org Date: Sun Aug 19 00:01:57 2012 +1000 s3-vfs: Correct the implementation of fake_acls_sys_acl_delete_def_file() commit 6c0bef17569d650c32ab82396f43d435ab9ef831 Author: Andrew Bartlett abart...@samba.org Date: Mon Aug 20 10:10:27 2012 +1000 s3
[SCM] build.samba.org - branch master updated
The branch, master has been updated via c0b97eb build samba_4 with --enable-selftest from 9a03d5b use killall on hape after a build run to do what killbysubdir should do http://gitweb.samba.org/?p=build-farm.git;a=shortlog;h=master - Log - commit c0b97eb9640dfbc3a01fc3fb1f00cac58def53f3 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 21 07:55:48 2012 +1000 build samba_4 with --enable-selftest This turns on all the required selftest stuff, rather than specifying it one-by-one. Andrew Bartlett --- Summary of changes: build_test.fns |4 +--- 1 files changed, 1 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/build_test.fns b/build_test.fns index 2358524..44a87f6 100644 --- a/build_test.fns +++ b/build_test.fns @@ -746,9 +746,7 @@ test_tree() { sw_config=$config --enable-socket-wrapper ;; samba_4*) - sw_config=$config --enable-socket-wrapper - sw_config=$sw_config --enable-nss-wrapper - sw_config=$sw_config --enable-uid-wrapper + sw_config=$config --enable-selftest ;; samba_3*) sw_config=$config --enable-socket-wrapper -- build.samba.org
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7cd4eb0 build: Remove accidentily added line in samba_version.py from 21e67bd Fix bug #9104 - winbindd can mis-identify idle clients - can cause crashes and NDR parsing errors. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7cd4eb0ca69026031620cbe578cfd7216ea9ac6c Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 21 07:57:14 2012 +1000 build: Remove accidentily added line in samba_version.py This was incorrectly added in 0e441636afd5923a92f7eb29d66dfa52e2f0a5c3. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Aug 21 03:11:16 CEST 2012 on sn-devel-104 --- Summary of changes: buildtools/wafsamba/samba_version.py |1 - 1 files changed, 0 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/samba_version.py b/buildtools/wafsamba/samba_version.py index b5cfc26..e82fd47 100644 --- a/buildtools/wafsamba/samba_version.py +++ b/buildtools/wafsamba/samba_version.py @@ -269,7 +269,6 @@ also accepted as dictionary entries here string+=#define SAMBA_VERSION_VENDOR_SUFFIX + self.VENDOR_SUFFIX + \n if self.VENDOR_PATCH is not None: string+=#define SAMBA_VERSION_VENDOR_PATCH + self.VENDOR_PATCH + \n -string+='#define SAMBA_VERSION_VENDOR_PATCH_STRING ' + self.VENDOR_PATCH + '\n' if self.RELEASE_NICKNAME is not None: string+=#define SAMBA_VERSION_RELEASE_NICKNAME + self.RELEASE_NICKNAME + \n -- Samba Shared Repository
[SCM] build.samba.org - branch master updated
The branch, master has been updated via dd6b02d build samba_3 with --enable-selftest from c0b97eb build samba_4 with --enable-selftest http://gitweb.samba.org/?p=build-farm.git;a=shortlog;h=master - Log - commit dd6b02d814b4c38ccec1edc3b7732f2284d8f542 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 21 12:54:46 2012 +1000 build samba_3 with --enable-selftest This turns on all the required selftest stuff, rather than specifying it one-by-one. Andrew Bartlett --- Summary of changes: build_test.fns |3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/build_test.fns b/build_test.fns index 44a87f6..46ebc37 100644 --- a/build_test.fns +++ b/build_test.fns @@ -749,8 +749,7 @@ test_tree() { sw_config=$config --enable-selftest ;; samba_3*) - sw_config=$config --enable-socket-wrapper - sw_config=$sw_config --enable-nss-wrapper + sw_config=$config --enable-selftest ;; samba-gtk) PKG_CONFIG_PATH=$test_root/prefix/samba_4_0_test.$compiler/lib/pkgconfig -- build.samba.org
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4d5471f build: Remove special case for the build farm from 7cd4eb0 build: Remove accidentily added line in samba_version.py http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4d5471f1c634450020c4530f8d0c8dfcd7252fb3 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 21 08:16:24 2012 +1000 build: Remove special case for the build farm Except in the formatting of the selftest output, this removes the special case of the build farm, so that an autobuild, a manual make test and the build farm are more similar. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Aug 21 06:39:04 CEST 2012 on sn-devel-104 --- Summary of changes: buildtools/wafsamba/symbols.py |2 +- lib/nss_wrapper/config.m4 |2 +- lib/param/loadparm.h |2 +- lib/param/param_table.c|2 +- lib/socket_wrapper/config.m4 |2 +- lib/uid_wrapper/config.m4 |2 +- source3/configure.in |8 source3/m4/check_path.m4 |8 source3/modules/vfs_aio_fork.c |6 +++--- source3/param/loadparm.c |2 +- source3/wscript|3 --- wscript|6 -- 12 files changed, 22 insertions(+), 23 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/symbols.py b/buildtools/wafsamba/symbols.py index c4b5599..13d84b9 100644 --- a/buildtools/wafsamba/symbols.py +++ b/buildtools/wafsamba/symbols.py @@ -647,7 +647,7 @@ def SYMBOL_CHECK(bld): Build.BuildContext.SYMBOL_CHECK = SYMBOL_CHECK def DUP_SYMBOL_CHECK(bld): -if Options.options.DUP_SYMBOLCHECK and bld.env.DEVELOPER and not bld.env.BUILD_FARM: +if Options.options.DUP_SYMBOLCHECK and bld.env.DEVELOPER: '''check for duplicate symbols''' bld.SET_BUILD_GROUP('syslibcheck') task = bld(rule=symbols_dupcheck_fatal, always=True, name='symbol duplicate checking') diff --git a/lib/nss_wrapper/config.m4 b/lib/nss_wrapper/config.m4 index ad1a168..1e864bf 100644 --- a/lib/nss_wrapper/config.m4 +++ b/lib/nss_wrapper/config.m4 @@ -3,7 +3,7 @@ AS_HELP_STRING([--enable-nss-wrapper], [Turn on nss wrapper library (default=no) HAVE_NSS_WRAPPER=no -if eval test x$developer = xyes; then +if eval test x$developer = xyes -o x$selftest = xyes; then enable_nss_wrapper=yes fi diff --git a/lib/param/loadparm.h b/lib/param/loadparm.h index 591e6e5..f9624d6 100644 --- a/lib/param/loadparm.h +++ b/lib/param/loadparm.h @@ -157,7 +157,7 @@ enum acl_compatibility {ACL_COMPAT_AUTO, ACL_COMPAT_WINNT, ACL_COMPAT_WIN2K}; enum printing_types {PRINT_BSD,PRINT_SYSV,PRINT_AIX,PRINT_HPUX, PRINT_QNX,PRINT_PLP,PRINT_LPRNG,PRINT_SOFTQ, PRINT_CUPS,PRINT_LPRNT,PRINT_LPROS2,PRINT_IPRINT -#if defined(DEVELOPER) || defined(ENABLE_SELFTEST) || defined(ENABLE_BUILD_FARM_HACKS) +#if defined(DEVELOPER) || defined(ENABLE_SELFTEST) ,PRINT_TEST,PRINT_VLP #endif /* DEVELOPER */ }; diff --git a/lib/param/param_table.c b/lib/param/param_table.c index ea0fa3d..4126d89 100644 --- a/lib/param/param_table.c +++ b/lib/param/param_table.c @@ -190,7 +190,7 @@ static const struct enum_list enum_printing[] = { {PRINT_IPRINT, iprint}, {PRINT_LPRNT, nt}, {PRINT_LPROS2, os2}, -#if defined(DEVELOPER) || defined(ENABLE_SELFTEST) || defined(ENABLE_BUILD_FARM_HACKS) +#if defined(DEVELOPER) || defined(ENABLE_SELFTEST) {PRINT_TEST, test}, {PRINT_VLP, vlp}, #endif /* DEVELOPER */ diff --git a/lib/socket_wrapper/config.m4 b/lib/socket_wrapper/config.m4 index e20333e..ff6b67b 100644 --- a/lib/socket_wrapper/config.m4 +++ b/lib/socket_wrapper/config.m4 @@ -4,7 +4,7 @@ AS_HELP_STRING([--enable-socket-wrapper], [Turn on socket wrapper library (defau DEFAULT_TEST_OPTIONS= HAVE_SOCKET_WRAPPER=no -if eval test x$developer = xyes; then +if eval test x$developer = xyes -o x$selftest = xyes; then enable_socket_wrapper=yes fi diff --git a/lib/uid_wrapper/config.m4 b/lib/uid_wrapper/config.m4 index 2cd573e..a565233 100644 --- a/lib/uid_wrapper/config.m4 +++ b/lib/uid_wrapper/config.m4 @@ -3,7 +3,7 @@ AS_HELP_STRING([--enable-uid-wrapper], [Turn on uid wrapper library (default=no) HAVE_UID_WRAPPER=no -if eval test x$developer = xyes; then +if eval test x$developer = xyes -o x$selftest = xyes; then enable_uid_wrapper=yes fi diff --git a/source3/configure.in b/source3/configure.in index f0dde64..db7df4d 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -476,7 +476,7 @@ if test x$developer = xyes; then default_shared_modules=$default_shared_modules perfcount_test fi -if test x$RUN_FROM_BUILD_FARM = xyes -o x$developer = xyes
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6ce362a build: Ensure -Werror=format works with -Wformat=2 on NULL format strings from a7b8e9f5 s4-dsdb: Ensure we always free tmp_ctx in schema refresh check http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6ce362afeff0cb5094eb6b1ecfa639252cdcc7f8 Author: Andrew Bartlett abart...@samba.org Date: Fri Aug 17 20:43:07 2012 +1000 build: Ensure -Werror=format works with -Wformat=2 on NULL format strings This should fix the build on some gcc versions, (noticed on FreeBSD by Volker). We want the protection of -Werror=format without the errors extending to the format string itself being NULL, because that is valid for ldb_search(). Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Fri Aug 17 14:50:16 CEST 2012 on sn-devel-104 --- Summary of changes: buildtools/wafsamba/samba_autoconf.py |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py index 03c2b24..50039fc 100644 --- a/buildtools/wafsamba/samba_autoconf.py +++ b/buildtools/wafsamba/samba_autoconf.py @@ -629,7 +629,7 @@ def SAMBA_CONFIG_H(conf, path=None): # This check is because for ldb_search(), a NULL format string # is not an error, but some compilers complain about that. -if CHECK_CFLAGS(conf, -Werror=format, ''' +if CHECK_CFLAGS(conf, [-Werror=format, -Wformat=2], ''' int testformat(char *format, ...) __attribute__ ((format (__printf__, 1, 2))); int main(void) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2e1ab13 s4-dsdb: Use tmp_ctx in kccsrv_check_deleted to avoid leaking memory onto part-dn via 26bfe70 s4-kcc: Avoid use-after-free of dn and add tmp_ctx from 1b487ad s3:selftest: add some tests against a share the requires encryption http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2e1ab13f6ebb2c2cf746457d4783fe9bc5e86de0 Author: Andrew Bartlett abart...@samba.org Date: Fri Aug 17 23:04:56 2012 +1000 s4-dsdb: Use tmp_ctx in kccsrv_check_deleted to avoid leaking memory onto part-dn The confusing use of do_dn as a memory context while legitimate created a bug when it was copied and modified to search on a DN from long-term state. By always using a temporary memory context it is clear what paramter is the memory context. This was found based on a log provided by Ricky Nance ricky.na...@weaubleau.k12.mo.us. Thanks Ricky! Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Fri Aug 17 18:24:10 CEST 2012 on sn-devel-104 commit 26bfe70def9905674c74bfe6f9d687b243af4891 Author: Andrew Bartlett abart...@samba.org Date: Fri Aug 17 22:47:44 2012 +1000 s4-kcc: Avoid use-after-free of dn and add tmp_ctx By using a tmp_ctx we are clearer about allocating temporary memory. Andrew Bartlett --- Summary of changes: source4/dsdb/kcc/kcc_deleted.c | 17 +++-- source4/dsdb/kcc/kcc_periodic.c | 11 +-- 2 files changed, 20 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/kcc/kcc_deleted.c b/source4/dsdb/kcc/kcc_deleted.c index 0e1a428..63bb97c 100644 --- a/source4/dsdb/kcc/kcc_deleted.c +++ b/source4/dsdb/kcc/kcc_deleted.c @@ -83,30 +83,35 @@ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx) struct ldb_result *res; const char *attrs[] = { whenChanged, NULL }; unsigned int i; + TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + if (!tmp_ctx) { + return NT_STATUS_NO_MEMORY; + } - ret = dsdb_get_deleted_objects_dn(s-samdb, mem_ctx, part-dn, do_dn); + ret = dsdb_get_deleted_objects_dn(s-samdb, tmp_ctx, part-dn, do_dn); if (ret != LDB_SUCCESS) { + TALLOC_FREE(tmp_ctx); /* some partitions have no Deleted Objects container */ continue; } if (!do_fs ldb_dn_compare(ldb_get_config_basedn(s-samdb), part-dn)) { - ret = dsdb_search(s-samdb, do_dn, res, do_dn, LDB_SCOPE_ONELEVEL, attrs, + ret = dsdb_search(s-samdb, tmp_ctx, res, do_dn, LDB_SCOPE_ONELEVEL, attrs, DSDB_SEARCH_SHOW_RECYCLED, NULL); } else { if (do_fs) { DEBUG(1, (Doing a full scan on %s and looking for deleted object\n, ldb_dn_get_linearized(part-dn))); } - ret = dsdb_search(s-samdb, part-dn, res, part-dn, LDB_SCOPE_SUBTREE, attrs, + ret = dsdb_search(s-samdb, tmp_ctx, res, part-dn, LDB_SCOPE_SUBTREE, attrs, DSDB_SEARCH_SHOW_RECYCLED, (isDeleted=TRUE)); } if (ret != LDB_SUCCESS) { DEBUG(1,(__location__ : Failed to search for deleted objects in %s\n, -ldb_dn_get_linearized(do_dn))); - talloc_free(do_dn); +ldb_dn_get_linearized(do_dn))); + TALLOC_FREE(tmp_ctx); continue; } @@ -134,7 +139,7 @@ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx) } } - talloc_free(do_dn); + TALLOC_FREE(tmp_ctx); } return NT_STATUS_OK; diff --git a/source4/dsdb/kcc/kcc_periodic.c b/source4/dsdb/kcc/kcc_periodic.c index f96347f..8f705d7 100644 --- a/source4/dsdb/kcc/kcc_periodic.c +++ b/source4/dsdb/kcc/kcc_periodic.c @@ -70,10 +70,16 @@ static bool check_MasterNC(struct kccsrv_partition *p, struct repsFromToBlob *r, struct repsFromTo1 *r1 = r-ctr.ctr1; struct GUID invocation_id = r1-source_dsa_invocation_id; unsigned int i, j; + TALLOC_CTX *tmp_ctx; /* we are expecting only version 1 */ SMB_ASSERT(r-version == 1); + tmp_ctx = talloc_new(p); + if (!tmp_ctx
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via df8e9c1 s3-selftest: Add a seperate test for ACL tests using vfstest via 05885a8 s3-torture: Add ACL commands to vfstest via 345b980 s3-torture: Use talloc more in vfstest via 43255a1 s3-torture: Initialise fsp fully in vfstest open via 1157db2 s3-smbd: Do not check no_acl_syscall_error(errno) after sys_acl_init() via 802d67c selftest: Extend xattr-tdb-1 vfstest to call stat via 820d179 s3-vfs: Continue to make vfs_xattr_tdb non-recursive via 843e19e s3-vfs: Add new VFS module to fake setting an ACL via 2129495 librpc/idl: Fix acl array definition in smb_acl_t from 97e7c3b s3-selftest: convert xattr-tdb-1 vfstest driver into a subunit test http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit df8e9c128716c89f5a1d58f032e3d641e033c8b0 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 16 13:46:02 2012 +1000 s3-selftest: Add a seperate test for ACL tests using vfstest This does not check for consistency or correctness yet, that will be done with python unit tests. The purpose of this test is to ensure that the vfstest wrapper doesn't crash. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Aug 16 09:32:25 CEST 2012 on sn-devel-104 commit 05885a84f9ea67a986bdcb10a2bd07c00a2df0d4 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 16 13:44:48 2012 +1000 s3-torture: Add ACL commands to vfstest This will allow easier investigation of our ACL layer. Andrew Bartlett commit 345b980c3e55645009150ef9a7ab35245e8e55db Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 16 15:16:01 2012 +1000 s3-torture: Use talloc more in vfstest This matches the rest of Samba, which allocates many of these structures with talloc. Andrew Bartlett commit 43255a1d18b714ab108b21f5a1065a82e44e3490 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 16 14:37:42 2012 +1000 s3-torture: Initialise fsp fully in vfstest open commit 1157db293f5db7909f84f021581ddb916cfd8c7e Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 16 13:44:01 2012 +1000 s3-smbd: Do not check no_acl_syscall_error(errno) after sys_acl_init() This is no longer a VFS call, so will no longer fail in this way. Andrew Bartlett commit 802d67cabe63f5c1e9f5445fc9e5ef26dca43efe Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 16 10:03:35 2012 +1000 selftest: Extend xattr-tdb-1 vfstest to call stat commit 820d1795d739706c45fdf32adbaaf5d817eef868 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 16 10:02:44 2012 +1000 s3-vfs: Continue to make vfs_xattr_tdb non-recursive We now always use _NEXT_ VFS calls, even to build the file id. Andrew Bartlett commit 843e19eff40d300e1b671fb0e78300e6a4cc3683 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 15 20:34:41 2012 +1000 s3-vfs: Add new VFS module to fake setting an ACL The purpose of this module is to remove the relience on the system having ACL support to test NT ACLs. Andrew Bartlett commit 2129495319adda28dbe21e1ac9846fcae9373989 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 16 14:13:00 2012 +1000 librpc/idl: Fix acl array definition in smb_acl_t --- Summary of changes: librpc/idl/smb_acl.idl |2 +- selftest/knownfail |1 + source3/modules/vfs_fake_acls.c| 374 +++ source3/modules/vfs_xattr_tdb.c| 74 +++-- .../tests/{xattr-tdb-1 = vfstest-acl}/run.sh |0 source3/script/tests/vfstest-acl/vfstest.cmd |6 + source3/script/tests/xattr-tdb-1/vfstest.cmd |1 + source3/selftest/tests.py |2 +- source3/smbd/posix_acls.c | 13 +- source3/torture/cmd_vfs.c | 385 +++- source3/torture/vfstest.c | 35 +- source3/wscript|4 + 12 files changed, 833 insertions(+), 64 deletions(-) create mode 100644 source3/modules/vfs_fake_acls.c copy source3/script/tests/{xattr-tdb-1 = vfstest-acl}/run.sh (100%) create mode 100644 source3/script/tests/vfstest-acl/vfstest.cmd Changeset truncated at 500 lines: diff --git a/librpc/idl/smb_acl.idl b/librpc/idl/smb_acl.idl index 856312f..7f67299 100644 --- a/librpc/idl/smb_acl.idl +++ b/librpc/idl/smb_acl.idl @@ -52,7 +52,7 @@ interface smb_acl int size; int count; int next; - smb_acl_entry *acl; + [size_is(count
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6b7a9910 s3-torture: Allow vfstest to set ACLs on a directory via 5251d07 s4: Fix returns in py_check_dcerpc_type from 16edb6e s3:smb2_server: try to sign an error response if we have a signing key http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6b7a99107d956651fae43a7e62d1fbf69d97d0c7 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 16 16:50:47 2012 +1000 s3-torture: Allow vfstest to set ACLs on a directory Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Fri Aug 17 02:35:49 CEST 2012 on sn-devel-104 commit 5251d07e625d945f90b746d4dabcfe6d98cc5d89 Author: Volker Lendecke v...@samba.org Date: Thu Aug 16 11:38:26 2012 +0200 s4: Fix returns in py_check_dcerpc_type Signed-off-by: Andrew Bartlett abart...@samba.org --- Summary of changes: source3/script/tests/vfstest-acl/vfstest.cmd |9 + source3/torture/cmd_vfs.c| 17 +++-- source4/librpc/rpc/pyrpc_util.c |4 ++-- 3 files changed, 22 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/script/tests/vfstest-acl/vfstest.cmd b/source3/script/tests/vfstest-acl/vfstest.cmd index 19f5fd6..6168671 100644 --- a/source3/script/tests/vfstest-acl/vfstest.cmd +++ b/source3/script/tests/vfstest-acl/vfstest.cmd @@ -1,6 +1,15 @@ connect open x RC 0700 +sys_acl_get_file . 0 +sys_acl_get_file . 1 +get_nt_acl . +set_nt_acl . G:DAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU) +get_nt_acl . +sys_acl_get_file . 0 +sys_acl_get_file . 1 get_nt_acl x +sys_acl_get_file x 0 set_nt_acl x G:DAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU) get_nt_acl x sys_acl_get_file x 0 + diff --git a/source3/torture/cmd_vfs.c b/source3/torture/cmd_vfs.c index 9c19f2f..236b9c0 100644 --- a/source3/torture/cmd_vfs.c +++ b/source3/torture/cmd_vfs.c @@ -1459,8 +1459,6 @@ static NTSTATUS cmd_set_nt_acl(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int a mode = 00400; - flags = O_RDWR; - fsp = talloc_zero(vfs, struct files_struct); if (fsp == NULL) { return NT_STATUS_NO_MEMORY; @@ -1481,7 +1479,17 @@ static NTSTATUS cmd_set_nt_acl(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int a fsp-fsp_name = smb_fname; - fsp-fh-fd = SMB_VFS_OPEN(vfs-conn, smb_fname, fsp, flags, mode); +#ifdef O_DIRECTORY + flags = O_RDONLY|O_DIRECTORY; +#else + /* POSIX allows us to open a directory with O_RDONLY. */ + flags = O_RDONLY; +#endif + + fsp-fh-fd = SMB_VFS_OPEN(vfs-conn, smb_fname, fsp, O_RDWR, mode); + if (fsp-fh-fd == -1 errno == EISDIR) { + fsp-fh-fd = SMB_VFS_OPEN(vfs-conn, smb_fname, fsp, flags, mode); + } if (fsp-fh-fd == -1) { printf(open: error=%d (%s)\n, errno, strerror(errno)); TALLOC_FREE(fsp); @@ -1497,9 +1505,6 @@ static NTSTATUS cmd_set_nt_acl(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int a smb_fname_str_dbg(smb_fname), strerror(errno) )); status = map_nt_error_from_unix(errno); - } else if (S_ISDIR(smb_fname-st.st_ex_mode)) { - errno = EISDIR; - status = NT_STATUS_FILE_IS_A_DIRECTORY; } if (!NT_STATUS_IS_OK(status)) { diff --git a/source4/librpc/rpc/pyrpc_util.c b/source4/librpc/rpc/pyrpc_util.c index d0fa5d7..a000c76 100644 --- a/source4/librpc/rpc/pyrpc_util.c +++ b/source4/librpc/rpc/pyrpc_util.c @@ -42,7 +42,7 @@ bool py_check_dcerpc_type(PyObject *obj, const char *module, const char *type_na if (mod == NULL) { PyErr_Format(PyExc_RuntimeError, Unable to import %s to check type %s, module, type_name); - return NULL; + return false; } type = (PyTypeObject *)PyObject_GetAttrString(mod, type_name); @@ -50,7 +50,7 @@ bool py_check_dcerpc_type(PyObject *obj, const char *module, const char *type_na if (type == NULL) { PyErr_Format(PyExc_RuntimeError, Unable to find type %s in module %s, module, type_name); - return NULL; + return false; } ret = PyObject_TypeCheck(obj, type); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a7b8e9f5 s4-dsdb: Ensure we always free tmp_ctx in schema refresh check from 21c8fa25 Fix bug #9085 - NMB registration for a duplicate workstation fails with registration refuse http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a7b8e9f562780dc6a3487644623decd1cff226e2 Author: Andrew Bartlett abart...@samba.org Date: Fri Aug 17 12:42:15 2012 +1000 s4-dsdb: Ensure we always free tmp_ctx in schema refresh check This was found based on a log provided by Ricky Nance ricky.na...@weaubleau.k12.mo.us. Thanks Ricky! In that log, over 2.5 days this particular allocation was repeated: 1715099 talloc_new: ../source4/dsdb/samdb/ldb_modules/schema_load.c:120 contains 0 bytes in 1 blocks Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Fri Aug 17 06:21:18 CEST 2012 on sn-devel-104 --- Summary of changes: source4/dsdb/samdb/ldb_modules/schema_load.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/schema_load.c b/source4/dsdb/samdb/ldb_modules/schema_load.c index 82ae7d8..be7915e 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_load.c +++ b/source4/dsdb/samdb/ldb_modules/schema_load.c @@ -131,8 +131,10 @@ static int schema_metadata_get_uint64(struct ldb_module *module, if (!tdb_data.dptr) { if (tdb_error(tdb) == TDB_ERR_NOEXIST) { *value = default_value; + talloc_free(tmp_ctx); return LDB_SUCCESS; } else { + talloc_free(tmp_ctx); return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR, tdb_errorstr_compat(tdb)); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 65976d6 s3-vfs: Set errno in xattr emulation via cc3bdaa s3-vfs: Avoid loops in VFS modules: call _NEXT functions in xattr emulation via 898c5e1 s3-vfs: ensure we strictly free the talloc_stackframe via f9b9433 s4-selftest: Fix test name for samba.tests.dcerpc.bare via fd42bc1 librpc/idl: Make smb_acl_t public so we can pull/push it as a blob from d2d5fb1 libcli/smb: verify decrypted SMB2 pdus correctly http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 65976d680acd48aa9f59664f715fa9ce40185955 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 15 22:22:26 2012 +1000 s3-vfs: Set errno in xattr emulation The caller may check this errno. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Aug 15 18:05:33 CEST 2012 on sn-devel-104 commit cc3bdaaf0a5586e0f840466719f9f8387c5cddd0 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 15 22:21:48 2012 +1000 s3-vfs: Avoid loops in VFS modules: call _NEXT functions in xattr emulation We need to call the next module in the stack otherwise we will loop if the stat call is in turn implemented in terms of extended attribute lookup. Andrew Bartlett commit 898c5e140ddca47eac9e2150fb571d6eac3ed7d2 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 15 21:22:18 2012 +1000 s3-vfs: ensure we strictly free the talloc_stackframe We must do this when leaving the function or else in development, we will panic. Andrew Bartlett commit f9b9433b752a663cdfda03967bd969cac5cf16bf Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 15 20:33:46 2012 +1000 s4-selftest: Fix test name for samba.tests.dcerpc.bare commit fd42bc1846929d163cdf25a0e66feba16bffc442 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 15 20:33:27 2012 +1000 librpc/idl: Make smb_acl_t public so we can pull/push it as a blob --- Summary of changes: librpc/idl/smb_acl.idl |2 +- source3/modules/vfs_posix_eadb.c |9 +++-- source3/modules/vfs_xattr_tdb.c| 16 +--- source3/modules/wscript_build |9 + .../scripting/python/samba/tests/dcerpc/bare.py|2 +- 5 files changed, 27 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/idl/smb_acl.idl b/librpc/idl/smb_acl.idl index 9586958..856312f 100644 --- a/librpc/idl/smb_acl.idl +++ b/librpc/idl/smb_acl.idl @@ -48,7 +48,7 @@ interface smb_acl gid_t gid; } smb_acl_entry; - typedef struct { + [public] typedef struct { int size; int count; int next; diff --git a/source3/modules/vfs_posix_eadb.c b/source3/modules/vfs_posix_eadb.c index e1b90ff..fff7c11 100644 --- a/source3/modules/vfs_posix_eadb.c +++ b/source3/modules/vfs_posix_eadb.c @@ -52,6 +52,11 @@ static ssize_t posix_eadb_getattr(struct tdb_wrap *db_ctx, status = pull_xattr_blob_tdb_raw(db_ctx, talloc_tos(), name, fname, fd, size, blob); + if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) { + errno = ENOATTR; + return -1; + } + if (!NT_STATUS_IS_OK(status)) { DEBUG(10, (posix_eadb_fetch_attrs failed: %s\n, nt_errstr(status))); @@ -293,9 +298,9 @@ static int posix_eadb_unlink(vfs_handle_struct *handle, } if (lp_posix_pathnames()) { - ret = SMB_VFS_LSTAT(handle-conn, smb_fname_tmp); + ret = SMB_VFS_NEXT_LSTAT(handle, smb_fname_tmp); } else { - ret = SMB_VFS_STAT(handle-conn, smb_fname_tmp); + ret = SMB_VFS_NEXT_STAT(handle, smb_fname_tmp); } if (ret == -1) { goto out; diff --git a/source3/modules/vfs_xattr_tdb.c b/source3/modules/vfs_xattr_tdb.c index 0352539..719ac0c 100644 --- a/source3/modules/vfs_xattr_tdb.c +++ b/source3/modules/vfs_xattr_tdb.c @@ -50,6 +50,7 @@ static ssize_t xattr_tdb_getxattr(struct vfs_handle_struct *handle, xattr_size = xattr_tdb_getattr(db, frame, id, name, blob); if (xattr_size 0) { + errno = ENOATTR; TALLOC_FREE(frame); return -1; } @@ -74,9 +75,9 @@ static ssize_t xattr_tdb_fgetxattr(struct vfs_handle_struct *handle, DATA_BLOB blob; TALLOC_CTX *frame = talloc_stackframe(); - SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, return -1); + SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, TALLOC_FREE(frame); return -1); - if (SMB_VFS_FSTAT(fsp, sbuf) == -1
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 97e7c3b s3-selftest: convert xattr-tdb-1 vfstest driver into a subunit test via 748d8f5 s3-selftest: convert stream_depot vfstest driver into a subunit test via 08baa11 fix printf warning in net connections via 31980cf s3:utils: remove standalone cclean tool via 37ed821 s3:doc manpage for net connections cleanup via 1c2bae0 s3:net add command connections cleanup from 65976d6 s3-vfs: Set errno in xattr emulation http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 97e7c3b8bd84edd69f6344249b24ae64e2a8b0fe Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 16 08:55:43 2012 +1000 s3-selftest: convert xattr-tdb-1 vfstest driver into a subunit test We don't use the simple smb.conf because we need to override all the paths for this to work as non-root without a panic, so we use the s3dc environment, which already loads this module. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Aug 16 02:55:19 CEST 2012 on sn-devel-104 commit 748d8f5310501bb585c9be1b261554ec690a3132 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 16 08:37:54 2012 +1000 s3-selftest: convert stream_depot vfstest driver into a subunit test This gives us our first automated coverage of the vfstest binary. We don't use the simple smb.conf because we need to override all the paths for this to work as non-root without a panic, so we use the s3dc environment, which already loads this module. Andrew Bartlett commit 08baa11ab869551f61dc7a7d363587b70582ffeb Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 16 07:47:57 2012 +1000 fix printf warning in net connections commit 31980cf5cb9fd6238d1ed096e885410e85d5ac00 Author: Gregor Beck gb...@sernet.de Date: Fri Jul 13 15:31:16 2012 +0200 s3:utils: remove standalone cclean tool Signed-off-by: Andrew Bartlett abart...@samba.org commit 37ed821798a0c141efe01096f3669f8fb9a62928 Author: Gregor Beck gb...@sernet.de Date: Mon Jul 16 15:10:46 2012 +0200 s3:doc manpage for net connections cleanup Signed-off-by: Andrew Bartlett abart...@samba.org commit 1c2bae062d202c69d5b92b634f6b9ced3ea2a0ba Author: Gregor Beck gb...@sernet.de Date: Mon Jul 16 09:34:15 2012 +0200 s3:net add command connections cleanup Signed-off-by: Andrew Bartlett abart...@samba.org --- Summary of changes: docs-xml/manpages-3/net.8.xml | 39 +++ packaging/RHEL-CTDB/samba.spec.tmpl |1 - source3/Makefile.in | 14 +-- source3/script/tests/stream-depot/run.sh | 37 ++- source3/script/tests/stream-depot/smb.conf|5 - source3/script/tests/xattr-tdb-1/run.sh | 55 +- source3/script/tests/xattr-tdb-1/smb.conf |5 - source3/selftest/tests.py |5 + source3/utils/net.c |7 ++ source3/utils/{cclean.c = net_connections.c} | 144 ++--- source3/utils/net_proto.h |4 + source3/wscript_build | 14 +--- 12 files changed, 196 insertions(+), 134 deletions(-) delete mode 100644 source3/script/tests/stream-depot/smb.conf delete mode 100644 source3/script/tests/xattr-tdb-1/smb.conf rename source3/utils/{cclean.c = net_connections.c} (64%) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml index c85f87f..7a7ca6d 100644 --- a/docs-xml/manpages-3/net.8.xml +++ b/docs-xml/manpages-3/net.8.xml @@ -2112,6 +2112,45 @@ string./member /refsect2 refsect2 +titleCONNECTIONS/title +para +Manipulate Samba's connections database. +/para + +paraThe registry commands are: +simplelist +membernet connections cleanup - Remove orphaned entries from the connections database./member +/simplelist +/para + +refsect3 + titleCONNECTIONS CLEANUP [-avT]/title + para Remove orphaned entries from the connections database. This may be necessary if restarting smbd isn't an option. + variablelist +varlistentryterm-a|--auto/term +listitempara + Noninteractive mode, don't ask. +/para/listitem +/varlistentry + +varlistentryterm-v|--verbose/term + listitempara + Produce more output. + /para/listitem +/varlistentry + +varlistentryterm-T|--test/term + listitempara + Dry run, show what changes would be made but don't touch anything. + /para/listitem +/varlistentry + /variablelist + /para +/refsect3 + +/refsect2 + +refsect2 titleEVENTLOG/title paraStarting with version 3.4.0 net can read, dump, import and export native diff --git a/packaging/RHEL-CTDB/samba.spec.tmpl b
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9566786 s4-dsdb: Add mem_ctx argument to samdb_ntds_settings_dn via 0f2a87b s4-dsdb: Improve memory handling in dsdb_schema_from_ldb_results() by adding a tmp_ctx via 1f74773 s4-dsdb: Improve memory handling in kccsrv_add_connection() via 77990c1 s4-dsdb: Improve memory handling in kccsrv_find_connections() by adding a tmp_ctx via f74e7b5 s4-dsdb: Add const from 9db35c9 VERSION: Move on to beta6! http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 956678685325a79a315f4ef19c0d834fd1747e4c Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 14 16:08:47 2012 +1000 s4-dsdb: Add mem_ctx argument to samdb_ntds_settings_dn As this value is calculated new each time, we need to give it a context to live on. If the value is the forced value during provision, a reference is taken. This was responsible for the memory leak in the replication process. In the example I was given, this DN appeared in memory 13596 times! Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Aug 14 10:05:14 CEST 2012 on sn-devel-104 commit 0f2a87b547be43b4764c48350fd03ff22e086806 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 14 16:05:53 2012 +1000 s4-dsdb: Improve memory handling in dsdb_schema_from_ldb_results() by adding a tmp_ctx commit 1f7477349f1602b405df180d02f0bdef397ca589 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 14 15:58:59 2012 +1000 s4-dsdb: Improve memory handling in kccsrv_add_connection() commit 77990c183155d3bacbb5dae7f276ed7c2081553a Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 14 15:56:04 2012 +1000 s4-dsdb: Improve memory handling in kccsrv_find_connections() by adding a tmp_ctx commit f74e7b5606b8c8281acac66973a8f48e6fd85a78 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 14 15:54:26 2012 +1000 s4-dsdb: Add const --- Summary of changes: source4/dsdb/common/util.c | 36 -- source4/dsdb/kcc/kcc_connection.c| 28 source4/dsdb/kcc/kcc_periodic.c |2 +- source4/dsdb/kcc/kcc_topology.c |2 +- source4/dsdb/repl/drepl_fsmo.c |8 +- source4/dsdb/repl/drepl_partitions.c |2 +- source4/dsdb/repl/drepl_ridalloc.c |4 +- source4/dsdb/samdb/ldb_modules/objectclass.c |2 +- source4/dsdb/samdb/ldb_modules/ridalloc.c|4 +- source4/dsdb/samdb/ldb_modules/rootdse.c |4 +- source4/dsdb/samdb/ldb_modules/util.c|7 +++-- source4/dsdb/schema/schema_init.c| 18 +++-- source4/rpc_server/drsuapi/dcesrv_drsuapi.c |2 +- source4/rpc_server/drsuapi/getncchanges.c|4 +- 14 files changed, 83 insertions(+), 40 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index e320a41..251e177 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -1241,7 +1241,7 @@ failed: /* work out the ntds settings dn for the current open ldb */ -struct ldb_dn *samdb_ntds_settings_dn(struct ldb_context *ldb) +struct ldb_dn *samdb_ntds_settings_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx) { TALLOC_CTX *tmp_ctx; const char *root_attrs[] = { dsServiceName, NULL }; @@ -1252,10 +1252,10 @@ struct ldb_dn *samdb_ntds_settings_dn(struct ldb_context *ldb) /* see if we have a cached copy */ settings_dn = (struct ldb_dn *)ldb_get_opaque(ldb, forced.ntds_settings_dn); if (settings_dn) { - return settings_dn; + return talloc_reference(mem_ctx, settings_dn); } - tmp_ctx = talloc_new(ldb); + tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) { goto failed; } @@ -1277,7 +1277,7 @@ struct ldb_dn *samdb_ntds_settings_dn(struct ldb_context *ldb) * we could not handle server renames at runtime. Only * provision sets up forced.ntds_settings_dn */ - talloc_steal(ldb, settings_dn); + talloc_steal(mem_ctx, settings_dn); talloc_free(tmp_ctx); return settings_dn; @@ -1310,7 +1310,7 @@ const struct GUID *samdb_ntds_invocation_id(struct ldb_context *ldb) goto failed; } - ret = ldb_search(ldb, tmp_ctx, res, samdb_ntds_settings_dn(ldb), LDB_SCOPE_BASE, attrs, NULL); + ret = ldb_search(ldb, tmp_ctx, res, samdb_ntds_settings_dn(ldb, tmp_ctx), LDB_SCOPE_BASE, attrs, NULL); if (ret) { goto failed; } @@ -1403,7 +1403,7 @@ const struct GUID *samdb_ntds_objectGUID(struct ldb_context *ldb) goto
[SCM] Samba Shared Repository - annotated tag samba-4.0.0beta6 created
The annotated tag, samba-4.0.0beta6 has been created at fde386f6ceea8f7c1ff99ce893e869f2ed89caef (tag) tagging b5281eb473426f5f8674652cb7e3fb83ffdecab8 (commit) replaces ldb-1.1.10 tagged by Andrew Bartlett on Tue Aug 14 20:16:52 2012 +1000 - Log - samba4: tag release samba-4.0.0beta6 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQBQKiWUz4A8Wyi0NrsRAiuJAKCIsdJE5+inUCuaAfgNZLAOui1UKACfYCgS ypsUw6r6Lb2JkOR328Lu81g= =SZbc -END PGP SIGNATURE- Andrew Bartlett (14): s4-ldb_wrap: Do not vasprintf() the ldb debug messages that will not be shown lib/ldb: Use tdb_parse_record and a callback rather than tdb_fetch() s4-dsdb: Explain better what records are written during schema set nsswitch: add ABI checking and symbol versions to libwbclient s3-smbd: Create a shortcut for building the token of a user by SID for posix_acls s3-smbd: Convert posix_acls.c to use struct unixid internally s3-smbd: Merge ACE entries based on mapped UID/GID not SID s3-nfs4acls: Remove lookup_sid and sidmap from NFSv4 ACL mapping and check gid first s4-dsdb: Use only the replication USN for schema reload. s4-dsdb: Remove support for per-partition sequence numbers s4-dsdb: Take more care in handling of global schema memory s3-vfs: Put vfs_aixacl_util.c helper functions into a header file WHATSNEW: prepare for 4.0 beta6 VERSION: Mark as the beta6 release Björn Jacke (3): build: rename security → samba-security tdb/test: fix build on OSF/1 s3: skip loading vfs modules for printer connections Jeremy Allison (11): Fix bad return values in unix_strlower/unix_strupper. Prepare to remove smb_panic() from unix_strlower(). Fix bad return in unix_strupper. Change strupper_m() to return a value. Fix missing ads_destroy in error path. Check error returns from strupper_m() (in all reasonable places). Check error returns on strnorm(). Fix strlower_m() to return an error indication. Correctly check for errors in strlower_m() returns. Remove smb_panic() from unix_strlower(). Just rely on error code return. Ensure we update last_access on the winbindd child struct on each request. Matthias Dieter Wallnöfer (1): s4:kdc/wdc-samba4.c - fix user logins on specific workstations Michael Adam (35): s3:torture:delete: untangle function call from result check s3:torture:delete: untangle function call from result check s3:torture:delete: untangle function call from result check s3:torture:delete: untangle function call from result check s3:torture:delete: untangle function call from result check s3:torture:delete: untangle function call from result check s3:torture:delete: untangle function call from result check s3:torture:delete: untangle function call from result check s3:torture:delete: untangle function call from result check s3:torture:delete: untanlge function call from result check s3:torture:delete: untangle function call from result check s3:torture:delete: untangle function call from result check s3:torture:delete: untangle function call from result check s3:torture:delete: fix a message (counting the opens) s3:torture:delete: fix a message s3:torture:delete: fix a message s3:torture:delete: fix a message s3:torture:delete: fix a comment s3:torture:delete: really fail the test in a failure case s3:torture:delete: remove an else, reducing indentation s3:torture:delete: remove an else, reducing indentation s3:torture:delete: remove an else, reducing indentation s3:torture:delete: remove an else, reducing indentation s3:torture:delete: move the success message for a subtest to the correct place s3:torture:delete: add a comment s3:torture:delete: add a comment s3:torture:delete: add a comment s3:torture:delete: reduce indentation s3:torture:delete: simplify return code handling, fixing a couple of return codes in error cases s3:torture:delete: fix 11th test to work against windows s3:torture:delete: add a 12th subtest to the delete-on-close tests s4:torture:basic:delete: fix 4 vs 8 spc tab formatting in check_delete_on_close() s4:torture:basic: fix abundance of spaces in deltest6 s4:torture:basic: fix a message typo in the delete17 test s4:torture:basic: check the return status of the last open in deltest16 Salvador I. Gonzalez (3): Fix smbclient/tarmode panic on connecting to Windows 2000 clients. s3-selftest: Fix copy/paste error in test usage string s3-selftest: Add smbclient tarmode test Stefan Metzmacher (5): s3:param: fix compiler warnings with FN_GLOBAL_CONST_STRING() s3:smbXsrv.idl: remove smbXsrv_*0 defines
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 24b1143 s3-sysacls: Remove sys_acl_free_qualifier() as it is a no-op via 6ccfd05 s3-sysacls: Remove sys_acl_free_acl() and replace with TALLOC_FREE() via e25830d s3-smbd: Remove sys_acl_*() VFS wrapper functions via a63a2a7 s3-smbd: Remove unused conn argument from convert_permset_to_mode_t() via 3d031f2 s3-smbd: Call sys_acl_set_permset() directly rather than via the VFS via 9f16fcf s3-smbd: Call sys_acl_set_qualifier() directly rather than via the VFS via 21e0b91 s3-smbd: Call sys_acl_set_tag_type() directly rather than via the VFS via 50d147b s3-smbd: Call sys_acl_create_entry() directly rather than via the VFS via db54479 s3-smbd: Call sys_acl_add_perm() directly rather than via the VFS via 631a356 s3-smbd: Call sys_acl_clear_perms() directly rather than via the VFS via d78c7c3 s3-smbd: Call sys_acl_init() directly rather than via the VFS via 8b3227e s3-smbd: Call sys_acl_free_acl() directly rather than via the VFS via 6a46fbb s3-smbd: Call sys_acl_free_qualifier() directly rather than via the VFS via e019b93 s3-smbd: Call sys_acl_get_entry() directly rather than via the VFS via d8fb9e7 s3-smbd: Call sys_acl_free_qualifier() directly rather than via the VFS via 6a2f142 s3-smbd: Call sys_acl_get_qualifier() directly rather than via the VFS via d83276c s3-smbd: Call sys_acl_get_tagtype() directly rather than via the VFS via 3b40932 s3-smbd: Call sys_acl_get_permset() directly rather than via the VFS via 7dff34f s3-smbd: Call sys_acl_get_perm() directly rather than via the VFS via 0705391 s3-smbd: Move smb_acl_t declaration to smb_acl.idl via d5a8e58 pidl: Add mode_t as an alias so we can marshall posix ACL structures via dcfb6aa s3-smbd: Change allocation of smb_acl_t to talloc() via 47082ad libwbclient: Add test for wbcPingDc2 via 4c8616f wbinfo: Improve output of wbinfo --ping-dc via bdb1f23 libwbclient: Add wbcPingDc2 via bd23c8f s3-winbind: Return the DC name from DC_PING via 7baa709 s3-winbind: Pass ping-dc result to client via 807fb16 selftest: Add knownfail for samba3.winbind.wbclient.wbcPingDc2 from 4ee602c s4:dsdb/repl: fix the usage of 'GC/' prefixed principal names http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 24b11430680ebd20303168ec73142226543ad6de Author: Andrew Bartlett abart...@samba.org Date: Mon Aug 13 20:54:24 2012 +1000 s3-sysacls: Remove sys_acl_free_qualifier() as it is a no-op Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Aug 15 05:23:18 CEST 2012 on sn-devel-104 commit 6ccfd05e72bc010ccb291a169922cedd6a5ab702 Author: Andrew Bartlett abart...@samba.org Date: Mon Aug 13 20:51:41 2012 +1000 s3-sysacls: Remove sys_acl_free_acl() and replace with TALLOC_FREE() commit e25830dcd87387a237b96f0d70deb204a5bf0a54 Author: Andrew Bartlett abart...@samba.org Date: Mon Aug 13 20:03:48 2012 +1000 s3-smbd: Remove sys_acl_*() VFS wrapper functions We no longer do struct smb_acl_t manipuations via the VFS layer, which is now reduced to handling the get/set functions. The only backend that implemented these functions (aside from audit) was the vfs_default module calling the sys_acl code. The various ACL implementation modules either worked on the fully initilaised smb_acl_t object or on NT ACLs. This not only makes the operation of the posix ACL code more efficient (as allocation and free is not put via the VFS), it makes it easier to test and removes the fantasy that a module could safely redefine this structure or the behaviour here. The smb_acls.idl now defines the structure, and it is now allocated with talloc. These operations were originally added to the VFS in commit 3bb219161a270f12c27c3bc7e1220829c6e9f284. Andrew Bartlett commit a63a2a72ebb3d9c9a41c5519c85e8b294f1110a8 Author: Andrew Bartlett abart...@samba.org Date: Mon Aug 13 20:00:59 2012 +1000 s3-smbd: Remove unused conn argument from convert_permset_to_mode_t() commit 3d031f2189a29a12320b424a4a192ac4e8b4622c Author: Andrew Bartlett abart...@samba.org Date: Mon Aug 13 20:00:21 2012 +1000 s3-smbd: Call sys_acl_set_permset() directly rather than via the VFS This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett commit 9f16fcfd3f5e0fde9e857f18faaad01ee631320c Author: Andrew Bartlett abart...@samba.org Date: Mon Aug 13 19:59:54 2012 +1000 s3-smbd: Call sys_acl_set_qualifier() directly rather than via the VFS This will allow us to remove
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via fe29535 s3-vfs: Put vfs_aixacl_util.c helper functions into a header file via f11a1a4 s4:kdc/wdc-samba4.c - fix user logins on specific workstations via a57c5eb s4-classicupgrade: Tests if sam policies exist before trying to import them. via 34c4664 s3-selftest: Add smbclient tarmode test via 1428500 s3-selftest: Fix copy/paste error in test usage string from 4e4c306 Fix smbclient/tarmode panic on connecting to Windows 2000 clients. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fe295358dfa495c8f4b564784d728b37882e877d Author: Andrew Bartlett abart...@samba.org Date: Mon Aug 13 20:14:43 2012 +1000 s3-vfs: Put vfs_aixacl_util.c helper functions into a header file Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Aug 14 02:16:11 CEST 2012 on sn-devel-104 commit f11a1a4a0796c8e77eee721f1ed1406b01e2b007 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Mon Aug 13 20:17:20 2012 +0200 s4:kdc/wdc-samba4.c - fix user logins on specific workstations The decrement operation has been missing. Problem found by Mohammad Ebrahim Abravi lamp@gmail.com Signed-off-by: Andrew Bartlett abart...@samba.org commit a57c5eb848698a4231f851744949c6a44e92784a Author: Wesley Young wes...@wesleyy.com Date: Mon Aug 13 01:08:36 2012 + s4-classicupgrade: Tests if sam policies exist before trying to import them. Signed-off-by: Andrew Bartlett abart...@samba.org commit 34c4664dc0a52862ea6a36cc44d09593557a6396 Author: Salvador I. Gonzalez sgonza...@codejunkie.net Date: Sat Aug 11 10:48:36 2012 -0400 s3-selftest: Add smbclient tarmode test (With small changes to have test complete by Andrew Bartlett) Signed-off-by: Andrew Bartlett abart...@samba.org commit 14285005ec5f208327ab8236e9c33bfefe38126a Author: Salvador I. Gonzalez sgonza...@codejunkie.net Date: Sat Aug 11 10:47:58 2012 -0400 s3-selftest: Fix copy/paste error in test usage string Signed-off-by: Andrew Bartlett abart...@samba.org --- Summary of changes: source3/modules/vfs_aixacl.c |4 +- source3/modules/vfs_aixacl_util.c |1 + .../modules/vfs_aixacl_util.h | 14 +- source3/script/tests/test_smbclient_auth.sh|2 +- source3/script/tests/test_smbclient_tarmode.sh | 181 source3/selftest/tests.py |5 +- source4/kdc/wdc-samba4.c |9 +- source4/scripting/python/samba/upgrade.py | 55 --- 8 files changed, 229 insertions(+), 42 deletions(-) copy source4/auth/ntlm/auth_server_service.c = source3/modules/vfs_aixacl_util.h (71%) create mode 100755 source3/script/tests/test_smbclient_tarmode.sh Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_aixacl.c b/source3/modules/vfs_aixacl.c index c4bb02e..9f66d2a 100644 --- a/source3/modules/vfs_aixacl.c +++ b/source3/modules/vfs_aixacl.c @@ -20,9 +20,7 @@ #include includes.h #include system/filesys.h #include smbd/smbd.h - -extern SMB_ACL_T aixacl_to_smbacl( struct acl *file_acl); -extern struct acl *aixacl_smb_to_aixacl(SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl); +#include vfs_aixacl_util.h SMB_ACL_T aixacl_sys_acl_get_file(vfs_handle_struct *handle, const char *path_p, diff --git a/source3/modules/vfs_aixacl_util.c b/source3/modules/vfs_aixacl_util.c index d867f9d..b359c40 100644 --- a/source3/modules/vfs_aixacl_util.c +++ b/source3/modules/vfs_aixacl_util.c @@ -20,6 +20,7 @@ #include includes.h #include system/filesys.h #include smbd/smbd.h +#include vfs_aixacl_util.h SMB_ACL_T aixacl_to_smbacl(struct acl *file_acl) { diff --git a/source4/auth/ntlm/auth_server_service.c b/source3/modules/vfs_aixacl_util.h similarity index 71% copy from source4/auth/ntlm/auth_server_service.c copy to source3/modules/vfs_aixacl_util.h index 65b9dc2..2447252 100644 --- a/source4/auth/ntlm/auth_server_service.c +++ b/source3/modules/vfs_aixacl_util.h @@ -1,7 +1,7 @@ /* - Unix SMB/CIFS implementation. - Password and authentication handling - Copyright (C) Andrew Bartlett 2010 + Unix SMB/Netbios implementation. + VFS module to get and set posix acls + Copyright (C) Jim McDonough j...@us.ibm.com 2006 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,10 +17,6 @@ along with this program. If not, see http://www.gnu.org/licenses/. */ -#include includes.h -#include auth/auth.h +SMB_ACL_T aixacl_to_smbacl( struct acl *file_acl); +struct acl *aixacl_smb_to_aixacl(SMB_ACL_TYPE_T
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9db35c9 VERSION: Move on to beta6! via b5281eb VERSION: Mark as the beta6 release via 03a20ae WHATSNEW: prepare for 4.0 beta6 from fe29535 s3-vfs: Put vfs_aixacl_util.c helper functions into a header file http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9db35c939c57f152f1e42cfcb9ae16cf3fada3f1 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 14 09:32:00 2012 +1000 VERSION: Move on to beta6! Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Aug 14 04:05:06 CEST 2012 on sn-devel-104 commit b5281eb473426f5f8674652cb7e3fb83ffdecab8 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 14 09:31:26 2012 +1000 VERSION: Mark as the beta6 release commit 03a20ae9ee03089a939372d7a8a475a79ceb4f86 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 14 09:30:30 2012 +1000 WHATSNEW: prepare for 4.0 beta6 --- Summary of changes: VERSION |2 +- WHATSNEW.txt | 47 --- 2 files changed, 17 insertions(+), 32 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 1012cd9..781a283 100644 --- a/VERSION +++ b/VERSION @@ -67,7 +67,7 @@ SAMBA_VERSION_ALPHA_RELEASE= # e.g. SAMBA_VERSION_BETA_RELEASE=1# # - 4.0.0beta1# -SAMBA_VERSION_BETA_RELEASE=6 +SAMBA_VERSION_BETA_RELEASE=7 # For 'pre' releases the version will be # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 1b08ff3..a4b5d8c 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,4 @@ -What's new in Samba 4.0 beta5 +What's new in Samba 4.0 beta6 = Samba 4.0 will be the next version of the Samba suite and incorporates @@ -11,7 +11,7 @@ and above. WARNINGS -Samba 4.0 beta5 is not a final Samba release, however we are now making +Samba 4.0 beta6 is not a final Samba release, however we are now making good progress towards a Samba 4.0 release, of which this is a preview. Be aware the this release contains the best of all of Samba's technology parts, both a file server (that you can reasonably expect @@ -94,46 +94,29 @@ Python programs to interface to Samba's internals, and many tools and internal workings of the DC code is now implemented in python. -CHANGES SINCE beta4 +CHANGES SINCE beta5 = -For a list of changes since beta4, please see the git log. +For a list of changes since beta5, please see the git log. $ git clone git://git.samba.org/samba.git $ cd samba.git -$ git log samba-4.0.0beta4..samba-4.0.0beta5 +$ git log samba-4.0.0beta5..samba-4.0.0beta6 Some major user-visible changes include: -- The issue with beta4 being unable to build with a released version of - ldb has been resolved. +- Provision is now faster, as we now correctly use the database + indicies during the provision -- The two parameter tables for our two smb.conf parsing engines have - been merged. This removes the ugly (but harmless) unknown - parameter xxx warnings, particularly from the smbd child process. +- Support for handling of Extended Signatures (Session Key Protection) -- Major issues have been fixed in conflict and missing/deleted parent - handling in or DRS replication engine. +- A (unverified at this time) fix for expanding memory use in our + AD DRS replication server. -- Safety improvements to prevent corruption of read-write replicas - by manual replication from a read-only replica. +- A fix for supporting the userWorkstations restriction in the KDC -- Improvements to dbcheck to correct incorrect instanceType values from - the above and to relocate objects with missing parents. - -- smbd no longer places all accounts in the 'Domain Users' of the AD - domain to which it is joined - -- AES support in NETLOGON Schannel - -- DCE/RPC timeout handling no longer crashes - -- socket address is now nbt client socket address as it only - controls the binding of the NetBIOS client, not other protocols. - See 'bind interfaces only = yes'. This parameter is also now depricated. - -- nmbd now always binds to it's broadcast sockets explicitly, rather - than just relying on the socket address above. +- Support for upgrading classic domains that may not have all the + default domain policies set. Less visible, but important changes under the hood include: @@ -144,6 +127,8 @@ Less visible, but important changes under the hood include: - Patches to ensure that talloc_tos() and talloc_stackframe() are always used correctly. +- Preparation for correctly setting POSIX ACLs during provision. + KNOWN
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4631723 s4-dsdb: Take more care in handling of global schema memory via 329e374 s4-dsdb: Remove support for per-partition sequence numbers via 2d21a9b s4-dsdb: Use only the replication USN for schema reload. from f36e28d s3-nfs4acls: Remove lookup_sid and sidmap from NFSv4 ACL mapping and check gid first http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4631723c988b46be8af4e67f5aea9187b08b9187 Author: Andrew Bartlett abart...@samba.org Date: Sat Aug 11 12:29:06 2012 +1000 s4-dsdb: Take more care in handling of global schema memory This reworks dsdb_replicated_objects_commit() to have a proper local tmp_ctx and to be more careful about what schema is set (only setting a global schema if the original schema was global). In particular, the new working_schema is not given a talloc reference to the old schema. This ensures that the old schema can go away when no longer used. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Sat Aug 11 10:31:57 CEST 2012 on sn-devel-104 commit 329e3749381fee4182fdbf6015a42e4bdca07168 Author: Andrew Bartlett abart...@samba.org Date: Sat Aug 11 11:00:53 2012 +1000 s4-dsdb: Remove support for per-partition sequence numbers These sequence numbers were only used for telling if the schema was changed, and are no longer directly related to the replication USN. The per-partition replication USN can be obtained from the @REPLCHANGED record on the per-partition database, and this is done with an ldb_search(). Andrew Bartlett commit 2d21a9bf5eeb88d738e998ee8f1720487b55e12e Author: Andrew Bartlett abart...@samba.org Date: Sat Aug 11 10:56:58 2012 +1000 s4-dsdb: Use only the replication USN for schema reload. This way we do not track both the partition seq number and the replication USN for schema reload purposes. We only need one indication of actual data change, and the replication per-partition sequence number is no more expensive to obtain than the ldb per-partition sequence number. Andrew Bartlett --- Summary of changes: source4/dsdb/repl/replicated_objects.c | 88 ++ source4/dsdb/samdb/ldb_modules/partition.c | 23 --- source4/dsdb/samdb/ldb_modules/schema_load.c | 64 +-- source4/dsdb/schema/schema.h |6 -- 4 files changed, 64 insertions(+), 117 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/repl/replicated_objects.c b/source4/dsdb/repl/replicated_objects.c index a8c210f..564befe 100644 --- a/source4/dsdb/repl/replicated_objects.c +++ b/source4/dsdb/repl/replicated_objects.c @@ -543,8 +543,16 @@ WERROR dsdb_replicated_objects_commit(struct ldb_context *ldb, WERROR werr; struct ldb_result *ext_res; struct dsdb_schema *cur_schema = NULL; + struct dsdb_schema *new_schema = NULL; int ret; uint64_t seq_num1, seq_num2; + bool used_global_schema = false; + + TALLOC_CTX *tmp_ctx = talloc_new(objects); + if (!tmp_ctx) { + DEBUG(0,(Failed to start talloc\n)); + return WERR_NOMEM; + } /* TODO: handle linked attributes */ @@ -561,6 +569,7 @@ WERROR dsdb_replicated_objects_commit(struct ldb_context *ldb, if (ret != LDB_SUCCESS) { DEBUG(0,(__location__ Failed to load partition uSN\n)); ldb_transaction_cancel(ldb); + TALLOC_FREE(tmp_ctx); return WERR_FOOBAR; } @@ -572,7 +581,8 @@ WERROR dsdb_replicated_objects_commit(struct ldb_context *ldb, */ if (working_schema) { /* store current schema so we can fall back in case of failure */ - cur_schema = dsdb_get_schema(ldb, working_schema); + cur_schema = dsdb_get_schema(ldb, tmp_ctx); + used_global_schema = dsdb_uses_global_schema(ldb); ret = dsdb_reference_schema(ldb, working_schema, false); if (ret != LDB_SUCCESS) { @@ -580,6 +590,7 @@ WERROR dsdb_replicated_objects_commit(struct ldb_context *ldb, ldb_strerror(ret))); /* TODO: Map LDB Error to NTSTATUS? */ ldb_transaction_cancel(ldb); + TALLOC_FREE(tmp_ctx); return WERR_INTERNAL_ERROR; } } @@ -587,14 +598,16 @@ WERROR dsdb_replicated_objects_commit(struct ldb_context *ldb, ret = ldb_extended(ldb, DSDB_EXTENDED_REPLICATED_OBJECTS_OID, objects, ext_res); if (ret != LDB_SUCCESS
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a117fd6 s4-dsdb: Ensure we have indexing enabled during the provision via ef87b4e s4-pydsdb: Provide control of if we should write index attributes when reloading a schema from 1a1f01e s4-dsdb: Change talloc parent http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a117fd6d11aef5360a1af1fc6da542829da8b7b0 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 14:33:49 2012 +1000 s4-dsdb: Ensure we have indexing enabled during the provision Because we set the schema before we connected the ldb to a file, the @INDEX records were not added until next startup. This cost 100% more time in running provision on my laptop. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Aug 9 08:20:36 CEST 2012 on sn-devel-104 commit ef87b4e4f10eb7d5974cb0e0861648d537153a00 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 14:23:12 2012 +1000 s4-pydsdb: Provide control of if we should write index attributes when reloading a schema This allows us to carefully control the loading of the schema. Andrew Bartlett --- Summary of changes: source4/dsdb/pydsdb.c |6 -- .../scripting/python/samba/provision/__init__.py |7 ++- source4/scripting/python/samba/samdb.py|8 3 files changed, 14 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/pydsdb.c b/source4/dsdb/pydsdb.c index 3558049..9023d69 100644 --- a/source4/dsdb/pydsdb.c +++ b/source4/dsdb/pydsdb.c @@ -873,7 +873,9 @@ static PyObject *py_dsdb_set_schema_from_ldb(PyObject *self, PyObject *args) struct ldb_context *from_ldb; struct dsdb_schema *schema; int ret; - if (!PyArg_ParseTuple(args, OO, py_ldb, py_from_ldb)) + char write_attributes = true; + if (!PyArg_ParseTuple(args, OO|b, + py_ldb, py_from_ldb, write_attributes)) return NULL; PyErr_LDB_OR_RAISE(py_ldb, ldb); @@ -886,7 +888,7 @@ static PyObject *py_dsdb_set_schema_from_ldb(PyObject *self, PyObject *args) return NULL; } - ret = dsdb_reference_schema(ldb, schema, true); + ret = dsdb_reference_schema(ldb, schema, write_attributes); PyErr_LDB_ERROR_IS_ERR_RAISE(py_ldb_get_exception(), ret, ldb); Py_RETURN_NONE; diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py index 192130e..94e857e 100644 --- a/source4/scripting/python/samba/provision/__init__.py +++ b/source4/scripting/python/samba/provision/__init__.py @@ -1121,7 +1121,7 @@ def setup_samdb(path, session_info, provision_backend, lp, names, logger.info(Pre-loading the Samba 4 and AD schema) # Load the schema from the one we computed earlier -samdb.set_schema(schema) +samdb.set_schema(schema, write_attributes=False) # Set the NTDS settings DN manually - in order to have it already around # before the provisioned tree exists and we connect @@ -1131,6 +1131,11 @@ def setup_samdb(path, session_info, provision_backend, lp, names, # DB samdb.connect(path) +# But we have to give it one more kick to have it use the schema +# during provision - it needs, now that it is connected, to write +# the schema @INDEX records to the database. +samdb.set_schema(schema, write_attributes=True) + return samdb diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py index 7451b6c..3355e9a 100644 --- a/source4/scripting/python/samba/samdb.py +++ b/source4/scripting/python/samba/samdb.py @@ -608,11 +608,11 @@ accountExpires: %u def load_partition_usn(self, base_dn): return dsdb._dsdb_load_partition_usn(self, base_dn) -def set_schema(self, schema): -self.set_schema_from_ldb(schema.ldb) +def set_schema(self, schema, write_attributes=True): +self.set_schema_from_ldb(schema.ldb, write_attributes=write_attributes) -def set_schema_from_ldb(self, ldb_conn): -dsdb._dsdb_set_schema_from_ldb(self, ldb_conn) +def set_schema_from_ldb(self, ldb_conn, write_attributes=True): +dsdb._dsdb_set_schema_from_ldb(self, ldb_conn, write_attributes) def dsdb_DsReplicaAttribute(self, ldb, ldap_display_name, ldif_elements): '''convert a list of attribute values to a DRSUAPI DsReplicaAttribute''' -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d799b25 s4-dsdb: Remove strcasecmp() fallback in replmd_ldb_message_element_attid_sort via 8dd09ef s4-dsdb: Do not reload partition metadata except on transaction start from 0d7b17f s3:smb2_sesssetup: setup global-[en|de]cryption_key http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d799b25dd3ed0f72ee03949225ba241c5538d7d6 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 16:16:03 2012 +1000 s4-dsdb: Remove strcasecmp() fallback in replmd_ldb_message_element_attid_sort In all callers, we must already have a attributeID for each of the values or else we would have already given an error, or could not have obtained the message over DRS. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Aug 9 11:39:54 CEST 2012 on sn-devel-104 commit 8dd09ef46dee1056e1ea029375a250b12dacae10 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 15:16:37 2012 +1000 s4-dsdb: Do not reload partition metadata except on transaction start This ensures that we do not add objects that should go into a partition, but we simply return that an object is not present if the connection was created before the partition was loaded. It is rare to create a new partition. Andrew Bartlett --- Summary of changes: source4/dsdb/samdb/ldb_modules/partition.c | 11 --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c |7 --- 2 files changed, 0 insertions(+), 18 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 4a9216b..f980b67 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -549,12 +549,6 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) int ret; bool domain_scope = false, phantom_root = false; - /* see if we are still up-to-date */ - ret = partition_reload_if_required(module, data, req); - if (ret != LDB_SUCCESS) { - return ret; - } - p = find_partition(data, NULL, req); if (p != NULL) { /* the caller specified what partition they want the @@ -1129,11 +1123,6 @@ static int partition_sequence_number(struct ldb_module *module, struct ldb_reque * this reload for every query of the next global seq * number */ - ret = partition_reload_if_required(module, data, req); - if (ret != LDB_SUCCESS) { - return ret; - } - p = find_partition(data, NULL, req); if (p != NULL) { /* the caller specified what partition they want the diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 4bfbee1..6b5e121 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -661,13 +661,6 @@ static int replmd_ldb_message_element_attid_sort(const struct ldb_message_elemen a1 = dsdb_attribute_by_lDAPDisplayName(schema, e1-name); a2 = dsdb_attribute_by_lDAPDisplayName(schema, e2-name); - /* -* TODO: remove this check, we should rely on e1 and e2 having valid attribute names -* in the schema -*/ - if (!a1 || !a2) { - return strcasecmp(e1-name, e2-name); - } if (a1-attributeID_id == a2-attributeID_id) { return 0; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 11d60d1 s4-ldb_wrap: Do not vasprintf() the ldb debug messages that will not be shown via 73f0cb5 lib/ldb: Do not vasprintf() the tevent debug messages that will not be shown via 7e562cf s4-events: Do not vasprintf() the tevent debug messages that will not be shown via 434bed7 s3-events: Do not vasprintf() the tevent debug messages that will not be shown via 299fc75 lib/ldb: Use tdb_exists() rather than tdb_fetch()/talloc_free() from d799b25 s4-dsdb: Remove strcasecmp() fallback in replmd_ldb_message_element_attid_sort http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 11d60d13dc54ff154b2a7bb53e326ed2180d473c Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 19:41:05 2012 +1000 s4-ldb_wrap: Do not vasprintf() the ldb debug messages that will not be shown This malloc() and free() actually shows up quite high on a call profile of provision of the AD DC. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Aug 9 13:51:06 CEST 2012 on sn-devel-104 commit 73f0cb5278e714740d0de75e6b0d0bf4c815491a Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 19:40:45 2012 +1000 lib/ldb: Do not vasprintf() the tevent debug messages that will not be shown This malloc() and free() actually shows up quite high on a call profile of provision of the AD DC. This allows the debug handler to decide if the argument list should be printed. Andrew Bartlett commit 7e562cf3eb8d8aabf9b5d62a92e67221e4f07e3a Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 18:34:48 2012 +1000 s4-events: Do not vasprintf() the tevent debug messages that will not be shown This malloc() and free() actually shows up quite high on a call profile of provision of the AD DC. Andrew Bartlett commit 434bed75c43d3d7854bd9433913448810d3ff511 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 18:34:28 2012 +1000 s3-events: Do not vasprintf() the tevent debug messages that will not be shown This malloc() and free() actually shows up quite high on a call profile of provision of the AD DC (and this is the matching patch for source3). Andrew Bartlett commit 299fc7522858e2d7ee6c54310a4e157c8142c74f Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 19:58:31 2012 +1000 lib/ldb: Use tdb_exists() rather than tdb_fetch()/talloc_free() This avoids pulling the record and doing an allocation when we just want to know if it exists. Andrew Bartlett --- Summary of changes: lib/ldb-samba/ldb_wrap.c | 12 +++- lib/ldb/ABI/{ldb-1.1.6.sigs = ldb-1.1.10.sigs}|1 + ...yldb-util-1.1.2.sigs = pyldb-util-1.1.10.sigs} |0 lib/ldb/common/ldb.c |9 - lib/ldb/common/ldb_debug.c | 16 lib/ldb/include/ldb_module.h |1 + lib/ldb/ldb_tdb/ldb_search.c | 14 +++--- lib/ldb/wscript|2 +- source3/lib/events.c | 10 ++ source4/lib/events/tevent_s4.c | 10 ++ 10 files changed, 45 insertions(+), 30 deletions(-) copy lib/ldb/ABI/{ldb-1.1.6.sigs = ldb-1.1.10.sigs} (99%) copy lib/ldb/ABI/{pyldb-util-1.1.2.sigs = pyldb-util-1.1.10.sigs} (100%) Changeset truncated at 500 lines: diff --git a/lib/ldb-samba/ldb_wrap.c b/lib/ldb-samba/ldb_wrap.c index 83a0674..028bd6f 100644 --- a/lib/ldb-samba/ldb_wrap.c +++ b/lib/ldb-samba/ldb_wrap.c @@ -47,7 +47,6 @@ static void ldb_wrap_debug(void *context, enum ldb_debug_level level, const char *fmt, va_list ap) { int samba_level = -1; - char *s = NULL; switch (level) { case LDB_DEBUG_FATAL: samba_level = 0; @@ -63,10 +62,13 @@ static void ldb_wrap_debug(void *context, enum ldb_debug_level level, break; }; - vasprintf(s, fmt, ap); - if (!s) return; - DEBUG(samba_level, (ldb: %s\n, s)); - free(s); + if (CHECK_DEBUGLVL(samba_level)) { + char *s = NULL; + vasprintf(s, fmt, ap); + if (!s) return; + DEBUG(samba_level, (ldb: %s\n, s)); + free(s); + } } diff --git a/lib/ldb/ABI/ldb-1.1.6.sigs b/lib/ldb/ABI/ldb-1.1.10.sigs similarity index 99% copy from lib/ldb/ABI/ldb-1.1.6.sigs copy to lib/ldb/ABI/ldb-1.1.10.sigs index f90fa13..de5026e 100644 --- a/lib/ldb/ABI/ldb-1.1.6.sigs +++ b/lib/ldb/ABI/ldb-1.1.10.sigs @@ -255,4 +255,5 @@ ldb_val_map_remote: struct
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 51a7154 nsswitch: add ABI checking and symbol versions to libwbclient via fdd07e8 s4-dsdb: Explain better what records are written during schema set via 1d1bdc3 lib/ldb: Use tdb_parse_record and a callback rather than tdb_fetch() from a5495bc Remove smb_panic() from unix_strlower(). Just rely on error code return. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 51a71547ef0c883970e9ef86a33c42e1b815cc4d Author: Andrew Bartlett abart...@samba.org Date: Fri Aug 10 10:17:31 2012 +1000 nsswitch: add ABI checking and symbol versions to libwbclient This will ensure that we do not unintentionally break the ABI. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Fri Aug 10 04:08:54 CEST 2012 on sn-devel-104 commit fdd07e87c6fc7a4a0ea7c6f99080d78e526042e6 Author: Andrew Bartlett abart...@samba.org Date: Fri Aug 10 08:44:04 2012 +1000 s4-dsdb: Explain better what records are written during schema set This is controlled by setting write_indices_and_attributes. Andrew Bartlett commit 1d1bdc315b4619f0ca5b2a0db602cbe283f8dca8 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 22:46:48 2012 +1000 lib/ldb: Use tdb_parse_record and a callback rather than tdb_fetch() This avoid allocation at the tdb layer as we will allocate this with talloc right away anyway. Andrew Bartlett --- Summary of changes: lib/ldb/ldb_tdb/ldb_search.c | 54 ++ nsswitch/libwbclient/ABI/wbclient-0.9.sigs | 75 nsswitch/libwbclient/wscript |3 + source4/dsdb/pydsdb.c |6 +- source4/dsdb/schema/schema_set.c | 23 -- .../scripting/python/samba/provision/__init__.py |6 +- source4/scripting/python/samba/samdb.py|8 +- 7 files changed, 142 insertions(+), 33 deletions(-) create mode 100644 nsswitch/libwbclient/ABI/wbclient-0.9.sigs Changeset truncated at 500 lines: diff --git a/lib/ldb/ldb_tdb/ldb_search.c b/lib/ldb/ldb_tdb/ldb_search.c index e631f7b..703ad6a 100644 --- a/lib/ldb/ldb_tdb/ldb_search.c +++ b/lib/ldb/ldb_tdb/ldb_search.c @@ -234,6 +234,26 @@ static int ltdb_search_base(struct ldb_module *module, struct ldb_dn *dn) return LDB_ERR_NO_SUCH_OBJECT; } +struct ltdb_parse_data_unpack_ctx { + struct ldb_message *msg; + struct ldb_module *module; +}; + +static int ltdb_parse_data_unpack(TDB_DATA key, TDB_DATA data, + void *private_data) +{ + struct ltdb_parse_data_unpack_ctx *ctx = private_data; + + int ret = ltdb_unpack_data(ctx-module, data, ctx-msg); + if (ret == -1) { + struct ldb_context *ldb = ldb_module_get_ctx(ctx-module); + ldb_debug(ldb, LDB_DEBUG_ERROR, Invalid data for index %*.*s\n, + (int)key.dsize, (int)key.dsize, key.dptr); + return LDB_ERR_OPERATIONS_ERROR; + } + return ret; +} + /* search the database for a single simple dn, returning all attributes in a single message @@ -246,9 +266,11 @@ int ltdb_search_dn1(struct ldb_module *module, struct ldb_dn *dn, struct ldb_mes void *data = ldb_module_get_private(module); struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private); int ret; - TDB_DATA tdb_key, tdb_data; - - memset(msg, 0, sizeof(*msg)); + TDB_DATA tdb_key; + struct ltdb_parse_data_unpack_ctx ctx = { + .msg = msg, + .module = module + }; /* form the key */ tdb_key = ltdb_key(module, dn); @@ -256,24 +278,24 @@ int ltdb_search_dn1(struct ldb_module *module, struct ldb_dn *dn, struct ldb_mes return LDB_ERR_OPERATIONS_ERROR; } - tdb_data = tdb_fetch(ltdb-tdb, tdb_key); - talloc_free(tdb_key.dptr); - if (!tdb_data.dptr) { - return LDB_ERR_NO_SUCH_OBJECT; - } - + memset(msg, 0, sizeof(*msg)); + msg-num_elements = 0; msg-elements = NULL; - ret = ltdb_unpack_data(module, tdb_data, msg); - free(tdb_data.dptr); + ret = tdb_parse_record(ltdb-tdb, tdb_key, + ltdb_parse_data_unpack, ctx); + talloc_free(tdb_key.dptr); + if (ret == -1) { - struct ldb_context *ldb = ldb_module_get_ctx(module); - ldb_debug(ldb, LDB_DEBUG_ERROR, Invalid data for index %s\n, - ldb_dn_get_linearized(msg-dn)); - return LDB_ERR_OPERATIONS_ERROR; + if (tdb_error(ltdb-tdb
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 51dd39b selftest: Rename samba4.blackbox.pdbtest to samba.blackbox.pdbtest via b7b4879 s3-torture: Extend pdbtest to also run an authentication unit-test via de2d813 build: Remove pdbtest from the autoconf build from 528d3fe libcli/smb: do not set SMB2_TF_MSG_SIZE in the caller http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 51dd39b2cf800ccf89cc1ae5ce6fe1ce2edff9c3 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 8 16:02:29 2012 +1000 selftest: Rename samba4.blackbox.pdbtest to samba.blackbox.pdbtest This test covers s3dc as well. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Aug 8 09:57:14 CEST 2012 on sn-devel-104 commit b7b48793501915ecf5cb52b3044fd2f902987802 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 8 15:22:03 2012 +1000 s3-torture: Extend pdbtest to also run an authentication unit-test This tests both the builtin auth_sam against passdb directly and the configured auth module. Andrew Bartlett commit de2d813898bcfc530d13753a57ac8356b7c7bf0e Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 8 15:53:36 2012 +1000 build: Remove pdbtest from the autoconf build pdbtest is internal test utility that is not installed. It is only run from the full (waf) make test, and does not need to be built in the autoconf build. Removing it from the autoconf build makes it easier to expand this test to depend on more parts of Samba. Andrew Bartlett --- Summary of changes: source3/Makefile.in | 13 +- source3/torture/pdbtest.c | 117 - source3/wscript_build |4 +- source4/selftest/tests.py |2 +- 4 files changed, 121 insertions(+), 15 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index e42c1b5..2635cfa 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -223,7 +223,7 @@ BIN_PROGS3 = bin/smbpasswd bin/rpcclient bin/smbcacls \ TORTURE_PROGS = bin/smbtorture bin/msgtest \ bin/masktest bin/locktest \ bin/locktest2 bin/nsstest bin/vfstest \ - bin/pdbtest $(TALLOCTORT) bin/replacetort \ + $(TALLOCTORT) bin/replacetort \ $(TDBTORTURE) $(PTHREADPOOLTEST) \ bin/smbconftort bin/vlp @@ -1323,11 +1323,6 @@ LOCKTEST_OBJ = torture/locktest.o $(PARAM_OBJ) $(LOCKING_OBJ) $(KRBCLIENT_OBJ) \ NSSTEST_OBJ = ../nsswitch/nsstest.o ../lib/util/setid.o $(LIBSAMBAUTIL_OBJ) -PDBTEST_OBJ = torture/pdbtest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ - $(LIB_NONSMBD_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ - $(SMBLDAP_OBJ) $(POPT_LIB_OBJ) \ - $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) - VFSTEST_OBJ = torture/cmd_vfs.o torture/vfstest.o $(SMBD_OBJ_BASE) $(READLINE_OBJ) \ torture/vfstest_chain.o @@ -2073,12 +2068,6 @@ bin/nsstest: $(BINARY_PREREQS) $(NSSTEST_OBJ) $(LIBTALLOC) @$(CC) -o $@ $(NSSTEST_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \ $(LIBTALLOC_LIBS) -bin/pdbtest: $(BINARY_PREREQS) $(PDBTEST_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) - @echo Linking $@ - @$(CC) -o $@ $(PDBTEST_OBJ) $(LDFLAGS) $(DYNEXP) \ - $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(PASSDB_LIBS) \ - $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS) $(ZLIB_LIBS) - bin/vfstest: $(BINARY_PREREQS) $(VFSTEST_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) @echo Linking $@ @$(CC) -o $@ $(VFSTEST_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(AVAHI_LIBS) \ diff --git a/source3/torture/pdbtest.c b/source3/torture/pdbtest.c index 821f39b..d0d529e 100644 --- a/source3/torture/pdbtest.c +++ b/source3/torture/pdbtest.c @@ -4,6 +4,7 @@ Copyright (C) Wilco Baan Hofman 2006 Copyright (C) Jelmer Vernooij 2006 + Copyright (C) Andrew Bartlett 2012 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -27,6 +28,10 @@ #include ../librpc/gen_ndr/drsblobs.h #include ../librpc/gen_ndr/ndr_drsblobs.h #include ../libcli/security/dom_sid.h +#include ../libcli/auth/libcli_auth.h +#include ../auth/common_auth.h +#include lib/tsocket/tsocket.h +#include include/auth.h #define TRUST_DOM trustdom #define TRUST_PWD trustpwd1232 @@ -38,6 +43,7 @@ static bool samu_correct(struct samu *s1, struct samu *s2) uint32 s1_len, s2_len; const char *s1_buf, *s2_buf; const uint8 *d1_buf, *d2_buf; + const struct dom_sid *s1_sid, *s2_sid; /* Check Unix username */ s1_buf = pdb_get_username(s1
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1a1f01e s4-dsdb: Change talloc parent via 1727556 s4-dsdb: Remove ldb_sequence_type argument from partition_primary_sequence_number via 6ec963e s4-dsdb: simplify migration of old-style seqence numbers to metadata.tdb via 6a648b7 s4-dsdb: Reduce calls to the ldb layer by reloading less often from 47c5900 s3:nmbd: log a failure in get_domain_master_name_node_status_success() as level 1 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1a1f01ee7a754f2ee4f385fba6cb55d82518 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 12:23:58 2012 +1000 s4-dsdb: Change talloc parent This matches the rest of the function. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Aug 9 06:26:36 CEST 2012 on sn-devel-104 commit 17275561a062b0453f9d2547ecebd6dff08aaa24 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 12:23:13 2012 +1000 s4-dsdb: Remove ldb_sequence_type argument from partition_primary_sequence_number We always want LDB_SEQ_HIGHEST_SEQ here. Andrew Bartlett commit 6ec963eef7c00315b2d941951602825a89fabb6e Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 12:20:37 2012 +1000 s4-dsdb: simplify migration of old-style seqence numbers to metadata.tdb This simple operation does not need to be encased in generic ldb extended operations. Andrew Bartlett commit 6a648b727f50e33a4c66a77e3980d7c0c2adcb49 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 10:21:38 2012 +1000 s4-dsdb: Reduce calls to the ldb layer by reloading less often We do not need to reload the partition list to get the global sequence number, as that number is stored in the metadata.tdb, not the ldb files. Andrew Bartlett --- Summary of changes: source4/dsdb/samdb/ldb_modules/partition.c | 184 source4/dsdb/samdb/ldb_modules/partition_init.c|8 +- .../dsdb/samdb/ldb_modules/partition_metadata.c| 57 +-- 3 files changed, 82 insertions(+), 167 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index d4f020f..4a9216b 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -985,7 +985,7 @@ static int partition_del_trans(struct ldb_module *module) } int partition_primary_sequence_number(struct ldb_module *module, TALLOC_CTX *mem_ctx, - enum ldb_sequence_type type, uint64_t *seq_number, + uint64_t *seq_number, struct ldb_request *parent) { int ret; @@ -997,7 +997,7 @@ int partition_primary_sequence_number(struct ldb_module *module, TALLOC_CTX *mem if (tseq == NULL) { return ldb_oom(ldb_module_get_ctx(module)); } - tseq-type = type; + tseq-type = LDB_SEQ_HIGHEST_SEQ; ret = dsdb_module_extended(module, tseq, res, LDB_EXTENDED_SEQUENCE_NUMBER, @@ -1027,115 +1027,73 @@ int partition_primary_sequence_number(struct ldb_module *module, TALLOC_CTX *mem * Older version of sequence number as sum of sequence numbers for each partition */ int partition_sequence_number_from_partitions(struct ldb_module *module, - struct ldb_request *req, - struct ldb_extended **ext) + uint64_t *seqr) { int ret; unsigned int i; uint64_t seq_number = 0; struct partition_private_data *data = talloc_get_type(ldb_module_get_private(module), struct partition_private_data); - struct ldb_seqnum_request *seq; - struct ldb_seqnum_result *seqr; - struct ldb_request *treq; - struct ldb_seqnum_request *tseq; - struct ldb_seqnum_result *tseqr; - struct ldb_result *res; - struct dsdb_partition *p; - p = find_partition(data, NULL, req); - if (p != NULL) { - /* the caller specified what partition they want the -* sequence number operation on - just pass it on -*/ - return ldb_next_request(p-module, req); + ret = partition_primary_sequence_number(module, data, seq_number, NULL); + if (ret != LDB_SUCCESS) { + return ret; } - - seq = talloc_get_type(req-op.extended.data, struct ldb_seqnum_request); - - switch (seq-type) { - case
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f06c216 s3-pysmbd: Try opening as a file, then as a directory via e571d5c s3-pysmbd: Use talloc_zero() via e658421 s3-passdb: Simplify idmap wrapper in pdb_samba4 via 227d490 s3-pysmbd: Add talloc_stackframe() to smbd_set_simple_acl wrapper from 721096b s3:smb2_server: make use of smbd_smb2_inbuf_parse_compound() in smbd_smb2_request_read*() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f06c216d0b3ffd036ac10f9abe9b2fe3ff319f09 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 7 14:19:06 2012 +1000 s3-pysmbd: Try opening as a file, then as a directory Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Aug 7 08:59:21 CEST 2012 on sn-devel-104 commit e571d5c03ef416bc7f6a1eb66567ec2715da9d21 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 7 14:18:41 2012 +1000 s3-pysmbd: Use talloc_zero() This avoids operating on uninitialised data Andrew Bartlett commit e658421fe1f724da0e627c0ae407804993c2521e Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 7 14:17:09 2012 +1000 s3-passdb: Simplify idmap wrapper in pdb_samba4 The source3 consumers of this API are now quite happy to be given an answer of ID_TYPE_BOTH, so we do not need this extra code to try and force the answer to UID or GID. Andrew Bartlett commit 227d490477230cfdd6b912b6f6a63314fa64ca88 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 7 10:45:14 2012 +1000 s3-pysmbd: Add talloc_stackframe() to smbd_set_simple_acl wrapper --- Summary of changes: source3/passdb/pdb_samba4.c | 59 ++ source3/smbd/pysmbd.c | 12 ++-- 2 files changed, 18 insertions(+), 53 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/passdb/pdb_samba4.c b/source3/passdb/pdb_samba4.c index 40827df..01eb4ba 100644 --- a/source3/passdb/pdb_samba4.c +++ b/source3/passdb/pdb_samba4.c @@ -2058,67 +2058,26 @@ static bool pdb_samba4_sid_to_id(struct pdb_methods *m, const struct dom_sid *si m-private_data, struct pdb_samba4_state); struct id_map id_map; struct id_map *id_maps[2]; - const char *attrs[] = { objectClass, NULL }; - struct ldb_message *msg; - struct ldb_dn *dn; NTSTATUS status; - int rc; TALLOC_CTX *tmp_ctx = talloc_stackframe(); if (!tmp_ctx) { return false; } ZERO_STRUCT(id_map); + id_map.sid = sid; + id_maps[0] = id_map; + id_maps[1] = NULL; - dn = ldb_dn_new_fmt(tmp_ctx, state-ldb, SID=%s, dom_sid_string(tmp_ctx, sid)); - if (!dn || !ldb_dn_validate(dn)) { - talloc_free(tmp_ctx); + status = idmap_sids_to_xids(state-idmap_ctx, tmp_ctx, id_maps); + talloc_free(tmp_ctx); + if (!NT_STATUS_IS_OK(status)) { return false; } - rc = dsdb_search_one(state-ldb, tmp_ctx, msg, dn, LDB_SCOPE_BASE, attrs, 0, NULL); - if (rc == LDB_ERR_NO_SUCH_OBJECT) { - DEBUG(5, (__location__ SID to Unix ID lookup failed because SID %s could not be found in the samdb\n, dom_sid_string(tmp_ctx, sid))); - talloc_free(tmp_ctx); - return false; + if (id_map.xid.type != ID_TYPE_NOT_SPECIFIED) { + *id = id_map.xid; + return true; } - if (samdb_find_attribute(state-ldb, msg, objectClass, group)) { - id-type = ID_TYPE_GID; - - ZERO_STRUCT(id_map); - id_map.sid = sid; - id_maps[0] = id_map; - id_maps[1] = NULL; - - status = idmap_sids_to_xids(state-idmap_ctx, tmp_ctx, id_maps); - talloc_free(tmp_ctx); - if (!NT_STATUS_IS_OK(status)) { - return false; - } - if (id_map.xid.type == ID_TYPE_GID || id_map.xid.type == ID_TYPE_BOTH) { - id-id = id_map.xid.id; - return true; - } - return false; - } else if (samdb_find_attribute(state-ldb, msg, objectClass, user)) { - id-type = ID_TYPE_UID; - ZERO_STRUCT(id_map); - id_map.sid = sid; - id_maps[0] = id_map; - id_maps[1] = NULL; - - status = idmap_sids_to_xids(state-idmap_ctx, tmp_ctx, id_maps); - talloc_free(tmp_ctx); - if (!NT_STATUS_IS_OK(status)) { - return false; - } - if (id_map.xid.type == ID_TYPE_UID || id_map.xid.type == ID_TYPE_BOTH) { - id-id
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 33705f4 s4-scripting: Remove unused variables from ntacl tests via 4aca56c s4-smbd: Check for failure of irpc_add_name from f06c216 s3-pysmbd: Try opening as a file, then as a directory http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 33705f4cc1773ff4fc37a6e6927af7a327aeb31d Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 7 16:55:58 2012 +1000 s4-scripting: Remove unused variables from ntacl tests Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Aug 7 11:15:41 CEST 2012 on sn-devel-104 commit 4aca56cd848df11d79a8a0333d3e9944f176bcd9 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 7 15:50:46 2012 +1000 s4-smbd: Check for failure of irpc_add_name --- Summary of changes: source4/scripting/python/samba/tests/ntacls.py | 10 -- source4/smbd/server.c |5 - 2 files changed, 4 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/python/samba/tests/ntacls.py b/source4/scripting/python/samba/tests/ntacls.py index c7e4101..c867c95 100644 --- a/source4/scripting/python/samba/tests/ntacls.py +++ b/source4/scripting/python/samba/tests/ntacls.py @@ -32,8 +32,6 @@ class NtaclsTests(TestCase): path = os.environ['SELFTEST_PREFIX'] acl = O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512) tempf = os.path.join(path,pytests+str(int(10*random.random( -ntacl = xattr.NTACL() -ntacl.version = 1 open(tempf, 'w').write(empty) lp.set(posix:eadb,os.path.join(path,eadbtest.tdb)) setntacl(lp, tempf, acl, S-1-5-21-2212615479-2695158682-2101375467) @@ -46,8 +44,6 @@ class NtaclsTests(TestCase): path = os.environ['SELFTEST_PREFIX'] acl = O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512) tempf = os.path.join(path,pytests+str(int(10*random.random( -ntacl = xattr.NTACL() -ntacl.version = 1 open(tempf, 'w').write(empty) lp.set(posix:eadb,os.path.join(path,eadbtest.tdb)) setntacl(lp,tempf,acl,S-1-5-21-2212615479-2695158682-2101375467) @@ -62,8 +58,6 @@ class NtaclsTests(TestCase): acl = O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512) path = os.environ['SELFTEST_PREFIX'] tempf = os.path.join(path,pytests+str(int(10*random.random( -ntacl = xattr.NTACL() -ntacl.version = 1 open(tempf, 'w').write(empty) setntacl(lp,tempf,acl,S-1-5-21-2212615479-2695158682-2101375467,tdb,os.path.join(path,eadbtest.tdb)) facl=getntacl(lp,tempf,tdb,os.path.join(path,eadbtest.tdb)) @@ -77,8 +71,6 @@ class NtaclsTests(TestCase): acl = O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512) path = os.environ['SELFTEST_PREFIX'] tempf = os.path.join(path,pytests+str(int(10*random.random( -ntacl = xattr.NTACL() -ntacl.version = 1 open(tempf, 'w').write(empty) self.assertRaises(XattrBackendError, setntacl, lp, tempf, acl, S-1-5-21-2212615479-2695158682-2101375467,ttdb, os.path.join(path,eadbtest.tdb)) @@ -90,8 +82,6 @@ class NtaclsTests(TestCase): acl = O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512) path = os.environ['SELFTEST_PREFIX'] tempf = os.path.join(path,pytests+str(int(10*random.random( -ntacl = xattr.NTACL() -ntacl.version = 1 open(tempf, 'w').write(empty) lp.set(posix:eadb, os.path.join(path,eadbtest.tdb)) self.assertRaises(Exception, setntacl, lp, tempf ,acl, diff --git a/source4/smbd/server.c b/source4/smbd/server.c index a6ebcd6..f3405a7 100644 --- a/source4/smbd/server.c +++ b/source4/smbd/server.c @@ -225,7 +225,10 @@ static NTSTATUS setup_parent_messaging(struct tevent_context *event_ctx, cluster_id(0, SAMBA_PARENT_TASKID), event_ctx, false); NT_STATUS_HAVE_NO_MEMORY(msg); - irpc_add_name(msg, samba); + status = irpc_add_name(msg, samba); + if (!NT_STATUS_IS_OK(status)) { + return status; + } status = IRPC_REGISTER(msg, irpc
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d825adf s3-param: Remove never-reached condition for popts == NULL via 31d1fde s3-param: Remove never-reached condition for opt_list == NULL via d65bded source3/loadparm.c: Move string_set/string_free inside. via 3bb65aa source3/smbd/conn.c: wean off string_set/string_free via a14c02d source3/loadparm: make struct loadparm_service a talloc object. via 592e3f4 loadparm: Add ctx member to struct loadparm_global. from 9b7b736 media_harmony VFS module: Add and build by default. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d825adf86a91aa08588ef5fa95ce3f91abb9fd40 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 7 21:29:53 2012 +1000 s3-param: Remove never-reached condition for popts == NULL All the callers provide a parametric options pointer to fill in. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Aug 7 17:16:38 CEST 2012 on sn-devel-104 commit 31d1fde037d78e2c2becdedb9016a859e5e38437 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 7 21:20:47 2012 +1000 s3-param: Remove never-reached condition for opt_list == NULL All the callers provide a parametric options pointer to fill in. Andrew Bartlett commit d65bded0c2435a62bf0fe33828d6dc5b9a74f936 Author: Rusty Russell ru...@rustcorp.com.au Date: Mon Jul 23 14:51:39 2012 +0930 source3/loadparm.c: Move string_set/string_free inside. The only user, so make them static inside loadparm.c Signed-off-by: Rusty Russell ru...@rustcorp.com.au Signed-off-by: Andrew Bartlett abart...@samba.org commit 3bb65aa159cae310b2a5d4998c258d72ace2fa3f Author: Rusty Russell ru...@rustcorp.com.au Date: Mon Jul 23 14:51:34 2012 +0930 source3/smbd/conn.c: wean off string_set/string_free Use straight talloc strings. This is the only user outside loadparm.c. Signed-off-by: Rusty Russell ru...@rustcorp.com.au Signed-off-by: Andrew Bartlett abart...@samba.org commit a14c02d2a7b9d070a6338a360103a34e7673454c Author: Rusty Russell ru...@rustcorp.com.au Date: Mon Jul 23 12:20:26 2012 +0930 source3/loadparm: make struct loadparm_service a talloc object. This gives us a place to allocate members from. Signed-off-by: Rusty Russell ru...@rustcorp.com.au Signed-off-by: Andrew Bartlett abart...@samba.org commit 592e3f4b236b3b5c056faca6ca6f060560a3204d Author: Rusty Russell ru...@rustcorp.com.au Date: Mon Jul 23 12:19:46 2012 +0930 loadparm: Add ctx member to struct loadparm_global. Rather than tallocing global parameters off NULL, keep it neat by having a Global.ctx member. Signed-off-by: Rusty Russell ru...@rustcorp.com.au Signed-off-by: Andrew Bartlett abart...@samba.org --- Summary of changes: script/mkparamdefs.pl |4 ++- source3/Makefile.in |2 +- source3/include/proto.h |2 - source3/lib/string_init.c | 77 - source3/param/loadparm.c | 66 +- source3/smbd/conn.c | 10 ++ source3/smbd/service.c|9 +++-- source3/wscript_build |2 +- 8 files changed, 70 insertions(+), 102 deletions(-) delete mode 100644 source3/lib/string_init.c Changeset truncated at 500 lines: diff --git a/script/mkparamdefs.pl b/script/mkparamdefs.pl index b489cc9..6b59230 100644 --- a/script/mkparamdefs.pl +++ b/script/mkparamdefs.pl @@ -91,12 +91,14 @@ $file-(/* This file was automatically generated by mkparamdefs.pl. DO NOT EDIT $file-( * This structure describes global (ie., server-wide) parameters.\n); $file-( */\n); $file-(struct loadparm_global \n); + $file-({\n); + $file-(\tTALLOC_CTX *ctx; /* Context for talloced members */\n); } elsif ($generate_scope eq LOCAL) { $file-( * This structure describes a single service.\n); $file-( */\n); $file-(struct loadparm_service \n); + $file-({\n); } -$file-({\n); } sub print_footer($$$) diff --git a/source3/Makefile.in b/source3/Makefile.in index ff0f1f4..e42c1b5 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -466,7 +466,7 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) $(LIBTSOCKET_OBJ) \ ../libds/common/flag_mapping.o \ lib/access.o lib/smbrun.o \ ../lib/util/bitmap.o ../lib/util/dprintf.o $(UTIL_REG_OBJ) \ - lib/wins_srv.o lib/string_init.o \ + lib/wins_srv.o \ lib/util_str.o ../lib/util/util_str_common.o \ ../lib/util/util_str.o \ ../lib/util/base64.o lib/util_sid.o \ diff --git a/source3/include/proto.h
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4e0fb8b Revert ldb: Add parameter to avoid NULL format string flagged by -Werror=format via 33c79c8 build: Make -Werror=format check only run where NULL is still accepted via 0514a84 Rework recursive waf build to be a selftest-enabled not a developer build via dd8c0e5 build: Remove duplicate declaration of --enable-selftest via 49b2720 lib/param: Also enable vlp when --enable-selftest is specified from 1c7bd2b s3:smbd: remove unused variable in sesssetup.c http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4e0fb8b4b1b7eadf315aeb599a079eb1d22a4d22 Author: Andrew Bartlett abart...@samba.org Date: Mon Aug 6 18:46:41 2012 +1000 Revert ldb: Add parameter to avoid NULL format string flagged by -Werror=format This reverts commit cddcaf7bd2c272bc578ac1e4f7ec438ab94fc243. -Werror=format is no longer uses when it would cause this to fail. This is a legitimate use of the ldb_search API. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Mon Aug 6 14:47:27 CEST 2012 on sn-devel-104 commit 33c79c8731ea0c1ab78583a7c50953c56aea539f Author: Andrew Bartlett abart...@samba.org Date: Mon Aug 6 18:46:30 2012 +1000 build: Make -Werror=format check only run where NULL is still accepted This is needed because ldb_search() allows a NULL parameter for the format string and this needs to be permitted by the format string checker before we want to make this error fatal. Andrew Bartlett commit 0514a84f7e7d44eae3c7fcc85fc804af6fbfda6b Author: Andrew Bartlett abart...@samba.org Date: Mon Aug 6 18:33:35 2012 +1000 Rework recursive waf build to be a selftest-enabled not a developer build This essentially reverts commit a943a9ba2f739e8aee630f774915e8204aa8cf3a. I've fixed this by making lib/param/parm_table.c honour --enable-selftest. Andrew Bartlett commit dd8c0e59a327c697e5f86a0fd3b18478c02c8c63 Author: Andrew Bartlett abart...@samba.org Date: Mon Aug 6 18:32:32 2012 +1000 build: Remove duplicate declaration of --enable-selftest commit 49b27203174647d66fbf6a35266d587cc9e2e5cc Author: Andrew Bartlett abart...@samba.org Date: Mon Aug 6 18:32:21 2012 +1000 lib/param: Also enable vlp when --enable-selftest is specified --- Summary of changes: buildtools/wafsamba/samba_autoconf.py | 21 ++--- lib/ldb/ldb_map/ldb_map.c |2 +- lib/param/loadparm.h |2 +- lib/param/param_table.c |2 +- selftest/wscript |4 source3/Makefile-smbtorture4 |2 +- source3/param/loadparm.c |2 +- source3/wscript |3 --- 8 files changed, 27 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py index cfab476..03c2b24 100644 --- a/buildtools/wafsamba/samba_autoconf.py +++ b/buildtools/wafsamba/samba_autoconf.py @@ -437,10 +437,10 @@ def CHECK_STRUCTURE_MEMBER(conf, structname, member, @conf -def CHECK_CFLAGS(conf, cflags): +def CHECK_CFLAGS(conf, cflags, fragment='int main(void) { return 0; }\n'): '''check if the given cflags are accepted by the compiler ''' -return conf.check(fragment='int main(void) { return 0; }\n', +return conf.check(fragment=fragment, execute=0, type='nolink', ccflags=cflags, @@ -622,11 +622,26 @@ def SAMBA_CONFIG_H(conf, path=None): if Options.options.developer: # we add these here to ensure that -Wstrict-prototypes is not set during configure -conf.ADD_CFLAGS('-Wall -g -Wshadow -Werror=strict-prototypes -Wstrict-prototypes -Werror=pointer-arith -Wpointer-arith -Wcast-align -Werror=write-strings -Wwrite-strings -Werror-implicit-function-declaration -Werror=format -Wformat=2 -Wno-format-y2k -Wmissing-prototypes -fno-common -Werror=address', +conf.ADD_CFLAGS('-Wall -g -Wshadow -Werror=strict-prototypes -Wstrict-prototypes -Werror=pointer-arith -Wpointer-arith -Wcast-align -Werror=write-strings -Wwrite-strings -Werror-implicit-function-declaration -Wformat=2 -Wno-format-y2k -Wmissing-prototypes -fno-common -Werror=address', testflags=True) conf.ADD_CFLAGS('-Wcast-qual', testflags=True) conf.env.DEVELOPER_MODE = True +# This check is because for ldb_search(), a NULL format string +# is not an error, but some compilers complain about that. +if CHECK_CFLAGS(conf, -Werror=format, ''' +int testformat(char *format, ...) __attribute__ ((format (__printf__, 1, 2
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1e5098d s3-pysmbd: Add hook for get_nt_acl() via 64f494d s3-pysmbd: fix DEBUG via e5686a4 s3-pysmbd: Add my copyright via 55a0d66 s3-pysmbd: Add set_nt_acl() function based on parts of vfstest via b041d29 s3-pypassdb: Fix wrapper for pdb_domain_info to return correct dns_{domain,forest} from e956253 s4:torture: send the TCONX_FLAG_EXTENDED_RESPONSE flag http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1e5098d5e1bb4dd2df6af690ade1b4b52a8d Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 2 15:16:13 2012 +1000 s3-pysmbd: Add hook for get_nt_acl() Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Aug 2 13:27:55 CEST 2012 on sn-devel-104 commit 64f494de5e8e468a3adde62b02843d734d6cc483 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 2 13:36:55 2012 +1000 s3-pysmbd: fix DEBUG commit e5686a4cf0931d8a89ed8f5922fd00d93b7893ea Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 2 13:36:43 2012 +1000 s3-pysmbd: Add my copyright commit 55a0d6606c76463296188582c52821a7607ade7b Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 2 13:35:24 2012 +1000 s3-pysmbd: Add set_nt_acl() function based on parts of vfstest This will allow us to set the full NT ACL on a file, using the VFS layer, during provision of the AD DC. Andrew Bartlett commit b041d29c116a5d93b70a2cea5f808e81b9e12556 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 2 18:05:03 2012 +1000 s3-pypassdb: Fix wrapper for pdb_domain_info to return correct dns_{domain,forest} --- Summary of changes: source3/passdb/py_passdb.c |4 +- source3/smbd/pysmbd.c | 143 +++- source3/wscript_build |2 +- 3 files changed, 144 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/passdb/py_passdb.c b/source3/passdb/py_passdb.c index 7043ce6..bd332e1 100644 --- a/source3/passdb/py_passdb.c +++ b/source3/passdb/py_passdb.c @@ -1368,8 +1368,8 @@ static PyObject *py_pdb_domain_info(pytalloc_Object *self, PyObject *args) } PyDict_SetItemString(py_domain_info, name, PyString_FromString(domain_info-name)); - PyDict_SetItemString(py_domain_info, dns_domain, PyString_FromString(domain_info-name)); - PyDict_SetItemString(py_domain_info, dns_forest, PyString_FromString(domain_info-name)); + PyDict_SetItemString(py_domain_info, dns_domain, PyString_FromString(domain_info-dns_domain)); + PyDict_SetItemString(py_domain_info, dns_forest, PyString_FromString(domain_info-dns_forest)); PyDict_SetItemString(py_domain_info, dom_sid, pytalloc_steal(dom_sid_Type, sid)); PyDict_SetItemString(py_domain_info, guid, pytalloc_steal(guid_Type, guid)); diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c index 5badb3a..9a44d25 100644 --- a/source3/smbd/pysmbd.c +++ b/source3/smbd/pysmbd.c @@ -1,9 +1,13 @@ /* Unix SMB/CIFS implementation. - SMB NT Security Descriptor / Unix permission conversion. + Set NT and POSIX ACLs and other VFS operations from Python + + Copyrigyt (C) Andrew Bartlett 2012 Copyright (C) Jeremy Allison 1994-2009. Copyright (C) Andreas Gruenbacher 2002. Copyright (C) Simo Sorce i...@samba.org 2009. + Copyright (C) Simo Sorce 2002 + Copyright (C) Eric Lorimer 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -23,6 +27,9 @@ #include smbd/smbd.h #include Python.h #include libcli/util/pyerrors.h +#include librpc/rpc/pyrpc_util.h +#include pytalloc.h +#include system/filesys.h extern const struct generic_mapping file_generic_mapping; @@ -58,7 +65,7 @@ static NTSTATUS set_sys_acl_no_snum(const char *fname, ret = SMB_VFS_SYS_ACL_SET_FILE( conn, fname, acltype, theacl); if (ret != 0) { status = map_nt_error_from_unix_common(ret); - DEBUG(0,(get_nt_acl_no_snum: fset_nt_acl returned zero.\n)); + DEBUG(0,(set_nt_acl_no_snum: fset_nt_acl returned zero.\n)); } conn_free(conn); @@ -66,6 +73,83 @@ static NTSTATUS set_sys_acl_no_snum(const char *fname, return status; } +static NTSTATUS set_nt_acl_no_snum(const char *fname, + uint32 security_info_sent, const struct security_descriptor *sd) +{ + TALLOC_CTX *frame = talloc_stackframe(); + connection_struct *conn; + NTSTATUS status = NT_STATUS_OK; + files_struct *fsp; + struct smb_filename *smb_fname = NULL; + int flags; + + conn = talloc_zero(frame, connection_struct); + if (conn == NULL
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8dde55c build: fix typo from 1e5098d s3-pysmbd: Add hook for get_nt_acl() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8dde55c7fb55f3a03c222609d7340db8056c3365 Author: Andrew Bartlett abart...@samba.org Date: Fri Aug 3 10:00:56 2012 +1000 build: fix typo Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Fri Aug 3 03:56:38 CEST 2012 on sn-devel-104 --- Summary of changes: dynconfig/wscript |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/dynconfig/wscript b/dynconfig/wscript index 2a60a2a..44e8f19 100755 --- a/dynconfig/wscript +++ b/dynconfig/wscript @@ -269,7 +269,7 @@ def set_options(opt): fhs_help = Use FHS-compliant paths (default no)\n fhs_help += You should consider using this together with:\n -fhs_help += --prefix=/usr --sysconfdir=/etc --locatestatedir=/var +fhs_help += --prefix=/usr --sysconfdir=/etc --localstatedir=/var opt_group.add_option('--enable-fhs', help=fhs_help, action=store_true, dest='ENABLE_FHS', default=False) -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag samba-4.0.0beta5 created
The annotated tag, samba-4.0.0beta5 has been created at e20618e6ff98277475ad914d96f163885c09bfc4 (tag) tagging 50d6483ab8acd9a2af7558b6831c170a5bce3721 (commit) replaces samba-4.0.0beta4 tagged by Andrew Bartlett on Wed Aug 1 19:40:41 2012 +1000 - Log - samba4: tag release samba-4.0.0beta5 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIVAwUAUBj5mWjGT3QfUnJfAQLQzQ/8DIJtrxfcIISnoc8iTyYtVbtUHUJUPR0n a8tjSn575Ea654CjAKPxM6eUOMDSCe1q0dBq7O/yrlKeTp5C5hujs9kIw/LA/1tg SMezdHQNCBeZJVb/WGdLFq722X20JMQoOL4iMVZrhgtf/1j3upqECL4jXCvTXgjZ SJB9FL/emA59MzSZmFXCNdCPfPKNnKMQfw6dm7j375H3lL3HwxkbK6HejEYI6FhN wv32fjB/V6ycSLMAlF8BzPx8sIBIKe3DKaPacGQ8VR6oZJud0zux1JUnIXS3nELi sdcWhGr+ES9dxxsgt52jvRbb67QB1EXrhUVuG+lTL147b+DXurZqr0CCS3/gsD6H AFzKPkoESaJA54ClZedtTAKtBr03b3ltI9yokrJqv2VAOwneSKdc/c0Yh6BL081e MQV0kj7oEc6GXgAFiNvVLAceNVu387Vx9jTx+5C06H2IhCvi1an0yCl/qzLYVKsJ rGGd/01NPcNKh8kPiDcCPaCDmCqw2iQ+JGM7akHIUFdy/FXXUcCX1NGXV35ofPOf 74f0xCxjZHWzvISkpaDBrrqXECzH1HIhCLlanXp9u4eAYQwRpfw72GekSCCpfzRV eAdrXVBe5E4F8of9pbUAm05nYFBkMiTWdfzbYUAacQyXjsBUcs69pjg2/lPB8VvT KqjBoYWJuAw= =FmB6 -END PGP SIGNATURE- Alexander Werth (1): s3:Really ignore unknown special ids in NFSv4 ACLs. Andreas Schneider (8): s4-torture: Add DCERPC_SCHANNEL_AES tests. s4-torture: Improve samlogon test. s4-librpc: Add capabilities check for AES encrypted connections. s4-auth: Make sure we use the correct credential state. s3-rpc_client: Add capabilities check for AES encrypted connections. s3-rpc_client: Fix updating netlogon credentials. Enable AES in winbind. s3-winbind: Fix bug #9052 resolving our own Domain Local groups. Andrew Bartlett (92): VERSION: Move on to beta5! s4-dsdb: Ensure we never write read-only objects onto a read-write replica s4-dsdb: Allow dbcheck to correct an incorrect instanceType dsdb: Allocate new OID to allow updates of a read-only replica s4-dbcheck: Check for and correct incorrect instanceType values s4-librpc: Ensure we do not call call the decrpc timeout handler during gensec_update() s4-lib/tls: Try socket_send() multiple times to send partial packets s4-torture: Also print GID values in whoami test s4-torture: Allow unix.whoami to test against a member server s4-torture: Move check of map-to-guest above SID list check Revert s3:auth make sure the primary group sid is usable selftest: Run unix.whomai against the machine acccount as well auth/credentials: Remove extra newline s3-rpc_server: Remove make_server_info_info3() call from make_server_pipes_struct() s3-auth Use correct RID for domain guests primary group lib/param: bring lp_time_server() into common lib/param: Add my copyright s4-param: Remove unused idmap trusted only s3-param: Make lp_name_resolve_order() return a list lib/param: bring lp_smb_ports() into common by making it a list everywhere s3-param: Remove special case for lp_ctdbd_socket(), set CTDB_PATH as default build: Add -Werror=address to the developer build param: Make the 'unicode' parameter common param: Make internal handler for 'server role' common s3-param: Merge a number of s4 parameters from lib/param to make this table common s3-param: fix indent on cups encrypt s3-param: Merge parameter varaibles with lib/param lib/param: Remove ntptr providor and hard-code in s4 spoolss server lib/param: Remove 'case insensitive filesystem' lib/param: Rename param_enums.c to param_table.c lib/param: Move all enum declarations to lib/param lib/param: Make lp_usershare_max_shares() a common parameter lib/param: Merge handling of security/domain master/domain logons/server role lib/param: Add handler overrides lib/param: Re-arrange TLS parameters into their own section lib/param: Rearrange AD DC options to make a merge with the source3 table easier lib/param: Merge DNS parameters with source3 param lib/param: Merge Winbind parameters from source3 into lib/param lib/param: Merge VFS and MSDFS parameters from source3 into lib/param waf: Update to newer upstream snapshot. lib/param: Merge Miscellaneous Options section from source3/param lib/param: Merge EventLog Options section from source3/param lib/param: Merge Ldap Options section from source3/param lib/param: Merge Locking Options section from source3/param lib/param: Merge WINS Options section from source3/param lib/param: Merge Browse Options section from source3/param lib/param: Merge Logon Options section from source3/param lib/param: Merge Domain Options section from source3/param lib/param: Merge Filename Handling section from source3/param s3-build: Make recursive waf build a developer
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 23df816 VERSION: Move on to beta6! via 50d6483 VERSION: Mark as the beta5 release via fb24f47 WHATSNEW: prepare for 4.0 beta5 via 3178741 s4-repl: Add tests for add replication conflicts and use of LostAndFound via 6d1b8ff s4-dsdb: Replace any existing lastKnownParent attribute during delete via fcb54ca s4-dsdb: Improve tracing in repl_meta_data via bc5be09 s4-dsdb: Handle rename conflicts in both directions via 8208d7b lib/ldb: Ensure rename target does not exist before deleting old record via 221cd52 s4-dsdb: Request extended DN and show deleted when searching for a possible parent from eaa381a s3: Fix Coverity ID 710791 Resource leak http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 23df816328bf10f06a7c7a018c7a1e896c62f3bf Author: Andrew Bartlett abart...@samba.org Date: Tue Jul 31 12:25:56 2012 +1000 VERSION: Move on to beta6! Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Jul 31 16:09:23 CEST 2012 on sn-devel-104 commit 50d6483ab8acd9a2af7558b6831c170a5bce3721 Author: Andrew Bartlett abart...@samba.org Date: Tue Jul 31 12:25:16 2012 +1000 VERSION: Mark as the beta5 release commit fb24f471be6af42a5a1f49c58d4d3e52e25f10b6 Author: Andrew Bartlett abart...@samba.org Date: Tue Jul 31 12:24:49 2012 +1000 WHATSNEW: prepare for 4.0 beta5 commit 31787417ca9d01965a9f5221ff6adc48a4b1a15f Author: Andrew Bartlett abart...@samba.org Date: Mon Jul 30 16:00:58 2012 +1000 s4-repl: Add tests for add replication conflicts and use of LostAndFound LostAndFound is used when we find children of a deleted object that are not themselves deleted. Andrew Bartlett commit 6d1b8ff8a7b803601f8142396e659d0f1dbef331 Author: Andrew Bartlett abart...@samba.org Date: Tue Jul 31 10:47:57 2012 +1000 s4-dsdb: Replace any existing lastKnownParent attribute during delete This allows a lastKnownParent from LostAndFound to be replaced. Andrew Bartlett commit fcb54ca25f0a28940d239c457ef1a295d6e5e325 Author: Andrew Bartlett abart...@samba.org Date: Tue Jul 31 10:18:43 2012 +1000 s4-dsdb: Improve tracing in repl_meta_data When we call ldb_module_done() rather than just calling the callback, we make log entries that are critical in debugging. Andrew Bartlett commit bc5be09bae77c5e34380a2204be2f489f45ed85b Author: Andrew Bartlett abart...@samba.org Date: Mon Jul 30 12:11:35 2012 +1000 s4-dsdb: Handle rename conflicts in both directions Previously we would only consider renaming the local object, now we can cope with renaming the remote object as well. This should avoid most of the cases where Samba AD replication can just stop. Andrew Bartlett commit 8208d7b2c207c39c3d45f96f85728c233dce126d Author: Andrew Bartlett abart...@samba.org Date: Tue Jul 31 10:17:20 2012 +1000 lib/ldb: Ensure rename target does not exist before deleting old record This is all in a transaction, but when we are handling rename errors in the repl_meta_data module, we key off the error, and do not close the transaction. We found that the old record was gone and so could not try renaming it again to a conflict DN. Andrew Bartlett commit 221cd524e31fce5efa2de179074cfe97bf2c909c Author: Andrew Bartlett abart...@samba.org Date: Tue Jul 31 17:10:42 2012 +1000 s4-dsdb: Request extended DN and show deleted when searching for a possible parent This fixes up the lastKnownParent attribute on lostAndFound objects to have a GUID (found by dbcheck). Andrew Bartlett --- Summary of changes: VERSION|2 +- WHATSNEW.txt | 54 ++-- lib/ldb/ABI/{ldb-1.1.6.sigs = ldb-1.1.9.sigs} |0 ...pyldb-util-1.1.2.sigs = pyldb-util-1.1.9.sigs} |0 lib/ldb/ldb_tdb/ldb_tdb.c | 42 +++- lib/ldb/wscript|2 +- source4/dsdb/samdb/ldb_modules/repl_meta_data.c| 159 +++ source4/torture/drs/python/drs_base.py |8 + source4/torture/drs/python/replica_sync.py | 301 9 files changed, 481 insertions(+), 87 deletions(-) copy lib/ldb/ABI/{ldb-1.1.6.sigs = ldb-1.1.9.sigs} (100%) copy lib/ldb/ABI/{pyldb-util-1.1.2.sigs = pyldb-util-1.1.9.sigs} (100%) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index a9c261b..1012cd9 100644 --- a/VERSION +++ b/VERSION @@ -67,7 +67,7 @@ SAMBA_VERSION_ALPHA_RELEASE= # e.g. SAMBA_VERSION_BETA_RELEASE=1# # - 4.0.0beta1